File name:

com.jf.lkrj_yybinstaller_7ad071edd32a3971.exe

Full analysis: https://app.any.run/tasks/52f7f9dd-d941-4127-ab69-5dbfaf5948ba
Verdict: Malicious activity
Analysis date: February 23, 2026, 09:57:13
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
antivm
teamviewer
anti-evasion
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32+ executable (GUI) x86-64, for MS Windows, 8 sections
MD5:

B4BD6A06886DF1306D709D2FA69CF226

SHA1:

38DF70CA0F18DDE752652FAB71363080DB873E1E

SHA256:

3EF376716C0E6C9552F8C83BD226150A35E6BE0C5B2D490262F76C7C1CE30B8C

SSDEEP:

98304:401k5GTjWeX4vezDECi+F6ZMalgsvuEuW2Yu9wB+yKsGTCHO/vZZSuNa+o3VnqjV:yg5ik

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Registers / Runs the DLL via REGSVR32.EXE

      • Setup.exe (PID: 1932)

    • Proxy execution via Explorer

      • AndrowsStore.exe (PID: 8504)

  • SUSPICIOUS

    • There is functionality for VM detection VMWare (YARA)

      • com.jf.lkrj_yybinstaller_7ad071edd32a3971.exe (PID: 5204)
      • AndrowsStore.exe (PID: 8504)

    • There is functionality for VM detection VirtualBox (YARA)

      • com.jf.lkrj_yybinstaller_7ad071edd32a3971.exe (PID: 5204)
      • Setup.exe (PID: 1932)
      • AndrowsStore.exe (PID: 8504)

    • The process verifies whether the antivirus software is installed

      • com.jf.lkrj_yybinstaller_7ad071edd32a3971.exe (PID: 5204)
      • Setup.exe (PID: 1932)
      • crashpad_handler.exe (PID: 8608)
      • opengl_checker.exe (PID: 8448)
      • AndrowsAssistant.exe (PID: 3508)
      • crashpad_handler.exe (PID: 3644)
      • AndrowsAssistant.exe (PID: 6236)
      • AndrowsAssistant.exe (PID: 7508)
      • regsvr32.exe (PID: 7304)
      • AndrowsSvr.exe (PID: 5892)
      • crashpad_handler.exe (PID: 3212)
      • regsvr32.exe (PID: 8028)
      • AndrowsLauncher.exe (PID: 1984)
      • crashpad_handler.exe (PID: 7712)
      • AndrowsAssistant.exe (PID: 2096)
      • AndrowsStore.exe (PID: 8504)
      • crashpad_handler.exe (PID: 6992)
      • AndrowsDlSvr.exe (PID: 5308)
      • AndrowsAssistant.exe (PID: 7240)
      • CefRendererProcess.exe (PID: 6692)
      • CefRendererProcess.exe (PID: 4368)
      • CefRendererProcess.exe (PID: 8916)
      • CefRendererProcess.exe (PID: 8876)
      • AndrowsAssistant.exe (PID: 5468)
      • opengl_checker.exe (PID: 1188)
      • CefRendererProcess.exe (PID: 4220)
      • CefRendererProcess.exe (PID: 5788)
      • CefRendererProcess.exe (PID: 5220)
      • CefRendererProcess.exe (PID: 7844)
      • AndrowsAssistant.exe (PID: 8332)
      • AndrowsAssistant.exe (PID: 8024)
      • AndrowsAssistant.exe (PID: 1844)
      • AndrowsAssistant.exe (PID: 3304)
      • AndrowsAssistant.exe (PID: 2228)
      • AndrowsAssistant.exe (PID: 4756)
      • CefRendererProcess.exe (PID: 6920)
      • AndrowsAssistant.exe (PID: 7028)
      • Setup.exe (PID: 3036)
      • crashpad_handler.exe (PID: 1352)
      • AndrowsAssistant.exe (PID: 2448)
      • AndrowsLauncher.exe (PID: 8108)
      • AndrowsAssistantToast.exe (PID: 8652)
      • AndrowsAssistant.exe (PID: 5788)
      • dxdiag.exe (PID: 8996)
      • AndrowsAssistant.exe (PID: 6792)
      • AndrowsAssistant.exe (PID: 6212)
      • AndrowsAssistant.exe (PID: 8608)
      • AndrowsAssistant.exe (PID: 5804)
      • 9ae9269a74ecebf1ae12679a3a3b0165_0__4.1.7_1769680500.exe (PID: 8480)
      • AndrowsAssistant.exe (PID: 4784)
      • explorer.exe (PID: 4140)
      • Weixin.exe (PID: 3988)
      • crashpad_handler.exe (PID: 4064)
      • explorer.exe (PID: 7100)

    • Executable content was dropped or overwritten

      • com.jf.lkrj_yybinstaller_7ad071edd32a3971.exe (PID: 5204)
      • Setup.exe (PID: 1932)
      • AndrowsStore.exe (PID: 8504)
      • Setup.exe (PID: 3036)
      • 9ae9269a74ecebf1ae12679a3a3b0165_0__4.1.7_1769680500.exe (PID: 8480)
      • Weixin.exe (PID: 3988)

    • Drops 7-zip archiver for unpacking

      • com.jf.lkrj_yybinstaller_7ad071edd32a3971.exe (PID: 5204)
      • Setup.exe (PID: 1932)
      • 9ae9269a74ecebf1ae12679a3a3b0165_0__4.1.7_1769680500.exe (PID: 8480)

    • Reads the date of Windows installation

      • com.jf.lkrj_yybinstaller_7ad071edd32a3971.exe (PID: 5204)
      • Setup.exe (PID: 1932)
      • AndrowsAssistant.exe (PID: 3508)
      • AndrowsSvr.exe (PID: 5892)
      • AndrowsLauncher.exe (PID: 1984)
      • AndrowsStore.exe (PID: 8504)
      • AndrowsLauncher.exe (PID: 8108)
      • AndrowsAssistant.exe (PID: 8332)
      • Weixin.exe (PID: 3988)

    • Drops a system driver (possible attempt to evade defenses)

      • com.jf.lkrj_yybinstaller_7ad071edd32a3971.exe (PID: 5204)
      • Setup.exe (PID: 1932)

    • The process drops C-runtime libraries

      • com.jf.lkrj_yybinstaller_7ad071edd32a3971.exe (PID: 5204)
      • Setup.exe (PID: 1932)
      • AndrowsStore.exe (PID: 8504)

    • Creates file in the systems drive root

      • Setup.exe (PID: 1932)
      • AndrowsSvr.exe (PID: 5892)
      • AndrowsStore.exe (PID: 8504)

    • Named pipe usage

      • crashpad_handler.exe (PID: 8608)
      • crashpad_handler.exe (PID: 3644)
      • crashpad_handler.exe (PID: 7712)
      • crashpad_handler.exe (PID: 6992)
      • crashpad_handler.exe (PID: 1352)

    • Reads the BIOS version

      • Setup.exe (PID: 1932)
      • Weixin.exe (PID: 3988)

    • The process checks if it is being run in the virtual environment

      • Setup.exe (PID: 1932)
      • AndrowsSvr.exe (PID: 5892)
      • AndrowsStore.exe (PID: 8504)

    • Executes as Windows Service

      • AndrowsSvr.exe (PID: 5892)

    • Creates files in the driver directory

      • Setup.exe (PID: 1932)

    • Creates or modifies Windows services

      • Setup.exe (PID: 1932)

    • Windows service management via SC.EXE

      • sc.exe (PID: 7916)

    • Creates/Modifies COM task schedule object

      • regsvr32.exe (PID: 8028)
      • dxdiag.exe (PID: 8996)

    • Starts SC.EXE for service management

      • cmd.exe (PID: 1400)

    • Searches for installed software

      • AndrowsStore.exe (PID: 8504)

    • Application launched itself

      • AndrowsAssistant.exe (PID: 8332)
      • WeChatAppEx.exe (PID: 2992)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • 9ae9269a74ecebf1ae12679a3a3b0165_0__4.1.7_1769680500.exe (PID: 8480)

    • The process creates files with name similar to system file names

      • 9ae9269a74ecebf1ae12679a3a3b0165_0__4.1.7_1769680500.exe (PID: 8480)

    • Explorer used for Indirect Command Execution

      • explorer.exe (PID: 7100)

  • INFO

    • Checks supported languages

      • com.jf.lkrj_yybinstaller_7ad071edd32a3971.exe (PID: 5204)
      • crashpad_handler.exe (PID: 8608)
      • Setup.exe (PID: 1932)
      • AndrowsAssistant.exe (PID: 3508)
      • crashpad_handler.exe (PID: 3644)
      • opengl_checker.exe (PID: 8448)
      • AndrowsAssistant.exe (PID: 6236)
      • AndrowsAssistant.exe (PID: 7508)
      • AndrowsSvr.exe (PID: 5892)
      • crashpad_handler.exe (PID: 3212)
      • dokanctl.exe (PID: 5448)
      • AndrowsAssistant.exe (PID: 2096)
      • AndrowsLauncher.exe (PID: 1984)
      • crashpad_handler.exe (PID: 7712)
      • AndrowsStore.exe (PID: 8504)
      • crashpad_handler.exe (PID: 6992)
      • AndrowsDlSvr.exe (PID: 5308)
      • AndrowsAssistant.exe (PID: 7240)
      • CefRendererProcess.exe (PID: 6692)
      • CefRendererProcess.exe (PID: 8916)
      • CefRendererProcess.exe (PID: 4368)
      • AndrowsAssistant.exe (PID: 5468)
      • CefRendererProcess.exe (PID: 8876)
      • CefRendererProcess.exe (PID: 4220)
      • CefRendererProcess.exe (PID: 7844)
      • CefRendererProcess.exe (PID: 5788)
      • CefRendererProcess.exe (PID: 5220)
      • opengl_checker.exe (PID: 1188)
      • AndrowsAssistant.exe (PID: 8024)
      • AndrowsAssistant.exe (PID: 8332)
      • AndrowsAssistant.exe (PID: 1844)
      • AndrowsAssistant.exe (PID: 3304)
      • AndrowsAssistant.exe (PID: 4756)
      • CefRendererProcess.exe (PID: 6920)
      • AndrowsAssistant.exe (PID: 7028)
      • AndrowsAssistant.exe (PID: 2228)
      • Setup.exe (PID: 3036)
      • AndrowsAssistant.exe (PID: 5788)
      • AndrowsAssistant.exe (PID: 2448)
      • AndrowsLauncher.exe (PID: 8108)
      • crashpad_handler.exe (PID: 1352)
      • AndrowsAssistantToast.exe (PID: 8652)
      • AndrowsAssistant.exe (PID: 6792)
      • AndrowsAssistant.exe (PID: 8608)
      • AndrowsAssistant.exe (PID: 6212)
      • AndrowsAssistant.exe (PID: 5804)
      • AndrowsAssistant.exe (PID: 4784)
      • 9ae9269a74ecebf1ae12679a3a3b0165_0__4.1.7_1769680500.exe (PID: 8480)
      • Weixin.exe (PID: 3988)
      • crashpad_handler.exe (PID: 4064)
      • WeChatAppEx.exe (PID: 2992)
      • WeChatAppEx.exe (PID: 2232)
      • WeChatAppEx.exe (PID: 9092)

    • Creates files or folders in the user directory

      • com.jf.lkrj_yybinstaller_7ad071edd32a3971.exe (PID: 5204)
      • Setup.exe (PID: 1932)
      • AndrowsSvr.exe (PID: 5892)
      • AndrowsStore.exe (PID: 8504)
      • CefRendererProcess.exe (PID: 8916)
      • dxdiag.exe (PID: 8996)
      • crashpad_handler.exe (PID: 4064)
      • Weixin.exe (PID: 3988)
      • 9ae9269a74ecebf1ae12679a3a3b0165_0__4.1.7_1769680500.exe (PID: 8480)
      • WeChatAppEx.exe (PID: 2992)
      • WeChatAppEx.exe (PID: 2232)

    • Reads the computer name

      • com.jf.lkrj_yybinstaller_7ad071edd32a3971.exe (PID: 5204)
      • Setup.exe (PID: 1932)
      • crashpad_handler.exe (PID: 8608)
      • AndrowsAssistant.exe (PID: 3508)
      • crashpad_handler.exe (PID: 3644)
      • AndrowsAssistant.exe (PID: 6236)
      • opengl_checker.exe (PID: 8448)
      • AndrowsAssistant.exe (PID: 7508)
      • AndrowsSvr.exe (PID: 5892)
      • crashpad_handler.exe (PID: 3212)
      • dokanctl.exe (PID: 5448)
      • AndrowsLauncher.exe (PID: 1984)
      • crashpad_handler.exe (PID: 7712)
      • AndrowsAssistant.exe (PID: 2096)
      • AndrowsStore.exe (PID: 8504)
      • crashpad_handler.exe (PID: 6992)
      • AndrowsAssistant.exe (PID: 7240)
      • AndrowsDlSvr.exe (PID: 5308)
      • CefRendererProcess.exe (PID: 4368)
      • CefRendererProcess.exe (PID: 8916)
      • AndrowsAssistant.exe (PID: 5468)
      • CefRendererProcess.exe (PID: 4220)
      • CefRendererProcess.exe (PID: 5788)
      • opengl_checker.exe (PID: 1188)
      • AndrowsAssistant.exe (PID: 8332)
      • AndrowsAssistant.exe (PID: 8024)
      • AndrowsAssistant.exe (PID: 1844)
      • AndrowsAssistant.exe (PID: 7028)
      • AndrowsAssistant.exe (PID: 4756)
      • CefRendererProcess.exe (PID: 6920)
      • AndrowsAssistant.exe (PID: 3304)
      • AndrowsAssistant.exe (PID: 2228)
      • Setup.exe (PID: 3036)
      • AndrowsAssistant.exe (PID: 5788)
      • AndrowsAssistant.exe (PID: 2448)
      • AndrowsLauncher.exe (PID: 8108)
      • crashpad_handler.exe (PID: 1352)
      • AndrowsAssistantToast.exe (PID: 8652)
      • AndrowsAssistant.exe (PID: 6212)
      • AndrowsAssistant.exe (PID: 8608)
      • AndrowsAssistant.exe (PID: 5804)
      • AndrowsAssistant.exe (PID: 4784)
      • AndrowsAssistant.exe (PID: 6792)
      • 9ae9269a74ecebf1ae12679a3a3b0165_0__4.1.7_1769680500.exe (PID: 8480)
      • Weixin.exe (PID: 3988)
      • WeChatAppEx.exe (PID: 2992)
      • WeChatAppEx.exe (PID: 2232)
      • WeChatAppEx.exe (PID: 9092)

    • Create files in a temporary directory

      • com.jf.lkrj_yybinstaller_7ad071edd32a3971.exe (PID: 5204)
      • AndrowsAssistant.exe (PID: 6236)
      • crashpad_handler.exe (PID: 8608)
      • AndrowsLauncher.exe (PID: 1984)
      • AndrowsStore.exe (PID: 8504)
      • AndrowsAssistantToast.exe (PID: 8652)
      • dxdiag.exe (PID: 8996)
      • 9ae9269a74ecebf1ae12679a3a3b0165_0__4.1.7_1769680500.exe (PID: 8480)

    • The sample compiled with english language support

      • com.jf.lkrj_yybinstaller_7ad071edd32a3971.exe (PID: 5204)
      • Setup.exe (PID: 1932)
      • AndrowsStore.exe (PID: 8504)
      • Setup.exe (PID: 3036)
      • 9ae9269a74ecebf1ae12679a3a3b0165_0__4.1.7_1769680500.exe (PID: 8480)
      • Weixin.exe (PID: 3988)

    • There is functionality for taking screenshot (YARA)

      • com.jf.lkrj_yybinstaller_7ad071edd32a3971.exe (PID: 5204)
      • Setup.exe (PID: 1932)
      • AndrowsSvr.exe (PID: 5892)
      • AndrowsStore.exe (PID: 8504)

    • Creates files in the program directory

      • com.jf.lkrj_yybinstaller_7ad071edd32a3971.exe (PID: 5204)
      • Setup.exe (PID: 1932)
      • AndrowsAssistant.exe (PID: 3508)
      • AndrowsSvr.exe (PID: 5892)
      • crashpad_handler.exe (PID: 3212)
      • AndrowsAssistant.exe (PID: 2096)
      • AndrowsStore.exe (PID: 8504)
      • AndrowsDlSvr.exe (PID: 5308)
      • AndrowsAssistant.exe (PID: 8332)
      • Setup.exe (PID: 3036)
      • AndrowsAssistantToast.exe (PID: 8652)
      • AndrowsAssistant.exe (PID: 6792)
      • 9ae9269a74ecebf1ae12679a3a3b0165_0__4.1.7_1769680500.exe (PID: 8480)

    • Reads the machine GUID from the registry

      • com.jf.lkrj_yybinstaller_7ad071edd32a3971.exe (PID: 5204)
      • crashpad_handler.exe (PID: 8608)
      • Setup.exe (PID: 1932)
      • AndrowsAssistant.exe (PID: 3508)
      • crashpad_handler.exe (PID: 3644)
      • AndrowsSvr.exe (PID: 5892)
      • crashpad_handler.exe (PID: 3212)
      • crashpad_handler.exe (PID: 7712)
      • AndrowsStore.exe (PID: 8504)
      • crashpad_handler.exe (PID: 6992)
      • AndrowsDlSvr.exe (PID: 5308)
      • AndrowsAssistant.exe (PID: 8332)
      • AndrowsAssistant.exe (PID: 1844)
      • AndrowsAssistant.exe (PID: 8024)
      • Setup.exe (PID: 3036)
      • crashpad_handler.exe (PID: 1352)
      • AndrowsAssistantToast.exe (PID: 8652)
      • AndrowsAssistant.exe (PID: 6792)
      • Weixin.exe (PID: 3988)
      • WeChatAppEx.exe (PID: 2232)
      • WeChatAppEx.exe (PID: 2992)

    • Process checks computer location settings

      • com.jf.lkrj_yybinstaller_7ad071edd32a3971.exe (PID: 5204)
      • Setup.exe (PID: 1932)
      • AndrowsAssistant.exe (PID: 3508)
      • AndrowsLauncher.exe (PID: 1984)
      • AndrowsStore.exe (PID: 8504)
      • CefRendererProcess.exe (PID: 6692)
      • CefRendererProcess.exe (PID: 7844)
      • CefRendererProcess.exe (PID: 8876)
      • AndrowsLauncher.exe (PID: 8108)
      • AndrowsAssistant.exe (PID: 8332)
      • WeChatAppEx.exe (PID: 2992)

    • Drops script file

      • com.jf.lkrj_yybinstaller_7ad071edd32a3971.exe (PID: 5204)
      • Setup.exe (PID: 1932)
      • AndrowsStore.exe (PID: 8504)
      • 9ae9269a74ecebf1ae12679a3a3b0165_0__4.1.7_1769680500.exe (PID: 8480)
      • Weixin.exe (PID: 3988)

    • Reads security settings of Internet Explorer

      • com.jf.lkrj_yybinstaller_7ad071edd32a3971.exe (PID: 5204)
      • Setup.exe (PID: 1932)
      • AndrowsAssistant.exe (PID: 3508)
      • AndrowsSvr.exe (PID: 5892)
      • AndrowsLauncher.exe (PID: 1984)
      • AndrowsStore.exe (PID: 8504)
      • AndrowsLauncher.exe (PID: 8108)
      • dxdiag.exe (PID: 8996)
      • AndrowsAssistant.exe (PID: 8332)
      • explorer.exe (PID: 4140)
      • WeChatAppEx.exe (PID: 2232)
      • WeChatAppEx.exe (PID: 2992)

    • The sample compiled with chinese language support

      • com.jf.lkrj_yybinstaller_7ad071edd32a3971.exe (PID: 5204)
      • Setup.exe (PID: 1932)
      • AndrowsStore.exe (PID: 8504)
      • Setup.exe (PID: 3036)
      • 9ae9269a74ecebf1ae12679a3a3b0165_0__4.1.7_1769680500.exe (PID: 8480)
      • Weixin.exe (PID: 3988)

    • Reads Environment values

      • Setup.exe (PID: 1932)
      • AndrowsSvr.exe (PID: 5892)
      • AndrowsStore.exe (PID: 8504)

    • Reads Windows Product ID

      • Setup.exe (PID: 1932)

    • Reads product name

      • Setup.exe (PID: 1932)
      • AndrowsSvr.exe (PID: 5892)
      • AndrowsStore.exe (PID: 8504)

    • Checks proxy server information

      • Setup.exe (PID: 1932)
      • AndrowsSvr.exe (PID: 5892)
      • AndrowsStore.exe (PID: 8504)
      • AndrowsAssistant.exe (PID: 8332)
      • AndrowsAssistant.exe (PID: 8024)
      • AndrowsAssistant.exe (PID: 1844)
      • slui.exe (PID: 6664)
      • WeChatAppEx.exe (PID: 2992)
      • WeChatAppEx.exe (PID: 2232)

    • TeamViewer related mutex has been found

      • Setup.exe (PID: 1932)
      • AndrowsSvr.exe (PID: 5892)
      • AndrowsStore.exe (PID: 8504)

    • Creates a software uninstall entry

      • com.jf.lkrj_yybinstaller_7ad071edd32a3971.exe (PID: 5204)
      • 9ae9269a74ecebf1ae12679a3a3b0165_0__4.1.7_1769680500.exe (PID: 8480)

    • Reads the time zone

      • AndrowsStore.exe (PID: 8504)

    • Reads CPU info

      • AndrowsStore.exe (PID: 8504)
      • Weixin.exe (PID: 3988)
      • WeChatAppEx.exe (PID: 2992)
      • WeChatAppEx.exe (PID: 9092)
      • WeChatAppEx.exe (PID: 2232)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Generic Win/DOS Executable (50)
.exe | DOS Executable Generic (49.9)

EXIF

EXE

MachineType: AMD AMD64
TimeStamp: 2026:01:29 17:05:47+00:00
ImageFileCharacteristics: Executable, Large address aware
PEType: PE32+
LinkerVersion: 14.29
CodeSize: 4135936
InitializedDataSize: 3642880
UninitializedDataSize: -
EntryPoint: 0x3999e8
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 3.0.3.7
ProductVersionNumber: 3.0.3.7
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
CompanyName: Tencent
FileDescription: 腾讯应用宝移动应用引擎
FileVersion: 3.0.3.7
LegalCopyright: Copyright (C) 2022 Tencent. All Rights Reserved.
InternalName: Androws
ProductName: Androws
ProductVersion: 3.0.3.7
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
222
Monitored processes
67
Malicious processes
4
Suspicious processes
7

Behavior graph

Click at the process to see the details
start com.jf.lkrj_yybinstaller_7ad071edd32a3971.exe setup.exe crashpad_handler.exe slui.exe androwsassistant.exe crashpad_handler.exe opengl_checker.exe no specs conhost.exe no specs androwsassistant.exe no specs androwsassistant.exe no specs regsvr32.exe no specs androwssvr.exe crashpad_handler.exe dokanctl.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs regsvr32.exe no specs sc.exe no specs androwslauncher.exe no specs crashpad_handler.exe androwsassistant.exe no specs androwsstore.exe crashpad_handler.exe androwsdlsvr.exe androwsassistant.exe no specs conhost.exe no specs cefrendererprocess.exe cefrendererprocess.exe cefrendererprocess.exe androwsassistant.exe no specs cefrendererprocess.exe cefrendererprocess.exe cefrendererprocess.exe cefrendererprocess.exe cefrendererprocess.exe opengl_checker.exe no specs conhost.exe no specs androwsassistant.exe androwsassistant.exe androwsassistant.exe androwsassistant.exe no specs androwsassistant.exe no specs androwsassistant.exe no specs androwsassistant.exe no specs cefrendererprocess.exe setup.exe androwsassistant.exe no specs androwsassistant.exe no specs androwslauncher.exe no specs crashpad_handler.exe androwsassistanttoast.exe dxdiag.exe no specs androwsassistant.exe androwsassistant.exe no specs androwsassistant.exe no specs androwsassistant.exe no specs androwsassistant.exe no specs 9ae9269a74ecebf1ae12679a3a3b0165_0__4.1.7_1769680500.exe explorer.exe no specs explorer.exe no specs weixin.exe crashpad_handler.exe no specs wechatappex.exe wechatappex.exe wechatappex.exe no specs com.jf.lkrj_yybinstaller_7ad071edd32a3971.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1188"C:\Program Files\Tencent\Androws\Application\5.10.5200.4987\opengl_checker.exe" C:\Program Files\Tencent\Androws\Application\5.10.5200.4987\opengl_checker.exeAndrowsStore.exe
User:
admin
Integrity Level:
HIGH
Exit code:
1
Modules
Images
c:\program files\tencent\androws\application\5.10.5200.4987\opengl_checker.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
1352"C:\Program Files\Tencent\Androws\Application\5.10.5200.4987\crashpad_handler.exe" --no-rate-limit --database=C:\Users\admin\AppData\Local\Temp\Tencent\Androws\ --metrics-dir=C:\Users\admin\AppData\Local\Temp\Tencent\Androws\ --annotation=account_id=5e1c3e388d1eef9d2f17f1974d5b1810 --annotation=app_id=7ebaf51295 --annotation=app_key=3595ca0a-0ac2-42e7-988b-bb08e6767e24 --annotation=app_version=5.10.52.10 --annotation=build_id=5.10.5200.4987 --annotation=bundle_id=com.tencent.androws --annotation=buz_ipc_pipe_name=\\.\pipe\5.10.5200.4987-27833917-46AC-42BC-88F9-90554702E8FE --annotation=database=7ebaf51295 --annotation=format=minidump --annotation=is_need_attach_info=true --annotation=is_need_upload=true --annotation=is_pop_dialog=false --annotation=is_server_process=false --annotation=process_display_name=AndrowsLauncher --annotation=process_name=AndrowsLauncher --annotation=product=7ebaf51295 --annotation=version=5.10.52.10 --initial-client-data=0x280,0x284,0x288,0x25c,0x290,0x7ffd6d40e8d8,0x7ffd6d40e898,0x7ffd6d40e8a8C:\Program Files\Tencent\Androws\Application\5.10.5200.4987\crashpad_handler.exe
AndrowsLauncher.exe
User:
admin
Integrity Level:
HIGH
Description:
Bugly-Windows SDK
Exit code:
0
Version:
1.0.22.1
Modules
Images
c:\program files\tencent\androws\application\5.10.5200.4987\crashpad_handler.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
1400"C:\Windows\System32\cmd.exe" /c sc start dokan2tC:\Windows\System32\cmd.exeSetup.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
1056
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
1844"C:\Program Files\Tencent\Androws\Application\5.10.5200.4987\AndrowsAssistant.exe" --report-vulkan-version "" C:\Program Files\Tencent\Androws\Application\5.10.5200.4987\AndrowsAssistant.exe
AndrowsStore.exe
User:
admin
Company:
Tencent
Integrity Level:
HIGH
Description:
腾讯应用宝移动应用引擎
Exit code:
0
Version:
5.10.5200.4987
Modules
Images
c:\program files\tencent\androws\application\5.10.5200.4987\androwsassistant.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\opengl32.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\advapi32.dll
1932"C:\Program Files\Tencent\AndrowsData\Component\Androws\Setup.exe" --install "1" --no-create-desktop-link "1" --no-create-start-menu-link "1" C:\Program Files\Tencent\AndrowsData\Component\Androws\Setup.exe
com.jf.lkrj_yybinstaller_7ad071edd32a3971.exe
User:
admin
Company:
Tencent
Integrity Level:
HIGH
Description:
腾讯应用宝移动应用引擎
Exit code:
0
Version:
5.10.5200.4987
Modules
Images
c:\program files\tencent\androwsdata\component\androws\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
1984"C:\Users\admin\AppData\Local\Temp\com.jf.lkrj_yybinstaller_7ad071edd32a3971.exe" C:\Users\admin\AppData\Local\Temp\com.jf.lkrj_yybinstaller_7ad071edd32a3971.exeexplorer.exe
User:
admin
Company:
Tencent
Integrity Level:
MEDIUM
Description:
腾讯应用宝移动应用引擎
Version:
3.0.3.7
Modules
Images
c:\users\admin\appdata\local\temp\com.jf.lkrj_yybinstaller_7ad071edd32a3971.exe
c:\windows\system32\ntdll.dll
1984"C:\Program Files\Tencent\Androws\Application\AndrowsLauncher.exe" --launch-proc-name "AndrowsAssistant.exe" --update-env-info "" C:\Program Files\Tencent\Androws\Application\AndrowsLauncher.exeAndrowsSvr.exe
User:
admin
Company:
Tencent
Integrity Level:
HIGH
Description:
腾讯应用宝移动应用引擎
Exit code:
0
Version:
5.10.5200.4987
Modules
Images
c:\program files\tencent\androws\application\androwslauncher.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
2096"C:\Program Files\Tencent\Androws\Application\5.10.5200.4987\AndrowsAssistant.exe" --update-env-info "" --androws_launcher_start_time "1771840715039" --app-launch-info "{\"engine_type\":2,\"is_premium_game\":false,\"launch_second_step\":3,\"pkg_name\":\"\",\"rotation\":0,\"show_full_screen\":false,\"show_maximum\":false}" --emulator-launch-from "1" C:\Program Files\Tencent\Androws\Application\5.10.5200.4987\AndrowsAssistant.exeAndrowsLauncher.exe
User:
admin
Company:
Tencent
Integrity Level:
HIGH
Description:
腾讯应用宝移动应用引擎
Exit code:
1006
Version:
5.10.5200.4987
Modules
Images
c:\program files\tencent\androws\application\5.10.5200.4987\androwsassistant.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\opengl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\cfgmgr32.dll
2228"C:\Program Files\Tencent\Androws\Application\5.10.5200.4987\AndrowsAssistant.exe" --check-opengl-process "AndrowsStore.exe" C:\Program Files\Tencent\Androws\Application\5.10.5200.4987\AndrowsAssistant.exeAndrowsStore.exe
User:
admin
Company:
Tencent
Integrity Level:
HIGH
Description:
腾讯应用宝移动应用引擎
Exit code:
1000
Version:
5.10.5200.4987
Modules
Images
c:\program files\tencent\androws\application\5.10.5200.4987\androwsassistant.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\opengl32.dll
2232"C:\Users\admin\AppData\Roaming\Tencent\xwechat\xplugin\plugins\RadiumWMPF\18787\extracted\runtime\WeChatAppEx.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --client_version=4065597214 --enable-crash-reporter --wmpf_root_dir="C:\Users\admin\AppData\Roaming\Tencent\xwechat\radium" --instance-index=0 --product-id=1002 --disable-mojo-broker --field-trial-handle=2304,i,17192733242486597569,13516785059580803417,262144 --enable-features=OverlayScrollbar,WinSystemLocationPermission,XWorker --disable-features=AudioServiceOutOfProcess,AutoupgradeMixedContent,BackForwardCache,DigitalGoodsApi,NotificationTriggers,PeriodicBackgroundSync,TFLiteLanguageDetectionEnabled,Vulkan,WebOTP --variations-seed-version --log-level=2 --mojo-platform-channel-handle=2296 /prefetch:3C:\Users\admin\AppData\Roaming\Tencent\xwechat\xplugin\plugins\RadiumWMPF\18787\extracted\runtime\WeChatAppEx.exe
WeChatAppEx.exe
User:
admin
Company:
Tencent LLC
Integrity Level:
MEDIUM
Description:
WeChatAppEx
Version:
2.3.8.18787
Modules
Images
c:\users\admin\appdata\roaming\tencent\xwechat\xplugin\plugins\radiumwmpf\18787\extracted\runtime\wechatappex.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\user32.dll
c:\users\admin\appdata\roaming\tencent\xwechat\xplugin\plugins\radiumwmpf\18787\extracted\runtime\xweb_elf.dll
c:\windows\system32\win32u.dll
Total events
56 190
Read events
55 542
Write events
606
Delete events
42

Modification events

(PID) Process:(5204) com.jf.lkrj_yybinstaller_7ad071edd32a3971.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Tencent\Androws
Operation:writeName:ChannelId
Value:
B1FB2C7D00000000
(PID) Process:(5204) com.jf.lkrj_yybinstaller_7ad071edd32a3971.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Tencent\Androws
Operation:writeName:InstallSource
Value:
{"androws_main_version":"","app_id":"com.jf.lkrj","app_pullup_type":0,"app_type":1,"auto_start_market":1,"build_id":558004,"channel_id":2100100017,"client_pseudo_protocol":"","create_desktop_link":1,"ctrl_code":0,"display_name":"花生日记电脑版","extra_info":{"apk_channel":"","apk_deep_link":"","source":"","wx_app_path":""},"install_mode":0,"install_priority":0,"oem_preinstall":0,"oem_type":0,"pullup_type":1,"report_info":{"account_id":"","browser":"Edge","click_id":"","distribute_tool":"downloader","group_id":"","h5_url":"https://sj.qq.com/appdetail/com.jf.lkrj?&from_wxz=1","keyword_id":"","launch_exp_ids":"","launch_exp_type":"","media_id":"yyb-website","ocpc":"","plan_id":"","seo_source":"google","source_id":"","target_channel":"PCYYB"},"show_tray_icon":1}
(PID) Process:(5204) com.jf.lkrj_yybinstaller_7ad071edd32a3971.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Tencent\Androws\Env
Operation:writeName:svid
Value:
5e1c3e388d1eef9d2f17f1974d5b1810
(PID) Process:(5204) com.jf.lkrj_yybinstaller_7ad071edd32a3971.exeKey:HKEY_CURRENT_USER\SOFTWARE\Tencent\Androws\Env
Operation:writeName:svid
Value:
5e1c3e388d1eef9d2f17f1974d5b1810
(PID) Process:(5204) com.jf.lkrj_yybinstaller_7ad071edd32a3971.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Tencent\Androws
Operation:writeName:VDIImageDiscType
Value:
0100000000000000
(PID) Process:(5204) com.jf.lkrj_yybinstaller_7ad071edd32a3971.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Tencent\Androws
Operation:writeName:HyperVState
Value:
0000000000000000
(PID) Process:(5204) com.jf.lkrj_yybinstaller_7ad071edd32a3971.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Tencent\Androws
Operation:writeName:VtState
Value:
0100000000000000
(PID) Process:(5204) com.jf.lkrj_yybinstaller_7ad071edd32a3971.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Tencent\Androws
Operation:writeName:InstallPath
Value:
C:\Program Files\Tencent\Androws
(PID) Process:(5204) com.jf.lkrj_yybinstaller_7ad071edd32a3971.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Tencent\Androws
Operation:writeName:AndrowsData
Value:
C:\Program Files\Tencent\AndrowsData
(PID) Process:(5204) com.jf.lkrj_yybinstaller_7ad071edd32a3971.exeKey:HKEY_CURRENT_USER\SOFTWARE\Tencent\Androws\Androws
Operation:writeName:BrandCode
Value:
0000000000000000
Executable files
768
Suspicious files
588
Text files
701
Unknown types
31

Dropped files

PID
Process
Filename
Type
5204com.jf.lkrj_yybinstaller_7ad071edd32a3971.exeC:\Program Files\Tencent\AndrowsData\Component\Androws.7z.teemo
MD5:
SHA256:
5204com.jf.lkrj_yybinstaller_7ad071edd32a3971.exeC:\Program Files\Tencent\AndrowsData\Component\Androws.7z
MD5:
SHA256:
5204com.jf.lkrj_yybinstaller_7ad071edd32a3971.exeC:\Users\admin\AppData\Local\Temp\Tencent\Androws\install-resources\com.jf.lkrj.pngimage
MD5:3295CA0ECF22243628C3E975A1F3CC2D
SHA256:5E52E7BA8237FAF8777260B9CBD1DF9C1528555D89B8A4E31540961199E815F6
5204com.jf.lkrj_yybinstaller_7ad071edd32a3971.exeC:\Users\admin\AppData\Roaming\Tencent\Androws\db\Configs.db-shmbinary
MD5:B65DC7130178518DEE6A03440F7F32C0
SHA256:B76E7B9AFB1E7BF9187C68FD75FC5C6B603B7DF0CCE23E569CD9D092DA05CBF1
5204com.jf.lkrj_yybinstaller_7ad071edd32a3971.exeC:\Users\admin\AppData\Roaming\Tencent\beacon\GlobalMgr.dbtext
MD5:B604F0677E4B581EDAB8BA88E75E02E5
SHA256:6739C39C09D479C8ACF3930A4FBDDA4A8097FC00A745B485879AD4C3211909E4
5204com.jf.lkrj_yybinstaller_7ad071edd32a3971.exeC:\androws_temp.txtbinary
MD5:0D5A9115CA3E62AAC00A5D6B68392C56
SHA256:6F24BAE6C7B73ED650F4E9777D5420898356B3CB2E08DABB3EDB2253A655F9E6
5204com.jf.lkrj_yybinstaller_7ad071edd32a3971.exeC:\Users\admin\AppData\Roaming\Tencent\Androws\db\Configs.dbbinary
MD5:DC10EA60FEBE7DC60BAA089F36467397
SHA256:66094B8940BB9DCE88BF451DCB81B23D7E66B65B865FD8C16D054E96F64F8938
5204com.jf.lkrj_yybinstaller_7ad071edd32a3971.exeC:\Program Files\Tencent\AndrowsData\Component\Androws\font\Noto Sans SC (TrueType).otf
MD5:
SHA256:
5204com.jf.lkrj_yybinstaller_7ad071edd32a3971.exeC:\Program Files\Tencent\AndrowsData\Component\Androws\font\Noto Sans SC Bold (TrueType).otf
MD5:
SHA256:
5204com.jf.lkrj_yybinstaller_7ad071edd32a3971.exeC:\Program Files\Tencent\AndrowsData\Component\Androws\font\Noto Sans SC Medium (TrueType).otf
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
119
TCP/UDP connections
366
DNS requests
99
Threats
22

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5204
com.jf.lkrj_yybinstaller_7ad071edd32a3971.exe
HEAD
200
43.152.137.29:443
https://conf.syzs.qq.com/xy/yyb_management_system/942b224a4356ae056c1cb3d0d465b83b.7z
SG
unknown
5204
com.jf.lkrj_yybinstaller_7ad071edd32a3971.exe
GET
43.152.137.29:443
https://conf.syzs.qq.com/xy/yyb_management_system/942b224a4356ae056c1cb3d0d465b83b.7z
SG
unknown
5204
com.jf.lkrj_yybinstaller_7ad071edd32a3971.exe
GET
43.152.137.29:443
https://conf.syzs.qq.com/xy/yyb_management_system/942b224a4356ae056c1cb3d0d465b83b.7z
SG
unknown
5204
com.jf.lkrj_yybinstaller_7ad071edd32a3971.exe
GET
43.152.137.29:443
https://conf.syzs.qq.com/xy/yyb_management_system/942b224a4356ae056c1cb3d0d465b83b.7z
SG
unknown
5204
com.jf.lkrj_yybinstaller_7ad071edd32a3971.exe
GET
43.152.137.29:443
https://conf.syzs.qq.com/xy/yyb_management_system/942b224a4356ae056c1cb3d0d465b83b.7z
SG
unknown
5204
com.jf.lkrj_yybinstaller_7ad071edd32a3971.exe
GET
43.152.137.29:443
https://conf.syzs.qq.com/xy/yyb_management_system/942b224a4356ae056c1cb3d0d465b83b.7z
SG
unknown
5204
com.jf.lkrj_yybinstaller_7ad071edd32a3971.exe
POST
200
129.226.102.75:443
https://yybadaccess.3g.qq.com/pc_yyb_client/pcyyb_get_app_detail
CN
text
958 b
unknown
5204
com.jf.lkrj_yybinstaller_7ad071edd32a3971.exe
GET
200
43.152.26.142:443
https://static.pc.yyb.qq.com/downloader-img/3295ca0ecf22243628c3e975a1f3cc2d.png
SG
image
31.8 Kb
unknown
5204
com.jf.lkrj_yybinstaller_7ad071edd32a3971.exe
POST
200
129.226.102.75:443
https://yybadaccess.3g.qq.com/pcyybopen/pcyyb_recall
CN
text
87 b
unknown
356
svchost.exe
POST
200
20.190.160.14:443
https://login.live.com/RST2.srf
US
xml
11.1 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
Not routed
whitelisted
6200
RUXIMICS.exe
51.104.136.2:443
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
6768
MoUsoCoreWorker.exe
51.104.136.2:443
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
1856
svchost.exe
51.104.136.2:443
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
3412
svchost.exe
172.211.123.248:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5204
com.jf.lkrj_yybinstaller_7ad071edd32a3971.exe
129.226.102.75:443
yybadaccess.3g.qq.com
TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue
CN
unknown
4
System
192.168.100.255:138
Not routed
whitelisted
5204
com.jf.lkrj_yybinstaller_7ad071edd32a3971.exe
43.173.131.185:8081
oth.eve.mdt.qq.com
TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue
CN
unknown
5204
com.jf.lkrj_yybinstaller_7ad071edd32a3971.exe
43.152.26.142:443
static.pc.yyb.qq.com
ACE-AS-AP ACE
SG
whitelisted
356
svchost.exe
20.190.160.14:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 142.251.208.14
whitelisted
self.events.data.microsoft.com
  • 40.74.98.192
  • 40.79.197.34
whitelisted
client.wns.windows.com
  • 172.211.123.248
whitelisted
yybadaccess.3g.qq.com
  • 129.226.102.75
unknown
oth.eve.mdt.qq.com
  • 43.173.131.185
  • 101.33.47.68
  • 101.33.47.206
unknown
static.pc.yyb.qq.com
  • 43.152.26.142
  • 43.152.26.110
  • 43.152.26.238
  • 43.152.26.154
  • 43.152.26.151
  • 43.152.26.209
  • 43.152.29.101
  • 43.152.28.43
  • 43.175.168.193
whitelisted
login.live.com
  • 20.190.160.14
  • 20.190.160.2
  • 20.190.160.132
  • 40.126.32.134
  • 20.190.160.5
  • 20.190.160.67
  • 20.190.160.131
  • 20.190.160.128
whitelisted
ocsp.digicert.com
  • 184.30.131.245
whitelisted
settings-win.data.microsoft.com
  • 4.231.128.59
whitelisted
crl.microsoft.com
  • 23.216.77.30
  • 23.216.77.25
  • 23.216.77.41
  • 23.216.77.6
  • 23.216.77.38
  • 23.216.77.29
  • 23.216.77.27
  • 23.216.77.19
  • 23.216.77.10
  • 23.216.77.37
  • 23.216.77.39
whitelisted

Threats

PID
Process
Class
Message
8916
CefRendererProcess.exe
Misc activity
ET INFO Tencent Cloud Storage Domain in DNS Lookup (myqcloud .com)
8916
CefRendererProcess.exe
Misc activity
ET INFO Tencent Cloud Storage Domain in DNS Lookup (myqcloud .com)
8916
CefRendererProcess.exe
Misc activity
ET INFO Observed Tencent Cloud Storage Domain (myqcloud .com in TLS SNI)
8916
CefRendererProcess.exe
Misc activity
ET INFO Observed Tencent Cloud Storage Domain (myqcloud .com in TLS SNI)
8916
CefRendererProcess.exe
Misc activity
ET INFO Observed Tencent Cloud Storage Domain (myqcloud .com in TLS SNI)
8916
CefRendererProcess.exe
Misc activity
ET INFO Observed Tencent Cloud Storage Domain (myqcloud .com in TLS SNI)
8916
CefRendererProcess.exe
Misc activity
ET INFO Observed Tencent Cloud Storage Domain (myqcloud .com in TLS SNI)
5308
AndrowsDlSvr.exe
A Network Trojan was detected
ET USER_AGENTS Aria2 User-Agent
5308
AndrowsDlSvr.exe
A Network Trojan was detected
ET USER_AGENTS Aria2 User-Agent
5308
AndrowsDlSvr.exe
A Network Trojan was detected
ET USER_AGENTS Aria2 User-Agent
Process
Message
crashpad_handler.exe
[8608:9184:20260223,045811.105:INFO bugly_crash_monitor_statistics.cc:282] Bugly: [statistices] find statistices file count:0
crashpad_handler.exe
[8608:9184:20260223,045811.105:ERROR filesystem_win.cc:130] GetFileAttributes C:\Users\admin\AppData\Local\Temp\Tencent\Androws\BTrace\7ebaf51295\Trace: The system cannot find the file specified. (2)
crashpad_handler.exe
[8608:5888:20260223,045811.105:INFO bugly_trace_report.cc:322] [Trace] checkReportCacheFile num:0
crashpad_handler.exe
Bugly: [statistices] find statistices file count:0
crashpad_handler.exe
[Trace] checkReportCacheFile num:0
crashpad_handler.exe
[3644:8900:20260223,045811.480:INFO bugly_trace_report.cc:322] [Trace] checkReportCacheFile num:0
crashpad_handler.exe
[3644:7812:20260223,045811.480:INFO bugly_crash_monitor_statistics.cc:282] Bugly: [statistices] find statistices file count:0
crashpad_handler.exe
[Trace] checkReportCacheFile num:0
crashpad_handler.exe
Bugly: [statistices] find statistices file count:0
crashpad_handler.exe
[8608:5772:20260223,045812.199:INFO crash_report_upload_thread.cc:257] On CheckAndReportResiduesCrashReports, status:000007FF7AC4E9BC80
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
com.jf.lkrj_yybinstaller_7ad071edd32a3971.exe