Trojan.GenericKD.3229664_259859927e

Susp_Dropper (Kaspersky), Trojan.GenericKD.3229664 (B) (Emsisoft), Trojan.GenericKD.3229664 (AdAware), Trojan.NSIS.StartPage.FD, mzpefinder_pcap_file.YR (Lavasoft MAS) Behaviour: Trojan The descripti...
Blog rating:2 out of5 with1 ratings

Trojan.GenericKD.3229664_259859927e

by malwarelabrobot on September 3rd, 2016 in Malware Descriptions.

Susp_Dropper (Kaspersky), Trojan.GenericKD.3229664 (B) (Emsisoft), Trojan.GenericKD.3229664 (AdAware), Trojan.NSIS.StartPage.FD, mzpefinder_pcap_file.YR (Lavasoft MAS)
Behaviour: Trojan


The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Requires JavaScript enabled!

Summary
Dynamic Analysis
Static Analysis
Network Activity
Map
Strings from Dumps
Removals

MD5: 259859927ec330470ca6d4f4d5d4840e
SHA1: 5e2e47d30f1f7d500bc91c319257c0bccf8220a9
SHA256: fda8b57f2b9274a133c53b3a99909178438e289f4af44311a68be5e63ac91672
SSDeep: 6144:ReTeM/tu09dtOILv3ARJeby5QC c4CdrmlopP4hc1HGr f:FM1u09nvPALem5v4ColwPoc1Hvf
Size: 295388 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: CrushArcade
Created at: 2009-06-19 00:33:23
Analyzed on: WindowsXP SP3 32-bit


Summary:

Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Payload

No specific payload has been found.

Process activity

The Trojan creates the following process(es):

DeskDrawer_0016212_01.exe:1096
DeskDrawer_0016212_01.exe:1660
V8._85296_20150814221218.exe:500
QQBrowser.exe:740
QQBrowser.exe:216
QQBrowser.exe:620
QQBrowser.exe:1836
QQBrowser.exe:468
QQBrowser.exe:884
QQBrowser.exe:464
QQBrowser.exe:1852
QQBrowser.exe:1336
QQBrowser.exe:576
QQBrowser.exe:1180
QQBrowser.exe:1668
DeskDrawer.exe:508
lxsaju.exe:1308
BDDocker.exe:2172
PerfTraceService.exe:1132
PerfTraceService.exe:1160
regsvr32.exe:1128
DeskDrawer_0016212_01.tmp:1168
DeskDrawer_0016212_01.tmp:492
Baidu.exe:900
Baidu.exe:2052
Baidu.exe:2484
Baidu.exe:2540
Baidu.exe:2352
Baidu.exe:2116
QQBrowserOTA.exe:3548
QQBrowserOTA.exe:3540
QQBrowserOTA.exe:3176
kinst_168_57.exe:1128

The Trojan injects its code into the following process(es):

1332280.exe:1088
%original file name%.exe:860
QQBrowser.exe:316
QQBrowser.exe:656
QQBrowser.exe:228
QQBrowser.exe:1796
QQBrowser.exe:324
QQBrowser.exe:512
Baidu.exe:3500

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process 1332280.exe:1088 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\I9I58XG7\rse1332280[1].exe (575338 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RSEDown\rsedownloadconfig.xml.rs (204 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\I9I58XG7\rsedownloadconfig[1].xml (196 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RSEDown\rse.exe.rs (575338 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\I9I58XG7\rse1332280[1].exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\I9I58XG7\rsedownloadconfig[1].xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RSEDown\rsedownloadconfig.xml (0 bytes)

The process DeskDrawer_0016212_01.exe:1096 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\is-KUCV5.tmp\DeskDrawer_0016212_01.tmp (3786 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\is-KUCV5.tmp\DeskDrawer_0016212_01.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-KUCV5.tmp (0 bytes)

The process DeskDrawer_0016212_01.exe:1660 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\is-995SB.tmp\DeskDrawer_0016212_01.tmp (3786 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\is-995SB.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-995SB.tmp\DeskDrawer_0016212_01.tmp (0 bytes)

The process V8._85296_20150814221218.exe:500 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\small.html (2 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\images\installed_arrow.png (176 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin\theme.png (25 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\account\up.png (971 bytes)
%Program Files%\Tencent\QQBrowser\Infobar\js\base.js (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\event\bg.png (28 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\lib\template.js (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\warn-dialog-close.png (295 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}.qrx (21 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\installed_arrow.png (176 bytes)
%Program Files%\Tencent\QQBrowser\dr.dll (601 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\delete_active_ie.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\js\search.js (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\delete.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Adblock\mainlist.ze (29 bytes)
%Program Files%\Tencent\QQBrowser\MouseGesture.dll (56 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\history\img\search.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\favicon\index.html#account.ico (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\js\inforBar.js (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\delete_active.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Microsoft.VC90.CRT\msvcr90.dll (4185 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\js\global.js (394 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\images\qblogo.png (868 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\history\img\del2.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\background.js (31 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\HomePage\index.ini (16 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\qblogo.png (868 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\8DFDF057024880D7A081AFBF6D26B92F (176 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\images\hse.png (4 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin\tab_bg_white.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\picker_floor_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\plugin3.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\js\init.js (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\Private-icon.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\DB\random.db (10 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\thumb (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\default.ico (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\skin_mask.png (923 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\addressbar_blank.png (5 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\img\del2.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\homepage\0\website\index.html (86 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\images\searchlogo_24_sogou.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\app_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\plugin1.png (11 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\js\api.js (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\js\api.js (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\{CAA4306F-826C-4c1b-8FC6-571F84949DB4} (6 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\{3E9C7A5B-D249-4C28-A451-53E1024AD354} (2 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\lib\jquery.min.js (92 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\Infobar\css\base.css (2 bytes)
%Program Files%\Tencent\QQBrowser\Html\images\searchlogo_24_soso.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\skin_selected_white_ie.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\Infobar\image\security.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\js\global.js (394 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\js\injectReader.js (19 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\certerror.html (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\sliderman.1.3.7.js (19 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\history2.js (21 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\loading.gif (5 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\InstModules\Microsoft.VC90.CRT\msvcp90.dll (3361 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\unlock_ie.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\account_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\css\style.css (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\Infobar\inforBar.html (800 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\history\img\down.png (960 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\quicklink_toast_locked.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\service (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\lock_hover.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\PrScrn.dll (2517 bytes)
%Program Files%\Tencent\QQBrowser\Infobar\image\infobar_offlineurl.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\unlock_hover_ie.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\images\default-icon.png (1 bytes)
%Program Files%\Tencent\QQBrowser\QBExtensionFramework.dll (3361 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\quicklink_recommendcelltag.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\js\business.js (8 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\unlock_hover_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\css\style.css (2 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\bkg.gif (22 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}.qrx (21 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\history_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\favicon\index.html#app.ico (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\accountInfoBar.html (794 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\thumb\http___tq.qq.com_qbrcenter_index.html_adtag=8gongge.jpg (11 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\delete_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\theme.png (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\blue.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\lock.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Liveup\Temp\QQBrowserLiveup.exe (1425 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\history\img\atbk1.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\event\bg.png (28 bytes)
%Program Files%\Tencent\QQBrowser\Html\small.html (2 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\dock_game.png (3 bytes)
%Program Files%\Tencent\QQBrowser\Html\images\searchlogo_24_sogou.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\favicon (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\lib\jquery.easing.js (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\img\checkbox.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\img\atbk1.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin\tab_bg_blank.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\images\searchlogo_24_baidu.png (870 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\DB\history.db (601 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\unlock_hover.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\thumb\http___qzone.qq.com_.jpg (12 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\Infobar\image\infobar_close_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\favicon\index.html#history.ico (1 bytes)
%Program Files%\Tencent\QQBrowser\service\xperf.exe (2105 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin\picker_ceil.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\qblogo.png (868 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}_1\manifest.json (256 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\searchlogo_24_sogou.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\hse.png (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{5062F1C6-D76B-43c8-ADAE-D060662C6546}\extplayer.js (30 bytes)
%Program Files%\Tencent\QQBrowser\manifest.json (261 bytes)
%Program Files%\Tencent\QQBrowser\Html\lib\jquery.min.js (92 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\video\vd.ini (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\tab_bg_blank.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\account\up.png (971 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\quicklink_toast_unlocked.png (2 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\addressbar_blank.png (5 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\js\api.js (3 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\account.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Adblock\{43789A6F-8316-54A6-96D4-87874B9CC177} (5 bytes)
%Program Files%\Tencent\QQBrowser\Microsoft.VC90.CRT\msvcp90.dll (3361 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\lock_hover.png (1 bytes)
%Program Files%\Tencent\QQBrowser\navi.ico (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Extensions8\Temp\{CD36E3DB-304A-48EF-A8A2-D873F608D2AE}.qrx (30 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\skin_selected_white.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\skin_selected_white_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\js\global.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\uninst.exe (3649 bytes)
%Program Files%\Tencent\QQBrowser\Html\images\hse.png (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{44A126BF-51C2-48AD-A593-94B50071EB64}.qrx (39 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\yellow.png (626 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\dock_game.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Liveup\Temp\Microsoft.VC90.CRT\msvcp90.dll (3361 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\homepage\0\website\bgsearch_day.jpg (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\lock.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\app_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{A1D7EDF6-6151-4F2D-B39E-01D6FABE0325}.qrx (19 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\history\img\del.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{CD36E3DB-304A-48EF-A8A2-D873F608D2AE}.qrx (30 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\skin\LightStripes.gt (94 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\lib\jquery.mCustomScrollbar.concat.min.js (37 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\css\ycalendar.css (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manifest.json (197 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\history\img\checkbox.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\js\init.js (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\thumb\qqbrowser_home.jpg (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\service\7z.exe (1209 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\accountInfoBar.html (794 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\wifi_dialog_close_btn.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\dock_video.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\image\infobar_close_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\theme_ie.png (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\UserPinnedTemp\QQ浏览器.lnk (2 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\app_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Thumb\http___s.click.taobao.com_khr1bAy.jpg (9 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\quicklink_newcelltag_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\sliderman.1.3.7.js (19 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\Microsoft.VC90.CRT\msvcp90.dll (6900 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\dock_video_hover.png (3 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\history_hover.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\lib\jquery.mCustomScrollbar.css (9 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\8DFDF057024880D7A081AFBF6D26B92F (571 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\images\plugin3.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\QQ浏览器.lnk (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\thumb\http___browser.qq.com_new_wechat1.0.html_type=1.jpg (10 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\app.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\lock_active.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\favicon\index.html#account.ico (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\green.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\history_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\loading.gif (5 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\uninstallBtn.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\js\search.js (1 bytes)
%Program Files%\Tencent\QQBrowser\Infobar\inforBar.html (800 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\dock_game_hover.png (3 bytes)
%Program Files%\Tencent\QQBrowser\QQBrowser.exe (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\NetWork.dll (2602 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\quicklink_newcelltag.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\picker_ceil.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\img (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\favicon\index.html#skin.ico (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\DB\homepage.db (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\history_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\account_active.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\error.html (7 bytes)
%Program Files%\Tencent\QQBrowser\service\perfctrl.dll (1281 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{ACC06D2A-2285-4ed9-B4E4-0F3198501410}.qrx (12 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\quicklink_recommendcelltag_ie.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\thumb\http___speed.qq.com_act_a20141103plan_.jpg (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Extensions8\Temp\{7E2975A3-E661-42F2-8614-A9D18CBB20FE}.qrx (19 bytes)
%Program Files%\Tencent\QQBrowser\Dialogs.dll (7385 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\db\homepage.db (3 bytes)
%Program Files%\Tencent\QQBrowser\service\7z.exe (673 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\plugin2.png (6 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\history\img\del.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\index.html (17 bytes)
%Program Files%\Tencent\QQBrowser\Html\manifest.json (197 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\images\pixel.gif (43 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\images\searchlogo_24_bing.png (442 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin\addressbar_white.png (5 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\tab_bg_blank.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\arrowdown_hover_ie.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Extensions8\Temp\{44A126BF-51C2-48AD-A593-94B50071EB64}.qrx (39 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\index.html (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\css\screen.css (14 bytes)
%Program Files%\Tencent\QQBrowser\QQBrowserFrame.dll (11518 bytes)
%Program Files%\Tencent\QQBrowser\resources.pri (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\Infobar\image (4 bytes)
%Program Files%\Tencent\QQBrowser\Downloader.dll (3073 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\history\img\up-down.png (999 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\app.js (17 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\HomePage\0\website\index.html (601 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\lock_active_ie.png (1 bytes)
%Program Files%\Tencent\QQBrowser\WebpDecodeFilter.dll (673 bytes)
%Program Files%\Tencent\QQBrowser\Html\lib\jquery.mCustomScrollbar.concat.min.js (37 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Adblock\whitelist.ze (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\large_installed_arrow.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\images\icon_not_recommended.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\quicklink_recommendcelltag.png (1 bytes)
%Program Files%\Tencent\QQBrowser\service\QQTrace.ini (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\theme_ie.png (15 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\unlock_active_ie.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\QBExtensionFramework.dll (3766 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\tab_bg_white.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\history_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\small_installed_arrow.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\delete_ie.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\favicon\index.html#app.ico (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\unlock.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\history\img\atbk1.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\unlock.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\installed_arrow.png (176 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\arrowdown_hover.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\Infobar\image\infobar_login.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\Infobar\image\infobar_close_hover.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\quicklink_recommendcelltag_ie.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin (8 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\arrowdown.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\Resource.dll (1365 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\QQBrowser.exe (1661 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\thumb\https___mail.qq.com_.jpg (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Extensions8\{00000000-0000-0000-0000-000000000000}\jquery.js (92 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\skin_selected_blank.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\dock_video.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\lock_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\theme.png (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\homepage\0\website (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\QBInstaller.dll (3710 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\lib\jquery.mCustomScrollbar.css (9 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\uninstallBtn.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\account\up.png (971 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\js\search.js (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\dock_video_active.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\account\down.png (971 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}_1\QBSafe.dll (1735 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\js\global.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Extensions8 (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\warn-dialog-close.png (295 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\css\style.css (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\TridentCore.dll (9754 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Thumb\qqbrowser_home.jpg (14 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\favicon\index.html#app.ico (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\favicon\index.html#account.ico (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\unlock_ie.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\images\pixel.gif (43 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin\skin_mask.png (923 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\pink.png (716 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\image\infobar_close_normal.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\quicklink_recommendcelltag_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manifest.json (197 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{132A61AD-1025-4629-960D-B21EE8BAABB3}.qrx (17 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\blue.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\reader.html (30 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Thumb\https___mail.qq.com_.jpg (16 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\wifi_dialog_close_btn.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\img\del.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\private.html (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\unlock_hover_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\pixel.gif (43 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\delete_hover.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\css\articlecontent.css (12 bytes)
%Program Files%\Tencent\QQBrowser\nsis_skin.gt (601 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\arrowdown_hover_ie.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\dock_game_active.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\skin_mask.png (923 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\error.html (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\EventTracing.dll (1326 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\history\img\search.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\quicklink_recommendcelltag.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\thumb\http___www.qq.com__pgv_ref=qqBrowserPC.jpg (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\tssafeedit.dat (41 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin\skin_selected_blank_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\lock_ie.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\dock_video.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\lib\ycalendar.js (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\delete.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\css\ycalendar.css (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\wifi_dialog_cancel_btn.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Liveup\Temp\QBUtils.dll (12287 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\yellow.png (626 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\resources.pri (3 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\js\init.js (8 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\picker_ceil_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\image\infobar_close_hover.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\navi.ico (15 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\text_light.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Infobar\image\infobar_login.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\Assistant.dll (6284 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\img\up-down.png (999 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\css\articlecontent.css (12 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\shadow-bottom.png (2 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\HomePage\0\website\bgsearch_day.jpg (4 bytes)
%Program Files%\Tencent\QQBrowser\Html\images\icon_suggested_action.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Infobar\image\infobar_fav.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\sliderman.1.3.7.js (19 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\Downloader.dll (4010 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\img\down.png (960 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img (4 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\images\site_text.png (5 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\quicklink_toast_locked.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Thumb\http___speed.qq.com_act_a20141103plan_.jpg (16 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\picker_floor.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\js\tool.js (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\8.0.0.12\manifest.json (256 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\lib (4 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\lock_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\arrowdown.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Infobar\css\base.css (2 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\images\icon_suggested_action.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\quicklink_newcelltag.png (1 bytes)
%Program Files%\Tencent\QQBrowser\BugReport.exe (2321 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\account\down.png (971 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\event\bg.png (28 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin\skin_selected_blank.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\favicon\index.html#skin.ico (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\images\loading.gif (5 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\image.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\homepage\index.ini (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\service\qqtrack.xml (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Extensions8\Temp\{E5914276-7752-43C4-9723-50EE9CF51AD8}.qrx (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\Infobar\js\base.js (4 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\history\history2.js (21 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\dock_video_active.png (3 bytes)
%Program Files%\Tencent\QQBrowser\Html\lib\ycalendar.js (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\images\searchlogo_24_baidu.png (870 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\lock_active_ie.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\certerror.html (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\site_text.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\{3E9C7A5B-D249-4C28-A451-53E1024AD354} (2 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\dock_game_hover.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\arrowdown_ie.png (1 bytes)
%Program Files%\Tencent\QQBrowser\QBSafe.dll (1735 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\quicklink_toast_unlocked.png (2 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\search_btn.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\quicklink_toast_locked.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Thumb\http___tq.qq.com_qbrcenter_index.html_adtag=8gongge.jpg (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\Infobar\image\infobar_fav.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\searchlogo_24_bing.png (442 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\private.html (3 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin\skin_selected_white_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\favicon\index.html#history.ico (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\dock_video_active.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\service\xperf.exe (5001 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\images\searchlogo_24_google.png (919 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\delete_active_ie.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\thumb\http___s.click.taobao.com_khr1bAy.jpg (9 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\images\icon_not_recommended.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\quicklink_toast_unlocked.png (2 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\history.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\searchbar_searchengine_arrow.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\history\css\history.css (8 bytes)
%Program Files%\Tencent\QQBrowser\Microsoft.VC90.CRT\msvcm90.dll (1281 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\delete_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\js\injectReader.js (19 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\searchbar_searchengine_arrow.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\images\searchlogo_24_google.png (919 bytes)
%Program Files%\Tencent\QQBrowser\Html\images\search_btn.png (1 bytes)
%Program Files%\Tencent\QQBrowser\QRCode.dll (31 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\db\random.db (10 bytes)
%Program Files%\Tencent\QQBrowser\QQBrowserLiveup.exe (1425 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\image\infobar_close_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Adblock\mainlist.ze (29 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\lib\ycalendar.js (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\close.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\css\ycalendar.css (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\lock_hover_ie.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\{B00DFF21-511E-4249-BCB9-EECC370D796B} (430 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\images\searchlogo_24_soso.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\js\business.js (9 bytes)
%Program Files%\Tencent\QQBrowser\Infobar\image\infobar_close_normal.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\js\init.js (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\arrowdown_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\quicklink_newcelltag.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\close.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\lib\jquery.mCustomScrollbar.concat.min.js (37 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\js\init.js (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\service\perfctrl.dll (3447 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\plugin2.png (6 bytes)
%Program Files%\Tencent\QQBrowser\Infobar\image\security.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Extensions8\Temp\{C74EB4B8-B51A-4BF7-A213-E29859D69D83}.qrx (15 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\dock_game_active.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\QRCode.dll (31 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\searchbar_searchengine_arrow.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\icon_not_recommended.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\history.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid (12 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\account\down.png (971 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\gray.png (501 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\picker_floor.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\history\img\down.png (960 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\css\style.css (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\thumb\http___www.3366.com__ADTAG=cop.QQbrowser.8new.jpg (16 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\{B00DFF21-511E-4249-BCB9-EECC370D796B} (430 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\small.png (2 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\images\search_btn.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\account_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\lib\jquery.easing.js (3 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\images\large_installed_arrow.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\MouseGesture.dll (872 bytes)
%Program Files%\Tencent\QQBrowser\PrScrn.dll (1281 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\arrowdown_hover_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\background.html (122 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\腾讯软件\QQ浏览器\QQ浏览器.lnk (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\account.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\nsis_skin.gt (106 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\QQBrowserSecurityCenter.exe (2015 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\Microsoft.VC90.CRT\msvcm90.dll (2129 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\HomePage\0\website\bggradient_day.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\content.js (30 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\js\inforBar.js (1 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\62B5AF9BE9ADC1085C3C56EC07A82BF6 (153 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\dock_game_hover.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\lib\template.js (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\delete_active_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\searchlogo_24_baidu.png (870 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\searchlogo_24_google.png (919 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\quicklink_newcelltag_ie.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\homepage\0\website\imgSearch.png (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\night.png (546 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\images\small.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\homepage\0\website\bggradient_day.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\delete.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Thumb\http___qzone.qq.com_.jpg (12 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Adblock\wbg.png (136 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\css\app.css (9 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\skin_selected_blank_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\images\shadow-bottom.png (2 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\{3349050F-829E-4bb2-AACF-03E3A6B68677} (5 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\manifest.json (5 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\unlock_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\index.html (17 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\account_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\dock_video_hover.png (3 bytes)
%Program Files%\Tencent\QQBrowser\EventTracing.dll (39 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\site_text.png (5 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\css\screen.css (14 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\picker_ceil_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\plugin3.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\images\Private-icon.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\lock_hover_ie.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\unlock_active_ie.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\image.png (5 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\unlock_hover.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Infobar\image\icon.png (487 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\tab_bg_white.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\plugin1.png (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\{3349050F-829E-4bb2-AACF-03E3A6B68677} (5 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\delete_hover_ie.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\default.ico (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\lib\jquery.min.js (92 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\green.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\{B00D20E2-207A-431A-9712-E1279792681B} (89 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{00000000-0000-0000-0000-000000000000}\jquery.js (601 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\error.html (7 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\history\img\closeBtnSearchbar.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\css\style.css (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\QQBrowserFrame.dll (13493 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\large_installed_arrow.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\lock_active_ie.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\lock_ie.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\Infobar\image\infobar_close_normal.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\delete_hover_ie.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\images\small.png (2 bytes)
%Program Files%\Tencent\QQBrowser\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\app.js (17 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\BugReport.exe (7256 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Liveup\Temp\Microsoft.VC90.CRT\msvcr90.dll (4185 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\images\wifi_dialog_cancel_btn.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\addressbar_white.png (5 bytes)
%Program Files%\Tencent\QQBrowser\QQBrowserSecurityCenter.exe (673 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\history\img\closeBtnSearchbar.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\js\init.js (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\homepage\0\website\sogou_web.png (5 bytes)
%Program Files%\Tencent\QQBrowser\service\qqtrack.xml (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\searchlogo_24_soso.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\app.png (1 bytes)
%Program Files%\Tencent\QQBrowser\tssafeedit.dat (41 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\lib\jquery.mCustomScrollbar.css (9 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\small.html (2 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\app_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\dock_game_active.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\InstModules\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\index.html (17 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\{CAA4306F-826C-4c1b-8FC6-571F84949DB4} (6 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\unlock_active_ie.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\js\business.js (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\history\img\atbk2.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\lock_hover.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\service\QQTrace.ini (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\gray.png (501 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\images\plugin2.png (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\Infobar\image\infobar_offlineurl.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\account_hover.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\Microsoft.VC90.CRT\msvcr90.dll (8224 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76 (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\js\business.js (8 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\icon_suggested_action.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\account.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Thumb\http___browser.qq.com_new_wechat1.0.html_type=1.jpg (10 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\reader.html (30 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\image\accountInfo.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\images\wifi_dialog_continue_btn.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\lib\template.js (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\delete_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\history_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\dock_game.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\image (4 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{C74EB4B8-B51A-4BF7-A213-E29859D69D83}.qrx (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\Config.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\db\history.db (108 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}.qrx (1281 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\arrowdown.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Extensions8\{5062F1C6-D76B-43c8-ADAE-D060662C6546}\extplayer.js (30 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\skin_selected_blank_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\unlock_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\wifi_dialog_continue_btn.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\history\img\atbk2.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\delete_hover_ie.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\js\api.js (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\js\global.js (394 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\manifest.json (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Extensions8\Temp (4 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\images\wifi_dialog_close_btn.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\{6970B802-2F13-4038-B620-33B0211D26A0} (99 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\manifest.json (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\{6970B802-2F13-4038-B620-33B0211D26A0} (601 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\lock_hover_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\delete_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\text_light.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\index.html (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\QBUtils.dll (17689 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\history\img\del2.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\css\app.css (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\homepage\0\website\icon.fw.png (8 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\img\search.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\Microsoft.VC90.CRT (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\certerror.html (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Extensions8\Temp\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}.qrx (244 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin\picker_floor.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Extensions8\Temp\{A1D7EDF6-6151-4F2D-B39E-01D6FABE0325}.qrx (19 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\images\small_installed_arrow.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\HomePage\0\website\icon.fw.png (8 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Thumb\http___www.3366.com__ADTAG=cop.QQbrowser.8new.jpg (16 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\8.0.0.12\QBSafe.dll (1735 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\app_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\history\css\history.css (8 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\arrowdown_ie.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\Dialogs.dll (10771 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\HomePage\0\website\imgSearch.png (10 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\addressbar_white.png (5 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\index.html (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\images\bkg.gif (22 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\dr.dll (864 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\js\api.js (3 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin\text_light.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\images\searchlogo_24_bing.png (442 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\favicon\index.html#skin.ico (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Extensions8\Temp\{132A61AD-1025-4629-960D-B21EE8BAABB3}.qrx (17 bytes)
%Program Files%\Tencent\QQBrowser\Html\lib\jquery.easing.js (3 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\images\warn-dialog-close.png (295 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\history\img\up-down.png (999 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\delete_ie.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\HomePage\0\website\sogou_web.png (5 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\unlock_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Liveup\Temp\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\qqtrack.xml (7 bytes)
%Documents and Settings%\%current user%\Desktop\上网导航.lnk (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\skin_selected_blank.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\lock_ie.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\InstModules\QBUtils.dll (12287 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\delete_active.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Adblock\{43789A6F-8316-54A6-96D4-87874B9CC177} (5 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\css\style.css (2 bytes)
%Documents and Settings%\%current user%\Desktop\QQ浏览器.lnk (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin\skin_selected_white.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\{B00D20E2-207A-431A-9712-E1279792681B} (89 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\image\infobar_close_normal.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\arrowdown_hover.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\favicon\index.html#history.ico (1 bytes)
%Program Files%\Tencent\QQBrowser\Infobar\image\infobar_close_active.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\images\plugin1.png (11 bytes)
%Program Files%\Tencent\QQBrowser\service\PerfTraceService.exe (1425 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Adblock\wbg.png (136 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\js\business.js (9 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\history.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\account_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\wifi_dialog_continue_btn.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\arrowdown_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\content.js (30 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Video\vd.ini (1 bytes)
%Program Files%\Tencent\QQBrowser\Infobar\image\infobar_close_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Thumb\http___www.qq.com__pgv_ref=qqBrowserPC.jpg (16 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\images\uninstallBtn.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\js\global.js (1 bytes)
%Program Files%\Tencent\QQBrowser\skin\LightStripes.gt (601 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\default.ico (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin\theme_ie.png (15 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin\picker_floor_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\img\closeBtnSearchbar.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\lock.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\img\atbk2.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\picker_floor_hover.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\js\business.js (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\Infobar\image\icon.png (487 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Extensions8\Temp\{ACC06D2A-2285-4ed9-B4E4-0F3198501410}.qrx (12 bytes)
%Program Files%\Tencent\QQBrowser\uninst.exe (2105 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\image\infobar_close_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\night.png (546 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\picker_ceil.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\quicklink_newcelltag_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\css\app.css (9 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\app_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\wifi_dialog_cancel_btn.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\js\api.js (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\background.html (122 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin\addressbar_blank.png (5 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\image\accountInfo.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\private.html (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\history\img\checkbox.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\unlock_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\app.js (17 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\default-icon.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Resource.dll (673 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\manifest.json (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}.qrx (2105 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin\picker_ceil_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\css\history.css (8 bytes)
%Program Files%\Tencent\QQBrowser\app.ico (284 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\js\tool.js (3 bytes)
%Program Files%\Tencent\QQBrowser\Html\images\shadow-bottom.png (2 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\default-icon.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin_active.png (1 bytes)
%Program Files%\Tencent\QQBrowser\QBUtils.dll (12287 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\js\tool.js (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img (4 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\62B5AF9BE9ADC1085C3C56EC07A82BF6 (224 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\history\history2.js (21 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\small_installed_arrow.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\InstModules\Microsoft.VC90.CRT\msvcr90.dll (4185 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{7E2975A3-E661-42F2-8614-A9D18CBB20FE}.qrx (19 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\css\style.css (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\qqtrack.xml (7 bytes)
%Program Files%\Tencent\QQBrowser\NetWork.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\CustomerJoinPlan.txt (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Adblock\whitelist.ze (1 bytes)
%Program Files%\Tencent\QQBrowser\TridentCore.dll (7345 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\css\style.css (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}.qrx (1645 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\QQBrowserLiveup.exe (3502 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\app.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\unlock_active.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\images\Private-icon.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\background.js (31 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\close.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\WebpDecodeFilter.dll (2128 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\license.txt (17 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\skin_selected_white.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\images\bkg.gif (22 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\service\PerfTraceService.exe (2934 bytes)
%Program Files%\Tencent\QQBrowser\Assistant.dll (2321 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\pink.png (716 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\unlock.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\dock_video_hover.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{E5914276-7752-43C4-9723-50EE9CF51AD8}.qrx (16 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\homepage\index.ini (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\service\qqtrack.xml (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\dock_video_active.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\lock_hover_ie.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\skin (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\Infobar\image\security.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\searchlogo_24_bing.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\Dialogs.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\thumb (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\lib\template.js (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\uninstallBtn.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Extensions8\{5062F1C6-D76B-43c8-ADAE-D060662C6546} (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\Infobar\css\base.css (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\account\up.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\image (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\Infobar\js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}.qrx (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\history_active.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\account_active.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{C74EB4B8-B51A-4BF7-A213-E29859D69D83}.qrx (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\Config.xml (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\small.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\lib\jquery.easing.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Adblock\mainlist.ze (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}.qrx (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\NetWork.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\homepage\0 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\{B00D20E2-207A-431A-9712-E1279792681B} (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\js\api.js (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{ACC06D2A-2285-4ed9-B4E4-0F3198501410}.qrx (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\Infobar\inforBar.html (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\thumb\http___speed.qq.com_act_a20141103plan_.jpg (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Extensions8\{5062F1C6-D76B-43c8-ADAE-D060662C6546}\extplayer.js (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\skin_selected_blank_ie.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\Infobar\image\icon.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\{3E9C7A5B-D249-4C28-A451-53E1024AD354} (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\db\homepage.db (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Adblock\{43789A6F-8316-54A6-96D4-87874B9CC177} (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\blue.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\js\init.js (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{7E2975A3-E661-42F2-8614-A9D18CBB20FE}.qrx (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\manifest.json (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\search_btn.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341} (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\Infobar\image\infobar_fav.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\{6970B802-2F13-4038-B620-33B0211D26A0} (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\private.html (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\picker_floor_hover.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\plugin3.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\js\init.js (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\delete_hover.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\Private-icon.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\text_light.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\service\xperf.exe (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\QBUtils.dll (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\delete_active_ie.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Adblock (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\thumb\http___s.click.taobao.com_khr1bAy.jpg (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\tab_bg_blank.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\css (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\quicklink_toast_unlocked.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\default.ico (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\thumb\qqbrowser_home.jpg (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\EventTracing.dll (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\picker_ceil.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\img\search.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\css (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\homepage\0\website\index.html (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\searchbar_searchengine_arrow.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\js (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\app_hover.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\plugin1.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\css\screen.css (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\js\api.js (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin_hover.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\css (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\Infobar\image (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\CustomerJoinPlan.txt (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}_1 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\video (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\thumb\http___browser.qq.com_new_wechat1.0.html_type=1.jpg (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\db\random.db (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Extensions8\{00000000-0000-0000-0000-000000000000} (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Extensions8\Temp\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}.qrx (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\dr.dll (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\image\infobar_close_active.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\lib\jquery.min.js (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\lib\ycalendar.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\homepage\0\website\bgsearch_day.jpg (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\close.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\css\ycalendar.css (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\Infobar\image\infobar_login.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\{B00DFF21-511E-4249-BCB9-EECC370D796B} (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\large_installed_arrow.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Extensions8\Temp\{E5914276-7752-43C4-9723-50EE9CF51AD8}.qrx (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Adblock\whitelist.ze (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\theme_ie.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\certerror.html (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin_active.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\sliderman.1.3.7.js (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\history2.js (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\loading.gif (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\quicklink_newcelltag.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\js\business.js (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\addressbar_white.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\lib\jquery.mCustomScrollbar.concat.min.js (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\small_installed_arrow.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manifest.json (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\plugin2.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\js (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\css\style.css (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\TridentCore.dll (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\img\del2.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\homepage\0\website\imgSearch.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\homepage\0\website\icon.fw.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Extensions8\Temp\{C74EB4B8-B51A-4BF7-A213-E29859D69D83}.qrx (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Extensions8\Temp\{132A61AD-1025-4629-960D-B21EE8BAABB3}.qrx (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\QRCode.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\Infobar\js\base.js (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\wifi_dialog_continue_btn.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\css (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\account\down.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\service (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\delete.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\img\checkbox.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\gray.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\Infobar\image\infobar_close_hover.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\picker_floor.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\lock_hover.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\delete_ie.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\thumb\http___www.3366.com__ADTAG=cop.QQbrowser.8new.jpg (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\PrScrn.dll (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\lock_active_ie.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\{CAA4306F-826C-4c1b-8FC6-571F84949DB4} (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\homepage\0\website (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\db\history.db (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\Resource.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Extensions8\Temp\{CD36E3DB-304A-48EF-A8A2-D873F608D2AE}.qrx (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\skin_selected_white.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\MouseGesture.dll (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\quicklink_recommendcelltag.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\db (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\css (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\homepage\0\website\bggradient_day.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\QQBrowserLiveup.exe (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\skin_selected_blank.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\dock_video.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\css\style.css (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\bkg.gif (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\css (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}.qrx (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\nsis_skin.gt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\QQBrowserSecurityCenter.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\QBInstaller.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\thumb\http___tq.qq.com_qbrcenter_index.html_adtag=8gongge.jpg (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\skin\ThirdParty.gt (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\event (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\content.js (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\img (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\js\search.js (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\small.html (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\js\inforBar.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}_1\QBSafe.dll (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\dock_game_hover.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\skin\DarkStripes.gt (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\unlock_active.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\event\bg.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\night.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\searchlogo_24_baidu.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\dock_game.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Extensions8 (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\warn-dialog-close.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\thumb\http___qzone.qq.com_.jpg (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\js\business.js (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\history.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\favicon (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\installed_arrow.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\arrowdown_hover.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Extensions8\Temp\{ACC06D2A-2285-4ed9-B4E4-0F3198501410}.qrx (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\favicon\index.html#app.ico (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\favicon\index.html#account.ico (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\img\atbk1.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\WebpDecodeFilter.dll (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\unlock_ie.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Adblock\wbg.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\pink.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\favicon\index.html#history.ico (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\service\perfctrl.dll (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\unlock_hover.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\picker_ceil_hover.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\delete_active.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{132A61AD-1025-4629-960D-B21EE8BAABB3}.qrx (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\default-icon.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\app.js (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\delete_hover_ie.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\reader.html (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\img\closeBtnSearchbar.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\lock.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\index.html (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\wifi_dialog_close_btn.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\qblogo.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\img\del.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\img\atbk2.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}_1\manifest.json (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\searchlogo_24_sogou.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\license.txt (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\hse.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\skin\LightStripes.gt (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\lock_active.png (0 bytes)
%Program Files%\Tencent\QQBrowser\manifest.json (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\pixel.gif (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\service\QQTrace.ini (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\video\vd.ini (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\icon_not_recommended.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\css\articlecontent.css (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\arrowdown_hover_ie.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\Infobar\image\infobar_close_active.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Extensions8\Temp\{7E2975A3-E661-42F2-8614-A9D18CBB20FE}.qrx (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\skin_mask.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\image.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\wifi_dialog_cancel_btn.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\addressbar_blank.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\css\app.css (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Extensions8\Temp\{A1D7EDF6-6151-4F2D-B39E-01D6FABE0325}.qrx (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\tab_bg_white.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\thumb\http___www.qq.com__pgv_ref=qqBrowserPC.jpg (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\tssafeedit.dat (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\background.html (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\image\accountInfo.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Extensions8\Temp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\{3349050F-829E-4bb2-AACF-03E3A6B68677} (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\QQBrowser.exe (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\Infobar (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\searchlogo_24_google.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\Microsoft.VC90.CRT (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\site_text.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\js\global.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\uninst.exe (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\manifest.json (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}.qrx (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{44A126BF-51C2-48AD-A593-94B50071EB64}.qrx (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\account (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\skin_selected_white_ie.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\error.html (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\resources.pri (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\quicklink_recommendcelltag_ie.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\css\history.css (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\QQBrowserFrame.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\js\injectReader.js (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\searchlogo_24_soso.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\image\infobar_close_hover.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\app_active.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\navi.ico (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{A1D7EDF6-6151-4F2D-B39E-01D6FABE0325}.qrx (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\js\tool.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\BugReport.exe (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{CD36E3DB-304A-48EF-A8A2-D873F608D2AE}.qrx (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\favicon\index.html#skin.ico (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\Assistant.dll (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\index.html (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\homepage (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Extensions8\Temp\{44A126BF-51C2-48AD-A593-94B50071EB64}.qrx (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\js\global.js (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\homepage\0\website\sogou_web.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\yellow.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\img\up-down.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\qqtrack.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\service\7z.exe (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\image\infobar_close_normal.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\shadow-bottom.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\thumb\https___mail.qq.com_.jpg (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\lib\jquery.mCustomScrollbar.css (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\accountInfoBar.html (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\dock_game_active.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\app.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\Infobar\css (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\Downloader.dll (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\img\down.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\unlock_active_ie.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\css\style.css (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\quicklink_toast_locked.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\dock_video_hover.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\UserPinnedTemp\QQ浏览器.lnk (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\QBExtensionFramework.dll (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\theme.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1 (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\quicklink_newcelltag_ie.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\Infobar\image\infobar_close_normal.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\Microsoft.VC90.CRT\msvcp90.dll (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\background.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Extensions8\{00000000-0000-0000-0000-000000000000}\jquery.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\UserPinnedTemp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}.qrx (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\unlock_hover_ie.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\lib (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\arrowdown_ie.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\arrowdown.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\Infobar\image\infobar_offlineurl.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\green.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\account_hover.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\Microsoft.VC90.CRT\msvcr90.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76 (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\lock_ie.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\icon_suggested_action.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{E5914276-7752-43C4-9723-50EE9CF51AD8}.qrx (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\account.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\Microsoft.VC90.CRT\msvcm90.dll (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\unlock.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\service\PerfTraceService.exe (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\history_hover.png (0 bytes)

The process %original file name%.exe:860 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsn2.tmp\24.tmp (76976 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsn2.tmp\V8._85296_20150814221218.exe (40581 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsn2.tmp\f.gif (2684 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsn2.tmp\System.dll (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsn2.tmp\21.tmp (394252 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsn2.tmp\kinst_168_57.exe (9483 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsn2.tmp\NSISdl.dll (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsn2.tmp\lxsaju.exe (663147 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsn2.tmp\5590b2ab_1202000454.exe (334277 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsn2.tmp\ZipDLL.dll (3441 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsn2.tmp\25.tmp (55386 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsn2.tmp\Base64.dll (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsn2.tmp\1332280.exe (36879 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsn2.tmp\DeskDrawer_0016212_01.exe (8737 bytes)

The Trojan deletes the following file(s):

%Program Files%\Tencent\QQBrowser\uninst.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsx1.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsn2.tmp (0 bytes)

The process QQBrowser.exe:740 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%WinDir%\Tasks\QQBrowser Udpater Task(Core).job (280 bytes)
%WinDir%\Tasks\QQBrowser Udpater Task.job (276 bytes)

The process QQBrowser.exe:216 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\dr_packet.dat (392 bytes)

The process QQBrowser.exe:1836 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Program Files%\Tencent\QQBrowser\QQBrowserConfig.dat (114 bytes)

The process QQBrowser.exe:884 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\dr_packet.dat (328 bytes)

The process QQBrowser.exe:464 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Skin\001-Cool Air.gt (252503 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Skin\LightStripes.gt (601 bytes)

The process QQBrowser.exe:1180 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\dr_packet.dat (728 bytes)

The process QQBrowser.exe:316 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\quicklink_recommendcelltag.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\private.html (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\history\history2.js (21 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\account_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\app\images\uninstallBtn.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\app\images\qblogo.png (868 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\skin_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\lib\jquery.mCustomScrollbar.css (9 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manifest.json (211 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\history\css\history.css (8 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\skin\skin_mask.png (923 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\images\searchlogo_24_soso.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\sidebar\phone.png (16 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\account.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\images\Private-icon.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\favicon\index.html#account.ico (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\skin\skin_selected_blank_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\app\images\wifi_dialog_continue_btn.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{66AC5389-365D-4B55-BF5C-5A2A4BC21CCD}\8.0.0.44\wechat.ico (137 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\history.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\css\ycalendar.css (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\skin.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\arrowdown_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\unlock.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\index.html (17 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\skin\skin_selected_white.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\unlock_hover_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\history\img\search.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\history\img\checkbox.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\skin\theme_ie.png (15 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\images\searchlogo_24_bing.png (442 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\app\images\default-icon.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\arrowdown.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\skin\addressbar_blank.png (5 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\skin\picker_floor_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\css\style.css (5 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\8.0.0.131\manifest.json (269 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\delete.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\favicon\index.html#skin.ico (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\history\img\del.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\default.ico (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\account\down.png (971 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\sidebar\dock_game.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\images\small.png (2 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\js\business.js (8 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\skin\theme.png (25 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\app\images\wifi_dialog_close_btn.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\event\ext.png (13 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\quicklink_toast_unlocked.png (2 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\delete_active_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\js\api.js (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\lib\jquery.mCustomScrollbar.concat.min.js (37 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\account\up.png (971 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\quicklink_toast_locked.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\app\images\large_installed_arrow.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\skin\addressbar_white.png (5 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\skin\text_light.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\images\icon_not_recommended.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\history\img\down.png (960 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\images\icon_suggested_action.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Scope\228\History\desktop.ini (159 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\history\img\atbk1.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\history\img\atbk2.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\app\sliderman.1.3.7.js (19 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\qrxD.tmp.qbl (64977 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\sidebar\arrow_expand.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\sidebar\dock_video.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\app\images\warn-dialog-close.png (295 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\8.0.0.131\QBSafe.dll (1782 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\lock_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\skin\tab_bg_blank.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\quicklink_newcelltag_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{66AC5389-365D-4B55-BF5C-5A2A4BC21CCD}\8.0.0.44\NetService.dll (3724 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\css\style.css (11 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\skin_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\quicklink_newcelltag.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\js\api.js (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\close.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\index.html (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\js\business.js (9 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\small.html (2 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\delete_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\delete_hover_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\history\img\up-down.png (999 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\lib\jquery.min.js (92 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\unlock_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\app\images\loading.gif (5 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\quicklink_recommendcelltag_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{6C1AE4FB-CABB-4509-9394-6CF047DA5B1A}\qrx18.tmp.qbl (6242 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\unlock_active_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\js\init.js (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\event\bg.png (49 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\skin\picker_floor.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\skin\tab_bg_white.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\sidebar\dock_phone.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{66AC5389-365D-4B55-BF5C-5A2A4BC21CCD}\qrx17.tmp.qbl (88899 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\qrx13.tmp.qbl (100555 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\images\bkg.gif (22 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\app\images\wifi_dialog_cancel_btn.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\app.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\skin\picker_ceil.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Scope\228\History\History.IE5\desktop.ini (159 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\js\global.js (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\app\app.js (17 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\lib\template.js (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\js\init.js (8 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\lock_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\manifest.json (5 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\js\sidebar.js (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\account_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\error.html (7 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\favicon\index.html#history.ico (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\images\searchlogo_24_sogou.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\app\images\installed_arrow.png (176 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\lib\ycalendar.js (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\sidebar\qb-flag.png (989 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\app_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\lock_active_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\arrowdown_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\sidebar\dock_qq.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\delete_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\favicon\index.html#app.ico (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\js\tool.js (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\lock_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\app\css\app.css (9 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\images\pixel.gif (43 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{8A24087F-391C-4695-B60C-56BE31AF1ECC}\qrx16.tmp.qbl (50 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\lock_hover_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\images\searchlogo_24_baidu.png (870 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\app\images\plugin1.png (11 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\history_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\images\searchlogo_24_google.png (919 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\skin\skin_selected_white_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\unlock_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\history\img\del2.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\lock.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\sidebar\arrow_fold.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\history\img\closeBtnSearchbar.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\lib\jquery.easing.js (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\searchbar_searchengine_arrow.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\history_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\unlock_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\app_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\sidebar\dock_live.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\certerror.html (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\js\global.js (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\images\hse.png (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\skin\picker_ceil_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\skin\skin_selected_blank.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\delete_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\arrowdown_hover_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\js\search.js (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\images\search_btn.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\app\images\small_installed_arrow.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\images\shadow-bottom.png (2 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\css\sidebar.css (2 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{66AC5389-365D-4B55-BF5C-5A2A4BC21CCD}\8.0.0.44\manifest.json (270 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\app\images\plugin3.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\app\images\plugin2.png (6 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\app\images\site_text.png (5 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{66AC5389-365D-4B55-BF5C-5A2A4BC21CCD}\qrx17.tmp (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\qrx13.tmp (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{6C1AE4FB-CABB-4509-9394-6CF047DA5B1A}\qrx18.tmp (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{8A24087F-391C-4695-B60C-56BE31AF1ECC}\qrx16.tmp (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\qrxD.tmp (0 bytes)

The process QQBrowser.exe:656 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\QQBrowserLog\20160902_201925.etl (28 bytes)

The process QQBrowser.exe:228 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ClientUpdate\cli12.tmp.qbl (592 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\OnlineSetup\sso\QQBrowserOTA.exe (7386 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_l40h9cgmOj6oRo4 (73 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\OnlineSetup\QQBrowserFix\QQBrowserOTA.exe (313 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@sogou[2].txt (277 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ClientUpdate\cli14.tmp.qbl (11807 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\DB\homepage.db (54 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\OnlineSetup\QQMail\iniE.tmp.qbl (355 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\DB\favorite.db-journal (14062 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\DB\history.db-journal (15492 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@sogou[1].txt (610 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5 (933 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\DB\favicons.db-journal (9552 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\OnlineSetup\QQBrowserFix\QQBrowserFix.zip.qbl (67201 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_Q2Zh96bqHtsY5eo (540 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ClientUpdate\cli10.tmp.qbl (34120 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\OnlineSetup\sso\sso.zip.qbl (259937 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\OnlineSetup\QZonePhoto\iniF.tmp.qbl (355 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (156 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\OnlineSetup\QQMail\QQMail.zip.qbl (136591 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\OnlineSetup\sso\ini5.tmp.qbl (355 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\OnlineSetup\QQBrowserFix (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\OnlineSetup\QQMail\QQBrowserOTA.exe (1849 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5 (164 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\DB\favicons.db (1317 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\DB\history.db (3528 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_pGfT25XRAyhadrg (66 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\DB\favorite.db (599 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\OnlineSetup\QQBrowserFix\ini6.tmp.qbl (355 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (1552 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\DB\homepage.db-journal (2750 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ClientUpdate\update.ini (108 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\OnlineSetup\QQMail\iniE.tmp (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\OnlineSetup\sso\QQBrowserOTA.exe (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\OnlineSetup\QQBrowserFix\QQBrowserFix.zip (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\OnlineSetup\QQBrowserFix\QQBrowserOTA.exe (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@sogou[2].txt (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\OnlineSetup\QQBrowserFix\QQBrowserFix.zip.qbl (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\OnlineSetup\QQMail\QQMail.zip (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\DB\favorite.db-journal (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\DB\history.db-journal (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\DB\favicons.db-journal (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\OnlineSetup\sso\sso.zip.qbl (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\OnlineSetup\sso\sso.zip (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\OnlineSetup\QQBrowserFix\ini6.tmp (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ClientUpdate\cli12.tmp (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\OnlineSetup\QQMail\QQMail.zip.qbl (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\OnlineSetup\QQBrowserFix (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\OnlineSetup\QQMail\QQBrowserOTA.exe (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@sogou[1].txt (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\OnlineSetup\QQMail (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ClientUpdate\cli10.tmp (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\OnlineSetup\QZonePhoto\iniF.tmp (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\DB\homepage.db-journal (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\OnlineSetup\sso\ini5.tmp (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\OnlineSetup\sso (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\OnlineSetup\QZonePhoto (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ClientUpdate\cli14.tmp (0 bytes)

The process QQBrowser.exe:324 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (158 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\I9I58XG7\masterconn.qq[1] (246 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\QBWRQ5Y3\favicon[1].ico (50 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (776 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@sogou[2].txt (645 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\QBWRQ5Y3\masterconn.qq[1] (132 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\I9I58XG7\masterconn.qq[1] (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\QBWRQ5Y3\masterconn.qq[1] (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@sogou[1].txt (0 bytes)

The process QQBrowser.exe:1668 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\I9I58XG7\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\desktop.ini (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\QF4VEVUN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\QBWRQ5Y3\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\EDCJ6H0N\desktop.ini (67 bytes)

The process QQBrowser.exe:512 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Cookies\index.dat (776 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@sogou[1].txt (645 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][2].txt (158 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Cookies\Current_User@sogou[2].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (0 bytes)

The process DeskDrawer.exe:508 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Program Files%\DeskDrawer\Res\jilu.ini (2 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (388 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@99ruyi[1].txt (212 bytes)

The process lxsaju.exe:1308 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\MsgPush.dll (3668 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\BrowserCore.dll (7386 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\mafengwo\1.0.0.8\PluginSetup.xml (643 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\weixin\1.0.0.8 (4 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\BaiduAssistant.exe (1687 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\img\bg-button-new.png (977 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\apps\bookmarks\favicon.ico (5 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\tieba\1.0.0.8\PluginSetup.xml (636 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\weixin\1.0.0.8\skinres.rdb (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\vsu\gc.7z (47888 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Skins\popwindow.rdb (46 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\weibo\1.0.0.8\PluginSetup.xml (634 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\AppPluginState_Install.xml (931 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\img\icon-clear-general-png8.png (841 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\img\logo57x65.png (4 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xiachufang\1.0.0.8\completelist.txt (30 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Skins\MainFrame.rdb (5442 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\bdlog.dll (38 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Skins\AppContainer.rdb (119 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\img\bg-radio-checked.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\tieba\1.0.0.8\complete_check_list.pb (192 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\uninst.exe (281 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\resou\1.0.0.8\completelist.txt (30 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Skins\FrameMask.rdb (40 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\tieba\1.0.0.8\completelist.txt (30 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\apps\error-pages\res\js\common.js (2 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\apps\bookmarks\res\css\img\arrow-png8.png (260 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\box-shadow.css (1 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\common\Software.pb (601 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\js\map.js (8 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xiachufang\1.0.0.8\PluginSetup.xml (646 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\img\icon-connect.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\img\icon-circle-loading.gif (9 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Skins\BDSearchBar.rdb (1716 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\tieba\1.0.0.8\complete_check_list.pb (192 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\ximalaya\1.0.0.8\PluginSetup.xml (643 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\xiachufang\1.0.0.8\PluginSetup.xml (646 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\img\bg-button-search.png (382 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\img\bg-box-shadow-center-left.png (130 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\weixin\1.0.0.8\PluginSetup.xml (638 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\game\1.0.0.2\JoystickService.dll (673 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\youxijiasuqi\2.0.800.1274\completelist.txt (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\img\bg-textbox.png (601 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\gupiao\1.0.0.8\PluginSetup.xml (496 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\jietu\2.101.0.65\completelist.txt (64 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\apps\error-pages\connection-fail.html (12 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\apps\bookmarks\res\css\img\folder-arrow-hover-png8.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\jietu\2.101.0.65\PluginSetup.xml (637 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Skins\homepage.rdb (3 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xinwen\1.0.0.9\completelist.txt (30 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\apps\error-pages\crash.html (1 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\weibo\1.0.0.8\complete_check_list.pb (192 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\img\logo_blank.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Skins\msgcenter.rdb (25 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\ExternalMgr.dll (281 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\Common\Global.db (100 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\img\icon-clear-new-8.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\mafengwo\1.0.0.8\completelist.txt (30 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\ximalaya\1.0.0.8 (4 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\img\mg-close.png (170 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\jietu\2.101.0.65\skinres.rdb (8 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\ximalaya\1.0.0.8\skinres.rdb (6 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\game\1.0.0.2\complete_check_list.pb (300 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\img\icon-clear-new.png (451 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\img\icon-loading.gif (5 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Protocol.dll (1647 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\img\button-search-input.png (332 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\img\bg-button.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\BIDULocationService.dll (3663 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\BaiduUpdate.exe (1756 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\img\bg-box-shadow-bottom-right.png (259 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\weibo\1.0.0.8\complete_check_list.pb (192 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\jietu\2.101.0.65\completelist.txt (64 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Skins\Update.rdb (122 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\defaultDB\bookmark.db (10 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xiachufang\1.0.0.8\complete_check_list.pb (192 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\xiachufang\1.0.0.8\skinres.rdb (8 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\common\auto_complete\top_site.db (673 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\img\icon-404.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\img\bg-checkbox-unchecked.png (361 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\js\jssdk-v2.js (10 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\gupiao\1.0.0.8 (4 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\game\1.0.0.2\PluginSetup.xml (502 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\font\open-sans\OpenSans-Light-webfont.woff (22 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\img\bg-checkbox-checked.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\LocalPluginInfo.xml (6 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Skins\Apps.rdb (67 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\pack_z.png (17 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\resou\1.0.0.8 (4 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\weixin\1.0.0.8\skinres.rdb (9 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\BDMSkin.dll (6394 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\youxijiasuqi\2.0.800.1274\complete_check_list.pb (8 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\GlobalPluginInfo.xml (11 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xinwen\1.0.0.9\complete_check_list.pb (192 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\BaiduBugRpt.exe (1778 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\img\bg-box-shadow-top-center.png (122 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\chromeclient.dll (15021 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\img\top\365.png (2 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\xiachufang\1.0.0.8\complete_check_list.pb (192 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\jietu\2.101.0.65\PluginSetup.xml (637 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\xiachufang\1.0.0.8\completelist.txt (30 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\DetectVm.dll (76 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\msvcr100.dll (3846 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\img\bg-box-shadow-center-right.png (130 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\img\checkbox-8.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\img\bg-box-shadow-bottom-left.png (249 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\reset.css (826 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\mafengwo\1.0.0.8\completelist.txt (30 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\mafengwo\1.0.0.8\skinres.rdb (7 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\apps\bookmarks\res\css\img\head-star-png8.png (450 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\gupiao\1.0.0.8\completelist.txt (30 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Skins\BrowserNotify.rdb (259 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\img\general.png (379 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\img\top\qxdh20140619.png (2 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\img\app-reload.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Report.dll (116 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\resou\1.0.0.8\PluginSetup.xml (634 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Heartbeat.dll (237 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\game\1.0.0.2\PluginSetup.xml (502 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\youxijiasuqi\2.0.800.1274\completelist.txt (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\login_z.png (365 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\img\icon-alert-ok.png (79 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\ximalaya\1.0.0.8\completelist.txt (30 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\AppPluginState_Install.xml (931 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\font\open-sans\OpenSans-Light-webfont.ttf (37 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\error-pages_z.png (32 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\weixin\1.0.0.8\PluginSetup.xml (638 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\weibo\1.0.0.8 (4 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\mafengwo\1.0.0.8\skinres.rdb (7 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\img\mg-foward.png (156 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\youxijiasuqi\2.0.800.1274 (4 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\img\iframe_loading.gif (19 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\xinwen\1.0.0.9\PluginSetup.xml (638 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\mafengwo\1.0.0.8\complete_check_list.pb (192 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\js\global.js (224 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\img\top\349.png (3 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\bdminiopenssl.dll (1714 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\resou\1.0.0.8\completelist.txt (30 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\img\banner.png (5 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\js\DD_belatedPNG_0.0.8a-min.js (6 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\img\logo25x29.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\BDDocker.dll (145 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\js\respond.min.js (4 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\defaultDB\top_site.db (133 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\img\top\44.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\gupiao\1.0.0.8\complete_check_list.pb (192 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\BrowserFrame.dll (7972 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\apps\bookmarks\res\css\img\folder-arrow-png8.png (292 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\apps\bookmarks\res\css\img\folder.png (276 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\game\1.0.0.2 (4 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\resou\1.0.0.8\skinres.rdb (11 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\defaultDB\136.dat (3 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\weixin\1.0.0.8\completelist.txt (30 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\img\top\366.png (5 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\jietu\2.101.0.65\complete_check_list.pb (392 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\rpt.dat (41216 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LogicMisc.dll (28502 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\img\privacy.png (296 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\apps\error-pages\app-error.html (3 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\apps\login\login.html (5 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\img\bg-searchbox-active.png (893 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\msvcp100.dll (1702 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\img\png8-login-success.png (824 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\apps\bookmarks\bookmarks.html (3 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\img\top\343.png (4 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\js\login_mods.js (157 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\common\appBlackList.dat (5 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Skins\AssociateWnd.rdb (122 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\jietu\2.101.0.65\jietuDll.dll (601 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\game\1.0.0.2\completelist.txt (51 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\img\default-icon.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\bookmarks.css (9 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\tieba\1.0.0.8\skinres.rdb (8 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Skins\CommonRes.rdb (1815 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\img\button-baidu-search.png (379 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Skins\Setting.rdb (79 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\apps\bookmarks\res\css\img\png8-dialog-close.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\BaiduService.exe (240 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\atl100.dll (138 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\BDDockerX64.dll (170 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\img\se\icon-baidu1.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\img\bg-box-shadow-top-left.png (194 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\xinwen\1.0.0.9 (4 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\game\1.0.0.2\skinres.rdb (8 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\youxijiasuqi\2.0.800.1274\PluginSetup.xml (523 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\BDDockerX64.exe (148 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\resou\1.0.0.8\PluginSetup.xml (634 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\gupiao\1.0.0.8\PluginSetup.xml (496 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\apps\bookmarks\res\css\img\png8-dialog.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\weibo\1.0.0.8\PluginSetup.xml (634 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Baidu.exe (3740 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\jietu\2.101.0.65\complete_check_list.pb (392 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\apps\error-pages\connection-error.html (12 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\common\msgconfig.pb (71 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\jietu\2.101.0.65\screensnapshot.exe (6841 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\UIHandler.dll (20507 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\youxijiasuqi\2.0.800.1274\complete_check_list.pb (8 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\gupiao\1.0.0.8\skinres.rdb (8 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\xinwen\1.0.0.9\completelist.txt (30 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\js\request.js (3 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\error-pages_x.png (89 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\tieba\1.0.0.8\skinres.rdb (8 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\error-pages.css (3 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\xinwen\1.0.0.9\complete_check_list.pb (192 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\mafengwo\1.0.0.8\PluginSetup.xml (643 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\jietu\2.101.0.65\jietuDll.dll (86 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Download.dll (68 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\img\bg-box-shadow-top-right.png (202 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\youxijiasuqi\2.0.800.1274\PluginSetup.xml (523 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\img\se\icon-baidu.png (367 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xiachufang\1.0.0.8\skinres.rdb (8 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\CommonWorker.dll (57 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\img\top\363.png (4 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\bookmarks_z.png (7 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\img\bg-circle-loading-large.png (17 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\pack.css (31 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\weixin\1.0.0.8\completelist.txt (30 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\img\bg-circle-loading.png (6 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\gupiao\1.0.0.8\completelist.txt (30 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Skins\AroundWidget.rdb (21 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\img\1px.png (947 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\resou\1.0.0.8\complete_check_list.pb (192 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\img\se\icon-google.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\bdb_scheme.dat (742 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Skins\Menu.rdb (76 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\CheckerProxy.dll (136 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends (4 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\resou\1.0.0.8\skinres.rdb (11 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\mafengwo\1.0.0.8 (4 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\weibo\1.0.0.8\skinres.rdb (10 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\img\se\icon-taobao.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\img\bg-searchbox.png (893 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\xiachufang\1.0.0.8 (4 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\youxijiasuqi\2.0.800.1274\skinres.rdb (7 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\LocalPluginInfo.xml (6 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\ximalaya\1.0.0.8\completelist.txt (30 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\img\png8-ex.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\defaultDB\msgconfig.pb (71 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\img\checkbox-off.png (322 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\font\open-sans\OpenSans-Light-webfont.svg (117 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\img\mg-back.png (154 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\img\bg-button-search-large.png (408 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\img\button-refresh.png (562 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\weibo\1.0.0.8\skinres.rdb (10 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\img\top\368.png (5 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\img\png8-logo57x65.png (2 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\img\icon-clear-general.png (866 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\channel.dll (213 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\BDDocker.exe (46 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\game\1.0.0.2\complete_check_list.pb (300 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\defaultDB\Software.pb (117 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\ximalaya\1.0.0.8\complete_check_list.pb (192 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\weixin\1.0.0.8\complete_check_list.pb (192 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\img\top\344.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\xinwen\1.0.0.9\skinres.rdb (5 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\game\1.0.0.2\skinres.rdb (8 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\js\json2.js (2 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\apps\bookmarks\res\css\img\icon-tree-search-ie8.png (15 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\img\bg-radio-tooltip-png8.png (329 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\ximalaya\1.0.0.8\skinres.rdb (6 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\PluginMgr.dll (3794 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\ximalaya\1.0.0.8\PluginSetup.xml (643 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\tieba\1.0.0.8\PluginSetup.xml (636 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\w\y.dll (57011 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\GlobalPluginInfo.xml (11 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Update.dll (160 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\game\1.0.0.2\completelist.txt (51 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\img\mg-refresh.png (215 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\ximalaya\1.0.0.8\complete_check_list.pb (192 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\img\advance.png (377 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\js\mod.js (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\img\bg-box-shadow-bottom-center.png (143 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\img\bg-radio-unchecked.png (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Base.dll (5442 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\defaultDB\appBlackList.dat (5 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\jietu\2.101.0.65\screensnapshot.exe (6307 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\login.css (6 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\img\login-success.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\weibo\1.0.0.8\completelist.txt (30 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\apps\bookmarks\res\css\ie-fix.css (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\js\bookmarks_mods.js (52 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\mafengwo\1.0.0.8\complete_check_list.pb (192 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\font\open-sans\OpenSans-Light-webfont.eot (19 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\gupiao\1.0.0.8\complete_check_list.pb (192 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\img\checkbox-on.png (849 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\img\top\347.png (4 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xinwen\1.0.0.9\skinres.rdb (5 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\img\mg-newtab.png (197 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\gupiao\1.0.0.8\skinres.rdb (8 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xinwen\1.0.0.9\PluginSetup.xml (638 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\tieba\1.0.0.8\completelist.txt (30 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\BDClientProxy.dll (3753 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\tieba\1.0.0.8 (4 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\chromehost.dll (28890 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\defaultDB\UsualNames.pb (421 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\weibo\1.0.0.8\completelist.txt (30 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\img\arrow.png (216 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\game\1.0.0.2\JoystickService.dll (176 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\BaiduClientRender.exe (44 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\weixin\1.0.0.8\complete_check_list.pb (192 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\youxijiasuqi\2.0.800.1274\skinres.rdb (7 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\chromehostchild.dll (84 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\user_data\default\bookmark\bookmark.db (10 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\img\gray1px.png (918 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\config\136.dat (3 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\img\top\1.png (3 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\jietu\2.101.0.65 (4 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\apps\error-pages\ssl-error.html (1 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Utils.dll (3915 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\jietu\2.101.0.65\skinres.rdb (8 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\resou\1.0.0.8\complete_check_list.pb (192 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\apps\error-pages\404.html (12 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\dl.dll (6426 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\mafengwo (0 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\mafengwo\1.0.0.8\PluginSetup.xml (0 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\tieba\1.0.0.8\PluginSetup.xml (0 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\weixin\1.0.0.8\skinres.rdb (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\vsu\gc.7z (0 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\AppPluginState_Install.xml (0 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\tieba\1.0.0.8\complete_check_list.pb (0 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\ximalaya (0 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\tieba\1.0.0.8\completelist.txt (0 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\resou\1.0.0.8\skinres.rdb (0 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\weibo\1.0.0.8 (0 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\mafengwo\1.0.0.8\completelist.txt (0 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\mafengwo\1.0.0.8 (0 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\weixin\1.0.0.8\PluginSetup.xml (0 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\ximalaya\1.0.0.8\complete_check_list.pb (0 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\jietu\2.101.0.65\completelist.txt (0 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\jietu\2.101.0.65\PluginSetup.xml (0 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\ximalaya\1.0.0.8\completelist.txt (0 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\xinwen\1.0.0.9\completelist.txt (0 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\game\1.0.0.2\complete_check_list.pb (0 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\weibo (0 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\xiachufang\1.0.0.8\PluginSetup.xml (0 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\xinwen\1.0.0.9\complete_check_list.pb (0 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\game (0 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\defaultDB\bookmark.db (0 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\xiachufang\1.0.0.8\skinres.rdb (0 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\LocalPluginInfo.xml (0 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\resou\1.0.0.8\complete_check_list.pb (0 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\resou\1.0.0.8 (0 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\youxijiasuqi\2.0.800.1274\complete_check_list.pb (0 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\weixin\1.0.0.8\complete_check_list.pb (0 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\xiachufang\1.0.0.8\complete_check_list.pb (0 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\xiachufang\1.0.0.8\completelist.txt (0 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\game\1.0.0.2 (0 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\mafengwo\1.0.0.8\skinres.rdb (0 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\gupiao\1.0.0.8\completelist.txt (0 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\defaultDB\Software.pb (0 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\game\1.0.0.2\PluginSetup.xml (0 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\resou (0 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\xinwen\1.0.0.9\PluginSetup.xml (0 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\resou\1.0.0.8\completelist.txt (0 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\gupiao (0 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends (0 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\defaultDB\top_site.db (0 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\weibo\1.0.0.8\complete_check_list.pb (0 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\weixin\1.0.0.8\completelist.txt (0 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\youxijiasuqi\2.0.800.1274\skinres.rdb (0 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\jietu\2.101.0.65 (0 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\weixin\1.0.0.8 (0 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\game\1.0.0.2\completelist.txt (0 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\tieba\1.0.0.8\skinres.rdb (0 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\tieba (0 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\game\1.0.0.2\skinres.rdb (0 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\youxijiasuqi\2.0.800.1274\PluginSetup.xml (0 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\resou\1.0.0.8\PluginSetup.xml (0 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\weibo\1.0.0.8\PluginSetup.xml (0 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\jietu\2.101.0.65\complete_check_list.pb (0 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\xinwen (0 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\gupiao\1.0.0.8\skinres.rdb (0 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\jietu\2.101.0.65\jietuDll.dll (0 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\defaultDB\appBlackList.dat (0 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\ximalaya\1.0.0.8\skinres.rdb (0 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\GlobalPluginInfo.xml (0 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\jietu (0 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\youxijiasuqi\2.0.800.1274 (0 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\xiachufang\1.0.0.8 (0 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\defaultDB\msgconfig.pb (0 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\weibo\1.0.0.8\skinres.rdb (0 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\youxijiasuqi\2.0.800.1274\completelist.txt (0 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\xinwen\1.0.0.9\skinres.rdb (0 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\xiachufang (0 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\ximalaya\1.0.0.8\PluginSetup.xml (0 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\youxijiasuqi (0 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\jietu\2.101.0.65\skinres.rdb (0 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\jietu\2.101.0.65\screensnapshot.exe (0 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\defaultDB\136.dat (0 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\weixin (0 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\mafengwo\1.0.0.8\complete_check_list.pb (0 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\gupiao\1.0.0.8\complete_check_list.pb (0 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\xinwen\1.0.0.9 (0 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\tieba\1.0.0.8 (0 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\defaultDB\UsualNames.pb (0 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\weibo\1.0.0.8\completelist.txt (0 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\gupiao\1.0.0.8\PluginSetup.xml (0 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\game\1.0.0.2\JoystickService.dll (0 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\ximalaya\1.0.0.8 (0 bytes)
%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\gupiao\1.0.0.8 (0 bytes)

The process DeskDrawer_0016212_01.tmp:1168 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\is-F3PDO.tmp\IsTaskEx.dll (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-F3PDO.tmp\_isetup\_shfoldr.dll (23 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\is-F3PDO.tmp\IsTaskEx.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-F3PDO.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-F3PDO.tmp\_isetup\_shfoldr.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-F3PDO.tmp\_isetup (0 bytes)

The process DeskDrawer_0016212_01.tmp:492 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Program Files%\DeskDrawer\Res\is-BI9BP.tmp (3 bytes)
%Program Files%\DeskDrawer\Res\is-4KDP5.tmp (3 bytes)
%Program Files%\DeskDrawer\Res\is-MJ95J.tmp (3 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\51³éÌë\51³éÌë.lnk (786 bytes)
%Program Files%\DeskDrawer\Res\is-ICB62.tmp (2 bytes)
%Program Files%\DeskDrawer\Res\is-I04KH.tmp (9 bytes)
%Program Files%\DeskDrawer\Res\is-VI1HH.tmp (396 bytes)
%Program Files%\DeskDrawer\Res\is-FDL2M.tmp (3 bytes)
%Program Files%\DeskDrawer\Res\is-L1J2I.tmp (3 bytes)
%Program Files%\DeskDrawer\Res\is-N0IQD.tmp (15 bytes)
%Program Files%\DeskDrawer\Res\is-J2RUC.tmp (3 bytes)
%Program Files%\DeskDrawer\unins000.dat (3976 bytes)
%Program Files%\DeskDrawer\Res\is-TCV1H.tmp (9 bytes)
%Program Files%\DeskDrawer\is-3AR0Q.tmp (35 bytes)
%Program Files%\DeskDrawer\Res\is-UCG9T.tmp (17 bytes)
%Program Files%\DeskDrawer\app\is-K4PIN.tmp (3361 bytes)
%Program Files%\DeskDrawer\Res\is-VA0FI.tmp (9 bytes)
%Program Files%\DeskDrawer\app\is-Q9L30.tmp (3361 bytes)
%Program Files%\DeskDrawer\app\is-0I6LD.tmp (15 bytes)
%Program Files%\DeskDrawer\app\is-I3KC0.tmp (3361 bytes)
%Program Files%\DeskDrawer\Res\is-H2V82.tmp (358 bytes)
%Documents and Settings%\All Users\Desktop\51³éÌë.lnk (774 bytes)
%Program Files%\DeskDrawer\Res\is-9KGNP.tmp (3 bytes)
%Program Files%\DeskDrawer\Res\is-CET1P.tmp (129 bytes)
%Program Files%\DeskDrawer\app\is-O8LCH.tmp (4185 bytes)
%Program Files%\DeskDrawer\is-H0GN7.tmp (25285 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-1R2II.tmp\IsTaskEx.dll (601 bytes)
%Program Files%\DeskDrawer\is-P48BV.tmp (601 bytes)
%Program Files%\DeskDrawer\Res\is-CUT8T.tmp (3 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\51³éÌë\жÔØ51³éÌë.lnk (708 bytes)
%Program Files%\DeskDrawer\Res\is-IEB0K.tmp (9 bytes)
%Program Files%\DeskDrawer\app\is-GDQHQ.tmp (673 bytes)
%Program Files%\DeskDrawer\Res\is-TMT26.tmp (2 bytes)
%Program Files%\DeskDrawer\Res\is-4NSC1.tmp (1 bytes)
%Program Files%\DeskDrawer\Res\is-Q03LL.tmp (3 bytes)
%Program Files%\DeskDrawer\Res\is-15BAP.tmp (660 bytes)
%Program Files%\DeskDrawer\Res\is-7KF75.tmp (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-1R2II.tmp\_isetup\_shfoldr.dll (23 bytes)

The Trojan deletes the following file(s):

%Program Files%\DeskDrawer\app\DeskDrawer.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-1R2II.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-1R2II.tmp\_isetup (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-1R2II.tmp\IsTaskEx.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\is-1R2II.tmp\_isetup\_shfoldr.dll (0 bytes)

The process Baidu.exe:3500 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\user_data\default\settings\user_setting.db (24 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\XCommon\verify.db (100 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\common\settings\custom_setting.db (2334 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\common\CloudJSInject\CloudJSInject.xml (3 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\user_data\default\lapuda\appstorage_nonuser.db (481 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\AppPluginState.xml (2 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\common\force_sug\taskbar_force_sug_backup.pb (7 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\common\bubble_tips\3.png (9 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\config\searchbar_in_tips.dat (50 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\user_data\default\lapuda\appstorage_user.db-journal (512 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\common\searchbar_in_tips\searchbar_in_tips.pb (1 bytes)
%Documents and Settings%\All Users\Baidu\BDCLProxy\10000302_131173103727390000_1_2892.dat (54 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\user_data\default\account\user_cert_id.cert.bk (2 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\user_data\default\lapuda\appstorage_user.db (481 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\user_data\default\lapuda\appstorage_nonuser.db-journal (512 bytes)
%Documents and Settings%\All Users\Baidu\BDCLProxy\10000302_131173103727390000_0_2892.dat (221 bytes)
%Documents and Settings%\All Users\Baidu\BDCLProxy\10000302_131173103727390000_2_2892.dat (40 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\common\settings\default_setting.db (24 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\LocalPluginInfo.xml (169 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\user_data\default\lapuda\appstorage_user.db (0 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\user_data\default\lapuda\appstorage_user.db-journal (0 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\user_data\default\lapuda\appstorage_nonuser.db (0 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\user_data\default\lapuda\appstorage_nonuser.db-journal (0 bytes)

The process Baidu.exe:2484 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin_pack\bff93614a73a07f615636a18857c5581.7z.bdl (169993 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bdt\aa55e5e7f8d09a95bdb9ad417bab49fd.bdt (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bdt\2af9e692c0b05cd1d3d16b8b77b372b9.bdt (4 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\Desktop\Global.db (16 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin_pack\InstallingPlugins.xml (405 bytes)
%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin_pack\7fe9c23ea4537229629a8114b9d61997.7z.bdl (141125 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin_pack\InstallingPlugins.xml (0 bytes)

The process Baidu.exe:2540 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Desktop\百度.lnk (983 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\百度\卸载百度.lnk (992 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\百度.lnk (989 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\百度.lnk (1 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\百度\百度.lnk (995 bytes)

The process QQBrowserOTA.exe:3548 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nscC.tmp\System.dll (11 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\SSO\SSOCommon.dll (41699 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nscC.tmp\InstallHelper.dll (6584 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsmA.tmp (75954 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\SSO\SSOPlatform.dll (48241 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nscC.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nscC.tmp\InstallHelper.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nscC.tmp\System.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsx8.tmp (0 bytes)

The process QQBrowserOTA.exe:3540 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nscB.tmp\System.dll (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsx9.tmp (15764 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ProblemFix\QQBrowserFix.exe (13368 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nscB.tmp\InstallHelper.dll (6584 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ProblemFix\FixItems.xml (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ProblemFix\QQBrowserFix.wsf (324 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nscB.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nscB.tmp\InstallHelper.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nscB.tmp\System.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh7.tmp (0 bytes)

The process QQBrowserOTA.exe:3176 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Program Files%\Tencent\QQMail\TXGYMailActiveX_2.dll (10517 bytes)
%Program Files%\Tencent\QQMail\TXGYMailCamera_2.dll (13224 bytes)
%Program Files%\Tencent\QQMail\TXFTNActiveX_2.dll (13880 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsg11.tmp (0 bytes)

Registry activity

The process 1332280.exe:1088 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 20 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "4E D4 75 BF 4B 0C 06 29 91 66 94 DD 17 76 BC 25"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCR\CLSID\{CAA2D3B1-4BB5-4a45-A17A-122773379D99}]
"ProcID" = "{C04F6F76-2204-6648-3030-303030303030}"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process DeskDrawer_0016212_01.exe:1096 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "91 59 B9 F2 EE 17 EA 43 A8 6A 75 90 8D 5F B5 53"

The process DeskDrawer_0016212_01.exe:1660 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "69 91 93 BE 66 56 45 42 C8 03 8B 46 00 FF 9F 1B"

The process V8._85296_20150814221218.exe:500 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Tencent\QQBrowser\extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\SignatureList]
"accountInfoBar.html" = "AY9EPX/xn4 koiwdV53GGkKRrHlPe7dM7IW095EVLW9EcDFnd3D265K4Q97AvSL1mXyed eU6run704RFnvWsteF2Kz1i2/PqgFmx2uHgcq/eNCgvSwJWAh8fOxdtupX4PCMNt5bTfniQeDl1nzt VR9bLAfthB2NSQNbTssemk="

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\SignatureList\Html\manage\js]
"global.js" = "F1x bElWW0KAVW8dze0Mbr/Dm6CoJGRHw9Hyx1RReWDG/gXkjcQdXk a46Axg2sDjSzwOpra92NNO7ANhXE2f070FE9R4JQlb/7EiMo34Yuv2ik9RgJGDod4aT/h9hBhC2S9yWne0JH7Nr/mbFU8Mb88RrN0Q7POMH3VHicGxxo="

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\SignatureList\Html\quickaccess\js]
"api.js" = "KdzpiPPafc//mqIv/5 XJLoPFho3ixPxjdBXo7fUMneJIFwT70jZTYldVYFnNHeL75MbZIrnRbIYTfxe7Pn8oDaTs4SCaf6q8dQXmJ9ssO80MuxeP0ndCXW5IOoqPZoJ3wyDTzNrqihWlm/ ozzmC6tlQNwpaledwco9hHv3Kac="

[HKCU\Software\Tencent\QQBrowser\Launch]
"SkinUpdateFlag" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKLM\SOFTWARE\Tencent\QQBrowser]
"INSTLANG" = "1033"

[HKCU\Software\Tencent\QQBrowser\Common]
"MainPageDIY_" = "1984700626"

[HKCU\Software\Tencent\QQBrowser\extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25]
"Operational" = "1"
"STYLE" = "104"

[HKLM\SOFTWARE\Tencent\QQBrowser]
"s2" = "4"
"s1" = "4"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\SignatureList\Html]
"private.html" = "K xv/ifPeX60jeD65vv gUoqtdQCKyrPu3G9CV9ZgkzifnKYT2HlMs77KUqIBos6Ta5uCGG4ausc030WTKPfMuL9EjmW7FoJZIZgTcWa mx0 gaAmsoMZHsvq/IVS6SDzsQ/mOiHy60uAr1RKyo62yEJn9wW8JYFqpfIUaAznfU="

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\SignatureList\Html\lib]
"ycalendar.js" = "Ib0wShmBpOPdR6WIXozuGPAYmfhw HqOZEc9lU wePCCZVQ6YfBPhdNrdduMjhS5hB3SnrGR577LroR1Y2Rv4mlpMvc090e40OzXs/knSRxzb3rCvfZPwpa/HlTAtP47aP6I75ecIT0dIl/vPovsR1gjWfVFjfvcmILiHbwDA4="

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25]
"Name" = "内页面"

[HKCU\Software\Tencent\QQBrowser\extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\SignatureList\js]
"inforBar.js" = "S232TIJBgUGMXlTdOQRla7UFcRwmODl7HS6sTy2LB9xtBKNjcUUfpZCPrXF11mEjmXkG04wEItvpPgr70sOc1/mxQ92eYR7k/8G5ajwkGW/ IBjUUsSE0sTzHIxwQExAFa8newkyrRqF jHkN1n4BZKdzwbw f0TqwXpiJUe/z0="

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\SignatureList\Html\manage\js]
"init.js" = "PFyqkS14Ezzwwz3NzSYKgQGIhRXUTnt6ktpq OCUoyT9x96JDR5tWlyWvGn/S8QtChKnWJ4ieyeVWXLQUrQGG5lEDl33J3dmOavy3OUOcvX8XpPA3BcX5XgT1VHlb3zNVVQaT0TPyzBF3SD2OEBbSxfyUQgtDaSBe0RsaU7Xnb0="

[HKCU\Software\Tencent\QQBrowser\extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\BackgroundPage]
"LoadingTime" = "LoadAsInited"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\SignatureList\Html\quickaccess\js]
"global.js" = "SeN/CHriBIVnAjdwU6fW8AHF Y5sYGuTkrIwtRsftkTb2xJMtrUsGn1IuvZYyuHQDvkeFojs9MobGSEuJ Cj1S94nQrvzQbV8hd2sS2j27SmIQHTJjaC478N4KYEvvLFu84D1tWaEUfLCXZkhjwTcNPsC45ORTPKG6hzgqeccMM="

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"

[HKCU\Software\Tencent\QQBrowser\extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\ContentScripts\DocumentIdle_0]
"AllFrames" = "1"

[HKCU\Software\Tencent\QQBrowser\extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\8.0.0.12]
"Version" = "8.0.0.12"

[HKCU\Software\Tencent\QQBrowser\extensions8]
"CommandOrder" = "1"

[HKCU\Software\Tencent\QQBrowser\PrivateCfg]
"EnableZombieReport" = "1"

[HKCU\Software\Tencent\QQBrowser\extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\SignatureList]
"content.js" = "HT1aXFiSWWlckk7HXoJkwioM1SSPnbDaXAKb3oOmdxHYpJDFZoUmdiVxYpDM4q3nhXWNdlgFJwH88gmJBpR EYUVMlJRLk6nW0WTWFpoKuGv5 bv3Fafms133G5ygK61lv0xigm9vitf72LDM0wpESsg8yMdDmk1uvrCbYE3Swg="

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25]
"Operational" = "1"

[HKCU\Software\Tencent\QQBrowser\extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\8.0.0.12\BackgroundDll]
"Path" = "QBSafe.dll"

[HKCU\Software\Tencent\QQBrowser\InstallInfo]
"NewInstall" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QQBrowser]
"URLInfoAbout" = "http://www.qq.com"

[HKCU\Software\Tencent\QQBrowser\Advanced]
"EnableUEData" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\SignatureList\Html\manage\js]
"business.js" = "IuxI4T0J7Bik5qY6/aqfPYonejaosMlt7RKPN2HAI58nqalyzaR3NKDmDMBsP/GLsP/n4EEmigqfaXfhw1XVPuoKRupEmWoBrFcuX0YxFI/tTm8jQjjGQnoyTA0sowMVrFwfL ATf0Id2A3Ld1g7RvjnRX1DRtsnCMsCqrERJjk="

[HKCU\Software\Tencent\QQBrowser\extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\BackgroundPage]
"Path" = "background.html"

[HKCU\Software\Tencent\QQBrowser\extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\8.0.0.12\BackgroundDll]
"LoadingTime" = "LoadAsInited"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25]
"ManifestVersion" = "2"

[HKCU\Software\Tencent\QQBrowser\extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}]
"CommandOrder" = "2"

[HKCU\Software\Tencent\QQBrowser\Launch]
"AbpCalcFlag" = "1"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25]
"RequiredMinVersion" = "8.0.0.2261"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\SignatureList\Html\lib]
"jquery.easing.js" = "TmbGZQQC93Sgo2FdztxQ0d9XKSQvW71Fi7BWXGb3/Y FVjxcrUPmKaPobqD7KbZMw7CHfrtxoraOME53bkqu7WtNB48Toe29QgontHYDQgrkR9tTzIz8ByGm187nfwmjMQ/pazCml7IhkVNcTRuiUBILtPyb5I8Dg6vKCCa8fcU="

[HKCU\Software\Tencent\QQBrowser\extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\SignatureList]
"background.js" = "F9mIz66B1YB2KiWHfg8OtENAgX96C/1LO0KjQQHIR31aEaHLE5tPl fwJZigG8Q6ZhhcxmJ3KXTQWzo63lWn8vSkbn4pdwgVMT2Or3vBeRoD97hKndLnvyZ4QoTWvOskDzcBA5mzrDV9Yp5x1R/Z5lNfFH3FL0d1CPq TAfTet4="

[HKCU\Software\Tencent\QQBrowser\extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\8.0.0.12]
"Operational" = "1"

[HKCU\Software\Tencent\QQBrowser\Common]
"MainPageDIY" = "ZgAuAGoAaQBzAHMAMwA2ADAALgBjAG4AAAAaAAAA"

[HKCU\Software\Tencent\QQBrowser\InstallInfo]
"InstallModeForExtension" = "1"

[HKCU\Software\Tencent\QQBrowser\extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\8.0.0.12]
"Desc" = "QBSafe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKLM\SOFTWARE\Tencent\QQBrowser]
"InstallDir" = "%Program Files%\Tencent\QQBrowser"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25]
"STYLE" = "64"

[HKCU\Software\Tencent\QQBrowser\Launch]
"InstallQuickSetting" = "0"

[HKCU\Software\Tencent\QQBrowser\InstallInfo]
"DefaultBrowserFirstRun" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}]
"currentVersion" = "8.0.3.25"

[HKCU\Software\Tencent\QQBrowser\extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\8.0.0.12]
"ManifestVersion" = "2"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\SignatureList\Html\manage]
"index.html" = "Uy0EzM9E6A oW0Z32PTfsdnTQKM8SYLC8Svtt17Rtqz fslfu4Rf0azo0648ksrzDNSmiBlKk0iB2FCsYtC5RZOxmCgxpG0rk16BRJ1Gpf8hQmkpWSTzx2IR MAZgb7CqIwwhGHPzE3qF1k4bVaBita wVueecTJfn4gHFZ1bLg="

[HKCU\Software\Tencent\QQBrowser\extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}]
"currentVersion" = "8.0.0.25"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A1 42 C7 9C F7 19 E6 38 F3 91 5B A8 E2 6A 68 C4"

[HKCU\Software\Tencent\QQBrowser\extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25]
"Name" = "账号助手"

[HKLM\SOFTWARE\Tencent\QQBrowser]
"EXE" = "%Program Files%\Tencent\QQBrowser\QQBrowser.exe"

[HKCU\Software\Tencent\QQBrowser\extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25]
"ManifestVersion" = "2"

[HKCU\Software\Tencent\QQBrowser\extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\SignatureList]
"background.html" = "Fm2eUg6wC00HcJHVm5J5S9WbzmEVSNFdyD8in0PXbYIUFYHWK zhaV9u182EDyOlZuGJx5fLb0VPFyexkuUSnj4ULw1KjUvqMjtjvPcMlgxIOsZ2m2jqwbJsRGPbXSLKCMKqq uFRju5vweuSqBckjVRLe4ndm/ewMWuI7GJUkQ="

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\SignatureList\Html]
"certerror.html" = "Quu5ifaZbhsH6hfNNjsEbMi71iGFPa 7qoPsbDB85tzNJhbuwap kINuU5JVUFuy7ab/H63S1Y9kCw eo6zOs2bZvrgxEv8DGHhKa832zqs6fjzTX BFb6/uP1kQr9kAIzY jkBspKr9vZIFKnmKfjTFFlvSX3lQxR9BTuyhiN8="

[HKCU\Software\Tencent\QQBrowser\extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}]
"CommandOrder" = "0"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25]
"ID" = "{807849B3-40D8-42E3-8001-D541FD7CEBFB}"

[HKCU\Software\Tencent\QQBrowser]
"HomePageCfg" = "1"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\SignatureList\Html\manage\history]
"history2.js" = "EYdPibxwSOsOqWp65 q m9YPkG2qiUUGpCPnvRau01UVBjkeEsX12Uy5TmZV0QiqFodnvBKS8uPPdSDAtWYh46mlNAugPtYfiEf7rdH5i9IKkjarXT3vqrc8m dOB2sBwi35rGtSx5Q mNco60nlRGZ/4BbXHVO9e4liF3omtHU="

[HKCU\Software\Tencent\QQBrowser\extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25]
"RequiredMinVersion" = "8.0.0.0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QQBrowser]
"UninstallString" = "%Program Files%\Tencent\QQBrowser\uninst.exe"

[HKCU\Software\Tencent\QQBrowser\extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25]
"Desc" = "账号助手"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\SignatureList\Html\quickaccess]
"index.html" = "DG53S6RFyw43Ype9xROtxTn4z5b3SsHMzH8/wVLXZciV6q4kwtV3RzjBgYe7MiTfATyKVDf5DqI/mqQCIpYrr1JN6EXZR81dwwgj70KhNn/9WcjMdpBvKxRLCjl82LcKMlx91xsdg6Dt6Oy2gDhDopfRX1ThZ2OFvfdSyp4OHQo="

[HKCU\Software\Tencent\QQBrowser\extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\ContentScripts\DocumentIdle_0]
"JS" = "content.js"

[HKCU\Software\Tencent\QQBrowser\extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}]
"currentVersion" = "8.0.0.12"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QQBrowser]
"Publisher" = "腾讯科技(深圳)有限公司"

[HKCU\Software\Tencent\QQBrowser\extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\8.0.0.12]
"ID" = "{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}"

[HKLM\SOFTWARE\Tencent\QQBrowser]
"Version" = "8.2.3638.400"

[HKCU\Software\Tencent\QQBrowser\extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\8.0.0.12]
"STYLE" = "80"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\SignatureList\Html\manage\js]
"api.js" = "CTLNX2nY1O7mQDlrx81saZ A/b3cld1PV1aWjfRWB9Uk7nMqUgRWUwgVmyvWg9gkM0yW1MsoF6XNwlLBdc8okJ8kImN9HQxCfo4NuKEahbCA1RnudXB pCuvw3EEMiY ORP/YDMicZcSXjtSnvP3UDhaX THBQVVts I5sLdd5g="

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsn2.tmp]
"V8._85296_20150814221218.exe" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\SignatureList\Html\manage\js]
"tool.js" = "K4IAXHGyqD8uA sLEGlFibFQFep8I HkPC6DghtA9hoTdT1tLMSTsbcae2i84ApCOoZfk1C2pUFZKm zTVVUv9o4P9Oozg9nnWh57vtG7ZXh3mv8qIRGwwANrzOQ rITxZOxWcTUTD8qZm E8LlIN0BrJJKq4Pp9GeSDBv4bMoc="

[HKCU\Software\Tencent\QQBrowser\extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25]
"Version" = "8.0.0.25"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\SignatureList\Html\quickaccess\js]
"init.js" = "HS Wucfrv 6MUQNZq0WGl6Yw8Ly2dg hvt5V24pB0sowDcogYJpVFP7lyYpqkEWURP1N0mBL8t qCq70Zi/U/E2y7YbqDiQlmwkkHeUSHMVnfCk5anb9ybtcI//8CWC67XXLFO0oRjvc9PsAQHdcDriLEMx3DzYDxb ZLFaswiU="

[HKCU\Software\Tencent\QQBrowser\extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\8.0.0.12]
"RequiredMinVersion" = "8.1.0.0"

[HKCU\Software\Tencent\QQBrowser\Launch]
"Learned" = "1"

[HKCU\Software\Tencent\QQBrowser]
"(Default)" = "%Program Files%\Tencent\QQBrowser"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25]
"Version" = "8.0.3.25"

[HKCU\Software\Tencent\QQBrowser\extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25]
"ID" = "{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\SignatureList\Html\quickaccess\js]
"search.js" = "IOSc1vtqyq1U7w6ERKIDsLRpv4mCbXTIw/HKw13cRHxcexU7Lrlv64EHual89dNwbkQbQh5Vc4vQlubP2vKuq9yzILTIElywHb4C6Uf6xd26zYypsUK1RjKoffD8wVvBW9Vlj37VbAXxhI8K4Q8ZZk00jCUKlBc9Gh3bbxdA0Gs="

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\SignatureList\Html\lib]
"jquery.min.js" = "CHRzStLFVzowFpds/NlgIauwssen3//6We9cKfzF4H4Vd0hTu rRxAgWBSZOvL3qB MA5m1oDYbyEFquZhoip7CWckTQo6 S dUFfDJATgzAhGnGQPvY1xAeDuKT9mHvkWXV8QiJu5ZgSSuggmwXioU5HomYw1dNanbdvDS7rss="

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\SignatureList\Html]
"error.html" = "Gs5We3VMGdtvsJGT6u6MMVvDt3zSWVVCEh8CKo8BudWeZgocGRxZCxnUzIBcEspzCp9h2OFGwf4FTuDYG9Mf1MROlJx1oTz9uXnHk/JNRuCTn/dHBXBTqu6XR1tj6OqL7gKQ3svK/Mexy4lBO/PSgypdugTHFgugTpMadvZRDAE="

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\SignatureList\Html\lib]
"jquery.mCustomScrollbar.concat.min.js" = "FEhORzx0GxacyZAVElwZHrgrANsncYw61M/NU 0QHFBgGjRJpqYWNkmYr RKq2WX0f/FJok0GTgzs8/6dhyMZytR PdWyBo75CPRNtP9mOif95Zo4easLJYCBcI5g2c0D5pRYPoiHsPikFHkAJqRvrN6hSayUrzNSKTswWIuyb0="

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\SignatureList\Html\manage\app]
"app.js" = "G/xQAG9BNoueIWTF1B/FXI65sQFTqDtYNE0FVw5XsDx85Ijs IGfdoTBG7Py NEEoLHisu1f8t1F3PxhFNk DpdtGLy8bva44n6ej3FvOKk8n0KXPpT5IyCV8qs3EkNZaXZdk9rqBhdZQUdUDJDVnJ0iRs1nyTryHc9C8yzksaM="

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\SignatureList\Html\manage\app]
"sliderman.1.3.7.js" = "RkIvek G9RI Q9/NEOdxEh/ynLS5sJRj/vlO2PrWACyN8sI9vf695W/3CP d/Jr59MnJV2sK2YzNz6txbNvhpSI6S3MTO8Z3UJIBleKth0bLzeGpI4dTaAsMMam3QXyux3g7jkzADCCb5iHY8RLV c6W8sEprWrpGZNIRzFvOcs="

[HKLM\SOFTWARE\Tencent\QQBrowser]
"SupplyID" = "85296"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QQBrowser]
"DisplayVersion" = "8.2.3638.400"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\SignatureList\Html\lib]
"template.js" = "RzgJqwNHJ4N8sJDEKasrvKhYoIjrKXGKh3qo6y3p7Bx3eQjIDn1gNlluXXutWcLSBX23i7mSbXxa6km5He 5qAf5eFTYPlcyzJ1efN6K7LGNsOYTGrjFWBGg57GhUneVMDCg1l8ncB214UhBIQPO6KZ2/tvVX4d0a6nCIXqOTdc="

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}]
"CommandOrder" = "1"

[HKCU\Software\Tencent\QQBrowser\extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25]
"HomeUrl" = "http://app.browser.qq.com?id={309147A1-5CA9-4082-BAB3-BF9020CDE0C2}"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\SignatureList\Html]
"small.html" = "WhbKXbpTC/qXxBxGyDkPJ/ZidAPRqwpAIJ8PLBPltgCg1UOLWJ0KKlk30VAlBy8LToz1KY9tESfeyRr1Qj0S8uwj1uskS7BS Nv9rCDKYGKMcDtyfGr2PeKzp2Zm5lch76FJqhupbdr96BGzQfyKYi 6 F3Ih/Slsdzs3XdO9Ik="

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Tencent\QQBrowser\Launch]
"MainPageType" = "2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QQBrowser]
"DisplayName" = "QQ浏览器8.2"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\SignatureList\Html\quickaccess\js]
"business.js" = "WwyVRnDKaHIVi7OS82cBQkBlZMsrWmAnPcwnoCg2R4t8EtSPDXSP0xhBttAipCfJaV6zLzkC21QRx1LrESQKdh3KvGzvw9O2dHm9Xj Ugulv8wtWsfMDS FQyAGC z0jMV4dBQooJplN1ncZteRXwjISn0jBdDc3CUac1LbU3CI="

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QQBrowser]
"DisplayIcon" = "%Program Files%\Tencent\QQBrowser\app.ico"

[HKCU\Software\Tencent\QQBrowser\PrivateCfg]
"TC_CFT_Bits3" = "71656520"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

[HKCU\Software\Tencent\QQBrowser\extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\8.0.0.12]
"Name" = "QBSafe"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Program Files%\Tencent\QQBrowser]
"bugreport.exe" = "%Program Files%\Tencent\QQBrowser\BugReport.exe:*:Enabled:QQBrowserBugReport"

"QQBrowser.exe" = "%Program Files%\Tencent\QQBrowser\QQBrowser.exe:*:Enabled:QQBrowser"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Liveup\Temp]
"QQBrowserLiveup.exe" = "%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Liveup\Temp\QQBrowserLiveup.exe:*:Enabled:QQBrowserLiveup"

The Trojan deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Tencent\QQBrowser]
"S2"
"S1"

[HKCU\Software\Tencent\QQBrowser\Launch]
"EnableUEData"

The process %original file name%.exe:860 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "83 A2 D3 16 A3 22 BA 7D 91 A1 A4 A8 EE CD 10 82"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass" = "1"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

"IntranetName" = "1"

The process QQBrowser.exe:740 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A0 9B CB 4B 13 07 FC 66 37 FB B8 71 D1 49 62 EF"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

The process QQBrowser.exe:216 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1F 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "7C 69 4C FB AD 44 F3 6D CB 6D 51 41 29 3B B8 9D"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process QQBrowser.exe:620 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D4 B2 DA E0 BF 69 EC 85 FA AF 1A E0 7B FB 84 CB"

[HKCU\Software\Tencent\QQBrowser\Launch]
"LaunchOpenPageType" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

The process QQBrowser.exe:1836 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Classes\ftp\shell\open\ddeexec]
"(Default)" = ""

[HKCU\Software\Classes\ftp\DefaultIcon]
"(Default)" = "%Program Files%\Tencent\QQBrowser\QQBrowser.exe,0"

[HKCU\Software\Classes\https\shell]
"(Default)" = "open"

[HKCU\Software\Classes\ftp\shell]
"(Default)" = "open"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\Tencent\QQBrowser]
"QQBrowser.exe" = "QQ浏览器"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKCU\Software\Classes\http\shell]
"(Default)" = "open"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Classes\http\DefaultIcon]
"(Default)" = "%Program Files%\Tencent\QQBrowser\QQBrowser.exe,0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCU\Software\Classes\ftp\shell\open\command]
"(Default)" = "%Program Files%\Tencent\QQBrowser\QQBrowser.exe -- %1"

[HKCU\Software\Classes\https\shell\open\ddeexec]
"(Default)" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6F 58 56 8F 98 E0 F6 97 70 80 AE C3 D3 DD F8 84"

[HKCU\Software\Classes\http\shell\open\ddeexec]
"(Default)" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Classes\https\DefaultIcon]
"(Default)" = "%Program Files%\Tencent\QQBrowser\QQBrowser.exe,0"

[HKCU\Software\Classes\https\shell\open\command]
"(Default)" = "%Program Files%\Tencent\QQBrowser\QQBrowser.exe -- %1"

[HKCU\Software\Classes\http\shell\open\command]
"(Default)" = "%Program Files%\Tencent\QQBrowser\QQBrowser.exe -- %1"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

"IntranetName" = "1"

The process QQBrowser.exe:468 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1D 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "95 35 E2 4D 85 2C 9B FF CF 27 DD A0 3E 32 4C C3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process QQBrowser.exe:884 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1C 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "00 5C D1 96 41 E6 0C 2E CD 16 ED 59 64 06 81 30"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process QQBrowser.exe:464 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6B CE DB F5 08 C8 0F 0A 4D AE A2 CB DA 5C F3 DF"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

The process QQBrowser.exe:1852 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCR\QQBrowser.Protocol]
"(Default)" = "QQBrowser Protocol"

[HKCR\CLSID\{0002DF01-0000-0000-C000-000000000046}\LocalServer32]
"(Default)" = "%Program Files%\Internet Explorer\iexplore.exe"

[HKCR\Tencent.QQBrowser.Default\.exe\shell\open\command]
"(Default)" = "%Program Files%\Tencent\QQBrowser\QQBrowser.exe %*"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQBrowser.exe]
"DisableExceptionChainValidation" = "0"

[HKLM\SOFTWARE\Tencent\QQBrowser\Capabilities\URLAssociations]
"http" = "QQBrowser.Protocol"

[HKCR\QQBrowser.File\DefaultIcon]
"(Default)" = "%Program Files%\Tencent\QQBrowser\QQBrowser.exe,0"

[HKCR\QQBrowser.Protocol\shell\open\command]
"(Default)" = "%Program Files%\Tencent\QQBrowser\QQBrowser.exe -- %1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCR\QQBrowser.File\shell\open\command]
"(Default)" = "%Program Files%\Tencent\QQBrowser\QQBrowser.exe -- %1"

[HKCR\Tencent.QQBrowser.Default\.exe\shell]
"(Default)" = "open"

[HKLM\SOFTWARE\Tencent\QQBrowser\Capabilities\FileAssociations]
".xhtml" = "QQBrowser.File"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\RegisteredApplications]
"QQBrowser" = "Software\Tencent\QQBrowser\Capabilities"

[HKCU\Software\Tencent\QQBrowser\InstallInfo]
"FirstLaunch" = "1"

[HKLM\SOFTWARE\Tencent\QQBrowser\Capabilities\FileAssociations]
".xht" = "QQBrowser.File"

[HKCR\QQBrowser.Protocol\shell]
"(Default)" = "open"

[HKLM\SOFTWARE\Tencent\QQBrowser\CurrentVersion\App Paths\QQBrowser.exe]
"(Default)" = "%Program Files%\Tencent\QQBrowser\QQBrowser.exe"

[HKCR\QQBrowser.Protocol\DefaultIcon]
"(Default)" = "%Program Files%\Tencent\QQBrowser\QQBrowser.exe,0"

[HKCR\QQBrowser.File]
"URL Protocol" = ""

[HKCR\QQBrowser.File\shell]
"(Default)" = "open"

[HKLM\SOFTWARE\Tencent\QQBrowser\Capabilities\FileAssociations]
".mht" = "QQBrowser.File"
".mhtml" = "QQBrowser.File"

[HKCR\Tencent.QQBrowser.Default\.exe\shell\run\command]
"(Default)" = "%Program Files%\Tencent\QQBrowser\QQBrowser.exe %*"

[HKLM\SOFTWARE\Tencent\QQBrowser\Capabilities\FileAssociations]
".shtml" = "QQBrowser.File"

[HKCR\QQBrowser.File]
"AppUserModelID" = "Tencent.QQBrowser.Default"

[HKCR\QQBrowser.Protocol]
"URL Protocol" = ""

[HKLM\SOFTWARE\Tencent\QQBrowser\Capabilities\FileAssociations]
".htm" = "QQBrowser.File"

[HKCR\QQBrowser.Protocol]
"AppUserModelID" = "Tencent.QQBrowser.Default"

[HKLM\SOFTWARE\Tencent\QQBrowser\Capabilities\FileAssociations]
".html" = "QQBrowser.File"

[HKCR\QQBrowser.File]
"(Default)" = "QQBrowser HTML Document"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "BE 96 C7 7B 4F 1D 1B AD 20 08 18 17 07 7A 7C DA"

[HKLM\SOFTWARE\Tencent\QQBrowser\Capabilities\URLAssociations]
"https" = "QQBrowser.Protocol"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\QQBrowser.exe]
"Path" = "%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser"

[HKLM\SOFTWARE\Tencent\QQBrowser\Capabilities]
"ApplicationName" = "QQBrowser"

[HKCU\Software\Tencent\QQBrowser\http\shell\open\command]
"(Default)" = "%Program Files%\Internet Explorer\iexplore.exe -nohome"

[HKLM\SOFTWARE\Tencent\QQBrowser\Capabilities\URLAssociations]
"ftp" = "QQBrowser.Protocol"

[HKLM\SOFTWARE\Tencent\QQBrowser\Capabilities]
"ApplicationDescription" = "QQBrowser"

The Trojan deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQBrowser.exe]
"GlobalFlag"
"PageHeapFlags"

[HKCU\Software\Tencent\QQBrowser\PrivateCfg]
"DisablePtLogin_740"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQBrowser.exe]
"VerifierFlags"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN]
"QQBrowser.exe"

The process QQBrowser.exe:1336 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "DC C7 D5 A4 F8 A4 70 38 66 B8 B2 7E E8 87 4D E7"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

The process QQBrowser.exe:576 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8E F5 50 D2 8C C5 AB 71 34 5F 2B AF 17 82 82 53"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

The process QQBrowser.exe:1180 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1E 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C6 4A 05 A8 BA F9 F4 D9 85 A9 5D 3B E2 10 19 83"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process QQBrowser.exe:316 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Tencent\QQBrowser\extensions8\{66AC5389-365D-4B55-BF5C-5A2A4BC21CCD}\8.0.0.44\BackgroundDll]
"LoadingTime" = "LoadAsInited"

[HKCU\Software\Tencent\QQBrowser\extensions8\{66AC5389-365D-4B55-BF5C-5A2A4BC21CCD}\8.0.0.44]
"Desc" = "Net Service"

[HKCU\Software\Tencent\QQBrowser\extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\8.0.0.131]
"ID" = "{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8]
"ManifestVersion" = "2"

[HKCU\Software\Tencent\QQBrowser\extensions8\{66AC5389-365D-4B55-BF5C-5A2A4BC21CCD}\8.0.0.44]
"Version" = "8.0.0.44"
"Operational" = "1"

[HKCU\Software\Tencent\QQBrowser\extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}]
"UpdateVersion" = "8.0.0.131"

[HKCU\Software\Tencent\QQBrowser\extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\8.0.0.131]
"Desc" = "QBSafe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\SignatureList\Html]
"error.html" = "Gs5We3VMGdtvsJGT6u6MMVvDt3zSWVVCEh8CKo8BudWeZgocGRxZCxnUzIBcEspzCp9h2OFGwf4FTuDYG9Mf1MROlJx1oTz9uXnHk/JNRuCTn/dHBXBTqu6XR1tj6OqL7gKQ3svK/Mexy4lBO/PSgypdugTHFgugTpMadvZRDAE="

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Tencent\QQBrowser\extensions8\{66AC5389-365D-4B55-BF5C-5A2A4BC21CCD}\8.0.0.44]
"ManifestVersion" = "2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\SignatureList\Html\manage\js]
"global.js" = "F1x bElWW0KAVW8dze0Mbr/Dm6CoJGRHw9Hyx1RReWDG/gXkjcQdXk a46Axg2sDjSzwOpra92NNO7ANhXE2f070FE9R4JQlb/7EiMo34Yuv2ik9RgJGDod4aT/h9hBhC2S9yWne0JH7Nr/mbFU8Mb88RrN0Q7POMH3VHicGxxo="

[HKCU\Software\Tencent\QQBrowser\extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\8.0.0.131\BackgroundDll]
"LoadingTime" = "LoadAsInited"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\SignatureList\Html\lib]
"jquery.easing.js" = "TmbGZQQC93Sgo2FdztxQ0d9XKSQvW71Fi7BWXGb3/Y FVjxcrUPmKaPobqD7KbZMw7CHfrtxoraOME53bkqu7WtNB48Toe29QgontHYDQgrkR9tTzIz8ByGm187nfwmjMQ/pazCml7IhkVNcTRuiUBILtPyb5I8Dg6vKCCa8fcU="

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\SignatureList\Html]
"certerror.html" = "Quu5ifaZbhsH6hfNNjsEbMi71iGFPa 7qoPsbDB85tzNJhbuwap kINuU5JVUFuy7ab/H63S1Y9kCw eo6zOs2bZvrgxEv8DGHhKa832zqs6fjzTX BFb6/uP1kQr9kAIzY jkBspKr9vZIFKnmKfjTFFlvSX3lQxR9BTuyhiN8="

[HKCU\Software\Tencent\QQBrowser\extensions8\{66AC5389-365D-4B55-BF5C-5A2A4BC21CCD}]
"Enabled" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8]
"Operational" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8]
"STYLE" = "64"
"ID" = "{807849B3-40D8-42E3-8001-D541FD7CEBFB}"

[HKCU\Software\Tencent\QQBrowser\extensions8\{66AC5389-365D-4B55-BF5C-5A2A4BC21CCD}\8.0.0.44]
"RequiredMinVersion" = "8.0.0.0"

[HKCU\Software\Tencent\QQBrowser\extensions8\{66AC5389-365D-4B55-BF5C-5A2A4BC21CCD}]
"CommandOrder" = "3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\SignatureList\Html\quickaccess]
"index.html" = "ermCpBSS O8fB/VVt7j6JD/nnkn1N7SUop4xU6qJppqMfiqKcUe9YiEJBhdQA11iha77CIzBeakJYvzkCRG1XoQgs7VcfiTpBVB8FWkpBr4ADmLUWevHaD9PolwT/nkxVIsc39WfEfF2JWorYHowyBGjkW6BOD4j2gxVU0FTeV0="

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\SignatureList\Html\quickaccess\js]
"global.js" = "SDzyc4n4bvXID6oDqEWrwlWuOVIMfzIdqu fjgUSah0tHYbOSfZ0S1ZuGuedQTsmcyWcCpYK0W62u3d2bM3KeVgvKzWYE2IarTzTQUvbnVVeh4Fk0xtlbN IFKmZUlKMsuM5UShigYjxaW20Wt17O1oInEkx2Ljjz6JjP8NDow="

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8]
"Name" = "内页面"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\SignatureList\Html\manage\history]
"history2.js" = "EYdPibxwSOsOqWp65 q m9YPkG2qiUUGpCPnvRau01UVBjkeEsX12Uy5TmZV0QiqFodnvBKS8uPPdSDAtWYh46mlNAugPtYfiEf7rdH5i9IKkjarXT3vqrc8m dOB2sBwi35rGtSx5Q mNco60nlRGZ/4BbXHVO9e4liF3omtHU="

[HKCU\Software\Tencent\QQBrowser\extensions8\{66AC5389-365D-4B55-BF5C-5A2A4BC21CCD}]
"currentVersion" = "8.0.0.44"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\SignatureList\Html\manage\app]
"sliderman.1.3.7.js" = "RkIvek G9RI Q9/NEOdxEh/ynLS5sJRj/vlO2PrWACyN8sI9vf695W/3CP d/Jr59MnJV2sK2YzNz6txbNvhpSI6S3MTO8Z3UJIBleKth0bLzeGpI4dTaAsMMam3QXyux3g7jkzADCCb5iHY8RLV c6W8sEprWrpGZNIRzFvOcs="

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\SignatureList\Html\manage\js]
"tool.js" = "K4IAXHGyqD8uA sLEGlFibFQFep8I HkPC6DghtA9hoTdT1tLMSTsbcae2i84ApCOoZfk1C2pUFZKm zTVVUv9o4P9Oozg9nnWh57vtG7ZXh3mv8qIRGwwANrzOQ rITxZOxWcTUTD8qZm E8LlIN0BrJJKq4Pp9GeSDBv4bMoc="

[HKCU\Software\Tencent\QQBrowser\extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\8.0.0.131]
"Version" = "8.0.0.131"
"Operational" = "1"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\SignatureList\Html\manage]
"index.html" = "Uy0EzM9E6A oW0Z32PTfsdnTQKM8SYLC8Svtt17Rtqz fslfu4Rf0azo0648ksrzDNSmiBlKk0iB2FCsYtC5RZOxmCgxpG0rk16BRJ1Gpf8hQmkpWSTzx2IR MAZgb7CqIwwhGHPzE3qF1k4bVaBita wVueecTJfn4gHFZ1bLg="

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8]
"Version" = "8.1.2.8"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKCU\Software\Tencent\QQBrowser\Scopes\228_866b2]
"CrashRecord" = "48 76 9B A5 01 00 00 00 00 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\SignatureList\Html\quickaccess\js]
"business.js" = "NIpJBXokg8g4ae/ZFVZARTgOnNw26TneYdJ2IvNBamSNLKvrIiLKhjXtA/MfUOLR8SGWuibCkV/XNT2apuoX0Y2 pkcdm8L1 BEHXrJK2nRiCgy0NbkSjw/Fz48VWTYUQZRYzoLye91aAAWCBSdAuXy28 13YqDoFoCfafdVxdE="

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\SignatureList\Html\manage\js]
"business.js" = "IuxI4T0J7Bik5qY6/aqfPYonejaosMlt7RKPN2HAI58nqalyzaR3NKDmDMBsP/GLsP/n4EEmigqfaXfhw1XVPuoKRupEmWoBrFcuX0YxFI/tTm8jQjjGQnoyTA0sowMVrFwfL ATf0Id2A3Ld1g7RvjnRX1DRtsnCMsCqrERJjk="

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\SignatureList\Html\manage\app]
"app.js" = "BhesVMgtxJIX7zQkKYq0YEuuVAX5P272OuBtAYjAOfb2anR75O08Jkzxvn7jHUdd/ysgc9BzVDTxiVhd8/zjLQfMjgYii64vOYCSbhvVkIgY/DvGG3GuSh8yQ1iOw8651pJdG25lAihyOkCFHdW2hSorv9a uxBwi5AOUkvWr3E="

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\SignatureList\Html\manage\js]
"api.js" = "CTLNX2nY1O7mQDlrx81saZ A/b3cld1PV1aWjfRWB9Uk7nMqUgRWUwgVmyvWg9gkM0yW1MsoF6XNwlLBdc8okJ8kImN9HQxCfo4NuKEahbCA1RnudXB pCuvw3EEMiY ORP/YDMicZcSXjtSnvP3UDhaX THBQVVts I5sLdd5g="

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\SignatureList\Html\quickaccess\js]
"search.js" = "IOSc1vtqyq1U7w6ERKIDsLRpv4mCbXTIw/HKw13cRHxcexU7Lrlv64EHual89dNwbkQbQh5Vc4vQlubP2vKuq9yzILTIElywHb4C6Uf6xd26zYypsUK1RjKoffD8wVvBW9Vlj37VbAXxhI8K4Q8ZZk00jCUKlBc9Gh3bbxdA0Gs="

[HKCU\Software\Tencent\QQBrowser\extensions8\{66AC5389-365D-4B55-BF5C-5A2A4BC21CCD}\8.0.0.44]
"Name" = "Net Service"

[HKCU\Software\Tencent\QQBrowser\extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\8.0.0.131]
"AutoUpdated" = "1"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\SignatureList\Html\quickaccess\js]
"sidebar.js" = "Hr3y2um7YJE8EH1Jg/U3cYntKUWMblGEAqP5/E8YltYhQCvoRgXxmfPxt9xgEC6jb4mgvpB7JsNVjyY58ViKP7a9UGczjFBsPQmIZYcRj39Jb5Jl/e7mH8xM1kt5AZS 4P/CfV6 ncBdyY9wcxdR8qq/OXdx2GKLLG53MS99im0="

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}]
"UpdateVersion" = "8.1.2.8"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 24 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Tencent\QQBrowser\extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\8.0.0.131]
"Name" = "QBSafe"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\SignatureList\Html\quickaccess\js]
"api.js" = "W4LBkOoHkHIGXYE6okblF8Y2u Gxj5OLP2E1RO1oGT4o72Upe2TuZfv4aGlEpfHPTisFzGNod78Ki KEziTqfUZKaSQTu7TrI58Fg4dfF7cIyDwfDbmVQonWy37VRFH3SrLIC2EG80BAeEkSEAA4lepPxQLrwYmgNvv2nr3W538="

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "52 37 FD 9D CB A7 67 BD 72 92 36 48 F8 7B 5E C2"

[HKCU\Software\Tencent\QQBrowser\extensions8\{66AC5389-365D-4B55-BF5C-5A2A4BC21CCD}\8.0.0.44]
"STYLE" = "80"

[HKCU\Software\Tencent\QQBrowser\extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\8.0.0.131]
"ManifestVersion" = "2"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\SignatureList\Html\lib]
"template.js" = "RzgJqwNHJ4N8sJDEKasrvKhYoIjrKXGKh3qo6y3p7Bx3eQjIDn1gNlluXXutWcLSBX23i7mSbXxa6km5He 5qAf5eFTYPlcyzJ1efN6K7LGNsOYTGrjFWBGg57GhUneVMDCg1l8ncB214UhBIQPO6KZ2/tvVX4d0a6nCIXqOTdc="

[HKCU\Software\Tencent\QQBrowser\extensions8]
"CommandOrder" = "4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8]
"RequiredMinVersion" = "8.2.0.0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8]
"AutoUpdated" = "1"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\SignatureList\Html]
"private.html" = "K xv/ifPeX60jeD65vv gUoqtdQCKyrPu3G9CV9ZgkzifnKYT2HlMs77KUqIBos6Ta5uCGG4ausc030WTKPfMuL9EjmW7FoJZIZgTcWa mx0 gaAmsoMZHsvq/IVS6SDzsQ/mOiHy60uAr1RKyo62yEJn9wW8JYFqpfIUaAznfU="

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\SignatureList\Html\lib]
"ycalendar.js" = "Ib0wShmBpOPdR6WIXozuGPAYmfhw HqOZEc9lU wePCCZVQ6YfBPhdNrdduMjhS5hB3SnrGR577LroR1Y2Rv4mlpMvc090e40OzXs/knSRxzb3rCvfZPwpa/HlTAtP47aP6I75ecIT0dIl/vPovsR1gjWfVFjfvcmILiHbwDA4="

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\SignatureList\Html\quickaccess\js]
"init.js" = "UISYlVNiDK8PvMqoSyu W7Bjfmjd61jLLM4kGMAnh5WFunbnTA8mRmy6yg1k0/7t8MkWY3F4WPZeLXx0FWClYlT xNA HZki4RfrKlq30DGnsbO2l9JOAKa7YH u5fhGGhsBc DKxg0G2XpvHhOtWoTdQiGE3Fqo2l8C9lwcqXk="

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\SignatureList\Html\lib]
"jquery.mCustomScrollbar.concat.min.js" = "FEhORzx0GxacyZAVElwZHrgrANsncYw61M/NU 0QHFBgGjRJpqYWNkmYr RKq2WX0f/FJok0GTgzs8/6dhyMZytR PdWyBo75CPRNtP9mOif95Zo4easLJYCBcI5g2c0D5pRYPoiHsPikFHkAJqRvrN6hSayUrzNSKTswWIuyb0="

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\SignatureList\Html\manage\js]
"init.js" = "PFyqkS14Ezzwwz3NzSYKgQGIhRXUTnt6ktpq OCUoyT9x96JDR5tWlyWvGn/S8QtChKnWJ4ieyeVWXLQUrQGG5lEDl33J3dmOavy3OUOcvX8XpPA3BcX5XgT1VHlb3zNVVQaT0TPyzBF3SD2OEBbSxfyUQgtDaSBe0RsaU7Xnb0="

[HKCU\Software\Tencent\QQBrowser\extensions8\{66AC5389-365D-4B55-BF5C-5A2A4BC21CCD}\8.0.0.44]
"ID" = "{66AC5389-365D-4B55-BF5C-5A2A4BC21CCD}"

[HKCU\Software\Tencent\QQBrowser\extensions8\{66AC5389-365D-4B55-BF5C-5A2A4BC21CCD}\8.0.0.44\BackgroundDll]
"Path" = "NetService.dll"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\SignatureList\Html\lib]
"jquery.min.js" = "CHRzStLFVzowFpds/NlgIauwssen3//6We9cKfzF4H4Vd0hTu rRxAgWBSZOvL3qB MA5m1oDYbyEFquZhoip7CWckTQo6 S dUFfDJATgzAhGnGQPvY1xAeDuKT9mHvkWXV8QiJu5ZgSSuggmwXioU5HomYw1dNanbdvDS7rss="

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\SignatureList\Html]
"small.html" = "WhbKXbpTC/qXxBxGyDkPJ/ZidAPRqwpAIJ8PLBPltgCg1UOLWJ0KKlk30VAlBy8LToz1KY9tESfeyRr1Qj0S8uwj1uskS7BS Nv9rCDKYGKMcDtyfGr2PeKzp2Zm5lch76FJqhupbdr96BGzQfyKYi 6 F3Ih/Slsdzs3XdO9Ik="

[HKCU\Software\Tencent\QQBrowser\extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\8.0.0.131]
"RequiredMinVersion" = "8.1.0.0"
"STYLE" = "80"

[HKCU\Software\Tencent\QQBrowser\extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\8.0.0.131\BackgroundDll]
"Path" = "QBSafe.dll"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process QQBrowser.exe:656 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKCU\Software\Tencent\QQBrowser\Scopes\228_866b2]
"CrashRecord" = "48 76 9B A5 01 00 00 00 00 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 25 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "5B 2A 7C 14 37 29 EE F1 2A 3B CF F0 BD 6D 99 95"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process QQBrowser.exe:228 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKCU\Software\Tencent\QQBrowser\OnlineSetup]
"QQMail" = "1"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryMessageFile" = "%System%\ESENT.dll"

[HKCU\Software\Tencent\QQBrowser\CleanITFS]
"ITFSLastDay" = "151820"

[HKCU\Software\Tencent\QQBrowser\Common]
"p" = "5"
"QQLaunchCount" = "00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00"

[HKCU\Software\Tencent\QQBrowser\OnlineSetup]
"SSO" = "2"

[HKCU\Software\Tencent\QQBrowser\Common]
"n" = "30"
"LastDefaultOrPopup" = "Type: REG_QWORD, Length: 8"
"l" = "14"
"M" = "4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 22 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Tencent\QQBrowser\Common]
"s" = "10"

[HKCU\Software\Tencent\QQBrowser\Skin\Tabdown_new]
"BottomColor" = "16579836"

[HKCU\Software\Tencent\QQBrowser\Common]
"LastLaunch" = "Type: REG_QWORD, Length: 8"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"TypesSupported" = "7"
"CategoryCount" = "16"

[HKCU\Software\Tencent\QQBrowser\OnlineSetup]
"QQBrowserFix" = "1"

[HKCU\Software\Tencent\QQBrowser\ChromeTab]
"NeedChromeTabUpdate" = "0"

[HKCU\Software\Tencent\QQBrowser\CleanITFS]
"ITFSCloseToClean" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKCU\Software\Tencent\QQBrowser\PluginMgr]
"PlugConfigVersion" = "1.0.0.82"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKCU\Software\Tencent\QQBrowser\Launch]
"LaunchOpenPageType" = "1"

[HKCU\Software\Tencent\QQBrowser\InstallInfo]
"FirstLaunch" = "0"

[HKCU\Software\Tencent\QQBrowser\Advanced]
"IE8CoreUpdateFlag" = "2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Tencent\QQBrowser\Common]
"QLDefSearchEngine" = "4"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"

[HKCU\Software\Tencent\QQBrowser\ChromeTab]
"ChromeTabStatus" = "0"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"
"LogSessionName" = "stdout"

[HKCU\Software\Tencent\QQBrowser\PluginMgr]
"BtnPosStatusInfo" = "5B 7B 22 49 44 22 3A 22 7B 35 46 44 36 35 41 45"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Tencent\QQBrowser\Common]
"LaunchCount" = "00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKCU\Software\Tencent\QQBrowser\Scopes\228_866b2]
"CrashRecord" = "48 76 9B A5 01 00 00 00 00 00 00 00 00 00 00 00"

[HKCU\Software\Tencent\QQBrowser\Skin\Tabdown_new]
"SkinId" = "0"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Tencent\QQBrowser\Skin\Tabdown_new]
"TopColor" = "15461355"

[HKCU\Software\Tencent\QQBrowser\Common]
"DefaultSearchEngineUpdate" = "4"

[HKCU\Software\Tencent\QQBrowser\Launch]
"WinPos" = "73 67 41 41 41 48 59 41 41 41 42 4B 42 41 41 41"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKCU\Software\Tencent\QQBrowser\ChromeTab]
"NeedBrowserUpdate" = "0"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"

[HKCU\Software\Tencent\QQBrowser\Launch]
"WinMaximum" = "0"

[HKCU\Software\Tencent\QQBrowser\PluginMgr]
"plugEnable" = "42"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKCU\Software\Tencent\QQBrowser\Common]
"DefaultSearchEngine" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "54 9C 22 1A A8 98 54 24 F8 FC CA DA 52 D4 47 19"

[HKCU\Software\Tencent\QQBrowser\UrlRecords]
"URL140106800dc" = "68 00 74 00 74 00 70 00 3A 00 2F 00 2F 00 31 00"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\ESENT\Process\QQBrowser\DEBUG]
"Trace Level" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"ControlFlags" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCU\Software\Tencent\QQBrowser\Common]
"t" = "80"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Tencent\QQBrowser\InstallInfo]
"NewInstall" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile" = "%System%\ESENT.dll"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"ControlFlags" = "1"

[HKCU\Software\Tencent\QQBrowser\Launch]
"AutoRestoreTabs" = "0"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following registry key(s):

[HKCU\Software\Tencent\QQBrowser\UrlRecords]

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

[HKLM\SOFTWARE\Microsoft\ESENT\Process\QQBrowser\DEBUG]
"Trace Level"

The process QQBrowser.exe:1796 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKCU\Software\Tencent\QQBrowser\Common]
"SEventStat" = "00 01 18 00 01 00 0B 1A 00 0B 10 01 22 57 C9 B4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Tencent\QQBrowser\FavSync]
"clientguid" = "955a3df9765fefe52327fb5b144988cb"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 23 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "04 95 F4 E4 DB 6B A3 BA D5 37 4D 6F CC 9B B9 FD"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process QQBrowser.exe:324 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ACTIVEX_REPURPOSEDETECTION]
"QQBrowser.exe" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND]
"QQBrowser.exe" = "1"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER]
"QQBrowser.exe" = "6"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE]
"QQBrowser.exe" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016090220160903]
"CacheRepair" = "0"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALIGNED_TIMERS]
"QQBrowser.exe" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 26 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016090220160903]
"CachePrefix" = ":2016090220160903:"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT]
"QQBrowser.exe" = "0"

[HKCU\Software\Tencent\QQBrowser\IESettings\Main]
"Disable Script Debugger" = "yes"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_DOCUMENT_ZOOM]
"QQBrowser.exe" = "0"

[HKCU\Software\Tencent\QQBrowser\IESettings\Main]
"PlaySounds" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_SECURITY_THUNKS]
"QQBrowser.exe" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_HIGHFREQ_TIMERS]
"QQBrowser.exe" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016090220160903]
"CachePath" = "%USERPROFILE%\Application Data\Tencent\QQBrowser\Scope\228\History\History.IE5\MSHist012016090220160903\"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DISPPARAMS]
"QQBrowser.exe" = "0"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_IMG]
"QQBrowser.exe" = "1"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_USE_BUILTIN_ACCEPT_HEADERS]
"QQBrowser.exe" = "1"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL]
"QQBrowser.exe" = "1"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_ISO_2022_JP_SNIFFING_V2]
"QQBrowser.exe" = "1"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XSSFILTER]
"QQBrowser.exe" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016090220160903]
"CacheOptions" = "11"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKCU\Software\Tencent\QQBrowser\Scopes\228_866b2]
"CrashRecord" = "48 76 9B A5 01 00 00 00 00 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_AJAX_CONNECTIONEVENTS]
"QQBrowser.exe" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_OBJECT]
"QQBrowser.exe" = "1"

[HKCU\Software\Tencent\QQBrowser\MIME\text/vnd.wap.wml]
"CLSID" = "{25336920-03F9-11cf-8FD0-00AA00686F13}"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENFORCE_BSTR]
"QQBrowser.exe" = "1"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FORCE_DISABLE_UNTRUSTEDPROTOCOL]
"QQBrowser.exe" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PRIVATE_FONT_SETTING]
"QQBrowser.exe" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016090220160903]
"CacheLimit" = "8192"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PAINT_INSIDE_WMPAINT]
"QQBrowser.exe" = "0"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "09 F0 13 D8 35 C5 B4 F1 43 0B 7F 79 C4 84 FF 76"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION]
"QQBrowser.exe" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VIEWLINKEDWEBOC_IS_UNSAFE]
"QQBrowser.exe" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER]
"QQBrowser.exe" = "6"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Tencent\QQBrowser\IESettings\Main]
"SmoothScroll" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_ISO_2022_JP_SNIFFING]
"QQBrowser.exe" = "1"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL]
"QQBrowser.exe" = "1"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HIGH_RESOLUTION_AWARE]
"QQBrowser.exe" = "1"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_DYNAMIC_OBJECT_CACHING]
"QQBrowser.exe" = "0"

[HKCU\Software\Tencent\QQBrowser\IESettings\Main]
"DisableScriptDebuggerIE" = "yes"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INTERNET_SHELL_FOLDERS]
"QQBrowser.exe" = "0"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

"IntranetName" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following registry key(s):

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014031720140318]

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process QQBrowser.exe:1668 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1B 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "5F A9 CA 35 ED D1 50 0B 20 97 B9 82 62 70 87 08"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process QQBrowser.exe:512 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ACTIVEX_REPURPOSEDETECTION]
"QQBrowser.exe" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND]
"QQBrowser.exe" = "1"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER]
"QQBrowser.exe" = "6"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE]
"QQBrowser.exe" = "1"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALIGNED_TIMERS]
"QQBrowser.exe" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT]
"QQBrowser.exe" = "0"

[HKCU\Software\Tencent\QQBrowser\IESettings\Main]
"Disable Script Debugger" = "yes"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_DOCUMENT_ZOOM]
"QQBrowser.exe" = "0"

[HKCU\Software\Tencent\QQBrowser\IESettings\Main]
"PlaySounds" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_SECURITY_THUNKS]
"QQBrowser.exe" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ALLOW_HIGHFREQ_TIMERS]
"QQBrowser.exe" = "1"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DISPPARAMS]
"QQBrowser.exe" = "0"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_IMG]
"QQBrowser.exe" = "1"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_USE_BUILTIN_ACCEPT_HEADERS]
"QQBrowser.exe" = "1"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL]
"QQBrowser.exe" = "1"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_ISO_2022_JP_SNIFFING_V2]
"QQBrowser.exe" = "1"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XSSFILTER]
"QQBrowser.exe" = "1"

[HKCU\Software\Tencent\QQBrowser\Scopes\228_866b2]
"CrashRecord" = "48 76 9B A5 01 00 00 00 00 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_AJAX_CONNECTIONEVENTS]
"QQBrowser.exe" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_OBJECT]
"QQBrowser.exe" = "1"

[HKCU\Software\Tencent\QQBrowser\MIME\text/vnd.wap.wml]
"CLSID" = "{25336920-03F9-11cf-8FD0-00AA00686F13}"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENFORCE_BSTR]
"QQBrowser.exe" = "1"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FORCE_DISABLE_UNTRUSTEDPROTOCOL]
"QQBrowser.exe" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PRIVATE_FONT_SETTING]
"QQBrowser.exe" = "1"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PAINT_INSIDE_WMPAINT]
"QQBrowser.exe" = "0"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "45 62 D3 B5 24 97 EB A1 64 92 35 96 C1 D2 B1 A7"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION]
"QQBrowser.exe" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VIEWLINKEDWEBOC_IS_UNSAFE]
"QQBrowser.exe" = "1"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER]
"QQBrowser.exe" = "6"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCU\Software\Tencent\QQBrowser\IESettings\Main]
"SmoothScroll" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_ISO_2022_JP_SNIFFING]
"QQBrowser.exe" = "1"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL]
"QQBrowser.exe" = "1"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HIGH_RESOLUTION_AWARE]
"QQBrowser.exe" = "1"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_DYNAMIC_OBJECT_CACHING]
"QQBrowser.exe" = "0"

[HKCU\Software\Tencent\QQBrowser\IESettings\Main]
"DisableScriptDebuggerIE" = "yes"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INTERNET_SHELL_FOLDERS]
"QQBrowser.exe" = "0"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

"IntranetName" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The process DeskDrawer.exe:508 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 21 00 00 00 01 00 00 00 00 00 00 00"

[HKCR\CLSID\{7481EB49-80CA-4dec-9665-A220479AC477}]
"EX" = "1"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "21 1C 72 17 E6 62 A3 DE A2 91 0A A7 3F 50 81 ED"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"

"ProxyOverride"

The Trojan disables automatic startup of the application by deleting the following autorun value:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"PandaDesk"

The process lxsaju.exe:1308 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Baidu\Baidu]
"TNBin" = "98 66 A3 77 26 3F C6 99 62 BB B1 94 5D 26 F5 EA"

"TN" = "97263467_hao_pg"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartButtonDock\1]
"ButtonClassName" = "Baidu_Desk_Client_SearchBar_Widget_Docked"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKLM\SOFTWARE\Baidu\Baidu]
"CustomID" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度]
"Publisher" = "百度在线网络技术(北京)有限公司"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732]
"baidu.exe" = "百度主程序"

[HKLM\SOFTWARE\Baidu\Baidu]
"SupplyID" = "1050123299"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Baidu\Baidu\ConStatus]
"AutoRun" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Baidu\Baidu]
"BrowserSelected" = "0"
"INSTLANG" = "2052"
"InstallDir" = "%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度]
"DisplayIcon" = "%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Baidu.exe,0"

[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPoicy\{73F970DA-48AC-43F1-9848-FB90504CE3E9}]
"AppName" = "Baidu.exe"

[HKLM\SOFTWARE\Baidu\Baidu]
"InstallDate" = "2016-9-2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度]
"DisplayVersion" = "2.3.0.1732"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "72 AA 2E 8D 90 94 00 92 CA C6 36 46 BF 7D 60 2E"

[HKLM\SOFTWARE\Baidu\Baidu]
"Version" = "2.3.0.1732"

[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPoicy\{73F970DA-48AC-43F1-9848-FB90504CE3E9}]
"AppPath" = "%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度]
"UninstallString" = "%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\uninst.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度]
"DisplayName" = "百度2.3"

[HKLM\SOFTWARE\Baidu\Baidu]
"channel" = "MainFrame=0,SearchBar=2,Tray=1"

[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPoicy\{73F970DA-48AC-43F1-9848-FB90504CE3E9}]
"Policy" = "3"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732]
"BaiduBugRpt.exe" = "%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\BaiduBugRpt.exe:*:Enabled:百度异常上报程序"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The Trojan adds process executable file it works in to the list of trusted Windows Firewall applications:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732]
"BaiduBugRpt.exe" = "%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\BaiduBugRpt.exe:*:Enabled:百度异常上报程序"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732]
"BaiduClientRender.exe" = "%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\BaiduClientRender.exe:*:Enabled:百度渲染程序"

The Trojan adds process executable file it works in to the list of trusted Windows Firewall applications:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732]
"BaiduUpdate.exe" = "%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\BaiduUpdate.exe:*:Enabled:百度更新程序"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732]
"BaiduUpdate.exe" = "%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\BaiduUpdate.exe:*:Enabled:百度更新程序"

The Trojan adds process executable file it works in to the list of trusted Windows Firewall applications:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732]
"BaiduClientRender.exe" = "%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\BaiduClientRender.exe:*:Enabled:百度渲染程序"

To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"BaiduClient" = "%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Baidu.exe -noclient"

The process BDDocker.exe:2172 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "1D 02 FF 4E 63 38 FB 8B 65 7D 6A 39 3B 61 F6 08"

The process PerfTraceService.exe:1132 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B9 7D A4 FE F5 F6 CB BE 03 12 2B E1 16 49 90 9F"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\PerfTraceService]
"TypesSupported" = "7"
"EventMessageFile" = "%Program Files%\Tencent\QQBrows"

The process PerfTraceService.exe:1160 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "25 B3 71 3D A5 8F C0 12 19 DD D6 8E DE 70 0C DF"

The process regsvr32.exe:1128 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCR\Interface\{E577DC7C-F3A8-4A79-A2B0-8E0A79FFA45B}\TypeLib]
"(Default)" = "{5FD70451-714E-495A-9F17-450AEF3AA35E}"

[HKCR\Interface\{E577DC7C-F3A8-4A79-A2B0-8E0A79FFA45B}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCU\Software\Tencent\QQBrowser\IE8\MIME\Database\Content Type\image/webp\bits]
"0" = "04 00 00 00 FF FF FF FF 52 49 46 46"

[HKCR\TypeLib\{5FD70451-714E-495A-9F17-450AEF3AA35E}\1.0\HELPDIR]
"(Default)" = "%Program Files%\Tencent\QQBrowser"

[HKCR\WEBPFilter.CoWEBPFilter]
"(Default)" = "WEBPFilter CoWEBPFilter"

[HKCR\WEBPFilter.CoWEBPFilter\CurVer]
"(Default)" = "WEBPFilter CoWEBPFilter.1"

[HKCR\WEBPFilter.CoWEBPFilter.1\CLSID]
"(Default)" = "{A981255C-6123-4487-B21A-9CF468EB3FC7}"

[HKCU\Software\Tencent\QQBrowser\IE8\MIME\Database\Content Type\image/webp]
"Image Filter CLSID" = "{A981255C-6123-4487-B21A-9CF468EB3FC7}"

[HKCR\MIME\Database\Content Type\image/webp]
"CLSID" = "{25336920-03F9-11cf-8FD0-00AA00686F13}"

[HKCR\AppID\WebpDecodeFilter.DLL]
"AppID" = "{A629F59C-66C9-4775-901A-A017530E3958}"

[HKCR\.webp]
"Content Type" = "image/webp"

[HKCR\WebpDecodeFilter.WebpImageDecodeFilt.1\CLSID]
"(Default)" = "{A981255C-6123-4487-B21A-9CF468EB3FC7}"

[HKCR\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}\ProgID]
"(Default)" = "WEBPFilter.CoWEBPFilter.1"

[HKCR\WEBPFilter.CoWEBPFilter.1]
"(Default)" = "WEBPFilter CoWEBPFilter"

[HKCR\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}]
"(Default)" = "WEBPFilter.CoWEBPFilter"

[HKCR\MIME\Database\Content Type\image/webp]
"Image Filter CLSID" = "{A981255C-6123-4487-B21A-9CF468EB3FC7}"

[HKCR\WebpDecodeFilter.WebpImageDecodeFilt.1]
"(Default)" = "WebpImageDecodeFilter Class"

[HKCR\Interface\{E577DC7C-F3A8-4A79-A2B0-8E0A79FFA45B}]
"(Default)" = "IWebpImageDecodeFilter"

[HKCR\WebpDecodeFilter.WebpImageDecodeFilter]
"(Default)" = "WebpImageDecodeFilter Class"

[HKCR\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}\VersionIndependentProgID]
"(Default)" = "WEBPFilter.CoWEBPFilter"

[HKCR\Interface\{E577DC7C-F3A8-4A79-A2B0-8E0A79FFA45B}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}]
"AppID" = "{A629F59C-66C9-4775-901A-A017530E3958}"

[HKCR\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}\TypeLib]
"(Default)" = "{A981255C-6123-4487-B21A-9CF468EB3FC7}"

[HKCR\.webp]
"PerceivedType" = "image"

[HKCR\MIME\Database\Content Type\image/webp\bits]
"0" = "04 00 00 00 FF FF FF FF 52 49 46 46"

[HKCR\TypeLib\{5FD70451-714E-495A-9F17-450AEF3AA35E}\1.0\FLAGS]
"(Default)" = "0"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "90 71 3C 05 F4 16 EC EE 76 5A 9F 98 A3 9D A2 CB"

[HKCU\Software\Tencent\QQBrowser\IE8\MIME\Database\Content Type\image/webp]
"CLSID" = "{25336920-03F9-11cf-8FD0-00AA00686F13}"

[HKCR\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}\InprocServer32]
"(Default)" = "%Program Files%\Tencent\QQBrowser\WebpDecodeFilter.dll"

[HKCR\Interface\{E577DC7C-F3A8-4A79-A2B0-8E0A79FFA45B}\TypeLib]
"Version" = "1.0"

[HKCR\AppID\{A629F59C-66C9-4775-901A-A017530E3958}]
"(Default)" = "WebpDecodeFilter"

[HKCR\WEBPFilter.CoWEBPFilter\CLSID]
"(Default)" = "{E577DC7C-F3A8-4A79-A2B0-8E0A79FFA45B}"

[HKCR\WebpDecodeFilter.WebpImageDecodeFilter\CLSID]
"(Default)" = "{A981255C-6123-4487-B21A-9CF468EB3FC7}"

[HKCR\WebpDecodeFilter.WebpImageDecodeFilter\CurVer]
"(Default)" = "WebpDecodeFilter.WebpImageDecodeFilt.1"

[HKCR\TypeLib\{5FD70451-714E-495A-9F17-450AEF3AA35E}\1.0\0\win32]
"(Default)" = "%Program Files%\Tencent\QQBrowser\WebpDecodeFilter.dll"

[HKCU\Software\Tencent\QQBrowser\IE8\MIME\Database\Content Type\image/webp]
"Extension" = ".webp"

[HKCR\MIME\Database\Content Type\image/webp]
"Extension" = ".webp"

[HKCR\TypeLib\{5FD70451-714E-495A-9F17-450AEF3AA35E}\1.0]
"(Default)" = "webpdecodefilter 1.0 Type Library"

The Trojan deletes the following registry key(s):

[HKCR\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}\TypeLib]
[HKCR\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}]
[HKCR\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}\InprocServer32]
[HKCR\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}\VersionIndependentProgID]
[HKCR\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}\ProgID]

The process DeskDrawer_0016212_01.tmp:1168 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "97 1F 22 5B FA 96 46 99 97 7B 1C 6E 8D 36 92 5C"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCR\CLSID\{7481EB49-80CA-4dec-9665-A220479AC477}]
"un" = "16212"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsn2.tmp]
"DeskDrawer_0016212_01.exe" = "51抽屉 Setup"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass" = "1"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

"IntranetName" = "1"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

"UNCAsIntranet" = "1"

The process DeskDrawer_0016212_01.tmp:492 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CCCD6175-525E-4CD7-8820-F3C298A9E5B8}_is1]
"Inno Setup: App Path" = "%Program Files%\DeskDrawer"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CCCD6175-525E-4CD7-8820-F3C298A9E5B8}_is1]
"Inno Setup: Setup Version" = "5.5.6 (a)"
"Publisher" = "DeskDrawer"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CCCD6175-525E-4CD7-8820-F3C298A9E5B8}_is1]
"UninstallString" = "%Program Files%\DeskDrawer\unins000.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CCCD6175-525E-4CD7-8820-F3C298A9E5B8}_is1]
"MajorVersion" = "1"
"NoRepair" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CCCD6175-525E-4CD7-8820-F3C298A9E5B8}_is1]
"DisplayIcon" = "%Program Files%\DeskDrawer\app\DeskDrawer.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CCCD6175-525E-4CD7-8820-F3C298A9E5B8}_is1]
"DisplayName" = "жÔØ51³éÌë"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCR\CLSID\{7481EB49-80CA-4dec-9665-A220479AC477}]
"un" = "16212"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CCCD6175-525E-4CD7-8820-F3C298A9E5B8}_is1]
"Inno Setup: Language" = "chinese"
"InstallLocation" = "%Program Files%\DeskDrawer\"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CCCD6175-525E-4CD7-8820-F3C298A9E5B8}_is1]
"Inno Setup: Icon Group" = "51³éÌë"
"NoModify" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "9A 88 A7 8D 2A 9C 1E 42 0E 52 44 FB 55 C2 3D 16"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CCCD6175-525E-4CD7-8820-F3C298A9E5B8}_is1]
"Inno Setup: User" = "%CurrentUserName%"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CCCD6175-525E-4CD7-8820-F3C298A9E5B8}_is1]
"InstallDate" = "20160902"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CCCD6175-525E-4CD7-8820-F3C298A9E5B8}_is1]
"MinorVersion" = "0"
"QuietUninstallString" = "%Program Files%\DeskDrawer\unins000.exe /SILENT"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\DeskDrawer\app]
"DeskDrawer.exe" = "51抽屉"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CCCD6175-525E-4CD7-8820-F3C298A9E5B8}_is1]
"DisplayVersion" = "1.0.2.17"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

"IntranetName" = "1"

The process Baidu.exe:900 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "4A 2A 22 63 59 E6 2E 55 6E 87 92 08 BB A0 EC CF"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"

The process Baidu.exe:2052 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "40 CE F9 A2 9C E4 8A 7A 43 0D 40 4F 2D 1A 8C 20"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"

The process Baidu.exe:3500 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile" = "%System%\ESENT.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryCount" = "16"
"TypesSupported" = "7"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732]
"BDDocker.exe" = "Docker程序"

[HKLM\SOFTWARE\Microsoft\ESENT\Process\Baidu\DEBUG]
"Trace Level" = ""

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Baidu\Baidu\ConStatus]
"AutoRun" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"
"ControlFlags" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Baidu\BaiduBrowser]
"InstallDate" = "20160902201926754"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A9 5F BE BA BD 3E 7E 27 64 AE 20 F3 AF 31 62 9E"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryMessageFile" = "%System%\ESENT.dll"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Recent" = "%Documents and Settings%\%current user%\Recent"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"ControlFlags" = "1"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

"IntranetName" = "1"

To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"BaiduClient" = "%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Baidu.exe -noclient"

The Trojan deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Microsoft\ESENT\Process\Baidu\DEBUG]
"Trace Level"

The process Baidu.exe:2484 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"

[HKCR\metnsd\clsid]
"SequenceID" = "3E 09 2F DA D8 BD 16 41 AA 1E 41 0F 8E A6 C6 7E"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile" = "%System%\ESENT.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryCount" = "16"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "98 07 A8 C5 9A 86 6D FA 9F 00 22 89 A2 7D 20 82"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"CategoryMessageFile" = "%System%\ESENT.dll"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\ESENT]
"TypesSupported" = "7"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"ControlFlags" = "1"

The process Baidu.exe:2540 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "1C 9A 86 6B BD 8F BE B8 CE FE EB 65 44 F0 0F 33"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

The process Baidu.exe:2352 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "86 C4 FA F2 D4 11 A2 D2 EF C2 04 48 92 C9 47 64"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"

The process Baidu.exe:2116 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "54 50 0E 67 BD 61 CC 47 E9 28 A5 C4 DE C2 85 35"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"

The process QQBrowserOTA.exe:3548 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E8 34 1E 5B 9A B1 DA E1 36 1C 2B 77 87 1A 4A 8F"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted\%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\OnlineSetup\sso]
"QQBrowserOTA.exe" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

The process QQBrowserOTA.exe:3540 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "CA 23 69 5D 1A F3 F7 92 45 3C 55 82 F7 6D D0 C7"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Tencent\QQBrowser\ProblemFix]
"Installed" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted\%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\OnlineSetup\QQBrowserFix]
"QQBrowserOTA.exe" = "1"

The process QQBrowserOTA.exe:3176 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCR\TXGYMailActiveX.DropFile\CLSID]
"(Default)" = "{B0F77C07-8507-4AB9-B130-CC882FDDC046}"

[HKCR\TypeLib\{4E36ABB4-BAAC-429B-A1BF-8EC872D28264}\1.0\0\win32]
"(Default)" = "%Program Files%\Tencent\QQMail\TXFTNActiveX_2.dll"

[HKCR\CLSID\{5E626C89-4AF9-4E67-99BE-E3984D419379}]
"(Default)" = "Uploader Class"

[HKCR\TXFTNActiveX.FTNUploadEventParam.1]
"(Default)" = "FTNUploadEventParam Class"

[HKCR\CLSID\{B0F77C07-8507-4AB9-B130-CC882FDDC046}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\TXGYMailActiveX.ScreenCapture.2]
"(Default)" = "ScreenCapture Class"

[HKCR\TXGYMailActiveX.Uploader.2]
"(Default)" = "Uploader Class"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCR\Interface\{39DDFBD9-DB83-4758-BDD4-B909BC796B9C}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\CLSID\{9AA844B2-7C7E-4C88-BBC6-18D306489862}]
"(Default)" = "ScreenCapture Class"

[HKCR\CLSID\{9AA844B2-7C7E-4C88-BBC6-18D306489862}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\CLSID\{DDDC986A-6061-4EAB-945A-5F607FA75078}\ProgID]
"(Default)" = "TXFTNActiveX.FTNUploadEventParam.1"

[HKCR\CLSID\{5E626C89-4AF9-4E67-99BE-E3984D419379}\TypeLib]
"(Default)" = "{30070D6D-01F0-481F-896F-D37AECC2CF4E}"

[HKCR\Interface\{CA4E8B17-3E77-444C-998E-58047DFEFD3B}\TypeLib]
"Version" = "1.0"

[HKCR\Interface\{39DDFBD9-DB83-4758-BDD4-B909BC796B9C}\TypeLib]
"Version" = "1.0"
"(Default)" = "{4E36ABB4-BAAC-429B-A1BF-8EC872D28264}"

[HKCR\TXFTNActiveX.FTNUploadEventParam\CLSID]
"(Default)" = "{DDDC986A-6061-4EAB-945A-5F607FA75078}"

[HKCR\TXFTNActiveX.FTNUpload\CLSID]
"(Default)" = "{BDEACC50-F56D-4D60-860F-CF6ED1766D65}"

[HKCR\CLSID\{DDDC986A-6061-4EAB-945A-5F607FA75078}\TypeLib]
"(Default)" = "{4E36ABB4-BAAC-429B-A1BF-8EC872D28264}"

[HKCR\CLSID\{BDEACC50-F56D-4D60-860F-CF6ED1766D65}\TypeLib]
"(Default)" = "{4E36ABB4-BAAC-429B-A1BF-8EC872D28264}"

[HKCR\TypeLib\{30070D6D-01F0-481F-896F-D37AECC2CF4E}\1.0\0\win32]
"(Default)" = "%Program Files%\Tencent\QQMail\TXGYMailActiveX_2.dll"

[HKCR\CLSID\{B0F77C07-8507-4AB9-B130-CC882FDDC046}\ToolboxBitmap32]
"(Default)" = "%Program Files%\Tencent\QQMail\TXGYMailActiveX_2.dll, 109"

[HKCR\CLSID\{B0F77C07-8507-4AB9-B130-CC882FDDC046}\MiscStatus]
"(Default)" = "0"

[HKCR\CLSID\{5E626C89-4AF9-4E67-99BE-E3984D419379}\ProgID]
"(Default)" = "TXGYMailActiveX.Uploader.2"

[HKCR\TXGYMailActiveX.ScreenCapture\CLSID]
"(Default)" = "{9AA844B2-7C7E-4C88-BBC6-18D306489862}"

[HKCR\TXFTNActiveX.FTNUpload.1\CLSID]
"(Default)" = "{BDEACC50-F56D-4D60-860F-CF6ED1766D65}"

[HKCR\Interface\{C6DA788C-DE6D-4856-893A-76F1E0B9070C}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{5A01E8DE-CE3C-4678-8570-1E3018F075D5}\TypeLib]
"(Default)" = "{30070D6D-01F0-481F-896F-D37AECC2CF4E}"

[HKCR\CLSID\{BDEACC50-F56D-4D60-860F-CF6ED1766D65}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\CLSID\{B0F77C07-8507-4AB9-B130-CC882FDDC046}]
"(Default)" = "DropFile Class"

[HKCR\Interface\{5A01E8DE-CE3C-4678-8570-1E3018F075D5}\TypeLib]
"Version" = "1.0"

[HKCR\CLSID\{9AA844B2-7C7E-4C88-BBC6-18D306489862}\InprocServer32]
"(Default)" = "%Program Files%\Tencent\QQMail\TXGYMailActiveX_2.dll"

[HKCR\CLSID\{5E626C89-4AF9-4E67-99BE-E3984D419379}\InprocServer32]
"(Default)" = "%Program Files%\Tencent\QQMail\TXGYMailActiveX_2.dll"

[HKCR\TypeLib\{4E36ABB4-BAAC-429B-A1BF-8EC872D28264}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\CLSID\{DDDC986A-6061-4EAB-945A-5F607FA75078}]
"(Default)" = "FTNUploadEventParam Class"

[HKCR\Interface\{999D982E-09FD-4D3A-87E0-1E0B4A838962}\TypeLib]
"Version" = "1.0"

[HKCR\CLSID\{B0F77C07-8507-4AB9-B130-CC882FDDC046}\MiscStatus\1]
"(Default)" = "131473"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "80 7F 0B 4C B0 36 89 4E C8 08 37 DE FF D0 52 82"

[HKCR\TXGYMailActiveX.Uploader.2\CLSID]
"(Default)" = "{5E626C89-4AF9-4E67-99BE-E3984D419379}"

[HKCR\CLSID\{B0F77C07-8507-4AB9-B130-CC882FDDC046}\ProgID]
"(Default)" = "TXGYMailActiveX.DropFile.2"

[HKCR\TypeLib\{4E36ABB4-BAAC-429B-A1BF-8EC872D28264}\1.0]
"(Default)" = "TXFTNActiveX 1.0 Type Library"

[HKCR\Interface\{C6DA788C-DE6D-4856-893A-76F1E0B9070C}\TypeLib]
"Version" = "1.0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCR\Interface\{CA4E8B17-3E77-444C-998E-58047DFEFD3B}]
"(Default)" = "IScreenCapture"

[HKCR\Interface\{CA4E8B17-3E77-444C-998E-58047DFEFD3B}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{CA4E8B17-3E77-444C-998E-58047DFEFD3B}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\CLSID\{9AA844B2-7C7E-4C88-BBC6-18D306489862}\VersionIndependentProgID]
"(Default)" = "TXGYMailActiveX.ScreenCapture"

[HKCR\TXGYMailActiveX.Uploader\CurVer]
"(Default)" = "TXGYMailActiveX.Uploader.2"

[HKCR\Interface\{999D982E-09FD-4D3A-87E0-1E0B4A838962}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\TXGYMailActiveX.ScreenCapture.2\CLSID]
"(Default)" = "{9AA844B2-7C7E-4C88-BBC6-18D306489862}"

[HKCR\TXFTNActiveX.FTNUpload.1]
"(Default)" = "FTNUpload Class"

[HKCR\CLSID\{DDDC986A-6061-4EAB-945A-5F607FA75078}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\TypeLib\{30070D6D-01F0-481F-896F-D37AECC2CF4E}\1.0]
"(Default)" = "TXGYMailActiveX2 1.0 Type Library"

[HKCR\Interface\{CA4E8B17-3E77-444C-998E-58047DFEFD3B}\TypeLib]
"(Default)" = "{30070D6D-01F0-481F-896F-D37AECC2CF4E}"

[HKCR\Interface\{5A01E8DE-CE3C-4678-8570-1E3018F075D5}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\CLSID\{B0F77C07-8507-4AB9-B130-CC882FDDC046}\VersionIndependentProgID]
"(Default)" = "TXGYMailActiveX.DropFile"

[HKCR\Interface\{C6DA788C-DE6D-4856-893A-76F1E0B9070C}]
"(Default)" = "IDropFile"

[HKCR\TXGYMailActiveX.ScreenCapture]
"(Default)" = "ScreenCapture Class"

[HKCR\CLSID\{9AA844B2-7C7E-4C88-BBC6-18D306489862}\ProgID]
"(Default)" = "TXGYMailActiveX.ScreenCapture.2"

[HKCR\TXGYMailActiveX.ScreenCapture\CurVer]
"(Default)" = "TXGYMailActiveX.ScreenCapture.2"

[HKCR\Interface\{999D982E-09FD-4D3A-87E0-1E0B4A838962}\TypeLib]
"(Default)" = "{4E36ABB4-BAAC-429B-A1BF-8EC872D28264}"

[HKCR\TXFTNActiveX.FTNUploadEventParam]
"(Default)" = "FTNUploadEventParam Class"

[HKCR\TXFTNActiveX.FTNUpload\CurVer]
"(Default)" = "TXFTNActiveX.FTNUpload.1"

[HKCR\CLSID\{DDDC986A-6061-4EAB-945A-5F607FA75078}\VersionIndependentProgID]
"(Default)" = "TXFTNActiveX.FTNUploadEventParam"

[HKCR\CLSID\{B0F77C07-8507-4AB9-B130-CC882FDDC046}\TypeLib]
"(Default)" = "{30070D6D-01F0-481F-896F-D37AECC2CF4E}"

[HKCR\TXGYMailActiveX.Uploader]
"(Default)" = "Uploader Class"

[HKCR\Interface\{999D982E-09FD-4D3A-87E0-1E0B4A838962}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\TypeLib\{4E36ABB4-BAAC-429B-A1BF-8EC872D28264}\1.0\HELPDIR]
"(Default)" = "%Program Files%\Tencent\QQMail\"

[HKCR\CLSID\{B0F77C07-8507-4AB9-B130-CC882FDDC046}\InprocServer32]
"(Default)" = "%Program Files%\Tencent\QQMail\TXGYMailActiveX_2.dll"

[HKCR\Interface\{C6DA788C-DE6D-4856-893A-76F1E0B9070C}\TypeLib]
"(Default)" = "{30070D6D-01F0-481F-896F-D37AECC2CF4E}"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCR\TXGYMailActiveX.DropFile\CurVer]
"(Default)" = "TXGYMailActiveX.DropFile.2"

[HKCR\CLSID\{B0F77C07-8507-4AB9-B130-CC882FDDC046}\Version]
"(Default)" = "1.0"

[HKCR\TXGYMailActiveX.DropFile]
"(Default)" = "DropFile Class"

[HKCR\TXFTNActiveX.FTNUpload]
"(Default)" = "FTNUpload Class"

[HKCR\Interface\{5A01E8DE-CE3C-4678-8570-1E3018F075D5}]
"(Default)" = "IUploader"

[HKCR\TXGYMailActiveX.Uploader\CLSID]
"(Default)" = "{5E626C89-4AF9-4E67-99BE-E3984D419379}"

[HKCR\Interface\{39DDFBD9-DB83-4758-BDD4-B909BC796B9C}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\CLSID\{DDDC986A-6061-4EAB-945A-5F607FA75078}\InprocServer32]
"(Default)" = "C:\PROGRA~1\Tencent\QQMail\TXFTNA~1.DLL"

[HKCR\TypeLib\{30070D6D-01F0-481F-896F-D37AECC2CF4E}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\TXFTNActiveX.FTNUploadEventParam.1\CLSID]
"(Default)" = "{DDDC986A-6061-4EAB-945A-5F607FA75078}"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCR\Interface\{39DDFBD9-DB83-4758-BDD4-B909BC796B9C}]
"(Default)" = "IFTNUploadEventParam"

[HKCR\CLSID\{BDEACC50-F56D-4D60-860F-CF6ED1766D65}\ProgID]
"(Default)" = "TXFTNActiveX.FTNUpload.1"

[HKCR\TXGYMailActiveX.DropFile.2]
"(Default)" = "DropFile Class"

[HKCR\CLSID\{BDEACC50-F56D-4D60-860F-CF6ED1766D65}]
"(Default)" = "FTNUpload Class"

[HKCR\CLSID\{5E626C89-4AF9-4E67-99BE-E3984D419379}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\CLSID\{9AA844B2-7C7E-4C88-BBC6-18D306489862}\TypeLib]
"(Default)" = "{30070D6D-01F0-481F-896F-D37AECC2CF4E}"

[HKCR\TXGYMailActiveX.DropFile.2\CLSID]
"(Default)" = "{B0F77C07-8507-4AB9-B130-CC882FDDC046}"

[HKCR\Interface\{C6DA788C-DE6D-4856-893A-76F1E0B9070C}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\CLSID\{BDEACC50-F56D-4D60-860F-CF6ED1766D65}\VersionIndependentProgID]
"(Default)" = "TXFTNActiveX.FTNUpload"

[HKCR\CLSID\{5E626C89-4AF9-4E67-99BE-E3984D419379}\VersionIndependentProgID]
"(Default)" = "TXGYMailActiveX.Uploader"

[HKCR\Interface\{5A01E8DE-CE3C-4678-8570-1E3018F075D5}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\CLSID\{BDEACC50-F56D-4D60-860F-CF6ED1766D65}\InprocServer32]
"(Default)" = "C:\PROGRA~1\Tencent\QQMail\TXFTNA~1.DLL"

[HKCR\TypeLib\{30070D6D-01F0-481F-896F-D37AECC2CF4E}\1.0\HELPDIR]
"(Default)" = "%Program Files%\Tencent\QQMail\"

[HKCR\Interface\{999D982E-09FD-4D3A-87E0-1E0B4A838962}]
"(Default)" = "IFTNUpload"

[HKCR\TXFTNActiveX.FTNUploadEventParam\CurVer]
"(Default)" = "TXFTNActiveX.FTNUploadEventParam.1"

The process kinst_168_57.exe:1128 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "27 3B 35 26 A5 66 60 B6 86 5C ED 2D A1 39 4D 53"

[HKCR\CLSID\{79B5BC47-CEA1-4772-B433-7D1B3139F278}\Implemented Categories\{607568DD-B059-434b-B7E7-38EC51998F8E}]
"Guid" = "E1D8DF0E49874E0BAA14B4764A2ACFD6"
"DID" = "BBF3ED870F13DB0E63B35A55FE96927D"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Documents and Settings%\%current user%\Local Settings\Temp\nsn2.tmp]
"kinst_168_57.exe" = "%Documents and Settings%\%current user%\Local Settings\Temp\nsn2.tmp\kinst_168_57.exe:*:Enabled:KInstallTool"

Dropped PE files

MD5 File path
16ae0a59da95783599969cb2a8cd7b0d c:\Documents and Settings\"%CurrentUserName%"\Application Data\Tencent\QQBrowser\Extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\8.0.0.12\QBSafe.dll
4c39358ebdd2ffcd9132a30e1ec31e16 c:\Documents and Settings\"%CurrentUserName%"\Application Data\Tencent\QQBrowser\InstModules\Microsoft.VC90.CRT\msvcp90.dll
cdbe9690cf2b8409facad94fac9479c9 c:\Documents and Settings\"%CurrentUserName%"\Application Data\Tencent\QQBrowser\InstModules\Microsoft.VC90.CRT\msvcr90.dll
268905b968aace3dbaf5dd97391071e9 c:\Documents and Settings\"%CurrentUserName%"\Application Data\Tencent\QQBrowser\InstModules\QBUtils.dll
4c39358ebdd2ffcd9132a30e1ec31e16 c:\Documents and Settings\"%CurrentUserName%"\Application Data\Tencent\QQBrowser\Liveup\Temp\Microsoft.VC90.CRT\msvcp90.dll
cdbe9690cf2b8409facad94fac9479c9 c:\Documents and Settings\"%CurrentUserName%"\Application Data\Tencent\QQBrowser\Liveup\Temp\Microsoft.VC90.CRT\msvcr90.dll
268905b968aace3dbaf5dd97391071e9 c:\Documents and Settings\"%CurrentUserName%"\Application Data\Tencent\QQBrowser\Liveup\Temp\QBUtils.dll
acd46c8f29be4cc5f659b87f115c740c c:\Documents and Settings\"%CurrentUserName%"\Application Data\Tencent\QQBrowser\Liveup\Temp\QQBrowserLiveup.exe
254f13dfd61c5b7d2119eb2550491e1d c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsn2.tmp\NSISdl.dll
00a0194c20ee912257df53bfe258ee4a c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsn2.tmp\System.dll
15907c8e335563c313de6d7c86df99e5 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsn2.tmp\V8._85296_20150814221218.exe
2dc35ddcabcb2b24919b9afae4ec3091 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsn2.tmp\ZipDLL.dll
e93b5a4fd5050116a84cf52011c516c1 c:\Program Files\Tencent\QQBrowser\Assistant.dll
4c86d70ab39a65776f5dd5702da9b509 c:\Program Files\Tencent\QQBrowser\BugReport.exe
16880d4c14c8aa0b4a1b0ec82b9f6cb3 c:\Program Files\Tencent\QQBrowser\Dialogs.dll
4d49497ce2c51461b42af928a91e3260 c:\Program Files\Tencent\QQBrowser\Downloader.dll
10d98bc99fb31673330239b88174973e c:\Program Files\Tencent\QQBrowser\EventTracing.dll
d34a527493f39af4491b3e909dc697ca c:\Program Files\Tencent\QQBrowser\Microsoft.VC90.CRT\msvcm90.dll
4c39358ebdd2ffcd9132a30e1ec31e16 c:\Program Files\Tencent\QQBrowser\Microsoft.VC90.CRT\msvcp90.dll
cdbe9690cf2b8409facad94fac9479c9 c:\Program Files\Tencent\QQBrowser\Microsoft.VC90.CRT\msvcr90.dll
77b80794e7726eade4fe30954e2e5847 c:\Program Files\Tencent\QQBrowser\MouseGesture.dll
73640253f394c6dd6940fc1fe222cd92 c:\Program Files\Tencent\QQBrowser\NetWork.dll
f1e9d5f32467dd034f828bcc293e7ad9 c:\Program Files\Tencent\QQBrowser\PrScrn.dll
88f2d2382cce7ec315ca6860ff0c4075 c:\Program Files\Tencent\QQBrowser\QBExtensionFramework.dll
16ae0a59da95783599969cb2a8cd7b0d c:\Program Files\Tencent\QQBrowser\QBSafe.dll
268905b968aace3dbaf5dd97391071e9 c:\Program Files\Tencent\QQBrowser\QBUtils.dll
c3e4c6aaedb957ba059b51c1d2403c93 c:\Program Files\Tencent\QQBrowser\QQBrowser.exe
68eb386277ed0c2e4a13b6c5731f236e c:\Program Files\Tencent\QQBrowser\QQBrowserFrame.dll
acd46c8f29be4cc5f659b87f115c740c c:\Program Files\Tencent\QQBrowser\QQBrowserLiveup.exe
38977583aa8131702dd06a022a94476c c:\Program Files\Tencent\QQBrowser\QQBrowserSecurityCenter.exe
f3df05cd6c209c05c5415af6bc9e7199 c:\Program Files\Tencent\QQBrowser\QRCode.dll
528fd48653019ba6629ec9d9db2cd6a9 c:\Program Files\Tencent\QQBrowser\Resource.dll
e826d419df589357d43554c7f0c0e39c c:\Program Files\Tencent\QQBrowser\TridentCore.dll
12650137ef731c4f2967bd670287e357 c:\Program Files\Tencent\QQBrowser\WebpDecodeFilter.dll
699f0052d0c959f1a5b7c3926cce11fa c:\Program Files\Tencent\QQBrowser\dr.dll
a51d90f2f9394f5ea0a3acae3bd2b219 c:\Program Files\Tencent\QQBrowser\service\7z.exe
1b47580cce6db40a3f389ebd6250795f c:\Program Files\Tencent\QQBrowser\service\PerfTraceService.exe
e625e19acadb88eeaefd2f15cbc757f2 c:\Program Files\Tencent\QQBrowser\service\perfctrl.dll
8267d1cba70f87018d89bbb2bbbfdc03 c:\Program Files\Tencent\QQBrowser\service\xperf.exe
9ed4bdccc465222477805ca2df443596 c:\Program Files\Tencent\QQBrowser\tssafeedit.dat

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

No information is available.

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Section MD5
.text 4096 23096 23552 4.43854 092e164daa50385128d3c5b319373035
.rdata 28672 4496 4608 3.59023 4e7f519777030dd2f0ea0d2092babed3
.data 36864 110424 1024 3.20088 f6d93c048bf148a2daee8a6b0505e38b
.ndata 147456 36864 0 0 d41d8cd98f00b204e9800998ecf8427e
.rsrc 184320 56656 56832 5.28874 1da3eb4730128a3b9f2ab2c7f10bc4b4

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

URL IP
hxxp://n4cswhk3.gccdn.net/large/7185bdf1gw1f05vpdktqrg20go0a5u10.gif
hxxp://tiger.mig.tencent-cloud.net/accept?authcode=1771558448&guid=182290F2-326C-B222-D4F1-3E5ED25565ED&supplyid=85296&IEVer=6&osVer=5.1.3&osDigit=32&psver=3&appId=3&cver=8.2.3638.400
hxxp://e6845.dscb1.akamaiedge.net/pca3-g5.crl
hxxp://e6845.dscb1.akamaiedge.net/CSC3-2010.crl
hxxp://tiger.mig.tencent-cloud.net/
hxxp://brdlsw.jomodns.com/original/201603/lxsaju.exe
hxxp://ww3.sinaimg.cn/large/7185bdf1gw1f05vpdktqrg20go0a5u10.gif 37.29.13.34
hxxp://crl.verisign.com/pca3-g5.crl 23.37.37.163
hxxp://qbwup.imtt.qq.com/ 163.177.67.144
hxxp://ps.browser.qq.com/accept?authcode=1771558448&guid=182290F2-326C-B222-D4F1-3E5ED25565ED&supplyid=85296&IEVer=6&osVer=5.1.3&osDigit=32&psver=3&appId=3&cver=8.2.3638.400 103.7.30.158
hxxp://dlsw.br.baidu.com/original/201603/lxsaju.exe 119.84.42.46
hxxp://csc3-2010-crl.verisign.com/CSC3-2010.crl 23.37.37.163
www.qq.com 2.20.254.129
res.imtt.qq.com 203.205.151.215
browser.etl.desktop.qq.com 119.147.201.16


IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected

Traffic

POST / HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1) QQBrowser/6.0
Host: qbwup.imtt.qq.com
Content-Length: 398
Cache-Control: no-cache

......,<LV.qbpcstatf.stat}...k.....crypt...
list<char>....M
...H6S..P......aS[,.i):.....6Sq..7..BX.t.:..D..Q.N..Q.W..-.c.....M.v....A.Q*[2."<..Q.._z....X6ji..x.f)..
.9.&k]..!8.
../....Fz.^J...d.......kk.v.X...{.......e...N.Iy......X....b..m..=$..1d..yK>...5.*=...kQ~..>.f>..e...(....!.{).=...J._e...xIF.$.8S..U...p.$
.6..HEBE......!Y......s/.u.........".....s.
..\z....7......2g.|.n*......
HTTP/1.1 200 OK
Content-Length: 54
Content-Type: application/multipart-formdata
Date: Fri, 02 Sep 2016 17:17:34 GMT
Server: HTTP Load Balancer/1.0
...6..,<LV.qbpcstatf.stat}.............int32............



GET /accept?authcode=1771558448&guid=182290F2-326C-B222-D4F1-3E5ED25565ED&supplyid=85296&IEVer=6&osVer=5.1.3&osDigit=32&psver=3&appId=3&cver=8.2.3638.400 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1) QQBrowser/6.0
Host: ps.browser.qq.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Content-Length: 11237
Content-Type: application/json;charset=utf-8
Cache-Control: no-cache
Pragma: no-cache
{"tasklist":["{"appId":"3","cmdCode":3404,"tas
kId":3404,"ver":25252,"url":"http://stdl%2
Eqq.com/stdl/qbfilepush/qqbrowser/cloudctrl/production/1
438571713_5287.txt?","taskKind":1,"uin":""
,"svrMsg":"{}","md5":""}","{"appId%2
2:"3","cmdCode":3406,"taskId":3406,"ver"%3
A65983,"url":"http://stdl.qq.com/stdl/qbfilepu
sh/qqbrowser/cloudctrl/production/1463643770_5350.txt?%2
2,"taskKind":1,"uin":"","svrMsg":"{}
","md5":""}","{"appId":"3","cmdCode"
:1020,"taskId":20001,"ver":7,"url":"http%2
53A%2F%2Fdl_dir.qq.com%2Finvc%2Ftt%2Fps%2F1020%3F%
22,"taskKind":1,"uin":"","svrMsg":"{%7
D","md5":""}","{"appId":"3","cmdCode%2
2:1100,"taskId":20003,"ver":77,"url":"http
%3A%2F%2Fpc5.gtimg.com%2Fbtr%2Fqqbrowser%2Fps%2F1100
%2F34_75_2013-04-03.zip%3F","taskKind":1,"
uin":"","svrMsg":"{}","md5":""}"
,"{"appId":"3","cmdCode":2104,"taskId":200
07,"ver":27,"url":"http%3A%2F%2Fpc5.gtimg.
com%2Fbtr%2Fqqbrowser%2Fps%2F2104%2F57_27_2012-06-15
.dat%3F","taskKind":1,"uin":"","svrM
<<< skipped >>>


POST / HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1) QQBrowser/6.0
Host: qbwup.imtt.qq.com
Content-Length: 350
Cache-Control: no-cache

...^..,<LV.qbpcstatf.stat}...;.....crypt...
list<char>.....
....6S..P......aS[,.i):.....6Sq..7..BX.t.:..D..Q.N..Q.W..-.c............A.Q*[2."<..Q.._z....X6ji..x.f)..
.9.&k]..!8.
../....Fz.^J...d.......kk.v.X...{.......e...N.Iy......X....b..m..=$..1d..yK>...5.*=...kQ~..>.f>..e...(....!.{).=...J....o..Bb..x..r.`.qlo..3N..kZ.W..P. AN..`.Z.0.......
HTTP/1.1 200 OK
Content-Length: 54
Content-Type: application/multipart-formdata
Date: Fri, 02 Sep 2016 17:17:42 GMT
Server: HTTP Load Balancer/1.0
...6..,<LV.qbpcstatf.stat}.............int32..........HTTP/1.1 200 
OK..Content-Length: 54..Content-Type: application/multipart-formdata..
Date: Fri, 02 Sep 2016 17:17:42 GMT..Server: HTTP Load Balancer/1.0...
..6..,<LV.qbpcstatf.stat}.............int32............



POST / HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1) QQBrowser/6.0
Host: qbwup.imtt.qq.com
Content-Length: 398
Cache-Control: no-cache

......,<LV.qbpcstatf.stat}...k.....crypt...
list<char>....M
...H6S..P......aS[,.i):.....6Sq..7..BX.t.:..D..Q.N..Q.W..-.c|.n|.^......A.Q*[2."<..Q.._z....X6ji..x.f)..
.9.&k]..!8.
../....Fz.^J...d.......kk.v.X...{.......e...N.Iy......X....b..m..=$..1d..yK>...5.*=...kQ~..>.f>..e...(....!.{).=...J._e...xIF
y..._..)
&.6.}Nq....!v....w..H.6..HEBE./..|......m....[....6.rp...s!.\...k..3...K..px....
HTTP/1.1 200 OK
Content-Length: 54
Content-Type: application/multipart-formdata
Date: Fri, 02 Sep 2016 17:17:35 GMT
Server: HTTP Load Balancer/1.0
...6..,<LV.qbpcstatf.stat}.............int32............



GET /original/201603/lxsaju.exe HTTP/1.0
Host: dlsw.br.baidu.com
User-Agent: NSISDL/1.2 (Mozilla)
Accept: */*


HTTP/1.1 200 OK
Server: JSP3/2.0.14
Date: Fri, 02 Sep 2016 17:17:36 GMT
Content-Type: application/octet-stream
Content-Length: 8553976
Connection: close
ETag: "56f12bb7-8285f8"
Last-Modified: Tue, 22 Mar 2016 11:25:43 GMT
Expires: Fri, 08 Mar 2019 08:01:43 GMT
Age: 14116553
Cache-Control: max-age=93312000
Accept-Ranges: bytes
Ohc-Response-Time: 1 0 0 0 0 9
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......HZfS.;...;..
.;...C...;..cM..Q;..cM...;..cM...;...C...;...;..;:.......;..cM..R;....
...;..cM...;..Rich.;..........................PE..L...I*.V............
.........Vz.............. ....@.................................. ....
@..................................}............v..........d...!......
.....<......................h~...... ~..@............ ..D..........
..................text............................... ..`.rdata...o...
 ...p..................@[email protected][email protected]
[email protected]..(...........
...@[email protected]........... [email protected].......................
......................................................................
......................................................................
......................................................................
...............................................h,...h..J..Q..........3
.!.....@..!|........}.......k...............j.Y....u....!H.......3....
j.^.....t....t.!.......).....A...|.h..........P...!H.3.).....@...|....
..9.....}.......k...............j.Y....t....!H.......3.........y.I...A
...u.........).....@...|....H.VV..."H...3.........y.I...A...u.........
).....@...|.VV..3....j.[.....t....t.!.......).....A...|.h..........P..
.!H.3....j.[.....t....t.!.......).....A.. |.h..........P...!H.3.).....
@...|.9.....}.......k...............j.[......t....!H.......3.)....
<<< skipped >>>


GET /large/7185bdf1gw1f05vpdktqrg20go0a5u10.gif HTTP/1.0
Host: ww3.sinaimg.cn
User-Agent: NSISDL/1.2 (Mozilla)
Accept: */*


HTTP/1.1 200 OK
Date: Fri, 02 Sep 2016 17:17:15 GMT
Server: PWS/8.1.38
X-Px: ms h0-s1106.v0-mow ( h0-s1130.v0-mow), ms h0-s1130.v0-mow ( h0-s1331.p0-kix), ht-d h0-s1331.p0-kix.cdngp.net
Cache-Control: max-age=7776000
Expires: Fri, 04 Nov 2016 19:35:32 GMT
Age: 2324504
Content-Length: 5124538
Content-Type: image/gif
Last-Modified: Mon, 08 Jul 2013 18:06:40 GMT
X-Via-CDN: f=TXCDN,s=37.29.13.34,c=194.242.96.218
Connection: close
GIF89aX.m.....Qx......v..Y...b.......1b.p......m....8w.k...........j..
P........K......e.n......x.z........*v.\..8h....r........&...b.<...
..............x|. ]..........!a.#W.^.."c....5........*...........G..D.
..........z..Y..)s.:..D~..\....z..E........S.........k.......B.....R..
M~....3l.^........}.."..t..t............c....... z....4w.......j...[..
..*.._.....!r.$k.Y...i.r..c{.......N..3..6........B.....`..!j.F..P...{
[email protected]...............|.....Y..........Cw.
.k.......{..c........1q.1{....1..4..l...f.......c........I............
e.\..*..!........y..B.....d..;............z.... ..L...b..k....l.......
.#j..q.9........`..].........|....*m..d.Q........R.....|..6|..T.......
R.....O...........q..Dy.Q..!d..].3..)..d......t.o..)u.8m..b.-j. k.....
..s........L..!.......,....X.m.....#@.@......*\......#J.Hp....3j......
 C..I....(S.\[email protected].(QDH.*].....P.J.J....X.j....
..`.:5J....h."......pY..K....x.....oL...O..V.....*^......#.EL.0....K..
.....C..L.....]r.(zo...9....v...;..M.4...o..nr..... _...s...;gN.3....k
.^.{d..Y...?......._.......G._..}.....?......6_.....m(................
....1....a.!G..Fa.o}.!.(.............}*.h#r3..#f0.(c...(...........CF.
G..P6...q.G.KRR...\>..pW.fe..}.\.h>if.d..d...y....ig.r...Lo..[..
.)(....goc..]....h..~..D}....4.......ic.R.h.q~.X..Bj.b.BT...........W.
L..kE..E..[............,...E.B...,].V[.. =....b.........f.mE..ZnJ..K..
*..na..[....i.H.F.-.....F...........z.....(..........0H.w,.. i.0. ....
6....#...F(.L.....q.4. ....D....,-.<...H?..4..:f..FG.b.8R.4...\
<<< skipped >>>


GET /pca3-g5.crl HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: crl.verisign.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache


HTTP/1.1 200 OK
Server: Apache
ETag: "49ddd5ee9b8941ed8ccf55aec088f07c:1467490816"
Last-Modified: Sat, 02 Jul 2016 20:20:16 GMT
Date: Fri, 02 Sep 2016 17:17:23 GMT
Content-Length: 571
Connection: keep-alive
Content-Type: application/pkix-crl
0..70...0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...
U....VeriSign Trust Network1:08..U...1(c) 2006 VeriSign, Inc. - For au
thorized use only1E0C..U...<VeriSign Class 3 Public Primary Certifi
cation Authority - G5..160630000000Z..160930235959Z0#0!..n.N/.v...J..%
R.t..160630163929Z0...*.H..............h...._.......VT..`.\.Y._.=lg...
..*.eLto........v.V-.6W.`fa..#.kwE..vH... .....d.A..)n.>...9l..@B..
...6....................<.N....PA..G.EH9.R._...._3....7.N..7...'.t.
t......N).....I.g......@.#.."..`.../%......;6..h....Q.L8.e..b/.8.t..W.
[email protected]$f....P..HTTP/1.1 200 OK..Server: Apache..ETag: "49ddd5ee9b
8941ed8ccf55aec088f07c:1467490816"..Last-Modified: Sat, 02 Jul 2016 20
:20:16 GMT..Date: Fri, 02 Sep 2016 17:17:23 GMT..Content-Length: 571..
Connection: keep-alive..Content-Type: application/pkix-crl..0..70...0.
..*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U....VeriS
ign Trust Network1:08..U...1(c) 2006 VeriSign, Inc. - For authorized u
se only1E0C..U...<VeriSign Class 3 Public Primary Certification Aut
hority - G5..160630000000Z..160930235959Z0#0!..n.N/.v...J..%R.t..16063
0163929Z0...*.H..............h...._.......VT..`.\.Y._.=lg.....*.eLto..
......v.V-.6W.`fa..#.kwE..vH... .....d.A..)n.>[email protected]......
..............<.N....PA..G.EH9.R._...._3....7.N..7...'.t.t......N).
....I.g......@.#.."..`.../%......;6..h....Q.L8.e..b/[email protected].
C$f....P....
<<< skipped >>>


GET /CSC3-2010.crl HTTP/1.1
Accept: */*
User-Agent: Microsoft-CryptoAPI/5.131.2600.5512
Host: csc3-2010-crl.verisign.com
Connection: Keep-Alive
Cache-Control: no-cache
Pragma: no-cache


HTTP/1.1 200 OK
Server: Apache
ETag: "72d4e9305a4e0bf267c1db5563d2ee3e:1472807118"
Last-Modified: Fri, 02 Sep 2016 09:05:18 GMT
Date: Fri, 02 Sep 2016 17:17:32 GMT
Transfer-Encoding:  chunked
Connection: keep-alive
Connection: Transfer-Encoding
Content-Type: application/pkix-crl
00006000..0..Wz0..Va...0...*.H........0..1.0...U....US1.0...U....VeriS
ign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at h
ttps://VVV.verisign.com/rpa (c)101.0,..U...%VeriSign Class 3 Code Sign
ing 2010 [email protected]
0730092631Z0!....c..k....D.k.....120708062201Z0!... _...u.t.=.<.&..
.130218061114Z0!...&..].....P.k.:...120125130117Z0!...7P.x....8.Q...s.
.130227010252Z0!...9t.*.].....~.....160114221207Z0!...J.....Q..Y.[....
.110404153956Z0!...d...=..q!_...g9..130729145216Z0!...d....Y.......o..
.140711083257Z0!...l.....h2<.H......120329152211Z0!...q.9...`H.*.Y.
C...120525202212Z0!...s...TM.......0...121221080842Z0!...t..,.. ...eL.
....130314222305Z0!...y..r.HW.v.....w..140423054643Z0!..../u.......A..
5...101214165045Z0!.....0.Xc...%...iM..121102230226Z0!.......S.a&.X5t.
E]..111206083350Z0!....c.(....B.[M83...140108164517Z0!....A.Sv.....f,.
....110609003155Z0!.....z......!.ID{]..101228182208Z0!....b^......{d.J
'...130102154110Z0!.......n........'u..140521222808Z0!......0.........
.I..130912181631Z0!.....1.;C,.. L..0...141111073655Z0!....6e...~..T...
....130131012247Z0!.....|.....t.l.o....140827175301Z0!.........bD#*u..
....130226223939Z0!.......@..'$.).;}\..130121172259Z0!....7.v.........
.n..120724160733Z0!....n[..P..a.y...p..141121045513Z0!....P;.Y..d...c.
(...120209181451Z0!.....].bb[.....!....140328205453Z0!.....a...L`..IV.
[email protected]!...........].{7.
....120730000000Z0!...".......Z.V.,.e..121031192224Z0!...'....[.1.
<<< skipped >>>

The Trojan connects to the servers at the folowing location(s):

%original file name%.exe_860:

.text
`.rdata
@.data
.ndata
.rsrc
uDSSh
.DEFAULT\Control Panel\International
Software\Microsoft\Windows\CurrentVersion
GetWindowsDirectoryA
KERNEL32.dll
ExitWindowsEx
USER32.dll
GDI32.dll
SHFileOperationA
ShellExecuteA
SHELL32.dll
RegEnumKeyA
RegCreateKeyExA
RegCloseKey
RegDeleteKeyA
RegOpenKeyExA
ADVAPI32.dll
COMCTL32.dll
ole32.dll
VERSION.dll
verifying installer: %d%%
hXXp://nsis.sf.net/NSIS_Error
... %d%%
~nsu.tmp
%u.%u%s%s
RegDeleteKeyExA
%s=%s
*?|<>/":
~1\"%CurrentUserName%"\LOCALS~1\Temp\nsn2.tmp\NSISdl.dll
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsn2.tmp\NSISdl.dll
TZkNGY0ZDVkNDg0MGUuZXhl/40.html
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsn2.tmp
f.gif
Y0ZDVkNDg0MGUuZXhl/40.html
@.reloc
MSVCR80.dll
_crt_debugger_hook
Base64.dll
<assemblyIdentity type="win32" name="Microsoft.VC80.CRT" version="8.0.50608.0" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"></assemblyIdentity>
\\?\unc\
zcÁ
65708<8`9
<'</<5<;<|<
%Program Files%\Tencent\QQBrowser\uninst.exe
uninst.exe
\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsn2.tmp
Software\Microsoft\Windows\CurrentVersion\Uninstall\360
hXXp://114.55.80.49/
1396504
hXXp://w.x.baidu.com/go/full/201/1202000454
r5whtg20rt0m7tpt.gif
5590b2ab_1202000454.exe
ent\QQBrowser\uninst.exe
c:\%original file name%.exe
%Program Files%\QCD 3
%original file name%.exe
CUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsx1.tmp
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\
nn%U:|
e.rn>p
.BB>(x
-l-PIs}
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="Nullsoft.NSIS.exehead" type="win32"/><description>Nullsoft Install System v2.46</description><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="X86" publicKeyToken="6595b64144ccf1df" language="*" /></dependentAssembly></dependency></assembly>

%original file name%.exe_860_rwx_10004000_00001000:

callback%d

PerfTraceService.exe_1160:

.text
`.rdata
@.data
.rsrc
@.reloc
l$X9.vE
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- floating point support not loaded
operator
GetProcessWindowStation
USER32.DLL
tdh.dll
e:\SlaveDepot\beyond_slave\branch8_union_rc_rep\beyond\bin\pdb\Release\PerfTraceService.pdb
KERNEL32.dll
RegCreateKeyW
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
ADVAPI32.dll
SHELL32.dll
ole32.dll
OLEAUT32.dll
SHLWAPI.dll
WS2_32.dll
GetCPInfo
GetConsoleOutputCP
GetProcessHeap
zcÁ
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
7%7S7a7
3=3
>&>,>2>:>
8Œ8v8
;3;<;)=8=,>
KERNEL32.DLL
mscoree.dll
[%s](%lu):
PerfTrace.ini
DebugMsg
EVENT_RECORD address : %d, UserDataLength : %d
PerfTrackInfo : Name : %s, Id : %d
Start Event : Name : %s, Id : %d
InFlightEvents number : %d
Match Event : Name : %s, Id : %d
{x-x-x-xx-xxxxxx}
Port
TypesSupported
QQTrace.ini
TraceConfig.xml
qqtrack.xml
advapi32.dll
IsVervionEnalbe failed , OSVersion : %d
IsTypeEnable failed, trace type %d
7z.exe
::CreateProcess failed, ErrCode : %d, cmd : %s
::SetPriorityClass failed, ErrCode : %d
File path too long ! %s, %s
share dir path too long ! %s, %s
CopyFile failed, ErrCode : %d
begin ReloadConfig tread, ReloadTime : %d
CreateThread failed, ErrCode %d
OpenTrace failed , ErrCode : %d
Session-4BA0B957-882B-4625-A213-0349B865E6AA
%d/%d/%d %d:%d:%d
event id :%d, duration :%f ms, start time :%s
ScenarioId %s take a long time
AQQTrace-UserSession-8D2FEC41-08A1-4c4b-AB00-F67DD5761ACC
-start %s -on %s -BufferSize %d -MinBuffers %d -MaxBuffers %d
-on %s -BufferSize %d -MinBuffers %d -MaxBuffers %d -stackwalk %s
-stop -stop %s
-flush -flush "%s"
-flush -f "%s" -flush "%s" -f "%s"
RunXperf Error ! (%d)
%s\%s%s.%d-d-d.d-d-d-%d.etl
-merge "%s" "%s" "%s"
Myredir-B48C0CD8-8D7A-45ee-90EB-B1FCCD3F5E1A
"%s" %s
CreateProcess failed (%d)
DeleteFile %s Failed : %d
xperf.exe
QQTraceUserSession.etl
QQTraceNTSession.etl
%d.%d.%d.%d
AoXmlDoc.Load(lpszConfigFileName) || !oXmlDoc.IsValid() failed
oXmlDoc.IsValid() failed
IDispatch error #%d
%Program Files%\Tencent\QQBrowser\Service\PerfTraceService.exe

1332280.exe_1088:

.text
`.rdata
@.data
.rsrc
vSSSh
tGHt.Ht&
FTPjK
FtPj;
C.PjRV
Iphlpapi.dll
SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
System\CurrentControlSet\Services\VxD\MSTCP
255.255.255.255
socket() failed; %d
\\.\PhysicalDrive%d
\\.\Scsi%d:
MSIE %d.%d
WININET.DLL
Windows
Windows Me
Windows 98
Windows 95
Windows NT %d.%d
%s:%d
Mozilla/4.0 (compatible; %s; %s; Rising)
Content-Type: application/x-www-form-urlencoded
HTTP/1.0
Range: bytes=%d-
hXXp://
"%sProgram Files\Internet Explorer\iexplore.exe" %s
"%s\Internet Explorer\iexplore.exe" %s
Shell32.dll
FRegDeleteKeyExA
Advapi32.dll
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_DYN_DATA
HKEY_CURRENT_CONFIG
Global\{DCBEBF39-05BB-4826-9BDA-B8DD752EF707}
XXXXXXXXXXX
{X-X-X-XX-XXXXXX}
CLSID\{CAA2D3B1-4BB5-4a45-A17A-122773379D99}
%s\%s
%s\*.*
"%s" %s
Setup.exe
rsbrowser.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rse
hXXp://rsup10.rising.com.cn/Register/OnlineHelper/ForLog/Action.aspx?info=
C:\Temp
\AUTO.INI
\InstalledLog.dat
\rse.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
tray.exe
Kernel32.dll
Rising.info
\label.dat
AUTO.INI
\Rav.zip
\KaKa.info
%slog.txt
"%s" -auto
Key=RSEInstallPop&v1=%s&v2=%d&v3=%d&v4=%d&v5=0
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
rccb.exe
target url:
hXXp://rse.rising.com.cn/config/rsedownloadconfig.xml
\rsedownloadconfig.xml
CRavDowner::GetDownloadURL
1.1.3
Rav.tst
Mozilla/4.0 (compatible; Rising)
kernel32.dll
%s\Tasks\%s
%s\Tasks\%s*.*
https
Content-Disposition: form-data; name="%s"
Content-Disposition: form-data; name="%s"; filename="%s"
hXXps://
Content-Length: %d
<!--%s-->
&#xX;
</%s>
%s='%s'
%s="%s"
<![CDATA[%s]]>
standalone="%s"
encoding="%s"
version="%s"
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- floating point support not loaded
operator
portuguese-brazilian
ADVAPI32.DLL
GetProcessWindowStation
USER32.DLL
deflate 1.1.3 Copyright 1995-1998 Jean-loup Gailly
inflate 1.1.3 Copyright 1995-1998 Mark Adler
C:\DistributedAutoLink\Temp\CompileOutputDir\rsedownloader.pdb
GetWindowsDirectoryA
GetProcessHeap
KERNEL32.dll
USER32.dll
RegCloseKey
RegOpenKeyExA
RegDeleteKeyA
RegCreateKeyExA
RegQueryInfoKeyA
RegEnumKeyExA
RegCreateKeyA
RegOpenKeyA
ADVAPI32.dll
ShellExecuteExA
SHELL32.dll
ole32.dll
OLEAUT32.dll
SHLWAPI.dll
COMCTL32.dll
WSOCK32.dll
RPCRT4.dll
InternetCrackUrlA
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
HttpAddRequestHeadersA
FtpOpenFileA
HttpEndRequestA
HttpSendRequestExA
WININET.dll
VERSION.dll
GetCPInfo
GetConsoleOutputCP
.?AVCHttpDownload@@
.?AVCHttpDownloadHifi@@
zcÁ
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsn2.tmp\1332280.exe
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="x86" name="ravdown" type="win32"></assemblyIdentity><description>
</description><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo></assembly>PADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX
RunAsStdUser Task%d
ekernel32.dll
KERNEL32.DLL
mscoree.dll
Continue Downloading(Installation is processing. Please wait.0hXXp://VVV.ikaka.com/2010/down.asp?t=rav&action=
Finish %d%%@Please uninstall Rising Browse before installing Rising Browse .8hXXp://VVV.rising.com.cn/2010/release/surprise/will.html>hXXp://shop.rising.com.cn/friend/index.aspx?action=%s&ginfo=%s.Rising Browse has been installed successfully!
...ShXXp://rsup10.rising.com.cn/Register/OnlineHelper/Web_Online/DownloaderInfo.aspx?t=
%d%%>
8hXXp://VVV.rising.com.cn/2010/release/surprise/will.html>hXXp://shop.rising.com.cn/friend/index.aspx?action=%s&ginfo=%s
1.0.1.1
channel downloader.exe
20151230103025859

kinst_168_57.exe_1128:

.text
`.rdata
@.data
.rsrc
8%u?P
PSSSSSSh
Montgomery Multiplication for x86, CRYPTOGAMS by <[email protected]>
SHA1 block transform for x86, CRYPTOGAMS by <[email protected]>
SHA256 block transform for x86, CRYPTOGAMS by <[email protected]>
SHA512 block transform for x86, CRYPTOGAMS by <[email protected]>
FtPS
GF(2^m) Multiplication for x86, CRYPTOGAMS by <[email protected]>
AES for Intel AES-NI, CRYPTOGAMS by <[email protected]>
6-9'6-9'
$6.:$6.:
*?#1*?#1
>8$4,8$4,
AES for x86, CRYPTOGAMS by <[email protected]>
GHASH for x86, CRYPTOGAMS by <[email protected]>
aSSSh
.VVVVVSRSSj
FTPjK
FtPj;
C.PjRV
tGHt.Ht&
%%!"#%%$
?%uZj
FTPU
w.hhwO
CERTIFICATE REQUEST
NEW CERTIFICATE REQUEST
CERTIFICATE
PUBLIC KEY
passed a null parameter
DSO support routines
x509 certificate routines
error:lX:%s:%s:%s
RSA part of OpenSSL 1.0.2c 12 Jun 2015
pubkey
PEM part of OpenSSL 1.0.2c 12 Jun 2015
phrase is too short, needs to be at least %d chars
Enter PEM pass phrase:
TRUSTED CERTIFICATE
X509 CERTIFICATE
PRIVATE KEY
ENCRYPTED PRIVATE KEY
ANY PRIVATE KEY
enc_key
key_enc_algor
cert
d.encrypted
d.digest
d.signed_and_enveloped
d.enveloped
d.sign
d.data
d.other
NETSCAPE_CERT_SEQUENCE
certs
X509_PUBKEY
public_key
.\crypto\asn1\x_pubkey.c
DSA part of OpenSSL 1.0.2c 12 Jun 2015
priv_key
pub_key
.\crypto\ec\ec_key.c
EC_PRIVATEKEY
publicKey
privateKey
value.implicitlyCA
value.parameters
value.named_curve
p.char_two
p.prime
p.ppBasis
p.tpBasis
p.onBasis
p.other
ssl_sess_cert
ssl_cert
evp_pkey
x509_pkey
%s(%d): OpenSSL internal error, assertion failed: %s
lhash part of OpenSSL 1.0.2c 12 Jun 2015
0123456789
Big Number part of OpenSSL 1.0.2c 12 Jun 2015
unsupported type
unsupported recpientinfo type
unsupported recipient type
unsupported key encryption algorithm
unsupported kek algorithm
unsupported content type
unsupported compression algorithm
signer certificate not found
private key does not match certificate
no public key
no private key
no password
no msgsigdigest
no key or cert
no key
not supported for this key type
not key transport
not key agreement
msgsigdigest wrong length
msgsigdigest verification failure
msgsigdigest error
invalid key length
invalid key encryption parameter
invalid encrypted key length
error setting key
error getting public key
certificate verify error
certificate has no keyid
certificate already present
CMS_SIGNERINFO_VERIFY_CERT
cms_set1_keyid
CMS_RecipientInfo_set0_pkey
CMS_RecipientInfo_set0_password
CMS_RecipientInfo_set0_key
CMS_RecipientInfo_ktri_cert_cmp
cms_msgSigDigest_add1
CMS_GET0_CERTIFICATE_CHOICES
CMS_EncryptedData_set1_key
CMS_decrypt_set1_pkey
CMS_decrypt_set1_password
CMS_decrypt_set1_key
CMS_add1_recipient_cert
CMS_add0_recipient_password
CMS_add0_recipient_key
CMS_add0_cert
unsupported requestorname type
no certificates in chain
error parsing url
PARSE_HTTP_LINE1
OCSP_parse_url
OCSP_cert_id_new
unimplemented public key method
invalid cmd number
invalid cmd name
failed loading public key
failed loading private key
cmd not executable
ENGINE_UNLOAD_KEY
ENGINE_load_ssl_client_cert
ENGINE_load_public_key
ENGINE_load_private_key
ENGINE_get_pkey_meth
ENGINE_get_pkey_asn1_meth
ENGINE_ctrl_cmd_string
ENGINE_ctrl_cmd
ENGINE_cmd_is_executable
unsupported version
unsupported md algorithm
invalid signer certificate purpose
ess signing certificate error
ess add signing cert error
TS_VERIFY_CERT
TS_TST_INFO_set_msg_imprint
TS_RESP_CTX_set_signer_cert
TS_RESP_CTX_set_certs
TS_REQ_set_msg_imprint
TS_MSG_IMPRINT_set_algo
TS_CHECK_SIGNING_CERTS
ESS_SIGNING_CERT_NEW_INIT
ESS_CERT_ID_NEW_INIT
ESS_ADD_SIGNING_CERT
functionality not supported
WIN32_JOINER
unsupported pkcs12 mode
key gen error
PKCS8_add_keyusage
PKCS12_PBE_keyivgen
PKCS12_newpass
PKCS12_MAKE_SHKEYBAG
PKCS12_MAKE_KEYBAG
PKCS12_key_gen_uni
PKCS12_key_gen_asc
PKCS12_add_localkeyid
unsupported option
unable to get issuer keyid
policy syntax not currently supported
operation not defined
no proxy cert policy language defined
no issuer certificate
extension setting not supported
V2I_EXTENDED_KEY_USAGE
V2I_AUTHORITY_KEYID
S2I_SKEY_ID
S2I_ASN1_SKEY_ID
R2I_CERTPOL
unsupported cipher type
unknown operation
unable to find certificate
signing not supported for this key type
operation not supported on this type
no recipient matches key
no recipient matches certificate
encryption not supported for this key type
decrypted key is wrong length
PKCS7_add_certificate
unsupported method
no port specified
no port defined
no accept port specified
broken pipe
BIO_get_port
ECDH_compute_key
data too large for key size
unsupported field
peer key error
passed null parameter
not a supported NIST prime
missing private key
keys not set
invalid private key
gf2m not supported
PKEY_EC_SIGN
PKEY_EC_PARAMGEN
PKEY_EC_KEYGEN
PKEY_EC_DERIVE
PKEY_EC_CTRL_STR
PKEY_EC_CTRL
o2i_ECPublicKey
i2o_ECPublicKey
i2d_ECPrivateKey
EC_KEY_set_public_key_affine_coordinates
EC_KEY_print_fp
EC_KEY_print
EC_KEY_new
EC_KEY_generate_key
EC_KEY_copy
EC_KEY_check_key
ECKEY_TYPE2PARAM
ECKEY_PUB_ENCODE
ECKEY_PUB_DECODE
ECKEY_PRIV_ENCODE
ECKEY_PRIV_DECODE
ECKEY_PARAM_DECODE
ECKEY_PARAM2TYPE
DO_EC_KEY_PRINT
d2i_ECPrivateKey
zlib not supported
fips mode not supported
wrong public key type
unsupported public key type
unsupported encryption algorithm
unsupported cipher
unsupported any defined by type
unknown public key type
unable to decode rsa private key
unable to decode rsa key
streaming not supported
private key header missing
digest and key type not supported
bad password read
X509_PKEY_new
i2d_RSA_PUBKEY
i2d_PublicKey
i2d_PrivateKey
i2d_EC_PUBKEY
i2d_DSA_PUBKEY
d2i_X509_PKEY
d2i_PublicKey
d2i_PrivateKey
d2i_AutoPrivateKey
unsupported algorithm
unknown key type
unable to get certs public key
public key encode error
public key decode error
no cert set for us to verify
method not supported
loading cert dir
key values mismatch
key type mismatch
cert already in hash table
cant check dh key
X509_verify_cert
X509_STORE_add_cert
X509_REQ_check_private_key
X509_PUBKEY_set
X509_PUBKEY_get
X509_load_cert_file
X509_load_cert_crl_file
X509_get_pubkey_parameters
X509_check_private_key
GET_CERT_BY_SUBJECT
ADD_CERT_DIR
PKEY_DSA_KEYGEN
PKEY_DSA_CTRL
DSA_generate_key
unsupported key components
unsupported encryption
read key
public key no rsa
problems getting password
keyblob too short
keyblob header parse error
expecting public key blob
expecting private key blob
error converting private key
PEM_WRITE_PRIVATEKEY
PEM_READ_PRIVATEKEY
PEM_READ_BIO_PRIVATEKEY
PEM_PK8PKEY
PEM_F_PEM_WRITE_PKCS8PRIVATEKEY
DO_PK8PKEY_FP
DO_PK8PKEY
d2i_PKCS8PrivateKey_fp
d2i_PKCS8PrivateKey_bio
unsupported salt type
unsupported private key algorithm
unsupported prf
unsupported key size
unsupported key derivation function
unsupported keylength
unsuported number of rounds
public key not rsa
private key encode error
private key decode error
operaton not initialized
operation not supported for this keytype
no operation set
no key set
keygen failure
invalid operation
expecting a ec key
expecting a ecdsa key
expecting a dsa key
expecting a dh key
expecting an rsa key
different key types
ctrl operation not implemented
command not supported
camellia key setup failed
bn pubkey error
bad key length
aes key setup failed
PKEY_SET_TYPE
PKCS5_V2_PBKDF2_KEYIVGEN
PKCS5_v2_PBE_keyivgen
PKCS5_PBE_keyivgen
FIPS_CIPHER_CTX_SET_KEY_LENGTH
EVP_PKEY_verify_recover_init
EVP_PKEY_verify_recover
EVP_PKEY_verify_init
EVP_PKEY_verify
EVP_PKEY_sign_init
EVP_PKEY_sign
EVP_PKEY_paramgen_init
EVP_PKEY_paramgen
EVP_PKEY_new
EVP_PKEY_keygen_init
EVP_PKEY_keygen
EVP_PKEY_get1_RSA
EVP_PKEY_get1_EC_KEY
EVP_PKEY_GET1_ECDSA
EVP_PKEY_get1_DSA
EVP_PKEY_get1_DH
EVP_PKEY_encrypt_old
EVP_PKEY_encrypt_init
EVP_PKEY_encrypt
EVP_PKEY_derive_set_peer
EVP_PKEY_derive_init
EVP_PKEY_derive
EVP_PKEY_decrypt_old
EVP_PKEY_decrypt_init
EVP_PKEY_decrypt
EVP_PKEY_CTX_dup
EVP_PKEY_CTX_ctrl_str
EVP_PKEY_CTX_ctrl
EVP_PKEY_copy_parameters
EVP_PKEY2PKCS8_broken
EVP_PKCS82PKEY_BROKEN
EVP_PKCS82PKEY
EVP_CIPHER_CTX_set_key_length
ECKEY_PKEY2PKCS8
ECDSA_PKEY2PKCS8
DSA_PKEY2PKCS8
DSAPKEY2PKCS8
D2I_PKEY
CMLL_T4_INIT_KEY
CAMELLIA_INIT_KEY
AES_T4_INIT_KEY
AES_INIT_KEY
AESNI_INIT_KEY
key size too small
invalid public key
PKEY_DH_KEYGEN
PKEY_DH_DERIVE
GENERATE_KEY
DH_generate_key
DH_compute_key
DH_CMS_SET_PEERKEY
COMPUTE_KEY
unsupported signature type
unsupported mask parameter
unsupported mask algorithm
unsupported label source
unsupported encryption type
rsa operations not supported
operation not allowed in fips mode
invalid keybits
illegal or unsupported padding mode
digest too big for rsa key
data too small for key size
RSA_generate_key_ex
RSA_generate_key
RSA_check_key
RSA_BUILTIN_KEYGEN
PKEY_RSA_VERIFYRECOVER
PKEY_RSA_VERIFY
PKEY_RSA_SIGN
PKEY_RSA_CTRL_STR
PKEY_RSA_CTRL
value.single
value.set
Stack part of OpenSSL 1.0.2c 12 Jun 2015
.\crypto\evp\evp_key.c
nkey <= EVP_MAX_KEY_LENGTH
EVP part of OpenSSL 1.0.2c 12 Jun 2015
?456789:;<=
!"#$%&'()* ,-./0123
CT Certificate SCTs
ct_cert_scts
CT Precertificate Signer
ct_precert_signer
CT Precertificate Poison
ct_precert_poison
CT Precertificate SCTs
ct_precert_scts
dhSinglePass-cofactorDH-sha512kdf-scheme
dhSinglePass-cofactorDH-sha384kdf-scheme
dhSinglePass-cofactorDH-sha256kdf-scheme
dhSinglePass-cofactorDH-sha224kdf-scheme
dhSinglePass-cofactorDH-sha1kdf-scheme
dhSinglePass-stdDH-sha512kdf-scheme
dhSinglePass-stdDH-sha384kdf-scheme
dhSinglePass-stdDH-sha256kdf-scheme
dhSinglePass-stdDH-sha224kdf-scheme
dhSinglePass-stdDH-sha1kdf-scheme
Any Extended Key Usage
anyExtendedKeyUsage
supportedAlgorithms
crossCertificatePair
certificateRevocationList
cACertificate
userCertificate
userPassword
supportedApplicationContext
Microsoft Local Key set
LocalKeySet
id-Gost28147-89-None-KeyMeshing
id-Gost28147-89-CryptoPro-KeyMeshing
password based MAC
id-PasswordBasedMAC
X509v3 Certificate Issuer
certificateIssuer
certicom-arc
Proxy Certificate Information
proxyCertInfo
Microsoft Smartcardlogin
msSmartcardLogin
joint-iso-itu-t
JOINT-ISO-ITU-T
set-rootKeyThumb
setAttr-Cert
setCext-cCertRequired
setCext-certType
setct-CertResTBE
setct-CertReqTBEX
setct-CertReqTBE
setct-AcqCardCodeMsgTBE
setct-CertInqReqTBS
setct-CertResData
setct-CertReqTBS
setct-CertReqData
setct-PCertResTBS
setct-PCertReqData
setct-AcqCardCodeMsg
certificate extensions
set-certExt
set-msgExt
id-ecPublicKey
id-cmc-confirmCertAcceptance
id-cmc-getCert
id-regInfo-certReq
id-regCtrl-protocolEncrKey
id-regCtrl-oldCertID
id-it-revPassphrase
id-it-keyPairParamRep
id-it-keyPairParamReq
id-it-unsupportedOIDs
id-it-caKeyUpdateInfo
id-it-encKeyPairTypes
id-it-signKeyPairTypes
id-it-caProtEncCert
id-mod-attribute-cert
id-mod-qualified-cert-93
id-mod-qualified-cert-88
id-smime-aa-ets-certCRLTimestamp
id-smime-aa-ets-certValues
id-smime-aa-ets-CertificateRefs
id-smime-aa-ets-otherSigCert
id-smime-aa-smimeEncryptCerts
id-smime-aa-signingCertificate
id-smime-aa-encrypKeyPref
id-smime-aa-msgSigDigest
id-smime-ct-publishCert
id-smime-mod-msg-v3
sdsiCertificate
x509Certificate
localKeyID
certBag
pkcs8ShroudedKeyBag
keyBag
pbeWithSHA1And2-KeyTripleDES-CBC
pbeWithSHA1And3-KeyTripleDES-CBC
TLS Web Client Authentication
TLS Web Server Authentication
X509v3 Extended Key Usage
extendedKeyUsage
X509v3 Authority Key Identifier
authorityKeyIdentifier
X509v3 Certificate Policies
certificatePolicies
X509v3 Private Key Usage Period
privateKeyUsagePeriod
X509v3 Key Usage
keyUsage
X509v3 Subject Key Identifier
subjectKeyIdentifier
Netscape Certificate Sequence
nsCertSequence
Netscape CA Policy Url
nsCaPolicyUrl
Netscape Renewal Url
nsRenewalUrl
Netscape CA Revocation Url
nsCaRevocationUrl
Netscape Revocation Url
nsRevocationUrl
Netscape Base Url
nsBaseUrl
Netscape Cert Type
nsCertType
Netscape Certificate Extension
nsCertExt
extendedCertificateAttributes
challengePassword
dhKeyAgreement
name.relativename
name.fullname
certificateHold
Certificate Hold
cessationOfOperation
Cessation Of Operation
keyCompromise
Key Compromise
%*s%s:
%*sOnly Attribute Certificates
%*sOnly CA Certificates
%*sOnly User Certificates
ASN.1 part of OpenSSL 1.0.2c 12 Jun 2015
d.registeredID
d.iPAddress
d.uniformResourceIdentifier
d.ediPartyName
d.directoryName
d.dNSName
d.rfc822Name
d.otherName
AUTHORITY_KEYID
keyid
cert_info
Diffie-Hellman part of OpenSSL 1.0.2c 12 Jun 2015
PKCS8_PRIV_KEY_INFO
pkey
pkeyalg
EC part of OpenSSL 1.0.2c 12 Jun 2015
RAND part of OpenSSL 1.0.2c 12 Jun 2015
You need to read the OpenSSL FAQ, hXXp://VVV.openssl.org/support/faq.html
\X
MD5 part of OpenSSL 1.0.2c 12 Jun 2015
recommended-private-length: %d bits
x%s
public-key:
private-key:
%s: (%d bit)
DH Public-Key
DH Private-Key
Public-Key
Private-Key
Public-Key: (%d bit)
Private-Key: (%d bit)
ddddddZ
ddddddZ
%d.%d.%d.%d
<unsupported>
IP Address:%d.%d.%d.%d
URI:%s
DNS:%s
email:%s
EdiPartyName:<unsupported>
X400Name:<unsupported>
othername:<unsupported>
Content-Length: %d
%s %s HTTP/1.0
SHA1 part of OpenSSL 1.0.2c 12 Jun 2015
SHA-256 part of OpenSSL 1.0.2c 12 Jun 2015
SHA-512 part of OpenSSL 1.0.2c 12 Jun 2015
%d.%d.%d.%d/%d.%d.%d.%d
X509_CERT_PAIR
X509_CERT_AUX
X.509 part of OpenSSL 1.0.2c 12 Jun 2015
X:
%s - d:d:d%.*s %d%s
.\crypto\dh\dh_key.c
USER32.DLL
NETAPI32.DLL
KERNEL32.DLL
ADVAPI32.DLL
'() ,-./:=?
%lu:%s:%s:%d:%s
Verifying - %s
%s %s%lu (%s0x%lx)
ECDSA part of OpenSSL 1.0.2c 12 Jun 2015
Basis Type: %s
Field Type: %s
NIST CURVE: %s
ASN1 OID: %s
keyInfo
d.receiptList
d.allOrFirstTier
d.compressedData
d.authenticatedData
d.encryptedData
d.digestedData
d.envelopedData
d.signedData
d.ori
d.pwri
d.kekri
d.kari
d.ktri
CMS_PasswordRecipientInfo
keyDerivationAlgorithm
keyIdentifier
CMS_KeyAgreeRecipientInfo
recipientEncryptedKeys
CMS_OriginatorIdentifierOrKey
d.originatorKey
CMS_OriginatorPublicKey
CMS_RecipientEncryptedKey
CMS_KeyAgreeRecipientIdentifier
d.rKeyId
CMS_RecipientKeyIdentifier
CMS_OtherKeyAttribute
keyAttr
keyAttrId
CMS_KeyTransRecipientInfo
encryptedKey
keyEncryptionAlgorithm
certificates
d.crl
d.subjectKeyIdentifier
d.issuerAndSerialNumber
CMS_CertificateChoices
d.v2AttrCert
d.v1AttrCert
d.extendedCertificate
d.certificate
CMS_OtherCertificateFormat
otherCert
otherCertFormat
keylen <= sizeof key
EVP_CIPHER_key_length(cipher) <= (int)sizeof(md_tmp)
XX
%.14s.dZ
%*sSigned Certificate Timestamp:
%*sPolicy Text: %s
%*scrlUrl:
EXTENDED_KEY_USAGE
%*sZone: %s, User:
.\crypto\x509v3\v3_akey.c
d.usernotice
d.cpsuri
CERTIFICATEPOLICIES
%*sExplicit Text: %s
%*sNumber%s:
%*sOrganization: %s
%*sCPS: %s
PKEY_USAGE_PERIOD
keyCertSign
Certificate Sign
keyAgreement
Key Agreement
keyEncipherment
Key Encipherment
.\crypto\x509v3\v3_skey.c
CONF part of OpenSSL 1.0.2c 12 Jun 2015
PROXY_CERT_INFO_EXTENSION
crlUrl
certStatus
certId
OCSP_CERTSTATUS
value.unknown
value.revoked
value.good
value.byKey
value.byName
reqCert
OCSP_CERTID
issuerKeyHash
hexkey
rsa_keygen_pubexp
rsa_keygen_bits
%s:%s
keylength
keyfunc
AES part of OpenSSL 1.0.2c 12 Jun 2015
j <= (int)sizeof(ctx->key)
.\crypto\pkcs12\p12_key.c
CONF_def part of OpenSSL 1.0.2c 12 Jun 2015
[[%s]]
[%s] %s=%s
%'%1$=%C%K%O%s%
.%.-.3.7.9.?.W.[.o.y.
C%C'C3C7C9COCWCiC
ECDH part of OpenSSL 1.0.2c 12 Jun 2015
value.bag
value.safes
value.shkeybag
value.keybag
value.sdsicert
value.x509cert
value.other
%s.dll
mscoree.dll
Visual C   CRT: Not enough memory to complete call to strerror.
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- floating point support not loaded
.mixcrt
kernel32.dll
Broken pipe
Inappropriate I/O control operation
Operation not permitted
portuguese-brazilian
GetProcessWindowStation
operator
Could not resolve %s: %s
getaddrinfo() failed for %s:%d; %s
init_resolve_thread() failed for %s; %s
%s:%d
Hostname %s was found in DNS cache
Added %s:%d:%s to DNS cache
Address in '%s' found illegal!
Couldn't parse CURLOPT_RESOLVE entry '%s'!
%5[^:]:%d:%5s
Couldn't parse CURLOPT_RESOLVE removal entry '%s'!
%5[^:]:%d
Connected to %s (%s) port %ld (#%ld)
IDN support not present, can't parse Unicode domains
Protocol "%s" not supported or disabled in libcurl
http_proxy
Port number out of range
%s://%s%s%s:%hu%s%s%s
;type=%c
[%*45[0123456789abcdefABCDEF:.]%c
Couldn't find host %s in the _netrc file; using defaults
[email protected]
Couldn't resolve host '%s'
Couldn't resolve proxy '%s'
User-Agent: %s
CURLOPT_SSL_VERIFYHOST no longer supports 1 as value!
Server doesn't support pipelining
Found bundle for host %s: %p
Please URL encode %% as %%, see RFC 6874.
Connection #%ld to host %s left intact
Rebuilt URL to: %s
smtp
SMTP.
<url> malformed
:]://%[^
[^:]:%[^
Illegal characters found in URL
Re-using existing connection! (#%ld) with %s %s
Found connection %ld, with requests in the pipe (%zu)
%s://%s
Internal error removing splay node = %d
Internal error clearing splay node = %d
Curl_poll(%d ds, %d ms)
In state %d with no easy_conn, bail out!
Operation timed out after %ld milliseconds with %I64d bytes received
Operation timed out after %ld milliseconds with %I64d out of %I64d bytes received
Pipe broke: handle %p, url = %s
[%s %s %s]
Send failure: %s
Recv failure: %s
Write callback asked for PAUSE when not supported!
%s cookie %s="%s" for domain %s, path %s, expire %I64d
#HttpOnly_
skipped cookie with bad tailmatch domain: %s
httponly
23[^;
=] =I99[^;
%s%s%s
# Fatal libcurl error
# Netscape HTTP Cookie File
# hXXp://curl.haxx.se/docs/http-cookies.html
# This file was generated by libcurl! Edit at your own risk.
ignoring failed cookie_init for %s
WARNING: failed to save cookies in %s
Failed to set SIO_KEEPALIVE_VALS on fd %d: %d
Failed to set SO_KEEPALIVE on fd %d
bind failed with errno %d: %s
Local port: %hu
getsockname() failed with errno %d: %s
Bind to local port %hu failed, trying next
Couldn't bind to '%s'
Name '%s' family %i resolved to '%s' family %i
Couldn't bind to interface '%s'
Local Interface %s is ip %s using address family %i
ssloc inet_ntop() failed with errno %d: %s
ssrem inet_ntop() failed with errno %d: %s
getpeername() failed with errno %d: %s
TCP_NODELAY set
Could not set TCP_NODELAY: %s
Immediate connect fail for %s: %s
Trying %s...
sa_addr inet_ntop() failed with errno %d: %s
Failed to connect to %s port %ld: %s
connect to %s port %ld failed: %s
Winsock version not supported
Protocol family not supported
Address family not supported
Operation not supported
Socket is unsupported
Protocol is unsupported
Protocol option is unsupported
Unknown error %d (%#x)
%sAuthorization: Basic %s
%s auth using %s with user '%s'
HTTP/
Avoided giant realloc for header (max is %d)!
The requested URL returned error: %d
The requested URL returned error: %s
If-Unmodified-Since: %s
Last-Modified: %s
If-Modified-Since: %s
%s, d %s M d:d:d GMT
Failed sending HTTP POST request
Content-Type: application/x-www-form-urlencoded
Internal HTTP POST error!
Failed sending HTTP request
%s%s=%s
%s HTTP/%s
%s%s%s%s%s%s%s%s%s%s%s
PTF://%s:%s@%s
Content-Range: bytes %s/%I64d
Content-Range: bytes %s%I64d/%I64d
Range: bytes=%s
Host: %s%s%s:%hu
Host: %s%s%s
PTF://
Chunky upload is not supported by HTTP 1.0
Accept-Encoding: %s
Referer: %s
HTTP error before end of send, stop sending
HTTP/1.0 connection set to keep alive!
HTTP/1.1 proxy connection set close!
HTTP/1.0 proxy connection set to keep alive!
HTTP 1.0, assume close after body
RTSP/%d.%d =
HTTP =
Lying server, not serving HTTP/2
HTTP/%d.%d %d
SOCKS4%s request granted.
Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), request rejected or failed.
Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), request rejected because SOCKS server cannot connect to identd on the client.
Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), request rejected because the client program and identd report different user-ids.
Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), Unknown.
Failed to resolve "%s" for SOCKS4 connect.
SOCKS4 connect to %s (locally resolved)
SOCKS4 communication to %s:%d
No authentication method was acceptable. (It is quite likely that the SOCKS5 server wanted a username/password, since none was supplied to the server on this connection.)
SOCKS5 GSSAPI per-message authentication is not supported.
Can't complete SOCKS5 connection to xx:xx:xx:xx:xx:xx:xx:xx:%d. (%d)
Can't complete SOCKS5 connection to %s:%d. (%d)
Can't complete SOCKS5 connection to %d.%d.%d.%d:%d. (%d)
Failed to resolve "%s" for SOCKS5 connect.
User was rejected by the SOCKS5 server (%d %d).
Received HTTP code %d from proxy after CONNECT
TUNNEL_STATE switched to: %d
HTTP/1.%d %d
CONNECT %s HTTP/%s
%s%s%s%s
Host: %s
%s%s%s:%hu
%s:%hu
Establish HTTP proxy tunnel to %s:%hu
password
login
--:--:--
%3I64d %s %3I64d %s %3I64d %s %s %s %s %s %s %s
@Operation too slow. Less than %ld bytes/sec transferred the last %ld seconds
Read callback asked for PAUSE when not supported!
operation aborted by callback
ioctl callback returned error %d
the ioctl callback returned %d
seek callback returned error %d
%s in chunked-encoding
Simulate a HTTP 304 response!
HTTP server doesn't seem to support byte ranges. Cannot resume.
Excess found in a non pipelined read: excess = %zd url = %s (zero-length body)
Rewinding stream by : %zd bytes on url %s (zero-length body)
Excess found in a non pipelined read: excess = %zu, size = %I64d, maxdownload = %I64d, bytecount = %I64d
Rewinding stream by : %zu bytes on url %s (size = %I64d, maxdownload = %I64d, bytecount = %I64d, nread = %zd)
No URL set!
[^?&/:]://%c
Disables POST, goes with %s
Issue another request to this URL: '%s'
Conn: %ld (%p) Receive pipe weight: (%I64d/%zu), penalized: %s
Site %s:%d is pipeline blacklisted
Server %s is blacklisted
d:d
d:d:d
%c%c==
%c%c%c=
%c%c%c%c
.html
.jpeg
; filename="%s"
------------------------xx
--%s--
couldn't open file "%s"
Content-Type: %s
Content-Type: multipart/mixed; boundary=%s
%s; boundary=%s
WS2_32.dll
inflate 1.1.3 Copyright 1995-1998 Mark Adler
------BEGIN PUBLIC KEY-----
wXgNPal/ctcPxx2L3by8pqL9tpgSgEYEeIp DMIOFvh0gY6/gt7hqXrairRK8XHr
-----END PUBLIC KEY-----
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
<4,$?7/'
(3-!0,1'8"5.*2$
&#xX;
</%s>
%s="%s"
%s='%s'
<!--%s-->
<![CDATA[%s]]>
version="%s"
encoding="%s"
standalone="%s"
User-Agent: Mozilla/4.0
Load Public Key Error!
load public key failed[
XX
\\.\PhysicalDrive%d
%d ReadPhysicalDriveInNTWithAdminRights ERROR
DeviceIoControl(%d, DFP_GET_VERSION) returned 0, error is %d
\\.\Scsi%d:
mainkey
subkey
keyname
keytype
hXXp://config.i.duba.net/lminstall/%d.json?time=%d
DownloadControl curlExecuter Invalid
DownloadControl -- ExE CurlCode = %d, Count = %d, CurrentSize = %d, ResCode = %d
DownloadControl -- End HRESULT = %d, Count = %d
ExecuteDownload ResponseCode = %d
Ping.exe
VVV.baidu.com
VVV.qq.com
An error occured in WSAStartup operation:
An error occured in WSACleanup operation: WSAGetLastError () =
An error occured in gethostbyname operation: WSAGetLastError () =
%d-%d-%d d:d:d d
e:\KINGSOFT_DUBA\Build\Build_Src\kisengine\kisengine\product\win32\dbginfo\kinst_exe.pdb
GetWindowsDirectoryW
KERNEL32.dll
USER32.dll
RegOpenKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyW
ReportEventA
ADVAPI32.dll
SHELL32.dll
ole32.dll
OLEAUT32.dll
SHLWAPI.dll
VERSION.dll
WTSAPI32.dll
iphlpapi.dll
RPCRT4.dll
PSAPI.DLL
GetProcessHeap
GetCPInfo
GetConsoleOutputCP
zcÁ
.?AVKProcessInfoReport@KInstallTool@@
.?AVKInstallToolReport@KInstallTool@@
.?AVIInstallToolReport@@
;3 #>6.&
'2, / 0&7!4-)1#
.?AVKCurlDownloader@@
.?AUIKVipWebFile@@
.?AVKDumpInfoReport@KInstallTool@@
10000000000000000010
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity></dependentAssembly></dependency><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS>
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS>
<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS>
<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"></supportedOS>
HKEY_CURRENT_CONFIG
HKEY_DYN_DATA
HKEY_PERFORMANCE_DATA
HKEY_USERS
HKEY_LOCAL_MACHINE
HKEY_CURRENT_USER
HKEY_CLASSES_ROOT
kinstalltool_{0A3C83FD-7B1D-4c3f-8932-190BA6D25F90}
hXXp://infoc0.duba.net/c/
\ux
@Software\Kingsoft\KVip\%d
Proxy Port
Proxy Password
Software\Microsoft\Windows\CurrentVersion\Internet Settings
http=
*%s:%s
SYSTEM\CurrentControlSet\services\%s
ntdll.dll
ntoskrnl.exe
okernel32.dll
Aexplorer.exe
wtsapi32.dll
2345Explorer.exe
360Safe.exe
deepscan\zhudongfangyu.exe
EfiMon.sys
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\360
%Program Files%\360\360Safe\
%Program Files% (x86)\360\360Safe\
kxetray.exe
kislive.exe
kismain.exe
QQPCMgr.exe
TSSysKit.sys
QQPCRTP.exe
rstray.exe
rsmain.exe
ravmond.exe
\StringFileInfo\XX\
#{ad498944-762f-11d0-8dcb-00c04fc3358c}
namedpipe
\\.\pipe\
\\.\Global\
A"%s" %s
XXxXXXXXXXX
userenv.dll
%SYSTEM%
%WINDOWS%
%CUR_MODULE%
%CUR_EXE_MODULE%
%CUR_DIR%
Kernel32.dll
CLSID\{79B5BC47-CEA1-4772-B433-7D1B3139F278}\Implemented Categories\{607568DD-B059-434b-B7E7-38EC51998F8E}
Adrivergenius.exe
driverupdate.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverGenius
baidusdSvc.exe
baidusd.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
BaiduAn.exe
BaiduAnTray.exe
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsn2.tmp\kinst_168_57.exe
2015,08,07,13928
KInstallTool.exe
9,3,244550,13928

QQBrowser.exe_228:

.text
`.rdata
@.data
@.rsrc
@.reloc
PSShlJ
e:\SlaveDepot\beyond_slave\branch8_union_rc_rep\beyond\bin\pdb\Release\QQBrowser.pdb
GetProcessHeap
KERNEL32.dll
RegOpenKeyExW
RegCloseKey
ADVAPI32.dll
SHELL32.dll
SHLWAPI.dll
.DRNO
%uGK*
<assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity>
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
<asmv3:windowsSettings xmlns="hXXp://schemas.microsoft.com/SMI/2005/WindowsSettings">
</asmv3:windowsSettings>
<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS>
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS>
<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS>
<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"></supportedOS>
<supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"></supportedOS>
msls31.dll
sqmapi.dll
ieproxy.dll
dxgi.dll
urlmon.dll
d3d11.dll
WindowsCodecs.dll
jscript.dll
DWrite.dll
d3d10warp.dll
d2d1.dll
jscript9.dll
wininet.dll
iertutil.dll
MSHTML.DLL
reportdata
datareportfile
QQBrowserFrame.dll
QBUtils.dll
riched20.dll
TridentCore.dll
MouseGesture.dll
Assistant.dll
QBExtensionFramework.dll
NetWork.dll
user32.dll
shell32.dll
DTencent.QQBrowser.Default
advapi32.dll
ieframe.dll
mshtml.tlb
mshtml.dll
Session-4BA0B957-882B-4625-A213-0349B865E6AA
Software\Tencent\QQBrowser\Extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}
Tencent\QQBrowser\Extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}
QBSafe.dll
kernel32.dll
2015-07-08 06:03:11
8.2.3638.400
QQBrowser.exe
8, 2, 3638, 400

QQBrowser.exe_324:

.text
`.rdata
@.data
@.rsrc
@.reloc
PSShlJ
e:\SlaveDepot\beyond_slave\branch8_union_rc_rep\beyond\bin\pdb\Release\QQBrowser.pdb
GetProcessHeap
KERNEL32.dll
RegOpenKeyExW
RegCloseKey
ADVAPI32.dll
SHELL32.dll
SHLWAPI.dll
.DRNO
%uGK*
<assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity>
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
<asmv3:windowsSettings xmlns="hXXp://schemas.microsoft.com/SMI/2005/WindowsSettings">
</asmv3:windowsSettings>
<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS>
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS>
<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS>
<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"></supportedOS>
<supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"></supportedOS>
msls31.dll
sqmapi.dll
ieproxy.dll
dxgi.dll
urlmon.dll
d3d11.dll
WindowsCodecs.dll
jscript.dll
DWrite.dll
d3d10warp.dll
d2d1.dll
jscript9.dll
wininet.dll
iertutil.dll
MSHTML.DLL
reportdata
datareportfile
QQBrowserFrame.dll
QBUtils.dll
riched20.dll
TridentCore.dll
MouseGesture.dll
Assistant.dll
QBExtensionFramework.dll
NetWork.dll
user32.dll
shell32.dll
DTencent.QQBrowser.Default
advapi32.dll
ieframe.dll
mshtml.tlb
mshtml.dll
Session-4BA0B957-882B-4625-A213-0349B865E6AA
Software\Tencent\QQBrowser\Extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}
Tencent\QQBrowser\Extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}
QBSafe.dll
kernel32.dll
2015-07-08 06:03:11
8.2.3638.400
QQBrowser.exe
8, 2, 3638, 400

Baidu.exe_3500:

.text
`.rdata
@.data
.rsrc
@.reloc
VhX%C
Phh%C
~Wht%C
SSSSh
VSSSSh
WSSSSh
Base.dll
Utils.dll
Report.dll
WS2_32.dll
Local\{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flag
unsupported version
asio.misc
asio.misc error
thread.entry_event
thread.exit_event
D:\jenkins\workspace\minibaidu_tag_20160121_2.3.0_Normal\Basic\Include\CommonInclude\Base/Process/IPCMessager.h
CChildProcess::HandleMsg() invalid message id.
Base::Process::CChildProcess::HandleMsg
D:\jenkins\workspace\minibaidu_tag_20160121_2.3.0_Normal\Basic\Include\CommonInclude\Base/Process/ChildProcess.h
BrowserProcess.cpp
NeedInstallNewVersion:%d
DecodeMsgContent() serialization error
DecodeMsgContent
D:\jenkins\workspace\minibaidu_tag_20160121_2.3.0_Normal\Basic\Include\CommonInclude\Base/Process/IPCMessageDef.h
D:\jenkins\workspace\minibaidu_tag_20160121_2.3.0_Normal\minibaidu_stable_proj\Include\boost/exception/detail/exception_ptr.hpp
EncodeMsgContent() serialization error
EncodeMsgContent
BrowserShellMain.cpp
CommonWorkerProcess.cpp
CCommonWorkerProcess::HandleMsg Fail to handle %d message.
CCommonWorkerProcess::HandleMsg
CCommonWorkerProcess::GetInstance Fail to get %d instance
Report %d data
CCommonWorkerProcess::HandleReportJob
CCommonWorkerProcess::HandleReportJob Fail to handle %d message
GetReportMgr
ReleaseReportMgr
CCommonWorkerProcess::HandleProtocolJob Fail to handle %d message
boost thread: trying joining itself
D:\jenkins\workspace\minibaidu_tag_20160121_2.3.0_Normal\Basic\Include\CommonInclude\Base/Process/AsyncTask.h
ExternalMgrProcess.cpp
PluginMgrProcess.cpp
D:\jenkins\workspace\minibaidu_tag_20160121_2.3.0_Normal\Basic\Output\BinRelease\Baidu.pdb
?QueryKeyValue@Register@Base@@YAHPAUHKEY__@@PB_W1PA_WPAK@Z
?Is64BitWindows@CWin64Helper@Win64Helper@Base@@QAEHXZ
?CreateRegKey@Register@Base@@YAHPB_WKPAPAUHKEY__@@PAK@Z
?OpenRegKey@Register@Base@@YAHPB_WKPAPAUHKEY__@@@Z
?SetStringValue@Register@Base@@YAHPAUHKEY__@@PB_W11@Z
MSVCP100.dll
MSVCR100.dll
_amsg_exit
_acmdln
_crt_debugger_hook
GetProcessHeap
CreateIoCompletionPort
KERNEL32.dll
USER32.dll
RegCreateKeyExW
RegOpenKeyExW
RegCloseKey
ADVAPI32.dll
ole32.dll
ShellExecuteW
SHELL32.dll
SHLWAPI.dll
WINMM.dll
.?AV?$singleton_wrapper@V?$extended_type_info_typeid@USRunDone@ControlMsg@@@serialization@boost@@@detail@serialization@boost@@
.?AV?$singleton@V?$extended_type_info_typeid@USRunDone@ControlMsg@@@serialization@boost@@@serialization@boost@@
.?AV?$extended_type_info_typeid@USRunDone@ControlMsg@@@serialization@boost@@
.?AV?$singleton_wrapper@V?$oserializer@Vbinary_oarchive@archive@boost@@USRunDone@ControlMsg@@@detail@archive@boost@@@detail@serialization@boost@@
.?AV?$singleton_wrapper@V?$oserializer@Vbinary_oarchive@archive@boost@@USLaunchDone@ControlMsg@@@detail@archive@boost@@@detail@serialization@boost@@
.?AV?$oserializer@Vbinary_oarchive@archive@boost@@USRunDone@ControlMsg@@@detail@archive@boost@@
.?AV?$oserializer@Vbinary_oarchive@archive@boost@@USLaunchDone@ControlMsg@@@detail@archive@boost@@
.?AV?$singleton_wrapper@V?$extended_type_info_typeid@USLaunchDone@ControlMsg@@@serialization@boost@@@detail@serialization@boost@@
.?AV?$singleton@V?$extended_type_info_typeid@USLaunchDone@ControlMsg@@@serialization@boost@@@serialization@boost@@
.?AV?$extended_type_info_typeid@USLaunchDone@ControlMsg@@@serialization@boost@@
.?AV?$singleton_wrapper@V?$iserializer@Vbinary_iarchive@archive@boost@@USLaunchDone@ControlMsg@@@detail@archive@boost@@@detail@serialization@boost@@
.?AV?$iserializer@Vbinary_iarchive@archive@boost@@USLaunchDone@ControlMsg@@@detail@archive@boost@@
.?AV?$bind_t@_NV?$mf1@_NVCChildProcess@Process@Base@@ABUSIPCMsg@IPCMessager@3@@_mfi@boost@@V?$list2@V?$value@V?$shared_ptr@VCChildProcess@Process@Base@@@boost@@@_bi@boost@@U?$arg@$00@3@@_bi@3@@_bi@boost@@
.?AUSLaunchDone@ControlMsg@@
.?AUSRunDone@ControlMsg@@
.?AV?$singleton_wrapper@V?$extended_type_info_typeid@USHostLoginNotification@CommonServiceMsg@@@serialization@boost@@@detail@serialization@boost@@
.?AV?$singleton_wrapper@V?$extended_type_info_typeid@USHostDoReport@CommonServiceMsg@@@serialization@boost@@@detail@serialization@boost@@
.?AV?$singleton@V?$extended_type_info_typeid@USHostLoginNotification@CommonServiceMsg@@@serialization@boost@@@serialization@boost@@
.?AV?$extended_type_info_typeid@USHostLoginNotification@CommonServiceMsg@@@serialization@boost@@
.?AV?$singleton@V?$extended_type_info_typeid@USHostDoReport@CommonServiceMsg@@@serialization@boost@@@serialization@boost@@
.?AV?$extended_type_info_typeid@USHostDoReport@CommonServiceMsg@@@serialization@boost@@
.?AV?$singleton_wrapper@V?$iserializer@Vbinary_iarchive@archive@boost@@USHostLoginNotification@CommonServiceMsg@@@detail@archive@boost@@@detail@serialization@boost@@
.?AV?$singleton_wrapper@V?$iserializer@Vbinary_iarchive@archive@boost@@USHostDoReport@CommonServiceMsg@@@detail@archive@boost@@@detail@serialization@boost@@
.?AV?$iserializer@Vbinary_iarchive@archive@boost@@USHostLoginNotification@CommonServiceMsg@@@detail@archive@boost@@
.?AV?$iserializer@Vbinary_iarchive@archive@boost@@USHostDoReport@CommonServiceMsg@@@detail@archive@boost@@
.?AV?$bind_t@XV?$mf1@XVCCommonWorkerProcess@@ABUSIPCMsg@IPCMessager@Base@@@_mfi@boost@@V?$list2@V?$value@V?$shared_ptr@VCCommonWorkerProcess@@@boost@@@_bi@boost@@V?$value@USIPCMsg@IPCMessager@Base@@@23@@_bi@3@@_bi@boost@@
.?AUSHostDoReport@CommonServiceMsg@@
.?AUSHostLoginNotification@CommonServiceMsg@@
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
<assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity>
=$= =4=9=
1 1$1(1,1014181<1@1
9”9C9R9a9p9
11C1R1a1p1
7t7C7R7a7p7
4 4$40484
A8706990-9490-4106-8033-12E64714B86B
Protocol.dll
CHROMECORE_PROCESS
chrome-extension
login
url-safe
res://LocalPages.dll/
.html
.br.baidu.com
.bdl.brs
--default-chromecore-path=
--disable-chromecore
password
\WebkitEngine.dll
\TridentEngine.dll
C1BB4C06-D91C-47D8-B28E-E76B943205E9
Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
user32.dll
\LogicMisc.dll
\UIHandler.dll
\Heartbeat.dll
CBrowserProcess::Run ActiveExistAppWindow param=%s
Upd.dat
BaiduUpdate.exe
\BrowserFrame.dll
bdlog.dll
Skins\AppContainer.rdb
channel.dll
PluginMgr.dll
Skins\AssociateWnd.rdb
Skins\FrameMask.rdb
Skins\AroundWidget.rdb
Skins\BDSearchBar.rdb
chromeclient.dll
Skins\CommonRes.rdb
BDMSkin.dll
LogicMisc.dll
UIHandler.dll
BrowserFrame.dll
Baidu.exe
\CommonWorker.dll
Failed in init CommonWorker.dll instance.
pCCommonWorkerProcess::Run installationTask = %s
CCommonWorkerProcess::Run customid = %d shmoffset = %d
CCommonWorkerProcess::HandleInstallationTask() strTaskType=%s strTaskParam=%s
BaiduClientRender.exe
BaiduBugRpt.exe
uninst.exe
RecoverRegs::ReadConfig key=%s, bResult=%d
RecoverRegs::WriteRegInstallArg key=%s
RecoverRegs vcKey=%s, ReadConfigString=%d
WriteRegInstallArg vcKey=%s
GetRegInstallArg Start key=%s
GetRegInstallArg RegOpenKeyEx Success key=%s
GetRegInstallArg RegQueryValueEx Success key=%s
WriteRegInstallArg key=%s, value=%s
RegOpenKeyEx ret=%d
WriteRegInstallArg key=%s, result=%d
WriteRegInstallArg::RegOpenKeyEx key=%s,ret=%d
HandleSCNotifyTask ItemID = %d shmoffset = %d
HandleSCNotifyTask wszSrcFileName = %s
HandleSCNotifyTask monitorid = %d
HandleSCNotifyTask eventType = %d
ShellExecute result = %d
sBDClientProxy.dll
Software\Microsoft\Windows\CurrentVersion\Run
ClientRegAddValueToList result = %d
nClientRegSetValueEx result = %d
CCommonWorkerProcess::RecoveProgramLink:: Directory is exist, create baidu.link shortcut link
CCommonWorkerProcess::RecoveProgramLink:: Directory is exist, create uinist.link shortcut link
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
Baidu.exe,0
CCommonWorkerProcess::RecoveUnistReg Read DisplayIcon reg failed create it displayIconValue=%s
CCommonWorkerProcess::RecoveUnistReg Read DisplayIcon reg success DisplayIcon=%s
CCommonWorkerProcess::RecoveUnistReg Read DisplayVersion reg failed create it InstallVer=%s
CCommonWorkerProcess::RecoveUnistReg Read DisplayVersion reg success version=%s
CCommonWorkerProcess::RecoveUnistReg Read UninstallString reg failed create it uinst path =%s
CCommonWorkerProcess::RecoveUnistReg Read UninstallString reg success uinst path =%s
GetDefenseSwitch value = %s
GetDefenseSwitch Read Reg failed! err = %d
GetDefenseSwitch result=%d
@\ExternalMgr.dll
Failed in init ExternalMgr.dll instance.
\PluginMgr.dll
\BrowserCore.dll
D.html
2.3.0.1732

QQBrowser.exe_316:

.text
`.rdata
@.data
@.rsrc
@.reloc
PSShlJ
e:\SlaveDepot\beyond_slave\branch8_union_rc_rep\beyond\bin\pdb\Release\QQBrowser.pdb
GetProcessHeap
KERNEL32.dll
RegOpenKeyExW
RegCloseKey
ADVAPI32.dll
SHELL32.dll
SHLWAPI.dll
.DRNO
%uGK*
<assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity>
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
<asmv3:windowsSettings xmlns="hXXp://schemas.microsoft.com/SMI/2005/WindowsSettings">
</asmv3:windowsSettings>
<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS>
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS>
<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS>
<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"></supportedOS>
<supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"></supportedOS>
msls31.dll
sqmapi.dll
ieproxy.dll
dxgi.dll
urlmon.dll
d3d11.dll
WindowsCodecs.dll
jscript.dll
DWrite.dll
d3d10warp.dll
d2d1.dll
jscript9.dll
wininet.dll
iertutil.dll
MSHTML.DLL
reportdata
datareportfile
QQBrowserFrame.dll
QBUtils.dll
riched20.dll
TridentCore.dll
MouseGesture.dll
Assistant.dll
QBExtensionFramework.dll
NetWork.dll
user32.dll
shell32.dll
DTencent.QQBrowser.Default
advapi32.dll
ieframe.dll
mshtml.tlb
mshtml.dll
Session-4BA0B957-882B-4625-A213-0349B865E6AA
Software\Tencent\QQBrowser\Extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}
Tencent\QQBrowser\Extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}
QBSafe.dll
kernel32.dll
2015-07-08 06:03:11
8.2.3638.400
QQBrowser.exe
8, 2, 3638, 400

QQBrowser.exe_656:

.text
`.rdata
@.data
@.rsrc
@.reloc
PSShlJ
e:\SlaveDepot\beyond_slave\branch8_union_rc_rep\beyond\bin\pdb\Release\QQBrowser.pdb
GetProcessHeap
KERNEL32.dll
RegOpenKeyExW
RegCloseKey
ADVAPI32.dll
SHELL32.dll
SHLWAPI.dll
.DRNO
%uGK*
<assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity>
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
<asmv3:windowsSettings xmlns="hXXp://schemas.microsoft.com/SMI/2005/WindowsSettings">
</asmv3:windowsSettings>
<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS>
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS>
<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS>
<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"></supportedOS>
<supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"></supportedOS>
msls31.dll
sqmapi.dll
ieproxy.dll
dxgi.dll
urlmon.dll
d3d11.dll
WindowsCodecs.dll
jscript.dll
DWrite.dll
d3d10warp.dll
d2d1.dll
jscript9.dll
wininet.dll
iertutil.dll
MSHTML.DLL
reportdata
datareportfile
QQBrowserFrame.dll
QBUtils.dll
riched20.dll
TridentCore.dll
MouseGesture.dll
Assistant.dll
QBExtensionFramework.dll
NetWork.dll
user32.dll
shell32.dll
DTencent.QQBrowser.Default
advapi32.dll
ieframe.dll
mshtml.tlb
mshtml.dll
Session-4BA0B957-882B-4625-A213-0349B865E6AA
Software\Tencent\QQBrowser\Extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}
Tencent\QQBrowser\Extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}
QBSafe.dll
kernel32.dll
2015-07-08 06:03:11
8.2.3638.400
QQBrowser.exe
8, 2, 3638, 400

QQBrowser.exe_512:

.text
`.rdata
@.data
@.rsrc
@.reloc
PSShlJ
e:\SlaveDepot\beyond_slave\branch8_union_rc_rep\beyond\bin\pdb\Release\QQBrowser.pdb
GetProcessHeap
KERNEL32.dll
RegOpenKeyExW
RegCloseKey
ADVAPI32.dll
SHELL32.dll
SHLWAPI.dll
.DRNO
%uGK*
<assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity>
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
<asmv3:windowsSettings xmlns="hXXp://schemas.microsoft.com/SMI/2005/WindowsSettings">
</asmv3:windowsSettings>
<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS>
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS>
<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS>
<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"></supportedOS>
<supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"></supportedOS>
msls31.dll
sqmapi.dll
ieproxy.dll
dxgi.dll
urlmon.dll
d3d11.dll
WindowsCodecs.dll
jscript.dll
DWrite.dll
d3d10warp.dll
d2d1.dll
jscript9.dll
wininet.dll
iertutil.dll
MSHTML.DLL
reportdata
datareportfile
QQBrowserFrame.dll
QBUtils.dll
riched20.dll
TridentCore.dll
MouseGesture.dll
Assistant.dll
QBExtensionFramework.dll
NetWork.dll
user32.dll
shell32.dll
DTencent.QQBrowser.Default
advapi32.dll
ieframe.dll
mshtml.tlb
mshtml.dll
Session-4BA0B957-882B-4625-A213-0349B865E6AA
Software\Tencent\QQBrowser\Extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}
Tencent\QQBrowser\Extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}
QBSafe.dll
kernel32.dll
2015-07-08 06:03:11
8.2.3638.400
QQBrowser.exe
8, 2, 3638, 400

QQBrowser.exe_1796:

.text
`.rdata
@.data
@.rsrc
@.reloc
PSShlJ
e:\SlaveDepot\beyond_slave\branch8_union_rc_rep\beyond\bin\pdb\Release\QQBrowser.pdb
GetProcessHeap
KERNEL32.dll
RegOpenKeyExW
RegCloseKey
ADVAPI32.dll
SHELL32.dll
SHLWAPI.dll
.DRNO
%uGK*
<assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity>
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
<asmv3:windowsSettings xmlns="hXXp://schemas.microsoft.com/SMI/2005/WindowsSettings">
</asmv3:windowsSettings>
<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS>
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS>
<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS>
<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"></supportedOS>
<supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"></supportedOS>
msls31.dll
sqmapi.dll
ieproxy.dll
dxgi.dll
urlmon.dll
d3d11.dll
WindowsCodecs.dll
jscript.dll
DWrite.dll
d3d10warp.dll
d2d1.dll
jscript9.dll
wininet.dll
iertutil.dll
MSHTML.DLL
reportdata
datareportfile
QQBrowserFrame.dll
QBUtils.dll
riched20.dll
TridentCore.dll
MouseGesture.dll
Assistant.dll
QBExtensionFramework.dll
NetWork.dll
user32.dll
shell32.dll
DTencent.QQBrowser.Default
advapi32.dll
ieframe.dll
mshtml.tlb
mshtml.dll
Session-4BA0B957-882B-4625-A213-0349B865E6AA
Software\Tencent\QQBrowser\Extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}
Tencent\QQBrowser\Extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}
QBSafe.dll
kernel32.dll
2015-07-08 06:03:11
8.2.3638.400
QQBrowser.exe
8, 2, 3638, 400

Baidu.exe_900:

.text
`.rdata
@.data
.rsrc
@.reloc
VhX%C
Phh%C
~Wht%C
SSSSh
VSSSSh
WSSSSh
Base.dll
Utils.dll
Report.dll
WS2_32.dll
Local\{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flag
unsupported version
asio.misc
asio.misc error
thread.entry_event
thread.exit_event
D:\jenkins\workspace\minibaidu_tag_20160121_2.3.0_Normal\Basic\Include\CommonInclude\Base/Process/IPCMessager.h
CChildProcess::HandleMsg() invalid message id.
Base::Process::CChildProcess::HandleMsg
D:\jenkins\workspace\minibaidu_tag_20160121_2.3.0_Normal\Basic\Include\CommonInclude\Base/Process/ChildProcess.h
BrowserProcess.cpp
NeedInstallNewVersion:%d
DecodeMsgContent() serialization error
DecodeMsgContent
D:\jenkins\workspace\minibaidu_tag_20160121_2.3.0_Normal\Basic\Include\CommonInclude\Base/Process/IPCMessageDef.h
D:\jenkins\workspace\minibaidu_tag_20160121_2.3.0_Normal\minibaidu_stable_proj\Include\boost/exception/detail/exception_ptr.hpp
EncodeMsgContent() serialization error
EncodeMsgContent
BrowserShellMain.cpp
CommonWorkerProcess.cpp
CCommonWorkerProcess::HandleMsg Fail to handle %d message.
CCommonWorkerProcess::HandleMsg
CCommonWorkerProcess::GetInstance Fail to get %d instance
Report %d data
CCommonWorkerProcess::HandleReportJob
CCommonWorkerProcess::HandleReportJob Fail to handle %d message
GetReportMgr
ReleaseReportMgr
CCommonWorkerProcess::HandleProtocolJob Fail to handle %d message
boost thread: trying joining itself
D:\jenkins\workspace\minibaidu_tag_20160121_2.3.0_Normal\Basic\Include\CommonInclude\Base/Process/AsyncTask.h
ExternalMgrProcess.cpp
PluginMgrProcess.cpp
D:\jenkins\workspace\minibaidu_tag_20160121_2.3.0_Normal\Basic\Output\BinRelease\Baidu.pdb
?QueryKeyValue@Register@Base@@YAHPAUHKEY__@@PB_W1PA_WPAK@Z
?Is64BitWindows@CWin64Helper@Win64Helper@Base@@QAEHXZ
?CreateRegKey@Register@Base@@YAHPB_WKPAPAUHKEY__@@PAK@Z
?OpenRegKey@Register@Base@@YAHPB_WKPAPAUHKEY__@@@Z
?SetStringValue@Register@Base@@YAHPAUHKEY__@@PB_W11@Z
MSVCP100.dll
MSVCR100.dll
_amsg_exit
_acmdln
_crt_debugger_hook
GetProcessHeap
CreateIoCompletionPort
KERNEL32.dll
USER32.dll
RegCreateKeyExW
RegOpenKeyExW
RegCloseKey
ADVAPI32.dll
ole32.dll
ShellExecuteW
SHELL32.dll
SHLWAPI.dll
WINMM.dll
.?AV?$singleton_wrapper@V?$extended_type_info_typeid@USRunDone@ControlMsg@@@serialization@boost@@@detail@serialization@boost@@
.?AV?$singleton@V?$extended_type_info_typeid@USRunDone@ControlMsg@@@serialization@boost@@@serialization@boost@@
.?AV?$extended_type_info_typeid@USRunDone@ControlMsg@@@serialization@boost@@
.?AV?$singleton_wrapper@V?$oserializer@Vbinary_oarchive@archive@boost@@USRunDone@ControlMsg@@@detail@archive@boost@@@detail@serialization@boost@@
.?AV?$singleton_wrapper@V?$oserializer@Vbinary_oarchive@archive@boost@@USLaunchDone@ControlMsg@@@detail@archive@boost@@@detail@serialization@boost@@
.?AV?$oserializer@Vbinary_oarchive@archive@boost@@USRunDone@ControlMsg@@@detail@archive@boost@@
.?AV?$oserializer@Vbinary_oarchive@archive@boost@@USLaunchDone@ControlMsg@@@detail@archive@boost@@
.?AV?$singleton_wrapper@V?$extended_type_info_typeid@USLaunchDone@ControlMsg@@@serialization@boost@@@detail@serialization@boost@@
.?AV?$singleton@V?$extended_type_info_typeid@USLaunchDone@ControlMsg@@@serialization@boost@@@serialization@boost@@
.?AV?$extended_type_info_typeid@USLaunchDone@ControlMsg@@@serialization@boost@@
.?AV?$singleton_wrapper@V?$iserializer@Vbinary_iarchive@archive@boost@@USLaunchDone@ControlMsg@@@detail@archive@boost@@@detail@serialization@boost@@
.?AV?$iserializer@Vbinary_iarchive@archive@boost@@USLaunchDone@ControlMsg@@@detail@archive@boost@@
.?AV?$bind_t@_NV?$mf1@_NVCChildProcess@Process@Base@@ABUSIPCMsg@IPCMessager@3@@_mfi@boost@@V?$list2@V?$value@V?$shared_ptr@VCChildProcess@Process@Base@@@boost@@@_bi@boost@@U?$arg@$00@3@@_bi@3@@_bi@boost@@
.?AUSLaunchDone@ControlMsg@@
.?AUSRunDone@ControlMsg@@
.?AV?$singleton_wrapper@V?$extended_type_info_typeid@USHostLoginNotification@CommonServiceMsg@@@serialization@boost@@@detail@serialization@boost@@
.?AV?$singleton_wrapper@V?$extended_type_info_typeid@USHostDoReport@CommonServiceMsg@@@serialization@boost@@@detail@serialization@boost@@
.?AV?$singleton@V?$extended_type_info_typeid@USHostLoginNotification@CommonServiceMsg@@@serialization@boost@@@serialization@boost@@
.?AV?$extended_type_info_typeid@USHostLoginNotification@CommonServiceMsg@@@serialization@boost@@
.?AV?$singleton@V?$extended_type_info_typeid@USHostDoReport@CommonServiceMsg@@@serialization@boost@@@serialization@boost@@
.?AV?$extended_type_info_typeid@USHostDoReport@CommonServiceMsg@@@serialization@boost@@
.?AV?$singleton_wrapper@V?$iserializer@Vbinary_iarchive@archive@boost@@USHostLoginNotification@CommonServiceMsg@@@detail@archive@boost@@@detail@serialization@boost@@
.?AV?$singleton_wrapper@V?$iserializer@Vbinary_iarchive@archive@boost@@USHostDoReport@CommonServiceMsg@@@detail@archive@boost@@@detail@serialization@boost@@
.?AV?$iserializer@Vbinary_iarchive@archive@boost@@USHostLoginNotification@CommonServiceMsg@@@detail@archive@boost@@
.?AV?$iserializer@Vbinary_iarchive@archive@boost@@USHostDoReport@CommonServiceMsg@@@detail@archive@boost@@
.?AV?$bind_t@XV?$mf1@XVCCommonWorkerProcess@@ABUSIPCMsg@IPCMessager@Base@@@_mfi@boost@@V?$list2@V?$value@V?$shared_ptr@VCCommonWorkerProcess@@@boost@@@_bi@boost@@V?$value@USIPCMsg@IPCMessager@Base@@@23@@_bi@3@@_bi@boost@@
.?AUSHostDoReport@CommonServiceMsg@@
.?AUSHostLoginNotification@CommonServiceMsg@@
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
<assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity>
=$= =4=9=
1 1$1(1,1014181<1@1
9”9C9R9a9p9
11C1R1a1p1
7t7C7R7a7p7
4 4$40484
A8706990-9490-4106-8033-12E64714B86B
Protocol.dll
CHROMECORE_PROCESS
chrome-extension
login
url-safe
res://LocalPages.dll/
.html
.br.baidu.com
.bdl.brs
--default-chromecore-path=
--disable-chromecore
password
\WebkitEngine.dll
\TridentEngine.dll
C1BB4C06-D91C-47D8-B28E-E76B943205E9
Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
user32.dll
\LogicMisc.dll
\UIHandler.dll
\Heartbeat.dll
CBrowserProcess::Run ActiveExistAppWindow param=%s
Upd.dat
BaiduUpdate.exe
\BrowserFrame.dll
bdlog.dll
Skins\AppContainer.rdb
channel.dll
PluginMgr.dll
Skins\AssociateWnd.rdb
Skins\FrameMask.rdb
Skins\AroundWidget.rdb
Skins\BDSearchBar.rdb
chromeclient.dll
Skins\CommonRes.rdb
BDMSkin.dll
LogicMisc.dll
UIHandler.dll
BrowserFrame.dll
Baidu.exe
\CommonWorker.dll
Failed in init CommonWorker.dll instance.
pCCommonWorkerProcess::Run installationTask = %s
CCommonWorkerProcess::Run customid = %d shmoffset = %d
CCommonWorkerProcess::HandleInstallationTask() strTaskType=%s strTaskParam=%s
BaiduClientRender.exe
BaiduBugRpt.exe
uninst.exe
RecoverRegs::ReadConfig key=%s, bResult=%d
RecoverRegs::WriteRegInstallArg key=%s
RecoverRegs vcKey=%s, ReadConfigString=%d
WriteRegInstallArg vcKey=%s
GetRegInstallArg Start key=%s
GetRegInstallArg RegOpenKeyEx Success key=%s
GetRegInstallArg RegQueryValueEx Success key=%s
WriteRegInstallArg key=%s, value=%s
RegOpenKeyEx ret=%d
WriteRegInstallArg key=%s, result=%d
WriteRegInstallArg::RegOpenKeyEx key=%s,ret=%d
HandleSCNotifyTask ItemID = %d shmoffset = %d
HandleSCNotifyTask wszSrcFileName = %s
HandleSCNotifyTask monitorid = %d
HandleSCNotifyTask eventType = %d
ShellExecute result = %d
sBDClientProxy.dll
Software\Microsoft\Windows\CurrentVersion\Run
ClientRegAddValueToList result = %d
nClientRegSetValueEx result = %d
CCommonWorkerProcess::RecoveProgramLink:: Directory is exist, create baidu.link shortcut link
CCommonWorkerProcess::RecoveProgramLink:: Directory is exist, create uinist.link shortcut link
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
Baidu.exe,0
CCommonWorkerProcess::RecoveUnistReg Read DisplayIcon reg failed create it displayIconValue=%s
CCommonWorkerProcess::RecoveUnistReg Read DisplayIcon reg success DisplayIcon=%s
CCommonWorkerProcess::RecoveUnistReg Read DisplayVersion reg failed create it InstallVer=%s
CCommonWorkerProcess::RecoveUnistReg Read DisplayVersion reg success version=%s
CCommonWorkerProcess::RecoveUnistReg Read UninstallString reg failed create it uinst path =%s
CCommonWorkerProcess::RecoveUnistReg Read UninstallString reg success uinst path =%s
GetDefenseSwitch value = %s
GetDefenseSwitch Read Reg failed! err = %d
GetDefenseSwitch result=%d
@\ExternalMgr.dll
Failed in init ExternalMgr.dll instance.
\PluginMgr.dll
\BrowserCore.dll
D.html
2.3.0.1732

Baidu.exe_2484:

.text
`.rdata
@.data
.rsrc
@.reloc
VhX%C
Phh%C
~Wht%C
SSSSh
VSSSSh
WSSSSh
Base.dll
Utils.dll
Report.dll
WS2_32.dll
Local\{C15730E2-145C-4c5e-B005-3BC753F42475}-once-flag
unsupported version
asio.misc
asio.misc error
thread.entry_event
thread.exit_event
D:\jenkins\workspace\minibaidu_tag_20160121_2.3.0_Normal\Basic\Include\CommonInclude\Base/Process/IPCMessager.h
CChildProcess::HandleMsg() invalid message id.
Base::Process::CChildProcess::HandleMsg
D:\jenkins\workspace\minibaidu_tag_20160121_2.3.0_Normal\Basic\Include\CommonInclude\Base/Process/ChildProcess.h
BrowserProcess.cpp
NeedInstallNewVersion:%d
DecodeMsgContent() serialization error
DecodeMsgContent
D:\jenkins\workspace\minibaidu_tag_20160121_2.3.0_Normal\Basic\Include\CommonInclude\Base/Process/IPCMessageDef.h
D:\jenkins\workspace\minibaidu_tag_20160121_2.3.0_Normal\minibaidu_stable_proj\Include\boost/exception/detail/exception_ptr.hpp
EncodeMsgContent() serialization error
EncodeMsgContent
BrowserShellMain.cpp
CommonWorkerProcess.cpp
CCommonWorkerProcess::HandleMsg Fail to handle %d message.
CCommonWorkerProcess::HandleMsg
CCommonWorkerProcess::GetInstance Fail to get %d instance
Report %d data
CCommonWorkerProcess::HandleReportJob
CCommonWorkerProcess::HandleReportJob Fail to handle %d message
GetReportMgr
ReleaseReportMgr
CCommonWorkerProcess::HandleProtocolJob Fail to handle %d message
boost thread: trying joining itself
D:\jenkins\workspace\minibaidu_tag_20160121_2.3.0_Normal\Basic\Include\CommonInclude\Base/Process/AsyncTask.h
ExternalMgrProcess.cpp
PluginMgrProcess.cpp
D:\jenkins\workspace\minibaidu_tag_20160121_2.3.0_Normal\Basic\Output\BinRelease\Baidu.pdb
?QueryKeyValue@Register@Base@@YAHPAUHKEY__@@PB_W1PA_WPAK@Z
?Is64BitWindows@CWin64Helper@Win64Helper@Base@@QAEHXZ
?CreateRegKey@Register@Base@@YAHPB_WKPAPAUHKEY__@@PAK@Z
?OpenRegKey@Register@Base@@YAHPB_WKPAPAUHKEY__@@@Z
?SetStringValue@Register@Base@@YAHPAUHKEY__@@PB_W11@Z
MSVCP100.dll
MSVCR100.dll
_amsg_exit
_acmdln
_crt_debugger_hook
GetProcessHeap
CreateIoCompletionPort
KERNEL32.dll
USER32.dll
RegCreateKeyExW
RegOpenKeyExW
RegCloseKey
ADVAPI32.dll
ole32.dll
ShellExecuteW
SHELL32.dll
SHLWAPI.dll
WINMM.dll
.?AV?$singleton_wrapper@V?$extended_type_info_typeid@USRunDone@ControlMsg@@@serialization@boost@@@detail@serialization@boost@@
.?AV?$singleton@V?$extended_type_info_typeid@USRunDone@ControlMsg@@@serialization@boost@@@serialization@boost@@
.?AV?$extended_type_info_typeid@USRunDone@ControlMsg@@@serialization@boost@@
.?AV?$singleton_wrapper@V?$oserializer@Vbinary_oarchive@archive@boost@@USRunDone@ControlMsg@@@detail@archive@boost@@@detail@serialization@boost@@
.?AV?$singleton_wrapper@V?$oserializer@Vbinary_oarchive@archive@boost@@USLaunchDone@ControlMsg@@@detail@archive@boost@@@detail@serialization@boost@@
.?AV?$oserializer@Vbinary_oarchive@archive@boost@@USRunDone@ControlMsg@@@detail@archive@boost@@
.?AV?$oserializer@Vbinary_oarchive@archive@boost@@USLaunchDone@ControlMsg@@@detail@archive@boost@@
.?AV?$singleton_wrapper@V?$extended_type_info_typeid@USLaunchDone@ControlMsg@@@serialization@boost@@@detail@serialization@boost@@
.?AV?$singleton@V?$extended_type_info_typeid@USLaunchDone@ControlMsg@@@serialization@boost@@@serialization@boost@@
.?AV?$extended_type_info_typeid@USLaunchDone@ControlMsg@@@serialization@boost@@
.?AV?$singleton_wrapper@V?$iserializer@Vbinary_iarchive@archive@boost@@USLaunchDone@ControlMsg@@@detail@archive@boost@@@detail@serialization@boost@@
.?AV?$iserializer@Vbinary_iarchive@archive@boost@@USLaunchDone@ControlMsg@@@detail@archive@boost@@
.?AV?$bind_t@_NV?$mf1@_NVCChildProcess@Process@Base@@ABUSIPCMsg@IPCMessager@3@@_mfi@boost@@V?$list2@V?$value@V?$shared_ptr@VCChildProcess@Process@Base@@@boost@@@_bi@boost@@U?$arg@$00@3@@_bi@3@@_bi@boost@@
.?AUSLaunchDone@ControlMsg@@
.?AUSRunDone@ControlMsg@@
.?AV?$singleton_wrapper@V?$extended_type_info_typeid@USHostLoginNotification@CommonServiceMsg@@@serialization@boost@@@detail@serialization@boost@@
.?AV?$singleton_wrapper@V?$extended_type_info_typeid@USHostDoReport@CommonServiceMsg@@@serialization@boost@@@detail@serialization@boost@@
.?AV?$singleton@V?$extended_type_info_typeid@USHostLoginNotification@CommonServiceMsg@@@serialization@boost@@@serialization@boost@@
.?AV?$extended_type_info_typeid@USHostLoginNotification@CommonServiceMsg@@@serialization@boost@@
.?AV?$singleton@V?$extended_type_info_typeid@USHostDoReport@CommonServiceMsg@@@serialization@boost@@@serialization@boost@@
.?AV?$extended_type_info_typeid@USHostDoReport@CommonServiceMsg@@@serialization@boost@@
.?AV?$singleton_wrapper@V?$iserializer@Vbinary_iarchive@archive@boost@@USHostLoginNotification@CommonServiceMsg@@@detail@archive@boost@@@detail@serialization@boost@@
.?AV?$singleton_wrapper@V?$iserializer@Vbinary_iarchive@archive@boost@@USHostDoReport@CommonServiceMsg@@@detail@archive@boost@@@detail@serialization@boost@@
.?AV?$iserializer@Vbinary_iarchive@archive@boost@@USHostLoginNotification@CommonServiceMsg@@@detail@archive@boost@@
.?AV?$iserializer@Vbinary_iarchive@archive@boost@@USHostDoReport@CommonServiceMsg@@@detail@archive@boost@@
.?AV?$bind_t@XV?$mf1@XVCCommonWorkerProcess@@ABUSIPCMsg@IPCMessager@Base@@@_mfi@boost@@V?$list2@V?$value@V?$shared_ptr@VCCommonWorkerProcess@@@boost@@@_bi@boost@@V?$value@USIPCMsg@IPCMessager@Base@@@23@@_bi@3@@_bi@boost@@
.?AUSHostDoReport@CommonServiceMsg@@
.?AUSHostLoginNotification@CommonServiceMsg@@
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
<assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity>
=$= =4=9=
1 1$1(1,1014181<1@1
9”9C9R9a9p9
11C1R1a1p1
7t7C7R7a7p7
4 4$40484
A8706990-9490-4106-8033-12E64714B86B
Protocol.dll
CHROMECORE_PROCESS
chrome-extension
login
url-safe
res://LocalPages.dll/
.html
.br.baidu.com
.bdl.brs
--default-chromecore-path=
--disable-chromecore
password
\WebkitEngine.dll
\TridentEngine.dll
C1BB4C06-D91C-47D8-B28E-E76B943205E9
Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
user32.dll
\LogicMisc.dll
\UIHandler.dll
\Heartbeat.dll
CBrowserProcess::Run ActiveExistAppWindow param=%s
Upd.dat
BaiduUpdate.exe
\BrowserFrame.dll
bdlog.dll
Skins\AppContainer.rdb
channel.dll
PluginMgr.dll
Skins\AssociateWnd.rdb
Skins\FrameMask.rdb
Skins\AroundWidget.rdb
Skins\BDSearchBar.rdb
chromeclient.dll
Skins\CommonRes.rdb
BDMSkin.dll
LogicMisc.dll
UIHandler.dll
BrowserFrame.dll
Baidu.exe
\CommonWorker.dll
Failed in init CommonWorker.dll instance.
pCCommonWorkerProcess::Run installationTask = %s
CCommonWorkerProcess::Run customid = %d shmoffset = %d
CCommonWorkerProcess::HandleInstallationTask() strTaskType=%s strTaskParam=%s
BaiduClientRender.exe
BaiduBugRpt.exe
uninst.exe
RecoverRegs::ReadConfig key=%s, bResult=%d
RecoverRegs::WriteRegInstallArg key=%s
RecoverRegs vcKey=%s, ReadConfigString=%d
WriteRegInstallArg vcKey=%s
GetRegInstallArg Start key=%s
GetRegInstallArg RegOpenKeyEx Success key=%s
GetRegInstallArg RegQueryValueEx Success key=%s
WriteRegInstallArg key=%s, value=%s
RegOpenKeyEx ret=%d
WriteRegInstallArg key=%s, result=%d
WriteRegInstallArg::RegOpenKeyEx key=%s,ret=%d
HandleSCNotifyTask ItemID = %d shmoffset = %d
HandleSCNotifyTask wszSrcFileName = %s
HandleSCNotifyTask monitorid = %d
HandleSCNotifyTask eventType = %d
ShellExecute result = %d
sBDClientProxy.dll
Software\Microsoft\Windows\CurrentVersion\Run
ClientRegAddValueToList result = %d
nClientRegSetValueEx result = %d
CCommonWorkerProcess::RecoveProgramLink:: Directory is exist, create baidu.link shortcut link
CCommonWorkerProcess::RecoveProgramLink:: Directory is exist, create uinist.link shortcut link
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
Baidu.exe,0
CCommonWorkerProcess::RecoveUnistReg Read DisplayIcon reg failed create it displayIconValue=%s
CCommonWorkerProcess::RecoveUnistReg Read DisplayIcon reg success DisplayIcon=%s
CCommonWorkerProcess::RecoveUnistReg Read DisplayVersion reg failed create it InstallVer=%s
CCommonWorkerProcess::RecoveUnistReg Read DisplayVersion reg success version=%s
CCommonWorkerProcess::RecoveUnistReg Read UninstallString reg failed create it uinst path =%s
CCommonWorkerProcess::RecoveUnistReg Read UninstallString reg success uinst path =%s
GetDefenseSwitch value = %s
GetDefenseSwitch Read Reg failed! err = %d
GetDefenseSwitch result=%d
@\ExternalMgr.dll
Failed in init ExternalMgr.dll instance.
\PluginMgr.dll
\BrowserCore.dll
D.html
2.3.0.1732


Remove it with Ad-Aware

  1. Click (here) to download and install Ad-Aware Free Antivirus.
  2. Update the definition files.
  3. Run a full scan of your computer.


Manual removal*

  1. Terminate malicious process(es) (How to End a Process With the Task Manager):

    DeskDrawer_0016212_01.exe:1096
    DeskDrawer_0016212_01.exe:1660
    V8._85296_20150814221218.exe:500
    QQBrowser.exe:740
    QQBrowser.exe:216
    QQBrowser.exe:620
    QQBrowser.exe:1836
    QQBrowser.exe:468
    QQBrowser.exe:884
    QQBrowser.exe:464
    QQBrowser.exe:1852
    QQBrowser.exe:1336
    QQBrowser.exe:576
    QQBrowser.exe:1180
    QQBrowser.exe:1668
    DeskDrawer.exe:508
    lxsaju.exe:1308
    BDDocker.exe:2172
    PerfTraceService.exe:1132
    PerfTraceService.exe:1160
    regsvr32.exe:1128
    DeskDrawer_0016212_01.tmp:1168
    DeskDrawer_0016212_01.tmp:492
    Baidu.exe:900
    Baidu.exe:2052
    Baidu.exe:2484
    Baidu.exe:2540
    Baidu.exe:2352
    Baidu.exe:2116
    QQBrowserOTA.exe:3548
    QQBrowserOTA.exe:3540
    QQBrowserOTA.exe:3176
    kinst_168_57.exe:1128

  2. Delete the original Trojan file.
  3. Delete or disinfect the following files created/modified by the Trojan:

    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\I9I58XG7\rse1332280[1].exe (575338 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\RSEDown\rsedownloadconfig.xml.rs (204 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\I9I58XG7\rsedownloadconfig[1].xml (196 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\RSEDown\rse.exe.rs (575338 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\is-KUCV5.tmp\DeskDrawer_0016212_01.tmp (3786 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\is-995SB.tmp\DeskDrawer_0016212_01.tmp (3786 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\small.html (2 bytes)
    %Program Files%\Tencent\QQBrowser\Html\manage\app\images\installed_arrow.png (176 bytes)
    %Program Files%\Tencent\QQBrowser\Html\manage\img\skin\theme.png (25 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\account\up.png (971 bytes)
    %Program Files%\Tencent\QQBrowser\Infobar\js\base.js (4 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\event\bg.png (28 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\lib\template.js (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\warn-dialog-close.png (295 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}.qrx (21 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\installed_arrow.png (176 bytes)
    %Program Files%\Tencent\QQBrowser\dr.dll (601 bytes)
    %Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\delete_active_ie.png (1 bytes)
    %Program Files%\Tencent\QQBrowser\Html\quickaccess\js\search.js (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\delete.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Adblock\mainlist.ze (29 bytes)
    %Program Files%\Tencent\QQBrowser\MouseGesture.dll (56 bytes)
    %Program Files%\Tencent\QQBrowser\Html\manage\history\img\search.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\favicon\index.html#account.ico (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\js\inforBar.js (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\delete_active.png (1 bytes)
    %Program Files%\Tencent\QQBrowser\Microsoft.VC90.CRT\msvcr90.dll (4185 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\js\global.js (394 bytes)
    %Program Files%\Tencent\QQBrowser\Html\manage\app\images\qblogo.png (868 bytes)
    %Program Files%\Tencent\QQBrowser\Html\manage\history\img\del2.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\background.js (31 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\HomePage\index.ini (16 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\qblogo.png (868 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\8DFDF057024880D7A081AFBF6D26B92F (176 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\images\hse.png (4 bytes)
    %Program Files%\Tencent\QQBrowser\Html\manage\img\skin\tab_bg_white.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\picker_floor_hover.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\plugin3.png (3 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\js\init.js (4 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\Private-icon.png (3 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\DB\random.db (10 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1 (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\thumb (4 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\default.ico (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\skin_mask.png (923 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\addressbar_blank.png (5 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\img\del2.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\homepage\0\website\index.html (86 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\images\searchlogo_24_sogou.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\app_hover.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\plugin1.png (11 bytes)
    %Program Files%\Tencent\QQBrowser\Html\manage\js\api.js (3 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\js\api.js (3 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\{CAA4306F-826C-4c1b-8FC6-571F84949DB4} (6 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\{3E9C7A5B-D249-4C28-A451-53E1024AD354} (2 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\lib\jquery.min.js (92 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\Infobar\css\base.css (2 bytes)
    %Program Files%\Tencent\QQBrowser\Html\images\searchlogo_24_soso.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\skin_selected_white_ie.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\Infobar\image\security.png (1 bytes)
    %Program Files%\Tencent\QQBrowser\Html\quickaccess\js\global.js (394 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\js\injectReader.js (19 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\certerror.html (3 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin_active.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\sliderman.1.3.7.js (19 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\history2.js (21 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\loading.gif (5 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\InstModules\Microsoft.VC90.CRT\msvcp90.dll (3361 bytes)
    %Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\unlock_ie.png (1 bytes)
    %Program Files%\Tencent\QQBrowser\Html\manage\img\account_active.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\css\style.css (11 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\Infobar\inforBar.html (800 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\history\img\down.png (960 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\quicklink_toast_locked.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\service (4 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\lock_hover.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\PrScrn.dll (2517 bytes)
    %Program Files%\Tencent\QQBrowser\Infobar\image\infobar_offlineurl.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\unlock_hover_ie.png (1 bytes)
    %Program Files%\Tencent\QQBrowser\Html\manage\app\images\default-icon.png (1 bytes)
    %Program Files%\Tencent\QQBrowser\QBExtensionFramework.dll (3361 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\quicklink_recommendcelltag.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\js\business.js (8 bytes)
    %Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\unlock_hover_ie.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\css\style.css (2 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\bkg.gif (22 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}.qrx (21 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\history_hover.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\favicon\index.html#app.ico (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\accountInfoBar.html (794 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\thumb\http___tq.qq.com_qbrcenter_index.html_adtag=8gongge.jpg (11 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\delete_active.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\theme.png (25 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\blue.png (1 bytes)
    %Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\lock.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Liveup\Temp\QQBrowserLiveup.exe (1425 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\history\img\atbk1.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\event\bg.png (28 bytes)
    %Program Files%\Tencent\QQBrowser\Html\small.html (2 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\dock_game.png (3 bytes)
    %Program Files%\Tencent\QQBrowser\Html\images\searchlogo_24_sogou.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\favicon (4 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\lib\jquery.easing.js (3 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\img\checkbox.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\img\atbk1.png (1 bytes)
    %Program Files%\Tencent\QQBrowser\Html\manage\img\skin\tab_bg_blank.png (1 bytes)
    %Program Files%\Tencent\QQBrowser\Html\images\searchlogo_24_baidu.png (870 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\DB\history.db (601 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\unlock_hover.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\thumb\http___qzone.qq.com_.jpg (12 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\Infobar\image\infobar_close_active.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\favicon\index.html#history.ico (1 bytes)
    %Program Files%\Tencent\QQBrowser\service\xperf.exe (2105 bytes)
    %Program Files%\Tencent\QQBrowser\Html\manage\img\skin\picker_ceil.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\qblogo.png (868 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}_1\manifest.json (256 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\searchlogo_24_sogou.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\hse.png (4 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{5062F1C6-D76B-43c8-ADAE-D060662C6546}\extplayer.js (30 bytes)
    %Program Files%\Tencent\QQBrowser\manifest.json (261 bytes)
    %Program Files%\Tencent\QQBrowser\Html\lib\jquery.min.js (92 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\video\vd.ini (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\tab_bg_blank.png (1 bytes)
    %Program Files%\Tencent\QQBrowser\Html\manage\img\account\up.png (971 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\quicklink_toast_unlocked.png (2 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\addressbar_blank.png (5 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\js\api.js (3 bytes)
    %Program Files%\Tencent\QQBrowser\Html\manage\img\account.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Adblock\{43789A6F-8316-54A6-96D4-87874B9CC177} (5 bytes)
    %Program Files%\Tencent\QQBrowser\Microsoft.VC90.CRT\msvcp90.dll (3361 bytes)
    %Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\lock_hover.png (1 bytes)
    %Program Files%\Tencent\QQBrowser\navi.ico (15 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Extensions8\Temp\{CD36E3DB-304A-48EF-A8A2-D873F608D2AE}.qrx (30 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\skin_selected_white.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\skin_selected_white_ie.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\js\global.js (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\uninst.exe (3649 bytes)
    %Program Files%\Tencent\QQBrowser\Html\images\hse.png (4 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{44A126BF-51C2-48AD-A593-94B50071EB64}.qrx (39 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\yellow.png (626 bytes)
    %Program Files%\Tencent\QQBrowser\Html\quickaccess\img\dock_game.png (3 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Liveup\Temp\Microsoft.VC90.CRT\msvcp90.dll (3361 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\homepage\0\website\bgsearch_day.jpg (4 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\lock.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\app_active.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{A1D7EDF6-6151-4F2D-B39E-01D6FABE0325}.qrx (19 bytes)
    %Program Files%\Tencent\QQBrowser\Html\manage\history\img\del.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{CD36E3DB-304A-48EF-A8A2-D873F608D2AE}.qrx (30 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\skin\LightStripes.gt (94 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\lib\jquery.mCustomScrollbar.concat.min.js (37 bytes)
    %Program Files%\Tencent\QQBrowser\Html\manage\css\ycalendar.css (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manifest.json (197 bytes)
    %Program Files%\Tencent\QQBrowser\Html\manage\history\img\checkbox.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\js\init.js (8 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\thumb\qqbrowser_home.jpg (14 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\service\7z.exe (1209 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\accountInfoBar.html (794 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\wifi_dialog_close_btn.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\dock_video.png (3 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\image\infobar_close_active.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\theme_ie.png (15 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\UserPinnedTemp\QQ浏览器.lnk (2 bytes)
    %Program Files%\Tencent\QQBrowser\Html\manage\img\app_active.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Thumb\http___s.click.taobao.com_khr1bAy.jpg (9 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\quicklink_newcelltag_ie.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\sliderman.1.3.7.js (19 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\Microsoft.VC90.CRT\msvcp90.dll (6900 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\dock_video_hover.png (3 bytes)
    %Program Files%\Tencent\QQBrowser\Html\manage\img\history_hover.png (1 bytes)
    %Program Files%\Tencent\QQBrowser\Html\lib\jquery.mCustomScrollbar.css (9 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\8DFDF057024880D7A081AFBF6D26B92F (571 bytes)
    %Program Files%\Tencent\QQBrowser\Html\manage\app\images\plugin3.png (3 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\QQ浏览器.lnk (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\thumb\http___browser.qq.com_new_wechat1.0.html_type=1.jpg (10 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\app.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\lock_active.png (1 bytes)
    %Program Files%\Tencent\QQBrowser\Html\manage\favicon\index.html#account.ico (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\green.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\history_hover.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\loading.gif (5 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\uninstallBtn.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\js\search.js (1 bytes)
    %Program Files%\Tencent\QQBrowser\Infobar\inforBar.html (800 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\dock_game_hover.png (3 bytes)
    %Program Files%\Tencent\QQBrowser\QQBrowser.exe (601 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\NetWork.dll (2602 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\quicklink_newcelltag.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\picker_ceil.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\favicon\index.html#skin.ico (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\DB\homepage.db (3 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\history_active.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\account_active.png (1 bytes)
    %Program Files%\Tencent\QQBrowser\Html\error.html (7 bytes)
    %Program Files%\Tencent\QQBrowser\service\perfctrl.dll (1281 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{ACC06D2A-2285-4ed9-B4E4-0F3198501410}.qrx (12 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\quicklink_recommendcelltag_ie.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\thumb\http___speed.qq.com_act_a20141103plan_.jpg (16 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Extensions8\Temp\{7E2975A3-E661-42F2-8614-A9D18CBB20FE}.qrx (19 bytes)
    %Program Files%\Tencent\QQBrowser\Dialogs.dll (7385 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\db\homepage.db (3 bytes)
    %Program Files%\Tencent\QQBrowser\service\7z.exe (673 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\plugin2.png (6 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\history\img\del.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\index.html (17 bytes)
    %Program Files%\Tencent\QQBrowser\Html\manifest.json (197 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\images\pixel.gif (43 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\images\searchlogo_24_bing.png (442 bytes)
    %Program Files%\Tencent\QQBrowser\Html\manage\img\skin\addressbar_white.png (5 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\tab_bg_blank.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\arrowdown_hover_ie.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Extensions8\Temp\{44A126BF-51C2-48AD-A593-94B50071EB64}.qrx (39 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\index.html (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\css\screen.css (14 bytes)
    %Program Files%\Tencent\QQBrowser\QQBrowserFrame.dll (11518 bytes)
    %Program Files%\Tencent\QQBrowser\resources.pri (3 bytes)
    %Program Files%\Tencent\QQBrowser\Downloader.dll (3073 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\history\img\up-down.png (999 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\app.js (17 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\HomePage\0\website\index.html (601 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\lock_active_ie.png (1 bytes)
    %Program Files%\Tencent\QQBrowser\WebpDecodeFilter.dll (673 bytes)
    %Program Files%\Tencent\QQBrowser\Html\lib\jquery.mCustomScrollbar.concat.min.js (37 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Adblock\whitelist.ze (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\large_installed_arrow.png (1 bytes)
    %Program Files%\Tencent\QQBrowser\Html\images\icon_not_recommended.png (1 bytes)
    %Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\quicklink_recommendcelltag.png (1 bytes)
    %Program Files%\Tencent\QQBrowser\service\QQTrace.ini (3 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\theme_ie.png (15 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\unlock_active_ie.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\QBExtensionFramework.dll (3766 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\tab_bg_white.png (1 bytes)
    %Program Files%\Tencent\QQBrowser\Html\manage\img\history_active.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\small_installed_arrow.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\delete_ie.png (1 bytes)
    %Program Files%\Tencent\QQBrowser\Html\manage\favicon\index.html#app.ico (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\unlock.png (1 bytes)
    %Program Files%\Tencent\QQBrowser\Html\manage\history\img\atbk1.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\unlock.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\installed_arrow.png (176 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\arrowdown_hover.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\Infobar\image\infobar_login.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\Infobar\image\infobar_close_hover.png (1 bytes)
    %Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\quicklink_recommendcelltag_ie.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\arrowdown.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\Resource.dll (1365 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\QQBrowser.exe (1661 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\thumb\https___mail.qq.com_.jpg (16 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Extensions8\{00000000-0000-0000-0000-000000000000}\jquery.js (92 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\skin_selected_blank.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\dock_video.png (3 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\lock_active.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\theme.png (25 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\QBInstaller.dll (3710 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\lib\jquery.mCustomScrollbar.css (9 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\uninstallBtn.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\account\up.png (971 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\js\search.js (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\dock_video_active.png (3 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\account\down.png (971 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}_1\QBSafe.dll (1735 bytes)
    %Program Files%\Tencent\QQBrowser\Html\manage\js\global.js (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\warn-dialog-close.png (295 bytes)
    %Program Files%\Tencent\QQBrowser\Html\quickaccess\css\style.css (6 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\TridentCore.dll (9754 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Thumb\qqbrowser_home.jpg (14 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\favicon\index.html#app.ico (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\favicon\index.html#account.ico (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\unlock_ie.png (1 bytes)
    %Program Files%\Tencent\QQBrowser\Html\images\pixel.gif (43 bytes)
    %Program Files%\Tencent\QQBrowser\Html\manage\img\skin\skin_mask.png (923 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\pink.png (716 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\image\infobar_close_normal.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\quicklink_recommendcelltag_ie.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manifest.json (197 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{132A61AD-1025-4629-960D-B21EE8BAABB3}.qrx (17 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\blue.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\reader.html (30 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Thumb\https___mail.qq.com_.jpg (16 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\wifi_dialog_close_btn.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\img\del.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\private.html (3 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\unlock_hover_ie.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\pixel.gif (43 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\delete_hover.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\css\articlecontent.css (12 bytes)
    %Program Files%\Tencent\QQBrowser\nsis_skin.gt (601 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\arrowdown_hover_ie.png (1 bytes)
    %Program Files%\Tencent\QQBrowser\Html\quickaccess\img\dock_game_active.png (3 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\skin_mask.png (923 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\error.html (7 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\EventTracing.dll (1326 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\history\img\search.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\quicklink_recommendcelltag.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\thumb\http___www.qq.com__pgv_ref=qqBrowserPC.jpg (16 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\tssafeedit.dat (41 bytes)
    %Program Files%\Tencent\QQBrowser\Html\manage\img\skin\skin_selected_blank_ie.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin_hover.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\lock_ie.png (1 bytes)
    %Program Files%\Tencent\QQBrowser\Html\quickaccess\img\dock_video.png (3 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\lib\ycalendar.js (4 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\delete.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\css\ycalendar.css (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\wifi_dialog_cancel_btn.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Liveup\Temp\QBUtils.dll (12287 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\yellow.png (626 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\resources.pri (3 bytes)
    %Program Files%\Tencent\QQBrowser\Html\manage\js\init.js (8 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\picker_ceil_hover.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\image\infobar_close_hover.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\navi.ico (15 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\text_light.png (1 bytes)
    %Program Files%\Tencent\QQBrowser\Infobar\image\infobar_login.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\Assistant.dll (6284 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\img\up-down.png (999 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\css\articlecontent.css (12 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\shadow-bottom.png (2 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\HomePage\0\website\bgsearch_day.jpg (4 bytes)
    %Program Files%\Tencent\QQBrowser\Html\images\icon_suggested_action.png (1 bytes)
    %Program Files%\Tencent\QQBrowser\Infobar\image\infobar_fav.png (1 bytes)
    %Program Files%\Tencent\QQBrowser\Html\manage\app\sliderman.1.3.7.js (19 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\Downloader.dll (4010 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\img\down.png (960 bytes)
    %Program Files%\Tencent\QQBrowser\Html\manage\app\images\site_text.png (5 bytes)
    %Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\quicklink_toast_locked.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Thumb\http___speed.qq.com_act_a20141103plan_.jpg (16 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\picker_floor.png (1 bytes)
    %Program Files%\Tencent\QQBrowser\Html\manage\js\tool.js (3 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\8.0.0.12\manifest.json (256 bytes)
    %Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\lock_active.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\arrowdown.png (1 bytes)
    %Program Files%\Tencent\QQBrowser\Infobar\css\base.css (2 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\images\icon_suggested_action.png (1 bytes)
    %Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\quicklink_newcelltag.png (1 bytes)
    %Program Files%\Tencent\QQBrowser\BugReport.exe (2321 bytes)
    %Program Files%\Tencent\QQBrowser\Html\manage\img\account\down.png (971 bytes)
    %Program Files%\Tencent\QQBrowser\Html\quickaccess\img\event\bg.png (28 bytes)
    %Program Files%\Tencent\QQBrowser\Html\manage\img\skin\skin_selected_blank.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\favicon\index.html#skin.ico (1 bytes)
    %Program Files%\Tencent\QQBrowser\Html\manage\app\images\loading.gif (5 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\image.png (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\homepage\index.ini (16 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\service\qqtrack.xml (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Extensions8\Temp\{E5914276-7752-43C4-9723-50EE9CF51AD8}.qrx (16 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\Infobar\js\base.js (4 bytes)
    %Program Files%\Tencent\QQBrowser\Html\manage\history\history2.js (21 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\dock_video_active.png (3 bytes)
    %Program Files%\Tencent\QQBrowser\Html\lib\ycalendar.js (4 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\images\searchlogo_24_baidu.png (870 bytes)
    %Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\lock_active_ie.png (1 bytes)
    %Program Files%\Tencent\QQBrowser\Html\certerror.html (3 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\site_text.png (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\{3E9C7A5B-D249-4C28-A451-53E1024AD354} (2 bytes)
    %Program Files%\Tencent\QQBrowser\Html\quickaccess\img\dock_game_hover.png (3 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\arrowdown_ie.png (1 bytes)
    %Program Files%\Tencent\QQBrowser\QBSafe.dll (1735 bytes)
    %Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\quicklink_toast_unlocked.png (2 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\search_btn.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\quicklink_toast_locked.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Thumb\http___tq.qq.com_qbrcenter_index.html_adtag=8gongge.jpg (11 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\Infobar\image\infobar_fav.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\searchlogo_24_bing.png (442 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\private.html (3 bytes)
    %Program Files%\Tencent\QQBrowser\Html\manage\img\skin\skin_selected_white_ie.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\favicon\index.html#history.ico (1 bytes)
    %Program Files%\Tencent\QQBrowser\Html\quickaccess\img\dock_video_active.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\service\xperf.exe (5001 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\images\searchlogo_24_google.png (919 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\delete_active_ie.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\thumb\http___s.click.taobao.com_khr1bAy.jpg (9 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\images\icon_not_recommended.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\quicklink_toast_unlocked.png (2 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\history.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\searchbar_searchengine_arrow.png (1 bytes)
    %Program Files%\Tencent\QQBrowser\Html\manage\history\css\history.css (8 bytes)
    %Program Files%\Tencent\QQBrowser\Microsoft.VC90.CRT\msvcm90.dll (1281 bytes)
    %Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\delete_ie.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\js\injectReader.js (19 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\searchbar_searchengine_arrow.png (1 bytes)
    %Program Files%\Tencent\QQBrowser\Html\images\searchlogo_24_google.png (919 bytes)
    %Program Files%\Tencent\QQBrowser\Html\images\search_btn.png (1 bytes)
    %Program Files%\Tencent\QQBrowser\QRCode.dll (31 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\db\random.db (10 bytes)
    %Program Files%\Tencent\QQBrowser\QQBrowserLiveup.exe (1425 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\image\infobar_close_active.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Adblock\mainlist.ze (29 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\lib\ycalendar.js (4 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\close.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\css\ycalendar.css (1 bytes)
    %Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\lock_hover_ie.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\{B00DFF21-511E-4249-BCB9-EECC370D796B} (430 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\images\searchlogo_24_soso.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\js\business.js (9 bytes)
    %Program Files%\Tencent\QQBrowser\Infobar\image\infobar_close_normal.png (1 bytes)
    %Program Files%\Tencent\QQBrowser\Html\quickaccess\js\init.js (4 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\arrowdown_ie.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\quicklink_newcelltag.png (1 bytes)
    %Program Files%\Tencent\QQBrowser\Html\manage\img\close.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\lib\jquery.mCustomScrollbar.concat.min.js (37 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\js\init.js (8 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\service\perfctrl.dll (3447 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\plugin2.png (6 bytes)
    %Program Files%\Tencent\QQBrowser\Infobar\image\security.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Extensions8\Temp\{C74EB4B8-B51A-4BF7-A213-E29859D69D83}.qrx (15 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\dock_game_active.png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\QRCode.dll (31 bytes)
    %Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\searchbar_searchengine_arrow.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\icon_not_recommended.png (1 bytes)
    %Program Files%\Tencent\QQBrowser\Html\manage\img\history.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\account\down.png (971 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\gray.png (501 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\picker_floor.png (1 bytes)
    %Program Files%\Tencent\QQBrowser\Html\manage\history\img\down.png (960 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\css\style.css (6 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\thumb\http___www.3366.com__ADTAG=cop.QQbrowser.8new.jpg (16 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\{B00DFF21-511E-4249-BCB9-EECC370D796B} (430 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\small.png (2 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\images\search_btn.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\account_hover.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\lib\jquery.easing.js (3 bytes)
    %Program Files%\Tencent\QQBrowser\Html\manage\app\images\large_installed_arrow.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\MouseGesture.dll (872 bytes)
    %Program Files%\Tencent\QQBrowser\PrScrn.dll (1281 bytes)
    %Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\arrowdown_hover_ie.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\background.html (122 bytes)
    %Documents and Settings%\%current user%\Start Menu\Programs\腾讯软件\QQ浏览器\QQ浏览器.lnk (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\account.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\nsis_skin.gt (106 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\QQBrowserSecurityCenter.exe (2015 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\Microsoft.VC90.CRT\msvcm90.dll (2129 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\HomePage\0\website\bggradient_day.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\content.js (30 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\js\inforBar.js (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\62B5AF9BE9ADC1085C3C56EC07A82BF6 (153 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\dock_game_hover.png (3 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\lib\template.js (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\delete_active_ie.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\searchlogo_24_baidu.png (870 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\searchlogo_24_google.png (919 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\quicklink_newcelltag_ie.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\homepage\0\website\imgSearch.png (10 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\night.png (546 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\images\small.png (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\homepage\0\website\bggradient_day.png (1 bytes)
    %Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\delete.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Thumb\http___qzone.qq.com_.jpg (12 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Adblock\wbg.png (136 bytes)
    %Program Files%\Tencent\QQBrowser\Html\manage\app\css\app.css (9 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\skin_selected_blank_ie.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\images\shadow-bottom.png (2 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\{3349050F-829E-4bb2-AACF-03E3A6B68677} (5 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\manifest.json (5 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\unlock_ie.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\index.html (17 bytes)
    %Program Files%\Tencent\QQBrowser\Html\manage\img\account_hover.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\dock_video_hover.png (3 bytes)
    %Program Files%\Tencent\QQBrowser\EventTracing.dll (39 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\site_text.png (5 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\css\screen.css (14 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\picker_ceil_hover.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\plugin3.png (3 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\images\Private-icon.png (3 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\lock_hover_ie.png (1 bytes)
    %Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\unlock_active_ie.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\image.png (5 bytes)
    %Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\unlock_hover.png (1 bytes)
    %Program Files%\Tencent\QQBrowser\Infobar\image\icon.png (487 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\tab_bg_white.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\plugin1.png (11 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\{3349050F-829E-4bb2-AACF-03E3A6B68677} (5 bytes)
    %Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\delete_hover_ie.png (1 bytes)
    %Program Files%\Tencent\QQBrowser\Html\manage\img\default.ico (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\lib\jquery.min.js (92 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\green.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\{B00D20E2-207A-431A-9712-E1279792681B} (89 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{00000000-0000-0000-0000-000000000000}\jquery.js (601 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\error.html (7 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\history\img\closeBtnSearchbar.png (1 bytes)
    %Program Files%\Tencent\QQBrowser\Html\manage\css\style.css (11 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\QQBrowserFrame.dll (13493 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\large_installed_arrow.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\lock_active_ie.png (1 bytes)
    %Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\lock_ie.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\Infobar\image\infobar_close_normal.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\delete_hover_ie.png (1 bytes)
    %Program Files%\Tencent\QQBrowser\Html\images\small.png (2 bytes)
    %Program Files%\Tencent\QQBrowser\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest (1 bytes)
    %Program Files%\Tencent\QQBrowser\Html\manage\app\app.js (17 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\BugReport.exe (7256 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Liveup\Temp\Microsoft.VC90.CRT\msvcr90.dll (4185 bytes)
    %Program Files%\Tencent\QQBrowser\Html\manage\app\images\wifi_dialog_cancel_btn.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\addressbar_white.png (5 bytes)
    %Program Files%\Tencent\QQBrowser\QQBrowserSecurityCenter.exe (673 bytes)
    %Program Files%\Tencent\QQBrowser\Html\manage\history\img\closeBtnSearchbar.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\js\init.js (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\homepage\0\website\sogou_web.png (5 bytes)
    %Program Files%\Tencent\QQBrowser\service\qqtrack.xml (4 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\searchlogo_24_soso.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\app.png (1 bytes)
    %Program Files%\Tencent\QQBrowser\tssafeedit.dat (41 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\lib\jquery.mCustomScrollbar.css (9 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\small.html (2 bytes)
    %Program Files%\Tencent\QQBrowser\Html\manage\img\app_hover.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\dock_game_active.png (3 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\InstModules\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest (1 bytes)
    %Program Files%\Tencent\QQBrowser\Html\manage\index.html (17 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\{CAA4306F-826C-4c1b-8FC6-571F84949DB4} (6 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\unlock_active_ie.png (1 bytes)
    %Program Files%\Tencent\QQBrowser\Html\manage\js\business.js (8 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\history\img\atbk2.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\lock_hover.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\service\QQTrace.ini (3 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\gray.png (501 bytes)
    %Program Files%\Tencent\QQBrowser\Html\manage\app\images\plugin2.png (6 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\Infobar\image\infobar_offlineurl.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\account_hover.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\Microsoft.VC90.CRT\msvcr90.dll (8224 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\js\business.js (8 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\icon_suggested_action.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\account.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Thumb\http___browser.qq.com_new_wechat1.0.html_type=1.jpg (10 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\reader.html (30 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\image\accountInfo.png (1 bytes)
    %Program Files%\Tencent\QQBrowser\Html\manage\app\images\wifi_dialog_continue_btn.png (1 bytes)
    %Program Files%\Tencent\QQBrowser\Html\lib\template.js (1 bytes)
    %Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\delete_hover.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\history_active.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\dock_game.png (3 bytes)
    %Program Files%\Tencent\QQBrowser\Html\manage\img\skin.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{C74EB4B8-B51A-4BF7-A213-E29859D69D83}.qrx (15 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\Config.xml (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\db\history.db (108 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}.qrx (1281 bytes)
    %Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\arrowdown.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Extensions8\{5062F1C6-D76B-43c8-ADAE-D060662C6546}\extplayer.js (30 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\skin_selected_blank_ie.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\unlock_hover.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\wifi_dialog_continue_btn.png (1 bytes)
    %Program Files%\Tencent\QQBrowser\Html\manage\history\img\atbk2.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\delete_hover_ie.png (1 bytes)
    %Program Files%\Tencent\QQBrowser\Html\quickaccess\js\api.js (3 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\js\global.js (394 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\manifest.json (5 bytes)
    %Program Files%\Tencent\QQBrowser\Html\manage\app\images\wifi_dialog_close_btn.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\{6970B802-2F13-4038-B620-33B0211D26A0} (99 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\manifest.json (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\{6970B802-2F13-4038-B620-33B0211D26A0} (601 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\lock_hover_ie.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\delete_hover.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\text_light.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\index.html (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\QBUtils.dll (17689 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\history\img\del2.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\css\app.css (9 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\homepage\0\website\icon.fw.png (8 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\img\search.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin_hover.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\certerror.html (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Extensions8\Temp\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}.qrx (244 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin.png (1 bytes)
    %Program Files%\Tencent\QQBrowser\Html\manage\img\skin\picker_floor.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Extensions8\Temp\{A1D7EDF6-6151-4F2D-B39E-01D6FABE0325}.qrx (19 bytes)
    %Program Files%\Tencent\QQBrowser\Html\manage\app\images\small_installed_arrow.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\HomePage\0\website\icon.fw.png (8 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Thumb\http___www.3366.com__ADTAG=cop.QQbrowser.8new.jpg (16 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\8.0.0.12\QBSafe.dll (1735 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\app_active.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\history\css\history.css (8 bytes)
    %Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\arrowdown_ie.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\Dialogs.dll (10771 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\HomePage\0\website\imgSearch.png (10 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\addressbar_white.png (5 bytes)
    %Program Files%\Tencent\QQBrowser\Html\quickaccess\index.html (1 bytes)
    %Program Files%\Tencent\QQBrowser\Html\images\bkg.gif (22 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\dr.dll (864 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\js\api.js (3 bytes)
    %Program Files%\Tencent\QQBrowser\Html\manage\img\skin\text_light.png (1 bytes)
    %Program Files%\Tencent\QQBrowser\Html\images\searchlogo_24_bing.png (442 bytes)
    %Program Files%\Tencent\QQBrowser\Html\manage\favicon\index.html#skin.ico (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Extensions8\Temp\{132A61AD-1025-4629-960D-B21EE8BAABB3}.qrx (17 bytes)
    %Program Files%\Tencent\QQBrowser\Html\lib\jquery.easing.js (3 bytes)
    %Program Files%\Tencent\QQBrowser\Html\manage\app\images\warn-dialog-close.png (295 bytes)
    %Program Files%\Tencent\QQBrowser\Html\manage\history\img\up-down.png (999 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\delete_ie.png (1 bytes)
    %Program Files%\Tencent\QQBrowser\Html\manage\img\skin_active.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\HomePage\0\website\sogou_web.png (5 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\unlock_active.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Liveup\Temp\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\qqtrack.xml (7 bytes)
    %Documents and Settings%\%current user%\Desktop\上网导航.lnk (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\skin_selected_blank.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\lock_ie.png (1 bytes)
    %Program Files%\Tencent\QQBrowser\Html\manage\img\skin_hover.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\InstModules\QBUtils.dll (12287 bytes)
    %Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\delete_active.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Adblock\{43789A6F-8316-54A6-96D4-87874B9CC177} (5 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\css\style.css (2 bytes)
    %Documents and Settings%\%current user%\Desktop\QQ浏览器.lnk (1 bytes)
    %Program Files%\Tencent\QQBrowser\Html\manage\img\skin\skin_selected_white.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\{B00D20E2-207A-431A-9712-E1279792681B} (89 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\image\infobar_close_normal.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\arrowdown_hover.png (1 bytes)
    %Program Files%\Tencent\QQBrowser\Html\manage\favicon\index.html#history.ico (1 bytes)
    %Program Files%\Tencent\QQBrowser\Infobar\image\infobar_close_active.png (1 bytes)
    %Program Files%\Tencent\QQBrowser\Html\manage\app\images\plugin1.png (11 bytes)
    %Program Files%\Tencent\QQBrowser\service\PerfTraceService.exe (1425 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Adblock\wbg.png (136 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\js\business.js (9 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\history.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\account_active.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\wifi_dialog_continue_btn.png (1 bytes)
    %Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\arrowdown_hover.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\content.js (30 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Video\vd.ini (1 bytes)
    %Program Files%\Tencent\QQBrowser\Infobar\image\infobar_close_hover.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Thumb\http___www.qq.com__pgv_ref=qqBrowserPC.jpg (16 bytes)
    %Program Files%\Tencent\QQBrowser\Html\manage\app\images\uninstallBtn.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\js\global.js (1 bytes)
    %Program Files%\Tencent\QQBrowser\skin\LightStripes.gt (601 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\default.ico (1 bytes)
    %Program Files%\Tencent\QQBrowser\Html\manage\img\skin\theme_ie.png (15 bytes)
    %Program Files%\Tencent\QQBrowser\Html\manage\img\skin\picker_floor_hover.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\img\closeBtnSearchbar.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\lock.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\img\atbk2.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\picker_floor_hover.png (1 bytes)
    %Program Files%\Tencent\QQBrowser\Html\quickaccess\js\business.js (9 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\Infobar\image\icon.png (487 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Extensions8\Temp\{ACC06D2A-2285-4ed9-B4E4-0F3198501410}.qrx (12 bytes)
    %Program Files%\Tencent\QQBrowser\uninst.exe (2105 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\image\infobar_close_hover.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\night.png (546 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\picker_ceil.png (1 bytes)
    %Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\quicklink_newcelltag_ie.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\css\app.css (9 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\app_hover.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\wifi_dialog_cancel_btn.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\js\api.js (3 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\background.html (122 bytes)
    %Program Files%\Tencent\QQBrowser\Html\manage\img\skin\addressbar_blank.png (5 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\image\accountInfo.png (1 bytes)
    %Program Files%\Tencent\QQBrowser\Html\private.html (3 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\history\img\checkbox.png (1 bytes)
    %Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\unlock_active.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\app.js (17 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\default-icon.png (1 bytes)
    %Program Files%\Tencent\QQBrowser\Resource.dll (673 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\manifest.json (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}.qrx (2105 bytes)
    %Program Files%\Tencent\QQBrowser\Html\manage\img\skin\picker_ceil_hover.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\css\history.css (8 bytes)
    %Program Files%\Tencent\QQBrowser\app.ico (284 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\js\tool.js (3 bytes)
    %Program Files%\Tencent\QQBrowser\Html\images\shadow-bottom.png (2 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\default-icon.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin_active.png (1 bytes)
    %Program Files%\Tencent\QQBrowser\QBUtils.dll (12287 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\js\tool.js (3 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\62B5AF9BE9ADC1085C3C56EC07A82BF6 (224 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\history\history2.js (21 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\small_installed_arrow.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\InstModules\Microsoft.VC90.CRT\msvcr90.dll (4185 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{7E2975A3-E661-42F2-8614-A9D18CBB20FE}.qrx (19 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\css\style.css (11 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\qqtrack.xml (7 bytes)
    %Program Files%\Tencent\QQBrowser\NetWork.dll (673 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\CustomerJoinPlan.txt (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Adblock\whitelist.ze (1 bytes)
    %Program Files%\Tencent\QQBrowser\TridentCore.dll (7345 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\css\style.css (6 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\appdata\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}.qrx (1645 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\QQBrowserLiveup.exe (3502 bytes)
    %Program Files%\Tencent\QQBrowser\Html\manage\img\app.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\unlock_active.png (1 bytes)
    %Program Files%\Tencent\QQBrowser\Html\images\Private-icon.png (3 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\background.js (31 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\close.png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\WebpDecodeFilter.dll (2128 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\license.txt (17 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\skin_selected_white.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\images\bkg.gif (22 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\12au72d76\bin\service\PerfTraceService.exe (2934 bytes)
    %Program Files%\Tencent\QQBrowser\Assistant.dll (2321 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\pink.png (716 bytes)
    %Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\unlock.png (1 bytes)
    %Program Files%\Tencent\QQBrowser\Html\quickaccess\img\dock_video_hover.png (3 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{E5914276-7752-43C4-9723-50EE9CF51AD8}.qrx (16 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsn2.tmp\24.tmp (76976 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsn2.tmp\V8._85296_20150814221218.exe (40581 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsn2.tmp\f.gif (2684 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsn2.tmp\System.dll (11 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsn2.tmp\21.tmp (394252 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsn2.tmp\kinst_168_57.exe (9483 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsn2.tmp\NSISdl.dll (14 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsn2.tmp\lxsaju.exe (663147 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsn2.tmp\5590b2ab_1202000454.exe (334277 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsn2.tmp\ZipDLL.dll (3441 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsn2.tmp\25.tmp (55386 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsn2.tmp\Base64.dll (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsn2.tmp\1332280.exe (36879 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsn2.tmp\DeskDrawer_0016212_01.exe (8737 bytes)
    %WinDir%\Tasks\QQBrowser Udpater Task(Core).job (280 bytes)
    %WinDir%\Tasks\QQBrowser Udpater Task.job (276 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\dr_packet.dat (392 bytes)
    %Program Files%\Tencent\QQBrowser\QQBrowserConfig.dat (114 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Skin\001-Cool Air.gt (252503 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Skin\LightStripes.gt (601 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\quicklink_recommendcelltag.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\private.html (3 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\history\history2.js (21 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\account_hover.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\app\images\uninstallBtn.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\app\images\qblogo.png (868 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\skin_hover.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\lib\jquery.mCustomScrollbar.css (9 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manifest.json (211 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\history\css\history.css (8 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\skin\skin_mask.png (923 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\images\searchlogo_24_soso.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\sidebar\phone.png (16 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\account.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\images\Private-icon.png (3 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\favicon\index.html#account.ico (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\skin\skin_selected_blank_ie.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\app\images\wifi_dialog_continue_btn.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{66AC5389-365D-4B55-BF5C-5A2A4BC21CCD}\8.0.0.44\wechat.ico (137 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\history.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\css\ycalendar.css (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\skin.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\arrowdown_ie.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\unlock.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\index.html (17 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\skin\skin_selected_white.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\unlock_hover_ie.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\history\img\search.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\history\img\checkbox.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\skin\theme_ie.png (15 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\images\searchlogo_24_bing.png (442 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\app\images\default-icon.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\arrowdown.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\skin\addressbar_blank.png (5 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\skin\picker_floor_hover.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\css\style.css (5 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\8.0.0.131\manifest.json (269 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\delete.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\favicon\index.html#skin.ico (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\history\img\del.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\default.ico (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\account\down.png (971 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\sidebar\dock_game.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\images\small.png (2 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\js\business.js (8 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\skin\theme.png (25 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\app\images\wifi_dialog_close_btn.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\event\ext.png (13 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\quicklink_toast_unlocked.png (2 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\delete_active_ie.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\js\api.js (3 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\lib\jquery.mCustomScrollbar.concat.min.js (37 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\account\up.png (971 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\quicklink_toast_locked.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\app\images\large_installed_arrow.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\skin\addressbar_white.png (5 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\skin\text_light.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\images\icon_not_recommended.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\history\img\down.png (960 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\images\icon_suggested_action.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Scope\228\History\desktop.ini (159 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\history\img\atbk1.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\history\img\atbk2.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\app\sliderman.1.3.7.js (19 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\qrxD.tmp.qbl (64977 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\sidebar\arrow_expand.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\sidebar\dock_video.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\app\images\warn-dialog-close.png (295 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\8.0.0.131\QBSafe.dll (1782 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\lock_active.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\skin\tab_bg_blank.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\quicklink_newcelltag_ie.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{66AC5389-365D-4B55-BF5C-5A2A4BC21CCD}\8.0.0.44\NetService.dll (3724 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\css\style.css (11 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\skin_active.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\quicklink_newcelltag.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\js\api.js (3 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\close.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\index.html (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\js\business.js (9 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\small.html (2 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\delete_ie.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\delete_hover_ie.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\history\img\up-down.png (999 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\lib\jquery.min.js (92 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\unlock_active.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\app\images\loading.gif (5 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\quicklink_recommendcelltag_ie.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{6C1AE4FB-CABB-4509-9394-6CF047DA5B1A}\qrx18.tmp.qbl (6242 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\unlock_active_ie.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\js\init.js (4 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\event\bg.png (49 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\skin\picker_floor.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\skin\tab_bg_white.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\sidebar\dock_phone.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{66AC5389-365D-4B55-BF5C-5A2A4BC21CCD}\qrx17.tmp.qbl (88899 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\qrx13.tmp.qbl (100555 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\images\bkg.gif (22 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\app\images\wifi_dialog_cancel_btn.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\app.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\skin\picker_ceil.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Scope\228\History\History.IE5\desktop.ini (159 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\js\global.js (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\app\app.js (17 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\lib\template.js (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\js\init.js (8 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\lock_hover.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\manifest.json (5 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\js\sidebar.js (3 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\account_active.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\error.html (7 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\favicon\index.html#history.ico (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\images\searchlogo_24_sogou.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\app\images\installed_arrow.png (176 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\lib\ycalendar.js (4 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\sidebar\qb-flag.png (989 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\app_active.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\lock_active_ie.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\arrowdown_hover.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\sidebar\dock_qq.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\delete_active.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\favicon\index.html#app.ico (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\js\tool.js (3 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\lock_ie.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\app\css\app.css (9 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\images\pixel.gif (43 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{8A24087F-391C-4695-B60C-56BE31AF1ECC}\qrx16.tmp.qbl (50 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\lock_hover_ie.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\images\searchlogo_24_baidu.png (870 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\app\images\plugin1.png (11 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\history_active.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\images\searchlogo_24_google.png (919 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\skin\skin_selected_white_ie.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\unlock_hover.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\history\img\del2.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\lock.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\sidebar\arrow_fold.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\history\img\closeBtnSearchbar.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\lib\jquery.easing.js (3 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\searchbar_searchengine_arrow.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\history_hover.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\unlock_ie.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\app_hover.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\sidebar\dock_live.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\certerror.html (3 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\js\global.js (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\images\hse.png (4 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\skin\picker_ceil_hover.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\img\skin\skin_selected_blank.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\delete_hover.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\img\grid\arrowdown_hover_ie.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\js\search.js (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\images\search_btn.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\app\images\small_installed_arrow.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\images\shadow-bottom.png (2 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\quickaccess\css\sidebar.css (2 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{66AC5389-365D-4B55-BF5C-5A2A4BC21CCD}\8.0.0.44\manifest.json (270 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\app\images\plugin3.png (3 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\app\images\plugin2.png (6 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.1.2.8\Html\manage\app\images\site_text.png (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\QQBrowserLog\20160902_201925.etl (28 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ClientUpdate\cli12.tmp.qbl (592 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\OnlineSetup\sso\QQBrowserOTA.exe (7386 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\etilqs_l40h9cgmOj6oRo4 (73 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\OnlineSetup\QQBrowserFix\QQBrowserOTA.exe (313 bytes)
    %Documents and Settings%\%current user%\Cookies\Current_User@sogou[2].txt (277 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ClientUpdate\cli14.tmp.qbl (11807 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\OnlineSetup\QQMail\iniE.tmp.qbl (355 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\DB\favorite.db-journal (14062 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\DB\history.db-journal (15492 bytes)
    %Documents and Settings%\%current user%\Cookies\Current_User@sogou[1].txt (610 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5 (933 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\DB\favicons.db-journal (9552 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\OnlineSetup\QQBrowserFix\QQBrowserFix.zip.qbl (67201 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\etilqs_Q2Zh96bqHtsY5eo (540 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ClientUpdate\cli10.tmp.qbl (34120 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\OnlineSetup\sso\sso.zip.qbl (259937 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\OnlineSetup\QZonePhoto\iniF.tmp.qbl (355 bytes)
    %Documents and Settings%\%current user%\Cookies\[email protected][1].txt (156 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\OnlineSetup\QQMail\QQMail.zip.qbl (136591 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\OnlineSetup\sso\ini5.tmp.qbl (355 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\OnlineSetup\QQMail\QQBrowserOTA.exe (1849 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5 (164 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\etilqs_pGfT25XRAyhadrg (66 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\OnlineSetup\QQBrowserFix\ini6.tmp.qbl (355 bytes)
    %Documents and Settings%\%current user%\Cookies\index.dat (1552 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\DB\homepage.db-journal (2750 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ClientUpdate\update.ini (108 bytes)
    %Documents and Settings%\%current user%\Cookies\[email protected][1].txt (158 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\I9I58XG7\masterconn.qq[1] (246 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\QBWRQ5Y3\favicon[1].ico (50 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\QBWRQ5Y3\masterconn.qq[1] (132 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\I9I58XG7\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\History\History.IE5\desktop.ini (159 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\QF4VEVUN\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\QBWRQ5Y3\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\EDCJ6H0N\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Cookies\[email protected][2].txt (158 bytes)
    %Program Files%\DeskDrawer\Res\jilu.ini (2 bytes)
    %Documents and Settings%\%current user%\Cookies\Current_User@99ruyi[1].txt (212 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\MsgPush.dll (3668 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\BrowserCore.dll (7386 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\mafengwo\1.0.0.8\PluginSetup.xml (643 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\weixin\1.0.0.8 (4 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\BaiduAssistant.exe (1687 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\img\bg-button-new.png (977 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\apps\bookmarks\favicon.ico (5 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\tieba\1.0.0.8\PluginSetup.xml (636 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\weixin\1.0.0.8\skinres.rdb (9 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\vsu\gc.7z (47888 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Skins\popwindow.rdb (46 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\weibo\1.0.0.8\PluginSetup.xml (634 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\AppPluginState_Install.xml (931 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\img\icon-clear-general-png8.png (841 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\img\logo57x65.png (4 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xiachufang\1.0.0.8\completelist.txt (30 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Skins\MainFrame.rdb (5442 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\bdlog.dll (38 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Skins\AppContainer.rdb (119 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\img\bg-radio-checked.png (1 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\tieba\1.0.0.8\complete_check_list.pb (192 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\uninst.exe (281 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\resou\1.0.0.8\completelist.txt (30 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Skins\FrameMask.rdb (40 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\tieba\1.0.0.8\completelist.txt (30 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\apps\error-pages\res\js\common.js (2 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\apps\bookmarks\res\css\img\arrow-png8.png (260 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\box-shadow.css (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\common\Software.pb (601 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\js\map.js (8 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xiachufang\1.0.0.8\PluginSetup.xml (646 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\img\icon-connect.png (1 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\img\icon-circle-loading.gif (9 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Skins\BDSearchBar.rdb (1716 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\tieba\1.0.0.8\complete_check_list.pb (192 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\ximalaya\1.0.0.8\PluginSetup.xml (643 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\xiachufang\1.0.0.8\PluginSetup.xml (646 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\img\bg-button-search.png (382 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\img\bg-box-shadow-center-left.png (130 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\weixin\1.0.0.8\PluginSetup.xml (638 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\game\1.0.0.2\JoystickService.dll (673 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\youxijiasuqi\2.0.800.1274\completelist.txt (1 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\img\bg-textbox.png (601 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\gupiao\1.0.0.8\PluginSetup.xml (496 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\jietu\2.101.0.65\completelist.txt (64 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\apps\error-pages\connection-fail.html (12 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\apps\bookmarks\res\css\img\folder-arrow-hover-png8.png (1 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\jietu\2.101.0.65\PluginSetup.xml (637 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Skins\homepage.rdb (3 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xinwen\1.0.0.9\completelist.txt (30 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\apps\error-pages\crash.html (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\weibo\1.0.0.8\complete_check_list.pb (192 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\img\logo_blank.png (1 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Skins\msgcenter.rdb (25 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\ExternalMgr.dll (281 bytes)
    %Documents and Settings%\All Users\Application Data\Baidu\Common\Global.db (100 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\img\icon-clear-new-8.png (1 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\mafengwo\1.0.0.8\completelist.txt (30 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\ximalaya\1.0.0.8 (4 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\img\mg-close.png (170 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\jietu\2.101.0.65\skinres.rdb (8 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\ximalaya\1.0.0.8\skinres.rdb (6 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\game\1.0.0.2\complete_check_list.pb (300 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\img\icon-clear-new.png (451 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\img\icon-loading.gif (5 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Protocol.dll (1647 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\img\button-search-input.png (332 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\img\bg-button.png (1 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\BIDULocationService.dll (3663 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\BaiduUpdate.exe (1756 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\img\bg-box-shadow-bottom-right.png (259 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\weibo\1.0.0.8\complete_check_list.pb (192 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\jietu\2.101.0.65\completelist.txt (64 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Skins\Update.rdb (122 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\defaultDB\bookmark.db (10 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xiachufang\1.0.0.8\complete_check_list.pb (192 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\xiachufang\1.0.0.8\skinres.rdb (8 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\common\auto_complete\top_site.db (673 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\img\icon-404.png (1 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\img\bg-checkbox-unchecked.png (361 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\js\jssdk-v2.js (10 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\game\1.0.0.2\PluginSetup.xml (502 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\font\open-sans\OpenSans-Light-webfont.woff (22 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\img\bg-checkbox-checked.png (1 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\LocalPluginInfo.xml (6 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Skins\Apps.rdb (67 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\pack_z.png (17 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\resou\1.0.0.8 (4 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\weixin\1.0.0.8\skinres.rdb (9 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\BDMSkin.dll (6394 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\youxijiasuqi\2.0.800.1274\complete_check_list.pb (8 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\GlobalPluginInfo.xml (11 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xinwen\1.0.0.9\complete_check_list.pb (192 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\BaiduBugRpt.exe (1778 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\img\bg-box-shadow-top-center.png (122 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\chromeclient.dll (15021 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\img\top\365.png (2 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\xiachufang\1.0.0.8\complete_check_list.pb (192 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\jietu\2.101.0.65\PluginSetup.xml (637 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\xiachufang\1.0.0.8\completelist.txt (30 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\DetectVm.dll (76 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\msvcr100.dll (3846 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\img\bg-box-shadow-center-right.png (130 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\img\checkbox-8.png (1 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\img\bg-box-shadow-bottom-left.png (249 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\reset.css (826 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\mafengwo\1.0.0.8\completelist.txt (30 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\mafengwo\1.0.0.8\skinres.rdb (7 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\apps\bookmarks\res\css\img\head-star-png8.png (450 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\gupiao\1.0.0.8\completelist.txt (30 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Skins\BrowserNotify.rdb (259 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\img\general.png (379 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\img\top\qxdh20140619.png (2 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\img\app-reload.png (1 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Report.dll (116 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\resou\1.0.0.8\PluginSetup.xml (634 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Heartbeat.dll (237 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\game\1.0.0.2\PluginSetup.xml (502 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\youxijiasuqi\2.0.800.1274\completelist.txt (1 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\login_z.png (365 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\img\icon-alert-ok.png (79 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\ximalaya\1.0.0.8\completelist.txt (30 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\AppPluginState_Install.xml (931 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\font\open-sans\OpenSans-Light-webfont.ttf (37 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\error-pages_z.png (32 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\weixin\1.0.0.8\PluginSetup.xml (638 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\mafengwo\1.0.0.8\skinres.rdb (7 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\img\mg-foward.png (156 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\img\iframe_loading.gif (19 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\xinwen\1.0.0.9\PluginSetup.xml (638 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\mafengwo\1.0.0.8\complete_check_list.pb (192 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\js\global.js (224 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\img\top\349.png (3 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\bdminiopenssl.dll (1714 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\resou\1.0.0.8\completelist.txt (30 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\img\banner.png (5 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\js\DD_belatedPNG_0.0.8a-min.js (6 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\img\logo25x29.png (1 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\BDDocker.dll (145 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\js\respond.min.js (4 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\defaultDB\top_site.db (133 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\img\top\44.png (3 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\gupiao\1.0.0.8\complete_check_list.pb (192 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\BrowserFrame.dll (7972 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\apps\bookmarks\res\css\img\folder-arrow-png8.png (292 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\apps\bookmarks\res\css\img\folder.png (276 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\resou\1.0.0.8\skinres.rdb (11 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\defaultDB\136.dat (3 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\weixin\1.0.0.8\completelist.txt (30 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\img\top\366.png (5 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\jietu\2.101.0.65\complete_check_list.pb (392 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\rpt.dat (41216 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LogicMisc.dll (28502 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\img\privacy.png (296 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\apps\error-pages\app-error.html (3 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\apps\login\login.html (5 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\img\bg-searchbox-active.png (893 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\msvcp100.dll (1702 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\img\png8-login-success.png (824 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\apps\bookmarks\bookmarks.html (3 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\img\top\343.png (4 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\js\login_mods.js (157 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\common\appBlackList.dat (5 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Skins\AssociateWnd.rdb (122 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\jietu\2.101.0.65\jietuDll.dll (601 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\game\1.0.0.2\completelist.txt (51 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\img\default-icon.png (1 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\bookmarks.css (9 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\tieba\1.0.0.8\skinres.rdb (8 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Skins\CommonRes.rdb (1815 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\img\button-baidu-search.png (379 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Skins\Setting.rdb (79 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\apps\bookmarks\res\css\img\png8-dialog-close.png (1 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\BaiduService.exe (240 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\atl100.dll (138 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\BDDockerX64.dll (170 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\img\se\icon-baidu1.png (1 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\img\bg-box-shadow-top-left.png (194 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\game\1.0.0.2\skinres.rdb (8 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\youxijiasuqi\2.0.800.1274\PluginSetup.xml (523 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\BDDockerX64.exe (148 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\resou\1.0.0.8\PluginSetup.xml (634 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\gupiao\1.0.0.8\PluginSetup.xml (496 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\apps\bookmarks\res\css\img\png8-dialog.png (1 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\weibo\1.0.0.8\PluginSetup.xml (634 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Baidu.exe (3740 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\jietu\2.101.0.65\complete_check_list.pb (392 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\apps\error-pages\connection-error.html (12 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\common\msgconfig.pb (71 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\jietu\2.101.0.65\screensnapshot.exe (6841 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\UIHandler.dll (20507 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\youxijiasuqi\2.0.800.1274\complete_check_list.pb (8 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\gupiao\1.0.0.8\skinres.rdb (8 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\xinwen\1.0.0.9\completelist.txt (30 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\js\request.js (3 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\error-pages_x.png (89 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\tieba\1.0.0.8\skinres.rdb (8 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\error-pages.css (3 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\xinwen\1.0.0.9\complete_check_list.pb (192 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\mafengwo\1.0.0.8\PluginSetup.xml (643 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\jietu\2.101.0.65\jietuDll.dll (86 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Download.dll (68 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\img\bg-box-shadow-top-right.png (202 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\youxijiasuqi\2.0.800.1274\PluginSetup.xml (523 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\img\se\icon-baidu.png (367 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xiachufang\1.0.0.8\skinres.rdb (8 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\CommonWorker.dll (57 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\img\top\363.png (4 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\bookmarks_z.png (7 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\img\bg-circle-loading-large.png (17 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\pack.css (31 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\weixin\1.0.0.8\completelist.txt (30 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\img\bg-circle-loading.png (6 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\gupiao\1.0.0.8\completelist.txt (30 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Skins\AroundWidget.rdb (21 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\img\1px.png (947 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\resou\1.0.0.8\complete_check_list.pb (192 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\img\se\icon-google.png (1 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\bdb_scheme.dat (742 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Skins\Menu.rdb (76 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\CheckerProxy.dll (136 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\resou\1.0.0.8\skinres.rdb (11 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\weibo\1.0.0.8\skinres.rdb (10 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\img\se\icon-taobao.png (1 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\img\bg-searchbox.png (893 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\youxijiasuqi\2.0.800.1274\skinres.rdb (7 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\LocalPluginInfo.xml (6 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\ximalaya\1.0.0.8\completelist.txt (30 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\img\png8-ex.png (1 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\defaultDB\msgconfig.pb (71 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\img\checkbox-off.png (322 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\font\open-sans\OpenSans-Light-webfont.svg (117 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\img\mg-back.png (154 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\img\bg-button-search-large.png (408 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\img\button-refresh.png (562 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\weibo\1.0.0.8\skinres.rdb (10 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\img\top\368.png (5 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\img\png8-logo57x65.png (2 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\img\icon-clear-general.png (866 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\channel.dll (213 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\BDDocker.exe (46 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\game\1.0.0.2\complete_check_list.pb (300 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\defaultDB\Software.pb (117 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\ximalaya\1.0.0.8\complete_check_list.pb (192 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\weixin\1.0.0.8\complete_check_list.pb (192 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\img\top\344.png (1 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\xinwen\1.0.0.9\skinres.rdb (5 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\game\1.0.0.2\skinres.rdb (8 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\js\json2.js (2 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\apps\bookmarks\res\css\img\icon-tree-search-ie8.png (15 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\img\bg-radio-tooltip-png8.png (329 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\ximalaya\1.0.0.8\skinres.rdb (6 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\PluginMgr.dll (3794 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\ximalaya\1.0.0.8\PluginSetup.xml (643 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\tieba\1.0.0.8\PluginSetup.xml (636 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\w\y.dll (57011 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\GlobalPluginInfo.xml (11 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Update.dll (160 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\game\1.0.0.2\completelist.txt (51 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\img\mg-refresh.png (215 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\ximalaya\1.0.0.8\complete_check_list.pb (192 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\img\advance.png (377 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\js\mod.js (1 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\img\bg-box-shadow-bottom-center.png (143 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\img\bg-radio-unchecked.png (1 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Base.dll (5442 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\defaultDB\appBlackList.dat (5 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\jietu\2.101.0.65\screensnapshot.exe (6307 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\login.css (6 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\img\login-success.png (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\weibo\1.0.0.8\completelist.txt (30 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\apps\bookmarks\res\css\ie-fix.css (1 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\js\bookmarks_mods.js (52 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\mafengwo\1.0.0.8\complete_check_list.pb (192 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\font\open-sans\OpenSans-Light-webfont.eot (19 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\gupiao\1.0.0.8\complete_check_list.pb (192 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\img\checkbox-on.png (849 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\img\top\347.png (4 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xinwen\1.0.0.9\skinres.rdb (5 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\css\img\mg-newtab.png (197 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\gupiao\1.0.0.8\skinres.rdb (8 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\xinwen\1.0.0.9\PluginSetup.xml (638 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\tieba\1.0.0.8\completelist.txt (30 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\BDClientProxy.dll (3753 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\chromehost.dll (28890 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\defaultDB\UsualNames.pb (421 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\weibo\1.0.0.8\completelist.txt (30 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\img\arrow.png (216 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\game\1.0.0.2\JoystickService.dll (176 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\BaiduClientRender.exe (44 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\weixin\1.0.0.8\complete_check_list.pb (192 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Plugins\extends\youxijiasuqi\2.0.800.1274\skinres.rdb (7 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\chromehostchild.dll (84 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\user_data\default\bookmark\bookmark.db (10 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\img\gray1px.png (918 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\config\136.dat (3 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\res\img\top\1.png (3 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\apps\error-pages\ssl-error.html (1 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Utils.dll (3915 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\jietu\2.101.0.65\skinres.rdb (8 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\resou\1.0.0.8\complete_check_list.pb (192 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\LocalPages\apps\error-pages\404.html (12 bytes)
    %Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\dl.dll (6426 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\is-F3PDO.tmp\IsTaskEx.dll (601 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\is-F3PDO.tmp\_isetup\_shfoldr.dll (23 bytes)
    %Program Files%\DeskDrawer\Res\is-BI9BP.tmp (3 bytes)
    %Program Files%\DeskDrawer\Res\is-4KDP5.tmp (3 bytes)
    %Program Files%\DeskDrawer\Res\is-MJ95J.tmp (3 bytes)
    %Documents and Settings%\All Users\Start Menu\Programs\51³éÌë\51³éÌë.lnk (786 bytes)
    %Program Files%\DeskDrawer\Res\is-ICB62.tmp (2 bytes)
    %Program Files%\DeskDrawer\Res\is-I04KH.tmp (9 bytes)
    %Program Files%\DeskDrawer\Res\is-VI1HH.tmp (396 bytes)
    %Program Files%\DeskDrawer\Res\is-FDL2M.tmp (3 bytes)
    %Program Files%\DeskDrawer\Res\is-L1J2I.tmp (3 bytes)
    %Program Files%\DeskDrawer\Res\is-N0IQD.tmp (15 bytes)
    %Program Files%\DeskDrawer\Res\is-J2RUC.tmp (3 bytes)
    %Program Files%\DeskDrawer\unins000.dat (3976 bytes)
    %Program Files%\DeskDrawer\Res\is-TCV1H.tmp (9 bytes)
    %Program Files%\DeskDrawer\is-3AR0Q.tmp (35 bytes)
    %Program Files%\DeskDrawer\Res\is-UCG9T.tmp (17 bytes)
    %Program Files%\DeskDrawer\app\is-K4PIN.tmp (3361 bytes)
    %Program Files%\DeskDrawer\Res\is-VA0FI.tmp (9 bytes)
    %Program Files%\DeskDrawer\app\is-Q9L30.tmp (3361 bytes)
    %Program Files%\DeskDrawer\app\is-0I6LD.tmp (15 bytes)
    %Program Files%\DeskDrawer\app\is-I3KC0.tmp (3361 bytes)
    %Program Files%\DeskDrawer\Res\is-H2V82.tmp (358 bytes)
    %Documents and Settings%\All Users\Desktop\51³éÌë.lnk (774 bytes)
    %Program Files%\DeskDrawer\Res\is-9KGNP.tmp (3 bytes)
    %Program Files%\DeskDrawer\Res\is-CET1P.tmp (129 bytes)
    %Program Files%\DeskDrawer\app\is-O8LCH.tmp (4185 bytes)
    %Program Files%\DeskDrawer\is-H0GN7.tmp (25285 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\is-1R2II.tmp\IsTaskEx.dll (601 bytes)
    %Program Files%\DeskDrawer\is-P48BV.tmp (601 bytes)
    %Program Files%\DeskDrawer\Res\is-CUT8T.tmp (3 bytes)
    %Documents and Settings%\All Users\Start Menu\Programs\51³éÌë\жÔØ51³éÌë.lnk (708 bytes)
    %Program Files%\DeskDrawer\Res\is-IEB0K.tmp (9 bytes)
    %Program Files%\DeskDrawer\app\is-GDQHQ.tmp (673 bytes)
    %Program Files%\DeskDrawer\Res\is-TMT26.tmp (2 bytes)
    %Program Files%\DeskDrawer\Res\is-4NSC1.tmp (1 bytes)
    %Program Files%\DeskDrawer\Res\is-Q03LL.tmp (3 bytes)
    %Program Files%\DeskDrawer\Res\is-15BAP.tmp (660 bytes)
    %Program Files%\DeskDrawer\Res\is-7KF75.tmp (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\is-1R2II.tmp\_isetup\_shfoldr.dll (23 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\user_data\default\settings\user_setting.db (24 bytes)
    %Documents and Settings%\All Users\Application Data\Baidu\XCommon\verify.db (100 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\common\settings\custom_setting.db (2334 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\common\CloudJSInject\CloudJSInject.xml (3 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\user_data\default\lapuda\appstorage_nonuser.db (481 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin\extends\AppPluginState.xml (2 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\common\force_sug\taskbar_force_sug_backup.pb (7 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\common\bubble_tips\3.png (9 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\config\searchbar_in_tips.dat (50 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\user_data\default\lapuda\appstorage_user.db-journal (512 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\common\searchbar_in_tips\searchbar_in_tips.pb (1 bytes)
    %Documents and Settings%\All Users\Baidu\BDCLProxy\10000302_131173103727390000_1_2892.dat (54 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\user_data\default\account\user_cert_id.cert.bk (2 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\user_data\default\lapuda\appstorage_nonuser.db-journal (512 bytes)
    %Documents and Settings%\All Users\Baidu\BDCLProxy\10000302_131173103727390000_0_2892.dat (221 bytes)
    %Documents and Settings%\All Users\Baidu\BDCLProxy\10000302_131173103727390000_2_2892.dat (40 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\common\settings\default_setting.db (24 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin_pack\bff93614a73a07f615636a18857c5581.7z.bdl (169993 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\bdt\aa55e5e7f8d09a95bdb9ad417bab49fd.bdt (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\bdt\2af9e692c0b05cd1d3d16b8b77b372b9.bdt (4 bytes)
    %Documents and Settings%\All Users\Application Data\Baidu\Desktop\Global.db (16 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin_pack\InstallingPlugins.xml (405 bytes)
    %Documents and Settings%\%current user%\Application Data\Baidu\Baidu\plugin_pack\7fe9c23ea4537229629a8114b9d61997.7z.bdl (141125 bytes)
    %Documents and Settings%\%current user%\Desktop\百度.lnk (983 bytes)
    %Documents and Settings%\%current user%\Start Menu\Programs\百度\卸载百度.lnk (992 bytes)
    %Documents and Settings%\%current user%\Start Menu\Programs\百度.lnk (989 bytes)
    %Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\百度.lnk (1 bytes)
    %Documents and Settings%\%current user%\Start Menu\Programs\百度\百度.lnk (995 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nscC.tmp\System.dll (11 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\SSO\SSOCommon.dll (41699 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nscC.tmp\InstallHelper.dll (6584 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsmA.tmp (75954 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\SSO\SSOPlatform.dll (48241 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nscB.tmp\System.dll (11 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsx9.tmp (15764 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ProblemFix\QQBrowserFix.exe (13368 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nscB.tmp\InstallHelper.dll (6584 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ProblemFix\FixItems.xml (1 bytes)
    %Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ProblemFix\QQBrowserFix.wsf (324 bytes)
    %Program Files%\Tencent\QQMail\TXGYMailActiveX_2.dll (10517 bytes)
    %Program Files%\Tencent\QQMail\TXGYMailCamera_2.dll (13224 bytes)
    %Program Files%\Tencent\QQMail\TXFTNActiveX_2.dll (13880 bytes)

  4. Delete the following value(s) in the autorun key (How to Work with System Registry):

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
    "BaiduClient" = "%Documents and Settings%\%current user%\AppData\Local\Baidu\BDClient\2.3.0.1732\Baidu.exe -noclient"

  5. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
  6. Reboot the computer.

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

Average: 2 (1 vote)


Lavasoft is the maker of Ad-Aware, the world's most popular anti-malware software with over 450 million downloads.
© 2026 Lavasoft. All rights reserved.
Terms Of Use |   Privacy Policy


x

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Enjoy unique new features, lightning fast scans and a simple yet beautiful new look in our best antivirus yet!

For a quicker, lighter and more secure experience, download the all new adaware antivirus 12 now!

Download adaware antivirus 12
No thanks, continue to lavasoft.com
close x

Discover the new adaware antivirus 12

Our best antivirus yet

Download Now