Analysis Report https://mp.weixin.qq.com

Overview

General Information

Sample URL:	https://mp.weixin.qq.com
Analysis ID:	352052
Most interesting Screenshot:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

No high impact signatures.

Classification

Signatures

There are no high impact signatures.

Compliance:

Uses new MSVCR Dlls

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Uses secure TLS version for HTTPS connections

Source: unknown	HTTPS traffic detected: 203.205.232.110:443 -> 192.168.2.4:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 203.205.232.110:443 -> 192.168.2.4:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.109.206.154:443 -> 192.168.2.4:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.109.206.154:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.109.206.154:443 -> 192.168.2.4:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.109.206.154:443 -> 192.168.2.4:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.109.206.154:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 211.152.136.121:443 -> 192.168.2.4:49775 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 211.152.136.121:443 -> 192.168.2.4:49776 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 203.205.235.37:443 -> 192.168.2.4:49783 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.109.206.154:443 -> 192.168.2.4:49788 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.109.206.154:443 -> 192.168.2.4:49789 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.109.206.154:443 -> 192.168.2.4:49792 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.109.206.154:443 -> 192.168.2.4:49790 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.109.206.154:443 -> 192.168.2.4:49791 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 203.205.235.37:443 -> 192.168.2.4:49815 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 203.205.235.37:443 -> 192.168.2.4:49819 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 203.205.235.37:443 -> 192.168.2.4:49820 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 203.205.235.37:443 -> 192.168.2.4:49828 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 203.205.235.37:443 -> 192.168.2.4:49832 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 203.205.235.37:443 -> 192.168.2.4:49831 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 203.205.232.110:443 -> 192.168.2.4:49835 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 203.205.232.110:443 -> 192.168.2.4:49834 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 203.205.235.60:443 -> 192.168.2.4:49838 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 203.205.234.140:443 -> 192.168.2.4:49839 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 203.205.234.140:443 -> 192.168.2.4:49840 version: TLS 1.2

Networking:

Source: global traffic	HTTP traffic detected: GET /mmbiz_jpg/PiajxSqBRaEIQxibpLbyuSKibkkRsARXa5UNlS1RXgxyJYYmT8I7m0KricFdib41uMX3m0rtUiccELJms9Y3Th3bDOqQ/0?wx_fmt=jpeg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5Accept-Language: en-USUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Trident/6.0)Accept-Encoding: gzip, deflateHost: mmbiz.qpic.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /mmbiz_jpg/PiajxSqBRaEIQxibpLbyuSKibkkRsARXa5Ufiautz6rpA0GDjic66uRafVXpa8OEDmx5nGKg2x2HX0ErdKttt6RHRDQ/0?wx_fmt=jpeg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5Accept-Language: en-USUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Trident/6.0)Accept-Encoding: gzip, deflateHost: mmbiz.qpic.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /mmbiz_jpg/PiajxSqBRaEIQxibpLbyuSKibkkRsARXa5Uv4PLgLzJx9zKpRGQpDDqrYKGMUz7KkPx8iawAuMeNmjcUJYM7bdWRNQ/0?wx_fmt=jpeg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5Accept-Language: en-USUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Trident/6.0)Accept-Encoding: gzip, deflateHost: mmbiz.qpic.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /mmbiz_png/ZbfXXfBDcJLno1e1UqjrWib4PU6YuqibXPYg8RHyPZ1D7ib75wZqBbHvXxSzia55QTrbrKiafPbibiaLYyYeyF7fdic7Qw/0?wx_fmt=png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5Accept-Language: en-USUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Trident/6.0)Accept-Encoding: gzip, deflateHost: mmbiz.qpic.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /mmbiz/ByCS3p9sHianpGy0vCWQsiam8Bk1gqf0VJmlp3UaxJ3aUA0w0VHvNy5Aa6bkKkJQf1Yus6ZXxbYHs/0 HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5Accept-Language: en-USUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Trident/6.0)Accept-Encoding: gzip, deflateHost: mmbiz.qpic.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /mmbiz/ByCS3p9sHianpGy0vCWQsiatfuEtzA8QIYJYwFcGDF5diaicDau5Voh5nqyBXuxJE9lmiaxFH9t9nWP8/0 HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5Accept-Language: en-USUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Trident/6.0)Accept-Encoding: gzip, deflateHost: mmbiz.qpic.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /sz_mmbiz_png/3GibxlHsvCQZWfOQB1fhM53JHgdNrhP9ECmXibbqYBLC1BD5zqzG8VTOrf6hXk1ib4C9zXHXnpMHibRaf1icI8eTwJQ/0?wx_fmt=png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5Accept-Language: en-USUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Trident/6.0)Accept-Encoding: gzip, deflateHost: mmbiz.qpic.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /sz_mmbiz_png/3GibxlHsvCQZWfOQB1fhM53JHgdNrhP9EWS1eULkneEJaYGcbvFAia50SWyG4y793tRnWPlkgicwJD7AKQ8WzzNbg/0?wx_fmt=pn HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5Accept-Language: en-USUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Trident/6.0)Accept-Encoding: gzip, deflateHost: mmbiz.qpic.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /sz_mmbiz_png/3GibxlHsvCQZWfOQB1fhM53JHgdNrhP9E5d9u27FKriceD6TQfflQ3xKuVxI4897YUKmxnNFH2W8libjRdEFV9TfQ/0?wx_fmt=png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5Accept-Language: en-USUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Trident/6.0)Accept-Encoding: gzip, deflateHost: mmbiz.qpic.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /mmbiz_jpg/iaFicQ6852LK17YHvAo8ibRcQ73ibSRGZ8n4SAgSiaHPJNSDVE3KTkcAeHdzeTPibP2Jhy0TVfXnMo6qeoZnOqT8k8NA/0?wx_fmt=jpeg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5Accept-Language: en-USUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Trident/6.0)Accept-Encoding: gzip, deflateHost: mmbiz.qpic.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /mmbiz/ByCS3p9sHianpGy0vCWQsiahzY2mYtoDTcka4sJlD1PTS0MjOSn5sibTdLPb8xiaKiafuiab2Tz4G9mQ8/0 HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5Accept-Language: en-USUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Trident/6.0)Accept-Encoding: gzip, deflateHost: mmbiz.qpic.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /mmbiz_jpg/bibwa2JU7nS1GE4DZM1qia6KMAI63xWbj6EiawRd4QHnK7uJDvGtrGWlUPfhI97RBjKRbkTXeN9rMrsoFpsD6cjaA/0?wx_fmt=jpeg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5Accept-Language: en-USUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Trident/6.0)Accept-Encoding: gzip, deflateHost: mmbiz.qpic.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /user-files/uploads/202002/0a7a764c90304531d572feeaf0870cc1.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5Accept-Language: en-USUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Trident/6.0)Accept-Encoding: gzip, deflateHost: file.service.qq.comConnection: Keep-Alive

Source: unknown

DNS traffic detected: queries for: mp.weixin.qq.com

Source: util[1].js.3.dr	String found in binary or memory: http://admin.cm.com/cgi-bin/start?GroupID=295&DirectPage=
Source: loginpage53b401[1].js.3.dr	String found in binary or memory: http://admin.wechat.com/
Source: kf_creat_product[1].js.3.dr	String found in binary or memory: http://crm2.qq.com/page/portalpage/wpa.php?uin=40012345&f=1&ty=1&ap=000011
Source: VX22BC5U.htm.3.dr	String found in binary or memory: http://developers.weixin.qq.com/
Source: 120911VrYVrA15091832Qzqq[1].htm.3.dr	String found in binary or memory: http://file.service.qq.com/user-files/uploads/201612/f28aa5cae69cd955d2b2449bdda094fc.jpg
Source: 120911VrYVrA15091832Qzqq[1].htm.3.dr	String found in binary or memory: http://file.service.qq.com/user-files/uploads/201704/50a9bc972edfa45b4cc7b3e53daeeb45.jpg
Source: datB00E.tmp.3.dr, iconfont[1].eot.3.dr	String found in binary or memory: http://fontello.com
Source: datB00E.tmp.3.dr	String found in binary or memory: http://fontello.comhttp://fontello.com
Source: share[1].css.3.dr	String found in binary or memory: http://imgcache.qq.com/bossweb/service/touch/images/agree.png)
Source: share[1].css.3.dr	String found in binary or memory: http://imgcache.qq.com/bossweb/service/touch/images/alert_popup_bg.png)
Source: share[1].css.3.dr	String found in binary or memory: http://imgcache.qq.com/bossweb/service/touch/images/alert_popup_no_nor.png)
Source: share[1].css.3.dr	String found in binary or memory: http://imgcache.qq.com/bossweb/service/touch/images/alert_popup_yes_nor.png)
Source: reset[1].css.3.dr	String found in binary or memory: http://imgcache.qq.com/bossweb/service/touch/images/arrow_slt.png)
Source: share[1].css.3.dr	String found in binary or memory: http://imgcache.qq.com/bossweb/service/touch/images/bg_gotop.png)
Source: share[1].css.3.dr	String found in binary or memory: http://imgcache.qq.com/bossweb/service/touch/images/bg_header_light.png)
Source: share[1].css.3.dr	String found in binary or memory: http://imgcache.qq.com/bossweb/service/touch/images/bg_search.png)
Source: share[1].css.3.dr	String found in binary or memory: http://imgcache.qq.com/bossweb/service/touch/images/disagree.png);
Source: share[1].css.3.dr	String found in binary or memory: http://imgcache.qq.com/bossweb/service/touch/images/icon_class.png)
Source: share[1].css.3.dr	String found in binary or memory: http://imgcache.qq.com/bossweb/service/touch/images/icon_del.png)
Source: share[1].css.3.dr	String found in binary or memory: http://imgcache.qq.com/bossweb/service/touch/images/icon_gohome.png)
Source: share[1].css.3.dr	String found in binary or memory: http://imgcache.qq.com/bossweb/service/touch/images/icon_img_16.png);
Source: share[1].css.3.dr	String found in binary or memory: http://imgcache.qq.com/bossweb/service/touch/images/icon_info.png)
Source: share[1].css.3.dr	String found in binary or memory: http://imgcache.qq.com/bossweb/service/touch/images/icon_info_72.png)
Source: share[1].css.3.dr	String found in binary or memory: http://imgcache.qq.com/bossweb/service/touch/images/icon_ok.png)
Source: share[1].css.3.dr	String found in binary or memory: http://imgcache.qq.com/bossweb/service/touch/images/icon_ok_72.png)
Source: share[1].css.3.dr	String found in binary or memory: http://imgcache.qq.com/bossweb/service/touch/images/icon_plus.png)
Source: share[1].css.3.dr	String found in binary or memory: http://imgcache.qq.com/bossweb/service/touch/images/icon_plus_green.png)
Source: share[1].css.3.dr	String found in binary or memory: http://imgcache.qq.com/bossweb/service/touch/images/icon_qes.png)
Source: share[1].css.3.dr	String found in binary or memory: http://imgcache.qq.com/bossweb/service/touch/images/icon_search.png)
Source: share[1].css.3.dr	String found in binary or memory: http://imgcache.qq.com/bossweb/service/touch/images/icon_tip.png)
Source: share[1].css.3.dr	String found in binary or memory: http://imgcache.qq.com/bossweb/service/touch/images/icon_tip_72.png)
Source: wx_inner[1].css.3.dr	String found in binary or memory: http://imgcache.qq.com/bossweb/service/touch/images/icon_tips.png)
Source: share[1].css.3.dr	String found in binary or memory: http://imgcache.qq.com/bossweb/service/touch/images/icon_wrong.png)
Source: share[1].css.3.dr	String found in binary or memory: http://imgcache.qq.com/bossweb/service/touch/images/icon_wrong_72.png)
Source: wx_inner[1].css.3.dr	String found in binary or memory: http://imgcache.qq.com/bossweb/service/touch/images/wx_inner/icon_mcp.png)
Source: wx_inner[1].css.3.dr	String found in binary or memory: http://imgcache.qq.com/bossweb/service/touch/images/wx_inner/icon_search.png)
Source: wx_inner[1].css.3.dr	String found in binary or memory: http://imgcache.qq.com/bossweb/service/touch/images/wx_inner/icon_shut.png)
Source: kf_login_tools[1].js.3.dr	String found in binary or memory: http://imgcache.qq.com/bossweb/service/v7/images/icon-service.png
Source: scene_faq[1].htm.3.dr	String found in binary or memory: http://kf.qq.com/
Source: registermidpage[1].htm.3.dr	String found in binary or memory: http://kf.qq.com/faq/170815aUZjeQ170815mU7bI7.html
Source: registermidpage[1].htm.3.dr	String found in binary or memory: http://kf.qq.com/faq/190528amEJfI190528Bn2Q7z.html
Source: kf_login_tools[1].js.3.dr	String found in binary or memory: http://kf.qq.com/newlogin/qc_callback.html
Source: announce[3].htm.3.dr, VX22BC5U.htm.3.dr, opshowpage[1].htm.3.dr	String found in binary or memory: http://kf.qq.com/product/weixinmp.html
Source: layer[1].js.3.dr	String found in binary or memory: http://layer.layui.com/
Source: wx53803f[1].js.3.dr	String found in binary or memory: http://mmbiz.qpic.cn/
Source: opshowpage[1].htm.3.dr	String found in binary or memory: http://mmbiz.qpic.cn/mmbiz/ByCS3p9sHianpGy0vCWQsiahzY2mYtoDTcka4sJlD1PTS0MjOSn5sibTdLPb8xiaKiafuiab2
Source: opshowpage[1].htm.3.dr	String found in binary or memory: http://mmbiz.qpic.cn/mmbiz/ByCS3p9sHianpGy0vCWQsiam8Bk1gqf0VJmlp3UaxJ3aUA0w0VHvNy5Aa6bkKkJQf1Yus6ZXx
Source: opshowpage[1].htm.3.dr	String found in binary or memory: http://mmbiz.qpic.cn/mmbiz/ByCS3p9sHianpGy0vCWQsiatfuEtzA8QIYJYwFcGDF5diaicDau5Voh5nqyBXuxJE9lmiaxFH
Source: operation531a40[1].js.3.dr	String found in binary or memory: http://mmbiz.qpic.cn/mmbiz/icTdbqWNOwNRzNyksbtsXmn9n8yiaY6OfLAXC7AVWicYSguc47ibOicWfRDkf2j3eZ5msoKw9
Source: announce[1].htm.3.dr	String found in binary or memory: http://mmbiz.qpic.cn/mmbiz_jpg/PiajxSqBRaEIQxibpLbyuSKibkkRsARXa5UNlS1RXgxyJYYmT8I7m0KricFdib41uMX3m
Source: announce[1].htm.3.dr	String found in binary or memory: http://mmbiz.qpic.cn/mmbiz_jpg/PiajxSqBRaEIQxibpLbyuSKibkkRsARXa5Ufiautz6rpA0GDjic66uRafVXpa8OEDmx5n
Source: announce[1].htm.3.dr	String found in binary or memory: http://mmbiz.qpic.cn/mmbiz_jpg/PiajxSqBRaEIQxibpLbyuSKibkkRsARXa5Uv4PLgLzJx9zKpRGQpDDqrYKGMUz7KkPx8i
Source: opshowpage[1].htm.3.dr	String found in binary or memory: http://mmbiz.qpic.cn/mmbiz_jpg/bibwa2JU7nS1GE4DZM1qia6KMAI63xWbj6EiawRd4QHnK7uJDvGtrGWlUPfhI97RBjKRb
Source: opshowpage[1].htm.3.dr	String found in binary or memory: http://mmbiz.qpic.cn/mmbiz_jpg/iaFicQ6852LK17YHvAo8ibRcQ73ibSRGZ8n4SAgSiaHPJNSDVE3KTkcAeHdzeTPibP2Jh
Source: opshowpage[1].htm.3.dr	String found in binary or memory: http://mmbiz.qpic.cn/mmbiz_png/ZbfXXfBDcJLno1e1UqjrWib4PU6YuqibXPYg8RHyPZ1D7ib75wZqBbHvXxSzia55QTrbr
Source: opshowpage[1].htm.3.dr	String found in binary or memory: http://mmbiz.qpic.cn/sz_mmbiz_png/3GibxlHsvCQZWfOQB1fhM53JHgdNrhP9E5d9u27FKriceD6TQfflQ3xKuVxI4897YU
Source: opshowpage[1].htm.3.dr	String found in binary or memory: http://mmbiz.qpic.cn/sz_mmbiz_png/3GibxlHsvCQZWfOQB1fhM53JHgdNrhP9ECmXibbqYBLC1BD5zqzG8VTOrf6hXk1ib4
Source: opshowpage[1].htm.3.dr	String found in binary or memory: http://mmbiz.qpic.cn/sz_mmbiz_png/3GibxlHsvCQZWfOQB1fhM53JHgdNrhP9EWS1eULkneEJaYGcbvFAia50SWyG4y793t
Source: readtemplate[1].htm.3.dr	String found in binary or memory: http://mp.weixin.qq.com/acct/findacct?action=scan
Source: opshowpage[1].htm.3.dr	String found in binary or memory: http://qq.com/s?a=b#rd
Source: loginpage53b401[1].js.3.dr	String found in binary or memory: http://sizzlejs.com/
Source: opshowpage[1].htm.3.dr	String found in binary or memory: http://weixin.qq.com/cgi-bin/readtemplate?uin=&stype=&promote=&fr=&lang=zh_CN&AD
Source: loginpage53b401[1].js.3.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: opshowpage[1].htm.3.dr	String found in binary or memory: http://www.qq.com/contract.shtml)
Source: readtemplate[1].htm.3.dr	String found in binary or memory: http://www.tencent.com/en-us/index.shtml
Source: announce[3].htm.3.dr, VX22BC5U.htm.3.dr, filepage[1].htm.3.dr, announce[2].htm.3.dr, opshowpage[1].htm.3.dr, announce[1].htm.3.dr	String found in binary or memory: http://www.tencent.com/zh-cn/index.shtml
Source: readtemplate[1].htm.3.dr	String found in binary or memory: http://www.wechat.com
Source: qrconnect[1].htm.3.dr	String found in binary or memory: http://zyjc.sec.qq.com/dom
Source: qq_wx_login[1].js.3.dr	String found in binary or memory: https://110.qq.com/ext/login/css/iframe_login_wx.css
Source: jserr538ca4[1].js0.3.dr, jserr41f237[1].js.3.dr	String found in binary or memory: https://badjs.weixinbridge.com/badjs
Source: VX22BC5U.htm.3.dr, moon531a40[1].js.3.dr	String found in binary or memory: https://badjs.weixinbridge.com/badjs?id=
Source: announce[3].htm.3.dr	String found in binary or memory: https://badjs.weixinbridge.com/badjs?id=11&uin=
Source: wx53803f[1].js.3.dr	String found in binary or memory: https://badjs.weixinbridge.com/badjs?id=5&uin=
Source: wx53803f[1].js.3.dr, wx538042[1].js.3.dr	String found in binary or memory: https://badjs.weixinbridge.com/badjs?id=92&level=4&uin=
Source: wx538042[1].js.3.dr, loginpage53b401[1].js.3.dr	String found in binary or memory: https://badjs.weixinbridge.com/badjs?level=4&uin=
Source: moon531a40[1].js.3.dr, badjs51fdff[1].js.3.dr	String found in binary or memory: https://badjs.weixinbridge.com/report
Source: moon531a40[1].js.3.dr, badjs51fdff[1].js.3.dr	String found in binary or memory: https://badjs.weixinbridge.com/report?
Source: {ACFC0C43-6C83-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://developers.wei
Source: announce[3].htm.3.dr	String found in binary or memory: https://developers.weixin.qq.com/community/minihome/question/1277775808983138305#
Source: loginpage53b401[1].js.3.dr	String found in binary or memory: https://developers.weixin.qq.com/community/minihome/question/1277775808983138305?mockCommonUse=1
Source: ~DF9D066DA7F06B588E.TMP.1.dr	String found in binary or memory: https://developers.weixin.qq.com/doc/offiaccount/Getting_Started/Overview.html
Source: ~DF9D066DA7F06B588E.TMP.1.dr	String found in binary or memory: https://developers.weixin.qq.com/doc/offiaccount/Getting_Started/Overview.html11675442mjwVp&version=
Source: VX22BC5U.htm.3.dr	String found in binary or memory: https://developers.weixin.qq.com/minigame/dev/guide/
Source: VX22BC5U.htm.3.dr	String found in binary or memory: https://developers.weixin.qq.com/miniprogram/design/index.html
Source: VX22BC5U.htm.3.dr	String found in binary or memory: https://developers.weixin.qq.com/miniprogram/dev/framework
Source: VX22BC5U.htm.3.dr	String found in binary or memory: https://developers.weixin.qq.com/miniprogram/product/index.html
Source: loginpage53b401[1].js.3.dr	String found in binary or memory: https://github.com/carhartl/jquery-cookie
Source: vue.2.6.10538ca4[1].js.3.dr	String found in binary or memory: https://github.com/vuejs/vue-devtools
Source: qq_wx_login[1].js.3.dr	String found in binary or memory: https://graph.qq.com/oauth2.0/authorize?response_type=code&client_id=
Source: kf_login_tools[1].js.3.dr	String found in binary or memory: https://graph.qq.com/oauth2.0/authorize?response_type=code&client_id=101487640&redirect_uri=
Source: announce[3].htm.3.dr	String found in binary or memory: https://js.aq.qq.com/js/aq_common.js
Source: qq_wx_login[1].js.3.dr, {ACFC0C43-6C83-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://kf.qq.com
Source: kf_login_tools[1].js.3.dr, qq_wx_login[1].js.3.dr, kf_head_v8[1].js.3.dr	String found in binary or memory: https://kf.qq.com/cgi-bin/qqConnectLogin
Source: qq_wx_login[1].js.3.dr	String found in binary or memory: https://kf.qq.com/cgi-bin/qqConnectLogin?jumpurl=
Source: qrconnect[1].htm.3.dr	String found in binary or memory: https://kf.qq.com/cgi-bin/wxloginKFWeb?jumpurl=https%3A%2F%2Fkf.qq.com%2Ffaq%2F120911VrYVrA15091832Q
Source: qrconnect[1].htm.3.dr	String found in binary or memory: https://kf.qq.com/ext/login/css/iframe_login_wx.css
Source: {ACFC0C43-6C83-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://kf.qq.com/faq/
Source: ~DF9D066DA7F06B588E.TMP.1.dr	String found in binary or memory: https://kf.qq.com/faq/120911VrYVrA15091832Qzqq.html?scene_id=kf3384
Source: ~DF9D066DA7F06B588E.TMP.1.dr	String found in binary or memory: https://kf.qq.com/faq/120911VrYVrA15091832Qzqq.html?scene_id=kf3384-1w.html
Source: 120911VrYVrA15091832Qzqq[1].htm.3.dr	String found in binary or memory: https://kf.qq.com/faq/170815aUZjeQ170815mU7bI7.html
Source: imagestore.dat.3.dr	String found in binary or memory: https://kf.qq.com/favicon.ico~
Source: qq_wx_login[1].js.3.dr	String found in binary or memory: https://kf.qq.com/product/zhzh.html
Source: {ACFC0C43-6C83-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://kf.qq.com/touc
Source: ~DF9D066DA7F06B588E.TMP.1.dr, {ACFC0C43-6C83-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://kf.qq.com/touch/scene_faq.html?scene_id=kf3386
Source: ~DF9D066DA7F06B588E.TMP.1.dr	String found in binary or memory: https://kf.qq.com/touch/scene_faq.html?scene_id=kf3386lhttps://kf.qq.com/touch/scene_faq.html?scene_
Source: ~DF9D066DA7F06B588E.TMP.1.dr	String found in binary or memory: https://kf.qq.com/touch/scene_faq.html?scene_id=kf3386uncementlist&lang=zh_CN11675442mjwVp&version=&
Source: qrconnect[1].htm.3.dr	String found in binary or memory: https://long.open.weixin.qq.com
Source: qrconnect[1].htm.3.dr	String found in binary or memory: https://long.open.weixin.qq.com/connect/l/qrconnect?uuid=081umVUa4Pfn0003
Source: qrconnect[1].htm.3.dr	String found in binary or memory: https://lp.open.weixin.qq.com
Source: wx53803f[1].js.3.dr	String found in binary or memory: https://mmbiz.qlogo.cn/
Source: opshowpage[1].htm.3.dr	String found in binary or memory: https://mmbiz.qpic.cn/mmbiz_png/OiaFLUqewuIAaa5ic2UztnhlLVQ9EXibYRibRxicTDEWq9VmoAxaZPj76AG9RJyGsTKR
Source: announce[2].htm.3.dr	String found in binary or memory: https://mmbiz.qpic.cn/mmbiz_png/cVgP5bCElFjhZsZ8OicnQFiczWibVAbiakEAG4coMJC3yTSU8XpFw3aA2IyXINT7PzAb
Source: announce[2].htm.3.dr	String found in binary or memory: https://mmbiz.qpic.cn/mmbiz_png/cVgP5bCElFjhZsZ8OicnQFiczWibVAbiakEAm9rDOeFz9Iq9abg3HUXJEKOwPcygy3dv
Source: opshowpage[1].htm.3.dr	String found in binary or memory: https://mmbiz.qpic.cn/sz_mmbiz_png/3GibxlHsvCQbqFhbF5qOhADvae4ia4kHjAVYEay3icibeczibJqPxnRgw4cnRQoz7
Source: {ACFC0C43-6C83-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://mp.weixin
Source: {ACFC0C43-6C83-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://mp.weixin.qq.c
Source: ~DF9D066DA7F06B588E.TMP.1.dr	String found in binary or memory: https://mp.weixin.qq.com/
Source: {ACFC0C43-6C83-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://mp.weixin.qq.com/Root
Source: ~DF9D066DA7F06B588E.TMP.1.dr, {ACFC0C43-6C83-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://mp.weixin.qq.com/T
Source: ~DF9D066DA7F06B588E.TMP.1.dr	String found in binary or memory: https://mp.weixin.qq.com/UserP-
Source: opshowpage[1].htm.3.dr	String found in binary or memory: https://mp.weixin.qq.com/cgi-bin/announce?action=getannouncement&key=11542120902Tvh1l&versio
Source: opshowpage[1].htm.3.dr	String found in binary or memory: https://mp.weixin.qq.com/cgi-bin/announce?action=getannouncement&key=11544165763bBflv&versio
Source: opshowpage[1].htm.3.dr	String found in binary or memory: https://mp.weixin.qq.com/cgi-bin/announce?action=getannouncement&key=11560253822ci3TK&versio
Source: opshowpage[1].htm.3.dr	String found in binary or memory: https://mp.weixin.qq.com/cgi-bin/announce?action=getannouncement&key=11565151480ZCKVy&versio
Source: opshowpage[1].htm.3.dr	String found in binary or memory: https://mp.weixin.qq.com/cgi-bin/announce?action=getannouncement&key=11589879962TnffN&versio
Source: ~DF9D066DA7F06B588E.TMP.1.dr	String found in binary or memory: https://mp.weixin.qq.com/cgi-bin/announce?action=getannouncement&announce_id=11611675442mjwVp&versio
Source: ~DF9D066DA7F06B588E.TMP.1.dr	String found in binary or memory: https://mp.weixin.qq.com/cgi-bin/announce?action=getannouncement&announce_id=116125152056kgd8&versio
Source: ~DF9D066DA7F06B588E.TMP.1.dr	String found in binary or memory: https://mp.weixin.qq.com/cgi-bin/announce?action=getannouncement&key=1480927113&version=1&lang=zh_CN
Source: readtemplate[1].htm.3.dr	String found in binary or memory: https://mp.weixin.qq.com/cgi-bin/announce?action=getannouncement&key=1503979103&version=1&lang=en_US
Source: {ACFC0C43-6C83-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://mp.weixin.qq.com/cgi-bin/announce?action=getannouncementliRoot
Source: ~DF9D066DA7F06B588E.TMP.1.dr	String found in binary or memory: https://mp.weixin.qq.com/cgi-bin/announce?action=getannouncementlist&lang=zh_CN
Source: ~DF9D066DA7F06B588E.TMP.1.dr	String found in binary or memory: https://mp.weixin.qq.com/cgi-bin/announce?action=getannouncementlist&lang=zh_CN11675442mjwVp&version
Source: {ACFC0C43-6C83-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://mp.weixin.qq.com/cgi-bin/announce?action=getannouncementlist&st&lang=zh_CN
Source: opshowpage[1].htm.3.dr	String found in binary or memory: https://mp.weixin.qq.com/cgi-bin/filepage?type=2&begin=0&count=12&token=570011963&la
Source: opshowpage[1].htm.3.dr	String found in binary or memory: https://mp.weixin.qq.com/cgi-bin/readtemplate?t=business/agreement_pay)
Source: ~DF9D066DA7F06B588E.TMP.1.dr	String found in binary or memory: https://mp.weixin.qq.com/cgi-bin/readtemplate?t=forgetpwd/index_tmpl
Source: ~DF9D066DA7F06B588E.TMP.1.dr	String found in binary or memory: https://mp.weixin.qq.com/cgi-bin/readtemplate?t=forgetpwd/index_tmplBWeChat
Source: ~DF9D066DA7F06B588E.TMP.1.dr	String found in binary or memory: https://mp.weixin.qq.com/cgi-bin/readtemplate?t=forgetpwd/index_tmplCN
Source: ~DF9D066DA7F06B588E.TMP.1.dr	String found in binary or memory: https://mp.weixin.qq.com/cgi-bin/readtemplate?t=forgetpwd/index_tmplCNom/a/wx_fed/assets/res/NTI4MWU
Source: opshowpage[1].htm.3.dr	String found in binary or memory: https://mp.weixin.qq.com/cgi-bin/readtemplate?t=home/agreement_tmpl&type=info&lang=zh_CN)
Source: {ACFC0C43-6C83-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://mp.weixin.qq.com/cgi-bin/registermidpage?Root
Source: ~DF9D066DA7F06B588E.TMP.1.dr	String found in binary or memory: https://mp.weixin.qq.com/cgi-bin/registermidpage?action=index&lang=zh_CN
Source: {ACFC0C43-6C83-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://mp.weixin.qq.com/cgi-bin/registermidpage?p.weixin.qq.com/cgi-bin/registermidpage?action=inde
Source: jserr41f237[1].js.3.dr, wx538042[1].js.3.dr	String found in binary or memory: https://mp.weixin.qq.com/misc/jslog?id=
Source: announce[3].htm.3.dr	String found in binary or memory: https://mp.weixin.qq.com/misc/jslog?id=112&content=
Source: announce[3].htm.3.dr	String found in binary or memory: https://mp.weixin.qq.com/misc/jslog?id=113&content=
Source: wx53803f[1].js.3.dr	String found in binary or memory: https://mp.weixin.qq.com/misc/jslog?id=114&content=tmpl_error
Source: jserr41f237[1].js.3.dr	String found in binary or memory: https://mp.weixin.qq.com/misc/jslog?id=65&content=
Source: ~DF9D066DA7F06B588E.TMP.1.dr	String found in binary or memory: https://mp.weixin.qq.com/mp/opshowpage?action=newoplaw
Source: ~DF9D066DA7F06B588E.TMP.1.dr	String found in binary or memory: https://mp.weixin.qq.com/mp/opshowpage?action=newoplaw#t3-1
Source: ~DF9D066DA7F06B588E.TMP.1.dr	String found in binary or memory: https://mp.weixin.qq.com/mp/opshowpage?action=newoplaw#t3-1zh_CN#t3-1w.html
Source: ~DF9D066DA7F06B588E.TMP.1.dr	String found in binary or memory: https://mp.weixin.qq.com/mp/opshowpage?action=newoplaw&lang=zh_CN
Source: VX22BC5U.htm.3.dr	String found in binary or memory: https://mp.weixin.qq.com/mp/opshowpage?action=newoplaw&lang=zh_CN#t3-1
Source: ~DF9D066DA7F06B588E.TMP.1.dr	String found in binary or memory: https://mp.weixin.qq.com/mp/opshowpage?action=newoplaw&lang=zh_CN#t3-1w.html
Source: announce[1].htm0.3.dr	String found in binary or memory: https://mp.weixin.qq.com/s/Od2KRbTAnXjzeeHeaczdIw">
Source: loginpage53b401[1].js.3.dr	String found in binary or memory: https://mp.weixin.qq.com/webpoc/customerService?type=13
Source: registermidpage[1].htm.3.dr	String found in binary or memory: https://mp.weixin.qq.com/wxopen/waregister?action=step1
Source: {ACFC0C43-6C83-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://mp.weixinRoot
Source: loginpage53b401[1].js.3.dr	String found in binary or memory: https://mths.be/startswith
Source: loginpage53b401[1].js.3.dr	String found in binary or memory: https://open.weixin.qq.com/
Source: opshowpage[1].htm.3.dr	String found in binary or memory: https://pay.weixin.qq.com/index.php/public/apply_sign/protocol_v2)
Source: opshowpage[1].htm.3.dr	String found in binary or memory: https://qy.weixin.qq.com/cgi-bin/readtemplate?t=standard_op.html)
Source: wx53803f[1].js.3.dr	String found in binary or memory: https://res.wx.qq.com
Source: sea492dc4[1].js.3.dr	String found in binary or memory: https://res.wx.qq.com/
Source: announce[3].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/a/fed_upload/9300e7ac-cec5-4454-b75c-f92260dd5b47/logo-mp.ico
Source: announce[3].htm.3.dr, VX22BC5U.htm.3.dr, readtemplate[1].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/a/wx_fed/assets/res/MjliNWVm.svg
Source: announce[3].htm.3.dr, VX22BC5U.htm.3.dr	String found in binary or memory: https://res.wx.qq.com/a/wx_fed/assets/res/NTI4MWU5.ico
Source: imagestore.dat.3.dr	String found in binary or memory: https://res.wx.qq.com/a/wx_fed/assets/res/NTI4MWU5.ico;
Source: announce[3].htm.3.dr, VX22BC5U.htm.3.dr, readtemplate[1].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/a/wx_fed/assets/res/OTE0YTAw.png
Source: announce[3].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/c/=/mpres/zh_CN/htmledition/js/tpl/pagebar.html492dc0.js
Source: qrconnect[1].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/connect/en_US/htmledition/images/favicon3696b4.ico
Source: qrconnect[1].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/connect/en_US/htmledition/js/jquery.min3696b4.js
Source: qrconnect[1].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/connect/en_US/htmledition/style/impowerApp45a337.css
Source: readtemplate[1].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/en_US/htmledition/comm_htmledition/style/base/base.en_US49d02c.css
Source: readtemplate[1].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/en_US/htmledition/comm_htmledition/style/base/base524735.css
Source: readtemplate[1].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/en_US/htmledition/comm_htmledition/style/base/layout_head4c67b9.css
Source: readtemplate[1].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/en_US/htmledition/comm_htmledition/style/base/lib49d02c.css
Source: readtemplate[1].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/en_US/htmledition/comm_htmledition/style/base/weui-desktop_skin524735.cs
Source: readtemplate[1].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/en_US/htmledition/comm_htmledition/style/page/forgetpwd/index49d02c.css
Source: readtemplate[1].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/en_US/htmledition/js/common/lib492dc4.js
Source: readtemplate[1].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/en_US/htmledition/js/common/wx/mpExtensionReport492dc4.js
Source: readtemplate[1].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/en_US/htmledition/js/common/wx53803f.js
Source: readtemplate[1].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/en_US/htmledition/js/sea492dc4.js
Source: readtemplate[1].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/en_US/htmledition/pages/modules/base/jserr538ca4.js
Source: readtemplate[1].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/en_US/htmledition/pages/modules/common/badjs51fdff.js
Source: readtemplate[1].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/en_US/htmledition/plprecorder/biz_web/ZeroClipboard_new424267.swf
Source: readtemplate[1].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/en_US/htmledition/plprecorder/biz_web/uploadify424267.swf
Source: readtemplate[1].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/en_US/htmledition/plprecorder/biz_web/webuploader424267.swf
Source: readtemplate[1].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/en_US/htmledition/plprecorder/biz_web/zoom424267.swf
Source: announce[3].htm.3.dr, VX22BC5U.htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/htmledition/images/cut-round49d02c.gif
Source: announce[2].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/htmledition/images/favicon49d02c.ico
Source: imagestore.dat.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/htmledition/images/favicon49d02c.ico~
Source: VX22BC5U.htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/htmledition/images/mp_qrcode49d02c.gif
Source: announce[3].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/htmledition/images/pic/common/pic_kf_qrcode49d02c.jpg
Source: readtemplate[1].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/htmledition/images/pic/pwd/icon_forgetpwd_account49d02c.png
Source: readtemplate[1].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/htmledition/images/pic/pwd/icon_forgetpwd_pwd49d02c.png
Source: announce[2].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/htmledition/images/pic/share49d02c.png
Source: VX22BC5U.htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition//3rd/vue/vue.2.6.10538ca4.js
Source: announce[3].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/comm_htmledition/style/base/base524733.css
Source: announce[3].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/comm_htmledition/style/base/layout_head4c67b6.css
Source: announce[3].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/comm_htmledition/style/base/lib49d030.css
Source: announce[3].htm.3.dr, announce[2].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/comm_htmledition/style/base/weui-desktop_skin524733.cs
Source: announce[2].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/comm_htmledition/style/page/page_announcement4c67b6.cs
Source: filepage[1].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/comm_htmledition/style/page/page_error49d030.css
Source: VX22BC5U.htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/comm_htmledition/style/page/page_login4d6140.css
Source: announce[3].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/comm_htmledition/style/page/page_news_list49d030.css
Source: announce[1].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/comm_htmledition/style/page/page_protocol4daee3.css
Source: registermidpage[1].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/comm_htmledition/style/page/register/account_type49d03
Source: announce[3].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/js/common/lib492dc0.js
Source: announce[2].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/js/common/wx/jserr41f237.js
Source: announce[3].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/js/common/wx/mpExtensionReport492dc0.js
Source: announce[3].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/js/common/wx538042.js
Source: announce[3].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/js/sea492dc0.js
Source: VX22BC5U.htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/pages/login/loginpage/images/default_qrcode_2x4b3e56.p
Source: VX22BC5U.htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/pages/login/loginpage/loginpage53b394.css
Source: VX22BC5U.htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/pages/login/loginpage/loginpage53b401.js
Source: VX22BC5U.htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/pages/login/loginpage/style/loginpage4daeaf.css
Source: VX22BC5U.htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/pages/login/loginscan/loginscan53b394.css
Source: announce[3].htm.3.dr, VX22BC5U.htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/pages/modules/base/jserr538ca4.js
Source: announce[3].htm.3.dr, VX22BC5U.htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/pages/modules/common/badjs538ca4.js
Source: announce[3].htm.3.dr, VX22BC5U.htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/plprecorder/biz_web/ZeroClipboard_new3a7b38.swf
Source: V31QAJ8G.htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/plprecorder/biz_web/audiojs.swf
Source: VX22BC5U.htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/plprecorder/biz_web/audiojs3a7b38.swf
Source: announce[3].htm.3.dr, VX22BC5U.htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/plprecorder/biz_web/uploadify3a7b38.swf
Source: announce[3].htm.3.dr, VX22BC5U.htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/plprecorder/biz_web/webuploader3a7b38.swf
Source: announce[3].htm.3.dr, VX22BC5U.htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/plprecorder/biz_web/zoom3a7b38.swf
Source: VX22BC5U.htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/weui-desktopSkin-common/svg/default/account-logout538c
Source: VX22BC5U.htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/weui-desktopSkin-common/svg/default/account-setting538
Source: VX22BC5U.htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/weui-desktopSkin-common/svg/default/account-user538ca4
Source: VX22BC5U.htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/weui-desktopSkin-common/svg/default/account-wxverify53
Source: opshowpage[1].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/op_res/-BoLzbFMWaIrntk_TkoJpxw4GCqzVZNw5R90GxnvJgRA9lEfEFILq7pOHtm2jAXh"
Source: opshowpage[1].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/op_res/2EwGUTQNhAWGoAAmi6lnBjBLGLW1HcIY_ImTI6m7rJdcXuXXqfBHcuuzXVbgu111"
Source: opshowpage[1].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/op_res/7Vyht0afDn4LqlNePXYwajA7Fefo4QYjj0T43crTZxf4NPIxNISHTGaezdc_wLBh"
Source: opshowpage[1].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/op_res/Jop-OVwQGtgt-UsOOsV7c_fNxz2nL-5NB56gnfVbDgkw7tKHt_fw3-NNjtQu1Nuh"
Source: opshowpage[1].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/op_res/OFNCMaL1i7ui6VfWXkStMe6S2W7PnTz7w8a3kiidN2nCia1STIKu6Yyedj6Ej10O"
Source: opshowpage[1].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/op_res/OjwSIfop8TB75T4BmjCGygBvQpplHMiQBboVtE4SszVJtABt169leU0Vfb7Df9-8"
Source: opshowpage[1].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/op_res/P9ZREIJ7lQGS-V4v_uXBInG4ZgyR2RRlxhLmz3BGyI9PVs7yIKnLmBc9Y2mAJtXn"
Source: opshowpage[1].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/op_res/Pokqf5zeFn166dulcAnIlZ7y2SmCMTbeLT8vCG9sHSy-Xa5HPKqcK7wqumtvPDJD"
Source: opshowpage[1].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/op_res/UUXSZ9IsDdPgJoirv86m4I1aFnLkhDYYDVA8SwUCrS0jnCq77rJwPXNFS-N8tLEJ"
Source: opshowpage[1].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/op_res/WL6ARo8kHqZupTpSRjHStUTUMEos6nu22Wghy81YRkMzwytVgtExZxW9WWX4yncS"
Source: opshowpage[1].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/op_res/bsv6bJb_SmltBbPFIFUc3E7P_x86FaYHDwXnsmciFmCIEebennQGmyp8p7GtFkam"
Source: opshowpage[1].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/op_res/c33yinftKNE-lVzqSzF8Yhvnt5CXZlAfB8rXKr2xhE2AUphjHUb3ONRhQWGHiKAF"
Source: opshowpage[1].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/op_res/fPHfdvcDUZ-s6ZDMwZgQ1YBjqVkP3AQcycpppDNippZvfnmnV2Fkp8mU_FJQOG-x"
Source: opshowpage[1].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/op_res/hfAHTBMm_3llblfuh0qpObg7vk2dygWV79pTi815Acym2UZVV4NrkQLaov45hzfd"
Source: opshowpage[1].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/op_res/jCojRetXqnwvtIc1V6YO3p64SMjpP11OEifqkk5g4xh-8DnZ_7vbyMKzBLrNHpGo"
Source: loginpage53b401[1].js.3.dr	String found in binary or memory: https://res.wx.qq.com/op_res/psywC48kJmEgVoYSeDY-cthGNxT7S4a3Nn37zBOd4jarzGtle_UyIu-0aDZmW_BF
Source: opshowpage[1].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/op_res/sW_boqEmX0baFRnmOKb7rE_qXrOZcZ1R6iOrSxNfBnncWu5_Lk69mCphtHh30nWG"
Source: qr4b3e56[1].svg.3.dr	String found in binary or memory: https://sketch.com
Source: loginpage53b401[1].js.3.dr	String found in binary or memory: https://user-images.githubusercontent.com/4378939/96119407-8550cd00-0f1f-11eb-937c-632cabd8aaa8.png
Source: vue.2.6.10538ca4[1].js.3.dr	String found in binary or memory: https://vuejs.org/guide/deployment.html
Source: vue.2.6.10538ca4[1].js.3.dr	String found in binary or memory: https://vuejs.org/guide/list.html#key
Source: vue.2.6.10538ca4[1].js.3.dr	String found in binary or memory: https://vuejs.org/v2/api/#data
Source: vue.2.6.10538ca4[1].js.3.dr	String found in binary or memory: https://vuejs.org/v2/guide/components.html#data-Must-Be-a-Function
Source: vue.2.6.10538ca4[1].js.3.dr	String found in binary or memory: https://vuejs.org/v2/guide/reactivity.html#Declaring-Reactive-Properties.
Source: VX22BC5U.htm.3.dr	String found in binary or memory: https://work.weixin.qq.com/?from=mp_home
Source: registermidpage[1].htm.3.dr	String found in binary or memory: https://work.weixin.qq.com/nl/sem/registe?from=mp_register_select&type=1
Source: loginpage53b401[1].js.3.dr	String found in binary or memory: https://work.weixin.qq.com/wework_admin/loginpage_wx?from=mp
Source: 120911VrYVrA15091832Qzqq[1].htm.3.dr	String found in binary or memory: https://www.tencent.com/en-us/index.html
Source: 120911VrYVrA15091832Qzqq[1].htm.3.dr	String found in binary or memory: https://www.tencent.com/zh-cn/index.html
Source: opshowpage[1].htm.3.dr	String found in binary or memory: https://wxa.wxs.qq.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789

Source: unknown	HTTPS traffic detected: 203.205.232.110:443 -> 192.168.2.4:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 203.205.232.110:443 -> 192.168.2.4:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.109.206.154:443 -> 192.168.2.4:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.109.206.154:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.109.206.154:443 -> 192.168.2.4:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.109.206.154:443 -> 192.168.2.4:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.109.206.154:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 211.152.136.121:443 -> 192.168.2.4:49775 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 211.152.136.121:443 -> 192.168.2.4:49776 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 203.205.235.37:443 -> 192.168.2.4:49783 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.109.206.154:443 -> 192.168.2.4:49788 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.109.206.154:443 -> 192.168.2.4:49789 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.109.206.154:443 -> 192.168.2.4:49792 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.109.206.154:443 -> 192.168.2.4:49790 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.109.206.154:443 -> 192.168.2.4:49791 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 203.205.235.37:443 -> 192.168.2.4:49815 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 203.205.235.37:443 -> 192.168.2.4:49819 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 203.205.235.37:443 -> 192.168.2.4:49820 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 203.205.235.37:443 -> 192.168.2.4:49828 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 203.205.235.37:443 -> 192.168.2.4:49832 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 203.205.235.37:443 -> 192.168.2.4:49831 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 203.205.232.110:443 -> 192.168.2.4:49835 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 203.205.232.110:443 -> 192.168.2.4:49834 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 203.205.235.60:443 -> 192.168.2.4:49838 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 203.205.234.140:443 -> 192.168.2.4:49839 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 203.205.234.140:443 -> 192.168.2.4:49840 version: TLS 1.2

System Summary:

Source: sW_boqEmX0baFRnmOKb7rE_qXrOZcZ1R6iOrSxNfBnncWu5_Lk69mCphtHh30nWG[1].png.3.dr

Binary or memory string: .Vbp

Source: classification engine

Classification label: clean0.win@3/183@13/8

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{ACFC0C41-6C83-11EB-90EB-ECF4BBEA1588}.dat

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DF5A8707359EE8E870.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknown	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6724 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6724 CREDAT:17410 /prefetch:2	Jump to behavior

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Windows\SysWOW64\Macromed\Flash\ss.cfg

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Malware Analysis System Evasion:

Source: jCojRetXqnwvtIc1V6YO3p64SMjpP11OEifqkk5g4xh-8DnZ_7vbyMKzBLrNHpGo[1].jpg.3.dr

Binary or memory string: -SQemU

Screenshots

Behavior

Click here to start
Slideshow Behavior Animation

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
150.109.206.154	unknown	Singapore	132203	TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCN	false
203.205.235.60	unknown	China	132203	TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCN	false
58.247.205.233	unknown	China	17621	CNCGROUP-SHChinaUnicomShanghainetworkCN	false
211.152.136.121	unknown	China	132203	TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCN	false
203.205.234.140	unknown	China	132203	TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCN	false
203.205.235.37	unknown	China	132203	TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCN	false
203.205.232.110	unknown	China	132203	TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCN	false

Private

IP
192.168.2.1

Contacted Domains

Name	IP	Active
kf.qq.com	203.205.235.37	true
badjs.weixinbridge.com	58.247.205.233	true
weixin.f1weixin.download.ettdnsv.com	211.152.136.121	true
lp.open.weixin.qq.com	203.205.234.140	true
ssd.tcdn.qq.com	150.109.206.154	true
mpv6.weixin.qq.com	203.205.232.110	true
file.service.qq.com	203.205.235.60	true
mp.weixin.qq.com	unknown	unknown
mmbiz.qpic.cn	unknown	unknown
open.weixin.qq.com	unknown	unknown
res.wx.qq.com	unknown	unknown
fpdownload.macromedia.com	unknown	unknown
imgcache.qq.com	unknown	unknown

Contacted URLs

Name	Malicious	Reputation
http://file.service.qq.com/user-files/uploads/202002/0a7a764c90304531d572feeaf0870cc1.png	false	high
http://mmbiz.qpic.cn/mmbiz/ByCS3p9sHianpGy0vCWQsiatfuEtzA8QIYJYwFcGDF5diaicDau5Voh5nqyBXuxJE9lmiaxFH9t9nWP8/0	false	high
http://mmbiz.qpic.cn/sz_mmbiz_png/3GibxlHsvCQZWfOQB1fhM53JHgdNrhP9E5d9u27FKriceD6TQfflQ3xKuVxI4897YUKmxnNFH2W8libjRdEFV9TfQ/0?wx_fmt=png	false	high
http://mmbiz.qpic.cn/mmbiz_jpg/iaFicQ6852LK17YHvAo8ibRcQ73ibSRGZ8n4SAgSiaHPJNSDVE3KTkcAeHdzeTPibP2Jhy0TVfXnMo6qeoZnOqT8k8NA/0?wx_fmt=jpeg	false	high
https://kf.qq.com/touch/scene_faq.html?scene_id=kf3386	false	high
https://kf.qq.com/faq/120911VrYVrA15091832Qzqq.html?scene_id=kf3384	false	high
https://mp.weixin.qq.com/cgi-bin/readtemplate?t=forgetpwd/index_tmpl	false	high
https://mp.weixin.qq.com/cgi-bin/announce?action=getannouncement&announce_id=116125152056kgd8&version=&lang=zh_CN	false	high
http://mmbiz.qpic.cn/mmbiz_jpg/bibwa2JU7nS1GE4DZM1qia6KMAI63xWbj6EiawRd4QHnK7uJDvGtrGWlUPfhI97RBjKRbkTXeN9rMrsoFpsD6cjaA/0?wx_fmt=jpeg	false	high
https://developers.weixin.qq.com/doc/offiaccount/Getting_Started/Overview.html	false	high

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\E5F0NRSV\mp.weixin.qq[1].xml	ASCII text, with no line terminators	315961C1DE41B89B1506FA7B0C0C9231	DF291438289CCDF0F33035307B3C5B4604CF42B2	E88094C391C18E7725234F0424B0B404B1EBEA91ED7648ED0CC559C14FC243CA
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{ACFC0C41-6C83-11EB-90EB-ECF4BBEA1588}.dat	Microsoft Word Document	EDAAD9A0AF398D457EF019C04A3198A2	D1D45468A55094C3563D133E5D40A01E4323001A	6D35122F404275004B0C103F299CE5100B60D237E5F7B2BF4E6714BEE958246A
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{ACFC0C43-6C83-11EB-90EB-ECF4BBEA1588}.dat	Microsoft Word Document	57BB6B64599F7E80AAFDBD8FB2D3A3E9	D7DA109E3BF8C72A688BE7B5EB2293E406B76571	CAED2F256096BAEF892B13B79AB5B3D1F1A5B2DF187AA912C0110B5C84FB1CDB
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B44E0301-6C83-11EB-90EB-ECF4BBEA1588}.dat	Microsoft Word Document	C02BE67EB94DEFC9B620E27EBB98BC04	208E43C527BC184137014708A8151984DFED19F4	A3B7838530BE404455D9AA8935049D98195E43BB6E9A24870C0DDCB648E41756
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\gee00pr\imagestore.dat	data	8750EFBA80D14223C69BB345965FA1D8	620780DBEE00A897C1653076995901B0F00DD496	8BF9A688B444B241B0C0968FD8097BC08B16689B4DC7E9C9CBB946F6CBCDFC33
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\081umVUa4Pfn0003[1].jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 470x470, frames 1	AFB7601CC0AD4ADA79FC1C07F97E702E	F46031A3CEC8A598B2AD7A6F22D895F8E9AF7337	93748B2C50F7680C3D9EE8940B1AD4E72836C4F6427E3C7465817872B442C9C3
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\0[1].jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 600x360, frames 3	B133C41BE6E0F0F0A1F454CEE7AE53AB	B09DBB4783BA3B7B3C87562717B58F8F173A82F8	436AD351A73E99C3E5FEA10364946361FBAA7DEEDDC72410A1773A1F6DB62A08
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\0[1].png	PNG image data, 300 x 299, 8-bit/color RGBA, non-interlaced	84CDC08645D684AEA898611D1EC84111	11D5537F7F82A1C734CE25249C0D1CC6060DD3C4	ADB3FFE155ED57FB805426759C33916EEB784FD0B88DA0D87656EF42B53FF301
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\0[2].jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 2098x907, frames 3	33E7F3C37247311FF15289C7AA061674	9F52D7CBA0304B9FC423E879BB826CC57031FBC6	CBB8227680A3FE1ADEF0599C9018DDBC694F8E0F0ACE1AD91B998506B0B954A7
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\0[2].png	PNG image data, 750 x 497, 8-bit/color RGBA, non-interlaced	69810671252007D52CBAEFD60869037F	82D52F5A0A4332AA8C4050931FFE29B1D682023B	6A122107B58D31DB3ED388BB804824CE326A018DD01930FA022AACC9EE3447ED
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\0[3].jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1417x717, frames 3	50BDF417D78693E8CC0578636FB5FF29	6D1706DA24AA9018BB2A54E7FFDCF6B12F1819CB	DD100DBB04FD46BC000E8ACED0D76E6680D5AEA57C39E5DF7DC307DB9F52B609
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\NewErrorPageTemplate[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	DFEABDE84792228093A5A270352395B6	E41258C9576721025926326F76063C2305586F76	77B138AB5D0A90FF04648C26ADDD5E414CC178165E3B54A4CB3739DA0F58E075
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\OjwSIfop8TB75T4BmjCGygBvQpplHMiQBboVtE4SszVJtABt169leU0Vfb7Df9-8[1].png	PNG image data, 369 x 231, 8-bit/color RGBA, non-interlaced	249864619524EF01D921ECC6BEB72537	A2E0A462FB18224F37271B05A67BA63D9AC92F5B	E2AA5BB7601E43C14F338F70C40749DABBD7DB473377595557D8E35D618CBCC0
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\V31QAJ8G.htm	HTML document, UTF-8 Unicode text, with very long lines	C66D47176E290B5F11BC5140095AAF4A	1CE36D14008B3745B218B3E700A94BF60A16D9C7	2783CEE73F54BBE6DBF9AB3D04FB8E8C69D6923E1170DFCFCFAECB729361329C
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\account_type_z49d030[1].png	PNG image data, 44 x 188, 8-bit/color RGBA, non-interlaced	6F7DD5A04701E48367813DBC1C9C68CC	F8DC9DF21C08EEED3FAF6FE70707A78814429E67	A2A4C6D01190F801357DD3F974B69F828DD2297A196E0E72CBA66870B47E9FD9
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\announce[1].htm	HTML document, UTF-8 Unicode text, with very long lines	FF625C298D34D7260E352269EC2A8BEC	C1CEA77EEBDDFFD5FD3A10D21A19AB31ADBD3CAD	6A8C2AE548E1BD68163085DB925691BE17C977199FBA6E4B1FB5BC0714D2FB2E
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\base.en_US49d02c[1].css	ASCII text, with very long lines, with no line terminators	7AF5A9FF367FF143E2ACAD59E0AFCECB	CBF483B752BA59FD8DA4EBAC5B114BC5AC701527	0FCBC37C96A371F68DD9B63937974EEBB49A5F85C4923619129CE4F5A15D4595
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\base_z49d030[1].png	PNG image data, 162 x 5477, 8-bit/color RGBA, non-interlaced	A50E02665693E22495D889D5DDDC5FF5	EF8F37B42988CE93EC3F162C540AF3BC10C02BBE	F374A2E35FA1BC0F4F60C52104034BF7282128D30F3D8A36AAF2C4308AF13167
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\down[1]	PNG image data, 15 x 15, 8-bit colormap, non-interlaced	C4F558C4C8B56858F15C09037CD6625A	EE497CC061D6A7A59BB66DEFEA65F9A8145BA240	39E7DE847C9F731EAA72338AD9053217B957859DE27B50B6474EC42971530781
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\favicon49d02c[1].ico	MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel	FA8833AC684D6949F480AE3BC9A51B4A	C89DB0AB06D540C197165FBC42C0E4A2047DD36C	A2BF6E2029C55ABB5398E8289E1DE6A585FC019F3B6982E18A6E64889655F85F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\favicon[1].ico	MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel	EE83D746AF05EF7F50286DF7EDA40E20	DC5A7A9D9BA22EE6C95A85CEA92F80715AF159A9	70C6606FB29F2DA67B1FE1C6EC894184D28C83FB984BC660A3CB14B014E1F20E
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\iconfont[1].eot	Embedded OpenType (EOT), iconfont family	394D1B46210AEB2F7A6794B71C3BFB3F	97EA25D2C9B8C3393C0F7FE0AF6F1479D017AA5A	43E9FF4BB730BBA43BEB03CE3F4CF66A051EB538C40AFED5B6EEC3D7F32F591F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\index49d02c[1].css	ASCII text, with very long lines, with no line terminators	9638AEBD8EF79528217EA189B946A3C2	2841CBDD3369428E0DB363C8E40199CBB837A960	20368B3B73B03385B26A591521C8EF895909D8B8CA12CA391480C1636BD08239
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\jCojRetXqnwvtIc1V6YO3p64SMjpP11OEifqkk5g4xh-8DnZ_7vbyMKzBLrNHpGo[1].jpg	[TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CC (Windows), datetime=2019:11:26 18:05:00], progressive, precision 8, 5079x2953, frames 3	0162C71635926BD9EDA71F83316A7BB0	95FF3C837FED7B88C988879F811438674470B642	254D49E6A37901398AF3DF614DB22B864E46B9BE43015A416690F6A97A69EE00
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\json492dc4[1].js	ASCII text	2EFB68EECD7F9A7C236FB2763D0AB671	5F35E64B13BA4F69F811A984AEF42BC51063901D	3BF180F9EEAD3F09832F54D896084BD6ADF373C3A44E33F31BD68256CF12F161
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\kf_search_new[1].js	UTF-8 Unicode text	A71ED6D95AC8CFF594B82C0226200A34	24D24DCB2830DEDAE5CA2F1390C5507CF42B315D	3C22B43EEA2BF563EDEB242CAF06C6BBB70599B6BC3BCD2AD4362C6F9C43DA60
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\layer[1].css	UTF-8 Unicode (with BOM) text, with CRLF line terminators	44639ED5878D13A0632191B6AC7A556F	55E172B4AC7C98E119B7C7A2A56317ABC9F55A0C	7E6D79A7162D5FC0718F45AE0BABECEC81FEF6E41816109C46C50C8F56700CDB
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\login-shadow[1].png	PNG image data, 80 x 20, 8-bit colormap, non-interlaced	0E6F25CF1FC7BA4530B2C679234A9A5C	3B16D0C20C7A126155ACE67E5C5CFF0B807CE2B5	89BD6E098EDB6C38D5A461AAD4E619917E69A7A93F4273B1DDE4EA231CA222C9
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\loginTitle[1].xml	XML 1.0 document, ASCII text	1CE49E944E1A41915AA3FF41D5240CC7	BDEC652CEDF7F4D0B88E188722A7561FF59F18EC	DCA1D4FCE53BAAE9275095BD6AE87A3145FA6C6C49D0C007163CED3498F3E7BA
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\mpExtensionReport492dc0[1].js	ASCII text	9A77BE3D2612FAAE2AFF4DDF683EE4D4	1DF4ACC5CBDEBC3ADD7627440EFD9C364786832D	CD3B83BDD2689A99224C8304200CBFB2596BB165871C0E1EDFAD0BB4A62B840B
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\new_bg_logo_primary4c67b4[1].svg	SVG Scalable Vector Graphics image	B15F891DF3A3C82E7BE3249427778F71	F45DB02C5272125B776E2E227D47D79DD298ED5E	F3EDADE54A41862F73E0A0AD40AF0E58927AA86ECCEC6FA6D972DBBC7CEDDEAA
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\news_list492dc0[1].js	HTML document, UTF-8 Unicode text, with very long lines	DB89B59FF3A715EFDF0D0E69CB36A024	794E30448A6D793204A1C6AE8EDD3A20F1842AF9	ECD296765F3A0F3B29DB8EBC39A1706BD37B1CFB59BA5FA19BFB76CE7E4A329D
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\operation531a40[1].js	UTF-8 Unicode text, with very long lines	70792CF37514479F7BCA33E9EF6FED60	95D3C110B072EC3E43322FC23EC62A429BC4BD6D	3F4E4A2385CC5B16B0E297910483D1AAED84A58719C95ABBA470909D00210A3C
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\out[1].png	PNG image data, 32 x 32, 8-bit colormap, non-interlaced	7554501C08717DC0ECC0BC16AE5BA175	AEE026B6668903A8BC0A83156E6068A65BCCC0F4	C309553C34CB94DC5C36941F9BFDB68255310D3267E4DA95D2D29ACAAE255B95
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\page_login_z49d030[1].png	PNG image data, 106 x 2514, 8-bit/color RGBA, non-interlaced	2D4D237E8E5E219BA286916CAF5CA058	48A739D314A95C21437CB11B13FF0CB41A878732	1D777DD25F5317092F87597FEE6C78C175AAD012C36FB06AF425AB78861E4874
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\page_login_z_@all49d030[1].png	PNG image data, 144 x 355, 8-bit/color RGBA, non-interlaced	8D49B3855A9D463E1613F5C6673B7482	568A1C33061E0BAEBC96C1D7AD56613BC5626FAA	064FB9F373AB631002EB838BE7171FD318071CDEADED0D85128A07D2125802BA
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\qq[1].png	PNG image data, 100 x 99, 8-bit/color RGB, non-interlaced	77B96FE729444DD492BD742D567AF665	8694836F5B7108E455B9E27E458F243E17B7A282	8B2CFDFE037645773509459BAA5EC2AD6591EF7A6A76D5BB6731994B04DA9401
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\qq_wx_login[1].js	UTF-8 Unicode text	22CF7A8D07F3D86DF927C034AD952F43	65DD313EA5FDD7E4E593DEEE149EABFA164427F2	B508203D0A459D95F3D985C1B6B4DDB1EDFEA208D4189480BE5A23033A8E41EF
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\record[1].png	PNG image data, 32 x 32, 8-bit colormap, non-interlaced	87EF0CF66DEB39F78C7AFD6BF72812DA	3657F14E85D75AB0F13E0A3223623F5B0EA9994B	36AA19B866AA5E4F93629830D37F8413E8E42969C0C0D8714F3DCDD674B0DF69
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\registermidpage[1].htm	HTML document, UTF-8 Unicode text, with very long lines	92F612354260A92254E5EF4B07B6BD9B	65A89D47E7DA8AF367C4AE0C1830FEC931CB9F61	1496C9A8380744251F0B8EFEA6B9D557A2CAAFCC0AA08F12FF8417B9BDF1B707
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\scene_faq[1].htm	HTML document, UTF-8 Unicode text, with CRLF line terminators	C82BDA7135C217CB7D10FF987CBA98BD	2B95ECF10314B28A14D8D367522A87C36AECAFDD	251FFA3CD22149DEB219BE25C7565F1432FAF33FE42622BFF0450229C4960531
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\style-header[1].css	ASCII text, with very long lines, with no line terminators	B97D4E6A15D6B9B9B94CC46B7634E043	65418496EB863F15C9B283B556474A0B4413E504	AB9370B84F9655B47765C27F12C647DD0BFDD3383C9FC24FD483EAE872027D88
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\user[1].png	PNG image data, 40 x 40, 8-bit colormap, non-interlaced	35748290A764E365E79BFCC41957EE78	72F3E9917D0F11B4EB49A18C6416AA9A44EEA7D9	8DCE40D21D33CD12CBA5DC3B53115192A8256BA8F35883838939E1EC3740E77C
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\vue.2.6.10538ca4[1].js	ASCII text, with very long lines	0ED68756CD3F64612BC29E783C86F841	BA8AE5B4497D59A94DCCF100BA9754E6A8AFF29D	61DC67399E1A0D2F8FEB2F7BAD7FE191DE0DA10988E9B5A5BF6F2DEBD58619BB
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\weui-desktop_skin524735[1].css	UTF-8 Unicode text, with very long lines, with no line terminators	AC45073BEB5F10814987340ED152EEBC	DE05E8B9B3E0C245F23EA00695A2712256C277F0	1BEC4B3C1BD82ACE5982994EFC90E90CA1C642851EFCED1BDCE5FE98E0C9A3E1
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\wx[1].ico	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	5281E972EC463897022F56464011B5ED	2A719C124449E0C31A0166CEA7867BB1A44780BD	A62D7D84BD02B1718106D294D1F2C8387F9967239696C1E8B446201B63F34DC7
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\wx[2].ico	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	5281E972EC463897022F56464011B5ED	2A719C124449E0C31A0166CEA7867BB1A44780BD	A62D7D84BD02B1718106D294D1F2C8387F9967239696C1E8B446201B63F34DC7
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\wx[3].ico	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	5281E972EC463897022F56464011B5ED	2A719C124449E0C31A0166CEA7867BB1A44780BD	A62D7D84BD02B1718106D294D1F2C8387F9967239696C1E8B446201B63F34DC7
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\2WF3MMUU\xmlDeal[1].js	HTML document, UTF-8 Unicode text	DBBBB650B66B626D5547B6D6F1E95601	0CCB5B9296FC72B51749467160A85872A5A745BC	9D5F4D07959E94778FFDE365853FE1428018B6CC847E660B38DD688E331906FE
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\0[1].jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 600x360, frames 3	433219EFBE6E2402533B4BF99B0E39CA	FDBA7D75F49D194858CBDC205E85ED3D3B7B6705	B5170C2A47746C48FDBEA93614F3F749071A7671CC68692E627FD433FE864A9A
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\0[1].png	PNG image data, 3014 x 1300, 8-bit/color RGBA, non-interlaced	47546073F4FB2A26D49B3B2EA9B8B988	D6DE63415DE1F2AC76F29D000D34C6CFAEC559E0	E7664FA0F225C702E9DFE9F017CE0E9584947C814AD85548396834E2F62BC3AB
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\0[2].jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 900x1246, frames 3	06E22F3AE75FF5F36164295E42F0D59A	3564ED3738B219A72EC4D1C94DA866218B8F6C95	584DA7A0246B6081D497304366F9F1D5F8786B639DD02E929EEB33A14BE4ACDA
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\0[2].png	PNG image data, 750 x 497, 8-bit/color RGBA, non-interlaced	BB761D34C60A7E5FEEF98D776C08A73C	F7E3417964A801548CF8B47349DB16098B115092	60762B3654DD60594CADAD8B36622541D94C2D8982885CC1ED864E33C772CE10
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\0[3].jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 954x1231, frames 3	5AC5A4A570E2A281BFD4357F679BDF50	192FC8DF960A42103B63F0B91EA10B3B7B5502B1	4CE8127AACEF8D754CCDD53AB4E069B44C2042FB02450AFC63925BD5F4A056DD
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\0[4].jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1125x2109, frames 3	CDE0B722C67DE56352E1DB8321603884	ACB1681CE9DFB598BF51D95D51B05939FBBB889E	EC4ED9C8463E3906955C9539847DCEE550BCEBCE08AA447FA6DA268CE0BCF137
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\640[1]	[none]x[none], YUV color, decoders should clamp	CA869B74786EF44024B99222EB46B7DA	E2DA32A50D92D956EDCFBBD1B1121C117FDF79B3	412EBA2E23E8A54C17C2634D9CED11574BF4FA6D9A706ECBA478B243602501FB
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\VX22BC5U.htm	HTML document, UTF-8 Unicode text, with very long lines	37709A9D81BC8E4381BE6DEC4F108C6F	3B259217B785292D081B346DD99E41EA1F294006	3A155511FBD9ECB79F3907FB781F7DC9C5C2407742324CEB3ACC6B64953B68FD
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\account_type49d030[1].css	ASCII text, with very long lines, with no line terminators	E1826D92EC2D6E7C221C47A19A17EC9F	DB28CFAAF5F5A985C7254727BC636641C81296EB	A8008212F4AF298EEF9E00703952AE6289F54371B3CE6CA08AF02837F34EC40B
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\badjs51fdff[1].js	ASCII text, with very long lines	5CE44A6EB8CD736796417EE0E7CE31A7	282AD95D6B5743AA09D4104E2CE2C35BA48BC5A0	E1CF93B0ED999E703DA891FAB5CB98EE435D0C188D31F8E885AC99BA8D87C71F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\badjs538ca4[1].js	ASCII text, with very long lines	5CE44A6EB8CD736796417EE0E7CE31A7	282AD95D6B5743AA09D4104E2CE2C35BA48BC5A0	E1CF93B0ED999E703DA891FAB5CB98EE435D0C188D31F8E885AC99BA8D87C71F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\base_z49d02c[1].png	PNG image data, 162 x 5477, 8-bit/color RGBA, non-interlaced	A50E02665693E22495D889D5DDDC5FF5	EF8F37B42988CE93EC3F162C540AF3BC10C02BBE	F374A2E35FA1BC0F4F60C52104034BF7282128D30F3D8A36AAF2C4308AF13167
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\code[1].png	PNG image data, 220 x 220, 8-bit colormap, non-interlaced	3F45F4F1A08E315E57FC28F09966E1BF	8AC8459FBD0C878D12A7D933A161410E189720B2	1243379E6B3E700206D0F08D8770CB0C08AE8ED14A0E21CE82E204BB94827D28
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\icon-service[1].png	PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced	8DBCFA87000D23B39A3CF9167D89FFF0	1625F2E7D361A087D44AFB69E43BE8FE64D5AA59	A84EC5A4D46E20F2F31B73A5A20BFCC40B65ABD8CADFA969DFFCDE5FA2C46934
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\iframe_login_wx[1].css	ASCII text, with CRLF line terminators	84CD62E46E2EE37F1FC3D1BE7673AEBC	F6244536E700B6964FD6093B3D7DEA5097EB4C8B	E72765E91BA086DA421EF843872B5281194922C4AFF48F34F5CF9FB02A9F8E4A
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\includepingjs[1].js	HTML document, ASCII text, with CRLF line terminators	E3B90DE80B86D756B541FE6773981E3A	23DC19F1296464ACD808C2D9DD2EE56B722392DD	550FBF1ECE7690A4A148D91903C1B0C5B31978D15F559929B1504500D74EFEF8
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\jserr538ca4[1].js	ASCII text, with very long lines	768506723AE670598A0890B528859B48	6B1C3CD004C47EEE5D6F7915E2A83BA62A7D64E0	480C408A63D7CF9BE570652B9E000E2FB9A33EA712253F288EC6EAAE0855EAAB
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\jsmonitor[1].json	ASCII text, with no line terminators	D4404EB40344602032B2F042ECA3EDBE	7C42DEBE04EED3E59C108AE7CC0F90321ED4030A	8A7BAD05E1F002B77921867FCB6F894E145DBECB6B3E040F6C7A0D60EADBFD81
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\json492dc0[1].js	ASCII text	2EFB68EECD7F9A7C236FB2763D0AB671	5F35E64B13BA4F69F811A984AEF42BC51063901D	3BF180F9EEAD3F09832F54D896084BD6ADF373C3A44E33F31BD68256CF12F161
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\kf_login_tools[1].js	UTF-8 Unicode text, with very long lines	FCCB30BAC4C6E4C4DF72845CFBC72863	43F4AAB3490806CC9D409EF1D9D727AAA21F61CE	2B39314BE21C7E25088B3C671D348899C9CDDAC86E6AA1B40F0B1CF68157E777
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\kf_pc_ping[1].js	UTF-8 Unicode text, with very long lines, with CRLF line terminators	F99AEF6D64BAC1DA36E14B06A16451E9	FE1AB51C18747289C7CC8BBE77A01915FDF7EA95	3243F39458B7771AFA09CCAF17CC8C3B89E23E0D886C311989BAACCD54DE1101
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\kf_right_menu[1].js	UTF-8 Unicode text, with CRLF line terminators	9CE787AB7CF802909CB4DA2DE80B2EDE	2A0B0AAC23E45A67E9C0F8EF4301A07D639BBDE8	CDCAA3C2299096FF9D5A0F2007316F907BAA415A4E8554EAF449AFB05104F453
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\lib492dc0[1].js	UTF-8 Unicode text, with very long lines	67FBFE5E8714996C8B66A9300927137F	98A6797B487D5F8982C405C02D8A88BBEDAA18B1	502FA2FA8922575A3633B92B3AB5C2B9E59C2E7AA14752BB69E3A912EB5BAB5B
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\lib492dc4[1].js	UTF-8 Unicode text, with very long lines	67FBFE5E8714996C8B66A9300927137F	98A6797B487D5F8982C405C02D8A88BBEDAA18B1	502FA2FA8922575A3633B92B3AB5C2B9E59C2E7AA14752BB69E3A912EB5BAB5B
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\logo@2x[1].png	PNG image data, 464 x 68, 8-bit/color RGBA, non-interlaced	6590C6E3B575CA4B733FE82DBCA16F56	D5E70E5C1ABD4B33F5623F29B4ECB7DB57EEEA9B	37426DC5BC67D81DED5792939225A207F9544995D695B40BB21BCDA0E10E4DF6
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\main[1].css	assembler source, UTF-8 Unicode text, with very long lines	C6DB64CC7A2EE358FE9526BE98A12C29	3AA7941991BA867CE5678DCE9DFD0AECD8BDB4DC	46585391C59B7F12E3196361825A7CE46CD79BB5C1596AF9B9DB967B917B71E2
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\md5[1].js	ASCII text, with CRLF line terminators	F3F6AF173C6D89F684EDA97E347ED6A7	8B8B0FA0CCE1C6C58561E89F10CC0BBCD92D895F	08C57BC369E9B4821FCC03EBED4F0DCBF614D89A5EA92A11BBA99194E7F201A7
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\mpExtensionReport492dc4[1].js	ASCII text	9A77BE3D2612FAAE2AFF4DDF683EE4D4	1DF4ACC5CBDEBC3ADD7627440EFD9C364786832D	CD3B83BDD2689A99224C8304200CBFB2596BB165871C0E1EDFAD0BB4A62B840B
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\operation531a40[1].css	ASCII text, with very long lines, with no line terminators	78F324DE4DCF136A14C03EA6D83B5D77	5A0AFFA22D3294F813F9637D377C2BF3F7645216	6CE358D9B432B07867402455BE515F18FE2AF5446F5A69223DA8EBB6C88726B2
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\page_announcement4c67b6[1].css	ASCII text, with very long lines, with no line terminators	10A519A1953F8A12EBD7AA8B34376453	3E9DA02E1DED7E7E80AB5D5AA96985D3F592ED73	748D03004935C33EBF78253196EB08B6E75D5A6C41A95F2CC5ECE0FA7DFF2798
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\page_login4d6140[1].css	ASCII text, with very long lines, with no line terminators	72F39F83B24403F3EB5A98A9572CC180	C71D2D2A3980B5AFE085507B080E623E43D094FE	AF667EE4DBF88A73B4F0872F6AFD6B63FB631F1C8D03C680E94A483639CBC0B3
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\pc_ping[1].htm	HTML document, ASCII text, with CRLF line terminators	B7F76571EB768D5207B7DDABBA75AB9A	A1D8AACC8AE84FC27774F03B8C542F8B6BC393A9	8DF86C0BC5E4E181E48972E124DDAE01602557B64588050A4F865FB440DC3D6B
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\product_A1791[1].js	ASCII text, with very long lines	F66151C159B67289AD28CA31E786AFCB	F87D514E7341547C09F4554DCF8538D9717E53DE	6928D5A548D7F011EEED55A1623F2491D3B64B1EB527E914928DB25349028ED4
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\qrconnect[1].htm	HTML document, UTF-8 Unicode text, with very long lines	942FCB582208DD87F127D84DAC032D57	6A20C1F281D35C03FC39B3C181780F050AF3A4DA	DCCCBB0EE1B1A8F0218194AB5C5EEE7D4D30E739A85948E40E0CCD795B7A75C9
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\reset[1].css	UTF-8 Unicode text, with CRLF line terminators	8A8A65AB5B04053F0197029378874E84	D37EA591DB941FD9EBD9B1A206EAF55CFD758945	AC87D29E9AB07AFEF624E9E80406172CEC39D8DA3E8D9B346E42EC7703E76EE0
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\sea492dc0[1].js	ASCII text, with very long lines	690D33D6B55935BD98ECD332D4F50AC5	F468ECDE8AD22762CA554341AF7E5F9E5B91BCE7	8E3365AAA3A701F782C4B787009CEB054E013E9B5E7DBB6A10FC6102EEAB99FB
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\share[1].css	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators	CB822BF51FB3BF4B408701CDB39B72C7	404F585B673D334F7134EEFA3A0422B37EE00A14	48119F2D952F1A3EBF83421E30FBD193F05C8D878665860366A75C624176F074
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\wechat[1].png	PNG image data, 100 x 99, 8-bit/color RGB, non-interlaced	E5C48B111E052CBBE00C08BA94C0CF22	7CCD5346224E2671541065EDC208E890C04CA91D	2A2C2E28E6CFA987602C5F09E56BF77B55598ACCD439899CCC1F7BA5FC378658
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\wx53803f[1].js	HTML document, UTF-8 Unicode text	91FD8203A7481FF92C3A676953875486	7CDBC892A5644BFBE376D4ABC0301243052A6CBC	403A9EB28A53A7F301B600C4A80AFC0DC7A06260D6DBDDF26D10A8BDBD009D05
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\wx538042[1].js	HTML document, UTF-8 Unicode text	E5012C0A23AF5986A10B303023F0A4E1	A1B2ECCBE6AC598FA93BAFFA1A553BABB4E0268F	BA69B838E7FDCFBDBE35E27CB794068132488DDA5F84198BEA93F1D6ACE4EAFC
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\wx[1].ico	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	5281E972EC463897022F56464011B5ED	2A719C124449E0C31A0166CEA7867BB1A44780BD	A62D7D84BD02B1718106D294D1F2C8387F9967239696C1E8B446201B63F34DC7
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\wx[2].ico	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	5281E972EC463897022F56464011B5ED	2A719C124449E0C31A0166CEA7867BB1A44780BD	A62D7D84BD02B1718106D294D1F2C8387F9967239696C1E8B446201B63F34DC7
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9026IKNJ\zepto.min[1].js	ASCII text, with very long lines	CF97C2F5D1C527C0AF8D542D17CEF33C	6C7B6F7DB891E00456F94BEB87D56FA7EA62E103	278BFF7365E760074E0BE16620129608D4B8342C8C3D28D54821F0A4281D9F9B
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\-BoLzbFMWaIrntk_TkoJpxw4GCqzVZNw5R90GxnvJgRA9lEfEFILq7pOHtm2jAXh[1].jpg	[TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CC (Windows), datetime=2020:07:02 16:42:00], progressive, precision 8, 3402x1701, frames 3	CD1D76AABBAE84BF4D4EE8C3ACBDF0BD	F8936856D8501C6B6D86725F6E84E28E335E426B	4D8BB6433800FE006F5974F0B5209D30503A5728D27000989CD68B77448A63FF
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\0[1].jpg	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 810x785, frames 3	8CBFA2265201966B33548EB60075E25B	02F94EB58CDB01EB5460080E4EA909AEE57A6646	7ECBF8CE98FA163A01957891BB90173418243AF5C44B6882DEDD7E84E3EAD4B9
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\2EwGUTQNhAWGoAAmi6lnBjBLGLW1HcIY_ImTI6m7rJdcXuXXqfBHcuuzXVbgu111[1].png	PNG image data, 445 x 698, 8-bit/color RGBA, non-interlaced	4CF78E2A5D330E05168C9BC10BBF57B7	2DE131C8FDEF17A3DD461A3D68D43619593B4181	ABCA3CDEFC108EB02DA566FF003E2D0A25DEFAF7C3CF621B67DCE60C23D095D3
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\7Vyht0afDn4LqlNePXYwajA7Fefo4QYjj0T43crTZxf4NPIxNISHTGaezdc_wLBh[1].png	PNG image data, 730 x 480, 8-bit/color RGBA, non-interlaced	CF217A3857AFD889AF4F0687BB7B8DDC	BA4E5FB3C96B30C6FF6E99AE050CABF3FF08666C	668754240696BC6BC397C3FE7E010E2EFB5E11BF63FC46B44FDFC2AB7F99E76F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\Helvetica[1].ttf	Hel	41EFB6C7F8992FFF8E73B1F76B2FD5CA	CEE6DB5AA19C8E5D902F5C3C2AD642C8B6FA089C	AA5A97B7A06C6B415CA8A1E8E8E6D9CE07ABF89737B2EAF6E9F08F231E2813AC
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\Jop-OVwQGtgt-UsOOsV7c_fNxz2nL-5NB56gnfVbDgkw7tKHt_fw3-NNjtQu1Nuh[1].png	PNG image data, 623 x 328, 8-bit/color RGBA, non-interlaced	34D5CB788CE0EED8362877F036D3BF61	94C41073C67C41F278390996B417BDDB15E3AF31	97B7C387461F8B9B7230B103A09B1455E79F783B1C99E82A244B61FEBB2AD1B8
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\OFNCMaL1i7ui6VfWXkStMe6S2W7PnTz7w8a3kiidN2nCia1STIKu6Yyedj6Ej10O[1].png	PNG image data, 1333 x 862, 8-bit/color RGBA, interlaced	CD1FAA7E6E17F79A27DAC3EFCC9CABF5	33AA7E13E3151E9015E09E7FA187D5B17092A85D	40EE14939B095D852CEEF8ACD0BA2EA35754890CE835A52D6C6BBC98B5BE5900
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\P9ZREIJ7lQGS-V4v_uXBInG4ZgyR2RRlxhLmz3BGyI9PVs7yIKnLmBc9Y2mAJtXn[1].png	PNG image data, 554 x 278, 8-bit/color RGBA, non-interlaced	A82B56C0CB2E6C51261256625B04E8C5	4091BF891C09FF744CC981FE029EF24D6A268B4B	F7A0E75E81D016B4887F05808786149C0BD887F68980D109A09DF36CE658DFDD
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\Pokqf5zeFn166dulcAnIlZ7y2SmCMTbeLT8vCG9sHSy-Xa5HPKqcK7wqumtvPDJD[1].png	PNG image data, 354 x 444, 8-bit/color RGBA, non-interlaced	44E63CCD5D62DF8AE5090FA1FAEFADEE	94827E354F2F3497488261E14C68C44FCEBE32B0	7FC70B637FF030E260A713ABC4931D4D955EA06CBDB7FFD104EEE21B41B19C93
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\UUXSZ9IsDdPgJoirv86m4I1aFnLkhDYYDVA8SwUCrS0jnCq77rJwPXNFS-N8tLEJ[1].jpg	[TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CC (Windows), datetime=2019:11:28 16:40:57], progressive, precision 8, 3402x2409, frames 3	8045960DD97C568D66FE7AC7C2025697	E72C7C9E7D87017AA4B8F3B27B31E849932AAD13	662D1F421DD6790D1114E398DB091732A04A701CDDE30744D6CA90705360481D
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\WL6ARo8kHqZupTpSRjHStUTUMEos6nu22Wghy81YRkMzwytVgtExZxW9WWX4yncS[1].png	PNG image data, 554 x 387, 8-bit/color RGBA, non-interlaced	ED757784DE9A4226DD6796B2C48CAAD1	BC510AAC19A525CF41E6BCA88892DCD22D6FFFF4	8C1B64A7D58B8D17A117CD3BFA29FB3E859C36E2A8A08A2409F97813001ECE6A
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\base524735[1].css	ASCII text, with very long lines, with no line terminators	DF21BA0A466C0C81BC88E87D0D51291A	4F19BE1A0B29CB4581110E9FAD1AFD7936F1BCB4	693424654883662766775313363D16F4262885BDD9A40942EC6C02270AC99A75
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\bg_banner49d02a[1].png	PNG image data, 1440 x 460, 8-bit colormap, non-interlaced	E5AE51EE84BC5F8E8C6A86D8F20ABE71	6B6A3DB48CB2C508514E920ECC1A2167A4B86E60	60E587C57B3FC4443C04CB19C876592D9DD94D897E0836D85CFB2B64F1CD78D3
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\bsv6bJb_SmltBbPFIFUc3E7P_x86FaYHDwXnsmciFmCIEebennQGmyp8p7GtFkam[1].png	PNG image data, 750 x 1334, 8-bit/color RGBA, non-interlaced	8319EF96D66F58BB04925816F08A9765	20D7AEF655DB6E13549467B073E27FDD224B24A5	9BDBF539697900C844163CD726CE36F6CA45CC13704C9FEBC6C5AF96352B2AEA
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\c33yinftKNE-lVzqSzF8Yhvnt5CXZlAfB8rXKr2xhE2AUphjHUb3ONRhQWGHiKAF[1].png	PNG image data, 401 x 641, 8-bit/color RGBA, non-interlaced	9A35F813B06FF9F6C1C72104E0B91F1A	BDFA195AE2A67606F84FFAA45C888FFFA7CA643F	AF6518F234FD933D46664C7AE65508D802EAA8A2831EC381E805AC6897883281
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\fPHfdvcDUZ-s6ZDMwZgQ1YBjqVkP3AQcycpppDNippZvfnmnV2Fkp8mU_FJQOG-x[1].jpg	[TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop CC (Windows), datetime=2020:06:10 11:55:10], progressive, precision 8, 3402x2409, frames 3	1789D50C6DA0A01DEB49147875B4A3D0	BBFE21F1433A93CA52A354D62326F12043C2E31B	F7BA857C51E4C781F13090291CCDB42A9C04DDB7935F0C164CEC5288E8CD8D0E
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\filepage[1].htm	HTML document, UTF-8 Unicode text, with very long lines	A598F16A0C4CF3C5AB0C19C4B9908888	A439C7829DDB598603290813F7E387C8AC0A0B5A	F247573CA00BF27FA818FFE821B650E094F59C4E774F50D31B7231E37B80929D
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\hfAHTBMm_3llblfuh0qpObg7vk2dygWV79pTi815Acym2UZVV4NrkQLaov45hzfd[1].png	PNG image data, 730 x 480, 8-bit/color RGBA, non-interlaced	C0948062912ED6BAEFC7D789A9AEADD6	B9700F1611EE2448B8D84409E904F6EC873AA706	AD013CB4E830C6DEDB17C1FC45C66A9AD72BE16709B9D21811315824078CE26F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\httpErrorPagesScripts[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	9234071287E637F85D721463C488704C	CCA09B1E0FBA38BA29D3972ED8DCECEFDEF8C152	65CC039890C7CEB927CE40F6F199D74E49B8058C3F8A6E22E8F916AD90EA8649
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\impowerApp45a337[1].css	ASCII text, with very long lines, with no line terminators	1802FE14C3522D4575AD1D2642B51FB8	ADC0EAE01115E0240278FA2130CBD7FB5BC5DA85	EA275574BF22D01C6F3661FE323EB11AFAEF6AD5BF6BC0B43EC457DB06EFDE32
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\jquery.min3696b4[1].js	ASCII text, with very long lines, with CRLF line terminators	EF3D5FB2358872750B0655941FB0A9A5	B661751C7AA065E2E159DF6103BCA974B1111409	CE32707C0D679B8ED56B5DC8C498E1B1667E5B1905B8AEFF42151E3F6667D73D
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\jserr41f237[1].js	ASCII text, with very long lines	553A13C1EDB09167D882777CF1130206	68790C65E81634962BF9DE0AA5EB84F1A1336507	28B2A182ABEC28EE1B1304315B95776007534BC7AE0523B6765D9424BA1302A3
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\jsmonitor[1].json	ASCII text, with no line terminators	A8C9FC9E532B635F628E254D2C523245	F025528038558BE3CD63B0D1043999413E8E69EB	B6F2459E9910FF905F0C7302EB6A5AB739A2F1B649ED088A40C4D96054C9A615
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\jsmonitor[2].json	ASCII text, with no line terminators	F8585F8AF1EAAAF5578771244268CB27	064E802DDC06CA09CC4A71CB11A4106AFD13ED75	B3A60EE837644614623E04306F302EB4A320E9DF86E422A1B36D1A2763ABC829
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\jsmonitor[3].json	ASCII text, with no line terminators	02FBB54C294F22D5929A38EAAA15BF73	2A648FC97BE7DE376E1C2EF37A09E8C875EF18FD	DDA89ABB96EDC8D22D39F69E9972C895501B9A4BA716E2767AE0012578EE06BF
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\layout_head4c67b9[1].css	ASCII text, with very long lines, with no line terminators	2160524964F90B59B309B936812BC295	09133FBAE397EC51D97FCF2C8D5F0E90F5F9E66F	A33889E098E3C78455DB6D4F5D8BE13C6A2F5E26FDB07CD6639B38CB2187DFAC
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\loginpage53b401[1].js	UTF-8 Unicode text, with very long lines	470C37B69FB8A340D6AA1A4F818FEB6B	60C630CF9616F6AAEBE21E86FD38E0326509333C	966AC2B1B44A0D8727F9A87F0076347EFCE9E8DE48F68E8D5625312DDBD827A9
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\moon531a40[1].js	ASCII text	C186DB8BF02B427C1B922561FA73094C	9EF7EC683602BA860221440531904F7A6112E2E3	818BCD2294DD9C93222F272A06A719AD3972A85F0C52E2048CAE2DEC626299C4
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\mp_qrcode49d02c[1].gif	GIF image data, version 89a, 102 x 102	84B88903D8CB1DC6B4A05883731DE2DF	EA07BD9C1199DAA9230F8766216DA3A8C49CB5DC	9B03921726F9BD46726DAAB78C1E1C0DA57EC9CA29D42B6E66BD8A4FA6B811EF
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\new_bg_logo_primary.en_US4bfdce[1].svg	SVG Scalable Vector Graphics image	A5F6F3A738A4884F6B2B2020613196B3	DF62C160E08B13723AE3CCC577D5842B2345645C	26F408D9EEEA1480EDBE71C8DD3E238D2FB88642739E86273A2947A97C7D8109
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\page_news_list49d030[1].css	ASCII text, with very long lines, with no line terminators	CBACB3A3181C3DEBBC3A870F7336FEEC	6351F5F4B64B888E1C131ECF27491866B3320CF4	BDF9A8B51918C1CB8BB4E4E6C58ACE5E6A13BEA1F4A17BC03A2AB455FD2C0AB0
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\pcannounce[1].js	ASCII text, with very long lines, with no line terminators	6EC25E8B8BDC093763CC59A6CD381CF6	17604D73F8CD9ED185A654E9F6AD8EC6D8978DAB	2D7262D700A41DCA8F2B03F5EE82331DF7A80BE54F424D0EAFF40B67145483AF
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\promise531a40[1].js	ASCII text	829F4227148F5DBE20E592EC8A89C03E	A80C0ECC8F623B484FF2F7296457F920DB87F386	12F5CC71E6159383989196776264CE4F9A6C5BFA990A7650B876EE76A99EDB6A
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\qr4b3e56[1].svg	SVG Scalable Vector Graphics image	CD002CCC6C1B248DA0824189E96FF5B4	B730E3830C0561FCA2A9EE21FCD65F14187A8CFE	F6ECD33FAC54F7996A46940E9603713C3C6A95AD13FF6D895974696B9A3D3A3C
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\respTypes492dc0[1].js	ASCII text	85F61B64A8E5791B4FEA27D05B187B75	1BF22288071BD6136D9C6E12856FA677A59020B4	3BD09E43239CFF0FD214C6533451055E16F6E6D3CA51F3BDD5E92E453055CA28
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\respTypes492dc4[1].js	ASCII text	85F61B64A8E5791B4FEA27D05B187B75	1BF22288071BD6136D9C6E12856FA677A59020B4	3BD09E43239CFF0FD214C6533451055E16F6E6D3CA51F3BDD5E92E453055CA28
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\sW_boqEmX0baFRnmOKb7rE_qXrOZcZ1R6iOrSxNfBnncWu5_Lk69mCphtHh30nWG[1].png	PNG image data, 431 x 864, 8-bit/color RGBA, non-interlaced	2D5EC6E3E5ECF998A0BAE288A80400D3	0695D46D3F381EB798A17C5459F9807D6A072C45	01D0BB4A2046D93522127ED6D35FFFD9B7E08D345F399B33C607152CB1460ECF
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\store492dc4[1].js	HTML document, ASCII text	83C756665F462EDEF6E782BD1D4AB544	7B220886075F9F41B418AD5F45E3781FF2519787	8994FFA650E70D3756C1DF0D2A6C13C0FE3D7CBC5BBFC172B57041C15368BE28
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\wx_inner[1].css	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators	3C06CA773EE85CFE3341BC1A558A049B	F7CB31537CAB9186B075A852DA5B127FF08300DC	71BAE0FBBB601DB6632229D796E7C25555C4F82E1501489D4E48CA4EF399A6BA
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\zepto.model[1].js	ASCII text, with very long lines	302E1AF167CFC727D43CE4B187048D2C	1AA115FEF663D30EA8E0397DA866B04126D1E236	DF0919AE79EF8E78294E7797991629988F0A2B1FAB0CE1EB6DC63FEA079FD5B0
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\zoom3a7b38[1].swf	data	6C87868643C89B97D7DC558B22F45983	15DC47F6E64233C611129DECCF7F6A903F31890D	CE6466546B72A696710C46B48491202A4F69D6A280B403FA8062E02B528D23E6
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\CS6IXJW6\zoom424267[1].swf	data	6C87868643C89B97D7DC558B22F45983	15DC47F6E64233C611129DECCF7F6A903F31890D	CE6466546B72A696710C46B48491202A4F69D6A280B403FA8062E02B528D23E6
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\0[1].jpg	JPEG image data, JFIF standard 1.01, resolution (DPCM), density 28x28, segment length 16, baseline, precision 8, 850x709, frames 3	5AE5CE53E05268D5F217FE9043FB3605	310A59376DA4E7622437E91EB2E79F6937CBAF9C	EEB7DDF843A36D6C2FAE503535821B41E80618AC07AF06E98ADD5E5C7B688A7F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\0[1].png	PNG image data, 750 x 497, 8-bit/color RGBA, non-interlaced	E0C78D6DEECA29DEF77472A47BCF0FBE	FFB072A556023EBBC9AB8589378D69545632A745	0B5D1B6B6E218C4435CCF8F90C1458A073BFBFD53A8B7A146BA7F3BAF13E3CC3
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\0a7a764c90304531d572feeaf0870cc1[1].htm	HTML document, ASCII text, with CRLF line terminators	CB6FFBB4043C88E63023BDBE1273E7F6	51AB256FEE07AE97343AEA50861F5B9B0214CAC2	E2085B8AC766C65A76F7E31E2EE5D257F7728465331A46EE58005FD212575348
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\0a7a764c90304531d572feeaf0870cc1[1].png	PNG image data, 230 x 130, 8-bit/color RGBA, interlaced	3A56184FB91F6E15E67CB5D743244A16	88CDC3C7058ED548B962B3B9C99DCC70A5645511	4F196A8E7D5579A966A38188F07B15705E6F31F5C3ADE2E00FCB9F0A5563C7C8
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\120911VrYVrA15091832Qzqq[1].htm	HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators	17E109B51E0BB9A901A0430D9EF37C08	2C4F6578896DB46A75243447650B97599B5A1FC7	73065D562157870E07F37C45F5DDBB9E450C964D8F8584979AA8C90DD9A681A3
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\640[1]	[none]x[none], YUV color, decoders should clamp	00AF3F76C1AE6D732355B1A344393DFA	BCB90A9A73277E69552E366371965BDFF3591AF8	E9D18AA13AFEC2005E33B60A61C9CDFD31C20B62DD171234DDD226A39358B0DE
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\NTI4MWU5[1].ico	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	5281E972EC463897022F56464011B5ED	2A719C124449E0C31A0166CEA7867BB1A44780BD	A62D7D84BD02B1718106D294D1F2C8387F9967239696C1E8B446201B63F34DC7
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\announce[1].htm	HTML document, UTF-8 Unicode text, with very long lines	617C1420381A13313273B263F223D704	CA8FF045377A45D3B3BB3F305E469FD105EF4D05	99804757E885A7460FD40970C1CE923E6F07358FFD5F099FEF4525A83E46F86B
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\announce[2].htm	HTML document, UTF-8 Unicode text, with very long lines	519670E915133687BAFD973F8B49EF80	AB67DA8DC4AEF4E34A53B55B00C9B714138F12A0	E79EA5B6EE0309BFB55EA5C21EF200C1F47DE5C3842619015F3FDCFC4D8765C9
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\announce[3].htm	HTML document, UTF-8 Unicode text, with very long lines	9477F7A289EC2BE8060317A355003A38	9BAA538140A0F0C2EBCAD3328E8CDD6A19B56156	92649EF735E7FFBD8B507D58DB958309412E3E35C4DAFCF1F3DA9832A4ABD568
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\base524733[1].css	ASCII text, with very long lines, with no line terminators	24F69725C1D3689451CB1D373E75D2E3	CF9BEE3DFA32DE8A4198BCB85F3F30E6507896EF	893C02F662C3C9A6FC39214FBA70FFE45AB797FC5EF44464A33559DDBF2BA843
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\dnserror[1]	HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators	2DC61EB461DA1436F5D22BCE51425660	E1B79BCAB0F073868079D807FAEC669596DC46C1	ACDEB4966289B6CE46ECC879531F85E9C6F94B718AAB521D38E2E00F7F7F7993
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\errorPageStrings[1]	UTF-8 Unicode (with BOM) text, with CRLF line terminators	D65EC06F21C379C87040B83CC1ABAC6B	208D0A0BB775661758394BE7E4AFB18357E46C8B	A1270E90CEA31B46432EC44731BF4400D22B38EB2855326BF934FE8F1B169A4F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\faqlist[1].js	ASCII text, with very long lines	A27BCA341821DDDAD5248EA7AA7BAAE8	0FA81EB160ECF269D30F99462C24460E14124A28	E1559F36F2EE65CD46120B4B54E88655F9F7ACFDCFC9CA696A9A0FE2652F76A2
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\icon-penguin[1].png	PNG image data, 55 x 55, 8-bit/color RGBA, non-interlaced	123A4A6E9174BBCD3832EC8B0E6AAE7B	8A9A5BB1C9BF12842DF22A468AC5F2090F9A5696	9CF4EC399EFBFDEEDF67A06DD05816617364C5AB227CFC03A2935693E1BFD67B
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\icon-teenager[1].png	PNG image data, 40 x 40, 8-bit colormap, non-interlaced	74182458F5DE17CD70A25A283070FE5F	2B3587A74E019A06B940E639B87A39C16D46D5CF	7C86FC4796B8CE5129895AA7165706B5195D9CC16B0E27CE79766A12D5959E03
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\icon-weipay[1].png	PNG image data, 40 x 40, 8-bit/color RGBA, non-interlaced	2820E7500EADCE9CB01949A7DDC4BAD3	1C68E8969BF80C520146BD867460EE100941FCA1	AF20AC8094AEAD17CB9F708F0FE2D7BF281CA4C1526F60891BD52DB1FD2B6DB5
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\icon_forgetpwd_account49d02c[1].png	PNG image data, 90 x 90, 8-bit/color RGBA, non-interlaced	983121433D518EE8EDEAA2EC83E44C9E	15A6D7D4A48826E9BA80DCCC423B69BE1788B27E	8C44D554FF85647663644FB7AE4C8101454CFFF3EF9EF3CE39DFF8DE9A55DA05
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\icon_forgetpwd_pwd49d02c[1].png	PNG image data, 90 x 90, 8-bit/color RGBA, non-interlaced	E448E9371754F93048E2767835BF80BC	A7A4F28B10463B2F424BE58BA9B5B9F3D83B54EF	24FFEB13E01E66F8921D3BA9B59A4E1A3F82C5F1B72826739435F946A824C0D3
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\jquery-1.9.1.min[1].js	ASCII text, with very long lines	A684A068D23EF39D5DE1CE5655AEF949	90972E78EE8DAD193DDF3206D30BF720CF759D5D	085F67FD58AABC6B89E14D21127623012B63819CEB5B7753EAE4C366B1496DB6
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\jserr538ca4[1].js	ASCII text, with very long lines	768506723AE670598A0890B528859B48	6B1C3CD004C47EEE5D6F7915E2A83BA62A7D64E0	480C408A63D7CF9BE570652B9E000E2FB9A33EA712253F288EC6EAAE0855EAAB
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\jsmonitor[1].json	ASCII text, with no line terminators	38AA010EB62F089CEABAA1FD83CF90EE	70B9F620D0CF0BAE122062691704D3E56C7BDA90	47F0E04D8E6B1E6409938291EB44BED496F0913E55AE8EFFFF1A7F09690364E3
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\kf_announce_new[1].js	HTML document, UTF-8 Unicode text	E291162C2A170621A83D4A47F2E86EC7	C060C8CAFA5E4D6705A5AC137F28D0598CA34A1E	48D62429EF33089075640322B9BFB944CCAA90CF6B8C1D88A43809CEE3C29DF7
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\kf_creat_menu[1].js	HTML document, UTF-8 Unicode text, with very long lines, with CRLF line terminators	5B4A2F9C25B8578A1432370CE74C5F5A	56AE2BB8E4119D20E8F715284BA0E272A2FF615F	4E28A532C8AEDD01AEEFFC67A27167B6E8564974C4818E13198B0B930E260AF0
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\kf_creat_product[1].js	HTML document, UTF-8 Unicode text, with CRLF line terminators	7221CD1CAA6C2432ACF33DBCFBB61552	906F3E773B7D1161CB65E17E6715B98CE2CF990F	0610853C784954E76D72135174A0E72A0D4DA16ACBB42CD49944706E531B0995
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\kf_head_v8[1].js	UTF-8 Unicode text	B4F3E9A1CF3CFD6E32AFAA32D74985C8	AC6F67947E40433E33B1ECB7D39C6234115B0EFC	CBD4F1D28F7222C33D9162DC62C4EEF30EDA4E222C78B82C7CF2E49C8EC660C2
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\layer[1].js	UTF-8 Unicode text, with very long lines	B0B2F8925C6F948E6C535890F95FFB22	BA5F42968C4C611660F6CAD295DFFFAEDDDCA229	3AA624CF8B86A376FE6FF0DCD8DDFCE0B59DEF5E63BE0F36D20C5AAB13B53F8E
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\layout_head4c67b6[1].css	ASCII text, with very long lines, with no line terminators	1CA350D931B168948DCF1510D00A9615	AC278B12C30588EB00C1FF8BEA4765BEC156F0A0	269B00B91074BAE265D1A7B3620A8520E37417E1C97F76C043741D4F437C0117
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\lib49d02c[1].css	ASCII text, with very long lines, with no line terminators	D402DA1B42C8A9202C55C818BC83431A	CF75DBFFA831008859830665A1126CA0EF6C8D17	D962C0F2BC80FEBDF05B02A666D4829736B88D8E203C5A852E913C3DB08D1370
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\lib49d030[1].css	ASCII text, with very long lines, with no line terminators	D402DA1B42C8A9202C55C818BC83431A	CF75DBFFA831008859830665A1126CA0EF6C8D17	D962C0F2BC80FEBDF05B02A666D4829736B88D8E203C5A852E913C3DB08D1370
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\list@2x531a3f[1].png	PNG image data, 44 x 44, 8-bit/color RGBA, non-interlaced	EE624015A06560FE3C1E4B4CB4C748B5	0470070DF6296CCAB0A0F72B0E8E56C3A73D4492	442AE0B26B38D60D06078B0E052EEA57ADBF4463036D745541D21873DA49F7EE
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\loginpage53b394[1].css	ASCII text, with very long lines, with no line terminators	62C612B71E93FCD65C85730798ED10EF	AEC19C9D03C6A91E0A4F16882F84304EFA8099CF	15552EB5B8A2499C46F5DA7CA29CEE52C0C315777DA81560834D26D8E48FDF77
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\opshowpage[1].htm	HTML document, UTF-8 Unicode text, with very long lines	1F7101964910EFEDA17DC5D0190FFB3E	0A630EEEC1C04912462D8CA7FD04F761FF10953E	4C9BE5B951D21F747B5E33B0E14440E043C085EAE0AA6A1AEF075C7544D2C5B4
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\page_protocol4daee3[1].css	ASCII text, with very long lines, with no line terminators	9600DDD68CA117F7B2E5FD3ED201FFA2	B7C7A249240794DA5261A6993869B884DE102500	887A3F8AC3800F3EC4A98DB6A0770F0EA4DA0F50FF0FAC14BDCC9EE7DB8E1CF8
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\pagination49d030[1].css	ASCII text, with very long lines, with no line terminators	C06DFEFA780B2596C1B3141DE5FC7BDE	E92F7AA6FEFDA97CE2920A590C903C14611558F5	87967567723D670E2A8BAB866A5858478C503670D25459F6F37A0EC7ED33F35B
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\readtemplate[1].htm	HTML document, UTF-8 Unicode text, with very long lines	2E3F364124531A96DC9B3A7FA3694905	0C5368A4F4C89B0C3CB9A96807A6C70B580AE753	7DE2F9CEBAD0608E384A9A1DF8F3C14176F1A91A064FB3E0A1469D6EAE26557A
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\sea492dc4[1].js	ASCII text, with very long lines	B173BBB26D1AF3F6AB0BFFF38E2D8D32	F8FFC780162D894337885FF25A578A0557DAF83E	9598841F67013EB148F76C08C7AF3EF64B095994867B01F115BAC68780520F0F
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\sea[1].js	ASCII text, with very long lines	26A812EDE84886A75880D9A2E723A00F	A601CEF80A60A99200950123AC9821E1B26C5581	A930A3AEF9A72482C88962BB979CE88D3628ABC918DB3C0A0F9491A8BA0C1F5D
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\store492dc0[1].js	HTML document, ASCII text	83C756665F462EDEF6E782BD1D4AB544	7B220886075F9F41B418AD5F45E3781FF2519787	8994FFA650E70D3756C1DF0D2A6C13C0FE3D7CBC5BBFC172B57041C15368BE28
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\style-m-login[1].css	ASCII text, with very long lines, with no line terminators	733151C1020B1C85BCC386059DA66000	BC7F5E283F147A355CD473F5CBB2525264A72CD7	111CD6D6C3567C247CEBDFC8EED835DD781143E20C54D87D842061AFC820CEC9
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\util[1].js	HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators	FBC37F3CAB7033C24740A40A68F0831D	8B0F38DDC9180EB18512419EBC256F65FFD92465	3DFBA0D64E9E3D0D94AAFAB838F0BDA064BA38B27458D07269EE05F259075162
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OR0WKIO1\weui-desktop_skin524733[1].css	UTF-8 Unicode text, with very long lines, with no line terminators	380FF00514C5635CD575BA70ECDDE0A3	583A325030660DF4D761B5BFAC168D151249D7BE	49EE9A38D885057EA7CC63B60BF5D04E3CA70001DA58F777247C7575D5E91B19
C:\Users\user\AppData\Local\Temp\datB00E.tmp	TrueType Font data, 13 tables, 1st "FFTM", 18 names, Macintosh	B4A1F345CB8BF8CA0C52D77F8A958D88	FDDFA3FD92601130DE4B4DC4D799B21A6D6BA9A1	84D37E1704CB6CB9135FE5FD1D807613E34C93FAEBE10C0497A0C6BADBF597DF
C:\Users\user\AppData\Local\Temp\~DF5A8707359EE8E870.TMP	data	8F451F36181DFF0764AFFF8E9E2EF703	8B6E2A648E4A55EE90F3BA3A1CB55606C9F55110	59C50B75B46C3DB940CD22FCE8B5DA4936AFC65A324390F44DE7B024B10D7972
C:\Users\user\AppData\Local\Temp\~DF9D066DA7F06B588E.TMP	data	0FA18C1F281673D160147D3532868600	37FEEB4EFDDCAAD7E3F81AEC02AD021BF74F7B7A	793410778AA87D229D7072D7F35EE608B0664E10B0AE0A8F526420FACF47D0D1
C:\Users\user\AppData\Local\Temp\~DFF0EBDA370B2C9848.TMP	data	AB889A32AB9ACD33E816C2422337C69A	1190C6B34DED2D295827C2A88310D10A8B90B59B	4D6EC54B8D244E63B0F04FBE2B97402A3DF722560AD12F218665BA440F4CEFDA
C:\Users\user\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sxx	data	E6C43F918D0C546BA7FC45ADE9CBDFE6	DEA3F13ACEAC6D52CCA2B50E9139EAAED33375DB	270716C85D88FA2BE9AD9F85ADCADE1783E8168862461C53DC8AD07386D3AFE3
C:\Users\user\AppData\Roaming\Macromedia\Flash Player\openssl\cache\RevocationCacheFile.dat	data	0F343B0931126A20F133D67C2B018A3B	60CACBF3D72E1E7834203DA608037B1BF83B40E8	5F70BF18A086007016E948B04AED3B82103A36BEA41755B6CDDFAF10ACE3C6EF
C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\CDHMBE9P0BXNYG9M6XFW.temp	data	E2B9AC7F04780F2BEE2057547C19B7C2	7B88AF37D2C2AF992076EA377FDC40376EA27C66	BBA7688F18281D9191D3C108949D43F00B51977A0C3BFD2E2C467993B814A431

There are no high impact signatures.

Compliance:

Uses new MSVCR Dlls

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Uses secure TLS version for HTTPS connections

Source: unknown	HTTPS traffic detected: 203.205.232.110:443 -> 192.168.2.4:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 203.205.232.110:443 -> 192.168.2.4:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.109.206.154:443 -> 192.168.2.4:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.109.206.154:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.109.206.154:443 -> 192.168.2.4:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.109.206.154:443 -> 192.168.2.4:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.109.206.154:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 211.152.136.121:443 -> 192.168.2.4:49775 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 211.152.136.121:443 -> 192.168.2.4:49776 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 203.205.235.37:443 -> 192.168.2.4:49783 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.109.206.154:443 -> 192.168.2.4:49788 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.109.206.154:443 -> 192.168.2.4:49789 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.109.206.154:443 -> 192.168.2.4:49792 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.109.206.154:443 -> 192.168.2.4:49790 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.109.206.154:443 -> 192.168.2.4:49791 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 203.205.235.37:443 -> 192.168.2.4:49815 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 203.205.235.37:443 -> 192.168.2.4:49819 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 203.205.235.37:443 -> 192.168.2.4:49820 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 203.205.235.37:443 -> 192.168.2.4:49828 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 203.205.235.37:443 -> 192.168.2.4:49832 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 203.205.235.37:443 -> 192.168.2.4:49831 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 203.205.232.110:443 -> 192.168.2.4:49835 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 203.205.232.110:443 -> 192.168.2.4:49834 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 203.205.235.60:443 -> 192.168.2.4:49838 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 203.205.234.140:443 -> 192.168.2.4:49839 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 203.205.234.140:443 -> 192.168.2.4:49840 version: TLS 1.2

Networking:

Source: global traffic	HTTP traffic detected: GET /mmbiz_jpg/PiajxSqBRaEIQxibpLbyuSKibkkRsARXa5UNlS1RXgxyJYYmT8I7m0KricFdib41uMX3m0rtUiccELJms9Y3Th3bDOqQ/0?wx_fmt=jpeg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5Accept-Language: en-USUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Trident/6.0)Accept-Encoding: gzip, deflateHost: mmbiz.qpic.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /mmbiz_jpg/PiajxSqBRaEIQxibpLbyuSKibkkRsARXa5Ufiautz6rpA0GDjic66uRafVXpa8OEDmx5nGKg2x2HX0ErdKttt6RHRDQ/0?wx_fmt=jpeg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5Accept-Language: en-USUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Trident/6.0)Accept-Encoding: gzip, deflateHost: mmbiz.qpic.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /mmbiz_jpg/PiajxSqBRaEIQxibpLbyuSKibkkRsARXa5Uv4PLgLzJx9zKpRGQpDDqrYKGMUz7KkPx8iawAuMeNmjcUJYM7bdWRNQ/0?wx_fmt=jpeg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5Accept-Language: en-USUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Trident/6.0)Accept-Encoding: gzip, deflateHost: mmbiz.qpic.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /mmbiz_png/ZbfXXfBDcJLno1e1UqjrWib4PU6YuqibXPYg8RHyPZ1D7ib75wZqBbHvXxSzia55QTrbrKiafPbibiaLYyYeyF7fdic7Qw/0?wx_fmt=png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5Accept-Language: en-USUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Trident/6.0)Accept-Encoding: gzip, deflateHost: mmbiz.qpic.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /mmbiz/ByCS3p9sHianpGy0vCWQsiam8Bk1gqf0VJmlp3UaxJ3aUA0w0VHvNy5Aa6bkKkJQf1Yus6ZXxbYHs/0 HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5Accept-Language: en-USUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Trident/6.0)Accept-Encoding: gzip, deflateHost: mmbiz.qpic.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /mmbiz/ByCS3p9sHianpGy0vCWQsiatfuEtzA8QIYJYwFcGDF5diaicDau5Voh5nqyBXuxJE9lmiaxFH9t9nWP8/0 HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5Accept-Language: en-USUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Trident/6.0)Accept-Encoding: gzip, deflateHost: mmbiz.qpic.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /sz_mmbiz_png/3GibxlHsvCQZWfOQB1fhM53JHgdNrhP9ECmXibbqYBLC1BD5zqzG8VTOrf6hXk1ib4C9zXHXnpMHibRaf1icI8eTwJQ/0?wx_fmt=png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5Accept-Language: en-USUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Trident/6.0)Accept-Encoding: gzip, deflateHost: mmbiz.qpic.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /sz_mmbiz_png/3GibxlHsvCQZWfOQB1fhM53JHgdNrhP9EWS1eULkneEJaYGcbvFAia50SWyG4y793tRnWPlkgicwJD7AKQ8WzzNbg/0?wx_fmt=pn HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5Accept-Language: en-USUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Trident/6.0)Accept-Encoding: gzip, deflateHost: mmbiz.qpic.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /sz_mmbiz_png/3GibxlHsvCQZWfOQB1fhM53JHgdNrhP9E5d9u27FKriceD6TQfflQ3xKuVxI4897YUKmxnNFH2W8libjRdEFV9TfQ/0?wx_fmt=png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5Accept-Language: en-USUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Trident/6.0)Accept-Encoding: gzip, deflateHost: mmbiz.qpic.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /mmbiz_jpg/iaFicQ6852LK17YHvAo8ibRcQ73ibSRGZ8n4SAgSiaHPJNSDVE3KTkcAeHdzeTPibP2Jhy0TVfXnMo6qeoZnOqT8k8NA/0?wx_fmt=jpeg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5Accept-Language: en-USUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Trident/6.0)Accept-Encoding: gzip, deflateHost: mmbiz.qpic.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /mmbiz/ByCS3p9sHianpGy0vCWQsiahzY2mYtoDTcka4sJlD1PTS0MjOSn5sibTdLPb8xiaKiafuiab2Tz4G9mQ8/0 HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5Accept-Language: en-USUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Trident/6.0)Accept-Encoding: gzip, deflateHost: mmbiz.qpic.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /mmbiz_jpg/bibwa2JU7nS1GE4DZM1qia6KMAI63xWbj6EiawRd4QHnK7uJDvGtrGWlUPfhI97RBjKRbkTXeN9rMrsoFpsD6cjaA/0?wx_fmt=jpeg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5Accept-Language: en-USUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Trident/6.0)Accept-Encoding: gzip, deflateHost: mmbiz.qpic.cnConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /user-files/uploads/202002/0a7a764c90304531d572feeaf0870cc1.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/;q=0.8, /*;q=0.5Accept-Language: en-USUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Trident/6.0)Accept-Encoding: gzip, deflateHost: file.service.qq.comConnection: Keep-Alive

Source: unknown

DNS traffic detected: queries for: mp.weixin.qq.com

Source: util[1].js.3.dr	String found in binary or memory: http://admin.cm.com/cgi-bin/start?GroupID=295&DirectPage=
Source: loginpage53b401[1].js.3.dr	String found in binary or memory: http://admin.wechat.com/
Source: kf_creat_product[1].js.3.dr	String found in binary or memory: http://crm2.qq.com/page/portalpage/wpa.php?uin=40012345&f=1&ty=1&ap=000011
Source: VX22BC5U.htm.3.dr	String found in binary or memory: http://developers.weixin.qq.com/
Source: 120911VrYVrA15091832Qzqq[1].htm.3.dr	String found in binary or memory: http://file.service.qq.com/user-files/uploads/201612/f28aa5cae69cd955d2b2449bdda094fc.jpg
Source: 120911VrYVrA15091832Qzqq[1].htm.3.dr	String found in binary or memory: http://file.service.qq.com/user-files/uploads/201704/50a9bc972edfa45b4cc7b3e53daeeb45.jpg
Source: datB00E.tmp.3.dr, iconfont[1].eot.3.dr	String found in binary or memory: http://fontello.com
Source: datB00E.tmp.3.dr	String found in binary or memory: http://fontello.comhttp://fontello.com
Source: share[1].css.3.dr	String found in binary or memory: http://imgcache.qq.com/bossweb/service/touch/images/agree.png)
Source: share[1].css.3.dr	String found in binary or memory: http://imgcache.qq.com/bossweb/service/touch/images/alert_popup_bg.png)
Source: share[1].css.3.dr	String found in binary or memory: http://imgcache.qq.com/bossweb/service/touch/images/alert_popup_no_nor.png)
Source: share[1].css.3.dr	String found in binary or memory: http://imgcache.qq.com/bossweb/service/touch/images/alert_popup_yes_nor.png)
Source: reset[1].css.3.dr	String found in binary or memory: http://imgcache.qq.com/bossweb/service/touch/images/arrow_slt.png)
Source: share[1].css.3.dr	String found in binary or memory: http://imgcache.qq.com/bossweb/service/touch/images/bg_gotop.png)
Source: share[1].css.3.dr	String found in binary or memory: http://imgcache.qq.com/bossweb/service/touch/images/bg_header_light.png)
Source: share[1].css.3.dr	String found in binary or memory: http://imgcache.qq.com/bossweb/service/touch/images/bg_search.png)
Source: share[1].css.3.dr	String found in binary or memory: http://imgcache.qq.com/bossweb/service/touch/images/disagree.png);
Source: share[1].css.3.dr	String found in binary or memory: http://imgcache.qq.com/bossweb/service/touch/images/icon_class.png)
Source: share[1].css.3.dr	String found in binary or memory: http://imgcache.qq.com/bossweb/service/touch/images/icon_del.png)
Source: share[1].css.3.dr	String found in binary or memory: http://imgcache.qq.com/bossweb/service/touch/images/icon_gohome.png)
Source: share[1].css.3.dr	String found in binary or memory: http://imgcache.qq.com/bossweb/service/touch/images/icon_img_16.png);
Source: share[1].css.3.dr	String found in binary or memory: http://imgcache.qq.com/bossweb/service/touch/images/icon_info.png)
Source: share[1].css.3.dr	String found in binary or memory: http://imgcache.qq.com/bossweb/service/touch/images/icon_info_72.png)
Source: share[1].css.3.dr	String found in binary or memory: http://imgcache.qq.com/bossweb/service/touch/images/icon_ok.png)
Source: share[1].css.3.dr	String found in binary or memory: http://imgcache.qq.com/bossweb/service/touch/images/icon_ok_72.png)
Source: share[1].css.3.dr	String found in binary or memory: http://imgcache.qq.com/bossweb/service/touch/images/icon_plus.png)
Source: share[1].css.3.dr	String found in binary or memory: http://imgcache.qq.com/bossweb/service/touch/images/icon_plus_green.png)
Source: share[1].css.3.dr	String found in binary or memory: http://imgcache.qq.com/bossweb/service/touch/images/icon_qes.png)
Source: share[1].css.3.dr	String found in binary or memory: http://imgcache.qq.com/bossweb/service/touch/images/icon_search.png)
Source: share[1].css.3.dr	String found in binary or memory: http://imgcache.qq.com/bossweb/service/touch/images/icon_tip.png)
Source: share[1].css.3.dr	String found in binary or memory: http://imgcache.qq.com/bossweb/service/touch/images/icon_tip_72.png)
Source: wx_inner[1].css.3.dr	String found in binary or memory: http://imgcache.qq.com/bossweb/service/touch/images/icon_tips.png)
Source: share[1].css.3.dr	String found in binary or memory: http://imgcache.qq.com/bossweb/service/touch/images/icon_wrong.png)
Source: share[1].css.3.dr	String found in binary or memory: http://imgcache.qq.com/bossweb/service/touch/images/icon_wrong_72.png)
Source: wx_inner[1].css.3.dr	String found in binary or memory: http://imgcache.qq.com/bossweb/service/touch/images/wx_inner/icon_mcp.png)
Source: wx_inner[1].css.3.dr	String found in binary or memory: http://imgcache.qq.com/bossweb/service/touch/images/wx_inner/icon_search.png)
Source: wx_inner[1].css.3.dr	String found in binary or memory: http://imgcache.qq.com/bossweb/service/touch/images/wx_inner/icon_shut.png)
Source: kf_login_tools[1].js.3.dr	String found in binary or memory: http://imgcache.qq.com/bossweb/service/v7/images/icon-service.png
Source: scene_faq[1].htm.3.dr	String found in binary or memory: http://kf.qq.com/
Source: registermidpage[1].htm.3.dr	String found in binary or memory: http://kf.qq.com/faq/170815aUZjeQ170815mU7bI7.html
Source: registermidpage[1].htm.3.dr	String found in binary or memory: http://kf.qq.com/faq/190528amEJfI190528Bn2Q7z.html
Source: kf_login_tools[1].js.3.dr	String found in binary or memory: http://kf.qq.com/newlogin/qc_callback.html
Source: announce[3].htm.3.dr, VX22BC5U.htm.3.dr, opshowpage[1].htm.3.dr	String found in binary or memory: http://kf.qq.com/product/weixinmp.html
Source: layer[1].js.3.dr	String found in binary or memory: http://layer.layui.com/
Source: wx53803f[1].js.3.dr	String found in binary or memory: http://mmbiz.qpic.cn/
Source: opshowpage[1].htm.3.dr	String found in binary or memory: http://mmbiz.qpic.cn/mmbiz/ByCS3p9sHianpGy0vCWQsiahzY2mYtoDTcka4sJlD1PTS0MjOSn5sibTdLPb8xiaKiafuiab2
Source: opshowpage[1].htm.3.dr	String found in binary or memory: http://mmbiz.qpic.cn/mmbiz/ByCS3p9sHianpGy0vCWQsiam8Bk1gqf0VJmlp3UaxJ3aUA0w0VHvNy5Aa6bkKkJQf1Yus6ZXx
Source: opshowpage[1].htm.3.dr	String found in binary or memory: http://mmbiz.qpic.cn/mmbiz/ByCS3p9sHianpGy0vCWQsiatfuEtzA8QIYJYwFcGDF5diaicDau5Voh5nqyBXuxJE9lmiaxFH
Source: operation531a40[1].js.3.dr	String found in binary or memory: http://mmbiz.qpic.cn/mmbiz/icTdbqWNOwNRzNyksbtsXmn9n8yiaY6OfLAXC7AVWicYSguc47ibOicWfRDkf2j3eZ5msoKw9
Source: announce[1].htm.3.dr	String found in binary or memory: http://mmbiz.qpic.cn/mmbiz_jpg/PiajxSqBRaEIQxibpLbyuSKibkkRsARXa5UNlS1RXgxyJYYmT8I7m0KricFdib41uMX3m
Source: announce[1].htm.3.dr	String found in binary or memory: http://mmbiz.qpic.cn/mmbiz_jpg/PiajxSqBRaEIQxibpLbyuSKibkkRsARXa5Ufiautz6rpA0GDjic66uRafVXpa8OEDmx5n
Source: announce[1].htm.3.dr	String found in binary or memory: http://mmbiz.qpic.cn/mmbiz_jpg/PiajxSqBRaEIQxibpLbyuSKibkkRsARXa5Uv4PLgLzJx9zKpRGQpDDqrYKGMUz7KkPx8i
Source: opshowpage[1].htm.3.dr	String found in binary or memory: http://mmbiz.qpic.cn/mmbiz_jpg/bibwa2JU7nS1GE4DZM1qia6KMAI63xWbj6EiawRd4QHnK7uJDvGtrGWlUPfhI97RBjKRb
Source: opshowpage[1].htm.3.dr	String found in binary or memory: http://mmbiz.qpic.cn/mmbiz_jpg/iaFicQ6852LK17YHvAo8ibRcQ73ibSRGZ8n4SAgSiaHPJNSDVE3KTkcAeHdzeTPibP2Jh
Source: opshowpage[1].htm.3.dr	String found in binary or memory: http://mmbiz.qpic.cn/mmbiz_png/ZbfXXfBDcJLno1e1UqjrWib4PU6YuqibXPYg8RHyPZ1D7ib75wZqBbHvXxSzia55QTrbr
Source: opshowpage[1].htm.3.dr	String found in binary or memory: http://mmbiz.qpic.cn/sz_mmbiz_png/3GibxlHsvCQZWfOQB1fhM53JHgdNrhP9E5d9u27FKriceD6TQfflQ3xKuVxI4897YU
Source: opshowpage[1].htm.3.dr	String found in binary or memory: http://mmbiz.qpic.cn/sz_mmbiz_png/3GibxlHsvCQZWfOQB1fhM53JHgdNrhP9ECmXibbqYBLC1BD5zqzG8VTOrf6hXk1ib4
Source: opshowpage[1].htm.3.dr	String found in binary or memory: http://mmbiz.qpic.cn/sz_mmbiz_png/3GibxlHsvCQZWfOQB1fhM53JHgdNrhP9EWS1eULkneEJaYGcbvFAia50SWyG4y793t
Source: readtemplate[1].htm.3.dr	String found in binary or memory: http://mp.weixin.qq.com/acct/findacct?action=scan
Source: opshowpage[1].htm.3.dr	String found in binary or memory: http://qq.com/s?a=b#rd
Source: loginpage53b401[1].js.3.dr	String found in binary or memory: http://sizzlejs.com/
Source: opshowpage[1].htm.3.dr	String found in binary or memory: http://weixin.qq.com/cgi-bin/readtemplate?uin=&stype=&promote=&fr=&lang=zh_CN&AD
Source: loginpage53b401[1].js.3.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: opshowpage[1].htm.3.dr	String found in binary or memory: http://www.qq.com/contract.shtml)
Source: readtemplate[1].htm.3.dr	String found in binary or memory: http://www.tencent.com/en-us/index.shtml
Source: announce[3].htm.3.dr, VX22BC5U.htm.3.dr, filepage[1].htm.3.dr, announce[2].htm.3.dr, opshowpage[1].htm.3.dr, announce[1].htm.3.dr	String found in binary or memory: http://www.tencent.com/zh-cn/index.shtml
Source: readtemplate[1].htm.3.dr	String found in binary or memory: http://www.wechat.com
Source: qrconnect[1].htm.3.dr	String found in binary or memory: http://zyjc.sec.qq.com/dom
Source: qq_wx_login[1].js.3.dr	String found in binary or memory: https://110.qq.com/ext/login/css/iframe_login_wx.css
Source: jserr538ca4[1].js0.3.dr, jserr41f237[1].js.3.dr	String found in binary or memory: https://badjs.weixinbridge.com/badjs
Source: VX22BC5U.htm.3.dr, moon531a40[1].js.3.dr	String found in binary or memory: https://badjs.weixinbridge.com/badjs?id=
Source: announce[3].htm.3.dr	String found in binary or memory: https://badjs.weixinbridge.com/badjs?id=11&uin=
Source: wx53803f[1].js.3.dr	String found in binary or memory: https://badjs.weixinbridge.com/badjs?id=5&uin=
Source: wx53803f[1].js.3.dr, wx538042[1].js.3.dr	String found in binary or memory: https://badjs.weixinbridge.com/badjs?id=92&level=4&uin=
Source: wx538042[1].js.3.dr, loginpage53b401[1].js.3.dr	String found in binary or memory: https://badjs.weixinbridge.com/badjs?level=4&uin=
Source: moon531a40[1].js.3.dr, badjs51fdff[1].js.3.dr	String found in binary or memory: https://badjs.weixinbridge.com/report
Source: moon531a40[1].js.3.dr, badjs51fdff[1].js.3.dr	String found in binary or memory: https://badjs.weixinbridge.com/report?
Source: {ACFC0C43-6C83-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://developers.wei
Source: announce[3].htm.3.dr	String found in binary or memory: https://developers.weixin.qq.com/community/minihome/question/1277775808983138305#
Source: loginpage53b401[1].js.3.dr	String found in binary or memory: https://developers.weixin.qq.com/community/minihome/question/1277775808983138305?mockCommonUse=1
Source: ~DF9D066DA7F06B588E.TMP.1.dr	String found in binary or memory: https://developers.weixin.qq.com/doc/offiaccount/Getting_Started/Overview.html
Source: ~DF9D066DA7F06B588E.TMP.1.dr	String found in binary or memory: https://developers.weixin.qq.com/doc/offiaccount/Getting_Started/Overview.html11675442mjwVp&version=
Source: VX22BC5U.htm.3.dr	String found in binary or memory: https://developers.weixin.qq.com/minigame/dev/guide/
Source: VX22BC5U.htm.3.dr	String found in binary or memory: https://developers.weixin.qq.com/miniprogram/design/index.html
Source: VX22BC5U.htm.3.dr	String found in binary or memory: https://developers.weixin.qq.com/miniprogram/dev/framework
Source: VX22BC5U.htm.3.dr	String found in binary or memory: https://developers.weixin.qq.com/miniprogram/product/index.html
Source: loginpage53b401[1].js.3.dr	String found in binary or memory: https://github.com/carhartl/jquery-cookie
Source: vue.2.6.10538ca4[1].js.3.dr	String found in binary or memory: https://github.com/vuejs/vue-devtools
Source: qq_wx_login[1].js.3.dr	String found in binary or memory: https://graph.qq.com/oauth2.0/authorize?response_type=code&client_id=
Source: kf_login_tools[1].js.3.dr	String found in binary or memory: https://graph.qq.com/oauth2.0/authorize?response_type=code&client_id=101487640&redirect_uri=
Source: announce[3].htm.3.dr	String found in binary or memory: https://js.aq.qq.com/js/aq_common.js
Source: qq_wx_login[1].js.3.dr, {ACFC0C43-6C83-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://kf.qq.com
Source: kf_login_tools[1].js.3.dr, qq_wx_login[1].js.3.dr, kf_head_v8[1].js.3.dr	String found in binary or memory: https://kf.qq.com/cgi-bin/qqConnectLogin
Source: qq_wx_login[1].js.3.dr	String found in binary or memory: https://kf.qq.com/cgi-bin/qqConnectLogin?jumpurl=
Source: qrconnect[1].htm.3.dr	String found in binary or memory: https://kf.qq.com/cgi-bin/wxloginKFWeb?jumpurl=https%3A%2F%2Fkf.qq.com%2Ffaq%2F120911VrYVrA15091832Q
Source: qrconnect[1].htm.3.dr	String found in binary or memory: https://kf.qq.com/ext/login/css/iframe_login_wx.css
Source: {ACFC0C43-6C83-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://kf.qq.com/faq/
Source: ~DF9D066DA7F06B588E.TMP.1.dr	String found in binary or memory: https://kf.qq.com/faq/120911VrYVrA15091832Qzqq.html?scene_id=kf3384
Source: ~DF9D066DA7F06B588E.TMP.1.dr	String found in binary or memory: https://kf.qq.com/faq/120911VrYVrA15091832Qzqq.html?scene_id=kf3384-1w.html
Source: 120911VrYVrA15091832Qzqq[1].htm.3.dr	String found in binary or memory: https://kf.qq.com/faq/170815aUZjeQ170815mU7bI7.html
Source: imagestore.dat.3.dr	String found in binary or memory: https://kf.qq.com/favicon.ico~
Source: qq_wx_login[1].js.3.dr	String found in binary or memory: https://kf.qq.com/product/zhzh.html
Source: {ACFC0C43-6C83-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://kf.qq.com/touc
Source: ~DF9D066DA7F06B588E.TMP.1.dr, {ACFC0C43-6C83-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://kf.qq.com/touch/scene_faq.html?scene_id=kf3386
Source: ~DF9D066DA7F06B588E.TMP.1.dr	String found in binary or memory: https://kf.qq.com/touch/scene_faq.html?scene_id=kf3386lhttps://kf.qq.com/touch/scene_faq.html?scene_
Source: ~DF9D066DA7F06B588E.TMP.1.dr	String found in binary or memory: https://kf.qq.com/touch/scene_faq.html?scene_id=kf3386uncementlist&lang=zh_CN11675442mjwVp&version=&
Source: qrconnect[1].htm.3.dr	String found in binary or memory: https://long.open.weixin.qq.com
Source: qrconnect[1].htm.3.dr	String found in binary or memory: https://long.open.weixin.qq.com/connect/l/qrconnect?uuid=081umVUa4Pfn0003
Source: qrconnect[1].htm.3.dr	String found in binary or memory: https://lp.open.weixin.qq.com
Source: wx53803f[1].js.3.dr	String found in binary or memory: https://mmbiz.qlogo.cn/
Source: opshowpage[1].htm.3.dr	String found in binary or memory: https://mmbiz.qpic.cn/mmbiz_png/OiaFLUqewuIAaa5ic2UztnhlLVQ9EXibYRibRxicTDEWq9VmoAxaZPj76AG9RJyGsTKR
Source: announce[2].htm.3.dr	String found in binary or memory: https://mmbiz.qpic.cn/mmbiz_png/cVgP5bCElFjhZsZ8OicnQFiczWibVAbiakEAG4coMJC3yTSU8XpFw3aA2IyXINT7PzAb
Source: announce[2].htm.3.dr	String found in binary or memory: https://mmbiz.qpic.cn/mmbiz_png/cVgP5bCElFjhZsZ8OicnQFiczWibVAbiakEAm9rDOeFz9Iq9abg3HUXJEKOwPcygy3dv
Source: opshowpage[1].htm.3.dr	String found in binary or memory: https://mmbiz.qpic.cn/sz_mmbiz_png/3GibxlHsvCQbqFhbF5qOhADvae4ia4kHjAVYEay3icibeczibJqPxnRgw4cnRQoz7
Source: {ACFC0C43-6C83-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://mp.weixin
Source: {ACFC0C43-6C83-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://mp.weixin.qq.c
Source: ~DF9D066DA7F06B588E.TMP.1.dr	String found in binary or memory: https://mp.weixin.qq.com/
Source: {ACFC0C43-6C83-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://mp.weixin.qq.com/Root
Source: ~DF9D066DA7F06B588E.TMP.1.dr, {ACFC0C43-6C83-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://mp.weixin.qq.com/T
Source: ~DF9D066DA7F06B588E.TMP.1.dr	String found in binary or memory: https://mp.weixin.qq.com/UserP-
Source: opshowpage[1].htm.3.dr	String found in binary or memory: https://mp.weixin.qq.com/cgi-bin/announce?action=getannouncement&key=11542120902Tvh1l&versio
Source: opshowpage[1].htm.3.dr	String found in binary or memory: https://mp.weixin.qq.com/cgi-bin/announce?action=getannouncement&key=11544165763bBflv&versio
Source: opshowpage[1].htm.3.dr	String found in binary or memory: https://mp.weixin.qq.com/cgi-bin/announce?action=getannouncement&key=11560253822ci3TK&versio
Source: opshowpage[1].htm.3.dr	String found in binary or memory: https://mp.weixin.qq.com/cgi-bin/announce?action=getannouncement&key=11565151480ZCKVy&versio
Source: opshowpage[1].htm.3.dr	String found in binary or memory: https://mp.weixin.qq.com/cgi-bin/announce?action=getannouncement&key=11589879962TnffN&versio
Source: ~DF9D066DA7F06B588E.TMP.1.dr	String found in binary or memory: https://mp.weixin.qq.com/cgi-bin/announce?action=getannouncement&announce_id=11611675442mjwVp&versio
Source: ~DF9D066DA7F06B588E.TMP.1.dr	String found in binary or memory: https://mp.weixin.qq.com/cgi-bin/announce?action=getannouncement&announce_id=116125152056kgd8&versio
Source: ~DF9D066DA7F06B588E.TMP.1.dr	String found in binary or memory: https://mp.weixin.qq.com/cgi-bin/announce?action=getannouncement&key=1480927113&version=1&lang=zh_CN
Source: readtemplate[1].htm.3.dr	String found in binary or memory: https://mp.weixin.qq.com/cgi-bin/announce?action=getannouncement&key=1503979103&version=1&lang=en_US
Source: {ACFC0C43-6C83-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://mp.weixin.qq.com/cgi-bin/announce?action=getannouncementliRoot
Source: ~DF9D066DA7F06B588E.TMP.1.dr	String found in binary or memory: https://mp.weixin.qq.com/cgi-bin/announce?action=getannouncementlist&lang=zh_CN
Source: ~DF9D066DA7F06B588E.TMP.1.dr	String found in binary or memory: https://mp.weixin.qq.com/cgi-bin/announce?action=getannouncementlist&lang=zh_CN11675442mjwVp&version
Source: {ACFC0C43-6C83-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://mp.weixin.qq.com/cgi-bin/announce?action=getannouncementlist&st&lang=zh_CN
Source: opshowpage[1].htm.3.dr	String found in binary or memory: https://mp.weixin.qq.com/cgi-bin/filepage?type=2&begin=0&count=12&token=570011963&la
Source: opshowpage[1].htm.3.dr	String found in binary or memory: https://mp.weixin.qq.com/cgi-bin/readtemplate?t=business/agreement_pay)
Source: ~DF9D066DA7F06B588E.TMP.1.dr	String found in binary or memory: https://mp.weixin.qq.com/cgi-bin/readtemplate?t=forgetpwd/index_tmpl
Source: ~DF9D066DA7F06B588E.TMP.1.dr	String found in binary or memory: https://mp.weixin.qq.com/cgi-bin/readtemplate?t=forgetpwd/index_tmplBWeChat
Source: ~DF9D066DA7F06B588E.TMP.1.dr	String found in binary or memory: https://mp.weixin.qq.com/cgi-bin/readtemplate?t=forgetpwd/index_tmplCN
Source: ~DF9D066DA7F06B588E.TMP.1.dr	String found in binary or memory: https://mp.weixin.qq.com/cgi-bin/readtemplate?t=forgetpwd/index_tmplCNom/a/wx_fed/assets/res/NTI4MWU
Source: opshowpage[1].htm.3.dr	String found in binary or memory: https://mp.weixin.qq.com/cgi-bin/readtemplate?t=home/agreement_tmpl&type=info&lang=zh_CN)
Source: {ACFC0C43-6C83-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://mp.weixin.qq.com/cgi-bin/registermidpage?Root
Source: ~DF9D066DA7F06B588E.TMP.1.dr	String found in binary or memory: https://mp.weixin.qq.com/cgi-bin/registermidpage?action=index&lang=zh_CN
Source: {ACFC0C43-6C83-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://mp.weixin.qq.com/cgi-bin/registermidpage?p.weixin.qq.com/cgi-bin/registermidpage?action=inde
Source: jserr41f237[1].js.3.dr, wx538042[1].js.3.dr	String found in binary or memory: https://mp.weixin.qq.com/misc/jslog?id=
Source: announce[3].htm.3.dr	String found in binary or memory: https://mp.weixin.qq.com/misc/jslog?id=112&content=
Source: announce[3].htm.3.dr	String found in binary or memory: https://mp.weixin.qq.com/misc/jslog?id=113&content=
Source: wx53803f[1].js.3.dr	String found in binary or memory: https://mp.weixin.qq.com/misc/jslog?id=114&content=tmpl_error
Source: jserr41f237[1].js.3.dr	String found in binary or memory: https://mp.weixin.qq.com/misc/jslog?id=65&content=
Source: ~DF9D066DA7F06B588E.TMP.1.dr	String found in binary or memory: https://mp.weixin.qq.com/mp/opshowpage?action=newoplaw
Source: ~DF9D066DA7F06B588E.TMP.1.dr	String found in binary or memory: https://mp.weixin.qq.com/mp/opshowpage?action=newoplaw#t3-1
Source: ~DF9D066DA7F06B588E.TMP.1.dr	String found in binary or memory: https://mp.weixin.qq.com/mp/opshowpage?action=newoplaw#t3-1zh_CN#t3-1w.html
Source: ~DF9D066DA7F06B588E.TMP.1.dr	String found in binary or memory: https://mp.weixin.qq.com/mp/opshowpage?action=newoplaw&lang=zh_CN
Source: VX22BC5U.htm.3.dr	String found in binary or memory: https://mp.weixin.qq.com/mp/opshowpage?action=newoplaw&lang=zh_CN#t3-1
Source: ~DF9D066DA7F06B588E.TMP.1.dr	String found in binary or memory: https://mp.weixin.qq.com/mp/opshowpage?action=newoplaw&lang=zh_CN#t3-1w.html
Source: announce[1].htm0.3.dr	String found in binary or memory: https://mp.weixin.qq.com/s/Od2KRbTAnXjzeeHeaczdIw">
Source: loginpage53b401[1].js.3.dr	String found in binary or memory: https://mp.weixin.qq.com/webpoc/customerService?type=13
Source: registermidpage[1].htm.3.dr	String found in binary or memory: https://mp.weixin.qq.com/wxopen/waregister?action=step1
Source: {ACFC0C43-6C83-11EB-90EB-ECF4BBEA1588}.dat.1.dr	String found in binary or memory: https://mp.weixinRoot
Source: loginpage53b401[1].js.3.dr	String found in binary or memory: https://mths.be/startswith
Source: loginpage53b401[1].js.3.dr	String found in binary or memory: https://open.weixin.qq.com/
Source: opshowpage[1].htm.3.dr	String found in binary or memory: https://pay.weixin.qq.com/index.php/public/apply_sign/protocol_v2)
Source: opshowpage[1].htm.3.dr	String found in binary or memory: https://qy.weixin.qq.com/cgi-bin/readtemplate?t=standard_op.html)
Source: wx53803f[1].js.3.dr	String found in binary or memory: https://res.wx.qq.com
Source: sea492dc4[1].js.3.dr	String found in binary or memory: https://res.wx.qq.com/
Source: announce[3].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/a/fed_upload/9300e7ac-cec5-4454-b75c-f92260dd5b47/logo-mp.ico
Source: announce[3].htm.3.dr, VX22BC5U.htm.3.dr, readtemplate[1].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/a/wx_fed/assets/res/MjliNWVm.svg
Source: announce[3].htm.3.dr, VX22BC5U.htm.3.dr	String found in binary or memory: https://res.wx.qq.com/a/wx_fed/assets/res/NTI4MWU5.ico
Source: imagestore.dat.3.dr	String found in binary or memory: https://res.wx.qq.com/a/wx_fed/assets/res/NTI4MWU5.ico;
Source: announce[3].htm.3.dr, VX22BC5U.htm.3.dr, readtemplate[1].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/a/wx_fed/assets/res/OTE0YTAw.png
Source: announce[3].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/c/=/mpres/zh_CN/htmledition/js/tpl/pagebar.html492dc0.js
Source: qrconnect[1].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/connect/en_US/htmledition/images/favicon3696b4.ico
Source: qrconnect[1].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/connect/en_US/htmledition/js/jquery.min3696b4.js
Source: qrconnect[1].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/connect/en_US/htmledition/style/impowerApp45a337.css
Source: readtemplate[1].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/en_US/htmledition/comm_htmledition/style/base/base.en_US49d02c.css
Source: readtemplate[1].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/en_US/htmledition/comm_htmledition/style/base/base524735.css
Source: readtemplate[1].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/en_US/htmledition/comm_htmledition/style/base/layout_head4c67b9.css
Source: readtemplate[1].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/en_US/htmledition/comm_htmledition/style/base/lib49d02c.css
Source: readtemplate[1].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/en_US/htmledition/comm_htmledition/style/base/weui-desktop_skin524735.cs
Source: readtemplate[1].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/en_US/htmledition/comm_htmledition/style/page/forgetpwd/index49d02c.css
Source: readtemplate[1].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/en_US/htmledition/js/common/lib492dc4.js
Source: readtemplate[1].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/en_US/htmledition/js/common/wx/mpExtensionReport492dc4.js
Source: readtemplate[1].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/en_US/htmledition/js/common/wx53803f.js
Source: readtemplate[1].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/en_US/htmledition/js/sea492dc4.js
Source: readtemplate[1].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/en_US/htmledition/pages/modules/base/jserr538ca4.js
Source: readtemplate[1].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/en_US/htmledition/pages/modules/common/badjs51fdff.js
Source: readtemplate[1].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/en_US/htmledition/plprecorder/biz_web/ZeroClipboard_new424267.swf
Source: readtemplate[1].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/en_US/htmledition/plprecorder/biz_web/uploadify424267.swf
Source: readtemplate[1].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/en_US/htmledition/plprecorder/biz_web/webuploader424267.swf
Source: readtemplate[1].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/en_US/htmledition/plprecorder/biz_web/zoom424267.swf
Source: announce[3].htm.3.dr, VX22BC5U.htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/htmledition/images/cut-round49d02c.gif
Source: announce[2].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/htmledition/images/favicon49d02c.ico
Source: imagestore.dat.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/htmledition/images/favicon49d02c.ico~
Source: VX22BC5U.htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/htmledition/images/mp_qrcode49d02c.gif
Source: announce[3].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/htmledition/images/pic/common/pic_kf_qrcode49d02c.jpg
Source: readtemplate[1].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/htmledition/images/pic/pwd/icon_forgetpwd_account49d02c.png
Source: readtemplate[1].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/htmledition/images/pic/pwd/icon_forgetpwd_pwd49d02c.png
Source: announce[2].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/htmledition/images/pic/share49d02c.png
Source: VX22BC5U.htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition//3rd/vue/vue.2.6.10538ca4.js
Source: announce[3].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/comm_htmledition/style/base/base524733.css
Source: announce[3].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/comm_htmledition/style/base/layout_head4c67b6.css
Source: announce[3].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/comm_htmledition/style/base/lib49d030.css
Source: announce[3].htm.3.dr, announce[2].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/comm_htmledition/style/base/weui-desktop_skin524733.cs
Source: announce[2].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/comm_htmledition/style/page/page_announcement4c67b6.cs
Source: filepage[1].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/comm_htmledition/style/page/page_error49d030.css
Source: VX22BC5U.htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/comm_htmledition/style/page/page_login4d6140.css
Source: announce[3].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/comm_htmledition/style/page/page_news_list49d030.css
Source: announce[1].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/comm_htmledition/style/page/page_protocol4daee3.css
Source: registermidpage[1].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/comm_htmledition/style/page/register/account_type49d03
Source: announce[3].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/js/common/lib492dc0.js
Source: announce[2].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/js/common/wx/jserr41f237.js
Source: announce[3].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/js/common/wx/mpExtensionReport492dc0.js
Source: announce[3].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/js/common/wx538042.js
Source: announce[3].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/js/sea492dc0.js
Source: VX22BC5U.htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/pages/login/loginpage/images/default_qrcode_2x4b3e56.p
Source: VX22BC5U.htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/pages/login/loginpage/loginpage53b394.css
Source: VX22BC5U.htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/pages/login/loginpage/loginpage53b401.js
Source: VX22BC5U.htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/pages/login/loginpage/style/loginpage4daeaf.css
Source: VX22BC5U.htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/pages/login/loginscan/loginscan53b394.css
Source: announce[3].htm.3.dr, VX22BC5U.htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/pages/modules/base/jserr538ca4.js
Source: announce[3].htm.3.dr, VX22BC5U.htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/pages/modules/common/badjs538ca4.js
Source: announce[3].htm.3.dr, VX22BC5U.htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/plprecorder/biz_web/ZeroClipboard_new3a7b38.swf
Source: V31QAJ8G.htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/plprecorder/biz_web/audiojs.swf
Source: VX22BC5U.htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/plprecorder/biz_web/audiojs3a7b38.swf
Source: announce[3].htm.3.dr, VX22BC5U.htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/plprecorder/biz_web/uploadify3a7b38.swf
Source: announce[3].htm.3.dr, VX22BC5U.htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/plprecorder/biz_web/webuploader3a7b38.swf
Source: announce[3].htm.3.dr, VX22BC5U.htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/plprecorder/biz_web/zoom3a7b38.swf
Source: VX22BC5U.htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/weui-desktopSkin-common/svg/default/account-logout538c
Source: VX22BC5U.htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/weui-desktopSkin-common/svg/default/account-setting538
Source: VX22BC5U.htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/weui-desktopSkin-common/svg/default/account-user538ca4
Source: VX22BC5U.htm.3.dr	String found in binary or memory: https://res.wx.qq.com/mpres/zh_CN/htmledition/weui-desktopSkin-common/svg/default/account-wxverify53
Source: opshowpage[1].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/op_res/-BoLzbFMWaIrntk_TkoJpxw4GCqzVZNw5R90GxnvJgRA9lEfEFILq7pOHtm2jAXh"
Source: opshowpage[1].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/op_res/2EwGUTQNhAWGoAAmi6lnBjBLGLW1HcIY_ImTI6m7rJdcXuXXqfBHcuuzXVbgu111"
Source: opshowpage[1].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/op_res/7Vyht0afDn4LqlNePXYwajA7Fefo4QYjj0T43crTZxf4NPIxNISHTGaezdc_wLBh"
Source: opshowpage[1].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/op_res/Jop-OVwQGtgt-UsOOsV7c_fNxz2nL-5NB56gnfVbDgkw7tKHt_fw3-NNjtQu1Nuh"
Source: opshowpage[1].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/op_res/OFNCMaL1i7ui6VfWXkStMe6S2W7PnTz7w8a3kiidN2nCia1STIKu6Yyedj6Ej10O"
Source: opshowpage[1].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/op_res/OjwSIfop8TB75T4BmjCGygBvQpplHMiQBboVtE4SszVJtABt169leU0Vfb7Df9-8"
Source: opshowpage[1].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/op_res/P9ZREIJ7lQGS-V4v_uXBInG4ZgyR2RRlxhLmz3BGyI9PVs7yIKnLmBc9Y2mAJtXn"
Source: opshowpage[1].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/op_res/Pokqf5zeFn166dulcAnIlZ7y2SmCMTbeLT8vCG9sHSy-Xa5HPKqcK7wqumtvPDJD"
Source: opshowpage[1].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/op_res/UUXSZ9IsDdPgJoirv86m4I1aFnLkhDYYDVA8SwUCrS0jnCq77rJwPXNFS-N8tLEJ"
Source: opshowpage[1].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/op_res/WL6ARo8kHqZupTpSRjHStUTUMEos6nu22Wghy81YRkMzwytVgtExZxW9WWX4yncS"
Source: opshowpage[1].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/op_res/bsv6bJb_SmltBbPFIFUc3E7P_x86FaYHDwXnsmciFmCIEebennQGmyp8p7GtFkam"
Source: opshowpage[1].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/op_res/c33yinftKNE-lVzqSzF8Yhvnt5CXZlAfB8rXKr2xhE2AUphjHUb3ONRhQWGHiKAF"
Source: opshowpage[1].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/op_res/fPHfdvcDUZ-s6ZDMwZgQ1YBjqVkP3AQcycpppDNippZvfnmnV2Fkp8mU_FJQOG-x"
Source: opshowpage[1].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/op_res/hfAHTBMm_3llblfuh0qpObg7vk2dygWV79pTi815Acym2UZVV4NrkQLaov45hzfd"
Source: opshowpage[1].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/op_res/jCojRetXqnwvtIc1V6YO3p64SMjpP11OEifqkk5g4xh-8DnZ_7vbyMKzBLrNHpGo"
Source: loginpage53b401[1].js.3.dr	String found in binary or memory: https://res.wx.qq.com/op_res/psywC48kJmEgVoYSeDY-cthGNxT7S4a3Nn37zBOd4jarzGtle_UyIu-0aDZmW_BF
Source: opshowpage[1].htm.3.dr	String found in binary or memory: https://res.wx.qq.com/op_res/sW_boqEmX0baFRnmOKb7rE_qXrOZcZ1R6iOrSxNfBnncWu5_Lk69mCphtHh30nWG"
Source: qr4b3e56[1].svg.3.dr	String found in binary or memory: https://sketch.com
Source: loginpage53b401[1].js.3.dr	String found in binary or memory: https://user-images.githubusercontent.com/4378939/96119407-8550cd00-0f1f-11eb-937c-632cabd8aaa8.png
Source: vue.2.6.10538ca4[1].js.3.dr	String found in binary or memory: https://vuejs.org/guide/deployment.html
Source: vue.2.6.10538ca4[1].js.3.dr	String found in binary or memory: https://vuejs.org/guide/list.html#key
Source: vue.2.6.10538ca4[1].js.3.dr	String found in binary or memory: https://vuejs.org/v2/api/#data
Source: vue.2.6.10538ca4[1].js.3.dr	String found in binary or memory: https://vuejs.org/v2/guide/components.html#data-Must-Be-a-Function
Source: vue.2.6.10538ca4[1].js.3.dr	String found in binary or memory: https://vuejs.org/v2/guide/reactivity.html#Declaring-Reactive-Properties.
Source: VX22BC5U.htm.3.dr	String found in binary or memory: https://work.weixin.qq.com/?from=mp_home
Source: registermidpage[1].htm.3.dr	String found in binary or memory: https://work.weixin.qq.com/nl/sem/registe?from=mp_register_select&type=1
Source: loginpage53b401[1].js.3.dr	String found in binary or memory: https://work.weixin.qq.com/wework_admin/loginpage_wx?from=mp
Source: 120911VrYVrA15091832Qzqq[1].htm.3.dr	String found in binary or memory: https://www.tencent.com/en-us/index.html
Source: 120911VrYVrA15091832Qzqq[1].htm.3.dr	String found in binary or memory: https://www.tencent.com/zh-cn/index.html
Source: opshowpage[1].htm.3.dr	String found in binary or memory: https://wxa.wxs.qq.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789

Source: unknown	HTTPS traffic detected: 203.205.232.110:443 -> 192.168.2.4:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 203.205.232.110:443 -> 192.168.2.4:49735 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.109.206.154:443 -> 192.168.2.4:49737 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.109.206.154:443 -> 192.168.2.4:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.109.206.154:443 -> 192.168.2.4:49738 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.109.206.154:443 -> 192.168.2.4:49736 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.109.206.154:443 -> 192.168.2.4:49744 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 211.152.136.121:443 -> 192.168.2.4:49775 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 211.152.136.121:443 -> 192.168.2.4:49776 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 203.205.235.37:443 -> 192.168.2.4:49783 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.109.206.154:443 -> 192.168.2.4:49788 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.109.206.154:443 -> 192.168.2.4:49789 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.109.206.154:443 -> 192.168.2.4:49792 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.109.206.154:443 -> 192.168.2.4:49790 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 150.109.206.154:443 -> 192.168.2.4:49791 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 203.205.235.37:443 -> 192.168.2.4:49815 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 203.205.235.37:443 -> 192.168.2.4:49819 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 203.205.235.37:443 -> 192.168.2.4:49820 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 203.205.235.37:443 -> 192.168.2.4:49828 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 203.205.235.37:443 -> 192.168.2.4:49832 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 203.205.235.37:443 -> 192.168.2.4:49831 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 203.205.232.110:443 -> 192.168.2.4:49835 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 203.205.232.110:443 -> 192.168.2.4:49834 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 203.205.235.60:443 -> 192.168.2.4:49838 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 203.205.234.140:443 -> 192.168.2.4:49839 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 203.205.234.140:443 -> 192.168.2.4:49840 version: TLS 1.2

System Summary:

Source: sW_boqEmX0baFRnmOKb7rE_qXrOZcZ1R6iOrSxNfBnncWu5_Lk69mCphtHh30nWG[1].png.3.dr

Binary or memory string: .Vbp

Source: classification engine

Classification label: clean0.win@3/183@13/8

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{ACFC0C41-6C83-11EB-90EB-ECF4BBEA1588}.dat

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File created: C:\Users\user\AppData\Local\Temp\~DF5A8707359EE8E870.TMP

Jump to behavior

Source: C:\Program Files\internet explorer\iexplore.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: unknown	Process created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknown	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6724 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exe	Process created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:6724 CREDAT:17410 /prefetch:2	Jump to behavior

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Windows\SysWOW64\Macromed\Flash\ss.cfg

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files (x86)\Internet Explorer\iexplore.exe

File opened: C:\Program Files (x86)\Java\jre1.8.0_211\bin\msvcr100.dll

Jump to behavior

Malware Analysis System Evasion:

Source: jCojRetXqnwvtIc1V6YO3p64SMjpP11OEifqkk5g4xh-8DnZ_7vbyMKzBLrNHpGo[1].jpg.3.dr

Binary or memory string: -SQemU

ID:	352052
Product:	CloudBasic
Start time:	17:09:49
Start date:	11.02.2021
Cookbook:	browseurl.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS

Analysis Report https://mp.weixin.qq.com

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance:

Networking:

System Summary:

Malware Analysis System Evasion:

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs