Gen.Variant.Symmi.61994_697bc854d1

by malwarelabrobot on May 18th, 2017 in Malware Descriptions.

Gen:Variant.Zusy.Elzob.14572 (BitDefender), Trojan-GameThief.Win32.OnLineGames.ajfwy (Kaspersky), Trojan.Win32.Generic.pak!cobra (VIPRE), Trojan.PWS.Wsgame.38324 (DrWeb), Gen:Variant.Zusy.Elzob.14572 (B) (Emsisoft), Artemis!697BC854D117 (McAfee), WS.Reputation.1 (Symantec), Trojan-GameThief.Win32.OnLineGames (Ikarus), Gen:Variant.Zusy.Elzob.14572 (FSecure), PSW.OnlineGames4.ADCM (AVG), Win32:Malware-gen (Avast), TROJ_GEN.USBL31ACN (TrendMicro), Gen:Variant.Symmi.61994 (AdAware), Trojan-PSW.Win32.MSNPassword.FD, Trojan.Win32.FlyStudio.FD, GenericEmailWorm.YR, TrojanFlyStudio.YR (Lavasoft MAS)
Behaviour: Trojan-PSW, OnlineGames, Trojan, Worm, EmailWorm, Malware

The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Summary

Dynamic Analysis

Static Analysis

Network Activity

Map

Strings from Dumps

Removals

MD5: 697bc854d117ba0556912f8c445033fc
SHA1: 9d9cddd6410b4752d1a3e5d8db6de0019161849a
SHA256: 120907fe7199fb295a119906bdc987de5847b42ee1924705f70374b0ef1764f7
SSDeep: 24576:UMKTVhH4pq3pyStpCn 7PheSMV/cO75IFFFT7H/xIws1PQtXxJv4Sij CpDWgH:JmVhYpq3pL70 kzV/cM52Rtslyrij1 S
Size: 1512807 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2012-12-05 14:51:57
Analyzed on: Windows7 SP1 32-bit

Summary:

Trojan-PSW. Trojan program intended for stealing users passwords.

Payload

Behaviour	Description
EmailWorm	Worm can send e-mails.

Process activity

The Trojan creates the following process(es):
No processes have been created.
The Trojan injects its code into the following process(es):

%original file name%.exe:3308

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process %original file name%.exe:3308 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\icons_5859e57[1].png (1581 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\ielib_0108[1].js (9985 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\5M9OQRTW.txt (365 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\his[1].htm (222 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\all_async_search_643de1e[1].js (158576 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\baidu_jgylogo3[1].gif (705 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\481GHTKC.txt (215 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat (16 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\u=3559944336,2377270090&fm=85&s=7C2C34727F667F241A791DC30100E0B1[1].jpg (892 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\jquery-1.10.2.min_65682a2[1].js (51044 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\every_cookie_a70bc15[2].js (10100 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\baidu_jgylogo3[1].gif (705 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\C9KHJ3UR.txt (442 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\zbios_efde696[1].png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\u=2109705242,1457518671&fm=85&s=FE3A65CA47F296790CE9740B0100A0C0[1].jpg (232 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\down[1] (748 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\ErrorPageTemplate[1] (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\u=2180535449,1072796147&fm=58[1].jpg (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\ErrorPageTemplate[1] (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\S4XQXWFZ.txt (627 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\env[1].swf (1540 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\4Z567E5H.txt (627 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Internet Explorer\UserData\P80YD9NJ\userDataBIDUPSID[1].xml (54 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\down[1] (748 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\u=1168239479,2757861393&fm=85&s=D5A8F758C671927E5E6D68120300E0C2[1].jpg (959 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\9GXYFOY0.txt (442 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\u=2918453312,4167841404&fm=58[1].jpg (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\u=973491904,2749729385&fm=58[1].jpg (250 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\background_gradient[1] (453 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\u=2680798957,2314482243&fm=85&s=A1C1B84AB01135740650341F030080D0[1].jpg (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\EA873JVK.txt (79 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\httpErrorPagesScripts[1] (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\env[1].swf (1540 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Internet Explorer\DOMStore\WMZUWJRG\www.baidu[1].xml (465 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\info_48[1] (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\Y2H690ZB.txt (627 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\u=1487216520,2142273717&fm=77&s=51981DD7560244E2C0ADF87503001068[1].jpg (573 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\errorPageStrings[1] (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\bdsug_async_97a395d[1].js (15547 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\u=205925506,3321613877&fm=77&s=C720BDE0CF430ACC02D1FD10030080D3[1].jpg (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\UWKZJJGO.txt (442 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\all_async_search_643de1e[1].js (150836 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\2Y4JQNC9.txt (298 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\quickdelete_33e3eb8[1].png (1100 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\http_400_webOC[1] (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\XBDSXIM1.txt (102 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\info_48[1] (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\u=1456033670,915884646&fm=77&s=59E503C2CBE4925956E17F9D0200D006[1].jpg (491 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\bullet[1] (447 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\his[1].htm (222 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\u=1402777896,2832812784&fm=58[1].jpg (233 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\nu_instant_search_08089ad[1].js (19390 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\error[1].htm (1798 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\u=2868708523,715225592&fm=58[1].jpg (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\bullet[1] (447 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\background_gradient[1] (453 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\baidu[1].htm (21048 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\u=1661938696,720667100&fm=58[1].jpg (232 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\baidu_com[1].htm (9050 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\nu_instant_search_08089ad[1].js (13551 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\aladdinIcon-1.0[1].gif (534 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\bd_logo1[1].png (7 bytes)
C:\CFÃƒÅ½Ã‚Â¨Ã‚Â°Ã‚Â®Ã‚Â¸Ã‚Â¨Ãƒâ€“ÃƒÂºÃƒâ€¹Ã‚ÂµÃƒÆ’ÃƒÂ·.txt (540 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Internet Explorer\UserData\6E811UHO\userDataBIDUPSID[1].xml (54 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#s1.bdstatic.com\settings.sxx (725 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\u=3070612118,1360677541&fm=58[1].jpg (892 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NBXZ88BJ\s1.bdstatic.com\sharedObjectBIDUPSID.sxx (174 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\httpErrorPagesScripts[1] (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\u=1160236147,2478472682&fm=77&s=03307B8403E206B8F715689D0300D082[1].jpg (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\every_cookie_a70bc15[1].js (10100 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\http_400_webOC[1] (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\S9XOM1N4.txt (442 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\errorPageStrings[1] (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\quickdelete_33e3eb8[1].png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\o_0108[1].swf (1521 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\jquery-1.10.2.min_65682a2[1].js (50967 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sxx (543 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\bdsug_async_97a395d[1].js (15547 bytes)

The Trojan deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\5M9OQRTW.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Internet Explorer\UserData\6E811UHO\userDataBIDUPSID[1].xml (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\Y2H690ZB.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\ErrorPageTemplate[1] (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\S4XQXWFZ.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\jquery-1.10.2.min_65682a2[1].js (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NBXZ88BJ\s1.bdstatic.com\sharedObjectBIDUPSID.sol (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\C9KHJ3UR.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\down[1] (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\baidu_jgylogo3[1].gif (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\9GXYFOY0.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\background_gradient[1] (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\EA873JVK.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\httpErrorPagesScripts[1] (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\quickdelete_33e3eb8[1].png (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\errorPageStrings[1] (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\all_async_search_643de1e[1].js (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\2Y4JQNC9.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\nu_instant_search_08089ad[1].js (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\XBDSXIM1.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\info_48[1] (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\bullet[1] (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\bdsug_async_97a395d[1].js (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#s1.bdstatic.com\settings.sol (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\every_cookie_a70bc15[1].js (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\http_400_webOC[1] (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\481GHTKC.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\env[1].swf (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NBXZ88BJ\s1.bdstatic.com\sharedObjectBIDUPSID.sxx (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\S9XOM1N4.txt (0 bytes)

Registry activity

The process %original file name%.exe:3308 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData]
"CacheOptions" = "8"

[HKLM\SOFTWARE\Microsoft\Tracing\697bc854d117ba0556912f8c445033fc_RASMANCS]
"EnableFileTracing" = "0"

[HKCU\Software\Microsoft\Internet Explorer\DOMStorage\baidu.com]
"(Default)" = "40"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData]
"CacheLimit" = "1000"

[HKLM\SOFTWARE\Microsoft\Tracing\697bc854d117ba0556912f8c445033fc_RASAPI32]
"EnableConsoleTracing" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKLM\SOFTWARE\Microsoft\Tracing\697bc854d117ba0556912f8c445033fc_RASMANCS]
"EnableConsoleTracing" = "0"

[HKCU\Software\Microsoft\Internet Explorer\DOMStorage\Total]
"(Default)" = "91313"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "1354711917"

[HKLM\SOFTWARE\Microsoft\Tracing\697bc854d117ba0556912f8c445033fc_RASAPI32]
"ConsoleTracingMask" = "4294901760"
"FileDirectory" = "%windir%\tracing"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name" = "%original file name%.exe"

[HKLM\SOFTWARE\Microsoft\Tracing\697bc854d117ba0556912f8c445033fc_RASMANCS]
"FileTracingMask" = "4294901760"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 3E 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Tracing\697bc854d117ba0556912f8c445033fc_RASAPI32]
"EnableFileTracing" = "0"

[HKLM\SOFTWARE\Microsoft\Tracing\697bc854d117ba0556912f8c445033fc_RASMANCS]
"MaxFileSize" = "1048576"
"ConsoleTracingMask" = "4294901760"

[HKLM\SOFTWARE\Microsoft\Tracing\697bc854d117ba0556912f8c445033fc_RASAPI32]
"MaxFileSize" = "1048576"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData]
"CachePath" = "%APPDATA%\Microsoft\Internet Explorer\UserData"

[HKLM\SOFTWARE\Microsoft\Tracing\697bc854d117ba0556912f8c445033fc_RASAPI32]
"FileTracingMask" = "4294901760"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData]
"CacheRepair" = "0"
"CachePrefix" = "UserData"

[HKLM\SOFTWARE\Microsoft\Tracing\697bc854d117ba0556912f8c445033fc_RASMANCS]
"FileDirectory" = "%windir%\tracing"

[HKCU\Software\Microsoft\Multimedia\DrawDib]
"vga.drv 1276x846x32(BGR 0)" = "31,31,31,31"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"ProxyOverride"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

Dropped PE files

There are no dropped PE files.

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

Company Name: CF??www.cftiyanfu.com
Product Name: CF??www.cftiyanfu.com
Product Version: 1.0.0.0
Legal Copyright: CF??www.cftiyanfu.com
Legal Trademarks:
Original Filename:
Internal Name:
File Version: 1.0.0.0
File Description: CF??www.cftiyanfu.com
Comments: CF??www.cftiyanfu.com
Language: Chinese (Simplified, PRC)

PE Sections

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Section MD5
	4096	1421312	0	0	d41d8cd98f00b204e9800998ecf8427e
	1425408	1503232	1501184	5.54508	6514dde041783f8b38c68dffe5368fd8
.rsrc	2928640	8192	7168	3.35499	9fd651b458a06b804c8f5caf79dae3af
trc6	2936832	8209	3431	5.38485	a5d4519555f108b438807becd8c28fda

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

URL	IP
hxxp://www.a.shifen.com/baidu?word=CF316250260256
hxxp://www.cftiyanfu.com/zg1.txt
hxxp://www.cftiyanfu.com/youxicaitu/youxicaitu.html
hxxp://www.cftiyanfu.com/jiemiancaitu/ct.htm
hxxp://www.a.shifen.com/img/bd_logo1.png
hxxp://www.a.shifen.com/cache/global/img/aladdinIcon-1.0.gif
hxxp://simage.jomodns.com/it/u=2918453312,4167841404&fm=58
hxxp://simage.jomodns.com/it/u=2180535449,1072796147&fm=58
hxxp://simage.jomodns.com/it/u=1456033670,915884646&fm=77&s=59E503C2CBE4925956E17F9D0200D006
hxxp://simage.jomodns.com/it/u=1168239479,2757861393&fm=85&s=D5A8F758C671927E5E6D68120300E0C2
hxxp://simage.jomodns.com/it/u=1160236147,2478472682&fm=77&s=03307B8403E206B8F715689D0300D082
hxxp://simage.jomodns.com/it/u=205925506,3321613877&fm=77&s=C720BDE0CF430ACC02D1FD10030080D3
hxxp://simage.jomodns.com/it/u=3070612118,1360677541&fm=58
hxxp://simage.jomodns.com/it/u=3559944336,2377270090&fm=85&s=7C2C34727F667F241A791DC30100E0B1
hxxp://simage.jomodns.com/it/u=1487216520,2142273717&fm=77&s=51981DD7560244E2C0ADF87503001068
hxxp://simage.jomodns.com/it/u=2680798957,2314482243&fm=85&s=A1C1B84AB01135740650341F030080D0
hxxp://simage.jomodns.com/it/u=2109705242,1457518671&fm=85&s=FE3A65CA47F296790CE9740B0100A0C0
hxxp://www.a.shifen.com/
hxxp://www.a.shifen.com/img/baidu_jgylogo3.gif
hxxp://wwwbaidu.jomodns.com/r/www/cache/static/jquery/jquery-1.10.2.min_65682a2.js
hxxp://simage.jomodns.com/it/u=1402777896,2832812784&fm=58
hxxp://simage.jomodns.com/it/u=2868708523,715225592&fm=58
hxxp://simage.jomodns.com/it/u=973491904,2749729385&fm=58
hxxp://wwwbaidu.jomodns.com/r/www/cache/static/home/img/qrcode/zbios_efde696.png
hxxp://simage.jomodns.com/it/u=1661938696,720667100&fm=58
hxxp://wwwbaidu.jomodns.com/r/www/cache/static/global/img/icons_5859e57.png
hxxp://wwwbaidu.jomodns.com/r/www/cache/static/global/js/all_async_search_643de1e.js
hxxp://wwwbaidu.jomodns.com/r/www/cache/static/plugins/every_cookie_a70bc15.js
hxxp://wwwbaidu.jomodns.com/r/www/cache/static/plugins/env.swf
hxxp://c.e.shifen.com/c.gif?t=0&q=CFÎ¨°®&p=0&pn=1
hxxp://wisesin.gshifen.com/nocache/s.gif&ran=1495029271329
hxxp://s.a.shifen.com/w.gif?q=CFÎ¨°®&fm=se&T=1495029244&y=6FBF9F6F&rsv_cache=0&rsv_pre=0&rsv_reh=110_86_110_121_105_86_86_110_86_86\|304_128&rsv_scr=1000_1587_820_529_846_1276&rsv_psid=120A51A015E1ABF13022E9FBA054D339&rsv_pstm=1495029253&rsv_idc=&rsv_sid=1445_21103_18559_17001_22581&cid=0&qid=d087a5ca00006d17&t=1495029271336&rsv_iorr=1&rsv_tn=baidu&rsv_ssl=0&path=http://www.baidu.com/baidu?word=CFÃŽÂ¨Â°Â®&rsv_did=87edb0e87b0cd15cf9cbb37cbc8b7d34
hxxp://static.n.shifen.com/v.gif?pid=201&pj=www&fm=behs&tab=baidu_browsershow&path=http://www.baidu.com/baidu?word=CFÃŽÂ¨Â°Â®&wd=CFÎ¨°®&rsv_sid=1445_21103_18559_17001_22581&rsv_did=4deb4b2213336b253567874d6003399b&t=1495029271293
hxxp://www.a.shifen.com/search/error.html
hxxp://www.a.shifen.com/nocache/fesplg/s.gif?url=//sptcdnsin.baidu.com/nocache/s.gif&time=&suc=0&type=aboard&dev=pc&protocol=http:&ran=1495029272874
hxxp://www.a.shifen.com/cache/fpid/ielib_0108.js
hxxp://www.a.shifen.com/cache/fpid/o_0108.swf
hxxp://wwwbaidu.jomodns.com/r/www/cache/static/home/js/nu_instant_search_08089ad.js
hxxp://wwwbaidu.jomodns.com/r/www/cache/static/sug/js/bdsug_async_97a395d.js
hxxp://wwwbaidu.jomodns.com/r/www/cache/static/global/img/quickdelete_33e3eb8.png
hxxp://www.a.shifen.com/his?wd=&from=pc_web&rf=3&hisdata=&json=1&p=3&sid=1445_21125_18559_17001_22157&bs=CFå”¯çˆ±&csor=0&cb=jQuery11020410198236008434_1495029262128&_=1495029262129
hxxp://www.a.shifen.com/his?wd=&from=pc_web&rf=3&hisdata=&json=1&p=3&sid=1445_21125_18559_17001_22157&csor=0&cb=jQuery1102059609836055119_1495029265816&_=1495029265817
hxxp://www.baidu.com/his?wd=&from=pc_web&rf=3&hisdata=&json=1&p=3&sid=1445_21125_18559_17001_22157&csor=0&cb=jQuery1102059609836055119_1495029265816&_=1495029265817
hxxp://i9.baidu.com/it/u=1168239479,2757861393&fm=85&s=D5A8F758C671927E5E6D68120300E0C2	119.146.74.48
hxxp://s1.bdstatic.com/r/www/cache/static/sug/js/bdsug_async_97a395d.js	119.146.74.40
hxxp://t12.baidu.com/it/u=2180535449,1072796147&fm=58	119.146.74.48
hxxp://www.baidu.com/img/bd_logo1.png
hxxp://sclick.baidu.com/w.gif?q=CFÎ¨°®&fm=se&T=1495029244&y=6FBF9F6F&rsv_cache=0&rsv_pre=0&rsv_reh=110_86_110_121_105_86_86_110_86_86\|304_128&rsv_scr=1000_1587_820_529_846_1276&rsv_psid=120A51A015E1ABF13022E9FBA054D339&rsv_pstm=1495029253&rsv_idc=&rsv_sid=1445_21103_18559_17001_22581&cid=0&qid=d087a5ca00006d17&t=1495029271336&rsv_iorr=1&rsv_tn=baidu&rsv_ssl=0&path=http://www.baidu.com/baidu?word=CFÃŽÂ¨Â°Â®&rsv_did=87edb0e87b0cd15cf9cbb37cbc8b7d34	123.125.115.95
hxxp://s1.bdstatic.com/r/www/cache/static/home/js/nu_instant_search_08089ad.js	119.146.74.40
hxxp://i9.baidu.com/it/u=2109705242,1457518671&fm=85&s=FE3A65CA47F296790CE9740B0100A0C0	119.146.74.48
hxxp://t12.baidu.com/it/u=2918453312,4167841404&fm=58	119.146.74.48
hxxp://s1.bdstatic.com/r/www/cache/static/jquery/jquery-1.10.2.min_65682a2.js	119.146.74.40
hxxp://i8.baidu.com/it/u=205925506,3321613877&fm=77&s=C720BDE0CF430ACC02D1FD10030080D3	119.146.74.48
hxxp://www.baidu.com/his?wd=&from=pc_web&rf=3&hisdata=&json=1&p=3&sid=1445_21125_18559_17001_22157&bs=CFå”¯çˆ±&csor=0&cb=jQuery11020410198236008434_1495029262128&_=1495029262129
hxxp://t11.baidu.com/it/u=1661938696,720667100&fm=58	119.146.74.48
hxxp://i8.baidu.com/it/u=1160236147,2478472682&fm=77&s=03307B8403E206B8F715689D0300D082	119.146.74.48
hxxp://sptcdnsin.baidu.com/nocache/s.gif&ran=1495029271329
hxxp://www.baidu.com/
hxxp://s1.bdstatic.com/r/www/cache/static/home/img/qrcode/zbios_efde696.png	119.146.74.40
hxxp://i7.baidu.com/it/u=3559944336,2377270090&fm=85&s=7C2C34727F667F241A791DC30100E0B1	119.146.74.48
hxxp://s1.bdstatic.com/r/www/cache/static/global/img/icons_5859e57.png	119.146.74.40
hxxp://s1.bdstatic.com/r/www/cache/static/global/js/all_async_search_643de1e.js	119.146.74.40
hxxp://www.baidu.com/cache/fpid/ielib_0108.js
hxxp://www.baidu.com/baidu?word=CF....
hxxp://t10.baidu.com/it/u=1402777896,2832812784&fm=58	119.146.74.48
hxxp://s1.bdstatic.com/r/www/cache/static/global/img/quickdelete_33e3eb8.png	119.146.74.40
hxxp://www.baidu.com/cache/global/img/aladdinIcon-1.0.gif
hxxp://i8.baidu.com/it/u=2680798957,2314482243&fm=85&s=A1C1B84AB01135740650341F030080D0	119.146.74.48
hxxp://t12.baidu.com/it/u=3070612118,1360677541&fm=58	119.146.74.48
hxxp://t11.baidu.com/it/u=973491904,2749729385&fm=58	119.146.74.48
hxxp://s1.bdstatic.com/r/www/cache/static/plugins/every_cookie_a70bc15.js	119.146.74.40
hxxp://c.baidu.com/c.gif?t=0&q=CFÎ¨°®&p=0&pn=1	123.125.114.64
hxxp://i9.baidu.com/it/u=1456033670,915884646&fm=77&s=59E503C2CBE4925956E17F9D0200D006	119.146.74.48
hxxp://i7.baidu.com/it/u=1487216520,2142273717&fm=77&s=51981DD7560244E2C0ADF87503001068	119.146.74.48
hxxp://s1.bdstatic.com/r/www/cache/static/plugins/env.swf	119.146.74.40
hxxp://nsclick.baidu.com/v.gif?pid=201&pj=www&fm=behs&tab=baidu_browsershow&path=http://www.baidu.com/baidu?word=CFÃŽÂ¨Â°Â®&wd=CFÎ¨°®&rsv_sid=1445_21103_18559_17001_22581&rsv_did=4deb4b2213336b253567874d6003399b&t=1495029271293	115.239.211.92
hxxp://www.baidu.com/nocache/fesplg/s.gif?url=//sptcdnsin.baidu.com/nocache/s.gif&time=&suc=0&type=aboard&dev=pc&protocol=http:&ran=1495029272874
hxxp://t11.baidu.com/it/u=2868708523,715225592&fm=58	119.146.74.48
hxxp://www.baidu.com/img/baidu_jgylogo3.gif
hxxp://www.baidu.com/cache/fpid/o_0108.swf
hxxp://www.baidu.com/search/error.html
dns.msftncsi.com	131.107.255.255
eclick.baidu.com

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

ET POLICY Unsupported/Fake Windows NT Version 5.0

Traffic

GET /c.gif?t=0&q=CFÎ¨°®&p=0&pn=1 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.baidu.com/baidu?word=CF........

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: c.baidu.com

Connection: Keep-Alive

Cookie: BAIDUID=120A51A015E1ABF13022E9FBA054D339:FG=1; BIDUPSID=120A51A015E1ABF13022E9FBA054D339; PSTM=1495029253; PSINO=7; H_PS_PSSID=1445_21125_18559_17001_22157


HTTP/1.1 204 No Content

Cache-Control: private

Content-Type: text/html

Server: BWS/1.0

Content-Length: 0

...

GET /it/u=2180535449,1072796147&fm=58 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.baidu.com/baidu?word=CF........

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: t12.baidu.com

Connection: Keep-Alive

Cookie: BAIDUID=58ED57824CAC09EFF69665AF5A5A6B96:FG=1; BIDUPSID=58ED57824CAC09EFF69665AF5A5A6B96; PSTM=1495029244; PSINO=7; H_PS_PSSID=1445_21103_18559_17001_22581


HTTP/1.1 200 OK

Server: JSP3/2.0.14

Date: Wed, 17 May 2017 13:54:09 GMT

Content-Type: image/jpeg

Content-Length: 2763

Connection: keep-alive

ETag: afbdb9492e15f252562fcc70ba4fb115

Last-Modified: Thu, 01 Jan 1970 00:00:00 GMT

Expires: Mon, 22 May 2017 01:12:14 GMT

Age: 1922648

Cache-Control: max-age=2628000

Accept-Ranges: bytes

Access-Control-Allow-Origin: *

Ohc-Response-Time: 1 0 0 0 0 0

Timing-Allow-Origin: hXXp://VVV.baidu.com
......JFIF.............C..............................................
!........."$".$.......C...............................................
........................K.K.."........................................
.A.........................!.1.AQ."aq...#2.........BU.$>RT..........
...........................4.........................!1AQa..q..."2....
.#34Br..............?..a....2.\.B!r.,q.....=.\j.?YN.(w.*3....!......j.
.o6..R...Q.p.=..;..SUT.td.E.....?.............5yc@6.:.Z .Z...J%....^..
.....n...J.FZ.#5g..".C.a..hy.L2..y.U,A(.....*e...J.(YL.@.9$c......:..2
d..~6.Q~.... k.C.....I...w..T.....9..-......n.4...i...2..q.@.@....;..f
.{..[}....a..M.8..N@..x...P...ud..!.P...$.O.!{..T...8...`.e.. .6X.v...
...9n....\.R..%........T....9.j...>(....`.5Ir...1.5T>....1.U2...
..x...X...PX.tSu..J.).SR,......Lx.....A...;2.Xl..t.Hm.6k....w....D ...
M4.P....)...~.#..~?.../Q.ON...H...)...[Rzg...0.0[-.p......y.(F.d...G..
]?Iu.b.Nt..Q@.?.i.*...{...$.Y.5.3X.x .....L..................:....KKUD
.....u,.......8..-n....n.K.....<Y.X..#...a.`;...=AT..g.E..SO....D.0
9r...|4J..N.8.?e.....{.?..w>...z........N.....4I".$.....'.p...y'LAn
......:.......z.(.D%k........r.u#..4,......#.......MH.F.<.8=K.F..Q~
|......8..t...ur.... .h..0.D.IM..d.cF....@#n~>z.}W..kE.B......_...9
.:-...zJw0..A..W....\ v.9....:.y....=l.<z.^..U(.V..b...2...rN.Ma.9.
.y.=9..SL.Fv...I...;..:..US.UM...""U.dEd...y....T...SV,2...H...PcH.C.a
.g...c......$*..K.A..%.hh......9@..@....Z..]..N..u....WOU'......h.....
..<.=\.9.....M.d...\*..V?.Hr2<5..'.0>`..b.]W.t..=l..fy*VO<<< skipped >>>

GET /it/u=1456033670,915884646&fm=77&s=59E503C2CBE4925956E17F9D0200D006 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.baidu.com/baidu?word=CF........

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: i9.baidu.com

Connection: Keep-Alive

Cookie: BAIDUID=58ED57824CAC09EFF69665AF5A5A6B96:FG=1; BIDUPSID=58ED57824CAC09EFF69665AF5A5A6B96; PSTM=1495029244; PSINO=7; H_PS_PSSID=1445_21103_18559_17001_22581


HTTP/1.1 200 OK

Server: JSP3/2.0.14

Date: Wed, 17 May 2017 13:54:09 GMT

Content-Type: image/jpeg

Content-Length: 15049

Connection: keep-alive

ETag: cea4cac3974cd115cbbaa730b73a5668

Last-Modified: Thu, 01 Jan 1970 00:00:00 GMT

Expires: Mon, 22 May 2017 16:46:36 GMT

Age: 1683487

Cache-Control: max-age=2628000

Accept-Ranges: bytes

Access-Control-Allow-Origin: *

Ohc-Response-Time: 1 0 0 0 0 0

Timing-Allow-Origin: hXXp://VVV.baidu.com
......JFIF.....`.`.....C..............................................
......................C...............................................
........................K.K...........................................
.....................................!"#2.$%1Q........................
...........1...............................#.!".14A.2Q$3DSa...........
.?..,..d.2..>............9%.2..._Q. _'.}.:*V...Qp.P.".3t......g.&..
........o_..`iA[..jV"b .........x..........Y$|_..a.d}...SI.....m...kH.
"..)b?1.>e...n>q...._...G.9...q........13.......=b=g......Y.....
......f?.V=m...D.V&...Y..O.z.G...~./.uYg.Z^...Cx..<.K..64{V5.{...5.
.X.^.......Q........J..B9Q........n.....}/.hp...5..X..p..._....Q}{..i.
..h...z.z..GJ......5..i.m.c.-09.[._hmb...4..V".....z...9T.....v..A..N.
e.?...{..YoTz.wa...k....ml'....M........p...wg.^.n.usr.'.....1M....;..
-..\....kT.z....s... .Z.PJ. ..T.......KO..-''..J...b..G..z.....z.g....
..../.z. ..;hv.W;....p.Xm.!.k...."h..I.n..}Q..[....R..KR.N4.x/j.|&^..V
0....<N.........u..s?.Lm.d[......@.p....w...V.bB;..,.Q`......W.,I..
...^....H.k..s......B..J...Qh...w*..;...v......MN6v.]..%h.. .k....,..W
.oy....-t.....O.}..9.........#b.jUS..../K...GH...%.j.&..I.\..~*......)
.6..~.$......OI.O...:...p....]Hzx......e.....R...7'..D6.U]..z.5 ..*...
MU*...1...<.....{.]?.=_$.48j.H....y)...a..c..jV..P.b3...(W........l
.h.i.B..5#-iOu.X..f)......R..)i.M.i...3\...2. .......y.c/....%...IF_..
.'.g.....d.\....$.I"...y.......&bb....I.^}.....A.I.eFV,...as..KE......
.."Mm.....'...K..{e.|G9.....s.......s..|.....1...h..G.............<<< skipped >>>

GET /v.gif?pid=201&pj=www&fm=behs&tab=baidu_browsershow&path=http://VVV.baidu.com/baidu?word=CFÃŽÂ¨Â°Â®&wd=CFÎ¨°®&rsv_sid=1445_21103_18559_17001_22581&rsv_did=4deb4b2213336b253567874d6003399b&t=1495029271293 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.baidu.com/baidu?word=CF........

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: nsclick.baidu.com

Connection: Keep-Alive

Cookie: BAIDUID=120A51A015E1ABF13022E9FBA054D339:FG=1; BIDUPSID=120A51A015E1ABF13022E9FBA054D339; PSTM=1495029253; PSINO=7; H_PS_PSSID=1445_21125_18559_17001_22157


HTTP/1.1 200 OK

Accept-Ranges: bytes

Cache-Control: max-age=0

Content-Length: 0

Content-Type: image/gif

Date: Wed, 17 May 2017 13:54:32 GMT

Etag: "4280832337"

Expires: Wed, 17 May 2017 13:54:32 GMT

Last-Modified: Fri, 23 Oct 2009 08:06:04 GMT

Pragma: no-cache

Server: BWS/1.0

HTTP/1.1 200 OK..Accept-Ranges: bytes..Cache-Control: max-age=0..Conte
nt-Length: 0..Content-Type: image/gif..Date: Wed, 17 May 2017 13:54:32
 GMT..Etag: "4280832337"..Expires: Wed, 17 May 2017 13:54:32 GMT..Last
-Modified: Fri, 23 Oct 2009 08:06:04 GMT..Pragma: no-cache..Server: BW
S/1.0..

GET /it/u=1168239479,2757861393&fm=85&s=D5A8F758C671927E5E6D68120300E0C2 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.baidu.com/baidu?word=CF........

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: i9.baidu.com

Connection: Keep-Alive

Cookie: BAIDUID=58ED57824CAC09EFF69665AF5A5A6B96:FG=1; BIDUPSID=58ED57824CAC09EFF69665AF5A5A6B96; PSTM=1495029244; PSINO=7; H_PS_PSSID=1445_21103_18559_17001_22581


HTTP/1.1 200 OK

Server: JSP3/2.0.14

Date: Wed, 17 May 2017 13:54:09 GMT

Content-Type: image/jpeg

Content-Length: 2886

Connection: keep-alive

Access-Control-Allow-Origin: *

Expires: Fri, 16 Jun 2017 23:54:09 GMT

Cache-Control: max-age=2628000

Last-Modified: Thu, 01 Jan 1970 00:00:00 GMT

ETag: cee788630aa031b34f714534bc658563

Timing-Allow-Origin: hXXp://VVV.baidu.com

......JFIF.............C..............................................
!........."$".$.......C...............................................
........................K.y..".......................................&
lt;.........................!1.."AQ.aq..2RS....$B....#Tb3C............
.....................".......................!1.."2AQ.............?.S.
..H.4.Y.`.....5_&.bX...!.U.....Z.F.G.P........8...........v.Z........w
c............9....i".....\zW.9.9I.)bOx....n.{A-.H.eWS.....4.3..p...X.n
..c......... )..<..i.......M(\.I<2...E$`...R...[..r....V8o..U...
...,O....Y.. .....6.......@.w=..H88e.Fyt..S.FUs......]..V.n..4..&b.>
;...p.:.Qt.#)5.....n........f.K.34R..q......VY@......l..7f.-.RA.bA..?.
.X........<...m...*}:$...3...]..-l|;bBO.............>.o.....m&G.
.;..b......9.9.yq..V.;(G...A1.....,T.7.....W..-...........?...w...k.g]
. ..ed8yw.a.&....1R..}.Y|t.$.....#h.o!B......[.gl%.>/..O.^.7C... ..
8.#..F...x..7 |..P..:..H...@.OQQwl.A.....5..Q.$.3,y....yc.zt..D7.q...H
TTP/1.1 200 OK..Server: JSP3/2.0.14..Date: Wed, 17 May 2017 13:54:09 G
MT..Content-Type: image/jpeg..Content-Length: 2886..Connection: keep-a
live..Access-Control-Allow-Origin: *..Expires: Fri, 16 Jun 2017 23:54:
09 GMT..Cache-Control: max-age=2628000..Last-Modified: Thu, 01 Jan 197
0 00:00:00 GMT..ETag: cee788630aa031b34f714534bc658563..Timing-Allow-O
rigin: hXXp://VVV.baidu.com........JFIF.............C.................
.............................!........."$".$.......C..................
.....................................................K.y..".......

<<< skipped >>>

GET /it/u=2109705242,1457518671&fm=85&s=FE3A65CA47F296790CE9740B0100A0C0 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.baidu.com/baidu?word=CF........

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: i9.baidu.com

Connection: Keep-Alive

Cookie: BAIDUID=58ED57824CAC09EFF69665AF5A5A6B96:FG=1; BIDUPSID=58ED57824CAC09EFF69665AF5A5A6B96; PSTM=1495029244; PSINO=7; H_PS_PSSID=1445_21103_18559_17001_22581


HTTP/1.1 200 OK

Server: JSP3/2.0.14

Date: Wed, 17 May 2017 13:54:12 GMT

Content-Type: image/jpeg

Content-Length: 3076

Connection: keep-alive

ETag: befd80634b07074f30413f61069f9f03

Last-Modified: Thu, 01 Jan 1970 00:00:00 GMT

Expires: Mon, 22 May 2017 03:09:20 GMT

Age: 2138340

Cache-Control: max-age=2628000

Accept-Ranges: bytes

Access-Control-Allow-Origin: *

Ohc-Response-Time: 1 0 0 0 0 0

Timing-Allow-Origin: hXXp://VVV.baidu.com
......JFIF.....`.`.....C..............................................
!........."$".$.......C...............................................
........................K.y..........................................;
.........................!1.."AQa.2q.....#3Rb.....BSr.................
................(......................!.1A2Qa..".q................?..
.........Z.{....@VFu.8^0G.'............[%kyu! r.!...v...[qE..#.v{P....
^B...6..1.T......f......I..h.?.......06..Zf..!..3.:...C..|.]..p....s..
..^.......y.2qq.?Ks..V....,..qg.].gB7..t$.....|..y...F.....ZY........!
?x...I...>.|.sn:........m?...i.. .8.........r...>N2M6..|.Z4...XB
....G....4O..._...).. VJ...,`S.u..(.T.p..p..1.A.=..z........U,....*...
..RN=.\.SL..o.j.Gc...%..$....=}...ez .$...3.........3.yk]....O.......Z
&.m..[hM.<i...y...|D..y.\..X.....K9n..h...Qcr.|.c.S....N....-..$`#2
oUS.I...[.....~....m-.il.x&.3In.#..Fr@...R.M.8....!.rc..i...|.....N...
.....bDR.d$.z.n..j{...{zS..Np.yP....@HS.......i..=.>......!@u.)...G
.......a{....8.... .s..r......[.:...q._...b..B......kV-.Aj.4p.._.=...=
.........8-....*<.FK..R.d..EUn.,..epz...u.#iwi3j2`.e.*.t.......h:.v
s#..... $Ci...e:....]..`....^..B.Q......m*.9|k.G..B....."......n.{W..4
.....&...=.......8..((....hI......"7Rq.H..q.q..F.[h....K7L..4..../.H..
..9..0...t"....4..F..Cc5.0...C;.u..!H.c...'L.o`F.......R....t{....|.mq
....y.jQ..6.h....h.B....h.P...k..K.e;.Aa.yyS...-..,YDg.1.j.x;.X.....7.
~U6.z8.K..&M...I....K..N......i....p.p(&.V.9..#.\m.}..I.%H.J...N:.P...
......,.e8WM...5.j.]....f...R..7..V.{......**..l.A8.n~....r.......<<< skipped >>>

GET /it/u=2868708523,715225592&fm=58 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.baidu.com/baidu?word=CF........

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: t11.baidu.com

Connection: Keep-Alive

Cookie: BAIDUID=58ED57824CAC09EFF69665AF5A5A6B96:FG=1; BIDUPSID=58ED57824CAC09EFF69665AF5A5A6B96; PSTM=1495029244; PSINO=7; H_PS_PSSID=1445_21103_18559_17001_22581


HTTP/1.1 200 OK

Server: JSP3/2.0.14

Date: Wed, 17 May 2017 13:54:20 GMT

Content-Type: image/jpeg

Content-Length: 2729

Connection: keep-alive

ETag: a7bd4db59ab12d584ddf6eeb89892cfe

Last-Modified: Thu, 01 Jan 1970 00:00:00 GMT

Expires: Tue, 23 May 2017 17:47:57 GMT

Age: 2095583

Cache-Control: max-age=2628000

Accept-Ranges: bytes

Access-Control-Allow-Origin: *

Ohc-Response-Time: 1 0 0 0 0 0

Timing-Allow-Origin: hXXp://VVV.baidu.com
......JFIF.............C..............................................
!........."$".$.......C...............................................
........................K.K..".......................................9
.........................!1A..Qa."q..B..#2R...$3..bt..................
.........................................!.1AQq..a....."...B..........
....?.G..]-} .I.(..P.M...=5^..)..mVE.WLD.v.....F..\i.jD.#.%.M.}..u!...
f..NE...^:..j.........H.Q.s..NW'?...j.....F.....R.......}V.6X...B.....
../..f...N.8.lj..N...V..f....R.c...............r\....8P4D.........hL..
.%.A...q..u*..b....\.....R.j2j.l.@.V..Q.nRq.....H..O-\.X3!....I'..eJ..
..,aNY.........u..6g2e...D@.....hJY..m,.%J......R......rO....-..%.n...
3>......[I...U.#Tg%.p=1...K...%D.rH.A....N.......mI?B..?..r.i....d.
.....>...a...Z..a...D......uV.BW.=5dy_.L....A.4JhCy.`.^.....f7.....
.....1.'...8.I......&7....m.. .x.@.@.......K.....T&,.:0..8<...R.(x.
...<..3....t{...,s.AW[.u.....{..|.....aWz6FGp=u...m..-..#......5..R
.....W..e..I.".U..2.T..g.%....N.I.T..-..qWF.)..a..r1..E.*:.@...WTI-.#.
....p..vb..&9.....Ai..!...k.v.Z........S...9..$d..:..<.R.Q..;.S...z
.Py....1.3...u...........5...P.L....0...:......=Os...#M.h..i%......^.s
..[;.u#LEf:...].\...("...$.7....^......=....:5g.......=..Y *.M...6..'q
......!C.j.I.*.s..j.........Zo.o........b.{...s...I{..[H..Q.v....Q.j..
.&..() ..U.9....ON...}.....kT...|./\S...e...O...p.).......g ....*.I.i.
w.&3.:.$O(....'.:B......y.....#.3~.. .]#....:.Ge...88.tN.T...........T
.v....``pr}..E......&"D....8.?\j..#.Z)N2.v....{.A,.6..v..U...)....<<< skipped >>>

GET /it/u=973491904,2749729385&fm=58 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.baidu.com/baidu?word=CF........

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: t11.baidu.com

Connection: Keep-Alive

Cookie: BAIDUID=58ED57824CAC09EFF69665AF5A5A6B96:FG=1; BIDUPSID=58ED57824CAC09EFF69665AF5A5A6B96; PSTM=1495029244; PSINO=7; H_PS_PSSID=1445_21103_18559_17001_22581


HTTP/1.1 200 OK

Server: JSP3/2.0.14

Date: Wed, 17 May 2017 13:54:23 GMT

Content-Type: image/jpeg

Content-Length: 9111

Connection: close

ETag: 95f227c4668d46b45e79372e2d31d472

Last-Modified: Thu, 01 Jan 1970 00:00:00 GMT

Expires: Sun, 11 Jun 2017 21:10:17 GMT

Age: 441846

Cache-Control: max-age=2628000

Accept-Ranges: bytes

Access-Control-Allow-Origin: *

Ohc-Response-Time: 1 0 0 0 0 0

Timing-Allow-Origin: hXXp://VVV.baidu.com
......JFIF.....`.`.....C..............................................
......................C...............................................
........................[.y...........................................
.H............................!.1A.."Qa.#2q...RUV..........$%3S..BCWXb
d..................................@.........................!1.AQa"..
2q.......#R..$BSr.3b...4T...............?.....o.Q....f..6..@..5...N..:
.d.#.8.......0..-..*..:E..7...i.....if.....an...o:m.....Tw......".y.jk
.4..[.([..T.H[.|.D.x.BE5<U.k....UH........%.._K.......r...>:(2.i
T......^.D.{.b/9.u.IQ-..F..|.......sR.../.OV...*......(.$Zd.`..~.sP.) 
.....r;`..9.c......N.T:.9........"g.x..vI.U.-....Y;gm..Sr.b<.....T7
.J}-(<.\.....2.....:..1jj........?{...0...!...!.}....M......a.*V...
..(.a.Js.._(/2.JV.G%.*.... JL~......`:r.^.C.xC.s..;b.T=...6.|....?. ..
.QTW03Jv.*0...% m.v:..!).....,. f.e.c!.A..r.....C%.p..?e:..^T.5..,.c.e
.......:.,."K.........A.&.^33Oi."..:.O.pp.]GQ.......:....\....>.T2.
l..G<s.^...:i*....oh...q._SKMQ.U ]..>.es.}..c.V....p. .i....U...
.J~....|......2A....Y!..S.z........{.J%Z.x..\,.\..@../.E........N4....
V!.E.].#.G..!..7..Z|BF....J"[[......H.j-......T......8.N....7iQ..=....
H...q./OP.=O-?.{.-.....0.P.K..................&....=.5.}...o#... M...%
....\.r].......dD...D\..g..B..|.....'.$.;v.._. |.5F6..@...2O..u<..d
xW...[.20.4..m^7...Z7.]BR../[2...F.kU.{..W..;....p.......V.J.?.<.9(
..}.yK............d.gslG.dn[.7..Q...a28.;..q.`G.....(...l..R......G.gc
.....t...p~s.o.Zm....[.P.(q..........R.g.G...].p.. ...z..|..[M..~&<<< skipped >>>

GET /r/www/cache/static/jquery/jquery-1.10.2.min_65682a2.js HTTP/1.1

Accept: */*

Referer: hXXp://VVV.baidu.com/baidu?word=CF........

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: s1.bdstatic.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: JSP3/2.0.14

Date: Wed, 17 May 2017 13:54:19 GMT

Content-Type: application/javascript

Content-Length: 33167

Connection: keep-alive

ETag: "16e36-540b1498e39c0"

Last-Modified: Mon, 07 Nov 2016 07:51:11 GMT

Expires: Tue, 22 Dec 2026 15:48:05 GMT

Age: 12434774

Cache-Control: max-age=315360000

Accept-Ranges: bytes

Vary: Accept-Encoding,User-Agent

Content-Encoding: gzip

Ohc-Response-Time: 1 0 0 0 0 0
.............v.F.7...BD.(.Y.('.9.....I..8v.N'i...IPBL...ZRD.g...?f.y.y
..........of.L.-.R...]....m...<..U.........qqTE.h.d.....E5..6....I.
-.#z..?..2.....Yx.E.I./.7T.........E|...l..L ......1=..y..~..T.......&
gt;......4;J..._Q..]5K.....R./..dt.W.....n6W.H....e.h0....kM.N.*....O.
..E....UL.I...U..Hn71.[m...u.....u .....dV.C.9>.'...x=[....v..-.~.c
1.i(."..ir.4d...n......m..O.Q{..t9..e.P!........U.../...T.......o.M.U=
..E.........VI...i.C...;~F...G\.F....^.j......Nm.3...d.4..?..Q.(3.u..~
...~*...Q...x..8.Bz....z.s.9........].8..%..m2......X.x..s..Q.eS<..
GF....y...W.....<[..:t.o.J.#.QT...J..y.WQc..Ap.K.}5*7....#.. ..e.NV
y.O...I.L.I....j....t6..~..........%..=.....J|....*e..`E.i....(mK5....
r...E5............c..S3.V........;yr..A..ld...C.N.a6*..:^$..Jy'...`T..
.7I.S.L.pU..2..T.fo.U..=0G.V..}.yU.M....k.x]....C...W...zr;,./.y&%f...
..2.........<....%.#.u.P.GET.5.(..(-.....G..|..O.IwI.....'....E..i,
J.........u...~...DIo...V.../..u.Uz..mgYWr.,..$B.&7W....Z.Acu..O.o7...
._.$_.A}.\..PI..(l...L.5..$...`.`OTu.....C..i...u..*..C......u...*.L..
...`.gZ..3.)...h,]..jY...[....:....H.*y./.X./....>.$.o....G,V.Z.}},
.....\.J.]...K...{U.v.x...s..z..U..)..)....).`..W.^~~.&..O..m........d
.o6tB.wD..7YR....`>...A..Kw....|.q.f^.l9....H.%}>.N...U..^...gtp
$._.......jvF..!...}R.'..[..&.hiP5a.h<......bN....u..........x...x.
.A.d....x.u...{i....6.nWq.8K.....V.....Ry@.T>J.c..l%!.}.Pm.rM..~...
....J.C.%.p%.............%..)..4.......^..JS$.K2.....L:c.....n....8'`.
?].Y..:G..KHP5...<...M..`T...9.......F.P....W..tS1.N........b._<<< skipped >>>

GET /r/www/cache/static/home/img/qrcode/zbios_efde696.png HTTP/1.1

Accept: */*

Referer: hXXp://VVV.baidu.com/

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: s1.bdstatic.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: JSP3/2.0.14

Date: Wed, 17 May 2017 13:54:23 GMT

Content-Type: image/png

Content-Length: 3363

Connection: keep-alive

ETag: "d23-540b1498e39c0"

Last-Modified: Mon, 07 Nov 2016 07:51:11 GMT

Expires: Tue, 22 Dec 2026 15:50:54 GMT

Age: 12434609

Cache-Control: max-age=315360000

Accept-Ranges: bytes

Ohc-Response-Time: 1 0 0 0 0 0
.PNG........IHDR...<...<.....:..r....pHYs................MiCCPPh
otoshop ICC profile..x..SwX...>..e.VB....l.."#....Y....a...@....V..
..HU....H....(.gA..Z.U\8.....}z............y.....&...j.9R.<:...OH..
....H.. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.
d.....ly|B"......I>..................(G$.@..`U.R,......@"......Y.2G
.....v.X..@`...B,.. 8..C.... L..0...._p..H.......K.3.....w....!..l.Ba.
).f.."...#.H..L.........8?......f.l.....k.o">!.........N..._....p..
.u.k.[..V.h..]3...Z..z..y8.@...P.<......%b..0..>.3.o..~..@...z..
q.@......qanv.R....B1n..#......)..4.\,...X..P"M.y.R.D!......2......w..
..O.N....l.~.....X.v.@~.-......g42y.......@ ...........\...L....D..*.A
..............a.D@.$.<.B........A.T.:.............18....\..p..`....
....A...a!:..b.."......"aH4... ...Q"..r...Bj.]H#.-r.9.\@.... 2....G1..
.Q...u@.......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c
.X7v....a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.
%^'.._.H$....N.!%.2I.IkH.H-.S.>..i.L&..m....... ......O.......:...L
..$R...J5e?....2B...Q.......:.ZIm.vP/S...4u.%...C..-....igi.h/.t.....E
....k.......w......Hb(.k.{...../.L......T0.2..g...oUX*.*|.....:.V.~...
TUsU?.y..T.U..^V}.FU.P.........U..6..RwR.P.Q_.._...c....F..H.Tc....!..
2e.XB.rV..,k.Mb[...Lv...v/{LSCs.f.f.f..q.......9..J.!...{-.-?-..j.f.~.
7.z...b.r......up.@.,..:m:.u..6.Q....u..>.c.y.........G.m..........
704.6..l18c...c.k.i........h...h..I.'.&..g.5x.>f.o.b.4.e.k<abi2.
......)..k.f....t...,.......9..k.a........E..J.6.....|...M....V><<< skipped >>>

GET /r/www/cache/static/global/img/icons_5859e57.png HTTP/1.1

Accept: */*

Referer: hXXp://VVV.baidu.com/

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: s1.bdstatic.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: JSP3/2.0.14

Date: Wed, 17 May 2017 13:54:23 GMT

Content-Type: image/png

Content-Length: 14391

Connection: keep-alive

ETag: "3837-540b1498e39c0"

Last-Modified: Mon, 07 Nov 2016 07:51:11 GMT

Expires: Tue, 22 Dec 2026 15:48:05 GMT

Age: 12434778

Cache-Control: max-age=315360000

Accept-Ranges: bytes

Ohc-Response-Time: 1 0 0 0 0 0
.PNG........IHDR.............C.......PLTE............SA<.........|.
.......9..............3W.2........ppp.s..........=..5...............FF
h.....)))2..............U........_i^.......o=Y......C.2.....5.........
........8..3....8hggv........l...AA....k"....JKy........0.. ..........
..AB2..j..4m....VUUGGG:..hhh....?@b..YYY>..)2....GQE8..)2....J..3@1
w.q....KK...nnn...7..,=....)2.)2....l........6..C.)g..C. )2.L.....;...
..G.0---?..K.7999.CD6..........b~~~.....Jz............34.....b)2...h..
/..............V......dKO.......X...z..b.....f..................8...?@
)2.z.....#..@..K..e.......b......K.7...8...........Z..M..3..;...b.,...
..._.q..>...KKD..866...xy}fff"!"...................................
.......A.B.........g.......O..... .........{._........}..Ga.D...KII..f
`e......k.u5.uuV...!.!6...).....^..... .U...BI.Hb.\l....tRNS..........
......L.(.G....[..l..^...E.......<..!(.:..pdDD.........B........k..
....y .....T<....S*.........N:5...hL.{..T..................v=....~.
.......}.HTTP/1.1 200 OK..Server: JSP3/2.0.14..Date: Wed, 17 May 2017 
13:54:23 GMT..Content-Type: image/png..Content-Length: 14391..Connecti
on: keep-alive..ETag: "3837-540b1498e39c0"..Last-Modified: Mon, 07 Nov
 2016 07:51:11 GMT..Expires: Tue, 22 Dec 2026 15:48:05 GMT..Age: 12434
778..Cache-Control: max-age=315360000..Accept-Ranges: bytes..Ohc-Respo
nse-Time: 1 0 0 0 0 0...PNG........IHDR.............C.......PLTE......
......SA<.........|........9..............3W.2........ppp.s........
..=..5...............FFh.....)))2..............U........_i^.......<<< skipped >>>

GET /r/www/cache/static/plugins/every_cookie_a70bc15.js HTTP/1.1

Accept: */*

Referer: hXXp://VVV.baidu.com/baidu?word=CF........

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: s1.bdstatic.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: JSP3/2.0.14

Date: Wed, 17 May 2017 13:54:27 GMT

Content-Type: application/javascript

Content-Length: 5445

Connection: keep-alive

ETag: "36fb-5437207ef2880"

Last-Modified: Mon, 12 Dec 2016 08:38:42 GMT

Expires: Tue, 22 Dec 2026 15:48:05 GMT

Age: 12434782

Cache-Control: max-age=315360000

Accept-Ranges: bytes

Vary: Accept-Encoding,User-Agent

Content-Encoding: gzip

Ohc-Response-Time: 1 0 0 0 0 0
...........;kw.8... .m.j5....]S...i..^.6i....ql..........3#.W`.....`K.
.4....<,.....A.Yt.=..K.....}'..`...&.q|..N.n..Z...5....kW.\Z.v..~..
Sx..y..0.. ..............G..E.[..t2.....|s.77s.]..i.....X..4......N0..
,.....E$...g...W....SJ%....%....Y..... ....$...E.K.S......I.>p...P.
B.H...S),....t........0..t.J5........qb._|1p...|;..[.6....'.....$.. ."
......N.s....v..=x...N!.'...#[._.N/aE... ....J."P.W.]%BN.h.....;9.!O..
.FC6.Vmo1.j..L y....V 6.c2.....z.]i...g..y.P.....Q(.Az.9....A.....<
.*.&.@.J"...o..<..}k.......H:w'7.b..y..l......HG7.......].?.SiU0!..
..x....Y.....5].....#.E.p9IGn"|-j....Dx7.|p...?.xn.....a..vg.H......L.
F....d.K(HP&.=..\.an..J.....m[.@.h.7.Z..Q!v~....L...Ye\......#X..xB.6.
v).....S.............v3...\..@Z...L$....'....l...#j{ij-../GN..D0.Ix..~
..s'...'.|.u...Nh..%..M.....y....;..M."...Lxq....".).#....^.L....4u...
....../..qY.....:;.-......."#)'N....[?...<.....9......DS77'..$$m.hf
..@..v.H.HTTP/1.1 200 OK..Server: JSP3/2.0.14..Date: Wed, 17 May 2017 
13:54:27 GMT..Content-Type: application/javascript..Content-Length: 54
45..Connection: keep-alive..ETag: "36fb-5437207ef2880"..Last-Modified:
 Mon, 12 Dec 2016 08:38:42 GMT..Expires: Tue, 22 Dec 2026 15:48:05 GMT
..Age: 12434782..Cache-Control: max-age=315360000..Accept-Ranges: byte
s..Vary: Accept-Encoding,User-Agent..Content-Encoding: gzip..Ohc-Respo
nse-Time: 1 0 0 0 0 0.............;kw.8... .m.j5....]S...i..^.6i....ql
..........3#.W`.....`K..4....<,.....A.Yt.=..K.....}'..`...&.q|..N.n
..Z...5....kW.\Z.v..~..Sx..y..0.. ..............G..E.[..t2.....|s.<<< skipped >>>

GET /r/www/cache/static/global/js/all_async_search_643de1e.js HTTP/1.1

Accept: */*

Referer: hXXp://VVV.baidu.com/

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: s1.bdstatic.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: JSP3/2.0.14

Date: Wed, 17 May 2017 13:54:27 GMT

Content-Type: application/javascript

Transfer-Encoding: chunked

Connection: keep-alive

ETag: "3c8c7-54f23f0fb3d40"

Last-Modified: Wed, 10 May 2017 04:31:09 GMT

Expires: Sat, 08 May 2027 13:11:26 GMT

Age: 607381

Cache-Control: max-age=315360000

Accept-Ranges: bytes

Vary: Accept-Encoding,User-Agent

Content-Encoding: gzip

Ohc-Response-Time: 1 0 0 0 0 0
2e4b..................u'..|.W.%..R.......B.ER.-......@}...@..U..j.....
d&......d..sO&w.....33...#._2.$..........h........lT......k....y4..8Z.
G.._.37p#..8.F.q..2.xx.(..~f..V.Y.d...T._..i.DA...U.l*..v..X5:....3.d.
'.....^.F.z..xAs.'T.~<.zN8.#.......4...F.%..<.l .Y..F[m'..y..Dy.
.d0TM..G7..{.Z..f.....TuF/FS.....b...,Yo...s.-..z....5...s..uz4....O..
w.<==...h.t.g.VH....kk.....fy.[65Y.?M.<Qr.V......2."...../pzh6..
....|J.hN....5..`...e.!~R.$2.........M.aG...-?..y.N.....xg...=^..4....
a6<.......V.f....^.s..L.....v........[.....7\[... :...:.....za3...4
...n..J..zA4.5x.....t.G.....'.....N.V...........6.W.F...O2..E...5.q..&
lt;.....P5<.'K..X..~[[{.3.)..evh.f..........*..//.8.Z..2.9A.r..G...
.4..t*.g...&....a.?.&t... yv;.6.F....Ti82s. }......a1......W.....[.?.2
..{..e..bV....w&..q..R&4Qx.f....P.I1.Q.p.Q.....^%..P$...S.w...&AJ.....
/G.'.....[.....B#Yd6.EF7i.........\]i.T....O....0....,<..b.\u.,)L..
f.?.....JgA0.$..B..Z..q[i:...t6.Z.,H3..Z...#....2..e......F.v.........
.#DN.s.`T^.[.SF..u.e..KH7.o..Y<.'.N...a..O.Ot$s.../e>...7_.@|I.p
.7\(D........sI.2<..'.0x...G....%/s..&k...I.....#.O...~E".W..i0#pv,
.r......6:.O.0.gG...A.C.b...;...7....B>0.3.G..@.Y..m=9....?.. 3....
.....y.>.........m.V.|....a0! .S...`m.UZ-.b...qEu.A...~....l.^o.&-.
T.....c....5.?..v..w..0.j....G^..p.t8..On1.....p.?I.....n....Z.......h
.r.............@...........E....*..... ....4E.q..S..ZG..p.....hw...A..
...K....c...Q.p7.....Xxu~. )].$p.&.J....5...aD..h.g. .........P.c.!oc.
...s...6._.....x...e.rz.$.x.... ......f(*..Aa..p...f<{.......;.<<< skipped >>>

GET /r/www/cache/static/plugins/every_cookie_a70bc15.js HTTP/1.1

Accept: */*

Referer: hXXp://VVV.baidu.com/

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: s1.bdstatic.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: JSP3/2.0.14

Date: Wed, 17 May 2017 13:54:34 GMT

Content-Type: application/javascript

Content-Length: 5445

Connection: keep-alive

ETag: "36fb-5437207ef2880"

Last-Modified: Tue, 11 May 2027 14:56:24 GMT

Expires: Tue, 22 Dec 2026 15:48:05 GMT

Age: 12434789

Cache-Control: max-age=315360000

Accept-Ranges: bytes

Vary: Accept-Encoding,User-Agent

Content-Encoding: gzip

Ohc-Response-Time: 1 0 0 0 0 0
...........;kw.8... .m.j5....]S...i..^.6i....ql..........3#.W`.....`K.
.4....<,.....A.Yt.=..K.....}'..`...&.q|..N.n..Z...5....kW.\Z.v..~..
Sx..y..0.. ..............G..E.[..t2.....|s.77s.]..i.....X..4......N0..
,.....E$...g...W....SJ%....%....Y..... ....$...E.K.S......I.>p...P.
B.H...S),....t........0..t.J5........qb._|1p...|;..[.6....'.....$.. ."
......N.s....v..=x...N!.'...#[._.N/aE... ....J."P.W.]%BN.h.....;9.!O..
.FC6.Vmo1.j..L y....V 6.c2.....z.]i...g..y.P.....Q(.Az.9....A.....<
.*.&.@.J"...o..<..}k.......H:w'7.b..y..l......HG7.......].?.SiU0!..
..x....Y.....5].....#.E.p9IGn"|-j....Dx7.|p...?.xn.....a..vg.H......L.
F....d.K(HP&.=..\.an..J.....m[.@.h.7.Z..Q!v~....L...Ye\......#X..xB.6.
v).....S.............v3...\..@Z...L$....'....l...#j{ij-../GN..D0.Ix..~
..s'...'.|.u...Nh..%..M.....y....;..M."...Lxq....".).#....^.L....4u...
....../..qY.....:;.-......."#)'N....[?...<.....9......DS77'..$$m.hf
..@..v.H.HTTP/1.1 200 OK..Server: JSP3/2.0.14..Date: Wed, 17 May 2017 
13:54:34 GMT..Content-Type: application/javascript..Content-Length: 54
45..Connection: keep-alive..ETag: "36fb-5437207ef2880"..Last-Modified:
 Tue, 11 May 2027 14:56:24 GMT..Expires: Tue, 22 Dec 2026 15:48:05 GMT
..Age: 12434789..Cache-Control: max-age=315360000..Accept-Ranges: byte
s..Vary: Accept-Encoding,User-Agent..Content-Encoding: gzip..Ohc-Respo
nse-Time: 1 0 0 0 0 0.............;kw.8... .m.j5....]S...i..^.6i....ql
..........3#.W`.....`K..4....<,.....A.Yt.=..K.....}'..`...&.q|..N.n
..Z...5....kW.\Z.v..~..Sx..y..0.. ..............G..E.[..t2.....|s.<<< skipped >>>

GET /r/www/cache/static/home/js/nu_instant_search_08089ad.js HTTP/1.1

Accept: */*

Referer: hXXp://VVV.baidu.com/baidu?word=CF........

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: s1.bdstatic.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: JSP3/2.0.14

Date: Wed, 17 May 2017 13:54:37 GMT

Content-Type: application/javascript

Content-Length: 5711

Connection: keep-alive

ETag: "51ba-54c7aafc1fb80"

Last-Modified: Thu, 06 Apr 2017 07:45:02 GMT

Expires: Sun, 04 Apr 2027 11:05:47 GMT

Age: 3552530

Cache-Control: max-age=315360000

Accept-Ranges: bytes

Vary: Accept-Encoding,User-Agent

Content-Encoding: gzip

Ohc-Response-Time: 1 1 0 0 0 1
...........<......._..l%.;.(..C2%...7.......}.E...).!.Z.W..k..ph.(p
..@.\/......p.q..3^;./..............j.y|3...of..w.....ee?~\.2U.....4..
.^....]Y.........K...uYz.......% e...nP..IR...6.....uh....;uJ....W....
..k[...............~.p..r.So4..ce......p.v.....r..K/..... ........]g..
.bP[[..D....T..=...<....g&..19.....Oj.\..4....._(d.....*.* .>\..
L5..t.0$...K..^.^.... |@[.. ../.[......J5.p..7..`.'.J}....3.aDM.P0....
P..g....9K.p...#..[a}..8..9X.c......z.@.!..0.P...I...&:..G.d.&.8...<
;..W..H ..\.v..}...w.....sy.Ql>...O...W.......LEo..}.....s.........
m;..;..0zy.s./W.>. ..m..R.Ej._(..4.V...uGi.b*&.6%./..I ....P;..Jc..
njEl.....@.<gWj.......0......`].(..KmS6......`v...%.".Gy..*...6 .3.
..\...~...{.>..h.p6....]=..C{...[VG7..S..WE.2.X...../.Tp...........
..-X.x,.3.SH.Jeww..... .Wz.s.Uts.......U\....\ .;.n. 6...??y.iH..|lYT.
h.D....`.......X...}..X.'O..H.......]f...~.t.:.G.....OA.c.iM..U.}'C..x
.....?...~........sHTTP/1.1 200 OK..Server: JSP3/2.0.14..Date: Wed, 17
 May 2017 13:54:37 GMT..Content-Type: application/javascript..Content-
Length: 5711..Connection: keep-alive..ETag: "51ba-54c7aafc1fb80"..Last
-Modified: Thu, 06 Apr 2017 07:45:02 GMT..Expires: Sun, 04 Apr 2027 11
:05:47 GMT..Age: 3552530..Cache-Control: max-age=315360000..Accept-Ran
ges: bytes..Vary: Accept-Encoding,User-Agent..Content-Encoding: gzip..
Ohc-Response-Time: 1 1 0 0 0 1.............<......._..l%.;.(..C2%..
.7.......}.E...).!.Z.W..k..ph.(p..@.\/......p.q..3^;./..............j.
y|3...of..w.....ee?~\.2U.....4...^....]Y.........K...uYz.......% e<<< skipped >>>

GET /r/www/cache/static/global/img/quickdelete_33e3eb8.png HTTP/1.1

Accept: */*

Referer: hXXp://VVV.baidu.com/baidu?word=CF........

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: s1.bdstatic.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: JSP3/2.0.14

Date: Wed, 17 May 2017 13:54:38 GMT

Content-Type: image/png

Content-Length: 1100

Connection: keep-alive

ETag: "44c-540b1498e39c0"

Last-Modified: Mon, 07 Nov 2016 07:51:11 GMT

Expires: Tue, 22 Dec 2026 15:48:05 GMT

Age: 12434793

Cache-Control: max-age=315360000

Accept-Ranges: bytes

Ohc-Response-Time: 1 0 0 0 0 0
.PNG........IHDR..............so.....tEXtSoftware.Adobe ImageReadyq.e&
lt;..."iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:C67CB478534911E4B686C574
72C4EC9E" xmpMM:DocumentID="xmp.did:C67CB479534911E4B686C57472C4EC9E"&
gt; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:C67CB476534911E4B6
86C57472C4EC9E" stRef:documentID="xmp.did:C67CB477534911E4B686C57472C4
EC9E"/> </rdf:Description> </rdf:RDF> </x:xmpmeta>
; <?xpacket end="r"?>I`r.....IDATx...... .E...rCB,.}..5......".!
w..u..IL...*>...`}.a....s.0....Bhr5...I..t..@...oo.c...#:}.w]W...1.
u...%`..y...{.........RJJ).h..y..CJ.Z.#.t5...I|.....@...W...t..c..Z...
..c.~..K.q..D..ax.0....H7.......IEND.B`.....


GET /r/www/cache/static/home/js/nu_instant_search_08089ad.js HTTP/1.1

Accept: */*

Referer: hXXp://VVV.baidu.com/

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: s1.bdstatic.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: JSP3/2.0.14

Date: Wed, 17 May 2017 13:54:39 GMT

Content-Type: application/javascript

Content-Length: 5711

Connection: keep-alive

ETag: "51ba-54c7aafc1fb80"

Last-Modified: Thu, 06 Apr 2017 07:45:02 GMT

Expires: Sun, 04 Apr 2027 11:05:47 GMT

Age: 3552532

Cache-Control: max-age=315360000

Accept-Ranges: bytes

Vary: Accept-Encoding,User-Agent

Content-Encoding: gzip

Ohc-Response-Time: 1 0 0 0 0 0
...........<......._..l%.;.(..C2%...7.......}.E...).!.Z.W..k..ph.(p
..@.\/......p.q..3^;./..............j.y|3...of..w.....ee?~\.2U.....4..
.^....]Y.........K...uYz.......% e...nP..IR...6.....uh....;uJ....W....
..k[...............~.p..r.So4..ce......p.v.....r..K/..... ........]g..
.bP[[..D....T..=...<....g&..19.....Oj.\..4....._(d.....*.* .>\..
L5..t.0$...K..^.^.... |@[.. ../.[......J5.p..7..`.'.J}....3.aDM.P0....
P..g....9K.p...#..[a}..8..9X.c......z.@.!..0.P...I...&:..G.d.&.8...<
;..W..H ..\.v..}...w.....sy.Ql>...O...W.......LEo..}.....s.........
m;..;..0zy.s./W.>. ..m..R.Ej._(..4.V...uGi.b*&.6%./..I ....P;..Jc..
njEl.....@.<gWj.......0......`].(..KmS6......`v...%.".Gy..*...6 .3.
..\...~...{.>..h.p6....]=..C{...[VG7..S..WE.2.X...../.Tp...........
..-X.x,.3.SH.Jeww..... .Wz.s.Uts.......U\....\ .;.n. 6...??y.iH..|lYT.
h.D....`.......X...}..X.'O..H.......]f...~.t.:.G.....OA.c.iM..U.}'C..x
.....?...~........s.{....,]j_.i...u.}qKR`xUj.k.h...O...Y...J....\<.
.nb.7J......<j...A.`.fQ!.<2..y.....o.d.w ..t...#..J.......N...@.
.P......eg.....W*,%6.....t.^..9...s.(......|..!..........7.=.y...0.p;.
.I..cc.`/e.1tlT........)...L.*..XN...~ ;..9Er...yU5..........?)d.....:
.g.hT.2.w.........%sM......5...e..]k>...........w...?D$.h.g.....`..
.(..4.!..G-G7ePx!a..&.........D.%'......%{.-.0.l.w@.....7<..m..2...
>.,...s..*...G..;R.:...AG......b..J.p.-j.x..4....F..t4...N...R.Q;.8
~..@p....:[k.F%.e..V(0`.:.N....OS. P(..R....T.........c...Q...-.}...'5
=D.#........b`.t.C"...r.:...=.....b@...vS;.b......Pg.9$..T.'x.`/@ <<< skipped >>>

GET /r/www/cache/static/global/img/quickdelete_33e3eb8.png HTTP/1.1

Accept: */*

Referer: hXXp://VVV.baidu.com/

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: s1.bdstatic.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: JSP3/2.0.14

Date: Wed, 17 May 2017 13:54:41 GMT

Content-Type: image/png

Content-Length: 1100

Connection: keep-alive

ETag: "44c-540b1498e39c0"

Last-Modified: Mon, 07 Nov 2016 07:51:11 GMT

Expires: Tue, 22 Dec 2026 15:48:05 GMT

Age: 12434796

Cache-Control: max-age=315360000

Accept-Ranges: bytes

Ohc-Response-Time: 1 0 0 0 0 0
.PNG........IHDR..............so.....tEXtSoftware.Adobe ImageReadyq.e&
lt;..."iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:C67CB478534911E4B686C574
72C4EC9E" xmpMM:DocumentID="xmp.did:C67CB479534911E4B686C57472C4EC9E"&
gt; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:C67CB476534911E4B6
86C57472C4EC9E" stRef:documentID="xmp.did:C67CB477534911E4B686C57472C4
EC9E"/> </rdf:Description> </rdf:RDF> </x:xmpmeta>
; <?xpacket end="r"?>I`r.....IDATx...... .E...rCB,.}..5......".!
w..u..IL...*>...`}.a....s.0....Bhr5...I..t..@...oo.c.HTTP/1.1 200 O
K..Server: JSP3/2.0.14..Date: Wed, 17 May 2017 13:54:41 GMT..Content-T
ype: image/png..Content-Length: 1100..Connection: keep-alive..ETag: "4
4c-540b1498e39c0"..Last-Modified: Mon, 07 Nov 2016 07:51:11 GMT..Expir
es: Tue, 22 Dec 2026 15:48:05 GMT..Age: 12434796..Cache-Control: max-a
ge=315360000..Accept-Ranges: bytes..Ohc-Response-Time: 1 0 0 0 0 0...P
NG........IHDR..............so.....tEXtSoftware.Adobe ImageReadyq.e<
;..."iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0Mp<<< skipped >>>

GET /it/u=2918453312,4167841404&fm=58 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.baidu.com/baidu?word=CF........

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: t12.baidu.com

Connection: Keep-Alive

Cookie: BAIDUID=58ED57824CAC09EFF69665AF5A5A6B96:FG=1; BIDUPSID=58ED57824CAC09EFF69665AF5A5A6B96; PSTM=1495029244; PSINO=7; H_PS_PSSID=1445_21103_18559_17001_22581


HTTP/1.1 200 OK

Server: JSP3/2.0.14

Date: Wed, 17 May 2017 13:54:09 GMT

Content-Type: image/jpeg

Content-Length: 2144

Connection: keep-alive

ETag: 002ef98959af9ed8b7747fe63da31042

Last-Modified: Thu, 01 Jan 1970 00:00:00 GMT

Expires: Mon, 22 May 2017 10:02:22 GMT

Age: 1921593

Cache-Control: max-age=2628000

Accept-Ranges: bytes

Access-Control-Allow-Origin: *

Ohc-Response-Time: 1 0 0 0 0 0

Timing-Allow-Origin: hXXp://VVV.baidu.com
......JFIF.............C..............................................
......................C...............................................
........................K.K.."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?.....(..
.(...(...(...(...................R.k....N..4.....q\....2.d...-?.....ng
_..vP[n.......M..9.:.W:.a._e...__..S...$.>.....{....7....c....x....
..U.......[.pwN.O.Mz...-.Y.b.t}R...x..].L...FC ..1.G..*.....k{t.4.aq8Y
r....V6(..W....h>.......L.....`.....3<q.,.61...g$......u........
k^&..H..[...2.W2G..,.!.yb....}k^Yv9....(.Q....!.......qt.,..(y.. ..dU.
.|^...,.T.g...N..hVK;.|.......U....SG,.{...Q\m....6..m...x.K_.........
.K.._gn2@<..@!I.......E.5.]....A|m.E.<.w..3i6........1.A.o.....q
...$,.q..#.:. ........=.|?...........5.A^.(O..!a..G$p}q....ho....7...E
<5..m:..Z.P...7hex..).|.....m...f.a..3.{......?.u....Ru.]/j... ...$
..s..2....o.....>X.,&...Wv}....}.U...}...6...jI.r;-U..M..~.....u...
.......o..KX.X......E....v3.. .....?I..?.4?.?......v.^.e.y6.\7BH.d7...
...Ke.......<c5............5Mz....m.h......c..[..G5.. .<Bo._.?..
^/....7... s...Ey.,r#$.B..k.T....1XL....U'7'{&.M:_...n:.7......l.v<<< skipped >>>

GET /it/u=3070612118,1360677541&fm=58 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.baidu.com/baidu?word=CF........

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: t12.baidu.com

Connection: Keep-Alive

Cookie: BAIDUID=58ED57824CAC09EFF69665AF5A5A6B96:FG=1; BIDUPSID=58ED57824CAC09EFF69665AF5A5A6B96; PSTM=1495029244; PSINO=7; H_PS_PSSID=1445_21103_18559_17001_22581


HTTP/1.1 200 OK

Server: JSP3/2.0.14

Date: Wed, 17 May 2017 13:54:09 GMT

Content-Type: image/jpeg

Content-Length: 2015

Connection: keep-alive

ETag: 27fbc2e5ddc13836ec38b3e4efba0efb

Last-Modified: Thu, 01 Jan 1970 00:00:00 GMT

Expires: Thu, 08 Jun 2017 18:04:34 GMT

Age: 712175

Cache-Control: max-age=2628000

Accept-Ranges: bytes

Access-Control-Allow-Origin: *

Ohc-Response-Time: 1 0 0 0 0 0

Timing-Allow-Origin: hXXp://VVV.baidu.com

......JFIF.............C..............................................
!........."$".$.......C...............................................
........................K.K.."........................................
.C...........................!1..Aa.."2Qq....&Ubru...#367R..'4CTV.....
.............................................!............?.>j...S.
..v...-.H7K..KD....._Q.5....../.O..&R..}>I..........T....>...(..
.(..Y...cg?A/.n..u......_.C.hSl.w.|)...NM.6..bi8..K....k<....-.P.r.
=:J..<.....>..~..z....I.)q.XB..N.}....1.........:cQ........m.o..
...Vi.Y. .....i.o..1.......1...........l....:....nd~&..m....Z...Z.KN..
..,. $p..#....s.jM........X....%....j.Ww...k....5...Ti-..'..a.....5.z.
D.. =...%..l.|....c..m......N...n7....i!\.C...`z<..........<h}..
.Eg.O.UU..P. }..6....2....N....;F...../uM..R..=.Q....^....z..p.....ZH.
RTq..j.g..hV....a..6.fn.B?P......#Y.[C.j$uSLF..7..a(..y....f....%\m..q
...e}HTTP/1.1 200 OK..Server: JSP3/2.0.14..Date: Wed, 17 May 2017 13:5
4:09 GMT..Content-Type: image/jpeg..Content-Length: 2015..Connection: 
keep-alive..ETag: 27fbc2e5ddc13836ec38b3e4efba0efb..Last-Modified: Thu
, 01 Jan 1970 00:00:00 GMT..Expires: Thu, 08 Jun 2017 18:04:34 GMT..Ag
e: 712175..Cache-Control: max-age=2628000..Accept-Ranges: bytes..Acces
s-Control-Allow-Origin: *..Ohc-Response-Time: 1 0 0 0 0 0..Timing-Allo
w-Origin: hXXp://VVV.baidu.com........JFIF.............C..............
................................!........."$".$.......C...............
........................................................K.K.."....

<<< skipped >>>

GET /it/u=1402777896,2832812784&fm=58 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.baidu.com/baidu?word=CF........

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: t10.baidu.com

Connection: Keep-Alive

Cookie: BAIDUID=58ED57824CAC09EFF69665AF5A5A6B96:FG=1; BIDUPSID=58ED57824CAC09EFF69665AF5A5A6B96; PSTM=1495029244; PSINO=7; H_PS_PSSID=1445_21103_18559_17001_22581


HTTP/1.1 200 OK

Server: JSP3/2.0.14

Date: Wed, 17 May 2017 13:54:20 GMT

Content-Type: image/jpeg

Content-Length: 3081

Connection: keep-alive

ETag: 6d162806a11048bd8f98f1d7af296f1d

Last-Modified: Thu, 01 Jan 1970 00:00:00 GMT

Expires: Thu, 08 Jun 2017 16:39:23 GMT

Age: 717297

Cache-Control: max-age=2628000

Accept-Ranges: bytes

Access-Control-Allow-Origin: *

Ohc-Response-Time: 1 0 0 0 0 0

Timing-Allow-Origin: hXXp://VVV.baidu.com
......JFIF.............C..............................................
!........."$".$.......C...............................................
........................K.K.."........................................
;..........................!.1."Aa.Qq.2.....#R.$3B....Cbr.............
..................../.......................!..1A.aq...."2Q....B......
........?..Fa..Z..J.uiB..D..........9.5J...[....Wm.....O'.>..../...
...\...C....%......>...G......x..d.y...L]F.........9.g....MsT..x6.O
.Td.y..|.u..m.O.T....|....7.....A...YC.).iK{..j.... =....Y3i4.j..-.Hon
[.Vm.U...O'...OOn..^.U.....Z.KV.........KZ.|.G..`....PJQR....{.Q~Kr.U.
..;~d.l..w..~.'....b....N......H.{.....bV.......*.g.......J...-JKJ}...
..`<..........5y..,v.............}r{k...\..i*.`A....D..........0...
.\.;...8P .....Ub....mn..b..3.iW9R.F3.A...).....2... ...zd.D:M.R......
&F1....p..-..m.2..QI..I...q.)d..^..O.[..$...8.eHJ....<.9%'..(.c>
....Ko(..h..)..3..4........p...N.v............4..=.,.i>....>K...
.....}-...D..A.#.....ym.t....a....7!.....'.u!.E...X1.4.-]o.I.g...e.{5^
.G..L......[...$.cv...Z..2..j..OKy.S.4...\v.....T.9.. .Rc....6......&l
t;v..@Z..........H:C.1...v.P....3....Y;x..2......-....-..3L....e(T..{.
 A..ZJ.;.d..4nGT..5lOn.....{P... ......;...P$w......:s.|t...r[b(.I. .d
~Z#N.:W....{.........>D$..=W...N...)G.'2"9.#..S.];X[cb!>..>3.
Nu..N..l..T..d..o.R..iV.....x..._..u...M.!.........T....R...z...9W}x..
....X..l....2.:.....J.'.y.s..f..$,.f...9J.y/.{.....J..mT...D&"U.q.....
.I..Tg..<....k~..%5.".n.........IW...w...<cF..Zk..]o.g.....n<<< skipped >>>

GET /r/www/cache/static/jquery/jquery-1.10.2.min_65682a2.js HTTP/1.1

Accept: */*

Referer: hXXp://VVV.baidu.com/

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: s1.bdstatic.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: JSP3/2.0.14

Date: Wed, 17 May 2017 13:54:23 GMT

Content-Type: application/javascript

Content-Length: 33167

Connection: keep-alive

ETag: "16e36-540b1498e39c0"

Last-Modified: Mon, 07 Nov 2016 07:51:11 GMT

Expires: Tue, 22 Dec 2026 15:48:05 GMT

Age: 12434778

Cache-Control: max-age=315360000

Accept-Ranges: bytes

Vary: Accept-Encoding,User-Agent

Content-Encoding: gzip

Ohc-Response-Time: 1 0 0 0 0 0
.............v.F.7...BD.(.Y.('.9.....I..8v.N'i...IPBL...ZRD.g...?f.y.y
..........of.L.-.R...]....m...<..U.........qqTE.h.d.....E5..6....I.
-.#z..?..2.....Yx.E.I./.7T.........E|...l..L ......1=..y..~..T.......&
gt;......4;J..._Q..]5K.....R./..dt.W.....n6W.H....e.h0....kM.N.*....O.
..E....UL.I...U..Hn71.[m...u.....u .....dV.C.9>.'...x=[....v..-.~.c
1.i(."..ir.4d...n......m..O.Q{..t9..e.P!........U.../...T.......o.M.U=
..E.........VI...i.C...;~F...G\.F....^.j......Nm.3...d.4..?..Q.(3.u..~
...~*...Q...x..8.Bz....z.s.9........].8..%..m2......X.x..s..Q.eS<..
GF....y...W.....<[..:t.o.J.#.QT...J..y.WQc..Ap.K.}5*7....#.. ..e.NV
y.O...I.L.I....j....t6..~..........%..=.....J|....*e..`E.i....(mK5....
r...E5............c..S3.V........;yr..A..ld...C.N.a6*..:^$..Jy'...`T..
.7I.S.L.pU..2..T.fo.U..=0G.V..}.yU.M....k.x]....C...W...zr;,./.y&%f...
..2.........<....%.#.u.P.GET.5.(..(-.....G..|..O.IwI.....'....E..i,
J.........u...~...DIo...V.../..u.Uz..mgYWr.,..$B.&7W....Z.Acu..O.o7...
._.$_.A}.\..PI..(l...L.5..$...`.`OTu.....C..i...u..*..C......u...*.L..
...`.gZ..3.)...h,]..jY...[....:....H.*y./.X./....>.$.o....G,V.Z.}},
.....\.J.]...K...{U.v.x...s..z..U..)..)....).`..W.^~~.&..O..m........d
.o6tB.wD..7YR....`>...A..Kw....|.q.f^.l9....H.%}>.N...U..^...gtp
$._.......jvF..!...}R.'..[..&.hiP5a.h<......bN....u..........x...x.
.A.d....x.u...{i....6.nWq.8K.....V.....Ry@.T>J.c..l%!.}.Pm.rM..~...
....J.C.%.p%.............%..)..4.......^..JS$.K2.....L:c.....n....8'`.
?].Y..:G..KHP5...<...M..`T...9.......F.P....W..tS1.N........b._<<< skipped >>>

GET /r/www/cache/static/global/js/all_async_search_643de1e.js HTTP/1.1

Accept: */*

Referer: hXXp://VVV.baidu.com/baidu?word=CF........

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: s1.bdstatic.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: JSP3/2.0.14

Date: Wed, 17 May 2017 13:54:26 GMT

Content-Type: application/javascript

Transfer-Encoding: chunked

Connection: keep-alive

ETag: "3c8c7-54f23f0fb3d40"

Last-Modified: Wed, 10 May 2017 04:31:09 GMT

Expires: Sat, 08 May 2027 12:22:24 GMT

Age: 610322

Cache-Control: max-age=315360000

Accept-Ranges: bytes

Vary: Accept-Encoding,User-Agent

Content-Encoding: gzip

Ohc-Response-Time: 1 0 0 0 0 0
2e4b..................u'..|.W.%..R.......B.ER.-......@}...@..U..j.....
d&......d..sO&w.....33...#._2.$..........h........lT......k....y4..8Z.
G.._.37p#..8.F.q..2.xx.(..~f..V.Y.d...T._..i.DA...U.l*..v..X5:....3.d.
'.....^.F.z..xAs.'T.~<.zN8.#.......4...F.%..<.l .Y..F[m'..y..Dy.
.d0TM..G7..{.Z..f.....TuF/FS.....b...,Yo...s.-..z....5...s..uz4....O..
w.<==...h.t.g.VH....kk.....fy.[65Y.?M.<Qr.V......2."...../pzh6..
....|J.hN....5..`...e.!~R.$2.........M.aG...-?..y.N.....xg...=^..4....
a6<.......V.f....^.s..L.....v........[.....7\[... :...:.....za3...4
...n..J..zA4.5x.....t.G.....'.....N.V...........6.W.F...O2..E...5.q..&
lt;.....P5<.'K..X..~[[{.3.)..evh.f..........*..//.8.Z..2.9A.r..G...
.4..t*.g...&....a.?.&t... yv;.6.F....Ti82s. }......a1......W.....[.?.2
..{..e..bV....w&..q..R&4Qx.f....P.I1.Q.p.Q.....^%..P$...S.w...&AJ.....
/G.'.....[.....B#Yd6.EF7i.........\]i.T....O....0....,<..b.\u.,)L..
f.?.....JgA0.HTTP/1.1 200 OK..Server: JSP3/2.0.14..Date: Wed, 17 May 2
017 13:54:26 GMT..Content-Type: application/javascript..Transfer-Encod
ing: chunked..Connection: keep-alive..ETag: "3c8c7-54f23f0fb3d40"..Las
t-Modified: Wed, 10 May 2017 04:31:09 GMT..Expires: Sat, 08 May 2027 1
2:22:24 GMT..Age: 610322..Cache-Control: max-age=315360000..Accept-Ran
ges: bytes..Vary: Accept-Encoding,User-Agent..Content-Encoding: gzip..
Ohc-Response-Time: 1 0 0 0 0 0..2e4b..................u'..|.W.%..R....
...B.ER.-......@}...@..U..j.....d&......d..sO&w.....33...#._2.$.......
...h........lT......k....y4..8Z.G.._.37p#..8.F.q..2.xx.(..~f..V.Y.<<< skipped >>>

GET /r/www/cache/static/plugins/env.swf HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://VVV.baidu.com/baidu?word=CF................

x-flash-version: 23,0,0,185

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: s1.bdstatic.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: JSP3/2.0.14

Date: Wed, 17 May 2017 13:54:31 GMT

Content-Type: application/x-shockwave-flash

Content-Length: 1247

Connection: keep-alive

ETag: "4c8-5383097a03d40"

Last-Modified: Fri, 22 Jul 2016 02:57:17 GMT

Expires: Tue, 22 Dec 2026 15:48:06 GMT

Age: 12434785

Cache-Control: max-age=315360000

Accept-Ranges: bytes

Vary: Accept-Encoding,User-Agent

Content-Encoding: gzip

Ohc-Response-Time: 1 0 0 0 0 0
.............7.CWS.S...x.}T.r.F.....d..;8..$vC....gj..41&a...x..i.5...
5B.H.@n..L^./.....W.j/.=M^....tW...v........;..j.P...............!.;..
o?o4...iy.t....}g[...aex.b.]....% 5.V SD..[>..-o.X....S]....*.9....
A.8e......5CJM..I...=.Z.R"M..m...:v..P1..Ge.g./....u.{.....b|.7I..fwH.
i.Q.n..y|.. ....._H....j.e....J5..*....(.A.4..q....e..-........e......
..p...>....C..'.gx\..J..R...`....jO=..u.H.......w...b..q....u.>.
.....v.7..6,..........}R.iPa.. ~......w.#.....I....T...fx......5|...i.
]l....@]..q.j /....2M...gd|>.......{>.'..:.l...G.....c..........
v....D>...5..,..]..%..\r0K.'.7..DFtba3.75Z..u....c.....`M;K.W...N.{
#'..7...H)o....FB.b.MO...zxpG.).}.30L.....l;...eg#......v..q./.B.X..c.
....de..1.`.{l`..W...}..W.z.....{Gg..Q.E..A..D.....}}jS.OO".......x.DX
.Z.8=..!q.X]...(`....KZ3..,......\.. .\*..."L...|!.-.=.....r.\.K..%..4
.L...7....!.#( .!>.x....g..D.,.i.3.."8....WP|.....!.GpY\.H..e>F.
.....D......HTTP/1.1 200 OK..Server: JSP3/2.0.14..Date: Wed, 17 May 20
17 13:54:31 GMT..Content-Type: application/x-shockwave-flash..Content-
Length: 1247..Connection: keep-alive..ETag: "4c8-5383097a03d40"..Last-
Modified: Fri, 22 Jul 2016 02:57:17 GMT..Expires: Tue, 22 Dec 2026 15:
48:06 GMT..Age: 12434785..Cache-Control: max-age=315360000..Accept-Ran
ges: bytes..Vary: Accept-Encoding,User-Agent..Content-Encoding: gzip..
Ohc-Response-Time: 1 0 0 0 0 0...............7.CWS.S...x.}T.r.F.....d.
.;8..$vC....gj..41&a...x..i.5...5B.H.@n..L^./.....W.j/.=M^....tW...v..
......;..j.P...............!.;..o?o4...iy.t....}g[...aex.b.]....% <<< skipped >>>

GET /r/www/cache/static/plugins/env.swf HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://VVV.baidu.com/

x-flash-version: 23,0,0,185

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: s1.bdstatic.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: JSP3/2.0.14

Date: Wed, 17 May 2017 13:54:35 GMT

Content-Type: application/x-shockwave-flash

Content-Length: 1247

Connection: keep-alive

ETag: "4c8-5383097a03d40"

Last-Modified: Fri, 22 Jul 2016 02:57:17 GMT

Expires: Tue, 22 Dec 2026 15:48:06 GMT

Age: 12434789

Cache-Control: max-age=315360000

Accept-Ranges: bytes

Vary: Accept-Encoding,User-Agent

Content-Encoding: gzip

Ohc-Response-Time: 1 0 0 0 0 0
.............7.CWS.S...x.}T.r.F.....d..;8..$vC....gj..41&a...x..i.5...
5B.H.@n..L^./.....W.j/.=M^....tW...v........;..j.P...............!.;..
o?o4...iy.t....}g[...aex.b.]....% 5.V SD..[>..-o.X....S]....*.9....
A.8e......5CJM..I...=.Z.R"M..m...:v..P1..Ge.g./....u.{.....b|.7I..fwH.
i.Q.n..y|.. ....._H....j.e....J5..*....(.A.4..q....e..-........e......
..p...>....C..'.gx\..J..R...`....jO=..u.H.......w...b..q....u.>.
.....v.7..6,..........}R.iPa.. ~......w.#.....I....T...fx......5|...i.
]l....@]..q.j /....2M...gd|>.......{>.'..:.l...G.....c..........
v....D>...5..,..]..%..\r0K.'.7..DFtba3.75Z..u....c.....`M;K.W...N.{
#'..7...H)o....FB.b.MO...zxpG.).}.30L.....l;...eg#......v..q./.B.X..c.
....de..1.`.{l`..W...}..W.z.....{Gg..Q.E..A..D.....}}jS.OO".......x.DX
.Z.8=..!q.X]...(`....KZ3..,......\.. .\*..."L...|!.-.=.....r.\.K..%..4
.L...7....!.#( .!>.x....g..D.,.i.3.."8....WP|.....!.GpY\.H..e>F.
.....D......HTTP/1.1 200 OK..Server: JSP3/2.0.14..Date: Wed, 17 May 20
17 13:54:35 GMT..Content-Type: application/x-shockwave-flash..Content-
Length: 1247..Connection: keep-alive..ETag: "4c8-5383097a03d40"..Last-
Modified: Fri, 22 Jul 2016 02:57:17 GMT..Expires: Tue, 22 Dec 2026 15:
48:06 GMT..Age: 12434789..Cache-Control: max-age=315360000..Accept-Ran
ges: bytes..Vary: Accept-Encoding,User-Agent..Content-Encoding: gzip..
Ohc-Response-Time: 1 0 0 0 0 0...............7.CWS.S...x.}T.r.F.....d.
.;8..$vC....gj..41&a...x..i.5...5B.H.@n..L^./.....W.j/.=M^....tW...v..
......;..j.P...............!.;..o?o4...iy.t....}g[...aex.b.]....% <<< skipped >>>

GET /r/www/cache/static/sug/js/bdsug_async_97a395d.js HTTP/1.1

Accept: */*

Referer: hXXp://VVV.baidu.com/baidu?word=CF........

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: s1.bdstatic.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: JSP3/2.0.14

Date: Wed, 17 May 2017 13:54:37 GMT

Content-Type: application/javascript

Content-Length: 10759

Connection: keep-alive

ETag: "8742-5464408264700"

Last-Modified: Tue, 17 Jan 2017 06:01:32 GMT

Expires: Fri, 15 Jan 2027 09:14:25 GMT

Age: 10384812

Cache-Control: max-age=315360000

Accept-Ranges: bytes

Vary: Accept-Encoding,User-Agent

Content-Encoding: gzip

Ohc-Response-Time: 1 0 0 0 0 0
...........}k..G.....3%...h`..!E6..A...mq.$....x..(.M.....<8@......
.........7......-.....)....3........V.gQ1...zeee....F.p .(.. ..9......
..ahq.*.b....A8...''.?...d..'S.........._,x8.......E.8.y(....{.} .e.[O
&......n........!T........$H...v........'.A,<....p>.:...3...R..b
....Q.. ..2.t~:...Z...%......c)..Xt;.z..I4..`..e...T..`0......D."...b.
....A.C.w.s.....{...(~.G.O'2!...'......<'T....ASK..O.@....*...1.x..
b.....,.....c.yI..)..W..P}.=.V..S>4.......Q...gi....l"D.....6P.`2..
..l'.9??...@.;2y.:..,..5...NF..`p{.~..(^.yr..u5...>..s.....\...<
..#......2.e.....a...........j.Q(. ..."B.......n........q?...N....)K..
$0........Y.rDD..~.`D0.........?w..=.e.|y.;.8..8O.C.A...P.z..>.....
Lh...pBg.F..<.....3.....g/~<I<.r..A..........s..4-0(.=....e..
.y...st...{.;c.5........=.9.b........M......$....5<.7.a...?...G..
..}...H..0..A..4....x9..`..q...G/...Y....{........I......U..4.*.7.g;N"
....F4...=..b..x>.M u:60.y.N...|....8..uo.L..........,....3.#.>.
...H...2..F....=l....czi...{..{S..Yt...Sc....NX..l.N.k-QS.D^..F...3...
j....s........2....8.......FV.......r.`..W`.A{\M../....h..".....UpG8..
....a.=\1....J=..ZA.....F.q...p...f.0.'.4.gVh.nC....{..*..&'...K..9..E
......e)..-...?...f..K....{H.eT....$<p......]J...C.[...iK..Fe2...zm
..& .......JT`....$k.ZA..p....uz..W.T...r.S.o?..0..?J.....R..e.OS...(.
.V....R.?..l...G%.n4....W.s......X...W..|....q..&.F..x0..cr1Y.........
.o..............6..(.r.nc.~9t....@p.......C.D.\.....s......4.x.;#h.d.6
..><..y.T.`.........)#=...|......t...Xl...~&.......B@.Q.4.^.<<< skipped >>>

GET /r/www/cache/static/sug/js/bdsug_async_97a395d.js HTTP/1.1

Accept: */*

Referer: hXXp://VVV.baidu.com/

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: s1.bdstatic.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: JSP3/2.0.14

Date: Wed, 17 May 2017 13:54:39 GMT

Content-Type: application/javascript

Content-Length: 10759

Connection: keep-alive

ETag: "8742-5464408264700"

Last-Modified: Tue, 17 Jan 2017 06:01:32 GMT

Expires: Fri, 15 Jan 2027 09:14:25 GMT

Age: 10384814

Cache-Control: max-age=315360000

Accept-Ranges: bytes

Vary: Accept-Encoding,User-Agent

Content-Encoding: gzip

Ohc-Response-Time: 1 0 0 0 0 0
...........}k..G.....3%...h`..!E6..A...mq.$....x..(.M.....<8@......
.........7......-.....)....3........V.gQ1...zeee....F.p .(.. ..9......
..ahq.*.b....A8...''.?...d..'S.........._,x8.......E.8.y(....{.} .e.[O
&......n........!T........$H...v........'.A,<....p>.:...3...R..b
....Q.. ..2.t~:...Z...%......c)..Xt;.z..I4..`..e...T..`0......D."...b.
....A.C.w.s.....{...(~.G.O'2!...'......<'T....ASK..O.@....*...1.x..
b.....,.....c.yI..)..W..P}.=.V..S>4.......Q...gi....l"D.....6P.`2..
..l'.9??...@.;2y.:..,..5...NF..`p{.~..(^.yr..u5...>..s.....\...<
..#......2.e.....a...........j.Q(. ..."B.......n........q?...N....)K..
$0........Y.rDD..~.`D0.........?w..=.e.|y.;.8..8O.C.A...P.z..>.....
Lh...pBg.F..<.....3.....g/~<I<.r..A..........s..4-0(.=....e..
.y...st...{.;c.5........=.9.b........M......$....5<.7.a...?...G..
..}...H..0..A..4....x9..`..q...G/...Y....{........I......U..4.*.7.g;N"
....F4...=..b..x>.M u:60.y.N...|....8..uo.L..........,....3.#.>.
...H...2..F....=l....czi...{..{S..Yt...Sc....NX..l.N.k-QS.D^..F...3...
j....s........2....8.......FV.......r.`..W`.A{\M../....h..".....UpG8..
....a.=\1....J=..ZA.....F.q...p...f.0.'.4.gVh.nC....{..*..&'...K..9..E
......e)..-...?...f..K....{H.eT....$<p......]J...C.[...iK..Fe2...zm
..& .......JT`....$k.ZA..p....uz..W.T...r.S.o?..0..?J.....R..e.OS...(.
.V....R.?..l...G%.n4....W.s......X...W..|....q..&.F..x0..cr1Y.........
.o..............6..(.r.nc.~9t....@p.......C.D.\.....s......4.x.;#h.d.6
..><..y.T.`.........)#=...|......t...Xl...~&.......B@.Q.4.^.<<< skipped >>>

GET /baidu?word=CF.... HTTP/1.1

Accept: */*

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: VVV.baidu.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Wed, 17 May 2017 13:54:04 GMT

Content-Type: text/html;charset=utf-8

Transfer-Encoding: chunked

Connection: Keep-Alive

Vary: Accept-Encoding

Set-Cookie: BAIDUID=58ED57824CAC09EFF69665AF5A5A6B96:FG=1; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com

Set-Cookie: BIDUPSID=58ED57824CAC09EFF69665AF5A5A6B96; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com

Set-Cookie: PSTM=1495029244; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com

Set-Cookie: BD_CK_SAM=1;path=/

Set-Cookie: PSINO=7; domain=.baidu.com; path=/

Set-Cookie: BDSVRTM=10; path=/

Set-Cookie: H_PS_PSSID=1445_21103_18559_17001_22581; path=/; domain=.baidu.com

P3P: CP=" OTI DSP COR IVA OUR IND COM "

Cache-Control: private

CKPACKNUM: 2

CKRNDSTR: a00006d17

X-Powered-By: HPHP

Server: BWS/1.1

X-UA-Compatible: IE=Edge,chrome=1

BDPAGETYPE: 3

BDQID: 0xd087a5ca00006d17

BDUSERID: 0

Content-Encoding: gzip
66a3..............yw\.u/.7....Q............EQ.o...e'.Rr..N.Glt....).o.
......1.b..m...Krb..... .._.......SU.N.........t.S..]{.]..z.. ...O^.vf
..Kg/>T*].......=...........L~.g...(.<sq'n...=s..]..gm..6../.%..
._.>u.te.;n... .D..p..g..........;..n.....l..|iv{l....f.4...N{2.g..
Y..n5b:j......h.F7.I..'.x....'....N......hb.u..Q..4DSg..oF.x.,LwF.Ywo.
%......fa.....e.*D4.f!.mo...JRn9....&/..f.=.].v.........r........r...,
....9.......A{<.$],.h.<...).....$.....v.f...R...f.l.......~...o.
v.W?)D.."Y...... O.}..._.e..wqY^......... .z.Y...Mhm.{...,/qw..Kz..>
;...A.R..uF....P...z}............~..5n.z.p{sm| .D....d;.nV...iBs......
..n2,.$....F.2.u.,.]...g.by\....>...o.&....I...9;.b......7(..boP...
.^q.~....Q..$.Y...9...;g..xov..Y...48)^..f.....vG/....p....Mz...l.....
d..6X...Y.....9..6 x.....mn.g..0......l..N..wU.5..n.[O.....v.".d.^..M.
.6......s.....&.'q<.s..[l.w..........~...{.y....(.....]]....H..b...
B......R^.......H.....:?..r..J..7.&.E.z....j....0........n.../........
....>m...n....x......[..v* .ny;./Y..4..q{.\T...]. ..5/..F........h4
..Qc@.F..C.6.jc|kK!L......L.3....~......U...jK..q..Y..x!..T...8M.....Z
<9l.4...b.D..@.....K.3..77.w.=.l.C....wtmj....d....~U.. ....E.P....
...`...c..y..U...v.....*(.t4Hz.B\.....t.......]..&...p...l.=..K. ....;
kccc.`...4...D...)Mmw0..Y.......n.eC?[/....[..........T..<G....<
.......A{:S.J.>......z...jT4.W.t.{f...|.........p...P.wM.6H0..Y....
R..^2....7;.Q...... ........B....3.b)..'.l*."..(i(.;.}`.=..C?j...@....
.e......&C.}<`j..Z]..E.,..JX...Vg6tW...E...{z#....<."...4.Nd<<< skipped >>>

GET /img/baidu_jgylogo3.gif HTTP/1.1

Accept: */*

Referer: hXXp://VVV.baidu.com/

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: VVV.baidu.com

Connection: Keep-Alive

Cookie: BAIDUID=120A51A015E1ABF13022E9FBA054D339:FG=1; BIDUPSID=120A51A015E1ABF13022E9FBA054D339; PSTM=1495029253; PSINO=7; H_PS_PSSID=1445_21125_18559_17001_22157; BD_CK_SAM=1; BD_HOME=0


HTTP/1.1 200 OK

Date: Wed, 17 May 2017 13:54:13 GMT

Server: Apache

Last-Modified: Wed, 22 Jun 2011 06:40:43 GMT

ETag: "2c1-4a6473f6030c0"

Accept-Ranges: bytes

Content-Length: 705

Cache-Control: max-age=315360000

Expires: Sat, 15 May 2027 13:54:13 GMT

Connection: Keep-Alive

Content-Type: image/gif
GIF89au.&.....2/...Y`.....vt)2.......!.......,....u.&....x...0. J.0...
.`.UV!L...l...P....V..|.....4...H..(............t{....,w.|..B.Z.a.K.7|
M.Ph..%....n8FN&:@F..|V1~w.y....r.. .9.khlO.j.!.s.\...m..&.\...AZ.PQ..
~...yX..R..............WE.z85.'...............D.a...........,...L.....
.&..P..<.T..H...g.t..gj..4.. ....O1..>*HF%..$...i2@..L...\.N...$
..(.'&3g..9(.r...9..D.,i.q l.;)4. 0.06`Z.fW."U.M...Ni....jC...X..x..m.
.............eK............n..BC[... `........_.:&.`.S.........../m...
Y...... .a....~........0.....p.!..i..6..f....y\<..{.f.[t...O'.S..A.
.. .\L.......`.....m.T52.D]P..U.a.}..H.=..~.Ux.m..d....e..Z$..#.r0!~.*
..W ...v..#.U.a..mf=..*L...<0.3...]..x...\y..2....).J.h..iH.t.....H
K&......D.K.....;....


GET /cache/fpid/ielib_0108.js HTTP/1.1

X-Requested-With: XMLHttpRequest

Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01

Referer: hXXp://VVV.baidu.com/baidu?word=CF........

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: VVV.baidu.com

Connection: Keep-Alive

Cookie: BAIDUID=120A51A015E1ABF13022E9FBA054D339:FG=1; BIDUPSID=120A51A015E1ABF13022E9FBA054D339; PSTM=1495029253; PSINO=7; H_PS_PSSID=1445_21125_18559_17001_22157; BDORZ=B490B5EBF6F3CD402E515D22BCDA1598; BD_CK_SAM=1; BD_HOME=0; BD_UPN=1122314351; ISSW=1; H_PS_BBANNER=1; H_PS_645EC=8134U1hYf7YcFZMODdvERAaCBYnukeaKxOe1x8HV0X4nfQ2A3sCG3mD8icI


HTTP/1.1 200 OK

Date: Wed, 17 May 2017 13:54:34 GMT

Server: Apache

Last-Modified: Tue, 27 Jan 2015 06:20:20 GMT

ETag: "ad20-50d9c3fccd100"

Accept-Ranges: bytes

Cache-Control: max-age=315360000

Expires: Sat, 15 May 2027 13:54:34 GMT

Vary: Accept-Encoding,User-Agent

Content-Encoding: gzip

Content-Length: 22164

Connection: Keep-Alive

Content-Type: application/javascript
............{....-..>..;W&B4U..*R.N..bg.$..I..J~ ....2II~H...Z....)
Y.....dcww=.c.]...g.....:..8}..........359...:>..O?.{..N.WGg.......
v..zuq.p}q.....w..6._.v.5..O..............f;....W...v\=8....r...O...-.
......./..;.....|2{.|1.[.}...}..f.o....w..[.G.......W....5{.T....9..O.
...|..y....O.&...dy=..[.?.k<..Z...}...kO.>..:...o....Z=or|..9Zy.
....-&..>..m)..n.\..........m..7..~..........x....{6...t4..,d....jo
q3e............=[,....#.=.)m..u.i.?_,.F"..1.O.#.....?_.....;....,i.>
;.h..5..n.......7W.G./w...N.U..f.1.......[......7_39..6{~J..Sm..'....=
.:...nOO....v/..{l....0N.'/.:X....N........&?L.........(.9@G.n...C[...
....hr1.ar9..._l...M~....8x1....*.:.z.g.. $..x[..h3.lL.v>B..H.f.P.@
"LjUk..Nc.x.5<......c&.*....[....b.I;t...1......m.RQ9sO;jiG....j...
..iI.|P>E{.....!(e....G..C'N.s:.m.VCC.Q......F...Sx....m...h.l..=.b
..8..j..i.[..W.4c...-^.......Il..vS^L<.R..j..[.....{....W...-Y^....
..Mjg..A..,7..V(.X......VxiEP.C......z...&(N.f..=E...V.D.g.~...l.Sp.!.
x.....ut.]..4...B..y.....;4C.`k.j}..Q..1..b..=Sb.9qhG...w[b.!^C=......
...Lz...m.U.......`..2.:.....y.F.q."....o...$&.6z...2P@..^........M...
5..&e..E.A./....5./.V%......9.....6..1.h.6...=..AA...y....=.QC{.J.@U;u
o.,..i2!...i.0@.Gh.1.....9....B..9..&..$..}MI28h..........5...}...3[^.
.A...R7.ypK.98)..G8.6..v....X[.{bc.oi0..f`.........N.......>....o..
T.....Bz....w....6.JC`.....s..D.Z.....m...a..i...nC...n....t..2......$
w........./..!VZ.a ......7............ ......<x.-F......Ow[..!.....
. .hHC.}.....x.....&\....U{_.........0..S3........C.....h.........<<< skipped >>>

GET /it/u=1160236147,2478472682&fm=77&s=03307B8403E206B8F715689D0300D082 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.baidu.com/baidu?word=CF........

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: i8.baidu.com

Connection: Keep-Alive

Cookie: BAIDUID=58ED57824CAC09EFF69665AF5A5A6B96:FG=1; BIDUPSID=58ED57824CAC09EFF69665AF5A5A6B96; PSTM=1495029244; PSINO=7; H_PS_PSSID=1445_21103_18559_17001_22581


HTTP/1.1 200 OK

Server: JSP3/2.0.14

Date: Wed, 17 May 2017 13:54:09 GMT

Content-Type: image/jpeg

Content-Length: 2355

Connection: keep-alive

ETag: e9f567d73573802f58414a70fe28034f

Last-Modified: Thu, 01 Jan 1970 00:00:00 GMT

Expires: Thu, 25 May 2017 01:23:53 GMT

Age: 1966852

Cache-Control: max-age=2628000

Accept-Ranges: bytes

Access-Control-Allow-Origin: *

Ohc-Response-Time: 1 0 0 0 0 1

Timing-Allow-Origin: hXXp://VVV.baidu.com
......JFIF.............C.....................................%...#... 
, #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((
((((((((((((((((((......K.K.."........................................
G..........................!1..AQ.."2U.....#$Saq.........6CRcstu....
..............................%........................!.Q..ABR.......
........?..}.]Z.Z...,.....[D..K...V....$.....V..#..g...z...j..Z..b.T.J
.k.....l..mc.qY....1...s........z3MT.e....3.c|u0Q.}..%.m.z...T_i...GEJ
,t ..N.."...]&.W..bw&@.....j y.;1.!..m.AHd..p.Tw.....3.dp.q.6}.l3.tq).
Tg....-W>.]...9.)....5.b..Z$)aGR...nE..}.-.....d..E{qF'=f...Z.dF}.n
3.e.T.?........MY2.I....*G...C...y.mw..s...:E......g.... 6'.......{...
[yw........q..\..E....:O......v..o....6.Wk...C..i.#..I..y..P..OGk.s.x6
4....M...............@'5W...OO..#...q.....6.(g...9E,vo=.....{ut..o.E..
.<.>.XbS(Qi.[q...'RSbH v.m.q....-O....[i\u*B.....JR...7.....

GET /youxicaitu/youxicaitu.html HTTP/1.1

Accept: */*

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: VVV.cftiyanfu.com

Connection: Keep-Alive


HTTP/1.1 400 Bad Request

Content-Type: text/html

Date: Wed, 17 May 2017 13:54:13 GMT

Connection: close

Content-Length: 39
<h1>Bad Request (Invalid Hostname)</h1>..

GET /w.gif?q=CFÎ¨°®&fm=se&T=1495029244&y=6FBF9F6F&rsv_cache=0&rsv_pre=0&rsv_reh=110_86_110_121_105_86_86_110_86_86|304_128&rsv_scr=1000_1587_820_529_846_1276&rsv_psid=120A51A015E1ABF13022E9FBA054D339&rsv_pstm=1495029253&rsv_idc=&rsv_sid=1445_21103_18559_17001_22581&cid=0&qid=d087a5ca00006d17&t=1495029271336&rsv_iorr=1&rsv_tn=baidu&rsv_ssl=0&path=http://VVV.baidu.com/baidu?word=CFÃŽÂ¨Â°Â®&rsv_did=87edb0e87b0cd15cf9cbb37cbc8b7d34 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.baidu.com/baidu?word=CF........

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: sclick.baidu.com

Connection: Keep-Alive

Cookie: BAIDUID=120A51A015E1ABF13022E9FBA054D339:FG=1; BIDUPSID=120A51A015E1ABF13022E9FBA054D339; PSTM=1495029253; PSINO=7; H_PS_PSSID=1445_21125_18559_17001_22157


HTTP/1.1 200 OK

Date: Wed, 17 May 2017 13:54:32 GMT

Content-Type: image/gif

Content-Length: 0

Last-Modified: Wed, 07 Nov 2012 16:00:00 GMT

Connection: Keep-Alive

ETag: "0-0509a8580"

Server: Apache 2.0

Expires: Sat, 15 May 2027 13:54:32 GMT

Cache-Control: max-age=315360000

Set-Cookie: BDORZ=B490B5EBF6F3CD402E515D22BCDA1598; max-age=86400; domain=.baidu.com; path=/

Accept-Ranges: bytes

GET /img/baidu_jgylogo3.gif HTTP/1.1

Accept: */*

Referer: hXXp://VVV.baidu.com/baidu?word=CF........

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: VVV.baidu.com

Connection: Keep-Alive

Cookie: BAIDUID=58ED57824CAC09EFF69665AF5A5A6B96:FG=1; BIDUPSID=58ED57824CAC09EFF69665AF5A5A6B96; PSTM=1495029244; PSINO=7; H_PS_PSSID=1445_21103_18559_17001_22581; BD_CK_SAM=1; BDSVRTM=10


HTTP/1.1 200 OK

Date: Wed, 17 May 2017 13:54:14 GMT

Server: Apache

Last-Modified: Wed, 22 Jun 2011 06:40:43 GMT

ETag: "2c1-4a6473f6030c0"

Accept-Ranges: bytes

Content-Length: 705

Cache-Control: max-age=315360000

Expires: Sat, 15 May 2027 13:54:14 GMT

Connection: Keep-Alive

Content-Type: image/gif
GIF89au.&.....2/...Y`.....vt)2.......!.......,....u.&....x...0. J.0...
.`.UV!L...l...P....V..|.....4...H..(............t{....,w.|..B.Z.a.K.7|
M.Ph..%....n8FN&:@F..|V1~w.y....r.. .9.khlO.j.!.s.\...m..&.\...AZ.PQ..
~...yX..R..............WE.z85.'...............D.a...........,...L.....
.&..P..<.T..H...g.t..gj..4.. ....O1..>*HF%..$...i2@..L...\.N...$
..(.'&3g..9(.r...9..D.,i.q l.;)4. 0.06`Z.fW."U.M...Ni....jC...X..x..m.
.............eK............n..BC[... `........_.:&.`.S.........../m...
Y...... .a....~........0.....p.!..i..6..f....y\<..{.f.[t...O'.S..A.
.. .\L.......`.....m.T52.D]P..U.a.}..H.=..~.Ux.m..d....e..Z$..#.r0!~.*
..W ...v..#.U.a..mf=..*L...<0.3...]..x...\y..2....).J.h..iH.t.....H
K&......D.K.....;....


GET /cache/fpid/o_0108.swf HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://VVV.baidu.com/baidu?word=CF................

x-flash-version: 23,0,0,185

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: VVV.baidu.com

Connection: Keep-Alive

Cookie: BAIDUID=120A51A015E1ABF13022E9FBA054D339:FG=1; BIDUPSID=120A51A015E1ABF13022E9FBA054D339; PSTM=1495029253; PSINO=7; H_PS_PSSID=1445_21125_18559_17001_22157; BDORZ=B490B5EBF6F3CD402E515D22BCDA1598; BD_CK_SAM=1; BD_HOME=0; BD_UPN=1122314351; ISSW=1; H_PS_BBANNER=1; H_PS_645EC=8134U1hYf7YcFZMODdvERAaCBYnukeaKxOe1x8HV0X4nfQ2A3sCG3mD8icI


HTTP/1.1 200 OK

Date: Wed, 17 May 2017 13:54:34 GMT

Server: Apache

Last-Modified: Tue, 27 Jan 2015 06:20:22 GMT

ETag: "5f1-50d9c3feb5580"

Accept-Ranges: bytes

Cache-Control: max-age=315360000

Expires: Sat, 15 May 2027 13:54:34 GMT

Vary: Accept-Encoding,User-Agent

Content-Encoding: gzip

Content-Length: 1544

Connection: Keep-Alive

Content-Type: application/x-shockwave-flash
...............CWS.....x.}U.n.F......G.....FQ...e......JU....QQ/.E.-8"
G.c....l_.. ..7h.`.^.......}.....jlu.K@....|..9..j....0...G..c.LBh....
*......SZ.....F|.5..o.ZE..^..vJ}!..Z....z.Yu.^m}kk..n.66............R#
^. `.....C...6C.@6..V@e.5n....W[...&P..`m.......3......oL2.....u....6.
Z......5...G.l..........T.qSi#..6L!.),.h......?....M..!.N..G.....m..#.
9..7.)..r&.i...)......xc.U...<.C&x.%....."..i.M.z......C..n.f..S...
..W...FU.......S.|....V.6.A.O*.u.&.j.].....8.AF.'....t.....l._.-..q.k.
....l.........2..c[...n..G.M.. .5...._.....}...`k.C.......S.0..y....".
.<....1.Tw.#.S..=&....4..O=..-...3.&tFp.~.8.g.........f.....]S.TX.a
zC..&....F...."..l.... Gg...b.S!..gi....C.]...6w.L.^....&;.!p...,.>
>.Oh}...~&t.l$..o.,..c.......<......<....~Z.5#L;.g^....u...S.
k....[....Ur..}.u\r.O.1.F\.[.....D..=..C.`.J.u.i..vO..]0...... .k....'
....t..I..]N.16f..:.O.^k....3.T.IX..W.'...u.......'..".9..|..y.)..a.Q.
.s.L;..c.X:L?....1..#.H...<vL#..S\....w.4......5...V.."..<....sR
A*. .........=.,F?..._.7....h,.H.H.N.F1...X.$Bq....I.S..).Cq....Y..Pr.
..<.....)yHI...Q.D.O(Y..L.*%..Y.@.S)....J>..3J.(.......%_P..d..|
I.]*.Qy..._..r...2....c$..~..9{...U..)..(.......^5r.G0..#.<$.P<.
O`$G....2B....o......H..>K_]...]v3.].l&..[9....uv..=....h.. .......
...).....5.|..,>9..N.^.I$...$y.!...`.f..|.I.........s..H$......te.]
..is.......o.......;.]ef..]t.n.l.]G....^..(.........Rm}...#DF.-....<
;..sc..X.^..?.VYL{P.l=..,4g.......r.........M9....wK....~....q...U>
...%....m?...Z$\..(,.....-...h?..#...C.\=......K...W..p},...z..=`.<<< skipped >>>

GET /nocache/s.gif&ran=1495029271329 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.baidu.com/baidu?word=CF........

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: sptcdnsin.baidu.com

Connection: Keep-Alive

Cookie: BAIDUID=120A51A015E1ABF13022E9FBA054D339:FG=1; BIDUPSID=120A51A015E1ABF13022E9FBA054D339; PSTM=1495029253; PSINO=7; H_PS_PSSID=1445_21125_18559_17001_22157


HTTP/1.1 302 Moved Temporarily

Server: JSP3/2.0.14

Date: Wed, 17 May 2017 13:54:32 GMT

Content-Type: text/html

Content-Length: 0

Connection: keep-alive

Location: hXXp://VVV.baidu.com/search/error.html

Cache-Control: no-cache

Accept-Ranges: bytes

Ohc-Response-Time: 0 0 0 0 36 36

Timing-Allow-Origin: *

HTTP/1.1 302 Moved Temporarily..Server: JSP3/2.0.14..Date: Wed, 17 May
 2017 13:54:32 GMT..Content-Type: text/html..Content-Length: 0..Connec
tion: keep-alive..Location: hXXp://VVV.baidu.com/search/error.html..Ca
che-Control: no-cache..Accept-Ranges: bytes..Ohc-Response-Time: 0 0 0 
0 36 36..Timing-Allow-Origin: *..

GET /zg1.txt HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*

Referer: hXXp://VVV.cftiyanfu.com/zg1.txt

Accept-Language: zh-cn

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)

Host: VVV.cftiyanfu.com

Cache-Control: no-cache


HTTP/1.1 400 Bad Request

Content-Type: text/html

Date: Wed, 17 May 2017 13:54:13 GMT

Connection: close

Content-Length: 39
<h1>Bad Request (Invalid Hostname)</h1>..

GET /it/u=205925506,3321613877&fm=77&s=C720BDE0CF430ACC02D1FD10030080D3 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.baidu.com/baidu?word=CF........

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: i8.baidu.com

Connection: Keep-Alive

Cookie: BAIDUID=58ED57824CAC09EFF69665AF5A5A6B96:FG=1; BIDUPSID=58ED57824CAC09EFF69665AF5A5A6B96; PSTM=1495029244; PSINO=7; H_PS_PSSID=1445_21103_18559_17001_22581


HTTP/1.1 200 OK

Server: JSP3/2.0.14

Date: Wed, 17 May 2017 13:54:09 GMT

Content-Type: image/jpeg

Content-Length: 2174

Connection: keep-alive

ETag: 12fdf4448983017131096139376eacd1

Last-Modified: Thu, 01 Jan 1970 00:00:00 GMT

Expires: Mon, 22 May 2017 16:46:36 GMT

Age: 2149391

Cache-Control: max-age=2628000

Accept-Ranges: bytes

Access-Control-Allow-Origin: *

Ohc-Response-Time: 1 0 0 0 0 0

Timing-Allow-Origin: hXXp://VVV.baidu.com
......JFIF.....`.`.....C................................... $.' ",#..(
7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222
222222222222222222222......K.K..".....................................
..8.........................!1.."AQa.2q....b....#...$3BRs.............
.................%......................!.1A.."Q2................?.i.r
... zU.i.......co......c.....!..I.e`e.>..(#f....,y......4.......~..
...-.......K&........;.c=*...s.....uS.}.&e.REOP...$..iq......8t....$0;
..d]..tY.F.....KYOH..fN......{x.o,kT.1.$..[<j.,<@.J..@...,.0....
M.....d.f..].......MG..%.i%T.a.yE.$~.Z... ..s...i....^......m....G....
..1..Z...x...1.X.u.\mo....._]..]gH.AO[..jB.Z...f./[I..=..S,i.k7>.}.
....Tf2Bn.G..}CP..jXF...U.,<...u..U.VIE-l.....m...|4..V.yj.*&pC..V.
...F.../....?..*fe%E..E..~..qN{...'.u.L....X.....i.........s|..4.\..UC
.....a........_..8...J..r-......e.@..>.......$.....q..k..\.=.......
..D...x..av.>..s{....g...i.e.0HI .P............X.k ...Gx{....5.....
.w,..vi...[w...r|..........6....iUX.f7.O...\Z..IL..YT:*../t\..<x...
.a...X.'l..0...^...&e..M6.....N...%zr..P^.~@.>...h>.. (D.$eu..um
-.....%...J.e,.*.T..............M4..I5Wf..f.........M....?.|Y.......B.
(.I........XX..2.w..>.VL...n5 J.e.m~6.O!.k..2.<........f]At.....
.$...,.P..c.'....d.Sd.........@R.A...A..............U.....s...........
.l0.$.58................I.E5-Y.E*...<...w.p.X..%BPi....=0.K.K_/.N.v
r*.jl.........P..@,..'m'...Cw...Ve1R.DR..,..*I.......o.)*....Y..)VG%U.
:G$...?..?..9.........;b..*.%.JN.TQ..(7c.$\....Z.....4.2G4...I..|.<<< skipped >>>

GET /it/u=2680798957,2314482243&fm=85&s=A1C1B84AB01135740650341F030080D0 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.baidu.com/baidu?word=CF........

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: i8.baidu.com

Connection: Keep-Alive

Cookie: BAIDUID=58ED57824CAC09EFF69665AF5A5A6B96:FG=1; BIDUPSID=58ED57824CAC09EFF69665AF5A5A6B96; PSTM=1495029244; PSINO=7; H_PS_PSSID=1445_21103_18559_17001_22581


HTTP/1.1 200 OK

Server: JSP3/2.0.14

Date: Wed, 17 May 2017 13:54:10 GMT

Content-Type: image/jpeg

Content-Length: 6855

Connection: keep-alive

ETag: 5c92319f3dc93f5b3e5b97a0410df5ab

Last-Modified: Thu, 01 Jan 1970 00:00:00 GMT

Expires: Mon, 29 May 2017 12:20:07 GMT

Age: 1483415

Cache-Control: max-age=2628000

Accept-Ranges: bytes

Access-Control-Allow-Origin: *

Ohc-Response-Time: 1 0 0 0 0 0

Timing-Allow-Origin: hXXp://VVV.baidu.com
GIF89ay.K.............................................................
&..#...!..!.4&.##.)&. *.#$.5 .80...".. .. .!%.#$.#*.&*.(-. 3.-7.1<#
%#%*$ ,$$ , .,%'%2.#-0$-1.&1-52&:3&43,;6*=9-;;&".3,33$4<)6:,9<
;'8;264496=;34;;:=;178U<.H6.Q2.A;-E8)C>2@>8g/.<A=5@=ZC.dI.
EC.FA5KC5MJ6DC;KF:MJ=GI?PE6QI7PF;QK=YN<TQ=YR=kT-.5C.8H"5A <D$
=K*>K3>B6=B,AM(@L4AD<CB2CL9FK<IM7HK%AQ,DS.F[.K\.JT1ES2KU;K
R1EY1M]:LY2P]:QZ/J`1Na0Le2Qa7Vg?]pCECDIFMLCDKKKMKJGAQMBKQLSQD[TD^XCTSL
YVK\ZMWXGBMSMSSGUYTTR][QX[YaVDc[Eb\Lh_Ki]Eb^R_`WmbEeaMlcLf`FteErfKuhK{
lK{iHdaSkdRcc\mfZmj[lhTpeQtkRznRrl]rh[|qS{r\vqX@\kAXcA\qP^eFak\bc@apij
hrmaurc{te|uj}zivxv.^%.i .nG.qL.sJ.sT.zS.tZ.y[.|\.wT.~S..Y.~b.xe.wp..U
..W..\..Z..]..^..]..i..a..b..h..u..t..{..|..v..c..h..d..c..j..f..k..j.
.p..p..m..p..q..p..t..w..}..v.....................!.......,....y.K....
....H........ C...;..(..`....H.(a... C..I. .`..Y.e../5.#. b....).....@
.....!.BBO....I...!5j\.d.....U..8.U....0a.dIQ.C-.t-i@...).D0.v.].....D
V.XE....kP@...`..1.J.!W.,^.!........C._Kj.(..(Q.......aF.%V.4.Be...T..
."$....K.Hh@...[...`..p....`..."....9...a..b.,.r%..E...G?%.. \../.....
sC:..#......C. ..."A..........(..!@.7..2.0......!E.../.te../X..#,:..#.
..b...h...,....|....T..\...B..T.S..L0...x$..)...Z...!NDDb..!j....$r...
.`..8.....P..".4..#..II#n..."B.`.j.5P..$. ...\W..,.$./..Z...@._.;l.C.@
,.*.........i.........$.....@.P.....$.Q..A..@.....E.b..".Q......f"....
.z..M......~.A..<`...b...!.......................2.*.@.....!.|..&L.
$..;..C.;..1.A.0....B-H.......0.........{..'..s.$..,.5.\s.,.p.G7!.<<< skipped >>>

GET /it/u=3559944336,2377270090&fm=85&s=7C2C34727F667F241A791DC30100E0B1 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.baidu.com/baidu?word=CF........

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: i7.baidu.com

Connection: Keep-Alive

Cookie: BAIDUID=58ED57824CAC09EFF69665AF5A5A6B96:FG=1; BIDUPSID=58ED57824CAC09EFF69665AF5A5A6B96; PSTM=1495029244; PSINO=7; H_PS_PSSID=1445_21103_18559_17001_22581


HTTP/1.1 200 OK

Server: JSP3/2.0.14

Date: Wed, 17 May 2017 13:54:11 GMT

Content-Type: image/jpeg

Content-Length: 2903

Connection: keep-alive

ETag: 67f649a2907d595db00417949d45eb17

Last-Modified: Thu, 01 Jan 1970 00:00:00 GMT

Expires: Sat, 03 Jun 2017 00:41:16 GMT

Age: 1206775

Cache-Control: max-age=2628000

Accept-Ranges: bytes

Access-Control-Allow-Origin: *

Ohc-Response-Time: 1 0 0 0 0 0

Timing-Allow-Origin: hXXp://VVV.baidu.com
......JFIF..............Exif..II*................ohXXp://ns.adobe.com/
xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> &
lt;x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014
 79.151481, 2013/03/13-12:09:15        "> <rdf:RDF xmlns:rdf="ht
tp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf
:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="h
ttp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.ad
obe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:325D26C27203E511AB
92FEA39F782E78" xmpMM:DocumentID="xmp.did:D8863FB6017711E68656C876B0DD
7B76" xmpMM:InstanceID="xmp.iid:D8863FB5017711E68656C876B0DD7B76" xmp:
CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedFrom 
stRef:instanceID="xmp.iid:72F288D37403E511AB92FEA39F782E78" stRef:docu
mentID="xmp.did:70F288D37403E511AB92FEA39F782E78"/> </rdf:Descri
ption> </rdf:HTTP/1.1 200 OK..Server: JSP3/2.0.14..Date: Wed, 17
 May 2017 13:54:11 GMT..Content-Type: image/jpeg..Content-Length: 2903
..Connection: keep-alive..ETag: 67f649a2907d595db00417949d45eb17..Last
-Modified: Thu, 01 Jan 1970 00:00:00 GMT..Expires: Sat, 03 Jun 2017 00
:41:16 GMT..Age: 1206775..Cache-Control: max-age=2628000..Accept-Range
s: bytes..Access-Control-Allow-Origin: *..Ohc-Response-Time: 1 0 0 0 0
 0..Timing-Allow-Origin: hXXp://VVV.baidu.com........JFIF.............
.Exif..II*................ohXXp://ns.adobe.com/xap/1.0/.<?xpacket b
egin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:<<< skipped >>>

GET /it/u=1487216520,2142273717&fm=77&s=51981DD7560244E2C0ADF87503001068 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.baidu.com/baidu?word=CF........

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: i7.baidu.com

Connection: Keep-Alive

Cookie: BAIDUID=58ED57824CAC09EFF69665AF5A5A6B96:FG=1; BIDUPSID=58ED57824CAC09EFF69665AF5A5A6B96; PSTM=1495029244; PSINO=7; H_PS_PSSID=1445_21103_18559_17001_22581


HTTP/1.1 200 OK

Server: JSP3/2.0.14

Date: Wed, 17 May 2017 13:54:10 GMT

Content-Type: image/jpeg

Content-Length: 4251

Connection: keep-alive

ETag: 1d16b4f5eb7d47ab0cec2a9f4ec03732

Last-Modified: Thu, 01 Jan 1970 00:00:00 GMT

Expires: Fri, 26 May 2017 13:33:54 GMT

Age: 1851616

Cache-Control: max-age=2628000

Accept-Ranges: bytes

Access-Control-Allow-Origin: *

Ohc-Response-Time: 1 0 0 0 0 0

Timing-Allow-Origin: hXXp://VVV.baidu.com
......JFIF.............C..............................................
......................C...............................................
........................K.K.."........................................
6...........................!.1.."AQ#2..q.BCab.$3r....................
............../.......................!1.."..AQ.aq....2...............
..?.wf.?...'........1V3..IJ.^......*"....B..$..^....$.Y..v..(C./'.....
.>.t...._...h.yyl...0VX..kM.F.y'........3&.])r.,.....Qu4.X.e..jH.![
..... F>.q..Y........i\...F....v..)..&.f...f ..d...r.w..y'........j
i0.*..1%z.....C....X.`9!..py>.[W....Y.%....H?......8X....q...A...}.
...m..cwM.(c.....;6q.J..'..D.yt?u..O..I. b,.6.g...V0Y.[.#.@..9....=%{.
...MI..Zv...Jf.O.`..z|.....7....=....F...[....,.6..t.b.*...ooE.......y
..9..). ....((........b..K.#]i..S.Y.0Q...c..Oa#........>$pZ~.M.....
..'..\.!.....@...x*......G.*......M....&..Z........4*JU...U.7b......'.
...w........^"Aj.j.v.`f%...za._.YB.8,..uY..&.......-.&.....5MZ...b....
.^.N.v..vf<.y.........A.._.C......4....c....k..U.s2....Y%..{_.>.
.y.OZo.}..ni...Zd...~o.V..(x..B.....@..:.5..@h....io../..Y...i.......D
..a...u..9.\....... ..:........Z1...j..I$.Um.fH.U......~.....w.Di.....
...Q......h...)....@..oq...z]6...X..-..k}^......{.}._..$...~...v..2.W.
...6&.Ad.lC.....5...zh....#3..P....t......77N.h....5P."u?......q...G#.
CP.}?.0.} ......c.$=G..BD..4i....W....Cj;S..m..,..y)...mC.:V...I..F.HY
.B{T*.RO.'.n>....3..#6....Gh.>..T`.X..fM1../.<....UN../..Qx..
.H.6.........X..\.V....G.V........V.u.{..^x<u!.6kW.V..Oi.K^(.,.<<< skipped >>>

GET /jiemiancaitu/ct.htm HTTP/1.1

Accept: */*

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: VVV.cftiyanfu.com

Connection: Keep-Alive


HTTP/1.1 400 Bad Request

Content-Type: text/html

Date: Wed, 17 May 2017 13:54:13 GMT

Connection: close

Content-Length: 39
<h1>Bad Request (Invalid Hostname)</h1>..

GET /img/bd_logo1.png HTTP/1.1

Accept: */*

Referer: hXXp://VVV.baidu.com/baidu?word=CF........

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: VVV.baidu.com

Connection: Keep-Alive

Cookie: BAIDUID=58ED57824CAC09EFF69665AF5A5A6B96:FG=1; BIDUPSID=58ED57824CAC09EFF69665AF5A5A6B96; PSTM=1495029244; PSINO=7; H_PS_PSSID=1445_21103_18559_17001_22581; BD_CK_SAM=1; BDSVRTM=10


HTTP/1.1 200 OK

Date: Wed, 17 May 2017 13:54:05 GMT

Server: Apache

Last-Modified: Wed, 03 Sep 2014 10:00:27 GMT

ETag: "1ec5-502264e2ae4c0"

Accept-Ranges: bytes

Content-Length: 7877

Cache-Control: max-age=315360000

Expires: Sat, 15 May 2027 13:54:05 GMT

Connection: Keep-Alive

Content-Type: image/png
.PNG........IHDR................8....pHYs................MiCCPPhotosho
p ICC profile..x..SwX...>..e.VB....l.."#....Y....a...@....V....HU..
..H....(.gA..Z.U\8.....}z............y.....&...j.9R.<:...OH......H.
. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....
ly|B"......I>..................(G$.@..`U.R,......@"......Y.2G.....v
.X..@`...B,.. 8..C.... L..0...._p..H.......K.3.....w....!..l.Ba.).f.."
...#.H..L.........8?......f.l.....k.o">!.........N..._....p...u.k.[
..V.h..]3...Z..z..y8.@...P.<......%b..0..>.3.o..~..@...z..q.@...
...qanv.R....B1n..#......)..4.\,...X..P"M.y.R.D!......2......w....O.N.
...l.~.....X.v.@~.-......g42y.......@ ...........\...L....D..*.A......
........a.D@.$.<.B........A.T.:.............18....\..p..`........A.
..a!:..b.."......"aH4... ...Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u
@.......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v..
..a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._
.H$....N.!%.2I.IkH.H-.S.>..i.L&..m....... ......O.......:...L..$R..
.J5e?....2B...Q.......:.ZIm.vP/S...4u.%...C..-....igi.h/.t.....E....k.
......w......Hb(.k.{...../.L......T0.2..g...oUX*.*|.....:.V.~...TUsU?.
y..T.U..^V}.FU.P.........U..6..RwR.P.Q_.._...c....F..H.Tc....!..2e.XB.
rV..,k.Mb[...Lv...v/{LSCs.f.f.f..q.......9..J.!...{-.-?-..j.f.~.7.z...
b.r......up.@.,..:m:.u..6.Q....u..>.c.y.........G.m..........704.6.
.l18c...c.k.i........h...h..I.'.&..g.5x.>f.o.b.4.e.k<abi2.......
)..k.f....t...,.......9..k.a........E..J.6.....|...M....V>VyV.V<<< skipped >>>

GET /cache/global/img/aladdinIcon-1.0.gif HTTP/1.1

Accept: */*

Referer: hXXp://VVV.baidu.com/baidu?word=CF........

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: VVV.baidu.com

Connection: Keep-Alive

Cookie: BAIDUID=58ED57824CAC09EFF69665AF5A5A6B96:FG=1; BIDUPSID=58ED57824CAC09EFF69665AF5A5A6B96; PSTM=1495029244; PSINO=7; H_PS_PSSID=1445_21103_18559_17001_22581; BD_CK_SAM=1


HTTP/1.1 200 OK

Date: Wed, 17 May 2017 13:54:05 GMT

Server: Apache

Last-Modified: Wed, 06 Jun 2012 05:10:47 GMT

ETag: "216-4c1c6ca3503c0"

Accept-Ranges: bytes

Content-Length: 534

Cache-Control: max-age=315360000

Expires: Sat, 15 May 2027 13:54:05 GMT

Connection: Keep-Alive

Content-Type: image/gif

GIF89a......."E..4:...........J...]...........@..Y...f.7.._......N\...
....a."...............*0|.....C........3.....p..$.....(...JPD..[..L...
...y.......f......|........=F............Vy.C..............O..........
.......'..2......b.............G..Q...................................
......................................................................
...............................................!.....*.,..........s.*.
...*".....1%....L2MOO(..B.H..GAK' J)=..&09R*7.;..>.6 ..*.4*R#:.!...
.$E/.D..8..-3!R?.5Q@I.,...<...FN.....R........;....

GET /search/error.html HTTP/1.1

Accept: */*

Referer: hXXp://VVV.baidu.com/baidu?word=CF........

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: VVV.baidu.com

Connection: Keep-Alive

Cookie: BAIDUID=120A51A015E1ABF13022E9FBA054D339:FG=1; BIDUPSID=120A51A015E1ABF13022E9FBA054D339; PSTM=1495029253; PSINO=7; H_PS_PSSID=1445_21125_18559_17001_22157; BDORZ=B490B5EBF6F3CD402E515D22BCDA1598; BD_CK_SAM=1; BD_HOME=0; BD_UPN=1122314351; ISSW=1; H_PS_BBANNER=1; H_PS_645EC=8134U1hYf7YcFZMODdvERAaCBYnukeaKxOe1x8HV0X4nfQ2A3sCG3mD8icI


HTTP/1.1 200 OK

Date: Wed, 17 May 2017 13:54:32 GMT

Server: Apache

Last-Modified: Thu, 12 Mar 2015 07:47:33 GMT

ETag: "7e1b-5111298ba8f40"

Accept-Ranges: bytes

Cache-Control: max-age=86400

Expires: Thu, 18 May 2017 13:54:32 GMT

Vary: Accept-Encoding,User-Agent

Content-Encoding: gzip

Content-Length: 6120

Connection: Keep-Alive

Content-Type: text/html
...........=..#Ez?....c.....m{<..xV.!.E.E......~....n.....,.w..r..9
8`....^8.".Xva.._.x.?./........3...D.XcwWW}..W......pdo>*.......N..
....i..^.xflm.........].(H..W........P..#..C..*......|...;...Rm..SO...
...:.B..<.......w...g.._..?x.........|..F..I...oy....V....m...$....
9v..r...Yi...R...F.2.3....I.v5.kT<..]..{....'..@.R...A~%]..........
.vx. Y:.iA..J6UW...$.....FWU.......S4M..).n9....#....)..r:r.s..q....Hm
.....'...;mY.vf....K.^.x5..OM o.TF...Q|K.g^.P..\.4.K.U.....t.4lL....r.
...L..q\..Y.7...y9t..vYu...AAy.^...r`]B0.....%...P..p....Y......`J.;.,
......i{!.....a..a...b.M...J.:.....).Y....tY..4.jc?.i.\.x.....".F...@.
b`(.6D.N....cl...a..2t.....#.*..Eq. .g...%..X..Q8.h.O'0.....V.|.....Bl
...~V......2....=...I.Ia..a.....].v.....,...M....b.C...{...t.h... ....
R.....^Ka._o.....G....D.......dh.F9...y............t.@.....K.R........
.QR"....R*....o.bq"......L....C.tByCum. Tc..6.Ni....#{[.....)c.:.e[.=.
.{,0*).........p..*....8. ..nh.O.%Q..........fZ6H..t..a..........?.B..
#....9 ..@..z....2&.?.......i........f&......#IB.Y.a..(Gw...j....^hw..
...].....\.'fDye.!.............f...^..9f'...Y.....~...P.T...Q*.\.../..
..(../.6.".~.b.HI.K.O......G.&..i.$.V.!......u....3.p.....w.h.....<
.\..rN..1.e..FhY.V........*~.../-.......L........F.9Z.B.N.0...D\.H....
.:GZy.f...8...{.|..v..8..-...(..M.......`....CD.]...w...WN.....p...\_E
N"...1..y.bu......c..s..O..O#.......Ms........Ce....}.LQ7L.|.....(.gi.
Sh.eCw|....L.M: .@..l.....x0..E^...$b...Vm.l.gD.M)...\.g....6..F...w..
4w....1R..........f...0F..E...i..Z:.QQ[.E...E.O.^,-..Y.=.8.YI.)U&l<<< skipped >>>

GET /his?wd=&from=pc_web&rf=3&hisdata=&json=1&p=3&sid=1445_21125_18559_17001_22157&bs=CFå”¯çˆ±&csor=0&cb=jQuery11020410198236008434_1495029262128&_=1495029262129 HTTP/1.1

X-Requested-With: XMLHttpRequest

Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01

Referer: hXXp://VVV.baidu.com/baidu?word=CF........

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: VVV.baidu.com

Connection: Keep-Alive

Cookie: BAIDUID=120A51A015E1ABF13022E9FBA054D339:FG=1; BIDUPSID=120A51A015E1ABF13022E9FBA054D339; PSTM=1495029253; PSINO=7; H_PS_PSSID=1445_21125_18559_17001_22157; BDORZ=B490B5EBF6F3CD402E515D22BCDA1598; BD_CK_SAM=1; BD_HOME=0; BD_UPN=1122314351; ISSW=1; H_PS_BBANNER=1; H_PS_645EC=8134U1hYf7YcFZMODdvERAaCBYnukeaKxOe1x8HV0X4nfQ2A3sCG3mD8icI


HTTP/1.1 302 Found

Date: Wed, 17 May 2017 13:54:39 GMT

Server: Apache

Location: hXXp://VVV.baidu.com/search/error.html

Cache-Control: max-age=86400

Expires: Thu, 18 May 2017 13:54:39 GMT

Content-Length: 222

Connection: Keep-Alive

Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html>&
lt;head>.<title>302 Found</title>.</head><body
>.<h1>Found</h1>.<p>The document has moved <a 
href="hXXp://VVV.baidu.com/search/error.html">here</a>.</p
>.</body></html>...

GET /it/u=1661938696,720667100&fm=58 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.baidu.com/baidu?word=CF........

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: t11.baidu.com

Connection: Keep-Alive

Cookie: BAIDUID=58ED57824CAC09EFF69665AF5A5A6B96:FG=1; BIDUPSID=58ED57824CAC09EFF69665AF5A5A6B96; PSTM=1495029244; PSINO=7; H_PS_PSSID=1445_21103_18559_17001_22581


HTTP/1.1 200 OK

Server: JSP3/2.0.14

Date: Wed, 17 May 2017 13:54:23 GMT

Content-Type: image/jpeg

Content-Length: 4835

Connection: keep-alive

ETag: 0921f372477bbd00fa4e04ccd1667a32

Last-Modified: Thu, 01 Jan 1970 00:00:00 GMT

Expires: Fri, 19 May 2017 03:13:17 GMT

Age: 1922909

Cache-Control: max-age=2628000

Accept-Ranges: bytes

Access-Control-Allow-Origin: *

Ohc-Response-Time: 1 0 0 0 0 0

Timing-Allow-Origin: hXXp://VVV.baidu.com
......JFIF.............C..............................................
......................C...............................................
........................K.K.."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?.....~..
|i....C..U..........*....~..V...qg....Z....C.._.t.....^..<Q.=:.-R.X
...\H..t].'.\w..].jw....lQ.P.......a.k.......w....z..*..(.vKw.y..N.O..
..>a....B...@.0...x...).w...u...7........T...e.V.....Q....U.& w....
.x~4.K.. ./...<.._Z...$....../.*..%...|.UP..X.U........p....zj\.M.1
OG.ml.l..1...^.. I.....K..f...V~..5..1.... N."( ..}|..........0l.X..;.
....{S.<9c....(...Ka...i.....#..D.._ ap...Z...O.C.x....>....^.|R
.%.....1.k(..%ZH.ym..m#.2.$........c(ar.^p.S....u74.I.&.....3.......|k
...woy.;].o...*../...zf.j.{....q.x.....#|Z........A..v...<...g9..x.
...........u...4...6.EK..k8.Vv..;%.......0..........q..:.6.,r~.2jW....
....>.,...J5.;.....~..e.{.;/.k.^)..4]^.;.[.Z .&\.....YZq...!.t.>
 {[h.pA..DP0....~_.Z!.f..j#..R..~....B."^.o>..:ta.O..2..>..t....
.._.. .|.rH..O_Z........p..W..........Y.>.2.o..z..........wg..R..M.
.F...!......|...'..N3...}.EO.O=..2..a.r......}....M..7...UxfU.....<<< skipped >>>

GET / HTTP/1.1

Accept: */*

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: VVV.baidu.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Wed, 17 May 2017 13:54:13 GMT

Content-Type: text/html; charset=utf-8

Transfer-Encoding: chunked

Connection: Keep-Alive

Vary: Accept-Encoding

Set-Cookie: BAIDUID=120A51A015E1ABF13022E9FBA054D339:FG=1; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com

Set-Cookie: BIDUPSID=120A51A015E1ABF13022E9FBA054D339; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com

Set-Cookie: PSTM=1495029253; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com

Set-Cookie: BDSVRTM=7; path=/

Set-Cookie: BD_HOME=0; path=/

Set-Cookie: H_PS_PSSID=1445_21125_18559_17001_22157; path=/; domain=.baidu.com

P3P: CP=" OTI DSP COR IVA OUR IND COM "

Cache-Control: private

Cxy_all: baidu d6b1a028cc3e197459e71c4b90ed859a

Expires: Wed, 17 May 2017 13:54:13 GMT

X-Powered-By: HPHP

Server: BWS/1.1

X-UA-Compatible: IE=Edge,chrome=1

BDPAGETYPE: 1

BDQID: 0xba3cff1000007d60

BDUSERID: 0

Content-Encoding: gzip
6dc5..............{.c.q'.7..}..%uW5.F...Fs...D[|....a.p...*.."pQ..b..v
-[.F.|4..!.gtlyv....g-..u.~.6...W._DF.....U.$53.m....................k
..).%... 7.-....u.....~.\.y.s...3..C4Q.?....3.X?....LC.L........,.Q..n
.t....8..T.......w...4..I99.........QR.6..G.b.'.U2,..U[.f~.......d.%..
.n..;.;...5.Q.L...$:]...h.w..x./....B.J..I\.....5...~...u..h........h.
H...0BW...Z......~W.W.@...G..0.>*.rU...P.-.G.t4..G}.o6....t.o......
..s.&c....*U.W.(......_.....|.........MY.._5....x.)F..ba.-...TONN*.h4X
U..Iu49.._..C.2}n..........T...e...,...O..1.. %....d....h>q.z...<
;.L.O<.^...Fd\..P......?......{.g.............{7....[..7...8......e
w4.........~)....2....K.....(...%.z.... ..lv./...I.........7.=h...G.h1
....V9......^..x.......p8T5J..p...V..xt6....i.v0.........eR.....i,....
pr6.-G.{...@.c.H.gV..x.._....f.A.h...DgL....Z...Q.j......M...TI.s~e.d.
../.].t.h.&.i......3.W.7K....9.d...b./...[.%i...0.=...hQ..M.[...$>.
..w..h..'.Ar.Kw..[.%;.....b..F.A<=.R.N.."S..{.X...W}.lc.h..E.6.i...
.s.S.....}O'...6....|...GS...........1.......\Nf..6.Fj.dT.Q.O........f
..m7....d2qo.9...A.~..c..o..mW}R[]......Q\U..z4..L..L...F.e7.......|z.
U..3....<...B0(7>..LW.....i.Qo.......QT.M.....8......Y>.{.GI.
.. .......x\^..m7......j..v.....Fw........,.V&..&t-._O..Oe....b.5..z..
.1;F.........ck.Nl.....W..Vh..H.PZj.7. ..x..B..5.z.,.....a........0...
....,...l.'..e|..........I..Q..)5pa....i..............(&,.... ..m..v..
s`..:KY...vA.{6.y*L;..z..I....nk..........X(.A7%n.N..V....W.G.-...Rxx.
.m..knR..._ .Fc.O.~..*D.2.b.9.g.OM...0%...~A@ '......<..L.AW...<<< skipped >>>

GET /nocache/fesplg/s.gif?url=//sptcdnsin.baidu.com/nocache/s.gif&time=&suc=0&type=aboard&dev=pc&protocol=http:&ran=1495029272874 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.baidu.com/baidu?word=CF........

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: VVV.baidu.com

Connection: Keep-Alive

Cookie: BAIDUID=120A51A015E1ABF13022E9FBA054D339:FG=1; BIDUPSID=120A51A015E1ABF13022E9FBA054D339; PSTM=1495029253; PSINO=7; H_PS_PSSID=1445_21125_18559_17001_22157; BDORZ=B490B5EBF6F3CD402E515D22BCDA1598; BD_CK_SAM=1; BD_HOME=0; BD_UPN=1122314351; ISSW=1; H_PS_BBANNER=1; H_PS_645EC=8134U1hYf7YcFZMODdvERAaCBYnukeaKxOe1x8HV0X4nfQ2A3sCG3mD8icI


HTTP/1.1 200 OK

Date: Wed, 17 May 2017 13:54:33 GMT

Server: Apache

Last-Modified: Wed, 24 Apr 2013 09:21:09 GMT

ETag: "0-4db17d27d4b40"

Accept-Ranges: bytes

Content-Length: 0

Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform

Pragma: no-cache

Connection: Keep-Alive

Content-Type: image/gif

HTTP/1.1 200 OK..Date: Wed, 17 May 2017 13:54:33 GMT..Server: Apache..
Last-Modified: Wed, 24 Apr 2013 09:21:09 GMT..ETag: "0-4db17d27d4b40".
.Accept-Ranges: bytes..Content-Length: 0..Cache-Control: private, no-c
ache, no-store, proxy-revalidate, no-transform..Pragma: no-cache..Conn
ection: Keep-Alive..Content-Type: image/gif......

GET /his?wd=&from=pc_web&rf=3&hisdata=&json=1&p=3&sid=1445_21125_18559_17001_22157&csor=0&cb=jQuery1102059609836055119_1495029265816&_=1495029265817 HTTP/1.1

X-Requested-With: XMLHttpRequest

Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01

Referer: hXXp://VVV.baidu.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: VVV.baidu.com

Connection: Keep-Alive

Cookie: BAIDUID=120A51A015E1ABF13022E9FBA054D339:FG=1; BIDUPSID=120A51A015E1ABF13022E9FBA054D339; PSTM=1495029253; PSINO=7; H_PS_PSSID=1445_21125_18559_17001_22157; BDORZ=B490B5EBF6F3CD402E515D22BCDA1598; BD_CK_SAM=1; BD_HOME=0; BD_UPN=1122314351; ISSW=1; H_PS_BBANNER=1; H_PS_645EC=8134U1hYf7YcFZMODdvERAaCBYnukeaKxOe1x8HV0X4nfQ2A3sCG3mD8icI


HTTP/1.1 302 Found

Date: Wed, 17 May 2017 13:54:42 GMT

Server: Apache

Location: hXXp://VVV.baidu.com/search/error.html

Cache-Control: max-age=86400

Expires: Thu, 18 May 2017 13:54:42 GMT

Content-Length: 222

Connection: Keep-Alive

Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html>&
lt;head>.<title>302 Found</title>.</head><body
>.<h1>Found</h1>.<p>The document has moved <a 
href="hXXp://VVV.baidu.com/search/error.html">here</a>.</p
>.</body></html>...

The Trojan connects to the servers at the folowing location(s):

%original file name%.exe_3308_rwx_00401000_002CA000:

t%SVh

t$(SSh

~%UVW

u$SShe

Oleacc.dll

user32.dll

OLEACC.DLL

kernel32.dll

gdi32.dll

EnumWindows

ShellExecuteA

MsgWaitForMultipleObjects

RegCreateKeyA

RegOpenKeyA

RegEnumKeyA

RegCloseKey

RegFlushKey

RegDeleteKeyA

crossfire.exe

413188828

70162287

hXXp://e.3600gz.cn

hXXp://VVV.3600gz.cn

hXXp://VVV.3600gz.cn/forumdisplay.php?fid=61

hXXp://VVV.3600gz.cn/viewthread.php?tid=1177

VVV.3600gz.cn

VVV.VVV.3600gz.cn.cn

onkeydown

VVV.cftiyanfu.com

WWW.CF

hXXp://VVV.cftiyanfu.com/zg1.txt

hXXp://VVV.cftiyanfu.com/jiemiancaitu/ct.htm

hXXp://VVV.cftiyanfu.com/youxicaitu/youxicaitu.html

hXXp://VVV.cftiyanfu.com/

hXXp://VVV.cftiyanfu.com/wangye/sm.htm

CFSelWorld.exe

610598735

smtp.qq.com

14845958<45:

##'"%("$(#%(((-

$&*')-&(,&( '),()-%( '(,

-.2.04,/3-/2-.2) /3479;?146

89=47:46:')-#%(

)-1-/3./37:>46;47;

./2/0368<9;>

(*. -0*,/*,0-/3-/4

/16,.1/05-.3.02/14.04/15

68=8:?78=037/06./369<

(*-),0 -1

"$'( 0015,.2

*,0) / -1,.2

-/3.03/14-/3,.269>469

-.2,-1) /( /%')

/16) /*,/* .137./3 -0-/3

 -1.14,-134879>9:?8:?57;67;57;237

89=57;56;

$$&)&( $&)!"'"%($%)#&)#%)(*.) /')-*,/-.3'*."$($&)#%(&( %'

smtp.126.com

VVV.pxtxt.com

VVV.92kxh.com

.text

`.rdata

@.data

.rsrc

@.reloc

_malloc_crt

_amsg_exit

MSVCR80.dll

_crt_debugger_hook

KERNEL32.dll

<assemblyIdentity type="win32" name="Microsoft.VC80.CRT" version="8.0.50727.6195" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"></assemblyIdentity>

iexplore.exe

610598735@qq.com

756151756@qq.com

fbdffdb@126.com

C$%cmb

.ppM|

 aZ.mO

%-^

.hk;~

KERNEL32.DLL

COMCTL32.dll

GDI32.dll

MSIMG32.dll

MSVCRT.dll

MSVFW32.dll

USER32.dll

SkinH_EL.dll

LTMsg.dll

ito67u6seytryddutyy.dll

hes54ur6ify8uvoguiyuvouity.dll

.data

B.Silvana

[%.sl

-$%Xe

z .qV{Z

M^%f!

c&p.CT

.COQ#

.Uzy8

>.BA>

%SXjl@

q%C!cF

=Ay`x^

X.kl&

.rV<=U

h.IE9

@.Fjx

@:I%F

r.ioxE

4_C`1T.md

SQ.Kr

96.Ki

1Y.irQ

SeC)%C

.lD#0

6{.iE

.Oj*B

\>;.Kwd

ji#.hG

1S.ip

Ag$a&%u(

23%FL;

*0FTpq1

ap.jDP

 e.QA

nE/

C-1h};

Y.mA6

Hb.ES

Please contact the application's support team for more information.

- Attempt to initialize the CRT more than once.

- CRT not initialized

- floating point support not loaded

GetProcessWindowStation

USER32.DLL

&&&&6666????

""""****

2222::::

$$$$\\\\

00006666

####====

KernelBase.dll

IPHLPAPI.DLL

GetCPInfo

RegOpenKeyExA

RegCreateKeyExA

ADVAPI32.dll

.Strt\

.lJOS

@@SSShN

.Zt,}

.sr#k

0.qlXg

0%u|D

n6%Dvs|

%X9v8

9.HDs

I[.dxr

]$[/

uu&k.uU

7|.Rf

z.Dc|

#S.WF

5.eqS

.Jxw$K

LY.mW

jZep.whW?L

{.rzK

q\%d-

re.gm;

@56%6S

.sTga

rtixjrykicyuoy.dll

WS2_32.dll

^GetCPInfo

WinExec

GetProcessHeap

3~USER32.dll

GetKeyState

ARegisterHotKey

|UnregisterHotKey

CreateDialogIndirectParamA

nUnhookWindowsHookEx

SetWindowsHookExA

GetViewportOrgEx

%CreateEllipticRgn

ScaleViewportExtEx

KSetViewportExtEx

OffsetViewportOrgEx

SetViewportOrgEx

GetViewportExtEx

ole32.dll

WINSPOOL.DRV

oxfShellExecuteA

\COMCTL32.dll

OLEAUT32.dll

comdlg32.dll

SHELL32.dll

:WINMM.dll

Safengine Licensor Demo v1.8.0.0

WINMM.dll

GetProcessHeap

RegisterHotKey

UnregisterHotKey

UnhookWindowsHookEx

SetViewportExtEx

<$<(<,<0<

>.?4?8?<?@?

C:\Windows\System32\Drivers\etc\hostshXXp://VVV.super-ec.cnhXXp://wghai.com/echXXp://qsyou.com/echXXp://VVV.wghai.comhXXp://bbs.wghai.com/forum-17-1.html/forum-12-1.html/memcp.php/ip.asp/time.asp/gonggao.txt/ec-user6.php/ec-bd.php/ec-jh.php

hXXp://VVV.super-ec.cn

<input type="text" name="field_2new" size="25" value="" disabled class="txt" />" class="txt" />Function Getcpuid()

Set cpuSet = GetObject("winmgmts:{impersonationLevel=impersonate}").InstancesOf("Win32_Processor")

getcpuid=cpu.ProcessorId

onkeyup

text|password|file

javascript:document.onsdragstart=document.onselectstart=document.oncontextmenu=function(){return true}

javascript:document.onselectstart = document.oncontextmenu = document.onmousedown = document.onkeydown = function(){return true;};

onkeypress

WarnOnHTTPSToHTTPRedirect

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

var jies = document.getElementsByTagName('object');for(var jie in jies){if(jies[jie].classid=='clsid:D27CDB6E-AE6D-11cf-96B8-444553540000'){jies[jie].removeNode(true);}}

wininet.dll

User-Agent: Mozilla/4.0(compatible; MSIE 6.0; Windows NT 5.0; MyIE2; .NET CLR 1.1.4322)

InternetOpenUrlA

HttpQueryInfoA

hXXp://

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)

http=

HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*

Content-Type: application/x-www-form-urlencoded

HttpOpenRequestA

HttpSendRequestA

HttpAddRequestHeadersA

Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cookies

\*.txt

scripting.FileSystemObject

%Documents and Settings%\IBM\Cookies\*.txt

Content.IE5\

selectedIndex,onactivate,onafterprint,onafterupdate,onbeforeactivate,onbeforecopy,onbeforecut,onbeforedeactivate,onbeforeeditfocus,onbeforepaste,onbeforeprint,onbeforeunload,onbeforeupdate,onblur,onbounce,oncellchange,onchange,oncontextmenu,oncontrolselect,oncopy,oncut,ondataavailable,ondatasetchanged,ondatasetcomplete,ondeactivate,ondrag,ondragend,ondragenter,ondragleave,ondragover,ondragstart,ondrop,onerror,onerrorupdate,onfilterchange,onfinish,onfocus,onfocusin,onfocusout,onhelp,onkeydown,onkeypress,onkeyup,onlayoutcomplete,onload,onlosecapture,onmousedown,onmouseenter,onmouseleave,onmousemove,onmouseout,onmouseover,onmouseup,onmousewheel,onmove,onmoveend,onmovestart,onpaste,onpropertychange,onreadystatechange,onreset,onresize,onresizeend,onresizestart,onrowenter,onrowexit,onrowsdelete,onrowsinserted,onscroll,onselect,onselectionchange,onselectstart,onstart,onstop,onunload

HKEY_CLASSES_ROOT

HKEY_CURRENT_USER

HKEY_LOCAL_MACHINE

HKEY_USERS

Adobe Photoshop CS Windows

2012:03:04 02:02:29

urlTEXT

MsgeTEXT

hXXp://ns.adobe.com/xap/1.0/

<rdf:RDF xmlns:rdf='hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#' xmlns:iX='hXXp://ns.adobe.com/iX/1.0/'>

<rdf:Description rdf:about='uuid:d440edbd-655a-11e1-a1bd-a1db5fbd6920'

xmlns:exif='hXXp://ns.adobe.com/exif/1.0/'>

xmlns:pdf='hXXp://ns.adobe.com/pdf/1.3/'>

xmlns:photoshop='hXXp://ns.adobe.com/photoshop/1.0/'>

xmlns:tiff='hXXp://ns.adobe.com/tiff/1.0/'>

xmlns:xap='hXXp://ns.adobe.com/xap/1.0/'>

<xap:CreatorTool>Adobe Photoshop CS Windows</xap:CreatorTool>

xmlns:xapMM='hXXp://ns.adobe.com/xap/1.0/mm/'>

<xapMM:DocumentID>adobe:docid:photoshop:ad396835-d63b-11e0-a1a8-b8fb593bef56</xapMM:DocumentID>

xmlns:dc='hXXp://purl.org/dc/elements/1.1/'>

hXXp://VVV.baidu.comt

hXXp://VVV.baidu.com/baidu?word=CF

CFv1.8.1

Cfweiai@qq.CoM

F%*.*f

CNotSupportedException

commctrl_DragListMsg

Afx:%x:%x:%x:%x:%x

Afx:%x:%x

COMCTL32.DLL

CCmdTarget

MSH_SCROLL_LINES_MSG

MSWHEEL_ROLLMSG

__MSVCRT_HEAP_SELECT

iphlpapi.dll

SHLWAPI.dll

MPR.dll

VERSION.dll

WSOCK32.dll

.PAVCException@@

.PAVCNotSupportedException@@

.PAVCFileException@@

(*.prn)|*.prn|

(*.*)|*.*||

Shell32.dll

Mpr.dll

Advapi32.dll

User32.dll

Gdi32.dll

Kernel32.dll

(&07-034/)7 '

?? / %d]

%d / %d]

: %d]

(*.WAV;*.MID)|*.WAV;*.MID|WAV

(*.WAV)|*.WAV|MIDI

(*.MID)|*.MID|

(*.txt)|*.txt|

(*.JPG;*.BMP;*.GIF;*.ICO;*.CUR)|*.JPG;*.BMP;*.GIF;*.ICO;*.CUR|JPG

(*.JPG)|*.JPG|BMP

(*.BMP)|*.BMP|GIF

(*.GIF)|*.GIF|

(*.ICO)|*.ICO|

(*.CUR)|*.CUR|

%s:%d

windows

out.prn

%d.%d

%d / %d

%d/%d

Bogus message code %d

(%d-%d):

%ld%c

(*.htm;*.html)|*.htm;*.html

VVV.dywt.com.cn

%s <%s>

Reply-To: %s

From: %s

To: %s

Subject: %s

Date: %s

Cc: %s

%a, %d %b %Y %H:%M:%S

HELO %s

SMTP

AUTH LOGIN

LOGIN

AUTH=LOGIN

EHLO %s

Content-Type: application/octet-stream; name=%s

Content-Disposition: attachment; filename=%s

MAIL FROM:<%s>

RCPT TO:<%s>

1.1.3

;3 #>6.&

'2, / 0&7!4-)1#

.PAVCOleException@@

.PAVCObject@@

.PAVCSimpleException@@

.PAVCMemoryException@@

.?AVCNotSupportedException@@

.PAVCResourceException@@

.PAVCUserException@@

.?AVCCmdTarget@@

.?AVCCmdUI@@

.?AVCTestCmdUI@@

.PAVCOleDispatchException@@

.PAVCArchiveException@@

zcÁ

.cftiyanfu.com

c:\%original file name%.exe

#include "l.chs\afxres.rc" // Standard components

>~a.iO"

Invalid shell DLL %1!s!.UInvalid shell DLL version for %1!s!. DLL version is %2!d!, current version is %3!d!.

Missing class: %1!s!.*Unable to initialize network driver %1!s!.QNetwork protocol version mismatch - your version: %1!d!, server's version: %2!d!.

1, 0, 6, 6

mscoree.dll

\\.\PhysicalDrive%d

1.1.1.1

010203040506070809

(*.*)

%original file name%.exe_3308_rwx_006CD000_00001000:

Kernel32.dll

t/EXEShive V3.0 By:Ry4King Http://RK.PCdidai.com

tB\\.\fengyue0

\\.\NTICE

\\.\SICE

\\.\SIWVID

\\.\Syser

\\.\VenShing

>.rsru

>.relu

>.edau

uKernel32.dll

854d117ba0556912f8c445033fc.exe

%original file name%.exe_3308_rwx_10027000_00015000:

msctls_hotkey32

TVCLHotKey

THotKey

\skinh.she

}uo,x6l5k%x-l h

9p%s m)t4`#b

e"m?c&y1`Ð<

SetViewportOrgEx

SetViewportExtEx

SetWindowsHookExA

UnhookWindowsHookEx

EnumThreadWindows

EnumChildWindows

`c%US.4/

!#$<#$#=

.text

`.rdata

@.data

.rsrc

@.UPX0

`.UPX1

`.reloc

%-^

.hk;~

Remove it with Ad-Aware

Click (here) to download and install Ad-Aware Free Antivirus.
Update the definition files.
Run a full scan of your computer.

Manual removal*

Terminate malicious process(es) (How to End a Process With the Task Manager):No processes have been created.
Delete the original Trojan file.
Delete or disinfect the following files created/modified by the Trojan:

C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\icons_5859e57[1].png (1581 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\ielib_0108[1].js (9985 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\5M9OQRTW.txt (365 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\his[1].htm (222 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\all_async_search_643de1e[1].js (158576 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\baidu_jgylogo3[1].gif (705 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\481GHTKC.txt (215 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat (16 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\u=3559944336,2377270090&fm=85&s=7C2C34727F667F241A791DC30100E0B1[1].jpg (892 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\jquery-1.10.2.min_65682a2[1].js (51044 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\every_cookie_a70bc15[2].js (10100 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\baidu_jgylogo3[1].gif (705 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\C9KHJ3UR.txt (442 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\zbios_efde696[1].png (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\u=2109705242,1457518671&fm=85&s=FE3A65CA47F296790CE9740B0100A0C0[1].jpg (232 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\down[1] (748 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\ErrorPageTemplate[1] (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\u=2180535449,1072796147&fm=58[1].jpg (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\ErrorPageTemplate[1] (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\S4XQXWFZ.txt (627 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\env[1].swf (1540 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\4Z567E5H.txt (627 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Internet Explorer\UserData\P80YD9NJ\userDataBIDUPSID[1].xml (54 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\down[1] (748 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\u=1168239479,2757861393&fm=85&s=D5A8F758C671927E5E6D68120300E0C2[1].jpg (959 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\9GXYFOY0.txt (442 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\u=2918453312,4167841404&fm=58[1].jpg (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\u=973491904,2749729385&fm=58[1].jpg (250 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\background_gradient[1] (453 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\u=2680798957,2314482243&fm=85&s=A1C1B84AB01135740650341F030080D0[1].jpg (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\EA873JVK.txt (79 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\httpErrorPagesScripts[1] (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\env[1].swf (1540 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Internet Explorer\DOMStore\WMZUWJRG\www.baidu[1].xml (465 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\info_48[1] (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\Y2H690ZB.txt (627 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\u=1487216520,2142273717&fm=77&s=51981DD7560244E2C0ADF87503001068[1].jpg (573 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\errorPageStrings[1] (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\bdsug_async_97a395d[1].js (15547 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\u=205925506,3321613877&fm=77&s=C720BDE0CF430ACC02D1FD10030080D3[1].jpg (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\UWKZJJGO.txt (442 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\all_async_search_643de1e[1].js (150836 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\2Y4JQNC9.txt (298 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\quickdelete_33e3eb8[1].png (1100 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\http_400_webOC[1] (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\XBDSXIM1.txt (102 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\info_48[1] (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\u=1456033670,915884646&fm=77&s=59E503C2CBE4925956E17F9D0200D006[1].jpg (491 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\bullet[1] (447 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\his[1].htm (222 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\u=1402777896,2832812784&fm=58[1].jpg (233 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\nu_instant_search_08089ad[1].js (19390 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\error[1].htm (1798 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\u=2868708523,715225592&fm=58[1].jpg (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\bullet[1] (447 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\background_gradient[1] (453 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\baidu[1].htm (21048 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\u=1661938696,720667100&fm=58[1].jpg (232 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\baidu_com[1].htm (9050 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\nu_instant_search_08089ad[1].js (13551 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\aladdinIcon-1.0[1].gif (534 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\bd_logo1[1].png (7 bytes)
C:\CFÃƒÅ½Ã‚Â¨Ã‚Â°Ã‚Â®Ã‚Â¸Ã‚Â¨Ãƒâ€“ÃƒÂºÃƒâ€¹Ã‚ÂµÃƒÆ’ÃƒÂ·.txt (540 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Internet Explorer\UserData\6E811UHO\userDataBIDUPSID[1].xml (54 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#s1.bdstatic.com\settings.sxx (725 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\u=3070612118,1360677541&fm=58[1].jpg (892 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\NBXZ88BJ\s1.bdstatic.com\sharedObjectBIDUPSID.sxx (174 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\httpErrorPagesScripts[1] (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\u=1160236147,2478472682&fm=77&s=03307B8403E206B8F715689D0300D082[1].jpg (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\every_cookie_a70bc15[1].js (10100 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\http_400_webOC[1] (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\S9XOM1N4.txt (442 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\errorPageStrings[1] (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\quickdelete_33e3eb8[1].png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\o_0108[1].swf (1521 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\jquery-1.10.2.min_65682a2[1].js (50967 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sxx (543 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\bdsug_async_97a395d[1].js (15547 bytes)
Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
Reboot the computer.

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

Permalink

Back to the blog

e-mail

Google+

Twitter

Facebook

Gen.Variant.Symmi.61994_697bc854d1

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Discover the new adaware antivirus 12

Our best antivirus yet

Gen.Variant.Symmi.61994_697bc854d1

E-mail

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Discover the new adaware antivirus 12

Our best antivirus yet