恶意软件分析 & URL链接扫描免费在线病毒分析平台

分析任务

分析类型	虚拟机标签	开始时间	结束时间	持续时间
文件 (Windows)	win7-sp1-x64-hpdapp01-2	2017-09-05 03:07:55	2017-09-05 03:10:36	161 秒

魔盾分数

3.9

可疑的

文件详细信息

文件名	ff4789ccddab2b33e33ee330f920a29d.exe
文件大小	865472 字节
文件类型	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	ff4789ccddab2b33e33ee330f920a29d
SHA1	e76504aaac02d9e6800b734fa312fcf90e81b361
SHA256	f5eace3dd0e65a077a4e9a6adadee8d1268c8885e5b42260d0389c5689435f8d
SHA512	5badc200e899e1ec1f79ebc42a432b238287049d923c60735aaf4a3e888baabc150b2757c820a0e457abb535325838f3fff7e37cc74aeb7199a3618a6337bfac
CRC32	AC666FB6
Ssdeep	12288:GTavgsU2/tVrxrsP+C5jdhcn5yfxQD9pJJjKLGqENTpmJwFXsjU:GTavgsnxYPLP+t9pJJWWNTAJwFcjU
Yara	登录查看Yara规则
	样本下载提交漏报

登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

直接	IP	安全评级	地理位置
否	183.36.108.223	中国

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
masterconn11.qq.com	A 183.36.108.223

摘要

登录查看详细行为信息

没有信息显示.

.text
`.rdata
@.data
.rsrc
D$(xsC
D$PltC
D$$t=j
\$4tAj
l$ tAj
t$<Vj
D$,xsC
D$4Pj
D$4Pj
D$8xsC
D$8xsC
D$(xsC
L$<Qj
L$$Wj
L$ Wj
L$DQh
D$xPh
L$ Uj
L$$Uj
L$,s^j
D$4Pj
D$8xsC
@PVht9B
WVht9B
;5D D
tcf=/
QW@Ph
;5D D
Yh<sC
9=X D
FFf=-
;5X D
SVWUj
string too long
invalid string position
Unknown exception
LC_TIME
LC_NUMERIC
LC_MONETARY
LC_CTYPE
LC_COLLATE
LC_ALL
bad exception
.mixcrt
EncodePointer
KERNEL32.DLL
DecodePointer
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
CorExitProcess
mscoree.dll
UTF-8
UTF-16LE
UNICODE
runtime error 
Microsoft Visual C++ Runtime Library
<program name unknown>
Program: 
(null)
`h````
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
April
March
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
united-states
united-kingdom
trinidad & tobago
south-korea
south-africa
south korea
south africa
slovak
puerto-rico
pr-china
pr china
new-zealand
hong-kong
holland
great britain
england
czech
china
britain
america
swiss
swedish-finland
spanish-venezuela
spanish-uruguay
spanish-puerto rico
spanish-peru
spanish-paraguay
spanish-panama
spanish-nicaragua
spanish-modern
spanish-mexican
spanish-honduras
spanish-guatemala
spanish-el salvador
spanish-ecuador
spanish-dominican republic
spanish-costa rica
spanish-colombia
spanish-chile
spanish-bolivia
spanish-argentina
portuguese-brazilian
norwegian-nynorsk
norwegian-bokmal
norwegian
italian-swiss
irish-english
german-swiss
german-luxembourg
german-lichtenstein
german-austrian
french-swiss
french-luxembourg
french-canadian
french-belgian
english-usa
english-us
english-uk
english-trinidad y tobago
english-south africa
english-nz
english-jamaica
english-ire
english-caribbean
english-can
english-belize
english-aus
english-american
dutch-belgian
chinese-traditional
chinese-singapore
chinese-simplified
chinese-hongkong
chinese
canadian
belgian
australian
american-english
american english
american
Norwegian-Nynorsk
InitializeCriticalSectionAndSpinCount
kernel32.dll
 Complete Object Locator'
 Class Hierarchy Descriptor'
 Base Class Array'
 Base Class Descriptor at (
 Type Descriptor'
`local static thread guard'
`managed vector copy constructor iterator'
`vector vbase copy constructor iterator'
`vector copy constructor iterator'
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector vbase copy constructor iterator'
`eh vector copy constructor iterator'
`managed vector destructor iterator'
`managed vector constructor iterator'
`placement delete[] closure'
`placement delete closure'
`omni callsig'
 delete[]
 new[]
`local vftable constructor closure'
`local vftable'
`RTTI
`udt returning'
`copy constructor closure'
`eh vector vbase constructor iterator'
`eh vector destructor iterator'
`eh vector constructor iterator'
`virtual displacement map'
`vector vbase constructor iterator'
`vector destructor iterator'
`vector constructor iterator'
`scalar deleting destructor'
`default constructor closure'
`vector deleting destructor'
`vbase destructor'
`string'
`local static guard'
`typeof'
`vcall'
`vbtable'
`vftable'
operator
 delete
__unaligned
__restrict
__ptr64
__clrcall
__fastcall
__thiscall
__stdcall
__pascal
__cdecl
__based(
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
USER32.DLL
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
e+000
GAIsProcessorFeaturePresent
KERNEL32
CONOUT$
1#QNAN
1#INF
1#IND
1#SNAN
RtlGetVersion
vector<T> too long
Log.cfg
masterconn11.qq.com
bad allocation
GetNativeSystemInfo
list<T> too long
bad locale name
false
ios_base::badbit set
ios_base::failbit set
ios_base::eofbit set
bad cast
!3f@&d8F-j*n95ep
nettest.exe
qqpctray.exe
d3r.ini
domain_name_
d2r.ini
%s = 
dr_padcket.dat
%ALLUSERSPROFILE%\Application Data\Tencent\QQP3C4Mgr\
113.105.95.120
125.39.120.82
thread exception 
map/set<T> too long
invalid map/set<T> iterator
iphlpapi.dll
GetAdaptersInfo
System\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}
%s\Connection
MediaSubType
PnpInstanceID
SCSIDISK
raB3GH
D:\jenkins_Trunk\workspace\GameAssitant\qqpcmgr_proj\GameAssitant\Output\BinFinal\ExternalCooperation\GameAssistant\QQGameExpandHelper.pdb
FindResourceW
CreateToolhelp32Snapshot
Process32FirstW
WaitForSingleObject
GetLastError
Process32NextW
GetTickCount
GetModuleFileNameW
DeleteFileW
GetModuleFileNameA
MoveFileExW
SizeofResource
GetProcAddress
CreateProcessW
LockResource
GetModuleHandleW
LoadResource
ProcessIdToSessionId
GetCurrentProcess
EnterCriticalSection
OutputDebugStringW
CreateFileW
GetFileSizeEx
GetCurrentThreadId
CloseHandle
LeaveCriticalSection
GetVersionExW
OpenProcess
SetUnhandledExceptionFilter
Sleep
GetCurrentProcessId
WriteFile
GetSystemInfo
GetSystemDefaultLangID
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
InterlockedCompareExchange
InterlockedExchange
InterlockedIncrement
CopyFileW
GetFileSize
ReadFile
FindFirstFileW
FindClose
CreateEventW
ResetEvent
SetEvent
IsBadReadPtr
CreateFileA
SetFilePointer
SetEndOfFile
ExpandEnvironmentStringsA
GetSystemDirectoryA
LoadLibraryA
FreeLibrary
MultiByteToWideChar
DeviceIoControl
KERNEL32.dll
USER32.dll
CreateProcessAsUserW
LookupPrivilegeValueW
DuplicateTokenEx
OpenProcessToken
GetTokenInformation
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
ADVAPI32.dll
SHGetSpecialFolderPathW
SHELL32.dll
CoInitialize
CoCreateGuid
CoUninitialize
ole32.dll
PathRemoveFileSpecW
PathAppendW
PathFileExistsW
PathAppendA
SHLWAPI.dll
CreateEnvironmentBlock
USERENV.dll
WS2_32.dll
NetWkstaTransportEnum
NetApiBufferFree
Netbios
NETAPI32.dll
WideCharToMultiByte
RaiseException
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
CreateDirectoryW
ExitThread
CreateThread
RtlUnwind
LCMapStringA
LCMapStringW
GetCPInfo
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetACP
GetOEMCP
IsValidCodePage
VirtualFree
VirtualAlloc
HeapCreate
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
QueryPerformanceCounter
GetFullPathNameW
GetCurrentDirectoryA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
SetStdHandle
GetLocaleInfoW
GetTimeZoneInformation
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetDriveTypeA
CompareStringA
CompareStringW
SetEnvironmentVariableA
UnregisterClassA
QQGameExpandHelper.exe
_CreateIReportClient@12
_GetGuid@4
_Init@4
_ReleaseIReportClient@4
_UnInit@4
.?AV_Locimp@locale@std@@
Copyright (c) 1992-2004 by P.J. Plauger, licensed by Dinkumware, Ltd. ALL RIGHTS RESERVED.
.?AVtype_info@@
.?AVbad_exception@std@@
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AVexception@std@@
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVbad_alloc@std@@
.?AVCResourceFile@@
.?AV?$CSingleton@VCReportManager@QMReportMgr@@@utils@@
.?AVCReportManager@QMReportMgr@@
.?AVReportClientImpl@ClientDataReport@@
.?AVIReportClient@ClientDataReport@@
.?AV?$scoped_lock@Vcritical_section@lock@fund@@@lock@fund@@
.?AVcritical_section@lock@fund@@
.?AVnoncopyable@fund@@
.?AVCSeqIDGenerator@@
.?AV?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@
.?AV?$numpunct@D@std@@
.?AV?$ctype@D@std@@
.?AUctype_base@std@@
.?AVfacet@locale@std@@
.?AV?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@
.?AV?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@
.?AV?$basic_ostream@DU?$char_traits@D@std@@@std@@
.?AV?$basic_streambuf@DU?$char_traits@D@std@@@std@@
.?AV?$basic_ios@DU?$char_traits@D@std@@@std@@
.?AV?$_Iosb@H@std@@
.?AVios_base@std@@
.?AVruntime_error@std@@
.?AVfailure@ios_base@std@@
.?AVbad_cast@std@@
.?AV?$Thread@U?$BindMember0@VTransportMgr@DataTransport@@P812@AEXPAX@Z@fund@@@fund@@
.?AVout_of_range@std@@
.?AV?$codecvt@DDH@std@@
.?AVcodecvt_base@std@@
.?AV?$basic_ifstream@DU?$char_traits@D@std@@@std@@
.?AV?$basic_filebuf@DU?$char_traits@D@std@@@std@@
.?AV?$basic_istream@DU?$char_traits@D@std@@@std@@
.text
`.rdata
@.data
.rsrc
@.reloc
9] u7h
D$,Pj
T$HRj
L$HQj
T$Dh 
T$ QRj
D$$SUj
D$TUWj
T$XSUj
T$Ph 
PQRSUj
T$Ph 
D$PWUj
D$4Pj
D$4Pj
D$$t=j
\$4tAj
l$ tAj
t$<Vj
|$@ soj
D$4Pj
L$<Qj
L$$Wj
L$ Wj
L$DQh
D$xPh
L$ Uj
L$$Uj
L$@Qh
L$,Qh
j`hx-F
tcf=/
QW@Ph
jTh@3F
FFf=-
YYt"h
SVWUj
j,hh5F
string too long
invalid string position
Unknown exception
CorExitProcess
mscoree.dll
Access violation - no RTTI data!
Bad dynamic_cast!
bad exception
LC_TIME
LC_NUMERIC
LC_MONETARY
LC_CTYPE
LC_COLLATE
LC_ALL
.mixcrt
EncodePointer
KERNEL32.DLL
DecodePointer
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
runtime error 
Microsoft Visual C++ Runtime Library
<program name unknown>
Program: 
InitializeCriticalSectionAndSpinCount
kernel32.dll
floor
exp10
log10
UTF-8
UTF-16LE
UNICODE
(null)
`h````
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
April
March
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
united-states
united-kingdom
trinidad & tobago
south-korea
south-africa
south korea
south africa
slovak
puerto-rico
pr-china
pr china
new-zealand
hong-kong
holland
great britain
england
czech
china
britain
america
swiss
swedish-finland
spanish-venezuela
spanish-uruguay
spanish-puerto rico
spanish-peru
spanish-paraguay
spanish-panama
spanish-nicaragua
spanish-modern
spanish-mexican
spanish-honduras
spanish-guatemala
spanish-el salvador
spanish-ecuador
spanish-dominican republic
spanish-costa rica
spanish-colombia
spanish-chile
spanish-bolivia
spanish-argentina
portuguese-brazilian
norwegian-nynorsk
norwegian-bokmal
norwegian
italian-swiss
irish-english
german-swiss
german-luxembourg
german-lichtenstein
german-austrian
french-swiss
french-luxembourg
french-canadian
french-belgian
english-usa
english-us
english-uk
english-trinidad y tobago
english-south africa
english-nz
english-jamaica
english-ire
english-caribbean
english-can
english-belize
english-aus
english-american
dutch-belgian
chinese-traditional
chinese-singapore
chinese-simplified
chinese-hongkong
chinese
canadian
belgian
australian
american-english
american english
american
Norwegian-Nynorsk
 Complete Object Locator'
 Class Hierarchy Descriptor'
 Base Class Array'
 Base Class Descriptor at (
 Type Descriptor'
`local static thread guard'
`managed vector copy constructor iterator'
`vector vbase copy constructor iterator'
`vector copy constructor iterator'
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector vbase copy constructor iterator'
`eh vector copy constructor iterator'
`managed vector destructor iterator'
`managed vector constructor iterator'
`placement delete[] closure'
`placement delete closure'
`omni callsig'
 delete[]
 new[]
`local vftable constructor closure'
`local vftable'
`RTTI
`udt returning'
`copy constructor closure'
`eh vector vbase constructor iterator'
`eh vector destructor iterator'
`eh vector constructor iterator'
`virtual displacement map'
`vector vbase constructor iterator'
`vector destructor iterator'
`vector constructor iterator'
`scalar deleting destructor'
`default constructor closure'
`vector deleting destructor'
`vbase destructor'
`string'
`local static guard'
`typeof'
`vcall'
`vbtable'
`vftable'
operator
 delete
__unaligned
__restrict
__ptr64
__clrcall
__fastcall
__thiscall
__stdcall
__pascal
__cdecl
__based(
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
USER32.DLL
_nextafter
_logb
frexp
_hypot
_cabs
ldexp
atan2
e+000
GAIsProcessorFeaturePresent
KERNEL32
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
CONOUT$
1#QNAN
1#INF
1#IND
1#SNAN
bad allocation
dr_padcket.dat
bad allocation
BBSFeedBackGuids
QQGameTips
AdSensitiveGuids
FeedBackGuids
EffectiveTime
invalid map/set<T> iterator
vector<T> too long
Log.cfg
masterconn11.qq.com
RunDetector
GetDectectorResult
WaitDetectorComplete
CancelDetector
InitDetector
UnInitDetector
SetGroupId
RunDetectorEx
GetDectectorResultEx
WaitDetectorCompleteEx
RunDetectorWithNotification
NotDldScale
TipsPriority
ShowTips
map/set<T> too long
ScenesPriority
D:\jenkins_Trunk\workspace\GameAssitant\qqpcmgr_proj\GameAssitant\src\Libs\MiniSkin\VirSkin.cpp
KillTimer, pWnd=0x%x, nTimerID=%d, bRet=%d.  (timercount=%d)
list<T> too long
UpdateLayeredWindowIndirect
InvalidateRect, hWnd=0x%x, Rect=(%d, %d, %d, %d) %dx%d, bErase=%d, bLayeredWnd=%d, m_bMergePaint=%d
D:\jenkins_Trunk\workspace\GameAssitant\qqpcmgr_proj\GameAssitant\src\Libs\MiniSkin\VirSkinWnd.cpp
CVirSkinWnd::OnPaint, hWnd=0x%x, layeredwindow=%d, ClipRect=(%d,%d,%d,%d) %dx%d
Header FileCount=%d, IndexPos=%d, Temp1=%d, IndexLength=%d, Temp2=%d. ContentPos=%d
D:\jenkins_Trunk\workspace\GameAssitant\qqpcmgr_proj\GameAssitant\src\Libs\MiniSkin\ResPackFile.cpp
AlphaBlend
GradientFill
GetNativeSystemInfo
!3f@&d8F-j*n95ep
nettest.exe
qqpctray.exe
ios_base::badbit set
ios_base::failbit set
ios_base::eofbit set
d3r.ini
domain_name_
d2r.ini
%s = 
%ALLUSERSPROFILE%\Application Data\Tencent\QQP3C4Mgr\
113.105.95.120
125.39.120.82
thread exception 
bad locale name
false
bad cast
iphlpapi.dll
GetAdaptersInfo
System\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}
%s\Connection
MediaSubType
PnpInstanceID
SCSIDISK
DlForQd
QQDownload
TrojanEngine
TrojanPerformance
Cloud
Clinic
SoftExt
MenuManager
NetMon
FileSmash
TraceClear
SafeBox
IERepair
KillVirus
Default
SoftMove
QQSafe
Startup
Malware
SysClean
SoftUninst
FuncList
Hardware
SysOpt
SoftMgr
Trojan
HomePage
Update
Setting
Master
LogView_qqpcmgr
unknown
(%d) %02d:%02d:%02d.%03d %s_%s: %s
Unknown
IsWow64Process
WinHttpCrackUrl
WinHttpConnect
WinHttpOpenRequest
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpReadData
WinHttpCloseHandle
WinHttpOpen
WinHttpSetOption
WinHttpSetStatusCallback
QMGetDefaultExplore
QMGetIEFullPath
.\QMCommon.cpp
Get function "%s" address failed.
raB3GH
D:\jenkins_Trunk\workspace\GameAssitant\qqpcmgr_proj\GameAssitant\Output\BinFinal\ExternalCooperation\GameAssistant\QQGameExpandTipsForSmart.pdb
InitCommonControlsEx
_TrackMouseEvent
COMCTL32.dll
WS2_32.dll
ExpandEnvironmentStringsW
SizeofResource
LockResource
LoadResource
FindResourceExW
OpenProcess
lstrcmpiW
FindResourceW
GetNativeSystemInfo
SetUnhandledExceptionFilter
GetModuleFileNameA
CloseHandle
GetLocalTime
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
EnterCriticalSection
OutputDebugStringW
LeaveCriticalSection
InitializeCriticalSection
Sleep
DeleteCriticalSection
GetCurrentThreadId
InterlockedCompareExchange
InterlockedExchange
WaitForSingleObject
TerminateThread
GetCurrentProcessId
GetCurrentProcess
TerminateProcess
GetModuleHandleW
LoadLibraryW
GetProcAddress
FreeLibrary
GetTickCount
SetEvent
GetModuleFileNameW
CreateEventW
GetPrivateProfileStringW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
CreateProcessW
MultiByteToWideChar
WideCharToMultiByte
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
GetVersionExW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
FreeResource
CreateFileW
GetFileSize
GetLastError
InterlockedIncrement
GetSystemInfo
GetSystemDefaultLangID
InterlockedDecrement
VirtualQuery
CreateFileA
SetFilePointer
IsBadReadPtr
ReadFile
SetEndOfFile
WriteFile
ExpandEnvironmentStringsA
ResetEvent
CopyFileW
DeleteFileW
FindFirstFileW
FindClose
GetSystemDirectoryA
LoadLibraryA
DeviceIoControl
OpenFileMappingW
SetLastError
OpenEventW
GetTempPathW
CreateDirectoryW
WaitForMultipleObjects
HeapAlloc
DuplicateHandle
GetProcessHeap
InitializeCriticalSectionAndSpinCount
HeapFree
GetSystemDirectoryW
SwitchToThread
RaiseException
GetVersionExA
HeapDestroy
HeapReAlloc
HeapSize
KERNEL32.dll
GetMessageW
TranslateMessage
DispatchMessageW
PostThreadMessageW
IsWindow
GetWindowThreadProcessId
PostMessageW
SendMessageW
FindWindowW
ShowWindow
DestroyWindow
LoadImageW
PostQuitMessage
SystemParametersInfoW
MoveWindow
CreateWindowExW
GetClientRect
CopyRect
EqualRect
LoadCursorW
SetRect
PtInRect
OffsetRect
GetDC
ReleaseDC
IntersectRect
SetCapture
ReleaseCapture
GetCapture
GetKeyState
UpdateWindow
SetTimer
KillTimer
CallNextHookEx
GetClassInfoW
SetWindowsHookExW
UnhookWindowsHookEx
SetWindowLongW
DefWindowProcW
RegisterClassExW
GetWindowLongW
CallWindowProcW
DrawIconEx
UnionRect
InvalidateRect
IsRectEmpty
BeginPaint
UpdateLayeredWindow
FindWindowExW
IsWindowVisible
GetWindowRect
EndPaint
SetCursor
SendMessageTimeoutW
SetFocus
ClientToScreen
WindowFromPoint
ScreenToClient
RegisterWindowMessageW
GetCursorPos
FillRect
DrawTextW
FindWindowA
UnregisterClassA
USER32.dll
RegQueryInfoKeyW
RegEnumValueW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
ADVAPI32.dll
CreateStreamOnHGlobal
CoInitialize
CoCreateGuid
CoUninitialize
ole32.dll
ShellExecuteW
SHGetSpecialFolderPathW
SHELL32.dll
StrStrIW
SHGetValueW
PathFileExistsW
PathAppendW
PathIsURLW
PathRemoveFileSpecW
SHSetValueW
PathAppendA
SHLWAPI.dll
CreateCompatibleDC
CreateDIBSection
SelectObject
CreatePen
DeleteDC
DeleteObject
GetStockObject
SetBkMode
GetTextExtentPoint32W
ExcludeClipRect
CreateCompatibleBitmap
BitBlt
GetObjectW
Rectangle
GetObjectA
CreateSolidBrush
SetTextColor
GDI32.dll
GdiplusStartup
GdiplusShutdown
GdipFree
GdipAlloc
GdipGetImageWidth
GdipGetImageHeight
GdipDrawImageRectI
GdipDrawImageRectRectI
GdipCloneImage
GdipDisposeImage
GdipGetImagePixelFormat
GdipCreateFromHDC
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipCreateMatrix
GdipGraphicsClear
GdipDeleteMatrix
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipTranslateMatrix
GdipCreateBitmapFromScan0
GdipRotateMatrix
GdipCreateHBITMAPFromBitmap
GdipSetWorldTransform
GdipCloneBitmapAreaI
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetTextRenderingHint
GdipSetStringFormatFlags
GdipCreateFontFromDC
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipCreateFontFromLogfontA
GdipDrawString
GdipMeasureString
GdipDeleteFont
GdipSetStringFormatTrimming
GdipDeleteBrush
GdipCreateSolidFill
gdiplus.dll
AlphaBlend
MSIMG32.dll
NetWkstaTransportEnum
NetApiBufferFree
Netbios
NETAPI32.dll
EnumProcesses
EnumProcessModules
GetModuleBaseNameW
GetModuleFileNameExW
PSAPI.DLL
InternetGetConnectedState
HttpQueryInfoW
InternetOpenUrlW
InternetOpenW
InternetReadFile
InternetCloseHandle
WININET.dll
UnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleA
ExitProcess
GetSystemTimeAsFileTime
ExitThread
CreateThread
GetStartupInfoW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
GetFullPathNameW
RtlUnwind
LCMapStringA
LCMapStringW
GetCPInfo
GetStdHandle
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetFileType
GetStartupInfoA
VirtualFree
VirtualAlloc
HeapCreate
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
QueryPerformanceCounter
GetCurrentDirectoryA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
GetLocaleInfoW
SetStdHandle
GetTimeZoneInformation
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetDriveTypeA
CompareStringA
CompareStringW
SetEnvironmentVariableA
QQGameExpandTipsForSmart.exe
_CreateIReportClient@12
_GetGuid@4
_Init@4
_ReleaseIReportClient@4
_UnInit@4
.?AV_Locimp@locale@std@@
Copyright (c) 1992-2004 by P.J. Plauger, licensed by Dinkumware, Ltd. ALL RIGHTS RESERVED.
.?AVbad_typeid@std@@
.?AV__non_rtti_object@std@@
.?AVtype_info@@
.?AVbad_exception@std@@
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AVCAtlException@ATL@@
.?AVexception@std@@
.?AVbad_alloc@std@@
.?AVCBaseApp@@
.?AVCQMExpandApp@@
.?AV?$CSingleton@VQMSwitches@qm_switches_mgr@@@QMUtils@@
.?AVQMSwitches@qm_switches_mgr@@
.?AVShareMemeryClientMessageResolver@qm_switches_mgr@@
.?AVShareMemeryMessageResolver@qm_switches_mgr@@
.?AVMessageResolver@qm_switches_mgr@@
.?AVout_of_range@std@@
.?AVlogic_error@std@@
.?AVlength_error@std@@
.?AVCmdTARGET@miniwnd@@
.?AVBaseWND@miniwnd@@
.?AVCVirSkinWnd@@
.?AVCMainUI@@
.?AVCVWndBase@miniskin@@
.?AVCVContainer@miniskin@@
.?AVCVClientContainer@@
.?AVCDetectorLogic@@
.?AVCQQPCDetector@QQPCDetectorHelper@@
.?AVCGameTipsContent@@
.?AVRdbDownLoader@@
.?AVCHttpDownloadSink@QQDectector@@
.?AVCBaseScenes@@
.?AVCOfficeScenes@@
.?AVCScenesLogic@@
.?AVCSkinMgr@miniskin@@
.?AVCVImgButton@miniskin@@
.?AVCVButton@miniskin@@
.?AVCVButtonBase@miniskin@@
.?AVCVImage@miniskin@@
.?AVBitmap@Gdiplus@@
.?AVGdiplusBase@Gdiplus@@
.?AVImage@Gdiplus@@
.?AVCDrawRenderGdiLayered@miniskin@@
.?AVCDrawRenderGdi@miniskin@@
.?AVCDrawRender@miniskin@@
.?AVCMemFile@minilib@@
.?AVCBaseIO@minilib@@
.?AVReportClientImpl@ClientDataReport@@
.?AVIReportClient@ClientDataReport@@
.?AV?$scoped_lock@Vcritical_section@lock@fund@@@lock@fund@@
.?AVcritical_section@lock@fund@@
.?AVnoncopyable@fund@@
.?AV?$CSingleton@VCReportManager@QMReportMgr@@@utils@@
.?AVCReportManager@QMReportMgr@@
.?AV?$Thread@U?$BindMember0@VTransportMgr@DataTransport@@P812@AEXPAX@Z@fund@@@fund@@
.?AVruntime_error@std@@
.?AVfailure@ios_base@std@@
.?AVCSeqIDGenerator@@
.?AV?$num_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@
.?AV?$numpunct@D@std@@
.?AV?$ctype@D@std@@
.?AUctype_base@std@@
.?AVfacet@locale@std@@
.?AV?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@
.?AV?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@
.?AV?$basic_ostream@DU?$char_traits@D@std@@@std@@
.?AV?$basic_streambuf@DU?$char_traits@D@std@@@std@@
.?AV?$basic_ios@DU?$char_traits@D@std@@@std@@
.?AV?$_Iosb@H@std@@
.?AVios_base@std@@
.?AVbad_cast@std@@
.?AV?$codecvt@DDH@std@@
.?AVcodecvt_base@std@@
.?AV?$basic_ifstream@DU?$char_traits@D@std@@@std@@
.?AV?$basic_filebuf@DU?$char_traits@D@std@@@std@@
.?AV?$basic_istream@DU?$char_traits@D@std@@@std@@
.?AVlog_device_manager@core_log@@
.?AVlog_device_logview@core_log@@
.?AVbase_log_device@core_log@@
.?AVCHttpDownloadImp@QQDectector@@
.?AVIHttpDownload@QQDectector@@
.?AVCWinHttpFile@QQDectector@@
.?AVCDownloadFile@QQDectector@@
.?AVCWininetFile@QQDectector@@
pxDDDDDDDDD@
cOXY/P.Z0.0.QR00/ZPP0000000/0PPZR.BI@/DE0,
pxDDDDDDDDD@
cOXY/P.Z0.0.QR00/ZPP0000000/0PPZR.BI@/DE0,
</assembly>PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX
=*=P>]>b>
=Y>}?
='>'?,?6?X?b?
;7;N;`;
>#?2?A?~?
:C<R<a<
<(=H=
<S=a=!>G?
?+?7?f?
;'<=<
;(<4>I>
<G=X={=
>9>@>
=X>+?
(2,2P9T9X9
\7`7d7h7l7
<$<0<P<X<d<
del %0(
pxDDDDDDDDD@
cOXY/P.Z0.0.QR00/ZPP0000000/0PPZR.BI@/DE0,
pxDDDDDDDDD@
cOXY/P.Z0.0.QR00/ZPP0000000/0PPZR.BI@/DE0,
(null)
kernel32.dll
ntdll.dll
explorer.exe
SeDebugPrivilege
%s %s
cmd.exe /c del 
\QMExpandTips*.exe & del 
\QMExpandHelper*.exe & del 
\QQGameExpandTips*.exe
[%4ld] TAO  %s : %s(%d) %s
Trace
Info 
Warn 
Error
Fatal
DFLT 
QMExpandTips report: ReportType = %d, UIType = %d, 360status = %d
CExpandDataReport::DoReport
QMExpandTips report: DetectSID = %d, GameIsInstall = %d, TipsActCode = %d, ErrorCode = %d
QQGameExpandTips
%s%d.exe
QQGameExpandHelper.dat
QMExpandTips Tips InitInstance wait 5s to run exe
wWinMain
oSOFTWARE\Microsoft\Internet Explorer
Version
%u.%u.%u.%u
\Tencent\DeskUpdate
\Tencent\Desktop
\Global.db
@%2hx%2hx%2hx%2hx%2hx%2hx
I\\.\PhysicalDrive%d
\\.\Scsi%d:
E(null)
UTF-8
UTF-16LE
UNICODE
tray.exe
fangyu.exe
zhudong
sdrun.exe
sd.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SOFTWARE\Microsoft\Windows\CurrentVersion\RunEx
SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Setup
SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
%programfiles%
 (x86)
 (X86)
%commonprogramfiles%
ForceRemove
NoRemove
Delete
TypeLib
Software
SYSTEM
SECURITY
Hardware
Interface
FileType
Component Categories
CLSID
AppID
QMDownload
ClientWindow
QMSwitchesClientMessageWindow
ServerWindow
QMSwitchesServerMessageWindow
ClientWindow
QMSwitchesClientMessageWindow
ServerWindow
QMSwitchesServerMessageWindow
ClientWindow
QMSwitchesClientMessageWindow
ServerWindow
QMSwitchesServerMessageWindow
ClientWindow
QMSwitchesClientMessageWindow
ServerWindow
QMSwitchesServerMessageWindow
ClientWindow
QMSwitchesClientMessageWindow
ServerWindow
QMSwitchesServerMessageWindow
ClientWindow
QMSwitchesClientMessageWindow
ServerWindow
QMSwitchesServerMessageWindow
ClientWindow
QMSwitchesClientMessageWindow
ServerWindow
QMSwitchesServerMessageWindow
QMExpandTips User is Sensitive user, do not show
CQMExpandApp::InitInstance
QMExpandTips Now time is not effective
QMExpandTips ParseCmdLine Failed
QMExpandTips tipscontent Init Failed
QMExpandTips get tip Failed
QMExpandTips Tips Has already showed int %d days
QMExpandTips Tips InitInstance try write register failed, so do not show tips
QMExpandTips detector init failed
QMExpandTips rdb file not ready
QMGameExpand
SOFTWARE\Tencent
/showtipsbypri=
QMExpandTips ParseCommandLine, error cmdline = %s
CQMExpandApp::ParseCommandLine
QQ.exe
QMExpandTips QQ.exe Running
CQMExpandApp::ExistQQRelativeProcess
QQMusic.exe
QMExpandTips QQMusic.exe Running
QQLive.exe
QMExpandTips QQLive.exe Running
QQGameHall.exe
QMExpandTips QQGameHall.exe Running
QMExpandTips none qq relative porcess Running
QMExpandTips rdb not exists
CQMExpandApp::CheckTipsRdb
QMExpandTips get rdb md5 failed
QMExpandTips rdb md5 not equal, current rbd md5 = %s, switchmd5 = %s
QQGameExpandTipsForNotWait5Mins.dat
QMExpandTips Tips InitInstance wait 5 min to show tips
CQMExpandApp::WaitQQProcessToShowTips
CQMExpandApp::IsRdbFileReady
QMExpandTips get current path Failed
QMExpandTips rdb need download
QMExpandTips rdb downloader init failed
QMExpandTips rdb start download failed
QMExpandTips checktips rdb failed
QMExpandTips rdb new m_pRdbDownLoader failed
QMExpandTips rdb already exists
QMExpandTips rdb set image pack file failed
QMExpandTips get one tip content by priority Failed
CQMExpandApp::GetShowTipsContent
QMExpandTips get one tip content by Random Failed
QMExpandTips get one tip content error priority = %d
NotSensitiveUser.dat
QMExpandTips NotSensitiveUser.dat file exists, so regard not as a sensitive user
CQMExpandApp::IsSensitiveUsers
QMExpandTips NotSensitiveUser.dat file exists, and try to show tips
QMExpandTips BBSFeedBack Users not show tips
QMExpandTips AdSensitive Users not show tips
QMExpandTips FeedBack Users not show tips
QMExpandTips the time content is NULL
CQMExpandApp::IsTimeEffective
QMExpandTips one day is ok
QMExpandTips now time is in the commit times
@[%4ld] TAO  %s : %s(%d) %s
Trace
Info 
Warn 
Error
Fatal
DFLT 
QMExpandTips report: ReportType = %d, UIType = %d, 360status = %d
CExpandDataReport::DoReport
QMExpandTips report: DetectSID = %d, GameIsInstall = %d, TipsActCode = %d, ErrorCode = %d
bk.png
btn.png
close.png
QMExpandTips CloseBtn PostMessage WM_CLOSE Failed, so Terminate process
CVClientContainer::OnMessage
QMExpandTips CloseBtn Terminate process result = %d
QMExpandTips StartDetcdor Failed
CVClientContainer::OnBtnPush
FQQGameExpandUI
QQGame
ATXMiniSkin
nInstallDir
SOFTWARE\Tencent\QQPCMgr
QMLoader\QQPCDetector.dll
QMExpandTips GetSwitchMagr pSwitchMgr == null
CGameTipsContent::Init
eQMExpandTips ReportType_Of_TipsNotDldRdbForPos
QMExpandTips GetShowTipsName Failed
QMExpandTips GetTipsPriority Failed
QMExpandTips GetCanShowTips Failed
QMExpandTips GetOneTipContentByPriority not find strTipsName = %s
CGameTipsContent::GetOneTipContentByPriority
QMExpandTips GetOneTipContentByPriority find strTipsName = %s
QMExpandTips GetOneTipContentByPriority not find strTips to show
QMExpandTips GetOneTipContentRandom uTipsRandIndex = %d
CGameTipsContent::GetOneTipContentRandom
QMExpandTips GetOneTipContentRandom tipsname = %s
QMExpandTips AStringToWString Failed
CGameTipsContent::GetTipsPriority
QMExpandTips GetTipsPriorityFromSwitches Failed
QMExpandTips Enter wstrPrioritys = %s
CGameTipsContent::GetTipsPriorityFromSwitches
QMExpandTips wstrSwitchPrioritys emtpy
QMExpandTips Enter strKV = %s
QMExpandTips TipsNameEmpty
QMExpandTips GetShowTipsNamesFromSwitches Enter
CGameTipsContent::GetShowTipsNamesFromSwitches
QMExpandTips showtipsnames empty
QMExpandTips TipsName empty
QMExpandTips TipsName %s
QMExpandTips switchmgr null
CGameTipsContent::GetShowTipsNames
QMExpandTips AStringToWString failed
QMExpandTips getswitch QQGameTips_ShowTips failed
QMExpandTips gettipscontent failed
CGameTipsContent::IsTipsContentExist
QMExpandTips the user is not in the target
QMExpandTips gettipscontent emtpy switch or tipsname empty
CGameTipsContent::GetTipsContent
QMExpandTips gettipscontent emtpy attbalue tipsAttr = %s
popinterval
newsid
oldsid
rdburl
closebtnxoffset
closebtnyoffset
pushbtnxoffset
pushbtnyoffset
alpha
rdbmd5
urlclick
target
QMExpandTips attvalue = %s
regkey
regitem
filename
QMExpandTips gettipscontent getswtich value failed
QMExpandTips m_pDownload emtpy, try createhttpdownload
RdbDownLoader::StartDownloadRdb
QMExpandTips CreateHttpDownload failed
QMExpandTips m_pDownload createhttp emtpy
QMExpandTips m_pDownload Download failed
QQGameExpandTipsForNotWriteReg.dat
QMExpandTips Tips testFileExists, so do not write reg
QGameUtilFunc::SetConfigValue
QMGameExpandTemp
GameDirectory
SOFTWARE\Tencent\QQGame\SYS
QQGame.exe
Tencent\QQPCMgr\SoftMgr\GameTipsDir\
QMExpandTips Tips test file exists
QGameUtilFunc::IsTestFileExists
QQGameExpandTipsForSmart.ini
QMExpandTips Tips ini file not exists
QGameUtilFunc::AdjustUIPosFromConfigFile
closeBtnXOffSet
QMExpandTips Tips ini file get closeXOffSet failed
closeBtnYOffSet
QMExpandTips Tips ini file get closeYOffSet failed
pushBtnXOffSet
QMExpandTips Tips ini file get pushXOffSet failed
pushBtnYOffSet
QMExpandTips Tips ini file get pushYOffSet failed
QMExpandTips Tips ini file closeX = %d, closeY = %d, pushX = %d, pushY = %d
iexplore.exe
CQMExpandTips Init pSwitchMgr=NULL
COfficeScenes::Init
QMExpandTips WStringToAString Failed
QMExpandTips string to wstring failed
QMExpandTips get scenes content failed
QMExpandTips the Proc list is Empty
COfficeScenes::IsScenesTrigger
QMExpandTips proc=%s
QMExpandTips the scenes proc is on
QMExpandTips The close opened handled
COfficeScenes::StartScenesCheck
QMExpandTips Create Work Thread Failed
QMExpandTips Create a work thread to check office scenes satisfy
procname
QMExpandTips the proclist is empty
COfficeScenes::GetOfficeProcList
QMExpandTips the office scenes is satisfy
COfficeScenes::ThreadProcExistChecker
QMExpandTips the office is not satisfy, sleep 10s
@QMExpandTips ScenesLogic GetSwitchMgr pSwitchMgr=NULL
CScenesLogic::Init
QMExpandTips Get Scenes Content failed
QMExpandTips Create Scenes Priority Queue failed
QMExpandTips Enter StartScenesDetect
CScenesLogic::StartScenesDetect
QMExpandTips the priority queue is empty, quit
QMExpandTips StartScenes in while
QMExpandTips Have get a Scenes Trigger to StartSenesCheck
QMExpandTips the higher priority scenes triggered, release current Scenes
QMExpandTips goon
QMExpandTips the highest scenes satisfy
QMExpandTips is the lower priority scenes satisfy, first check the higher one
QMExpandTips meet a higher scenes trigger and start scenes check
QMExpandTips current scenes satisfy
QMExpandTips running time over
QMExpandTips one loop end have 1m sleep
QMExpandTips String to wstring failed
CScenesLogic::GetScenesLogicContent
QMExpandTips Get Scenes content from switches failed
QMExpandTips the m_vecScenesSwitch is empty
CScenesLogic::CreateScenesPriorityQueue
QMExpandTips m_vecScenesPriority is empty
QMExpandTips wstrSwitches is empty
CScenesLogic::GetScenesContentFromSwitches
scenes
pollingtime
ignore
QMExpandTips scenesAttr=%s
QMExpandTips GetScenesSwitches wstrSwitches is empty
CScenesLogic::GetScenesSwitches
@OnMouseDown, bMouseIn=%d, bMouseDown=%d
pOnMouseUp, bMouseIn=%d, bMouseDown=%d
CVContainer::~CVContainer
CVWndMgr::Init
tooltips_class32
Auser32.dll
tminiskin:VWND_GETINFO
InvalidateRect, hWnd=0x%x, pRect=NULL, bErase=%d, bLayeredWnd=%d, m_bMergePaint=%d
    UnionRect=(%d, %d, %d, %d) %dx%d
OnTimer InvalidateRect, hWnd=0x%x, ClipRect=(%d, %d, %d, %d) %dx%d
dOnLeftButtonDown
OnLeftButtonUp
OnRightButtonDown
OnRightButtonUp
_TrackMouseEvent
OnMouseLeave, m_bMouseInWnd=%d
miniskin:WM_HIDEWINDOW
AIMAGE
Index=%d, FileName=%s, Pos=%d(%d), temp1=%d, Length=%d, temp2=%d
open pack file fileName=%s
GetFileData, FileName=%s
msimg32.dll
okernel32.dll
SOFTWARE\Microsoft\Internet Explorer
Version
%u.%u.%u.%u
\Tencent\DeskUpdate
\Tencent\Desktop
\Global.db
%2hx%2hx%2hx%2hx%2hx%2hx
I\\.\PhysicalDrive%d
\\.\Scsi%d:
Global\{17ED6DA0-0902-461c-B763-F00FF209066B}
Global\{FA6FBBB1-8C8E-43b1-B8EC-35573A94C231}
EnableLogToView
%APPDATA%\Tencent\QQPCMgr\
ErrLogFile.log
C:\ErrLogFile.log
kernel32
Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; QQPCMgr7.0)
HTTP/1.1
Cwinhttp.dll
QMCommon.dll
Load QMCommon.dll failed, path=%S
QQPCMgr.exe
QQPCTray.exe
QQPCRTP.exe
&File
iE&xit
&Help
h&About ...
About
System
QMExpandTips Version 1.0
Copyright (C) 2016
QMExpandTips
QMEXPANDTIPS
&File
iE&xit
&Help
h&About ...
About
System
QMExpandHelper Version 1.0
Copyright (C) 2016
QMExpandHelper
QMEXPANDHELPER

防病毒引擎/厂商	病毒名/规则匹配	病毒库日期
Bkav	未发现病毒	20161214
MicroWorld-eScan	未发现病毒	20161215
nProtect	未发现病毒	20161215
CMC	未发现病毒	20161214
CAT-QuickHeal	未发现病毒	20161215
ALYac	未发现病毒	20161215
Malwarebytes	未发现病毒	20161215
VIPRE	未发现病毒	20161215
K7AntiVirus	未发现病毒	20161214
K7GW	未发现病毒	20161215
TheHacker	未发现病毒	20161214
TrendMicro	未发现病毒	20161215
Baidu	未发现病毒	20161207
F-Prot	未发现病毒	20161215
Symantec	未发现病毒	20161215
TotalDefense	未发现病毒	20161214
TrendMicro-HouseCall	未发现病毒	20161215
Avast	未发现病毒	20161215
ClamAV	未发现病毒	20161215
Kaspersky	未发现病毒	20161215
BitDefender	未发现病毒	20161215
NANO-Antivirus	未发现病毒	20161215
ViRobot	未发现病毒	20161215
AegisLab	未发现病毒	20161214
Tencent	未发现病毒	20161215
Ad-Aware	未发现病毒	20161215
Sophos	未发现病毒	20161215
Comodo	未发现病毒	20161215
F-Secure	未发现病毒	20161215
DrWeb	未发现病毒	20161215
Zillya	未发现病毒	20161214
Invincea	未发现病毒	20161202
McAfee-GW-Edition	未发现病毒	20161215
Emsisoft	未发现病毒	20161215
Cyren	未发现病毒	20161215
Jiangmin	未发现病毒	20161215
Avira	未发现病毒	20161214
Antiy-AVL	未发现病毒	20161215
Kingsoft	未发现病毒	20161215
Microsoft	未发现病毒	20161215
Arcabit	未发现病毒	20161215
SUPERAntiSpyware	未发现病毒	20161215
GData	未发现病毒	20161215
AhnLab-V3	未发现病毒	20161214
McAfee	未发现病毒	20161215
AVware	未发现病毒	20161215
VBA32	未发现病毒	20161214
Zoner	未发现病毒	20161215
ESET-NOD32	未发现病毒	20161215
Rising	未发现病毒	20161215
Yandex	未发现病毒	20161214
Ikarus	未发现病毒	20161214
Fortinet	未发现病毒	20161215
AVG	未发现病毒	20161215
Panda	未发现病毒	20161214
CrowdStrike	未发现病毒	20161024
Qihoo-360	未发现病毒	20161215

进程树

ff4789ccddab2b33e33ee330f920a29d.exe id: 1468
- cmd.exe id: 2064
- QQGameExpandTips1468.exe id: 2152

ff4789ccddab2b33e33ee330f920a29d.exe, PID: 1468, 上一级进程 PID: 1884

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

cmd.exe, PID: 2064, 上一级进程 PID: 1468

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

QQGameExpandTips1468.exe, PID: 2152, 上一级进程 PID: 1468

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

直接	IP	安全评级	地理位置
否	183.36.108.223	中国

TCP

源地址	源端口	目标地址	目标端口
192.168.122.202	49164	183.36.108.223 masterconn11.qq.com	443
192.168.122.202	49166	183.36.108.223 masterconn11.qq.com	443
192.168.122.202	49168	183.36.108.223 masterconn11.qq.com	443
192.168.122.202	49170	183.36.108.223 masterconn11.qq.com	443
192.168.122.202	49158	23.59.139.27	80
192.168.122.202	49159	23.59.139.27	80

UDP

源地址	源端口	目标地址	目标端口
192.168.122.202	49562	192.168.122.1	53
192.168.122.202	58900	192.168.122.1	53
192.168.122.202	62033	192.168.122.1	53

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
masterconn11.qq.com	A 183.36.108.223

TCP

源地址	源端口	目标地址	目标端口
192.168.122.202	49164	183.36.108.223 masterconn11.qq.com	443
192.168.122.202	49166	183.36.108.223 masterconn11.qq.com	443
192.168.122.202	49168	183.36.108.223 masterconn11.qq.com	443
192.168.122.202	49170	183.36.108.223 masterconn11.qq.com	443
192.168.122.202	49158	23.59.139.27	80
192.168.122.202	49159	23.59.139.27	80

UDP

源地址	源端口	目标地址	目标端口
192.168.122.202	49562	192.168.122.1	53
192.168.122.202	58900	192.168.122.1	53
192.168.122.202	62033	192.168.122.1	53

HTTP 请求

URI	HTTP数据
URL专业沙箱检测 -> http://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEFIA5aolVvwahu2WydRLM8c%3D	GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEFIA5aolVvwahu2WydRLM8c%3D HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Microsoft-CryptoAPI/6.1 Host: ocsp.verisign.com
URL专业沙箱检测 -> http://sf.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo%2FX8AUm7%2BPSp50CEFIEi5yKZ%2BKPDMjMdYE93Fo%3D	GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo%2FX8AUm7%2BPSp50CEFIEi5yKZ%2BKPDMjMdYE93Fo%3D HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Microsoft-CryptoAPI/6.1 Host: sf.symcd.com

URI

HTTP数据

URL专业沙箱检测 -> http://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEFIA5aolVvwahu2WydRLM8c%3D

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEFIA5aolVvwahu2WydRLM8c%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com

URL专业沙箱检测 -> http://sf.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo%2FX8AUm7%2BPSp50CEFIEi5yKZ%2BKPDMjMdYE93Fo%3D

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTSqZMG5M8TA9rdzkbCnNwuMAd5VgQUz5mp6nsm9EvJjo%2FX8AUm7%2BPSp50CEFIEi5yKZ%2BKPDMjMdYE93Fo%3D HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: sf.symcd.com

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

无ICMP流量.

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件

文件名	QQGameExpandTips1468.exe
相关文件	C:\Users\test\AppData\Local\Temp\QQGameExpandTips1468.exe
文件大小	533696 字节
文件类型	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	b06e47518387152ada6c893a8c9c0aa9
SHA1	7a092698f544495a559fb2bf04cc9ec3f7b35c56
SHA256	2f5aa86491967ccc39142a81e5076a2ca8fc85855ec168ed5ac368e75e34ea28
CRC32	636F7FF7
Ssdeep	12288:1+C5jdhcn5yfxQD9pJJjKLGqENTpmJwFXs4:1LP+t9pJJWWNTAJwFc4
	下载提交魔盾安全分析

没有发现相似的分析.

HTML 总结报告 (需15-60分钟同步)	下载

Processing ( 29.262 seconds )

13.529 Suricata
6.921 NetworkAnalysis
3.554 TargetInfo
2.793 Dropped
1.33 VirusTotal
0.599 peid
0.232 Strings
0.21 BehaviorAnalysis
0.049 AnalysisInfo
0.042 Debug
0.003 Memory

Signatures ( 3.205 seconds )

2.733 md_url_bl
0.246 md_bad_drop
0.026 antiav_detectreg
0.017 md_domain_bl
0.012 stealth_timeout
0.012 infostealer_ftp
0.011 api_spamming
0.01 ransomware_files
0.009 antiav_detectfile
0.009 ransomware_extensions
0.008 persistence_autorun
0.008 decoy_document
0.008 infostealer_im
0.006 geodo_banking_trojan
0.006 infostealer_bitcoin
0.005 antianalysis_detectreg
0.005 disables_browser_warn
0.005 network_torgateway
0.004 antivm_vbox_files
0.004 infostealer_mail
0.004 network_http
0.003 rat_nanocore
0.003 tinba_behavior
0.003 antivm_generic_disk
0.002 bootkit
0.002 reads_self
0.002 mimics_filetime
0.002 stealth_file
0.002 cerber_behavior
0.002 virus
0.002 bot_drive
0.002 modify_proxy
0.002 browser_security
0.002 modify_uac_prompt
0.001 network_tor
0.001 hancitor_behavior
0.001 betabot_behavior
0.001 kazybot_behavior
0.001 kibex_behavior
0.001 antivm_generic_scsi
0.001 shifu_behavior
0.001 ursnif_behavior
0.001 antianalysis_detectfile
0.001 antidbg_devices
0.001 antivm_generic_diskreg
0.001 antivm_parallels_keys
0.001 antivm_xen_keys
0.001 banker_zeus_mutex
0.001 bot_drive2
0.001 browser_addon
0.001 disables_system_restore
0.001 disables_windows_defender
0.001 maldun_blacklist
0.001 mimics_extension
0.001 modify_security_center_warnings
0.001 network_cnc_http
0.001 office_security
0.001 rat_pcclient
0.001 rat_spynet
0.001 recon_fingerprint
0.001 stealth_hiddenreg
0.001 stealth_hide_notifications

Reporting ( 2.12 seconds )

1.653 ReportHTMLSummary
0.467 Malheur


Task ID	114551
Mongo ID	59ada5582e063364a640a0bb
Cuckoo release	1.4-Maldun