Analysis Report https://mp.weixin.qq.com

Overview

General Information

Sample URL: https://mp.weixin.qq.com
Analysis ID: 352052

Most interesting Screenshot:

Detection

Score: 0
Range: 0 - 100
Whitelisted: false
Confidence: 80%

Signatures

No high impact signatures.

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

There are no high impact signatures.

Compliance:

barindex
Uses new MSVCR Dlls
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll Jump to behavior
Uses secure TLS version for HTTPS connections
Source: unknown HTTPS traffic detected: 203.205.232.110:443 -> 192.168.2.4:49734 version: TLS 1.2
Source: unknown HTTPS traffic detected: 203.205.232.110:443 -> 192.168.2.4:49735 version: TLS 1.2
Source: unknown HTTPS traffic detected: 150.109.206.154:443 -> 192.168.2.4:49737 version: TLS 1.2
Source: unknown HTTPS traffic detected: 150.109.206.154:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknown HTTPS traffic detected: 150.109.206.154:443 -> 192.168.2.4:49738 version: TLS 1.2
Source: unknown HTTPS traffic detected: 150.109.206.154:443 -> 192.168.2.4:49736 version: TLS 1.2
Source: unknown HTTPS traffic detected: 150.109.206.154:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: unknown HTTPS traffic detected: 211.152.136.121:443 -> 192.168.2.4:49775 version: TLS 1.2
Source: unknown HTTPS traffic detected: 211.152.136.121:443 -> 192.168.2.4:49776 version: TLS 1.2
Source: unknown HTTPS traffic detected: 203.205.235.37:443 -> 192.168.2.4:49783 version: TLS 1.2
Source: unknown HTTPS traffic detected: 150.109.206.154:443 -> 192.168.2.4:49788 version: TLS 1.2
Source: unknown HTTPS traffic detected: 150.109.206.154:443 -> 192.168.2.4:49789 version: TLS 1.2
Source: unknown HTTPS traffic detected: 150.109.206.154:443 -> 192.168.2.4:49792 version: TLS 1.2
Source: unknown HTTPS traffic detected: 150.109.206.154:443 -> 192.168.2.4:49790 version: TLS 1.2
Source: unknown HTTPS traffic detected: 150.109.206.154:443 -> 192.168.2.4:49791 version: TLS 1.2
Source: unknown HTTPS traffic detected: 203.205.235.37:443 -> 192.168.2.4:49815 version: TLS 1.2
Source: unknown HTTPS traffic detected: 203.205.235.37:443 -> 192.168.2.4:49819 version: TLS 1.2
Source: unknown HTTPS traffic detected: 203.205.235.37:443 -> 192.168.2.4:49820 version: TLS 1.2
Source: unknown HTTPS traffic detected: 203.205.235.37:443 -> 192.168.2.4:49828 version: TLS 1.2
Source: unknown HTTPS traffic detected: 203.205.235.37:443 -> 192.168.2.4:49832 version: TLS 1.2
Source: unknown HTTPS traffic detected: 203.205.235.37:443 -> 192.168.2.4:49831 version: TLS 1.2
Source: unknown HTTPS traffic detected: 203.205.232.110:443 -> 192.168.2.4:49835 version: TLS 1.2
Source: unknown HTTPS traffic detected: 203.205.232.110:443 -> 192.168.2.4:49834 version: TLS 1.2
Source: unknown HTTPS traffic detected: 203.205.235.60:443 -> 192.168.2.4:49838 version: TLS 1.2
Source: unknown HTTPS traffic detected: 203.205.234.140:443 -> 192.168.2.4:49839 version: TLS 1.2
Source: unknown HTTPS traffic detected: 203.205.234.140:443 -> 192.168.2.4:49840 version: TLS 1.2
Source: global traffic HTTP traffic detected: GET /mmbiz_jpg/PiajxSqBRaEIQxibpLbyuSKibkkRsARXa5UNlS1RXgxyJYYmT8I7m0KricFdib41uMX3m0rtUiccELJms9Y3Th3bDOqQ/0?wx_fmt=jpeg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Accept-Language: en-USUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Trident/6.0)Accept-Encoding: gzip, deflateHost: mmbiz.qpic.cnConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /mmbiz_jpg/PiajxSqBRaEIQxibpLbyuSKibkkRsARXa5Ufiautz6rpA0GDjic66uRafVXpa8OEDmx5nGKg2x2HX0ErdKttt6RHRDQ/0?wx_fmt=jpeg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Accept-Language: en-USUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Trident/6.0)Accept-Encoding: gzip, deflateHost: mmbiz.qpic.cnConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /mmbiz_jpg/PiajxSqBRaEIQxibpLbyuSKibkkRsARXa5Uv4PLgLzJx9zKpRGQpDDqrYKGMUz7KkPx8iawAuMeNmjcUJYM7bdWRNQ/0?wx_fmt=jpeg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Accept-Language: en-USUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Trident/6.0)Accept-Encoding: gzip, deflateHost: mmbiz.qpic.cnConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /mmbiz_png/ZbfXXfBDcJLno1e1UqjrWib4PU6YuqibXPYg8RHyPZ1D7ib75wZqBbHvXxSzia55QTrbrKiafPbibiaLYyYeyF7fdic7Qw/0?wx_fmt=png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Accept-Language: en-USUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Trident/6.0)Accept-Encoding: gzip, deflateHost: mmbiz.qpic.cnConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /mmbiz/ByCS3p9sHianpGy0vCWQsiam8Bk1gqf0VJmlp3UaxJ3aUA0w0VHvNy5Aa6bkKkJQf1Yus6ZXxbYHs/0 HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Accept-Language: en-USUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Trident/6.0)Accept-Encoding: gzip, deflateHost: mmbiz.qpic.cnConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /mmbiz/ByCS3p9sHianpGy0vCWQsiatfuEtzA8QIYJYwFcGDF5diaicDau5Voh5nqyBXuxJE9lmiaxFH9t9nWP8/0 HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Accept-Language: en-USUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Trident/6.0)Accept-Encoding: gzip, deflateHost: mmbiz.qpic.cnConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /sz_mmbiz_png/3GibxlHsvCQZWfOQB1fhM53JHgdNrhP9ECmXibbqYBLC1BD5zqzG8VTOrf6hXk1ib4C9zXHXnpMHibRaf1icI8eTwJQ/0?wx_fmt=png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Accept-Language: en-USUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Trident/6.0)Accept-Encoding: gzip, deflateHost: mmbiz.qpic.cnConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /sz_mmbiz_png/3GibxlHsvCQZWfOQB1fhM53JHgdNrhP9EWS1eULkneEJaYGcbvFAia50SWyG4y793tRnWPlkgicwJD7AKQ8WzzNbg/0?wx_fmt=pn HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Accept-Language: en-USUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Trident/6.0)Accept-Encoding: gzip, deflateHost: mmbiz.qpic.cnConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /sz_mmbiz_png/3GibxlHsvCQZWfOQB1fhM53JHgdNrhP9E5d9u27FKriceD6TQfflQ3xKuVxI4897YUKmxnNFH2W8libjRdEFV9TfQ/0?wx_fmt=png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Accept-Language: en-USUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Trident/6.0)Accept-Encoding: gzip, deflateHost: mmbiz.qpic.cnConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /mmbiz_jpg/iaFicQ6852LK17YHvAo8ibRcQ73ibSRGZ8n4SAgSiaHPJNSDVE3KTkcAeHdzeTPibP2Jhy0TVfXnMo6qeoZnOqT8k8NA/0?wx_fmt=jpeg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Accept-Language: en-USUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Trident/6.0)Accept-Encoding: gzip, deflateHost: mmbiz.qpic.cnConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /mmbiz/ByCS3p9sHianpGy0vCWQsiahzY2mYtoDTcka4sJlD1PTS0MjOSn5sibTdLPb8xiaKiafuiab2Tz4G9mQ8/0 HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Accept-Language: en-USUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Trident/6.0)Accept-Encoding: gzip, deflateHost: mmbiz.qpic.cnConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /mmbiz_jpg/bibwa2JU7nS1GE4DZM1qia6KMAI63xWbj6EiawRd4QHnK7uJDvGtrGWlUPfhI97RBjKRbkTXeN9rMrsoFpsD6cjaA/0?wx_fmt=jpeg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Accept-Language: en-USUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Trident/6.0)Accept-Encoding: gzip, deflateHost: mmbiz.qpic.cnConnection: Keep-Alive
Source: global traffic HTTP traffic detected: GET /user-files/uploads/202002/0a7a764c90304531d572feeaf0870cc1.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Accept-Language: en-USUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Trident/6.0)Accept-Encoding: gzip, deflateHost: file.service.qq.comConnection: Keep-Alive
Source: unknown DNS traffic detected: queries for: mp.weixin.qq.com
Source: util[1].js.3.dr String found in binary or memory: http://admin.cm.com/cgi-bin/start?GroupID=295&DirectPage=
Source: loginpage53b401[1].js.3.dr String found in binary or memory: http://admin.wechat.com/
Source: kf_creat_product[1].js.3.dr String found in binary or memory: http://crm2.qq.com/page/portalpage/wpa.php?uin=40012345&f=1&ty=1&ap=000011
Source: VX22BC5U.htm.3.dr String found in binary or memory: http://developers.weixin.qq.com/
Source: 120911VrYVrA15091832Qzqq[1].htm.3.dr String found in binary or memory: http://file.service.qq.com/user-files/uploads/201612/f28aa5cae69cd955d2b2449bdda094fc.jpg
Source: 120911VrYVrA15091832Qzqq[1].htm.3.dr String found in binary or memory: http://file.service.qq.com/user-files/uploads/201704/50a9bc972edfa45b4cc7b3e53daeeb45.jpg
Source: datB00E.tmp.3.dr, iconfont[1].eot.3.dr String found in binary or memory: http://fontello.com
Source: datB00E.tmp.3.dr String found in binary or memory: http://fontello.comhttp://fontello.com
Source: share[1].css.3.dr String found in binary or memory: http://imgcache.qq.com/bossweb/service/touch/images/agree.png)
Source: share[1].css.3.dr String found in binary or memory: http://imgcache.qq.com/bossweb/service/touch/images/alert_popup_bg.png)
Source: share[1].css.3.dr String found in binary or memory: http://imgcache.qq.com/bossweb/service/touch/images/alert_popup_no_nor.png)
Source: share[1].css.3.dr String found in binary or memory: http://imgcache.qq.com/bossweb/service/touch/images/alert_popup_yes_nor.png)
Source: reset[1].css.3.dr String found in binary or memory: http://imgcache.qq.com/bossweb/service/touch/images/arrow_slt.png)
Source: share[1].css.3.dr String found in binary or memory: http://imgcache.qq.com/bossweb/service/touch/images/bg_gotop.png)
Source: share[1].css.3.dr String found in binary or memory: http://imgcache.qq.com/bossweb/service/touch/images/bg_header_light.png)
Source: share[1].css.3.dr String found in binary or memory: http://imgcache.qq.com/bossweb/service/touch/images/bg_search.png)
Source: share[1].css.3.dr String found in binary or memory: http://imgcache.qq.com/bossweb/service/touch/images/disagree.png);
Source: share[1].css.3.dr String found in binary or memory: http://imgcache.qq.com/bossweb/service/touch/images/icon_class.png)
Source: share[1].css.3.dr String found in binary or memory: http://imgcache.qq.com/bossweb/service/touch/images/icon_del.png)
Source: share[1].css.3.dr String found in binary or memory: http://imgcache.qq.com/bossweb/service/touch/images/icon_gohome.png)
Source: share[1].css.3.dr String found in binary or memory: http://imgcache.qq.com/bossweb/service/touch/images/icon_img_16.png);
Source: share[1].css.3.dr String found in binary or memory: http://imgcache.qq.com/bossweb/service/touch/images/icon_info.png)
Source: share[1].css.3.dr String found in binary or memory: http://imgcache.qq.com/bossweb/service/touch/images/icon_info_72.png)
Source: share[1].css.3.dr String found in binary or memory: http://imgcache.qq.com/bossweb/service/touch/images/icon_ok.png)
Source: share[1].css.3.dr String found in binary or memory: http://imgcache.qq.com/bossweb/service/touch/images/icon_ok_72.png)
Source: share[1].css.3.dr String found in binary or memory: http://imgcache.qq.com/bossweb/service/touch/images/icon_plus.png)
Source: share[1].css.3.dr String found in binary or memory: http://imgcache.qq.com/bossweb/service/touch/images/icon_plus_green.png)
Source: share[1].css.3.dr String found in binary or memory: http://imgcache.qq.com/bossweb/service/touch/images/icon_qes.png)
Source: share[1].css.3.dr String found in binary or memory: http://imgcache.qq.com/bossweb/service/touch/images/icon_search.png)
Source: share[1].css.3.dr String found in binary or memory: http://imgcache.qq.com/bossweb/service/touch/images/icon_tip.png)
Source: share[1].css.3.dr String found in binary or memory: http://imgcache.qq.com/bossweb/service/touch/images/icon_tip_72.png)
Source: wx_inner[1].css.3.dr String found in binary or memory: http://imgcache.qq.com/bossweb/service/touch/images/icon_tips.png)
Source: share[1].css.3.dr String found in binary or memory: http://imgcache.qq.com/bossweb/service/touch/images/icon_wrong.png)
Source: share[1].css.3.dr String found in binary or memory: http://imgcache.qq.com/bossweb/service/touch/images/icon_wrong_72.png)
Source: wx_inner[1].css.3.dr String found in binary or memory: http://imgcache.qq.com/bossweb/service/touch/images/wx_inner/icon_mcp.png)
Source: wx_inner[1].css.3.dr String found in binary or memory: http://imgcache.qq.com/bossweb/service/touch/images/wx_inner/icon_search.png)
Source: wx_inner[1].css.3.dr String found in binary or memory: http://imgcache.qq.com/bossweb/service/touch/images/wx_inner/icon_shut.png)
Source: kf_login_tools[1].js.3.dr String found in binary or memory: http://imgcache.qq.com/bossweb/service/v7/images/icon-service.png
Source: scene_faq[1].htm.3.dr String found in binary or memory: http://kf.qq.com/
Source: registermidpage[1].htm.3.dr String found in binary or memory: http://kf.qq.com/faq/170815aUZjeQ170815mU7bI7.html
Source: registermidpage[1].htm.3.dr String found in binary or memory: http://kf.qq.com/faq/190528amEJfI190528Bn2Q7z.html
Source: kf_login_tools[1].js.3.dr String found in binary or memory: http://kf.qq.com/newlogin/qc_callback.html
Source: announce[3].htm.3.dr, VX22BC5U.htm.3.dr, opshowpage[1].htm.3.dr String found in binary or memory: http://kf.qq.com/product/weixinmp.html
Source: layer[1].js.3.dr String found in binary or memory: http://layer.layui.com/
Source: wx53803f[1].js.3.dr String found in binary or memory: http://mmbiz.qpic.cn/
Source: opshowpage[1].htm.3.dr String found in binary or memory: http://mmbiz.qpic.cn/mmbiz/ByCS3p9sHianpGy0vCWQsiahzY2mYtoDTcka4sJlD1PTS0MjOSn5sibTdLPb8xiaKiafuiab2
Source: opshowpage[1].htm.3.dr String found in binary or memory: http://mmbiz.qpic.cn/mmbiz/ByCS3p9sHianpGy0vCWQsiam8Bk1gqf0VJmlp3UaxJ3aUA0w0VHvNy5Aa6bkKkJQf1Yus6ZXx
Source: opshowpage[1].htm.3.dr String found in binary or memory: http://mmbiz.qpic.cn/mmbiz/ByCS3p9sHianpGy0vCWQsiatfuEtzA8QIYJYwFcGDF5diaicDau5Voh5nqyBXuxJE9lmiaxFH
Source: operation531a40[1].js.3.dr String found in binary or memory: http://mmbiz.qpic.cn/mmbiz/icTdbqWNOwNRzNyksbtsXmn9n8yiaY6OfLAXC7AVWicYSguc47ibOicWfRDkf2j3eZ5msoKw9
Source: announce[1].htm.3.dr String found in binary or memory: http://mmbiz.qpic.cn/mmbiz_jpg/PiajxSqBRaEIQxibpLbyuSKibkkRsARXa5UNlS1RXgxyJYYmT8I7m0KricFdib41uMX3m
Source: announce[1].htm.3.dr String found in binary or memory: http://mmbiz.qpic.cn/mmbiz_jpg/PiajxSqBRaEIQxibpLbyuSKibkkRsARXa5Ufiautz6rpA0GDjic66uRafVXpa8OEDmx5n
Source: announce[1].htm.3.dr String found in binary or memory: http://mmbiz.qpic.cn/mmbiz_jpg/PiajxSqBRaEIQxibpLbyuSKibkkRsARXa5Uv4PLgLzJx9zKpRGQpDDqrYKGMUz7KkPx8i
Source: opshowpage[1].htm.3.dr String found in binary or memory: http://mmbiz.qpic.cn/mmbiz_jpg/bibwa2JU7nS1GE4DZM1qia6KMAI63xWbj6EiawRd4QHnK7uJDvGtrGWlUPfhI97RBjKRb
Source: opshowpage[1].htm.3.dr String found in binary or memory: http://mmbiz.qpic.cn/mmbiz_jpg/iaFicQ6852LK17YHvAo8ibRcQ73ibSRGZ8n4SAgSiaHPJNSDVE3KTkcAeHdzeTPibP2Jh
Source: opshowpage[1].htm.3.dr String found in binary or memory: http://mmbiz.qpic.cn/mmbiz_png/ZbfXXfBDcJLno1e1UqjrWib4PU6YuqibXPYg8RHyPZ1D7ib75wZqBbHvXxSzia55QTrbr
Source: opshowpage[1].htm.3.dr String found in binary or memory: http://mmbiz.qpic.cn/sz_mmbiz_png/3GibxlHsvCQZWfOQB1fhM53JHgdNrhP9E5d9u27FKriceD6TQfflQ3xKuVxI4897YU
Source: opshowpage[1].htm.3.dr String found in binary or memory: http://mmbiz.qpic.cn/sz_mmbiz_png/3GibxlHsvCQZWfOQB1fhM53JHgdNrhP9ECmXibbqYBLC1BD5zqzG8VTOrf6hXk1ib4
Source: opshowpage[1].htm.3.dr String found in binary or memory: http://mmbiz.qpic.cn/sz_mmbiz_png/3GibxlHsvCQZWfOQB1fhM53JHgdNrhP9EWS1eULkneEJaYGcbvFAia50SWyG4y793t
Source: readtemplate[1].htm.3.dr String found in binary or memory: http://mp.weixin.qq.com/acct/findacct?action=scan
Source: opshowpage[1].htm.3.dr String found in binary or memory: http://qq.com/s?a=b#rd
Source: loginpage53b401[1].js.3.dr String found in binary or memory: http://sizzlejs.com/
Source: opshowpage[1].htm.3.dr String found in binary or memory: http://weixin.qq.com/cgi-bin/readtemplate?uin=&stype=&promote=&fr=&lang=zh_CN&AD
Source: loginpage53b401[1].js.3.dr String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: opshowpage[1].htm.3.dr String found in binary or memory: http://www.qq.com/contract.shtml)
Source: readtemplate[1].htm.3.dr String found in binary or memory: http://www.tencent.com/en-us/index.shtml
Source: announce[3].htm.3.dr, VX22BC5U.htm.3.dr, filepage[1].htm.3.dr, announce[2].htm.3.dr, opshowpage[1].htm.3.dr, announce[1].htm.3.dr String found in binary or memory: http://www.tencent.com/zh-cn/index.shtml
Source: readtemplate[1].htm.3.dr String found in binary or memory: http://www.wechat.com
Source: qrconnect[1].htm.3.dr String found in binary or memory: http://zyjc.sec.qq.com/dom
Source: qq_wx_login[1].js.3.dr String found in binary or memory: https://110.qq.com/ext/login/css/iframe_login_wx.css
Source: jserr538ca4[1].js0.3.dr, jserr41f237[1].js.3.dr String found in binary or memory: https://badjs.weixinbridge.com/badjs
Source: VX22BC5U.htm.3.dr, moon531a40[1].js.3.dr String found in binary or memory: https://badjs.weixinbridge.com/badjs?id=
Source: announce[3].htm.3.dr String found in binary or memory: https://badjs.weixinbridge.com/badjs?id=11&uin=
Source: wx53803f[1].js.3.dr String found in binary or memory: https://badjs.weixinbridge.com/badjs?id=5&uin=
Source: wx53803f[1].js.3.dr, wx538042[1].js.3.dr String found in binary or memory: https://badjs.weixinbridge.com/badjs?id=92&level=4&uin=
Source: wx538042[1].js.3.dr, loginpage53b401[1].js.3.dr String found in binary or memory: https://badjs.weixinbridge.com/badjs?level=4&uin=
Source: moon531a40[1].js.3.dr, badjs51fdff[1].js.3.dr String found in binary or memory: https://badjs.weixinbridge.com/report
Source: moon531a40[1].js.3.dr, badjs51fdff[1].js.3.dr String found in binary or memory: https://badjs.weixinbridge.com/report?
Source: {ACFC0C43-6C83-11EB-90EB-ECF4BBEA1588}.dat.1.dr String found in binary or memory: https://developers.wei
Source: announce[3].htm.3.dr String found in binary or memory: https://developers.weixin.qq.com/community/minihome/question/1277775808983138305#
Source: loginpage53b401[1].js.3.dr String found in binary or memory: https://developers.weixin.qq.com/community/minihome/question/1277775808983138305?mockCommonUse=1
Source: ~DF9D066DA7F06B588E.TMP.1.dr String found in binary or memory: https://developers.weixin.qq.com/doc/offiaccount/Getting_Started/Overview.html
Source: ~DF9D066DA7F06B588E.TMP.1.dr String found in binary or memory: https://developers.weixin.qq.com/doc/offiaccount/Getting_Started/Overview.html11675442mjwVp&version=
Source: VX22BC5U.htm.3.dr String found in binary or memory: https://developers.weixin.qq.com/minigame/dev/guide/
Source: VX22BC5U.htm.3.dr String found in binary or memory: https://developers.weixin.qq.com/miniprogram/design/index.html
Source: VX22BC5U.htm.3.dr String found in binary or memory: https://developers.weixin.qq.com/miniprogram/dev/framework
Source: VX22BC5U.htm.3.dr String found in binary or memory: https://developers.weixin.qq.com/miniprogram/product/index.html
Source: loginpage53b401[1].js.3.dr String found in binary or memory: https://github.com/carhartl/jquery-cookie
Source: vue.2.6.10538ca4[1].js.3.dr String found in binary or memory: https://github.com/vuejs/vue-devtools
Source: qq_wx_login[1].js.3.dr String found in binary or memory: https://graph.qq.com/oauth2.0/authorize?response_type=code&client_id=
Source: kf_login_tools[1].js.3.dr String found in binary or memory: https://graph.qq.com/oauth2.0/authorize?response_type=code&client_id=101487640&redirect_uri=
Source: announce[3].htm.3.dr String found in binary or memory: https://js.aq.qq.com/js/aq_common.js
Source: qq_wx_login[1].js.3.dr, {ACFC0C43-6C83-11EB-90EB-ECF4BBEA1588}.dat.1.dr String found in binary or memory: https://kf.qq.com
Source: kf_login_tools[1].js.3.dr, qq_wx_login[1].js.3.dr, kf_head_v8[1].js.3.dr String found in binary or memory: https://kf.qq.com/cgi-bin/qqConnectLogin
Source: qq_wx_login[1].js.3.dr String found in binary or memory: https://kf.qq.com/cgi-bin/qqConnectLogin?jumpurl=
Source: qrconnect[1].htm.3.dr String found in binary or memory: https://kf.qq.com/cgi-bin/wxloginKFWeb?jumpurl=https%3A%2F%2Fkf.qq.com%2Ffaq%2F120911VrYVrA15091832Q
Source: qrconnect[1].htm.3.dr String found in binary or memory: https://kf.qq.com/ext/login/css/iframe_login_wx.css
Source: {ACFC0C43-6C83-11EB-90EB-ECF4BBEA1588}.dat.1.dr String found in binary or memory: https://kf.qq.com/faq/
Source: ~DF9D066DA7F06B588E.TMP.1.dr String found in binary or memory: https://kf.qq.com/faq/120911VrYVrA15091832Qzqq.html?scene_id=kf3384
Source: ~DF9D066DA7F06B588E.TMP.1.dr String found in binary or memory: https://kf.qq.com/faq/120911VrYVrA15091832Qzqq.html?scene_id=kf3384-1w.html
Source: 120911VrYVrA15091832Qzqq[1].htm.3.dr String found in binary or memory: https://kf.qq.com/faq/170815aUZjeQ170815mU7bI7.html
Source: imagestore.dat.3.dr String found in binary or memory: https://kf.qq.com/favicon.ico~
Source: qq_wx_login[1].js.3.dr String found in binary or memory: https://kf.qq.com/product/zhzh.html
Source: {ACFC0C43-6C83-11EB-90EB-ECF4BBEA1588}.dat.1.dr String found in binary or memory: https://kf.qq.com/touc
Source: ~DF9D066DA7F06B588E.TMP.1.dr, {ACFC0C43-6C83-11EB-90EB-ECF4BBEA1588}.dat.1.dr String found in binary or memory: https://kf.qq.com/touch/scene_faq.html?scene_id=kf3386
Source: ~DF9D066DA7F06B588E.TMP.1.dr String found in binary or memory: https://kf.qq.com/touch/scene_faq.html?scene_id=kf3386lhttps://kf.qq.com/touch/scene_faq.html?scene_
Source: ~DF9D066DA7F06B588E.TMP.1.dr String found in binary or memory: https://kf.qq.com/touch/scene_faq.html?scene_id=kf3386uncementlist&lang=zh_CN11675442mjwVp&version=&
Source: qrconnect[1].htm.3.dr String found in binary or memory: https://long.open.weixin.qq.com
Source: qrconnect[1].htm.3.dr String found in binary or memory: https://long.open.weixin.qq.com/connect/l/qrconnect?uuid=081umVUa4Pfn0003
Source: qrconnect[1].htm.3.dr String found in binary or memory: https://lp.open.weixin.qq.com
Source: wx53803f[1].js.3.dr String found in binary or memory: https://mmbiz.qlogo.cn/
Source: opshowpage[1].htm.3.dr String found in binary or memory: https://mmbiz.qpic.cn/mmbiz_png/OiaFLUqewuIAaa5ic2UztnhlLVQ9EXibYRibRxicTDEWq9VmoAxaZPj76AG9RJyGsTKR
Source: announce[2].htm.3.dr String found in binary or memory: https://mmbiz.qpic.cn/mmbiz_png/cVgP5bCElFjhZsZ8OicnQFiczWibVAbiakEAG4coMJC3yTSU8XpFw3aA2IyXINT7PzAb
Source: announce[2].htm.3.dr String found in binary or memory: https://mmbiz.qpic.cn/mmbiz_png/cVgP5bCElFjhZsZ8OicnQFiczWibVAbiakEAm9rDOeFz9Iq9abg3HUXJEKOwPcygy3dv
Source: opshowpage[1].htm.3.dr String found in binary or memory: https://mmbiz.qpic.cn/sz_mmbiz_png/3GibxlHsvCQbqFhbF5qOhADvae4ia4kHjAVYEay3icibeczibJqPxnRgw4cnRQoz7
Source: {ACFC0C43-6C83-11EB-90EB-ECF4BBEA1588}.dat.1.dr String found in binary or memory: https://mp.weixin
Source: {ACFC0C43-6C83-11EB-90EB-ECF4BBEA1588}.dat.1.dr String found in binary or memory: https://mp.weixin.qq.c
Source: ~DF9D066DA7F06B588E.TMP.1.dr String found in binary or memory: https://mp.weixin.qq.com/
Source: {ACFC0C43-6C83-11EB-90EB-ECF4BBEA1588}.dat.1.dr String found in binary or memory: https://mp.weixin.qq.com/Root
Source: ~DF9D066DA7F06B588E.TMP.1.dr, {ACFC0C43-6C83-11EB-90EB-ECF4BBEA1588}.dat.1.dr String found in binary or memory: https://mp.weixin.qq.com/T
Source: ~DF9D066DA7F06B588E.TMP.1.dr String found in binary or memory: https://mp.weixin.qq.com/UserP-
Source: opshowpage[1].htm.3.dr String found in binary or memory: https://mp.weixin.qq.com/cgi-bin/announce?action=getannouncement&key=11542120902Tvh1l&versio
Source: opshowpage[1].htm.3.dr String found in binary or memory: https://mp.weixin.qq.com/cgi-bin/announce?action=getannouncement&key=11544165763bBflv&versio
Source: opshowpage[1].htm.3.dr String found in binary or memory: https://mp.weixin.qq.com/cgi-bin/announce?action=getannouncement&key=11560253822ci3TK&versio
Source: opshowpage[1].htm.3.dr String found in binary or memory: https://mp.weixin.qq.com/cgi-bin/announce?action=getannouncement&key=11565151480ZCKVy&versio
Source: opshowpage[1].htm.3.dr String found in binary or memory: https://mp.weixin.qq.com/cgi-bin/announce?action=getannouncement&key=11589879962TnffN&versio
Source: ~DF9D066DA7F06B588E.TMP.1.dr String found in binary or memory: https://mp.weixin.qq.com/cgi-bin/announce?action=getannouncement&announce_id=11611675442mjwVp&versio
Source: ~DF9D066DA7F06B588E.TMP.1.dr String found in binary or memory: https://mp.weixin.qq.com/cgi-bin/announce?action=getannouncement&announce_id=116125152056kgd8&versio
Source: ~DF9D066DA7F06B588E.TMP.1.dr String found in binary or memory: https://mp.weixin.qq.com/cgi-bin/announce?action=getannouncement&key=1480927113&version=1&lang=zh_CN
Source: readtemplate[1].htm.3.dr String found in binary or memory: https://mp.weixin.qq.com/cgi-bin/announce?action=getannouncement&key=1503979103&version=1&lang=en_US
Source: {ACFC0C43-6C83-11EB-90EB-ECF4BBEA1588}.dat.1.dr String found in binary or memory: https://mp.weixin.qq.com/cgi-bin/announce?action=getannouncementliRoot
Source: ~DF9D066DA7F06B588E.TMP.1.dr String found in binary or memory: https://mp.weixin.qq.com/cgi-bin/announce?action=getannouncementlist&lang=zh_CN
Source: ~DF9D066DA7F06B588E.TMP.1.dr String found in binary or memory: https://mp.weixin.qq.com/cgi-bin/announce?action=getannouncementlist&lang=zh_CN11675442mjwVp&version
Source: {ACFC0C43-6C83-11EB-90EB-ECF4BBEA1588}.dat.1.dr String found in binary or memory: https://mp.weixin.qq.com/cgi-bin/announce?action=getannouncementlist&st&lang=zh_CN
Source: opshowpage[1].htm.3.dr String found in binary or memory: https://mp.weixin.qq.com/cgi-bin/filepage?type=2&begin=0&count=12&token=570011963&la
Source: opshowpage[1].htm.3.dr String found in binary or memory: https://mp.weixin.qq.com/cgi-bin/readtemplate?t=business/agreement_pay)
Source: ~DF9D066DA7F06B588E.TMP.1.dr String found in binary or memory: https://mp.weixin.qq.com/cgi-bin/readtemplate?t=forgetpwd/index_tmpl
Source: ~DF9D066DA7F06B588E.TMP.1.dr String found in binary or memory: https://mp.weixin.qq.com/cgi-bin/readtemplate?t=forgetpwd/index_tmplBWeChat
Source: ~DF9D066DA7F06B588E.TMP.1.dr String found in binary or memory: https://mp.weixin.qq.com/cgi-bin/readtemplate?t=forgetpwd/index_tmplCN
Source: ~DF9D066DA7F06B588E.TMP.1.dr String found in binary or memory: https://mp.weixin.qq.com/cgi-bin/readtemplate?t=forgetpwd/index_tmplCNom/a/wx_fed/assets/res/NTI4MWU
Source: opshowpage[1].htm.3.dr String found in binary or memory: https://mp.weixin.qq.com/cgi-bin/readtemplate?t=home/agreement_tmpl&type=info&lang=zh_CN)
Source: {ACFC0C43-6C83-11EB-90EB-ECF4BBEA1588}.dat.1.dr String found in binary or memory: https://mp.weixin.qq.com/cgi-bin/registermidpage?Root
Source: ~DF9D066DA7F06B588E.TMP.1.dr String found in binary or memory: https://mp.weixin.qq.com/cgi-bin/registermidpage?action=index&lang=zh_CN
Source: {ACFC0C43-6C83-11EB-90EB-ECF4BBEA1588}.dat.1.dr String found in binary or memory: https://mp.weixin.qq.com/cgi-bin/registermidpage?p.weixin.qq.com/cgi-bin/registermidpage?action=inde
Source: jserr41f237[1].js.3.dr, wx538042[1].js.3.dr String found in binary or memory: https://mp.weixin.qq.com/misc/jslog?id=
Source: announce[3].htm.3.dr String found in binary or memory: https://mp.weixin.qq.com/misc/jslog?id=112&content=
Source: announce[3].htm.3.dr String found in binary or memory: https://mp.weixin.qq.com/misc/jslog?id=113&content=
Source: wx53803f[1].js.3.dr String found in binary or memory: https://mp.weixin.qq.com/misc/jslog?id=114&content=tmpl_error
Source: jserr41f237[1].js.3.dr String found in binary or memory: https://mp.weixin.qq.com/misc/jslog?id=65&content=
Source: ~DF9D066DA7F06B588E.TMP.1.dr String found in binary or memory: https://mp.weixin.qq.com/mp/opshowpage?action=newoplaw
Source: ~DF9D066DA7F06B588E.TMP.1.dr String found in binary or memory: https://mp.weixin.qq.com/mp/opshowpage?action=newoplaw#t3-1
Source: ~DF9D066DA7F06B588E.TMP.1.dr String found in binary or memory: https://mp.weixin.qq.com/mp/opshowpage?action=newoplaw#t3-1zh_CN#t3-1w.html
Source: ~DF9D066DA7F06B588E.TMP.1.dr String found in binary or memory: https://mp.weixin.qq.com/mp/opshowpage?action=newoplaw&lang=zh_CN
Source: VX22BC5U.htm.3.dr String found in binary or memory: https://mp.weixin.qq.com/mp/opshowpage?action=newoplaw&lang=zh_CN#t3-1
Source: ~DF9D066DA7F06B588E.TMP.1.dr String found in binary or memory: https://mp.weixin.qq.com/mp/opshowpage?action=newoplaw&lang=zh_CN#t3-1w.html
Source: announce[1].htm0.3.dr String found in binary or memory: https://mp.weixin.qq.com/s/Od2KRbTAnXjzeeHeaczdIw">
Source: loginpage53b401[1].js.3.dr String found in binary or memory: https://mp.weixin.qq.com/webpoc/customerService?type=13
Source: registermidpage[1].htm.3.dr String found in binary or memory: https://mp.weixin.qq.com/wxopen/waregister?action=step1
Source: {ACFC0C43-6C83-11EB-90EB-ECF4BBEA1588}.dat.1.dr String found in binary or memory: https://mp.weixinRoot
Source: loginpage53b401[1].js.3.dr String found in binary or memory: https://mths.be/startswith
Source: loginpage53b401[1].js.3.dr String found in binary or memory: https://open.weixin.qq.com/
Source: opshowpage[1].htm.3.dr String found in binary or memory: https://pay.weixin.qq.com/index.php/public/apply_sign/protocol_v2)
Source: opshowpage[1].htm.3.dr String found in binary or memory: https://qy.weixin.qq.com/cgi-bin/readtemplate?t=standard_op.html)
Source: wx53803f[1].js.3.dr String found in binary or memory: https://res.wx.qq.com
Source: sea492dc4[1].js.3.dr String found in binary or memory: https://res.wx.qq.com/
Source: announce[3].htm.3.dr String found in binary or memory: https://res.wx.qq.com/a/fed_upload/9300e7ac-cec5-4454-b75c-f92260dd5b47/logo-mp.ico
Source: announce[3].htm.3.dr, VX22BC5U.htm.3.dr, readtemplate[1].htm.3.dr String found in binary or memory: https://res.wx.qq.com/a/wx_fed/assets/res/MjliNWVm.svg
Source: announce[3].htm.3.dr, VX22BC5U.htm.3.dr String found in binary or memory: https://res.wx.qq.com/a/wx_fed/assets/res/NTI4MWU5.ico
Source: imagestore.dat.3.dr String found in binary or memory: https://res.wx.qq.com/a/wx_fed/assets/res/NTI4MWU5.ico;
Source: announce[3].htm.3.dr, VX22BC5U.htm.3.dr, readtemplate[1].htm.3.dr String found in binary or memory: https://res.wx.qq.com/a/wx_fed/assets/res/OTE0YTAw.png
Source: announce[3].htm.3.dr String found in binary or memory: https://res.wx.qq.com/c/=/mpres/zh_CN/htmledition/js/tpl/pagebar.html492dc0.js
Source: qrconnect[1].htm.3.dr String found in binary or memory: https://res.wx.qq.com/connect/en_US/htmledition/images/favicon3696b4.ico
Source: qrconnect[1].htm.3.dr String found in binary or memory: https://res.wx.qq.com/connect/en_US/htmledition/js/jquery.min3696b4.js
Source: qrconnect[1].htm.3.dr String found in binary or memory: https://res.wx.qq.com/connect/en_US/htmledition/style/impowerApp45a337.css
Source: readtemplate[1].htm.3.dr String found in binary or memory: https://res.wx.qq.com/mpres/en_US/htmledition/comm_htmledition/style/base/base.en_US49d02c.css
Source: readtemplate[1].htm.3.dr String found in binary or memory: https://res.wx.qq.com/mpres/en_US/htmledition/comm_htmledition/style/base/base524735.css
Source: readtemplate[1].htm.3.dr String found in binary or memory: https://res.wx.qq.com/mpres/en_US/htmledition/comm_htmledition/style/base/layout_head4c67b9.css
Source: readtemplate[1].htm.3.dr String found in binary or memory: https://res.wx.qq.com/mpres/en_US/htmledition/comm_htmledition/style/base/lib49d02c.css
Source: readtemplate[1].htm.3.dr String found in binary or memory: https://res.wx.qq.com/mpres/en_US/htmledition/comm_htmledition/style/base/weui-desktop_skin524735.cs
Source: readtemplate[1].htm.3.dr String found in binary or memory: https://res.wx.qq.com/mpres/en_US/htmledition/comm_htmledition/style/page/forgetpwd/index49d02c.css
Source: readtemplate[1].htm.3.dr String found in binary or memory: https://res.wx.qq.com/mpres/en_US/htmledition/js/common/lib492dc4.js
Source: readtemplate[1].htm.3.dr String found in binary or memory: https://res.wx.qq.com/mpres/en_US/htmledition/js/common/wx/mpExtensionReport492dc4.js
Source: readtemplate[1].htm.3.dr String found in binary or memory: https://res.wx.qq.com/mpres/en_US/htmledition/js/common/wx53803f.js
Source: readtemplate[1].htm.3.dr String found in binary or memory: https://res.wx.qq.com/mpres/en_US/htmledition/js/sea492dc4.js
Source: readtemplate[1].htm.3.dr String found in binary or memory: https://res.wx.qq.com/mpres/en_US/htmledition/pages/modules/base/jserr538ca4.js
Source: readtemplate[1].htm.3.dr String found in binary or memory: https://res.wx.qq.com/mpres/en_US/htmledition/pages/modules/common/badjs51fdff.js
Source: readtemplate[1].htm.3.dr String found in binary or memory: https://res.wx.qq.com/mpres/en_US/htmledition/plprecorder/biz_web/ZeroClipboard_new424267.swf
Source: readtemplate[1].htm.3.dr String found in binary or memory: https://res.wx.qq.com/mpres/en_US/htmledition/plprecorder/biz_web/uploadify424267.swf
Source: readtemplate[1].htm.3.dr String found in binary or memory: https://res.wx.qq.com/mpres/en_US/htmledition/plprecorder/biz_web/webuploader424267.swf
Source: readtemplate[1].htm.3.dr String found in binary or memory: https://res.wx.qq.com/mpres/en_US/htmledition/plprecorder/biz_web/zoom424267.swf
Source: announce[3].htm.3.dr, VX22BC5U.htm.3.dr String found in binary or memory: https://res.wx.qq.com/mpres/htmledition/images/cut-round49d02c.gif
Source: announce[2].htm.3.dr String found in binary or memory: https://res.wx.qq.com/mpres/htmledition/images/favicon49d02c.ico
Source: imagestore.dat.3.dr String found in binary or memory: https://res.wx.qq.com/mpres/htmledition/images/favicon49d02c.ico~
Source: VX22BC5U.htm.3.dr String found in binary or memory: https://res.wx.qq.com/mpres/htmledition/images/mp_qrcode49d02c.gif
Source: announce[3].htm.3.dr String found in binary or memory: https://res.wx.qq.com/mpres/htmledition/images/pic/common/pic_kf_qrcode49d02c.jpg
Source: readtemplate[1].htm.3.dr String found in binary or memory: https://res.wx.qq.com/mpres/htmledition/images/pic/pwd/icon_forgetpwd_account49d02c.png
Source: readtemplate[1].htm.3.dr String found in binary or memory: https://res.wx.qq.com/mpres/htmledition/images/pic/pwd/icon_forgetpwd_pwd49d02c.png
Source: announce[2].htm.3.dr String found in binary or memory: https://res.wx.qq.com/mpres/htmledition/images/pic/share49d02c.png
Source: VX22BC5U.htm.3.dr String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition//3rd/vue/vue.2.6.10538ca4.js
Source: announce[3].htm.3.dr String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/comm_htmledition/style/base/base524733.css
Source: announce[3].htm.3.dr String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/comm_htmledition/style/base/layout_head4c67b6.css
Source: announce[3].htm.3.dr String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/comm_htmledition/style/base/lib49d030.css
Source: announce[3].htm.3.dr, announce[2].htm.3.dr String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/comm_htmledition/style/base/weui-desktop_skin524733.cs
Source: announce[2].htm.3.dr String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/comm_htmledition/style/page/page_announcement4c67b6.cs
Source: filepage[1].htm.3.dr String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/comm_htmledition/style/page/page_error49d030.css
Source: VX22BC5U.htm.3.dr String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/comm_htmledition/style/page/page_login4d6140.css
Source: announce[3].htm.3.dr String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/comm_htmledition/style/page/page_news_list49d030.css
Source: announce[1].htm.3.dr String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/comm_htmledition/style/page/page_protocol4daee3.css
Source: registermidpage[1].htm.3.dr String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/comm_htmledition/style/page/register/account_type49d03
Source: announce[3].htm.3.dr String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/js/common/lib492dc0.js
Source: announce[2].htm.3.dr String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/js/common/wx/jserr41f237.js
Source: announce[3].htm.3.dr String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/js/common/wx/mpExtensionReport492dc0.js
Source: announce[3].htm.3.dr String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/js/common/wx538042.js
Source: announce[3].htm.3.dr String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/js/sea492dc0.js
Source: VX22BC5U.htm.3.dr String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/pages/login/loginpage/images/default_qrcode_2x4b3e56.p
Source: VX22BC5U.htm.3.dr String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/pages/login/loginpage/loginpage53b394.css
Source: VX22BC5U.htm.3.dr String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/pages/login/loginpage/loginpage53b401.js
Source: VX22BC5U.htm.3.dr String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/pages/login/loginpage/style/loginpage4daeaf.css
Source: VX22BC5U.htm.3.dr String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/pages/login/loginscan/loginscan53b394.css
Source: announce[3].htm.3.dr, VX22BC5U.htm.3.dr String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/pages/modules/base/jserr538ca4.js
Source: announce[3].htm.3.dr, VX22BC5U.htm.3.dr String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/pages/modules/common/badjs538ca4.js
Source: announce[3].htm.3.dr, VX22BC5U.htm.3.dr String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/plprecorder/biz_web/ZeroClipboard_new3a7b38.swf
Source: V31QAJ8G.htm.3.dr String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/plprecorder/biz_web/audiojs.swf
Source: VX22BC5U.htm.3.dr String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/plprecorder/biz_web/audiojs3a7b38.swf
Source: announce[3].htm.3.dr, VX22BC5U.htm.3.dr String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/plprecorder/biz_web/uploadify3a7b38.swf
Source: announce[3].htm.3.dr, VX22BC5U.htm.3.dr String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/plprecorder/biz_web/webuploader3a7b38.swf
Source: announce[3].htm.3.dr, VX22BC5U.htm.3.dr String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/plprecorder/biz_web/zoom3a7b38.swf
Source: VX22BC5U.htm.3.dr String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/weui-desktopSkin-common/svg/default/account-logout538c
Source: VX22BC5U.htm.3.dr String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/weui-desktopSkin-common/svg/default/account-setting538
Source: VX22BC5U.htm.3.dr String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/weui-desktopSkin-common/svg/default/account-user538ca4
Source: VX22BC5U.htm.3.dr String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/weui-desktopSkin-common/svg/default/account-wxverify53
Source: opshowpage[1].htm.3.dr String found in binary or memory: https://res.wx.qq.com/op_res/-BoLzbFMWaIrntk_TkoJpxw4GCqzVZNw5R90GxnvJgRA9lEfEFILq7pOHtm2jAXh"
Source: opshowpage[1].htm.3.dr String found in binary or memory: https://res.wx.qq.com/op_res/2EwGUTQNhAWGoAAmi6lnBjBLGLW1HcIY_ImTI6m7rJdcXuXXqfBHcuuzXVbgu111"
Source: opshowpage[1].htm.3.dr String found in binary or memory: https://res.wx.qq.com/op_res/7Vyht0afDn4LqlNePXYwajA7Fefo4QYjj0T43crTZxf4NPIxNISHTGaezdc_wLBh"
Source: opshowpage[1].htm.3.dr String found in binary or memory: https://res.wx.qq.com/op_res/Jop-OVwQGtgt-UsOOsV7c_fNxz2nL-5NB56gnfVbDgkw7tKHt_fw3-NNjtQu1Nuh"
Source: opshowpage[1].htm.3.dr String found in binary or memory: https://res.wx.qq.com/op_res/OFNCMaL1i7ui6VfWXkStMe6S2W7PnTz7w8a3kiidN2nCia1STIKu6Yyedj6Ej10O"
Source: opshowpage[1].htm.3.dr String found in binary or memory: https://res.wx.qq.com/op_res/OjwSIfop8TB75T4BmjCGygBvQpplHMiQBboVtE4SszVJtABt169leU0Vfb7Df9-8"
Source: opshowpage[1].htm.3.dr String found in binary or memory: https://res.wx.qq.com/op_res/P9ZREIJ7lQGS-V4v_uXBInG4ZgyR2RRlxhLmz3BGyI9PVs7yIKnLmBc9Y2mAJtXn"
Source: opshowpage[1].htm.3.dr String found in binary or memory: https://res.wx.qq.com/op_res/Pokqf5zeFn166dulcAnIlZ7y2SmCMTbeLT8vCG9sHSy-Xa5HPKqcK7wqumtvPDJD"
Source: opshowpage[1].htm.3.dr String found in binary or memory: https://res.wx.qq.com/op_res/UUXSZ9IsDdPgJoirv86m4I1aFnLkhDYYDVA8SwUCrS0jnCq77rJwPXNFS-N8tLEJ"
Source: opshowpage[1].htm.3.dr String found in binary or memory: https://res.wx.qq.com/op_res/WL6ARo8kHqZupTpSRjHStUTUMEos6nu22Wghy81YRkMzwytVgtExZxW9WWX4yncS"
Source: opshowpage[1].htm.3.dr String found in binary or memory: https://res.wx.qq.com/op_res/bsv6bJb_SmltBbPFIFUc3E7P_x86FaYHDwXnsmciFmCIEebennQGmyp8p7GtFkam"
Source: opshowpage[1].htm.3.dr String found in binary or memory: https://res.wx.qq.com/op_res/c33yinftKNE-lVzqSzF8Yhvnt5CXZlAfB8rXKr2xhE2AUphjHUb3ONRhQWGHiKAF"
Source: opshowpage[1].htm.3.dr String found in binary or memory: https://res.wx.qq.com/op_res/fPHfdvcDUZ-s6ZDMwZgQ1YBjqVkP3AQcycpppDNippZvfnmnV2Fkp8mU_FJQOG-x"
Source: opshowpage[1].htm.3.dr String found in binary or memory: https://res.wx.qq.com/op_res/hfAHTBMm_3llblfuh0qpObg7vk2dygWV79pTi815Acym2UZVV4NrkQLaov45hzfd"
Source: opshowpage[1].htm.3.dr String found in binary or memory: https://res.wx.qq.com/op_res/jCojRetXqnwvtIc1V6YO3p64SMjpP11OEifqkk5g4xh-8DnZ_7vbyMKzBLrNHpGo"
Source: loginpage53b401[1].js.3.dr String found in binary or memory: https://res.wx.qq.com/op_res/psywC48kJmEgVoYSeDY-cthGNxT7S4a3Nn37zBOd4jarzGtle_UyIu-0aDZmW_BF
Source: opshowpage[1].htm.3.dr String found in binary or memory: https://res.wx.qq.com/op_res/sW_boqEmX0baFRnmOKb7rE_qXrOZcZ1R6iOrSxNfBnncWu5_Lk69mCphtHh30nWG"
Source: qr4b3e56[1].svg.3.dr String found in binary or memory: https://sketch.com
Source: loginpage53b401[1].js.3.dr String found in binary or memory: https://user-images.githubusercontent.com/4378939/96119407-8550cd00-0f1f-11eb-937c-632cabd8aaa8.png
Source: vue.2.6.10538ca4[1].js.3.dr String found in binary or memory: https://vuejs.org/guide/deployment.html
Source: vue.2.6.10538ca4[1].js.3.dr String found in binary or memory: https://vuejs.org/guide/list.html#key
Source: vue.2.6.10538ca4[1].js.3.dr String found in binary or memory: https://vuejs.org/v2/api/#data
Source: vue.2.6.10538ca4[1].js.3.dr String found in binary or memory: https://vuejs.org/v2/guide/components.html#data-Must-Be-a-Function
Source: vue.2.6.10538ca4[1].js.3.dr String found in binary or memory: https://vuejs.org/v2/guide/reactivity.html#Declaring-Reactive-Properties.
Source: VX22BC5U.htm.3.dr String found in binary or memory: https://work.weixin.qq.com/?from=mp_home
Source: registermidpage[1].htm.3.dr String found in binary or memory: https://work.weixin.qq.com/nl/sem/registe?from=mp_register_select&type=1
Source: loginpage53b401[1].js.3.dr String found in binary or memory: https://work.weixin.qq.com/wework_admin/loginpage_wx?from=mp
Source: 120911VrYVrA15091832Qzqq[1].htm.3.dr String found in binary or memory: https://www.tencent.com/en-us/index.html
Source: 120911VrYVrA15091832Qzqq[1].htm.3.dr String found in binary or memory: https://www.tencent.com/zh-cn/index.html
Source: opshowpage[1].htm.3.dr String found in binary or memory: https://wxa.wxs.qq.com
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown HTTPS traffic detected: 203.205.232.110:443 -> 192.168.2.4:49734 version: TLS 1.2
Source: unknown HTTPS traffic detected: 203.205.232.110:443 -> 192.168.2.4:49735 version: TLS 1.2
Source: unknown HTTPS traffic detected: 150.109.206.154:443 -> 192.168.2.4:49737 version: TLS 1.2
Source: unknown HTTPS traffic detected: 150.109.206.154:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknown HTTPS traffic detected: 150.109.206.154:443 -> 192.168.2.4:49738 version: TLS 1.2
Source: unknown HTTPS traffic detected: 150.109.206.154:443 -> 192.168.2.4:49736 version: TLS 1.2
Source: unknown HTTPS traffic detected: 150.109.206.154:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: unknown HTTPS traffic detected: 211.152.136.121:443 -> 192.168.2.4:49775 version: TLS 1.2
Source: unknown HTTPS traffic detected: 211.152.136.121:443 -> 192.168.2.4:49776 version: TLS 1.2
Source: unknown HTTPS traffic detected: 203.205.235.37:443 -> 192.168.2.4:49783 version: TLS 1.2
Source: unknown HTTPS traffic detected: 150.109.206.154:443 -> 192.168.2.4:49788 version: TLS 1.2
Source: unknown HTTPS traffic detected: 150.109.206.154:443 -> 192.168.2.4:49789 version: TLS 1.2
Source: unknown HTTPS traffic detected: 150.109.206.154:443 -> 192.168.2.4:49792 version: TLS 1.2
Source: unknown HTTPS traffic detected: 150.109.206.154:443 -> 192.168.2.4:49790 version: TLS 1.2
Source: unknown HTTPS traffic detected: 150.109.206.154:443 -> 192.168.2.4:49791 version: TLS 1.2
Source: unknown HTTPS traffic detected: 203.205.235.37:443 -> 192.168.2.4:49815 version: TLS 1.2
Source: unknown HTTPS traffic detected: 203.205.235.37:443 -> 192.168.2.4:49819 version: TLS 1.2
Source: unknown HTTPS traffic detected: 203.205.235.37:443 -> 192.168.2.4:49820 version: TLS 1.2
Source: unknown HTTPS traffic detected: 203.205.235.37:443 -> 192.168.2.4:49828 version: TLS 1.2
Source: unknown HTTPS traffic detected: 203.205.235.37:443 -> 192.168.2.4:49832 version: TLS 1.2
Source: unknown HTTPS traffic detected: 203.205.235.37:443 -> 192.168.2.4:49831 version: TLS 1.2
Source: unknown HTTPS traffic detected: 203.205.232.110:443 -> 192.168.2.4:49835 version: TLS 1.2
Source: unknown HTTPS traffic detected: 203.205.232.110:443 -> 192.168.2.4:49834 version: TLS 1.2
Source: unknown HTTPS traffic detected: 203.205.235.60:443 -> 192.168.2.4:49838 version: TLS 1.2
Source: unknown HTTPS traffic detected: 203.205.234.140:443 -> 192.168.2.4:49839 version: TLS 1.2
Source: unknown HTTPS traffic detected: 203.205.234.140:443 -> 192.168.2.4:49840 version: TLS 1.2
Source: sW_boqEmX0baFRnmOKb7rE_qXrOZcZ1R6iOrSxNfBnncWu5_Lk69mCphtHh30nWG[1].png.3.dr Binary or memory string: .Vbp
Source: classification engine Classification label: clean0.win@3/183@13/8
Source: C:\Program Files\internet explorer\iexplore.exe File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{ACFC0C41-6C83-11EB-90EB-ECF4BBEA1588}.dat Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exe File created: C:\Users\user\AppData\Local\Temp\~DF5A8707359EE8E870.TMP Jump to behavior
Source: C:\Program Files\internet explorer\iexplore.exe File read: C:\Users\desktop.ini Jump to behavior
Source: unknown Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknown Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6724 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6724 CREDAT:17410 /prefetch:2 Jump to behavior
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe File opened: C:\Windows\SysWOW64\Macromed\Flash\ss.cfg Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll Jump to behavior
Source: jCojRetXqnwvtIc1V6YO3p64SMjpP11OEifqkk5g4xh-8DnZ_7vbyMKzBLrNHpGo[1].jpg.3.dr Binary or memory string: -SQemU
windows-stand
Behavior
Click here to start
Slideshow Behavior Animation
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 352052 URL: https://mp.weixin.qq.com Startdate: 11/02/2021 Architecture: WINDOWS Score: 0 12 ssd.tcdn.qq.com 2->12 14 reswx.tcdn.qq.com 2->14 16 3 other IPs or domains 2->16 6 iexplore.exe 5 58 2->6         started        process3 dnsIp4 18 192.168.2.1 unknown unknown 6->18 9 iexplore.exe 3 292 6->9         started        process5 dnsIp6 20 ssd.tcdn.qq.com 150.109.206.154, 443, 49736, 49737 TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCN Singapore 9->20 22 mpv6.weixin.qq.com 203.205.232.110, 443, 49734, 49735 TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCN China 9->22 24 17 other IPs or domains 9->24
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
150.109.206.154
unknown Singapore
132203 TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCN false
203.205.235.60
unknown China
132203 TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCN false
58.247.205.233
unknown China
17621 CNCGROUP-SHChinaUnicomShanghainetworkCN false
211.152.136.121
unknown China
132203 TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCN false
203.205.234.140
unknown China
132203 TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCN false
203.205.235.37
unknown China
132203 TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCN false
203.205.232.110
unknown China
132203 TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCN false

Private

IP
192.168.2.1

Contacted Domains

Name IP Active
kf.qq.com 203.205.235.37 true
badjs.weixinbridge.com 58.247.205.233 true
weixin.f1weixin.download.ettdnsv.com 211.152.136.121 true
lp.open.weixin.qq.com 203.205.234.140 true
ssd.tcdn.qq.com 150.109.206.154 true
mpv6.weixin.qq.com 203.205.232.110 true
file.service.qq.com 203.205.235.60 true
mp.weixin.qq.com unknown unknown
mmbiz.qpic.cn unknown unknown
open.weixin.qq.com unknown unknown
res.wx.qq.com unknown unknown
fpdownload.macromedia.com unknown unknown
imgcache.qq.com unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
http://file.service.qq.com/user-files/uploads/202002/0a7a764c90304531d572feeaf0870cc1.png false
    high
    http://mmbiz.qpic.cn/mmbiz/ByCS3p9sHianpGy0vCWQsiatfuEtzA8QIYJYwFcGDF5diaicDau5Voh5nqyBXuxJE9lmiaxFH9t9nWP8/0 false
      high
      http://mmbiz.qpic.cn/sz_mmbiz_png/3GibxlHsvCQZWfOQB1fhM53JHgdNrhP9E5d9u27FKriceD6TQfflQ3xKuVxI4897YUKmxnNFH2W8libjRdEFV9TfQ/0?wx_fmt=png false
        high
        http://mmbiz.qpic.cn/mmbiz_jpg/iaFicQ6852LK17YHvAo8ibRcQ73ibSRGZ8n4SAgSiaHPJNSDVE3KTkcAeHdzeTPibP2Jhy0TVfXnMo6qeoZnOqT8k8NA/0?wx_fmt=jpeg false
          high
          https://kf.qq.com/touch/scene_faq.html?scene_id=kf3386 false
            high
            https://kf.qq.com/faq/120911VrYVrA15091832Qzqq.html?scene_id=kf3384 false
              high
              https://mp.weixin.qq.com/cgi-bin/readtemplate?t=forgetpwd/index_tmpl false
                high
                https://mp.weixin.qq.com/cgi-bin/announce?action=getannouncement&announce_id=116125152056kgd8&version=&lang=zh_CN false
                  high
                  http://mmbiz.qpic.cn/mmbiz_jpg/bibwa2JU7nS1GE4DZM1qia6KMAI63xWbj6EiawRd4QHnK7uJDvGtrGWlUPfhI97RBjKRbkTXeN9rMrsoFpsD6cjaA/0?wx_fmt=jpeg false
                    high
                    https://developers.weixin.qq.com/doc/offiaccount/Getting_Started/Overview.html false
                      high