Gen.Heur.PWSIME.2_86a0f83936

by malwarelabrobot on April 27th, 2016 in Malware Descriptions.

Trojan-Dropper.Win32.Agent.gato (Kaspersky), Gen:Heur.PWSIME.2 (B) (Emsisoft), Gen:Heur.PWSIME.2 (AdAware), Trojan.Win32.FlyStudio.FD, Trojan.Win32.Swrort.3.FD, GenericInjector.YR, TrojanFlyStudio.YR (Lavasoft MAS)
Behaviour: Trojan-Dropper, Trojan


The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Requires JavaScript enabled!

Summary
Dynamic Analysis
Static Analysis
Network Activity
Map
Strings from Dumps
Removals

MD5: 86a0f8393608bfdb3fa9ae25e25c28a0
SHA1: 801ab83d26a54ca85440bd0256fb202303e23923
SHA256: 47f52146e572057951cd6975572586dab95418118339eb801b7b05aedd51266a
SSDeep: 49152:B/f8cSymyvKLZq2clfTSO5TUhHyDSgQRsE X5OsFTMIPe:DcyGg2clb58HuQ6E X5OsMD
Size: 1808571 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: PackerUPXCompresorGratuitowwwupxsourceforgenet, UPolyXv05_v6
Company: no certificate found
Created at: 2009-11-06 08:21:39
Analyzed on: WindowsXP SP3 32-bit


Summary:

Trojan-Dropper. Trojan program, intended for stealth installation of other malware into user's system.

Payload

No specific payload has been found.

Process activity

The Trojan creates the following process(es):

Ö»ÓÐÒ»¿ÅÌÇ¡Þ(Ë¢·ÖÖúÊÖ0329A).exe:1888
%original file name%.exe:312
С½ç.exe:868
С½ç.exe:1552
С½ç.exe:952
С½ç.exe:1612
С½ç.exe:2220

The Trojan injects its code into the following process(es):

С½ç.exe:1076
С½ç.exe:164
С½ç.exe:372

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process Ö»ÓÐÒ»¿ÅÌÇ¡Þ(Ë¢·ÖÖúÊÖ0329A).exe:1888 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%System%\xiaojie.dll (15021 bytes)

The process %original file name%.exe:312 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\Temp\Ö»ÓÐÒ»¿ÅÌÇ¡Þ(Ë¢·ÖÖúÊÖ0329A).exe (20507 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Temp\С½ç.exe (5442 bytes)

The process С½ç.exe:868 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\MBGD6PZ4\error[1].htm (8 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Cookies\72484533\Current_User@baidu[1].txt (198 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\error[1].jsp (2 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\s[1].htm (502 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\TFExecuter4\cfg.ini (84 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\cfg.ini (228 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Cookies\72484533\index.dat (400 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\s[1] (1733 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\dat1.tmp (18121 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\YO95U8Z4\m.baidu[1] (3833 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\s[1] (0 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\error[1].jsp (0 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\MBGD6PZ4\f3[1].htm (0 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\YO95U8Z4\m.baidu[1] (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\dat1.tmp (0 bytes)

The process С½ç.exe:1552 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Application Data\LSinglePro\Cookies\44485791\Current_User@baidu[1].txt (198 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Cookies\44485791\index.dat (400 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\wap.baidu[1] (4979 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\TFExecuter4\cfg.ini (84 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\MBGD6PZ4\iconfont_b2795733[1].eot (14826 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\cfg.ini (228 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\YO95U8Z4\f3[1].htm (0 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\wap.baidu[1] (0 bytes)

The process С½ç.exe:1076 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\YO95U8Z4\h5[1] (82 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\bl.dat.bak (6 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\MBGD6PZ4\f8[1] (164 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\blhash.dat.bak (2610 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\YO95U8Z4\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\TFExecuter4\cfg.ini (631 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\blhash_6.5.dat[1].zip (96 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\cfg_6.5[1].ini (5 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\h1[1] (116 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\YO95U8Z4\h1[1] (121 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\MBGD6PZ4\desktop.ini (134 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\f8[1] (82 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\desktop.ini (159 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\YO95U8Z4\bts.dat[1].zip (56 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\YO95U8Z4\6.5[1].xml (557 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\MBGD6PZ4\6.5[1].xml (557 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\cfg.ini (720 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\MBGD6PZ4\h3[1] (93 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\f2[1] (1636 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\MBGD6PZ4\GlobalConfig_6.5[1].ini (2 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\cfg_6.5[1].ini (5 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\6.5[1].xml (557 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\log.txt (298 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\f11[1] (87 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\f8[1] (164 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\runtask.dat.bak (44 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\desktop.ini (134 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\SearchEngine_6.5[1].ini (3 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\YO95U8Z4\f8[1] (165 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\TFExecuter4\GlobalConfig.ini.bak (8 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\YO95U8Z4\bts_tmh.dat[1].zip (40 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\YO95U8Z4\f2[1] (1 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\bts_tm.dat.bak (248 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\TFExecuter4\HLR_cfg.ini.bak (20 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\GlobalConfig_6.5[1].ini (2 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\YO95U8Z4\runtask_6.5[1].dat (22 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\YO95U8Z4\adb0e35099b6dd9eb6e46a02122b8802a32be0ae01e70c1807b733e60b4e6e04ed73f9891bde58097fdfdd3c679c507fac58dc2d4f295190bb5172bb744225100eef4d02898aa62d0[1] (98 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\SearchEngine_6.5[2].ini (3 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\MBGD6PZ4\bl_6.5[1].dat (3 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\bts_tm.dat[1].zip (34 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\MBGD6PZ4\h1[1] (123 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\TFExecuter4\SearchEngine.ini.bak (12 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\bts.dat.bak (604 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\bts_tmh.dat.bak (292 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\MBGD6PZ4\desktop.ini (0 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\f8[1] (0 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5 (0 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files (0 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\GlobalConfig_6.5[1].ini (0 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\f8[1] (0 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\desktop.ini (0 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\MBGD6PZ4 (0 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\MBGD6PZ4\f8[1] (0 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\SearchEngine_6.5[1].ini (0 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\blhash_6.5.dat[2].zip (0 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\MBGD6PZ4\6.5[1].xml (0 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\desktop.ini (0 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\cfg_6.5[1].ini (0 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\YO95U8Z4\f8[1] (0 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\YO95U8Z4\h1[1] (0 bytes)

The process С½ç.exe:952 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\210038335-【推薦】依然優雅,依然心閑│依[1] (6403 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\MBGD6PZ4\angular.min[1].js (5150 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\jquery.min[1].js (9896 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\MBGD6PZ4\spin.min[1].js (4 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\MBGD6PZ4\jquery.onAppear.min[1].js (1 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (964 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@pixnet[1].txt (132 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\cfg.ini (228 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\TFExecuter4\cfg.ini (84 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\210038335-【推薦】依然優雅,依然心閑│依[1].ht (3306 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\json2.min[1].js (570 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\210038335-【推薦】依然優雅,依然心閑│依[1].ht (5399 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\210038335-【推薦】依然優雅,依然心閑│依[1] (9643 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\210038335-【推薦】依然優雅,依然心閑│依[1] (0 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\f3[1].htm (0 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\210038335-【推薦】依然優雅,依然心閑│依[1] (0 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\210038335-【推薦】依然優雅,依然心閑│依[1].ht (0 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\210038335-【推薦】依然優雅,依然心閑│依[1].ht (0 bytes)

The process С½ç.exe:1612 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\rs=ACT90oGzKbyXaRnPCWgVR4dBFQ9dV2gEnQ[1] (22564 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Cookies\62493216\[email protected][1].txt (387 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\YO95U8Z4\sem_ec74a174890fd99095cdb2ed3d3d4a87[2].js (5984 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\MBGD6PZ4\google.co[1].htm (4183 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\google.co[1].htm (4257 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\google.co[1] (24337 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\YO95U8Z4\sem_ec74a174890fd99095cdb2ed3d3d4a87[1].js (7041 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\YO95U8Z4\search[2].htm (4371 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\MBGD6PZ4\search[1] (11650 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\MBGD6PZ4\google.co[2].htm (4235 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Cookies\62493216\index.dat (400 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\TFExecuter4\cfg.ini (84 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\cfg.ini (228 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\MBGD6PZ4\search[1].htm (3455 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\rs=ACT90oGzKbyXaRnPCWgVR4dBFQ9dV2gEnQ[2] (25016 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\YO95U8Z4\search[1] (23815 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\MBGD6PZ4\google.co[1] (48897 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\YO95U8Z4\search[1].htm (4878 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\rs=ACT90oGzKbyXaRnPCWgVR4dBFQ9dV2gEnQ[1] (0 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\YO95U8Z4\sem_ec74a174890fd99095cdb2ed3d3d4a87[1].js (0 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\MBGD6PZ4\google.co[1].htm (0 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\google.co[1] (0 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\YO95U8Z4\search[2].htm (0 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\MBGD6PZ4\search[1] (0 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\MBGD6PZ4\google.co[2].htm (0 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\f3[1].htm (0 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\YO95U8Z4\search[1] (0 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\MBGD6PZ4\google.co[1] (0 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\YO95U8Z4\search[1].htm (0 bytes)

The process С½ç.exe:2220 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\g.base.min.d4b78b0cc66c0fb232c3afe3c7dfb500[2].css (2676 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (570 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\site-nav.min.f7347e7700dc80bf77c1e42569fad86b[2].js (3 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\MBGD6PZ4\649a5074e678c2ca97609ade4c68ad5f,7820a44330e04c9718005bfa97e80bc8[1].js (1 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\index.min.8ac31320bcfe7b481dd8d413db31eaf3[2].css (13 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\CAWH67CT.gif (43 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@dianping[1].txt (1157 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\MBGD6PZ4\local.min.8602861a2c191a9959f183138c097790[1].js (1 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\MBGD6PZ4\single[1].htm (5 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\index.min.8ac31320bcfe7b481dd8d413db31eaf3[1].css (2 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\MBGD6PZ4\footer.min.b89d87532d5fe16706082281d2eec4cc[2].css (666 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\version.min.v1461230441209[1].js (9780 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\MBGD6PZ4\649a5074e678c2ca97609ade4c68ad5f,7820a44330e04c9718005bfa97e80bc8[2].js (2 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\neuron-active.min.719ede6914677bb148848d46c52bcf6f[1].js (776 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\js[1].htm (2 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (7712 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@dianping[2].txt (884 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\CAWDUHRS.gif (43 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\cfg.ini (228 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\suggest.min.ea3b7ce0b29712205015c66468da7d85[1].js (2 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\YO95U8Z4\dimension.min.f12f839642deedcc2ef8e2235f146031[2].js (2 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\header.min.8d916a7c8b91868f440fda20e528173d[1].js (1090 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\MBGD6PZ4\local.min.8602861a2c191a9959f183138c097790[2].js (2 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\g.base.min.d4b78b0cc66c0fb232c3afe3c7dfb500[1].css (1510 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\event-transfer.min.7ad4b4a30a314ba357f1f317a6d378fc[1].js (90 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\CAX8W3T9.gif (43 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\js[1].htm (2 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\YO95U8Z4\about.min.8f2982ea9f56354da9982ca882653b64[1].css (317 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\YO95U8Z4\category-nav.min.acf5f565141d66370a643a075d8df1f7[1].js (1 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\single[1].htm (5 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\YO95U8Z4\dimension.min.f12f839642deedcc2ef8e2235f146031[1].js (1 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\YO95U8Z4\about.min.8f2982ea9f56354da9982ca882653b64[2].css (693 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\YO95U8Z4\category-nav.min.acf5f565141d66370a643a075d8df1f7[2].js (3 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\afe6182c4f181e2d419ebec8c0026a69,e54951fd409a1f2680a457e395b90dc1,f000da58a69731e4d966b79f319a973f,95fa2a7fcd32a0420990036ef407e852[2].js (7 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\neuron-active.min.719ede6914677bb148848d46c52bcf6f[2].js (1814 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\contactus[1] (3014 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\tpl.min.681c5b24a9a215968286adb35ea9a1b4[1].js (854 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\YO95U8Z4\placeholder.min.8b8f8f355aeac43833c8c3ce9c141175[1].js (729 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\9161a9e2ca34898fc4cb45a141573644,08440f9945a0f99cbbcadce7d5b140bf,d684d059e36669bf219edb136c5b4221[1].js (3 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\single[2].htm (5 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\MBGD6PZ4\footer.min.b89d87532d5fe16706082281d2eec4cc[1].css (297 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\header.min.8d916a7c8b91868f440fda20e528173d[2].js (1119 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\afe6182c4f181e2d419ebec8c0026a69,e54951fd409a1f2680a457e395b90dc1,f000da58a69731e4d966b79f319a973f,95fa2a7fcd32a0420990036ef407e852[1].js (3 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\9161a9e2ca34898fc4cb45a141573644,08440f9945a0f99cbbcadce7d5b140bf,d684d059e36669bf219edb136c5b4221[2].js (8 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\single[1].htm (5 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\TFExecuter4\cfg.ini (84 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\version.min.v1461230441209[2].js (15343 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\site-nav.min.f7347e7700dc80bf77c1e42569fad86b[1].js (1 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\YO95U8Z4\suggest.min.ea3b7ce0b29712205015c66468da7d85[1].js (1 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][2].txt (285 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (0 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\MBGD6PZ4\649a5074e678c2ca97609ade4c68ad5f,7820a44330e04c9718005bfa97e80bc8[1].js (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@dianping[1].txt (0 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\MBGD6PZ4\local.min.8602861a2c191a9959f183138c097790[1].js (0 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\index.min.8ac31320bcfe7b481dd8d413db31eaf3[1].css (0 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\CAWH67CT.gif (0 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\version.min.v1461230441209[1].js (0 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\neuron-active.min.719ede6914677bb148848d46c52bcf6f[1].js (0 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\js[1].htm (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@dianping[2].txt (0 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\CAWDUHRS.gif (0 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\f3[1].htm (0 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\header.min.8d916a7c8b91868f440fda20e528173d[1].js (0 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\g.base.min.d4b78b0cc66c0fb232c3afe3c7dfb500[1].css (0 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\CAX8W3T9.gif (0 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\YO95U8Z4\about.min.8f2982ea9f56354da9982ca882653b64[1].css (0 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\YO95U8Z4\category-nav.min.acf5f565141d66370a643a075d8df1f7[1].js (0 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\single[1].htm (0 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\YO95U8Z4\dimension.min.f12f839642deedcc2ef8e2235f146031[1].js (0 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\contactus[1] (0 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\9161a9e2ca34898fc4cb45a141573644,08440f9945a0f99cbbcadce7d5b140bf,d684d059e36669bf219edb136c5b4221[1].js (0 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\single[2].htm (0 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\MBGD6PZ4\footer.min.b89d87532d5fe16706082281d2eec4cc[1].css (0 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\afe6182c4f181e2d419ebec8c0026a69,e54951fd409a1f2680a457e395b90dc1,f000da58a69731e4d966b79f319a973f,95fa2a7fcd32a0420990036ef407e852[1].js (0 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\site-nav.min.f7347e7700dc80bf77c1e42569fad86b[1].js (0 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\YO95U8Z4\suggest.min.ea3b7ce0b29712205015c66468da7d85[1].js (0 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][2].txt (0 bytes)

The process С½ç.exe:164 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\MBGD6PZ4\dir-4b3wz4J28KrjQg[1].htm (1417 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\tongji[3].js (12 bytes)
%Documents and Settings%\%current user%\UserData\YJM90VAL\xs.qinqinge[1].xml (266 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Cookies\67495783\Current_User@7pud[1].txt (457 bytes)
%Documents and Settings%\%current user%\UserData\2Z89WTQV\xs.qinqinge[1].xml (266 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Cookies\67495783\Current_User@nr1234[1].txt (153 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\hm[1].js (392 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\tongji[2].js (493 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\CAIVG5QZ.gif (43 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Cookies\67495783\Current_User@5ip9[1].txt (215 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\xs.qinqinge[2] (12 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\MBGD6PZ4\float[1].js (137 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Cookies\67495783\[email protected][2].txt (181 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\CA98JU7J.gif (43 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\CA8PU5FG.gif (43 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Cookies\67495783\Current_User@qinqinge[1].txt (185 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\jquery.form[2].js (3004 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\flash[1].js (314 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Cookies\67495783\[email protected][2].txt (281 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\MBGD6PZ4\float[2].js (128 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\xs.qinqinge[2].htm (2 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Cookies\67495783\[email protected][1].txt (140 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\cfg.ini (228 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\MBGD6PZ4\jquery.min[2].js (10581 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\mediashow[1].htm (1154 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\YO95U8Z4\hm[1].js (1717 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\YO95U8Z4\CAPOSB9X.gif (43 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\YO95U8Z4\flash[1].js (314 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\YO95U8Z4\window[1].js (129 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\CAG7RFA8.htm (862 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\common[1].js (478 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\tongji[1].js (249 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\style[1].css (1496 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\jquery.form[1].js (3741 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\xs.qinqinge[1] (5011 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\YO95U8Z4\window[2].js (116 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\CAEVO5OP.gif (43 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\style[2].css (1859 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\hm[2].js (354 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Cookies\67495783\[email protected][1].txt (164 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Cookies\67495783\[email protected][1].txt (185 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\xs.qinqinge[1].htm (7049 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\MBGD6PZ4\dir-4b3wz4J28KrjQg[1].html (1395 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Cookies\67495783\index.dat (4668 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Cookies\67495783\Current_User@7pud[2].txt (308 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\MBGD6PZ4\jquery.min[1].js (12759 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Cookies\67495783\Current_User@linezing[1].txt (169 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\common[2].js (1 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\MBGD6PZ4\CAGXYZ0H.htm (862 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\YO95U8Z4\mediashow[1].htm (1154 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\YO95U8Z4\hm[2].js (661 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\YO95U8Z4\mediadisplay[1].htm (0 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Cookies\67495783\Current_User@7pud[1].txt (0 bytes)
%Documents and Settings%\%current user%\UserData\2Z89WTQV\xs.qinqinge[1].xml (0 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\hm[1].js (0 bytes)
%Documents and Settings%\%current user%\UserData\2Z89WTQV\www.aaa[1].xml (0 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\CAIVG5QZ.gif (0 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\xs.qinqinge[2] (0 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\hm[2].js (0 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\MBGD6PZ4\p[1].htm (0 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\CA8PU5FG.gif (0 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\flash[1].js (0 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\CA98JU7J.gif (0 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\xs.qinqinge[2].htm (0 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\p[1].htm (0 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Cookies\67495783\[email protected][1].txt (0 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\YO95U8Z4\hm[1].js (0 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\YO95U8Z4\CAPOSB9X.gif (0 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\YO95U8Z4\flash[1].js (0 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\YO95U8Z4\window[1].js (0 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\common[1].js (0 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\tongji[1].js (0 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\style[1].css (0 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\jquery.form[1].js (0 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\xs.qinqinge[1] (0 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\CAEVO5OP.gif (0 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\MBGD6PZ4\float[1].js (0 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Cookies\67495783\[email protected][1].txt (0 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\xs.qinqinge[1].htm (0 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Cookies\67495783\Current_User@7pud[2].txt (0 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\MBGD6PZ4\jquery.min[1].js (0 bytes)

The process С½ç.exe:372 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Cookies\Current_User@360[1].txt (212 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\YO95U8Z4\hao.360[1].htm (6597 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\MBGD6PZ4\yingying[1].html (1090 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\car[1] (776 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\YO95U8Z4\car[1].htm (13 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\YO95U8Z4\hao360[1].eot (50 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@360[2].txt (366 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\MBGD6PZ4\yingying[1].htm (1217 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (1928 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\253c424d7db0436b,a0c99209afc03502[1].css (10 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\cfg.ini (228 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\YO95U8Z4\hao.360[1] (7602 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\8a60aae81b5f422b[1].css (2 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Cookies\Current_User@360[1].txt (0 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\car[1] (0 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\MBGD6PZ4\yingying[1].html (0 bytes)
%Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\YO95U8Z4\hao.360[1] (0 bytes)

Registry activity

The process Ö»ÓÐÒ»¿ÅÌÇ¡Þ(Ë¢·ÖÖúÊÖ0329A).exe:1888 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "9A 94 A7 C6 88 51 5A 61 93 B8 B8 A9 E0 94 93 CF"

The process %original file name%.exe:312 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "59 6A 43 8F AD 87 26 74 D9 F3 58 A6 62 5E AD A3"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\Temp]
"С½ç.exe" = "标准MFC程序"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\Temp]
"Ö»ÓÐÒ»¿ÅÌÇ¡Þ(Ë¢·ÖÖúÊÖ0329A).exe" = "只有一颗糖∞"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The process С½ç.exe:868 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Application Data\LSinglePro\\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Application Data\LSinglePro\\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1E 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Application Data\LSinglePro\\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "EC A4 BB DF C4 68 3A E1 56 EC BC 0C D1 77 AE B2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Application Data\LSinglePro\\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Application Data\LSinglePro\\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process С½ç.exe:1552 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Application Data\LSinglePro\\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Application Data\LSinglePro\\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1D 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Application Data\LSinglePro\\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "17 3B 8A 29 F1 08 67 C8 BC B7 9B 2F FB 92 07 B5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Application Data\LSinglePro\\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Application Data\LSinglePro\\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process С½ç.exe:1076 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\CHtmlDialog\International]
"AutoDetect" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Application Data\LSinglePro\\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Application Data\LSinglePro\\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
"С½ç.exe" = "11001"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Application Data\LSinglePro\\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1B 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "45 88 68 F1 E2 95 44 00 C6 09 E8 86 5A 7F 22 E2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Application Data\LSinglePro\\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Application Data\LSinglePro\\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"GuaZhuan" = "C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\Temp\С½ç.exe -autorun"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process С½ç.exe:952 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Application Data\LSinglePro\\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Application Data\LSinglePro\\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 21 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Application Data\LSinglePro\\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "CC B6 39 87 29 24 0F 97 30 6E C3 C2 49 B4 E7 C6"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Application Data\LSinglePro\\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Application Data\LSinglePro\\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process С½ç.exe:1612 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Application Data\LSinglePro\\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Application Data\LSinglePro\\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 20 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Application Data\LSinglePro\\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name" = "С½ç.exe"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "1457060598"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6B DC BD CC C8 3A 30 C5 47 FB AD 8D 8C FA 48 02"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Application Data\LSinglePro\\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Application Data\LSinglePro\\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process С½ç.exe:2220 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Application Data\LSinglePro\\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Application Data\LSinglePro\\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 22 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Application Data\LSinglePro\\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name" = "С½ç.exe"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "1457060598"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "50 B6 28 9C 4D C6 47 04 25 85 A3 F8 8A 73 B3 BE"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Application Data\LSinglePro\\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Application Data\LSinglePro\\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process С½ç.exe:164 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Application Data\LSinglePro\\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Application Data\LSinglePro\\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1C 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"@xpsp3res.dll,-20001" = "Diagnose Connection Problems..."

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Application Data\LSinglePro\\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name" = "С½ç.exe"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "1457060598"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "0A 38 83 C2 63 05 15 58 6A DB 3D 14 C6 68 14 8A"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Application Data\LSinglePro\\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Application Data\LSinglePro\\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process С½ç.exe:372 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Application Data\LSinglePro\\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Application Data\LSinglePro\\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1F 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Application Data\LSinglePro\\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name" = "С½ç.exe"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "1457060598"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "61 F4 06 3E B7 0D 40 82 7B 39 47 39 86 27 83 52"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Application Data\LSinglePro\\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Application Data\LSinglePro\\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

Dropped PE files

MD5 File path
4230d3fef3342eb60359fb5426ffbefc c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\Temp\С½ç.exe
fc3c6b0e4ecb669afb48562942f39151 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\Temp\Ö»ÓÐÒ»¿ÅÌÇ¡Þ(Ë¢·ÖÖúÊÖ0329A).exe
dcd209a4137c91576f7f054e8c232338 c:\WINDOWS\system32\xiaojie.dll

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

No information is available.

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Section MD5
UPX0 4096 61440 0 0 d41d8cd98f00b204e9800998ecf8427e
UPX1 65536 36864 36864 5.45929 4df425296fd60a3822242916a9a3b59d
.rsrc 102400 12288 10240 3.89504 c67db0449e76b8ab12b64916f3756845

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

URL IP
hxxp://ap3.liuliangbao.cn/as/c/f8/ 115.236.22.240
hxxp://ap3.liuliangbao.cn/as/2/h1/ 115.236.22.240
hxxp://ap3.liuliangbao.cn/redirect/CFGUpdate?number=6.5&checksum=&cid=A0337FE5A71D4D83BDD5CCA8E96FAC7F&rd=29469 115.236.22.240
hxxp://ap3.liuliangbao.cn/ts/f2.2/ 115.236.22.240
hxxp://ap3.liuliangbao.cn/clt/jobid/adb0e35099b6dd9eb6e46a02122b8802a32be0ae01e70c1807b733e60b4e6e04ed73f9891bde58097fdfdd3c679c507fac58dc2d4f295190bb5172bb744225100eef4d02898aa62d06452c32ce020756aa5b3a565cf1579ad4843d2463746a 115.236.22.240
hxxp://ap3.liuliangbao.cn/as/2/h3/ 115.236.22.240
hxxp://ap3.liuliangbao.cn/redirect/CFGUpdate?number=6.5&checksum=&cid=2899DC5428A441E9A68355A1AEF4DD32&rd=4579 115.236.22.240
hxxp://ap3.liuliangbao.cn/as/2/h5/ 115.236.22.240
hxxp://ap.liuliangbao.cn/clt/config/6.5.xml?checksum=&cid=A0337FE5A71D4D83BDD5CCA8E96FAC7F&rd=29469
hxxp://ap3.liuliangbao.cn/as/c/f11/ 115.236.22.240
hxxp://ap.liuliangbao.cn/clt/config/6.5.xml?checksum=&cid=2899DC5428A441E9A68355A1AEF4DD32&rd=4579
hxxp://ap.liuliangbao.cn/clt/config/cfg_6.5.ini?t=1460363816&checksum=&cid=2899DC5428A441E9A68355A1AEF4DD32
hxxp://ap.liuliangbao.cn/clt/config/SearchEngine_6.5.ini?t=1460363816&checksum=&cid=2899DC5428A441E9A68355A1AEF4DD32
hxxp://ap.liuliangbao.cn/clt/config/GlobalConfig_6.5.ini?t=1460363816&checksum=&cid=2899DC5428A441E9A68355A1AEF4DD32
hxxp://ap.liuliangbao.cn/as/down/clt/config/blhash_6.5.dat.zip?t=1461441001&checksum=&cid=2899DC5428A441E9A68355A1AEF4DD32
hxxp://ap.liuliangbao.cn/clt/config/blhash_6.5.dat.zip
hxxp://ap.liuliangbao.cn/as/down/clt/config/bts.dat.zip?t=1451883999&checksum=&cid=2899DC5428A441E9A68355A1AEF4DD32
hxxp://ap.liuliangbao.cn/clt/config/bts.dat.zip
hxxp://xs.qinqinge.cn/
hxxp://ap.liuliangbao.cn/as/down/clt/config/bts_tm.dat.zip?t=1451883999&checksum=&cid=2899DC5428A441E9A68355A1AEF4DD32
hxxp://ap.liuliangbao.cn/clt/config/bts_tm.dat.zip
hxxp://wap1.n.shifen.com/
hxxp://xs.qinqinge.cn/template/default/public/css/style.css
hxxp://wap.n.shifen.com/ssid=18634461696c7931323361224b/pu=sz@1321_590/s?word=?????????&sa=ib&ts=0449567&rsv_pq=12456816693376695998&rsv_t=28536gUhuSWmle3xxXpDhCo126b%2BV2%2BkvDYIUFuB3V118CYdMYbluZ
hxxp://wap.n.shifen.com/static/index/iconfont/iconfont_b2795733.eot
hxxp://xs.qinqinge.cn/public/script/jquery.min.js
hxxp://ap.liuliangbao.cn/clt/config/runtask_6.5.dat?t=1460363816&checksum=&cid=2899DC5428A441E9A68355A1AEF4DD32
hxxp://ap.liuliangbao.cn/as/down/clt/config/bts_tmh.dat.zip?t=1451883999&checksum=&cid=2899DC5428A441E9A68355A1AEF4DD32
hxxp://ap.liuliangbao.cn/clt/config/bts_tmh.dat.zip
hxxp://xs.qinqinge.cn/template/default/public/js/common.js
hxxp://goo.gl/vMZK3m 173.194.113.200
hxxp://xs.qinqinge.cn/public/script/jquery.form.js
hxxp://front.pixnet.net.geo.pixdns.tw/blog/post/210038335-【推薦】依然優雅,依然心閑│依蘭雅閑幸福
hxxp://ap.liuliangbao.cn/clt/config/bl_6.5.dat?t=1460363816&checksum=&cid=2899DC5428A441E9A68355A1AEF4DD32
hxxp://xs.qinqinge.cn/public/ptcms/tongji.js
hxxp://googleapis.l.google.com/ajax/libs/jquery/1.8.2/jquery.min.js
hxxp://xs.qinqinge.cn/public/ptcms/float.js
hxxp://e2282.e14.akamaiedge.net/jquery.onappear/jquery.onAppear.min.js
hxxp://e2282.e14.akamaiedge.net/json2/json2.min.js
hxxp://googleapis.l.google.com/ajax/libs/angularjs/1.2.0/angular.min.js
hxxp://e2282.e14.akamaiedge.net/spin.js/spin.min.js
hxxp://www.dianping.com/contactus 180.153.132.49
hxxp://hm.e.shifen.com/hm.js?a14c2100c10f26c37f3ddd0d832e2ce5
hxxp://hm.e.shifen.com/hm.gif?cc=0&ck=1&cl=24-bit&ds=1920x1080&et=0&fl=11.6&ja=1&ln=en-us&lo=0&nv=1&rnd=1006647425&si=a14c2100c10f26c37f3ddd0d832e2ce5&st=3&su=http://www.baidu.com/s?wd=%E4%B8%AB%E7%90%B4%E7%90%B4%E5%B0%8F%E8%AF%B4&v=1.1.26&lv=1&tt=亲亲阁||最热门的免费小说网 - Power by PTcms
hxxp://u349036.nr1234.com/mediaController.php?pid=89971 122.225.96.73
hxxp://u349036.nr1234.com/mediashow.php?id=239191&h=200&w=270 122.225.96.73
hxxp://set56.7pud.com/mediashow.php?id=239191&h=200&w=270 115.236.59.78
hxxp://dpfile.fast.cdntip.com/s/css/g.base.min.d4b78b0cc66c0fb232c3afe3c7dfb500.css
hxxp://wap.n.shifen.com/ssid=18634461696c7931323361224b/from=0/bd_page_type=1/uid=0/pu=sz@1321_590,ta@utouch____/baiduid=B57E3D290242DA5E0C5C27431C7FCE4C/w=0_10_?????????/t=wap/l=0/tc?ref=www_utouch&lid=9086315316213581974&order=2&vit=osres&tj=zhidao_2_0_10_l2&fr=ala&waplogo=1&sec=11808&di=b1de644fee51031d&bdenc=1&nsrc=IlPT2AEptyoA_yixCFOxXnANedT62v3IDBqMMS6LLDivpEmixP4kHREsRC0aNWiCGkb8gTCcsBwHxn_f_m1i8R20rahksWse9m36s_GodhLsStY1f0U-2t3HGnQvzfrqyKpOg2Z9ReAoB7-cf_37stg1rsXZaeMs8saC67S6rPzvVY4yYWmZnFrlZEkJDyD0
hxxp://js.tongji.linezing.com.danuoyi.tbcache.com/2994045/tongji.js?20160426 134.159.210.120
hxxp://wap.n.shifen.com/error.jsp?traceid=146163088307666706028773033053047951567
hxxp://xs.qinqinge.cn/public/ptcms/window.js
hxxp://dt.tongji.linezing.com/tongji.do?unit_id=2994045&uv_id=31137119243503273084&uv_new=1&cna=&cg=&mid=&mmland=&ade=&adtm=&sttm=&cpa=&ss_id=1677005717&ss_no=0&ec=1&ref=http://www.baidu.com/s?wd=%E4%B8%AB%E7%90%B4%E7%90%B4%E5%B0%8F%E8%AF%B4&url=http://xs.qinqinge.cn/&title=%u4EB2%u4EB2%u9601||%u6700%u70ED%u95E8%u7684%u514D%u8D39%u5C0F%u8BF4%u7F51 - Power by PTcms&charset=utf-8&domain=qinqinge.cn&hashval=1115&filtered=0&app=Microsoft Internet Explorer&agent=Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)&color=24-bit&screen=1920x1080&lg=en-us&je=1&fv=10.0&st=1461628800&vc=928a5346&ut=0&url_id=0&cnu=0.8126342375473279 42.156.167.82
hxxp://u349036.nr1234.com/fshow.php?id=239187 122.225.96.73
hxxp://u349036.nr1234.com/p.php?id=239187 122.225.96.73
hxxp://dpfile.fast.cdntip.com/s/c/app/main/channel-header/index.min.8ac31320bcfe7b481dd8d413db31eaf3.css
hxxp://zcdn.node.778669.com/p.php?id=239187
hxxp://dpfile.fast.cdntip.com/s/c/app/main/channel-header/footer.min.b89d87532d5fe16706082281d2eec4cc.css
hxxp://set56.7pud.com/mediacode.php?id=239191&w=270&h=200&a=89971&b=18309&p=10229&s=89971&ui=139869&u=qinqinge&dsp=&gu=http%3A//www.7892819.cn/&k=1&vf=&bf=ete_zhuan/ete_zhuan_1452235113.swf&tp=http://xs.qinqinge.cn/&re=http://www.baidu.com/s?wd=%E4%B8%AB%E7%90%B4%E7%90%B4%E5%B0%8F%E8%AF%B4&fsh=1&cok=1&acq=0&screen=1920_1080 115.236.59.78
hxxp://dpfile.fast.cdntip.com/s/c/app/foot/about.min.8f2982ea9f56354da9982ca882653b64.css
hxxp://pic.pxstda.com/data/images/flash.js 115.238.238.178
hxxp://wap.n.shifen.com/tc?l=1&ct=23&cst=6&src=http://m.baidu.com
hxxp://set56.7pud.com/mediadisplay.php?bid=18309&sid=89971&pid=10229&keep=1&topu=aHR0cDovL3hzLnFpbnFpbmdlLmNuLw==&referer=aHR0cDovL3d3dy5iYWlkdS5jb20vcz93ZD3kuKvnkLTnkLTlsI/or7Q=&secret=80485989e139505605d133b5d94b5e861a8&fsh=1&cok=1&acq=0&screen=1920_1080&st=1461630902113 115.236.59.78
hxxp://wap.n.shifen.com/?uid=B57E3D290242DA5E0C5C27431C7FCE4C&bd_page_type=1&baiduid=B57E3D290242DA5E0C5C27431C7FCE4C&tj=tc
hxxp://dpfile.fast.cdntip.com/lib/1.0/neuron-active.min.719ede6914677bb148848d46c52bcf6f.js
hxxp://dpfile.fast.cdntip.com/x_x/version.min.v1461230441209.js
hxxp://hls.dianping.com/hippo.gif?__hlt=www.dianping.com&__ppp=&__had={"r_pagetiming":"1","r_ready":"10812","r_load":"10812","reqid":"0a650671-1544ffd475f-f2fdf1a","serverguid":"0a650671-1544ffd475f-f0110af"}&force=1461630904456&__hsr=1366x768&__hsc=24bit&__hlh=http://www.dianping.com/contactus&__mv=||1|0 180.153.132.57
hxxp://hls.dianping.com/hippo.gif?__hlt=www.dianping.com&__ppp=&__had={"p_render":"0","reqid":"0a650671-1544ffd475f-f2fdf1a","serverguid":"0a650671-1544ffd475f-f0110af"}&force=1461630904472&__hsr=1366x768&__hsc=24bit&__hlh=http://www.dianping.com/contactus&__pv=1|0 180.153.132.57
hxxp://1st.dtwscachev52.ourwebcdn.com/s/j/app/main/channel-header/header.min.8d916a7c8b91868f440fda20e528173d.js
hxxp://1st.dtwscachev52.ourwebcdn.com/s/j/app/main/channel-header/category-nav.min.acf5f565141d66370a643a075d8df1f7.js
hxxp://1st.dtwscachev52.ourwebcdn.com/combos/~lib~1.0~io~ajax.min.js,~lib~1.0~io~jsonp.min.js,~lib~1.0~io~swiff.min.js/9161a9e2ca34898fc4cb45a141573644,08440f9945a0f99cbbcadce7d5b140bf,d684d059e36669bf219edb136c5b4221.js
hxxp://xs.qinqinge.cn/dir-4b3wz4J28KrjQg.html
hxxp://1st.dtwscachev52.ourwebcdn.com/combos/~lib~1.0~util~cookie.min.js,~lib~1.0~util~json.min.js,~lib~1.0~util~queue.min.js,~lib~1.0~util~suggest.min.js/afe6182c4f181e2d419ebec8c0026a69,e54951fd409a1f2680a457e395b90dc1,f000da58a69731e4d966b79f319a973f,95fa2a7fcd32a0420990036ef407e852.js
hxxp://1st.dtwscachev52.ourwebcdn.com/lib/1.0/storage/local.min.8602861a2c191a9959f183138c097790.js
hxxp://1st.dtwscachev52.ourwebcdn.com/lib/1.0/dom/dimension.min.f12f839642deedcc2ef8e2235f146031.js
hxxp://1st.dtwscachev52.ourwebcdn.com/s/j/app/main/channel-header/site-nav.min.f7347e7700dc80bf77c1e42569fad86b.js
hxxp://1st.dtwscachev52.ourwebcdn.com/lib/1.0/mvp/tpl.min.681c5b24a9a215968286adb35ea9a1b4.js
hxxp://1st.dtwscachev52.ourwebcdn.com/s/j/app/main/channel-header/event-transfer.min.7ad4b4a30a314ba357f1f317a6d378fc.js
hxxp://1st.dtwscachev52.ourwebcdn.com/combos/~lib~1.0~event~live.min.js,~lib~1.0~event~multi.min.js/649a5074e678c2ca97609ade4c68ad5f,7820a44330e04c9718005bfa97e80bc8.js
hxxp://1st.dtwscachev52.ourwebcdn.com/lib/1.0/suggest.min.ea3b7ce0b29712205015c66468da7d85.js
hxxp://www.dianping.com/navigation?query=term(cityid,1)&info=cityid:1,stattree:categoryids;hotdishids,hotdishnum:6,header:true 180.153.132.49
hxxp://1st.dtwscachev52.ourwebcdn.com/s/j/app/main/placeholder.min.8b8f8f355aeac43833c8c3ce9c141175.js
hxxp://www.dianping.com/ajax/advertise?position=PC_bottom_banner&cityId=1 180.153.132.49
hxxp://www.dianping.com/ajax/advertise?position=M_bottom_banner&cityId=1 180.153.132.49
hxxp://www.dianping.com/ajax/advertise?position=PC_bottom_QRCode&cityId=1 180.153.132.49
hxxp://hls.dianping.com/hippo.gif?__hlt=www.dianping.com&__ppp=&__had={"module":"globebanner_below_big","action":"browse","publishid":"3","reqid":"0a650671-1544ffd475f-f2fdf1a","serverguid":"0a650671-1544ffd475f-f0110af"}&force=1461630912972&__hsr=1366x768&__hsc=24bit&__hlh=http://www.dianping.com/contactus&__mv=||1|0 180.153.132.57
hxxp://hls.dianping.com/hippo.gif?__hlt=www.dianping.com&__ppp=&__had={"module":"globebanner_below_qrcode","action":"browse","publishid":"1","reqid":"0a650671-1544ffd475f-f2fdf1a","serverguid":"0a650671-1544ffd475f-f0110af"}&force=1461630913253&__hsr=1366x768&__hsc=24bit&__hlh=http://www.dianping.com/contactus&__mv=||1|0 180.153.132.57
hxxp://catdot.dianping.com/broker-service/api/single?v=1&ts=1461630912378&tu=/ajax/advertise&d=500 114.80.165.63
hxxp://catdot.dianping.com/broker-service/api/single?v=1&ts=1461630912363&tu=/navigation&d=312&hs=200 114.80.165.63
hxxp://hao.360.cn/car/ 111.206.66.62
hxxp://d38b7o7ux189o7.cloudfront.net/static/8a60aae81b5f422b.css
hxxp://d38b7o7ux189o7.cloudfront.net/static/253c424d7db0436b,a0c99209afc03502.css
hxxp://hm.e.shifen.com/hm.gif?cc=0&ck=1&cl=24-bit&ds=1920x1080&ep=37000,37000&et=3&fl=11.6&ja=1&ln=en-us&lo=0&nv=0&rnd=1927468959&si=a14c2100c10f26c37f3ddd0d832e2ce5&st=4&su=http://www.baidu.com/s?wd=%E4%B8%AB%E7%90%B4%E7%90%B4%E5%B0%8F%E8%AF%B4&v=1.1.26&lv=1
hxxp://hm.e.shifen.com/hm.gif?cc=0&ck=1&cl=24-bit&ds=1920x1080&et=0&fl=11.6&ja=1&ln=en-us&lo=0&lt=1461630894&nv=0&rnd=862003627&si=a14c2100c10f26c37f3ddd0d832e2ce5&st=4&su=http://xs.qinqinge.cn/&v=1.1.26&lv=2&tt=最新章节列表 - 唐峻 - 亲亲阁||最热门的免费小说网 - Power by PTcms
hxxp://dt.tongji.linezing.com/tongji.do?unit_id=2994045&uv_id=31137119243503273084&uv_new=0&cna=&cg=&mid=&mmland=&ade=&adtm=&sttm=&cpa=&ss_id=1677005717&ss_no=1&ec=1&ref=http://xs.qinqinge.cn/&url=http://xs.qinqinge.cn/dir-4b3wz4J28KrjQg.html&title=%u6700%u65B0%u7AE0%u8282%u5217%u8868 - %u5510%u5CFB - %u4EB2%u4EB2%u9601||%u6700%u70ED%u95E8%u7684%u514D%u8D39%u5C0F%u8BF4%u7F51 - Power by PTcms&charset=utf-8&domain=qinqinge.cn&hashval=1115&filtered=0&app=Microsoft Internet Explorer&agent=Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)&color=24-bit&screen=1920x1080&lg=en-us&je=1&fv=10.0&st=1461628800&vc=928a5346&ut=0&url_id=0&cnu=0.8921676382816897 42.156.167.82
hxxp://set56.7pud.com/mediacode.php?id=239191&w=270&h=200&a=89971&b=18309&p=10229&s=89971&ui=139869&u=qinqinge&dsp=&gu=http%3A//www.7892819.cn/&k=1&vf=&bf=ete_zhuan/ete_zhuan_1452235113.swf&tp=http://xs.qinqinge.cn/dir-4b3wz4J28KrjQg.html&re=http://xs.qinqinge.cn/&fsh=1&cok=1&acq=0&screen=1920_1080 115.236.59.78
hxxp://j3.s2.dpfile.com/lib/1.0/mvp/tpl.min.681c5b24a9a215968286adb35ea9a1b4.js 183.134.29.18
hxxp://m.baidu.com/ssid=18634461696c7931323361224b/from=0/bd_page_type=1/uid=0/pu=sz@1321_590,ta@utouch____/baiduid=B57E3D290242DA5E0C5C27431C7FCE4C/w=0_10_?????????/t=wap/l=0/tc?ref=www_utouch&lid=9086315316213581974&order=2&vit=osres&tj=zhidao_2_0_10_l2&fr=ala&waplogo=1&sec=11808&di=b1de644fee51031d&bdenc=1&nsrc=IlPT2AEptyoA_yixCFOxXnANedT62v3IDBqMMS6LLDivpEmixP4kHREsRC0aNWiCGkb8gTCcsBwHxn_f_m1i8R20rahksWse9m36s_GodhLsStY1f0U-2t3HGnQvzfrqyKpOg2Z9ReAoB7-cf_37stg1rsXZaeMs8saC67S6rPzvVY4yYWmZnFrlZEkJDyD0
hxxp://wap.baidu.com/ 61.135.186.218
hxxp://u349036.o553.com/fshow.php?id=239187 122.225.96.73
hxxp://m.baidu.com/tc?l=1&ct=23&cst=6&src=http://m.baidu.com
hxxp://libs.pixfs.net/json2/json2.min.js 2.19.118.59
hxxp://www.dpfile.com/x_x/version.min.v1461230441209.js 220.195.19.19
hxxp://cltres.liuliangbao.cn/clt/config/bts.dat.zip 61.153.110.5
hxxp://m.baidu.com/error.jsp?traceid=146163088307666706028773033053047951567
hxxp://j3.s2.dpfile.com/s/j/app/main/placeholder.min.8b8f8f355aeac43833c8c3ce9c141175.js 183.134.29.18
hxxp://libs.pixfs.net/spin.js/spin.min.js 2.19.118.59
hxxp://cltres.liuliangbao.cn/clt/config/bts_tmh.dat.zip 61.153.110.5
hxxp://m.baidu.com/ssid=18634461696c7931323361224b/pu=sz@1321_590/s?word=?????????&sa=ib&ts=0449567&rsv_pq=12456816693376695998&rsv_t=28536gUhuSWmle3xxXpDhCo126b%2BV2%2BkvDYIUFuB3V118CYdMYbluZ
hxxp://sybil1990.pixnet.net/blog/post/210038335-【推薦】依然優雅,依然心閑│依蘭雅閑幸福 103.23.108.220
hxxp://cltres.liuliangbao.cn/clt/config/cfg_6.5.ini?t=1460363816&checksum=&cid=2899DC5428A441E9A68355A1AEF4DD32 61.153.110.5
hxxp://j1.s2.dpfile.com/combos/~lib~1.0~io~ajax.min.js,~lib~1.0~io~jsonp.min.js,~lib~1.0~io~swiff.min.js/9161a9e2ca34898fc4cb45a141573644,08440f9945a0f99cbbcadce7d5b140bf,d684d059e36669bf219edb136c5b4221.js 183.134.29.18
hxxp://s9.qhimg.com/static/8a60aae81b5f422b.css 54.239.168.77
hxxp://www.dpfile.com/lib/1.0/neuron-active.min.719ede6914677bb148848d46c52bcf6f.js 220.195.19.19
hxxp://cltres.liuliangbao.cn/clt/config/bts_tm.dat.zip 61.153.110.5
hxxp://m.baidu.com/static/index/iconfont/iconfont_b2795733.eot
hxxp://hm.baidu.com/hm.js?a14c2100c10f26c37f3ddd0d832e2ce5 220.181.7.190
hxxp://s9.qhimg.com/static/253c424d7db0436b,a0c99209afc03502.css 54.239.168.77
hxxp://www.dpfile.com/s/c/app/main/channel-header/index.min.8ac31320bcfe7b481dd8d413db31eaf3.css 220.195.19.19
hxxp://ajax.googleapis.com/ajax/libs/jquery/1.8.2/jquery.min.js 216.58.214.234
hxxp://j3.s2.dpfile.com/combos/~lib~1.0~event~live.min.js,~lib~1.0~event~multi.min.js/649a5074e678c2ca97609ade4c68ad5f,7820a44330e04c9718005bfa97e80bc8.js 183.134.29.18
hxxp://hm.baidu.com/hm.gif?cc=0&ck=1&cl=24-bit&ds=1920x1080&et=0&fl=11.6&ja=1&ln=en-us&lo=0&lt=1461630894&nv=0&rnd=862003627&si=a14c2100c10f26c37f3ddd0d832e2ce5&st=4&su=http://xs.qinqinge.cn/&v=1.1.26&lv=2&tt=最新章节列表 - 唐峻 - 亲亲阁||最热门的免费小说网 - Power by PTcms 220.181.7.190
hxxp://j3.s2.dpfile.com/s/j/app/main/channel-header/site-nav.min.f7347e7700dc80bf77c1e42569fad86b.js 183.134.29.18
hxxp://hm.baidu.com/hm.gif?cc=0&ck=1&cl=24-bit&ds=1920x1080&ep=37000,37000&et=3&fl=11.6&ja=1&ln=en-us&lo=0&nv=0&rnd=1927468959&si=a14c2100c10f26c37f3ddd0d832e2ce5&st=4&su=http://www.baidu.com/s?wd=%E4%B8%AB%E7%90%B4%E7%90%B4%E5%B0%8F%E8%AF%B4&v=1.1.26&lv=1 220.181.7.190
hxxp://cltres.liuliangbao.cn/clt/config/6.5.xml?checksum=&cid=2899DC5428A441E9A68355A1AEF4DD32&rd=4579 61.153.110.5
hxxp://j1.s2.dpfile.com/s/j/app/main/channel-header/category-nav.min.acf5f565141d66370a643a075d8df1f7.js 183.134.29.18
hxxp://cltres.liuliangbao.cn/clt/config/6.5.xml?checksum=&cid=A0337FE5A71D4D83BDD5CCA8E96FAC7F&rd=29469 61.153.110.5
hxxp://cltres.liuliangbao.cn/clt/config/bl_6.5.dat?t=1460363816&checksum=&cid=2899DC5428A441E9A68355A1AEF4DD32 61.153.110.5
hxxp://hm.baidu.com/hm.gif?cc=0&ck=1&cl=24-bit&ds=1920x1080&et=0&fl=11.6&ja=1&ln=en-us&lo=0&nv=1&rnd=1006647425&si=a14c2100c10f26c37f3ddd0d832e2ce5&st=3&su=http://www.baidu.com/s?wd=%E4%B8%AB%E7%90%B4%E7%90%B4%E5%B0%8F%E8%AF%B4&v=1.1.26&lv=1&tt=亲亲阁||最热门的免费小说网 - Power by PTcms 220.181.7.190
hxxp://j3.s2.dpfile.com/lib/1.0/storage/local.min.8602861a2c191a9959f183138c097790.js 183.134.29.18
hxxp://www.dpfile.com/s/css/g.base.min.d4b78b0cc66c0fb232c3afe3c7dfb500.css 220.195.19.19
hxxp://www.dpfile.com/s/c/app/foot/about.min.8f2982ea9f56354da9982ca882653b64.css 220.195.19.19
hxxp://cltres.liuliangbao.cn/clt/config/runtask_6.5.dat?t=1460363816&checksum=&cid=2899DC5428A441E9A68355A1AEF4DD32 61.153.110.5
hxxp://m.baidu.com/?uid=B57E3D290242DA5E0C5C27431C7FCE4C&bd_page_type=1&baiduid=B57E3D290242DA5E0C5C27431C7FCE4C&tj=tc
hxxp://cltres.liuliangbao.cn/clt/config/GlobalConfig_6.5.ini?t=1460363816&checksum=&cid=2899DC5428A441E9A68355A1AEF4DD32 61.153.110.5
hxxp://libs.pixfs.net/jquery.onappear/jquery.onAppear.min.js 2.19.118.59
hxxp://55336.5ip9.com/p.php?id=239187 115.236.59.77
hxxp://cltres.liuliangbao.cn/clt/config/blhash_6.5.dat.zip 61.153.110.5
hxxp://u349036.o553.com/p.php?id=239187 122.225.96.73
hxxp://j1.s2.dpfile.com/combos/~lib~1.0~util~cookie.min.js,~lib~1.0~util~json.min.js,~lib~1.0~util~queue.min.js,~lib~1.0~util~suggest.min.js/afe6182c4f181e2d419ebec8c0026a69,e54951fd409a1f2680a457e395b90dc1,f000da58a69731e4d966b79f319a973f,95fa2a7fcd32a0420990036ef407e852.js 183.134.29.18
hxxp://js.tongji.linezing.com/2994045/tongji.js?20160426 134.159.210.120
hxxp://j3.s2.dpfile.com/lib/1.0/dom/dimension.min.f12f839642deedcc2ef8e2235f146031.js 183.134.29.18
hxxp://ajax.googleapis.com/ajax/libs/angularjs/1.2.0/angular.min.js 216.58.214.234
hxxp://j3.s2.dpfile.com/lib/1.0/suggest.min.ea3b7ce0b29712205015c66468da7d85.js 183.134.29.18
hxxp://j1.s2.dpfile.com/s/j/app/main/channel-header/header.min.8d916a7c8b91868f440fda20e528173d.js 183.134.29.18
hxxp://cltres.liuliangbao.cn/clt/config/SearchEngine_6.5.ini?t=1460363816&checksum=&cid=2899DC5428A441E9A68355A1AEF4DD32 61.153.110.5
hxxp://www.dpfile.com/s/c/app/main/channel-header/footer.min.b89d87532d5fe16706082281d2eec4cc.css 220.195.19.19
hxxp://j3.s2.dpfile.com/s/j/app/main/channel-header/event-transfer.min.7ad4b4a30a314ba357f1f317a6d378fc.js 183.134.29.18
ap5.sap1000.com 61.153.110.5
static.mediav.com 222.46.123.149
ssl.gstatic.com 173.194.113.223
s1.ssl.qhimg.com 175.6.231.63
www.google.co.jp 173.194.113.216
s.360.cn 180.97.63.237
s0.ssl.qhimg.com 101.227.5.23
p0.ssl.qhimg.com 101.227.5.23


IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

ET POLICY HTTP Request on Unusual Port Possibly Hostile
SURICATA HTTP response header invalid

Traffic

GET /data/images/flash.js HTTP/1.1
Accept: */*
Referer: hXXp://set56.7pud.com/mediacode.php?id=239191&w=270&h=200&a=89971&b=18309&p=10229&s=89971&ui=139869&u=qinqinge&dsp=&gu=http%3A//VVV.7892819.cn/&k=1&vf=&bf=ete_zhuan/ete_zhuan_1452235113.swf&tp=http://xs.qinqinge.cn/&re=http://VVV.baidu.com/s?wd=%E4%B8%AB%E7%90%B4%E7%90%B4%E5%B0%8F%E8%AF%B4&fsh=1&cok=1&acq=0&screen=1920_1080
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Trident/4.0; SV1; Foxy/1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET4.0C; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; 360SE)
Host: pic.pxstda.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.2.5
Date: Tue, 26 Apr 2016 00:38:26 GMT
Content-Type: application/x-javascript
Content-Length: 4524
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Wed, 02 Jul 2008 07:19:38 GMT
Vary: Accept-Encoding
Expires: Tue, 03 May 2016 00:38:26 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes
function writeflashhtml( arg )..{..var parm = []..var _default_version
 = "8,0,24,0";..var _default_quality = "high";..var _default_align = "
middle";..var _default_menu = "false";..for(i = 0; i < arguments.le
ngth; i   )..{..parm[i] = arguments[i].split(' ').join('').split('=').
.for (var j = parm[i].length-1; j > 1; j --){..parm[i][j-1] ="=" pa
rm[i].pop();..}..switch (parm[i][0])..{..case '_version' : var _versio
n = parm[i][1] ; break ; ..case '_swf' : var _swf = parm[i][1] ; break
 ; ..case '_base' : var _base = parm[i][1] ; break ; ..case '_quality'
 : var _quality = parm[i][1] ; break ; ..case '_loop' : var _loop = pa
rm[i][1] ; break ; ..case '_bgcolor' : var _bgcolor = parm[i][1] ; bre
ak ; ..case '_wmode' : var _wmode = parm[i][1] ; break ; ..case '_play
' : var _play = parm[i][1] ; break ; ..case '_menu' : var _menu = parm
[i][1] ; break ; ..case '_scale' : var _scale = parm[i][1] ; break ; .
.case '_salign' : var _salign = parm[i][1] ; break ; ..case '_height' 
: var _height = parm[i][1] ; break ; ..case '_width' : var _width = pa
rm[i][1] ; break ; ..case '_hspace' : var _hspace = parm[i][1] ; break
 ; ..case '_vspace' : var _vspace = parm[i][1] ; break ; ..case '_alig
n' : var _align = parm[i][1] ; break ; ..case '_class' : var _class = 
parm[i][1] ; break ; ..case '_id' : var _id = parm[i][1] ; break ; ..c
ase '_name' : var _name = parm[i][1] ; break ; ..case '_style' : var _
style = parm[i][1] ; break ; ..case '_declare' : var _declare = parm[i
][1] ; break ; ..case '_flashvars' : var _flashvars = parm[i][1] ;
<<< skipped >>>


GET /hm.gif?cc=0&ck=1&cl=24-bit&ds=1920x1080&ep=37000,37000&et=3&fl=11.6&ja=1&ln=en-us&lo=0&nv=0&rnd=1927468959&si=a14c2100c10f26c37f3ddd0d832e2ce5&st=4&su=http://VVV.baidu.com/s?wd=%E4%B8%AB%E7%90%B4%E7%90%B4%E5%B0%8F%E8%AF%B4&v=1.1.26&lv=1 HTTP/1.1
Accept: */*
Referer: hXXp://xs.qinqinge.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Trident/4.0; SV1; Foxy/1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET4.0C; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; 360SE)
Host: hm.baidu.com
Connection: Keep-Alive
Cookie: HMACCOUNT=62269F14AB68F75F


HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Tue, 26 Apr 2016 00:35:17 GMT
Pragma: no-cache
Server: apache
X-Content-Type-Options: nosniff
GIF89a.............!.......,...........L..;HTTP/1.1 200 OK..Cache-Cont
rol: private, max-age=0, no-cache..Content-Length: 43..Content-Type: i
mage/gif..Date: Tue, 26 Apr 2016 00:35:17 GMT..Pragma: no-cache..Serve
r: apache..X-Content-Type-Options: nosniff..GIF89a.............!......
.,...........L..;..



GET /fshow.php?id=239187 HTTP/1.1
Accept: */*
Referer: hXXp://xs.qinqinge.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Trident/4.0; SV1; Foxy/1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET4.0C; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; 360SE)
Host: u349036.o553.com
Connection: Keep-Alive


HTTP/1.1 302 Moved Temporarily
Server: nginx/1.0.11
Date: Tue, 26 Apr 2016 00:34:45 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.8
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Cache-Control: no-cache, must-revalidate
Location: hXXp://u349036.o553.com/p.php?id=239187
0......


GET /p.php?id=239187 HTTP/1.1


Accept: */*
Referer: hXXp://xs.qinqinge.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Trident/4.0; SV1; Foxy/1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET4.0C; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; 360SE)
Host: u349036.o553.com
Connection: Keep-Alive


HTTP/1.1 302 Moved Temporarily
Server: nginx/1.0.11
Date: Tue, 26 Apr 2016 00:34:45 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.8
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Cache-Control: no-cache, must-revalidate
Location: hXXp://55336.5ip9.com/p.php?id=239187
0..HTTP/1.1 302 Moved Temporarily..Server: nginx/1.0.11..Date: Tue, 26
 Apr 2016 00:34:45 GMT..Content-Type: text/html..Transfer-Encoding: ch
unked..Connection: keep-alive..X-Powered-By: PHP/5.3.8..P3P: CP="CURa 
ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DS
P COR"..Cache-Control: no-cache, must-revalidate..Location: hXXp://553
36.5ip9.com/p.php?id=239187..0......


GET /fshow.php?id=239187 HTTP/1.1


Accept: */*
Referer: hXXp://xs.qinqinge.cn/dir-4b3wz4J28KrjQg.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Trident/4.0; SV1; Foxy/1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET4.0C; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; 360SE)
Host: u349036.o553.com
Connection: Keep-Alive


HTTP/1.1 302 Moved Temporarily
Server: nginx/1.0.11
Date: Tue, 26 Apr 2016 00:35:20 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.8
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Cache-Control: no-cache, must-revalidate
Location: hXXp://u349036.o553.com/p.php?id=239187
0......


GET /p.php?id=239187 HTTP/1.1


Accept: */*
Referer: hXXp://xs.qinqinge.cn/dir-4b3wz4J28KrjQg.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Trident/4.0; SV1; Foxy/1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET4.0C; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; 360SE)
Host: u349036.o553.com
Connection: Keep-Alive


HTTP/1.1 302 Moved Temporarily
Server: nginx/1.0.11
Date: Tue, 26 Apr 2016 00:35:21 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.8
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Cache-Control: no-cache, must-revalidate
Location: hXXp://55336.5ip9.com/p.php?id=239187
0..HTTP/1.1 302 Moved Temporarily..Server: nginx/1.0.11..Date: Tue, 26
 Apr 2016 00:35:21 GMT..Content-Type: text/html..Transfer-Encoding: ch
unked..Connection: keep-alive..X-Powered-By: PHP/5.3.8..P3P: CP="CURa 
ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DS
P COR"..Cache-Control: no-cache, must-revalidate..Location: hXXp://553
36.5ip9.com/p.php?id=239187..0..



GET /clt/config/bts.dat.zip HTTP/1.1
Cache-Control: no-cache
User-Agent: RemoteUpdater : 6.5.63.5
Host: cltres.liuliangbao.cn
Connection: Close


HTTP/1.1 200 OK
Server: nginx
Date: Tue, 26 Apr 2016 00:34:30 GMT
Content-Type: application/zip
Content-Length: 56109
Last-Modified: Mon, 04 Jan 2016 05:06:39 GMT
Connection: close
ETag: "5689fddf-db2d"
Accept-Ranges: bytes
............i.-7.u9%......0.........'...)....lBz..s.I.m{.......?......
....B{O{.....y...[..Zhc...USz.y...Y.......q..7...U[8)....%.zg...5O|.*.
...j7....=.....:C*).g...{..[.7.Tn.wF........kN..|...}.[b.....=..F.....
.;...]y........o.g.rO...<z.3...?;.....X....z[.HJ5M.9...'.....[..F..
E{r.O.%>o.!s.5^.p.]...sN^c......\%.....<..0#.i<...[Z);.....{.
...V.......}..s......-!<..rr{R.O8{=.d.|Z.c......L|k.K..a...X.`.....
...C....s[....E.......X...n..ju...^x..C.g.O]9..(...u.f....c.'.........
.{g~....x...Wh.K.B..s..Y.......5.;...F.Zge.[X.....3/.....v.x.y._.^Vw.g
...X.....vy....p...w?i....\.....]..,....O../.;jL7.t...c..........b-{..
v`.o....c(q....!....x...3..yx....<......G..y....Oo...........U.....
...o....VLDs.k..sc.p*..?M.!^]........a.{[email protected]....../.2....V..
....r........c...%.s'.I..yjM.s...{?....ox..z...<^.)....sh}......-.$
.g.......X...G.O....7.......2s.w....;Y._......;........'.Jx..[M.....~z
......Bp..{.......7.zj> g...~.jX..j....g..;....Rl^.!.%.En.6..]..RO.
*a.c\DA.nbP.v..'.w.g.....*.....F.0.......0p..)...o...l..l.........?...
..>_.....l....$^...w....-i...N...qbd...*.[<W... X........q...h.e
....D$..Q..Nw......N.|.._.8....._.0...''>.........V...M.i$...<..
F..K.d..`.'..V...Ke....3..x.5.._g#.Y......o.8.....X.>O.e....&....R.
.9..YI......}....ZK.cB:....9.....M'..#..x......P&.(.....Fe.;.~J(/.....
|.x......*..G.*.........L].O.[Y|9O..mE..0.g.Q.\.E ..q.........1fPt._|.
..;.c....<......./[email protected]^u.....Tc..c..p...U|.....6*......p...
p.z..."....OLm.O..............bZ....b".T.cX..7g.....Z....O.....j..
<<< skipped >>>


POST /as/c/f8/ HTTP/1.1
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
User-Agent: llb/1.1.63.781
Host: ap3.liuliangbao.cn
Content-Length: 156
Connection: Keep-Alive
Cache-Control: no-cache

d=bc4a8b541eea10c845ca2d81f5b63f42575fa17de870821b404f38a643071edc699a810d34dcdb8086253922706f4d0b6f340fb5500d567370e9846377a54945819dd498df16945294882d80a4
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 26 Apr 2016 00:34:22 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
52.................1.....#.......K.]...3j.e.,.......;.#Z.....E... [...
gH..=...QW>MP.....0......


POST /as/c/f8/ HTTP/1.1


Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
User-Agent: llb/1.1.63.781
Host: ap3.liuliangbao.cn
Content-Length: 156
Connection: Keep-Alive
Cache-Control: no-cache

d=dc6b5bf5579d0451c26fdb216bbaa41fd6e1f0c6e8a7841b13cd46e78cf35407b96c0da364e0d76dac62fcaaf66913dd6fe9b71104130f81e5d37516fb461ca941e0ee7636d32777ea1285531c
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 26 Apr 2016 00:34:22 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
52.................!...J..i.g....?...=w.v..D:....c.J.........F....D...
.G..8..~.@U[P.....0......


GET /redirect/CFGUpdate?number=6.5&checksum=&cid=A0337FE5A71D4D83BDD5CCA8E96FAC7F&rd=29469 HTTP/1.1


Accept-Encoding: gzip, deflate
User-Agent: llb/1.1.63.781
Host: ap3.liuliangbao.cn
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Tue, 26 Apr 2016 00:34:23 GMT
Content-Length: 0
Connection: keep-alive
Location: hXXp://cltres.liuliangbao.cn/clt/config/6.5.xml?checksum=&cid=A0337FE5A71D4D83BDD5CCA8E96FAC7F&rd=29469
....


POST /as/c/f8/ HTTP/1.1


Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
User-Agent: llb/1.1.63.781
Host: ap3.liuliangbao.cn
Content-Length: 1036
Connection: Keep-Alive
Cache-Control: no-cache

d=7689522b82796518c1a09d9e5c97eae9cdf44d9cb945163c8676b78089ccc17385635a1a0626a1455e5d4aa762b8eec0daa6431839f2e59b4a06a8bb2633a18c5cefa81af975a2cf772fe09dec6f32b672131264bfb193a9bffd4e87b3aa933cafe162596ce641fbf9da3c0beef22b390239cb509495792f7ba613d19872a393baebe13e5f1c5a1c51768a5f3fa923f0c9e316c7932bef0e5cc76f1cfe6207156d45481469ed0f9c0259c5968ef8fa668e9bd9aff798619cb5a2322685e4349fc5d98e1dc139736ada336c1fe968d9ea765ee2b1b8e98f1bd7900de5df8732f8821b7c766c56b465e4fc1bb6b6d856f9cbb9cf7eb6fbdbf6730d047188e9fc4dbf46ce9c514d62bd69f334dca09fd8acf945e9bee706676750e090e708cc7420ed8259cf817378a3b5cf9f98bd1066d7bccf11dfe9c2e3965ec6b4b8e52ccc6b8d098ecb554f85534720f4347e693fa5bbe916208889467b554ea9adf20a82975d45b88c360da0c4a70740093d5a6cb68d098ecb554f8553978b37cdf23b010ea69cd46f856b7948c2c5645c0a996aa93b365831382d0f59e5e13e846a46a727b88a9e679805db96ee078dc4c7fb173907166b4cd30590502349bacc89fbb3f58ea9bf9fbfd170a9b0a11a5d408e5ef81ad2e1376c86384401bbae7b0002b89ea9ec212c9d279a2e138fd36af90f9892f6251df7c13bf14eef69528ffacd3c5fc04d3af343
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 26 Apr 2016 00:34:23 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
51................. .....y..L...c..l...w|.b..f>...}...1/...P.Y0*vJZ
..#S..*.....-RP.....0......


GET /clt/jobid/adb0e35099b6dd9eb6e46a02122b8802a32be0ae01e70c1807b733e60b4e6e04ed73f9891bde58097fdfdd3c679c507fac58dc2d4f295190bb5172bb744225100eef4d02898aa62d06452c32ce020756aa5b3a565cf1579ad4843d2463746a HTTP/1.1


Accept-Encoding: gzip, deflate
User-Agent: llb/1.1.63.781
Host: ap3.liuliangbao.cn
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Server: nginx
Date: Tue, 26 Apr 2016 00:34:24 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
62.................0..@K\xR.t.2.A.K.....W..]Q.....J-.H...d...m.<...
g..Z....D.w..q.y....t.o......Q.p.....0......


POST /as/c/f8/ HTTP/1.1


Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
User-Agent: llb/1.1.63.781
Host: ap3.liuliangbao.cn
Content-Length: 1036
Connection: Keep-Alive
Cache-Control: no-cache

d=e195bedaddf8cc084802839f35e56022a32be0ae01e70c1807b733e60b4e6e0416b6eeeecb63f3320e695394561cd8c24cd325017b64899f0233c62bee8a857a85251b7889026f80b20cde7e5ddbbc5fb0f7dd0882a98ee12e9865fc13c56eb0d3ac8b2592b765aab34c26590073da606c246ed2cd1a311ece0f8377c37738c4df4a86575dda0d6d74d90ff26daa1f8a85a96641ea6b2d77978bb37d7a3a132d3f9b1c2546b118db1697ea84eda362f2e578080f68ba0c284ad5a18f4e8e0af92853a8407ed26b59f10f5e030fd28ea3baeb4453b5d63c6f5bb0a9f5c3b8ec7300dc11179a55697b9ec2106a494e2ee4042fc14aac203049c2a99cfcae94aa2ebb6955e9da16e9f083788fda79faac822665b159e4bd6368453e80e3bf41b3fb99309eb0304fd0d481de55adea7432c7f55eb6ef2b3c2a6603bee713cac88146cc48068af9ad6821bebce13445caa99bee8057707b3e0c52ece4037b7c010859cef80ee9f3a26de94ff2100993ab7379cc48068af9ad6821ec768667e159331a2ac14efc15da12499ba9c8191a2334468b5c9be82899ec831e05d9657c44abfdeb65ba9843decdecb8cbfffecfbce74e97dd2c866b43f43c44d784109bebee1fc450e89cd6950562b191ce951b11a9ae8715d229f5fb7f2f4f8d3c19c85de7a75ff87dfd3ef5bbb71bce1961967fd5d3691cbe53399b88699883085f4c84d4702aadbd7bb5
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 26 Apr 2016 00:34:24 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
53.................!........L,c5...w..9....D$.1.w9.v'..D.7...iN<)/.
....>y.B2"....m.P.....0......


POST /as/2/h5/ HTTP/1.1


Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
User-Agent: llb/1.1.63.781
Host: ap3.liuliangbao.cn
Content-Length: 206
Connection: Keep-Alive
Cache-Control: no-cache

d=9a987eafdbf77f56d3004f156e7fd68bbb383b09a19b495b856c1b1552c960d6d515bec24c8668fe22efc782255104966b2a52da180fdc56d062533c1d11be2ece3467579a1927f2c70e647fbe282310b759409a2166444371f9a34f4bdfecdbc731643113c8
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 26 Apr 2016 00:34:24 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
52.................!...J.....1...?.....v..L..IZ?..Z..UH.b&...J.Y..`u.]
..6.....|)C.P.....0......


POST /as/c/f11/ HTTP/1.1


Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
User-Agent: llb/1.1.63.781
Host: ap3.liuliangbao.cn
Content-Length: 152
Connection: Keep-Alive
Cache-Control: no-cache

d=a18ce79bf87b185dd899be07fb0b195b74a5d6007884309fb8861a8adf9367fd29ad6d787c026d335356b20d3e78df8ebc23a1f77e691bd5369286cc8f6529f11da2f1479e228ef168fa21
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 26 Apr 2016 00:34:25 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
57.................!...J.. .......p.../n.... ....vB..&...R.=uA....*2..
..$.F.2.z.],...I|Z.....0..HTTP/1.1 200 OK..Server: nginx..Date: Tue, 2
6 Apr 2016 00:34:25 GMT..Content-Type: text/html;charset=UTF-8..Transf
er-Encoding: chunked..Connection: keep-alive..Content-Encoding: gzip..
57.................!...J.. .......p.../n.... ....vB..&...R.=uA....*2..
..$.F.2.z.],...I|Z.....0......


GET /redirect/CFGUpdate?number=6.5&checksum=&cid=2899DC5428A441E9A68355A1AEF4DD32&rd=4579 HTTP/1.1


Accept-Encoding: gzip, deflate
User-Agent: llb/1.1.63.781
Host: ap3.liuliangbao.cn
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Tue, 26 Apr 2016 00:34:38 GMT
Content-Length: 0
Connection: keep-alive
Location: hXXp://cltres.liuliangbao.cn/clt/config/6.5.xml?checksum=&cid=2899DC5428A441E9A68355A1AEF4DD32&rd=4579
HTTP/1.1 302 Moved Temporarily..Server: nginx..Date: Tue, 26 Apr 2016 
00:34:38 GMT..Content-Length: 0..Connection: keep-alive..Location: htt
p://cltres.liuliangbao.cn/clt/config/6.5.xml?checksum=&cid=2899DC5428A
441E9A68355A1AEF4DD32&rd=4579..



POST /as/2/h1/ HTTP/1.1
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
User-Agent: llb/1.1.63.781
Host: ap3.liuliangbao.cn
Content-Length: 202
Connection: Keep-Alive
Cache-Control: no-cache

d=3f17fad1cd96d0bacc34b614ee39a4edbbadfc2c9a5db872b6b9f0319cf0d9f3ef44b771b1f9e7ef9cd1d4e940a749d136fe4c17fb9c739809bc341599165e412c829571efe87c6fddb7100bc456bb514d861772228b45863c3d345b3c89a563ae1533a8
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 26 Apr 2016 00:34:22 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
[email protected][email protected]....|..."...*..zx)s}U'VdUZCXa6....
?.E.m. k.[.....Y...K\0..b...!=>.... .\.l.WQ...?...G......0..
....


POST /as/c/f8/ HTTP/1.1


Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
User-Agent: llb/1.1.63.781
Host: ap3.liuliangbao.cn
Content-Length: 156
Connection: Keep-Alive
Cache-Control: no-cache

d=0b72678094e0f6b1d7c0d5183fef3aaeecd13345829c5a75dc772e657365faf435437439b7b4be0665cee261815053b7d25e42fec41aab78211ba7d86dc0bc25d10ce8bfcb18736c4532c4ab3c
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 26 Apr 2016 00:34:22 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
52.................!...J|}P..c...#...}r..h.h..O{.....Ac.....u.........
2gP....?...wP.....0......


POST /ts/f2.2/ HTTP/1.1


Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
User-Agent: llb/1.1.63.781
Host: ap3.liuliangbao.cn
Content-Length: 204
Connection: Keep-Alive
Cache-Control: no-cache

d=aafe2e0638b1941fc4923075b96ab0ead3d22158988c3c4700235e720471e37409ec48f9e974d479e7ad1de9add7c8711bf94ca469383eed54e9396d9146dd58ea606a0d5abba0ceb6dadee430f1fa156cb93261aba2532bfff20658c48ec2ffff483b4edc
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 26 Apr 2016 00:34:23 GMT
Content-Type: application/octet-stream
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
100a............t.eT........)!.H...t.)..t..C.....=..2....r.!H...Q.|?..
s.....~.9.y.....U..Pw`...zP:..;.|...|.....Tn...u.5.%....K..j.8.px...n.
F...o.=../2I..zU...$.H~.J.N.(._'...X........%...SK..~k...<]-...K..j
1..N........3.4H'&..cVj.r.O.... v..q .yp..I.sZ.N.R1.c..=..wFY..S.. D.#
,. .:.......5..{......3L.6..J[..v...{........C.vg...\...-....6.....7..
....Ch.L..M.0}._.G.....'.....$.Q].t.|l. ....{....l|l.'%!.LL.2..]'y.a..
MXs|T....o.\.......4.D..m.L...E......A.?....r.n...'R..WW.kA8....fn!|..
Jyt.I....i..._......|B..C{... .Wa.Y.GC...%|=...&.X..U6...&Z.>33...s
[email protected]...$.._I...QRa........F..L.s.b.E.1%.i...F../>.G.[^... ;.%...3.
....<.'f.p}........fra.X.....1..eM..Cq... 9..k..Pt.........>_.X.
..!p....on=]...Bd.p..U........ ......} ...ko.S.R...=M8=...9.P.....ib\-
.w...R../G.X*...C........j.. u...t.Q.[(F...Y.h<c.or4..|.P.......N.w
Z......f1..sv....g....O...#.ex6m..of...M...)...`.... ..].....S.v. .I..
..:T..%..c...0;!e....k..J.&-H..C..s.3.}....T...U.dj_.wz..-.e..j.......
[[email protected])Y..(...Q...iw...VA.,.*.....Q.I2.6r.....q<.^.,.....mG5... &
..P....8.G...>61..X....lr7X.O.9.Z.Q.1..h..C....DW....S...g#.V.2..;.
.Pwzn.......T,d.GX5r....*_.x....<...|]..MOR;1.`.,.e.........$...#..
>...@$.9..Q...../...e......>.4..8-..~d..&.h..b. s......75Io.`...
o....4.N.eHe.Io.*..7.0%....|..Z... ;....r...p...R.....y.e.Y..2W0...)V.
uom..$}GU....,h7..8o...&.|.xY.V.4............9&.......Q.....%.."O.p.t[
....E...J...$.u".z6.J....myG.5YQ2.7.....).d.oW.......]^...7z.d.2y.....
i.k]....^..f.66_..Yk........2%zxZ.9u.4.8 ...zb..k..NM.R.. ..T.@>
<<< skipped >>>

POST /as/2/h1/ HTTP/1.1


Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
User-Agent: llb/1.1.63.781
Host: ap3.liuliangbao.cn
Content-Length: 202
Connection: Keep-Alive
Cache-Control: no-cache

d=0395e9dd5195a03d0215512e8925c57c62027c68eb9829b1d9f89001399394188651179e2e098e5e94951ba346303b628d058731708c3e72a1d6bb160b566b3af9e412f7f42c37e274513f90aacb7bcbcbc6ed7b1ba2f50492a50263b69757c16cc78d6f
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 26 Apr 2016 00:34:23 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
[email protected].......?......{...Q.\.D.Z..0.F..JM...)p.
G..6....<.......YY...F.....\QI...Nu..Z]FC.Cq.....v/........0..t>....


POST /as/2/h3/ HTTP/1.1


Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
User-Agent: llb/1.1.63.781
Host: ap3.liuliangbao.cn
Content-Length: 152
Connection: Keep-Alive
Cache-Control: no-cache

d=a18ce79bf87b185dd899be07fb0b195ba32be0ae01e70c1807b733e60b4e6e040f2e07cd881c6cbb44253980b29f17b9d470b6356399cb7c8a4437cfb279aa6330c4d95dbfa56e44ab66a8
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 26 Apr 2016 00:34:24 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
5d.................!.....D$......?.........RkWC_R.ry..lcbz""-.^...,0.S
,....A...^..>a..=..X...b.....0......


POST /as/c/f8/ HTTP/1.1


Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
User-Agent: llb/1.1.63.781
Host: ap3.liuliangbao.cn
Content-Length: 156
Connection: Keep-Alive
Cache-Control: no-cache

d=587a6b5ee900634287899574413e428cbb383b09a19b495b856c1b1552c960d603ddc5efe89fc9a4c70e647fbe282310b759409a2166444371f9a34f4bdfecdbfaaf5c2c411a4b0805575bfb40
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 26 Apr 2016 00:34:24 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
54.................!....8....2.@.?..~6.s.i,...z......yU..?V...v`.Ha,eE
.'.VK!7.....N(P.....0......


GET /redirect/CFGUpdate?number=6.5&checksum=&cid=2899DC5428A441E9A68355A1AEF4DD32&rd=4579 HTTP/1.1


Accept-Encoding: gzip, deflate
User-Agent: llb/1.1.63.781
Host: ap3.liuliangbao.cn
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Tue, 26 Apr 2016 00:34:24 GMT
Content-Length: 0
Connection: keep-alive
Location: hXXp://cltres.liuliangbao.cn/clt/config/6.5.xml?checksum=&cid=2899DC5428A441E9A68355A1AEF4DD32&rd=4579
....


POST /as/c/f8/ HTTP/1.1


Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
User-Agent: llb/1.1.63.781
Host: ap3.liuliangbao.cn
Content-Length: 1036
Connection: Keep-Alive
Cache-Control: no-cache

d=e195bedaddf8cc084802839f35e560228c9249ea9ed703878245616418e4556caaef51cd55dbc86cd81e14232f33db3db4996df491c7934ff3234f5c75e93dfdc8a8870cf720ec5acf4d38ed7a5d34630e725da17471418aaa76f0da4b3b78d78798b6cc86900f20ef1ea91c399ad0c49bee65338112a0a22523d02d3101e3684859f0e38542fb638d5286a43a7aedaae7d685ff594a969c6718d0c5859b63c9ea503f59fbf6f8c83d05f6ff3aa0785d0df112e8a1d1d0104d1c56d15264291854fdad0b55f6cc5e4e6888d94e41e91f60f24b800747fe82464a53ddc84e32e3befe0b1fcdf3137d380e238a29163dcefa5110b0a5f140dd04b4cafadea7592254f44af890c0d3700592213bf4387a059513f0710ef3905c843478c7275d860597b2115eebd2230c6f6874ae60721f65e1bfb0a886a3cbe311d4645108fe91245cefd0fa56ebac840ea29a05cb4e743a6490196eaa338bd6a558c5b83b15ce6cb43524062c40e02ba197d6c597cf65e05cefd0fa56ebac8424df12816e6e72123953cc5a7b61ef18c60614f96f3d51c8249f9e0af05a331e8e3bd4059583c8e347015ba5d4a8ef695badcd62456bbeed470625ce6ebf89a5d779f4a9ddb206c5aeae9eba8196ef8e61564360b713ce7ef2c4b516545a653ef925c0c4406646e367713e54ab1c01c78a6bd3dba35d6f180d8423b2bfdeb020e7f8c01656e18292d52f0b4a0e
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 26 Apr 2016 00:34:25 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
51.................0..0K........_......b.j....#.H.9S..r& .;[.qv...].Qx
....>..6..fP.....0..HTTP/1.1 200 OK..Server: nginx..Date: Tue, 26 A
pr 2016 00:34:25 GMT..Content-Type: text/html;charset=UTF-8..Transfer-
Encoding: chunked..Connection: keep-alive..Content-Encoding: gzip..51.
................0..0K........_......b.j....#.H.9S..r& .;[.qv...].Qx...
.>..6..fP.....0..



GET /s/j/app/main/channel-header/header.min.8d916a7c8b91868f440fda20e528173d.js HTTP/1.1
Accept: */*
Referer: hXXp://VVV.dianping.com/contactus
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; AskTB5.6)
Host: j1.s2.dpfile.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Expires: Sat, 18 Apr 2026 09:57:41 GMT
Date: Wed, 20 Apr 2016 09:57:41 GMT
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Fri, 01 Apr 2016 06:36:27 GMT
Transfer-Encoding: chunked
Cache-Control: max-age=315360000
Content-Encoding: gzip
Age: 1
X-Via: 1.1 taizhoudianxin12:6 (Cdn Cache Server V2.0)
Connection: keep-alive
1326.............Z.n.G.....j...*^%Y...._2.A.d.g.0\...H..d..M..E 3.l..l
..$.l...z2cd=.`..&...r......&)R.d.Y`..b...t..S.|.Ru... [^O.......ue/..
..,..P.e........z.........)\.....v...{b.4^P....i...KE...A..1....s./..]
.c.`..=j....OR...1..S.3NL~..R......8..!.......f....R-.. .....W.%h.../.
"...;..z.`.....I1.........^.E........8.%3kA!..`_&.?.\j%...[.Z.H.F..6."
.e.g|.`../[qU.....>...j.:.kw.......}ki....N.2aR.1.][email protected]
..b...!V.{...l.0.^...:"Z.~s.0k......h.6...I.:.|4h......l..}/.l..3U..\W
...*......m..0G$.S........`....k.u.....ieu.T{[email protected].....^dX$=..Q...C..]h
..U%6:}.$.......T...S.3.....&...a.Oo.6.=.....'.mKp[..c.a.d.B.(..^...;.
.Ybu...........f.g.....A.}wh.g...h8.a...O.r."z...9Kq.......I.:.P.S..EO
.m,E..'.Uz."..%..~..H.J......\..Jk.[.*.SoM...}.....da....A..2:J...O...
..PF~h9...!......ix.z....2U....`...t.G.1..._`EAlq7.z........X...a.K.\d
..#..i.I...(5....4......../_..}Xw/.{.m..../.i.r..&...z)Z=..'.m.M..TD..
...........V..bY-.. o<.2......V6.j...3.jk..b...Fu.._......W>....
.j.....,....?...{..k......5....j..7.?......M[[h......<~.......V6...
...._..u...o.q.tz.o.....m|Z.H.......wi.2>|..._.2..F.Y_...7.z..;j..g
...........*.m.O.o.[.|..;.....7....=...4 .t.o.e........{..?j.M4be..g..
...h.h:..M..'o...OMw.F.....=..g.[o........;:r5F.-......b...).T...F.W..
/...?.....*.\........|s...M...yy.C......._[_....t.u.T...T.....q}..n...
...%.l`..L....5.....68v......U.:.^.Jp...YL.Q.g x..0..?h.... ..M..7..V.
......2./oc8pY.*.i.. ..`.3B/6.|...*._....|.Ln..bX#.....1..XXC.(*.H...E
...O....:..#@M.X}.D......Xi.$k.T..bP...Y.....2..GX...q.e..I......$
<<< skipped >>>

GET /s/j/app/main/channel-header/category-nav.min.acf5f565141d66370a643a075d8df1f7.js HTTP/1.1


Accept: */*
Referer: hXXp://VVV.dianping.com/contactus
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; AskTB5.6)
Host: j1.s2.dpfile.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Expires: Thu, 23 Apr 2026 22:26:49 GMT
Date: Mon, 25 Apr 2016 22:26:49 GMT
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Fri, 01 Apr 2016 06:36:26 GMT
Transfer-Encoding: chunked
Cache-Control: max-age=315360000
Content-Encoding: gzip
Age: 1
X-Via: 1.1 jtzhdx13:5 (Cdn Cache Server V2.0)
Connection: keep-alive
5eb.............V.n.F... d..9......D.N....A..]9B0......g...F....-...@.
.....i....|I..$(....}.{......P....x..\&".2K-j..e.......5....1...A..T..
H0.. ."5=.X.C..V...r.....40 ...NH1g.s.O.w.....F%./q..%.,6....<. .c.
..l..9.f.{!S.-....UZ.T.Akemc.O. K.. .M... H.....J...3b...E.t.....l.G..
.8._..L.Zn...T,:....NGN../X...1....C$.\....mOI1u.H...,fZ......xS'.U...
...,..0vJ...&....uw......;.......;.T.....EVdmF,.$......6d.-c..x.......
........_..5|y6Fei...........:...Z......YJN.......L...v.........4..\{Q
f..`...g.'.SZ.y`T.,[email protected]...;...R..W.`{......z#$.7...._Y./..!......
mr6m.;z.K.w....H..`6..L.r`.-..x.!..3g...f.\...1..i..|.7_....E)a.C,..M3
..*s.B..l.P....x!...C.3.z ."#.....gp.tx...L/E`.)...:........o.U......M
0...../w..i......-.=..d.D.-.{..........m.................n..G.fmT..1..
....A...hT..)[email protected]).:.;.....,k..j.KY.uJ.,."......;..q.
.......Q....&.".._.>f...@...&.[.....1....y...A..r.&`R.Edb#t-..V..l:
m..... ......,S6w...zEsjhB....j.S.Y...@6!...F...hl\C.[L.q.....q.H.....
.*..!c...Q..c..%.>....'.{W...]...?........{..V.r.........H.c.8. Dl.
...9...{L-.\p....._.......... ...V.......NL..'[email protected]...,...j.u..
d[.......M.l. B.....r."T..T..'b-:;..a.....$...{....dx.%..).. s...F.'*.
1|.O......W"S......]H.......B.....Ty..U..:uk...U.^..............H..%[.
..E.`e^N.-rJ4..Kq...w>o.*R J.....)-..at..p.......?.u....^......ntr6
..7w*......#..6.^Rt.....l.[..L....s.)..u...{.._<*D.d\|....|..:....j
x1.Y:....x....R.......gG..m6...%s.[(.....i.....zLV..-.... ..v&...E...Q
aM...^....Z...m|\..8..0...:......S...D.mb.VAqF...N.......w.C......
<<< skipped >>>

GET /combos/~lib~1.0~util~cookie.min.js,~lib~1.0~util~json.min.js,~lib~1.0~util~queue.min.js,~lib~1.0~util~suggest.min.js/afe6182c4f181e2d419ebec8c0026a69,e54951fd409a1f2680a457e395b90dc1,f000da58a69731e4d966b79f319a973f,95fa2a7fcd32a0420990036ef407e852.js HTTP/1.1


Accept: */*
Referer: hXXp://VVV.dianping.com/contactus
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; AskTB5.6)
Host: j1.s2.dpfile.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Expires: Thu, 23 Apr 2026 21:10:39 GMT
Date: Mon, 25 Apr 2016 21:10:39 GMT
Content-Type: application/x-javascript; charset=utf-8
Transfer-Encoding: chunked
Last-Modified: Tue, 17 Dec 2013 15:51:51 GMT
Content-Encoding: gzip
Cache-Control: max-age=315360000
Age: 1
X-Via: 1.1 jtzhdx14:1 (Cdn Cache Server V2.0)
Connection: keep-alive
d92.............Y[s.6.~...1...`Z..$...f.t7;.........IP.M../.T..... EYv
..3.......s....~q#.'.r.].Ip1t..u...a._'..*.....*.3'...Y...^.j...&.|)..
;....$Q..Ta](=...Re......<...V.~..MeY:...U........d"..*.i...Z.....Z
$.{..}9..RU.:_U^..[q[$Uw..9.5.........prz.H.......|..3..HN4.~D....g.}.
o...........|...H.h. .....;Y.QH..N....5=.../_.....ld.Ww..P%v..*..O.?UE
.......I...<.[6.w.F.. .>.F..j......U.E.#.mE.d.....|(....KY...9c.
.f..........Z.2T..39w.../'...7..lz1....\...d.8xt&_F.3..X..8RdA....g...
4..()Wy.1..vH...p "w..9..d..[..>...s.jkr..x-.-... .k...b...J.4{.|.E
$......&....."{G<\....!...Ev......v.8nZ O.5.J...jv......h..4.tm....
..#B..~.....m6...kz..r..f...SY......1...=.m)r.X....C..;....r U.W...g}.
..j.OXJ..~1.3....G.....J.q/.....f}......p!....7.3..-.X...n.&....|..8..
..h........".....J.".....~...J.U.......i.Or.X...}.p..y...7.i.\..H>*
o..?{c@f(K.kd.Y%.......e....I...}...V....... .<O....l.W..v...W.....
7....T.OG.?..T..!..).y?#.|.bsWE^.t.V;.\..{p......l^-Fq^8!.&.!..}...I8.
.p..o6...?...]3f....~....~.^.I.0...A.;.3.....&x............r....L.d..J
....F>....."R..i...r....}.\{=......[.B.$...d...Ho!..../E.REuo.&.J..
?w.....[-.....Dl./.#.} .....[..@..~r...... [.imY............>...../
%.._v...&R "..OyV-.b..;..[.........^z.=...j ...>!.e.y.of..q....?k.=
...q....D.D..D.........&d..2.......y.........0....... .k..........~xI.
...X..?.i.?..q.hE.M.lzGg.........A..?].T...M..i...;*=D&DnO......4.JbX0
...X.F.....V$...Y1..kbQ...|.'.1.J.&.D..W>c..M..n..4Xs......p...,4..
>......Kl........I. x.%...;..Yw...f.LZ..5./.Z..m.}Q.)...]..D&%.
<<< skipped >>>


GET /blog/post/210038335-【推薦】依然優雅,依然心閑│依蘭雅閑幸福 HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://VVV.google.com.hk/search?hl=zh-CN&q=依蘭雅閑
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; GreenBrowser)
Connection: Keep-Alive
Host: sybil1990.pixnet.net


HTTP/1.1 200 OK
Date: Tue, 26 Apr 2016 00:34:37 GMT
Set-Cookie: PIXFRONTID=pb8a4bs6sqsn8l8ju5nv0ghfm0; path=/; domain=sybil1990.pixnet.net
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: lang=en_US; expires=Mon, 25-Jul-2016 00:34:37 GMT; Max-Age=7776000; path=/; domain=.pixnet.net
Set-Cookie: lang=en_US; expires=Mon, 25-Jul-2016 00:34:37 GMT; Max-Age=7776000; path=/; domain=.pixnet.net
Set-Cookie: lang=en_US; expires=Mon, 25-Jul-2016 00:34:37 GMT; Max-Age=7776000; path=/; domain=.pixnet.net
Vary: User-Agent,Accept-Encoding
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
X-FarmId: 10.1.1.78
Content-Encoding: gzip
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html
5791...............{...0.9. ..cd.X..h..s.8....n 7..I.=#id.H.E#a...c...
. ..`.%...%....?9.h....W...jd....{...Y3.UWWUWUwW.............[7~.m.b.g
[email protected]]0.~.z.....nkI*hJYQ.R......|..r./.................|.....&.f..
.`..|......O...........jQ&...Ey..MK..y...6........%9.....#}.....{.r...
......lj.'..J:'{...U.B^[email protected]..|\.>.....2.a?...J.\..b.
...YG...*......9Y............%rjZ....7....w.J)g.h`.........,..^..L...E
U .E..C.P(.]e..[.!.........:q...\}....'..\.......8?...#...............
B.<....n...zT;...w........\..]m...m...M.[.] X2...)E$O.D...T.....K.3
7.;@...\...:{X?vX?..~.-dh.:....Rk..\xq.~........}.p.....3v.).PJ?z..m.9
...^...1q......x.z.M........a.|{s.......=~..:W.......o./....8.....W..Q
}v...a....g..=.......^...C....RT[..........A.O....N...|1.X...RYI9.u...
...{..%5/..&. ]..v(.XQ-.m%..Lyt #.P.r.<.pJ.$...hH.M....rY....R..*.|
^*..2.k...io...}..>..6..;....R.<...B..2.s.g...C*K...{......Hoy,H
sY.>...S.|..bP.w. ..#.......(..............9. #dR......l8..B.p"...C
..(....... .........iW.....Z.h.l.c?.N...o....W..[.....?j\....7g.7_....
A................/.{.Ug..la.............d.C.DZ;[email protected]
.=)Y s%9...r!#!..Q.5.i...'8.KN)l.Vr...TP...D.7....'[email protected]).)
.;..N)j$..r.3%w&2.r.3..!)._$.SNt&R..H...L.;.i...lg<D2GI.bg"...m...x
...Uhf....T. .......2...3..e'..4"{...8)...m.$.d.x.W.%B.!.D....P8.....H
$..;......V.i.-/ 4....M0,.<.K..~..$5.$#.FR ..d.2.4 Z....F..!....D,.
.Y.>...}..%..W..X,.;......[......G.pD.DW...../[email protected].(.Q~.......vH.
.P..P........J......C!>..B<..ba>.......j....P......%"..J.
<<< skipped >>>

GET /blog/post/210038335-【推薦】依然優雅,依然心閑│依蘭雅閑幸福 HTTP/1.1


Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://VVV.google.com.hk/search?hl=zh-CN&q=依蘭雅閑
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; GreenBrowser)
Cookie: PIXFRONTID=pb8a4bs6sqsn8l8ju5nv0ghfm0; lang=en_US
Connection: Keep-Alive
Host: sybil1990.pixnet.net


HTTP/1.1 200 OK
Date: Tue, 26 Apr 2016 00:34:49 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: User-Agent,Accept-Encoding
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
X-FarmId: 10.1.1.230
Content-Encoding: gzip
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html
578f.............}i{......W.........n.sY.....7.{.$...fd.H.E#a...c.... 
..`.%...%......x.|._x..{V.l...s.{..5.[uuUuUuw..?..l...n....u..../.~.a.
..........o]O.....m-I.]-.ZA......\`.\..........^.4...yx...E.9M..^.,..:
V. .'....J!.............V. *.fmzfD.K...9m..W$. .....?...q,.6\.. ......
.......T*......RV`.y.,..!.....?.N [email protected]....( ;.......T..r..[?.%.:.
%.T.<F..t)C.)..A.K....._".e..3..#C[....R.92.....T..-.;.J.......pQ..
aQ..H2...WYv..a(...s.e......~7[.......7.j....o7.O....{|..1}.....c.....
...g............3....q.3..{W.{or.7.e..Vx...Y.3%.....(R....._;u.z..|.H.
..k{_Tg........o....W'..?Cj..../....6.>..6n..n.9..u..0..J.G.A..=.~.
....?./83B}...WO.i.t...a./..oo..~:...../.Wg.._...1......3.g.|Q;...:j..
..<l\.3.......:.......t.R..C.j...S...0..;...=..9.././...i..TV..A.0.
...JOf....~."......U.-j.....*.G.ee..QB...S. 9.\HG.n..<...J./#.d'.T.
y.4.....ns..q./....P.;...T.z2K...V..}.......B...,.B".#.. ......0.eK.0.
.V.....a..)../...._..R...?.iO/..gB;.....Y........l4.."r4..f..9#J|:..gX
)(%.....u#Z..o.26..d...z....;=..s.....w...=..G..W.C..t....P.>h.=...
R.:...~.3..E}......-l.._z`..cs..3.l`H.Hkg........z.c<{.4I.{6J..J.'.
.e..d.|^).....%P#..z...C....vh%...H....H.p#..,y..u*..$...;.xgR....J.3.
...f...D;.JgJ.T..I..I1."I.J.3..L.:.lg:....gNg;...9N*.;S.......&;%.Q...
..:.I...Jf[0..h3.....=...a.....I.t%.`$%...c.B$.I..!..hD.Dc.H".........
...m......B.(.j..............&.dD...K.'.-O#...?o...TH.&"I!...F......_.
.)...y1.H..`...=...h<$..q1..c....e...6P`H.R0.|._vl.......C0.|,.....
. 5...o....P.O......D.Oz%...c..k.};.C....j.X*........;.H.`......t.
<<< skipped >>>

GET /blog/post/210038335-【推薦】依然優雅,依然心閑│依蘭雅閑幸福 HTTP/1.1


Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://VVV.google.com.hk/search?hl=zh-CN&q=依蘭雅閑
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; GreenBrowser)
Cookie: PIXFRONTID=pb8a4bs6sqsn8l8ju5nv0ghfm0; lang=en_US
Connection: Keep-Alive
Host: sybil1990.pixnet.net


HTTP/1.1 200 OK
Date: Tue, 26 Apr 2016 00:34:55 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: User-Agent,Accept-Encoding
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
X-FarmId: 10.1.1.230
Content-Encoding: gzip
Keep-Alive: timeout=5, max=96
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html
5796.............}i{......W.........nc..prxo [email protected].<zF....4.F.8...,.
.%@....K..0K....?9.h....Vu....28.....#k..........5.X......<..i..O..
_..t.:......Z......&.{y..Z...RV......7.8.h.\......z.B.ji$....h9...s...
..r.7..._q9.02..../..8.,...Z....xQ.0j...r^"....#..,e.bI.*;.|.H....#...
.,h..l..m0.Z.I.......,e...........(;.|..BY...[.4...O.....Lz...G..&....
.q n.Q,A.J.q.'.KN.....m<.....w....r....&...;o...e4.......[Tv..r/...
...........x(......-....z.V..X..8^.n.>s.....o...?...n........v_c..?
N.....w!.....j7...=.....;g.....jg....6...6o........,.YK.."....Puv.vn..
....... .._..}Q.=..;..|P...24^........o..8P?x[..`...>q.q.T...;..T(.
.=..6...eb/.?...`...U.._=.....^....0K...W...~C...l\..^~ER...7...L.r.~.
E.. }..>;W{..qy...C..s....../.c..K...).-P.NW.?.... .'...g'.......S.
E......ax@...=........p...|;.y......cJ.<:..w([email protected]$..J.cJ.,
...R)cg.J>/..]..5.m..7.....B..t....JYWf.R.UKn..u.....@@.!..R@.=.z..
z~..<...,I.....j>..1(.;E.....v...HB.A..].ie..t`.\..t..2.PHLG.h6.
MI.L8..g..LZ..T.U..\.KR.....F.. .vy|L-e4[....k.......n......M....5.\e.
..3../.Cu..~.L..Km..{W.q.....=....z..i.~.......G.P..!."..}.tZ;~.v.A...
..$M..(m. ........V.y....G.(..........%...C .._Z*...D.....f..x.S.u....
.)G;.r.......h..5..N9...;..N9......./..)':...x.S.v.....w.T.3."...B.3..
.....h.S..*43C.Dg*...T.l..Z.m...V...J^..=..Y..KU.6F.s2.<. .....J"..
CB(...b.h$.M.......n .......@QT.&.....%.X?cg..w..i#...v2Z.F......E....
...B".a..`.ZU..`.... .b,....nU.{[email protected]"F. .v....l...($`..(...nY.{
c;$.`(.H(..E..Ajl%Q.N[.......!....0.wK.H]......v(.X.D....Dl...e...
<<< skipped >>>

GET /blog/post/210038335-【推薦】依然優雅,依然心閑│依蘭雅閑幸福 HTTP/1.1


Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://VVV.google.com.hk/search?hl=zh-CN&q=依蘭雅閑
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; GreenBrowser)
Cookie: PIXFRONTID=pb8a4bs6sqsn8l8ju5nv0ghfm0; lang=en_US
Connection: Keep-Alive
Host: sybil1990.pixnet.net


HTTP/1.1 200 OK
Date: Tue, 26 Apr 2016 00:35:01 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
X-FarmId: 10.1.1.152
Content-Length: 22415
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html
.............{.G.0.9. f...'.53...9.L.s.........3.F...Q4..ay.s1.\..0...
....%./...d...S.._Uw.U#[.'g..[cd..........z....y...m....m.g../.~.q....
.......o[O.....m I.M) jA.....}.o.\....ccc.c.^.4...yp.....9U...L9...X..
..T.......[}.R..ZZ-..[y.(...i.Q9/......R^.2\.$g.].>u..cY..bo^...U\6
..6.M...RYI.d.T...[..e.....T....uj.,...m...K..._Y.U&=....RI..._l....u.
K..Ry.......)o.A.O)....]"....=....m...[).l...a.B"....]......).c..j..(.
|(..E..,;{.0........._&NT......e.......O..w..&.}}.=....9........=H.G..
.......k..q..........K..k.}..-...yx..k.KF..%...i.(T....?P;}.z.&|.H..Wj
.^Vg........o.......#?Cj..[./......=\x>.O.i.=..}..0..J...C.........
.?&..3B}...TO.m.t...a./..oo..~:....'.....W^...1..........zY;.Z.>...
..>j\.......<.......#.t.r..#.j..C....1.......6....../....|Q* )..
n...3#rOz......$.....NE. .......)..d..JZ....N)...r........R.....T..Y..
.K.qW...t.#.........".....R..Y..G..[.s].p..,..vJe...y........-..i.K...
[email protected]{Z..<..).4'.d.L*...Q>..gSR(.N...p(..
%>.u.3"...Tv.u..Q5...C..SK....z.....=....[..s..sS=.......C..L..K.P.
9..;...R.>...~....e}.......l.._z`........l`H.Hk.....N...~..?..4I.{6
I;.J.'%ke.$..|^.d$.. J.F:..|...x.)...Jn....jA....FA.Y.$...C.q.3.w.....
).;.xg".)E.$.S.w...D.S.u..;$E..$u...D.3......tg<..9....H.(.P.L.;..-
34...2....P<...c..U<...VF..u.U.....Fd.:C.'.R............D(!...A.
...G..X<..D.a..!.....#-.....P.......gs.........dD.Hj....V..fE...C.h
" .c....EX# ..V..(.............[U..`.B8..........J.......(0 ...E>..
8.[V.......J>...a..@..[I.....v([email protected],.....RW.C...... ."Q`.D$
<<< skipped >>>


GET /broker-service/api/js?error='tagName' is null or not an object&file=http://VVV.dianping.com/contactus&line=2×tamp=1461630913003 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.dianping.com/contactus
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; AskTB5.6)
Host: 114.80.165.63
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Tue, 26 Apr 2016 00:34:59 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 2
Connection: keep-alive
Keep-Alive: timeout=5
OKHTTP/1.1 200 OK..Server: nginx..Date: Tue, 26 Apr 2016 00:34:59 GMT.
.Content-Type: text/html;charset=UTF-8..Content-Length: 2..Connection:
 keep-alive..Keep-Alive: timeout=5..OK..



GET /public/script/jquery.form.js HTTP/1.1
Accept: */*
Referer: hXXp://xs.qinqinge.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Trident/4.0; SV1; Foxy/1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET4.0C; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; 360SE)
Host: xs.qinqinge.cn
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 10940
Content-Type: application/x-javascript
Content-Encoding: gzip
Last-Modified: Thu, 30 Apr 2015 07:15:43 GMT
Accept-Ranges: bytes
ETag: "80f952781583d01:18e4b"
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 26 Apr 2016 00:33:26 GMT
...........}.w.6.......SR.L.N..R..4I_so..%.n...=..I.)B% ..&...`...%'..
.=.P.`~a03.....A.>{..W....T.`o..LV.....................,;y..o.. Y..
..O..L...F...L-7....K.>......=-.j../n.bY.h^..P.j!*..Pc......h8\p..r
...............{..V.....zC.4..I3_Mp.C`G... ^.R....`...53s.^...|..7?.n.
.....................T...47r-~}=..BOo8dO_=g.c.j.K..*.R.S...}.g.p......
9.....f..j..1..`...,.#.....#....#[email protected])z4&.LH....y....
L.Z..J."Y...`..A.r.s..g/%K...`oU.."..'.FF.FV.....X.................L..
....q._.....C..2s....w..B..O..Z...<k.....c.b.`.<a.L-.be.B....y..
0u....1^...Z..^...0.y..f..b.`[email protected]@[email protected]..'...
.B..X.&.Nd.Z...s1.....1.){||...M........,....3...Xj..je. ..>....{ v
...\T..V....(..W89.7.a..j.....8.?..sq'......W..Vl.b.V/,.R.8......9....
.....BA..p.........E.Z.DF..<..#f.......O.....>.*...L>......G.
..{.....V.Zr.....z.......~...j.*1."..5...u..??.{.W6...K..............{
..w....IO..T..?g.....<.7..{'..>......9.o@..>8..M....[.....p.5
.F..i..OV..\[email protected]....:.j......<W..h...s..b.A..........f
V.........`...*..c..B..*.....I...#.........K.%......,^.6...F9.D...vL.s
_nR.=``iv.i\&V.k^.s.F..A[J.....%..Q....>0r..L....D.a........Fn..3..
.&.l!.9..^.....(.......X.......Ov.|....... ....z.... ...^.ee..k......\
...\..C...T)3G.Z.dS..]..v*......0..o....r..JJQ.....j.&.....r.D.$.j".Z.
[email protected]. ...).......`..?922j.?"9./ ..$^.l....#..
...!.``.^....PB."..q.68.!x......#6X.....y.Ro..X..i$j..{.U..#L6......%.
0...v)xe....`...rU.\.sX. .'.vP..&...........?...py..<.B..m.....
<<< skipped >>>

GET /public/ptcms/tongji.js HTTP/1.1


Accept: */*
Referer: hXXp://xs.qinqinge.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Trident/4.0; SV1; Foxy/1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET4.0C; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; 360SE)
Host: xs.qinqinge.cn
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 245
Content-Type: application/x-javascript
Content-Encoding: gzip
Last-Modified: Fri, 22 Apr 2016 14:20:52 GMT
Accept-Ranges: bytes
ETag: "0fac12ca29cd11:18e4b"
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 26 Apr 2016 00:33:28 GMT
..........|.]K.0.....C.U...._..0.vW..c...5.$#I.q.w.Md .Ux.{xx.Q.F.6...
#n-...^..#-.......d=.H...~O..6....B....|ev....I...<...[....Q.K.,d0&
lt;xH...e..R...3Sx.O......*.......RJ.........Y.p.... .../r...O5.b..,..
..i.p....}.c.<..\....w....<....g.............


GET /public/ptcms/float.js HTTP/1.1


Accept: */*
Referer: hXXp://xs.qinqinge.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Trident/4.0; SV1; Foxy/1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET4.0C; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; 360SE)
Host: xs.qinqinge.cn
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 137
Content-Type: application/x-javascript
Content-Encoding: gzip
Last-Modified: Fri, 22 Apr 2016 14:20:52 GMT
Accept-Ranges: bytes
ETag: "0fac12ca29cd11:18e4b"
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 26 Apr 2016 00:33:28 GMT
..........$....0.....w 7...%*.8..].m.5..q......>.M.....g....../..Ls
.......M54 .?-...eU].R...=.N..et.. '...#Q..,........An....~....%>..
...HTTP/1.1 200 OK..Content-Length: 137..Content-Type: application/x-j
avascript..Content-Encoding: gzip..Last-Modified: Fri, 22 Apr 2016 14:
20:52 GMT..Accept-Ranges: bytes..ETag: "0fac12ca29cd11:18e4b"..Vary: A
ccept-Encoding..Server: Microsoft-IIS/6.0..X-Powered-By: ASP.NET..Date
: Tue, 26 Apr 2016 00:33:28 GMT............$....0.....w 7...%*.8..].m.
5..q......>.M.....g....../..Ls.......M54 .?-...eU].R...=.N..et.. '.
..#Q..,........An....~....%>.........


GET /public/ptcms/window.js HTTP/1.1


Accept: */*
Referer: hXXp://xs.qinqinge.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Trident/4.0; SV1; Foxy/1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET4.0C; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; 360SE)
Host: xs.qinqinge.cn
Connection: Keep-Alive
Cookie: Hm_lvt_a14c2100c10f26c37f3ddd0d832e2ce5=1461630894; Hm_lpvt_a14c2100c10f26c37f3ddd0d832e2ce5=1461630894; lzstat_uv=31137119243503273084|2994045; lzstat_ss=1677005717_0_1461641697_2994045


HTTP/1.1 200 OK
Content-Length: 129
Content-Type: application/x-javascript
Content-Encoding: gzip
Last-Modified: Fri, 22 Apr 2016 14:20:52 GMT
Accept-Ranges: bytes
ETag: "0fac12ca29cd11:18e4b"
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 26 Apr 2016 00:33:32 GMT
..........$.... .........z.T.e.../.Ph.......z...*...[rd...>.."U..s.
...|.W.*..I....'c.......... ....F..N.7.].w.c..>..u<.......t...HT
TP/1.1 200 OK..Content-Length: 129..Content-Type: application/x-javasc
ript..Content-Encoding: gzip..Last-Modified: Fri, 22 Apr 2016 14:20:52
 GMT..Accept-Ranges: bytes..ETag: "0fac12ca29cd11:18e4b"..Vary: Accept
-Encoding..Server: Microsoft-IIS/6.0..X-Powered-By: ASP.NET..Date: Tue
, 26 Apr 2016 00:33:32 GMT............$.... .........z.T.e.../.Ph.....
..z...*...[rd...>.."U..s....|.W.*..I....'c.......... ....F..N.7.].w
.c..>..u<.......t.......


GET /dir-4b3wz4J28KrjQg.html HTTP/1.1


Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://xs.qinqinge.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Trident/4.0; SV1; Foxy/1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET4.0C; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; 360SE)
Host: xs.qinqinge.cn
Connection: Keep-Alive
Cookie: Hm_lvt_a14c2100c10f26c37f3ddd0d832e2ce5=1461630894; Hm_lpvt_a14c2100c10f26c37f3ddd0d832e2ce5=1461630894; lzstat_uv=31137119243503273084|2994045; lzstat_ss=1677005717_0_1461641697_2994045


HTTP/1.1 200 OK
Cache-Control: private
Connection: Keep-Alive
Date: Tue, 26 Apr 2016 00:34:06 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PTcms Studio (VVV.ptcms.com)
Content-Encoding: gzip
Vary: Accept-Encoding
Transfer-Encoding: chunked
a..............7c0...\{s.X.....;h.[$.m..,.v.3.B..&!..i..R.-.J..$...V..
.....!t.^.....h:8.....X..._a.......d.P..X.u........^............<..
...G..G...m:f........o.>~.U9.=.<...2..a...6.;....1....z.........
..|.......^M..V.[..y..\..x........F..SX.`.W.N....gT..R%;3.g...NQP.A..N
I......Me&U'.{?..........{[email protected]) P../......;w.2/6....L..U{.
.|.8.~9..eM:.(!..TV.......z.|........K-.%...:..=.?h..2.......l..a..!..
..N.7./.XI... s....$...pS.\4..>s.2.w./.<.{.0..@.. .b2..l.:.1J.aT
....H..T.^.h.q.....T...rl..R..^..O6L......<.f......F.........k..9..
L.F.sd,..S....#...o..C.R.F.gH.y....i..?(.............G...0;..8ZQ..(...
..D.%.l..a.........D.y..!HB?X!.L:...G>.W.y_(`.d....(  ..11..I...7y.
#.$.d.*}c55.....a......jz.b......h$D..Q.....z..F.ff......b...\d..K....
.9..o..i..t.H.4|....$..Q5...p[.>!.H..E.^.O?<....O..Pd(...q...F..
)....<...0..(J.}H....nf..u .....U..2.e...A.....h...d.,.zU;.....1 6~
'.w.d....BX*.,..v.X.G..Wg6.....\..vr}A...Z~.~z....(J.....SK..7?.mf..H.
.^[......f.@....`&.r=.~..$.......y.t..Q.....V.,[email protected]:.X......(
d.......(.D..Q6b.h......B#.f...a^R...(..O.`.6.pC.....eF.]...:..y...P,.
....uh...JF....Q..2..l8.1.zB..1B..|...&.H_c.P.}..u.........D.....UTj..
l_..~2l.!.....2...a}#...........k...(...5..".*..FSS.".D.S....0X9.2...|
..-...Z...30..nAq.....VPi..e....J.C<.QO.8.n...D..I6G.3.l...d.)..3..
z.......U... ..D..R.@-../....p.*..iQ(...(%x.X.....7U.M0.$.....9..@....
.]e.`qW..k.e..^.T.....E.12*.ci9s{. XeD f!3..<5.#.S.$.H.......p..0$.
8..[.i.;?sKo\O=....../63...O..z....J...8W.M...a...v..B...>sl.b.
<<< skipped >>>


GET /as/down/clt/config/bts.dat.zip?t=1451883999&checksum=&cid=2899DC5428A441E9A68355A1AEF4DD32 HTTP/1.1
Cache-Control: no-cache
User-Agent: RemoteUpdater : 6.5.63.5
Host: ap.liuliangbao.cn
Connection: Close


HTTP/1.1 302 Found
Server: nginx
Date: Tue, 26 Apr 2016 00:34:30 GMT
Content-Type: application/zip
Content-Length: 0
Connection: close
Location: hXXp://cltres.liuliangbao.cn/clt/config/bts.dat.zip



GET /clt/config/blhash_6.5.dat.zip HTTP/1.1
Cache-Control: no-cache
User-Agent: RemoteUpdater : 6.5.63.5
Host: cltres.liuliangbao.cn
Connection: Close


HTTP/1.1 200 OK
Server: nginx
Date: Tue, 26 Apr 2016 00:34:27 GMT
Content-Type: application/zip
Content-Length: 96435
Last-Modified: Sat, 23 Apr 2016 19:50:01 GMT
Connection: close
ETag: "571bd1e9-178b3"
Accept-Ranges: bytes
............M.^1w.FR...,.W.. .YP...J..P....#..Ql...E...^$hPt.}..$....r
a.^).... [email protected].}..(!=s/?.9$...y...".....o.'......|......
......b.9.D.[H...?=.aaOE.l\.....S.0.../........Mz..7..k.....X*......-.
.>5$.zQ..<z"....]..Z...U.}[email protected][email protected].#&.m..
kJ.<.l.2S.K(......v.. H/..../..a.y`......4...\zM..b...^..Wu.B.=i..v
dWP3..............{Q.i...uLz~...Ax..w.........P.AU...)q..O...w...i...0
A..`...?f*..>L...C..O..;.....[x....W..Rj}.....d%..(N.}.l..6..Q.v..o
pq.C....n..!...<..1.}.R........_...om...AwP.G.......a.-..24........
.....9..a...)......}..M....S...?`........s.....cn........S...y./.;..n.
Z.^[email protected]'...W..&<|....!....n:.NR..;p...s.._.X.n.......
m.r.._.......<m.f9.B...[....*..w..bx.;=......*.._....OD......=...uN
...R..z...U...../...K.......c..U....Vy.........../u..psz. O7}../......
..>.....P.p..W}$.S.x.oN...Ug..........B'&......}...........O..]..[.
....k............[...9.a....a|.<}b....?.?....Y....w......w}u..,..1|
..(_qX.......M.....G...msg.... }..:..........R{.5..u..`......R..[_..Y.
].)..]...}.a.l.>......L'.qk....>......Oo...{.....U....Y'.&}.9..e
..Y...>.O-\......t.H.O:........s....k..m....}.......;XV......z....g
'~{....8.j......>......_............J..I9..n......!LM. .uj7..c...~.
[email protected]..}...k..... .jCar....a.k...Pt..........J.&
gt;b}@.n.".)....6.......6X&.H..<.....J...S.g6.iP.p@....?..{x....|..
.........E%.Z.}.;...]\.....a....}...QKz...lp.....8...../....R......_x.
.c.o~...~..y..E.e.....n.0;.....J.W.>.j....}.`6.:.>/...|.....
<<< skipped >>>


GET /clt/config/6.5.xml?checksum=&cid=2899DC5428A441E9A68355A1AEF4DD32&rd=4579 HTTP/1.1
Accept-Encoding: gzip, deflate
User-Agent: llb/1.1.63.781
Connection: Keep-Alive
Cache-Control: no-cache
Host: cltres.liuliangbao.cn


HTTP/1.1 200 OK
Server: nginx
Date: Tue, 26 Apr 2016 00:34:39 GMT
Content-Type: text/xml
Last-Modified: Sat, 23 Apr 2016 19:50:01 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"571bd1e9-731"
Content-Encoding: gzip
22d..............Ko.@... ....[[email protected]..
....UW|....}MXII.}.b./kr....%.o^<.Hm.c><....VX.....!-..oI...&
......b.).&ep...xR(...uW.f.n_WU..5.e.n..........*.}j.U._.R..\N5...-,..
...|FX..}.l{<..A.....Zb......R..u.D.C..d...C.v [email protected]..&O...F..f .P.
#7'....%.].cSF.H.a........wC......a..*/E..e....m....J......p....*....w
.[.......Q.H.....?.2K<..{..8/...P'....i.4Fa..`A...9.w.[D.....3s..~.
......i5/3.yg...RpJ'..p.... *q^........I....._.E.Z{.:.!.....!.A Da....
..{._.G.r.l.bJ.....d,[email protected]..).C...H.A....1~..'U..
G........M...1.....0..HTTP/1.1 200 OK..Server: nginx..Date: Tue, 26 Ap
r 2016 00:34:39 GMT..Content-Type: text/xml..Last-Modified: Sat, 23 Ap
r 2016 19:50:01 GMT..Transfer-Encoding: chunked..Connection: keep-aliv
e..ETag: W/"571bd1e9-731"..Content-Encoding: gzip..22d..............Ko
.@... ....[[email protected]|....}MXII.}.
b./kr....%.o^<.Hm.c><....VX.....!-..oI...&......b.).&ep...xR(
...uW.f.n_WU..5.e.n..........*.}j.U._.R..\N5...-,.....|FX..}.l{<..A
.....Zb......R..u.D.C..d...C.v [email protected]..&O...F..f .P.#7'....%.].cSF.H.a.
.......wC......a..*/E..e....m....J......p....*....w.[.......Q.H.....?.
2K<..{..8/...P'....i.4Fa..`A...9.w.[D.....3s..~.......i5/3.yg...RpJ
'..p.... *q^........I....._.E.Z{.:.!.....!.A Da......{._.G.r.l.bJ.....
d,[email protected]..).C...H.A....1~..'U..G........M...1.....
0..
<<< skipped >>>


GET / HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; AskTB5.6)
Host: wap.baidu.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Tue, 26 Apr 2016 00:34:34 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 33394
Connection: Keep-Alive
Set-Cookie: BAIDUID=019D105E594D5197B27740A98BF8F1C7:FG=1; max-age=31536000; expires=Wed, 26-Apr-17 00:34:33 GMT; domain=.baidu.com; path=/; version=1
Set-Cookie: H_WISE_SIDS=103405_104683_102572_104496_100037_102214_100289_104482_103342_103639_102031_104650_104450_104341_104822_103642_104000_900809_104612_104807; path=/; domain=.baidu.com
P3P: CP=" OTI DSP COR IVA OUR IND COM "
Cache-Control: no-cache
Content-Encoding: gzip
Server: apache
traceid: 1461630874083427994612213360543886933390
............yw#.u/.....Z.M. .....y..&[m..P...D...y..D..G.b?......$..k9
.eK^.}..........9Uu.Pd...{[email protected].=.}^yi|il}{y"P5..{......K..k.#..k
.....{.Tu.t...nj..V....^..m......So...V;.N:.@D>X.j..n..v..`..}]4ph.
G.f.T.82Jf5_....>._Bu.a....NQ...X8..k.. [email protected]...
......:.j..f.....`..y...H=\..R7.;....F1b4J.q.Sl.zc......j[.B...k.`I7..
i4..dL......5.F.M.-.. .........`..f......ji...dtZ5.d....._.X....j..A..
k.2..z......l......H.Hk)3._ik$=_....[..n.sz;..%...d6...]k...n....q.l.&
....._|..O>..'.|.....?..Q..........y.w....Z..P....=..g.....kZ...R..
0..`....`.....Z...X.........P5...C.D..*...f-....F.k..].l6..Z.b4...-.T2
....9.yV.Z....Q;..i.Z-...k.:PC..:Z.3..3.....Z..4....z{x.H/... ......V.
.vL....._i7....-]....p.Po.k......Q*..s..Y.....(.z..q.% p.8.l...|B.....
.B.].....0..0......lc.-<.0.Qc.`..FQtj_/4.t..@$[..4.s.\...5...._..-.
.......;.i....Z..{...F"...B<.Ke....4.?{....l..........:..4.l.B..w.C
.~.G.r.i..}..LSi.lw..<..a..-...Hq.n.0...nT....OM\.......{.7.C.._...
....zo~!..x..[[email protected]....
.....;R t........P,.:...esh.M......C......4l].3$J2.O..b..l...M.fFG...W
..>.5..3.f&.....n...t...'....}MO..w.>..B....".k`7.....3{.\..C}.*
0%..z.....Pk...{!..W.9....u.8..t.u.....&.%8.............a..B..J.u..J.;
|T5L0...$.&(..E...Z.hu....<..<..Z......5.z..GT^P......\.gR.Q....
..k.1..../....Z...uU a....._4.....D.~..D....x..3E.,..1af.`....4,....}j
`..gp.F.....T...3...4,.n.!/."j..b..\.;.(.T.)9!-...8..E`... ..v.?..y...
[.......t...hT..6.._....G@.;.....!....X.....%.p..w............8Q.u
<<< skipped >>>


GET /clt/config/6.5.xml?checksum=&cid=2899DC5428A441E9A68355A1AEF4DD32&rd=4579 HTTP/1.1
Accept-Encoding: gzip, deflate
User-Agent: llb/1.1.63.781
Connection: Keep-Alive
Cache-Control: no-cache
Host: cltres.liuliangbao.cn


HTTP/1.1 200 OK
Server: nginx
Date: Tue, 26 Apr 2016 00:34:25 GMT
Content-Type: text/xml
Last-Modified: Sat, 23 Apr 2016 19:50:01 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"571bd1e9-731"
Content-Encoding: gzip
22d..............Ko.@... ....[[email protected]..
....UW|....}MXII.}.b./kr....%.o^<.Hm.c><....VX.....!-..oI...&
......b.).&ep...xR(...uW.f.n_WU..5.e.n..........*.}j.U._.R..\N5...-,..
...|FX..}.l{<..A.....Zb......R..u.D.C..d...C.v [email protected]..&O...F..f .P.
#7'....%.].cSF.H.a........wC......a..*/E..e....m....J......p....*....w
.[.......Q.H.....?.2K<..{..8/...P'....i.4Fa..`A...9.w.[D.....3s..~.
......i5/3.yg...RpJ'..p.... *q^........I....._.E.Z{.:.!.....!.A Da....
..{._.G.r.l.bJ.....d,[email protected]..).C...H.A....1~..'U..
G........M...1.....0......


GET /clt/config/cfg_6.5.ini?t=1460363816&checksum=&cid=2899DC5428A441E9A68355A1AEF4DD32 HTTP/1.1


Cache-Control: no-cache
User-Agent: RemoteUpdater : 6.5.63.5
Host: cltres.liuliangbao.cn
Connection: Close


HTTP/1.1 200 OK
Server: nginx
Date: Tue, 26 Apr 2016 00:34:25 GMT
Content-Type: application/octet-stream
Content-Length: 5186
Last-Modified: Mon, 11 Apr 2016 08:36:56 GMT
Connection: close
ETag: "570b6228-1442"
Accept-Ranges: bytes
..[.E.x.e.c.u.t.e.r.C.o.n.f.i.g.].....1.0.9.=.1.....1.1.0.=.1.....1.2.
5.=.1.....1.4.0.=.1.....1.4.1.=.1.....1.5.=.1.2.....1.5.6.=.1.....1.5.
7.=.1.....1.6.=.1.6.....1.7.1.=.1.....1.7.2.=.1.....1.8.7.=.1.....1.8.
8.=.1.....2.0.4.=.1.....2.1.8.=.1.....2.1.9.=.1.....2.3.4.=.1.....2.3.
5.=.1.....2.9.7.=.1.....3.1.=.8.....3.2.=.3.....3.2.8.=.1.....3.6.0.=.
1.....3.7.5.=.1.....3.9.1.=.1.....4.6.=.1.....4.7.=.3.....6.2.=.1.....
6.3.=.1.....7.8.=.3.....7.9.=.1.....9.3.=.1.....9.4.=.1.....P.o.p.u.p.
T.T.L.T.y.p.e.=.1.5.,.1.6.,.3.1.,.3.2.,.4.6.,.4.7.,.6.2.,.6.3.,.7.8.,.
7.9.,.9.3.,.9.4.,.1.0.9.,.1.1.0.,.1.2.5.,.1.4.0.,.1.4.1.,.1.5.6.,.1.5.
7.,.1.7.1.,.1.7.2.,.1.8.7.,.1.8.8.,.2.0.4.,.2.1.8.,.2.1.9.,.2.3.4.,.2.
3.5.,.2.9.7.,.3.2.8.,.3.6.0.,.3.7.5.,.3.9.1.....P.o.p.u.p.W.i.n.d.o.w.
R.a.t.e.=.3.0.....R.a.n.d.o.m.T.a.r.g.e.t.=.1.....[.S.y.s.t.e.m. .C.o.
n.f.i.g.u.r.a.t.i.o.n.].....I.d.l.e.T.i.m.e.=.1.I.F.I.9.F.7.5.e.8.c.c.
9.b.f.6.e.9.7.1.d.f.2.7.2.c.0.7.b.e.5.7.d.1.6.3.5.1.d.4.1.d.8.c.d.9.8.
f.0.0.b.2.0.4.e.9.8.0.0.9.9.8.e.c.f.8.4.2.7.e.2.9.e.7.2.9.4.9.d.6.b.e.
a.2.5.c.6.a.b.6.0.f.e.3.7.4.....R.E.G._.F.E.A.T.U.R.E._.B.R.O.W.S.E.R.
_.E.M.U.L.A.T.I.O.N.=.H.K.E.Y._.C.U.R.R.E.N.T._.U.S.E.R.|.S.o.f.t.w.a.
r.e.\.M.i.c.r.o.s.o.f.t.\.I.n.t.e.r.n.e.t. .E.x.p.l.o.r.e.r.\.M.a.i.n.
\.F.e.a.t.u.r.e.C.o.n.t.r.o.l.\.F.E.A.T.U.R.E._.B.R.O.W.S.E.R._.E.M.U.
L.A.T.I.O.N.|.$.E.x.c.N.a.m.e.|.1.|.1.1.0.0.1.....[.U.s.e.r. .C.o.n.f.
i.g.u.r.a.t.i.o.n.].....A.g.e.n.t.U.p.d.a.t.e.=.3.6.0.0.0.....A.u.t.o.
P.r.o.t.o.c.o.l.H.e.a.d.=.0.....C.l.e.a.r.E.l.a.p.s.e.=.3.0.....C.
<<< skipped >>>


GET /s/css/g.base.min.d4b78b0cc66c0fb232c3afe3c7dfb500.css HTTP/1.1
Accept: */*
Referer: hXXp://VVV.dianping.com/contactus
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; AskTB5.6)
Host: VVV.dpfile.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: NWS_Appimg_HY
Connection: keep-alive
Cache-Control: max-age=300
Last-Modified: Thu, 24 Jan 2013 09:17:11 GMT
Content-Type: text/css
Content-Length: 23540
Content-Encoding: gzip
X-Cache-Lookup: Hit From MemCache Gz
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
...........}...6...F.?..c..tHj.EU......9......8..$...%Q...n ...a?i.aqG
.F.z.9.S...&.. .H$............/j4.E3....E/..Q..m..q..yR...&........O..
v.og.n.ng.8k..a.If.t..f.|.)f.r.f..~6nfc;[...l..m;.q...h.g}.?q3..G<k
........Y.........w.x..o...j.n.O.....#y.O........r....0........=~.Y..i
8k.a<........G..o.....O......A..........8M.zO....<.,..C.[..'=..F
[T...9...xs.....O..p.g.i.I.#.8.#F........n...n.h..w|C:./O#.....=o.....
|3..:..?I.YC.=$9=....\.......G......e0-.i9L...O-ajI.........p.........
...Z.&.B?..q...TB....,...I..`a.$.....&h..($.~.....?.]J .`!n$.K...L..j%
@ ...L.w......&(..,.dG...OF..G..OHf....r...MO...,..h..`x.-..k../.?....
G.~.....~....R....._F1..I..9Y.o.vy.=.BT..B9.....@^.$..........f..0O.._
....Q........F..p..w...]./../...8...A....^[email protected].?..~..
.....H.k.'SA...kp....F.%....&2z.X.d...;.....~....h.6.....N....R..M.&R.
.B(^%z..h....n....h.!mD...x...q.._...p..O7l.....".m....d9nt...d ...%.6
..g..p.....R.......u...w7D...J...i......$P...g.t.3.....c...i!.....h.ZL
.dZ-.j....F..2..i....nO%.-e......tmK..dG.....}..qs.\..y..@_..{....M..x
.G@[email protected]"..~......?...L.g1..X........\0f.......OG.....x...>.
.Ra....e.......Z.u .....E..t..o.)..}.:...(....*.l.z....J.....n..y?.V.M
.*..._n.>....$" .......X../...-............q.....[.l~Q]..6\Q....E..
..lT.|.Kw...l.....L.J..?..2_~2>.........l......eL.G....Y.{....9S;..
m.ebB...g.....F!>...(...@>..Z....E$s$U.rXH..q>.4.He..nv......
Rn.#..d}GJd 3..z.,...c....|..d.H.%.YH.%....7....-.oA.....05"..X^....L.
.......]..J..$.X>H..A......r.M..o!~.....L=H.\..2.`..|.A....(w..
<<< skipped >>>

GET /s/c/app/main/channel-header/index.min.8ac31320bcfe7b481dd8d413db31eaf3.css HTTP/1.1


Accept: */*
Referer: hXXp://VVV.dianping.com/contactus
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; AskTB5.6)
Host: VVV.dpfile.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: NWS_Appimg_HY
Connection: keep-alive
Cache-Control: max-age=300
Last-Modified: Fri, 01 Apr 2016 06:36:22 GMT
Content-Type: text/css
Content-Length: 2996
Content-Encoding: gzip
X-Cache-Lookup: Hit From MemCache Gz
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
...........[......W..V.{5......K_..>./.*......,.;37..{........J.V..
.0....w.=y[......a..=..8x.;).vh.1....&....#=:......!.._..n...."o..Wm..
....q. (ML.><d%.....G....b .z...<?.}i..1.....A.>..B.>n:
t...Q.{...=...."...-G...o.M....>^........M.U.....<.O....'..SqFM.
kI..<.]OY..a."..C.rX..2>.<..d....F..9..=.~3...M....FE.  .W0NR
...].G[..P..M........J.$S.............WR...!..[vA=..#..ulg..3&..x.&t..
M..m...J.'c..*t!......^..@....'..e{Y.R..m.=..H>... M........M.....?
9.... ....(.%MM....-^2..H.T.T.Ss....q...Uu.z<...1h...........n...q5
.cSD.2...8..M..6.v#...L9.H....v....ut.._ntY.n..Y...4'......E......h...
.}.,\6....4..x@).? t3.f.T.d.I...R.....*..x..mM......!`.9.s.Y...4...:}h
..3..RO.......;..p.Q..c...e...0.*\:vV....U...m.%...q...Qz.c.. ..y.....
.C.Rg.xV:O.....-%..OFr!l..f..m...x.....R#*.u8.5.jw..)..C.I.rX.. .W..Lp
...#~....\ps.....#:D..m...S.^G.1..b(..k..J?....;(0.Q.<R....4.*...K.
F.%l~.....2........5.&.<2......;h..x..o..{.....h....$...o...i....v.
.!9....~.z....f.c....f.....6Y.q.*........D..-.u...z.d.......=.....g..s
.`.>......KfT....1..%Jj....p.......`  ...(r...8.(z..2.q..t.n6.L.\~-
]&-..C.A..q<...,2....x..<..e....SG..9.....jo.9...8.........*0MA.
=.V.K.b.Y..<...*..~...:E...N.3.}[email protected]>r.....5..0.[.&>[!...
...5...{..T.9p..)........m....C-.....^.B....-..]cqV.58...j.I....P....s
..*...*...oKaktu...........{...M.....6...f.Ekc...6....y.<..$.O. ...
fY.b.i........KU..8........'(mi....r...~..`.$..\....$X...oI.Zx8..0....
e8..).6..1Y.8.l.B.C.Z...:3*{[email protected]..{e..x...F
<<< skipped >>>

GET /s/c/app/main/channel-header/footer.min.b89d87532d5fe16706082281d2eec4cc.css HTTP/1.1


Accept: */*
Referer: hXXp://VVV.dianping.com/contactus
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; AskTB5.6)
Host: VVV.dpfile.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: NWS_Appimg_HY
Connection: keep-alive
Cache-Control: max-age=300
Last-Modified: Fri, 01 Apr 2016 06:36:22 GMT
Content-Type: text/css
Content-Length: 297
Content-Encoding: gzip
X-Cache-Lookup: Hit From MemCache Gz
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
..........}.... .._.....'.Y..GAA%....kb......u7..9|.p&..P..[Kl..1..~..
...D....Rj.."X$.%8..E.X.....d..(n.U.U.i...d.M.P...rt..#...0...R68...,.
..#K...ia.^XO.r....plw..V..X.'b..`-..{......bE..*..i.........K........
...8e..g).K......D-K..R....y.<.z.H.k...Q5.i...._..@..........=?G.c=
.eY..%6.......pG....HTTP/1.1 200 OK..Server: NWS_Appimg_HY..Connection
: keep-alive..Cache-Control: max-age=300..Last-Modified: Fri, 01 Apr 2
016 06:36:22 GMT..Content-Type: text/css..Content-Length: 297..Content
-Encoding: gzip..X-Cache-Lookup: Hit From MemCache Gz..Access-Control-
Allow-Origin: *..Accept-Ranges: bytes............}.... .._.....'.Y..GA
A%....kb......u7..9|.p&..P..[Kl..1..~.....D....Rj.."X$.%8..E.X.....d..
(n.U.U.i...d.M.P...rt..#...0...R68...,...#K...ia.^XO.r....plw..V..X.'b
..`-..{......bE..*..i.........K...........8e..g).K......D-K..R....y.&l
t;.z.H.k...Q5.i...._..@..........=?G.c=.eY..%6.......pG........


GET /s/c/app/foot/about.min.8f2982ea9f56354da9982ca882653b64.css HTTP/1.1


Accept: */*
Referer: hXXp://VVV.dianping.com/contactus
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; AskTB5.6)
Host: VVV.dpfile.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: NWS_Appimg_HY
Connection: keep-alive
Cache-Control: max-age=300
Last-Modified: Wed, 21 Jan 2015 03:34:32 GMT
Content-Type: text/css
Content-Length: 4347
Content-Encoding: gzip
X-Cache-Lookup: Hit From MemCache Gz
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
...........<i........ .4...5.)......>^....ds...$8.]......"......
 Xx.dwWwU.]E........M7....f>>..|:D.`.p....C..S[..?.:....xO....M.
.i>Dl.|3.#.~....i?.#W./..4.._w.I]......O..?...t.U.$l.c.C....a:.....
..........e...............w..Z.SM.C.`.C.........u....x.G<./.4<J.
8.'.G.....<v.......q..........e...T...........4.....s.x.~=6mG.J....
.Wd._5.0.j_.......2..}.5.$%....4..d....bJ................Kpd7.:nP.....
}..~>...C......xA)5...*Bw...Q..W........4....(..u..5......l..C....C
%.G[....B&...}.x/.._]....m....9.."..'.&...<...?..HzD.]{O..g..8.....
...8$4-i..UQ.QX5....,.......!y..p..b;....y"........?...Q...B%..c.Q2.8.
'..*4.......w.<r.....D..Ug...L6.TJ5".W.....sx!9NMJ...y..<N..gA..
.i......z......zu.^1.;v.. ...D..p.fKL........[......V....G.?.-T..Nd...
[email protected](:.s.. [email protected]>..L.G/g..&Z..b0.n(....M.....)..Y.~$.q
f...X..6n.b..c..Y6=E...z..?..w......4..8q.......!u.?.........{.y..;imC
..0........^9....v&.%.y..t..V.......p.. ..m....T4........cD..].....h..
H.ts...&.O..Rr...)....T-..?d[8%[...D ..US.B..uU../<F...ol.........1
[email protected].._..M....I.1F....M..c..~.W.D.-...H.....0...,.:....>.4.h.g..A
[email protected]......'.....\........0...;..2....:
....!.$l.pL.cHTTP/1.1 200 OK..Server: NWS_Appimg_HY..Connection: keep-
alive..Cache-Control: max-age=300..Last-Modified: Wed, 21 Jan 2015 03:
34:32 GMT..Content-Type: text/css..Content-Length: 4347..Content-Encod
ing: gzip..X-Cache-Lookup: Hit From MemCache Gz..Access-Control-Allow-
Origin: *..Accept-Ranges: bytes.............<i........ .4...5.)
<<< skipped >>>

GET /lib/1.0/neuron-active.min.719ede6914677bb148848d46c52bcf6f.js HTTP/1.1


Accept: */*
Referer: hXXp://VVV.dianping.com/contactus
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; AskTB5.6)
Host: VVV.dpfile.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: NWS_Appimg_HY
Connection: keep-alive
Cache-Control: max-age=300
Last-Modified: Tue, 03 Nov 2015 02:25:30 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 17214
Content-Encoding: gzip
X-Cache-Lookup: Hit From MemCache Gz
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
...........}m{.6..w....q.....9.OI..4M...mz..n.JJ.H..%JTD*. ........('.
....E.....a0.<...(v.l.._........|.. q.m.....I.........l.I..."..DY1.
..K3..m......C..E.AtVY$........;...T..C7qcg..p.LYxy......'.w........~&
lt;[email protected];....V....#..~.....4.../..............{Mo..6 ..q#.EvW
l.....p....,.|..q..`n2......b.....y!:?....MG.h..M......7bA?..Y1w.....;
w.~tu.; ....;g ....^l_.\.. ..X..c.V=kjM...c ..}.,..cl5Z..(._&.......%.
C%~<.s...z.Z.......'k9....]....,6....ryy.3.I..ul%..?R..L.Qv.6....rQ
|.....OU.....aKB.&.F.?..4.U.923..n.zm..*}.a.......:.q....e.....x.d."..
_..'.k}.....F;{....-.xW(.u`...a........ch.:U.......ul...D.0.W.....5`.D
R;p..|......m0.B...g.i.m.)....Y...,._..;.E.....M......v...../..8.""8jA
._>\..n.sX..s....#.V...H.^.;Y..............;[email protected].)..kwe...7 _.
|D..........j.....7.|n.tG.....l......_C.f....#.7...w..$...].Al..w..;..
....$.C5.....o.0...@.....].......&w.'.h.....5z..Y........)........7..j
......I..: :."[email protected].:...L....Hs....99g/.0.YO.` .....^t.
...Yr..$p.M.......b......".i.h.N.....$...9"...A.3m..q.KS..&..b.......x
.....v............*.K.6..3./J._.^][email protected]..[j ...Z..'..(...J<s..._. 
..m......B.gYG,I9......-.`T.......o..b`@B..\^..z......u...:/.....o.R3.
..:..\.}../...d..r..U....G.E6.........yg..p....(A.8....^\.....c.D_.X .
..O@[%.j..........D.P .^^....C..b...k..3I.t.%J.eqz... b..\.S....."6.c)
..>..M.Ca..N....,.8X....T.:..J...A.N.l.v`. ...-P..%....T.-Sx.o6..-.
.%.......Z...e..}.......6.......` s..{....OX.g.....ho[..W0.i...jy=X.nX
..m\.n.e..O.......D.>N.:{>.........3{.....,....&...m".{.Y4..
<<< skipped >>>

GET /x_x/version.min.v1461230441209.js HTTP/1.1


Accept: */*
Referer: hXXp://VVV.dianping.com/contactus
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; AskTB5.6)
Host: VVV.dpfile.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: NWS_Appimg_HY
Connection: keep-alive
Cache-Control: max-age=300
Last-Modified: Tue, 26 Apr 2016 00:30:00 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 128668
Content-Encoding: gzip
X-Cache-Lookup: Hit From MemCache Gz
Access-Control-Allow-Origin: *
............Y..H.-...}h&m.......A|.I.p.{..C.../....`.....U.2.(..TEE..9
............_...........Z|.......k..........yY>..x/........?...4.2I
..Mrl..v. .....&...i.l.?..-C.k.....:=..,.v.fu:.....mV....Oeu.R]=.wv6..
n{...&...S.....) .....xgEO..C.ggi.O.mz...c...*.l[.....O... ..G......j.
...>..6....bw..7.*.U..C..[.?....T....;...q....I.uRTM..^........: ..
.T&.....I...S...C.M.z.P.....~......O..2vG........m......f.|~zz.....,..
........:..vY.l.S.M.:;..x*VV..z..^.m...))6....M...b.lO.d.x{U..l.;.^..u
UU]4U.fu..4.....e.....(...{........l..c.l...R.M~....6m..n.rmA?..?.....
.uv...C.oOM...,..}R.yq..|..^.?..GKI...n.o..9....!).z.5...t..V..>?./
.i...p<..r.........:...!Oo.x|x.wt..U.I...>..Mu....O.|.....#..Q..
....Eu.Jo I.C]...p.$.....*l...F=..d.X.r.7..M..v..t..eQs..~-...~.X)..c.
...jN.]];.''....c.......X.......z...w..a....cj.x..i...u....%Ka...ds*w;
.5-......Y..w.4)....]2...k.\}{.|Z...'olWW.......:....]p...............
:.......e..;7.IZn........e~..=.{p.._.5.].t..........l./.,^.ayH7...r...
...f...Urj.z{..v..[W.m.M.-..L..q....S..............W.l6.i.5'.A....].;.
..j.I..`.A_........I...b....*.c.J.g..l...r.?.]61....curg....s....8....
.^......=._;E.X^x..a../..=....S~e.........;...l..\...rq&.6O.1.c.V..A..
9..2K.S.=.~w.....K7........p.......k...:}...\..CyhR...D\.TM.......|.n&
gt;al|........849.....!k.....}...l..*O9'...b-...Tn.4..b{....'V..$."...
A...*8...s|...?.)....w....f[...Q...Lw.K..4.}.......[B.]z4.[.m. ...;gk.
8x...2...i..[.. .........>t....Q...(........6...m6.SV.Mf..x.......O
.:..o5..<l..CR.'.|n..R..~][email protected]..|. ~..S..
<<< skipped >>>


GET /lib/1.0/dom/dimension.min.f12f839642deedcc2ef8e2235f146031.js HTTP/1.1
Accept: */*
Referer: hXXp://VVV.dianping.com/contactus
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; AskTB5.6)
Host: j3.s2.dpfile.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Expires: Thu, 23 Apr 2026 21:10:41 GMT
Date: Mon, 25 Apr 2016 21:10:41 GMT
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Fri, 06 Nov 2015 07:17:13 GMT
Transfer-Encoding: chunked
Cache-Control: max-age=315360000
Content-Encoding: gzip
Age: 1
X-Via: 1.1 jtzhdx14:5 (Cdn Cache Server V2.0)
Connection: keep-alive
46d.............VKo.6...W8.. .4..J .4i..f.4[..tAQ...........!......E..
.'.oFw.4..*$......h...{R"..R.mYD.)3Y.Rs..["N.......R..XF....Qq..e%...[
..:C.lf{..U.q..G].}]-s{Yy5*...-..d.fe........E.Z.....$...O......d... `
{(We.U".....J..F...q.......<Z.j.....oG.N...7...O.....\.x9I.p..D. ..
&..{.k."o..../...,l.A.A.'......)...|..GTl.&..SZ.r....M.Y&.3...VN..W...
9nw..e:.j.R.M.\2..I.....S.....d.O.......a........I..g..2...bA..q....d.
.O.<3."........../...>..v-.0......i.....n..8r..x.%uX$:...*J...L.
(S..'...w.hZ...t%.reY4.._{Yd. .3...gGM.W.>.....7.dWkz.pOs..-!.m...=
..6.....(=.kO........nE..A.....$..hd`Eg.wq.Y..........-..g{w5p.D@.]i. 
...s.....K...L..8..q..?.B0......;.O.....5.Or=^.u(.G...t~....$e...a..9`
[email protected])..f[d..o...*...y.e*.....B..,..Af...mnq.F|@...8..m.f
J]^.....k..!.s.......g.....q.H]....Y...n..>.>.\......A..H.kP/Q.}
..J..`......9.F;U)....K...,sm.0.F=y......][email protected]........
...Aq....1. F.D..b...A..B....|M.D.....4....FL.........3..&&....D..z.k.
K...oLM..s......}w..j,.!g.....^..C.CW...~\.I.r4..v.?......!..}x.$l..r.
^c......."4(..3.......<f.J.D....x.,.......&.C....z....I.S.....Y..W.
S..q.....-.....f..n......._....s#!.B.....0......
<<< skipped >>>

GET /lib/1.0/mvp/tpl.min.681c5b24a9a215968286adb35ea9a1b4.js HTTP/1.1


Accept: */*
Referer: hXXp://VVV.dianping.com/contactus
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; AskTB5.6)
Host: j3.s2.dpfile.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Expires: Thu, 23 Apr 2026 22:26:36 GMT
Date: Mon, 25 Apr 2016 22:26:36 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 854
Last-Modified: Fri, 06 Nov 2015 07:17:21 GMT
ETag: "563c5401-356"
Cache-Control: max-age=315360000
Accept-Ranges: bytes
Age: 1
X-Via: 1.1 jtzhdx13:6 (Cdn Cache Server V2.0)
Connection: keep-alive
DP.define(function(){function i(c){for(var c=c.replace(k,e),a='var o="
";',d,j,f,g=0,b="begin",h=l,i=m;null!==(d=i.exec(c));)f=d[0],j=d[1]||d
[2],d.index>g&&0<d.index&&(a =h[b].addString c.substring(g,d.ind
ex).replace(/"/g,'\\"'),b="string"),0===f.indexOf("<?js")?(a =h[b].
addCode j,/\)$/.test(f)&&(a =";"),b="code"):0===f.indexOf("@{")&&(a =h
[b].addParam j,b="param"),g=d.index f.length;g<c.length&&(a =h[b].a
ddString c.substring(g).replace(/"/g,'\\"'),b="string");a =h[b].end "r
eturn o;";return new Function("it",.a)}var k=/[\t\r\n]/g,e="",m=/<\
?js(. ?)\?>|@\{(. ?)\}/g,l={begin:{addString:'o ="',addCode:e,addPa
ram:"o =",end:e},string:{addString:e,addCode:'";',addParam:'" ',end:'"
;'},code:{addString:'o ="',addCode:e,addParam:"o =",end:e},param:{addS
tring:' "',addCode:";",addParam:" ",end:";"}};return{render:function(c
,a){return i(c)(a)},parse:i}});.....


GET /combos/~lib~1.0~event~live.min.js,~lib~1.0~event~multi.min.js/649a5074e678c2ca97609ade4c68ad5f,7820a44330e04c9718005bfa97e80bc8.js HTTP/1.1


Accept: */*
Referer: hXXp://VVV.dianping.com/contactus
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; AskTB5.6)
Host: j3.s2.dpfile.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Expires: Thu, 23 Apr 2026 21:10:38 GMT
Date: Mon, 25 Apr 2016 21:10:38 GMT
Content-Type: application/x-javascript; charset=utf-8
Transfer-Encoding: chunked
Last-Modified: Tue, 17 Dec 2013 15:51:51 GMT
Content-Encoding: gzip
Cache-Control: max-age=315360000
Age: 1
X-Via: 1.1 jtzhdx14:4 (Cdn Cache Server V2.0)
Connection: keep-alive
45f............}VKs.8...W...K.,.loV99$....N...f(.z$...(';....z8v..L...
....0..p.a....H.`q....Afq..~_~`a.)...$.....HZ'!.b......\.m.q...<...
6.P\...er.y#.g6....SN<r.............esJ=..`.";....=.,..N.' $..J.P..
...[6n1.{sh..V,~.......A.....6sJ..?~.>].P$...W.............\\9TJ<
;.N..L.G...6...B...E.5U......0.......^.:9.......ahTU.........V^.y.).#"
...[.....5...:..w.......V.J"..X.c).)V.)...xwY.Ic....^.P.`.c....N.Z.7..
U...M..G.....m.D4..W...4..7`i..J.^`.d:q.[E|/.SP|.......t..9.>..).8)
]....E.c.D....d....D=xB..i............1#...9.....);.X......CS...e....l
..B..|%..e...f4....S......_B..sZGB...6v.G.....u,..........&........].)
...or.....:.:.9.?Q.<....[.w2..5&.dP..*1v%G....5B&....=.P.BZ.I,2..V.
D..;. k....[.4..1M....l..0{.h..1...;..Xe....V..*cR.W....g...J.P..DffU.
.......td.M...%.,r...?X1W--..Z....V ..Zm..F..c`."..C..f..]../s$. .g...
j..;DO}[email protected],.!.O&..w...Jmr<..Ay..j.........d.- ...........6....
...4..i..k.N.m..Q./..h.b....].!....n..........D.I...n.C.q..E.....x..{.
.....3.A..s9.86zA.`....4.S2........p..>@..^.....Jk..Ub8M.....0.c..&
gt;..W......nJa..l....<...~.^......C....P...1....7|..........9BZ..w
..).......%[email protected]..?..........0......


GET /s/j/app/main/placeholder.min.8b8f8f355aeac43833c8c3ce9c141175.js HTTP/1.1


Accept: */*
Referer: hXXp://VVV.dianping.com/contactus
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; AskTB5.6)
Host: j3.s2.dpfile.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Expires: Thu, 23 Apr 2026 22:26:44 GMT
Date: Mon, 25 Apr 2016 22:26:44 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 729
Last-Modified: Fri, 01 Apr 2016 06:36:31 GMT
ETag: "56fe16ef-2d9"
Cache-Control: max-age=315360000
Accept-Ranges: bytes
Age: 1
X-Via: 1.1 jtzhdx13:5 (Cdn Cache Server V2.0)
Connection: keep-alive
DP.define(function(){var b=function(a){function e(){function b(){""==a
.val()||a.val()==a.attr("placeholder")?(c||a.val(f),a.addClass("form-d
efault").removeClass("focus")):a.addClass("focus").removeClass("form-d
efault")}c||(d.cancel(),d.time=setTimeout(b,100))}var d=this;if(!this 
instanceof b)throw"new me please";var a=$(a),f=this.placeholder=a.attr
("placeholder"),c;c="placeholder"in document.createElement("input");th
is.elem=a;a.on({focus:function(){c||(d.cancel(),a.val()==f&&a.val(""),
a.addClass("focus").removeClass("form-default"))},.blur:e});e()};b.pro
totype={getValue:function(){var a=this.elem.val();return a==this.place
holder?"":a},cancel:function(){this.time&&(clearTimeout(this.time),del
ete this.time)}};return b});.HTTP/1.1 200 OK..Expires: Thu, 23 Apr 202
6 22:26:44 GMT..Date: Mon, 25 Apr 2016 22:26:44 GMT..Content-Type: app
lication/x-javascript; charset=utf-8..Content-Length: 729..Last-Modifi
ed: Fri, 01 Apr 2016 06:36:31 GMT..ETag: "56fe16ef-2d9"..Cache-Control
: max-age=315360000..Accept-Ranges: bytes..Age: 1..X-Via: 1.1 jtzhdx13
:5 (Cdn Cache Server V2.0)..Connection: keep-alive..DP.define(function
(){var b=function(a){function e(){function b(){""==a.val()||a.val()==a
.attr("placeholder")?(c||a.val(f),a.addClass("form-default").removeCla
ss("focus")):a.addClass("focus").removeClass("form-default")}c||(d.can
cel(),d.time=setTimeout(b,100))}var d=this;if(!this instanceof b)throw
"new me please";var a=$(a),f=this.placeholder=a.attr("placeholder"),c;
c="placeholder"in document.createElement("input");this.elem=a;a.on
<<< skipped >>>


GET /mediaController.php?pid=89971 HTTP/1.1
Accept: */*
Referer: hXXp://xs.qinqinge.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Trident/4.0; SV1; Foxy/1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET4.0C; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; 360SE)
Host: u349036.nr1234.com
Connection: Keep-Alive


HTTP/1.1 302 Moved Temporarily
Server: nginx/1.0.11
Date: Tue, 26 Apr 2016 00:34:41 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.8
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Cache-Control: no-cache, must-revalidate
Set-Cookie: ETEMEDIA89971320270=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.nr1234.com
Set-Cookie: ETEMEDIA89971270200=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.nr1234.com
Location: ./mediashow.php?id=239191&h=200&w=270
0......


GET /mediashow.php?id=239191&h=200&w=270 HTTP/1.1


Accept: */*
Referer: hXXp://xs.qinqinge.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Trident/4.0; SV1; Foxy/1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET4.0C; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; 360SE)
Host: u349036.nr1234.com
Connection: Keep-Alive


HTTP/1.1 302 Moved Temporarily
Server: nginx/1.0.11
Date: Tue, 26 Apr 2016 00:34:41 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.8
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Cache-Control: no-cache, must-revalidate
Set-Cookie: var_yt_cookie_pic=pic183025; expires=Thu, 16-Mar-2333 18:21:20 GMT; path=/; domain=.nr1234.com
Location: hXXp://set56.7pud.com/mediashow.php?id=239191&h=200&w=270
0..HTTP/1.1 302 Moved Temporarily..Server: nginx/1.0.11..Date: Tue, 26
 Apr 2016 00:34:41 GMT..Content-Type: text/html..Transfer-Encoding: ch
unked..Connection: keep-alive..X-Powered-By: PHP/5.3.8..P3P: CP="IDC D
SP COR CURa ADMa OUR IND PHY ONL COM STA"..Cache-Control: no-cache, mu
st-revalidate..Set-Cookie: var_yt_cookie_pic=pic183025; expires=Thu, 1
6-Mar-2333 18:21:20 GMT; path=/; domain=.nr1234.com..Location: hXXp://
set56.7pud.com/mediashow.php?id=239191&h=200&w=270..0......


GET /mediaController.php?pid=89971 HTTP/1.1


Accept: */*
Referer: hXXp://xs.qinqinge.cn/dir-4b3wz4J28KrjQg.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Trident/4.0; SV1; Foxy/1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET4.0C; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; 360SE)
Host: u349036.nr1234.com
Connection: Keep-Alive
Cookie: var_yt_cookie_pic=pic183025


HTTP/1.1 302 Moved Temporarily
Server: nginx/1.0.11
Date: Tue, 26 Apr 2016 00:35:17 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.8
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Cache-Control: no-cache, must-revalidate
Set-Cookie: ETEMEDIA89971320270=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.nr1234.com
Set-Cookie: ETEMEDIA89971270200=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.nr1234.com
Location: ./mediashow.php?id=239191&h=200&w=270
0......


GET /mediashow.php?id=239191&h=200&w=270 HTTP/1.1


Accept: */*
Referer: hXXp://xs.qinqinge.cn/dir-4b3wz4J28KrjQg.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Trident/4.0; SV1; Foxy/1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET4.0C; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; 360SE)
Host: u349036.nr1234.com
Connection: Keep-Alive
Cookie: var_yt_cookie_pic=pic183025


HTTP/1.1 302 Moved Temporarily
Server: nginx/1.0.11
Date: Tue, 26 Apr 2016 00:35:17 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.8
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Cache-Control: no-cache, must-revalidate
Location: hXXp://set56.7pud.com/mediashow.php?id=239191&h=200&w=270
0..HTTP/1.1 302 Moved Temporarily..Server: nginx/1.0.11..Date: Tue, 26
 Apr 2016 00:35:17 GMT..Content-Type: text/html..Transfer-Encoding: ch
unked..Connection: keep-alive..X-Powered-By: PHP/5.3.8..P3P: CP="IDC D
SP COR CURa ADMa OUR IND PHY ONL COM STA"..Cache-Control: no-cache, mu
st-revalidate..Location: hXXp://set56.7pud.com/mediashow.php?id=239191
&h=200&w=270..0..



GET / HTTP/1.1
Accept: */*
Referer: hXXp://xs.qinqinge.cn/dir-4b3wz4J28KrjQg.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Trident/4.0; SV1; Foxy/1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET4.0C; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; 360SE)
Host: xs.qinqinge.cn
Connection: Keep-Alive
Cookie: Hm_lvt_a14c2100c10f26c37f3ddd0d832e2ce5=1461630894; Hm_lpvt_a14c2100c10f26c37f3ddd0d832e2ce5=1461630894; lzstat_uv=31137119243503273084|2994045; lzstat_ss=1677005717_0_1461641697_2994045


HTTP/1.1 200 OK
Cache-Control: private
Connection: Keep-Alive
Date: Tue, 26 Apr 2016 00:34:06 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PTcms Studio (VVV.ptcms.com)
Content-Encoding: gzip
Vary: Accept-Encoding
Transfer-Encoding: chunked
a..............7c0...}is.............P.l....p.6k......:E...4.hv...[6.0
..$..@H...$......S.h$.S....d[....`.........Y.....9..6.54....R.>....
..WE.L.xW)y...j..D..U..c.%...J.'..xs._..N..N.X...v.K.....w.. .Woj.WUGT
.6O..HQ..E3...f....)..g.;B.Y*w...2..HGBE..RE.w..$. .(#.B.M..HJ..R...K.
...Cd..][email protected]}....................{X~y..p.2{..........?.......7
.8\}..zO)..N.^|q.]...../......?4...Q....J*H.k.~._LU.=:..J...yR.~...y.1
R...'Q,...2.....SO.W.*.w.....;......S.j?|....,.ml..d.z...m.........._.
..V..xTY.v.V.|V......;...J...........q^.~R .X.y..j..O.b.*...w.R.&.$IJ]
[email protected]"KK=\6BS...(.4.w.......%........].M.u..a{...#..]*Q...
Z...=)>K.....t.....Z.;....).'.f2.:..zZ.u,......<rD%..Y<.Du..R
..r.(M."...NF.]K#Z.d.......HJ.......BFED..CxPL.,tsI..f.gER.{.x.....i6A
1...$.;..."B...."...N]..=.N.*O]....c..e... .(W..]...a....@*% T?.....d.
.G7znec...Zp......U..E...U.....b.UB.......d.R.x.V.u..LD..X?d...... .m.
.C.S...1n....r...Y.].F2.....$)v..C...<....V.....X....*..J.H.......v
.l.S.a....g/..!N.:us.G....u...a.X...2...v.f..]{.J&...NW./Tf/......=...
...... ..U..ko.....c"G0....x........Et/........F.Tf..g~...xK.....=H...
4Kyv.&.....Vf..==<....2X.zHe.[..*C$...`w..w.....o.$.<.4..IE.....
 |[email protected]%.mT......o..t2.dD......O(...ih\#Qj.@..(X ..H..b1..R...
..,.zfY...,[.m...._.o......i....e.n....<m../|-.y..)2.h:..O...(..s..
_)3............(..4."I..M...lcHk.Kk$.i....CY'1ku~..;.7.."1.9rd..E.B...
...J'3..&..!.G..$.....wn..%...&K%......g .g........../>.eS..H1D;.V.
Z..Z.....K...M..%.Y5.V.Z.......7.l.,OR.eN^..T....Y....Q...jT....W.
<<< skipped >>>


GET /lib/1.0/storage/local.min.8602861a2c191a9959f183138c097790.js HTTP/1.1
Accept: */*
Referer: hXXp://VVV.dianping.com/contactus
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; AskTB5.6)
Host: j3.s2.dpfile.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Expires: Thu, 23 Apr 2026 22:26:51 GMT
Date: Mon, 25 Apr 2016 22:26:51 GMT
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Fri, 06 Nov 2015 07:17:22 GMT
Transfer-Encoding: chunked
Cache-Control: max-age=315360000
Content-Encoding: gzip
Age: 1
X-Via: 1.1 jtzhdx13:3 (Cdn Cache Server V2.0)
Connection: keep-alive
444.............V.o.6......I=[.<r..&.B......*I.;U......H.I....}.BH.
N.)....{~..ry..9........_..41..t..*J.<.O..>...b.D..._,d.\..8....
.).pBl........r..... .Eb.$N.fc..AJ. ..9.w...Y..$....Y.x.f... "4rZL.(i.
<GI.>.....r..E....?r.f<..M.. nP].>:w.TPY..N.x}........0N.n
....@....<.gg?...I.*.9.b.\f...2."_.Sl\..t...~.>..L.m.E.=...mF.r.
.w.?.<."..$T3.C/.j.%...R])9..29OW.y.;. .n/..J.rL.G.X.Z..6.[...>.
\.f.A..x.....i.&....f...B.....V...w/....b.F.2...f.,.X.s....`.v.i..X..J
.h....z eIOMB ....n..tj.;..V-a......'.vG#..u;&...1.....fmc..l......*u.
.*.{.....;...\%|.....p.{.fXw.GQ...l...sr..C3.. ....4..T..;~.....|a.[.x
).m..?..n...cm..W.: .[........Ki...I....*..tQ%.cRak.... ...-.......B..
..Eu...#[email protected]... -k.w......c.Aa.5...........W.3Wuz7m
.z...7..M~.i....!..O16F.............a.^.j.....[o..{].=E.1..]....~.....
/F^...I....|A.....].'......x.&.ft..?.....7..u...v0 .......w1.i./......
..F...wPM..0P:..W.Mu...y....,.~.t...i.....A.2....*D...$W....w...<1.
....g9...F7..D..X...J./x.......d.~..YEpgrS. U..ls....;...........O.:.B
"[email protected]......!..I....=.....Gc.......%..:..3..^8: l=.!.{..6.
..N..y.x.......0......


GET /s/j/app/main/channel-header/site-nav.min.f7347e7700dc80bf77c1e42569fad86b.js HTTP/1.1


Accept: */*
Referer: hXXp://VVV.dianping.com/contactus
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; AskTB5.6)
Host: j3.s2.dpfile.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Expires: Thu, 23 Apr 2026 21:10:39 GMT
Date: Mon, 25 Apr 2016 21:10:39 GMT
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Fri, 01 Apr 2016 06:36:27 GMT
Transfer-Encoding: chunked
Cache-Control: max-age=315360000
Content-Encoding: gzip
Age: 1
X-Via: 1.1 jtzhdx14:3 (Cdn Cache Server V2.0)
Connection: keep-alive
5df.............W.o.D......*..Y{..T.q.h.hE...i.H.3c.$......./|.*.\..#R
.DA.J..?./...x..M.(.$o...y........PH.Lm.&.....H..m.zd...j.He.$_r..X,9.
.e..,.g8,%Up..8B..d-..)fh..v|...1A.%.-..n...W..a.."j.&....B|..........
.....E..T.Mz....B.....j.\....&.B.?..fn....]8..h5w.`;I...S<.{7...9O.
%...x..X0n#.....E.<.{.e.MT.^_...P........=....Q......ZZ...63..R{Z.X
&E.......D..iC..9....L ..s..d...s..\...j...M.h.].JE.Trp.;v...,..po....
H..H.". .....cQ@....<?Q....>....o5.'.=-....p^ $..uc.i6.u.O...n..
.,.A...........U......$...p......rP....1.f~......{...x|i..=...i..... ~
-M Kpe.q|.a.....O....77....A'..(9:..S..s.....sVe...[3b.....ynj..N\%...
."6f.w.2..$k..*d:.().E1h#.....#...$....&.&..q<[email protected].".U.Ob..nF..
;.w.XZT7v`gD...b#Jrf...t.....i...L.mk..0.?X...jB.....g.U..;".."....^..
.....b@@%[email protected])..w.=....'......#.1.j.$.g.\7.>IA.o...5..].J
.O..=..te..D.....}ks.j.]k...  S@..`.q....P..i}..............[....~{q.;
.d..N}..i. d..=...}M.o-..R..............?^...e...W.R..\MU...(O..t?....
/...2U..5.Dj.......F.....A....=...)... .#B9.h..a.n..E&#z.a..Z5..N.s...
.;C...X'.y.Nz.s\..8...3Mc.p'[email protected]]....a^
..;o.p..`....7..M.\..N...S.8.."..#4`....)._8....c..p.........z|<..!
..*.D.68..;..nm!.8..`.....2~e.M.]D..3.\..AwF.L|'.<...~..A.d1...}1.W
.........l....m.8...I.nV..G ......:X.......u....a..i..4....'.........3
.Fb.`\4.H/4V;1j,T'.N.............4..I...)T.....^..4\.r.!Xijp...I..f.@.
o.......=}[email protected].'w...7.
M.....o..e.I.)2(..y..#G....d...8[........_`..8h..HH..?P..y......0.
<<< skipped >>>

GET /s/j/app/main/channel-header/event-transfer.min.7ad4b4a30a314ba357f1f317a6d378fc.js HTTP/1.1


Accept: */*
Referer: hXXp://VVV.dianping.com/contactus
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; AskTB5.6)
Host: j3.s2.dpfile.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Expires: Thu, 23 Apr 2026 20:47:36 GMT
Date: Mon, 25 Apr 2016 20:47:36 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 90
Last-Modified: Fri, 01 Apr 2016 06:36:27 GMT
ETag: "56fe16eb-5a"
Cache-Control: max-age=315360000
Accept-Ranges: bytes
Age: 1
X-Via: 1.1 taizhoudianxin12:6 (Cdn Cache Server V2.0)
Connection: keep-alive
DP.define([],function(){return DP.Class({Implements:"events",initializ
e:function(){}})});.....


GET /lib/1.0/suggest.min.ea3b7ce0b29712205015c66468da7d85.js HTTP/1.1


Accept: */*
Referer: hXXp://VVV.dianping.com/contactus
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; AskTB5.6)
Host: j3.s2.dpfile.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Expires: Thu, 23 Apr 2026 20:47:36 GMT
Date: Mon, 25 Apr 2016 20:47:36 GMT
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Fri, 06 Nov 2015 07:17:22 GMT
Transfer-Encoding: chunked
Cache-Control: max-age=315360000
Content-Encoding: gzip
Age: 1
X-Via: 1.1 taizhoudianxin12:5 (Cdn Cache Server V2.0)
Connection: keep-alive
414.............UMo.6...W$B..(.....Z .".C..-..).."G..Z2$.Y....#)..v..$
j...{o...37T...sF.j.....6{.......[.W.;.. V.%4......./l...??...n..k...H
y.....T. .....9.....'./..}j..t.:.=u.....^u.".B.'G.3>......V.{.E....
.(9...,:......Wv../B..<v..R.Z.2..T.0...l.6..H.k...w......k!.kc..l..
...Y.=..<..N..x.l.2. c.B.fxn....J.Iq............_.9[.......9b..g...
.(...U<...}O......E ]...q.QnM2.........4E.9.E..L..kA7/.yi#..r.....n
.8..ZX.F[..7)....|(.|......J..S..O..]..~z#.g...A.~..&b:{..........A.:J
2.....dl3V$tZ............".9.u..o.W....tw....F\TL...........'[email protected]..?N
..U..Y.Z.D|\.0....I..r...4.........A#u,..7.-.v&.p....`...C2tW1-.......
bN".i.............|[email protected]......}...Y&4...&.a.A...a........
....#.:..C..d.9dz.q....Q.'.9.....,...(l.?L.2G.2./....S].._D..K..[.....
4F..._.0..........5.;..8.W.l4...*....-8..<<[email protected]...<IX4.;...
.j....<.-...[.....h...0.....rZ.... .y.."`....L..<sPc7..J.0V..Xx.
q.`[email protected].... ........'.K..$M.}D.6......8 t......>.P.?.W..t..
......8c.Nr$.....14.#].j|:?<.@.".#Y.b...f"-.....d..qF'WQ../[m..&._.
.o~.....9]...b2..K.. W............0..HTTP/1.1 200 OK..Expires: Thu, 23
 Apr 2026 20:47:36 GMT..Date: Mon, 25 Apr 2016 20:47:36 GMT..Content-T
ype: application/x-javascript; charset=utf-8..Last-Modified: Fri, 06 N
ov 2015 07:17:22 GMT..Transfer-Encoding: chunked..Cache-Control: max-a
ge=315360000..Content-Encoding: gzip..Age: 1..X-Via: 1.1 taizhoudianxi
n12:5 (Cdn Cache Server V2.0)..Connection: keep-alive..414............
.UMo.6...W$B..(.....Z .".C..-..).."G..Z2$.Y....#)..v..$j...{o...37
<<< skipped >>>


GET /static/index/iconfont/iconfont_b2795733.eot HTTP/1.1
Accept: */*
Referer: hXXp://wap.baidu.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; AskTB5.6)
Host: m.baidu.com
Connection: Keep-Alive
Cookie: BAIDUID=019D105E594D5197B27740A98BF8F1C7:FG=1; H_WISE_SIDS=103405_104683_102572_104496_100037_102214_100289_104482_103342_103639_102031_104650_104450_104341_104822_103642_104000_900809_104612_104807


HTTP/1.1 200 OK
Date: Tue, 26 Apr 2016 00:34:35 GMT
Content-Type: application/octet-stream
Content-Length: 38260
Connection: Keep-Alive
Server: apache
traceid: 1461630875097870337011750757510436903270
Expires: Wed, 26 Apr 2017 00:34:35 GMT
Cache-Control: max-age=31536000
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
t.................................LP...........................m......
..............i.c.o.n.f.o.n.t.....R.e.g.u.l.a.r.....V.e.r.s.i.o.n. .1.
..0.....i.c.o.n.f.o.n.t................ OS/26.aG...(...VcmapL.f.......
.Zglyfd.o.........head.&.'.......6hhea...........$hmtxl..........lloca
..!....H...8maxp...h....... name............post.(.....(.........,.,.\
..................................m..._.<...........^i......^i...,.
..,...................\...............................................
[email protected]...,.,.\.,.................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
[email protected]..... .1.4.7.B.K.M.P.S.V.X.l.p.w.......
..'.0...............).9.I.U.........G..... .$.4.7.B.J.M.O.S.U.X.j.n.r.
........'.0............... [email protected].....................................
............$...........c.].\.V.P.J.D.................................
..................................................................
<<< skipped >>>


GET /tongji.do?unit_id=2994045&uv_id=31137119243503273084&uv_new=0&cna=&cg=&mid=&mmland=&ade=&adtm=&sttm=&cpa=&ss_id=1677005717&ss_no=1&ec=1&ref=http://xs.qinqinge.cn/&url=http://xs.qinqinge.cn/dir-4b3wz4J28KrjQg.html&title=%u6700%u65B0%u7AE0%u8282%u5217%u8868 - %u5510%u5CFB - %u4EB2%u4EB2%u9601||%u6700%u70ED%u95E8%u7684%u514D%u8D39%u5C0F%u8BF4%u7F51 - Power by PTcms&charset=utf-8&domain=qinqinge.cn&hashval=1115&filtered=0&app=Microsoft Internet Explorer&agent=Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)&color=24-bit&screen=1920x1080&lg=en-us&je=1&fv=10.0&st=1461628800&vc=928a5346&ut=0&url_id=0&cnu=0.8921676382816897 HTTP/1.1
Accept: */*
Referer: hXXp://xs.qinqinge.cn/dir-4b3wz4J28KrjQg.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Trident/4.0; SV1; Foxy/1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET4.0C; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; 360SE)
Host: dt.tongji.linezing.com
Connection: Keep-Alive
Cookie: lstat_bc=15755787682058973229


HTTP/1.1 200 OK
Server: ngx_openresty/1.0.4
Date: Tue, 26 Apr 2016 00:35:21 GMT
Content-Type: image/gif
Connection: close
Accept-Ranges: bytes
Content-Length: 43
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
P3P: policyref="hXXp://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
GIF89a.............!.......,...........D..;..



GET /hm.js?a14c2100c10f26c37f3ddd0d832e2ce5 HTTP/1.1
Accept: */*
Referer: hXXp://xs.qinqinge.cn/dir-4b3wz4J28KrjQg.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Trident/4.0; SV1; Foxy/1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET4.0C; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; 360SE)
Host: hm.baidu.com
Connection: Keep-Alive
Cookie: HMACCOUNT=62269F14AB68F75F


HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 8803
Content-Type: application/javascript
Date: Tue, 26 Apr 2016 00:35:17 GMT
Etag: 54db3ce114889575cd0e12dbcaa7e1e5
Server: apache
...............(function(){var h={},mt={},c={id:"a14c2100c10f26c37f3dd
d0d832e2ce5",dm:["2.qinqinge.cn"],js:"tongji.baidu.com/hm-web/js/",etr
k:[],icon:'',ctrk:false,align:-1,nv:-1,vdur:1800000,age:31536000000,re
c:0,rp:[],trust:0,vcard:0,qiao:0,lxb:0,conv:0,med:0,cvcc:'',cvcf:[],ap
ps:''};.;.{......p..`5........l.]....X..I..l...c..IZ...wF.CN...{.....3
....d.<5R.LB.....wi..E...;.9.....[.....,..a.....~H'.s..V.....Ij/2.&
gt;..8'j........[..e..../6..k1~z;.......%.4.Oc.F.g5.F..../..D..*..x<
;^...f.].M.....(...Pv..bvhd.Xa......U......T..^.~>.l..m..........GK
&DI.D...kN..`2.UlAQ.Uov&r.,b/.......Y/A.|'..m.,`.X.Ox......3a...h.6L#.
.dV .m..m.m. ..........eg.4.N..|...)....}....0....v......<...EJ...8
-..".&vn..#....:.."..S.e....A.6.l..;..b9.{.$......7B.|x6...GZ......X.j
1P.4.......3.eox..d.$..2.6..|..k.... ..[RX.....j.....~{7......9...g.1.
...S4..#Kb..F.......`.s.g....9H.....T0..D<.'.{%...&...Yd..@.."O..{.
..8....$.,3.A.R.x.M,....J.....)...Q[. ` .....Z...?]B....[,....UMK.,Y..
L.|...u....p_.&.tE.D....9.&r%...t.Kf.H..d.i....&.....b...Xf..I.N.&`...
&...-.YC...P.......%0.e..%_.....!..!ShaU..D0.........&...K.pJt.....H..
V......)(}.d...Z.d...*.Z~......T;... [email protected]}3
...50.TG....#..`K.|....~......,..c......E.4.|gp..a!^..w<Z.......Fh.
...(l*..ge.....i..,Y....I..`."5.3i.....F.........n......:*t.`..QL.<
...v....ge..!.9...yt..@....`I......E.k._.'..(A...].0.........n... ....
...n!k...>...(x..Fnm....n...7.l...e3.f ..6S.LM.8..on...y#;....f....
.F..#........".E..p......GM..3W....f..8.!. .b.>.c....J.......7I
<<< skipped >>>

GET /hm.gif?cc=0&ck=1&cl=24-bit&ds=1920x1080&et=0&fl=11.6&ja=1&ln=en-us&lo=0&lt=1461630894&nv=0&rnd=862003627&si=a14c2100c10f26c37f3ddd0d832e2ce5&st=4&su=http://xs.qinqinge.cn/&v=1.1.26&lv=2&tt=最新章节列表 - 唐峻 - 亲亲阁||最热门的免费小说网 - Power by PTcms HTTP/1.1


Accept: */*
Referer: hXXp://xs.qinqinge.cn/dir-4b3wz4J28KrjQg.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Trident/4.0; SV1; Foxy/1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET4.0C; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; 360SE)
Host: hm.baidu.com
Connection: Keep-Alive
Cookie: HMACCOUNT=62269F14AB68F75F


HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Tue, 26 Apr 2016 00:35:17 GMT
Pragma: no-cache
Server: apache
X-Content-Type-Options: nosniff
GIF89a.............!.......,...........L..;HTTP/1.1 200 OK..Cache-Cont
rol: private, max-age=0, no-cache..Content-Length: 43..Content-Type: i
mage/gif..Date: Tue, 26 Apr 2016 00:35:17 GMT..Pragma: no-cache..Serve
r: apache..X-Content-Type-Options: nosniff..GIF89a.............!......
.,...........L..;..



GET /combos/~lib~1.0~io~ajax.min.js,~lib~1.0~io~jsonp.min.js,~lib~1.0~io~swiff.min.js/9161a9e2ca34898fc4cb45a141573644,08440f9945a0f99cbbcadce7d5b140bf,d684d059e36669bf219edb136c5b4221.js HTTP/1.1
Accept: */*
Referer: hXXp://VVV.dianping.com/contactus
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; AskTB5.6)
Host: j1.s2.dpfile.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Expires: Thu, 23 Apr 2026 20:47:38 GMT
Date: Mon, 25 Apr 2016 20:47:38 GMT
Content-Type: application/x-javascript; charset=utf-8
Transfer-Encoding: chunked
Last-Modified: Fri, 06 Nov 2015 07:19:26 GMT
Content-Encoding: gzip
Cache-Control: max-age=315360000
Age: 1
X-Via: 1.1 taizhoudianxin12:6 (Cdn Cache Server V2.0)
Connection: keep-alive
e98.............Ykw.6..._!.].. J...RF|R...4....9^..H."e.TH.. ...../9v.
.6.b....<.......*.Se.....M..(.Fr.o.yq.........Rv..U..q.Z...7.[/.$..
oo.e....g..J..IT: .i..U...(.zqZ.2.U...~...'...........,T.e.`o^.1...D..
..J....|.v.? V....q.v....-.m.....9\a....4....o.r.Y}]..l..Z.......O..v.
........x<......2.?.a'..?.B.;_.~d..fW...BK.Z..v...H....l%n...m.K;..
o?~9..h..=..1.O..........;...g"q^.0.....\..I..8..g..6].:..S].G.u&HYw.Z
.C..Y....xv..._{.z....Tl^.6....,...e.CG....y.T7$=1..4.......c|g...Z...
..VH;.8.%....H.Gw!mR.]&2N.g........g.. w`.........../..D..e....f..... 
.B^..|.e...v...[.....t.qY...{8.e.P..t...~.hhU...,eQ..<[email protected]....
..2.....C,eN2J^.....wz..k.Y6.*X...l...,N{.|.7;M...y.X&JG-.Z.y.S...x.B.
L .m.....i~.C.....C0..&......M...x.n"<.r!..[s1=E..!"P...:..9a. .U.b
..'.H...sf..a3fk...=.-vIA.N#...!..k.o.x...syI..F.}`.".Gkok.A..lgO..tj.
o..(N.Q]t.8...N[..<0......T......l(.-..d..Y..Sf....Oe.,[.e.YZ.,C.)v
!.|.f.^..a./.pE..Y.....S........Pa..>n.......?,...._..o...s.>F~{
.......)n.99L}..L..k..*M.t..u_.w=..^.O....".z......2.....U|Z0k .....G.
....z..<..~?..~..<.4..e.&..D..'....:....a..xf..n.5n.cc..%.......
<`.<.S..pr.9.&u.1..n....X..8..^{'h..q.....w.-.k*...~.)m..{Y^...q
J.......vL~../e..b!........~....m@jz..$`..B..r.. .QU.pe^.`.}..Okc.qp[a
5.@.:$D....G..".U...B..H.a....k...x.\Me...CY....>.0.u.......Wm.....
.N.5.T.. ..A...,Uj.<......4.?u...oW..p.5..i..@. Z.:..r.L......MpiMw
....W].Bv'.T......[.?.3.......i...sC..:.)h......V`[email protected].$B..
.{.,.e,E`z........._2.....L....Sf.X..p..Z..-i..[......9xs*.#5..w..
<<< skipped >>>


GET /ssid=18634461696c7931323361224b/pu=sz@1321_590/s?word=?????????&sa=ib&ts=0449567&rsv_pq=12456816693376695998&rsv_t=28536gUhuSWmle3xxXpDhCo126b%2BV2%2BkvDYIUFuB3V118CYdMYbluZ HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0E; .NET4.0C)
Host: m.baidu.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Tue, 26 Apr 2016 00:34:34 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: Keep-Alive
Vary: Accept-Encoding
Set-Cookie: BAIDUID=B57E3D290242DA5E0C5C27431C7FCE4C:FG=1; max-age=31536000; expires=Wed, 26-Apr-17 00:34:34 GMT; domain=.baidu.com; path=/; version=1
Set-Cookie: H_WISE_SIDS=100186_104599; path=/; domain=.baidu.com
P3P: CP=" OTI DSP COR IVA OUR IND COM "
Time : Thu Apr 21 19:47:03 CST 2016
Cache-Control: private
CKPACKNUM: 2
CKRNDSTR: 213581974
Server: apache
traceid: 146163087406664660589086315316213581974
Content-Encoding: gzip
74a.............XI.........9.A..;%J..6.....d0....E.H...YE-#....;...rI.
.1>L.#A.k<.._.U.I...3>..[K-o...W=...G.>...?Q.,K.?..\|....'
O.y..'...i.r..(Z.3..ld..?..v..[...L{z(...r.P..3.3.)..U..E.bm.....ex.n.
..E.z.;...".[.bM....IVg..Q...n.3....).......P....aEJ...,Qh..T..o.q..p.
..D........_1...$z.r......vja=.u..]=..U.S...FX..W.K{......_....ruN.!..
._5..)U.A..........DQD..~..M...XC...2?/r<.v8...q..X=....."\...f(M..
._.OqQe.N.2*..}BG.1.aQ!F.\......{...p...V.j.....4Oz<.c.X.......h.;.
,.d..=)..5&......9..ZcE...B..D......Ygq...0..g.aP0Vd......N'}..u....Z%
..pG..Q...L.~......k`.9:.....d...n....Hkf.8n...7..........!.m/..}..HM.
......g.P.....q?.3i.9..u.n.......PJ...!.q.7.[.35%9.z..[w2..i..#=.W?...
3`.......D...y..|...y"pF..8..f..y.S..(.Z..oq...sv.G....*N...&Q...^a...
........\.Z<.8t..jq..%...8'.b.KbN;......A.hA.......T(Q.l%........$.
\.H;.s..1".L....".\.F.P_.2"..m.I.w....|..F[g........d.2..C...z].C=D].T
xQ.DC.a.O.].......(/.i..F.5. ........I'.......=.#.?y.....[.2...w*r..V&
lt;...u.9.. .&.:..0.=..9..vR2....)Q.1.=y..hr......N:.y...&.G<.=<
^bM..,.g.\[email protected]..%..]c.\w..d....*...(..Br.5.....
.!...#.... ....N.f.;...S~\.U...?rG.N~...Z...g...R...u..(....w..r.^....
.. #....k.W.`S..&..%.?..Z .:.[....B...eM......o..as.......-f$DC......O
sC.FwuHzZ$.-.ES.Nb...^.4.8...2.=,.......GV{.O.k$..t98..'..2z....7S.l.!
;k....P*.0E..K^.UEN.h...i.Ac..$...PK..BU.....qE).[....ck<.......q..
m.......^...]....hj...57.p..l..#.5.P.!....%\......W.^............?.z..
.6#.w...........W^.........dW..........A...Z....SY........}.......
<<< skipped >>>

GET /ssid=18634461696c7931323361224b/from=0/bd_page_type=1/uid=0/pu=sz@1321_590,ta@utouch____/baiduid=B57E3D290242DA5E0C5C27431C7FCE4C/w=0_10_?????????/t=wap/l=0/tc?ref=www_utouch&lid=9086315316213581974&order=2&vit=osres&tj=zhidao_2_0_10_l2&fr=ala&waplogo=1&sec=11808&di=b1de644fee51031d&bdenc=1&nsrc=IlPT2AEptyoA_yixCFOxXnANedT62v3IDBqMMS6LLDivpEmixP4kHREsRC0aNWiCGkb8gTCcsBwHxn_f_m1i8R20rahksWse9m36s_GodhLsStY1f0U-2t3HGnQvzfrqyKpOg2Z9ReAoB7-cf_37stg1rsXZaeMs8saC67S6rPzvVY4yYWmZnFrlZEkJDyD0 HTTP/1.1


Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://m.baidu.com/ssid=18634461696c7931323361224b/pu=sz@1321_590/s?word=?????????&sa=ib&ts=0449567&rsv_pq=12456816693376695998&rsv_t=28536gUhuSWmle3xxXpDhCo126b%2BV2%2BkvDYIUFuB3V118CYdMYbluZ
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0E; .NET4.0C)
Host: m.baidu.com
Connection: Keep-Alive
Cookie: BAIDUID=B57E3D290242DA5E0C5C27431C7FCE4C:FG=1; H_WISE_SIDS=100186_104599


HTTP/1.1 302 Moved Temporarily
Date: Tue, 26 Apr 2016 00:34:43 GMT
Content-Length: 0
Connection: Keep-Alive
Server: apache
traceid: 146163088307666706028773033053047951567
Location: hXXp://m.baidu.com/error.jsp?traceid=146163088307666706028773033053047951567
HTTP/1.1 302 Moved Temporarily..Date: Tue, 26 Apr 2016 00:34:43 GMT..C
ontent-Length: 0..Connection: Keep-Alive..Server: apache..traceid: 146
163088307666706028773033053047951567..Location: hXXp://m.baidu.com/err
or.jsp?traceid=146163088307666706028773033053047951567......


GET /error.jsp?traceid=146163088307666706028773033053047951567 HTTP/1.1


Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://m.baidu.com/ssid=18634461696c7931323361224b/pu=sz@1321_590/s?word=?????????&sa=ib&ts=0449567&rsv_pq=12456816693376695998&rsv_t=28536gUhuSWmle3xxXpDhCo126b%2BV2%2BkvDYIUFuB3V118CYdMYbluZ
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0E; .NET4.0C)
Host: m.baidu.com
Connection: Keep-Alive
Cookie: BAIDUID=B57E3D290242DA5E0C5C27431C7FCE4C:FG=1; H_WISE_SIDS=100186_104599


HTTP/1.1 200 OK
Date: Tue, 26 Apr 2016 00:34:44 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: Keep-Alive
Vary: Accept-Encoding
Server: apache
traceid: 146163088404920980588876979868554896025
Content-Encoding: gzip
b05..............m....s...Z.v.]...vlG...(..!T.P.hvw.^n.....w)H.M..6.$J
!.V$..~...i.....b..'.B........D..3^vgg.y....>...c.... .;gW.........
..7}....... .A...=lb...,..C.C:2..h................s...C,.$x.T(B.Jz.y&g
t;&..1.S.X|.u....G..c. ....-. ..<..k0.(..l......m.FF>........7.-
gM......6V.;.....*C...`.....>..#W*.UC.1R.M.'.Xz.r..Q1.`...V..... ..
qwz...'...|{.......7n?...]./.....&.......H....,.%U_....0,..cl..1......
:.l..V... ....L...[.a...G>iI.....2...E..c.<..%......g!...l.c`.*.
...`.e.8Z.pD~A@-:>F...e.t../..!}...#.Pt.v..D<.5D..q..V.8.......h
#B\G......69.....|......2.C...k.'..8..1....@/..J.,9i......`[... .Q. .1
.....%p..g...%.-..N.....MD...fc.....<L`..t.a...7.....V......i..A...
*.*.D....Q...."..o.\V.D....."#.....)...f=..j.C...3.....r..{E._......o.
:..mBA#;jI..4.....F<..V.Om.Z]....U.P.-.....-.<...8S.......$(T7.&
gt;!..}P..8..5.n6Q....".!4j.v.5.r(.y.........._......f......E.....T.b.
(..`I...K-....vd...m4E.C.T..|....p....R..4..H{...[..E..'KX...[..=.|..[
.JR.sx.q}KD0.."...V....hp1.T.Y?I..i.....e.`h2...DVF.AYL....DN....b...l
|Y?....P...!..I.&.......r....6...q.....dH.l..@.;..G......,.z$.&.L2.8dr
..[R..\.aA./R.".L..D.!..["..lz..X0..Es.T&n..O.OI }^"4...W .....G....s5
=...:.4YH*.w.40.......H(BS.1{...R..T...%$.{M{.x......f./( .d.c:..EE`.n
....1..0(..|kI........GJ.`6.b......O. HjhU*.U..,...Ln4.....:A.."g%.T..
yb6&....k.O.7..x...'|%...J...t..R#..,.R......PW.n..5kr.Q..'...0...URm.
..YK.5e.......,UI..-\.q...b.A.....0...&R$!. .y0s.7N?...g.POA'q;...0.. 
.q.L..YtH.3.....?[$Y..!f....B.........]..|."..a(...&...Bd..z#....-
<<< skipped >>>

GET /tc?l=1&ct=23&cst=6&src=http://m.baidu.com HTTP/1.1


Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://m.baidu.com/error.jsp?traceid=146163088307666706028773033053047951567
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0E; .NET4.0C)
Host: m.baidu.com
Connection: Keep-Alive
Cookie: BAIDUID=B57E3D290242DA5E0C5C27431C7FCE4C:FG=1; H_WISE_SIDS=100186_104599


HTTP/1.1 302 Moved Temporarily
Date: Tue, 26 Apr 2016 00:34:48 GMT
Content-Type: text/vnd.wap.wml;charset = utf-8
Content-Length: 763
Connection: Keep-Alive
Keep-Unchanged: 1
Location: hXXp://m.baidu.com/?uid=B57E3D290242DA5E0C5C27431C7FCE4C&bd_page_type=1&baiduid=B57E3D290242DA5E0C5C27431C7FCE4C&tj=tc
Server: apache
traceid: 1461630888064916455411226935757299438389
<?xml version="1.0" encoding="utf-8"?><!DOCTYPE wml PUBLIC "-
//WAPFORUM//DTD WML 1.3//EN" "hXXp://VVV.wapforum.org/DTD/wml13.dtd"&g
t;<wml><card title="百度" onenterforward="hXXp://
m.baidu.com/?uid=B57E3D290242DA5E0C5C27431C7FCE4C&bd_page_type=1&a
mp;baiduid=B57E3D290242DA5E0C5C27431C7FCE4C&tj=tc&ssid=0&f
rom=0&bd_page_type=1&uid=B57E3D290242DA5E0C5C27431C7FCE4C&
pu=0"><p>正在进入,请稍&#x
5019;...<br/><a href="hXXp://m.baidu.com/?uid=B57E3D290242DA5
E0C5C27431C7FCE4C&bd_page_type=1&baiduid=B57E3D290242DA5E0C5C2
7431C7FCE4C&tj=tc&ssid=0&from=0&bd_page_type=1&uid
=B57E3D290242DA5E0C5C27431C7FCE4C&pu=0">点击进
;入</a><br/></p></card></wml>t>....


GET /?uid=B57E3D290242DA5E0C5C27431C7FCE4C&bd_page_type=1&baiduid=B57E3D290242DA5E0C5C27431C7FCE4C&tj=tc HTTP/1.1


Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://m.baidu.com/error.jsp?traceid=146163088307666706028773033053047951567
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0E; .NET4.0C)
Host: m.baidu.com
Connection: Keep-Alive
Cookie: BAIDUID=B57E3D290242DA5E0C5C27431C7FCE4C:FG=1; H_WISE_SIDS=100186_104599


HTTP/1.1 200 OK
Date: Tue, 26 Apr 2016 00:34:49 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 33494
Connection: Keep-Alive
Set-Cookie: H_WISE_SIDS=104380_104338_100615_100272_104038_100290_104906_104482_101977_103550_103641_102730_104808_104340_103301_103642_104000_900800_104845_104612_104637_104781_104901; path=/; domain=.baidu.com
Cache-Control: no-cache
Content-Encoding: gzip
Server: apache
traceid: 146163088907331161708499961446021845254
............yw#.u/.....Z.M. .....y..&[m..P.....c....b).<...b%...I,.
.r,.....,b......o.s..T..&%..w.'.I..3.....>..4.2...:. wj.{......K...
.c.[......{..u.p.....|u..g.-...Zz...7.........v...B..|Yk..N.n.S.N.....
.....hu....B..-.GF^../..Q7j..p;.U.l$.......n[o..Z....~..j. ..^.....>
;.it..a.c.n..|..l....W.<..P...iF....P..u.|.....P;....>..l.K....b
.U.:.....;F..L..W.f.Q7GTo.)....J.sZ.}..&...O:.|...w.......nV...:^..x.c
....r.............J..Q...b...q..~.(d.....d4.....c...Db"..."...........
...i..<.._..d;y.Tji.=[...f7.>...Gb..~<........tkM...=....\...
......._.........A.......pNk......n.u....k......./O...U.....I^\...W.:.
p.....j.....'[email protected].[...f...u;.F....JF}$<.....^.._
...El...V3..#c-C..|.z.H.zi._[.....Fq..`X....H.{Io.........;m.L.....vG`
FN.WJ.F.^....z...m...b.q<|[email protected]/.sn..M...7...:..=..t.&
lt;.h...&&>....n......0.&..w.Qc.a..z^tj].5.t..@$[..4.q.B....`3...*!
.....K..}w....t[.. .3=I......h*.H.bA.....M.2..q2...a..^..X..p...ac...|
.1.7.E.m.....t..:......>*..e...)......;..R......K&z...[bo....[..Y?S
n..@../d.>.]b-}_Un*.:....wd...1...N.0Y.w......k.vZ...d#.h..1....0.@
.=.q..d...r.F...G;..H$.<......0..U9..=.....$.i..*fH.d$.G;.F....5..O
....)..G=..kG...T*[email protected]=...5..%s..vq.....8|.......A.....
.....z.mQ.\.....B....2.).1l7pn..D....}.M,Lp...V/.P.(PK&...D..2..k....w
..lt.....@.. .&....U..6....L...........V..-..QyA..^B8.sa.I.Ge..C....G.
.:{. ...k2$&.e..U.b...a_....b...Fb..._.......L............, .N........
[email protected]`[email protected]..@...[.}.s>.l..S.....\...X...E.N....H~..s.q
<<< skipped >>>


GET /car/ HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 1.1.4322)
Host: hao.360.cn
Connection: Keep-Alive
Cookie: __huid=10Ax0mLArTxw6AI2kJtbR7cblk1KpYICMIrN6xFG4jH8g=; huid_is_new=1; __hsid=af25324b7ecb6883


HTTP/1.1 200 OK
Server: nginx
Date: Tue, 26 Apr 2016 00:35:10 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: max-age=10800
Last-Modified: Tue, 26 Apr 2016 00:33:01 GMT
Content-Encoding: gzip
1221.............;.s.E.?[U....lI.i4...R*!.R..G..n.r....qF3...m.q......
U<. ...a..&p...&[u.......}.=...e.............;(......8./.....1....c
.....l....vZ5..J.`...!.Fj.;...B.k....4V<.3Hc....._...R..........|..
;..h.U...t...j..1.....u..6-Gs....y.9.....3..&..P.!....<......\[..D.
.d\.{..)...1).J...f.Qu]..H. .G...b|..l!...y..)R>WTRXR ..T.MU...,.".
[.`...i.........x...wP:.Xa.5.;...E...V....v.v.6...5.]E..do.:.i.f...-T.
....5M7[U....-.....h[....cuM........K!.<I..d\....h..R.D.l%.i..b...F
`....T~U.....T..qB....ZMw..j@c[.]....i.......XQ.K..DR.Zs...@...|....j`
...vZ75......H.@....\`m.R m......Y6.D-.FS......6...]#.k..'P.l......%..
......y...Y..O........J..1...0n[<..-..d...G.....\..9x....\~g.rCW.&g
t;...w/....\.=1............{w......`.b....[.fi..........2..81S).......
x...._.>.]....{...(.l."m...{...\.[:..],.W..7...u....wM....V........
{W..lv7.a.:..N........_..e....d...3.v..x...!6n..{.TA....pz.^[wEfqD....
n9.8....i...-.W'.5>.xOC.....O..O...u.3...K....{j;A..;..o/..q.......
....&!...c~m...t...[._^.c[.,Z.w.*..[..kn..U.....0....|dI...M.........i
.:..f.P...WE.x...1..w......x.7|...[./.\G.Vu0.....uL. .LA..H........q..
. ..... ..f....AK#.....]....UP....~s...5Y...r.^......`..A.-....uq.....
...6.V.v....I]^.t.rV.f..B..-..(-.]...r.............J4N(..J....|E*...e.
t`C...]..g.5......e._..A......Io&.l.-.Y..u.s.....|.s.D..|Y..z.4*.r<
.H....,....6....../{...<..e.........`..B.w<F.(0.!.lXw3...Z  ..B.
...3...e..0)..x..bi.5........0.....2....a....N..X..y..W.q.......9....'
C.....7.O......../..,...t(........9-v.5..aw....}....4u......s.ST j
<<< skipped >>>


GET /as/down/clt/config/bts_tmh.dat.zip?t=1451883999&checksum=&cid=2899DC5428A441E9A68355A1AEF4DD32 HTTP/1.1
Cache-Control: no-cache
User-Agent: RemoteUpdater : 6.5.63.5
Host: ap.liuliangbao.cn
Connection: Close


HTTP/1.1 302 Found
Server: nginx
Date: Tue, 26 Apr 2016 00:34:36 GMT
Content-Type: application/zip
Content-Length: 0
Connection: close
Location: hXXp://cltres.liuliangbao.cn/clt/config/bts_tmh.dat.zip



GET / HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://VVV.baidu.com/s?wd=丫琴琴小说
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Trident/4.0; SV1; Foxy/1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET4.0C; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; 360SE)
Host: xs.qinqinge.cn
Connection: Keep-Alive


HTTP/1.1 200 OK
Cache-Control: private
Connection: Keep-Alive
Date: Tue, 26 Apr 2016 00:33:22 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PTcms Studio (VVV.ptcms.com)
Content-Encoding: gzip
Vary: Accept-Encoding
Transfer-Encoding: chunked
a..............7c0...}is.............P.l....p.6k......:E...4.hv...[6.0
..$..@H...$......S.h$.S....d[....`.........Y.....9..6.54....R.>....
..WE.L.xW)y...j..D..U..c.%...J.'..xs._..N..N.X...v.K.....w.. .Woj.WUGT
.6O..HQ..E3...f....)..g.;B.Y*w...2..HGBE..RE.w..$. .(#.B.M..HJ..R...K.
...Cd..][email protected]}....................{X~y..p.2{..........?.......7
.8\}..zO)..N.^|q.]...../......?4...Q....J*H.k.~._LU.=:..J...yR.~...y.1
R...'Q,...2.....SO.W.*.w.....;......S.j?|....,.ml..d.z...m.........._.
..V..xTY.v.V.|V......;...J...........q^.~R .X.y..j..O.b.*...w.R.&.$IJ]
[email protected]"KK=\6BS...(.4.w.......%........].M.u..a{...#..]*Q...
Z...=)>K.....t.....Z.;....).'.f2.:..zZ.u,......<rD%..Y<.Du..R
..r.(M."...NF.]K#Z.d.......HJ.......BFED..CxPL.,tsI..f.gER.{.x.....i6A
1...$.;..."B...."...N]..=.N.*O]....c..e... .(W..]...a....@*% T?.....d.
.G7znec...Zp......U..E...U.....b.UB.......d.R.x.V.u..LD..X?d...... .m.
.C.S...1n....r...Y.].F2.....$)v..C...<....V.....X....*..J.H.......v
.l.S.a....g/..!N.:us.G....u...a.X...2...v.f..]{.J&...NW./Tf/......=...
...... ..U..ko.....c"G0....x........Et/........F.Tf..g~...xK.....=H...
4Kyv.&.....Vf..==<....2X.zHe.[..*C$...`w..w.....o.$.<.4..IE.....
 |[email protected]%.mT......7.J:..2"I.....'....44..(5[ Qj....u$.P..Mn..IT
.d.d=....N.-.6.G../..C........N..N7.pRR..@.....<l...H4.V...cg......
........^._]R.a.IM.u....&....1.5..5...baT......:.......Z....9.i."l.M..
{W[[email protected]...#.....}S.;7...lfU......|.....3ddZ.....G.....)TI....h.`-L.
...Sy..|.........e.`-........o6..'..2'.@[*Y.........Rdd5.......A..
<<< skipped >>>


GET /hm.js?a14c2100c10f26c37f3ddd0d832e2ce5 HTTP/1.1
Accept: */*
Referer: hXXp://xs.qinqinge.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Trident/4.0; SV1; Foxy/1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET4.0C; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; 360SE)
Host: hm.baidu.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 8803
Content-Type: application/javascript
Date: Tue, 26 Apr 2016 00:34:39 GMT
Etag: 54db3ce114889575cd0e12dbcaa7e1e5
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=62269F14AB68F75F; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
...............(function(){var h={},mt={},c={id:"a14c2100c10f26c37f3dd
d0d832e2ce5",dm:["2.qinqinge.cn"],js:"tongji.baidu.com/hm-web/js/",etr
k:[],icon:'',ctrk:false,align:-1,nv:-1,vdur:1800000,age:31536000000,re
c:0,rp:[],trust:0,vcard:0,qiao:0,lxb:0,conv:0,med:0,cvcc:'',cvcf:[],ap
ps:''};.;.{......p..`5........l.]....X..I..l...c..IZ...wF.CN...{.....3
....d.<5R.LB.....wi..E...;.9.....[.....,..a.....~H'.s..V.....Ij/2.&
gt;..8'j........[..e..../6..k1~z;.......%.4.Oc.F.g5.F..../..D..*..x<
;^...f.].M.....(...Pv..bvhd.Xa......U......T..^.~>.l..m..........GK
&DI.D...kN..`2.UlAQ.Uov&r.,b/.......Y/A.|'..m.,`.X.Ox......3a...h.6L#.
.dV .m..m.m. ..........eg.4.N..|...)....}....0....v......<...EJ...8
-..".&vn..#....:.."..S.e....A.6.l..;..b9.{.$......7B.|x6...GZ......X.j
1P.4.......3.eox..d.$..2.6..|..k.... ..[RX.....j.....~{7......9...g.1.
...S4..#Kb..F.......`.s.g....9H.....T0..D<.'.{%...&...Yd..@.."O..{.
..8....$.,3.A.R.x.M,....J.....)...Q[. ` .....Z...?]B....[,....UMK.,Y..
L.|...u....p_.&.tE.D....9.&r%...t.Kf.H..d.i....&.....b...Xf..I.N.&`...
&...-.YC...P.......%0.e..%_.....!..!ShaU..D0.........&...K.pJt.....H..
V......)(}.d...Z.d...*.Z~......T;... [email protected]}3
...50.TG....#..`K.|....~......,..c......E.4.|gp..a!^..w<Z.......Fh.
...(l*..ge.....i..,Y....I..`."5.3i.....F.........n......:*t.`..QL.<
...v....ge..!.9...yt..@....`I......E.k._.'..(A...].0.........n... ....
...n!k...>...(x..Fnm....n...7.l...e3.f ..6S.LM.8..on...y#;....f....
.F..#........".E..p......GM..3W....f..8.!. .b.>.c....J.......7I
<<< skipped >>>

GET /hm.gif?cc=0&ck=1&cl=24-bit&ds=1920x1080&et=0&fl=11.6&ja=1&ln=en-us&lo=0&nv=1&rnd=1006647425&si=a14c2100c10f26c37f3ddd0d832e2ce5&st=3&su=http://VVV.baidu.com/s?wd=%E4%B8%AB%E7%90%B4%E7%90%B4%E5%B0%8F%E8%AF%B4&v=1.1.26&lv=1&tt=亲亲阁||最热门的免费小说网 - Power by PTcms HTTP/1.1


Accept: */*
Referer: hXXp://xs.qinqinge.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Trident/4.0; SV1; Foxy/1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET4.0C; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; 360SE)
Host: hm.baidu.com
Connection: Keep-Alive
Cookie: HMACCOUNT=62269F14AB68F75F


HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Tue, 26 Apr 2016 00:34:40 GMT
Pragma: no-cache
Server: apache
X-Content-Type-Options: nosniff
GIF89a.............!.......,...........L..;HTTP/1.1 200 OK..Cache-Cont
rol: private, max-age=0, no-cache..Content-Length: 43..Content-Type: i
mage/gif..Date: Tue, 26 Apr 2016 00:34:40 GMT..Pragma: no-cache..Serve
r: apache..X-Content-Type-Options: nosniff..GIF89a.............!......
.,...........L..;..



GET /2994045/tongji.js?20160426 HTTP/1.1
Accept: */*
Referer: hXXp://xs.qinqinge.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Trident/4.0; SV1; Foxy/1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET4.0C; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; 360SE)
Host: js.tongji.linezing.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/x-javascript
Content-Length: 4274
Connection: keep-alive
Date: Tue, 26 Apr 2016 00:00:00 GMT
Vary: Accept-Encoding
X-Powered-By: PHP/5.2.5
Last-Modified: Wed, 29 Jul 2009 06:22:04 GMT
Expires: Tue, 26 Apr 2016 01:00:00 GMT
Content-Encoding: gzip
Age: 2083
X-Cache: HIT TCP_MEM_HIT dirn:6:422297873
X-Swift-SaveTime: Tue, 26 Apr 2016 00:00:00 GMT
X-Swift-CacheTime: 3600
Via: cache8.hk1[0,200-0,H], cache6.hk1[0,0]
Timing-Allow-Origin: *
EagleId: 869fd24614616308835178435e
...........Z.s.8.... ..\dE.$...................QA$$A..$%YN.._......$S.
.P$.....F...C....o..9^.K.~}..GxOk..\........n.......}/....:y*f3.9"...#
.$.9Q.} .b!..D<.q'.;.. ..Z.u....e"#.=......:......i.O.E...V..d....V
..Y?..<_..^.........-D....)?V......W.w....f:......y"....uo.. ..A&..
5:C..TLe.N#G.......|.y...qa....25s.3....D..n...*?_.....iXH5_..5.^.P/..
m.2.o......$.NU...q...k1....X...=Db..".Sky..\Z.p.m.<.9.../"#T.....N
.x..............8..!.(/m..`..$..6..`M...T....&.x..@.......,e)6.?,....:
...c.-...x..k....y.`....l..<Gf......L..."=.7.3..s.e...N.`b_;.y....s
...'.6.#....z.G".}...........[m.F:..........=....>%.T%0..%.._.;..G.
...... ..j.Ee.oI.x..........Rz.k.\.x?........;..;2........:5..r.[....#
?.;..vW ..f.5..W.2_.?....El..8....1....L..M...|.I.}!F..E.V.0.t[.'(....
7..a.<N&~......D..L!.=.$d.......k.'.."<.....n....q#..y~~fRtE...x
C.8..K.F.k.N......)H?. ...)..~.:].e..l..x......2...K.,pYfty....b..H...
]..x.<.....,............`[AU([email protected]...:.d8|.,.
`[email protected]@k.......#,0....8`...p...S O.<..t..h.e..)..
...t......t....'.......P...@=.z...3..^d...x............x...........>
;z%.J.H...).*..sV.y.....2..O.........N..:[email protected]<.U.....(. .T.X.n
..%z.....VPr.%WPh...PVL......B ......-.....h.....@d.%..5f..9.tp@..#3..
sh0........#.j.1......s..~.......r..>.|...#[email protected]`[email protected]&l
t;.|...Y... (.....L. -....E.s...9.^.^.[).8...H!#[email protected]..@..
.&............38.S.N......-.....AF...dpb.._.i..e.4.K2H.`L....9...3...3
[email protected]......./.x..
<<< skipped >>>


GET /clt/config/GlobalConfig_6.5.ini?t=1460363816&checksum=&cid=2899DC5428A441E9A68355A1AEF4DD32 HTTP/1.1
Cache-Control: no-cache
User-Agent: RemoteUpdater : 6.5.63.5
Host: cltres.liuliangbao.cn
Connection: Close


HTTP/1.1 200 OK
Server: nginx
Date: Tue, 26 Apr 2016 00:34:26 GMT
Content-Type: application/octet-stream
Content-Length: 2804
Last-Modified: Mon, 11 Apr 2016 08:36:56 GMT
Connection: close
ETag: "570b6228-af4"
Accept-Ranges: bytes
..[.9.5.0.9.5.].....C.h.e.c.k.F.r.o.m.F.i.r.s.t.=.0.....D.e.s.c.r.i.p.
t.i.o.n.=.)Y s;So.....F.i.l.t.e.r.=.9.5.0.9.5...c.o.m.....F.r.o.m.T.y.
p.e.=.1.3.....T.o.=.d.e.t.a.i.l...y.a.o...9.5.0.9.5...c.o.m.....[.A.l.
e.x.a.S.e.t.t.i.n.g.].....A.I.D.L.i.f.e.T.i.m.e.=.3.....A.I.D.U.p.d.a.
t.e.D.a.y.=.2.0.1.2.0.2.1.7.....A.I.D.U.p.d.a.t.e.R.a.t.e.=.0.....C.h.
a.n.g.e.A.I.D.W.h.e.n.I.p.U.p.d.a.t.e.=.0.....[.D.o.m.a.i.n.F.i.l.t.e.
r.].....D.o.m.a.i.n.F.i.l.t.e.r.L.i.s.t.=.a.l.i.t.r.i.p.,.m.o.g.u.j.i.
e.,.m.e.i.l.i.s.h.u.o.,.9.5.0.9.5.....[.D.o.m.a.i.n.L.i.s.t.].....c.o.
u.n.t.r.y.=.a.c. .a.d. .a.e. .a.f. .a.g. .a.i. .a.l. .a.m. .a.n. .a.o.
 .a.q. .a.r. .a.s. .a.t. .a.u. .a.w. .a.z. .b.a. .b.b. .b.d. .b.e. .b.
f. .b.g. .b.h. .b.i. .b.j. .b.l. .b.m. .b.n. .b.o. .b.r. .b.s. .b.t. .
b.v. .b.w. .b.y. .b.z. .c.a. .c.c. .c.d. .c.f. .c.g. .c.h. .c.i. .c.k.
 .c.l. .c.m. .c.n. .c.o. .c.r. .c.s. .c.u. .c.v. .c.x. .c.y. .c.z. .d.
e. .d.j. .d.k. .d.m. .d.o. .d.z. .e.c. .e.e. .e.g. .e.r. .e.s. .e.t. .
e.u. .f.i. .f.j. .f.k. .f.m. .f.o. .f.r. .g.a. .g.b. .g.d. .g.e. .g.f.
 .g.g. .g.h. .g.i. .g.l. .g.m. .g.n. .g.p. .g.q. .g.r. .g.s. .g.t. .g.
u. .g.w. .g.y. .h.k. .h.m. .h.n. .h.r. .h.t. .h.u. .i.d. .i.e. .i.l. .
i.m. .i.n. .i.o. .i.q. .i.r. .i.s. .i.t. .j.e. .j.m. .j.o. .j.p. .k.e.
 .k.g. .k.h. .k.i. .k.m. .k.n. .k.p. .k.r. .k.t. .k.w. .k.y. .k.z. .l.
a. .l.b. .l.c. .l.i. .l.k. .l.r. .l.s. .l.t. .l.u. .l.v. .l.y. .m.a. .
m.c. .m.d. .m.e. .m.g. .m.h. .m.k. .m.l. .m.m. .m.n. .m.o. .m.p. .m.q.
 .m.r. .m.s. .m.t. .m.u. .m.v. .m.w. .m.x. .m.y. .m.z. .n.a. .n.c.
<<< skipped >>>


GET /template/default/public/css/style.css HTTP/1.1
Accept: */*
Referer: hXXp://xs.qinqinge.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Trident/4.0; SV1; Foxy/1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET4.0C; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; 360SE)
Host: xs.qinqinge.cn
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 6374
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Thu, 30 Apr 2015 07:23:26 GMT
Accept-Ranges: bytes
ETag: "02b4b8c1683d01:18e4b"
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 26 Apr 2016 00:33:22 GMT
...........=...8v..tc.3..V.K......,.%[email protected]>).....!%
.N.$ku.$...xx.!).....?..#../. ...=...cW.NE.t......G\|>...-...j...H^
..n..ER.v$......E..... C.....n....'...?<......>...K......7..n..@
..:.aI.}L.GP)I..x.;J..Zb....cO.\qO..X...3...*.!"..hk.75E.F[...:.].F...
GY^.|xC.T`...FZ~...9.........e.S.f..%T...h}9M........y2.....}..3.Og.C.
%Z.k4tM]..%....`Zq...a...."p....y(....,..zj...3.6D..%M......2Y}]n...=}
.m&.Dmk........<...2&..LZ.T.?...te.TUu....yX|........S.V........X6.
f...o....p?.&.....2....6>...,12.".)#.~.V5..n$.K]...4X.i...OA....f.c
f...7V..........oT......#9.......O......`p......\..7/.a..we...kf..39..
.QEl8..E!.-n..(_......R.*...|.^.P......6_.r<........x...iH1N.......
...........H..."))..v.....5B0..L....G..%k.[J...>.....[Z.2.:.C.nzK..
.....^..w_..i.~CK....b.X..q..S*N.8..i/N.8E.<G..OU..QxY..P....vI..3.
3k.`.e.,...i.O.D.'sq...T.n..$.2....\...p.Pd.8.f...,...fb?.gY.h&r..6..(
.p..'A....|y....(........T.".....F$. .32..!?.];.....c........l "....,.
S._....G...`;H.<r...dl@ ..E..K....v....XS...(80....IB.)..Bh).......
.,[email protected]....=t?.>J./...~dZ.....q..z.6....< 
3F.]....1?V!;..d..W.?..E.x<N...l..%.>)'. ...O.3#../.$...*.P...j.
wO.*.3...y.iM.cb.Q{].v#.4]O.1.M.c..>J.c.(..$hX.]...[C...=3...-~....
.....,K.V1V.s..Pd...,.c.ef..$...jj..n..........3.J<[email protected]!.'0
........a~W..B..........AS...e%/g...X..m.k...P.dFh.........C..1L.d...u
..Z...\&{..y..........S.>...U.e...=....?.....0.'.g..T..R..u...>2
5..MR.SO..-8J3..6)..h.........gW5.T....\.d3\q.......-....6KU......
<<< skipped >>>

GET /public/script/jquery.min.js HTTP/1.1


Accept: */*
Referer: hXXp://xs.qinqinge.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Trident/4.0; SV1; Foxy/1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET4.0C; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; 360SE)
Host: xs.qinqinge.cn
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 33097
Content-Type: application/x-javascript
Content-Encoding: gzip
Last-Modified: Thu, 30 Apr 2015 07:15:44 GMT
Accept-Ranges: bytes
ETag: "090eb781583d01:18e4b"
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 26 Apr 2016 00:33:23 GMT
............[.$G. .......S....."9g..l.....r.lr.=Cr..DT.gU........"..Q.
.X. H. h. `....E....5:.|....>3.Kx\..9 ...2.nnnnnnnn~.tt...*Y....O.f
....?bh...G......&[JU........Z.,W...=...w.d.7iq..gs....i!uU....L......
M..{..*.{.s....=.z.....x...u\.!.....|%...$..Mc..V.NO....r.I.2..G'O.#6.
....,^......rr%..Z..e.e..)T...|}.mD%.... *.....F..d4..%.Z.....&...&...
d\.......H^N.,u\...d......._C0)..T..J.... ...{....zo.V4...cv...X.e..b.
v!L.....IV............\/.[.Jg......'GX"f......Y...1{p.M...~.......G..,
.~.. .......jCK..H..{z{.md,.1...;..M.5.&:...........i.<!^...2.....h
.'.t..8.}K.....R<,?S.M.nj[.!4...i.....J.H35e.....u.......)6.".b....
....(.{........z..I..v>Gu.....,d...|Yma.?*. ...deS_m$F23.z...J_.N2$
..]..(...O-......X......u.....l....vR.^@s.XN.[%..a.M............o&.i..
....).D..3^...[.T....%..('[email protected]#.<..F..H..d.....p.W.?.q.3Q..."m
Z<...x.nL.I.ZA3.c.y.`..8..ql>.d.....a.MT...m.. .^.]O.m..........
.q=...J..zQ.!%L38j-..I0Ur.f.,..#9>.`.U.....S!.o.o&e.....\...7/6."&g
t;.)e........X7...8...$.. ....... ;..\d...J..j._\...r.=Z./....7..BLJ..
../[email protected].,...FO...E...}.0.d!..M3l1
....5...3..,...L...*..eJ......=.X..!9..</>.l.U..M.....;..3r.W...
;`A...y.[{]?....F...P...n.Hx.C..S|.x!4...9.g.....=h..g........~.....I.
.eYBB.../....qV.....e.t.............31_..8O.......|[email protected]....
d.H..P.(..<p\...f8>[email protected]..|...Rc....T1j.
8P]..........H..C..L.X7R............?{..H._j..r.k.....R}=..w../....X..
..8...b..;..M.R.:...9I\....X.....J.#6{?...m.....<9C*2..={......
<<< skipped >>>

GET /template/default/public/js/common.js HTTP/1.1


Accept: */*
Referer: hXXp://xs.qinqinge.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Trident/4.0; SV1; Foxy/1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET4.0C; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; 360SE)
Host: xs.qinqinge.cn
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 478
Content-Type: application/x-javascript
Content-Encoding: gzip
Last-Modified: Thu, 30 Apr 2015 07:23:44 GMT
Accept-Ranges: bytes
ETag: "0c05971683d01:18e4b"
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 26 Apr 2016 00:33:26 GMT
.............o.0.....O.RAm..E..u.M;..C..1.X3~.v.TS....S.YF.!Y...{..._.
.M...:Hj8J.b...ybg.....a......x.6.... "..RG.Gab...u.'T.(,P.L..4......=
.F.K.../...>.5.]{.....f3Z..V..M}#..Us......p.6.,.."8..B...........d
a....fD..........)P.9....r.Q._............l.5.U .<_...|......./....
..C......G.K-Y....e,~W.$..L.f.z.w..On.n..E:._...qj.....Au.j....2D..B@.
*... ..gi...m..?............).. .!.....6..KR3.S07......D.7....^l2.^.F.
......Y..B}...*..p.?......%....Gv..............9....A.1.h<......ont>....


GET / HTTP/1.1


Accept: */*
Referer: hXXp://xs.qinqinge.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Trident/4.0; SV1; Foxy/1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET4.0C; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; 360SE)
Host: xs.qinqinge.cn
Connection: Keep-Alive


HTTP/1.1 200 OK
Cache-Control: private
Connection: Keep-Alive
Date: Tue, 26 Apr 2016 00:33:26 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PTcms Studio (VVV.ptcms.com)
Content-Encoding: gzip
Vary: Accept-Encoding
Transfer-Encoding: chunked
a..............7c0...}is.............P.l....p.6k......:E...4.hv...[6.0
..$..@H...$......S.h$.S....d[....`.........Y.....9..6.54....R.>....
..WE.L.xW)y...j..D..U..c.%...J.'..xs._..N..N.X...v.K.....w.. .Woj.WUGT
.6O..HQ..E3...f....)..g.;B.Y*w...2..HGBE..RE.w..$. .(#.B.M..HJ..R...K.
...Cd..][email protected]}....................{X~y..p.2{..........?.......7
.8\}..zO)..N.^|q.]...../......?4...Q....J*H.k.~._LU.=:..J...yR.~...y.1
R...'Q,...2.....SO.W.*.w.....;......S.j?|....,.ml..d.z...m.........._.
..V..xTY.v.V.|V......;...J...........q^.~R .X.y..j..O.b.*...w.R.&.$IJ]
[email protected]"KK=\6BS...(.4.w.......%........].M.u..a{...#..]*Q...
Z...=)>K.....t.....Z.;....).'.f2.:..zZ.u,......<rD%..Y<.Du..R
..r.(M."...NF.]K#Z.d.......HJ.......BFED..CxPL.,tsI..f.gER.{.x.....i6A
1...$.;..."B...."...N]..=.N.*O]....c..e... .(W..]...a....@*% T?.....d.
.G7znec...Zp......U..E...U.....b.UB.......d.R.x.V.u..LD..X?d...... .m.
.C.S...1n....r...Y.].F2.....$)v..C...<....V.....X....*..J.H.......v
.l.S.a....g/..!N.:us.G....u...a.X...2...v.f..]{.J&...NW./Tf/......=...
...... ..U..ko.....c"G0....x........Et/........F.Tf..g~...xK.....=H...
4Kyv.&.....Vf..==<....2X.zHe.[..*C$...`w..w.....o.$.<.4..IE.....
 |[email protected]%.mT......o..t2.dD......O(...ih\#Qj.@..(X ..H..b1..R...
..,.zfY...,[.m...._.o......i....e.n....<m../|-.y..)2.h:..O...(..s..
_)3............(..4."I..M...lcHk.Kk$.i....CY'1ku~..;.7.."1.9rd..E.B...
...J'3..&..!.G..$.....wn..%...&K%......g .g........../>.eS..H1D;.V.
Z..Z.....K...M..%.Y5.V.Z.......7.l.,OR.eN^..T....Y....Q...jT....W.
<<< skipped >>>


GET /ajax/advertise?position=PC_bottom_banner&cityId=1 HTTP/1.1
Accept: application/json, text/javascript
Accept-Language: en-us
x-request: JSON
Referer: hXXp://VVV.dianping.com/contactus
x-requested-with: XMLHttpRequest
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; AskTB5.6)
Host: VVV.dianping.com
Connection: Keep-Alive
Cookie: PHOENIX_ID=0a650671-1544ffd475f-f0110af; aburl=1; cy=1; cye=shanghai; _hc.v="\"03739d5b-18c4-42af-9900-87bee21fc228.1461630891\""; JSESSIONID=C1AB80F45F4CF2D52CDB5CFD7C5D03A0


HTTP/1.1 200 OK
Date: Tue, 26 Apr 2016 00:34:59 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 772
Connection: keep-alive
Keep-Alive: timeout=5
Content-Language: zh-CN
Pragma: no-cache
Cache-Control: no-cache
Server: DPweb
{"adBeginTime":1461630899250,"adDto":{"advertisementID":0,"beginTime":
"2016-04-26T08:34:59","endTime":"2016-04-26T08:34:59","ext":{"adPublis
hExPlatformDTOList":[{"adPublishAttrDTOList":[],"platform":1,"recommen
dScope":0},{"adPublishAttrDTOList":[],"platform":2,"recommendScope":0}
],"bgImg":null,"pullImg":null,"recommendScope":0},"imgAbsolutePath":"h
ttp:\/\/VVV.dpfile.com\/sc\/ares_pics\/86099974a90ebbb9b52f79f814cfb9d
8.png","imgPath":"http:\/\/VVV.dpfile.com\/sc\/ares_pics\/86099974a90e
bbb9b52f79f814cfb9d8.png","publishID":3,"recomScope":0,"resourceID":0,
"subTitle":"...............","title":"...............","type":0,"url":
"http:\/\/VVV.dpfile.com\/mwap\/mmlong\/mfchwlweb\/index.html"},"adEnd
Time":1461630899250,"cityId":1,"code":200,"position":"PC_bottom_banner
"}....


GET /ajax/advertise?position=PC_bottom_QRCode&cityId=1 HTTP/1.1


Accept: application/json, text/javascript
Accept-Language: en-us
x-request: JSON
Referer: hXXp://VVV.dianping.com/contactus
x-requested-with: XMLHttpRequest
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; AskTB5.6)
Host: VVV.dianping.com
Connection: Keep-Alive
Cookie: PHOENIX_ID=0a650671-1544ffd475f-f0110af; aburl=1; cy=1; cye=shanghai; _hc.v="\"03739d5b-18c4-42af-9900-87bee21fc228.1461630891\""; JSESSIONID=C1AB80F45F4CF2D52CDB5CFD7C5D03A0


HTTP/1.1 200 OK
Date: Tue, 26 Apr 2016 00:34:59 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 772
Connection: keep-alive
Keep-Alive: timeout=5
Content-Language: zh-CN
Pragma: no-cache
Cache-Control: no-cache
Server: DPweb
{"adBeginTime":1461630899547,"adDto":{"advertisementID":0,"beginTime":
"2016-04-26T08:34:59","endTime":"2016-04-26T08:34:59","ext":{"adPublis
hExPlatformDTOList":[{"adPublishAttrDTOList":[],"platform":1,"recommen
dScope":0},{"adPublishAttrDTOList":[],"platform":2,"recommendScope":0}
],"bgImg":null,"pullImg":null,"recommendScope":0},"imgAbsolutePath":"h
ttp:\/\/VVV.dpfile.com\/sc\/ares_pics\/a542550f579785b728cfcb97f6a8e8c
3.jpg","imgPath":"http:\/\/VVV.dpfile.com\/sc\/ares_pics\/a542550f5797
85b728cfcb97f6a8e8c3.jpg","publishID":1,"recomScope":0,"resourceID":0,
"subTitle":"...............","title":"...............","type":0,"url":
"http:\/\/VVV.dpfile.com\/mwap\/mmlong\/mfchwlweb\/index.html"},"adEnd
Time":1461630899547,"cityId":1,"code":200,"position":"PC_bottom_QRCode
"}HTTP/1.1 200 OK..Date: Tue, 26 Apr 2016 00:34:59 GMT..Content-Type: 
application/json;charset=UTF-8..Content-Length: 772..Connection: keep-
alive..Keep-Alive: timeout=5..Content-Language: zh-CN..Pragma: no-cach
e..Cache-Control: no-cache..Server: DPweb..{"adBeginTime":146163089954
7,"adDto":{"advertisementID":0,"beginTime":"2016-04-26T08:34:59","endT
ime":"2016-04-26T08:34:59","ext":{"adPublishExPlatformDTOList":[{"adPu
blishAttrDTOList":[],"platform":1,"recommendScope":0},{"adPublishAttrD
TOList":[],"platform":2,"recommendScope":0}],"bgImg":null,"pullImg":nu
ll,"recommendScope":0},"imgAbsolutePath":"http:\/\/VVV.dpfile.com\/sc\
/ares_pics\/a542550f579785b728cfcb97f6a8e8c3.jpg","imgPath":"http:\/\/
VVV.dpfile.com\/sc\/ares_pics\/a542550f579785b728cfcb97f6a8e8c3.jp
<<< skipped >>>


GET /broker-service/api/single?v=1&ts=1461630912378&tu=/ajax/advertise&d=500 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.dianping.com/contactus
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; AskTB5.6)
Host: catdot.dianping.com
Connection: Keep-Alive
Cookie: PHOENIX_ID=0a650671-1544ffd475f-f0110af; aburl=1; cy=1; cye=shanghai; _hc.v="\"03739d5b-18c4-42af-9900-87bee21fc228.1461630891\""


HTTP/1.1 200 OK
Server: DP Web 2.0
Date: Tue, 26 Apr 2016 00:34:59 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 5
Connection: keep-alive
Keep-Alive: timeout=5
ERROR....


GET /broker-service/api/single?v=1&ts=1461630912378&tu=/ajax/advertise&d=500 HTTP/1.1


Accept: */*
Referer: hXXp://VVV.dianping.com/contactus
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; AskTB5.6)
Host: catdot.dianping.com
Connection: Keep-Alive
Cookie: PHOENIX_ID=0a650671-1544ffd475f-f0110af; aburl=1; cy=1; cye=shanghai; _hc.v="\"03739d5b-18c4-42af-9900-87bee21fc228.1461630891\""


HTTP/1.1 200 OK
Server: DP Web 2.0
Date: Tue, 26 Apr 2016 00:35:00 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 5
Connection: keep-alive
Keep-Alive: timeout=5
ERRORHTTP/1.1 200 OK..Server: DP Web 2.0..Date: Tue, 26 Apr 2016 00:35
:00 GMT..Content-Type: text/html;charset=UTF-8..Content-Length: 5..Con
nection: keep-alive..Keep-Alive: timeout=5..ERROR..



GET /static/8a60aae81b5f422b.css HTTP/1.1
Accept: */*
Referer: hXXp://hao.360.cn/car/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 1.1.4322)
Host: s9.qhimg.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 944
Connection: keep-alive
Server: nginx
Date: Thu, 04 Feb 2016 23:12:52 GMT
Last-Modified: Thu, 07 May 2015 02:04:01 GMT
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip
X-QSTATIC-HIT: 1
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
Vary: Accept-Encoding
Age: 7003339
X-Cache: Hit from cloudfront
Via: 1.1 147e057d2f96cf5a0082d96978e38a5b.cloudfront.net (CloudFront)
X-Amz-Cf-Id: LN_mvoEsItgZ9PcBba35c9HsjL3WBC48XoAyMaU4c_bxpLwrwKaRoA==
......JU...U.n.8..........n.b....b................}Yi.H..9uNU.)...KR.j
..$.o...E....-M..V.b.....!..hN....k..T.Gh...'pg..I.e..,..."Mb.....N@..
. @....B....=B{.6....fP .A....Y..a....`...U.,{X....J.._....l....ql$N..
P.e....R..T.2.8a.....Q...I...K~"...,....ie.19......)..J.ic....q5.....U
.....*...RF...W"!.7.w.R.&2;..b8....i.X...\e.k.$...kU3.m.ME.%.....2K.0#
..wj...)$.v......vz..7.^[email protected]`.p(.X.d..#B......,.8.Sb...(M.
,V..S......-...Lj.|.\.sK.........&V..UJ...:.2........O.../.Kj....q.'..
{-.o........r....:l...=.h.....ro...St..........m.;7....O..ma.h.oZ..w..
(...%..g.3...L....<.....T......J.............7$..=...-<&.]q.I...
..G.Y......;..7....F.3.mo\.....K#.`U...bq<...sj[|;.-.....[ ....[...
.[ ...9.n>p.V......V....=..=s2.=...'..l. ....d.|s..u.\g..".%."| {..
A.1....c.G..).@..)[email protected]. !.....]. ....T.w5...jl..5.i^b.8....=.5.R..q.
w:`...q=N....y=..q]...V... ..<..P.c!..<..p..e./..<^......q)..
..P......c.?.nc.|QN...].WW..B.....n..kp. .........0........
<<< skipped >>>

GET /static/253c424d7db0436b,a0c99209afc03502.css HTTP/1.1


Accept: */*
Referer: hXXp://hao.360.cn/car/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 1.1.4322)
Host: s9.qhimg.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: text/css
Content-Length: 2945
Connection: keep-alive
Server: nginx
Date: Mon, 25 Apr 2016 03:57:34 GMT
Last-Modified: Mon, 25 Apr 2016 03:34:52 GMT
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip
X-QSTATIC-HIT: 1
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
Vary: Accept-Encoding
Age: 74257
X-Cache: Hit from cloudfront
Via: 1.1 147e057d2f96cf5a0082d96978e38a5b.cloudfront.net (CloudFront)
X-Amz-Cf-Id: 6tBxTUSdAetcw8GbFTvm5Kpg1bnPZF0-b4-lLNFUC0WqHAzGYcjG_A==
....\..W....[......3Z.L{`.....U u.....J E.....).33..../.lc....3.....f.
.>..,..{ri........!..)...W.v.u.. ...h<.|.@..?..X.n..q./#..}}<
...7t....9....k...n..u_5..;.D../..xt....bpw".q/.*.n^..........{.!..$a.
..r.O..Oo..a{.3...*..<......k.*..!.`..9.m.i^U.'DJ.n)..>.....8...
...SE..{.....U....g......n..~...#.v`[email protected](a.~.. ....N.gx.
.K.<......v...S}>Rt..#..(....I.`.................W..^.m....&-]..
.......E[.u..\.A6..dI....#.. <q.....-`.Ut......;...V[?.a....n......
BM....{.<}Uxl...D..-t&..c....@a.`...-^....u...R5lwg.q.......;R.T...
.x...*.).. j.n..u...2....~..Q9.......E...N.......xe.....'.H..3.(^J.O..
g.F .1..8M2..c].0.:-.ts....).........c.....T.x.gK.S....*.e.......3....
....Bu.i..8.e.c.C.P............,.b.N\7E.k.*..8..w.a5...7..C]jC...4`]..
.....8..`a:.....\.,....Q.....-.T...s..J.. . ...F..2..$.... ......s.S.:
!......._7\............U..l...m.VG........I.......<..T..z....p.....
.3K.....R'!^.............Hp.!A.D3n.k...9^C..j...F.A(....-....Fh9.YW.s.
.3..nW.WC8..........o.D....C.P...Fh...u...T....w\...o....g.H...\./...4
...B.....:.I..w. .k..x..}yr ....?|B].....s...pm.a..j.%.-...C'.....E.n.
<:l..................N...b..U'..n. ......,........22@;.....=.n...Z.
..X..$N. [email protected].....'t...E..y...$.e3..,..z
.2......j..bK.. .... .g...v.E..;.&.o..#..K...V.v-2...M..?..Rx.7P....i.
.<..<............y..Ywb.....S..G(K.R8Q.|..;.z.........z...>."
Z..(...............hv........?h..N`.C.....7Z.5..q.......R..$8."..;.a*.
.....B.t.>..z*2.'....8..`.^I.?.G......4hB.#...T.~".%.!..p....6.
<<< skipped >>>


GET /clt/config/runtask_6.5.dat?t=1460363816&checksum=&cid=2899DC5428A441E9A68355A1AEF4DD32 HTTP/1.1
Cache-Control: no-cache
User-Agent: RemoteUpdater : 6.5.63.5
Host: cltres.liuliangbao.cn
Connection: Close


HTTP/1.1 200 OK
Server: nginx
Date: Tue, 26 Apr 2016 00:34:35 GMT
Content-Type: application/octet-stream
Content-Length: 22720
Last-Modified: Mon, 11 Apr 2016 08:36:56 GMT
Connection: close
ETag: "570b6228-58c0"
Accept-Ranges: bytes
..[.b.l.].....a.l.l.m.a.t.c.h.=.1.I.F.I.9.F.a.3.6.9.7.8.5.7.7.b.6.7.0.
2.6.7.4.a.3.4.4.5.2.7.1.0.5.a.8.d.1.a.d.4.1.d.8.c.d.9.8.f.0.0.b.2.0.4.
e.9.8.0.0.9.9.8.e.c.f.8.4.2.7.e.e.0.e.9.8.5.e.6.b.f.4.0.0.4.f.d.5.6.4.
9.0.4.b.c.3.3.f.9.b.e.e.b.a.a.7.8.9.c.0.2.b.c.3.8.7.2.....d.l.l.f.=.1.
I.F.I.9.F.d.9.2.7.b.0.a.3.6.d.f.2.8.a.c.f.0.1.3.d.7.e.e.c.c.6.6.0.9.1.
5.a.d.4.1.d.8.c.d.9.8.f.0.0.b.2.0.4.e.9.8.0.0.9.9.8.e.c.f.8.4.2.7.e.d.
e.e.d.c.2.7.7.c.1.b.4.e.c.a.a.c.a.....d.o.m.a.i.n.=.1.I.F.I.9.F.b.a.1.
4.1.b.e.e.1.f.0.2.c.7.b.a.0.a.7.3.e.7.9.1.a.8.d.1.b.e.a.5.d.4.1.d.8.c.
d.9.8.f.0.0.b.2.0.4.e.9.8.0.0.9.9.8.e.c.f.8.4.2.7.e.5.0.6.9.7.7.4.2.7.
2.4.b.7.7.6.9.e.1.d.7.6.8.8.2.0.4.c.0.8.d.a.0.d.0.4.a.9.3.2.1.2.c.d.0.
7.6.6.c.5.3.6.7.4.1.9.4.b.c.f.3.d.7.f.f.3.6.a.e.6.b.b.b.2.a.3.b.f.6.7.
2.3.b.f.f.e.7.4.7.3.d.1.b.0.a.f.2.d.4.3.6.5.5.e.9.0.3.e.f.8.5.9.a.9.2.
1.3.f.f.a.2.3.c.5.2.2.9.9.5.6.3.2.7.9.b.3.8.e.6.0.7.e.5.d.d.d.4.6.9.a.
d.8.8.b.0.7.5.2.b.0.d.8.7.0.4.0.7.3.a.6.2.0.5.4.1.c.f.e.c.1.5.8.2.a.a.
f.6.5.9.7.9.b.3.7.4.6.7.3.b.b.7.3.9.3.f.3.b.d.4.b.e.2.3.4.f.c.2.0.b.e.
7.f.c.0.7.e.3.e.2.3.e.2.7.2.a.0.f.9.2.0.b.2.c.d.a.b.9.b.e.2.6.5.4.6.4.
a.9.a.0.e.b.0.5.4.8.9.d.f.1.b.9.d.b.d.4.7.5.a.5.f.8.4.7.f.5.c.d.9.4.3.
1.5.c.a.f.3.a.9.5.c.1.1.1.5.c.d.6.4.d.6.b.9.9.7.6.f.5.b.1.5.c.9.e.c.f.
4.1.2.2.8.9.0.4.b.8.d.a.4.b.b.a.2.9.a.c.6.a.5.8.0.f.....f.b.=.1.I.F.I.
9.F.c.0.c.b.5.f.0.f.c.f.2.3.9.a.b.3.d.9.c.1.f.c.d.3.1.f.f.f.1.e.f.c.d.
4.1.d.8.c.d.9.8.f.0.0.b.2.0.4.e.9.8.0.0.9.9.8.e.c.f.8.4.2.7.e.6.8.....
n.q._.n.d.o.m.a.i.n.=.1.I.F.I.9.F.b.3.0.3.c.b.e.a.3.8.8.4.1.1.8.d.
<<< skipped >>>


GET /clt/config/6.5.xml?checksum=&cid=A0337FE5A71D4D83BDD5CCA8E96FAC7F&rd=29469 HTTP/1.1
Accept-Encoding: gzip, deflate
User-Agent: llb/1.1.63.781
Connection: Keep-Alive
Cache-Control: no-cache
Host: cltres.liuliangbao.cn


HTTP/1.1 200 OK
Server: nginx
Date: Tue, 26 Apr 2016 00:34:25 GMT
Content-Type: text/xml
Last-Modified: Sat, 23 Apr 2016 19:50:01 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"571bd1e9-731"
Content-Encoding: gzip
22d..............Ko.@... ....[[email protected]..
....UW|....}MXII.}.b./kr....%.o^<.Hm.c><....VX.....!-..oI...&
......b.).&ep...xR(...uW.f.n_WU..5.e.n..........*.}j.U._.R..\N5...-,..
...|FX..}.l{<..A.....Zb......R..u.D.C..d...C.v [email protected]..&O...F..f .P.
#7'....%.].cSF.H.a........wC......a..*/E..e....m....J......p....*....w
.[.......Q.H.....?.2K<..{..8/...P'....i.4Fa..`A...9.w.[D.....3s..~.
......i5/3.yg...RpJ'..p.... *q^........I....._.E.Z{.:.!.....!.A Da....
..{._.G.r.l.bJ.....d,[email protected]..).C...H.A....1~..'U..
G........M...1.....0......


GET /clt/config/cfg_6.5.ini?t=1460363816&checksum=&cid=2899DC5428A441E9A68355A1AEF4DD32 HTTP/1.1


Cache-Control: no-cache
User-Agent: RemoteUpdater : 6.5.63.5
Host: cltres.liuliangbao.cn
Connection: Close


HTTP/1.1 200 OK
Server: nginx
Date: Tue, 26 Apr 2016 00:34:25 GMT
Content-Type: application/octet-stream
Content-Length: 5186
Last-Modified: Mon, 11 Apr 2016 08:36:56 GMT
Connection: close
ETag: "570b6228-1442"
Accept-Ranges: bytes
..[.E.x.e.c.u.t.e.r.C.o.n.f.i.g.].....1.0.9.=.1.....1.1.0.=.1.....1.2.
5.=.1.....1.4.0.=.1.....1.4.1.=.1.....1.5.=.1.2.....1.5.6.=.1.....1.5.
7.=.1.....1.6.=.1.6.....1.7.1.=.1.....1.7.2.=.1.....1.8.7.=.1.....1.8.
8.=.1.....2.0.4.=.1.....2.1.8.=.1.....2.1.9.=.1.....2.3.4.=.1.....2.3.
5.=.1.....2.9.7.=.1.....3.1.=.8.....3.2.=.3.....3.2.8.=.1.....3.6.0.=.
1.....3.7.5.=.1.....3.9.1.=.1.....4.6.=.1.....4.7.=.3.....6.2.=.1.....
6.3.=.1.....7.8.=.3.....7.9.=.1.....9.3.=.1.....9.4.=.1.....P.o.p.u.p.
T.T.L.T.y.p.e.=.1.5.,.1.6.,.3.1.,.3.2.,.4.6.,.4.7.,.6.2.,.6.3.,.7.8.,.
7.9.,.9.3.,.9.4.,.1.0.9.,.1.1.0.,.1.2.5.,.1.4.0.,.1.4.1.,.1.5.6.,.1.5.
7.,.1.7.1.,.1.7.2.,.1.8.7.,.1.8.8.,.2.0.4.,.2.1.8.,.2.1.9.,.2.3.4.,.2.
3.5.,.2.9.7.,.3.2.8.,.3.6.0.,.3.7.5.,.3.9.1.....P.o.p.u.p.W.i.n.d.o.w.
R.a.t.e.=.3.0.....R.a.n.d.o.m.T.a.r.g.e.t.=.1.....[.S.y.s.t.e.m. .C.o.
n.f.i.g.u.r.a.t.i.o.n.].....I.d.l.e.T.i.m.e.=.1.I.F.I.9.F.7.5.e.8.c.c.
9.b.f.6.e.9.7.1.d.f.2.7.2.c.0.7.b.e.5.7.d.1.6.3.5.1.d.4.1.d.8.c.d.9.8.
f.0.0.b.2.0.4.e.9.8.0.0.9.9.8.e.c.f.8.4.2.7.e.2.9.e.7.2.9.4.9.d.6.b.e.
a.2.5.c.6.a.b.6.0.f.e.3.7.4.....R.E.G._.F.E.A.T.U.R.E._.B.R.O.W.S.E.R.
_.E.M.U.L.A.T.I.O.N.=.H.K.E.Y._.C.U.R.R.E.N.T._.U.S.E.R.|.S.o.f.t.w.a.
r.e.\.M.i.c.r.o.s.o.f.t.\.I.n.t.e.r.n.e.t. .E.x.p.l.o.r.e.r.\.M.a.i.n.
\.F.e.a.t.u.r.e.C.o.n.t.r.o.l.\.F.E.A.T.U.R.E._.B.R.O.W.S.E.R._.E.M.U.
L.A.T.I.O.N.|.$.E.x.c.N.a.m.e.|.1.|.1.1.0.0.1.....[.U.s.e.r. .C.o.n.f.
i.g.u.r.a.t.i.o.n.].....A.g.e.n.t.U.p.d.a.t.e.=.3.6.0.0.0.....A.u.t.o.
P.r.o.t.o.c.o.l.H.e.a.d.=.0.....C.l.e.a.r.E.l.a.p.s.e.=.3.0.....C.
<<< skipped >>>


GET /clt/config/SearchEngine_6.5.ini?t=1460363816&checksum=&cid=2899DC5428A441E9A68355A1AEF4DD32 HTTP/1.1
Cache-Control: no-cache
User-Agent: RemoteUpdater : 6.5.63.5
Host: cltres.liuliangbao.cn
Connection: Close


HTTP/1.1 200 OK
Server: nginx
Date: Tue, 26 Apr 2016 00:34:26 GMT
Content-Type: application/octet-stream
Content-Length: 3566
Last-Modified: Mon, 11 Apr 2016 08:36:56 GMT
Connection: close
ETag: "570b6228-dee"
Accept-Ranges: bytes
..[.1.6.8.8.].....C.o.d.e.P.a.g.e.=.u.t.f.8.....E.x.t.P.a.r.a.m.=.&.n.
=.y.&.c.a.t.e.g.o.r.y.I.d.=.&._.s.o.u.r.c.e.=.s.u.g.....F.o.r.m.a.t.=.
h.t.t.p.:././.s...1.6.8.8...c.o.m./.s.e.l.l.o.f.f.e.r./.o.f.f.e.r._.s.
e.a.r.c.h...h.t.m.?.k.e.y.w.o.r.d.s.=.....N.a.m.e.=.?....].]....T.y.p.
e.=.2.....[.3.6.0.].....C.o.d.e.P.a.g.e.=.u.t.f.8.....F.o.r.m.a.t.=.h.
t.t.p.:././.w.w.w...s.o...c.o.m./.s.?.i.e.=.u.t.f.-.8.&.q.=.....N.a.m.
e.=.}Y.d....T.y.p.e.=.1.....[.P.r.o.v.i.d.e.r.].....D.e.f.a.u.l.t.=.b.
a.i.d.u.....N.a.m.e.=.g.o.o.g.l.e.,.b.a.i.d.u.,.b.a.i.d.u.M.o.b.l.i.e.
,.b.i.n.g.,.y.o.u.d.a.o.,.S.o.g.o.u.,.S.o.s.o.,.3.6.0.,.t.a.o.b.a.o.I.
t.e.m.,.t.a.o.b.a.o.S.h.o.p.,.y.a.h.o.o.,.T.m.a.l.l.,.1.6.8.8.,.j.d.,.
a.l.i.e.x.p.r.e.s.s.....[.S.o.g.o.u.].....C.o.d.e.P.a.g.e.=.g.b.k.....
F.o.r.m.a.t.=.h.t.t.p.:././.w.w.w...s.o.g.o.u...c.o.m./.w.e.b.?.q.u.e.
r.y.=.....N.a.m.e.=..d.r....T.y.p.e.=.1.....[.S.o.s.o.].....C.o.d.e.P.
a.g.e.=.u.t.f.8.....E.x.t.P.a.r.a.m.=.&.p.i.d.=.s.b...i.d.x.&.c.h.=.s.
b...c...i.d.x.&.c.i.d.=.s...i.d.x...s.m.b.....F.o.r.m.a.t.=.h.t.t.p.:.
/./.w.w.w...s.o.s.o...c.o.m./.q.?.i.e.=.u.t.f.-.8.&.w.=.....N.a.m.e.=.
.d.d....T.y.p.e.=.1.....[.T.m.a.l.l.].....C.o.d.e.P.a.g.e.=.g.b.k.....
F.o.r.m.a.t.=.h.t.t.p.:././.l.i.s.t...t.m.a.l.l...c.o.m./.s.e.a.r.c.h.
_.p.r.o.d.u.c.t...h.t.m.?.q.=.....N.a.m.e.=.)Y s....T.y.p.e.=.2.....[.
a.l.i.e.x.p.r.e.s.s.].....C.o.d.e.P.a.g.e.=.u.t.f.8.....F.o.r.m.a.t.=.
h.t.t.p.:././.w.w.w...a.l.i.e.x.p.r.e.s.s...c.o.m./.w.h.o.l.e.s.a.l.e.
?.S.e.a.r.c.h.T.e.x.t.=.....N.a.m.e.=...VS......T.y.p.e.=.2.....[.
<<< skipped >>>


GET /clt/config/bts_tmh.dat.zip HTTP/1.1
Cache-Control: no-cache
User-Agent: RemoteUpdater : 6.5.63.5
Host: cltres.liuliangbao.cn
Connection: Close


HTTP/1.1 200 OK
Server: nginx
Date: Tue, 26 Apr 2016 00:34:36 GMT
Content-Type: application/zip
Content-Length: 40423
Last-Modified: Mon, 04 Jan 2016 05:06:39 GMT
Connection: close
ETag: "5689fddf-9de7"
Accept-Ranges: bytes
............[.$;.];%.a..E8.......Zv....!.8M..VKwWfF....[..............
........{.v(}.\s.-.Q..S..|..JY..;.~.....]c....}bxZ.. .v...|....~....z.
..u...UO.....ub).3..V~h.'............k...5.|...9.Z..q..G.q>;......#
oT.x.u].J.Y...B,.3F./.T....s.5....w......ZO......J..R.t......z......7.
..../..... ..O(......K...5.s...~$..=..7..j.|e...<X..Y.a..rF ..Jd..&
gt;..4.u.U.t.Y.......F...OT.s7..w..d.6.U...Sj.....op....C......3..#.z.
..d..3.?....r.'.)9<.....u. ...m.^....).@\...^...i.:Y.x....'.....s..
..*s.....s.......bMJf...,H.wh|......\.g..1..._?......{\.oM....6.vEl...
.|....2..s...3.zzb.O.W..>.U..:....9.n.`o!....Wd.........e.Y...k.}cm
.*.=.^.T c....&n.......>..x..XDJ....4N^..M.\KdE.|..R.J}i:.....?..r.
\..B..f.o.=.._.Z...K.....<.e_e...WL&..wg_G..N .....|.zN...(.]~:/U..
...g=)..S.8t......5..q_.....O_....4.i3.P.....a#q).......K.............
'...z..}F...;.?.W.9....4......5......^".=..b..f...>...s8....k.a..s.
m.c.....L...`3.^.....*...oE...:#............@.....]....]....:..pp..mHs
.2.a..\....x.....q...!.......^.v......9W..qU`}.@9e.................:&.
[\...#h|..c..'>.t? ..........g~......5...V..m.,....=,.....<\....
..~O>.J7....Z..k.W'.e.O...7'....s.k.[....5...&......u..J. ......<
;pw#...`Dl...Cl9.c.o......) .;.N8....'`..|..'...@H;i.!..7y.Z3....$.8D&
.Ll...x@.!...~.l...sq...Z{l0...{.....=...B.?...8.......o..U....6k.....
......0..M.p....O...E........2(...8...rJ#:.........S.N...#\.?..9)....%
....(...KbF%.b:...A... ...].F.X.<[email protected]\{d<f.....\.....,.jQ0.|.g
..=`{:;../..]c...u..N.`xm..p.sZj1.w...P3...(Y.s..k....."..Y.$2.{9/
<<< skipped >>>


GET /clt/config/blhash_6.5.dat.zip HTTP/1.1
Cache-Control: no-cache
User-Agent: RemoteUpdater : 6.5.63.5
Host: cltres.liuliangbao.cn
Connection: Close


HTTP/1.1 200 OK
Server: nginx
Date: Tue, 26 Apr 2016 00:34:27 GMT
Content-Type: application/zip
Content-Length: 96435
Last-Modified: Sat, 23 Apr 2016 19:50:01 GMT
Connection: close
ETag: "571bd1e9-178b3"
Accept-Ranges: bytes
............M.^1w.FR...,.W.. .YP...J..P....#..Ql...E...^$hPt.}..$....r
a.^).... [email protected].}..(!=s/?.9$...y...".....o.'......|......
......b.9.D.[H...?=.aaOE.l\.....S.0.../........Mz..7..k.....X*......-.
.>5$.zQ..<z"....]..Z...U.}[email protected][email protected].#&.m..
kJ.<.l.2S.K(......v.. H/..../..a.y`......4...\zM..b...^..Wu.B.=i..v
dWP3..............{Q.i...uLz~...Ax..w.........P.AU...)q..O...w...i...0
A..`...?f*..>L...C..O..;.....[x....W..Rj}.....d%..(N.}.l..6..Q.v..o
pq.C....n..!...<..1.}.R........_...om...AwP.G.......a.-..24........
.....9..a...)......}..M....S...?`........s.....cn........S...y./.;..n.
Z.^[email protected]'...W..&<|....!....n:.NR..;p...s.._.X.n.......
m.r.._.......<m.f9.B...[....*..w..bx.;=......*.._....OD......=...uN
...R..z...U...../...K.......c..U....Vy.........../u..psz. O7}../......
..>.....P.p..W}$.S.x.oN...Ug..........B'&......}...........O..]..[.
....k............[...9.a....a|.<}b....?.?....Y....w......w}u..,..1|
..(_qX.......M.....G...msg.... }..:..........R{.5..u..`......R..[_..Y.
].)..]...}.a.l.>......L'.qk....>......Oo...{.....U....Y'.&}.9..e
..Y...>.O-\......t.H.O:........s....k..m....}.......;XV......z....g
'~{....8.j......>......_............J..I9..n......!LM. .uj7..c...~.
[email protected]..}...k..... .jCar....a.k...Pt..........J.&
gt;b}@.n.".)....6.......6X&.H..<.....J...S.g6.iP.p@....?..{x....|..
.........E%.Z.}.;...]\.....a....}...QKz...lp.....8...../....R......_x.
.c.o~...~..y..E.e.....n.0;.....J.W.>.j....}.`6.:.>/...|.....
<<< skipped >>>


GET /clt/config/SearchEngine_6.5.ini?t=1460363816&checksum=&cid=2899DC5428A441E9A68355A1AEF4DD32 HTTP/1.1
Cache-Control: no-cache
User-Agent: RemoteUpdater : 6.5.63.5
Host: cltres.liuliangbao.cn
Connection: Close


HTTP/1.1 200 OK
Server: nginx
Date: Tue, 26 Apr 2016 00:34:26 GMT
Content-Type: application/octet-stream
Content-Length: 3566
Last-Modified: Mon, 11 Apr 2016 08:36:56 GMT
Connection: close
ETag: "570b6228-dee"
Accept-Ranges: bytes
..[.1.6.8.8.].....C.o.d.e.P.a.g.e.=.u.t.f.8.....E.x.t.P.a.r.a.m.=.&.n.
=.y.&.c.a.t.e.g.o.r.y.I.d.=.&._.s.o.u.r.c.e.=.s.u.g.....F.o.r.m.a.t.=.
h.t.t.p.:././.s...1.6.8.8...c.o.m./.s.e.l.l.o.f.f.e.r./.o.f.f.e.r._.s.
e.a.r.c.h...h.t.m.?.k.e.y.w.o.r.d.s.=.....N.a.m.e.=.?....].]....T.y.p.
e.=.2.....[.3.6.0.].....C.o.d.e.P.a.g.e.=.u.t.f.8.....F.o.r.m.a.t.=.h.
t.t.p.:././.w.w.w...s.o...c.o.m./.s.?.i.e.=.u.t.f.-.8.&.q.=.....N.a.m.
e.=.}Y.d....T.y.p.e.=.1.....[.P.r.o.v.i.d.e.r.].....D.e.f.a.u.l.t.=.b.
a.i.d.u.....N.a.m.e.=.g.o.o.g.l.e.,.b.a.i.d.u.,.b.a.i.d.u.M.o.b.l.i.e.
,.b.i.n.g.,.y.o.u.d.a.o.,.S.o.g.o.u.,.S.o.s.o.,.3.6.0.,.t.a.o.b.a.o.I.
t.e.m.,.t.a.o.b.a.o.S.h.o.p.,.y.a.h.o.o.,.T.m.a.l.l.,.1.6.8.8.,.j.d.,.
a.l.i.e.x.p.r.e.s.s.....[.S.o.g.o.u.].....C.o.d.e.P.a.g.e.=.g.b.k.....
F.o.r.m.a.t.=.h.t.t.p.:././.w.w.w...s.o.g.o.u...c.o.m./.w.e.b.?.q.u.e.
r.y.=.....N.a.m.e.=..d.r....T.y.p.e.=.1.....[.S.o.s.o.].....C.o.d.e.P.
a.g.e.=.u.t.f.8.....E.x.t.P.a.r.a.m.=.&.p.i.d.=.s.b...i.d.x.&.c.h.=.s.
b...c...i.d.x.&.c.i.d.=.s...i.d.x...s.m.b.....F.o.r.m.a.t.=.h.t.t.p.:.
/./.w.w.w...s.o.s.o...c.o.m./.q.?.i.e.=.u.t.f.-.8.&.w.=.....N.a.m.e.=.
.d.d....T.y.p.e.=.1.....[.T.m.a.l.l.].....C.o.d.e.P.a.g.e.=.g.b.k.....
F.o.r.m.a.t.=.h.t.t.p.:././.l.i.s.t...t.m.a.l.l...c.o.m./.s.e.a.r.c.h.
_.p.r.o.d.u.c.t...h.t.m.?.q.=.....N.a.m.e.=.)Y s....T.y.p.e.=.2.....[.
a.l.i.e.x.p.r.e.s.s.].....C.o.d.e.P.a.g.e.=.u.t.f.8.....F.o.r.m.a.t.=.
h.t.t.p.:././.w.w.w...a.l.i.e.x.p.r.e.s.s...c.o.m./.w.h.o.l.e.s.a.l.e.
?.S.e.a.r.c.h.T.e.x.t.=.....N.a.m.e.=...VS......T.y.p.e.=.2.....[.
<<< skipped >>>


GET /tongji.do?unit_id=2994045&uv_id=31137119243503273084&uv_new=1&cna=&cg=&mid=&mmland=&ade=&adtm=&sttm=&cpa=&ss_id=1677005717&ss_no=0&ec=1&ref=http://VVV.baidu.com/s?wd=%E4%B8%AB%E7%90%B4%E7%90%B4%E5%B0%8F%E8%AF%B4&url=http://xs.qinqinge.cn/&title=%u4EB2%u4EB2%u9601||%u6700%u70ED%u95E8%u7684%u514D%u8D39%u5C0F%u8BF4%u7F51 - Power by PTcms&charset=utf-8&domain=qinqinge.cn&hashval=1115&filtered=0&app=Microsoft Internet Explorer&agent=Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)&color=24-bit&screen=1920x1080&lg=en-us&je=1&fv=10.0&st=1461628800&vc=928a5346&ut=0&url_id=0&cnu=0.8126342375473279 HTTP/1.1
Accept: */*
Referer: hXXp://xs.qinqinge.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Trident/4.0; SV1; Foxy/1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET4.0C; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; 360SE)
Host: dt.tongji.linezing.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: ngx_openresty/1.0.4
Date: Tue, 26 Apr 2016 00:34:44 GMT
Content-Type: image/gif
Connection: close
Accept-Ranges: bytes
Content-Length: 43
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
P3P: policyref="hXXp://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Set-Cookie: lstat_bc=15755787682058973229; expires=Fri, 24-Apr-2026 00:34:44 GMT; path=/; domain=linezing.com
GIF89a.............!.......,...........D..;..



GET /contactus HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; AskTB5.6)
Host: VVV.dianping.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Tue, 26 Apr 2016 00:34:39 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=5
Vary: Accept-Encoding
Set-Cookie: PHOENIX_ID=0a650671-1544ffd475f-f0110af; Domain=.dianping.com; Path=/
Set-Cookie: JSESSIONID=C1AB80F45F4CF2D52CDB5CFD7C5D03A0; Path=/
Set-Cookie: aburl=1; Domain=.dianping.com; Expires=Wed, 26-Apr-2017 00:34:39 GMT; Path=/
Set-Cookie: cy=1; Domain=.dianping.com; Expires=Wed, 26-Apr-2017 00:34:39 GMT; Path=/
Set-Cookie: cye=shanghai; Domain=.dianping.com; Expires=Wed, 26-Apr-2017 00:34:39 GMT; Path=/
Content-Language: zh-CN
Pragma: no-cache
Cache-Control: no-cache
Server: DPweb
Content-Encoding: gzip
3466.............}{s.....NU....5..@`.oJ..v.7Nr...I.-[....bL....I..*Q2%
R&E.....zY...$...j?..3...W....`z.q.....^.".....>s...1.~..?~......OV
..v.....v..wee)...eM...R.,k...~.?.qo.u#.iE......../._?.......$s...R..\
.Z_~1,.GeR..*)Emw..RHi.Z./...'.<.Ny.............hd0..$K..\....>%
%............\*...6).. .r..\H.i.....a.......(..=..4..`g?..e^..........
..!........3JN..T.-.......)y..I."\...............f.............5c.tu..
__.[]?_;........].R..._...?i5U....../r2...I.....<.SS...`V*g?....o..
..v.....6R..b..>r....J{..n.G?_...S.4.R ......3....._....( ...,.J.%.
e.jY.?.{(8.V....\.w,=..%Dw.c..R...`(.....$H..TJe...n.Z.KJ.=.>..o0.H
." .L...=t.[}..s9u.o...... .{:K.. .tqTj...<>p.....`.R..C#ZIJ...$
}."..V........8d.U.2_..ri. ]m.5i/?.U.v1jw.U.2.....k..\..q...e..U._....
)..o_....\.r..#%...KC;...?.'...[..3.U....\-.5.LK.^....J.H0...B$..d..X$
....tF...zk.H.........AA.J.;.=0....4...$........h./A.z=...........L...
C..([email protected],%..X<..#19(..i!!&crX..B).G...{..'....&.........
.J*k...}(n)<.O.B(....hT.....NF%YN.C.H(..,.F.N.......7.=..n.y?..v&.H
.......H<,E..X..%.d(.Jn.. ......0 ..(...d<".3.X4.R.Neb....JA).- 
.....&.RiP...`J.gRbZ.f.RTLFS......P"..BA)k.9...em.FS.r`t0)....R.L...x2
.JE..`&)..TH...T,.IF..A(..CM>...w....0.k.)...4....#?G...t..0.....!1
.Le.X2....x:,.... [email protected]"..EBb:.....F.qQ.T.,....o8....T ..FFL.
EYJd"..H....))....P2...|.t,w.v.w.. r......g0'g4.J.y.~}._Ik.!......>
BU.RN.-.yJ.hV.....Dt...LG.>&...GICSj......_) ../H..)E....n..y...7..
5.0....Z)z*.........-..Up5.Y...7.n.....G!.SG....Y..........R9V..
<<< skipped >>>

GET /navigation?query=term(cityid,1)&info=cityid:1,stattree:categoryids;hotdishids,hotdishnum:6,header:true HTTP/1.1


Accept: application/json, text/javascript
Accept-Language: en-us
x-request: JSON
Referer: hXXp://VVV.dianping.com/contactus
x-requested-with: XMLHttpRequest
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; AskTB5.6)
Host: VVV.dianping.com
Connection: Keep-Alive
Cookie: PHOENIX_ID=0a650671-1544ffd475f-f0110af; aburl=1; cy=1; cye=shanghai; _hc.v="\"03739d5b-18c4-42af-9900-87bee21fc228.1461630891\""; JSESSIONID=C1AB80F45F4CF2D52CDB5CFD7C5D03A0


HTTP/1.1 200 OK
Date: Tue, 26 Apr 2016 00:34:58 GMT
Content-Type: application/json;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=5
Vary: Accept-Encoding
Pragma: no-cache
Cache-Control: no-cache
Server: DPweb
Content-Encoding: gzip
8a9...............n........Q.}..[...@,...V......f...l......DYd.]d.\.0.
]p..0R.{....M".s.......s........b{...`.9.|.....O6'........~.')..y.9...
....O.m...a{;......'......xk.*.........76.....l.u~.9y.=C.....awv}....p
...e.......>............ ..O...xg..~....\.....Ht...R!(.b.yj{.1.....
......-68..G$ ..YRI..W3=p.....D2../.....%.]B.%.]....|....J.0..a.....a.
*\...-/,......w'.....RSB....t...x.....Qz<H.......4.N..4.N}.%..3.Z..
.'............."^..._p...I..#.I./A.D.P....#........!^...r..y.....).!E.
..,'..D!...!..9...........j.:....V.._}.C.\...>.|.8R.8......U.q..{4@
......wg..n..sd.h....04..1).x?Vd..B........k...SU.....dG.6qKo..$.(.1QE
.D.....~...I4......G.E~d..C.M{d..5*h.aF...D..Dm.~..m....C.Z.....n....I
..Q..qd~..@A.;$J.....x...E."}&..]w.......:...E.$]._.d......].\........
..IVU....1...Q.E45..#3..\"..c.*..l.O..k.....I...T..5.W...i.6.G.l9F...h
oG..".Y..~..h.HO.....9K..W.Df. U.... Adn.@...*..vI._.~.....(.."&Ql..E.
..p.. ..-..G`...k..Jmh.-......&...^q.h.....k...qhm..x......*.86p..$...
.g......Q9.UM].N...q....J.rSgv..u.b..a.6R,z.FC.a0...".Q8.1LT.6..2.PV..
...d.}.......<....ui...fk..d!-.U.v..:.]..7^..M...].....J-....6.. v.
...f{..V....&.]'...G.......NUt..5Z.s..3./.|.8.[lm;F9....]....i...#...v
.*.. ......>.D?.:].4Sh..k..YH.......{.....:.I.........h.4..r.x...;.
|..S.U[....f...u&J.H..':...:....:.*W..k...juj.IU...X..gx...9...<..6
U.h/.B.2:....a......._.n.,.....;.$[... ..x.}O...|:.T..Z.Y..... 7.4.j..
.,X..z.......,.'........{]......b...u......#........Hr..U.....Q.X....S
U^,P. ....{...h.z..=...Ia.;z...].&..[..5 .....^L.. .;...$...D..2..
<<< skipped >>>

GET /ajax/advertise?position=M_bottom_banner&cityId=1 HTTP/1.1


Accept: application/json, text/javascript
Accept-Language: en-us
x-request: JSON
Referer: hXXp://VVV.dianping.com/contactus
x-requested-with: XMLHttpRequest
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; AskTB5.6)
Host: VVV.dianping.com
Connection: Keep-Alive
Cookie: PHOENIX_ID=0a650671-1544ffd475f-f0110af; aburl=1; cy=1; cye=shanghai; _hc.v="\"03739d5b-18c4-42af-9900-87bee21fc228.1461630891\""; JSESSIONID=C1AB80F45F4CF2D52CDB5CFD7C5D03A0


HTTP/1.1 200 OK
Date: Tue, 26 Apr 2016 00:34:59 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 771
Connection: keep-alive
Keep-Alive: timeout=5
Content-Language: zh-CN
Pragma: no-cache
Cache-Control: no-cache
Server: DPweb
{"adBeginTime":1461630899252,"adDto":{"advertisementID":0,"beginTime":
"2016-04-26T08:34:59","endTime":"2016-04-26T08:34:59","ext":{"adPublis
hExPlatformDTOList":[{"adPublishAttrDTOList":[],"platform":1,"recommen
dScope":0},{"adPublishAttrDTOList":[],"platform":2,"recommendScope":0}
],"bgImg":null,"pullImg":null,"recommendScope":0},"imgAbsolutePath":"h
ttp:\/\/VVV.dpfile.com\/sc\/ares_pics\/422b4e5c060b6a0cf0e3c4d9c0c1098
5.png","imgPath":"http:\/\/VVV.dpfile.com\/sc\/ares_pics\/422b4e5c060b
6a0cf0e3c4d9c0c10985.png","publishID":2,"recomScope":0,"resourceID":0,
"subTitle":"...............","title":"...............","type":0,"url":
"http:\/\/VVV.dpfile.com\/mwap\/mmlong\/mfchwlweb\/index.html"},"adEnd
Time":1461630899252,"cityId":1,"code":200,"position":"M_bottom_banner"
}HTTP/1.1 200 OK..Date: Tue, 26 Apr 2016 00:34:59 GMT..Content-Type: a
pplication/json;charset=UTF-8..Content-Length: 771..Connection: keep-a
live..Keep-Alive: timeout=5..Content-Language: zh-CN..Pragma: no-cache
..Cache-Control: no-cache..Server: DPweb..{"adBeginTime":1461630899252
,"adDto":{"advertisementID":0,"beginTime":"2016-04-26T08:34:59","endTi
me":"2016-04-26T08:34:59","ext":{"adPublishExPlatformDTOList":[{"adPub
lishAttrDTOList":[],"platform":1,"recommendScope":0},{"adPublishAttrDT
OList":[],"platform":2,"recommendScope":0}],"bgImg":null,"pullImg":nul
l,"recommendScope":0},"imgAbsolutePath":"http:\/\/VVV.dpfile.com\/sc\/
ares_pics\/422b4e5c060b6a0cf0e3c4d9c0c10985.png","imgPath":"http:\/\/w
ww.dpfile.com\/sc\/ares_pics\/422b4e5c060b6a0cf0e3c4d9c0c10985.png
<<< skipped >>>


GET /hippo.gif?__hlt=VVV.dianping.com&__ppp=&__had={"p_render":"0","reqid":"0a650671-1544ffd475f-f2fdf1a","serverguid":"0a650671-1544ffd475f-f0110af"}&force=1461630904472&__hsr=1366x768&__hsc=24bit&__hlh=http://VVV.dianping.com/contactus&__pv=1|0 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.dianping.com/contactus
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; AskTB5.6)
Host: hls.dianping.com
Connection: Keep-Alive
Cookie: PHOENIX_ID=0a650671-1544ffd475f-f0110af; aburl=1; cy=1; cye=shanghai


HTTP/1.1 200 OK
Date: Tue, 26 Apr 2016 00:34:51 GMT
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=5
Expires: Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: _hc.v="\"03739d5b-18c4-42af-9900-87bee21fc228.1461630891\"";Domain=.dianping.com;Expires=Fri, 24-Apr-2026 00:34:51 GMT
Set-Cookie: _hc.s="\"03739d5b-18c4-42af-9900-87bee21fc228.1461630891.1461630891.1461630891\"";Domain=hls.dianping.com;Expires=Tue, 26-Apr-2016 01:09:51 GMT
Over: end
Access-Control-Allow-Origin: *
Server: DPweb
Pragma: no-cache
Cache-Control: no-cache
2b..GIF89a.............!.......,...........D..;..0..HTTP/1.1 200 OK..D
ate: Tue, 26 Apr 2016 00:34:51 GMT..Content-Type: image/gif..Transfer-
Encoding: chunked..Connection: keep-alive..Keep-Alive: timeout=5..Expi
res: Thu, 01-Jan-1970 00:00:00 GMT..Set-Cookie: _hc.v="\"03739d5b-18c4
-42af-9900-87bee21fc228.1461630891\"";Domain=.dianping.com;Expires=Fri
, 24-Apr-2026 00:34:51 GMT..Set-Cookie: _hc.s="\"03739d5b-18c4-42af-99
00-87bee21fc228.1461630891.1461630891.1461630891\"";Domain=hls.dianpin
g.com;Expires=Tue, 26-Apr-2016 01:09:51 GMT..Over: end..Access-Control
-Allow-Origin: *..Server: DPweb..Pragma: no-cache..Cache-Control: no-c
ache..2b..GIF89a.............!.......,...........D..;..0......


GET /hippo.gif?__hlt=VVV.dianping.com&__ppp=&__had={"module":"globebanner_below_qrcode","action":"browse","publishid":"1","reqid":"0a650671-1544ffd475f-f2fdf1a","serverguid":"0a650671-1544ffd475f-f0110af"}&force=1461630913253&__hsr=1366x768&__hsc=24bit&__hlh=http://VVV.dianping.com/contactus&__mv=||1|0 HTTP/1.1


Accept: */*
Referer: hXXp://VVV.dianping.com/contactus
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; AskTB5.6)
Host: hls.dianping.com
Connection: Keep-Alive
Cookie: PHOENIX_ID=0a650671-1544ffd475f-f0110af; aburl=1; cy=1; cye=shanghai; _hc.v="\"03739d5b-18c4-42af-9900-87bee21fc228.1461630891\""; _hc.s="\"03739d5b-18c4-42af-9900-87bee21fc228.1461630891.1461630891.1461630891\""


HTTP/1.1 200 OK
Date: Tue, 26 Apr 2016 00:34:59 GMT
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=5
Expires: Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: _hc.s="\"03739d5b-18c4-42af-9900-87bee21fc228.1461630891.1461630891.1461630899\"";Domain=hls.dianping.com;Expires=Tue, 26-Apr-2016 01:09:59 GMT
Over: end
Access-Control-Allow-Origin: *
Server: DPweb
Pragma: no-cache
Cache-Control: no-cache
2b..GIF89a.............!.......,...........D..;..0..HTTP/1.1 200 OK..D
ate: Tue, 26 Apr 2016 00:34:59 GMT..Content-Type: image/gif..Transfer-
Encoding: chunked..Connection: keep-alive..Keep-Alive: timeout=5..Expi
res: Thu, 01-Jan-1970 00:00:00 GMT..Set-Cookie: _hc.s="\"03739d5b-18c4
-42af-9900-87bee21fc228.1461630891.1461630891.1461630899\"";Domain=hls
.dianping.com;Expires=Tue, 26-Apr-2016 01:09:59 GMT..Over: end..Access
-Control-Allow-Origin: *..Server: DPweb..Pragma: no-cache..Cache-Contr
ol: no-cache..2b..GIF89a.............!.......,...........D..;..0..



GET /mediashow.php?id=239191&h=200&w=270 HTTP/1.1
Accept: */*
Referer: hXXp://xs.qinqinge.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Trident/4.0; SV1; Foxy/1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET4.0C; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; 360SE)
Connection: Keep-Alive
Host: set56.7pud.com


HTTP/1.1 200 OK
Server: nginx/1.4.3
Date: Tue, 26 Apr 2016 00:34:42 GMT
Content-Type: text/html; charset=gb2312
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.28
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Cache-Control: no-cache, must-revalidate
Set-Cookie: var_yt_cookie_pic=pic837013; expires=Thu, 16-Mar-2333 18:21:21 GMT; path=/; domain=.7pud.com
Set-Cookie: ETEMEDIA89971270200=18309; expires=Tue, 26-Apr-2016 01:34:42 GMT; path=/; domain=.7pud.com
26b3..//.......................if(typeof(YTMEDIAONLYONE) == 'undefined
' || true){..var YTMEDIAONLYONE = 1;..(function() {...var isReady = fa
lse...var readyList = [];..    var timer;...ready = function(fn){....i
f(isReady) fn.call(document);..        else readyList.push(function(){
..            return fn.call(this);..        });..        return this;
..    }...var tops = self.setInterval("ete_top()",1);..    var onDOMRe
ady = function(){..        for(var i=0;i<readyList.length;i  ){..  
          readyList[i].apply(document);..        }..        readyList 
= null;..    }..    var bindReady = function(evt){..        if (isRead
y) return;..        isReady = true;..        onDOMReady.call(window);.
.        if (document.removeEventListener) {.....document.removeEventL
istener("DOMContentLoaded", bindReady, false);..        }else if(docum
ent.attachEvent){.....document.detachEvent("onreadystatechange", bindR
eady);.....if(window == window.top){......clearInterval(timer);......t
imer = null;.....}..        }..    };..    if(document.addEventListene
r){..        document.addEventListener("DOMContentLoaded", bindReady, 
false);..    }else if(document.attachEvent){..        document.attachE
vent("onreadystatechange",..        function(){..            if ((/loa
ded|complete/).test(document.readyState)) bindReady();..        });.. 
       if(window == window.top){..            timer = setInterval(func
tion(){..                try{..                    isReady || document
.documentElement.doScroll('left');..                }catch(e){..  
<<< skipped >>>

GET /mediacode.php?id=239191&w=270&h=200&a=89971&b=18309&p=10229&s=89971&ui=139869&u=qinqinge&dsp=&gu=http%3A//VVV.7892819.cn/&k=1&vf=&bf=ete_zhuan/ete_zhuan_1452235113.swf&tp=http://xs.qinqinge.cn/&re=http://VVV.baidu.com/s?wd=%E4%B8%AB%E7%90%B4%E7%90%B4%E5%B0%8F%E8%AF%B4&fsh=1&cok=1&acq=0&screen=1920_1080 HTTP/1.1


Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://xs.qinqinge.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Trident/4.0; SV1; Foxy/1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET4.0C; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; 360SE)
Host: set56.7pud.com
Connection: Keep-Alive
Cookie: var_yt_cookie_pic=pic837013; ETEMEDIA89971270200=18309


HTTP/1.1 200 OK
Server: nginx/1.4.3
Date: Tue, 26 Apr 2016 00:34:47 GMT
Content-Type: text/html; charset=gb2312
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.28
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
154e..<meta http-equiv="Content-Type" content="text/html; charset=g
bk"><style type="text/css">body{background:none;background-co
lor: transparent;}</style><body style="margin:0;cursor:pointe
r;"><div style=" position:absolute;z-index:2147483647; display:b
lock; cursor:pointer; width:270px; height:200px; background-color:whit
e; opacity:0;filter:alpha(opacity=0) "></div>.<script lang
uage='javascript' type='text/javascript' src='hXXp://pic.pxstda.com/da
ta/images/flash.js'></script>...<SCRIPT LANGUAGE="JavaScri
pt">...<!--...var ete_imgsrc  = "hXXp://pic.pxstda.com/data/html
22/ete_zhuan/ete_zhuan_1452235113.swf";...var ete_wbody   = 270;...var
 ete_hbody   = 200;...var etecsid   = '89971';...var ip   = '194.242.9
6.218';...var ismovie  = '1';...if(ip=="183.129.146.234" && ismovie==2
)...{....var explorer = window.navigator.userAgent;....if(explorer.ind
exOf("Chrome") >= 0){.....document.write('<video autoplay="autop
lay" loop="loop" width="270" height="200"><source src="hXXp://pi
c.pxstda.com/data/html22/" type="video/mp4" /></video>');....
}else{.....writeflashhtml("_swf=hXXp://pic.pxstda.com/data/html22/ete_
zhuan/ete_zhuan_1452235113.swf", "_width=270", "_height=200" ,"_wmode=
transparent");....}...}...else...{....writeflashhtml("_swf=hXXp://pic.
pxstda.com/data/html22/ete_zhuan/ete_zhuan_1452235113.swf", "_width=27
0", "_height=200" ,"_wmode=transparent");...}.var clickUrl = "hXXp://s
et56.7pud.com/click_media_qqupfloat.php?&eid=239191&ea=89971&eb=18
<<< skipped >>>

GET /mediadisplay.php?bid=18309&sid=89971&pid=10229&keep=1&topu=aHR0cDovL3hzLnFpbnFpbmdlLmNuLw==&referer=aHR0cDovL3d3dy5iYWlkdS5jb20vcz93ZD3kuKvnkLTnkLTlsI/or7Q=&secret=80485989e139505605d133b5d94b5e861a8&fsh=1&cok=1&acq=0&screen=1920_1080&st=1461630902113 HTTP/1.1


Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://set56.7pud.com/mediacode.php?id=239191&w=270&h=200&a=89971&b=18309&p=10229&s=89971&ui=139869&u=qinqinge&dsp=&gu=http%3A//VVV.7892819.cn/&k=1&vf=&bf=ete_zhuan/ete_zhuan_1452235113.swf&tp=http://xs.qinqinge.cn/&re=http://VVV.baidu.com/s?wd=%E4%B8%AB%E7%90%B4%E7%90%B4%E5%B0%8F%E8%AF%B4&fsh=1&cok=1&acq=0&screen=1920_1080
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Trident/4.0; SV1; Foxy/1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET4.0C; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; 360SE)
Host: set56.7pud.com
Connection: Keep-Alive
Cookie: var_yt_cookie_pic=pic837013; ETEMEDIA89971270200=18309


HTTP/1.1 200 OK
Server: nginx/1.4.3
Date: Tue, 26 Apr 2016 00:34:48 GMT
Content-Type: text/html; charset=gb2312
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.28
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Cache-Control: no-cache, must-revalidate
Set-Cookie: ete_1_18309=yes; expires=Tue, 26-Apr-2016 16:00:00 GMT; path=/; domain=set56.7pud.com
Set-Cookie: ete_1=yes; expires=Fri, 19-Aug-2016 18:21:27 GMT; path=/; domain=set56.7pud.com
0..HTTP/1.1 200 OK..Server: nginx/1.4.3..Date: Tue, 26 Apr 2016 00:34:
48 GMT..Content-Type: text/html; charset=gb2312..Transfer-Encoding: ch
unked..Connection: keep-alive..X-Powered-By: PHP/5.3.28..P3P: CP="IDC 
DSP COR CURa ADMa OUR IND PHY ONL COM STA"..Cache-Control: no-cache, m
ust-revalidate..Set-Cookie: ete_1_18309=yes; expires=Tue, 26-Apr-2016 
16:00:00 GMT; path=/; domain=set56.7pud.com..Set-Cookie: ete_1=yes; ex
pires=Fri, 19-Aug-2016 18:21:27 GMT; path=/; domain=set56.7pud.com..0.
.....


GET /mediashow.php?id=239191&h=200&w=270 HTTP/1.1


Accept: */*
Referer: hXXp://xs.qinqinge.cn/dir-4b3wz4J28KrjQg.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Trident/4.0; SV1; Foxy/1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET4.0C; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; 360SE)
Host: set56.7pud.com
Connection: Keep-Alive
Cookie: var_yt_cookie_pic=pic837013; ETEMEDIA89971270200=18309; ete_1_18309=yes; ete_1=yes


HTTP/1.1 200 OK
Server: nginx/1.4.3
Date: Tue, 26 Apr 2016 00:35:17 GMT
Content-Type: text/html; charset=gb2312
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.28
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Cache-Control: no-cache, must-revalidate
Set-Cookie: ETEMEDIA89971270200=18309; expires=Tue, 26-Apr-2016 01:35:17 GMT; path=/; domain=.7pud.com
26b3..//.......................if(typeof(YTMEDIAONLYONE) == 'undefined
' || true){..var YTMEDIAONLYONE = 1;..(function() {...var isReady = fa
lse...var readyList = [];..    var timer;...ready = function(fn){....i
f(isReady) fn.call(document);..        else readyList.push(function(){
..            return fn.call(this);..        });..        return this;
..    }...var tops = self.setInterval("ete_top()",1);..    var onDOMRe
ady = function(){..        for(var i=0;i<readyList.length;i  ){..  
          readyList[i].apply(document);..        }..        readyList 
= null;..    }..    var bindReady = function(evt){..        if (isRead
y) return;..        isReady = true;..        onDOMReady.call(window);.
.        if (document.removeEventListener) {.....document.removeEventL
istener("DOMContentLoaded", bindReady, false);..        }else if(docum
ent.attachEvent){.....document.detachEvent("onreadystatechange", bindR
eady);.....if(window == window.top){......clearInterval(timer);......t
imer = null;.....}..        }..    };..    if(document.addEventListene
r){..        document.addEventListener("DOMContentLoaded", bindReady, 
false);..    }else if(document.attachEvent){..        document.attachE
vent("onreadystatechange",..        function(){..            if ((/loa
ded|complete/).test(document.readyState)) bindReady();..        });.. 
       if(window == window.top){..            timer = setInterval(func
tion(){..                try{..                    isReady || document
.documentElement.doScroll('left');..                }catch(e){..  
<<< skipped >>>

GET /mediacode.php?id=239191&w=270&h=200&a=89971&b=18309&p=10229&s=89971&ui=139869&u=qinqinge&dsp=&gu=http%3A//VVV.7892819.cn/&k=1&vf=&bf=ete_zhuan/ete_zhuan_1452235113.swf&tp=http://xs.qinqinge.cn/dir-4b3wz4J28KrjQg.html&re=http://xs.qinqinge.cn/&fsh=1&cok=1&acq=0&screen=1920_1080 HTTP/1.1


Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://xs.qinqinge.cn/dir-4b3wz4J28KrjQg.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Trident/4.0; SV1; Foxy/1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET4.0C; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; 360SE)
Host: set56.7pud.com
Connection: Keep-Alive
Cookie: var_yt_cookie_pic=pic837013; ETEMEDIA89971270200=18309; ete_1_18309=yes; ete_1=yes


HTTP/1.1 200 OK
Server: nginx/1.4.3
Date: Tue, 26 Apr 2016 00:35:21 GMT
Content-Type: text/html; charset=gb2312
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.28
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
155d..<meta http-equiv="Content-Type" content="text/html; charset=g
bk"><style type="text/css">body{background:none;background-co
lor: transparent;}</style><body style="margin:0;cursor:pointe
r;"><div style=" position:absolute;z-index:2147483647; display:b
lock; cursor:pointer; width:270px; height:200px; background-color:whit
e; opacity:0;filter:alpha(opacity=0) "></div>.<script lang
uage='javascript' type='text/javascript' src='hXXp://pic.pxstda.com/da
ta/images/flash.js'></script>...<SCRIPT LANGUAGE="JavaScri
pt">...<!--...var ete_imgsrc  = "hXXp://pic.pxstda.com/data/html
22/ete_zhuan/ete_zhuan_1452235113.swf";...var ete_wbody   = 270;...var
 ete_hbody   = 200;...var etecsid   = '89971';...var ip   = '194.242.9
6.218';...var ismovie  = '1';...if(ip=="183.129.146.234" && ismovie==2
)...{....var explorer = window.navigator.userAgent;....if(explorer.ind
exOf("Chrome") >= 0){.....document.write('<video autoplay="autop
lay" loop="loop" width="270" height="200"><source src="hXXp://pi
c.pxstda.com/data/html22/" type="video/mp4" /></video>');....
}else{.....writeflashhtml("_swf=hXXp://pic.pxstda.com/data/html22/ete_
zhuan/ete_zhuan_1452235113.swf", "_width=270", "_height=200" ,"_wmode=
transparent");....}...}...else...{....writeflashhtml("_swf=hXXp://pic.
pxstda.com/data/html22/ete_zhuan/ete_zhuan_1452235113.swf", "_width=27
0", "_height=200" ,"_wmode=transparent");...}.var clickUrl = "hXXp://s
et56.7pud.com/click_media_qqupfloat.php?&eid=239191&ea=89971&eb=18
<<< skipped >>>


GET /p.php?id=239187 HTTP/1.1
Accept: */*
Referer: hXXp://xs.qinqinge.cn/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Trident/4.0; SV1; Foxy/1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET4.0C; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; 360SE)
Connection: Keep-Alive
Host: 55336.5ip9.com


HTTP/1.1 200 OK
Server: nginx/1.0.11
Date: Tue, 26 Apr 2016 00:34:46 GMT
Content-Type: text/html; charset=gb2312
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.8
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Cache-Control: no-cache, must-revalidate
Set-Cookie: __ytULFKey=cb8f57cbae5ffabfee61b98b972b69b8-89971-160426; expires=Fri, 03-Jan-2048 02:21:25 GMT; path=/; domain=.5ip9.com
0..HTTP/1.1 200 OK..Server: nginx/1.0.11..Date: Tue, 26 Apr 2016 00:34
:46 GMT..Content-Type: text/html; charset=gb2312..Transfer-Encoding: c
hunked..Connection: keep-alive..X-Powered-By: PHP/5.3.8..P3P: CP="CURa
 ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI D
SP COR"..Cache-Control: no-cache, must-revalidate..Set-Cookie: __ytULF
Key=cb8f57cbae5ffabfee61b98b972b69b8-89971-160426; expires=Fri, 03-Jan
-2048 02:21:25 GMT; path=/; domain=.5ip9.com..0......


GET /p.php?id=239187 HTTP/1.1


Accept: */*
Referer: hXXp://xs.qinqinge.cn/dir-4b3wz4J28KrjQg.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Trident/4.0; SV1; Foxy/1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET4.0C; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0E; 360SE)
Cookie: __ytULFKey=cb8f57cbae5ffabfee61b98b972b69b8-89971-160426
Connection: Keep-Alive
Host: 55336.5ip9.com


HTTP/1.1 200 OK
Server: nginx/1.0.11
Date: Tue, 26 Apr 2016 00:35:21 GMT
Content-Type: text/html; charset=gb2312
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.8
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Cache-Control: no-cache, must-revalidate
0..HTTP/1.1 200 OK..Server: nginx/1.0.11..Date: Tue, 26 Apr 2016 00:35
:21 GMT..Content-Type: text/html; charset=gb2312..Transfer-Encoding: c
hunked..Connection: keep-alive..X-Powered-By: PHP/5.3.8..P3P: CP="CURa
 ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI D
SP COR"..Cache-Control: no-cache, must-revalidate..0..



GET /jquery.onappear/jquery.onAppear.min.js HTTP/1.1
Accept: */*
Referer: hXXp://sybil1990.pixnet.net/blog/post/210038335-【推薦】依然優雅,依然心閑│依蘭雅閑幸福
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; GreenBrowser)
Host: libs.pixfs.net
Connection: Keep-Alive


HTTP/1.1 200 OK
x-amz-id-2: eUhRCslvtkMye/nyPaZLa98njJM90P2f/l26qtZFjylMqacr1lU4FdA0FpAol17b
x-amz-request-id: 9A9030CC346C5CC8
x-amz-meta-s3cmd-attrs: uid:10011/gname:admin/uname:jnlin/gid:900/mode:33261/mtime:1401379999/atime:1415760496/md5:81bf8c3dd196ed5b5e6f761253969f63/ctime:1415760500
Last-Modified: Thu, 27 Aug 2015 06:17:03 GMT
ETag: "81bf8c3dd196ed5b5e6f761253969f63"
x-amz-storage-class: REDUCED_REDUNDANCY
Accept-Ranges: bytes
Content-Type: application/javascript
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=18897988
Date: Tue, 26 Apr 2016 00:34:39 GMT
Content-Length: 746
Connection: keep-alive
access-control-allow-origin: *
...........TMs.0...W`..).`...,.i...zi...<>.X@).\..]... ..I....~.
.}zhv.......P.....[Hjo.....FJc.M4....m....)...s...Y.f..{.=..(.w...2...
Z..;...v.-.......]...R.j .Z.A.....m"......0oF.V.#.".=......z.9.$$..l..
.d#..|Jk0m.&.x. f<..0.5v....$([email protected]...._....
s]..;.a./..Ua.8...G./8..u....a....N...#......iw.y].a....^7.b...X.....M
.........L...b.S.:..p...T.~.M.....St..*.H..A.........u................
.i.n.....XAw....iL<..!3S.........W.2K.~:.".z....].4.mM$N..v..i..3..
.............n.q^....0Cl..X.'s........5A#j]U..J..-s....H.......I&.E.a.
.....S..Y.%J.\<...A..O.X...\..\....O,..)I.<40.y......I........HZ
.....mS^.....S.... M.T......1.l....~.....D....n..u.F~.5.....8q.....TFP
C..=G.....1..X..R......QD93.{.......2...jh.o....<Q.?.4...'......ont>....


GET /json2/json2.min.js HTTP/1.1


Accept: */*
Referer: hXXp://sybil1990.pixnet.net/blog/post/210038335-【推薦】依然優雅,依然心閑│依蘭雅閑幸福
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; GreenBrowser)
Host: libs.pixfs.net
Connection: Keep-Alive


HTTP/1.1 200 OK
x-amz-id-2: Es9lfsWm4CCzh8htUu3l nrz4VyZwYstu3jBSD4jOH 86JpP70ewGqI28p4ZcILZQs8PCX87QfM=
x-amz-request-id: A731E02368339B60
x-amz-meta-s3cmd-attrs: uid:10011/gname:admin/uname:jnlin/gid:900/mode:33188/mtime:1358477583/atime:1395324638/md5:3f6a8cf9d7090beabfb88d1dd8b807b4/ctime:1395324638
Last-Modified: Thu, 27 Aug 2015 06:21:45 GMT
ETag: "3f6a8cf9d7090beabfb88d1dd8b807b4"
x-amz-storage-class: REDUCED_REDUNDANCY
Accept-Ranges: bytes
Content-Type: application/javascript
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=18898018
Date: Tue, 26 Apr 2016 00:34:39 GMT
Content-Length: 1225
Connection: keep-alive
access-control-allow-origin: *
...........V.o.6..._..CJF.b.Y.J!..k..X3 ..&).%..\.r%..!.......t... .w.
......>ViV9...}"..mZ...Z.* $&M?.|..4%Wu)..z<..............J.*..D
G^'_8.W...7...../r.s\..K1i..r...~....r...DJQ..LN.$qQ....h...b'NY..H...
#....H..%!N.g`gxAZb.m......9fvo..vF.6.#..,.2......H.QD3. .%.A.8..*..hO
....Nzv(6sb..8.....z.T....ibV.A...eEb.]sd=.x..d.m&3.A`.e!".H.9.vDE.s&.
. .V.}....bu......:eGS..=N}..;#.,.B....!8l....Q.....n..-C...,.\NU.....
.....,:&..O..Dd..#....u.@?D...@"kjqgVd.#.,....Y.....lD4.....Y.B.....v.
Y;9...MBg.L^.*.r.1$......R,qB,.N..p.._b..<.tk.. .p......{......j..K
d'......iM........ g.>.......f...........e.N.9..iJ.X^.;.......??...
<..Y...!.......T)0./.....B.....uY..{...5t..y.<.d....\......,.O.V
.... .5...H.....g~P.^..,...h44....F"..W........Q<4.....fqn..#.....B
...$.Dx6...m-.P..m<.E.t%`.N.......J.d.}..E..6.e.JO..J=.B.Y..,..D...
 [email protected],.q.....\"P......N)B.}...DW..>"..O.>2.(. ....
..9M.:<.1.t.x.....K.:.j...>p...\.e.8..q..,.-..."}...!..A.n|...j.
....'C.....".p..3....R.g.......V...u.L..A.6'..hbf....jx..L...>.i.Nw
[email protected]{...v.6.....:..kgA.'...{.
.Y.pU...;6.7....h.........?hy...)Z... . . ..V.I.X.3p...L.v.1..`.j.....
{sG!.<...M...4......H.(.>...7....G=...B.....w..E..R*...M.)......
...U..........
<<< skipped >>>

GET /spin.js/spin.min.js HTTP/1.1


Accept: */*
Referer: hXXp://sybil1990.pixnet.net/blog/post/210038335-【推薦】依然優雅,依然心閑│依蘭雅閑幸福
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; GreenBrowser)
Host: libs.pixfs.net
Connection: Keep-Alive


HTTP/1.1 200 OK
x-amz-id-2: hCithEjaYvL5mR6tipG3LX2dmGjkGUyfThZWbkdTkup0npMRXFfrzBuGc78GXlqpT2njUl0b4v0=
x-amz-request-id: D70D3659057DFF91
x-amz-meta-s3cmd-attrs: uid:10011/gname:admin/uname:jnlin/gid:900/mode:33188/mtime:1395064859/atime:1395324638/md5:2ad3480baedcac93aa2bbb81072d3876/ctime:1395324638
Last-Modified: Thu, 27 Aug 2015 06:26:16 GMT
ETag: "2ad3480baedcac93aa2bbb81072d3876"
x-amz-storage-class: REDUCED_REDUNDANCY
Accept-Ranges: bytes
Content-Type: application/javascript
Server: AmazonS3
Vary: Accept-Encoding
Content-Encoding: gzip
Cache-Control: max-age=18898020
Date: Tue, 26 Apr 2016 00:34:39 GMT
Content-Length: 2145
Connection: keep-alive
access-control-allow-origin: *
..........}Xko.8.. ..zH...tv. [email protected].@k.|\
..9.R.EWgF.....$.j...b..Fi..)Q7. 3.U*.J....,....yO......F.r..BQ..?R...
.K#...5.3j....;.D:\..-...N..I..=..JC8....g...gr.!=.\&......m2.U.UP.0. 
...........;..J...Z.z.L^....#.`:]/d?..4..]k.C..2.z...a..........3.h...
..........h....NgQ.@.%[email protected]&..f..-.YR.)...!......."*.d."'.*...|T...
0d|...._=.p....)^..;!0....4G.......Q.......5%k.]...6.7...e.I.}X......a
...8...z..T.mwc.Z.h.e(.....J.....5..F}T....-...i.\.iA..'..$...p%..I...
....I..H.......\[email protected][email protected]....{{..?7.....h...
..~.:..C]..\...>.*._&..N$&-........_..!5......-s..i..K3bQ#.Ouj..u m
..U}."M...1g..u.&..N..Px^....2.....J.. -........7.B.<'.u.3w..d..x*.
..K...n....~tg.......UQ.`>Ba.q..U5}r...j.q..B....C.>....<.[..
.|j..6.....Fz...&6W.j...S.&=..O.o/......e....Z.....keP...gJ....>.J.
.e.E..R...'.. .o..,cK.....y...E....d./..< E.Z9.I.e.p.....(.^.f|nT .
)DC......e%.i?......T22!.......U.-........Xt.iy.../....Y.`"...O.......
Yk.s.:_|.gj$.=.c...L...F.s.u8=......p|..2e.....o.:.e.......s.KKD.. \..
..Ts..R..5.... K....m".K#.q....Z.... ..2<.....p..=...-...[....o....
-.\s.%.q..Y:[email protected]}...b.l.#X............../.sJ>.^
.F.I..v.z..u..p.1.\...1..X^..M.:`.c.V..f.Z..E...kZ....f.:a...n.....TOs
9.3V..'.-.&..[...ju..c...m5W3.....Y......8.-.V7....=v..7{f.C....[.....
..0.) A.....Nr.6a.D...[.>..5T...í..b"...8.s/KO/....q.RxR9xZ.2.k.m
u.iK.9...iU.."..`$.x.y.....'c7"..i...........},...-......5.X*..0..SSJ.
,..?G.!...S.."=..[.M._.#......C'..A..u.s2..j..2i..E.6..,.....AB,..
<<< skipped >>>


GET /vMZK3m HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://VVV.google.com.hk/search?hl=zh-CN&q=依蘭雅閑
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; GreenBrowser)
Host: goo.gl
Connection: Keep-Alive


HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Tue, 26 Apr 2016 00:34:37 GMT
Location: hXXp://sybil1990.pixnet.net/blog/post/210038335-【推薦】依然優雅,依然心閑│依蘭雅閑幸福
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Content-Length: 284
Server: GSE
..........m..k.0.... B..8.Z.....{...C..=....V...._.....!..~.%\.i5 .^:e
...z.J.f..]..{.-.v.n....z...f....4....8. |......C.A...rs.^U[.n.?w.&..I
.<.j1]p1...=<Jy:.6.H....|.m.wK....<4.V..0.).G....B......&..:.
."....r....N.u..`.e@#p.3.Mn.....N...j..\..R.....a..`.3t..".j{...Y.....
........Z........


GET /vMZK3m HTTP/1.1


Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://VVV.google.com.hk/search?hl=zh-CN&q=依蘭雅閑
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; GreenBrowser)
Host: goo.gl
Connection: Keep-Alive


HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Tue, 26 Apr 2016 00:34:49 GMT
Location: hXXp://sybil1990.pixnet.net/blog/post/210038335-【推薦】依然優雅,依然心閑│依蘭雅閑幸福
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Content-Length: 284
Server: GSE
..........m..k.0.... B..8.Z.....{...C..=....V...._.....!..~.%\.i5 .^:e
...z.J.f..]..{.-.v.n....z...f....4....8. |......C.A...rs.^U[.n.?w.&..I
.<.j1]p1...=<Jy:.6.H....|.m.wK....<4.V..0.).G....B......&..:.
."....r....N.u..`.e@#p.3.Mn.....N...j..\..R.....a..`.3t..".j{...Y.....
........Z....HTTP/1.1 301 Moved Permanently..Content-Type: text/html; 
charset=UTF-8..Cache-Control: no-cache, no-store, max-age=0, must-reva
lidate..Pragma: no-cache..Expires: Mon, 01 Jan 1990 00:00:00 GMT..Date
: Tue, 26 Apr 2016 00:34:49 GMT..Location: hXXp://sybil1990.pixnet.net
/blog/post/210038335-【推薦】依ç%
84¶å„ªé›…,依然心閑%E
2”‚依蘭雅閑幸福..Content
-Encoding: gzip..X-Content-Type-Options: nosniff..X-Frame-Options: SAM
EORIGIN..X-XSS-Protection: 1; mode=block..Content-Length: 284..Server:
 GSE............m..k.0.... B..8.Z.....{...C..=....V...._.....!..~.%\.i
5 .^:e...z.J.f..]..{.-.v.n....z...f....4....8. |......C.A...rs.^U[.n.?
w.&..I.<.j1]p1...=<Jy:.6.H....|.m.wK....<4.V..0.).G....B.....
.&..:.."....r....N.u..`.e@#p.3.Mn.....N...j..\..R.....a..`.3t..".j{...
Y.............Z........
<<< skipped >>>

GET /vMZK3m HTTP/1.1


Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://VVV.google.com.hk/search?hl=zh-CN&q=依蘭雅閑
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; GreenBrowser)
Host: goo.gl
Connection: Keep-Alive


HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Tue, 26 Apr 2016 00:34:55 GMT
Location: hXXp://sybil1990.pixnet.net/blog/post/210038335-【推薦】依然優雅,依然心閑│依蘭雅閑幸福
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Content-Length: 284
Server: GSE
..........m..k.0.... B..8.Z.....{...C..=....V...._.....!..~.%\.i5 .^:e
...z.J.f..]..{.-.v.n....z...f....4....8. |......C.A...rs.^U[.n.?w.&..I
.<.j1]p1...=<Jy:.6.H....|.m.wK....<4.V..0.).G....B......&..:.
."....r....N.u..`.e@#p.3.Mn.....N...j..\..R.....a..`.3t..".j{...Y.....
........Z....HTTP/1.1 301 Moved Permanently..Content-Type: text/html; 
charset=UTF-8..Cache-Control: no-cache, no-store, max-age=0, must-reva
lidate..Pragma: no-cache..Expires: Mon, 01 Jan 1990 00:00:00 GMT..Date
: Tue, 26 Apr 2016 00:34:55 GMT..Location: hXXp://sybil1990.pixnet.net
/blog/post/210038335-【推薦】依ç%
84¶å„ªé›…,依然心閑%E
2”‚依蘭雅閑幸福..Content
-Encoding: gzip..X-Content-Type-Options: nosniff..X-Frame-Options: SAM
EORIGIN..X-XSS-Protection: 1; mode=block..Content-Length: 284..Server:
 GSE............m..k.0.... B..8.Z.....{...C..=....V...._.....!..~.%\.i
5 .^:e...z.J.f..]..{.-.v.n....z...f....4....8. |......C.A...rs.^U[.n.?
w.&..I.<.j1]p1...=<Jy:.6.H....|.m.wK....<4.V..0.).G....B.....
.&..:.."....r....N.u..`.e@#p.3.Mn.....N...j..\..R.....a..`.3t..".j{...
Y.............Z........
<<< skipped >>>

GET /vMZK3m HTTP/1.1


Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://VVV.google.com.hk/search?hl=zh-CN&q=依蘭雅閑
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; GreenBrowser)
Host: goo.gl
Connection: Keep-Alive


HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Tue, 26 Apr 2016 00:35:01 GMT
Location: hXXp://sybil1990.pixnet.net/blog/post/210038335-【推薦】依然優雅,依然心閑│依蘭雅閑幸福
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Content-Length: 284
Server: GSE
..........m..k.0.... B..8.Z.....{...C..=....V...._.....!..~.%\.i5 .^:e
...z.J.f..]..{.-.v.n....z...f....4....8. |......C.A...rs.^U[.n.?w.&..I
.<.j1]p1...=<Jy:.6.H....|.m.wK....<4.V..0.).G....B......&..:.
."....r....N.u..`.e@#p.3.Mn.....N...j..\..R.....a..`.3t..".j{...Y.....
........Z......



GET /clt/config/bl_6.5.dat?t=1460363816&checksum=&cid=2899DC5428A441E9A68355A1AEF4DD32 HTTP/1.1
Cache-Control: no-cache
User-Agent: RemoteUpdater : 6.5.63.5
Host: cltres.liuliangbao.cn
Connection: Close


HTTP/1.1 200 OK
Server: nginx
Date: Tue, 26 Apr 2016 00:34:38 GMT
Content-Type: application/octet-stream
Content-Length: 3476
Last-Modified: Mon, 11 Apr 2016 08:36:56 GMT
Connection: close
ETag: "570b6228-d94"
Accept-Ranges: bytes
1IFI9F13f04d0a59595956b1ff113d73e5329ad41d8cd98f00b204e9800998ecf8427e
c12722edbbd75af2b61ad506ac23d0418399ba1412b98982561012e6e2225ddb1fc196
f5ab36a9318ecc92646bfe680f6070e8013dd57f5c829eff913b833eb7b27102f9c527
f115c740bf6743fb5d41824b8fc3c26143856da2ba203aa2c17c09cb53db9e13041628
a20896304ad3c30cdc36764151bbf01bce4ad0e03f0e2de2c3aa0c997c8741ad3ae47b
6272a11b92238601f795d59736e13e8d44582d6a66ba207a45518b14ac7fb933f2dffa
253736de10246fdacc67d8afefa177dccf73ce6516a1f598d9b4bb72deaba323a4dc8f
91a7793efc4bcb68ad2aae94f83cbce4d4e33611f5004cbf4406ab8e8a2d6ec7f3d301
d5c75b3410059bf8cc11dd0d30d683f3d35d93fbe8c41702ff2bd2093042e3eb1e9127
4a26ee5e7bdc4d9fe04c00d03106237949417513f7a34d056be24ca4d0930f5282ef1e
1829677ac1a63487b56a73ab9a536289896d5a06f2fbe8c41702ff2bd2093042e3eb1e
9127612408c25ef9ce4f49ccd98b2b30048135bf030fc451e29c0f17b5ec668c9984cd
dbb54cf47b737d3e07bcf411b2083be8d495803637f7d26ed76dc61859e666a018b0f3
389ed8db6c0cfe7ea77140506d96ee3173ba7cb6727989611ac6f1c2acf8fd12ce4266
3c2806ae710e75dd34915234321c4466603c541b6c4763d6f7e88fb7cac6e8c9896a70
a7ae28b6736b97d77bcd85dc384d564904bc33f9beeb8c3ba9c4eef13f9a2b9520dd71
aeb8d44a425948890b5b50d8bb702fc2eac708ed097775ccb2108995584cabc0ba4f32
8c38dde7fde481a9742034d31055a9142806ae710e75dd343e6c08ea181531e3d23d18
049469183fe88fb7cac6e8c98962e11f58cd67fd0f04ed55facb064db6793e6354d5d2
7072734fa2baf01f018a2fc08c93eff1bd9a9a58a32fb4dcd06be1afedbfc14b594a0a
05185dae2b2bc41e3ca16bee63dc2b4bfe12001ddd37346214d7a3e071d5bb13be6cc4
516d4ebd1fc2712507c7f6e47edfd75b05cd671c89998d0ca1333141f110f02fd8
<<< skipped >>>


GET /clt/config/bts_tm.dat.zip HTTP/1.1
Cache-Control: no-cache
User-Agent: RemoteUpdater : 6.5.63.5
Host: cltres.liuliangbao.cn
Connection: Close


HTTP/1.1 200 OK
Server: nginx
Date: Tue, 26 Apr 2016 00:34:33 GMT
Content-Type: application/zip
Content-Length: 34634
Last-Modified: Mon, 04 Jan 2016 05:06:39 GMT
Connection: close
ETag: "5689fddf-874a"
Accept-Ranges: bytes
............[.,;.e9%..:..z.|[email protected])........_w.&
lt;w.O....n.3.....y.......:......~..}.].......F.3......'..Z........k.s
...;N.m..z8.;FY-...3........6.\...url..4.S....W.O,{.x.....Ox....My....
>k.OYa.....y{......<..{nX3..[,.m......4..i.....f.....ys......<
;...g.]oyg:,Ly....a.B..}...........c.w..|..n(..u...Ya?......O....u!j.q
.w.....Q..,..5.}..I..J.;...Ye........pw.u....TJyc...;...=).nk.].o8{.p"
.>.Z......t.^.)y>.......R{...........{.....j.P......w9i.........
.....}G..]......`...<.[b.......2Y=.kgo......e....[:....oxNK..Z....;
..../.M.izf3...V.KW..S..1..u.s^,p..c.9....|ow...wWm9.^...V.8.{;O.V...x
c.....N..e....r..1..<\.l..............Z......u?U......{V... .......
.b.-....g.E.(.S.]. ....OP............O;../...=#...9...s..V.w..s....2.o
.X.."...6.>..6......L...q..U.-...M....m<8X..Z.a..Y.....q.g..Y...
t..>o...........&.).A[!......4k..].)0n..a...J..D.:...b0.....H...\..
1].`.<.m....v7..*....X..<|.cG.=.........c<<{....V,.o....&l
t;W^.E-.j.g...<}.._...0...r...8..../v^.0.<............6....<.
...N..UV.}..3...S......"......J.. Uz0..n..... ....Z..&.?....%.e0#<,
V....F......s....6.>Y.v.h.MaD../.t.J.Y|.(......M."|.t.$.......... .
.G{.l..M..{R...n'[email protected]{^b...A.C4...N(M...x.s.3_~.l"[.D.xJ.ea....
...........B....'.r......v.0.........0..)......~....F.c..l........f...
Q....`..#P<..Soe3...=.g.u{..;..q.=g.%[email protected]..`c.)-@..!D6Vz...
>..7.."...].......*..Z*_.:.......?.......a...3.A.~&6...._.!5... ...
..u...0K^*.:@.............Jx....O....._..v.<.z[.1.*.. ..h..|...
<<< skipped >>>


GET /as/down/clt/config/blhash_6.5.dat.zip?t=1461441001&checksum=&cid=2899DC5428A441E9A68355A1AEF4DD32 HTTP/1.1
Cache-Control: no-cache
User-Agent: RemoteUpdater : 6.5.63.5
Host: ap.liuliangbao.cn
Connection: Close


HTTP/1.1 302 Found
Server: nginx
Date: Tue, 26 Apr 2016 00:34:27 GMT
Content-Type: application/zip
Content-Length: 0
Connection: close
Location: hXXp://cltres.liuliangbao.cn/clt/config/blhash_6.5.dat.zip



GET /ajax/libs/jquery/1.8.2/jquery.min.js HTTP/1.1
Accept: */*
Referer: hXXp://sybil1990.pixnet.net/blog/post/210038335-【推薦】依然優雅,依然心閑│依蘭雅閑幸福
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; GreenBrowser)
Host: ajax.googleapis.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript; charset=UTF-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Date: Sat, 23 Apr 2016 16:08:14 GMT
Expires: Sun, 23 Apr 2017 16:08:14 GMT
Last-Modified: Fri, 16 Oct 2015 18:27:31 GMT
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 33397
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
Age: 203184
...............F..........b..J.......ui.-[nKn....p#.*.D.T%...e.c~.Z.B.
.._Df"..e.}f.w..$......q9}.9...u..t..........x.e.....,V..i...uq.....G.
.lS..~........O.....(.^..at......j~...I6...z9-7.:PN.Yp...a.9..*.....7.
.w....(J....|...?-.z?......Mr.u...XN..._ ......6.7..b.,Y.~....7.6O7.U.
^o....T...[....oM_.c/...>.....6....;g!........:..N....n..<J..n..
.m.....x.[&.u......k...dCs1..v..z... .b.D....WS.w;...b..G..(..I....../
{...l...6.,.....a.d...._..i..x....H3.s..M.m/M...~...*..=A.tz..v....o..
..n.....5..K..(........~..y.kn@*q._.0.Q.n.g.).....4., ..F(......N'.e.t
.4.....l......A...........44.G-.T..&Mw...rG6*.....:...~..I..Ou..m.t.J&
gt;.r<.....\_U.<[email protected]....@b .....|.....
.a.X..]....3..;?..u..7..'...........d.,..3j.'..... ..f..;...Jm.......$
Y?..k...9.}..5...]vv...%[email protected]&......Gc.q.O.5...=..3..I..<:SE
4!\.'..?..y..,.P/.sj&S.3...n........Kq.....vJ.jC~!C.....nFJ.dZ$ .F...{
I>....X..z.F.f(....Z.a.'.*..f^.........T..........@-{...r...&....g.
....).s.r|L H].Q.61.*.k.....{R....B..G.}I.;:@..b.\O7.&EvU...e.)1O4....
5f2.'n..L.ih..zxq.[.xd..G7.N..].n.eC.K3.....O]..*%...\.hz(...........*
f.......%...........}kv".zN.*.E........B[..!2....t....]...N..:i...5i..
]0wl.V.@.^=.T.=.7..?....a...]ZB.N.y..,h..?.. ..89....A1....7.B....c@.{
..}......$..|...P..=.Y...r.nbA:....88..,......"KL.........p..!..h..w..
z.iZT4GA_,.......s*...2...r=..v......Q...p./?......2.. .............T.
..q.....&.......i.......4...=.n=/.r....wC.....@{....3'j...l&.Yr...|p&g
t;<.3.......G.~yK.....D..H&`.?..t....u.#%......i..2.L..<<
<<< skipped >>>

GET /ajax/libs/angularjs/1.2.0/angular.min.js HTTP/1.1


Accept: */*
Referer: hXXp://sybil1990.pixnet.net/blog/post/210038335-【推薦】依然優雅,依然心閑│依蘭雅閑幸福
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; GreenBrowser)
Host: ajax.googleapis.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript; charset=UTF-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Date: Fri, 08 Apr 2016 20:20:18 GMT
Expires: Sat, 08 Apr 2017 20:20:18 GMT
Last-Modified: Sun, 06 Dec 2015 19:30:07 GMT
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 36283
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
Age: 1484061
............gc..........Q.sDINvv....e..-..S(&..%.bQ.....gM.....s.}SD`0
..Y}.<..O&..(..>._.5.7.ku7..............7.D..$i.....?8.d......W.
..$.d.....>......j.,.....x/...7.EV_,..d.M.?....w7.....nJxwW........
g...}....B..4...7...u.F.p:.C.|>./..~..&i..L..@.<P%..t.&.Q...v..l
.[........{..I.iQ.=*....d...B..M.i.}...t:.M'T.u...0\...i...!.....rzN.1
..^s..FQ............h.@P7}....*..............k.....k....[....3.F.fc.k.
c..]w....0^.o#J.d....&...S.......M.'...^..9..Q...5.=...z.LV.8..`......
.O..T.L.q..K7..H.nI..T.......7...3.O.S.F........|s&.X}...h..z.a>.e.
...z...L...MD.N;"..lD...5...(...z...K.......S';............k.......mk.
....Ei.)....:..s.Z..QW.5......:_'z.Q..~X..DFC..S=..4.v..~._S{.W.>..
..NL.......[..A.Z.Q.....?.(..w.I?....;Y...v.?.I[M..:....GP..M.....r.x.
\...#..PH..fw>...6..q..5m.y5Y..]..........C.y...V............f.l...
...*_^.{p..o.O%UM;[email protected]}..h.... .z....Z..Y.B.[......\..
o..9.~..<,..`....Kd5j.%.....3.z.....V._*s.T..d..X..iu.._Y.....U...U
...C....|...;m.n.Y..:......f.[.b..(p2.G...xj.....M........wv3.........
...,.G.$B6<G#.NxXdK.q..*.......q.=....z.7e........pw.d.p..mD.......
....qF..W..=...Zv.....I.#.h....L.[.8...pQ..VE.......H6%kQ....a..4...F.
=.Ax^6.L7y.h.Ph7.9=Y.N....h...e.>....\'.]/$XT#.^..B....Z_r.sjx.cU..
.......%.P.^.Z...#*...R.....!W.v..a.7.TL......kE.I....cD..Q8=.v.l.i0.\
..w.W....b..'....Sm..;.`Us.6Q.....&_..._gw..M.4.....{(.sK.....Y...k...
w..a`.5`j.)..5........\<}..#W....rP.xz......E.-PA..^h6...%&.0...'r.
.V..E.K.%.yma.....}k.....t.Wroo7.{G.2G.Q .....X...F..".I..[......$
<<< skipped >>>


GET /broker-service/api/js?error='tagName' is null or not an object&file=http://VVV.dianping.com/contactus&line=2×tamp=1461630913003 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.dianping.com/contactus
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; AskTB5.6)
Host: 114.80.165.63
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: DP Web 2.0
Date: Tue, 26 Apr 2016 00:34:59 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 2
Connection: keep-alive
Keep-Alive: timeout=5
OKHTTP/1.1 200 OK..Server: DP Web 2.0..Date: Tue, 26 Apr 2016 00:34:59
 GMT..Content-Type: text/html;charset=UTF-8..Content-Length: 2..Connec
tion: keep-alive..Keep-Alive: timeout=5..OK..



GET /as/down/clt/config/blhash_6.5.dat.zip?t=1461441001&checksum=&cid=2899DC5428A441E9A68355A1AEF4DD32 HTTP/1.1
Cache-Control: no-cache
User-Agent: RemoteUpdater : 6.5.63.5
Host: ap.liuliangbao.cn
Connection: Close


HTTP/1.1 302 Found
Server: nginx
Date: Tue, 26 Apr 2016 00:34:27 GMT
Content-Type: application/zip
Content-Length: 0
Connection: close
Location: hXXp://cltres.liuliangbao.cn/clt/config/blhash_6.5.dat.zip



GET /hippo.gif?__hlt=VVV.dianping.com&__ppp=&__had={"r_pagetiming":"1","r_ready":"10812","r_load":"10812","reqid":"0a650671-1544ffd475f-f2fdf1a","serverguid":"0a650671-1544ffd475f-f0110af"}&force=1461630904456&__hsr=1366x768&__hsc=24bit&__hlh=http://VVV.dianping.com/contactus&__mv=||1|0 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.dianping.com/contactus
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; AskTB5.6)
Host: hls.dianping.com
Connection: Keep-Alive
Cookie: PHOENIX_ID=0a650671-1544ffd475f-f0110af; aburl=1; cy=1; cye=shanghai


HTTP/1.1 200 OK
Date: Tue, 26 Apr 2016 00:34:51 GMT
Content-Type: image/gif
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=5
Expires: Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: _hc.v="\"434f34b6-a217-4abf-9223-842c6954496c.1461630891\"";Domain=.dianping.com;Expires=Fri, 24-Apr-2026 00:34:51 GMT
Set-Cookie: _hc.s="\"434f34b6-a217-4abf-9223-842c6954496c.1461630891.1461630891.1461630891\"";Domain=hls.dianping.com;Expires=Tue, 26-Apr-2016 01:09:51 GMT
Over: end
Access-Control-Allow-Origin: *
Server: DPweb
Pragma: no-cache
Cache-Control: no-cache
2b..GIF89a.............!.......,...........D..;..0..HTTP/1.1 200 OK..D
ate: Tue, 26 Apr 2016 00:34:51 GMT..Content-Type: image/gif..Transfer-
Encoding: chunked..Connection: keep-alive..Keep-Alive: timeout=5..Expi
res: Thu, 01-Jan-1970 00:00:00 GMT..Set-Cookie: _hc.v="\"434f34b6-a217
-4abf-9223-842c6954496c.1461630891\"";Domain=.dianping.com;Expires=Fri
, 24-Apr-2026 00:34:51 GMT..Set-Cookie: _hc.s="\"434f34b6-a217-4abf-92
23-842c6954496c.1461630891.1461630891.1461630891\"";Domain=hls.dianpin
g.com;Expires=Tue, 26-Apr-2016 01:09:51 GMT..Over: end..Access-Control
-Allow-Origin: *..Server: DPweb..Pragma: no-cache..Cache-Control: no-c
ache..2b..GIF89a.............!.......,...........D..;..0......



GET /clt/config/GlobalConfig_6.5.ini?t=1460363816&checksum=&cid=2899DC5428A441E9A68355A1AEF4DD32 HTTP/1.1
Cache-Control: no-cache
User-Agent: RemoteUpdater : 6.5.63.5
Host: cltres.liuliangbao.cn
Connection: Close


HTTP/1.1 200 OK
Server: nginx
Date: Tue, 26 Apr 2016 00:34:26 GMT
Content-Type: application/octet-stream
Content-Length: 2804
Last-Modified: Mon, 11 Apr 2016 08:36:56 GMT
Connection: close
ETag: "570b6228-af4"
Accept-Ranges: bytes
..[.9.5.0.9.5.].....C.h.e.c.k.F.r.o.m.F.i.r.s.t.=.0.....D.e.s.c.r.i.p.
t.i.o.n.=.)Y s;So.....F.i.l.t.e.r.=.9.5.0.9.5...c.o.m.....F.r.o.m.T.y.
p.e.=.1.3.....T.o.=.d.e.t.a.i.l...y.a.o...9.5.0.9.5...c.o.m.....[.A.l.
e.x.a.S.e.t.t.i.n.g.].....A.I.D.L.i.f.e.T.i.m.e.=.3.....A.I.D.U.p.d.a.
t.e.D.a.y.=.2.0.1.2.0.2.1.7.....A.I.D.U.p.d.a.t.e.R.a.t.e.=.0.....C.h.
a.n.g.e.A.I.D.W.h.e.n.I.p.U.p.d.a.t.e.=.0.....[.D.o.m.a.i.n.F.i.l.t.e.
r.].....D.o.m.a.i.n.F.i.l.t.e.r.L.i.s.t.=.a.l.i.t.r.i.p.,.m.o.g.u.j.i.
e.,.m.e.i.l.i.s.h.u.o.,.9.5.0.9.5.....[.D.o.m.a.i.n.L.i.s.t.].....c.o.
u.n.t.r.y.=.a.c. .a.d. .a.e. .a.f. .a.g. .a.i. .a.l. .a.m. .a.n. .a.o.
 .a.q. .a.r. .a.s. .a.t. .a.u. .a.w. .a.z. .b.a. .b.b. .b.d. .b.e. .b.
f. .b.g. .b.h. .b.i. .b.j. .b.l. .b.m. .b.n. .b.o. .b.r. .b.s. .b.t. .
b.v. .b.w. .b.y. .b.z. .c.a. .c.c. .c.d. .c.f. .c.g. .c.h. .c.i. .c.k.
 .c.l. .c.m. .c.n. .c.o. .c.r. .c.s. .c.u. .c.v. .c.x. .c.y. .c.z. .d.
e. .d.j. .d.k. .d.m. .d.o. .d.z. .e.c. .e.e. .e.g. .e.r. .e.s. .e.t. .
e.u. .f.i. .f.j. .f.k. .f.m. .f.o. .f.r. .g.a. .g.b. .g.d. .g.e. .g.f.
 .g.g. .g.h. .g.i. .g.l. .g.m. .g.n. .g.p. .g.q. .g.r. .g.s. .g.t. .g.
u. .g.w. .g.y. .h.k. .h.m. .h.n. .h.r. .h.t. .h.u. .i.d. .i.e. .i.l. .
i.m. .i.n. .i.o. .i.q. .i.r. .i.s. .i.t. .j.e. .j.m. .j.o. .j.p. .k.e.
 .k.g. .k.h. .k.i. .k.m. .k.n. .k.p. .k.r. .k.t. .k.w. .k.y. .k.z. .l.
a. .l.b. .l.c. .l.i. .l.k. .l.r. .l.s. .l.t. .l.u. .l.v. .l.y. .m.a. .
m.c. .m.d. .m.e. .m.g. .m.h. .m.k. .m.l. .m.m. .m.n. .m.o. .m.p. .m.q.
 .m.r. .m.s. .m.t. .m.u. .m.v. .m.w. .m.x. .m.y. .m.z. .n.a. .n.c.
<<< skipped >>>


GET /as/down/clt/config/bts_tm.dat.zip?t=1451883999&checksum=&cid=2899DC5428A441E9A68355A1AEF4DD32 HTTP/1.1
Cache-Control: no-cache
User-Agent: RemoteUpdater : 6.5.63.5
Host: ap.liuliangbao.cn
Connection: Close


HTTP/1.1 302 Found
Server: nginx
Date: Tue, 26 Apr 2016 00:34:32 GMT
Content-Type: application/zip
Content-Length: 0
Connection: close
Location: hXXp://cltres.liuliangbao.cn/clt/config/bts_tm.dat.zip



GET /broker-service/api/single?v=1&ts=1461630912363&tu=/navigation&d=312&hs=200 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.dianping.com/contactus
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; AskTB5.6)
Host: catdot.dianping.com
Connection: Keep-Alive
Cookie: PHOENIX_ID=0a650671-1544ffd475f-f0110af; aburl=1; cy=1; cye=shanghai; _hc.v="\"03739d5b-18c4-42af-9900-87bee21fc228.1461630891\""


HTTP/1.1 200 OK
Server: DP Web 2.0
Date: Tue, 26 Apr 2016 00:34:59 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 5
Connection: keep-alive
Keep-Alive: timeout=5
ERROR....


GET /broker-service/api/single?v=1&ts=1461630912378&tu=/ajax/advertise&d=500 HTTP/1.1


Accept: */*
Referer: hXXp://VVV.dianping.com/contactus
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; AskTB5.6)
Host: catdot.dianping.com
Connection: Keep-Alive
Cookie: PHOENIX_ID=0a650671-1544ffd475f-f0110af; aburl=1; cy=1; cye=shanghai; _hc.v="\"03739d5b-18c4-42af-9900-87bee21fc228.1461630891\""


HTTP/1.1 200 OK
Server: DP Web 2.0
Date: Tue, 26 Apr 2016 00:35:00 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 5
Connection: keep-alive
Keep-Alive: timeout=5
ERRORHTTP/1.1 200 OK..Server: DP Web 2.0..Date: Tue, 26 Apr 2016 00:35
:00 GMT..Content-Type: text/html;charset=UTF-8..Content-Length: 5..Con
nection: keep-alive..Keep-Alive: timeout=5..ERROR..







The Trojan connects to the servers at the folowing location(s):







Ö»ÓÐÒ»¿ÅÌÇ¡Þ(Ë¢·ÖÖúÊÖ0329A).exe_1888:




.text
`.rdata
@.data
.rsrc
t$(SSh
~%UVW
u$SShe
UnloadKeyboardLayout
GetKeyboardLayoutList
GetKeyboardLayout
ActivateKeyboardLayout
GetKeyboardLayoutNameA
RegOpenKeyA
RegDeleteKeyA
RegCloseKey
RegCreateKeyA
RegFlushKey
LoadKeyboardLayoutA
@.reloc
kernel32.dll
Kernel32.dll
ntdll.dll
user32.dll
winmm.dll
gdiplus.dll
gdi32.dll
ole32.dll
olepro32.dll
msimg32.dll
atl.dll
Shlwapi.dll
shell32.dll
imm32.dll
MsgWaitForMultipleObjects
EnumWindows
GetAsyncKeyState
GdiplusShutdown
GdipSetImageAttributesColorKeys
SetWindowsHookExA
UnhookWindowsHookEx
GetKeyState
GdipSetStringFormatHotkeyPrefix
GdipGetStringFormatHotkeyPrefix
GdipSetPenLineJoin
GdipGetPenLineJoin
game.exe
0000000
) v4.4.6
: 90060013 2
: 1751106 3
:68640504
:200100052 6
4 .LRMP
Ed%CR
`.CsK
fZ.udi<
|<.og
o4W/.DO
%U7>V-
W.wd-
Z.wXx
8R.sGY
R.jN4
>_.wL
5.xMa
SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\GUIFont.Facename
imagelist_MsgBoxIcon_Metro
imagelist_MsgBoxIcon
:1751106 3
:68640504
\Index.txt
ShellExecuteA
use32.dll
dwmapi.dll
{00000117-0000-0000-C000-000000000046}
SUI:Http://Sysxo.com
Blog:Http://9339.me
Forum:Http://Sys8.cC
Version:2012.12.30.00
========================================== - [Sys8.cc]
GetProcessWindowStation
KERNEL32.dll
GetCPInfo
LzmaLib.dll
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
=&> >=>]>
2 2$2(2,2024282<2
=@{B96B3CAB-0728-11D3-9D7B-0000F81EF32E}
ws2_32.dll
S@Syser MsgBox
[email protected]
Operating
Index.txt
AutomaticKey
1.2.18
inflate 1.1.3 Copyright 1995-1998 Mark Adler
%*.*f
CNotSupportedException
commctrl_DragListMsg
Afx:%x:%x:%x:%x:%x
Afx:%x:%x
COMCTL32.DLL
CCmdTarget
MSWHEEL_ROLLMSG
__MSVCRT_HEAP_SELECT
MSVFW32.dll
AVIFIL32.dll
GetProcessHeap
WinExec
CreateDialogIndirectParamA
USER32.dll
GetViewportOrgEx
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
GetViewportExtEx
GDI32.dll
WINMM.dll
WINSPOOL.DRV
comdlg32.dll
RegOpenKeyExA
RegCreateKeyExA
ADVAPI32.dll
SHELL32.dll
OLEAUT32.dll
COMCTL32.dll
WS2_32.dll
xiaojie.dll
.PAVCException@@
.PAVCNotSupportedException@@
.PAVCFileException@@
(*.prn)|*.prn|
(*.*)|*.*||
Shell32.dll
Mpr.dll
Advapi32.dll
User32.dll
Gdi32.dll
(&07-034/)7 '
?? / %d]
%d / %d]
: %d]
(*.WAV;*.MID)|*.WAV;*.MID|WAV
(*.WAV)|*.WAV|MIDI
(*.MID)|*.MID|
(*.txt)|*.txt|
(*.JPG;*.BMP;*.GIF;*.ICO;*.CUR)|*.JPG;*.BMP;*.GIF;*.ICO;*.CUR|JPG
(*.JPG)|*.JPG|BMP
(*.BMP)|*.BMP|GIF
(*.GIF)|*.GIF|
(*.ICO)|*.ICO|
(*.CUR)|*.CUR|
%s:%d
windows
out.prn
%d.%d
%d / %d
%d/%d
Bogus message code %d
(%d-%d):
%ld%c
(*.avi)|*.avi
WPFT532.CNV
WPFT632.CNV
EXCEL32.CNV
write32.wpc
Windows Write
mswrd632.wpc
Word for Windows 6.0
wword5.cnv
Word for Windows 5.0
mswrd832.cnv
mswrd632.cnv
Word 6.0/95 for Windows & Macintosh
html32.cnv
.PAVCObject@@
.PAVCSimpleException@@
.PAVCMemoryException@@
.?AVCNotSupportedException@@
.PAVCResourceException@@
.PAVCUserException@@
.?AVCCmdTarget@@
.?AVCCmdUI@@
.?AVCTestCmdUI@@
.PAVCArchiveException@@
zcÁ
#include "l.chs\afxres.rc" // Standard components
0-131}1
=">(>>>`>
4M4
7,8084888/9
5"6'6-646
2 2$2(2,202
8 8$8(8,8
4 4$4(4,4044484
2!3 303:3
11X1d1
<)<5<8=~=
^}•D
IMM32.dll
imehost.dll
ImeProcessKey
Windows
:):3:9:|:
= =$=(=,=0=4=8=
? ?$?(?,?
.ime.bak
*.bak
Keyboard Layout
Keyboard Layout\Preload
%x{IDW
.EshG
GetWindowsDirectoryA
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\Temp\
0329A).exe
mscoree.dll
- Attempt to initialize the CRT more than once.
- CRT not initialized
- floating point support not loaded
KERNEL32.DLL
WUSER32.DLL
LZMA.dll
(*.*)
1.0.0.0
(hXXp://VVV.eyuyan.com)
1, 0, 0, 1
imedllhost09.ime

С½ç.exe_1076:




.text
`.rdata
@.data
.rsrc
@.reloc
xSSSh
FTPjKS
FtPj;S
C.PjRV
28^%u
>8_%u
RegOpenKeyTransactedW
RegCreateKeyTransactedW
RegDeleteKeyTransactedW
FRegDeleteKeyExW
urls
maxExeTime
CURLDetector
NtQueryValueKey
NtOpenKeyEx
CertOpenStore
CommitUrlCacheEntryA
CommitUrlCacheEntryW
TaskDialogIndirect
Kernel32.dll
Shell32.dll
Gdi32.dll
DSound.dll
dfdll.dll
Credui.dll
User32.dll
Crypt32.dll
Wintrust.dll
Wininet.dll
Comctl32.dll
Winmm.dll
SHELL32.dll
NTDLL.DLL
Shell32.dll
HTTP_STATUS_VERSION_NOT_SUP
HTTP_STATUS_GATEWAY_TIMEOUT
HTTP_STATUS_SERVICE_UNAVAIL
HTTP_STATUS_BAD_GATEWAY
HTTP_STATUS_NOT_SUPPORTED
HTTP_STATUS_SERVER_ERROR
HTTP_STATUS_RETRY_WITH
HTTP_STATUS_UNSUPPORTED_MEDIA
HTTP_STATUS_URI_TOO_LONG
HTTP_STATUS_REQUEST_TOO_LARGE
HTTP_STATUS_PRECOND_FAILED
HTTP_STATUS_LENGTH_REQUIRED
HTTP_STATUS_GONE
HTTP_STATUS_CONFLICT
HTTP_STATUS_REQUEST_TIMEOUT
HTTP_STATUS_PROXY_AUTH_REQ
HTTP_STATUS_NONE_ACCEPTABLE
HTTP_STATUS_BAD_METHOD
HTTP_STATUS_NOT_FOUND
HTTP_STATUS_FORBIDDEN
HTTP_STATUS_PAYMENT_REQ
HTTP_STATUS_DENIED
HTTP_STATUS_BAD_REQUEST
INET_E_INVALID_CERTIFICATE
INET_E_INVALID_URL
Visual C   CRT: Not enough memory to complete call to strerror.
portuguese-brazilian
Broken pipe
Inappropriate I/O control operation
Operation not permitted
operator
GetProcessWindowStation
1.2.8
-_.!~*'():
inflate 1.2.8 Copyright 1995-2013 Mark Adler
KERNEL32.dll
CreateDialogIndirectParamW
UnhookWindowsHookEx
SetWindowsHookExW
EnumChildWindows
USER32.dll
GDI32.dll
RegCloseKey
RegOpenKeyW
RegOpenKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegQueryInfoKeyW
RegEnumKeyExW
ADVAPI32.dll
ole32.dll
OLEAUT32.dll
SHDeleteKeyW
SHLWAPI.dll
UrlMkSetSessionOption
urlmon.dll
HttpSendRequestW
HttpAddRequestHeadersW
HttpOpenRequestW
WININET.dll
DSOUND.dll
dbghelp.dll
VERSION.dll
PSAPI.DLL
WINMM.dll
WINTRUST.dll
CRYPT32.dll
GetProcessHeap
GetCPInfo
WinExec
HttpQueryInfoW
InternetCrackUrlW
InternetCanonicalizeUrlW
WS2_32.dll
pdh.dll
.?AVIHttpSession@@
.?AVITaskReporter@@
.?AUIExecutorInfo@@
.?AV?$sp_counted_impl_p@VFeedbackReporter@@@detail@boost@@
.?AV?$ObservableAsync@VFeedbackReporter@@@@
.?AV?$enable_shared_from_this@VFeedbackReporter@@@boost@@
.?AVFeedbackReporter@@
.?AVIHttpProxyInfo@@
.?AVIHttpConfigurator@@
.?AVCTFExecuterDlg@@
.?AV?$CAxDialogImpl@VCTFExecuterDlg@@VCWindow@ATL@@@ATL@@
.?AUIWinInetHttpInfo@@
.?AV?$Singleton@VCURLDetector@@@@
.?AVCURLDetector@@
.?AV?$IDispatchImpl@UIATLBrowserHost@@$1?IID_IATLBrowserHost@@3U_GUID@@B$1?LIBID_TFExecuter4Lib@@3U3@B$00$0A@VCComTypeInfoHolder@ATL@@@ATL@@
.?AVAlxLocalExecuter@@
.?AVCExecuterEngine@@
.?AV?$IDispEventImpl@$0GG@VCHostATLHtmCtrl@@$1?DIID_DWebBrowserEvents2@@3U_GUID@@B$1?LIBID_SHDocVw@@3U3@B$00$00VCComTypeInfoHolder@ATL@@@ATL@@
.?AV?$IDispEventSimpleImpl@$0GG@VCHostATLHtmCtrl@@$1?DIID_DWebBrowserEvents2@@3U_GUID@@B@ATL@@
.?AV?$_IDispEventLocator@$0GG@$1?DIID_DWebBrowserEvents2@@3U_GUID@@B@ATL@@
.?AVCExecuterFlash@@
.?AVCExecuterEarn@@
.?AVCExecuterFlowBase@@
.?AVCExecuterKWConfig@@
.?AVCExecuterKWBase@@
.?AVCExecuterFlow@@
.?AVCExecuterPage@@
.?AVCExecuterPopup@@
zcÁ
.?AV?$sp_counted_impl_p@VHttpSession@@@detail@boost@@
.?AV?$ObservableSync@VHttpSession@@@@
.?AV?$enable_shared_from_this@VHttpSession@@@boost@@
.?AVThreadID2Request@HttpSession@@
.?AVThreadID2Param@?$AsyncFunctionCaller@VRequestInfo@HttpSession@@V12@@@
.?AVHttpSession@@
0%0S0z0
203F3W3n3
3"3*373?3
383S3a3
4 4$4(4,4
6 6$6(6,60646
8™9F9p9
9&:8:#<*<
<#<0<=<{<
0%1 141;1]1
5!5%5)535`5
5$5,585\5|5
=$=,=8=\=|=
2 2@2\2`2
4 4$4,4@4`4
7 7<7@7`7|7
%s\%s\%s
cfg.ini
%s%sSCConfig.dat
@%s\%s
Software\Microsoft\Windows\CurrentVersion\Run
Advapi32.dll
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_DYN_DATA
HKEY_CURRENT_CONFIG
log.txt
6.%s.%d.5
6.%s.%d.%d
r%s=%s
@"%s"
AHKEY_PERFORMANCE_NLSTEXT
HKEY_PERFORMANCE_TEXT
ThreadID(%d) %s :
ThreadID(%d)[%s] %s :
d-d-d d:d:d.d
*.dmp
Process is cracked, Commandline is : %s
currentDump.desc
%s(%s)_ddddddd.dmp
A.dll
%d.%d.%d.%d
xxxxxxxxxxxxxxxx
DeleteFolder %s
RemoteUpdater : %s
content_shell.exe
%s%s%s%s
%s\%s\
URLConfiguration.xml
Sync config data to server: %s
=%s&r
=%d&p
=%d&c
=%s&t
SaveCfg Response: %s
AEncrypterKeyList
%s^%d^%d^
%s|%d
GhXXp://%s/redirect/CFGUpdate?number=%s&checksum=%s&cid=%s&rd=%d
zipUrl
xml.dat
polyUrl
Trans response to string:%s
New process forbid : Tasktype limit (%d) overflow
New process forbid : Auto level max count((%d) overflow
New process forbid : Running max count(%d) overflow
New process forbid : CPU Max(%d) overflow
New task(PID: %d)Processed! Param is %s
Create task processed error! ErrorCode is %d.
Can not find Executor! (path : %s)
FetchTaskList : Trans response to string: %s
aws:UrlInfoResult
GProxyByPass
ProxyPassword
Bn=%s
hXXp://%s/clt/jobid/%s
hid=%s&cid=%s&jid=%s
RequestType : %d.Trans response to string:%s
Translate HeartBeat Response to string:%s
i=%s&si=%s
CTo fetch backup server domain form : %s
URLConfig
Add new server domain %s
ap%d.%s
hXXp://img01.taobaocdn.com/imgextra/i1/58465055/T2EoRRXbJdXXXXXXXX_!!58465055.jpg
hXXp://img04.taobaocdn.com/imgextra/i4/58465055/T2SyJhXoRNXXXXXXXX_!!58465055.jpg
hXXp://img03.taobaocdn.com/imgextra/i3/58465055/T2BulKXdhcXXXXXXXX_!!58465055.jpg
hXXp://%s/ts/f4/
hXXp://%s/ts/f3/
hXXp://%s/ts/f2.2/
hXXp://%s/ts/f7/
hXXp://%s/as/c/f9/
hXXp://%s/as/c/f8/
hXXp://%s/as/c/f10.1/
hXXp://%s/as/2/h5/
hXXp://%s/as/2/h1/
hXXp://%s/as/2/h2/
hXXp://%s/as/c/f11/
hXXp://%s/as/2/h4/
hXXp://%s/as/2/h3/
hXXp://%s/as/c/f5/
ChXXp://
Current count of task in taskContainer is %d
Render task's param is %s
ghXXp://VVV.baidu.com/
Dhttps
type:%d,
D.css
shell.explorer
{0d43fe01-f093-11cf-8940-00a0c9054228}
{13709620-c279-11ce-a49e-444553540000}
{00000566-0000-0010-8000-00aa006d2ea4}
{093ff999-1ea0-4079-9525-9614c3504b74}
{72c24dd5-d70a-438b-8a42-98424b88afb8}
{6bf52a52-394a-11d3-b153-00c04f79faa6}
{2d360201-fff5-11d1-8d03-00a0c959bc0a}
{e05bc2a3-9a46-4a32-80c9-023a473f5b23}
XMLHTTP
bmp;rar;wma;wav;mp3;mp4;mid;midi;asf;exe;avi;dat;bat;iso;mpeg;mpg;mpga;ra;rar;dll;ogg;acc;ape;reg;rm;rmvb;tar;wma;wmp;wmv;mov;zip;3gp;chm;mdf;torrent;jar;msi;dmg;apk;crx;pdf;7z;mkv;doc;docx;xls;xlsx;ppt;pptx;mdb;xps
runtask.dat
liuliangbao.cn
sap1200.com
mshtml.dll
%s\%ld
lShell32.DLL
EhXXp://%s:%d
hXXp://%s
.html
hXXp://%s/%d/
function GetClickUrl(target,match){if(target.indexOf('baidu')>0){var tables=document.getElementsByTagName('div');for(var i=0;i<tables.length;i  ){var table=tables[i];if(table.className.indexOf('c-container')!=-1){var a=table.getElementsByTagName('a')[0];var ele=null;var spans=table.getElementsByTagName('span');if(spans.length>0){ele=spans[0]}else{var fonts=table.getElementsByTagName('font');if(fonts.length>2){ele=fonts[2]}}if(ele){var text=ele.innerText.split(' ',2)[0];if(text.indexOf(match)!=-1){return a.href}}}}return''}else return null}
function DoMoreThing(target){if(target.indexOf('google')>0){var table=document.getElementsByTagName('div');for(var i=0;i<table.length;i  ){if(table[i].className=='gstl_0 sbdd_a'){table[i].style.display='none';}}}}
function IsNextPageUrl(target,url,anchor) { return anchor.indexOf('
')!=-1; }
function IsDisallowDomain(target,domain,path){if(target.indexOf('baidu')>0){if(domain.indexOf('cbjs.baidu')!=-1||domain.indexOf('cpro.baidu')!=-1||domain.indexOf('hm.baidu')!=-1)return true;return domain.indexOf('baidu')==-1&&domain.indexOf('bdstatic')==-1};else if(target.indexOf('soso')>0)return domain.indexOf('soso')==-1&&domain.indexOf('qstatic')==-1&&domain.indexOf('qq.com')==-1;else if(target.indexOf('sogou')>0)return domain.indexOf('sogou')==-1;else if(target.indexOf('google')>0)return domain.indexOf('google')==-1&&domain.indexOf('gstatic')==-1;else if(target.indexOf('youdao')>0)return domain.indexOf('youdao')==-1&&domain.indexOf('ydstatic')==-1;else if(target.indexOf('bing')>0)return domain.indexOf('bing')==-1||path.indexOf('hprichbg')!=-1;else if(target.indexOf('yahoo')>0)return domain.indexOf('yahoo')==-1&&domain.indexOf('yimg')==-1&&domain.indexOf('aliyun')==-1&&domain.indexOf('tanx')==-1&&domain.indexOf('limgs')==-1;else if(target.indexOf('haosou')>0)return domain.indexOf('360')==-1&&domain.indexOf('qhupdate')==-1&&domain.indexOf('qhimg')==-1&&domain.indexOf('haosou')==-1}
function IsSearchButton(target,type,name,id,clas){if(target.indexOf('baidu')>0)return type=='submit'&&id=='su';else if(target.indexOf('soso')>0)return type=='submit'&&(id=='stb'||clas=='s_button'||id=='searchHeaderSubmit');else if(target.indexOf('sogou')>0)return type=='submit'&&(id=='stb'||id=='searchBtn');else if(target.indexOf('google')>0){if(target.indexOf('#0#')>0)return type=='submit'&&name=='btnK';else return type=='submit'&&name=='btnG'}else if(target.indexOf('youdao')>0)return type=='submit'&&(id=='qb'||clas=='s-btn');else if(target.indexOf('bing')>0)return type=='submit'&&id=='sb_form_go';else if(target.indexOf('yahoo')>0)return type=='submit';else if(target.indexOf('haosou')>0)return type=='submit'&&(id=='search-button'||id=='su')}
function IsSearchInput(target,type,name,id,clas){if(target.indexOf('baidu')>0)return type=='text'&&id=='kw';else if(target.indexOf('soso')>0)return type=='text'&&(id=='query'||id=='upquery')&&name=='query';else if(target.indexOf('sogou')>0)return type=='text'&&(id=='query'||id=='upquery')&&name=='query';else if(target.indexOf('google')>0)return type=='text'&&id=='lst-ib'&&name=='q';else if(target.indexOf('youdao')>0)return type=='text'&&id=='query'&&name=='q';else if(target.indexOf('bing')>0)return id=='sb_form_q'&&name=='q';else if(target.indexOf('yahoo')>0)return type=='text'&&(id=='ysearchq'||id=='qtop')&&name=='q';else if(target.indexOf('haosou')>0)return type=='text'&&name=='q'}
FGetClickUrl
IsNextPageUrl
Esap1000.com:8011
FContent-Type: application/x-www-form-urlencoded
HTTP/1.1
Report
F127.0.0.1
192.168.255.255
192.168.0.0
172.31.255.255
172.16.0.0
10.255.255.255
10.0.0.0
bl.dat
.tmall.
.taobao.
Fblhash.dat
%s%s%s
%s%s:%d%s
hXXps://
http:
shlwapi.dll
errorUrl
openurl
ddd
rq=%d&ss=%dx%d&t=%d&ttl=%d&wid=%d&locale=%s
G{%d~}_
{%d_%d}_
{%d}_
onkeydown
mscoree.dll
KERNEL32.DLL
- Attempt to initialize the CRT more than once.
- CRT not initialized
- floating point support not loaded
WUSER32.DLL
Iddd
I%d.%d.%d
%s(ActiveCore:%d)
Microsoft Windows 95
Microsoft Windows NT 4.0
Microsoft Windows 98
Microsoft Windows Me
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003 R2
Microsoft Windows Server 2003
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Microsoft Windows Server 2012 R2
Microsoft Windows 8
%s@%s (v%s-%s) || Hardware:{CPU:%s,Memory:%s}|| BrowserAgent : %s || Openner : %s || InnerIP : %s || PeerSoftware : %s
Request send failed. Err code:%d
set cookie:%s
GetResponse data is : %s
::HttpSendRequest To %s failed------>>>>! Error code is %d
Internet handle(%d) post data is : %s
HttpSession's request has Completed! StatusCode is %d
Post data thread start ! Internet handle is : %d
cannot open request!! Error code is %d
cannot open Internet!! Error code is %d
Send request thread start ! target is : %s
llb/%s
ITerminateProcess Failed . ErrorCode is %d
TaskKill /pid %d /f
::HttpSendRequest function failed------>>>>!
%s at offset %d unterminated
Incorrect %s at offset %d
%s%d bytes to %d wide chars
%d wide chars to %s%d bytes
Element '%s' at offset %d not ended
End tag '%s' at offset %d does not match start tag '%s' at offset %d
No start tag for end tag '%s' at offset %d
%s#%d
\Process(%s)\
AlexaToolbar.10.0.dll
kernel32.dll
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\Temp\
liuliangbao_A9B8CC67.exe
TFExecuter4
VVV.microsoft.com
1.1.63.781

С½ç.exe_1076_rwx_004C3000_00001000:




RegOpenKeyTransactedW
RegCreateKeyTransactedW
RegDeleteKeyTransactedW
FRegDeleteKeyExW
%s\%s\%s
cfg.ini
%s%sSCConfig.dat
@%s\%s
Software\Microsoft\Windows\CurrentVersion\Run
Advapi32.dll
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_DYN_DATA
HKEY_CURRENT_CONFIG

С½ç.exe_1076_rwx_59A61000_00001000:




debug(%s)
FindExecutableImageEx-> Looking for %s...
file error 0x%x
FindDebugInfoFileEx-> Looking for %s...
FindExecutableImageEx-> Searching %s for %s...
YRECURSIVE %s
pdb error 0x%x
invalid executable image
dia error 0x%x
diaLocatePDB-> Looking for %s...
couldn't match name! disp=0x%x rva=0x%x addr=0x%I64x
Import Address Table
Bound Import
Import
Export
Windows CUI
Windows GUI
EXPORT
x`x
0x%s -
%d loaded modules...
Couldn't find process 0x%x
%s!%s

С½ç.exe_1076_rwx_5D091000_00001000:




COMCTL32.dll

С½ç.exe_1076_rwx_662B1000_00001000:




HKEY_CURRENT_CONFIG
HKEY_DYN_DATA
HKEY_PERFORMANCE_DATA
HKEY_USERS
HKEY_LOCAL_MACHINE
HKEY_CURRENT_USER
HKEY_CLASSES_ROOT
oleaut32.dll

С½ç.exe_164:




.text
`.rdata
@.data
.rsrc
@.reloc
xSSSh
FTPjKS
FtPj;S
C.PjRV
28^%u
>8_%u
RegOpenKeyTransactedW
RegCreateKeyTransactedW
RegDeleteKeyTransactedW
FRegDeleteKeyExW
urls
maxExeTime
CURLDetector
NtQueryValueKey
NtOpenKeyEx
CertOpenStore
CommitUrlCacheEntryA
CommitUrlCacheEntryW
TaskDialogIndirect
Kernel32.dll
Shell32.dll
Gdi32.dll
DSound.dll
dfdll.dll
Credui.dll
User32.dll
Crypt32.dll
Wintrust.dll
Wininet.dll
Comctl32.dll
Winmm.dll
SHELL32.dll
NTDLL.DLL
Shell32.dll
HTTP_STATUS_VERSION_NOT_SUP
HTTP_STATUS_GATEWAY_TIMEOUT
HTTP_STATUS_SERVICE_UNAVAIL
HTTP_STATUS_BAD_GATEWAY
HTTP_STATUS_NOT_SUPPORTED
HTTP_STATUS_SERVER_ERROR
HTTP_STATUS_RETRY_WITH
HTTP_STATUS_UNSUPPORTED_MEDIA
HTTP_STATUS_URI_TOO_LONG
HTTP_STATUS_REQUEST_TOO_LARGE
HTTP_STATUS_PRECOND_FAILED
HTTP_STATUS_LENGTH_REQUIRED
HTTP_STATUS_GONE
HTTP_STATUS_CONFLICT
HTTP_STATUS_REQUEST_TIMEOUT
HTTP_STATUS_PROXY_AUTH_REQ
HTTP_STATUS_NONE_ACCEPTABLE
HTTP_STATUS_BAD_METHOD
HTTP_STATUS_NOT_FOUND
HTTP_STATUS_FORBIDDEN
HTTP_STATUS_PAYMENT_REQ
HTTP_STATUS_DENIED
HTTP_STATUS_BAD_REQUEST
INET_E_INVALID_CERTIFICATE
INET_E_INVALID_URL
Visual C   CRT: Not enough memory to complete call to strerror.
portuguese-brazilian
Broken pipe
Inappropriate I/O control operation
Operation not permitted
operator
GetProcessWindowStation
1.2.8
-_.!~*'():
inflate 1.2.8 Copyright 1995-2013 Mark Adler
KERNEL32.dll
CreateDialogIndirectParamW
UnhookWindowsHookEx
SetWindowsHookExW
EnumChildWindows
USER32.dll
GDI32.dll
RegCloseKey
RegOpenKeyW
RegOpenKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegQueryInfoKeyW
RegEnumKeyExW
ADVAPI32.dll
ole32.dll
OLEAUT32.dll
SHDeleteKeyW
SHLWAPI.dll
UrlMkSetSessionOption
urlmon.dll
HttpSendRequestW
HttpAddRequestHeadersW
HttpOpenRequestW
WININET.dll
DSOUND.dll
dbghelp.dll
VERSION.dll
PSAPI.DLL
WINMM.dll
WINTRUST.dll
CRYPT32.dll
GetProcessHeap
GetCPInfo
WinExec
HttpQueryInfoW
InternetCrackUrlW
InternetCanonicalizeUrlW
WS2_32.dll
pdh.dll
.?AVIHttpSession@@
.?AVITaskReporter@@
.?AUIExecutorInfo@@
.?AV?$sp_counted_impl_p@VFeedbackReporter@@@detail@boost@@
.?AV?$ObservableAsync@VFeedbackReporter@@@@
.?AV?$enable_shared_from_this@VFeedbackReporter@@@boost@@
.?AVFeedbackReporter@@
.?AVIHttpProxyInfo@@
.?AVIHttpConfigurator@@
.?AVCTFExecuterDlg@@
.?AV?$CAxDialogImpl@VCTFExecuterDlg@@VCWindow@ATL@@@ATL@@
.?AUIWinInetHttpInfo@@
.?AV?$Singleton@VCURLDetector@@@@
.?AVCURLDetector@@
.?AV?$IDispatchImpl@UIATLBrowserHost@@$1?IID_IATLBrowserHost@@3U_GUID@@B$1?LIBID_TFExecuter4Lib@@3U3@B$00$0A@VCComTypeInfoHolder@ATL@@@ATL@@
.?AVAlxLocalExecuter@@
.?AVCExecuterEngine@@
.?AV?$IDispEventImpl@$0GG@VCHostATLHtmCtrl@@$1?DIID_DWebBrowserEvents2@@3U_GUID@@B$1?LIBID_SHDocVw@@3U3@B$00$00VCComTypeInfoHolder@ATL@@@ATL@@
.?AV?$IDispEventSimpleImpl@$0GG@VCHostATLHtmCtrl@@$1?DIID_DWebBrowserEvents2@@3U_GUID@@B@ATL@@
.?AV?$_IDispEventLocator@$0GG@$1?DIID_DWebBrowserEvents2@@3U_GUID@@B@ATL@@
.?AVCExecuterFlash@@
.?AVCExecuterEarn@@
.?AVCExecuterFlowBase@@
.?AVCExecuterKWConfig@@
.?AVCExecuterKWBase@@
.?AVCExecuterFlow@@
.?AVCExecuterPage@@
.?AVCExecuterPopup@@
zcÁ
.?AV?$sp_counted_impl_p@VHttpSession@@@detail@boost@@
.?AV?$ObservableSync@VHttpSession@@@@
.?AV?$enable_shared_from_this@VHttpSession@@@boost@@
.?AVThreadID2Request@HttpSession@@
.?AVThreadID2Param@?$AsyncFunctionCaller@VRequestInfo@HttpSession@@V12@@@
.?AVHttpSession@@
0%0S0z0
203F3W3n3
3"3*373?3
383S3a3
4 4$4(4,4
6 6$6(6,60646
8™9F9p9
9&:8:#<*<
<#<0<=<{<
0%1 141;1]1
5!5%5)535`5
5$5,585\5|5
=$=,=8=\=|=
2 2@2\2`2
4 4$4,4@4`4
7 7<7@7`7|7
%s\%s\%s
cfg.ini
%s%sSCConfig.dat
@%s\%s
Software\Microsoft\Windows\CurrentVersion\Run
Advapi32.dll
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_DYN_DATA
HKEY_CURRENT_CONFIG
log.txt
6.%s.%d.5
6.%s.%d.%d
r%s=%s
@"%s"
AHKEY_PERFORMANCE_NLSTEXT
HKEY_PERFORMANCE_TEXT
ThreadID(%d) %s :
ThreadID(%d)[%s] %s :
d-d-d d:d:d.d
*.dmp
Process is cracked, Commandline is : %s
currentDump.desc
%s(%s)_ddddddd.dmp
A.dll
%d.%d.%d.%d
xxxxxxxxxxxxxxxx
DeleteFolder %s
RemoteUpdater : %s
content_shell.exe
%s%s%s%s
%s\%s\
URLConfiguration.xml
Sync config data to server: %s
=%s&r
=%d&p
=%d&c
=%s&t
SaveCfg Response: %s
AEncrypterKeyList
%s^%d^%d^
%s|%d
GhXXp://%s/redirect/CFGUpdate?number=%s&checksum=%s&cid=%s&rd=%d
zipUrl
xml.dat
polyUrl
Trans response to string:%s
New process forbid : Tasktype limit (%d) overflow
New process forbid : Auto level max count((%d) overflow
New process forbid : Running max count(%d) overflow
New process forbid : CPU Max(%d) overflow
New task(PID: %d)Processed! Param is %s
Create task processed error! ErrorCode is %d.
Can not find Executor! (path : %s)
FetchTaskList : Trans response to string: %s
aws:UrlInfoResult
GProxyByPass
ProxyPassword
Bn=%s
hXXp://%s/clt/jobid/%s
hid=%s&cid=%s&jid=%s
RequestType : %d.Trans response to string:%s
Translate HeartBeat Response to string:%s
i=%s&si=%s
CTo fetch backup server domain form : %s
URLConfig
Add new server domain %s
ap%d.%s
hXXp://img01.taobaocdn.com/imgextra/i1/58465055/T2EoRRXbJdXXXXXXXX_!!58465055.jpg
hXXp://img04.taobaocdn.com/imgextra/i4/58465055/T2SyJhXoRNXXXXXXXX_!!58465055.jpg
hXXp://img03.taobaocdn.com/imgextra/i3/58465055/T2BulKXdhcXXXXXXXX_!!58465055.jpg
hXXp://%s/ts/f4/
hXXp://%s/ts/f3/
hXXp://%s/ts/f2.2/
hXXp://%s/ts/f7/
hXXp://%s/as/c/f9/
hXXp://%s/as/c/f8/
hXXp://%s/as/c/f10.1/
hXXp://%s/as/2/h5/
hXXp://%s/as/2/h1/
hXXp://%s/as/2/h2/
hXXp://%s/as/c/f11/
hXXp://%s/as/2/h4/
hXXp://%s/as/2/h3/
hXXp://%s/as/c/f5/
ChXXp://
Current count of task in taskContainer is %d
Render task's param is %s
ghXXp://VVV.baidu.com/
Dhttps
type:%d,
D.css
shell.explorer
{0d43fe01-f093-11cf-8940-00a0c9054228}
{13709620-c279-11ce-a49e-444553540000}
{00000566-0000-0010-8000-00aa006d2ea4}
{093ff999-1ea0-4079-9525-9614c3504b74}
{72c24dd5-d70a-438b-8a42-98424b88afb8}
{6bf52a52-394a-11d3-b153-00c04f79faa6}
{2d360201-fff5-11d1-8d03-00a0c959bc0a}
{e05bc2a3-9a46-4a32-80c9-023a473f5b23}
XMLHTTP
bmp;rar;wma;wav;mp3;mp4;mid;midi;asf;exe;avi;dat;bat;iso;mpeg;mpg;mpga;ra;rar;dll;ogg;acc;ape;reg;rm;rmvb;tar;wma;wmp;wmv;mov;zip;3gp;chm;mdf;torrent;jar;msi;dmg;apk;crx;pdf;7z;mkv;doc;docx;xls;xlsx;ppt;pptx;mdb;xps
runtask.dat
liuliangbao.cn
sap1200.com
mshtml.dll
%s\%ld
lShell32.DLL
EhXXp://%s:%d
hXXp://%s
.html
hXXp://%s/%d/
function GetClickUrl(target,match){if(target.indexOf('baidu')>0){var tables=document.getElementsByTagName('div');for(var i=0;i<tables.length;i  ){var table=tables[i];if(table.className.indexOf('c-container')!=-1){var a=table.getElementsByTagName('a')[0];var ele=null;var spans=table.getElementsByTagName('span');if(spans.length>0){ele=spans[0]}else{var fonts=table.getElementsByTagName('font');if(fonts.length>2){ele=fonts[2]}}if(ele){var text=ele.innerText.split(' ',2)[0];if(text.indexOf(match)!=-1){return a.href}}}}return''}else return null}
function DoMoreThing(target){if(target.indexOf('google')>0){var table=document.getElementsByTagName('div');for(var i=0;i<table.length;i  ){if(table[i].className=='gstl_0 sbdd_a'){table[i].style.display='none';}}}}
function IsNextPageUrl(target,url,anchor) { return anchor.indexOf('
')!=-1; }
function IsDisallowDomain(target,domain,path){if(target.indexOf('baidu')>0){if(domain.indexOf('cbjs.baidu')!=-1||domain.indexOf('cpro.baidu')!=-1||domain.indexOf('hm.baidu')!=-1)return true;return domain.indexOf('baidu')==-1&&domain.indexOf('bdstatic')==-1};else if(target.indexOf('soso')>0)return domain.indexOf('soso')==-1&&domain.indexOf('qstatic')==-1&&domain.indexOf('qq.com')==-1;else if(target.indexOf('sogou')>0)return domain.indexOf('sogou')==-1;else if(target.indexOf('google')>0)return domain.indexOf('google')==-1&&domain.indexOf('gstatic')==-1;else if(target.indexOf('youdao')>0)return domain.indexOf('youdao')==-1&&domain.indexOf('ydstatic')==-1;else if(target.indexOf('bing')>0)return domain.indexOf('bing')==-1||path.indexOf('hprichbg')!=-1;else if(target.indexOf('yahoo')>0)return domain.indexOf('yahoo')==-1&&domain.indexOf('yimg')==-1&&domain.indexOf('aliyun')==-1&&domain.indexOf('tanx')==-1&&domain.indexOf('limgs')==-1;else if(target.indexOf('haosou')>0)return domain.indexOf('360')==-1&&domain.indexOf('qhupdate')==-1&&domain.indexOf('qhimg')==-1&&domain.indexOf('haosou')==-1}
function IsSearchButton(target,type,name,id,clas){if(target.indexOf('baidu')>0)return type=='submit'&&id=='su';else if(target.indexOf('soso')>0)return type=='submit'&&(id=='stb'||clas=='s_button'||id=='searchHeaderSubmit');else if(target.indexOf('sogou')>0)return type=='submit'&&(id=='stb'||id=='searchBtn');else if(target.indexOf('google')>0){if(target.indexOf('#0#')>0)return type=='submit'&&name=='btnK';else return type=='submit'&&name=='btnG'}else if(target.indexOf('youdao')>0)return type=='submit'&&(id=='qb'||clas=='s-btn');else if(target.indexOf('bing')>0)return type=='submit'&&id=='sb_form_go';else if(target.indexOf('yahoo')>0)return type=='submit';else if(target.indexOf('haosou')>0)return type=='submit'&&(id=='search-button'||id=='su')}
function IsSearchInput(target,type,name,id,clas){if(target.indexOf('baidu')>0)return type=='text'&&id=='kw';else if(target.indexOf('soso')>0)return type=='text'&&(id=='query'||id=='upquery')&&name=='query';else if(target.indexOf('sogou')>0)return type=='text'&&(id=='query'||id=='upquery')&&name=='query';else if(target.indexOf('google')>0)return type=='text'&&id=='lst-ib'&&name=='q';else if(target.indexOf('youdao')>0)return type=='text'&&id=='query'&&name=='q';else if(target.indexOf('bing')>0)return id=='sb_form_q'&&name=='q';else if(target.indexOf('yahoo')>0)return type=='text'&&(id=='ysearchq'||id=='qtop')&&name=='q';else if(target.indexOf('haosou')>0)return type=='text'&&name=='q'}
FGetClickUrl
IsNextPageUrl
Esap1000.com:8011
FContent-Type: application/x-www-form-urlencoded
HTTP/1.1
Report
F127.0.0.1
192.168.255.255
192.168.0.0
172.31.255.255
172.16.0.0
10.255.255.255
10.0.0.0
bl.dat
.tmall.
.taobao.
Fblhash.dat
%s%s%s
%s%s:%d%s
hXXps://
http:
shlwapi.dll
errorUrl
openurl
ddd
rq=%d&ss=%dx%d&t=%d&ttl=%d&wid=%d&locale=%s
G{%d~}_
{%d_%d}_
{%d}_
onkeydown
mscoree.dll
KERNEL32.DLL
- Attempt to initialize the CRT more than once.
- CRT not initialized
- floating point support not loaded
WUSER32.DLL
Iddd
I%d.%d.%d
%s(ActiveCore:%d)
Microsoft Windows 95
Microsoft Windows NT 4.0
Microsoft Windows 98
Microsoft Windows Me
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003 R2
Microsoft Windows Server 2003
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Microsoft Windows Server 2012 R2
Microsoft Windows 8
%s@%s (v%s-%s) || Hardware:{CPU:%s,Memory:%s}|| BrowserAgent : %s || Openner : %s || InnerIP : %s || PeerSoftware : %s
Request send failed. Err code:%d
set cookie:%s
GetResponse data is : %s
::HttpSendRequest To %s failed------>>>>! Error code is %d
Internet handle(%d) post data is : %s
HttpSession's request has Completed! StatusCode is %d
Post data thread start ! Internet handle is : %d
cannot open request!! Error code is %d
cannot open Internet!! Error code is %d
Send request thread start ! target is : %s
llb/%s
ITerminateProcess Failed . ErrorCode is %d
TaskKill /pid %d /f
::HttpSendRequest function failed------>>>>!
%s at offset %d unterminated
Incorrect %s at offset %d
%s%d bytes to %d wide chars
%d wide chars to %s%d bytes
Element '%s' at offset %d not ended
End tag '%s' at offset %d does not match start tag '%s' at offset %d
No start tag for end tag '%s' at offset %d
%s#%d
\Process(%s)\
AlexaToolbar.10.0.dll
kernel32.dll
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\Temp\
liuliangbao_A9B8CC67.exe
TFExecuter4
VVV.microsoft.com
1.1.63.781

С½ç.exe_164_rwx_004C3000_00001000:




RegOpenKeyTransactedW
RegCreateKeyTransactedW
RegDeleteKeyTransactedW
FRegDeleteKeyExW
%s\%s\%s
cfg.ini
%s%sSCConfig.dat
@%s\%s
Software\Microsoft\Windows\CurrentVersion\Run
Advapi32.dll
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_DYN_DATA
HKEY_CURRENT_CONFIG

С½ç.exe_164_rwx_59A61000_00001000:




debug(%s)
FindExecutableImageEx-> Looking for %s...
file error 0x%x
FindDebugInfoFileEx-> Looking for %s...
FindExecutableImageEx-> Searching %s for %s...
YRECURSIVE %s
pdb error 0x%x
invalid executable image
dia error 0x%x
diaLocatePDB-> Looking for %s...
couldn't match name! disp=0x%x rva=0x%x addr=0x%I64x
Import Address Table
Bound Import
Import
Export
Windows CUI
Windows GUI
EXPORT
x`x
0x%s -
%d loaded modules...
Couldn't find process 0x%x
%s!%s

С½ç.exe_164_rwx_5AD71000_00001000:




UxTheme.dll

С½ç.exe_164_rwx_5D091000_00001000:




COMCTL32.dll

С½ç.exe_164_rwx_662B1000_00001000:




HKEY_CURRENT_CONFIG
HKEY_DYN_DATA
HKEY_PERFORMANCE_DATA
HKEY_USERS
HKEY_LOCAL_MACHINE
HKEY_CURRENT_USER
HKEY_CLASSES_ROOT
oleaut32.dll

С½ç.exe_164_rwx_66E51000_00001000:




shfolder.dll
shell32.dll
::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\::{BDEADF00-C265-11D0-BCED-00A0C90AB50F}
PROTOCOL_NOT_SUPPORTED
res://shdoclc.dll/http_gen.htm
res://shdoclc.dll/http_403.htm
res://shdoclc.dll/dnserror.htm
KB325355_INCREASE_WEBFOLDER_MAXURLLENGTH_TO_260CHAR
KB910365_INCREASE_WEBFOLDER_MAXURLLENGTH_TO_INTERNETMAXURLLENGTH
HKEY_CURRENT_CONFIG
HKEY_DYN_DATA
HKEY_PERFORMANCE_DATA
HKEY_USERS
HKEY_LOCAL_MACHINE
HKEY_CURRENT_USER
HKEY_CLASSES_ROOT

С½ç.exe_372:




.text
`.rdata
@.data
.rsrc
@.reloc
xSSSh
FTPjKS
FtPj;S
C.PjRV
28^%u
>8_%u
RegOpenKeyTransactedW
RegCreateKeyTransactedW
RegDeleteKeyTransactedW
FRegDeleteKeyExW
urls
maxExeTime
CURLDetector
NtQueryValueKey
NtOpenKeyEx
CertOpenStore
CommitUrlCacheEntryA
CommitUrlCacheEntryW
TaskDialogIndirect
Kernel32.dll
Shell32.dll
Gdi32.dll
DSound.dll
dfdll.dll
Credui.dll
User32.dll
Crypt32.dll
Wintrust.dll
Wininet.dll
Comctl32.dll
Winmm.dll
SHELL32.dll
NTDLL.DLL
Shell32.dll
HTTP_STATUS_VERSION_NOT_SUP
HTTP_STATUS_GATEWAY_TIMEOUT
HTTP_STATUS_SERVICE_UNAVAIL
HTTP_STATUS_BAD_GATEWAY
HTTP_STATUS_NOT_SUPPORTED
HTTP_STATUS_SERVER_ERROR
HTTP_STATUS_RETRY_WITH
HTTP_STATUS_UNSUPPORTED_MEDIA
HTTP_STATUS_URI_TOO_LONG
HTTP_STATUS_REQUEST_TOO_LARGE
HTTP_STATUS_PRECOND_FAILED
HTTP_STATUS_LENGTH_REQUIRED
HTTP_STATUS_GONE
HTTP_STATUS_CONFLICT
HTTP_STATUS_REQUEST_TIMEOUT
HTTP_STATUS_PROXY_AUTH_REQ
HTTP_STATUS_NONE_ACCEPTABLE
HTTP_STATUS_BAD_METHOD
HTTP_STATUS_NOT_FOUND
HTTP_STATUS_FORBIDDEN
HTTP_STATUS_PAYMENT_REQ
HTTP_STATUS_DENIED
HTTP_STATUS_BAD_REQUEST
INET_E_INVALID_CERTIFICATE
INET_E_INVALID_URL
Visual C   CRT: Not enough memory to complete call to strerror.
portuguese-brazilian
Broken pipe
Inappropriate I/O control operation
Operation not permitted
operator
GetProcessWindowStation
1.2.8
-_.!~*'():
inflate 1.2.8 Copyright 1995-2013 Mark Adler
KERNEL32.dll
CreateDialogIndirectParamW
UnhookWindowsHookEx
SetWindowsHookExW
EnumChildWindows
USER32.dll
GDI32.dll
RegCloseKey
RegOpenKeyW
RegOpenKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegQueryInfoKeyW
RegEnumKeyExW
ADVAPI32.dll
ole32.dll
OLEAUT32.dll
SHDeleteKeyW
SHLWAPI.dll
UrlMkSetSessionOption
urlmon.dll
HttpSendRequestW
HttpAddRequestHeadersW
HttpOpenRequestW
WININET.dll
DSOUND.dll
dbghelp.dll
VERSION.dll
PSAPI.DLL
WINMM.dll
WINTRUST.dll
CRYPT32.dll
GetProcessHeap
GetCPInfo
WinExec
HttpQueryInfoW
InternetCrackUrlW
InternetCanonicalizeUrlW
WS2_32.dll
pdh.dll
.?AVIHttpSession@@
.?AVITaskReporter@@
.?AUIExecutorInfo@@
.?AV?$sp_counted_impl_p@VFeedbackReporter@@@detail@boost@@
.?AV?$ObservableAsync@VFeedbackReporter@@@@
.?AV?$enable_shared_from_this@VFeedbackReporter@@@boost@@
.?AVFeedbackReporter@@
.?AVIHttpProxyInfo@@
.?AVIHttpConfigurator@@
.?AVCTFExecuterDlg@@
.?AV?$CAxDialogImpl@VCTFExecuterDlg@@VCWindow@ATL@@@ATL@@
.?AUIWinInetHttpInfo@@
.?AV?$Singleton@VCURLDetector@@@@
.?AVCURLDetector@@
.?AV?$IDispatchImpl@UIATLBrowserHost@@$1?IID_IATLBrowserHost@@3U_GUID@@B$1?LIBID_TFExecuter4Lib@@3U3@B$00$0A@VCComTypeInfoHolder@ATL@@@ATL@@
.?AVAlxLocalExecuter@@
.?AVCExecuterEngine@@
.?AV?$IDispEventImpl@$0GG@VCHostATLHtmCtrl@@$1?DIID_DWebBrowserEvents2@@3U_GUID@@B$1?LIBID_SHDocVw@@3U3@B$00$00VCComTypeInfoHolder@ATL@@@ATL@@
.?AV?$IDispEventSimpleImpl@$0GG@VCHostATLHtmCtrl@@$1?DIID_DWebBrowserEvents2@@3U_GUID@@B@ATL@@
.?AV?$_IDispEventLocator@$0GG@$1?DIID_DWebBrowserEvents2@@3U_GUID@@B@ATL@@
.?AVCExecuterFlash@@
.?AVCExecuterEarn@@
.?AVCExecuterFlowBase@@
.?AVCExecuterKWConfig@@
.?AVCExecuterKWBase@@
.?AVCExecuterFlow@@
.?AVCExecuterPage@@
.?AVCExecuterPopup@@
zcÁ
.?AV?$sp_counted_impl_p@VHttpSession@@@detail@boost@@
.?AV?$ObservableSync@VHttpSession@@@@
.?AV?$enable_shared_from_this@VHttpSession@@@boost@@
.?AVThreadID2Request@HttpSession@@
.?AVThreadID2Param@?$AsyncFunctionCaller@VRequestInfo@HttpSession@@V12@@@
.?AVHttpSession@@
0%0S0z0
203F3W3n3
3"3*373?3
383S3a3
4 4$4(4,4
6 6$6(6,60646
8™9F9p9
9&:8:#<*<
<#<0<=<{<
0%1 141;1]1
5!5%5)535`5
5$5,585\5|5
=$=,=8=\=|=
2 2@2\2`2
4 4$4,4@4`4
7 7<7@7`7|7
%s\%s\%s
cfg.ini
%s%sSCConfig.dat
@%s\%s
Software\Microsoft\Windows\CurrentVersion\Run
Advapi32.dll
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_DYN_DATA
HKEY_CURRENT_CONFIG
log.txt
6.%s.%d.5
6.%s.%d.%d
r%s=%s
@"%s"
AHKEY_PERFORMANCE_NLSTEXT
HKEY_PERFORMANCE_TEXT
ThreadID(%d) %s :
ThreadID(%d)[%s] %s :
d-d-d d:d:d.d
*.dmp
Process is cracked, Commandline is : %s
currentDump.desc
%s(%s)_ddddddd.dmp
A.dll
%d.%d.%d.%d
xxxxxxxxxxxxxxxx
DeleteFolder %s
RemoteUpdater : %s
content_shell.exe
%s%s%s%s
%s\%s\
URLConfiguration.xml
Sync config data to server: %s
=%s&r
=%d&p
=%d&c
=%s&t
SaveCfg Response: %s
AEncrypterKeyList
%s^%d^%d^
%s|%d
GhXXp://%s/redirect/CFGUpdate?number=%s&checksum=%s&cid=%s&rd=%d
zipUrl
xml.dat
polyUrl
Trans response to string:%s
New process forbid : Tasktype limit (%d) overflow
New process forbid : Auto level max count((%d) overflow
New process forbid : Running max count(%d) overflow
New process forbid : CPU Max(%d) overflow
New task(PID: %d)Processed! Param is %s
Create task processed error! ErrorCode is %d.
Can not find Executor! (path : %s)
FetchTaskList : Trans response to string: %s
aws:UrlInfoResult
GProxyByPass
ProxyPassword
Bn=%s
hXXp://%s/clt/jobid/%s
hid=%s&cid=%s&jid=%s
RequestType : %d.Trans response to string:%s
Translate HeartBeat Response to string:%s
i=%s&si=%s
CTo fetch backup server domain form : %s
URLConfig
Add new server domain %s
ap%d.%s
hXXp://img01.taobaocdn.com/imgextra/i1/58465055/T2EoRRXbJdXXXXXXXX_!!58465055.jpg
hXXp://img04.taobaocdn.com/imgextra/i4/58465055/T2SyJhXoRNXXXXXXXX_!!58465055.jpg
hXXp://img03.taobaocdn.com/imgextra/i3/58465055/T2BulKXdhcXXXXXXXX_!!58465055.jpg
hXXp://%s/ts/f4/
hXXp://%s/ts/f3/
hXXp://%s/ts/f2.2/
hXXp://%s/ts/f7/
hXXp://%s/as/c/f9/
hXXp://%s/as/c/f8/
hXXp://%s/as/c/f10.1/
hXXp://%s/as/2/h5/
hXXp://%s/as/2/h1/
hXXp://%s/as/2/h2/
hXXp://%s/as/c/f11/
hXXp://%s/as/2/h4/
hXXp://%s/as/2/h3/
hXXp://%s/as/c/f5/
ChXXp://
Current count of task in taskContainer is %d
Render task's param is %s
ghXXp://VVV.baidu.com/
Dhttps
type:%d,
D.css
shell.explorer
{0d43fe01-f093-11cf-8940-00a0c9054228}
{13709620-c279-11ce-a49e-444553540000}
{00000566-0000-0010-8000-00aa006d2ea4}
{093ff999-1ea0-4079-9525-9614c3504b74}
{72c24dd5-d70a-438b-8a42-98424b88afb8}
{6bf52a52-394a-11d3-b153-00c04f79faa6}
{2d360201-fff5-11d1-8d03-00a0c959bc0a}
{e05bc2a3-9a46-4a32-80c9-023a473f5b23}
XMLHTTP
bmp;rar;wma;wav;mp3;mp4;mid;midi;asf;exe;avi;dat;bat;iso;mpeg;mpg;mpga;ra;rar;dll;ogg;acc;ape;reg;rm;rmvb;tar;wma;wmp;wmv;mov;zip;3gp;chm;mdf;torrent;jar;msi;dmg;apk;crx;pdf;7z;mkv;doc;docx;xls;xlsx;ppt;pptx;mdb;xps
runtask.dat
liuliangbao.cn
sap1200.com
mshtml.dll
%s\%ld
lShell32.DLL
EhXXp://%s:%d
hXXp://%s
.html
hXXp://%s/%d/
function GetClickUrl(target,match){if(target.indexOf('baidu')>0){var tables=document.getElementsByTagName('div');for(var i=0;i<tables.length;i  ){var table=tables[i];if(table.className.indexOf('c-container')!=-1){var a=table.getElementsByTagName('a')[0];var ele=null;var spans=table.getElementsByTagName('span');if(spans.length>0){ele=spans[0]}else{var fonts=table.getElementsByTagName('font');if(fonts.length>2){ele=fonts[2]}}if(ele){var text=ele.innerText.split(' ',2)[0];if(text.indexOf(match)!=-1){return a.href}}}}return''}else return null}
function DoMoreThing(target){if(target.indexOf('google')>0){var table=document.getElementsByTagName('div');for(var i=0;i<table.length;i  ){if(table[i].className=='gstl_0 sbdd_a'){table[i].style.display='none';}}}}
function IsNextPageUrl(target,url,anchor) { return anchor.indexOf('
')!=-1; }
function IsDisallowDomain(target,domain,path){if(target.indexOf('baidu')>0){if(domain.indexOf('cbjs.baidu')!=-1||domain.indexOf('cpro.baidu')!=-1||domain.indexOf('hm.baidu')!=-1)return true;return domain.indexOf('baidu')==-1&&domain.indexOf('bdstatic')==-1};else if(target.indexOf('soso')>0)return domain.indexOf('soso')==-1&&domain.indexOf('qstatic')==-1&&domain.indexOf('qq.com')==-1;else if(target.indexOf('sogou')>0)return domain.indexOf('sogou')==-1;else if(target.indexOf('google')>0)return domain.indexOf('google')==-1&&domain.indexOf('gstatic')==-1;else if(target.indexOf('youdao')>0)return domain.indexOf('youdao')==-1&&domain.indexOf('ydstatic')==-1;else if(target.indexOf('bing')>0)return domain.indexOf('bing')==-1||path.indexOf('hprichbg')!=-1;else if(target.indexOf('yahoo')>0)return domain.indexOf('yahoo')==-1&&domain.indexOf('yimg')==-1&&domain.indexOf('aliyun')==-1&&domain.indexOf('tanx')==-1&&domain.indexOf('limgs')==-1;else if(target.indexOf('haosou')>0)return domain.indexOf('360')==-1&&domain.indexOf('qhupdate')==-1&&domain.indexOf('qhimg')==-1&&domain.indexOf('haosou')==-1}
function IsSearchButton(target,type,name,id,clas){if(target.indexOf('baidu')>0)return type=='submit'&&id=='su';else if(target.indexOf('soso')>0)return type=='submit'&&(id=='stb'||clas=='s_button'||id=='searchHeaderSubmit');else if(target.indexOf('sogou')>0)return type=='submit'&&(id=='stb'||id=='searchBtn');else if(target.indexOf('google')>0){if(target.indexOf('#0#')>0)return type=='submit'&&name=='btnK';else return type=='submit'&&name=='btnG'}else if(target.indexOf('youdao')>0)return type=='submit'&&(id=='qb'||clas=='s-btn');else if(target.indexOf('bing')>0)return type=='submit'&&id=='sb_form_go';else if(target.indexOf('yahoo')>0)return type=='submit';else if(target.indexOf('haosou')>0)return type=='submit'&&(id=='search-button'||id=='su')}
function IsSearchInput(target,type,name,id,clas){if(target.indexOf('baidu')>0)return type=='text'&&id=='kw';else if(target.indexOf('soso')>0)return type=='text'&&(id=='query'||id=='upquery')&&name=='query';else if(target.indexOf('sogou')>0)return type=='text'&&(id=='query'||id=='upquery')&&name=='query';else if(target.indexOf('google')>0)return type=='text'&&id=='lst-ib'&&name=='q';else if(target.indexOf('youdao')>0)return type=='text'&&id=='query'&&name=='q';else if(target.indexOf('bing')>0)return id=='sb_form_q'&&name=='q';else if(target.indexOf('yahoo')>0)return type=='text'&&(id=='ysearchq'||id=='qtop')&&name=='q';else if(target.indexOf('haosou')>0)return type=='text'&&name=='q'}
FGetClickUrl
IsNextPageUrl
Esap1000.com:8011
FContent-Type: application/x-www-form-urlencoded
HTTP/1.1
Report
F127.0.0.1
192.168.255.255
192.168.0.0
172.31.255.255
172.16.0.0
10.255.255.255
10.0.0.0
bl.dat
.tmall.
.taobao.
Fblhash.dat
%s%s%s
%s%s:%d%s
hXXps://
http:
shlwapi.dll
errorUrl
openurl
ddd
rq=%d&ss=%dx%d&t=%d&ttl=%d&wid=%d&locale=%s
G{%d~}_
{%d_%d}_
{%d}_
onkeydown
mscoree.dll
KERNEL32.DLL
- Attempt to initialize the CRT more than once.
- CRT not initialized
- floating point support not loaded
WUSER32.DLL
Iddd
I%d.%d.%d
%s(ActiveCore:%d)
Microsoft Windows 95
Microsoft Windows NT 4.0
Microsoft Windows 98
Microsoft Windows Me
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003 R2
Microsoft Windows Server 2003
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2008 R2
Microsoft Windows 7
Microsoft Windows Server 2012 R2
Microsoft Windows 8
%s@%s (v%s-%s) || Hardware:{CPU:%s,Memory:%s}|| BrowserAgent : %s || Openner : %s || InnerIP : %s || PeerSoftware : %s
Request send failed. Err code:%d
set cookie:%s
GetResponse data is : %s
::HttpSendRequest To %s failed------>>>>! Error code is %d
Internet handle(%d) post data is : %s
HttpSession's request has Completed! StatusCode is %d
Post data thread start ! Internet handle is : %d
cannot open request!! Error code is %d
cannot open Internet!! Error code is %d
Send request thread start ! target is : %s
llb/%s
ITerminateProcess Failed . ErrorCode is %d
TaskKill /pid %d /f
::HttpSendRequest function failed------>>>>!
%s at offset %d unterminated
Incorrect %s at offset %d
%s%d bytes to %d wide chars
%d wide chars to %s%d bytes
Element '%s' at offset %d not ended
End tag '%s' at offset %d does not match start tag '%s' at offset %d
No start tag for end tag '%s' at offset %d
%s#%d
\Process(%s)\
AlexaToolbar.10.0.dll
kernel32.dll
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\Temp\
liuliangbao_A9B8CC67.exe
TFExecuter4
VVV.microsoft.com
1.1.63.781

С½ç.exe_372_rwx_004C3000_00001000:




RegOpenKeyTransactedW
RegCreateKeyTransactedW
RegDeleteKeyTransactedW
FRegDeleteKeyExW
%s\%s\%s
cfg.ini
%s%sSCConfig.dat
@%s\%s
Software\Microsoft\Windows\CurrentVersion\Run
Advapi32.dll
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_DYN_DATA
HKEY_CURRENT_CONFIG

С½ç.exe_372_rwx_59A61000_00001000:




debug(%s)
FindExecutableImageEx-> Looking for %s...
file error 0x%x
FindDebugInfoFileEx-> Looking for %s...
FindExecutableImageEx-> Searching %s for %s...
YRECURSIVE %s
pdb error 0x%x
invalid executable image
dia error 0x%x
diaLocatePDB-> Looking for %s...
couldn't match name! disp=0x%x rva=0x%x addr=0x%I64x
Import Address Table
Bound Import
Import
Export
Windows CUI
Windows GUI
EXPORT
x`x
0x%s -
%d loaded modules...
Couldn't find process 0x%x
%s!%s

С½ç.exe_372_rwx_5AD71000_00001000:




UxTheme.dll

С½ç.exe_372_rwx_5D091000_00001000:




COMCTL32.dll

С½ç.exe_372_rwx_662B1000_00001000:




HKEY_CURRENT_CONFIG
HKEY_DYN_DATA
HKEY_PERFORMANCE_DATA
HKEY_USERS
HKEY_LOCAL_MACHINE
HKEY_CURRENT_USER
HKEY_CLASSES_ROOT
oleaut32.dll

С½ç.exe_372_rwx_68001000_00001000:




EExport
SExport
PSKEYS
WNetGetCachedPassword
WNetCachePassword
MPR.DLL
hSoftware\Microsoft\Cryptography\DESHashSessionKeyBackward
DefaultKeys
rsaenh.dll
RSA Full (Signature and Key Exchange)
key expansion
client write key
server write key
ole32.dll

С½ç.exe_372_rwx_68101000_00001000:




DSS Signature with Diffie-Hellman Key Exchange
dssenh.dll
PSKEYS
key expansion
client write key
server write key
ole32.dll
CRYPT32.dll
hForceKeyProtection
.DEFAULT
Software\Microsoft\Cryptography\UserKeys
Software\Microsoft\Cryptography\MachineKeys
Software\Microsoft\Cryptography\DSSUserKeys
hcrypt32.dll
PrivateKeyLifetimeSeconds
PrivKeyCachePurgeIntervalSeconds
PrivKeyCacheMaxItems
USERENV.dll
SHELL32.dll
RPCRT4.dll
Export Flag
MachineKeys






Remove it with Ad-Aware




    

  1. Click (here) to download and install Ad-Aware Free Antivirus.
    2. 

  2. Update the definition files.
    3. 

  3. Run a full scan of your computer.
    4. 





Manual removal*




    

  1. Terminate malicious process(es) (How to End a Process With the Task Manager):
    

    Ö»ÓÐÒ»¿ÅÌÇ¡Þ(Ë¢·ÖÖúÊÖ0329A).exe:1888
    %original file name%.exe:312
    С½ç.exe:868
    С½ç.exe:1552
    С½ç.exe:952
    С½ç.exe:1612
    С½ç.exe:2220
    

    2. 

  2. Delete the original Trojan file.
    3. 

  3. Delete or disinfect the following files created/modified by the Trojan:
    

    %System%\xiaojie.dll (15021 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Temp\Ö»ÓÐÒ»¿ÅÌÇ¡Þ(Ë¢·ÖÖúÊÖ0329A).exe (20507 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\Temp\С½ç.exe (5442 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\MBGD6PZ4\error[1].htm (8 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Cookies\72484533\Current_User@baidu[1].txt (198 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\error[1].jsp (2 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\s[1].htm (502 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\TFExecuter4\cfg.ini (84 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\cfg.ini (228 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Cookies\72484533\index.dat (400 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\dat1.tmp (18121 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\YO95U8Z4\m.baidu[1] (3833 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Cookies\44485791\Current_User@baidu[1].txt (198 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Cookies\44485791\index.dat (400 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\wap.baidu[1] (4979 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\MBGD6PZ4\iconfont_b2795733[1].eot (14826 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\YO95U8Z4\h5[1] (82 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\bl.dat.bak (6 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\MBGD6PZ4\f8[1] (164 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\blhash.dat.bak (2610 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\YO95U8Z4\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\blhash_6.5.dat[1].zip (96 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\cfg_6.5[1].ini (5 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\h1[1] (116 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\YO95U8Z4\h1[1] (121 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\MBGD6PZ4\desktop.ini (134 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\f8[1] (82 bytes)
    %Documents and Settings%\%current user%\Local Settings\History\History.IE5\desktop.ini (159 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\YO95U8Z4\bts.dat[1].zip (56 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\YO95U8Z4\6.5[1].xml (557 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\MBGD6PZ4\6.5[1].xml (557 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\MBGD6PZ4\h3[1] (93 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\f2[1] (1636 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\MBGD6PZ4\GlobalConfig_6.5[1].ini (2 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\cfg_6.5[1].ini (5 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\6.5[1].xml (557 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\log.txt (298 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\f11[1] (87 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\f8[1] (164 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\runtask.dat.bak (44 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\desktop.ini (134 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\SearchEngine_6.5[1].ini (3 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\YO95U8Z4\f8[1] (165 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\TFExecuter4\GlobalConfig.ini.bak (8 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\YO95U8Z4\bts_tmh.dat[1].zip (40 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\YO95U8Z4\f2[1] (1 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\bts_tm.dat.bak (248 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\TFExecuter4\HLR_cfg.ini.bak (20 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\GlobalConfig_6.5[1].ini (2 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\YO95U8Z4\runtask_6.5[1].dat (22 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\YO95U8Z4\adb0e35099b6dd9eb6e46a02122b8802a32be0ae01e70c1807b733e60b4e6e04ed73f9891bde58097fdfdd3c679c507fac58dc2d4f295190bb5172bb744225100eef4d02898aa62d0[1] (98 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\SearchEngine_6.5[2].ini (3 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\MBGD6PZ4\bl_6.5[1].dat (3 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\bts_tm.dat[1].zip (34 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\MBGD6PZ4\h1[1] (123 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\TFExecuter4\SearchEngine.ini.bak (12 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\bts.dat.bak (604 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\bts_tmh.dat.bak (292 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\210038335-【推薦】依然優雅,依然心閑│依[1] (6403 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\MBGD6PZ4\angular.min[1].js (5150 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\jquery.min[1].js (9896 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\MBGD6PZ4\spin.min[1].js (4 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\MBGD6PZ4\jquery.onAppear.min[1].js (1 bytes)
    %Documents and Settings%\%current user%\Cookies\index.dat (964 bytes)
    %Documents and Settings%\%current user%\Cookies\Current_User@pixnet[1].txt (132 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\210038335-【推薦】依然優雅,依然心閑│依[1].ht (3306 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\json2.min[1].js (570 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\210038335-【推薦】依然優雅,依然心閑│依[1].ht (5399 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\rs=ACT90oGzKbyXaRnPCWgVR4dBFQ9dV2gEnQ[1] (22564 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Cookies\62493216\[email protected][1].txt (387 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\YO95U8Z4\sem_ec74a174890fd99095cdb2ed3d3d4a87[2].js (5984 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\MBGD6PZ4\google.co[1].htm (4183 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\google.co[1].htm (4257 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\YO95U8Z4\sem_ec74a174890fd99095cdb2ed3d3d4a87[1].js (7041 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\YO95U8Z4\search[2].htm (4371 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\MBGD6PZ4\search[1] (11650 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\MBGD6PZ4\google.co[2].htm (4235 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Cookies\62493216\index.dat (400 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\MBGD6PZ4\search[1].htm (3455 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\rs=ACT90oGzKbyXaRnPCWgVR4dBFQ9dV2gEnQ[2] (25016 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\YO95U8Z4\search[1] (23815 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\YO95U8Z4\search[1].htm (4878 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\g.base.min.d4b78b0cc66c0fb232c3afe3c7dfb500[2].css (2676 bytes)
    %Documents and Settings%\%current user%\Cookies\[email protected][1].txt (570 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\site-nav.min.f7347e7700dc80bf77c1e42569fad86b[2].js (3 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\MBGD6PZ4\649a5074e678c2ca97609ade4c68ad5f,7820a44330e04c9718005bfa97e80bc8[1].js (1 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\index.min.8ac31320bcfe7b481dd8d413db31eaf3[2].css (13 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\CAWH67CT.gif (43 bytes)
    %Documents and Settings%\%current user%\Cookies\Current_User@dianping[1].txt (1157 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\MBGD6PZ4\local.min.8602861a2c191a9959f183138c097790[1].js (1 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\MBGD6PZ4\single[1].htm (5 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\index.min.8ac31320bcfe7b481dd8d413db31eaf3[1].css (2 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\MBGD6PZ4\footer.min.b89d87532d5fe16706082281d2eec4cc[2].css (666 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\version.min.v1461230441209[1].js (9780 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\MBGD6PZ4\649a5074e678c2ca97609ade4c68ad5f,7820a44330e04c9718005bfa97e80bc8[2].js (2 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\neuron-active.min.719ede6914677bb148848d46c52bcf6f[1].js (776 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\js[1].htm (2 bytes)
    %Documents and Settings%\%current user%\Cookies\Current_User@dianping[2].txt (884 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\CAWDUHRS.gif (43 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\suggest.min.ea3b7ce0b29712205015c66468da7d85[1].js (2 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\YO95U8Z4\dimension.min.f12f839642deedcc2ef8e2235f146031[2].js (2 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\header.min.8d916a7c8b91868f440fda20e528173d[1].js (1090 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\MBGD6PZ4\local.min.8602861a2c191a9959f183138c097790[2].js (2 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\g.base.min.d4b78b0cc66c0fb232c3afe3c7dfb500[1].css (1510 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\event-transfer.min.7ad4b4a30a314ba357f1f317a6d378fc[1].js (90 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\CAX8W3T9.gif (43 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\js[1].htm (2 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\YO95U8Z4\about.min.8f2982ea9f56354da9982ca882653b64[1].css (317 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\YO95U8Z4\category-nav.min.acf5f565141d66370a643a075d8df1f7[1].js (1 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\single[1].htm (5 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\YO95U8Z4\dimension.min.f12f839642deedcc2ef8e2235f146031[1].js (1 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\YO95U8Z4\about.min.8f2982ea9f56354da9982ca882653b64[2].css (693 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\YO95U8Z4\category-nav.min.acf5f565141d66370a643a075d8df1f7[2].js (3 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\afe6182c4f181e2d419ebec8c0026a69,e54951fd409a1f2680a457e395b90dc1,f000da58a69731e4d966b79f319a973f,95fa2a7fcd32a0420990036ef407e852[2].js (7 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\neuron-active.min.719ede6914677bb148848d46c52bcf6f[2].js (1814 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\contactus[1] (3014 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\tpl.min.681c5b24a9a215968286adb35ea9a1b4[1].js (854 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\YO95U8Z4\placeholder.min.8b8f8f355aeac43833c8c3ce9c141175[1].js (729 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\9161a9e2ca34898fc4cb45a141573644,08440f9945a0f99cbbcadce7d5b140bf,d684d059e36669bf219edb136c5b4221[1].js (3 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\single[2].htm (5 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\MBGD6PZ4\footer.min.b89d87532d5fe16706082281d2eec4cc[1].css (297 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\header.min.8d916a7c8b91868f440fda20e528173d[2].js (1119 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\afe6182c4f181e2d419ebec8c0026a69,e54951fd409a1f2680a457e395b90dc1,f000da58a69731e4d966b79f319a973f,95fa2a7fcd32a0420990036ef407e852[1].js (3 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\9161a9e2ca34898fc4cb45a141573644,08440f9945a0f99cbbcadce7d5b140bf,d684d059e36669bf219edb136c5b4221[2].js (8 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\single[1].htm (5 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\version.min.v1461230441209[2].js (15343 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\site-nav.min.f7347e7700dc80bf77c1e42569fad86b[1].js (1 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\YO95U8Z4\suggest.min.ea3b7ce0b29712205015c66468da7d85[1].js (1 bytes)
    %Documents and Settings%\%current user%\Cookies\[email protected][2].txt (285 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\MBGD6PZ4\dir-4b3wz4J28KrjQg[1].htm (1417 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\tongji[3].js (12 bytes)
    %Documents and Settings%\%current user%\UserData\YJM90VAL\xs.qinqinge[1].xml (266 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Cookies\67495783\Current_User@7pud[1].txt (457 bytes)
    %Documents and Settings%\%current user%\UserData\2Z89WTQV\xs.qinqinge[1].xml (266 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Cookies\67495783\Current_User@nr1234[1].txt (153 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\hm[1].js (392 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\tongji[2].js (493 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\CAIVG5QZ.gif (43 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Cookies\67495783\Current_User@5ip9[1].txt (215 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\xs.qinqinge[2] (12 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\MBGD6PZ4\float[1].js (137 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Cookies\67495783\[email protected][2].txt (181 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\CA98JU7J.gif (43 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\CA8PU5FG.gif (43 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Cookies\67495783\Current_User@qinqinge[1].txt (185 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\jquery.form[2].js (3004 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\flash[1].js (314 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Cookies\67495783\[email protected][2].txt (281 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\MBGD6PZ4\float[2].js (128 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\xs.qinqinge[2].htm (2 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Cookies\67495783\[email protected][1].txt (140 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\MBGD6PZ4\jquery.min[2].js (10581 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\mediashow[1].htm (1154 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\YO95U8Z4\hm[1].js (1717 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\YO95U8Z4\CAPOSB9X.gif (43 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\YO95U8Z4\flash[1].js (314 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\YO95U8Z4\window[1].js (129 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\CAG7RFA8.htm (862 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\common[1].js (478 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\tongji[1].js (249 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\style[1].css (1496 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\jquery.form[1].js (3741 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\xs.qinqinge[1] (5011 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\YO95U8Z4\window[2].js (116 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\CAEVO5OP.gif (43 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\style[2].css (1859 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\hm[2].js (354 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Cookies\67495783\[email protected][1].txt (164 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Cookies\67495783\[email protected][1].txt (185 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\xs.qinqinge[1].htm (7049 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\MBGD6PZ4\dir-4b3wz4J28KrjQg[1].html (1395 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Cookies\67495783\index.dat (4668 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Cookies\67495783\Current_User@7pud[2].txt (308 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\MBGD6PZ4\jquery.min[1].js (12759 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Cookies\67495783\Current_User@linezing[1].txt (169 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\common[2].js (1 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\MBGD6PZ4\CAGXYZ0H.htm (862 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\YO95U8Z4\mediashow[1].htm (1154 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\YO95U8Z4\hm[2].js (661 bytes)
    %Documents and Settings%\%current user%\Cookies\Current_User@360[1].txt (212 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\YO95U8Z4\hao.360[1].htm (6597 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\MBGD6PZ4\yingying[1].html (1090 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\car[1] (776 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\YO95U8Z4\car[1].htm (13 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\YO95U8Z4\hao360[1].eot (50 bytes)
    %Documents and Settings%\%current user%\Cookies\Current_User@360[2].txt (366 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\0LANWXI7\253c424d7db0436b,a0c99209afc03502[1].css (10 bytes)
    %Documents and Settings%\%current user%\Application Data\LSinglePro\Temporary Internet Files\Content.IE5\LKQH80V5\8a60aae81b5f422b[1].css (2 bytes)
    

    4. 

  4. Delete the following value(s) in the autorun key (How to Work with System Registry):
    

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
    "GuaZhuan" = "C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\Temp\С½ç.exe -autorun"
    

    5. 

  5. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
    6. 

  6. Reboot the computer.
    7. 



*Manual removal may cause unexpected system behaviour and should be performed at your own risk.












 
 




 
No votes yet












				


							


			

				
					  
							

		

		


					
							

	

	
	        


	

        
      
 

      
      

      
    
 

    
  
 

		


		

		
			

			

				

					Lavasoft is the maker of Ad-Aware,
					the world's most popular anti-malware 
					software with over 450 million 
					downloads.
				

				

					© 2026 Lavasoft. All rights reserved.

					Terms Of Use |   Privacy Policy
					


								

			


		

		


	

	
	

	

		x
		
Our best antivirus yet!

		
Fresh new look. Faster scanning. Better protection.

		

			
Enjoy unique new features, lightning fast scans and a simple yet beautiful new look in our best antivirus yet!

			
For a quicker, lighter and more secure experience, download the all new adaware antivirus 12 now!

			
			Download adaware antivirus 12
		

		No thanks, continue to lavasoft.com
	

	

		

			close x
			
Discover the new adaware antivirus 12

			
Our best antivirus yet

			Download Now