Call: 75
Call: 2497
Delete: "C:\Users\ADMINI~1\AppData\Local\Temp\nsvB7.tmp"
CreateDirectory: "C:\Users\ADMINI~1\AppData\Local\Temp\nsvB7.tmp" (0)
CreateDirectory: "C:\Users\ADMINI~1\AppData\Local\Temp\nsvB7.tmp" created
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\nsvB7.tmp\System.dll"
File: wrote 11264 to "C:\Users\ADMINI~1\AppData\Local\Temp\nsvB7.tmp\System.dll"
Call: 2497
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\nsvB7.tmp\System.dll"
File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\nsvB7.tmp\System.dll" (overwriteflag=1)
Jump: 169
Call: 2497
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\nsvB7.tmp\System.dll"
File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\nsvB7.tmp\System.dll" (overwriteflag=1)
Call: 2497
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\nsvB7.tmp\System.dll"
File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\nsvB7.tmp\System.dll" (overwriteflag=1)
Jump: 216
Jump: 245
==============================
26/11/2018 (Monday) 10:49:56
InstDir=C:\Users\Administrator\AppData\Roaming\Tencent\Logs
Call: 256
Jump: 273
Jump: 290
CmdLine=/S /ACTION=4 /EXTRACT_MODE=1 /QQ_INST_PATH="C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20354"
Call: 296
Jump: 316
Jump: 318
Jump: 318
Jump: 375
Jump: 386
Original:C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20354
Stripped:C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20354
Call: 296
Jump: 318
Jump: 318
Call: 296
Jump: 318
Jump: 318
Version:(4.3.9.4)
Call: 296
Jump: 316
Jump: 361
Extract Mode:1
Call: 2497
File: overwriteflag=1, allowskipfilesflag=2, name="C:\Users\ADMINI~1\AppData\Local\Temp\nsvB7.tmp\AccessControl.dll"
File: wrote 14848 to "C:\Users\ADMINI~1\AppData\Local\Temp\nsvB7.tmp\AccessControl.dll"
Call: 296
Jump: 316
Jump: 361
Action=4 C:\Program Files (x86)\Common Files\Tencent\QQProtect\Bin\QQProtect.exe /fp disable
Section: "Q盾核心文件"
settings logging to 1
logging set to 1
Call: 752
Call: 2497
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\nsvB7.tmp\System.dll"
File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\nsvB7.tmp\System.dll" (overwriteflag=1)
Jump: 847
IfFileExists: file "C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20354\QQProtect" does not exist, jumping 884
CreateDirectory: "C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20354\QQProtect" (1)
CreateDirectory: "C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20354\QQProtect" created
File: overwriteflag=0, allowskipfilesflag=2, name="QQProtect.tpc"
File: wrote 194 to "C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20354\QQProtect\QQProtect.tpc"
File: overwriteflag=0, allowskipfilesflag=2, name="common.xml.txd"
File: wrote 15778 to "C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20354\QQProtect\common.xml.txd"
Call: 752
Call: 2497
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\nsvB7.tmp\System.dll"
File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\nsvB7.tmp\System.dll" (overwriteflag=1)
IfFileExists: file "C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20354\QQProtect\Bin\LSPlugins" does not exist, jumping 985
CreateDirectory: "C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20354\QQProtect\Bin\LSPlugins" (1)
CreateDirectory: "C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20354\QQProtect\Bin" created
CreateDirectory: "C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20354\QQProtect\Bin\LSPlugins" created
File: overwriteflag=0, allowskipfilesflag=2, name="LSPtloginPlugin.dll"
File: wrote 96544 to "C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20354\QQProtect\Bin\LSPlugins\LSPtloginPlugin.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="LSPlugins.dat"
File: wrote 460 to "C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20354\QQProtect\Bin\LSPlugins\LSPlugins.dat"
Call: 752
Call: 2497
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\nsvB7.tmp\System.dll"
File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\nsvB7.tmp\System.dll" (overwriteflag=1)
Jump: 838
IfFileExists: file "C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20354\QQProtect\Bin" exists, jumping 0
Call: 2497
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\nsvB7.tmp\AccessControl.dll"
File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\nsvB7.tmp\AccessControl.dll" (overwriteflag=1)
CreateDirectory: "C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20354\QQProtect\Bin" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="QPLocalSvrPlugin.dll"
File: wrote 1549504 to "C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20354\QQProtect\Bin\QPLocalSvrPlugin.dll"
Call: 752
Call: 2497
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\nsvB7.tmp\System.dll"
File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\nsvB7.tmp\System.dll" (overwriteflag=1)
Jump: 838
IfFileExists: file "C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20354\QQProtect\Bin" exists, jumping 0
Call: 2497
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\nsvB7.tmp\AccessControl.dll"
File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\nsvB7.tmp\AccessControl.dll" (overwriteflag=1)
CreateDirectory: "C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20354\QQProtect\Bin" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="QQProtect.exe"
File: wrote 115104 to "C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20354\QQProtect\Bin\QQProtect.exe"
File: overwriteflag=0, allowskipfilesflag=2, name="QQProtectEngine.dll"
File: wrote 1253152 to "C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20354\QQProtect\Bin\QQProtectEngine.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="QQProtectUpd.exe"
File: wrote 1377056 to "C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20354\QQProtect\Bin\QQProtectUpd.exe"
File: overwriteflag=0, allowskipfilesflag=2, name="QQProtect.dll"
File: wrote 494368 to "C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20354\QQProtect\Bin\QQProtect.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="QQProtectUI.dll"
File: wrote 132896 to "C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20354\QQProtect\Bin\QQProtectUI.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="QQProtectVi.dat"
File: wrote 158 to "C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20354\QQProtect\Bin\QQProtectVi.dat"
Call: 663
IfFileExists: file "C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20354\QQProtect\Bin\QQProtect.exe" exists, jumping 0
Call: 2497
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\nsvB7.tmp\System.dll"
File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\nsvB7.tmp\System.dll" (overwriteflag=1)
Call: 2497
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\nsvB7.tmp\System.dll"
File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\nsvB7.tmp\System.dll" (overwriteflag=1)
Jump: 697
Call: 2497
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\nsvB7.tmp\System.dll"
File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\nsvB7.tmp\System.dll" (overwriteflag=1)
Call: 2497
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\nsvB7.tmp\System.dll"
File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\nsvB7.tmp\System.dll" (overwriteflag=1)
Call: 2497
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\nsvB7.tmp\System.dll"
File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\nsvB7.tmp\System.dll" (overwriteflag=1)
Call: 2497
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\nsvB7.tmp\System.dll"
File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\nsvB7.tmp\System.dll" (overwriteflag=1)
Call: 2497
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\nsvB7.tmp\System.dll"
File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\nsvB7.tmp\System.dll" (overwriteflag=1)
File: overwriteflag=0, allowskipfilesflag=2, name="common.dll"
File: wrote 1930528 to "C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20354\QQProtect\Bin\common.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="AsyncTask.dll"
File: wrote 89888 to "C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20354\QQProtect\Bin\AsyncTask.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="libtcmalloc.dll"
File: wrote 183584 to "C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20354\QQProtect\Bin\libtcmalloc.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="zlib.dll"
File: wrote 81184 to "C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20354\QQProtect\Bin\zlib.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="libexpatw.dll"
File: wrote 135456 to "C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20354\QQProtect\Bin\libexpatw.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="tinyxml.dll"
File: wrote 99104 to "C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20354\QQProtect\Bin\tinyxml.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="QPSection.dll"
File: wrote 187168 to "C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20354\QQProtect\Bin\QPSection.dll"
Call: 1804
Call: 2497
File: overwriteflag=1, allowskipfilesflag=2, name="C:\Users\ADMINI~1\AppData\Local\Temp\nsvB7.tmp\System.dll"
File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\nsvB7.tmp\System.dll" (overwriteflag=1)
Call: 2497
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\nsvB7.tmp\System.dll"
File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\nsvB7.tmp\System.dll" (overwriteflag=1)
Call: 2497
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\nsvB7.tmp\System.dll"
File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\nsvB7.tmp\System.dll" (overwriteflag=1)
Call: 2497
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\nsvB7.tmp\System.dll"
File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\nsvB7.tmp\System.dll" (overwriteflag=1)
Call: 2497
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\nsvB7.tmp\System.dll"
File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\nsvB7.tmp\System.dll" (overwriteflag=1)
Jump: 1887
Jump: 1908
Call: 2497
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\nsvB7.tmp\System.dll"
File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\nsvB7.tmp\System.dll" (overwriteflag=1)
Call: 2497
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\nsvB7.tmp\System.dll"
File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\nsvB7.tmp\System.dll" (overwriteflag=1)
Call: 1804
Call: 2497
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\nsvB7.tmp\System.dll"
File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\nsvB7.tmp\System.dll" (overwriteflag=1)
Call: 2497
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\nsvB7.tmp\System.dll"
File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\nsvB7.tmp\System.dll" (overwriteflag=1)
Call: 1804
Call: 1804
Call: 1804
CopyFiles "C:\Users\Administrator\AppData\Roaming\Tencent\QQ\STemp\TXQQ2052~0\SysDir\Microsoft.VC80.ATL\*.dll"->"C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20354\QQProtect\Bin"
CopyFiles "C:\Users\Administrator\AppData\Roaming\Tencent\QQ\STemp\TXQQ2052~0\SysDir\Microsoft.VC80.ATL\*.manifest"->"C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20354\QQProtect\Bin"
CopyFiles "C:\Users\Administrator\AppData\Roaming\Tencent\QQ\STemp\TXQQ2052~0\SysDir\Microsoft.VC80.CRT\*.dll"->"C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20354\QQProtect\Bin"
CopyFiles "C:\Users\Administrator\AppData\Roaming\Tencent\QQ\STemp\TXQQ2052~0\SysDir\Microsoft.VC80.CRT\*.manifest"->"C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20354\QQProtect\Bin"
CopyFiles "C:\Users\Administrator\AppData\Roaming\Tencent\QQ\STemp\TXQQ2052~0\SysDir\Microsoft.VC80.MFC\*.dll"->"C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20354\QQProtect\Bin"
CopyFiles "C:\Users\Administrator\AppData\Roaming\Tencent\QQ\STemp\TXQQ2052~0\SysDir\Microsoft.VC80.MFC\*.manifest"->"C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20354\QQProtect\Bin"
CopyFiles "C:\Users\Administrator\AppData\Roaming\Tencent\QQ\STemp\TXQQ2052~0\SysDir\Microsoft.VC80.MFCLOC\*.dll"->"C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20354\QQProtect\Bin"
CopyFiles "C:\Users\Administrator\AppData\Roaming\Tencent\QQ\STemp\TXQQ2052~0\SysDir\Microsoft.VC80.MFCLOC\*.manifest"->"C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20354\QQProtect\Bin"
CopyFiles "C:\Users\Administrator\AppData\Roaming\Tencent\QQ\STemp\TXQQ2052~0\*100.dll"->"C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20354\QQProtect\Bin"
Call: 752
Call: 2497
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\nsvB7.tmp\System.dll"
File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\nsvB7.tmp\System.dll" (overwriteflag=1)
IfFileExists: file "C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20354\QQProtect\I18N" does not exist, jumping 2205
CreateDirectory: "C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20354\QQProtect\I18N" (1)
CreateDirectory: "C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20354\QQProtect\I18N" created
File: overwriteflag=0, allowskipfilesflag=2, name="QQProtectConfig.xml"
File: wrote 297 to "C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20354\QQProtect\I18N\QQProtectConfig.xml"
Call: 752
Call: 2497
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\nsvB7.tmp\System.dll"
File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\nsvB7.tmp\System.dll" (overwriteflag=1)
IfFileExists: file "C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20354\QQProtect\I18N\2052" does not exist, jumping 2277
CreateDirectory: "C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20354\QQProtect\I18N\2052" (1)
CreateDirectory: "C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20354\QQProtect\I18N\2052" created
File: overwriteflag=0, allowskipfilesflag=2, name="QQProtectUrlBundle.xml.enc"
File: wrote 1304 to "C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20354\QQProtect\I18N\2052\QQProtectUrlBundle.xml.enc"
File: overwriteflag=0, allowskipfilesflag=2, name="QQProtectStringBundle.xml"
File: wrote 11408 to "C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20354\QQProtect\I18N\2052\QQProtectStringBundle.xml"
Section: "QQ反钓鱼插件"
settings logging to 1
logging set to 1
Set PerfCount=4
Call: 2497
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\nsvB7.tmp\ExecDos.dll"
File: wrote 6656 to "C:\Users\ADMINI~1\AppData\Local\Temp\nsvB7.tmp\ExecDos.dll"
Set PerfCount result=-1073741515
CreateDirectory: "C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20354" (1)
IfFileExists: file "C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20354\QQProtect" exists, jumping 0
RMDir: "C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20354\QQProtect"
Delete: DeleteFile("C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20354\QQProtect\Bin\AsyncTask.dll")
Delete: DeleteFile("C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20354\QQProtect\Bin\common.dll")
Delete: DeleteFile("C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20354\QQProtect\Bin\libexpatw.dll")
Delete: DeleteFile("C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20354\QQProtect\Bin\libtcmalloc.dll")
Delete: DeleteFile("C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20354\QQProtect\Bin\LSPlugins\LSPlugins.dat")
Delete: DeleteFile("C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20354\QQProtect\Bin\LSPlugins\LSPtloginPlugin.dll")
RMDir: RemoveDirectory("C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20354\QQProtect\Bin\LSPlugins\")
Delete: DeleteFile("C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20354\QQProtect\Bin\QPLocalSvrPlugin.dll")
Delete: DeleteFile("C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20354\QQProtect\Bin\QPSection.dll")
Delete: DeleteFile("C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20354\QQProtect\Bin\QQProtect.dll")
Delete: DeleteFile("C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20354\QQProtect\Bin\QQProtect.exe")
Delete: DeleteFile("C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20354\QQProtect\Bin\QQProtectEngine.dll")
Delete: DeleteFile("C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20354\QQProtect\Bin\QQProtectUI.dll")
Delete: DeleteFile("C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20354\QQProtect\Bin\QQProtectUpd.exe")
Delete: DeleteFile("C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20354\QQProtect\Bin\QQProtectVi.dat")
Delete: DeleteFile("C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20354\QQProtect\Bin\tinyxml.dll")
Delete: DeleteFile("C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20354\QQProtect\Bin\zlib.dll")
RMDir: RemoveDirectory("C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20354\QQProtect\Bin\")
Delete: DeleteFile("C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20354\QQProtect\common.xml.txd")
Delete: DeleteFile("C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20354\QQProtect\I18N\2052\QQProtectStringBundle.xml")
Delete: DeleteFile("C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20354\QQProtect\I18N\2052\QQProtectUrlBundle.xml.enc")
RMDir: RemoveDirectory("C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20354\QQProtect\I18N\2052\")
Delete: DeleteFile("C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20354\QQProtect\I18N\QQProtectConfig.xml")
RMDir: RemoveDirectory("C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20354\QQProtect\I18N\")
Delete: DeleteFile("C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20354\QQProtect\QQProtect.tpc")
RMDir: RemoveDirectory("C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20354\QQProtect\")
Jump: 493
Delete: DeleteFile("C:\Users\ADMINI~1\AppData\Local\Temp\nsvB7.tmp\AccessControl.dll")
Delete: DeleteFile("C:\Users\ADMINI~1\AppData\Local\Temp\nsvB7.tmp\ExecDos.dll")
Delete: DeleteFile("C:\Users\ADMINI~1\AppData\Local\Temp\nsvB7.tmp\System.dll")
RMDir: RemoveDirectory("C:\Users\ADMINI~1\AppData\Local\Temp\nsvB7.tmp\")
Call: 75
Call: 2497
Delete: "C:\Users\ADMINI~1\AppData\Local\Temp\nso221A.tmp"
CreateDirectory: "C:\Users\ADMINI~1\AppData\Local\Temp\nso221A.tmp" (0)
CreateDirectory: "C:\Users\ADMINI~1\AppData\Local\Temp\nso221A.tmp" created
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\nso221A.tmp\System.dll"
File: wrote 11264 to "C:\Users\ADMINI~1\AppData\Local\Temp\nso221A.tmp\System.dll"
Call: 2497
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\nso221A.tmp\System.dll"
File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\nso221A.tmp\System.dll" (overwriteflag=1)
Jump: 169
Call: 2497
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\nso221A.tmp\System.dll"
File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\nso221A.tmp\System.dll" (overwriteflag=1)
Call: 2497
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\nso221A.tmp\System.dll"
File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\nso221A.tmp\System.dll" (overwriteflag=1)
Jump: 216
Jump: 245
==============================
26/11/2018 (Monday) 10:50:04
InstDir=C:\Users\Administrator\AppData\Roaming\Tencent\Logs
Call: 256
Jump: 273
Jump: 290
CmdLine=/S /QQ_INST_PATH="C:\Program Files (x86)\Common Files\Tencent" /QQ_RES_FOLDER_NAME=Resource. /QQ_VERSION=55.97.0.20990.0
Call: 296
Jump: 316
Jump: 318
Jump: 318
Jump: 361
Jump: 375
Jump: 386
Original:C:\Program Files (x86)\Common Files\Tencent
Stripped:C:\Program Files (x86)\Common Files\Tencent
Call: 296
Jump: 318
Jump: 318
Jump: 316
Jump: 361
Call: 296
Jump: 318
Jump: 318
Jump: 316
Version:55.97.0.20990.0(4.3.9.4)
Call: 296
Jump: 318
Jump: 318
Extract Mode:
Call: 2497
File: overwriteflag=1, allowskipfilesflag=2, name="C:\Users\ADMINI~1\AppData\Local\Temp\nso221A.tmp\AccessControl.dll"
File: wrote 14848 to "C:\Users\ADMINI~1\AppData\Local\Temp\nso221A.tmp\AccessControl.dll"
Call: 296
Jump: 318
Jump: 318
Action= C:\Program Files (x86)\Common Files\Tencent\QQProtect\Bin\QQProtect.exe /fp disable
Section: "Q盾核心文件"
settings logging to 1
logging set to 1
Call: 752
Call: 2497
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\nso221A.tmp\System.dll"
File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\nso221A.tmp\System.dll" (overwriteflag=1)
Jump: 847
IfFileExists: file "C:\Program Files (x86)\Common Files\Tencent\QQProtect" does not exist, jumping 884
CreateDirectory: "C:\Program Files (x86)\Common Files\Tencent\QQProtect" (1)
CreateDirectory: "C:\Program Files (x86)\Common Files\Tencent\QQProtect" created
File: overwriteflag=0, allowskipfilesflag=2, name="QQProtect.tpc"
File: wrote 194 to "C:\Program Files (x86)\Common Files\Tencent\QQProtect\QQProtect.tpc"
File: overwriteflag=0, allowskipfilesflag=2, name="common.xml.txd"
File: wrote 15778 to "C:\Program Files (x86)\Common Files\Tencent\QQProtect\common.xml.txd"
Call: 752
Call: 2497
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\nso221A.tmp\System.dll"
File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\nso221A.tmp\System.dll" (overwriteflag=1)
IfFileExists: file "C:\Program Files (x86)\Common Files\Tencent\QQProtect\Bin\LSPlugins" does not exist, jumping 985
CreateDirectory: "C:\Program Files (x86)\Common Files\Tencent\QQProtect\Bin\LSPlugins" (1)
CreateDirectory: "C:\Program Files (x86)\Common Files\Tencent\QQProtect\Bin" created
CreateDirectory: "C:\Program Files (x86)\Common Files\Tencent\QQProtect\Bin\LSPlugins" created
File: overwriteflag=0, allowskipfilesflag=2, name="LSPtloginPlugin.dll"
File: wrote 96544 to "C:\Program Files (x86)\Common Files\Tencent\QQProtect\Bin\LSPlugins\LSPtloginPlugin.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="LSPlugins.dat"
File: wrote 460 to "C:\Program Files (x86)\Common Files\Tencent\QQProtect\Bin\LSPlugins\LSPlugins.dat"
Call: 752
Call: 2497
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\nso221A.tmp\System.dll"
File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\nso221A.tmp\System.dll" (overwriteflag=1)
Jump: 838
IfFileExists: file "C:\Program Files (x86)\Common Files\Tencent\QQProtect\Bin" exists, jumping 0
Call: 2497
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\nso221A.tmp\AccessControl.dll"
File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\nso221A.tmp\AccessControl.dll" (overwriteflag=1)
CreateDirectory: "C:\Program Files (x86)\Common Files\Tencent\QQProtect\Bin" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="QPLocalSvrPlugin.dll"
File: wrote 1549504 to "C:\Program Files (x86)\Common Files\Tencent\QQProtect\Bin\QPLocalSvrPlugin.dll"
Call: 752
Call: 2497
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\nso221A.tmp\System.dll"
File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\nso221A.tmp\System.dll" (overwriteflag=1)
Jump: 838
IfFileExists: file "C:\Program Files (x86)\Common Files\Tencent\QQProtect\Bin" exists, jumping 0
Call: 2497
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\nso221A.tmp\AccessControl.dll"
File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\nso221A.tmp\AccessControl.dll" (overwriteflag=1)
CreateDirectory: "C:\Program Files (x86)\Common Files\Tencent\QQProtect\Bin" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="QQProtect.exe"
File: wrote 115104 to "C:\Program Files (x86)\Common Files\Tencent\QQProtect\Bin\QQProtect.exe"
File: overwriteflag=0, allowskipfilesflag=2, name="QQProtectEngine.dll"
File: wrote 1253152 to "C:\Program Files (x86)\Common Files\Tencent\QQProtect\Bin\QQProtectEngine.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="QQProtectUpd.exe"
File: wrote 1377056 to "C:\Program Files (x86)\Common Files\Tencent\QQProtect\Bin\QQProtectUpd.exe"
File: overwriteflag=0, allowskipfilesflag=2, name="QQProtect.dll"
File: wrote 494368 to "C:\Program Files (x86)\Common Files\Tencent\QQProtect\Bin\QQProtect.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="QQProtectUI.dll"
File: wrote 132896 to "C:\Program Files (x86)\Common Files\Tencent\QQProtect\Bin\QQProtectUI.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="QQProtectVi.dat"
File: wrote 158 to "C:\Program Files (x86)\Common Files\Tencent\QQProtect\Bin\QQProtectVi.dat"
File: overwriteflag=0, allowskipfilesflag=2, name="QPSafePlugin.dll"
File: wrote 713504 to "C:\Program Files (x86)\Common Files\Tencent\QQProtect\Bin\QPSafePlugin.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="QPPluginMgr.dll"
File: wrote 148256 to "C:\Program Files (x86)\Common Files\Tencent\QQProtect\Bin\QPPluginMgr.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="QPCheckPlugin.dll"
File: wrote 67360 to "C:\Program Files (x86)\Common Files\Tencent\QQProtect\Bin\QPCheckPlugin.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="QPGF.dll"
File: wrote 204576 to "C:\Program Files (x86)\Common Files\Tencent\QQProtect\Bin\QPGF.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="QQProtect.xml"
File: wrote 162 to "C:\Program Files (x86)\Common Files\Tencent\QQProtect\Bin\QQProtect.xml"
File: overwriteflag=0, allowskipfilesflag=2, name="res.zip"
File: wrote 179635 to "C:\Program Files (x86)\Common Files\Tencent\QQProtect\Bin\res.zip"
File: overwriteflag=0, allowskipfilesflag=2, name="BugReport.exe"
File: wrote 339232 to "C:\Program Files (x86)\Common Files\Tencent\QQProtect\Bin\BugReport.exe"
File: overwriteflag=0, allowskipfilesflag=2, name="QPNotify.exe"
File: wrote 97568 to "C:\Program Files (x86)\Common Files\Tencent\QQProtect\Bin\QPNotify.exe"
File: overwriteflag=0, allowskipfilesflag=2, name="QPPluginInfo.dat"
File: wrote 270 to "C:\Program Files (x86)\Common Files\Tencent\QQProtect\Bin\QPPluginInfo.dat"
File: overwriteflag=0, allowskipfilesflag=2, name="common.dll"
File: wrote 1930528 to "C:\Program Files (x86)\Common Files\Tencent\QQProtect\Bin\common.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="AsyncTask.dll"
File: wrote 89888 to "C:\Program Files (x86)\Common Files\Tencent\QQProtect\Bin\AsyncTask.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="libtcmalloc.dll"
File: wrote 183584 to "C:\Program Files (x86)\Common Files\Tencent\QQProtect\Bin\libtcmalloc.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="zlib.dll"
File: wrote 81184 to "C:\Program Files (x86)\Common Files\Tencent\QQProtect\Bin\zlib.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="libexpatw.dll"
File: wrote 135456 to "C:\Program Files (x86)\Common Files\Tencent\QQProtect\Bin\libexpatw.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="tinyxml.dll"
File: wrote 99104 to "C:\Program Files (x86)\Common Files\Tencent\QQProtect\Bin\tinyxml.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="QPSection.dll"
File: wrote 187168 to "C:\Program Files (x86)\Common Files\Tencent\QQProtect\Bin\QPSection.dll"
Call: 1804
Call: 2497
File: overwriteflag=1, allowskipfilesflag=2, name="C:\Users\ADMINI~1\AppData\Local\Temp\nso221A.tmp\System.dll"
File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\nso221A.tmp\System.dll" (overwriteflag=1)
Call: 2497
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\nso221A.tmp\System.dll"
File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\nso221A.tmp\System.dll" (overwriteflag=1)
Call: 2497
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\nso221A.tmp\System.dll"
File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\nso221A.tmp\System.dll" (overwriteflag=1)
Call: 2497
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\nso221A.tmp\System.dll"
File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\nso221A.tmp\System.dll" (overwriteflag=1)
Call: 2497
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\nso221A.tmp\System.dll"
File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\nso221A.tmp\System.dll" (overwriteflag=1)
Jump: 1887
Jump: 1908
Call: 2497
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\nso221A.tmp\System.dll"
File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\nso221A.tmp\System.dll" (overwriteflag=1)
Call: 2497
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\nso221A.tmp\System.dll"
File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\nso221A.tmp\System.dll" (overwriteflag=1)
Call: 1804
Call: 2497
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\nso221A.tmp\System.dll"
File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\nso221A.tmp\System.dll" (overwriteflag=1)
Call: 2497
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\nso221A.tmp\System.dll"
File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\nso221A.tmp\System.dll" (overwriteflag=1)
File: overwriteflag=0, allowskipfilesflag=2, name="QQProtectX64.sys"
File: wrote 117984 to "C:\Program Files (x86)\Common Files\Tencent\QQProtect\Bin\QQProtectX64.sys"
File: overwriteflag=0, allowskipfilesflag=2, name="QDAntiDrv64.sys"
File: wrote 72416 to "C:\Program Files (x86)\Common Files\Tencent\QQProtect\Bin\QDAntiDrv64.sys"
Call: 1804
Call: 1804
Call: 1804
Call: 752
Call: 2497
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\nso221A.tmp\System.dll"
File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\nso221A.tmp\System.dll" (overwriteflag=1)
IfFileExists: file "C:\Program Files (x86)\Common Files\Tencent\QQProtect\I18N" does not exist, jumping 2205
CreateDirectory: "C:\Program Files (x86)\Common Files\Tencent\QQProtect\I18N" (1)
CreateDirectory: "C:\Program Files (x86)\Common Files\Tencent\QQProtect\I18N" created
File: overwriteflag=0, allowskipfilesflag=2, name="QQProtectConfig.xml"
File: wrote 297 to "C:\Program Files (x86)\Common Files\Tencent\QQProtect\I18N\QQProtectConfig.xml"
Call: 752
Call: 2497
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\nso221A.tmp\System.dll"
File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\nso221A.tmp\System.dll" (overwriteflag=1)
IfFileExists: file "C:\Program Files (x86)\Common Files\Tencent\QQProtect\I18N\2052" does not exist, jumping 2277
CreateDirectory: "C:\Program Files (x86)\Common Files\Tencent\QQProtect\I18N\2052" (1)
CreateDirectory: "C:\Program Files (x86)\Common Files\Tencent\QQProtect\I18N\2052" created
File: overwriteflag=0, allowskipfilesflag=2, name="QQProtectUrlBundle.xml.enc"
File: wrote 1304 to "C:\Program Files (x86)\Common Files\Tencent\QQProtect\I18N\2052\QQProtectUrlBundle.xml.enc"
File: overwriteflag=0, allowskipfilesflag=2, name="QQProtectStringBundle.xml"
File: wrote 11408 to "C:\Program Files (x86)\Common Files\Tencent\QQProtect\I18N\2052\QQProtectStringBundle.xml"
Section: "QQ反钓鱼插件"
settings logging to 1
logging set to 1
Call: 752
Call: 2497
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\nso221A.tmp\System.dll"
File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\nso221A.tmp\System.dll" (overwriteflag=1)
IfFileExists: file "C:\Users\Administrator\AppData\Roaming\Tencent\QQ\QQAntiPhishing" does not exist, jumping 2384
CreateDirectory: "C:\Users\Administrator\AppData\Roaming\Tencent\QQ\QQAntiPhishing" (1)
CreateDirectory: "C:\Users\Administrator\AppData\Roaming\Tencent\QQ\QQAntiPhishing" created
File: overwriteflag=0, allowskipfilesflag=2, name="tsurllib.bin"
File: wrote 11968 to "C:\Users\Administrator\AppData\Roaming\Tencent\QQ\QQAntiPhishing\tsurllib.bin"
IfFileExists: file "C:\Users\Administrator\AppData\Roaming\Tencent\QQ\QQAntiPhishing\tsconfig.dat" does not exist, jumping 0
File: overwriteflag=0, allowskipfilesflag=2, name="tsconfig.dat"
File: wrote 0 to "C:\Users\Administrator\AppData\Roaming\Tencent\QQ\QQAntiPhishing\tsconfig.dat"
File: overwriteflag=0, allowskipfilesflag=2, name="AccountProtect.dll"
File: wrote 1127200 to "C:\Users\Administrator\AppData\Roaming\Tencent\QQ\QQAntiPhishing\AccountProtect.dll"
Jump: 2464
File: overwriteflag=0, allowskipfilesflag=2, name="NSBugReport.exe"
File: wrote 131872 to "C:\Users\Administrator\AppData\Roaming\Tencent\QQ\QQAntiPhishing\NSBugReport.exe"
Jump: 2482
Delete: DeleteFile("C:\Users\ADMINI~1\AppData\Local\Temp\nso221A.tmp\AccessControl.dll")
Delete: DeleteFile("C:\Users\ADMINI~1\AppData\Local\Temp\nso221A.tmp\System.dll")
RMDir: RemoveDirectory("C:\Users\ADMINI~1\AppData\Local\Temp\nso221A.tmp\")
Call: 75
Call: 2497
Delete: "C:\Users\ADMINI~1\AppData\Local\Temp\nsl35FF.tmp"
CreateDirectory: "C:\Users\ADMINI~1\AppData\Local\Temp\nsl35FF.tmp" (0)
CreateDirectory: "C:\Users\ADMINI~1\AppData\Local\Temp\nsl35FF.tmp" created
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\nsl35FF.tmp\System.dll"
File: wrote 11264 to "C:\Users\ADMINI~1\AppData\Local\Temp\nsl35FF.tmp\System.dll"
Call: 2497
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\nsl35FF.tmp\System.dll"
File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\nsl35FF.tmp\System.dll" (overwriteflag=1)
Jump: 169
Call: 2497
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\nsl35FF.tmp\System.dll"
File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\nsl35FF.tmp\System.dll" (overwriteflag=1)
Call: 2497
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\nsl35FF.tmp\System.dll"
File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\nsl35FF.tmp\System.dll" (overwriteflag=1)
Jump: 216
Jump: 245
==============================
26/11/2018 (Monday) 10:50:10
InstDir=C:\Users\Administrator\AppData\Roaming\Tencent\Logs
Call: 256
Jump: 273
Jump: 290
CmdLine=/S /ACTION=5 /EXTRACT_MODE=1 /QQ_INST_PATH="C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20397"
Call: 296
Jump: 316
Jump: 318
Jump: 318
Jump: 375
Jump: 386
Original:C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20397
Stripped:C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20397
Call: 296
Jump: 318
Jump: 318
Call: 296
Jump: 318
Jump: 318
Version:(4.3.9.4)
Call: 296
Jump: 316
Jump: 361
Extract Mode:1
Call: 2497
File: overwriteflag=1, allowskipfilesflag=2, name="C:\Users\ADMINI~1\AppData\Local\Temp\nsl35FF.tmp\AccessControl.dll"
File: wrote 14848 to "C:\Users\ADMINI~1\AppData\Local\Temp\nsl35FF.tmp\AccessControl.dll"
Call: 296
Jump: 316
Jump: 361
Action=5 C:\Program Files (x86)\Common Files\Tencent\QQProtect\Bin\QQProtect.exe /fp disable
Section: "Q盾核心文件"
settings logging to 1
logging set to 1
Call: 752
Call: 2497
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\nsl35FF.tmp\System.dll"
File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\nsl35FF.tmp\System.dll" (overwriteflag=1)
Jump: 847
IfFileExists: file "C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20397\QQProtect" does not exist, jumping 884
CreateDirectory: "C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20397\QQProtect" (1)
CreateDirectory: "C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20397\QQProtect" created
File: overwriteflag=0, allowskipfilesflag=2, name="QQProtect.tpc"
File: wrote 194 to "C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20397\QQProtect\QQProtect.tpc"
File: overwriteflag=0, allowskipfilesflag=2, name="common.xml.txd"
File: wrote 15778 to "C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20397\QQProtect\common.xml.txd"
Call: 752
Call: 2497
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\nsl35FF.tmp\System.dll"
File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\nsl35FF.tmp\System.dll" (overwriteflag=1)
IfFileExists: file "C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20397\QQProtect\Bin\LSPlugins" does not exist, jumping 985
CreateDirectory: "C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20397\QQProtect\Bin\LSPlugins" (1)
CreateDirectory: "C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20397\QQProtect\Bin" created
CreateDirectory: "C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20397\QQProtect\Bin\LSPlugins" created
File: overwriteflag=0, allowskipfilesflag=2, name="LSPtloginPlugin.dll"
File: wrote 96544 to "C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20397\QQProtect\Bin\LSPlugins\LSPtloginPlugin.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="LSPlugins.dat"
File: wrote 460 to "C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20397\QQProtect\Bin\LSPlugins\LSPlugins.dat"
Call: 752
Call: 2497
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\nsl35FF.tmp\System.dll"
File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\nsl35FF.tmp\System.dll" (overwriteflag=1)
Jump: 838
IfFileExists: file "C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20397\QQProtect\Bin" exists, jumping 0
Call: 2497
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\nsl35FF.tmp\AccessControl.dll"
File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\nsl35FF.tmp\AccessControl.dll" (overwriteflag=1)
CreateDirectory: "C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20397\QQProtect\Bin" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="QPLocalSvrPlugin.dll"
File: wrote 1549504 to "C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20397\QQProtect\Bin\QPLocalSvrPlugin.dll"
Call: 752
Call: 2497
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\nsl35FF.tmp\System.dll"
File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\nsl35FF.tmp\System.dll" (overwriteflag=1)
Jump: 838
IfFileExists: file "C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20397\QQProtect\Bin" exists, jumping 0
Call: 2497
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\nsl35FF.tmp\AccessControl.dll"
File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\nsl35FF.tmp\AccessControl.dll" (overwriteflag=1)
CreateDirectory: "C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20397\QQProtect\Bin" (1)
File: overwriteflag=0, allowskipfilesflag=2, name="QQProtect.exe"
File: wrote 115104 to "C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20397\QQProtect\Bin\QQProtect.exe"
File: overwriteflag=0, allowskipfilesflag=2, name="QQProtectEngine.dll"
File: wrote 1253152 to "C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20397\QQProtect\Bin\QQProtectEngine.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="QQProtectUpd.exe"
File: wrote 1377056 to "C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20397\QQProtect\Bin\QQProtectUpd.exe"
File: overwriteflag=0, allowskipfilesflag=2, name="QQProtect.dll"
File: wrote 494368 to "C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20397\QQProtect\Bin\QQProtect.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="QQProtectUI.dll"
File: wrote 132896 to "C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20397\QQProtect\Bin\QQProtectUI.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="QQProtectVi.dat"
File: wrote 158 to "C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20397\QQProtect\Bin\QQProtectVi.dat"
Call: 663
IfFileExists: file "C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20397\QQProtect\Bin\QQProtect.exe" exists, jumping 0
Call: 2497
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\nsl35FF.tmp\System.dll"
File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\nsl35FF.tmp\System.dll" (overwriteflag=1)
Call: 2497
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\nsl35FF.tmp\System.dll"
File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\nsl35FF.tmp\System.dll" (overwriteflag=1)
Jump: 697
Call: 2497
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\nsl35FF.tmp\System.dll"
File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\nsl35FF.tmp\System.dll" (overwriteflag=1)
Call: 2497
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\nsl35FF.tmp\System.dll"
File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\nsl35FF.tmp\System.dll" (overwriteflag=1)
Call: 2497
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\nsl35FF.tmp\System.dll"
File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\nsl35FF.tmp\System.dll" (overwriteflag=1)
Call: 2497
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\nsl35FF.tmp\System.dll"
File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\nsl35FF.tmp\System.dll" (overwriteflag=1)
Call: 2497
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\nsl35FF.tmp\System.dll"
File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\nsl35FF.tmp\System.dll" (overwriteflag=1)
File: overwriteflag=0, allowskipfilesflag=2, name="common.dll"
File: wrote 1930528 to "C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20397\QQProtect\Bin\common.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="AsyncTask.dll"
File: wrote 89888 to "C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20397\QQProtect\Bin\AsyncTask.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="libtcmalloc.dll"
File: wrote 183584 to "C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20397\QQProtect\Bin\libtcmalloc.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="zlib.dll"
File: wrote 81184 to "C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20397\QQProtect\Bin\zlib.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="libexpatw.dll"
File: wrote 135456 to "C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20397\QQProtect\Bin\libexpatw.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="tinyxml.dll"
File: wrote 99104 to "C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20397\QQProtect\Bin\tinyxml.dll"
File: overwriteflag=0, allowskipfilesflag=2, name="QPSection.dll"
File: wrote 187168 to "C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20397\QQProtect\Bin\QPSection.dll"
Call: 1804
Call: 2497
File: overwriteflag=1, allowskipfilesflag=2, name="C:\Users\ADMINI~1\AppData\Local\Temp\nsl35FF.tmp\System.dll"
File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\nsl35FF.tmp\System.dll" (overwriteflag=1)
Call: 2497
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\nsl35FF.tmp\System.dll"
File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\nsl35FF.tmp\System.dll" (overwriteflag=1)
Call: 2497
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\nsl35FF.tmp\System.dll"
File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\nsl35FF.tmp\System.dll" (overwriteflag=1)
Call: 2497
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\nsl35FF.tmp\System.dll"
File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\nsl35FF.tmp\System.dll" (overwriteflag=1)
Call: 2497
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\nsl35FF.tmp\System.dll"
File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\nsl35FF.tmp\System.dll" (overwriteflag=1)
Jump: 1887
Jump: 1908
Call: 2497
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\nsl35FF.tmp\System.dll"
File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\nsl35FF.tmp\System.dll" (overwriteflag=1)
Call: 2497
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\nsl35FF.tmp\System.dll"
File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\nsl35FF.tmp\System.dll" (overwriteflag=1)
Call: 1804
Call: 2497
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\nsl35FF.tmp\System.dll"
File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\nsl35FF.tmp\System.dll" (overwriteflag=1)
Call: 2497
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\nsl35FF.tmp\System.dll"
File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\nsl35FF.tmp\System.dll" (overwriteflag=1)
Call: 1804
Call: 1804
Call: 1804
CopyFiles "C:\Users\Administrator\AppData\Roaming\Tencent\QQ\STemp\TXQQ2052~0\SysDir\Microsoft.VC80.ATL\*.dll"->"C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20397\QQProtect\Bin"
CopyFiles "C:\Users\Administrator\AppData\Roaming\Tencent\QQ\STemp\TXQQ2052~0\SysDir\Microsoft.VC80.ATL\*.manifest"->"C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20397\QQProtect\Bin"
CopyFiles "C:\Users\Administrator\AppData\Roaming\Tencent\QQ\STemp\TXQQ2052~0\SysDir\Microsoft.VC80.CRT\*.dll"->"C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20397\QQProtect\Bin"
CopyFiles "C:\Users\Administrator\AppData\Roaming\Tencent\QQ\STemp\TXQQ2052~0\SysDir\Microsoft.VC80.CRT\*.manifest"->"C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20397\QQProtect\Bin"
CopyFiles "C:\Users\Administrator\AppData\Roaming\Tencent\QQ\STemp\TXQQ2052~0\SysDir\Microsoft.VC80.MFC\*.dll"->"C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20397\QQProtect\Bin"
CopyFiles "C:\Users\Administrator\AppData\Roaming\Tencent\QQ\STemp\TXQQ2052~0\SysDir\Microsoft.VC80.MFC\*.manifest"->"C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20397\QQProtect\Bin"
CopyFiles "C:\Users\Administrator\AppData\Roaming\Tencent\QQ\STemp\TXQQ2052~0\SysDir\Microsoft.VC80.MFCLOC\*.dll"->"C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20397\QQProtect\Bin"
CopyFiles "C:\Users\Administrator\AppData\Roaming\Tencent\QQ\STemp\TXQQ2052~0\SysDir\Microsoft.VC80.MFCLOC\*.manifest"->"C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20397\QQProtect\Bin"
CopyFiles "C:\Users\Administrator\AppData\Roaming\Tencent\QQ\STemp\TXQQ2052~0\*100.dll"->"C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20397\QQProtect\Bin"
Call: 752
Call: 2497
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\nsl35FF.tmp\System.dll"
File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\nsl35FF.tmp\System.dll" (overwriteflag=1)
IfFileExists: file "C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20397\QQProtect\I18N" does not exist, jumping 2205
CreateDirectory: "C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20397\QQProtect\I18N" (1)
CreateDirectory: "C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20397\QQProtect\I18N" created
File: overwriteflag=0, allowskipfilesflag=2, name="QQProtectConfig.xml"
File: wrote 297 to "C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20397\QQProtect\I18N\QQProtectConfig.xml"
Call: 752
Call: 2497
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\nsl35FF.tmp\System.dll"
File: skipped: "C:\Users\ADMINI~1\AppData\Local\Temp\nsl35FF.tmp\System.dll" (overwriteflag=1)
IfFileExists: file "C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20397\QQProtect\I18N\2052" does not exist, jumping 2277
CreateDirectory: "C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20397\QQProtect\I18N\2052" (1)
CreateDirectory: "C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20397\QQProtect\I18N\2052" created
File: overwriteflag=0, allowskipfilesflag=2, name="QQProtectUrlBundle.xml.enc"
File: wrote 1304 to "C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20397\QQProtect\I18N\2052\QQProtectUrlBundle.xml.enc"
File: overwriteflag=0, allowskipfilesflag=2, name="QQProtectStringBundle.xml"
File: wrote 11408 to "C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20397\QQProtect\I18N\2052\QQProtectStringBundle.xml"
Section: "QQ反钓鱼插件"
settings logging to 1
logging set to 1
Set PerfCount=5
Call: 2497
File: overwriteflag=1, allowskipfilesflag=0, name="C:\Users\ADMINI~1\AppData\Local\Temp\nsl35FF.tmp\ExecDos.dll"
File: wrote 6656 to "C:\Users\ADMINI~1\AppData\Local\Temp\nsl35FF.tmp\ExecDos.dll"
Set PerfCount result=0
CreateDirectory: "C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20397" (1)
IfFileExists: file "C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20397\QQProtect" exists, jumping 0
RMDir: "C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20397\QQProtect"
Delete: DeleteFile("C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20397\QQProtect\Bin\AsyncTask.dll")
Delete: DeleteFile("C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20397\QQProtect\Bin\common.dll")
Delete: DeleteFile("C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20397\QQProtect\Bin\libexpatw.dll")
Delete: DeleteFile("C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20397\QQProtect\Bin\libtcmalloc.dll")
Delete: DeleteFile("C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20397\QQProtect\Bin\LSPlugins\LSPlugins.dat")
Delete: DeleteFile("C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20397\QQProtect\Bin\LSPlugins\LSPtloginPlugin.dll")
RMDir: RemoveDirectory("C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20397\QQProtect\Bin\LSPlugins\")
Delete: DeleteFile("C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20397\QQProtect\Bin\QPLocalSvrPlugin.dll")
Delete: DeleteFile("C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20397\QQProtect\Bin\QPSection.dll")
Delete: DeleteFile("C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20397\QQProtect\Bin\QQProtect.dll")
Delete: DeleteFile("C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20397\QQProtect\Bin\QQProtect.exe")
Delete: DeleteFile("C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20397\QQProtect\Bin\QQProtectEngine.dll")
Delete: DeleteFile("C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20397\QQProtect\Bin\QQProtectUI.dll")
Delete: DeleteFile("C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20397\QQProtect\Bin\QQProtectUpd.exe")
Delete: DeleteFile("C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20397\QQProtect\Bin\QQProtectVi.dat")
Delete: DeleteFile("C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20397\QQProtect\Bin\tinyxml.dll")
Delete: DeleteFile("C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20397\QQProtect\Bin\zlib.dll")
RMDir: RemoveDirectory("C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20397\QQProtect\Bin\")
Delete: DeleteFile("C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20397\QQProtect\common.xml.txd")
Delete: DeleteFile("C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20397\QQProtect\I18N\2052\QQProtectStringBundle.xml")
Delete: DeleteFile("C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20397\QQProtect\I18N\2052\QQProtectUrlBundle.xml.enc")
RMDir: RemoveDirectory("C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20397\QQProtect\I18N\2052\")
Delete: DeleteFile("C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20397\QQProtect\I18N\QQProtectConfig.xml")
RMDir: RemoveDirectory("C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20397\QQProtect\I18N\")
Delete: DeleteFile("C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20397\QQProtect\QQProtect.tpc")
RMDir: RemoveDirectory("C:\Users\ADMINI~1\AppData\Local\Temp\qp_tmp_20397\QQProtect\")
Delete: DeleteFile("C:\Users\ADMINI~1\AppData\Local\Temp\nsl35FF.tmp\AccessControl.dll")
Delete: DeleteFile("C:\Users\ADMINI~1\AppData\Local\Temp\nsl35FF.tmp\ExecDos.dll")
Delete: DeleteFile("C:\Users\ADMINI~1\AppData\Local\Temp\nsl35FF.tmp\System.dll")
RMDir: RemoveDirectory("C:\Users\ADMINI~1\AppData\Local\Temp\nsl35FF.tmp\")