Trojan.NSIS.StartPage_61e341671e

by malwarelabrobot on April 3rd, 2016 in Malware Descriptions.

Susp_Dropper (Kaspersky), Adware.Chindo (A) (Emsisoft), Trojan.NSIS.StartPage.FD, Trojan.Win32.Swrort.3.FD, mzpefinder_pcap_file.YR, GenericInjector.YR (Lavasoft MAS)
Behaviour: Trojan, Adware

The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Summary

Dynamic Analysis

Static Analysis

Network Activity

Map

Strings from Dumps

Removals

MD5: 61e341671e6ce3bf48f963d0c20b1fdf
SHA1: d82fa6562c227b6f8cf594292fbfe56abf587708
SHA256: fb8ef96feb95a94f2eefc38e377460102ac14541a58464b6a4f1c6f93b6ac9a8
SSDeep: 12288:1GyMAHruj2gd88XXO63H jgg Tfukbfc8vy4hI2:lTHruauEg1486H2
Size: 442917 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2009-12-06 00:50:52
Analyzed on: WindowsXP SP3 32-bit

Summary:

Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Payload

No specific payload has been found.

Process activity

The Trojan creates the following process(es):

chrmstp.exe:2076
UCBrowser.exe:3452
UCBrowser.exe:2320
UCBrowser.exe:2228
UCBrowser.exe:3924
UCBrowser.exe:3048
UCBrowser.exe:2300
UCBrowser.exe:3036
UCBrowser.exe:3240
UCBrowser.exe:1308
UCBrowser.exe:1860
UCBrowser.exe:3060
UCBrowser.exe:3128
UCBrowser.exe:3736
UCBrowser.exe:3068
sc.exe:844
sc.exe:432
stats_uploader.exe:704
stats_uploader.exe:3308
stats_uploader.exe:3280
setup.exe:1288
kinst_1_644.exe:576
QQBrowser.exe:976
QQBrowser.exe:600
QQBrowser.exe:1964
QQBrowser.exe:952
QQBrowser.exe:1344
QQBrowser.exe:248
QQBrowser.exe:524
QQBrowser.exe:340
QQBrowser.exe:240
QQBrowser.exe:1692
QQBrowser.exe:660
QQBrowser.exe:424
PerfTraceService.exe:600
PerfTraceService.exe:396
regsvr32.exe:404
V8._85416_20150820204011.exe:1460
Browser_V5.5.7852.9_r_4640_(Build1512022057).exe:1232
netsh.exe:1508
netsh.exe:1588
netsh.exe:588
netsh.exe:324
UCService.exe:4044
UCService.exe:2000
UCService.exe:2148

The Trojan injects its code into the following process(es):

UCBrowser.exe:3216
UCBrowser.exe:3560
UCBrowser.exe:2376
UCBrowser.exe:292
UCBrowser.exe:2780
1332280.exe:3900
%original file name%.exe:2004
install1078565.exe:2676
UCBrowser.exe:2160

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process chrmstp.exe:2076 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\UCÃ¦ÂµÂÃ¨Â§Ë†Ã¥â„¢Â¨.lnk (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\chrome_installer.log (1272 bytes)

The process UCBrowser.exe:3216 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Program Files%\UCBrowser\Application\Share\10.tmp (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Visualized Bookmarks.1-journal (24732 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Visualized Bookmarks.1 (40728 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_SyWUPZUBK3QxJVA (292 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Autocomplete\pc_omnibox_hotwords.json (22 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Top Sites.3 (3588 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Extension State\000001.dbtmp (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Cookies.9 (1043 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\16.tmp (28800 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_ExGmD7jruXIBb42 (131 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Login Cookies.9 (1043 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Bookmarks Backup\A.tmp (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\13.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Cache\index (368 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Download.29-journal (532 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\B.tmp (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Web Data.65 (26901 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\URL Security.1 (1944 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Web Data.65-journal (13900 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Autocomplete\pc_keyword_navigation.json (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\14.tmp (9160 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\F.tmp (44 bytes)
%Program Files%\UCBrowser\Application\Share\icons\new_tab_search\google.com.hk.png (457 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Preferences (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Favicons.8-journal (22724 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Current Session (761 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Cache\f_000008 (105 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Cache\f_000009 (111 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Cache\f_000002 (111 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Cache\f_000003 (111 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Cache\f_000001 (44 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Cache\f_000006 (111 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Cache\f_000007 (111 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Cache\f_000004 (111 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Cache\f_000005 (22 bytes)
%Program Files%\UCBrowser\Application\Share\start.dat (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Extension State\LOG (168 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\3D10A8A76B3CB29D9AF4790E6BCADB69 (140 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\__messages_for_new_tab__ (18 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Download.29 (29885 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_giV7bzqqBAP4EoD (532 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Cache\f_00000b (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Cache\f_00000c (111 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Cache\f_00000a (111 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\data_reduction_proxy_leveldb\000001.dbtmp (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Cache\f_00000d (1843 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Cache\f_00000e (22 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Top Sites.3-journal (7056 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\UC Login Data.16 (7518 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Login Cookies.9-journal (5308 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_Jpg5x3ieephfQFU (532 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\15.tmp (4285 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\First Run (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Visited Links (284 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Messages (1017 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\History.29 (31961 bytes)
%Documents and Settings%\%current user%\My Documents\Downloads\Ã¥Â·Â²Ã¥Â½â€¢Ã¥Ë†Â¶Ã§Å¡â€žÃ¨Â§â€ Ã©Â¢â€˜\Ã¦â€™ÂÃ¦â€Â¾Ã¥â€°ÂÃ©Â¡Â»Ã§Å¸Â¥.txt (480 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000001 (75 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\data_reduction_proxy_leveldb\LOG (180 bytes)
%Program Files%\UCBrowser\Application\Share\unconfirmed_config (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\C.tmp (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Cookies.9-journal (5308 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Extension State\000003.log (328 bytes)
%Program Files%\UCBrowser\Application\Share\config.dat (3769 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Messages-journal (532 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\E.tmp (15 bytes)
%Program Files%\UCBrowser\Application\Share\share.dat (416 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Autocomplete\pc_omnibox_presets.json (1843 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\UC Login Data.16-journal (532 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\3D10A8A76B3CB29D9AF4790E6BCADB69 (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_VyMeJHntflh81PF (400 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Cache\f_00000f (156 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\URL Security.1-journal (532 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_lpCtidOVvY5TbWl (131 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Current Tabs (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Favicons.8 (199278 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12.tmp (28592 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Extension State\MANIFEST-000001 (75 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Omnibox-journal (10080 bytes)
%Program Files%\UCBrowser\Application\Share\custom.dat (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_9P3GCtaalyONS4N (532 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Omnibox (1588 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_7GYKtyiLcDIGnma (5670 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Cache\data_0 (939932 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Cache\data_1 (160192 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Cache\data_2 (1352 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Cache\data_3 (13368 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\chrome_debug.log (99 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_Z4GDwYdE5H9HuSO (532 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_YdV2L1dWw9puMq1 (532 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_3216_26406\12.tmp (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\D.tmp (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Autocomplete\pc_omnibox_richcontent.json (105 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\9.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\History.29-journal (7228 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_0SXfvD4NFDc49lE (131 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\chrome_debug.log (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Local State~RFa6a42.TMP (0 bytes)
%Program Files%\UCBrowser\Application\Share\unconfirmed_config (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\9.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\13.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Preferences~RFa6a71.TMP (0 bytes)

The process UCBrowser.exe:3240 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Program Files%\UCBrowser\Application\debug.log (1069 bytes)
%WinDir%\Tasks\UCBrowserUpdater.job (878 bytes)
%Program Files%\UCBrowser\Application\Share\task.ini (241 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\AcfJXctwB2VzdrwmGw K1mC6DQZWyITMLc2P5hAUZrWKom3ifjs9LYjy AfrlNVzcsqdtDWtz3kUPtxuFgixAFOCPc9NVlTg==[1].txt (5 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\AcfJXctwB2VzdrwmGw K1mC6DQZWyITMLc2P5hAUZrWKom3ifjs9LYjy AfrlNVzcsqdtDWtz3kUPtxuFgixAFOCPc9NVlTg==[1].txt (0 bytes)

The process UCBrowser.exe:1308 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Preferences (2 bytes)
%Program Files%\UCBrowser\Application\Share\unconfirmed_config (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\8.tmp (408 bytes)

The Trojan deletes the following file(s):

%Program Files%\UCBrowser\Application\Share\unconfirmed_config (0 bytes)

The process UCBrowser.exe:3736 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Program Files%\UCBrowser\Application\Share\ConfigTemp\scoped_dir_3736_2517\config.dat (11114 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\l9Vy0cXGQ4wfwmGYFDun FFFOkJObq87WJj4A6Oynt2tqsf8nO1vnbNojahQJT4fNqvnTEQdwQ7W8VfTl0DQoOQnDd7u0K15ivQ==[1].txt (5 bytes)
%Program Files%\UCBrowser\Application\Share\ConfigTemp\scoped_dir_3736_2517\custom.dat (2 bytes)
%Program Files%\UCBrowser\Application\Share\ConfigTemp\scoped_dir_3736_2517\11.tmp (6 bytes)
%Program Files%\UCBrowser\Application\Share\ConfigTemp\Volatile (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\ZGkl7McKo3CxOkIW9H4xtXjILj9rwnfyNl OkbwSNQewVQNfid9sQc4S9zl3ukq36HeA==[1].txt (5 bytes)
%Program Files%\UCBrowser\Application\5.6.11466.7\debug.log (5061 bytes)
%Program Files%\UCBrowser\Application\Share\ConfigTemp\scoped_dir_3736_2517\start.dat (20 bytes)
%Program Files%\UCBrowser\Application\Share\ConfigTemp\scoped_dir_3736_2517\share.dat (482 bytes)
%Program Files%\UCBrowser\Application\Share\ConfigTemp\scoped_dir_3736_2517 (4 bytes)

The Trojan deletes the following file(s):

%Program Files%\UCBrowser\Application\Share\ConfigTemp\Volatile\scoped_dir_3736_28285\config_digest (0 bytes)
%Program Files%\UCBrowser\Application\Share\ConfigTemp\Volatile\scoped_dir_3736_20887 (0 bytes)
%Program Files%\UCBrowser\Application\Share\ConfigTemp\Volatile\scoped_dir_3736_29449 (0 bytes)
%Program Files%\UCBrowser\Application\Share\ConfigTemp\Volatile\scoped_dir_3736_20887\share.dat (0 bytes)
%Program Files%\UCBrowser\Application\Share\ConfigTemp\Volatile\scoped_dir_3736_22295\custom.dat (0 bytes)
%Program Files%\UCBrowser\Application\Share\ConfigTemp\Volatile\scoped_dir_3736_22295 (0 bytes)
%Program Files%\UCBrowser\Application\Share\ConfigTemp\Volatile (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\ZGkl7McKo3CxOkIW9H4xtXjILj9rwnfyNl OkbwSNQewVQNfid9sQc4S9zl3ukq36HeA==[1].txt (0 bytes)
%Program Files%\UCBrowser\Application\Share\ConfigTemp\Volatile\scoped_dir_3736_3046\start.dat (0 bytes)
%Program Files%\UCBrowser\Application\Share\ConfigTemp\Volatile\scoped_dir_3736_28285 (0 bytes)
%Program Files%\UCBrowser\Application\Share\ConfigTemp\Volatile\scoped_dir_3736_3046 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\l9Vy0cXGQ4wfwmGYFDun FFFOkJObq87WJj4A6Oynt2tqsf8nO1vnbNojahQJT4fNqvnTEQdwQ7W8VfTl0DQoOQnDd7u0K15ivQ==[1].txt (0 bytes)
%Program Files%\UCBrowser\Application\Share\ConfigTemp\Volatile\scoped_dir_3736_29449\config.dat (0 bytes)
%Program Files%\UCBrowser\Application\Share\ConfigTemp\scoped_dir_3736_2517 (0 bytes)

The process 1332280.exe:3900 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RSEDown\rsedownloadconfig.xml.rs (204 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RSEDown\rse.exe.rs (129022 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\rsedownloadconfig[1].xml (196 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\rse1332280[1].exe (129022 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\rsedownloadconfig[1].xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\rse1332280[1].exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RSEDown\rsedownloadconfig.xml (0 bytes)

The process stats_uploader.exe:3280 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\0lgghpkWPqIqH4SLTvt HHepvf2P7QSA 7sNQpqR2RaiRZDPVL2G7gXW9aEUVEw02fQOCUbeK zBsPw2gnG3T 7dh HAjP9TZn09msyu0skoKQw3lquaUvXKkqmWQwHy2kVn1QWsoujTJNu7Emx84cgy ROS7Q=[1].t (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\FydVigaaxkCuHOWPFyQoucUUdZR8vwKEpXD8wW8rFJ6DAI7Q=[1].txt (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\y[1].txt (5 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\y[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\0lgghpkWPqIqH4SLTvt HHepvf2P7QSA 7sNQpqR2RaiRZDPVL2G7gXW9aEUVEw02fQOCUbeK zBsPw2gnG3T 7dh HAjP9TZn09msyu0skoKQw3lquaUvXKkqmWQwHy2kVn1QWsoujTJNu7Emx84cgy ROS7Q=[1].t (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\FydVigaaxkCuHOWPFyQoucUUdZR8vwKEpXD8wW8rFJ6DAI7Q=[1].txt (0 bytes)

The process setup.exe:1288 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Share\icons\searchbar\etao.com.png (252 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\Drivers\ucguard.sys (71 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\UCWiFi\Locales\en-US.pak (6 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Share\icons\desktop\facebook.ico (131 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\Drivers\ucguard-x64.sys (80 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Share\icons\new_tab_search\youku.com.png (764 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Share\icons\login_view\taobao.png (2 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\Configs\config.dat (149 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\natives_blob.bin (1711 bytes)
%Program Files%\UCBrowser\Application\Share\target_locale (5 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Downloader\download\minizip.dll (26 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\5.6.11466.7.manifest (248 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\UCÃ¦ÂµÂÃ¨Â§Ë†Ã¥â„¢Â¨.lnk (1 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\Configs\pt-br\share.dat (66 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\Locales\zh-CN.pak (254 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\UCWiFi\resources.pak (1692 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\wow_helper.exe (80 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Share\icons\searchbar\tmall.com.png (196 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Downloader\download\msvcp71.dll (1791 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\libGLESv2.dll (7972 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Share\icons\new_tab_search\google.com.png (521 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Share\icons\searchbar\taobao.com.png (290 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\Configs\en-in\config.dat (164 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Downloader\download\XLBugReport.exe (248 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\UCService.exe (3678 bytes)
%Program Files%\UCBrowser\Application\master_preferences (235 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\PepperFlash\pepflashplayer.dll (124061 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\molt_tool.exe (1814 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\Configs\zh-cn\start.dat (10 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\Configs\es-419\start.dat (7 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\update_task.exe (1696 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\RaAPAPI.dll (5442 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Downloader\download\dl_peer_id.dll (92 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Downloader\download\MiniThunderPlatform.exe (268 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\Configs\en-in\share.dat (66 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin (4 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Share\icons\desktop\tmall_points.ico (144 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\theme_tool.exe (1851 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Share\icons\new_tab_search\baidu.com.png (682 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Share\icons\searchbar\sogou.com.png (1 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Share\icons\searchbar\etaohaitao.com.png (438 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Share\icons\extension\renren.png (4 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\Configs\ru\config.dat (149 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\Configs\es-419\config.dat (149 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\snapshot_blob.bin (1802 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\Extensions\zh-CN\external_extensions.json (903 bytes)
%Program Files%\UCBrowser\Application\Uninstall.exe (18934 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Share\icons\bookmarks\amazon.png (507 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\AegisI5.exe (1727 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\UCWiFi.exe (45823 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\chrome_installer.log (1252 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\Configs\id\start.dat (7 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Share\config.dat (6404 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\chrome.7z (1318189 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\RtlIhvOid.dll (274 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Downloader\download\download_engine.dll (23407 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Share\icons\marketing\1001.ico (192 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Share\icons\searchbar\bing.com.png (1 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\Backup\UCBrowser.exe (7386 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Downloader\download\XLBugHandler.dll (100 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Share\custom.dat (1 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Share\icons\extension\noads.png (4 bytes)
%Program Files%\UCBrowser\Application\Share\start.dat (10 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\Configs\pt-br\config.dat (149 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\Configs\zh-cn\share.dat (66 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\ICSDHCP.dll (1807 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Share\icons\login_view\alipay.png (2 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\UCAgent.exe (5442 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Share\icons\login_view\weibo.png (1 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\libucguard.dll (179 bytes)
%Program Files%\UCBrowser\Application\wow_helper.exe (601 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\stats_uploader.exe (279 bytes)
%Program Files%\UCBrowser\Application\molt_tool.exe (3361 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\chrome_100_percent.pak (7386 bytes)
%Program Files%\UCBrowser\Application\VERSION (11 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\VERSION (11 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Share\icons\bookmarks\uc123.png (1 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Share\icons\new_tab_search\etao.com.png (335 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Share\icons\login_view\qq.png (2 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Share\icons\new_tab_search\bing.com.png (1 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\Configs\start.dat (7 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\Extensions\external_extensions.json (352 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\resources.pak (172310 bytes)
%System%\drivers\ucguard.sys (601 bytes)
%Program Files%\UCBrowser\Application\UCService.exe (4185 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\Extensions\pt-BR\external_extensions.json (352 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Share\icons\bookmarks\baidu.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\UCÃ¦ÂµÂÃ¨Â§Ë†Ã¥â„¢Â¨.lnk (1 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Share\icons\searchbar\google.com.png (457 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\HWID.ini (12 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\libEGL.dll (88 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\UCWiFi\Locales\zh-CN.pak (7 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\Configs\id\config.dat (162 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Share\icons\bookmarks\taobao.png (389 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\chrome_200_percent.pak (7972 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\UCProxySDK.dll (9606 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Downloader\download\atl71.dll (96 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Share\icons\new_tab_search\tmall.com.png (200 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\Extensions\en-IN\external_extensions.json (480 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\Update\UpdateOption.xml (189 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\chrome_child.dll (323690 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\Configs\id\share.dat (66 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\IpLib.dll (208 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\Configs\pt-br\start.dat (7 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\Configs\share.dat (66 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\browsing_data_remover.exe (236 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\d3dcompiler_47.dll (22433 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\RtlLib.dll (1804 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\PepperFlash\manifest.json (2 bytes)
%Program Files%\UCBrowser\Application\Share\config.dat (7345 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\UCÃ¦ÂµÂÃ¨Â§Ë†Ã¥â„¢Â¨\UCÃ¦ÂµÂÃ¨Â§Ë†Ã¥â„¢Â¨.lnk (1 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Share\icons\new_tab_search\taobao.com.png (304 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\win10_200_percent.pak (1721 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Uninstall.exe (17629 bytes)
%Program Files%\UCBrowser\Application\Share\share.dat (66 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\Update\InstalledConfig.xml (652 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\Locales\en-US.pak (257 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\delegate_execute.exe (3751 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\chrome_elf.dll (138 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\UCBrowser.exe (7386 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\Configs\ru\start.dat (7 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Share\start.dat (10 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\Configs\en-in\start.dat (7 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Share\icons\new_tab_search\sogou.com.png (2 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\courgette.dll (281 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\UCÃ¦ÂµÂÃ¨Â§Ë†Ã¥â„¢Â¨\Ã¥ÂÂ¸Ã¨Â½Â½UCÃ¦ÂµÂÃ¨Â§Ë†Ã¥â„¢Â¨.lnk (1 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\acAuth.dll (7386 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Share\icons\bookmarks\pp_helper.png (1 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\Configs\ru\share.dat (66 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\libeay32.dll (7386 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Share\icons\searchbar\12dc664d-0442-4570-a7c8-f3aa22922cec.com.png (252 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\win10_100_percent.pak (1695 bytes)
%Program Files%\UCBrowser\Application\5.6.11466.7\Installer\setup.exe (7547 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\updater.dll (7386 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\Languages\settings.xml (103 bytes)
%Documents and Settings%\All Users\Desktop\UCÃ¦ÂµÂÃ¨Â§Ë†Ã¥â„¢Â¨.lnk (1 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Downloader\download\msvcr71.dll (1635 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Share\icons\searchbar\baidu.com.png (426 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\Configs\zh-cn\config.dat (6404 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\libexif.dll (317 bytes)
%Program Files%\UCBrowser\Application\UCBrowser.exe (7547 bytes)
%Program Files%\UCBrowser\Application\update_task.exe (2321 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\config_updater.dll (5442 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\Languages\chs.locale (1 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Downloader\xldl.dll (289 bytes)
%Program Files%\UCBrowser\Application\5.6.11466.7\Installer\chrmstp.exe (7547 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\Extensions\id-ID\external_extensions.json (352 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Downloader\download\id.dat (40 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\win10.pak (8 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\chrome_watcher.dll (1680 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Share\icons\searchbar\google.com.hk.png (457 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Share\share.dat (66 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\ucwifi_compat.dll (1633 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Downloader\download\zlib1.dll (66 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Share\icons\searchbar\youku.com.png (653 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Share\icons\new_tab_search\12dc664d-0442-4570-a7c8-f3aa22922cec.com.png (479 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\icudtl.dat (34008 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\Configs\es-419\share.dat (66 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\7z.dll (6361 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\RtlLib_xp.dll (3736 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\chrome.dll (286042 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir1232_20897\wow_installer.prefs (0 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\VERSION (0 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\update_task.exe (0 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\UCService.exe (0 bytes)
%Program Files%\UCBrowser\Temp (0 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Uninstall.exe (0 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235 (0 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\chrome.7z (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir1288_7160 (0 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\wow_helper.exe (0 bytes)
%Program Files%\UCBrowser (0 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\molt_tool.exe (0 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin (0 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\UCBrowser.exe (0 bytes)

The process QQBrowser.exe:1964 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\dr_packet.dat (392 bytes)

The process QQBrowser.exe:1344 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Skin\001-Cool Air.gt (252503 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Skin\LightStripes.gt (601 bytes)

The process QQBrowser.exe:248 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Program Files%\Tencent\QQBrowser\QQBrowserConfig.dat (114 bytes)

The process QQBrowser.exe:524 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%WinDir%\Tasks\QQBrowser Udpater Task(Core).job (280 bytes)
%WinDir%\Tasks\QQBrowser Udpater Task.job (276 bytes)

The process QQBrowser.exe:1692 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ClientUpdate\cli3.tmp.qbl (11807 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ClientUpdate\cli5.tmp.qbl (1098 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ClientUpdate\cli6.tmp.qbl (194 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ClientUpdate\update.ini (106 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ClientUpdate\cli3.tmp (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ClientUpdate\cli5.tmp (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ClientUpdate\cli6.tmp (0 bytes)

The process QQBrowser.exe:660 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\dr_packet.dat (728 bytes)

The process QQBrowser.exe:424 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\dr_packet.dat (328 bytes)

The process %original file name%.exe:2004 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\7185bdf1gw1f05vls701mg21130hix6s[1].gif (326744 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\7185bdf1gw1f13nembfz5g20rt0m7tpt[1].gif (41584 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\Browser_V5.6.11466.7_r_4640_(Build1603281525)[1].exe (3498742 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu2.tmp\System.dll (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\21.tmp (326744 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\25.tmp (41584 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\26.tmp (286904 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu2.tmp\ExecCmd.dll (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu2.tmp\nsProcess.dll (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\1332280[1].exe (15336 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\7185bdf1gw1f0copg2ejkg207o08ce84[1].gif (286904 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu2.tmp\Inetc.dll (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\desktop.ini (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\install1078565.exe (35525 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\kinst_1_644.exe (9483 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu2.tmp\ZipDLL.dll (5500 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\28.tmp (52424 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\V8._85416_20150820204011.exe (40581 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\psb[1].gif (52424 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu2.tmp\Base64.dll (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Browser_V5.5.7852.9_r_4640_(Build1512022057).exe (3498742 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1.jpg (5855 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1332280.exe (15336 bytes)

The Trojan deletes the following file(s):

%Program Files%\UCBrowser\Application\Uninstall.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu2.tmp (0 bytes)
%Program Files%\Tencent\QQBrowser\uninst.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsp1.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\OK (0 bytes)

The process install1078565.exe:2676 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\ui\snin.htm (527 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\ravdefdb\rsmon.db1 (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\ravxp\ravxp.xml (404 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\RSD936\CHS.lag (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\cloudv3\userdata.rstray (293 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\ravconfig\ravcfg.xml (126 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\CompsVer.inf (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\_rav\_rav.xml (368 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\ravbase\RsTray.ico (68 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\rsmondef\bacore.dll (5679 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\updater.exe (3956 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\label.dat (384 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\rsmondef\x64\adefmon.mond (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\popwndexe.exe (126 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\monbasedui\monbasedui.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\mscrt9\atl90.dll (1708 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\monbasedui\ravmond.exe (1990 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\ravbase\setup.dat (126 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\rav936\lics936.txt (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\RsMgrSvc.exe (1855 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\ravdefdb\uprsuser.dat (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\ravbase\Repair.url (155 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\os.xml (685 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\RsBackup.exe (1851 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\rav936\rav936.xml (515 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\rscfg\rscfg.xml (996 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\ravbase\LogAc.bmp (24 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\ravbase\RsSmall.bmp (576 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\ravbase\Rising.ico (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\rscomm\rscomm.xml (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\ravbase\url.ini (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\ravbase\rstask.xml (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\ravdefdb\ravdefdb.xml (968 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\ravlog\ravlog.xml (545 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\rsdk\rsdk.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\Custom.xml (775 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\license\license.xml (347 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\ravmon\mondcoms.xml (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\ravbase\repairmanager.mond (207 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\ravbase\RAV.ico (81 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\RSSETUP.xml (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\ravdefdb\uprsmon.dat (45 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\mscrt9\Microsoft.VC90.ATL.manifest (466 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\cloudv3\dataups.dat (207 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\license\12345678.000 (24 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\RsStub.exe (1958 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\ravmaindui\ravmaindui.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\update.xml (164 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\ravbase\LogDc.bmp (24 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\Setup.exe (5201 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\cloudv3\datastorage.db (19 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\ravbase\ravbase.xml (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\cloudqry\rsnscfg.dat (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\cloudv3\cloudv3.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\hookbase\rsdll.dll.dat (50 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\RSD1252\Eng.lag (52 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\_rav\setup.xml (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\ravbase\RsMain.ico (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\ravmaindui\rsmain.exe (817 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\mscrt9\mscrt9.xml (961 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\cloudqry\cloudqry.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\rav936\chs.lag (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\rsmondef\rsmondef.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\RSD932\Jpn.lag (37 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\RSD950\CHT.lag (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\ravbase\repairmanager.mondcoms (232 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\setup.dat (118 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\hookbase\hookbase.xml (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\rsmondef\bawhite.dat (22 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\ravxp\ravxp.exe (86 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\rsmondef\antipromotionmon.dll (49 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\ravconfig\ravconfig.xml (519 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\Rav.7z (98827 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\cloudv3\userdata.mond (485 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\mscrt9\Microsoft.VC90.CRT.manifest (496 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\ravdefdb\rsuser.db1 (71 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\ravmon\ravmon.xml (574 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\rsmondef\adefmon.mond (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\Auto.ini (36 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\ravmon\mond.xml (2 bytes)

The process V8._85416_20150820204011.exe:1460 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\small.html (2 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\images\installed_arrow.png (176 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin\theme.png (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\homepage\0\website\bggradient_day.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Infobar\js\base.js (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Adblock\whitelist.ze (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\event\bg.png (28 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\lib\template.js (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\warn-dialog-close.png (295 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\installed_arrow.png (176 bytes)
%Program Files%\Tencent\QQBrowser\dr.dll (601 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\delete_active_ie.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\js\search.js (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\delete.png (1 bytes)
%Program Files%\Tencent\QQBrowser\MouseGesture.dll (56 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\history\img\search.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\favicon\index.html#account.ico (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\images\searchlogo_24_sogou.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\delete_active.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Microsoft.VC90.CRT\msvcr90.dll (4185 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\js\global.js (394 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\images\qblogo.png (868 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\service\perfctrl.dll (3447 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\history\img\del2.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\background.js (31 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\HomePage\index.ini (16 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\qblogo.png (868 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\8DFDF057024880D7A081AFBF6D26B92F (176 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\QQBrowserLiveup.exe (3502 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin\tab_bg_white.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\picker_floor_hover.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Extensions8\{00000000-0000-0000-0000-000000000000}\jquery.js (92 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\js\init.js (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\Private-icon.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\DB\random.db (10 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\MouseGesture.dll (872 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\default.ico (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\skin_mask.png (923 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\addressbar_blank.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\service\PerfTraceService.exe (2934 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\css\style.css (6 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\img\del2.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\images\searchlogo_24_sogou.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\app_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\plugin1.png (11 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\js\api.js (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\js\api.js (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\{CAA4306F-826C-4c1b-8FC6-571F84949DB4} (6 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\{3E9C7A5B-D249-4C28-A451-53E1024AD354} (2 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\lib\jquery.min.js (92 bytes)
%Program Files%\Tencent\QQBrowser\Html\images\searchlogo_24_soso.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\skin_selected_white_ie.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\js\global.js (394 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\certerror.html (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\sliderman.1.3.7.js (19 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\history2.js (21 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\loading.gif (5 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\InstModules\Microsoft.VC90.CRT\msvcp90.dll (3361 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\unlock_ie.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\account_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\css\style.css (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\NetWork.dll (2602 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\QQBrowserSecurityCenter.exe (2015 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\homepage\0\website\bgsearch_day.jpg (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\quicklink_toast_locked.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\lock_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\index.html (1 bytes)
%Program Files%\Tencent\QQBrowser\Infobar\image\infobar_offlineurl.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\unlock_hover_ie.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\images\default-icon.png (1 bytes)
%Program Files%\Tencent\QQBrowser\QBExtensionFramework.dll (3361 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\quicklink_recommendcelltag.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\js\business.js (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\{B00DFF21-511E-4249-BCB9-EECC370D796B} (430 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Extensions8 (4 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\unlock_hover_ie.png (1 bytes)
%Program Files%\Tencent\QQBrowser\tssafeedit.dat (41 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\bkg.gif (22 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\images\searchlogo_24_baidu.png (870 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}.qrx (21 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\history_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\favicon\index.html#app.ico (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\accountInfoBar.html (794 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\EventTracing.dll (1326 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Extensions8\Temp\{7E2975A3-E661-42F2-8614-A9D18CBB20FE}.qrx (19 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\theme.png (25 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\small.html (2 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\lock.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Liveup\Temp\QQBrowserLiveup.exe (1425 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\history\img\atbk1.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\picker_floor.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\event\bg.png (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\resources.pri (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\dock_game.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\thumb\http___tq.qq.com_qbrcenter_index.html_adtag=8gongge.jpg (11 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\js\inforBar.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\nsis_skin.gt (106 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\favicon (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Extensions8\{5062F1C6-D76B-43c8-ADAE-D060662C6546}\extplayer.js (30 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\img\atbk1.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin\tab_bg_blank.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\Infobar\image\infobar_close_hover.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\images\searchlogo_24_baidu.png (870 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\DB\history.db (601 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\unlock_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\picker_ceil_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\delete_active.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\Infobar\css\base.css (2 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\favicon\index.html#history.ico (1 bytes)
%Program Files%\Tencent\QQBrowser\service\xperf.exe (2105 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin\picker_ceil.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\Infobar\inforBar.html (800 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\Assistant.dll (6284 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\qblogo.png (868 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\service\qqtrack.xml (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\service\QQTrace.ini (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\searchlogo_24_sogou.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\Resource.dll (1365 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{5062F1C6-D76B-43c8-ADAE-D060662C6546}\extplayer.js (30 bytes)
%Program Files%\Tencent\QQBrowser\manifest.json (261 bytes)
%Program Files%\Tencent\QQBrowser\Html\lib\jquery.min.js (92 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\tab_bg_blank.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\PrScrn.dll (2517 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\account\up.png (971 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\quicklink_toast_unlocked.png (2 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\addressbar_blank.png (5 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\js\api.js (3 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\account.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Adblock\{43789A6F-8316-54A6-96D4-87874B9CC177} (5 bytes)
%Program Files%\Tencent\QQBrowser\Microsoft.VC90.CRT\msvcp90.dll (3361 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\lock_hover.png (1 bytes)
%Program Files%\Tencent\QQBrowser\navi.ico (15 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Extensions8\Temp\{C74EB4B8-B51A-4BF7-A213-E29859D69D83}.qrx (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\homepage\0\website (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\thumb\qqbrowser_home.jpg (14 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\js\global.js (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\images\hse.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\db\random.db (10 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\yellow.png (626 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\dock_game.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Liveup\Temp\Microsoft.VC90.CRT\msvcp90.dll (3361 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\thumb\http___www.qq.com__pgv_ref=qqBrowserPC.jpg (16 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\lock.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\app_active.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\thumb\http___speed.qq.com_act_a20141103plan_.jpg (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\qqtrack.xml (7 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{A1D7EDF6-6151-4F2D-B39E-01D6FABE0325}.qrx (19 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\history\img\del.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{CD36E3DB-304A-48EF-A8A2-D873F608D2AE}.qrx (30 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\lib\jquery.mCustomScrollbar.concat.min.js (37 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\css\ycalendar.css (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manifest.json (197 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\history\img\checkbox.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\js\init.js (8 bytes)
%Program Files%\Tencent\QQBrowser\service\qqtrack.xml (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\accountInfoBar.html (794 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\wifi_dialog_close_btn.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\dock_video.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\image\infobar_close_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\theme_ie.png (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\UserPinnedTemp\QQÃ¦ÂµÂÃ¨Â§Ë†Ã¥â„¢Â¨.lnk (2 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\app_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\account\up.png (971 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Thumb\http___s.click.taobao.com_khr1bAy.jpg (9 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\quicklink_newcelltag_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\arrowdown_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\images\hse.png (4 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\history_hover.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\lib\jquery.mCustomScrollbar.css (9 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\8DFDF057024880D7A081AFBF6D26B92F (533 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\images\plugin3.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\QQÃ¦ÂµÂÃ¨Â§Ë†Ã¥â„¢Â¨.lnk (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\BugReport.exe (7256 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\app.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\lock_active.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\favicon\index.html#account.ico (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\history_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\loading.gif (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\image.png (5 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\plugin3.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\js\search.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\thumb\https___mail.qq.com_.jpg (16 bytes)
%Program Files%\Tencent\QQBrowser\Infobar\inforBar.html (800 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\dock_game_hover.png (3 bytes)
%Program Files%\Tencent\QQBrowser\QQBrowser.exe (601 bytes)
%Program Files%\Tencent\QQBrowser\QRCode.dll (31 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\quicklink_newcelltag.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\picker_ceil.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\db\homepage.db (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\favicon\index.html#skin.ico (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\DB\homepage.db (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\history_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\account_active.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\error.html (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\{3349050F-829E-4bb2-AACF-03E3A6B68677} (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\Dialogs.dll (10771 bytes)
%Program Files%\Tencent\QQBrowser\service\perfctrl.dll (1281 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{ACC06D2A-2285-4ed9-B4E4-0F3198501410}.qrx (12 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\quicklink_recommendcelltag_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\unlock_ie.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\tssafeedit.dat (41 bytes)
%Program Files%\Tencent\QQBrowser\Dialogs.dll (7385 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\plugin2.png (6 bytes)
%Program Files%\Tencent\QQBrowser\service\7z.exe (673 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\history\img\del.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\index.html (17 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\gray.png (501 bytes)
%Program Files%\Tencent\QQBrowser\Html\manifest.json (197 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\{CAA4306F-826C-4c1b-8FC6-571F84949DB4} (6 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\images\pixel.gif (43 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\images\searchlogo_24_bing.png (442 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\db\history.db (108 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\CustomerJoinPlan.txt (2 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin\addressbar_white.png (5 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\tab_bg_blank.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Adblock\mainlist.ze (29 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\arrowdown_hover_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\index.html (1 bytes)
%Program Files%\Tencent\QQBrowser\QQBrowserFrame.dll (11518 bytes)
%Program Files%\Tencent\QQBrowser\resources.pri (3 bytes)
%Program Files%\Tencent\QQBrowser\Downloader.dll (3073 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\history\img\up-down.png (999 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\app.js (17 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\HomePage\0\website\index.html (601 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\lock_active_ie.png (1 bytes)
%Program Files%\Tencent\QQBrowser\WebpDecodeFilter.dll (673 bytes)
%Program Files%\Tencent\QQBrowser\Html\lib\jquery.mCustomScrollbar.concat.min.js (37 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Adblock\whitelist.ze (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\large_installed_arrow.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\images\icon_not_recommended.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\quicklink_recommendcelltag.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\InstModules\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\theme_ie.png (15 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\unlock_active_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\tab_bg_white.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\history_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\small_installed_arrow.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\delete_ie.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\favicon\index.html#app.ico (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\unlock.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\history\img\atbk1.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\unlock.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\green.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\installed_arrow.png (176 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\thumb\http___s.click.taobao.com_khr1bAy.jpg (9 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\arrowdown_hover.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\uninst.exe (3649 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\quicklink_recommendcelltag_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\arrowdown.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\{3E9C7A5B-D249-4C28-A451-53E1024AD354} (2 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\skin_selected_white.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\skin_selected_blank.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\dock_video.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\lock_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\theme.png (25 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\lib\jquery.mCustomScrollbar.css (9 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\uninstallBtn.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\pink.png (716 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\js\search.js (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\dock_video_active.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\favicon\index.html#account.ico (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\Infobar\image\infobar_close_normal.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\account\down.png (971 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}_1\QBSafe.dll (1735 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\Infobar\image\infobar_close_active.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\js\global.js (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\warn-dialog-close.png (295 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\css\style.css (6 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Thumb\qqbrowser_home.jpg (14 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\favicon\index.html#app.ico (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\css\screen.css (14 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\unlock_ie.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\images\pixel.gif (43 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin\skin_mask.png (923 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\image\infobar_close_normal.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\quicklink_recommendcelltag_ie.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\night.png (546 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{132A61AD-1025-4629-960D-B21EE8BAABB3}.qrx (17 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\js\init.js (8 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Thumb\https___mail.qq.com_.jpg (16 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\wifi_dialog_close_btn.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\img\del.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\Infobar\image\icon.png (487 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\private.html (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\unlock_hover_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\pixel.gif (43 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\delete_hover.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\QRCode.dll (31 bytes)
%Program Files%\Tencent\QQBrowser\nsis_skin.gt (601 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\arrowdown_hover_ie.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\license.txt (17 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\dock_game_active.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\skin_mask.png (923 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\skin_selected_white_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\error.html (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\homepage\0\website\icon.fw.png (8 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\history\img\search.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Adblock\wbg.png (136 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin\skin_selected_blank_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\lock_ie.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\dock_video.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\lib\ycalendar.js (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Extensions8\Temp (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin (8 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\delete.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\css\ycalendar.css (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\wifi_dialog_cancel_btn.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Liveup\Temp\QBUtils.dll (12287 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\blue.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\dr.dll (864 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\image\infobar_close_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\text_light.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Infobar\image\infobar_login.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\img\up-down.png (999 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\css\articlecontent.css (12 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\shadow-bottom.png (2 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\HomePage\0\website\bgsearch_day.jpg (4 bytes)
%Program Files%\Tencent\QQBrowser\Html\images\icon_suggested_action.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Infobar\image\infobar_fav.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\sliderman.1.3.7.js (19 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\img\down.png (960 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img (4 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\images\site_text.png (5 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\quicklink_toast_locked.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Thumb\http___speed.qq.com_act_a20141103plan_.jpg (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\reader.html (30 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\js\tool.js (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\8.0.0.12\manifest.json (256 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\Infobar\image\security.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\lib (4 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\lock_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\arrowdown.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Infobar\css\base.css (2 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\images\wifi_dialog_continue_btn.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\images\icon_suggested_action.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\quicklink_newcelltag.png (1 bytes)
%Program Files%\Tencent\QQBrowser\BugReport.exe (2321 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\account\down.png (971 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\event\bg.png (28 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin\skin_selected_blank.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\favicon\index.html#skin.ico (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\images\loading.gif (5 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\image.png (5 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\HomePage\0\website\sogou_web.png (5 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}.qrx (21 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\history\history2.js (21 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\dock_video_active.png (3 bytes)
%Program Files%\Tencent\QQBrowser\Html\lib\ycalendar.js (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\uninstallBtn.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\lock_active_ie.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\homepage\0\website\sogou_web.png (5 bytes)
%Program Files%\Tencent\QQBrowser\Html\certerror.html (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\site_text.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\service\xperf.exe (5001 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Extensions8\Temp\{A1D7EDF6-6151-4F2D-B39E-01D6FABE0325}.qrx (19 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\dock_game_hover.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\arrowdown_ie.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Extensions8\Temp\{CD36E3DB-304A-48EF-A8A2-D873F608D2AE}.qrx (30 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\service (4 bytes)
%Program Files%\Tencent\QQBrowser\QBSafe.dll (1735 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\quicklink_toast_unlocked.png (2 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\search_btn.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\quicklink_toast_locked.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Thumb\http___tq.qq.com_qbrcenter_index.html_adtag=8gongge.jpg (11 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\searchlogo_24_bing.png (442 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\private.html (3 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin\skin_selected_white_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\favicon\index.html#history.ico (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\dock_video_active.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\images\searchlogo_24_google.png (919 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\delete_active_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\images\icon_not_recommended.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\quicklink_toast_unlocked.png (2 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\history.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\searchbar_searchengine_arrow.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\history\css\history.css (8 bytes)
%Program Files%\Tencent\QQBrowser\Microsoft.VC90.CRT\msvcm90.dll (1281 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\delete_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\js\injectReader.js (19 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\searchbar_searchengine_arrow.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\images\searchlogo_24_google.png (919 bytes)
%Program Files%\Tencent\QQBrowser\Html\images\search_btn.png (1 bytes)
%Program Files%\Tencent\QQBrowser\QQBrowserLiveup.exe (1425 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\image\infobar_close_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Adblock\mainlist.ze (29 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\lib\ycalendar.js (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\QBExtensionFramework.dll (3766 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\close.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\css\ycalendar.css (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\lock_hover_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\images\searchlogo_24_soso.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\js\business.js (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\QQBrowserFrame.dll (13493 bytes)
%Program Files%\Tencent\QQBrowser\Infobar\image\infobar_close_normal.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\js\init.js (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\quicklink_newcelltag.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\close.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\lib\jquery.mCustomScrollbar.concat.min.js (37 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\js\init.js (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\Microsoft.VC90.CRT\msvcm90.dll (2129 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manifest.json (197 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\plugin2.png (6 bytes)
%Program Files%\Tencent\QQBrowser\Infobar\image\security.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\dock_game_active.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\arrowdown_hover.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\searchbar_searchengine_arrow.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\history\img\down.png (960 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\homepage\0\website\index.html (86 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\Infobar\js\base.js (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\thumb\http___browser.qq.com_new_wechat1.0.html_type=1.jpg (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\Downloader.dll (4010 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Extensions8\Temp\{ACC06D2A-2285-4ed9-B4E4-0F3198501410}.qrx (12 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid (12 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\account\down.png (971 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\thumb\http___qzone.qq.com_.jpg (12 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\picker_floor.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\history\img\down.png (960 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\history.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Adblock\{43789A6F-8316-54A6-96D4-87874B9CC177} (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\WebpDecodeFilter.dll (2128 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\images\search_btn.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\account_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\lib\jquery.easing.js (3 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\images\large_installed_arrow.png (1 bytes)
%Program Files%\Tencent\QQBrowser\PrScrn.dll (1281 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\arrowdown_hover_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\background.html (122 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\Ã¨â€¦Â¾Ã¨Â®Â¯Ã¨Â½Â¯Ã¤Â»Â¶\QQÃ¦ÂµÂÃ¨Â§Ë†Ã¥â„¢Â¨\QQÃ¦ÂµÂÃ¨Â§Ë†Ã¥â„¢Â¨.lnk (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\account.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\thumb (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\service\7z.exe (1209 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\Microsoft.VC90.CRT\msvcp90.dll (6900 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\HomePage\0\website\bggradient_day.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\content.js (30 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\js\inforBar.js (1 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\62B5AF9BE9ADC1085C3C56EC07A82BF6 (150 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\css\articlecontent.css (12 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\lib\template.js (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\delete_active_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\searchlogo_24_baidu.png (870 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\icon_not_recommended.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\quicklink_newcelltag_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\images\small.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\Infobar\image\infobar_login.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\delete.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Thumb\http___qzone.qq.com_.jpg (12 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\account\up.png (971 bytes)
%Program Files%\Tencent\QQBrowser\uninst.exe (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\yellow.png (626 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\skin_selected_blank_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\images\shadow-bottom.png (2 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\{3349050F-829E-4bb2-AACF-03E3A6B68677} (5 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\manifest.json (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\index.html (17 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\account_hover.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\{6970B802-2F13-4038-B620-33B0211D26A0} (99 bytes)
%Program Files%\Tencent\QQBrowser\EventTracing.dll (39 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\site_text.png (5 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\css\screen.css (14 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\plugin3.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\images\Private-icon.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\lock_hover_ie.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\unlock_active_ie.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\unlock_hover.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\Config.xml (1 bytes)
%Program Files%\Tencent\QQBrowser\Infobar\image\icon.png (487 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\tab_bg_white.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\plugin1.png (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\skin\LightStripes.gt (94 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\QBInstaller.dll (3710 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\default.ico (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\lib\jquery.min.js (92 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\green.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Extensions8\Temp\{44A126BF-51C2-48AD-A593-94B50071EB64}.qrx (39 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{00000000-0000-0000-0000-000000000000}\jquery.js (601 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\error.html (7 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\history\img\closeBtnSearchbar.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\css\style.css (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\QBUtils.dll (17689 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\large_installed_arrow.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\lock_active_ie.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\lock_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\sliderman.1.3.7.js (19 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\manifest.json (5 bytes)
%Program Files%\Tencent\QQBrowser\Html\images\small.png (2 bytes)
%Program Files%\Tencent\QQBrowser\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\app.js (17 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\app.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Liveup\Temp\Microsoft.VC90.CRT\msvcr90.dll (4185 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\images\wifi_dialog_cancel_btn.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\addressbar_white.png (5 bytes)
%Program Files%\Tencent\QQBrowser\QQBrowserSecurityCenter.exe (673 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\history\img\closeBtnSearchbar.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\js\init.js (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\searchlogo_24_soso.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\css\style.css (2 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\lib\jquery.mCustomScrollbar.css (9 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\app_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\dock_game_active.png (3 bytes)
%Program Files%\Tencent\QQBrowser\service\QQTrace.ini (3 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\index.html (17 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\unlock_active_ie.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\js\business.js (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\QQBrowser.exe (1661 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\history\img\atbk2.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\lock_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\manifest.json (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\gray.png (501 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\images\plugin2.png (6 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\quicklink_recommendcelltag.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\account_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\js\business.js (8 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\icon_suggested_action.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\account.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Thumb\http___browser.qq.com_new_wechat1.0.html_type=1.jpg (10 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\reader.html (30 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\image\accountInfo.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\navi.ico (15 bytes)
%Program Files%\Tencent\QQBrowser\Html\lib\template.js (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\delete_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\history_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\dock_game.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\image (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\Microsoft.VC90.CRT (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\Microsoft.VC90.CRT\msvcr90.dll (8224 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{C74EB4B8-B51A-4BF7-A213-E29859D69D83}.qrx (15 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\{B00DFF21-511E-4249-BCB9-EECC370D796B} (430 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\small.png (2 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}.qrx (1281 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\searchlogo_24_google.png (919 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\Infobar\image\infobar_offlineurl.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\arrowdown.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\picker_ceil_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\skin_selected_blank_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\unlock_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\wifi_dialog_continue_btn.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\history\img\atbk2.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\delete_hover_ie.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\js\api.js (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\js\global.js (394 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\Infobar\image\infobar_fav.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\TridentCore.dll (9754 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\images\wifi_dialog_close_btn.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\dock_game_hover.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\video\vd.ini (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\{6970B802-2F13-4038-B620-33B0211D26A0} (601 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\lock_hover_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\delete_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\text_light.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\history\img\del2.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\css\app.css (9 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\img\search.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\img (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\delete_hover_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin_hover.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\images\plugin1.png (11 bytes)
%Program Files%\Tencent\QQBrowser\Html\small.html (2 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin\picker_floor.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\images\small_installed_arrow.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\HomePage\0\website\icon.fw.png (8 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Thumb\http___www.3366.com__ADTAG=cop.QQbrowser.8new.jpg (16 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\8.0.0.12\QBSafe.dll (1735 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\app_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\history\css\history.css (8 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\arrowdown_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\HomePage\0\website\imgSearch.png (10 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\addressbar_white.png (5 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\index.html (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\images\bkg.gif (22 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\js\api.js (3 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin\text_light.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\images\searchlogo_24_bing.png (442 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\favicon\index.html#skin.ico (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\blue.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\lib\jquery.easing.js (3 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\images\warn-dialog-close.png (295 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\history\img\up-down.png (999 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\delete_ie.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\img\checkbox.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\unlock_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Liveup\Temp\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Extensions8\Temp\{132A61AD-1025-4629-960D-B21EE8BAABB3}.qrx (17 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\qqtrack.xml (7 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\lib\jquery.easing.js (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\{B00D20E2-207A-431A-9712-E1279792681B} (89 bytes)
%Documents and Settings%\%current user%\Desktop\Ã¤Â¸Å Ã§Â½â€˜Ã¥Â¯Â¼Ã¨Ë†Âª.lnk (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\lock_ie.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\InstModules\QBUtils.dll (12287 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\delete_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\css\style.css (2 bytes)
%Documents and Settings%\%current user%\Desktop\QQÃ¦ÂµÂÃ¨Â§Ë†Ã¥â„¢Â¨.lnk (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}.qrx (1645 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin\skin_selected_white.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\{B00D20E2-207A-431A-9712-E1279792681B} (89 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\image\infobar_close_normal.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\thumb\http___www.3366.com__ADTAG=cop.QQbrowser.8new.jpg (16 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images (4 bytes)
%Program Files%\Tencent\QQBrowser\Html\images\Private-icon.png (3 bytes)
%Program Files%\Tencent\QQBrowser\Infobar\image\infobar_close_active.png (1 bytes)
%Program Files%\Tencent\QQBrowser\service\PerfTraceService.exe (1425 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Adblock\wbg.png (136 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\js\business.js (9 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\history.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\account_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\wifi_dialog_continue_btn.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\arrowdown_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\homepage\0\website\imgSearch.png (10 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\dock_video_hover.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\content.js (30 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Video\vd.ini (1 bytes)
%Program Files%\Tencent\QQBrowser\Infobar\image\infobar_close_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Thumb\http___www.qq.com__pgv_ref=qqBrowserPC.jpg (16 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\images\uninstallBtn.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\js\global.js (1 bytes)
%Program Files%\Tencent\QQBrowser\skin\LightStripes.gt (601 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\default.ico (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin\theme_ie.png (15 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin\picker_floor_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\img\closeBtnSearchbar.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\lock.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\img\atbk2.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Extensions8\Temp\{E5914276-7752-43C4-9723-50EE9CF51AD8}.qrx (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\Infobar\image (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\picker_floor_hover.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\js\business.js (9 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\css\app.css (9 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\image\infobar_close_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\night.png (546 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\picker_ceil.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\quicklink_newcelltag_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images (4 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\delete_hover_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\css\app.css (9 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\app_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\wifi_dialog_cancel_btn.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\js\api.js (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\background.html (122 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin\addressbar_blank.png (5 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\image\accountInfo.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\private.html (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Extensions8\Temp\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}.qrx (244 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\history\img\checkbox.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\unlock_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\app.js (17 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\default-icon.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Resource.dll (673 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\manifest.json (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}.qrx (2105 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin\picker_ceil_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\css\history.css (8 bytes)
%Program Files%\Tencent\QQBrowser\app.ico (284 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\js\tool.js (3 bytes)
%Program Files%\Tencent\QQBrowser\Html\images\shadow-bottom.png (2 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\default-icon.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin_active.png (1 bytes)
%Program Files%\Tencent\QQBrowser\QBUtils.dll (12287 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\js\tool.js (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{44A126BF-51C2-48AD-A593-94B50071EB64}.qrx (39 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\homepage\index.ini (16 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\62B5AF9BE9ADC1085C3C56EC07A82BF6 (224 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\history\history2.js (21 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\small_installed_arrow.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\InstModules\Microsoft.VC90.CRT\msvcr90.dll (4185 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{7E2975A3-E661-42F2-8614-A9D18CBB20FE}.qrx (19 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\css\style.css (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\js\injectReader.js (19 bytes)
%Program Files%\Tencent\QQBrowser\NetWork.dll (673 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\certerror.html (3 bytes)
%Program Files%\Tencent\QQBrowser\TridentCore.dll (7345 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\css\style.css (6 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\dock_video_hover.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}_1\manifest.json (256 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\app.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\unlock_active.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\favicon\index.html#history.ico (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\background.js (31 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\close.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\skin_selected_white.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\hse.png (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\images\bkg.gif (22 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\skin_selected_blank.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Assistant.dll (2321 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\pink.png (716 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\unlock.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\dock_video_hover.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{E5914276-7752-43C4-9723-50EE9CF51AD8}.qrx (16 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\Microsoft.VC90.CRT\msvcp90.dll (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\dock_video_active.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\lock_hover_ie.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\homepage\0\website\bggradient_day.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\thumb\https___mail.qq.com_.jpg (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\QQBrowser.exe (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\searchlogo_24_bing.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\image.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Adblock\whitelist.ze (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\lib\template.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\skin\ThirdParty.gt (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\uninstallBtn.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\account\up.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\image (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\Microsoft.VC90.CRT (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\Infobar\inforBar.html (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\QQBrowserFrame.dll (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\history_active.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\account_active.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{C74EB4B8-B51A-4BF7-A213-E29859D69D83}.qrx (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}.qrx (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\small.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\lib\jquery.easing.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\Infobar\js (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}.qrx (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\CustomerJoinPlan.txt (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\js\api.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\Infobar\image\infobar_offlineurl.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{ACC06D2A-2285-4ed9-B4E4-0F3198501410}.qrx (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Extensions8\Temp\{A1D7EDF6-6151-4F2D-B39E-01D6FABE0325}.qrx (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\skin_selected_blank_ie.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\MouseGesture.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\service\perfctrl.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\Infobar\image\infobar_close_normal.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\service\qqtrack.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Extensions8\Temp\{CD36E3DB-304A-48EF-A8A2-D873F608D2AE}.qrx (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\js\init.js (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{7E2975A3-E661-42F2-8614-A9D18CBB20FE}.qrx (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\manifest.json (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\search_btn.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\TridentCore.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\QQBrowserLiveup.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\css\articlecontent.css (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\private.html (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\picker_floor_hover.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\plugin3.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\js\init.js (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\delete_hover.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\Private-icon.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\text_light.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\db\history.db (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1 (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\delete_active_ie.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\tab_bg_blank.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\css (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\Infobar\image\infobar_close_active.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\quicklink_toast_unlocked.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\default.ico (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Extensions8\Temp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341} (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Adblock\mainlist.ze (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\picker_ceil.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\img\search.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\thumb\http___www.3366.com__ADTAG=cop.QQbrowser.8new.jpg (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Extensions8\Temp\{ACC06D2A-2285-4ed9-B4E4-0F3198501410}.qrx (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\Infobar\css (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\searchbar_searchengine_arrow.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\js (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\app_hover.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\plugin1.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\js\api.js (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin_hover.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\css (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Adblock (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}_1 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\Config.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\navi.ico (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\image\infobar_close_active.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\lib\jquery.min.js (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\app.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\QBExtensionFramework.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\service\7z.exe (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\close.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\css\ycalendar.css (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\homepage (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\pink.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\db\homepage.db (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\homepage\0\website\index.html (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\large_installed_arrow.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\theme_ie.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\certerror.html (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin_active.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\sliderman.1.3.7.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\reader.html (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\history2.js (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\loading.gif (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\{CAA4306F-826C-4c1b-8FC6-571F84949DB4} (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\quicklink_newcelltag.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\js\business.js (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\addressbar_white.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\lib\jquery.mCustomScrollbar.concat.min.js (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\small_installed_arrow.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\Microsoft.VC90.CRT\msvcm90.dll (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manifest.json (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\plugin2.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\js (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\css\style.css (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\skin\DarkStripes.gt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\Microsoft.VC90.CRT\msvcr90.dll (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\img\del2.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Extensions8\{5062F1C6-D76B-43c8-ADAE-D060662C6546} (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\blue.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\QQBrowserSecurityCenter.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\Infobar\image\icon.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\thumb\http___browser.qq.com_new_wechat1.0.html_type=1.jpg (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\green.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Adblock\wbg.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\homepage\0\website\bgsearch_day.jpg (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\installed_arrow.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\Downloader.dll (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\css (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\account\down.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\delete.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\thumb\http___qzone.qq.com_.jpg (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\img\checkbox.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\gray.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\picker_floor.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\lock_hover.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\delete_ie.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Adblock\{43789A6F-8316-54A6-96D4-87874B9CC177} (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\lock_active_ie.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\{B00D20E2-207A-431A-9712-E1279792681B} (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\{3E9C7A5B-D249-4C28-A451-53E1024AD354} (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\Infobar (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\skin_selected_white.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\quicklink_recommendcelltag.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\css (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\{B00DFF21-511E-4249-BCB9-EECC370D796B} (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Extensions8 (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\skin_selected_blank.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\dock_video.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\css\style.css (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\bkg.gif (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\css (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}.qrx (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\thumb (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\EventTracing.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\Infobar\image\infobar_close_hover.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\event (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Extensions8\Temp\{7E2975A3-E661-42F2-8614-A9D18CBB20FE}.qrx (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\content.js (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\img (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\js\search.js (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\small.html (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\js\inforBar.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\css\screen.css (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\homepage\0\website (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}_1\QBSafe.dll (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\dock_game_hover.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\unlock_active.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\event\bg.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\resources.pri (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\searchlogo_24_baidu.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\dock_game.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\QBInstaller.dll (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\warn-dialog-close.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\homepage\0\website\sogou_web.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\js\business.js (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\history.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\nsis_skin.gt (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\favicon (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\wifi_dialog_continue_btn.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\arrowdown_hover.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\QRCode.dll (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\favicon\index.html#app.ico (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Extensions8\Temp\{132A61AD-1025-4629-960D-B21EE8BAABB3}.qrx (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\db\random.db (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\favicon\index.html#account.ico (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\img\atbk1.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\unlock_ie.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}.qrx (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\favicon\index.html#history.ico (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\unlock_hover.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\picker_ceil_hover.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\delete_active.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\Infobar\css\base.css (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\yellow.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\night.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{132A61AD-1025-4629-960D-B21EE8BAABB3}.qrx (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Extensions8\{00000000-0000-0000-0000-000000000000} (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\default-icon.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\lib\ycalendar.js (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\delete_hover_ie.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\service\xperf.exe (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\img\closeBtnSearchbar.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\lock.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\index.html (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\wifi_dialog_close_btn.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\qblogo.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\img\del.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\img\atbk2.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}_1\manifest.json (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\searchlogo_24_sogou.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\hse.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Extensions8\Temp\{E5914276-7752-43C4-9723-50EE9CF51AD8}.qrx (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\lock_active.png (0 bytes)
%Program Files%\Tencent\QQBrowser\manifest.json (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\pixel.gif (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Extensions8\{00000000-0000-0000-0000-000000000000}\jquery.js (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\icon_not_recommended.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\arrowdown_hover_ie.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\license.txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\PrScrn.dll (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\skin_mask.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\wifi_dialog_cancel_btn.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\addressbar_blank.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\css\app.css (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\homepage\0\website\imgSearch.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\thumb\http___tq.qq.com_qbrcenter_index.html_adtag=8gongge.jpg (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\tab_bg_white.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\NetWork.dll (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\background.html (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\service\QQTrace.ini (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\image\accountInfo.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\{6970B802-2F13-4038-B620-33B0211D26A0} (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\skin\LightStripes.gt (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Extensions8\Temp\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}.qrx (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Extensions8\Temp\{C74EB4B8-B51A-4BF7-A213-E29859D69D83}.qrx (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\searchlogo_24_google.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\thumb\qqbrowser_home.jpg (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Extensions8\{5062F1C6-D76B-43c8-ADAE-D060662C6546}\extplayer.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\Dialogs.dll (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\site_text.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\js\global.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Extensions8\Temp\{44A126BF-51C2-48AD-A593-94B50071EB64}.qrx (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\manifest.json (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}.qrx (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\video (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{44A126BF-51C2-48AD-A593-94B50071EB64}.qrx (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\account (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\skin_selected_white_ie.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\error.html (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\quicklink_recommendcelltag_ie.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\css\history.css (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\QBUtils.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\dr.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\thumb\http___s.click.taobao.com_khr1bAy.jpg (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\searchlogo_24_soso.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\image\infobar_close_hover.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\app_active.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\WebpDecodeFilter.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\thumb\http___speed.qq.com_act_a20141103plan_.jpg (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\Infobar\image\infobar_fav.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\qqtrack.xml (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{A1D7EDF6-6151-4F2D-B39E-01D6FABE0325}.qrx (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\js\tool.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\homepage\index.ini (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\Infobar\js\base.js (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{CD36E3DB-304A-48EF-A8A2-D873F608D2AE}.qrx (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\favicon\index.html#skin.ico (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\css (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\index.html (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\{3349050F-829E-4bb2-AACF-03E3A6B68677} (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\tssafeedit.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\thumb\http___www.qq.com__pgv_ref=qqBrowserPC.jpg (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\js\global.js (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\img\up-down.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\Assistant.dll (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\image\infobar_close_normal.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\shadow-bottom.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\lib\jquery.mCustomScrollbar.css (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\service (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\accountInfoBar.html (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\dock_game_active.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\app.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\db (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\img\down.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\Infobar\image (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\unlock_active_ie.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\css\style.css (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\quicklink_toast_locked.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\dock_video_hover.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\UserPinnedTemp\QQÃ¦ÂµÂÃ¨Â§Ë†Ã¥â„¢Â¨.lnk (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\service\PerfTraceService.exe (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\theme.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\js (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\quicklink_newcelltag_ie.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\background.js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\UserPinnedTemp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\Infobar\image\infobar_login.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\Infobar\image\security.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\video\vd.ini (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\unlock_hover_ie.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\lib (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\arrowdown_ie.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\arrowdown.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\Resource.dll (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\account_hover.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\homepage\0\website\icon.fw.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\uninst.exe (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\lock_ie.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\BugReport.exe (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\icon_suggested_action.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\js\injectReader.js (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{E5914276-7752-43C4-9723-50EE9CF51AD8}.qrx (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\account.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\skin (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\homepage\0 (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\unlock.png (0 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\history_hover.png (0 bytes)

The process Browser_V5.5.7852.9_r_4640_(Build1512022057).exe:1232 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\CR_AB8A0.tmp\CHROME.PACKED.7Z (381385 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir1232_31136\stats_uploader.exe (265 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir1232_20897\wow_installer.prefs (235 bytes)
%Program Files%\UCBrowser\Application\Share\install_stats.log (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CR_AB8A0.tmp\SETUP.EX_ (1708 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CR_AB8A0.tmp\setup.exe (17426 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\CR_AB8A0.tmp\CHROME.PACKED.7Z (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir1232_31136\stats_uploader.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CR_AB8A0.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir1232_20897 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CR_AB8A0.tmp\setup.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CR_AB8A0.tmp\SETUP.EX_ (0 bytes)

The process UCService.exe:4044 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Program Files%\UCBrowser\Application\Share\ucsvc_config.dat (339 bytes)
%Program Files%\UCBrowser\Application\ucsvc.log (2097 bytes)

The process UCService.exe:2000 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Program Files%\UCBrowser\Application\ucsvc.log (446 bytes)

The process UCService.exe:2148 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Program Files%\UCBrowser\Application\ucsvc.log (970 bytes)

Registry activity

The process chrmstp.exe:2076 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "BE E0 F0 98 23 B9 09 4E A6 C3 7E 0B 60 9E C3 7B"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\UCBrowser\LastWasDefault]
"S-1-5-21-1844237615-1960408961-1801674531-1003" = "Type: REG_QWORD, Length: 8"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

The Trojan deletes the following value(s) in system registry:

[HKLM\SOFTWARE\UCBrowser\FirstNotDefault]
"S-1-5-21-1844237615-1960408961-1801674531-1003"

The process UCBrowser.exe:3452 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6B C4 36 C1 06 73 71 2A 51 64 5B 53 D3 93 82 87"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

The process UCBrowser.exe:3216 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Classes\.mht\OpenWithProgids]
"UCHTML.AssocFile.MHT" = ""

[HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser\Capabilities\URLAssociations]
"irc" = "UCHTML"
"webcal" = "UCHTML"

[HKCU\Software\UCBrowser\Running]
"utility-3036" = "1"

[HKCR\UCHTML.AssocFile.XHT\DefaultIcon]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe,3"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\DiagL2SecCtlGuid]
"Guid" = "2e8d9ec5-a712-48c4-8ce0-631eb0c1cd65"

[HKCR\UCHTML.AssocFile.CRX\shell\open\command]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe -- %1"

[HKCR\UCHTML.AssocFile.CRX\DefaultIcon]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe,4"

[HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser\InstallInfo]
"ShowIconsCommand" = "%Program Files%\UCBrowser\Application\UCBrowser.exe --show-icons"

[HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser\Capabilities]
"ApplicationDescription" = "UCÃ¦ÂµÂÃ¨Â§Ë†Ã¥â„¢Â¨Ã¦ËœÂ¯Ã¤Â¸â‚¬Ã¦Â¬Â¾Ã¥Â¿Â«Ã©â‚¬Å¸Ã£â‚¬ÂÃ¥Â®â€°Ã¥â€¦Â¨Ã§Å¡â€žÃ©â‚¬Å¡Ã§â€Â¨Ã¦ÂµÂÃ¨Â§Ë†Ã¥â„¢Â¨Ã¯Â¼Å’Ã©â€¡â€¡Ã§â€Â¨TridentÃ¥â€™Å’WebKitÃ¥ÂÅ’Ã¦Â¸Â²Ã¦Å¸â€œÃ¥Â¼â€¢Ã¦â€œÅ½Ã¯Â¼Å’Ã¤Â»Å½Ã¥Â¿Â«Ã©â‚¬Å¸Ã£â‚¬ÂÃ¥Â®â€°Ã¥â€¦Â¨Ã¥Â¤Å¡Ã¤Â¸ÂªÃ¦â€“Â¹Ã©ÂÂ¢Ã¨Â¿â€ºÃ¨Â¡Å’Ã¤Â¼ËœÃ¥Å’â€“Ã¯Â¼Å’Ã¤Â¸ÂºÃ¥Â¹Â¿Ã¥Â¤Â§Ã¤Âºâ€™Ã¨Ââ€Ã§Â½â€˜Ã§â€Â¨Ã¦Ë†Â·Ã¦ÂÂÃ¤Â¾â€ºÃ¦â€ºÂ´Ã¥Â¥Â½Ã§Å¡â€žÃ§â€Â¨Ã¦Ë†Â·Ã¦ÂµÂÃ¨Â§Ë†Ã¤Â½â€œÃ©ÂªÅ’Ã£â‚¬â€š"

[HKCU\Software\UCBrowser\Dispatch]
"cd_recycle" = "10800"

[HKCU\Software\Classes\.htm\OpenWithProgids]
"UCHTML.AssocFile.HTM" = ""

[HKCU\Software\Classes\.shtml\OpenWithProgids]
"UCHTML.AssocFile.SHTML" = ""

[HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser\Capabilities\URLAssociations]
"sms" = "UCHTML"

[HKCU\Software\UCBrowser\BLBeacon]
"Version" = "5.6.11466.7"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml]
"Progid" = "UCHTML.AssocFile.XHTML"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\CtlGuid]
"BitNames" = " DOT11_ASSOCIATE DOT11_ROAMING DOT11_1X DOT11_PNP DOT11_SCAN DOT11_RECEIVE DOT11_SEND DOT11_IOCTL DOT11_OID DOT11_MISC DOT11_UPCALL DOT11_KEYMGR DOT11_PEER DOT11_SOFTAP DOT11_PAM DOT11_REPEATER DOT11_APROUTER DOT11_WME DOT11_CONFIG DOT11_MSM DOT11_MSM_ADAPT DOT11_MSM_SCAN DOT11_MSM_CONNECT DOT11_MSM_SECURITY_PKT DOT11_NOTIFY_OBJECT"

[HKCU\Software\UCBrowser\BLBeacon]
"State" = "1"

[HKCR\UCHTML.AssocFile.MHT\shell\open\command]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe -- %1"

[HKCR\UCHTML.AssocFile.WEBP\DefaultIcon]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe,3"

[HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser\Capabilities\FileAssociations]
".shtm" = "UCHTML.AssocFile.SHTM"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\ServiceCtlGuid]
"Guid" = "0c5a3172-2248-44fd-b9a6-8389cb1dc56a"

[HKCU\Software\Classes\ftp\shell]
"(Default)" = "open"

[HKCR\UCHTML.AssocFile.SHTM\DefaultIcon]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe,3"

[HKCU\Software\Classes\.xht]
"(Default)" = "UCHTML"

[HKCU\Software\Classes\.webp]
"(Default)" = "UCHTML"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtm]
"Progid" = "UCHTML.AssocFile.SHTM"

[HKCR\.shtm\OpenWithProgids]
"UCHTML.AssocFile.SHTM" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webp]
"Progid" = "UCHTML.AssocFile.WEBP"

[HKCU\Software\UCBrowser\Running]
"browser-3216" = "1"

[HKCR\UCHTML.AssocFile.XHTML\DefaultIcon]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe,3"

[HKCU\Software\Classes\.xhtml\OpenWithProgids]
"UCHTML.AssocFile.XHTML" = ""

[HKCR\UCHTML.AssocFile.HTM\DefaultIcon]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe,3"

[HKCU\Software\Classes\http\shell\open\ddeexec]
"(Default)" = ""

[HKCU\Software\UCBrowser\Running]
"utility-3924" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WDiagCoreCtlGuid]
"BitNames" = " WD_LOG_FLAG_INIT WD_LOG_FLAG_RPC WD_LOG_FLAG_EVENT WD_LOG_FLAG_INTERFACE WD_LOG_FLAG_CONNECTION WD_LOG_FLAG_CONTROL WD_LOG_FLAG_LOCKS WD_LOG_FLAG_MEMORY WD_LOG_FLAG_REFERENCES WD_LOG_FLAG_FUNCTION_TRACE WD_LOG_FLAG_ASSERT"

[HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser\Capabilities\FileAssociations]
".crx" = "UCHTML.AssocFile.CRX"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\DiagL2SecCtlGuid]
"BitNames" = " SECHC_LOG_FLAG_ASSERT SECHC_LOG_FLAG_INIT SECHC_LOG_FLAG_DIAG SECHC_LOG_FLAG_ONEX_DIAG SECHC_LOG_FLAG_REPAIR SECHC_LOG_FLAG_STATE SECHC_LOG_FLAG_EXT SECHC_LOG_FLAG_EVENT_LOG SECHC_LOG_FLAG_FUNCTION SECHC_LOG_FLAG_MEMORY SECHC_LOG_FLAG_LOCKS"

[HKCU\Software\UCBrowser\Running]
"utility-1860" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing]
"ControlFlags" = "1"

[HKCU\Software\UCBrowser\BLBeacon]
"failed_count" = "0"

[HKCR\UCHTML.AssocFile.WEBP\shell\open\command]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe -- %1"

[HKCU\Software\Classes\ftp\shell\open\command]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe -- %1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht]
"Progid" = "UCHTML.AssocFile.MHT"

[HKCU\Software\Classes\ftp]
"URL Protocol" = ""

[HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser\Capabilities]
"ApplicationName" = "UCÃ¦ÂµÂÃ¨Â§Ë†Ã¥â„¢Â¨"

[HKCU\Software\Classes\.html]
"(Default)" = "UCHTML"

[HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser\Capabilities\URLAssociations]
"nntp" = "UCHTML"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WLanDiagCtlGuid]
"BitNames" = " WLANHC_AUTOCONFIG WLANHC_RNWFMSM WLANHC_FATMSM WLANHC_DLLMAIN WLANHC_TEST"

[HKCU\Software\Classes\.shtml]
"(Default)" = "UCHTML"

[HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser\Capabilities\URLAssociations]
"https" = "UCHTML"

[HKCR\UCHTML.AssocFile.SHTM\shell\open\command]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe -- %1"

[HKCU\Software\Classes\.crx\OpenWithProgids]
"UCHTML.AssocFile.CRX" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm]
"Progid" = "UCHTML.AssocFile.HTM"

[HKLM\SOFTWARE\UCBrowser]
"usagestats" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Classes\.crx]
"(Default)" = "UCHTML"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtm]
"Progid" = "UCHTML.AssocFile.SHTM"

[HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser\Capabilities\URLAssociations]
"mailto" = "UCHTML"

[HKCR\.htm\OpenWithProgids]
"UCHTML.AssocFile.HTM" = ""

[HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser\Capabilities]
"ApplicationIcon" = "%Program Files%\UCBrowser\Application\UCBrowser.exe,0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht]
"Progid" = "UCHTML.AssocFile.XHT"

[HKCU\Software\UCBrowser\StabilityMetrics]
"user_experience_metrics.stability.exited_cleanly" = "0"

[HKCU\Software\Classes\http\DefaultIcon]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe,0"

[HKLM\SOFTWARE\RegisteredApplications]
"UCBrowser" = "Software\Clients\StartMenuInternet\UCBrowser\Capabilities"

[HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser\Capabilities\FileAssociations]
".shtml" = "UCHTML.AssocFile.SHTML"

[HKCR\UCHTML\CLSID]
"(Default)" = ""

[HKCR\UCHTML.AssocFile.XHTML\shell\open\command]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe -- %1"

[HKCU\Software\UCBrowser\Dispatch]
"us_srv_url" = "http://pcus.ucweb.com/usquery.php"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm]
"Progid" = "UCHTML.AssocFile.HTM"

[HKCU\Software\Microsoft\Windows\CurrentVersion\App Paths\UCBrowser.exe]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe"

[HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser\Capabilities\FileAssociations]
".webp" = "UCHTML.AssocFile.WEBP"

[HKCR\UCHTML\shell\open\command]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe -- %1"

[HKCR\.xhtml\OpenWithProgids]
"UCHTML.AssocFile.XHTML" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webp]
"Progid" = "UCHTML.AssocFile.WEBP"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing]
"Active" = "1"

[HKCU\Software\Microsoft\SystemCertificates\CA\Certificates\5DEB8F339E264C19F6686F5F8F32B54A4C46B476]
"Blob" = "03 00 00 00 01 00 00 00 14 00 00 00 5D EB 8F 33"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crx]
"Progid" = "UCHTML.AssocFile.CRX"

[HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser\Capabilities\FileAssociations]
".htm" = "UCHTML.AssocFile.HTM"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml]
"Progid" = "UCHTML.AssocFile.XHTML"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A1 18 6A CE 29 0B 37 04 24 8F 75 88 4D D9 C9 57"

[HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser\InstallInfo]
"HideIconsCommand" = "%Program Files%\UCBrowser\Application\UCBrowser.exe --hide-icons"

[HKLM\SOFTWARE\UCBrowser\LastWasDefault]
"S-1-5-21-1844237615-1960408961-1801674531-1003" = "Type: REG_QWORD, Length: 8"

[HKCU\Software\Classes\https\DefaultIcon]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe,0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crx]
"Progid" = "UCHTML.AssocFile.CRX"

[HKCU\Software\Classes\http\shell]
"(Default)" = "open"

[HKCR\UCHTML]
"(Default)" = "UC HTML Document"

[HKCU\Software\Classes\.html\OpenWithProgids]
"UCHTML.AssocFile.HTML" = ""

[HKCU\Software\Classes\https\shell]
"(Default)" = "open"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\ServiceCtlGuid]
"BitNames" = " DOT11_AUTOCONF DOT11_AUTOCONF_CLIENT DOT11_AUTOCONF_UI DOT11_FATMSM DOT11_COMMON DOT11_WLANGPA DOT11_CLASS_COINSTALLER"

[HKCU\Software\Classes\ftp\shell\open\ddeexec]
"(Default)" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser\Capabilities\FileAssociations]
".html" = "UCHTML.AssocFile.HTML"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html]
"Progid" = "UCHTML.AssocFile.HTML"

[HKCR\UCHTML\DefaultIcon]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe,1"

[HKCU\Software\UCBrowser]
"lastrun" = "13104063477259875"

[HKCR\UCHTML.AssocFile.HTM\shell\open\command]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe -- %1"

[HKCU\Software\Classes\.shtm\OpenWithProgids]
"UCHTML.AssocFile.SHTM" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\UCBrowser.exe]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe"

[HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser\Capabilities\FileAssociations]
".mht" = "UCHTML.AssocFile.MHT"

[HKCU\Software\Classes\ftp\DefaultIcon]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe,0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml]
"Progid" = "UCHTML.AssocFile.SHTML"

[HKCR\UCHTML.AssocFile.MHT\DefaultIcon]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe,3"

[HKCU\Software\Classes\http]
"URL Protocol" = ""

[HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser\Capabilities\URLAssociations]
"tel" = "UCHTML"
"news" = "UCHTML"

[HKCR\UCHTML.AssocFile.HTML\shell\open\command]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe -- %1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\CtlGuid]
"Guid" = "d905ac1c-65e7-4242-99ea-fe66a8355df8"

[HKCU\Software\Classes\https]
"URL Protocol" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\UCBrowser.exe]
"Path" = "%Program Files%\UCBrowser\Application"

[HKCU\Software\Classes\https\shell\open\ddeexec]
"(Default)" = ""

[HKCR\.mht\OpenWithProgids]
"UCHTML.AssocFile.MHT" = ""

[HKCU\Software\UCBrowser\Running]
"utility-3068" = "1"

[HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser\Capabilities\URLAssociations]
"urn" = "UCHTML"

[HKCR\.crx\OpenWithProgids]
"UCHTML.AssocFile.CRX" = ""

[HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser\Capabilities\URLAssociations]
"ftp" = "UCHTML"

[HKCU\Software\Classes\.htm]
"(Default)" = "UCHTML"

[HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser\Capabilities\FileAssociations]
".xht" = "UCHTML.AssocFile.XHT"

[HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser\Capabilities\URLAssociations]
"mms" = "UCHTML"

[HKCR\.html\OpenWithProgids]
"UCHTML.AssocFile.HTML" = ""

[HKCU\Software\Classes\.mht]
"(Default)" = "UCHTML"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html]
"Progid" = "UCHTML.AssocFile.HTML"

[HKCR\.webp\OpenWithProgids]
"UCHTML.AssocFile.WEBP" = ""

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WLanDiagCtlGuid]
"Guid" = "6da4ddca-0901-4bae-9ad4-7e6030bab531"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WDiagCoreCtlGuid]
"Guid" = "637a0f36-dff5-4b2f-83dd-b106c1c725e2"

[HKCU\Software\Classes\.shtm]
"(Default)" = "UCHTML"

[HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser\shell\open\command]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe"

[HKCU\Software\UCBrowser\Dispatch]
"assign" = "pcs2.wx.ucweb.com:80"

[HKCU\Software\UCBrowser\Running]
"utility-3060" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht]
"Progid" = "UCHTML.AssocFile.MHT"

[HKCU\Software\Classes\.xht\OpenWithProgids]
"UCHTML.AssocFile.XHT" = ""

[HKCR\UCHTML.AssocFile.XHT\shell\open\command]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe -- %1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser\Capabilities\FileAssociations]
".xhtml" = "UCHTML.AssocFile.XHTML"

[HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser\Capabilities\URLAssociations]
"smsto" = "UCHTML"

[HKCU\Software\UCBrowser\Running]
"utility-3452" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser\Capabilities\URLAssociations]
"http" = "UCHTML"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml]
"Progid" = "UCHTML.AssocFile.SHTML"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing]
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser\InstallInfo]
"IconsVisible" = "1"

[HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser\Capabilities\Startmenu]
"StartMenuInternet" = "UCBrowser"

[HKCU\Software\UCBrowser]
"ActivationID" = "{57DF14DC-4950-4589-B65A-B333C91215B6}"

[HKCU\Software\UCBrowser\Running]
"utility-3128" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht]
"Progid" = "UCHTML.AssocFile.XHT"

[HKCU\Software\Classes\.xhtml]
"(Default)" = "UCHTML"

[HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser]
"(Default)" = "UCÃ¦ÂµÂÃ¨Â§Ë†Ã¥â„¢Â¨"

[HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser\DefaultIcon]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe,0"

[HKCR\.shtml\OpenWithProgids]
"UCHTML.AssocFile.SHTML" = ""

[HKCR\UCHTML.AssocFile.SHTML\shell\open\command]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe -- %1"

[HKCR\TypeLib\{1EA4DBF0-3C3B-11CF-810C-00AA00389B71}\1.1\0\win32]
"(Default)" = "%System%\oleacc.dll"

[HKCR\UCHTML.AssocFile.SHTML\DefaultIcon]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe,3"

[HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser\InstallInfo]
"ReinstallCommand" = "%Program Files%\UCBrowser\Application\UCBrowser.exe --make-default-browser"

[HKCU\Software\Microsoft\Windows\CurrentVersion\App Paths\UCBrowser.exe]
"Path" = "%Program Files%\UCBrowser\Application"

[HKCR\UCHTML.AssocFile.HTML\DefaultIcon]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe,3"

[HKCU\Software\UCBrowser\Running]
"utility-3048" = "1"

[HKCU\Software\Clients\StartmenuInternet]
"(Default)" = "UCBrowser"

[HKCU\Software\Classes\https\shell\open\command]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe -- %1"

[HKCU\Software\Classes\.webp\OpenWithProgids]
"UCHTML.AssocFile.WEBP" = ""

[HKCU\Software\Classes\http\shell\open\command]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe -- %1"

[HKCR\.xht\OpenWithProgids]
"UCHTML.AssocFile.XHT" = ""

The Trojan deletes the following registry key(s):

[HKCU\Software\UCBrowser\BLFinchList]
[HKCU\Software\UCBrowser\Running]

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\UCBrowser\Running]
"utility-3128"
"utility-3048"
"utility-3924"

[HKLM\SOFTWARE\UCBrowser\FirstNotDefault]
"S-1-5-21-1844237615-1960408961-1801674531-1003"

[HKCU\Software\UCBrowser\Running]
"utility-3036"
"utility-3068"
"renderer--1"

[HKCU\Software\Microsoft\SystemCertificates\CA\Certificates]
"5DEB8F339E264C19F6686F5F8F32B54A4C46B476"

[HKCU\Software\UCBrowser\Running]
"utility-1860"
"utility-3060"

The process UCBrowser.exe:2320 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "40 6E 73 DA 90 66 A9 2C 69 1B B9 03 98 42 C1 32"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

The process UCBrowser.exe:2228 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\UCBrowser\BLBeacon]
"State" = "2"
"failed_count" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

The process UCBrowser.exe:3924 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "DB 1A BC A0 E5 EC AE BC 6B 9F 53 CA 46 22 F8 3F"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

The process UCBrowser.exe:3048 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D6 AC 4D E0 6A D9 14 4A 27 A8 B1 84 5A 64 F9 BE"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

The process UCBrowser.exe:2300 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F0 B3 1B EA C7 5F 2A DF AD E8 BE 7C 1C B7 E1 AF"

[HKCU\Software\UCBrowser\Running]
"browser-2300" = "1"

[HKCU\Software\UCBrowser\BLBeacon]
"State" = "2"
"failed_count" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

The Trojan deletes the following registry key(s):

[HKCU\Software\UCBrowser\Running]

The process UCBrowser.exe:3036 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "71 6A B9 BC 2C F2 94 F7 FF 6D 13 11 1D A3 6E EB"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

The process UCBrowser.exe:3240 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 22 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "3C 12 30 EC EA 6E A6 CF EC 32 8B 9E AA 8C E6 93"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process UCBrowser.exe:1308 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser\Capabilities\URLAssociations]
"irc" = "UCHTML"

[HKCU\Software\Classes\UCHTML.AssocFile.HTM\shell\open\command]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe -- %1"

[HKCR\UCHTML.AssocFile.XHT\DefaultIcon]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe,3"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\DiagL2SecCtlGuid]
"Guid" = "2e8d9ec5-a712-48c4-8ce0-631eb0c1cd65"

[HKCU\Software\Classes\UCHTML.AssocFile.MHT\shell\open\command]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe -- %1"

[HKCR\UCHTML.AssocFile.CRX\shell\open\command]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe -- %1"

[HKCR\UCHTML.AssocFile.CRX\DefaultIcon]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe,4"

[HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser\InstallInfo]
"ShowIconsCommand" = "%Program Files%\UCBrowser\Application\UCBrowser.exe --show-icons"

[HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser\Capabilities]
"ApplicationDescription" = "UCÃ¦ÂµÂÃ¨Â§Ë†Ã¥â„¢Â¨Ã¦ËœÂ¯Ã¤Â¸â‚¬Ã¦Â¬Â¾Ã¥Â¿Â«Ã©â‚¬Å¸Ã£â‚¬ÂÃ¥Â®â€°Ã¥â€¦Â¨Ã§Å¡â€žÃ©â‚¬Å¡Ã§â€Â¨Ã¦ÂµÂÃ¨Â§Ë†Ã¥â„¢Â¨Ã¯Â¼Å’Ã©â€¡â€¡Ã§â€Â¨TridentÃ¥â€™Å’WebKitÃ¥ÂÅ’Ã¦Â¸Â²Ã¦Å¸â€œÃ¥Â¼â€¢Ã¦â€œÅ½Ã¯Â¼Å’Ã¤Â»Å½Ã¥Â¿Â«Ã©â‚¬Å¸Ã£â‚¬ÂÃ¥Â®â€°Ã¥â€¦Â¨Ã¥Â¤Å¡Ã¤Â¸ÂªÃ¦â€“Â¹Ã©ÂÂ¢Ã¨Â¿â€ºÃ¨Â¡Å’Ã¤Â¼ËœÃ¥Å’â€“Ã¯Â¼Å’Ã¤Â¸ÂºÃ¥Â¹Â¿Ã¥Â¤Â§Ã¤Âºâ€™Ã¨Ââ€Ã§Â½â€˜Ã§â€Â¨Ã¦Ë†Â·Ã¦ÂÂÃ¤Â¾â€ºÃ¦â€ºÂ´Ã¥Â¥Â½Ã§Å¡â€žÃ§â€Â¨Ã¦Ë†Â·Ã¦ÂµÂÃ¨Â§Ë†Ã¤Â½â€œÃ©ÂªÅ’Ã£â‚¬â€š"

[HKCU\Software\Classes\UCHTML.AssocFile.SHTML\shell\open\command]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe -- %1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml]
"Progid" = "UCHTML.AssocFile.XHTML"

[HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser\Capabilities\URLAssociations]
"webcal" = "UCHTML"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\CtlGuid]
"BitNames" = " DOT11_ASSOCIATE DOT11_ROAMING DOT11_1X DOT11_PNP DOT11_SCAN DOT11_RECEIVE DOT11_SEND DOT11_IOCTL DOT11_OID DOT11_MISC DOT11_UPCALL DOT11_KEYMGR DOT11_PEER DOT11_SOFTAP DOT11_PAM DOT11_REPEATER DOT11_APROUTER DOT11_WME DOT11_CONFIG DOT11_MSM DOT11_MSM_ADAPT DOT11_MSM_SCAN DOT11_MSM_CONNECT DOT11_MSM_SECURITY_PKT DOT11_NOTIFY_OBJECT"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCR\UCHTML.AssocFile.MHT\shell\open\command]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe -- %1"

[HKCR\UCHTML.AssocFile.WEBP\DefaultIcon]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe,3"

[HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser\Capabilities\FileAssociations]
".shtm" = "UCHTML.AssocFile.SHTM"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\ServiceCtlGuid]
"Guid" = "0c5a3172-2248-44fd-b9a6-8389cb1dc56a"

[HKCU\Software\Classes\ftp\shell]
"(Default)" = "open"

[HKCR\UCHTML.AssocFile.SHTM\DefaultIcon]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe,3"

[HKCU\Software\Classes\.webp]
"(Default)" = "UCHTML"

[HKCU\Software\Classes\UCHTML.AssocFile.SHTML\DefaultIcon]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe,3"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtm]
"Progid" = "UCHTML.AssocFile.SHTM"

[HKCU\Software\Classes\UCHTML.AssocFile.XHT\shell\open\command]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe -- %1"

[HKCR\.shtm\OpenWithProgids]
"UCHTML.AssocFile.SHTM" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webp]
"Progid" = "UCHTML.AssocFile.WEBP"

[HKCR\UCHTML.AssocFile.XHTML\DefaultIcon]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe,3"

[HKCR\UCHTML.AssocFile.HTM\DefaultIcon]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe,3"

[HKCU\Software\Classes\http\shell\open\ddeexec]
"(Default)" = ""

[HKCU\Software\Classes\ftp]
"URL Protocol" = ""

[HKCR\.xhtml\OpenWithProgids]
"UCHTML.AssocFile.XHTML" = ""

[HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser\Capabilities\FileAssociations]
".crx" = "UCHTML.AssocFile.CRX"

[HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser\InstallInfo]
"HideIconsCommand" = "%Program Files%\UCBrowser\Application\UCBrowser.exe --hide-icons"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing]
"ControlFlags" = "1"

[HKCR\UCHTML.AssocFile.WEBP\shell\open\command]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe -- %1"

[HKCU\Software\Classes\UCHTML.AssocFile.MHT\DefaultIcon]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe,3"

[HKCU\Software\Classes\UCHTML.AssocFile.WEBP\DefaultIcon]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe,3"

[HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser\Capabilities]
"ApplicationName" = "UCÃ¦ÂµÂÃ¨Â§Ë†Ã¥â„¢Â¨"

[HKCU\Software\Classes\.html]
"(Default)" = "UCHTML"

[HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser\Capabilities\URLAssociations]
"nntp" = "UCHTML"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WLanDiagCtlGuid]
"BitNames" = " WLANHC_AUTOCONFIG WLANHC_RNWFMSM WLANHC_FATMSM WLANHC_DLLMAIN WLANHC_TEST"

[HKCU\Software\Classes\UCHTML.AssocFile.XHT\DefaultIcon]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe,3"

[HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser\Capabilities\URLAssociations]
"https" = "UCHTML"

[HKCR\UCHTML.AssocFile.SHTM\shell\open\command]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe -- %1"

[HKCU\Software\Classes\UCHTML.AssocFile.HTML\shell\open\command]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe -- %1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm]
"Progid" = "UCHTML.AssocFile.HTM"

[HKLM\SOFTWARE\UCBrowser]
"usagestats" = "0"

[HKCU\Software\Classes\.crx]
"(Default)" = "UCHTML"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtm]
"Progid" = "UCHTML.AssocFile.SHTM"

[HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser\Capabilities\URLAssociations]
"mailto" = "UCHTML"

[HKCR\.htm\OpenWithProgids]
"UCHTML.AssocFile.HTM" = ""

[HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser\Capabilities]
"ApplicationIcon" = "%Program Files%\UCBrowser\Application\UCBrowser.exe,0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht]
"Progid" = "UCHTML.AssocFile.XHT"

[HKLM\SOFTWARE\UCBrowser\FirstNotDefault]
"S-1-5-21-1844237615-1960408961-1801674531-1003" = "Type: REG_QWORD, Length: 8"

[HKCU\Software\UCBrowser\StabilityMetrics]
"user_experience_metrics.stability.exited_cleanly" = "1"

[HKCU\Software\Classes\http\DefaultIcon]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe,0"

[HKLM\SOFTWARE\RegisteredApplications]
"UCBrowser" = "Software\Clients\StartMenuInternet\UCBrowser\Capabilities"

[HKCU\Software\Classes\UCHTML.AssocFile.XHTML\shell\open\command]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe -- %1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\DiagL2SecCtlGuid]
"BitNames" = " SECHC_LOG_FLAG_ASSERT SECHC_LOG_FLAG_INIT SECHC_LOG_FLAG_DIAG SECHC_LOG_FLAG_ONEX_DIAG SECHC_LOG_FLAG_REPAIR SECHC_LOG_FLAG_STATE SECHC_LOG_FLAG_EXT SECHC_LOG_FLAG_EVENT_LOG SECHC_LOG_FLAG_FUNCTION SECHC_LOG_FLAG_MEMORY SECHC_LOG_FLAG_LOCKS"

[HKCR\UCHTML\CLSID]
"(Default)" = ""

[HKCR\UCHTML.AssocFile.XHTML\shell\open\command]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe -- %1"

[HKCU\Software\Classes\UCHTML.AssocFile.SHTM\DefaultIcon]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe,3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm]
"Progid" = "UCHTML.AssocFile.HTM"

[HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser\Capabilities\FileAssociations]
".webp" = "UCHTML.AssocFile.WEBP"

[HKCU\Software\Classes\UCHTML.AssocFile.SHTM\shell\open\command]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe -- %1"

[HKCR\UCHTML\shell\open\command]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe -- %1"

[HKCU\Software\Classes\.xht]
"(Default)" = "UCHTML"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webp]
"Progid" = "UCHTML.AssocFile.WEBP"

[HKCU\Software\Classes\UCHTML.AssocFile.XHTML\DefaultIcon]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe,3"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crx]
"Progid" = "UCHTML.AssocFile.CRX"

[HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser\Capabilities\FileAssociations]
".htm" = "UCHTML.AssocFile.HTM"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml]
"Progid" = "UCHTML.AssocFile.XHTML"

[HKCU\Software\Classes\UCHTML.AssocFile.CRX\shell\open\command]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe -- %1"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "25 C8 29 61 C3 60 29 94 C5 95 60 26 86 A9 6D 02"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht]
"Progid" = "UCHTML.AssocFile.MHT"

[HKCU\Software\Classes\UCHTML.AssocFile.HTM\DefaultIcon]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe,3"

[HKCU\Software\Classes\https\DefaultIcon]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe,0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crx]
"Progid" = "UCHTML.AssocFile.CRX"

[HKCU\Software\Classes\http\shell]
"(Default)" = "open"

[HKCR\UCHTML]
"(Default)" = "UC HTML Document"

[HKCU\Software\Classes\https]
"URL Protocol" = ""

[HKCU\Software\Classes\https\shell]
"(Default)" = "open"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\ServiceCtlGuid]
"BitNames" = " DOT11_AUTOCONF DOT11_AUTOCONF_CLIENT DOT11_AUTOCONF_UI DOT11_FATMSM DOT11_COMMON DOT11_WLANGPA DOT11_CLASS_COINSTALLER"

[HKCU\Software\Classes\ftp\shell\open\ddeexec]
"(Default)" = ""

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WDiagCoreCtlGuid]
"BitNames" = " WD_LOG_FLAG_INIT WD_LOG_FLAG_RPC WD_LOG_FLAG_EVENT WD_LOG_FLAG_INTERFACE WD_LOG_FLAG_CONNECTION WD_LOG_FLAG_CONTROL WD_LOG_FLAG_LOCKS WD_LOG_FLAG_MEMORY WD_LOG_FLAG_REFERENCES WD_LOG_FLAG_FUNCTION_TRACE WD_LOG_FLAG_ASSERT"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser\Capabilities\FileAssociations]
".html" = "UCHTML.AssocFile.HTML"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html]
"Progid" = "UCHTML.AssocFile.HTML"

[HKCR\UCHTML\DefaultIcon]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe,1"

[HKCR\.shtml\OpenWithProgids]
"UCHTML.AssocFile.SHTML" = ""

[HKCR\UCHTML.AssocFile.HTM\shell\open\command]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe -- %1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\UCBrowser.exe]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe"

[HKCU\Software\Classes\UCHTML.AssocFile.WEBP\shell\open\command]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe -- %1"

[HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser\Capabilities\FileAssociations]
".mht" = "UCHTML.AssocFile.MHT"

[HKCU\Software\Classes\ftp\DefaultIcon]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe,0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml]
"Progid" = "UCHTML.AssocFile.SHTML"

[HKCR\UCHTML.AssocFile.MHT\DefaultIcon]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe,3"

[HKCU\Software\Classes\http]
"URL Protocol" = ""

[HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser\Capabilities\URLAssociations]
"tel" = "UCHTML"
"news" = "UCHTML"

[HKCR\UCHTML.AssocFile.HTML\shell\open\command]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe -- %1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\CtlGuid]
"Guid" = "d905ac1c-65e7-4242-99ea-fe66a8355df8"

[HKCU\Software\Classes\.shtml]
"(Default)" = "UCHTML"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\UCBrowser.exe]
"Path" = "%Program Files%\UCBrowser\Application"

[HKCU\Software\Classes\https\shell\open\ddeexec]
"(Default)" = ""

[HKCR\.mht\OpenWithProgids]
"UCHTML.AssocFile.MHT" = ""

[HKCU\Software\Classes\UCHTML]
"(Default)" = "UC HTML Document"

[HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser\Capabilities\URLAssociations]
"urn" = "UCHTML"
"ftp" = "UCHTML"

[HKCU\Software\Classes\.htm]
"(Default)" = "UCHTML"

[HKCU\Software\Classes\UCHTML.AssocFile.HTML\DefaultIcon]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe,3"

[HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser\Capabilities\FileAssociations]
".shtml" = "UCHTML.AssocFile.SHTML"
".xht" = "UCHTML.AssocFile.XHT"

[HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser\Capabilities\URLAssociations]
"mms" = "UCHTML"

[HKCR\.crx\OpenWithProgids]
"UCHTML.AssocFile.CRX" = ""

[HKCU\Software\Classes\.mht]
"(Default)" = "UCHTML"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html]
"Progid" = "UCHTML.AssocFile.HTML"

[HKCR\.webp\OpenWithProgids]
"UCHTML.AssocFile.WEBP" = ""

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WLanDiagCtlGuid]
"Guid" = "6da4ddca-0901-4bae-9ad4-7e6030bab531"

[HKCU\Software\Classes\UCHTML\shell\open\command]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe -- %1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WDiagCoreCtlGuid]
"Guid" = "637a0f36-dff5-4b2f-83dd-b106c1c725e2"

[HKCU\Software\Classes\.shtm]
"(Default)" = "UCHTML"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser\shell\open\command]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht]
"Progid" = "UCHTML.AssocFile.MHT"

[HKCR\.html\OpenWithProgids]
"UCHTML.AssocFile.HTML" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCR\UCHTML.AssocFile.XHT\shell\open\command]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe -- %1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser\Capabilities\FileAssociations]
".xhtml" = "UCHTML.AssocFile.XHTML"

[HKCU\Software\Classes\ftp\shell\open\command]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe -- %1"

[HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser\Capabilities\URLAssociations]
"smsto" = "UCHTML"
"sms" = "UCHTML"
"http" = "UCHTML"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml]
"Progid" = "UCHTML.AssocFile.SHTML"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing]
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser\InstallInfo]
"IconsVisible" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht]
"Progid" = "UCHTML.AssocFile.XHT"

[HKCU\Software\Classes\.xhtml]
"(Default)" = "UCHTML"

[HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser]
"(Default)" = "UCÃ¦ÂµÂÃ¨Â§Ë†Ã¥â„¢Â¨"

[HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser\DefaultIcon]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe,0"

[HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser\Capabilities\Startmenu]
"StartMenuInternet" = "UCBrowser"

[HKCR\UCHTML.AssocFile.SHTML\shell\open\command]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe -- %1"

[HKCR\UCHTML.AssocFile.SHTML\DefaultIcon]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe,3"

[HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser\InstallInfo]
"ReinstallCommand" = "%Program Files%\UCBrowser\Application\UCBrowser.exe --make-default-browser"

[HKCU\Software\Classes\UCHTML\CLSID]
"(Default)" = ""

[HKCU\Software\Classes\UCHTML.AssocFile.CRX\DefaultIcon]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe,4"

[HKCR\UCHTML.AssocFile.HTML\DefaultIcon]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe,3"

[HKCU\Software\UCBrowser\Running]
"browser-1308" = "1"

[HKCU\Software\Clients\StartmenuInternet]
"(Default)" = "UCBrowser"

[HKCU\Software\Classes\https\shell\open\command]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe -- %1"

[HKCU\Software\Classes\http\shell\open\command]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe -- %1"

[HKCR\.xht\OpenWithProgids]
"UCHTML.AssocFile.XHT" = ""

[HKCU\Software\Classes\UCHTML\DefaultIcon]
"(Default)" = "%Program Files%\UCBrowser\Application\UCBrowser.exe,1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\UCBrowser\Running]
"browser-1308"

The process UCBrowser.exe:1860 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "35 22 2A B7 8A 4B 6E 43 6C 73 39 BC 77 43 25 46"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"
"Favorites" = "%Documents and Settings%\%current user%\Favorites"

The process UCBrowser.exe:3060 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "EA F7 EC A5 FD 8C A7 D9 1E 05 82 38 E5 59 24 52"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

The process UCBrowser.exe:3128 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "79 9D 52 CA 26 50 46 6C 69 8B FF C3 11 BA 47 3C"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

The process UCBrowser.exe:3736 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 25 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "71 F6 0D 04 8E 7A 11 96 C7 E5 D3 FC 46 4C 89 EB"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process UCBrowser.exe:2376 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "EE 77 22 38 42 F2 89 2D 4F A6 84 D2 26 51 1D FF"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

The process UCBrowser.exe:3068 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C4 7B 3A E5 42 60 B2 E0 79 10 9B CF 63 FF 35 7B"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

The process UCBrowser.exe:292 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "82 B0 E2 5A 22 F6 5E CA F8 97 92 0C 03 59 43 AC"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

The process UCBrowser.exe:2780 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "3D 0C F4 EF E7 F7 AA 8F 37 CA 67 D2 CF C5 1B 83"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

The process 1332280.exe:3900 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 24 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "27 8B AC F8 C8 83 E6 F0 45 A8 F2 2E 7E 7C 92 D2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCR\CLSID\{CAA2D3B1-4BB5-4a45-A17A-122773379D99}]
"ProcID" = "{C04F6F76-2204-6648-3030-303030303030}"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process sc.exe:844 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "66 03 E6 59 89 D3 E9 E1 9B 29 3B 9A E4 BE C4 66"

The process sc.exe:432 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6D 5A 09 18 1A 68 F3 85 A8 B5 6A 47 16 C5 1B 9F"

The process stats_uploader.exe:704 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "70 8C 32 1B F5 D2 C8 1F C9 90 0B CD 13 80 E7 8B"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 21 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process stats_uploader.exe:3308 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "44 82 BE 97 63 89 E0 FA 88 88 66 01 95 D9 07 00"

The process stats_uploader.exe:3280 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 23 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "52 EB 4E 99 0C D1 2A CD 66 2A 64 D4 59 D2 1D 74"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process setup.exe:1288 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\System\CurrentControlSet\Services\UCGuard\Instances\ucguard]
"Flags" = "0"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\%Program Files%\UCBrowser,"

[HKLM\System\CurrentControlSet\Services\UCGuard]
"DebugLevel" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UCBrowser]
"VersionMajor" = "11466"

[HKLM\System\CurrentControlSet\Services\UCGuard\Instances]
"DefaultInstance" = "ucguard"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UCBrowser]
"NoRepair" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\UCBrowser\Commands\on-os-upgrade]
"CommandLine" = "%Program Files%\UCBrowser\Application\5.6.11466.7\Installer\setup.exe --on-os-upgrade --system-level --verbose-logging"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{65122CB0-EA0F-47DF-A953-017170ED12F9}]
"IsInstalled" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UCBrowser]
"DisplayName" = "UCÃ¦ÂµÂÃ¨Â§Ë†Ã¥â„¢Â¨"

[HKCU\Software\UCBrowser]
"PreDefaultBrowser" = "htmlfile"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UCBrowser]
"NoModify" = "1"
"DisplayIcon" = "%Program Files%\UCBrowser\Application\UCBrowser.exe,0"

[HKLM\SOFTWARE\UCBrowser]
"InstallerError" = "0"
"InstallTime" = "Type: REG_QWORD, Length: 8"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\UCBrowser]
"UninstallArguments" = " --uninstall --system-level"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"

[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{65122CB0-EA0F-47DF-A953-017170ED12F9}]
"StubPath" = "%Program Files%\UCBrowser\Application\5.6.11466.7\Installer\chrmstp.exe --configure-user-settings --verbose-logging --system-level"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UCBrowser]
"DisplayVersion" = "5.6.11466.7"

[HKLM\System\CurrentControlSet\Services\UCGuard\Instances\ucguard]
"Altitude" = "888999"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UCBrowser]
"Version" = "5.6.11466.7"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKLM\SOFTWARE\UCBrowser]
"oopcrashes" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKLM\SOFTWARE\UCBrowser]
"InstallerSuccessLaunchCmdLine" = "%Program Files%\UCBrowser\Application\UCBrowser.exe"

[HKLM\System\CurrentControlSet\Services\UCGuard]
"DependOnService" = "FltMgr"

[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{65122CB0-EA0F-47DF-A953-017170ED12F9}]
"(Default)" = "UCÃ¦ÂµÂÃ¨Â§Ë†Ã¥â„¢Â¨"

[HKLM\System\CurrentControlSet\Services\UCGuard]
"ImagePath" = "system32\DRIVERS\ucguard.sys"

[HKLM\SOFTWARE\UCBrowser\Commands\on-os-upgrade]
"AutoRunOnOSUpgrade" = "1"

[HKLM\System\CurrentControlSet\Services\UCGuard]
"Group" = "PNP_TDI"

[HKLM\SOFTWARE\UCBrowser]
"FirstLaunchSwitches" = "--wow-enable-user-experience=default --wow-make-chrome-default=true"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UCBrowser]
"InstallDate" = "20160402"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"

[HKLM\SOFTWARE\UCBrowser]
"InstallerExtraCode1" = "9"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B9 90 56 72 91 22 A7 33 5C 67 D6 BE 10 63 2F 5C"

[HKLM\SOFTWARE\UCBrowser]
"InstallerResult" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UCBrowser]
"VersionMinor" = "7"

[HKLM\System\CurrentControlSet\Services\UCGuard]
"Type" = "1"

[HKLM\SOFTWARE\UCBrowser]
"pv" = "5.6.11466.7"
"Name" = "UCÃ¦ÂµÂÃ¨Â§Ë†Ã¥â„¢Â¨"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\System\CurrentControlSet\Services\UCGuard]
"Tag" = "2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UCBrowser]
"Publisher" = "Ã¥Â¹Â¿Ã¥Â·Å¾Ã¥Â¸â€šÃ¥Å Â¨Ã¦â„¢Â¯Ã¨Â®Â¡Ã§Â®â€”Ã¦Å“ÂºÃ§Â§â€˜Ã¦Å â‚¬Ã¦Å“â€°Ã©â„¢ÂÃ¥â€¦Â¬Ã¥ÂÂ¸"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\UCBrowser]
"UninstallString" = "%Program Files%\UCBrowser\Application\Uninstall.exe"

[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{65122CB0-EA0F-47DF-A953-017170ED12F9}]
"Version" = "43,0,0,0"

[HKLM\SOFTWARE\UCBrowser]
"ap" = "-stage:refreshing_policy"

[HKCU\Software\UCBrowser]
"Path" = "%Program Files%\UCBrowser\Application"

[HKLM\System\CurrentControlSet\Services\UCGuard]
"ErrorControl" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UCBrowser]
"UninstallString" = "%Program Files%\UCBrowser\Application\Uninstall.exe --uninstall --system-level"
"InstallLocation" = "%Program Files%\UCBrowser\Application"

[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{65122CB0-EA0F-47DF-A953-017170ED12F9}]
"Localized Name" = "UCÃ¦ÂµÂÃ¨Â§Ë†Ã¥â„¢Â¨"

[HKLM\SOFTWARE\UCBrowser]
"installId" = "{57DF14DC-4950-4589-B65A-B333C91215B6}"

Adds a rule to the firewall Windows which allows any network activity:

The following driver will be automatically launched by the NT Native code (IoInitSystem method):

[HKLM\System\CurrentControlSet\Services\UCGuard]
"Start" = "1"

The Trojan deletes the following value(s) in system registry:

[HKLM\SOFTWARE\UCBrowser]
"ap"
"InstallerExtraCode1"

The process kinst_1_644.exe:576 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "23 1E 59 6A 3B 7E 34 D2 37 33 5C 2D BA B2 E0 79"

[HKCR\CLSID\{79B5BC47-CEA1-4772-B433-7D1B3139F278}\Implemented Categories\{607568DD-B059-434b-B7E7-38EC51998F8E}]
"Guid" = "A042DF7C169A40A8B3954CC2E3BFEE37"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Documents and Settings%\%current user%\Local Settings\Temp]
"kinst_1_644.exe" = "%Documents and Settings%\%current user%\Local Settings\Temp\kinst_1_644.exe:*:Enabled:KInstallTool"

The process QQBrowser.exe:976 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E8 E4 79 46 AA 27 26 FB 72 43 2F B9 89 F7 AC 92"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

The process QQBrowser.exe:600 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1E 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "02 F8 19 42 34 75 82 3D D5 9F B1 45 FA 4F 96 04"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process QQBrowser.exe:1964 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 20 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "36 33 1C 1E 64 10 DC 41 64 FF 86 82 9F A1 0D CD"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process QQBrowser.exe:952 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "93 A0 7C 53 34 32 B0 D4 00 5B D0 CA 73 2C BC 77"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

The process QQBrowser.exe:1344 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "51 20 E1 45 77 FF 33 2D BE B8 70 8F 7B 0D 0A 17"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

The process QQBrowser.exe:248 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Classes\ftp\shell\open\ddeexec]
"(Default)" = ""

[HKCU\Software\Classes\ftp\DefaultIcon]
"(Default)" = "%Program Files%\Tencent\QQBrowser\QQBrowser.exe,0"

[HKCU\Software\Classes\https\shell]
"(Default)" = "open"

[HKCU\Software\Classes\ftp\shell]
"(Default)" = "open"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\Tencent\QQBrowser]
"QQBrowser.exe" = "QQÃ¦ÂµÂÃ¨Â§Ë†Ã¥â„¢Â¨"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKCU\Software\Classes\http\shell]
"(Default)" = "open"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Classes\http\DefaultIcon]
"(Default)" = "%Program Files%\Tencent\QQBrowser\QQBrowser.exe,0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCU\Software\Classes\ftp\shell\open\command]
"(Default)" = "%Program Files%\Tencent\QQBrowser\QQBrowser.exe -- %1"

[HKCU\Software\Classes\https\shell\open\ddeexec]
"(Default)" = ""

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "85 72 F0 C6 A6 BF A9 71 5A 51 2B 02 B1 DB 9F 46"

[HKCU\Software\Classes\http\shell\open\ddeexec]
"(Default)" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Classes\https\DefaultIcon]
"(Default)" = "%Program Files%\Tencent\QQBrowser\QQBrowser.exe,0"

[HKCU\Software\Classes\https\shell\open\command]
"(Default)" = "%Program Files%\Tencent\QQBrowser\QQBrowser.exe -- %1"

[HKCU\Software\Classes\http\shell\open\command]
"(Default)" = "%Program Files%\Tencent\QQBrowser\QQBrowser.exe -- %1"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

"IntranetName" = "1"

The process QQBrowser.exe:524 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8B 17 6F 17 CD 7E AB 35 97 32 D2 6D B2 6D E5 91"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

The process QQBrowser.exe:340 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCR\QQBrowser.Protocol]
"(Default)" = "QQBrowser Protocol"

[HKCR\CLSID\{0002DF01-0000-0000-C000-000000000046}\LocalServer32]
"(Default)" = "%Program Files%\Internet Explorer\iexplore.exe"

[HKCR\Tencent.QQBrowser.Default\.exe\shell\open\command]
"(Default)" = "%Program Files%\Tencent\QQBrowser\QQBrowser.exe %*"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQBrowser.exe]
"DisableExceptionChainValidation" = "0"

[HKLM\SOFTWARE\Tencent\QQBrowser\Capabilities\URLAssociations]
"http" = "QQBrowser.Protocol"

[HKCR\QQBrowser.File\DefaultIcon]
"(Default)" = "%Program Files%\Tencent\QQBrowser\QQBrowser.exe,0"

[HKCR\QQBrowser.Protocol\shell\open\command]
"(Default)" = "%Program Files%\Tencent\QQBrowser\QQBrowser.exe -- %1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCR\QQBrowser.File\shell\open\command]
"(Default)" = "%Program Files%\Tencent\QQBrowser\QQBrowser.exe -- %1"

[HKCR\Tencent.QQBrowser.Default\.exe\shell]
"(Default)" = "open"

[HKLM\SOFTWARE\Tencent\QQBrowser\Capabilities\FileAssociations]
".xhtml" = "QQBrowser.File"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\RegisteredApplications]
"QQBrowser" = "Software\Tencent\QQBrowser\Capabilities"

[HKCU\Software\Tencent\QQBrowser\InstallInfo]
"FirstLaunch" = "1"

[HKLM\SOFTWARE\Tencent\QQBrowser\Capabilities\FileAssociations]
".xht" = "QQBrowser.File"

[HKCR\QQBrowser.Protocol\shell]
"(Default)" = "open"

[HKLM\SOFTWARE\Tencent\QQBrowser\CurrentVersion\App Paths\QQBrowser.exe]
"(Default)" = "%Program Files%\Tencent\QQBrowser\QQBrowser.exe"

[HKCR\QQBrowser.Protocol\DefaultIcon]
"(Default)" = "%Program Files%\Tencent\QQBrowser\QQBrowser.exe,0"

[HKCR\QQBrowser.File]
"URL Protocol" = ""

[HKCR\QQBrowser.File\shell]
"(Default)" = "open"

[HKLM\SOFTWARE\Tencent\QQBrowser\Capabilities\FileAssociations]
".mht" = "QQBrowser.File"
".mhtml" = "QQBrowser.File"

[HKCR\Tencent.QQBrowser.Default\.exe\shell\run\command]
"(Default)" = "%Program Files%\Tencent\QQBrowser\QQBrowser.exe %*"

[HKLM\SOFTWARE\Tencent\QQBrowser\Capabilities\FileAssociations]
".shtml" = "QQBrowser.File"

[HKCR\QQBrowser.File]
"AppUserModelID" = "Tencent.QQBrowser.Default"

[HKCR\QQBrowser.Protocol]
"URL Protocol" = ""

[HKLM\SOFTWARE\Tencent\QQBrowser\Capabilities\FileAssociations]
".htm" = "QQBrowser.File"

[HKCR\QQBrowser.Protocol]
"AppUserModelID" = "Tencent.QQBrowser.Default"

[HKLM\SOFTWARE\Tencent\QQBrowser\Capabilities\FileAssociations]
".html" = "QQBrowser.File"

[HKCR\QQBrowser.File]
"(Default)" = "QQBrowser HTML Document"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "82 FA BC 22 55 07 25 20 AF 7F E4 E0 6C CD 2B F4"

[HKLM\SOFTWARE\Tencent\QQBrowser\Capabilities\URLAssociations]
"https" = "QQBrowser.Protocol"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\QQBrowser.exe]
"Path" = "%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser"

[HKLM\SOFTWARE\Tencent\QQBrowser\Capabilities]
"ApplicationName" = "QQBrowser"

[HKCU\Software\Tencent\QQBrowser\http\shell\open\command]
"(Default)" = "%Program Files%\Internet Explorer\iexplore.exe -nohome"

[HKLM\SOFTWARE\Tencent\QQBrowser\Capabilities\URLAssociations]
"ftp" = "QQBrowser.Protocol"

[HKLM\SOFTWARE\Tencent\QQBrowser\Capabilities]
"ApplicationDescription" = "QQBrowser"

The Trojan deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQBrowser.exe]
"GlobalFlag"
"PageHeapFlags"

[HKCU\Software\Tencent\QQBrowser\PrivateCfg]
"DisablePtLogin_740"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQBrowser.exe]
"VerifierFlags"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN]
"QQBrowser.exe"

The process QQBrowser.exe:240 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F2 69 3E 8D 83 85 CD CB AD 6B 13 05 8F 03 99 3F"

[HKCU\Software\Tencent\QQBrowser\Launch]
"LaunchOpenPageType" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

The process QQBrowser.exe:1692 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1C 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A8 03 8A F6 A0 1A 71 A0 8A 41 44 18 8D 25 34 83"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process QQBrowser.exe:660 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1F 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "63 B4 60 BB 5B 10 BB E8 83 F5 51 62 CF FB EB 5F"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process QQBrowser.exe:424 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1D 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "2F 44 4B 33 A5 22 7A D6 17 56 90 22 0D 4E D6 F1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process %original file name%.exe:2004 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1B 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"LangID" = "09 04"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\UCBrowser\Application]
"UCBrowser.exe" = "UCÃ¦ÂµÂÃ¨Â§Ë†Ã¥â„¢Â¨"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Fonts" = "%WinDir%\Fonts"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6E BE BE 78 F1 71 D6 2D 75 80 11 D6 26 60 88 61"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\@%System%]
"SHELL32.dll,-9227"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"
"ProxyServer"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\@%System%]
"SHELL32.dll,-8964"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"@shdoclc.dll,-880"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\@%System%]
"SHELL32.dll,-9217"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\@%System%]
"SHELL32.dll,-9216"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\UCBrowser\Application]
"UCBrowser.exe"

The process PerfTraceService.exe:600 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6C 97 38 49 3A 28 D7 99 7D 02 30 ED 15 EF 9A B8"

[HKLM\System\CurrentControlSet\Services\Eventlog\Application\PerfTraceService]
"TypesSupported" = "7"
"EventMessageFile" = "%Program Files%\Tencent\QQBrows"

The process PerfTraceService.exe:396 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "2E C7 D7 F5 40 79 8A 48 E9 27 75 75 CC A9 A9 4F"

The process install1078565.exe:2676 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E3 F8 A3 D5 CF B7 0B 1E 7D 3C A6 57 F6 AB 8E C7"

The process regsvr32.exe:404 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCR\Interface\{E577DC7C-F3A8-4A79-A2B0-8E0A79FFA45B}\TypeLib]
"(Default)" = "{5FD70451-714E-495A-9F17-450AEF3AA35E}"

[HKCR\Interface\{E577DC7C-F3A8-4A79-A2B0-8E0A79FFA45B}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCU\Software\Tencent\QQBrowser\IE8\MIME\Database\Content Type\image/webp\bits]
"0" = "04 00 00 00 FF FF FF FF 52 49 46 46"

[HKCR\TypeLib\{5FD70451-714E-495A-9F17-450AEF3AA35E}\1.0\HELPDIR]
"(Default)" = "%Program Files%\Tencent\QQBrowser"

[HKCR\WEBPFilter.CoWEBPFilter]
"(Default)" = "WEBPFilter CoWEBPFilter"

[HKCR\WEBPFilter.CoWEBPFilter\CurVer]
"(Default)" = "WEBPFilter CoWEBPFilter.1"

[HKCR\WEBPFilter.CoWEBPFilter.1\CLSID]
"(Default)" = "{A981255C-6123-4487-B21A-9CF468EB3FC7}"

[HKCU\Software\Tencent\QQBrowser\IE8\MIME\Database\Content Type\image/webp]
"Image Filter CLSID" = "{A981255C-6123-4487-B21A-9CF468EB3FC7}"

[HKCR\MIME\Database\Content Type\image/webp]
"CLSID" = "{25336920-03F9-11cf-8FD0-00AA00686F13}"

[HKCR\AppID\WebpDecodeFilter.DLL]
"AppID" = "{A629F59C-66C9-4775-901A-A017530E3958}"

[HKCR\.webp]
"Content Type" = "image/webp"

[HKCR\WebpDecodeFilter.WebpImageDecodeFilt.1\CLSID]
"(Default)" = "{A981255C-6123-4487-B21A-9CF468EB3FC7}"

[HKCR\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}\ProgID]
"(Default)" = "WEBPFilter.CoWEBPFilter.1"

[HKCR\WEBPFilter.CoWEBPFilter.1]
"(Default)" = "WEBPFilter CoWEBPFilter"

[HKCR\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}]
"(Default)" = "WEBPFilter.CoWEBPFilter"

[HKCR\MIME\Database\Content Type\image/webp]
"Image Filter CLSID" = "{A981255C-6123-4487-B21A-9CF468EB3FC7}"

[HKCR\WebpDecodeFilter.WebpImageDecodeFilt.1]
"(Default)" = "WebpImageDecodeFilter Class"

[HKCR\Interface\{E577DC7C-F3A8-4A79-A2B0-8E0A79FFA45B}]
"(Default)" = "IWebpImageDecodeFilter"

[HKCR\WebpDecodeFilter.WebpImageDecodeFilter]
"(Default)" = "WebpImageDecodeFilter Class"

[HKCR\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}\VersionIndependentProgID]
"(Default)" = "WEBPFilter.CoWEBPFilter"

[HKCR\Interface\{E577DC7C-F3A8-4A79-A2B0-8E0A79FFA45B}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}]
"AppID" = "{A629F59C-66C9-4775-901A-A017530E3958}"

[HKCR\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}\TypeLib]
"(Default)" = "{A981255C-6123-4487-B21A-9CF468EB3FC7}"

[HKCR\.webp]
"PerceivedType" = "image"

[HKCR\MIME\Database\Content Type\image/webp\bits]
"0" = "04 00 00 00 FF FF FF FF 52 49 46 46"

[HKCR\TypeLib\{5FD70451-714E-495A-9F17-450AEF3AA35E}\1.0\FLAGS]
"(Default)" = "0"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "39 39 08 FB 2E 9B 1C BA 7D CF AE FA 10 A3 1E 15"

[HKCU\Software\Tencent\QQBrowser\IE8\MIME\Database\Content Type\image/webp]
"CLSID" = "{25336920-03F9-11cf-8FD0-00AA00686F13}"

[HKCR\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}\InprocServer32]
"(Default)" = "%Program Files%\Tencent\QQBrowser\WebpDecodeFilter.dll"

[HKCR\Interface\{E577DC7C-F3A8-4A79-A2B0-8E0A79FFA45B}\TypeLib]
"Version" = "1.0"

[HKCR\AppID\{A629F59C-66C9-4775-901A-A017530E3958}]
"(Default)" = "WebpDecodeFilter"

[HKCR\WEBPFilter.CoWEBPFilter\CLSID]
"(Default)" = "{E577DC7C-F3A8-4A79-A2B0-8E0A79FFA45B}"

[HKCR\WebpDecodeFilter.WebpImageDecodeFilter\CLSID]
"(Default)" = "{A981255C-6123-4487-B21A-9CF468EB3FC7}"

[HKCR\WebpDecodeFilter.WebpImageDecodeFilter\CurVer]
"(Default)" = "WebpDecodeFilter.WebpImageDecodeFilt.1"

[HKCR\TypeLib\{5FD70451-714E-495A-9F17-450AEF3AA35E}\1.0\0\win32]
"(Default)" = "%Program Files%\Tencent\QQBrowser\WebpDecodeFilter.dll"

[HKCU\Software\Tencent\QQBrowser\IE8\MIME\Database\Content Type\image/webp]
"Extension" = ".webp"

[HKCR\MIME\Database\Content Type\image/webp]
"Extension" = ".webp"

[HKCR\TypeLib\{5FD70451-714E-495A-9F17-450AEF3AA35E}\1.0]
"(Default)" = "webpdecodefilter 1.0 Type Library"

The Trojan deletes the following registry key(s):

[HKCR\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}\TypeLib]
[HKCR\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}]
[HKCR\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}\InprocServer32]
[HKCR\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}\VersionIndependentProgID]
[HKCR\CLSID\{A981255C-6123-4487-B21A-9CF468EB3FC7}\ProgID]

The process V8._85416_20150820204011.exe:1460 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Tencent\QQBrowser\extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\SignatureList]
"accountInfoBar.html" = "AY9EPX/xn4 koiwdV53GGkKRrHlPe7dM7IW095EVLW9EcDFnd3D265K4Q97AvSL1mXyed eU6run704RFnvWsteF2Kz1i2/PqgFmx2uHgcq/eNCgvSwJWAh8fOxdtupX4PCMNt5bTfniQeDl1nzt VR9bLAfthB2NSQNbTssemk="

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25]
"Name" = "Ã¥â€ â€¦Ã©Â¡ÂµÃ©ÂÂ¢"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\SignatureList\Html\quickaccess\js]
"api.js" = "KdzpiPPafc//mqIv/5 XJLoPFho3ixPxjdBXo7fUMneJIFwT70jZTYldVYFnNHeL75MbZIrnRbIYTfxe7Pn8oDaTs4SCaf6q8dQXmJ9ssO80MuxeP0ndCXW5IOoqPZoJ3wyDTzNrqihWlm/ ozzmC6tlQNwpaledwco9hHv3Kac="

[HKCU\Software\Tencent\QQBrowser\Launch]
"SkinUpdateFlag" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKLM\SOFTWARE\Tencent\QQBrowser]
"INSTLANG" = "1033"

[HKCU\Software\Tencent\QQBrowser\Common]
"MainPageDIY_" = "1984700626"

[HKCU\Software\Tencent\QQBrowser\extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25]
"Operational" = "1"
"STYLE" = "104"

[HKLM\SOFTWARE\Tencent\QQBrowser]
"s2" = "4"
"s1" = "4"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\SignatureList\Html]
"private.html" = "K xv/ifPeX60jeD65vv gUoqtdQCKyrPu3G9CV9ZgkzifnKYT2HlMs77KUqIBos6Ta5uCGG4ausc030WTKPfMuL9EjmW7FoJZIZgTcWa mx0 gaAmsoMZHsvq/IVS6SDzsQ/mOiHy60uAr1RKyo62yEJn9wW8JYFqpfIUaAznfU="

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\SignatureList\Html\lib]
"ycalendar.js" = "Ib0wShmBpOPdR6WIXozuGPAYmfhw HqOZEc9lU wePCCZVQ6YfBPhdNrdduMjhS5hB3SnrGR577LroR1Y2Rv4mlpMvc090e40OzXs/knSRxzb3rCvfZPwpa/HlTAtP47aP6I75ecIT0dIl/vPovsR1gjWfVFjfvcmILiHbwDA4="

[HKCU\Software\Tencent\QQBrowser\extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25]
"Version" = "8.0.0.25"

[HKCU\Software\Tencent\QQBrowser\extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\SignatureList\js]
"inforBar.js" = "S232TIJBgUGMXlTdOQRla7UFcRwmODl7HS6sTy2LB9xtBKNjcUUfpZCPrXF11mEjmXkG04wEItvpPgr70sOc1/mxQ92eYR7k/8G5ajwkGW/ IBjUUsSE0sTzHIxwQExAFa8newkyrRqF jHkN1n4BZKdzwbw f0TqwXpiJUe/z0="

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\SignatureList\Html\manage\js]
"init.js" = "PFyqkS14Ezzwwz3NzSYKgQGIhRXUTnt6ktpq OCUoyT9x96JDR5tWlyWvGn/S8QtChKnWJ4ieyeVWXLQUrQGG5lEDl33J3dmOavy3OUOcvX8XpPA3BcX5XgT1VHlb3zNVVQaT0TPyzBF3SD2OEBbSxfyUQgtDaSBe0RsaU7Xnb0="

[HKCU\Software\Tencent\QQBrowser\extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\BackgroundPage]
"LoadingTime" = "LoadAsInited"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\SignatureList\Html\quickaccess\js]
"global.js" = "SeN/CHriBIVnAjdwU6fW8AHF Y5sYGuTkrIwtRsftkTb2xJMtrUsGn1IuvZYyuHQDvkeFojs9MobGSEuJ Cj1S94nQrvzQbV8hd2sS2j27SmIQHTJjaC478N4KYEvvLFu84D1tWaEUfLCXZkhjwTcNPsC45ORTPKG6hzgqeccMM="

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"

[HKCU\Software\Tencent\QQBrowser\extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\ContentScripts\DocumentIdle_0]
"AllFrames" = "1"

[HKCU\Software\Tencent\QQBrowser\extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\8.0.0.12]
"Version" = "8.0.0.12"

[HKCU\Software\Tencent\QQBrowser\extensions8]
"CommandOrder" = "1"

[HKCU\Software\Tencent\QQBrowser\PrivateCfg]
"EnableZombieReport" = "1"

[HKCU\Software\Tencent\QQBrowser\extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\SignatureList]
"content.js" = "HT1aXFiSWWlckk7HXoJkwioM1SSPnbDaXAKb3oOmdxHYpJDFZoUmdiVxYpDM4q3nhXWNdlgFJwH88gmJBpR EYUVMlJRLk6nW0WTWFpoKuGv5 bv3Fafms133G5ygK61lv0xigm9vitf72LDM0wpESsg8yMdDmk1uvrCbYE3Swg="

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25]
"Operational" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Tencent\QQBrowser\InstallInfo]
"NewInstall" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QQBrowser]
"URLInfoAbout" = "http://www.qq.com"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25]
"STYLE" = "64"

[HKCU\Software\Tencent\QQBrowser\Advanced]
"EnableUEData" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\SignatureList\Html\manage\js]
"global.js" = "F1x bElWW0KAVW8dze0Mbr/Dm6CoJGRHw9Hyx1RReWDG/gXkjcQdXk a46Axg2sDjSzwOpra92NNO7ANhXE2f070FE9R4JQlb/7EiMo34Yuv2ik9RgJGDod4aT/h9hBhC2S9yWne0JH7Nr/mbFU8Mb88RrN0Q7POMH3VHicGxxo="

[HKCU\Software\Tencent\QQBrowser\extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\8.0.0.12]
"Desc" = "QBSafe"
"STYLE" = "80"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25]
"ManifestVersion" = "2"

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp]
"V8._85416_20150820204011.exe" = "1"

[HKCU\Software\Tencent\QQBrowser\extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}]
"CommandOrder" = "1"

[HKCU\Software\Tencent\QQBrowser\Launch]
"AbpCalcFlag" = "1"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25]
"RequiredMinVersion" = "8.0.0.2261"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\SignatureList\Html\lib]
"jquery.easing.js" = "TmbGZQQC93Sgo2FdztxQ0d9XKSQvW71Fi7BWXGb3/Y FVjxcrUPmKaPobqD7KbZMw7CHfrtxoraOME53bkqu7WtNB48Toe29QgontHYDQgrkR9tTzIz8ByGm187nfwmjMQ/pazCml7IhkVNcTRuiUBILtPyb5I8Dg6vKCCa8fcU="

[HKCU\Software\Tencent\QQBrowser\extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\SignatureList]
"background.js" = "F9mIz66B1YB2KiWHfg8OtENAgX96C/1LO0KjQQHIR31aEaHLE5tPl fwJZigG8Q6ZhhcxmJ3KXTQWzo63lWn8vSkbn4pdwgVMT2Or3vBeRoD97hKndLnvyZ4QoTWvOskDzcBA5mzrDV9Yp5x1R/Z5lNfFH3FL0d1CPq TAfTet4="

[HKCU\Software\Tencent\QQBrowser\extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\8.0.0.12]
"Operational" = "1"

[HKCU\Software\Tencent\QQBrowser\Common]
"MainPageDIY" = "ZgAuAGoAaQBzAHMAMwA2ADAALgBjAG4AAAAaAAAA"

[HKCU\Software\Tencent\QQBrowser\InstallInfo]
"InstallModeForExtension" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKLM\SOFTWARE\Tencent\QQBrowser]
"InstallDir" = "%Program Files%\Tencent\QQBrowser"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\SignatureList\Html\manage\js]
"business.js" = "IuxI4T0J7Bik5qY6/aqfPYonejaosMlt7RKPN2HAI58nqalyzaR3NKDmDMBsP/GLsP/n4EEmigqfaXfhw1XVPuoKRupEmWoBrFcuX0YxFI/tTm8jQjjGQnoyTA0sowMVrFwfL ATf0Id2A3Ld1g7RvjnRX1DRtsnCMsCqrERJjk="

[HKCU\Software\Tencent\QQBrowser\Launch]
"InstallQuickSetting" = "0"

[HKCU\Software\Tencent\QQBrowser\InstallInfo]
"DefaultBrowserFirstRun" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}]
"currentVersion" = "8.0.3.25"

[HKCU\Software\Tencent\QQBrowser\extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\8.0.0.12]
"ManifestVersion" = "2"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\SignatureList\Html\manage]
"index.html" = "Uy0EzM9E6A oW0Z32PTfsdnTQKM8SYLC8Svtt17Rtqz fslfu4Rf0azo0648ksrzDNSmiBlKk0iB2FCsYtC5RZOxmCgxpG0rk16BRJ1Gpf8hQmkpWSTzx2IR MAZgb7CqIwwhGHPzE3qF1k4bVaBita wVueecTJfn4gHFZ1bLg="

[HKCU\Software\Tencent\QQBrowser\extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}]
"currentVersion" = "8.0.0.25"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D3 75 5F 06 DD C6 4D 13 DF E9 3A AF 66 5A 0A 65"

[HKCU\Software\Tencent\QQBrowser\extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25]
"Name" = "Ã¨Â´Â¦Ã¥ÂÂ·Ã¥Å Â©Ã¦â€°â€¹"

[HKLM\SOFTWARE\Tencent\QQBrowser]
"EXE" = "%Program Files%\Tencent\QQBrowser\QQBrowser.exe"

[HKCU\Software\Tencent\QQBrowser\extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25]
"ManifestVersion" = "2"

[HKCU\Software\Tencent\QQBrowser\extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\SignatureList]
"background.html" = "Fm2eUg6wC00HcJHVm5J5S9WbzmEVSNFdyD8in0PXbYIUFYHWK zhaV9u182EDyOlZuGJx5fLb0VPFyexkuUSnj4ULw1KjUvqMjtjvPcMlgxIOsZ2m2jqwbJsRGPbXSLKCMKqq uFRju5vweuSqBckjVRLe4ndm/ewMWuI7GJUkQ="

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\SignatureList\Html]
"certerror.html" = "Quu5ifaZbhsH6hfNNjsEbMi71iGFPa 7qoPsbDB85tzNJhbuwap kINuU5JVUFuy7ab/H63S1Y9kCw eo6zOs2bZvrgxEv8DGHhKa832zqs6fjzTX BFb6/uP1kQr9kAIzY jkBspKr9vZIFKnmKfjTFFlvSX3lQxR9BTuyhiN8="

[HKCU\Software\Tencent\QQBrowser\extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}]
"CommandOrder" = "0"

[HKCU\Software\Tencent\QQBrowser\extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\8.0.0.12\BackgroundDll]
"LoadingTime" = "LoadAsInited"

[HKCU\Software\Tencent\QQBrowser]
"HomePageCfg" = "1"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\SignatureList\Html\manage\history]
"history2.js" = "EYdPibxwSOsOqWp65 q m9YPkG2qiUUGpCPnvRau01UVBjkeEsX12Uy5TmZV0QiqFodnvBKS8uPPdSDAtWYh46mlNAugPtYfiEf7rdH5i9IKkjarXT3vqrc8m dOB2sBwi35rGtSx5Q mNco60nlRGZ/4BbXHVO9e4liF3omtHU="

[HKCU\Software\Tencent\QQBrowser\extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25]
"RequiredMinVersion" = "8.0.0.0"

[HKCU\Software\Tencent\QQBrowser\extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\8.0.0.12\BackgroundDll]
"Path" = "QBSafe.dll"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QQBrowser]
"UninstallString" = "%Program Files%\Tencent\QQBrowser\uninst.exe"

[HKCU\Software\Tencent\QQBrowser\extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25]
"Desc" = "Ã¨Â´Â¦Ã¥ÂÂ·Ã¥Å Â©Ã¦â€°â€¹"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\SignatureList\Html\quickaccess]
"index.html" = "DG53S6RFyw43Ype9xROtxTn4z5b3SsHMzH8/wVLXZciV6q4kwtV3RzjBgYe7MiTfATyKVDf5DqI/mqQCIpYrr1JN6EXZR81dwwgj70KhNn/9WcjMdpBvKxRLCjl82LcKMlx91xsdg6Dt6Oy2gDhDopfRX1ThZ2OFvfdSyp4OHQo="

[HKCU\Software\Tencent\QQBrowser\extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\ContentScripts\DocumentIdle_0]
"JS" = "content.js"

[HKCU\Software\Tencent\QQBrowser\extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}]
"currentVersion" = "8.0.0.12"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QQBrowser]
"Publisher" = "Ã¨â€¦Â¾Ã¨Â®Â¯Ã§Â§â€˜Ã¦Å â‚¬Ã¯Â¼Ë†Ã¦Â·Â±Ã¥Å“Â³Ã¯Â¼â€°Ã¦Å“â€°Ã©â„¢ÂÃ¥â€¦Â¬Ã¥ÂÂ¸"

[HKCU\Software\Tencent\QQBrowser\extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\8.0.0.12]
"ID" = "{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}"

[HKLM\SOFTWARE\Tencent\QQBrowser]
"Version" = "8.2.3638.400"

[HKCU\Software\Tencent\QQBrowser\extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\BackgroundPage]
"Path" = "background.html"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\SignatureList\Html\manage\js]
"api.js" = "CTLNX2nY1O7mQDlrx81saZ A/b3cld1PV1aWjfRWB9Uk7nMqUgRWUwgVmyvWg9gkM0yW1MsoF6XNwlLBdc8okJ8kImN9HQxCfo4NuKEahbCA1RnudXB pCuvw3EEMiY ORP/YDMicZcSXjtSnvP3UDhaX THBQVVts I5sLdd5g="

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\SignatureList\Html\manage\js]
"tool.js" = "K4IAXHGyqD8uA sLEGlFibFQFep8I HkPC6DghtA9hoTdT1tLMSTsbcae2i84ApCOoZfk1C2pUFZKm zTVVUv9o4P9Oozg9nnWh57vtG7ZXh3mv8qIRGwwANrzOQ rITxZOxWcTUTD8qZm E8LlIN0BrJJKq4Pp9GeSDBv4bMoc="

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\SignatureList\Html\quickaccess\js]
"init.js" = "HS Wucfrv 6MUQNZq0WGl6Yw8Ly2dg hvt5V24pB0sowDcogYJpVFP7lyYpqkEWURP1N0mBL8t qCq70Zi/U/E2y7YbqDiQlmwkkHeUSHMVnfCk5anb9ybtcI//8CWC67XXLFO0oRjvc9PsAQHdcDriLEMx3DzYDxb ZLFaswiU="

[HKCU\Software\Tencent\QQBrowser\extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\8.0.0.12]
"RequiredMinVersion" = "8.1.0.0"

[HKCU\Software\Tencent\QQBrowser\Launch]
"Learned" = "1"

[HKCU\Software\Tencent\QQBrowser]
"(Default)" = "%Program Files%\Tencent\QQBrowser"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25]
"Version" = "8.0.3.25"

[HKCU\Software\Tencent\QQBrowser\extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25]
"ID" = "{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\SignatureList\Html\quickaccess\js]
"search.js" = "IOSc1vtqyq1U7w6ERKIDsLRpv4mCbXTIw/HKw13cRHxcexU7Lrlv64EHual89dNwbkQbQh5Vc4vQlubP2vKuq9yzILTIElywHb4C6Uf6xd26zYypsUK1RjKoffD8wVvBW9Vlj37VbAXxhI8K4Q8ZZk00jCUKlBc9Gh3bbxdA0Gs="

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\SignatureList\Html\lib]
"jquery.min.js" = "CHRzStLFVzowFpds/NlgIauwssen3//6We9cKfzF4H4Vd0hTu rRxAgWBSZOvL3qB MA5m1oDYbyEFquZhoip7CWckTQo6 S dUFfDJATgzAhGnGQPvY1xAeDuKT9mHvkWXV8QiJu5ZgSSuggmwXioU5HomYw1dNanbdvDS7rss="

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\SignatureList\Html]
"error.html" = "Gs5We3VMGdtvsJGT6u6MMVvDt3zSWVVCEh8CKo8BudWeZgocGRxZCxnUzIBcEspzCp9h2OFGwf4FTuDYG9Mf1MROlJx1oTz9uXnHk/JNRuCTn/dHBXBTqu6XR1tj6OqL7gKQ3svK/Mexy4lBO/PSgypdugTHFgugTpMadvZRDAE="

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\SignatureList\Html\lib]
"jquery.mCustomScrollbar.concat.min.js" = "FEhORzx0GxacyZAVElwZHrgrANsncYw61M/NU 0QHFBgGjRJpqYWNkmYr RKq2WX0f/FJok0GTgzs8/6dhyMZytR PdWyBo75CPRNtP9mOif95Zo4easLJYCBcI5g2c0D5pRYPoiHsPikFHkAJqRvrN6hSayUrzNSKTswWIuyb0="

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\SignatureList\Html\manage\app]
"app.js" = "G/xQAG9BNoueIWTF1B/FXI65sQFTqDtYNE0FVw5XsDx85Ijs IGfdoTBG7Py NEEoLHisu1f8t1F3PxhFNk DpdtGLy8bva44n6ej3FvOKk8n0KXPpT5IyCV8qs3EkNZaXZdk9rqBhdZQUdUDJDVnJ0iRs1nyTryHc9C8yzksaM="

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\SignatureList\Html\manage\app]
"sliderman.1.3.7.js" = "RkIvek G9RI Q9/NEOdxEh/ynLS5sJRj/vlO2PrWACyN8sI9vf695W/3CP d/Jr59MnJV2sK2YzNz6txbNvhpSI6S3MTO8Z3UJIBleKth0bLzeGpI4dTaAsMMam3QXyux3g7jkzADCCb5iHY8RLV c6W8sEprWrpGZNIRzFvOcs="

[HKLM\SOFTWARE\Tencent\QQBrowser]
"SupplyID" = "85416"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QQBrowser]
"DisplayVersion" = "8.2.3638.400"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\SignatureList\Html\lib]
"template.js" = "RzgJqwNHJ4N8sJDEKasrvKhYoIjrKXGKh3qo6y3p7Bx3eQjIDn1gNlluXXutWcLSBX23i7mSbXxa6km5He 5qAf5eFTYPlcyzJ1efN6K7LGNsOYTGrjFWBGg57GhUneVMDCg1l8ncB214UhBIQPO6KZ2/tvVX4d0a6nCIXqOTdc="

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}]
"CommandOrder" = "2"

[HKCU\Software\Tencent\QQBrowser\extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25]
"HomeUrl" = "http://app.browser.qq.com?id={309147A1-5CA9-4082-BAB3-BF9020CDE0C2}"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\SignatureList\Html]
"small.html" = "WhbKXbpTC/qXxBxGyDkPJ/ZidAPRqwpAIJ8PLBPltgCg1UOLWJ0KKlk30VAlBy8LToz1KY9tESfeyRr1Qj0S8uwj1uskS7BS Nv9rCDKYGKMcDtyfGr2PeKzp2Zm5lch76FJqhupbdr96BGzQfyKYi 6 F3Ih/Slsdzs3XdO9Ik="

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Tencent\QQBrowser\Launch]
"MainPageType" = "2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QQBrowser]
"DisplayName" = "QQÃ¦ÂµÂÃ¨Â§Ë†Ã¥â„¢Â¨8.2"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\SignatureList\Html\quickaccess\js]
"business.js" = "WwyVRnDKaHIVi7OS82cBQkBlZMsrWmAnPcwnoCg2R4t8EtSPDXSP0xhBttAipCfJaV6zLzkC21QRx1LrESQKdh3KvGzvw9O2dHm9Xj Ugulv8wtWsfMDS FQyAGC z0jMV4dBQooJplN1ncZteRXwjISn0jBdDc3CUac1LbU3CI="

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QQBrowser]
"DisplayIcon" = "%Program Files%\Tencent\QQBrowser\app.ico"

[HKCU\Software\Tencent\QQBrowser\PrivateCfg]
"TC_CFT_Bits3" = "71656520"

[HKCU\Software\Tencent\QQBrowser\extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25]
"ID" = "{807849B3-40D8-42E3-8001-D541FD7CEBFB}"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

[HKCU\Software\Tencent\QQBrowser\extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\8.0.0.12]
"Name" = "QBSafe"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Program Files%\Tencent\QQBrowser]
"bugreport.exe" = "%Program Files%\Tencent\QQBrowser\BugReport.exe:*:Enabled:QQBrowserBugReport"

"QQBrowser.exe" = "%Program Files%\Tencent\QQBrowser\QQBrowser.exe:*:Enabled:QQBrowser"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Liveup\Temp]
"QQBrowserLiveup.exe" = "%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Liveup\Temp\QQBrowserLiveup.exe:*:Enabled:QQBrowserLiveup"

The Trojan deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Tencent\QQBrowser]
"S2"
"S1"

[HKCU\Software\Tencent\QQBrowser\Launch]
"EnableUEData"

The process Browser_V5.5.7852.9_r_4640_(Build1512022057).exe:1232 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E5 A4 1C E2 A5 C5 C3 4C E1 15 67 64 63 52 41 98"

[HKCU\Software\UCBrowserPID]
"FirstPID" = "4640"
"MachineIDEx" = "2f5c2b9b4043b0ecc0b5c4e9021b5d58v00000027546485a"
"MachineID" = "231545bda8f1e10442308d474642b735"

[HKLM\SOFTWARE\UCBrowserPID]
"MachineIDEx" = "2f5c2b9b4043b0ecc0b5c4e9021b5d58v00000027546485a"
"MachineID" = "231545bda8f1e10442308d474642b735"
"FirstPID" = "4640"
"FirstBID" = "800"

[HKCU\Software\UCBrowserPID]
"FirstBID" = "800"

The process netsh.exe:1508 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"

[HKLM\SOFTWARE\Microsoft\Tracing\FWCFG]
"MaxFileSize" = "1048576"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh]
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent]
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Tracing\FWCFG]
"ConsoleTracingMask" = "4294901760"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh\Napmontr]
"BitNames" = " NAP_TRACE_BASE NAP_TRACE_NETSH"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\Tracing\FWCFG]
"EnableFileTracing" = "0"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh\Napmontr]
"Guid" = "710adbf0-ce88-40b4-a50d-231ada6593f0"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent\traceIdentifier]
"Guid" = "b0278a28-76f1-4e15-b1df-14b209a12613"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\SOFTWARE\Microsoft\Tracing\FWCFG]
"EnableConsoleTracing" = "0"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "3D 29 4F A5 B2 8A 42 C2 D1 7A 1B FF AC 5D B8 0D"

[HKLM\SOFTWARE\Microsoft\Tracing\FWCFG]
"FileDirectory" = "%windir%\tracing"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent]
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Tracing\FWCFG]
"FileTracingMask" = "4294901760"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh]
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"ControlFlags" = "1"

The Trojan deletes the following value(s) in system registry:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Program Files%\UCBrowser\Application]
"UCBrowser.exe"

The process netsh.exe:1588 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh]
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent]
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh\Napmontr]
"BitNames" = " NAP_TRACE_BASE NAP_TRACE_NETSH"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh\Napmontr]
"Guid" = "710adbf0-ce88-40b4-a50d-231ada6593f0"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent\traceIdentifier]
"Guid" = "b0278a28-76f1-4e15-b1df-14b209a12613"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "9F 3A 1F 20 59 54 3B 06 4F 88 14 F9 7D B8 F9 D0"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh]
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent]
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"
"ControlFlags" = "1"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Program Files%\UCBrowser\Application]
"UCBrowser.exe" = "%Program Files%\UCBrowser\Application\UCBrowser.exe:*:Enabled:UCÃƒÂ¦Ã‚ÂµÃ‚ÂÃƒÂ¨Ã‚Â§Ã‹â€ ÃƒÂ¥Ã¢â€žÂ¢Ã‚Â¨"

The process netsh.exe:588 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"

[HKLM\SOFTWARE\Microsoft\Tracing\FWCFG]
"MaxFileSize" = "1048576"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh]
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent]
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Tracing\FWCFG]
"ConsoleTracingMask" = "4294901760"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh\Napmontr]
"BitNames" = " NAP_TRACE_BASE NAP_TRACE_NETSH"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\Tracing\FWCFG]
"EnableFileTracing" = "0"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh\Napmontr]
"Guid" = "710adbf0-ce88-40b4-a50d-231ada6593f0"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent\traceIdentifier]
"Guid" = "b0278a28-76f1-4e15-b1df-14b209a12613"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\SOFTWARE\Microsoft\Tracing\FWCFG]
"EnableConsoleTracing" = "0"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F3 DA F4 10 E8 99 AA A7 56 A8 81 7D F9 B7 E1 C3"

[HKLM\SOFTWARE\Microsoft\Tracing\FWCFG]
"FileDirectory" = "%windir%\tracing"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent]
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Tracing\FWCFG]
"FileTracingMask" = "4294901760"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh]
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"ControlFlags" = "1"

The process netsh.exe:324 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh]
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent]
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh\Napmontr]
"BitNames" = " NAP_TRACE_BASE NAP_TRACE_NETSH"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh\Napmontr]
"Guid" = "710adbf0-ce88-40b4-a50d-231ada6593f0"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent\traceIdentifier]
"Guid" = "b0278a28-76f1-4e15-b1df-14b209a12613"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "89 6B C8 BA AE 9B F9 F9 82 0F 85 F7 56 3D 5F 6D"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh]
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent]
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"
"ControlFlags" = "1"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Program Files%\UCBrowser\Application\Downloader\download]
"MiniThunderPlatform.exe" = "%Program Files%\UCBrowser\Application\Downloader\download\MiniThunderPlatform.exe:*:Enabled:ÃƒÂ¨Ã‚Â¿Ã¢â‚¬Â¦ÃƒÂ©Ã¢â‚¬ÂºÃ‚Â·ÃƒÂ¤Ã‚ÂºÃ¢â‚¬ËœÃƒÂ¥Ã…Â Ã‚Â ÃƒÂ©Ã¢â€šÂ¬Ã…Â¸ÃƒÂ¥Ã‚Â¼Ã¢â€šÂ¬ÃƒÂ¦Ã¢â‚¬ÂÃ‚Â¾ÃƒÂ¥Ã‚Â¹Ã‚Â³ÃƒÂ¥Ã‚ÂÃ‚Â°"

The process UCService.exe:4044 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E8 39 34 17 E1 BB B4 D2 4E 2A 31 5D C8 53 90 09"

[HKU\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ParseAutoexec" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

The process UCService.exe:2000 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A9 1E F4 3A E1 B0 51 47 BE 90 BD 67 F8 C5 2A 2E"

The process UCService.exe:2148 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F6 8D 71 4A D5 92 DA 9B B4 CC BE 81 EC A8 61 C0"

Dropped PE files

MD5	File path
16ae0a59da95783599969cb2a8cd7b0d	c:\Documents and Settings\"%CurrentUserName%"\Application Data\Tencent\QQBrowser\Extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\8.0.0.12\QBSafe.dll
4c39358ebdd2ffcd9132a30e1ec31e16	c:\Documents and Settings\"%CurrentUserName%"\Application Data\Tencent\QQBrowser\InstModules\Microsoft.VC90.CRT\msvcp90.dll
cdbe9690cf2b8409facad94fac9479c9	c:\Documents and Settings\"%CurrentUserName%"\Application Data\Tencent\QQBrowser\InstModules\Microsoft.VC90.CRT\msvcr90.dll
268905b968aace3dbaf5dd97391071e9	c:\Documents and Settings\"%CurrentUserName%"\Application Data\Tencent\QQBrowser\InstModules\QBUtils.dll
4c39358ebdd2ffcd9132a30e1ec31e16	c:\Documents and Settings\"%CurrentUserName%"\Application Data\Tencent\QQBrowser\Liveup\Temp\Microsoft.VC90.CRT\msvcp90.dll
cdbe9690cf2b8409facad94fac9479c9	c:\Documents and Settings\"%CurrentUserName%"\Application Data\Tencent\QQBrowser\Liveup\Temp\Microsoft.VC90.CRT\msvcr90.dll
268905b968aace3dbaf5dd97391071e9	c:\Documents and Settings\"%CurrentUserName%"\Application Data\Tencent\QQBrowser\Liveup\Temp\QBUtils.dll
acd46c8f29be4cc5f659b87f115c740c	c:\Documents and Settings\"%CurrentUserName%"\Application Data\Tencent\QQBrowser\Liveup\Temp\QQBrowserLiveup.exe
3c4c8edac2cd495654fa87ffeefb77ce	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\V8._85416_20150820204011.exe
f0e3845fefd227d7f1101850410ec849	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsu2.tmp\Base64.dll
50fdadda3e993688401f6f1108fabdb4	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsu2.tmp\Inetc.dll
00a0194c20ee912257df53bfe258ee4a	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsu2.tmp\System.dll
2dc35ddcabcb2b24919b9afae4ec3091	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsu2.tmp\ZipDLL.dll
05450face243b3a7472407b999b03a72	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsu2.tmp\nsProcess.dll
e93b5a4fd5050116a84cf52011c516c1	c:\Program Files\Tencent\QQBrowser\Assistant.dll
4c86d70ab39a65776f5dd5702da9b509	c:\Program Files\Tencent\QQBrowser\BugReport.exe
16880d4c14c8aa0b4a1b0ec82b9f6cb3	c:\Program Files\Tencent\QQBrowser\Dialogs.dll
4d49497ce2c51461b42af928a91e3260	c:\Program Files\Tencent\QQBrowser\Downloader.dll
10d98bc99fb31673330239b88174973e	c:\Program Files\Tencent\QQBrowser\EventTracing.dll
d34a527493f39af4491b3e909dc697ca	c:\Program Files\Tencent\QQBrowser\Microsoft.VC90.CRT\msvcm90.dll
4c39358ebdd2ffcd9132a30e1ec31e16	c:\Program Files\Tencent\QQBrowser\Microsoft.VC90.CRT\msvcp90.dll
cdbe9690cf2b8409facad94fac9479c9	c:\Program Files\Tencent\QQBrowser\Microsoft.VC90.CRT\msvcr90.dll
77b80794e7726eade4fe30954e2e5847	c:\Program Files\Tencent\QQBrowser\MouseGesture.dll
73640253f394c6dd6940fc1fe222cd92	c:\Program Files\Tencent\QQBrowser\NetWork.dll
f1e9d5f32467dd034f828bcc293e7ad9	c:\Program Files\Tencent\QQBrowser\PrScrn.dll
88f2d2382cce7ec315ca6860ff0c4075	c:\Program Files\Tencent\QQBrowser\QBExtensionFramework.dll
16ae0a59da95783599969cb2a8cd7b0d	c:\Program Files\Tencent\QQBrowser\QBSafe.dll
268905b968aace3dbaf5dd97391071e9	c:\Program Files\Tencent\QQBrowser\QBUtils.dll
c3e4c6aaedb957ba059b51c1d2403c93	c:\Program Files\Tencent\QQBrowser\QQBrowser.exe
68eb386277ed0c2e4a13b6c5731f236e	c:\Program Files\Tencent\QQBrowser\QQBrowserFrame.dll
acd46c8f29be4cc5f659b87f115c740c	c:\Program Files\Tencent\QQBrowser\QQBrowserLiveup.exe
38977583aa8131702dd06a022a94476c	c:\Program Files\Tencent\QQBrowser\QQBrowserSecurityCenter.exe
f3df05cd6c209c05c5415af6bc9e7199	c:\Program Files\Tencent\QQBrowser\QRCode.dll
528fd48653019ba6629ec9d9db2cd6a9	c:\Program Files\Tencent\QQBrowser\Resource.dll
e826d419df589357d43554c7f0c0e39c	c:\Program Files\Tencent\QQBrowser\TridentCore.dll
12650137ef731c4f2967bd670287e357	c:\Program Files\Tencent\QQBrowser\WebpDecodeFilter.dll
699f0052d0c959f1a5b7c3926cce11fa	c:\Program Files\Tencent\QQBrowser\dr.dll
a51d90f2f9394f5ea0a3acae3bd2b219	c:\Program Files\Tencent\QQBrowser\service\7z.exe
1b47580cce6db40a3f389ebd6250795f	c:\Program Files\Tencent\QQBrowser\service\PerfTraceService.exe
e625e19acadb88eeaefd2f15cbc757f2	c:\Program Files\Tencent\QQBrowser\service\perfctrl.dll
8267d1cba70f87018d89bbb2bbbfdc03	c:\Program Files\Tencent\QQBrowser\service\xperf.exe
9ed4bdccc465222477805ca2df443596	c:\Program Files\Tencent\QQBrowser\tssafeedit.dat

HOSTS file anomalies

No changes have been detected.

Rootkit activity

Using the driver "%System%\DRIVERS\ucguard.sys" the Trojan controls creation and closing of processes by installing the process notifier.
Using the driver "%System%\DRIVERS\ucguard.sys" the Trojan controls creation and closing of threads by installing the thread notifier.
Using the driver "%System%\DRIVERS\ucguard.sys" the Trojan controls loading executable images into a memory by installing the Load image notifier.
The Trojan installs the following kernel-mode hooks:

ZwTerminateProcess
ZwCreateKey
ZwDeleteKey
ZwDeleteValueKey
ZwLoadKey
ZwLoadKey2
ZwOpenKey
ZwQueryValueKey
ZwRenameKey
ZwReplaceKey
ZwRestoreKey
ZwSetSecurityObject
ZwSetValueKey

Propagation

VersionInfo

No information is available.

PE Sections

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Section MD5
.text	4096	23628	24064	4.46394	856b32eb77dfd6fb67f21d6543272da5
.rdata	28672	4764	5120	3.4982	dc77f8a1e6985a4361c55642680ddb4f
.data	36864	154712	1024	3.3278	7922d4ce117d7d5b3ac2cffe4b0b5e4f
.ndata	192512	36864	0	0	d41d8cd98f00b204e9800998ecf8427e
.rsrc	229376	79872	79872	5.21998	1da2ae4657c51f73a81f6dba963c25fa

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

URL	IP
hxxp://n4cswhk3.gccdn.net/large/7185bdf1gw1f05vls701mg21130hix6s.gif
hxxp://e6845.dscb1.akamaiedge.net/pca3-g5.crl
hxxp://e6845.dscb1.akamaiedge.net/CSC3-2010.crl
hxxp://qb.mig.tencent-cloud.net/accept?authcode=1771558448&guid=439C2BFF-A13F-3A49-4B96-9E2EF76D660B&supplyid=85416&IEVer=6&osVer=5.1.3&osDigit=32&psver=3&appId=3&cver=8.2.3638.400
hxxp://x2.tcdn.qq.com/qbfilepush/qqbrowser/cloudctrl/production/1415626007_8983.txt?&guid=439C2BFF-A13F-3A49-4B96-9E2EF76D660B
hxxp://qbwup.imtt.qq.com/	119.147.16.143
hxxp://down.qq.com/browser/btr/qqbrowser/ps/production/65_13_2013-11-28.CompatList?&guid=439C2BFF-A13F-3A49-4B96-9E2EF76D660B
hxxp://dns.union.uc.cn/pcbrowser/down.php?pid=4640
hxxp://203.205.151.214/soft.imtt.qq.com/browser/btr/qqbrowser/ps/production/65_13_2013-11-28.CompatList?mkey=56ffb4a8da60d437&f=6606&&guid=439C2BFF-A13F-3A49-4B96-9E2EF76D660B&p=.CompatList
hxxp://down.qq.com/browser/qqbrowser/cloudctrl/production/1411441978_1508.{B3D2254B-BB47-4d2f-B015-CDDE79BAD110}?&guid=439C2BFF-A13F-3A49-4B96-9E2EF76D660B
hxxp://203.205.151.214/soft.imtt.qq.com/browser/qqbrowser/cloudctrl/production/1411441978_1508.{B3D2254B-BB47-4d2f-B015-CDDE79BAD110}?mkey=56ffb4aada60d437&f=105&&guid=439C2BFF-A13F-3A49-4B96-9E2EF76D660B&p=.{B3D2254B-BB47-4d2f-B015-CDDE79BAD110}
hxxp://umcdn.uc.cn.w.alikunlun.com/down/4640/Browser_V5.6.11466.7_r_4640_(Build1603281525).exe	212.98.178.240
hxxp://x2.tcdn.qq.com/btr/qqbrowser/ps/3001/97_1_2013-06-20.{91977E3A-F255-4036-8B72-B07EA129C89A}?&guid=439C2BFF-A13F-3A49-4B96-9E2EF76D660B
hxxp://crl.verisign.com/pca3-g5.crl	23.43.133.163
hxxp://ps.browser.qq.com/accept?authcode=1771558448&guid=439C2BFF-A13F-3A49-4B96-9E2EF76D660B&supplyid=85416&IEVer=6&osVer=5.1.3&osDigit=32&psver=3&appId=3&cver=8.2.3638.400	101.227.169.19
hxxp://down2.uc.cn/pcbrowser/down.php?pid=4640	119.147.224.166
hxxp://res.imtt.qq.com/qbfilepush/qqbrowser/cloudctrl/production/1415626007_8983.txt?&guid=439C2BFF-A13F-3A49-4B96-9E2EF76D660B	203.205.151.215
hxxp://csc3-2010-crl.verisign.com/CSC3-2010.crl	23.43.133.163
hxxp://ww4.sinaimg.cn/large/7185bdf1gw1f05vls701mg21130hix6s.gif	37.29.13.22
hxxp://umcdn.uc.cn/down/4640/Browser_V5.6.11466.7_r_4640_(Build1603281525).exe	212.98.178.240
hxxp://soft.imtt.qq.com/browser/qqbrowser/cloudctrl/production/1411441978_1508.{B3D2254B-BB47-4d2f-B015-CDDE79BAD110}?&guid=439C2BFF-A13F-3A49-4B96-9E2EF76D660B	103.7.30.45
hxxp://soft.imtt.qq.com/browser/btr/qqbrowser/ps/production/65_13_2013-11-28.CompatList?&guid=439C2BFF-A13F-3A49-4B96-9E2EF76D660B	103.7.30.45
www.qq.com	212.30.134.206
pc5.gtimg.com	203.205.151.215
browser.etl.desktop.qq.com	119.147.201.16

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

ET POLICY User-Agent (NSIS_Inetc (Mozilla)) - Sometimes used by hostile installers
ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected

Traffic

GET /CSC3-2010.crl HTTP/1.1

Accept: */*

User-Agent: Microsoft-CryptoAPI/5.131.2600.5512

Host: csc3-2010-crl.verisign.com

Connection: Keep-Alive

Cache-Control: no-cache

Pragma: no-cache


HTTP/1.1 200 OK

Server: Apache

ETag: "76e84238369ca4e5066feb0e8079798c:1459546388"

Last-Modified: Fri, 01 Apr 2016 21:00:05 GMT

Date: Sat, 02 Apr 2016 09:35:22 GMT

Transfer-Encoding:  chunked

Connection: keep-alive

Connection: Transfer-Encoding

Content-Type: application/pkix-crl
00006000..0..L.0..K....0...*.H........0..1.0...U....US1.0...U....VeriS
ign, Inc.1.0...U....VeriSign Trust Network1;09..U...2Terms of use at h
ttps://VVV.verisign.com/rpa (c)101.0,..U...%VeriSign Class 3 Code Sign
ing 2010 [email protected]
0730092631Z0!....c..k....D.k.....120708062201Z0!... _...u.t.=.<.&..
.130218061114Z0!...&..].....P.k.:...120125130117Z0!...7P.x....8.Q...s.
.130227010252Z0!...9t.*.].....~.....160114221207Z0!...J.....Q..Y.[....
.110404153956Z0!...d...=..q!_...g9..130729145216Z0!...d....Y.......o..
.140711083257Z0!...l.....h2<.H......120329152211Z0!...q.9...`H.*.Y.
C...120525202212Z0!...s...TM.......0...121221080842Z0!...t..,.. ...eL.
....130314222305Z0!...y..r.HW.v.....w..140423054643Z0!..../u.......A..
5...101214165045Z0!.....0.Xc...%...iM..121102230226Z0!.......S.a&.X5t.
E]..111206083350Z0!....c.(....B.[M83...140108164517Z0!....A.Sv.....f,.
....110609003155Z0!.....z......!.ID{]..101228182208Z0!....b^......{d.J
'...130102154110Z0!.......n........'u..140521222808Z0!......0.........
.I..130912181631Z0!.....1.;C,.. L..0...141111073655Z0!....6e...~..T...
....130131012247Z0!.....|.....t.l.o....140827175301Z0!.........bD#*u..
....130226223939Z0!.......@..'$.).;}\..130121172259Z0!....7.v.........
.n..120724160733Z0!....n[..P..a.y...p..141121045513Z0!....P;.Y..d...c.
(...120209181451Z0!.....].bb[.....!....140328205453Z0!.....a...L`..IV.
[email protected]!...........].{7.
....120730000000Z0!...".......Z.V.,.e..121031192224Z0!...'....[.1.<<< skipped >>>

GET /down/4640/Browser_V5.6.11466.7_r_4640_(Build1603281525).exe HTTP/1.1

User-Agent: NSIS_Inetc (Mozilla)

Host: umcdn.uc.cn

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Server: Tengine

Content-Type: application/octet-stream

Content-Length: 54149792

Connection: keep-alive

Date: Wed, 30 Mar 2016 02:53:40 GMT

x-oss-request-id: 56FB3FB4BDBADD2760FCBAEA

Accept-Ranges: bytes

ETag: "4CDFC3EE2074E17121B346D279D68850"

Last-Modified: Tue, 29 Mar 2016 08:40:35 GMT

x-oss-object-type: Normal

Cache-Control: max-age=7776000

Via: cache31.l2sg1[0,200-0,H], cache22.l2sg1[3,0], cache2.by1[852,200-0,M], cache7.by1[854,0]

Age: 283308

X-Cache: MISS TCP_MISS dirn:-2:-2

X-Swift-SaveTime: Sat, 02 Apr 2016 09:35:28 GMT

X-Swift-CacheTime: 2592000

Timing-Allow-Origin: *

EagleId: d462b28914595897280995702e

[email protected].........
..!..L.!This program cannot be run in DOS mode....$.......N.C...-...-.
..-.L.....-..B....-.....E.-.....!.-.......-.......-.......-...../.-...
,...-.w...K.-.w.....-.w...:.-.w.....-.......-.......-.w.....-.Rich..-.
........................PE..L......V......................-......3....
...0....@...........................:.....)Q:.........................
....0#[email protected]...........:..4...P:..f......8.............
......([email protected]...
............................ ..`.data........0... ..................@.
...idata...%.......&...8..............@[email protected].................^......
[email protected]..`..............@[email protected]:..h
[email protected]................................................
......................................................................
......................................................................
.................................................tA..uA..uA..tA..tA.*u
A..sA..sA..sA..sA..tA..sA.)tA.StA.ntA..tA..tA..tA..sA..sA..sA..sA.....
......I..6J.D.J.N.J...L.M.J..........NE.........\.J...K..6J...........
.................V........e...@[email protected]..{.6.
5.1.2.2.C.B.0.-.E.A.0.F.-.4.7.D.F.-.A.9.5.3.-.0.1.7.1.7.0.E.D.1.2.F.9.
}.....{.4.e.a.1.6.a.c.7.-.f.d.5.a.-.4.7.c.3.-.8.7.5.b.-.d.b.f.4.a.2.0.
0.8.c.2.0.}.....{.8.B.A.9.8.6.D.A.-.5.1.0.0.-.4.0.5.E.-.A.A.3.5.-.8.6.
F.3.4.A.0.2.A.C.B.F.}.....{.4.D.C.8.B.4.C.A.-.1.B.D.A.-.4.8.3.e.-.

<<< skipped >>>

POST / HTTP/1.1

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1) QQBrowser/6.0

Host: qbwup.imtt.qq.com

Content-Length: 398

Cache-Control: no-cache

......,<LV.qbpcstatf.stat}...k.....crypt...

list<char>....M
...H..._ ...*.5K..P....h.....!....^u..6.=.fWD..Q.N.....`..S...im........A.Q*[2."<..Q.._z....X6ji..x.f)..
.9.&k]..!8.

../...e.0....Q.....
..M.P.PN...S.:..R.e.g.w.=..C.... c@."S.-.. E....7....m......&....
.kQ~..>.f>..e...(....!.{).=...J._e...xIF.$.8S..U...p.$
.6..HEBE......!Y......s/.u.........".....s.

..\z....7......2g.|.n*......
HTTP/1.1 200 OK

Content-Length: 54

Content-Type: application/multipart-formdata

Date: Sat, 02 Apr 2016 09:35:25 GMT

Server: HTTP Load Balancer/1.0

...6..,<LV.qbpcstatf.stat}.............int32............

POST / HTTP/1.1

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1) QQBrowser/6.0

Host: qbwup.imtt.qq.com

Content-Length: 438

Cache-Control: no-cache

......,<LV.qbpcstatf.stat}.........crypt...

list<char>....u
...p..._ ...*.5K..P....h.....!....^u..6.=.fWD..Q.N.....`..S.z.&v..rb....A.Q*[2."<..Q.._z....X6ji..x.f)..
.9.&k]..!8.

../...e.0....Q.....
..M.P.PN...S.:..R.e.g.w.=..C.... c@."S.-.. E....7....m....04P.n.sQ..w...E......../. .sJ.F.I.}..H.........:#. Y.W.....%[email protected]...)....crT.C[F|V~..(....8...$......Z.=.V.A

0...N.6V

..4S&Qn\.:y..q...6....k..l"S..kliw.z.D........y.v.J...
HTTP/1.1 200 OK

Content-Length: 54

Content-Type: application/multipart-formdata

Date: Sat, 02 Apr 2016 09:35:26 GMT

Server: HTTP Load Balancer/1.0

...6..,<LV.qbpcstatf.stat}.............int32..........HTTP/1.1 200 
OK..Content-Length: 54..Content-Type: application/multipart-formdata..
Date: Sat, 02 Apr 2016 09:35:26 GMT..Server: HTTP Load Balancer/1.0...
..6..,<LV.qbpcstatf.stat}.............int32............

GET /browser/btr/qqbrowser/ps/production/65_13_2013-11-28.CompatList?&guid=439C2BFF-A13F-3A49-4B96-9E2EF76D660B HTTP/1.1

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1) QQBrowser/6.0

Host: soft.imtt.qq.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 302 Found

Server: nws 1.2.15

Connection: close

Date: Sat, 02 Apr 2016 09:35:25 GMT

Expires: Sat, 02 Apr 2016 09:35:25 GMT

Cache-Control: max-age=0

Content-Length: 128

Location: hXXp://203.205.151.214/soft.imtt.qq.com/browser/btr/qqbrowser/ps/production/65_13_2013-11-28.CompatList?mkey=56ffb4a8da60d437&f=6606&&guid=439C2BFF-A13F-3A49-4B96-9E2EF76D660B&p=.CompatList

The actual URL is '/browser/btr/qqbrowser/ps/production/65_13_2013-11-
28.CompatList?&guid=439C2BFF-A13F-3A49-4B96-9E2EF76D660B'...

GET /soft.imtt.qq.com/browser/btr/qqbrowser/ps/production/65_13_2013-11-28.CompatList?mkey=56ffb4a8da60d437&f=6606&&guid=439C2BFF-A13F-3A49-4B96-9E2EF76D660B&p=.CompatList HTTP/1.1

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1) QQBrowser/6.0

Host: 203.205.151.214

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Server: 3Gdown_DK

Connection: keep-alive

Date: Sat, 02 Apr 2016 09:35:26 GMT

Cache-Control: max-age=0

Last-Modified: Thu, 28 Nov 2013 07:13:06 GMT

Content-Type: application/octet-stream

Content-Length: 6712

X-Cache-Lookup: Hit From Disktank
..#.F...#K.`../.....k7.8.!w..^rs.w...g.f......IJ..!%... .GK.....Q4....
.....C...?.fd[r^..w...V.v.....s... .....C.[..p....i*&#/.S...As..rM.PXH
}....WAAm....^`.A..6.d.eHH2....\.i..q.*.....w..G.......:P&7.u...rcZ..[
..._.'....}.rq5.Z..%...D.];..j0.........$5.c&..$c.#.]...l[........7...
....w..|[email protected].."m..........-x.
..`.:Z......|~k6...v..zOk2D.[.;r],=..4..KT}.....J.u....?0...>....?.
.][email protected].^.C...,6;.<.J0...5...Mv.9a..,.rn..b...2.........'4.....Y..
.....9.X.#.O.,[email protected] .....R]l..Q-.u.a...V....X-...A..:W..4.U..
a.....)\....p$>.[.....RBd.....9.7#.l.X.!.A...._<..twM....;..{%W.
.z].. Ch.........y.L..&~Q<c.x..."n...A9.R..7.x......|.j......,K.!H~
... Z...}..Q...D%2...'..EO....x..6A#.t.5.....; u...>....m..eY....uE
Qf.x...u.kB.`...[..M.X......8..gh.p.o...-z.FT5.......<..O.f..j.2..W
..........N.t....|.....%.^..7.g..2wZ.`:.R....vU...!P.L.N.X...OJk.b....
k...&!xE.a.;.......D...A.'. )......H%C.O.P...s@ .p.....~..H~'.y2pL.@(.
F.w.-50k..?..."u.i5..u.h......@.;...\.30g...3....dS..-<..1....%l...
*.h....hZ6.e........&*A....|..xp.c...JbL...@2......^.p..6....h....N1]%
[email protected] .Cv..m.......#.o2A..c"..........Z.wi...0..G..'...b....
.;.ut /x"B.J.h..(U..H.D......q......8.m..N..h.Gd.3M....Y\*..;4g...=.E.
....^Q....I..../.\.....c.3b=zZ8..J*......jv.Pn..>..s.8..W>...D.$
.H.d...W......K.:Rj...g..K.....p#. .b....!m.|.$.x, :u..}...B...;...<
;.<T\..9nS"...m.I....w............t..._..;T......^.......].'.*.l.&g
t;...*..@s._.d..}h....#..X......6.....&.b..........I_.b....f>.s<<< skipped >>>

GET /soft.imtt.qq.com/browser/qqbrowser/cloudctrl/production/1411441978_1508.{B3D2254B-BB47-4d2f-B015-CDDE79BAD110}?mkey=56ffb4aada60d437&f=105&&guid=439C2BFF-A13F-3A49-4B96-9E2EF76D660B&p=.{B3D2254B-BB47-4d2f-B015-CDDE79BAD110} HTTP/1.1

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1) QQBrowser/6.0

Host: 203.205.151.214

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Server: 3Gdown_DK

Connection: keep-alive

Date: Sat, 02 Apr 2016 09:35:27 GMT

Cache-Control: max-age=0

Last-Modified: Tue, 23 Sep 2014 03:12:59 GMT

Content-Type: application/octet-stream

Content-Length: 2144

X-Cache-Lookup: Hit From Disktank
T.Qx.n.-.-.....n-.FY...1.\...X.......L...v.m< 7...G.....5..J....O(.
%.:U.. u.p.^..Q............47.x.t..{R4.b...... ......U....{.7.....A.A.
.i.........K.....IPU........Q.....%o..!:m.. ...6U1X.).....n..d........
[email protected]]..AB2....nI..G.H. p. ......5}>.g..H....8M..!s....|5
.}.....7.?..RJ.`.*?qQ.[E.........u|.....'..kV..Z.....w..R...x..0.]...`
.8h...;...SbLa.1.....PU.:..<s...5..)G....].PN ...a.A.X..n...X[^)...
......Q..........<.0H,~Hg9.*.,.1.]..pdo/)h^u...c...x. u.PJ..;..E.?.
v..u.S..wdoF.pt.W..n......{o...g....|...uji.N.....i...5Q_..cA.HG...BG.
....6.a....,. ....T.3w....ZLn.[<.}...S.......(...N.)?n~...{.._!h}A.
...C.2.P.....7L...&...L...s2.*.p..i.....2....*....>..... yP........
..x..... K.'@.PH.....x.0`;.M.Te.g{..7X.f......:g....V..!..T..........n
.X.r=..2..u....C..q.`..B9..$...V5..>....Q_........~.....-u.Xt..jb..
.GhUm{....U.{.........Q.....?....B..y.)d......."..G..v..g...B9/.(.....
....l.. ..!dsa....I....?........,.X).\..X..O.].Vck../........Q.....6.N
...5}>.g.`...H.R.M..;........6..<......J.....>E....#wB. ..8..
.}.X&..Z*?.c.W_[.....l.b.D&k.3......qz{..$a.p.4.F;.....|.....\R.....|7
.eW.....P..J....#zkE....zv._bf..*z......$.r..17..5o.y..Ci...6y.....o..
...zj.6cZ-..{...e./...9..n....f...I...p..N....D.7..(..5[....0.#.`$....
}.H....a .bFib.......W*....w.t..G..s2.*.p. ~../...8...1)C;?.@$...O..B.
1...M..PI......\...1..4A..!6M..;......$.r..17..5o.y..Ci...6y.....o....
.zj.6cZ-..{...e./...9..n....f...I...p..N....D.7..(..5[....0.#.`$....}.
...d...[..zv._bf...o..#..D!.D .\f.5ZvWFE..zv._bf..zv._bf;....}i...<<< skipped >>>

GET /pca3-g5.crl HTTP/1.1

Accept: */*

User-Agent: Microsoft-CryptoAPI/5.131.2600.5512

Host: crl.verisign.com

Connection: Keep-Alive

Cache-Control: no-cache

Pragma: no-cache


HTTP/1.1 200 OK

Server: Apache

ETag: "1721969e732bcfdda4d85c16390eba70:1458842597"

Last-Modified: Thu, 24 Mar 2016 17:40:05 GMT

Date: Sat, 02 Apr 2016 09:35:21 GMT

Content-Length: 533

Connection: keep-alive

Content-Type: application/pkix-crl
0...0..0...*.H........0..1.0...U....US1.0...U....VeriSign, Inc.1.0...U
....VeriSign Trust Network1:08..U...1(c) 2006 VeriSign, Inc. - For aut
horized use only1E0C..U...<VeriSign Class 3 Public Primary Certific
ation Authority - G5..160322000000Z..160630235959Z0...*.H.............
.2.Z.....J..;.~^.....N.3..g .......'....s.c.5...?.2...Q./#`...y..;.i..
..?I.{......:5.....|5..b.......,:.H .Y.....nN..;.^..y..d5.....L.;o...l
...i...p.......)~..s..<y..#...U4..\.hQJo{QS....p<.X....D........
.....q$.p....k...I?U....Q2.j>......`..?....I...>.t.#HTTP/1.1 200
 OK..Server: Apache..ETag: "1721969e732bcfdda4d85c16390eba70:145884259
7"..Last-Modified: Thu, 24 Mar 2016 17:40:05 GMT..Date: Sat, 02 Apr 20
16 09:35:21 GMT..Content-Length: 533..Connection: keep-alive..Content-
Type: application/pkix-crl..0...0..0...*.H........0..1.0...U....US1.0.
..U....VeriSign, Inc.1.0...U....VeriSign Trust Network1:08..U...1(c) 2
006 VeriSign, Inc. - For authorized use only1E0C..U...<VeriSign Cla
ss 3 Public Primary Certification Authority - G5..160322000000Z..16063
0235959Z0...*.H..............2.Z.....J..;.~^.....N.3..g .......'....s.
c.5...?.2...Q./#`...y..;.i....?I.{......:5.....|5..b.......,:.H .Y....
.nN..;.^..y..d5.....L.;o...l...i...p.......)~..s..<y..#...U4..\.hQJ
o{QS....p<.X....D.............q$.p....k...I?U....Q2.j>......`..?
....I...>.t.#..<<< skipped >>>

POST / HTTP/1.1

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1) QQBrowser/6.0

Host: qbwup.imtt.qq.com

Content-Length: 398

Cache-Control: no-cache

......,<LV.qbpcstatf.stat}...k.....crypt...

list<char>....M
...H..._ ...*.5K..P....h.....!....^u..6.=.fWD..Q.N.....`..S...x...d.....A.Q*[2."<..Q.._z....X6ji..x.f)..
.9.&k]..!8.

../...e.0....Q.....
..M.P.PN...S.:..R.e.g.w.=..C.... c@."S.-.. E....7....m......&....
.kQ~..>.f>..e...(....!.{).=...J._e...xIF
y..._..)

&.6.}Nq....!v....w..H.6..HEBE./..|......m....[....6.rp...s!.\...k..3...K..px....
HTTP/1.1 200 OK

Content-Length: 54

Content-Type: application/multipart-formdata

Date: Sat, 02 Apr 2016 09:35:24 GMT

Server: HTTP Load Balancer/1.0

...6..,<LV.qbpcstatf.stat}.............int32............

GET /accept?authcode=1771558448&guid=439C2BFF-A13F-3A49-4B96-9E2EF76D660B&supplyid=85416&IEVer=6&osVer=5.1.3&osDigit=32&psver=3&appId=3&cver=8.2.3638.400 HTTP/1.1

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1) QQBrowser/6.0

Host: ps.browser.qq.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Content-Length: 11559

Content-Type: application/json;charset=utf-8

Cache-Control: no-cache

Pragma: no-cache

{"tasklist":["{"appId":"3","cmdCode":3404,"tas
kId":3404,"ver":25252,"url":"http://stdl%2
Eqq.com/stdl/qbfilepush/qqbrowser/cloudctrl/production/1
438571713_5287.txt?","taskKind":1,"uin":""
,"svrMsg":"{}","md5":""}","{"appId%2
2:"3","cmdCode":3406,"taskId":3406,"ver"%3
A59244,"url":"http://stdl.qq.com/stdl/qbfilepu
sh/qqbrowser/cloudctrl/production/1459589269_6042.txt?%2
2,"taskKind":1,"uin":"","svrMsg":"{}
","md5":""}","{"appId":"3","cmdCode"
:1020,"taskId":20001,"ver":7,"url":"http%2
53A%2F%2Fdl_dir.qq.com%2Finvc%2Ftt%2Fps%2F1020%3F%
22,"taskKind":1,"uin":"","svrMsg":"{%7
D","md5":""}","{"appId":"3","cmdCode%2
2:1100,"taskId":20003,"ver":77,"url":"http
%3A%2F%2Fpc5.gtimg.com%2Fbtr%2Fqqbrowser%2Fps%2F1100
%2F34_75_2013-04-03.zip%3F","taskKind":1,"
uin":"","svrMsg":"{}","md5":""}"
,"{"appId":"3","cmdCode":2104,"taskId":200
07,"ver":27,"url":"http%3A%2F%2Fpc5.gtimg.
com%2Fbtr%2Fqqbrowser%2Fps%2F2104%2F57_27_2012-06-15
.dat%3F","taskKind":1,"uin":"","svrM

<<< skipped >>>

POST / HTTP/1.1

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1) QQBrowser/6.0

Host: qbwup.imtt.qq.com

Content-Length: 350

Cache-Control: no-cache

...^..,<LV.qbpcstatf.stat}...;.....crypt...

list<char>.....
......._ ...*.5K..P....h.....!....^u..6.=.fWD..Q.N.....`..S.Yw.3........A.Q*[2."<..Q.._z....X6ji..x.f)..
.9.&k]..!8.

../...e.0....Q.....
..M.P.PN...S.:..R.e.g.w.=..C.... c@."S.-.. E....7....m......&....
.kQ~..>.f>..e...(....!.{).=...J....o..Bb..x..r.`.qlo..3N..kZ.W..P. AN..`.Z.0.......
HTTP/1.1 200 OK

Content-Length: 54

Content-Type: application/multipart-formdata

Date: Sat, 02 Apr 2016 09:35:32 GMT

Server: HTTP Load Balancer/1.0

...6..,<LV.qbpcstatf.stat}.............int32..........HTTP/1.1 200 
OK..Content-Length: 54..Content-Type: application/multipart-formdata..
Date: Sat, 02 Apr 2016 09:35:32 GMT..Server: HTTP Load Balancer/1.0...
..6..,<LV.qbpcstatf.stat}.............int32............

GET /qbfilepush/qqbrowser/cloudctrl/production/1415626007_8983.txt?&guid=439C2BFF-A13F-3A49-4B96-9E2EF76D660B HTTP/1.1

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1) QQBrowser/6.0

Host: res.imtt.qq.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Server: X2_Platform

Connection: keep-alive

Date: Sat, 02 Apr 2016 09:35:23 GMT

Cache-Control: max-age=86400

Expires: Sun, 03 Apr 2016 09:35:23 GMT

Last-Modified: Mon, 10 Nov 2014 13:26:48 GMT

Content-Type: text/plain; charset=utf-8

Content-Length: 45413

Access-Control-Allow-Origin:  *

X-Cache-Lookup: Hit From Disktank
PK........k..BM..2............bggradient_day.png}Si..a...C... .c...9..
...-..Z....5.|.Njf.3S....d..?....G.....#.AB#..W..."...Y.%...%...y..{..
..-/......*...s..-.]...{W9.L...c...J.|@.R.PM.y...,U.....W_..*..b<^.
..N.yVG).]....Uj..)..H..T1...x*.C.m.g.\. l.AfZ..*j.<.....a...4F..,.
((...D2f..uI9V....C....m..*.l.. ..D.G1.2.u..`4b. ..p...Q..I...MPa..m..
 ..)......%)L"H4..EKt.P.`.A(.8...Zq1'Q1-'..P.../0a..9H.)...,0.[Vq.)...
6..CbT..t(.....?.e;.......E..0@.@.#......9L..@I......],.../..0d.0B....
...V,.NN.(...v.,[email protected]....@`.
.z...P...Lq/XQ....../.Ed3.?.Y).fG.;.VN:..p....P.5.....w.'yb..y.......`
d.t.[.]Z.u...6z......YS..f8?......'[..0v.H...........#-....Q...s....E;
.9.,9..x...C]N..j.7}N...fi..Y.5..2|....o..k{.m.9....aB.r....s...lz|KJN
...<....mK._o.....`..d......Z.}......a..8k...Y..........x...M..4%V.
<.2Gw....4$.<G...h...XW.h....O.J.....x.s..;.w...-.s3N.M.K..~N?..
....K....l.....-.@....?.._3.g.G.......~.......]...KoP....{_8...d...D[.
..%m......7...3>.[....v.J.*}..r...^*y9.e....,..PK........k..B...c..
..........bgsearch_day.jpg.U.L.e........z.........*u.......,.u3...N...
..P...(.......&n..9.....'.......N7M.n...s...<.].i........?~..w7....
....\...].(47.~D....U..@J./...y....v......V.hE...j3v.v.M.UF.......*..W
......?m.*.A..puucUc.=pC.uK8p.-K.}.......K.%].]m.m.h ..vS{...N......F.
.E.....>..5zx{(... /..U.L..Ri...b1.xs..l.....tam...|.?=.......:....
.:a:.......*C.......l.l....Hw{....=r...G ...;..P;... B7G..!c....'..1..
.'.mk...D...'..4ww...@$ts....s.rG.=.h......M3Y....."7.:x...^.u....<<< skipped >>>

GET /browser/qqbrowser/cloudctrl/production/1411441978_1508.{B3D2254B-BB47-4d2f-B015-CDDE79BAD110}?&guid=439C2BFF-A13F-3A49-4B96-9E2EF76D660B HTTP/1.1

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1) QQBrowser/6.0

Host: soft.imtt.qq.com

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 302 Found

Server: nws 1.2.15

Connection: close

Date: Sat, 02 Apr 2016 09:35:27 GMT

Expires: Sat, 02 Apr 2016 09:35:27 GMT

Cache-Control: max-age=0

Content-Type: application/octet-stream

Content-Length: 0

Location: hXXp://203.205.151.214/soft.imtt.qq.com/browser/qqbrowser/cloudctrl/production/1411441978_1508.{B3D2254B-BB47-4d2f-B015-CDDE79BAD110}?mkey=56ffb4aada60d437&f=105&&guid=439C2BFF-A13F-3A49-4B96-9E2EF76D660B&p=.{B3D2254B-BB47-4d2f-B015-CDDE79BAD110}

GET /large/7185bdf1gw1f05vls701mg21130hix6s.gif HTTP/1.1

User-Agent: NSIS_Inetc (Mozilla)

Host: ww4.sinaimg.cn

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 200 OK

Date: Sat, 02 Apr 2016 09:35:15 GMT

Server: PWS/8.1.36

X-Px: ms h0-s1094.v0-mow ( h0-s1010.v0-mow), ht-d h0-s1010.v0-mow.cdngp.net

Cache-Control: max-age=7776000

Expires: Tue, 19 Apr 2016 05:25:30 GMT

Age: 6322185

Accept-Ranges: bytes

Content-Length: 5199689

Content-Type: image/gif

Last-Modified: Mon, 08 Jul 2013 18:06:40 GMT

X-Via-CDN: f=TXCDN,s=37.29.13.22,c=194.242.96.218

Connection: keep-alive
GIF89a7.v.....:...$.{.J.....s..*].._. ...x-.l.>......K..m....!..Q.0
pW{......H..6s.3....g.[..d..|....I.".'?!........:{..A.].P...p.M.c.^.. 
...d..s.({.1...R.M.......8.b.6f..jm..f...n....@)z........s......()..{.
..J....R....(...!|.)..L...\.S....);..6z.!...Q........k....B...=....Q..
Z..2t..t.l.....v..t........S..\r.&q....~On)........:..$j.)..a........!
........J.. .u!.._.8"b.1..w.5Gp..K....=.......U...l........Z.#)..)...C
.,..}........}..R..\..)............b.;..S..*........V.."..T...4IB..!..
a..:.....P.....I.....l.To..!`.k..2..!..5..............;..... ....."s.c
.\)p.J..\.....!z. ]...Ua`.;..\...........3z.].'... k.....t.!..k...{.Y.
B1.......r..r5..F..[..1|.1.......s_..S.....).....o.4..*...%v..#1d..}d.
...c...l....u...... =[..I.. ....VB..u.:.......s....o.E...U.$.....2Si.m
.(....Fb..2E..!.......,....7.v........H......*\......#J.H.....3j......
 C..I....(S.\[email protected].*].....P.J.J....X.j....
..`...K....h..].....p...K....x............L...... ^......#..B.....3k..
.....C..M.....S.^......c..-.....s...........N...... _}..s...K.N......k
...........N......._.........O...............(....h...&....6....F(...V
h...f....v... .(..$.h..(.........0.(..4.h..8....<....@.)..D.i..H&..
.2Zf..PF)..TVi..Xf...\v...`.)..d.if.,..f{L....p.)..t.i..x....|......*.
.......^....6....F*..3VV...f....v.....*....j..~&...........*....j....z
*...:.... ....k...&....6....F ...Vk...f....v..... ....k.............. 
o....k.............,....l...'....7....G,...Wl...g....w... .,..$.l..(..
..,....0.,..4.l..8....<[email protected]'.e.L7...PG-..TO...Xg...U<<< skipped >>>

GET /pcbrowser/down.php?pid=4640 HTTP/1.1

User-Agent: NSIS_Inetc (Mozilla)

Host: down2.uc.cn

Connection: Keep-Alive

Cache-Control: no-cache


HTTP/1.1 302 Moved Temporarily

Server: nginx

Date: Sat, 02 Apr 2016 09:35:26 GMT

Content-Type: text/html

Transfer-Encoding: chunked

Connection: keep-alive

X-Powered-By: PHP/5.3.10

Location: hXXp://umcdn.uc.cn/down/4640/Browser_V5.6.11466.7_r_4640_(Build1603281525).exe

0..HTTP/1.1 302 Moved Temporarily..Server: nginx..Date: Sat, 02 Apr 20
16 09:35:26 GMT..Content-Type: text/html..Transfer-Encoding: chunked..
Connection: keep-alive..X-Powered-By: PHP/5.3.10..Location: hXXp://umc
dn.uc.cn/down/4640/Browser_V5.6.11466.7_r_4640_(Build1603281525).exe..
0..

The Trojan connects to the servers at the folowing location(s):

%original file name%.exe_2004:

.text

`.rdata

@.data

.ndata

.rsrc

uDSSh

.DEFAULT\Control Panel\International

Software\Microsoft\Windows\CurrentVersion

GetWindowsDirectoryA

KERNEL32.dll

ExitWindowsEx

USER32.dll

GDI32.dll

SHFileOperationA

ShellExecuteA

SHELL32.dll

RegEnumKeyA

RegCreateKeyExA

RegCloseKey

RegDeleteKeyA

RegOpenKeyExA

ADVAPI32.dll

COMCTL32.dll

ole32.dll

VERSION.dll

verifying installer: %d%%

hXXp://nsis.sf.net/NSIS_Error

... %d%%

~nsu.tmp

%u.%u%s%s

RegDeleteKeyExA

%s=%s

*?|<>/":

OCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsu2.tmp\Inetc.dll

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsu2.tmp\Inetc.dll

jk2M2QwYzIwYjFmZGYuZXhl/40.html

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsu2.tmp

QwYzIwYjFmZGYuZXhl/40.html

.reloc

EnumWindows

ExecCmd.dll

Kernel32.DLL

zcÁ

65708<8`9

<'</<5<;<|<

5 5$5(5,5

e%uy%u

-*!$%d:ZU1N

GetCPInfo

ZipDLL.dll

Error: %s

Could not extract %s

Error: Could not extract %s

Extract : %s

Extracting %d files and directories

Extracting contents of %s to %s

Extracting the file %s from %s to %s

%s (%s)

Incorrect password set for the file being decrypted

1.1.4

\\?\unc\

.Jd'>

%U4l'3

%Program Files%\UCBrowser\Application\Uninstall.exe

Uninstall.exe

UNINST~1.EXE

bMoB8XjvW14w2dJq.EncgCBj4sKzXSlALTITzxhjew!/r/dEd9T26oNAAA

LOCALS~1\Temp\install1078565.exe"

\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsu2.tmp

360tray.exe

hXXp://120.27.185.49/

hXXp://r.photo.store.qq.com/psb?/V1185Hox09uQSJ/abMoB8XjvW14w2dJq.EncgCBj4sKzXSlALTITzxhjew!/r/dEd9T26oNAAA

28.tmp

XMPSetupLite-SIxcjy.exe

40_(Build1512022057).exe

UCBrowser\Application\Uninstall.exe

c:\%original file name%.exe

%Program Files%\ImagePrinter

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp

%original file name%.exe

CUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsp1.tmp

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\

"irY.VSg

9uL.sN

E.SRA

ORL.SL/

<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="Nullsoft.NSIS.exehead" type="win32"/><description>Nullsoft Install System v2.46</description><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="X86" publicKeyToken="6595b64144ccf1df" language="*" /></dependentAssembly></dependency></assembly>

%original file name%.exe_2004_rwx_10004000_00001000:

callback%d

PerfTraceService.exe_396:

.text

`.rdata

@.data

.rsrc

@.reloc

l$X9.vE

Please contact the application's support team for more information.

- Attempt to initialize the CRT more than once.

- CRT not initialized

- floating point support not loaded

operator

GetProcessWindowStation

USER32.DLL

tdh.dll

e:\SlaveDepot\beyond_slave\branch8_union_rc_rep\beyond\bin\pdb\Release\PerfTraceService.pdb

KERNEL32.dll

RegCreateKeyW

RegCloseKey

RegOpenKeyExW

RegCreateKeyExW

ADVAPI32.dll

SHELL32.dll

ole32.dll

OLEAUT32.dll

SHLWAPI.dll

WS2_32.dll

GetCPInfo

GetConsoleOutputCP

GetProcessHeap

zcÁ

<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>

7%7S7a7

3=3

>&>,>2>:>

8Œ8v8

;3;<;)=8=,>

KERNEL32.DLL

mscoree.dll

[%s](%lu):

PerfTrace.ini

DebugMsg

EVENT_RECORD address : %d, UserDataLength : %d

PerfTrackInfo : Name : %s, Id : %d

Start Event : Name : %s, Id : %d

InFlightEvents number : %d

Match Event : Name : %s, Id : %d

{x-x-x-xx-xxxxxx}

Port

TypesSupported

QQTrace.ini

TraceConfig.xml

qqtrack.xml

advapi32.dll

IsVervionEnalbe failed , OSVersion : %d

IsTypeEnable failed, trace type %d

7z.exe

::CreateProcess failed, ErrCode : %d, cmd : %s

::SetPriorityClass failed, ErrCode : %d

File path too long ! %s, %s

share dir path too long ! %s, %s

CopyFile failed, ErrCode : %d

begin ReloadConfig tread, ReloadTime : %d

CreateThread failed, ErrCode %d

OpenTrace failed , ErrCode : %d

Session-4BA0B957-882B-4625-A213-0349B865E6AA

%d/%d/%d %d:%d:%d

event id :%d, duration :%f ms, start time :%s

ScenarioId %s take a long time

AQQTrace-UserSession-8D2FEC41-08A1-4c4b-AB00-F67DD5761ACC

-start %s -on %s -BufferSize %d -MinBuffers %d -MaxBuffers %d

-on %s -BufferSize %d -MinBuffers %d -MaxBuffers %d -stackwalk %s

-stop -stop %s

-flush -flush "%s"

-flush -f "%s" -flush "%s" -f "%s"

RunXperf Error ! (%d)

%s\%s%s.%d-d-d.d-d-d-%d.etl

-merge "%s" "%s" "%s"

Myredir-B48C0CD8-8D7A-45ee-90EB-B1FCCD3F5E1A

"%s" %s

CreateProcess failed (%d)

DeleteFile %s Failed : %d

xperf.exe

QQTraceUserSession.etl

QQTraceNTSession.etl

%d.%d.%d.%d

AoXmlDoc.Load(lpszConfigFileName) || !oXmlDoc.IsValid() failed

oXmlDoc.IsValid() failed

IDispatch error #%d

%Program Files%\Tencent\QQBrowser\Service\PerfTraceService.exe

UCService.exe_4044:

.text

`.rdata

@.data

.rsrc

@.reloc

8pass[

PSSSSSSh

SSSSh

j.Yf;

_tcPVj@

.PjRW

stats-url

os=%d.%d.%d(sp%d.%d)

5.6.11466.7

bluesky.1.19.1.1.6

hXXp://mmstat.ucweb.com/bluesky.

'';>46#>89

9$#6;;2%

"9>9$#6;;

>9$#6;;2%

$2%!>4>90

{]wwwwwwu2!6;"6#>89umwu&"2%.u{]wwwwwwu#6#umwu

>4%8$81#

$$84>6#>89$

iu{]wwwwwwu64#8%umwuu]wwww*{]wwww,]wwwwwwu64#>89umwu

$2#!6;u{]wwwwwwu2!6;"6#>89umwu&"2%.u{]wwwwwwu#6#umwu

}u{]wwwwwwu64#8%umwuu]wwww*{]wwww,]wwwwwwu64#>89umwu

}u{]wwwwwwu64#8%umwuu]wwww*]ww

{]wwwwwwu2!6;"6#>89umwu&"2%.u{]wwwwwwu#6#umwur

ru{]wwwwwwu64#8%umwuu]wwww*{]wwww,]wwwwwwu64#>89umwu

#%"946#2u{]wwwwwwu2!6;"6#>89umwu&"2%.u{]wwwwwwu#6#umwur

ru{]wwwwwwu64#8%umwuu{]wwwwwwu8'#>89$umw,]wwwwwwwwu'%8:'#

%2:8!2u{]wwwwwwu2!6;"6#>89umwu&"2%.u{]wwwwwwu#6#umwur

libucguard.dll

d:\webapps\b\build\slave\repo\build\src\wow\tools\service\durex\wow_huorong_api_wrapper.cc

ucsvc_config.dat

d:\webapps\b\build\slave\repo\build\src\wow\tools\service\durex\wow_persistent_store.cc

Load config failed! err msg:

d:\webapps\b\build\slave\repo\build\src\wow\tools\service\durex\wow_proxy_delegate.cc

REG_openkey

REG_mkkey

REG_rmkey

REG_mvkey

REG_rstrkey

\\.\Pipe\TerminalServer\SystemExecSrvr\%d

d:\webapps\b\build\slave\repo\build\src\wow\tools\service\public\wow_launch_process_with_token.cc

check-product-exe-interval

d:\webapps\b\build\slave\repo\build\src\wow\tools\service\wow_elevated_process_delegate.cc

d:\webapps\b\build\slave\repo\build\src\wow\tools\service\wow_ipc_channel.cc

.read

.write

d:\webapps\b\build\slave\repo\build\src\wow\tools\service\wow_nt_service.cc

d:\webapps\b\build\slave\repo\build\src\wow\tools\service\wow_nt_service_impl.cc

Current process is windows service.

Cannot create CommandExecutionDelegate.

&cmd=

d:\webapps\b\build\slave\repo\build\src\wow\tools\service\wow_process_restrictions.cc

d:\webapps\b\build\slave\repo\build\src\wow\tools\service\wow_proxy_process_delegate.cc

Global\UCSvc.{1BF734CB-9BDA-4074-A109-3B2A6707B336}

Global\DHCPServer.{1BF734CB-9BDA-4074-A109-3B2A6707B336}

d:\webapps\b\build\slave\repo\build\src\wow\tools\service\wow_service_process_delegate.cc

Failed to reply message. execution result:

Failed to get the dir of current exe.

d:\webapps\b\build\slave\repo\build\src\wow\base\stats\wow_stats_helper.cc

1.19.1.2.1_SysEvent

1.19.1.3.1_SysEvent

1.19.1.3.2_SysEvent

d:\webapps\b\build\slave\repo\build\src\wow\base\win\wow_permission_utils.cc

d:\webapps\b\build\slave\repo\build\src\wow\base\win\wow_priviledge_utils.cc

d:\webapps\b\build\slave\repo\build\src\wow\base\win\wow_machine_info_utils_win.cc

wow wow_base::MachineInfoUtils::GetCPUBrand

\\.\PhysicalDrive%d

\\.\Scsi%d:

Drive%dModelNumber

Drive%dSerialNumber

DriveÜontrollerRevisionNumber

DriveÜontrollerBufferSize

Drive%dType

GetProcessWindowStation

operator

function not supported

operation canceled

address_family_not_supported

operation_in_progress

operation_not_supported

protocol_not_supported

operation_would_block

address family not supported

broken pipe

inappropriate io control operation

not supported

operation in progress

operation not permitted

operation not supported

operation would block

protocol not supported

d:\webapps\b\build\slave\repo\build\src\base\process\process_win.cc

(0x%X)

Error (0x%X) while retrieving error. (0x%X)

Dictionary keys must be quoted.

Unsupported encoding. JSON must be UTF-8.

icudtl.dat is not exists!

d:\webapps\b\build\slave\repo\build\src\base\files\memory_mapped_file.cc

icudtl.dat exists, but Initialize failed.

MsgLoop:

d:\webapps\b\build\slave\repo\build\src\base\win\shortcut.cc

PlatformFile.UnknownErrors.Windows

0123456789

\uX

Line: %i, column: %i, %s

d:\webapps\b\build\slave\repo\build\src\base\threading\thread_local_win.cc

d:\webapps\b\build\slave\repo\build\src\base\trace_event\trace_log.cc

tracing/thread_%d

[0;3%dm

Chrome.MessageLoopProblem

KeyDown

Chrome_WidgetWin

Chrome_RenderWidgetHostHWND

Histogram.InconsistentCountHigh

Histogram.InconsistentCountLow

Histogram: %s recorded %d samples

(flags = 0x%x)

disabled-by-default-toplevel.flow

(%d = %3.1f%%)

WorkerThread-%d

.syzygy

.thunks

"%d":

d:\webapps\b\build\slave\repo\build\src\base\trace_event\trace_buffer.cc

renderer.scheduler

disabled-by-default-cc.debug.picture

disabled-by-default-cc.debug

d:\webapps\b\build\slave\repo\build\src\base\trace_event\memory_dump_manager.cc

%s/%s

d:\webapps\b\build\slave\repo\build\src\base\threading\thread.cc

%d:%s

D:\webapps\b\build\slave\repo\build\src\out\Release\UCService.exe.pdb

UCService.exe

USERENV.dll

WINTRUST.dll

WTSAPI32.dll

InternetOpenUrlW

WININET.dll

VERSION.dll

PSAPI.DLL

WINMM.dll

SHLWAPI.dll

RegCreateKeyExW

RegOpenKeyExW

RegCloseKey

ADVAPI32.dll

WaitNamedPipeW

GetWindowsDirectoryW

CreateIoCompletionPort

GetProcessHeap

KERNEL32.dll

SHELL32.dll

ole32.dll

OLEAUT32.dll

MsgWaitForMultipleObjectsEx

CallMsgFilterW

USER32.dll

NETAPI32.dll

GetCPInfo

zcÁ

&ka=&kb=231545bda8f1e10442308d474642b735&kc=2f5c2b9b4043b0ecc0b5c4e9021b5d58v00000027546485a&firstpid=&bid=800&ver=5.6.11466.7

%Program Files%\UCBrowser\Application\UCService.exe

<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"></supportedOS><supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"></supportedOS></application></compatibility></assembly>

;0;6;[;`;

; ;!<;<'>

7 7y7>7^8

4#404:4`4

1(171\1~1

7$8(8,8084888

<(<4<@<`<

stats_uploader.exe

DEXEC_create

bqqurlmgr.exe

qq.exe

services.exe

UC_BROWSER_EXE

UCBrowser.exe

\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders

new_UCService.exe

old_UCService.exe

UCAgent.exe

Aucsvc.log

resources.pak

chrome_100_percent.pak

chrome_200_percent.pak

explorer.exe

hXXp://testenv.ucbrowser-dWNicm93c2Vy.local

molt.log

setup.exe

.\\.\X:

Emscoree.dll

- floating point support not loaded

- CRT not initialized

- Attempt to initialize the CRT more than once.

USER32.DLL

portuguese-brazilian

kernel32.dll

ntdll.dll

Ndebug.log

icudtl.dat

\StringFileInfo\xx\%ls

shell32.dll

CChrome_MessagePumpWindow_%p

SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

Advapi32.dll

UCWeb Inc.

1.0.0.0

Copyright 2008-2014 UCWeb Inc. All rights reserved.

UCBrowser.exe_3216:

.text

`.rdata

@.data

@.rsrc

@.reloc

SHA256 block transform for x86, CRYPTOGAMS by <[email protected]>

HtdHtHHHt.HH

j.Yf;

_tcPVj@

.PjRW

Ph.II

d:\webapps\b\build\slave\repo\build\src\chrome\app\chrome_exe_main_win.cc

d:\webapps\b\build\slave\repo\build\src\chrome\app\main_dll_loader_win.cc

Failed to load Chrome DLL from

ChromeMain

RelaunchChromeBrowserWithNewCommandLineIfNeeded

RelaunchChromeBrowserWithNewCommandLineIfNeeded from

Could not find exported function

MetricsReportingEnabled

1.3.21.115

Chrome

0.0.0.0-devel

font_key_name

url-chunk

subresource_url

%s-%x

CHROME_MAIN_TICKS

d:\webapps\b\build\slave\repo\build\src\chrome\installer\util\module_util_win.cc

No valid Chrome version found

chrome-sxs

Cannot initialize AppCommands from an invalid key.

d:\webapps\b\build\slave\repo\build\src\chrome\installer\util\app_commands.cc

Failed to open key "

Skipping over key "

d:\webapps\b\build\slave\repo\build\src\chrome\installer\util\language_selector.cc

Cannot initialize an AppCommand from an invalid key.

d:\webapps\b\build\slave\repo\build\src\chrome\installer\util\app_command.cc

kernel32.dll

d:\webapps\b\build\slave\repo\build\src\sandbox\win\src\sandbox_policy_base.cc

CreateNamedPipeW

NtCreateKey

NtOpenKey

NtOpenKeyEx

CHROME_VERSION

CHROME_METRO_CONNECTED

CHROME_CRASHED

CHROME_RESTART

CHROME_BREAKPAD_PIPE_NAME

d:\webapps\b\build\slave\repo\build\src\components\crash\content\app\breakpad_win.cc

stats-url-exit

stats-url-browser-hang

stats-url

\UCBrowser\User Data\chrome_debug.log

origin breakpad::SetCrashKeyValueImpl

NTDLL.DLL

dbghelp.dll

SHELL32.dll

ole32.dll

function not supported

operation canceled

address_family_not_supported

operation_in_progress

operation_not_supported

protocol_not_supported

operation_would_block

address family not supported

broken pipe

inappropriate io control operation

not supported

operation in progress

operation not permitted

operation not supported

operation would block

protocol not supported

?#%X.y

GetProcessWindowStation

operator

@-@-@-@-

@-@-@-@-@-@-@-@-

(0x%X)

Error (0x%X) while retrieving error. (0x%X)

d:\webapps\b\build\slave\repo\build\src\base\trace_event\trace_log.cc

tracing/thread_%d

[0;3%dm

d:\webapps\b\build\slave\repo\build\src\base\process\process_win.cc

%s-%Iu

(%d = %3.1f%%)

Histogram.InconsistentCountHigh

Histogram.InconsistentCountLow

Histogram: %s recorded %d samples

(flags = 0x%x)

PlatformFile.UnknownErrors.Windows

user32.dll

WorkerThread-%d

.thunks

.syzygy

d:\webapps\b\build\slave\repo\build\src\base\threading\thread_local_win.cc

"%d":

d:\webapps\b\build\slave\repo\build\src\base\trace_event\trace_buffer.cc

renderer.scheduler

disabled-by-default-cc.debug.picture

disabled-by-default-cc.debug

disabled-by-default-toplevel.flow

d:\webapps\b\build\slave\repo\build\src\base\trace_event\memory_dump_manager.cc

%s/%s

MsgLoop:

\uX

d:\webapps\b\build\slave\repo\build\src\base\threading\thread.cc

%d:%s

Chrome.MessageLoopProblem

KeyDown

Chrome_RenderWidgetHostHWND

Chrome_WidgetWin

full-memory-crash-report

D:\webapps\b\build\slave\repo\build\src\out\Release\initialexe\chrome.exe.pdb

chrome.exe

ClearBreakpadPipeEnvironmentVariable

ClearCrashKeyValueImpl

SetCrashKeyValueImpl

SignalChromeElf

chrome_elf.dll

VERSION.dll

WINMM.dll

RegCreateKeyExW

RegQueryInfoKeyW

RegOpenKeyExW

RegEnumKeyExW

RegCloseKey

ADVAPI32.dll

MsgWaitForMultipleObjectsEx

CallMsgFilterW

CloseWindowStation

CreateWindowStationW

SetProcessWindowStation

USER32.dll

GetProcessHeap

GetWindowsDirectoryW

CreateIoCompletionPort

GetProcessHandleCount

KERNEL32.dll

USERENV.dll

GetCPInfo

SetNamedPipeHandleState

TransactNamedPipe

WaitNamedPipeW

zcÁ

UUVQcrtw

r%s @

nq.af

444444444444

474747474747

777777777777

777//6()/777

.mmm,Y

0000000000000000000

11<161611>

z.sa;

.gaB|s

D[%1x

>Eu

.vXZZ

.lecIS

?(.Ul

.WbqfL

<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><dependency><dependentAssembly><assemblyIdentity type="Win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity></dependentAssembly></dependency><dependency><dependentAssembly><assemblyIdentity type="win32" name="5.6.11466.7" version="5.6.11466.7" language="*"></assemblyIdentity></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"></supportedOS><supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"></supportedOS></application></compatibility></assembly>

8 8'868=8

1*11181`2

>$?=?]?}?

?%?0?9?@?

>(>2>9>~>

;$;;;@;`;

6'6-626?6

7.84888<8@8

> >$>(>,>0>4>~>

9(9-92979@9

9(939:9@9}9

4585<5@5

7 7$7(787<7@7

7 7$7(7,70747

config_updater.dll

updater.dll

chrome_watcher.dll

chrome.dll

chrome_child.dll

UCBrowser.exe

metro_driver.dll

{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}

{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}

Browse the web

Software\Microsoft\Windows\CurrentVersion\Uninstall\Chromium

Software\Microsoft\Windows\CurrentVersion\Uninstall\

-chrome

-chromeframe

WebAccessible

E{65122CB0-EA0F-47DF-A953-017170ED12F9}

WebKit

Software\Microsoft\Windows\CurrentVersion\Uninstall\UCBrowser

HKEY_CLASSES_ROOT

HKEY_CURRENT_USER

HKEY_LOCAL_MACHINE

HKEY_USERS

HKEY_PERFORMANCE_DATA

HKEY_PERFORMANCE_TEXT

HKEY_PERFORMANCE_NLSTEXT

HKEY_CURRENT_CONFIG

HKEY_DYN_DATA

ntdll.dll

pipe\

Ekernel32.dll

kernelbase.dll

\Sessions\%d\AppContainerNamedObjects\%ls

ALPC Port

eKey

Fkernel32.dll

gdi32.dll

xntdll.dll

wow_helper.exe"

Crash Reports

script.log

resources.pak

chrome

pepflashplayer.dll

\\.\pipe\GoogleCrashServices\

\\.\pipe\UCBrowserCrashServices

error %u

%d.%d.%d.%d

unspecified-crash-key

stats_uploader.exe

Gmscoree.dll

- floating point support not loaded

- CRT not initialized

- Attempt to initialize the CRT more than once.

portuguese-brazilian

USER32.DLL

rpcrt4.dll

%s\%s.dmp

x-x-x-xx-xxxxxx

\uninstall.exe

mshtml.dll

Ndebug.log

BCmdLine

\StringFileInfo\xx\%ls

Chrome_MessageWindow

Ntdll.dll

Advapi32.dll

shell32.dll

DChrome_MessagePumpWindow_%p

Chrome Frame

{49AE23F3-CF25-4041-9387-DC9D1B578555}

{EE1C56C8-D145-437E-A83F-74406D742719}

%Program Files%\UCBrowser\Application\UCBrowser.exe

UCWeb Inc.

5.6.11466.7

chrome_exe

Copyright 2008-2016 UCWeb Inc. All rights reserved.

UCBrowser.exe_3560:

.text

`.rdata

@.data

@.rsrc

@.reloc

SHA256 block transform for x86, CRYPTOGAMS by <[email protected]>

HtdHtHHHt.HH

j.Yf;

_tcPVj@

.PjRW

Ph.II

d:\webapps\b\build\slave\repo\build\src\chrome\app\chrome_exe_main_win.cc

d:\webapps\b\build\slave\repo\build\src\chrome\app\main_dll_loader_win.cc

Failed to load Chrome DLL from

ChromeMain

RelaunchChromeBrowserWithNewCommandLineIfNeeded

RelaunchChromeBrowserWithNewCommandLineIfNeeded from

Could not find exported function

MetricsReportingEnabled

1.3.21.115

Chrome

0.0.0.0-devel

font_key_name

url-chunk

subresource_url

%s-%x

CHROME_MAIN_TICKS

d:\webapps\b\build\slave\repo\build\src\chrome\installer\util\module_util_win.cc

No valid Chrome version found

chrome-sxs

Cannot initialize AppCommands from an invalid key.

d:\webapps\b\build\slave\repo\build\src\chrome\installer\util\app_commands.cc

Failed to open key "

Skipping over key "

d:\webapps\b\build\slave\repo\build\src\chrome\installer\util\language_selector.cc

Cannot initialize an AppCommand from an invalid key.

d:\webapps\b\build\slave\repo\build\src\chrome\installer\util\app_command.cc

kernel32.dll

d:\webapps\b\build\slave\repo\build\src\sandbox\win\src\sandbox_policy_base.cc

CreateNamedPipeW

NtCreateKey

NtOpenKey

NtOpenKeyEx

CHROME_VERSION

CHROME_METRO_CONNECTED

CHROME_CRASHED

CHROME_RESTART

CHROME_BREAKPAD_PIPE_NAME

d:\webapps\b\build\slave\repo\build\src\components\crash\content\app\breakpad_win.cc

stats-url-exit

stats-url-browser-hang

stats-url

\UCBrowser\User Data\chrome_debug.log

origin breakpad::SetCrashKeyValueImpl

NTDLL.DLL

dbghelp.dll

SHELL32.dll

ole32.dll

function not supported

operation canceled

address_family_not_supported

operation_in_progress

operation_not_supported

protocol_not_supported

operation_would_block

address family not supported

broken pipe

inappropriate io control operation

not supported

operation in progress

operation not permitted

operation not supported

operation would block

protocol not supported

?#%X.y

GetProcessWindowStation

operator

@-@-@-@-

@-@-@-@-@-@-@-@-

(0x%X)

Error (0x%X) while retrieving error. (0x%X)

d:\webapps\b\build\slave\repo\build\src\base\trace_event\trace_log.cc

tracing/thread_%d

[0;3%dm

d:\webapps\b\build\slave\repo\build\src\base\process\process_win.cc

%s-%Iu

(%d = %3.1f%%)

Histogram.InconsistentCountHigh

Histogram.InconsistentCountLow

Histogram: %s recorded %d samples

(flags = 0x%x)

PlatformFile.UnknownErrors.Windows

user32.dll

WorkerThread-%d

.thunks

.syzygy

d:\webapps\b\build\slave\repo\build\src\base\threading\thread_local_win.cc

"%d":

d:\webapps\b\build\slave\repo\build\src\base\trace_event\trace_buffer.cc

renderer.scheduler

disabled-by-default-cc.debug.picture

disabled-by-default-cc.debug

disabled-by-default-toplevel.flow

d:\webapps\b\build\slave\repo\build\src\base\trace_event\memory_dump_manager.cc

%s/%s

MsgLoop:

\uX

d:\webapps\b\build\slave\repo\build\src\base\threading\thread.cc

%d:%s

Chrome.MessageLoopProblem

KeyDown

Chrome_RenderWidgetHostHWND

Chrome_WidgetWin

full-memory-crash-report

D:\webapps\b\build\slave\repo\build\src\out\Release\initialexe\chrome.exe.pdb

chrome.exe

ClearBreakpadPipeEnvironmentVariable

ClearCrashKeyValueImpl

SetCrashKeyValueImpl

SignalChromeElf

chrome_elf.dll

VERSION.dll

WINMM.dll

RegCreateKeyExW

RegQueryInfoKeyW

RegOpenKeyExW

RegEnumKeyExW

RegCloseKey

ADVAPI32.dll

MsgWaitForMultipleObjectsEx

CallMsgFilterW

CloseWindowStation

CreateWindowStationW

SetProcessWindowStation

USER32.dll

GetProcessHeap

GetWindowsDirectoryW

CreateIoCompletionPort

GetProcessHandleCount

KERNEL32.dll

USERENV.dll

GetCPInfo

SetNamedPipeHandleState

TransactNamedPipe

WaitNamedPipeW

zcÁ

UUVQcrtw

r%s @

nq.af

444444444444

474747474747

777777777777

777//6()/777

.mmm,Y

0000000000000000000

11<161611>

z.sa;

.gaB|s

D[%1x

>Eu

.vXZZ

.lecIS

?(.Ul

.WbqfL

<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><dependency><dependentAssembly><assemblyIdentity type="Win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity></dependentAssembly></dependency><dependency><dependentAssembly><assemblyIdentity type="win32" name="5.6.11466.7" version="5.6.11466.7" language="*"></assemblyIdentity></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"></supportedOS><supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"></supportedOS></application></compatibility></assembly>

8 8'868=8

1*11181`2

>$?=?]?}?

?%?0?9?@?

>(>2>9>~>

;$;;;@;`;

6'6-626?6

7.84888<8@8

> >$>(>,>0>4>~>

9(9-92979@9

9(939:9@9}9

4585<5@5

7 7$7(787<7@7

7 7$7(7,70747

config_updater.dll

updater.dll

chrome_watcher.dll

chrome.dll

chrome_child.dll

UCBrowser.exe

metro_driver.dll

{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}

{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}

Browse the web

Software\Microsoft\Windows\CurrentVersion\Uninstall\Chromium

Software\Microsoft\Windows\CurrentVersion\Uninstall\

-chrome

-chromeframe

WebAccessible

E{65122CB0-EA0F-47DF-A953-017170ED12F9}

WebKit

Software\Microsoft\Windows\CurrentVersion\Uninstall\UCBrowser

HKEY_CLASSES_ROOT

HKEY_CURRENT_USER

HKEY_LOCAL_MACHINE

HKEY_USERS

HKEY_PERFORMANCE_DATA

HKEY_PERFORMANCE_TEXT

HKEY_PERFORMANCE_NLSTEXT

HKEY_CURRENT_CONFIG

HKEY_DYN_DATA

ntdll.dll

pipe\

Ekernel32.dll

kernelbase.dll

\Sessions\%d\AppContainerNamedObjects\%ls

ALPC Port

eKey

Fkernel32.dll

gdi32.dll

xntdll.dll

wow_helper.exe"

Crash Reports

script.log

resources.pak

chrome

pepflashplayer.dll

\\.\pipe\GoogleCrashServices\

\\.\pipe\UCBrowserCrashServices

error %u

%d.%d.%d.%d

unspecified-crash-key

stats_uploader.exe

Gmscoree.dll

- floating point support not loaded

- CRT not initialized

- Attempt to initialize the CRT more than once.

portuguese-brazilian

USER32.DLL

rpcrt4.dll

%s\%s.dmp

x-x-x-xx-xxxxxx

\uninstall.exe

mshtml.dll

Ndebug.log

BCmdLine

\StringFileInfo\xx\%ls

Chrome_MessageWindow

Ntdll.dll

Advapi32.dll

shell32.dll

DChrome_MessagePumpWindow_%p

Chrome Frame

{49AE23F3-CF25-4041-9387-DC9D1B578555}

{EE1C56C8-D145-437E-A83F-74406D742719}

%Program Files%\UCBrowser\Application\UCBrowser.exe

UCWeb Inc.

5.6.11466.7

chrome_exe

Copyright 2008-2016 UCWeb Inc. All rights reserved.

1332280.exe_3900:

`.rsrc

vSSSh

tGHt.Ht&

FTPjK

FtPj;

C.PjRV

Iphlpapi.dll

SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

System\CurrentControlSet\Services\VxD\MSTCP

255.255.255.255

socket() failed; %d

\\.\PhysicalDrive%d

\\.\Scsi%d:

MSIE %d.%d

WININET.DLL

Windows

Windows Me

Windows 98

Windows 95

Windows NT %d.%d

%s:%d

Mozilla/4.0 (compatible; %s; %s; Rising)

Content-Type: application/x-www-form-urlencoded

HTTP/1.0

Range: bytes=%d-

hXXp://

"%sProgram Files\Internet Explorer\iexplore.exe" %s

"%s\Internet Explorer\iexplore.exe" %s

Shell32.dll

FRegDeleteKeyExA

Advapi32.dll

HKEY_CLASSES_ROOT

HKEY_CURRENT_USER

HKEY_LOCAL_MACHINE

HKEY_USERS

HKEY_PERFORMANCE_DATA

HKEY_DYN_DATA

HKEY_CURRENT_CONFIG

Global\{DCBEBF39-05BB-4826-9BDA-B8DD752EF707}

XXXXXXXXXXX

{X-X-X-XX-XXXXXX}

CLSID\{CAA2D3B1-4BB5-4a45-A17A-122773379D99}

%s\%s

%s\*.*

"%s" %s

Setup.exe

rsbrowser.exe

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rse

hXXp://rsup10.rising.com.cn/Register/OnlineHelper/ForLog/Action.aspx?info=

C:\Temp

\AUTO.INI

\InstalledLog.dat

\rse.exe

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\

tray.exe

Kernel32.dll

Rising.info

\label.dat

AUTO.INI

\Rav.zip

\KaKa.info

%slog.txt

"%s" -auto

Key=RSEInstallPop&v1=%s&v2=%d&v3=%d&v4=%d&v5=0

SOFTWARE\Microsoft\Windows\CurrentVersion\Run

rccb.exe

target url:

hXXp://rse.rising.com.cn/config/rsedownloadconfig.xml

\rsedownloadconfig.xml

CRavDowner::GetDownloadURL

1.1.3

Rav.tst

Mozilla/4.0 (compatible; Rising)

kernel32.dll

%s\Tasks\%s

%s\Tasks\%s*.*

https

Content-Disposition: form-data; name="%s"

Content-Disposition: form-data; name="%s"; filename="%s"

hXXps://

Content-Length: %d

<!--%s-->

&#xX;

</%s>

%s='%s'

%s="%s"

<![CDATA[%s]]>

standalone="%s"

encoding="%s"

version="%s"

Please contact the application's support team for more information.

- Attempt to initialize the CRT more than once.

- CRT not initialized

- floating point support not loaded

operator

portuguese-brazilian

ADVAPI32.DLL

GetProcessWindowStation

USER32.DLL

deflate 1.1.3 Copyright 1995-1998 Jean-loup Gailly

inflate 1.1.3 Copyright 1995-1998 Mark Adler

C:\DistributedAutoLink\Temp\CompileOutputDir\rsedownloader.pdb

.?AVCHttpDownload@@

.?AVCHttpDownloadHifi@@

zcÁ

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\1332280.exe

GetProcessHeap

GetConsoleOutputCP

GetWindowsDirectoryA

GetCPInfo

RegQueryInfoKeyA

RegOpenKeyA

RegCreateKeyA

RegEnumKeyExA

RegCloseKey

RegCreateKeyExA

RegDeleteKeyA

RegOpenKeyExA

ShellExecuteExA

InternetCrackUrlA

HttpQueryInfoA

HttpSendRequestA

HttpSendRequestExA

HttpEndRequestA

FtpOpenFileA

HttpAddRequestHeadersA

HttpOpenRequestA

.text

`.rdata

@.data

.rsrc

)(2-2004

<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="x86" name="ravdown" type="win32"></assemblyIdentity><description>

</description><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo></assembly>

KERNEL32.DLL

ADVAPI32.dll

COMCTL32.dll

ole32.dll

OLEAUT32.dll

RPCRT4.dll

SHELL32.dll

SHLWAPI.dll

USER32.dll

VERSION.dll

WININET.dll

WSOCK32.dll

RunAsStdUser Task%d

ekernel32.dll

mscoree.dll

Continue Downloading(Installation is processing. Please wait.0hXXp://VVV.ikaka.com/2010/down.asp?t=rav&action=

Finish %d%%@Please uninstall Rising Browse before installing Rising Browse .8hXXp://VVV.rising.com.cn/2010/release/surprise/will.html>hXXp://shop.rising.com.cn/friend/index.aspx?action=%s&ginfo=%s.Rising Browse has been installed successfully!

...ShXXp://rsup10.rising.com.cn/Register/OnlineHelper/Web_Online/DownloaderInfo.aspx?t=

%d%%>

8hXXp://VVV.rising.com.cn/2010/release/surprise/will.html>hXXp://shop.rising.com.cn/friend/index.aspx?action=%s&ginfo=%s

1.0.1.1

channel downloader.exe

20151230103025859

UCBrowser.exe_3560_rwx_0770A000_000F5000:

webOu

Pj.hN;

UCBrowser.exe_3560_rwx_07D0A000_000F5000:

=WEBK

1332280.exe_3900_rwx_00401000_00075000:

vSSSh

tGHt.Ht&

FTPjK

FtPj;

C.PjRV

Iphlpapi.dll

SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

System\CurrentControlSet\Services\VxD\MSTCP

255.255.255.255

socket() failed; %d

\\.\PhysicalDrive%d

\\.\Scsi%d:

MSIE %d.%d

WININET.DLL

Windows

Windows Me

Windows 98

Windows 95

Windows NT %d.%d

%s:%d

Mozilla/4.0 (compatible; %s; %s; Rising)

Content-Type: application/x-www-form-urlencoded

HTTP/1.0

Range: bytes=%d-

hXXp://

"%sProgram Files\Internet Explorer\iexplore.exe" %s

"%s\Internet Explorer\iexplore.exe" %s

Shell32.dll

FRegDeleteKeyExA

Advapi32.dll

HKEY_CLASSES_ROOT

HKEY_CURRENT_USER

HKEY_LOCAL_MACHINE

HKEY_USERS

HKEY_PERFORMANCE_DATA

HKEY_DYN_DATA

HKEY_CURRENT_CONFIG

Global\{DCBEBF39-05BB-4826-9BDA-B8DD752EF707}

XXXXXXXXXXX

{X-X-X-XX-XXXXXX}

CLSID\{CAA2D3B1-4BB5-4a45-A17A-122773379D99}

%s\%s

%s\*.*

"%s" %s

Setup.exe

rsbrowser.exe

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rse

hXXp://rsup10.rising.com.cn/Register/OnlineHelper/ForLog/Action.aspx?info=

C:\Temp

\AUTO.INI

\InstalledLog.dat

\rse.exe

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\

tray.exe

Kernel32.dll

Rising.info

\label.dat

AUTO.INI

\Rav.zip

\KaKa.info

%slog.txt

"%s" -auto

Key=RSEInstallPop&v1=%s&v2=%d&v3=%d&v4=%d&v5=0

SOFTWARE\Microsoft\Windows\CurrentVersion\Run

rccb.exe

target url:

hXXp://rse.rising.com.cn/config/rsedownloadconfig.xml

\rsedownloadconfig.xml

CRavDowner::GetDownloadURL

1.1.3

Rav.tst

Mozilla/4.0 (compatible; Rising)

kernel32.dll

%s\Tasks\%s

%s\Tasks\%s*.*

https

Content-Disposition: form-data; name="%s"

Content-Disposition: form-data; name="%s"; filename="%s"

hXXps://

Content-Length: %d

<!--%s-->

&#xX;

</%s>

%s='%s'

%s="%s"

<![CDATA[%s]]>

standalone="%s"

encoding="%s"

version="%s"

Please contact the application's support team for more information.

- Attempt to initialize the CRT more than once.

- CRT not initialized

- floating point support not loaded

operator

portuguese-brazilian

ADVAPI32.DLL

GetProcessWindowStation

USER32.DLL

deflate 1.1.3 Copyright 1995-1998 Jean-loup Gailly

inflate 1.1.3 Copyright 1995-1998 Mark Adler

C:\DistributedAutoLink\Temp\CompileOutputDir\rsedownloader.pdb

.?AVCHttpDownload@@

.?AVCHttpDownloadHifi@@

zcÁ

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\1332280.exe

GetProcessHeap

GetConsoleOutputCP

GetWindowsDirectoryA

GetCPInfo

RegQueryInfoKeyA

RegOpenKeyA

RegCreateKeyA

RegEnumKeyExA

RegCloseKey

RegCreateKeyExA

RegDeleteKeyA

RegOpenKeyExA

ShellExecuteExA

InternetCrackUrlA

HttpQueryInfoA

HttpSendRequestA

HttpSendRequestExA

HttpEndRequestA

FtpOpenFileA

HttpAddRequestHeadersA

HttpOpenRequestA

.text

`.rdata

@.data

.rsrc

)(2-2004

RunAsStdUser Task%d

ekernel32.dll

KERNEL32.DLL

mscoree.dll

Continue Downloading(Installation is processing. Please wait.0hXXp://VVV.ikaka.com/2010/down.asp?t=rav&action=

Finish %d%%@Please uninstall Rising Browse before installing Rising Browse .8hXXp://VVV.rising.com.cn/2010/release/surprise/will.html>hXXp://shop.rising.com.cn/friend/index.aspx?action=%s&ginfo=%s.Rising Browse has been installed successfully!

...ShXXp://rsup10.rising.com.cn/Register/OnlineHelper/Web_Online/DownloaderInfo.aspx?t=

%d%%>

8hXXp://VVV.rising.com.cn/2010/release/surprise/will.html>hXXp://shop.rising.com.cn/friend/index.aspx?action=%s&ginfo=%s

UCBrowser.exe_292:

.text

`.rdata

@.data

@.rsrc

@.reloc

SHA256 block transform for x86, CRYPTOGAMS by <[email protected]>

HtdHtHHHt.HH

j.Yf;

_tcPVj@

.PjRW

Ph.II

d:\webapps\b\build\slave\repo\build\src\chrome\app\chrome_exe_main_win.cc

d:\webapps\b\build\slave\repo\build\src\chrome\app\main_dll_loader_win.cc

Failed to load Chrome DLL from

ChromeMain

RelaunchChromeBrowserWithNewCommandLineIfNeeded

RelaunchChromeBrowserWithNewCommandLineIfNeeded from

Could not find exported function

MetricsReportingEnabled

1.3.21.115

Chrome

0.0.0.0-devel

font_key_name

url-chunk

subresource_url

%s-%x

CHROME_MAIN_TICKS

d:\webapps\b\build\slave\repo\build\src\chrome\installer\util\module_util_win.cc

No valid Chrome version found

chrome-sxs

Cannot initialize AppCommands from an invalid key.

d:\webapps\b\build\slave\repo\build\src\chrome\installer\util\app_commands.cc

Failed to open key "

Skipping over key "

d:\webapps\b\build\slave\repo\build\src\chrome\installer\util\language_selector.cc

Cannot initialize an AppCommand from an invalid key.

d:\webapps\b\build\slave\repo\build\src\chrome\installer\util\app_command.cc

kernel32.dll

d:\webapps\b\build\slave\repo\build\src\sandbox\win\src\sandbox_policy_base.cc

CreateNamedPipeW

NtCreateKey

NtOpenKey

NtOpenKeyEx

CHROME_VERSION

CHROME_METRO_CONNECTED

CHROME_CRASHED

CHROME_RESTART

CHROME_BREAKPAD_PIPE_NAME

d:\webapps\b\build\slave\repo\build\src\components\crash\content\app\breakpad_win.cc

stats-url-exit

stats-url-browser-hang

stats-url

\UCBrowser\User Data\chrome_debug.log

origin breakpad::SetCrashKeyValueImpl

NTDLL.DLL

dbghelp.dll

SHELL32.dll

ole32.dll

function not supported

operation canceled

address_family_not_supported

operation_in_progress

operation_not_supported

protocol_not_supported

operation_would_block

address family not supported

broken pipe

inappropriate io control operation

not supported

operation in progress

operation not permitted

operation not supported

operation would block

protocol not supported

?#%X.y

GetProcessWindowStation

operator

@-@-@-@-

@-@-@-@-@-@-@-@-

(0x%X)

Error (0x%X) while retrieving error. (0x%X)

d:\webapps\b\build\slave\repo\build\src\base\trace_event\trace_log.cc

tracing/thread_%d

[0;3%dm

d:\webapps\b\build\slave\repo\build\src\base\process\process_win.cc

%s-%Iu

(%d = %3.1f%%)

Histogram.InconsistentCountHigh

Histogram.InconsistentCountLow

Histogram: %s recorded %d samples

(flags = 0x%x)

PlatformFile.UnknownErrors.Windows

user32.dll

WorkerThread-%d

.thunks

.syzygy

d:\webapps\b\build\slave\repo\build\src\base\threading\thread_local_win.cc

"%d":

d:\webapps\b\build\slave\repo\build\src\base\trace_event\trace_buffer.cc

renderer.scheduler

disabled-by-default-cc.debug.picture

disabled-by-default-cc.debug

disabled-by-default-toplevel.flow

d:\webapps\b\build\slave\repo\build\src\base\trace_event\memory_dump_manager.cc

%s/%s

MsgLoop:

\uX

d:\webapps\b\build\slave\repo\build\src\base\threading\thread.cc

%d:%s

Chrome.MessageLoopProblem

KeyDown

Chrome_RenderWidgetHostHWND

Chrome_WidgetWin

full-memory-crash-report

D:\webapps\b\build\slave\repo\build\src\out\Release\initialexe\chrome.exe.pdb

chrome.exe

ClearBreakpadPipeEnvironmentVariable

ClearCrashKeyValueImpl

SetCrashKeyValueImpl

SignalChromeElf

chrome_elf.dll

VERSION.dll

WINMM.dll

RegCreateKeyExW

RegQueryInfoKeyW

RegOpenKeyExW

RegEnumKeyExW

RegCloseKey

ADVAPI32.dll

MsgWaitForMultipleObjectsEx

CallMsgFilterW

CloseWindowStation

CreateWindowStationW

SetProcessWindowStation

USER32.dll

GetProcessHeap

GetWindowsDirectoryW

CreateIoCompletionPort

GetProcessHandleCount

KERNEL32.dll

USERENV.dll

GetCPInfo

SetNamedPipeHandleState

TransactNamedPipe

WaitNamedPipeW

zcÁ

UUVQcrtw

r%s @

nq.af

444444444444

474747474747

777777777777

777//6()/777

.mmm,Y

0000000000000000000

11<161611>

z.sa;

.gaB|s

D[%1x

>Eu

.vXZZ

.lecIS

?(.Ul

.WbqfL

<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><dependency><dependentAssembly><assemblyIdentity type="Win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity></dependentAssembly></dependency><dependency><dependentAssembly><assemblyIdentity type="win32" name="5.6.11466.7" version="5.6.11466.7" language="*"></assemblyIdentity></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"></supportedOS><supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"></supportedOS></application></compatibility></assembly>

8 8'868=8

1*11181`2

>$?=?]?}?

?%?0?9?@?

>(>2>9>~>

;$;;;@;`;

6'6-626?6

7.84888<8@8

> >$>(>,>0>4>~>

9(9-92979@9

9(939:9@9}9

4585<5@5

7 7$7(787<7@7

7 7$7(7,70747

config_updater.dll

updater.dll

chrome_watcher.dll

chrome.dll

chrome_child.dll

UCBrowser.exe

metro_driver.dll

{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}

{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}

Browse the web

Software\Microsoft\Windows\CurrentVersion\Uninstall\Chromium

Software\Microsoft\Windows\CurrentVersion\Uninstall\

-chrome

-chromeframe

WebAccessible

E{65122CB0-EA0F-47DF-A953-017170ED12F9}

WebKit

Software\Microsoft\Windows\CurrentVersion\Uninstall\UCBrowser

HKEY_CLASSES_ROOT

HKEY_CURRENT_USER

HKEY_LOCAL_MACHINE

HKEY_USERS

HKEY_PERFORMANCE_DATA

HKEY_PERFORMANCE_TEXT

HKEY_PERFORMANCE_NLSTEXT

HKEY_CURRENT_CONFIG

HKEY_DYN_DATA

ntdll.dll

pipe\

Ekernel32.dll

kernelbase.dll

\Sessions\%d\AppContainerNamedObjects\%ls

ALPC Port

eKey

Fkernel32.dll

gdi32.dll

xntdll.dll

wow_helper.exe"

Crash Reports

script.log

resources.pak

chrome

pepflashplayer.dll

\\.\pipe\GoogleCrashServices\

\\.\pipe\UCBrowserCrashServices

error %u

%d.%d.%d.%d

unspecified-crash-key

stats_uploader.exe

Gmscoree.dll

- floating point support not loaded

- CRT not initialized

- Attempt to initialize the CRT more than once.

portuguese-brazilian

USER32.DLL

rpcrt4.dll

%s\%s.dmp

x-x-x-xx-xxxxxx

\uninstall.exe

mshtml.dll

Ndebug.log

BCmdLine

\StringFileInfo\xx\%ls

Chrome_MessageWindow

Ntdll.dll

Advapi32.dll

shell32.dll

DChrome_MessagePumpWindow_%p

Chrome Frame

{49AE23F3-CF25-4041-9387-DC9D1B578555}

{EE1C56C8-D145-437E-A83F-74406D742719}

%Program Files%\UCBrowser\Application\UCBrowser.exe

UCWeb Inc.

5.6.11466.7

chrome_exe

Copyright 2008-2016 UCWeb Inc. All rights reserved.

kinst_1_644.exe_576:

.text

`.rdata

@.data

.rsrc

8%u?P

PSSSSSSh

Montgomery Multiplication for x86, CRYPTOGAMS by <[email protected]>

SHA1 block transform for x86, CRYPTOGAMS by <[email protected]>

SHA256 block transform for x86, CRYPTOGAMS by <[email protected]>

SHA512 block transform for x86, CRYPTOGAMS by <[email protected]>

FtPS

GF(2^m) Multiplication for x86, CRYPTOGAMS by <[email protected]>

AES for Intel AES-NI, CRYPTOGAMS by <[email protected]>

6-9'6-9'

$6.:$6.:

*?#1*?#1

>8$4,8$4,

AES for x86, CRYPTOGAMS by <[email protected]>

GHASH for x86, CRYPTOGAMS by <[email protected]>

aSSSh

.VVVVVSRSSj

FTPjK

FtPj;

C.PjRV

tGHt.Ht&

%%!"#%%$

?%uZj

FTPU

w.hhwO

CERTIFICATE REQUEST

NEW CERTIFICATE REQUEST

CERTIFICATE

PUBLIC KEY

passed a null parameter

DSO support routines

x509 certificate routines

error:lX:%s:%s:%s

RSA part of OpenSSL 1.0.2c 12 Jun 2015

pubkey

PEM part of OpenSSL 1.0.2c 12 Jun 2015

phrase is too short, needs to be at least %d chars

Enter PEM pass phrase:

TRUSTED CERTIFICATE

X509 CERTIFICATE

PRIVATE KEY

ENCRYPTED PRIVATE KEY

ANY PRIVATE KEY

enc_key

key_enc_algor

cert

d.encrypted

d.digest

d.signed_and_enveloped

d.enveloped

d.sign

d.data

d.other

NETSCAPE_CERT_SEQUENCE

certs

X509_PUBKEY

public_key

.\crypto\asn1\x_pubkey.c

DSA part of OpenSSL 1.0.2c 12 Jun 2015

priv_key

pub_key

.\crypto\ec\ec_key.c

EC_PRIVATEKEY

publicKey

privateKey

value.implicitlyCA

value.parameters

value.named_curve

p.char_two

p.prime

p.ppBasis

p.tpBasis

p.onBasis

p.other

ssl_sess_cert

ssl_cert

evp_pkey

x509_pkey

%s(%d): OpenSSL internal error, assertion failed: %s

lhash part of OpenSSL 1.0.2c 12 Jun 2015

0123456789

Big Number part of OpenSSL 1.0.2c 12 Jun 2015

unsupported type

unsupported recpientinfo type

unsupported recipient type

unsupported key encryption algorithm

unsupported kek algorithm

unsupported content type

unsupported compression algorithm

signer certificate not found

private key does not match certificate

no public key

no private key

no password

no msgsigdigest

no key or cert

no key

not supported for this key type

not key transport

not key agreement

msgsigdigest wrong length

msgsigdigest verification failure

msgsigdigest error

invalid key length

invalid key encryption parameter

invalid encrypted key length

error setting key

error getting public key

certificate verify error

certificate has no keyid

certificate already present

CMS_SIGNERINFO_VERIFY_CERT

cms_set1_keyid

CMS_RecipientInfo_set0_pkey

CMS_RecipientInfo_set0_password

CMS_RecipientInfo_set0_key

CMS_RecipientInfo_ktri_cert_cmp

cms_msgSigDigest_add1

CMS_GET0_CERTIFICATE_CHOICES

CMS_EncryptedData_set1_key

CMS_decrypt_set1_pkey

CMS_decrypt_set1_password

CMS_decrypt_set1_key

CMS_add1_recipient_cert

CMS_add0_recipient_password

CMS_add0_recipient_key

CMS_add0_cert

unsupported requestorname type

no certificates in chain

error parsing url

PARSE_HTTP_LINE1

OCSP_parse_url

OCSP_cert_id_new

unimplemented public key method

invalid cmd number

invalid cmd name

failed loading public key

failed loading private key

cmd not executable

ENGINE_UNLOAD_KEY

ENGINE_load_ssl_client_cert

ENGINE_load_public_key

ENGINE_load_private_key

ENGINE_get_pkey_meth

ENGINE_get_pkey_asn1_meth

ENGINE_ctrl_cmd_string

ENGINE_ctrl_cmd

ENGINE_cmd_is_executable

unsupported version

unsupported md algorithm

invalid signer certificate purpose

ess signing certificate error

ess add signing cert error

TS_VERIFY_CERT

TS_TST_INFO_set_msg_imprint

TS_RESP_CTX_set_signer_cert

TS_RESP_CTX_set_certs

TS_REQ_set_msg_imprint

TS_MSG_IMPRINT_set_algo

TS_CHECK_SIGNING_CERTS

ESS_SIGNING_CERT_NEW_INIT

ESS_CERT_ID_NEW_INIT

ESS_ADD_SIGNING_CERT

functionality not supported

WIN32_JOINER

unsupported pkcs12 mode

key gen error

PKCS8_add_keyusage

PKCS12_PBE_keyivgen

PKCS12_newpass

PKCS12_MAKE_SHKEYBAG

PKCS12_MAKE_KEYBAG

PKCS12_key_gen_uni

PKCS12_key_gen_asc

PKCS12_add_localkeyid

unsupported option

unable to get issuer keyid

policy syntax not currently supported

operation not defined

no proxy cert policy language defined

no issuer certificate

extension setting not supported

V2I_EXTENDED_KEY_USAGE

V2I_AUTHORITY_KEYID

S2I_SKEY_ID

S2I_ASN1_SKEY_ID

R2I_CERTPOL

unsupported cipher type

unknown operation

unable to find certificate

signing not supported for this key type

operation not supported on this type

no recipient matches key

no recipient matches certificate

encryption not supported for this key type

decrypted key is wrong length

PKCS7_add_certificate

unsupported method

no port specified

no port defined

no accept port specified

broken pipe

BIO_get_port

ECDH_compute_key

data too large for key size

unsupported field

peer key error

passed null parameter

not a supported NIST prime

missing private key

keys not set

invalid private key

gf2m not supported

PKEY_EC_SIGN

PKEY_EC_PARAMGEN

PKEY_EC_KEYGEN

PKEY_EC_DERIVE

PKEY_EC_CTRL_STR

PKEY_EC_CTRL

o2i_ECPublicKey

i2o_ECPublicKey

i2d_ECPrivateKey

EC_KEY_set_public_key_affine_coordinates

EC_KEY_print_fp

EC_KEY_print

EC_KEY_new

EC_KEY_generate_key

EC_KEY_copy

EC_KEY_check_key

ECKEY_TYPE2PARAM

ECKEY_PUB_ENCODE

ECKEY_PUB_DECODE

ECKEY_PRIV_ENCODE

ECKEY_PRIV_DECODE

ECKEY_PARAM_DECODE

ECKEY_PARAM2TYPE

DO_EC_KEY_PRINT

d2i_ECPrivateKey

zlib not supported

fips mode not supported

wrong public key type

unsupported public key type

unsupported encryption algorithm

unsupported cipher

unsupported any defined by type

unknown public key type

unable to decode rsa private key

unable to decode rsa key

streaming not supported

private key header missing

digest and key type not supported

bad password read

X509_PKEY_new

i2d_RSA_PUBKEY

i2d_PublicKey

i2d_PrivateKey

i2d_EC_PUBKEY

i2d_DSA_PUBKEY

d2i_X509_PKEY

d2i_PublicKey

d2i_PrivateKey

d2i_AutoPrivateKey

unsupported algorithm

unknown key type

unable to get certs public key

public key encode error

public key decode error

no cert set for us to verify

method not supported

loading cert dir

key values mismatch

key type mismatch

cert already in hash table

cant check dh key

X509_verify_cert

X509_STORE_add_cert

X509_REQ_check_private_key

X509_PUBKEY_set

X509_PUBKEY_get

X509_load_cert_file

X509_load_cert_crl_file

X509_get_pubkey_parameters

X509_check_private_key

GET_CERT_BY_SUBJECT

ADD_CERT_DIR

PKEY_DSA_KEYGEN

PKEY_DSA_CTRL

DSA_generate_key

unsupported key components

unsupported encryption

read key

public key no rsa

problems getting password

keyblob too short

keyblob header parse error

expecting public key blob

expecting private key blob

error converting private key

PEM_WRITE_PRIVATEKEY

PEM_READ_PRIVATEKEY

PEM_READ_BIO_PRIVATEKEY

PEM_PK8PKEY

PEM_F_PEM_WRITE_PKCS8PRIVATEKEY

DO_PK8PKEY_FP

DO_PK8PKEY

d2i_PKCS8PrivateKey_fp

d2i_PKCS8PrivateKey_bio

unsupported salt type

unsupported private key algorithm

unsupported prf

unsupported key size

unsupported key derivation function

unsupported keylength

unsuported number of rounds

public key not rsa

private key encode error

private key decode error

operaton not initialized

operation not supported for this keytype

no operation set

no key set

keygen failure

invalid operation

expecting a ec key

expecting a ecdsa key

expecting a dsa key

expecting a dh key

expecting an rsa key

different key types

ctrl operation not implemented

command not supported

camellia key setup failed

bn pubkey error

bad key length

aes key setup failed

PKEY_SET_TYPE

PKCS5_V2_PBKDF2_KEYIVGEN

PKCS5_v2_PBE_keyivgen

PKCS5_PBE_keyivgen

FIPS_CIPHER_CTX_SET_KEY_LENGTH

EVP_PKEY_verify_recover_init

EVP_PKEY_verify_recover

EVP_PKEY_verify_init

EVP_PKEY_verify

EVP_PKEY_sign_init

EVP_PKEY_sign

EVP_PKEY_paramgen_init

EVP_PKEY_paramgen

EVP_PKEY_new

EVP_PKEY_keygen_init

EVP_PKEY_keygen

EVP_PKEY_get1_RSA

EVP_PKEY_get1_EC_KEY

EVP_PKEY_GET1_ECDSA

EVP_PKEY_get1_DSA

EVP_PKEY_get1_DH

EVP_PKEY_encrypt_old

EVP_PKEY_encrypt_init

EVP_PKEY_encrypt

EVP_PKEY_derive_set_peer

EVP_PKEY_derive_init

EVP_PKEY_derive

EVP_PKEY_decrypt_old

EVP_PKEY_decrypt_init

EVP_PKEY_decrypt

EVP_PKEY_CTX_dup

EVP_PKEY_CTX_ctrl_str

EVP_PKEY_CTX_ctrl

EVP_PKEY_copy_parameters

EVP_PKEY2PKCS8_broken

EVP_PKCS82PKEY_BROKEN

EVP_PKCS82PKEY

EVP_CIPHER_CTX_set_key_length

ECKEY_PKEY2PKCS8

ECDSA_PKEY2PKCS8

DSA_PKEY2PKCS8

DSAPKEY2PKCS8

D2I_PKEY

CMLL_T4_INIT_KEY

CAMELLIA_INIT_KEY

AES_T4_INIT_KEY

AES_INIT_KEY

AESNI_INIT_KEY

key size too small

invalid public key

PKEY_DH_KEYGEN

PKEY_DH_DERIVE

GENERATE_KEY

DH_generate_key

DH_compute_key

DH_CMS_SET_PEERKEY

COMPUTE_KEY

unsupported signature type

unsupported mask parameter

unsupported mask algorithm

unsupported label source

unsupported encryption type

rsa operations not supported

operation not allowed in fips mode

invalid keybits

illegal or unsupported padding mode

digest too big for rsa key

data too small for key size

RSA_generate_key_ex

RSA_generate_key

RSA_check_key

RSA_BUILTIN_KEYGEN

PKEY_RSA_VERIFYRECOVER

PKEY_RSA_VERIFY

PKEY_RSA_SIGN

PKEY_RSA_CTRL_STR

PKEY_RSA_CTRL

value.single

value.set

Stack part of OpenSSL 1.0.2c 12 Jun 2015

.\crypto\evp\evp_key.c

nkey <= EVP_MAX_KEY_LENGTH

EVP part of OpenSSL 1.0.2c 12 Jun 2015

?456789:;<=

!"#$%&'()* ,-./0123

CT Certificate SCTs

ct_cert_scts

CT Precertificate Signer

ct_precert_signer

CT Precertificate Poison

ct_precert_poison

CT Precertificate SCTs

ct_precert_scts

dhSinglePass-cofactorDH-sha512kdf-scheme

dhSinglePass-cofactorDH-sha384kdf-scheme

dhSinglePass-cofactorDH-sha256kdf-scheme

dhSinglePass-cofactorDH-sha224kdf-scheme

dhSinglePass-cofactorDH-sha1kdf-scheme

dhSinglePass-stdDH-sha512kdf-scheme

dhSinglePass-stdDH-sha384kdf-scheme

dhSinglePass-stdDH-sha256kdf-scheme

dhSinglePass-stdDH-sha224kdf-scheme

dhSinglePass-stdDH-sha1kdf-scheme

Any Extended Key Usage

anyExtendedKeyUsage

supportedAlgorithms

crossCertificatePair

certificateRevocationList

cACertificate

userCertificate

userPassword

supportedApplicationContext

Microsoft Local Key set

LocalKeySet

id-Gost28147-89-None-KeyMeshing

id-Gost28147-89-CryptoPro-KeyMeshing

password based MAC

id-PasswordBasedMAC

X509v3 Certificate Issuer

certificateIssuer

certicom-arc

Proxy Certificate Information

proxyCertInfo

Microsoft Smartcardlogin

msSmartcardLogin

joint-iso-itu-t

JOINT-ISO-ITU-T

set-rootKeyThumb

setAttr-Cert

setCext-cCertRequired

setCext-certType

setct-CertResTBE

setct-CertReqTBEX

setct-CertReqTBE

setct-AcqCardCodeMsgTBE

setct-CertInqReqTBS

setct-CertResData

setct-CertReqTBS

setct-CertReqData

setct-PCertResTBS

setct-PCertReqData

setct-AcqCardCodeMsg

certificate extensions

set-certExt

set-msgExt

id-ecPublicKey

id-cmc-confirmCertAcceptance

id-cmc-getCert

id-regInfo-certReq

id-regCtrl-protocolEncrKey

id-regCtrl-oldCertID

id-it-revPassphrase

id-it-keyPairParamRep

id-it-keyPairParamReq

id-it-unsupportedOIDs

id-it-caKeyUpdateInfo

id-it-encKeyPairTypes

id-it-signKeyPairTypes

id-it-caProtEncCert

id-mod-attribute-cert

id-mod-qualified-cert-93

id-mod-qualified-cert-88

id-smime-aa-ets-certCRLTimestamp

id-smime-aa-ets-certValues

id-smime-aa-ets-CertificateRefs

id-smime-aa-ets-otherSigCert

id-smime-aa-smimeEncryptCerts

id-smime-aa-signingCertificate

id-smime-aa-encrypKeyPref

id-smime-aa-msgSigDigest

id-smime-ct-publishCert

id-smime-mod-msg-v3

sdsiCertificate

x509Certificate

localKeyID

certBag

pkcs8ShroudedKeyBag

keyBag

pbeWithSHA1And2-KeyTripleDES-CBC

pbeWithSHA1And3-KeyTripleDES-CBC

TLS Web Client Authentication

TLS Web Server Authentication

X509v3 Extended Key Usage

extendedKeyUsage

X509v3 Authority Key Identifier

authorityKeyIdentifier

X509v3 Certificate Policies

certificatePolicies

X509v3 Private Key Usage Period

privateKeyUsagePeriod

X509v3 Key Usage

keyUsage

X509v3 Subject Key Identifier

subjectKeyIdentifier

Netscape Certificate Sequence

nsCertSequence

Netscape CA Policy Url

nsCaPolicyUrl

Netscape Renewal Url

nsRenewalUrl

Netscape CA Revocation Url

nsCaRevocationUrl

Netscape Revocation Url

nsRevocationUrl

Netscape Base Url

nsBaseUrl

Netscape Cert Type

nsCertType

Netscape Certificate Extension

nsCertExt

extendedCertificateAttributes

challengePassword

dhKeyAgreement

name.relativename

name.fullname

certificateHold

Certificate Hold

cessationOfOperation

Cessation Of Operation

keyCompromise

Key Compromise

%*s%s:

%*sOnly Attribute Certificates

%*sOnly CA Certificates

%*sOnly User Certificates

ASN.1 part of OpenSSL 1.0.2c 12 Jun 2015

d.registeredID

d.iPAddress

d.uniformResourceIdentifier

d.ediPartyName

d.directoryName

d.dNSName

d.rfc822Name

d.otherName

AUTHORITY_KEYID

keyid

cert_info

Diffie-Hellman part of OpenSSL 1.0.2c 12 Jun 2015

PKCS8_PRIV_KEY_INFO

pkey

pkeyalg

EC part of OpenSSL 1.0.2c 12 Jun 2015

RAND part of OpenSSL 1.0.2c 12 Jun 2015

You need to read the OpenSSL FAQ, hXXp://VVV.openssl.org/support/faq.html

\X

MD5 part of OpenSSL 1.0.2c 12 Jun 2015

recommended-private-length: %d bits

x%s

public-key:

private-key:

%s: (%d bit)

DH Public-Key

DH Private-Key

Public-Key

Private-Key

Public-Key: (%d bit)

Private-Key: (%d bit)

ddddddZ

ddddddZ

%d.%d.%d.%d

<unsupported>

IP Address:%d.%d.%d.%d

URI:%s

DNS:%s

email:%s

EdiPartyName:<unsupported>

X400Name:<unsupported>

othername:<unsupported>

Content-Length: %d

%s %s HTTP/1.0

SHA1 part of OpenSSL 1.0.2c 12 Jun 2015

SHA-256 part of OpenSSL 1.0.2c 12 Jun 2015

SHA-512 part of OpenSSL 1.0.2c 12 Jun 2015

%d.%d.%d.%d/%d.%d.%d.%d

X509_CERT_PAIR

X509_CERT_AUX

X.509 part of OpenSSL 1.0.2c 12 Jun 2015

X:

%s - d:d:d%.*s %d%s

.\crypto\dh\dh_key.c

USER32.DLL

NETAPI32.DLL

KERNEL32.DLL

ADVAPI32.DLL

'() ,-./:=?

%lu:%s:%s:%d:%s

Verifying - %s

%s %s%lu (%s0x%lx)

ECDSA part of OpenSSL 1.0.2c 12 Jun 2015

Basis Type: %s

Field Type: %s

NIST CURVE: %s

ASN1 OID: %s

keyInfo

d.receiptList

d.allOrFirstTier

d.compressedData

d.authenticatedData

d.encryptedData

d.digestedData

d.envelopedData

d.signedData

d.ori

d.pwri

d.kekri

d.kari

d.ktri

CMS_PasswordRecipientInfo

keyDerivationAlgorithm

keyIdentifier

CMS_KeyAgreeRecipientInfo

recipientEncryptedKeys

CMS_OriginatorIdentifierOrKey

d.originatorKey

CMS_OriginatorPublicKey

CMS_RecipientEncryptedKey

CMS_KeyAgreeRecipientIdentifier

d.rKeyId

CMS_RecipientKeyIdentifier

CMS_OtherKeyAttribute

keyAttr

keyAttrId

CMS_KeyTransRecipientInfo

encryptedKey

keyEncryptionAlgorithm

certificates

d.crl

d.subjectKeyIdentifier

d.issuerAndSerialNumber

CMS_CertificateChoices

d.v2AttrCert

d.v1AttrCert

d.extendedCertificate

d.certificate

CMS_OtherCertificateFormat

otherCert

otherCertFormat

keylen <= sizeof key

EVP_CIPHER_key_length(cipher) <= (int)sizeof(md_tmp)

XX

%.14s.dZ

%*sSigned Certificate Timestamp:

%*sPolicy Text: %s

%*scrlUrl:

EXTENDED_KEY_USAGE

%*sZone: %s, User:

.\crypto\x509v3\v3_akey.c

d.usernotice

d.cpsuri

CERTIFICATEPOLICIES

%*sExplicit Text: %s

%*sNumber%s:

%*sOrganization: %s

%*sCPS: %s

PKEY_USAGE_PERIOD

keyCertSign

Certificate Sign

keyAgreement

Key Agreement

keyEncipherment

Key Encipherment

.\crypto\x509v3\v3_skey.c

CONF part of OpenSSL 1.0.2c 12 Jun 2015

PROXY_CERT_INFO_EXTENSION

crlUrl

certStatus

certId

OCSP_CERTSTATUS

value.unknown

value.revoked

value.good

value.byKey

value.byName

reqCert

OCSP_CERTID

issuerKeyHash

hexkey

rsa_keygen_pubexp

rsa_keygen_bits

%s:%s

keylength

keyfunc

AES part of OpenSSL 1.0.2c 12 Jun 2015

j <= (int)sizeof(ctx->key)

.\crypto\pkcs12\p12_key.c

CONF_def part of OpenSSL 1.0.2c 12 Jun 2015

[[%s]]

[%s] %s=%s

%'%1$=%C%K%O%s%

.%.-.3.7.9.?.W.[.o.y.

C%C'C3C7C9COCWCiC

ECDH part of OpenSSL 1.0.2c 12 Jun 2015

value.bag

value.safes

value.shkeybag

value.keybag

value.sdsicert

value.x509cert

value.other

%s.dll

mscoree.dll

Visual C   CRT: Not enough memory to complete call to strerror.

Please contact the application's support team for more information.

- Attempt to initialize the CRT more than once.

- CRT not initialized

- floating point support not loaded

.mixcrt

kernel32.dll

Broken pipe

Inappropriate I/O control operation

Operation not permitted

portuguese-brazilian

GetProcessWindowStation

operator

Could not resolve %s: %s

getaddrinfo() failed for %s:%d; %s

init_resolve_thread() failed for %s; %s

%s:%d

Hostname %s was found in DNS cache

Added %s:%d:%s to DNS cache

Address in '%s' found illegal!

Couldn't parse CURLOPT_RESOLVE entry '%s'!

%5[^:]:%d:%5s

Couldn't parse CURLOPT_RESOLVE removal entry '%s'!

%5[^:]:%d

Connected to %s (%s) port %ld (#%ld)

IDN support not present, can't parse Unicode domains

Protocol "%s" not supported or disabled in libcurl

http_proxy

Port number out of range

%s://%s%s%s:%hu%s%s%s

;type=%c

[%*45[0123456789abcdefABCDEF:.]%c

Couldn't find host %s in the _netrc file; using defaults

[email protected]

Couldn't resolve host '%s'

Couldn't resolve proxy '%s'

User-Agent: %s

CURLOPT_SSL_VERIFYHOST no longer supports 1 as value!

Server doesn't support pipelining

Found bundle for host %s: %p

Please URL encode %% as %%, see RFC 6874.

Connection #%ld to host %s left intact

Rebuilt URL to: %s

smtp

SMTP.

<url> malformed

:]://%[^

[^:]:%[^

Illegal characters found in URL

Re-using existing connection! (#%ld) with %s %s

Found connection %ld, with requests in the pipe (%zu)

%s://%s

Internal error removing splay node = %d

Internal error clearing splay node = %d

Curl_poll(%d ds, %d ms)

In state %d with no easy_conn, bail out!

Operation timed out after %ld milliseconds with %I64d bytes received

Operation timed out after %ld milliseconds with %I64d out of %I64d bytes received

Pipe broke: handle %p, url = %s

[%s %s %s]

Send failure: %s

Recv failure: %s

Write callback asked for PAUSE when not supported!

%s cookie %s="%s" for domain %s, path %s, expire %I64d

#HttpOnly_

skipped cookie with bad tailmatch domain: %s

httponly

23[^;

=] =I99[^;

%s%s%s

# Fatal libcurl error

# Netscape HTTP Cookie File

# hXXp://curl.haxx.se/docs/http-cookies.html

# This file was generated by libcurl! Edit at your own risk.

ignoring failed cookie_init for %s

WARNING: failed to save cookies in %s

Failed to set SIO_KEEPALIVE_VALS on fd %d: %d

Failed to set SO_KEEPALIVE on fd %d

bind failed with errno %d: %s

Local port: %hu

getsockname() failed with errno %d: %s

Bind to local port %hu failed, trying next

Couldn't bind to '%s'

Name '%s' family %i resolved to '%s' family %i

Couldn't bind to interface '%s'

Local Interface %s is ip %s using address family %i

ssloc inet_ntop() failed with errno %d: %s

ssrem inet_ntop() failed with errno %d: %s

getpeername() failed with errno %d: %s

TCP_NODELAY set

Could not set TCP_NODELAY: %s

Immediate connect fail for %s: %s

Trying %s...

sa_addr inet_ntop() failed with errno %d: %s

Failed to connect to %s port %ld: %s

connect to %s port %ld failed: %s

Winsock version not supported

Protocol family not supported

Address family not supported

Operation not supported

Socket is unsupported

Protocol is unsupported

Protocol option is unsupported

Unknown error %d (%#x)

%sAuthorization: Basic %s

%s auth using %s with user '%s'

HTTP/

Avoided giant realloc for header (max is %d)!

The requested URL returned error: %d

The requested URL returned error: %s

If-Unmodified-Since: %s

Last-Modified: %s

If-Modified-Since: %s

%s, d %s M d:d:d GMT

Failed sending HTTP POST request

Content-Type: application/x-www-form-urlencoded

Internal HTTP POST error!

Failed sending HTTP request

%s%s=%s

%s HTTP/%s

%s%s%s%s%s%s%s%s%s%s%s

PTF://%s:%s@%s

Content-Range: bytes %s/%I64d

Content-Range: bytes %s%I64d/%I64d

Range: bytes=%s

Host: %s%s%s:%hu

Host: %s%s%s

PTF://

Chunky upload is not supported by HTTP 1.0

Accept-Encoding: %s

Referer: %s

HTTP error before end of send, stop sending

HTTP/1.0 connection set to keep alive!

HTTP/1.1 proxy connection set close!

HTTP/1.0 proxy connection set to keep alive!

HTTP 1.0, assume close after body

RTSP/%d.%d =

HTTP =

Lying server, not serving HTTP/2

HTTP/%d.%d %d

SOCKS4%s request granted.

Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), request rejected or failed.

Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), request rejected because SOCKS server cannot connect to identd on the client.

Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), request rejected because the client program and identd report different user-ids.

Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), Unknown.

Failed to resolve "%s" for SOCKS4 connect.

SOCKS4 connect to %s (locally resolved)

SOCKS4 communication to %s:%d

No authentication method was acceptable. (It is quite likely that the SOCKS5 server wanted a username/password, since none was supplied to the server on this connection.)

SOCKS5 GSSAPI per-message authentication is not supported.

Can't complete SOCKS5 connection to xx:xx:xx:xx:xx:xx:xx:xx:%d. (%d)

Can't complete SOCKS5 connection to %s:%d. (%d)

Can't complete SOCKS5 connection to %d.%d.%d.%d:%d. (%d)

Failed to resolve "%s" for SOCKS5 connect.

User was rejected by the SOCKS5 server (%d %d).

Received HTTP code %d from proxy after CONNECT

TUNNEL_STATE switched to: %d

HTTP/1.%d %d

CONNECT %s HTTP/%s

%s%s%s%s

Host: %s

%s%s%s:%hu

%s:%hu

Establish HTTP proxy tunnel to %s:%hu

password

login

--:--:--

%3I64d %s %3I64d %s %3I64d %s %s %s %s %s %s %s

@Operation too slow. Less than %ld bytes/sec transferred the last %ld seconds

Read callback asked for PAUSE when not supported!

operation aborted by callback

ioctl callback returned error %d

the ioctl callback returned %d

seek callback returned error %d

%s in chunked-encoding

Simulate a HTTP 304 response!

HTTP server doesn't seem to support byte ranges. Cannot resume.

Excess found in a non pipelined read: excess = %zd url = %s (zero-length body)

Rewinding stream by : %zd bytes on url %s (zero-length body)

Excess found in a non pipelined read: excess = %zu, size = %I64d, maxdownload = %I64d, bytecount = %I64d

Rewinding stream by : %zu bytes on url %s (size = %I64d, maxdownload = %I64d, bytecount = %I64d, nread = %zd)

No URL set!

[^?&/:]://%c

Disables POST, goes with %s

Issue another request to this URL: '%s'

Conn: %ld (%p) Receive pipe weight: (%I64d/%zu), penalized: %s

Site %s:%d is pipeline blacklisted

Server %s is blacklisted

d:d

d:d:d

%c%c==

%c%c%c=

%c%c%c%c

.html

.jpeg

; filename="%s"

------------------------xx

--%s--

couldn't open file "%s"

Content-Type: %s

Content-Type: multipart/mixed; boundary=%s

%s; boundary=%s

WS2_32.dll

inflate 1.1.3 Copyright 1995-1998 Mark Adler

------BEGIN PUBLIC KEY-----

wXgNPal/ctcPxx2L3by8pqL9tpgSgEYEeIp DMIOFvh0gY6/gt7hqXrairRK8XHr

-----END PUBLIC KEY-----

-----BEGIN PRIVATE KEY-----

-----END PRIVATE KEY-----

<4,$?7/'

(3-!0,1'8"5.*2$

&#xX;

</%s>

%s="%s"

%s='%s'

<!--%s-->

<![CDATA[%s]]>

version="%s"

encoding="%s"

standalone="%s"

User-Agent: Mozilla/4.0

Load Public Key Error!

load public key failed[

XX

\\.\PhysicalDrive%d

%d ReadPhysicalDriveInNTWithAdminRights ERROR

DeviceIoControl(%d, DFP_GET_VERSION) returned 0, error is %d

\\.\Scsi%d:

mainkey

subkey

keyname

keytype

hXXp://config.i.duba.net/lminstall/%d.json?time=%d

DownloadControl curlExecuter Invalid

DownloadControl -- ExE CurlCode = %d, Count = %d, CurrentSize = %d, ResCode = %d

DownloadControl -- End HRESULT = %d, Count = %d

ExecuteDownload ResponseCode = %d

Ping.exe

VVV.baidu.com

VVV.qq.com

An error occured in WSAStartup operation:

An error occured in WSACleanup operation: WSAGetLastError () =

An error occured in gethostbyname operation: WSAGetLastError () =

%d-%d-%d d:d:d d

e:\KINGSOFT_DUBA\Build\Build_Src\kisengine\kisengine\product\win32\dbginfo\kinst_exe.pdb

GetWindowsDirectoryW

KERNEL32.dll

USER32.dll

RegOpenKeyExW

RegCreateKeyExW

RegDeleteKeyW

RegCloseKey

RegQueryInfoKeyW

RegEnumKeyExW

RegOpenKeyW

ReportEventA

ADVAPI32.dll

SHELL32.dll

ole32.dll

OLEAUT32.dll

SHLWAPI.dll

VERSION.dll

WTSAPI32.dll

iphlpapi.dll

RPCRT4.dll

PSAPI.DLL

GetProcessHeap

GetCPInfo

GetConsoleOutputCP

zcÁ

.?AVKProcessInfoReport@KInstallTool@@

.?AVKInstallToolReport@KInstallTool@@

.?AVIInstallToolReport@@

;3 #>6.&

'2, / 0&7!4-)1#

.?AVKCurlDownloader@@

.?AUIKVipWebFile@@

.?AVKDumpInfoReport@KInstallTool@@

10000000000000000010

01000000000000000001

<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity></dependentAssembly></dependency><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">

<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS>

<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS>

<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS>

<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"></supportedOS>

HKEY_CURRENT_CONFIG

HKEY_DYN_DATA

HKEY_PERFORMANCE_DATA

HKEY_USERS

HKEY_LOCAL_MACHINE

HKEY_CURRENT_USER

HKEY_CLASSES_ROOT

kinstalltool_{0A3C83FD-7B1D-4c3f-8932-190BA6D25F90}

hXXp://infoc0.duba.net/c/

\ux

@Software\Kingsoft\KVip\%d

Proxy Port

Proxy Password

Software\Microsoft\Windows\CurrentVersion\Internet Settings

http=

*%s:%s

SYSTEM\CurrentControlSet\services\%s

ntdll.dll

ntoskrnl.exe

okernel32.dll

Aexplorer.exe

wtsapi32.dll

2345Explorer.exe

360Safe.exe

deepscan\zhudongfangyu.exe

EfiMon.sys

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\360

%Program Files%\360\360Safe\

%Program Files% (x86)\360\360Safe\

kxetray.exe

kislive.exe

kismain.exe

QQPCMgr.exe

TSSysKit.sys

QQPCRTP.exe

rstray.exe

rsmain.exe

ravmond.exe

\StringFileInfo\XX\

#{ad498944-762f-11d0-8dcb-00c04fc3358c}

namedpipe

\\.\pipe\

\\.\Global\

A"%s" %s

XXxXXXXXXXX

userenv.dll

%SYSTEM%

%WINDOWS%

%CUR_MODULE%

%CUR_EXE_MODULE%

%CUR_DIR%

Kernel32.dll

CLSID\{79B5BC47-CEA1-4772-B433-7D1B3139F278}\Implemented Categories\{607568DD-B059-434b-B7E7-38EC51998F8E}

Adrivergenius.exe

driverupdate.exe

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DriverGenius

baidusdSvc.exe

baidusd.exe

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\

BaiduAn.exe

BaiduAnTray.exe

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\kinst_1_644.exe

2015,08,07,13928

KInstallTool.exe

9,3,244550,13928

UCBrowser.exe_2376:

.text

`.rdata

@.data

@.rsrc

@.reloc

SHA256 block transform for x86, CRYPTOGAMS by <[email protected]>

HtdHtHHHt.HH

j.Yf;

_tcPVj@

.PjRW

Ph.II

d:\webapps\b\build\slave\repo\build\src\chrome\app\chrome_exe_main_win.cc

d:\webapps\b\build\slave\repo\build\src\chrome\app\main_dll_loader_win.cc

Failed to load Chrome DLL from

ChromeMain

RelaunchChromeBrowserWithNewCommandLineIfNeeded

RelaunchChromeBrowserWithNewCommandLineIfNeeded from

Could not find exported function

MetricsReportingEnabled

1.3.21.115

Chrome

0.0.0.0-devel

font_key_name

url-chunk

subresource_url

%s-%x

CHROME_MAIN_TICKS

d:\webapps\b\build\slave\repo\build\src\chrome\installer\util\module_util_win.cc

No valid Chrome version found

chrome-sxs

Cannot initialize AppCommands from an invalid key.

d:\webapps\b\build\slave\repo\build\src\chrome\installer\util\app_commands.cc

Failed to open key "

Skipping over key "

d:\webapps\b\build\slave\repo\build\src\chrome\installer\util\language_selector.cc

Cannot initialize an AppCommand from an invalid key.

d:\webapps\b\build\slave\repo\build\src\chrome\installer\util\app_command.cc

kernel32.dll

d:\webapps\b\build\slave\repo\build\src\sandbox\win\src\sandbox_policy_base.cc

CreateNamedPipeW

NtCreateKey

NtOpenKey

NtOpenKeyEx

CHROME_VERSION

CHROME_METRO_CONNECTED

CHROME_CRASHED

CHROME_RESTART

CHROME_BREAKPAD_PIPE_NAME

d:\webapps\b\build\slave\repo\build\src\components\crash\content\app\breakpad_win.cc

stats-url-exit

stats-url-browser-hang

stats-url

\UCBrowser\User Data\chrome_debug.log

origin breakpad::SetCrashKeyValueImpl

NTDLL.DLL

dbghelp.dll

SHELL32.dll

ole32.dll

function not supported

operation canceled

address_family_not_supported

operation_in_progress

operation_not_supported

protocol_not_supported

operation_would_block

address family not supported

broken pipe

inappropriate io control operation

not supported

operation in progress

operation not permitted

operation not supported

operation would block

protocol not supported

?#%X.y

GetProcessWindowStation

operator

@-@-@-@-

@-@-@-@-@-@-@-@-

(0x%X)

Error (0x%X) while retrieving error. (0x%X)

d:\webapps\b\build\slave\repo\build\src\base\trace_event\trace_log.cc

tracing/thread_%d

[0;3%dm

d:\webapps\b\build\slave\repo\build\src\base\process\process_win.cc

%s-%Iu

(%d = %3.1f%%)

Histogram.InconsistentCountHigh

Histogram.InconsistentCountLow

Histogram: %s recorded %d samples

(flags = 0x%x)

PlatformFile.UnknownErrors.Windows

user32.dll

WorkerThread-%d

.thunks

.syzygy

d:\webapps\b\build\slave\repo\build\src\base\threading\thread_local_win.cc

"%d":

d:\webapps\b\build\slave\repo\build\src\base\trace_event\trace_buffer.cc

renderer.scheduler

disabled-by-default-cc.debug.picture

disabled-by-default-cc.debug

disabled-by-default-toplevel.flow

d:\webapps\b\build\slave\repo\build\src\base\trace_event\memory_dump_manager.cc

%s/%s

MsgLoop:

\uX

d:\webapps\b\build\slave\repo\build\src\base\threading\thread.cc

%d:%s

Chrome.MessageLoopProblem

KeyDown

Chrome_RenderWidgetHostHWND

Chrome_WidgetWin

full-memory-crash-report

D:\webapps\b\build\slave\repo\build\src\out\Release\initialexe\chrome.exe.pdb

chrome.exe

ClearBreakpadPipeEnvironmentVariable

ClearCrashKeyValueImpl

SetCrashKeyValueImpl

SignalChromeElf

chrome_elf.dll

VERSION.dll

WINMM.dll

RegCreateKeyExW

RegQueryInfoKeyW

RegOpenKeyExW

RegEnumKeyExW

RegCloseKey

ADVAPI32.dll

MsgWaitForMultipleObjectsEx

CallMsgFilterW

CloseWindowStation

CreateWindowStationW

SetProcessWindowStation

USER32.dll

GetProcessHeap

GetWindowsDirectoryW

CreateIoCompletionPort

GetProcessHandleCount

KERNEL32.dll

USERENV.dll

GetCPInfo

SetNamedPipeHandleState

TransactNamedPipe

WaitNamedPipeW

zcÁ

UUVQcrtw

r%s @

nq.af

444444444444

474747474747

777777777777

777//6()/777

.mmm,Y

0000000000000000000

11<161611>

z.sa;

.gaB|s

D[%1x

>Eu

.vXZZ

.lecIS

?(.Ul

.WbqfL

<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><dependency><dependentAssembly><assemblyIdentity type="Win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity></dependentAssembly></dependency><dependency><dependentAssembly><assemblyIdentity type="win32" name="5.6.11466.7" version="5.6.11466.7" language="*"></assemblyIdentity></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"></supportedOS><supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"></supportedOS></application></compatibility></assembly>

8 8'868=8

1*11181`2

>$?=?]?}?

?%?0?9?@?

>(>2>9>~>

;$;;;@;`;

6'6-626?6

7.84888<8@8

> >$>(>,>0>4>~>

9(9-92979@9

9(939:9@9}9

4585<5@5

7 7$7(787<7@7

7 7$7(7,70747

config_updater.dll

updater.dll

chrome_watcher.dll

chrome.dll

chrome_child.dll

UCBrowser.exe

metro_driver.dll

{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}

{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}

Browse the web

Software\Microsoft\Windows\CurrentVersion\Uninstall\Chromium

Software\Microsoft\Windows\CurrentVersion\Uninstall\

-chrome

-chromeframe

WebAccessible

E{65122CB0-EA0F-47DF-A953-017170ED12F9}

WebKit

Software\Microsoft\Windows\CurrentVersion\Uninstall\UCBrowser

HKEY_CLASSES_ROOT

HKEY_CURRENT_USER

HKEY_LOCAL_MACHINE

HKEY_USERS

HKEY_PERFORMANCE_DATA

HKEY_PERFORMANCE_TEXT

HKEY_PERFORMANCE_NLSTEXT

HKEY_CURRENT_CONFIG

HKEY_DYN_DATA

ntdll.dll

pipe\

Ekernel32.dll

kernelbase.dll

\Sessions\%d\AppContainerNamedObjects\%ls

ALPC Port

eKey

Fkernel32.dll

gdi32.dll

xntdll.dll

wow_helper.exe"

Crash Reports

script.log

resources.pak

chrome

pepflashplayer.dll

\\.\pipe\GoogleCrashServices\

\\.\pipe\UCBrowserCrashServices

error %u

%d.%d.%d.%d

unspecified-crash-key

stats_uploader.exe

Gmscoree.dll

- floating point support not loaded

- CRT not initialized

- Attempt to initialize the CRT more than once.

portuguese-brazilian

USER32.DLL

rpcrt4.dll

%s\%s.dmp

x-x-x-xx-xxxxxx

\uninstall.exe

mshtml.dll

Ndebug.log

BCmdLine

\StringFileInfo\xx\%ls

Chrome_MessageWindow

Ntdll.dll

Advapi32.dll

shell32.dll

DChrome_MessagePumpWindow_%p

Chrome Frame

{49AE23F3-CF25-4041-9387-DC9D1B578555}

{EE1C56C8-D145-437E-A83F-74406D742719}

%Program Files%\UCBrowser\Application\UCBrowser.exe

UCWeb Inc.

5.6.11466.7

chrome_exe

Copyright 2008-2016 UCWeb Inc. All rights reserved.

UCBrowser.exe_2376_rwx_0700A000_000F5000:

Qj.hea

Qj@h%c

webOu

j.hah

=WEBK

UCBrowser.exe_2376_rwx_0910A000_000F5000:

.comu

install1078565.exe_2676:

`.rsrc

QSVSSSh

>%uPV

|$D.tD

.tgPV

FTPjK

FtPj;

C.PjRVj

u.VV3

|$$vL9|$ u%Sh

\\.\PhysicalDrive%d

\\.\Scsi%d:

Iphlpapi.dll

XXXXXXXXXXX

{X-X-X-XX-XXXXXX}

CLSID\{CAA2D3B1-4BB5-4a45-A17A-122773379D99}

Advapi32.dll

Explorer.exe

NtDll.dll

Kernel32.dll

%d %d %d %d

SOFTWARE\Rising\%s

[d-d-d][d:d:d:d]

2.log

[u]

[0xX]

RAV.INI

Failed to call WTSQueryUserToken, err= 0x%x

wtsapi32.DLL

Could not open pipe

SetNamedPipeHandleState failed

\\.\pipe\RISING_RSD_BU

%*.*f

/RUNAS %s

Failed to load psapi.dll.

Psapi.dll

Setup.exe End with ErrorCode: 0xX

hXXp://center.rising.com.cn/LogCenter.asp?info=%s

Key=%s&v1=%s&v2=%s&v3=%s&v4=%s&v5=%s

Password

Port

\NetConfig.ini

%s\Data\%s\%s.ini

setup.exe

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\

%s(%s)

ReportView

KERNEL32.DLL

SetWillReboot(%d)

Failed to call QueryServiceStatus(RSD)! Err Code: %d

Failed to call OpenService(RSD)! Err Code: %d

Failed to call OpenSCManager! Err Code: %d

\RsTest.ini

ÞSKTOP%

\label.dat

\Backup.ini

\Export.ini

\XMLS\RSSetup.xml

\Setup.exe

\*.exe

\XMLS\Setup.xml

\os.xml

Label.dat

/PASS=

/PRODUCT=%s

/LANG=%d

HKEY_LOCAL_MACHINE\SoftWare\Rising\%s

ITEM%d

UPDATEXMLURL

d-d-- d:d

Local_RSD_Setup_%s

Global\Rising_RSD_Setup_%s

Rising_RSD_Setup_%s

\Backup\RSD\RSSetup\RSSetup.xml

\RSSetup.xml

\CompsVer.inf

AddPCAExclude return: %d

Open Key Failed!

Create Key Failed!

Query Value Failed! Return: %d

%s\Setup.exe

SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags

AddPCAExclude(%d)

Setup.xml

\Setup.xml

12345678.000

Create Temp Cfg From %s to %s

rd /q %s

rd /s /q %s

if exist %s goto repeat

del /s /q /f %s

\DelSelf.bat

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

SetFileSecurity() failed. Error %d

SetSecurityDescriptorControl() failed.Error %d

GetSecurityDescriptorControl() failed.Error %d

SetSecurityDescriptorDacl() failed. Error %d

AddAce() failed. Error %d

GetAce() failed. Error %d

AddAccessAllowedAce() failed. Error %d

AddAccessAllowedAceEx() failed. Error %d

advapi32.dll

InitializeAcl() failed. Error %d

HeapAlloc() failed. Error %d

GetAclInformation() failed. Error %d

GetSecurityDescriptorDacl() failed. Error %d

InitializeSecurityDescriptor() failed.Error %d

GetFileSecurity() failed. Error %d

InitializeSid() failed. Error %d

HKEY_LOCAL_MACHINE

HKEY_USERS

HKEY_CURRENT_USER

HKEY_CLASSES_ROOT

<!--%s-->

WinSessionThread GetPidByName dwPID = %d , name=%s!

WTSQueryUserToken Failed! Err Code: %d

OpenProcess Failed! Err Code: %d

GetProcAddress(OpenProcessToken) Failed! Err Code: %d

OpenProcessToken Failed! Err Code: %d

GetLogonUserToken(%d)

CreateProcess2 Return: %d

LoadLibrary Failed! Err Code: %d

CreateEnvironmentBlock Failed! Err Code: %d

DuplicateTokenEx Failed! Err Code: %d

CreateProcessWithTokenW Failed! Err Code: %d

Userenv.DLL

GetFileAttributes %s return: %d

Delete File %s fail, Err: %d

Wow64DisableWow64FsRedirection Return: %d

Wow64RevertWow64FsRedirection Return: %d

RsInstallService(%s) Return: %d

ChangeServiceConfig Failed! Err Code: %d

CreateService Failed! Err Code: %d

OpenSCManager Failed! Err Code: %d

RsInstallService(%s)

RsUninstallService(%s) Return: %d

DeleteService Failed! Err Code: %d

OpenService Failed And Service Already Exist! Err Code: %d

RsUninstallService(%s)

OpenService Failed! Err Code: %d

LoadLibrary(Advapi32.dll) Failed!

RsSetServiceFailureAction(%s) Return: %d

GetProcAddress(%s) Failed!

ChangeServiceConfig2 Failed! Err Code: %d

RsSetServiceFailureAction(%s)

QueryServiceStatus Failed! Err Code: %d

StartService Failed! Err Code: %d

RsStartService(%s)

Wait for Service %s Time Out!

QueryServiceStatus(%s) Failed! Err Code: %d

ControlService(%s) SERVICE_CONTROL_STOP Failed! Err Code: %d

HeapAlloc Failed! Err Code: %d

EnumDependentServices Failed! Err Code: %d

Stop Service %s Dependencies...

%s's Stop is Pending...

Service %s is Stopped...

OpenService(%s) Failed! Err Code: %d

RsStopService(%s)

Rs%sInstallCom(%s) Return: %d

LoadLibrary(%s) Failed!

%s Failed! ErrMsg: %s

Rs%sInstallCom(%s)...

WinSessionThread CreateProcess ret = %d end !

WinSessionThread CreateProcess pid = %d, CreateProcessAsUser err = %d !

WinSessionThread CreateProcess begin dwSessionID = %d!

WININIT.INI

\WININIT.INI

HKEY_CURRENT_CONFIG

"%s" %s

\RsMgrSvc.ini

Save DELETEPATH %s to RsMgrSvc.ini

Save REBOOTRUN %s to RsMgrSvc.ini

%s Loaded By %s

EXPLORER.EXE

Setup.exe Begin----------------------------------

\.log

HKEY_DYN_DATA

HKEY_PERFORMANCE_DATA

StopComponent(%s)...

StartComponent(%s)...

Report Error!

Call Component %s Dll_PreHandle Return: 0xX

Call Component %s Dll_PostHandle Return: 0xX

Check XML File %s Failed

Check File %s Failed

BackUp XML File From: %s To %s

Delete XML File: %s

Copy XML File From: %s To %s

%s\RsMgrsvc.ini

URLInfoAbout

hXXp://help.ikaka.com/

%s\%s

"%s" /UNINSTALL /PRODUCT=%s

"%s" /UNINSTALL /PRODUCT=RSD

Delete File %s

Copy File From %s To %s

CompsVer.inf

Copy Path From %s To %s

Down Load %s To Path: %s

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\windows\currentversion\run

RunFirstInstall Successfully...NeedReboot: %d

InstallComponentList Failed! Error Code: 0xX

PreHandleComponentList Failed! Error Code: 0xX

Product_PreHandle Failed! Error Code: 0xX

BackUpComponentList Failed! Error Code: 0xX

CheckComponentList Failed! Error Code: 0xX

RunFirstInstall, AfterReboot: %d

RavTmp: %s

file not exist : %s

succeed to download %s

Failed to download %s. ErrCode = %d; hr = %d

Failed to verify %s

%s%s/%s%s.inf

Failed to get download url from %s

URLLIST

Failed to load %s.

%s%s/%s/%s/%s

%s\%s\%s\%s

%s%s/%s/%s

%s\%s\%s

Failed to get %s-ITEM.

Failed to get %s-FILES.

Failed to get %s-COMPONENT.

Download %s retry > 3

%s/%s/%s_xml.zip

%s\%s\%s.xml

%s%s/%s/%s.xml

Failed to get %s' newver from %s

SCMD

REGVERKEY

REGKEYVALUE

REGKEYNAME

REGKEY

Set File %s Everyone Access Rights 0xX return: %d

Set File %s Users Access Rights 0xX return: %d

Delete File Return: %d, NeedReboot: %d

Prepare To Delete File %s...

Back Up File From: %s To: %s Return: %d

Skip Backing Up File %s For Checked OK...

Copy File Return: %d, NeedReboot: %d

MoveFile From %s To %s

Prepare To Copy File From %s To %s...

TaskbarPin = 0x%x

Install Link: %s

Delete Link: %s

TaskbarunPin = 0x%x

Old Link File: %s

SUBKEY

Set Key %s Everyone Access Rights 0xX return: %d

Set Key %s Users Access Rights 0xX return: %d

REGKEYDATATYPE

Install Key KeyName: %s, ValueName: %s, Value: %s, DataType: %d Return: %d

Backup Key Value Return: %d

microsoft\windows\currentversion\run

Restore Key Value Return: %d

UnInstall Key KeyName: %s, ValueName: %s Return: %d

Execute langsel.exe

langsel.exe

Setup Log (*.log)

*.log

A%d M

ÚTADIR%

Need Reboot, Add DeletePath Task To Server: %s

No Reboot, RsDeletePath(%s)

kernel32.dll

\lics%d.txt

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\

{X-X-X-XX-XXXXXX}.bmp

SOFTWARE\Microsoft\Windows NT\CurrentVersion

SHFolder.dll

Shell32.dll

HKEY_LOCAL_MACHINE\%s\%s

%snserver.exe

%sRsTest.ini

Software\Microsoft\Windows\CurrentVersion

nserver.exe

%FIRSTPART%

%COMMONDIR%

%DOMINODATA%

%DOMINODIR%

%SYSDIR64%

%SYSDIR%

Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders

[INF]CRsConfigBase::InitializeRsConfig: GetPath(PathSize=%d),Result=0xX

[ERR]CRsConfigBase::InitializeRsConfig: QueryInterface RSIID_IRSCfgMgr Failed(Result=0xX)!

[ERR]CRsConfigBase::InitializeRsConfig:CreateAppEnv Failed(Result=0xX).

RsConfig.cfg

[ERR]CRsConfigBase::InitializeRsConfig:QueryInterface RSIID_IRSAppMgr failed(Result=0xX).

[ERR]CRsConfigBase::InitializeRsConfig:CreateObject RSID_RSAppMgr failed(Result=0xX).

RSAPPMGR.DLL

\RSAPPMGR.DLL

comx3.dll

</%s>

standalone="%s"

encoding="%s"

version="%s"

&#xX;

%s='%s'

%s="%s"

RsdSfxTmp\RsLang.dll

SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

System\CurrentControlSet\Services\VxD\MSTCP

255.255.255.255

socket() failed; %d

MSIE %d.%d

WININET.DLL

Windows

Windows Me

Windows 98

Windows 95

Windows NT %d.%d

%s:%d

Mozilla/4.0 (compatible; %s; %s; Rising)

Range: bytes=%d-

HTTP/1.0

hXXp://

\rsdebug.ini

c:\%s

dbghelp.dll

d-d-d(d-d-d)

.exe.log

\rsmain.exe

%s\*.*

C:\Temp

\Rs7zSfx.log

%s\CompsVer.inf

Setup.exe

%s\auto.ini

%s Start

%s End

{E5C53971-D80E-4500-BE0D-761BF3CD8457}

Unsupported Method

Password is not defined

internal state. The program cannot safely continue execution and must

continue execution and must now be terminated.

mscoree.dll

- This application cannot run using the active version of the Microsoft .NET Runtime

Please contact the application's support team for more information.

portuguese-brazilian

GetProcessWindowStation

user32.dll

.rstmp

1.1.3

deflate 1.1.3 Copyright 1995-1998 Jean-loup Gailly

inflate 1.1.3 Copyright 1995-1998 Mark Adler

d:\SVN\psproducts\distribute\code\setupnew\Release\Setup.pdb

zcÁ

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\install1078565.exe.log

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\\RsdSfxTmp\install1078565.exe\.log

" & 0 3 5 ;

%K%s%

% 0 2 5 9

2Terms of use at hXXps://VVV.verisign.com/rpa (c)011'0%

$hXXp://ocsp.verisign.com/ocsp/status0

hXXps://VVV.verisign.com/rpa0

9hXXp://crl.microsoft.com/pki/crl/products/CodeSignPCA.crl0

$hXXp://VVV.microsoft.com/typography 0

667'7753

33267&&5#

##"55663'

##"55667'

6&'67667'

6677'#57'

6655667'

7#"55667'

6&'5////<

33333333

3267&&5#

6&'6763'

475&&'663'

##"'66'7'

6&'66777'

33267&45#

(3<%:50$

6&'6767'

6&'67663'

#7#5663'

6&'66'7'

475&&'7'

&75&&'67'

33267"45#

475&&&'3'

675&'677'

33267&&7#

75&&'67'

3367&&5#

6&&'566''

675&&'7'

&75&'677'

635&&'667'

435&&'''

6&&'667'

635&&'3'

475&'677'

#7475&&'3'

&75&&'667'

675&&'66''

475&&'3'

<0000{%$(

6&&'66''

675"&'7'

475&&'63'

7&57'667

7&57'667'

675&&'3'

675&'66'3

#75&&'3'

675"'677'

"##."".##.""

5&&'673'

3327&&5#

66&'667'

.WWWW

7327&&5#

##"75667'

675&'663'

675&'6'3

635&&&'7

5&&'663'

#57'667'

3327&45#

##&'5663'

67'7327&&5#

6&&7#'673>

675"&'3'

##/##/##/##8

475&'667'

475"&'3'

#"556667'

6&&'67''

675"'663'

#7#"557'

.QQQQ-::$/

635&'673'

66&'663'

'#"7567'

'#&75663'

66&'5663'

677&'663

737#535#'

677&'677'

'#"55667'

6&'607'3

675&'673'

'#"'5'757

#457'6'53

3367&&'#

675&'67'3

'#"7563'

66&''753

&75&'67'

!!-!!-!!-!!

&75&'663'

6&'6'757

#57'663'

!!-""-!!-""

66&'677'

635&'677

475&'6'3

66677'673

635&'677'

6&&''#77'

####(""""%

1%%1##1%%1##"

26&'677'

"!!,"",!!,""

#57'757'

'#&7477'

637&'677'

'#"75667'

&75&'673

635&'7'&57'

'#&557'0

22?44?22

&75"'673'

##"5667'

##/$$0&&

#6&'677'

Ç7776

6&'67#3'

3327&&'#

7367&&'#

7&'#5333

6&'7#5333

'#"757'''

637&&'673'

7&57'673'

6&'677''

00<55<00<55"

--:00:--:00

64&'673'

11>44>11>44

635&'663'

6&&'673'

475&'673

637&'663'

635&'67'3

@!!-!!-!!-!!$'

22?55?22?55

#66'667'

66&'6677

6&'667''

'#"55663'

&75&&'677'

7367&&5#

'#"557'#

3327"&5#

5&&'677'

64&'677'

637&&'3'

#57'6'53

.GGGG

475&'67'3

635&'47'

475&&'63

&35&'677'

44@::@44@::)2

6&'&'63'

#737&'77'

635&'63'

7635&&'3'

757'677'

#535#57'

//<11<//<11

&67''753

22?22?22?22.

'#537&&'7'

6&'6777'

##"5563'

7&57'67'3'

##"556677'

33267&&'#

675&'67'7'

66333"

##"5567'

66&'673'

7&57'677'

675&'667'

666&'67'

675&'67'

##"7567'

6&7675&'7'

7#"5563'

675&&'673'

6&'#53'3

667757'67'

##"55777'

##"557'663'

635"'67'

7327&&'#

**7%%7**7%%2,,

##&5564..)

..:&&2**2&&]

**6((4,,4((6**#5

**7&&3**3&&7**

..:&&2**2&&:..

..:%%1  1%%

..:%%1,,1%%:..@

  8**7  7**8  %%

**7&&3**3&&7**-

  8**7&&7**8  &

..:%%1,,1%%:..

##"'563'

3267&&'#

..:&&2  2&&:..

 "".!!!^

  7..7

7&557'67'

,,8--9--9--8,,'

73267&&'#

&7#53'3'

675&'53'

33667&&5#

#77'677'

#53'#53'753

22>33>22>33

675"'667'

635&'67'

7&53'#535#53

7&57'67'

##"&667'

6&'67'3'

33267&5#

#"55677'

##"&677'

73267&&5#

635&'667'

675"'53'

|,,,,)))

##&75677'

&&2''3**

635&&'7'

637&'67'

635&&'663'

666&'667'

675&&'663'

664&'667'

7&&'677'

675&&'677'

6635&&'6677'

66&&'6677'

7&557'667

637&'673'

666775&&'3'

#'66677'

7&&'667'

#"55667'

675"'6'3

&&66"&&6

3&&&""&'#

26'&&666

75#4&462

7535#76635#

##&54554&&&

#5266554&&#

2664&"#2!

3264&'64&"

#5&&&5476633

2264&'7-

35"&&55#

32654'&)

35"&55#3

##664&#"

#5326777

#5326''#

35&&6773

##"&5532

#5326554&#

#5326554&#]%

#5326554�

#5326554&# $

#5326554&#\

#5326554

732654&&##

##7535#56

354&##53

#5326554&##53!

32654&#"

#"&54632

 '%-$,(()/0('03

'7&54672

26554&##53

#"&554&##53

#532655'&&##53

75466335#

35#"&553266664&&&#

264&'66&&#"

&546754&#"

&546754&"

"&&456632

4&##532673

#"&&566=

5326554&##532673

#5326554&"

326'4632

26754&##532673

#"&554&##532673

267766335#

&&&54666

32654&&'&54632

#"'&'#735#736632

35&&5532

35&&5544635#

&6666&&'

&&677"&&2276

&663664&

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\RsdSfxTmp

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\install1078565.exe

11166666600000000000000/////////.....""""""""""""""""--- .DDDDDDDDDDDDDDDDDDDDDDDDDDBBBBBB

>VVVVVVVVVVVVYYYY:Y:YYV8888888888888.ppMs3llkxNqKKqK

!'!555''''

!! **""!

#### # # # #  # # # #

6,,,6,,6,66

,,,,66,,6,

6,,,,6,,,

555555555555555

666666666666666666

888888888

CC.CCCCCC6hML7L77L789;nOOOOOOOO8

...CCCCCC6hMLL7777789;

...CCCCCC6hML77777789;

"""!"!"!"

1111111111111000000

!%%&11&&&

23333333333333333333

3333343333333333334

443434333333333333

#34344443344333343

3444444444444

444444444444

7676676676676676

7777777777777

77777777777

>889889889889883$3

/2$ÝDD

4::-...,..,,,, %

7766666666666666666666601$ÞDE

000000000000011110

"#%DPTVVVVVVPO%%"L

mV2.AHBC5D;<<(-

GetWindowsDirectoryA

GetCPInfo

WaitNamedPipeA

SetNamedPipeHandleState

GetProcessHeap

RegCloseKey

RegSetKeySecurity

RegGetKeySecurity

RegQueryInfoKeyA

RegEnumKeyExA

RegCreateKeyA

RegOpenKeyA

RegCreateKeyExA

RegDeleteKeyA

RegOpenKeyExA

ShellExecuteA

ShellExecuteExA

EnumChildWindows

EnumWindows

MsgWaitForMultipleObjects

ExitWindowsEx

HttpOpenRequestA

HttpAddRequestHeadersA

HttpSendRequestA

InternetCrackUrlA

HttpQueryInfoA

.text

`.rdata

@.data

.rsrc

.mCYV

ADVAPI32.dll

COMCTL32.dll

comdlg32.dll

GDI32.dll

ole32.dll

OLEAUT32.dll

RPCRT4.dll

SHELL32.dll

SHLWAPI.dll

USER32.dll

VERSION.dll

WININET.dll

WSOCK32.dll

%SW[z

(.KOS

"&,GKey

"(EXe

.TX\`gnu|

*.TX\`gnu|

$).SW[_fmt{

.SW[_fmt{

.SW[_fmt|

&.TX\`gnu|

.LSx|

!LGlptx

&.KPirv

!%DSWetx

%U]em

&.KQX_nr

.JPTX\`gnu|

'.JPTX\`gnu|

*.JPTX\`gnu|

'.BIekosw{

.DIekosw{

.Uqw{

.FMTpvz~

*HMSgnt

'.JPTX\`

-EKSouy}

-EKQWsy}

#(-159=[

)-15Dosw}

"&*.GM

-QWaekqw}

.RVZ`fmsy

.AHO\ekq

L`

!(.bh

It is strongly recommended to close all Windows program before running the setup program.

Password:

This module need %fM

ECan't create the destination folder, please check and input it again.APlease take off your CD avoiding to restart from CDROM next time.

 Totally scaned %d files, found %d viruses.

Export,Unable to Create File Folder: %s , continue?

This version [version:%s] is older than your current installed [version:%s]

Continue to install Rising AntiVirus Software[version:%s]?

%Click "Next" to continue installation

jSystem comctl32.dll version is lower than 4.70!\please upgrade it through installing IE4 or above version.

KYou have install follow Rising product, this product can't install whit it.FLast Rising setup progress is not completed, please reboot your systemNRising Anti-virus software has been uninstalled successfully but follow files.

!Version: %s Update Date: %s

$Add or remove same component please!(%d second left to auto close this dialog8Rising Anti-virus software has been updated successfully

Password is error7update is completed, windows need reboot for copy file.

1.0.0.3

Setup.EXE

install1078565.exe_2676_rwx_00401000_001E4000:

QSVSSSh

>%uPV

|$D.tD

.tgPV

FTPjK

FtPj;

C.PjRVj

u.VV3

|$$vL9|$ u%Sh

\\.\PhysicalDrive%d

\\.\Scsi%d:

Iphlpapi.dll

XXXXXXXXXXX

{X-X-X-XX-XXXXXX}

CLSID\{CAA2D3B1-4BB5-4a45-A17A-122773379D99}

Advapi32.dll

Explorer.exe

NtDll.dll

Kernel32.dll

%d %d %d %d

SOFTWARE\Rising\%s

[d-d-d][d:d:d:d]

2.log

[u]

[0xX]

RAV.INI

Failed to call WTSQueryUserToken, err= 0x%x

wtsapi32.DLL

Could not open pipe

SetNamedPipeHandleState failed

\\.\pipe\RISING_RSD_BU

%*.*f

/RUNAS %s

Failed to load psapi.dll.

Psapi.dll

Setup.exe End with ErrorCode: 0xX

hXXp://center.rising.com.cn/LogCenter.asp?info=%s

Key=%s&v1=%s&v2=%s&v3=%s&v4=%s&v5=%s

Password

Port

\NetConfig.ini

%s\Data\%s\%s.ini

setup.exe

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\

%s(%s)

ReportView

KERNEL32.DLL

SetWillReboot(%d)

Failed to call QueryServiceStatus(RSD)! Err Code: %d

Failed to call OpenService(RSD)! Err Code: %d

Failed to call OpenSCManager! Err Code: %d

\RsTest.ini

ÞSKTOP%

\label.dat

\Backup.ini

\Export.ini

\XMLS\RSSetup.xml

\Setup.exe

\*.exe

\XMLS\Setup.xml

\os.xml

Label.dat

/PASS=

/PRODUCT=%s

/LANG=%d

HKEY_LOCAL_MACHINE\SoftWare\Rising\%s

ITEM%d

UPDATEXMLURL

d-d-- d:d

Local_RSD_Setup_%s

Global\Rising_RSD_Setup_%s

Rising_RSD_Setup_%s

\Backup\RSD\RSSetup\RSSetup.xml

\RSSetup.xml

\CompsVer.inf

AddPCAExclude return: %d

Open Key Failed!

Create Key Failed!

Query Value Failed! Return: %d

%s\Setup.exe

SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags

AddPCAExclude(%d)

Setup.xml

\Setup.xml

12345678.000

Create Temp Cfg From %s to %s

rd /q %s

rd /s /q %s

if exist %s goto repeat

del /s /q /f %s

\DelSelf.bat

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

SetFileSecurity() failed. Error %d

SetSecurityDescriptorControl() failed.Error %d

GetSecurityDescriptorControl() failed.Error %d

SetSecurityDescriptorDacl() failed. Error %d

AddAce() failed. Error %d

GetAce() failed. Error %d

AddAccessAllowedAce() failed. Error %d

AddAccessAllowedAceEx() failed. Error %d

advapi32.dll

InitializeAcl() failed. Error %d

HeapAlloc() failed. Error %d

GetAclInformation() failed. Error %d

GetSecurityDescriptorDacl() failed. Error %d

InitializeSecurityDescriptor() failed.Error %d

GetFileSecurity() failed. Error %d

InitializeSid() failed. Error %d

HKEY_LOCAL_MACHINE

HKEY_USERS

HKEY_CURRENT_USER

HKEY_CLASSES_ROOT

<!--%s-->

WinSessionThread GetPidByName dwPID = %d , name=%s!

WTSQueryUserToken Failed! Err Code: %d

OpenProcess Failed! Err Code: %d

GetProcAddress(OpenProcessToken) Failed! Err Code: %d

OpenProcessToken Failed! Err Code: %d

GetLogonUserToken(%d)

CreateProcess2 Return: %d

LoadLibrary Failed! Err Code: %d

CreateEnvironmentBlock Failed! Err Code: %d

DuplicateTokenEx Failed! Err Code: %d

CreateProcessWithTokenW Failed! Err Code: %d

Userenv.DLL

GetFileAttributes %s return: %d

Delete File %s fail, Err: %d

Wow64DisableWow64FsRedirection Return: %d

Wow64RevertWow64FsRedirection Return: %d

RsInstallService(%s) Return: %d

ChangeServiceConfig Failed! Err Code: %d

CreateService Failed! Err Code: %d

OpenSCManager Failed! Err Code: %d

RsInstallService(%s)

RsUninstallService(%s) Return: %d

DeleteService Failed! Err Code: %d

OpenService Failed And Service Already Exist! Err Code: %d

RsUninstallService(%s)

OpenService Failed! Err Code: %d

LoadLibrary(Advapi32.dll) Failed!

RsSetServiceFailureAction(%s) Return: %d

GetProcAddress(%s) Failed!

ChangeServiceConfig2 Failed! Err Code: %d

RsSetServiceFailureAction(%s)

QueryServiceStatus Failed! Err Code: %d

StartService Failed! Err Code: %d

RsStartService(%s)

Wait for Service %s Time Out!

QueryServiceStatus(%s) Failed! Err Code: %d

ControlService(%s) SERVICE_CONTROL_STOP Failed! Err Code: %d

HeapAlloc Failed! Err Code: %d

EnumDependentServices Failed! Err Code: %d

Stop Service %s Dependencies...

%s's Stop is Pending...

Service %s is Stopped...

OpenService(%s) Failed! Err Code: %d

RsStopService(%s)

Rs%sInstallCom(%s) Return: %d

LoadLibrary(%s) Failed!

%s Failed! ErrMsg: %s

Rs%sInstallCom(%s)...

WinSessionThread CreateProcess ret = %d end !

WinSessionThread CreateProcess pid = %d, CreateProcessAsUser err = %d !

WinSessionThread CreateProcess begin dwSessionID = %d!

WININIT.INI

\WININIT.INI

HKEY_CURRENT_CONFIG

"%s" %s

\RsMgrSvc.ini

Save DELETEPATH %s to RsMgrSvc.ini

Save REBOOTRUN %s to RsMgrSvc.ini

%s Loaded By %s

EXPLORER.EXE

Setup.exe Begin----------------------------------

\.log

HKEY_DYN_DATA

HKEY_PERFORMANCE_DATA

StopComponent(%s)...

StartComponent(%s)...

Report Error!

Call Component %s Dll_PreHandle Return: 0xX

Call Component %s Dll_PostHandle Return: 0xX

Check XML File %s Failed

Check File %s Failed

BackUp XML File From: %s To %s

Delete XML File: %s

Copy XML File From: %s To %s

%s\RsMgrsvc.ini

URLInfoAbout

hXXp://help.ikaka.com/

%s\%s

"%s" /UNINSTALL /PRODUCT=%s

"%s" /UNINSTALL /PRODUCT=RSD

Delete File %s

Copy File From %s To %s

CompsVer.inf

Copy Path From %s To %s

Down Load %s To Path: %s

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\windows\currentversion\run

RunFirstInstall Successfully...NeedReboot: %d

InstallComponentList Failed! Error Code: 0xX

PreHandleComponentList Failed! Error Code: 0xX

Product_PreHandle Failed! Error Code: 0xX

BackUpComponentList Failed! Error Code: 0xX

CheckComponentList Failed! Error Code: 0xX

RunFirstInstall, AfterReboot: %d

RavTmp: %s

file not exist : %s

succeed to download %s

Failed to download %s. ErrCode = %d; hr = %d

Failed to verify %s

%s%s/%s%s.inf

Failed to get download url from %s

URLLIST

Failed to load %s.

%s%s/%s/%s/%s

%s\%s\%s\%s

%s%s/%s/%s

%s\%s\%s

Failed to get %s-ITEM.

Failed to get %s-FILES.

Failed to get %s-COMPONENT.

Download %s retry > 3

%s/%s/%s_xml.zip

%s\%s\%s.xml

%s%s/%s/%s.xml

Failed to get %s' newver from %s

SCMD

REGVERKEY

REGKEYVALUE

REGKEYNAME

REGKEY

Set File %s Everyone Access Rights 0xX return: %d

Set File %s Users Access Rights 0xX return: %d

Delete File Return: %d, NeedReboot: %d

Prepare To Delete File %s...

Back Up File From: %s To: %s Return: %d

Skip Backing Up File %s For Checked OK...

Copy File Return: %d, NeedReboot: %d

MoveFile From %s To %s

Prepare To Copy File From %s To %s...

TaskbarPin = 0x%x

Install Link: %s

Delete Link: %s

TaskbarunPin = 0x%x

Old Link File: %s

SUBKEY

Set Key %s Everyone Access Rights 0xX return: %d

Set Key %s Users Access Rights 0xX return: %d

REGKEYDATATYPE

Install Key KeyName: %s, ValueName: %s, Value: %s, DataType: %d Return: %d

Backup Key Value Return: %d

microsoft\windows\currentversion\run

Restore Key Value Return: %d

UnInstall Key KeyName: %s, ValueName: %s Return: %d

Execute langsel.exe

langsel.exe

Setup Log (*.log)

*.log

A%d M

ÚTADIR%

Need Reboot, Add DeletePath Task To Server: %s

No Reboot, RsDeletePath(%s)

kernel32.dll

\lics%d.txt

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\

{X-X-X-XX-XXXXXX}.bmp

SOFTWARE\Microsoft\Windows NT\CurrentVersion

SHFolder.dll

Shell32.dll

HKEY_LOCAL_MACHINE\%s\%s

%snserver.exe

%sRsTest.ini

Software\Microsoft\Windows\CurrentVersion

nserver.exe

%FIRSTPART%

%COMMONDIR%

%DOMINODATA%

%DOMINODIR%

%SYSDIR64%

%SYSDIR%

Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders

[INF]CRsConfigBase::InitializeRsConfig: GetPath(PathSize=%d),Result=0xX

[ERR]CRsConfigBase::InitializeRsConfig: QueryInterface RSIID_IRSCfgMgr Failed(Result=0xX)!

[ERR]CRsConfigBase::InitializeRsConfig:CreateAppEnv Failed(Result=0xX).

RsConfig.cfg

[ERR]CRsConfigBase::InitializeRsConfig:QueryInterface RSIID_IRSAppMgr failed(Result=0xX).

[ERR]CRsConfigBase::InitializeRsConfig:CreateObject RSID_RSAppMgr failed(Result=0xX).

RSAPPMGR.DLL

\RSAPPMGR.DLL

comx3.dll

</%s>

standalone="%s"

encoding="%s"

version="%s"

&#xX;

%s='%s'

%s="%s"

RsdSfxTmp\RsLang.dll

SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

System\CurrentControlSet\Services\VxD\MSTCP

255.255.255.255

socket() failed; %d

MSIE %d.%d

WININET.DLL

Windows

Windows Me

Windows 98

Windows 95

Windows NT %d.%d

%s:%d

Mozilla/4.0 (compatible; %s; %s; Rising)

Range: bytes=%d-

HTTP/1.0

hXXp://

\rsdebug.ini

c:\%s

dbghelp.dll

d-d-d(d-d-d)

.exe.log

\rsmain.exe

%s\*.*

C:\Temp

\Rs7zSfx.log

%s\CompsVer.inf

Setup.exe

%s\auto.ini

%s Start

%s End

{E5C53971-D80E-4500-BE0D-761BF3CD8457}

Unsupported Method

Password is not defined

internal state. The program cannot safely continue execution and must

continue execution and must now be terminated.

mscoree.dll

- This application cannot run using the active version of the Microsoft .NET Runtime

Please contact the application's support team for more information.

portuguese-brazilian

GetProcessWindowStation

user32.dll

.rstmp

1.1.3

deflate 1.1.3 Copyright 1995-1998 Jean-loup Gailly

inflate 1.1.3 Copyright 1995-1998 Mark Adler

d:\SVN\psproducts\distribute\code\setupnew\Release\Setup.pdb

zcÁ

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\install1078565.exe.log

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\\RsdSfxTmp\install1078565.exe\.log

" & 0 3 5 ;

%K%s%

% 0 2 5 9

2Terms of use at hXXps://VVV.verisign.com/rpa (c)011'0%

$hXXp://ocsp.verisign.com/ocsp/status0

hXXps://VVV.verisign.com/rpa0

9hXXp://crl.microsoft.com/pki/crl/products/CodeSignPCA.crl0

$hXXp://VVV.microsoft.com/typography 0

667'7753

33267&&5#

##"55663'

##"55667'

6&'67667'

6677'#57'

6655667'

7#"55667'

6&'5////<

33333333

3267&&5#

6&'6763'

475&&'663'

##"'66'7'

6&'66777'

33267&45#

(3<%:50$

6&'6767'

6&'67663'

#7#5663'

6&'66'7'

475&&'7'

&75&&'67'

33267"45#

475&&&'3'

675&'677'

33267&&7#

75&&'67'

3367&&5#

6&&'566''

675&&'7'

&75&'677'

635&&'667'

435&&'''

6&&'667'

635&&'3'

475&'677'

#7475&&'3'

&75&&'667'

675&&'66''

475&&'3'

<0000{%$(

6&&'66''

675"&'7'

475&&'63'

7&57'667

7&57'667'

675&&'3'

675&'66'3

#75&&'3'

675"'677'

"##."".##.""

5&&'673'

3327&&5#

66&'667'

.WWWW

7327&&5#

##"75667'

675&'663'

675&'6'3

635&&&'7

5&&'663'

#57'667'

3327&45#

##&'5663'

67'7327&&5#

6&&7#'673>

675"&'3'

##/##/##/##8

475&'667'

475"&'3'

#"556667'

6&&'67''

675"'663'

#7#"557'

.QQQQ-::$/

635&'673'

66&'663'

'#"7567'

'#&75663'

66&'5663'

677&'663

737#535#'

677&'677'

'#"55667'

6&'607'3

675&'673'

'#"'5'757

#457'6'53

3367&&'#

675&'67'3

'#"7563'

66&''753

&75&'67'

!!-!!-!!-!!

&75&'663'

6&'6'757

#57'663'

!!-""-!!-""

66&'677'

635&'677

475&'6'3

66677'673

635&'677'

6&&''#77'

####(""""%

1%%1##1%%1##"

26&'677'

"!!,"",!!,""

#57'757'

'#&7477'

637&'677'

'#"75667'

&75&'673

635&'7'&57'

'#&557'0

22?44?22

&75"'673'

##"5667'

##/$$0&&

#6&'677'

Ç7776

6&'67#3'

3327&&'#

7367&&'#

7&'#5333

6&'7#5333

'#"757'''

637&&'673'

7&57'673'

6&'677''

00<55<00<55"

--:00:--:00

64&'673'

11>44>11>44

635&'663'

6&&'673'

475&'673

637&'663'

635&'67'3

@!!-!!-!!-!!$'

22?55?22?55

#66'667'

66&'6677

6&'667''

'#"55663'

&75&&'677'

7367&&5#

'#"557'#

3327"&5#

5&&'677'

64&'677'

637&&'3'

#57'6'53

.GGGG

475&'67'3

635&'47'

475&&'63

&35&'677'

44@::@44@::)2

6&'&'63'

#737&'77'

635&'63'

7635&&'3'

757'677'

#535#57'

//<11<//<11

&67''753

22?22?22?22.

'#537&&'7'

6&'6777'

##"5563'

7&57'67'3'

##"556677'

33267&&'#

675&'67'7'

66333"

##"5567'

66&'673'

7&57'677'

675&'667'

666&'67'

675&'67'

##"7567'

6&7675&'7'

7#"5563'

675&&'673'

6&'#53'3

667757'67'

##"55777'

##"557'663'

635"'67'

7327&&'#

**7%%7**7%%2,,

##&5564..)

..:&&2**2&&]

**6((4,,4((6**#5

**7&&3**3&&7**

..:&&2**2&&:..

..:%%1  1%%

..:%%1,,1%%:..@

  8**7  7**8  %%

**7&&3**3&&7**-

  8**7&&7**8  &

..:%%1,,1%%:..

##"'563'

3267&&'#

..:&&2  2&&:..

 "".!!!^

  7..7

7&557'67'

,,8--9--9--8,,'

73267&&'#

&7#53'3'

675&'53'

33667&&5#

#77'677'

#53'#53'753

22>33>22>33

675"'667'

635&'67'

7&53'#535#53

7&57'67'

##"&667'

6&'67'3'

33267&5#

#"55677'

##"&677'

73267&&5#

635&'667'

675"'53'

|,,,,)))

##&75677'

&&2''3**

635&&'7'

637&'67'

635&&'663'

666&'667'

675&&'663'

664&'667'

7&&'677'

675&&'677'

6635&&'6677'

66&&'6677'

7&557'667

637&'673'

666775&&'3'

#'66677'

7&&'667'

#"55667'

675"'6'3

&&66"&&6

3&&&""&'#

26'&&666

75#4&462

7535#76635#

##&54554&&&

#5266554&&#

2664&"#2!

3264&'64&"

#5&&&5476633

2264&'7-

35"&&55#

32654'&)

35"&55#3

##664&#"

#5326777

#5326''#

35&&6773

##"&5532

#5326554&#

#5326554&#]%

#5326554�

#5326554&# $

#5326554&#\

#5326554

732654&&##

##7535#56

354&##53

#5326554&##53!

32654&#"

#"&54632

 '%-$,(()/0('03

'7&54672

26554&##53

#"&554&##53

#532655'&&##53

75466335#

35#"&553266664&&&#

264&'66&&#"

&546754&#"

&546754&"

"&&456632

4&##532673

#"&&566=

5326554&##532673

#5326554&"

326'4632

26754&##532673

#"&554&##532673

267766335#

&&&54666

32654&&'&54632

#"'&'#735#736632

35&&5532

35&&5544635#

&6666&&'

&&677"&&2276

&663664&

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\RsdSfxTmp

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\install1078565.exe

11166666600000000000000/////////.....""""""""""""""""--- .DDDDDDDDDDDDDDDDDDDDDDDDDDBBBBBB

>VVVVVVVVVVVVYYYY:Y:YYV8888888888888.ppMs3llkxNqKKqK

!'!555''''

!! **""!

#### # # # #  # # # #

6,,,6,,6,66

,,,,66,,6,

6,,,,6,,,

555555555555555

666666666666666666

888888888

CC.CCCCCC6hML7L77L789;nOOOOOOOO8

...CCCCCC6hMLL7777789;

...CCCCCC6hML77777789;

"""!"!"!"

1111111111111000000

!%%&11&&&

23333333333333333333

3333343333333333334

443434333333333333

#34344443344333343

3444444444444

444444444444

7676676676676676

7777777777777

77777777777

>889889889889883$3

/2$ÝDD

4::-...,..,,,, %

7766666666666666666666601$ÞDE

000000000000011110

"#%DPTVVVVVVPO%%"L

mV2.AHBC5D;<<(-

GetWindowsDirectoryA

GetCPInfo

WaitNamedPipeA

SetNamedPipeHandleState

GetProcessHeap

RegCloseKey

RegSetKeySecurity

RegGetKeySecurity

RegQueryInfoKeyA

RegEnumKeyExA

RegCreateKeyA

RegOpenKeyA

RegCreateKeyExA

RegDeleteKeyA

RegOpenKeyExA

ShellExecuteA

ShellExecuteExA

EnumChildWindows

EnumWindows

MsgWaitForMultipleObjects

ExitWindowsEx

HttpOpenRequestA

HttpAddRequestHeadersA

HttpSendRequestA

InternetCrackUrlA

HttpQueryInfoA

.text

`.rdata

@.data

.rsrc

.mCYV

%SW[z

(.KOS

"&,GKey

"(EXe

.TX\`gnu|

*.TX\`gnu|

$).SW[_fmt{

.SW[_fmt{

.SW[_fmt|

&.TX\`gnu|

.LSx|

!LGlptx

&.KPirv

!%DSWetx

%U]em

&.KQX_nr

.JPTX\`gnu|

'.JPTX\`gnu|

*.JPTX\`gnu|

'.BIekosw{

.DIekosw{

.Uqw{

.FMTpvz~

*HMSgnt

'.JPTX\`

-EKSouy}

-EKQWsy}

#(-159=[

)-15Dosw}

"&*.GM

-QWaekqw}

.RVZ`fmsy

.AHO\ekq

L`

!(.bh

It is strongly recommended to close all Windows program before running the setup program.

Password:

This module need %fM

ECan't create the destination folder, please check and input it again.APlease take off your CD avoiding to restart from CDROM next time.

 Totally scaned %d files, found %d viruses.

Export,Unable to Create File Folder: %s , continue?

This version [version:%s] is older than your current installed [version:%s]

Continue to install Rising AntiVirus Software[version:%s]?

%Click "Next" to continue installation

jSystem comctl32.dll version is lower than 4.70!\please upgrade it through installing IE4 or above version.

KYou have install follow Rising product, this product can't install whit it.FLast Rising setup progress is not completed, please reboot your systemNRising Anti-virus software has been uninstalled successfully but follow files.

!Version: %s Update Date: %s

$Add or remove same component please!(%d second left to auto close this dialog8Rising Anti-virus software has been updated successfully

Password is error7update is completed, windows need reboot for copy file.

install1078565.exe_2676_rwx_100F5000_00001000:

.?AVCppSQLite3Exception@@

UCBrowser.exe_2780:

.text

`.rdata

@.data

@.rsrc

@.reloc

SHA256 block transform for x86, CRYPTOGAMS by <[email protected]>

HtdHtHHHt.HH

j.Yf;

_tcPVj@

.PjRW

Ph.II

d:\webapps\b\build\slave\repo\build\src\chrome\app\chrome_exe_main_win.cc

d:\webapps\b\build\slave\repo\build\src\chrome\app\main_dll_loader_win.cc

Failed to load Chrome DLL from

ChromeMain

RelaunchChromeBrowserWithNewCommandLineIfNeeded

RelaunchChromeBrowserWithNewCommandLineIfNeeded from

Could not find exported function

MetricsReportingEnabled

1.3.21.115

Chrome

0.0.0.0-devel

font_key_name

url-chunk

subresource_url

%s-%x

CHROME_MAIN_TICKS

d:\webapps\b\build\slave\repo\build\src\chrome\installer\util\module_util_win.cc

No valid Chrome version found

chrome-sxs

Cannot initialize AppCommands from an invalid key.

d:\webapps\b\build\slave\repo\build\src\chrome\installer\util\app_commands.cc

Failed to open key "

Skipping over key "

d:\webapps\b\build\slave\repo\build\src\chrome\installer\util\language_selector.cc

Cannot initialize an AppCommand from an invalid key.

d:\webapps\b\build\slave\repo\build\src\chrome\installer\util\app_command.cc

kernel32.dll

d:\webapps\b\build\slave\repo\build\src\sandbox\win\src\sandbox_policy_base.cc

CreateNamedPipeW

NtCreateKey

NtOpenKey

NtOpenKeyEx

CHROME_VERSION

CHROME_METRO_CONNECTED

CHROME_CRASHED

CHROME_RESTART

CHROME_BREAKPAD_PIPE_NAME

d:\webapps\b\build\slave\repo\build\src\components\crash\content\app\breakpad_win.cc

stats-url-exit

stats-url-browser-hang

stats-url

\UCBrowser\User Data\chrome_debug.log

origin breakpad::SetCrashKeyValueImpl

NTDLL.DLL

dbghelp.dll

SHELL32.dll

ole32.dll

function not supported

operation canceled

address_family_not_supported

operation_in_progress

operation_not_supported

protocol_not_supported

operation_would_block

address family not supported

broken pipe

inappropriate io control operation

not supported

operation in progress

operation not permitted

operation not supported

operation would block

protocol not supported

?#%X.y

GetProcessWindowStation

operator

@-@-@-@-

@-@-@-@-@-@-@-@-

(0x%X)

Error (0x%X) while retrieving error. (0x%X)

d:\webapps\b\build\slave\repo\build\src\base\trace_event\trace_log.cc

tracing/thread_%d

[0;3%dm

d:\webapps\b\build\slave\repo\build\src\base\process\process_win.cc

%s-%Iu

(%d = %3.1f%%)

Histogram.InconsistentCountHigh

Histogram.InconsistentCountLow

Histogram: %s recorded %d samples

(flags = 0x%x)

PlatformFile.UnknownErrors.Windows

user32.dll

WorkerThread-%d

.thunks

.syzygy

d:\webapps\b\build\slave\repo\build\src\base\threading\thread_local_win.cc

"%d":

d:\webapps\b\build\slave\repo\build\src\base\trace_event\trace_buffer.cc

renderer.scheduler

disabled-by-default-cc.debug.picture

disabled-by-default-cc.debug

disabled-by-default-toplevel.flow

d:\webapps\b\build\slave\repo\build\src\base\trace_event\memory_dump_manager.cc

%s/%s

MsgLoop:

\uX

d:\webapps\b\build\slave\repo\build\src\base\threading\thread.cc

%d:%s

Chrome.MessageLoopProblem

KeyDown

Chrome_RenderWidgetHostHWND

Chrome_WidgetWin

full-memory-crash-report

D:\webapps\b\build\slave\repo\build\src\out\Release\initialexe\chrome.exe.pdb

chrome.exe

ClearBreakpadPipeEnvironmentVariable

ClearCrashKeyValueImpl

SetCrashKeyValueImpl

SignalChromeElf

chrome_elf.dll

VERSION.dll

WINMM.dll

RegCreateKeyExW

RegQueryInfoKeyW

RegOpenKeyExW

RegEnumKeyExW

RegCloseKey

ADVAPI32.dll

MsgWaitForMultipleObjectsEx

CallMsgFilterW

CloseWindowStation

CreateWindowStationW

SetProcessWindowStation

USER32.dll

GetProcessHeap

GetWindowsDirectoryW

CreateIoCompletionPort

GetProcessHandleCount

KERNEL32.dll

USERENV.dll

GetCPInfo

SetNamedPipeHandleState

TransactNamedPipe

WaitNamedPipeW

zcÁ

UUVQcrtw

r%s @

nq.af

444444444444

474747474747

777777777777

777//6()/777

.mmm,Y

0000000000000000000

11<161611>

z.sa;

.gaB|s

D[%1x

>Eu

.vXZZ

.lecIS

?(.Ul

.WbqfL

<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><dependency><dependentAssembly><assemblyIdentity type="Win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity></dependentAssembly></dependency><dependency><dependentAssembly><assemblyIdentity type="win32" name="5.6.11466.7" version="5.6.11466.7" language="*"></assemblyIdentity></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"></supportedOS><supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"></supportedOS></application></compatibility></assembly>

8 8'868=8

1*11181`2

>$?=?]?}?

?%?0?9?@?

>(>2>9>~>

;$;;;@;`;

6'6-626?6

7.84888<8@8

> >$>(>,>0>4>~>

9(9-92979@9

9(939:9@9}9

4585<5@5

7 7$7(787<7@7

7 7$7(7,70747

config_updater.dll

updater.dll

chrome_watcher.dll

chrome.dll

chrome_child.dll

UCBrowser.exe

metro_driver.dll

{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}

{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}

Browse the web

Software\Microsoft\Windows\CurrentVersion\Uninstall\Chromium

Software\Microsoft\Windows\CurrentVersion\Uninstall\

-chrome

-chromeframe

WebAccessible

E{65122CB0-EA0F-47DF-A953-017170ED12F9}

WebKit

Software\Microsoft\Windows\CurrentVersion\Uninstall\UCBrowser

HKEY_CLASSES_ROOT

HKEY_CURRENT_USER

HKEY_LOCAL_MACHINE

HKEY_USERS

HKEY_PERFORMANCE_DATA

HKEY_PERFORMANCE_TEXT

HKEY_PERFORMANCE_NLSTEXT

HKEY_CURRENT_CONFIG

HKEY_DYN_DATA

ntdll.dll

pipe\

Ekernel32.dll

kernelbase.dll

\Sessions\%d\AppContainerNamedObjects\%ls

ALPC Port

eKey

Fkernel32.dll

gdi32.dll

xntdll.dll

wow_helper.exe"

Crash Reports

script.log

resources.pak

chrome

pepflashplayer.dll

\\.\pipe\GoogleCrashServices\

\\.\pipe\UCBrowserCrashServices

error %u

%d.%d.%d.%d

unspecified-crash-key

stats_uploader.exe

Gmscoree.dll

- floating point support not loaded

- CRT not initialized

- Attempt to initialize the CRT more than once.

portuguese-brazilian

USER32.DLL

rpcrt4.dll

%s\%s.dmp

x-x-x-xx-xxxxxx

\uninstall.exe

mshtml.dll

Ndebug.log

BCmdLine

\StringFileInfo\xx\%ls

Chrome_MessageWindow

Ntdll.dll

Advapi32.dll

shell32.dll

DChrome_MessagePumpWindow_%p

Chrome Frame

{49AE23F3-CF25-4041-9387-DC9D1B578555}

{EE1C56C8-D145-437E-A83F-74406D742719}

%Program Files%\UCBrowser\Application\UCBrowser.exe

UCWeb Inc.

5.6.11466.7

chrome_exe

Copyright 2008-2016 UCWeb Inc. All rights reserved.

UCBrowser.exe_2160:

.text

`.rdata

@.data

@.rsrc

@.reloc

SHA256 block transform for x86, CRYPTOGAMS by <[email protected]>

HtdHtHHHt.HH

j.Yf;

_tcPVj@

.PjRW

Ph.II

d:\webapps\b\build\slave\repo\build\src\chrome\app\chrome_exe_main_win.cc

d:\webapps\b\build\slave\repo\build\src\chrome\app\main_dll_loader_win.cc

Failed to load Chrome DLL from

ChromeMain

RelaunchChromeBrowserWithNewCommandLineIfNeeded

RelaunchChromeBrowserWithNewCommandLineIfNeeded from

Could not find exported function

MetricsReportingEnabled

1.3.21.115

Chrome

0.0.0.0-devel

font_key_name

url-chunk

subresource_url

%s-%x

CHROME_MAIN_TICKS

d:\webapps\b\build\slave\repo\build\src\chrome\installer\util\module_util_win.cc

No valid Chrome version found

chrome-sxs

Cannot initialize AppCommands from an invalid key.

d:\webapps\b\build\slave\repo\build\src\chrome\installer\util\app_commands.cc

Failed to open key "

Skipping over key "

d:\webapps\b\build\slave\repo\build\src\chrome\installer\util\language_selector.cc

Cannot initialize an AppCommand from an invalid key.

d:\webapps\b\build\slave\repo\build\src\chrome\installer\util\app_command.cc

kernel32.dll

d:\webapps\b\build\slave\repo\build\src\sandbox\win\src\sandbox_policy_base.cc

CreateNamedPipeW

NtCreateKey

NtOpenKey

NtOpenKeyEx

CHROME_VERSION

CHROME_METRO_CONNECTED

CHROME_CRASHED

CHROME_RESTART

CHROME_BREAKPAD_PIPE_NAME

d:\webapps\b\build\slave\repo\build\src\components\crash\content\app\breakpad_win.cc

stats-url-exit

stats-url-browser-hang

stats-url

\UCBrowser\User Data\chrome_debug.log

origin breakpad::SetCrashKeyValueImpl

NTDLL.DLL

dbghelp.dll

SHELL32.dll

ole32.dll

function not supported

operation canceled

address_family_not_supported

operation_in_progress

operation_not_supported

protocol_not_supported

operation_would_block

address family not supported

broken pipe

inappropriate io control operation

not supported

operation in progress

operation not permitted

operation not supported

operation would block

protocol not supported

?#%X.y

GetProcessWindowStation

operator

@-@-@-@-

@-@-@-@-@-@-@-@-

(0x%X)

Error (0x%X) while retrieving error. (0x%X)

d:\webapps\b\build\slave\repo\build\src\base\trace_event\trace_log.cc

tracing/thread_%d

[0;3%dm

d:\webapps\b\build\slave\repo\build\src\base\process\process_win.cc

%s-%Iu

(%d = %3.1f%%)

Histogram.InconsistentCountHigh

Histogram.InconsistentCountLow

Histogram: %s recorded %d samples

(flags = 0x%x)

PlatformFile.UnknownErrors.Windows

user32.dll

WorkerThread-%d

.thunks

.syzygy

d:\webapps\b\build\slave\repo\build\src\base\threading\thread_local_win.cc

"%d":

d:\webapps\b\build\slave\repo\build\src\base\trace_event\trace_buffer.cc

renderer.scheduler

disabled-by-default-cc.debug.picture

disabled-by-default-cc.debug

disabled-by-default-toplevel.flow

d:\webapps\b\build\slave\repo\build\src\base\trace_event\memory_dump_manager.cc

%s/%s

MsgLoop:

\uX

d:\webapps\b\build\slave\repo\build\src\base\threading\thread.cc

%d:%s

Chrome.MessageLoopProblem

KeyDown

Chrome_RenderWidgetHostHWND

Chrome_WidgetWin

full-memory-crash-report

D:\webapps\b\build\slave\repo\build\src\out\Release\initialexe\chrome.exe.pdb

chrome.exe

ClearBreakpadPipeEnvironmentVariable

ClearCrashKeyValueImpl

SetCrashKeyValueImpl

SignalChromeElf

chrome_elf.dll

VERSION.dll

WINMM.dll

RegCreateKeyExW

RegQueryInfoKeyW

RegOpenKeyExW

RegEnumKeyExW

RegCloseKey

ADVAPI32.dll

MsgWaitForMultipleObjectsEx

CallMsgFilterW

CloseWindowStation

CreateWindowStationW

SetProcessWindowStation

USER32.dll

GetProcessHeap

GetWindowsDirectoryW

CreateIoCompletionPort

GetProcessHandleCount

KERNEL32.dll

USERENV.dll

GetCPInfo

SetNamedPipeHandleState

TransactNamedPipe

WaitNamedPipeW

zcÁ

UUVQcrtw

r%s @

nq.af

444444444444

474747474747

777777777777

777//6()/777

.mmm,Y

0000000000000000000

11<161611>

z.sa;

.gaB|s

D[%1x

>Eu

.vXZZ

.lecIS

?(.Ul

.WbqfL

<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><dependency><dependentAssembly><assemblyIdentity type="Win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity></dependentAssembly></dependency><dependency><dependentAssembly><assemblyIdentity type="win32" name="5.6.11466.7" version="5.6.11466.7" language="*"></assemblyIdentity></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"></supportedOS><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"></supportedOS><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"></supportedOS><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"></supportedOS><supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"></supportedOS></application></compatibility></assembly>

8 8'868=8

1*11181`2

>$?=?]?}?

?%?0?9?@?

>(>2>9>~>

;$;;;@;`;

6'6-626?6

7.84888<8@8

> >$>(>,>0>4>~>

9(9-92979@9

9(939:9@9}9

4585<5@5

7 7$7(787<7@7

7 7$7(7,70747

config_updater.dll

updater.dll

chrome_watcher.dll

chrome.dll

chrome_child.dll

UCBrowser.exe

metro_driver.dll

{7D2B3E1D-D096-4594-9D8F-A6667F12E0AC}

{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}

Browse the web

Software\Microsoft\Windows\CurrentVersion\Uninstall\Chromium

Software\Microsoft\Windows\CurrentVersion\Uninstall\

-chrome

-chromeframe

WebAccessible

E{65122CB0-EA0F-47DF-A953-017170ED12F9}

WebKit

Software\Microsoft\Windows\CurrentVersion\Uninstall\UCBrowser

HKEY_CLASSES_ROOT

HKEY_CURRENT_USER

HKEY_LOCAL_MACHINE

HKEY_USERS

HKEY_PERFORMANCE_DATA

HKEY_PERFORMANCE_TEXT

HKEY_PERFORMANCE_NLSTEXT

HKEY_CURRENT_CONFIG

HKEY_DYN_DATA

ntdll.dll

pipe\

Ekernel32.dll

kernelbase.dll

\Sessions\%d\AppContainerNamedObjects\%ls

ALPC Port

eKey

Fkernel32.dll

gdi32.dll

xntdll.dll

wow_helper.exe"

Crash Reports

script.log

resources.pak

chrome

pepflashplayer.dll

\\.\pipe\GoogleCrashServices\

\\.\pipe\UCBrowserCrashServices

error %u

%d.%d.%d.%d

unspecified-crash-key

stats_uploader.exe

Gmscoree.dll

- floating point support not loaded

- CRT not initialized

- Attempt to initialize the CRT more than once.

portuguese-brazilian

USER32.DLL

rpcrt4.dll

%s\%s.dmp

x-x-x-xx-xxxxxx

\uninstall.exe

mshtml.dll

Ndebug.log

BCmdLine

\StringFileInfo\xx\%ls

Chrome_MessageWindow

Ntdll.dll

Advapi32.dll

shell32.dll

DChrome_MessagePumpWindow_%p

Chrome Frame

{49AE23F3-CF25-4041-9387-DC9D1B578555}

{EE1C56C8-D145-437E-A83F-74406D742719}

%Program Files%\UCBrowser\Application\UCBrowser.exe

UCWeb Inc.

5.6.11466.7

chrome_exe

Copyright 2008-2016 UCWeb Inc. All rights reserved.

UCBrowser.exe_2780_rwx_03E0A000_00038000:

PPP;

PP;

PPPP;

PPPPPP;

PPPPP;

VW;

UCBrowser.exe_2780_rwx_0C90A000_000F5000:

PP;

PPPPP;

PPPP;

PPP;

PPPPPP;

VW;

PPPPPPPPPP;

PPPPPPPPPPPPP;

y.qqu

=WEBM

=.HTM

webm

PPPPPPPPPPP;

=.DOU

=.DOUu

UCBrowser.exe_2780_rwx_0CA0A000_000F5000:

PPPP;

PPPPP;

PP;

PPPPPPPPPP;

PPPPPPPP;

PPP;

PPPPPPP;

PPPPPPPPPPP;

PPPPPP;

PPPPPPPPPPPPPP;

;Q

UCBrowser.exe_2160_rwx_06D0A000_000F5000:

Qj.hM

webOu

Pj.he.z

Pj.hwd

Pj.hve

RsMgrSvc.exe_2620:

.text

`.rdata

@.data

.rsrc

t%ShH,B

|$D.tD

CryptDecodeObject failed with %x

wintrust.dll

WTHelperGetProvCertFromChain

CryptCATCatalogInfoFromContext

crypt32.dll

CryptMsgGetParam

CryptSIPVerifyIndirectData failed with %x

1.3.6.1.4.1.311.2.1.4

CryptMsgGetParam(%d) failed with %x

CryptSIPRetrieveSubjectGuid failed with %x

CryptQueryObject failed with %x

\\.\PhysicalDrive%d

\\.\Scsi%d:

Iphlpapi.dll

MSIE %d.%d

WININET.DLL

Windows

Windows Me

Windows 98

Windows 95

Windows NT %d.%d

%s:%d

Mozilla/4.0 (compatible; %s; %s; Rising)

HTTP/1.0

Range: bytes=%d-

Software\Microsoft\Windows\CurrentVersion

Advapi32.dll

\Rising\RSD\RsMgrSvc.exe"

SHFolder.dll

Shell32.dll

SOFTWARE\Rising\%s

[d-d-d][d:d:d:d]

Explorer.exe

XXXXXXXXXXX

{X-X-X-XX-XXXXXX}

CLSID\{CAA2D3B1-4BB5-4a45-A17A-122773379D99}

Software\Microsoft\Windows NT\CurrentVersion\Winlogon

2.log

[u]

[0xX]

RAV.INI

WinSessionThread GetPidByName dwPID = %d , name=%s!

NtDll.dll

Kernel32.dll

WTSQueryUserToken Failed! Err Code: %d

wtsapi32.DLL

OpenProcess Failed! Err Code: %d

GetProcAddress(OpenProcessToken) Failed! Err Code: %d

OpenProcessToken Failed! Err Code: %d

GetLogonUserToken(%d)

userinit.exe

CRsMgrSvc::WaitForLogonNT:LoadLibrary(_"psapi.dll");err=0x%x

psapi.dll

Fail to OpenProcessToken; 0x%x

Failed to call CreateProcessAsUser again: appname = %s cmd=%s;err=0x%x.

Failed to SetTokenInformation(0):err=0x%x

Failed to call CreateProcessAsUser:cmd=%s;err=0x%x.

Failed to DuplicateTokenEx:err=0x%x

Failed to SetTokenInformation:err=0x%x

SessionId = %d

Failed to LoadLibrary("Wtsapi32.dll"):err=0x

Failed to call WTSEnumerateSessions:err=0x%x

SessionInfo[%d]: SessionId=%d; WinStationName=%s; State=%d.

Wtsapi32.dll

Failed to CreateProcess:%s;err=0x%x

Failed to LoadLibrary("Wtsapi32.dll"):err=0x%x

Failed to WTSEnumerateSessions:err=0x%x

Session\%d\RSD_POP_MESSAGE_INFO

WinSessionThread CreateProcess ret = %d end !

WinSessionThread CreateProcess pid = %d, CreateProcessAsUser err = %d !

Userenv.DLL

WinSessionThread CreateProcess begin dwSessionID = %d!

Failed to LoadLibrary("Userenv.DLL"):err=0x%x

Failed to call CreateProcessAsUser: cmd=%s;err=0x%x.

New Failed to call WTSQueryUserToken, err= 0x%x

>`rsmsg

%s\rsmsginfo.ini

Failed to open the shell ready event: 0x%x

"%s" /shellrun

%s\RsStub.exe

Session\%d\ShellReadyEvent

LogonRun - session : %d

Failed to call RegOpenKeyEx, err = 0x%x

Failed to call RegSaveKey, err = 0x%x

Failed to call AdjustTokenPrivileges, err = 0x%x

Failed to call OpenPrcessToken, err = 0x%x

%s\RsMgrSvc.dat

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\%s

BaiduAnSvc.exe

BaiduSdSvc.exe

liebao.exe

ksafe.exe

{849B7E2B-0551-429C-B317-14B7D374D6EC}_is1

kxescore.exe

QQPCRtp.exe

360sd.exe

360se.exe

{23F3F476-BE34-4f48-9C77-2806A8393EC4}

360Desktop.exe

ZhuDongFangYu.exe

safeboxTray.exe

Failed to Create LogonRunThread Thread, err = 0x%x

SessionChange:EventType=%d; sessionID = %d

\Backup\RSD\RSSetup\RSSetup.xml

rsup10.rising.com.cn

u.suxiazai.com

%s?t=0&info=%s

ver=%s&guid=%s&sguid=%s&state=%s

hXXp://u.suxiazai.com/menu/info.xml

hXXp://rsup10.rising.com.cn/menu/info.xml

%srsd\info.xml

/subkey

Failed to Verify the "%s".

Failed to call vf.Init.

%s\rsbackup.exe

"%s\rsbackup.exe"

/subkey

%s\RsMgrSvc.ini

%s\updater.exe

"%s\updater.exe"

DeleteFile: %s.

ITEM%d

\RsMgrSvc.ini

DeletePath: %s.

Clean WillReboot In %s

%s\%s\%s.ini

1971-01-01 00:00:00

%d-%d-%d %d:%d:%d

%s\Data

%s /subkey %s /RsMgrSvc

"%s\Updater.exe" /silence

%s\Updater.exe

\Reboot.ini

CRsMgrSvc::SVC:Failed to CreateEvent-Wait: err=0x%x

CRsMgrSvc::SVC:Failed to CreateEvent, err=0x%x

comx3.dll

RstoreDll.dll

@CRsUseRepairProduct::prstorestart %s Dllpath:%s

@CRsUseRepairProduct::prstorestart %s

Subkey: %s could not find dllPath ,so use rsd path:%s

Subkey: %s Path:%s

\RstoreDll.dll

KERNEL32.DLL

kernel32.dll

mscoree.dll

internal state. The program cannot safely continue execution and must

continue execution and must now be terminated.

- This application cannot run using the active version of the Microsoft .NET Runtime

Please contact the application's support team for more information.

GetProcessWindowStation

user32.dll

C:\DistributedAutoLink\Temp\CompileOutputDir\RsMgrSvc.pdb

GetWindowsDirectoryA

KERNEL32.dll

USER32.dll

RegCloseKey

RegOpenKeyExA

RegEnumKeyExA

RegCreateKeyA

RegOpenKeyA

RegSaveKeyA

RegQueryInfoKeyA

ADVAPI32.dll

ole32.dll

OLEAUT32.dll

SHLWAPI.dll

CryptMsgClose

CertCloseStore

CertGetNameStringW

CertFindCertificateInStore

CRYPT32.dll

RPCRT4.dll

InternetCrackUrlA

HttpQueryInfoA

HttpSendRequestA

HttpOpenRequestA

HttpAddRequestHeadersA

WININET.dll

VERSION.dll

GetProcessHeap

GetCPInfo

zcÁ

%Program Files%\Rising\RSD\RsMgrSvc.exe.log

%Program Files%\Rising\RSD\RsMgrSvc.exe

1.0.0.50

RsMgrSvc.exe

20140829105956015

popwndexe.exe_1400:

.text

`.rdata

@.data

.rsrc

@.reloc

Please contact the application's support team for more information.

- Attempt to initialize the CRT more than once.

- CRT not initialized

- floating point support not loaded

operator

GetProcessWindowStation

USER32.DLL

C:\DistributedAutoLink\Temp\CompileOutputDir\popwndexe.pdb

KERNEL32.dll

ole32.dll

GetProcessHeap

GetCPInfo

GetConsoleOutputCP

cOXY/P.Z0.0.QR00/ZPP0000000/0PPZR.BI@/DE0,

<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>

>$>(>,>0>

5(565;5~7

mscoree.dll

KERNEL32.DLL

rsdk.dll

<plugin clsid='{56CF1F5A-D59E-4fe7-BE35-066F4E788E2A}' name='CLID_CRsPopWndUI' start='1'/>

<plugin clsid='{EBC23555-424F-45c3-BECE-206819CB276B}' name='ClSID_CTrayWnd' start='999' /> </plugins></process></rscom>

BUF:<?xml version='1.0' ?><rscom> <components> <component path='rsdk.dll'> <clsid progid='RscomEnv.1'>{E59BC62D-64AB-439D-BAF3-B2D1BA15E441}</clsid> <clsid progid='ObjectLoader.1'>{4F496E7F-D8FD-4DED-967D-C4F53BFB9452}</clsid> <clsid progid='Rot.1'>{216DFF2F-B2F0-4CE0-BA5B-72E0B7BFAC28}</clsid> <clsid progid='MainRun.1'>{C8CA7580-8E65-49E6-A66A-B087C7EF523D}</clsid> <clsid progid='RsSrv.1'>{5D37C04C-8F58-4D47-94C8-B94153399473}</clsid> <clsid progid='Property.1'>{ED20E0E5-2357-4825-B3FA-198AEC674E81}</clsid> <clsid progid='PropertyThread.1'>{AD4F3A47-0CD6-43DE-BC22-E8BE24FFD424}</clsid> <clsid progid='Property2.1'>{2100E98D-B13E-4306-8081-50F325B10586}</clsid> <clsid progid='Property2Thread.1'>{0AEF80FB-9BAF-4E66-96B3-784ED0FCECF1}</clsid> <clsid>{E8D494C-D598-4E2F-B796-809E74315E76}</clsid> <clsid>{95EAB9C4-A7F4-46A8-A69F-54911364F2F0}</clsid> <clsid progid='TrayWnd'>{EBC23555-424F-45C3-BECE-206819CB276B}</clsid> <clsid progid='TraySrv'>{4FCE6281-8849-4FC6-A764-95C793EB8A48}</clsid> <clsid progid='TrayMenuBase'>{FCA0E62A-5DD4-46FB-AFB2-BDC74EA7DB36}</clsid> <clsid>{35FD921E-B758-46D8-B0AA-FCD033B0E66D}</clsid> <clsid progid='DfwWindow'>{201409F6-22F8-48D3-A69F-7935BDDE6BFA}</clsid> <clsid progid='DfwComponentMgr'>{787683B8-D58D-4072-BA04-46284CEA5AF8}</clsid> <clsid progid='DfwDrawIcon'>{224E5B34-E98F-4033-8B6F-46B758E7587E}</clsid> <clsid progid='DfwLocalExternal'>{23BD3E3A-72ED-4AE4-A5A9-41B466BA8D25}</clsid> <clsid progid='SafeSecurity'>{B769D42A-2392-42B6-8C10-DB99AE23F75A}</clsid> </component> <component path = 'localopt.dll'> <clsid progid='localopt'>{1DDF6C09-67B3-4b05-B3A4-43D7D92D067C}</clsid> </component> <component path = 'rsmginfo.dll'> <clsid progid='rsmginfo'>{56CF1F5A-D59E-4fe7-BE35-066F4E788E2A}</clsid> </component> </components></rscom>

{{887FE1BB-7C1F-4d73-BD44-B726E1672DC7}}_%s

%Program Files%\Rising\RSD\popwndexe.exe

1.0.0.7

tray.exe

814210592210000

Remove it with Ad-Aware

Click (here) to download and install Ad-Aware Free Antivirus.
Update the definition files.
Run a full scan of your computer.

Manual removal*

Scan a system with an anti-rootkit tool.
Terminate malicious process(es) (How to End a Process With the Task Manager):

chrmstp.exe:2076
UCBrowser.exe:3452
UCBrowser.exe:2320
UCBrowser.exe:2228
UCBrowser.exe:3924
UCBrowser.exe:3048
UCBrowser.exe:2300
UCBrowser.exe:3036
UCBrowser.exe:3240
UCBrowser.exe:1308
UCBrowser.exe:1860
UCBrowser.exe:3060
UCBrowser.exe:3128
UCBrowser.exe:3736
UCBrowser.exe:3068
sc.exe:844
sc.exe:432
stats_uploader.exe:704
stats_uploader.exe:3308
stats_uploader.exe:3280
setup.exe:1288
kinst_1_644.exe:576
QQBrowser.exe:976
QQBrowser.exe:600
QQBrowser.exe:1964
QQBrowser.exe:952
QQBrowser.exe:1344
QQBrowser.exe:248
QQBrowser.exe:524
QQBrowser.exe:340
QQBrowser.exe:240
QQBrowser.exe:1692
QQBrowser.exe:660
QQBrowser.exe:424
PerfTraceService.exe:600
PerfTraceService.exe:396
regsvr32.exe:404
V8._85416_20150820204011.exe:1460
Browser_V5.5.7852.9_r_4640_(Build1512022057).exe:1232
netsh.exe:1508
netsh.exe:1588
netsh.exe:588
netsh.exe:324
UCService.exe:4044
UCService.exe:2000
UCService.exe:2148
Delete the original Trojan file.
Delete or disinfect the following files created/modified by the Trojan:

%Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\UCÃ¦ÂµÂÃ¨Â§Ë†Ã¥â„¢Â¨.lnk (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\chrome_installer.log (1272 bytes)
%Program Files%\UCBrowser\Application\Share\10.tmp (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Visualized Bookmarks.1-journal (24732 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_SyWUPZUBK3QxJVA (292 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Autocomplete\pc_omnibox_hotwords.json (22 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Top Sites.3 (3588 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Extension State\000001.dbtmp (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Cookies.9 (1043 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\16.tmp (28800 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_ExGmD7jruXIBb42 (131 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Login Cookies.9 (1043 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Bookmarks Backup\A.tmp (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\13.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Cache\index (368 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Download.29-journal (532 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\B.tmp (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Web Data.65 (26901 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\URL Security.1 (1944 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Web Data.65-journal (13900 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Autocomplete\pc_keyword_navigation.json (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\14.tmp (9160 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\F.tmp (44 bytes)
%Program Files%\UCBrowser\Application\Share\icons\new_tab_search\google.com.hk.png (457 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Preferences (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Favicons.8-journal (22724 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Current Session (761 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Cache\f_000008 (105 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Cache\f_000009 (111 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Cache\f_000002 (111 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Cache\f_000003 (111 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Cache\f_000001 (44 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Cache\f_000006 (111 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Cache\f_000007 (111 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Cache\f_000004 (111 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Cache\f_000005 (22 bytes)
%Program Files%\UCBrowser\Application\Share\start.dat (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Extension State\LOG (168 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\3D10A8A76B3CB29D9AF4790E6BCADB69 (140 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\__messages_for_new_tab__ (18 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_giV7bzqqBAP4EoD (532 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Cache\f_00000b (112 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Cache\f_00000c (111 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Cache\f_00000a (111 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\data_reduction_proxy_leveldb\000001.dbtmp (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Cache\f_00000d (1843 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Cache\f_00000e (22 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Top Sites.3-journal (7056 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\UC Login Data.16 (7518 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Login Cookies.9-journal (5308 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_Jpg5x3ieephfQFU (532 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\15.tmp (4285 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\First Run (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Visited Links (284 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Messages (1017 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\History.29 (31961 bytes)
%Documents and Settings%\%current user%\My Documents\Downloads\Ã¥Â·Â²Ã¥Â½â€¢Ã¥Ë†Â¶Ã§Å¡â€žÃ¨Â§â€ Ã©Â¢â€˜\Ã¦â€™ÂÃ¦â€Â¾Ã¥â€°ÂÃ©Â¡Â»Ã§Å¸Â¥.txt (480 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000001 (75 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\data_reduction_proxy_leveldb\LOG (180 bytes)
%Program Files%\UCBrowser\Application\Share\unconfirmed_config (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\C.tmp (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Cookies.9-journal (5308 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Extension State\000003.log (328 bytes)
%Program Files%\UCBrowser\Application\Share\config.dat (3769 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Messages-journal (532 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\E.tmp (15 bytes)
%Program Files%\UCBrowser\Application\Share\share.dat (416 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Autocomplete\pc_omnibox_presets.json (1843 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\UC Login Data.16-journal (532 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\3D10A8A76B3CB29D9AF4790E6BCADB69 (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_VyMeJHntflh81PF (400 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Cache\f_00000f (156 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\URL Security.1-journal (532 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_lpCtidOVvY5TbWl (131 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Current Tabs (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12.tmp (28592 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Extension State\MANIFEST-000001 (75 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Omnibox-journal (10080 bytes)
%Program Files%\UCBrowser\Application\Share\custom.dat (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_9P3GCtaalyONS4N (532 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_7GYKtyiLcDIGnma (5670 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Cache\data_0 (939932 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Cache\data_1 (160192 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Cache\data_2 (1352 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Cache\data_3 (13368 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\chrome_debug.log (99 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_Z4GDwYdE5H9HuSO (532 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_YdV2L1dWw9puMq1 (532 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir_3216_26406\12.tmp (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\D.tmp (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\Autocomplete\pc_omnibox_richcontent.json (105 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\9.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\Default\History.29-journal (7228 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\etilqs_0SXfvD4NFDc49lE (131 bytes)
%Program Files%\UCBrowser\Application\debug.log (1069 bytes)
%WinDir%\Tasks\UCBrowserUpdater.job (878 bytes)
%Program Files%\UCBrowser\Application\Share\task.ini (241 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\AcfJXctwB2VzdrwmGw K1mC6DQZWyITMLc2P5hAUZrWKom3ifjs9LYjy AfrlNVzcsqdtDWtz3kUPtxuFgixAFOCPc9NVlTg==[1].txt (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\UCBrowser\User Data\8.tmp (408 bytes)
%Program Files%\UCBrowser\Application\Share\ConfigTemp\scoped_dir_3736_2517\config.dat (11114 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\l9Vy0cXGQ4wfwmGYFDun FFFOkJObq87WJj4A6Oynt2tqsf8nO1vnbNojahQJT4fNqvnTEQdwQ7W8VfTl0DQoOQnDd7u0K15ivQ==[1].txt (5 bytes)
%Program Files%\UCBrowser\Application\Share\ConfigTemp\scoped_dir_3736_2517\custom.dat (2 bytes)
%Program Files%\UCBrowser\Application\Share\ConfigTemp\scoped_dir_3736_2517\11.tmp (6 bytes)
%Program Files%\UCBrowser\Application\Share\ConfigTemp\Volatile (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\ZGkl7McKo3CxOkIW9H4xtXjILj9rwnfyNl OkbwSNQewVQNfid9sQc4S9zl3ukq36HeA==[1].txt (5 bytes)
%Program Files%\UCBrowser\Application\5.6.11466.7\debug.log (5061 bytes)
%Program Files%\UCBrowser\Application\Share\ConfigTemp\scoped_dir_3736_2517\start.dat (20 bytes)
%Program Files%\UCBrowser\Application\Share\ConfigTemp\scoped_dir_3736_2517\share.dat (482 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RSEDown\rsedownloadconfig.xml.rs (204 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RSEDown\rse.exe.rs (129022 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\rsedownloadconfig[1].xml (196 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\rse1332280[1].exe (129022 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\0lgghpkWPqIqH4SLTvt HHepvf2P7QSA 7sNQpqR2RaiRZDPVL2G7gXW9aEUVEw02fQOCUbeK zBsPw2gnG3T 7dh HAjP9TZn09msyu0skoKQw3lquaUvXKkqmWQwHy2kVn1QWsoujTJNu7Emx84cgy ROS7Q=[1].t (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\FydVigaaxkCuHOWPFyQoucUUdZR8vwKEpXD8wW8rFJ6DAI7Q=[1].txt (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\y[1].txt (5 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Share\icons\searchbar\etao.com.png (252 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\Drivers\ucguard.sys (71 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\UCWiFi\Locales\en-US.pak (6 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Share\icons\desktop\facebook.ico (131 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\Drivers\ucguard-x64.sys (80 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Share\icons\new_tab_search\youku.com.png (764 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Share\icons\login_view\taobao.png (2 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\Configs\config.dat (149 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\natives_blob.bin (1711 bytes)
%Program Files%\UCBrowser\Application\Share\target_locale (5 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Downloader\download\minizip.dll (26 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\5.6.11466.7.manifest (248 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\UCÃ¦ÂµÂÃ¨Â§Ë†Ã¥â„¢Â¨.lnk (1 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\Configs\pt-br\share.dat (66 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\Locales\zh-CN.pak (254 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\UCWiFi\resources.pak (1692 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\wow_helper.exe (80 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Share\icons\searchbar\tmall.com.png (196 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Downloader\download\msvcp71.dll (1791 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\libGLESv2.dll (7972 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Share\icons\new_tab_search\google.com.png (521 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Share\icons\searchbar\taobao.com.png (290 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\Configs\en-in\config.dat (164 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Downloader\download\XLBugReport.exe (248 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\UCService.exe (3678 bytes)
%Program Files%\UCBrowser\Application\master_preferences (235 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\PepperFlash\pepflashplayer.dll (124061 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\molt_tool.exe (1814 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\Configs\zh-cn\start.dat (10 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\Configs\es-419\start.dat (7 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\update_task.exe (1696 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\RaAPAPI.dll (5442 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Downloader\download\dl_peer_id.dll (92 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Downloader\download\MiniThunderPlatform.exe (268 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\Configs\en-in\share.dat (66 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Share\icons\desktop\tmall_points.ico (144 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\theme_tool.exe (1851 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Share\icons\new_tab_search\baidu.com.png (682 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Share\icons\searchbar\sogou.com.png (1 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Share\icons\searchbar\etaohaitao.com.png (438 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Share\icons\extension\renren.png (4 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\Configs\ru\config.dat (149 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\Configs\es-419\config.dat (149 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\snapshot_blob.bin (1802 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\Extensions\zh-CN\external_extensions.json (903 bytes)
%Program Files%\UCBrowser\Application\Uninstall.exe (18934 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Share\icons\bookmarks\amazon.png (507 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\AegisI5.exe (1727 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\UCWiFi.exe (45823 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\Configs\id\start.dat (7 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Share\config.dat (6404 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\chrome.7z (1318189 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\RtlIhvOid.dll (274 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Downloader\download\download_engine.dll (23407 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Share\icons\marketing\1001.ico (192 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Share\icons\searchbar\bing.com.png (1 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\Backup\UCBrowser.exe (7386 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Downloader\download\XLBugHandler.dll (100 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Share\custom.dat (1 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Share\icons\extension\noads.png (4 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\Configs\pt-br\config.dat (149 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\Configs\zh-cn\share.dat (66 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\ICSDHCP.dll (1807 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Share\icons\login_view\alipay.png (2 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\UCAgent.exe (5442 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Share\icons\login_view\weibo.png (1 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\libucguard.dll (179 bytes)
%Program Files%\UCBrowser\Application\wow_helper.exe (601 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\stats_uploader.exe (279 bytes)
%Program Files%\UCBrowser\Application\molt_tool.exe (3361 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\chrome_100_percent.pak (7386 bytes)
%Program Files%\UCBrowser\Application\VERSION (11 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\VERSION (11 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Share\icons\bookmarks\uc123.png (1 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Share\icons\new_tab_search\etao.com.png (335 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Share\icons\login_view\qq.png (2 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Share\icons\new_tab_search\bing.com.png (1 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\Configs\start.dat (7 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\Extensions\external_extensions.json (352 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\resources.pak (172310 bytes)
%System%\drivers\ucguard.sys (601 bytes)
%Program Files%\UCBrowser\Application\UCService.exe (4185 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\Extensions\pt-BR\external_extensions.json (352 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Share\icons\bookmarks\baidu.png (1 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Share\icons\searchbar\google.com.png (457 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\HWID.ini (12 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\libEGL.dll (88 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\UCWiFi\Locales\zh-CN.pak (7 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\Configs\id\config.dat (162 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Share\icons\bookmarks\taobao.png (389 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\chrome_200_percent.pak (7972 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\UCProxySDK.dll (9606 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Downloader\download\atl71.dll (96 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Share\icons\new_tab_search\tmall.com.png (200 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\Extensions\en-IN\external_extensions.json (480 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\Update\UpdateOption.xml (189 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\chrome_child.dll (323690 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\Configs\id\share.dat (66 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\IpLib.dll (208 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\Configs\pt-br\start.dat (7 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\Configs\share.dat (66 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\browsing_data_remover.exe (236 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\d3dcompiler_47.dll (22433 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\RtlLib.dll (1804 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\PepperFlash\manifest.json (2 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\UCÃ¦ÂµÂÃ¨Â§Ë†Ã¥â„¢Â¨\UCÃ¦ÂµÂÃ¨Â§Ë†Ã¥â„¢Â¨.lnk (1 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Share\icons\new_tab_search\taobao.com.png (304 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\win10_200_percent.pak (1721 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Uninstall.exe (17629 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\Update\InstalledConfig.xml (652 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\Locales\en-US.pak (257 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\delegate_execute.exe (3751 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\chrome_elf.dll (138 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\UCBrowser.exe (7386 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\Configs\ru\start.dat (7 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Share\start.dat (10 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\Configs\en-in\start.dat (7 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Share\icons\new_tab_search\sogou.com.png (2 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\courgette.dll (281 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\UCÃ¦ÂµÂÃ¨Â§Ë†Ã¥â„¢Â¨\Ã¥ÂÂ¸Ã¨Â½Â½UCÃ¦ÂµÂÃ¨Â§Ë†Ã¥â„¢Â¨.lnk (1 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\acAuth.dll (7386 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Share\icons\bookmarks\pp_helper.png (1 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\Configs\ru\share.dat (66 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\libeay32.dll (7386 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Share\icons\searchbar\12dc664d-0442-4570-a7c8-f3aa22922cec.com.png (252 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\win10_100_percent.pak (1695 bytes)
%Program Files%\UCBrowser\Application\5.6.11466.7\Installer\setup.exe (7547 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\updater.dll (7386 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\Languages\settings.xml (103 bytes)
%Documents and Settings%\All Users\Desktop\UCÃ¦ÂµÂÃ¨Â§Ë†Ã¥â„¢Â¨.lnk (1 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Downloader\download\msvcr71.dll (1635 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Share\icons\searchbar\baidu.com.png (426 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\Configs\zh-cn\config.dat (6404 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\libexif.dll (317 bytes)
%Program Files%\UCBrowser\Application\UCBrowser.exe (7547 bytes)
%Program Files%\UCBrowser\Application\update_task.exe (2321 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\config_updater.dll (5442 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\Languages\chs.locale (1 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Downloader\xldl.dll (289 bytes)
%Program Files%\UCBrowser\Application\5.6.11466.7\Installer\chrmstp.exe (7547 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\Extensions\id-ID\external_extensions.json (352 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Downloader\download\id.dat (40 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\win10.pak (8 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\chrome_watcher.dll (1680 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Share\icons\searchbar\google.com.hk.png (457 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Share\share.dat (66 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\ucwifi_compat.dll (1633 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Downloader\download\zlib1.dll (66 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Share\icons\searchbar\youku.com.png (653 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\Share\icons\new_tab_search\12dc664d-0442-4570-a7c8-f3aa22922cec.com.png (479 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\icudtl.dat (34008 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\Configs\es-419\share.dat (66 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\7z.dll (6361 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\RtlLib_xp.dll (3736 bytes)
%Program Files%\UCBrowser\Temp\source1288_30235\Chrome-bin\5.6.11466.7\chrome.dll (286042 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\dr_packet.dat (392 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Skin\001-Cool Air.gt (252503 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Skin\LightStripes.gt (601 bytes)
%Program Files%\Tencent\QQBrowser\QQBrowserConfig.dat (114 bytes)
%WinDir%\Tasks\QQBrowser Udpater Task(Core).job (280 bytes)
%WinDir%\Tasks\QQBrowser Udpater Task.job (276 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ClientUpdate\cli3.tmp.qbl (11807 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ClientUpdate\cli5.tmp.qbl (1098 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ClientUpdate\cli6.tmp.qbl (194 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\ClientUpdate\update.ini (106 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\7185bdf1gw1f05vls701mg21130hix6s[1].gif (326744 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\7185bdf1gw1f13nembfz5g20rt0m7tpt[1].gif (41584 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\Browser_V5.6.11466.7_r_4640_(Build1603281525)[1].exe (3498742 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu2.tmp\System.dll (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\21.tmp (326744 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\25.tmp (41584 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\26.tmp (286904 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu2.tmp\ExecCmd.dll (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu2.tmp\nsProcess.dll (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\1332280[1].exe (15336 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\7185bdf1gw1f0copg2ejkg207o08ce84[1].gif (286904 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu2.tmp\Inetc.dll (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\desktop.ini (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\install1078565.exe (35525 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\kinst_1_644.exe (9483 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu2.tmp\ZipDLL.dll (5500 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\28.tmp (52424 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\V8._85416_20150820204011.exe (40581 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\psb[1].gif (52424 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu2.tmp\Base64.dll (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Browser_V5.5.7852.9_r_4640_(Build1512022057).exe (3498742 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1.jpg (5855 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1332280.exe (15336 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\ui\snin.htm (527 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\ravdefdb\rsmon.db1 (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\ravxp\ravxp.xml (404 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\RSD936\CHS.lag (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\cloudv3\userdata.rstray (293 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\ravconfig\ravcfg.xml (126 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\CompsVer.inf (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\_rav\_rav.xml (368 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\ravbase\RsTray.ico (68 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\rsmondef\bacore.dll (5679 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\updater.exe (3956 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\label.dat (384 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\rsmondef\x64\adefmon.mond (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\popwndexe.exe (126 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\monbasedui\monbasedui.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\mscrt9\atl90.dll (1708 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\monbasedui\ravmond.exe (1990 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\ravbase\setup.dat (126 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\rav936\lics936.txt (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\RsMgrSvc.exe (1855 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\ravdefdb\uprsuser.dat (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\ravbase\Repair.url (155 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\os.xml (685 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\RsBackup.exe (1851 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\rav936\rav936.xml (515 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\rscfg\rscfg.xml (996 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\ravbase\LogAc.bmp (24 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\ravbase\RsSmall.bmp (576 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\ravbase\Rising.ico (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\rscomm\rscomm.xml (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\ravbase\url.ini (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\ravbase\rstask.xml (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\ravdefdb\ravdefdb.xml (968 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\ravlog\ravlog.xml (545 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\rsdk\rsdk.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\Custom.xml (775 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\license\license.xml (347 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\ravmon\mondcoms.xml (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\ravbase\repairmanager.mond (207 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\ravbase\RAV.ico (81 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\RSSETUP.xml (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\ravdefdb\uprsmon.dat (45 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\mscrt9\Microsoft.VC90.ATL.manifest (466 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\cloudv3\dataups.dat (207 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\license\12345678.000 (24 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\RsStub.exe (1958 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\ravmaindui\ravmaindui.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\update.xml (164 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\ravbase\LogDc.bmp (24 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\Setup.exe (5201 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\cloudv3\datastorage.db (19 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\ravbase\ravbase.xml (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\cloudqry\rsnscfg.dat (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\cloudv3\cloudv3.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\hookbase\rsdll.dll.dat (50 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\RSD1252\Eng.lag (52 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\_rav\setup.xml (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\ravbase\RsMain.ico (27 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\ravmaindui\rsmain.exe (817 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\mscrt9\mscrt9.xml (961 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\cloudqry\cloudqry.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\rav936\chs.lag (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\rsmondef\rsmondef.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\RSD932\Jpn.lag (37 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\RSD950\CHT.lag (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\ravbase\repairmanager.mondcoms (232 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\setup.dat (118 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\hookbase\hookbase.xml (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\rsmondef\bawhite.dat (22 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\ravxp\ravxp.exe (86 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\rsmondef\antipromotionmon.dll (49 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\ravconfig\ravconfig.xml (519 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\Rav.7z (98827 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\cloudv3\userdata.mond (485 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\mscrt9\Microsoft.VC90.CRT.manifest (496 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\ravdefdb\rsuser.db1 (71 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\ravmon\ravmon.xml (574 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\rsmondef\adefmon.mond (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\Auto.ini (36 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\RsdSfxTmp\ravmon\mond.xml (2 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\small.html (2 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\images\installed_arrow.png (176 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin\theme.png (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\homepage\0\website\bggradient_day.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Infobar\js\base.js (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Adblock\whitelist.ze (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\event\bg.png (28 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\lib\template.js (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\warn-dialog-close.png (295 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\installed_arrow.png (176 bytes)
%Program Files%\Tencent\QQBrowser\dr.dll (601 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\delete_active_ie.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\js\search.js (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\delete.png (1 bytes)
%Program Files%\Tencent\QQBrowser\MouseGesture.dll (56 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\history\img\search.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\favicon\index.html#account.ico (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\images\searchlogo_24_sogou.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\delete_active.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Microsoft.VC90.CRT\msvcr90.dll (4185 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\js\global.js (394 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\images\qblogo.png (868 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\service\perfctrl.dll (3447 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\history\img\del2.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\background.js (31 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\HomePage\index.ini (16 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\qblogo.png (868 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\8DFDF057024880D7A081AFBF6D26B92F (176 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\QQBrowserLiveup.exe (3502 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin\tab_bg_white.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\picker_floor_hover.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Extensions8\{00000000-0000-0000-0000-000000000000}\jquery.js (92 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\js\init.js (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\Private-icon.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\DB\random.db (10 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\MouseGesture.dll (872 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\default.ico (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\skin_mask.png (923 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\addressbar_blank.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\service\PerfTraceService.exe (2934 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\css\style.css (6 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\img\del2.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\images\searchlogo_24_sogou.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\app_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\plugin1.png (11 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\js\api.js (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\js\api.js (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\{CAA4306F-826C-4c1b-8FC6-571F84949DB4} (6 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\{3E9C7A5B-D249-4C28-A451-53E1024AD354} (2 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\lib\jquery.min.js (92 bytes)
%Program Files%\Tencent\QQBrowser\Html\images\searchlogo_24_soso.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\skin_selected_white_ie.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\js\global.js (394 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\certerror.html (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\sliderman.1.3.7.js (19 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\history2.js (21 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\loading.gif (5 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\InstModules\Microsoft.VC90.CRT\msvcp90.dll (3361 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\unlock_ie.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\account_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\css\style.css (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\NetWork.dll (2602 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\QQBrowserSecurityCenter.exe (2015 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\homepage\0\website\bgsearch_day.jpg (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\quicklink_toast_locked.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\lock_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\index.html (1 bytes)
%Program Files%\Tencent\QQBrowser\Infobar\image\infobar_offlineurl.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\unlock_hover_ie.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\images\default-icon.png (1 bytes)
%Program Files%\Tencent\QQBrowser\QBExtensionFramework.dll (3361 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\quicklink_recommendcelltag.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\js\business.js (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\{B00DFF21-511E-4249-BCB9-EECC370D796B} (430 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\unlock_hover_ie.png (1 bytes)
%Program Files%\Tencent\QQBrowser\tssafeedit.dat (41 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\bkg.gif (22 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\images\searchlogo_24_baidu.png (870 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}.qrx (21 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\history_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\favicon\index.html#app.ico (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\accountInfoBar.html (794 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\EventTracing.dll (1326 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Extensions8\Temp\{7E2975A3-E661-42F2-8614-A9D18CBB20FE}.qrx (19 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\theme.png (25 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\small.html (2 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\lock.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Liveup\Temp\QQBrowserLiveup.exe (1425 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\history\img\atbk1.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\picker_floor.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\event\bg.png (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\resources.pri (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\dock_game.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\thumb\http___tq.qq.com_qbrcenter_index.html_adtag=8gongge.jpg (11 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\js\inforBar.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\nsis_skin.gt (106 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\favicon (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Extensions8\{5062F1C6-D76B-43c8-ADAE-D060662C6546}\extplayer.js (30 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\img\atbk1.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin\tab_bg_blank.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\Infobar\image\infobar_close_hover.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\images\searchlogo_24_baidu.png (870 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\DB\history.db (601 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\unlock_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\picker_ceil_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\delete_active.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\Infobar\css\base.css (2 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\favicon\index.html#history.ico (1 bytes)
%Program Files%\Tencent\QQBrowser\service\xperf.exe (2105 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin\picker_ceil.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\Infobar\inforBar.html (800 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\Assistant.dll (6284 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\qblogo.png (868 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\service\qqtrack.xml (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\service\QQTrace.ini (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\searchlogo_24_sogou.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\Resource.dll (1365 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{5062F1C6-D76B-43c8-ADAE-D060662C6546}\extplayer.js (30 bytes)
%Program Files%\Tencent\QQBrowser\manifest.json (261 bytes)
%Program Files%\Tencent\QQBrowser\Html\lib\jquery.min.js (92 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\tab_bg_blank.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\PrScrn.dll (2517 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\account\up.png (971 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\quicklink_toast_unlocked.png (2 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\addressbar_blank.png (5 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\js\api.js (3 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\account.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Adblock\{43789A6F-8316-54A6-96D4-87874B9CC177} (5 bytes)
%Program Files%\Tencent\QQBrowser\Microsoft.VC90.CRT\msvcp90.dll (3361 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\lock_hover.png (1 bytes)
%Program Files%\Tencent\QQBrowser\navi.ico (15 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Extensions8\Temp\{C74EB4B8-B51A-4BF7-A213-E29859D69D83}.qrx (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\thumb\qqbrowser_home.jpg (14 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\js\global.js (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\images\hse.png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\db\random.db (10 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\yellow.png (626 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\dock_game.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Liveup\Temp\Microsoft.VC90.CRT\msvcp90.dll (3361 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\thumb\http___www.qq.com__pgv_ref=qqBrowserPC.jpg (16 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\lock.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\app_active.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\thumb\http___speed.qq.com_act_a20141103plan_.jpg (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\qqtrack.xml (7 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{A1D7EDF6-6151-4F2D-B39E-01D6FABE0325}.qrx (19 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\history\img\del.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{CD36E3DB-304A-48EF-A8A2-D873F608D2AE}.qrx (30 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\lib\jquery.mCustomScrollbar.concat.min.js (37 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\css\ycalendar.css (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manifest.json (197 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\history\img\checkbox.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\js\init.js (8 bytes)
%Program Files%\Tencent\QQBrowser\service\qqtrack.xml (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\accountInfoBar.html (794 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\wifi_dialog_close_btn.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\dock_video.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\image\infobar_close_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\theme_ie.png (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\UserPinnedTemp\QQÃ¦ÂµÂÃ¨Â§Ë†Ã¥â„¢Â¨.lnk (2 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\app_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\account\up.png (971 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Thumb\http___s.click.taobao.com_khr1bAy.jpg (9 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\quicklink_newcelltag_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\arrowdown_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\images\hse.png (4 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\history_hover.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\lib\jquery.mCustomScrollbar.css (9 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\8DFDF057024880D7A081AFBF6D26B92F (533 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\images\plugin3.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\QQÃ¦ÂµÂÃ¨Â§Ë†Ã¥â„¢Â¨.lnk (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\BugReport.exe (7256 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\app.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\lock_active.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\favicon\index.html#account.ico (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\history_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\loading.gif (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\image.png (5 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\plugin3.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\js\search.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\thumb\https___mail.qq.com_.jpg (16 bytes)
%Program Files%\Tencent\QQBrowser\Infobar\inforBar.html (800 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\dock_game_hover.png (3 bytes)
%Program Files%\Tencent\QQBrowser\QQBrowser.exe (601 bytes)
%Program Files%\Tencent\QQBrowser\QRCode.dll (31 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\quicklink_newcelltag.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\picker_ceil.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\db\homepage.db (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\favicon\index.html#skin.ico (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\DB\homepage.db (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\history_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\account_active.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\error.html (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\{3349050F-829E-4bb2-AACF-03E3A6B68677} (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\Dialogs.dll (10771 bytes)
%Program Files%\Tencent\QQBrowser\service\perfctrl.dll (1281 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{ACC06D2A-2285-4ed9-B4E4-0F3198501410}.qrx (12 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\quicklink_recommendcelltag_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\unlock_ie.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\tssafeedit.dat (41 bytes)
%Program Files%\Tencent\QQBrowser\Dialogs.dll (7385 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\plugin2.png (6 bytes)
%Program Files%\Tencent\QQBrowser\service\7z.exe (673 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\history\img\del.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\index.html (17 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\gray.png (501 bytes)
%Program Files%\Tencent\QQBrowser\Html\manifest.json (197 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\{CAA4306F-826C-4c1b-8FC6-571F84949DB4} (6 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\images\pixel.gif (43 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\images\searchlogo_24_bing.png (442 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\db\history.db (108 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\CustomerJoinPlan.txt (2 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin\addressbar_white.png (5 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\tab_bg_blank.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Adblock\mainlist.ze (29 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\arrowdown_hover_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\index.html (1 bytes)
%Program Files%\Tencent\QQBrowser\QQBrowserFrame.dll (11518 bytes)
%Program Files%\Tencent\QQBrowser\resources.pri (3 bytes)
%Program Files%\Tencent\QQBrowser\Downloader.dll (3073 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\history\img\up-down.png (999 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\app.js (17 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\HomePage\0\website\index.html (601 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\lock_active_ie.png (1 bytes)
%Program Files%\Tencent\QQBrowser\WebpDecodeFilter.dll (673 bytes)
%Program Files%\Tencent\QQBrowser\Html\lib\jquery.mCustomScrollbar.concat.min.js (37 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Adblock\whitelist.ze (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\large_installed_arrow.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\images\icon_not_recommended.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\quicklink_recommendcelltag.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\InstModules\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\theme_ie.png (15 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\unlock_active_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\tab_bg_white.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\history_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\small_installed_arrow.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\delete_ie.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\favicon\index.html#app.ico (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\unlock.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\history\img\atbk1.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\unlock.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\green.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\installed_arrow.png (176 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\thumb\http___s.click.taobao.com_khr1bAy.jpg (9 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\arrowdown_hover.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\uninst.exe (3649 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\quicklink_recommendcelltag_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\arrowdown.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\{3E9C7A5B-D249-4C28-A451-53E1024AD354} (2 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\skin_selected_white.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\skin_selected_blank.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\dock_video.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\lock_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\theme.png (25 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\lib\jquery.mCustomScrollbar.css (9 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\uninstallBtn.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\pink.png (716 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\js\search.js (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\dock_video_active.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\favicon\index.html#account.ico (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\Infobar\image\infobar_close_normal.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\account\down.png (971 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}_1\QBSafe.dll (1735 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\Infobar\image\infobar_close_active.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\js\global.js (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\warn-dialog-close.png (295 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\css\style.css (6 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Thumb\qqbrowser_home.jpg (14 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\favicon\index.html#app.ico (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\css\screen.css (14 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\unlock_ie.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\images\pixel.gif (43 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin\skin_mask.png (923 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\image\infobar_close_normal.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\quicklink_recommendcelltag_ie.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\night.png (546 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{132A61AD-1025-4629-960D-B21EE8BAABB3}.qrx (17 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\js\init.js (8 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Thumb\https___mail.qq.com_.jpg (16 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\wifi_dialog_close_btn.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\img\del.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\Infobar\image\icon.png (487 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\private.html (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\unlock_hover_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\pixel.gif (43 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\delete_hover.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\QRCode.dll (31 bytes)
%Program Files%\Tencent\QQBrowser\nsis_skin.gt (601 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\arrowdown_hover_ie.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\license.txt (17 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\dock_game_active.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\skin_mask.png (923 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\skin_selected_white_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\error.html (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\homepage\0\website\icon.fw.png (8 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\history\img\search.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Adblock\wbg.png (136 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin\skin_selected_blank_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\lock_ie.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\dock_video.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\lib\ycalendar.js (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\delete.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\css\ycalendar.css (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\wifi_dialog_cancel_btn.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Liveup\Temp\QBUtils.dll (12287 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\blue.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\dr.dll (864 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\image\infobar_close_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\text_light.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Infobar\image\infobar_login.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\img\up-down.png (999 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\css\articlecontent.css (12 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\shadow-bottom.png (2 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\HomePage\0\website\bgsearch_day.jpg (4 bytes)
%Program Files%\Tencent\QQBrowser\Html\images\icon_suggested_action.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Infobar\image\infobar_fav.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\sliderman.1.3.7.js (19 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\img\down.png (960 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\images\site_text.png (5 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\quicklink_toast_locked.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Thumb\http___speed.qq.com_act_a20141103plan_.jpg (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\reader.html (30 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\js\tool.js (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\8.0.0.12\manifest.json (256 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\Infobar\image\security.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\lock_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\arrowdown.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Infobar\css\base.css (2 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\images\wifi_dialog_continue_btn.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\images\icon_suggested_action.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\quicklink_newcelltag.png (1 bytes)
%Program Files%\Tencent\QQBrowser\BugReport.exe (2321 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\account\down.png (971 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\event\bg.png (28 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin\skin_selected_blank.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\favicon\index.html#skin.ico (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\images\loading.gif (5 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\image.png (5 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\HomePage\0\website\sogou_web.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}.qrx (21 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\history\history2.js (21 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\dock_video_active.png (3 bytes)
%Program Files%\Tencent\QQBrowser\Html\lib\ycalendar.js (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\uninstallBtn.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\lock_active_ie.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\homepage\0\website\sogou_web.png (5 bytes)
%Program Files%\Tencent\QQBrowser\Html\certerror.html (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\site_text.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\service\xperf.exe (5001 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Extensions8\Temp\{A1D7EDF6-6151-4F2D-B39E-01D6FABE0325}.qrx (19 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\dock_game_hover.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\arrowdown_ie.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Extensions8\Temp\{CD36E3DB-304A-48EF-A8A2-D873F608D2AE}.qrx (30 bytes)
%Program Files%\Tencent\QQBrowser\QBSafe.dll (1735 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\quicklink_toast_unlocked.png (2 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\search_btn.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\quicklink_toast_locked.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Thumb\http___tq.qq.com_qbrcenter_index.html_adtag=8gongge.jpg (11 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\searchlogo_24_bing.png (442 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\private.html (3 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin\skin_selected_white_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\favicon\index.html#history.ico (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\dock_video_active.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\images\searchlogo_24_google.png (919 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\delete_active_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\images\icon_not_recommended.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\quicklink_toast_unlocked.png (2 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\history.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\searchbar_searchengine_arrow.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\history\css\history.css (8 bytes)
%Program Files%\Tencent\QQBrowser\Microsoft.VC90.CRT\msvcm90.dll (1281 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\delete_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\js\injectReader.js (19 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\searchbar_searchengine_arrow.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\images\searchlogo_24_google.png (919 bytes)
%Program Files%\Tencent\QQBrowser\Html\images\search_btn.png (1 bytes)
%Program Files%\Tencent\QQBrowser\QQBrowserLiveup.exe (1425 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\image\infobar_close_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Adblock\mainlist.ze (29 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\lib\ycalendar.js (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\QBExtensionFramework.dll (3766 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\close.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\css\ycalendar.css (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\lock_hover_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\images\searchlogo_24_soso.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\js\business.js (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\QQBrowserFrame.dll (13493 bytes)
%Program Files%\Tencent\QQBrowser\Infobar\image\infobar_close_normal.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\js\init.js (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\quicklink_newcelltag.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\close.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\lib\jquery.mCustomScrollbar.concat.min.js (37 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\js\init.js (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\Microsoft.VC90.CRT\msvcm90.dll (2129 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manifest.json (197 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\plugin2.png (6 bytes)
%Program Files%\Tencent\QQBrowser\Infobar\image\security.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\dock_game_active.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\arrowdown_hover.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\searchbar_searchengine_arrow.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\history\img\down.png (960 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\homepage\0\website\index.html (86 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\Infobar\js\base.js (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\thumb\http___browser.qq.com_new_wechat1.0.html_type=1.jpg (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\Downloader.dll (4010 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Extensions8\Temp\{ACC06D2A-2285-4ed9-B4E4-0F3198501410}.qrx (12 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\account\down.png (971 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\thumb\http___qzone.qq.com_.jpg (12 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\picker_floor.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\history\img\down.png (960 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\history.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Adblock\{43789A6F-8316-54A6-96D4-87874B9CC177} (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\WebpDecodeFilter.dll (2128 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\images\search_btn.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\account_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\lib\jquery.easing.js (3 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\images\large_installed_arrow.png (1 bytes)
%Program Files%\Tencent\QQBrowser\PrScrn.dll (1281 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\arrowdown_hover_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\background.html (122 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\Ã¨â€¦Â¾Ã¨Â®Â¯Ã¨Â½Â¯Ã¤Â»Â¶\QQÃ¦ÂµÂÃ¨Â§Ë†Ã¥â„¢Â¨\QQÃ¦ÂµÂÃ¨Â§Ë†Ã¥â„¢Â¨.lnk (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\account.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\service\7z.exe (1209 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\Microsoft.VC90.CRT\msvcp90.dll (6900 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\HomePage\0\website\bggradient_day.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\content.js (30 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\js\inforBar.js (1 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\62B5AF9BE9ADC1085C3C56EC07A82BF6 (150 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\css\articlecontent.css (12 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\lib\template.js (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\delete_active_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\searchlogo_24_baidu.png (870 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\icon_not_recommended.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\quicklink_newcelltag_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\images\small.png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\Infobar\image\infobar_login.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\delete.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Thumb\http___qzone.qq.com_.jpg (12 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\account\up.png (971 bytes)
%Program Files%\Tencent\QQBrowser\uninst.exe (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\yellow.png (626 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\skin_selected_blank_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\images\shadow-bottom.png (2 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\{3349050F-829E-4bb2-AACF-03E3A6B68677} (5 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\manifest.json (5 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\index.html (17 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\account_hover.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\{6970B802-2F13-4038-B620-33B0211D26A0} (99 bytes)
%Program Files%\Tencent\QQBrowser\EventTracing.dll (39 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\site_text.png (5 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\css\screen.css (14 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\plugin3.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\images\Private-icon.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\lock_hover_ie.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\unlock_active_ie.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\unlock_hover.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\Config.xml (1 bytes)
%Program Files%\Tencent\QQBrowser\Infobar\image\icon.png (487 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\tab_bg_white.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\plugin1.png (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\skin\LightStripes.gt (94 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\QBInstaller.dll (3710 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\default.ico (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\lib\jquery.min.js (92 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\green.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Extensions8\Temp\{44A126BF-51C2-48AD-A593-94B50071EB64}.qrx (39 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{00000000-0000-0000-0000-000000000000}\jquery.js (601 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\error.html (7 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\history\img\closeBtnSearchbar.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\css\style.css (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\QBUtils.dll (17689 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\large_installed_arrow.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\lock_active_ie.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\lock_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\sliderman.1.3.7.js (19 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\manifest.json (5 bytes)
%Program Files%\Tencent\QQBrowser\Html\images\small.png (2 bytes)
%Program Files%\Tencent\QQBrowser\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\app.js (17 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\app.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Liveup\Temp\Microsoft.VC90.CRT\msvcr90.dll (4185 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\images\wifi_dialog_cancel_btn.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\addressbar_white.png (5 bytes)
%Program Files%\Tencent\QQBrowser\QQBrowserSecurityCenter.exe (673 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\history\img\closeBtnSearchbar.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\js\init.js (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\searchlogo_24_soso.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\css\style.css (2 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\lib\jquery.mCustomScrollbar.css (9 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\app_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\dock_game_active.png (3 bytes)
%Program Files%\Tencent\QQBrowser\service\QQTrace.ini (3 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\index.html (17 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\unlock_active_ie.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\js\business.js (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\QQBrowser.exe (1661 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\history\img\atbk2.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\lock_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\manifest.json (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\gray.png (501 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\images\plugin2.png (6 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\quicklink_recommendcelltag.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\account_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\js\business.js (8 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\icon_suggested_action.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\account.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Thumb\http___browser.qq.com_new_wechat1.0.html_type=1.jpg (10 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\reader.html (30 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\image\accountInfo.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\navi.ico (15 bytes)
%Program Files%\Tencent\QQBrowser\Html\lib\template.js (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\delete_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\history_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\dock_game.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\Microsoft.VC90.CRT\msvcr90.dll (8224 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{C74EB4B8-B51A-4BF7-A213-E29859D69D83}.qrx (15 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\{B00DFF21-511E-4249-BCB9-EECC370D796B} (430 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\small.png (2 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}.qrx (1281 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\searchlogo_24_google.png (919 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\Infobar\image\infobar_offlineurl.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\arrowdown.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\picker_ceil_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\skin_selected_blank_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\unlock_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\wifi_dialog_continue_btn.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\history\img\atbk2.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\delete_hover_ie.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\js\api.js (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\js\global.js (394 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\Infobar\image\infobar_fav.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\bin\TridentCore.dll (9754 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\images\wifi_dialog_close_btn.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\dock_game_hover.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\video\vd.ini (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\{6970B802-2F13-4038-B620-33B0211D26A0} (601 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\lock_hover_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\delete_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\text_light.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\history\img\del2.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\css\app.css (9 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\img\search.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\delete_hover_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin_hover.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\images\plugin1.png (11 bytes)
%Program Files%\Tencent\QQBrowser\Html\small.html (2 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin\picker_floor.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\images\small_installed_arrow.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\HomePage\0\website\icon.fw.png (8 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Thumb\http___www.3366.com__ADTAG=cop.QQbrowser.8new.jpg (16 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}\8.0.0.12\QBSafe.dll (1735 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\app_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\history\css\history.css (8 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\arrowdown_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\HomePage\0\website\imgSearch.png (10 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\addressbar_white.png (5 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\index.html (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\images\bkg.gif (22 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\js\api.js (3 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin\text_light.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\images\searchlogo_24_bing.png (442 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\favicon\index.html#skin.ico (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\blue.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\lib\jquery.easing.js (3 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\images\warn-dialog-close.png (295 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\history\img\up-down.png (999 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\delete_ie.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\img\checkbox.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\unlock_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Liveup\Temp\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Extensions8\Temp\{132A61AD-1025-4629-960D-B21EE8BAABB3}.qrx (17 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\qqtrack.xml (7 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\lib\jquery.easing.js (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\{B00D20E2-207A-431A-9712-E1279792681B} (89 bytes)
%Documents and Settings%\%current user%\Desktop\Ã¤Â¸Å Ã§Â½â€˜Ã¥Â¯Â¼Ã¨Ë†Âª.lnk (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\grid\lock_ie.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\InstModules\QBUtils.dll (12287 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\delete_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\css\style.css (2 bytes)
%Documents and Settings%\%current user%\Desktop\QQÃ¦ÂµÂÃ¨Â§Ë†Ã¥â„¢Â¨.lnk (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}.qrx (1645 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin\skin_selected_white.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\{B00D20E2-207A-431A-9712-E1279792681B} (89 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\image\infobar_close_normal.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\thumb\http___www.3366.com__ADTAG=cop.QQbrowser.8new.jpg (16 bytes)
%Program Files%\Tencent\QQBrowser\Html\images\Private-icon.png (3 bytes)
%Program Files%\Tencent\QQBrowser\Infobar\image\infobar_close_active.png (1 bytes)
%Program Files%\Tencent\QQBrowser\service\PerfTraceService.exe (1425 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Adblock\wbg.png (136 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\js\business.js (9 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\history.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\account_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\wifi_dialog_continue_btn.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\arrowdown_hover.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\homepage\0\website\imgSearch.png (10 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\img\dock_video_hover.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\content.js (30 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Video\vd.ini (1 bytes)
%Program Files%\Tencent\QQBrowser\Infobar\image\infobar_close_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Thumb\http___www.qq.com__pgv_ref=qqBrowserPC.jpg (16 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\images\uninstallBtn.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\js\global.js (1 bytes)
%Program Files%\Tencent\QQBrowser\skin\LightStripes.gt (601 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\default.ico (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin\theme_ie.png (15 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin\picker_floor_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\img\closeBtnSearchbar.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\lock.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\img\atbk2.png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Extensions8\Temp\{E5914276-7752-43C4-9723-50EE9CF51AD8}.qrx (16 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\picker_floor_hover.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\js\business.js (9 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\app\css\app.css (9 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}\8.0.0.25\image\infobar_close_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\night.png (546 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\img\skin\picker_ceil.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\quicklink_newcelltag_ie.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\delete_hover_ie.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\css\app.css (9 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\app_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\wifi_dialog_cancel_btn.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\quickaccess\js\api.js (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\background.html (122 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin\addressbar_blank.png (5 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\image\accountInfo.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\private.html (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Extensions8\Temp\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}.qrx (244 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\history\img\checkbox.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\unlock_active.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\app.js (17 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\app\images\default-icon.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Resource.dll (673 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\manifest.json (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}.qrx (2105 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\skin\picker_ceil_hover.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\history\css\history.css (8 bytes)
%Program Files%\Tencent\QQBrowser\app.ico (284 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\js\tool.js (3 bytes)
%Program Files%\Tencent\QQBrowser\Html\images\shadow-bottom.png (2 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\default-icon.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin_active.png (1 bytes)
%Program Files%\Tencent\QQBrowser\QBUtils.dll (12287 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\manage\js\tool.js (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{44A126BF-51C2-48AD-A593-94B50071EB64}.qrx (39 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\homepage\index.ini (16 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\62B5AF9BE9ADC1085C3C56EC07A82BF6 (224 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\history\history2.js (21 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\app\images\small_installed_arrow.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\InstModules\Microsoft.VC90.CRT\msvcr90.dll (4185 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{7E2975A3-E661-42F2-8614-A9D18CBB20FE}.qrx (19 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\css\style.css (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\12au7ff5d\appdata\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\js\injectReader.js (19 bytes)
%Program Files%\Tencent\QQBrowser\NetWork.dll (673 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\certerror.html (3 bytes)
%Program Files%\Tencent\QQBrowser\TridentCore.dll (7345 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\css\style.css (6 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\dock_video_hover.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{0508DF1F-2AB6-4fac-A99E-45BBBF24E1E6}_1\manifest.json (256 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\img\app.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\quickaccess\img\grid\unlock_active.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\manage\favicon\index.html#history.ico (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{309147A1-5CA9-4082-BAB3-BF9020CDE0C2}_1\background.js (31 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\close.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\skin_selected_white.png (1 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{807849B3-40D8-42E3-8001-D541FD7CEBFB}_1\Html\images\hse.png (4 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\images\bkg.gif (22 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{807849B3-40D8-42E3-8001-D541FD7CEBFB}\8.0.3.25\Html\manage\img\skin\skin_selected_blank.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Assistant.dll (2321 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\{B9C6ADA1-8B36-4c8d-97E5-1F89AE3A5341}\images\pink.png (716 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\grid\unlock.png (1 bytes)
%Program Files%\Tencent\QQBrowser\Html\quickaccess\img\dock_video_hover.png (3 bytes)
%Documents and Settings%\%current user%\Application Data\Tencent\QQBrowser\Extensions8\Temp\{E5914276-7752-43C4-9723-50EE9CF51AD8}.qrx (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CR_AB8A0.tmp\CHROME.PACKED.7Z (381385 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir1232_31136\stats_uploader.exe (265 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\scoped_dir1232_20897\wow_installer.prefs (235 bytes)
%Program Files%\UCBrowser\Application\Share\install_stats.log (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CR_AB8A0.tmp\SETUP.EX_ (1708 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\CR_AB8A0.tmp\setup.exe (17426 bytes)
%Program Files%\UCBrowser\Application\Share\ucsvc_config.dat (339 bytes)
%Program Files%\UCBrowser\Application\ucsvc.log (2097 bytes)
Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
Reboot the computer.

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

Permalink

Back to the blog

e-mail

Google+

Twitter

Facebook

Trojan.NSIS.StartPage_61e341671e

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Discover the new adaware antivirus 12

Our best antivirus yet

Trojan.NSIS.StartPage_61e341671e

E-mail

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Discover the new adaware antivirus 12

Our best antivirus yet