c3bb5e5ecba6aeacfb42b4f382498b44c852985560afa0955eedd532f20cf419

Analysis

max time kernel
136s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
25/05/2024, 23:00

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

738931afefb9203f72ca108978203d0c_JaffaCakes118.exe
Size

49.0MB
MD5

738931afefb9203f72ca108978203d0c
SHA1

53e9662624aefedefa0a3bf5ac9fb0fd0eebc88e
SHA256

c3bb5e5ecba6aeacfb42b4f382498b44c852985560afa0955eedd532f20cf419
SHA512

c22ad1ce39e9fff118853cb2dd2993189bc44207c9ae14ffbed7ddf3773fb9ce8d870eb0a898b7529040dacb413ed25685d6c27383da3d180031792009c6a4bd
SSDEEP

1572864:qdtIkx6/+j3kaDJLoT/jAlrrQuQD+mSI4fLN9FVLBT:qdtnx6/+jUahQjQ8ukSvN9Ft1

Score

9^/10

bootkit discovery evasion persistence

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	QQPCMgr_Setup.exe

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File created	C:\Windows\system32\Drivers\TFsFltX64.sys	QQPCMgr_Setup.exe

Sets service image path in registry 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\QQPCRTP\ImagePath = "\"C:\\Program Files (x86)\\Tencent\\QQPCMgr\\11.4.17339.217\\QQPCRtp.exe\" -r"	QQPCMgr_Setup.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\ QQPCTray = "\"C:\\Program Files (x86)\\Tencent\\QQPCMgr\\11.4.17339.217\\QQPCTray.exe\" /regrun"	QQPCMgr_Setup.exe

Modifies Windows Firewall 2 TTPs 2 IoCs

evasion

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

pid	Process
1812	netsh.exe
2324	netsh.exe

Writes to the Master Boot Record (MBR) 1 TTPs 4 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	tencentdl.exe
File opened for modification	\??\PhysicalDrive0	QQPCMgr_Setup.exe
File opened for modification	\??\PhysicalDrive0	Tencentdl.exe
File opened for modification	\??\PhysicalDrive0	QMSuperScan.exe

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation	Tencentdl.exe
Key value queried	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\Control Panel\International\Geo\Nation	tencentdl.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\RocketConfig.etf	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\TAOServicePlugin.etf	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\AppLaunch.48.prf	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMTrayPlugin\QMTPIEStartPage\QMTPIEStartPage.rdb	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\QMArpMgr\Common.dll	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\malware\logo\plugin_1755.png	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\ClinicData\script\pb_1020.dat	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\ClinicData\script\pb_2000.dat	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\QMNetSpeedTest\QMNetSpeedTestDll.dll	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\SoftMgr.dll	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\SuperKillModules.dll	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\ClinicData\script\pb_1603.dat	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMTencentNews.dat	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMAdBlock.rdb	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\HPScannerPlugin\HPInternalScan\HPInternalScan.dll	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMTrayPlugin\QMTrayDetector\QMTrayDetector.dll	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\malware\logo\plugin_657.png	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\ClassicLogo\QMSysSlim.png	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\RtpPage\RtpPage.png	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\TsNetMon.sys	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\HPScannerPlugin\hpiestartpagescan\HPIEStartPageScan.dll	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMMain.dll	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\malware\logo\plugin_587.png	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\QMBDScanner.dat	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMTrayPlugin\qmavtrayplugin\QMAVTrayPlugin.tpc	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMSysRepLibDown.dat	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\malware\logo\plugin_949.png	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\ClinicData\pic\sBoth_Disconnected.png	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\ClassicLogo\SoftMove.png	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\bugreport_xf.exe	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCSoftCmd.exe	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\tsskx64.sys	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\ClinicData\script\CommonDef.dat	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\TAO\NiZhanConfig.etf	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMTrayPlugin\qmudiskmgr\QMUDiskMgr.tpc	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMContextUninstall64.dll	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\ClinicData\script\pb_1412.dat	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\TSWebMon64.dat	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCExternal.exe	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\QuickOpenLogo\QQPCLeakScan_QO.png	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMRouterMgr.rdb	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMHIPSLogPolicy.dll	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\SoftMgr\arkGraphic.dll	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\QMIEMalRtpPlugin\QMIEMalRtpPlugin.dll	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\UDiskShellExt.dll	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\TAOAccelerator64.sys	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\malware\logo\plugin_125.png	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\ClinicData\pic\sCheck_Wireless.png	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\QMBluescreenFixer\bugreport.exe	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMSignScan.exe	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\QMNetMonPlugin.dll	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\sqlite.dll	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\SysOptLib.dat	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\TAO\AGEConfig.etf	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\QMSCVulPlugin\QMSCVulPlugin.rdb	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\SoftMgr\xImage.dll	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMTrayPlugin\QMSXTrayPlugin\QMSXTrayPlugin.rdb	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMAccountProtection.exe	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\Tencentdl.exe	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\qmcloudinter\QMCloudInter.dll	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\HPScannerPlugin\hptrojanscan\HPTrojanScanInfo.xml	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\ClinicData\script\pb_1027.dat	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\HPYellowTipsMgr.dll	QQPCMgr_Setup.exe
File created	C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\malware\logo\plugin_579.png	QQPCMgr_Setup.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\Fonts\FZLTCXHJW.TTF	QQPCMgr_Setup.exe

Executes dropped EXE 12 IoCs

pid	Process
2432	QQPCMgr_Setup.exe
1116	TestMSVCR.exe
4584	TestMSVCR_64.exe
2548	InstAsm.exe
4840	PluginInstaller.exe
3740	Tencentdl.exe
1184	QQPCRTP.exe
2488	tencentdl.exe
3628	QMSuperScan.exe
5028	QMCheckNetwork.exe
3132	TestMSVCR.exe
936	QMCheckNetwork.exe

Loads dropped DLL 38 IoCs

pid	Process
2432	QQPCMgr_Setup.exe
2432	QQPCMgr_Setup.exe
2432	QQPCMgr_Setup.exe
2512	regsvr32.exe
1100	regsvr32.exe
3544	Process not Found
4840	PluginInstaller.exe
3924	regsvr32.exe
2268	regsvr32.exe
3328	regsvr32.exe
3804	regsvr32.exe
116	regsvr32.exe
3512	regsvr32.exe
1184	QQPCRTP.exe
424	regsvr32.exe
1668	regsvr32.exe
1184	QQPCRTP.exe
1184	QQPCRTP.exe
1184	QQPCRTP.exe
1184	QQPCRTP.exe
1184	QQPCRTP.exe
3628	QMSuperScan.exe
3628	QMSuperScan.exe
3628	QMSuperScan.exe
3628	QMSuperScan.exe
3628	QMSuperScan.exe
3628	QMSuperScan.exe
5028	QMCheckNetwork.exe
3628	QMSuperScan.exe
5028	QMCheckNetwork.exe
3628	QMSuperScan.exe
3628	QMSuperScan.exe
936	QMCheckNetwork.exe
936	QMCheckNetwork.exe
5028	QMCheckNetwork.exe
5028	QMCheckNetwork.exe
936	QMCheckNetwork.exe
3628	QMSuperScan.exe

Modifies system executable filetype association 2 TTPs 7 IoCs

persistence

Modify Registry

T1112

Change Default File Association

T1546.001

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\QMContextScan	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\QMContextScan\ = "{63332668-8CE1-445D-A5EE-25929176714E}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\QMContextUninstall	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\QMContextUninstall\ = "{CBDECEF7-7A29-4cbf-A009-2673D82C7BF9}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\QMContextScan	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\QMContextScan\ = "{63332668-8CE1-445D-A5EE-25929176714E}"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\QMContextScan	regsvr32.exe

Registers COM server for autorun 1 TTPs 16 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CBDECEF7-7A29-4cbf-A009-2673D82C7BF9}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D4801E96-E7A1-45F6-B124-7A36DFB40B81}\InProcServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D4801E96-E7A1-45F6-B124-7A36DFB40B81}\InProcServer32\ = "C:\\Program Files (x86)\\Tencent\\QQPCMgr\\11.4.17339.217\\QMContextUninstall64.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{63332668-8CE1-445D-A5EE-25929176714E}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E52EB753-1F56-4DF7-BE53-2C314AC5F8A1}\InProcServer32\ = "C:\\Program Files (x86)\\Tencent\\QQPCMgr\\11.4.17339.217\\QMContextScan64.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{63332668-8CE1-445D-A5EE-25929176714E}\InprocServer32\ = "C:\\Program Files (x86)\\Tencent\\QQPCMgr\\11.4.17339.217\\QMContextScan64.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CBDECEF7-7A29-4cbf-A009-2673D82C7BF9}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B7667919-3765-4815-A66D-98A09BE662D6}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{63332668-8CE1-445D-A5EE-25929176714E}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E52EB753-1F56-4DF7-BE53-2C314AC5F8A1}\InProcServer32\ThreadingModel = "Both"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CBDECEF7-7A29-4cbf-A009-2673D82C7BF9}\InprocServer32\ = "C:\\Program Files (x86)\\Tencent\\QQPCMgr\\11.4.17339.217\\QMContextUninstall64.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B7667919-3765-4815-A66D-98A09BE662D6}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B7667919-3765-4815-A66D-98A09BE662D6}\InprocServer32\ = "C:\\Program Files (x86)\\Tencent\\QQPCMgr\\11.4.17339.217\\QMGCShellExt64.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D4801E96-E7A1-45F6-B124-7A36DFB40B81}\InProcServer32\ThreadingModel = "Both"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B7667919-3765-4815-A66D-98A09BE662D6}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E52EB753-1F56-4DF7-BE53-2C314AC5F8A1}\InProcServer32	regsvr32.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 7 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16EE6530-8649-4F42-A9E4-F6A3295AF975}	QQPCMgr_Setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16EE6530-8649-4F42-A9E4-F6A3295AF975}\AppPath = "C:\\Program Files (x86)\\Tencent\\QQPCMgr\\11.4.17339.217\\"	QQPCMgr_Setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16EE6530-8649-4F42-A9E4-F6A3295AF975}\AppName = "QQPCClinic.exe"	QQPCMgr_Setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{16EE6530-8649-4F42-A9E4-F6A3295AF975}\Policy = "3"	QQPCMgr_Setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute	QQPCMgr_Setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\PCMgrRepairIEExtensions	QQPCMgr_Setup.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ProtocolExecute\PCMgrRepairIEExtensions\WarnOnOpen = "0"	QQPCMgr_Setup.exe

Modifies data under HKEY_USERS 54 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\QMConfig	QQPCMgr_Setup.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_7 = 3874d037c712e067e6058b9e8affc77671171ce3239226563ac3ea22bd2e11176bdd68ca824d5c7beeac3644f66fae052b8cbd03fa5e977a4beb26b7f7007cab85ea59b9082830bc43669527408210fb5385e595e1cc1b9b5b706befd119344778b7ddd82872657192ad9fe8ae7cc71bbfffa5d63177a167ccab712d14b2201c47de441fc2b84706c3bbcbcac1480e998b4e866c9621d267	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_9 = 3874d037c712e067e6058b9e8affc77671171ce3239226563ac3ea22bd2e11176bdd68ca824d5c7beeac3644f66fae052b8cbd03fa5e977a4beb26b7f7007cab85ea59b9082830bc43669527408210fb5385e595e1cc1b9b5b706befd119344778b7ddd839726a7184adbfe8e17c	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_26 = 3874d037c712e067e6058b9e8affc77671171ce3239226563ac3ea22bd2e11176bdd68ca824d5c7beeac3644f66fae052b8cbd03fa5e977a4beb26b7	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_33 = 3874d037c712e067e6058b9e8affc77671171ce3239226563ac3ea22bd2e11176bdd68ca824d5c7beeac3644f66fb0052b8cbf03f65e927a79eb0cb7c20052ab9eea55b9092830bc56668e277a8233fb6685dc95eccc1a9b487077effa190e476ab7ebd8287247718fad84e8e57ce31bbfffb8d6	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_21 = 3874d037c712e067e6058b9e8affc77671171ce3239226563ac3ea22bd2e11176bdd68ca824d5c7beeac3644f66fae052b8cbd03fa5e977a4beb26b7f7007cab85ea59b9082830bc43669527408210fb5385e595e1cc1b9b5b706befd119344778b7dad83972697190ad87e8ef7cfe1bbfffb8d6	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_34 = 3874d037c712e067e6058b9e8affc77671171ce3239226563ac3ea22bd2e11176bdd68ca824d5c7beeac3644f66fb0052b8cbf03f65e927a79eb0cb7c20052ab9eea55b9092830bc56668e277a8233fb6685dc95eccc1a9b487077effa190f474db7fdd828726b7192ad92e8	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_56 = 3874d037c712e267fc05809e9cffdb765a172ee31b92395636c3f7228e2e251769dd7bcaa34d4e7b	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\LOCALTRUSTCLOUD = 0074df37aa128567a605df9ecbfff1761f1770e37e92735665c3b022cc2e64172add2dca854d107ba2ac1244986fb905698c9903a55ebc7a61eb04b7ef0003abd4ea0eb942286bbc046687271b824efb7385c995b9cc179b0c7034ef9219014760b7b6d81e724171d0adc6e8b77cce1be2ff89d66977c967adab462d49b26a1c0dde601f9db87106b2bbddca8d485b99cd4eb66cd621e1679f197c10340b2f6b9cb1d377a7f7f0a1f1011d5d5f34fa6791888c9735a6256903ceedc56d96ec49c11c1613f147dc1210c977bb79185766396d6c52664c5f79a28510667b92fe6d4da3297a80bf5fe1f6cc719de52a2c3dbcbc5d766464ac853413f12934ba88d714d18173a3d16e67f79118449917f261fc48610ca93c4f267ac5bf7e3eebc818e3e3a5c9e97fb53be556a941e953f3f0b10ae7cbd78e8e79e20c62359c229875f353d7453ca062b581e35884c02f9657dad62a022607ea0b23e9c655ea6f6dde7115be59286a506c5c572a67320105b5e8a7f42f145b9355aa9fc765a5146adc182fcf45110fc9ec03a8949bfcbb422c5475fadfd8b109dcf11754d5edf0b101da68dbe5c49caecd8fbad74f8c060a273342bebaa3e72ed81079c04e9a1d39862714d82ea42695a1498f00172c82e6e7ab74ed4ab8df8ffa1ed3557ccf48ed0ee9de673f80c01239e55e457b140490f209f3c18f3ce2a9209290b63082d8a0d55690ed4df360f99386572543323ae2c1569e61b02eea10a1c90bf8e9520aefc22f8e95513cb573c2f6bc1819390fb05aa4ff4224ca79c4d450f3e6166af3710cfb7f9cdc5081adc8a743106675651c7be5a1ddb0a2ab1c040f4ffde29b537a6c36f15bb996fe13077e5cce23cdfb77c2d081b8d7afd40381c34d8bb5c64a249543a5e92c4744d0986991f55645f5a9d0018305efcfa683513113205d7974f6d33886605024425e114edb4cc88ea5ab9eb4198c3853046cd5082a26da16416af836f604bb25c0ac78bb84e57281ac108191230020fbb9882961eba7ee48e70ac65215a8f3e27d3400f54993c2e65f751606253606e68f3721600dafae3665fdb6e04a01651c82256ee27363c7a936026a00c81d71c31454f587e1114103dd2ae1b8667b5fc669ed8a80c01e13a3d4f9d606ac47003732f059d25772e9e9d5eb044cb928e1c8faa78cbcc7a403ccd1cb52d951c2a26ca00f4cc469bb25c5b52a91494d5e86be96629b81fd698e5cbe4fd320a36e76c0f3a89e4399c6fd30e2f5ed0ab4ee5140056f8dff5055d0a5f380ea9c45ffb0db6d79c682d707b811a333eb2b0cf02cc403d59eaabf1ae6ae047731ebc3286d1d911d621b3d006c167f7c743a3d16708a756856df2ad81bf8d3c06bc22167b6775b6832aa063832f7d9f5c8606ab8c797cf1efb3c5a88b45ed0225075e1181fa421e020424aa177079381ac85e626ebbf66a8daa7538f7e39540b39157d1bf10564bbf0ff0f83a0db8a972cea1cdb39a77a92eadd015f9254e3ed011d2add8e68c58adc0adf259a5837cda39d0bd7cb52416b81a8bd25e35235c3240c3deede0dfb89b2bd76c4f7faf56222374e4fbeba981aadf8ff63413bd996cbdc24c5e2e6c723827528737220152dc39cfc28a57f3c1c5597bdf7c3ec96220ced28f71699b4f2173e9c8af91105d679a48d72ea9e6b2d4fa4d92f57d71a2ee1701d5fab2a83659c07f311afb807538bf2a9ff2844e38a81d3837e33446cfd66ab15432204f27c4fa5eaf53a89303d2479dab1123f8ebccc94e9fe7becd3d311f75b1ee5a77a6cfb203be4c84a96cbeead6903b1b48d9151b420d917b35a1225cdce6620ab3c76353226326ea9d144bac9ee70d6e33d3a33a24461a5461b5e4dd79aa406bc113f10a94a1bb67985ec4efdce45ae6a2fee506c51075a88e99d3003d996f4e0df03812a65fcdb189d7ee8b78c08151d770a37ab0684f40899703066c421b346ae781ad6173d9102c2e68eb1e889c68bfc0454256633351c543319431bb9be62d8148db3ce8dac1eea915746712b210277e1b277cc8e7b60fac9960713af5e8627cc1766c9676f81617bac212bf27ece713c5bb645566d73d76647d91b018f48b75cdfd1dc2e1b4f0ef8f72db6a1e3535650582ebf987683836996647e8a8aa836ee5008daa95da759c106eef1475cfa08e34b72d54da2be12ed3daacf5be062ba5bfb8379ec26c87b502e942dfba6c6a1c1516cb74561cabf0e9f26523e83535bf0eb8fe42f15036f14acc3420cd8141fd1b0fa047903f806193d48c43693c1586f7c092df3d1a1a747c3a467652ecf846936ec90613ec5c4707e0555bfda3326990a5a1ea08e95f44cc63d1f89398a4484da8cf17d3fd73bf55887d98cc86ec031ab3f17d7c2fe77ae1b4b89c30c22cf66685445be9c5e542168e287411566b5fc21de8b127bd1f41e29eaf1d01491d09eef732b85914c965a9cc75d24bdb940546341f405b05c0472d46b4af2c2ff2e073a6be422619112177a2437df68ade01698d7e6353164e27685a62fd6342e8ad00bc62d09b5ab9673c098a2ca58a89358f9ce2e2409258f00e02d5a89b859d20a6da5df35f7c80c7a54ca904caaad226e60bef438c9133faea7814f38ec7c3b9baa1e27caee28ed9ceaef019b88dda1b8869020b4b5f25e4bf5ed31aef07ced6a784a7e22a9ea92ea8051d8c4ae81ce31a10142fecfd343bedbd990a1406e21554552396c6170c62dd426e86b9084656bcf2ad08b15403fb098efbead2a05d60539970ae74ad9b6887aeff3621ebfe07185f1796015a05fd9ac6227bfb0977a8aac760d18da6112376c1213c7919e97db8174252dbb24f9a502c4cd64d401017d25f87e06de8944e50e02a4a3eca1ce243d3376b3bdd341b73cee4a0f237ed7363f3f03ee32f1f4541279250a4cd6c61df15e78a22c88040823dbc84fec446942ff788e314fe2e6f5c0a79160044c98fdc8e3657c344a82042e5459c41d408072f56e7c78624a53fede39db42ce1e410ee626cf775ea28a2cdaa2f488a711d54d599b6442f4052f3357e09b57473b2543b13e3a80e54febc72fd0bce97801f30643dbddc67e5b3b1beff56e23067a7c8b85fe4448185b19626f93d3aab762ad73108b465babdfd361e989b5fea511618e6bd3ae424115c7be1010d68d2647a32060c9305734f2fca5053d93a69a601b3f0eb10332361613a92c6eb6b7aa3d068c7e322e5029f9752b187e004af0f3623576c85f41d2a18cdb495526abc560148a1c1ff956897b55417bebd19a3bc11e3145fcb75691330ec7a9a3f1e9bd7b6d8e55be9ff96b5da35e0e0dc9322775f3b0f180deebf0389db831895b1a980079fc712d4f34d3f0f4f62cc70a690936d96fd26e76d9cbf5fb56bf6d194219603a843bd82f6a5b4f83a5598a36ad9dce9eef578dcbcc5b12976ae53daefbef3c271bc550f31eddc436bd999acbc0e9c5603fb40ef2830819f2f809362ed92a07d09f785f684e908a1cdad29fe986d7eb81caed46c5238091b86b94ce524b18765c742365f81304666abc929e10bafc740d64a51d3c5cdcdc610942a13b9da2c371b4d9b93c1bdf0343d57aaf00e57de0695086dcabd82fdff90c91c49b729e6b1ca2a62d44d7cd35bb2e057ab7988a916448940c3a845f487d538edf302b07b962f4d503208c6051646b193460068b131aa4cef46265f69550bae18350daa746f59ecc96f12f8d175ec164225ff9e8d869bb95d5a5ddd7c2018a0981865161e4bd96b9b73b0bc6f65c62c29fe0b51bfb79e7b2828ea1605a2f892709ec87fc09d9e541205d9e15388f798deac2d565ff03aeb16cfe4f9c8334522f40f8566df59684a190c9690bbeefbd9b0e4b77ba6cd17797de5fac9ae0a09c05e85eb72dd66e1aa018cc8eb72ec7ff0f82f29ee6950ea0710a1070dd054036d756c2e9626141b13021c7f9fa0c3dbcc4222a5aed379484332c251921b93348a7cef728f51e16e984acd3ccb2e2255a3653a61c20b51feb085aaf96fc7df529183ab5fb10dcc545871802c1287b579f6a1855eb15725d3c51289318d838a9d8e9b76b611494b8b53b2b1c8ff0a27f90c5d6cc10fc8154eb703bf48f8b084911714a27da6d4dd14bef0e71db04e2cdc3a7ad7bdd76ee4b60a3d107643cb285c46e7c922dc70deb865f15159151f2242f600c94bdbe8b61e7680c8d8be4526e81bbbef5523fe7ad0df0f2d85b716e68f0c014ef6e8a578d18d0945f3b82e3c5e4a219aeb116cfd1e3eb670c68217c66df975dac7107b3c5dffa47b520893a15021d391f10af795be91bfbb1276dc6d997df98144fb0ff25dd43132276a8f27c4190349e62dce2ec278a6a44054098ae8f8e413003c0800f0c769d91f026cac5c7879b041a9561d49c7397a6d5cecf7d608d7e3b4239044303e57bc95fbf7543c06b9e7fce2059ed764377b753680fceb1380ef9582ab5867a8b	QMSuperScan.exe
Key created	\REGISTRY\USER\QMConfig\QQDoctor	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_6 = 3874d037c712e067e6058b9e8affc77671171ce3239226563ac3ea22bd2e16177add6ecaa94d4f7bf3ac2344cf6f8f05	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_29 = 3874d037c712e067e6058b9e8affc77671171ce3239226563ac3ea22bd2e11176bdd68ca824d5c7beeac3644f66fae052b8cbd03fa5e977a4beb26b7f7007cab85ea59b9082830bc43669527408210fb5385e595e1cc1b9b5b706befd119344778b7ddd82872657192ad9fe8ae7cc71bbfffa5d63177a167ccab712d14b2201c47de441fc2b84706c3bbcbcac1480e998b4e866c9621d267	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_41 = 3874d037c712e267fc05809e9cffdb765a172ee31b9218562ac3f722b62e1f174cdd2ecaf24d	QMSuperScan.exe
Key created	\REGISTRY\USER\QMConfig	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_16 = 3874d037c712e067e6058b9e8affc77671171ce3239226563ac3ea22bd2e14177edd6bcaad4d497bf5ac2744	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_55 = 3874d037c712e067e6058b9e8affc77671170de3329229563fc3ed22822e0c174ddd71caa24d587bf5ac2444	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_19 = 3874d037c712e067e6058b9e8affc77671171ce3239226563ac3ea22bd2e11176bdd68ca824d5c7beeac3644f66fae052b8cbd03fa5e977a4beb26b7f7007cab85ea59b9082830bc43669527408210fb5385e595e1cc1b9b5b706befd119344778b7c0d83972707197ad84e8fc7ce11bfaff98d62c779267eeab772d18b2321c41de561f	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_31 = 3874d037c712e067e6058b9e8affc77671171ce3239226563ac3ea22bd2e16177add6ecaa94d4f7bf3ac2344cf6f8f05	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_38 = 3874d037c712e567e705819e9fffc6764c1730e367920d563ac3e822842e23173bdd30cabe4d057bacac7e44	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_46 = 3874d037c712e067e6058b9e8affc77671170de3329229563fc3ed22822e0c175fdd77caa54d487bf7ac3244c46f8805378c	QMSuperScan.exe
Key created	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg	QQPCMgr_Setup.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_13 = 3874d037c712e067e6058b9e8affc77671171ce3239226563ac3ea22bd2e1d176edd6bcaaf4d5e7b	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_24 = 3874d037c712e567e705819e9fffc6764c1730e303922a5627c3e522bd2e1d1772dd7bcab44d527be9ac3844cc6f8805188c8b03fe5e907a41eb2eb7dc0042abb0ea69b90e283ebc42668e27068229fb6a85dc95fdcc299b6f7076efc919204756b7efd831727771bcadb8e8fa7ceb1ba8ffbfd631778d67	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_30 = 3874d037c712e567e705819e9fffc6764c1730e303922a5627c3e522bd2e1d1772dd7bcab44d527be9ac3844cc6f8805188c8b03fe5e907a41eb2eb7dc0042abb0ea69b90e283ebc42668e27068229fb6a85dc95fdcc299b6f7076efc919204756b7efd831727771bcadb8e8fa7ceb1ba8ffbfd631778d67	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_32 = 3874d037c712e067e6058b9e8affc77671171ce3239226563ac3ea22bd2e11176bdd68ca824d5c7beeac3644f66fb0052b8cbf03f65e927a79eb0cb7c20052ab9eea55b9092830bc56668e277a8233fb6685dc95eccc1a9b487077effa190e476ab7ebd82872477181ad88e8e67cef1b	QMSuperScan.exe
Key created	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_2 = 3874d037c712e067e6058b9e8affc77671171ce3239226563ac3ea22bd2e11176bdd68ca824d5c7beeac3644f66fae052b8cbd03fa5e977a4beb26b7f7007cab85ea59b9082830bc43669527408210fb5385e595e1cc1b9b5b706befd119344778b7ddd82872657192ad9fe8ae7cc71bbfffa5d63177a167ccab712d14b2201c47de441fc2b84706	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_43 = 3874d037c712e567e705819e9fffc6764c1730e367920d563ac3e822842e23173bdd30cabe4d057bacac7e44f66fbf052b8cb103fa5e917a4beb61b7ed0058ab80ea5fb90928	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_54 = 3874d037c712e067e6058b9e8affc77671170de3329229563fc3ed22822e0c174bdd71caa54d497befac2544cf6f8f05	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\LSPCheckNetworkEntry = 7f74ea37	QMSuperScan.exe
Key created	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_20 = 3874d037c712e267fc05809e9cffdb765a172ee31b920d563cc3ea22952e2317	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_25 = 3874d037c712e067e6058b9e8affc77671170de3329229563fc3ed22822e0c175fdd7dcab54d567beeac3844da6f	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_44 = 3874d037c712e567e705819e9fffc6764c1730e367920d563ac3e822842e23173bdd30cabe4d057bacac7e44f66fbf052b8cb103fa5e917a4beb61b7ed0058ab80ea5fb90928	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_27 = 3874d037c712e067e6058b9e8affc77671171ce3239226563ac3ea22bd2e11176bdd68ca824d5c7beeac3644f66fae052b8cbd03fa5e977a4beb26b7f7007cab85ea59b9082830bc43669527408210fb5385e595e1cc1b9b5b706befd119344778b7ded82e726d718ead9fe8eb7cf81bfaff98d62c779267eeab772d18b2321c41de561f	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_39 = 3874d037c712e067e6058b9e8affc77671171ce3239226563ac3ea22bd2e001772dd7bcab24d487be8ac3244d96f	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_42 = 3874d037c712e567e705819e9fffc6764c1730e367920d563ac3e822842e23173bdd30cabe4d057bacac7e44	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_14 = 3874d037c712e067e6058b9e8affc77671171ce3239226563ac3ea22bd2e061772dd7ccaa34d527be9ac	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_23 = 3874d037c712e567e705819e9fffc6764c1730e303922a5627c3e522bd2e1d1772dd7bcab44d527be9ac3844cc6f8805188c8b03fe5e907a41eb2eb7dc0042abb0ea69b90e283ebc42668e27068229fb6a85dc95fdcc299b6f7076efc919204756b7efd831727771	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_47 = 3874d037c712e567e705819e9fffc6764c1730e303922a5627c3e522bd2e1d1772dd7bcab44d527be9ac3844cc6f8805188c8b03fe5e907a41eb2eb7dc0042abb0ea69b90e283ebc42668e27068229fb6a85dc95fdcc299b6f7076efc919204756b7efd831727771bcadaae8ea7ce71bb3ffa5d62d778e67e8ab712d1ab2331c5cde531fcab81406cbbbf7cada4803998a4e	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_48 = 3874d037c712e067e6058b9e8affc77671171ce3239226563ac3ea22bd2e11176bdd68ca824d5c7beeac3644f66fae052b8cbd03fa5e977a4beb26b7f7007cab85ea59b9082830bc43669527408210fb5385e595e1cc1b9b5b706befd119344778b7ddd82872657192ad9fe8ae7cc71bbfffa5d63177a167ccab712d14b2201c47de441fc2b84706c3bbd9cad1480299904e9c6c8a21d167d3193a10660b696bc6b1d877fff7faa1d901095d7634d067a388	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_59 = 3874d037c712e067e6058b9e8affc77671171ce3239226563ac3ea22bd2e11176bdd68ca824d5c7beeac3644f66fb0052b8cbf03f65e927a79eb0cb7c20052ab9eea55b9092830bc56668e277a8233fb6685dc95eccc1a9b487077effa19054751b7fcd832725871a2ad9ee8fc7ce41b	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_5 = 3874d037c712e067e6058b9e8affc77671171ce3239226563ac3ea22bd2e141774dd7bcab34d507bffac3944de6f8f05	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_8 = 3874d037c712e067e6058b9e8affc77671171ce3239226563ac3ea22bd2e11176bdd68ca824d5c7beeac3644f66fae052b8cbd03fa5e977a4beb26b7f7007cab85ea59b9082830bc43669527408210fb5385e595e1cc1b9b5b706befd119344778b7dcd83972677185ad85e8fa7c	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_11 = 3874d037c712e067e6058b9e8affc77671171ce3239226563ac3ea22bd2e11176bdd68ca824d5c7beeac3644f66fae052b8cbd03fa5e977a4beb26b7f7007cab85ea59b9082830bc43669527408210fb5385e595e1cc1b9b5b706befd119344778b7ddd82872657192ad9fe8ae7cc71bbfffa5d63177	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_28 = 3874d037c712e067e6058b9e8affc77671171ce3239226563ac3ea22bd2e11176bdd68ca824d5c7beeac3644f66fb0052b8cbf03f65e927a	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_35 = 3874d037c712e567e705819e9fffc6764c1730e303922a5627c3e522	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_40 = 3874d037c712e067e6058b9e8affc77671171ce3239226563ac3ea22	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_37 = 3874d037c712e267fc05809e9cffdb765a172ee31b9238562ac3f722952e351776dd2bcaf44d	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_53 = 3874d037c712e067e6058b9e8affc77671170de3329229563fc3ed22822e0c1756dd6dcab54d547bf9ac	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_0 = 3874d037c712e067e6058b9e8affc77671171ce3239226563ac3ea22bd2e14177edd6bcaad4d497bf5ac2744	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_22 = 3874d037c712e567e705819e9fffc6764c1730e303922a5627c3e522bd2e1d1772dd7bcab44d527be9ac3844cc6f8805188c8b03fe5e907a41eb2eb7dc0042abb0ea69b90e283ebc42668e27068229fb6a85dc95fdcc	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_36 = 3874d037c712e267fc05809e9cffdb765a172ee3	QMSuperScan.exe
Set value (data)	\REGISTRY\USER\QMConfig\QQDoctor\QQDoctor\ComCfg\defSpecialFolderPath_Cache_45 = 3874d037c712e567e705819e9fffc6764c1730e303922a5627c3e522bd2e1d1772dd7bcab44d527be9ac3844cc6f8805188c8b03fe5e907a41eb2eb7dc0042abb0ea6eb91f2832bc40669627478210fb6a85c195	QMSuperScan.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\qpakfile\shell\command\ = "C:\\Program Files (x86)\\Tencent\\QQPCMgr\\11.4.17339.217\\QQPCAddWidget.exe /inst \"%1\""	QQPCMgr_Setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{63332668-8CE1-445D-A5EE-25929176714E}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\QMContextScan	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{593BE60A-1C6A-44F9-946D-A5EAB2D53511}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\QMContextScan.QMContextScanMenu.1\CLSID\ = "{63332668-8CE1-445D-A5EE-25929176714E}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E52EB753-1F56-4DF7-BE53-2C314AC5F8A1}\InProcServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}	tencentdl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}\ProxyStubClsid32	tencentdl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B7667919-3765-4815-A66D-98A09BE662D6}\Programmable	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PCMgrRepairIEExtensions\Shell	QQPCMgr_Setup.exe
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\WOW6432Node\Interface	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E52EB753-1F56-4DF7-BE53-2C314AC5F8A1}\ProxyStubClsid32\ = "{E52EB753-1F56-4DF7-BE53-2C314AC5F8A1}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\QMContextScan.QMContextScanMenu\CurVer\ = "QMContextScan.QMContextScanMenu.1"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D4801E96-E7A1-45F6-B124-7A36DFB40B81}\InProcServer32\ = "C:\\Program Files (x86)\\Tencent\\QQPCMgr\\11.4.17339.217\\QMContextUninstall64.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\qpakfile\shell\command	QQPCMgr_Setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\QMContextScan	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\DownloadProxy.Downloader	tencentdl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\qmgcfiles	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{63332668-8CE1-445D-A5EE-25929176714E}\ProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E52EB753-1F56-4DF7-BE53-2C314AC5F8A1}\InProcServer32\ = "C:\\Program Files (x86)\\Tencent\\QQPCMgr\\11.4.17339.217\\QMContextScan64.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{D4801E96-E7A1-45F6-B124-7A36DFB40B81}\InProcServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{DA624F8F-98BF-4B03-AD11-A12D07119E81}\1.0\HELPDIR	tencentdl.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B7667919-3765-4815-A66D-98A09BE662D6}\VersionIndependentProgID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{63332668-8CE1-445D-A5EE-25929176714E}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D4801E96-E7A1-45F6-B124-7A36DFB40B81}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{DA624F8F-98BF-4B03-AD11-A12D07119E81}\1.0\0	tencentdl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.qmb\ = "qmbfile"	QQPCMgr_Setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\QQPCMgr.qbox\shell\	QQPCMgr_Setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{593BE60A-1C6A-44F9-946D-A5EAB2D53511}\1.0\FLAGS	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	tencentdl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CBDECEF7-7A29-4cbf-A009-2673D82C7BF9}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\QMContextUninstall\ = "{CBDECEF7-7A29-4cbf-A009-2673D82C7BF9}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\QMContextScan.QMContextScanMenu	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{593BE60A-1C6A-44F9-946D-A5EAB2D53511}\1.0	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{63332668-8CE1-445D-A5EE-25929176714E}\ProgID\ = "QMContextScan.QMContextScanMenu.1"	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\QMContextScan	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\QMContextScan	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CBDECEF7-7A29-4cbf-A009-2673D82C7BF9}\ProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D4801E96-E7A1-45F6-B124-7A36DFB40B81}\TypeLib\ = "{445E3964-15B0-472A-95F4-6242DD2EA066}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{70DE12EA-79F4-46bc-9812-86DB50A2FD64}\AppID = "{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}"	tencentdl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}\TypeLib	tencentdl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{63332668-8CE1-445D-A5EE-25929176714E}\AppID = "{7A30415C-ABEE-4674-B64B-4CA145EEB0CA}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{63332668-8CE1-445D-A5EE-25929176714E}\ = "QMContextScanMenu Class"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\QMContextUninstall.QMContextUninstallMenu.1\CLSID\ = "{CBDECEF7-7A29-4cbf-A009-2673D82C7BF9}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}\ = "_IDownloaderEvents"	tencentdl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{593BE60A-1C6A-44F9-946D-A5EAB2D53511}\1.0\0\win64\ = "C:\\Program Files (x86)\\Tencent\\QQPCMgr\\11.4.17339.217\\QMContextScan64.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{B7667919-3765-4815-A66D-98A09BE662D6}\VersionIndependentProgID\ = "QQPCMgr.GarbageCleaner"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{E52EB753-1F56-4DF7-BE53-2C314AC5F8A1}\InProcServer32\ThreadingModel = "Both"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D4801E96-E7A1-45F6-B124-7A36DFB40B81}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}\ = "_IDownloaderEvents"	tencentdl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}\TypeLib	tencentdl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\QMContextScan.DLL\AppID = "{7A30415C-ABEE-4674-B64B-4CA145EEB0CA}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	tencentdl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{DA624F8F-98BF-4B03-AD11-A12D07119E81}\1.0\FLAGS\ = "0"	tencentdl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\TypeLib	tencentdl.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\qpakfile\shell\open\	QQPCMgr_Setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{63332668-8CE1-445D-A5EE-25929176714E}\VersionIndependentProgID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{63332668-8CE1-445D-A5EE-25929176714E}\TypeLib\ = "{593BE60A-1C6A-44F9-946D-A5EAB2D53511}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E52EB753-1F56-4DF7-BE53-2C314AC5F8A1}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E52EB753-1F56-4DF7-BE53-2C314AC5F8A1}\ProxyStubClsid32\ = "{E52EB753-1F56-4DF7-BE53-2C314AC5F8A1}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\QMContextUninstall	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{70DE12EA-79F4-46bc-9812-86DB50A2FD64}\TypeLib	tencentdl.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\QQPCMgr.qbox\DefaultIcon\ = "C:\\Program Files (x86)\\Tencent\\QQPCMgr\\11.4.17339.217\\image\\qbox.ico,0"	QQPCMgr_Setup.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
2432	QQPCMgr_Setup.exe
2432	QQPCMgr_Setup.exe
2432	QQPCMgr_Setup.exe
2432	QQPCMgr_Setup.exe
2432	QQPCMgr_Setup.exe
2432	QQPCMgr_Setup.exe
2432	QQPCMgr_Setup.exe
2432	QQPCMgr_Setup.exe
2432	QQPCMgr_Setup.exe
2432	QQPCMgr_Setup.exe
2432	QQPCMgr_Setup.exe
2432	QQPCMgr_Setup.exe
5028	QMCheckNetwork.exe
5028	QMCheckNetwork.exe
5028	QMCheckNetwork.exe
5028	QMCheckNetwork.exe
3628	QMSuperScan.exe
3628	QMSuperScan.exe

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
656	Process not Found

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeDebugPrivilege	2432	QQPCMgr_Setup.exe
Token: SeBackupPrivilege	1184	QQPCRTP.exe
Token: SeRestorePrivilege	1184	QQPCRTP.exe
Token: SeDebugPrivilege	3628	QMSuperScan.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 8 wrote to memory of 2432	8	738931afefb9203f72ca108978203d0c_JaffaCakes118.exe	88
PID 8 wrote to memory of 2432	8	738931afefb9203f72ca108978203d0c_JaffaCakes118.exe	88
PID 8 wrote to memory of 2432	8	738931afefb9203f72ca108978203d0c_JaffaCakes118.exe	88
PID 2432 wrote to memory of 2548	2432	QQPCMgr_Setup.exe	91
PID 2432 wrote to memory of 2548	2432	QQPCMgr_Setup.exe	91
PID 2432 wrote to memory of 2548	2432	QQPCMgr_Setup.exe	91
PID 2432 wrote to memory of 3496	2432	QQPCMgr_Setup.exe	98
PID 2432 wrote to memory of 3496	2432	QQPCMgr_Setup.exe	98
PID 2432 wrote to memory of 3496	2432	QQPCMgr_Setup.exe	98
PID 2432 wrote to memory of 2512	2432	QQPCMgr_Setup.exe	101
PID 2432 wrote to memory of 2512	2432	QQPCMgr_Setup.exe	101
PID 2432 wrote to memory of 2512	2432	QQPCMgr_Setup.exe	101
PID 2512 wrote to memory of 1100	2512	regsvr32.exe	102
PID 2512 wrote to memory of 1100	2512	regsvr32.exe	102
PID 2432 wrote to memory of 4836	2432	QQPCMgr_Setup.exe	104
PID 2432 wrote to memory of 4836	2432	QQPCMgr_Setup.exe	104
PID 2432 wrote to memory of 4836	2432	QQPCMgr_Setup.exe	104
PID 2432 wrote to memory of 4840	2432	QQPCMgr_Setup.exe	106
PID 2432 wrote to memory of 4840	2432	QQPCMgr_Setup.exe	106
PID 2432 wrote to memory of 4840	2432	QQPCMgr_Setup.exe	106
PID 2432 wrote to memory of 3924	2432	QQPCMgr_Setup.exe	107
PID 2432 wrote to memory of 3924	2432	QQPCMgr_Setup.exe	107
PID 2432 wrote to memory of 3924	2432	QQPCMgr_Setup.exe	107
PID 2432 wrote to memory of 116	2432	QQPCMgr_Setup.exe	108
PID 2432 wrote to memory of 116	2432	QQPCMgr_Setup.exe	108
PID 2432 wrote to memory of 116	2432	QQPCMgr_Setup.exe	108
PID 2432 wrote to memory of 2268	2432	QQPCMgr_Setup.exe	109
PID 2432 wrote to memory of 2268	2432	QQPCMgr_Setup.exe	109
PID 2432 wrote to memory of 2268	2432	QQPCMgr_Setup.exe	109
PID 2432 wrote to memory of 3804	2432	QQPCMgr_Setup.exe	110
PID 2432 wrote to memory of 3804	2432	QQPCMgr_Setup.exe	110
PID 2432 wrote to memory of 3804	2432	QQPCMgr_Setup.exe	110
PID 2432 wrote to memory of 3328	2432	QQPCMgr_Setup.exe	111
PID 2432 wrote to memory of 3328	2432	QQPCMgr_Setup.exe	111
PID 2432 wrote to memory of 3328	2432	QQPCMgr_Setup.exe	111
PID 2432 wrote to memory of 3740	2432	QQPCMgr_Setup.exe	112
PID 2432 wrote to memory of 3740	2432	QQPCMgr_Setup.exe	112
PID 2432 wrote to memory of 3740	2432	QQPCMgr_Setup.exe	112
PID 2268 wrote to memory of 3512	2268	regsvr32.exe	113
PID 2268 wrote to memory of 3512	2268	regsvr32.exe	113
PID 3328 wrote to memory of 1668	3328	regsvr32.exe	114
PID 3328 wrote to memory of 1668	3328	regsvr32.exe	114
PID 2432 wrote to memory of 1184	2432	QQPCMgr_Setup.exe	115
PID 2432 wrote to memory of 1184	2432	QQPCMgr_Setup.exe	115
PID 2432 wrote to memory of 1184	2432	QQPCMgr_Setup.exe	115
PID 116 wrote to memory of 424	116	regsvr32.exe	116
PID 116 wrote to memory of 424	116	regsvr32.exe	116
PID 3740 wrote to memory of 2488	3740	Tencentdl.exe	117
PID 3740 wrote to memory of 2488	3740	Tencentdl.exe	117
PID 3740 wrote to memory of 2488	3740	Tencentdl.exe	117
PID 2432 wrote to memory of 3628	2432	QQPCMgr_Setup.exe	118
PID 2432 wrote to memory of 3628	2432	QQPCMgr_Setup.exe	118
PID 2432 wrote to memory of 3628	2432	QQPCMgr_Setup.exe	118
PID 3628 wrote to memory of 5028	3628	QMSuperScan.exe	119
PID 3628 wrote to memory of 5028	3628	QMSuperScan.exe	119
PID 3628 wrote to memory of 5028	3628	QMSuperScan.exe	119
PID 5028 wrote to memory of 936	5028	QMCheckNetwork.exe	120
PID 5028 wrote to memory of 936	5028	QMCheckNetwork.exe	120
PID 5028 wrote to memory of 936	5028	QMCheckNetwork.exe	120
PID 2488 wrote to memory of 1812	2488	tencentdl.exe	122
PID 2488 wrote to memory of 1812	2488	tencentdl.exe	122
PID 2488 wrote to memory of 1812	2488	tencentdl.exe	122
PID 2488 wrote to memory of 2324	2488	tencentdl.exe	123
PID 2488 wrote to memory of 2324	2488	tencentdl.exe	123

C:\Users\Admin\AppData\Local\Temp\738931afefb9203f72ca108978203d0c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\738931afefb9203f72ca108978203d0c_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:8
- C:\Users\Admin\AppData\Local\Temp\QQPCMgr_Setup.exe
  "C:\Users\Admin\AppData\Local\Temp\QQPCMgr_Setup.exe" /S ##supply=45303&qqpcmgr=0&recommand=3&DefaultIE="http://www.l114la.com"
  2⤵
  - Identifies VirtualBox via ACPI registry values (likely anti-VM)
  - Drops file in Drivers directory
  - Sets service image path in registry
  - Adds Run key to start application
  - Writes to the Master Boot Record (MBR)
  - Drops file in Program Files directory
  - Drops file in Windows directory
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies Internet Explorer settings
  - Modifies data under HKEY_USERS
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2432
- - C:\Users\Admin\AppData\Local\Temp\Tencent\QQPCMgr\~e5777ff\TestMSVCR.exe
    "C:\Users\Admin\AppData\Local\Temp\Tencent\QQPCMgr\~e5777ff\TestMSVCR.exe" (null)
    3⤵
    - Executes dropped EXE
    PID:1116
- - C:\Users\Admin\AppData\Local\Temp\Tencent\QQPCMgr\~e5777ff\TestMSVCR_64.exe
    "C:\Users\Admin\AppData\Local\Temp\Tencent\QQPCMgr\~e5777ff\TestMSVCR_64.exe" (null)
    3⤵
    - Executes dropped EXE
    PID:4584
- - C:\Users\Admin\AppData\Local\Temp\Tencent\QQPCMgr\~e5777ff\InstAsm.exe
    "C:\Users\Admin\AppData\Local\Temp\Tencent\QQPCMgr\~e5777ff\InstAsm.exe" "C:\Users\Admin\AppData\Local\Temp\Tencent\QQPCMgr\~e5777ff" "C:\Users\Admin\AppData\Local\Temp\Tencent\QQPCMgr\~e5777ff\TestMSVCR.exe"
    3⤵
    - Executes dropped EXE
    PID:2548
- - C:\Windows\SysWOW64\cacls.exe
    "cacls" "C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217" /t /e /c /g SYSTEM:f
    3⤵
    PID:3496
- - C:\Windows\SysWOW64\regsvr32.exe
    regsvr32.exe /s /i "C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\\QMGCShellExt64.dll"
    3⤵
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2512
  - - C:\Windows\system32\regsvr32.exe
      /s /i "C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\\QMGCShellExt64.dll"
      4⤵
      Loads dropped DLL
      Registers COM server for autorun
      Modifies registry class
      PID:1100
- - C:\Windows\SysWOW64\Netsh.exe
    "C:\Windows\system32\Netsh.exe" exec "C:\Users\Admin\AppData\Local\Temp\Tencent\QQPCMgr\~e5777ff\firewallLog.txt"
    3⤵
    PID:4836
- - C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\PluginInstaller.exe
    "C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\PluginInstaller.exe" /install
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4840
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\npQMExtensionsIE.dll"
    3⤵
    - Loads dropped DLL
    PID:3924
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\TSWebMon64.dat"
    3⤵
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:116
  - - C:\Windows\system32\regsvr32.exe
      /s "C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\TSWebMon64.dat"
      4⤵
      Loads dropped DLL
      PID:424
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMContextScan64.dll"
    3⤵
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2268
  - - C:\Windows\system32\regsvr32.exe
      /s "C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMContextScan64.dll"
      4⤵
      Loads dropped DLL
      Modifies system executable filetype association
      Registers COM server for autorun
      Modifies registry class
      PID:3512
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMContextScan.dll"
    3⤵
    - Loads dropped DLL
    - Modifies system executable filetype association
    - Modifies registry class
    PID:3804
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMContextUninstall64.dll"
    3⤵
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:3328
  - - C:\Windows\system32\regsvr32.exe
      /s "C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMContextUninstall64.dll"
      4⤵
      Loads dropped DLL
      Modifies system executable filetype association
      Registers COM server for autorun
      Modifies registry class
      PID:1668
- - C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\Tencentdl.exe
    "C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\Tencentdl.exe" /install
    3⤵
    - Writes to the Master Boot Record (MBR)
    - Checks computer location settings
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:3740
  - - C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe
      "C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe" /RegServer
      4⤵
      Writes to the Master Boot Record (MBR)
      Checks computer location settings
      Executes dropped EXE
      Modifies registry class
      Suspicious use of WriteProcessMemory
      PID:2488
    - - C:\Windows\SysWOW64\netsh.exe
        
        "C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="腾讯产品下载组件" dir=in program="C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe" description="C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe" action=allow
        5⤵
        Modifies Windows Firewall
        
        PID:1812
    - - C:\Windows\SysWOW64\netsh.exe
        
        "C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="腾讯产品下载组件Crash上报" dir=in program="C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe" description="C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe" action=allow
        5⤵
        Modifies Windows Firewall
        
        PID:2324
    - - C:\Windows\SysWOW64\regsvr32.exe
        
        "C:\Windows\System32\regsvr32.exe" /s "C:\program files (x86)\common files\tencent\qqdownload\130\DownloadProxyPS.dll"
        5⤵
        
        PID:4352
- - C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCRTP.exe
    "C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCRTP.exe" -i
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of AdjustPrivilegeToken
    PID:1184
- - C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMSuperScan.exe
    "C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\\QMSuperScan.exe"
    3⤵
    - Writes to the Master Boot Record (MBR)
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies data under HKEY_USERS
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:3628
  - - C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMCheckNetwork.exe
      "C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMCheckNetwork.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:5028
    - - C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMCheckNetwork.exe
        
        "C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMCheckNetwork.exe" /AllChain
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:936
- - C:\Users\Admin\AppData\Local\Temp\Tencent\QQPCMgr\TestMSVCR.exe
    "C:\Users\Admin\AppData\Local\Temp\Tencent\QQPCMgr\TestMSVCR.exe" (null)
    3⤵
    - Executes dropped EXE
    PID:3132

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Change Default File Association

T1546.001

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Change Default File Association

T1546.001

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\BugReportRule.dat

Filesize
3KB

MD5
bbbcaa49c13a4aab5cc7d802693e8606

SHA1
ca97aacff9ff8c5cd41ce4a4d17884654b5d15e1

SHA256
02242c5d2ed699eccc62987d24256eeba09b3ca3f58d9d97b4987641345ce1a1

SHA512
d9426b3ff121e4126b5ed4575dba617ad4ef243a5b9e0e2a4c9c3929f96d3f0b91fa8fb5556be55aabcb5a04d11a228bb70a507c05f8ec35538c41d744925874

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\ClinicData\pic\Both_Disconnected.png

Filesize
31KB

MD5
00ef699da2be626beb8957d69783cf45

SHA1
a381db99b4c39b6af39e39820adab2d38cb5ac18

SHA256
1efc1cdd056be89f2f37253f3845c99708fb6e60ab243179390996915c4be02b

SHA512
8ce2d3be5e9a00b5372c2640ebe3fc8dba492437964a5961b904cb978cea1284a9684d0ac2868e2052d677051023093332a09c9a675b0916b3468ee78929048d

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\ClinicData\pic\Check_Router.png

Filesize
6KB

MD5
aa19bfbfedc591a531e1e6bd775f296b

SHA1
a93012d5ed23695c0c2701a4e7ceb430b55f741b

SHA256
fecd26a1fd8bca2f88a758c0df90bf8cb6d9476b61a89806ffb06399037eb502

SHA512
2223a33209c040fd96b13f7bce314116b410864dfa9f9a119271f01de4460c4f18935c6e6ae0cba78bf4399b7b926b8636796b52630122513244c73420bc0497

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\ClinicData\pic\Check_Wireless.png

Filesize
9KB

MD5
752f6ed337ee1f8e8c944400757fa52f

SHA1
9237b59a2d0c9dc2ed06bb61e444ff5dae1027ba

SHA256
433c2f423344f967de20e933cc9134ad7b2fa3e669d144b620500946960b3ec1

SHA512
2945980632b15e3dbcc49b5c7342f81397f97e9862a841e21fb027d297c448ae70b7c36475fecc8de9ff6f698071d006cdcad98d5f6cd9de01d84f236641af02

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\FZLTCXHJW.TTF

Filesize
1.7MB

MD5
a58a499bddbda398e1275972e56b06f6

SHA1
24dfab81236612d596c97eb38b3adf5de99f669c

SHA256
7094b0c994e073c8d01cdbbd1e574bf7d02430bb8848758ff467a0ce415f6d49

SHA512
e0fc0fe3a5c47be219ca84c74cfa018cf022a1774a988aff19a34490334a6e776e3557ec8e1341a637a18d1312d669b21bc2d320d5d1c80563de407e5c7ba1fb

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\FileMon\x64\TFsFltX64.sys

Filesize
85KB

MD5
57f6468ad9bf10ae76e60904529b75fd

SHA1
9c1ba3c229e467830057a6952ae2d2f52c597edd

SHA256
d7642fd9c65a0cb7bd4c66e5448e6614b4fcd0b3a02608618d3acfab792fcc58

SHA512
635fe9cd05409069b30b46ffb492c00a0c1452f807ad3e309512ecbc25098da0d62db83f1d606c88dff7e96936910aade740cdf703a15dc9c69192b6186c5dd9

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\GFCustom.dll

Filesize
551KB

MD5
66a678972d4a46a8f036264303cd034d

SHA1
164d5d34ebd36852804c038a0812e8557001ca8d

SHA256
11f4908fca48a7d698a79189f238e33826db4d7005f76f7458cec64e3e67ad5c

SHA512
870d02f365a82c0cfb00154a44a575ee4d96d396d35f5213ffde412486009e977d7b721c546ae48cb13356dc04567a78934544ab1b5f892c8f767bea986f023f

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\GameSpeedupAppPlugins\QMHardwareDetectPlugin\Config\GameLogo\defaultlogo.png

Filesize
1KB

MD5
92c94435540af76b9f12390398aa5953

SHA1
af824afb3914b3e9cecafadabc244e2ac21f3cef

SHA256
13cf618aed9fea804841025558f79adde633f6d9a2f367df4f41a79e30499330

SHA512
4f28167484420add4c4150aefb652d44cbc271ef1b742bb074c2c89492a47f6d6271ee0242ad5dca134300dd9c0594fd5bdca78ad38d3bea6be6bfb03725a72e

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\Image\net_err.jpg

Filesize
14KB

MD5
d916dd725680e4071ce10651f512ed6b

SHA1
4226398478a0e221b8d880feef9264c796729af8

SHA256
64000b4e116faddba565537ba741088ecce2133d0ea1130b6be200ceb96ae0db

SHA512
19bebb6ee83508ec58fad6446556df22663a92588092dbef200d699472513fb707a4dd45261b7699269172280149c1553b6cb2adf6d0b9a4b4b06025b78692a6

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\Image\point.png

Filesize
3KB

MD5
d1a50b8e94c6a1e05e7f56f5f8536667

SHA1
5f2d15204b4e69fb450e7b6eb3ff56d885de5c12

SHA256
6fad8542ce67198cab418e56eb2523e2a9937852dd557afb7ce0c77656e892b3

SHA512
512eeb1b6538fa8501184bdd4d30b8668199e90b12403f8deca9592aedc4d1193f6a940548429002508f8e10914b14a249de0feebc3aa4cf8540c736187db01d

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMCommon.dll

Filesize
699KB

MD5
36c37334f379ff1b8f579b4318020897

SHA1
68908c222668a8e71323891b9722f0a178d6df1a

SHA256
8eb121d2f3b3d654efbb74f5006d6169009e97f583ec6fd99e90c86547afafd7

SHA512
c6d9ba9b88300b89a153b4541924d3d1064189cc172f9b056299a3a1304621cd01f8c4fa54d8e27ea9dc2518b6d01ceccea046c488cdb439f9ace338bb1a1d07

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMNetworkMgr.ini

Filesize
66B

MD5
41eb17baad605779b76011ead23c8bfa

SHA1
d5ad3e1d7b4c90ec49e369252f2e5ffc148bf779

SHA256
b64f2c165c2c9b80dbe8de35a411f460afeb420256f03c2252dc6f733117cd8e

SHA512
e32f9d501ae12494959f77c04a5a320a577fd98fa8a0a6de0de44758940b039258a1d78602376fda2057213f61f1b5518a9de2e57215ec06baeaee51f2cbf55a

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMRealTimeSpeedupSkinCenter.zip

Filesize
108KB

MD5
10e324f3650b35d8df841b5ec13018b0

SHA1
a1603383a45a8b0aaae803cc1f3161712124e186

SHA256
9dacf24bd588681415187d8bd173023cf5e2b8ec55ead1cb9ce74877bfeabb2e

SHA512
6a2169859fa6116b3aea67fdbcce4bfe9b226165d738f18bb2ff37f421566a0505271c66cb0dec64bf089e41e7823b2e00d5593d403dfef2d34e7cfd1feee495

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMUpdate\QQPCMgrUpdate.dat

Filesize
656B

MD5
8a5f11febf388fcbd704e249e674b866

SHA1
a187c49c32f64f2845101607552414ff6f1a762c

SHA256
b4375b5bc436df4dc67fb5d6bc99a328c56ffee063fe71afdb25d296a397f27b

SHA512
5b249c17f61f1b14a8c8d110dd855a484fa6ff006d4ab5321cb95810b534ee95eefaf690ddd853e6a9c2d1f76c0afb0d30eb82581f2f198bc2ec699087ed81a1

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMUpdate\QQPCMgrUpdate.rdb

Filesize
359KB

MD5
05d9f356ab51230f4042b7ab0fbd0794

SHA1
8df7d04d01ba5ac5d801c9312d91d3dc9949aed0

SHA256
3c798dd79db080642790e026fe44f1eddcf5a98f44ccba3607d11e65517e6776

SHA512
c8dfe28cff69b156a0d9e97604b12e5a5c55f205af27030dce6964f61a4199ae67b314da7cfb1c78ef3b73cefcba6f0019bab02c86a6b8eeb38734dc4fbc8024

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMUpdate\QQPCUpdate.exe

Filesize
547KB

MD5
bdc7b838be61ef130c64ed8606082342

SHA1
4036a964f0e8b6a1cf4dc0028e9a4cb28cc88d81

SHA256
a58a46cd19f0c25d6e52bbb3801f08d8bd08cc79217342b3f3fd19a7c7be56d9

SHA512
4154969ffc0fe2ce609dc28c42100e34ac28cd0e27f4d2e39368b55c45d1d3678873306551ff70e6a32a62fffd2d849b0dfa28ad3730e71842c426984985a71b

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMUpdate\tinyxml.dll

Filesize
98KB

MD5
989f284c2c9c9e0eecc2486fd35cac69

SHA1
708cfabb8f2eafe20ac7b92a0e44395fe7ee2b70

SHA256
33e5c8b4769434f25c0bcbc900aa8bf67dd31fb1c91beefe2fb5b30e9493b1f3

SHA512
39b31ed295cdb82d7f4ec2c63e35d6eaf36afe38bfad42a12fd13a2eb984b44526d6e1eb3de0e40c163284bbc584b2aacb133452da13d6ef8110fcff7f09d55e

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMUpdate\xGraphic32.dll

Filesize
90KB

MD5
8ccb026c3939c1e003df4dab099b7169

SHA1
fc30e8d5ebb4c36e1e5ec00b3ff7e1c6f0bf3890

SHA256
a0ddc1d5a04ce902b3f51da9a776a852a8bf1493afbb8363da85eb5f9a633208

SHA512
13a87b34eafb1237c3e3b76a2dcb6f02b79a15ce625a3fe4e1a881eefc3697d149258208c044b15d0936ca0750802105a2da64a0a177459f3f7161fff13c811c

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMUpdate\xImage.dll

Filesize
190KB

MD5
80f265806d0e0e89d6e4d32f8d612ea5

SHA1
d1ebf930391713a88527114e57c551724a370886

SHA256
3336b50f83930cd4b35a53358f0460678fd25e416d91ca5d885ff8de150198cd

SHA512
1fa5cd21e468085da65bd1867c87bc46f8666aa819e2bf8b594979fecacca7b3248abaa5030ea576dcef4897c17169989dbe71470d7f244508c534ec1edd9514

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCCommonMgr.rdb

Filesize
2.1MB

MD5
9d1f882243b09796faec21d1c1a46ea7

SHA1
e82e80c6156b2f2002203f0a6a561624cef9ec5f

SHA256
659e826fd485d6199a9306b96590b327ac8ddd655ae361fb068e76b7d283a4fc

SHA512
c81a916d665deba3bb625baf736f1f04c4bf524b1d96564e7fc6793097cda7685b5509c0c94dcb66903b7c94e0318a3cb75f44d2f509c5812dcc10dd50831e55

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCSoftMgr.exe

Filesize
1.6MB

MD5
7ee255758a83959ed01ed6318914dd53

SHA1
073de4b7b2cd538d20e40d49c1cf142c2aeaf7cd

SHA256
f2f67cce85c3f6c524b848f5101c1323ad66b4d00f1fed88941cdad9e94d45ea

SHA512
0d466c95e51b9157b2ae920f3ca67156a07aab4cbd083c819adb38c624f6651b1c752896cd99a41fb45a222dc8fecd64cd2fc5103c734e8929c5e546e70b78b5

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCTray.exe

Filesize
348KB

MD5
6cf4fb113457e6d73d041093fbf3f722

SHA1
b493b91e1af5f82cd4c34da548ef9e4ff6253e28

SHA256
5fd4fe1f8d5b3bcad79be1e012e458bfacb412a3ae091804c3d57d42405de8e2

SHA512
c9ee44687f59350b635596fa1d5d72a5d77c6fca7764e3c083eec0302ad3efb9e56ff38c707a5cbc2a8e5c86ee06a7a3e00a7736374a47cb679bf3434dce9cd7

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\SoftMgr\zlib.dll

Filesize
86KB

MD5
bd6c48ba68daeb86833aa6b850541f2c

SHA1
092aef7aadce020ed99523f043436c9b4e1f088a

SHA256
7edcb2f6e382e9f38e061be8fe3d6e60e9a750c3baf29791adf900b5d396d363

SHA512
6eee47c41b670637e33a82cad3baef197e462561d6b1d94467875199683e24a9b7cbbef72c06b37b9a8b04fda03025b3f15bb296b1fb6be0dc6159124fd9f76e

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\Tencentdl.exe

Filesize
1.0MB

MD5
16e27465fc02e6974704fd2187e92144

SHA1
010a8f7ddb6d6b3263cb710d9f80e481db54be51

SHA256
7d33f460ff3c391a35402c3eb850f07996b1d94019b3d4505444ffab26bccda2

SHA512
b70e96aa3c185fbbdad56ffdd9bf9b6d5fdb1fa34bcde197085940adc453b9c4d7784dd37e9e1b137caf9d93dbdf8e379c20d3624aa961838f58ff8f1838ce1d

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\bugreport.exe

Filesize
711KB

MD5
7d41869ca010c7926b8888957a5d8d44

SHA1
b040e9b1d434e3c18da3f2b80dd160e17d864f01

SHA256
555fc642b7c0c407736558b93b8e0220f3bbd27f5dcbe03d7362df65a13c6f58

SHA512
e3f6bcedb1b4448f16e0f19d8e4deb02391ae4256da73fe67e663441cf31eebc38f3c348a871089d376b71f563dff828033a1851074d8c4f1b5a4c5ce3d863c6

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\dlcore.dll

Filesize
2.1MB

MD5
1123cc85ff12a2a9c44395e5362220cf

SHA1
6e886d10ee0ffaf118e13065283ddb7408099407

SHA256
544b58015ab218dfe4fbf1cbbea7fe9173f023edb254d4a9932a0656237e2a56

SHA512
8693d4fd1f2a83322f262af5a094c6bca57df734514106ddf1c2613f772c2aa2de16ca90a4aa275723cd336163634abecd85742883652c5f3f94d8bb58211d86

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\extract.dll

Filesize
361KB

MD5
e28497e0e9266ce04271815fac080f12

SHA1
9757f0b40b89201e16aae09339530d75d6f51cef

SHA256
81f92b3e0b9687b2258f521eb2ab25d65516494ae7cb08b4bc5bc290f2a2e0cc

SHA512
d46f60f2bbc3b811cd0bf2de199dca6f5a14a742614f093938ec6ffd7adbac5b3997d4e6e1062485842142a2f614dc4ada7170bbda84706a07fb86786d30c529

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\ClassicLogo\AddMore.png

Filesize
172B

MD5
020e693e12d5857dab9522c9822f9ac8

SHA1
25f02fe9626ca6064fba8f53471c8eeb685ed64d

SHA256
2a1d08aa13d300f9bc40c0e2de79a6f474700c3223a7dacc05fe051810fec665

SHA512
aa9c9892b2a73481d6162868a39b307b592a0d10cb683527ff25a08cd69b1f2e592879f536c4f893647fed69e6454ad6aa1389b4a11986cd9d505b341f8ffc53

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\ClassicLogo\AppMarketPlugin.png

Filesize
1KB

MD5
8d6e585aed5e0b9557901f2106fa6b55

SHA1
ed148aef3f5e8808dd33436f50a8fc131352217e

SHA256
35aee7196e14e414938fff76615882f3d8d2ddcaf3dc8a5ce7af83bd5b7b8137

SHA512
08b5a56766181f8802f54a45635dffa15762ce2719a8a53000bef1c4c126cc1c910e8f00d2e51369e6431e2b7a8ebf90f82fcb20e857d2a43e2685931bb4ee66

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\ClassicLogo\DownloaderMgrUI.png

Filesize
309B

MD5
680e35bb0777f6035fa6f820dee94bf5

SHA1
49ac84a28c3ee1df2a9e20b5ee2156ef6f1a5f33

SHA256
83e13d5b278892a80fc249a777d0b680a26e1022698736543b2cb8cfb375fdfd

SHA512
9ba89c700eb5f550db7052358052fd33831e4ca1acc558fb318624f23a492f48ebfce552a22a3fb09f48420c439e6d8633e199e836a109a8e727aa0a3504a997

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\ClassicLogo\FileSmash.png

Filesize
314B

MD5
6726047aea1db423af7016de0a4d501d

SHA1
effc1edfc70932c92489459d22e8973e4722780f

SHA256
371c6f598ee98dd04e34d452641948349da8deeae6a8d053b1fc5a17cd706e98

SHA512
19663cf34dd5002ad244fcbf5cd67a89d414f64ebabcee687e4bb0b951b6d3685f2d58e1fd178c496753c85d39d7c9cb81475eaedc8f1fae1d2b67f43e2b43ae

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\ClassicLogo\GameBoxPlugin.png

Filesize
1KB

MD5
c041db206c5213ba992396b8aeff4a71

SHA1
bbaaeab2af3cdf8a06e91058069bb7b064600e77

SHA256
cb44459b6b3f118d9efa11c73d823d78e5a415a6350ad57cabae10e04e8a88d8

SHA512
ecbe874031aef7e12c047459483ca629e2bc0c937f6c68582ca807315b26a40ca303e50fbe42d2562315b41d0038e929fd6f12aadfed84c903a396c527c7fbd9

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\ClassicLogo\HWPlugin.png

Filesize
565B

MD5
2a725dc96a8165124dca0b0c33738ad8

SHA1
e84183338458a19e888e0f38ca4b3713d60742ce

SHA256
b12028dd34cbe97d61215211b0a8dc4b367f9f3f1b3e9abe18cd12ff2c3af972

SHA512
b8476ae9414a3a2d81081250a8799eee38787e6a53bca99ad7ba7f6a019b1e49be941eede185dd46a3d010e9d6d2a678d05be8aad01f77641ee0aa13931c0b6d

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\ClassicLogo\IEStartPage.png

Filesize
433B

MD5
5165f30600eaffb6b3647a0b8b128e83

SHA1
9d2ad9bec172ab7ee39678e3ccc319e715f74eb1

SHA256
04288731b43616f4080180d6db2129a01a0afbf2f79caf6929e82c7b5ff56e9b

SHA512
217a013edc82d93299208f151cc43f6c9f9cfd72af9c524c551dffe718b0db9e52cb089436f9cbe3c39665c219b8ca9fbe0023aa4b73ce18c745cb0d3283024a

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\ClassicLogo\KingRoot.png

Filesize
878B

MD5
2f6e92c90af7c4097169424ecda04b11

SHA1
0f59c4fff68d50604366c546c59f801b8829ad55

SHA256
24159c57b3c0fe26727202008cf4e409c241ac2d7079c81515b61f3669ce8b47

SHA512
f1fe8f26ccbd7fdf84d41d6c61a73a4702d3df943f087baccc6559c55a222a3d6fdda8246c2e12adc8c512ebc2fad48f3b1bc57797362afd9b2b7d25ecb77bd9

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\ClassicLogo\MenuManager.png

Filesize
789B

MD5
246fc4e9249d6030106d88eb0dcefa80

SHA1
321ce5a63b98f616cc685b6377e268b125d38a12

SHA256
7dfd36ba36007f122dee2d6cc95b30c5788ab6ed864d796ceeaee870390d2c5c

SHA512
5c59dba5a2ba49d3b829f43d9480d57f98ebbcf50589852cc361687910f5f8947d4e0b50245c7c3b0409a0ab8f37073ae655e0da6fd34f28ea294730244d664c

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\ClassicLogo\More.png

Filesize
448B

MD5
80fe569694d11141afdd0cceafe0a188

SHA1
81030454b767f176cd7b1ba70650d17aea7ae147

SHA256
ec518469a3a18d94fe556b0e0d93037bd9062778fbb774ab155c367f5d413c78

SHA512
edadb70fc700f269600828cc01b3b9de4a71fc06d73b153aafec8ee89ce41f860cbc1e454cd250e1b9872a53ae3c71b9647da303b051fede139e6a4351eea5e8

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\ClassicLogo\NetMon.png

Filesize
424B

MD5
436dd7c73a0646566ceb228943fdf7c4

SHA1
d23b20be23ac7f28c031169e0f741149d86908fd

SHA256
39202cea292e796a4479c41c8304fed75a5eb3d28520c3c327847234cbbcb6c0

SHA512
0d12817437f9f85c46e79a8430a078352e493376b592dd11b4a0075facf694d67d971f3a44fcda81ff70ae45bd8ae91e41e273dade0521c835338ca6093fd5b9

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\ClassicLogo\PhotoCraftPlugin.png

Filesize
615B

MD5
c987848ea65d039878b942ca6c1a102f

SHA1
a4d4547d9e242e8e6409c09d4fa64325fcdbee8d

SHA256
78845ffb4705da2c4706b8ae5a491f3fa442c9b08af69ae5e9f732163e9c5cbb

SHA512
89f43a583c3283ec92109f5196f1bb9d831a120c72f09050bc913679186f3891e23028b1603804466dcc980ef205eb660b5c263e9aac557924db665b494cdf26

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\ClassicLogo\QMAdBlock.png

Filesize
653B

MD5
578164c547d4d6bb436d16c9fd2ee9df

SHA1
ae291105b830f95d62503c3f65c97eb042782171

SHA256
1e7de0d7d4921f9c08775993fb7521022482d037b36dc93cdf540cdf32f4541d

SHA512
d1825ee449c68dfc99c59b585bf3549ca50b8a30786ad7d6f12dc6ae64ebcc52664d9fc28e1eab3f1ac9417e087536befc6074a302e603afef41991d63e6b936

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\ClassicLogo\QMAdFilter.png

Filesize
545B

MD5
b490e7c335ed0637333a2b3a559e4e12

SHA1
f99966c61ebae64e79bf423c171f0638fee79d14

SHA256
c1c1dce73624b2d179b85ba7ecbbe7cd8ba211f1776ba89c993a22532a8e26ff

SHA512
8d10b56eeba39cf7a050d24652a5de4758b7b85a310f87dd23732d0b3befa088033a62a6da1b1dc992409cf7513024409332dc8146cb1f97ec88f87df8ad1fa1

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\ClassicLogo\QMArpMgr.png

Filesize
843B

MD5
6c439cf3c8f74349dd1a85d9ac6a62d7

SHA1
fd43bd82098865129c645eaf29fff83094e03692

SHA256
726cc2595b344030bf4a85f1b88c4a347ac971bd9da55e29b3923ab22b058d0a

SHA512
30d899d54062146a19a8472858972fab578d2e3f64ab392a847ce69d220a5b13b7305a56b1459aef5223d8270502ad2caa072191f288bba0c9e9de73bbea61d4

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\ClassicLogo\QMDnsPlugin.png

Filesize
409B

MD5
729f3ffd1f4543bbe1342c37fe6f6346

SHA1
86216d19016a73909c6837c678807111e1140858

SHA256
6c77dc9a5597cf04bda9a7082d113a772abebecc76e72c16378c4e4627eb1e6c

SHA512
157120b3cb08caba827e9bb318c7fdc80992d6930331d3b25a877a6aeb63cd30e9278622e12c17a650e7bf458acd6237002b89554137d091fa1ca2c4c73114b8

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\ClassicLogo\QMGameSpeedup.png

Filesize
1KB

MD5
4ac4f7aed9d37debea70e5194b2d00c5

SHA1
8956c0fc270a6c02b5088892639f7993a3d0535a

SHA256
d73804a72e3f28dc13e8662d41e1246c3069a49bf094c429691fd2a0588223ab

SHA512
51b4a925f25ec538698e344c4f5554c6f4262d27694f34b4aaca5130869f0c034a0275c88e49b7fdde1525bed4892f5bb3b4e072f3017c3d196caf4e6a425e86

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\ClassicLogo\QMHealthAssist.png

Filesize
894B

MD5
5017b62b408333e7661e1899aa462b87

SHA1
449cc0f86d7dad287191230d963099c826a99768

SHA256
0a546ea023280e1c45cbd40cc660913a56ad99530afa0def1fbcadb9707e9d9c

SHA512
c9c8df3a99dd016826777045bd19e49ea59dd6421c86bb6a507b3f06c9ac57a17fbc8121c89e0c4a4551090f51f500a67dc93bb7406bc2aa5fb006d2f765505f

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\ClassicLogo\QMNetConnect.png

Filesize
1KB

MD5
7227cb18b5051ce808c538f8bad062ab

SHA1
02a5476354bce7201db3d904a29f72b7446b7f5c

SHA256
0cd4a77be5020e09b80b08a7d4a190d477c7edd3b01e054e29edcc74145dcda3

SHA512
cd2e1ce978413bd98b6dde9ebb8cb54105547aad055b128712a5a0f6c22a8012f09a7ceafc55006d6ad1911d1f71a1c995cfd21bb50f461a502cd299821c46cc

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\ClassicLogo\QMNetMobileFlux.png

Filesize
989B

MD5
9196ed2c7080f7d5bc2c333c6d1fa50d

SHA1
ab25b1e3169bdfafc53b4713d43377524da419ef

SHA256
87524c97d7ebfb07366ede767751c87cc38b62d754e222e61ade0f26885f1105

SHA512
8fe94d32e68611af2986c268a28fee74b4fcfbd5816a41866d0c5efee13a03a45ea0dd6dcab2234baf1a9457184615fd5bde4121883c7f746281c137972e3584

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\ClassicLogo\QMNetSpeedTest.png

Filesize
1KB

MD5
d21f7b885180099e9f5bd02f00bb6b95

SHA1
b31d1160b8cd31931b7e74e910a47b988171062b

SHA256
21f7be9c0b262329583131424610af585f82166971207660a1ae283f4cc4758f

SHA512
70720c9eb0651e935956cac142e060e0263b5ba23f1def629165d353c7f29299d498acf959ee4f38c6fccd32594a23b535202b6191bc02ce5a8a6c1ece33abc1

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\ClassicLogo\QMNetflowOpti.png

Filesize
928B

MD5
72e05380dc0caa88dfd1793b276fa307

SHA1
0032bfbae0efe195a19db2a63ddccb4470ad1d95

SHA256
73ee5b85e0a92035d33412b6cb3ccaf176bc7efad1b0ecfbf65ac3886d4b7211

SHA512
3e1deaf62da8d937a07149a0728f6da68327fb8cfab00990355fb94cf891989b86a7161127a61a6dde04599e1f27f9915a0a889a2eb275077388511271b8da13

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\ClassicLogo\QMRouterPlugin.png

Filesize
722B

MD5
2cb16b7dfc49031e3a3264184610bbb5

SHA1
d1338137bef5baa196985dc06adb72f943833d23

SHA256
50e853a0da60389be21b783ac552d8501617dcb4f12ab3cd047802ec558f6b5f

SHA512
82d64da3b03772dec68e792213c91257a2cf4019b8a8a0e54c45c88b57b3c78c69db74339bf55355158c602527eab599d800ec8cded3a48d41dccface9efaad0

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\ClassicLogo\QMSysSlim.png

Filesize
691B

MD5
ec489e647c88cfcd71f0ab4767eb9f2e

SHA1
bbe1fa9903cdac1da90cba57db477c4bcb220e99

SHA256
af4925f254ee448bb0506918ea9e6a58a04fd8c6d025e86be1f4821fcaa295aa

SHA512
366470f63ccf4e8eb0e19e3759ecedbd02b035869e747135204cf80079fdfea09e87e8b14e0cb66acc1bef47e0289c081d0b461f53da51aa1a535f5b0b87d4dc

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\ClassicLogo\QQPCB1AndroidJmp.png

Filesize
1KB

MD5
a1dfa47fa6c5c5e024907e64e308fd66

SHA1
9e87abbfeab81a519cd059270694d87d5633defd

SHA256
a59f66c2133b48972076ed99d07c315a01978e1dd948ad4152072f0a088adf3e

SHA512
ce0ec119218fa2d8cd8c6d01d0a2160cb53030a735d0a492fe02c35a4217ea948b23cc0d28b10d6e0d01aaf22d6f8bbc39f1738704a1b6be0cdf087829974eb2

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\ClassicLogo\QQPCB2AndroidJmp.png

Filesize
276B

MD5
efbe52b18676140239855a5e33969c6e

SHA1
8931ee4d6c3d96694a8607583eebad3dba2c23a3

SHA256
51402ec4c52597073538b5b9d4e7f565eecff3e6ecb91c18903e4a0747abf368

SHA512
2f8b06b9f3e8808f372da7ea29983b1adac82e4da7c823510f32080150b8e29f83d0f4245c1bc307c5f19e22ea805f8d595f6752c7b01c01649b0280beb30ddd

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\ClassicLogo\QQPCClinic.png

Filesize
931B

MD5
dc4bce73536b17efe090844089ab1a7e

SHA1
c35725b6629ea8d159b6173415d6fcca3d1ca86d

SHA256
544dacb0bde793a294781182dda19eecd9777529c83db31d160fe7f4b9849fad

SHA512
d9a3fa2cc8c2b82ec06721763d7b804f1a2a1f25867b6dd771c662bb01e897f33ba7d59731313bd817940edc16db3f5f8e646869d9ba28fc244895d122575a62

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\ClassicLogo\QQPCClinicNet.png

Filesize
883B

MD5
afe4bf46c130146c640d120832d4117b

SHA1
2b4c2dfc97c07e1d37e23fb9f91836f8d7513b00

SHA256
d0c9827643aa7c37685c5314cc60ef8dad495e09a1e2dec20fb164b2b841625a

SHA512
4fd9b8f77562cba72c53040d2dafffd5ebbcb0e4fe4af83933e8f46edf283a6ae970cf9f3f1c1b2435861b628d728cfd8b3b408401f175dc96e8ef3ed697965e

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\ClassicLogo\QQPCClinicNetRepair.png

Filesize
436B

MD5
22acc87162ddc8f4e5474b5da9e04b75

SHA1
e5aab7d642084a2e7adac1bf5ecfa9fedaa5de07

SHA256
c45fa13e6842dcd51bf795f44e42b05d05d2588b2eb23adcff1c6ea947834970

SHA512
f302384554c8b81b7c25537e4cdee9653a580763d4ee53e7bb34063d90658c39a0f6c6a88ce6af569b3f9004f40df187aa7054b12c0f9871f054e1a6ad7dfff3

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\ClassicLogo\QQPCClinicSys.png

Filesize
1KB

MD5
1ad3af7420e3e4e64882ec58a71bd08c

SHA1
ce289b180694d32ee5635beb0fe4a914dd112d6c

SHA256
9074114d3ba1762eada76812e3361792917be1a57fc9bd009fd6f894646fe253

SHA512
0cb9d5317fda5937da63c83a25347e143c9086e86f024d349e1a2473dfcc6af80993dd9a5c5085f6e33b6ef9176cab96b92a557ad44c455fd9e5cde71745a902

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\ClassicLogo\QQPCLeakScan.png

Filesize
1KB

MD5
ff9955f6c79d3571f3212c9c0efbc852

SHA1
677273c6d8a2673ac1f58fb8a60a949a1d17887a

SHA256
77cc022eeca0e3320c90d308048366b98d59dfcd8bd6b42fe5dde638fce468ad

SHA512
8e7706efeb9249a955ad617e0346514b5ddee9d4f81af4eb6f3062c3d51e55af3bb628555fbc9bfa831b8e3f40be742d1fff458a06f888f8d859eb308add9884

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\ClassicLogo\QQPCSoftMgr.png

Filesize
1KB

MD5
b5d0721e263f494509924124c0e28f7a

SHA1
2e752b3c42fa13c00b32872ce70973de7dc43fde

SHA256
82ee8475ec84231e9626cd96edd8643f013bc6e5db4adca30f543357cbf6a679

SHA512
5ab6f19c3de0ebe8c36788fa4cc3c029ec7536bfcede4f5dfe5b4ca81a3ab7e1330025b4fb8d3c37e3aae292a2b1940b4d175feda306eca9e95194b35b49aac6

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\ClassicLogo\QQPCWifiSafe.png

Filesize
816B

MD5
ac8dfdedbb04a5f325677f03607e5d5b

SHA1
192688f725d95c958f58ab0fa9a0f3d9d78813f2

SHA256
54b69e2c228adcdc549d80db532eb23f1ea7c0d082bf946e663f5baaee29c1d8

SHA512
e3f7adfdb437f9876cb33a7941c2fb7b2c0878a709a9ca23407a5b94f152aebbcdd78a81c2aa7d984b371bfacd5def2b10a00e16f877767ff6b1c3cbe65fa397

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\ClassicLogo\RemoteAssistance.png

Filesize
720B

MD5
5e65b55b9e9c8179c5d3ffd705b5e824

SHA1
3f40a87d9701f99a52bf73acfadea95969e75aa3

SHA256
48849ab09709f2cf709e1f88dd70e9ecf04ea4f7160727f58f70dc3f37f7dc68

SHA512
d86cbdc777092305ef38dd4a6438d11b4b62371acc2f3bac181a1a5483ad8e54ee95bf4abe6f33066692954114200a396d20851158bb9679aad77e5ff2607c7f

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\ClassicLogo\SoftMove.png

Filesize
622B

MD5
9ed67c697ee96e1cd23ff0b998586505

SHA1
59e54913a938606f4a955e7886067f295cc51a6f

SHA256
3848fc7fd0e312913e97d31f15a027db03199ab06491585f3263585b9fd800e3

SHA512
317ed0dbba4c4e4b4e96dc426c3ac2356c3c16fb67e92dd38313e304e330f5205650c0494f2e5ddec3b1c59bf4edcfc8845767416bc9e3261e27a77077fe26ec

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\ClassicLogo\SysGarbageJmp.png

Filesize
515B

MD5
0929c99006a45ea7a10f3e54c96c31fb

SHA1
f9d6ca56f3641a85ef259c1a7b0ac8a353bfa544

SHA256
5cc4d17739f4303e282550cd224878243cebf0f34836b99df627b730e4df8c7a

SHA512
b52e4c2857229c5c82b9f66346266d830ad41a763c5ede0642783de3d34bb77ef819dc3ed0d78a17164bda25e531cecd0bf3b9f9032759e972caf6c99ff3b151

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\ClassicLogo\SysMalwareJmp.png

Filesize
832B

MD5
d23e8235aaa561bffe9688fe7d65316c

SHA1
1c7250fe8cb72ddd8723d8d2686e9c1a48c3de21

SHA256
9667d80d44fadede0d871d57bdddb3eea41266925baede816a1f0ea2a7ff87b8

SHA512
30f75cb7ed6a6b01f6e3b011b894c9a14813a84ad7d2ed00350fd13a50213bf6d87f07ab641ef61851e4d01b7aad82fac270cfe42eb6ed1a4380a0e49f4d93f3

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\ClassicLogo\SysOptimize.png

Filesize
597B

MD5
a6ecfccbd238e80eaf9542f362d2257d

SHA1
df7a72d69acd6dcfd2164cafe3b3c45650cb863a

SHA256
fc987676ecd65b936573dcff997872f372cb48233ff7195d278ea56059355305

SHA512
efef4af01c40631c9919f6f804d987b0639be8ec9913b5b9dc3a4d6b2240c39cc7581d1977ea09bc8519b326c9b821668127c8c3c1232ac2510707541fe72e4a

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\ClassicLogo\SysStartupMgrJmp.png

Filesize
1KB

MD5
616b6ad3f786280d0610a198fb1f7549

SHA1
7b70f0e05b06b352cb11f0e8ae98a7107219d123

SHA256
65806bd47cfa9dd2e814194d2e3c95035099e7ba3c330ad8bebf3795ec2e521d

SHA512
cc09fd8b03a07c825aae6bb6386fc4c10e746da3e317229c11315293fd36324c80884c6009031aef7a2476bc7e5e868702888fec658e40de590e2728d6b73b3c

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\ClassicLogo\TencentNews.png

Filesize
1KB

MD5
33ba276c85ab8b60b5f3bfd4b2efb68a

SHA1
2dd91887547b6041b3ca6b1adc2732636dcafbfc

SHA256
974f079592b94c54e2797a51d0cb507bd79daf995d1688e8f977c9fc99488e64

SHA512
b4b4b5d0c0a70de2d153a15eacca8e43b1ed4701e16e64f3a3a5c28769ab923e356b5c81abc0cc2bdd67c50d9f9048edaf10b8a5e858f24b9bbc9957617f5dfb

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\ClassicLogo\WechatBackup.png

Filesize
1KB

MD5
96f211a92fb073632f6ae305c1276275

SHA1
548dae27001ef25ab370f2d5ffde5d849b203cad

SHA256
14b23ddc85e8f993aff2cb9932e4176790337752f8f001eee1ec6b111b8e5d0e

SHA512
c0be21b306fa80de9a541ede1d445ca8b25d4a06ceb1a17680fa9892dc213456346da0bc4835a26fb0d2d966cd8bf95ab6a4b95899811096ce47b93b5684c733

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\ClassicLogo\qmsxtboxplugin.png

Filesize
822B

MD5
ae229e8d328b6fe6ad0567e8cad70547

SHA1
1757c9f86ddc438856c0a28afc0b049d051d982b

SHA256
935048d19f83dec42ba04792228c76bbe47cc55f0c7a82d2663a9328ed79344b

SHA512
1fd357af53572631264f19a43a793f71c21598d34129c02be7cbc8f18499b7d06644bc1731608f8de8a2503ad1afba0062dbdead8b2773b8022669eb8d8cde61

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\ClassicLogo\qqpclaunch.png

Filesize
1KB

MD5
b9b2371ca72c4457faf72c037154b675

SHA1
54ac941a57b9638ed785701dae585ba464f8b22f

SHA256
b9bfd85e454ef29dfb59a27719b098c48f3e2086ede4d7e66622fe89b384d9d4

SHA512
371ac6d026c380adf6d6bb3aaae480e9851a5fcd74f7c3685217e023013d19b53b0dedeed672be8e71ae1687bc65d677d56f2592b59d364ecc672222b8d34549

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\ClassicLogo\qqpcuninstalljump.png

Filesize
256B

MD5
d5a926c315fda0d0850a950bfa16274f

SHA1
cd7494b6240a4dd0d54acd0446386288ca20c40d

SHA256
1a01f1b4c307f4cdf91adbde7d0c8de4722410a8899f2b64520a48f88e069be3

SHA512
592605d9c05407c9192bbedda77455d5c22e0d28837d50eaf3d0d687d09bd8d8b013fa114ffb704948fd786e301b6b0659f6e8cb9032110ae0b64963e9c02830

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\ClassicLogo\qqpcupgradejump.png

Filesize
503B

MD5
940a28dea8ba45fad2bbcbb4ce18dfa0

SHA1
7f99d6b61524c53e67649d9dc42e4297cbf0eb21

SHA256
2d3f957adc6fe602b3b312fb7efd4d1c14c1aeb33d8e8d5486e1f9828599c24d

SHA512
6ff46b7f39929a59dd2580a9b5480ba2ad497328e6b579c807d92e9f9a575cdffcd20fa09d9b8508cdc41825748b0978065a58c58b8c15e06ae89e69314e838f

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\ClassicLogo\qqpcweiyundiskjmp.png

Filesize
1KB

MD5
c08dd0a4eac387596a25ccdd2f077ea2

SHA1
d8aedcd33365df64b088ae0a4681a79eba264a4a

SHA256
225b9111fc1f59b0a009a01bcc484dc133ad7cf49e48f27d331e1d15a5ff4706

SHA512
20f4e3f008df43f00f22ae316770a8b958f8083be9338996fbe98c33f90c9fff8d345fc547be7860ad54379836787a530949aa258cd3c9fa9bf781d5186bbd8a

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\NewPlugin.png

Filesize
1KB

MD5
bcd506e9f8084299abccd33cbb9e50e9

SHA1
a0bd2f0ccff362f67ef398b1972f2d755dd155d0

SHA256
214091f5080b3b20bdeaaae6bf684ddbf4775a4811358f5d67c166b62a4f143f

SHA512
569e81387434183efafe88499c6c24b03fd8b00c35c81124916c7a3efbabe687ad1918ac4b34621c2499d35d8521de15d1b0ae0f6596e592e39c438cf3a6a8a8

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\QQPCWifiSafe\Common.dll

Filesize
1.8MB

MD5
9f97986db2dc0b1984c5b86d6e6cb277

SHA1
d842f83b3f6c92bdff10d19307f165dae1034c03

SHA256
44536e1001edbf1b6060bcf76c0e1b7f52868396efcf41f61b3bb346c605f121

SHA512
4af63af15ac67e807d297c45adf65ae198e4a033e89fc6f35c0e4c43abcf57334a4266fa1aa13f4f6605dd2058a74f56e757369079ea11ce8cbca0800c8a313e

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\QQPCWifiSafe\GF.dll

Filesize
2.1MB

MD5
98537ed2b637ee9fe613d356d6a2315b

SHA1
0567a032d2824dec33ee306cd57ba88f55f06dd2

SHA256
52b303f8cd7cf5f958b4a726d6c15f19d26e15a067ec8fdd8924ce930f386bba

SHA512
cb14eb2aa509fa74857c5c8431b1333c92b2ad9c5a87edf747e281066c2073e09ba139e02d8596ab0f7114a58aa6a9bf12c40c0e018423f8c80d739d2f122c73

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\QQPCWifiSafe\arkGraphic.dll

Filesize
334KB

MD5
6e67cc17373df5c4f0d4c911b8abd190

SHA1
cec68c7f6ff3830654e7adc7e168729e325a12be

SHA256
a0877adadf0609814676c01c0073687edc9fbb9a2dbef77599e8cf33cd3becca

SHA512
8d4da081e92aeeb39c0bdae5172eb0360ff14952670632d2226bab9cc1faeb60ce89c3326d5c2eac24fbcc5600c1b5a772850d16963898b219636e99da5965e9

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\QQPCWifiSafe\jgIOStub.dll

Filesize
13KB

MD5
81078ce3a928d63f9611a132e9deb6bd

SHA1
0181fb1340833cbe4f9a268b01239b28e01f80fb

SHA256
e5b9766a0ce2183d16120247ea40734c6e35d8c6a31dad3f00b541e9078d74b0

SHA512
8b5415adcb28bf7e19305cbe11aee65612abf78677f1d8166b7d605abcf842c9ed11b9ed3d81893c3c92f57e7986c30eedcdf32bc6fd4c3926627f164f499c3f

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\QQPCWifiSafe\jgImage.dll

Filesize
44KB

MD5
46e22ea434f8181894233d29201c51f8

SHA1
2bdd24ec7d638363f522463b52f6ac8c17353ee1

SHA256
5552936556414a2210ca41a274518ec80fa4ec7b8940d5dcf26cc76a0708b146

SHA512
c37b145ef7d6c58e373706c76e097922f7092c48eb801a0e537868108157e28cf4472ac548a3fdb1f7485830b48acc4f8194d6622a4533889c3f5553350367da

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\QQPCWifiSafe\libexpatw.dll

Filesize
134KB

MD5
015c6f01b16a55cb24bebcc3c8d94f1a

SHA1
de2df059b878bafece411e98c63fd4c02125ffd4

SHA256
bce56a73d43e5d83e618bdc45ac7be450d7d11f86672928213edcd48e25a13db

SHA512
40bdee40e517e81ae1e996863f4606e07c2838b3a74240da27693b2dca18866dd8ba12599c3c250bffbaf193156bf1052c1eccc6d182318c666fabf4987535e9

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\QQPCWifiSafe\libjpegturbo.dll

Filesize
278KB

MD5
d4a6b70e64e19884a80b8f0b205c1045

SHA1
14f821acb93ff13b9d6bcaa40316f9605d958589

SHA256
7cfb2c8456ebc2c0dceffca96a7f63ed2c293b99d4a115bb01590b87761c2b37

SHA512
42575802b48f16baa5024fe186c5b7c1f348888896dfcc8c88425b4cfad8428a354c10c782cd8498558a1084fc0800968aaf50da0c90dc2d276da6ccd8378f49

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\QQPCWifiSafe\libpng.dll

Filesize
154KB

MD5
772bc1ecc5f7e5655145dd61e6ece349

SHA1
14553cb511d3cbd2056ddea7a1e019abad5f9b25

SHA256
092d9313e4456c0d36385dc1d76975e4c574e4806e01e7de340b6f6c651c0173

SHA512
be7a54c5f79ba0334ce16193a9c8744cc8f24438af5515677f30b3b2056913a962d4a6d1893000a92cef325f9c07ea6d1f3e51a9af520dbddf05b35557b8ecf9

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\SoftUninstall\SoftUninstall.dll

Filesize
498KB

MD5
f9efec7e9e6c27d37a70d821e3aa6b03

SHA1
dda71f3468ea3e4ca7e13ded66d3447912c8086d

SHA256
cee63b622c34102b6eefe19ac3d2da08ba8a7b037d57e88d02eb9a10097439a4

SHA512
abace2ec9cbc27eb0b6991f2c6b0f71356334c6508251f7e94bb604d6872319612c9247128bfdbf4ac7aed95ede4337c5140d6bab3acc2931e91b51d0657f4ce

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\adplugin\QMAdFilter(big).png

Filesize
5KB

MD5
33a350ed39ba86596329938654911c40

SHA1
bb8648916a4a0480fb000821bf3b0aa69f6e64b6

SHA256
8fdc4e0cda41cf07bb25b5da34094c9192a0654fe86e46fcd950991e29ee20ca

SHA512
1bc3e969e4969e44b48fd26efd279ec2714f2ed9dcf250049b924b1a21c10a48448a7820f40178dcc46dec9772644da5121457a11ff7d8f528ece3475ca5301a

Download Submit
C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\sqlite.dll

Filesize
471KB

MD5
b783b7c4334b72251668097fbb373db8

SHA1
794d76cc0f3e22b8c13a149bbf6b693843aaf23c

SHA256
8df8765748f41b6cdf205b4a34ed56991131610c3657deadb16a8f36aec02818

SHA512
a9750c8e8dd1270e9132e3b63dd97717b7f748521656c57c633c6b6b1492901b465abe305d10efaa6b5d80877a6f18194bfb73b4215f2f2ae4635375bf6b10f5

Download Submit
C:\ProgramData\Tencent\QQPCMgr\QQPCMgrInstall_20240525230022.Log

Filesize
5KB

MD5
78698836daaf41e4fedd8bb6d44e818e

SHA1
f55bfc0f644341295866d4dd172afc815035a29b

SHA256
5442f25e7d3778265a68c467695e16c6dbb7b5ec95f58c20c8aec45ce40f5be0

SHA512
fd235e4fae3b85b33e1c51049be5655a5d1d8b7fa5890ccbc235fb3a0e99547d484457499241750ff1986bec8d401a9ad1bdc7b86731111e7aa1cb0bfa792119

Download Submit
C:\Users\Admin\AppData\Local\Temp\QQPCMgr_Setup.exe

Filesize
48.6MB

MD5
68c63693d18b306db89b11544be50f66

SHA1
900ac235b1eec0fba9e654dd0ef6e455946c3303

SHA256
480dd6bb66d1501b8b67bb6fe771a5068f0cdf1a1d563253bc29578ddd11aefb

SHA512
5099fb78f9a0f861fa5c6575f2022ddb977e0cf399800a4d0740fe60e33c1c87dda592e678aa44b13d83e400e25408aa7044bc7bc47b05be40853f39dd64356e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tencent\QQPCMgr\~e5777ff\InstAsm.exe

Filesize
100KB

MD5
2cf3201553b4eabb62a35143a808381f

SHA1
e70a8f68ae3b8761a2ae75ace72f97bde0b3aa81

SHA256
3de1b79a41e5deb6366ba9f13ff65e47697fddbf7f355995fdd45f50c3668249

SHA512
2665d0fc15620c2125e65d27664ed80936e8b281293f0726fb7c3ca4590462bc13c7c607d85e74f67c91bbd61868a1f30710b0469db3657d5aee99983751b059

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tencent\QQPCMgr\~e5777ff\PackageConf.dll

Filesize
295KB

MD5
e4cdfcdb876f3f841bc0bf33711607a8

SHA1
c46bfebe303e90db223cd6341e6ea65614eb4a07

SHA256
7da0eef66c14f02ecff18bf60be7673916aa05492dd31e4580675f333008c5dd

SHA512
dac6515ef07a6d676e14df97f8eb99c6149b19cd9e75f0cfa6e10e310c4f4e81d2cb8f0632aa8a029e1c6e2e8b03489b2edec82085f8d0b0723dc20fca2031ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tencent\QQPCMgr\~e5777ff\TestMSVCR.exe

Filesize
16KB

MD5
4b847825788ec131032f106500638b92

SHA1
b5948921e9d3331eda2906cb664d32ab05564434

SHA256
3313c7606698e6721f65a8ec84e7e1f95859b39a7e2ca40463164788ab00565d

SHA512
e1390df49d8c101aa946ec01600ea7a55953ca950011e64c6343d672179ffbe5e1eff98fadc1b38464702e20c7c1e830eb928a1886dbd4ed4c95a57abbd29146

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tencent\QQPCMgr\~e5777ff\TestMSVCR_64.exe

Filesize
16KB

MD5
03d4d6e095bd4883ffdb1d2efdb113f5

SHA1
617a1eb4455389d29b4c4aa225d9ed36685d79a3

SHA256
b5c01124d80d96ceff8829f3623044151bb14e4111a8d241abe00dfbfd173601

SHA512
c4047c355da3cdfa6a359c7e4c0e170ab75ff53f6ea3dfd754b215991b9de158b8fc0c41b79a38a9591801ce4062a6af44ce8104e647c6a492fff75c4c4f0643

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tencent\QQPCMgr\~e5777ff\dr.dll

Filesize
427KB

MD5
68a34245c650829c613e9068bdc6f79d

SHA1
f877ad637c2097915ba894fdccb1a596a52a726e

SHA256
c72cc19b9ee4546378d22483d5cbe612805be585658df9d28677174b19c2b3bf

SHA512
1c9181c1693f3fb4c3044f57f9113f1858cb709c56ea7beec1d41026c4a64070e221dcb61669fbdab63fc0669df24f4a126ea517a157a738b9a35d784cef9afe

Download Submit
memory/1116-50-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/1184-2304-0x0000000075D40000-0x0000000075FC1000-memory.dmp

Filesize
2.5MB

Download
memory/1184-2302-0x000000006FFF0000-0x0000000070000000-memory.dmp

Filesize
64KB

Download
memory/2432-42-0x0000000006800000-0x000000000684A000-memory.dmp

Filesize
296KB

Download
memory/3628-2325-0x0000000000A90000-0x0000000000B05000-memory.dmp

Filesize
468KB

Download
memory/5028-2334-0x000000006E800000-0x000000006E810000-memory.dmp

Filesize
64KB

Download
memory/5028-2425-0x000000006E800000-0x000000006E810000-memory.dmp

Filesize
64KB

Download
memory/5028-2426-0x0000000076390000-0x00000000763F3000-memory.dmp

Filesize
396KB

Download