c3bb5e5ecba6aeacfb42b4f382498b44c852985560afa0955eedd532f20cf419

Analysis

max time kernel
150s
max time network
150s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
25-05-2024 23:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

738931afefb9203f72ca108978203d0c_JaffaCakes118.exe
Size

49.0MB
MD5

738931afefb9203f72ca108978203d0c
SHA1

53e9662624aefedefa0a3bf5ac9fb0fd0eebc88e
SHA256

c3bb5e5ecba6aeacfb42b4f382498b44c852985560afa0955eedd532f20cf419
SHA512

c22ad1ce39e9fff118853cb2dd2993189bc44207c9ae14ffbed7ddf3773fb9ce8d870eb0a898b7529040dacb413ed25685d6c27383da3d180031792009c6a4bd
SSDEEP

1572864:qdtIkx6/+j3kaDJLoT/jAlrrQuQD+mSI4fLN9FVLBT:qdtnx6/+jUahQjQ8ukSvN9Ft1

Score

9^/10

bootkit discovery evasion persistence spyware stealer trojan

Malware Config

Signatures

Checks for common network interception software 1 TTPs
Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.
evasion

Software Discovery
T1518
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
evasion

Query Registry
T1012

Virtualization/Sandbox Evasion
T1497

Processes:

QQPCMgr_Setup.exe

description ioc process

Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ QQPCMgr_Setup.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	QQPCMgr_Setup.exe

Drops file in Drivers directory 8 IoCs

Processes:

QQPCTray.exeQQPCRealTimeSpeedup.exeQMSuperScan.exeQQPCMgr_Setup.exe

description	ioc	process
File opened for modification	C:\Windows\system32\Drivers\TAOAccelerator64.sys	QQPCTray.exe
File created	C:\Windows\system32\Drivers\TAOKernel64.sys	QQPCTray.exe
File opened for modification	C:\Windows\system32\Drivers\TAOKernel64.sys	QQPCTray.exe
File opened for modification	C:\Windows\system32\Drivers\TAOAccelerator64.sys	QQPCRealTimeSpeedup.exe
File created	C:\Windows\system32\drivers\TSSKX64.sys	QMSuperScan.exe
File opened for modification	C:\Windows\system32\drivers\TSSKX64.sys	QMSuperScan.exe
File created	C:\Windows\system32\Drivers\TFsFltX64.sys	QQPCMgr_Setup.exe
File created	C:\Windows\system32\Drivers\TAOAccelerator64.sys	QQPCTray.exe

Sets service image path in registry 2 TTPs 6 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

QQPCRtp.exeQQPCMgr_Setup.exeQQPCTray.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\QQPCRTP\ImagePath = "\"C:\\Program Files (x86)\\Tencent\\QQPCMgr\\11.4.17339.217\\QQPCRTP.exe\" -r"	QQPCRtp.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\QQPCRTP\ImagePath = "\"C:\\Program Files (x86)\\Tencent\\QQPCMgr\\11.4.17339.217\\QQPCRtp.exe\" -r"	QQPCMgr_Setup.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\TSDefenseBt\ImagePath = "\\??\\C:\\Program Files (x86)\\Tencent\\QQPCMgr\\11.4.17339.217\\TSDefenseBT64.sys"	QQPCTray.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\QQPCRTP\ImagePath = "\"C:\\Program Files (x86)\\Tencent\\QQPCMgr\\11.4.17339.217\\QQPCRTP.exe\" -r"	QQPCTray.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\QMUdisk\ImagePath = "\\??\\C:\\Program Files (x86)\\Tencent\\QQPCMgr\\11.4.17339.217\\QMUdisk64.sys"	QQPCTray.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\TSDefenseBt\ImagePath = "\\??\\C:\\Program Files (x86)\\Tencent\\QQPCMgr\\11.4.17339.217\\TSDefenseBT64.sys"	QQPCRtp.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

QQPCMgr_Setup.exeQQPCRtp.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ QQPCTray = "\"C:\\Program Files (x86)\\Tencent\\QQPCMgr\\11.4.17339.217\\QQPCTray.exe\" /regrun"	QQPCMgr_Setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ QQPCTray = "\"C:\\Program Files (x86)\\Tencent\\QQPCMgr\\11.4.17339.217\\QQPCTray.exe\" /regrun"	QQPCRtp.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs
evasion trojan

System Information Discovery
T1082

Processes:

QQPCRealTimeSpeedup.exe

description ioc process

Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA QQPCRealTimeSpeedup.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	QQPCRealTimeSpeedup.exe

Drops Chrome extension 1 IoCs

Processes:

QQPCTray.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooebklgpfnbcnpokahmdidgbmlcdepkm\3.0_0\manifest.json	QQPCTray.exe

Enumerates connected drives 3 TTPs 1 IoCs
Attempts to read the root path of hard drives other than the default C: drive.

Query Registry
T1012

Peripheral Device Discovery
T1120

System Information Discovery
T1082

Processes:

QQPCTray.exe

description ioc process

File opened (read-only) \??\F: QQPCTray.exe
Modifies Windows Firewall 2 TTPs 2 IoCs
evasion

Windows Service
T1543.003

Disable or Modify System Firewall
T1562.004

Processes:

netsh.exenetsh.exe

pid process

2348 netsh.exe
2036 netsh.exe

description	ioc	process
File opened (read-only)	\??\F:	QQPCTray.exe

pid	process
2348	netsh.exe
2036	netsh.exe

Writes to the Master Boot Record (MBR) 1 TTPs 7 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

Processes:

Tencentdl.exetencentdl.exeQQPCRtp.exeQQPCTray.exetencentdl.exeQQPCMgr_Setup.exeQMSuperScan.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	Tencentdl.exe
File opened for modification	\??\PhysicalDrive0	tencentdl.exe
File opened for modification	\??\PhysicalDrive0	QQPCRtp.exe
File opened for modification	\??\PhysicalDrive0	QQPCTray.exe
File opened for modification	\??\PhysicalDrive0	tencentdl.exe
File opened for modification	\??\PhysicalDrive0	QQPCMgr_Setup.exe
File opened for modification	\??\PhysicalDrive0	QMSuperScan.exe

Drops file in System32 directory 2 IoCs

Processes:

QQPCRtp.exe

description	ioc	process
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Tencent\DeskUpdate\GlobalMgr.db	QQPCRtp.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Tencent\DeskUpdate\GlobalMgr.db	QQPCRtp.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

Processes:

QQPCMgr_Setup.exeQQPCTray.exePluginInstaller.exeQQPCRtp.exe

description	ioc	process
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\smanalyplugin\SMAnalyPlugin.dll	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\ClinicData\script\pb_1108.dat	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCSoftGame.exe	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMGCShellExt.dll	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCConfigCatalog.xml	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\DlForQd.dll	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\QMArpMgr\libpng.dll	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\npQMExtensionsMozilla.dll	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\QMClinicsettingcenter\QMClinicSettingCenter.dll	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\QMNetConnect\QMNetConnectDll.dll	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMSSO\Bin\SSOLUIControl.dll	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\ClinicData\script\pb_1111.dat	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\StartupLoad.dat	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\QMArpMgr\QQPCCommonMgr.rdb	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCSoftConfig.rdb	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMTrayPlugin\QMAutoTaskPlugin\QMAutoTaskPlugin.tpc	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\QMNetMon\QQPCNetFlow.exe	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\MemDefrag.dll	QQPCMgr_Setup.exe
File opened for modification	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\StartupLog_1.log	QQPCTray.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\ClinicData\script\pb_1029.dat	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\ClinicData\script\pb_1103.dat	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMAdFilter.dat	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMAssocScanLib2.dat	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\malware\MalWare.tpc	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\HPScannerPlugin\hpiestartpagescan\HPIEStartPageScan.dll	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMIpc.dll	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\TSKsp.sys	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\QMRouterPlugin\QMRouterPlugin.png	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMTrayPlugin\qmavtrayplugin\QMShield256.png	QQPCMgr_Setup.exe
File opened for modification	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMUpdate\zlib.dll	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\Plugins\PluginInfoDynamic.xml	PluginInstaller.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\tpk\1.0.0.1\def\virinfo.def	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\GameSpeedupAppPlugins\QMHardwareDetectPlugin\Config\GameHardwareInfo.etf	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMDlder.dll	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMUpdate\extract.dll	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\malware\logo\plugin_1526.png	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\Image\xpword.png	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\GameSpeedupAppPlugins\QMGameAcceleratePlugin\QMGameAcceleratePlugin.rdb	QQPCMgr_Setup.exe
File opened for modification	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\WSFDatabase.db	QQPCRtp.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\SMobileAssisCfg.etf	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\FtSysCommonMgrGF.rdb	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQRepair.dat	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMEmKit.dll	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\SysSpeedUp\sysspeedup.tpc	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCClinicHelper.exe	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\malware\logo\plugin_1909.png	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\ClassicLogo\QMNetSpeedTest.png	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMEmMat.dll	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\SoftUninstall\SoftUninstall.dll	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\ClinicData\script\pb_1300.dat	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCClinic.rdb	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMPersonalCenter.dat	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\SoftMgr\libpng.dll	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMTrayPlugin\QMSXTrayPlugin\QMSXTrayPlugin.dll	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\tscpm.sys	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\ClassicLogo\QMAdBlock.png	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\QuickOpenLogo\QQPCClinic_QO.png	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\ClinicData\script\pb_1032.dat	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\ClinicData\script\pb_1093.dat	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCRealTimeSpeedup.dat	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMTrayPlugin\QMVulPlugin\QMVulPlugin.rdb	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMNetworkMgr.dll	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\QMNetMon\NetMon.png	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMUpdate\Modules.xml	QQPCMgr_Setup.exe

Drops file in Windows directory 1 IoCs

Processes:

QQPCMgr_Setup.exe

description ioc process

File created C:\Windows\Fonts\FZLTCXHJW.TTF QQPCMgr_Setup.exe

description	ioc	process
File created	C:\Windows\Fonts\FZLTCXHJW.TTF	QQPCMgr_Setup.exe

Executes dropped EXE 33 IoCs

Processes:

QQPCMgr_Setup.exeTestMSVCR.exeTestMSVCR_64.exeInstAsm.exePluginInstaller.exeQQPCRTP.exeRemNPX.exeTencentdl.exeQMSuperScan.exeQMCheckNetwork.exeQMCheckNetwork.exetencentdl.exeTestMSVCR.exeQQPCTray.exeQQPCRTP.exeQQPCRTP.exeQQPCRtp.exeUpdateTrayIcon.exeQQPCTray.exeQMDeskTopGC.exeqmdl.exeQQRepair.exetencentdl.exeQQPCNetFlow.exeQQPCTray.exeQQPCRealTimeSpeedup.exeQQPCTray.exeQQPCRealTimeSpeedup.exeQQRepair.exeQQPCPatch.exeQQPCTray.exeQQPCPatch.exeQQPCSoftTrayTips.exe

pid	process
1744	QQPCMgr_Setup.exe
2996	TestMSVCR.exe
2780	TestMSVCR_64.exe
2108	InstAsm.exe
324	PluginInstaller.exe
2396	QQPCRTP.exe
1100	RemNPX.exe
1708	Tencentdl.exe
2552	QMSuperScan.exe
2728	QMCheckNetwork.exe
2484	QMCheckNetwork.exe
2224	tencentdl.exe
2684	TestMSVCR.exe
2260	QQPCTray.exe
1504	QQPCRTP.exe
2912	QQPCRTP.exe
324	QQPCRtp.exe
1764	UpdateTrayIcon.exe
1192	QQPCTray.exe
2708	QMDeskTopGC.exe
2612	qmdl.exe
2156	QQRepair.exe
2180	tencentdl.exe
2232	QQPCNetFlow.exe
1912	QQPCTray.exe
1336	QQPCRealTimeSpeedup.exe
3572	QQPCTray.exe
3736	QQPCRealTimeSpeedup.exe
3848	QQRepair.exe
3348	QQPCPatch.exe
3648	QQPCTray.exe
1432	QQPCPatch.exe
1048	QQPCSoftTrayTips.exe

Loads dropped DLL 64 IoCs

Processes:

738931afefb9203f72ca108978203d0c_JaffaCakes118.exeQQPCMgr_Setup.exeregsvr32.exeregsvr32.exeExplorer.EXEPluginInstaller.exeQQPCRTP.exeregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exeregsvr32.exeQMSuperScan.exeQMCheckNetwork.exeQMCheckNetwork.exeTencentdl.exeregsvr32.exeregsvr32.exetencentdl.exe

pid	process
2928	738931afefb9203f72ca108978203d0c_JaffaCakes118.exe
1744	QQPCMgr_Setup.exe
1744	QQPCMgr_Setup.exe
1744	QQPCMgr_Setup.exe
1744	QQPCMgr_Setup.exe
1744	QQPCMgr_Setup.exe
2700	regsvr32.exe
1080	regsvr32.exe
1200	Explorer.EXE
1744	QQPCMgr_Setup.exe
1200	Explorer.EXE
324	PluginInstaller.exe
324	PluginInstaller.exe
324	PluginInstaller.exe
1200	Explorer.EXE
324	PluginInstaller.exe
1744	QQPCMgr_Setup.exe
1744	QQPCMgr_Setup.exe
1744	QQPCMgr_Setup.exe
1744	QQPCMgr_Setup.exe
1744	QQPCMgr_Setup.exe
1744	QQPCMgr_Setup.exe
1744	QQPCMgr_Setup.exe
2396	QQPCRTP.exe
2396	QQPCRTP.exe
2396	QQPCRTP.exe
2396	QQPCRTP.exe
2396	QQPCRTP.exe
2396	QQPCRTP.exe
1980	regsvr32.exe
1620	regsvr32.exe
2708	regsvr32.exe
2772	regsvr32.exe
1972	regsvr32.exe
1716	regsvr32.exe
1744	QQPCMgr_Setup.exe
1744	QQPCMgr_Setup.exe
1744	QQPCMgr_Setup.exe
2552	QMSuperScan.exe
2552	QMSuperScan.exe
2552	QMSuperScan.exe
2552	QMSuperScan.exe
2728	QMCheckNetwork.exe
2728	QMCheckNetwork.exe
2728	QMCheckNetwork.exe
2484	QMCheckNetwork.exe
2484	QMCheckNetwork.exe
2484	QMCheckNetwork.exe
1708	Tencentdl.exe
1708	Tencentdl.exe
2364	regsvr32.exe
1708	Tencentdl.exe
1708	Tencentdl.exe
2552	QMSuperScan.exe
2728	QMCheckNetwork.exe
2552	QMSuperScan.exe
2728	QMCheckNetwork.exe
2552	QMSuperScan.exe
2552	QMSuperScan.exe
2264	regsvr32.exe
2552	QMSuperScan.exe
2552	QMSuperScan.exe
1708	Tencentdl.exe
2224	tencentdl.exe

Modifies system executable filetype association 2 TTPs 7 IoCs

persistence

Modify Registry

T1112

Change Default File Association

T1546.001

Processes:

regsvr32.exeregsvr32.exeregsvr32.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\QMContextUninstall\ = "{CBDECEF7-7A29-4cbf-A009-2673D82C7BF9}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\QMContextScan	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\QMContextScan\ = "{63332668-8CE1-445D-A5EE-25929176714E}"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\QMContextScan	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\QMContextScan	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\QMContextScan\ = "{63332668-8CE1-445D-A5EE-25929176714E}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\QMContextUninstall	regsvr32.exe

Registers COM server for autorun 1 TTPs 16 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Processes:

regsvr32.exeregsvr32.exeregsvr32.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B7667919-3765-4815-A66D-98A09BE662D6}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B7667919-3765-4815-A66D-98A09BE662D6}\InprocServer32\ = "C:\\Program Files (x86)\\Tencent\\QQPCMgr\\11.4.17339.217\\QMGCShellExt64.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E52EB753-1F56-4DF7-BE53-2C314AC5F8A1}\InProcServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B7667919-3765-4815-A66D-98A09BE662D6}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B7667919-3765-4815-A66D-98A09BE662D6}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{63332668-8CE1-445D-A5EE-25929176714E}\InprocServer32\ = "C:\\Program Files (x86)\\Tencent\\QQPCMgr\\11.4.17339.217\\QMContextScan64.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E52EB753-1F56-4DF7-BE53-2C314AC5F8A1}\InProcServer32\ = "C:\\Program Files (x86)\\Tencent\\QQPCMgr\\11.4.17339.217\\QMContextScan64.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CBDECEF7-7A29-4cbf-A009-2673D82C7BF9}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CBDECEF7-7A29-4cbf-A009-2673D82C7BF9}\InprocServer32\ = "C:\\Program Files (x86)\\Tencent\\QQPCMgr\\11.4.17339.217\\QMContextUninstall64.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CBDECEF7-7A29-4cbf-A009-2673D82C7BF9}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D4801E96-E7A1-45F6-B124-7A36DFB40B81}\InProcServer32\ThreadingModel = "Both"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{63332668-8CE1-445D-A5EE-25929176714E}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{63332668-8CE1-445D-A5EE-25929176714E}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E52EB753-1F56-4DF7-BE53-2C314AC5F8A1}\InProcServer32\ThreadingModel = "Both"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D4801E96-E7A1-45F6-B124-7A36DFB40B81}\InProcServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D4801E96-E7A1-45F6-B124-7A36DFB40B81}\InProcServer32\ = "C:\\Program Files (x86)\\Tencent\\QQPCMgr\\11.4.17339.217\\QMContextUninstall64.dll"	regsvr32.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 7 IoCs

adware spyware

Modify Registry

T1112

Processes:

QQPCMgr_Setup.exe

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16EE6530-8649-4F42-A9E4-F6A3295AF975}\Policy = "3"	QQPCMgr_Setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ProtocolExecute	QQPCMgr_Setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ProtocolExecute\PCMgrRepairIEExtensions	QQPCMgr_Setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ProtocolExecute\PCMgrRepairIEExtensions\WarnOnOpen = "0"	QQPCMgr_Setup.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16EE6530-8649-4F42-A9E4-F6A3295AF975}	QQPCMgr_Setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16EE6530-8649-4F42-A9E4-F6A3295AF975}\AppPath = "C:\\Program Files (x86)\\Tencent\\QQPCMgr\\11.4.17339.217\\"	QQPCMgr_Setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16EE6530-8649-4F42-A9E4-F6A3295AF975}\AppName = "QQPCClinic.exe"	QQPCMgr_Setup.exe

Modifies Internet Explorer start page 1 TTPs 2 IoCs

stealer

Modify Registry

T1112

Processes:

QQPCTray.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main\Start Page = "http://www.l114la.com"	QQPCTray.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\Start Page = "http://www.l114la.com"	QQPCTray.exe

Modifies data under HKEY_USERS 64 IoCs

Processes:

QMSuperScan.exeQQPCMgr_Setup.exeQQPCTray.exeQQPCRtp.exeQQPCNetFlow.exeQMDeskTopGC.exeQQPCRealTimeSpeedup.exeQQPCTray.exe

description	ioc	process
Set value (data)	\REGISTRY\USER\QMCONFIG\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_20 = 3874d037c712e267fc05809e9cffdb765a172ee31b920d563cc3ea22952e2317	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMCONFIG\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_26 = 3874d037c712e067e6058b9e8affc77671171ce3239226563ac3ea22bd2e11176bdd68ca824d5c7beeac3644f66fae052b8cbd03fa5e977a4beb26b7	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMCONFIG\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_36 = 3874d037c712e267fc05809e9cffdb765a172ee3	QQPCMgr_Setup.exe
Set value (data)	\REGISTRY\USER\QMCONFIG\QQDoctor\QQDoctor\ComCfg\NetMonMinibarExpanded = 7b74ea37	QQPCTray.exe
Set value (data)	\REGISTRY\USER\QMCONFIG\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_26 = 3874d037c712e067e6058b9e8affc77671171ce3239226563ac3ea22bd2e11176bdd68ca824d5c7beeac3644f66fae052b8cbd03fa5e977a4beb26b7	QQPCTray.exe
Set value (data)	\REGISTRY\USER\QMCONFIG\QQDoctor\QQDoctor\ComCfg\FileMonInstallScanCount = 7b74ea37	QQPCRtp.exe
Set value (data)	\REGISTRY\USER\QMCONFIG\QQDoctor\QQDoctor\ComCfg\GrayURLPercent = 7174ea37	QQPCTray.exe
Set value (data)	\REGISTRY\USER\QMCONFIG\QQDoctor\QQDoctor\ComCfg\DLPMaxExtractSize = 8f75ea37	QQPCTray.exe
Set value (data)	\REGISTRY\USER\QMCONFIG\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_22 = 3874d037c712e567e705819e9fffc6764c1730e303922a5627c3e522bd2e1d1772dd7bcab44d527be9ac3844cc6f8805188c8b03fe5e907a41eb2eb7dc0042abb0ea69b90e283ebc42668e27068229fb6a85dc95fdcc	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMCONFIG\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_55 = 3874d037c712e067e6058b9e8affc77671170de3329229563fc3ed22822e0c174ddd71caa24d587bf5ac2444	QQPCMgr_Setup.exe
Set value (data)	\REGISTRY\USER\QMCONFIG\QQDoctor\QQDoctor\ComCfg\QMStartTimes = 7a74ea37	QQPCTray.exe
Set value (data)	\REGISTRY\USER\QMCONFIG\QQDoctor\QQDoctor\ComCfg\QQOnlineInfo = 7b74ea379b12b5679505ee9ef8ffb4762d175de347924b5653c38422e12e50171bdd18cac64d3d7b9aac5744aa6ffc05448cdc03975efe7a25eb41b7ab0031abecea3ab97a285fbc3066fa27268264fb0f85b29588cc759b3f7004efa619474724b78ed85c720471e0adebe88e7c8a1bdaffcbd64477fd679cab032d7bb2471c35de251fafb834069fbb98cab5486f99f94ef26ce321a267a7194810070b1d6bafb1ae779af7daa18d01665d1934bc67d088c99700a6166931ced9c54096df49f21c2013c747f11229c945bb48186366146d5452544c6f79e7853d664892bc6d7ca36c7ac1bf6de1b7cc349dd22a183dffbc1c76196491851e138d294fbab8d725d1b17395d15e67c0915b44ab17df61bd48580c993c0c2657c58b7e06ebff1882e388c9ab7f833ba156e841c453c3f0870adecb958ebc79d20c5635af22aa75c053e2450ba01fb5bce37284bc2fed57ead61a021607da0b1be9f655da6f5fde5c158e59186a606c6d570767020135b5d8a7c42f395bd2559b9f8565e71447dc5c2f8e45500ffdec30a8a39bcebb722c1575cbdf99b13bdc8c1769d5c7f0cd01a168ece5819c96cdb8ba964fb4063e27714293ba9ae719d82879f94eb71d7c866614ec2e9c26b8a1708f38171482a0e78674da4a8bdfcafa58d3637cfd48ac0eafde243fb3c02739a65e387b2904baf275f3ba8f7ee29a20a3908e30bad892d56790db4dde60bc93c0571043033acfc1609e27b01aea21a1e40bc0e9630ad7c2188eb8510fb542c2b4bc29190e0ff55ae2ff73248c7987d414f3a71617f34c0cd17fe0dc2b8194c8e243546642655e7bd1a1ebb090ab31044a4fb8e2da534a6c1bf16fb9aefe55073f5ce3238ffb35c292818fd782d43181814dbab5f44a619507a5da2c7544e0982d91c75601f5d4d03c83d784f731ff514a13145d4d74c1d301865450154266117ddb61c8bba59a9e8119c9387e042ad5392a12da224147f877f631bb10c09f789684a472c3ac2381d0233220c2b9ba2951ebe6ee0ae748c66615d5f3df7d3e4ea4366f99ccdd09167d250606d68f0721520d9eae0665cdb6d34a2c652c82156ed27352c78436326a30c82d71f31479f5c6e1204141dd68e195663f5f8769ac8ab4c02d1394d4cbd636ac06000632b159e0570fe9d4d5c10430b953e18bfa918cfac791038ed189529a51f4a241a0394cfc69fd25fdb507917d4d3f86dc96539bacfd288e68be0ed310a34376f3f39b9e719982fd03e2b7ed3bb4de5178055f8dcc506cd0d8f3bdeab64583b0a06d41c6b0d743b828a372eb6a0cc92cf103f89e9dbf5be69c044e31c6c3116d289129622a3d2d6c2f7f4c74793d2370a7755f569e2a9a1bced3f46bfb2154b64f5b2d32ec060e32b1d988c85d6a92c7ebcf65fb7f5ac9b41ad066504de12c1f9d21d4206f4a96774693b5acc6e60beb8b66eada9f53b77e14543339517d2af1436496f0bb0fbba09e8aa52cdc1ceb39e27ad1eae401679262e3da01602ae08e42c5f6dc71df649a6937f8a3ad0be6cb66415d819abd08e36035f624343dafde20fbbfb2	QQPCTray.exe
Set value (data)	\REGISTRY\USER\QMCONFIG\QQDoctor\QQDoctor\ComCfg\NetMonFirstSpeedProt = 7a74ea37	QQPCNetFlow.exe
Set value (data)	\REGISTRY\USER\QMCONFIG\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_55 = 3874d037c712e067e6058b9e8affc77671170de3329229563fc3ed22822e0c174ddd71caa24d587bf5ac2444	QQPCTray.exe
Set value (data)	\REGISTRY\USER\QMCONFIG\QQDoctor\QQDoctor\ComCfg\defGameUpgradeRefreshDate88 = 2374ea377315b0678c05ee9e	QQPCTray.exe
Set value (data)	\REGISTRY\USER\QMCONFIG\QQDoctor\QQDoctor\ComCfg\QMReportCacheSwitches = 848b15c864ed4a986afa116107004b89d2e8a3	QQPCTray.exe
Set value (data)	\REGISTRY\USER\QMCONFIG\QQDoctor\QQDoctor\ComCfg\NetMonMinibarPos = 848b15c864ed4a98	QQPCNetFlow.exe
Set value (data)	\REGISTRY\USER\QMCONFIG\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_33 = 3874d037c712e067e6058b9e8affc77671171ce3239226563ac3ea22bd2e11176bdd68ca824d5c7beeac3644f66fae052b8cbd03fa5e977a4beb26b7f7007cab85ea59b9082830bc43669527408210fb5385e595e1cc1b9b5b706befd119344778b7cdd833726b718bad82e8eb7cf91b	QQPCTray.exe
Set value (data)	\REGISTRY\USER\QMCONFIG\QQDoctor\QQDoctor\ComCfg\defQQExtraTipsSwitch = 7b74ea37	QQPCTray.exe
Set value (data)	\REGISTRY\USER\QMCONFIG\QQDoctor\QQDoctor\ComCfg\defGameUpgradeRefreshDate8 = 7374ea377315b0678c05ee9e	QQPCTray.exe
Set value (data)	\REGISTRY\USER\QMCONFIG\QQDoctor\QQDoctor\ComCfg\defGameUpgradeRefreshDate91 = 2074ea377315b0678c05ee9e	QQPCTray.exe
Key created	\REGISTRY\USER\WIFISAFECFG\QQPCMgr\WifiSafe\Config	QQPCTray.exe
Set value (data)	\REGISTRY\USER\QMCONFIG\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_11 = 3874d037c712e067e6058b9e8affc77671171ce3239226563ac3ea22bd2e11176bdd68ca824d5c7beeac3644f66fae052b8cbd03fa5e977a4beb26b7f7007cab85ea59b9082830bc43669527408210fb5385e595e1cc1b9b5b706befd119344778b7ddd82872657192ad9fe8ae7cc71bbfffa5d63177	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMCONFIG\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_33 = 3874d037c712e067e6058b9e8affc77671171ce3239226563ac3ea22bd2e11176bdd68ca824d5c7beeac3644f66fae052b8cbd03fa5e977a4beb26b7f7007cab85ea59b9082830bc43669527408210fb5385e595e1cc1b9b5b706befd119344778b7cdd833726b718bad82e8eb7cf91b	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMCONFIG\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_23 = 3874d037c712e567e705819e9fffc6764c1730e303922a5627c3e522bd2e1d1772dd7bcab44d527be9ac3844cc6f8805188c8b03fe5e907a41eb2eb7dc0042abb0ea69b90e283ebc42668e27068229fb6a85dc95fdcc299b6f7076efc919204756b7efd831727771	QQPCMgr_Setup.exe
Set value (data)	\REGISTRY\USER\QMCONFIG\QQDoctor\QQDoctor\ComCfg\NotFirstUseFileOpen = 7b74ea37	QQPCTray.exe
Set value (data)	\REGISTRY\USER\QMCONFIG\QQDoctor\QQDoctor\ComCfg\defQQExtraAccInfo = 7b74ea379b12b5679505ee9ef8ffb476	QQPCTray.exe
Key created	\REGISTRY\USER\WIFISAFECFG\QQPCMgr\WifiSafe	QQPCTray.exe
Set value (data)	\REGISTRY\USER\QMCONFIG\QQDoctor\QQDoctor\ComCfg\DLPScanFileTimeLimit = 1b9eea37	QQPCTray.exe
Key created	\REGISTRY\USER\QMCONFIG\QQDoctor	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMCONFIG\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_16 = 3874d037c712e067e6058b9e8affc77671171ce3239226563ac3ea22bd2e14177edd6bcaad4d497bf5ac2744	QQPCMgr_Setup.exe
Set value (data)	\REGISTRY\USER\QMCONFIG\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_20 = 3874d037c712e267fc05809e9cffdb765a172ee31b920d563cc3ea22952e2317	QQPCMgr_Setup.exe
Set value (data)	\REGISTRY\USER\QMCONFIG\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_48 = 3874d037c712e067e6058b9e8affc77671171ce3239226563ac3ea22bd2e11176bdd68ca824d5c7beeac3644f66fae052b8cbd03fa5e977a4beb26b7f7007cab85ea59b9082830bc43669527408210fb5385e595e1cc1b9b5b706befd119344778b7ddd82872657192ad9fe8ae7cc71bbfffa5d63177a167ccab712d14b2201c47de441fc2b84706c3bbd9cad1480299904e9c6c8a21d167d3193a10660b696bc6b1d877fff7faa1d901095d7634d067a388	QQPCMgr_Setup.exe
Set value (data)	\REGISTRY\USER\QMCONFIG\QQDoctor\QQDoctor\ComCfg\NeedReportCleanRecord = 7a74ea37	QQPCTray.exe
Set value (data)	\REGISTRY\USER\QMCONFIG\QQDoctor\QQDoctor\ComCfg\OppAdFirstRunFlag1 = 7a74ea37	QQPCTray.exe
Set value (data)	\REGISTRY\USER\QMCONFIG\QQDoctor\QQDoctor\ComCfg\FMPreScanDbInitTime = f719b8519b12b567	QQPCRtp.exe
Set value (data)	\REGISTRY\USER\QMCONFIG\QQDoctor\QQDoctor\ComCfg\ShowDGCUEFromInstall = 7a74ea37	QQPCTray.exe
Set value (data)	\REGISTRY\USER\QMCONFIG\QQDoctor\QQDoctor\ComCfg\ShowDGCUEFromInstall = 7a74ea37	QMDeskTopGC.exe
Set value (data)	\REGISTRY\USER\QMCONFIG\QQDoctor\QQDoctor\ComCfg\BackGroundLowPriorStatus = 7a74ea37	QQPCTray.exe
Set value (data)	\REGISTRY\USER\QMCONFIG\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_45 = 3874d037c712e567e705819e9fffc6764c1730e303922a5627c3e522bd2e1d1772dd7bcab44d527be9ac3844cc6f8805188c8b03fe5e907a41eb2eb7dc0042abb0ea6eb91f2832bc40669627478210fb6a85c195	QQPCTray.exe
Key created	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg	QQPCRealTimeSpeedup.exe
Set value (data)	\REGISTRY\USER\QMCONFIG\QQDoctor\QQDoctor\ComCfg\defSoftMgrIPRegionInfoReportTime = b919b8519b12b567	QQPCTray.exe
Set value (data)	\REGISTRY\USER\QMCONFIG\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_48 = 3874d037c712e067e6058b9e8affc77671171ce3239226563ac3ea22bd2e11176bdd68ca824d5c7beeac3644f66fae052b8cbd03fa5e977a4beb26b7f7007cab85ea59b9082830bc43669527408210fb5385e595e1cc1b9b5b706befd119344778b7ddd82872657192ad9fe8ae7cc71bbfffa5d63177a167ccab712d14b2201c47de441fc2b84706c3bbd9cad1480299904e9c6c8a21d167d3193a10660b696bc6b1d877fff7faa1d901095d7634d067a388	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMCONFIG\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_40 = 3874d037c712e067e6058b9e8affc77671171ce3239226563ac3ea22	QQPCMgr_Setup.exe
Set value (data)	\REGISTRY\USER\QMCONFIG\QQDoctor\QQDoctor\ComCfg\QMTaskHistory = 7b74	QQPCTray.exe
Set value (data)	\REGISTRY\USER\WIFISAFECFG\QQPCMgr\WifiSafe\Config\IfWifiSafe = 7b74ea37	QQPCTray.exe
Set value (data)	\REGISTRY\USER\QMCONFIG\QQDoctor\QQDoctor\ComCfg\NetMonAutorunAdvice = 7a74ea37	QQPCNetFlow.exe
Set value (data)	\REGISTRY\USER\QMCONFIG\QQDoctor\QQDoctor\ComCfg\defGameUpgradeRefreshDate95 = 2474ea377315b0678c05ee9e	QQPCTray.exe
Key created	\REGISTRY\USER\WifiSafeCfg\QQPCMgr\WifiSafe\Config	QQPCTray.exe
Set value (data)	\REGISTRY\USER\QMCONFIG\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_38 = 3874d037c712e567e705819e9fffc6764c1730e367920d563ac3e822842e23173bdd30cabe4d057bacac7e44	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMCONFIG\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_16 = 3874d037c712e067e6058b9e8affc77671171ce3239226563ac3ea22bd2e14177edd6bcaad4d497bf5ac2744	QQPCTray.exe
Set value (data)	\REGISTRY\USER\QMCONFIG\QQDoctor\QQDoctor\ComCfg\SystemStartupOverPercent = 6574ea37	QQPCTray.exe
Set value (data)	\REGISTRY\USER\QMCONFIG\QQDoctor\QQDoctor\ComCfg\HPScanDriverTest = 7a	QQPCTray.exe
Set value (data)	\REGISTRY\USER\QMCONFIG\QQDoctor\QQDoctor\ComCfg\defCmcTencentMiniNewsSearchEngine = 13749e37ef12c567e605d49ed7ff9b765a172ae33092655631c3e522882e34176edd36caa54d527bf7ac7844d96fc3052d8cb903aa5e8b7a51eb27b7930017ab98ea54b9472866bc0866ca27178256fb3f858a95b0cc2a9b09705befc219204702b7edd834723971d2adcde8f97cee1be7ffeed63777	QQPCTray.exe
Key created	\REGISTRY\USER\QMConfig	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMCONFIG\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_6 = 3874d037c712e067e6058b9e8affc77671171ce3239226563ac3ea22bd2e16177add6ecaa94d4f7bf3ac2344cf6f8f05	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMCONFIG\QQDoctor\QQDoctor\ComCfg\FileMonInstallRiskCount = 7b74ea37	QQPCRtp.exe
Set value (data)	\REGISTRY\USER\QMCONFIG\QQDoctor\QQDoctor\ComCfg\QMCfgQMNInterval = 7874	QQPCTray.exe
Set value (data)	\REGISTRY\USER\QMCONFIG\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_27 = 3874d037c712e067e6058b9e8affc77671171ce3239226563ac3ea22bd2e11176bdd68ca824d5c7beeac3644f66fae052b8cbd03fa5e977a4beb26b7f7007cab85ea59b9082830bc43669527408210fb5385e595e1cc1b9b5b706befd119344778b7ded82e726d718ead9fe8eb7cf81bfaff98d62c779267eeab772d18b2321c41de561f	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMCONFIG\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_29 = 3874d037c712e067e6058b9e8affc77671171ce3239226563ac3ea22bd2e11176bdd68ca824d5c7beeac3644f66fae052b8cbd03fa5e977a4beb26b7f7007cab85ea59b9082830bc43669527408210fb5385e595e1cc1b9b5b706befd119344778b7ddd82872657192ad9fe8ae7cc71bbfffa5d63177a167ccab712d14b2201c47de441fc2b84706c3bbcbcac1480e998b4e866c9621d267	QQPCMgr_Setup.exe
Set value (data)	\REGISTRY\USER\QMCONFIG\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_37 = 3874d037c712e267fc05809e9cffdb765a172ee31b9238562ac3f722952e351776dd2bcaf44d	QQPCTray.exe
Set value (data)	\REGISTRY\USER\QMCONFIG\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_42 = 3874d037c712e567e705819e9fffc6764c1730e367920d563ac3e822842e23173bdd30cabe4d057bacac7e44	QQPCTray.exe
Set value (data)	\REGISTRY\USER\QMCONFIG\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_44 = 3874d037c712e567e705819e9fffc6764c1730e367920d563ac3e822842e23173bdd30cabe4d057bacac7e44f66fbf052b8cb103fa5e917a4beb61b7ed0058ab80ea5fb90928	QQPCTray.exe
Set value (data)	\REGISTRY\USER\QMCONFIG\QQDoctor\QQDoctor\ComCfg\ScanFinishAutoShutDown = 7b74ea37	QQPCTray.exe

Modifies registry class 64 IoCs

Processes:

regsvr32.exeregsvr32.exetencentdl.exeregsvr32.exeQQPCMgr_Setup.exeregsvr32.exeregsvr32.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{63332668-8CE1-445D-A5EE-25929176714E}\Programmable	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D4801E96-E7A1-45F6-B124-7A36DFB40B81}\InProcServer32\ = "C:\\Program Files (x86)\\Tencent\\QQPCMgr\\11.4.17339.217\\QMContextUninstall64.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\TypeLib	tencentdl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B7667919-3765-4815-A66D-98A09BE662D6}\VersionIndependentProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.qbox\ = "QQPCMgr.qbox"	QQPCMgr_Setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D4801E96-E7A1-45F6-B124-7A36DFB40B81}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{593BE60A-1C6A-44F9-946D-A5EAB2D53511}\1.0\0	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9FDA3675-DD0B-43EF-A5EE-2A7188E5D00F}\TypeLib\ = "{C049F583-D724-4BAB-8F47-F13BCA41B808}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CBDECEF7-7A29-4cbf-A009-2673D82C7BF9}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PCMgrRepairIEExtensions\URL Protocol	QQPCMgr_Setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E52EB753-1F56-4DF7-BE53-2C314AC5F8A1}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.qmb	QQPCMgr_Setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E52EB753-1F56-4DF7-BE53-2C314AC5F8A1}\NumMethods	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9FDA3675-DD0B-43EF-A5EE-2A7188E5D00F}\ = "IBasic"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\QMContextScan.QMContextScanMenu\ = "QMContextScanMenu Class"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CBDECEF7-7A29-4cbf-A009-2673D82C7BF9}\InprocServer32\ = "C:\\Program Files (x86)\\Tencent\\QQPCMgr\\11.4.17339.217\\QMContextUninstall64.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{445E3964-15B0-472A-95F4-6242DD2EA066}\1.0\HELPDIR	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\qmgcfiles	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\qmgcfiles\ShellEx\IconHandler	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{70DE12EA-79F4-46bc-9812-86DB50A2FD64}\VersionIndependentProgID	tencentdl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D4801E96-E7A1-45F6-B124-7A36DFB40B81}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{70DE12EA-79F4-46bc-9812-86DB50A2FD64}	tencentdl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{C049F583-D724-4BAB-8F47-F13BCA41B808}\1.0\0\win32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\QMContextUninstall.QMContextUninstallMenu\CLSID\ = "{CBDECEF7-7A29-4cbf-A009-2673D82C7BF9}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CBDECEF7-7A29-4cbf-A009-2673D82C7BF9}\AppID = "{1E9BD312-7C8C-4422-906D-897F6D7714F2}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{445E3964-15B0-472A-95F4-6242DD2EA066}\1.0\0	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{70DE12EA-79F4-46bc-9812-86DB50A2FD64}\LocalServer32\ = "\"C:\\program files (x86)\\common files\\tencent\\qqdownload\\130\\tencentdl.exe\""	tencentdl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{593BE60A-1C6A-44F9-946D-A5EAB2D53511}\1.0\0\win32\ = "C:\\Program Files (x86)\\Tencent\\QQPCMgr\\11.4.17339.217\\QMContextScan.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E52EB753-1F56-4DF7-BE53-2C314AC5F8A1}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E52EB753-1F56-4DF7-BE53-2C314AC5F8A1}\ = "IQMContextScanMenu"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E52EB753-1F56-4DF7-BE53-2C314AC5F8A1}\ = "IQMContextScanMenu"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9FDA3675-DD0B-43EF-A5EE-2A7188E5D00F}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PCMgrRepairIEExtensions\DefaultIcon	QQPCMgr_Setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{63332668-8CE1-445D-A5EE-25929176714E}\VersionIndependentProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{63332668-8CE1-445D-A5EE-25929176714E}\AppID = "{7A30415C-ABEE-4674-B64B-4CA145EEB0CA}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\QMContextUninstall.QMContextUninstallMenu.1	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{29B6CFD5-0064-411A-8C42-9890C83F9921}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{70DE12EA-79F4-46bc-9812-86DB50A2FD64}\Programmable	tencentdl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\qmbfile\shell\command\ = "C:\\Program Files (x86)\\Tencent\\QQPCMgr\\11.4.17339.217\\QQPCInstAssist.exe \"%1\""	QQPCMgr_Setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E52EB753-1F56-4DF7-BE53-2C314AC5F8A1}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CBDECEF7-7A29-4cbf-A009-2673D82C7BF9}\ProgID\ = "QMContextUninstall.QMContextUninstallMenu.1"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B7667919-3765-4815-A66D-98A09BE662D6}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\QMContextScan\ = "{63332668-8CE1-445D-A5EE-25929176714E}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\QMContextScan.QMContextScanMenu\CLSID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{63332668-8CE1-445D-A5EE-25929176714E}\AppID = "{7A30415C-ABEE-4674-B64B-4CA145EEB0CA}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\QMContextScan\ = "{63332668-8CE1-445D-A5EE-25929176714E}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\QMContextUninstall.DLL\AppID = "{1E9BD312-7C8C-4422-906D-897F6D7714F2}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D4801E96-E7A1-45F6-B124-7A36DFB40B81}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\TypeLib\ = "{DA624F8F-98BF-4B03-AD11-A12D07119E81}"	tencentdl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\qmgcfiles\ShellEx\IconHandler\ = "{B7667919-3765-4815-A66D-98A09BE662D6}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\qmbfile\DefaultIcon\ = "C:\\Program Files (x86)\\Tencent\\QQPCMgr\\11.4.17339.217\\QQPCInstAssist.exe,-203"	QQPCMgr_Setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\QMContextScan.QMContextScanMenu.1\CLSID\ = "{63332668-8CE1-445D-A5EE-25929176714E}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{63332668-8CE1-445D-A5EE-25929176714E}\ = "QMContextScanMenu Class"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\QMContextUninstall.QMContextUninstallMenu.1\CLSID\ = "{CBDECEF7-7A29-4cbf-A009-2673D82C7BF9}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CBDECEF7-7A29-4cbf-A009-2673D82C7BF9}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D4801E96-E7A1-45F6-B124-7A36DFB40B81}\ProxyStubClsid32\ = "{D4801E96-E7A1-45F6-B124-7A36DFB40B81}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\ProxyStubClsid32	tencentdl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B7667919-3765-4815-A66D-98A09BE662D6}\ProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PCMgrRepairIEExtensions\Shell\Open\Command\ = "\"C:\\Program Files (x86)\\Tencent\\QQPCMgr\\11.4.17339.217\\QQPCMgr.exe\"%1 "	QQPCMgr_Setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\QMContextScan.QMContextScanMenu.1\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{29B6CFD5-0064-411A-8C42-9890C83F9921}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{29B6CFD5-0064-411A-8C42-9890C83F9921}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9FDA3675-DD0B-43EF-A5EE-2A7188E5D00F}\TypeLib\Version = "1.0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\QMContextUninstall	regsvr32.exe

Modifies system certificate store 2 TTPs 2 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

QQPCTray.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436	QQPCTray.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde	QQPCTray.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

QQPCMgr_Setup.exeQMCheckNetwork.exeQQPCRtp.exeQQPCTray.exeUpdateTrayIcon.exeQQPCRealTimeSpeedup.exe

pid	process
1744	QQPCMgr_Setup.exe
1744	QQPCMgr_Setup.exe
1744	QQPCMgr_Setup.exe
1744	QQPCMgr_Setup.exe
1744	QQPCMgr_Setup.exe
1744	QQPCMgr_Setup.exe
2728	QMCheckNetwork.exe
324	QQPCRtp.exe
324	QQPCRtp.exe
1192	QQPCTray.exe
1192	QQPCTray.exe
1192	QQPCTray.exe
1764	UpdateTrayIcon.exe
1764	UpdateTrayIcon.exe
1764	UpdateTrayIcon.exe
1764	UpdateTrayIcon.exe
1764	UpdateTrayIcon.exe
1764	UpdateTrayIcon.exe
1192	QQPCTray.exe
1192	QQPCTray.exe
1192	QQPCTray.exe
1192	QQPCTray.exe
1192	QQPCTray.exe
1192	QQPCTray.exe
324	QQPCRtp.exe
1336	QQPCRealTimeSpeedup.exe
1336	QQPCRealTimeSpeedup.exe
324	QQPCRtp.exe
324	QQPCRtp.exe
324	QQPCRtp.exe
324	QQPCRtp.exe
324	QQPCRtp.exe
324	QQPCRtp.exe
324	QQPCRtp.exe
324	QQPCRtp.exe
324	QQPCRtp.exe
324	QQPCRtp.exe
324	QQPCRtp.exe
324	QQPCRtp.exe
324	QQPCRtp.exe
324	QQPCRtp.exe
324	QQPCRtp.exe
324	QQPCRtp.exe
324	QQPCRtp.exe
324	QQPCRtp.exe
324	QQPCRtp.exe
324	QQPCRtp.exe
324	QQPCRtp.exe
1764	UpdateTrayIcon.exe
1764	UpdateTrayIcon.exe
1764	UpdateTrayIcon.exe
1764	UpdateTrayIcon.exe
1764	UpdateTrayIcon.exe
1764	UpdateTrayIcon.exe
324	QQPCRtp.exe
324	QQPCRtp.exe
324	QQPCRtp.exe
324	QQPCRtp.exe
324	QQPCRtp.exe
1336	QQPCRealTimeSpeedup.exe
1336	QQPCRealTimeSpeedup.exe
1764	UpdateTrayIcon.exe
1764	UpdateTrayIcon.exe
1764	UpdateTrayIcon.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

Processes:

QQPCRealTimeSpeedup.exeQQPCTray.exe

pid process

1336 QQPCRealTimeSpeedup.exe
1192 QQPCTray.exe

pid	process
1336	QQPCRealTimeSpeedup.exe
1192	QQPCTray.exe

Suspicious behavior: LoadsDriver 64 IoCs

Processes:

QQPCTray.exeQQPCRtp.exe

pid	process
484
484
484
484
484
484
484
1192	QQPCTray.exe
484
484
484
484
484
484
484
484
484
484
484
484
484
484
484
484
484
484
484
484
484
484
484
484
324	QQPCRtp.exe
484
484
484
484
484
484
484
484
484
484
324	QQPCRtp.exe
484
484
484
484
324	QQPCRtp.exe
484
484
484
484
484
484
484
484
324	QQPCRtp.exe
484
484
484
484
324	QQPCRtp.exe
484

Suspicious use of AdjustPrivilegeToken 55 IoCs

Processes:

QQPCMgr_Setup.exeQQPCRTP.exeQQPCTray.exeQQPCTray.exeQMDeskTopGC.exeQQPCNetFlow.exeQQPCTray.exeQQPCRtp.exeQQPCRealTimeSpeedup.exeQQPCTray.exeQQPCRealTimeSpeedup.exetencentdl.exeQMSuperScan.exeQQPCTray.exeQQPCSoftTrayTips.exe

description	pid	process
Token: SeDebugPrivilege	1744	QQPCMgr_Setup.exe
Token: SeBackupPrivilege	2396	QQPCRTP.exe
Token: SeRestorePrivilege	2396	QQPCRTP.exe
Token: 33	2260	QQPCTray.exe
Token: SeIncBasePriorityPrivilege	2260	QQPCTray.exe
Token: 33	1192	QQPCTray.exe
Token: SeIncBasePriorityPrivilege	1192	QQPCTray.exe
Token: SeDebugPrivilege	1192	QQPCTray.exe
Token: SeDebugPrivilege	1192	QQPCTray.exe
Token: SeLoadDriverPrivilege	1192	QQPCTray.exe
Token: SeDebugPrivilege	2708	QMDeskTopGC.exe
Token: SeDebugPrivilege	1192	QQPCTray.exe
Token: SeBackupPrivilege	1192	QQPCTray.exe
Token: SeRestorePrivilege	1192	QQPCTray.exe
Token: SeDebugPrivilege	2232	QQPCNetFlow.exe
Token: SeBackupPrivilege	2232	QQPCNetFlow.exe
Token: SeRestorePrivilege	2232	QQPCNetFlow.exe
Token: 33	1912	QQPCTray.exe
Token: SeIncBasePriorityPrivilege	1912	QQPCTray.exe
Token: SeDebugPrivilege	324	QQPCRtp.exe
Token: SeLoadDriverPrivilege	324	QQPCRtp.exe
Token: SeDebugPrivilege	324	QQPCRtp.exe
Token: 33	2232	QQPCNetFlow.exe
Token: SeIncBasePriorityPrivilege	2232	QQPCNetFlow.exe
Token: SeBackupPrivilege	1336	QQPCRealTimeSpeedup.exe
Token: SeRestorePrivilege	1336	QQPCRealTimeSpeedup.exe
Token: SeDebugPrivilege	1336	QQPCRealTimeSpeedup.exe
Token: SeDebugPrivilege	1336	QQPCRealTimeSpeedup.exe
Token: SeLoadDriverPrivilege	324	QQPCRtp.exe
Token: SeDebugPrivilege	324	QQPCRtp.exe
Token: SeDebugPrivilege	324	QQPCRtp.exe
Token: SeLoadDriverPrivilege	324	QQPCRtp.exe
Token: SeDebugPrivilege	324	QQPCRtp.exe
Token: SeLoadDriverPrivilege	324	QQPCRtp.exe
Token: SeBackupPrivilege	324	QQPCRtp.exe
Token: SeRestorePrivilege	324	QQPCRtp.exe
Token: 33	3572	QQPCTray.exe
Token: SeIncBasePriorityPrivilege	3572	QQPCTray.exe
Token: SeDebugPrivilege	3736	QQPCRealTimeSpeedup.exe
Token: SeManageVolumePrivilege	2180	tencentdl.exe
Token: SeManageVolumePrivilege	2180	tencentdl.exe
Token: SeLoadDriverPrivilege	1192	QQPCTray.exe
Token: SeManageVolumePrivilege	2180	tencentdl.exe
Token: SeDebugPrivilege	1192	QQPCTray.exe
Token: SeDebugPrivilege	2552	QMSuperScan.exe
Token: 33	3648	QQPCTray.exe
Token: SeIncBasePriorityPrivilege	3648	QQPCTray.exe
Token: SeBackupPrivilege	1192	QQPCTray.exe
Token: SeRestorePrivilege	1192	QQPCTray.exe
Token: 33	2232	QQPCNetFlow.exe
Token: SeIncBasePriorityPrivilege	2232	QQPCNetFlow.exe
Token: SeLoadDriverPrivilege	1192	QQPCTray.exe
Token: SeDebugPrivilege	1048	QQPCSoftTrayTips.exe
Token: 33	2232	QQPCNetFlow.exe
Token: SeIncBasePriorityPrivilege	2232	QQPCNetFlow.exe

Suspicious use of FindShellTrayWindow 37 IoCs

Processes:

UpdateTrayIcon.exeQQPCTray.exetencentdl.exe

pid	process
1764	UpdateTrayIcon.exe
1192	QQPCTray.exe
1192	QQPCTray.exe
1192	QQPCTray.exe
1192	QQPCTray.exe
1764	UpdateTrayIcon.exe
1764	UpdateTrayIcon.exe
2180	tencentdl.exe
1764	UpdateTrayIcon.exe
1764	UpdateTrayIcon.exe
1764	UpdateTrayIcon.exe
1764	UpdateTrayIcon.exe
1764	UpdateTrayIcon.exe
1764	UpdateTrayIcon.exe
1764	UpdateTrayIcon.exe
1764	UpdateTrayIcon.exe
1764	UpdateTrayIcon.exe
1192	QQPCTray.exe
1764	UpdateTrayIcon.exe
1764	UpdateTrayIcon.exe
1764	UpdateTrayIcon.exe
1764	UpdateTrayIcon.exe
1764	UpdateTrayIcon.exe
1764	UpdateTrayIcon.exe
1764	UpdateTrayIcon.exe
1764	UpdateTrayIcon.exe
1764	UpdateTrayIcon.exe
1764	UpdateTrayIcon.exe
1764	UpdateTrayIcon.exe
1764	UpdateTrayIcon.exe
1764	UpdateTrayIcon.exe
1764	UpdateTrayIcon.exe
1764	UpdateTrayIcon.exe
1764	UpdateTrayIcon.exe
1764	UpdateTrayIcon.exe
1764	UpdateTrayIcon.exe
1764	UpdateTrayIcon.exe

Suspicious use of SendNotifyMessage 4 IoCs

Processes:

QQPCTray.exe

pid process

1192 QQPCTray.exe
1192 QQPCTray.exe
1192 QQPCTray.exe
1192 QQPCTray.exe
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

QQPCTray.exe

pid process

1192 QQPCTray.exe

pid	process
1192	QQPCTray.exe
1192	QQPCTray.exe
1192	QQPCTray.exe
1192	QQPCTray.exe

pid	process
1192	QQPCTray.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

738931afefb9203f72ca108978203d0c_JaffaCakes118.exeQQPCMgr_Setup.exeregsvr32.exe

description	pid	process	target process
PID 2928 wrote to memory of 1744	2928	738931afefb9203f72ca108978203d0c_JaffaCakes118.exe	QQPCMgr_Setup.exe
PID 2928 wrote to memory of 1744	2928	738931afefb9203f72ca108978203d0c_JaffaCakes118.exe	QQPCMgr_Setup.exe
PID 2928 wrote to memory of 1744	2928	738931afefb9203f72ca108978203d0c_JaffaCakes118.exe	QQPCMgr_Setup.exe
PID 2928 wrote to memory of 1744	2928	738931afefb9203f72ca108978203d0c_JaffaCakes118.exe	QQPCMgr_Setup.exe
PID 2928 wrote to memory of 1744	2928	738931afefb9203f72ca108978203d0c_JaffaCakes118.exe	QQPCMgr_Setup.exe
PID 2928 wrote to memory of 1744	2928	738931afefb9203f72ca108978203d0c_JaffaCakes118.exe	QQPCMgr_Setup.exe
PID 2928 wrote to memory of 1744	2928	738931afefb9203f72ca108978203d0c_JaffaCakes118.exe	QQPCMgr_Setup.exe
PID 1744 wrote to memory of 2996	1744	QQPCMgr_Setup.exe	TestMSVCR.exe
PID 1744 wrote to memory of 2996	1744	QQPCMgr_Setup.exe	TestMSVCR.exe
PID 1744 wrote to memory of 2996	1744	QQPCMgr_Setup.exe	TestMSVCR.exe
PID 1744 wrote to memory of 2996	1744	QQPCMgr_Setup.exe	TestMSVCR.exe
PID 1744 wrote to memory of 2108	1744	QQPCMgr_Setup.exe	InstAsm.exe
PID 1744 wrote to memory of 2108	1744	QQPCMgr_Setup.exe	InstAsm.exe
PID 1744 wrote to memory of 2108	1744	QQPCMgr_Setup.exe	InstAsm.exe
PID 1744 wrote to memory of 2108	1744	QQPCMgr_Setup.exe	InstAsm.exe
PID 1744 wrote to memory of 2764	1744	QQPCMgr_Setup.exe	cacls.exe
PID 1744 wrote to memory of 2764	1744	QQPCMgr_Setup.exe	cacls.exe
PID 1744 wrote to memory of 2764	1744	QQPCMgr_Setup.exe	cacls.exe
PID 1744 wrote to memory of 2764	1744	QQPCMgr_Setup.exe	cacls.exe
PID 1744 wrote to memory of 2700	1744	QQPCMgr_Setup.exe	regsvr32.exe
PID 1744 wrote to memory of 2700	1744	QQPCMgr_Setup.exe	regsvr32.exe
PID 1744 wrote to memory of 2700	1744	QQPCMgr_Setup.exe	regsvr32.exe
PID 1744 wrote to memory of 2700	1744	QQPCMgr_Setup.exe	regsvr32.exe
PID 1744 wrote to memory of 2700	1744	QQPCMgr_Setup.exe	regsvr32.exe
PID 1744 wrote to memory of 2700	1744	QQPCMgr_Setup.exe	regsvr32.exe
PID 1744 wrote to memory of 2700	1744	QQPCMgr_Setup.exe	regsvr32.exe
PID 2700 wrote to memory of 1080	2700	regsvr32.exe	regsvr32.exe
PID 2700 wrote to memory of 1080	2700	regsvr32.exe	regsvr32.exe
PID 2700 wrote to memory of 1080	2700	regsvr32.exe	regsvr32.exe
PID 2700 wrote to memory of 1080	2700	regsvr32.exe	regsvr32.exe
PID 2700 wrote to memory of 1080	2700	regsvr32.exe	regsvr32.exe
PID 2700 wrote to memory of 1080	2700	regsvr32.exe	regsvr32.exe
PID 2700 wrote to memory of 1080	2700	regsvr32.exe	regsvr32.exe
PID 1744 wrote to memory of 324	1744	QQPCMgr_Setup.exe	QQPCRtp.exe
PID 1744 wrote to memory of 324	1744	QQPCMgr_Setup.exe	QQPCRtp.exe
PID 1744 wrote to memory of 324	1744	QQPCMgr_Setup.exe	QQPCRtp.exe
PID 1744 wrote to memory of 324	1744	QQPCMgr_Setup.exe	QQPCRtp.exe
PID 1744 wrote to memory of 324	1744	QQPCMgr_Setup.exe	QQPCRtp.exe
PID 1744 wrote to memory of 324	1744	QQPCMgr_Setup.exe	QQPCRtp.exe
PID 1744 wrote to memory of 324	1744	QQPCMgr_Setup.exe	QQPCRtp.exe
PID 1744 wrote to memory of 480	1744	QQPCMgr_Setup.exe	Netsh.exe
PID 1744 wrote to memory of 480	1744	QQPCMgr_Setup.exe	Netsh.exe
PID 1744 wrote to memory of 480	1744	QQPCMgr_Setup.exe	Netsh.exe
PID 1744 wrote to memory of 480	1744	QQPCMgr_Setup.exe	Netsh.exe
PID 1744 wrote to memory of 2396	1744	QQPCMgr_Setup.exe	QQPCRTP.exe
PID 1744 wrote to memory of 2396	1744	QQPCMgr_Setup.exe	QQPCRTP.exe
PID 1744 wrote to memory of 2396	1744	QQPCMgr_Setup.exe	QQPCRTP.exe
PID 1744 wrote to memory of 2396	1744	QQPCMgr_Setup.exe	QQPCRTP.exe
PID 1744 wrote to memory of 1100	1744	QQPCMgr_Setup.exe	RemNPX.exe
PID 1744 wrote to memory of 1100	1744	QQPCMgr_Setup.exe	RemNPX.exe
PID 1744 wrote to memory of 1100	1744	QQPCMgr_Setup.exe	RemNPX.exe
PID 1744 wrote to memory of 1100	1744	QQPCMgr_Setup.exe	RemNPX.exe
PID 1744 wrote to memory of 2708	1744	QQPCMgr_Setup.exe	QMDeskTopGC.exe
PID 1744 wrote to memory of 2708	1744	QQPCMgr_Setup.exe	QMDeskTopGC.exe
PID 1744 wrote to memory of 2708	1744	QQPCMgr_Setup.exe	QMDeskTopGC.exe
PID 1744 wrote to memory of 2708	1744	QQPCMgr_Setup.exe	QMDeskTopGC.exe
PID 1744 wrote to memory of 2708	1744	QQPCMgr_Setup.exe	QMDeskTopGC.exe
PID 1744 wrote to memory of 2708	1744	QQPCMgr_Setup.exe	QMDeskTopGC.exe
PID 1744 wrote to memory of 2708	1744	QQPCMgr_Setup.exe	QMDeskTopGC.exe
PID 1744 wrote to memory of 1980	1744	QQPCMgr_Setup.exe	regsvr32.exe
PID 1744 wrote to memory of 1980	1744	QQPCMgr_Setup.exe	regsvr32.exe
PID 1744 wrote to memory of 1980	1744	QQPCMgr_Setup.exe	regsvr32.exe
PID 1744 wrote to memory of 1980	1744	QQPCMgr_Setup.exe	regsvr32.exe
PID 1744 wrote to memory of 1980	1744	QQPCMgr_Setup.exe	regsvr32.exe

System policy modification 1 TTPs 2 IoCs

evasion

Modify Registry

T1112

Processes:

QQPCTray.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer	QQPCTray.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun = "255"	QQPCTray.exe

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
- Loads dropped DLL
PID:1200

C:\Users\Admin\AppData\Local\Temp\738931afefb9203f72ca108978203d0c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\738931afefb9203f72ca108978203d0c_JaffaCakes118.exe"
2⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2928

C:\Users\Admin\AppData\Local\Temp\QQPCMgr_Setup.exe
"C:\Users\Admin\AppData\Local\Temp\QQPCMgr_Setup.exe" /S ##supply=45303&qqpcmgr=0&recommand=3&DefaultIE="http://www.l114la.com"
3⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Drops file in Drivers directory
- Sets service image path in registry
- Adds Run key to start application
- Writes to the Master Boot Record (MBR)
- Drops file in Program Files directory
- Drops file in Windows directory
- Executes dropped EXE
- Loads dropped DLL
- Modifies Internet Explorer settings
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1744

C:\Users\Admin\AppData\Local\Temp\Tencent\QQPCMgr\~f761ae0\TestMSVCR.exe
"C:\Users\Admin\AppData\Local\Temp\Tencent\QQPCMgr\~f761ae0\TestMSVCR.exe" (null)
4⤵
- Executes dropped EXE
PID:2996

C:\Users\Admin\AppData\Local\Temp\Tencent\QQPCMgr\~f761ae0\TestMSVCR_64.exe
"C:\Users\Admin\AppData\Local\Temp\Tencent\QQPCMgr\~f761ae0\TestMSVCR_64.exe" (null)
4⤵
- Executes dropped EXE
PID:2780

C:\Users\Admin\AppData\Local\Temp\Tencent\QQPCMgr\~f761ae0\InstAsm.exe
"C:\Users\Admin\AppData\Local\Temp\Tencent\QQPCMgr\~f761ae0\InstAsm.exe" "C:\Users\Admin\AppData\Local\Temp\Tencent\QQPCMgr\~f761ae0" "C:\Users\Admin\AppData\Local\Temp\Tencent\QQPCMgr\~f761ae0\TestMSVCR.exe"
4⤵
- Executes dropped EXE
PID:2108

C:\Windows\SysWOW64\cacls.exe
"cacls" "C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217" /t /e /c /g SYSTEM:f
4⤵
PID:2764

C:\Windows\SysWOW64\regsvr32.exe
regsvr32.exe /s /i "C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\\QMGCShellExt64.dll"
4⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2700

C:\Windows\system32\regsvr32.exe
/s /i "C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\\QMGCShellExt64.dll"
5⤵
- Loads dropped DLL
- Registers COM server for autorun
- Modifies registry class
PID:1080

C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\PluginInstaller.exe
"C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\PluginInstaller.exe" /install
4⤵
- Drops file in Program Files directory
- Executes dropped EXE
- Loads dropped DLL
PID:324

C:\Windows\SysWOW64\Netsh.exe
"C:\Windows\system32\Netsh.exe" exec "C:\Users\Admin\AppData\Local\Temp\Tencent\QQPCMgr\~f761ae0\firewallLog.txt"
4⤵
PID:480

C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCRTP.exe
"C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCRTP.exe" -i
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:2396

C:\Users\Admin\AppData\Local\Temp\Tencent\QQPCMgr\~f761ae0\RemNPX.exe
"C:\Users\Admin\AppData\Local\Temp\Tencent\QQPCMgr\~f761ae0\RemNPX.exe"
4⤵
- Executes dropped EXE
PID:1100

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\npQMExtensionsIE.dll"
4⤵
- Loads dropped DLL
- Modifies registry class
PID:2708

C:\Windows\SysWOW64\reg.exe
reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{29B6CFD5-0064-411A-8C42-9890C83F9921}\iexplore\AllowedDomains\qq.com" /f
5⤵
PID:2792

C:\Windows\SysWOW64\reg.exe
reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{29B6CFD5-0064-411A-8C42-9890C83F9921}\iexplore" /v Flags /t reg_dword /d 4 /f
5⤵
PID:3040

C:\Windows\SysWOW64\reg.exe
reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{29B6CFD5-0064-411A-8C42-9890C83F9921}\iexplore\AllowedDomains\baidu.com" /f
5⤵
PID:2120

C:\Windows\SysWOW64\reg.exe
reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{29B6CFD5-0064-411A-8C42-9890C83F9921}\iexplore\AllowedDomains\xunlei.com" /f
5⤵
PID:1804

C:\Windows\SysWOW64\reg.exe
reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{29B6CFD5-0064-411A-8C42-9890C83F9921}\iexplore\AllowedDomains\sogou.com" /f
5⤵
PID:2624

C:\Windows\SysWOW64\reg.exe
reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{29B6CFD5-0064-411A-8C42-9890C83F9921}\iexplore\AllowedDomains\kugou.com" /f
5⤵
PID:2980

C:\Windows\SysWOW64\reg.exe
reg add "hkcu\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{29B6CFD5-0064-411A-8C42-9890C83F9921}\iexplore\AllowedDomains\*" /f
5⤵
PID:3044

C:\Windows\SysWOW64\reg.exe
reg delete "hkcr\CLSID\{29B6CFD5-0064-411A-8C42-9890C83F9922}" /f
5⤵
PID:1848

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\TSWebMon64.dat"
4⤵
- Loads dropped DLL
PID:1980

C:\Windows\system32\regsvr32.exe
/s "C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\TSWebMon64.dat"
5⤵
- Loads dropped DLL
PID:1620

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMContextScan64.dll"
4⤵
- Loads dropped DLL
PID:1972

C:\Windows\system32\regsvr32.exe
/s "C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMContextScan64.dll"
5⤵
- Loads dropped DLL
- Modifies system executable filetype association
- Registers COM server for autorun
- Modifies registry class
PID:1716

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMContextScan.dll"
4⤵
- Loads dropped DLL
- Modifies system executable filetype association
- Modifies registry class
PID:2772

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMContextUninstall64.dll"
4⤵
- Loads dropped DLL
PID:2364

C:\Windows\system32\regsvr32.exe
/s "C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMContextUninstall64.dll"
5⤵
- Loads dropped DLL
- Modifies system executable filetype association
- Registers COM server for autorun
- Modifies registry class
PID:2264

C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\Tencentdl.exe
"C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\Tencentdl.exe" /install
4⤵
- Writes to the Master Boot Record (MBR)
- Executes dropped EXE
- Loads dropped DLL
PID:1708

C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe
"C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe" /RegServer
5⤵
- Writes to the Master Boot Record (MBR)
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:2224

C:\Windows\SysWOW64\netsh.exe
"C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="腾讯产品下载组件" dir=in program="C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe" description="C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe" action=allow
6⤵
- Modifies Windows Firewall
PID:2348

C:\Windows\SysWOW64\netsh.exe
"C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="腾讯产品下载组件Crash上报" dir=in program="C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe" description="C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe" action=allow
6⤵
- Modifies Windows Firewall
PID:2036

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s "C:\program files (x86)\common files\tencent\qqdownload\130\DownloadProxyPS.dll"
6⤵
PID:1788

C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMSuperScan.exe
"C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\\QMSuperScan.exe"
4⤵
- Drops file in Drivers directory
- Writes to the Master Boot Record (MBR)
- Executes dropped EXE
- Loads dropped DLL
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:2552

C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMCheckNetwork.exe
"C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMCheckNetwork.exe"
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:2728

C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMCheckNetwork.exe
"C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMCheckNetwork.exe" /AllChain
6⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2484

C:\Users\Admin\AppData\Local\Temp\Tencent\QQPCMgr\TestMSVCR.exe
"C:\Users\Admin\AppData\Local\Temp\Tencent\QQPCMgr\TestMSVCR.exe" (null)
4⤵
- Executes dropped EXE
PID:2684

C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCTray.exe
"C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCTray.exe" /loadexit /superfetch:1
4⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2260

C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCRTP.exe
"C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCRTP.exe" -e
4⤵
- Executes dropped EXE
PID:1504

C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCRTP.exe
"C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCRTP.exe" -s
4⤵
- Executes dropped EXE
PID:2912

C:\Users\Admin\AppData\Local\Temp\Tencent\QQPCMgr\~f761ae0\UpdateTrayIcon.exe
"C:\Users\Admin\AppData\Local\Temp\Tencent\QQPCMgr\~f761ae0\UpdateTrayIcon.exe" -t QQPCTray.exe -c 1 -p 1 -d "C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\"
4⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
PID:1764

C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCRtp.exe
"C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCRtp.exe" -r
1⤵
- Sets service image path in registry
- Adds Run key to start application
- Writes to the Master Boot Record (MBR)
- Drops file in System32 directory
- Drops file in Program Files directory
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
PID:324

C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCTray.exe
"C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCTray.exe" /elevated /regrun
2⤵
- Drops file in Drivers directory
- Sets service image path in registry
- Drops Chrome extension
- Enumerates connected drives
- Writes to the Master Boot Record (MBR)
- Drops file in Program Files directory
- Executes dropped EXE
- Modifies Internet Explorer start page
- Modifies data under HKEY_USERS
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- System policy modification
PID:1192

C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMDeskTopGC.exe
"C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMDeskTopGC.exe" /ShowUEFromInstall
3⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:2708

C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\qmdl.exe
"C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\qmdl.exe"
3⤵
- Executes dropped EXE
PID:2612

C:\Windows\SysWOW64\regsvr32.exe
regsvr32.exe "C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\TSWebMon64.dat" /s
3⤵
PID:2268

C:\Windows\system32\regsvr32.exe
"C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\TSWebMon64.dat" /s
4⤵
PID:2492

C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQRepair.exe
"C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQRepair.exe" /lock
3⤵
- Executes dropped EXE
PID:2156

C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\QMNetMon\QQPCNetFlow.exe
"C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\QMNetMon\QQPCNetFlow.exe" /regrun /elevated
3⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:2232

C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCTray.exe
"C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCTray.exe" /showtrayonly
4⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1912

C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCRealTimeSpeedup.exe
"C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCRealTimeSpeedup.exe"
4⤵
- Drops file in Drivers directory
- Checks whether UAC is enabled
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:1336

C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCTray.exe
"C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCTray.exe" /showtrayonly
5⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:3572

C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCRealTimeSpeedup.exe
"C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCRealTimeSpeedup.exe"
3⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:3736

C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQRepair.exe
"C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQRepair.exe" /lock
3⤵
- Executes dropped EXE
PID:3848

C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCPatch.exe
"C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCPatch.exe"
3⤵
- Executes dropped EXE
PID:3348

C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCTray.exe
"C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCTray.exe" /showtrayonly
3⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:3648

C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCSoftTrayTips.exe
"C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCSoftTrayTips.exe" /scan_soft_analyze
3⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1048

C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCPatch.exe
"C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCPatch.exe"
2⤵
- Executes dropped EXE
PID:1432

C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe
"C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe" -Embedding
1⤵
- Writes to the Master Boot Record (MBR)
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2180

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Pre-OS Boot

T1542

Bootkit

T1542.003

Event Triggered Execution

T1546

Change Default File Association

T1546.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Change Default File Association

T1546.001

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Modify Registry

T1112

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Pre-OS Boot

T1542

Bootkit

T1542.003

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Software Discovery

T1518

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

System Information Discovery

T1082

Peripheral Device Discovery

T1120

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\ClinicData\pic\Both_Disconnected.png
Filesize
31KB

MD5
00ef699da2be626beb8957d69783cf45

SHA1
a381db99b4c39b6af39e39820adab2d38cb5ac18

SHA256
1efc1cdd056be89f2f37253f3845c99708fb6e60ab243179390996915c4be02b

SHA512
8ce2d3be5e9a00b5372c2640ebe3fc8dba492437964a5961b904cb978cea1284a9684d0ac2868e2052d677051023093332a09c9a675b0916b3468ee78929048d

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\ClinicData\pic\Check_Router.png
Filesize
6KB

MD5
aa19bfbfedc591a531e1e6bd775f296b

SHA1
a93012d5ed23695c0c2701a4e7ceb430b55f741b

SHA256
fecd26a1fd8bca2f88a758c0df90bf8cb6d9476b61a89806ffb06399037eb502

SHA512
2223a33209c040fd96b13f7bce314116b410864dfa9f9a119271f01de4460c4f18935c6e6ae0cba78bf4399b7b926b8636796b52630122513244c73420bc0497

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\ClinicData\pic\Check_Wireless.png
Filesize
9KB

MD5
752f6ed337ee1f8e8c944400757fa52f

SHA1
9237b59a2d0c9dc2ed06bb61e444ff5dae1027ba

SHA256
433c2f423344f967de20e933cc9134ad7b2fa3e669d144b620500946960b3ec1

SHA512
2945980632b15e3dbcc49b5c7342f81397f97e9862a841e21fb027d297c448ae70b7c36475fecc8de9ff6f698071d006cdcad98d5f6cd9de01d84f236641af02

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\GFCustom.dll
Filesize
551KB

MD5
66a678972d4a46a8f036264303cd034d

SHA1
164d5d34ebd36852804c038a0812e8557001ca8d

SHA256
11f4908fca48a7d698a79189f238e33826db4d7005f76f7458cec64e3e67ad5c

SHA512
870d02f365a82c0cfb00154a44a575ee4d96d396d35f5213ffde412486009e977d7b721c546ae48cb13356dc04567a78934544ab1b5f892c8f767bea986f023f

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\GameSpeedupAppPlugins\QMHardwareDetectPlugin\Config\GameLogo\defaultlogo.png
Filesize
1KB

MD5
92c94435540af76b9f12390398aa5953

SHA1
af824afb3914b3e9cecafadabc244e2ac21f3cef

SHA256
13cf618aed9fea804841025558f79adde633f6d9a2f367df4f41a79e30499330

SHA512
4f28167484420add4c4150aefb652d44cbc271ef1b742bb074c2c89492a47f6d6271ee0242ad5dca134300dd9c0594fd5bdca78ad38d3bea6be6bfb03725a72e

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\Image\net_err.jpg
Filesize
14KB

MD5
d916dd725680e4071ce10651f512ed6b

SHA1
4226398478a0e221b8d880feef9264c796729af8

SHA256
64000b4e116faddba565537ba741088ecce2133d0ea1130b6be200ceb96ae0db

SHA512
19bebb6ee83508ec58fad6446556df22663a92588092dbef200d699472513fb707a4dd45261b7699269172280149c1553b6cb2adf6d0b9a4b4b06025b78692a6

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\Plugins\PluginPackage\InstallCfg.xml
Filesize
156B

MD5
0bcc9711e6388a89e2a2ce7469b7d6d3

SHA1
240bcb9556f5d2a800e25d798f43255caab25b81

SHA256
f22aa3d48af3742d7cd0299817e8da35eea97bcb98be96afe5e7acda9ba2a53a

SHA512
898e5158d16851aeaf935946e51a6d0d4830560c365af29cd28b96ea492fe07ee005ce97e7f463c523b83e112207e0ee919d5f8e259ec6494f95b21adfd5f2b9

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\Plugins\pluginctrl.xml
Filesize
30KB

MD5
61c5ce81750441fe552994d807f0bddf

SHA1
4ff56b90b8d4c59868fa3999b9df70523d7418fe

SHA256
9a72cdbbcaefe6ec3eedfcc05d9db47d5c5a25604e26c5fe1c17c75e3d6dccfb

SHA512
51f0810438d0845d04c03596e9c482c416035047fe007f090dc86408f5f540432be79493bf031fe951fc565758272be66a5f7ba2d0e3c42e5e0384761f10cb7c

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMNetworkMgr.ini
Filesize
66B

MD5
41eb17baad605779b76011ead23c8bfa

SHA1
d5ad3e1d7b4c90ec49e369252f2e5ffc148bf779

SHA256
b64f2c165c2c9b80dbe8de35a411f460afeb420256f03c2252dc6f733117cd8e

SHA512
e32f9d501ae12494959f77c04a5a320a577fd98fa8a0a6de0de44758940b039258a1d78602376fda2057213f61f1b5518a9de2e57215ec06baeaee51f2cbf55a

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMRealTimeSpeedupSkinCenter.zip
Filesize
108KB

MD5
10e324f3650b35d8df841b5ec13018b0

SHA1
a1603383a45a8b0aaae803cc1f3161712124e186

SHA256
9dacf24bd588681415187d8bd173023cf5e2b8ec55ead1cb9ce74877bfeabb2e

SHA512
6a2169859fa6116b3aea67fdbcce4bfe9b226165d738f18bb2ff37f421566a0505271c66cb0dec64bf089e41e7823b2e00d5593d403dfef2d34e7cfd1feee495

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMSuperScan.EXE
Filesize
147KB

MD5
1e3c86ff9093f4bc5c05e85ceb8a64dd

SHA1
376a42e914a63db70fa29d328af9f3912e5bf995

SHA256
8682323cb591a02aee9ce7e8d57aaf861a184b94b83a268895ee9ffd259dc120

SHA512
11d17d4db99820a15f55c99eac0f1c4892774c9ae6a72ad37e566c15e2f03ffc785badab994a91a8062d68e839950aef8a1035755e38014d2e298ab6537affc6

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMUpdate\QQPCUpdate.exe
Filesize
547KB

MD5
bdc7b838be61ef130c64ed8606082342

SHA1
4036a964f0e8b6a1cf4dc0028e9a4cb28cc88d81

SHA256
a58a46cd19f0c25d6e52bbb3801f08d8bd08cc79217342b3f3fd19a7c7be56d9

SHA512
4154969ffc0fe2ce609dc28c42100e34ac28cd0e27f4d2e39368b55c45d1d3678873306551ff70e6a32a62fffd2d849b0dfa28ad3730e71842c426984985a71b

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMUpdate\tinyxml.dll
Filesize
98KB

MD5
989f284c2c9c9e0eecc2486fd35cac69

SHA1
708cfabb8f2eafe20ac7b92a0e44395fe7ee2b70

SHA256
33e5c8b4769434f25c0bcbc900aa8bf67dd31fb1c91beefe2fb5b30e9493b1f3

SHA512
39b31ed295cdb82d7f4ec2c63e35d6eaf36afe38bfad42a12fd13a2eb984b44526d6e1eb3de0e40c163284bbc584b2aacb133452da13d6ef8110fcff7f09d55e

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMUpdate\xGraphic32.dll
Filesize
90KB

MD5
8ccb026c3939c1e003df4dab099b7169

SHA1
fc30e8d5ebb4c36e1e5ec00b3ff7e1c6f0bf3890

SHA256
a0ddc1d5a04ce902b3f51da9a776a852a8bf1493afbb8363da85eb5f9a633208

SHA512
13a87b34eafb1237c3e3b76a2dcb6f02b79a15ce625a3fe4e1a881eefc3697d149258208c044b15d0936ca0750802105a2da64a0a177459f3f7161fff13c811c

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMUpdate\xImage.dll
Filesize
190KB

MD5
80f265806d0e0e89d6e4d32f8d612ea5

SHA1
d1ebf930391713a88527114e57c551724a370886

SHA256
3336b50f83930cd4b35a53358f0460678fd25e416d91ca5d885ff8de150198cd

SHA512
1fa5cd21e468085da65bd1867c87bc46f8666aa819e2bf8b594979fecacca7b3248abaa5030ea576dcef4897c17169989dbe71470d7f244508c534ec1edd9514

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMUpdate\zlib.dll
Filesize
86KB

MD5
bd6c48ba68daeb86833aa6b850541f2c

SHA1
092aef7aadce020ed99523f043436c9b4e1f088a

SHA256
7edcb2f6e382e9f38e061be8fe3d6e60e9a750c3baf29791adf900b5d396d363

SHA512
6eee47c41b670637e33a82cad3baef197e462561d6b1d94467875199683e24a9b7cbbef72c06b37b9a8b04fda03025b3f15bb296b1fb6be0dc6159124fd9f76e

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QOLogo\DefaultMgr.png
Filesize
5KB

MD5
89b8ebf9f0b18cd279af4094ef678a2e

SHA1
48203217ffe2cbcf4d8e6d6ad36234e114ed5813

SHA256
64b69e74945ed8007ba8af6ec8ebebe8c3a3f8af7dcf1728a004dad077fb0464

SHA512
fe05cfc73b072ecc5e4f0512cfa61de222ebda23bfbdf4c54bf147f69d4bfba3bf5b929c74616cd945e8448bf79f740c5a6b7d2578ffcedbebdc2887df58f042

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QOLogo\Install.png
Filesize
4KB

MD5
7960b72bd68b376b467677c337089999

SHA1
6906116dc275eeb8109fca84d9308e1c3268acc4

SHA256
8e209feee9f47277fba69ed1be56c82bd1e9d152f7e428235bd25ab8c98fe410

SHA512
fd12427772da148f4b1d34df00d3b6930704cfeb8049b3ddf3f40df223a17cc92d6633dd99cf1bceedffcb11e90a66079e5ddee13544e3ce3eb167936663be0a

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCCommonMgr.rdb
Filesize
2.1MB

MD5
9d1f882243b09796faec21d1c1a46ea7

SHA1
e82e80c6156b2f2002203f0a6a561624cef9ec5f

SHA256
659e826fd485d6199a9306b96590b327ac8ddd655ae361fb068e76b7d283a4fc

SHA512
c81a916d665deba3bb625baf736f1f04c4bf524b1d96564e7fc6793097cda7685b5509c0c94dcb66903b7c94e0318a3cb75f44d2f509c5812dcc10dd50831e55

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCTray.exe
Filesize
348KB

MD5
6cf4fb113457e6d73d041093fbf3f722

SHA1
b493b91e1af5f82cd4c34da548ef9e4ff6253e28

SHA256
5fd4fe1f8d5b3bcad79be1e012e458bfacb412a3ae091804c3d57d42405de8e2

SHA512
c9ee44687f59350b635596fa1d5d72a5d77c6fca7764e3c083eec0302ad3efb9e56ff38c707a5cbc2a8e5c86ee06a7a3e00a7736374a47cb679bf3434dce9cd7

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\RefuseInject.dll
Filesize
171KB

MD5
64ef7ecb690d6219b15ddf411c7e1f58

SHA1
c160beff6e1dc8d6c1b8390c3f38aebe23e53417

SHA256
7e3876eea875a8329b576a77bced6ad6c338a87a5cfc4c47a6f5dedc36de9e90

SHA512
4e9f90424773de91f1db2a841968d44d1a3dae12aa87b60a0f12dbc4a0db1bd470a6c30d234ccdbfa33b089cfb5907f45fde8c218d63fc45dc5878782cd1de40

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\Tencentdl.exe
Filesize
1.0MB

MD5
16e27465fc02e6974704fd2187e92144

SHA1
010a8f7ddb6d6b3263cb710d9f80e481db54be51

SHA256
7d33f460ff3c391a35402c3eb850f07996b1d94019b3d4505444ffab26bccda2

SHA512
b70e96aa3c185fbbdad56ffdd9bf9b6d5fdb1fa34bcde197085940adc453b9c4d7784dd37e9e1b137caf9d93dbdf8e379c20d3624aa961838f58ff8f1838ce1d

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\bugreport.exe
Filesize
711KB

MD5
7d41869ca010c7926b8888957a5d8d44

SHA1
b040e9b1d434e3c18da3f2b80dd160e17d864f01

SHA256
555fc642b7c0c407736558b93b8e0220f3bbd27f5dcbe03d7362df65a13c6f58

SHA512
e3f6bcedb1b4448f16e0f19d8e4deb02391ae4256da73fe67e663441cf31eebc38f3c348a871089d376b71f563dff828033a1851074d8c4f1b5a4c5ce3d863c6

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\dlcore.dll
Filesize
2.1MB

MD5
1123cc85ff12a2a9c44395e5362220cf

SHA1
6e886d10ee0ffaf118e13065283ddb7408099407

SHA256
544b58015ab218dfe4fbf1cbbea7fe9173f023edb254d4a9932a0656237e2a56

SHA512
8693d4fd1f2a83322f262af5a094c6bca57df734514106ddf1c2613f772c2aa2de16ca90a4aa275723cd336163634abecd85742883652c5f3f94d8bb58211d86

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\dr.dll
Filesize
415KB

MD5
4cb9fda1c2834db461049fb6ddfc30e8

SHA1
607a7388bab8197b7c3655d897335a7102dc837a

SHA256
228fbe4f959d61cfe0d83c3ce63e79ef0d4338d194e20d245cd4722732e25f4f

SHA512
0797087cd243bc37e92c78b5ad67642518cc418e9a49089ba5a0fbebde1bee15e7df55a2ad71d276e362031b1c1b68a335d1130922ec1246386bb5f9cef6c132

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\extract.dll
Filesize
361KB

MD5
e28497e0e9266ce04271815fac080f12

SHA1
9757f0b40b89201e16aae09339530d75d6f51cef

SHA256
81f92b3e0b9687b2258f521eb2ab25d65516494ae7cb08b4bc5bc290f2a2e0cc

SHA512
d46f60f2bbc3b811cd0bf2de199dca6f5a14a742614f093938ec6ffd7adbac5b3997d4e6e1062485842142a2f614dc4ada7170bbda84706a07fb86786d30c529

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\ClassicLogo\AddMore.png
Filesize
172B

MD5
020e693e12d5857dab9522c9822f9ac8

SHA1
25f02fe9626ca6064fba8f53471c8eeb685ed64d

SHA256
2a1d08aa13d300f9bc40c0e2de79a6f474700c3223a7dacc05fe051810fec665

SHA512
aa9c9892b2a73481d6162868a39b307b592a0d10cb683527ff25a08cd69b1f2e592879f536c4f893647fed69e6454ad6aa1389b4a11986cd9d505b341f8ffc53

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\ClassicLogo\AppMarketPlugin.png
Filesize
1KB

MD5
8d6e585aed5e0b9557901f2106fa6b55

SHA1
ed148aef3f5e8808dd33436f50a8fc131352217e

SHA256
35aee7196e14e414938fff76615882f3d8d2ddcaf3dc8a5ce7af83bd5b7b8137

SHA512
08b5a56766181f8802f54a45635dffa15762ce2719a8a53000bef1c4c126cc1c910e8f00d2e51369e6431e2b7a8ebf90f82fcb20e857d2a43e2685931bb4ee66

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\ClassicLogo\DownloaderMgrUI.png
Filesize
309B

MD5
680e35bb0777f6035fa6f820dee94bf5

SHA1
49ac84a28c3ee1df2a9e20b5ee2156ef6f1a5f33

SHA256
83e13d5b278892a80fc249a777d0b680a26e1022698736543b2cb8cfb375fdfd

SHA512
9ba89c700eb5f550db7052358052fd33831e4ca1acc558fb318624f23a492f48ebfce552a22a3fb09f48420c439e6d8633e199e836a109a8e727aa0a3504a997

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\ClassicLogo\FileSmash.png
Filesize
314B

MD5
6726047aea1db423af7016de0a4d501d

SHA1
effc1edfc70932c92489459d22e8973e4722780f

SHA256
371c6f598ee98dd04e34d452641948349da8deeae6a8d053b1fc5a17cd706e98

SHA512
19663cf34dd5002ad244fcbf5cd67a89d414f64ebabcee687e4bb0b951b6d3685f2d58e1fd178c496753c85d39d7c9cb81475eaedc8f1fae1d2b67f43e2b43ae

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\ClassicLogo\GameBoxPlugin.png
Filesize
1KB

MD5
c041db206c5213ba992396b8aeff4a71

SHA1
bbaaeab2af3cdf8a06e91058069bb7b064600e77

SHA256
cb44459b6b3f118d9efa11c73d823d78e5a415a6350ad57cabae10e04e8a88d8

SHA512
ecbe874031aef7e12c047459483ca629e2bc0c937f6c68582ca807315b26a40ca303e50fbe42d2562315b41d0038e929fd6f12aadfed84c903a396c527c7fbd9

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\ClassicLogo\HWPlugin.png
Filesize
565B

MD5
2a725dc96a8165124dca0b0c33738ad8

SHA1
e84183338458a19e888e0f38ca4b3713d60742ce

SHA256
b12028dd34cbe97d61215211b0a8dc4b367f9f3f1b3e9abe18cd12ff2c3af972

SHA512
b8476ae9414a3a2d81081250a8799eee38787e6a53bca99ad7ba7f6a019b1e49be941eede185dd46a3d010e9d6d2a678d05be8aad01f77641ee0aa13931c0b6d

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\ClassicLogo\IEStartPage.png
Filesize
433B

MD5
5165f30600eaffb6b3647a0b8b128e83

SHA1
9d2ad9bec172ab7ee39678e3ccc319e715f74eb1

SHA256
04288731b43616f4080180d6db2129a01a0afbf2f79caf6929e82c7b5ff56e9b

SHA512
217a013edc82d93299208f151cc43f6c9f9cfd72af9c524c551dffe718b0db9e52cb089436f9cbe3c39665c219b8ca9fbe0023aa4b73ce18c745cb0d3283024a

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\ClassicLogo\KingRoot.png
Filesize
878B

MD5
2f6e92c90af7c4097169424ecda04b11

SHA1
0f59c4fff68d50604366c546c59f801b8829ad55

SHA256
24159c57b3c0fe26727202008cf4e409c241ac2d7079c81515b61f3669ce8b47

SHA512
f1fe8f26ccbd7fdf84d41d6c61a73a4702d3df943f087baccc6559c55a222a3d6fdda8246c2e12adc8c512ebc2fad48f3b1bc57797362afd9b2b7d25ecb77bd9

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\DownloaderMgrUI\DownloaderMgrUI.png
Filesize
1KB

MD5
471dd520a6651137366c2e743c9d9820

SHA1
d678ad5471d9b98396ce88854aedb4dac2c4e389

SHA256
75817f28fc05b328a9fb8b60af281e42d8da449d5f0078a9e3ac9b3411a05520

SHA512
782ea3ca032da42d195e3893bb6f933d382120eac4846a0ef8d25630a27b2ff382dcc60ad52d1e313e75a77dae252c1d731f3091c30d2d4b93473c668d75f84a

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\IEStartPage\IEStartPage(big).png
Filesize
2KB

MD5
7fbc0e0c84fdc973d9074170d574f29c

SHA1
7ccb1045e16239743c8ef93e10129c448ad2aa1d

SHA256
4127606d2cda1813693d67f8efb6c9c709ab065016c7a1c5cc385046f811a9cd

SHA512
bf1911eb94c1e7fceb736f6d48425af7ad41032c469da998d8ef4b1c01bb25a1249fbb11366ee7ea6cc6bc8d501911442ca520f9d845b145800ecc9a70dba5b5

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\QQPCWifiSafe\Common.dll
Filesize
1.8MB

MD5
9f97986db2dc0b1984c5b86d6e6cb277

SHA1
d842f83b3f6c92bdff10d19307f165dae1034c03

SHA256
44536e1001edbf1b6060bcf76c0e1b7f52868396efcf41f61b3bb346c605f121

SHA512
4af63af15ac67e807d297c45adf65ae198e4a033e89fc6f35c0e4c43abcf57334a4266fa1aa13f4f6605dd2058a74f56e757369079ea11ce8cbca0800c8a313e

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\QQPCWifiSafe\GF.dll
Filesize
2.1MB

MD5
98537ed2b637ee9fe613d356d6a2315b

SHA1
0567a032d2824dec33ee306cd57ba88f55f06dd2

SHA256
52b303f8cd7cf5f958b4a726d6c15f19d26e15a067ec8fdd8924ce930f386bba

SHA512
cb14eb2aa509fa74857c5c8431b1333c92b2ad9c5a87edf747e281066c2073e09ba139e02d8596ab0f7114a58aa6a9bf12c40c0e018423f8c80d739d2f122c73

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\QQPCWifiSafe\arkGraphic.dll
Filesize
334KB

MD5
6e67cc17373df5c4f0d4c911b8abd190

SHA1
cec68c7f6ff3830654e7adc7e168729e325a12be

SHA256
a0877adadf0609814676c01c0073687edc9fbb9a2dbef77599e8cf33cd3becca

SHA512
8d4da081e92aeeb39c0bdae5172eb0360ff14952670632d2226bab9cc1faeb60ce89c3326d5c2eac24fbcc5600c1b5a772850d16963898b219636e99da5965e9

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\QQPCWifiSafe\jgIOStub.dll
Filesize
13KB

MD5
81078ce3a928d63f9611a132e9deb6bd

SHA1
0181fb1340833cbe4f9a268b01239b28e01f80fb

SHA256
e5b9766a0ce2183d16120247ea40734c6e35d8c6a31dad3f00b541e9078d74b0

SHA512
8b5415adcb28bf7e19305cbe11aee65612abf78677f1d8166b7d605abcf842c9ed11b9ed3d81893c3c92f57e7986c30eedcdf32bc6fd4c3926627f164f499c3f

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\QQPCWifiSafe\jgImage.dll
Filesize
44KB

MD5
46e22ea434f8181894233d29201c51f8

SHA1
2bdd24ec7d638363f522463b52f6ac8c17353ee1

SHA256
5552936556414a2210ca41a274518ec80fa4ec7b8940d5dcf26cc76a0708b146

SHA512
c37b145ef7d6c58e373706c76e097922f7092c48eb801a0e537868108157e28cf4472ac548a3fdb1f7485830b48acc4f8194d6622a4533889c3f5553350367da

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\QQPCWifiSafe\libexpatw.dll
Filesize
134KB

MD5
015c6f01b16a55cb24bebcc3c8d94f1a

SHA1
de2df059b878bafece411e98c63fd4c02125ffd4

SHA256
bce56a73d43e5d83e618bdc45ac7be450d7d11f86672928213edcd48e25a13db

SHA512
40bdee40e517e81ae1e996863f4606e07c2838b3a74240da27693b2dca18866dd8ba12599c3c250bffbaf193156bf1052c1eccc6d182318c666fabf4987535e9

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\QQPCWifiSafe\libjpegturbo.dll
Filesize
278KB

MD5
d4a6b70e64e19884a80b8f0b205c1045

SHA1
14f821acb93ff13b9d6bcaa40316f9605d958589

SHA256
7cfb2c8456ebc2c0dceffca96a7f63ed2c293b99d4a115bb01590b87761c2b37

SHA512
42575802b48f16baa5024fe186c5b7c1f348888896dfcc8c88425b4cfad8428a354c10c782cd8498558a1084fc0800968aaf50da0c90dc2d276da6ccd8378f49

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\QQPCWifiSafe\libpng.dll
Filesize
154KB

MD5
772bc1ecc5f7e5655145dd61e6ece349

SHA1
14553cb511d3cbd2056ddea7a1e019abad5f9b25

SHA256
092d9313e4456c0d36385dc1d76975e4c574e4806e01e7de340b6f6c651c0173

SHA512
be7a54c5f79ba0334ce16193a9c8744cc8f24438af5515677f30b3b2056913a962d4a6d1893000a92cef325f9c07ea6d1f3e51a9af520dbddf05b35557b8ecf9

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\QuickOpenLogo\GameBoxPlugin_QO.png
Filesize
2KB

MD5
e014c091bb16d480d17530f18298dc54

SHA1
ecb3b854edfb477a566e02c206f84167a90b2390

SHA256
82926501f2a77a68fe5248fdbb96db585804e0eb223e2ca1cae01652efe4468f

SHA512
3e669fc39a77ed610e6dcf4ea22584fd35effd10fbe536d1634c1dc208f0b4c5ace0d5f64a50fb59d8e770778df98733b92aede3d2d93b67ac3bb631e2e02ba7

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\SysHomePage\GarbageSoftIcon.zip
Filesize
273KB

MD5
e78e85abcca969929a00664a14c80673

SHA1
8344090a69b49cdd239ce74013b58ec06be687e5

SHA256
969596e211d736e02b8b3b99d4fcfcfa3de50989c21a1cbe35d69e69c9900cbc

SHA512
0fae92d233926497d7395a9781d07beed481cbcd3585337a665f851167ca53a44a7b913885f3ad011fb6b8a5510bd90859b1b95ba53c9b7a25e0acd59e466a9e

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\SysHomePage\HomePageRecommendItemsRes.zip
Filesize
8KB

MD5
0787a1e15edfb0f87625f770bb3fae2d

SHA1
56838b6a1afad2bd846a3ea85da3241c56a59026

SHA256
3d09f8c0ea2c0e379bca115cb00af7517bd93dc04d683d7bfe34aa42078a9fbb

SHA512
5949bfae26497be21cde7d325c719edece1f7a9da785a127ef20da4accb999d221519aae332379b9e677078c06b0a9b972af670f603ae27dc026cae98b4f0df2

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\malware\malware.png
Filesize
2KB

MD5
36cd3e13a99b8febad744cd5eb4a6019

SHA1
29dd9314df3d76cda0e52f2d316eae9912be2e48

SHA256
ef06a769fbbb445047efbc04095a3eb3d1313bdaf9fe4230a2eae40adf18d3c6

SHA512
cf8fe8db108ace80150e90aecca89067d60ef7a1e4076bd86cb2e955cb189a3800fe3605d0f655f499ac71dbd415b223c6fd6be087259749afbea17a9f080248

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\qmsoftmgrupdate\updatedate.txt
Filesize
20B

MD5
cc2242e27245804799b5168f23a84245

SHA1
4f34df176c664a74b3dda7beed3e6533126fe243

SHA256
ffdeb079535cfa7c1a9d8829a9b04cf3dd58fbb79e8e12190fbbdbaf08e04aed

SHA512
d237e314131a050335fa0670e850f7c0200d4e35d9236a4622222fba43e77b249a3075e253fd3c009adb6addfdfda63a20edb264c5284130acd54203b48b534a

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\sqlite.dll
Filesize
471KB

MD5
b783b7c4334b72251668097fbb373db8

SHA1
794d76cc0f3e22b8c13a149bbf6b693843aaf23c

SHA256
8df8765748f41b6cdf205b4a34ed56991131610c3657deadb16a8f36aec02818

SHA512
a9750c8e8dd1270e9132e3b63dd97717b7f748521656c57c633c6b6b1492901b465abe305d10efaa6b5d80877a6f18194bfb73b4215f2f2ae4635375bf6b10f5

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\tpk\Data\tpk3D7D.tmp
Filesize
85B

MD5
079bea95c9b6da800a9f7157d1d2e608

SHA1
49b2e5ec742d7a64c5305b66021970d8ae9f4643

SHA256
861b42028dccb37b8ab589e0d4e5a43d2914864d0241f04defe1d8787ba4c185

SHA512
9518033205122f2f69ebea8aa84d25b42ec4d6ab996d28076f91b178bc91fe5c9c73c03f3a873f2b38fe074c6e550eb4b5ade1790a325a4cab55a964ad04fccc

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\tpk\tav.ini
Filesize
816B

MD5
c64340a37ff69e8ce6ddf862833aae23

SHA1
9bc6c13fc3122b88ddabdca39eb8d5e33b048d69

SHA256
7dc5541cb03d41c6aeaecac7058c98bb1ae6e31e0140a356b6c68d4998706b6e

SHA512
7f2b548eb2a9f6f0d13fbb37fd7dbb5832a39c6a4d32a9ec7a77e46796e430a1e1101df70502ac0bc73161ca7e0f61adcbf2a053c868d53de6113e8c220b09ef

Download Submit
C:\ProgramData\Tencent\QQPCMgr\AdFilter\AdFilterRuleItemStatus.xml
Filesize
252B

MD5
cb0bdebef47c18a7c8b730631a6516a9

SHA1
35bfb810eacf5b1550253cc97e0f105a5c73ab22

SHA256
44f6d60793a8bc32d77886de0b820a167f745803a75e6b4101201fb93ac36da3

SHA512
b3196d9a346b5db70e9fd697e811e4f8589d1a67792fcbd37d21cb34a0a98cec6d1ed05711587027efc4b6912da9d03e590a41671faeb8f03834626300f357a8

Download Submit
C:\ProgramData\Tencent\QQPCMgr\AdFilter\AdFilterRuleItemStatus.xml
Filesize
407B

MD5
97e72b24608cf1c1eaf5154f61ca7669

SHA1
eff6ad281d6b113f9785e231456d05c4a84cdd6b

SHA256
442321c32f6720676b86f586c25d4f397ea3c89661895cc207369dfdc75beae0

SHA512
88ba973120445016d801a788641a43acd15c307dc92b4080f0ff88e77d34559fcc4866485fb41506fd89bc1e34c1e82d52fa978a807318caf7206f6c7782a9d9

Download Submit
C:\ProgramData\Tencent\QQPCMgr\QQPCMgrInstall_20240525230019.Log
Filesize
5KB

MD5
ee0daf5a044b62da97f16950c3162151

SHA1
d7a98164762c72ced4592f74bee62ff111a1cbc4

SHA256
13b42905c107a42978c909833ff26972851be2f3510f740396ecbbde928a4e53

SHA512
64936344272f29992ad3dc4add306a34f6cf2ca5d2914f5688aa7eace8964a166897465f8ffe660fe20a99fb62c94c1677f468379b124e7a42ba6e811b229142

Download Submit
C:\ProgramData\Tencent\QQPCMgr\Quarantine\QMCommon.dll
Filesize
699KB

MD5
36c37334f379ff1b8f579b4318020897

SHA1
68908c222668a8e71323891b9722f0a178d6df1a

SHA256
8eb121d2f3b3d654efbb74f5006d6169009e97f583ec6fd99e90c86547afafd7

SHA512
c6d9ba9b88300b89a153b4541924d3d1064189cc172f9b056299a3a1304621cd01f8c4fa54d8e27ea9dc2518b6d01ceccea046c488cdb439f9ace338bb1a1d07

Download Submit
C:\ProgramData\Tencent\QQPCMgr\qmvext.db
Filesize
3KB

MD5
802c883473536602fcd602f6b73f789f

SHA1
d5f0280437e820e37c61c194a3e02db9a32391f1

SHA256
57f3f423ff93dff538024fb4234f9d43b355c812a76fb7cc58f55c180cde3ad9

SHA512
514fc93a94a14bc7de882425552e109290668bd5f7e009d0d16b13ed7bc3cc83fb5331f69382ccfdf546f352388c4641a504755291902a4d5a4587bc3efc9d75

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3D2F.tmp
Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3EA8.tmp
Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3ECA.tmp
Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tencent\QQPCMgr\~f761ae0\RemNPX.exe
Filesize
39KB

MD5
fcb991d99796bfeac2378fb787b23d03

SHA1
7a3c85c6d7e64b98bf029158a5fa2b40f194749a

SHA256
f842e1ebeb8787c72ab9edf4dfe5d365ad865798a5f7e2d07d48c1f12771925a

SHA512
462e121192ab674b3a7e2411b0a28ca85046dcc8e757cd9fe387809e4520c97abbee62a61a0f2164f429794d46c321e6d32d93ab74445f7ad2f9be6f7d052870

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tencent\QQPCMgr\~f761ae0\TestMSVCR_64.exe
Filesize
16KB

MD5
03d4d6e095bd4883ffdb1d2efdb113f5

SHA1
617a1eb4455389d29b4c4aa225d9ed36685d79a3

SHA256
b5c01124d80d96ceff8829f3623044151bb14e4111a8d241abe00dfbfd173601

SHA512
c4047c355da3cdfa6a359c7e4c0e170ab75ff53f6ea3dfd754b215991b9de158b8fc0c41b79a38a9591801ce4062a6af44ce8104e647c6a492fff75c4c4f0643

Download Submit
C:\Users\Admin\AppData\Local\Temp\sec6E0F.tmp
Filesize
470B

MD5
1e23b5d98efadef56e01865bcd8c28a4

SHA1
e5222286d6ddeda80f53c719cbaa5a499b10bf99

SHA256
7f7dd58953213755d1779aeeca030e1c8c378a1949859434437fdc619f7c50df

SHA512
0dfbd1fac93eb84ed6621340e58dc87623a1820876ea6f6950f221840135639e9b64f634e8fdd7755958c1af5924793a41022ac44cdfca5e71cbd68c49fae256

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\强力卸载电脑上的软件 .lnk
Filesize
1KB

MD5
f3dc55c094990b9e625b62b162be83b4

SHA1
3e992e0b683f5ace1c2ef6d6e153850e4e66b93a

SHA256
99cfeac8ed69937a78513a43e5375f6fed285831fd250dc5c0a90c7a75f96a1e

SHA512
571b8dd635d69ccdb3ba1f1a7e80236b311e1e7514c83bb2e661650cfb5f1866d4fecf04aafc888dfcad7437bb3a7a3aac4c481ebdc1ba434fee1e138f15d876

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\电脑管家.lnk
Filesize
1KB

MD5
fc44a0e6ccec6ab710008bfc6bc8971a

SHA1
ac3226bdee9d61de6d993c14d86e3ec092927424

SHA256
d46bdf8a9926a72b87f5b13c212dbc438356ce4aca305fd0bc8df31085dfed93

SHA512
c87d3ad2a04153ed9b3cf05ef3ac4eae13589bbea9fd1647d251191b69c71f53a86bbc78674ba9fafde28407333b9dcd2d3dac5c792e2f1e40859fee9a5f6856

Download Submit
C:\Users\Admin\AppData\Roaming\Tencent\Tencentdl\dlcore.tlg
Filesize
23KB

MD5
bb0622b3531ab2b91cb07c05fe3fcc47

SHA1
6c1de5f57686bbec832f173c6a70314223936989

SHA256
2e1a696cb0f00c3832c2a3e746a7508361427ac9cece2927a85ee4f1080c4fb8

SHA512
95f8c248ac756c674967ea24dfbcee2b8edaf9ff63f699d35e04d85dc8a7078cb8baf77c58a91651fdbaa468ca18d2909aa722878f0b724ab12a841c082a1360

Download Submit
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Tencent\DeskUpdate\GlobalMgr.db
Filesize
190B

MD5
53f51ecbdcd09624bde248ac6b3f178f

SHA1
1be47ae76466efed7cbf951422a5ca05a6aecfb0

SHA256
eae865f677fdf7241adc4e82327452d6bf1cc9bb09f787b0d538b19ed634cb7c

SHA512
9dcb1649c74db455c64aefb98fb41af631f20b877ad8490ceedf8076c5f4d10fb782710a77b9de7b676c9d9ff35e936c027ee4d31a5ed21402e2e667ec35b851

Download Submit
C:\Windows\System32\drivers\TAOAccelerator64.sys
Filesize
87KB

MD5
01a616675a18b76fd246f767f7b4cf97

SHA1
7b1978b7d57be6aa4c64a645e238cb238e389a65

SHA256
1ed8a94e3df0b2e953c942f8164c1d4c151df7638da7ac0c3850fca3e77978d8

SHA512
555c24829ec7f6a9743eb91d38e867efe7311393debb9ea7f401b59b556e1cfe462f99ad20c82b96d3fd2e9c7a35123d69713a2ce487704a6e3663c6b8ebe50d

Download Submit
C:\Windows\System32\drivers\TAOKernel64.sys
Filesize
134KB

MD5
560901a4be922915a1a1498a7faeabc0

SHA1
693d1e5dd3107f69d6b6310bd1c560c8e921157d

SHA256
d69e63a991c039769ed87cf56a0ad08ab40262e840bd11ded64621b79652346f

SHA512
658fca2e818b0a8bc72d00915f29edb6b5ecb5318943fb37a3035765c80a715762ac4980ae8eb316dba942ceee24e60fe7746a6602b156f63ea3b8b01613adb6

Download Submit
\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMGCShellExt64.dll
Filesize
454KB

MD5
d0d8134aa6427034ac1881071d776157

SHA1
df924efc01d0e5e1829207313117f2fd6ec7a6f2

SHA256
297b9bf419c8dc5781117e12b5ec45c1dae06622f555007cff4c997103814ade

SHA512
81af6e46b2a41383466b53661a41f978f98fe7029e1de34129aa1d8c252024e0ba18df811f8ef5d359592f1523527322131604b07c07a0372eac7c8d7149ed68

Download Submit
\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMIESafeDll64.dll
Filesize
361KB

MD5
1d20787fdb0a0bb020631f283a765e8a

SHA1
be54207000210020046e90e9c085e980dd71f76f

SHA256
4ff7d2e5dc3e361b433186db15f157d268074df30b7bd5ced16853cb09cd7909

SHA512
cd5963843da962755c116d6673ea260a502cb11535ab03802395121f2322682165849e22e5d11cbe404c1970b720105644da7e55c370fa1e2ae21b9b3fb29a01

Download Submit
\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCRTP.exe
Filesize
294KB

MD5
0b925de09a557b0b213108d642ba9416

SHA1
91b304e8fff0874a381a8095736196c63fa7b138

SHA256
681ffbab477d05d2285492c6938695c2c58fc80a8e69107ac6339221ba0cc3df

SHA512
a1ae1b1675c3b50daf74de45110add8a9954293ce288c3d5becae1c2ddd586c4a91c3ca009e5ec7ba9c55886494ce75042c8aa0f4ec8abec2f7472827bcfeb8c

Download Submit
\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCSoftMgr.exe
Filesize
1.6MB

MD5
7ee255758a83959ed01ed6318914dd53

SHA1
073de4b7b2cd538d20e40d49c1cf142c2aeaf7cd

SHA256
f2f67cce85c3f6c524b848f5101c1323ad66b4d00f1fed88941cdad9e94d45ea

SHA512
0d466c95e51b9157b2ae920f3ca67156a07aab4cbd083c819adb38c624f6651b1c752896cd99a41fb45a222dc8fecd64cd2fc5103c734e8929c5e546e70b78b5

Download Submit
\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\Uninst.exe
Filesize
1.5MB

MD5
797ff01fe6a83fd92868b9eded3dede8

SHA1
42d352d32ddcb4bf4f043ab05beda5a83715c0a3

SHA256
9304a9d02b42cd343146259cdb2f097107d26e1bfb759e9faa1e75a4719b4bcc

SHA512
1b512f5f8fe615dd816089cac048f1d4330b4a7baf2a8cd9855591f5bb8b5f653b2b07af5006b45b2548d6ad90cac9b7abe7010ce2b4fdfb776f55f6f995acd0

Download Submit
\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\exnscan64.dll
Filesize
531KB

MD5
dc40a8b45a3581278c69ed498c360e05

SHA1
dd923b0017f846a6d1040b58d4d8143dd2d54d1f

SHA256
a1cba83a7441fc0da639890ac70d73781d994e155283f8947677b9d623023b03

SHA512
f318e536968c388b97b4fccd33643b6672ca128b869737fd1c64fe88630965b8570aeaf3a377dd94da1e262bd545cde7ac08b1e5811a33ad1aa7fd1391297075

Download Submit
\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\PluginInstaller.exe
Filesize
158KB

MD5
5d8604f4980f677e4b16e5f4ab14e6db

SHA1
bc32bd7b12135129d02dabf9ffd5a4ff95607d79

SHA256
24f4ef8ca38c35d483c81a5b0d1341f82253925b7f53a7f086d894781aa5fd74

SHA512
943a2aa166bab0df410af15a4ec3eae8d2c014f6cb23745f810a53f408aa45a8016256b4892fcd0a7f2418965b6b418f8d6e7a9ef7655254e42e5d4f81eab314

Download Submit
\Users\Admin\AppData\Local\Temp\QQPCMgr_Setup.exe
Filesize
48.6MB

MD5
68c63693d18b306db89b11544be50f66

SHA1
900ac235b1eec0fba9e654dd0ef6e455946c3303

SHA256
480dd6bb66d1501b8b67bb6fe771a5068f0cdf1a1d563253bc29578ddd11aefb

SHA512
5099fb78f9a0f861fa5c6575f2022ddb977e0cf399800a4d0740fe60e33c1c87dda592e678aa44b13d83e400e25408aa7044bc7bc47b05be40853f39dd64356e

Download Submit
\Users\Admin\AppData\Local\Temp\Tencent\QQPCMgr\~f761ae0\InstAsm.exe
Filesize
100KB

MD5
2cf3201553b4eabb62a35143a808381f

SHA1
e70a8f68ae3b8761a2ae75ace72f97bde0b3aa81

SHA256
3de1b79a41e5deb6366ba9f13ff65e47697fddbf7f355995fdd45f50c3668249

SHA512
2665d0fc15620c2125e65d27664ed80936e8b281293f0726fb7c3ca4590462bc13c7c607d85e74f67c91bbd61868a1f30710b0469db3657d5aee99983751b059

Download Submit
\Users\Admin\AppData\Local\Temp\Tencent\QQPCMgr\~f761ae0\PackageConf.dll
Filesize
295KB

MD5
e4cdfcdb876f3f841bc0bf33711607a8

SHA1
c46bfebe303e90db223cd6341e6ea65614eb4a07

SHA256
7da0eef66c14f02ecff18bf60be7673916aa05492dd31e4580675f333008c5dd

SHA512
dac6515ef07a6d676e14df97f8eb99c6149b19cd9e75f0cfa6e10e310c4f4e81d2cb8f0632aa8a029e1c6e2e8b03489b2edec82085f8d0b0723dc20fca2031ee

Download Submit
\Users\Admin\AppData\Local\Temp\Tencent\QQPCMgr\~f761ae0\TestMSVCR.exe
Filesize
16KB

MD5
4b847825788ec131032f106500638b92

SHA1
b5948921e9d3331eda2906cb664d32ab05564434

SHA256
3313c7606698e6721f65a8ec84e7e1f95859b39a7e2ca40463164788ab00565d

SHA512
e1390df49d8c101aa946ec01600ea7a55953ca950011e64c6343d672179ffbe5e1eff98fadc1b38464702e20c7c1e830eb928a1886dbd4ed4c95a57abbd29146

Download Submit
\Users\Admin\AppData\Local\Temp\Tencent\QQPCMgr\~f761ae0\dr.dll
Filesize
427KB

MD5
68a34245c650829c613e9068bdc6f79d

SHA1
f877ad637c2097915ba894fdccb1a596a52a726e

SHA256
c72cc19b9ee4546378d22483d5cbe612805be585658df9d28677174b19c2b3bf

SHA512
1c9181c1693f3fb4c3044f57f9113f1858cb709c56ea7beec1d41026c4a64070e221dcb61669fbdab63fc0669df24f4a126ea517a157a738b9a35d784cef9afe

Download Submit
memory/1192-2614-0x000000006FFC0000-0x000000006FFD0000-memory.dmp

Filesize
64KB

Download
memory/1192-2617-0x000000006FFC0000-0x000000006FFD0000-memory.dmp

Filesize
64KB

Download
memory/1192-2850-0x000000006FFB0000-0x000000006FFC0000-memory.dmp

Filesize
64KB

Download
memory/1192-2854-0x000000006FFB0000-0x000000006FFC0000-memory.dmp

Filesize
64KB

Download
memory/1192-2585-0x000000006FFD0000-0x000000006FFE0000-memory.dmp

Filesize
64KB

Download
memory/1192-2607-0x0000000004C60000-0x0000000004CD5000-memory.dmp

Filesize
468KB

Download
memory/1192-2611-0x000000006FFC0000-0x000000006FFD0000-memory.dmp

Filesize
64KB

Download
memory/1200-2602-0x0000000002580000-0x0000000002585000-memory.dmp

Filesize
20KB

Download
memory/1200-2601-0x0000000002580000-0x0000000002585000-memory.dmp

Filesize
20KB

Download
memory/1200-2599-0x0000000002580000-0x0000000002585000-memory.dmp

Filesize
20KB

Download
memory/1504-2551-0x0000000075760000-0x00000000757FD000-memory.dmp

Filesize
628KB

Download
memory/1504-2547-0x000000006FFF0000-0x0000000070000000-memory.dmp

Filesize
64KB

Download
memory/1504-2548-0x000000006FFE0000-0x000000006FFF0000-memory.dmp

Filesize
64KB

Download
memory/1504-2549-0x000000006FFF0000-0x0000000070000000-memory.dmp

Filesize
64KB

Download
memory/1504-2552-0x00000000767C0000-0x000000007691C000-memory.dmp

Filesize
1.4MB

Download
memory/1744-52-0x0000000006C50000-0x0000000006C56000-memory.dmp

Filesize
24KB

Download
memory/1744-43-0x0000000006BF0000-0x0000000006C3A000-memory.dmp

Filesize
296KB

Download
memory/1744-2537-0x0000000006CB0000-0x0000000006CB6000-memory.dmp

Filesize
24KB

Download
memory/1912-2869-0x00000000767C0000-0x000000007691C000-memory.dmp

Filesize
1.4MB

Download
memory/1912-2868-0x0000000075760000-0x00000000757FD000-memory.dmp

Filesize
628KB

Download
memory/2156-2651-0x000000006FFF0000-0x0000000070000000-memory.dmp

Filesize
64KB

Download
memory/2232-2883-0x0000000007560000-0x00000000075D5000-memory.dmp

Filesize
468KB

Download
memory/2232-2881-0x0000000007A50000-0x0000000007E5B000-memory.dmp

Filesize
4.0MB

Download
memory/2396-2496-0x0000000075760000-0x00000000757FD000-memory.dmp

Filesize
628KB

Download
memory/2396-2499-0x00000000767C0000-0x000000007691C000-memory.dmp

Filesize
1.4MB

Download
memory/2396-2494-0x000000006FFE0000-0x000000006FFF0000-memory.dmp

Filesize
64KB

Download
memory/2396-2493-0x000000006FFF0000-0x0000000070000000-memory.dmp

Filesize
64KB

Download
memory/2552-2522-0x0000000000D30000-0x0000000000DA5000-memory.dmp

Filesize
468KB

Download
memory/2612-2645-0x000000006FFD0000-0x000000006FFE0000-memory.dmp

Filesize
64KB

Download
memory/2612-2644-0x000000006FFE0000-0x000000006FFF0000-memory.dmp

Filesize
64KB

Download
memory/2684-2538-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/2728-2515-0x000000006B900000-0x000000006B910000-memory.dmp

Filesize
64KB

Download
memory/2912-2560-0x000000006FFF0000-0x0000000070000000-memory.dmp

Filesize
64KB

Download
memory/2912-2565-0x0000000075760000-0x00000000757FD000-memory.dmp

Filesize
628KB

Download
memory/2912-2566-0x00000000767C0000-0x000000007691C000-memory.dmp

Filesize
1.4MB

Download
memory/2996-54-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/2996-53-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download