Multi-License Discount Quote

Change Region

English
Threat Database Potentially Unwanted Programs PUP.QQPC.A

PUP.QQPC.A

By CagedTech in Potentially Unwanted Programs

Analysis Report

General information

Family Name: PUP.QQPC.A
Signature status: Self Signed

Known Samples

MD5: 296cbdb244b27dbbf24a6b2dc75eb0a4
SHA1: 2efd7794bce308f755642c284141c75c9755aa08
File Size: 3.81 MB, 3809456 bytes
MD5: dda4331cc170106dbfd6e421a62d1325
SHA1: 7fca4a781252c3ac3504856d36c0d40d693c5337
File Size: 3.81 MB, 3809456 bytes
MD5: 4bdef897cb1b0366593ff809de68766f
SHA1: 802e816a9d9207a8c7f46999cea32b82c4fec357
File Size: 3.81 MB, 3809432 bytes
MD5: f44a6b7c125d0f778cdfa3989b0ac55d
SHA1: aad5618c8931681533cf21702b540ebb0a45dc38
File Size: 2.89 MB, 2890512 bytes
MD5: bac19f09e86b5bda2d125c894680b4f9
SHA1: 802b956ea540eef4e00955ca9c0e434344bd29c4
File Size: 3.81 MB, 3811944 bytes
Show More
MD5: c3817de546d25ca8ab89c74ad761e46a
SHA1: c3309a37cd4c086feb562eab424aa90e978c3de0
File Size: 474.87 KB, 474872 bytes
MD5: f1e6ea2555c54e48c1689b134e2de4fe
SHA1: f76c4242fd8da7196ea1f547984f735da90dc835
File Size: 1.57 MB, 1565040 bytes
MD5: cf7580eb1e665eb1715bfaee3115696c
SHA1: aadc397fb304ed32e1e69615c55192f3297c11a7
SHA256: E62D55CEEA4C298D4CACCBBA49532EBE378E22CF08A1C5F206BD786A227BFDCA
File Size: 1.43 MB, 1432824 bytes
MD5: 8b88a0835a36c0b60781cf9cdf6cba29
SHA1: 8d36353dda31a4edc9c7a2522534f64390f67475
SHA256: CCF2AAAA92CF15592CF5C9A88906AE4503FED5C5BB3AEBDF52358CB684A103DC
File Size: 3.81 MB, 3809528 bytes
MD5: d5a661fd870c63ed412e216511ba4b07
SHA1: 241a5f04bdbae3a969f080aae30d6015daa0928b
SHA256: 3E46DE05814E09F68427B705AC66A751618E0125C8041ACED0127D634FB6C2B6
File Size: 3.81 MB, 3811560 bytes
MD5: 2092f62ab6d41c2c994ef8ed90ad5680
SHA1: 3d5d1e5fe4ad963cb2987a7e294ef9792ab8d9ad
SHA256: EA104C506DBA044E17C546E248CD267F80773AFA7245D6A194D38657580574F4
File Size: 3.80 MB, 3798528 bytes
MD5: e01884f3ec1813a2aa21c31cba8d881c
SHA1: 304bed6d5907bbbb1742293074ab36275d283f1a
SHA256: 9ACD5193A81737532DD281388D012D1C4C5604B7A0A60F1E1BAA782ED941A122
File Size: 6.67 MB, 6673800 bytes
MD5: cc363818920152e52054421572108998
SHA1: e050d180631931d9f3c2822e398148070c46bcdd
SHA256: E549A2F1326CE0910FD39AA70016898EB995544F5B7B5288886E60742620917A
File Size: 2.81 MB, 2811680 bytes
MD5: b4b149e463eda74195a21306a004d2ca
SHA1: 19068a207b13dace3d93dbcdd9b6cf4970fc7b8d
SHA256: 9DEFF00439038CAD3E3C251200AB2BED3F7FA449580C81BBD7D97ADA136291E3
File Size: 3.81 MB, 3809448 bytes
MD5: 6dab2a3a3855308dd3372e62e51050e6
SHA1: 0816f47c4321d567fba219e5a8654e4c737cbf77
SHA256: 5A064C2FE8FE25B97BCEB09982888E7C812886910E7B95F21C3D6BC4654398B2
File Size: 6.67 MB, 6673056 bytes
MD5: fb9c9e3f0b2500d208ecfd930c63baf2
SHA1: 313eeb48efec056d2e3f59c091f0594a95cb82d3
SHA256: 1768F2BF2197E0C706536107334A1603D3466F2526677C171BA7E5498BB42B97
File Size: 6.68 MB, 6676672 bytes
MD5: ac994d76c07bb199b98245f0526f5e8f
SHA1: dc1dfa611859fe6d8f34b4e343b3b889073aa96a
SHA256: 1B94ABC7AE1B951DE0F9245F9636FB4C6F58F2EF02930A2265A0C709586105C9
File Size: 2.89 MB, 2891520 bytes
MD5: 9212038f7dd1ef98668cff5fe87c481b
SHA1: 9f03049c71653c9268b6efabad6f24528fd2d409
SHA256: D990F22845CCED6FF21A58991B0C0EB781DE18693BCF0C6FBC9BEA7B0F3D987E
File Size: 3.81 MB, 3809440 bytes
MD5: 9530cd03f4ad044483921065d843ac30
SHA1: f96221516404522efb6241e77154b455e56c9adc
SHA256: E675923B2E8A80FAABB33E2B880CE46EB7BA0CCC732486B2AE80589B505895E3
File Size: 3.82 MB, 3824296 bytes
MD5: 71b271534fee25e6ec20adda592c310e
SHA1: a625027ff0fea3b7e3e6e052e3622fb1a44d4469
SHA256: AD969CD46EF659EFC138519D3AA127088416FA22BDAE3206810E05AB95510941
File Size: 1.55 MB, 1553704 bytes
MD5: be4e15f26236540cccbf0aa48858f08a
SHA1: 85ead7d872f603466ac209cbfe65b714c40c9332
SHA256: 22030FAE817E4E2CA73D7B20B3526FB07A797131768C13E63EFB9763A383ADE3
File Size: 2.89 MB, 2891424 bytes
MD5: 065cf914c33a2e482a657c81ef07134f
SHA1: 36b5a0303118cd5e6a2575f0e9005e4e01c59231
SHA256: 8057224A5D2D6A891FBC5967F3B9CE47AEB5ABF0625E649F933E91B5DBD45DF6
File Size: 3.81 MB, 3809448 bytes
MD5: c7bc81ff95c4af319475f8dc69429423
SHA1: 6baa5d5c08abb985f4b52a1a3bf870f81541b9fc
SHA256: 6D70E1B6FEE966E7466FB968EBF041C899CEE49CFD931609BFD8F0F81A6596D0
File Size: 6.85 MB, 6850984 bytes
MD5: bb505ea25de55fd322d611530199c587
SHA1: 16df17192387805041b7d3a9437d28f6677f9fb8
SHA256: 53DAE019E759B6BA7BC64A3031CC6221A7ECBC05A835F28F7A4A3BD50F6645C4
File Size: 7.12 MB, 7122032 bytes
MD5: 07ab3f573357c7a725ed03507bef8e36
SHA1: b0fc9bf7df2508deca60bdecb73cd5665a0ba6d1
SHA256: D04F4095F99E7777045D978C45999B3FCB4A6999D5D6633A1DAC1CAED2F98CE6
File Size: 3.81 MB, 3809440 bytes
MD5: 655bb4e62fb9fc79e52988f0f0ec78bd
SHA1: e0a28f60f050b0f7a1f1b3cd12608ef4be2a661f
SHA256: 282C3FDC85B2565A69A758C95FA456A4759A038A5B6495B1D7132D5CAEFCC322
File Size: 3.81 MB, 3809512 bytes
MD5: ac68482114f69091e049fecb67ff34c7
SHA1: 572bf44e3909d6291419ccd659b7e187d814a798
SHA256: 237A1420EB56008FE85E59D8C0F3398112A89FEDE58121208D5FC119DA34C079
File Size: 2.89 MB, 2889880 bytes
MD5: 8359ace52373074b99e7938e26e9e2af
SHA1: b8155278f399e297824c740a8bbd57d519733c37
SHA256: DAD6D4FED39D4C57B0E752A8152B464DBF7C24181C30AA539C463E11C7014B21
File Size: 6.85 MB, 6850896 bytes
MD5: d02ffe52c208ee0fe7200167794ba165
SHA1: 1d72a9ce403135c953d49f8b7523d76e6fc1ead2
SHA256: BD63F1DD807A2C3D94A46426FE763C4A5A944F0DE5555EB35AE913493F39BB22
File Size: 1.98 MB, 1980512 bytes
MD5: ce8ab3fa7536e0db2af9138e004a0d64
SHA1: a8f17ebb65c75817350e8249733a8d4f93a19da9
SHA256: E8EC18EA374AE37C2C41A74DC731EF1BBC8B035ED509A3D042386DEA257F3B7D
File Size: 3.95 MB, 3947770 bytes
MD5: 3b6565226b8250057e84becc30688c96
SHA1: 4dc81289eb00800c56e716802ccd2d96c657dbde
SHA256: 63E8EA8C6F29138849DD6A8D43B0626C585A3723CF1FDF8014A70FCBB6C85E1B
File Size: 457.92 KB, 457920 bytes
MD5: f32d18dd7e87cd6b4272f2fb5212991c
SHA1: 2ce140a0c04091a43b5bcacbc4728a07613c5ed1
SHA256: E1B879C75159A2E8DF52E98761591AFD116A13C5329BF47E161E847C337B35A1
File Size: 1.57 MB, 1565016 bytes
MD5: f182e94e5a1f2e5cfac30d8a23476f23
SHA1: 46f9d256652984dc12d9301959f7bc8cf00818fe
SHA256: 6B99F0EBC200F297C1731C2785544D9BE5C916100C9F81D6FBC88024068983D2
File Size: 3.81 MB, 3809432 bytes
MD5: bd7bf18dd5362c4dcaf316a7adec674e
SHA1: 2c84a6c3b9286302e6608b682f0a76404e3e693d
SHA256: 7312B76EE1A8BD48BA5E08C581BFF045797307596309C9E0B5B821DA64C64993
File Size: 3.81 MB, 3809456 bytes
MD5: b5d3327748c0366e348c1df0915a8b98
SHA1: 9dc281741e92fd16d3ff27ce840ed7f749cdae28
SHA256: 6060C86E73DE3FDD20BB27EC77A5CB3FCC666CC7927B67C1A74E465FAF41DD00
File Size: 3.81 MB, 3809416 bytes
MD5: 856407ce1123498f57994f18643ae132
SHA1: fa34121ccdc2bfa64b8bcc4df843054ec59718f1
SHA256: 295858D72593FF6B670C29CE9E89808E43472503295B494E58458AE736FFA53C
File Size: 3.81 MB, 3809456 bytes
MD5: c6fa7191f5f53c866d2d65bf586a825f
SHA1: 6aff2b5b29a0c5c3373836f8717a4d47e3686da7
SHA256: B47E38265AC87C03CA0FDE45490433B59C860C8AEC11018F9A418283BEF38A78
File Size: 3.81 MB, 3809456 bytes
MD5: d2828724dee3251a9acdf39aa26879e9
SHA1: c2e6ae2291ec1ac19fc47ee2c127f8d2b02e2984
SHA256: 5696B2D1A08879D38FBB9CDE2C25C123E2AC8EE323AD5036E82FCA55A0CC48BA
File Size: 6.68 MB, 6681672 bytes
MD5: 2aa1debd98218f5b2b3344f8897b9a90
SHA1: 685aff90dbbf187b0e681ba661a0609cad65e1c0
SHA256: 409CAABF101D5B3DDA3DD6D6DF4DF473051DC6D3D6D32A38FAF0D7BC5D12ACAD
File Size: 6.66 MB, 6655536 bytes
MD5: a01343144e91ba5d8348af5dfef4845b
SHA1: 39862c59f5a877bda54876ec642be9da4f535f47
SHA256: B0CDF832D86566EFB773CBE16584E13B04190DD832D79E80B0E1BE70861BD59A
File Size: 3.85 MB, 3849576 bytes
MD5: a0e52acac11252f5306e8fc3a4698be3
SHA1: 1ff2d4bef767ffae5374121f079b5ee41927fba9
SHA256: 7E564B8FD01F678D7C8C8A1FF272605402639A95D2F7DE3A4E38131602118FD9
File Size: 3.81 MB, 3809528 bytes
MD5: 58d4527739314f5db1cb243c5ef91210
SHA1: fcd0ad3db5d7023186a351f8234a2ce3d549b588
SHA256: DF420175C9F93DB16549227659FF45D787AAD8AB63CAC85EBF7815717934959B
File Size: 4.58 MB, 4578816 bytes
MD5: 688999d9fc26cfce55215e362a5fd68c
SHA1: b065399919afaf11ef3b8aab14185aed3c22a552
SHA256: 6F0B1E0286C340AAFF69EA803E823AF8DAE717F7ED16E698BC44CCA9B95648F0
File Size: 6.69 MB, 6685080 bytes
MD5: d16949b0c3c2b8af337acd26d8871bdd
SHA1: 1b2d2e7477d954a979a64dd052b1a59879755e39
SHA256: A75B620C5EA18607531C02BBF49CE49056D65B283D94419B06607CFFD801CEDF
File Size: 6.69 MB, 6685928 bytes
MD5: 99fc27cbec810b431e57529a333c156c
SHA1: 4b1b47bdbf9218631442292d530e82572047012e
SHA256: 65E4A2AFDEFC6B54D07C580A9620DA771B9918A894833E8951FB8C1054BE3ADA
File Size: 2.29 MB, 2290888 bytes
MD5: 7b69a2f2b45e2319d195c67e27931ee1
SHA1: cd4c0d9c9ded3989bf00a527f0c4e21c105e84b1
SHA256: 60BD8129B8A7CDE895B23C5E165FA8F11D4EB04351E923828C7B485D73DB5B9B
File Size: 3.91 MB, 3911392 bytes
MD5: 0e18824b3bb76811e2183b2ea01791bb
SHA1: 6bb6e92ae0c868a93f22f6fd8d7de9a83ce5332f
SHA256: B7891C9BABFCDE83FE066AE370FC213220F4CFC396798FFF537D877024113F01
File Size: 3.81 MB, 3809528 bytes
MD5: 8ede708532f011dc3d2f5555aaef9766
SHA1: b4bf1630f6546f41e4e2eb3fd8829fed13ff103f
SHA256: 7328E105D199F5503AB0622A70CA2BE019EAFBF516512EB63883E062FA986997
File Size: 3.81 MB, 3809512 bytes
MD5: 24a9941e8a683d0d797859aa78564ea1
SHA1: d15e3e2dd9f87e9c619236049a83d4a0012f02a1
SHA256: 27009605B9E98D125A6F6B391584A216E2A078BB46F0B425BAB422ECBBD74127
File Size: 1.57 MB, 1574989 bytes
MD5: 307011512ecce564604a0c16c0e12ec5
SHA1: 0fd9928bdbc1aa9cb877e998f44580c2fb316ca0
SHA256: 0FB9DC808AD6E7C13BCE7E74CEC75FB3F972CCD4B78F4D0802591C8A03334D64
File Size: 1.58 MB, 1577672 bytes
MD5: 36e83666384bc61df9f027e59dfea77a
SHA1: a108faa31e2e06041f405904f352674d6eafa222
SHA256: 261835851DF3958CEF37329FC4E43FC67FB4C061D22B43E758753EC24F46C56B
File Size: 3.51 MB, 3508952 bytes
MD5: 3f3097ba7c743f555ab1ffa902b75710
SHA1: 210282dc1292b5603b0bcd4b067a2bd242f9f67a
SHA256: D38868278CA303888AAE5DDCB1EE97953D0092ADE5563D1264380D73D5BE5D09
File Size: 4.01 MB, 4011508 bytes
MD5: a758106ead5203388269bad62357538e
SHA1: cac7e6069ac6da80f196991908e6906a2b269e49
SHA256: 598943F15E2D5792C36C050E4082C7F8D156E6C3F94A9B8B75870CBF48788A8F
File Size: 3.95 MB, 3950816 bytes
MD5: 22d4848a11b30a880c114328e1b219bf
SHA1: e03ea94a428a2ebc89b4093b7116bc6b03a995a6
SHA256: E471DE1E538E48EB90A9C26DAF3FD0DC69501E5A14407A11499FC7BAC56BDF91
File Size: 1.57 MB, 1565024 bytes
MD5: 6a2b576a90af4e5d1c638a2cdc5cebac
SHA1: 400dec519718b3de036da4ff9196ebaf40a2ed4c
SHA256: B6E417C809B01CE80344AA06DCB7CD1D3C0BEAA2C375A02AB9B801B17F243803
File Size: 3.81 MB, 3809472 bytes
MD5: 9b2dc088a350adf3d28824785030520b
SHA1: 1889389040a197f84529442c3972a29deb67b9f0
SHA256: 1CEDE2CD53B47DAE57F1E1C991676C66E8CB8C522FE220411E000D8CFE77D1A3
File Size: 3.82 MB, 3824384 bytes
MD5: beb18c6ce389f87a6b2c6d9a8559e923
SHA1: d1fe7fd42bb25cf41ba60e16aefbb6ac58267b82
SHA256: 98B67D1FF5B91CFD91C64DDD45C2E45E1CA106C708A475C8EFB154E476E6C792
File Size: 3.81 MB, 3810536 bytes
MD5: 8459918320b0909df80be50b55d66ec7
SHA1: 18f9c9e944baa4e49da690b161d684561c2a462c
SHA256: E6D5F4F04896586C8B8115529E2FD25059FA81E9809FC7A0D04B484A4A4A60CA
File Size: 2.81 MB, 2812664 bytes
MD5: 5b873d4d068f20a3e20b0e22045d024f
SHA1: 15e84a4b05ceb8baebb4ae252b2361c6e83db3d6
SHA256: EEA30EC5D318A414988FA9075297827ED25A756A3637125DE7D5F1FB21CA2068
File Size: 351.80 KB, 351800 bytes
MD5: 3b167016b41c65bac32d94f017da10cc
SHA1: 55e33793c357b29e4b7e2885fa27cf0935bf2a26
SHA256: 0139FB2AE548625D80B15AC10F658FD19950228DF60A8B4D80D363B0C9739C9D
File Size: 2.19 MB, 2186968 bytes
MD5: a6795b4dcd68112d896c29855f5e63b3
SHA1: 285c43c0b170d9baa08c531143de2cebdad0d8e2
SHA256: 78A4CAB0E77E6784E4CF5D6A87E79E654BD0BF57D0A712FB208164A23A03DA69
File Size: 3.81 MB, 3809512 bytes
MD5: 73ece497a75296619a01cf2993d7f112
SHA1: 45eb8752e867fb0a8dc638c5d6522ac8b525d3f9
SHA256: 23235C5CDD733CEF4907A916B7B7028DB82860082F55A3AEA7B6962C87D22BE2
File Size: 3.81 MB, 3809448 bytes
MD5: 3162ffb1015c4fefb1fbdb3a5edb9371
SHA1: 8a6f159f5d3a6824cd2fc8e23b59770ef6e21e20
SHA256: 52C8FFAED30FDC09382A8CCA1F5E9AE5411E500827AC25F0D7D2A54F062E4DEB
File Size: 6.67 MB, 6672760 bytes
MD5: 49ca83ba887da0070af3c58b408439b6
SHA1: 874621f232cb94582b2b247ede87613447bda03c
SHA256: A721D1D4F3182AF5B7AD1F3CCBFD457DEE1214A9D6DC90696896C405E6664BB4
File Size: 3.81 MB, 3809512 bytes
MD5: 9179f2e06a9602c515277a8f4d63605a
SHA1: 53c2256b61cc42854f544cfe4653da3827a94496
SHA256: 284BC8C251CDD540189708C21C9D4E2327CC25209F67C55DD1C28D1513EBE37A
File Size: 3.81 MB, 3810504 bytes
MD5: f8a6c36af80a3d867b7cd98970dab49c
SHA1: dc856e251f2120a601cdccbed4b6254ebb4a00fb
SHA256: CFD2D17F873C858C2C3294A988E16A3C5887E6F2079FC66F29CAD97D8D17FF2E
File Size: 3.81 MB, 3809504 bytes
MD5: 5e7cb8beac7bc7ad54836a74d406f2ce
SHA1: 3f947411ae978d68176919e701425910fc5df187
SHA256: A7B2A15B79818860150F7D3353453903DF833EE475A82AA7374AD25D6BD88C1E
File Size: 2.00 MB, 1999328 bytes
MD5: 17145f6f4c6d884863cbb1669112c636
SHA1: 7c9a33779c7390402f75b303ea4a126cefde9dc6
SHA256: C459658B8B0339AA3D7CFC46B644E25FF5CCC5520C5B1808863E6B65DDC9B15A
File Size: 3.81 MB, 3809536 bytes
MD5: 1e2a0e7c7817e0232047963aa1a28e12
SHA1: a9e35d7bad65ce9f887047d6eb26760b2b61a100
SHA256: E0B1330328F2D7B24555E519D2C47D7BCDFCB256BA74FD4A5E07858E89DAD661
File Size: 3.81 MB, 3814072 bytes
MD5: 9cd5d1f70178479b8fc219672f3b488e
SHA1: 8cbf71df0b14bf64cae7f2dea49aa93a3e71b280
SHA256: EEAC8AE8A7E4BB9A69A708FB780F29B0534DFC8223A2065F67177A1D7355E954
File Size: 3.95 MB, 3947728 bytes
MD5: 1db1492b4302be0db9e15c318b00ce5a
SHA1: 12cb726519bd3b45d593d0f5b3358178143dba64
SHA256: FDBCF8C4E6DF50ECAE604D6D335B3F45544B337D32454DCA45ED0F816CF3F371
File Size: 2.89 MB, 2891432 bytes
MD5: 976d6eca0014ecedddd6a3ac69d83a5b
SHA1: 162e6b58c83ed1c9ca7df395c72d9832cc1b1944
SHA256: 3D0E85CD003C3B73D0F86AC0443AD7AC6668E15D8BBAA1467B8CA65F912810A9
File Size: 3.81 MB, 3810472 bytes
MD5: 3064b22479fe65e64292cfc8787175a9
SHA1: 5dabe6256430e4be7ba0b62ffadad16093985e30
SHA256: 3205ADBAD768BAD337F2545B0652360F8DE24BFBCF71DB5AEBF4EED0B20D6537
File Size: 473.89 KB, 473888 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has exports table
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
Show More
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Comments Modified by an unpaid evaluation copy of Resource Tuner 2. http://www.heaventools.com
Company Name
  • CRACK BY RETRIX
  • Tencent
File Description
  • SS CRACK RETRIX
  • Tencent Game Downloader
  • TGBDownloader
  • Uptodown GameLoop Downloader
  • 腾讯QQ
  • 腾讯电脑管家在线安装程序
File Version
  • 9.0.4.23777
  • 9.0.1.23130
  • 8.7.19075.0
  • 7.2.14799.0
  • 2.0.6.27
  • 1.1.1.1
  • 1.00
  • 1, 0, 0, 1
Internal Name
  • TGBDownloader.exe
  • TJprojMain
Legal Copyright
  • Copyright (C) 1998 - 2018 Tencent. All Rights Reserved.
  • Copyright (C) 1999-2015 Tencent. All Rights Reserved
  • Copyright (C) 1999-2016 Tencent. All Rights Reserved
  • Copyright (C) 1999-2018 Tencent. All Rights Reserved
  • Copyright ? 2020 Tencent. All Rights Reserved.
Original Filename
  • TGBDownloader.exe
  • TJprojMain.exe
Product Name
  • Project1
  • SS CRACK RETRIX
  • Tencent Game Downloader
  • TGBDownloader
  • Uptodown GameLoop Downloader
  • 腾讯QQ
  • 腾讯电脑管家
Product Version
  • 9.0.4.23777
  • 9.0.1.23130
  • 8.7.19075.0
  • 7.2.14799.0
  • 2.0.6.27
  • 1.00
  • 1.0.0.0
  • 1, 0, 0, 1

Digital Signatures

Signer Root Status
Tencent Technology(Shenzhen) Company Limited DigiCert Assured ID Code Signing CA-1 Hash Mismatch
Tencent Technology(Shenzhen) Company Limited DigiCert Assured ID Code Signing CA-1 Self Signed
Tencent Technology(Shenzhen) Company Limited DigiCert SHA2 Assured ID Code Signing CA Hash Mismatch
Tencent Technology(Shenzhen) Company Limited DigiCert SHA2 Assured ID Code Signing CA Self Signed
Tencent Technology (Shenzhen) Company Limited DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1 Self Signed
Show More
Tencent Technology(Shenzhen) Company Limited Symantec Class 3 SHA256 Code Signing CA Self Signed
Tencent Technology(Shenzhen) Company Limited VeriSign Class 3 Code Signing 2010 CA Self Signed
Tencent Technology(Shenzhen) Company Limited VeriSign Class 3 Public Primary Certification Authority - G5 Root Not Trusted

File Traits

  • dll
  • HighEntropy
  • imgui
  • Installer Manifest
  • No Version Info
  • x86

Block Information

Total Blocks: 1,648
Potentially Malicious Blocks: 48
Whitelisted Blocks: 1,108
Unknown Blocks: 492

Visual Map

0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 x x 0 x 0 0 0 0 x 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x 0 x 0 x 0 0 0 0 x x x x ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 ? ? ? ? ? ? 0 ? x ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? ? ? 0 ? ? ? 0 0 ? ? ? 0 0 ? ? ? ? ? 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 ? ? ? ? ? 0 ? ? ? ? ? 0 ? ? 0 0 ? 0 ? ? ? ? ? ? ? x ? ? 0 ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 0 0 0 0 ? 0 ? ? ? ? ? ? ? ? ? ? 0 x x ? ? 0 ? 0 0 0 ? ? 0 ? ? ? ? 0 ? ? ? ? ? ? ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 ? x ? x x x x x 0 0 ? ? ? ? ? ? ? ? ? ? ? 0 0 0 0 0 0 0 ? 0 ? ? 0 0 0 ? ? 0 0 ? ? x ? 0 ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x x x ? 0 ? ? 0 ? ? 0 ? ? ? ? 0 ? ? ? ? ? 0 0 0 0 0 0 0 ? ? ? ? 0 ? ? ? ? ? 0 ? ? 0 ? ? x ? ? 0 ? ? ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? 0 0 0 ? ? ? ? ? ? 0 ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 ? 0 x 0 ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? 0 0 x ? ? 0 ? ? ? ? ? 0 0 ? 0 ? ? 0 0 ? ? ? ? 0 ? ? ? ? 0 ? x x ? ? ? ? ? ? 0 0 0 0 0 0 0 0 ? ? ? 0 ? ? ? ? 0 0 0 0 0 0 0 0 0 ? ? x ? ? 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? 0 0 ? ? 0 ? 0 ? 0 0 ? 0 ? ? 0 0 0 0 0 0 ? 0 ? ? ? ? ? ? 0 0 ? 0 ? ? ? 0 0 ? ? ? ? 0 ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? x ? ? x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? 0 0 0 ? ? ? ? ? 0 ? 0 0 ? ? ? ? ? 0 ? ? 0 ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? ? ? ? ? x 0 ? ? 0 0 ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? 0 0 ? 0 ? ? ? ? ? ? ? 0 ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 1 1 ? 0 0 0 0 ? ? 0 ? ? ? ? ? ? 0 ? ? 0 ? 0 ? ? ? ? ? ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 0 1 ? ? ? 0 ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? 0 ? ? ? ? ? ? ? ? ? x 0 x x 0 0 0 0 0 0 ? ? ? ? ? ? 0 0 ? 0 ? ? ? ? ? ? 0 ? ? x ? ? ? 0 ? 0 2 2 ? ? ? ? ? ? ? ? 0 ? 0 0 ? ? 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? 0 ? 0 0 0 0 0 0 1 2 2 0 0 1 0 0 0 0 1 0 0 1 1 0 0 0 0 0 2 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 1 0 0 0 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 1 1 0 0 1 1 2 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 1 1 0 0 1 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 3 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 1 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 2 2 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 1 1 0 0 0 0 0 1 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • CryptBot.B
  • QQPC.A
  • TrickBooster.A

Files Modified

File Attributes
\device\harddisk0\dr0 Generic Read,Write Data,Write Attributes,Write extended,Append data
\device\namedpipe\gmdasllogger Generic Write,Read Attributes
c: Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\beacon_sdk64.dll Generic Write,Read Attributes
c:\bugreport64.exe Generic Write,Read Attributes
c:\com.qq.qqpcmgr.json Generic Write,Read Attributes
c:\dbgeng.dll Generic Write,Read Attributes
c:\dbghelp.dll Generic Write,Read Attributes
c:\dr64.dll Generic Write,Read Attributes
c:\extension.crx Generic Write,Read Attributes
Show More
c:\extensionagent.exe Generic Write,Read Attributes
c:\image\bg.svg Generic Write,Read Attributes
c:\image\circle.svg Generic Write,Read Attributes
c:\image\disconnect.png Generic Write,Read Attributes
c:\image\error_close.png Generic Write,Read Attributes
c:\image\error_minisize.png Generic Write,Read Attributes
c:\image\gj_icon.png Generic Write,Read Attributes
c:\image\icon_warn.png Generic Write,Read Attributes
c:\image\net_err-m.png Generic Write,Read Attributes
c:\images\smbweb.ico Generic Write,Read Attributes
c:\installfilterrules.etf Generic Write,Read Attributes
c:\packetblockpage.exe Generic Write,Read Attributes
c:\packetblockpage.rdb Generic Write,Read Attributes
c:\packetblockpage.tpc Generic Write,Read Attributes
c:\plugins\qmnetmon\beacon_sdk64.dll Generic Write,Read Attributes
c:\plugins\systemaidbox\bugreport64.exe Generic Write,Read Attributes
c:\plugins\systemaidbox\qmnetworkmgr64.dll Generic Write,Read Attributes
c:\programdata\synaptics Synchronize,Write Attributes
c:\programdata\synaptics\rcx9bc.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\synaptics\synaptics.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\programdata\synaptics\synaptics.exe Synchronize,Write Attributes
c:\programdata\synaptics\synaptics.exe Synchronize,Write Data
c:\programdata\tencent\deskupdate\globalmgr.db Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\tencent\deskupdate\globalmgr.db Generic Write,Read Attributes
c:\programdata\tencent\deskupdate\guid.db Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\tencent\deskupdate\guidinfo.db Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\tencent\deskupdate\guidlist.db Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\tencent\deskupdate\guidreport.dat Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\tencent\deskupdate\hdd.db Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\qmchromeext.exe Generic Write,Read Attributes
c:\qmextinstaller.dll Generic Write,Read Attributes
c:\qmmemscanner.exe Generic Write,Read Attributes
c:\qmmemscanner64.exe Generic Write,Read Attributes
c:\qmnetworkmgr64.dll Generic Write,Read Attributes
c:\qmupdate\beacon_sdk64.dll Generic Write,Read Attributes
c:\qqpcdownload1975.exe Generic Write,Read Attributes
c:\qqpchwvediodetect.dll Generic Write,Read Attributes
c:\qt64\beacon_sdk64.dll Generic Write,Read Attributes
c:\qt64\dr64.dll Generic Write,Read Attributes
c:\softmgr\beacon_sdk64.dll Generic Write,Read Attributes
c:\softmgr\data\autoinstall.etf Generic Write,Read Attributes
c:\softmgr\data\pinyin.lis Generic Write,Read Attributes
c:\softmgr\data\polyphone.dat Generic Write,Read Attributes
c:\softmgr\data\speech.dat Generic Write,Read Attributes
c:\softmgr\data\support.etf Generic Write,Read Attributes
c:\test.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\tpk\1.0.0.1\def\version.ini Generic Write,Read Attributes
c:\tpk\2.0.13771.702\def\version.ini Generic Write,Read Attributes
c:\users\user\appdata\local\temp\0816f47c4321d567fba219e5a8654e4c737cbf77_0006673056 Synchronize,Write Attributes
c:\users\user\appdata\local\temp\16df17192387805041b7d3a9437d28f6677f9fb8_0007122032 Synchronize,Write Attributes
c:\users\user\appdata\local\temp\1b2d2e7477d954a979a64dd052b1a59879755e39_0006685928 Synchronize,Write Attributes
c:\users\user\appdata\local\temp\304bed6d5907bbbb1742293074ab36275d283f1a_0006673800 Synchronize,Write Attributes
c:\users\user\appdata\local\temp\313eeb48efec056d2e3f59c091f0594a95cb82d3_0006676672 Synchronize,Write Attributes
c:\users\user\appdata\local\temp\685aff90dbbf187b0e681ba661a0609cad65e1c0_0006655536 Synchronize,Write Attributes
c:\users\user\appdata\local\temp\6baa5d5c08abb985f4b52a1a3bf870f81541b9fc_0006850984 Synchronize,Write Attributes
c:\users\user\appdata\local\temp\8a6f159f5d3a6824cd2fc8e23b59770ef6e21e20_0006672760 Synchronize,Write Attributes
c:\users\user\appdata\local\temp\a850.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\b065399919afaf11ef3b8aab14185aed3c22a552_0006685080 Synchronize,Write Attributes
c:\users\user\appdata\local\temp\b8155278f399e297824c740a8bbd57d519733c37_0006850896 Synchronize,Write Attributes
c:\users\user\appdata\local\temp\bb37.tmp Generic Write,Read Attributes
c:\users\user\appdata\local\temp\c2e6ae2291ec1ac19fc47ee2c127f8d2b02e2984_0006681672 Synchronize,Write Attributes
c:\users\user\appdata\local\temp\gamedownloadlog\2efd7794bce308f755642c284141c75c9755aa08_0003809456_20250707_191950.log Generic Write,Read Attributes
c:\users\user\appdata\local\temp\gamedownloadlog\7fca4a781252c3ac3504856d36c0d40d693c5337_0003809456_20250708_135456.log Generic Write,Read Attributes
c:\users\user\appdata\local\temp\gamedownloadlog\802b956ea540eef4e00955ca9c0e434344bd29c4_0003811944_20250719_194610.log Generic Write,Read Attributes
c:\users\user\appdata\local\temp\gamedownloadlog\802e816a9d9207a8c7f46999cea32b82c4fec357_0003809432_20250715_092146.log Generic Write,Read Attributes
c:\users\user\appdata\local\temp\gamedownloadlog\aad5618c8931681533cf21702b540ebb0a45dc38_0002890512_20250718_003210.log Generic Write,Read Attributes
c:\users\user\appdata\local\temp\gamedownloadlog\f76c4242fd8da7196ea1f547984f735da90dc835_0001565040_20250722_231011.log Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsda96b.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsed96.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsfd82d.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsff4ec.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsff4ec.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsff4ec.tmp\system.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsge2d6.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nshdc27.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsi8a8e.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsj14f.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nsj150.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsj150.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsj150.tmp\system.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nskd84d.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nskd84d.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nskd84d.tmp\system.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsm306b.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsm306b.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsm306b.tmp\system.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nspc3e.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nspc3e.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nspc3e.tmp\system.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsqf4dc.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nssa97b.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nssa97b.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nssa97b.tmp\system.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nst1b17.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nst1b27.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nst1b27.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nst1b27.tmp\system.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsud97.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsud97.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsud97.tmp\system.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsw305a.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\nswdc37.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nswdc37.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nswdc37.tmp\system.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nswe2e7.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nswe2e7.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nswe2e7.tmp\system.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsx8a9e.tmp Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nsx8a9e.tmp\system.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsx8a9e.tmp\system.dll Synchronize,Write Attributes
c:\users\user\appdata\local\temp\nszc3d.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete
c:\users\user\appdata\local\temp\po5bqaw.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\tencentdownload\~20b7fa\beacon_sdk.dll Generic Read,Generic Execute,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 786496
c:\users\user\appdata\local\temp\tencentdownload\~20b7fa\qqpcdownload.dll Generic Read,Generic Execute,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 786496
c:\users\user\appdata\local\temp\tencentdownload\~20b7fa\setup.xml Generic Read,Generic Execute,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 786496
c:\users\user\appdata\local\temp\tencentdownload\~2ca66b\qqpcdownload.dll Generic Read,Generic Execute,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 786496
c:\users\user\appdata\local\temp\tencentdownload\~2ca66b\setup.xml Generic Read,Generic Execute,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 786496
c:\users\user\appdata\local\tencent\txgameassistant\tgbdownloader\dr.dll Generic Read,Generic Execute,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 786496
c:\users\user\appdata\roaming\tencent\beacon\bc_0win0dj6vl4uy2kw_09.db Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\tencent\beacon\bc_0win0dj6vl4uy2kw_09.db-journal Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\tencent\beacon\bc_0win0dj6vl4uy2kw_09.db-shm Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\tencent\beacon\bc_0win0dj6vl4uy2kw_09.db-wal Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\tencent\deskupdate\globalmgr.db Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\tencent\deskupdate\globalmgr.db Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\roaming\tencent\logs\15e84a4b05ceb8baebb4ae252b2361c6e83db3d6_0000351800.tlg Generic Write,Read Attributes
c:\users\user\appdata\roaming\tencent\logs\4dc81289eb00800c56e716802ccd2d96c657dbde_0000457920.tlg Generic Write,Read Attributes
c:\users\user\appdata\roaming\tencent\logs\5dabe6256430e4be7ba0b62ffadad16093985e30_0000473888.tlg Generic Write,Read Attributes
c:\users\user\appdata\roaming\tencent\logs\c3309a37cd4c086feb562eab424aa90e978c3de0_0000474872.tlg Generic Write,Read Attributes
c:\users\user\appdata\roaming\tencent\mobilegamepc\appmarket3\bc_003008ou5r3b9nuu_05.db Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\tencent\mobilegamepc\appmarket3\bc_003008ou5r3b9nuu_0e.db Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\tencent\qmdownload\downloaderrlogfile.log Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\tencent\qqpcmgr\download\version Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\roaming\tencent\qqpcmgr\download\version Generic Write,Read Attributes
c:\users\user\appdata\roaming\winsl Synchronize,Write Attributes
c:\users\user\appdata\roaming\winsl\l12\20\2025 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\._cache_fcd0ad3db5d7023186a351f8234a2ce3d549b588_0004578816 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\._cache_fcd0ad3db5d7023186a351f8234a2ce3d549b588_0004578816 Synchronize,Write Attributes

Registry Modifications

Key::Value Data API Name
HKCU\software\tencent\mobilegamepc\beacon::last_sid_2efd7794bce308f755642c284141c75c9755aa08_0003809456.exe 98E083AA-B386-4674-8D7E-CC7ACA6CD9D2 RegNtPreCreateKey
HKCU\software\tencent\mobilegamepc::temppath C:\Temp\TxGameDownload\Component\ RegNtPreCreateKey
HKCU\software\tencent\mobilegamepc::userlanguage en RegNtPreCreateKey
HKCU\software\tencent\mobilegamepc\beacon::last_sid_7fca4a781252c3ac3504856d36c0d40d693c5337_0003809456.exe F50CCB24-5B61-4097-9B71-360345483119 RegNtPreCreateKey
HKCU\software\tencent\mobilegamepc\beacon::last_sid_802e816a9d9207a8c7f46999cea32b82c4fec357_0003809432.exe 5B467E24-3154-4E95-B825-1B4FAAAD6407 RegNtPreCreateKey
HKCU\software\tencent\mobilegamepc\beacon::last_sid_aad5618c8931681533cf21702b540ebb0a45dc38_0002890512.exe E270994D-86E9-4209-9AFE-2EA6EE09694C RegNtPreCreateKey
HKLM\software\wow6432node\tencent\mobilegamepc::supplyid Ἆ㮞 RegNtPreCreateKey
HKCU\software\tencent\mobilegamepc::keyword RegNtPreCreateKey
HKCU\software\tencent\mobilegamepc\beacon::last_sid_802b956ea540eef4e00955ca9c0e434344bd29c4_0003811944.exe 8CA398C2-0213-46EE-94E5-B94C90CF26BF RegNtPreCreateKey
HKCU\software\tencent\todaydo::runtaskqq RegNtPreCreateKey
Show More
HKLM\software\wow6432node\tencent\mobilegamepc::supplyid ฀㖨 RegNtPreCreateKey
HKCU\software\tencent\mobilegamepc::keyword a1518 RegNtPreCreateKey
HKLM\software\wow6432node\tencent\qqpcmgrapps\qmdynamicpackage::install RegNtPreCreateKey
HKLM\software\wow6432node\tencent\qqpcmgrapps\qmdynamicpackage::version 1.0.0 RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Rutahkxx\AppData\Local\Temp\nsuD97.tmp\ RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Monrjhev\AppData\Local\Temp\nsm306B.tmp\ RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Fqnronmn\AppData\Local\Temp\nsfF4EC.tmp\ RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Ywudlesz\AppData\Local\Temp\nskD84D.tmp\ RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Zsvcayex\AppData\Local\Temp\nsx8A9E.tmp\ RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Users\Zazlxybk\AppData\Local\Temp\nswE2E7.tmp\ RegNtPreCreateKey
HKCU\software\tencent\todaydo::runtaskqq Ɠĵ RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.205.9\??\C:\Windows\SystemTemp\b1a39cca-eadf-4949-a384-a0ef6a3b3fd2.tmp\ RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations \??\C:\Windows\SystemTemp\77e37ce0-8214-4414-aced-551c5ae204d7.tmp\??\C:\Windows\SystemTemp\e28eadcf-6ab0-4d8c-8821-7ce9a6aba1 RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer::slowcontextmenuentries RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\run::ss crack retrix C:\ProgramData\Synaptics\Synaptics.exe RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations *1\??\C:\Windows\SystemTemp\MicrosoftEdgeUpdate.exe.old122e4*1\??\C:\Windows\SystemTemp\CopilotUpdate.exe.old12352*1\??\C:\P RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations *1\??\C:\Windows\SystemTemp\MicrosoftEdgeUpdate.exe.old5af52*1\??\C:\Windows\SystemTemp\CopilotUpdate.exe.old5af62*1\??\C:\P RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKCU\software\tencent\todaydo::runtaskqq ♆ĵ RegNtPreCreateKey

Windows API Usage

Category API
Network Winsock2
  • WSAStartup
  • WSAttemptAutodialName
Network Info Queried
  • GetAdaptersInfo
Encryption Used
  • BCryptOpenAlgorithmProvider
  • CryptAcquireContext
Network Winsock
  • bind
  • closesocket
  • connect
  • gethostbyname
  • getsockname
  • inet_addr
  • recv
  • send
  • setsockopt
  • socket
User Data Access
  • GetUserDefaultLocaleName
  • GetUserObjectInformation
Network Winhttp
  • WinHttpConnect
  • WinHttpOpen
  • WinHttpOpenRequest
  • WinHttpQueryHeaders
  • WinHttpReceiveResponse
  • WinHttpSendRequest
Keyboard Access
  • GetKeyState
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
Syscall Use
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtClose
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtProtectVirtualMemory
Show More
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationFile
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtWriteVirtualMemory
  • win32u.dll!NtUserGetKeyboardLayout
  • win32u.dll!NtUserGetThreadState
Process Shell Execute
  • CreateProcess
  • ShellExecuteEx
Other Suspicious
  • SetWindowsHookEx
Service Control
  • OpenSCManager
Process Manipulation Evasion
  • NtUnmapViewOfSection
  • ReadProcessMemory
Network Wininet
  • HttpQueryInfo
  • InternetOpen
  • InternetOpenUrl
  • InternetReadFile

Shell Command Execution

C:\WINDOWS\SysWOW64\rundll32.exe C:\WINDOWS\system32\rundll32.exe c:\users\user\downloads\1d72a9ce403135c953d49f8b7523d76e6fc1ead2_0001980512.,LiQMAxHB
runas c:\users\user\downloads\._cache_fcd0ad3db5d7023186a351f8234a2ce3d549b588_0004578816
runas C:\ProgramData\Synaptics\Synaptics.exe InjUpdate

Related Posts

Trending

Most Viewed

Loading...