Trojan-Downloader.Win32.Moure_ab7973eb5f

by malwarelabrobot on May 26th, 2016 in Malware Descriptions.

Trojan-Downloader.Win32.Moure.FD, mzpefinder_pcap_file.YR (Lavasoft MAS)
Behaviour: Trojan-Downloader, Trojan


The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Requires JavaScript enabled!

Summary
Dynamic Analysis
Static Analysis
Network Activity
Map
Strings from Dumps
Removals

MD5: ab7973eb5f9af4e9e65e63b9a82c42c4
SHA1: e6317815e6c8b0bad87a0600d8c8262131f254cd
SHA256: e4913037e0bce3301be39039f541dec2d034ba829f12b49b906289cc4d9d01cb
SSDeep: 49152:ZuuE7AnqIxGrGYyZa/tgrYJUGfZC3wA6EylfwEaFWd:7E7AqrlyutLxC3sEwwMd
Size: 2383432 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: Sogou.com Inc.
Created at: 2016-04-18 16:10:46
Analyzed on: WindowsXP SP3 32-bit


Summary:

Trojan-Downloader. Trojan program, which downloads files from the Internet without user's notice and executes them.

Payload

No specific payload has been found.

Process activity

The Trojan-Downloader creates the following process(es):

ThunderFW.exe:1064
UpdateService.exe:832
UpdateService.exe:1364
ExternalApp.exe:404
minidownload.exe:224
regsvr32.exe:1688
%original file name%.exe:1432
MiniTPFw.exe:976

The Trojan-Downloader injects its code into the following process(es):

SogouSoftware.exe:1416
MiniThunderPlatform.exe:968

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process SogouSoftware.exe:1416 makes changes in the file system.
The Trojan-Downloader creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\link[4].png (392 bytes)
%Documents and Settings%\%current user%\Application Data\SogouSoftware\data\cache\LocalInfo.xml (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\SogouSoftwareExternalApp[1].exe (1090658 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\recommend[1].css (145 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\ie-css3[1].htc (5022 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\link[2].png (2435 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\link[5].png (3175 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\ie-css3[1].htc (1012 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SuiteDownloader20160222153349.exe (119919 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\381427456234840[1].jpg (17344 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\link[3].png (6116 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\link[1].jpg (5873 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\link[4].png (13048 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\link[1].png (8672 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\link[2].png (2535 bytes)
%Documents and Settings%\%current user%\Application Data\SogouSoftware\data\cache\PCID.xml (685 bytes)
%Documents and Settings%\%current user%\Application Data\SogouSoftware\data\sogousoftware.db (149 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\loading[1].gif (568 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\scroll[1].js (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\link[2].png (2730 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@sogou[1].txt (494 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\link[1].png (1789 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\jquery-1.7.2.min[1].js (37173 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\link[1].png (9045 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\link[3].png (3359 bytes)
%Documents and Settings%\%current user%\Application Data\SogouSoftware\data\cache\SilentParaReponse.xml (97 bytes)
%Documents and Settings%\%current user%\Application Data\-5561624350552157631_4848.png (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\741430117543639[1].png (22604 bytes)
%Documents and Settings%\%current user%\Application Data\SogouSoftware\data\sogousoftware.db-journal (86 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\jquery-1.11.1.min[1].js (41557 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\link[1].png (5635 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\ranking-ico[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\ranking[1].css (73 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\SG.jpeg (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\link[2].png (2009 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\link[4].png (776 bytes)
%Documents and Settings%\%current user%\Application Data\SogouSoftware\data\cache\NewVersionReponse.xml (1 bytes)
%Program Files%\SogouSoftware\tmp\ExternalApp.exe (684687 bytes)
%Documents and Settings%\%current user%\Application Data\SogouSoftware\data\cache\OnlineIconReponse.xml (359 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (964 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\CC1430117533187[1].png (15244 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\10344[1].jpg (628 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\link[3].png (1420 bytes)
%Documents and Settings%\%current user%\Application Data\SogouSoftware\data\cache\SoftInfo.xml (809 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\SuiteDownloader20160222153349[1].exe (249517 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\ranking-ico[1].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\desktop.ini (67 bytes)

The Trojan-Downloader deletes the following file(s):

%Documents and Settings%\%current user%\Application Data\SogouSoftware\data\sogousoftware.db-journal (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\link[2].png (0 bytes)
%Program Files%\SogouSoftware\tmp\ExternalApp.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\ie-css3[1].htc (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\ranking-ico[1].png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\link[1].png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\link[1].png (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@sogou[2].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\ranking-ico[1].png (0 bytes)

The process ExternalApp.exe:404 makes changes in the file system.
The Trojan-Downloader creates and/or writes to the following file(s):

%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\menu_item.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\search_bar_act.png (17 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\beginbtn.png.svn-base (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\install_driver.gif (1568 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\ins_progress_bk.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\ins_app2phone.png.svn-base (16 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\item_icon.png.svn-base (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\DrvInst32\.svn\text-base\DrvInst_x86.exe.svn-base (10321 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\7.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\3.0.0.0\.svn\entries (582 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\1.png.svn-base (18 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\1.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\logo.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\loading.gif.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\combo_simple.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\combo_simple_up.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\menu_item.png (3 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\finishbtn.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\icon_success.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\ScrollBar\.svn\text-base\scrollH.png.svn-base (909 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\uninstall_hov.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\ins_title.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\update_confirm_dlg.xml (2 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\info_icon.png.svn-base (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\continuebtn.png (819 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\combo_sel.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\feedback_act.png (17 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\update_hand.png.svn-base (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\phone_connected.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\combo_sel.png (347 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\item_icon_4.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\down_smt.png (3 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\menu_item.png.svn-base (3 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\button.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\ins_ready.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\follow_tip.png.svn-base (1 bytes)
%Program Files%\SogouSoftware\update\SogouPDAInfo.sqlite3 (3624 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\phone_unconnected.png.svn-base (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\apk.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\scroll_trs.png.svn-base (938 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\logo.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\progress_pause.png.svn-base (17448 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\setting_nor.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\ScrollBar\.svn\prop-base\scrollH.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\.svn\all-wcprops (140 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\feedback_dwn.png.svn-base (17 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\3.0.0.0\apktool.ini (44 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\bigbtn_shadow.png (3 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\Õýʽ°æÑ¡ÖÐ״̬.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\close_dwn.png (17 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\item_icon2.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\button140.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\button.png.svn-base (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\2.png (18 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\ready_icon.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\3.0.0.0\.svn\text-base\apktool.ini.svn-base (44 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\.svn\text-base\upgrade_beta_list_item.xml.svn-base (5 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\smalldlg_shadow.png.svn-base (3 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\SogouApkTool.exe (48424 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\.svn\text-base\update_dlg.xml.svn-base (3 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\DrvInst32\.svn\entries (578 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\progress_fore.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\close_search.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\item_icon_5.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\menubtn.png (3 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\closebtn.png.svn-base (4 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\ins_app2phone.png (16 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\combo_simple_up.png (15 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\menu_bk.png.svn-base (2 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\combo_right.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\progress_pause.png (17448 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\downloading.gif (7 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\guide_smt.png (2712 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\logo.png.svn-base (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\GIF\.svn\entries (435 bytes)
%Program Files%\SogouSoftware\manifest.cfg (30 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\uninstall_hov.png.svn-base (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\item_icon2.png.svn-base (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\closebtn_normal.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\download_bind_checkbox.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\down_smt.png.svn-base (3 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\dlgClose_dwn.png (1 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Èí¼þÖúÊÖ\Èí¼þÖúÊÖ.lnk (734 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\continuebtn_small.png.svn-base (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\download_bind_checkbox.png.svn-base (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\.svn\text-base\group_list_item.xml.svn-base (693 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\setting_act.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\phone_unconnected.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\shy.png (5 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\dlg_feedback.xml (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\ConfirmDlg.xml.svn-base (2 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\MySoftwareManager.xml (24 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\apk.png.svn-base (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\.svn\text-base\AdbWinApi.dll.svn-base (4250 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\6.png.svn-base (18 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\recommend_hov.png.svn-base (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\beginbtn.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\DrvInst64\.svn\entries (578 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\4.png.svn-base (18 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\btn_3state.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\ConfirmDlg.xml (2 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\ins_app2phone.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\smalldlg_shadow.png (3 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\web_external_browser_dlg.xml (318 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\connect_dev.png.svn-base (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\item_icon_4.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\combo_mask.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\all_updated.png (9 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\DrvInst64\.svn\prop-base\DIFxAPI.dll.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\progress_fore.png.svn-base (15817 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\ins_progress_bg.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\.svn\text-base\uninstall_list_item.xml.svn-base (3 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\allow_debug.png.svn-base (2712 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\format (2 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\progress_bk.png (17660 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\.svn\prop-base\SogouPhoneService.exe.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\.svn\text-base\update_dlg_otherfont.xml.svn-base (3 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\option_bk.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\wait_dev.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\combo_mid.png.svn-base (939 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\.svn\text-base\SogouPhoneService.exe.svn-base (22004 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\DrvInst64\.svn\text-base\DIFxAPI.dll.svn-base (11174 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\combo.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\SogouPhoneService.exe (22004 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\search_bar_act_focus.png.svn-base (17 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\closebtn_active.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\button160.png.svn-base (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\CommonState.dll (2228 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\ins_app2phone_arrow.png.svn-base (2 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\download_hov.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\button160.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\combo.png.svn-base (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\scroll_bk.png.svn-base (3 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\2.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\ins_progress_bg.png.svn-base (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\Ñ¡ÖÐ̬.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\dlg_settings.xml (6 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\7.png.svn-base (18 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\AdbWinApi.dll (4250 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\closebtn.png (4 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\setting_dwn.png (18 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\search_bar_act.png.svn-base (17 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\search_bar_nor.png.svn-base (18 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\search_delete.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\group_list_item.xml (693 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\.svn\text-base\upgrade_stable_list_item.xml.svn-base (5 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\search_bar_act_focus.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\scroll_thu.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\check.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\upgrade_beta_list_item.xml (5 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\tab_bk.png (2 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\close_act.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\3.0.0.0\SogouPDAInfo.sqlite3 (3624 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\update_info.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\.svn\text-base\update_list_dlg.xml.svn-base (5 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\progress_pause.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\smallbtn_shadow.png (3 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\smallbtn.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\tab.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\update_nor.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\GIF\.svn\prop-base\loading.gif.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\closebtn_hover.png.svn-base (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\classify_btn_pushed.png.svn-base (130 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\ScrollBar\scroll.png (13 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\3.0.0.0\Temp\ApkIcons\.svn\entries (314 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\ins_title.png.svn-base (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\ready_icon.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\confirm_bk.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\update_dwn.png.svn-base (18 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\smallbtn_shadow.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\warning_icon.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\dlgClose_nor.png.svn-base (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\closebtn_active.png.svn-base (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\radio.png.svn-base (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\progress_fore.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\.svn\entries (1 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Èí¼þÖúÊÖ\жÔØÈí¼þÖúÊÖ.lnk (501 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\install_driver.gif.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\DrvInst32\.svn\text-base\DIFxAPI.dll.svn-base (12309 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\newbutton.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\feedback_act.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\ready_icon.png.svn-base (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\downloading.gif.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\9 .png.svn-base (18 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\logo3636.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\close_act.png (17 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\search_bar_nor.png (18 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\tab_bk.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\8.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\upgrade_ignore_list_item.xml (3 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\DrvInst64\DIFxAPI.dll (11174 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\left_btn_mask.png.svn-base (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\tooltips_dlg.xml (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\item_icon_5.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\combo_right.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\newbutton.png.svn-base (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\loading.gif.svn-base (2 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\Ñ¡ÖÐ̬.png (17 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\info.png.svn-base (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\progress_fore.png.svn-base (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\ins_banner.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\3.png.svn-base (18 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\Õýʽ°æÑ¡ÖÐ״̬.png (15476 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\3.0.0.0\Temp\ApkIcons\.svn\format (2 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\all-wcprops (12 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\tab.png.svn-base (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\9.png (18 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\progress_bk.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\.svn\text-base\MySoftwareManager.xml.svn-base (24 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\phone_normal.png.svn-base (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\upgrade_stable_list_item.xml (5 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\white.png.svn-base (163 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\recommend_selected.png.svn-base (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\.svn\text-base\download_list_item.xml.svn-base (2 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\update_nor.png.svn-base (18 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\bottombk.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\DrvInst32\.svn\prop-base\DIFxAPI.dll.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\ins_progress.gif (9 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\3.0.0.0\Temp\.svn\format (2 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\combo_left.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\ins_app2phone_arrow.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\combo_sel.png.svn-base (347 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\dlgClose_act.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\ins_ready.png.svn-base (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\info.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\.svn\entries (3 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\bigbtn_shadow.png.svn-base (3 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\download_bind_list_item.xml (2 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\info_icon.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\item_icon2.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\setting_act.png (18 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\connect_dev.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\USB.png (7 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\feedback_dwn.png (17 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\Õýʽ°æÑ¡ÖÐ״̬.png.svn-base (15476 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\ins_progress.gif.svn-base (9 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\.svn\text-base\aapt.exe.svn-base (22008 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\dlgshadow.png.svn-base (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\radio.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\download_bind_bg.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\closebtn_hover.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\hover̬.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\grin.png (24 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\apostrophe.gif.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\dlgClose_dwn.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\combo_hot.png (350 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\GIF\.svn\all-wcprops (303 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\logo4848default.png.svn-base (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\search_bar_nor.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\closebtn_active.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\close_search.png.svn-base (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\progress_fore.gif (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\uninstall_nor.png.svn-base (18 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\phone_unconnected.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\.svn\format (2 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\update_info.png.svn-base (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\closebtn_normal_dlg.png (415 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\download_nor.png (18 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\entries (11 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\grin.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\recommend_selected.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\smallbtn.png.svn-base (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\item_icon.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\shy.png.svn-base (5 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\phone_normal.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\scroll_thu.png (2 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\3.0.0.0\.svn\format (2 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\check.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\6.png (18 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\ËÑË÷ɾ³ý.png (17 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\menu.xml.svn-base (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\close_dwn.png.svn-base (17 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\btn_3state.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\dlgshadow.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\GIF\.svn\text-base\loading.gif.svn-base (494 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\.svn\format (2 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\connect_dev.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\8.png (18 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\7.png (18 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\continuebtn_small.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\tooltip.png (2 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\6.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\scroll_trs.png (938 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\download_dwn.png (18 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\update_hov.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\scroll_thu.png.svn-base (2 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\logo4848default.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\.svn\text-base\update_list_dlg_otherfont.xml.svn-base (5 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\all-wcprops (13 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\item_icon_3.png.svn-base (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\ApkTool.xml.svn-base (1568 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\info_icon.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\downloading.gif.svn-base (7 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\download_bind_bg.png.svn-base (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\2.png.svn-base (18 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\check.png.svn-base (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\dlgshadow.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\smallbtn_shadow.png.svn-base (3 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\DrvInst32\.svn\prop-base\DrvInst_x86.exe.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\update_hov.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\update_hov.png.svn-base (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\update_nor.png (18 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\.svn\text-base\download_bind_list_item.xml.svn-base (2 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\phone_normal.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\9 .png (18 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\soft_search_list.xml (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\menubtn.png.svn-base (3 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\recommend_hov.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\closebtn_hover.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\DrvInst64\.svn\all-wcprops (485 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\setting_dwn.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\combo_mask.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\dlgClose_act.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\button160.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\apostrophe.gif.svn-base (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\beginexp.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\combo_simple_up.png.svn-base (15 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\AdbWinUsbApi.dll (2628 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\ËÑË÷ɾ³ý.png.svn-base (17 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\feedback_nor.png.svn-base (17 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\.svn\prop-base\AdbWinApi.dll.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\.svn\text-base\dlg_settings.xml.svn-base (6 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\tips_down.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\dlgClose_dwn.png.svn-base (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\logo4848default.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\warning_icon.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\phone_connected.png.svn-base (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\combo_left.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\continuebtn.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\ScrollBar\scrollH.png (909 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\confirm_closebtn.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\.svn\text-base\dlg_feedback.xml.svn-base (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\confirm_closebtn.png.svn-base (4 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\dlgClose_act.png.svn-base (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\8.png.svn-base (18 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\close_nor.png (17 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\3.0.0.0\.svn\prop-base\SogouPDAInfo.sqlite3.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\item_icon_3.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\.svn\prop-base\adbdll.dll.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\option_bk.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\follow_tip.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\tips.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\uninstall_nor.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\uninstall_dwn.png (18 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\menu_bk.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\ins_confirm.png (632 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\.svn\format (2 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\.svn\text-base\recommend_classify_table.xml.svn-base (4 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\android_ver.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\bigbtn_shadow.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\GIF\loading.gif (494 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\close_search.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\wait_dev.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\closebtn_normal_dlg.png.svn-base (415 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\menu.xml (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\search_bar_act_focus.png (17 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\USB.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\logo3636.png.svn-base (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\closebtn_normal.png.svn-base (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\ins_confirm.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\uninstall_dwn.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\all_updated.png.svn-base (9 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\uninstall_dwn.png.svn-base (18 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\tips_down.png.svn-base (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\DrvInst32\DrvInst_x86.exe (10321 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\continuebtn_small.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\combo_simple.png.svn-base (285 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\closebtn_normal_dlg.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\combo_simple.png (285 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\guide_smt.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\DrvInst64\.svn\format (2 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\closebtn_normal.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\smalldlg_shadow.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\uninstall_list_item.xml (3 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\button.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\magnifier_search.png.svn-base (1 bytes)
%Documents and Settings%\All Users\Desktop\Èí¼þÖúÊÖ.lnk (720 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\download_nor.png.svn-base (18 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\recommend_selected.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\.svn\prop-base\aapt.exe.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\tooltip.png.svn-base (2 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\finishbtn.png.svn-base (817 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\APKlogo.ico (2610 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\close_nor.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\scroll_bk.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\warning_icon.png.svn-base (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\GIF\.svn\format (2 bytes)
%Program Files%\SogouSoftware\3.1.13.88\IEHint.dll (10060 bytes)
%Program Files%\SogouSoftware\3.1.13.88\SogouSoftware.dll (28329 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\feedback_nor.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\grin.png.svn-base (24 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\Ñ¡ÖÐ̬.png.svn-base (17 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\update_hand.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\apk.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\search_delete.png.svn-base (17 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\left_btn_mask.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\APKlogo.ico.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\smallbtn.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\uninstall_nor.png (18 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\format (2 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\default_pkgicon.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\.svn\text-base\AdbWinUsbApi.dll.svn-base (2628 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\5.png (18 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\update_dwn.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\follow_tip.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\closebtn.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\feedback_nor.png (17 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\setting_nor.png.svn-base (18 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\combo_left.png.svn-base (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\ins_confirm.png.svn-base (632 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\magnifier_search.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\DuiLib.dll (20357 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\logo3636.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\entries (10 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\download_bind_bg.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\.svn\text-base\SogouAapt.exe.svn-base (24085 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\confirm_dlg.xml (2 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\phone_connected.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\.svn\text-base\upgrade_ignore_list_item.xml.svn-base (3 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\menubtn.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\adbdll.dll (2430 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\setting_dwn.png.svn-base (18 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\all_updated.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\ins_ready.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\4.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\allow_debug.png (2712 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\confirm_bk.png.svn-base (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\ins_app2phone_arrow.png (2 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\loading.gif (2 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\combo_mid.png (939 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\tips_down.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\dlgClose_nor.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\5.png.svn-base (18 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\progress_bk.png.svn-base (952 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\DrvInst32\.svn\all-wcprops (485 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\4.png (18 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\checkbox.png.svn-base (3 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\close_act.png.svn-base (17 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\checkbox.png (3 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\button.png.svn-base (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\download_list_item.xml (2 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\3.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\DrvInst32\.svn\format (2 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\DrvInst64\DrvInst_x64.exe (10382 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\APKlogo.ico.svn-base (2610 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\ins_banner.png.svn-base (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\9.png.svn-base (18 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\close_dwn.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\setting_act.png.svn-base (18 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\recommend_classify_table.xml (4 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\continuebtn.png.svn-base (819 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\update_list_dlg.xml (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu4.tmp\System.dll (11 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\3.0.0.0\Temp\.svn\entries (320 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\3.0.0.0\.svn\all-wcprops (488 bytes)
%Program Files%\SogouSoftware\3.1.13.88\sqlite3.dll (10053 bytes)
%Program Files%\SogouSoftware\3.1.13.88\IEHint64.dll (11293 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\aapt.exe (22008 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\download_nor.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\wait_dev.png.svn-base (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\ins_progress.gif.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\item_icon_4.png.svn-base (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\left_btn_mask.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\tooltip.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\npdownload64.dll (9670 bytes)
%Program Files%\SogouSoftware\update\USBDT.dll (14494 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\uninstall_hov.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\update\UpdateService.exe (6875 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\combo.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\android_ver.png.svn-base (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\update_dlg_otherfont.xml (3 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\combo_hot.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\default_pkgicon.png (2 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\info.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\ScrollBar\.svn\format (2 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\ScrollBar\.svn\entries (576 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\bottombk.png.svn-base (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\9.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\.svn\text-base\tooltips_dlg.xml.svn-base (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\download_hov.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\setting_nor.png (18 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\.svn\prop-base\AdbWinUsbApi.dll.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\.svn\prop-base\SogouAapt.exe.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\android_ver.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\.svn\text-base\confirm_dlg.xml.svn-base (2 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\.svn\text-base\web_external_browser_dlg.xml.svn-base (318 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\classify_btn_pushed.png (130 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\3.0.0.0\Temp\.svn\all-wcprops (146 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\progress_fore.gif.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\button.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\ins_banner.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\ScrollBar\.svn\all-wcprops (484 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\white.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\update_info.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\progress_fore.gif.svn-base (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\beginexp.png.svn-base (1 bytes)
%Program Files%\SogouSoftware\Èí¼þÖúÊÖ.lnk (1284 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\tab_bk.png.svn-base (2 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\confirm_bk.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\white.png (163 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\progress_fore.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\allow_debug.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\combo_right.png.svn-base (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\edit.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\hover̬.png.svn-base (17 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\guide_smt.png.svn-base (2712 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\.svn\all-wcprops (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\menu_bk.png (2 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\recommend_hov.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\update_list_dlg_otherfont.xml (5 bytes)
%Program Files%\SogouSoftware\3.1.13.88\npdownload.dll (8591 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\finishbtn.png (817 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\confirm_closebtn.png (4 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\.svn\text-base\update_confirm_dlg.xml.svn-base (2 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\DrvInst64\.svn\text-base\DrvInst_x64.exe.svn-base (10382 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\feedback_act.png.svn-base (17 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\magnifier_search.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\progress_bk.png.svn-base (17660 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\shy.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\button140.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\DrvInst32\DIFxAPI.dll (12309 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\default_pkgicon.png.svn-base (2 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\9 .png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\icon_success.png.svn-base (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\combo_mask.png.svn-base (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\download_dwn.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\install_driver.gif.svn-base (1568 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\checkbox.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\.svn\text-base\adbdll.dll.svn-base (2430 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\button.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\edit.png.svn-base (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\scroll_trs.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\3.0.0.0\.svn\text-base\SogouPDAInfo.sqlite3.svn-base (3624 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\.svn\text-base\downloadComplete_list_item.xml.svn-base (4 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\option_bk.png.svn-base (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\item_icon_3.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\down_smt.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\scroll_bk.png (3 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\5.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\feedback_dwn.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\ins_progress_bk.png.svn-base (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\ScrollBar\.svn\prop-base\scroll.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\close_nor.png.svn-base (17 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\ins_progress_bg.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\1.png (18 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\download_bind_checkbox.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\tab.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\progress_bk.png (952 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\search_bar_act.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\beginbtn.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\download_dwn.png.svn-base (18 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\tips.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\download_hov.png.svn-base (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\btn_3state.png.svn-base (1 bytes)
%Program Files%\SogouSoftware\uninst.exe (794 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\item_icon_5.png.svn-base (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\3.0.0.0\Temp\ApkIcons\.svn\all-wcprops (155 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\item_icon.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\ins_progress_bk.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\ApkTool.xml (1568 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\search_delete.png (17 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\radio.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\ËÑË÷ɾ³ý.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\button140.png.svn-base (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\apostrophe.gif (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\update_hand.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\update_dwn.png (18 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\.svn\entries (314 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\update_dlg.xml (3 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\combo_mid.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\hover̬.png (17 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\icon_success.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\progress_fore.png (15817 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\.svn\all-wcprops (3 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\classify_btn_pushed.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\.svn\text-base\soft_search_list.xml.svn-base (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\ins_title.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\beginexp.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\DrvInst64\.svn\prop-base\DrvInst_x64.exe.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\combo_hot.png.svn-base (350 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\3.png (18 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\ScrollBar\.svn\text-base\scroll.png.svn-base (13 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\newbutton.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\downloadComplete_list_item.xml (4 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\dlgClose_nor.png (1 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\progress_bk.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\edit.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\SogouAapt.exe (24085 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\bottombk.png.svn-base (53 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\USB.png.svn-base (7 bytes)
%Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\tips.png.svn-base (1 bytes)

The Trojan-Downloader deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsu4.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk3.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu4.tmp\System.dll (0 bytes)
%Program Files%\SogouSoftware\Èí¼þÖúÊÖ.lnk (0 bytes)

The process MiniThunderPlatform.exe:968 makes changes in the file system.
The Trojan-Downloader creates and/or writes to the following file(s):

%Documents and Settings%\All Users\Application Data\Thunder Network\DownloadLib\pub_store.dat (405 bytes)
%Documents and Settings%\All Users\Application Data\Thunder Network\Mini_downloadlib\ODAwMDAzNzI=\Version_3_2_1_42\Profiles\stat.dat (20 bytes)
%Documents and Settings%\All Users\Application Data\Thunder Network\Mini_downloadlib\ODAwMDAzNzI=\Version_3_2_1_42\Profiles\error.dat (283 bytes)
%Documents and Settings%\All Users\Application Data\Thunder Network\Mini_downloadlib\ODAwMDAzNzI=\Version_3_2_1_42\Profiles\asyn_frame.dat (909 bytes)
%Documents and Settings%\All Users\Application Data\Thunder Network\Mini_downloadlib\ODAwMDAzNzI=\200U (39 bytes)
%Documents and Settings%\All Users\Application Data\Thunder Network\Mini_downloadlib\ODAwMDAzNzI=\Version_3_2_1_42\Profiles\download.cfg (1007 bytes)

The process minidownload.exe:224 makes changes in the file system.
The Trojan-Downloader creates and/or writes to the following file(s):

%Program Files%\SogouSoftware\download\download\.svn\prop-base\atl71.dll.svn-base (53 bytes)
%Program Files%\SogouSoftware\download\download\.svn\text-base\msvcp71.dll.svn-base (10930 bytes)
%Program Files%\SogouSoftware\download\download\ThunderFW.exe (3053 bytes)
%Program Files%\SogouSoftware\download\download\.svn\text-base\id.dat.svn-base (40 bytes)
%Program Files%\SogouSoftware\download\download\.svn\all-wcprops (1 bytes)
%Program Files%\SogouSoftware\download\download\.svn\prop-base\download_engine.dll.svn-base (53 bytes)
%Program Files%\SogouSoftware\SogouSoftwareLoader.dll (11043 bytes)
%Program Files%\SogouSoftware\download\download\.svn\prop-base\MiniTPFw.exe.svn-base (53 bytes)
%Program Files%\SogouSoftware\download\download\.svn\text-base\MiniThunderPlatform.exe.svn-base (7951 bytes)
%Program Files%\SogouSoftware\download\download\.svn\entries (1 bytes)
%Program Files%\SogouSoftware\download\download\.svn\prop-base\MiniThunderPlatform.exe.svn-base (53 bytes)
%Program Files%\SogouSoftware\download\xldl.dll (9424 bytes)
%Program Files%\SogouSoftware\download\download\.svn\prop-base\zlib1.dll.svn-base (53 bytes)
%Program Files%\SogouSoftware\download\download\.svn\format (2 bytes)
%Program Files%\SogouSoftware\download\download\.svn\text-base\download_engine.dll.svn-base (75696 bytes)
%Program Files%\SogouSoftware\download\download\.svn\text-base\msvcr71.dll.svn-base (12773 bytes)
%Program Files%\SogouSoftware\download\download\msvcp71.dll (10930 bytes)
%Program Files%\SogouSoftware\download\download\MiniThunderPlatform.exe (7951 bytes)
%Program Files%\SogouSoftware\SogouSoftware.exe (6861 bytes)
%Program Files%\SogouSoftware\crash\.svn\entries (440 bytes)
%Program Files%\SogouSoftware\download\download\.svn\prop-base\ThunderFW.exe.svn-base (53 bytes)
%Program Files%\SogouSoftware\download\download\id.dat (40 bytes)
%Program Files%\SogouSoftware\crash\.svn\prop-base\ExceptionReport.exe.svn-base (53 bytes)
%Program Files%\SogouSoftware\download\download\.svn\prop-base\msvcr71.dll.svn-base (53 bytes)
%Program Files%\SogouSoftware\download\download\download_engine.dll (75696 bytes)
%Program Files%\SogouSoftware\download\download\zlib1.dll (3170 bytes)
%Program Files%\SogouSoftware\crash\.svn\all-wcprops (301 bytes)
%Program Files%\SogouSoftware\download\download\.svn\text-base\dl_peer_id.dll.svn-base (2910 bytes)
%Program Files%\SogouSoftware\download\download\.svn\prop-base\dl_peer_id.dll.svn-base (53 bytes)
%Program Files%\SogouSoftware\download\download\msvcr71.dll (12773 bytes)
%Program Files%\SogouSoftware\crash\.svn\format (2 bytes)
%Program Files%\SogouSoftware\crash\ExceptionReport.exe (3718 bytes)
%Program Files%\SogouSoftware\download\download\MiniTPFw.exe (1633 bytes)
%Program Files%\SogouSoftware\download\download\.svn\text-base\atl71.dll.svn-base (2201 bytes)
%Program Files%\SogouSoftware\download\download\.svn\text-base\ThunderFW.exe.svn-base (3053 bytes)
%Program Files%\SogouSoftware\download\download\.svn\prop-base\msvcp71.dll.svn-base (53 bytes)
%Program Files%\SogouSoftware\crash\.svn\text-base\ExceptionReport.exe.svn-base (3718 bytes)
%Program Files%\SogouSoftware\download\download\.svn\text-base\MiniTPFw.exe.svn-base (1633 bytes)
%Program Files%\SogouSoftware\download\download\atl71.dll (2201 bytes)
%Program Files%\SogouSoftware\download\download\dl_peer_id.dll (2910 bytes)
%Program Files%\SogouSoftware\download\download\.svn\text-base\zlib1.dll.svn-base (3170 bytes)

The Trojan-Downloader deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsr1.tmp (0 bytes)

The process regsvr32.exe:1688 makes changes in the file system.
The Trojan-Downloader creates and/or writes to the following file(s):

%System%\GroupPolicy\gpt.ini (315 bytes)
%System%\GroupPolicy\Machine\Registry.pol (268 bytes)

The process %original file name%.exe:1432 makes changes in the file system.
The Trojan-Downloader creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\desktop.ini (159 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (1928 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@sogou[1].txt (124 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\minidownload.exe (12289 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@sogou[2].txt (309 bytes)

The Trojan-Downloader deletes the following file(s):

%Documents and Settings%\%current user%\Cookies\Current_User@sogou[1].txt (0 bytes)

Registry activity

The process ThunderFW.exe:1064 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "22 E3 E7 16 EE 67 C5 0F EE 40 61 ED BE 16 CF 4E"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Program Files%\SogouSoftware\download\download]
"MiniThunderPlatform.exe" = "%Program Files%\SogouSoftware\download\download\MiniThunderPlatform.exe:*:Enabled:MiniThunderPlatform2016-05-2513:00:59"

The process SogouSoftware.exe:1416 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKCU\Software\SogouSoftware\Download\BindSoft\pcmgr]
"UITotalShowTime" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "1460984650"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016052520160526]
"CacheLimit" = "8192"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKU\S-1-5-19_CLASSES\SOFTWARE\SogouSoftware\Download\BindSoft\pcmgr]
"UITotalShowTime" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016052520160526]
"CachePrefix" = ":2016052520160526:"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"@xpsp3res.dll,-20001" = "Diagnose Connection Problems..."

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKU\S-1-5-19\Software\SogouSoftware\Download\BindSoft\pcmgr]
"ShowUITime" = "Type: REG_QWORD, Length: 8"

[HKU\S-1-5-20\Software\SogouSoftware\Download\BindSoft\pcmgr]
"ShowUITime" = "Type: REG_QWORD, Length: 8"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016052520160526]
"CachePath" = "%USERPROFILE%\Local Settings\History\History.IE5\MSHist012016052520160526\"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKU\.DEFAULT\Software\SogouSoftware\Download\BindSoft\pcmgr]
"ShowUITime" = "Type: REG_QWORD, Length: 8"

[HKCU\Software\Classes\Software\SogouSoftware\Download\BindSoft\pcmgr]
"UITotalShowTime" = "1"
"ShowUITime" = "Type: REG_QWORD, Length: 8"

[HKCU\Software\SogouSoftware]
"GetPopupRecommendConfigByOnlineInterval" = "3600"

[HKU\S-1-5-20\Software\SogouSoftware\Download\BindSoft\pcmgr]
"UITotalShowTime" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKU\.DEFAULT\Software\SogouSoftware\Download\BindSoft\pcmgr]
"UITotalShowTime" = "1"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\SogouSoftware\tmp]
"ExternalApp.exe" = "软件助手安装包"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1C 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\SogouSoftware]
"FirstRun" = "1"

[HKU\S-1-5-20_CLASSES\SOFTWARE\SogouSoftware\Download\BindSoft\pcmgr]
"ShowUITime" = "Type: REG_QWORD, Length: 8"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "7F A3 E7 6F 7A 6D 0F ED D0 AB 90 1E 6D EF 38 D7"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name" = "SogouSoftware.exe"

[HKU\S-1-5-19\Software\SogouSoftware\Download\BindSoft\pcmgr]
"UITotalShowTime" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKU\S-1-5-19_CLASSES\SOFTWARE\SogouSoftware\Download\BindSoft\pcmgr]
"ShowUITime" = "Type: REG_QWORD, Length: 8"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\SogouSoftware\Download\BindSoft\pcmgr]
"ShowUITime" = "Type: REG_QWORD, Length: 8"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016052520160526]
"CacheRepair" = "0"
"CacheOptions" = "11"

[HKU\S-1-5-20_CLASSES\SOFTWARE\SogouSoftware\Download\BindSoft\pcmgr]
"UITotalShowTime" = "1"

The Trojan-Downloader modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan-Downloader modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan-Downloader modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan-Downloader deletes the following registry key(s):

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014031720140318]

The Trojan-Downloader deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process UpdateService.exe:832 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8B 11 E5 96 32 1D C3 5D 8C 06 14 FE F2 E1 B6 32"

The process UpdateService.exe:1364 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6A B0 EE 69 0E 23 59 82 FE 05 D9 56 3C 48 F2 C9"

The process ExternalApp.exe:404 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\SogouSoftware\download\download]
"MiniTPFw.exe" = "MiniTPFw Application"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D4D786E8-0535-41DB-91F8-B18ABBCCDE6C}]
"AppPath" = ""

[HKLM\SOFTWARE\SogouSoftware]
"InstallTime" = "DA 77 45 57 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SogouSoftware]
"DisplayIcon" = "%Program Files%\SogouSoftware\SogouSoftware.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1D 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKU\S-1-5-19\Software\SogouSoftware\Download]
"DownloadPath" = "C:\SogouDownload"

[HKU\.DEFAULT\Software\SogouSoftware\Download]
"DownloadPath" = "C:\SogouDownload"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKU\S-1-5-19_CLASSES\SOFTWARE\SogouSoftware\Download]
"DownloadPath" = "C:\SogouDownload"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SogouSoftware]
"UninstallString" = "%Program Files%\SogouSoftware\uninst.exe"

[HKCR\CLSID\{D4D786E8-0535-41DB-91F8-B18ABBCCDE6C}\LocalServer32]
"(Default)" = "%Program Files%\SogouSoftware\SogouSoftware.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SogouSoftware]
"Publisher" = "Sogou.com"

[HKLM\SOFTWARE\SogouSoftware]
"InstallPath" = "%Program Files%\SogouSoftware"
"HWID" = "43 9C 2B FF A1 3F 3A 49 4B 96 9E 2E F7 6D 66 0B"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\SogouSoftware]
"ProgrameModulesDir" = "%Program Files%\SogouSoftware\3.1.13.88"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SogouSoftware]
"DisplayVersion" = "3.1.13.88"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"

[HKLM\SOFTWARE\SogouSoftware]
"LaunchAppPath" = "%Program Files%\SogouSoftware\SogouSoftware.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

[HKU\S-1-5-20\Software\SogouSoftware\Download]
"DownloadPath" = "C:\SogouDownload"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A1 0C 2D DA 70 B1 15 B3 5A 0D 87 7F 85 44 BB C8"

[HKLM\SOFTWARE\SogouSoftware]
"Version" = "3.1.13.88"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\SogouSoftware\Download]
"DownloadPath" = "C:\SogouDownload"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D4D786E8-0535-41DB-91F8-B18ABBCCDE6C}]
"AppName" = ""
"Policy" = "3"

[HKU\S-1-5-20_CLASSES\SOFTWARE\SogouSoftware\Download]
"DownloadPath" = "C:\SogouDownload"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SogouSoftware]
"DisplayName" = "Èí¼þÖúÊÖ"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCU\Software\Classes\Software\SogouSoftware\Download]
"DownloadPath" = "C:\SogouDownload"

The Trojan-Downloader modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan-Downloader modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The Trojan-Downloader modifies IE settings for security zones to map all urls to the Intranet Zone:

"IntranetName" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

To automatically run itself each time Windows is booted, the Trojan-Downloader adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"SogouSoftware" = "%Program Files%\SogouSoftware\SogouSoftware.exe /AutoRun"

The Trojan-Downloader deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process MiniThunderPlatform.exe:968 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1E 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "49 96 69 8F A9 33 3A A5 4B 9C B1 D9 0B FC 5C E0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

The Trojan-Downloader modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan-Downloader modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan-Downloader modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan-Downloader deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process minidownload.exe:224 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "72 D9 A5 52 40 36 CA 89 1B 54 5E 3A D6 B9 7F E8"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

The process regsvr32.exe:1688 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKCR\Interface\{6D89601E-1736-40FB-A3A5-84A376F286D0}\TypeLib]
"Version" = "1.0"

[HKCR\TypeLib\{13D91BAE-B37C-41C3-AE86-463E53990546}\1.0\HELPDIR]
"(Default)" = "%Program Files%\SogouSoftware\3.1.13.88"

[HKCR\Interface\{6D89601E-1736-40FB-A3A5-84A376F286D0}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{6D89601E-1736-40FB-A3A5-84A376F286D0}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{64608416-BAFE-43A2-91C4-324C6CA4EF52}]
"(Default)" = "IGameDownload"

[HKCR\Interface\{64608416-BAFE-43A2-91C4-324C6CA4EF52}\TypeLib]
"Version" = "1.0"

[HKLM\SOFTWARE\MozillaPlugins\@sogou.com/SGDownloadPlugin]
"Descripton" = "搜狗高速下载控件"

[HKCR\Interface\{6D89601E-1736-40FB-A3A5-84A376F286D0}\TypeLib]
"(Default)" = "{13D91BAE-B37C-41C3-AE86-463E53990546}"

[HKCR\Interface\{64608416-BAFE-43A2-91C4-324C6CA4EF52}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKLM\SOFTWARE\MozillaPlugins\@sogou.com/SGDownloadPlugin]
"Path" = "%Program Files%\SogouSoftware\3.1.13.88\npdownload.dll"

[HKCR\CLSID\{D1871D0A-4929-4A3C-AAE5-684235E62244}\TypeLib]
"(Default)" = "{13D91BAE-B37C-41C3-AE86-463E53990546}"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{591F8191-A8E0-4535-9FC0-05179F13434E}Machine\SOFTWARE\Policies\Google\Chrome\EnabledPlugins]
"1" = "搜狗高速下载助手"

[HKCR\CLSID\{D1871D0A-4929-4A3C-AAE5-684235E62244}]
"(Default)" = "DownLoadBHO Class"

[HKCR\CLSID\{D1871D0A-4929-4A3C-AAE5-684235E62244}\InprocServer32]
"ThreadingModel" = "Apartment"

[HKLM\SOFTWARE\MozillaPlugins\@sogou.com/SGDownloadPlugin]
"ProductName" = "搜狗高速下载助手"

[HKLM\SOFTWARE\Policies\Google\Chrome\EnabledPlugins]
"1" = "搜狗高速下载助手"

[HKCR\Interface\{6D89601E-1736-40FB-A3A5-84A376F286D0}]
"(Default)" = "IDownLoadBHO"

[HKCR\Interface\{64608416-BAFE-43A2-91C4-324C6CA4EF52}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\Interface\{64608416-BAFE-43A2-91C4-324C6CA4EF52}\TypeLib]
"(Default)" = "{13D91BAE-B37C-41C3-AE86-463E53990546}"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "81 D8 3E 6B 63 9D DD 32 C0 51 08 E9 40 E7 2E E7"

[HKLM\SOFTWARE\MozillaPlugins\@sogou.com/SGDownloadPlugin]
"Version" = "3.1.13.88"

[HKCR\TypeLib\{13D91BAE-B37C-41C3-AE86-463E53990546}\1.0]
"(Default)" = "SogouDownLoadLib"

[HKCR\TypeLib\{13D91BAE-B37C-41C3-AE86-463E53990546}\1.0\0\win32]
"(Default)" = "%Program Files%\SogouSoftware\3.1.13.88\npdownload.dll"

[HKLM\SOFTWARE\MozillaPlugins\@sogou.com/SGDownloadPlugin]
"vendor" = "Sogou.com Inc."

[HKCR\TypeLib\{13D91BAE-B37C-41C3-AE86-463E53990546}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\CLSID\{D1871D0A-4929-4A3C-AAE5-684235E62244}\Version]
"(Default)" = "1.0"

[HKCR\CLSID\{D1871D0A-4929-4A3C-AAE5-684235E62244}\InprocServer32]
"(Default)" = "%Program Files%\SogouSoftware\3.1.13.88\npdownload.dll"

The Trojan-Downloader deletes the following registry key(s):

[HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{591F8191-A8E0-4535-9FC0-05179F13434E}Machine\SOFTWARE\Policies]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{591F8191-A8E0-4535-9FC0-05179F13434E}Machine\SOFTWARE]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{591F8191-A8E0-4535-9FC0-05179F13434E}User]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{591F8191-A8E0-4535-9FC0-05179F13434E}Machine\SOFTWARE\Policies\Google\Chrome\EnabledPlugins]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{591F8191-A8E0-4535-9FC0-05179F13434E}Machine\SOFTWARE\Policies\Google]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{591F8191-A8E0-4535-9FC0-05179F13434E}Machine]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{591F8191-A8E0-4535-9FC0-05179F13434E}Machine\SOFTWARE\Policies\Google\Chrome]

The process %original file name%.exe:1432 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\SogouSoftware]
"unc" = "sogousoftware_normal"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1B 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp]
"minidownload.exe" = "软件助手安装包"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D5 BE 8E B1 1A F5 E5 A6 01 31 C1 85 E2 43 FC 9F"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\SogouSoftware]
"SogouSoftware.exe" = "软件助手"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

The Trojan-Downloader modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan-Downloader modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan-Downloader modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan-Downloader deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process MiniTPFw.exe:976 makes changes in the system registry.
The Trojan-Downloader creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "40 47 6A 47 6E 6D CD 0D E3 1D 7A BA 7A 7A 25 8A"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\SogouSoftware\download\download]
"ThunderFW.exe" = "ThunderFW"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

The Trojan-Downloader modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass" = "1"

The Trojan-Downloader modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

"UNCAsIntranet" = "1"

The Trojan-Downloader modifies IE settings for security zones to map all urls to the Intranet Zone:

"IntranetName" = "1"

Dropped PE files

MD5 File path
35dd9eaa485ee78c230a32d06c87db02 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\SuiteDownloader20160222153349.exe
0618e9851ea4a522abeded8d40c2f19e c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\minidownload.exe
97674b9e8372cd7a92e190a99857e9c9 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\SogouSoftwareExternalApp[1].exe
35dd9eaa485ee78c230a32d06c87db02 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\SuiteDownloader20160222153349[1].exe
d6b63919b616a18eaee3bfa6e69e9164 c:\Program Files\SogouSoftware\3.1.13.88\ApkTool\.svn\text-base\AdbWinApi.dll.svn-base
042049404a54249ba8d1bf576fb9f83e c:\Program Files\SogouSoftware\3.1.13.88\ApkTool\.svn\text-base\AdbWinUsbApi.dll.svn-base
aa08d12f51675c4a122cf4993fad1a9d c:\Program Files\SogouSoftware\3.1.13.88\ApkTool\.svn\text-base\SogouAapt.exe.svn-base
5ddc926fbfd06a5397638b2d88c024d8 c:\Program Files\SogouSoftware\3.1.13.88\ApkTool\.svn\text-base\SogouPhoneService.exe.svn-base
ba9778b3591aabf1248e76f247290b7a c:\Program Files\SogouSoftware\3.1.13.88\ApkTool\.svn\text-base\aapt.exe.svn-base
60635fa3998b0c009ebec10c662f9442 c:\Program Files\SogouSoftware\3.1.13.88\ApkTool\.svn\text-base\adbdll.dll.svn-base
d6b63919b616a18eaee3bfa6e69e9164 c:\Program Files\SogouSoftware\3.1.13.88\ApkTool\AdbWinApi.dll
042049404a54249ba8d1bf576fb9f83e c:\Program Files\SogouSoftware\3.1.13.88\ApkTool\AdbWinUsbApi.dll
cf73c3a03582408d422d4f7a01190d00 c:\Program Files\SogouSoftware\3.1.13.88\ApkTool\DrvInst32\.svn\text-base\DIFxAPI.dll.svn-base
cb0271c0b2c28c02dd41cd42e91e7727 c:\Program Files\SogouSoftware\3.1.13.88\ApkTool\DrvInst32\.svn\text-base\DrvInst_x86.exe.svn-base
cf73c3a03582408d422d4f7a01190d00 c:\Program Files\SogouSoftware\3.1.13.88\ApkTool\DrvInst32\DIFxAPI.dll
cb0271c0b2c28c02dd41cd42e91e7727 c:\Program Files\SogouSoftware\3.1.13.88\ApkTool\DrvInst32\DrvInst_x86.exe
1a2e5109c2bb5c68d499e17b83acb73a c:\Program Files\SogouSoftware\3.1.13.88\ApkTool\DrvInst64\.svn\text-base\DIFxAPI.dll.svn-base
5486198f3722f33cab1ae7c8957cc43c c:\Program Files\SogouSoftware\3.1.13.88\ApkTool\DrvInst64\.svn\text-base\DrvInst_x64.exe.svn-base
1a2e5109c2bb5c68d499e17b83acb73a c:\Program Files\SogouSoftware\3.1.13.88\ApkTool\DrvInst64\DIFxAPI.dll
5486198f3722f33cab1ae7c8957cc43c c:\Program Files\SogouSoftware\3.1.13.88\ApkTool\DrvInst64\DrvInst_x64.exe
aa08d12f51675c4a122cf4993fad1a9d c:\Program Files\SogouSoftware\3.1.13.88\ApkTool\SogouAapt.exe
954c8c88daae365d41670367c9322b1f c:\Program Files\SogouSoftware\3.1.13.88\ApkTool\SogouApkTool.exe
5ddc926fbfd06a5397638b2d88c024d8 c:\Program Files\SogouSoftware\3.1.13.88\ApkTool\SogouPhoneService.exe
ba9778b3591aabf1248e76f247290b7a c:\Program Files\SogouSoftware\3.1.13.88\ApkTool\aapt.exe
60635fa3998b0c009ebec10c662f9442 c:\Program Files\SogouSoftware\3.1.13.88\ApkTool\adbdll.dll
aa96be4792f35c1c6769b987777b4b0c c:\Program Files\SogouSoftware\3.1.13.88\CommonState.dll
d37824a5fc42f0111826255e527c27ca c:\Program Files\SogouSoftware\3.1.13.88\DuiLib.dll
f997ef607a16ebeb476985a437fc888b c:\Program Files\SogouSoftware\3.1.13.88\IEHint.dll
8a3d63305f2e263d29e53e61ffd82881 c:\Program Files\SogouSoftware\3.1.13.88\IEHint64.dll
32ed4c3d7ae6aaf14c05c96234272865 c:\Program Files\SogouSoftware\3.1.13.88\SogouSoftware.dll
1c4286c71af15003552510b1aeac00cf c:\Program Files\SogouSoftware\3.1.13.88\npdownload.dll
203ed2272b37d5802a97127435c00125 c:\Program Files\SogouSoftware\3.1.13.88\npdownload64.dll
d9ea45a9f95a26e4d406db4cc99d8d37 c:\Program Files\SogouSoftware\3.1.13.88\sqlite3.dll
0bc2d003fcfe3fa65f4c3ba7a015fa41 c:\Program Files\SogouSoftware\SogouSoftware.exe
b1ce2dba9515e144908aa34ac77f5a46 c:\Program Files\SogouSoftware\SogouSoftwareLoader.dll
5d4a135fedd49b7ab79cf2c2d8e2d611 c:\Program Files\SogouSoftware\crash\.svn\text-base\ExceptionReport.exe.svn-base
5d4a135fedd49b7ab79cf2c2d8e2d611 c:\Program Files\SogouSoftware\crash\ExceptionReport.exe
58bb62e88687791ad2ea5d8d6e3fe18b c:\Program Files\SogouSoftware\download\download\.svn\text-base\MiniTPFw.exe.svn-base
e2e9483568dc53f68be0b80c34fe27fb c:\Program Files\SogouSoftware\download\download\.svn\text-base\MiniThunderPlatform.exe.svn-base
f0372ff8a6148498b19e04203dbb9e69 c:\Program Files\SogouSoftware\download\download\.svn\text-base\ThunderFW.exe.svn-base
79cb6457c81ada9eb7f2087ce799aaa7 c:\Program Files\SogouSoftware\download\download\.svn\text-base\atl71.dll.svn-base
dba9a19752b52943a0850a7e19ac600a c:\Program Files\SogouSoftware\download\download\.svn\text-base\dl_peer_id.dll.svn-base
1a87ff238df9ea26e76b56f34e18402c c:\Program Files\SogouSoftware\download\download\.svn\text-base\download_engine.dll.svn-base
a94dc60a90efd7a35c36d971e3ee7470 c:\Program Files\SogouSoftware\download\download\.svn\text-base\msvcp71.dll.svn-base
ca2f560921b7b8be1cf555a5a18d54c3 c:\Program Files\SogouSoftware\download\download\.svn\text-base\msvcr71.dll.svn-base
89f6488524eaa3e5a66c5f34f3b92405 c:\Program Files\SogouSoftware\download\download\.svn\text-base\zlib1.dll.svn-base
58bb62e88687791ad2ea5d8d6e3fe18b c:\Program Files\SogouSoftware\download\download\MiniTPFw.exe
e2e9483568dc53f68be0b80c34fe27fb c:\Program Files\SogouSoftware\download\download\MiniThunderPlatform.exe
f0372ff8a6148498b19e04203dbb9e69 c:\Program Files\SogouSoftware\download\download\ThunderFW.exe
79cb6457c81ada9eb7f2087ce799aaa7 c:\Program Files\SogouSoftware\download\download\atl71.dll
dba9a19752b52943a0850a7e19ac600a c:\Program Files\SogouSoftware\download\download\dl_peer_id.dll
1a87ff238df9ea26e76b56f34e18402c c:\Program Files\SogouSoftware\download\download\download_engine.dll
a94dc60a90efd7a35c36d971e3ee7470 c:\Program Files\SogouSoftware\download\download\msvcp71.dll
ca2f560921b7b8be1cf555a5a18d54c3 c:\Program Files\SogouSoftware\download\download\msvcr71.dll
89f6488524eaa3e5a66c5f34f3b92405 c:\Program Files\SogouSoftware\download\download\zlib1.dll
208662418974bca6faab5c0ca6f7debf c:\Program Files\SogouSoftware\download\xldl.dll
da6b9b44d90f836349a58044a4e3cc5f c:\Program Files\SogouSoftware\uninst.exe
4988eefd7a5c3460ecf94da11351dffc c:\Program Files\SogouSoftware\update\USBDT.dll
fa7af1729e355a46d74caa2aafec6b34 c:\Program Files\SogouSoftware\update\UpdateService.exe

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

Company Name: Sogou.com Inc.
Product Name: ????
Product Version: 3.1.12.94
Legal Copyright: (c) 2014 Sogou.com Inc. All rights reserved.
Legal Trademarks:
Original Filename: MiniDownLoad.exe
Internal Name: MiniDownLoad.exe
File Version: 3.1.12.94
File Description: ????
Comments:
Language: English (United States)

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Section MD5
.text 4096 179921 180224 4.60592 0629a4d96cd09184d5b71419ddf1ea48
.rdata 184320 31526 31744 3.37334 ad64d3debeed262d95252d1a88767ce9
.data 217088 16416 7168 2.74403 8d5457a5ab90baaf932af06d428c08cb
.rsrc 237568 2139704 2140160 5.50059 b3aa9087b2f8e3a00a89d7e9379013b9
.reloc 2379776 17914 17920 2.83903 5cff4fd471f67ecfd435f6daffd9a2e4

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

Total found: 19
f5339300281ab965a05a9ea2accd896c
ec61cebc3d713dfbb11617e20a5a7de9
a53282bd916e038883ada39e612750da
310088b2b3d0eca7dee66906b0516b67
2b9c544e9d9bed6700a0351f8002c973
d3dc729fde63c33b3bbdb9c54f9c60aa
c4a82f0548b30ab2c863c915088d86cb
1b4568c01828c03243984ac682520882
a997830373803150fa0c3689ead2c512
511c1a910b9eb9838314a47b5fe1b8e6
3162b0f5a6b267a2873ee007816e9f33
cf6dc94e815fd079ba27bf97e4f5c5c0
ec012b0bb2a02ee853b7ca042bb7e126
8f12f554dab4b7b14986a214da80c62a
bf7a2d777411a7510057d126ddb4efdc
8016cf9f4b01df5c925de5e366feef2b
a57644fd92464f84b407a671faf519bd
191771a6a4e5c01ea81e0b3ce14cc234
f5d9dc4fbe70a165f0da329e699ad6ef

URLs

URL IP
hxxp://ctc.proxy.sogou.com/appinfo?num=8961
hxxp://ctc.ping.sogou.com/pingd?srctype=sogousoftware&gid=gVMH-W4-eABbBFUKZSRC2N0000o30f--&unc=sogousoftware_normal&t=10&rand=1464170432
hxxp://1st.dtwscachev452.ourwebcdn.com/images/upload/upc/tx/pcdlc/pc/10344.jpg
hxxp://ctc.proxy.sogou.com/handleUserIdDb256?userid=439c2bffa13f3a494b969e2ef76d660b&downloadtype=bpackage&unc=sogousoftware_normal&pcid=0&mode=recommend
hxxp://sogou.ndlmix.ourdvs.com/externalapp/SogouSoftwareExternalApp.exe
hxxp://ctc.ping.sogou.com/pingd?srctype=sogousoftware&gid=gVMH-W4-eABbBFUKZSRC2P4dm0o30000&unc=sogousoftware_normal&t=1&rand=1464170459
hxxp://ctc.proxy.sogou.com/handleUserIdDb?userid=439c2bffa13f3a494b969e2ef76d660b&unc=sogousoftware_normal&mode=recommend
hxxp://ctc.proxy.sogou.com/handleUserIdDb256?userid=439c2bffa13f3a494b969e2ef76d660b&downloadtype=software&unc=sogousoftware_normal&pcid=-5561624350552157631&mode=recommend
hxxp://ctc.proxy.sogou.com/update_platform/update.php?appname=sogoudownload_bindpcmgrcontrol&v=1.0.0.0
hxxp://ctc.proxy.sogou.com/update_platform/done.php?v=1.0.0.0&appname=sogoudownload_bindpcmgrcontrol&state=1
hxxp://ctc.proxy.sogou.com/softRecommend
hxxp://ctc.proxy.sogou.com/softRanking
hxxp://ctc.proxy.sogou.com/comm/redir?softdown=1&u=YRyEVuHeM447o7sJASc53IrDwXL502GEmYD2TTWJr9gu_wtqBzEiCdrWlVI05AY0CFqb2aIVezbm2TIaMN1IMjIWkvnkjuR7Wsy-daJnv4zfN_LPkloCAGTpPVpZ3Le85YBgdDpio-1W-sy2rljMVSLhDQYQju08&pcid=-5561624350552157631&filename=3.9.1.130_20141103045254.exe
hxxp://a71.g1.akamai.net/invc/xfspeed/qqpcmgr/download/SuiteDownloader20160222153349.exe
hxxp://ctc.ping.sogou.com/pingd?srctype=sogousoftware&gid=gVMH-W4-eABbBFUKZSRC2P4dm0o30000&unc=sogousoftware_normal&t=801&rand=1464170461
hxxp://ctc.proxy.sogou.com/softassis/css/recommend.css?vs=1.0
hxxp://ctc.ping.sogou.com/pingd?srctype=sogousoftware&gid=gVMH-W4-eABbBFUKZSRC2P4dm0o30000&unc=sogousoftware_normal&t=230&bindtype=thirdparty_pcmgr_qb&bindname=pcmgr&weight=0&scheme=&rand=1464170464
hxxp://ctc.proxy.sogou.com/softassis/js/jquery-1.7.2.min.js
hxxp://ctc.proxy.sogou.com/softassis/css/ranking.css
hxxp://ctc.ping.sogou.com/pingd?srctype=sogousoftware&gid=gVMH-W4-eABbBFUKZSRC2P4dm0o30000&unc=sogousoftware_normal&t=231&bindtype=thirdparty_pcmgr_qb&bindname=pcmgr&weight=0&scheme=&rand=1464170464
hxxp://ctc.proxy.sogou.com/pc_assist/install_check.php
hxxp://ctc.ping.sogou.com/pingd?srctype=sogousoftware&gid=gVMH-W4-eABbBFUKZSRC2P4dm0o30000&unc=sogousoftware_normal&t=4&activatetype=download&rand=1464170465
hxxp://ctc.proxy.sogou.com/js/jquery-1.11.1.min.js
hxxp://sogou.ndlmix.ourdvs.com/cooperation/popuprecommend/installfinishbind-qqbrowser-only.xml
hxxp://ctc.ping.sogou.com/pingd?srctype=sogousoftware&gid=gVMH-W4-eABbBFUKZSRC2P4dm0o30000&unc=sogousoftware_normal&t=5&servicestate=4&rand=1464170465
hxxp://ctc.ping.sogou.com/pingd?srctype=sogousoftware&gid=gVMH-W4-eABbBFUKZSRC2P4dm0o30000&unc=sogousoftware_normal&t=800&sogousoftware=1&updateservice=1&rand=1464170465
hxxp://ctc.proxy.sogou.com/pc_assist/local_info.php
hxxp://c16b09.sandai.net/
hxxp://ctc.ping.sogou.com/pingd?srctype=sogousoftware&gid=gVMH-W4-eABbBFUKZSRC2P4dm0o30000&unc=sogousoftware_normal&t=11&sogousoftware=1&updateservice=1&rand=1464170465
hxxp://cdn.kmplayer.com.cdnga.net/KMP/player/download/install/3.9.1.130_20141103045254.exe?filename=3.9.1.130_20141103045254.exe 14.0.43.68
hxxp://cnchub5sr.sandai.net/
hxxp://cnchubstat.sandai.net/
hxxp://ctc.ping.sogou.com/pingd?srctype=sogousoftware&gid=gVMH-W4-eABbBFUKZSRC2P4dm0o30000&unc=sogousoftware_normal&t=100&tasktype=2&pcid=-5561624350552157631&downloadtype=software&softname=KMPlayer播放器&extension=exe&rand=1464170466
hxxp://ctc.ping.sogou.com/pingd?srctype=sogousoftware&gid=gVMH-W4-eABbBFUKZSRC2P4dm0o30000&unc=sogousoftware_normal&t=230&bindtype=installfinishbind&bindname=QQBrowser&weight=0&scheme=a&rand=1464170466
hxxp://sogou.ndlmix.ourdvs.com/cooperation/popuprecommend/cooperation/install_finish_qqbrowser.html
hxxp://ctc.proxy.sogou.com/update_platform/update.php?appname=sogoudownload_bindsecontrol&v=1.0.0.0
hxxp://ctc.proxy.sogou.com/pc_assist/newversion_info.php
hxxp://ctc.proxy.sogou.com/pc_assist/silent_install.php
hxxp://ctc.proxy.sogou.com/update_platform/done.php?v=1.0.0.0&appname=sogoudownload_bindsecontrol&state=1
hxxp://ctc.proxy.sogou.com/pc_assist/soft_info.php?fields=logo_url
hxxp://ctc.proxy.sogou.com/js/scroll.js?vs=03
hxxp://ctc.proxy.sogou.com/img/recommend-btn.png
hxxp://img01.sogoucdn.com.stage.cdntip.com/app/a/10190001/381427456234840 220.195.17.25
hxxp://ctc.c.proxy.sogou.com/net/a/66/link?appid=66&url=http://dl.app.sogou.com/pc_logo/zhuanti_58_640x260.jpg&r=
hxxp://ctc.c.proxy.sogou.com/net/a/66/link?appid=66&url=http://dl.app.sogou.com/pc_logo/yijianchongzhuang_745x240.png&r=
hxxp://img01.sogoucdn.com.stage.cdntip.com/app/a/10190001/CC1430117533187 220.195.17.25
hxxp://img01.sogoucdn.com.stage.cdntip.com/app/a/10190001/741430117543639 220.195.17.25
hxxp://ctc.ping.sogou.com/pingd?srctype=sogousoftware&gid=gVMH-W4-eABbBFUKZSRC2P4dm0o30000&unc=sogousoftware_normal&t=310&num=1&rand=1464170468
hxxp://ctc.proxy.sogou.com/ie-css3.htc
hxxp://imhub5pr.sandai.net/
hxxp://cnchub5pr.sandai.net/
hxxp://c04023.sandai.net/
hxxp://sogou.ndlmix.ourdvs.com/pc_logo/7638937123950702413.png
hxxp://sogou.ndlmix.ourdvs.com/128128.png
hxxp://ctc.proxy.sogou.com/softassis/img/loading.gif
hxxp://ctc.proxy.sogou.com/ajax/loadItem
hxxp://ctc.proxy.sogou.com/softRanking/loadMore?pageSize=10&pageNo=1
hxxp://ctc.c.proxy.sogou.com/net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/-3080605666447722537.png&r=null
hxxp://ctc.c.proxy.sogou.com/net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/5632829225944923461.png&r=null
hxxp://ctc.proxy.sogou.com/softassis/img/ranking-ico.png
hxxp://ctc.c.proxy.sogou.com/net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/4871856506745242874.png&r=null
hxxp://ctc.c.proxy.sogou.com/net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/-6699374927030488929.png&r=null
hxxp://ctc.c.proxy.sogou.com/net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/-3726774318030095000.png&r=null
hxxp://ctc.c.proxy.sogou.com/net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/-3230604409881581210.png&r=null
hxxp://ctc.c.proxy.sogou.com/net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/-7654919934142823378.png&r=null
hxxp://ctc.c.proxy.sogou.com/net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/2040683535505104749.png&r=null
hxxp://ctc.c.proxy.sogou.com/net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/-6542522661282298716.png&r=null
hxxp://ctc.c.proxy.sogou.com/net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/8623308865128809051.png&r=null
hxxp://ctc.c.proxy.sogou.com/net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/-1433550905860313072.png&r=null
hxxp://ctc.c.proxy.sogou.com/net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/6940656908449948330.png&r=null
hxxp://ctc.c.proxy.sogou.com/net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/4669602030091557924.png&r=null
hxxp://ctc.c.proxy.sogou.com/net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/1882834511144817344.png&r=null
hxxp://ping.t.sogou.com/pingd?srctype=sogousoftware&gid=gVMH-W4-eABbBFUKZSRC2P4dm0o30000&unc=sogousoftware_normal&t=801&rand=1464170461 106.120.188.190
hxxp://ping.t.sogou.com/pingd?srctype=sogousoftware&gid=gVMH-W4-eABbBFUKZSRC2P4dm0o30000&unc=sogousoftware_normal&t=230&bindtype=installfinishbind&bindname=QQBrowser&weight=0&scheme=a&rand=1464170466 106.120.188.190
hxxp://cmc.imgstore.cdn.sogou.com/net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/6940656908449948330.png&r=null 106.120.151.203
hxxp://cmc.imgstore.cdn.sogou.com/net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/-3080605666447722537.png&r=null 106.120.151.203
hxxp://xz.sogou.com/softassis/css/recommend.css?vs=1.0 106.120.188.48
hxxp://xz.sogou.com/softassis/css/ranking.css 106.120.188.48
hxxp://img01.sogoucdn.com/app/a/10190001/381427456234840 220.195.17.25
hxxp://dl.app.sogou.com/128128.png 87.245.198.84
hxxp://cmc.imgstore.cdn.sogou.com/net/a/66/link?appid=66&url=http://dl.app.sogou.com/pc_logo/zhuanti_58_640x260.jpg&r= 106.120.151.203
hxxp://yze.t.sogou.com/cooperation/popuprecommend/cooperation/install_finish_qqbrowser.html 87.245.198.84
hxxp://ping.t.sogou.com/pingd?srctype=sogousoftware&gid=gVMH-W4-eABbBFUKZSRC2P4dm0o30000&unc=sogousoftware_normal&t=310&num=1&rand=1464170468 106.120.188.190
hxxp://cmc.imgstore.cdn.sogou.com/net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/8623308865128809051.png&r=null 106.120.151.203
hxxp://t.sogou.com/update_platform/update.php?appname=sogoudownload_bindsecontrol&v=1.0.0.0 36.110.147.36
hxxp://dl.app.sogou.com/pc_logo/7638937123950702413.png 87.245.198.84
hxxp://xz.sogou.com/softRanking/loadMore?pageSize=10&pageNo=1 106.120.188.48
hxxp://img.pconline.com.cn/images/upload/upc/tx/pcdlc/pc/10344.jpg 222.186.18.198
hxxp://cmc.imgstore.cdn.sogou.com/net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/-6542522661282298716.png&r=null 106.120.151.203
hxxp://xz.sogou.com/ajax/loadItem 106.120.188.48
hxxp://t.sogou.com/update_platform/done.php?v=1.0.0.0&appname=sogoudownload_bindpcmgrcontrol&state=1 36.110.147.36
hxxp://zs.xiazai.sogou.com/pc_assist/silent_install.php 106.120.188.47
hxxp://yz.app.sogou.com/appinfo?num=8961 36.110.147.35
hxxp://zs.xiazai.sogou.com/pc_assist/local_info.php 106.120.188.47
hxxp://cmc.imgstore.cdn.sogou.com/net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/-7654919934142823378.png&r=null 106.120.151.203
hxxp://xz.sogou.com/softRecommend 106.120.188.48
hxxp://cmc.imgstore.cdn.sogou.com/net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/2040683535505104749.png&r=null 106.120.151.203
hxxp://ping.t.sogou.com/pingd?srctype=sogousoftware&gid=gVMH-W4-eABbBFUKZSRC2P4dm0o30000&unc=sogousoftware_normal&t=1&rand=1464170459 106.120.188.190
hxxp://cmc.imgstore.cdn.sogou.com/net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/-1433550905860313072.png&r=null 106.120.151.203
hxxp://123.129.242.139:80/
hxxp://123.129.242.179:80/
hxxp://cmc.imgstore.cdn.sogou.com/net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/5632829225944923461.png&r=null 106.120.151.203
hxxp://ping.t.sogou.com/pingd?srctype=sogousoftware&gid=gVMH-W4-eABbBFUKZSRC2P4dm0o30000&unc=sogousoftware_normal&t=230&bindtype=thirdparty_pcmgr_qb&bindname=pcmgr&weight=0&scheme=&rand=1464170464 106.120.188.190
hxxp://cmc.imgstore.cdn.sogou.com/net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/-6699374927030488929.png&r=null 106.120.151.203
hxxp://cmc.imgstore.cdn.sogou.com/net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/-3230604409881581210.png&r=null 106.120.151.203
hxxp://cmc.imgstore.cdn.sogou.com/net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/1882834511144817344.png&r=null 106.120.151.203
hxxp://xz.sogou.com/softassis/img/ranking-ico.png 106.120.188.48
hxxp://ping.t.sogou.com/pingd?srctype=sogousoftware&gid=gVMH-W4-eABbBFUKZSRC2P4dm0o30000&unc=sogousoftware_normal&t=800&sogousoftware=1&updateservice=1&rand=1464170465 106.120.188.190
hxxp://ping.t.sogou.com/pingd?srctype=sogousoftware&gid=gVMH-W4-eABbBFUKZSRC2P4dm0o30000&unc=sogousoftware_normal&t=100&tasktype=2&pcid=-5561624350552157631&downloadtype=software&softname=KMPlayer播放器&extension=exe&rand=1464170466 106.120.188.190
hxxp://xz.sogou.com/softassis/img/loading.gif 106.120.188.48
hxxp://xz.sogou.com/softassis/js/jquery-1.7.2.min.js 106.120.188.48
hxxp://xz.sogou.com/handleUserIdDb256?userid=439c2bffa13f3a494b969e2ef76d660b&downloadtype=bpackage&unc=sogousoftware_normal&pcid=0&mode=recommend 106.120.188.48
hxxp://58.254.134.233:80/
hxxp://xiazai.sogou.com/comm/redir?softdown=1&u=YRyEVuHeM447o7sJASc53IrDwXL502GEmYD2TTWJr9gu_wtqBzEiCdrWlVI05AY0CFqb2aIVezbm2TIaMN1IMjIWkvnkjuR7Wsy-daJnv4zfN_LPkloCAGTpPVpZ3Le85YBgdDpio-1W-sy2rljMVSLhDQYQju08&pcid=-5561624350552157631&filename=3.9.1.130_20141103045254.exe 106.120.188.47
hxxp://zs.xiazai.sogou.com/pc_assist/install_check.php 106.120.188.47
hxxp://ping.t.sogou.com/pingd?srctype=sogousoftware&gid=gVMH-W4-eABbBFUKZSRC2P4dm0o30000&unc=sogousoftware_normal&t=5&servicestate=4&rand=1464170465 106.120.188.190
hxxp://xz.sogou.com/handleUserIdDb?userid=439c2bffa13f3a494b969e2ef76d660b&unc=sogousoftware_normal&mode=recommend 106.120.188.48
hxxp://xz.sogou.com/js/scroll.js?vs=03 106.120.188.48
hxxp://cdn.kmplayer.com/KMP/player/download/install/3.9.1.130_20141103045254.exe?filename=3.9.1.130_20141103045254.exe 14.0.43.68
hxxp://163.177.79.152:80/
hxxp://ping.t.sogou.com/pingd?srctype=sogousoftware&gid=gVMH-W4-eABbBFUKZSRC2P4dm0o30000&unc=sogousoftware_normal&t=11&sogousoftware=1&updateservice=1&rand=1464170465 106.120.188.190
hxxp://xz.sogou.com/handleUserIdDb256?userid=439c2bffa13f3a494b969e2ef76d660b&downloadtype=software&unc=sogousoftware_normal&pcid=-5561624350552157631&mode=recommend 106.120.188.48
hxxp://img03.sogoucdn.com/app/a/10190001/CC1430117533187 220.195.19.40
hxxp://t.sogou.com/update_platform/update.php?appname=sogoudownload_bindpcmgrcontrol&v=1.0.0.0 36.110.147.36
hxxp://ping.t.sogou.com/pingd?srctype=sogousoftware&gid=gVMH-W4-eABbBFUKZSRC2P4dm0o30000&unc=sogousoftware_normal&t=4&activatetype=download&rand=1464170465 106.120.188.190
hxxp://ping.t.sogou.com/pingd?srctype=sogousoftware&gid=gVMH-W4-eABbBFUKZSRC2P4dm0o30000&unc=sogousoftware_normal&t=231&bindtype=thirdparty_pcmgr_qb&bindname=pcmgr&weight=0&scheme=&rand=1464170464 106.120.188.190
hxxp://cmc.imgstore.cdn.sogou.com/net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/4871856506745242874.png&r=null 106.120.151.203
hxxp://t.sogou.com/update_platform/done.php?v=1.0.0.0&appname=sogoudownload_bindsecontrol&state=1 36.110.147.36
hxxp://zs.xiazai.sogou.com/pc_assist/soft_info.php?fields=logo_url 106.120.188.47
hxxp://xz.sogou.com/softRanking 106.120.188.48
hxxp://yze.t.sogou.com/externalapp/SogouSoftwareExternalApp.exe 87.245.198.84
hxxp://dlied6.qq.com/invc/xfspeed/qqpcmgr/download/SuiteDownloader20160222153349.exe 212.30.134.139
hxxp://yze.t.sogou.com/cooperation/popuprecommend/installfinishbind-qqbrowser-only.xml 87.245.198.84
hxxp://cmc.imgstore.cdn.sogou.com/net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/-3726774318030095000.png&r=null 106.120.151.203
hxxp://img04.sogoucdn.com/app/a/10190001/741430117543639 220.195.19.40
hxxp://xz.sogou.com/ie-css3.htc 106.120.188.48
hxxp://58.254.134.249:80/
hxxp://zs.xiazai.sogou.com/pc_assist/newversion_info.php 106.120.188.47
hxxp://ping.t.sogou.com/pingd?srctype=sogousoftware&gid=gVMH-W4-eABbBFUKZSRC2N0000o30f--&unc=sogousoftware_normal&t=10&rand=1464170432 106.120.188.190
hxxp://xz.sogou.com/js/jquery-1.11.1.min.js 106.120.188.48
hxxp://122.143.5.59:80/
hxxp://cmc.imgstore.cdn.sogou.com/net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/4669602030091557924.png&r=null 106.120.151.203
hxxp://xz.sogou.com/img/recommend-btn.png 106.120.188.48
hxxp://cmc.imgstore.cdn.sogou.com/net/a/66/link?appid=66&url=http://dl.app.sogou.com/pc_logo/yijianchongzhuang_745x240.png&r= 106.120.151.203
hub5idx.shub.hz.sandai.net 123.129.242.139
hub5pr.hz.sandai.net 58.254.134.233
pmap.hz.sandai.net 122.143.5.59
hub5c.hz.sandai.net 123.129.242.139
hub5pn.hz.sandai.net 119.188.94.160
hub5u.hz.sandai.net 58.254.134.144
relay.phub.hz.sandai.net 58.254.134.245
time.windows.com 40.69.40.157
hubstat.hz.sandai.net 123.129.242.179
hub5pnc.hz.sandai.net 119.189.1.17
score.phub.hz.sandai.net 163.177.79.152
imhub5pr.hz.sandai.net 58.254.134.249


IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected
ET TROJAN Suspicious User-Agent (HttpDownload)

Traffic

GET /KMP/player/download/install/3.9.1.130_20141103045254.exe?filename=3.9.1.130_20141103045254.exe HTTP/1.1
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Connection: Keep-Alive
Host: cdn.kmplayer.com
Pragma: no-cache
Range: bytes=0-
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.89 Safari/537.1


HTTP/1.1 404 Not Found
Date: Wed, 25 May 2016 10:01:03 GMT
Server: PWS/8.1.36
X-Px: ht h0-s1528.p0-kix.cdngp.net
ETag: "0"
Cache-Control: max-age=5
Expires: Wed, 25 May 2016 10:01:07 GMT
Age: 1
Content-Length: 0
Content-Type: text/html
Last-Modified: Wed, 02 Mar 2016 02:34:15 GMT
Connection: keep-alive



HEAD /cooperation/popuprecommend/cooperation/install_finish_qqbrowser.html HTTP/1.1
User-Agent: HttpRequest
Host: yze.t.sogou.com
Content-Length: 0
Cache-Control: no-cache
Cookie: IPLOC=UA; SUID=DA60F2C2DD83920A00000000574577BC; usid=DA60F2C24F0A900A00000000574577C9


HTTP/1.0 200 OK
Date: Wed, 25 May 2016 08:52:52 GMT
Content-Type: text/html
ETag: "972486199"
Accept-Ranges: bytes
Last-Modified: Tue, 10 Nov 2015 12:20:07 GMT
Content-Length: 1400
Server: WS CDN Server
Age: 4090
Via: 1.0 db80:8032 (Cdn Cache Server V2.0)
Connection: close



GET /pingd?srctype=sogousoftware&gid=gVMH-W4-eABbBFUKZSRC2P4dm0o30000&unc=sogousoftware_normal&t=801&rand=1464170461 HTTP/1.1
User-Agent: HttpRequest
Host: ping.t.sogou.com
Cookie: IPLOC=UA; SUID=DA60F2C2DD83920A00000000574577BC; usid=DA60F2C24F0A900A00000000574577C9


HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 May 2016 10:01:00 GMT
Content-Type: application/octet-stream
Content-Length: 0
Connection: keep-alive
....


GET /pingd?srctype=sogousoftware&gid=gVMH-W4-eABbBFUKZSRC2P4dm0o30000&unc=sogousoftware_normal&t=230&bindtype=thirdparty_pcmgr_qb&bindname=pcmgr&weight=0&scheme=&rand=1464170464 HTTP/1.1


User-Agent: HttpRequest
Host: ping.t.sogou.com
Cookie: IPLOC=UA; SUID=DA60F2C2DD83920A00000000574577BC; usid=DA60F2C24F0A900A00000000574577C9


HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 May 2016 10:01:00 GMT
Content-Type: application/octet-stream
Content-Length: 0
Connection: keep-alive
....


GET /pingd?srctype=sogousoftware&gid=gVMH-W4-eABbBFUKZSRC2P4dm0o30000&unc=sogousoftware_normal&t=231&bindtype=thirdparty_pcmgr_qb&bindname=pcmgr&weight=0&scheme=&rand=1464170464 HTTP/1.1


User-Agent: HttpRequest
Host: ping.t.sogou.com
Cookie: IPLOC=UA; SUID=DA60F2C2DD83920A00000000574577BC; usid=DA60F2C24F0A900A00000000574577C9


HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 May 2016 10:01:00 GMT
Content-Type: application/octet-stream
Content-Length: 0
Connection: keep-alive
....


GET /pingd?srctype=sogousoftware&gid=gVMH-W4-eABbBFUKZSRC2P4dm0o30000&unc=sogousoftware_normal&t=4&activatetype=download&rand=1464170465 HTTP/1.1


User-Agent: HttpRequest
Host: ping.t.sogou.com
Cookie: IPLOC=UA; SUID=DA60F2C2DD83920A00000000574577BC; usid=DA60F2C24F0A900A00000000574577C9


HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 May 2016 10:01:01 GMT
Content-Type: application/octet-stream
Content-Length: 0
Connection: keep-alive
....


GET /pingd?srctype=sogousoftware&gid=gVMH-W4-eABbBFUKZSRC2P4dm0o30000&unc=sogousoftware_normal&t=5&servicestate=4&rand=1464170465 HTTP/1.1


User-Agent: HttpRequest
Host: ping.t.sogou.com
Cookie: IPLOC=UA; SUID=DA60F2C2DD83920A00000000574577BC; usid=DA60F2C24F0A900A00000000574577C9


HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 May 2016 10:01:01 GMT
Content-Type: application/octet-stream
Content-Length: 0
Connection: keep-alive
....


GET /pingd?srctype=sogousoftware&gid=gVMH-W4-eABbBFUKZSRC2P4dm0o30000&unc=sogousoftware_normal&t=800&sogousoftware=1&updateservice=1&rand=1464170465 HTTP/1.1


User-Agent: HttpRequest
Host: ping.t.sogou.com
Cookie: IPLOC=UA; SUID=DA60F2C2DD83920A00000000574577BC; usid=DA60F2C24F0A900A00000000574577C9


HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 May 2016 10:01:01 GMT
Content-Type: application/octet-stream
Content-Length: 0
Connection: keep-alive
....


GET /pingd?srctype=sogousoftware&gid=gVMH-W4-eABbBFUKZSRC2P4dm0o30000&unc=sogousoftware_normal&t=11&sogousoftware=1&updateservice=1&rand=1464170465 HTTP/1.1


User-Agent: HttpRequest
Host: ping.t.sogou.com
Cookie: IPLOC=UA; SUID=DA60F2C2DD83920A00000000574577BC; usid=DA60F2C24F0A900A00000000574577C9


HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 May 2016 10:01:01 GMT
Content-Type: application/octet-stream
Content-Length: 0
Connection: keep-alive
....


GET /pingd?srctype=sogousoftware&gid=gVMH-W4-eABbBFUKZSRC2P4dm0o30000&unc=sogousoftware_normal&t=100&tasktype=2&pcid=-5561624350552157631&downloadtype=software&softname=KMPlayer播放器&extension=exe&rand=1464170466 HTTP/1.1


User-Agent: HttpRequest
Host: ping.t.sogou.com
Cookie: IPLOC=UA; SUID=DA60F2C2DD83920A00000000574577BC; usid=DA60F2C24F0A900A00000000574577C9


HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 May 2016 10:01:02 GMT
Content-Type: application/octet-stream
Content-Length: 0
Connection: keep-alive
....


GET /pingd?srctype=sogousoftware&gid=gVMH-W4-eABbBFUKZSRC2P4dm0o30000&unc=sogousoftware_normal&t=230&bindtype=installfinishbind&bindname=QQBrowser&weight=0&scheme=a&rand=1464170466 HTTP/1.1


User-Agent: HttpRequest
Host: ping.t.sogou.com
Cookie: IPLOC=UA; SUID=DA60F2C2DD83920A00000000574577BC; usid=DA60F2C24F0A900A00000000574577C9


HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 May 2016 10:01:02 GMT
Content-Type: application/octet-stream
Content-Length: 0
Connection: keep-alive
HTTP/1.1 200 OK..Server: nginx..Date: Wed, 25 May 2016 10:01:02 GMT..C
ontent-Type: application/octet-stream..Content-Length: 0..Connection: 
keep-alive......


GET /pingd?srctype=sogousoftware&gid=gVMH-W4-eABbBFUKZSRC2P4dm0o30000&unc=sogousoftware_normal&t=310&num=1&rand=1464170468 HTTP/1.1


User-Agent: HttpRequest
Host: ping.t.sogou.com
Cookie: IPLOC=UA; SUID=DA60F2C2DD83920A00000000574577BC; usid=DA60F2C24F0A900A00000000574577C9


HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 May 2016 10:01:04 GMT
Content-Type: application/octet-stream
Content-Length: 0
Connection: keep-alive
HTTP/1.1 200 OK..Server: nginx..Date: Wed, 25 May 2016 10:01:04 GMT..C
ontent-Type: application/octet-stream..Content-Length: 0..Connection: 
keep-alive..



GET /KMP/player/download/install/3.9.1.130_20141103045254.exe?filename=3.9.1.130_20141103045254.exe HTTP/1.1
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Connection: Keep-Alive
Host: cdn.kmplayer.com
Pragma: no-cache
Range: bytes=0-
Referer: hXXp://cdn.kmplayer.com/KMP/player/download/install
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.89 Safari/537.1


HTTP/1.1 404 Not Found
Date: Wed, 25 May 2016 10:01:13 GMT
Server: PWS/8.1.36
X-Px: ht h0-s1632.p0-kix.cdngp.net
ETag: "0"
Cache-Control: max-age=5
Expires: Wed, 25 May 2016 10:01:17 GMT
Age: 1
Content-Length: 0
Content-Type: text/html
Last-Modified: Wed, 02 Mar 2016 02:34:15 GMT
Connection: keep-alive



POST / HTTP/1.1
Host: 123.129.242.139:80
Content-type: application/octet-stream
Content-Length: 268
Connection: Keep-Alive

<.............=...:....
[email protected]..._.J..=nl.>.....dY5.Q^.,....j.P....m..8.:...r...z....P...6.... .....z[email protected]..} r.N..w.Q....6oa.b/R.....
k
.N..".w..9....zc.m...(Mf..U!...?.#..aO.O.....;*YW.._..l.f...7........:n-......
HTTP/1.1 200 OK
Content-Length: 44
Content-Type: application/octet-stream
Connection: Close
HTTP/1.1 200 OK..Content-Length: 44..Content-Type: application/octet-s
tream..Connection: Close..<....... ...:.vi.....<.../.........\y.
J.......



GET /KMP/player/download/install/3.9.1.130_20141103045254.exe?filename=3.9.1.130_20141103045254.exe HTTP/1.1
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Connection: Keep-Alive
Host: cdn.kmplayer.com
Pragma: no-cache
Range: bytes=0-
Referer: hXXp://cdn.kmplayer.com/KMP/player/download/install
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.89 Safari/537.1


HTTP/1.1 404 Not Found
Date: Wed, 25 May 2016 10:01:03 GMT
Server: PWS/8.1.36
X-Px: ht h0-s1528.p0-kix.cdngp.net
ETag: "0"
Cache-Control: max-age=5
Expires: Wed, 25 May 2016 10:01:07 GMT
Age: 1
Content-Length: 0
Content-Type: text/html
Last-Modified: Wed, 02 Mar 2016 02:34:15 GMT
Connection: keep-alive



GET /pc_logo/7638937123950702413.png HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: dl.app.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=UA; SUID=DA60F2C2DD83920A00000000574577BC; usid=DA60F2C24F0A900A00000000574577C9


HTTP/1.0 503 Service Unavailable
Server: Cdn Cache Server V2.0
Date: Wed, 25 May 2016 10:01:08 GMT
Content-Type: text/html
Content-Length: 1604
Expires: Wed, 25 May 2016 10:01:08 GMT
X-Cache-Error: ERR_CANNOT_FORWARD 11
Via: 1.0 db79:82 (Cdn Cache Server V2.0)
Connection: close
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "htt
p://VVV.w3.org/TR/html4/loose.dtd">.<HTML><HEAD>.<ME
TA HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=gb2312"> .
<TITLE>......................URL..........</TITLE>.<STY
LE type="text/css"><!--BODY{background-color:#ffffff;font-family
:verdana,sans-serif}PRE{font-family:sans-serif}--></STYLE>.&l
t;/HEAD><BODY>.<H1>....</H1>.<H2>..........
......URL..........</H2>.<HR noshade size="1px">.<P>
.......................URL.......<A HREF="hXXp://dl.app.sogou.com/p
c_logo/7638937123950702413.png">hXXp://dl.app.sogou.com/pc_logo/763
8937123950702413.png</A>.<P>....................<UL>
.<LI>.<STRONG>.Unable to forward this request at this time
..<BR>................................</STRONG>.</UL>
;..<P>.This request could not be forwarded to the origin server 
or to any.parent caches.  The most likely cause for this error is that
:.<UL>.<LI>The cache administrator does not allow this cac
he to make .    direct connections to origin servers, and.<LI>Al
l configured parent caches are currently unreachable..</UL>.<
/P>.<P>......................................................
..................................<UL>.<LI>...............
............................................<LI>................
.................................</UL>.</P>.<P>.
<<< skipped >>>


GET /net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/-6699374927030488929.png&r=null HTTP/1.1
Accept: */*
Referer: hXXp://xz.sogou.com/softRanking
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cmc.imgstore.cdn.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=UA; SUID=DA60F2C2DD83920A00000000574577BC; usid=DA60F2C24F0A900A00000000574577C9


HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 May 2016 10:01:09 GMT
Content-Type: image/png
Content-Length: 10697
Connection: keep-alive
Last-Modified: Tue, 24 May 2016 13:47:40 GMT
Expires: Wed, 25 May 2016 13:47:40 GMT
Cache-Control: max-age=86400
ETag: 898bd53126700941ac869f6ade68bbfc
X-YunTu-Cache: HIT
X-Yuntu-Trace: bjzw_37_25
X-Yuntu-Trace-Proxy: bjzw_16_121
.PNG........IHDR..............>a.....gAMA......a.... cHRM..z&......
........u0...`..:....p..Q<....bKGD..............tIME.....$....*..(.
IDATx...y.]U}.......|3. ...9..@F."2.kQ.C...j......Sm...k.....G.-..O.A.
..2#...!..In.|..~....9..{........}>;.....Yk..............#..F.(....
[email protected].;[ s.d.7..p......t..X.EHd!...*`1..F...{H.3....g(....%
.I`.....5..,.."...N.N.N...=..D.... .f..sG.{.....9.....U!.8...*@l@...}.
p2p......_."j8P.../..0.......fm................pA..B.(..=..$..........
A'-......Q|[email protected].."..8..".p.\.c4.k..n..D..9....v....
...{..(}.7..VT.&.-..P.....#r.p...8...d..<....{* .......2.......q...
...#x.w.=A..rY%9.....5.e..rx...l....v.0.%!..7..........5~$......D.H...
.`..9I.NT*'[email protected].."....V..(..R.7.T@%.j.a."....7....m.D.....N.x......A
.6"<b....>....n.......V.. .~...@.(...........4y|#...ZTp.........
d......y#.J......s.G.M ....Uz.r.p<..q.s.p4...,*.8{Wqx ...y...e..3..
v...>..pm.."...&!J.....o^.z,.k..q.........bo..4:..5......dQJ.z]..*.
.5....X..3.GXaP..v...ht.$.....<(.,.../.........8..V. ..WhV.^s.7..i/
..........(...\....I.O...Sy.8....~..3.#....'. ..*...%....K....!2...nr.
..t..3&m*....Ys.........w0.j`J.P..k..R.`S...2......l......(.6......Y..
..ew..;.^.......`f680..l....n?...`...t=....([email protected]...
.v......*}.To...!*&h. ....X$....|...*[email protected]..^..."w.Y.|:..p......v.U
....Sk..D..s[I0..QsyH....V.c..q.....&..kB....w.....4.....l..j.<....
......'NI.f@. [email protected] 
...a..o......S.W"....@?...e..Qj.......Wy.c..C.Sy`.G.u.G...l.."&.(.
<<< skipped >>>

GET /net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/-3080605666447722537.png&r=null HTTP/1.1


Accept: */*
Referer: hXXp://xz.sogou.com/softRanking
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cmc.imgstore.cdn.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=UA; SUID=DA60F2C2DD83920A00000000574577BC; usid=DA60F2C24F0A900A00000000574577C9


HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 May 2016 10:01:10 GMT
Content-Type: image/png
Content-Length: 22286
Connection: keep-alive
Last-Modified: Tue, 24 May 2016 13:28:15 GMT
Expires: Wed, 25 May 2016 13:28:15 GMT
Cache-Control: max-age=86400
ETag: 1c5b7e9184f5cabc47327eaeee81712c
X-YunTu-Cache: HIT
X-Yuntu-Trace: bjzw_56_112
X-Yuntu-Trace-Proxy: sjs_86_87
.PNG........IHDR..............>a.....gAMA......a.... cHRM..z&......
........u0...`..:....p..Q<....bKGD.......C......pHYs...#...#.x.?v..
[email protected]..{.....\[email protected]
.Q[[.U...vh.EP.Vh@@..B...1.2.5Ow.g.{..~..}.=.R.T........{....{..].<
..?...l.z...`....7G..8...n.....f.D.7Z...;t.......d?........8w..1......
l....4....;T.6E'......?......r..,Y.OIq..},92........!.....".y..&`lt<
;\^]z...y..4.rEw)[email protected]..'d..5......#!..(...e.k.
..P)Uj...H.$h.[Wy....{..n1b.X.....#.k..1...AU...(.{....7.;q.P<:..d 
_.>,.?x..."JA}.$D8.d/.#......~.3..o.Uc.t........^f.%.bJq.(..0.A...x
.q....U.9...5......j.......Y...... [email protected]^D..G...oED....M..o....
..q\........L`\.I...^.K.e8..:.k...E..B.E>.....L...{.Sud..k.p......'
.)..E.2.7 .|."...^D...S.UU.3.e?....T.:5...k...i.[..M:..i..........y..s
[email protected]}....K ....0D...e.oJ...e'....#"X.z..u..?t..[.Wuvv....`.{Y
YY...B...g..>...X..z...!...|>...0b..e..3....Y.....K..k..7...M..9
....A..w5U.=...7.....~...b.5 ..,//..v......>.;..l.......g..m..c0.. 
N3.H.x.........DY...9..>..0<N.~`.u.....#.K^V.O../x..3.l/I...yV..
.s}............~.9.....3F0b......1..@. .T..../T.....x........_D..c..~.
s.....M..d........H.......v..W....9w.vvz6............{..|F... 7....`.:
.<...<.K<..e.N.)..~.T.'.K.g......n..O.2....<.V......K..C..
%..;...k.<.=.U...#.....!..k.O....?......O..?...e...#.:U..,K.8..z.e/
......F......a.-T3.D{..NNz?t..>.z%...pT.$-B.{.k. .A`s$..|....X..[..
..R.`..].v4.".c.9.....w.e.7c.3fii...........'ix..rZl..8`3./.!.....
<<< skipped >>>

GET /net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/-3230604409881581210.png&r=null HTTP/1.1


Accept: */*
Referer: hXXp://xz.sogou.com/softRanking
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cmc.imgstore.cdn.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=UA; SUID=DA60F2C2DD83920A00000000574577BC; usid=DA60F2C24F0A900A00000000574577C9


HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 May 2016 10:01:11 GMT
Content-Type: image/png
Content-Length: 22878
Connection: keep-alive
Last-Modified: Tue, 24 May 2016 14:17:50 GMT
Expires: Wed, 25 May 2016 14:17:50 GMT
Cache-Control: max-age=86400
ETag: 613c32fcb77d318181401f2880280cd7
X-YunTu-Cache: HIT
X-Yuntu-Trace: tc_52_37
X-Yuntu-Trace-Proxy: bjzw_91_49
.PNG........IHDR..............>a.....gAMA......a.... cHRM..z&......
........u0...`..:....p..Q<....bKGD..............pHYs..........o.d..
..tIME......1......XMIDATx.....$Yr..}...G.o._..v-]....F7.@...\f8....3.
....z....y..t..H.-.0#[email protected]...@/.U...U..{.o..w.fz...{....&0.u.2~...~.5.k
..Mz?p.E......c........K:.X.!./A.@........#...oDd.e@."}b._w...>(...
.m...%\~.".g:..<...<{.....8.\..rf.|r]..}:K...r.E.Q,.._.Y.!N.(...
.R!.P.M.........z...l.h~......|)..K...Q.^.......G.OY..Xv..tH..e/.=L...
..2.,.........d......[..B8.>[email protected].._..?..2,......Z.7.I'.d.bZ~O.
..p.Z...U...W./..nP.>..(s..3E....=...t.).........6.V?..........s...
h .[.d/.x...L..'T.QM..~...*(.8g..3.\0..>*........p....<....i...q
...E0...Y.C.L..eU......(....T4.....&....../..nQ..B.......x...  ...s"'&
lt;8.!wN...r.>....z?.t..&j..x.d..wK.J/ .<[email protected]$..g..._.
..X.3......sE...c0...w.-....#E....4.;R[.......|...SG.!...>[.2......
./,.F....4...x...`^.EY.....;...1..6....Oq""....JpG..g.an.X0W...:!....N
......D.>S...R..%.g.>.FY.3.4...C...} ....x.~...l..k.3..s......Gp
...%.OY.OY...>y..?...o2..A.`..TFD.L.S.....=...I.....>f.f1/..W@..
p9.i.\........D.m...e.U}.............s...3NU.Q..b.=/.f..d`.$....p...O.
[email protected]. (...r.1..#.......q.ns.. ...Q.!.._...
....K.....*..D...W.0...).....([email protected]=H0Q\e.....=..
..s..!...D...LI.h.m.J[....9..r..;.J%^.z..........?`.. ......l.yV..'b^.
..3...........E..K....d....".,.F}.....mI....3.2Y.....6.8.....!KJO..p.l
*J....5.I......'..1...)K..........4.6b;T..I....~.c....k.N..0.6'UF.
<<< skipped >>>

GET /net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/2040683535505104749.png&r=null HTTP/1.1


Accept: */*
Referer: hXXp://xz.sogou.com/softRanking
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cmc.imgstore.cdn.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=UA; SUID=DA60F2C2DD83920A00000000574577BC; usid=DA60F2C24F0A900A00000000574577C9


HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 May 2016 10:01:12 GMT
Content-Type: image/png
Content-Length: 73015
Connection: keep-alive
Last-Modified: Wed, 25 May 2016 02:00:28 GMT
Expires: Thu, 26 May 2016 02:00:28 GMT
Cache-Control: max-age=86400
ETag: 8b71a7af86e1628d89da697f4e1654e0
X-YunTu-Cache: HIT
X-Yuntu-Trace: tc_24_66
X-Yuntu-Trace-Proxy: yf_22_56
.PNG........IHDR.....................gAMA......a.... cHRM..z&.........
.....u0...`..:....p..Q<....bKGD.......X......pHYs...H...H.F.k>..
..tIME.....-1.3......IDATx...u.Ue...Z.>.Lw... .."...t.....*..b!.J.t
H..JJww....t.s.... ~.......[....3...s....W/....R9........../=(.....f..
...I5*x.x_... .$.SSn8...... ............~{D_.}o..9.....S..!s...?.0....
...=x.\9`shm...^...7...}.61.s.5..~ .N..v.r.s...i~.2...y.K6.....c.f..|.
J.r.L.&5y.D)&.e..=.T..I....e.,...m.K8.n...n..?.J....%.}r a.......]....
.3,{...Q...dT.....<x`.A x....~.W. .V....x..... .....O{%[email protected].....
...#...r^....[..]..sv...?"=G..gr.#.q....[.G.... ...,Lk).O..s..C....}.e
[.4.<.gs..?.[.]Rg'......_.....w.....#.H...s9.s..C.D>.q.m..].Ox..
..Ib.......lI..O..{......H\.{..|l|.M.....7........8...d..:Tk....n..%7$
.[>.$...~...>.. .7.0Vp.CG..C....,.......0....k.[...E...(.;..z{..
6X.Q.k...........2Q...R.:i...H.r]..-..v.........^.k0..-z.....{........
..... ..%.@.\.~.c.1.....o..r..4(.......6oS.g.*...G.7.w...E...`34d.....
.z@3G}GcG}.Z...l~vl..ZK..G.........5.&........7.u.n...y..w.;".......Lj
...no.N..9...9.`.'.s..yx.}.}..r.x....2'_:..r....?.....^.F........N3.}~
.|g.....6"..E....4~1.s..t ..v.^..h.W.3{e...,.S[.o....{...C;..b.!i..D..
..........KH...?fU..M..#........a.J._l,..CGW.M^..\,..K[R.@.].O...[&Q..
a........9E.c....o...!.n$..p.y...x3.s...%..(A4.._7.I.N..iRYZ......k;..
..k... .........5.....B|c\..i7L.(...;j...p.}..9...r...............'.b.
........$>x.I[..).......#........%..............U..]....E.......js.
....kA..]0,..".....>.z.........gS..>.|..4)Y.w.....%F.....wV.
<<< skipped >>>

GET /net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/-3726774318030095000.png&r=null HTTP/1.1


Accept: */*
Referer: hXXp://xz.sogou.com/softRecommend
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cmc.imgstore.cdn.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=UA; SUID=DA60F2C2DD83920A00000000574577BC; usid=DA60F2C24F0A900A00000000574577C9


HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 May 2016 10:01:13 GMT
Content-Type: image/png
Content-Length: 12563
Connection: keep-alive
Last-Modified: Tue, 24 May 2016 11:43:17 GMT
Expires: Wed, 25 May 2016 11:43:17 GMT
Cache-Control: max-age=86400
ETag: c2cf12dedf3b4f5e44203e8aee8c5058
X-YunTu-Cache: HIT
X-Yuntu-Trace: bjzw_28_46
X-Yuntu-Trace-Proxy: yf_27_101
.PNG........IHDR..............>a.....gAMA......a.... cHRM..z&......
........u0...`..:....p..Q<....bKGD.......C......pHYs...#...#.x.?v..
..tIME..... ....P..0.IDATx..}y.%Uu...{.^.....W...a.d1...5*A.%.h..DMb4.
&q..".\.~.qGE../..,.......L..===..............u.{..._...t.....=.]..DK.
DK.DK.DK.DK.DK.DK.DK.DK.DK.D......X4.....ry...C....y......z.k.(.......
.....n.^...)HJ.h....P...p........q..}.z..5...BF..E.....a....m...0.....
........t....J.;b....A....k1..1 }-0.^`...?PX.iAY.R...6..g.....o... u..
y.Z..c..}@4..#-.. ....z...q....e..?,.|2P.$.Xk..BY......c...|?.{..yJ..m
....E......c..-#%[..-........5........2|..>6....3..?.G.......$.}b.v
.%..9$}..|c......y...fx....=.z/y....!..D........O..:.../?n ..g..I*b.h.
j.3"......0Q..&k....s...G...]..(...........h.N..#;..;56.....<...)..
F.F.< a... ^.Z....O..........cS..?.}...'.'...N..y...^a......R.$... 
..... 3..u.).!....L.c.. ....x..]...zO.%.../..~.....[.l.f.....-..O...@:
....(.^x..t.......tu....-i......B*.6 .y......ERJH).`......U1.....,..}.
..Dd........p..{E..^....foB[.....ia..?...%.ll.......^X...^..`..@([.%..
....#.P2..H....FR......Y.a...@<.3..7{]....F.r]..Bi...........q .%..
.........../[email protected]*.ON.y..sle)..Y3.!&....B2}v.....
b0...(..n)W.....AKb.P.P...|....O......?.>..i)."../.@:....rjI.....U,
..X.b60.,8P...:>...>.....]...B..).....@.."...`i)................
...$....R......'.z...].O.......v.l.'.}.f.B2..gU.O....'...!/...........
c}.......J...W.y^........F#..EW..#)..:....KD.....CW....G... .....o... 
..Q..(?...g.....pl. .........?......Y.A.(L.3....I...lI.-Ki.M...Ht.
<<< skipped >>>

GET /net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/5632829225944923461.png&r=null HTTP/1.1


Accept: */*
Referer: hXXp://xz.sogou.com/softRecommend
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cmc.imgstore.cdn.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=UA; SUID=DA60F2C2DD83920A00000000574577BC; usid=DA60F2C24F0A900A00000000574577C9


HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 May 2016 10:01:13 GMT
Content-Type: image/png
Content-Length: 8510
Connection: keep-alive
Last-Modified: Tue, 24 May 2016 13:27:44 GMT
Expires: Wed, 25 May 2016 13:27:44 GMT
Cache-Control: max-age=86400
ETag: 25728d8f891b85b4b8b0c418214126b9
X-YunTu-Cache: HIT
X-Yuntu-Trace: tc_36_27
X-Yuntu-Trace-Proxy: bjzw_40_33
.PNG........IHDR..............>a.....gAMA......a.... cHRM..z&......
........u0...`..:....p..Q<....bKGD.......C......pHYs...#...#.x.?v..
..tIME...... ...5.. -IDATx...w.U....k.}....D.J......P.F.`...Q.`G.I&...
...L.Q...c...*:vl..(RTD@)"\............^N...s..>....}.^.o.....I.of.
.K....<............].....5@%..X.....>..W...._.4.x...$.&.W.C..p"p
1p8...{a....x.. 0..!$....3........|<..`.2....&".....0..;.......<
J.A.4&A(.&.w...;[email protected]$P.R.c...>._t...w! ....k.3
...5....4...B............]h...v....i2.8...V.Xd...<.%....H.......3.%
.5.z....#..5.w|....x.q.}...H..?...5.w6..LG..&....y..~H..wJ.,...V....C`
$Z..._..4-.z[C.J..<\....([email protected]\G...u..k.r.7.:..$...........S..o.z
......h-......JA..EncaZ.B.@......!.....}7$..n...`.....~.p6.7K........l
E$.....t~.by..A...A=a.^.~..w.E.r.]....]K.......H.(h..!n.m..z....5..*.R
m.T._o.u.....v.BM...K.J..`.9,..)!.,p>..F.S....]...Sy\....dtw-.^]`D_
.....vS.....*v...V..-.`T..2C...._l...1..hX...r.a[.T...J.............`.
[email protected]..]K`PO.8T1i.........Z.Q.a...q.2..B"....5.?.m...G.P...]E
..\....>.J..j../[email protected]!j..8.C.~.....q........K..a..F ...
..!..%;...9.....djn[...1,!..7.....L...:FL.-...j......b..kCM...."i..m.s
...........Ug.;..>T....3Pq.8......].$...V..............61.._ex.c.sK
..m4..J..l.{.f.W.~3c..../.....o.i.w9L..p.d.Qc........w:.L..w..\....5..
o...fK...%E...J..~3c.H%OAaG|m....}[email protected].${.........!.....F
...h.[.Y.IH...u.......ra~.....bA.....P.|....;.:N....t..V.y....BHfc..&g
t;...j......{..,Yo(..pl........'\G,...0./.8...C...E...hO....T..;F.
<<< skipped >>>

GET /net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/-1433550905860313072.png&r=null HTTP/1.1


Accept: */*
Referer: hXXp://xz.sogou.com/softRecommend
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cmc.imgstore.cdn.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=UA; SUID=DA60F2C2DD83920A00000000574577BC; usid=DA60F2C24F0A900A00000000574577C9


HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 May 2016 10:01:14 GMT
Content-Type: image/png
Content-Length: 8018
Connection: keep-alive
Last-Modified: Tue, 24 May 2016 11:44:49 GMT
Expires: Wed, 25 May 2016 11:44:49 GMT
Cache-Control: max-age=86400
ETag: 575b0d9f8c3cb556b53d04151b559f06
X-YunTu-Cache: HIT
X-Yuntu-Trace: bjzw_44_61
X-Yuntu-Trace-Proxy: tc_196_98
.PNG........IHDR..............>a.....gAMA......a.... cHRM..z&......
........u0...`..:....p..Q<....bKGD.......C......pHYs...#...#.x.?v..
..tIME.....,0.6._...AIDATx...y.]W}.?.....wk.l..%.."..........2,a.....*
.$T..p..PIH.....UI..jB.....$a1........2..d.......w.=......m.%.....I.o.
..=.w.9.w......}C..{1o\;...I..L...S ,5Tz.`....13.....{.....e....v.....
./.p.;7....-E..].?... .Gg......5...W....?..S...5}Q-._deI..P.....9<.
LMM..z..NU/.).Q.^.....!....MWu\....E.~._Aw@D0..*... .0...p.B....... .?
.!..... [...I/._..WpA C....B.o.........Xzgd.........ZXX.\...Q.jp..n...
.$..5.......r..;....s. K......c.....a`..?...^.....CJs..I...._8.o.*..^.
[.z...}>....X4..Rg....CaP..7....>L.............j..y.`k.>..@..
...&0g..A......J..O........N...~.. ..7..d..._2....w:.e*.%dO...T...6.(6
.(J>.)Q..3....LF..........o.&".i;!...\F.......>..?.[...O.....G.#
.3.l..=.a.........3.....#..i;y......4.._.cp".V..'...T..R..A....%......
.s0..O..2./k....8*[email protected]/..n.../".$[S..&kpY.~.r.kV)...;..k.:.[..
...j..5...R|............7..0,.....0. 6.%..K...\S.....u.].....o.Dq...o.
.v...~..s..z .9%.....D.4|...._.)...j.R..v..]........M..DH\J...J.y.E...
`OA%..sp... .T....\F'K..z........!..W`.|,.4.[@*.us.-.au...u...,.;..[..
(......}....X.!.t.`BJseS..PP....J.d.>....[....N.L.^5...jM"`L......g
$.R.71 mS.N.[..X_...g.&.kWi>.2.l..ja...I...Z.L.....-C.#...].#.....j
vO..< ...;A7!Ko....Qn...k....w...E....Y3pvP....[...~.e.]...g......,
...oH...Bl..P....K`Z.>.%B%2T"Cl....T.o.h...{C....1"...{......fc....
K.............9~p..sc1.f.3.A..P...q...k...y(.&.......V.i......cR..
<<< skipped >>>

GET /net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/4669602030091557924.png&r=null HTTP/1.1


Accept: */*
Referer: hXXp://xz.sogou.com/softRecommend
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cmc.imgstore.cdn.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=UA; SUID=DA60F2C2DD83920A00000000574577BC; usid=DA60F2C24F0A900A00000000574577C9


HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 May 2016 10:01:14 GMT
Content-Type: image/png
Content-Length: 11255
Connection: keep-alive
Last-Modified: Tue, 24 May 2016 12:47:37 GMT
Expires: Wed, 25 May 2016 12:47:37 GMT
Cache-Control: max-age=86400
ETag: 8ec602a85dcccce60a115cf2f19b662e
X-YunTu-Cache: HIT
X-Yuntu-Trace: bjzw_124_19
X-Yuntu-Trace-Proxy: sjs_86_87
.PNG........IHDR..............>a.....gAMA......a.... cHRM..z&......
........u0...`..:....p..Q<....bKGD.......C......pHYs...#...#.x.?v..
..tIME...../$...d..*.IDATx..]w.U.....{_.o... m..  ....j..%j~j.Xb...5&v
M...F.]cDc.h0...h......,......9.?.{."E..R....-o..33...3g...t....D':..N
t....D':..Nt....D'.sPG7.../.=r....X.... ..Y..1@.&.....L...`bf....#... 
.8.5...R.L......^........~.....1.j..t..............;y..|.........#XH..
.o......D`R&.>s..=.p|.f#~..7.1.{.......N.S...^R._...J..E.S.K.......
.?..........Y%...8Z...2T..G.8..A....@.`.3S....ll...}..P...c,z..~.2...:
.r.\n..v. ...i...AB.*.Z|MG.c.c...s.nCvQ.....j6C..6-...(...$c)f.G.~.z..
.#.#49..m.bR.........Y....t...|.. @$  ....r.`.B.s.ds.../.e......|."...
........O..'.\...~.........y.G.[.`....*.....O.....Lz.8O.. ..Q......Y..
....u..=.A..b[*[email protected]!..L6.. a~f......;~.....A<
..C..8!,/!n..x-...........KD...sKoA...@*.....JJ....d6C0.va..Q3.F.T....
[..)(NAC.`..."r......&..`v......ia..$.m.;...5..y)....K.e/.H.......D.QW
"Q........nA...s.oA.....pR.daRji....M.......m...6.......d.6q..........
0.4.@R...>..Kx..i....c...C....,...!.A...`...]k...n..|.ch...V.G..J..
..j.0L..u....b~. 'Z..*.........Z.....>......3X...I.<.A.<.....
{C...$.Vu.\.#...^*8....ux.....;f......i..^p=..}...;e....*{.n@%..>..
.h..B.H.cp.f..A........I2.K.."[email protected].
..7#....6.j).L.W..H...f....g$9.....D$.a...~.H0C.:-.!.!....\.....U.3..)
y....A..Z...w...........B..p...nZ.......?06....$5......IM..Ovt.[...f.&
lt;.Oa........xUV.&R.9..RJ.....Q\6...np........B........8.(..Q.{J-
<<< skipped >>>


GET /pingd?srctype=sogousoftware&gid=gVMH-W4-eABbBFUKZSRC2N0000o30f--&unc=sogousoftware_normal&t=10&rand=1464170432 HTTP/1.1
User-Agent: HttpRequest
Host: ping.t.sogou.com
Cookie: IPLOC=UA; SUID=DA60F2C2DD83920A00000000574577BC


HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 May 2016 10:00:29 GMT
Content-Type: application/octet-stream
Content-Length: 0
Connection: keep-alive



GET /KMP/player/download/install/3.9.1.130_20141103045254.exe?filename=3.9.1.130_20141103045254.exe HTTP/1.1
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Connection: Keep-Alive
Host: cdn.kmplayer.com
Pragma: no-cache
Range: bytes=0-
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.89 Safari/537.1


HTTP/1.1 404 Not Found
Date: Wed, 25 May 2016 10:01:12 GMT
Server: PWS/8.1.36
X-Px: ht h0-s1632.p0-kix.cdngp.net
ETag: "0"
Cache-Control: max-age=5
Expires: Wed, 25 May 2016 10:01:17 GMT
Age: 0
Content-Length: 0
Content-Type: text/html
Last-Modified: Wed, 02 Mar 2016 02:34:15 GMT
Connection: keep-alive



GET /KMP/player/download/install/3.9.1.130_20141103045254.exe?filename=3.9.1.130_20141103045254.exe HTTP/1.1
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Connection: Keep-Alive
Host: cdn.kmplayer.com
Pragma: no-cache
Referer: hXXp://xiazai.sogou.com/
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.89 Safari/537.1


HTTP/1.1 404 Not Found
Date: Wed, 25 May 2016 10:01:01 GMT
Server: PWS/8.1.36
X-Px: ms h0-s1528.p0-kix ( h0-s1548.p0-kix), ms h0-s1548.p0-kix ( origin)
ETag: "0"
Cache-Control: max-age=5
Expires: Wed, 25 May 2016 10:01:07 GMT
Age: 0
Content-Length: 0
Content-Type: text/html
Last-Modified: Wed, 02 Mar 2016 02:34:15 GMT
Connection: keep-alive



GET /KMP/player/download/install/3.9.1.130_20141103045254.exe?filename=3.9.1.130_20141103045254.exe HTTP/1.1
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Connection: Keep-Alive
Host: cdn.kmplayer.com
Pragma: no-cache
Range: bytes=0-
Referer: hXXp://cdn.kmplayer.com/KMP/player/download/install
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.89 Safari/537.1


HTTP/1.1 404 Not Found
Date: Wed, 25 May 2016 10:01:23 GMT
Server: PWS/8.1.36
X-Px: ht h0-s1645.p0-kix.cdngp.net
ETag: "0"
Cache-Control: max-age=5
Expires: Wed, 25 May 2016 10:01:27 GMT
Age: 1
Content-Length: 0
Content-Type: text/html
Last-Modified: Wed, 02 Mar 2016 02:34:15 GMT
Connection: keep-alive



HEAD /pc_logo/7638937123950702413.png HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, application/msword, application/vnd.ms-excel, application/vnd.ms-powerpoint, */*
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; {D9D54F49-E51C-445e-92F2-1EE3C2313240})
Host: dl.app.sogou.com
Content-Length: 0
Cache-Control: no-cache
Cookie: IPLOC=UA; SUID=DA60F2C2DD83920A00000000574577BC; usid=DA60F2C24F0A900A00000000574577C9


HTTP/1.0 503 Service Unavailable
Server: Cdn Cache Server V2.0
Date: Wed, 25 May 2016 10:01:07 GMT
Content-Type: text/html
Content-Length: 1604
Expires: Wed, 25 May 2016 10:01:07 GMT
X-Cache-Error: ERR_CANNOT_FORWARD 11
Via: 1.0 db79:82 (Cdn Cache Server V2.0)
Connection: close



POST / HTTP/1.1
Host: 123.129.242.139:80
Content-type: application/octet-stream
Content-Length: 268
Connection: Keep-Alive

=..............)/...z..J.%.G........._.V.Fqx..!L.....,
..,.....ZC..:i......1.V
].. g....<.A..x..|.|..0>AG.Ow.#..Y..X....3:6.....7e..3'
...........
..Z>k\......~.-....|.i....=.3.9EX*[email protected]..........a.6 t..k.4.{..1...n...}:...%...>..jk.T...G(...'1...kP.H....*..
HTTP/1.1 200 OK
Content-Length: 2156
Content-Type: application/octet-stream
Connection: Close
=.......`......)/...z..J.%.G........._.V.Fqx..!L.....,....,...<M.~.
@..c}.8.CfV.Q.>..u......rz..4..a...R....../I.y}.W]...Z{M.od.F.e,&l.
x4...g....m.... 14w.q..t..&...z.4......#.:b}. .....@......<..".....
.7.K.......G....i...........|R. sCq..5........D..6.&...cV.U..-.hb.....
^Po.........4.]$5E.g.s;..Y..h./Vrr...B$f.GS ..G.V......ba....4:.BhT<
;F|..3.}F...."s.CO....$ylde.T..>......,..-.`U.2.I.V..-.v.c ....^.mm
XGc.#*..d....v|..uws..]..F..Ef...s..Nd^..m..0..pYTMP..E......=..#.fi0H
.~`6...u...D.vA?.Q...j..|.O,...P.FW....X..,..<._)E....2`..h.H......
[[email protected]{..v,...ZBxpCB|.c..K.|...w.)`...........iZ.[......&......9
D..Z.*..r&....m..D5 <..C.7..6.wp.(.2..c..j..........2y........... g
..*...\.>.]4;.`1lc..v|...XV....f..#......[T.....[.Dq...X^......-...
l..F.O...s.(.D...Q%?.82......4...)Mdy..*..fh.....([...DO.Rc..~..x.VS)`
.m..up:$.l)y.<x....Q.=..O..1...........Na......j:......G.X.>.l..
I;b...d..:q.R.0.S...:..B. Cb.7.i......8......S.d.;E..^.....;....2.....
...X._.I.=m1=KMe.1xJ... ..........{....$.....!........t....ty...)..6..
M&q.~p...pV.Hb;..cE...gr_h....I......p(l1.B. ..wBElI&T......8.W.&.8..S
Ql.....~6..2....DN..u.a.6....m._... .H.......D......"..2.pH.=...4.:..u
.....D.,|..:.6D.........U.|<[email protected]....$.7..S..l-...
6.........rg.y.q....2N.8..e...1g............/;T..............H:.<..
..z.6....~.Z...nm..q.a$....)P>,...P=8........'....j...........LM...
..}|....$:....u./.?......c.24..<{q/p..r.V....v....m.LR.#.!.l..$...g
R$f/J............%.`.wt..{.....".m:}..U......(.V.B....f..r.@.../.T
<<< skipped >>>

POST / HTTP/1.1


Host: 123.129.242.139:80
Content-type: application/octet-stream
Content-Length: 124
Connection: Keep-Alive

=.......p...Y....=....T...k
..... &.H)i.....L.o>T.j...5-]8.e.-,80.|..-....u2........H..n.c.6W.W..X".6..8..Q..Bz...^.]..AU..O
HTTP/1.1 200 OK
Content-Length: 92
Content-Type: application/octet-stream
Connection: Close
HTTP/1.1 200 OK..Content-Length: 92..Content-Type: application/octet-s
tream..Connection: Close..=.......P...Y....=....T...k...... &.H)i.....
L.o>T.j...5-]8.e.h.h...\.....9^3.....>6U.l*3...:..



GET /net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/4871856506745242874.png&r=null HTTP/1.1
Accept: */*
Referer: hXXp://xz.sogou.com/softRanking
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cmc.imgstore.cdn.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=UA; SUID=DA60F2C2DD83920A00000000574577BC; usid=DA60F2C24F0A900A00000000574577C9


HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 May 2016 10:01:09 GMT
Content-Type: image/png
Content-Length: 24324
Connection: keep-alive
Last-Modified: Tue, 24 May 2016 13:29:32 GMT
Expires: Wed, 25 May 2016 13:29:32 GMT
Cache-Control: max-age=86400
ETag: 216109261cce8848c5bc687154d704ea
X-YunTu-Ipt: 0.023000001907349
X-Yuntu-Trace: tc_52_39
X-Yuntu-Trace-Proxy: zw_64_27
.PNG........IHDR..............>a.....gAMA......a.... cHRM..z&......
........u0...`..:....p..Q<....bKGD.......C......pHYs...#...#.x.?v..
..tIME...... Y2lm..].IDATx...w.%U./.]{W.I7.......M7..Ii.......Q.4.8>
;...(..3>ELO16..).#9..4 ...............C.m...8.W~...sn.:..w}..k....
I....j....~..}..0{.,..1.0?.....7..J).(.j.....wW*...N;m..e.f...N-..U!D.
...v.'6F ...fs|..m............cc#.... `..l.....m..,C..rbb.._q.Y.v-...W
y..)...C.e..G.W...o...r..j....A..}......4g.l.!.Q.....}..G...[...C.....
..v..i..........EQEJ)...RB....a...Z.h.....j..CCC;.......oZ.v.c..^..C.=
.UF./m.............|......_........s?..y...G......k.........(J....N;..
K/....q...<.a...h..l.1.\.1.Z..?..~..hcx.......u.?..-....o~...X.|...
:..1.X.....oy.......,\..~......_..W..G.q..........t.{.........G..]3844
.J.g.Y...3_...&............J...9..a.F..........[V.^...N<..8e.......
..W.z..T*..S.L.s?...#....QG.M....k.y.[{.... ~.......G~;4<.R:7P..3.U
..V..e...N.9.0..h......]s.=7|.......{.......{.o}.....!.`...=........(.
.t..5..............o.y..m..Zi.,Ni.R.u........pf.....4..J.<|..-~....
....].j.......7.tS../...@I.`..9.nQ.y.........*.f../...|..o........jj..
.1:UZ.Z.Lk..i.....R.[..ff.N....V.Y.@_<..3m8..[Js3S.:Js......*....|.
5o..k...n....}...j...t.e.G.z....jkk......".....]...w........n.Q.......
;..k..442.. ..*.Z.2..B}...Zq3S.*..v..l..4M..l.D.......s...z...V..,e...
..2.S..N..........Xl......^w....v...J..v....>...5K..Z..'...4.......
!.......^.ZCDt..^v.?...>|..G....3f.k....l......... H ......c......k
,.....&2.O..K...Z..i ..HH...K..$T$..$0.*1...........UA..C........a
<<< skipped >>>

GET /net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/5632829225944923461.png&r=null HTTP/1.1


Accept: */*
Referer: hXXp://xz.sogou.com/softRanking
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cmc.imgstore.cdn.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=UA; SUID=DA60F2C2DD83920A00000000574577BC; usid=DA60F2C24F0A900A00000000574577C9


HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 May 2016 10:01:11 GMT
Content-Type: image/png
Content-Length: 8510
Connection: keep-alive
Last-Modified: Tue, 24 May 2016 13:27:44 GMT
Expires: Wed, 25 May 2016 13:27:44 GMT
Cache-Control: max-age=86400
ETag: 25728d8f891b85b4b8b0c418214126b9
X-YunTu-Cache: HIT
X-Yuntu-Trace: tc_36_27
X-Yuntu-Trace-Proxy: bjzw_40_33
.PNG........IHDR..............>a.....gAMA......a.... cHRM..z&......
........u0...`..:....p..Q<....bKGD.......C......pHYs...#...#.x.?v..
..tIME...... ...5.. -IDATx...w.U....k.}....D.J......P.F.`...Q.`G.I&...
...L.Q...c...*:vl..(RTD@)"\............^N...s..>....}.^.o.....I.of.
.K....<............].....5@%..X.....>..W...._.4.x...$.&.W.C..p"p
1p8...{a....x.. 0..!$....3........|<..`.2....&".....0..;.......<
J.A.4&A(.&.w...;[email protected]$P.R.c...>._t...w! ....k.3
...5....4...B............]h...v....i2.8...V.Xd...<.%....H.......3.%
.5.z....#..5.w|....x.q.}...H..?...5.w6..LG..&....y..~H..wJ.,...V....C`
$Z..._..4-.z[C.J..<\....([email protected]\G...u..k.r.7.:..$...........S..o.z
......h-......JA..EncaZ.B.@......!.....}7$..n...`.....~.p6.7K........l
E$.....t~.by..A...A=a.^.~..w.E.r.]....]K.......H.(h..!n.m..z....5..*.R
m.T._o.u.....v.BM...K.J..`.9,..)!.,p>..F.S....]...Sy\....dtw-.^]`D_
.....vS.....*v...V..-.`T..2C...._l...1..hX...r.a[.T...J.............`.
[email protected]..]K`PO.8T1i.........Z.Q.a...q.2..B"....5.?.m...G.P...]E
..\....>.J..j../[email protected]!j..8.C.~.....q........K..a..F ...
..!..%;...9.....djn[...1,!..7.....L...:FL.-...j......b..kCM...."i..m.s
...........Ug.;..>T....3Pq.8......].$...V..............61.._ex.c.sK
..m4..J..l.{.f.W.~3c..../.....o.i.w9L..p.d.Qc........w:.L..w..\....5..
o...fK...%E...J..~3c.H%OAaG|m....}[email protected].${.........!.....F
...h.[.Y.IH...u.......ra~.....bA.....P.|....;.:N....t..V.y....BHfc..&g
t;...j......{..,Yo(..pl........'\G,...0./.8...C...E...hO....T..;F.
<<< skipped >>>

GET /net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/-3726774318030095000.png&r=null HTTP/1.1


Accept: */*
Referer: hXXp://xz.sogou.com/softRanking
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cmc.imgstore.cdn.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=UA; SUID=DA60F2C2DD83920A00000000574577BC; usid=DA60F2C24F0A900A00000000574577C9


HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 May 2016 10:01:11 GMT
Content-Type: image/png
Content-Length: 12563
Connection: keep-alive
Last-Modified: Tue, 24 May 2016 11:43:17 GMT
Expires: Wed, 25 May 2016 11:43:17 GMT
Cache-Control: max-age=86400
ETag: c2cf12dedf3b4f5e44203e8aee8c5058
X-YunTu-Cache: HIT
X-Yuntu-Trace: bjzw_28_46
X-Yuntu-Trace-Proxy: yf_27_101
.PNG........IHDR..............>a.....gAMA......a.... cHRM..z&......
........u0...`..:....p..Q<....bKGD.......C......pHYs...#...#.x.?v..
..tIME..... ....P..0.IDATx..}y.%Uu...{.^.....W...a.d1...5*A.%.h..DMb4.
&q..".\.~.qGE../..,.......L..===..............u.{..._...t.....=.]..DK.
DK.DK.DK.DK.DK.DK.DK.DK.DK.D......X4.....ry...C....y......z.k.(.......
.....n.^...)HJ.h....P...p........q..}.z..5...BF..E.....a....m...0.....
........t....J.;b....A....k1..1 }-0.^`...?PX.iAY.R...6..g.....o... u..
y.Z..c..}@4..#-.. ....z...q....e..?,.|2P.$.Xk..BY......c...|?.{..yJ..m
....E......c..-#%[..-........5........2|..>6....3..?.G.......$.}b.v
.%..9$}..|c......y...fx....=.z/y....!..D........O..:.../?n ..g..I*b.h.
j.3"......0Q..&k....s...G...]..(...........h.N..#;..;56.....<...)..
F.F.< a... ^.Z....O..........cS..?.}...'.'...N..y...^a......R.$... 
..... 3..u.).!....L.c.. ....x..]...zO.%.../..~.....[.l.f.....-..O...@:
....(.^x..t.......tu....-i......B*.6 .y......ERJH).`......U1.....,..}.
..Dd........p..{E..^....foB[.....ia..?...%.ll.......^X...^..`..@([.%..
....#.P2..H....FR......Y.a...@<.3..7{]....F.r]..Bi...........q .%..
.........../[email protected]*.ON.y..sle)..Y3.!&....B2}v.....
b0...(..n)W.....AKb.P.P...|....O......?.>..i)."../.@:....rjI.....U,
..X.b60.,8P...:>...>.....]...B..).....@.."...`i)................
...$....R......'.z...].O.......v.l.'.}.f.B2..gU.O....'...!/...........
c}.......J...W.y^........F#..EW..#)..:....KD.....CW....G... .....o... 
..Q..(?...g.....pl. .........?......Y.A.(L.3....I...lI.-Ki.M...Ht.
<<< skipped >>>

GET /net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/-7654919934142823378.png&r=null HTTP/1.1


Accept: */*
Referer: hXXp://xz.sogou.com/softRanking
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cmc.imgstore.cdn.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=UA; SUID=DA60F2C2DD83920A00000000574577BC; usid=DA60F2C24F0A900A00000000574577C9


HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 May 2016 10:01:12 GMT
Content-Type: image/png
Content-Length: 28304
Connection: keep-alive
Last-Modified: Tue, 24 May 2016 13:29:19 GMT
Expires: Wed, 25 May 2016 13:29:19 GMT
Cache-Control: max-age=86400
ETag: 552a231d54d1ad3d714fb0360bbd0e5e
X-YunTu-Cache: HIT
X-Yuntu-Trace: sjs_29_27
X-Yuntu-Trace-Proxy: tc_212_43
.PNG........IHDR..............>a.....gAMA......a.... cHRM..z&......
........u0...`..:....p..Q<....bKGD.......C......pHYs...#...#.x.?v..
..tIME.........-...m.IDATx...w.m.}..........z....%K.e....v....$3.!$...
...0...R.0I....I.b .....*K...'....r{9}..~.........NB..>.sO....~....
.?|..""..........I.y?.#"....3.z...u.....e...=.......7...F ...$.Q..{.{/
......}Z..F.J.x~.S._...U-{.7.GY...X.._...y......q..{.....34lhZn.....O.
.yn$..>.....W........7...6.}..u*f.......N..c7.........5c.K.5&.z1...
..`....~..|.W....C.....3..2.T.W=...Mo..AP.'3..f.....o....Mo.........-.
...j.....K.-W....pA.].....y*..:BP...e.9....g..A..J.?....v.}..,.V.d.>
;.!.x1..P...ynpNp......4/w...s.M.....M}.....V....}._..g.Q.... s..:....
.....V.ew.<..mf.Z}....p..\6.....{.a..W...L*S.%.c). ......G....a..q.
".Da.D.....G.(.8. ....;.^-N ...|.U.&...'>~............ED.0H'.0.-..c
.V.M..;Zo.#...Z3.5.K..Y.uk9.~[..o....g.........#6i.T;...*[email protected]~]...
9U..>....7.gh....;Q.....kRSmX...L.......4O..{M.N..k:.5.:...f.P/.U.Z
HT...x. ...z..q^.A..I.v...u..4........uo....S.....k....Rd...<....g.
....7X...~.__.)!2U..7...'..Q.......:F.o=.>...C...8..=o.....J..Rk...
.(.c.!.E.El.2..Ap^5M...w.>....... ...O|..".|...!6d..G.o..........GH
6.lM6..L...[..K3...YO.....k!...o.......'x.......~s.dE.<P..:j...._x.
3_t3..[....`....".......?o...v..dj*.k-o......lm....XA.`...).1......Y.m
."......M8=..^O../F.1..WTy.Zl._u#.7....LN..QOT....g.. 7.Y%:..Sq....?m.
k.@&.b.....P...6>............2...t. V.....y.....f.......U.....$..&.
........&...kg...|msE_.......s/.?..m:U.{.........:...B...?..g..[.R
<<< skipped >>>

GET /net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/-6542522661282298716.png&r=null HTTP/1.1


Accept: */*
Referer: hXXp://xz.sogou.com/softRanking
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cmc.imgstore.cdn.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=UA; SUID=DA60F2C2DD83920A00000000574577BC; usid=DA60F2C24F0A900A00000000574577C9


HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 May 2016 10:01:12 GMT
Content-Type: image/png
Content-Length: 18169
Connection: keep-alive
Last-Modified: Wed, 25 May 2016 02:14:36 GMT
Expires: Thu, 26 May 2016 02:14:36 GMT
Cache-Control: max-age=86400
ETag: 278e6a01a3a2ef690b65833b2b35e3e8
X-YunTu-Cache: HIT
X-Yuntu-Trace: tc_48_75
X-Yuntu-Trace-Proxy: tc_196_98
.PNG........IHDR..............>a.....gAMA......a.... cHRM..z&......
........u0...`..:....p..Q<....bKGD.......C......pHYs...#...#.x.?v..
..tIME....../..I4..E.IDATx...{.e.U..[{.s.w...............HHH.I.2......
PbG._.6I%!.....*\..I..qR.8q...?.0I.....BB<,..B..i4.I..~...8g..?.^{.
}...=..U.....{.....Z...k...._Dz..........E|..'.......>.. r. .......
-.~.w..@. "[email protected].}o.k...w...O..7...7^.w../?...|
.."....!....[.....^q.0......;,....9.x"8.....w..g.../<..[.=..u..q...
{....?m..q^......>..<...../.D.......wn......9.............=..#..
....rt...........%\z...}..NG..........=.4.8.M.:...6.|....M..x....7....
...y.......m....g.s..=.#.s "....G.w.fq,. |.......\.!...D|.~C.. pM....N
(,CX....^.?}.b. p...........%..,`Daa.D.v.@8~...!}....z..Y.>.A.#....
...#......80..&S.G.......h.\....O....y.s....?i ].(.F...>..}........
u.....;w..3.{./`.x......w.....iP...i....]{..m<......i..>..=v&...
...q...{.9K..?..p..........h.....`...`[email protected]. .[.9wK..
g...?.....N.........'..<....7q........3......'t......:G...6...._-.o
>\.|.~.W......u.P....1...=...........4P......%[email protected]'....p.._..S.B
....c?u..}........|.......{.......p."E.0 .wA.....|...c........._..7.@.
.)...A(..I.....$............ }.l..^.@`...=3:...B/...B..0..F`.aA...0C..
...@...#tA....v6w...`.=...?...O.....]h#.H..E..*.6..X.Id..4./...8|j7..|
.S.(=~a.....9r.8`.y?.m......o{..<.n.g....y6...[.w...x... ... .;.w..
..p..m......;.....d......"m..M...G.......o.a....#..&.oU..I,.D./.-f.%.t
.~...!C.l.<'.......X....1k0m....n..|$<.........tC.6.........
<<< skipped >>>

GET /net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/-3080605666447722537.png&r=null HTTP/1.1


Accept: */*
Referer: hXXp://xz.sogou.com/softRecommend
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cmc.imgstore.cdn.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=UA; SUID=DA60F2C2DD83920A00000000574577BC; usid=DA60F2C24F0A900A00000000574577C9


HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 May 2016 10:01:13 GMT
Content-Type: image/png
Content-Length: 22286
Connection: keep-alive
Last-Modified: Tue, 24 May 2016 13:28:15 GMT
Expires: Wed, 25 May 2016 13:28:15 GMT
Cache-Control: max-age=86400
ETag: 1c5b7e9184f5cabc47327eaeee81712c
X-YunTu-Cache: HIT
X-Yuntu-Trace: bjzw_56_112
X-Yuntu-Trace-Proxy: sjs_86_87
.PNG........IHDR..............>a.....gAMA......a.... cHRM..z&......
........u0...`..:....p..Q<....bKGD.......C......pHYs...#...#.x.?v..
[email protected]..{.....\[email protected]
.Q[[.U...vh.EP.Vh@@..B...1.2.5Ow.g.{..~..}.=.R.T........{....{..].<
..?...l.z...`....7G..8...n.....f.D.7Z...;t.......d?........8w..1......
l....4....;T.6E'......?......r..,Y.OIq..},92........!.....".y..&`lt<
;\^]z...y..4.rEw)[email protected]..'d..5......#!..(...e.k.
..P)Uj...H.$h.[Wy....{..n1b.X.....#.k..1...AU...(.{....7.;q.P<:..d 
_.>,.?x..."JA}.$D8.d/.#......~.3..o.Uc.t........^f.%.bJq.(..0.A...x
.q....U.9...5......j.......Y...... [email protected]^D..G...oED....M..o....
..q\........L`\.I...^.K.e8..:.k...E..B.E>.....L...{.Sud..k.p......'
.)..E.2.7 .|."...^D...S.UU.3.e?....T.:5...k...i.[..M:..i..........y..s
[email protected]}....K ....0D...e.oJ...e'....#"X.z..u..?t..[.Wuvv....`.{Y
YY...B...g..>...X..z...!...|>...0b..e..3....Y.....K..k..7...M..9
....A..w5U.=...7.....~...b.5 ..,//..v......>.;..l.......g..m..c0.. 
N3.H.x.........DY...9..>..0<N.~`.u.....#.K^V.O../x..3.l/I...yV..
.s}............~.9.....3F0b......1..@. .T..../T.....x........_D..c..~.
s.....M..d........H.......v..W....9w.vvz6............{..|F... 7....`.:
.<...<.K<..e.N.)..~.T.'.K.g......n..O.2....<.V......K..C..
%..;...k.<.=.U...#.....!..k.O....?......O..?...e...#.:U..,K.8..z.e/
......F......a.-T3.D{..NNz?t..>.z%...pT.$-B.{.k. .A`s$..|....X..[..
..R.`..].v4.".c.9.....w.e.7c.3fii...........'ix..rZl..8`3./.!.....
<<< skipped >>>

GET /net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/8623308865128809051.png&r=null HTTP/1.1


Accept: */*
Referer: hXXp://xz.sogou.com/softRecommend
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cmc.imgstore.cdn.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=UA; SUID=DA60F2C2DD83920A00000000574577BC; usid=DA60F2C24F0A900A00000000574577C9


HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 May 2016 10:01:14 GMT
Content-Type: image/png
Content-Length: 15021
Connection: keep-alive
Last-Modified: Tue, 24 May 2016 14:15:28 GMT
Expires: Wed, 25 May 2016 14:15:28 GMT
Cache-Control: max-age=86400
ETag: 5294da1b04ec1cde67451d269d7cbc30
X-YunTu-Cache: HIT
X-Yuntu-Trace: tc_44_44
X-Yuntu-Trace-Proxy: tc_196_98
.PNG........IHDR..............>a.....gAMA......a.... cHRM..z&......
........u0...`..:....p..Q<....bKGD.......C......pHYs...#...#.x.?v..
..tIME.....'....f..9.IDATx...y|U..7...Lw.!!...y.....( "...N(.jqx.?....
W.>Zmm..Hm.VPQ...E. .. ."..2.2..&..s.^......p.I.!.......a.}.....^{.
..3..^/.....G4.eB.FD.>$.`D..h.....q..D...,..........db.]..RZZ......
...._.=s.\... .....1..(J....$.p...W.<x....!{.^IQ.....S8.6 **....}..
.QI.".i.N.......*.O.H$.W_}.n...x..$:....C..]QVV.-[. ??...f.L.x..G....C
Q....^.~..7..........r.z...,EQ..c][email protected]]..../.D"E.H..
....[.t..._..2....y..<..CN5%....n.Jc..Aff&.....q...C999..W^y.Q..J..
.....k..6...paii..#..:].K..........%.Hd]ii.........k..........`...J.o.
_:....~....V.^..0..IK.,qn.W_}u...;.*--.S4..f.f.%...AD... ".>D..s.h.
.H...4..ht[ii..v..q..W_...;Z.d..H2...^....._?....l>...v.w....m.....
.C.....L..u...s   [email protected].*.........|a...s.L......-|..m....{.
.vw6.;.4M..!C..... "^XX..X...KG...?....$..#...v[@...I=b......'..]:....
.....xEE..`..!.4....9t......x...._.v.#xm..5.....]..nA.. ...!D.....k...
....k...D..x..&...........t.&.a.....~..'3....!D.....L#..p.`.....|..L.*
.l...1..p.B.......q.v.q..W...w.^.o.>........^....'...k;S...........
......D....'...........<.`..a.a.................BD...S-..!...D.).hv
...v.3...............y#....a..a.-..'...;...D.%K....7:c .....h.....|S..
.LAd..D.....0...w..!.7.l..Q^.d.#".~..g.6HOO...?."......@&",[.lt(.Z....
..T.~!.t.(f...(.#:R ...1.xO=......y5......y.....V~UK......(.E..B7M..'z
}...B....-.MD..{.l.&#"<...HOO.09u. x..ax..g0`..l..A.={.`...w...
<<< skipped >>>

GET /net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/6940656908449948330.png&r=null HTTP/1.1


Accept: */*
Referer: hXXp://xz.sogou.com/softRecommend
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cmc.imgstore.cdn.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=UA; SUID=DA60F2C2DD83920A00000000574577BC; usid=DA60F2C24F0A900A00000000574577C9


HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 May 2016 10:01:14 GMT
Content-Type: image/png
Content-Length: 16909
Connection: keep-alive
Last-Modified: Wed, 25 May 2016 06:34:35 GMT
Expires: Thu, 26 May 2016 06:34:35 GMT
Cache-Control: max-age=86400
ETag: 747d27ce8feef3bfdd5a14977424bdd5
X-YunTu-Cache: HIT
X-Yuntu-Trace: bjzw_44_61
X-Yuntu-Trace-Proxy: tc_192_123
.PNG........IHDR..............>a.....gAMA......a.... cHRM..z&......
........u0...`..:....p..Q<....bKGD.......C......pHYs...#...#.x.?v..
[email protected]..}w.dU....sn....qrd...r...l.]1.....a.5..f..
[email protected]@`.&.&.N..r........U].......0....nUW..:.{.t..\.....rP..A
9(.E.......^..cu.S..S}a.g...5............{...e....9U.][email protected]....@..
....tP...............G......d.[.k.......H0........y...../.-.pt..s....@
.A..3./`......d...Z.W....|......&..d..Y..D.......h@h..{z..o....D 6...D
d.....=...kV.b)..x,~y!.i-...P...,...%...........{..E8&.../F...........
qf..o...L.f&.B...-M.........?.:..tC.J....z.*......G.t.54..w._..4.{.=.e
#$@.._}qo..................#N........ 21.f.. .*.`..W.qNhJ%!9........2.
.Ka.."..DcJ 6....{.._s&.y.....Z..7........D....B..N..-..B...0`...;.f V
(....|.q.#Z...H......... ..x?G..?#.Ur..._..$..z<^S.`.`I... ...:..'.
....!....U.......h.q8..$.3t.=8.....d...kc......MiN......[.n...o...L...
..!L.[.......@.~.........#.# U....U./U.D.5......B..y.......N;v....=...
.../)%.kmj..T........D...........3...O.6.[,..L.....7._3...4B.>aD...
.u...Hc$..0.T..,...C........o...\.....5R.s..$Z.....b.......@. 7..J3.DP
..._..Z.{......@{/z\^....h1.......C...^ ..jF*.].xl...v..s/..I.5kf.w.9:
....;..b..9m..7.]#wn...h......`..0A'2..E.r .c...MMs....^....p.Ff*0....
k.!....o.#.Dc.P..b.qL?.....Bh%e...'....q'...hb..{:;...kP.f............
....c......6.=>.3.K.Y.9....o.z.. ....../d....}...._?......z....E..e
....f.../..[.m.mL%...A.r9.|.R....H....D....A$.....W.BO..B.3....C......
...`...m..D.....,.V.D.1b...U.'Z.......W....9..w.R.%.qN.....s.f..q=
<<< skipped >>>

GET /net/a/16/link?appid=16&url=http://dl.app.sogou.com/pc_logo/1882834511144817344.png&r=null HTTP/1.1


Accept: */*
Referer: hXXp://xz.sogou.com/softRecommend
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cmc.imgstore.cdn.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=UA; SUID=DA60F2C2DD83920A00000000574577BC; usid=DA60F2C24F0A900A00000000574577C9


HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 May 2016 10:01:14 GMT
Content-Type: image/png
Content-Length: 21518
Connection: keep-alive
Last-Modified: Wed, 25 May 2016 06:34:36 GMT
Expires: Thu, 26 May 2016 06:34:36 GMT
Cache-Control: max-age=86400
ETag: d3a660a761155682acd95757b7eea99f
X-YunTu-Cache: HIT
X-Yuntu-Trace: tc_44_44
X-Yuntu-Trace-Proxy: tc_192_123
.PNG........IHDR..............>a.....gAMA......a.... cHRM..z&......
........u0...`..:....p..Q<....bKGD.......C......pHYs...#...#.x.?v..
..tIME.....$%'..X..R.IDATx...w.lYU..]{.s*=..KG:.."..iI"*...`B1....2...
q..*/.....g.}.0..f...D2...t.}.o|..........'T=..n...}.~.>.....9{..[.
..........z.<..S..ALO..8.)";..'.)...p..*gP!Ra.a"JQ.O..`..F....~....
......@A.. ..B....aa*20...}......=..~.<.1.....b....TN<.(...p|.%.
x.M..o.l........c..m9..........A>..?.'.......`...........!Y.i.s ...
.".."........`"`.....!.g.....Kw..5q..9.......Q.H.{?........S..j.......
?.0~...;...S....O.0.N...GV.u... nz.....'....Z..s\<v\g.@.....@_@8u..
.i0g.`(~}..*|^bY.... ...b..R.R.8/......p.1..*..3.g.C,..3..P..!.....)..
x...1..*W.\S.....#..8z _.......f...;......]0=...........qv.o...6.>1
......g...?..<...u.K....K~.....x..,......,(.&..f.W.....)BF...`.H.f8
.09|......2l..p.S.U|m%^......#..gx.}..Y}..>}.../8(;....o.Q./.._..?.
}d...!...|..?...x.M....?....^o.....-....z.w?.P............w`.L.2.."0..
g...bBo..J.r.."Z...XR....s.-...R..V!f...E.@...] .fff.d..5..W .'.(...?.
'n....|...p.._tTWn.M......x.%.,W{.Z....Ax..ox......s./}......o~P......
......G..8..m..u.4...A1..j..EktN.v...?.V!. .r...7'...X...O...nc.D.fR..
.3A............TF...2..t........cbW...%.3...o&......zW...K7?..~..g>
.E....j0...".._..0.o. }...h..8j......(...._x.../I...;q^.....A.... ..".
C.1T.D.C*...WNL$.....a......?..T;[.s.v.."..c.........L0...l.T.O.`r.C..
|3,]..1.x.U.....]v..7...;.....K.N..C..35....Z....\f"r.k.F>.%..;...k
[email protected]..."r;.. .8Q......`.q..a....}/.H...g.d
<<< skipped >>>


GET /handleUserIdDb256?userid=439c2bffa13f3a494b969e2ef76d660b&downloadtype=bpackage&unc=sogousoftware_normal&pcid=0&mode=recommend HTTP/1.1
User-Agent: HttpRequest
Host: xz.sogou.com
Cookie: IPLOC=UA; SUID=DA60F2C2DD83920A00000000574577BC


HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 May 2016 10:00:41 GMT
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: usid=DA60F2C24F0A900A00000000574577C9; expires=Thu, 25-May-17 10:00:41 GMT; domain=.sogou.com; path=/
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
70e..<?xml version="1.0" encoding="utf-8"?>..<DOCUMENT>...
<bindtype><![CDATA[downloadbpackage]]></bindtype>...
.<item>..        <weight><![CDATA[0]]></weight>
;..        <name><![CDATA[SogouSoftware]]></name>...
.<description><![CDATA[..................B...]]></descr
iption>....<installedfeature>.....<type><![CDATA[key
andpath]]></type>.....<key><![CDATA[HKEY_LOCAL_MACHI
NE\SOFTWARE\Wow6432Node\SogouSoftware]]></key>.....<valuen
ame><![CDATA[LaunchAppPath]]></valuename>.....<file&
gt;<![CDATA[]]></file>..        </installedfeature>.
...<installedfeature>.....<type><![CDATA[keyandpath]]&g
t;</type>.....<key><![CDATA[HKEY_LOCAL_MACHINE\SOFTWARE
\SogouSoftware]]></key>.....<valuename><![CDATA[Laun
chAppPath]]></valuename>.....<file><![CDATA[]]>&l
t;/file>..        </installedfeature>....<appcheckurl>&
lt;![CDATA[hXXp://t.sogou.com/update_platform/update.php?appname=sogou
download_bindsecontrol&v=1.0.0.0]]></appcheckurl>....<appc
heckreporturl><![CDATA[hXXp://t.sogou.com/update_platform/done.p
hp?v=1.0.0.0&appname=sogoudownload_bindsecontrol&state=1]]></app
checkreporturl>....<url><![CDATA[hXXp://yze.t.sogou.com/ex
ternalapp/SogouSoftwareExternalApp.exe]]></url>....<md5>
;<![CDATA[c7fe7beca3334f0ff703cee41ddf1ad0]]></md5>...
<<< skipped >>>

GET /handleUserIdDb?userid=439c2bffa13f3a494b969e2ef76d660b&unc=sogousoftware_normal&mode=recommend HTTP/1.1


User-Agent: HttpRequest
Host: xz.sogou.com
Cookie: IPLOC=UA; SUID=DA60F2C2DD83920A00000000574577BC; usid=DA60F2C24F0A900A00000000574577C9


HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 May 2016 10:00:57 GMT
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
382..<?xml version="1.0" encoding="utf-8"?>..<PopupRecommend&
gt;...<Global>....<MinPopupIntervalS>1800</MinPopupInte
rvalS>...</Global>...<RecommendMultiple Enable="true">.
...<ExecuteWhenStart>1</ExecuteWhenStart>....<WaitMinS&
gt;180</WaitMinS>....<WaitMaxS>480</WaitMaxS>....<
;MinPopupIntervalS>64800</MinPopupIntervalS>....<AutoClose
IntervalS>60</AutoCloseIntervalS>...</RecommendMultiple>
;...<RecommendSingle>....<WhenSoftwareRun Enable="true" Type=
"Client">.....<BlackList>123,456</BlackList>.....<Sa
mePcidMinPopupIntervalS>86400</SamePcidMinPopupIntervalS>....
.<AutoCloseIntervalS>60</AutoCloseIntervalS>....</WhenS
oftwareRun>....<AfterSoftwareInstall Enable="true" Type="Web">
;.....<ConfigUrl>hXXp://yze.t.sogou.com/cooperation/popuprecomme
nd/installfinishbind-qqbrowser-only.xml</ConfigUrl>.....<Auto
CloseIntervalS>60</AutoCloseIntervalS>....</AfterSoftwareI
nstall>...</RecommendSingle>..</PopupRecommend>...0..HT
TP/1.1 200 OK..Server: nginx..Date: Wed, 25 May 2016 10:00:57 GMT..Con
tent-Type: text/plain; charset=UTF-8..Transfer-Encoding: chunked..Conn
ection: keep-alive..Cache-Control: no-cache..Expires: Thu, 01 Jan 1970
 00:00:00 GMT..382..<?xml version="1.0" encoding="utf-8"?>..<
PopupRecommend>...<Global>....<MinPopupIntervalS>1800&l
t;/MinPopupIntervalS>...</Global>...<RecommendMultiple
<<< skipped >>>

GET /handleUserIdDb256?userid=439c2bffa13f3a494b969e2ef76d660b&downloadtype=software&unc=sogousoftware_normal&pcid=-5561624350552157631&mode=recommend HTTP/1.1


User-Agent: HttpRequest
Host: xz.sogou.com
Cookie: IPLOC=UA; SUID=DA60F2C2DD83920A00000000574577BC; usid=DA60F2C24F0A900A00000000574577C9


HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 May 2016 10:00:58 GMT
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
ca5..<?xml version="1.0" encoding="utf-8"?>.<DOCUMENT>..&l
t;bindtype><![CDATA[thirdparty_pcmgr_qb]]></bindtype>..
.<item>.        <weight><![CDATA[0]]></weight>
.        <name><![CDATA[pcmgr]]></name>...<descri
ption><![CDATA[.....................QQ.........]]></descri
ption>.        <installedfeature>....<type><![CDATA[
keyandpath]]></type>....<key><![CDATA[HKEY_LOCAL_MAC
HINE\SOFTWARE\Tencent\QQPCMgr]]></key>....<valuename>&l
t;![CDATA[InstallDir]]></valuename>...</installedfeature&g
t;...<appcheckurl><![CDATA[hXXp://t.sogou.com/update_platform
/update.php?appname=sogoudownload_bindpcmgrcontrol&v=1.0.0.0]]><
/appcheckurl>...<appcheckreporturl><![CDATA[hXXp://t.sogou
.com/update_platform/done.php?v=1.0.0.0&appname=sogoudownload_bindpcmg
rcontrol&state=1]]></appcheckreporturl>...<url><![CD
ATA[hXXp://dlied6.qq.com/invc/xfspeed/qqpcmgr/download/SuiteDownloader
20160222153349.exe]]></url>...<md5><![CDATA[962ab692
3623cfa37d0e7133c7a9d0bb]]></md5>...<installparam><!
[CDATA[]]></installparam>...<silentinstall><![CDATA[
false]]></silentinstall>...<installprivilege><![CDAT
A[true]]></installprivilege>...<installtype><![CDATA
[installpackage]]></installtype>...<installpackage>....
<url><![CDATA[hXXp://dlied6.qq.com/invc/xfspeed/qqpcmgr/d
<<< skipped >>>

GET /softRecommend HTTP/1.1


Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: xz.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=UA; SUID=DA60F2C2DD83920A00000000574577BC; usid=DA60F2C24F0A900A00000000574577C9


HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 May 2016 10:00:59 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Language: en-US
Set-Cookie: JSESSIONID=aaaYcDr8Hn05r9omdxNtv; path=/
eee..<!DOCTYPE HTML>..<html>.<head>.    <meta cha
rset="UTF-8">.    <meta http-equiv="X-UA-Compatible" content="IE
=edge,chrome=1" />.    <title>..................</title>
;.    <link rel="stylesheet" href="/softassis/css/recommend.css?vs=
1.0"/>.    <link rel="shortcut icon" href="hXXp://logo.VVV.sogou
.com/images/logo2014/new/favicon.ico" type="image/x-icon">.    <
script type="text/javascript" src="/softassis/js/jquery-1.7.2.min.js"&
gt;</script>.    <script type="text/javascript">.        $
(function(){.            $(".rec-banner").hover(function(){.          
      $(this).children("span").toggleClass("state");.            }).  
          //@Mr.Think***.......            var $cur = 1;//............
.............            var $i = 1;//................            var 
$len = $('.showbox>ul>li').length;//.....................(......
).            var $pages = Math.ceil($len / $i);//....................
.....            var $w = $('.rec-banner').width();//.................
...........            var $showbox = $('.showbox');.            var $
num = $('.banner-doc li').            var $pre = $('span.left-btn').  
          var $next = $('span.right-btn');.            var $autoFun;. 
           //@Mr.Think***...................            autoSlide();. 
           function pre(){.                if (!$showbox.is(':animated
')) {  //............................                    if ($cur == 1
) {   //.....................,....................................
<<< skipped >>>

GET /softassis/css/recommend.css?vs=1.0 HTTP/1.1


Accept: */*
Referer: hXXp://xz.sogou.com/softRecommend
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: xz.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=UA; SUID=DA60F2C2DD83920A00000000574577BC; usid=DA60F2C24F0A900A00000000574577C9; JSESSIONID=aaaYcDr8Hn05r9omdxNtv


HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 May 2016 10:01:00 GMT
Content-Type: text/css
Content-Length: 4074
Connection: keep-alive
Last-Modified: Thu, 19 May 2016 08:23:34 GMT
ETag: "573d7806-fea"
Expires: Sat, 28 May 2016 10:01:00 GMT
Cache-Control: max-age=259200
Accept-Ranges: bytes
body {.    margin: 0;.    padding: 0;.    background-color: #ccc;.}..h
1, h2, h3, h4, h5, h6, ul, li, body, dl, ol, dt, dd, td, img, th, p, f
orm, div, input {.    margin: 0;.    padding: 0;.    font-weight: norm
al;.    list-style: none;.    border: none;.}..a {.    text-decoration
: none;.    outline: none;.}...recommend-box {.    padding: 10px 0 20p
x;.    background-color: #fff;.    width: 424px;.    font: 12px "micro
soft yahei";.    color: #383838;.}..scrolling {.    width: 411px;.}..r
ec-banner {.    width: 380px;.    height: 122px;.    margin-left: 20px
;.    overflow: hidden;.    position: relative;;.}...left-btn, .right-
btn {.    z-index: 1;.    display: none;.    width: 22px;.    height: 
40px;.    position: absolute;.    top: 41px;.    background: url(../im
g/recommend-btn.png) no-repeat 0 0;.    _background: none;.    _filter
: progid:DXImageTransform.Microsoft.AlphaImageLoader(src='img/recommen
d-btn.png', sizingMethod='crop');.    cursor: pointer;.}...left-btn:ho
ver {.    background-position: -58px 0;.}...right-btn {.    background
-position: -26px 0;.    right: 0;.}...right-btn:hover {.    background
-position: -84px 0;.}...state {.    display: block;.}...showbox {.    
position: absolute;.    width: 1140px;.    left: 0;.}...banner-pic {. 
   width: auto;.}...banner-pic li {.    float: left;.    width: 380px;
.}...banner-pic img {.    width: 380px;.    height: 122px;.}...banner-
doc {.    position: absolute;.    bottom: 0;.    left: 0;.    width: 3
80px;.    text-align: center;.    height: 14px;.    font-size: 0;.
<<< skipped >>>

GET /softassis/css/ranking.css HTTP/1.1


Accept: */*
Referer: hXXp://xz.sogou.com/softRanking
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: xz.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=UA; SUID=DA60F2C2DD83920A00000000574577BC; usid=DA60F2C24F0A900A00000000574577C9; JSESSIONID=aaawNK3v-ijZ371rdxNtv


HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 May 2016 10:01:00 GMT
Content-Type: text/css
Content-Length: 2752
Connection: keep-alive
Last-Modified: Thu, 19 May 2016 08:23:34 GMT
ETag: "573d7806-ac0"
Expires: Sat, 28 May 2016 10:01:00 GMT
Cache-Control: max-age=259200
Accept-Ranges: bytes
body {.    margin: 0;.    padding: 0;.    background-color: #ccc;.}..h
1, h2, h3, h4, h5, h6, ul, li, body, dl, ol, dt, dd, td, img, th, p, f
orm, div, input {.    margin: 0;.    padding: 0;.    list-style: none;
.    border: none;.}..a {.    text-decoration: none;.    outline: none
;.}...ranking-box {.    padding-bottom: 20px;.    background-color: #f
ff;.    width: 424px;.    font: 12px "microsoft yahei";.    color: #38
3838;.    overflow: hidden;.}..scrolling {.    width: 411px;.}..scroll
ing .ranking-btn1 {.    margin-right: 11px;.}...ranking-list li {.    
overflow: hidden;.    padding: 20px 0 15px 20px;..clear:both;.}..ranki
ng-list li:hover {..background-color: #f7f7f7;.}...num {.    display: 
block;.    width: 18px;.    height: 18px;.    text-align: center;.    
float: left;.    margin: 17px 10px 0 0;.    font: 16px/20px Arial;.   
 font-weight: bold;.    color: #bababa;.}...num1 {.    color: #fff;.  
  font-weight: normal;.    background: url(../img/ranking-ico.png) no-
repeat;.    font-size: 12px;.    line-height: 18px;.}...ranking-logo {
.    width: 48px;.    height: 48px;.    float: left;.    margin: 2px 8
px 0 0;.}...ranking-info {.    overflow: hidden;.    width: auto;.    
float: left;.    line-height: 21px;.    color: #7a7a7a;.    margin-top
: -5px;.}...ranking-tit{..font-size: 12px;..overflow: hidden;..font-we
ight:normal;.}..ranking-tit a {.    color: #383838;.}...ranking-tit .s
oftware-name {.    display: block;.    width: 72px;.    overflow: hidd
en;.    white-space: nowrap;.    text-overflow: ellipsis;..float: 
<<< skipped >>>

GET /js/jquery-1.11.1.min.js HTTP/1.1


Accept: */*
Referer: hXXp://xz.sogou.com/softRanking
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: xz.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=UA; SUID=DA60F2C2DD83920A00000000574577BC; usid=DA60F2C24F0A900A00000000574577C9; JSESSIONID=aaawNK3v-ijZ371rdxNtv


HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 May 2016 10:01:01 GMT
Content-Type: application/x-javascript
Content-Length: 95786
Connection: keep-alive
Last-Modified: Thu, 19 May 2016 08:23:34 GMT
ETag: "573d7806-1762a"
Expires: Sat, 28 May 2016 10:01:01 GMT
Cache-Control: max-age=259200
Accept-Ranges: bytes
/*! jQuery v1.11.1 | (c) 2005, 2014 jQuery Foundation, Inc. | jquery.o
rg/license */.!function(a,b){"object"==typeof module&&"object"==typeof
 module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.do
cument)throw new Error("jQuery requires a window with a document");ret
urn b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){v
ar c=[],d=c.slice,e=c.concat,f=c.push,g=c.indexOf,h={},i=h.toString,j=
h.hasOwnProperty,k={},l="1.11.1",m=function(a,b){return new m.fn.init(
a,b)},n=/^[\s\uFEFF\xA0] |[\s\uFEFF\xA0] $/g,o=/^-ms-/,p=/-([\da-z])/g
i,q=function(a,b){return b.toUpperCase()};m.fn=m.prototype={jquery:l,c
onstructor:m,selector:"",length:0,toArray:function(){return d.call(thi
s)},get:function(a){return null!=a?0>a?this[a this.length]:this[a]:
d.call(this)},pushStack:function(a){var b=m.merge(this.constructor(),a
);return b.prevObject=this,b.context=this.context,b},each:function(a,b
){return m.each(this,a,b)},map:function(a){return this.pushStack(m.map
(this,function(b,c){return a.call(b,c,b)}))},slice:function(){return t
his.pushStack(d.apply(this,arguments))},first:function(){return this.e
q(0)},last:function(){return this.eq(-1)},eq:function(a){var b=this.le
ngth,c= a (0>a?b:0);return this.pushStack(c>=0&&b>c?[this[c]]
:[])},end:function(){return this.prevObject||this.constructor(null)},p
ush:f,sort:c.sort,splice:c.splice},m.extend=m.fn.extend=function(){var
 a,b,c,d,e,f,g=arguments[0]||{},h=1,i=arguments.length,j=!1;for("boole
an"==typeof g&&(j=g,g=arguments[h]||{},h  ),"object"==typeof g||m.
<<< skipped >>>

GET /img/recommend-btn.png HTTP/1.1


Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: xz.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=UA; SUID=DA60F2C2DD83920A00000000574577BC; usid=DA60F2C24F0A900A00000000574577C9; JSESSIONID=aaawNK3v-ijZ371rdxNtv


HTTP/1.1 404 Not Found
Server: nginx
Date: Wed, 25 May 2016 10:01:03 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: hXXp://xz.sogou.com/error
3f..The URL has moved <a href="hXXp://xz.sogou.com/error">here&l
t;/a>...0..HTTP/1.1 404 Not Found..Server: nginx..Date: Wed, 25 May
 2016 10:01:03 GMT..Content-Type: text/html; charset=utf-8..Transfer-E
ncoding: chunked..Connection: keep-alive..Cache-Control: no-cache..Exp
ires: Thu, 01 Jan 1970 00:00:00 GMT..Location: hXXp://xz.sogou.com/err
or..3f..The URL has moved <a href="hXXp://xz.sogou.com/error">he
re</a>...0......


GET /img/recommend-btn.png HTTP/1.1


Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: xz.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=UA; SUID=DA60F2C2DD83920A00000000574577BC; usid=DA60F2C24F0A900A00000000574577C9; JSESSIONID=aaawNK3v-ijZ371rdxNtv


HTTP/1.1 404 Not Found
Server: nginx
Date: Wed, 25 May 2016 10:01:03 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: hXXp://xz.sogou.com/error
3f..The URL has moved <a href="hXXp://xz.sogou.com/error">here&l
t;/a>...0..HTTP/1.1 404 Not Found..Server: nginx..Date: Wed, 25 May
 2016 10:01:03 GMT..Content-Type: text/html; charset=utf-8..Transfer-E
ncoding: chunked..Connection: keep-alive..Cache-Control: no-cache..Exp
ires: Thu, 01 Jan 1970 00:00:00 GMT..Location: hXXp://xz.sogou.com/err
or..3f..The URL has moved <a href="hXXp://xz.sogou.com/error">he
re</a>...0......


GET /img/recommend-btn.png HTTP/1.1


Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: xz.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=UA; SUID=DA60F2C2DD83920A00000000574577BC; usid=DA60F2C24F0A900A00000000574577C9; JSESSIONID=aaawNK3v-ijZ371rdxNtv


HTTP/1.1 404 Not Found
Server: nginx
Date: Wed, 25 May 2016 10:01:04 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: hXXp://xz.sogou.com/error
3f..The URL has moved <a href="hXXp://xz.sogou.com/error">here&l
t;/a>...0......


GET /ie-css3.htc HTTP/1.1


Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: xz.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=UA; SUID=DA60F2C2DD83920A00000000574577BC; usid=DA60F2C24F0A900A00000000574577C9; JSESSIONID=aaawNK3v-ijZ371rdxNtv


HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 May 2016 10:01:04 GMT
Content-Length: 11952
Connection: keep-alive
ETag: "AVYcdCtTP6x"
Last-Modified: Thu, 19 May 2016 10:17:29 GMT
Accept-Ranges: bytes
...Do not remove this if you are using.....Original Author: Remiz Rahn
as..Original Author URL: hXXp://VVV.htmlremix.com..Published date: 200
8/09/24..Changes by Nick Fetchak:..- IE8 standards mode compatibility.
.- VML elements now positioned behind original box rather than inside 
of it ... should be less prone to breakage..- Added partial support fo
r ...box-shadow... style..- Checks for VML support before doing anythi
ng..- Updates VML element size and position via timer and also via win
dow resize event..- lots of other small things..Published date : 2010/
03/14..hXXp://fetchak.com/ie-css3..Thanks to TheBrightLines.com (http:
//VVV.thebrightlines.com/2009/12/03/using-ies-filter-in-a-cross-browse
r-way) for enlightening me about the DropShadow filter..timer_length =
 200; // Milliseconds..border_opacity = false; // Use opacity on borde
rs of rounded-corner elements? Note: This causes antialiasing issues..
// supportsVml() borrowed from hXXp://stackoverflow.com/questions/6541
12/how-do-you-detect-support-for-vml-or-svg-in-a-browser..function sup
portsVml() {..if (typeof supportsVml.supported == ...undefined...) {..
var a = document.body.a(document_createElement_x_x_x_x_x(...div...));.
.a.innerHTML = ...;..var b = a.firstChild;..b.style.behavior = ...url(
#default#VML)...;..supportsVml.supported = b ? typeof b.adj == ...obje
ct...: true;..a.parentNode.removeChild(a);..}..return supportsVml.supp
orted..}..// findPos() borrowed from hXXp://VVV.quirksmode.org/js/find
pos.html..function findPos(obj) {..var curleft = curtop = 0;..if (
<<< skipped >>>

GET /softassis/img/loading.gif HTTP/1.1


Accept: */*
Referer: hXXp://xz.sogou.com/softRanking
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: xz.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=UA; SUID=DA60F2C2DD83920A00000000574577BC; usid=DA60F2C24F0A900A00000000574577C9; JSESSIONID=aaawNK3v-ijZ371rdxNtv


HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 May 2016 10:01:08 GMT
Content-Type: image/gif
Content-Length: 12162
Connection: keep-alive
Last-Modified: Thu, 19 May 2016 08:23:34 GMT
ETag: "573d7806-2f82"
Expires: Sat, 28 May 2016 10:01:08 GMT
Cache-Control: max-age=259200
Accept-Ranges: bytes
GIF89a..........u..r..h..|..x.......................Z........~........
............Z.........................................................
........d..l..V.....i..Q..M..p...........T.._.....D.................`.
....R..f..............b..P.....X..........................Y...........
...............r....................n..\...........i..............O...
......................................................................
...........................................S........o..o..U........N..
b.................T........H..]..........................N............
....................e......................................`..........
.......{..............h...............................................
...O..........................d.......................................
...........!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket begin="..." i
d="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta
/" x:xmptk="Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15    
    "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-synt
ax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adob
e.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:st
Ref="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="
Adobe Photoshop CC (Windows)" xmpMM:InstanceID="xmp.iid:64E903EE2AC111
E58F97F39D602E280E" xmpMM:DocumentID="xmp.did:64E903EF2AC111E58F97F39D
602E280E"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:64E903EC
2AC111E58F97F39D602E280E" stRef:documentID="xmp.did:64E903ED2AC111
<<< skipped >>>

GET /softRanking/loadMore?pageSize=10&pageNo=1 HTTP/1.1


x-requested-with: XMLHttpRequest
Accept-Language: en-us
Referer: hXXp://xz.sogou.com/softRanking
Accept: application/json, text/javascript, */*; q=0.01
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: xz.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=UA; SUID=DA60F2C2DD83920A00000000574577BC; usid=DA60F2C24F0A900A00000000574577C9; JSESSIONID=aaawNK3v-ijZ371rdxNtv


HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 May 2016 10:01:09 GMT
Content-Type: application/json; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
f36..{"data":[{"docid":"-3080605666447722537","time":"2016-05-12","det
ails":".............................................","name":"QQ","dow
nloadnum":"0","pid":"34","cid":"1","logo_url":"http:\/\/cmc.imgstore.c
dn.sogou.com\/net\/a\/16\/link?appid=16&url=http://dl.app.so
gou.com/pc_logo/-3080605666447722537.png&r=null","fullname":"Q
Q","size":"54.25MB","hd_data":"{\"docid\":\"-3080605666447722537\",\"i
con\":\"http:\\\/\\\/dl.app.sogou.com\\\/pc_logo\\\/-30806056664477225
37.png\",\"name\":\"QQ\",\"pid\":\"34\",\"cid\":\"1\",\"size\":\"54.25
MB\",\"sogouHighdownUrl\":\"http:\\\/\\\/xiazai.sogou.com\\\/comm\\\/r
edir?softdown=1&u=YRyEVuHeM45mBjjEUSPVUEJm8GF_McJfVdEjKPrgnocp6RPTnPFS
Kls2-N19zn1Vkn7odhWiVY2XtB1GttVabv1-ADEcrdTQ-iKClemVEPIO-inS8VQTtv5V2h
DxQGVyuN87GS8Q0oehm6RfSK3qEdVQPXpgHp2iMhxDAjN02n4mFjdOpBN0epdYeddfMeUW
&pcid=-3080605666447722537&filename=QQ8.3.exe\"}"},{"docid":"563282922
5944923461","time":"2016-04-13","details":"...........................
..................","name":"............","downloadnum":"0","pid":"34"
,"cid":"12","logo_url":"http:\/\/cmc.imgstore.cdn.sogou.com\/net\/a\/1
6\/link?appid=16&url=http://dl.app.sogou.com/pc_logo/563
2829225944923461.png&r=null","fullname":"............","size":"49.
15MB","hd_data":"{\"docid\":\"5632829225944923461\",\"icon\":\"http:\\
\/\\\/dl.app.sogou.com\\\/pc_logo\\\/5632829225944923461.png\",\"name\
":\"............\",\"pid\":\"34\",\"cid\":\"12\",\"size\":\"49.15MB\",
\"sogouHighdownUrl\":\"http:\\\/\\\/xiazai.sogou.com\\\/comm\\\/re
<<< skipped >>>

GET /softassis/img/ranking-ico.png HTTP/1.1


Accept: */*
Referer: hXXp://xz.sogou.com/softRanking
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: xz.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=UA; SUID=DA60F2C2DD83920A00000000574577BC; usid=DA60F2C24F0A900A00000000574577C9; JSESSIONID=aaawNK3v-ijZ371rdxNtv


HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 May 2016 10:01:09 GMT
Content-Type: image/png
Content-Length: 1103
Connection: keep-alive
Last-Modified: Thu, 19 May 2016 08:23:34 GMT
ETag: "573d7806-44f"
Expires: Sat, 28 May 2016 10:01:09 GMT
Cache-Control: max-age=259200
Accept-Ranges: bytes
[email protected] ImageReadyq.e&
lt;...&iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.5-c021 79.155772, 2014/01/13-19:44:00        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CC 2014 (Windows)" xmpMM:InstanceID="xmp.iid:07A25883293D11E5BA4C
CD9836B368CC" xmpMM:DocumentID="xmp.did:07A25884293D11E5BA4CCD9836B368
CC"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:07A25881293D11
E5BA4CCD9836B368CC" stRef:documentID="xmp.did:07A25882293D11E5BA4CCD98
36B368CC"/> </rdf:Description> </rdf:RDF> </x:xmpmet
a> <?xpacket end="r"?>Y..n....IDATx.b.......0..%.....8..h.3..
...D.C@@...J`..Q.F.....@|....`.....@[email protected]...{Py..d...K ^[email protected]
[email protected]....`3.8|.%HP.....db.^O..F..Q.F..5hp.k..T...[.=...)...^.b;Z
...4j..A..^.bK.z. ...umH..D.....IEND.B`.....


GET /softassis/img/ranking-ico.png HTTP/1.1


Accept: */*
Referer: hXXp://xz.sogou.com/softRanking
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: xz.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=UA; SUID=DA60F2C2DD83920A00000000574577BC; usid=DA60F2C24F0A900A00000000574577C9; JSESSIONID=aaawNK3v-ijZ371rdxNtv


HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 May 2016 10:01:09 GMT
Content-Type: image/png
Content-Length: 1103
Connection: keep-alive
Last-Modified: Thu, 19 May 2016 08:23:34 GMT
ETag: "573d7806-44f"
Expires: Sat, 28 May 2016 10:01:09 GMT
Cache-Control: max-age=259200
Accept-Ranges: bytes
[email protected] ImageReadyq.e&
lt;...&iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.5-c021 79.155772, 2014/01/13-19:44:00        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CC 2014 (Windows)" xmpMM:InstanceID="xmp.iid:07A25883293D11E5BA4C
CD9836B368CC" xmpMM:DocumentID="xmp.did:07A25884293D11E5BA4CCD9836B368
CC"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:07A25881293D11
E5BA4CCD9836B368CC" stRef:documentID="xmp.did:07A25882293D11E5BA4CCD98
36B368CC"/> </rdf:Description> </rdf:RDF> </x:xmpmet
a> <?xpacket end="r"?>Y..n....IDATx.b.......0..%.....8..h.3..
...D.C@@...J`..Q.F.....@|....`.....@[email protected]...{Py..d...K ^[email protected]
[email protected]....`3.8|.%HP.....db.^O..F..Q.F..5hp.k..T...[.=...)...^.b;Z
...4j..A..^.bK.z. ...umH..D.....IEND.B`.HTTP/1.1 200 OK..Server: nginx
..Date: Wed, 25 May 2016 10:01:09 GMT..Content-Type: image/png..Conten
t-Length: 1103..Connection: keep-alive..Last-Modified: Thu, 19 May 201
6 08:23:34 GMT..ETag: "573d7806-44f"..Expires: Sat, 28 May 2016 10:01:
09 GMT..Cache-Control: max-age=259200..Accept-Ranges: bytes...PNG.....
[email protected] ImageReadyq.e<..
<<< skipped >>>


GET /KMP/player/download/install/3.9.1.130_20141103045254.exe?filename=3.9.1.130_20141103045254.exe HTTP/1.1
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Connection: Keep-Alive
Host: cdn.kmplayer.com
Pragma: no-cache
Range: bytes=0-
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.89 Safari/537.1


HTTP/1.1 404 Not Found
Date: Wed, 25 May 2016 10:01:22 GMT
Server: PWS/8.1.36
X-Px: ht h0-s1645.p0-kix.cdngp.net
ETag: "0"
Cache-Control: max-age=5
Expires: Wed, 25 May 2016 10:01:27 GMT
Age: 0
Content-Length: 0
Content-Type: text/html
Last-Modified: Wed, 02 Mar 2016 02:34:15 GMT
Connection: keep-alive



POST / HTTP/1.1
Host: 122.143.5.59:80
Content-type: application/octet-stream
Content-Length: 92
Connection: Keep-Alive

@.......P...........V.......mK9[4[....*J..hr.........<.../...C$H..Y..~...YT ..b...m..%..S...
HTTP/1.1 200 OK
Content-Length: 8604
Content-Type: application/octet-stream
Connection: Close
@........!.......g;.9..S..1.l.r.>../.....i....U..F.Ur........\}..[.
.]2.4...~.[..J^..c`...`........C]..]..'Q.....m.[z\).#...w.Pq.....:.W..
X.L[.Y.lv....~5p.|...6..v-i.....Qz. ...k..Nk...^.. N"S...r0S.L~..<r
qLN ."wXO...@.".#7.}l.A..H..s&l'.87k;.K.... ..7..bXuv.F.c......!..IHs.
6....<..........%p.~.B.S x7w..`E..)..%..Fw....O.& |a..i..a!..3;Jn..
..[B.=..G/..B.0KlR.D..|..j.OT._..BZ...#..^.....D...3..}.2.h<D./..!}
[email protected]{S....K....-..
.v....>o.z..E.WE.W.=H.....^*...Z8.rM.O.. I.R....,&<....~n.......
[email protected]?{z.......-9<.k
*..2Y...(7.d..0H.4...K....>[email protected]..].t`[email protected].
l..} H..O....}.d......C.42....@8dRY....%..}V0|P.......K.$.._....V.....
....z\......w....(....L....F2.....05.w..hp.y....8P.)..G66...y.....q...
......l...T;5.b...?.}U..5u.Q..@.@Z..(?M.%[email protected]..}E....U...[!.E
N..O..V;.dL.....o2)|.,.4.!....G..?...o?c.5..e.g..Qb.(...r.5.. .o......
.9........kD9...pW.0`.}.D;....m=.;..F.......k......".......H.>...2.
..$sU..V...B.h.W../..V....|.|....t.........)g6.y..A...)....,.Vz.IGL/{d
t0PvgdD.rws..\[email protected]<..'.....-R#.@e.,..8*..9...
.m.yF.P..Zs..\..JXN......{.cq....-.U(.....1.sZ..V.-./.....,[email protected].&g
t;...n1A..r}.........}.C.7.Z3.....E9...h...P......Q.Y..Y...3......>
..TS..Y.~.}....|. .Jm...e....k{=D....3..'[......z.zu..Y......|.{......
.1.uI>7..Lj'\...:A..wN....O.>(..n........r:.G...K9..H.....l.u...
......._...B....}..F. .i.....6._...W.f@.`..0C`.....3..7.B}..^._b..
<<< skipped >>>


GET /pingd?srctype=sogousoftware&gid=gVMH-W4-eABbBFUKZSRC2P4dm0o30000&unc=sogousoftware_normal&t=1&rand=1464170459 HTTP/1.1
User-Agent: HttpRequest
Host: ping.t.sogou.com
Cookie: IPLOC=UA; SUID=DA60F2C2DD83920A00000000574577BC; usid=DA60F2C24F0A900A00000000574577C9


HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 May 2016 10:00:56 GMT
Content-Type: application/octet-stream
Content-Length: 0
Connection: keep-alive



GET /KMP/player/download/install/3.9.1.130_20141103045254.exe?filename=3.9.1.130_20141103045254.exe HTTP/1.1
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Connection: Keep-Alive
Host: cdn.kmplayer.com
Pragma: no-cache
Range: bytes=0-
Referer: hXXp://xiazai.sogou.com/
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.89 Safari/537.1


HTTP/1.1 404 Not Found
Date: Wed, 25 May 2016 10:01:02 GMT
Server: PWS/8.1.36
X-Px: ht h0-s1528.p0-kix.cdngp.net
ETag: "0"
Cache-Control: max-age=5
Expires: Wed, 25 May 2016 10:01:07 GMT
Age: 0
Content-Length: 0
Content-Type: text/html
Last-Modified: Wed, 02 Mar 2016 02:34:15 GMT
Connection: keep-alive



GET /softRanking HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: xz.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=UA; SUID=DA60F2C2DD83920A00000000574577BC; usid=DA60F2C24F0A900A00000000574577C9


HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 May 2016 10:01:00 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Language: en-US
Set-Cookie: JSESSIONID=aaawNK3v-ijZ371rdxNtv; path=/
eee..<!DOCTYPE HTML>..<html>.<head>.    <meta cha
rset="UTF-8">.    <meta http-equiv="X-UA-Compatible" content="IE
=edge,chrome=1" />.    <title>..................</title>
;.    <link rel="stylesheet" href="/softassis/css/ranking.css"/>
.    <link rel="shortcut icon" href="hXXp://logo.VVV.sogou.com/imag
es/logo2014/new/favicon.ico" type="image/x-icon">.    <script ty
pe="text/javascript" src="/js/jquery-1.11.1.min.js"></script>
..</head>.<style type="text/css">.    body{.        backgr
ound-color: #fff;.    }.    .scrolling .ranking-btn1 {.        margin-
right: 7px;.    }.    .search-box {.        background-color: #fff;.  
      width: 424px;.        font: 12px/21px "microsoft yahei", arial, 
sans-serif;.        color: #383838;.        overflow: hidden;.    }.  
  /* ...............css */.    .scroll-me {.        overflow: hidden;.
    }.    .scroll-list {.        width: 100%;.    }.    .scroll-list-w
rap {.        overflow: hidden;.    }.    .relative {.        position
: relative;.        /*margin:10px 0 10px 0;*/.    }.    /* ...........
................ */.    .scroll-bg {.        position: absolute;.     
   right: 3px;.        top: 0;.        border-radius: 4px;.        wid
th: 7px;.        background: #fff;.        behavior: url(ie-css3.htc);
   /*........................*/..    }.    /* ..................... */
.    .scroll-block {.        border-radius: 4px;.        width: 7px;. 
       position: absolute;.        left: 0;.        top: 0;.      
<<< skipped >>>

GET /softassis/js/jquery-1.7.2.min.js HTTP/1.1


Accept: */*
Referer: hXXp://xz.sogou.com/softRecommend
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: xz.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=UA; SUID=DA60F2C2DD83920A00000000574577BC; usid=DA60F2C24F0A900A00000000574577C9; JSESSIONID=aaaYcDr8Hn05r9omdxNtv


HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 May 2016 10:01:00 GMT
Content-Type: application/x-javascript
Content-Length: 94840
Connection: keep-alive
Last-Modified: Thu, 19 May 2016 08:23:34 GMT
ETag: "573d7806-17278"
Expires: Sat, 28 May 2016 10:01:00 GMT
Cache-Control: max-age=259200
Accept-Ranges: bytes
/*! jQuery v1.7.2 jquery.com | jquery.org/license */.(function(a,b){fu
nction cy(a){return f.isWindow(a)?a:a.nodeType===9?a.defaultView||a.pa
rentWindow:!1}function cu(a){if(!cj[a]){var b=c.body,d=f("<" a ">
;").appendTo(b),e=d.css("display");d.remove();if(e==="none"||e===""){c
k||(ck=c.createElement("iframe"),ck.frameBorder=ck.width=ck.height=0),
b.appendChild(ck);if(!cl||!ck.createElement)cl=(ck.contentWindow||ck.c
ontentDocument).document,cl.write((f.support.boxModel?"<!doctype ht
ml>":"") "<html><body>"),cl.close();d=cl.createElement(
a),cl.body.appendChild(d),e=f.css(d,"display"),b.removeChild(ck)}cj[a]
=e}return cj[a]}function ct(a,b){var c={};f.each(cp.concat.apply([],cp
.slice(0,b)),function(){c[this]=a});return c}function cs(){cq=b}functi
on cr(){setTimeout(cs,0);return cq=f.now()}function ci(){try{return ne
w a.ActiveXObject("Microsoft.XMLHTTP")}catch(b){}}function ch(){try{re
turn new a.XMLHttpRequest}catch(b){}}function cb(a,c){a.dataFilter&&(c
=a.dataFilter(c,a.dataType));var d=a.dataTypes,e={},g,h,i=d.length,j,k
=d[0],l,m,n,o,p;for(g=1;g<i;g  ){if(g===1)for(h in a.converters)typ
eof h=="string"&&(e[h.toLowerCase()]=a.converters[h]);l=k,k=d[g];if(k=
=="*")k=l;else if(l!=="*"&&l!==k){m=l " " k,n=e[m]||e["* " k];if(!n){p
=b;for(o in e){j=o.split(" ");if(j[0]===l||j[0]==="*"){p=e[j[1] " " k]
;if(p){o=e[o],o===!0?n=p:p===!0&&(n=o);break}}}}!n&&!p&&f.error("No co
nversion from " m.replace(" "," to ")),n!==!0&&(c=n?n(c):p(o(c)))}}ret
urn c}function ca(a,c,d){var e=a.contents,f=a.dataTypes,g=a.respon
<<< skipped >>>

GET /js/scroll.js?vs=03 HTTP/1.1


Accept: */*
Referer: hXXp://xz.sogou.com/softRecommend
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: xz.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=UA; SUID=DA60F2C2DD83920A00000000574577BC; usid=DA60F2C24F0A900A00000000574577C9; JSESSIONID=aaawNK3v-ijZ371rdxNtv


HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 May 2016 10:01:03 GMT
Content-Type: application/x-javascript
Content-Length: 7035
Connection: keep-alive
Last-Modified: Thu, 19 May 2016 08:23:34 GMT
ETag: "573d7806-1b7b"
Expires: Sat, 28 May 2016 10:01:03 GMT
Cache-Control: max-age=259200
Accept-Ranges: bytes
.function Scroll(options) {.    var cssCore = function(testCss) {.    
    switch (true) {.            case testCss.webkitTransition === '':.
            return 'webkit'; break;.            case testCss.MozTransi
tion === '':.            return 'Moz'; break;.            case testCss
.msTransition === '':.            return 'ms'; break;.            case
 testCss.OTransition === '':.            return 'O'; break;.          
  default:.            return '';.        }.    }(document.createEleme
nt('ComicView').style),.    translate = function() {.        if (cssCo
re !== '') {.            return function(o, x, y) {.                o[
cssCore   'Transform'] = 'translate('   x  'px,'   y   'px) translateZ
(0)';.            } .        } else {.            return function(o, x
, y) {.                o.left = x   'px';.                o.top = y   
'px';.            }.        }.    }(),.    addClass = function(o, cls)
 {.        var oN = o.className;..        if (oN.indexOf(cls) === -1) 
{.            o.className = oN   ' '   cls;.        }.    },.    remov
eClass = function(o, cls) {.        var oN = o.className,.            
arrName,.            arrNow;..        if (oN.indexOf(cls) === -1) retu
rn;.        arrName = oN.split(' ');.        arrNow  = arrName.length;
.        while (arrNow--) {.            if (arrName[arrNow] === cls) {
.                arrName.splice(arrNow, 1);.            }.        }.  
      o.className = arrName.join(' ');.    },.    $$ = function(s) {. 
       return document.getElementById(s);.    };..    var c = $$(o
<<< skipped >>>

GET /img/recommend-btn.png HTTP/1.1


Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: xz.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=UA; SUID=DA60F2C2DD83920A00000000574577BC; usid=DA60F2C24F0A900A00000000574577C9; JSESSIONID=aaawNK3v-ijZ371rdxNtv


HTTP/1.1 404 Not Found
Server: nginx
Date: Wed, 25 May 2016 10:01:03 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: hXXp://xz.sogou.com/error
3f..The URL has moved <a href="hXXp://xz.sogou.com/error">here&l
t;/a>...0..HTTP/1.1 404 Not Found..Server: nginx..Date: Wed, 25 May
 2016 10:01:03 GMT..Content-Type: text/html; charset=utf-8..Transfer-E
ncoding: chunked..Connection: keep-alive..Cache-Control: no-cache..Exp
ires: Thu, 01 Jan 1970 00:00:00 GMT..Location: hXXp://xz.sogou.com/err
or..3f..The URL has moved <a href="hXXp://xz.sogou.com/error">he
re</a>...0......


GET /ie-css3.htc HTTP/1.1


Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: xz.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=UA; SUID=DA60F2C2DD83920A00000000574577BC; usid=DA60F2C24F0A900A00000000574577C9; JSESSIONID=aaawNK3v-ijZ371rdxNtv


HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 May 2016 10:01:04 GMT
Content-Length: 11952
Connection: keep-alive
ETag: "AVYcdCtTP6x"
Last-Modified: Thu, 19 May 2016 10:17:29 GMT
Accept-Ranges: bytes
...Do not remove this if you are using.....Original Author: Remiz Rahn
as..Original Author URL: hXXp://VVV.htmlremix.com..Published date: 200
8/09/24..Changes by Nick Fetchak:..- IE8 standards mode compatibility.
.- VML elements now positioned behind original box rather than inside 
of it ... should be less prone to breakage..- Added partial support fo
r ...box-shadow... style..- Checks for VML support before doing anythi
ng..- Updates VML element size and position via timer and also via win
dow resize event..- lots of other small things..Published date : 2010/
03/14..hXXp://fetchak.com/ie-css3..Thanks to TheBrightLines.com (http:
//VVV.thebrightlines.com/2009/12/03/using-ies-filter-in-a-cross-browse
r-way) for enlightening me about the DropShadow filter..timer_length =
 200; // Milliseconds..border_opacity = false; // Use opacity on borde
rs of rounded-corner elements? Note: This causes antialiasing issues..
// supportsVml() borrowed from hXXp://stackoverflow.com/questions/6541
12/how-do-you-detect-support-for-vml-or-svg-in-a-browser..function sup
portsVml() {..if (typeof supportsVml.supported == ...undefined...) {..
var a = document.body.a(document_createElement_x_x_x_x_x(...div...));.
.a.innerHTML = ...;..var b = a.firstChild;..b.style.behavior = ...url(
#default#VML)...;..supportsVml.supported = b ? typeof b.adj == ...obje
ct...: true;..a.parentNode.removeChild(a);..}..return supportsVml.supp
orted..}..// findPos() borrowed from hXXp://VVV.quirksmode.org/js/find
pos.html..function findPos(obj) {..var curleft = curtop = 0;..if (
<<< skipped >>>


GET /net/a/66/link?appid=66&url=http://dl.app.sogou.com/pc_logo/yijianchongzhuang_745x240.png&r= HTTP/1.1
Accept: */*
Referer: hXXp://xz.sogou.com/softRecommend
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cmc.imgstore.cdn.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=UA; SUID=DA60F2C2DD83920A00000000574577BC; usid=DA60F2C24F0A900A00000000574577C9


HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 May 2016 10:01:03 GMT
Content-Type: image/png
Content-Length: 36851
Connection: keep-alive
Last-Modified: Wed, 25 May 2016 07:40:52 GMT
Expires: Thu, 26 May 2016 07:40:52 GMT
Cache-Control: max-age=86400
ETag: a857071ddfb54adc7a437e01e017959c
X-YunTu-Cache: HIT
X-Yuntu-Trace: sjs_68_109
X-Yuntu-Trace-Proxy: sjs_86_87
[email protected]......,......gAMA......a.... cHRM..z&.........
.....u0...`..:....p..Q<....bKGD..............tIME.........v.....IDA
Tx...w.fUy/.}.Z....2s..P..:..XPD.XP.DMLL,.kbL..c.i7..{..cCP.....Nez=..
u.....c....f.|~....9......=.E..... <.F.j.g'.....I...z....!Q.1.i....
..= D...3.@`..L.2..[..RX.=C.07.YJX.....X.....$..R..Yn0..PE.z.~.....c..
.....=.B3 A....5.b......M3. x!.J43gI..`p...<..,.li.....^.I....i...&
gt;.`0C.T(.:.$...k..O..^e.z....F...B..Q.hn......(,R P.. @.1\..k..,%.a.
G4c.Sv...E(..\.fCe...>.V.d....b.j...4@.@.?E..c..b.%P......0.._....,
.....K0..Y.u. ...Q.X.Y'.CO..M3...P...l..........F..B.......Y.0....!1;a
../>...yT..B..k..D.Mn....GEe.M.^...wH...`..-.^R....)a..C.-.3.D....T
.).S&...OU.."b.^.T.hL$B..fk.<......]d...B..pl@ By.X..g....B_ H.f.B.
.lmq...:.%$H0.\.....3JE..d."[email protected].#..yM.P.'H
...'H.N..@...|....([email protected]$.p{.......k.|..9..a..2Y.e.1
.aa...).......X3..[d..b.W........W..0%..7ewK......l9.-..D ....E.`nM...
b.eX..s~.2..d...........n<......Orw.z..-....;.l.6.(@...g.7..9s.....
.l{S..{........&..X..Z.4........Ct..........>.._Z...P.%&T*........5
..........%AP.=..8..`. &_.y....Z.'.1.!..H.H ....Kq..A.R.h...I.M....$b.
@.. .48.,L........0.Y..aRf7G....;v...e....$l..1 ....u...l"....Sp.4.Ckb
.)...D.6y..Ov.#.f..$lS...#... <R...1...QP .....;...C"./.,...m.....@
C...I...P:.#.&l.........*..(...X..lSk5.hl1... .[6...V3.....|.|.O. ...k
.3r.Z.(s....c....\..N.B.......2e.u....M..b...X.[z"....(.d..*.j..O|.`..
"....K.jU..T*[email protected]..`j4./...l.Q.6.y9.:...^. ...I...Bz...
<<< skipped >>>


GET /KMP/player/download/install/3.9.1.130_20141103045254.exe?filename=3.9.1.130_20141103045254.exe HTTP/1.1
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Connection: Keep-Alive
Host: cdn.kmplayer.com
Pragma: no-cache
Range: bytes=0-
Referer: hXXp://xiazai.sogou.com/
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.89 Safari/537.1


HTTP/1.1 404 Not Found
Date: Wed, 25 May 2016 10:01:11 GMT
Server: PWS/8.1.36
X-Px: ms h0-s1632.p0-kix ( h0-s1442.p0-kix), ms h0-s1442.p0-kix ( origin>CONN)
ETag: "0"
Cache-Control: max-age=5
Expires: Wed, 25 May 2016 10:01:16 GMT
Age: 0
Content-Length: 0
Content-Type: text/html
Last-Modified: Wed, 02 Mar 2016 02:34:15 GMT
Connection: keep-alive



GET /KMP/player/download/install/3.9.1.130_20141103045254.exe?filename=3.9.1.130_20141103045254.exe HTTP/1.1
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Connection: Keep-Alive
Host: cdn.kmplayer.com
Pragma: no-cache
Range: bytes=0-
Referer: hXXp://xiazai.sogou.com/
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.89 Safari/537.1


HTTP/1.1 404 Not Found
Date: Wed, 25 May 2016 10:01:21 GMT
Server: PWS/8.1.36
X-Px: ms h0-s1645.p0-kix ( h0-s1442.p0-kix), rf-ms h0-s1442.p0-kix ( origin>CONN)
ETag: "0"
Cache-Control: max-age=5
Expires: Wed, 25 May 2016 10:01:26 GMT
Age: 0
Content-Length: 0
Content-Type: text/html
Last-Modified: Wed, 02 Mar 2016 02:34:15 GMT
Connection: keep-alive



POST / HTTP/1.1
Host: 123.129.242.179:80
Content-type: application/octet-stream
Content-Length: 268
Connection: Keep-Alive

<...........C.._....K2t......ZWX.jIW.......".L".2r.l}X3 .?K..
.y.....R.)...Z.|..?..Z..........[.^.?d....n.e.7m.....5......=o..{..P`.E ..w..iq*..%..m..mE-..)R......p.J%...2.<....2.0
\P.1.a...b..(..ci.z..3.X.e..l..9 0.X.>$..!....2.....\.....9.^...5.Fz...(..T..]....v4Y
HTTP/1.1 200 OK
Content-Length: 28
Content-Type: application/octet-stream
Connection: Close
HTTP/1.1 200 OK..Content-Length: 28..Content-Type: application/octet-s
tream..Connection: Close..<............$......4..@..`#..



GET /externalapp/SogouSoftwareExternalApp.exe HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: yze.t.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=UA; SUID=DA60F2C2DD83920A00000000574577BC; usid=DA60F2C24F0A900A00000000574577C9


HTTP/1.0 200 OK
Date: Tue, 24 May 2016 15:45:34 GMT
Content-Type: application/octet-stream
ETag: "1213813567"
Accept-Ranges: bytes
Last-Modified: Tue, 24 May 2016 07:13:11 GMT
Content-Length: 5861736
Server: WS CDN Server
Age: 65708
Via: 1.0 db80:8032 (Cdn Cache Server V2.0)
Connection: close
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.......1..:u..iu..i
u..i...iw..iu..i...i...id..i!..i...i...it..iRichu..i..................
......PE..L......K.................Z...........0.......p....@.........
.................P......*.Z......................................s....
.......n..........PXY.................................................
.............p...............................text....X.......Z........
.......... ..`.rdata.......p.......^..............@[email protected].......
[email protected][email protected].
...n.......p...t..............@..@....................................
......................................................................
......................................................................
......................................................................
......................................................................
............................................U....\.}..t .}.F.E.u..H...
..>[email protected].>[email protected]
...Pr@..}[email protected]... M.......M....3.....FQ.....NU..
M..........VT..U.....FP..E...............E.P.M...Hp@..E...E.P.E.P.u...
[email protected]}[email protected].}.j.W.E......E.......Pp@.
[email protected]@.W...E..E.h [email protected]...\r
@._^3.[.....L$...>B...Si.....VW.T.....tO.q.3.;5.>B.sB..i......D.
......t.G.....t...O..t .....u...3....3...F.....;5.>B.r._^[...U.
<<< skipped >>>


POST / HTTP/1.1
Host: 163.177.79.152:80
Content-type: application/octet-stream
Content-Length: 92
Connection: Keep-Alive

<.......P...|...(...TLQ.j....W.......{..`t.\.V.{>X.G........5.....C..Z.....y.#.I...-51.X..p
HTTP/1.1 200 OK
Content-Length: 60
Content-Type: application/octet-stream
Connection: Close
HTTP/1.1 200 OK..Content-Length: 60..Content-Type: application/octet-s
tream..Connection: Close..<.......0.......F...!..../70S...k..kh.M .
6...... .(.U..f..ed..



GET /img/recommend-btn.png HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: xz.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=UA; SUID=DA60F2C2DD83920A00000000574577BC; usid=DA60F2C24F0A900A00000000574577C9; JSESSIONID=aaawNK3v-ijZ371rdxNtv


HTTP/1.1 404 Not Found
Server: nginx
Date: Wed, 25 May 2016 10:01:05 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: hXXp://xz.sogou.com/error
3f..The URL has moved <a href="hXXp://xz.sogou.com/error">here&l
t;/a>...0..HTTP/1.1 404 Not Found..Server: nginx..Date: Wed, 25 May
 2016 10:01:05 GMT..Content-Type: text/html; charset=utf-8..Transfer-E
ncoding: chunked..Connection: keep-alive..Cache-Control: no-cache..Exp
ires: Thu, 01 Jan 1970 00:00:00 GMT..Location: hXXp://xz.sogou.com/err
or..3f..The URL has moved <a href="hXXp://xz.sogou.com/error">he
re</a>...0......


POST /ajax/loadItem HTTP/1.1


x-requested-with: XMLHttpRequest
Accept-Language: en-us
Referer: hXXp://xz.sogou.com/softRecommend
Accept: application/json, text/javascript, */*; q=0.01
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: xz.sogou.com
Content-Length: 9
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: IPLOC=UA; SUID=DA60F2C2DD83920A00000000574577BC; usid=DA60F2C24F0A900A00000000574577C9; JSESSIONID=aaawNK3v-ijZ371rdxNtv

classId=1
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 May 2016 10:01:08 GMT
Content-Type: application/json; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
f36..{"data":[{"docid":"-3080605666447722537","time":"2016-05-12","det
ails":"........................","name":"QQ","downloadnum":"0","pid":"
34","cid":"1","logo_url":"http:\/\/cmc.imgstore.cdn.sogou.com\/net\/a\
/16\/link?appid=16&url=http://dl.app.sogou.com/pc_logo/-
3080605666447722537.png&r=null","size":"54.25MB","hd_data":"{\"doc
id\":\"-3080605666447722537\",\"icon\":\"http:\\\/\\\/dl.app.sogou.com
\\\/pc_logo\\\/-3080605666447722537.png\",\"name\":\"QQ\",\"pid\":\"34
\",\"cid\":\"1\",\"size\":\"54.25MB\",\"sogouHighdownUrl\":\"http:\\\/
\\\/xiazai.sogou.com\\\/comm\\\/redir?softdown=1&u=YRyEVuHeM45mBjjEUSP
VUEJm8GF_McJfVdEjKPrgnocp6RPTnPFSKls2-N19zn1Vkn7odhWiVY2XtB1GttVabv1-A
DEcrdTQ-iKClemVEPIO-inS8VQTtv5V2hDxQGVyuN87GS8Q0oehm6RfSK3qEdVQPXpgHp2
iMhxDAjN02n4mFjdOpBN0epdYeddfMeUW&pcid=-3080605666447722537&filename=Q
Q8.3.exe\"}"},{"docid":"-3726774318030095000","time":"2016-04-25","det
ails":"........................","name":"QQ.........","downloadnum":"0
","pid":"34","cid":"8","logo_url":"http:\/\/cmc.imgstore.cdn.sogou.com
\/net\/a\/16\/link?appid=16&url=http://dl.app.sogou.com/pc
_logo/-3726774318030095000.png&r=null","size":"45.19MB","hd_data
":"{\"docid\":\"-3726774318030095000\",\"icon\":\"http:\\\/\\\/dl.app.
sogou.com\\\/pc_logo\\\/-3726774318030095000.png\",\"name\":\"QQ......
...\",\"pid\":\"34\",\"cid\":\"8\",\"size\":\"45.19MB\",\"sogouHighdow
nUrl\":\"http:\\\/\\\/xiazai.sogou.com\\\/comm\\\/redir?softdown=1&u=0
Gd8piB609380vCOL7GwJe7o9WVvkHDR1GVQjUnAqC9OEkUqaXdOjADHbxOU-93snoE
<<< skipped >>>

GET /softassis/img/ranking-ico.png HTTP/1.1


Accept: */*
Referer: hXXp://xz.sogou.com/softRanking
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: xz.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=UA; SUID=DA60F2C2DD83920A00000000574577BC; usid=DA60F2C24F0A900A00000000574577C9; JSESSIONID=aaawNK3v-ijZ371rdxNtv


HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 May 2016 10:01:09 GMT
Content-Type: image/png
Content-Length: 1103
Connection: keep-alive
Last-Modified: Thu, 19 May 2016 08:23:34 GMT
ETag: "573d7806-44f"
Expires: Sat, 28 May 2016 10:01:09 GMT
Cache-Control: max-age=259200
Accept-Ranges: bytes
[email protected] ImageReadyq.e&
lt;...&iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.5-c021 79.155772, 2014/01/13-19:44:00        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CC 2014 (Windows)" xmpMM:InstanceID="xmp.iid:07A25883293D11E5BA4C
CD9836B368CC" xmpMM:DocumentID="xmp.did:07A25884293D11E5BA4CCD9836B368
CC"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:07A25881293D11
E5BA4CCD9836B368CC" stRef:documentID="xmp.did:07A25882293D11E5BA4CCD98
36B368CC"/> </rdf:Description> </rdf:RDF> </x:xmpmet
a> <?xpacket end="r"?>Y..n....IDATx.b.......0..%.....8..h.3..
...D.C@@...J`..Q.F.....@|....`.....@[email protected]...{Py..d...K ^[email protected]
[email protected]....`3.8|.%HP.....db.^O..F..Q.F..5hp.k..T...[.=...)...^.b;Z
...4j..A..^.bK.z. ...umH..D.....IEND.B`.HTTP/1.1 200 OK..Server: nginx
..Date: Wed, 25 May 2016 10:01:09 GMT..Content-Type: image/png..Conten
t-Length: 1103..Connection: keep-alive..Last-Modified: Thu, 19 May 201
6 08:23:34 GMT..ETag: "573d7806-44f"..Expires: Sat, 28 May 2016 10:01:
09 GMT..Cache-Control: max-age=259200..Accept-Ranges: bytes...PNG.....
[email protected] ImageReadyq.e<..
<<< skipped >>>


GET /app/a/10190001/381427456234840 HTTP/1.1
Accept: */*
Referer: hXXp://xz.sogou.com/softRecommend
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img01.sogoucdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: NWS_VCLOUD_ACCESS
Connection: keep-alive
Date: Wed, 25 May 2016 10:01:02 GMT
Cache-Control: max-age=86400
Expires: Thu, 26 May 2016 10:01:02 GMT
Last-Modified: Wed, 25 May 2016 00:26:07 GMT
Content-Type: image/jpeg
Content-Length: 113605
X-Cache-Lookup: Hit From MemCache
Etag: b9ab65e9c989f8d59fab66485d4cc5ca
.....QExif..MM.*.............................b...........j.(..........
.1.........r.2...........i....................'.......'.Adobe Photosho
p CC (Windows).2015:03:27 14:27:11....................................
...............................................&.(....................
.....................H.......H..........Adobe_CM......Adobe.d.........
......................................................................
..................................................................4...
."................?...................................................
.......................3......!.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5
....&D.TdE..t6..U.e.....u..F'...............Vfv........7GWgw..........
..............5.....!1..AQaq"..2.....B#.R..3$b.r..CS.cs4.%......&5..D.
T..dEU6te......u..F...............Vfv........'7GWgw.................?.
..AEH1....k...#I.E ..N..c0.%.....X.2.~.h..a....q........@..{>.U...Z
 .u_i..as.=f]Uu.4..W.......$......,...Z][email protected].>....]/>.&.M.
/1..A....E...mt..]k.@,.#C..>.mU..s......$...'..Icdu....qg.. .....9.
L..y...0.&."H.G.|k......eo`:K.Z'.I.Y..//'.-.7:.-.n.L{r8W.V..!gG#..0.0.
.P6t.$.).^..3.... ..s...Te)...*$.%>......`J.*O....>!F.....bJ.R..
...5LX.. x.$..2s..L.....N..J..k.o.^.....4..5".`.w...Z...P]..7 ..5.....
....>..~.w....Y.dc..v.Uw.......o.....;3.ab...v...l...\.......O.6{.|
.."..z.G!..........z...........`.f..Lu.........v.pv. ..G.k..k....V~o.e
....[Pl.....^..eU>.......:......7.....F.rY..UX........}.w.O........
.F.d.x.._..3s...q....._.L~..]/...0.H...r.:.nG.....}7..;_....]..7ed
<<< skipped >>>


GET /net/a/66/link?appid=66&url=http://dl.app.sogou.com/pc_logo/zhuanti_58_640x260.jpg&r= HTTP/1.1
Accept: */*
Referer: hXXp://xz.sogou.com/softRecommend
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cmc.imgstore.cdn.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=UA; SUID=DA60F2C2DD83920A00000000574577BC; usid=DA60F2C24F0A900A00000000574577C9


HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 May 2016 10:01:03 GMT
Content-Type: image/jpeg
Content-Length: 22849
Connection: keep-alive
Last-Modified: Tue, 24 May 2016 10:35:56 GMT
Expires: Wed, 25 May 2016 10:35:56 GMT
Cache-Control: max-age=86400
ETag: ba3617d88686c674c13033d96307ba4d
X-YunTu-Cache: HIT
X-Yuntu-Trace: bjzw_56_113
X-Yuntu-Trace-Proxy: tc_212_43
......JFIF..............Exif..II*................zhXXp://ns.adobe.com/
xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> &
lt;x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c014
 79.151481, 2013/03/13-12:09:15        "> <rdf:RDF xmlns:rdf="ht
tp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf
:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="h
ttp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.ad
obe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:f1af487c-5480-d949
-88eb-cc294c54a04e" xmpMM:DocumentID="xmp.did:40C9C4E8A94411E5A05499F2
C1441D57" xmpMM:InstanceID="xmp.iid:40C9C4E7A94411E5A05499F2C1441D57" 
xmp:CreatorTool="Adobe Photoshop CC (Windows)"> <xmpMM:DerivedFr
om stRef:instanceID="xmp.iid:edd6ef7c-c0da-c845-9dde-1c96745be157" stR
ef:documentID="xmp.did:f1af487c-5480-d949-88eb-cc294c54a04e"/> <
/rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket 
end="r"?>...C......................................................
..............C.......................................................
..................@..".........................................._.....
........................!.1A.."Qa.2q..#3B.Rbr...$8c...%'(CWw.........)
4TUVduvx............................................C.................
.........!1.AQ."aq.2.....BRbr...#3....7..STs................?....>.
...>.F?..<}q.e..........~..................H.|1.1...HL....X0rO.?
.0....T.$.R..`..D.....u ...........KO(.......99......w.,6.?......V
<<< skipped >>>


GET /KMP/player/download/install/3.9.1.130_20141103045254.exe?filename=3.9.1.130_20141103045254.exe HTTP/1.1
Accept: */*
Accept-Language: en-us
Cache-Control: no-cache
Connection: Keep-Alive
Host: cdn.kmplayer.com
Pragma: no-cache
Range: bytes=0-
Referer: hXXp://xiazai.sogou.com/
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.89 Safari/537.1


HTTP/1.1 404 Not Found
Date: Wed, 25 May 2016 10:01:31 GMT
Server: PWS/8.1.36
X-Px: rf-ms h0-s1645.p0-kix ( h0-s1442.p0-kix), rf-ms h0-s1442.p0-kix ( origin>CONN)
ETag: "0"
Cache-Control: max-age=5
Expires: Wed, 25 May 2016 10:01:36 GMT
Age: 0
Content-Length: 0
Content-Type: text/html
Last-Modified: Wed, 02 Mar 2016 02:34:15 GMT
Connection: keep-alive



GET /invc/xfspeed/qqpcmgr/download/SuiteDownloader20160222153349.exe HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: dlied6.qq.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nws_4.2.1_midcache
Last-Modified: Mon, 22 Feb 2016 07:33:50 GMT
Content-Type: application/octet-stream
Content-Length: 2713888
X-Cache-Lookup: Hit From Disktank
Cache-Control: max-age=600
Expires: Wed, 25 May 2016 10:11:00 GMT
Date: Wed, 25 May 2016 10:01:00 GMT
Connection: keep-alive
MZ......................@.............................................
..!..L.!This program cannot be run in DOS mode....$.........p.........
.....nc......np......ns.....f.C..............nl......nb......nf.....Ri
ch............................PE..L...W .V.....................`(.....
G0............@..........................`)......$*...................
......................x....P..,.(..........P). .......................
........................@............................................t
ext...X........................... ..`.rdata..h/.......0..............
....@[email protected]........ ... ... [email protected]...,.(..P....(..@
..............@..@....................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
..................................................................
<<< skipped >>>


GET /app/a/10190001/741430117543639 HTTP/1.1
Accept: */*
Referer: hXXp://xz.sogou.com/softRecommend
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img04.sogoucdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: NWS_VCLOUD_ACCESS
Connection: keep-alive
Date: Wed, 25 May 2016 10:01:03 GMT
Cache-Control: max-age=86400
Expires: Thu, 26 May 2016 10:01:03 GMT
Last-Modified: Tue, 24 May 2016 23:21:40 GMT
Content-Type: image/png
Content-Length: 151522
X-Cache-Lookup: Hit From Disktank
Etag: 39932f127e952c35a683cdf6fe90d0a7
.PNG........IHDR.............2.m&....pHYs................MiCCPPhotosho
p ICC profile..x..SwX...>..e.VB....l.."#[email protected]..
..H....(.gA..Z.U\8.....}z............y.....&...j.9R.<:...OH......H.
. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....
ly|B"......I>..................(G$.@..`U.R,......@"......Y.2G.....v
.X..@`...B,.. 8..C.... L..0...._p..H.......K.3.....w....!..l.Ba.).f.."
...#.H..L.........8?......f.l.....k.o">!.........N..._....p...u.k.[
..V.h..][email protected].<......%b..0..>[email protected].@...
...qanv.R....B1n..#......)..4.\,...X..P"M.y.R.D!......2......w....O.N.
...l.~.....X.v.@~.-......g42y.......@ ...........\...L....D..*.A......
........a.D@.$.<.B........A.T.:.............18....\..p..`........A.
..a!:..b.."......"aH4... ...Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u
@.......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v..
..a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._
.H$....N.!%.2I.IkH.H-.S.>..i.L&..m....... ......O.......:...L..$R..
.J5e?....2B...Q.......:.ZIm.vP/S...4u.%...C..-....igi.h/.t.....E....k.
......w......Hb(.k.{...../.L......T0.2..g...oUX*.*|.....:.V.~...TUsU?.
y..T.U..^V}.FU.P.........U..6..RwR.P.Q_.._...c....F..H.Tc....!..2e.XB.
rV..,k.Mb[...Lv...v/{LSCs.f.f.f..q.......9..J.!...{-.-?-..j.f.~.7.z...
b.r......up.@.,..:m:.u..6.Q....u..>.c.y.........G.m..........704.6.
.l18c...c.k.i........h...h..I.'.&..g.5x.>f.o.b.4.e.k<abi2.......
)..k.f....t...,.......9..k.a........E..J.6.....|...M....V>VyV.V
<<< skipped >>>


GET /images/upload/upc/tx/pcdlc/pc/10344.jpg HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img.pconline.com.cn
Connection: Keep-Alive


HTTP/1.1 200 OK
Expires: Fri, 24 Jun 2016 10:00:39 GMT
Date: Wed, 25 May 2016 10:00:39 GMT
Server: nginx
Content-Type: image/jpeg
Content-Length: 5607
Last-Modified: Mon, 17 Nov 2014 04:14:26 GMT
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Via: http/1.1 MyCluster (ApacheTrafficServer/3.2.0 [cMsSfW])
X-whois: 238-196
X-Via: 1.1 zhq133:8080 (Cdn Cache Server V2.0), 1.1 dezhen72:8111 (Cdn Cache Server V2.0), 1.1 jszjdx83:1 (Cdn Cache Server V2.0)
Connection: keep-alive
......JFIF..............Exif..II*...................1.......J...2.....
..f...............i.......z.......ACD Systems Digital Imaging.2014:11:
09 14:49:58...........0220........861.........H...........H...........
..................R98.........0100..............H.H.."................
......................................................................
......................................................................
........................................!...1."A..Qa2Br..3Rq....#45U..
.......$%CSVbcu.......................................................
!1..."AQ.aq..#2..$3BRbSr...............?..O.O...e[...........Fo...)#s.
g.n.....<..vso.=.X......u|............N............p...9..pr=......
..ea.T. L....^}>C...<l.t.8-4..uw.....O.9.......?R..OO.pw....ps.~
..U.{.L4.q.0...H.. l0;...M....p.lv.}....d.....,.).PF.#........<...#
p.Q...R....gq#9....s.(.9=.&.%..1...$......a.g.5U..........w..t.....g..
.=...A...$...).$....|.x...R.....H%Y..1....8......u..I..$.=s.}6...?^V..
..m;..{s.......y..r{...Q...G....IH..{.....1.......2S..I.. .(J...NNw..[
.}.0..........?..;.....a.......p!.......1...)....!.-./Q&RM.F'..3......
s....M. .2g.\[email protected].....=V5.NJr....q.....m..#...._...!\X....!K...).IH..
.......8..s.S.../...o..w.....1..........#...7t3_.C.....v....T..###-..k
..M.'...s.....;........Z:...N....U...F6....?4..ob.n.S..Z.bC.;.T4...3.S
..=G.oj.....YAv .......Ia..R.) .../....Q=.Z..w/....,...O..^...."..K,*.
.D..9S.J...u._}..m.=A...C.V.jM.D.!e.A].t.j....6...T..:.E=4......i*.X#T
>#.27!.=.tw.Um....*......x.........Hc....9P..6F.Nzi0S..T..{..zz
<<< skipped >>>

HEAD /images/upload/upc/tx/pcdlc/pc/10344.jpg HTTP/1.1


Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, application/msword, application/vnd.ms-excel, application/vnd.ms-powerpoint, */*
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; {D9D54F49-E51C-445e-92F2-1EE3C2313240})
Host: img.pconline.com.cn
Content-Length: 0
Cache-Control: no-cache


HTTP/1.1 405 Method Not Allowed
Date: Wed, 25 May 2016 10:00:57 GMT
Server: nginx
Content-Type: text/html
Content-Length: 526
Via: http/1.1 MyCluster (ApacheTrafficServer/3.2.0 [cSsSfD])
X-Via: 1.1 jszjdx83:1 (Cdn Cache Server V2.0)
Connection: close



GET /app/a/10190001/CC1430117533187 HTTP/1.1
Accept: */*
Referer: hXXp://xz.sogou.com/softRecommend
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: img03.sogoucdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: NWS_VCLOUD_ACCESS
Connection: keep-alive
Date: Wed, 25 May 2016 10:01:03 GMT
Cache-Control: max-age=86400
Expires: Thu, 26 May 2016 10:01:03 GMT
Last-Modified: Tue, 24 May 2016 21:12:09 GMT
Content-Type: image/png
Content-Length: 104812
X-Cache-Lookup: Hit From MemCache
ETag: 14bc09e4cd90b4aa7520414ded59b107
X-Daa-Tunnel: hop_count=1
X-Cache-Lookup: Hit From Inner Cluster 
.PNG........IHDR.............2.m&....pHYs................MiCCPPhotosho
p ICC profile..x..SwX...>..e.VB....l.."#[email protected]..
..H....(.gA..Z.U\8.....}z............y.....&...j.9R.<:...OH......H.
. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....
ly|B"......I>..................(G$.@..`U.R,......@"......Y.2G.....v
.X..@`...B,.. 8..C.... L..0...._p..H.......K.3.....w....!..l.Ba.).f.."
...#.H..L.........8?......f.l.....k.o">!.........N..._....p...u.k.[
..V.h..][email protected].<......%b..0..>[email protected].@...
...qanv.R....B1n..#......)..4.\,...X..P"M.y.R.D!......2......w....O.N.
...l.~.....X.v.@~.-......g42y.......@ ...........\...L....D..*.A......
........a.D@.$.<.B........A.T.:.............18....\..p..`........A.
..a!:..b.."......"aH4... ...Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u
@.......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v..
..a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._
.H$....N.!%.2I.IkH.H-.S.>..i.L&..m....... ......O.......:...L..$R..
.J5e?....2B...Q.......:.ZIm.vP/S...4u.%...C..-....igi.h/.t.....E....k.
......w......Hb(.k.{...../.L......T0.2..g...oUX*.*|.....:.V.~...TUsU?.
y..T.U..^V}.FU.P.........U..6..RwR.P.Q_.._...c....F..H.Tc....!..2e.XB.
rV..,k.Mb[...Lv...v/{LSCs.f.f.f..q.......9..J.!...{-.-?-..j.f.~.7.z...
b.r......up.@.,..:m:.u..6.Q....u..>.c.y.........G.m..........704.6.
.l18c...c.k.i........h...h..I.'.&..g.5x.>f.o.b.4.e.k<abi2.......
)..k.f....t...,.......9..k.a........E..J.6.....|...M....V>VyV.V
<<< skipped >>>


HEAD /images/upload/upc/tx/pcdlc/pc/10344.jpg HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, application/msword, application/vnd.ms-excel, application/vnd.ms-powerpoint, */*
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; {D9D54F49-E51C-445e-92F2-1EE3C2313240})
Host: img.pconline.com.cn
Content-Length: 0
Cache-Control: no-cache


HTTP/1.1 200 OK
Date: Wed, 25 May 2016 10:00:38 GMT
Server: nginx
Content-Type: image/jpeg
Content-Length: 5607
Last-Modified: Sun, 09 Nov 2014 06:50:00 GMT
Expires: Fri, 24 Jun 2016 10:00:38 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
Via: http/1.1 MyCluster (ApacheTrafficServer/3.2.0 [cMsSf ])
X-whois: 238-92
X-Via: 1.1 jszjdx83:1 (Cdn Cache Server V2.0)
Connection: keep-alive



GET /update_platform/update.php?appname=sogoudownload_bindpcmgrcontrol&v=1.0.0.0 HTTP/1.1
User-Agent: HttpRequest
Host: t.sogou.com
Cookie: IPLOC=UA; SUID=DA60F2C2DD83920A00000000574577BC; usid=DA60F2C24F0A900A00000000574577C9


HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 May 2016 10:00:59 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
Ruleid: 552bbd6b179ca25b43a7e02a
230....[.A.p.p.l.i.c.a.t.i.o.n.D.o.w.n.l.o.a.d.].....P.c.i.d.L.i.s.t.=
.1.2.9.7.9.4.2.4.2.5.3.3.7.0.8.2.7.4.,.-.8.5.0.8.4.0.3.4.1.8.9.0.2.1.1
.8.0.7.8.,.5.7.7.6.6.5.4.4.1.8.0.3.2.3.7.2.9.3.7.,.2.0.4.0.6.8.3.5.3.5
.5.0.5.1.0.4.7.4.9.,.-.1.5.3.5.1.7.7.8.6.7.9.6.8.9.6.2.7.5.5.....N.a.m
.e.L.i.s.t.=.3.6.0..[hQkS.X,[email protected],.3.6.0..g..Om..hV,.3.6.0..[hQO
m..hV,.3.6.0.Kb:g.RKb5u..Hr....[.A.p.p.l.i.c.a.t.i.o.n.R.u.n.].....P.r
.o.c.e.s.s.L.i.s.t.=.3.6.0.T.r.a.y...e.x.e.,.3.6.0.s.d...e.x.e.,.3.6.0
.c.h.r.o.m.e...e.x.e.,.3.6.0.s.e...e.x.e.,.3.6.0.M.o.b.i.l.e.M.g.r...e
.x.e...0......


GET /update_platform/done.php?v=1.0.0.0&appname=sogoudownload_bindpcmgrcontrol&state=1 HTTP/1.1


User-Agent: HttpDownload
Host: t.sogou.com
Cookie: IPLOC=UA; SUID=DA60F2C2DD83920A00000000574577BC; usid=DA60F2C24F0A900A00000000574577C9


HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 May 2016 10:00:59 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
X-Powered-By: PHP/5.3.3
552bbd6b179ca25b43a7e02a<br/>HTTP/1.1 200 OK..Server: nginx..Dat
e: Wed, 25 May 2016 10:00:59 GMT..Content-Type: text/html..Content-Len
gth: 0..Connection: keep-alive..X-Powered-By: PHP/5.3.3..552bbd6b179ca
25b43a7e02a<br/>....


GET /update_platform/update.php?appname=sogoudownload_bindsecontrol&v=1.0.0.0 HTTP/1.1


User-Agent: HttpRequest
Host: t.sogou.com
Cookie: IPLOC=UA; SUID=DA60F2C2DD83920A00000000574577BC; usid=DA60F2C24F0A900A00000000574577C9


HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 May 2016 10:01:02 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.3.3
Ruleid: 54d3460c179ca2b2069ae8f3
2b6....[.A.p.p.l.i.c.a.t.i.o.n.D.o.w.n.l.o.a.d.].....P.c.i.d.L.i.s.t.=
.1.2.9.7.9.4.2.4.2.5.3.3.7.0.8.2.7.4.,.-.8.5.0.8.4.0.3.4.1.8.9.0.2.1.1
.8.0.7.8.,.5.7.7.6.6.5.4.4.1.8.0.3.2.3.7.2.9.3.7.,.2.0.4.0.6.8.3.5.3.5
.5.0.5.1.0.4.7.4.9.,.-.1.5.3.5.1.7.7.8.6.7.9.6.8.9.6.2.7.5.5.,.2.1.9.9
.4.3.5.4.9.5.5.3.7.6.6.3.8.5.4.,.8.6.2.3.3.0.8.8.6.5.1.2.8.8.0.9.0.5.1
.....N.a.m.e.L.i.s.t.=.3.6.0..[hQkS.X,[email protected],.3.6.0..g..Om..hV,.3
.6.0..[hQOm..hV,.3.6.0.Kb:g.RKb5u..Hr,.~v.^kS.X,..d.rOm..hV....[.A.p.p
.l.i.c.a.t.i.o.n.R.u.n.].....P.r.o.c.e.s.s.L.i.s.t.=.3.6.0.T.r.a.y...e
.x.e.,.3.6.0.s.d...e.x.e.,.3.6.0.c.h.r.o.m.e...e.x.e.,.3.6.0.s.e...e.x
.e.,.3.6.0.M.o.b.i.l.e.M.g.r...e.x.e.,.B.a.i.d.u.A.n.T.r.a.y...e.x.e..
.0......


GET /update_platform/done.php?v=1.0.0.0&appname=sogoudownload_bindsecontrol&state=1 HTTP/1.1


User-Agent: HttpDownload
Host: t.sogou.com
Cookie: IPLOC=UA; SUID=DA60F2C2DD83920A00000000574577BC; usid=DA60F2C24F0A900A00000000574577C9


HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 May 2016 10:01:02 GMT
Content-Type: text/html
Content-Length: 0
Connection: keep-alive
X-Powered-By: PHP/5.3.3
54d3460c179ca2b2069ae8f3<br/>HTTP/1.1 200 OK..Server: nginx..Dat
e: Wed, 25 May 2016 10:01:02 GMT..Content-Type: text/html..Content-Len
gth: 0..Connection: keep-alive..X-Powered-By: PHP/5.3.3..54d3460c179ca
2b2069ae8f3<br/>..



POST / HTTP/1.1
Host: 58.254.134.233:80
Content-type: application/octet-stream
Content-Length: 44
Connection: Keep-Alive

A....... .....[F/./.......q....6...A.P|/6...
HTTP/1.1 200 OK
Content-Length: 28
Content-Type: application/octet-stream
Connection: Close
HTTP/1.1 200 OK..Content-Length: 28..Content-Type: application/octet-s
tream..Connection: Close..A...........~P..O........h....



HEAD /comm/redir?softdown=1&u=YRyEVuHeM447o7sJASc53IrDwXL502GEmYD2TTWJr9gu_wtqBzEiCdrWlVI05AY0CFqb2aIVezbm2TIaMN1IMjIWkvnkjuR7Wsy-daJnv4zfN_LPkloCAGTpPVpZ3Le85YBgdDpio-1W-sy2rljMVSLhDQYQju08&pcid=-5561624350552157631&filename=3.9.1.130_20141103045254.exe HTTP/1.1
User-Agent: HttpRequest
Host: xiazai.sogou.com
Content-Length: 0
Cache-Control: no-cache
Cookie: IPLOC=UA; SUID=DA60F2C2DD83920A00000000574577BC; usid=DA60F2C24F0A900A00000000574577C9


HTTP/1.1 302 Found
Server: nginx
Date: Wed, 25 May 2016 10:01:00 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: hXXp://cdn.kmplayer.com/KMP/player/download/install/3.9.1.130_20141103045254.exe?filename=3.9.1.130_20141103045254.exe
HTTP/1.1 302 Found..Server: nginx..Date: Wed, 25 May 2016 10:01:00 GMT
..Content-Type: text/html; charset=utf-8..Connection: keep-alive..Cach
e-Control: no-cache..Expires: Thu, 01 Jan 1970 00:00:00 GMT..Location:
 hXXp://cdn.kmplayer.com/KMP/player/download/install/3.9.1.130_2014110
3045254.exe?filename=3.9.1.130_20141103045254.exe..



POST /pc_assist/install_check.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Accept: */*
Content-Length: 1957
User-Agent: HttpRequest
Host: zs.xiazai.sogou.com
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: IPLOC=UA; SUID=DA60F2C2DD83920A00000000574577BC; usid=DA60F2C24F0A900A00000000574577C9

<?xml version="1.0" encoding="utf-8" ?>
<SoftwareInstallFeaturesRequset>
    <Item>
        <Reg>
            <![CDATA[$(RegUninstall)\\Adobe Flash Player ActiveX]]>
        </Reg>
    </Item>
    <Item>
        <Reg>
            <![CDATA[$(RegUninstall)\\Microsoft .NET Framework 3.5]]>
        </Reg>
    </Item>
    <Item>
        <Reg>
            <![CDATA[$(RegUninstall)\\Microsoft .NET Framework 4 Client Profile]]>
        </Reg>
    </Item>
    <Item>
        <Reg>
            <![CDATA[$(RegUninstall)\\SogouSoftware]]>
        </Reg>
    </Item>
    <Item>
        <Reg>
            <![CDATA[$(RegUninstall)\\Totalcmd]]>
        </Reg>
    </Item>
    <Item>
        <Reg>
            <![CDATA[$(RegUninstall)\\WinPcapInst]]>
        </Reg>
    </Item>
    <Item>
        <Reg>
            <![CDATA[$(RegUninstall)\\Wireshark]]>
        </Reg>
    </Item>
    <Item>
        <Reg>
            <![CDATA[$(RegUninstall)\\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}]]&g
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 May 2016 10:01:01 GMT
Content-Type: text/html; charset=gb2312
Content-Length: 341
Connection: keep-alive
X-Powered-By: PHP/5.3.3
<?xml version="1.0" encoding="utf-8"?>.<SoftwareInstallFeatur
esResponse><Item><Reg><![CDATA[$(RegUninstall)\\Adob
e Flash Player ActiveX]]></Reg><PCID><![CDATA[763893
7123950702413]]></PCID></Item><Item><Reg>&l
t;![CDATA[$(RegUninstall)\\SogouSoftware]]></Reg><PCID>
<![CDATA[-4581287645299687438]]></PCID></Item></S
oftwareInstallFeaturesResponse>.....


POST /pc_assist/local_info.php HTTP/1.1


Content-Type: application/x-www-form-urlencoded
Accept: */*
Content-Length: 294
User-Agent: HttpRequest
Host: zs.xiazai.sogou.com
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: IPLOC=UA; SUID=DA60F2C2DD83920A00000000574577BC; usid=DA60F2C24F0A900A00000000574577C9

<?xml version="1.0" encoding="utf-8" ?>
<SoftwareLocalInfosRequest>
    <Item>
        <PCID>
            <![CDATA[7638937123950702413]]>
        </PCID>
    </Item>
    <Item>
        <PCID>
            <![CDATA[-4581287645299687438]]>
        </PCID>
    </Item>
</SoftwareLocalInfosRequest>

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 May 2016 10:01:01 GMT
Content-Type: text/html; charset=gb2312
Content-Length: 2272
Connection: keep-alive
X-Powered-By: PHP/5.3.3
<?xml version="1.0" encoding="utf-8"?>.<SoftwareLocalInfosRes
ponse>.<Item DisplayName="Adobe Flash Player for IE">...<P
CID>....<![CDATA[7638937123950702413]]>...</PCID>...<
;InstallPath>....<FindByPathDirect>.....<![CDATA[C:\Window
s\SysWOW64\Macromed\Flash]]>....</FindByPathDirect>....<Fi
ndByPathDirect>.....<![CDATA[%System%\Macromed\Flash]
]>....</FindByPathDirect>...</InstallPath>...<ExeFil
e>...    <FindByPath>.....<![CDATA[$(InstallPath)\Flash32_
18_0_0_232.ocx]]>....</FindByPath>...</ExeFile>...<V
ersion>....<FindByReg>.....<![CDATA[$(RegUninstall)\Adobe 
Flash Player ActiveX\DisplayVersion]]>....</FindByReg>...<
/Version>...<Icon>....<FindByReg>.....<![CDATA[$(Reg
Uninstall)\Adobe Flash Player ActiveX\DisplayIcon]]>....</FindBy
Reg>...</Icon>...<UninstallString>....<FindByReg>
.....<![CDATA[$(RegUninstall)\Adobe Flash Player ActiveX\UninstallS
tring]]>....</FindByReg>...</UninstallString>..</Ite
m>.<Item DisplayName="............">...<PCID>....<![
CDATA[-4581287645299687438]]>...</PCID>...<InstallPath>
...    <FindByLink>.....<![CDATA[$(StartMenu)\Programs\......
......\.............lnk]]>....</FindByLink>....<FindByLink
>.....<![CDATA[$(Desktop)\.............lnk]]>....</FindByL
ink>....<FindByReg> .....<![CDATA[HKEY_LOCAL_MACHINE\S
<<< skipped >>>

POST /pc_assist/local_info.php HTTP/1.1


Content-Type: application/x-www-form-urlencoded
Accept: */*
Content-Length: 294
User-Agent: HttpRequest
Host: zs.xiazai.sogou.com
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: IPLOC=UA; SUID=DA60F2C2DD83920A00000000574577BC; usid=DA60F2C24F0A900A00000000574577C9

<?xml version="1.0" encoding="utf-8" ?>
<SoftwareLocalInfosRequest>
    <Item>
        <PCID>
            <![CDATA[7638937123950702413]]>
        </PCID>
    </Item>
    <Item>
        <PCID>
            <![CDATA[-4581287645299687438]]>
        </PCID>
    </Item>
</SoftwareLocalInfosRequest>

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 May 2016 10:01:02 GMT
Content-Type: text/html; charset=gb2312
Content-Length: 2272
Connection: keep-alive
X-Powered-By: PHP/5.3.3
<?xml version="1.0" encoding="utf-8"?>.<SoftwareLocalInfosRes
ponse>.<Item DisplayName="Adobe Flash Player for IE">...<P
CID>....<![CDATA[7638937123950702413]]>...</PCID>...<
;InstallPath>....<FindByPathDirect>.....<![CDATA[C:\Window
s\SysWOW64\Macromed\Flash]]>....</FindByPathDirect>....<Fi
ndByPathDirect>.....<![CDATA[%System%\Macromed\Flash]
]>....</FindByPathDirect>...</InstallPath>...<ExeFil
e>...    <FindByPath>.....<![CDATA[$(InstallPath)\Flash32_
18_0_0_232.ocx]]>....</FindByPath>...</ExeFile>...<V
ersion>....<FindByReg>.....<![CDATA[$(RegUninstall)\Adobe 
Flash Player ActiveX\DisplayVersion]]>....</FindByReg>...<
/Version>...<Icon>....<FindByReg>.....<![CDATA[$(Reg
Uninstall)\Adobe Flash Player ActiveX\DisplayIcon]]>....</FindBy
Reg>...</Icon>...<UninstallString>....<FindByReg>
.....<![CDATA[$(RegUninstall)\Adobe Flash Player ActiveX\UninstallS
tring]]>....</FindByReg>...</UninstallString>..</Ite
m>.<Item DisplayName="............">...<PCID>....<![
CDATA[-4581287645299687438]]>...</PCID>...<InstallPath>
...    <FindByLink>.....<![CDATA[$(StartMenu)\Programs\......
......\.............lnk]]>....</FindByLink>....<FindByLink
>.....<![CDATA[$(Desktop)\.............lnk]]>....</FindByL
ink>....<FindByReg> .....<![CDATA[HKEY_LOCAL_MACHINE\S
<<< skipped >>>

POST /pc_assist/newversion_info.php HTTP/1.1


Content-Type: application/x-www-form-urlencoded
Accept: */*
Content-Length: 429
User-Agent: HttpRequest
Host: zs.xiazai.sogou.com
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: IPLOC=UA; SUID=DA60F2C2DD83920A00000000574577BC; usid=DA60F2C24F0A900A00000000574577C9

<SoftwareNewVersionInfosRequest>
    <Item>
        <PCID>
            <![CDATA[7638937123950702413]]>
        </PCID>
        <LocalVersion>
            <![CDATA[11.6.602.168]]>
        </LocalVersion>
    </Item>
    <Item>
        <PCID>
            <![CDATA[-4581287645299687438]]>
        </PCID>
        <LocalVersion>
            <![CDATA[3.1.13.88]]>
        </LocalVersion>
    </Item>
</SoftwareNewVersionInfosRequest>

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 May 2016 10:01:02 GMT
Content-Type: text/html; charset=gb2312
Content-Length: 1380
Connection: keep-alive
X-Powered-By: PHP/5.3.3
<?xml version="1.0" encoding="utf-8"?>.<SoftwareNewVersionInf
os>.<Item>...<soft_id><![CDATA[7638937123950702413]]
></soft_id>....<name><![CDATA[Adobe Flash Player for
 IE]]></name>....<logo_url><![CDATA[hXXp://pc3.gtimg
.com/softmgr/logo/48/504_48_1433919181.png]]></logo_url>....&
lt;installfile_size><![CDATA[19398656]]></installfile_size
>....<download_url1><![CDATA[hXXp://c.softmgr.qq.com/fcgi-
bin/partnerdown?soft_id=504&partner=108&dl=http://dl.softmgr.qq.
com/original/Video/install_flash_player_21_active_x_ie_21.0.0.21
3.exe]]></download_url1>....<app_updatetime><![CDATA
[2016-04-07]]></app_updatetime>....<details><![CDATA
[.....................................................................
......................................................................
.....]]></details>....<version><![CDATA[21.0.0.213]]
></version>....<is_stable><![CDATA[1]]></is_st
able>....<whatsnew><![CDATA[1.............................
.........................................Flash Player ActiveX...NPAPI.
..PPAPI............................2..................................
.........Chrome.................................MAC...................
.........3..........Stage3D......VideoTexture.........MAC...PC........
...........4.........................]]></whatsnew>....<up
grade_rate><![CDATA[81]]></upgrade_rate>....<sco
<<< skipped >>>

POST /pc_assist/silent_install.php HTTP/1.1


Content-Type: application/x-www-form-urlencoded
Accept: */*
Content-Length: 254
User-Agent: HttpRequest
Host: zs.xiazai.sogou.com
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: IPLOC=UA; SUID=DA60F2C2DD83920A00000000574577BC; usid=DA60F2C24F0A900A00000000574577C9

<SoftwareSilentParaRequest>
    <Item>
        <PCID>
            <![CDATA[7638937123950702413]]>
        </PCID>
    </Item>
    <Item>
        <PCID>
            <![CDATA[-4581287645299687438]]>
        </PCID>
    </Item>
</SoftwareSilentParaRequest>

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 May 2016 10:01:02 GMT
Content-Type: text/html; charset=gb2312
Content-Length: 97
Connection: keep-alive
X-Powered-By: PHP/5.3.3
<?xml version="1.0" encoding="utf-8"?>.<SoftwareSilentParaReq
uest>..</SoftwareSilentParaRequest>.....


POST /pc_assist/soft_info.php?fields=logo_url HTTP/1.1


Content-Type: application/x-www-form-urlencoded
Accept: */*
Content-Length: 254
User-Agent: HttpRequest
Host: zs.xiazai.sogou.com
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: IPLOC=UA; SUID=DA60F2C2DD83920A00000000574577BC; usid=DA60F2C24F0A900A00000000574577C9

<SoftwareOnlineIconRequest>
    <Item>
        <PCID>
            <![CDATA[7638937123950702413]]>
        </PCID>
    </Item>
    <Item>
        <PCID>
            <![CDATA[-4581287645299687438]]>
        </PCID>
    </Item>
</SoftwareOnlineIconRequest>

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 May 2016 10:01:03 GMT
Content-Type: text/html; charset=gb2312
Content-Length: 359
Connection: keep-alive
X-Powered-By: PHP/5.3.3
<?xml version="1.0" encoding="utf-8"?>.<SoftInfoResponse>&
lt;Item><soft_id><![CDATA[7638937123950702413]]></so
ft_id><logo_url><![CDATA[hXXp://dl.app.sogou.com/pc_logo/7
638937123950702413.png]]></logo_url></Item><Item>
<soft_id><![CDATA[-4581287645299687438]]></soft_id>&
lt;logo_url><![CDATA[hXXp://dl.app.sogou.com/128128.png]]><
;/logo_url></Item></SoftInfoResponse>.HTTP/1.1 200 OK..
Server: nginx..Date: Wed, 25 May 2016 10:01:03 GMT..Content-Type: text
/html; charset=gb2312..Content-Length: 359..Connection: keep-alive..X-
Powered-By: PHP/5.3.3..<?xml version="1.0" encoding="utf-8"?>.&l
t;SoftInfoResponse><Item><soft_id><![CDATA[763893712
3950702413]]></soft_id><logo_url><![CDATA[hXXp://dl.
app.sogou.com/pc_logo/7638937123950702413.png]]></logo_url>&l
t;/Item><Item><soft_id><![CDATA[-4581287645299687438
]]></soft_id><logo_url><![CDATA[hXXp://dl.app.sogou.
com/128128.png]]></logo_url></Item></SoftInfoRespons
e>...



GET /128128.png HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: dl.app.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=UA; SUID=DA60F2C2DD83920A00000000574577BC; usid=DA60F2C24F0A900A00000000574577C9


HTTP/1.0 503 Service Unavailable
Server: Cdn Cache Server V2.0
Date: Wed, 25 May 2016 10:01:08 GMT
Content-Type: text/html
Content-Length: 1564
Expires: Wed, 25 May 2016 10:01:08 GMT
X-Cache-Error: ERR_CANNOT_FORWARD 11
Via: 1.0 db80:7002 (Cdn Cache Server V2.0)
Connection: close
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "htt
p://VVV.w3.org/TR/html4/loose.dtd">.<HTML><HEAD>.<ME
TA HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=gb2312"> .
<TITLE>......................URL..........</TITLE>.<STY
LE type="text/css"><!--BODY{background-color:#ffffff;font-family
:verdana,sans-serif}PRE{font-family:sans-serif}--></STYLE>.&l
t;/HEAD><BODY>.<H1>....</H1>.<H2>..........
......URL..........</H2>.<HR noshade size="1px">.<P>
.......................URL.......<A HREF="hXXp://dl.app.sogou.com/1
28128.png">hXXp://dl.app.sogou.com/128128.png</A>.<P>..
..................<UL>.<LI>.<STRONG>.Unable to forwa
rd this request at this time..<BR>..............................
..</STRONG>.</UL>..<P>.This request could not be for
warded to the origin server or to any.parent caches.  The most likely 
cause for this error is that:.<UL>.<LI>The cache administr
ator does not allow this cache to make .    direct connections to orig
in servers, and.<LI>All configured parent caches are currently u
nreachable..</UL>.</P>.<P>..........................
..............................................................<UL&g
t;.<LI>.........................................................
..<LI>.................................................</UL&g
t;.</P>.<P>....................<A HREF="mailto:wssu
<<< skipped >>>


HEAD /pc_logo/7638937123950702413.png HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, application/msword, application/vnd.ms-excel, application/vnd.ms-powerpoint, */*
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; {D9D54F49-E51C-445e-92F2-1EE3C2313240})
Host: dl.app.sogou.com
Content-Length: 0
Cache-Control: no-cache
Cookie: IPLOC=UA; SUID=DA60F2C2DD83920A00000000574577BC; usid=DA60F2C24F0A900A00000000574577C9


HTTP/1.0 503 Service Unavailable
Server: Cdn Cache Server V2.0
Date: Wed, 25 May 2016 10:01:08 GMT
Content-Type: text/html
Content-Length: 1604
Expires: Wed, 25 May 2016 10:01:08 GMT
X-Cache-Error: ERR_CANNOT_FORWARD 11
Via: 1.0 db79:82 (Cdn Cache Server V2.0)
Connection: close



HEAD /128128.png HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, application/msword, application/vnd.ms-excel, application/vnd.ms-powerpoint, */*
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; {D9D54F49-E51C-445e-92F2-1EE3C2313240})
Host: dl.app.sogou.com
Content-Length: 0
Cache-Control: no-cache
Cookie: IPLOC=UA; SUID=DA60F2C2DD83920A00000000574577BC; usid=DA60F2C24F0A900A00000000574577C9


HTTP/1.0 503 Service Unavailable
Server: Cdn Cache Server V2.0
Date: Wed, 25 May 2016 10:01:07 GMT
Content-Type: text/html
Content-Length: 1564
Expires: Wed, 25 May 2016 10:01:07 GMT
X-Cache-Error: ERR_CANNOT_FORWARD 11
Via: 1.0 db80:7002 (Cdn Cache Server V2.0)
Connection: close



GET /pc_logo/7638937123950702413.png HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: dl.app.sogou.com
Connection: Keep-Alive
Cookie: IPLOC=UA; SUID=DA60F2C2DD83920A00000000574577BC; usid=DA60F2C24F0A900A00000000574577C9


HTTP/1.0 503 Service Unavailable
Server: Cdn Cache Server V2.0
Date: Wed, 25 May 2016 10:01:07 GMT
Content-Type: text/html
Content-Length: 1604
Expires: Wed, 25 May 2016 10:01:07 GMT
X-Cache-Error: ERR_CANNOT_FORWARD 11
Via: 1.0 db79:82 (Cdn Cache Server V2.0)
Connection: close
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "htt
p://VVV.w3.org/TR/html4/loose.dtd">.<HTML><HEAD>.<ME
TA HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=gb2312"> .
<TITLE>......................URL..........</TITLE>.<STY
LE type="text/css"><!--BODY{background-color:#ffffff;font-family
:verdana,sans-serif}PRE{font-family:sans-serif}--></STYLE>.&l
t;/HEAD><BODY>.<H1>....</H1>.<H2>..........
......URL..........</H2>.<HR noshade size="1px">.<P>
.......................URL.......<A HREF="hXXp://dl.app.sogou.com/p
c_logo/7638937123950702413.png">hXXp://dl.app.sogou.com/pc_logo/763
8937123950702413.png</A>.<P>....................<UL>
.<LI>.<STRONG>.Unable to forward this request at this time
..<BR>................................</STRONG>.</UL>
;..<P>.This request could not be forwarded to the origin server 
or to any.parent caches.  The most likely cause for this error is that
:.<UL>.<LI>The cache administrator does not allow this cac
he to make .    direct connections to origin servers, and.<LI>Al
l configured parent caches are currently unreachable..</UL>.<
/P>.<P>......................................................
..................................<UL>.<LI>...............
............................................<LI>................
.................................</UL>.</P>.<P>.
<<< skipped >>>


GET /appinfo?num=8961 HTTP/1.1
User-Agent: HttpDownload
Host: yz.app.sogou.com


HTTP/1.1 200 OK
Server: nginx
Date: Wed, 25 May 2016 10:00:28 GMT
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: IPLOC=UA; expires=Thu, 25-May-17 10:00:28 GMT; domain=.sogou.com; path=/
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: SUID=DA60F2C2DD83920A00000000574577BC; expires=Tue, 20-May-36 10:00:28 GMT; domain=.sogou.com; path=/
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
1dc..status=true&softurl=http://xiazai.sogou.com/comm/redir%
3Fsoftdown=1&u=YRyEVuHeM447o7sJASc53IrDwXL502GEmYD2TTWJr9gu_wtqB
zEiCdrWlVI05AY0CFqb2aIVezbm2TIaMN1IMjIWkvnkjuR7Wsy-daJnv4zfN_LPkloCAGT
pPVpZ3Le85YBgdDpio-1W-sy2rljMVSLhDQYQju08&pcid=-556162435055215763
1&filename=3.9.1.130_20141103045254.exe&iconurl=http://img.p
conline.com.cn/images/upload/upc/tx/pcdlc/pc/10344.jpg&s
oftname=KMPlayer播放器&softsize=35.69MB...0..HTTP
/1.1 200 OK..Server: nginx..Date: Wed, 25 May 2016 10:00:28 GMT..Conte
nt-Type: text/plain; charset=UTF-8..Transfer-Encoding: chunked..Connec
tion: keep-alive..Set-Cookie: IPLOC=UA; expires=Thu, 25-May-17 10:00:2
8 GMT; domain=.sogou.com; path=/..P3P: CP="CURa ADMa DEVa PSAo PSDo OU
R BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"..Set-Cookie: SU
ID=DA60F2C2DD83920A00000000574577BC; expires=Tue, 20-May-36 10:00:28 G
MT; domain=.sogou.com; path=/..P3P: CP="CURa ADMa DEVa PSAo PSDo OUR B
US UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"..Cache-Control: no
-cache..Expires: Thu, 01 Jan 1970 00:00:00 GMT..1dc..status=true&softu
rl=http://xiazai.sogou.com/comm/redir?softdown=1&u=Y
RyEVuHeM447o7sJASc53IrDwXL502GEmYD2TTWJr9gu_wtqBzEiCdrWlVI05AY0CFqb2aI
Vezbm2TIaMN1IMjIWkvnkjuR7Wsy-daJnv4zfN_LPkloCAGTpPVpZ3Le85YBgdDpio-1W-
sy2rljMVSLhDQYQju08&pcid=-5561624350552157631&filename=3.9.1.1
30_20141103045254.exe&iconurl=http://img.pconline.com.cn/image
s/upload/upc/tx/pcdlc/pc/10344.jpg&softname=KMPlayer%E
<<< skipped >>>


GET /cooperation/popuprecommend/installfinishbind-qqbrowser-only.xml HTTP/1.1
User-Agent: HttpRequest
Host: yze.t.sogou.com
Cookie: IPLOC=UA; SUID=DA60F2C2DD83920A00000000574577BC; usid=DA60F2C24F0A900A00000000574577C9


HTTP/1.1 200 OK
Date: Wed, 25 May 2016 10:01:02 GMT
Content-Type: text/xml
ETag: "-1184433059"
Accept-Ranges: bytes
Last-Modified: Wed, 25 May 2016 04:37:00 GMT
Vary: Accept-Encoding
Content-Length: 1698
Server: WS CDN Server
Via: 1.1 db80:9005 (Cdn Cache Server V2.0)
Connection: close
<?xml version="1.0" encoding="utf-8"?>.<DOCUMENT>..<bin
dtype><![CDATA[installfinishbind]]></bindtype>.    <
item>.        <weight><![CDATA[0]]></weight>.    
    <name><![CDATA[QQBrowser]]></name>...<appchec
kurl><![CDATA[hXXp://t.sogou.com/update_platform/update.php?appn
ame=sogoudownload_bindsecontrol&v=1.0.0.0]]></appcheckurl>...
<appcheckreporturl><![CDATA[hXXp://t.sogou.com/update_platfor
m/done.php?v=1.0.0.0&appname=sogoudownload_bindsecontrol&state=1]]>
</appcheckreporturl>...<silentinstall><![CDATA[false]]&
gt;</silentinstall>...<installprivilege><![CDATA[false]
]></installprivilege>...<installtype><![CDATA[instal
lpackage]]></installtype>...<installedfeature>....<t
ype><![CDATA[keyandpath]]></type>....<key><![C
DATA[HKEY_LOCAL_MACHINE\SOFTWARE\Tencent\QQBrowser]]></key>..
..<valuename><![CDATA[Exe]]></valuename>....<file
><![CDATA[]]></file>...</installedfeature>...<
installedfeature>....<type><![CDATA[keyandpath]]></t
ype>....<key><![CDATA[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432N
ode\Tencent\QQBrowser]]></key>....<valuename><![CDAT
A[Exe]]></valuename>....<file><![CDATA[]]></fi
le>.        </installedfeature>...<installpackage>....&
lt;url><![CDATA[hXXp://dldl.qq.com/dl/sogoudl]]></url&
<<< skipped >>>


POST / HTTP/1.1
Host: 58.254.134.249:80
Content-type: application/octet-stream
Content-Length: 44
Connection: Keep-Alive

A...
... ...|....:=..D..T...C..P/`kx....,...
HTTP/1.1 200 OK
Content-Length: 28
Content-Type: application/octet-stream
Connection: Close
HTTP/1.1 200 OK..Content-Length: 28..Content-Type: application/octet-s
tream..Connection: Close..A...........Z-(j#F.ea....~....







The Trojan-Downloader connects to the servers at the folowing location(s):







SogouSoftware.exe_1416:




.text
`.rdata
@.data
.rsrc
@.reloc
GetProcessHeap
KERNEL32.dll
F:\SogouSoftwareWorkDir\SogouSoftware\Src\Launcher\Release\Launcher.pdb
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
manifest.cfg
SogouSoftware.dll
SogouSoftwareLoader.dll
0.0.0.1
Sogou.com Inc.
3.1.12.94
Launcher.exe
2014 Sogou.com Inc. All rights reserved.

wuauclt.exe_960:




.text
`.data
.rsrc
@.reloc
wuauclt.pdb
GetProcessHeap
KERNEL32.dll
_wcmdln
_amsg_exit
msvcrt.dll
ntdll.dll
ole32.dll
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
ADVAPI32.dll
USER32.dll
OLEAUT32.dll
SHLWAPI.dll
zcÁ
version="6.0.0.0"
name="Microsoft.Windows.windowsupdate.wuauclt"
<windowsSettings>
<dpiAware xmlns="hXXp://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>
</windowsSettings>
name="Microsoft.Windows.Common-Controls"
publicKeyToken="6595b64144ccf1df"
<requestedExecutionLevel
wuaueng.dll
Error: 0xx. wuauclt handler: failed to spawn COM server
Error: 0xx. wuauclt handler: failed to load wuaueng
/ReportNow
/ShowWindowsUpdate
/CloseWindowsUpdate
wuauclt.exe failed to get proc address for UI export object with error %#lx
Failed to load %s with error %X
wucltui.dll
wucltux.dll
call RunAUClientUI on wucltui.dll/wucltux.dll
Ntdll.dll
WuSqm %ls session datapoint (id:%d) is incremented with dword %d.
wuauclt.exe is exiting with code 0xX
wuauclt.exe launched with command line %s
kernel32.dll
WUWeb
Report
7.6.7600.256
Global\WindowsUpdateTracingMutex
WindowsUpdate.log
SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Trace
Windows
shell32.dll
%s: %s [
%s: %s
%s\%s
= Module: %s
= Module: <failed with %d>
= Process: %s
= Process: <failed with %d>
=========== Logging initialized (build: %s, tz: %s) ===========
wups2.dll
wups.dll
Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Setup\ServiceStartup\
%hs %ls page "%ls", hr=%X
Microsoft.WindowsUpdate
wupdmgr.exe
Failed to cocreate IShellWindows, error = 0xlX
Failed to obtain window doc for window %d, error = 0xlX
Failed to obtain folder view for window %d, error = 0xlX
Failed to obtain folder IPersist for window %d, error = 0xlX
Window %d is NOT a WU window
Done enumerating windows
Quit for window %d failed: 0xlX
Window %d is a WU window. Attempting to close
Failed to obtain class ID for window %d, error = 0xlX
Got NULL disp interface for window %d
Got %d instead of VT_DISPATCH for window %d
Failed to obtain IWebBrowserApp for window %d, error = 0xlX
Failed to enumerate window %d, error = 0xlX
Found %d explorer windows
Closing WU explorer windows
Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\VolatileData
WUAppNotificationWindows
SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequired
SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequired\Mandatory
SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\PostRebootReporting
SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Services\Pending\
%chdhd
hd-hd-hd%chd:hd:hd:hd
%WinDir%
Windows Update
7.6.7600.256 (winmain_wtr_wsus3sp2(oobla).120602-1459)
wuauclt.exe
Windows
Operating System

UpdateService.exe_832:




.text
`.rdata
@.data
.rsrc
PSSSSSSh
PSSSSSSh!
8-H6}G6)67Z
JPi.lP
SHELL32.dll
USERENV.dll
KERNEL32.dll
RegCloseKey
RegOpenKeyExA
ADVAPI32.dll
SHDeleteKeyA
SHLWAPI.dll
VERSION.dll
WS2_32.dll
MSVCRT.dll
_acmdln
WTSAPI32.dll
USER32.dll
ole32.dll
OLEAUT32.dll
GetWindowsDirectoryA
GetProcessHeap
RegOpenKeyExW
RegOpenKeyA
RegSetKeySecurity
RegCreateKeyA
RegCreateKeyExA
USBDT.dll
[%s Update Service]register success.
"%s" /Service
UpdateService.exe
[%s Update Service]register fail 3.
[%s Update Service]register fail 2.
[%s Update Service]register fail 1.
SogouSoftware_Mutex_{4A79E46E-5A01-4abb-BCC1-F96D06AEE085}
[%s Update Service]start register.
"%s" /Restart
[%s Update Service]wait %d minutes.
SogouSoftware.exe
SogouSoftware.exe /AutoRun
[%s Update Service]start service.
NUL=%s
wininit.ini
%s\Temp\
%s=%s
EXPLORER.EXE
IEXPLORE.EXE
%d%c%d
AllocateAndInitializeSid error %u
"%s" %s
Dbghelp.dll
Kernel32.dll
user32.dll
hXXp://ping.t.sogou.com/pingd?srctype=sogousoftware&t=%d&gid=%s&unc=%s&%s&rand=%d
serviceversion=%s
hXXp://ping.t.sogou.com/pingd?srctype=sogousoftware&t=%d&gid=%s&unc=%s&rand=%d
hXXp://t.sogou.com/update_platform/done.php?v=%s&appname=sogousoftware_update&state=1
Mddddd
%d.%d.%d.%d
%s_Classes\%s\%s
%s\%s
Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice
%s_Classes\%s
http\shell\open\command
explorer.exe
%%X
%%x
err 02: %d
err 01: %d
1.0.0.0
CommonState.dll
Wininet.dll
UrlMon.dll
SGGuiFoundation{46558918-2F85-46DA-9639-1941E6282A1D}
[UpateDir:%s].
[%s Update Service]start update.
Setup.exe
[%s Update Service]update success.
[%s Update Service]new version: %s, local version: %s.
%s\%s%s
Profile.ini
hXXp://t.sogou.com/update_platform/update.php?appname=sogousoftware_update&unc=%s&guid=%s&useridbit1=%s&useridbit2=%s&v=%s&t=%d
[m_szLocalProfile:%s].
HotPatch.exe
Userenv.dll
iexplore.exe
\StringFileInfo\xx\%s
Update.ini
file%d
%s PID=%d
.bak.exe
wintrust.dll
2.5.4.3
CertCloseStore
CryptMsgClose
CertFreeCertificateContext
CertFindRDNAttr
CertRDNValueToStrA
CertCreateCertificateContext
CryptMsgGetParam
crypt32.dll
1.2.840.113549.1.9.5
CryptDecodeObject failed with %x
1.2.840.113549.1.9.6
rundll32.exe
%s,Rundll32
%s,Rundll32 E
%s,Rundll32 I
%s,Rundll32 R
Rundll32.exe %s,Rundll32 R
CLSID\%s\InprocServer32
CLSID\%s
SogouSoftware.dll
manifest.cfg
S%c%cR
%s*.sys
ATßT%d%d.dat
FT%uD
FT%uH
AT%uFT%u
%Program Files%\TENCENT\SSPlus\SData.dat
PendingFileRenameOperations
advapi32.dll
Sogou.com Inc.
3.1.13.88
(C) 2015 Sogou.com Inc. All rights reserved.

MiniThunderPlatform.exe_968:




.textbss1U
.text
`.rdata
@.data
.idata
.rsrc
httpsProxy
ftpProxy
httpProxy
dwTcpSpeedLimit
ref_url_length
ref_url
url_length
udp_port
tcp_port
strCurrentExeFullPath
strExeFullPath
bug_report_dir
ShExecInfo
cmd_line
hKey
CertInfo
hMsg
XLBugReport_path
SSSh5
hXXp://store.paycenter.uc.cn
mail-attachment.googleusercontent.com
d:\minitp\src\minithunderplatform\src\minithunderplatform\downloadenginemanager.cpp
80000055
\/:*?"<>|
d:\minitp\src\minithunderplatform\src\dl_common\common\utility.cpp
_XL_SetAlwaysSendReport@4
_XL_SetReportShowMode@4
_XL_SetBugReportRootDir@4
unknown SDParameterType: %d when SDParameter::encode_data
unknown SDParameterType: %d when SDParameter::decode_data
Kernel32.dll
Run-Time Check Failure #%d - %s
MSPDB71.DLL
PSAPI.DLL
IMAGEHLP.DLL
KERNEL32.DLL
RegCloseKey
RegOpenKeyExA
ADVAPI32.DLL
d:\MiniTP\Src\MiniThunderPlatform\pdb\ProductForCommon\MiniThunderPlatform.pdb
||80000372
VERSION.dll
RASAPI32.dll
KERNEL32.dll
USER32.dll
RegCreateKeyExW
ADVAPI32.dll
ShellExecuteExW
SHELL32.dll
ole32.dll
OLEAUT32.dll
MSVCP71.dll
SHLWAPI.dll
MSVCR71.dll
_CRT_RTC_INIT
_wcmdln
_amsg_exit
CryptMsgClose
CertCloseStore
CertFreeCertificateContext
CertGetNameStringW
CertFindCertificateInStore
CryptMsgGetParam
CRYPT32.dll
GetProcessHeap
id.dat
dl_peer_id.dll
dc.ini
download_engine.dll
MINITP\BugReport\
{C6B7F4D9-8D15-4a48-A722-B54C3D6FCE70}
_67960FC3-A819-4fca-B939-F2B110716584_
{16C9DF46-AAF4-485d-AABE-4FE09E17E524}
%s=%s
%hu%c%hu%c%hu%c%hu
http redirect loop for 5 times
http redirect url is invalid
http header is invalid
xml <item> no key
invalid rsa public key
invalid aes key
shell32.dll
\*.dll
XLBugReport.exe
XLBugHandler.dll
%sThumbs.db
Thumbs.db
%s*.*
3.2.1.42






Remove it with Ad-Aware




    

  1. Click (here) to download and install Ad-Aware Free Antivirus.
    2. 

  2. Update the definition files.
    3. 

  3. Run a full scan of your computer.
    4. 





Manual removal*




    

  1. Terminate malicious process(es) (How to End a Process With the Task Manager):
    

    ThunderFW.exe:1064
    UpdateService.exe:832
    UpdateService.exe:1364
    ExternalApp.exe:404
    minidownload.exe:224
    regsvr32.exe:1688
    %original file name%.exe:1432
    MiniTPFw.exe:976
    

    2. 

  2. Delete the original Trojan-Downloader file.
    3. 

  3. Delete or disinfect the following files created/modified by the Trojan-Downloader:
    

    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\link[4].png (392 bytes)
    %Documents and Settings%\%current user%\Application Data\SogouSoftware\data\cache\LocalInfo.xml (7 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\SogouSoftwareExternalApp[1].exe (1090658 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\recommend[1].css (145 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\ie-css3[1].htc (5022 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\link[2].png (2435 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\link[5].png (3175 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\ie-css3[1].htc (1012 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SuiteDownloader20160222153349.exe (119919 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\381427456234840[1].jpg (17344 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\link[3].png (6116 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\link[1].jpg (5873 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\link[4].png (13048 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\link[1].png (8672 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\link[2].png (2535 bytes)
    %Documents and Settings%\%current user%\Application Data\SogouSoftware\data\cache\PCID.xml (685 bytes)
    %Documents and Settings%\%current user%\Application Data\SogouSoftware\data\sogousoftware.db (149 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\loading[1].gif (568 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\scroll[1].js (601 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\link[2].png (2730 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Cookies\Current_User@sogou[1].txt (494 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\link[1].png (1789 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\jquery-1.7.2.min[1].js (37173 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\link[1].png (9045 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\link[3].png (3359 bytes)
    %Documents and Settings%\%current user%\Application Data\SogouSoftware\data\cache\SilentParaReponse.xml (97 bytes)
    %Documents and Settings%\%current user%\Application Data\-5561624350552157631_4848.png (11 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\741430117543639[1].png (22604 bytes)
    %Documents and Settings%\%current user%\Application Data\SogouSoftware\data\sogousoftware.db-journal (86 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\jquery-1.11.1.min[1].js (41557 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\link[1].png (5635 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\ranking-ico[1].png (1 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\ranking[1].css (73 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\SG.jpeg (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\link[2].png (2009 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\link[4].png (776 bytes)
    %Documents and Settings%\%current user%\Application Data\SogouSoftware\data\cache\NewVersionReponse.xml (1 bytes)
    %Program Files%\SogouSoftware\tmp\ExternalApp.exe (684687 bytes)
    %Documents and Settings%\%current user%\Application Data\SogouSoftware\data\cache\OnlineIconReponse.xml (359 bytes)
    %Documents and Settings%\%current user%\Cookies\index.dat (964 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\CC1430117533187[1].png (15244 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\10344[1].jpg (628 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\link[3].png (1420 bytes)
    %Documents and Settings%\%current user%\Application Data\SogouSoftware\data\cache\SoftInfo.xml (809 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\SuiteDownloader20160222153349[1].exe (249517 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\ranking-ico[1].png (2 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\desktop.ini (67 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\menu_item.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\search_bar_act.png (17 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\beginbtn.png.svn-base (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\install_driver.gif (1568 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\ins_progress_bk.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\ins_app2phone.png.svn-base (16 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\item_icon.png.svn-base (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\DrvInst32\.svn\text-base\DrvInst_x86.exe.svn-base (10321 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\7.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\3.0.0.0\.svn\entries (582 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\1.png.svn-base (18 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\1.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\logo.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\loading.gif.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\combo_simple.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\combo_simple_up.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\menu_item.png (3 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\finishbtn.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\icon_success.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\ScrollBar\.svn\text-base\scrollH.png.svn-base (909 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\uninstall_hov.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\ins_title.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\update_confirm_dlg.xml (2 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\info_icon.png.svn-base (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\continuebtn.png (819 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\combo_sel.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\feedback_act.png (17 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\update_hand.png.svn-base (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\phone_connected.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\combo_sel.png (347 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\item_icon_4.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\down_smt.png (3 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\menu_item.png.svn-base (3 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\button.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\ins_ready.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\follow_tip.png.svn-base (1 bytes)
    %Program Files%\SogouSoftware\update\SogouPDAInfo.sqlite3 (3624 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\phone_unconnected.png.svn-base (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\apk.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\scroll_trs.png.svn-base (938 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\logo.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\progress_pause.png.svn-base (17448 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\setting_nor.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\ScrollBar\.svn\prop-base\scrollH.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\.svn\all-wcprops (140 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\feedback_dwn.png.svn-base (17 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\3.0.0.0\apktool.ini (44 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\bigbtn_shadow.png (3 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\Õýʽ°æÑ¡ÖÐ״̬.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\close_dwn.png (17 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\item_icon2.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\button140.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\button.png.svn-base (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\2.png (18 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\ready_icon.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\3.0.0.0\.svn\text-base\apktool.ini.svn-base (44 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\.svn\text-base\upgrade_beta_list_item.xml.svn-base (5 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\smalldlg_shadow.png.svn-base (3 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\SogouApkTool.exe (48424 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\.svn\text-base\update_dlg.xml.svn-base (3 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\DrvInst32\.svn\entries (578 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\progress_fore.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\close_search.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\item_icon_5.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\menubtn.png (3 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\closebtn.png.svn-base (4 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\ins_app2phone.png (16 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\combo_simple_up.png (15 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\menu_bk.png.svn-base (2 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\combo_right.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\progress_pause.png (17448 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\downloading.gif (7 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\guide_smt.png (2712 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\logo.png.svn-base (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\GIF\.svn\entries (435 bytes)
    %Program Files%\SogouSoftware\manifest.cfg (30 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\uninstall_hov.png.svn-base (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\item_icon2.png.svn-base (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\closebtn_normal.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\download_bind_checkbox.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\down_smt.png.svn-base (3 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\dlgClose_dwn.png (1 bytes)
    %Documents and Settings%\All Users\Start Menu\Programs\Èí¼þÖúÊÖ\Èí¼þÖúÊÖ.lnk (734 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\continuebtn_small.png.svn-base (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\download_bind_checkbox.png.svn-base (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\.svn\text-base\group_list_item.xml.svn-base (693 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\setting_act.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\phone_unconnected.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\shy.png (5 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\dlg_feedback.xml (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\ConfirmDlg.xml.svn-base (2 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\MySoftwareManager.xml (24 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\apk.png.svn-base (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\.svn\text-base\AdbWinApi.dll.svn-base (4250 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\6.png.svn-base (18 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\recommend_hov.png.svn-base (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\beginbtn.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\DrvInst64\.svn\entries (578 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\4.png.svn-base (18 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\btn_3state.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\ConfirmDlg.xml (2 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\ins_app2phone.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\smalldlg_shadow.png (3 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\web_external_browser_dlg.xml (318 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\connect_dev.png.svn-base (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\item_icon_4.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\combo_mask.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\all_updated.png (9 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\DrvInst64\.svn\prop-base\DIFxAPI.dll.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\progress_fore.png.svn-base (15817 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\ins_progress_bg.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\.svn\text-base\uninstall_list_item.xml.svn-base (3 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\allow_debug.png.svn-base (2712 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\format (2 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\progress_bk.png (17660 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\.svn\prop-base\SogouPhoneService.exe.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\.svn\text-base\update_dlg_otherfont.xml.svn-base (3 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\option_bk.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\wait_dev.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\combo_mid.png.svn-base (939 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\.svn\text-base\SogouPhoneService.exe.svn-base (22004 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\DrvInst64\.svn\text-base\DIFxAPI.dll.svn-base (11174 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\combo.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\SogouPhoneService.exe (22004 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\search_bar_act_focus.png.svn-base (17 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\closebtn_active.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\button160.png.svn-base (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\CommonState.dll (2228 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\ins_app2phone_arrow.png.svn-base (2 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\download_hov.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\button160.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\combo.png.svn-base (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\scroll_bk.png.svn-base (3 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\2.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\ins_progress_bg.png.svn-base (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\Ñ¡ÖÐ̬.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\dlg_settings.xml (6 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\7.png.svn-base (18 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\AdbWinApi.dll (4250 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\closebtn.png (4 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\setting_dwn.png (18 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\search_bar_act.png.svn-base (17 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\search_bar_nor.png.svn-base (18 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\search_delete.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\group_list_item.xml (693 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\.svn\text-base\upgrade_stable_list_item.xml.svn-base (5 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\search_bar_act_focus.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\scroll_thu.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\check.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\upgrade_beta_list_item.xml (5 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\tab_bk.png (2 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\close_act.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\3.0.0.0\SogouPDAInfo.sqlite3 (3624 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\update_info.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\.svn\text-base\update_list_dlg.xml.svn-base (5 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\progress_pause.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\smallbtn_shadow.png (3 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\smallbtn.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\tab.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\update_nor.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\GIF\.svn\prop-base\loading.gif.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\closebtn_hover.png.svn-base (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\classify_btn_pushed.png.svn-base (130 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\ScrollBar\scroll.png (13 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\3.0.0.0\Temp\ApkIcons\.svn\entries (314 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\ins_title.png.svn-base (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\ready_icon.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\confirm_bk.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\update_dwn.png.svn-base (18 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\smallbtn_shadow.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\warning_icon.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\dlgClose_nor.png.svn-base (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\closebtn_active.png.svn-base (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\radio.png.svn-base (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\progress_fore.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\.svn\entries (1 bytes)
    %Documents and Settings%\All Users\Start Menu\Programs\Èí¼þÖúÊÖ\жÔØÈí¼þÖúÊÖ.lnk (501 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\install_driver.gif.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\DrvInst32\.svn\text-base\DIFxAPI.dll.svn-base (12309 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\newbutton.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\feedback_act.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\ready_icon.png.svn-base (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\downloading.gif.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\9 .png.svn-base (18 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\logo3636.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\close_act.png (17 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\search_bar_nor.png (18 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\tab_bk.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\8.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\upgrade_ignore_list_item.xml (3 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\DrvInst64\DIFxAPI.dll (11174 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\left_btn_mask.png.svn-base (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\tooltips_dlg.xml (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\item_icon_5.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\combo_right.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\newbutton.png.svn-base (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\loading.gif.svn-base (2 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\Ñ¡ÖÐ̬.png (17 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\info.png.svn-base (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\progress_fore.png.svn-base (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\ins_banner.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\3.png.svn-base (18 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\Õýʽ°æÑ¡ÖÐ״̬.png (15476 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\3.0.0.0\Temp\ApkIcons\.svn\format (2 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\all-wcprops (12 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\tab.png.svn-base (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\9.png (18 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\progress_bk.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\.svn\text-base\MySoftwareManager.xml.svn-base (24 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\phone_normal.png.svn-base (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\upgrade_stable_list_item.xml (5 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\white.png.svn-base (163 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\recommend_selected.png.svn-base (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\.svn\text-base\download_list_item.xml.svn-base (2 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\update_nor.png.svn-base (18 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\bottombk.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\DrvInst32\.svn\prop-base\DIFxAPI.dll.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\ins_progress.gif (9 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\3.0.0.0\Temp\.svn\format (2 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\combo_left.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\ins_app2phone_arrow.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\combo_sel.png.svn-base (347 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\dlgClose_act.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\ins_ready.png.svn-base (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\info.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\.svn\entries (3 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\bigbtn_shadow.png.svn-base (3 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\download_bind_list_item.xml (2 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\info_icon.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\item_icon2.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\setting_act.png (18 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\connect_dev.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\USB.png (7 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\feedback_dwn.png (17 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\Õýʽ°æÑ¡ÖÐ״̬.png.svn-base (15476 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\ins_progress.gif.svn-base (9 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\.svn\text-base\aapt.exe.svn-base (22008 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\dlgshadow.png.svn-base (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\radio.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\download_bind_bg.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\closebtn_hover.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\hover̬.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\grin.png (24 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\apostrophe.gif.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\dlgClose_dwn.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\combo_hot.png (350 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\GIF\.svn\all-wcprops (303 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\logo4848default.png.svn-base (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\search_bar_nor.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\closebtn_active.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\close_search.png.svn-base (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\progress_fore.gif (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\uninstall_nor.png.svn-base (18 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\phone_unconnected.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\.svn\format (2 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\update_info.png.svn-base (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\closebtn_normal_dlg.png (415 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\download_nor.png (18 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\entries (11 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\grin.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\recommend_selected.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\smallbtn.png.svn-base (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\item_icon.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\shy.png.svn-base (5 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\phone_normal.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\scroll_thu.png (2 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\3.0.0.0\.svn\format (2 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\check.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\6.png (18 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\ËÑË÷ɾ³ý.png (17 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\menu.xml.svn-base (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\close_dwn.png.svn-base (17 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\btn_3state.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\dlgshadow.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\GIF\.svn\text-base\loading.gif.svn-base (494 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\.svn\format (2 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\connect_dev.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\8.png (18 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\7.png (18 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\continuebtn_small.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\tooltip.png (2 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\6.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\scroll_trs.png (938 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\download_dwn.png (18 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\update_hov.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\scroll_thu.png.svn-base (2 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\logo4848default.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\.svn\text-base\update_list_dlg_otherfont.xml.svn-base (5 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\all-wcprops (13 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\item_icon_3.png.svn-base (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\ApkTool.xml.svn-base (1568 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\info_icon.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\downloading.gif.svn-base (7 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\download_bind_bg.png.svn-base (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\2.png.svn-base (18 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\check.png.svn-base (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\dlgshadow.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\smallbtn_shadow.png.svn-base (3 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\DrvInst32\.svn\prop-base\DrvInst_x86.exe.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\update_hov.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\update_hov.png.svn-base (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\update_nor.png (18 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\.svn\text-base\download_bind_list_item.xml.svn-base (2 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\phone_normal.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\9 .png (18 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\soft_search_list.xml (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\menubtn.png.svn-base (3 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\recommend_hov.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\closebtn_hover.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\DrvInst64\.svn\all-wcprops (485 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\setting_dwn.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\combo_mask.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\dlgClose_act.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\button160.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\apostrophe.gif.svn-base (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\beginexp.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\combo_simple_up.png.svn-base (15 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\AdbWinUsbApi.dll (2628 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\ËÑË÷ɾ³ý.png.svn-base (17 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\feedback_nor.png.svn-base (17 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\.svn\prop-base\AdbWinApi.dll.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\.svn\text-base\dlg_settings.xml.svn-base (6 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\tips_down.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\dlgClose_dwn.png.svn-base (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\logo4848default.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\warning_icon.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\phone_connected.png.svn-base (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\combo_left.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\continuebtn.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\ScrollBar\scrollH.png (909 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\confirm_closebtn.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\.svn\text-base\dlg_feedback.xml.svn-base (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\confirm_closebtn.png.svn-base (4 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\dlgClose_act.png.svn-base (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\8.png.svn-base (18 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\close_nor.png (17 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\3.0.0.0\.svn\prop-base\SogouPDAInfo.sqlite3.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\item_icon_3.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\.svn\prop-base\adbdll.dll.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\option_bk.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\follow_tip.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\tips.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\uninstall_nor.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\uninstall_dwn.png (18 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\menu_bk.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\ins_confirm.png (632 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\.svn\format (2 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\.svn\text-base\recommend_classify_table.xml.svn-base (4 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\android_ver.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\bigbtn_shadow.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\GIF\loading.gif (494 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\close_search.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\wait_dev.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\closebtn_normal_dlg.png.svn-base (415 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\menu.xml (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\search_bar_act_focus.png (17 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\USB.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\logo3636.png.svn-base (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\closebtn_normal.png.svn-base (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\ins_confirm.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\uninstall_dwn.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\all_updated.png.svn-base (9 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\uninstall_dwn.png.svn-base (18 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\tips_down.png.svn-base (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\DrvInst32\DrvInst_x86.exe (10321 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\continuebtn_small.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\combo_simple.png.svn-base (285 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\closebtn_normal_dlg.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\combo_simple.png (285 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\guide_smt.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\DrvInst64\.svn\format (2 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\closebtn_normal.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\smalldlg_shadow.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\uninstall_list_item.xml (3 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\button.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\magnifier_search.png.svn-base (1 bytes)
    %Documents and Settings%\All Users\Desktop\Èí¼þÖúÊÖ.lnk (720 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\download_nor.png.svn-base (18 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\recommend_selected.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\.svn\prop-base\aapt.exe.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\tooltip.png.svn-base (2 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\finishbtn.png.svn-base (817 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\APKlogo.ico (2610 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\close_nor.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\scroll_bk.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\warning_icon.png.svn-base (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\GIF\.svn\format (2 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\IEHint.dll (10060 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\SogouSoftware.dll (28329 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\feedback_nor.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\grin.png.svn-base (24 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\Ñ¡ÖÐ̬.png.svn-base (17 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\update_hand.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\apk.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\search_delete.png.svn-base (17 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\left_btn_mask.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\APKlogo.ico.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\smallbtn.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\uninstall_nor.png (18 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\format (2 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\default_pkgicon.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\.svn\text-base\AdbWinUsbApi.dll.svn-base (2628 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\5.png (18 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\update_dwn.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\follow_tip.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\closebtn.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\feedback_nor.png (17 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\setting_nor.png.svn-base (18 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\combo_left.png.svn-base (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\ins_confirm.png.svn-base (632 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\magnifier_search.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\DuiLib.dll (20357 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\logo3636.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\entries (10 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\download_bind_bg.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\.svn\text-base\SogouAapt.exe.svn-base (24085 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\confirm_dlg.xml (2 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\phone_connected.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\.svn\text-base\upgrade_ignore_list_item.xml.svn-base (3 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\menubtn.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\adbdll.dll (2430 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\setting_dwn.png.svn-base (18 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\all_updated.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\ins_ready.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\4.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\allow_debug.png (2712 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\confirm_bk.png.svn-base (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\ins_app2phone_arrow.png (2 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\loading.gif (2 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\combo_mid.png (939 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\tips_down.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\dlgClose_nor.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\5.png.svn-base (18 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\progress_bk.png.svn-base (952 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\DrvInst32\.svn\all-wcprops (485 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\4.png (18 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\checkbox.png.svn-base (3 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\close_act.png.svn-base (17 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\checkbox.png (3 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\button.png.svn-base (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\download_list_item.xml (2 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\3.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\DrvInst32\.svn\format (2 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\DrvInst64\DrvInst_x64.exe (10382 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\APKlogo.ico.svn-base (2610 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\ins_banner.png.svn-base (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\9.png.svn-base (18 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\close_dwn.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\setting_act.png.svn-base (18 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\recommend_classify_table.xml (4 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\continuebtn.png.svn-base (819 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\update_list_dlg.xml (5 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\nsu4.tmp\System.dll (11 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\3.0.0.0\Temp\.svn\entries (320 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\3.0.0.0\.svn\all-wcprops (488 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\sqlite3.dll (10053 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\IEHint64.dll (11293 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\aapt.exe (22008 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\download_nor.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\wait_dev.png.svn-base (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\ins_progress.gif.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\item_icon_4.png.svn-base (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\left_btn_mask.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\tooltip.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\npdownload64.dll (9670 bytes)
    %Program Files%\SogouSoftware\update\USBDT.dll (14494 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\uninstall_hov.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\update\UpdateService.exe (6875 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\combo.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\android_ver.png.svn-base (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\update_dlg_otherfont.xml (3 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\combo_hot.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\default_pkgicon.png (2 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\info.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\ScrollBar\.svn\format (2 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\ScrollBar\.svn\entries (576 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\bottombk.png.svn-base (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\9.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\.svn\text-base\tooltips_dlg.xml.svn-base (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\download_hov.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\setting_nor.png (18 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\.svn\prop-base\AdbWinUsbApi.dll.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\.svn\prop-base\SogouAapt.exe.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\android_ver.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\.svn\text-base\confirm_dlg.xml.svn-base (2 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\.svn\text-base\web_external_browser_dlg.xml.svn-base (318 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\classify_btn_pushed.png (130 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\3.0.0.0\Temp\.svn\all-wcprops (146 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\progress_fore.gif.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\button.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\ins_banner.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\ScrollBar\.svn\all-wcprops (484 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\white.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\update_info.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\progress_fore.gif.svn-base (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\beginexp.png.svn-base (1 bytes)
    %Program Files%\SogouSoftware\Èí¼þÖúÊÖ.lnk (1284 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\tab_bk.png.svn-base (2 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\confirm_bk.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\white.png (163 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\progress_fore.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\allow_debug.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\combo_right.png.svn-base (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\edit.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\hover̬.png.svn-base (17 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\guide_smt.png.svn-base (2712 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\.svn\all-wcprops (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\menu_bk.png (2 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\recommend_hov.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\update_list_dlg_otherfont.xml (5 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\npdownload.dll (8591 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\finishbtn.png (817 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\confirm_closebtn.png (4 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\.svn\text-base\update_confirm_dlg.xml.svn-base (2 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\DrvInst64\.svn\text-base\DrvInst_x64.exe.svn-base (10382 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\feedback_act.png.svn-base (17 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\magnifier_search.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\progress_bk.png.svn-base (17660 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\shy.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\button140.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\DrvInst32\DIFxAPI.dll (12309 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\default_pkgicon.png.svn-base (2 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\9 .png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\icon_success.png.svn-base (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\combo_mask.png.svn-base (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\download_dwn.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\install_driver.gif.svn-base (1568 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\checkbox.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\.svn\text-base\adbdll.dll.svn-base (2430 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\button.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\edit.png.svn-base (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\scroll_trs.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\3.0.0.0\.svn\text-base\SogouPDAInfo.sqlite3.svn-base (3624 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\.svn\text-base\downloadComplete_list_item.xml.svn-base (4 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\option_bk.png.svn-base (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\item_icon_3.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\down_smt.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\scroll_bk.png (3 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\5.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\feedback_dwn.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\ins_progress_bk.png.svn-base (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\ScrollBar\.svn\prop-base\scroll.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\close_nor.png.svn-base (17 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\ins_progress_bg.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\1.png (18 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\download_bind_checkbox.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\tab.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\progress_bk.png (952 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\search_bar_act.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\beginbtn.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\download_dwn.png.svn-base (18 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\tips.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\download_hov.png.svn-base (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\btn_3state.png.svn-base (1 bytes)
    %Program Files%\SogouSoftware\uninst.exe (794 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\item_icon_5.png.svn-base (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\3.0.0.0\Temp\ApkIcons\.svn\all-wcprops (155 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\item_icon.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\ins_progress_bk.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\ApkTool.xml (1568 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\search_delete.png (17 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\radio.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\ËÑË÷ɾ³ý.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\button140.png.svn-base (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\apostrophe.gif (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\update_hand.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\update_dwn.png (18 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\.svn\entries (314 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\update_dlg.xml (3 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\combo_mid.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\hover̬.png (17 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\icon_success.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\progress_fore.png (15817 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\.svn\all-wcprops (3 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\classify_btn_pushed.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\.svn\text-base\soft_search_list.xml.svn-base (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\ins_title.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\beginexp.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\DrvInst64\.svn\prop-base\DrvInst_x64.exe.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\text-base\combo_hot.png.svn-base (350 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\3.png (18 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\ScrollBar\.svn\text-base\scroll.png.svn-base (13 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\newbutton.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\downloadComplete_list_item.xml (4 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\dlgClose_nor.png (1 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\progress_bk.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\skin\PNG\.svn\prop-base\edit.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\SogouAapt.exe (24085 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\prop-base\bottombk.png.svn-base (53 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\USB.png.svn-base (7 bytes)
    %Program Files%\SogouSoftware\3.1.13.88\ApkTool\extheme\ApkTool\.svn\text-base\tips.png.svn-base (1 bytes)
    %Documents and Settings%\All Users\Application Data\Thunder Network\DownloadLib\pub_store.dat (405 bytes)
    %Documents and Settings%\All Users\Application Data\Thunder Network\Mini_downloadlib\ODAwMDAzNzI=\Version_3_2_1_42\Profiles\stat.dat (20 bytes)
    %Documents and Settings%\All Users\Application Data\Thunder Network\Mini_downloadlib\ODAwMDAzNzI=\Version_3_2_1_42\Profiles\error.dat (283 bytes)
    %Documents and Settings%\All Users\Application Data\Thunder Network\Mini_downloadlib\ODAwMDAzNzI=\Version_3_2_1_42\Profiles\asyn_frame.dat (909 bytes)
    %Documents and Settings%\All Users\Application Data\Thunder Network\Mini_downloadlib\ODAwMDAzNzI=\200U (39 bytes)
    %Documents and Settings%\All Users\Application Data\Thunder Network\Mini_downloadlib\ODAwMDAzNzI=\Version_3_2_1_42\Profiles\download.cfg (1007 bytes)
    %Program Files%\SogouSoftware\download\download\.svn\prop-base\atl71.dll.svn-base (53 bytes)
    %Program Files%\SogouSoftware\download\download\.svn\text-base\msvcp71.dll.svn-base (10930 bytes)
    %Program Files%\SogouSoftware\download\download\ThunderFW.exe (3053 bytes)
    %Program Files%\SogouSoftware\download\download\.svn\text-base\id.dat.svn-base (40 bytes)
    %Program Files%\SogouSoftware\download\download\.svn\all-wcprops (1 bytes)
    %Program Files%\SogouSoftware\download\download\.svn\prop-base\download_engine.dll.svn-base (53 bytes)
    %Program Files%\SogouSoftware\SogouSoftwareLoader.dll (11043 bytes)
    %Program Files%\SogouSoftware\download\download\.svn\prop-base\MiniTPFw.exe.svn-base (53 bytes)
    %Program Files%\SogouSoftware\download\download\.svn\text-base\MiniThunderPlatform.exe.svn-base (7951 bytes)
    %Program Files%\SogouSoftware\download\download\.svn\entries (1 bytes)
    %Program Files%\SogouSoftware\download\download\.svn\prop-base\MiniThunderPlatform.exe.svn-base (53 bytes)
    %Program Files%\SogouSoftware\download\xldl.dll (9424 bytes)
    %Program Files%\SogouSoftware\download\download\.svn\prop-base\zlib1.dll.svn-base (53 bytes)
    %Program Files%\SogouSoftware\download\download\.svn\format (2 bytes)
    %Program Files%\SogouSoftware\download\download\.svn\text-base\download_engine.dll.svn-base (75696 bytes)
    %Program Files%\SogouSoftware\download\download\.svn\text-base\msvcr71.dll.svn-base (12773 bytes)
    %Program Files%\SogouSoftware\download\download\msvcp71.dll (10930 bytes)
    %Program Files%\SogouSoftware\download\download\MiniThunderPlatform.exe (7951 bytes)
    %Program Files%\SogouSoftware\SogouSoftware.exe (6861 bytes)
    %Program Files%\SogouSoftware\crash\.svn\entries (440 bytes)
    %Program Files%\SogouSoftware\download\download\.svn\prop-base\ThunderFW.exe.svn-base (53 bytes)
    %Program Files%\SogouSoftware\download\download\id.dat (40 bytes)
    %Program Files%\SogouSoftware\crash\.svn\prop-base\ExceptionReport.exe.svn-base (53 bytes)
    %Program Files%\SogouSoftware\download\download\.svn\prop-base\msvcr71.dll.svn-base (53 bytes)
    %Program Files%\SogouSoftware\download\download\download_engine.dll (75696 bytes)
    %Program Files%\SogouSoftware\download\download\zlib1.dll (3170 bytes)
    %Program Files%\SogouSoftware\crash\.svn\all-wcprops (301 bytes)
    %Program Files%\SogouSoftware\download\download\.svn\text-base\dl_peer_id.dll.svn-base (2910 bytes)
    %Program Files%\SogouSoftware\download\download\.svn\prop-base\dl_peer_id.dll.svn-base (53 bytes)
    %Program Files%\SogouSoftware\download\download\msvcr71.dll (12773 bytes)
    %Program Files%\SogouSoftware\crash\.svn\format (2 bytes)
    %Program Files%\SogouSoftware\crash\ExceptionReport.exe (3718 bytes)
    %Program Files%\SogouSoftware\download\download\MiniTPFw.exe (1633 bytes)
    %Program Files%\SogouSoftware\download\download\.svn\text-base\atl71.dll.svn-base (2201 bytes)
    %Program Files%\SogouSoftware\download\download\.svn\text-base\ThunderFW.exe.svn-base (3053 bytes)
    %Program Files%\SogouSoftware\download\download\.svn\prop-base\msvcp71.dll.svn-base (53 bytes)
    %Program Files%\SogouSoftware\crash\.svn\text-base\ExceptionReport.exe.svn-base (3718 bytes)
    %Program Files%\SogouSoftware\download\download\.svn\text-base\MiniTPFw.exe.svn-base (1633 bytes)
    %Program Files%\SogouSoftware\download\download\atl71.dll (2201 bytes)
    %Program Files%\SogouSoftware\download\download\dl_peer_id.dll (2910 bytes)
    %Program Files%\SogouSoftware\download\download\.svn\text-base\zlib1.dll.svn-base (3170 bytes)
    %System%\GroupPolicy\gpt.ini (315 bytes)
    %System%\GroupPolicy\Machine\Registry.pol (268 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
    %Documents and Settings%\%current user%\Local Settings\History\History.IE5\desktop.ini (159 bytes)
    %Documents and Settings%\%current user%\Local Settings\Temp\minidownload.exe (12289 bytes)
    %Documents and Settings%\%current user%\Cookies\Current_User@sogou[2].txt (309 bytes)
    

    4. 

  4. Delete the following value(s) in the autorun key (How to Work with System Registry):
    

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
    "SogouSoftware" = "%Program Files%\SogouSoftware\SogouSoftware.exe /AutoRun"
    

    5. 

  5. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
    6. 

  6. Reboot the computer.
    7. 



*Manual removal may cause unexpected system behaviour and should be performed at your own risk.












 
 




 
No votes yet












				


							


			

				
					  
							

		

		


					
							

	

	
	        


	

        
      
 

      
      

      
    
 

    
  
 

		


		

		
			

			

				

					Lavasoft is the maker of Ad-Aware,
					the world's most popular anti-malware 
					software with over 450 million 
					downloads.
				

				

					© 2026 Lavasoft. All rights reserved.

					Terms Of Use |   Privacy Policy
					


								

			


		

		


	

	
	

	

		x
		
Our best antivirus yet!

		
Fresh new look. Faster scanning. Better protection.

		

			
Enjoy unique new features, lightning fast scans and a simple yet beautiful new look in our best antivirus yet!

			
For a quicker, lighter and more secure experience, download the all new adaware antivirus 12 now!

			
			Download adaware antivirus 12
		

		No thanks, continue to lavasoft.com
	

	

		

			close x
			
Discover the new adaware antivirus 12

			
Our best antivirus yet

			Download Now