Trojan.NSIS.StartPage_6b16a2d4c5

by malwarelabrobot on May 28th, 2016 in Malware Descriptions.

Trojan.NSIS.StartPage.FD, Trojan.Win32.Swrort.3.FD, mzpefinder_pcap_file.YR (Lavasoft MAS)
Behaviour: Trojan

The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Summary

Dynamic Analysis

Static Analysis

Network Activity

Map

Strings from Dumps

Removals

MD5: 6b16a2d4c5c9b56108be347582804a50
SHA1: 3b6822db267e3c1b7cbc1594868a586572346441
SHA256: 24fab333ffa8dfb6ec8c4eda6190555a74bafc745bd8b821d4d323f7ba5148fe
SSDeep: 6144:pOPjVnsYvOzQ5WY3wT/tUirAhuAQp9W4qqaGfy86W/ri/:yhnsYvOzQ5WntVO4Uj2e
Size: 302777 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2009-06-19 00:33:27
Analyzed on: WindowsXP SP3 32-bit

Summary:

Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Payload

No specific payload has been found.

Process activity

The Trojan creates the following process(es):

QQBrowserLiveup.exe:3084
kisService.exe:1244
iNetHelper_300002.exe:1480
QQBrowserOTA.exe:2464
QQBrowserOTA.exe:3668
QQBrowserOTA.exe:2452
kinst_168_38.exe:804
BrowersFacade.exe:3060
QQBrowser.exe:1164
QQBrowser.exe:776
QQBrowser.exe:212
QQBrowser.exe:3952
QQBrowser.exe:1604
QQBrowser.exe:928
QQBrowser.exe:2036
QQBrowser.exe:1520
QQBrowser.exe:1452
QQBrowser.exe:3132
QQBrowser.exe:252
QQBrowser.exe:3988
QQBrowser.exe:1368
V8._85296_20150814221218.exe:1252
PerfTraceService.exe:1796
PerfTraceService.exe:1512
regsvr32.exe:1500
KisService.exe:2144
kisdeskurl.exe:2832

The Trojan injects its code into the following process(es):

1332280.exe:500
%original file name%.exe:1156
QQBrowser.exe:1860
QQBrowser.exe:1288
QQBrowser.exe:1596
QQBrowser.exe:1108
QQBrowser.exe:1676
QQBrowser.exe:220

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process kisService.exe:1244 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Program Files%\iNetHelper\desktop.ini (50 bytes)
%Program Files%\iNetHelper\Log\KisService_Control.log (118 bytes)

The process 1332280.exe:500 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\rsedownloadconfig[1].xml (196 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\rse1332280[1].exe (2208942 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RSEDown\rse.exe.rs (2208942 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RSEDown\rsedownloadconfig.xml.rs (204 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\rsedownloadconfig[1].xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\rse1332280[1].exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RSEDown\rsedownloadconfig.xml (0 bytes)

The process iNetHelper_300002.exe:1480 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Program Files%\iNetHelper\png\docin.com.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\inethelper\~d9d88\install_res\71.png (2 bytes)
%Program Files%\iNetHelper\png\www.kugou.com.png (4 bytes)
%Program Files%\iNetHelper\png\www.fanw8.com.png (3 bytes)
%Program Files%\iNetHelper\Image\frame.png (826 bytes)
%Program Files%\iNetHelper\png\www.k618.cn.png (5 bytes)
%Program Files%\iNetHelper\weather\0.png (3 bytes)
%Program Files%\iNetHelper\png\www.99danji.com.png (3 bytes)
%Program Files%\iNetHelper\png\tech.qq.com.png (2 bytes)
%Program Files%\iNetHelper\png\ju.taobao.com.png (4 bytes)
%Program Files%\iNetHelper\png\10086.cn.png (2 bytes)
%Program Files%\iNetHelper\png\hao.360.cn.png (1 bytes)
%Program Files%\iNetHelper\weather\19.png (3 bytes)
%Program Files%\iNetHelper\png\yule.sohu.com.png (5 bytes)
%Program Files%\iNetHelper\png\www.vip.com.png (4 bytes)
%Program Files%\iNetHelper\weather\9.png (3 bytes)
%Program Files%\iNetHelper\png\www.xs8.cn.png (3 bytes)
%Program Files%\iNetHelper\png\ycwb.com.png (3 bytes)
%Program Files%\iNetHelper\png\www.pcpop.com.png (3 bytes)
%Program Files%\iNetHelper\png\ent.ifeng.com.png (1 bytes)
%Program Files%\iNetHelper\png\www.mafengwo.cn.png (3 bytes)
%Program Files%\iNetHelper\png\www.bxwx.org.png (1 bytes)
%Program Files%\iNetHelper\png\www.cncn.com.png (3 bytes)
%Program Files%\iNetHelper\weather\29.png (3 bytes)
%Program Files%\iNetHelper\png\hinews.cn.png (2 bytes)
%Program Files%\iNetHelper\png\www.pconline.com.cn.png (4 bytes)
%Program Files%\iNetHelper\png\www.crsky.com.png (2 bytes)
%Program Files%\iNetHelper\KisHost.dat (122 bytes)
%Program Files%\iNetHelper\png\www.oneplusbbs.com.png (2 bytes)
%System%\drivers\SelfProtect.sys (27 bytes)
%Program Files%\iNetHelper\png\ent.163.com.png (2 bytes)
%Program Files%\iNetHelper\png\www.chsi.com.cn.png (3 bytes)
%Program Files%\iNetHelper\png\www.linkedin.com.png (2 bytes)
%Program Files%\iNetHelper\Image\close.png (19 bytes)
%Program Files%\iNetHelper\png\ent.yxlady.com.png (2 bytes)
%Program Files%\iNetHelper\png\www.huawei.com.png (2 bytes)
%Program Files%\iNetHelper\png\henan.china.com.cn.png (2 bytes)
%Program Files%\iNetHelper\png\finance.ifeng.com.png (1 bytes)
%Program Files%\iNetHelper\png\www.downza.cn.png (2 bytes)
%Program Files%\iNetHelper\png\cztv.com.png (4 bytes)
%Program Files%\iNetHelper\png\www.yicai.com.png (3 bytes)
%Program Files%\iNetHelper\png\beijing.bitauto.com.png (2 bytes)
%Program Files%\iNetHelper\png\ip138.com.png (1 bytes)
%Program Files%\iNetHelper\png\www.bbc.com.png (1 bytes)
%Program Files%\iNetHelper\png\www.xiami.com.png (2 bytes)
%Program Files%\iNetHelper\png\news.21cn.com.png (4 bytes)
%Program Files%\iNetHelper\png\uuu9.com.png (4 bytes)
%Program Files%\iNetHelper\png\www.itouzi.com.png (3 bytes)
%Program Files%\iNetHelper\png\www.120ask.com.png (5 bytes)
%Program Files%\iNetHelper\png\www.ku6.com.png (3 bytes)
%Program Files%\iNetHelper\png\www.youxi.com.png (4 bytes)
%Program Files%\iNetHelper\png\renren.com.png (5 bytes)
%Program Files%\iNetHelper\png\news.qq.com.png (4 bytes)
%Program Files%\iNetHelper\weather\8.png (3 bytes)
%Program Files%\iNetHelper\png\www.pps.tv.png (2 bytes)
%Program Files%\iNetHelper\png\www.8684.cn.png (2 bytes)
%Program Files%\iNetHelper\png\www.hc360.com.png (3 bytes)
%Program Files%\iNetHelper\png\www.it168.com.png (3 bytes)
%Program Files%\iNetHelper\png\pcgames.com.cn.png (2 bytes)
%Program Files%\iNetHelper\png\www.offcn.com.png (5 bytes)
%Program Files%\iNetHelper\png\movie.douban.com.png (3 bytes)
%Program Files%\iNetHelper\png\ganji.com.png (5 bytes)
%Program Files%\iNetHelper\weather\17.png (3 bytes)
%Program Files%\iNetHelper\png\51test.net.png (1 bytes)
%Program Files%\iNetHelper\png\v.qq.com.png (3 bytes)
%Program Files%\iNetHelper\png\cn.bing.com.png (3 bytes)
%Program Files%\iNetHelper\png\fudan.edu.cn.png (5 bytes)
%Program Files%\iNetHelper\KisSelfProtect.dll (1072 bytes)
%Program Files%\iNetHelper\png\iqilu.com.png (5 bytes)
%System%\drivers\KisSaasknl64.sys (601 bytes)
%Program Files%\iNetHelper\png\yz.chsi.com.cn.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\inethelper\~d9d88\setup.xml (257 bytes)
%Program Files%\iNetHelper\png\www.zjol.com.cn.png (4 bytes)
%Program Files%\iNetHelper\KANCurl.dll (4831 bytes)
%Program Files%\iNetHelper\png\tieba.baidu.com.png (3 bytes)
%Program Files%\iNetHelper\png\www.onlylady.com.png (2 bytes)
%Program Files%\iNetHelper\png\www.tudou.com.png (3 bytes)
%Program Files%\iNetHelper\png\cpc.people.com.cn.png (5 bytes)
%Program Files%\iNetHelper\png\www.nen.com.cn.png (3 bytes)
%Program Files%\iNetHelper\png\www.jinshangdai.com.png (3 bytes)
%Program Files%\iNetHelper\png\www.ellechina.com.png (2 bytes)
%Program Files%\iNetHelper\png\pcbaby.com.cn.png (2 bytes)
%Program Files%\iNetHelper\install.dat (69 bytes)
%Program Files%\iNetHelper\Facade (816 bytes)
%Program Files%\iNetHelper\png\mydrivers.com.png (2 bytes)
%Program Files%\iNetHelper\weather\53.png (3 bytes)
%Program Files%\iNetHelper\png\hainan.net.png (2 bytes)
%Program Files%\iNetHelper\png\xinhuanet.com.png (3 bytes)
%Program Files%\iNetHelper\png\m.yy.com.png (4 bytes)
%Program Files%\iNetHelper\png\www.rayli.com.cn.png (3 bytes)
%Program Files%\iNetHelper\png\detail.zol.com.cn.png (3 bytes)
%Program Files%\iNetHelper\png\www.haiwainet.cn.png (2 bytes)
%Program Files%\iNetHelper\version.dat (41 bytes)
%Program Files%\iNetHelper\png\17k.com.png (1 bytes)
%Program Files%\iNetHelper\CityCode.db (113 bytes)
%Program Files%\iNetHelper\png\eastday.com.png (2 bytes)
%Program Files%\iNetHelper\png\12306.cn.png (4 bytes)
%Program Files%\iNetHelper\png\www.xcar.com.cn.png (4 bytes)
%Program Files%\iNetHelper\png\www.lemall.com.png (2 bytes)
%Program Files%\iNetHelper\Plugin.dat (183 bytes)
%Program Files%\iNetHelper\png\www.zhe800.com.png (3 bytes)
%Program Files%\iNetHelper\png\www.sohu.com.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\inethelper\~d9d88\install_res\109.bmp (84 bytes)
%Documents and Settings%\All Users\Application Data\iNetHelper\KCLT\duba_setbrowser9034683879.inf (144 bytes)
%Program Files%\iNetHelper\png\www.jd.com.png (5 bytes)
%Program Files%\iNetHelper\KisSaasknl64.sys (1518 bytes)
%Program Files%\iNetHelper\png\mail.163.com.png (3 bytes)
%Program Files%\iNetHelper\png\www.zhenai.com.png (4 bytes)
%Program Files%\iNetHelper\msvcp80.dll (7851 bytes)
%Program Files%\iNetHelper\png\www.jia.com.png (2 bytes)
%Program Files%\iNetHelper\png\www.alibaba.com.png (3 bytes)
%Program Files%\iNetHelper\png\zhibo8.cc.png (2 bytes)
%Program Files%\iNetHelper\png\www.mtime.com.png (2 bytes)
%Program Files%\iNetHelper\png\www.pclady.com.cn.png (2 bytes)
%Program Files%\iNetHelper\png\www.sogou.com.png (2 bytes)
%Program Files%\iNetHelper\png\home.meishichina.com.png (4 bytes)
%Program Files%\iNetHelper\weather\23.png (3 bytes)
%Program Files%\iNetHelper\KisSaasknl.sys (1633 bytes)
%Program Files%\iNetHelper\png\www.bankcomm.com.png (3 bytes)
%Program Files%\iNetHelper\png\techweb.com.cn.png (2 bytes)
%Program Files%\iNetHelper\png\www.jiuxian.com.png (4 bytes)
%Program Files%\iNetHelper\png\www.qidian.com.png (3 bytes)
%Program Files%\iNetHelper\png\www.baike.com.png (2 bytes)
%Program Files%\iNetHelper\png\www.etao.com.png (2 bytes)
%Program Files%\iNetHelper\kdump.dll (3389 bytes)
%Program Files%\iNetHelper\png\tech.sina.com.cn.png (1 bytes)
%Program Files%\iNetHelper\Image\expand.png (23 bytes)
%Program Files%\iNetHelper\KisCommunication.dll (1518 bytes)
%Program Files%\iNetHelper\ksetupwiz.exe (5493 bytes)
%Program Files%\iNetHelper\png\www.baidu.com.png (3 bytes)
%Program Files%\iNetHelper\KisIEProtecter.dll (2948 bytes)
%Program Files%\iNetHelper\png\icbc.com.cn.png (4 bytes)
%Program Files%\iNetHelper\png\www.top81.com.cn.png (5 bytes)
%Program Files%\iNetHelper\RegBHO64.exe (1248 bytes)
%Program Files%\iNetHelper\KisManager.dll (307 bytes)
%Program Files%\iNetHelper\png\www.tgbus.com.png (1 bytes)
%Program Files%\iNetHelper\png\v.6.cn.png (2 bytes)
%Program Files%\iNetHelper\png\sports.sina.com.cn.png (3 bytes)
%Program Files%\iNetHelper\png\qzone.qq.com.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\inethelper\~d9d88\install_res\201.bmp (2 bytes)
%Program Files%\iNetHelper\png\www.tianqi.com.png (4 bytes)
%Program Files%\iNetHelper\uniuwiz.exe (10614 bytes)
%Program Files%\iNetHelper\png\www.fayi.com.cn.png (5 bytes)
%Program Files%\iNetHelper\png\ai.taobao.com.png (4 bytes)
%Program Files%\iNetHelper\png\tvmao.com.png (5 bytes)
%Program Files%\iNetHelper\KanOption.cfg (149 bytes)
%Program Files%\iNetHelper\png\hsw.cn.png (3 bytes)
%Program Files%\iNetHelper\Image\BackGround.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\inethelper\~d9d88\install_res\72.png (1 bytes)
%Program Files%\iNetHelper\png\zhanzhang.anquan.org.png (1 bytes)
%Program Files%\iNetHelper\png\www.360doc.com.png (2 bytes)
%Program Files%\iNetHelper\png\www.chazidian.com.png (2 bytes)
%Program Files%\iNetHelper\png\www.guancha.cn.png (4 bytes)
%Program Files%\iNetHelper\png\www.fang.com.png (4 bytes)
%Program Files%\iNetHelper\png\weather.com.cn.png (2 bytes)
%Program Files%\iNetHelper\png\shangdu.com.png (3 bytes)
%Program Files%\iNetHelper\detect.dat (837 bytes)
%Program Files%\iNetHelper\png\sj.zol.com.cn.png (2 bytes)
%Program Files%\iNetHelper\png\cnki.net.png (5 bytes)
%Program Files%\iNetHelper\weather\4.png (3 bytes)
%Program Files%\iNetHelper\config.db (9606 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Ã¤Â¸Å Ã§Â½â€˜Ã¥Å Â©Ã¦â€°â€¹\Ã¥Å“Â¨Ã§ÂºÂ¿Ã¥Ââ€¡Ã§ÂºÂ§.lnk (645 bytes)
%Program Files%\iNetHelper\png\qzlx.people.com.cn.png (4 bytes)
%Program Files%\iNetHelper\png\www.amazon.com.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\inethelper\~d9d88\install_res\63.png (463 bytes)
%Program Files%\iNetHelper\png\money.163.com.png (2 bytes)
%Program Files%\iNetHelper\png\www.abchina.com.png (3 bytes)
%Program Files%\iNetHelper\weather\14.png (3 bytes)
%Program Files%\iNetHelper\png\www.kuxun.cn.png (4 bytes)
%Program Files%\iNetHelper\png\www.tianya.cn.png (5 bytes)
%Program Files%\iNetHelper\png\dayoo.com.png (5 bytes)
%Program Files%\iNetHelper\png\www.qidian.comDefault.aspx.png (3 bytes)
%Program Files%\iNetHelper\png\ccb.com.png (4 bytes)
%Program Files%\iNetHelper\png\www.cnmo.com.png (2 bytes)
%Program Files%\iNetHelper\png\news.ifeng.com.png (4 bytes)
%Program Files%\iNetHelper\png\www.sjtu.edu.cn.png (6 bytes)
%Program Files%\iNetHelper\png\mail.aliyun.com.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\inethelper\~d9d88\install_res\66.png (586 bytes)
%Program Files%\iNetHelper\KisDeskBand64.dll (2372 bytes)
%Program Files%\iNetHelper\Log\update.log (7 bytes)
%Program Files%\iNetHelper\png\dbw.cn.png (2 bytes)
%Program Files%\iNetHelper\RealUrl.dat (32 bytes)
%Program Files%\iNetHelper\png\mail.qq.com.png (3 bytes)
%Program Files%\iNetHelper\png\haodf.com.png (2 bytes)
%Program Files%\iNetHelper\weather\10.png (3 bytes)
%Program Files%\iNetHelper\png\www.500.com.png (2 bytes)
%Program Files%\iNetHelper\KisDeskURL.exe (22384 bytes)
%Program Files%\iNetHelper\3rdJson.dll (2164 bytes)
%Program Files%\iNetHelper\png\www.mapbar.com.png (2 bytes)
%Program Files%\iNetHelper\png\www.chinahr.com.png (4 bytes)
%Program Files%\iNetHelper\weather\22.png (3 bytes)
%Program Files%\iNetHelper\KisBase64.dll (13638 bytes)
%Program Files%\iNetHelper\png\games.qq.com.png (4 bytes)
%Program Files%\iNetHelper\png\www.apple.com.png (1 bytes)
%Program Files%\iNetHelper\png\ent.sina.com.cn.png (4 bytes)
%Program Files%\iNetHelper\png\bj.ganji.com.png (1 bytes)
%Program Files%\iNetHelper\png\sports.sohu.com.png (5 bytes)
%Program Files%\iNetHelper\png\www.taobao.com.png (4 bytes)
%Program Files%\iNetHelper\png\www.xywy.com.png (2 bytes)
%Program Files%\iNetHelper\png\zhcw.com.png (2 bytes)
%Program Files%\iNetHelper\weather\6.png (3 bytes)
%Program Files%\iNetHelper\png\www.pcauto.com.cn.png (4 bytes)
%Program Files%\iNetHelper\weather\3.png (3 bytes)
%Program Files%\iNetHelper\png\eol.cn.png (2 bytes)
%Program Files%\iNetHelper\png\www.zol.com.cn.png (3 bytes)
%Program Files%\iNetHelper\png\www.mama.cn.png (3 bytes)
%Program Files%\iNetHelper\png\www.babytree.com.png (4 bytes)
%Program Files%\iNetHelper\KisBase.dll (10538 bytes)
%Program Files%\iNetHelper\png\www.cntv.cn.png (2 bytes)
%Program Files%\iNetHelper\png\www.self.com.cn.png (3 bytes)
%Program Files%\iNetHelper\png\www.meilele.combeijing.png (2 bytes)
%Program Files%\iNetHelper\png\www.23wx.com.png (2 bytes)
%Program Files%\iNetHelper\png\www.verycd.com.png (3 bytes)
%Program Files%\iNetHelper\png\www.boc.cn.png (5 bytes)
%Program Files%\iNetHelper\png\www.xilu.com.png (2 bytes)
%Program Files%\iNetHelper\png\www.126.com.png (16 bytes)
%Program Files%\iNetHelper\png\www.wasu.cn.png (2 bytes)
%Program Files%\iNetHelper\png\zdface.com.png (1 bytes)
%Program Files%\iNetHelper\png\www.4399.com.png (5 bytes)
%Program Files%\iNetHelper\png\www.56.com.png (2 bytes)
%Program Files%\iNetHelper\png\ent.qq.com.png (2 bytes)
%Program Files%\iNetHelper\png\bj.meituan.com.png (3 bytes)
%Program Files%\iNetHelper\png\page.renren.com.png (5 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Ã¤Â¸Å Ã§Â½â€˜Ã¥Å Â©Ã¦â€°â€¹\Ã¦â€”Â¥Ã¥Â¿â€”Ã¦ÂÂÃ¥Ââ€“Ã¥Â·Â¥Ã¥â€¦Â·.lnk (657 bytes)
%Program Files%\iNetHelper\png\www.suning.com.png (3 bytes)
%Program Files%\iNetHelper\png\www.gq.com.cn.png (4 bytes)
%Program Files%\iNetHelper\png\t.haosou.com.png (3 bytes)
%Program Files%\iNetHelper\png\www.ly.com.png (5 bytes)
%Program Files%\iNetHelper\Image\refreshspot.png (18 bytes)
%Program Files%\iNetHelper\png\house.focus.cn.png (4 bytes)
%Program Files%\iNetHelper\png\china.com.png (1 bytes)
%Program Files%\iNetHelper\uniucore.dll (8431 bytes)
%Program Files%\iNetHelper\png\gmw.cn.png (1 bytes)
%Program Files%\iNetHelper\weather\1.png (3 bytes)
%Program Files%\iNetHelper\png\sina.com.cn.png (4 bytes)
%Program Files%\iNetHelper\png\www.bendibao.comindex.htm.png (2 bytes)
%Program Files%\iNetHelper\png\kuwo.cn.png (3 bytes)
%Program Files%\iNetHelper\weather\24.png (3 bytes)
%System%\drivers\KisSaasknl.sys (601 bytes)
%Program Files%\iNetHelper\png\www.kaixin001.com.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\inethelper\~d9d88\install_res\64.png (1 bytes)
%Program Files%\iNetHelper\microsoft.vc80.crt.manifest (1 bytes)
%Program Files%\iNetHelper\weather\31.png (3 bytes)
%Program Files%\iNetHelper\png\www.yougou.com.png (3 bytes)
%Program Files%\iNetHelper\png\www.meilele.com.png (2 bytes)
%Program Files%\iNetHelper\png\www.google.cn.png (1 bytes)
%Program Files%\iNetHelper\png\www.mop.com.png (6 bytes)
%Program Files%\iNetHelper\weather\26.png (3 bytes)
%Program Files%\iNetHelper\LogPicker.exe (3746 bytes)
%Program Files%\iNetHelper\png\www.douban.com.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\inethelper\~d9d88\install_res\20.png (692 bytes)
%Program Files%\iNetHelper\png\mini.eastday.com.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\inethelper\~d9d88\install_res\100.bmp (2 bytes)
%Program Files%\iNetHelper\png\ent.hunantv.com.png (2 bytes)
%Program Files%\iNetHelper\png\yinyuetai.com.png (4 bytes)
%Program Files%\iNetHelper\png\www.alipay.com.png (3 bytes)
%Program Files%\iNetHelper\png\www.tiexue.net.png (5 bytes)
%Program Files%\iNetHelper\png\www.zhihu.com.png (2 bytes)
%Program Files%\iNetHelper\SelfProtect.sys (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\inethelper\~d9d88\install_res\32.png (19 bytes)
%Program Files%\iNetHelper\png\china.findlaw.cn.png (2 bytes)
%Program Files%\iNetHelper\png\www.taoche.com.png (4 bytes)
%Program Files%\iNetHelper\png\amazon.com.png (2 bytes)
%Program Files%\iNetHelper\png\news.youth.cn.png (4 bytes)
%Program Files%\iNetHelper\png\yjbys.com.png (1 bytes)
%Program Files%\iNetHelper\360InI.dll (19956 bytes)
%Program Files%\iNetHelper\png\hunantv.com.png (4 bytes)
%Program Files%\iNetHelper\png\www.ichunqiu.com.png (3 bytes)
%Program Files%\iNetHelper\png\www.99.com.cn.png (3 bytes)
%Documents and Settings%\All Users\Application Data\iNetHelper\KCLT\public_duba.inf (200 bytes)
%Program Files%\iNetHelper\png\sports.qq.com.png (1 bytes)
%Program Files%\iNetHelper\png\scholar.google.com.png (1 bytes)
%Program Files%\iNetHelper\png\www.southcn.com.png (4 bytes)
%Program Files%\iNetHelper\png\www.39yst.com.png (3 bytes)
%Program Files%\iNetHelper\png\www.qunar.com.png (3 bytes)
%Program Files%\iNetHelper\png\www.10010.com.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\inethelper\~d9d88\install_res\69.png (178 bytes)
%Program Files%\iNetHelper\png\v.ifeng.com.png (1 bytes)
%Program Files%\iNetHelper\png\www.duowan.com.png (4 bytes)
%Program Files%\iNetHelper\png\www.9ku.com.png (2 bytes)
%Program Files%\iNetHelper\png\www.111.com.cn.png (3 bytes)
%Program Files%\iNetHelper\png\csdn.net.png (1 bytes)
%Program Files%\iNetHelper\png\www.360.com.png (3 bytes)
%Program Files%\iNetHelper\png\www.zongheng.com.png (4 bytes)
%Program Files%\iNetHelper\png\www.yxdown.com.png (3 bytes)
%Program Files%\iNetHelper\png\www.huoche.net.png (3 bytes)
%Program Files%\iNetHelper\png\www.bookbao.com.png (3 bytes)
%Program Files%\iNetHelper\png\t.sohu.com.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\inethelper\~d9d88\clear_i.xml (94 bytes)
%Program Files%\iNetHelper\png\www.bendibao.com.png (2 bytes)
%Program Files%\iNetHelper\weather\28.png (3 bytes)
%Program Files%\iNetHelper\png\www.lu.com.png (3 bytes)
%Program Files%\iNetHelper\png\blog.sina.com.cn.png (4 bytes)
%Program Files%\iNetHelper\Image\more.png (2 bytes)
%Program Files%\iNetHelper\png\www.pc6.com.png (2 bytes)
%Program Files%\iNetHelper\png\auto.163.com.png (2 bytes)
%Program Files%\iNetHelper\png\www.hjenglish.com.png (3 bytes)
%Program Files%\iNetHelper\png\www.howbuy.com.png (1 bytes)
%Program Files%\iNetHelper\png\www.xdf.cn.png (4 bytes)
%Program Files%\iNetHelper\png\mydown.yesky.com.png (3 bytes)
%Program Files%\iNetHelper\png\www.zhaopin.com.png (5 bytes)
%Program Files%\iNetHelper\KisWebAceDownloader.dll (2010 bytes)
%Program Files%\iNetHelper\png\qq.com.png (2 bytes)
%Program Files%\iNetHelper\png\www.lvmama.com.png (4 bytes)
%Program Files%\iNetHelper\png\dl.pconline.com.cn.png (5 bytes)
%Program Files%\iNetHelper\png\www.amazon.cn.png (3 bytes)
%Program Files%\iNetHelper\png\www.lecai.com.png (2 bytes)
%Program Files%\iNetHelper\png\dahe.cn.png (5 bytes)
%Program Files%\iNetHelper\png\www.hupu.com.png (5 bytes)
%Program Files%\iNetHelper\png\www.douguo.com.png (4 bytes)
%Program Files%\iNetHelper\png\www.1ting.com.png (3 bytes)
%Program Files%\iNetHelper\png\gb.cri.cn.png (2 bytes)
%Program Files%\iNetHelper\png\edushi.com.png (2 bytes)
%Program Files%\iNetHelper\png\www.28.com.png (3 bytes)
%Program Files%\iNetHelper\png\www.chinanews.com.png (2 bytes)
%Program Files%\iNetHelper\png\people.com.cn.png (2 bytes)
%Program Files%\iNetHelper\png\meituan.com.png (4 bytes)
%Program Files%\iNetHelper\reupdate.dat (1611 bytes)
%Program Files%\iNetHelper\KisDeskBand.dll (4820 bytes)
%Program Files%\iNetHelper\png\yangtse.com.png (2 bytes)
%Program Files%\iNetHelper\png\www.19lou.com.png (3 bytes)
%Program Files%\iNetHelper\png\www.baihe.com.png (3 bytes)
%Program Files%\iNetHelper\png\www.kuaidi100.com.png (4 bytes)
%Program Files%\iNetHelper\png\178.com.png (2 bytes)
%Program Files%\iNetHelper\png\www.xinjunshi.com.png (5 bytes)
%Program Files%\iNetHelper\png\elong.com.png (2 bytes)
%Program Files%\iNetHelper\png\www.yhd.com.png (3 bytes)
%Program Files%\iNetHelper\weather\16.png (3 bytes)
%Program Files%\iNetHelper\SelfProtect64.sys (80 bytes)
%Program Files%\iNetHelper\clear.xml (90 bytes)
%Program Files%\iNetHelper\png\china.nba.com.png (2 bytes)
%Program Files%\iNetHelper\png\10jqka.com.cn.png (2 bytes)
%Program Files%\iNetHelper\png\bj.58.com.png (2 bytes)
%Program Files%\iNetHelper\classes.dat (371 bytes)
%Program Files%\iNetHelper\png\www.mogujie.com.png (5 bytes)
%Program Files%\iNetHelper\png\familydoctor.com.cn.png (1 bytes)
%Program Files%\iNetHelper\BrowersFacade.exe (9321 bytes)
%Program Files%\iNetHelper\KisIEProtecter64.dll (2686 bytes)
%Program Files%\iNetHelper\png\www.tmall.com.png (3 bytes)
%Program Files%\iNetHelper\png\lottery.gov.cn.png (5 bytes)
%Program Files%\iNetHelper\png\amazon.cn.png (3 bytes)
%Program Files%\iNetHelper\png\jiankang.163.com.png (5 bytes)
%Program Files%\iNetHelper\png\life.yxlady.com.png (2 bytes)
%Program Files%\iNetHelper\png\www.hexun.com.png (3 bytes)
%Documents and Settings%\All Users\Application Data\iNetHelper\KCLT\iNetHelper\public_duba.inf (200 bytes)
%Program Files%\iNetHelper\KisUrlTimer.dll (7381 bytes)
%Program Files%\iNetHelper\png\taihainet.com.png (3 bytes)
%Program Files%\iNetHelper\png\fudan.edu.cnindex.html.png (5 bytes)
%Program Files%\iNetHelper\png\china.cnr.cn.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\inethelper\~d9d88\install_res\68.png (120 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Ã¤Â¸Å Ã§Â½â€˜Ã¥Å Â©Ã¦â€°â€¹\Ã¥ÂÂ¸Ã¨Â½Â½Ã¤Â¸Å Ã§Â½â€˜Ã¥Å Â©Ã¦â€°â€¹.lnk (640 bytes)
%Program Files%\iNetHelper\png\www.pchouse.com.cn.png (2 bytes)
%Program Files%\iNetHelper\png\news.sina.com.cn.png (3 bytes)
%Program Files%\iNetHelper\websugesstion.ini (314 bytes)
%Program Files%\iNetHelper\png\chinaz.com.png (5 bytes)
%Program Files%\iNetHelper\png\www.ifeng.com.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\inethelper\inethelpersetup.log (25052 bytes)
%Program Files%\iNetHelper\png\www.meishichina.com.png (4 bytes)
%Program Files%\iNetHelper\png\mail.263.net.png (4 bytes)
%Program Files%\iNetHelper\png\nuomi.com.png (4 bytes)
%Program Files%\iNetHelper\png\product.cnmo.com.png (2 bytes)
%Program Files%\iNetHelper\png\www.qq.com.png (2 bytes)
%Program Files%\iNetHelper\png\tv.sohu.com.png (5 bytes)
%Program Files%\iNetHelper\png\www.china.com.cn.png (3 bytes)
%Program Files%\iNetHelper\png\kankan.com.png (2 bytes)
%Program Files%\iNetHelper\png\soft.hao123.com.png (4 bytes)
%Program Files%\iNetHelper\png\zhidao.baidu.com.png (1 bytes)
%Program Files%\iNetHelper\png\www.yesky.com.png (3 bytes)
%Program Files%\iNetHelper\weather\5.png (3 bytes)
%Program Files%\iNetHelper\Image\more360.png (3 bytes)
%Program Files%\iNetHelper\png\finance.sina.com.cn.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\inethelper\~d9d88\install_res\19.png (235 bytes)
%Program Files%\iNetHelper\png\www.liuxue86.com.png (3 bytes)
%Program Files%\iNetHelper\png\wenming.cn.png (2 bytes)
%Program Files%\iNetHelper\png\www.78.cn.png (3 bytes)
%System%\drivers\SelfProtect64.sys (44 bytes)
%Program Files%\iNetHelper\png\business.sohu.com.png (5 bytes)
%Program Files%\iNetHelper\weather\18.png (3 bytes)
%Program Files%\iNetHelper\png\591hx.com.png (2 bytes)
%Program Files%\iNetHelper\KisGuardian64.exe (7334 bytes)
%Program Files%\iNetHelper\png\www.1688.com.png (2 bytes)
%Program Files%\iNetHelper\KisInfoc.dll (507 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\inethelper\~d9d88\install_res\31.png (18 bytes)
%Program Files%\iNetHelper\png\open.weibo.com.png (4 bytes)
%Program Files%\iNetHelper\png\58.com.png (2 bytes)
%Program Files%\iNetHelper\png\beijing.anjuke.com.png (3 bytes)
%Program Files%\iNetHelper\png\xunlei.com.png (3 bytes)
%Program Files%\iNetHelper\png\weibo.com.png (4 bytes)
%Program Files%\iNetHelper\png\you.ctrip.com.png (3 bytes)
%Program Files%\iNetHelper\BrowersFacadeDll.dll (8346 bytes)
%Program Files%\iNetHelper\png\www.sina.com.cn.png (4 bytes)
%Program Files%\iNetHelper\png\www.hao123.com.png (1 bytes)
%Program Files%\iNetHelper\png\www.jjwxc.net.png (2 bytes)
%Program Files%\iNetHelper\png\e23.cn.png (3 bytes)
%Program Files%\iNetHelper\weather\12.png (3 bytes)
%Program Files%\iNetHelper\png\cyol.com.png (2 bytes)
%Program Files%\iNetHelper\png\dzwww.com.png (3 bytes)
%Program Files%\iNetHelper\png\hiapk.com.png (3 bytes)
%Program Files%\iNetHelper\png\www.7k7k.com.png (2 bytes)
%Program Files%\iNetHelper\png\www.yy.com.png (3 bytes)
%Program Files%\iNetHelper\png\www.jiayuan.com.png (4 bytes)
%Program Files%\iNetHelper\png\www.yxlady.com.png (3 bytes)
%Program Files%\iNetHelper\KisLogger.dll (37 bytes)
%Program Files%\iNetHelper\weather\21.png (3 bytes)
%Program Files%\iNetHelper\png\huanqiu.com.png (2 bytes)
%Program Files%\iNetHelper\png\www.39.net.png (2 bytes)
%Program Files%\iNetHelper\png\games.sina.com.cn.png (2 bytes)
%Program Files%\iNetHelper\png\flight.qunar.com.png (3 bytes)
%Program Files%\iNetHelper\weather\25.png (3 bytes)
%Program Files%\iNetHelper\png\news.nen.com.cn.png (3 bytes)
%Program Files%\iNetHelper\png\jschina.com.cn.png (3 bytes)
%Program Files%\iNetHelper\png\www.iqiyi.com.png (3 bytes)
%Program Files%\iNetHelper\png\www.pptv.com.png (1 bytes)
%Program Files%\iNetHelper\png\book.douban.com.png (2 bytes)
%Program Files%\iNetHelper\KisService.exe (1262 bytes)
%Program Files%\iNetHelper\png\www.jrj.com.cn.png (3 bytes)
%Program Files%\iNetHelper\png\baofeng.com.png (3 bytes)
%Program Files%\iNetHelper\png\auto.sina.com.cn.png (2 bytes)
%Program Files%\iNetHelper\png\iask.sina.com.cn.png (2 bytes)
%Program Files%\iNetHelper\png\www.youku.com.png (3 bytes)
%Program Files%\iNetHelper\png\51job.com.png (3 bytes)
%Program Files%\iNetHelper\png\www.cmbchina.com.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\inethelper\~d9d88\install_res\67.png (1 bytes)
%Program Files%\iNetHelper\png\www.vogue.com.cn.png (3 bytes)
%Program Files%\iNetHelper\png\rednet.cn.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\inethelper\~d9d88\install_res (4 bytes)
%Program Files%\iNetHelper\png\www.gome.com.cn.png (4 bytes)
%Program Files%\iNetHelper\png\www.cnfol.com.png (2 bytes)
%Program Files%\iNetHelper\png\www.meipai.com.png (3 bytes)
%Program Files%\iNetHelper\Image\trash.png (19 bytes)
%Program Files%\iNetHelper\png\www.52pk.com.png (2 bytes)
%Program Files%\iNetHelper\png\microsoft.com.png (2 bytes)
%Program Files%\iNetHelper\png\dict.cn.png (3 bytes)
%Program Files%\iNetHelper\png\www.youth.cn.png (4 bytes)
%Program Files%\iNetHelper\png\www.letv.com.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\inethelper\~d9d88\install_res\200.bmp (2 bytes)
%Program Files%\iNetHelper\png\www.miercn.com.png (4 bytes)
%Program Files%\iNetHelper\KisController.dll (3139 bytes)
%Program Files%\iNetHelper\weather\15.png (3 bytes)
%Program Files%\iNetHelper\weather\27.png (3 bytes)
%Program Files%\iNetHelper\png\www.rong360.com.png (3 bytes)
%Program Files%\iNetHelper\weather\11.png (3 bytes)
%Program Files%\iNetHelper\png\www.yirendai.com.png (4 bytes)
%Program Files%\iNetHelper\png\www.guazi.com.png (4 bytes)
%Program Files%\iNetHelper\png\stockstar.com.png (2 bytes)
%Program Files%\iNetHelper\png\news.hexun.com.png (2 bytes)
%Program Files%\iNetHelper\png\fashion.ifeng.com.png (1 bytes)
%Program Files%\iNetHelper\png\yaolan.com.png (1 bytes)
%Program Files%\iNetHelper\png\www.xgo.com.cn.png (2 bytes)
%Program Files%\iNetHelper\png\sports.163.com.png (2 bytes)
%Program Files%\iNetHelper\weather\13.png (3 bytes)
%Program Files%\iNetHelper\png\www.askci.com.png (2 bytes)
%Program Files%\iNetHelper\png\www.adobe.com.png (2 bytes)
%Program Files%\iNetHelper\png\news.sohu.com.png (5 bytes)
%Program Files%\iNetHelper\png\www.2144.cn.png (3 bytes)
%Program Files%\iNetHelper\weather\2.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\inethelper\~d9d88\install_res\65.png (466 bytes)
%Program Files%\iNetHelper\png\www.69xiu.com.png (2 bytes)
%Program Files%\iNetHelper\png\beijing.baixing.com.png (2 bytes)
%Program Files%\iNetHelper\uninst.exe (8017 bytes)
%Program Files%\iNetHelper\png\jumei.com.png (4 bytes)
%Program Files%\iNetHelper\png\www.pchome.net.png (3 bytes)
%Program Files%\iNetHelper\png\www.dangdang.com.png (4 bytes)
%Program Files%\iNetHelper\png\www.autohome.com.cn.png (4 bytes)
%Program Files%\iNetHelper\png\www.iciba.com.png (2 bytes)
%Program Files%\iNetHelper\weather\7.png (3 bytes)
%Program Files%\iNetHelper\png\v.ku6.com.png (3 bytes)
%Program Files%\iNetHelper\KisCommon.dll (605 bytes)
%Program Files%\iNetHelper\png\www.liepin.com.png (2 bytes)
%Program Files%\iNetHelper\png\enorth.com.cn.png (3 bytes)
%Program Files%\iNetHelper\png\www.hongxiu.com.png (4 bytes)
%Program Files%\iNetHelper\SelfProtect.dat (21 bytes)
%Program Files%\iNetHelper\KisServiceTask.dll (514 bytes)
%Program Files%\iNetHelper\png\bbs.tianya.cn.png (5 bytes)
%Program Files%\iNetHelper\png\www.17173.com.png (4 bytes)
%Program Files%\iNetHelper\png\www.gucheng.com.png (2 bytes)
%Program Files%\iNetHelper\png\tv.cntv.cn.png (3 bytes)
%Program Files%\iNetHelper\png\www.chinadaily.com.cn.png (1 bytes)
%Program Files%\iNetHelper\png\blog.163.com.png (2 bytes)
%Program Files%\iNetHelper\weather\30.png (3 bytes)
%Program Files%\iNetHelper\png\21cn.com.png (4 bytes)
%Program Files%\iNetHelper\png\car.bitauto.com.png (4 bytes)
%Program Files%\iNetHelper\png\www.ctrip.com.png (3 bytes)
%Program Files%\iNetHelper\png\mt.sohu.com.png (5 bytes)
%Program Files%\iNetHelper\png\www.2345.com.png (6 bytes)
%Program Files%\iNetHelper\png\www.woxiu.com.png (4 bytes)
%Program Files%\iNetHelper\png\news.163.com.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\inethelper\~d9d88\product.xml (219 bytes)
%Program Files%\iNetHelper\png\www.aipai.com.png (3 bytes)
%Program Files%\iNetHelper\install.xml (2 bytes)
%Program Files%\iNetHelper\png\baike.1688.com.png (2 bytes)
%Program Files%\iNetHelper\png\www.hujiang.com.png (3 bytes)
%Program Files%\iNetHelper\png\bj.nuomi.com.png (2 bytes)
%Program Files%\iNetHelper\png\www.eastmoney.com.png (4 bytes)
%Program Files%\iNetHelper\png\exam8.com.png (4 bytes)
%Program Files%\iNetHelper\weather\20.png (3 bytes)
%Program Files%\iNetHelper\desktop.ini (57 bytes)
%Program Files%\iNetHelper\png\onlinedown.net.png (2 bytes)
%Program Files%\iNetHelper\KisSkin.dll (2650 bytes)
%Program Files%\iNetHelper\png\www.tuniu.com.png (4 bytes)
%Program Files%\iNetHelper\KisService.dat (69 bytes)
%Program Files%\iNetHelper\msvcr80.dll (7908 bytes)
%Program Files%\iNetHelper\png\www.mipang.com.png (3 bytes)
%Program Files%\iNetHelper\png\www.163.com.png (5 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\inethelper\~d9d88\install_res\200.bmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\inethelper\~d9d88\install_res\64.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\inethelper\~d9d88\install_res\67.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\inethelper\~d9d88\install_res\66.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\inethelper\~d9d88\install_res\72.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\inethelper\~d9d88\install_res\63.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\inethelper\~d9d88\install_res\201.bmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\inethelper\~d9d88\install_res\71.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\inethelper\~d9d88\install_res\19.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\inethelper\~d9d88\install_res (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\inethelper\~d9d88 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\inethelper\~d9d88\install_res\69.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\inethelper\~d9d88\install_res\68.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\inethelper\~d9d88\install_res\109.bmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\inethelper\~d9d88\install_res\20.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\inethelper\~d9d88\install_res\32.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\inethelper\~d9d88\clear_i.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\inethelper\~d9d88\install_res\31.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\inethelper\~d9d88\install_res\65.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\inethelper\~d9d88\install_res\100.bmp (0 bytes)

The process %original file name%.exe:1156 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nso3.tmp\5590b2ab_1202000454.exe (1430831 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz2.tmp (11952 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nso3.tmp\1332280.exe (18665 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nso3.tmp\System.dll (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nso3.tmp\25.tmp (51672 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nso3.tmp\24.tmp (615524 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nso3.tmp\kinst_168_38.exe (9483 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nso3.tmp\2.gif (5064 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nso3.tmp\V8._85296_20150814221218.exe (40581 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nso3.tmp\iNetHelper_300002.exe (58447 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nso3.tmp\21.tmp (385674 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nso3.tmp\Base64.dll (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nso3.tmp\ZipDLL.dll (6360 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nso3.tmp\NSISdl.dll (14 bytes)

The Trojan deletes the following file(s):

%Program Files%\Tencent\QQBrowser\uninst.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsj1.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nso3.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nso3.tmp\lxsaju.exe (0 bytes)

The process QQBrowserOTA.exe:2464 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nscF.tmp (15764 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ProblemFix\QQBrowserFix.exe (13368 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nss10.tmp\InstallHelper.dll (6584 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ProblemFix\FixItems.xml (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ProblemFix\QQBrowserFix.wsf (324 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nss10.tmp\System.dll (11 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nss10.tmp\System.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsxD.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nss10.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nss10.tmp\InstallHelper.dll (0 bytes)

The process QQBrowserOTA.exe:3668 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Program Files%\Tencent\QQMail\TXGYMailActiveX_2.dll (10517 bytes)
%Program Files%\Tencent\QQMail\TXGYMailCamera_2.dll (13224 bytes)
%Program Files%\Tencent\QQMail\TXFTNActiveX_2.dll (13880 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsg18.tmp (0 bytes)

The process QQBrowserOTA.exe:2452 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsxC.tmp (75954 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nscE.tmp\InstallHelper.dll (6584 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\SSO\SSOCommon.dll (41699 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nscE.tmp\System.dll (11 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\SSO\SSOPlatform.dll (48241 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nshB.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nscE.tmp\InstallHelper.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nscE.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nscE.tmp\System.dll (0 bytes)

The process kinst_168_38.exe:804 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\duba_u29778285_sv1_3_68.exe (3022095 bytes)

The process BrowersFacade.exe:3060 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Application Data\kingsoft\Kisaas\Facade-journal (816 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Application Data\kingsoft\Kisaas\Facade-journal (0 bytes)

The process QQBrowser.exe:1860 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\quicklink_recommendcelltag.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\private.html (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\history\history2.js (21 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{6C1AE4FB-CABB-4509-9394-6CF047DA5B1A}\qrx1F.tmp.qbl (50058 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\account_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\app\images\uninstallBtn.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\app\images\qblogo.png (868 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\skin_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\lib\jquery.mCustomScrollbar.css (9 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manifest.json (211 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\history\css\history.css (8 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\skin\skin_mask.png (923 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\images\searchlogo_24_soso.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{66AC5389-365D-4B55-BF5C-5A2A4BC21CCD}\qrx1E.tmp.qbl (88899 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\sidebar\phone.png (16 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\account.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\images\Private-icon.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\favicon\index.html#account.ico (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\skin\skin_selected_blank_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\app\images\wifi_dialog_continue_btn.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{8A24087F-391C-4695-B60C-56BE31AF1ECC}\8.0.0.3\QQPCDetector.dll (1852 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{66AC5389-365D-4B55-BF5C-5A2A4BC21CCD}\8.0.0.44\wechat.ico (137 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\history.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\css\ycalendar.css (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\skin.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\arrowdown_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\unlock.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\index.html (17 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\skin\skin_selected_white.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\unlock_hover_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\history\img\search.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\history\img\checkbox.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\skin\theme_ie.png (15 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\images\searchlogo_24_bing.png (442 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\app\images\default-icon.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\arrowdown.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\skin\addressbar_blank.png (5 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\skin\picker_floor_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\css\style.css (5 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\8.0.0.131\manifest.json (269 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\favicon\index.html#skin.ico (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\history\img\del.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{8A24087F-391C-4695-B60C-56BE31AF1ECC}\8.0.0.3\image\infobar_close_normal.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\default.ico (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\account\down.png (971 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\sidebar\dock_game.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\images\small.png (2 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\js\business.js (8 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\skin\theme.png (25 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\app\images\wifi_dialog_close_btn.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\event\ext.png (13 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\quicklink_toast_unlocked.png (2 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\delete_active_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\js\api.js (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{6C1AE4FB-CABB-4509-9394-6CF047DA5B1A}\8.0.0.4\manifest.json (256 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\lib\jquery.mCustomScrollbar.concat.min.js (37 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\account\up.png (971 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\quicklink_toast_locked.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\app\images\large_installed_arrow.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\skin\addressbar_white.png (5 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\skin\text_light.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\images\icon_not_recommended.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{8A24087F-391C-4695-B60C-56BE31AF1ECC}\8.0.0.3\js\base.js (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\history\img\down.png (960 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\images\icon_suggested_action.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\history\img\atbk1.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Scope\1596\History\History.IE5\desktop.ini (159 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\history\img\atbk2.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\app\sliderman.1.3.7.js (19 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\sidebar\arrow_expand.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\sidebar\dock_video.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\app\images\warn-dialog-close.png (295 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\8.0.0.131\QBSafe.dll (1782 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\lock_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\skin\tab_bg_blank.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\quicklink_newcelltag_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{66AC5389-365D-4B55-BF5C-5A2A4BC21CCD}\8.0.0.44\NetService.dll (3724 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\css\style.css (11 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\skin_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\quicklink_newcelltag.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\js\api.js (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\close.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{8A24087F-391C-4695-B60C-56BE31AF1ECC}\8.0.0.3\image\infobar_close_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\index.html (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\js\business.js (9 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\small.html (2 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\qrx16.tmp.qbl (100555 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\delete_hover_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Scope\1596\History\desktop.ini (159 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\history\img\up-down.png (999 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\lib\jquery.min.js (92 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\unlock_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\app\images\loading.gif (5 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\quicklink_recommendcelltag_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\unlock_active_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\js\init.js (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\event\bg.png (49 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\skin\picker_floor.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\sidebar\dock_phone.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\skin\tab_bg_white.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\images\bkg.gif (22 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\app\images\wifi_dialog_cancel_btn.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\app.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\skin\picker_ceil.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\delete.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\delete_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\js\global.js (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\app\app.js (17 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\lib\template.js (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\js\init.js (8 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\lock_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\manifest.json (5 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\js\sidebar.js (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\account_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\error.html (7 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\favicon\index.html#history.ico (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\images\searchlogo_24_sogou.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\app\images\installed_arrow.png (176 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\lib\ycalendar.js (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\sidebar\qb-flag.png (989 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\app_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\lock_active_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\arrowdown_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\sidebar\dock_qq.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{8A24087F-391C-4695-B60C-56BE31AF1ECC}\8.0.0.3\css\base.css (2 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\delete_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\favicon\index.html#app.ico (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\js\tool.js (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\lock_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\app\css\app.css (9 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\images\pixel.gif (43 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\lock_hover_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\images\searchlogo_24_baidu.png (870 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\app\images\plugin1.png (11 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\history_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\images\searchlogo_24_google.png (919 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\skin\skin_selected_white_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\unlock_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{8A24087F-391C-4695-B60C-56BE31AF1ECC}\8.0.0.3\manifest.json (665 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\history\img\del2.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\lock.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\sidebar\arrow_fold.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\qrx12.tmp.qbl (64977 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\history\img\closeBtnSearchbar.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{8A24087F-391C-4695-B60C-56BE31AF1ECC}\8.0.0.3\inforBar.html (800 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\lib\jquery.easing.js (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{8A24087F-391C-4695-B60C-56BE31AF1ECC}\8.0.0.3\image\infobar_close_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\searchbar_searchengine_arrow.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\history_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\unlock_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\app_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\sidebar\dock_live.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\certerror.html (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\js\global.js (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\images\hse.png (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\skin\picker_ceil_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\skin\skin_selected_blank.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{6C1AE4FB-CABB-4509-9394-6CF047DA5B1A}\8.0.0.4\LoadFixQB.dll (80 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{6C1AE4FB-CABB-4509-9394-6CF047DA5B1A}\8.0.0.4\QBFixerForGJ.exe (301 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\delete_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\arrowdown_hover_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{8A24087F-391C-4695-B60C-56BE31AF1ECC}\qrx1D.tmp.qbl (92544 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{8A24087F-391C-4695-B60C-56BE31AF1ECC}\8.0.0.3\PCMgrInstaller.dll (208 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\js\search.js (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\images\search_btn.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\app\images\small_installed_arrow.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\images\shadow-bottom.png (2 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\css\sidebar.css (2 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{66AC5389-365D-4B55-BF5C-5A2A4BC21CCD}\8.0.0.44\manifest.json (270 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\app\images\plugin3.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\app\images\plugin2.png (6 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\app\images\site_text.png (5 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{8A24087F-391C-4695-B60C-56BE31AF1ECC}\qrx1D.tmp (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{6C1AE4FB-CABB-4509-9394-6CF047DA5B1A}\qrx1F.tmp (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{66AC5389-365D-4B55-BF5C-5A2A4BC21CCD}\qrx1E.tmp (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\qrx12.tmp (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\qrx16.tmp (0 bytes)

The process QQBrowser.exe:3952 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\dr_packet.dat (58 bytes)

The process QQBrowser.exe:1604 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\dr_packet.dat (392 bytes)

The process QQBrowser.exe:1288 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\favicon[1].ico (1049 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@www.sogou[1].txt (162 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\masterconn.qq[1] (246 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\masterconn.qq[1] (246 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@sogou[1].txt (124 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (3856 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@sogou[2].txt (1139 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\masterconn.qq[1] (0 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012014041520140416 (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@sogou[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\masterconn.qq[1] (0 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012014041520140416\index.dat (0 bytes)

The process QQBrowser.exe:928 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Skin\001-Cool Air.gt (252503 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Skin\LightStripes.gt (601 bytes)

The process QQBrowser.exe:2036 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\dr_packet.dat (328 bytes)

The process QQBrowser.exe:1596 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\OnlineSetup\QQMail\ini13.tmp.qbl (355 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Adblock\whitelist.ze (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nso3.tmp\act\newyear_normal.png (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ClientUpdate\cli26.tmp.qbl (143 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\compat.xml (39 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Adblock\easylist.ze (1666 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ClientUpdate\cli23.tmp.qbl (80 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ClientUpdate\cli28.tmp.qbl (58 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\OnlineSetup\sso\QQBrowserOTA.exe (7386 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ClientUpdate\cli17.tmp.qbl (701 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ClientUpdate\cli15.tmp.qbl (592 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ClientUpdate\cli21.tmp.qbl (1299 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\OnlineSetup\sso\ini9.tmp.qbl (355 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ClientUpdate\cli27.tmp.qbl (39 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\{1FA837CE-5D4C-4eaf-9341-6B367D2140D4} (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nso3.tmp\act\act.xml (879 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@sogou[2].txt (459 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\DB\homepage.db (54 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\OnlineSetup\QQBrowserFix\QQBrowserFix.zip.qbl (67201 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\DB\favorite.db-journal (14062 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\DB\history.db-journal (15492 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\DB\favicons.db-journal (14062 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nso3.tmp\act\newyear_light.png (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ClientUpdate\cli22.tmp.qbl (126425 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_sJ6FhyXepjH73ms (66 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5 (933 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Video\vd.ini (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\OnlineSetup\sso\sso.zip.qbl (259937 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ClientUpdate\cli1A.tmp.qbl (18866 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\DB\history.db (3528 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ProblemFix\FixItems.xml (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Adblock\internallist.ze (48 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Adblock\mainlist.ze (41 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ClientUpdate\cli1C.tmp.qbl (11385 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ClientUpdate\cli19.tmp.qbl (27 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\{3349050F-829E-4bb2-AACF-03E3A6B68677} (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_hyHkVNwc0lDdDFJ (73 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\{BC4502A5-2152-423b-AB6B-1BD1999EA9BF} (592 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ProblemFix\QQBrowserFix.wsf (324 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@wap.sogou[1].txt (160 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\OnlineSetup\QQMail\QQMail.zip.qbl (136591 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\OnlineSetup\QQBrowserFix (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\OnlineSetup\QQMail\QQBrowserOTA.exe (1849 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\OnlineSetup\QQBrowserFix\iniA.tmp.qbl (355 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ClientUpdate\cli1B.tmp.qbl (1775 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5 (164 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@sogou[1].txt (1100 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\DB\favicons.db (1711 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ClientUpdate\cli11.tmp.qbl (34120 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\OnlineSetup\QZonePhoto\ini14.tmp.qbl (355 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\{BF11CA12-B353-45f1-9113-856FFA7CFC1C} (39 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Adblock\qblist.ze (79 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ClientUpdate\cli20.tmp.qbl (10569 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nso3.tmp\act\test.html (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\{E5CFCF92-CB3F-4de7-B511-78CD5C013AFC} (58 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\DB\favorite.db (599 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\{6970B802-2F13-4038-B620-33B0211D26A0} (601 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ClientUpdate\cli25.tmp.qbl (26376 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ClientUpdate\cli24.tmp.qbl (551 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (3952 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\DB\homepage.db-journal (2750 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\DB\history_push.db (107 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\{91977E3A-F255-4036-8B72-B07EA129C89A} (601 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Adblock\{43789A6F-8316-54A6-96D4-87874B9CC177} (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_bq41PmhksuvTqTt (540 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ClientUpdate\update.ini (666 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\OnlineSetup\QQBrowserFix\QQBrowserOTA.exe (313 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ClientUpdate\cli22.tmp (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\OnlineSetup\sso\QQBrowserOTA.exe (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\OnlineSetup\QQBrowserFix\QQBrowserFix.zip (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ClientUpdate\cli25.tmp (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\OnlineSetup\QQBrowserFix\QQBrowserOTA.exe (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ClientUpdate\cli1B.tmp (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@sogou[2].txt (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\OnlineSetup\QQBrowserFix\QQBrowserFix.zip.qbl (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\OnlineSetup\QQMail\QQMail.zip (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ClientUpdate\cli19.tmp (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\DB\favorite.db-journal (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\OnlineSetup\sso\ini9.tmp (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\DB\history.db-journal (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ClientUpdate\cli11.tmp (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\OnlineSetup\QZonePhoto\ini14.tmp (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\OnlineSetup\QQBrowserFix\iniA.tmp (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ClientUpdate\cli1C.tmp (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ClientUpdate\cli27.tmp (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\DB\favicons.db-journal (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\OnlineSetup\sso\sso.zip (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ClientUpdate\cli28.tmp (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ClientUpdate\cli26.tmp (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\OnlineSetup\sso\sso.zip.qbl (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ClientUpdate\cli23.tmp (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ClientUpdate\cli20.tmp (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\OnlineSetup\QQMail\QQMail.zip.qbl (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\OnlineSetup\QQMail\ini13.tmp (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\OnlineSetup\QQBrowserFix (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\OnlineSetup\QQMail\QQBrowserOTA.exe (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@sogou[1].txt (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\OnlineSetup\QQMail (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ClientUpdate\cli15.tmp (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ClientUpdate\cli17.tmp (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ClientUpdate\cli21.tmp (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ClientUpdate\cli24.tmp (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\DB\homepage.db-journal (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ClientUpdate\cli1A.tmp (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\OnlineSetup\sso (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\OnlineSetup\QZonePhoto (0 bytes)

The process QQBrowser.exe:1520 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%WinDir%\Tasks\QQBrowser Udpater Task(Core).job (280 bytes)
%WinDir%\Tasks\QQBrowser Udpater Task.job (276 bytes)

The process QQBrowser.exe:1108 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\QQBrowserLog\20160527_214424.etl (28 bytes)

The process QQBrowser.exe:1452 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Program Files%\Tencent\QQBrowser\QQBrowserConfig.dat (114 bytes)

The process QQBrowser.exe:3132 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\dr_packet.dat (244 bytes)

The process QQBrowser.exe:3988 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\dr_packet.dat (766 bytes)

The process QQBrowser.exe:1676 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Cookies\index.dat (3856 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@sogou[2].txt (307 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@sogou[1].txt (1133 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@www.sogou[2].txt (162 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Cookies\Current_User@sogou[1].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@sogou[2].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@www.sogou[1].txt (0 bytes)

The process QQBrowser.exe:1368 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ClientUpdate\cli4.tmp.qbl (11807 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ClientUpdate\cli6.tmp.qbl (1098 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ClientUpdate\update.ini (106 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ClientUpdate\cli7.tmp.qbl (194 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ClientUpdate\cli4.tmp (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ClientUpdate\cli7.tmp (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ClientUpdate\cli6.tmp (0 bytes)

The process QQBrowser.exe:220 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\dr_packet.dat (728 bytes)

The process V8._85296_20150814221218.exe:1252 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\small.html (2 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\images\installed_arrow.png (176 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\navi.ico (15 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin\theme.png (25 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\account\up.png (971 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1 (4 bytes)
%Program Files%\Tencent\QQBrowser\Infobar\js\base.js (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\Resource.dll (1365 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\lib\template.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\dr.dll (864 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\homepage\0\website\imgSearch.png (10 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\installed_arrow.png (176 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\Infobar\image\icon.png (487 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\homepage\0\website\sogou_web.png (5 bytes)
%Program Files%\Tencent\QQBrowser\dr.dll (601 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\delete_active_ie.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\js\search.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\image.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\Infobar\css\base.css (2 bytes)
%Program Files%\Tencent\QQBrowser\MouseGesture.dll (56 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\history\img\search.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\favicon\index.html#account.ico (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\js\inforBar.js (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\delete_active.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Microsoft.VC90.CRT\msvcr90.dll (4185 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\js\global.js (394 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\images\qblogo.png (868 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\history\img\del2.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\background.js (31 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\QRCode.dll (31 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\HomePage\index.ini (16 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\qblogo.png (868 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Extensions8\Temp\{44A126BF-51C2-48AD-A593-94B50071EB64}.qrx (39 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\8DFDF057024880D7A081AFBF6D26B92F (176 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\images\hse.png (4 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin\tab_bg_white.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\picker_floor_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\plugin3.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\js\init.js (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\Private-icon.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\DB\random.db (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\service\PerfTraceService.exe (2934 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\event\bg.png (28 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\default.ico (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\skin_mask.png (923 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\addressbar_blank.png (5 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\img\del2.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\images\searchlogo_24_sogou.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\app_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\plugin1.png (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\Infobar\image\security.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\js\api.js (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\QQBrowserSecurityCenter.exe (2015 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\warn-dialog-close.png (295 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\js\api.js (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\{CAA4306F-826C-4c1b-8FC6-571F84949DB4} (6 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\{3E9C7A5B-D249-4C28-A451-53E1024AD354} (2 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\lib\jquery.min.js (92 bytes)
%Program Files%\Tencent\QQBrowser\Html\images\searchlogo_24_soso.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\skin_selected_white_ie.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\js\global.js (394 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\certerror.html (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\sliderman.1.3.7.js (19 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\history2.js (21 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\loading.gif (5 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\InstModules\Microsoft.VC90.CRT\msvcp90.dll (3361 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\unlock_ie.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\account_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\css\style.css (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Extensions8\Temp\{C74EB4B8-B51A-4BF7-A213-E29859D69D83}.qrx (15 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\quicklink_toast_locked.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\lib\jquery.mCustomScrollbar.concat.min.js (37 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\delete.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\green.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\lock_hover.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Extensions8\Temp (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\index.html (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\reader.html (30 bytes)
%Program Files%\Tencent\QQBrowser\Infobar\image\infobar_offlineurl.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\Infobar\image\infobar_close_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\unlock_hover_ie.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\images\default-icon.png (1 bytes)
%Program Files%\Tencent\QQBrowser\QBExtensionFramework.dll (3361 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\Infobar\js\base.js (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\js\business.js (8 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\unlock_hover_ie.png (1 bytes)
%Program Files%\Tencent\QQBrowser\tssafeedit.dat (41 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\bkg.gif (22 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}.qrx (21 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\history_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\favicon\index.html#app.ico (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\accountInfoBar.html (794 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\unlock_active_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\small.html (2 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\lock.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Liveup\Temp\QQBrowserLiveup.exe (1425 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\history\img\atbk1.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\Infobar\inforBar.html (800 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\event\bg.png (28 bytes)
%Program Files%\Tencent\QQBrowser\Html\small.html (2 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\dock_game.png (3 bytes)
%Program Files%\Tencent\QQBrowser\Html\images\searchlogo_24_sogou.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\thumb\http___qzone.qq.com_.jpg (12 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\homepage\0\website\icon.fw.png (8 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\favicon (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\lib\jquery.easing.js (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\img\atbk1.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\license.txt (17 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin\tab_bg_blank.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Extensions8\Temp\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}.qrx (244 bytes)
%Program Files%\Tencent\QQBrowser\Html\images\searchlogo_24_baidu.png (870 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\DB\history.db (601 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\unlock_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\picker_ceil_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\delete_active.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\thumb\http___browser.qq.com_new_wechat1.0.html_type=1.jpg (10 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\favicon\index.html#history.ico (1 bytes)
%Program Files%\Tencent\QQBrowser\service\xperf.exe (2105 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin\picker_ceil.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\qblogo.png (868 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}_1\manifest.json (256 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\searchlogo_24_sogou.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\hse.png (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{5062F1C6-D76B-43c8-ADAE-D060662C6546}\extplayer.js (30 bytes)
%Program Files%\Tencent\QQBrowser\manifest.json (261 bytes)
%Program Files%\Tencent\QQBrowser\Html\lib\jquery.min.js (92 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\tab_bg_blank.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\account\up.png (971 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\quicklink_toast_unlocked.png (2 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\addressbar_blank.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\video\vd.ini (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\js\api.js (3 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\account.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Adblock\{43789A6F-8316-54A6-96D4-87874B9CC177} (5 bytes)
%Program Files%\Tencent\QQBrowser\Microsoft.VC90.CRT\msvcp90.dll (3361 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\lock_hover.png (1 bytes)
%Program Files%\Tencent\QQBrowser\navi.ico (15 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\skin_selected_white.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\Microsoft.VC90.CRT\msvcr90.dll (8224 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\skin_selected_white_ie.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\js\injectReader.js (19 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\db\random.db (10 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\js\global.js (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\images\hse.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\QQBrowser.exe (1661 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{44A126BF-51C2-48AD-A593-94B50071EB64}.qrx (39 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\yellow.png (626 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\dock_game.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Liveup\Temp\Microsoft.VC90.CRT\msvcp90.dll (3361 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\gray.png (501 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\blue.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\lock.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\app_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{A1D7EDF6-6151-4F2D-B39E-01D6FABE0325}.qrx (19 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{CD36E3DB-304A-48EF-A8A2-D873F608D2AE}.qrx (30 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\thumb\http___speed.qq.com_act_a20141103plan_.jpg (16 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\css\ycalendar.css (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manifest.json (197 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\history\img\checkbox.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\js\init.js (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\homepage\0\website\index.html (86 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\accountInfoBar.html (794 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\wifi_dialog_close_btn.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\dock_video.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\image\infobar_close_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\theme_ie.png (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\UserPinnedTemp\QQÃ¦ÂµÂÃ¨Â§Ë†Ã¥â„¢Â¨.lnk (2 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\app_active.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\{3349050F-829E-4bb2-AACF-03E3A6B68677} (5 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Thumb\http___s.click.taobao.com_khr1bAy.jpg (9 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\quicklink_newcelltag_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\arrowdown_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\dock_video_hover.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\pink.png (716 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\history_hover.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\Downloader.dll (4010 bytes)
%Program Files%\Tencent\QQBrowser\Html\lib\jquery.mCustomScrollbar.css (9 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\8DFDF057024880D7A081AFBF6D26B92F (533 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\images\plugin3.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\error.html (7 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\QQÃ¦ÂµÂÃ¨Â§Ë†Ã¥â„¢Â¨.lnk (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\app.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\lock_active.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\favicon\index.html#account.ico (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\history_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\loading.gif (5 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\uninstallBtn.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\js\search.js (1 bytes)
%Program Files%\Tencent\QQBrowser\Infobar\inforBar.html (800 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\dock_game_hover.png (3 bytes)
%Program Files%\Tencent\QQBrowser\QQBrowser.exe (601 bytes)
%Program Files%\Tencent\QQBrowser\QRCode.dll (31 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\quicklink_newcelltag.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\picker_ceil.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\img (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\favicon\index.html#skin.ico (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\DB\homepage.db (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\js\search.js (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\history_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\account_active.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\CustomerJoinPlan.txt (2 bytes)
%Program Files%\Tencent\QQBrowser\Html\error.html (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\QQBrowserFrame.dll (13493 bytes)
%Program Files%\Tencent\QQBrowser\service\perfctrl.dll (1281 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{ACC06D2A-2285-4ed9-B4E4-0F3198501410}.qrx (12 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\quicklink_recommendcelltag_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\unlock_ie.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Dialogs.dll (7385 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\plugin2.png (6 bytes)
%Program Files%\Tencent\QQBrowser\service\7z.exe (673 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\history\img\del.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\index.html (17 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Extensions8\{5062F1C6-D76B-43c8-ADAE-D060662C6546}\extplayer.js (30 bytes)
%Program Files%\Tencent\QQBrowser\Html\manifest.json (197 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\images\pixel.gif (43 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\images\searchlogo_24_bing.png (442 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin\addressbar_white.png (5 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\tab_bg_blank.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\Config.xml (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\arrowdown_hover_ie.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\Microsoft.VC90.CRT\msvcm90.dll (2129 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\index.html (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\BugReport.exe (7256 bytes)
%Program Files%\Tencent\QQBrowser\QQBrowserFrame.dll (11518 bytes)
%Program Files%\Tencent\QQBrowser\resources.pri (3 bytes)
%Program Files%\Tencent\QQBrowser\Downloader.dll (3073 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\Infobar\image\infobar_close_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\history\img\up-down.png (999 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\PrScrn.dll (2517 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\app.js (17 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\HomePage\0\website\index.html (601 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\lock_active_ie.png (1 bytes)
%Program Files%\Tencent\QQBrowser\WebpDecodeFilter.dll (673 bytes)
%Program Files%\Tencent\QQBrowser\Html\lib\jquery.mCustomScrollbar.concat.min.js (37 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Adblock\whitelist.ze (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\large_installed_arrow.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\images\icon_not_recommended.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\quicklink_recommendcelltag.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\InstModules\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\theme_ie.png (15 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\tab_bg_white.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\TridentCore.dll (9754 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\history_active.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\thumb\qqbrowser_home.jpg (14 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\small_installed_arrow.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\delete_ie.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\favicon\index.html#app.ico (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\history.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\unlock.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\history\img\atbk1.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\unlock.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\EventTracing.dll (1326 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\service\qqtrack.xml (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\installed_arrow.png (176 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\arrowdown_hover.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Adblock\wbg.png (136 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\theme.png (25 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\quicklink_recommendcelltag_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\arrowdown.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\thumb\http___tq.qq.com_qbrcenter_index.html_adtag=8gongge.jpg (11 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\skin_selected_blank.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\dock_video.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\lock_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\unlock_active_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\lib\jquery.mCustomScrollbar.css (9 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\uninstallBtn.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\account\up.png (971 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\Assistant.dll (6284 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\dock_video_active.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\js\global.js (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\account\down.png (971 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}_1\QBSafe.dll (1735 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\js\global.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Extensions8 (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\warn-dialog-close.png (295 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\css\style.css (6 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Thumb\qqbrowser_home.jpg (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Extensions8\Temp\{A1D7EDF6-6151-4F2D-B39E-01D6FABE0325}.qrx (19 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\favicon\index.html#app.ico (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\favicon\index.html#account.ico (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\unlock_ie.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\images\pixel.gif (43 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin\skin_mask.png (923 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\image\infobar_close_normal.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\quicklink_recommendcelltag_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{132A61AD-1025-4629-960D-B21EE8BAABB3}.qrx (17 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\nsis_skin.gt (106 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\QBInstaller.dll (3710 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\js\init.js (8 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Thumb\https___mail.qq.com_.jpg (16 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\wifi_dialog_close_btn.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\img\del.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\private.html (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\unlock_hover_ie.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\css\articlecontent.css (12 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Extensions8\{00000000-0000-0000-0000-000000000000}\jquery.js (92 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\pixel.gif (43 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\delete_hover.png (1 bytes)
%Program Files%\Tencent\QQBrowser\nsis_skin.gt (601 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\arrowdown_hover_ie.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\dock_game_active.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\skin_mask.png (923 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\Infobar\image\infobar_login.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\history\img\search.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin\skin_selected_blank_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\lock_ie.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\dock_video.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\lib\ycalendar.js (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\delete.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\css\ycalendar.css (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\wifi_dialog_cancel_btn.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Liveup\Temp\QBUtils.dll (12287 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\blue.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\image\infobar_close_hover.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\Infobar\image (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\text_light.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Infobar\image\infobar_login.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\img\up-down.png (999 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\css\articlecontent.css (12 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\shadow-bottom.png (2 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\HomePage\0\website\bgsearch_day.jpg (4 bytes)
%Program Files%\Tencent\QQBrowser\Html\images\icon_suggested_action.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\skin\LightStripes.gt (94 bytes)
%Program Files%\Tencent\QQBrowser\Infobar\image\infobar_fav.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\sliderman.1.3.7.js (19 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\img\down.png (960 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\QQBrowserLiveup.exe (3502 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\images\site_text.png (5 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\quicklink_toast_locked.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Thumb\http___speed.qq.com_act_a20141103plan_.jpg (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\qqtrack.xml (7 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\picker_floor.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\js\tool.js (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\8.0.0.12\manifest.json (256 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\lib (4 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\lock_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\arrowdown.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Infobar\css\base.css (2 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\images\icon_suggested_action.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\quicklink_newcelltag.png (1 bytes)
%Program Files%\Tencent\QQBrowser\BugReport.exe (2321 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\account\down.png (971 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\event\bg.png (28 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin\skin_selected_blank.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\favicon\index.html#skin.ico (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\images\loading.gif (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\Infobar\image\infobar_close_normal.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\image.png (5 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\HomePage\0\website\sogou_web.png (5 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\{CAA4306F-826C-4c1b-8FC6-571F84949DB4} (6 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\history\history2.js (21 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\dock_video_active.png (3 bytes)
%Program Files%\Tencent\QQBrowser\Html\lib\ycalendar.js (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\images\searchlogo_24_baidu.png (870 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\service\7z.exe (1209 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\lock_active_ie.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\thumb\https___mail.qq.com_.jpg (16 bytes)
%Program Files%\Tencent\QQBrowser\Html\certerror.html (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\site_text.png (5 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\dock_game_hover.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\arrowdown_ie.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\thumb\http___www.qq.com__pgv_ref=qqBrowserPC.jpg (16 bytes)
%Program Files%\Tencent\QQBrowser\QBSafe.dll (1735 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\quicklink_toast_unlocked.png (2 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\search_btn.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\quicklink_toast_locked.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Thumb\http___tq.qq.com_qbrcenter_index.html_adtag=8gongge.jpg (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\homepage\0\website (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\searchlogo_24_bing.png (442 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\private.html (3 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin\skin_selected_white_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\favicon\index.html#history.ico (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\dock_video_active.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\resources.pri (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\delete_active_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\images\icon_not_recommended.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\quicklink_toast_unlocked.png (2 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\history.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\searchbar_searchengine_arrow.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\history\css\history.css (8 bytes)
%Program Files%\Tencent\QQBrowser\Microsoft.VC90.CRT\msvcm90.dll (1281 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\homepage\index.ini (16 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\delete_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\js\injectReader.js (19 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\searchbar_searchengine_arrow.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\images\searchlogo_24_google.png (919 bytes)
%Program Files%\Tencent\QQBrowser\Html\images\search_btn.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\{3E9C7A5B-D249-4C28-A451-53E1024AD354} (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\homepage\0\website\bgsearch_day.jpg (4 bytes)
%Program Files%\Tencent\QQBrowser\QQBrowserLiveup.exe (1425 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\image\infobar_close_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Adblock\mainlist.ze (29 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\lib\ycalendar.js (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\close.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\css\ycalendar.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\Infobar\image\infobar_offlineurl.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\lock_hover_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\images\searchlogo_24_soso.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\js\business.js (9 bytes)
%Program Files%\Tencent\QQBrowser\Infobar\image\infobar_close_normal.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\js\init.js (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\quicklink_newcelltag.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\close.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\lib\jquery.mCustomScrollbar.concat.min.js (37 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\js\init.js (8 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manifest.json (197 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\plugin2.png (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\yellow.png (626 bytes)
%Program Files%\Tencent\QQBrowser\Infobar\image\security.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\dock_game_active.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\arrowdown_hover.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\searchbar_searchengine_arrow.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\history\img\down.png (960 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\icon_not_recommended.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\history.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid (12 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\account\down.png (971 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\thumb\http___www.3366.com__ADTAG=cop.QQbrowser.8new.jpg (16 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\picker_floor.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\history\img\down.png (960 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\css\style.css (6 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\images\search_btn.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\account_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\lib\jquery.easing.js (3 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\images\large_installed_arrow.png (1 bytes)
%Program Files%\Tencent\QQBrowser\PrScrn.dll (1281 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\arrowdown_hover_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\background.html (122 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\Ã¨â€¦Â¾Ã¨Â®Â¯Ã¨Â½Â¯Ã¤Â»Â¶\QQÃ¦ÂµÂÃ¨Â§Ë†Ã¥â„¢Â¨\QQÃ¦ÂµÂÃ¨Â§Ë†Ã¥â„¢Â¨.lnk (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Extensions8\Temp\{ACC06D2A-2285-4ed9-B4E4-0F3198501410}.qrx (12 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\account.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\night.png (546 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\HomePage\0\website\bggradient_day.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\content.js (30 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\js\inforBar.js (1 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\62B5AF9BE9ADC1085C3C56EC07A82BF6 (152 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\dock_game_hover.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\lib\template.js (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\searchlogo_24_baidu.png (870 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\thumb\http___s.click.taobao.com_khr1bAy.jpg (9 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\searchlogo_24_google.png (919 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\quicklink_newcelltag_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\images\small.png (2 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\delete.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Thumb\http___qzone.qq.com_.jpg (12 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\app.js (17 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\Microsoft.VC90.CRT\msvcp90.dll (6900 bytes)
%Program Files%\Tencent\QQBrowser\uninst.exe (2105 bytes)
%Program Files%\Tencent\QQBrowser\Infobar\image\infobar_close_hover.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Adblock\whitelist.ze (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\skin_selected_blank_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\images\shadow-bottom.png (2 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\{3349050F-829E-4bb2-AACF-03E3A6B68677} (5 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\manifest.json (5 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\index.html (17 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\account_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\dock_video_hover.png (3 bytes)
%Program Files%\Tencent\QQBrowser\EventTracing.dll (39 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\site_text.png (5 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\css\screen.css (14 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\plugin3.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\images\Private-icon.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\lock_hover_ie.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\unlock_active_ie.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\WebpDecodeFilter.dll (2128 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\unlock_hover.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Infobar\image\icon.png (487 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\tab_bg_white.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\plugin1.png (11 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\delete_hover_ie.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\default.ico (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\lib\jquery.min.js (92 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\green.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\thumb (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\{B00DFF21-511E-4249-BCB9-EECC370D796B} (430 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\quicklink_recommendcelltag.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{00000000-0000-0000-0000-000000000000}\jquery.js (601 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\error.html (7 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\history\img\closeBtnSearchbar.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\css\style.css (11 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\history\img\del.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\large_installed_arrow.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\lock_active_ie.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\lock_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\sliderman.1.3.7.js (19 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\service\QQTrace.ini (3 bytes)
%Program Files%\Tencent\QQBrowser\Html\images\small.png (2 bytes)
%Program Files%\Tencent\QQBrowser\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\app.js (17 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\app.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Liveup\Temp\Microsoft.VC90.CRT\msvcr90.dll (4185 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\images\wifi_dialog_cancel_btn.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\addressbar_white.png (5 bytes)
%Program Files%\Tencent\QQBrowser\QQBrowserSecurityCenter.exe (673 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\history\img\closeBtnSearchbar.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\js\init.js (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\{6970B802-2F13-4038-B620-33B0211D26A0} (99 bytes)
%Program Files%\Tencent\QQBrowser\service\qqtrack.xml (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\searchlogo_24_soso.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\css\style.css (2 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\lib\jquery.mCustomScrollbar.css (9 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\app_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\dock_game_active.png (3 bytes)
%Program Files%\Tencent\QQBrowser\service\QQTrace.ini (3 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\index.html (17 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\js\business.js (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\NetWork.dll (2602 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\theme.png (25 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\images\searchlogo_24_google.png (919 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\delete_active_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\lock_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\gray.png (501 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\images\plugin2.png (6 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\quicklink_recommendcelltag.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\account_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\js\business.js (8 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\icon_suggested_action.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\account.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Adblock\{43789A6F-8316-54A6-96D4-87874B9CC177} (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\db\history.db (108 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Thumb\http___browser.qq.com_new_wechat1.0.html_type=1.jpg (10 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\reader.html (30 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\image\accountInfo.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\images\wifi_dialog_continue_btn.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\lib\template.js (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\delete_hover.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Extensions8\Temp\{E5914276-7752-43C4-9723-50EE9CF51AD8}.qrx (16 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\dock_game.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\image (4 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{C74EB4B8-B51A-4BF7-A213-E29859D69D83}.qrx (15 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\{B00DFF21-511E-4249-BCB9-EECC370D796B} (430 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\small.png (2 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}.qrx (1281 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\{B00D20E2-207A-431A-9712-E1279792681B} (89 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\Microsoft.VC90.CRT (4 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\arrowdown.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\picker_ceil_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\skin_selected_blank_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\unlock_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\wifi_dialog_continue_btn.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\history\img\atbk2.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\delete_hover_ie.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\js\api.js (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\js\global.js (394 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\manifest.json (5 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\images\wifi_dialog_close_btn.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\history\img\atbk2.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\manifest.json (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\{6970B802-2F13-4038-B620-33B0211D26A0} (601 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\lock_hover_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\delete_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\text_light.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\history\img\del2.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\css\app.css (9 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\img\search.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\delete_hover_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin_hover.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\MouseGesture.dll (872 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\images\plugin1.png (11 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\Dialogs.dll (10771 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\images\small_installed_arrow.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\uninst.exe (3649 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\HomePage\0\website\icon.fw.png (8 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Thumb\http___www.3366.com__ADTAG=cop.QQbrowser.8new.jpg (16 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\8.0.0.12\QBSafe.dll (1735 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\app_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\history\css\history.css (8 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\arrowdown_ie.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\QBExtensionFramework.dll (3766 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\HomePage\0\website\imgSearch.png (10 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\addressbar_white.png (5 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\index.html (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\tssafeedit.dat (41 bytes)
%Program Files%\Tencent\QQBrowser\Html\images\bkg.gif (22 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\js\api.js (3 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin\text_light.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\images\searchlogo_24_bing.png (442 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\favicon\index.html#skin.ico (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\lib\jquery.easing.js (3 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\images\warn-dialog-close.png (295 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\history\img\up-down.png (999 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\delete_ie.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\img\checkbox.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\unlock_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Liveup\Temp\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\qqtrack.xml (7 bytes)
%Documents and Settings%\%current user%\Desktop\Ã¤Â¸Å Ã§Â½â€˜Ã¥Â¯Â¼Ã¨Ë†Âª.lnk (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\lock_ie.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\db\homepage.db (3 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\InstModules\QBUtils.dll (12287 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\delete_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\history_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\css\style.css (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Extensions8\Temp\{CD36E3DB-304A-48EF-A8A2-D873F608D2AE}.qrx (30 bytes)
%Documents and Settings%\%current user%\Desktop\QQÃ¦ÂµÂÃ¨Â§Ë†Ã¥â„¢Â¨.lnk (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin\skin_selected_white.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\{B00D20E2-207A-431A-9712-E1279792681B} (89 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\image\infobar_close_normal.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images (4 bytes)
%Program Files%\Tencent\QQBrowser\Html\images\Private-icon.png (3 bytes)
%Program Files%\Tencent\QQBrowser\Infobar\image\infobar_close_active.png (1 bytes)
%Program Files%\Tencent\QQBrowser\service\PerfTraceService.exe (1425 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Adblock\wbg.png (136 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\js\business.js (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Extensions8\Temp\{132A61AD-1025-4629-960D-B21EE8BAABB3}.qrx (17 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\account_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\wifi_dialog_continue_btn.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\arrowdown_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\content.js (30 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Video\vd.ini (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\service\perfctrl.dll (3447 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Thumb\http___www.qq.com__pgv_ref=qqBrowserPC.jpg (16 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\images\uninstallBtn.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin\picker_floor.png (1 bytes)
%Program Files%\Tencent\QQBrowser\skin\LightStripes.gt (601 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\default.ico (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin\theme_ie.png (15 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin\picker_floor_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\img\closeBtnSearchbar.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\lock.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\img\atbk2.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}.qrx (1645 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}.qrx (21 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\picker_floor_hover.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\js\business.js (9 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\css\app.css (9 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\image\infobar_close_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\night.png (546 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\picker_ceil.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\quicklink_newcelltag_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\css\app.css (9 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\app_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\wifi_dialog_cancel_btn.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\Infobar\image\infobar_fav.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\js\api.js (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\background.html (122 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin\addressbar_blank.png (5 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\image\accountInfo.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\private.html (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\history\img\checkbox.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\unlock_active.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\homepage\0\website\bggradient_day.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\default-icon.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Resource.dll (673 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\manifest.json (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}.qrx (2105 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin\picker_ceil_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\css\history.css (8 bytes)
%Program Files%\Tencent\QQBrowser\app.ico (284 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\js\tool.js (3 bytes)
%Program Files%\Tencent\QQBrowser\Html\images\shadow-bottom.png (2 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\default-icon.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Adblock\mainlist.ze (29 bytes)
%Program Files%\Tencent\QQBrowser\QBUtils.dll (12287 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\js\tool.js (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\QBUtils.dll (17689 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\62B5AF9BE9ADC1085C3C56EC07A82BF6 (224 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\history\history2.js (21 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\small_installed_arrow.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\InstModules\Microsoft.VC90.CRT\msvcr90.dll (4185 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{7E2975A3-E661-42F2-8614-A9D18CBB20FE}.qrx (19 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\css\style.css (11 bytes)
%Program Files%\Tencent\QQBrowser\NetWork.dll (673 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\certerror.html (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\css\screen.css (14 bytes)
%Program Files%\Tencent\QQBrowser\TridentCore.dll (7345 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\css\style.css (6 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\app.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\unlock_active.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\favicon\index.html#history.ico (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\background.js (31 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\close.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\service (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\skin_selected_white.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\images\bkg.gif (22 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\skin_selected_blank.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Assistant.dll (2321 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\pink.png (716 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\service\xperf.exe (5001 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Extensions8\Temp\{7E2975A3-E661-42F2-8614-A9D18CBB20FE}.qrx (19 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\unlock.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\dock_video_hover.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{E5914276-7752-43C4-9723-50EE9CF51AD8}.qrx (16 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\thumb\http___www.qq.com__pgv_ref=qqBrowserPC.jpg (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\navi.ico (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\dock_video_active.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\lock_hover_ie.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Extensions8\Temp\{CD36E3DB-304A-48EF-A8A2-D873F608D2AE}.qrx (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\QBExtensionFramework.dll (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\searchlogo_24_bing.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\db (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\lib\template.js (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\uninstallBtn.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\dr.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\service\PerfTraceService.exe (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\account\up.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\image (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\Assistant.dll (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\history_active.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\account_active.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{C74EB4B8-B51A-4BF7-A213-E29859D69D83}.qrx (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\CustomerJoinPlan.txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\service\xperf.exe (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\small.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\lib\jquery.easing.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\Infobar\css\base.css (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}.qrx (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\QQBrowserFrame.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\resources.pri (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\thumb\https___mail.qq.com_.jpg (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\js\api.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\{B00D20E2-207A-431A-9712-E1279792681B} (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{ACC06D2A-2285-4ed9-B4E4-0F3198501410}.qrx (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\homepage\0\website\imgSearch.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\skin_selected_blank_ie.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Extensions8\Temp\{ACC06D2A-2285-4ed9-B4E4-0F3198501410}.qrx (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Extensions8\{5062F1C6-D76B-43c8-ADAE-D060662C6546} (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\thumb\qqbrowser_home.jpg (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\Infobar (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\js\init.js (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{7E2975A3-E661-42F2-8614-A9D18CBB20FE}.qrx (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\manifest.json (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\search_btn.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Extensions8\Temp\{44A126BF-51C2-48AD-A593-94B50071EB64}.qrx (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\homepage\0\website (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\{CAA4306F-826C-4c1b-8FC6-571F84949DB4} (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\private.html (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Extensions8\{5062F1C6-D76B-43c8-ADAE-D060662C6546}\extplayer.js (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\picker_floor_hover.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\plugin3.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\js\init.js (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\delete_hover.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\Private-icon.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\text_light.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1 (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\delete_active_ie.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\Resource.dll (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\tab_bg_blank.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\css (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\quicklink_toast_unlocked.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\default.ico (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\homepage\0 (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\picker_ceil.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\img\search.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\homepage\index.ini (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\searchbar_searchengine_arrow.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\js (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\app_hover.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\plugin1.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\BugReport.exe (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\js\api.js (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin_hover.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\css (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\yellow.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}_1 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Extensions8 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\Infobar\image\infobar_close_hover.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\thumb (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\PrScrn.dll (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\image\infobar_close_active.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\lib\jquery.min.js (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\app.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\Infobar\image\security.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\reader.html (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\close.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\css\ycalendar.css (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\css\screen.css (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\db\homepage.db (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\MouseGesture.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Extensions8\Temp\{E5914276-7752-43C4-9723-50EE9CF51AD8}.qrx (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\skin\LightStripes.gt (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\large_installed_arrow.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\service\perfctrl.dll (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\theme_ie.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\certerror.html (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin_active.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\skin (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\sliderman.1.3.7.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\db\random.db (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\history2.js (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\loading.gif (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\quicklink_newcelltag.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\js\business.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\TridentCore.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\thumb\http___qzone.qq.com_.jpg (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\addressbar_white.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\lib\jquery.mCustomScrollbar.concat.min.js (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\small_installed_arrow.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\tssafeedit.dat (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manifest.json (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\plugin2.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\js (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\css\style.css (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Extensions8\Temp\{132A61AD-1025-4629-960D-B21EE8BAABB3}.qrx (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\img\del2.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Extensions8\Temp\{7E2975A3-E661-42F2-8614-A9D18CBB20FE}.qrx (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\{3E9C7A5B-D249-4C28-A451-53E1024AD354} (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\QQBrowser.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\EventTracing.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Extensions8\Temp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\QQBrowserLiveup.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\service\qqtrack.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Extensions8\Temp\{C74EB4B8-B51A-4BF7-A213-E29859D69D83}.qrx (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\installed_arrow.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Extensions8\{00000000-0000-0000-0000-000000000000} (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\css (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\account\down.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\skin\ThirdParty.gt (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\delete.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Adblock\wbg.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\img\checkbox.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\green.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\picker_floor.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\lock_hover.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\delete_ie.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\lock_active_ie.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\Infobar\image\infobar_close_active.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\Infobar\image\infobar_offlineurl.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\NetWork.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\skin_selected_white.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Extensions8\Temp\{A1D7EDF6-6151-4F2D-B39E-01D6FABE0325}.qrx (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\quicklink_recommendcelltag.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\Infobar\image\infobar_fav.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\css (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\Infobar\image\icon.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\skin_selected_blank.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\dock_video.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\css\style.css (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\bkg.gif (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\css (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}.qrx (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\night.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\homepage\0\website\bgsearch_day.jpg (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\Infobar\js\base.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\service\7z.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\thumb\http___www.3366.com__ADTAG=cop.QQbrowser.8new.jpg (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\Infobar\image\infobar_login.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\event (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\content.js (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\img (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\js\search.js (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\small.html (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\js\inforBar.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\Infobar\inforBar.html (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}_1\QBSafe.dll (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\dock_game_hover.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\unlock_active.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\event\bg.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}.qrx (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\searchlogo_24_baidu.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\dock_game.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\QQBrowserSecurityCenter.exe (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\warn-dialog-close.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341} (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\js\business.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\Dialogs.dll (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\history.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\homepage\0\website\icon.fw.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\favicon (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\wifi_dialog_continue_btn.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\arrowdown_hover.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\license.txt (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\favicon\index.html#app.ico (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\favicon\index.html#account.ico (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\img\atbk1.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\unlock_ie.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\Infobar\image\infobar_close_normal.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\Microsoft.VC90.CRT (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Extensions8\Temp\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}.qrx (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\favicon\index.html#history.ico (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\unlock_hover.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\picker_ceil_hover.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\delete_active.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Adblock\whitelist.ze (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\thumb\http___browser.qq.com_new_wechat1.0.html_type=1.jpg (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{132A61AD-1025-4629-960D-B21EE8BAABB3}.qrx (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\nsis_skin.gt (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\default-icon.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\lib\ycalendar.js (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\delete_hover_ie.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\img\closeBtnSearchbar.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\lock.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\QRCode.dll (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\index.html (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\wifi_dialog_close_btn.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\qblogo.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\img\del.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\img\atbk2.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}_1\manifest.json (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\searchlogo_24_sogou.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\hse.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\lock_active.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}.qrx (0 bytes)
%Program Files%\Tencent\QQBrowser\manifest.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Extensions8\{00000000-0000-0000-0000-000000000000}\jquery.js (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\pixel.gif (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\icon_not_recommended.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\skin\DarkStripes.gt (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\arrowdown_hover_ie.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\{B00DFF21-511E-4249-BCB9-EECC370D796B} (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\css (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\skin_mask.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\WebpDecodeFilter.dll (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\wifi_dialog_cancel_btn.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\addressbar_blank.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\css\app.css (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\uninst.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\video\vd.ini (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\tab_bg_white.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\css\articlecontent.css (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\background.html (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\image\accountInfo.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\thumb\http___tq.qq.com_qbrcenter_index.html_adtag=8gongge.jpg (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\thumb\http___s.click.taobao.com_khr1bAy.jpg (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\Microsoft.VC90.CRT\msvcr90.dll (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\searchlogo_24_google.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\homepage\0\website\bggradient_day.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\js\injectReader.js (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\site_text.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\Infobar\css (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\js\global.js (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\manifest.json (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}.qrx (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\QBInstaller.dll (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{44A126BF-51C2-48AD-A593-94B50071EB64}.qrx (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\account (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\skin_selected_white_ie.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\error.html (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\service (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\image.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\quicklink_recommendcelltag_ie.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\css\history.css (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\gray.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\blue.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\searchlogo_24_soso.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\homepage (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\image\infobar_close_hover.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\app_active.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Adblock\mainlist.ze (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\Microsoft.VC90.CRT\msvcp90.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\Infobar\image (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{A1D7EDF6-6151-4F2D-B39E-01D6FABE0325}.qrx (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\js\tool.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\QBUtils.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\Infobar\js (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{CD36E3DB-304A-48EF-A8A2-D873F608D2AE}.qrx (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\favicon\index.html#skin.ico (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\index.html (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\Microsoft.VC90.CRT\msvcm90.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Adblock (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\js\global.js (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\{6970B802-2F13-4038-B620-33B0211D26A0} (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\img\up-down.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\homepage\0\website\index.html (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\image\infobar_close_normal.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\shadow-bottom.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\lib\jquery.mCustomScrollbar.css (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\video (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\accountInfoBar.html (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\dock_game_active.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\app.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\homepage\0\website\sogou_web.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\img\down.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\unlock_active_ie.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\css\style.css (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\quicklink_toast_locked.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\dock_video_hover.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\UserPinnedTemp\QQÃ¦ÂµÂÃ¨Â§Ë†Ã¥â„¢Â¨.lnk (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\{3349050F-829E-4bb2-AACF-03E3A6B68677} (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\theme.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Adblock\{43789A6F-8316-54A6-96D4-87874B9CC177} (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\quicklink_newcelltag_ie.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\background.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\service\QQTrace.ini (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\pink.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\UserPinnedTemp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\Downloader.dll (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\unlock_hover_ie.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\lib (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\arrowdown_ie.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\arrowdown.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\account_hover.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\lock_ie.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\Config.xml (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\icon_suggested_action.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{E5914276-7752-43C4-9723-50EE9CF51AD8}.qrx (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\account.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\qqtrack.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\thumb\http___speed.qq.com_act_a20141103plan_.jpg (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\db\history.db (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\unlock.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\history_hover.png (0 bytes)

The process KisService.exe:2144 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Program Files%\iNetHelper\desktop.ini (2 bytes)
%Program Files%\iNetHelper\Log\KisService.log (1286 bytes)
%Program Files%\iNetHelper\Pid.dat (21 bytes)
%WinDir%\Temp\360ini.cab (2695864 bytes)
%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QLSNQ10Z\360IniVerify[1].cab (376 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\6d14e4b1d8ca773bab785d1be032546e_75ed9567-aa58-4c8e-a8ea-3cad7c47ab03 (47 bytes)
%Program Files%\iNetHelper\Log\KisUrlTimer.log (273 bytes)
%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OFK7QZUX\360ini[1].cab (2695864 bytes)
%Program Files%\iNetHelper\Log\KisController.log (1368 bytes)
%Program Files%\iNetHelper\Log\KisServiceTask.log (105 bytes)
%WinDir%\Temp\{19CAA9E9-E3B9-4160-8283-94453594EFB9}\urlproc.dll (3518 bytes)
%Program Files%\iNetHelper\Log\KisWebAceDownloader.log (1646 bytes)
%WinDir%\Temp\360IniVerify.ini (376 bytes)
%Program Files%\iNetHelper\Log\KisSelfProtect.log (1039 bytes)
%Program Files%\iNetHelper\KanOption.cfg (104 bytes)
%WinDir%\Temp\360IniV2\360ini.dll (50289 bytes)

The Trojan deletes the following file(s):

%WinDir%\Temp\360ini.cab (0 bytes)

The process kisdeskurl.exe:2832 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\All Users\Application Data\iNetHelper\KanOption.cfg (122 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@baidu[1].txt (198 bytes)
%Documents and Settings%\All Users\Application Data\iNetHelper\WeatherNews\WN29.tmp (14369 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (1060 bytes)

Registry activity

The process QQBrowserLiveup.exe:3084 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "08 62 09 06 F4 F3 49 2E 30 4D AA BC 16 A7 6A FD"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The process kisService.exe:1244 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "4D 8C C3 BB F9 38 B4 67 A7 23 AF 21 51 A2 F1 AB"

The process 1332280.exe:500 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 22 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "84 E2 70 0F A3 85 50 CA 36 CD FC 7D 38 90 68 72"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCR\CLSID\{CAA2D3B1-4BB5-4a45-A17A-122773379D99}]
"ProcID" = "{C04F6F76-2204-6648-3030-303030303030}"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process iNetHelper_300002.exe:1480 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\iNetHelper\Setup]
"tod1" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"

[HKCU\Software\iNetHelper]
"RefusePushInfoAdPop" = "1"

[HKLM\SOFTWARE\iNetHelper\Setup]
"tid1" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iNetHelper]
"DisplayName" = "Ã¤Â¸Å Ã§Â½â€˜Ã¥Å Â©Ã¦â€°â€¹"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\iNetHelper\Setup]
"iid" = "206176157"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iNetHelper]
"DisplayIcon" = "c:\program files\iNetHelper\KisDeskURL.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\inethelper\~d9d88\product.xml,"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKLM\SOFTWARE\iNetHelper\Setup]
"tod2" = "0"

[HKLM\SOFTWARE\iNetHelper]
"ProgramPath" = "c:\program files\iNetHelper\"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iNetHelper]
"UninstallString" = "c:\program files\iNetHelper\uninst.exe"

[HKLM\SOFTWARE\iNetHelper]
"versiontypes" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKLM\SOFTWARE\iNetHelper]
"ProductID" = "01010400"
"RightKeyDeleteFileMenu" = "1"

[HKCR\CLSID\{9B7A98EC-7EF9-468c-ACC8-37C793DBD7E0}\Implemented Categories\{A5F7140E-4311-4ef9-AABC-F55941B5EBE5}]
"idex" = "6dd38f7937fcea19edc1c19d4084ed9a"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iNetHelper]
"InstallLocation" = "c:\program files\iNetHelper\"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iNetHelper]
"URLInfoAbout" = "http://www.ejinshan.net"

[HKCR\CLSID\{9B7A98EC-7EF9-468c-ACC8-37C793DBD7E0}\Implemented Categories\{A5F7140E-4311-4ef9-AABC-F55941B5EBE5}]
"idno" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iNetHelper]
"Publisher" = "Ã¤Â¸Å Ã§Â½â€˜Ã¥Å Â©Ã¦â€°â€¹"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B0 96 FF 34 BE 69 FF 95 BA 66 C2 1B 88 96 FB 0E"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKLM\SOFTWARE\iNetHelper]
"ReminiSysTimeErr" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\iNetHelper]
"WorkPath" = "c:\program files\iNetHelper"

[HKLM\SOFTWARE\iNetHelper\Setup]
"tid2" = "0"

[HKLM\SOFTWARE\iNetHelper]
"RightKeyKillVirusMenu" = "1"

To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iNetHelper" = "c:\program files\iNetHelper\KisDeskURL.exe"

The process %original file name%.exe:1156 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "9E 65 D0 95 4B 98 67 A3 62 C2 58 7C 46 CB CE 80"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass" = "1"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

"IntranetName" = "1"

The process QQBrowserOTA.exe:2464 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "5D 68 0B 5D E1 84 27 6A DD D5 60 16 EC 88 10 F7"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Tencent\QQBrowser\ProblemFix]
"Installed" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted\%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\OnlineSetup\QQBrowserFix]
"QQBrowserOTA.exe" = "1"

The process QQBrowserOTA.exe:3668 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCR\TXGYMailActiveX.DropFile\CLSID]
"(Default)" = "{B0F77C07-8507-4AB9-B130-CC882FDDC046}"

[HKCR\TypeLib\{4E36ABB4-BAAC-429B-A1BF-8EC872D28264}\1.0\0\win32]
"(Default)" = "%Program Files%\Tencent\QQMail\TXFTNActiveX_2.dll"

[HKCR\CLSID\{5E626C89-4AF9-4E67-99BE-E3984D419379}]
"(Default)" = "Uploader Class"

[HKCR\TXFTNActiveX.FTNUploadEventParam.1]
"(Default)" = "FTNUploadEventParam Class"

[HKCR\CLSID\{B0F77C07-8507-4AB9-B130-CC882FDDC046}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\TXGYMailActiveX.ScreenCapture.2]
"(Default)" = "ScreenCapture Class"

[HKCR\TXGYMailActiveX.Uploader.2]
"(Default)" = "Uploader Class"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCR\Interface\{39DDFBD9-DB83-4758-BDD4-B909BC796B9C}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\CLSID\{9AA844B2-7C7E-4C88-BBC6-18D306489862}]
"(Default)" = "ScreenCapture Class"

[HKCR\CLSID\{9AA844B2-7C7E-4C88-BBC6-18D306489862}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\CLSID\{DDDC986A-6061-4EAB-945A-5F607FA75078}\ProgID]
"(Default)" = "TXFTNActiveX.FTNUploadEventParam.1"

[HKCR\CLSID\{5E626C89-4AF9-4E67-99BE-E3984D419379}\TypeLib]
"(Default)" = "{30070D6D-01F0-481F-896F-D37AECC2CF4E}"

[HKCR\Interface\{CA4E8B17-3E77-444C-998E-58047DFEFD3B}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{39DDFBD9-DB83-4758-BDD4-B909BC796B9C}\TypeLib]
"Version" = "1.0"
"(Default)" = "{4E36ABB4-BAAC-429B-A1BF-8EC872D28264}"

[HKCR\TXFTNActiveX.FTNUploadEventParam\CLSID]
"(Default)" = "{DDDC986A-6061-4EAB-945A-5F607FA75078}"

[HKCR\TXFTNActiveX.FTNUpload\CLSID]
"(Default)" = "{BDEACC50-F56D-4D60-860F-CF6ED1766D65}"

[HKCR\CLSID\{DDDC986A-6061-4EAB-945A-5F607FA75078}\TypeLib]
"(Default)" = "{4E36ABB4-BAAC-429B-A1BF-8EC872D28264}"

[HKCR\CLSID\{BDEACC50-F56D-4D60-860F-CF6ED1766D65}\TypeLib]
"(Default)" = "{4E36ABB4-BAAC-429B-A1BF-8EC872D28264}"

[HKCR\TypeLib\{30070D6D-01F0-481F-896F-D37AECC2CF4E}\1.0\0\win32]
"(Default)" = "%Program Files%\Tencent\QQMail\TXGYMailActiveX_2.dll"

[HKCR\CLSID\{B0F77C07-8507-4AB9-B130-CC882FDDC046}\ToolboxBitmap32]
"(Default)" = "%Program Files%\Tencent\QQMail\TXGYMailActiveX_2.dll, 109"

[HKCR\CLSID\{B0F77C07-8507-4AB9-B130-CC882FDDC046}\MiscStatus]
"(Default)" = "0"

[HKCR\CLSID\{5E626C89-4AF9-4E67-99BE-E3984D419379}\ProgID]
"(Default)" = "TXGYMailActiveX.Uploader.2"

[HKCR\TXGYMailActiveX.ScreenCapture\CLSID]
"(Default)" = "{9AA844B2-7C7E-4C88-BBC6-18D306489862}"

[HKCR\TXFTNActiveX.FTNUpload.1\CLSID]
"(Default)" = "{BDEACC50-F56D-4D60-860F-CF6ED1766D65}"

[HKCR\Interface\{C6DA788C-DE6D-4856-893A-76F1E0B9070C}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{5A01E8DE-CE3C-4678-8570-1E3018F075D5}\TypeLib]
"(Default)" = "{30070D6D-01F0-481F-896F-D37AECC2CF4E}"

[HKCR\CLSID\{BDEACC50-F56D-4D60-860F-CF6ED1766D65}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\CLSID\{B0F77C07-8507-4AB9-B130-CC882FDDC046}]
"(Default)" = "DropFile Class"

[HKCR\Interface\{5A01E8DE-CE3C-4678-8570-1E3018F075D5}\TypeLib]
"Version" = "1.0"

[HKCR\CLSID\{9AA844B2-7C7E-4C88-BBC6-18D306489862}\InprocServer32]
"(Default)" = "%Program Files%\Tencent\QQMail\TXGYMailActiveX_2.dll"

[HKCR\CLSID\{5E626C89-4AF9-4E67-99BE-E3984D419379}\InprocServer32]
"(Default)" = "%Program Files%\Tencent\QQMail\TXGYMailActiveX_2.dll"

[HKCR\TypeLib\{4E36ABB4-BAAC-429B-A1BF-8EC872D28264}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\CLSID\{DDDC986A-6061-4EAB-945A-5F607FA75078}]
"(Default)" = "FTNUploadEventParam Class"

[HKCR\Interface\{999D982E-09FD-4D3A-87E0-1E0B4A838962}\TypeLib]
"Version" = "1.0"

[HKCR\CLSID\{B0F77C07-8507-4AB9-B130-CC882FDDC046}\MiscStatus\1]
"(Default)" = "131473"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "DC 9E C3 7F 14 97 27 50 23 14 DA 5E 38 A9 56 E2"

[HKCR\TXGYMailActiveX.Uploader.2\CLSID]
"(Default)" = "{5E626C89-4AF9-4E67-99BE-E3984D419379}"

[HKCR\CLSID\{B0F77C07-8507-4AB9-B130-CC882FDDC046}\ProgID]
"(Default)" = "TXGYMailActiveX.DropFile.2"

[HKCR\TypeLib\{4E36ABB4-BAAC-429B-A1BF-8EC872D28264}\1.0]
"(Default)" = "TXFTNActiveX 1.0 Type Library"

[HKCR\Interface\{C6DA788C-DE6D-4856-893A-76F1E0B9070C}\TypeLib]
"Version" = "1.0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCR\Interface\{CA4E8B17-3E77-444C-998E-58047DFEFD3B}]
"(Default)" = "IScreenCapture"

[HKCR\Interface\{CA4E8B17-3E77-444C-998E-58047DFEFD3B}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{CA4E8B17-3E77-444C-998E-58047DFEFD3B}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\CLSID\{9AA844B2-7C7E-4C88-BBC6-18D306489862}\VersionIndependentProgID]
"(Default)" = "TXGYMailActiveX.ScreenCapture"

[HKCR\TXGYMailActiveX.Uploader\CurVer]
"(Default)" = "TXGYMailActiveX.Uploader.2"

[HKCR\Interface\{999D982E-09FD-4D3A-87E0-1E0B4A838962}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\TXGYMailActiveX.ScreenCapture.2\CLSID]
"(Default)" = "{9AA844B2-7C7E-4C88-BBC6-18D306489862}"

[HKCR\TXFTNActiveX.FTNUpload.1]
"(Default)" = "FTNUpload Class"

[HKCR\CLSID\{DDDC986A-6061-4EAB-945A-5F607FA75078}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\TypeLib\{30070D6D-01F0-481F-896F-D37AECC2CF4E}\1.0]
"(Default)" = "TXGYMailActiveX2 1.0 Type Library"

[HKCR\Interface\{CA4E8B17-3E77-444C-998E-58047DFEFD3B}\TypeLib]
"(Default)" = "{30070D6D-01F0-481F-896F-D37AECC2CF4E}"

[HKCR\Interface\{5A01E8DE-CE3C-4678-8570-1E3018F075D5}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\CLSID\{B0F77C07-8507-4AB9-B130-CC882FDDC046}\VersionIndependentProgID]
"(Default)" = "TXGYMailActiveX.DropFile"

[HKCR\Interface\{C6DA788C-DE6D-4856-893A-76F1E0B9070C}]
"(Default)" = "IDropFile"

[HKCR\TXGYMailActiveX.ScreenCapture]
"(Default)" = "ScreenCapture Class"

[HKCR\CLSID\{9AA844B2-7C7E-4C88-BBC6-18D306489862}\ProgID]
"(Default)" = "TXGYMailActiveX.ScreenCapture.2"

[HKCR\TXGYMailActiveX.ScreenCapture\CurVer]
"(Default)" = "TXGYMailActiveX.ScreenCapture.2"

[HKCR\Interface\{999D982E-09FD-4D3A-87E0-1E0B4A838962}\TypeLib]
"(Default)" = "{4E36ABB4-BAAC-429B-A1BF-8EC872D28264}"

[HKCR\TXFTNActiveX.FTNUploadEventParam]
"(Default)" = "FTNUploadEventParam Class"

[HKCR\TXFTNActiveX.FTNUpload\CurVer]
"(Default)" = "TXFTNActiveX.FTNUpload.1"

[HKCR\CLSID\{DDDC986A-6061-4EAB-945A-5F607FA75078}\VersionIndependentProgID]
"(Default)" = "TXFTNActiveX.FTNUploadEventParam"

[HKCR\CLSID\{B0F77C07-8507-4AB9-B130-CC882FDDC046}\TypeLib]
"(Default)" = "{30070D6D-01F0-481F-896F-D37AECC2CF4E}"

[HKCR\TXGYMailActiveX.Uploader]
"(Default)" = "Uploader Class"

[HKCR\Interface\{999D982E-09FD-4D3A-87E0-1E0B4A838962}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\TypeLib\{4E36ABB4-BAAC-429B-A1BF-8EC872D28264}\1.0\HELPDIR]
"(Default)" = "%Program Files%\Tencent\QQMail\"

[HKCR\CLSID\{B0F77C07-8507-4AB9-B130-CC882FDDC046}\InprocServer32]
"(Default)" = "%Program Files%\Tencent\QQMail\TXGYMailActiveX_2.dll"

[HKCR\Interface\{C6DA788C-DE6D-4856-893A-76F1E0B9070C}\TypeLib]
"(Default)" = "{30070D6D-01F0-481F-896F-D37AECC2CF4E}"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCR\TXGYMailActiveX.DropFile\CurVer]
"(Default)" = "TXGYMailActiveX.DropFile.2"

[HKCR\CLSID\{B0F77C07-8507-4AB9-B130-CC882FDDC046}\Version]
"(Default)" = "1.0"

[HKCR\TXGYMailActiveX.DropFile]
"(Default)" = "DropFile Class"

[HKCR\TXFTNActiveX.FTNUpload]
"(Default)" = "FTNUpload Class"

[HKCR\Interface\{5A01E8DE-CE3C-4678-8570-1E3018F075D5}]
"(Default)" = "IUploader"

[HKCR\TXGYMailActiveX.Uploader\CLSID]
"(Default)" = "{5E626C89-4AF9-4E67-99BE-E3984D419379}"

[HKCR\Interface\{39DDFBD9-DB83-4758-BDD4-B909BC796B9C}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\CLSID\{DDDC986A-6061-4EAB-945A-5F607FA75078}\InprocServer32]
"(Default)" = "C:\PROGRA~1\Tencent\QQMail\TXFTNA~1.DLL"

[HKCR\TypeLib\{30070D6D-01F0-481F-896F-D37AECC2CF4E}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\TXFTNActiveX.FTNUploadEventParam.1\CLSID]
"(Default)" = "{DDDC986A-6061-4EAB-945A-5F607FA75078}"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCR\Interface\{39DDFBD9-DB83-4758-BDD4-B909BC796B9C}]
"(Default)" = "IFTNUploadEventParam"

[HKCR\CLSID\{BDEACC50-F56D-4D60-860F-CF6ED1766D65}\ProgID]
"(Default)" = "TXFTNActiveX.FTNUpload.1"

[HKCR\TXGYMailActiveX.DropFile.2]
"(Default)" = "DropFile Class"

[HKCR\CLSID\{BDEACC50-F56D-4D60-860F-CF6ED1766D65}]
"(Default)" = "FTNUpload Class"

[HKCR\CLSID\{5E626C89-4AF9-4E67-99BE-E3984D419379}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\CLSID\{9AA844B2-7C7E-4C88-BBC6-18D306489862}\TypeLib]
"(Default)" = "{30070D6D-01F0-481F-896F-D37AECC2CF4E}"

[HKCR\TXGYMailActiveX.DropFile.2\CLSID]
"(Default)" = "{B0F77C07-8507-4AB9-B130-CC882FDDC046}"

[HKCR\Interface\{C6DA788C-DE6D-4856-893A-76F1E0B9070C}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\CLSID\{BDEACC50-F56D-4D60-860F-CF6ED1766D65}\VersionIndependentProgID]
"(Default)" = "TXFTNActiveX.FTNUpload"

[HKCR\CLSID\{5E626C89-4AF9-4E67-99BE-E3984D419379}\VersionIndependentProgID]
"(Default)" = "TXGYMailActiveX.Uploader"

[HKCR\Interface\{5A01E8DE-CE3C-4678-8570-1E3018F075D5}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\CLSID\{BDEACC50-F56D-4D60-860F-CF6ED1766D65}\InprocServer32]
"(Default)" = "C:\PROGRA~1\Tencent\QQMail\TXFTNA~1.DLL"

[HKCR\TypeLib\{30070D6D-01F0-481F-896F-D37AECC2CF4E}\1.0\HELPDIR]
"(Default)" = "%Program Files%\Tencent\QQMail\"

[HKCR\Interface\{999D982E-09FD-4D3A-87E0-1E0B4A838962}]
"(Default)" = "IFTNUpload"

[HKCR\TXFTNActiveX.FTNUploadEventParam\CurVer]
"(Default)" = "TXFTNActiveX.FTNUploadEventParam.1"

The process QQBrowserOTA.exe:2452 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A4 D9 7F C1 54 E6 79 6E B6 5C 26 AA 78 37 36 9F"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted\%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\OnlineSetup\sso]
"QQBrowserOTA.exe" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

The process kinst_168_38.exe:804 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "5C EC 88 71 C1 03 92 5B 4F DD 48 7E 5A F1 91 70"

[HKCR\CLSID\{79B5BC47-CEA1-4772-B433-7D1B3139F278}\Implemented Categories\{607568DD-B059-434b-B7E7-38EC51998F8E}]
"Guid" = "207F43E158744205B9864370617043E9"
"DID" = "F787AB6D8CF717E7B754599E2E879037"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Documents and Settings%\%current user%\Local Settings\Temp\nso3.tmp]
"kinst_168_38.exe" = "%Documents and Settings%\%current user%\Local Settings\Temp\nso3.tmp\kinst_168_38.exe:*:Enabled:KInstallTool"

The process BrowersFacade.exe:3060 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F5 43 78 69 B2 A5 18 DB AB 59 DA 06 B8 42 9A CD"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

The process QQBrowser.exe:1164 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "20 CB B2 A6 B0 02 43 7D 76 20 DF 9A 3D 65 C9 11"

[HKCU\Software\Tencent\QQBrowser\Launch]
"LaunchOpenPageType" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

The process QQBrowser.exe:776 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "66 67 E3 A4 BC D8 7A 7B E3 D5 8C 33 0C 0D 85 4C"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

The process QQBrowser.exe:212 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCR\QQBrowser.Protocol]
"(Default)" = "QQBrowser Protocol"

[HKCR\CLSID\{0002DF01-0000-0000-C000-000000000046}\LocalServer32]
"(Default)" = "%Program Files%\Internet Explorer\iexplore.exe"

[HKCR\Tencent.QQBrowser.Default\.exe\shell\open\command]
"(Default)" = "%Program Files%\Tencent\QQBrowser\QQBrowser.exe %*"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQBrowser.exe]
"DisableExceptionChainValidation" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Tencent\QQBrowser\Capabilities\URLAssociations]
"http" = "QQBrowser.Protocol"

[HKCR\QQBrowser.File\DefaultIcon]
"(Default)" = "%Program Files%\Tencent\QQBrowser\QQBrowser.exe,0"

[HKCR\QQBrowser.Protocol\shell\open\command]
"(Default)" = "%Program Files%\Tencent\QQBrowser\QQBrowser.exe -- %1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCR\QQBrowser.File\shell\open\command]
"(Default)" = "%Program Files%\Tencent\QQBrowser\QQBrowser.exe -- %1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1F 00 00 00 01 00 00 00 00 00 00 00"

[HKCR\Tencent.QQBrowser.Default\.exe\shell]
"(Default)" = "open"

[HKLM\SOFTWARE\Tencent\QQBrowser\Capabilities\FileAssociations]
".xhtml" = "QQBrowser.File"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\RegisteredApplications]
"QQBrowser" = "Software\Tencent\QQBrowser\Capabilities"

[HKCU\Software\Tencent\QQBrowser\InstallInfo]
"FirstLaunch" = "1"

[HKLM\SOFTWARE\Tencent\QQBrowser\Capabilities\FileAssociations]
".xht" = "QQBrowser.File"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCR\QQBrowser.Protocol\shell]
"(Default)" = "open"

[HKLM\SOFTWARE\Tencent\QQBrowser\CurrentVersion\App Paths\QQBrowser.exe]
"(Default)" = "%Program Files%\Tencent\QQBrowser\QQBrowser.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCR\QQBrowser.Protocol\DefaultIcon]
"(Default)" = "%Program Files%\Tencent\QQBrowser\QQBrowser.exe,0"

[HKCR\QQBrowser.File]
"URL Protocol" = ""

[HKCR\QQBrowser.File\shell]
"(Default)" = "open"

[HKLM\SOFTWARE\Tencent\QQBrowser\Capabilities\FileAssociations]
".mht" = "QQBrowser.File"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Tencent\QQBrowser\Capabilities\FileAssociations]
".mhtml" = "QQBrowser.File"

[HKCR\Tencent.QQBrowser.Default\.exe\shell\run\command]
"(Default)" = "%Program Files%\Tencent\QQBrowser\QQBrowser.exe %*"

[HKLM\SOFTWARE\Tencent\QQBrowser\Capabilities\FileAssociations]
".shtml" = "QQBrowser.File"

[HKCR\QQBrowser.File]
"AppUserModelID" = "Tencent.QQBrowser.Default"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCR\QQBrowser.Protocol]
"URL Protocol" = ""

[HKLM\SOFTWARE\Tencent\QQBrowser\Capabilities\FileAssociations]
".htm" = "QQBrowser.File"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCR\QQBrowser.Protocol]
"AppUserModelID" = "Tencent.QQBrowser.Default"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Tencent\QQBrowser\Capabilities\FileAssociations]
".html" = "QQBrowser.File"

[HKCR\QQBrowser.File]
"(Default)" = "QQBrowser HTML Document"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "5D 0A 6B A6 37 D3 9F 59 5C AA DB D7 9F 87 61 BE"

[HKLM\SOFTWARE\Tencent\QQBrowser\Capabilities\URLAssociations]
"https" = "QQBrowser.Protocol"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\QQBrowser.exe]
"Path" = "%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser"

[HKLM\SOFTWARE\Tencent\QQBrowser\Capabilities]
"ApplicationName" = "QQBrowser"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Tencent\QQBrowser\http\shell\open\command]
"(Default)" = "%Program Files%\Internet Explorer\iexplore.exe -nohome"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Tencent\QQBrowser\Capabilities\URLAssociations]
"ftp" = "QQBrowser.Protocol"

[HKLM\SOFTWARE\Tencent\QQBrowser\Capabilities]
"ApplicationDescription" = "QQBrowser"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Tencent\QQBrowser\PrivateCfg]
"DisablePtLogin_740"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQBrowser.exe]
"GlobalFlag"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQBrowser.exe]
"VerifierFlags"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQBrowser.exe]
"PageHeapFlags"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN]
"QQBrowser.exe"

The process QQBrowser.exe:1860 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Tencent\QQBrowser\extensions8\{6C1AE4FB-CABB-4509-9394-6CF047DA5B1A}\8.0.0.4\BackgroundDll]
"Path" = "LoadFixQB.dll"

[HKCU\Software\Tencent\QQBrowser\extensions8\{66AC5389-365D-4B55-BF5C-5A2A4BC21CCD}\8.0.0.44]
"Version" = "8.0.0.44"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\SignatureList\Html]
"error.html" = "Gs5We3VMGdtvsJGT6u6MMVvDt3zSWVVCEh8CKo8BudWeZgocGRxZCxnUzIBcEspzCp9h2OFGwf4FTuDYG9Mf1MROlJx1oTz9uXnHk/JNRuCTn/dHBXBTqu6XR1tj6OqL7gKQ3svK/Mexy4lBO/PSgypdugTHFgugTpMadvZRDAE="

[HKCU\Software\Tencent\QQBrowser\extensions8\{6C1AE4FB-CABB-4509-9394-6CF047DA5B1A}\8.0.0.4]
"Name" = "FixQB"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 25 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Tencent\QQBrowser\extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\8.0.0.131\BackgroundDll]
"LoadingTime" = "LoadAsInited"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\SignatureList\Html]
"certerror.html" = "Quu5ifaZbhsH6hfNNjsEbMi71iGFPa 7qoPsbDB85tzNJhbuwap kINuU5JVUFuy7ab/H63S1Y9kCw eo6zOs2bZvrgxEv8DGHhKa832zqs6fjzTX BFb6/uP1kQr9kAIzY jkBspKr9vZIFKnmKfjTFFlvSX3lQxR9BTuyhiN8="

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\SignatureList\Html\quickaccess\js]
"api.js" = "W4LBkOoHkHIGXYE6okblF8Y2u Gxj5OLP2E1RO1oGT4o72Upe2TuZfv4aGlEpfHPTisFzGNod78Ki KEziTqfUZKaSQTu7TrI58Fg4dfF7cIyDwfDbmVQonWy37VRFH3SrLIC2EG80BAeEkSEAA4lepPxQLrwYmgNvv2nr3W538="

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\SignatureList\Html\manage\history]
"history2.js" = "EYdPibxwSOsOqWp65 q m9YPkG2qiUUGpCPnvRau01UVBjkeEsX12Uy5TmZV0QiqFodnvBKS8uPPdSDAtWYh46mlNAugPtYfiEf7rdH5i9IKkjarXT3vqrc8m dOB2sBwi35rGtSx5Q mNco60nlRGZ/4BbXHVO9e4liF3omtHU="

[HKCU\Software\Tencent\QQBrowser\extensions8\{6C1AE4FB-CABB-4509-9394-6CF047DA5B1A}\8.0.0.4]
"STYLE" = "80"

[HKCU\Software\Tencent\QQBrowser\extensions8\{8A24087F-391C-4695-B60C-56BE31AF1ECC}\8.0.0.3]
"ManifestVersion" = "2"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\SignatureList\Html\manage\js]
"api.js" = "CTLNX2nY1O7mQDlrx81saZ A/b3cld1PV1aWjfRWB9Uk7nMqUgRWUwgVmyvWg9gkM0yW1MsoF6XNwlLBdc8okJ8kImN9HQxCfo4NuKEahbCA1RnudXB pCuvw3EEMiY ORP/YDMicZcSXjtSnvP3UDhaX THBQVVts I5sLdd5g="

[HKCU\Software\Tencent\QQBrowser\extensions8\{8A24087F-391C-4695-B60C-56BE31AF1ECC}]
"Enabled" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Tencent\QQBrowser\extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\8.0.0.131]
"Name" = "QBSafe"

[HKCU\Software\Tencent\QQBrowser\extensions8\{8A24087F-391C-4695-B60C-56BE31AF1ECC}\8.0.0.3]
"Desc" = "PCMgr Installer"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\SignatureList\Html\lib]
"template.js" = "RzgJqwNHJ4N8sJDEKasrvKhYoIjrKXGKh3qo6y3p7Bx3eQjIDn1gNlluXXutWcLSBX23i7mSbXxa6km5He 5qAf5eFTYPlcyzJ1efN6K7LGNsOYTGrjFWBGg57GhUneVMDCg1l8ncB214UhBIQPO6KZ2/tvVX4d0a6nCIXqOTdc="

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKCU\Software\Tencent\QQBrowser\extensions8]
"CommandOrder" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\SignatureList\Html\manage\app]
"sliderman.1.3.7.js" = "RkIvek G9RI Q9/NEOdxEh/ynLS5sJRj/vlO2PrWACyN8sI9vf695W/3CP d/Jr59MnJV2sK2YzNz6txbNvhpSI6S3MTO8Z3UJIBleKth0bLzeGpI4dTaAsMMam3QXyux3g7jkzADCCb5iHY8RLV c6W8sEprWrpGZNIRzFvOcs="

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\SignatureList\Html]
"private.html" = "K xv/ifPeX60jeD65vv gUoqtdQCKyrPu3G9CV9ZgkzifnKYT2HlMs77KUqIBos6Ta5uCGG4ausc030WTKPfMuL9EjmW7FoJZIZgTcWa mx0 gaAmsoMZHsvq/IVS6SDzsQ/mOiHy60uAr1RKyo62yEJn9wW8JYFqpfIUaAznfU="

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8]
"AutoUpdated" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Tencent\QQBrowser\extensions8\{66AC5389-365D-4B55-BF5C-5A2A4BC21CCD}\8.0.0.44]
"ID" = "{66AC5389-365D-4B55-BF5C-5A2A4BC21CCD}"

[HKCU\Software\Tencent\QQBrowser\extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\8.0.0.131]
"RequiredMinVersion" = "8.1.0.0"
"STYLE" = "80"

[HKCU\Software\Tencent\QQBrowser\extensions8\{8A24087F-391C-4695-B60C-56BE31AF1ECC}\8.0.0.3]
"STYLE" = "80"

[HKCU\Software\Tencent\QQBrowser\Scopes\1596_dab63]
"CrashRecord" = "48 76 9B A5 01 00 00 00 00 00 00 00 00 00 00 00"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8]
"ManifestVersion" = "2"

[HKCU\Software\Tencent\QQBrowser\extensions8\{8A24087F-391C-4695-B60C-56BE31AF1ECC}]
"currentVersion" = "8.0.0.3"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8]
"Version" = "8.1.2.8"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKCU\Software\Tencent\QQBrowser\extensions8\{66AC5389-365D-4B55-BF5C-5A2A4BC21CCD}]
"currentVersion" = "8.0.0.44"

[HKCU\Software\Tencent\QQBrowser\extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\8.0.0.131]
"Operational" = "1"

[HKCU\Software\Tencent\QQBrowser\InstallInfo]
"NewInstall" = "0"

[HKCU\Software\Tencent\QQBrowser\extensions8\{8A24087F-391C-4695-B60C-56BE31AF1ECC}\8.0.0.3\BackgroundDll]
"Path" = "PCMgrInstaller.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8]
"Operational" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8]
"STYLE" = "64"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Tencent\QQBrowser\InstallInfo]
"FirstLaunch" = "0"

[HKCU\Software\Tencent\QQBrowser\extensions8\{66AC5389-365D-4B55-BF5C-5A2A4BC21CCD}]
"CommandOrder" = "4"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\SignatureList\Html\quickaccess]
"index.html" = "ermCpBSS O8fB/VVt7j6JD/nnkn1N7SUop4xU6qJppqMfiqKcUe9YiEJBhdQA11iha77CIzBeakJYvzkCRG1XoQgs7VcfiTpBVB8FWkpBr4ADmLUWevHaD9PolwT/nkxVIsc39WfEfF2JWorYHowyBGjkW6BOD4j2gxVU0FTeV0="

[HKCU\Software\Tencent\QQBrowser\extensions8\{6C1AE4FB-CABB-4509-9394-6CF047DA5B1A}]
"currentVersion" = "8.0.0.4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Tencent\QQBrowser\extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\8.0.0.131]
"Version" = "8.0.0.131"

[HKCU\Software\Tencent\QQBrowser\extensions8\{6C1AE4FB-CABB-4509-9394-6CF047DA5B1A}\8.0.0.4]
"RequiredMinVersion" = "8.0.0.0"
"Version" = "8.0.0.4"

[HKCU\Software\Tencent\QQBrowser\extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}]
"UpdateVersion" = "8.0.0.131"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\SignatureList\Html\manage\js]
"business.js" = "IuxI4T0J7Bik5qY6/aqfPYonejaosMlt7RKPN2HAI58nqalyzaR3NKDmDMBsP/GLsP/n4EEmigqfaXfhw1XVPuoKRupEmWoBrFcuX0YxFI/tTm8jQjjGQnoyTA0sowMVrFwfL ATf0Id2A3Ld1g7RvjnRX1DRtsnCMsCqrERJjk="

[HKCU\Software\Tencent\QQBrowser\extensions8\{6C1AE4FB-CABB-4509-9394-6CF047DA5B1A}\8.0.0.4]
"ID" = "{6C1AE4FB-CABB-4509-9394-6CF047DA5B1A}"

[HKCU\Software\Tencent\QQBrowser\extensions8\{8A24087F-391C-4695-B60C-56BE31AF1ECC}\8.0.0.3\SignatureList\js]
"base.js" = "H1E70WLPkxM8kad NjCIOmdE5dvqXK5UQp2Mu/V6vBRauXZYWrKBmGP6IDtn20eC7h6TAwZj1fLHGS00A4LuljKAIK/ouBQHCmvXOVuMkX7KVManQj9frwd/bR2wWVgRyfqtkb/ TuDOZe0poe9WlW9FyL 0dU7d9p9KR84gAzI="

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "5B 0F 07 0B 12 DF 77 E6 9B D8 21 56 E7 07 15 61"

[HKCU\Software\Tencent\QQBrowser\extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\8.0.0.131]
"ManifestVersion" = "2"

[HKCU\Software\Tencent\TodayDo]
"FixQb" = "20160527"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8]
"RequiredMinVersion" = "8.2.0.0"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\SignatureList\Html\manage]
"index.html" = "Uy0EzM9E6A oW0Z32PTfsdnTQKM8SYLC8Svtt17Rtqz fslfu4Rf0azo0648ksrzDNSmiBlKk0iB2FCsYtC5RZOxmCgxpG0rk16BRJ1Gpf8hQmkpWSTzx2IR MAZgb7CqIwwhGHPzE3qF1k4bVaBita wVueecTJfn4gHFZ1bLg="

[HKCU\Software\Tencent\QQBrowser\extensions8\{6C1AE4FB-CABB-4509-9394-6CF047DA5B1A}\8.0.0.4]
"Operational" = "1"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\SignatureList\Html\quickaccess\js]
"business.js" = "NIpJBXokg8g4ae/ZFVZARTgOnNw26TneYdJ2IvNBamSNLKvrIiLKhjXtA/MfUOLR8SGWuibCkV/XNT2apuoX0Y2 pkcdm8L1 BEHXrJK2nRiCgy0NbkSjw/Fz48VWTYUQZRYzoLye91aAAWCBSdAuXy28 13YqDoFoCfafdVxdE="

[HKCU\Software\Tencent\QQBrowser\extensions8\{6C1AE4FB-CABB-4509-9394-6CF047DA5B1A}]
"CommandOrder" = "5"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\SignatureList\Html\lib]
"jquery.min.js" = "CHRzStLFVzowFpds/NlgIauwssen3//6We9cKfzF4H4Vd0hTu rRxAgWBSZOvL3qB MA5m1oDYbyEFquZhoip7CWckTQo6 S dUFfDJATgzAhGnGQPvY1xAeDuKT9mHvkWXV8QiJu5ZgSSuggmwXioU5HomYw1dNanbdvDS7rss="

[HKCU\Software\Tencent\QQBrowser\extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\8.0.0.131]
"ID" = "{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\SignatureList\Html\manage\app]
"app.js" = "BhesVMgtxJIX7zQkKYq0YEuuVAX5P272OuBtAYjAOfb2anR75O08Jkzxvn7jHUdd/ysgc9BzVDTxiVhd8/zjLQfMjgYii64vOYCSbhvVkIgY/DvGG3GuSh8yQ1iOw8651pJdG25lAihyOkCFHdW2hSorv9a uxBwi5AOUkvWr3E="

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\SignatureList\Html\manage\js]
"global.js" = "F1x bElWW0KAVW8dze0Mbr/Dm6CoJGRHw9Hyx1RReWDG/gXkjcQdXk a46Axg2sDjSzwOpra92NNO7ANhXE2f070FE9R4JQlb/7EiMo34Yuv2ik9RgJGDod4aT/h9hBhC2S9yWne0JH7Nr/mbFU8Mb88RrN0Q7POMH3VHicGxxo="

[HKCU\Software\Tencent\QQBrowser\extensions8\{8A24087F-391C-4695-B60C-56BE31AF1ECC}]
"CommandOrder" = "3"

[HKCU\Software\Tencent\QQBrowser\extensions8\{8A24087F-391C-4695-B60C-56BE31AF1ECC}\8.0.0.3]
"Version" = "8.0.0.3"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\SignatureList\Html\manage\js]
"init.js" = "PFyqkS14Ezzwwz3NzSYKgQGIhRXUTnt6ktpq OCUoyT9x96JDR5tWlyWvGn/S8QtChKnWJ4ieyeVWXLQUrQGG5lEDl33J3dmOavy3OUOcvX8XpPA3BcX5XgT1VHlb3zNVVQaT0TPyzBF3SD2OEBbSxfyUQgtDaSBe0RsaU7Xnb0="

[HKCU\Software\Tencent\QQBrowser\extensions8\{8A24087F-391C-4695-B60C-56BE31AF1ECC}\8.0.0.3]
"Operational" = "1"

[HKCU\Software\Tencent\QQBrowser\extensions8\{6C1AE4FB-CABB-4509-9394-6CF047DA5B1A}\8.0.0.4]
"Desc" = "FixQB"
"ManifestVersion" = "2"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\SignatureList\Html\lib]
"ycalendar.js" = "Ib0wShmBpOPdR6WIXozuGPAYmfhw HqOZEc9lU wePCCZVQ6YfBPhdNrdduMjhS5hB3SnrGR577LroR1Y2Rv4mlpMvc090e40OzXs/knSRxzb3rCvfZPwpa/HlTAtP47aP6I75ecIT0dIl/vPovsR1gjWfVFjfvcmILiHbwDA4="

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKCU\Software\Tencent\QQBrowser\extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\8.0.0.131]
"AutoUpdated" = "1"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\SignatureList\Html\quickaccess\js]
"sidebar.js" = "Hr3y2um7YJE8EH1Jg/U3cYntKUWMblGEAqP5/E8YltYhQCvoRgXxmfPxt9xgEC6jb4mgvpB7JsNVjyY58ViKP7a9UGczjFBsPQmIZYcRj39Jb5Jl/e7mH8xM1kt5AZS 4P/CfV6 ncBdyY9wcxdR8qq/OXdx2GKLLG53MS99im0="

[HKCU\Software\Tencent\QQBrowser\extensions8\{8A24087F-391C-4695-B60C-56BE31AF1ECC}\8.0.0.3]
"RequiredMinVersion" = "8.2.0.0"

[HKCU\Software\Tencent\QQBrowser\extensions8\{66AC5389-365D-4B55-BF5C-5A2A4BC21CCD}\8.0.0.44]
"STYLE" = "80"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\SignatureList\Html\quickaccess\js]
"search.js" = "IOSc1vtqyq1U7w6ERKIDsLRpv4mCbXTIw/HKw13cRHxcexU7Lrlv64EHual89dNwbkQbQh5Vc4vQlubP2vKuq9yzILTIElywHb4C6Uf6xd26zYypsUK1RjKoffD8wVvBW9Vlj37VbAXxhI8K4Q8ZZk00jCUKlBc9Gh3bbxdA0Gs="

[HKCU\Software\Tencent\QQBrowser\extensions8\{8A24087F-391C-4695-B60C-56BE31AF1ECC}\8.0.0.3\SignatureList]
"inforBar.html" = "BDbxBBSAGDqhgmGak 6m6PCB4Tlbk81KaLQRjtXDZe5vUGMvnNl4tarixpuxbQ7sc1qIG4KPfj5icAYWIzPsnM3SD1D8f5rb0Wci2srGo5HDR5 HYG0pJtKUYAcEah k/oTnRXn3JMwcVPUfHcbJtnJBEt YBzDKF u8qlHeYQ="

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8]
"ID" = "{807849B3-40D8-42E3-8001-D541FD7CEBFB}"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}]
"UpdateVersion" = "8.1.2.8"

[HKCU\Software\Tencent\QQBrowser\extensions8\{66AC5389-365D-4B55-BF5C-5A2A4BC21CCD}\8.0.0.44\BackgroundDll]
"Path" = "NetService.dll"

[HKCU\Software\Tencent\QQBrowser\extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\8.0.0.131\BackgroundDll]
"Path" = "QBSafe.dll"

[HKCU\Software\Tencent\QQBrowser\extensions8\{66AC5389-365D-4B55-BF5C-5A2A4BC21CCD}\8.0.0.44\BackgroundDll]
"LoadingTime" = "LoadAsInited"

[HKCU\Software\Tencent\QQBrowser\extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\8.0.0.131]
"Desc" = "QBSafe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Tencent\QQBrowser\extensions8\{66AC5389-365D-4B55-BF5C-5A2A4BC21CCD}\8.0.0.44]
"ManifestVersion" = "2"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\SignatureList\Html\lib]
"jquery.easing.js" = "TmbGZQQC93Sgo2FdztxQ0d9XKSQvW71Fi7BWXGb3/Y FVjxcrUPmKaPobqD7KbZMw7CHfrtxoraOME53bkqu7WtNB48Toe29QgontHYDQgrkR9tTzIz8ByGm187nfwmjMQ/pazCml7IhkVNcTRuiUBILtPyb5I8Dg6vKCCa8fcU="

[HKCU\Software\Tencent\QQBrowser\extensions8\{66AC5389-365D-4B55-BF5C-5A2A4BC21CCD}]
"Enabled" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKCU\Software\Tencent\QQBrowser\extensions8\{66AC5389-365D-4B55-BF5C-5A2A4BC21CCD}\8.0.0.44]
"RequiredMinVersion" = "8.0.0.0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\SignatureList\Html\quickaccess\js]
"global.js" = "SDzyc4n4bvXID6oDqEWrwlWuOVIMfzIdqu fjgUSah0tHYbOSfZ0S1ZuGuedQTsmcyWcCpYK0W62u3d2bM3KeVgvKzWYE2IarTzTQUvbnVVeh4Fk0xtlbN IFKmZUlKMsuM5UShigYjxaW20Wt17O1oInEkx2Ljjz6JjP8NDow="

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8]
"Name" = "Ã¥â€ â€¦Ã©Â¡ÂµÃ©ÂÂ¢"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\SignatureList\Html\manage\js]
"tool.js" = "K4IAXHGyqD8uA sLEGlFibFQFep8I HkPC6DghtA9hoTdT1tLMSTsbcae2i84ApCOoZfk1C2pUFZKm zTVVUv9o4P9Oozg9nnWh57vtG7ZXh3mv8qIRGwwANrzOQ rITxZOxWcTUTD8qZm E8LlIN0BrJJKq4Pp9GeSDBv4bMoc="

[HKCU\Software\Tencent\QQBrowser\extensions8\{6C1AE4FB-CABB-4509-9394-6CF047DA5B1A}\8.0.0.4\BackgroundDll]
"LoadingTime" = "LoadAsInited"

[HKCU\Software\Tencent\QQBrowser\extensions8\{8A24087F-391C-4695-B60C-56BE31AF1ECC}\8.0.0.3]
"ID" = "{8A24087F-391C-4695-B60C-56BE31AF1ECC}"

[HKCU\Software\Tencent\QQBrowser\extensions8\{66AC5389-365D-4B55-BF5C-5A2A4BC21CCD}\8.0.0.44]
"Desc" = "Net Service"
"Name" = "Net Service"

[HKCU\Software\Tencent\QQBrowser\PrivateCfg]
"TC_CFT_Bits3" = "4456448"

[HKCU\Software\Tencent\QQBrowser\extensions8\{6C1AE4FB-CABB-4509-9394-6CF047DA5B1A}]
"Enabled" = "1"

[HKCU\Software\Tencent\QQBrowser\extensions8\{8A24087F-391C-4695-B60C-56BE31AF1ECC}\8.0.0.3\BackgroundDll]
"LoadingTime" = "LoadAsInited"

[HKCU\Software\Tencent\QQBrowser\extensions8\{66AC5389-365D-4B55-BF5C-5A2A4BC21CCD}\8.0.0.44]
"Operational" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\SignatureList\Html\quickaccess\js]
"init.js" = "UISYlVNiDK8PvMqoSyu W7Bjfmjd61jLLM4kGMAnh5WFunbnTA8mRmy6yg1k0/7t8MkWY3F4WPZeLXx0FWClYlT xNA HZki4RfrKlq30DGnsbO2l9JOAKa7YH u5fhGGhsBc DKxg0G2XpvHhOtWoTdQiGE3Fqo2l8C9lwcqXk="

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\SignatureList\Html\lib]
"jquery.mCustomScrollbar.concat.min.js" = "FEhORzx0GxacyZAVElwZHrgrANsncYw61M/NU 0QHFBgGjRJpqYWNkmYr RKq2WX0f/FJok0GTgzs8/6dhyMZytR PdWyBo75CPRNtP9mOif95Zo4easLJYCBcI5g2c0D5pRYPoiHsPikFHkAJqRvrN6hSayUrzNSKTswWIuyb0="

[HKCU\Software\Tencent\QQBrowser\extensions8\{8A24087F-391C-4695-B60C-56BE31AF1ECC}\8.0.0.3]
"Name" = "PCMgr Installer"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\SignatureList\Html]
"small.html" = "WhbKXbpTC/qXxBxGyDkPJ/ZidAPRqwpAIJ8PLBPltgCg1UOLWJ0KKlk30VAlBy8LToz1KY9tESfeyRr1Qj0S8uwj1uskS7BS Nv9rCDKYGKMcDtyfGr2PeKzp2Zm5lch76FJqhupbdr96BGzQfyKYi 6 F3Ih/Slsdzs3XdO9Ik="

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process QQBrowser.exe:3952 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 2A 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "75 08 33 8E 18 3B 39 C9 BC E5 0F 60 B2 2E 7B 1B"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process QQBrowser.exe:1604 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 21 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "99 49 92 56 37 C8 D1 1B 30 FC CA 19 50 E1 42 AD"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process QQBrowser.exe:1288 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ACTIVEX_REPURPOSEDETECTION]
"QQBrowser.exe" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKCU\Software\Tencent\QQBrowser\Scopes\1596_dab63]
"CrashRecord" = "48 76 9B A5 01 00 00 00 00 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND]
"QQBrowser.exe" = "1"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER]
"QQBrowser.exe" = "6"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE]
"QQBrowser.exe" = "1"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALIGNED_TIMERS]
"QQBrowser.exe" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 27 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT]
"QQBrowser.exe" = "0"

[HKCU\Software\Tencent\QQBrowser\IESettings\Main]
"Disable Script Debugger" = "yes"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_DOCUMENT_ZOOM]
"QQBrowser.exe" = "0"

[HKCU\Software\Tencent\QQBrowser\IESettings\Main]
"PlaySounds" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_SECURITY_THUNKS]
"QQBrowser.exe" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_HIGHFREQ_TIMERS]
"QQBrowser.exe" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016052720160528]
"CachePath" = "%USERPROFILE%\Application Data\Tencent\QQBrowser\Scope\1596\History\History.IE5\MSHist012016052720160528\"
"CacheLimit" = "8192"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DISPPARAMS]
"QQBrowser.exe" = "0"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_IMG]
"QQBrowser.exe" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016052720160528]
"CacheRepair" = "0"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_USE_BUILTIN_ACCEPT_HEADERS]
"QQBrowser.exe" = "1"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL]
"QQBrowser.exe" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016052720160528]
"CachePrefix" = ":2016052720160528:"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_ISO_2022_JP_SNIFFING_V2]
"QQBrowser.exe" = "1"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XSSFILTER]
"QQBrowser.exe" = "1"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FORCE_DISABLE_UNTRUSTEDPROTOCOL]
"QQBrowser.exe" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_AJAX_CONNECTIONEVENTS]
"QQBrowser.exe" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_OBJECT]
"QQBrowser.exe" = "1"

[HKCU\Software\Tencent\QQBrowser\MIME\text/vnd.wap.wml]
"CLSID" = "{25336920-03F9-11cf-8FD0-00AA00686F13}"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENFORCE_BSTR]
"QQBrowser.exe" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PRIVATE_FONT_SETTING]
"QQBrowser.exe" = "1"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PAINT_INSIDE_WMPAINT]
"QQBrowser.exe" = "0"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "EA DB A8 69 D7 FC F9 54 17 12 73 4C 84 82 26 45"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION]
"QQBrowser.exe" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VIEWLINKEDWEBOC_IS_UNSAFE]
"QQBrowser.exe" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER]
"QQBrowser.exe" = "6"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Tencent\QQBrowser\IESettings\Main]
"SmoothScroll" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_ISO_2022_JP_SNIFFING]
"QQBrowser.exe" = "1"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL]
"QQBrowser.exe" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016052720160528]
"CacheOptions" = "11"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HIGH_RESOLUTION_AWARE]
"QQBrowser.exe" = "1"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_DYNAMIC_OBJECT_CACHING]
"QQBrowser.exe" = "0"

[HKCU\Software\Tencent\QQBrowser\IESettings\Main]
"DisableScriptDebuggerIE" = "yes"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INTERNET_SHELL_FOLDERS]
"QQBrowser.exe" = "0"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

"IntranetName" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following registry key(s):

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014041520140416]

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process QQBrowser.exe:928 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8C 00 0C 82 A7 A8 10 E6 10 18 12 80 CE 2E 9A FE"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

The process QQBrowser.exe:2036 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1E 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "DE 4E 5F 74 54 F8 1D 3C F2 D5 CC 21 74 59 C7 E0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process QQBrowser.exe:1596 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"

[HKCU\Software\Tencent\QQBrowser\Common]
"QQLaunchCount" = "00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Tencent\QQBrowser\Common]
"LastLaunch" = "Type: REG_QWORD, Length: 8"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryCount" = "16"

[HKCU\Software\Tencent\QQBrowser\CleanITFS]
"ITFSCloseToClean" = "0"

[HKCU\Software\Tencent\QQBrowser\PluginMgr]
"PlugConfigVersion" = "1.0.0.82"

[HKCU\Software\Tencent\QQBrowser\Launch]
"LaunchOpenPageType" = "1"

[HKCU\Software\Tencent\QQBrowser\FavSync]
"tm" = "600000"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Tencent\QQBrowser\Liveup]
"LastQueryDate" = "MQAzADEAMAA4ADgANAA4ADIAOQA4ADMAMwAwAAAAHgAAAA=="

[HKCU\Software\Tencent\QQBrowser\Common]
"DefaultSearchEngineUpdate" = "4"

[HKCU\Software\Tencent\QQBrowser\Launch]
"WinPos" = "73 67 41 41 41 48 59 41 41 41 42 4B 42 41 41 41"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"ControlFlags" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 23 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Tencent\QQBrowser\UrlRecords]
"URLd00f01700c2" = "68 00 74 00 74 00 70 00 3A 00 2F 00 2F 00 31 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"TypesSupported" = "7"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Tencent\QQBrowser\Scopes\1596_dab63]
"CrashRecord" = "48 76 9B A5 01 00 00 00 00 00 00 00 00 00 00 00"

[HKCU\Software\Tencent\QQBrowser\Common]
"QLDefSearchEngine" = "4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKCU\Software\Tencent\QQBrowser\InstallInfo]
"NewInstall" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Tencent\QQBrowser\OnlineSetup]
"QQBrowserFix" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"

[HKCU\Software\Tencent\QQBrowser\InstallInfo]
"FirstLaunch" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Tencent\QQBrowser\OnlineSetup]
"QQMail" = "1"

[HKCU\Software\Tencent\QQBrowser\Common]
"LaunchCount" = "00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00"

[HKCU\Software\Tencent\QQBrowser\ChromeTab]
"NeedChromeTabUpdate" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"

[HKCU\Software\Tencent\QQBrowser\PluginMgr]
"plugEnable" = "42"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "86 EC 2A F5 1E E0 06 72 E1 43 F9 B6 75 7E 84 A8"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"ControlFlags" = "1"

[HKCU\Software\Tencent\QQBrowser\CleanITFS]
"ITFSLastDay" = "151722"

[HKCU\Software\Tencent\QQBrowser\Common]
"LastDefaultOrPopup" = "Type: REG_QWORD, Length: 8"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Tencent\QQBrowser\Skin\Tabdown_new]
"BottomColor" = "16579836"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Liveup\Temp]
"QQBrowserLiveup.exe" = "QQBrowserLiveup"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"

[HKCU\Software\Tencent\QQBrowser\DB\PushCfg]
"PushFlag" = "1"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKCU\Software\Tencent\QQBrowser\Advanced]
"IE8CoreUpdateFlag" = "2"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"

[HKCU\Software\Tencent\QQBrowser\Skin\Tabdown_new]
"TopColor" = "15461355"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKCU\Software\Tencent\QQBrowser\Common]
"DefaultSearchEngine" = "4"

[HKLM\SOFTWARE\Microsoft\ESENT\Process\QQBrowser\DEBUG]
"Trace Level" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Tencent\QQBrowser\ChromeTab]
"NeedBrowserUpdate" = "0"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKCU\Software\Tencent\QQBrowser\FavSync]
"UpdateURL" = "aHR0cDovL2NoYW5uZWwuYnJvd3Nlci5xcS5jb20v"

[HKCU\Software\Tencent\QQBrowser\Common]
"n" = "30"
"l" = "14"
"M" = "4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Tencent\QQBrowser\Common]
"t" = "80"
"s" = "10"
"p" = "5"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Tencent\QQBrowser\FavSync]
"RT" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKCU\Software\Tencent\QQBrowser\Skin\Tabdown_new]
"SkinId" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKCU\Software\Tencent\QQBrowser\ChromeTab]
"ChromeTabStatus" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"LogSessionName" = "stdout"

[HKCU\Software\Tencent\QQBrowser\PluginMgr]
"BtnPosStatusInfo" = "5B 7B 22 49 44 22 3A 22 7B 35 46 44 36 35 41 45"

[HKCU\Software\Tencent\QQBrowser\OnlineSetup]
"SSO" = "2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile" = "%System%\ESENT.dll"

[HKCU\Software\Tencent\QQBrowser\Launch]
"WinMaximum" = "0"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryMessageFile" = "%System%\ESENT.dll"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKCU\Software\Tencent\QQBrowser\Launch]
"AutoRestoreTabs" = "0"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

"IntranetName" = "1"

The Trojan deletes the following registry key(s):

[HKCU\Software\Tencent\QQBrowser\UrlRecords]

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

[HKLM\SOFTWARE\Microsoft\ESENT\Process\QQBrowser\DEBUG]
"Trace Level"

The process QQBrowser.exe:1520 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "2F 36 79 67 56 FC 22 EE DE 15 8B 1A 4B 4F 8F AD"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

The process QQBrowser.exe:1108 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Tencent\QQBrowser\Scopes\1596_dab63]
"CrashRecord" = "48 76 9B A5 01 00 00 00 00 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 26 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "31 C3 39 2F 10 E7 BE 20 6D 8F 1E 81 FB 54 E9 CE"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process QQBrowser.exe:1452 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Classes\ftp\shell\open\ddeexec]
"(Default)" = ""

[HKCU\Software\Classes\ftp\DefaultIcon]
"(Default)" = "%Program Files%\Tencent\QQBrowser\QQBrowser.exe,0"

[HKCU\Software\Classes\https\shell]
"(Default)" = "open"

[HKCU\Software\Classes\ftp\shell]
"(Default)" = "open"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\Tencent\QQBrowser]
"QQBrowser.exe" = "QQÃ¦ÂµÂÃ¨Â§Ë†Ã¥â„¢Â¨"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKCU\Software\Classes\http\shell]
"(Default)" = "open"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Classes\http\DefaultIcon]
"(Default)" = "%Program Files%\Tencent\QQBrowser\QQBrowser.exe,0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCU\Software\Classes\ftp\shell\open\command]
"(Default)" = "%Program Files%\Tencent\QQBrowser\QQBrowser.exe -- %1"

[HKCU\Software\Classes\https\shell\open\ddeexec]
"(Default)" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "32 D7 A0 18 DC 44 34 6D 0B 55 7A CD 4E 2F 49 69"

[HKCU\Software\Classes\http\shell\open\ddeexec]
"(Default)" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Classes\https\DefaultIcon]
"(Default)" = "%Program Files%\Tencent\QQBrowser\QQBrowser.exe,0"

[HKCU\Software\Classes\https\shell\open\command]
"(Default)" = "%Program Files%\Tencent\QQBrowser\QQBrowser.exe -- %1"

[HKCU\Software\Classes\http\shell\open\command]
"(Default)" = "%Program Files%\Tencent\QQBrowser\QQBrowser.exe -- %1"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

"IntranetName" = "1"

The process QQBrowser.exe:3132 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 29 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "FC 6D F3 01 B0 E1 5A 7D 53 1D 87 73 55 81 28 FE"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process QQBrowser.exe:252 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "18 0A F1 7F B4 A8 DD B0 4E 46 56 96 E1 16 EB 95"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

The process QQBrowser.exe:3988 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 2B 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6A 14 B3 EE D0 27 29 70 B7 91 B5 4E 10 4E F7 B2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process QQBrowser.exe:1676 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ACTIVEX_REPURPOSEDETECTION]
"QQBrowser.exe" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKCU\Software\Tencent\QQBrowser\Scopes\1596_dab63]
"CrashRecord" = "48 76 9B A5 01 00 00 00 00 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND]
"QQBrowser.exe" = "1"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER]
"QQBrowser.exe" = "6"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE]
"QQBrowser.exe" = "1"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALIGNED_TIMERS]
"QQBrowser.exe" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT]
"QQBrowser.exe" = "0"

[HKCU\Software\Tencent\QQBrowser\IESettings\Main]
"Disable Script Debugger" = "yes"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_DOCUMENT_ZOOM]
"QQBrowser.exe" = "0"

[HKCU\Software\Tencent\QQBrowser\IESettings\Main]
"PlaySounds" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_SECURITY_THUNKS]
"QQBrowser.exe" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_HIGHFREQ_TIMERS]
"QQBrowser.exe" = "1"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DISPPARAMS]
"QQBrowser.exe" = "0"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_IMG]
"QQBrowser.exe" = "1"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_USE_BUILTIN_ACCEPT_HEADERS]
"QQBrowser.exe" = "1"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL]
"QQBrowser.exe" = "1"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_ISO_2022_JP_SNIFFING_V2]
"QQBrowser.exe" = "1"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XSSFILTER]
"QQBrowser.exe" = "1"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FORCE_DISABLE_UNTRUSTEDPROTOCOL]
"QQBrowser.exe" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_AJAX_CONNECTIONEVENTS]
"QQBrowser.exe" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_OBJECT]
"QQBrowser.exe" = "1"

[HKCU\Software\Tencent\QQBrowser\MIME\text/vnd.wap.wml]
"CLSID" = "{25336920-03F9-11cf-8FD0-00AA00686F13}"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENFORCE_BSTR]
"QQBrowser.exe" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PRIVATE_FONT_SETTING]
"QQBrowser.exe" = "1"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PAINT_INSIDE_WMPAINT]
"QQBrowser.exe" = "0"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "98 08 73 52 FB F1 FB 2B 23 F5 F3 6C 1F 10 8D EC"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION]
"QQBrowser.exe" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VIEWLINKEDWEBOC_IS_UNSAFE]
"QQBrowser.exe" = "1"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER]
"QQBrowser.exe" = "6"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCU\Software\Tencent\QQBrowser\IESettings\Main]
"SmoothScroll" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_ISO_2022_JP_SNIFFING]
"QQBrowser.exe" = "1"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL]
"QQBrowser.exe" = "1"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HIGH_RESOLUTION_AWARE]
"QQBrowser.exe" = "1"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_DYNAMIC_OBJECT_CACHING]
"QQBrowser.exe" = "0"

[HKCU\Software\Tencent\QQBrowser\IESettings\Main]
"DisableScriptDebuggerIE" = "yes"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INTERNET_SHELL_FOLDERS]
"QQBrowser.exe" = "0"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

"IntranetName" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The process QQBrowser.exe:1368 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1D 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "22 53 DA 80 E2 EF 50 F2 AA CA 13 58 CC AD 9C E3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process QQBrowser.exe:220 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKCU\Software\Tencent\QQBrowser\Common]
"SEventStat" = "00 01 18 00 01 00 0B 1A 00 0B 10 01 22 57 48 95"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCU\Software\Tencent\QQBrowser\FavSync]
"WupServer" = "1"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Tencent\QQBrowser\FavSync]
"clientguid" = "2e3d50aecd65755299675ee0144988cb"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 20 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "39 94 2B E7 DB 5A 44 7F F3 3A B5 D4 26 35 F2 D7"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process V8._85296_20150814221218.exe:1252 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Tencent\QQBrowser\extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\SignatureList]
"accountInfoBar.html" = "AY9EPX/xn4 koiwdV53GGkKRrHlPe7dM7IW095EVLW9EcDFnd3D265K4Q97AvSL1mXyed eU6run704RFnvWsteF2Kz1i2/PqgFmx2uHgcq/eNCgvSwJWAh8fOxdtupX4PCMNt5bTfniQeDl1nzt VR9bLAfthB2NSQNbTssemk="

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25]
"Name" = "Ã¥â€ â€¦Ã©Â¡ÂµÃ©ÂÂ¢"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\SignatureList\Html\quickaccess\js]
"api.js" = "KdzpiPPafc//mqIv/5 XJLoPFho3ixPxjdBXo7fUMneJIFwT70jZTYldVYFnNHeL75MbZIrnRbIYTfxe7Pn8oDaTs4SCaf6q8dQXmJ9ssO80MuxeP0ndCXW5IOoqPZoJ3wyDTzNrqihWlm/ ozzmC6tlQNwpaledwco9hHv3Kac="

[HKCU\Software\Tencent\QQBrowser\Launch]
"SkinUpdateFlag" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKLM\SOFTWARE\Tencent\QQBrowser]
"INSTLANG" = "1033"

[HKCU\Software\Tencent\QQBrowser\Common]
"MainPageDIY_" = "1984700626"

[HKCU\Software\Tencent\QQBrowser\extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25]
"Operational" = "1"
"STYLE" = "104"

[HKLM\SOFTWARE\Tencent\QQBrowser]
"s2" = "4"
"s1" = "4"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\SignatureList\Html]
"private.html" = "K xv/ifPeX60jeD65vv gUoqtdQCKyrPu3G9CV9ZgkzifnKYT2HlMs77KUqIBos6Ta5uCGG4ausc030WTKPfMuL9EjmW7FoJZIZgTcWa mx0 gaAmsoMZHsvq/IVS6SDzsQ/mOiHy60uAr1RKyo62yEJn9wW8JYFqpfIUaAznfU="

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\SignatureList\Html\lib]
"ycalendar.js" = "Ib0wShmBpOPdR6WIXozuGPAYmfhw HqOZEc9lU wePCCZVQ6YfBPhdNrdduMjhS5hB3SnrGR577LroR1Y2Rv4mlpMvc090e40OzXs/knSRxzb3rCvfZPwpa/HlTAtP47aP6I75ecIT0dIl/vPovsR1gjWfVFjfvcmILiHbwDA4="

[HKCU\Software\Tencent\QQBrowser\extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25]
"Version" = "8.0.0.25"

[HKCU\Software\Tencent\QQBrowser\extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\SignatureList\js]
"inforBar.js" = "S232TIJBgUGMXlTdOQRla7UFcRwmODl7HS6sTy2LB9xtBKNjcUUfpZCPrXF11mEjmXkG04wEItvpPgr70sOc1/mxQ92eYR7k/8G5ajwkGW/ IBjUUsSE0sTzHIxwQExAFa8newkyrRqF jHkN1n4BZKdzwbw f0TqwXpiJUe/z0="

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\SignatureList\Html\manage\js]
"init.js" = "PFyqkS14Ezzwwz3NzSYKgQGIhRXUTnt6ktpq OCUoyT9x96JDR5tWlyWvGn/S8QtChKnWJ4ieyeVWXLQUrQGG5lEDl33J3dmOavy3OUOcvX8XpPA3BcX5XgT1VHlb3zNVVQaT0TPyzBF3SD2OEBbSxfyUQgtDaSBe0RsaU7Xnb0="

[HKCU\Software\Tencent\QQBrowser\extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\BackgroundPage]
"LoadingTime" = "LoadAsInited"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\SignatureList\Html\quickaccess\js]
"global.js" = "SeN/CHriBIVnAjdwU6fW8AHF Y5sYGuTkrIwtRsftkTb2xJMtrUsGn1IuvZYyuHQDvkeFojs9MobGSEuJ Cj1S94nQrvzQbV8hd2sS2j27SmIQHTJjaC478N4KYEvvLFu84D1tWaEUfLCXZkhjwTcNPsC45ORTPKG6hzgqeccMM="

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"

[HKCU\Software\Tencent\QQBrowser\extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\ContentScripts\DocumentIdle_0]
"AllFrames" = "1"

[HKCU\Software\Tencent\QQBrowser\extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\8.0.0.12]
"Version" = "8.0.0.12"

[HKCU\Software\Tencent\QQBrowser\extensions8]
"CommandOrder" = "1"

[HKCU\Software\Tencent\QQBrowser\PrivateCfg]
"EnableZombieReport" = "1"

[HKCU\Software\Tencent\QQBrowser\extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\SignatureList]
"content.js" = "HT1aXFiSWWlckk7HXoJkwioM1SSPnbDaXAKb3oOmdxHYpJDFZoUmdiVxYpDM4q3nhXWNdlgFJwH88gmJBpR EYUVMlJRLk6nW0WTWFpoKuGv5 bv3Fafms133G5ygK61lv0xigm9vitf72LDM0wpESsg8yMdDmk1uvrCbYE3Swg="

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25]
"Operational" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Tencent\QQBrowser\InstallInfo]
"NewInstall" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QQBrowser]
"URLInfoAbout" = "http://www.qq.com"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25]
"STYLE" = "64"

[HKCU\Software\Tencent\QQBrowser\Advanced]
"EnableUEData" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\SignatureList\Html\manage\js]
"global.js" = "F1x bElWW0KAVW8dze0Mbr/Dm6CoJGRHw9Hyx1RReWDG/gXkjcQdXk a46Axg2sDjSzwOpra92NNO7ANhXE2f070FE9R4JQlb/7EiMo34Yuv2ik9RgJGDod4aT/h9hBhC2S9yWne0JH7Nr/mbFU8Mb88RrN0Q7POMH3VHicGxxo="

[HKCU\Software\Tencent\QQBrowser\extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\8.0.0.12]
"Desc" = "QBSafe"
"STYLE" = "80"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25]
"ManifestVersion" = "2"

[HKCU\Software\Tencent\QQBrowser\extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}]
"CommandOrder" = "1"

[HKCU\Software\Tencent\QQBrowser\Launch]
"AbpCalcFlag" = "1"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25]
"RequiredMinVersion" = "8.0.0.2261"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\SignatureList\Html\lib]
"jquery.easing.js" = "TmbGZQQC93Sgo2FdztxQ0d9XKSQvW71Fi7BWXGb3/Y FVjxcrUPmKaPobqD7KbZMw7CHfrtxoraOME53bkqu7WtNB48Toe29QgontHYDQgrkR9tTzIz8ByGm187nfwmjMQ/pazCml7IhkVNcTRuiUBILtPyb5I8Dg6vKCCa8fcU="

[HKCU\Software\Tencent\QQBrowser\extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\SignatureList]
"background.js" = "F9mIz66B1YB2KiWHfg8OtENAgX96C/1LO0KjQQHIR31aEaHLE5tPl fwJZigG8Q6ZhhcxmJ3KXTQWzo63lWn8vSkbn4pdwgVMT2Or3vBeRoD97hKndLnvyZ4QoTWvOskDzcBA5mzrDV9Yp5x1R/Z5lNfFH3FL0d1CPq TAfTet4="

[HKCU\Software\Tencent\QQBrowser\extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\8.0.0.12]
"Operational" = "1"

[HKCU\Software\Tencent\QQBrowser\Common]
"MainPageDIY" = "ZgAuAGoAaQBzAHMAMwA2ADAALgBjAG4AAAAaAAAA"

[HKCU\Software\Tencent\QQBrowser\InstallInfo]
"InstallModeForExtension" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKLM\SOFTWARE\Tencent\QQBrowser]
"InstallDir" = "%Program Files%\Tencent\QQBrowser"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\SignatureList\Html\manage\js]
"business.js" = "IuxI4T0J7Bik5qY6/aqfPYonejaosMlt7RKPN2HAI58nqalyzaR3NKDmDMBsP/GLsP/n4EEmigqfaXfhw1XVPuoKRupEmWoBrFcuX0YxFI/tTm8jQjjGQnoyTA0sowMVrFwfL ATf0Id2A3Ld1g7RvjnRX1DRtsnCMsCqrERJjk="

[HKCU\Software\Tencent\QQBrowser\Launch]
"InstallQuickSetting" = "0"

[HKCU\Software\Tencent\QQBrowser\InstallInfo]
"DefaultBrowserFirstRun" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}]
"currentVersion" = "8.0.3.25"

[HKCU\Software\Tencent\QQBrowser\extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\8.0.0.12]
"ManifestVersion" = "2"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\SignatureList\Html\manage]
"index.html" = "Uy0EzM9E6A oW0Z32PTfsdnTQKM8SYLC8Svtt17Rtqz fslfu4Rf0azo0648ksrzDNSmiBlKk0iB2FCsYtC5RZOxmCgxpG0rk16BRJ1Gpf8hQmkpWSTzx2IR MAZgb7CqIwwhGHPzE3qF1k4bVaBita wVueecTJfn4gHFZ1bLg="

[HKCU\Software\Tencent\QQBrowser\extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}]
"currentVersion" = "8.0.0.25"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "72 B2 ED 22 BF 2A 91 69 BD 04 44 A2 EF 8E 13 79"

[HKCU\Software\Tencent\QQBrowser\extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25]
"Name" = "Ã¨Â´Â¦Ã¥ÂÂ·Ã¥Å Â©Ã¦â€°â€¹"

[HKLM\SOFTWARE\Tencent\QQBrowser]
"EXE" = "%Program Files%\Tencent\QQBrowser\QQBrowser.exe"

[HKCU\Software\Tencent\QQBrowser\extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25]
"ManifestVersion" = "2"

[HKCU\Software\Tencent\QQBrowser\extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\SignatureList]
"background.html" = "Fm2eUg6wC00HcJHVm5J5S9WbzmEVSNFdyD8in0PXbYIUFYHWK zhaV9u182EDyOlZuGJx5fLb0VPFyexkuUSnj4ULw1KjUvqMjtjvPcMlgxIOsZ2m2jqwbJsRGPbXSLKCMKqq uFRju5vweuSqBckjVRLe4ndm/ewMWuI7GJUkQ="

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\SignatureList\Html]
"certerror.html" = "Quu5ifaZbhsH6hfNNjsEbMi71iGFPa 7qoPsbDB85tzNJhbuwap kINuU5JVUFuy7ab/H63S1Y9kCw eo6zOs2bZvrgxEv8DGHhKa832zqs6fjzTX BFb6/uP1kQr9kAIzY jkBspKr9vZIFKnmKfjTFFlvSX3lQxR9BTuyhiN8="

[HKCU\Software\Tencent\QQBrowser\extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}]
"CommandOrder" = "0"

[HKCU\Software\Tencent\QQBrowser\extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\8.0.0.12\BackgroundDll]
"LoadingTime" = "LoadAsInited"

[HKCU\Software\Tencent\QQBrowser]
"HomePageCfg" = "1"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\SignatureList\Html\manage\history]
"history2.js" = "EYdPibxwSOsOqWp65 q m9YPkG2qiUUGpCPnvRau01UVBjkeEsX12Uy5TmZV0QiqFodnvBKS8uPPdSDAtWYh46mlNAugPtYfiEf7rdH5i9IKkjarXT3vqrc8m dOB2sBwi35rGtSx5Q mNco60nlRGZ/4BbXHVO9e4liF3omtHU="

[HKCU\Software\Tencent\QQBrowser\extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25]
"RequiredMinVersion" = "8.0.0.0"

[HKCU\Software\Tencent\QQBrowser\extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\8.0.0.12\BackgroundDll]
"Path" = "QBSafe.dll"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QQBrowser]
"UninstallString" = "%Program Files%\Tencent\QQBrowser\uninst.exe"

[HKCU\Software\Tencent\QQBrowser\extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25]
"Desc" = "Ã¨Â´Â¦Ã¥ÂÂ·Ã¥Å Â©Ã¦â€°â€¹"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\SignatureList\Html\quickaccess]
"index.html" = "DG53S6RFyw43Ype9xROtxTn4z5b3SsHMzH8/wVLXZciV6q4kwtV3RzjBgYe7MiTfATyKVDf5DqI/mqQCIpYrr1JN6EXZR81dwwgj70KhNn/9WcjMdpBvKxRLCjl82LcKMlx91xsdg6Dt6Oy2gDhDopfRX1ThZ2OFvfdSyp4OHQo="

[HKCU\Software\Tencent\QQBrowser\extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\ContentScripts\DocumentIdle_0]
"JS" = "content.js"

[HKCU\Software\Tencent\QQBrowser\extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}]
"currentVersion" = "8.0.0.12"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QQBrowser]
"Publisher" = "Ã¨â€¦Â¾Ã¨Â®Â¯Ã§Â§â€˜Ã¦Å â‚¬Ã¯Â¼Ë†Ã¦Â·Â±Ã¥Å“Â³Ã¯Â¼â€°Ã¦Å“â€°Ã©â„¢ÂÃ¥â€¦Â¬Ã¥ÂÂ¸"

[HKCU\Software\Tencent\QQBrowser\extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\8.0.0.12]
"ID" = "{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}"

[HKLM\SOFTWARE\Tencent\QQBrowser]
"Version" = "8.2.3638.400"

[HKCU\Software\Tencent\QQBrowser\extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\BackgroundPage]
"Path" = "background.html"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\SignatureList\Html\manage\js]
"api.js" = "CTLNX2nY1O7mQDlrx81saZ A/b3cld1PV1aWjfRWB9Uk7nMqUgRWUwgVmyvWg9gkM0yW1MsoF6XNwlLBdc8okJ8kImN9HQxCfo4NuKEahbCA1RnudXB pCuvw3EEMiY ORP/YDMicZcSXjtSnvP3UDhaX THBQVVts I5sLdd5g="

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\SignatureList\Html\manage\js]
"tool.js" = "K4IAXHGyqD8uA sLEGlFibFQFep8I HkPC6DghtA9hoTdT1tLMSTsbcae2i84ApCOoZfk1C2pUFZKm zTVVUv9o4P9Oozg9nnWh57vtG7ZXh3mv8qIRGwwANrzOQ rITxZOxWcTUTD8qZm E8LlIN0BrJJKq4Pp9GeSDBv4bMoc="

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\SignatureList\Html\quickaccess\js]
"init.js" = "HS Wucfrv 6MUQNZq0WGl6Yw8Ly2dg hvt5V24pB0sowDcogYJpVFP7lyYpqkEWURP1N0mBL8t qCq70Zi/U/E2y7YbqDiQlmwkkHeUSHMVnfCk5anb9ybtcI//8CWC67XXLFO0oRjvc9PsAQHdcDriLEMx3DzYDxb ZLFaswiU="

[HKCU\Software\Tencent\QQBrowser\extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\8.0.0.12]
"RequiredMinVersion" = "8.1.0.0"

[HKCU\Software\Tencent\QQBrowser\Launch]
"Learned" = "1"

[HKCU\Software\Tencent\QQBrowser]
"(Default)" = "%Program Files%\Tencent\QQBrowser"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25]
"Version" = "8.0.3.25"

[HKCU\Software\Tencent\QQBrowser\extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25]
"ID" = "{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\SignatureList\Html\quickaccess\js]
"search.js" = "IOSc1vtqyq1U7w6ERKIDsLRpv4mCbXTIw/HKw13cRHxcexU7Lrlv64EHual89dNwbkQbQh5Vc4vQlubP2vKuq9yzILTIElywHb4C6Uf6xd26zYypsUK1RjKoffD8wVvBW9Vlj37VbAXxhI8K4Q8ZZk00jCUKlBc9Gh3bbxdA0Gs="

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\SignatureList\Html\lib]
"jquery.min.js" = "CHRzStLFVzowFpds/NlgIauwssen3//6We9cKfzF4H4Vd0hTu rRxAgWBSZOvL3qB MA5m1oDYbyEFquZhoip7CWckTQo6 S dUFfDJATgzAhGnGQPvY1xAeDuKT9mHvkWXV8QiJu5ZgSSuggmwXioU5HomYw1dNanbdvDS7rss="

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\SignatureList\Html]
"error.html" = "Gs5We3VMGdtvsJGT6u6MMVvDt3zSWVVCEh8CKo8BudWeZgocGRxZCxnUzIBcEspzCp9h2OFGwf4FTuDYG9Mf1MROlJx1oTz9uXnHk/JNRuCTn/dHBXBTqu6XR1tj6OqL7gKQ3svK/Mexy4lBO/PSgypdugTHFgugTpMadvZRDAE="

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\SignatureList\Html\lib]
"jquery.mCustomScrollbar.concat.min.js" = "FEhORzx0GxacyZAVElwZHrgrANsncYw61M/NU 0QHFBgGjRJpqYWNkmYr RKq2WX0f/FJok0GTgzs8/6dhyMZytR PdWyBo75CPRNtP9mOif95Zo4easLJYCBcI5g2c0D5pRYPoiHsPikFHkAJqRvrN6hSayUrzNSKTswWIuyb0="

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\SignatureList\Html\manage\app]
"app.js" = "G/xQAG9BNoueIWTF1B/FXI65sQFTqDtYNE0FVw5XsDx85Ijs IGfdoTBG7Py NEEoLHisu1f8t1F3PxhFNk DpdtGLy8bva44n6ej3FvOKk8n0KXPpT5IyCV8qs3EkNZaXZdk9rqBhdZQUdUDJDVnJ0iRs1nyTryHc9C8yzksaM="

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\SignatureList\Html\manage\app]
"sliderman.1.3.7.js" = "RkIvek G9RI Q9/NEOdxEh/ynLS5sJRj/vlO2PrWACyN8sI9vf695W/3CP d/Jr59MnJV2sK2YzNz6txbNvhpSI6S3MTO8Z3UJIBleKth0bLzeGpI4dTaAsMMam3QXyux3g7jkzADCCb5iHY8RLV c6W8sEprWrpGZNIRzFvOcs="

[HKLM\SOFTWARE\Tencent\QQBrowser]
"SupplyID" = "85296"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QQBrowser]
"DisplayVersion" = "8.2.3638.400"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\SignatureList\Html\lib]
"template.js" = "RzgJqwNHJ4N8sJDEKasrvKhYoIjrKXGKh3qo6y3p7Bx3eQjIDn1gNlluXXutWcLSBX23i7mSbXxa6km5He 5qAf5eFTYPlcyzJ1efN6K7LGNsOYTGrjFWBGg57GhUneVMDCg1l8ncB214UhBIQPO6KZ2/tvVX4d0a6nCIXqOTdc="

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}]
"CommandOrder" = "2"

[HKCU\Software\Tencent\QQBrowser\extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25]
"HomeUrl" = "http://app.browser.qq.com?id={309147A1-5CA9-4082-BAB3-BF9020CDE0C2}"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\SignatureList\Html]
"small.html" = "WhbKXbpTC/qXxBxGyDkPJ/ZidAPRqwpAIJ8PLBPltgCg1UOLWJ0KKlk30VAlBy8LToz1KY9tESfeyRr1Qj0S8uwj1uskS7BS Nv9rCDKYGKMcDtyfGr2PeKzp2Zm5lch76FJqhupbdr96BGzQfyKYi 6 F3Ih/Slsdzs3XdO9Ik="

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Tencent\QQBrowser\Launch]
"MainPageType" = "2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QQBrowser]
"DisplayName" = "QQÃ¦ÂµÂÃ¨Â§Ë†Ã¥â„¢Â¨8.2"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\SignatureList\Html\quickaccess\js]
"business.js" = "WwyVRnDKaHIVi7OS82cBQkBlZMsrWmAnPcwnoCg2R4t8EtSPDXSP0xhBttAipCfJaV6zLzkC21QRx1LrESQKdh3KvGzvw9O2dHm9Xj Ugulv8wtWsfMDS FQyAGC z0jMV4dBQooJplN1ncZteRXwjISn0jBdDc3CUac1LbU3CI="

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QQBrowser]
"DisplayIcon" = "%Program Files%\Tencent\QQBrowser\app.ico"

[HKCU\Software\Tencent\QQBrowser\PrivateCfg]
"TC_CFT_Bits3" = "71656520"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25]
"ID" = "{807849B3-40D8-42E3-8001-D541FD7CEBFB}"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

[HKCU\Software\Tencent\QQBrowser\extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\8.0.0.12]
"Name" = "QBSafe"

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nso3.tmp]
"V8._85296_20150814221218.exe" = "1"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Program Files%\Tencent\QQBrowser]
"bugreport.exe" = "%Program Files%\Tencent\QQBrowser\BugReport.exe:*:Enabled:QQBrowserBugReport"

"QQBrowser.exe" = "%Program Files%\Tencent\QQBrowser\QQBrowser.exe:*:Enabled:QQBrowser"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Liveup\Temp]
"QQBrowserLiveup.exe" = "%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Liveup\Temp\QQBrowserLiveup.exe:*:Enabled:QQBrowserLiveup"

The Trojan deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Tencent\QQBrowser]
"S2"
"S1"

[HKCU\Software\Tencent\QQBrowser\Launch]
"EnableUEData"

The process PerfTraceService.exe:1796 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D5 1E 5C AB 8C CE 5F E3 50 0C F5 E0 00 91 72 4E"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\PerfTraceService]
"TypesSupported" = "7"
"EventMessageFile" = "%Program Files%\Tencent\QQBrows"

The process PerfTraceService.exe:1512 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "DF E8 A2 01 1A 20 4C 00 B6 E8 8F 35 46 12 18 DE"

The process regsvr32.exe:1500 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCR\Interface\{E577DC7C-F3A8-4A79-A2B0-8E0A79FFA45B}\TypeLib]
"(Default)" = "{5FD70451-714E-495A-9F17-450AEF3AA35E}"

[HKCR\Interface\{E577DC7C-F3A8-4A79-A2B0-8E0A79FFA45B}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCU\Software\Tencent\QQBrowser\IE8\MIME\Database\Content Type\image/webp\bits]
"0" = "04 00 00 00 FF FF FF FF 52 49 46 46"

[HKCR\TypeLib\{5FD70451-714E-495A-9F17-450AEF3AA35E}\1.0\HELPDIR]
"(Default)" = "%Program Files%\Tencent\QQBrowser"

[HKCR\WEBPFilter.CoWEBPFilter]
"(Default)" = "WEBPFilter CoWEBPFilter"

[HKCR\WEBPFilter.CoWEBPFilter\CurVer]
"(Default)" = "WEBPFilter CoWEBPFilter.1"

[HKCR\WEBPFilter.CoWEBPFilter.1\CLSID]
"(Default)" = "{A981255C-6123-4487-B21A-9CF468EB3FC7}"

[HKCU\Software\Tencent\QQBrowser\IE8\MIME\Database\Content Type\image/webp]
"Image Filter CLSID" = "{A981255C-6123-4487-B21A-9CF468EB3FC7}"

[HKCR\MIME\Database\Content Type\image/webp]
"CLSID" = "{25336920-03F9-11cf-8FD0-00AA00686F13}"

[HKCR\AppID\WebpDecodeFilter.DLL]
"AppID" = "{A629F59C-66C9-4775-901A-A017530E3958}"

[HKCR\.webp]
"Content Type" = "image/webp"

[HKCR\WebpDecodeFilter.WebpImageDecodeFilt.1\CLSID]
"(Default)" = "{A981255C-6123-4487-B21A-9CF468EB3FC7}"

[HKCR\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}\ProgID]
"(Default)" = "WEBPFilter.CoWEBPFilter.1"

[HKCR\WEBPFilter.CoWEBPFilter.1]
"(Default)" = "WEBPFilter CoWEBPFilter"

[HKCR\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}]
"(Default)" = "WEBPFilter.CoWEBPFilter"

[HKCR\MIME\Database\Content Type\image/webp]
"Image Filter CLSID" = "{A981255C-6123-4487-B21A-9CF468EB3FC7}"

[HKCR\WebpDecodeFilter.WebpImageDecodeFilt.1]
"(Default)" = "WebpImageDecodeFilter Class"

[HKCR\Interface\{E577DC7C-F3A8-4A79-A2B0-8E0A79FFA45B}]
"(Default)" = "IWebpImageDecodeFilter"

[HKCR\WebpDecodeFilter.WebpImageDecodeFilter]
"(Default)" = "WebpImageDecodeFilter Class"

[HKCR\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}\VersionIndependentProgID]
"(Default)" = "WEBPFilter.CoWEBPFilter"

[HKCR\Interface\{E577DC7C-F3A8-4A79-A2B0-8E0A79FFA45B}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}]
"AppID" = "{A629F59C-66C9-4775-901A-A017530E3958}"

[HKCR\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}\TypeLib]
"(Default)" = "{A981255C-6123-4487-B21A-9CF468EB3FC7}"

[HKCR\.webp]
"PerceivedType" = "image"

[HKCR\MIME\Database\Content Type\image/webp\bits]
"0" = "04 00 00 00 FF FF FF FF 52 49 46 46"

[HKCR\TypeLib\{5FD70451-714E-495A-9F17-450AEF3AA35E}\1.0\FLAGS]
"(Default)" = "0"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "3A 39 AC 52 33 12 65 0E C8 1E E0 C8 C5 53 CB F3"

[HKCU\Software\Tencent\QQBrowser\IE8\MIME\Database\Content Type\image/webp]
"CLSID" = "{25336920-03F9-11cf-8FD0-00AA00686F13}"

[HKCR\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}\InprocServer32]
"(Default)" = "%Program Files%\Tencent\QQBrowser\WebpDecodeFilter.dll"

[HKCR\Interface\{E577DC7C-F3A8-4A79-A2B0-8E0A79FFA45B}\TypeLib]
"Version" = "1.0"

[HKCR\AppID\{A629F59C-66C9-4775-901A-A017530E3958}]
"(Default)" = "WebpDecodeFilter"

[HKCR\WEBPFilter.CoWEBPFilter\CLSID]
"(Default)" = "{E577DC7C-F3A8-4A79-A2B0-8E0A79FFA45B}"

[HKCR\WebpDecodeFilter.WebpImageDecodeFilter\CLSID]
"(Default)" = "{A981255C-6123-4487-B21A-9CF468EB3FC7}"

[HKCR\WebpDecodeFilter.WebpImageDecodeFilter\CurVer]
"(Default)" = "WebpDecodeFilter.WebpImageDecodeFilt.1"

[HKCR\TypeLib\{5FD70451-714E-495A-9F17-450AEF3AA35E}\1.0\0\win32]
"(Default)" = "%Program Files%\Tencent\QQBrowser\WebpDecodeFilter.dll"

[HKCU\Software\Tencent\QQBrowser\IE8\MIME\Database\Content Type\image/webp]
"Extension" = ".webp"

[HKCR\MIME\Database\Content Type\image/webp]
"Extension" = ".webp"

[HKCR\TypeLib\{5FD70451-714E-495A-9F17-450AEF3AA35E}\1.0]
"(Default)" = "webpdecodefilter 1.0 Type Library"

The Trojan deletes the following registry key(s):

[HKCR\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}\TypeLib]
[HKCR\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}]
[HKCR\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}\InprocServer32]
[HKCR\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}\VersionIndependentProgID]
[HKCR\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}\ProgID]

The process KisService.exe:2144 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCR\CLSID\{A0EAC546-94F1-4446-B046-098DA7436763}\VersionIndependentProgID]
"(Default)" = "dll_KisIEProtecter.IEProtectBHO"

[HKCR\Drive\shellex\ContextMenuHandlers\iNetHellper-IEPlugin-DS]
"(Default)" = "{A0EAC546-94F1-4446-B046-098DA7436763}"

[HKCR\TypeLib\{C9AEC1CA-428C-40D1-AB4E-25DBA4E227BE}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\Directory\Background\shellex\ContextMenuHandlers\iNetHelper-IEPlugin-DS]
"(Default)" = "{A0EAC546-94F1-4446-B046-098DA7436763}"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files\Content.IE5"

[HKCR\CLSID\{A0EAC546-94F1-4446-B046-098DA7436763}\InprocServer32]
"(Default)" = "c:\program files\iNetHelper\KisIEProtecter.dll"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCR\TypeLib\{C9AEC1CA-428C-40D1-AB4E-25DBA4E227BE}\1.0\HELPDIR]
"(Default)" = ""

[HKCR\dll_KisIEProtecter.IEProtectBHO.1]
"(Default)" = "IEProtectBHO Class"

[HKCR\CLSID\{A0EAC546-94F1-4446-B046-098DA7436763}\ProgID]
"(Default)" = "dll_KisIEProtecter.IEProtectBHO.1"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 03 00 00 00 01 00 00 00 00 00 00 00"

[HKCR\CLSID\{7BAAA95E-7587-44CB-B87F-359D1C9A8E6E}]
"(Default)" = "iNetHepler"

[HKCR\CLSID\{7BAAA95E-7587-44CB-B87F-359D1C9A8E6E}\InprocServer32]
"(Default)" = "c:\program files\iNetHelper\KisDeskBand.dll"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKCR\CLSID\{7BAAA95E-7587-44CB-B87F-359D1C9A8E6E}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{A0EAC546-94F1-4446-B046-098DA7436763}" = "Protected By iNetHelper)"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Ext]
"IgnoreFrameApprovalCheck" = "1"

[HKCR\Folder\shellex\ContextMenuHandlers\iNetHelper-IEPlugin-DS]
"(Default)" = "{A0EAC546-94F1-4446-B046-098DA7436763}"

[HKCR\CLSID\{A0EAC546-94F1-4446-B046-098DA7436763}\TypeLib]
"(Default)" = "{C9AEC1CA-428C-40D1-AB4E-25DBA4E227BE}"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKCR\dll_KisIEProtecter.IEProtectBHO\CurVer]
"(Default)" = "dll_KisIEProtecter.IEProtectBHO.1"

[HKCR\TypeLib\{C9AEC1CA-428C-40D1-AB4E-25DBA4E227BE}\1.0\0\win32]
"(Default)" = "c:\program files\iNetHelper\KisIEProtecter.dll"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCR\Interface\{1EF38A23-5D9A-41F2-A7C1-FA79B83EC810}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\LocalService\Local Settings\History"

[HKCR\Interface\{1EF38A23-5D9A-41F2-A7C1-FA79B83EC810}\TypeLib]
"(Default)" = "{C9AEC1CA-428C-40D1-AB4E-25DBA4E227BE}"

[HKCR\dll_KisIEProtecter.IEProtectBHO\CLSID]
"(Default)" = "{A0EAC546-94F1-4446-B046-098DA7436763}"

[HKCR\dll_KisIEProtecter.IEProtectBHO]
"(Default)" = "IEProtectBHO Class"

[HKLM\SOFTWARE\360Safe\Liveup]
"mid" = "c2e002327fd54316e7e19c265c31455ff8559dc519e69a7d42d2f6af2f8e6f98"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCR\TypeLib\{C9AEC1CA-428C-40D1-AB4E-25DBA4E227BE}\1.0]
"(Default)" = "dll_KisIEProtecter 1.0 Ãƒâ‚¬ÃƒÂ ÃƒÂÃƒÂÃ‚Â¿ÃƒÂ¢"

[HKCR\Interface\{1EF38A23-5D9A-41F2-A7C1-FA79B83EC810}\TypeLib]
"Version" = "1.0"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A2 3B D4 1F 7D 15 7F 1F 1A 97 AD 1C B3 FE 91 94"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext]
"IgnoreFrameApprovalCheck" = "1"

[HKCR\CLSID\{A0EAC546-94F1-4446-B046-098DA7436763}]
"AppID" = "{2ECDC2F1-1039-4C1D-9214-AD768B83E8B9}"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCR\*\shellex\ContextMenuHandlers\iNetHelper-IEPlugin-DS]
"(Default)" = "{A0EAC546-94F1-4446-B046-098DA7436763}"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\inethelper\~d9d88\product.xml, , \??\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\inethelper\~d9d88\setup.xml, , \??\%WinDir%\TEMP\{19CAA9E9-E3B9-4160-8283-94453594EFB9}\urlproc.dll,"

[HKCR\Interface\{1EF38A23-5D9A-41F2-A7C1-FA79B83EC810}]
"(Default)" = "IIEProtectBHO"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\LocalService\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCR\CLSID\{A0EAC546-94F1-4446-B046-098DA7436763}]
"(Default)" = "IEProtectBHO Class"

[HKCR\Interface\{1EF38A23-5D9A-41F2-A7C1-FA79B83EC810}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\CLSID\{A0EAC546-94F1-4446-B046-098DA7436763}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\dll_KisIEProtecter.IEProtectBHO.1\CLSID]
"(Default)" = "{A0EAC546-94F1-4446-B046-098DA7436763}"

To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iNetHelper" = "c:\program files\iNetHelper\KisDeskURL.exe"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

It registers itself as a Browser Helper Object (BHO) to ensure its automatic execution every time Internet Explorer is run. It does this by creating the following registry key(s)/entry(ies):

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A0EAC546-94F1-4446-B046-098DA7436763}]
"(Default)" = "IEProtectBHO"

Proxy settings are disabled:

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

It registers itself as a Browser Helper Object (BHO) to ensure its automatic execution every time Internet Explorer is run. It does this by creating the following registry key(s)/entry(ies):

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A0EAC546-94F1-4446-B046-098DA7436763}]
"NoExplorer" = "1"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The Trojan deletes the following value(s) in system registry:

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"AutoConfigURL"
"ProxyServer"

The process kisdeskurl.exe:2832 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 28 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\c:\program files\iNetHelper]
"BrowersFacade.exe" = "BrowersFacade"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "49 D6 FE A0 32 42 5D 57 FD B3 55 5E 05 4C BD 97"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

Dropped PE files

MD5	File path
16ae0a59da95783599969cb2a8cd7b0d	c:\Documents and Settings\"%CurrentUserName%"\Application Data\Tencent\QQBrowser\Extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\8.0.0.12\QBSafe.dll
4c39358ebdd2ffcd9132a30e1ec31e16	c:\Documents and Settings\"%CurrentUserName%"\Application Data\Tencent\QQBrowser\InstModules\Microsoft.VC90.CRT\msvcp90.dll
cdbe9690cf2b8409facad94fac9479c9	c:\Documents and Settings\"%CurrentUserName%"\Application Data\Tencent\QQBrowser\InstModules\Microsoft.VC90.CRT\msvcr90.dll
268905b968aace3dbaf5dd97391071e9	c:\Documents and Settings\"%CurrentUserName%"\Application Data\Tencent\QQBrowser\InstModules\QBUtils.dll
4c39358ebdd2ffcd9132a30e1ec31e16	c:\Documents and Settings\"%CurrentUserName%"\Application Data\Tencent\QQBrowser\Liveup\Temp\Microsoft.VC90.CRT\msvcp90.dll
cdbe9690cf2b8409facad94fac9479c9	c:\Documents and Settings\"%CurrentUserName%"\Application Data\Tencent\QQBrowser\Liveup\Temp\Microsoft.VC90.CRT\msvcr90.dll
268905b968aace3dbaf5dd97391071e9	c:\Documents and Settings\"%CurrentUserName%"\Application Data\Tencent\QQBrowser\Liveup\Temp\QBUtils.dll
acd46c8f29be4cc5f659b87f115c740c	c:\Documents and Settings\"%CurrentUserName%"\Application Data\Tencent\QQBrowser\Liveup\Temp\QQBrowserLiveup.exe
4180c35f82fce27b97e934714ffe3694	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nso3.tmp\1332280.exe
f0e3845fefd227d7f1101850410ec849	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nso3.tmp\Base64.dll
254f13dfd61c5b7d2119eb2550491e1d	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nso3.tmp\NSISdl.dll
00a0194c20ee912257df53bfe258ee4a	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nso3.tmp\System.dll
15907c8e335563c313de6d7c86df99e5	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nso3.tmp\V8._85296_20150814221218.exe
2dc35ddcabcb2b24919b9afae4ec3091	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nso3.tmp\ZipDLL.dll
f727e45886d7a8d281c56acd2e109462	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nso3.tmp\iNetHelper_300002.exe
3035693137f153ef3e1213a945d33e00	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nso3.tmp\kinst_168_38.exe
e93b5a4fd5050116a84cf52011c516c1	c:\Program Files\Tencent\QQBrowser\Assistant.dll
4c86d70ab39a65776f5dd5702da9b509	c:\Program Files\Tencent\QQBrowser\BugReport.exe
16880d4c14c8aa0b4a1b0ec82b9f6cb3	c:\Program Files\Tencent\QQBrowser\Dialogs.dll
4d49497ce2c51461b42af928a91e3260	c:\Program Files\Tencent\QQBrowser\Downloader.dll
10d98bc99fb31673330239b88174973e	c:\Program Files\Tencent\QQBrowser\EventTracing.dll
d34a527493f39af4491b3e909dc697ca	c:\Program Files\Tencent\QQBrowser\Microsoft.VC90.CRT\msvcm90.dll
4c39358ebdd2ffcd9132a30e1ec31e16	c:\Program Files\Tencent\QQBrowser\Microsoft.VC90.CRT\msvcp90.dll
cdbe9690cf2b8409facad94fac9479c9	c:\Program Files\Tencent\QQBrowser\Microsoft.VC90.CRT\msvcr90.dll
77b80794e7726eade4fe30954e2e5847	c:\Program Files\Tencent\QQBrowser\MouseGesture.dll
73640253f394c6dd6940fc1fe222cd92	c:\Program Files\Tencent\QQBrowser\NetWork.dll
f1e9d5f32467dd034f828bcc293e7ad9	c:\Program Files\Tencent\QQBrowser\PrScrn.dll
88f2d2382cce7ec315ca6860ff0c4075	c:\Program Files\Tencent\QQBrowser\QBExtensionFramework.dll
16ae0a59da95783599969cb2a8cd7b0d	c:\Program Files\Tencent\QQBrowser\QBSafe.dll
268905b968aace3dbaf5dd97391071e9	c:\Program Files\Tencent\QQBrowser\QBUtils.dll
c3e4c6aaedb957ba059b51c1d2403c93	c:\Program Files\Tencent\QQBrowser\QQBrowser.exe
68eb386277ed0c2e4a13b6c5731f236e	c:\Program Files\Tencent\QQBrowser\QQBrowserFrame.dll
acd46c8f29be4cc5f659b87f115c740c	c:\Program Files\Tencent\QQBrowser\QQBrowserLiveup.exe
38977583aa8131702dd06a022a94476c	c:\Program Files\Tencent\QQBrowser\QQBrowserSecurityCenter.exe
f3df05cd6c209c05c5415af6bc9e7199	c:\Program Files\Tencent\QQBrowser\QRCode.dll
528fd48653019ba6629ec9d9db2cd6a9	c:\Program Files\Tencent\QQBrowser\Resource.dll
e826d419df589357d43554c7f0c0e39c	c:\Program Files\Tencent\QQBrowser\TridentCore.dll
12650137ef731c4f2967bd670287e357	c:\Program Files\Tencent\QQBrowser\WebpDecodeFilter.dll
699f0052d0c959f1a5b7c3926cce11fa	c:\Program Files\Tencent\QQBrowser\dr.dll
a51d90f2f9394f5ea0a3acae3bd2b219	c:\Program Files\Tencent\QQBrowser\service\7z.exe
1b47580cce6db40a3f389ebd6250795f	c:\Program Files\Tencent\QQBrowser\service\PerfTraceService.exe
e625e19acadb88eeaefd2f15cbc757f2	c:\Program Files\Tencent\QQBrowser\service\perfctrl.dll
8267d1cba70f87018d89bbb2bbbfdc03	c:\Program Files\Tencent\QQBrowser\service\xperf.exe
9ed4bdccc465222477805ca2df443596	c:\Program Files\Tencent\QQBrowser\tssafeedit.dat

HOSTS file anomalies

No changes have been detected.

Rootkit activity

Using the driver "\??\c:\program files\iNetHelper\KisSaasknl.sys" the Trojan controls creation and closing of processes by installing the process notifier.
Using the driver "\??\c:\program files\iNetHelper\SelfProtect.sys" the Trojan controls operations with a system registry by installing the registry notifier.
The Trojan installs the following kernel-mode hooks:

ZwTerminateProcess

Propagation

VersionInfo

Company Name: www.bearpc.net
Product Name: HD Player
Product Version:
Legal Copyright:
Legal Trademarks:
Original Filename:
Internal Name:
File Version: 1.3.7
File Description:
Comments:
Language: English (United States)

PE Sections

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Section MD5
.text	4096	23488	23552	4.48909	7ebfade271f75cb4c180603ab653af42
.rdata	28672	4496	4608	3.59139	9d6e96915262c9d1129a16fa0b02a19a
.data	36864	110456	1024	3.27356	dbf10679c897d0edeee280fffdad552f
.ndata	147456	36864	0	0	d41d8cd98f00b204e9800998ecf8427e
.rsrc	184320	33760	33792	4.34587	d66c7442d4cfaa10b30ef2de00c00e48

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

URL	IP
hxxp://n4cswhk3.gccdn.net/large/7185bdf1gw1f05vpdktqrg20go0a5u10.gif
hxxp://e6845.dscb1.akamaiedge.net/pca3-g5.crl
hxxp://e6845.dscb1.akamaiedge.net/CSC3-2010.crl
hxxp://qb.mig.tencent-cloud.net/accept?authcode=1771558448&guid=20CA7FCB-5BD0-79E2-F059-3169D2972B9C&supplyid=85296&IEVer=6&osVer=5.1.3&osDigit=32&psver=3&appId=3&cver=8.2.3638.400
hxxp://x2.tcdn.qq.com/qbfilepush/qqbrowser/cloudctrl/production/1415626007_8983.txt?&guid=20CA7FCB-5BD0-79E2-F059-3169D2972B9C
hxxp://down.qq.com/browser/btr/qqbrowser/ps/production/65_13_2013-11-28.CompatList?&guid=20CA7FCB-5BD0-79E2-F059-3169D2972B9C
hxxp://qbwup.imtt.qq.com/	14.17.34.222
hxxp://203.205.151.213/soft.imtt.qq.com/browser/btr/qqbrowser/ps/production/65_13_2013-11-28.CompatList?mkey=5748b3b3da60d437&f=6606&c=0&&guid=20CA7FCB-5BD0-79E2-F059-3169D2972B9C&p=.CompatList
hxxp://down.qq.com/browser/qqbrowser/cloudctrl/production/1411441978_1508.{B3D2254B-BB47-4d2f-B015-CDDE79BAD110}?&guid=20CA7FCB-5BD0-79E2-F059-3169D2972B9C
hxxp://203.205.151.213/soft.imtt.qq.com/browser/qqbrowser/cloudctrl/production/1411441978_1508.{B3D2254B-BB47-4d2f-B015-CDDE79BAD110}?mkey=5748b3b2da60d437&f=105&c=0&&guid=20CA7FCB-5BD0-79E2-F059-3169D2972B9C&p=.{B3D2254B-BB47-4d2f-B015-CDDE79BAD110}
hxxp://1st.dl.ourdvs.com/dl/rse/1332280.exe
hxxp://n4cswhk3.gccdn.net/large/7185bdf1gw1f26stg3lexg211y0lcnpj.gif
hxxp://z.rising.com.cn/Register/OnlineHelper/ForLog/Action.aspx?info=S2V5PVJTRUluc3RhbGxQb3AmdjE9QzA0RjZGNzYyMjA0NjY0ODMwMzAzMDMwMzAzMDMwMzAmdjI9MiZ2Mz02MSZ2ND02JnY1PTA=
hxxp://1st.ecoma.ourwebpic.com/config/rsedownloadconfig.xml
hxxp://rsdownload.rising.com.cn.gls.acadn.com/middle12/rsfree/rse1332280.exe	14.152.91.23
hxxp://n4cswhk3.gccdn.net/large/7185bdf1gw1f2972v45vyg20gu0de7ky.gif
hxxp://swwx.n.shifen.com/go/full/201/1202000454
hxxp://swdownload.jomodns.com/shurufa/bigime/b9ccbec9b93/FAEtx8iH_TN_channel1_2016-05-17_18-52-16_47_3.3.2.1028_1202000454.exe
hxxp://sogou.proxy.qq.com/favicon.ico
hxxp://dldir1.tcdn.qq.com/invc/tt/ps/res.ini
hxxp://qb-sz.mig.tencent-cloud.net/favicon.ico
hxxp://iua.duba.net/u/	119.147.146.46
hxxp://dldir1.qq.com.cdngc.net/invc/tt/ps/SSO_A2AAE88A707B517C1427E4D0DB9DF892.qbzip	37.29.13.42
hxxp://masterconn.qq.com/	203.205.144.215
hxxp://wup.imtt.qq.com/	59.37.96.170
hxxp://dldir1.qq.com.cdngc.net/invc/tt/ps/ProblemFix_B58E1FA4B62451F7450F98D2053A0715.qbzip	37.29.13.42
hxxp://dl.qhcdn.com/gf/360IniVerify.cab
hxxp://dl.qhcdn.com/gf/360ini.cab
hxxp://infoc0.duba.net/c/	221.228.204.20
hxxp://tj.union.ijinshan.com/c/	114.112.93.202
hxxp://120.55.138.124/NmIxNmEyZDRjNWM5YjU2MTA4YmUzNDc1ODI4MDRhNTAuZXhl/40.html
hxxp://qb.mig.tencent-cloud.net/plugin
hxxp://120.55.138.124/favicon.ico
hxxp://hpcc-page.cnc.ccgslb.com.cn/lminstall/168.json?time=1464374665
hxxp://x2.tcdn.qq.com/stdl/qbfilepush/qqbrowser/cloudctrl/production/1463643770_5350.txt?&guid=20CA7FCB-5BD0-79E2-F059-3169D2972B9C
hxxp://hk.proxy.sogou.com/favicon.ico?t=1464374667830
hxxp://x2.tcdn.qq.com/stdl/qbExtension/qqbrowser/Extensions/production/{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}_8.0.0.131_{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}.qrx
hxxp://ctc.e.proxy.sogou.com/data/hotwords/qq_browser_hotword.xml
hxxp://dldir1.tcdn.qq.com/invc/tt/ps/QQMail_302067711CCDA1C8C70E4558F288E861.qbzip
hxxp://qb.mig.tencent-cloud.net/epr?g=20CA7FCB-5BD0-79E2-F059-3169D2972B9C&k=10&tt=1464374667814
hxxp://qb.mig.tencent-cloud.net/eps?t=1464374667830
hxxp://hk.proxy.sogou.com/qq404query?url404=http://120.55.138.124/NmIxNmEyZDRjNWM5YjU2MTA4YmUzNDc1ODI4MDRhNTAuZXhl/40.html&cb=dealQQ404Query
hxxp://x2.tcdn.qq.com/stdl/qbExtension/qqbrowser/Extensions/production/{807849B3-40D8-42E3-8001-D541FD7CEBFB}_8.1.2.8_{807849B3-40D8-42E3-8001-D541FD7CEBFB}.qrx
hxxp://x2.tcdn.qq.com/btr/qqbrowser/ps/2202/85_1_2013-02-21.{BC4502A5-2152-423b-AB6B-1BD1999EA9BF}?&guid=20CA7FCB-5BD0-79E2-F059-3169D2972B9C
hxxp://s-b.360.cn/hips/update/inst.htm?m=c2e002327fd54316e7e19c265c31455f&v=1001165&w=0&b=1&d=2210001
hxxp://s-b.360.cn/hips/update/inst.htm?m=c2e002327fd54316e7e19c265c31455f&v=1001165&s=476&r=0&d=2210001
hxxp://down.qq.com/browser/btr/qqbrowser/ps/production/62_13_2014-06-06.list?&guid=20CA7FCB-5BD0-79E2-F059-3169D2972B9C
hxxp://s-b.360.cn/hips/update/inst.htm?m=c2e002327fd54316e7e19c265c31455f&v=1001165&s=294&r=0&d=2210001
hxxp://203.205.151.214/soft.imtt.qq.com/browser/btr/qqbrowser/ps/production/62_13_2014-06-06.list?mkey=5748b37dda60d437&f=6606&c=0&&guid=20CA7FCB-5BD0-79E2-F059-3169D2972B9C&p=.list
hxxp://e6845.dscb1.akamaiedge.net/pca3.crl
hxxp://s-b.360.cn/hips/update/inst.htm?m=c2e002327fd54316e7e19c265c31455f&v=1001165&s=285&r=0&d=2210001
hxxp://x2.tcdn.qq.com/btr/qqbrowser/ps/2109/64_19_2013-01-15.txt?&guid=20CA7FCB-5BD0-79E2-F059-3169D2972B9C
hxxp://x2.tcdn.qq.com/btr/qqbrowser/ps/3001/97_1_2013-06-20.{91977E3A-F255-4036-8B72-B07EA129C89A}?&guid=20CA7FCB-5BD0-79E2-F059-3169D2972B9C
hxxp://x2.tcdn.qq.com/stdl/qbfilepush/qqbrowser/cloudctrl/production/1431325272_1735.txt?&guid=20CA7FCB-5BD0-79E2-F059-3169D2972B9C
hxxp://down.qq.com/browser/btr/qqbrowser/ps/production/119_4_2014-01-15.qqzip?&guid=20CA7FCB-5BD0-79E2-F059-3169D2972B9C
hxxp://203.205.151.213/soft.imtt.qq.com/browser/btr/qqbrowser/ps/production/119_4_2014-01-15.qqzip?mkey=5748b379da60d437&f=6606&c=0&&guid=20CA7FCB-5BD0-79E2-F059-3169D2972B9C&p=.qqzip
hxxp://x2.tcdn.qq.com/stdl/qbExtension/qqbrowser/Extensions/production/{8A24087F-391C-4695-B60C-56BE31AF1ECC}_8.0.0.3_{8A24087F-391C-4695-B60C-56BE31AF1ECC}.qrx
hxxp://x2.tcdn.qq.com/stdl/qbExtension/qqbrowser/Extensions/production/{66AC5389-365D-4B55-BF5C-5A2A4BC21CCD}_8.0.0.44_{66AC5389-365D-4B55-BF5C-5A2A4BC21CCD}.qrx
hxxp://x2.tcdn.qq.com/stdl/qbfilepush/qqbrowser/cloudctrl/production/3037_1436248883.xml?&guid=20CA7FCB-5BD0-79E2-F059-3169D2972B9C
hxxp://down.qq.com/browser/btr/qqbrowser/ps/production/126_1_2014-01-20.zip?&guid=20CA7FCB-5BD0-79E2-F059-3169D2972B9C
hxxp://203.205.151.213/soft.imtt.qq.com/browser/btr/qqbrowser/ps/production/126_1_2014-01-20.zip?mkey=5748b37ada60d437&f=105&c=0&&guid=20CA7FCB-5BD0-79E2-F059-3169D2972B9C&p=.zip
hxxp://x2.tcdn.qq.com/stdl/qbfilepush/qqbrowser/cloudctrl/production/1434619918_9586.zip?&guid=20CA7FCB-5BD0-79E2-F059-3169D2972B9C
hxxp://x2.tcdn.qq.com/stdl/qbExtension/qqbrowser/Extensions/production/{6C1AE4FB-CABB-4509-9394-6CF047DA5B1A}_8.0.0.4_{6C1AE4FB-CABB-4509-9394-6CF047DA5B1A}.qrx
hxxp://stdl.qq.com/stdl/qbExtension/qqbrowser/Extensions/production/{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}_8.0.0.131_{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}.qrx	203.205.151.215
hxxp://crl.verisign.com/pca3-g5.crl	23.52.21.163
hxxp://s.360.cn/hips/update/inst.htm?m=c2e002327fd54316e7e19c265c31455f&v=1001165&s=285&r=0&d=2210001	116.211.111.239
hxxp://wup.html5.qq.com/
hxxp://soft.imtt.qq.com/browser/btr/qqbrowser/ps/production/62_13_2014-06-06.list?&guid=20CA7FCB-5BD0-79E2-F059-3169D2972B9C	103.7.30.45
hxxp://stdl.qq.com/stdl/qbExtension/qqbrowser/Extensions/production/{807849B3-40D8-42E3-8001-D541FD7CEBFB}_8.1.2.8_{807849B3-40D8-42E3-8001-D541FD7CEBFB}.qrx	203.205.151.215
hxxp://ps.browser.qq.com/accept?authcode=1771558448&guid=20CA7FCB-5BD0-79E2-F059-3169D2972B9C&supplyid=85296&IEVer=6&osVer=5.1.3&osDigit=32&psver=3&appId=3&cver=8.2.3638.400	101.227.169.18
hxxp://rse.rising.com.cn/config/rsedownloadconfig.xml	87.245.198.83
hxxp://tq.qq.com/favicon.ico	14.17.18.180
hxxp://dldl.qq.com/epr?g=20CA7FCB-5BD0-79E2-F059-3169D2972B9C&k=10&tt=1464374667814	101.227.169.19
hxxp://pc5.gtimg.com/btr/qqbrowser/ps/2109/64_19_2013-01-15.txt?&guid=20CA7FCB-5BD0-79E2-F059-3169D2972B9C	203.205.151.215
hxxp://soft.imtt.qq.com/browser/btr/qqbrowser/ps/production/65_13_2013-11-28.CompatList?&guid=20CA7FCB-5BD0-79E2-F059-3169D2972B9C	103.7.30.45
hxxp://www.sogou.com/favicon.ico?t=1464374667830	203.90.249.162
hxxp://dl.360safe.com/gf/360IniVerify.cab
hxxp://s.360.cn/hips/update/inst.htm?m=c2e002327fd54316e7e19c265c31455f&v=1001165&w=0&b=1&d=2210001	116.211.111.239
hxxp://ww3.sinaimg.cn/large/7185bdf1gw1f2972v45vyg20gu0de7ky.gif	37.29.0.60
hxxp://soft.imtt.qq.com/browser/btr/qqbrowser/ps/production/126_1_2014-01-20.zip?&guid=20CA7FCB-5BD0-79E2-F059-3169D2972B9C	103.7.30.45
hxxp://ww3.sinaimg.cn/large/7185bdf1gw1f05vpdktqrg20go0a5u10.gif	37.29.0.60
hxxp://stdl.qq.com/stdl/qbfilepush/qqbrowser/cloudctrl/production/1431325272_1735.txt?&guid=20CA7FCB-5BD0-79E2-F059-3169D2972B9C	203.205.151.215
hxxp://dl.ikiki.cn/dl/rse/1332280.exe	203.130.56.136
hxxp://stdl.qq.com/stdl/qbfilepush/qqbrowser/cloudctrl/production/3037_1436248883.xml?&guid=20CA7FCB-5BD0-79E2-F059-3169D2972B9C	203.205.151.215
hxxp://rsup10.rising.com.cn/Register/OnlineHelper/ForLog/Action.aspx?info=S2V5PVJTRUluc3RhbGxQb3AmdjE9QzA0RjZGNzYyMjA0NjY0ODMwMzAzMDMwMzAzMDMwMzAmdjI9MiZ2Mz02MSZ2ND02JnY1PTA=	1.122.192.19
hxxp://www.sogou.com/qq404query?url404=http://120.55.138.124/NmIxNmEyZDRjNWM5YjU2MTA4YmUzNDc1ODI4MDRhNTAuZXhl/40.html&cb=dealQQ404Query	203.90.249.162
hxxp://w.x.baidu.com/go/full/201/1202000454	123.125.65.175
hxxp://wap.sogou.com/data/hotwords/qq_browser_hotword.xml	106.120.188.39
hxxp://www.duba.com/	115.238.242.76
hxxp://plugin.browser.qq.com/plugin	101.227.169.19
hxxp://csc3-2010-crl.verisign.com/CSC3-2010.crl	23.52.21.163
hxxp://stdl.qq.com/stdl/qbExtension/qqbrowser/Extensions/production/{8A24087F-391C-4695-B60C-56BE31AF1ECC}_8.0.0.3_{8A24087F-391C-4695-B60C-56BE31AF1ECC}.qrx	203.205.151.215
hxxp://crl.verisign.com/pca3.crl	23.52.21.163
hxxp://pc5.gtimg.com/btr/qqbrowser/ps/3001/97_1_2013-06-20.{91977E3A-F255-4036-8B72-B07EA129C89A}?&guid=20CA7FCB-5BD0-79E2-F059-3169D2972B9C	203.205.151.215
hxxp://pc5.gtimg.com/btr/qqbrowser/ps/2202/85_1_2013-02-21.{BC4502A5-2152-423b-AB6B-1BD1999EA9BF}?&guid=20CA7FCB-5BD0-79E2-F059-3169D2972B9C	203.205.151.215
hxxp://ww2.sinaimg.cn/large/7185bdf1gw1f26stg3lexg211y0lcnpj.gif	37.29.0.106
hxxp://dldir1.qq.com/invc/tt/ps/ProblemFix_B58E1FA4B62451F7450F98D2053A0715.qbzip	37.29.13.42
hxxp://dl_dir.qq.com/invc/tt/ps/QQMail_302067711CCDA1C8C70E4558F288E861.qbzip	203.205.140.122
hxxp://config.i.duba.net/lminstall/168.json?time=1464374665	221.204.23.16
hxxp://s.360.cn/hips/update/inst.htm?m=c2e002327fd54316e7e19c265c31455f&v=1001165&s=294&r=0&d=2210001	116.211.111.239
hxxp://daohang.qq.com/favicon.ico	203.205.128.11
hxxp://rsdownload.rising.com.cn/middle12/rsfree/rse1332280.exe	14.152.91.23
hxxp://cd001.www.duba.net/duba/install/2011/ever/duba160226_1_1.exe	221.204.23.16
hxxp://dl_dir.qq.com/invc/tt/ps/res.ini	203.205.140.122
hxxp://s.360.cn/hips/update/inst.htm?m=c2e002327fd54316e7e19c265c31455f&v=1001165&s=476&r=0&d=2210001	116.211.111.239
hxxp://soft.imtt.qq.com/browser/btr/qqbrowser/ps/production/119_4_2014-01-15.qqzip?&guid=20CA7FCB-5BD0-79E2-F059-3169D2972B9C	103.7.30.45
hxxp://dldir1.qq.com/invc/tt/ps/SSO_A2AAE88A707B517C1427E4D0DB9DF892.qbzip	37.29.13.42
hxxp://soft.imtt.qq.com/browser/qqbrowser/cloudctrl/production/1411441978_1508.{B3D2254B-BB47-4d2f-B015-CDDE79BAD110}?&guid=20CA7FCB-5BD0-79E2-F059-3169D2972B9C	103.7.30.45
hxxp://res.imtt.qq.com/qbfilepush/qqbrowser/cloudctrl/production/1415626007_8983.txt?&guid=20CA7FCB-5BD0-79E2-F059-3169D2972B9C	203.205.151.215
hxxp://dldl.qq.com/eps?t=1464374667830	101.227.169.19
hxxp://stdl.qq.com/stdl/qbfilepush/qqbrowser/cloudctrl/production/1463643770_5350.txt?&guid=20CA7FCB-5BD0-79E2-F059-3169D2972B9C	203.205.151.215
hxxp://stdl.qq.com/stdl/qbExtension/qqbrowser/Extensions/production/{66AC5389-365D-4B55-BF5C-5A2A4BC21CCD}_8.0.0.44_{66AC5389-365D-4B55-BF5C-5A2A4BC21CCD}.qrx	203.205.151.215
hxxp://dl.360safe.com/gf/360ini.cab
hxxp://ime.sw.bos.baidu.com/shurufa/bigime/b9ccbec9b93/FAEtx8iH_TN_channel1_2016-05-17_18-52-16_47_3.3.2.1028_1202000454.exe	115.231.42.47
qzs.pengyou.com	212.30.134.215
cm.qzs.qzone.qq.com	112.29.151.160
ctc.imgcache.qq.com	116.55.250.35
cn.qzs.qzone.qq.com	203.205.149.29
ctc.qzs.qzone.qq.com	116.55.250.34
cnc.qzs.qzone.qq.com	111.202.99.21
imgcache.gtimg.cn	203.205.150.17
imgcache.qq.com	174.35.71.30
qzs.qzone.qq.com	212.30.134.212
cm.qzs.qq.com	112.29.152.40
os.qzs.qq.com	212.30.134.215
cnc.imgcache.qq.com	111.202.99.20
cn.imgcache.gtimg.cn	203.205.150.19
cnc.qzs.qq.com	220.194.224.20
edu.qzs.qzone.qq.com	58.205.214.158
edu.imgcache.gtimg.cn	58.205.214.174
cm.imgcache.gtimg.cn	183.224.43.100
browser.etl.desktop.qq.com	119.147.201.16
cnc.imgcache.gtimg.cn	111.202.99.21
cm.imgcache.qq.com	120.204.205.200
ctc.imgcache.gtimg.cn	118.180.18.11
ctc.qzs.qq.com	116.55.250.34
cn.qzs.qq.com	203.205.149.29
qzs.qq.com	203.205.150.27
os.imgcache.qq.com	212.30.134.215
edu.qzs.qq.com	58.205.214.175
www.qq.com	212.30.134.198
dlsw.br.baidu.com	119.84.42.46
edu.imgcache.qq.com	58.205.214.160
cn.imgcache.qq.com	203.205.150.121
os.imgcache.gtimg.cn	212.30.134.215
os.qzs.qzone.qq.com

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

ET TROJAN VMProtect Packed Binary Inbound via HTTP - Likely Hostile
ET MALWARE Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
ET POLICY HTTP Request on Unusual Port Possibly Hostile

Traffic

GET /invc/tt/ps/SSO_A2AAE88A707B517C1427E4D0DB9DF892.qbzip HTTP/1.1

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1) QQBrowser/6.0

Host: dldir1.qq.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Date: Fri, 27 May 2016 18:44:15 GMT

Server: PWS/8.1.36

X-Px: ms h0-s1113.v0-mow ( h0-s1064.v0-mow), rf-ht h0-s1064.v0-mow ( h0-s43.p6-hkg), ht h0-s43.p6-hkg.cdngp.net

Cache-Control: max-age=600

Expires: Fri, 27 May 2016 18:53:25 GMT

Age: 50

Accept-Ranges: bytes

Content-Length: 1209109

Content-Type: application/octet-stream

Last-Modified: Wed, 18 Mar 2015 02:09:51 GMT

Connection: keep-alive
PK........k.pF...)or..........QQBrowserOTA.exe.\.|T.... 9..wH.........
K.3D...h.\8s.B.[...U..!.D..W9.A....Mc[.....D......E.@ .QQ.....p@..;.wA
...O?.......7.;;;3;;;{..>,Y$I..1.I....W............#~?..4...o.W.-Z.
..;.......v....E...h.vw........>....g..d...........=3.8>;kf...63
.....c|Ox o...=e...O...W}N.zi..>I.g..^{c..tY.d6e..$i52....9....i..f
>Z.6K.._..w.o.(N........ ..........$=...%m_v....K..c.x"S..!........
.....^%\.I!..O.'..$i..5 oSo..G.L.}....p^..!....g..D......f...t......u.
[.v.....8m...../.]s.]...A'.7J......#.....W........N...../W..........J.
....\..04...e.W.}.$I..^~..Cm.'....x..}@...m....1..M....I/.jF.(.t..z...
.....L.cI-s........h......>{....:.;.;....Zf..{....[....{..w......_.
..6..?Z.4.j._......aDc.{...Z.q(.cVO.sn..0......vc]..7..P!....M...... .
..1;..<?..u.BF.-..-.|..!..\.....C..Y5J...{t.=.w.^O.|.2w...{\.>..
..@O..U.....[...=f.>.j...mT.....*.......*.=......en|.`.U...qAd.Z.w.
v..l......4......Q......,_..J.^W....B.7...j..,..j.{.(Z;.*n3..O.C.....V
..T.........!..;.....,...=.r.N..M......74.mRm..#...V.8.;.]..a.v).4$...
MII....{.....-.o...o.......'....)Z{...f..6.=...eh.nc..w"_.Rm.^S.....5W
..........w....o..#......J...A_...'_..xm.\....>.>fpO.v...G.....%
.P..rwy......o.&.Fk.Pt..O...}c.>..kk..xM.......C-Z...7DC.2zU.5.u_.w
U....H.s...:vU.$.uPW..qY.wgW... Tf...~.6D.........$"]..[......'J......
.i..)0."..O.[..$$QDl.........8....v......k.......D..9D*.`-w.;Q...../..
..fqD.........F.c.f..I.^......=z...{..V1.`.u.Q.....~..[$...$=...df.^..
...~........}......w..H.$ ..b..J/...m.e.c=...3..H..a@...........(4<<< skipped >>>

GET /Register/OnlineHelper/ForLog/Action.aspx?info=S2V5PVJTRUluc3RhbGxQb3AmdjE9QzA0RjZGNzYyMjA0NjY0ODMwMzAzMDMwMzAzMDMwMzAmdjI9MiZ2Mz02MSZ2ND02JnY1PTA= HTTP/1.1

User-Agent: Mozilla/4.0 (compatible; Rising)

Accept: */*

Host: rsup10.rising.com.cn


HTTP/1.1 200 OK

Date: Fri, 27 May 2016 18:43:48 GMT

Server: Microsoft-IIS/6.0

X-Powered-By: ASP.NET

X-AspNet-Version: 2.0.50727

Cache-Control: private

Content-Type: text/plain; charset=utf-8

Content-Length: 1

0HTTP/1.1 200 OK..Date: Fri, 27 May 2016 18:43:48 GMT..Server: Microso
ft-IIS/6.0..X-Powered-By: ASP.NET..X-AspNet-Version: 2.0.50727..Cache-
Control: private..Content-Type: text/plain; charset=utf-8..Content-Len
gth: 1..0..

GET /hips/update/inst.htm?m=c2e002327fd54316e7e19c265c31455f&v=1001165&s=294&r=0&d=2210001 HTTP/1.1

Accept: text/html, application/xhtml xml, */*

Accept-Language: zh-CN

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko

Host: s.360.cn


HTTP/1.1 200 OK

Server: nginx/1.0.12

Date: Fri, 27 May 2016 18:44:25 GMT

Content-Type: text/html

Content-Length: 0

Last-Modified: Thu, 15 May 2014 07:30:59 GMT

Connection: close

Accept-Ranges: bytes

POST /plugin HTTP/1.1

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1) QQBrowser/6.0

Host: plugin.browser.qq.com

Content-Length: 505

Connection: Keep-Alive

Cache-Control: no-cache

{"Cmd": 0, ......."GUID": "20CA7FCB5BD079E2F0593169D2972B9C", ......."UIN": "0", ......."CVer": "8.2.0.3638", ......."CSoftID": 9, ......."COS": "5.1.2600", ......."SupplyID": 85296,                             "COSLan": 1033, ......."ReqType": 1, ......."DenyCount": 0, ......."ExtList": [{"Id": "{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}","Version": "8.0.0.12"},{"Id": "{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}","Version": "8.0.0.25"},{"Id": "{807849B3-40D8-42E3-8001-D541FD7CEBFB}","Version": "8.0.3.25"}] }
HTTP/1.1 200 OK

Content-Length: 2133

Content-Type: application/json;charset=utf-8

Cache-Control: no-cache

Pragma: no-cache
{"ExtensionInfoList":[{ "CSoftID": 9, "DefaultEnabled": true, "Desc": 
"QBSafe", "DownloadUrl": "http:\/\/stdl.qq.com\/stdl\/qbExtension\/qqb
rowser\/Extensions\/production\/{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}
_8.0.0.131_{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}.qrx", "HomeUrl": "",
 "Id": "{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}", "LogoUrl": "", "Name"
: "QBSafe", "RequiredMinVersion": "8.1.0.0", "Version": "8.0.0.131", "
taskId": 1483 },{ "CSoftID": 9, "DefaultEnabled": true, "Desc": "", "D
ownloadUrl": "http:\/\/stdl.qq.com\/stdl\/qbExtension\/qqbrowser\/Exte
nsions\/production\/{807849B3-40D8-42E3-8001-D541FD7CEBFB}_8.1.2.8_{80
7849B3-40D8-42E3-8001-D541FD7CEBFB}.qrx", "HomeUrl": "", "Id": "{80784
9B3-40D8-42E3-8001-D541FD7CEBFB}", "LogoUrl": "", "Name": ".........",
 "RequiredMinVersion": "8.2.0.0", "Version": "8.1.2.8", "taskId": 345 
}],."ExtensionControlList":[{ "CSoftID": 9, "Command": "install", "Dow
nloadUrl": "http:\/\/stdl.qq.com\/stdl\/qbExtension\/qqbrowser\/Extens
ions\/production\/{66AC5389-365D-4B55-BF5C-5A2A4BC21CCD}_8.0.0.44_{66A
C5389-365D-4B55-BF5C-5A2A4BC21CCD}.qrx", "Id": "{66AC5389-365D-4B55-BF
5C-5A2A4BC21CCD}", "Version": "8.0.0.44", "taskId": 324 },{ "CSoftID":
 9, "Command": "install", "DownloadUrl": "http:\/\/stdl.qq.com\/stdl\/
qbExtension\/qqbrowser\/Extensions\/production\/{8A24087F-391C-4695-B6
0C-56BE31AF1ECC}_8.0.0.3_{8A24087F-391C-4695-B60C-56BE31AF1ECC}.qrx", 
"Id": "{8A24087F-391C-4695-B60C-56BE31AF1ECC}", "Version": "8.0.0.3", 
"taskId": 280 },{ "CSoftID": 9, "Command": "install", "DownloadUrl<<< skipped >>>

GET /pca3-g5.crl HTTP/1.1

Accept: */*

User-Agent: Microsoft-CryptoAPI/5.131.2600.5512

Host: crl.verisign.com

Connection: Keep-Alive

Cache-Control: no-cache

Pragma: no-cache


HTTP/1.1 200 OK

Server: Apache

ETag: "1721969e732bcfdda4d85c16390eba70:1458842597"

Last-Modified: Thu, 24 Mar 2016 17:40:05 GMT

Date: Fri, 27 May 2016 18:43:14 GMT

Content-Length: 533

Connection: keep-alive

Content-Type: application/pkix-crl
0...0..0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U
....VeriSign Trust Network1:08..U...1(c) 2006 VeriSign, Inc. - For aut
horized use only1E0C..U...<VeriSign Class 3 Public Primary Certific
ation Authority - G5..160322000000Z..160630235959Z0...*.H.............
.2.Z.....J..;.~^.....N.3..g .......'....s.c.5...?.2...Q./#`...y..;.i..
..?I.{......:5.....|5..b.......,:.H .Y.....nN..;.^..y..d5.....L.;o...l
...i...p.......)~..s..<y..#...U4..\.hQJo{QS....p<.X....D........
.....q$.p....k...I?U....Q2.j>......`..?....I...>.t.#HTTP/1.1 200
 OK..Server: Apache..ETag: "1721969e732bcfdda4d85c16390eba70:145884259
7"..Last-Modified: Thu, 24 Mar 2016 17:40:05 GMT..Date: Fri, 27 May 20
16 18:43:14 GMT..Content-Length: 533..Connection: keep-alive..Content-
Type: application/pkix-crl..0...0..0...*.H........0..1.0...U....US1.0.
..U....VeriSign, Inc.1.0...U....VeriSign Trust Network1:08..U...1(c) 2
006 VeriSign, Inc. - For authorized use only1E0C..U...<VeriSign Cla
ss 3 Public Primary Certification Authority - G5..160322000000Z..16063
0235959Z0...*.H..............2.Z.....J..;.~^.....N.3..g .......'....s.
c.5...?.2...Q./#`...y..;.i....?I.{......:5.....|5..b.......,:.H .Y....
.nN..;.^..y..d5.....L.;o...l...i...p.......)~..s..<y..#...U4..\.hQJ
o{QS....p<.X....D.............q$.p....k...I?U....Q2.j>......`..?
....I...>.t.#..<<< skipped >>>

GET /dl/rse/1332280.exe HTTP/1.0

Host: dl.ikiki.cn

User-Agent: NSISDL/1.2 (Mozilla)

Accept: */*


HTTP/1.1 200 OK

Date: Thu, 26 May 2016 20:52:53 GMT

Content-Type: application/octet-stream

Last-Modified: Thu, 28 Apr 2016 01:16:13 GMT

Accept-Ranges: bytes

ETag: "550558eeba0d11:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Content-Length: 234456

Age: 78669

Via: 1.1 ml34:8101 (Cdn Cache Server V2.0)

Connection: close

MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$...................
....w.........U.....".G.......D.......R.1.............................
U.......E.......@.....Rich............................PE..L....A.V....
............. ... ...0..pT...@...`....@...............................
...........................................v.......`...............T..
.?....................................................................
......................UPX0.....0..............................UPX1....
. ...@......................@....rsrc.... ...`......................@.
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
.......3.07.UPX!.....D^.t.\..1..i.......&...(........h%WW7..n9)"PW..A~
.."l.B?.....dW.!.l....=.y.We.............)X..W."a..G....i...a ....:\..
.......)62.._.%_k.V.....X.....@....y...h..'\...Q......&.........T$..&l
t;... ."..1....(.....[.._.p*......$.a .........~......2.=Q:.S.j.n.. #A
hU..3.7....l.\d....[.8x[n.^].....).Ul-m.R]......j.|.......9.h..|.;...$
_..?[. .t..........5....B.t...h....2..X.s.l.G.....%...."k..$....."...(
.6.. .S...d.]us[....z..R.w..e.#st.ce.....GWd.....;_d`.?.&.Vl<5%.;.(
.s.B.t,.W..V..#.k!.}Yj]CSt-...*..B.I_..G...-....w....l.K......%Cs.

<<< skipped >>>

GET /eps?t=1464374667830 HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; QQBrowser/8.2.3638.400)

Host: dldl.qq.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-Length: 27

Content-Type: application/json;charset=utf-8

Cache-Control: no-cache

Pragma: no-cache
eps_cb({"eps_switch":true})HTTP/1.1 200 OK..Content-Length: 27..Conten
t-Type: application/json;charset=utf-8..Cache-Control: no-cache..Pragm
a: no-cache..eps_cb({"eps_switch":true})..

POST /c/ HTTP/1.1

Content-Length: 59

Content-Type: Application

Host: tj.union.ijinshan.com

User-Agent: Microsoft-ATL-Native/8.00

;.....0.p.....m..y7.......@............I..HW..............
HTTP/1.1 200 OK

Server: ngx_openresty/1.4.3.1

Date: Fri, 27 May 2016 18:44:18 GMT

Content-Type: text/plain

Content-Length: 35

Connection: keep-alive
[common]..result=1..time=1464374658..

GET /large/7185bdf1gw1f26stg3lexg211y0lcnpj.gif HTTP/1.0

Host: ww2.sinaimg.cn

User-Agent: NSISDL/1.2 (Mozilla)

Accept: */*


HTTP/1.1 200 OK

Date: Fri, 27 May 2016 18:44:03 GMT

Server: PWS/8.1.36

X-Px: ms h0-s1130.v0-mow ( h0-s1010.v0-mow), ht-d h0-s1010.v0-mow.cdngp.net

Cache-Control: max-age=7776000

Expires: Mon, 25 Jul 2016 08:44:41 GMT

Age: 2714362

Content-Length: 8076219

Content-Type: image/gif

Last-Modified: Mon, 08 Jul 2013 18:06:40 GMT

X-Via-CDN: f=TXCDN,s=37.29.0.106,c=194.242.96.218

Connection: close
GIF89aV......... Z....3f.....g.'*3kq.&N.0..;5...y...V...D.../@f-.<.
o.!...JP.xsw]K5.-.=/$...=w.~.....pxE..~B2.-J....Zy)-4D%..J8.JS....E..W
z|Vg.s.........EHAJ."-.y..l..&>.M;%G....Qv..c....N{.F......JIE...RV
...#......c...x...nER4.../g.[{<33....kv4...]w.:N.[=%QT...}1<.`..
'c.lRA%..]U.R...|T;..Nv:.!.:1..H....Y..AR.ZR!...M<4..PY..Rv,..U...&
gt;t..'"}qY....T....V8....jw%x.40........k..Ke....eU!......'R["u.^.HWg
.1O.Hv.#=.b~)..zvUDR..X..A.-BU.<.....:R.Q.._.........P.A.C.S&.-.l..
Jf...R...z-.J..>64...BB.G.. ..:P.........}-.....:B....&...5au.&.|Z.
HGc..IZ.^OJ........T....Q....V..)<.q..c~1...OwC......>>$.t6Cd
..uG...S|.1 .Bf.:B....{...u#..6...1>....s:&!..Qu.c..^w...T)Y.5y.z.Y
..9......2 ....b.=_.X0>.x..-P....[y11O.>u....Uz.KN_~u......S'M..
}2/T.1........k..AU....Wg.M.......Y.R"...-/....Q.R...!.......,....V...
..............)\.p.) .r.;..^...S....T4~..M)G.....,.\.2...*g..w...h.N..
).....@......o.....KP;.9AX*.1.?>|R.T......o... Z..<...a.C..=:u..
.j<.....f...~$H.P.%U..3f\0....r.H.;y6...9...|6'...3.....%.0`..j.ePB
.0"@..... g.H..6............F."..uL.@C....n...P.00"..#.......H/.I.A.za
..........#...!0..............w `cD.R...1.....H(._;.p..7..C. ....1.8..
;I.....H..6.@.....1H.R.'. :h..$tP..3.d......C.Th A6z@.G6......... ..BE
&....?..I."..H......3N."..D2.I.9`...oJ...o..I.Y.......(.RN.......'.h.'
............ .M>.`2..|.y..(P...9,.9.....$..R...."0...$Y...6.....z%.
..zO..2.@.(.@I......DF.. h... ...'....M....L6..qj.9(...A..........$.n.
..8..."....s.....@.;..vA.i.p(...s)....D...0....|.".R....Cbh.....1E<<< skipped >>>

GET /middle12/rsfree/rse1332280.exe HTTP/1.1

Accept: */*

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Rising)

Host: rsdownload.rising.com.cn

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.8.0

Date: Fri, 27 May 2016 18:44:06 GMT

Content-Type: application/octet-stream

Content-Length: 35893168

Connection: keep-alive

ETag: "c6a1a73ae958d11:6a8d8"

Last-Modified: Wed, 27 Jan 2016 09:58:10 GMT

Accept-Ranges: bytes

X-Powered-By: ASP.NET

Age: 81739

Via: http/1.1 fnop003-TJHYLT-CNC-190-101 (ACA/2.0), http/1.1 fnop003-GDHZDX-CT-74-192 (ACA/2.0 ACA_HIT), http/1.1 fnop003-GDDGDX-CT-91-18 (ACA/2.0 ACA_HIT)

MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......t.!90.Oj0.Oj
0.Oj9..j).Oj.a4j#.Oj0.Nj..Oj.a"j4.Oj9..ju.Oj9..j..Oj9..jD.Oj...j1.Oj9.
.j1.OjRich0.Oj........PE..L.....oV.................H..................
.`....@..........................p........$...@.......................
...........8...........#............#..........H...c..................
................@............`..$............................text...,F
.......H.................. ..`.rdata.......`.......L..............@..@
.data....q...P.......8..............@....rsrc....#.......$...f........
......@..@.reloc...o.......p..................@..B....................
......................................................................
......................................................................
......................................................................
......................................................................
..............................................X.....RF.3...$T...SU..$d
...VWUh.~E.h.....q......h......$]...j.P..$d......#.....U...aE...u.h...
.U...bE.U...bE.....@.....U...aE.........h......$\...UQ.4.....$d.......
P...@..u. ...$X...j\R..._.....4`......;.t...$X...O.G.G..u.f....E.f....
$X...O.G.G..u....E..L$.Q..$\...R.....aE....|$......%.....$t.........h.
.....$\...UP......D$P....P..I...@..u. .....$X....p...@..u. ...=....wU.
.$X...O..G.G..u.f....E..D$Df......@..u...$X... .O..$.....O.G..u.......
...........|$..D$..t*.|$D.tH..$p.....t=SP..$`...R..........tM.%h..

<<< skipped >>>

GET /soft.imtt.qq.com/browser/btr/qqbrowser/ps/production/65_13_2013-11-28.CompatList?mkey=5748b3b3da60d437&f=6606&c=0&&guid=20CA7FCB-5BD0-79E2-F059-3169D2972B9C&p=.CompatList HTTP/1.1

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1) QQBrowser/6.0

Host: 203.205.151.213

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Server: 3Gdown_DK

Connection: keep-alive

Date: Fri, 27 May 2016 18:43:19 GMT

Cache-Control: max-age=0

Last-Modified: Thu, 28 Nov 2013 07:13:06 GMT

Content-Type: application/octet-stream

Content-Length: 6712

X-Cache-Lookup: Hit From Disktank
..#.F...#K.`../.....k7.8.!w..^rs.w...g.f......IJ..!%... .GK.....Q4....
.....C...?.fd[r^..w...V.v.....s... .....C.[..p....i*&#/.S...As..rM.PXH
}....WAAm....^`.A..6.d.eHH2....\.i..q.*.....w..G.......:P&7.u...rcZ..[
..._.'....}.rq5.Z..%...D.];..j0.........$5.c&..$c.#.]...l[........7...
....w..|..q.L...........o.....WC....H..y..U!@3...e..a.."m..........-x.
..`.:Z......|~k6...v..zOk2D.[.;r],=..4..KT}.....J.u....?0...>....?.
.]..@.AG.^.C...,6;.<.J0...5...Mv.9a..,.rn..b...2.........'4.....Y..
.....9.X.#.O.,...S...@..B..z .....R]l..Q-.u.a...V....X-...A..:W..4.U..
a.....)\....p$>.[.....RBd.....9.7#.l.X.!.A...._<..twM....;..{%W.
.z].. Ch.........y.L..&~Q<c.x..."n...A9.R..7.x......|.j......,K.!H~
... Z...}..Q...D%2...'..EO....x..6A#.t.5.....; u...>....m..eY....uE
Qf.x...u.kB.`...[..M.X......8..gh.p.o...-z.FT5.......<..O.f..j.2..W
..........N.t....|.....%.^..7.g..2wZ.`:.R....vU...!P.L.N.X...OJk.b....
k...&!xE.a.;.......D...A.'. )......H%C.O.P...s@ .p.....~..H~'.y2pL.@(.
F.w.-50k..?..."u.i5..u.h......@.;...\.30g...3....dS..-<..1....%l...
*.h....hZ6.e........&*A....|..xp.c...JbL...@2......^.p..6....h....N1]%
=..9.@..eW....2 .Cv..m.......#.o2A..c"..........Z.wi...0..G..'...b....
.;.ut /x"B.J.h..(U..H.D......q......8.m..N..h.Gd.3M....Y\*..;4g...=.E.
....^Q....I..../.\.....c.3b=zZ8..J*......jv.Pn..>..s.8..W>...D.$
.H.d...W......K.:Rj...g..K.....p#. .b....!m.|.$.x, :u..}...B...;...<
;.<T\..9nS"...m.I....w............t..._..;T......^.......].'.*.l.&g
t;...*..@s._.d..}h....#..X......6.....&.b..........I_.b....f>.s<<< skipped >>>

GET /soft.imtt.qq.com/browser/qqbrowser/cloudctrl/production/1411441978_1508.{B3D2254B-BB47-4d2f-B015-CDDE79BAD110}?mkey=5748b3b2da60d437&f=105&c=0&&guid=20CA7FCB-5BD0-79E2-F059-3169D2972B9C&p=.{B3D2254B-BB47-4d2f-B015-CDDE79BAD110} HTTP/1.1

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1) QQBrowser/6.0

Host: 203.205.151.213

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Server: 3Gdown_DK

Connection: keep-alive

Date: Fri, 27 May 2016 18:43:20 GMT

Cache-Control: max-age=0

Last-Modified: Tue, 23 Sep 2014 03:12:59 GMT

Content-Type: application/octet-stream

Content-Length: 2144

X-Cache-Lookup: Hit From Disktank
T.Qx.n.-.-.....n-.FY...1.\...X.......L...v.m< 7...G.....5..J....O(.
%.:U.. u.p.^..Q............47.x.t..{R4.b...... ......U....{.7.....A.A.
.i.........K.....IPU........Q.....%o..!:m.. ...6U1X.).....n..d........
..D.Z.O.on@B.8k]..AB2....nI..G.H. p. ......5}>.g..H....8M..!s....|5
.}.....7.?..RJ.`.*?qQ.[E.........u|.....'..kV..Z.....w..R...x..0.]...`
.8h...;...SbLa.1.....PU.:..<s...5..)G....].PN ...a.A.X..n...X[^)...
......Q..........<.0H,~Hg9.*.,.1.]..pdo/)h^u...c...x. u.PJ..;..E.?.
v..u.S..wdoF.pt.W..n......{o...g....|...uji.N.....i...5Q_..cA.HG...BG.
....6.a....,. ....T.3w....ZLn.[<.}...S.......(...N.)?n~...{.._!h}A.
...C.2.P.....7L...&...L...s2.*.p..i.....2....*....>..... yP........
..x..... K.'@.PH.....x.0`;.M.Te.g{..7X.f......:g....V..!..T..........n
.X.r=..2..u....C..q.`..B9..$...V5..>....Q_........~.....-u.Xt..jb..
.GhUm{....U.{.........Q.....?....B..y.)d......."..G..v..g...B9/.(.....
....l.. ..!dsa....I....?........,.X).\..X..O.].Vck../........Q.....6.N
...5}>.g.`...H.R.M..;........6..<......J.....>E....#wB. ..8..
.}.X&..Z*?.c.W_[.....l.b.D&k.3......qz{..$a.p.4.F;.....|.....\R.....|7
.eW.....P..J....#zkE....zv._bf..*z......$.r..17..5o.y..Ci...6y.....o..
...zj.6cZ-..{...e./...9..n....f...I...p..N....D.7..(..5[....0.#.`$....
}.H....a .bFib.......W*....w.t..G..s2.*.p. ~../...8...1)C;?.@$...O..B.
1...M..PI......\...1..4A..!6M..;......$.r..17..5o.y..Ci...6y.....o....
.zj.6cZ-..{...e./...9..n....f...I...p..N....D.7..(..5[....0.#.`$....}.
...d...[..zv._bf...o..#..D!.D .\f.5ZvWFE..zv._bf..zv._bf;....}i...<<< skipped >>>

GET /favicon.ico?t=1464374667830 HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; QQBrowser/8.2.3638.400)

Host: VVV.sogou.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx

Date: Fri, 27 May 2016 18:44:20 GMT

Content-Type: image/x-icon

Content-Length: 5430

Connection: keep-alive

Last-Modified: Tue, 17 Nov 2015 02:42:54 GMT

Set-Cookie: ABTEST=6|1464374660|v17; expires=Sun, 26-Jun-16 18:44:20 GMT; path=/

P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

Set-Cookie: IPLOC=UA; expires=Sat, 27-May-17 18:44:20 GMT; domain=.sogou.com; path=/

P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

Set-Cookie: SUID=DA60F2C260C80D0A0000000057489584; expires=Thu, 22-May-36 18:44:20 GMT; domain=.sogou.com; path=/

P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

ETag: "564a942e-1536"

Expires: Sun, 26 Jun 2016 18:44:20 GMT

Cache-Control: max-age=2592000

Accept-Ranges: bytes
......  .... .....&......... .h.......(... ...@..... .................
.....................................................=...=.:.=.k.=...=
...=...=...=.l.=.<.=.......=...=...=...=...........................
....................................=.B.=...=...=...=...=...=...=...=.
..=...=...=...=...=.}.=...=...=...=.h.................................
................=.9.=...=...=...=...=...=...=...=...=.s.=...=...=...=.
..=...=...=.;.=...=...=...=...=...................................=...
=...=...=...=...=...=.3.................................=.1.=.........
..=...=.s.=...=...=...=...........................=...=...=...=...=...
=...................................................................=.
E.=...=...........................=...=...=...=...=.Q.................
............................................................=.^.=.....
......................=...=...=...=.5.................................
............................................=...=...=.................
......=.a.=...=...=.>.................F.1.H.l.I...K...L...L...M...L
...L...K...I...H.u.F...............=.3.=...=...=.c.............=...=..
.=...=.y.........A.$.D...F...I...K...M...N...O...P...P...P...O...N...M
...K...I...F...D...........=.v.=...=...=...........=...=...=...=......
.@.C.C...F...I...K...N...P...Q...S...S...T...S...S...Q...P...N...K...I
...F...C.......=...=...=...=.......=...=...=...=.R.........B.O.E...H..
.K...N...P...S...T.. V.n W.` W.` W.. V...T...S...P...N...K...H...E.G..
.......=.T.=...=...=...=.M.=...=...=...........D.H.G...J...M...P.k<<< skipped >>>

GET /qq404query?url404=http://120.55.138.124/NmIxNmEyZDRjNWM5YjU2MTA4YmUzNDc1ODI4MDRhNTAuZXhl/40.html&cb=dealQQ404Query HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; QQBrowser/8.2.3638.400)

Host: VVV.sogou.com

Connection: Keep-Alive

Cookie: ABTEST=6|1464374660|v17; IPLOC=UA; SUID=DA60F2C260C80D0A0000000057489584; usid=AdsR0JcZ_3sSjQ4f; SUV=00C57816C2F260DA57489584712DD352


HTTP/1.1 500 Internal Server Error

Server: nginx

Date: Fri, 27 May 2016 18:44:23 GMT

Content-Type: text/html; charset=GB2312

Transfer-Encoding: chunked

Connection: keep-alive

Set-Cookie: SNUID=67DD4E7EBDB88E6BF62C5F29BDC2CECD; expires=Mon, 06-Jun-16 18:44:22 GMT; domain=.sogou.com; path=/

Content-Language: zh-CN
4ad..<html>.<head><title>500 Servlet Exception</t
itle></head>.<body>.<h1>500 Servlet Exception<
/h1>.<code><pre>./usr/local/resin/conf/app-default.xml:
220: java.io.FileNotFoundException:./search/odin/resin/web/websearch/W
EB-INF/web.xml (Too many open files).</pre></code>.<hr 
/><small>.Resin-3.0.24 (built Thu, 16 Aug 2007 09:38:29 PDT).
</small>.</body></html>.....<!--.   - Unfortunate
ly, Microsoft has added a clever new.   - "feature" to Internet Explor
er.  If the text in.   - an error's message is "too small", specifical
ly.   - less than 512 bytes, Internet Explorer returns.   - its own er
ror message.  Yes, you can turn that.   - off, but *surprise* it's pre
tty tricky to find.   - buried as a switch called "smart error.   - me
ssages"  That means, of course, that many of.   - Resin's error messag
es are censored by default..   - And, of course, you'll be shocked to 
learn that.   - IIS always returns error messages that are long.   - e
nough to make Internet Explorer happy.  The.   - workaround is pretty 
simple: pad the error.   - message with a big comment to push it over 
the.   - five hundred and twelve byte minimum.  Of course,.   - that's
 exactly what you're reading right now..   -->...0..<<< skipped >>>

POST /c/ HTTP/1.1

Host: infoc0.duba.net

Content-Type: application/x-www-form-urlencoded

User-Agent: Mozilla/4.0

Accept: */*

Content-Length: 264

.......-N..... .C.XtB...CpapC..........................HW........................................&........k....................................................................................................................... .....................................
HTTP/1.1 200 OK

Server: Kingsoft Web Server

Date: Fri, 27 May 2016 18:44:22 GMT

Content-Type: text/plain

Content-Length: 43

Connection: keep-alive
 ..../A[common]..result=1..time=1464374662...

GET /browser/btr/qqbrowser/ps/production/62_13_2014-06-06.list?&guid=20CA7FCB-5BD0-79E2-F059-3169D2972B9C HTTP/1.1

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1) QQBrowser/6.0

Host: soft.imtt.qq.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 302 Found

Server: nws 1.2.15

Connection: close

Date: Fri, 27 May 2016 18:44:24 GMT

Expires: Fri, 27 May 2016 18:44:24 GMT

Cache-Control: max-age=0

Content-Length: 0

Location: hXXp://203.205.151.214/soft.imtt.qq.com/browser/btr/qqbrowser/ps/production/62_13_2014-06-06.list?mkey=5748b37dda60d437&f=6606&c=0&&guid=20CA7FCB-5BD0-79E2-F059-3169D2972B9C&p=.list

GET /invc/tt/ps/ProblemFix_B58E1FA4B62451F7450F98D2053A0715.qbzip HTTP/1.1

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1) QQBrowser/6.0

Host: dldir1.qq.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Date: Fri, 27 May 2016 18:44:15 GMT

Server: PWS/8.1.36

X-Px: ms h0-s1113.v0-mow ( h0-s1083.v0-mow), rf-ht h0-s1083.v0-mow ( h0-s44.p6-hkg), ht h0-s44.p6-hkg.cdngp.net

Cache-Control: max-age=600

Expires: Fri, 27 May 2016 18:53:25 GMT

Age: 51

Accept-Ranges: bytes

Content-Length: 275431

Content-Type: application/octet-stream

Last-Modified: Wed, 07 Jan 2015 03:44:12 GMT

Connection: keep-alive
PK........-l%F..u.A3..........QQBrowserOTA.exe.\.|T.... 9..wH.........
K.3D...h.\8s.B.[...U..!.D..W9.A....Mc[.....D......E.@ .QQ.....p@..;.wA
...O?.......7.;;;3;;;{..>,Y$I..1.I....W............#~?..4...o.W.-Z.
..;.......v....E...h.vw........>....g..d...........=3.8>;kf...63
.....c|Ox o...=e...O...W}N.zi..>I.g..^{c..tY.d6e..$i52....9....i..f
>Z.6K.._..w.o.(N.}V.^{#.../~.........y....e....n.V.E..L.s..........
z.z.z.p.'..j>... ...3...M.M...25.ix.O.y.....v.....m......qw.....f.k
..n..5.C.s...0....E.kn....>...F..<.Ops....O....p..p......Z..j9..
|..sx.\)Zc.......f7..l.J...$).....}......z.....HQ...wB.=.2.)..=!..U...
E...V/t.6.t.....,.e._t[.|....u9....g..r.T.r.o..;.Q.,.x...8x...\v/`.._.
\.r..v^....Gk.F^.....V?Z#.h.y..#C.5..}..ib.-w........n. 3....*D..z....
B=....=>f'......nQ......../B"d.......b.]?.Fi..y........../_..Z...K.
..[........"..~..>.....Cm_0....~.][..a.~z.Ve..t.`.Y...O....#.?...W.
...n.........&.....6.".X......Xi....z4RH....W.....^mw..Ek.@.mf...u....
].j......{Vuq46..ug...!.....'AN..|....^.b....M...qd......c..k.2......$
.T.))....vo..}.....41.M.....a.....3Ek..........t...-.m.=.N..C.-.k.[.}.
....=.........vb...C`d.c...^I0Q .K._..........3..g........}.H.........
C....>}.P.....h..........ol...~m.....9.~...b.Ek....h.@F.*.F........
...t.T.[....$...j.=.....*.....L.......V.>..z?..D.K.z...5...DIwxC.CR
?m.=.&T$..I|....$...[.._6[Q....y.......sw-..tR....==.H.....v'...|0..zv
..,.h...QP.Y...z,.l.<I.K....S.G...zow.*.....4........v.$.c..'.2....
..Rs...2.......o.......W.i.d..U..V...R.m.L|....}&..I.7........%.TY<<< skipped >>>

GET /favicon.ico HTTP/1.1

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; QQBrowser/8.2.3638.400)

Host: 120.55.138.124

Cache-Control: no-cache


HTTP/1.1 404 Not Found

Content-Type: text/html; charset=us-ascii

Server: Microsoft-HTTPAPI/2.0

Date: Fri, 27 May 2016 18:44:19 GMT

Connection: close

Content-Length: 315
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""hXXp://VVV.w3.org
/TR/html4/strict.dtd">..<HTML><HEAD><TITLE>Not Fo
und</TITLE>..<META HTTP-EQUIV="Content-Type" Content="text/ht
ml; charset=us-ascii"></HEAD>..<BODY><h2>Not Foun
d</h2>..<hr><p>HTTP Error 404. The requested resourc
e is not found.</p>..</BODY></HTML>....

POST / HTTP/1.1

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1) QQBrowser/6.0

Host: qbwup.imtt.qq.com

Content-Length: 350

Cache-Control: no-cache

...^..,<LV.qbpcstatf.stat}...;.....crypt...

list<char>.....
......B..s...T-.&...!A..7.~._.L.......}z...>D..Q.N...@.

..$m6.....A....A.Q*[2."<..Q.._z....X6ji..x.f)..
.9.&k]..!8.

../......Zm....P.......E4.&..$lN....p..,._.h........R;TF.P...F....=.O.fD.i.3.{@.?2.....kQ~..>.f>..e...(....!.{).=...J....o..Bb..x..r.`.qlo..3N..kZ.W..P. AN..`.Z.0.......
HTTP/1.1 200 OK

Content-Length: 54

Content-Type: application/multipart-formdata

Date: Fri, 27 May 2016 18:43:54 GMT

Server: HTTP Load Balancer/1.0

...6..,<LV.qbpcstatf.stat}.............int32..........HTTP/1.1 200 
OK..Content-Length: 54..Content-Type: application/multipart-formdata..
Date: Fri, 27 May 2016 18:43:54 GMT..Server: HTTP Load Balancer/1.0...
..6..,<LV.qbpcstatf.stat}.............int32............

GET /epr?g=20CA7FCB-5BD0-79E2-F059-3169D2972B9C&k=10&tt=1464374667814 HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; QQBrowser/8.2.3638.400)

Host: dldl.qq.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-Length: 3

Content-Type: text/html;charset=utf-8

Cache-Control: no-cache

Pragma: no-cache

eprHTTP/1.1 200 OK..Content-Length: 3..Content-Type: text/html;charset
=utf-8..Cache-Control: no-cache..Pragma: no-cache..epr..

GET /stdl/qbExtension/qqbrowser/Extensions/production/{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}_8.0.0.131_{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}.qrx HTTP/1.1

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1) QQBrowser/6.0

Host: stdl.qq.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Server: X2_Platform

Connection: keep-alive

Date: Fri, 27 May 2016 18:44:20 GMT

Cache-Control: max-age=2592000

Expires: Sun, 26 Jun 2016 18:44:20 GMT

Last-Modified: Wed, 30 Dec 2015 07:40:41 GMT

Content-Type: image/gif

Content-Length: 261367

X-Cache-Lookup: Hit From Disktank
PK.........X.G=7.d....`.......QBSafe.dllUT...HJ.VHJ.VUx........}|T....
.[..X.E.\$j.U....L...e. .6.v..D..t...7.$1.Y.2.....b}.T[i...QA.B."..T.X
E....6H.....9g.n6..}.......G....9s..9g...9Sx.....`..?M3.....\......._.
.p..../.7.~....?Y..l.]?^.....,......?.-}.|g.O.L.1.8..w.z.U...q.0>..
]....W...|...C........W_H...:H........>@......p%.../......-..o0.^..
0..l..../.v.`.p.1.`..d0.M.....b....f.....S.^&.k.J!.e....s.T.....O.1...
...e......)..8...g)..G...).;. ..$C...~....}.x.6.w.......o..$....20O..p
.U.o].\b0\|.(.~.~.M......Jd3|X....L._h..|.W..X...[..&,K!.......... ...
.D....A]qZ.....v.].1Pj Z...................7....b_.>......}s.|..5..
.ii..E.!...W...6....n...b...%>...V.d{. .I...o......3..Dy...,`.....V
........^o.s|...t.YMK2wy....[.....n.c6d..q7.%u...H.Sf.2........./..b.`
Q.2.5...]...W.=..>.....r......F.EMK.|.x.....Ie3\Y.;..&6.5....A.)..}
.0..j.(.@M."....@e...i6@~W1.........S`.......Xo.G...r.Am..............
...!...sG..%..<..Q.._.......k....*...%.e..g.M..Nh\..w..$n...g9[..;.
yC.......w....Uw-.[.&..........!O:........'M...I..X..^..H.....iZ..5.`.
.........Bx .....^....;u...B5Niy...D.j.%......5sT.....<.0P.K..g.dB.
."/k......]V..rn..o._...c]..2..$.7...qd.....0.j .H@....|.u.o...L.....O
.....M....%.s....9.4..Z.z......p..q.H.e.;%...<V.....ss..{2.Y....@..
..4..Z..........m...*....k4.w.0.....].\a.*.~..3b.Q[-....&.8..9...&....
.....aaMN.l.....g6.[.4.h.:-.[.......Nu.%.'-.0{...g/....w.3....R..H..-.
....x.Nk1 ...~Vce...N4.B% K.#.....]...j..%...=.`./..V....DK..@.M...<
;...(..;...L..9.T..{.s.e.....<.^e_yv.'(.I.d.....q.X.....Gb.Qe..<<< skipped >>>

GET /stdl/qbExtension/qqbrowser/Extensions/production/{807849B3-40D8-42E3-8001-D541FD7CEBFB}_8.1.2.8_{807849B3-40D8-42E3-8001-D541FD7CEBFB}.qrx HTTP/1.1

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1) QQBrowser/6.0

Host: stdl.qq.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Server: X2_Platform

Connection: keep-alive

Date: Fri, 27 May 2016 18:44:23 GMT

Cache-Control: max-age=2592000

Expires: Sun, 26 Jun 2016 18:44:23 GMT

Last-Modified: Thu, 20 Aug 2015 13:07:14 GMT

Content-Type: image/gif

Content-Length: 408849

X-Cache-Lookup: Hit From Disktank
PK...........G................Html/UT...j..Uj..UUx......PK...........G
..K.....q.......Html/certerror.htmlUT...p..Up..UUx.......Wk..G.. .^ewF
[...Y............A.Y.t.t.[].[]=...H.......B.!.$&..Z...M...g.......y.C.
h.....{.=..SU.X%..O..|;V*u...p.....Q.y......couc...nB.........._.\..jw
.Rb[.y.mE.U]... .2#..w...5.........".. .c.V.o.$..,RT1.u..../.y...N~...
.{..?=}....?9~.....g..M.n&v3u..z"<@!....P.0D9C.!FQ.Dq..m.o....M.J..
....2A}JX...#..!.<...aaI0JQ..`w/.. .#...,#.....0.<r.cx.$.P.SE.G.
U.....E$A...G....Q."...].(0...!.Q...Fc<.E.h..2$..........0..w.....3
.H.J..\).1...........H.....Af#K...qi..{_A..,.%T=.....tSA!.r...`..>.
.....c{!.R....H/6......*..4.=..:pc.....ha..n.c......B$ns..E.g#. ....U.
te..4T..l4^.........67..z.i...E.)2.W.w...EwH$.uo....H0.!)f.5"C.1.0.j..
.......v...p..I....%...G$..v#'.....XW".$I.V.NS.L.....>..).xT.n4.frH
.!..5(.N.qg4....../'.,.V#.....vk....Z.t.H7Y.-._.c........`4.V@3<C..
.X.zhh.V..=y..h...`U....t;....mv^.;....Pg.XT...j.?.].t..b..h.#...08.N.
.....bdq....\.SH.h..Z....O.........)/...0.............._.P.`.,.N...c..
Z....8W.<;......Z.Ta.-~......t..C..^j..\3...gl@d........Y9.$..Z}.v,
.V..b?..zC.y....=......!..%......<..7*x'R.......lmjiq_...f.....A.o.
....n%.q(.....&..a..,....Z..`...;...4.K.qR.U......Y i.....s..>.`3jo
.sn.".....Kc.]..TG..Z..x@#..tp.BId0..R.q.~...M.. \...O..l....s.^.....&
lt;..Y.....[~..x._!U8"T.q.7<..a.I@ .h............/~...". .J[.....3.
.@..|...Vi.bu...S..4WuZ5.$|.].....J...L.UE........j.............S)"...
|..tWB....3.<g.......d2...u.n.!...P."*....k.....^........jH.><<< skipped >>>

GET /stdl/qbExtension/qqbrowser/Extensions/production/{8A24087F-391C-4695-B60C-56BE31AF1ECC}_8.0.0.3_{8A24087F-391C-4695-B60C-56BE31AF1ECC}.qrx HTTP/1.1

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1) QQBrowser/6.0

Host: stdl.qq.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Server: X2_Platform

Connection: keep-alive

Date: Fri, 27 May 2016 18:44:29 GMT

Cache-Control: max-age=2592000

Expires: Sun, 26 Jun 2016 18:44:29 GMT

Last-Modified: Wed, 24 Jun 2015 06:47:37 GMT

Content-Type: image/gif

Content-Length: 376126

X-Cache-Lookup: Hit From Disktank
PK.........\.F.m.q....`-......PCMgrInstaller.dllUT....%.U.%.UUx.......
..|SE.8..4i.h AS.Z.BT.........V%..H......Fw.Gn...b...xWw.U..]..e...U..
.-e.V...X..*.N7]-?..)..937i...<.......E.{..8s....33..q......A..."..
..W ...].7.......|tu.f.GW...xY.....h..?.~......`......?...O...rg.....n
.6l.U.....=.*. ... .|e.{._..=...cO. N......5..d.Q......9.....N.G.C.fhR
...4...;.....AX."..x........C......k..'....2b.v....4,..M<....).<
x.lK....l....D<.V.o.<s.BW. <.4E..7...j..6.<sS~ 1..).hE.. .
M..a]u..dCmnZ.......R....8.0.[p.O&dM....Gd..H.t..eK..GesZ.G/.o........
.i ..'. ..?\............m..g......cd.U...v....~...[.W.1....m..h|%z.2.'
T&e..VH4..bk...R.>..I....VJ.N......7..B.It..b.F...c.........b.....M
..E..D.v ..$..U...._..m...T..'..@*..(....Y<@..D[.=.. ....|.=x..zYkY
XSpX..|.x~[.......X.D..aD...m.T...#..^(...nl;<.Kw..F..1.?.a4'0...N.
.......nH!..=[.g..wK.mD......y.f..x.".).nz...PV.u..i.........W..DG{.XK
...........~? ... ../...F..^.]........<.0.?...%..e.$b}.{...s...'..@
.P.^#..&....[.....o .f.4.....1......q. ......&a.........?.V.p-.2W.g..g
..Vh.)M.Z=^..%O..-\.I.............z!.`h.A.}r.j.L..X;...B....I.gXM..6.%
{..........".c]..R.SZh5I.....SD=.......2Ak.MM.>.Me4..y..a.IYE9|Ym.i
....o>.!.:.'...N..E....*...d8... ..pS........0X.c5.v ...\.P......)`
m...i....VQB3..J....DK"Z....|{..5.....&.i.Wi>.F@.8.{...a|:{m..}zq(#
@.o!..!.K(.o.c;......I4.O.;%.........Kv.\ru.._Z`..uM.X6<...3.SZ....
..T.^..C...C.H/@@..`..I.b 4...z......R......c.].xO.p>.5...@.M.&`._\
.._.........g6@...KyqX.V..M........z.a7.L5....]........7.8..".><<< skipped >>>

GET /browser/btr/qqbrowser/ps/production/126_1_2014-01-20.zip?&guid=20CA7FCB-5BD0-79E2-F059-3169D2972B9C HTTP/1.1

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1) QQBrowser/6.0

Host: soft.imtt.qq.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 302 Found

Server: nws 1.2.15

Connection: close

Date: Fri, 27 May 2016 18:44:31 GMT

Expires: Fri, 27 May 2016 18:44:31 GMT

Cache-Control: max-age=0

Content-Length: 0

Location: hXXp://203.205.151.213/soft.imtt.qq.com/browser/btr/qqbrowser/ps/production/126_1_2014-01-20.zip?mkey=5748b37ada60d437&f=105&c=0&&guid=20CA7FCB-5BD0-79E2-F059-3169D2972B9C&p=.zip

GET /duba/install/2011/ever/duba160226_1_1.exe HTTP/1.1

Host: cd001.VVV.duba.net

Content-Type: application/octet-stream

User-Agent: Mozilla/4.0

Accept: */*


HTTP/1.1 200 OK

Content-Type: application/octet-stream

Connection: keep-alive

Date: Fri, 27 May 2016 18:34:16 GMT

Powered-By-ChinaCache: HIT from CNC-GX-e-3X6.4

ETag: "56d027e0-14b9260"

Content-Length: 21729888

Last-Modified: Fri, 26 Feb 2016 10:24:32 GMT

Expires: Fri, 27 May 2016 18:49:16 GMT

Server: Tengine

CC_CACHE: TCP_REFRESH_HIT

Accept-Ranges: bytes

MZ......................@...............K..y..........................
..!..L.!This program cannot be run in DOS mode....$........w7.W.Y.W.Y.
W.Y...'.R.Y.p.$.g.Y.p.4.v.Y.p.7.4.Y....._.Y.....v.Y.W.X.>.Y.p. ...Y
.p.%.V.Y.W.Y.V.Y.p.!.V.Y.RichW.Y.........PE..L....2...................
P.......p..P.............@...................................K........
............................. ...D....... ...........pzK..............
...................................H.......................`..........
.........UPX0.....p..............................UPX1.....P.......D...
...............@....rsrc................H..............@..............
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
..........3.07.UPX!.....9..".!.W...P@...@..&!.N.[..V...f...F...f....!.
..t....^.1Sj.7V3.=U....[.S.t$...g.Y....D........[..D...9^.Ws.HT3.~. g.
...9}.s....E.;.u....Hf.....$S3...C....t:.~..r..F..........u..V...%N...
....XPRQ..b.z.....{....~._^].S*WSG..|......... .[.nJ..Vyp.3......&...S
SQP.~.n8._..|$@t .%.......^W.8v.Wj.P8.o..?.W"k.Y_.LHt.kf.o.dVdv......A
.[.S..W...`....... F.;.v.@....;..S...v....A...1.F......VVN.y.)h. .P.J.
.Ca.x^...QQ9..F,..7.;E....}jvS...3SS.r....]...U.y.l......]. ...P"..(..
..o..BE. ...Q.xP.f....On.. .[....x......H.f@....$H....?H.......v..

<<< skipped >>>

GET /browser/btr/qqbrowser/ps/production/119_4_2014-01-15.qqzip?&guid=20CA7FCB-5BD0-79E2-F059-3169D2972B9C HTTP/1.1

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1) QQBrowser/6.0

Host: soft.imtt.qq.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 302 Found

Server: nws 1.2.15

Connection: close

Date: Fri, 27 May 2016 18:44:28 GMT

Expires: Fri, 27 May 2016 18:44:28 GMT

Cache-Control: max-age=0

Content-Length: 0

Location: hXXp://203.205.151.213/soft.imtt.qq.com/browser/btr/qqbrowser/ps/production/119_4_2014-01-15.qqzip?mkey=5748b379da60d437&f=6606&c=0&&guid=20CA7FCB-5BD0-79E2-F059-3169D2972B9C&p=.qqzip

GET /CSC3-2010.crl HTTP/1.1

Accept: */*

User-Agent: Microsoft-CryptoAPI/5.131.2600.5512

Host: csc3-2010-crl.verisign.com

Connection: Keep-Alive

Cache-Control: no-cache

Pragma: no-cache


HTTP/1.1 200 OK

Server: Apache

ETag: "3a316d3d8136ac19ef7201ffae6d336c:1464341584"

Last-Modified: Fri, 27 May 2016 09:00:05 GMT

Date: Fri, 27 May 2016 18:43:14 GMT

Transfer-Encoding:  chunked

Connection: keep-alive

Connection: Transfer-Encoding

Content-Type: application/pkix-crl

00006000..0..S.0..R....0...*.H........0..1.0...U....US1.0...U....VeriS
ign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at h
ttps://VVV.verisign.com/rpa (c)101.0,..U...%VeriSign Class 3 Code Sign
ing 2010 CA..160527090004Z..160610090004Z0..Q.0!.....S.@.k....6..c..14
0730092631Z0!....c..k....D.k.....120708062201Z0!... _...u.t.=.<.&..
.130218061114Z0!...&..].....P.k.:...120125130117Z0!...7P.x....8.Q...s.
.130227010252Z0!...9t.*.].....~.....160114221207Z0!...J.....Q..Y.[....
.110404153956Z0!...d...=..q!_...g9..130729145216Z0!...d....Y.......o..
.140711083257Z0!...l.....h2<.H......120329152211Z0!...q.9...`H.*.Y.
C...120525202212Z0!...s...TM.......0...121221080842Z0!...t..,.. ...eL.
....130314222305Z0!...y..r.HW.v.....w..140423054643Z0!..../u.......A..
5...101214165045Z0!.....0.Xc...%...iM..121102230226Z0!.......S.a&.X5t.
E]..111206083350Z0!....c.(....B.[M83...140108164517Z0!....A.Sv.....f,.
....110609003155Z0!.....z......!.ID{]..101228182208Z0!....b^......{d.J
'...130102154110Z0!.......n........'u..140521222808Z0!......0.........
.I..130912181631Z0!.....1.;C,.. L..0...141111073655Z0!....6e...~..T...
....130131012247Z0!.....|.....t.l.o....140827175301Z0!.........bD#*u..
....130226223939Z0!.......@..'$.).;}\..130121172259Z0!....7.v.........
.n..120724160733Z0!....n[..P..a.y...p..141121045513Z0!....P;.Y..d...c.
(...120209181451Z0!.....].bb[.....!....140328205453Z0!.....a...L`..IV.
....130402103508Z0!......fFW.z.....@T..130117000242Z0!...........].{7.
....120730000000Z0!...".......Z.V.,.e..121031192224Z0!...'....[.1.

<<< skipped >>>

GET /data/hotwords/qq_browser_hotword.xml HTTP/1.1

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1) QQBrowser/6.0

Host: wap.sogou.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Server: nginx

Date: Fri, 27 May 2016 18:44:20 GMT

Content-Type: text/xml

Content-Length: 860

Connection: keep-alive

Last-Modified: Fri, 27 May 2016 18:27:06 GMT

Set-Cookie: usid=AdsR0JcZ_3sSjQ4f; path=/; expires=Sat, 27-May-17 18:44:20 GMT; domain=.sogou.com

Set-Cookie: ABTEST=0|1464374660|v1; expires=Sun, 26-Jun-16 18:44:20 GMT; path=/

P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

Set-Cookie: IPLOC=UA; expires=Sat, 27-May-17 18:44:20 GMT; domain=.sogou.com; path=/

P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

Set-Cookie: SUV=00C57816C2F260DA57489584712DD352; expires=Thu, 22-May-36 18:44:20 GMT; domain=.sogou.com; path=/

P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

ETag: "5748917a-35c"

Accept-Ranges: bytes
<?xml version="1.0" encoding="utf-8"?><DOCUMENT><item&g
t;<word><![CDATA[........................]]></word>&
lt;weight>50</weight></item><item><word><
;![CDATA[........................]]></word><weight>49&l
t;/weight></item><item><word><![CDATA[........
.............]]></word><weight>48</weight></it
em><item><word><![CDATA[........................]]&g
t;</word><weight>47</weight></item><item>
;<word><![CDATA[.....................]]></word><w
eight>46</weight></item><item><word><![C
DATA[........................]]></word><weight>45</w
eight></item><item><word><![CDATA[............
............]]></word><weight>44</weight></ite
m><item><word><![CDATA[.....................]]>&l
t;/word><weight>43</weight></item><item><
;word><![CDATA[........................]]></word><we
ight>42</weight></item><item><word><![CD
ATA[........................]]></word><weight>41</we
ight></item></DOCUMENT>..<<< skipped >>>

GET /gf/360ini.cab HTTP/1.0

User-Agent: Beacon

Host: dl.360safe.com

Pragma: no-cache


HTTP/1.1 200 OK

Server: nginx

Date: Fri, 27 May 2016 18:44:17 GMT

Content-Type: application/octet-stream

Content-Length: 1619002

Last-Modified: Thu, 12 May 2016 11:24:32 GMT

Connection: close

Expires: Sat, 28 May 2016 02:44:17 GMT

Cache-Control: max-age=28800

Accept-Ranges: bytes
MSCF....:.......,...................G...c....Y1........H.. .360ini.dll
.....sA..CK.}{|T......a..0.A..`....L.`.......#3.$$X..#(.D.E.'.f.LO.)..
.. ..z[.......`...C..-*...5H.....w.=.....{.......^..~....[k.....*...BC
.HD..........V.P.....bG..G.RV.>...|.e...................mY]..e.....
N.....=!##]....7. />.;=.k.S0.<.......t.r.........b.?M_......{g.t
.........f..:.y.)v.rz ;;...E.....T..P.(v..z.e....}.}.......V..=q......
.Z%.).g....S...D....%.........E.=}qo.b....R.5......0Ia.B....]...Kj...-
d.....i...N....Og...N...I.cQ(.LX..N.......Q..SwrE......B..mQ=..xJ.z..V
.Y}.].....;..J....w...*v..y.XA.......'.......f}........~Mg.N.[.s.....6
..C....SE/...M.....T'5z.....Z....Pz.$=<7V.o."#.ZK.t..~..Ezv.CWh....
."0.~b[.d....&.LE.3..x.....OXq._....6~B ...(....I......p..Z.........Z{
B...Xkm....m...C.....;. FD.).b...HZ.....W...x.D.ht..X._m..=3>......
..y.u..@..Zv94S'.......L.uoh.Q.kqo.x.....>..D..........I..b....JyW"
...f..H....>.V..^.........6<K...,......=.......r.{Y..z.......kBS
....W.zHC..>.....3../..[...5.....N...R..$..z...*.g[>7.y..v......
*Ef.5./..........}....YB......]u.Q5..\.ZuE....Cmh......<..4....U...
..:...QG..U...#]...v.{M..8.*..Kms...J.d=..%..!...t.wV.\..^.  ..oZ..t..
.H.(...ic...mB.W.%U...%..........b.`..4..Zk:{..q..:...m..k.....&...?Ql
..%8..".k22..U.....f..A<.....#n.0TV.........-..!...:.Xm......c...).
......6.b......v..X......LT.9LNb.@e&..D.1...6q.[s.GY..b...........U..P
.`....}...{..j..(.2PZ5..7....(...C.6F...._...|.k]..m....r....J..U..M|.
...h.......|....4..`..y.*...k....c5..R.....<..,.L...9.S.(:(ZG..<<< skipped >>>

GET /stdl/qbExtension/qqbrowser/Extensions/production/{66AC5389-365D-4B55-BF5C-5A2A4BC21CCD}_8.0.0.44_{66AC5389-365D-4B55-BF5C-5A2A4BC21CCD}.qrx HTTP/1.1

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1) QQBrowser/6.0

Host: stdl.qq.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Server: X2_Platform

Connection: keep-alive

Date: Fri, 27 May 2016 18:44:29 GMT

Cache-Control: max-age=2592000

Expires: Sun, 26 Jun 2016 18:44:29 GMT

Last-Modified: Fri, 24 Jul 2015 07:10:44 GMT

Content-Type: image/gif

Content-Length: 361961

X-Cache-Lookup: Hit From Disktank
PK........uy.F........`.......NetService.dllUT......U...UUx.........|T
..0....$.X..7.`.(.F.5.....$....aa..I.E..Z.v. Ap...e-Ul..~.......4mQ.B.
."o"...-..7jP..!.?3..[......{..........9s...9gfN..k.. ."|4M.....P.....
0.....6.x..z..w..^...9..<....<...{~....9..7gA..9..AN.TO.........
...*..F.....W.>._......... ...q.4...R.<.W...s...Qz.....g.S..z...
...].....Vc..........a.S.f....i..2....L@H..9.K.......G...W.z..x....C&g
t;.....T....o.U8p.0...J........3..k. ............L!......R..........].
.wI..O....a_..<9.0...s..@.k.7........|.n.u<..t.v.p7........[X}..
{.....$..%.z..s........'......O.....{......@..p....w..1....f....ImtnS$
.DTJ..I.-J.U).)%.JIN..Q....b)... k....y...X.g..e.....C.DA.._.CW..... .
...W.J.q-...U......W..."!......as......[.,sfZB.D!0T[$.6.l..(.......D.a
tj...:QtL4...QgC.<.}l.Zl...O".&..q....w[.4..0-.....b1...eR...KP..T.
..........a....IK.....v.U.N.%C .....js%bI.c?.'.^...[.F...q..Q:t.......
.Bu...v ...a&..#.vF..'.'....f.x.).`Fv{........ve@9 .W.K...d...8... .r.
.BY...v..[:.m......t(.p4........../......n._....iZ...-Z...i.M.|. jyeP.
.-.*...`....f,...d..i..r.......D....Dq.f.........1..9....9.]..C.;..UZ.
.%c>.i...J.I).0.,.....C&v..i.......|...UO8.a....2yE.3H.^...#.X.[.H.
}=..}._....H.nc.{4-..}...M.WT.M........[)..G....R.h.& ..c...|x.a....E.
._5.....Z.f.e...\6.^.Z."fX^c...&xw.._w[.M...t...}....L.F..[...L.......
..<...g.|..Zk_.........k..Z......ayx....E..#7..C..z.........~...._.
..s....._...Dg.jl...B..l......C.....Y........m..7$.'..W...f.|.jQ.%....
...E....l.....q.3....o.A..l....c...c.:.[..g..X.d.?.c#.... y4T..i..<<< skipped >>>

GET /invc/tt/ps/res.ini HTTP/1.1

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1) QQBrowser/6.0

Host: dl_dir.qq.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Server: TCDN_NWS

Connection: keep-alive

Date: Fri, 27 May 2016 18:44:20 GMT

Cache-Control: max-age=600

Expires: Fri, 27 May 2016 18:54:20 GMT

Last-Modified: Thu, 06 Aug 2015 08:07:55 GMT

Content-Type: application/octet-stream

Content-Length: 1354

X-Cache-Lookup: Hit From Disktank
[sso]..ver=2..url=hXXp://dldir1.qq.com/invc/tt/ps/SSO_A2AAE88A707B517C
1427E4D0DB9DF892.qbzip..md5=A2AAE88A707B517C1427E4D0DB9DF892..[ie8core
]..ver=1..url=hXXp://dl_dir.qq.com/invc/tt/ps/IE8Core_9F09CD36F4C8F650
1898FCE6723D8BAF.qbzip..md5=9F09CD36F4C8F6501898FCE6723D8BAF..[QMScan]
..ver=1..url=hXXp://dl_dir.qq.com/invc/tt/ps/QQBrowserOTA_20130109_QMS
can.qbzip..md5=25CB258570A6A5E312DEDA71C509275B..[ChromeTab]..ver=1..u
rl=hXXp://dldir1.qq.com/invc/tt/ps/ChromeTab_CB5A572D0CA8CDB4B4F8D81F1
5B9DA3A.qbzip..md5=CB5A572D0CA8CDB4B4F8D81F15B9DA3A..[IE10Core]..ver=1
..url=hXXp://dldir1.qq.com/invc/tt/ps/IE10Core_3BD26401B410B27CAA1E30D
5FAE54B08.qbzip..md5=3BD26401B410B27CAA1E30D5FAE54B08..[QQBrowserFix].
.ver=1..url=hXXp://dldir1.qq.com/invc/tt/ps/ProblemFix_B58E1FA4B62451F
7450F98D2053A0715.qbzip..md5=B58E1FA4B62451F7450F98D2053A0715..[QQMail
]..ver=1..url=hXXp://dl_dir.qq.com/invc/tt/ps/QQMail_302067711CCDA1C8C
70E4558F288E861.qbzip..md5=302067711CCDA1C8C70E4558F288E861..[flash]..
ver=1..url=hXXp://dldir1.qq.com/invc/tt/ps/Flash_C9FE090ABC5B2835C4A88
D70AEA6C5E0.qbzip..md5=C9FE090ABC5B2835C4A88D70AEA6C5E0..[MSdbg]..ver=
1..url=hXXp://dldir1.qq.com/invc/tt/ps/QQBrowserDBGOTA.qbzip..md5=5d2c
d97b61f8424fce2d29ed3f0d4a10..[sso-f1]..ver=1..url=hXXp://dldir1.qq.co
m/invc/tt/ps/SSO9_E402B9859883F3FF0438B41B4A1BCF8E.qbzip..md5=E402B985
9883F3FF0438B41B4A1BCF8E..<<< skipped >>>

POST / HTTP/1.1

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1) QQBrowser/6.0

Host: qbwup.imtt.qq.com

Content-Length: 1022

Cache-Control: no-cache

......,<LV.qbpcstatf.stat}.........crypt...

list<char>.....
......B..s...T-.&...!A..7.~._.L.......}z...>D..Q.N...@.

..$.]..E*......A.Q*[2."<..Q.._z....X6ji..x.f)..
.9.&k]..!8.

../......Zm....P.......E4.&..$lN....p..,._.h........R;TF.P...F....=.O.fD.i.3.{@.?2..........%..M.{..J...\W5......Zc..B}...@..4..I.E^......g....f>.q..U.......

y.E.|,.4..aB...\u.W.A..$ML.R..y.a.UN...2.j.Az...Ra5.8Wv.._.=.M?|...`s.pNq....!v
....njNNq....!v.....n...6..HEBEO.....j.......s......;....m....t.b...o..T.#.*zw..f.5.<l5W.N.e]Wd.r.<c..i"........<\....

|\.....@s....?G>..W...Nq....!vo.d...W..6..HEBEO....S. .6..HEBE..e.^.........s.....!.....m.....,....*T.T.#.*zwoNZ.9Y..5W.N.e]Wd.r.<c..P9........<\....qb;ZJ.'..@s....?....Gg..Nq....!v...9.....6..HEBE..PC.C.[......s.M_Y.d.....m....o.[\.u...T.#.*zwHQ...-..5W.N.e]W9......x#Fb..

...<\....l.....y..@s....?K..,...nNq....!v. .c.;N..6..HEBE...@..........s..fo...x...m....~1[......T.#.*zw..9.Tt..5W.N.e]WL..$".r]..}....l.....&.B.Q...E.vNq....!vYU z....f#..k......]j.V.5W.N.e]W-B8uj......
HTTP/1.1 200 OK

Content-Length: 54

Content-Type: application/multipart-formdata

Date: Fri, 27 May 2016 18:44:16 GMT

Server: HTTP Load Balancer/1.0

...6..,<LV.qbpcstatf.stat}.............int32..........HTTP/1.1 200 
OK..Content-Length: 54..Content-Type: application/multipart-formdata..
Date: Fri, 27 May 2016 18:44:16 GMT..Server: HTTP Load Balancer/1.0...
..6..,<LV.qbpcstatf.stat}.............int32..............

POST / HTTP/1.1

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1) QQBrowser/6.0

Host: qbwup.imtt.qq.com

Content-Length: 942

Cache-Control: no-cache

......,<LV.qbpcstatf.stat}.........crypt...

list<char>....m
...h..B..s...T-.&...!A..7.~._.L.......}z...>D..Q.N...@.

..$.]..E*......A.Q*[2."<..Q.._z....X6ji..x.f)..
.9.&k]..!8.

../......Zm....P.......E4.&..$lN....p..,._.h........R;TF.P...F....=.O.fD.i.3.{@.?2.....kQ~..>.f>..e...k.?H....o.#.=.......T.....E..L...aViwT...^....L..4
{.sJD.)..~.Y....u.2....2vJWu..o'..s.7.;../............#il3..R....bEv ...2.YI.(.........x...*Ae|m._.q.I({Y..x....)K..f......b.m_...!!z..5.._..F3W=.u(.....Q.M..0..}V.....f.s =...1..G&Z..g05O.Nq....!v.P(....@......s..

.....T.#.*zwq.B..........C{.yQ.>7...,..E..O.Nq....!v..j.[ ...6..HEBEp.~3.._z...m.......@...[.T.#.*zw...'4 .v...*..PyQ.>7...B.}...a.Nq....!v..!.u..c`..7
...g.
......\....E. ..Mg.,yyQ.>7.....fl....Nq....!v...,.D.(..!..NV.am..{.. ..r.E. ...It..zi........,...G....6..HEBE.i...h.D.KR.Iij<..F.....y. ...A.RRyi(.##...{...w:0z..8..............&'.f.{.G.Z.  ......=2...7v.8.~[..Q.......C{..`sJ,.>J...
HTTP/1.1 200 OK

Content-Length: 54

Content-Type: application/multipart-formdata

Date: Fri, 27 May 2016 18:44:20 GMT

Server: HTTP Load Balancer/1.0

...6..,<LV.qbpcstatf.stat}.............int32..........HTTP/1.1 200 
OK..Content-Length: 54..Content-Type: application/multipart-formdata..
Date: Fri, 27 May 2016 18:44:20 GMT..Server: HTTP Load Balancer/1.0...
..6..,<LV.qbpcstatf.stat}.............int32............

POST / HTTP/1.1

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1) QQBrowser/6.0

Host: qbwup.imtt.qq.com

Content-Length: 438

Cache-Control: no-cache

......,<LV.qbpcstatf.stat}.........crypt...

list<char>....u
...p..B..s...T-.&...!A..7.~._.L.......}z...>D..Q.N...@.

..$j..O4.(....A.Q*[2."<..Q.._z....X6ji..x.f)..
.9.&k]..!8.

../......Zm....P.......E4.&..$lN....p..,._.h........R;TF.P...F....=.O.fD.i.3.{wZ.A......w...E......../. .sJ.F..m...e.........:w..........>]..T..s|.....g.P".L.T.C[F|V~..(....8H.1..Q._..Z.=.V.A

0...N.6V

..4S&Qn\.:y..q...6....k..l"S..kliw.z.D........y.v.J...
HTTP/1.1 200 OK

Content-Length: 54

Content-Type: application/multipart-formdata

Date: Fri, 27 May 2016 18:43:46 GMT

Server: HTTP Load Balancer/1.0

...6..,<LV.qbpcstatf.stat}.............int32..........HTTP/1.1 200 
OK..Content-Length: 54..Content-Type: application/multipart-formdata..
Date: Fri, 27 May 2016 18:43:46 GMT..Server: HTTP Load Balancer/1.0...
..6..,<LV.qbpcstatf.stat}.............int32............

GET /gf/360IniVerify.cab HTTP/1.0

User-Agent: Beacon

Host: dl.360safe.com

Pragma: no-cache


HTTP/1.1 200 OK

Server: nginx

Date: Fri, 27 May 2016 18:44:16 GMT

Content-Type: application/octet-stream

Content-Length: 316

Last-Modified: Thu, 12 May 2016 11:24:25 GMT

Connection: close

Expires: Sat, 28 May 2016 02:44:16 GMT

Cache-Control: max-age=28800

Accept-Ranges: bytes

[360ini]..version=1,0,0,1165..[360signdata]..sign=01000000B81CA7F74438
A62B0F1B9520CF9FB31B153DE5F15DECD96FFA77A1E1BEF5E9A0F5BDD6C2B9B6C7D2EB
BDAD49FB63F41A3F73A0D219BC7AAF70DF3005461C444DA24333B1D2693E32EE621A57
5D5B038004A3B0D3F41B5B59A5193A5B810054CCED4CEC5C6A3DE0F13357798205C2EB
69F2F926729C834EA56749BF0B37EE2336..

GET /hips/update/inst.htm?m=c2e002327fd54316e7e19c265c31455f&v=1001165&s=285&r=0&d=2210001 HTTP/1.1

Accept: text/html, application/xhtml xml, */*

Accept-Language: zh-CN

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko

Host: s.360.cn


HTTP/1.1 200 OK

Server: nginx/1.0.12

Date: Fri, 27 May 2016 18:44:25 GMT

Content-Type: text/html

Content-Length: 0

Last-Modified: Thu, 15 May 2014 07:31:53 GMT

Connection: close

Accept-Ranges: bytes

GET /accept?authcode=1771558448&guid=20CA7FCB-5BD0-79E2-F059-3169D2972B9C&supplyid=85296&IEVer=6&osVer=5.1.3&osDigit=32&psver=3&appId=3&cver=8.2.3638.400 HTTP/1.1

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1) QQBrowser/6.0

Host: ps.browser.qq.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Content-Length: 11559

Content-Type: application/json;charset=utf-8

Cache-Control: no-cache

Pragma: no-cache

{"tasklist":["{"appId":"3","cmdCode":3404,"tas
kId":3404,"ver":25252,"url":"http://stdl%2
Eqq.com/stdl/qbfilepush/qqbrowser/cloudctrl/production/1
438571713_5287.txt?","taskKind":1,"uin":""
,"svrMsg":"{}","md5":""}","{"appId%2
2:"3","cmdCode":3406,"taskId":3406,"ver"%3
A65983,"url":"http://stdl.qq.com/stdl/qbfilepu
sh/qqbrowser/cloudctrl/production/1463643770_5350.txt?%2
2,"taskKind":1,"uin":"","svrMsg":"{}
","md5":""}","{"appId":"3","cmdCode"
:1020,"taskId":20001,"ver":7,"url":"http%2
53A%2F%2Fdl_dir.qq.com%2Finvc%2Ftt%2Fps%2F1020%3F%
22,"taskKind":1,"uin":"","svrMsg":"{%7
D","md5":""}","{"appId":"3","cmdCode%2
2:1100,"taskId":20003,"ver":77,"url":"http
%3A%2F%2Fpc5.gtimg.com%2Fbtr%2Fqqbrowser%2Fps%2F1100
%2F34_75_2013-04-03.zip%3F","taskKind":1,"
uin":"","svrMsg":"{}","md5":""}"
,"{"appId":"3","cmdCode":2104,"taskId":200
07,"ver":27,"url":"http%3A%2F%2Fpc5.gtimg.
com%2Fbtr%2Fqqbrowser%2Fps%2F2104%2F57_27_2012-06-15
.dat%3F","taskKind":1,"uin":"","svrM

<<< skipped >>>

POST /c/ HTTP/1.1

Host: infoc0.duba.net

Content-Type: application/x-www-form-urlencoded

User-Agent: Mozilla/4.0

Accept: */*

Content-Length: 264

.............. .C.XtB...CpapC..........................HW........................................&........k....................................................................................................................... .....................................
HTTP/1.1 200 OK

Server: Kingsoft Web Server

Date: Fri, 27 May 2016 18:44:17 GMT

Content-Type: text/plain

Content-Length: 43

Connection: keep-alive
 .....>[common]..result=1..time=1464374657...

GET /qbfilepush/qqbrowser/cloudctrl/production/1415626007_8983.txt?&guid=20CA7FCB-5BD0-79E2-F059-3169D2972B9C HTTP/1.1

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1) QQBrowser/6.0

Host: res.imtt.qq.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Server: X2_Platform

Connection: keep-alive

Date: Fri, 27 May 2016 18:43:15 GMT

Cache-Control: max-age=86400

Expires: Sat, 28 May 2016 18:43:15 GMT

Last-Modified: Mon, 10 Nov 2014 13:26:48 GMT

Content-Type: text/plain; charset=utf-8

Content-Length: 45413

Access-Control-Allow-Origin:  *

X-Cache-Lookup: Hit From Disktank
PK........k..BM..2............bggradient_day.png}Si..a...C... .c...9..
...-..Z....5.|.Njf.3S....d..?....G.....#.AB#..W..."...Y.%...%...y..{..
..-/......*...s..-.]...{W9.L...c...J.|@.R.PM.y...,U.....W_..*..b<^.
..N.yVG).]....Uj..)..H..T1...x*.C.m.g.\. l.AfZ..*j.<.....a...4F..,.
((...D2f..uI9V....C....m..*.l.. ..D.G1.2.u..`4b. ..p...Q..I...MPa..m..
 ..)......%)L"H4..EKt.P.`.A(.8...Zq1'Q1-'..P.../0a..9H.)...,0.[Vq.)...
6..CbT..t(.....?.e;.......E..0@.@.#......9L..@I......],.../..0d.0B....
...V,.NN.(...v.,Wt.C.z....G..E......1.@1..............8..K....q....@`.
.z...P...Lq/XQ....../.Ed3.?.Y).fG.;.VN:..p....P.5.....w.'yb..y.......`
d.t.[.]Z.u...6z......YS..f8?......'[..0v.H...........#-....Q...s....E;
.9.,9..x...C]N..j.7}N...fi..Y.5..2|....o..k{.m.9....aB.r....s...lz|KJN
...<....mK._o.....`..d......Z.}......a..8k...Y..........x...M..4%V.
<.2Gw....4$.<G...h...XW.h....O.J.....x.s..;.w...-.s3N.M.K..~N?..
....K....l.....-.@....?.._3.g.G.......~.......]...KoP....{_8...d...D[.
..%m......7...3>.[....v.J.*}..r...^*y9.e....,..PK........k..B...c..
..........bgsearch_day.jpg.U.L.e........z.........*u.......,.u3...N...
..P...(.......&n..9.....'.......N7M.n...s...<.].i........?~..w7....
....\...].(47.~D....U..@J./...y....v......V.hE...j3v.v.M.UF.......*..W
......?m.*.A..puucUc.=pC.uK8p.-K.}.......K.%].]m.m.h ..vS{...N......F.
.E.....>..5zx{(... /..U.L..Ri...b1.xs..l.....tam...|.?=.......:....
.:a:.......*C.......l.l....Hw{....=r...G ...;..P;... B7G..!c....'..1..
.'.mk...D...'..4ww...@$ts....s.rG.=.h......M3Y....."7.:x...^.u....<<< skipped >>>

GET /shurufa/bigime/b9ccbec9b93/FAEtx8iH_TN_channel1_2016-05-17_18-52-16_47_3.3.2.1028_1202000454.exe HTTP/1.0

Host: ime.sw.bos.baidu.com

User-Agent: NSISDL/1.2 (Mozilla)

Accept: */*


HTTP/1.1 200 OK

Server: JSP3/2.0.14

Date: Fri, 27 May 2016 18:44:11 GMT

Content-Type: application/octet-stream

Content-Length: 36021192

Connection: close

ETag: "70e8e92a173ddd269bc776db69c99e9f"

Last-Modified: Tue, 17 May 2016 18:27:24 GMT

Expires: Mon, 30 May 2016 10:28:19 GMT

Age: 29752

Accept-Ranges: bytes

Content-MD5: cOjpKhc93Sabx3bbacmenw==

x-bce-debug-id: MTAuMjA3LjMyLjE0OkZyaSwgMjcgTWF5IDIwMTYgMTg6Mjg6MTkgQ1NUOjE2OTk0OTU0Nw==

x-bce-request-id: 0ffab01a-f2f8-4b79-8880-6df2ef0fa366

MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......A{.k...8...8
...8.b<8...8.b,8...8...8...8...8...8..%8...8.."8...8Rich...8.......
.PE..L.....GO.................p.......B...9............@..............
.....................%...@.................................d........@.
.H9..........P.%.x....................................................
........................................text....o.......p.............
..... ..`.rdata...*.......,...t..............@..@.data....~...........
...............@....ndata.......0...........................rsrc...H9.
..@...:..................@..@.reloc..............................@..B.
......................................................................
......................................................................
......................................................................
......................................................................
...............................................U....\.}..t .}.F.E.u..H
.....-G..H.P.u..u..u.....@..K...SV.5.-G.W.E.P.u.....@..e...E..E.P.u...
..@..}..e....D.@........FR..VV..U... M..........M........E...FQ.....NU
..M.......M...VT..U........FP..E...............E.P.M...H.@..E..P.E..E.
P.u.....@..u....E..9}...n....~X.te.v4..L.@..E...tU.}.j.W.E......E.....
..P.@..vXW..T.@..u..5X.@.W..h ....E..E.Pj.h..F.W....@..u.W...u....E.P.
u.....@._^3.[.....L$...-G...i. @...T.....tUVW.q.3.;5.-G.sD..i. @...D..
S.....t.G.....t...O..t .....u...3....3...F. @..;5.-G.r.[_^...U..QQ

<<< skipped >>>

POST /c/ HTTP/1.1

Host: infoc0.duba.net

Content-Type: application/x-www-form-urlencoded

User-Agent: Mozilla/4.0

Accept: */*

Content-Length: 264

......'.8..... .C.XtB...CpapC..........................HW........................................&........k....................................................................................................................... .....................................
HTTP/1.1 200 OK

Server: Kingsoft Web Server

Date: Fri, 27 May 2016 18:44:22 GMT

Content-Type: text/plain

Content-Length: 43

Connection: keep-alive
 ..../A[common]..result=1..time=1464374662...

GET /favicon.ico HTTP/1.1

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; QQBrowser/8.2.3638.400)

Host: daohang.qq.com

Cache-Control: no-cache


HTTP/1.1 200 OK

Date: Fri, 27 May 2016 18:41:37 GMT

Content-Type: image/x-icon

Content-Length: 1150

Connection: keep-alive

Server: nginx

Last-Modified: Fri, 25 Oct 2013 09:44:12 GMT

Set-Cookie: IPLOC=UA; path=/

P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

ETag: "526a3d6c-47e"

Expires: Sun, 26 Jun 2016 18:44:13 GMT

Cache-Control: max-age=2592000

Accept-Ranges: bytes

............ .h.......(....... ..... .................................
.......................................................F..............
......................................................................
......................................................................
L...........J............................,..............~.............
..............w................p..........................<........
...P.......................................M..........................
......................................................................
...b........................... ................................... ..
.........................N...................................N........
...............................3...........<.......................
.....,...........................................................$....
......................O...........O...................................
......................................................................
...................................................................,..
.........................(............................................
......................................

<<< skipped >>>

GET /hips/update/inst.htm?m=c2e002327fd54316e7e19c265c31455f&v=1001165&s=476&r=0&d=2210001 HTTP/1.1

Accept: text/html, application/xhtml xml, */*

Accept-Language: zh-CN

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko

Host: s.360.cn


HTTP/1.1 200 OK

Server: nginx/1.0.12

Date: Fri, 27 May 2016 18:44:24 GMT

Content-Type: text/html

Content-Length: 0

Last-Modified: Thu, 15 May 2014 07:31:53 GMT

Connection: close

Accept-Ranges: bytes

POST / HTTP/1.1

Q-GUID: 00000000000000000000000000000000

Q-UA: PCQB80_GA/800000&NA/NA&PC&NA&NA&NA&9008&NA&V3

x-tx-host: wup.html5.qq.com

QQ-R-ZIP: gzip

QQ-S-Encrypt: mttecr2

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1) QQBrowser/6.0

Host: wup.imtt.qq.com:8080

Content-Length: 480

Cache-Control: no-cache

.s...<....b.pR....L....E1R.4Q...(.}.......W...>X.T....-.oD.v).M.5..{ZI.

..8:...L....t ..
@.{........O.C....fo.s2..`..cY.......RW..PG-.......LG. .x..C..w~...g.....0S.g.^8..vb.....Q..S.....H.....T h..ue96......V2..~..$/..]d..V.e.40U)..>...Y&..>.IF..G....i....6.....K~..[.?Z.I......N)........z.:.F..@qPY....jk.|:E.....g.4IB.1.(. l$.K..."...&[..3.~....N..... .?=@B.5P.t~L.........v... ....h..P\.....K..)..I....o....m......[....-.9.h..m.2.

....S2..A.C...5q....1.#...*.....F.qf.He.\.
HTTP/1.1 200 OK

Cache-Control: no-cache

Connection: close

Content-Length: 344

Content-Type: application/multipart-formdata

Date: Fri, 27 May 2016 18:44:16 GMT

QQ-S-Encrypt: mttecr2

QQ-S-ZIP: gzip

Server: QBServer
.{3..r..s...t......c..6...z.g.X..g..9.a/i....g.....(#B.....:.5.#Z-..@V
....R..c&....dc~x.N..].3.ET.l.}>!.._.0.-..W....:-.P.:...,~W..:;....
...l...]..`K8...N;,v...... ............a.]@#2.iu...re.(E.^(.i..kB.-...
[..8?..#a.......g...........!.E.v...1A.....1G....fu.-.T.e(.}."..kp.:U.
8tg...*.,bP...e..{.....$..2..4...?,..G@...1...a.vw../..L.......&.>.
..

GET /soft.imtt.qq.com/browser/btr/qqbrowser/ps/production/119_4_2014-01-15.qqzip?mkey=5748b379da60d437&f=6606&c=0&&guid=20CA7FCB-5BD0-79E2-F059-3169D2972B9C&p=.qqzip HTTP/1.1

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1) QQBrowser/6.0

Host: 203.205.151.213

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Server: 3Gdown_DK

Connection: keep-alive

Date: Fri, 27 May 2016 18:44:28 GMT

Cache-Control: max-age=0

Last-Modified: Wed, 15 Jan 2014 05:20:40 GMT

Content-Type: application/octet-stream

Content-Length: 42055

X-Cache-Lookup: Hit From Disktank
PK.........j/D.]..............history_push.db...X..u.5......H.c. ,.. .
.x...Q., ,.","....D..O.......A4i..IsW.T.....M.i.4W......3.6...........
..~..=.....pd.Y.~F..A..x??..7....P>4....M......h..E}Mt.z.t4.....B..
......;...N..qZ.Sm...L[..i...L...5j....I~...fN....=.........7mV...~3&-
.w...6....-w...td............K.%..7mv..)......?..........N.........v..
%...~.yU,........T.~....v\&...U............y..7g..x*..7q..O..o. 2?P.Co
t.W.....'H.......?...\e..H.............K.[.."..&.....?...j...ew!....?.
*.43..N.-./.o.. ./......Rl~O.........'9..c..srrF.[........T..0."r.DM..
].$$1$6{...q....V..wX.3.Y.g..........<cJ...Q..Q..kv.#ra..{t.... ..c
...g,^`.....q.......'L..q..$..U6U.dO...`..Y.B...92Rm...........u.P..DK
..........0}.Uhx|.{.e...ks.....*e.v[D.sE....oNB.t...{R=..O-...........
..............z].....h..Q>......"G>......7.D.{...}......R..g.).I
^"3...5................n;.h6.Pt...w54.J..w:.N.....<.H.{O!.._<...
f=.G;W_.n.].q..a...:j.J._ttg~......}...........>.....(...;..;.n..zR
.J.~u..;.S...,G.C..Z._.&>qU....w4.`=......,...fiK....b...].N..k..{.
I..r...p..N.%...'=..|...wv>_..X.zj...\....1... )[...l...:w.s.\...O.
f?~.}^....N.br.YRSq..9..pR@.......?}.S.............Nd...I..a.6.X.....&
lt;..i.....u..Ky|M..I...zD.4.....X....T..2*)%.s......,....?...?...1...
3..'..\.....[ssJ.}lW&\?..t..............;:..co..>.].s...,.x.8..v..{
qy8.}.s.l.wT..;..B].@.t.1-V.X...nS&..xc..z(....b....:..}wGs..p?...{.G.
..1.c..G..).....U..bSnC.A.M#.Py...=^.P..t4.u4.A5`z....Wwr....B.v.$S.8.
>v........i7.F.....E.N..~.n....>N....;.-t.]D...".N..i....O..<<< skipped >>>

GET /soft.imtt.qq.com/browser/btr/qqbrowser/ps/production/126_1_2014-01-20.zip?mkey=5748b37ada60d437&f=105&c=0&&guid=20CA7FCB-5BD0-79E2-F059-3169D2972B9C&p=.zip HTTP/1.1

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1) QQBrowser/6.0

Host: 203.205.151.213

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Server: 3Gdown_DK

Connection: keep-alive

Date: Fri, 27 May 2016 18:44:31 GMT

Cache-Control: max-age=0

Last-Modified: Mon, 20 Jan 2014 02:59:01 GMT

Content-Type: application/zip

Content-Length: 9721

X-Cache-Lookup: Hit From Disktank
PK.........R4Dd.-,`...o.......act.xml...K.P.......}o...-.2.. V.S,..hn.
.VoiJ.......i..E....3^..E7.Ep......=.|......S.......h..D.V.ZHV#.Z..'..
wv|......~1..-%...}..aJ&....#F.....1I....=,..f.jd..9.5..P..".....f|..,
..J&..k..u6.`.ZlP../... ..?....K.C..^..F.q ... B.{.)....n.N.\H...BH...
..Ow..n9...x...7;U...,.......i...R...n.......,8.Z......,..9.....Z.V...
.v..........M.|....O...Cx../R..........PK........Ai2D....U...y.......n
ewyear_light.png.Sy8.k...[......R.1...6..c...Y...432...$J...$....d...f
.K...{....{.s...{..=.|..9.9.9..-M.;dvppp..0F..'f.e..l.m..Om.....L;*...
..9...'.0..y.m.8B....6......3..k.......cTX.4.........D&.I."St .e...L..
8!..X.!........-....x.....h.......8...Gah.t .......a.....W..kQ.Xk..J'.
H.$...W.4P*p$\].~.PS.#`.......i....H.7.lg..HZ.F&....t .L&M.....T.D.P.^
08...........(#.............<.Lc.........0u ._.~....#0..[..[.c.h0..
*....;...%........a.D.5..'n...........hY......3..........d....L.R.kjhx
".P$....{....x...A.k"..(O.:..8..G.#.p..C.5558...R5P36F#T.&...(...f...G
.........'W..N.1.t{*...)...2..o*.04..`qx2......~ .H'.&.L.T...&k....Uu.
#..M....@B..(.T..'Aq(..O.8.I@. .....y...`............l..l....>..=..
.....[fFh{V.'...b^..8....p..tq.....}./....2u>?|..9...X.....t...N...
....<m.9.[4X.71c.k._....=B..'m........!....#.jU....[C.C..<jU....
l._...M...9h.}0.....d.'....<.....a.......K>....!KR........".%x..
.~lc...9.$&..L;..n...5.ih4...r.d../.1.>....W{.a..T..x.p.y'.r..)..\h
.~Z/A.....~...h3.....g...kK./J..6...x....D...Wd\C....(!.fZ..z.k../^.8s
..]..m..P.p..e0.xu).g01.T~.....S.lF bq.Rt...u....,...7K..t........<<< skipped >>>

GET /NmIxNmEyZDRjNWM5YjU2MTA4YmUzNDc1ODI4MDRhNTAuZXhl/40.html HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; QQBrowser/8.2.3638.400)

Host: 120.55.138.124

Connection: Keep-Alive


HTTP/1.1 404 Not Found

Content-Type: text/html; charset=us-ascii

Server: Microsoft-HTTPAPI/2.0

Date: Fri, 27 May 2016 18:44:18 GMT

Connection: close

Content-Length: 315
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""hXXp://VVV.w3.org
/TR/html4/strict.dtd">..<HTML><HEAD><TITLE>Not Fo
und</TITLE>..<META HTTP-EQUIV="Content-Type" Content="text/ht
ml; charset=us-ascii"></HEAD>..<BODY><h2>Not Foun
d</h2>..<hr><p>HTTP Error 404. The requested resourc
e is not found.</p>..</BODY></HTML>....

GET /go/full/201/1202000454 HTTP/1.0

Host: w.x.baidu.com

User-Agent: NSISDL/1.2 (Mozilla)

Accept: */*


HTTP/1.1 302 Moved Temporarily

Date: Fri, 27 May 2016 18:44:10 GMT

Content-Type: text/html; charset=utf-8

Connection: close

Location: hXXp://ime.sw.bos.baidu.com/shurufa/bigime/b9ccbec9b93/FAEtx8iH_TN_channel1_2016-05-17_18-52-16_47_3.3.2.1028_1202000454.exe

Set-Cookie: BAIDUID=4FB749421E87254EBE51493BB2417DF4:FG=1; expires=Sat, 27-May-17 18:44:10 GMT; max-age=31536000; path=/; domain=.baidu.com; version=1

P3P: CP=" OTI DSP COR IVA OUR IND COM "

tracecode: 26502294040599538186052802

Server: Apache

POST / HTTP/1.1

Content-Type: application/x-www-form-urlencoded

Host: masterconn.qq.com

Content-Length: 194

Cache-Control: no-cache

.............-.h.... ...[.y..Y1i.. .WH.....6........................U4.X..e.......,........9S:r.%..,t{.......C.h....jU...;..e..^....#h.....p...8..p&.
.xO.....b..3.[.1.g".

%X.......3.x....7.~.u.
HTTP/1.1 200 OK

Content-Length: 130
.............-.h.... ...[.y..Y1i.. ........6.......................Q.7
1.e...x.l:....is.:.. ,v.(.3.9...:(...(...e...N.!.r.TM%..%(=.HTTP/1.1 2
00 OK..Content-Length: 130...............-.h.... ...[.y..Y1i.. .......
.6.......................Q.71.e...x.l:....is.:.. ,v.(.3.9...:(...(...e
...N.!.r.TM%..%(=.....


POST / HTTP/1.1

Content-Type: application/x-www-form-urlencoded

Host: masterconn.qq.com

Content-Length: 194

Cache-Control: no-cache

.............-.h.... ...[.y..Y1i.. .WH.....6........................U4.X..e.......,........9S:r.%..,t{.......C.h....jU...;..e..^....#h.....p...8..p&.
.xO.....b..3.[.1.g".

%X.......3.x....7.~.u.
HTTP/1.1 200 OK

Content-Length: 130

.............-.h.... ...[.y..Y1i.. ........6........................~.
..9.P...|..bv6....I8>..'2c..........@..Z......e0....`.#.4?..HTTP/1.
1 200 OK..Content-Length: 130...............-.h.... ...[.y..Y1i.. ....
....6........................~...9.P...|..bv6....I8>..'2c..........
@..Z......e0....`.#.4?....

GET /browser/btr/qqbrowser/ps/production/65_13_2013-11-28.CompatList?&guid=20CA7FCB-5BD0-79E2-F059-3169D2972B9C HTTP/1.1

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1) QQBrowser/6.0

Host: soft.imtt.qq.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 302 Found

Server: nws 1.2.15

Connection: close

Date: Fri, 27 May 2016 18:43:18 GMT

Expires: Fri, 27 May 2016 18:43:18 GMT

Cache-Control: max-age=0

Content-Length: 0

Location: hXXp://203.205.151.213/soft.imtt.qq.com/browser/btr/qqbrowser/ps/production/65_13_2013-11-28.CompatList?mkey=5748b3b3da60d437&f=6606&c=0&&guid=20CA7FCB-5BD0-79E2-F059-3169D2972B9C&p=.CompatList

GET /accept?authcode=1771558448&guid=20CA7FCB-5BD0-79E2-F059-3169D2972B9C&supplyid=85296&IEVer=6&osVer=5.1.3&osDigit=32&psver=3&appId=3&cver=8.2.3638.400 HTTP/1.1

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1) QQBrowser/6.0

Host: ps.browser.qq.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Content-Length: 11559

Content-Type: application/json;charset=utf-8

Cache-Control: no-cache

Pragma: no-cache

{"tasklist":["{"appId":"3","cmdCode":3404,"tas
kId":3404,"ver":25252,"url":"http://stdl%2
Eqq.com/stdl/qbfilepush/qqbrowser/cloudctrl/production/1
438571713_5287.txt?","taskKind":1,"uin":""
,"svrMsg":"{}","md5":""}","{"appId%2
2:"3","cmdCode":3406,"taskId":3406,"ver"%3
A65983,"url":"http://stdl.qq.com/stdl/qbfilepu
sh/qqbrowser/cloudctrl/production/1463643770_5350.txt?%2
2,"taskKind":1,"uin":"","svrMsg":"{}
","md5":""}","{"appId":"3","cmdCode"
:1020,"taskId":20001,"ver":7,"url":"http%2
53A%2F%2Fdl_dir.qq.com%2Finvc%2Ftt%2Fps%2F1020%3F%
22,"taskKind":1,"uin":"","svrMsg":"{%7
D","md5":""}","{"appId":"3","cmdCode%2
2:1100,"taskId":20003,"ver":77,"url":"http
%3A%2F%2Fpc5.gtimg.com%2Fbtr%2Fqqbrowser%2Fps%2F1100
%2F34_75_2013-04-03.zip%3F","taskKind":1,"
uin":"","svrMsg":"{}","md5":""}"
,"{"appId":"3","cmdCode":2104,"taskId":200
07,"ver":27,"url":"http%3A%2F%2Fpc5.gtimg.
com%2Fbtr%2Fqqbrowser%2Fps%2F2104%2F57_27_2012-06-15
.dat%3F","taskKind":1,"uin":"","svrM

<<< skipped >>>

GET /favicon.ico HTTP/1.1

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; QQBrowser/8.2.3638.400)

Host: 120.55.138.124

Cache-Control: no-cache


HTTP/1.1 404 Not Found

Content-Type: text/html; charset=us-ascii

Server: Microsoft-HTTPAPI/2.0

Date: Fri, 27 May 2016 18:44:19 GMT

Connection: close

Content-Length: 315
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""hXXp://VVV.w3.org
/TR/html4/strict.dtd">..<HTML><HEAD><TITLE>Not Fo
und</TITLE>..<META HTTP-EQUIV="Content-Type" Content="text/ht
ml; charset=us-ascii"></HEAD>..<BODY><h2>Not Foun
d</h2>..<hr><p>HTTP Error 404. The requested resourc
e is not found.</p>..</BODY></HTML>....

GET /stdl/qbfilepush/qqbrowser/cloudctrl/production/1463643770_5350.txt?&guid=20CA7FCB-5BD0-79E2-F059-3169D2972B9C HTTP/1.1

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1) QQBrowser/6.0

Host: stdl.qq.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Server: X2_Platform

Connection: keep-alive

Date: Fri, 27 May 2016 18:44:20 GMT

Cache-Control: max-age=2592000

Expires: Sun, 26 Jun 2016 18:44:20 GMT

Last-Modified: Thu, 19 May 2016 07:42:50 GMT

Content-Type: text/plain

Content-Length: 139654

X-Cache-Lookup: Hit From Disktank
.#....=].....CD....G(..:/.. .]...E.~........R..v.t5..o......~^.(...&.)
.R.c..5..........M].[....n..Y..y....8..9.tL.....U....\....X.."........
....q....@v..KEgX.....,..8..9.tL.....U....\.t.!.AD7f....j.. ..xvp....0
.i..)D8.r.:[B.@..9.tL.....U....\.t.!.AD7f(bE.h....KrT.q..a.....&.}....
h...}...h..8..9.tL.....U....\.t.!.AD7f=......yC~\...Yo.R. .Y6.8...V.}.
8..9.tL.....U....\..A.&...f.A...a.....8dG8..0.i..)D8.r.:[B.@..9.tL....
.U....\.x9<. ..1..&i.@.O.V.>J...Z.0.K.H.%..>...##.B...ze@..9.
tL.....U....\.s..CY.M...W........."!.?..>.LvzH...0..,.%t..Et..8..9.
tL.....U....\.s..CY.M.W..s...o. ....&|\br..I8.t..b..]J0..9.tL.....U...
.\.s..CY.M.W..s...o. ....&|.}...h..8..9.tL.....U....\.s..CY.M...W.....
...."!.?..>.LvzH.....c..0..9.tL.....U....\.s..CY.M...W.....%.....j.
..{y(K..8..9.tL.....U....\.s..CY.M.@..............8..?.&.....V..j..(..
9.tL.....U....\.s..CY.M...W.....Ctf.s.j.(..9.tL.....U....\.s..CY.M.@..
......uO_.D..(..9.tL.....U....\.s..CY.M.l..s..O.Q....*.60..9.tL.....U.
...\.t.!.AD7f....j.. ..xvp...;M.#.i..0..9.tL.....U....\....X..".,).'..
?...xvp...;M.#.i..(..9.tL.....U....\.t.!.AD7f=......y..M.....0..9.tL..
...U....\..A.&...f.A...a.....8dG8.;M.#.i..0..9.tL.....U....\.U.c...m.f
...nb...P.tgx..o.d.....0..9.tL.....U....\....X.."............q......#.
...?0..9.tL.....U....\.t.!.AD7f(bE.h....KrT.q..3.yP._C.0..9.tL.....U..
..\.t.!.AD7f....j.. ..xvp....k..g..w0..9.tL.....U....\....X..".,).'..?
...xvp....k..g..w(..9.tL.....U....\.t.!.AD7f=......yB..#jM..0..9.tL...
..U....\..A.&...f.A...a.....8dG8..k..g..w(..9.tL.....U....\.U.c...<<< skipped >>>

GET /stdl/qbfilepush/qqbrowser/cloudctrl/production/1431325272_1735.txt?&guid=20CA7FCB-5BD0-79E2-F059-3169D2972B9C HTTP/1.1

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1) QQBrowser/6.0

Host: stdl.qq.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Server: X2_Platform

Connection: keep-alive

Date: Fri, 27 May 2016 18:44:27 GMT

Cache-Control: max-age=2592000

Expires: Sun, 26 Jun 2016 18:44:27 GMT

Last-Modified: Mon, 11 May 2015 06:21:12 GMT

Content-Type: text/plain

Content-Length: 11957

X-Cache-Lookup: Hit From Disktank

{..........j....~.VVV.titiyy.com.o..#LNY5....................e.A}.....
...........................E.......................\.J....U...........
.NB_8I................wvQ...........................k.>............
.....-aO...\.VVV.scut.edu.cn.?R..V.M.................K................
...O\ w.=@....................j{lY..S..................zZ8..J*..7k7k.c
om...z..f.F...............O&.Z.........w{."X)...VVV.quutoo.net..R.....
...............%N .o..........................p.................{.....
...................6................&...6.j.oa.xltl.com.cn....<A.w.
....................j.['./jh...........%3)J....7699.com.....0.b.......
............|.@...........CQ..Y..V.......................NkA..........
...._....................qn..u.................v...NC.................
....\...]9...........G...aXW...............`-bA.Y...............O..2..
.etax.zjds.gov.cn. ...~.....................J......D...........r...>
;j...............H.?...............h[ ..I n.............'u;...VVV.zj96
596.com..^}..2.................d..4...............E..:...............O
&4..5..VVV.manhua5.com...<.L../.hg.qust.edu.cn.!..\...!............
.............A.a@.Lq..........x{................:.....m...............
.?..^1...VVV.jdcjsr.com......%.k...................-.c.D.............&
]..B0..ecourse.sues.edu.cn.....<q.x.pts.allianz.com...)..E.6.......
..................... ...w.............M89M...........................
...4V...qz5z.com.....t..3.ledu.com.H.:.q<.(.................VVV.jin
ganqicai.com...@K.ox..VVV.scpcfe.cn.....#..!...........~.4..cs....

<<< skipped >>>

GET /stdl/qbfilepush/qqbrowser/cloudctrl/production/3037_1436248883.xml?&guid=20CA7FCB-5BD0-79E2-F059-3169D2972B9C HTTP/1.1

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1) QQBrowser/6.0

Host: stdl.qq.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Server: X2_Platform

Connection: keep-alive

Date: Fri, 27 May 2016 18:44:30 GMT

Cache-Control: max-age=2592000

Expires: Sun, 26 Jun 2016 18:44:30 GMT

Last-Modified: Tue, 07 Jul 2015 06:01:23 GMT

Content-Type: text/xml

Content-Length: 39199

X-Cache-Lookup: Hit From Disktank
<?xml version="1.0" encoding="utf-8"?>.<qbcompat><uas&g
t;<ua id="Chrome 19">Mozilla/5.0 (Windows NT 6.2) AppleWebKit/53
6.5 (KHTML, like Gecko) Chrome/19.0.1084.52 Safari/536.5</ua><
;ua id="Chrome 28">Mozilla/5.0 (Windows NT 6.2) AppleWebKit/537.36 
(KHTML, like Gecko) Chrome/28.0.1500.95 Safari/537.36</ua><ua
 id="FireFox 12">Mozilla/5.0 (Windows NT 6.2; rv:12.0) Gecko/201001
01 Firefox/12.0</ua><ua id="FireFox Token">Mozilla/5.0 ($P
LATFORM; Trident/7.0; rv:11.0) like Gecko/20100101 Firefox/12.0</ua
><ua id="FireFox 22 Token">Mozilla/5.0 ($PLATFORM; Trident/7.
0; rv:11.0) like Gecko/20100101 Firefox/22.0</ua><ua id="IE 1
0">Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; Trident/6.0)
</ua><ua id="IE9Win7">Mozilla/5.0 (compatible; MSIE 9.0; W
indows NT 6.1; Trident/5.0)</ua><ua id="IE10 Trident 7.0 Toke
n">Mozilla/5.0 (compatible; MSIE 10.0; $PLATFORM; Trident/7.0)</
ua><ua id="IE10 Trident 6.0 Token">Mozilla/5.0 (compatible; M
SIE 10.0; Windows NT 6.2; Trident/6.0)</ua><ua id="IE11">M
ozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko</ua>
;</uas><chrome><url>beacon.tencent.com</url>&l
t;url>ur.oa.com</url><url>oidb.server.com</url>&l
t;url>weiqushi.oa.com</url><url>3366.com</url><
;url>yixun.com</url><url>book.soso.com</url><u
rl>h5.qidian.com</url><url>hqwy.com</url><<<< skipped >>>

POST /u/ HTTP/1.1

Content-Length: 77

Content-Type: Application

Host: iua.duba.net

User-Agent: Microsoft-ATL-Native/8.00

M...}y_A....6dd38f7937fcea19edc1c19d4084ed9a..............I..HW........s....
HTTP/1.1 301 Moved Permanently

Server: Tengine

Date: Fri, 27 May 2016 18:44:15 GMT

Content-Type: text/html

Content-Length: 278

Connection: keep-alive

Location: hXXp://VVV.duba.com
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">..<html>
..<head><title>301 Moved Permanently</title></hea
d>..<body bgcolor="white">..<h1>301 Moved Permanently&l
t;/h1>..<p>The requested resource has been assigned a new per
manent URI.</p>..<hr/>Powered by Tengine</body>..<
;/html>....

GET /soft.imtt.qq.com/browser/btr/qqbrowser/ps/production/62_13_2014-06-06.list?mkey=5748b37dda60d437&f=6606&c=0&&guid=20CA7FCB-5BD0-79E2-F059-3169D2972B9C&p=.list HTTP/1.1

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1) QQBrowser/6.0

Host: 203.205.151.214

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Server: 3Gdown_DK

Connection: keep-alive

Date: Fri, 27 May 2016 18:44:24 GMT

Cache-Control: max-age=0

Last-Modified: Fri, 06 Jun 2014 08:06:14 GMT

Content-Type: application/octet-stream

Content-Length: 5459

X-Cache-Lookup: Hit From Disktank

tenpay.com.0.........learn.oa.com.0.Q-Learning..u.115.com/download.htm
l.0.U........cmbc.com.cn/.0...............pbc.gov.cn/.0...............
gdb.com.cn.0...............eximbank.gov.cn.0.................adbc.com.
cn/index/index.asp.0...................pingan.com/bank/2008.jsp.0.....
......cbrc.gov.cn.0.........chinaunionpay.com.0...........bankofbeijin
g.com.cn.0...........et.airchina.com.cn.0...................csair.com/
cn/index.asp.0...................qzone.qq.com.1.QQ......casarraybj.ten
cent.com.1...........cdb.com.cn.0...............eximbank.gov.cn.0.....
............adbc.com.cn.0...................icbc.com.cn.0...........ab
china.com.0...........bank-of-china.com.0...........ccb.com.0.........
..bankcomm.com.0...........ecitic.com.0...........cebbank.com.0.......
....hxb.com.cn.0...........cgbchina.com.cn.0...........sdb.com.cn.0...
........cmbchina.com.0...........spdb.com.cn.0...........cmbc.com.cn.0
...........egbank.com.cn.0...........czbank.com.0...........cbhb.com.c
n.0...........psbc.com.0...........tccb.com.cn.0...........bankcz.cn.0
...........lccb.com.cn.0...........ts-bank.cn.0...........zjkccb.com.0
.............bcb.com.cn.0...........boimc.com.cn.0.............wuhaicb
.com.0...........shengjingbank.com.cn.0...........bankofas.com.0......
.....bankoffs.com.cn.0...........jinzhoubank.com.0...........bankoflia
oyang.net.0...........cycb.com.0...........jlbank.com.cn.0...........h
rbcb.com.cn.0.............lj-bank.com.0...........bankofshanghai.com.0
...........jsbchina.cn.0...........njcb.com.cn.0...........hzbank.

<<< skipped >>>

GET /large/7185bdf1gw1f05vpdktqrg20go0a5u10.gif HTTP/1.0

Host: ww3.sinaimg.cn

User-Agent: NSISDL/1.2 (Mozilla)

Accept: */*


HTTP/1.1 200 OK

Date: Fri, 27 May 2016 18:43:07 GMT

Server: PWS/8.1.36

X-Px: ms h0-s1089.v0-mow ( h0-s1130.v0-mow), ht-d h0-s1130.v0-mow.cdngp.net

Cache-Control: max-age=7776000

Expires: Wed, 15 Jun 2016 10:40:30 GMT

Age: 6163357

Content-Length: 5124538

Content-Type: image/gif

Last-Modified: Mon, 08 Jul 2013 18:06:40 GMT

X-Via-CDN: f=TXCDN,s=37.29.13.16,c=194.242.96.218

Connection: close
GIF89aX.m.....Qx......v..Y...b.......1b.p......m....8w.k...........j..
P........K......e.n......x.z........*v.\..8h....r........&...b.<...
..............x|. ]..........!a.#W.^.."c....5........*...........G..D.
..........z..Y..)s.:..D~..\....z..E........S.........k.......B.....R..
M~....3l.^........}.."..t..t............c....... z....4w.......j...[..
..*.._.....!r.$k.Y...i.r..c{.......N..3..6........B.....`..!j.F..P...{
.......@.....l...l.....s.B...t....G...............|.....Y..........Cw.
.k.......{..c........1q.1{....1..4..l...f.......c........I............
e.\..*..!........y..B.....d..;............z.... ..L...b..k....l.......
.#j..q.9........`..].........|....*m..d.Q........R.....|..6|..T.......
R.....O...........q..Dy.Q..!d..].3..)..d......t.o..)u.8m..b.-j. k.....
..s........L..!.......,....X.m.....#@.@......*\......#J.Hp....3j......
 C..I....(S.\...K.._..I.............@...J.(QDH.*].....P.J.J....X.j....
..`.:5J....h."......pY..K....x.....oL...O..V.....*^......#.EL.0....K..
.....C..L.....]r.(zo...9....v...;..M.4...o..nr..... _...s...;gN.3....k
.^.{d..Y...?......._.......G._..}.....?......6_.....m(................
....1....a.!G..Fa.o}.!.(.............}*.h#r3..#f0.(c...(...........CF.
G..P6...q.G.KRR...\>..pW.fe..}.\.h>if.d..d...y....ig.r...Lo..[..
.)(....goc..]....h..~..D}....4.......ic.R.h.q~.X..Bj.b.BT...........W.
L..kE..E..[............,...E.B...,].V[.. =....b.........f.mE..ZnJ..K..
*..na..[....i.H.F.-.....F...........z.....(..........0H.w,.. i.0. ....
6....#...F(.L.....q.4. ....D....,-.<...H?..4..:f..FG.b.8R.4...\<<< skipped >>>

GET /lminstall/168.json?time=1464374665 HTTP/1.1

Host: config.i.duba.net

Content-Type: application/octet-stream

User-Agent: Mozilla/4.0

Accept: */*


HTTP/1.1 200 OK

Content-Type: application/json

Connection: keep-alive

Date: Fri, 27 May 2016 18:44:19 GMT

Powered-By-ChinaCache: MISS from CNC-WB-b-3gE.4

ETag: "5729ccd3-f53c"

Content-Length: 62780

Last-Modified: Wed, 04 May 2016 10:20:03 GMT

Server: Tengine

CC_CACHE: TCP_MISS

Accept-Ranges: bytes

NyfG7Lh5neSCnAmGyIDkElqrZOBOsGIvQ1GsMq2NZVnXUHQ7acyFRMl9diBBUC/Vmo4Qsq
ND 8JSSbSnaxPfSVJkuwk3xgKH/SOViHa5X7r4PlUH7FT1SGtDDtNKx6F/6KKciBNXciKa
x6jmPiQJdCuJ1gyleXRUkDdxDqGWnd4=Klg3Wo/eUHKXFHGoZiTJ4wYeyVYSlLeTuMyMXy
Oc5qsYZZdqlwciIgACKQAHD5TGaY6GOMEG4wX6rObtSL1AQqbF7Rfq0rJTBWiNK/PMVKIu
9bjHj6gCNFoauCX6nsZ8R6ofiED/kcKezuw5m8QBQgQjcfwLglMPq1NOrhjDVp4=BZjc2f
4ndSmBOeQXjlDp1T0nHnlrwqeRi4I9uuium1IN8GbTlnK1WUbaf9oAj7L441E2xHet6Vg7
ouLDs5k5LV BqHcBeNV onsC8AIJI1Dgj05DpO1IQZkoVUhiNnwkmHkWrRqmmxLaUwCU6M
nEPR2cfbvOb/WFIZao/CCYhjA=wsI9KRgsELgtNaCOSX3AGa4upBLNyyxmRJm4muwsLkpA
 Q8mRDFn1KiFe9wNrmfyCSCYlHRwXZMTTKHSGsqit2nV2R/CICHEbniSW6rEX8ar54MKou
e/TPMOKO6K3yvLld3wIXEo/qbpmi73s 2mv3rQ9xec8VEmLBpBwtPuMCY=Z3bgzdRS/ZjJ
Rfd0YEwhhlfHTGH4MiBCqB57XUujPNXS4HWR2kmWxJF/C4YQ0cBYCSDy1U477J9wBUBjJP
ESFmfyxsS9rdj3TJ0wxcLccBm f DsFhqY6T1z6wjueUWUrv/w8nu6E07civ232r0PD35K
ztz2/S5D7C3VB968wRY=Xxsjsw7hzAWQL8GUq9bLgeQ3TpkVz7SP9RIwD6Au2uKPHX/YG3
LvEhIbaBpixJQHWcqyjAvsQOM0Js4VevPoqyuG N9iBqYW624fdSfI1UKr4jJyIrSAHiXH
dkZ9kTFZ/E7zxfgP1IP0qXfAVvN MoReSA8/I7IPt8D5hA5ENAQ=Hgzam9ulLKHJDR4sW 
CD S4jCOisYOdmep 5GlvOZwY3MpqB1qvbxt/ZmZATqqIW6sUmlf118rC/EfD1XhSEzY9s
fdg3UihEQAS1hu2ipWPraGoIg3Px8u8 tGRceWCmyEGsGEnXibf9FOg68rlh8H8SCqWKBO
sbtXJA5 cmQiQ=Mozs4w5/zDZO rfMJu tMfHL/8JT3Y1ZtZmtEv36y21sDWe1rstfrN75
mo96pC0oEQnp4KgMkd/5jRE9btfEx74lh4uMK9hvEe5zk7XN5oBZsVPJ3DTTej83wV9 2k
nM58OaoCxa45MdZITA9KzJFNWhOQQb4uZN/Ei UYeiwCU=RKrTaBMZchJAObOjFIdiPADl
INhvMl/VX0 LiJSq4Bd lP8qv88L8t/PwC/5ogyE7uXGbD7EPsxq5CD7maNYDUO7oi gzo
o5ijQK87PwGZjfCWgFBk/KjvKz0ZyTsMp1BYSv5lAWQgkMMmBA0/v/HVSbIqn d6sT

<<< skipped >>>

GET /hips/update/inst.htm?m=c2e002327fd54316e7e19c265c31455f&v=1001165&w=0&b=1&d=2210001 HTTP/1.1

Accept: text/html, application/xhtml xml, */*

Accept-Language: zh-CN

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko

Host: s.360.cn


HTTP/1.1 200 OK

Server: nginx/1.0.12

Date: Fri, 27 May 2016 18:44:23 GMT

Content-Type: text/html

Content-Length: 0

Last-Modified: Thu, 15 May 2014 07:31:52 GMT

Connection: close

Accept-Ranges: bytes

GET /favicon.ico HTTP/1.1

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; QQBrowser/8.2.3638.400)

Host: tq.qq.com

Cache-Control: no-cache


HTTP/1.1 200 OK

ETag: "IxZuv3V/2/dCaAoIb0L0ig=="

Content-Length: 5430

Content-Type: image/x-icon

Vary: Accept-Encoding

Date: Fri, 27 May 2016 18:44:14 GMT

Connection: keep-alive

Cache-Control: no-cache

Pragma: no-cache

......  .... .....&......... .h.......(... ...@..... .................
................................A...A..*A../A..1qW>C...............
............................................................P.........
.......................A...A..$..|\...................................
......................................................................
......................................................................
............................................S.......................1.
......................................................................
....................................................?.................
......................................................................
....................................2..{..............................
......................................................................
...................}...o..............................................
......................................................................
.......i...u..........................................................
......................................................N......e1..V....
......................................................................
.................................................S...c...w...|........
......................................................................
.....................A..W........U...B...i...n...r...w...|............
....O.................................................................
....t...r...P...f....Gi..F...a...d...g...k...p...v...o...puk)..k).

<<< skipped >>>

GET /pca3.crl HTTP/1.1

Accept: */*

User-Agent: Microsoft-CryptoAPI/5.131.2600.5512

Host: crl.verisign.com

Connection: Keep-Alive

Cache-Control: no-cache

Pragma: no-cache


HTTP/1.1 200 OK

Server: Apache

ETag: "8bbdc63e80bcad2e7f2af2e5f77f68ec:1458840795"

Last-Modified: Thu, 24 Mar 2016 17:24:54 GMT

Date: Fri, 27 May 2016 18:44:25 GMT

Content-Length: 933

Connection: keep-alive

Content-Type: application/pkix-crl

0...0...0...*.H........0_1.0...U....US1.0...U....VeriSign, Inc.1705..U
....Class 3 Public Primary Certification Authority..160322000000Z..160
630235959Z0..x0!...v....a_>..2......020924164823Z0!.....A.....{2..Y
.#..140129175709Z0!...,.|.|...<...j ...080605174907Z0!...`y..q.....
..fh...020923171400Z0!...?A....a.nF`.P....020923171548Z0!............R
.e.53..010207212458Z0!..!......Y...ISi....010706171411Z0!..$-..I{r....
u<._...080403172226Z0!..&.."?..y..51}..1..010706172118Z0!..4....2..
..{W......080605175030Z0!..B....c............070411175910Z0!..H.Py...N
....* ....010207212031Z0!..N....-.1Gq.@...C..040401175251Z0!..Y......w
`G........070411175657Z0!..Z`..H.@B....Z.*q..080403172017Z0!..l....I..
.Y..] .c..010706171749Z0"......T=deQ...1u.]...010207212247Z0".....p..1
..7<.....e..010207211822Z0...*.H............u>.3..!..g...]H...(?
!=....>v..2.....A.b....K......l0.).\Z=.....m.. .*x..}..B..l/.f.^..t
.z....Ar......3.Y.T9.4.P........W[l.6..`.HTTP/1.1 200 OK..Server: Apac
he..ETag: "8bbdc63e80bcad2e7f2af2e5f77f68ec:1458840795"..Last-Modified
: Thu, 24 Mar 2016 17:24:54 GMT..Date: Fri, 27 May 2016 18:44:25 GMT..
Content-Length: 933..Connection: keep-alive..Content-Type: application
/pkix-crl..0...0...0...*.H........0_1.0...U....US1.0...U....VeriSign, 
Inc.1705..U....Class 3 Public Primary Certification Authority..1603220
00000Z..160630235959Z0..x0!...v....a_>..2......020924164823Z0!.....
A.....{2..Y.#..140129175709Z0!...,.|.|...<...j ...080605174907Z0!..
.`y..q.......fh...020923171400Z0!...?A....a.nF`.P....020923171548Z

<<< skipped >>>

GET /btr/qqbrowser/ps/2202/85_1_2013-02-21.{BC4502A5-2152-423b-AB6B-1BD1999EA9BF}?&guid=20CA7FCB-5BD0-79E2-F059-3169D2972B9C HTTP/1.1

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1) QQBrowser/6.0

Host: pc5.gtimg.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Server: X2_Platform

Connection: keep-alive

Date: Fri, 27 May 2016 18:44:23 GMT

Cache-Control: max-age=600

Expires: Fri, 27 May 2016 18:54:23 GMT

Last-Modified: Thu, 21 Feb 2013 02:56:50 GMT

Content-Type: application/octet-stream

Content-Length: 592

X-Cache-Lookup: Hit From Disktank
...G.tB...].*....KE..U.`M5sX..I...1,[=|..D.xp..3`.R.k.`....e.u....<
...X....r..O0Q...Vz...? Gu.2..U..`.->x..0?Hr..y.....r..............
).i..R.!.e...O?.b.YMtf.m&#..=b..%QM....rn.....l..x .).MQL.$90.D.6..qPv
..I3.].....c..8$pt ....e.u..9W...B...&p....r.J...R.L..=b..%QM....rn.{.
F.5-]~..?.3~).$90.D.6.Hv@.....I.`<{SK..;....\:...m..w.N.........Q#o
...%............Ei.[..6aT..$90.D.6.........U..'...TDr<........a....
e.V...;.....g..........C..=b..%QM....rn.).K....yV..(..,U...[......./..
...l..>b.T.&.Y.. ...8$pt .T...g../...O..p.l..o...is..IDTM..Q9.....1
.2i............@SJ..t._...](&S.-.U.......s:.>......


GET /btr/qqbrowser/ps/2109/64_19_2013-01-15.txt?&guid=20CA7FCB-5BD0-79E2-F059-3169D2972B9C HTTP/1.1

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1) QQBrowser/6.0

Host: pc5.gtimg.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Server: X2_Platform

Connection: keep-alive

Date: Fri, 27 May 2016 18:44:25 GMT

Cache-Control: max-age=600

Expires: Fri, 27 May 2016 18:54:25 GMT

Last-Modified: Tue, 15 Jan 2013 09:32:41 GMT

Content-Type: text/plain

Content-Length: 27

X-Cache-Lookup: Hit From Disktank
[cfg]..Enable=0..Update=1......


GET /btr/qqbrowser/ps/3001/97_1_2013-06-20.{91977E3A-F255-4036-8B72-B07EA129C89A}?&guid=20CA7FCB-5BD0-79E2-F059-3169D2972B9C HTTP/1.1

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1) QQBrowser/6.0

Host: pc5.gtimg.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Server: X2_Platform

Connection: keep-alive

Date: Fri, 27 May 2016 18:44:26 GMT

Cache-Control: max-age=600

Expires: Fri, 27 May 2016 18:54:26 GMT

Last-Modified: Thu, 20 Jun 2013 01:51:37 GMT

Content-Type: application/octet-stream

Content-Length: 76336

X-Cache-Lookup: Hit From Disktank
..2..4.V.............G...._.....;..3..6F....;...WpV.'.Y.C....t.1...&..
.aK>]..........W...@.Gi...........B|...m9"...w..-;..I.5r.F-.Am...S.
..A.T.Z<qp.6......\qq.S..0U!....s....A..@.Gi......0#;%.t.Q........s
.. u..t...O.....}...........W...`...[..H ..d{.;...v..9......4..P..B.7.
k.W.j..`...I....).r/.....r.`oL`-..#!D...C.....UR:'..a#....o6.^...e.X.)
y..J.'`0...."..x.X.D..V8......./.W\....?W.x...MHZA..K...J...hS,O......
.|...5....W..X....H*....T.#6/.....`..f....F... ...[.6.w.,. ...E^.....0
O..].`...I....).r/...M......v.Z.j...W..X....H*....T.#6/.....`..f...._X
....w\.p..F... ...E^......G y,.V..."..Q..p$..MgW.Y.E.wx.....vj...&|..V
.a...~.....da*..qEEG....n...f.)W.~...w."..T.}J....^S... .....r...=.a..
W.$.y.;:..b..r....~._......`...I....).r/..#.Xu.6.p.F.f.M.E...s.p}.....
y...d.....u).....@.8g..F...g..;........J...Z.2E=.......@z.O..I......#6
/.....`..f....S#X.ZM.o{......(...D.7.. ...E^....1q...z.U....D). AB.=.U
..X..x..4R@..chr...R.fz..z.vS..1l......J<V7...e.?........CZ..~#..-O
...Bf.<U...L......?..w.6.?EwM..I......,.8...".. .....hw.`...l):.y.-
.s...A(Q....n.:K..B#..x%.ZK.......>.../$.]....~....^n.B.;.....a....
....Q......F].RE{...*.*.H....d....e.......Go.d..eOg....H-..X........HF
...W..j.^.Ky.->m.3..tGTO.3.8......i..q^3...}~.....8.....XH...8...H.
....C.... u.......&...._.;.zBXr...P...iG.....~......i..z.!.m..Lkk9.F~l
@P.#.E...}1......./.........]...Lkk9.F~l@P.#.E......fn......v9..h.*wq.
. .7.z^.ZX.B.Q..)..NN.a...E.:9.t..[..2....c.J.....'H.zX..I,Y.P.,.Ax...
2.q.Dh,.,Vj<>a...L.:...........F.. .z............l.6^...Q.~#<<< skipped >>>

POST / HTTP/1.1

Content-Length: 77

Content-Type: Application

Host: VVV.duba.com

User-Agent: Microsoft-ATL-Native/8.00


HTTP/1.1 405 Method Not Allowed

Date: Fri, 27 May 2016 18:44:17 GMT

Server: nginx/1.8.0

Content-Type: text/html

Content-Length: 172

X-Cache: MISS from cache.51cdn.com

X-Via: 1.1 szhj11:8110 (Cdn Cache Server V2.0), 1.1 lsh13:2 (Cdn Cache Server V2.0)

Connection: close

Set-Cookie: _dbsg=ij7t5mdfksda8fksdafka19b04cef36a; path=/; expires=12 Dec 2050 23:55:55 GMT
<html>..<head><title>405 Not Allowed</title>&l
t;/head>..<body bgcolor="white">..<center><h1>405
 Not Allowed</h1></center>..<hr><center>nginx/
1.8.0</center>..</body>..</html>....

GET /large/7185bdf1gw1f2972v45vyg20gu0de7ky.gif HTTP/1.0

Host: ww3.sinaimg.cn

User-Agent: NSISDL/1.2 (Mozilla)

Accept: */*


HTTP/1.1 200 OK

Date: Fri, 27 May 2016 18:44:08 GMT

Server: PWS/8.1.36

X-Px: ms h0-s1144.v0-mow ( h0-s1079.v0-mow), ht-d h0-s1079.v0-mow.cdngp.net

Cache-Control: max-age=7776000

Expires: Fri, 19 Aug 2016 13:49:14 GMT

Age: 536094

Content-Length: 624835

Content-Type: image/gif

Last-Modified: Mon, 08 Jul 2013 18:06:40 GMT

X-Via-CDN: f=TXCDN,s=37.29.0.60,c=194.242.96.218

Connection: close
GIF89a^.............u.JIE....~{..."t..n.... ......q....r..3o.Y.....)))
.|.............2|..u.....s.XWS0t...................yur;83.............
...{....qml.{.L..1.........u....!v."..kkk.s.............k.............
.....{.QPLZ...{.C.....ba]...A@<...1.).{. |.0{.(t.!!!|........c...t.
Q......|.'v...........|..|.......)t................C..<x.......(# .
s..........*|........|.C..841...>..Ms~{{{...............999........
....!z.!{.............({.ttt...j..)z.c..kgd$..[..1..v.....KIJBBB1|.J..
RRR.|.....{.R.........s......................333...8}.0 ( s....!|....!
s..z....Dq.N..ZZZ...................u.:z.@<9.|.('#...s..R..PLKr....
.*s.|...........zyu...9..n..Mv.j..K.....9...{.!........){..|.i.....HDA
....|.fff.......s...~.{. ..a]Zl.....h..S.....XTS...{...........(..B...
........rqmZ...........!.......,....^.......k..H......*\......#J.H....
.3j..Qa..A...S....<F:r.....B:..I....8s.......5a.,8.$.4Ex.T.....P.J.
J....VG.*...."'U.q.....h..]......L......p<..l...........d92..h.....
.M.K.L....kw...f.5(..pSf.U..C1.^............5.....u...X.T}.M.......VU.
s.7.du...[.V%w...=.......gX...9.y.j.-..q........U;........o9".at\..0.$
8. .Tg..<h....Vh..S..Y\d4.^.W$...C.!.!c...~!a...0..Q......t.7J.....
.ut..!d.5..H&.....xR.:. .._TY%6.p... ....`.9..N.....i...1..f..t.....6.
Yb......TP.$...5....._..f..0.I$4.'.[|Vj..W.I..&...sW.3D..*..'rt`.*.F..
.....S..8r...@r.....h.nb#...Xr.S4........C4...Q.(..0......v.......!..a
.^.......{......;.D...ZL.-.VVY.6...L=4.....'.l.T0..)..r-|%.....|.F..PR
$..*,..0R..[ .d..,@"...Liq.&.l..U.2.=...W.$.-.x..iP...1.$..#...~q.<<< skipped >>>

GET /middle12/rsfree/rse1332280.exe HTTP/1.1

Accept: */*

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Rising)

Host: rsdownload.rising.com.cn

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.8.0

Date: Fri, 27 May 2016 18:44:06 GMT

Content-Type: application/octet-stream

Content-Length: 35893168

Connection: keep-alive

ETag: "c6a1a73ae958d11:6a8d8"

Last-Modified: Wed, 27 Jan 2016 09:58:10 GMT

Accept-Ranges: bytes

X-Powered-By: ASP.NET

Age: 81739

Via: http/1.1 fnop003-TJHYLT-CNC-190-101 (ACA/2.0), http/1.1 fnop003-GDHZDX-CT-74-192 (ACA/2.0 ACA_HIT), http/1.1 fnop003-GDDGDX-CT-91-18 (ACA/2.0 ACA_HIT)

MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......t.!90.Oj0.Oj
0.Oj9..j).Oj.a4j#.Oj0.Nj..Oj.a"j4.Oj9..ju.Oj9..j..Oj9..jD.Oj...j1.Oj9.
.j1.OjRich0.Oj........PE..L.....oV.................H..................
.`....@..........................p........$...@.......................
...........8...........#............#..........H...c..................
................@............`..$............................text...,F
.......H.................. ..`.rdata.......`.......L..............@..@
.data....q...P.......8..............@....rsrc....#.......$...f........
......@..@.reloc...o.......p..................@..B....................
......................................................................
......................................................................
......................................................................
......................................................................
..............................................X.....RF.3...$T...SU..$d
...VWUh.~E.h.....q......h......$]...j.P..$d......#.....U...aE...u.h...
.U...bE.U...bE.....@.....U...aE.........h......$\...UQ.4.....$d.......
P...@..u. ...$X...j\R..._.....4`......;.t...$X...O.G.G..u.f....E.f....
$X...O.G.G..u....E..L$.Q..$\...R.....aE....|$......%.....$t.........h.
.....$\...UP......D$P....P..I...@..u. .....$X....p...@..u. ...=....wU.
.$X...O..G.G..u.f....E..D$Df......@..u...$X... .O..$.....O.G..u.......
...........|$..D$..t*.|$D.tH..$p.....t=SP..$`...R..........tM.%h..

<<< skipped >>>

POST / HTTP/1.1

Content-Type: application/x-www-form-urlencoded

Host: masterconn.qq.com

Content-Length: 250

Cache-Control: no-cache

.............-.h.... ...[.y..Y1i.. .WH.....6.................................r....H..h7.{........O

F.3ib...o..K....LXw.......v.(.......1H.. e...i....H..3,.j.E.....YN...">.mT......I..
2.9/.eL...G..2.b
....n.f....3B.]6....I'.wB.$J.k.D......O../M_...
HTTP/1.1 200 OK

Content-Length: 114
...........r.-.h.... ...[.y..Y1i.. ........6......................,..8
~.s......g..{...7.i8....(.E.|.X. .../[s(/}.AHTTP/1.1 200 OK..Content-L
ength: 114.............r.-.h.... ...[.y..Y1i.. ........6..............
........,..8~.s......g..{...7.i8....(.E.|.X. .../[s(/}.A..

GET /browser/qqbrowser/cloudctrl/production/1411441978_1508.{B3D2254B-BB47-4d2f-B015-CDDE79BAD110}?&guid=20CA7FCB-5BD0-79E2-F059-3169D2972B9C HTTP/1.1

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1) QQBrowser/6.0

Host: soft.imtt.qq.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 302 Found

Server: nws 1.2.15

Connection: close

Date: Fri, 27 May 2016 18:43:19 GMT

Expires: Fri, 27 May 2016 18:43:19 GMT

Cache-Control: max-age=0

Content-Length: 0

Location: hXXp://203.205.151.213/soft.imtt.qq.com/browser/qqbrowser/cloudctrl/production/1411441978_1508.{B3D2254B-BB47-4d2f-B015-CDDE79BAD110}?mkey=5748b3b2da60d437&f=105&c=0&&guid=20CA7FCB-5BD0-79E2-F059-3169D2972B9C&p=.{B3D2254B-BB47-4d2f-B015-CDDE79BAD110}

POST / HTTP/1.1

Content-Type: application/x-www-form-urlencoded

Host: masterconn.qq.com

Content-Length: 250

Cache-Control: no-cache

.............-.h.... ...[.y..Y1i.. .WH.....6.......................4..Me....h....Fa...m..F".Vv.Ho....[....#...n..>..Z..

 .....c>~...

......8.T....9W.G...x..mf9..H........Z.O>!g...."..@.b..h[ ..V.o-...@ta-X...n.v.....07.e...}n.....-.q.......I...Z...
HTTP/1.1 200 OK

Content-Length: 114
...........r.-.h.... ...[.y..Y1i.. ........6......................u"..
..S.....[j.~.!A*e.....b7...ttC.l.V..?..v...^HTTP/1.1 200 OK..Content-L
ength: 114.............r.-.h.... ...[.y..Y1i.. ........6..............
........u"....S.....[j.~.!A*e.....b7...ttC.l.V..?..v...^..

GET /invc/tt/ps/res.ini HTTP/1.1

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1) QQBrowser/6.0

Host: dl_dir.qq.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Server: TCDN_NWS

Connection: keep-alive

Date: Fri, 27 May 2016 18:44:13 GMT

Cache-Control: max-age=600

Expires: Fri, 27 May 2016 18:54:13 GMT

Last-Modified: Thu, 06 Aug 2015 08:07:55 GMT

Content-Type: application/octet-stream

Content-Length: 1354

X-Cache-Lookup: Hit From Disktank
[sso]..ver=2..url=hXXp://dldir1.qq.com/invc/tt/ps/SSO_A2AAE88A707B517C
1427E4D0DB9DF892.qbzip..md5=A2AAE88A707B517C1427E4D0DB9DF892..[ie8core
]..ver=1..url=hXXp://dl_dir.qq.com/invc/tt/ps/IE8Core_9F09CD36F4C8F650
1898FCE6723D8BAF.qbzip..md5=9F09CD36F4C8F6501898FCE6723D8BAF..[QMScan]
..ver=1..url=hXXp://dl_dir.qq.com/invc/tt/ps/QQBrowserOTA_20130109_QMS
can.qbzip..md5=25CB258570A6A5E312DEDA71C509275B..[ChromeTab]..ver=1..u
rl=hXXp://dldir1.qq.com/invc/tt/ps/ChromeTab_CB5A572D0CA8CDB4B4F8D81F1
5B9DA3A.qbzip..md5=CB5A572D0CA8CDB4B4F8D81F15B9DA3A..[IE10Core]..ver=1
..url=hXXp://dldir1.qq.com/invc/tt/ps/IE10Core_3BD26401B410B27CAA1E30D
5FAE54B08.qbzip..md5=3BD26401B410B27CAA1E30D5FAE54B08..[QQBrowserFix].
.ver=1..url=hXXp://dldir1.qq.com/invc/tt/ps/ProblemFix_B58E1FA4B62451F
7450F98D2053A0715.qbzip..md5=B58E1FA4B62451F7450F98D2053A0715..[QQMail
]..ver=1..url=hXXp://dl_dir.qq.com/invc/tt/ps/QQMail_302067711CCDA1C8C
70E4558F288E861.qbzip..md5=302067711CCDA1C8C70E4558F288E861..[flash]..
ver=1..url=hXXp://dldir1.qq.com/invc/tt/ps/Flash_C9FE090ABC5B2835C4A88
D70AEA6C5E0.qbzip..md5=C9FE090ABC5B2835C4A88D70AEA6C5E0..[MSdbg]..ver=
1..url=hXXp://dldir1.qq.com/invc/tt/ps/QQBrowserDBGOTA.qbzip..md5=5d2c
d97b61f8424fce2d29ed3f0d4a10..[sso-f1]..ver=1..url=hXXp://dldir1.qq.co
m/invc/tt/ps/SSO9_E402B9859883F3FF0438B41B4A1BCF8E.qbzip..md5=E402B985
9883F3FF0438B41B4A1BCF8E....
<<< skipped >>>

GET /invc/tt/ps/res.ini HTTP/1.1

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1) QQBrowser/6.0

Host: dl_dir.qq.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Server: TCDN_NWS

Connection: keep-alive

Date: Fri, 27 May 2016 18:44:15 GMT

Cache-Control: max-age=600

Expires: Fri, 27 May 2016 18:54:15 GMT

Last-Modified: Thu, 06 Aug 2015 08:07:55 GMT

Content-Type: application/octet-stream

Content-Length: 1354

X-Cache-Lookup: Hit From Disktank
[sso]..ver=2..url=hXXp://dldir1.qq.com/invc/tt/ps/SSO_A2AAE88A707B517C
1427E4D0DB9DF892.qbzip..md5=A2AAE88A707B517C1427E4D0DB9DF892..[ie8core
]..ver=1..url=hXXp://dl_dir.qq.com/invc/tt/ps/IE8Core_9F09CD36F4C8F650
1898FCE6723D8BAF.qbzip..md5=9F09CD36F4C8F6501898FCE6723D8BAF..[QMScan]
..ver=1..url=hXXp://dl_dir.qq.com/invc/tt/ps/QQBrowserOTA_20130109_QMS
can.qbzip..md5=25CB258570A6A5E312DEDA71C509275B..[ChromeTab]..ver=1..u
rl=hXXp://dldir1.qq.com/invc/tt/ps/ChromeTab_CB5A572D0CA8CDB4B4F8D81F1
5B9DA3A.qbzip..md5=CB5A572D0CA8CDB4B4F8D81F15B9DA3A..[IE10Core]..ver=1
..url=hXXp://dldir1.qq.com/invc/tt/ps/IE10Core_3BD26401B410B27CAA1E30D
5FAE54B08.qbzip..md5=3BD26401B410B27CAA1E30D5FAE54B08..[QQBrowserFix].
.ver=1..url=hXXp://dldir1.qq.com/invc/tt/ps/ProblemFix_B58E1FA4B62451F
7450F98D2053A0715.qbzip..md5=B58E1FA4B62451F7450F98D2053A0715..[QQMail
]..ver=1..url=hXXp://dl_dir.qq.com/invc/tt/ps/QQMail_302067711CCDA1C8C
70E4558F288E861.qbzip..md5=302067711CCDA1C8C70E4558F288E861..[flash]..
ver=1..url=hXXp://dldir1.qq.com/invc/tt/ps/Flash_C9FE090ABC5B2835C4A88
D70AEA6C5E0.qbzip..md5=C9FE090ABC5B2835C4A88D70AEA6C5E0..[MSdbg]..ver=
1..url=hXXp://dldir1.qq.com/invc/tt/ps/QQBrowserDBGOTA.qbzip..md5=5d2c
d97b61f8424fce2d29ed3f0d4a10..[sso-f1]..ver=1..url=hXXp://dldir1.qq.co
m/invc/tt/ps/SSO9_E402B9859883F3FF0438B41B4A1BCF8E.qbzip..md5=E402B985
9883F3FF0438B41B4A1BCF8E....
<<< skipped >>>

GET /invc/tt/ps/res.ini HTTP/1.1

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1) QQBrowser/6.0

Host: dl_dir.qq.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Server: TCDN_NWS

Connection: keep-alive

Date: Fri, 27 May 2016 18:44:20 GMT

Cache-Control: max-age=600

Expires: Fri, 27 May 2016 18:54:20 GMT

Last-Modified: Thu, 06 Aug 2015 08:07:55 GMT

Content-Type: application/octet-stream

Content-Length: 1354

X-Cache-Lookup: Hit From Disktank
[sso]..ver=2..url=hXXp://dldir1.qq.com/invc/tt/ps/SSO_A2AAE88A707B517C
1427E4D0DB9DF892.qbzip..md5=A2AAE88A707B517C1427E4D0DB9DF892..[ie8core
]..ver=1..url=hXXp://dl_dir.qq.com/invc/tt/ps/IE8Core_9F09CD36F4C8F650
1898FCE6723D8BAF.qbzip..md5=9F09CD36F4C8F6501898FCE6723D8BAF..[QMScan]
..ver=1..url=hXXp://dl_dir.qq.com/invc/tt/ps/QQBrowserOTA_20130109_QMS
can.qbzip..md5=25CB258570A6A5E312DEDA71C509275B..[ChromeTab]..ver=1..u
rl=hXXp://dldir1.qq.com/invc/tt/ps/ChromeTab_CB5A572D0CA8CDB4B4F8D81F1
5B9DA3A.qbzip..md5=CB5A572D0CA8CDB4B4F8D81F15B9DA3A..[IE10Core]..ver=1
..url=hXXp://dldir1.qq.com/invc/tt/ps/IE10Core_3BD26401B410B27CAA1E30D
5FAE54B08.qbzip..md5=3BD26401B410B27CAA1E30D5FAE54B08..[QQBrowserFix].
.ver=1..url=hXXp://dldir1.qq.com/invc/tt/ps/ProblemFix_B58E1FA4B62451F
7450F98D2053A0715.qbzip..md5=B58E1FA4B62451F7450F98D2053A0715..[QQMail
]..ver=1..url=hXXp://dl_dir.qq.com/invc/tt/ps/QQMail_302067711CCDA1C8C
70E4558F288E861.qbzip..md5=302067711CCDA1C8C70E4558F288E861..[flash]..
ver=1..url=hXXp://dldir1.qq.com/invc/tt/ps/Flash_C9FE090ABC5B2835C4A88
D70AEA6C5E0.qbzip..md5=C9FE090ABC5B2835C4A88D70AEA6C5E0..[MSdbg]..ver=
1..url=hXXp://dldir1.qq.com/invc/tt/ps/QQBrowserDBGOTA.qbzip..md5=5d2c
d97b61f8424fce2d29ed3f0d4a10..[sso-f1]..ver=1..url=hXXp://dldir1.qq.co
m/invc/tt/ps/SSO9_E402B9859883F3FF0438B41B4A1BCF8E.qbzip..md5=E402B985
9883F3FF0438B41B4A1BCF8E....
<<< skipped >>>

GET /invc/tt/ps/QQMail_302067711CCDA1C8C70E4558F288E861.qbzip HTTP/1.1

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1) QQBrowser/6.0

Host: dl_dir.qq.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Server: TCDN_NWS

Connection: keep-alive

Date: Fri, 27 May 2016 18:44:20 GMT

Cache-Control: max-age=600

Expires: Fri, 27 May 2016 18:54:20 GMT

Last-Modified: Thu, 26 Dec 2013 07:41:34 GMT

Content-Type: application/octet-stream

Content-Length: 548701

X-Cache-Lookup: Hit From Disktank

X-Cache-Lookup: Hit From Inner Cluster 
PK........Y..C.....^..........QQBrowserOTA.exe.\{x....}%.d..@.Q.....hl
.L..61."%.q..hx...N.". ..$..f....m..4.._m...X...Ih}....kT.w..QbX$f.;wv
.}}.....Eg..}.{.y.s.M.m... .V<.......G.....L...I..i...oZ...[Cwl....
.Om..g.>.....[.....M.]yw..W}.?.3w.[....^....._}^.....g...?z/O.9...n
9.....<yt;.....Q..[..d..'a.y.a..&t......AA4e.R.....M|...C..g#...6..
O.xH.....a;..."....^....,..R..,.u..G..P:C........]|..~..w.m......./O..
^.i..........'.Y...<......b....}m..z......B.......i..O".q..z.xo....
3r.......mH.jT...<..5.7Kq..9...ZT%.k.>]q..CW.zv.&..].......(.xw.
}.h....#B...x..y>.i....a...i..7z.1.m.......=qW.....yuL..-.{^..#.i`.
C.:.7..E......QS.R......A.wD.S.,=..QC....Z.......=^....{^..IF..;.....8
FV....7.G....o.x....S.......u]W.......b......Fn....)..=K<..ev.0AT..
....../.d..A....P...$=.va.r.W...(...{.....fuQ..G...mY.........x>...
.j.........{LE..d'.7Wi..q..#.&.f..1..%...=V9M{...#r^.5..R2......j*z!.S
c..F..~.f....D...Z.......T.M'...X...uc@.Vc..,g..9....U...;..Q.....7Y.c
.4..2.$......|j".R...xd.....1.6.c...m..6...E.kVc.vAm...sjs\.S..vO.um..
.....Sx.=...v.E......e|*[..#>.f~8E.,...{...1..0....asM......5..I.C.
N.bu..(....4.UP..wD......T...v}.R....*..k....JQ.T...lS..<M...L .WL.
...c..Z.r...>.db..akk/AP...t.?..(P.#VL7o...w.......k{ws..1.S%......
g.......\`o.mR.^....|.;......O..N._.to.o..}H.w )..fE,.V{V....6.8......
.(.zI1..BE@.....{<./d."G.....A../..^c.......>.IH.P..N.)......{..
.=S&..z[.vCTt...e)....2.|*.}.....j.3Z..6....Z:.mx.X....w,."ug...oCz..R
{.......Y.. ..\...E.Z.e....V=-....L....@.sH....u...c}xG..".H...EOS<<< skipped >>>

POST /c/ HTTP/1.1

Host: infoc0.duba.net

Content-Type: application/x-www-form-urlencoded

User-Agent: Mozilla/4.0

Accept: */*

Content-Length: 264

.......hH{.... .C.XtB...CpapC..........................HW........................................&........k....................................................................................................................... .....................................
HTTP/1.1 200 OK

Server: Kingsoft Web Server

Date: Fri, 27 May 2016 18:44:21 GMT

Content-Type: text/plain

Content-Length: 43

Connection: keep-alive
 ..a..j[common]..result=1..time=1464374661...

POST /c/ HTTP/1.1

Host: infoc0.duba.net

Content-Type: application/x-www-form-urlencoded

User-Agent: Mozilla/4.0

Accept: */*

Content-Length: 273

......E..W.... .C.XtB...CpapC..........................HW....................................$..................................... .................................................. .............................................. ......................................&...
HTTP/1.1 200 OK

Server: Kingsoft Web Server

Date: Fri, 27 May 2016 18:44:23 GMT

Content-Type: text/plain

Content-Length: 43

Connection: keep-alive
 ....4X[common]..result=1..time=1464374663...

GET /config/rsedownloadconfig.xml HTTP/1.1

Accept: */*

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Rising)

Host: rse.rising.com.cn

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Fri, 27 May 2016 10:24:26 GMT

Content-Length: 5025

Content-Type: text/xml

Last-Modified: Fri, 08 Jan 2016 02:40:55 GMT

Accept-Ranges: bytes

ETag: "e055bdffbd49d11:dfe"

Server: Microsoft-IIS/6.0

X-Powered-By: ASP.NET

Age: 1

X-Via: 1.1 db77:0 (Cdn Cache Server V2.0)

Connection: keep-alive
<rsedownloadpath guidhigh="FF" guidlow="00" opdate="2016-01-08 10:3
0" path="hXXp://rsdownload.rising.com.cn/middle12/rsfree/instsilence17
33174.exe">.<defaultaction path="hXXp://rsdownload.rising.com.cn
/middle12/rsfree/instsilence1733174.exe"/>.<action id="1886303" 
path="hXXp://rsdownload.rising.com.cn/middle12/rsfree/rse1886303.exe"/
>.<action id="1175841" path="hXXp://rsdownload.rising.com.cn/mid
dle12/rsfree/rse1175841.exe"/>.<action id="1199439" path="http:/
/rsdownload.rising.com.cn/middle12/rsfree/rse1199439.exe"/>.<act
ion id="1265465" path="hXXp://rsdownload.rising.com.cn/middle12/rsfree
/rse1265465.exe"/>.<action id="1547165" path="hXXp://rsdownload.
rising.com.cn/middle12/rsfree/rse1547165.exe"/>.<action id="1414
346" path="hXXp://rsdownload.rising.com.cn/middle12/rsfree/rse1414346.
exe"/>.<action id="1132065" path="hXXp://rsdownload.rising.com.c
n/middle12/rsfree/rse1132065.exe"/>.<action id="1423015" path="h
ttp://rsdownload.rising.com.cn/middle12/rsfree/rse1423015.exe"/>.&l
t;action id="1112383" path="hXXp://rsdownload.rising.com.cn/middle12/r
sfree/rse1112383.exe"/>.<action id="1018610" path="hXXp://rsdown
load.rising.com.cn/middle12/rsfree/rse1018610.exe"/>.<action id=
"1293490" path="hXXp://rsdownload.rising.com.cn/middle12/rsfree/rse129
3490.exe"/>.<action id="1229777" path="hXXp://rsdownload.rising.
com.cn/middle12/rsfree/rse1229777.exe"/>.<action id="1240114" pa
th="hXXp://rsdownload.rising.com.cn/middle12/rsfree/rse1240114.exe<<< skipped >>>

POST / HTTP/1.1

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1) QQBrowser/6.0

Host: qbwup.imtt.qq.com

Content-Length: 398

Cache-Control: no-cache

......,<LV.qbpcstatf.stat}...k.....crypt...

list<char>....M
...H..B..s...T-.&...!A..7.~._.L.......}z...>D..Q.N...@.

..$.., *..l....A.Q*[2."<..Q.._z....X6ji..x.f)..
.9.&k]..!8.

../......Zm....P.......E4.&..$lN....p..,._.h........R;TF.P...F....=.O.fD.i.3.{@.?2.....kQ~..>.f>..e...(....!.{).=...J._e...xIF
y..._..)

&.6.}Nq....!v....w..H.6..HEBE./..|......m....[....6.rp...s!.\...k..3...K..px....
HTTP/1.1 200 OK

Content-Length: 54

Content-Type: application/multipart-formdata

Date: Fri, 27 May 2016 18:43:19 GMT

Server: HTTP Load Balancer/1.0

...6..,<LV.qbpcstatf.stat}.............int32............

The Trojan connects to the servers at the folowing location(s):

%original file name%.exe_1156:

.text

`.rdata

@.data

.ndata

.rsrc

uDSSh

.DEFAULT\Control Panel\International

Software\Microsoft\Windows\CurrentVersion

GetWindowsDirectoryA

KERNEL32.dll

ExitWindowsEx

USER32.dll

GDI32.dll

SHFileOperationA

ShellExecuteA

SHELL32.dll

RegEnumKeyA

RegCreateKeyExA

RegCloseKey

RegDeleteKeyA

RegOpenKeyExA

ADVAPI32.dll

COMCTL32.dll

ole32.dll

VERSION.dll

verifying installer: %d%%

unpacking data: %d%%

... %d%%

hXXp://nsis.sf.net/NSIS_Error

~nsu.tmp

%u.%u%s%s

RegDeleteKeyExA

%s=%s

*?|<>/":

~1\"%CurrentUserName%"\LOCALS~1\Temp\nso3.tmp\NSISdl.dll

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nso3.tmp\NSISdl.dll

4YmUzNDc1ODI4MDRhNTAuZXhl/40.html

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nso3.tmp

2.gif

NDc1ODI4MDRhNTAuZXhl/40.html

zcÁ

65708<8`9

<'</<5<;<|<

5 5$5(5,5

@.reloc

MSVCR80.dll

_crt_debugger_hook

Base64.dll

<assemblyIdentity type="win32" name="Microsoft.VC80.CRT" version="8.0.50608.0" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"></assemblyIdentity>

%D.459

JY.WY

%Program Files%\Tencent\QQBrowser\uninst.exe

uninst.exe

\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nso3.tmp

Software\Microsoft\Windows\CurrentVersion\Uninstall\360

hXXp://120.55.138.124/

hXXp://w.x.baidu.com/go/full/201/1202000454

v45vyg20gu0de7ky.gif

5590b2ab_1202000454.exe

ent\QQBrowser\uninst.exe

c:\%original file name%.exe

%WinDir%\Fonts

%original file name%.exe

CUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsj1.tmp

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\

VVV.bearpc.net

1.3.7

%original file name%.exe_1156_rwx_10004000_00001000:

callback%d

PerfTraceService.exe_1512:

.text

`.rdata

@.data

.rsrc

@.reloc

l$X9.vE

Please contact the application's support team for more information.

- Attempt to initialize the CRT more than once.

- CRT not initialized

- floating point support not loaded

operator

GetProcessWindowStation

USER32.DLL

tdh.dll

e:\SlaveDepot\beyond_slave\branch8_union_rc_rep\beyond\bin\pdb\Release\PerfTraceService.pdb

KERNEL32.dll

RegCreateKeyW

RegCloseKey

RegOpenKeyExW

RegCreateKeyExW

ADVAPI32.dll

SHELL32.dll

ole32.dll

OLEAUT32.dll

SHLWAPI.dll

WS2_32.dll

GetCPInfo

GetConsoleOutputCP

GetProcessHeap

zcÁ

<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>

7%7S7a7

3=3

>&>,>2>:>

8Œ8v8

;3;<;)=8=,>

KERNEL32.DLL

mscoree.dll

[%s](%lu):

PerfTrace.ini

DebugMsg

EVENT_RECORD address : %d, UserDataLength : %d

PerfTrackInfo : Name : %s, Id : %d

Start Event : Name : %s, Id : %d

InFlightEvents number : %d

Match Event : Name : %s, Id : %d

{x-x-x-xx-xxxxxx}

Port

TypesSupported

QQTrace.ini

TraceConfig.xml

qqtrack.xml

advapi32.dll

IsVervionEnalbe failed , OSVersion : %d

IsTypeEnable failed, trace type %d

7z.exe

::CreateProcess failed, ErrCode : %d, cmd : %s

::SetPriorityClass failed, ErrCode : %d

File path too long ! %s, %s

share dir path too long ! %s, %s

CopyFile failed, ErrCode : %d

begin ReloadConfig tread, ReloadTime : %d

CreateThread failed, ErrCode %d

OpenTrace failed , ErrCode : %d

Session-4BA0B957-882B-4625-A213-0349B865E6AA

%d/%d/%d %d:%d:%d

event id :%d, duration :%f ms, start time :%s

ScenarioId %s take a long time

AQQTrace-UserSession-8D2FEC41-08A1-4c4b-AB00-F67DD5761ACC

-start %s -on %s -BufferSize %d -MinBuffers %d -MaxBuffers %d

-on %s -BufferSize %d -MinBuffers %d -MaxBuffers %d -stackwalk %s

-stop -stop %s

-flush -flush "%s"

-flush -f "%s" -flush "%s" -f "%s"

RunXperf Error ! (%d)

%s\%s%s.%d-d-d.d-d-d-%d.etl

-merge "%s" "%s" "%s"

Myredir-B48C0CD8-8D7A-45ee-90EB-B1FCCD3F5E1A

"%s" %s

CreateProcess failed (%d)

DeleteFile %s Failed : %d

xperf.exe

QQTraceUserSession.etl

QQTraceNTSession.etl

%d.%d.%d.%d

AoXmlDoc.Load(lpszConfigFileName) || !oXmlDoc.IsValid() failed

oXmlDoc.IsValid() failed

IDispatch error #%d

%Program Files%\Tencent\QQBrowser\Service\PerfTraceService.exe

1332280.exe_500:

`.rsrc

vSSSh

tGHt.Ht&

FTPjK

FtPj;

C.PjRV

Iphlpapi.dll

SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

System\CurrentControlSet\Services\VxD\MSTCP

255.255.255.255

socket() failed; %d

\\.\PhysicalDrive%d

\\.\Scsi%d:

MSIE %d.%d

WININET.DLL

Windows

Windows Me

Windows 98

Windows 95

Windows NT %d.%d

%s:%d

Mozilla/4.0 (compatible; %s; %s; Rising)

Content-Type: application/x-www-form-urlencoded

HTTP/1.0

Range: bytes=%d-

hXXp://

"%sProgram Files\Internet Explorer\iexplore.exe" %s

"%s\Internet Explorer\iexplore.exe" %s

Shell32.dll

FRegDeleteKeyExA

Advapi32.dll

HKEY_CLASSES_ROOT

HKEY_CURRENT_USER

HKEY_LOCAL_MACHINE

HKEY_USERS

HKEY_PERFORMANCE_DATA

HKEY_DYN_DATA

HKEY_CURRENT_CONFIG

Global\{DCBEBF39-05BB-4826-9BDA-B8DD752EF707}

XXXXXXXXXXX

{X-X-X-XX-XXXXXX}

CLSID\{CAA2D3B1-4BB5-4a45-A17A-122773379D99}

%s\%s

%s\*.*

"%s" %s

Setup.exe

rsbrowser.exe

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rse

hXXp://rsup10.rising.com.cn/Register/OnlineHelper/ForLog/Action.aspx?info=

C:\Temp

\AUTO.INI

\InstalledLog.dat

\rse.exe

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\

tray.exe

Kernel32.dll

Rising.info

\label.dat

AUTO.INI

\Rav.zip

\KaKa.info

%slog.txt

"%s" -auto

Key=RSEInstallPop&v1=%s&v2=%d&v3=%d&v4=%d&v5=0

SOFTWARE\Microsoft\Windows\CurrentVersion\Run

rccb.exe

target url:

hXXp://rse.rising.com.cn/config/rsedownloadconfig.xml

\rsedownloadconfig.xml

CRavDowner::GetDownloadURL

1.1.3

Rav.tst

Mozilla/4.0 (compatible; Rising)

kernel32.dll

%s\Tasks\%s

%s\Tasks\%s*.*

https

Content-Disposition: form-data; name="%s"

Content-Disposition: form-data; name="%s"; filename="%s"

hXXps://

Content-Length: %d

<!--%s-->

&#xX;

</%s>

%s='%s'

%s="%s"

<![CDATA[%s]]>

standalone="%s"

encoding="%s"

version="%s"

Please contact the application's support team for more information.

- Attempt to initialize the CRT more than once.

- CRT not initialized

- floating point support not loaded

operator

portuguese-brazilian

ADVAPI32.DLL

GetProcessWindowStation

USER32.DLL

deflate 1.1.3 Copyright 1995-1998 Jean-loup Gailly

inflate 1.1.3 Copyright 1995-1998 Mark Adler

C:\DistributedAutoLink\Temp\CompileOutputDir\rsedownloader.pdb

.?AVCHttpDownload@@

.?AVCHttpDownloadHifi@@

zcÁ

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nso3.tmp\1332280.exe

GetProcessHeap

GetConsoleOutputCP

GetWindowsDirectoryA

GetCPInfo

RegQueryInfoKeyA

RegOpenKeyA

RegCreateKeyA

RegEnumKeyExA

RegCloseKey

RegCreateKeyExA

RegDeleteKeyA

RegOpenKeyExA

ShellExecuteExA

InternetCrackUrlA

HttpQueryInfoA

HttpSendRequestA

HttpSendRequestExA

HttpEndRequestA

FtpOpenFileA

HttpAddRequestHeadersA

HttpOpenRequestA

.text

`.rdata

@.data

.rsrc

)(2-2004

<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="x86" name="ravdown" type="win32"></assemblyIdentity><description>

</description><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo></assembly>

KERNEL32.DLL

ADVAPI32.dll

COMCTL32.dll

ole32.dll

OLEAUT32.dll

RPCRT4.dll

SHELL32.dll

SHLWAPI.dll

USER32.dll

VERSION.dll

WININET.dll

WSOCK32.dll

RunAsStdUser Task%d

ekernel32.dll

mscoree.dll

Continue Downloading(Installation is processing. Please wait.0hXXp://VVV.ikaka.com/2010/down.asp?t=rav&action=

Finish %d%%@Please uninstall Rising Browse before installing Rising Browse .8hXXp://VVV.rising.com.cn/2010/release/surprise/will.html>hXXp://shop.rising.com.cn/friend/index.aspx?action=%s&ginfo=%s.Rising Browse has been installed successfully!

...ShXXp://rsup10.rising.com.cn/Register/OnlineHelper/Web_Online/DownloaderInfo.aspx?t=

%d%%>

8hXXp://VVV.rising.com.cn/2010/release/surprise/will.html>hXXp://shop.rising.com.cn/friend/index.aspx?action=%s&ginfo=%s

1.0.1.1

channel downloader.exe

20151230103025859

1332280.exe_500_rwx_00401000_00075000:

vSSSh

tGHt.Ht&

FTPjK

FtPj;

C.PjRV

Iphlpapi.dll

SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

System\CurrentControlSet\Services\VxD\MSTCP

255.255.255.255

socket() failed; %d

\\.\PhysicalDrive%d

\\.\Scsi%d:

MSIE %d.%d

WININET.DLL

Windows

Windows Me

Windows 98

Windows 95

Windows NT %d.%d

%s:%d

Mozilla/4.0 (compatible; %s; %s; Rising)

Content-Type: application/x-www-form-urlencoded

HTTP/1.0

Range: bytes=%d-

hXXp://

"%sProgram Files\Internet Explorer\iexplore.exe" %s

"%s\Internet Explorer\iexplore.exe" %s

Shell32.dll

FRegDeleteKeyExA

Advapi32.dll

HKEY_CLASSES_ROOT

HKEY_CURRENT_USER

HKEY_LOCAL_MACHINE

HKEY_USERS

HKEY_PERFORMANCE_DATA

HKEY_DYN_DATA

HKEY_CURRENT_CONFIG

Global\{DCBEBF39-05BB-4826-9BDA-B8DD752EF707}

XXXXXXXXXXX

{X-X-X-XX-XXXXXX}

CLSID\{CAA2D3B1-4BB5-4a45-A17A-122773379D99}

%s\%s

%s\*.*

"%s" %s

Setup.exe

rsbrowser.exe

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rse

hXXp://rsup10.rising.com.cn/Register/OnlineHelper/ForLog/Action.aspx?info=

C:\Temp

\AUTO.INI

\InstalledLog.dat

\rse.exe

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\

tray.exe

Kernel32.dll

Rising.info

\label.dat

AUTO.INI

\Rav.zip

\KaKa.info

%slog.txt

"%s" -auto

Key=RSEInstallPop&v1=%s&v2=%d&v3=%d&v4=%d&v5=0

SOFTWARE\Microsoft\Windows\CurrentVersion\Run

rccb.exe

target url:

hXXp://rse.rising.com.cn/config/rsedownloadconfig.xml

\rsedownloadconfig.xml

CRavDowner::GetDownloadURL

1.1.3

Rav.tst

Mozilla/4.0 (compatible; Rising)

kernel32.dll

%s\Tasks\%s

%s\Tasks\%s*.*

https

Content-Disposition: form-data; name="%s"

Content-Disposition: form-data; name="%s"; filename="%s"

hXXps://

Content-Length: %d

<!--%s-->

&#xX;

</%s>

%s='%s'

%s="%s"

<![CDATA[%s]]>

standalone="%s"

encoding="%s"

version="%s"

Please contact the application's support team for more information.

- Attempt to initialize the CRT more than once.

- CRT not initialized

- floating point support not loaded

operator

portuguese-brazilian

ADVAPI32.DLL

GetProcessWindowStation

USER32.DLL

deflate 1.1.3 Copyright 1995-1998 Jean-loup Gailly

inflate 1.1.3 Copyright 1995-1998 Mark Adler

C:\DistributedAutoLink\Temp\CompileOutputDir\rsedownloader.pdb

.?AVCHttpDownload@@

.?AVCHttpDownloadHifi@@

zcÁ

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nso3.tmp\1332280.exe

GetProcessHeap

GetConsoleOutputCP

GetWindowsDirectoryA

GetCPInfo

RegQueryInfoKeyA

RegOpenKeyA

RegCreateKeyA

RegEnumKeyExA

RegCloseKey

RegCreateKeyExA

RegDeleteKeyA

RegOpenKeyExA

ShellExecuteExA

InternetCrackUrlA

HttpQueryInfoA

HttpSendRequestA

HttpSendRequestExA

HttpEndRequestA

FtpOpenFileA

HttpAddRequestHeadersA

HttpOpenRequestA

.text

`.rdata

@.data

.rsrc

)(2-2004

RunAsStdUser Task%d

ekernel32.dll

KERNEL32.DLL

mscoree.dll

Continue Downloading(Installation is processing. Please wait.0hXXp://VVV.ikaka.com/2010/down.asp?t=rav&action=

Finish %d%%@Please uninstall Rising Browse before installing Rising Browse .8hXXp://VVV.rising.com.cn/2010/release/surprise/will.html>hXXp://shop.rising.com.cn/friend/index.aspx?action=%s&ginfo=%s.Rising Browse has been installed successfully!

...ShXXp://rsup10.rising.com.cn/Register/OnlineHelper/Web_Online/DownloaderInfo.aspx?t=

%d%%>

8hXXp://VVV.rising.com.cn/2010/release/surprise/will.html>hXXp://shop.rising.com.cn/friend/index.aspx?action=%s&ginfo=%s

kinst_168_38.exe_804:

.text

`.rdata

@.data

.rsrc

8%u?P

PSSSSSSh

Montgomery Multiplication for x86, CRYPTOGAMS by <appro@openssl.org>

SHA1 block transform for x86, CRYPTOGAMS by <appro@openssl.org>

SHA256 block transform for x86, CRYPTOGAMS by <appro@openssl.org>

SHA512 block transform for x86, CRYPTOGAMS by <appro@openssl.org>

FtPS

GF(2^m) Multiplication for x86, CRYPTOGAMS by <appro@openssl.org>

AES for Intel AES-NI, CRYPTOGAMS by <appro@openssl.org>

6-9'6-9'

$6.:$6.:

*?#1*?#1

>8$4,8$4,

AES for x86, CRYPTOGAMS by <appro@openssl.org>

GHASH for x86, CRYPTOGAMS by <appro@openssl.org>

aSSSh

.VVVVVSRSSj

FTPjK

FtPj;

C.PjRV

tGHt.Ht&

%%!"#%%$

?%uZj

FTPU

w.hhwO

CERTIFICATE REQUEST

NEW CERTIFICATE REQUEST

CERTIFICATE

PUBLIC KEY

passed a null parameter

DSO support routines

x509 certificate routines

error:lX:%s:%s:%s

RSA part of OpenSSL 1.0.2c 12 Jun 2015

pubkey

PEM part of OpenSSL 1.0.2c 12 Jun 2015

phrase is too short, needs to be at least %d chars

Enter PEM pass phrase:

TRUSTED CERTIFICATE

X509 CERTIFICATE

PRIVATE KEY

ENCRYPTED PRIVATE KEY

ANY PRIVATE KEY

enc_key

key_enc_algor

cert

d.encrypted

d.digest

d.signed_and_enveloped

d.enveloped

d.sign

d.data

d.other

NETSCAPE_CERT_SEQUENCE

certs

X509_PUBKEY

public_key

.\crypto\asn1\x_pubkey.c

DSA part of OpenSSL 1.0.2c 12 Jun 2015

priv_key

pub_key

.\crypto\ec\ec_key.c

EC_PRIVATEKEY

publicKey

privateKey

value.implicitlyCA

value.parameters

value.named_curve

p.char_two

p.prime

p.ppBasis

p.tpBasis

p.onBasis

p.other

ssl_sess_cert

ssl_cert

evp_pkey

x509_pkey

%s(%d): OpenSSL internal error, assertion failed: %s

lhash part of OpenSSL 1.0.2c 12 Jun 2015

0123456789

Big Number part of OpenSSL 1.0.2c 12 Jun 2015

unsupported type

unsupported recpientinfo type

unsupported recipient type

unsupported key encryption algorithm

unsupported kek algorithm

unsupported content type

unsupported compression algorithm

signer certificate not found

private key does not match certificate

no public key

no private key

no password

no msgsigdigest

no key or cert

no key

not supported for this key type

not key transport

not key agreement

msgsigdigest wrong length

msgsigdigest verification failure

msgsigdigest error

invalid key length

invalid key encryption parameter

invalid encrypted key length

error setting key

error getting public key

certificate verify error

certificate has no keyid

certificate already present

CMS_SIGNERINFO_VERIFY_CERT

cms_set1_keyid

CMS_RecipientInfo_set0_pkey

CMS_RecipientInfo_set0_password

CMS_RecipientInfo_set0_key

CMS_RecipientInfo_ktri_cert_cmp

cms_msgSigDigest_add1

CMS_GET0_CERTIFICATE_CHOICES

CMS_EncryptedData_set1_key

CMS_decrypt_set1_pkey

CMS_decrypt_set1_password

CMS_decrypt_set1_key

CMS_add1_recipient_cert

CMS_add0_recipient_password

CMS_add0_recipient_key

CMS_add0_cert

unsupported requestorname type

no certificates in chain

error parsing url

PARSE_HTTP_LINE1

OCSP_parse_url

OCSP_cert_id_new

unimplemented public key method

invalid cmd number

invalid cmd name

failed loading public key

failed loading private key

cmd not executable

ENGINE_UNLOAD_KEY

ENGINE_load_ssl_client_cert

ENGINE_load_public_key

ENGINE_load_private_key

ENGINE_get_pkey_meth

ENGINE_get_pkey_asn1_meth

ENGINE_ctrl_cmd_string

ENGINE_ctrl_cmd

ENGINE_cmd_is_executable

unsupported version

unsupported md algorithm

invalid signer certificate purpose

ess signing certificate error

ess add signing cert error

TS_VERIFY_CERT

TS_TST_INFO_set_msg_imprint

TS_RESP_CTX_set_signer_cert

TS_RESP_CTX_set_certs

TS_REQ_set_msg_imprint

TS_MSG_IMPRINT_set_algo

TS_CHECK_SIGNING_CERTS

ESS_SIGNING_CERT_NEW_INIT

ESS_CERT_ID_NEW_INIT

ESS_ADD_SIGNING_CERT

functionality not supported

WIN32_JOINER

unsupported pkcs12 mode

key gen error

PKCS8_add_keyusage

PKCS12_PBE_keyivgen

PKCS12_newpass

PKCS12_MAKE_SHKEYBAG

PKCS12_MAKE_KEYBAG

PKCS12_key_gen_uni

PKCS12_key_gen_asc

PKCS12_add_localkeyid

unsupported option

unable to get issuer keyid

policy syntax not currently supported

operation not defined

no proxy cert policy language defined

no issuer certificate

extension setting not supported

V2I_EXTENDED_KEY_USAGE

V2I_AUTHORITY_KEYID

S2I_SKEY_ID

S2I_ASN1_SKEY_ID

R2I_CERTPOL

unsupported cipher type

unknown operation

unable to find certificate

signing not supported for this key type

operation not supported on this type

no recipient matches key

no recipient matches certificate

encryption not supported for this key type

decrypted key is wrong length

PKCS7_add_certificate

unsupported method

no port specified

no port defined

no accept port specified

broken pipe

BIO_get_port

ECDH_compute_key

data too large for key size

unsupported field

peer key error

passed null parameter

not a supported NIST prime

missing private key

keys not set

invalid private key

gf2m not supported

PKEY_EC_SIGN

PKEY_EC_PARAMGEN

PKEY_EC_KEYGEN

PKEY_EC_DERIVE

PKEY_EC_CTRL_STR

PKEY_EC_CTRL

o2i_ECPublicKey

i2o_ECPublicKey

i2d_ECPrivateKey

EC_KEY_set_public_key_affine_coordinates

EC_KEY_print_fp

EC_KEY_print

EC_KEY_new

EC_KEY_generate_key

EC_KEY_copy

EC_KEY_check_key

ECKEY_TYPE2PARAM

ECKEY_PUB_ENCODE

ECKEY_PUB_DECODE

ECKEY_PRIV_ENCODE

ECKEY_PRIV_DECODE

ECKEY_PARAM_DECODE

ECKEY_PARAM2TYPE

DO_EC_KEY_PRINT

d2i_ECPrivateKey

zlib not supported

fips mode not supported

wrong public key type

unsupported public key type

unsupported encryption algorithm

unsupported cipher

unsupported any defined by type

unknown public key type

unable to decode rsa private key

unable to decode rsa key

streaming not supported

private key header missing

digest and key type not supported

bad password read

X509_PKEY_new

i2d_RSA_PUBKEY

i2d_PublicKey

i2d_PrivateKey

i2d_EC_PUBKEY

i2d_DSA_PUBKEY

d2i_X509_PKEY

d2i_PublicKey

d2i_PrivateKey

d2i_AutoPrivateKey

unsupported algorithm

unknown key type

unable to get certs public key

public key encode error

public key decode error

no cert set for us to verify

method not supported

loading cert dir

key values mismatch

key type mismatch

cert already in hash table

cant check dh key

X509_verify_cert

X509_STORE_add_cert

X509_REQ_check_private_key

X509_PUBKEY_set

X509_PUBKEY_get

X509_load_cert_file

X509_load_cert_crl_file

X509_get_pubkey_parameters

X509_check_private_key

GET_CERT_BY_SUBJECT

ADD_CERT_DIR

PKEY_DSA_KEYGEN

PKEY_DSA_CTRL

DSA_generate_key

unsupported key components

unsupported encryption

read key

public key no rsa

problems getting password

keyblob too short

keyblob header parse error

expecting public key blob

expecting private key blob

error converting private key

PEM_WRITE_PRIVATEKEY

PEM_READ_PRIVATEKEY

PEM_READ_BIO_PRIVATEKEY

PEM_PK8PKEY

PEM_F_PEM_WRITE_PKCS8PRIVATEKEY

DO_PK8PKEY_FP

DO_PK8PKEY

d2i_PKCS8PrivateKey_fp

d2i_PKCS8PrivateKey_bio

unsupported salt type

unsupported private key algorithm

unsupported prf

unsupported key size

unsupported key derivation function

unsupported keylength

unsuported number of rounds

public key not rsa

private key encode error

private key decode error

operaton not initialized

operation not supported for this keytype

no operation set

no key set

keygen failure

invalid operation

expecting a ec key

expecting a ecdsa key

expecting a dsa key

expecting a dh key

expecting an rsa key

different key types

ctrl operation not implemented

command not supported

camellia key setup failed

bn pubkey error

bad key length

aes key setup failed

PKEY_SET_TYPE

PKCS5_V2_PBKDF2_KEYIVGEN

PKCS5_v2_PBE_keyivgen

PKCS5_PBE_keyivgen

FIPS_CIPHER_CTX_SET_KEY_LENGTH

EVP_PKEY_verify_recover_init

EVP_PKEY_verify_recover

EVP_PKEY_verify_init

EVP_PKEY_verify

EVP_PKEY_sign_init

EVP_PKEY_sign

EVP_PKEY_paramgen_init

EVP_PKEY_paramgen

EVP_PKEY_new

EVP_PKEY_keygen_init

EVP_PKEY_keygen

EVP_PKEY_get1_RSA

EVP_PKEY_get1_EC_KEY

EVP_PKEY_GET1_ECDSA

EVP_PKEY_get1_DSA

EVP_PKEY_get1_DH

EVP_PKEY_encrypt_old

EVP_PKEY_encrypt_init

EVP_PKEY_encrypt

EVP_PKEY_derive_set_peer

EVP_PKEY_derive_init

EVP_PKEY_derive

EVP_PKEY_decrypt_old

EVP_PKEY_decrypt_init

EVP_PKEY_decrypt

EVP_PKEY_CTX_dup

EVP_PKEY_CTX_ctrl_str

EVP_PKEY_CTX_ctrl

EVP_PKEY_copy_parameters

EVP_PKEY2PKCS8_broken

EVP_PKCS82PKEY_BROKEN

EVP_PKCS82PKEY

EVP_CIPHER_CTX_set_key_length

ECKEY_PKEY2PKCS8

ECDSA_PKEY2PKCS8

DSA_PKEY2PKCS8

DSAPKEY2PKCS8

D2I_PKEY

CMLL_T4_INIT_KEY

CAMELLIA_INIT_KEY

AES_T4_INIT_KEY

AES_INIT_KEY

AESNI_INIT_KEY

key size too small

invalid public key

PKEY_DH_KEYGEN

PKEY_DH_DERIVE

GENERATE_KEY

DH_generate_key

DH_compute_key

DH_CMS_SET_PEERKEY

COMPUTE_KEY

unsupported signature type

unsupported mask parameter

unsupported mask algorithm

unsupported label source

unsupported encryption type

rsa operations not supported

operation not allowed in fips mode

invalid keybits

illegal or unsupported padding mode

digest too big for rsa key

data too small for key size

RSA_generate_key_ex

RSA_generate_key

RSA_check_key

RSA_BUILTIN_KEYGEN

PKEY_RSA_VERIFYRECOVER

PKEY_RSA_VERIFY

PKEY_RSA_SIGN

PKEY_RSA_CTRL_STR

PKEY_RSA_CTRL

value.single

value.set

Stack part of OpenSSL 1.0.2c 12 Jun 2015

.\crypto\evp\evp_key.c

nkey <= EVP_MAX_KEY_LENGTH

EVP part of OpenSSL 1.0.2c 12 Jun 2015

?456789:;<=

!"#$%&'()* ,-./0123

CT Certificate SCTs

ct_cert_scts

CT Precertificate Signer

ct_precert_signer

CT Precertificate Poison

ct_precert_poison

CT Precertificate SCTs

ct_precert_scts

dhSinglePass-cofactorDH-sha512kdf-scheme

dhSinglePass-cofactorDH-sha384kdf-scheme

dhSinglePass-cofactorDH-sha256kdf-scheme

dhSinglePass-cofactorDH-sha224kdf-scheme

dhSinglePass-cofactorDH-sha1kdf-scheme

dhSinglePass-stdDH-sha512kdf-scheme

dhSinglePass-stdDH-sha384kdf-scheme

dhSinglePass-stdDH-sha256kdf-scheme

dhSinglePass-stdDH-sha224kdf-scheme

dhSinglePass-stdDH-sha1kdf-scheme

Any Extended Key Usage

anyExtendedKeyUsage

supportedAlgorithms

crossCertificatePair

certificateRevocationList

cACertificate

userCertificate

userPassword

supportedApplicationContext

Microsoft Local Key set

LocalKeySet

id-Gost28147-89-None-KeyMeshing

id-Gost28147-89-CryptoPro-KeyMeshing

password based MAC

id-PasswordBasedMAC

X509v3 Certificate Issuer

certificateIssuer

certicom-arc

Proxy Certificate Information

proxyCertInfo

Microsoft Smartcardlogin

msSmartcardLogin

joint-iso-itu-t

JOINT-ISO-ITU-T

set-rootKeyThumb

setAttr-Cert

setCext-cCertRequired

setCext-certType

setct-CertResTBE

setct-CertReqTBEX

setct-CertReqTBE

setct-AcqCardCodeMsgTBE

setct-CertInqReqTBS

setct-CertResData

setct-CertReqTBS

setct-CertReqData

setct-PCertResTBS

setct-PCertReqData

setct-AcqCardCodeMsg

certificate extensions

set-certExt

set-msgExt

id-ecPublicKey

id-cmc-confirmCertAcceptance

id-cmc-getCert

id-regInfo-certReq

id-regCtrl-protocolEncrKey

id-regCtrl-oldCertID

id-it-revPassphrase

id-it-keyPairParamRep

id-it-keyPairParamReq

id-it-unsupportedOIDs

id-it-caKeyUpdateInfo

id-it-encKeyPairTypes

id-it-signKeyPairTypes

id-it-caProtEncCert

id-mod-attribute-cert

id-mod-qualified-cert-93

id-mod-qualified-cert-88

id-smime-aa-ets-certCRLTimestamp

id-smime-aa-ets-certValues

id-smime-aa-ets-CertificateRefs

id-smime-aa-ets-otherSigCert

id-smime-aa-smimeEncryptCerts

id-smime-aa-signingCertificate

id-smime-aa-encrypKeyPref

id-smime-aa-msgSigDigest

id-smime-ct-publishCert

id-smime-mod-msg-v3

sdsiCertificate

x509Certificate

localKeyID

certBag

pkcs8ShroudedKeyBag

keyBag

pbeWithSHA1And2-KeyTripleDES-CBC

pbeWithSHA1And3-KeyTripleDES-CBC

TLS Web Client Authentication

TLS Web Server Authentication

X509v3 Extended Key Usage

extendedKeyUsage

X509v3 Authority Key Identifier

authorityKeyIdentifier

X509v3 Certificate Policies

certificatePolicies

X509v3 Private Key Usage Period

privateKeyUsagePeriod

X509v3 Key Usage

keyUsage

X509v3 Subject Key Identifier

subjectKeyIdentifier

Netscape Certificate Sequence

nsCertSequence

Netscape CA Policy Url

nsCaPolicyUrl

Netscape Renewal Url

nsRenewalUrl

Netscape CA Revocation Url

nsCaRevocationUrl

Netscape Revocation Url

nsRevocationUrl

Netscape Base Url

nsBaseUrl

Netscape Cert Type

nsCertType

Netscape Certificate Extension

nsCertExt

extendedCertificateAttributes

challengePassword

dhKeyAgreement

name.relativename

name.fullname

certificateHold

Certificate Hold

cessationOfOperation

Cessation Of Operation

keyCompromise

Key Compromise

%*s%s:

%*sOnly Attribute Certificates

%*sOnly CA Certificates

%*sOnly User Certificates

ASN.1 part of OpenSSL 1.0.2c 12 Jun 2015

d.registeredID

d.iPAddress

d.uniformResourceIdentifier

d.ediPartyName

d.directoryName

d.dNSName

d.rfc822Name

d.otherName

AUTHORITY_KEYID

keyid

cert_info

Diffie-Hellman part of OpenSSL 1.0.2c 12 Jun 2015

PKCS8_PRIV_KEY_INFO

pkey

pkeyalg

EC part of OpenSSL 1.0.2c 12 Jun 2015

RAND part of OpenSSL 1.0.2c 12 Jun 2015

You need to read the OpenSSL FAQ, hXXp://VVV.openssl.org/support/faq.html

\X

MD5 part of OpenSSL 1.0.2c 12 Jun 2015

recommended-private-length: %d bits

x%s

public-key:

private-key:

%s: (%d bit)

DH Public-Key

DH Private-Key

Public-Key

Private-Key

Public-Key: (%d bit)

Private-Key: (%d bit)

ddddddZ

ddddddZ

%d.%d.%d.%d

<unsupported>

IP Address:%d.%d.%d.%d

URI:%s

DNS:%s

email:%s

EdiPartyName:<unsupported>

X400Name:<unsupported>

othername:<unsupported>

Content-Length: %d

%s %s HTTP/1.0

SHA1 part of OpenSSL 1.0.2c 12 Jun 2015

SHA-256 part of OpenSSL 1.0.2c 12 Jun 2015

SHA-512 part of OpenSSL 1.0.2c 12 Jun 2015

%d.%d.%d.%d/%d.%d.%d.%d

X509_CERT_PAIR

X509_CERT_AUX

X.509 part of OpenSSL 1.0.2c 12 Jun 2015

X:

%s - d:d:d%.*s %d%s

.\crypto\dh\dh_key.c

USER32.DLL

NETAPI32.DLL

KERNEL32.DLL

ADVAPI32.DLL

'() ,-./:=?

%lu:%s:%s:%d:%s

Verifying - %s

%s %s%lu (%s0x%lx)

ECDSA part of OpenSSL 1.0.2c 12 Jun 2015

Basis Type: %s

Field Type: %s

NIST CURVE: %s

ASN1 OID: %s

keyInfo

d.receiptList

d.allOrFirstTier

d.compressedData

d.authenticatedData

d.encryptedData

d.digestedData

d.envelopedData

d.signedData

d.ori

d.pwri

d.kekri

d.kari

d.ktri

CMS_PasswordRecipientInfo

keyDerivationAlgorithm

keyIdentifier

CMS_KeyAgreeRecipientInfo

recipientEncryptedKeys

CMS_OriginatorIdentifierOrKey

d.originatorKey

CMS_OriginatorPublicKey

CMS_RecipientEncryptedKey

CMS_KeyAgreeRecipientIdentifier

d.rKeyId

CMS_RecipientKeyIdentifier

CMS_OtherKeyAttribute

keyAttr

keyAttrId

CMS_KeyTransRecipientInfo

encryptedKey

keyEncryptionAlgorithm

certificates

d.crl

d.subjectKeyIdentifier

d.issuerAndSerialNumber

CMS_CertificateChoices

d.v2AttrCert

d.v1AttrCert

d.extendedCertificate

d.certificate

CMS_OtherCertificateFormat

otherCert

otherCertFormat

keylen <= sizeof key

EVP_CIPHER_key_length(cipher) <= (int)sizeof(md_tmp)

XX

%.14s.dZ

%*sSigned Certificate Timestamp:

%*sPolicy Text: %s

%*scrlUrl:

EXTENDED_KEY_USAGE

%*sZone: %s, User:

.\crypto\x509v3\v3_akey.c

d.usernotice

d.cpsuri

CERTIFICATEPOLICIES

%*sExplicit Text: %s

%*sNumber%s:

%*sOrganization: %s

%*sCPS: %s

PKEY_USAGE_PERIOD

keyCertSign

Certificate Sign

keyAgreement

Key Agreement

keyEncipherment

Key Encipherment

.\crypto\x509v3\v3_skey.c

CONF part of OpenSSL 1.0.2c 12 Jun 2015

PROXY_CERT_INFO_EXTENSION

crlUrl

certStatus

certId

OCSP_CERTSTATUS

value.unknown

value.revoked

value.good

value.byKey

value.byName

reqCert

OCSP_CERTID

issuerKeyHash

hexkey

rsa_keygen_pubexp

rsa_keygen_bits

%s:%s

keylength

keyfunc

AES part of OpenSSL 1.0.2c 12 Jun 2015

j <= (int)sizeof(ctx->key)

.\crypto\pkcs12\p12_key.c

CONF_def part of OpenSSL 1.0.2c 12 Jun 2015

[[%s]]

[%s] %s=%s

%'%1$=%C%K%O%s%

.%.-.3.7.9.?.W.[.o.y.

C%C'C3C7C9COCWCiC

ECDH part of OpenSSL 1.0.2c 12 Jun 2015

value.bag

value.safes

value.shkeybag

value.keybag

value.sdsicert

value.x509cert

value.other

%s.dll

mscoree.dll

Visual C   CRT: Not enough memory to complete call to strerror.

Please contact the application's support team for more information.

- Attempt to initialize the CRT more than once.

- CRT not initialized

- floating point support not loaded

.mixcrt

kernel32.dll

Broken pipe

Inappropriate I/O control operation

Operation not permitted

portuguese-brazilian

GetProcessWindowStation

operator

Could not resolve %s: %s

getaddrinfo() failed for %s:%d; %s

init_resolve_thread() failed for %s; %s

%s:%d

Hostname %s was found in DNS cache

Added %s:%d:%s to DNS cache

Address in '%s' found illegal!

Couldn't parse CURLOPT_RESOLVE entry '%s'!

%5[^:]:%d:%5s

Couldn't parse CURLOPT_RESOLVE removal entry '%s'!

%5[^:]:%d

Connected to %s (%s) port %ld (#%ld)

IDN support not present, can't parse Unicode domains

Protocol "%s" not supported or disabled in libcurl

http_proxy

Port number out of range

%s://%s%s%s:%hu%s%s%s

;type=%c

[%*45[0123456789abcdefABCDEF:.]%c

Couldn't find host %s in the _netrc file; using defaults

PTF@example.com

Couldn't resolve host '%s'

Couldn't resolve proxy '%s'

User-Agent: %s

CURLOPT_SSL_VERIFYHOST no longer supports 1 as value!

Server doesn't support pipelining

Found bundle for host %s: %p

Please URL encode %% as %%, see RFC 6874.

Connection #%ld to host %s left intact

Rebuilt URL to: %s

smtp

SMTP.

<url> malformed

:]://%[^

[^:]:%[^

Illegal characters found in URL

Re-using existing connection! (#%ld) with %s %s

Found connection %ld, with requests in the pipe (%zu)

%s://%s

Internal error removing splay node = %d

Internal error clearing splay node = %d

Curl_poll(%d ds, %d ms)

In state %d with no easy_conn, bail out!

Operation timed out after %ld milliseconds with %I64d bytes received

Operation timed out after %ld milliseconds with %I64d out of %I64d bytes received

Pipe broke: handle %p, url = %s

[%s %s %s]

Send failure: %s

Recv failure: %s

Write callback asked for PAUSE when not supported!

%s cookie %s="%s" for domain %s, path %s, expire %I64d

#HttpOnly_

skipped cookie with bad tailmatch domain: %s

httponly

23[^;

=] =I99[^;

%s%s%s

# Fatal libcurl error

# Netscape HTTP Cookie File

# hXXp://curl.haxx.se/docs/http-cookies.html

# This file was generated by libcurl! Edit at your own risk.

ignoring failed cookie_init for %s

WARNING: failed to save cookies in %s

Failed to set SIO_KEEPALIVE_VALS on fd %d: %d

Failed to set SO_KEEPALIVE on fd %d

bind failed with errno %d: %s

Local port: %hu

getsockname() failed with errno %d: %s

Bind to local port %hu failed, trying next

Couldn't bind to '%s'

Name '%s' family %i resolved to '%s' family %i

Couldn't bind to interface '%s'

Local Interface %s is ip %s using address family %i

ssloc inet_ntop() failed with errno %d: %s

ssrem inet_ntop() failed with errno %d: %s

getpeername() failed with errno %d: %s

TCP_NODELAY set

Could not set TCP_NODELAY: %s

Immediate connect fail for %s: %s

Trying %s...

sa_addr inet_ntop() failed with errno %d: %s

Failed to connect to %s port %ld: %s

connect to %s port %ld failed: %s

Winsock version not supported

Protocol family not supported

Address family not supported

Operation not supported

Socket is unsupported

Protocol is unsupported

Protocol option is unsupported

Unknown error %d (%#x)

%sAuthorization: Basic %s

%s auth using %s with user '%s'

HTTP/

Avoided giant realloc for header (max is %d)!

The requested URL returned error: %d

The requested URL returned error: %s

If-Unmodified-Since: %s

Last-Modified: %s

If-Modified-Since: %s

%s, d %s M d:d:d GMT

Failed sending HTTP POST request

Content-Type: application/x-www-form-urlencoded

Internal HTTP POST error!

Failed sending HTTP request

%s%s=%s

%s HTTP/%s

%s%s%s%s%s%s%s%s%s%s%s

PTF://%s:%s@%s

Content-Range: bytes %s/%I64d

Content-Range: bytes %s%I64d/%I64d

Range: bytes=%s

Host: %s%s%s:%hu

Host: %s%s%s

PTF://

Chunky upload is not supported by HTTP 1.0

Accept-Encoding: %s

Referer: %s

HTTP error before end of send, stop sending

HTTP/1.0 connection set to keep alive!

HTTP/1.1 proxy connection set close!

HTTP/1.0 proxy connection set to keep alive!

HTTP 1.0, assume close after body

RTSP/%d.%d =

HTTP =

Lying server, not serving HTTP/2

HTTP/%d.%d %d

SOCKS4%s request granted.

Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), request rejected or failed.

Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), request rejected because SOCKS server cannot connect to identd on the client.

Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), request rejected because the client program and identd report different user-ids.

Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), Unknown.

Failed to resolve "%s" for SOCKS4 connect.

SOCKS4 connect to %s (locally resolved)

SOCKS4 communication to %s:%d

No authentication method was acceptable. (It is quite likely that the SOCKS5 server wanted a username/password, since none was supplied to the server on this connection.)

SOCKS5 GSSAPI per-message authentication is not supported.

Can't complete SOCKS5 connection to xx:xx:xx:xx:xx:xx:xx:xx:%d. (%d)

Can't complete SOCKS5 connection to %s:%d. (%d)

Can't complete SOCKS5 connection to %d.%d.%d.%d:%d. (%d)

Failed to resolve "%s" for SOCKS5 connect.

User was rejected by the SOCKS5 server (%d %d).

Received HTTP code %d from proxy after CONNECT

TUNNEL_STATE switched to: %d

HTTP/1.%d %d

CONNECT %s HTTP/%s

%s%s%s%s

Host: %s

%s%s%s:%hu

%s:%hu

Establish HTTP proxy tunnel to %s:%hu

password

login

--:--:--

%3I64d %s %3I64d %s %3I64d %s %s %s %s %s %s %s

@Operation too slow. Less than %ld bytes/sec transferred the last %ld seconds

Read callback asked for PAUSE when not supported!

operation aborted by callback

ioctl callback returned error %d

the ioctl callback returned %d

seek callback returned error %d

%s in chunked-encoding

Simulate a HTTP 304 response!

HTTP server doesn't seem to support byte ranges. Cannot resume.

Excess found in a non pipelined read: excess = %zd url = %s (zero-length body)

Rewinding stream by : %zd bytes on url %s (zero-length body)

Excess found in a non pipelined read: excess = %zu, size = %I64d, maxdownload = %I64d, bytecount = %I64d

Rewinding stream by : %zu bytes on url %s (size = %I64d, maxdownload = %I64d, bytecount = %I64d, nread = %zd)

No URL set!

[^?&/:]://%c

Disables POST, goes with %s

Issue another request to this URL: '%s'

Conn: %ld (%p) Receive pipe weight: (%I64d/%zu), penalized: %s

Site %s:%d is pipeline blacklisted

Server %s is blacklisted

d:d

d:d:d

%c%c==

%c%c%c=

%c%c%c%c

.html

.jpeg

; filename="%s"

------------------------xx

--%s--

couldn't open file "%s"

Content-Type: %s

Content-Type: multipart/mixed; boundary=%s

%s; boundary=%s

WS2_32.dll

inflate 1.1.3 Copyright 1995-1998 Mark Adler

------BEGIN PUBLIC KEY-----

wXgNPal/ctcPxx2L3by8pqL9tpgSgEYEeIp DMIOFvh0gY6/gt7hqXrairRK8XHr

-----END PUBLIC KEY-----

-----BEGIN PRIVATE KEY-----

-----END PRIVATE KEY-----

<4,$?7/'

(3-!0,1'8"5.*2$

&#xX;

</%s>

%s="%s"

%s='%s'

<!--%s-->

<![CDATA[%s]]>

version="%s"

encoding="%s"

standalone="%s"

User-Agent: Mozilla/4.0

Load Public Key Error!

load public key failed[

XX

\\.\PhysicalDrive%d

%d ReadPhysicalDriveInNTWithAdminRights ERROR

DeviceIoControl(%d, DFP_GET_VERSION) returned 0, error is %d

\\.\Scsi%d:

mainkey

subkey

keyname

keytype

hXXp://config.i.duba.net/lminstall/%d.json?time=%d

DownloadControl curlExecuter Invalid

DownloadControl -- ExE CurlCode = %d, Count = %d, CurrentSize = %d, ResCode = %d

DownloadControl -- End HRESULT = %d, Count = %d

ExecuteDownload ResponseCode = %d

Ping.exe

VVV.baidu.com

VVV.qq.com

An error occured in WSAStartup operation:

An error occured in WSACleanup operation: WSAGetLastError () =

An error occured in gethostbyname operation: WSAGetLastError () =

%d-%d-%d d:d:d d

e:\KINGSOFT_DUBA\Build\Build_Src\kisengine\kisengine\product\win32\dbginfo\kinst_exe.pdb

GetWindowsDirectoryW

KERNEL32.dll

USER32.dll

RegOpenKeyExW

RegCreateKeyExW

RegDeleteKeyW

RegCloseKey

RegQueryInfoKeyW

RegEnumKeyExW

RegOpenKeyW

ReportEventA

ADVAPI32.dll

SHELL32.dll

ole32.dll

OLEAUT32.dll

SHLWAPI.dll

VERSION.dll

WTSAPI32.dll

iphlpapi.dll

RPCRT4.dll

PSAPI.DLL

GetProcessHeap

GetCPInfo

GetConsoleOutputCP

zcÁ

.?AVKProcessInfoReport@KInstallTool@@

.?AVKInstallToolReport@KInstallTool@@

.?AVIInstallToolReport@@

;3 #>6.&

'2, / 0&7!4-)1#

.?AVKCurlDownloader@@

.?AUIKVipWebFile@@

.?AVKDumpInfoReport@KInstallTool@@

10000000000000000010

01000000000000000001

<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity></dependentAssembly></dependency><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">

<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS>

<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS>

<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS>

<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"></supportedOS>

HKEY_CURRENT_CONFIG

HKEY_DYN_DATA

HKEY_PERFORMANCE_DATA

HKEY_USERS

HKEY_LOCAL_MACHINE

HKEY_CURRENT_USER

HKEY_CLASSES_ROOT

kinstalltool_{0A3C83FD-7B1D-4c3f-8932-190BA6D25F90}

hXXp://infoc0.duba.net/c/

\ux

@Software\Kingsoft\KVip\%d

Proxy Port

Proxy Password

Software\Microsoft\Windows\CurrentVersion\Internet Settings

http=

*%s:%s

SYSTEM\CurrentControlSet\services\%s

ntdll.dll

ntoskrnl.exe

okernel32.dll

Aexplorer.exe

wtsapi32.dll

2345Explorer.exe

360Safe.exe

deepscan\zhudongfangyu.exe

EfiMon.sys

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\360

%Program Files%\360\360Safe\

%Program Files% (x86)\360\360Safe\

kxetray.exe

kislive.exe

kismain.exe

QQPCMgr.exe

TSSysKit.sys

QQPCRTP.exe

rstray.exe

rsmain.exe

ravmond.exe

\StringFileInfo\XX\

#{ad498944-762f-11d0-8dcb-00c04fc3358c}

namedpipe

\\.\pipe\

\\.\Global\

A"%s" %s

XXxXXXXXXXX

userenv.dll

%SYSTEM%

%WINDOWS%

%CUR_MODULE%

%CUR_EXE_MODULE%

%CUR_DIR%

Kernel32.dll

CLSID\{79B5BC47-CEA1-4772-B433-7D1B3139F278}\Implemented Categories\{607568DD-B059-434b-B7E7-38EC51998F8E}

Adrivergenius.exe

driverupdate.exe

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverGenius

baidusdSvc.exe

baidusd.exe

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\

BaiduAn.exe

BaiduAnTray.exe

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nso3.tmp\kinst_168_38.exe

2015,08,07,13928

KInstallTool.exe

9,3,244550,13928

QQBrowser.exe_1596:

.text

`.rdata

@.data

@.rsrc

@.reloc

PSShlJ

e:\SlaveDepot\beyond_slave\branch8_union_rc_rep\beyond\bin\pdb\Release\QQBrowser.pdb

GetProcessHeap

KERNEL32.dll

RegOpenKeyExW

RegCloseKey

ADVAPI32.dll

SHELL32.dll

SHLWAPI.dll

.DRNO

%uGK*

<assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity>

<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>

<asmv3:windowsSettings xmlns="hXXp://schemas.microsoft.com/SMI/2005/WindowsSettings">

</asmv3:windowsSettings>

<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS>

<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS>

<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS>

<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"></supportedOS>

<supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"></supportedOS>

msls31.dll

sqmapi.dll

ieproxy.dll

dxgi.dll

urlmon.dll

d3d11.dll

WindowsCodecs.dll

jscript.dll

DWrite.dll

d3d10warp.dll

d2d1.dll

jscript9.dll

wininet.dll

iertutil.dll

MSHTML.DLL

reportdata

datareportfile

QQBrowserFrame.dll

QBUtils.dll

riched20.dll

TridentCore.dll

MouseGesture.dll

Assistant.dll

QBExtensionFramework.dll

NetWork.dll

user32.dll

shell32.dll

DTencent.QQBrowser.Default

advapi32.dll

ieframe.dll

mshtml.tlb

mshtml.dll

Session-4BA0B957-882B-4625-A213-0349B865E6AA

Software\Tencent\QQBrowser\Extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}

Tencent\QQBrowser\Extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}

QBSafe.dll

kernel32.dll

2015-07-08 06:03:11

8.2.3638.400

QQBrowser.exe

8, 2, 3638, 400

QQBrowser.exe_1860:

.text

`.rdata

@.data

@.rsrc

@.reloc

PSShlJ

e:\SlaveDepot\beyond_slave\branch8_union_rc_rep\beyond\bin\pdb\Release\QQBrowser.pdb

GetProcessHeap

KERNEL32.dll

RegOpenKeyExW

RegCloseKey

ADVAPI32.dll

SHELL32.dll

SHLWAPI.dll

.DRNO

%uGK*

<assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity>

<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>

<asmv3:windowsSettings xmlns="hXXp://schemas.microsoft.com/SMI/2005/WindowsSettings">

</asmv3:windowsSettings>

<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS>

<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS>

<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS>

<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"></supportedOS>

<supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"></supportedOS>

msls31.dll

sqmapi.dll

ieproxy.dll

dxgi.dll

urlmon.dll

d3d11.dll

WindowsCodecs.dll

jscript.dll

DWrite.dll

d3d10warp.dll

d2d1.dll

jscript9.dll

wininet.dll

iertutil.dll

MSHTML.DLL

reportdata

datareportfile

QQBrowserFrame.dll

QBUtils.dll

riched20.dll

TridentCore.dll

MouseGesture.dll

Assistant.dll

QBExtensionFramework.dll

NetWork.dll

user32.dll

shell32.dll

DTencent.QQBrowser.Default

advapi32.dll

ieframe.dll

mshtml.tlb

mshtml.dll

Session-4BA0B957-882B-4625-A213-0349B865E6AA

Software\Tencent\QQBrowser\Extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}

Tencent\QQBrowser\Extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}

QBSafe.dll

kernel32.dll

2015-07-08 06:03:11

8.2.3638.400

QQBrowser.exe

8, 2, 3638, 400

QQBrowser.exe_1288:

.text

`.rdata

@.data

@.rsrc

@.reloc

PSShlJ

e:\SlaveDepot\beyond_slave\branch8_union_rc_rep\beyond\bin\pdb\Release\QQBrowser.pdb

GetProcessHeap

KERNEL32.dll

RegOpenKeyExW

RegCloseKey

ADVAPI32.dll

SHELL32.dll

SHLWAPI.dll

.DRNO

%uGK*

<assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity>

<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>

<asmv3:windowsSettings xmlns="hXXp://schemas.microsoft.com/SMI/2005/WindowsSettings">

</asmv3:windowsSettings>

<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS>

<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS>

<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS>

<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"></supportedOS>

<supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"></supportedOS>

msls31.dll

sqmapi.dll

ieproxy.dll

dxgi.dll

urlmon.dll

d3d11.dll

WindowsCodecs.dll

jscript.dll

DWrite.dll

d3d10warp.dll

d2d1.dll

jscript9.dll

wininet.dll

iertutil.dll

MSHTML.DLL

reportdata

datareportfile

QQBrowserFrame.dll

QBUtils.dll

riched20.dll

TridentCore.dll

MouseGesture.dll

Assistant.dll

QBExtensionFramework.dll

NetWork.dll

user32.dll

shell32.dll

DTencent.QQBrowser.Default

advapi32.dll

ieframe.dll

mshtml.tlb

mshtml.dll

Session-4BA0B957-882B-4625-A213-0349B865E6AA

Software\Tencent\QQBrowser\Extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}

Tencent\QQBrowser\Extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}

QBSafe.dll

kernel32.dll

2015-07-08 06:03:11

8.2.3638.400

QQBrowser.exe

8, 2, 3638, 400

QQBrowser.exe_1676:

.text

`.rdata

@.data

@.rsrc

@.reloc

PSShlJ

e:\SlaveDepot\beyond_slave\branch8_union_rc_rep\beyond\bin\pdb\Release\QQBrowser.pdb

GetProcessHeap

KERNEL32.dll

RegOpenKeyExW

RegCloseKey

ADVAPI32.dll

SHELL32.dll

SHLWAPI.dll

.DRNO

%uGK*

<assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity>

<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>

<asmv3:windowsSettings xmlns="hXXp://schemas.microsoft.com/SMI/2005/WindowsSettings">

</asmv3:windowsSettings>

<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS>

<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS>

<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS>

<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"></supportedOS>

<supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"></supportedOS>

msls31.dll

sqmapi.dll

ieproxy.dll

dxgi.dll

urlmon.dll

d3d11.dll

WindowsCodecs.dll

jscript.dll

DWrite.dll

d3d10warp.dll

d2d1.dll

jscript9.dll

wininet.dll

iertutil.dll

MSHTML.DLL

reportdata

datareportfile

QQBrowserFrame.dll

QBUtils.dll

riched20.dll

TridentCore.dll

MouseGesture.dll

Assistant.dll

QBExtensionFramework.dll

NetWork.dll

user32.dll

shell32.dll

DTencent.QQBrowser.Default

advapi32.dll

ieframe.dll

mshtml.tlb

mshtml.dll

Session-4BA0B957-882B-4625-A213-0349B865E6AA

Software\Tencent\QQBrowser\Extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}

Tencent\QQBrowser\Extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}

QBSafe.dll

kernel32.dll

2015-07-08 06:03:11

8.2.3638.400

QQBrowser.exe

8, 2, 3638, 400

QQBrowser.exe_1108:

.text

`.rdata

@.data

@.rsrc

@.reloc

PSShlJ

e:\SlaveDepot\beyond_slave\branch8_union_rc_rep\beyond\bin\pdb\Release\QQBrowser.pdb

GetProcessHeap

KERNEL32.dll

RegOpenKeyExW

RegCloseKey

ADVAPI32.dll

SHELL32.dll

SHLWAPI.dll

.DRNO

%uGK*

<assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity>

<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>

<asmv3:windowsSettings xmlns="hXXp://schemas.microsoft.com/SMI/2005/WindowsSettings">

</asmv3:windowsSettings>

<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS>

<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS>

<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS>

<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"></supportedOS>

<supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"></supportedOS>

msls31.dll

sqmapi.dll

ieproxy.dll

dxgi.dll

urlmon.dll

d3d11.dll

WindowsCodecs.dll

jscript.dll

DWrite.dll

d3d10warp.dll

d2d1.dll

jscript9.dll

wininet.dll

iertutil.dll

MSHTML.DLL

reportdata

datareportfile

QQBrowserFrame.dll

QBUtils.dll

riched20.dll

TridentCore.dll

MouseGesture.dll

Assistant.dll

QBExtensionFramework.dll

NetWork.dll

user32.dll

shell32.dll

DTencent.QQBrowser.Default

advapi32.dll

ieframe.dll

mshtml.tlb

mshtml.dll

Session-4BA0B957-882B-4625-A213-0349B865E6AA

Software\Tencent\QQBrowser\Extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}

Tencent\QQBrowser\Extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}

QBSafe.dll

kernel32.dll

2015-07-08 06:03:11

8.2.3638.400

QQBrowser.exe

8, 2, 3638, 400

QQBrowser.exe_220:

.text

`.rdata

@.data

@.rsrc

@.reloc

PSShlJ

e:\SlaveDepot\beyond_slave\branch8_union_rc_rep\beyond\bin\pdb\Release\QQBrowser.pdb

GetProcessHeap

KERNEL32.dll

RegOpenKeyExW

RegCloseKey

ADVAPI32.dll

SHELL32.dll

SHLWAPI.dll

.DRNO

%uGK*

<assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity>

<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>

<asmv3:windowsSettings xmlns="hXXp://schemas.microsoft.com/SMI/2005/WindowsSettings">

</asmv3:windowsSettings>

<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS>

<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS>

<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS>

<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"></supportedOS>

<supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"></supportedOS>

msls31.dll

sqmapi.dll

ieproxy.dll

dxgi.dll

urlmon.dll

d3d11.dll

WindowsCodecs.dll

jscript.dll

DWrite.dll

d3d10warp.dll

d2d1.dll

jscript9.dll

wininet.dll

iertutil.dll

MSHTML.DLL

reportdata

datareportfile

QQBrowserFrame.dll

QBUtils.dll

riched20.dll

TridentCore.dll

MouseGesture.dll

Assistant.dll

QBExtensionFramework.dll

NetWork.dll

user32.dll

shell32.dll

DTencent.QQBrowser.Default

advapi32.dll

ieframe.dll

mshtml.tlb

mshtml.dll

Session-4BA0B957-882B-4625-A213-0349B865E6AA

Software\Tencent\QQBrowser\Extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}

Tencent\QQBrowser\Extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}

QBSafe.dll

kernel32.dll

2015-07-08 06:03:11

8.2.3638.400

QQBrowser.exe

8, 2, 3638, 400

KisService.exe_2144:

.text

`.rdata

@.data

.rsrc

InstallService %s with Error=%d

Open Service %s with Error=%d

Start Service %s with Error=%d

Start Service %s Successed!

Stop Service %s with Error=%d

TerminateProcess=%d

Stop Service %s Successed!

Remove Service %s Successed Service Does not exist

DeleteService %s with Error=%d

Remove Service %s Successed!

OnControl : ControlCode=X EventType=X

%s Success!

%s Failed!

Create Error=%d

Plugin Load %s Error=X

Plugin Start %s Error=X

Plugin Load Success : %s

d:\code\iNetHelper\trunk\SaaS_Client\bin\Release\PDB\KisService.pdb

CreateNamedPipeW

ConnectNamedPipe

KERNEL32.dll

ADVAPI32.dll

SHELL32.dll

SHLWAPI.dll

MSVCP80.dll

MSVCR80.dll

_amsg_exit

_crt_debugger_hook

USERENV.dll

WTSAPI32.dll

GetProcessHeap

USER32.dll

<assemblyIdentity type="win32" name="Microsoft.VC80.CRT" version="8.0.50727.762" processorArchitecture="x86"></assemblyIdentity>

\iNetHelper\KanOption.cfg

\\.\pipe\{FD2F051A-3410-4F0F-927C-49C7C799B6AB_20150331}

Global\kis_command_event_{63DB9E54-ADCB-46b3-8687-CA44658DE3A1}_2

pGlobal\kisservice{F0086200-71B9-4a15-BEAD-43128573C3EF}

Global\{00000000-1987-1010-0000-201309051737}

kisdeskurl.exe

kdump.dll

Plugin%d

KisConfig.dll

KisCOMHelper.dll

2016,01,27,18

kisdeskurl.exe_2832:

.text

`.rdata

@.data

.rsrc

@.reloc

<1%u5

FTPj

,4,56,789

t.SSj

PSSh8

u$SShe

SSQSSSSh

SSSSh

t%9x t

SSSShp

u SSh

t.hAp

t6Ht.Ht&

CNotSupportedException

CCmdTarget

RegCreateKeyTransactedW

RegDeleteKeyTransactedW

Kernel32.dll

Comctl32.dll

OTaskDialogIndirect

RegDeleteKeyExW

Comdlg32.dll

CMDIFrameWndEx

CMDITabProxyWnd

CMDIChildWndEx

CMDIFrameWnd

CMDIChildWnd

CMDIClientAreaWnd

CMFCToolBarsKeyboardPropertyPage

GetProcessWindowStation

operator

broken pipe

inappropriate io control operation

not supported

operation in progress

operation not permitted

operation not supported

operation would block

protocol not supported

function not supported

operation canceled

address_family_not_supported

operation_in_progress

operation_not_supported

protocol_not_supported

operation_would_block

address family not supported

Open register failed! %d

CHistoryRecord::UpUrl4IEHistory

Delete url error: %d

Create url error: %d

create url cache error: %d

Commit Cache Entry failed! %d

find first url cache entry failed 1! %d

find first url cache entry failed 2! %d

error: %d

Create Entry error: %d

find next url cache entry failed 1! %d

find next url cache entry failed 2! %d

history record IUrlHistoryStg success

history record 2 url: %ws, title: %ws

history favorite url: %ws, title: %ws

look failed! %d

adjust failed! %d

Open db failed! %s

CUrlInfo::InitCache

tab_urlinfo

ERROR: %s

CUrlInfo::ClearUrlDb

tab_urlcount

CUrlInfo::Set360seHistory

urls

delete file failed! %d

SQLite format 3

REINDEXEDESCAPEACHECKEYBEFOREIGNOREGEXPLAINSTEADDATABASELECTABLEFTHENDEFERRABLELSEXCEPTRANSACTIONATURALTERAISEXCLUSIVEXISTSAVEPOINTERSECTRIGGEREFERENCESCONSTRAINTOFFSETEMPORARYUNIQUERYATTACHAVINGROUPDATEBEGINNERELEASEBETWEENOTNULLIKECASCADELETECASECOLLATECREATECURRENT_DATEDETACHIMMEDIATEJOINSERTMATCHPLANALYZEPRAGMABORTVALUESVIRTUALIMITWHENWHERENAMEAFTEREPLACEANDEFAULTAUTOINCREMENTCASTCOLUMNCOMMITCONFLICTCROSSCURRENT_TIMESTAMPRIMARYDEFERREDISTINCTDROPFAILFROMFULLGLOBYIFISNULLORDERESTRICTOUTERIGHTROLLBACKROWUNIONUSINGVACUUMVIEWINITIALLY

CREATE TABLE sqlite_master(

sql text

3.7.17

CREATE TEMP TABLE sqlite_temp_master(

%d-%m-%Y %H:%M, %a

RegOpenKeyTransactedW

SQLITE_

d-d-d d:d:d

d:d:d

d-d-d

failed to allocate %u bytes of memory

failed memory resize %u to %u bytes

922337203685477580

API call with %s database connection pointer

RowKey

GetProcessHeap

os_win.c:%d: (%lu) %s(%s) - %s

delayed %dms for lock/sharing conflict

%s-shm

%s\etilqs_

%s\%s

recovered %d pages from %s

recovered %d frames from WAL file %s

cannot limit WAL size: %s

invalid page number %d

2nd reference to page %d

Failed to read ptrmap key=%d

Bad ptr map entry key=%d expected=(%d,%d) got=(%d,%d)

%d of %d pages missing from overflow list starting at %d

failed to get page %d

freelist leaf count too big on page %d

Page %d:

unable to get the page. error code=%d

btreeInitPage() returns error code %d

On tree page %d cell %d:

On page %d at right child:

Corruption detected in cell %d on page %d

Multiple uses for byte %d of page %d

Fragmentation of %d bytes reported as %d on page %d

Page %d is never used

Pointer map page %d is referenced

Outstanding page count goes from %d to %d during this analysis

unknown database %s

keyinfo(%d

%s(%d)

%s-mjXXXXXX9XXz

MJ delete: %s

MJ collide: %s

-mjX9X

foreign key constraint failed

unable to use function %s in the requested context

bind on a busy prepared statement: [%s]

zeroblob(%d)

abort at %d in [%s]: %s

constraint failed at %d in [%s]

cannot open savepoint - SQL statements in progress

no such savepoint: %s

cannot release savepoint - SQL statements in progress

cannot commit transaction - SQL statements in progress

sqlite_temp_master

sqlite_master

SELECT name, rootpage, sql FROM '%q'.%s WHERE %s ORDER BY rowid

cannot change %s wal mode from within a transaction

database table is locked: %s

statement aborts at %d: [%s] %s

cannot open value of type %s

cannot open virtual table: %s

cannot open view: %s

no such column: "%s"

foreign key

indexed

cannot open %s column for writing

misuse of aliased aggregate %s

%s: %s.%s.%s

%s: %s.%s

%s: %s

not authorized to use function: %s

%r %s BY term out of range - should be between 1 and %d

too many terms in %s BY clause

Expression tree is too large (maximum depth %d)

variable number must be between ?1 and ?%d

too many SQL variables

too many columns in %s

EXECUTE %s%s SUBQUERY %d

misuse of aggregate: %s()

%.*s"%w"%s

%s%.*s"%w"

sqlite_rename_table

sqlite_rename_trigger

sqlite_rename_parent

%s OR name=%Q

type='trigger' AND (%s)

sqlite_

table %s may not be altered

there is already another table or index with this name: %s

view %s may not be altered

UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;

UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d 18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');

sqlite_sequence

UPDATE "%w".sqlite_sequence set name = %Q WHERE name = %Q

UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;

Cannot add a PRIMARY KEY column

UPDATE "%w".%s SET sql = substr(sql,1,%d) || ', ' || %Q || substr(sql,%d) WHERE type = 'table' AND name = %Q

sqlite_altertab_%s

sqlite_stat1

CREATE TABLE %Q.%s(%s)

DELETE FROM %Q.%s WHERE %s=%Q

SELECT tbl,idx,stat FROM %Q.sqlite_stat1

invalid name: "%s"

too many attached databases - max %d

database %s is already in use

unable to open database: %s

no such database: %s

cannot detach database %s

database %s is locked

sqlite_detach

sqlite_attach

%s %T cannot reference objects in database %s

access to %s.%s.%s is prohibited

access to %s.%s is prohibited

object name reserved for internal use: %s

there is already an index named %s

too many columns on %s

duplicate column name: %s

default value of column [%s] is not constant

table "%s" has more than one primary key

AUTOINCREMENT is only allowed on an INTEGER PRIMARY KEY

CREATE %s %.*s

UPDATE %Q.%s SET type='%s', name=%Q, tbl_name=%Q, rootpage=#%d, sql=%Q WHERE rowid=#%d

CREATE TABLE %Q.sqlite_sequence(name,seq)

view %s is circularly defined

UPDATE %Q.%s SET rootpage=%d WHERE #%d AND rootpage=#%d

sqlite_stat%d

DELETE FROM %Q.sqlite_sequence WHERE name=%Q

DELETE FROM %Q.%s WHERE tbl_name=%Q and type!='trigger'

sqlite_stat

table %s may not be dropped

use DROP TABLE to delete table %s

use DROP VIEW to delete view %s

foreign key on %s should reference only one column of table %T

number of columns in foreign key does not match the number of columns in the referenced table

unknown column "%s" in foreign key definition

indexed columns are not unique

table %s may not be indexed

views may not be indexed

virtual tables may not be indexed

there is already a table named %s

index %s already exists

sqlite_autoindex_%s_%d

table %s has no column named %s

CREATE%s INDEX %.*s

INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);

no such index: %S

index associated with UNIQUE or PRIMARY KEY constraint cannot be dropped

DELETE FROM %Q.%s WHERE name=%Q AND type='index'

a JOIN clause is required before %s

unable to identify the object to be reindexed

no such collation sequence: %s

table %s may not be modified

cannot modify %s because it is a view

sqlite_version

sqlite_source_id

sqlite_log

sqlite_compileoption_used

sqlite_compileoption_get

foreign key mismatch - "%w" referencing "%w"

table %S has %d columns but %d values were supplied

%d values for %d columns

table %S has no column named %s

%s.%s may not be NULL

constraint %s failed

PRIMARY KEY must be unique

sqlite3_extension_init

%s.%s

unable to open shared library [%s]

sqlite3_

no entry point [%s] in shared library [%s]

error during initialization: %s

automatic extension loading failed: %s

foreign_keys

foreign_key_list

foreign_key_check

*** in database %s ***

unsupported encoding: %s

malformed database schema (%s)

%s - %s

unsupported file format

SELECT name, rootpage, sql FROM '%q'.%s ORDER BY rowid

database schema is locked: %s

unknown or unsupported join type: %T %T%s%T

RIGHT and FULL OUTER JOINs are not currently supported

a NATURAL join may not have an ON or USING clause

cannot have both ON and USING clauses in the same join

cannot join using column %s - column not present in both tables

USE TEMP B-TREE FOR %s

COMPOUND SUBQUERIES %d AND %d %s(%s)

%s:%d

ORDER BY clause should come after %s not before

LIMIT clause should come after %s not before

SELECTs to the left and right of %s do not have the same number of result columns

no such index: %s

sqlite_subquery_%p_

too many references to "%s": max 65535

%s.%s.%s

no such table: %s

SCAN TABLE %s %s%s(~%d rows)

sqlite3_get_table() called with two or more incompatible queries

cannot create %s trigger on view: %S

cannot create INSTEAD OF trigger on table: %S

INSERT INTO %Q.%s VALUES('trigger',%Q,%Q,0,'CREATE TRIGGER %q')

no such trigger: %S

-- TRIGGER %s

no such column: %s

cannot VACUUM - SQL statements in progress

PRAGMA vacuum_db.synchronous=OFF

SELECT 'CREATE TABLE vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE type='table' AND name!='sqlite_sequence' AND rootpage>0

SELECT 'CREATE INDEX vacuum_db.' || substr(sql,14) FROM sqlite_master WHERE sql LIKE 'CREATE INDEX %'

SELECT 'CREATE UNIQUE INDEX vacuum_db.' || substr(sql,21) FROM sqlite_master WHERE sql LIKE 'CREATE UNIQUE INDEX %'

SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND rootpage>0

SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'

SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';

INSERT INTO vacuum_db.sqlite_master SELECT type, name, tbl_name, rootpage, sql FROM main.sqlite_master WHERE type='view' OR type='trigger' OR (type='table' AND rootpage=0)

UPDATE %Q.%s SET type='table', name=%Q, tbl_name=%Q, rootpage=0, sql=%Q WHERE rowid=#%d

vtable constructor failed: %s

vtable constructor did not declare schema: %s

no such module: %s

table %s: xBestIndex returned an invalid plan

%s SUBQUERY %d

%s TABLE %s

%s AS %s

%s USING %s%sINDEX%s%s%s

%s USING INTEGER PRIMARY KEY

%s (rowid=?)

%s (rowid>? AND rowid<?)

%s (rowid>?)

%s (rowid<?)

%s VIRTUAL TABLE INDEX %d:%s

%s (~%lld rows)

at most %d tables in a join

cannot use index: %s

the INDEXED BY clause is not allowed on UPDATE or DELETE statements within triggers

the NOT INDEXED clause is not allowed on UPDATE or DELETE statements within triggers

SQL logic error or missing database

unknown operation

large file support is disabled

unknown database: %s

no such %s mode: %s

%s mode not allowed: %s

no such vfs: %s

database corruption at line %d of [%.10s]

misuse at line %d of [%.10s]

cannot open file at line %d of [%.10s]

E:\work\iNetHelper\trunk\SaaS_Client\src\exe_KisDeskURL\KisDeskURL\Release\KisDeskURL.pdb

GetWindowsDirectoryW

GetCPInfo

KERNEL32.dll

UnhookWindowsHookEx

GetKeyState

SetWindowsHookExW

CreateDialogIndirectParamW

GetKeyNameTextW

MapVirtualKeyW

GetAsyncKeyState

GetKeyboardLayout

MapVirtualKeyExW

GetKeyboardState

USER32.dll

GetViewportExtEx

SetViewportExtEx

SetViewportOrgEx

OffsetViewportOrgEx

ScaleViewportExtEx

GetViewportOrgEx

GDI32.dll

MSIMG32.dll

WINSPOOL.DRV

RegCreateKeyExW

RegCloseKey

RegOpenKeyW

RegOpenKeyExW

RegDeleteKeyW

RegEnumKeyW

RegEnumKeyExW

ADVAPI32.dll

ShellExecuteW

SHELL32.dll

COMCTL32.dll

SHLWAPI.dll

UxTheme.dll

ole32.dll

OLEAUT32.dll

oledlg.dll

InternetCrackUrlW

HttpOpenRequestW

HttpSendRequestW

HttpQueryInfoW

WININET.dll

GdiplusShutdown

gdiplus.dll

OLEACC.dll

IMM32.dll

WINMM.dll

zcÁ

.PAVCOleException@@

.PAVCObject@@

.PAVCMemoryException@@

.?AVCNotSupportedException@@

.PAVCSimpleException@@

.PAVCNotSupportedException@@

.PAVCInvalidArgException@@

.?AVCCmdUI@@

.PAVCResourceException@@

.PAVCUserException@@

.?AVCTestCmdUI@@

.PAVCArchiveException@@

.?AV?$CFixedStringT@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@$0BAA@@ATL@@

.?AV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@

.?AV?$CMap@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_WV12@PB_W@@

.?AV?$CMap@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_WPAVCDocument@@PAV3@@@

.?AV?$CMap@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_W_N_N@@

.?AV?$CMap@PAVCDocument@@PAV1@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_W@@

.PAVCFileException@@

.PAVCOleDispatchException@@

.?AV?$CMap@KKV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_W@@

.?AVCMFCColorBarCmdUI@@

.?AVCMFCToolBarCmdUI@@

.?AVCMFCAcceleratorKey@@

.?AVCMDIFrameWndEx@@

.?AVCMDIFrameWnd@@

.?AVCMDIChildWndEx@@

.?AVCMDIChildWnd@@

.?AVCMDITabProxyWnd@@

.?AVCMFCCmdUsageCount@@

.?AV?$CMap@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_WPAVCObList@@PAV3@@@

.?AV?$CMap@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@PB_WHH@@

.?AVCMFCRibbonCmdUI@@

.?AV?$CArray@PAVCMFCRibbonKeyTip@@PAV1@@@

.?AVCMDIClientAreaWnd@@

.?AV?$CList@PAVCMDIChildWndEx@@PAV1@@@

.?AVCMFCRibbonKeyTip@@

.?AVCMFCToolBarsKeyboardPropertyPage@@

.?AVCMFCTasksPaneToolBarCmdUI@@

.?AVCMFCAcceleratorKeyAssignCtrl@@

.?AVHttpsDownload@@

.?AVCCmdTarget@@

.?AVCKisDeskURLApp@@

.?AVCKisDeskURLDlg@@

.PAVCException@@

.?AVException@sql@@

SSSHHY

SSSSSSHHY

tGGZSSSHHY

tGGZSSSSSSSSSHHY

%%nGGZSSSSSSSSSSSSSSSHHY&&m

<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><application xmlns="urn:schemas-microsoft-com:asm.v3"><windowsSettings><dpiAware xmlns="hXXp://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware></windowsSettings></application></assembly>

: :$:(:,:

0#020?0`0

"0;0@0[0

;$<(<,<0<4<8<

:_:}:(;];

2%2 21272

7$7:7}7?8

6#6'6 6/6:6

3%4x4

2<3

7=7 838<8

>&>/>5>[>

0"1(1<1{1

4 55g5

3L4

4 4$4(4,404448425

5{6!8 808`8

: :(:8:<:

2 2$2(2,20242|2

9 9$9(9,9094989<9@9

: :$:(:,:@:

1$1,181\1|1

<,<8<\<|<

0 0(000<0`0

< <<<`<|<

7 8<8`8|8

Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

Software\Microsoft\Windows\CurrentVersion\Policies\Network

Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32

%s%s.dll

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appcore.cpp

lX-X-x-XX-XXXXXX

_Kernel32.dll

_kernel32.dll

f:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin2.inl

accKeyboardShortcut

commctrl_DragListMsg

Afx:%p:%x

Afx:%p:%x:%p:%p:%p

user32.dll

hhctrl.ocx

mfcm120u.dll

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\auxdata.cpp

ID2D1.dll

DWrite.dll

shell32.dll

uxtheme.dll

dwmapi.dll

comctl32.dll

lXXxXXXXXXXX

_Comdlg32.dll

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filecore.cpp

_f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winfrm.cpp

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\winctrl2.cpp

_MFCLink_Url

MFCLink_UrlPrefix

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\olestrm.cpp

%s:%x:%x:%x:%x

N%d%%

&%d %s

NHex={X,X,X}

TOOLBAR_RESETKEYBAORD

%sMFCToolBar-%d

%sMFCToolBar-%d%x

%sMFCToolBarParameters

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\array_s.cpp

KEYTIP

IDB_OFFICE2007_RIBBON_KEYTIP_BACK

QMSG_CHECKEMPTYMINIFRAME

%sDockingManager-%d

%sPane-%d

%sPane-%d%x

%c%d%c%s

%sBasePane-%d

%sBasePane-%d%x

`RGB(%d, %d, %d)

Uwindows

A1&0 %s

%sMFCOutlookBar-%d

%sMFCOutlookBar-%d%x

af:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\viewcore.cpp

%sMDIClientArea-%d

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oleipfrm.cpp

a%sDockablePaneAdapter-%d

%sDockablePaneAdapter-%d%x

Ywindows

f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\oledrop2.cpp

YMSFTEDIT.DLL

%sMFCTasksPane-%d

%sMFCTasksPane-%d%x

KEYS

KEYS_MENU

ENABLE_KEYS

mscoree.dll

- floating point support not loaded

- CRT not initialized

- Attempt to initialize the CRT more than once.

\USER32.DLL

KisDeskBand.dll

tSOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iNetHelper

360InI.dll

Software\Microsoft\Internet Explorer\TypedURLs

yurl%d

VVV.baidu.com

dURL

lVVV.baidu.com

url%d

VVV.taobao.com

hao.360.cn

hXXp://top.baidu.com/rss_xml.php?p=top10

\News.dat

hXXps://

\KanOption.cfg

\BrowersFacade.exe

\KisTray.exe

KisDeskURL

\iNetHelper\KanOption.cfg

\iNetHelper\filterurl.dat

oSOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kingsoft Internet Security

KisDeskURLMsgWnd

\websugesstion.ini

\RealUrl.ini

website

123.timeon.cn

hXXp://hao.360.cn/?src=lm&ls=n6307614a96

more360.png

more.png

\RealUrl.dat

hXXp://

http\shell\open\command

360se.exe

iexplore.exe

d--silent-install=3_1_1 --homepage=hXXp://hao.360.cn/?src=lm&ls=n6307614a96

hXXps://VVV.so.com/s?ie=utf-8&src=hao_search&shb=1&hsid=6535fc04d0d63606&q=%s

hXXp://VVV.baidu.com.cn/s?wd=%s&cl=3

&wd=%s&cl=3

roundcorner.png

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iNetHelper

\config.dat

\config.db

URLCOUNT_URL

URLCOUNT

url%u

KisBase.dll

pKisGuardian64.exe

ShellExecute bret = %d

hXXp://ip.dnsexit.com/

hXXp://int.dpool.sina.com.cn/iplookup/iplookup.php?format=json&ip=

'hXXp://weather.123.duba.net/static/weather_info/

.html

\CityCode.db

\Weather.dat

888816666554443

6666554443

!6666554443

@Global\{EB8039A6-B194-462E-A2AB-FCD7922CE2F5}

A%s (%s:%d)

%Program Files% (x86)\Microsoft Visual Studio 12.0\VC\atlmfc\include\afxwin1.inl

%s (%s:%d)

tAdvapi32.dll

c:\program files\iNetHelper\kisdeskurl.exe

2016.1.28.1

KisDeskURL.exe

1.0.1.9

All Files (*.*)

No error message is available.#Attempted an unsupported operation.$A required resource was unavailable.

Command failed.)Insufficient memory to perform operation.PSystem registry entries have been removed and the INI file (if any) was deleted.BNot all of the system registry entries (or INI file) were removed.FThis program requires the file %s, which was not found on this system.tThis program is linked to the missing export %s in the file %s. This machine may have an incompatible version of %s.

Destination disk drive is full.5Unable to read from %1, it is opened by someone else.AUnable to write to %1, it is read-only or opened by someone else.1Encountered an unexpected error while reading %1.1Encountered an unexpected error while writing %1.

#Unable to load mail system support.

Note that if you choose to recover the auto-saved documents, you must explicitly save them to overwrite the original documents. If you choose to not recover the auto-saved versions, they will be deleted.fRecover the auto-saved documents

%s [Recovered]

Remove it with Ad-Aware

Click (here) to download and install Ad-Aware Free Antivirus.
Update the definition files.
Run a full scan of your computer.

Manual removal*

Scan a system with an anti-rootkit tool.
Terminate malicious process(es) (How to End a Process With the Task Manager):

QQBrowserLiveup.exe:3084
kisService.exe:1244
iNetHelper_300002.exe:1480
QQBrowserOTA.exe:2464
QQBrowserOTA.exe:3668
QQBrowserOTA.exe:2452
kinst_168_38.exe:804
BrowersFacade.exe:3060
QQBrowser.exe:1164
QQBrowser.exe:776
QQBrowser.exe:212
QQBrowser.exe:3952
QQBrowser.exe:1604
QQBrowser.exe:928
QQBrowser.exe:2036
QQBrowser.exe:1520
QQBrowser.exe:1452
QQBrowser.exe:3132
QQBrowser.exe:252
QQBrowser.exe:3988
QQBrowser.exe:1368
V8._85296_20150814221218.exe:1252
PerfTraceService.exe:1796
PerfTraceService.exe:1512
regsvr32.exe:1500
KisService.exe:2144
kisdeskurl.exe:2832
Delete the original Trojan file.
Delete or disinfect the following files created/modified by the Trojan:

%Program Files%\iNetHelper\desktop.ini (50 bytes)
%Program Files%\iNetHelper\Log\KisService_Control.log (118 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\rsedownloadconfig[1].xml (196 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\rse1332280[1].exe (2208942 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RSEDown\rse.exe.rs (2208942 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RSEDown\rsedownloadconfig.xml.rs (204 bytes)
%Program Files%\iNetHelper\png\docin.com.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\inethelper\~d9d88\install_res\71.png (2 bytes)
%Program Files%\iNetHelper\png\www.kugou.com.png (4 bytes)
%Program Files%\iNetHelper\png\www.fanw8.com.png (3 bytes)
%Program Files%\iNetHelper\Image\frame.png (826 bytes)
%Program Files%\iNetHelper\png\www.k618.cn.png (5 bytes)
%Program Files%\iNetHelper\weather\0.png (3 bytes)
%Program Files%\iNetHelper\png\www.99danji.com.png (3 bytes)
%Program Files%\iNetHelper\png\tech.qq.com.png (2 bytes)
%Program Files%\iNetHelper\png\ju.taobao.com.png (4 bytes)
%Program Files%\iNetHelper\png\10086.cn.png (2 bytes)
%Program Files%\iNetHelper\png\hao.360.cn.png (1 bytes)
%Program Files%\iNetHelper\weather\19.png (3 bytes)
%Program Files%\iNetHelper\png\yule.sohu.com.png (5 bytes)
%Program Files%\iNetHelper\png\www.vip.com.png (4 bytes)
%Program Files%\iNetHelper\weather\9.png (3 bytes)
%Program Files%\iNetHelper\png\www.xs8.cn.png (3 bytes)
%Program Files%\iNetHelper\png\ycwb.com.png (3 bytes)
%Program Files%\iNetHelper\png\www.pcpop.com.png (3 bytes)
%Program Files%\iNetHelper\png\ent.ifeng.com.png (1 bytes)
%Program Files%\iNetHelper\png\www.mafengwo.cn.png (3 bytes)
%Program Files%\iNetHelper\png\www.bxwx.org.png (1 bytes)
%Program Files%\iNetHelper\png\www.cncn.com.png (3 bytes)
%Program Files%\iNetHelper\weather\29.png (3 bytes)
%Program Files%\iNetHelper\png\hinews.cn.png (2 bytes)
%Program Files%\iNetHelper\png\www.pconline.com.cn.png (4 bytes)
%Program Files%\iNetHelper\png\www.crsky.com.png (2 bytes)
%Program Files%\iNetHelper\KisHost.dat (122 bytes)
%Program Files%\iNetHelper\png\www.oneplusbbs.com.png (2 bytes)
%System%\drivers\SelfProtect.sys (27 bytes)
%Program Files%\iNetHelper\png\ent.163.com.png (2 bytes)
%Program Files%\iNetHelper\png\www.chsi.com.cn.png (3 bytes)
%Program Files%\iNetHelper\png\www.linkedin.com.png (2 bytes)
%Program Files%\iNetHelper\Image\close.png (19 bytes)
%Program Files%\iNetHelper\png\ent.yxlady.com.png (2 bytes)
%Program Files%\iNetHelper\png\www.huawei.com.png (2 bytes)
%Program Files%\iNetHelper\png\henan.china.com.cn.png (2 bytes)
%Program Files%\iNetHelper\png\finance.ifeng.com.png (1 bytes)
%Program Files%\iNetHelper\png\www.downza.cn.png (2 bytes)
%Program Files%\iNetHelper\png\cztv.com.png (4 bytes)
%Program Files%\iNetHelper\png\www.yicai.com.png (3 bytes)
%Program Files%\iNetHelper\png\beijing.bitauto.com.png (2 bytes)
%Program Files%\iNetHelper\png\ip138.com.png (1 bytes)
%Program Files%\iNetHelper\png\www.bbc.com.png (1 bytes)
%Program Files%\iNetHelper\png\www.xiami.com.png (2 bytes)
%Program Files%\iNetHelper\png\news.21cn.com.png (4 bytes)
%Program Files%\iNetHelper\png\uuu9.com.png (4 bytes)
%Program Files%\iNetHelper\png\www.itouzi.com.png (3 bytes)
%Program Files%\iNetHelper\png\www.120ask.com.png (5 bytes)
%Program Files%\iNetHelper\png\www.ku6.com.png (3 bytes)
%Program Files%\iNetHelper\png\www.youxi.com.png (4 bytes)
%Program Files%\iNetHelper\png\renren.com.png (5 bytes)
%Program Files%\iNetHelper\png\news.qq.com.png (4 bytes)
%Program Files%\iNetHelper\weather\8.png (3 bytes)
%Program Files%\iNetHelper\png\www.pps.tv.png (2 bytes)
%Program Files%\iNetHelper\png\www.8684.cn.png (2 bytes)
%Program Files%\iNetHelper\png\www.hc360.com.png (3 bytes)
%Program Files%\iNetHelper\png\www.it168.com.png (3 bytes)
%Program Files%\iNetHelper\png\pcgames.com.cn.png (2 bytes)
%Program Files%\iNetHelper\png\www.offcn.com.png (5 bytes)
%Program Files%\iNetHelper\png\movie.douban.com.png (3 bytes)
%Program Files%\iNetHelper\png\ganji.com.png (5 bytes)
%Program Files%\iNetHelper\weather\17.png (3 bytes)
%Program Files%\iNetHelper\png\51test.net.png (1 bytes)
%Program Files%\iNetHelper\png\v.qq.com.png (3 bytes)
%Program Files%\iNetHelper\png\cn.bing.com.png (3 bytes)
%Program Files%\iNetHelper\png\fudan.edu.cn.png (5 bytes)
%Program Files%\iNetHelper\KisSelfProtect.dll (1072 bytes)
%Program Files%\iNetHelper\png\iqilu.com.png (5 bytes)
%System%\drivers\KisSaasknl64.sys (601 bytes)
%Program Files%\iNetHelper\png\yz.chsi.com.cn.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\inethelper\~d9d88\setup.xml (257 bytes)
%Program Files%\iNetHelper\png\www.zjol.com.cn.png (4 bytes)
%Program Files%\iNetHelper\KANCurl.dll (4831 bytes)
%Program Files%\iNetHelper\png\tieba.baidu.com.png (3 bytes)
%Program Files%\iNetHelper\png\www.onlylady.com.png (2 bytes)
%Program Files%\iNetHelper\png\www.tudou.com.png (3 bytes)
%Program Files%\iNetHelper\png\cpc.people.com.cn.png (5 bytes)
%Program Files%\iNetHelper\png\www.nen.com.cn.png (3 bytes)
%Program Files%\iNetHelper\png\www.jinshangdai.com.png (3 bytes)
%Program Files%\iNetHelper\png\www.ellechina.com.png (2 bytes)
%Program Files%\iNetHelper\png\pcbaby.com.cn.png (2 bytes)
%Program Files%\iNetHelper\install.dat (69 bytes)
%Program Files%\iNetHelper\Facade (816 bytes)
%Program Files%\iNetHelper\png\mydrivers.com.png (2 bytes)
%Program Files%\iNetHelper\weather\53.png (3 bytes)
%Program Files%\iNetHelper\png\hainan.net.png (2 bytes)
%Program Files%\iNetHelper\png\xinhuanet.com.png (3 bytes)
%Program Files%\iNetHelper\png\m.yy.com.png (4 bytes)
%Program Files%\iNetHelper\png\www.rayli.com.cn.png (3 bytes)
%Program Files%\iNetHelper\png\detail.zol.com.cn.png (3 bytes)
%Program Files%\iNetHelper\png\www.haiwainet.cn.png (2 bytes)
%Program Files%\iNetHelper\version.dat (41 bytes)
%Program Files%\iNetHelper\png\17k.com.png (1 bytes)
%Program Files%\iNetHelper\CityCode.db (113 bytes)
%Program Files%\iNetHelper\png\eastday.com.png (2 bytes)
%Program Files%\iNetHelper\png\12306.cn.png (4 bytes)
%Program Files%\iNetHelper\png\www.xcar.com.cn.png (4 bytes)
%Program Files%\iNetHelper\png\www.lemall.com.png (2 bytes)
%Program Files%\iNetHelper\Plugin.dat (183 bytes)
%Program Files%\iNetHelper\png\www.zhe800.com.png (3 bytes)
%Program Files%\iNetHelper\png\www.sohu.com.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\inethelper\~d9d88\install_res\109.bmp (84 bytes)
%Documents and Settings%\All Users\Application Data\iNetHelper\KCLT\duba_setbrowser9034683879.inf (144 bytes)
%Program Files%\iNetHelper\png\www.jd.com.png (5 bytes)
%Program Files%\iNetHelper\KisSaasknl64.sys (1518 bytes)
%Program Files%\iNetHelper\png\mail.163.com.png (3 bytes)
%Program Files%\iNetHelper\png\www.zhenai.com.png (4 bytes)
%Program Files%\iNetHelper\msvcp80.dll (7851 bytes)
%Program Files%\iNetHelper\png\www.jia.com.png (2 bytes)
%Program Files%\iNetHelper\png\www.alibaba.com.png (3 bytes)
%Program Files%\iNetHelper\png\zhibo8.cc.png (2 bytes)
%Program Files%\iNetHelper\png\www.mtime.com.png (2 bytes)
%Program Files%\iNetHelper\png\www.pclady.com.cn.png (2 bytes)
%Program Files%\iNetHelper\png\www.sogou.com.png (2 bytes)
%Program Files%\iNetHelper\png\home.meishichina.com.png (4 bytes)
%Program Files%\iNetHelper\weather\23.png (3 bytes)
%Program Files%\iNetHelper\KisSaasknl.sys (1633 bytes)
%Program Files%\iNetHelper\png\www.bankcomm.com.png (3 bytes)
%Program Files%\iNetHelper\png\techweb.com.cn.png (2 bytes)
%Program Files%\iNetHelper\png\www.jiuxian.com.png (4 bytes)
%Program Files%\iNetHelper\png\www.qidian.com.png (3 bytes)
%Program Files%\iNetHelper\png\www.baike.com.png (2 bytes)
%Program Files%\iNetHelper\png\www.etao.com.png (2 bytes)
%Program Files%\iNetHelper\kdump.dll (3389 bytes)
%Program Files%\iNetHelper\png\tech.sina.com.cn.png (1 bytes)
%Program Files%\iNetHelper\Image\expand.png (23 bytes)
%Program Files%\iNetHelper\KisCommunication.dll (1518 bytes)
%Program Files%\iNetHelper\ksetupwiz.exe (5493 bytes)
%Program Files%\iNetHelper\png\www.baidu.com.png (3 bytes)
%Program Files%\iNetHelper\KisIEProtecter.dll (2948 bytes)
%Program Files%\iNetHelper\png\icbc.com.cn.png (4 bytes)
%Program Files%\iNetHelper\png\www.top81.com.cn.png (5 bytes)
%Program Files%\iNetHelper\RegBHO64.exe (1248 bytes)
%Program Files%\iNetHelper\KisManager.dll (307 bytes)
%Program Files%\iNetHelper\png\www.tgbus.com.png (1 bytes)
%Program Files%\iNetHelper\png\v.6.cn.png (2 bytes)
%Program Files%\iNetHelper\png\sports.sina.com.cn.png (3 bytes)
%Program Files%\iNetHelper\png\qzone.qq.com.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\inethelper\~d9d88\install_res\201.bmp (2 bytes)
%Program Files%\iNetHelper\png\www.tianqi.com.png (4 bytes)
%Program Files%\iNetHelper\uniuwiz.exe (10614 bytes)
%Program Files%\iNetHelper\png\www.fayi.com.cn.png (5 bytes)
%Program Files%\iNetHelper\png\ai.taobao.com.png (4 bytes)
%Program Files%\iNetHelper\png\tvmao.com.png (5 bytes)
%Program Files%\iNetHelper\KanOption.cfg (149 bytes)
%Program Files%\iNetHelper\png\hsw.cn.png (3 bytes)
%Program Files%\iNetHelper\Image\BackGround.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\inethelper\~d9d88\install_res\72.png (1 bytes)
%Program Files%\iNetHelper\png\zhanzhang.anquan.org.png (1 bytes)
%Program Files%\iNetHelper\png\www.360doc.com.png (2 bytes)
%Program Files%\iNetHelper\png\www.chazidian.com.png (2 bytes)
%Program Files%\iNetHelper\png\www.guancha.cn.png (4 bytes)
%Program Files%\iNetHelper\png\www.fang.com.png (4 bytes)
%Program Files%\iNetHelper\png\weather.com.cn.png (2 bytes)
%Program Files%\iNetHelper\png\shangdu.com.png (3 bytes)
%Program Files%\iNetHelper\detect.dat (837 bytes)
%Program Files%\iNetHelper\png\sj.zol.com.cn.png (2 bytes)
%Program Files%\iNetHelper\png\cnki.net.png (5 bytes)
%Program Files%\iNetHelper\weather\4.png (3 bytes)
%Program Files%\iNetHelper\config.db (9606 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Ã¤Â¸Å Ã§Â½â€˜Ã¥Å Â©Ã¦â€°â€¹\Ã¥Å“Â¨Ã§ÂºÂ¿Ã¥Ââ€¡Ã§ÂºÂ§.lnk (645 bytes)
%Program Files%\iNetHelper\png\qzlx.people.com.cn.png (4 bytes)
%Program Files%\iNetHelper\png\www.amazon.com.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\inethelper\~d9d88\install_res\63.png (463 bytes)
%Program Files%\iNetHelper\png\money.163.com.png (2 bytes)
%Program Files%\iNetHelper\png\www.abchina.com.png (3 bytes)
%Program Files%\iNetHelper\weather\14.png (3 bytes)
%Program Files%\iNetHelper\png\www.kuxun.cn.png (4 bytes)
%Program Files%\iNetHelper\png\www.tianya.cn.png (5 bytes)
%Program Files%\iNetHelper\png\dayoo.com.png (5 bytes)
%Program Files%\iNetHelper\png\www.qidian.comDefault.aspx.png (3 bytes)
%Program Files%\iNetHelper\png\ccb.com.png (4 bytes)
%Program Files%\iNetHelper\png\www.cnmo.com.png (2 bytes)
%Program Files%\iNetHelper\png\news.ifeng.com.png (4 bytes)
%Program Files%\iNetHelper\png\www.sjtu.edu.cn.png (6 bytes)
%Program Files%\iNetHelper\png\mail.aliyun.com.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\inethelper\~d9d88\install_res\66.png (586 bytes)
%Program Files%\iNetHelper\KisDeskBand64.dll (2372 bytes)
%Program Files%\iNetHelper\Log\update.log (7 bytes)
%Program Files%\iNetHelper\png\dbw.cn.png (2 bytes)
%Program Files%\iNetHelper\RealUrl.dat (32 bytes)
%Program Files%\iNetHelper\png\mail.qq.com.png (3 bytes)
%Program Files%\iNetHelper\png\haodf.com.png (2 bytes)
%Program Files%\iNetHelper\weather\10.png (3 bytes)
%Program Files%\iNetHelper\png\www.500.com.png (2 bytes)
%Program Files%\iNetHelper\KisDeskURL.exe (22384 bytes)
%Program Files%\iNetHelper\3rdJson.dll (2164 bytes)
%Program Files%\iNetHelper\png\www.mapbar.com.png (2 bytes)
%Program Files%\iNetHelper\png\www.chinahr.com.png (4 bytes)
%Program Files%\iNetHelper\weather\22.png (3 bytes)
%Program Files%\iNetHelper\KisBase64.dll (13638 bytes)
%Program Files%\iNetHelper\png\games.qq.com.png (4 bytes)
%Program Files%\iNetHelper\png\www.apple.com.png (1 bytes)
%Program Files%\iNetHelper\png\ent.sina.com.cn.png (4 bytes)
%Program Files%\iNetHelper\png\bj.ganji.com.png (1 bytes)
%Program Files%\iNetHelper\png\sports.sohu.com.png (5 bytes)
%Program Files%\iNetHelper\png\www.taobao.com.png (4 bytes)
%Program Files%\iNetHelper\png\www.xywy.com.png (2 bytes)
%Program Files%\iNetHelper\png\zhcw.com.png (2 bytes)
%Program Files%\iNetHelper\weather\6.png (3 bytes)
%Program Files%\iNetHelper\png\www.pcauto.com.cn.png (4 bytes)
%Program Files%\iNetHelper\weather\3.png (3 bytes)
%Program Files%\iNetHelper\png\eol.cn.png (2 bytes)
%Program Files%\iNetHelper\png\www.zol.com.cn.png (3 bytes)
%Program Files%\iNetHelper\png\www.mama.cn.png (3 bytes)
%Program Files%\iNetHelper\png\www.babytree.com.png (4 bytes)
%Program Files%\iNetHelper\KisBase.dll (10538 bytes)
%Program Files%\iNetHelper\png\www.cntv.cn.png (2 bytes)
%Program Files%\iNetHelper\png\www.self.com.cn.png (3 bytes)
%Program Files%\iNetHelper\png\www.meilele.combeijing.png (2 bytes)
%Program Files%\iNetHelper\png\www.23wx.com.png (2 bytes)
%Program Files%\iNetHelper\png\www.verycd.com.png (3 bytes)
%Program Files%\iNetHelper\png\www.boc.cn.png (5 bytes)
%Program Files%\iNetHelper\png\www.xilu.com.png (2 bytes)
%Program Files%\iNetHelper\png\www.126.com.png (16 bytes)
%Program Files%\iNetHelper\png\www.wasu.cn.png (2 bytes)
%Program Files%\iNetHelper\png\zdface.com.png (1 bytes)
%Program Files%\iNetHelper\png\www.4399.com.png (5 bytes)
%Program Files%\iNetHelper\png\www.56.com.png (2 bytes)
%Program Files%\iNetHelper\png\ent.qq.com.png (2 bytes)
%Program Files%\iNetHelper\png\bj.meituan.com.png (3 bytes)
%Program Files%\iNetHelper\png\page.renren.com.png (5 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Ã¤Â¸Å Ã§Â½â€˜Ã¥Å Â©Ã¦â€°â€¹\Ã¦â€”Â¥Ã¥Â¿â€”Ã¦ÂÂÃ¥Ââ€“Ã¥Â·Â¥Ã¥â€¦Â·.lnk (657 bytes)
%Program Files%\iNetHelper\png\www.suning.com.png (3 bytes)
%Program Files%\iNetHelper\png\www.gq.com.cn.png (4 bytes)
%Program Files%\iNetHelper\png\t.haosou.com.png (3 bytes)
%Program Files%\iNetHelper\png\www.ly.com.png (5 bytes)
%Program Files%\iNetHelper\Image\refreshspot.png (18 bytes)
%Program Files%\iNetHelper\png\house.focus.cn.png (4 bytes)
%Program Files%\iNetHelper\png\china.com.png (1 bytes)
%Program Files%\iNetHelper\uniucore.dll (8431 bytes)
%Program Files%\iNetHelper\png\gmw.cn.png (1 bytes)
%Program Files%\iNetHelper\weather\1.png (3 bytes)
%Program Files%\iNetHelper\png\sina.com.cn.png (4 bytes)
%Program Files%\iNetHelper\png\www.bendibao.comindex.htm.png (2 bytes)
%Program Files%\iNetHelper\png\kuwo.cn.png (3 bytes)
%Program Files%\iNetHelper\weather\24.png (3 bytes)
%System%\drivers\KisSaasknl.sys (601 bytes)
%Program Files%\iNetHelper\png\www.kaixin001.com.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\inethelper\~d9d88\install_res\64.png (1 bytes)
%Program Files%\iNetHelper\microsoft.vc80.crt.manifest (1 bytes)
%Program Files%\iNetHelper\weather\31.png (3 bytes)
%Program Files%\iNetHelper\png\www.yougou.com.png (3 bytes)
%Program Files%\iNetHelper\png\www.meilele.com.png (2 bytes)
%Program Files%\iNetHelper\png\www.google.cn.png (1 bytes)
%Program Files%\iNetHelper\png\www.mop.com.png (6 bytes)
%Program Files%\iNetHelper\weather\26.png (3 bytes)
%Program Files%\iNetHelper\LogPicker.exe (3746 bytes)
%Program Files%\iNetHelper\png\www.douban.com.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\inethelper\~d9d88\install_res\20.png (692 bytes)
%Program Files%\iNetHelper\png\mini.eastday.com.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\inethelper\~d9d88\install_res\100.bmp (2 bytes)
%Program Files%\iNetHelper\png\ent.hunantv.com.png (2 bytes)
%Program Files%\iNetHelper\png\yinyuetai.com.png (4 bytes)
%Program Files%\iNetHelper\png\www.alipay.com.png (3 bytes)
%Program Files%\iNetHelper\png\www.tiexue.net.png (5 bytes)
%Program Files%\iNetHelper\png\www.zhihu.com.png (2 bytes)
%Program Files%\iNetHelper\SelfProtect.sys (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\inethelper\~d9d88\install_res\32.png (19 bytes)
%Program Files%\iNetHelper\png\china.findlaw.cn.png (2 bytes)
%Program Files%\iNetHelper\png\www.taoche.com.png (4 bytes)
%Program Files%\iNetHelper\png\amazon.com.png (2 bytes)
%Program Files%\iNetHelper\png\news.youth.cn.png (4 bytes)
%Program Files%\iNetHelper\png\yjbys.com.png (1 bytes)
%Program Files%\iNetHelper\360InI.dll (19956 bytes)
%Program Files%\iNetHelper\png\hunantv.com.png (4 bytes)
%Program Files%\iNetHelper\png\www.ichunqiu.com.png (3 bytes)
%Program Files%\iNetHelper\png\www.99.com.cn.png (3 bytes)
%Documents and Settings%\All Users\Application Data\iNetHelper\KCLT\public_duba.inf (200 bytes)
%Program Files%\iNetHelper\png\sports.qq.com.png (1 bytes)
%Program Files%\iNetHelper\png\scholar.google.com.png (1 bytes)
%Program Files%\iNetHelper\png\www.southcn.com.png (4 bytes)
%Program Files%\iNetHelper\png\www.39yst.com.png (3 bytes)
%Program Files%\iNetHelper\png\www.qunar.com.png (3 bytes)
%Program Files%\iNetHelper\png\www.10010.com.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\inethelper\~d9d88\install_res\69.png (178 bytes)
%Program Files%\iNetHelper\png\v.ifeng.com.png (1 bytes)
%Program Files%\iNetHelper\png\www.duowan.com.png (4 bytes)
%Program Files%\iNetHelper\png\www.9ku.com.png (2 bytes)
%Program Files%\iNetHelper\png\www.111.com.cn.png (3 bytes)
%Program Files%\iNetHelper\png\csdn.net.png (1 bytes)
%Program Files%\iNetHelper\png\www.360.com.png (3 bytes)
%Program Files%\iNetHelper\png\www.zongheng.com.png (4 bytes)
%Program Files%\iNetHelper\png\www.yxdown.com.png (3 bytes)
%Program Files%\iNetHelper\png\www.huoche.net.png (3 bytes)
%Program Files%\iNetHelper\png\www.bookbao.com.png (3 bytes)
%Program Files%\iNetHelper\png\t.sohu.com.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\inethelper\~d9d88\clear_i.xml (94 bytes)
%Program Files%\iNetHelper\png\www.bendibao.com.png (2 bytes)
%Program Files%\iNetHelper\weather\28.png (3 bytes)
%Program Files%\iNetHelper\png\www.lu.com.png (3 bytes)
%Program Files%\iNetHelper\png\blog.sina.com.cn.png (4 bytes)
%Program Files%\iNetHelper\Image\more.png (2 bytes)
%Program Files%\iNetHelper\png\www.pc6.com.png (2 bytes)
%Program Files%\iNetHelper\png\auto.163.com.png (2 bytes)
%Program Files%\iNetHelper\png\www.hjenglish.com.png (3 bytes)
%Program Files%\iNetHelper\png\www.howbuy.com.png (1 bytes)
%Program Files%\iNetHelper\png\www.xdf.cn.png (4 bytes)
%Program Files%\iNetHelper\png\mydown.yesky.com.png (3 bytes)
%Program Files%\iNetHelper\png\www.zhaopin.com.png (5 bytes)
%Program Files%\iNetHelper\KisWebAceDownloader.dll (2010 bytes)
%Program Files%\iNetHelper\png\qq.com.png (2 bytes)
%Program Files%\iNetHelper\png\www.lvmama.com.png (4 bytes)
%Program Files%\iNetHelper\png\dl.pconline.com.cn.png (5 bytes)
%Program Files%\iNetHelper\png\www.amazon.cn.png (3 bytes)
%Program Files%\iNetHelper\png\www.lecai.com.png (2 bytes)
%Program Files%\iNetHelper\png\dahe.cn.png (5 bytes)
%Program Files%\iNetHelper\png\www.hupu.com.png (5 bytes)
%Program Files%\iNetHelper\png\www.douguo.com.png (4 bytes)
%Program Files%\iNetHelper\png\www.1ting.com.png (3 bytes)
%Program Files%\iNetHelper\png\gb.cri.cn.png (2 bytes)
%Program Files%\iNetHelper\png\edushi.com.png (2 bytes)
%Program Files%\iNetHelper\png\www.28.com.png (3 bytes)
%Program Files%\iNetHelper\png\www.chinanews.com.png (2 bytes)
%Program Files%\iNetHelper\png\people.com.cn.png (2 bytes)
%Program Files%\iNetHelper\png\meituan.com.png (4 bytes)
%Program Files%\iNetHelper\reupdate.dat (1611 bytes)
%Program Files%\iNetHelper\KisDeskBand.dll (4820 bytes)
%Program Files%\iNetHelper\png\yangtse.com.png (2 bytes)
%Program Files%\iNetHelper\png\www.19lou.com.png (3 bytes)
%Program Files%\iNetHelper\png\www.baihe.com.png (3 bytes)
%Program Files%\iNetHelper\png\www.kuaidi100.com.png (4 bytes)
%Program Files%\iNetHelper\png\178.com.png (2 bytes)
%Program Files%\iNetHelper\png\www.xinjunshi.com.png (5 bytes)
%Program Files%\iNetHelper\png\elong.com.png (2 bytes)
%Program Files%\iNetHelper\png\www.yhd.com.png (3 bytes)
%Program Files%\iNetHelper\weather\16.png (3 bytes)
%Program Files%\iNetHelper\SelfProtect64.sys (80 bytes)
%Program Files%\iNetHelper\clear.xml (90 bytes)
%Program Files%\iNetHelper\png\china.nba.com.png (2 bytes)
%Program Files%\iNetHelper\png\10jqka.com.cn.png (2 bytes)
%Program Files%\iNetHelper\png\bj.58.com.png (2 bytes)
%Program Files%\iNetHelper\classes.dat (371 bytes)
%Program Files%\iNetHelper\png\www.mogujie.com.png (5 bytes)
%Program Files%\iNetHelper\png\familydoctor.com.cn.png (1 bytes)
%Program Files%\iNetHelper\BrowersFacade.exe (9321 bytes)
%Program Files%\iNetHelper\KisIEProtecter64.dll (2686 bytes)
%Program Files%\iNetHelper\png\www.tmall.com.png (3 bytes)
%Program Files%\iNetHelper\png\lottery.gov.cn.png (5 bytes)
%Program Files%\iNetHelper\png\amazon.cn.png (3 bytes)
%Program Files%\iNetHelper\png\jiankang.163.com.png (5 bytes)
%Program Files%\iNetHelper\png\life.yxlady.com.png (2 bytes)
%Program Files%\iNetHelper\png\www.hexun.com.png (3 bytes)
%Documents and Settings%\All Users\Application Data\iNetHelper\KCLT\iNetHelper\public_duba.inf (200 bytes)
%Program Files%\iNetHelper\KisUrlTimer.dll (7381 bytes)
%Program Files%\iNetHelper\png\taihainet.com.png (3 bytes)
%Program Files%\iNetHelper\png\fudan.edu.cnindex.html.png (5 bytes)
%Program Files%\iNetHelper\png\china.cnr.cn.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\inethelper\~d9d88\install_res\68.png (120 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Ã¤Â¸Å Ã§Â½â€˜Ã¥Å Â©Ã¦â€°â€¹\Ã¥ÂÂ¸Ã¨Â½Â½Ã¤Â¸Å Ã§Â½â€˜Ã¥Å Â©Ã¦â€°â€¹.lnk (640 bytes)
%Program Files%\iNetHelper\png\www.pchouse.com.cn.png (2 bytes)
%Program Files%\iNetHelper\png\news.sina.com.cn.png (3 bytes)
%Program Files%\iNetHelper\websugesstion.ini (314 bytes)
%Program Files%\iNetHelper\png\chinaz.com.png (5 bytes)
%Program Files%\iNetHelper\png\www.ifeng.com.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\inethelper\inethelpersetup.log (25052 bytes)
%Program Files%\iNetHelper\png\www.meishichina.com.png (4 bytes)
%Program Files%\iNetHelper\png\mail.263.net.png (4 bytes)
%Program Files%\iNetHelper\png\nuomi.com.png (4 bytes)
%Program Files%\iNetHelper\png\product.cnmo.com.png (2 bytes)
%Program Files%\iNetHelper\png\www.qq.com.png (2 bytes)
%Program Files%\iNetHelper\png\tv.sohu.com.png (5 bytes)
%Program Files%\iNetHelper\png\www.china.com.cn.png (3 bytes)
%Program Files%\iNetHelper\png\kankan.com.png (2 bytes)
%Program Files%\iNetHelper\png\soft.hao123.com.png (4 bytes)
%Program Files%\iNetHelper\png\zhidao.baidu.com.png (1 bytes)
%Program Files%\iNetHelper\png\www.yesky.com.png (3 bytes)
%Program Files%\iNetHelper\weather\5.png (3 bytes)
%Program Files%\iNetHelper\Image\more360.png (3 bytes)
%Program Files%\iNetHelper\png\finance.sina.com.cn.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\inethelper\~d9d88\install_res\19.png (235 bytes)
%Program Files%\iNetHelper\png\www.liuxue86.com.png (3 bytes)
%Program Files%\iNetHelper\png\wenming.cn.png (2 bytes)
%Program Files%\iNetHelper\png\www.78.cn.png (3 bytes)
%System%\drivers\SelfProtect64.sys (44 bytes)
%Program Files%\iNetHelper\png\business.sohu.com.png (5 bytes)
%Program Files%\iNetHelper\weather\18.png (3 bytes)
%Program Files%\iNetHelper\png\591hx.com.png (2 bytes)
%Program Files%\iNetHelper\KisGuardian64.exe (7334 bytes)
%Program Files%\iNetHelper\png\www.1688.com.png (2 bytes)
%Program Files%\iNetHelper\KisInfoc.dll (507 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\inethelper\~d9d88\install_res\31.png (18 bytes)
%Program Files%\iNetHelper\png\open.weibo.com.png (4 bytes)
%Program Files%\iNetHelper\png\58.com.png (2 bytes)
%Program Files%\iNetHelper\png\beijing.anjuke.com.png (3 bytes)
%Program Files%\iNetHelper\png\xunlei.com.png (3 bytes)
%Program Files%\iNetHelper\png\weibo.com.png (4 bytes)
%Program Files%\iNetHelper\png\you.ctrip.com.png (3 bytes)
%Program Files%\iNetHelper\BrowersFacadeDll.dll (8346 bytes)
%Program Files%\iNetHelper\png\www.sina.com.cn.png (4 bytes)
%Program Files%\iNetHelper\png\www.hao123.com.png (1 bytes)
%Program Files%\iNetHelper\png\www.jjwxc.net.png (2 bytes)
%Program Files%\iNetHelper\png\e23.cn.png (3 bytes)
%Program Files%\iNetHelper\weather\12.png (3 bytes)
%Program Files%\iNetHelper\png\cyol.com.png (2 bytes)
%Program Files%\iNetHelper\png\dzwww.com.png (3 bytes)
%Program Files%\iNetHelper\png\hiapk.com.png (3 bytes)
%Program Files%\iNetHelper\png\www.7k7k.com.png (2 bytes)
%Program Files%\iNetHelper\png\www.yy.com.png (3 bytes)
%Program Files%\iNetHelper\png\www.jiayuan.com.png (4 bytes)
%Program Files%\iNetHelper\png\www.yxlady.com.png (3 bytes)
%Program Files%\iNetHelper\KisLogger.dll (37 bytes)
%Program Files%\iNetHelper\weather\21.png (3 bytes)
%Program Files%\iNetHelper\png\huanqiu.com.png (2 bytes)
%Program Files%\iNetHelper\png\www.39.net.png (2 bytes)
%Program Files%\iNetHelper\png\games.sina.com.cn.png (2 bytes)
%Program Files%\iNetHelper\png\flight.qunar.com.png (3 bytes)
%Program Files%\iNetHelper\weather\25.png (3 bytes)
%Program Files%\iNetHelper\png\news.nen.com.cn.png (3 bytes)
%Program Files%\iNetHelper\png\jschina.com.cn.png (3 bytes)
%Program Files%\iNetHelper\png\www.iqiyi.com.png (3 bytes)
%Program Files%\iNetHelper\png\www.pptv.com.png (1 bytes)
%Program Files%\iNetHelper\png\book.douban.com.png (2 bytes)
%Program Files%\iNetHelper\KisService.exe (1262 bytes)
%Program Files%\iNetHelper\png\www.jrj.com.cn.png (3 bytes)
%Program Files%\iNetHelper\png\baofeng.com.png (3 bytes)
%Program Files%\iNetHelper\png\auto.sina.com.cn.png (2 bytes)
%Program Files%\iNetHelper\png\iask.sina.com.cn.png (2 bytes)
%Program Files%\iNetHelper\png\www.youku.com.png (3 bytes)
%Program Files%\iNetHelper\png\51job.com.png (3 bytes)
%Program Files%\iNetHelper\png\www.cmbchina.com.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\inethelper\~d9d88\install_res\67.png (1 bytes)
%Program Files%\iNetHelper\png\www.vogue.com.cn.png (3 bytes)
%Program Files%\iNetHelper\png\rednet.cn.png (3 bytes)
%Program Files%\iNetHelper\png\www.gome.com.cn.png (4 bytes)
%Program Files%\iNetHelper\png\www.cnfol.com.png (2 bytes)
%Program Files%\iNetHelper\png\www.meipai.com.png (3 bytes)
%Program Files%\iNetHelper\Image\trash.png (19 bytes)
%Program Files%\iNetHelper\png\www.52pk.com.png (2 bytes)
%Program Files%\iNetHelper\png\microsoft.com.png (2 bytes)
%Program Files%\iNetHelper\png\dict.cn.png (3 bytes)
%Program Files%\iNetHelper\png\www.youth.cn.png (4 bytes)
%Program Files%\iNetHelper\png\www.letv.com.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\inethelper\~d9d88\install_res\200.bmp (2 bytes)
%Program Files%\iNetHelper\png\www.miercn.com.png (4 bytes)
%Program Files%\iNetHelper\KisController.dll (3139 bytes)
%Program Files%\iNetHelper\weather\15.png (3 bytes)
%Program Files%\iNetHelper\weather\27.png (3 bytes)
%Program Files%\iNetHelper\png\www.rong360.com.png (3 bytes)
%Program Files%\iNetHelper\weather\11.png (3 bytes)
%Program Files%\iNetHelper\png\www.yirendai.com.png (4 bytes)
%Program Files%\iNetHelper\png\www.guazi.com.png (4 bytes)
%Program Files%\iNetHelper\png\stockstar.com.png (2 bytes)
%Program Files%\iNetHelper\png\news.hexun.com.png (2 bytes)
%Program Files%\iNetHelper\png\fashion.ifeng.com.png (1 bytes)
%Program Files%\iNetHelper\png\yaolan.com.png (1 bytes)
%Program Files%\iNetHelper\png\www.xgo.com.cn.png (2 bytes)
%Program Files%\iNetHelper\png\sports.163.com.png (2 bytes)
%Program Files%\iNetHelper\weather\13.png (3 bytes)
%Program Files%\iNetHelper\png\www.askci.com.png (2 bytes)
%Program Files%\iNetHelper\png\www.adobe.com.png (2 bytes)
%Program Files%\iNetHelper\png\news.sohu.com.png (5 bytes)
%Program Files%\iNetHelper\png\www.2144.cn.png (3 bytes)
%Program Files%\iNetHelper\weather\2.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\inethelper\~d9d88\install_res\65.png (466 bytes)
%Program Files%\iNetHelper\png\www.69xiu.com.png (2 bytes)
%Program Files%\iNetHelper\png\beijing.baixing.com.png (2 bytes)
%Program Files%\iNetHelper\uninst.exe (8017 bytes)
%Program Files%\iNetHelper\png\jumei.com.png (4 bytes)
%Program Files%\iNetHelper\png\www.pchome.net.png (3 bytes)
%Program Files%\iNetHelper\png\www.dangdang.com.png (4 bytes)
%Program Files%\iNetHelper\png\www.autohome.com.cn.png (4 bytes)
%Program Files%\iNetHelper\png\www.iciba.com.png (2 bytes)
%Program Files%\iNetHelper\weather\7.png (3 bytes)
%Program Files%\iNetHelper\png\v.ku6.com.png (3 bytes)
%Program Files%\iNetHelper\KisCommon.dll (605 bytes)
%Program Files%\iNetHelper\png\www.liepin.com.png (2 bytes)
%Program Files%\iNetHelper\png\enorth.com.cn.png (3 bytes)
%Program Files%\iNetHelper\png\www.hongxiu.com.png (4 bytes)
%Program Files%\iNetHelper\SelfProtect.dat (21 bytes)
%Program Files%\iNetHelper\KisServiceTask.dll (514 bytes)
%Program Files%\iNetHelper\png\bbs.tianya.cn.png (5 bytes)
%Program Files%\iNetHelper\png\www.17173.com.png (4 bytes)
%Program Files%\iNetHelper\png\www.gucheng.com.png (2 bytes)
%Program Files%\iNetHelper\png\tv.cntv.cn.png (3 bytes)
%Program Files%\iNetHelper\png\www.chinadaily.com.cn.png (1 bytes)
%Program Files%\iNetHelper\png\blog.163.com.png (2 bytes)
%Program Files%\iNetHelper\weather\30.png (3 bytes)
%Program Files%\iNetHelper\png\21cn.com.png (4 bytes)
%Program Files%\iNetHelper\png\car.bitauto.com.png (4 bytes)
%Program Files%\iNetHelper\png\www.ctrip.com.png (3 bytes)
%Program Files%\iNetHelper\png\mt.sohu.com.png (5 bytes)
%Program Files%\iNetHelper\png\www.2345.com.png (6 bytes)
%Program Files%\iNetHelper\png\www.woxiu.com.png (4 bytes)
%Program Files%\iNetHelper\png\news.163.com.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\inethelper\~d9d88\product.xml (219 bytes)
%Program Files%\iNetHelper\png\www.aipai.com.png (3 bytes)
%Program Files%\iNetHelper\install.xml (2 bytes)
%Program Files%\iNetHelper\png\baike.1688.com.png (2 bytes)
%Program Files%\iNetHelper\png\www.hujiang.com.png (3 bytes)
%Program Files%\iNetHelper\png\bj.nuomi.com.png (2 bytes)
%Program Files%\iNetHelper\png\www.eastmoney.com.png (4 bytes)
%Program Files%\iNetHelper\png\exam8.com.png (4 bytes)
%Program Files%\iNetHelper\weather\20.png (3 bytes)
%Program Files%\iNetHelper\png\onlinedown.net.png (2 bytes)
%Program Files%\iNetHelper\KisSkin.dll (2650 bytes)
%Program Files%\iNetHelper\png\www.tuniu.com.png (4 bytes)
%Program Files%\iNetHelper\KisService.dat (69 bytes)
%Program Files%\iNetHelper\msvcr80.dll (7908 bytes)
%Program Files%\iNetHelper\png\www.mipang.com.png (3 bytes)
%Program Files%\iNetHelper\png\www.163.com.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nso3.tmp\5590b2ab_1202000454.exe (1430831 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz2.tmp (11952 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nso3.tmp\1332280.exe (18665 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nso3.tmp\System.dll (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nso3.tmp\25.tmp (51672 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nso3.tmp\24.tmp (615524 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nso3.tmp\kinst_168_38.exe (9483 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nso3.tmp\2.gif (5064 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nso3.tmp\V8._85296_20150814221218.exe (40581 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nso3.tmp\iNetHelper_300002.exe (58447 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nso3.tmp\21.tmp (385674 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nso3.tmp\Base64.dll (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nso3.tmp\ZipDLL.dll (6360 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nso3.tmp\NSISdl.dll (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nscF.tmp (15764 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ProblemFix\QQBrowserFix.exe (13368 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nss10.tmp\InstallHelper.dll (6584 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ProblemFix\FixItems.xml (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ProblemFix\QQBrowserFix.wsf (324 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nss10.tmp\System.dll (11 bytes)
%Program Files%\Tencent\QQMail\TXGYMailActiveX_2.dll (10517 bytes)
%Program Files%\Tencent\QQMail\TXGYMailCamera_2.dll (13224 bytes)
%Program Files%\Tencent\QQMail\TXFTNActiveX_2.dll (13880 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsxC.tmp (75954 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nscE.tmp\InstallHelper.dll (6584 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\SSO\SSOCommon.dll (41699 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nscE.tmp\System.dll (11 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\SSO\SSOPlatform.dll (48241 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\duba_u29778285_sv1_3_68.exe (3022095 bytes)
%Documents and Settings%\%current user%\Application Data\kingsoft\Kisaas\Facade-journal (816 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\quicklink_recommendcelltag.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\private.html (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\history\history2.js (21 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{6C1AE4FB-CABB-4509-9394-6CF047DA5B1A}\qrx1F.tmp.qbl (50058 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\account_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\app\images\uninstallBtn.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\app\images\qblogo.png (868 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\skin_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\lib\jquery.mCustomScrollbar.css (9 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manifest.json (211 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\history\css\history.css (8 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\skin\skin_mask.png (923 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\images\searchlogo_24_soso.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{66AC5389-365D-4B55-BF5C-5A2A4BC21CCD}\qrx1E.tmp.qbl (88899 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\sidebar\phone.png (16 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\account.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\images\Private-icon.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\favicon\index.html#account.ico (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\skin\skin_selected_blank_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\app\images\wifi_dialog_continue_btn.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{8A24087F-391C-4695-B60C-56BE31AF1ECC}\8.0.0.3\QQPCDetector.dll (1852 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{66AC5389-365D-4B55-BF5C-5A2A4BC21CCD}\8.0.0.44\wechat.ico (137 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\history.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\css\ycalendar.css (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\skin.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\arrowdown_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\unlock.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\index.html (17 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\skin\skin_selected_white.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\unlock_hover_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\history\img\search.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\history\img\checkbox.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\skin\theme_ie.png (15 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\images\searchlogo_24_bing.png (442 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\app\images\default-icon.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\arrowdown.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\skin\addressbar_blank.png (5 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\skin\picker_floor_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\css\style.css (5 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\8.0.0.131\manifest.json (269 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\favicon\index.html#skin.ico (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\history\img\del.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{8A24087F-391C-4695-B60C-56BE31AF1ECC}\8.0.0.3\image\infobar_close_normal.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\default.ico (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\account\down.png (971 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\sidebar\dock_game.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\images\small.png (2 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\js\business.js (8 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\skin\theme.png (25 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\app\images\wifi_dialog_close_btn.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\event\ext.png (13 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\quicklink_toast_unlocked.png (2 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\delete_active_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\js\api.js (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{6C1AE4FB-CABB-4509-9394-6CF047DA5B1A}\8.0.0.4\manifest.json (256 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\lib\jquery.mCustomScrollbar.concat.min.js (37 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\account\up.png (971 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\quicklink_toast_locked.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\app\images\large_installed_arrow.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\skin\addressbar_white.png (5 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\skin\text_light.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\images\icon_not_recommended.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{8A24087F-391C-4695-B60C-56BE31AF1ECC}\8.0.0.3\js\base.js (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\history\img\down.png (960 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\images\icon_suggested_action.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\history\img\atbk1.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Scope\1596\History\History.IE5\desktop.ini (159 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\history\img\atbk2.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\app\sliderman.1.3.7.js (19 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\sidebar\arrow_expand.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\sidebar\dock_video.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\app\images\warn-dialog-close.png (295 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\8.0.0.131\QBSafe.dll (1782 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\lock_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\skin\tab_bg_blank.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\quicklink_newcelltag_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{66AC5389-365D-4B55-BF5C-5A2A4BC21CCD}\8.0.0.44\NetService.dll (3724 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\css\style.css (11 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\skin_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\quicklink_newcelltag.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\js\api.js (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\close.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{8A24087F-391C-4695-B60C-56BE31AF1ECC}\8.0.0.3\image\infobar_close_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\index.html (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\js\business.js (9 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\small.html (2 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\qrx16.tmp.qbl (100555 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\delete_hover_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Scope\1596\History\desktop.ini (159 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\history\img\up-down.png (999 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\lib\jquery.min.js (92 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\unlock_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\app\images\loading.gif (5 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\quicklink_recommendcelltag_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\unlock_active_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\js\init.js (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\event\bg.png (49 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\skin\picker_floor.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\sidebar\dock_phone.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\skin\tab_bg_white.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\images\bkg.gif (22 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\app\images\wifi_dialog_cancel_btn.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\app.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\skin\picker_ceil.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\delete.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\delete_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\js\global.js (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\app\app.js (17 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\lib\template.js (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\js\init.js (8 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\lock_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\manifest.json (5 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\js\sidebar.js (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\account_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\error.html (7 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\favicon\index.html#history.ico (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\images\searchlogo_24_sogou.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\app\images\installed_arrow.png (176 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\lib\ycalendar.js (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\sidebar\qb-flag.png (989 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\app_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\lock_active_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\arrowdown_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\sidebar\dock_qq.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{8A24087F-391C-4695-B60C-56BE31AF1ECC}\8.0.0.3\css\base.css (2 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\delete_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\favicon\index.html#app.ico (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\js\tool.js (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\lock_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\app\css\app.css (9 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\images\pixel.gif (43 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\lock_hover_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\images\searchlogo_24_baidu.png (870 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\app\images\plugin1.png (11 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\history_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\images\searchlogo_24_google.png (919 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\skin\skin_selected_white_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\unlock_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{8A24087F-391C-4695-B60C-56BE31AF1ECC}\8.0.0.3\manifest.json (665 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\history\img\del2.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\lock.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\sidebar\arrow_fold.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\qrx12.tmp.qbl (64977 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\history\img\closeBtnSearchbar.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{8A24087F-391C-4695-B60C-56BE31AF1ECC}\8.0.0.3\inforBar.html (800 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\lib\jquery.easing.js (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{8A24087F-391C-4695-B60C-56BE31AF1ECC}\8.0.0.3\image\infobar_close_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\searchbar_searchengine_arrow.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\history_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\unlock_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\app_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\sidebar\dock_live.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\certerror.html (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\js\global.js (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\images\hse.png (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\skin\picker_ceil_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\skin\skin_selected_blank.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{6C1AE4FB-CABB-4509-9394-6CF047DA5B1A}\8.0.0.4\LoadFixQB.dll (80 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{6C1AE4FB-CABB-4509-9394-6CF047DA5B1A}\8.0.0.4\QBFixerForGJ.exe (301 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\delete_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\arrowdown_hover_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{8A24087F-391C-4695-B60C-56BE31AF1ECC}\qrx1D.tmp.qbl (92544 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{8A24087F-391C-4695-B60C-56BE31AF1ECC}\8.0.0.3\PCMgrInstaller.dll (208 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\js\search.js (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\images\search_btn.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\app\images\small_installed_arrow.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\images\shadow-bottom.png (2 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\css\sidebar.css (2 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{66AC5389-365D-4B55-BF5C-5A2A4BC21CCD}\8.0.0.44\manifest.json (270 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\app\images\plugin3.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\app\images\plugin2.png (6 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\app\images\site_text.png (5 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\dr_packet.dat (58 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\favicon[1].ico (1049 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@www.sogou[1].txt (162 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\masterconn.qq[1] (246 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\masterconn.qq[1] (246 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@sogou[1].txt (124 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (3856 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@sogou[2].txt (1139 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Skin\001-Cool Air.gt (252503 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Skin\LightStripes.gt (601 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\OnlineSetup\QQMail\ini13.tmp.qbl (355 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Adblock\whitelist.ze (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nso3.tmp\act\newyear_normal.png (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ClientUpdate\cli26.tmp.qbl (143 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\compat.xml (39 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Adblock\easylist.ze (1666 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ClientUpdate\cli23.tmp.qbl (80 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ClientUpdate\cli28.tmp.qbl (58 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\OnlineSetup\sso\QQBrowserOTA.exe (7386 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ClientUpdate\cli17.tmp.qbl (701 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ClientUpdate\cli15.tmp.qbl (592 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ClientUpdate\cli21.tmp.qbl (1299 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\OnlineSetup\sso\ini9.tmp.qbl (355 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ClientUpdate\cli27.tmp.qbl (39 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\{1FA837CE-5D4C-4eaf-9341-6B367D2140D4} (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nso3.tmp\act\act.xml (879 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\DB\homepage.db (54 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\OnlineSetup\QQBrowserFix\QQBrowserFix.zip.qbl (67201 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\DB\favorite.db-journal (14062 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\DB\history.db-journal (15492 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\DB\favicons.db-journal (14062 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nso3.tmp\act\newyear_light.png (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ClientUpdate\cli22.tmp.qbl (126425 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_sJ6FhyXepjH73ms (66 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5 (933 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Video\vd.ini (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\OnlineSetup\sso\sso.zip.qbl (259937 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ClientUpdate\cli1A.tmp.qbl (18866 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Adblock\internallist.ze (48 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Adblock\mainlist.ze (41 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ClientUpdate\cli1C.tmp.qbl (11385 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ClientUpdate\cli19.tmp.qbl (27 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\{3349050F-829E-4bb2-AACF-03E3A6B68677} (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_hyHkVNwc0lDdDFJ (73 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\{BC4502A5-2152-423b-AB6B-1BD1999EA9BF} (592 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@wap.sogou[1].txt (160 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\OnlineSetup\QQMail\QQMail.zip.qbl (136591 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\OnlineSetup\QQMail\QQBrowserOTA.exe (1849 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\OnlineSetup\QQBrowserFix\iniA.tmp.qbl (355 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ClientUpdate\cli1B.tmp.qbl (1775 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5 (164 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ClientUpdate\cli11.tmp.qbl (34120 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\OnlineSetup\QZonePhoto\ini14.tmp.qbl (355 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\{BF11CA12-B353-45f1-9113-856FFA7CFC1C} (39 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Adblock\qblist.ze (79 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ClientUpdate\cli20.tmp.qbl (10569 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nso3.tmp\act\test.html (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\{E5CFCF92-CB3F-4de7-B511-78CD5C013AFC} (58 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\{6970B802-2F13-4038-B620-33B0211D26A0} (601 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ClientUpdate\cli25.tmp.qbl (26376 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ClientUpdate\cli24.tmp.qbl (551 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\DB\homepage.db-journal (2750 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\DB\history_push.db (107 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\{91977E3A-F255-4036-8B72-B07EA129C89A} (601 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Adblock\{43789A6F-8316-54A6-96D4-87874B9CC177} (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_bq41PmhksuvTqTt (540 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ClientUpdate\update.ini (666 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\OnlineSetup\QQBrowserFix\QQBrowserOTA.exe (313 bytes)
%WinDir%\Tasks\QQBrowser Udpater Task(Core).job (280 bytes)
%WinDir%\Tasks\QQBrowser Udpater Task.job (276 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\QQBrowserLog\20160527_214424.etl (28 bytes)
%Program Files%\Tencent\QQBrowser\QQBrowserConfig.dat (114 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@www.sogou[2].txt (162 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ClientUpdate\cli4.tmp.qbl (11807 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ClientUpdate\cli6.tmp.qbl (1098 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ClientUpdate\cli7.tmp.qbl (194 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\small.html (2 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\images\installed_arrow.png (176 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\navi.ico (15 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin\theme.png (25 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\account\up.png (971 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1 (4 bytes)
%Program Files%\Tencent\QQBrowser\Infobar\js\base.js (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\Resource.dll (1365 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\lib\template.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\dr.dll (864 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\homepage\0\website\imgSearch.png (10 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\installed_arrow.png (176 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\Infobar\image\icon.png (487 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\homepage\0\website\sogou_web.png (5 bytes)
%Program Files%\Tencent\QQBrowser\dr.dll (601 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\delete_active_ie.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\js\search.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\image.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\Infobar\css\base.css (2 bytes)
%Program Files%\Tencent\QQBrowser\MouseGesture.dll (56 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\history\img\search.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\favicon\index.html#account.ico (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\js\inforBar.js (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\delete_active.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Microsoft.VC90.CRT\msvcr90.dll (4185 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\js\global.js (394 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\images\qblogo.png (868 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\history\img\del2.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\background.js (31 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\QRCode.dll (31 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\HomePage\index.ini (16 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\qblogo.png (868 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Extensions8\Temp\{44A126BF-51C2-48AD-A593-94B50071EB64}.qrx (39 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\8DFDF057024880D7A081AFBF6D26B92F (176 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\images\hse.png (4 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin\tab_bg_white.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\picker_floor_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\plugin3.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\js\init.js (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\Private-icon.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\DB\random.db (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\service\PerfTraceService.exe (2934 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\event\bg.png (28 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\default.ico (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\skin_mask.png (923 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\addressbar_blank.png (5 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\img\del2.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\images\searchlogo_24_sogou.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\app_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\plugin1.png (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\Infobar\image\security.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\js\api.js (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\QQBrowserSecurityCenter.exe (2015 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\warn-dialog-close.png (295 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\js\api.js (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\{CAA4306F-826C-4c1b-8FC6-571F84949DB4} (6 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\{3E9C7A5B-D249-4C28-A451-53E1024AD354} (2 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\lib\jquery.min.js (92 bytes)
%Program Files%\Tencent\QQBrowser\Html\images\searchlogo_24_soso.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\skin_selected_white_ie.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\js\global.js (394 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\certerror.html (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\sliderman.1.3.7.js (19 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\history2.js (21 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\loading.gif (5 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\InstModules\Microsoft.VC90.CRT\msvcp90.dll (3361 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\unlock_ie.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\account_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\css\style.css (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Extensions8\Temp\{C74EB4B8-B51A-4BF7-A213-E29859D69D83}.qrx (15 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\quicklink_toast_locked.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\lib\jquery.mCustomScrollbar.concat.min.js (37 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\delete.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\green.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\lock_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\index.html (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\reader.html (30 bytes)
%Program Files%\Tencent\QQBrowser\Infobar\image\infobar_offlineurl.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\Infobar\image\infobar_close_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\unlock_hover_ie.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\images\default-icon.png (1 bytes)
%Program Files%\Tencent\QQBrowser\QBExtensionFramework.dll (3361 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\Infobar\js\base.js (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\js\business.js (8 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\unlock_hover_ie.png (1 bytes)
%Program Files%\Tencent\QQBrowser\tssafeedit.dat (41 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\bkg.gif (22 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}.qrx (21 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\history_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\favicon\index.html#app.ico (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\accountInfoBar.html (794 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\unlock_active_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\small.html (2 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\lock.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Liveup\Temp\QQBrowserLiveup.exe (1425 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\history\img\atbk1.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\Infobar\inforBar.html (800 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\event\bg.png (28 bytes)
%Program Files%\Tencent\QQBrowser\Html\small.html (2 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\dock_game.png (3 bytes)
%Program Files%\Tencent\QQBrowser\Html\images\searchlogo_24_sogou.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\thumb\http___qzone.qq.com_.jpg (12 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\homepage\0\website\icon.fw.png (8 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\favicon (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\lib\jquery.easing.js (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\img\atbk1.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\license.txt (17 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin\tab_bg_blank.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Extensions8\Temp\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}.qrx (244 bytes)
%Program Files%\Tencent\QQBrowser\Html\images\searchlogo_24_baidu.png (870 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\unlock_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\picker_ceil_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\delete_active.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\thumb\http___browser.qq.com_new_wechat1.0.html_type=1.jpg (10 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\favicon\index.html#history.ico (1 bytes)
%Program Files%\Tencent\QQBrowser\service\xperf.exe (2105 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin\picker_ceil.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\qblogo.png (868 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}_1\manifest.json (256 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\searchlogo_24_sogou.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\hse.png (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{5062F1C6-D76B-43c8-ADAE-D060662C6546}\extplayer.js (30 bytes)
%Program Files%\Tencent\QQBrowser\manifest.json (261 bytes)
%Program Files%\Tencent\QQBrowser\Html\lib\jquery.min.js (92 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\tab_bg_blank.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\account\up.png (971 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\quicklink_toast_unlocked.png (2 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\addressbar_blank.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\video\vd.ini (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\js\api.js (3 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\account.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Microsoft.VC90.CRT\msvcp90.dll (3361 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\lock_hover.png (1 bytes)
%Program Files%\Tencent\QQBrowser\navi.ico (15 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\skin_selected_white.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\Microsoft.VC90.CRT\msvcr90.dll (8224 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\skin_selected_white_ie.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\js\injectReader.js (19 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\db\random.db (10 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\js\global.js (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\images\hse.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\QQBrowser.exe (1661 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{44A126BF-51C2-48AD-A593-94B50071EB64}.qrx (39 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\yellow.png (626 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\dock_game.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Liveup\Temp\Microsoft.VC90.CRT\msvcp90.dll (3361 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\gray.png (501 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\blue.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\lock.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\app_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{A1D7EDF6-6151-4F2D-B39E-01D6FABE0325}.qrx (19 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{CD36E3DB-304A-48EF-A8A2-D873F608D2AE}.qrx (30 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\thumb\http___speed.qq.com_act_a20141103plan_.jpg (16 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\css\ycalendar.css (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manifest.json (197 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\history\img\checkbox.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\js\init.js (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\homepage\0\website\index.html (86 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\accountInfoBar.html (794 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\wifi_dialog_close_btn.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\dock_video.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\image\infobar_close_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\theme_ie.png (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\UserPinnedTemp\QQÃ¦ÂµÂÃ¨Â§Ë†Ã¥â„¢Â¨.lnk (2 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\app_active.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\{3349050F-829E-4bb2-AACF-03E3A6B68677} (5 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Thumb\http___s.click.taobao.com_khr1bAy.jpg (9 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\quicklink_newcelltag_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\arrowdown_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\dock_video_hover.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\pink.png (716 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\history_hover.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\Downloader.dll (4010 bytes)
%Program Files%\Tencent\QQBrowser\Html\lib\jquery.mCustomScrollbar.css (9 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\8DFDF057024880D7A081AFBF6D26B92F (533 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\images\plugin3.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\error.html (7 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\QQÃ¦ÂµÂÃ¨Â§Ë†Ã¥â„¢Â¨.lnk (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\app.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\lock_active.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\favicon\index.html#account.ico (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\history_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\loading.gif (5 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\uninstallBtn.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\js\search.js (1 bytes)
%Program Files%\Tencent\QQBrowser\Infobar\inforBar.html (800 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\dock_game_hover.png (3 bytes)
%Program Files%\Tencent\QQBrowser\QQBrowser.exe (601 bytes)
%Program Files%\Tencent\QQBrowser\QRCode.dll (31 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\quicklink_newcelltag.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\picker_ceil.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\favicon\index.html#skin.ico (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\js\search.js (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\history_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\account_active.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\CustomerJoinPlan.txt (2 bytes)
%Program Files%\Tencent\QQBrowser\Html\error.html (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\QQBrowserFrame.dll (13493 bytes)
%Program Files%\Tencent\QQBrowser\service\perfctrl.dll (1281 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{ACC06D2A-2285-4ed9-B4E4-0F3198501410}.qrx (12 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\quicklink_recommendcelltag_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\unlock_ie.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Dialogs.dll (7385 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\plugin2.png (6 bytes)
%Program Files%\Tencent\QQBrowser\service\7z.exe (673 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\history\img\del.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\index.html (17 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Extensions8\{5062F1C6-D76B-43c8-ADAE-D060662C6546}\extplayer.js (30 bytes)
%Program Files%\Tencent\QQBrowser\Html\manifest.json (197 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\images\pixel.gif (43 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\images\searchlogo_24_bing.png (442 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin\addressbar_white.png (5 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\tab_bg_blank.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\Config.xml (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\arrowdown_hover_ie.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\Microsoft.VC90.CRT\msvcm90.dll (2129 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\index.html (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\BugReport.exe (7256 bytes)
%Program Files%\Tencent\QQBrowser\QQBrowserFrame.dll (11518 bytes)
%Program Files%\Tencent\QQBrowser\resources.pri (3 bytes)
%Program Files%\Tencent\QQBrowser\Downloader.dll (3073 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\Infobar\image\infobar_close_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\history\img\up-down.png (999 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\PrScrn.dll (2517 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\app.js (17 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\HomePage\0\website\index.html (601 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\lock_active_ie.png (1 bytes)
%Program Files%\Tencent\QQBrowser\WebpDecodeFilter.dll (673 bytes)
%Program Files%\Tencent\QQBrowser\Html\lib\jquery.mCustomScrollbar.concat.min.js (37 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\large_installed_arrow.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\images\icon_not_recommended.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\quicklink_recommendcelltag.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\InstModules\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\theme_ie.png (15 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\tab_bg_white.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\TridentCore.dll (9754 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\history_active.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\thumb\qqbrowser_home.jpg (14 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\small_installed_arrow.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\delete_ie.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\favicon\index.html#app.ico (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\history.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\unlock.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\history\img\atbk1.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\unlock.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\EventTracing.dll (1326 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\service\qqtrack.xml (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\installed_arrow.png (176 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\arrowdown_hover.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Adblock\wbg.png (136 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\theme.png (25 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\quicklink_recommendcelltag_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\arrowdown.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\thumb\http___tq.qq.com_qbrcenter_index.html_adtag=8gongge.jpg (11 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\skin_selected_blank.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\dock_video.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\lock_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\unlock_active_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\lib\jquery.mCustomScrollbar.css (9 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\uninstallBtn.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\account\up.png (971 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\Assistant.dll (6284 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\dock_video_active.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\js\global.js (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\account\down.png (971 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}_1\QBSafe.dll (1735 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\js\global.js (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\warn-dialog-close.png (295 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\css\style.css (6 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Thumb\qqbrowser_home.jpg (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Extensions8\Temp\{A1D7EDF6-6151-4F2D-B39E-01D6FABE0325}.qrx (19 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\favicon\index.html#app.ico (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\favicon\index.html#account.ico (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\unlock_ie.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\images\pixel.gif (43 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin\skin_mask.png (923 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\image\infobar_close_normal.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\quicklink_recommendcelltag_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{132A61AD-1025-4629-960D-B21EE8BAABB3}.qrx (17 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\nsis_skin.gt (106 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\QBInstaller.dll (3710 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\js\init.js (8 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Thumb\https___mail.qq.com_.jpg (16 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\wifi_dialog_close_btn.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\img\del.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\private.html (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\unlock_hover_ie.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\css\articlecontent.css (12 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Extensions8\{00000000-0000-0000-0000-000000000000}\jquery.js (92 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\pixel.gif (43 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\delete_hover.png (1 bytes)
%Program Files%\Tencent\QQBrowser\nsis_skin.gt (601 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\arrowdown_hover_ie.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\dock_game_active.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\skin_mask.png (923 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\Infobar\image\infobar_login.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\history\img\search.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin\skin_selected_blank_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\lock_ie.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\dock_video.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\lib\ycalendar.js (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\delete.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\css\ycalendar.css (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\wifi_dialog_cancel_btn.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Liveup\Temp\QBUtils.dll (12287 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\blue.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\image\infobar_close_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\text_light.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Infobar\image\infobar_login.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\img\up-down.png (999 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\css\articlecontent.css (12 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\shadow-bottom.png (2 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\HomePage\0\website\bgsearch_day.jpg (4 bytes)
%Program Files%\Tencent\QQBrowser\Html\images\icon_suggested_action.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\skin\LightStripes.gt (94 bytes)
%Program Files%\Tencent\QQBrowser\Infobar\image\infobar_fav.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\sliderman.1.3.7.js (19 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\img\down.png (960 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\QQBrowserLiveup.exe (3502 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\images\site_text.png (5 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\quicklink_toast_locked.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Thumb\http___speed.qq.com_act_a20141103plan_.jpg (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\qqtrack.xml (7 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\picker_floor.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\js\tool.js (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\8.0.0.12\manifest.json (256 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\lock_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\arrowdown.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Infobar\css\base.css (2 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\images\icon_suggested_action.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\quicklink_newcelltag.png (1 bytes)
%Program Files%\Tencent\QQBrowser\BugReport.exe (2321 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\account\down.png (971 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\event\bg.png (28 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin\skin_selected_blank.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\favicon\index.html#skin.ico (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\images\loading.gif (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\Infobar\image\infobar_close_normal.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\image.png (5 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\HomePage\0\website\sogou_web.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\{CAA4306F-826C-4c1b-8FC6-571F84949DB4} (6 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\history\history2.js (21 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\dock_video_active.png (3 bytes)
%Program Files%\Tencent\QQBrowser\Html\lib\ycalendar.js (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\images\searchlogo_24_baidu.png (870 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\service\7z.exe (1209 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\lock_active_ie.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\thumb\https___mail.qq.com_.jpg (16 bytes)
%Program Files%\Tencent\QQBrowser\Html\certerror.html (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\site_text.png (5 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\dock_game_hover.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\arrowdown_ie.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\thumb\http___www.qq.com__pgv_ref=qqBrowserPC.jpg (16 bytes)
%Program Files%\Tencent\QQBrowser\QBSafe.dll (1735 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\quicklink_toast_unlocked.png (2 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\search_btn.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\quicklink_toast_locked.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Thumb\http___tq.qq.com_qbrcenter_index.html_adtag=8gongge.jpg (11 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\searchlogo_24_bing.png (442 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\private.html (3 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin\skin_selected_white_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\favicon\index.html#history.ico (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\dock_video_active.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\resources.pri (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\delete_active_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\images\icon_not_recommended.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\quicklink_toast_unlocked.png (2 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\history.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\searchbar_searchengine_arrow.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\history\css\history.css (8 bytes)
%Program Files%\Tencent\QQBrowser\Microsoft.VC90.CRT\msvcm90.dll (1281 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\homepage\index.ini (16 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\delete_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\js\injectReader.js (19 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\searchbar_searchengine_arrow.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\images\searchlogo_24_google.png (919 bytes)
%Program Files%\Tencent\QQBrowser\Html\images\search_btn.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\{3E9C7A5B-D249-4C28-A451-53E1024AD354} (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\homepage\0\website\bgsearch_day.jpg (4 bytes)
%Program Files%\Tencent\QQBrowser\QQBrowserLiveup.exe (1425 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\image\infobar_close_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\lib\ycalendar.js (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\close.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\css\ycalendar.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\Infobar\image\infobar_offlineurl.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\lock_hover_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\images\searchlogo_24_soso.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\js\business.js (9 bytes)
%Program Files%\Tencent\QQBrowser\Infobar\image\infobar_close_normal.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\js\init.js (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\quicklink_newcelltag.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\close.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\lib\jquery.mCustomScrollbar.concat.min.js (37 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\js\init.js (8 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manifest.json (197 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\plugin2.png (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\yellow.png (626 bytes)
%Program Files%\Tencent\QQBrowser\Infobar\image\security.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\dock_game_active.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\arrowdown_hover.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\searchbar_searchengine_arrow.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\history\img\down.png (960 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\icon_not_recommended.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\history.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\account\down.png (971 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\thumb\http___www.3366.com__ADTAG=cop.QQbrowser.8new.jpg (16 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\picker_floor.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\history\img\down.png (960 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\css\style.css (6 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\images\search_btn.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\account_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\lib\jquery.easing.js (3 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\images\large_installed_arrow.png (1 bytes)
%Program Files%\Tencent\QQBrowser\PrScrn.dll (1281 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\arrowdown_hover_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\background.html (122 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\Ã¨â€¦Â¾Ã¨Â®Â¯Ã¨Â½Â¯Ã¤Â»Â¶\QQÃ¦ÂµÂÃ¨Â§Ë†Ã¥â„¢Â¨\QQÃ¦ÂµÂÃ¨Â§Ë†Ã¥â„¢Â¨.lnk (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Extensions8\Temp\{ACC06D2A-2285-4ed9-B4E4-0F3198501410}.qrx (12 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\account.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\night.png (546 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\HomePage\0\website\bggradient_day.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\content.js (30 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\js\inforBar.js (1 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\62B5AF9BE9ADC1085C3C56EC07A82BF6 (152 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\dock_game_hover.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\lib\template.js (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\searchlogo_24_baidu.png (870 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\thumb\http___s.click.taobao.com_khr1bAy.jpg (9 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\searchlogo_24_google.png (919 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\quicklink_newcelltag_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\images\small.png (2 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\delete.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Thumb\http___qzone.qq.com_.jpg (12 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\app.js (17 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\Microsoft.VC90.CRT\msvcp90.dll (6900 bytes)
%Program Files%\Tencent\QQBrowser\uninst.exe (2105 bytes)
%Program Files%\Tencent\QQBrowser\Infobar\image\infobar_close_hover.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Adblock\whitelist.ze (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\skin_selected_blank_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\images\shadow-bottom.png (2 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\manifest.json (5 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\index.html (17 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\account_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\dock_video_hover.png (3 bytes)
%Program Files%\Tencent\QQBrowser\EventTracing.dll (39 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\site_text.png (5 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\css\screen.css (14 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\plugin3.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\images\Private-icon.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\lock_hover_ie.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\unlock_active_ie.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\WebpDecodeFilter.dll (2128 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\unlock_hover.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Infobar\image\icon.png (487 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\tab_bg_white.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\plugin1.png (11 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\delete_hover_ie.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\default.ico (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\lib\jquery.min.js (92 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\green.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\{B00DFF21-511E-4249-BCB9-EECC370D796B} (430 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\quicklink_recommendcelltag.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{00000000-0000-0000-0000-000000000000}\jquery.js (601 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\error.html (7 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\history\img\closeBtnSearchbar.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\css\style.css (11 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\history\img\del.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\large_installed_arrow.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\lock_active_ie.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\lock_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\sliderman.1.3.7.js (19 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\service\QQTrace.ini (3 bytes)
%Program Files%\Tencent\QQBrowser\Html\images\small.png (2 bytes)
%Program Files%\Tencent\QQBrowser\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\app.js (17 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\app.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Liveup\Temp\Microsoft.VC90.CRT\msvcr90.dll (4185 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\images\wifi_dialog_cancel_btn.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\addressbar_white.png (5 bytes)
%Program Files%\Tencent\QQBrowser\QQBrowserSecurityCenter.exe (673 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\history\img\closeBtnSearchbar.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\js\init.js (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\{6970B802-2F13-4038-B620-33B0211D26A0} (99 bytes)
%Program Files%\Tencent\QQBrowser\service\qqtrack.xml (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\searchlogo_24_soso.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\css\style.css (2 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\lib\jquery.mCustomScrollbar.css (9 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\app_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\dock_game_active.png (3 bytes)
%Program Files%\Tencent\QQBrowser\service\QQTrace.ini (3 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\index.html (17 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\js\business.js (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\NetWork.dll (2602 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\theme.png (25 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\images\searchlogo_24_google.png (919 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\delete_active_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\lock_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\gray.png (501 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\images\plugin2.png (6 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\quicklink_recommendcelltag.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\account_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\js\business.js (8 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\icon_suggested_action.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\account.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Adblock\{43789A6F-8316-54A6-96D4-87874B9CC177} (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\db\history.db (108 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Thumb\http___browser.qq.com_new_wechat1.0.html_type=1.jpg (10 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\reader.html (30 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\image\accountInfo.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\images\wifi_dialog_continue_btn.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\lib\template.js (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\delete_hover.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Extensions8\Temp\{E5914276-7752-43C4-9723-50EE9CF51AD8}.qrx (16 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\dock_game.png (3 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{C74EB4B8-B51A-4BF7-A213-E29859D69D83}.qrx (15 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\{B00DFF21-511E-4249-BCB9-EECC370D796B} (430 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\small.png (2 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}.qrx (1281 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\{B00D20E2-207A-431A-9712-E1279792681B} (89 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\arrowdown.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\picker_ceil_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\skin_selected_blank_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\unlock_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\wifi_dialog_continue_btn.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\history\img\atbk2.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\delete_hover_ie.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\js\api.js (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\js\global.js (394 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\manifest.json (5 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\images\wifi_dialog_close_btn.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\history\img\atbk2.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\manifest.json (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\lock_hover_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\delete_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\text_light.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\history\img\del2.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\css\app.css (9 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\img\search.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\delete_hover_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin_hover.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\MouseGesture.dll (872 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\images\plugin1.png (11 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\Dialogs.dll (10771 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\images\small_installed_arrow.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\uninst.exe (3649 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\HomePage\0\website\icon.fw.png (8 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Thumb\http___www.3366.com__ADTAG=cop.QQbrowser.8new.jpg (16 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\8.0.0.12\QBSafe.dll (1735 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\app_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\history\css\history.css (8 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\arrowdown_ie.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\QBExtensionFramework.dll (3766 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\HomePage\0\website\imgSearch.png (10 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\addressbar_white.png (5 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\index.html (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\tssafeedit.dat (41 bytes)
%Program Files%\Tencent\QQBrowser\Html\images\bkg.gif (22 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\js\api.js (3 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin\text_light.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\images\searchlogo_24_bing.png (442 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\favicon\index.html#skin.ico (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\lib\jquery.easing.js (3 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\images\warn-dialog-close.png (295 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\history\img\up-down.png (999 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\delete_ie.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\img\checkbox.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\unlock_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Liveup\Temp\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\qqtrack.xml (7 bytes)
%Documents and Settings%\%current user%\Desktop\Ã¤Â¸Å Ã§Â½â€˜Ã¥Â¯Â¼Ã¨Ë†Âª.lnk (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\lock_ie.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\db\homepage.db (3 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\InstModules\QBUtils.dll (12287 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\delete_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\history_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\css\style.css (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Extensions8\Temp\{CD36E3DB-304A-48EF-A8A2-D873F608D2AE}.qrx (30 bytes)
%Documents and Settings%\%current user%\Desktop\QQÃ¦ÂµÂÃ¨Â§Ë†Ã¥â„¢Â¨.lnk (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin\skin_selected_white.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\{B00D20E2-207A-431A-9712-E1279792681B} (89 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\image\infobar_close_normal.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\images\Private-icon.png (3 bytes)
%Program Files%\Tencent\QQBrowser\Infobar\image\infobar_close_active.png (1 bytes)
%Program Files%\Tencent\QQBrowser\service\PerfTraceService.exe (1425 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Adblock\wbg.png (136 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\js\business.js (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Extensions8\Temp\{132A61AD-1025-4629-960D-B21EE8BAABB3}.qrx (17 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\account_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\wifi_dialog_continue_btn.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\arrowdown_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\content.js (30 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\service\perfctrl.dll (3447 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Thumb\http___www.qq.com__pgv_ref=qqBrowserPC.jpg (16 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\images\uninstallBtn.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin\picker_floor.png (1 bytes)
%Program Files%\Tencent\QQBrowser\skin\LightStripes.gt (601 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\default.ico (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin\theme_ie.png (15 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin\picker_floor_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\img\closeBtnSearchbar.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\lock.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\img\atbk2.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}.qrx (1645 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}.qrx (21 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\picker_floor_hover.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\js\business.js (9 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\css\app.css (9 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\image\infobar_close_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\night.png (546 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\picker_ceil.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\quicklink_newcelltag_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\css\app.css (9 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\app_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\wifi_dialog_cancel_btn.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\Infobar\image\infobar_fav.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\js\api.js (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\background.html (122 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin\addressbar_blank.png (5 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\image\accountInfo.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\private.html (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\history\img\checkbox.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\unlock_active.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\homepage\0\website\bggradient_day.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\default-icon.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Resource.dll (673 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\manifest.json (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}.qrx (2105 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin\picker_ceil_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\css\history.css (8 bytes)
%Program Files%\Tencent\QQBrowser\app.ico (284 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\js\tool.js (3 bytes)
%Program Files%\Tencent\QQBrowser\Html\images\shadow-bottom.png (2 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\default-icon.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Adblock\mainlist.ze (29 bytes)
%Program Files%\Tencent\QQBrowser\QBUtils.dll (12287 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\js\tool.js (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\QBUtils.dll (17689 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\62B5AF9BE9ADC1085C3C56EC07A82BF6 (224 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\history\history2.js (21 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\small_installed_arrow.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\InstModules\Microsoft.VC90.CRT\msvcr90.dll (4185 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{7E2975A3-E661-42F2-8614-A9D18CBB20FE}.qrx (19 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\css\style.css (11 bytes)
%Program Files%\Tencent\QQBrowser\NetWork.dll (673 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\certerror.html (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\css\screen.css (14 bytes)
%Program Files%\Tencent\QQBrowser\TridentCore.dll (7345 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\css\style.css (6 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\app.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\unlock_active.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\favicon\index.html#history.ico (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\background.js (31 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\close.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\skin_selected_white.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\images\bkg.gif (22 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\skin_selected_blank.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Assistant.dll (2321 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\pink.png (716 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\bin\service\xperf.exe (5001 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12aucba7b\appdata\Extensions8\Temp\{7E2975A3-E661-42F2-8614-A9D18CBB20FE}.qrx (19 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\unlock.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\dock_video_hover.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{E5914276-7752-43C4-9723-50EE9CF51AD8}.qrx (16 bytes)
%Program Files%\iNetHelper\Log\KisService.log (1286 bytes)
%Program Files%\iNetHelper\Pid.dat (21 bytes)
%WinDir%\Temp\360ini.cab (2695864 bytes)
%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QLSNQ10Z\360IniVerify[1].cab (376 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft\Crypto\RSA\S-1-5-18\6d14e4b1d8ca773bab785d1be032546e_75ed9567-aa58-4c8e-a8ea-3cad7c47ab03 (47 bytes)
%Program Files%\iNetHelper\Log\KisUrlTimer.log (273 bytes)
%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OFK7QZUX\360ini[1].cab (2695864 bytes)
%Program Files%\iNetHelper\Log\KisController.log (1368 bytes)
%Program Files%\iNetHelper\Log\KisServiceTask.log (105 bytes)
%WinDir%\Temp\{19CAA9E9-E3B9-4160-8283-94453594EFB9}\urlproc.dll (3518 bytes)
%Program Files%\iNetHelper\Log\KisWebAceDownloader.log (1646 bytes)
%WinDir%\Temp\360IniVerify.ini (376 bytes)
%Program Files%\iNetHelper\Log\KisSelfProtect.log (1039 bytes)
%WinDir%\Temp\360IniV2\360ini.dll (50289 bytes)
%Documents and Settings%\All Users\Application Data\iNetHelper\KanOption.cfg (122 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@baidu[1].txt (198 bytes)
%Documents and Settings%\All Users\Application Data\iNetHelper\WeatherNews\WN29.tmp (14369 bytes)
Delete the following value(s) in the autorun key (How to Work with System Registry):

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iNetHelper" = "c:\program files\iNetHelper\KisDeskURL.exe"
Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
Reboot the computer.

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

Permalink

Back to the blog

e-mail

Google+

Twitter

Facebook

Trojan.NSIS.StartPage_6b16a2d4c5

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Discover the new adaware antivirus 12

Our best antivirus yet

Trojan.NSIS.StartPage_6b16a2d4c5

E-mail

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Discover the new adaware antivirus 12

Our best antivirus yet