Trojan-Dropper.Win32.Vtimrun_137b4f9f10

by malwarelabrobot on June 1st, 2014 in Malware Descriptions.

Trojan-Downloader.Win32.Genome.haix (Kaspersky), Trojan.NSIS.StartPage.FD, Trojan.Win32.IEDummy.FD, Trojan.Win32.Swrort.3.FD, mzpefinder_pcap_file.YR, TrojanDropperVtimrun.YR (Lavasoft MAS)
Behaviour: Trojan-Dropper, Trojan-Downloader, Trojan


The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Requires JavaScript enabled!

Summary
Dynamic Analysis
Static Analysis
Network Activity
Map
Strings from Dumps
Removals

MD5: 137b4f9f1066ae3b491d7018efdf8dc4
SHA1: 7838930321df9301e7f31a2bd43b9b9e46f15aa5
SHA256: 399d49f2153ab171c42632ca87845a3d5c5060303207afc06fe9767432668573
SSDeep: 24576:aWRGmay4PA5NLqDYXyvDB2NeJfGaJYk1UsRNhwc8c1:hGfQNuN7seJ 2Yk/twN6
Size: 1095855 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: A.P.P.
Created at: 2009-06-07 00:41:59
Analyzed on: WindowsXP SP3 32-bit


Summary:

Trojan-Dropper. Trojan program, intended for stealth installation of other malware into user's system.

Payload

No specific payload has been found.

Process activity

The Trojan-Dropper creates the following process(es):

BaiduSd.exe:3108
shandian.exe:1324
shandian.exe:192
F30241_s_0523.exe:1356
BaiduSdTray.exe:2348
bddownloader.exe:2856
regsvr32.exe:2944
regsvr32.exe:3020
BaiduSdSvc.exe:2156
BaiduSdSvc.exe:240
netsh.exe:2972
BDKVWsc.exe:2772
BDKVWsc.exe:3472
RegSvr32.exe:2804
RegSvr32.exe:2892
BDDownloader.exe:2732
BDDownloader.exe:2660

The Trojan-Dropper injects its code into the following process(es):

emaaif_70690.exe:2700
sdad.exe:1620
%original file name%.exe:816
icclz.exe:432
iexplore.exe:1664
pczh_98_2.exe:2216
services.exe:760
svchost.exe:1080

File activity

The process shandian.exe:1324 makes changes in the file system.
The Trojan-Dropper deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\~DF42E6.tmp (0 bytes)

The process shandian.exe:192 makes changes in the file system.
The Trojan-Dropper creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\v53_arrow_h[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\texture[1].gif (3628 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\v33_sugg_ajaj_v40_3[1].js (1352 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\skin2_0[1].gif (592 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\123.sogou[1].htm (4676 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\ufo2[2].js (12854 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\_ads_2[1].js (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\v53_123n[2].js (4599 bytes)
%Program Files%\shandian\bin\twcache.ini (696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\logo_1112293[1].gif (1266 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\rec[1].do (374 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\start_button[1].jpg (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\setting_icon[1].gif (76 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\img-news[1].gif (225 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\fbg_about[1].png (634 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\v53_bicos[1].gif (826 bytes)
%Program Files%\shandian\bin\ImgCache\123.sogou.com_favicon.ico (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\subnav_v41[1].png (634 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\20140528121904_599[1].jpg (1467 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@sogou[2].txt (316 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\selogo_111207[1].png (1858 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\123.sogou[1] (7217 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\v53_2icos[1].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\img-video-2[1].gif (225 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\skin_[1].css (21 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\foot_slider[1].jpg (322 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\new-ico[1].png (211 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\favicon[1].ico (681 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\skin_tips_n1[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\titlebg[1].png (634 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (1354 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\20140526163242_997[1].jpg (186 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\DD_belatedPNG_0.0.8a-min[2].js (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\20140526163043_207[1].jpg (186 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\guide_tip[1].png (1094 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\citydata[2].js (5088 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@sogou[1].txt (448 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\v33_sugg_ajaj_v40_3[2].js (1187 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\hotdata[1].js (3 bytes)
%Program Files%\shandian\bin\theworld.ac (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\VGX3.tmp (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\welcome_cn[1].htm (1469 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\20140526170756_638[1].jpg (186 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\get_123_v53[1].php (17417 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\ufo2[1].js (7232 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\i-ico-2b[1].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\selogo_111207[1].png (1858 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\get_tj[1].php (1199 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\selogo_111207[2].png (1467 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\v53_123n[1].js (5972 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\20130820165531_481[1].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\icon4[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\DD_belatedPNG_0.0.8a-min[1].js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\newioage[1].css (715 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\20130531144119_126[1].png (2789 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\20130830161205_609[1].gif (940 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\mE8bXnNioe2802[1].jpg (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\20140527160745_754[1].jpg (197 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\skin3[1].gif (1266 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\guide_top[1].jpg (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\20140508103513_537[1].gif (3628 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\20140526163446_912[1].jpg (1264 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\_ads_2[2].js (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\search_arrow[1].gif (447 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][2].txt (1826 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\main[2].js (3923 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\setskinbg[1].gif (397 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\cloudy[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\i8g7XZO1lz1162[1].jpg (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\citydata[1].js (4562 bytes)
%Program Files%\shandian\bin\shandian.ini.tmp (244 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\guide_tip[2].png (1153 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (9640 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\cloudy[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\new-erweima2[1].png (3488 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\hotdata[2].js (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\main[1].js (4592 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (191 bytes)

The Trojan-Dropper deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\_ads_2[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\v33_sugg_ajaj_v40_3[1].js (0 bytes)
%Program Files%\shandian\bin\shandian.ini (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\ufo2[1].js (0 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\guide_tip[1].png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012013041720130418\index.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\v53_123n[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012013041720130418 (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@sogou[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\cloudy[1].gif (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\DD_belatedPNG_0.0.8a-min[1].js (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@sogou[2].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\main[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\citydata[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\hotdata[1].js (0 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][2].txt (0 bytes)

The process emaaif_70690.exe:2700 makes changes in the file system.
The Trojan-Dropper creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nspC.tmp\BDMNetGetInfo.dll (9608 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nspC.tmp\BDMDownload.dll (5520 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nspC.tmp\BDMSkin.dll (36698 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsjB.tmp (128685 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nspC.tmp\icclz.exe.bdl (657521 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddl.bca.bak (579 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nspC.tmp\BDMNet.dll.bdl (37242 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nspC.tmp\res\onlineWnd.zip (14184 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nspC.tmp\tmppm4bkx.dll (24832 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nspC.tmp\BDLogicUtils.dll (31856 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddl.bca (2277 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\Common\Global.db (100 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nspC.tmp\BDMReport.dll.bdl (35297 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddlp.bca.bak (16 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\Desktop\Global.db (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nspC.tmp\System.dll (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nspC.tmp\hu.dll (3312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nspC.tmp\dl.dll (65930 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddlp.bca (24 bytes)

The Trojan-Dropper deletes the following file(s):

%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddlp.bca.bak (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddl.bca.bak (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nspC.tmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddl.bca (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsuA.tmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddlp.bca (0 bytes)

The process sdad.exe:1620 makes changes in the file system.
The Trojan-Dropper creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\jquery-1.7.2.min[1].js (41312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\style[2].css (145 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\b18[1].jpg (3892 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\shehui_509_366[1].htm (2049 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\b17[1].jpg (7663 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\d[1].gif (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\b19[1].jpg (1878 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@mmstat[2].txt (168 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\aaa8[1].jpg (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\Close[1].gif (348 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\aaa5[1].jpg (12687 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\meinv[1].htm (882 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\b16[1].jpg (7132 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\stat[2].gif (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\aaa1[1].jpg (7430 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\nvxing_509_366[2].htm (2047 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\cpc_img[1].htm (884 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\stat[1].php (1177 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (24768 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\b16[1].jpg (9810 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\b17[1].jpg (6746 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\aaa9[1].jpg (2077 bytes)
%Program Files%\shandian\bin\update\PopWinParam.xml (196 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\normal_bg[1].png (6236 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\aaa1[1].jpg (6709 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@cnzz[1].txt (491 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\aaa7[1].jpg (2555 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@70e[1].txt (514 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\aaa4[1].jpg (13211 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@mmstat[1].txt (336 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\stat[3].gif (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\stylemini[1].css (4968 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@70e[2].txt (664 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\b18[2].jpg (3233 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\miniindex[1].htm (4145 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\stat[2].gif (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\aaa8[1].jpg (2118 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\lieqi_509_366[1].htm (2049 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\aaa5[1].jpg (12890 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\aaa4[1].jpg (8974 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\aaa3[1].jpg (15840 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\aaa10[1].jpg (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\cpc_ztyw[1].css (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\min[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\style[1].css (145 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\shehui_509_366[1].htm (2049 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\2012_swf[1].js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\b13[1].jpg (7589 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\b19[1].jpg (2773 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\aaa9[1].jpg (2077 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\close[1].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\cpc_swf[1].asp (2103 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][2].txt (408 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\ico_new2[1].png (8604 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@565882[1].txt (139 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (611 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\jiankang_509_366[1].htm (2049 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][2].txt (694 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\stat[1].gif (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\jiankang_509_366[2].htm (1593 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\b14[2].jpg (6883 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\aaa2[1].jpg (6091 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\core[1].php (798 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\b14[1].jpg (6703 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\aaa10[1].jpg (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\Untitled-2[1].gif (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\xinwen[1].htm (881 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@cnzz[2].txt (328 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\aaa2[1].jpg (7013 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\stat[1].gif (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\aaa3[1].jpg (20995 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\stat[1].php (1163 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\lieqi_509_366[1].htm (1593 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\core[2].php (798 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\aaa7[1].jpg (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\b15[1].jpg (4891 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\cpc_img[1].js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\b15[1].jpg (4053 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\tj[1].js (279 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\cpv1[1].htm (1117 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\Untitled-3[1].jpg (4129 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\xinwen[1].htm (881 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\jquery-1.7.2.min[1].js (5103 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\meinv[1].htm (882 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\aaa6[1].jpg (6202 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@zhouliboguju[1].txt (150 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\0[1].swf (7902 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\b13[1].jpg (6566 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\nvxing_509_366[1].htm (2047 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\Untitled-1[1].gif (2240 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (1013 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\aaa6[1].jpg (5267 bytes)

The Trojan-Dropper deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\style[1].css (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\nvxing_509_366[1].htm (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@cnzz[2].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\style[2].css (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\b18[1].jpg (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\shehui_509_366[1].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\style[1].css (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\aaa1[1].jpg (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@cnzz[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\aaa3[1].jpg (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@70e[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\b19[1].jpg (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\aaa4[1].jpg (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\aaa9[1].jpg (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@mmstat[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\b15[1].jpg (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@70e[2].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@mmstat[2].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\cpc_swf[1].asp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\aaa8[1].jpg (0 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][2].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\b16[1].jpg (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\jiankang_509_366[1].htm (0 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][2].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\xinwen[1].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\aaa7[1].jpg (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\aaa5[1].jpg (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\aaa2[1].jpg (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\meinv[1].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\lieqi_509_366[1].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\core[1].php (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\b14[1].jpg (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\cpc_img[1].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\b17[1].jpg (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\b13[1].jpg (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\stat[1].php (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\aaa10[1].jpg (0 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\aaa6[1].jpg (0 bytes)

The process %original file name%.exe:816 makes changes in the file system.
The Trojan-Dropper creates and/or writes to the following file(s):

%Program Files%\shandian\ico\360.ico (32 bytes)
%Documents and Settings%\%current user%\Desktop\Internet Explorer.lnk (1 bytes)
%Program Files%\shandian\uninst.exe (2761 bytes)
%Program Files%\shandian\home.bat (691 bytes)
%Program Files%\shandian\bin\shandian.exe (28332 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy2.tmp\config.ini (3 bytes)
%Program Files%\shandian\ico\ie.ico (700 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Desktop\ÉÁµçä¯ÀÀÆ÷.lnk (505 bytes)
%Program Files%\shandian\config.ini (194 bytes)
%Program Files%\shandian\bin\shandian.ini (74 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy2.tmp\kuping_b_54282.exe (16163 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy2.tmp\emaaif_70690.exe (12288 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\ÉÁµçä¯ÀÀÆ÷.lnk (700 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy2.tmp\config0.ini (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy2.tmp\System.dll (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy2.tmp\F30241_s_0523.exe (91814 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\emaaif_70690[1].rar (12288 bytes)
%Program Files%\shandian\ico\anquan.ico (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy2.tmp\Md5dll.dll (8 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\ÉÁµçä¯ÀÀÆ÷\ÉÁµçä¯ÀÀÆ÷.lnk (694 bytes)
%Program Files%\shandian\ico\taobao.ico (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\stat[1].htm (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy2.tmp\xID.dll (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\F30241_s_0523[1].rar (91814 bytes)
%Program Files%\shandian\bin\sdad.exe (12955 bytes)
%Program Files%\shandian\shandian.exe (3121 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy2.tmp\bind.dll (1207 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\ÉÁµçä¯ÀÀÆ÷\жÔØÉÁµçä¯ÀÀÆ÷.lnk (682 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\kuping_b_54282[1].rar (37274 bytes)
%Documents and Settings%\%current user%\Desktop\360°²È«ä¯ÀÀÆ÷.lnk (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\desktop.ini (67 bytes)

The Trojan-Dropper deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\kuping_b_54282[1].rar (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\stat[1].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\emaaif_70690[1].rar (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\kuping_b_54282[1].rar (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\F30241_s_0523[1].rar (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\emaaif_70690[1].rar (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\F30241_s_0523[1].rar (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nse1.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy2.tmp (0 bytes)

The process F30241_s_0523.exe:1356 makes changes in the file system.
The Trojan-Dropper creates and/or writes to the following file(s):

%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\Microsoft.VC80.ATL\Microsoft.VC80.ATL.manifest (466 bytes)
%WinDir%\pchealth\helpctr\System\panels (4 bytes)
%System%\Macromed\Flash (4 bytes)
%WinDir%\pchealth\helpctr\System\images (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDMMsg.dll (1552 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\Skins\Default\BDKVQuarantine.rdb (10 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDMRepBase.dll (27704 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkv\Microsoft.VC80.ATL\Microsoft.VC80.ATL.manifest (466 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\BDMAVEng.dll (4185 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance (4 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BaiduSdTray.exe (10815 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\ToastImage.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDMRepMgr.dll (10136 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\GameNoDisturb.ini (215 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDMBase.dll (32128 bytes)
%Program Files%\Adobe\Reader 9.0\Reader\plug_ins3d (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDMSDWrench.dll (3312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\BDMSkin.dll (37025 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\wverify.dat (66168 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDKVLogs.dll (6584 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\811.dat (8 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMLog.dll (32 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMUpdate.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDMUpdate.dll (5520 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDMStringUtils.dll (1856 bytes)
%System%\config (96 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\806.dat (3 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\901.dat (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\virus_type.dat (485 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\KVMainframe_PluginConfig.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\fm.dat (597 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvtrayplugins\BDDownLoadProtectPlugin.dll (2105 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\BDMAVCached.dll (1425 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDArKit.sys (3312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\bd0003.sys (1856 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\Cooly_PluginConfig.xml (720 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMReport.dll (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012014053120140601\index.dat (388 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\TrayPluginContainerConfig.xml (945 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDMSRCore.dll (10136 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\hips.xml (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDMSREng.dll (9608 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\ad.dll (2321 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Security\Roles (4 bytes)
%Program Files%\Reference Assemblies\Microsoft\Framework\v3.0 (4 bytes)
%Program Files%\Reference Assemblies\Microsoft\Framework\v3.5 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\KVMainframePluginContainerConfig.xml (384 bytes)
%System% (2520 bytes)
%System%\config\systemprofile\Application Data\Microsoft (4 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMNet.dll (5873 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\Skins\Default\BDKV.rdb (3312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\cache_config.dat (469 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDMDownload.dll (11344 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDMPatchAgent.dll (784 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\TrustAndIso.dll (1281 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvrtpplugins\Microsoft.VC80.CRT\msvcm80.dll (16424 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDMAVE.dll (6584 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\Cooly_PluginConfig.xml (720 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BaiduSdRepair.exe (13584 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\Skins\Default\BDKVConfig.rdb (4992 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Security\Permissions (4 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\Microsoft.VC80.ATL\atl80.dll (3312 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\Microsoft.VC80.CRT\msvcr80.dll (21216 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDKitUtils.dll (1856 bytes)
%Program Files%\Adobe\Reader 9.0\Resource\Font (4 bytes)
%WinDir%\Microsoft.NET\Framework\v4.0.30319\WPF (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDDownLoadProtectPlugin.dll (12536 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmsysrepair\Microsoft.VC80.CRT\msvcm80.dll (16424 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\KavUpdate.dll (1281 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDDownloader.exe (9605 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\VGX3.tmp (12 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BAV\bdmp.dat (25 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMPatchAgent.dll (26 bytes)
%WinDir%\Microsoft.NET\Framework\v3.0\WPF (4 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\repairplugins\RepairPluginContainerConfig.xml (228 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDMSkin.dll (37368 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\updlog.dll (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\CoolyContainerConfig.xml (329 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\FileMon.dll (18424 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\CompatibilityChecker.dll (3312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\kav_verify.dat (677 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\explugin\npBaiduSDDetectPlug.dll (601 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BaiduSdUProxy64.exe (4545 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\Skins\Default\BDKVTray.rdb (19152 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDKVDownloadProtect_x64.dll (6584 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\System.dll (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\KVInstallHelper.dll (12536 bytes)
%System%\drivers\BDArKit.sys (601 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDKVDeskBand64.dll (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDLogicUtils.dll (9320 bytes)
%WinDir%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation (4 bytes)
%Documents and Settings%\%current user%\Cookies (196 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp (4 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvtrayplugins\BDKVTrayTipsPlugin.dll (673 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDKVMainFrame.dll (7345 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\app.ico (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BSRLib.dat (5064 bytes)
%WinDir%\Fonts (1248 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkv\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (1 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvrtpplugins\Microsoft.VC80.CRT\msvcp80.dll (19096 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\Repair_PluginConfig.xml (411 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\iexplore.exe.xml (528 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDPerflog.dll (5064 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\UserDetectionPlugin.dll (5520 bytes)
%WinDir%\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation (4 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmsysrepair\Microsoft.VC80.CRT\msvcp80.dll (19096 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp (4 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\AppConfig (4 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (1 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\GameNoDisturb.ini (215 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDUDiskGuard.dll (8560 bytes)
%Documents and Settings%\All Users\Desktop\百度杀毒.lnk (959 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\directui license.txt (593 bytes)
%System%\drivers\bd0003.sys (55 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvrtpplugins\RtpContainerConfig.xml (818 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\systemfile.dat (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\bdvs.dat (5 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\licenses\duilib license.txt (1 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvtrayplugins\Microsoft.VC80.CRT\msvcr80.dll (21216 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US (4 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmsysrepair\Microsoft.VC80.ATL\Microsoft.VC80.ATL.manifest (466 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDMAVEng.dll (22192 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Security\Users (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\uninst.exe (28288 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\baidusdRepair.dll (4992 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\updlog.dll (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDConfig.dll (19152 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkv\BDKVVirusPlugins.dll (2105 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\drivers\bd0002.sys (1281 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\TrustAndIso.dll (8184 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvtrayplugins\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (1 bytes)
%System%\spool\XPSEP\amd64 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\tuopan.png (3 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\ToastImage.png (5 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\Skins\Default\BDKVTips.rdb (2392 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMEvents.dll (15 bytes)
%Documents and Settings%\%current user%\Application Data\Sun\Java\Deployment\SystemCache\6.0 (8 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\tips.xml (1 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\dnw.xml (149 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\Microsoft.VC80.ATL\Microsoft.VC80.ATL.manifest (466 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\KVRtp_PluginConfig.xml (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDAVCScan.dll (4992 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BaiduSdUpdate.exe (3361 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDMEvents.dll (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDMAVCached.dll (11048 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\BDUDiskGuard.dll (1281 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\BDMPerfMon.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\systemfile.dat (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\RtpContainerConfig.xml (818 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\monitor_config.dat (559 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\Microsoft.VC80.CRT\msvcr80.dll (21216 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvrtpplugins\Microsoft.VC80.ATL\atl80.dll (3312 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvtrayplugins\BDKVRmvDevPlugin.dll (1281 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BaiduSd.exe (13368 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\bduf.dll (11048 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\cache_config.dat (469 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvrtpplugins\FileMon.dll (3361 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmsysrepair\BDMSREng.dll (1425 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\900.dat (8 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvrtpplugins\HIPS.dll (7345 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN (4 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvtrayplugins\Microsoft.VC80.ATL\Microsoft.VC80.ATL.manifest (466 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\Microsoft.VC80.CRT\msvcm80.dll (16424 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDKVDeskBand64.dll (4992 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\BDMRepBase.dll (5873 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\KVRtp_PluginConfig.xml (2 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMSDWrench.dll (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\PluginInstallHelper.dll (3616 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bd0001.dll (673 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\809.dat (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\ToastLogo.ico (12024 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\NetService.ini (615 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\Skins\Default\BDKVUpdate.rdb (13584 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\app.ico (12024 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\Skins\Default\TrayDldProtect.rdb (6360 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics (4 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDCooly.dll (44 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Providers (4 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\Skins\Default\SearchProtection.rdb (5064 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\drivers\bd0001.sys (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\ieBaiduSDDetectPlug.dll (4992 bytes)
%WinDir%\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client (8 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvtrayplugins\Microsoft.VC80.CRT\msvcm80.dll (16424 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmsysrepair\BSRLib.dat (673 bytes)
%Documents and Settings%\%current user%\Application Data\Sun\Java\Deployment (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\KavUpdate.dll (9320 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMTinyXml.dll (673 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmsysrepair\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\900.dat (8 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (1 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\blacksign.dat (852 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\RepairPluginContainerConfig.xml (228 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\kav_verify.dat (677 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\res\InstallWnd.zip (12536 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDShellExt.dll (2321 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BaiduSdUpdate.exe (19152 bytes)
%System%\drivers\bd0002.sys (1281 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\Skins\Default\BDKVTray\TrayPlugin.rdb (18424 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMSkin.dll (8281 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\index.dat (2436 bytes)
%System%\drivers\bd0001.sys (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\NewPih.dll (4992 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\bdmp.dat (784 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkv\Microsoft.VC80.CRT\msvcr80.dll (21216 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvtrayplugins\UserDetectionPlugin.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDDownloader.exe (42222 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\百度杀毒\卸载百度杀毒.lnk (944 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\scan_mgr_config.dat (5 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDKVDeskBand.dll (673 bytes)
%WinDir%\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 (384 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDKVLogs.dll (673 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDKVDownloadProtect.dll (673 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\virus_type.dat (485 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\CompatibilityChecker.dll (601 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\licenses\directui license.txt (593 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvtrayplugins\Microsoft.VC80.CRT\msvcp80.dll (19096 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\GetSupplyId.dll (3616 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDKVWsc.exe (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\DesktopToast.exe (3616 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BaiduSdRepair.exe (2321 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\repairplugins\baidusdRepair.dll (601 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMDownload.dll (1425 bytes)
%System%\spool\XPSEP\i386 (4 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\tuopan.png (3 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDKVDownloadProtect_x64.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\bd0001.sys (2392 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BaiduSd.exe (2105 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMFrameWork.dll (1425 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDMWrench.sys (3616 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvtrayplugins\Microsoft.VC80.ATL\atl80.dll (3312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\duilib license.txt (1 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvtrayplugins\TrayPluginContainerConfig.xml (945 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\index.dat (484 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\Microsoft.VC80.CRT\msvcp80.dll (19096 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BaiduSdSvc.exe (2321 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDShellExt64.dll (2321 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\Skins\Default\TrayPlugin.rdb (20624 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDMPerfMon.dll (5064 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\drivers\bd0003.sys (55 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\bd0001.dll (5064 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvrtpplugins\Microsoft.VC80.CRT\msvcr80.dll (21216 bytes)
%Documents and Settings%\%current user%\Local Settings (4 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\coolyplugins\CoolyContainerConfig.xml (329 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMBase.dll (7345 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\explugin\ieBaiduSDDetectPlug.dll (601 bytes)
%System%\config\systemprofile\Start Menu\Programs\Accessories (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDMTinyXml.dll (6584 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvrtpplugins\PrivacyProtect.dll (673 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\DriverManager.dll (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\HIPS.dll (30968 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\804.dat (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\811.dat (8 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\Microsoft.VC80.CRT\msvcm80.dll (16424 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM (8 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BaiduSdBugRpt.exe (3361 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDMNet.dll (28288 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BAV\bdvs.dat (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDShellExt.dll (15168 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\tips.xml (1 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\百度杀毒\百度杀毒.lnk (971 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\bduf.dll (1425 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\iexplore.exe.xml (528 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMAVE.dll (673 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmsysrepair\Microsoft.VC80.ATL\atl80.dll (3312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\901.dat (8 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvrtpplugins\fm.dat (597 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDLogicUtils.dll (1281 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDCooly.dll (1552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\806.dat (3 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\Microsoft.VC80.CRT\msvcp80.dll (19096 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\KVTray_PluginConfig.xml (1 bytes)
%Documents and Settings%\%current user%\Application Data\Adobe\Acrobat\9.0 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\npBaiduSDDetectPlug.dll (3616 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDKVWsc.exe (13368 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\Repair_PluginConfig.xml (411 bytes)
%Documents and Settings%\%current user% (4 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\drivers\BDMWrench.sys (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\PrivacyProtect.dll (6360 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\bd0002.sys (7192 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDKVMainFrame.dll (32128 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\Skins\Default\KVCommonRes.rdb (132004 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDKVVirusPlugins.dll (12024 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDMLog.dll (784 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\809.dat (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\ad.dll (15168 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\BDMRepMgr.dll (1425 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\KVMainframe_PluginConfig.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BaiduSdBugRpt.exe (19152 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\KVTray_PluginConfig.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDKVRmvDevPlugin.dll (8560 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\DriverManager.dll (4992 bytes)
%System%\config\systemprofile\Local Settings (4 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Security (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDKVDownloadProtect.dll (5520 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\810.dat (3 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkv\Microsoft.VC80.CRT\msvcm80.dll (16424 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BaiduSdUProxy64.exe (23936 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmsysrepair\Microsoft.VC80.CRT\msvcr80.dll (21216 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkv\KVMainframePluginContainerConfig.xml (384 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDKVTrayTipsPlugin.dll (6584 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\810.dat (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BaiduSdTray.exe (46916 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\NetService.ini (615 bytes)
%Documents and Settings%\%current user%\Application Data\Sun\Java\Deployment\cache\6.0 (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDMFrameWork.dll (10136 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMStringUtils.dll (49 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Security\Wizard (4 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\uninst.exe (5873 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDMReport.dll (12024 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\DesktopToast.exe (601 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BAV\BDAVCScan.dll (601 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkv\Microsoft.VC80.ATL\atl80.dll (3312 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\monitor_config.dat (559 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\dnw.xml (149 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\wverify.dat (15019 bytes)
%System%\oobe\html\mouse (4 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\BDKitUtils.dll (54 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDShellExt64.dll (14184 bytes)
%System%\config\systemprofile\Start Menu\Programs (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDKVDeskBand.dll (5064 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\804.dat (3 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\scan_mgr_config.dat (5 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\hips.xml (17 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\Microsoft.VC80.ATL\atl80.dll (3312 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDPerflog.dll (673 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\ToastLogo.ico (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\blacksign.dat (852 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BaiduSdSvc.exe (15536 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvrtpplugins\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (1 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDConfig.dll (3361 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvrtpplugins\Microsoft.VC80.ATL\Microsoft.VC80.ATL.manifest (466 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\drivers\BDArKit.sys (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsn5.tmp (910471 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmsysrepair\BDMSRCore.dll (1425 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkv\Microsoft.VC80.CRT\msvcp80.dll (19096 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMMsg.dll (33 bytes)

The Trojan-Dropper deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\NetService.ini (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\app.ico (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDMNet.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\bdmp.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDShellExt.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\tips.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\virus_type.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDMMsg.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BSRLib.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDMRepBase.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDMWrench.sys (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\duilib license.txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\Repair_PluginConfig.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\ToastImage.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\KavUpdate.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDCooly.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\806.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\KVTray_PluginConfig.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDMRepMgr.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\GameNoDisturb.ini (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\iexplore.exe.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\npBaiduSDDetectPlug.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDKVWsc.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\RepairPluginContainerConfig.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDPerflog.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDMBase.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\UserDetectionPlugin.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\hips.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDMSDWrench.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\tuopan.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDConfig.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BaiduSdUpdate.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\wverify.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\PrivacyProtect.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\directui license.txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\bd0002.sys (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDKVLogs.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\bdvs.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDMUpdate.dll (0 bytes)
%Program Files%\s1ac (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDDownloader.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\scan_mgr_config.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDMAVEng.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDKVVirusPlugins.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDMLog.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\uninst.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDMTinyXml.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDMStringUtils.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\809.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\ad.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\KVMainframe_PluginConfig.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDMAVE.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\fm.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDArKit.sys (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BaiduSdBugRpt.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDKVDownloadProtect_x64.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\TrustAndIso.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\DesktopToast.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\bd0003.sys (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\Cooly_PluginConfig.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDKVRmvDevPlugin.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\DriverManager.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\TrayPluginContainerConfig.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDKVDownloadProtect.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDMSRCore.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh4.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\810.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\updlog.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BaiduSdUProxy64.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDMSREng.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\license.txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\ieBaiduSDDetectPlug.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDShellExt64.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\KVMainframePluginContainerConfig.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDKVTrayTipsPlugin.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\bd0001.sys (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BaiduSdTray.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDAVCScan.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDUDiskGuard.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDMEvents.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\ToastLogo.ico (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDMAVCached.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDMFrameWork.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDMDownload.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDMPatchAgent.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\systemfile.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDMReport.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BaiduSdRepair.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\RtpContainerConfig.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\bd0001.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\monitor_config.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\dnw.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDKitUtils.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\bduf.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDMPerfMon.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDDownLoadProtectPlugin.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDKVDeskBand.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\804.dat (0 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDDownloader.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDKVMainFrame.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BaiduSd.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDMSkin.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\CoolyContainerConfig.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\901.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\blacksign.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\CompatibilityChecker.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\kav_verify.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BaiduSdSvc.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\baidusdRepair.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDKVDeskBand64.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\cache_config.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\KVRtp_PluginConfig.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\HIPS.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\FileMon.dll (0 bytes)
C:\s1ac (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDLogicUtils.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\900.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\811.dat (0 bytes)

The process BaiduSdTray.exe:2348 makes changes in the file system.
The Trojan-Dropper creates and/or writes to the following file(s):

%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd (4 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config (4 bytes)
%WinDir%\Temp\Perflib_Perfdata_7a0.dat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012014053120140601\index.dat (480 bytes)
%System%\wbem\Logs (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\index.dat (1416 bytes)
%Documents and Settings%\%current user%\Local Settings (4 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\900.dat (8 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\CachedDB_1\LOG (4 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\CachedDB_1 (4 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\IsolationDB.db-journal (532 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\FileSignDB\LOG (4 bytes)
C:\$Directory (384 bytes)
%System% (2000 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nspC.tmp\icclz.exe (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nspC.tmp (4 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\FileSignDB (4 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\CachedDB_1\CURRENT (4 bytes)
%System%\config (8 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\812.dat (100 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsjB.tmp (7551 bytes)
%WinDir%\Prefetch (4 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\4402.dat (4 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\index.dat (576 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\IsolationDB.db (149 bytes)
%WinDir%\Temp\Perflib_Perfdata_f00.dat (100 bytes)

The Trojan-Dropper deletes the following file(s):

%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\IsolationDB.db-journal (0 bytes)

The process BaiduSdSvc.exe:2156 makes changes in the file system.
The Trojan-Dropper creates and/or writes to the following file(s):

%WinDir%\Temp\Tar10.tmp (2712 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\FileSignDB\MANIFEST-000002 (4 bytes)
%System%\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015 (108 bytes)
%System%\config\SYSTEM.LOG (5001 bytes)
%System%\config\software (23177 bytes)
%System%\config\SOFTWARE.LOG (27430 bytes)
%WinDir%\Temp\CabF.tmp (54 bytes)
%System%\drivers\BDMWrench.sys (601 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\privacy.db-journal (532 bytes)
%System%\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004 (816 bytes)
%System%\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 (816 bytes)
%WinDir%\Temp\CabD.tmp (54 bytes)
%System%\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004 (36 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\white_list.db (145 bytes)
%System%\config (288 bytes)
%System%\config\system (2779 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\CachedDB_1\MANIFEST-000002 (4 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\privacy.db (149 bytes)
%WinDir%\Temp\TarE.tmp (2712 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\white_list.db-journal (512 bytes)

The Trojan-Dropper deletes the following file(s):

%WinDir%\Temp\Tar10.tmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\FileSignDB\MANIFEST-000001 (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\FileSignDB\CURRENT (0 bytes)
%WinDir%\Temp\CabF.tmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\privacy.db-journal (0 bytes)
%WinDir%\Temp\CabD.tmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\CachedDB_1\CURRENT (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\CachedDB_1\MANIFEST-000001 (0 bytes)
%WinDir%\Temp\TarE.tmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\white_list.db-journal (0 bytes)

The process icclz.exe:432 makes changes in the file system.
The Trojan-Dropper creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsz13.tmp\res\InstallWnd.zip (54196 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz13.tmp\PluginInstallHelper.dll (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu12.tmp (97881 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz13.tmp\System.dll (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz13.tmp\InstallHelper.dll (34186 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz13.tmp\BDMSkin.dll (37025 bytes)

The Trojan-Dropper deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsz11.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz13.tmp (0 bytes)

The process BDDownloader.exe:2732 makes changes in the file system.
The Trojan-Dropper creates and/or writes to the following file(s):

%Program Files%\Common Files\Baidu\BDDownload\106\bddownloader.exe (9605 bytes)
%Program Files%\Common Files\Baidu\BDDownload\106\bdcomproxy.dll (601 bytes)
%Program Files%\Common Files\Baidu\BDDownload\106\7z.dll (2105 bytes)
%Program Files%\Common Files\Baidu\BDDownload\106\dl.dll (14988 bytes)

The process BDDownloader.exe:2660 makes changes in the file system.
The Trojan-Dropper creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\BDDownloader_Installer\1.0.106.1[2014-5-31-19-28-31]\bddownloader.exe (41699 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\BDDownloader_Installer\1.0.106.1[2014-5-31-19-28-31]\bdcomproxy.dll (2392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\BDDownloader_Installer\1.0.106.1[2014-5-31-19-28-31]\dl.dll (65930 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\dl.dll (65930 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\BDDownloader_Installer\1.0.106.1[2014-5-31-19-28-31]\7z.dll (12536 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsn9.tmp\System.dll (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsx8.tmp (90616 bytes)

The Trojan-Dropper deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsn9.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsn9.tmp\System.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nss7.tmp (0 bytes)

Registry activity

The process BaiduSd.exe:3108 makes changes in the system registry.
The Trojan-Dropper creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A8 41 AE 0C F0 7E 9C 48 81 45 B3 B4 78 7B 54 62"

The process shandian.exe:1324 makes changes in the system registry.
The Trojan-Dropper creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 17 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F0 E2 29 AC 42 63 86 F2 2E 90 92 D1 4B 82 91 A0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan-Dropper modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan-Dropper modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan-Dropper modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan-Dropper deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process shandian.exe:192 makes changes in the system registry.
The Trojan-Dropper creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014053120140601]
"CacheRepair" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 18 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT]
"shandian.exe" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014053120140601]
"CachePrefix" = ":2014053120140601:"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name" = "shandian.exe"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE]
"shandian.exe" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014053120140601]
"CachePath" = "%USERPROFILE%\Local Settings\History\History.IE5\MSHist012014053120140601\"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "1301653454"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014053120140601]
"CacheOptions" = "11"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "1E 67 F4 C7 6A 1D 19 AA B8 C7 8F 90 0C F4 8A F3"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014053120140601]
"CacheLimit" = "8192"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Favorites" = "%Documents and Settings%\%current user%\Favorites"
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

The Trojan-Dropper modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan-Dropper modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan-Dropper modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan-Dropper deletes the following registry key(s):

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013041720130418]

The Trojan-Dropper deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process emaaif_70690.exe:2700 makes changes in the system registry.
The Trojan-Dropper creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nspC.tmp]
"icclz.exe" = "icclz"

[HKCR\metnsd\clsid]
"SequenceID" = "A5 F8 F0 68 63 C6 5E 43 80 D7 0E EF AC 82 E1 2F"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "20 87 84 D0 FD 0C A7 37 62 1D D4 CD DD ED DF 55"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

The Trojan-Dropper adds process executable file it works in to the list of trusted Windows Firewall applications:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Documents and Settings%\%current user%\Local Settings\Temp\nsy2.tmp]
"emaaif_70690.exe" = "%Documents and Settings%\%current user%\Local Settings\Temp\nsy2.tmp\emaaif_70690.exe:*:Enabled:百度卫士在线安装程序"

The Trojan-Dropper modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan-Dropper modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Documents and Settings%\%current user%\Local Settings\Temp\nsy2.tmp]
"emaaif_70690.exe" = "%Documents and Settings%\%current user%\Local Settings\Temp\nsy2.tmp\emaaif_70690.exe:*:Enabled:百度卫士在线安装程序"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Documents and Settings%\%current user%\Local Settings\Temp\nspC.tmp]
"icclz.exe" = "%Documents and Settings%\%current user%\Local Settings\Temp\nspC.tmp\icclz.exe:*:Enabled:百度卫士安装程序"

The Trojan-Dropper adds process executable file it works in to the list of trusted Windows Firewall applications:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Documents and Settings%\%current user%\Local Settings\Temp\nspC.tmp]
"icclz.exe" = "%Documents and Settings%\%current user%\Local Settings\Temp\nspC.tmp\icclz.exe:*:Enabled:百度卫士安装程序"

The Trojan-Dropper modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The process sdad.exe:1620 makes changes in the system registry.
The Trojan-Dropper creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name" = "sdad.exe"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 19 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "1384939658"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "41 3E 78 FD 27 EB 54 53 E5 69 B3 97 3D F4 D3 8F"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan-Dropper modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan-Dropper modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan-Dropper modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan-Dropper deletes the following registry key(s):

[HKCU\Software\Microsoft\MediaPlayer\Health\{8FF1C4FC-E4AD-46FD-AECF-91430D07C00B}]

The Trojan-Dropper deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process %original file name%.exe:816 makes changes in the system registry.
The Trojan-Dropper creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ÉÁµçä¯ÀÀÆ÷]
"DisplayName" = "ÉÁµçä¯ÀÀÆ÷"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 16 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ÉÁµçä¯ÀÀÆ÷]
"Publisher" = "ÉÁµç"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ÉÁµçä¯ÀÀÆ÷]
"URLInfoAbout" = "http://www.sd.com"
"DisplayIcon" = "%Program Files%\shandian\shandian.exe"

"UninstallString" = "%Program Files%\shandian\uninst.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ÉÁµçä¯ÀÀÆ÷]
"DisplayVersion" = "1.0.0.0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "1D 8D D9 AF 90 9F 15 C4 B6 C7 5A 2B 77 21 D6 7C"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsy2.tmp\config.ini\..]
"emaaif_70690.exe" = "emaaif_70690"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsy2.tmp\config.ini\..]
"F30241_s_0523.exe" = "百度杀毒安装程序"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\shandian]
"home.bat" = "home"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

The Trojan-Dropper modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan-Dropper modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

To automatically run itself each time Windows is booted, the Trojan-Dropper adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"shandian" = "%Program Files%\shandian\shandian.exe"

The Trojan-Dropper modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan-Dropper deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process F30241_s_0523.exe:1356 makes changes in the system registry.
The Trojan-Dropper creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Baidu\BaiduSd]
"InstallDate" = "2014-5-31"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度杀毒]
"UninstallString" = "%Program Files%\Baidu\BaiduSd\1.8.0.1255\uninst.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKCR\CLSID\{36E6A19A-6C8C-4250-B42A-24B8D3514ABA}\VersionIndependentProgID]
"(Default)" = "ieCommonPlugin.Implement"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度杀毒]
"DisplayVersion" = "1.8.0.1255"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{36E6A19A-6C8C-4250-B42A-24B8D3514ABA}\iexplore\AllowedDomains\*]
"(Default)" = ""

[HKLM\SOFTWARE\MozillaPlugins\@baidu.com/BaidusdDetectNPPlugin]
"vendor" = "Beijing baidu Netcom science and technology co.ltd"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\System\CurrentControlSet\Services\bd0003]
"Description" = "百度杀毒功能组件"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度杀毒]
"Publisher" = "百度在线网络技术(北京)有限公司"

[HKLM\System\CurrentControlSet\Services\bd0001]
"Type" = "1"

[HKLM\System\CurrentControlSet\Services\bd0002]
"Tag" = "2"

[HKLM\System\CurrentControlSet\Services\bd0003\Instances\bd0003 Instance]
"Altitude" = "326912"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"

[HKLM\System\CurrentControlSet\Services\BDArKit]
"Tag" = "4"

[HKLM\System\CurrentControlSet\Control\CrashControl]
"CrashDumpEnabled" = "2"

[HKCR\TypeLib\{9A93865B-4314-47AE-8C4A-850748CCC6BF}\1.0\0\win32]
"(Default)" = "%Program Files%\Baidu\BaiduSd\1.8.0.1255\explugin\ieBaiduSDDetectPlug.dll"

[HKLM\System\CurrentControlSet\Services\bd0002]
"InstallDir_sd" = "%Program Files%\Baidu\BaiduSd\1.8.0.1255"

[HKCR\CLSID\{36E6A19A-6C8C-4250-B42A-24B8D3514ABA}\TypeLib]
"(Default)" = "{9A93865B-4314-47AE-8C4A-850748CCC6BF}"

[HKCR\TypeLib\{9A93865B-4314-47AE-8C4A-850748CCC6BF}\1.0]
"(Default)" = "ieCommonPlugin 1.0 Type Library"

[HKLM\System\CurrentControlSet\Services\bd0003]
"Group" = "FSFilter Anti-Virus"

[HKLM\System\CurrentControlSet\Services\BDArKit]
"Description" = "BDArKit"

[HKLM\SOFTWARE\Baidu\BaiduSd]
"Version" = "1.8.0.1255"

[HKLM\System\CurrentControlSet\Services\bd0002]
"Type" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCR\TypeLib\{9A93865B-4314-47AE-8C4A-850748CCC6BF}\1.0\FLAGS]
"(Default)" = "0"

[HKLM\SOFTWARE\MozillaPlugins\@baidu.com/BaidusdDetectNPPlugin\MimeTypes\application/np-BaiduSDDetect]
"Description" = "BaidusdDetectNPPlugin"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKLM\System\CurrentControlSet\Services\bd0003\Instances]
"DefaultInstance" = "bd0003 Instance"

[HKCR\ieCommonPlugin.Implement\CurVer]
"(Default)" = "ieCommonPlugin.Implement.1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"

[HKCR\ieCommonPlugin.Implement\CLSID]
"(Default)" = "{36E6A19A-6C8C-4250-B42A-24B8D3514ABA}"

[HKLM\SOFTWARE\Baidu\BaiduSd]
"InstallDir" = "%Program Files%\Baidu\BaiduSd"

[HKCR\AppID\{6B4447CA-C33E-4E65-914D-C7B346D73F80}]
"(Default)" = "ieCommonPlugin"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B2 67 15 61 11 47 20 8D 90 64 0D 5B C1 CD 20 0A"

[HKLM\System\CurrentControlSet\Services\bd0001]
"DisplayName" = "bd0001"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\System\CurrentControlSet\Services\bd0003]
"DependOnService" = "FltMgr"

[HKLM\System\CurrentControlSet\Services\BDArKit]
"ErrorControl" = "0"

[HKCR\CLSID\{36E6A19A-6C8C-4250-B42A-24B8D3514ABA}\InprocServer32]
"(Default)" = "%Program Files%\Baidu\BaiduSd\1.8.0.1255\explugin\ieBaiduSDDetectPlug.dll"

[HKCR\Interface\{C7777CD6-0F43-49E4-B988-F62E3BA5130A}\TypeLib]
"Version" = "1.0"

[HKLM\System\CurrentControlSet\Services\BDArKit]
"Group" = "bddriver"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\System\CurrentControlSet\Services\BDArKit]
"ImagePath" = "system32\DRIVERS\BDArKit.sys"
"DisplayName" = "BDArKit"

[HKLM\System\CurrentControlSet\Services\bd0003]
"ImagePath" = "system32\DRIVERS\bd0003.sys"

[HKLM\System\CurrentControlSet\Services\bd0001]
"Tag" = "1"

[HKCR\Interface\{C7777CD6-0F43-49E4-B988-F62E3BA5130A}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\TypeLib\{9A93865B-4314-47AE-8C4A-850748CCC6BF}\1.0\HELPDIR]
"(Default)" = ""

[HKLM\System\CurrentControlSet\Services\bd0002]
"DisplayName" = "bd0002"

[HKLM\System\CurrentControlSet\Services\bd0003]
"Type" = "2"

[HKLM\System\CurrentControlSet\Services\bd0002]
"ErrorControl" = "0"

[HKLM\SOFTWARE\Baidu\BaiduSd]
"RtpFlag" = "273"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"

[HKLM\System\CurrentControlSet\Services\bd0002]
"Group" = "bddriver"

[HKLM\System\CurrentControlSet\Services\bd0001]
"ImagePath" = "system32\DRIVERS\bd0001.sys"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度杀毒]
"DisplayIcon" = "%Program Files%\Baidu\BaiduSd\1.8.0.1255\app.ico"

[HKLM\System\CurrentControlSet\Services\bd0003]
"Tag" = "3"

[HKLM\SOFTWARE\MozillaPlugins\@baidu.com/BaidusdDetectNPPlugin]
"Path" = "%Program Files%\Baidu\BaiduSd\1.8.0.1255\explugin\npBaiduSDDetectPlug.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度杀毒]
"DisplayName" = "百度杀毒1.8"

[HKLM\SOFTWARE\Baidu\BaiduSd]
"VirusTime" = "2013.11.28 0110"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\System\CurrentControlSet\Services\bd0001]
"ErrorControl" = "0"

[HKCR\ieCommonPlugin.Implement.1]
"(Default)" = "Implement Class"

[HKLM\System\CurrentControlSet\Services\bd0002]
"Description" = "bd0002"

[HKCR\AppID\ieCommonPlugin.DLL]
"AppID" = "{6B4447CA-C33E-4E65-914D-C7B346D73F80}"

[HKCR\Interface\{C7777CD6-0F43-49E4-B988-F62E3BA5130A}\TypeLib]
"(Default)" = "{9A93865B-4314-47AE-8C4A-850748CCC6BF}"

[HKLM\System\CurrentControlSet\Services\BDArKit]
"Type" = "1"

[HKLM\System\CurrentControlSet\Services\bd0003]
"ErrorControl" = "1"

[HKLM\System\CurrentControlSet\Services\bd0002]
"ImagePath" = "system32\DRIVERS\bd0002.sys"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCR\ieCommonPlugin.Implement]
"(Default)" = "Implement Class"

[HKLM\SOFTWARE\Baidu\BaiduSd]
"INSTLANG" = "2052"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKLM\System\CurrentControlSet\Control\GroupOrderList]
"bddriver" = "02 00 00 00 01 00 00 00 02 00 00 00"

[HKLM\SOFTWARE\MozillaPlugins\@baidu.com/BaidusdDetectNPPlugin]
"ProductName" = "BaiduSd"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCR\CLSID\{36E6A19A-6C8C-4250-B42A-24B8D3514ABA}\ProgID]
"(Default)" = "ieCommonPlugin.Implement.1"

[HKCR\CLSID\{36E6A19A-6C8C-4250-B42A-24B8D3514ABA}]
"(Default)" = "Implement Class"

[HKCR\Interface\{C7777CD6-0F43-49E4-B988-F62E3BA5130A}]
"(Default)" = "IImplement"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

[HKLM\SOFTWARE\MozillaPlugins\@baidu.com/BaidusdDetectNPPlugin]
"Description" = "Baidusd detect NPAPI plugin"

[HKLM\System\CurrentControlSet\Control\ServiceGroupOrder]
"List" = "System Reserved, Boot Bus Extender, System Bus Extender, SCSI miniport, Port, Primary Disk, SCSI Class, SCSI CDROM Class, FSFilter Infrastructure, FSFilter System, FSFilter Bottom, FSFilter Copy Protection, FSFilter Security Enhancer, FSFilter Open File, FSFilter Physical Quota Management, FSFilter Encryption, FSFilter Compression, FSFilter HSM, FSFilter Cluster File System, FSFilter System Recovery, FSFilter Quota Management, FSFilter Content Screener, FSFilter Continuous Backup, FSFilter Replication, bddriver, FSFilter Anti-Virus, FSFilter Undelete, FSFilter Activity Monitor, FSFilter Top, Filter, Boot File System, Base, Pointer Port, Keyboard Port, Pointer Class, Keyboard Class, Video Init, Video, Video Save, File System, Event Log, Streams Drivers, NDIS Wrapper, COM Infrastructure, UIGroup, LocalValidation, PlugPlay, PNP_TDI, NDIS, TDI, NetBIOSGroup, ShellSvcGroup, SchedulerGroup, SpoolerGroup, AudioGroup, SmartCardGroup, NetworkProvider, RemoteValidation, NetDDEGroup, Parallel arbitrator, Extended Base, PCI Configuration, MS Transactions"

[HKLM\SOFTWARE\MozillaPlugins\@baidu.com/BaidusdDetectNPPlugin]
"Version" = "1.0.0.1"

[HKLM\System\CurrentControlSet\Services\bd0001]
"Group" = "bddriver"

[HKCR\ieCommonPlugin.Implement.1\CLSID]
"(Default)" = "{36E6A19A-6C8C-4250-B42A-24B8D3514ABA}"

[HKCR\Interface\{C7777CD6-0F43-49E4-B988-F62E3BA5130A}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKLM\System\CurrentControlSet\Services\bd0003\Instances\bd0003 Instance]
"Flags" = "0"

[HKLM\System\CurrentControlSet\Services\bd0001]
"Description" = "bd0001"

[HKLM\System\CurrentControlSet\Services\bd0003]
"DisplayName" = "bd0003"

[HKLM\SOFTWARE\Baidu\BaiduSd]
"SupplyID" = "30241"

[HKCR\CLSID\{36E6A19A-6C8C-4250-B42A-24B8D3514ABA}\InprocServer32]
"ThreadingModel" = "Apartment"

The Trojan-Dropper adds process executable file it works in to the list of trusted Windows Firewall applications:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Program Files%\Baidu\BaiduSd\1.8.0.1255]
"BaiduSdSvc.exe" = "%Program Files%\Baidu\BaiduSd\1.8.0.1255\BaiduSdSvc.exe:*:Enabled:百度杀毒服务程序"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Program Files%\Baidu\BaiduSd\1.8.0.1255]
"BaiduSdBugRpt.exe" = "%Program Files%\Baidu\BaiduSd\1.8.0.1255\BaiduSdBugRpt.exe:*:Enabled:百度杀毒BUG上报程序"

The following driver will be automatically launched by the NT Native code (IoInitSystem method):

[HKLM\System\CurrentControlSet\Services\bd0003]
"Start" = "1"

The Trojan-Dropper adds process executable file it works in to the list of trusted Windows Firewall applications:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Program Files%\Baidu\BaiduSd\1.8.0.1255]
"BaiduSdTray.exe" = "%Program Files%\Baidu\BaiduSd\1.8.0.1255\BaiduSdTray.exe:*:Enabled:百度杀毒托盘程序"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Documents and Settings%\%current user%\Local Settings\Temp\nsy2.tmp]
"F30241_s_0523.exe" = "%Documents and Settings%\%current user%\Local Settings\Temp\nsy2.tmp\F30241_s_0523.exe:*:Enabled:百度杀毒安装程序"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Program Files%\Baidu\BaiduSd\1.8.0.1255]
"BaiduSdSvc.exe" = "%Program Files%\Baidu\BaiduSd\1.8.0.1255\BaiduSdSvc.exe:*:Enabled:百度杀毒服务程序"

The Trojan-Dropper adds process executable file it works in to the list of trusted Windows Firewall applications:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Program Files%\Baidu\BaiduSd\1.8.0.1255]
"BaiduSdUpdate.exe" = "%Program Files%\Baidu\BaiduSd\1.8.0.1255\BaiduSdUpdate.exe:*:Enabled:百度杀毒更新程序"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Program Files%\Baidu\BaiduSd\1.8.0.1255]
"BaiduSdTray.exe" = "%Program Files%\Baidu\BaiduSd\1.8.0.1255\BaiduSdTray.exe:*:Enabled:百度杀毒托盘程序"

The Trojan-Dropper adds process executable file it works in to the list of trusted Windows Firewall applications:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Program Files%\Baidu\BaiduSd\1.8.0.1255]
"BaiduSd.exe" = "%Program Files%\Baidu\BaiduSd\1.8.0.1255\BaiduSd.exe:*:Enabled:百度杀毒主程序"

"BaiduSdBugRpt.exe" = "%Program Files%\Baidu\BaiduSd\1.8.0.1255\BaiduSdBugRpt.exe:*:Enabled:百度杀毒BUG上报程序"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Program Files%\Baidu\BaiduSd\1.8.0.1255]
"BaiduSdUpdate.exe" = "%Program Files%\Baidu\BaiduSd\1.8.0.1255\BaiduSdUpdate.exe:*:Enabled:百度杀毒更新程序"

The following service will be launched automatically at system boot up:

[HKLM\System\CurrentControlSet\Services\BDArKit]
"Start" = "2"

The following driver will be automatically launched by the NT Native code (IoInitSystem method):

[HKLM\System\CurrentControlSet\Services\bd0002]
"Start" = "1"

[HKLM\System\CurrentControlSet\Services\bd0001]
"Start" = "1"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Program Files%\Baidu\BaiduSd\1.8.0.1255]
"BaiduSd.exe" = "%Program Files%\Baidu\BaiduSd\1.8.0.1255\BaiduSd.exe:*:Enabled:百度杀毒主程序"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Documents and Settings%\%current user%\Local Settings\Temp\nsy2.tmp]
"F30241_s_0523.exe" = "%Documents and Settings%\%current user%\Local Settings\Temp\nsy2.tmp\F30241_s_0523.exe:*:Enabled:百度杀毒安装程序"

The Trojan-Dropper deletes the following value(s) in system registry:

[HKLM\System\CurrentControlSet\Services\bd0003]
"DeleteFlag"

[HKLM\System\CurrentControlSet\Services\bd0002]
"DeleteFlag"

[HKLM\System\CurrentControlSet\Services\bd0001]
"DeleteFlag"

[HKLM\System\CurrentControlSet\Services\BDArKit]
"DeleteFlag"

[HKLM\SOFTWARE\Baidu\BaiduSd]
"RtpFlag"

The process BaiduSdTray.exe:2348 makes changes in the system registry.
The Trojan-Dropper creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "27 2F 4B 25 90 2E 48 76 EE D3 5C 3A 60 47 74 36"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

The process bddownloader.exe:2856 makes changes in the system registry.
The Trojan-Dropper creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%System%]
"regsvr32.exe" = "Microsoft(C) Register Server"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCR\TypeLib\{DA624F8F-98BF-4B03-AD11-A12D07119E81}\1.0\0\win32]
"(Default)" = "c:\program files\common files\baidu\bddownload\106\bddownloader.exe"

[HKCR\BDDownloadProxy.Downloader\CLSID]
"(Default)" = "{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}"

[HKCR\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCR\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}\ProxyStubClsid32]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKCR\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\TypeLib]
"(Default)" = "{DA624F8F-98BF-4B03-AD11-A12D07119E81}"

[HKCR\CLSID\{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}\LocalServer32]
"(Default)" = "c:\program files\common files\baidu\bddownload\106\bddownloader.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCR\BDDownloadProxy.Downloader.1]
"(Default)" = "Downloader Class"

[HKCR\BDDownloadProxy.Downloader.1\CLSID]
"(Default)" = "{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}"

[HKCR\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}\ProxyStubClsid]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCR\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\BDDownloadProxy.Downloader]
"(Default)" = "Downloader Class"

[HKCR\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}]
"(Default)" = "DownloadProxy"

[HKCR\CLSID\{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}]
"(Default)" = "Downloader Class"

[HKCR\CLSID\{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}\ProgID]
"(Default)" = "BDDownloadProxy.Downloader.1"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%System%]
"netsh.exe" = "Network Command Shell"

[HKCR\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\TypeLib]
"Version" = "1.0"

[HKCR\CLSID\{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}\TypeLib]
"(Default)" = "{DA624F8F-98BF-4B03-AD11-A12D07119E81}"

[HKCR\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}\TypeLib]
"Version" = "1.0"

[HKCR\AppID\DownloadProxy.EXE]
"AppID" = "{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}"

[HKCR\TypeLib\{DA624F8F-98BF-4B03-AD11-A12D07119E81}\1.0\HELPDIR]
"(Default)" = ""

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "53 65 3B A0 DE C3 95 8C 9B 45 80 19 F7 04 C8 9B"

[HKCR\BDDownloadProxy.Downloader\CurVer]
"(Default)" = "BDDownloadProxy.Downloader.1"

[HKCR\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}\TypeLib]
"(Default)" = "{DA624F8F-98BF-4B03-AD11-A12D07119E81}"

[HKCR\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}]
"(Default)" = "_IDownloaderEvents"

[HKCR\CLSID\{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}]
"AppID" = "{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}"

[HKCR\TypeLib\{DA624F8F-98BF-4B03-AD11-A12D07119E81}\1.0]
"(Default)" = "DownloadProxy 1.0 Type Library"

[HKCR\TypeLib\{DA624F8F-98BF-4B03-AD11-A12D07119E81}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\CLSID\{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}\VersionIndependentProgID]
"(Default)" = "BDDownloadProxy.Downloader"

[HKCR\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}]
"(Default)" = "IDownloader"

The Trojan-Dropper modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan-Dropper modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The Trojan-Dropper modifies IE settings for security zones to map all urls to the Intranet Zone:

"IntranetName" = "1"

The process regsvr32.exe:2944 makes changes in the system registry.
The Trojan-Dropper creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "0C 7E 92 73 B7 F6 78 44 65 E0 C1 93 BD 2B 29 09"

[HKCR\CLSID\{85E0B1AA-04FA-11D1-B7DA-00A0C90348D6}\InprocServer32]
"(Default)" = "%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDKVDeskBand.dll"
"ThreadingModel" = "Apartment"

[HKCR\CLSID\{85E0B1AA-04FA-11D1-B7DA-00A0C90348D6}]
"(Default)" = "U盘防护"

The process regsvr32.exe:3020 makes changes in the system registry.
The Trojan-Dropper creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F7 C2 C3 ED DC 24 54 64 43 B1 36 73 A4 96 A0 19"

[HKCR\Interface\{6B3732AA-F6D4-4F16-9E22-49EDC52C9514}]
"(Default)" = "IDownloader_2"

[HKCR\CLSID\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\InProcServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}]
"(Default)" = "PSFactoryBuffer"

[HKCR\Interface\{6B3732AA-F6D4-4F16-9E22-49EDC52C9514}\ProxyStubClsid32]
"(Default)" = "{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}"

[HKCR\CLSID\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\InProcServer32]
"(Default)" = "c:\program files\common files\baidu\bddownload\106\bdcomproxy.dll"

[HKCR\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}]
"(Default)" = "IDownloader"

[HKCR\Interface\{6B3732AA-F6D4-4F16-9E22-49EDC52C9514}\NumMethods]
"(Default)" = "6"

[HKCR\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\NumMethods]
"(Default)" = "15"

[HKCR\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\ProxyStubClsid32]
"(Default)" = "{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}"

The process BaiduSdSvc.exe:2156 makes changes in the system registry.
The Trojan-Dropper creates and/or sets the following values in system registry:

[HKLM\System\CurrentControlSet\Services\bd0002]
"Description" = "bd0002"

[HKLM\System\CurrentControlSet\Services\bd0003]
"Group" = "FSFilter Anti-Virus"

[HKLM\System\CurrentControlSet\Services\BDArKit]
"Description" = "BDArKit"

[HKLM\System\CurrentControlSet\Services\BDMWrench]
"DisplayName" = "BDMWrench"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKLM\System\CurrentControlSet\Services\BDArKit]
"Group" = "bddriver"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\System\CurrentControlSet\Services\BDArKit]
"ImagePath" = "system32\DRIVERS\BDArKit.sys"

[HKLM\System\CurrentControlSet\Services\bd0002]
"Type" = "1"

[HKLM\System\CurrentControlSet\Services\BDMWrench]
"ImagePath" = "system32\DRIVERS\BDMWrench.sys"

[HKLM\System\CurrentControlSet\Services\bd0003]
"ErrorControl" = "1"

[HKLM\System\CurrentControlSet\Services\bd0002]
"ImagePath" = "system32\DRIVERS\bd0002.sys"

[HKLM\System\CurrentControlSet\Services\BDMWrench]
"Description" = "BDMWrench"

[HKLM\System\CurrentControlSet\Control\GroupOrderList]
"bddriver" = "02 00 00 00 01 00 00 00 02 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\System\CurrentControlSet\Services\bd0003]
"ImagePath" = "system32\DRIVERS\bd0003.sys"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\System\CurrentControlSet\Services\bd0001]
"Tag" = "1"

[HKLM\System\CurrentControlSet\Services\bd0003]
"Description" = "百度杀毒功能组件"

[HKLM\System\CurrentControlSet\Services\BDMWrench]
"Tag" = "5"

[HKLM\System\CurrentControlSet\Services\bd0003\Instances]
"DefaultInstance" = "bd0003 Instance"

[HKLM\System\CurrentControlSet\Services\bd0002]
"DisplayName" = "bd0002"

[HKLM\System\CurrentControlSet\Services\bd0001]
"Type" = "1"

[HKLM\System\CurrentControlSet\Services\bd0003]
"Type" = "2"

[HKLM\System\CurrentControlSet\Services\bd0002]
"ErrorControl" = "0"
"Group" = "bddriver"

[HKLM\System\CurrentControlSet\Services\BDMWrench]
"Type" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Services\bd0002]
"Tag" = "2"

[HKLM\System\CurrentControlSet\Services\BDMWrench]
"Group" = "bddriver"

[HKLM\System\CurrentControlSet\Services\bd0003]
"Tag" = "3"

[HKLM\System\CurrentControlSet\Services\bd0003\Instances\bd0003 Instance]
"Altitude" = "326912"

[HKLM\System\CurrentControlSet\Services\BDArKit]
"DisplayName" = "BDArKit"
"Type" = "1"
"Tag" = "4"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "1E 94 1E 13 D4 37 74 54 39 DC 95 62 6E 1A 69 81"

[HKLM\System\CurrentControlSet\Services\bd0001]
"Group" = "bddriver"
"ImagePath" = "system32\DRIVERS\bd0001.sys"

[HKU\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ParseAutoexec" = "1"

[HKLM\System\CurrentControlSet\Services\bd0001]
"DisplayName" = "bd0001"

[HKLM\System\CurrentControlSet\Services\bd0003]
"DependOnService" = "FltMgr"

[HKLM\System\CurrentControlSet\Services\bd0001]
"ErrorControl" = "0"

[HKLM\System\CurrentControlSet\Services\BDMWrench]
"ErrorControl" = "0"

[HKLM\System\CurrentControlSet\Services\bd0003\Instances\bd0003 Instance]
"Flags" = "0"

[HKLM\System\CurrentControlSet\Services\bd0001]
"Description" = "bd0001"

[HKLM\System\CurrentControlSet\Services\bd0003]
"DisplayName" = "bd0003"

[HKLM\System\CurrentControlSet\Services\BDArKit]
"ErrorControl" = "0"

[HKLM\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\E5215D3460C2C20BBE2D9FE5FB665DAA2C0E225C]
"Blob" = "04 00 00 00 01 00 00 00 10 00 00 00 6F 7E 74 A3"

The following service will be launched automatically at system boot up:

[HKLM\System\CurrentControlSet\Services\BDArKit]
"Start" = "2"

To automatically run itself each time Windows is booted, the Trojan-Dropper adds the following link to its file to the system registry autorun key:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"baidusdTray" = "%Program Files%\Baidu\BaiduSd\1.8.0.1255\BaiduSdTray.exe -stmd=3"

The following driver will be automatically launched by the NT Native code (IoInitSystem method):

[HKLM\System\CurrentControlSet\Services\bd0002]
"Start" = "1"

To automatically run itself each time Windows is booted, the Trojan-Dropper adds the following link to its file to the system registry autorun key:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"baidusdTray" = "%Program Files%\Baidu\BaiduSd\1.8.0.1255\BaiduSdTray.exe -stmd=3"

The following driver will be automatically launched by the NT Native code (IoInitSystem method):

[HKLM\System\CurrentControlSet\Services\bd0001]
"Start" = "1"

[HKLM\System\CurrentControlSet\Services\bd0003]
"Start" = "1"

[HKLM\System\CurrentControlSet\Services\BDMWrench]
"Start" = "1"

The Trojan-Dropper deletes the following value(s) in system registry:

[HKLM\System\CurrentControlSet\Services\bd0001]
"DeleteFlag"

[HKLM\System\CurrentControlSet\Services\bd0003]
"DeleteFlag"

[HKLM\System\CurrentControlSet\Services\bd0002]
"DeleteFlag"

[HKLM\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates]
"E5215D3460C2C20BBE2D9FE5FB665DAA2C0E225C"

[HKLM\System\CurrentControlSet\Services\BDMWrench]
"DeleteFlag"

[HKLM\System\CurrentControlSet\Services\BDArKit]
"DeleteFlag"

The process BaiduSdSvc.exe:240 makes changes in the system registry.
The Trojan-Dropper creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "73 3F E6 69 15 4F D4 A0 B3 94 9B E7 AC CB DF F6"

The process netsh.exe:2972 makes changes in the system registry.
The Trojan-Dropper creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"

[HKLM\SOFTWARE\Microsoft\Tracing\FWCFG]
"MaxFileSize" = "1048576"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh]
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent]
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Tracing\FWCFG]
"ConsoleTracingMask" = "4294901760"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh\Napmontr]
"BitNames" = " NAP_TRACE_BASE NAP_TRACE_NETSH"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\Tracing\FWCFG]
"EnableFileTracing" = "0"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh\Napmontr]
"Guid" = "710adbf0-ce88-40b4-a50d-231ada6593f0"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent\traceIdentifier]
"Guid" = "b0278a28-76f1-4e15-b1df-14b209a12613"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\SOFTWARE\Microsoft\Tracing\FWCFG]
"EnableConsoleTracing" = "0"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C0 56 57 8A B6 CA 7A 6E AF 67 13 65 A9 6C E3 44"

[HKLM\SOFTWARE\Microsoft\Tracing\FWCFG]
"FileDirectory" = "%windir%\tracing"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent]
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Tracing\FWCFG]
"FileTracingMask" = "4294901760"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh]
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"ControlFlags" = "1"

The Trojan-Dropper adds process executable file it works in to the list of trusted Windows Firewall applications:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Program Files%\Common Files\Baidu\BDDownload\106]
"bddownloader.exe" = "%Program Files%\Common Files\Baidu\BDDownload\106\bddownloader.exe:*:Enabled:百度高速下载器"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Program Files%\Common Files\Baidu\BDDownload\106]
"bddownloader.exe" = "%Program Files%\Common Files\Baidu\BDDownload\106\bddownloader.exe:*:Enabled:百度高速下载器"

The process BDKVWsc.exe:2772 makes changes in the system registry.
The Trojan-Dropper creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E1 ED 5E DF AF 66 48 BC E8 7E 9E BD 2B B0 9E 1F"

The process BDKVWsc.exe:3472 makes changes in the system registry.
The Trojan-Dropper creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D1 B1 B4 33 46 8A BA 6F AD F0 74 F9 AB ED 8B 77"

The process RegSvr32.exe:2804 makes changes in the system registry.
The Trojan-Dropper creates and/or sets the following values in system registry:

[HKCR\TypeLib\{45D1EEF3-7713-48FA-B7A5-B77229C7D330}\1.0]
"(Default)" = "BDShellExt 1.0 Type Library"

[HKCR\BDShellExt.BDShellExtMenu\CurVer]
"(Default)" = "BDShellExt.BDShellExtMenu.1"

[HKCR\Interface\{0C5C9741-79A4-4A5F-A9B3-9E686CFF879B}\NumMethods]
"(Default)" = "3"

[HKCR\Interface\{0C5C9741-79A4-4A5F-A9B3-9E686CFF879B}]
"(Default)" = "IBDShellExtMenu"

[HKCR\Interface\{0C5C9741-79A4-4A5F-A9B3-9E686CFF879B}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\TypeLib\{45D1EEF3-7713-48FA-B7A5-B77229C7D330}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\CLSID\{0C5C9741-79A4-4A5F-A9B3-9E686CFF879B}\InProcServer32]
"(Default)" = "%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDShellExt.dll"

[HKCR\BDShellExt.BDShellExtMenu.1]
"(Default)" = "BDShellExtMenu Class"

[HKCR\BDShellExt.BDShellExtMenu]
"(Default)" = "BDShellExtMenu Class"

[HKCR\CLSID\{00890530-6A9F-4be2-B1BB-73F01E2BB986}\InprocServer32]
"(Default)" = "%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDShellExt.dll"

[HKCR\BDShellExt.BDShellExtMenu.1\CLSID]
"(Default)" = "{00890530-6A9F-4be2-B1BB-73F01E2BB986}"

[HKCR\lnkfile\shellex\ContextMenuHandlers\BDShellExt]
"(Default)" = "{00890530-6A9F-4be2-B1BB-73F01E2BB986}"

[HKCR\AppID\BDShellExt.DLL]
"AppID" = "{FBE0E29B-01DB-4876-B147-46F5AABA6823}"

[HKCR\Interface\{0C5C9741-79A4-4A5F-A9B3-9E686CFF879B}\TypeLib]
"Version" = "1.0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00890530-6A9F-4be2-B1BB-73F01E2BB986}" = "BDShellExtMenu Class"

[HKCR\BDShellExt.BDShellExtMenu\CLSID]
"(Default)" = "{00890530-6A9F-4be2-B1BB-73F01E2BB986}"

[HKCR\CLSID\{00890530-6A9F-4be2-B1BB-73F01E2BB986}\TypeLib]
"(Default)" = "{45D1EEF3-7713-48fa-B7A5-B77229C7D330}"

[HKCR\Interface\{0C5C9741-79A4-4A5F-A9B3-9E686CFF879B}\TypeLib]
"(Default)" = "{45D1EEF3-7713-48FA-B7A5-B77229C7D330}"

[HKCR\CLSID\{00890530-6A9F-4be2-B1BB-73F01E2BB986}\VersionIndependentProgID]
"(Default)" = "BDShellExt.BDShellExtMenu"

[HKCR\CLSID\{00890530-6A9F-4be2-B1BB-73F01E2BB986}\ProgID]
"(Default)" = "BDShellExt.BDShellExtMenu.1"

[HKCR\AllFilesystemObjects\shellex\ContextMenuHandlers\BDShellExt]
"(Default)" = "{00890530-6A9F-4be2-B1BB-73F01E2BB986}"

[HKCR\CLSID\{0C5C9741-79A4-4A5F-A9B3-9E686CFF879B}]
"(Default)" = "PSFactoryBuffer"

[HKCR\AppID\{FBE0E29B-01DB-4876-B147-46F5AABA6823}]
"(Default)" = "BDShellExt"

[HKCR\TypeLib\{45D1EEF3-7713-48FA-B7A5-B77229C7D330}\1.0\0\win32]
"(Default)" = "%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDShellExt.dll"

[HKCR\CLSID\{00890530-6A9F-4be2-B1BB-73F01E2BB986}]
"AppID" = "{FBE0E29B-01DB-4876-B147-46F5AABA6823}"

[HKCR\CLSID\{0C5C9741-79A4-4A5F-A9B3-9E686CFF879B}\InProcServer32]
"ThreadingModel" = "Both"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "7B 6F F3 91 11 6A A8 56 53 0B 1D 20 F3 61 92 98"

[HKCR\Folder\shellex\ContextMenuHandlers\BDShellExt]
"(Default)" = "{00890530-6A9F-4be2-B1BB-73F01E2BB986}"

[HKCR\CLSID\{00890530-6A9F-4be2-B1BB-73F01E2BB986}]
"(Default)" = "BDShellExtMenu Class"

[HKCR\TypeLib\{45D1EEF3-7713-48FA-B7A5-B77229C7D330}\1.0\HELPDIR]
"(Default)" = ""

[HKCR\Interface\{0C5C9741-79A4-4A5F-A9B3-9E686CFF879B}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\CLSID\{00890530-6A9F-4be2-B1BB-73F01E2BB986}\InprocServer32]
"ThreadingModel" = "Apartment"

The process RegSvr32.exe:2892 makes changes in the system registry.
The Trojan-Dropper creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "EF 38 E6 91 73 C6 0A E8 95 6B FA 5F 72 8B 59 4A"

The process icclz.exe:432 makes changes in the system registry.
The Trojan-Dropper creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "9E ED B3 88 32 90 29 A8 FA 9D 88 8D 69 58 8F 54"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

The process BDDownloader.exe:2732 makes changes in the system registry.
The Trojan-Dropper creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "DF 17 D1 3E 73 C5 12 2F 75 1C 0C 28 D4 DC 98 6C"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\c:\program files\common files\baidu\bddownload\106]
"bddownloader.exe" = "百度高速下载引擎"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

The Trojan-Dropper modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan-Dropper modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

"UNCAsIntranet" = "1"

The Trojan-Dropper modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The process BDDownloader.exe:2660 makes changes in the system registry.
The Trojan-Dropper creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "BD 01 97 87 BD 0E 4E 0B 67 85 19 EE DC 62 24 EE"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

Dropped PE files

MD5 File path
a7d710e78711d5ab90e4792763241754 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsy2.tmp\Md5dll.dll
00a0194c20ee912257df53bfe258ee4a c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsy2.tmp\System.dll
b2181e501ce4b03aa5b01d63dbec0b6e c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsy2.tmp\bind.dll
3a5ed71aa9c6846d95d57235c4c443d7 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsy2.tmp\xID.dll
8f87437f10cd1ae1d2e8a16c74edb3bd c:\Program Files\shandian\bin\sdad.exe
5d58564e0c3a20c424c6e2485217773b c:\Program Files\shandian\bin\shandian.exe
15e8902b36a8efb0c4bb7d9fdc47deb0 c:\Program Files\shandian\shandian.exe
a2915eae84711b98f646d9ce9d758d55 c:\Program Files\shandian\uninst.exe

HOSTS file anomalies

No changes have been detected.

Rootkit activity

Using the driver "%System%\DRIVERS\bd0001.sys" the Trojan-Dropper controls creation and closing of processes by installing the process notifier.
Using the driver "%System%\DRIVERS\bd0001.sys" the Trojan-Dropper controls creation and closing of threads by installing the thread notifier.
Using the driver "%System%\DRIVERS\bd0001.sys" the Trojan-Dropper controls loading executable images into a memory by installing the Load image notifier.
The Trojan-Dropper installs the following kernel-mode hooks:

ZwUnloadKey

Propagation

VersionInfo

No information is available.

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Section MD5
.text 4096 23628 24064 4.46394 856b32eb77dfd6fb67f21d6543272da5
.rdata 28672 4764 5120 3.4982 dc77f8a1e6985a4361c55642680ddb4f
.data 36864 154712 1024 3.3278 7922d4ce117d7d5b3ac2cffe4b0b5e4f
.ndata 192512 49152 0 0 d41d8cd98f00b204e9800998ecf8427e
.rsrc 241664 10480 10752 5.24709 e2d169715d2dd59ebd70d1aff2e63ea9

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

URL IP
hxxp://112.124.102.171/stat/?ac=stat&name=%original file name%.exe&mac=00-0C-29-7C-CD-1F&md5=cc87e224f8d7fa1f264f3aa969a8538f
hxxp://www.fjmjm.com/web/welcome_cn.htm?ver=2.4.1.9&guid=ad4d7c051d43bc0597ddecc622c039c164f2c5c0f88e4007bf51a1829685440b1401553625&lastver= 112.124.102.171
hxxp://www.fjmjm.com/ 112.124.102.171
hxxp://www.fjmjm.com/web/newioage.css 112.124.102.171
hxxp://proxy.sogou.com/?22014
hxxp://www.fjmjm.com/web/images/start_button.jpg 112.124.102.171
hxxp://www.fjmjm.com/web/images/texture.gif 112.124.102.171
hxxp://www.fjmjm.com/web/images/guide_top.jpg 112.124.102.171
hxxp://njsh.cdn.sogou.com/kan/static/css/DD_belatedPNG_0.0.8a-min.js?t=
hxxp://proxy.sogou.com/css/skin_.css?V=dr
hxxp://www.fjmjm.com/favicon.ico 112.124.102.171
hxxp://njsh.cdn.sogou.com/imgn/v32/icon4.gif
hxxp://njsh.cdn.sogou.com/imgn/sehome/tjv1/subnav_v41.png
hxxp://njsh.cdn.sogou.com/v53/imgn/v53_bicos.gif
hxxp://njsh.cdn.sogou.com/imgn/v32/selogo_111207.png
hxxp://njsh.cdn.sogou.com/imgn/v32/skin3.gif
hxxp://njsh.cdn.sogou.com/imgn/v32/skin2_0.gif
hxxp://njsh.cdn.sogou.com/imgn/v32/setskinbg.gif
hxxp://njsh.cdn.sogou.com/imgu/2013/05/20130531144119_126.png
hxxp://njsh.cdn.sogou.com/imgn/123ie/search_arrow.gif
hxxp://njsh.cdn.sogou.com/imgu/2014/05/20140508103513_537.gif
hxxp://njsh.cdn.sogou.com/imgn/v32/titlebg.png
hxxp://njsh.cdn.sogou.com/imgn/v32/logo_1112293.gif
hxxp://njsh.cdn.sogou.com/v53/imgn/v53_2icos.gif
hxxp://njsh.cdn.sogou.com/imgu/2013/08/20130820165531_481.gif
hxxp://proxy.sogou.com/v53/jsn/v53_123n.js?V=11
hxxp://njsh.cdn.sogou.com/u/js/ufo2.js
hxxp://njsh.cdn.sogou.com/v53/imgn/v53_arrow_h.gif
hxxp://njsh.cdn.sogou.com/v53/imgn/foot_slider.jpg
hxxp://proxy.sogou.com/dh/dhrc/rec.do?block=gamev2&jsonp=__yx2q&t=1&_stamp=1401553630130
hxxp://njsh.cdn.sogou.com/imgn/123ie/setting_icon.gif
hxxp://njsh.cdn.sogou.com/imgn/v32/fbg_about.png
hxxp://njsh.cdn.sogou.com/ads_hz/_ads_2.js?t=778640
hxxp://njsh.cdn.sogou.com/imgn/v51/new-erweima2.png
hxxp://ctc.ping.sogou.com/pv.gif?uigs_productid=ufo&ufoid=wan&ptype=jztf2&pcode=index&rdk=1401553630661&img=pv.gif&sourcelist=0011000100006_0011000100007_0011000100008_0011000100009_0011000100010_0011000100011&titlelist=热血沙城_风云无双_仙侠道_大闹天宫OL_万世_Sogou傲剑2
hxxp://proxy.sogou.com//v53/get_123_v53.php?block=wt&ver=v53&gfg=1&city=unknown&pid=Af22014&c=1401553631536&method=ajaf&cbf=fn
hxxp://proxy.sogou.com/jsn/hotdata.js?V=1401553631583
hxxp://ctc.ping.sogou.com/pv.gif?uigs_productid=daohang&rdk=1401553631552&img=pv.gif&pars=?rand=1401553631552&suid=null&sduv=1401553631490_2278_00001&ckid=9290_00001_00000_5782_00000_00000&m=null&apid=null&sgtp=null&refer=&page=&pageUrl=http%3A%2F%2F123.sogou.com%2F%3F22014&loc=null&hp=-1&pid=Af22014&ptype=index&pcode=index&yyid=null&skin=null&ver=v53_ie6_dr__4&sys=100&ser=null&sev=null&time=3609
hxxp://njsh.cdn.sogou.com/jsn/citydata.js
hxxp://njsh.cdn.sogou.com/jsn/v33_sugg_ajaj_v40_3.js
hxxp://njsh.cdn.sogou.com/v53/jsn/main.js?V=107ff6db9da3d62875c7cafb326229a51
hxxp://njsh.cdn.sogou.com/imgn/tips/skin_tips_n1.gif
hxxp://proxy.sogou.com/images/weather/cloudy.gif
hxxp://www.fjmjm.com/web/PopWinParam.asp?d=2014419&mainver=1.0.0&popver=1.0.0&xmlver=20131020010000 112.124.102.171
hxxp://proxy.sogou.com/favicon.ico
hxxp://ctc.ping.sogou.com/pv.gif?uigs_productid=ufo&ufoid=daohang&ptype=indexv53&pcode=index&rdk=1401553634380&refer=&page=搜狗网址导航--网址大全,实用网址,尽在123.sogou.com&pageUrl=http://123.sogou.com/?22014&img=pv.gif&vcode=v53
hxxp://proxy.sogou.com/v53/get_tj.php?hz=4671845&ids=qiche
hxxp://njsh.cdn.sogou.com/v53/imgn/guide_tip.png
hxxp://njsh.cdn.sogou.com/imgu/2014/05/20140526163043_207.jpg
hxxp://njsh.cdn.sogou.com/imgu/2014/05/20140526163242_997.jpg
hxxp://njsh.cdn.sogou.com/imgu/2014/05/20140526163446_912.jpg
hxxp://njsh.cdn.sogou.com/imgu/2014/05/20140526170756_638.jpg
hxxp://njsh.cdn.sogou.com/imgu/2014/05/20140527160745_754.jpg
hxxp://njsh.cdn.sogou.com/imgn/sehome/tjv1/new-ico.png
hxxp://njsh.cdn.sogou.com/imgu/2014/05/20140528121904_599.jpg
hxxp://save2.xdwscache.glb0.lxdns.com/img/news_photo/2014/05/29/mE8bXnNioe2802.jpg
hxxp://njsh.cdn.sogou.com/imgn/sehome/tjv1/img-news.gif
hxxp://njsh.cdn.sogou.com/imgn/sehome/tjv1/img-video-2.gif
hxxp://njsh.cdn.sogou.com/imgu/2013/08/20130830161205_609.gif
hxxp://njsh.cdn.sogou.com/imgn/v51/i-ico-2b.png
hxxp://save2.xdwscache.glb0.lxdns.com/img/news_photo/2014/05/28/i8g7XZO1lz1162.jpg
hxxp://www.fjmjm.com/miniindex/ 112.124.102.171
hxxp://www.fjmjm.com/miniindex/inc/stylemini.css 112.124.102.171
hxxp://www.fjmjm.com/miniindex/inc/jquery-1.7.2.min.js 112.124.102.171
hxxp://www.fjmjm.com/miniindex/xinwen.htm?time=undefined 112.124.102.171
hxxp://www.fjmjm.com/miniindex/nvxing_509_366.htm?time=undefined 112.124.102.171
hxxp://www.fjmjm.com/miniindex/lieqi_509_366.htm?time=undefined 112.124.102.171
hxxp://www.fjmjm.com/miniindex/shehui_509_366.htm?time=undefined 112.124.102.171
hxxp://www.fjmjm.com/miniindex/jiankang_509_366.htm?time=undefined 112.124.102.171
hxxp://www.fjmjm.com/miniindex/meinv.htm?time=undefined 112.124.102.171
hxxp://taurus.danuoyi.tbcache.com/material/d7/4/a9ac5ed3b828895d94097c8c6faba.jpg
hxxp://drmcmm.e.shifen.com/media/id=nHRLPjm3nWRY&gp=401&time=nHnLPjmzrHckPs.jpg
hxxp://taurus.danuoyi.tbcache.com/noname.gif
hxxp://www.fjmjm.com/miniindex/images/Untitled-1.gif 112.124.102.171
hxxp://www.fjmjm.com/miniindex/inc/normal_bg.png 112.124.102.171
hxxp://www.fjmjm.com/miniindex/images/Untitled-2.gif 112.124.102.171
hxxp://www.fjmjm.com/miniindex/images/Untitled-3.jpg 112.124.102.171
hxxp://www.fjmjm.com/miniindex/tj.js 112.124.102.171
hxxp://www.fjmjm.com/miniindex/inc/ico_new2.png 112.124.102.171
hxxp://www.fjmjm.com/miniindex/inc/min.png 112.124.102.171
hxxp://www.fjmjm.com/miniindex/inc/close.png 112.124.102.171
hxxp://www.fjmjm.com/miniindex/inc/style.css 112.124.102.171
hxxp://c.split.cnzz.com/stat.php?id=5645354
hxxp://www.fjmjm.com/miniindex/images/b13.jpg 112.124.102.171
hxxp://www.fjmjm.com/miniindex/images/b14.jpg 112.124.102.171
hxxp://www.fjmjm.com/miniindex/images/b15.jpg 112.124.102.171
hxxp://www.fjmjm.com/miniindex/images/b16.jpg 112.124.102.171
hxxp://www.fjmjm.com/miniindex/images/b17.jpg 112.124.102.171
hxxp://z12.cnzz.com/stat.htm?id=5645354&r=&lg=en-us&ntime=none&repeatip=0&rtime=0&cnzz_eid=2021759436-1401571240-&showp=1024x768&st=0&sin=&t=undefinedundefinedundefinedundefinedundefined&rnd=1818635953
hxxp://c.split.cnzz.com/core.php?web_id=5645354&t=z
hxxp://www.fjmjm.com/miniindex/images/b18.JPG 112.124.102.171
hxxp://www.fjmjm.com/miniindex/images/b19.JPG 112.124.102.171
hxxp://www.fjmjm.com/miniindex/images/aaa4.jpg 112.124.102.171
hxxp://z12.cnzz.com/stat.htm?id=5645354&r=http://www.mdtxw.org/miniindex/&lg=en-us&ntime=1401571240&repeatip=0&rtime=0&cnzz_eid=2021759436-1401571240-&showp=1024x768&st=-17587&sin=none&t=undefinedundefinedundefined&rnd=26498894
hxxp://pcookie.split.cnzz.com/9.gif?abc=1&rnd=1457006025
hxxp://pcookie.split.cnzz.com/9.gif?abc=1&rnd=955913968
hxxp://www.fjmjm.com/miniindex/images/aaa3.jpg 112.124.102.171
hxxp://z12.cnzz.com/stat.htm?id=5645354&r=http://www.mdtxw.org/miniindex/&lg=en-us&ntime=1401571241&repeatip=0&rtime=0&cnzz_eid=2021759436-1401571240-&showp=1024x768&st=-17587&sin=none&t=undefinedundefinedundefined&rnd=264778236
hxxp://pcookie.split.cnzz.com/9.gif?abc=1&rnd=1664314230
hxxp://pcookie.split.cnzz.com/app.gif?&cna=qTURDBgFISYCAbhrJiaIb/9f
hxxp://pcookie.split.cnzz.com/app.gif?&cna=qjURDAV7x0wCAbhrJiZWvYLP
hxxp://www.fjmjm.com/miniindex/images/aaa5.jpg 112.124.102.171
hxxp://pcookie.split.cnzz.com/app.gif?&cna=qjURDJbGu14CAbhrJiZSgwUL
hxxp://www.fjmjm.com/miniindex/images/aaa6.jpg 112.124.102.171
hxxp://www.fjmjm.com/miniindex/images/aaa1.jpg 112.124.102.171
hxxp://www.fjmjm.com/miniindex/images/aaa2.jpg 112.124.102.171
hxxp://www.fjmjm.com/miniindex/images/aaa7.jpg 112.124.102.171
hxxp://www.fjmjm.com/miniindex/images/aaa8.jpg 112.124.102.171
hxxp://www.fjmjm.com/miniindex/images/aaa9.jpg 112.124.102.171
hxxp://www.fjmjm.com/miniindex/images/aaa10.jpg 112.124.102.171
hxxp://pcookie.split.cnzz.com/9.gif?abc=1&rnd=664781698
hxxp://z12.cnzz.com/stat.htm?id=5645354&r=http://www.mdtxw.org/miniindex/&lg=en-us&ntime=1401571241&repeatip=0&rtime=0&cnzz_eid=2021759436-1401571240-&showp=1024x768&st=-17584&sin=none&t=undefinedundefinedundefined&rnd=807827226
hxxp://pcookie.split.cnzz.com/9.gif?abc=1&rnd=1242621765
hxxp://z12.cnzz.com/stat.htm?id=5645354&r=http://www.mdtxw.org/miniindex/&lg=en-us&ntime=1401571241&repeatip=0&rtime=0&cnzz_eid=2021759436-1401571240-&showp=1024x768&st=-17582&sin=none&t=undefinedundefinedundefined&rnd=60436568
hxxp://www.mdtxw.org/miniindex/inc/ico_new2.png 112.124.102.171
hxxp://www.mdtxw.org/miniindex/images/Untitled-2.gif 112.124.102.171
hxxp://www.mdtxw.org/miniindex/images/aaa1.jpg 112.124.102.171
hxxp://stat.fjmjm.com/web/PopWinParam.asp?d=2014419&mainver=1.0.0&popver=1.0.0&xmlver=20131020010000
hxxp://www.mdtxw.org/miniindex/nvxing_509_366.htm?time=undefined 112.124.102.171
hxxp://p3.123.sogoucdn.com/imgn/v51/i-ico-2b.png 58.215.147.36
hxxp://p6.123.sogoucdn.com/imgn/123ie/setting_icon.gif 114.80.179.222
hxxp://c.cnzz.com/core.php?web_id=5645354&t=z 42.120.219.6
hxxp://123.sogou.com/css/skin_.css?V=dr 180.149.156.71
hxxp://p4.123.sogoucdn.com/imgn/v32/fbg_about.png 58.215.147.40
hxxp://www.mdtxw.org/miniindex/xinwen.htm?time=undefined 112.124.102.171
hxxp://p4.123.sogoucdn.com/imgu/2014/05/20140508103513_537.gif 58.215.147.40
hxxp://d.123.sogoucdn.com/imgn/v32/icon4.gif 114.80.179.222
hxxp://pic4.xcarimg.com/img/news_photo/2014/05/29/mE8bXnNioe2802.jpg 8.37.231.22
hxxp://p8.123.sogoucdn.com/imgn/tips/skin_tips_n1.gif 114.80.179.210
hxxp://p5.123.sogoucdn.com/imgu/2014/05/20140528121904_599.jpg 222.211.87.163
hxxp://www.mdtxw.org/miniindex/tj.js 112.124.102.171
hxxp://123.sogou.com/jsn/hotdata.js?V=1401553631583 180.149.156.71
hxxp://www.mdtxw.org/miniindex/images/b16.jpg 112.124.102.171
hxxp://p3.123.sogoucdn.com/imgu/2014/05/20140527160745_754.jpg 58.215.147.36
hxxp://www.mdtxw.org/miniindex/lieqi_509_366.htm?time=undefined 112.124.102.171
hxxp://pcookie.cnzz.com/app.gif?&cna=qTURDBgFISYCAbhrJiaIb/9f 42.120.219.171
hxxp://p3.123.sogoucdn.com/imgn/sehome/tjv1/img-video-2.gif 58.215.147.36
hxxp://www.mdtxw.org/miniindex/inc/normal_bg.png 112.124.102.171
hxxp://cnzz.mmstat.com/9.gif?abc=1&rnd=1242621765 42.120.219.171
hxxp://p1.123.sogoucdn.com/imgn/v32/selogo_111207.png 222.211.87.185
hxxp://123.sogou.com/v53/get_tj.php?hz=4671845&ids=qiche 180.149.156.71
hxxp://d.123.sogoucdn.com/v53/jsn/main.js?V=107ff6db9da3d62875c7cafb326229a51 114.80.179.222
hxxp://d.123.sogoucdn.com/v53/imgn/foot_slider.jpg 114.80.179.222
hxxp://www.mdtxw.org/miniindex/images/Untitled-3.jpg 112.124.102.171
hxxp://p3.123.sogoucdn.com/imgn/sehome/tjv1/new-ico.png 58.215.147.36
hxxp://wan.sogou.com/dh/dhrc/rec.do?block=gamev2&jsonp=__yx2q&t=1&_stamp=1401553630130 180.149.156.70
hxxp://www.mdtxw.org/miniindex/images/b14.jpg 112.124.102.171
hxxp://d.123.sogoucdn.com/v53/imgn/v53_bicos.gif 114.80.179.222
hxxp://p5.123.sogoucdn.com/imgn/v32/logo_1112293.gif 222.211.87.163
hxxp://www.mdtxw.org/miniindex/images/b19.JPG 112.124.102.171
hxxp://p0.123.sogoucdn.com/imgn/v32/skin3.gif 222.211.87.171
hxxp://pb.sogou.com/pv.gif?uigs_productid=ufo&ufoid=wan&ptype=jztf2&pcode=index&rdk=1401553630661&img=pv.gif&sourcelist=0011000100006_0011000100007_0011000100008_0011000100009_0011000100010_0011000100011&titlelist=热血沙城_风云无双_仙侠道_大闹天宫OL_万世_Sogou傲剑2 220.181.124.108
hxxp://www.mdtxw.org/miniindex/inc/close.png 112.124.102.171
hxxp://123.sogou.com/favicon.ico 180.149.156.71
hxxp://www.mdtxw.org/miniindex/images/b15.jpg 112.124.102.171
hxxp://pb.sogou.com/pv.gif?uigs_productid=ufo&ufoid=daohang&ptype=indexv53&pcode=index&rdk=1401553634380&refer=&page=搜狗网址导航--网址大全,实用网址,尽在123.sogou.com&pageUrl=http://123.sogou.com/?22014&img=pv.gif&vcode=v53 220.181.124.108
hxxp://p1.123.sogoucdn.com/imgu/2014/05/20140526163446_912.jpg 222.211.87.185
hxxp://d.123.sogoucdn.com/v53/imgn/guide_tip.png 114.80.179.222
hxxp://stat.fjmjm.com/stat/?ac=stat&name=%original file name%.exe&mac=00-0C-29-7C-CD-1F&md5=cc87e224f8d7fa1f264f3aa969a8538f
hxxp://www.mdtxw.org/miniindex/inc/style.css 112.124.102.171
hxxp://cnzz.mmstat.com/9.gif?abc=1&rnd=955913968 42.120.219.171
hxxp://p5.123.sogoucdn.com/imgu/2013/08/20130830161205_609.gif 222.211.87.163
hxxp://www.mdtxw.org/miniindex/inc/min.png 112.124.102.171
hxxp://pcookie.cnzz.com/app.gif?&cna=qjURDJbGu14CAbhrJiZSgwUL 42.120.219.171
hxxp://p4.123.sogoucdn.com/imgn/v32/selogo_111207.png 58.215.147.40
hxxp://cache.adm.cnzz.net/material/d7/4/a9ac5ed3b828895d94097c8c6faba.jpg 195.27.31.250
hxxp://www.mdtxw.org/miniindex/jiankang_509_366.htm?time=undefined 112.124.102.171
hxxp://www.mdtxw.org/miniindex/images/aaa8.jpg 112.124.102.171
hxxp://p0.123.sogoucdn.com/imgu/2014/05/20140526170756_638.jpg 222.211.87.171
hxxp://p7.123.sogoucdn.com/imgn/123ie/search_arrow.gif 58.215.147.38
hxxp://p2.123.sogoucdn.com/imgu/2013/05/20130531144119_126.png 222.211.87.167
hxxp://cnzz.mmstat.com/9.gif?abc=1&rnd=1664314230 42.120.219.171
hxxp://d.123.sogoucdn.com/kan/static/css/DD_belatedPNG_0.0.8a-min.js?t= 114.80.179.222
hxxp://p3.123.sogoucdn.com/imgn/sehome/tjv1/img-news.gif 58.215.147.36
hxxp://www.mdtxw.org/miniindex/shehui_509_366.htm?time=undefined 112.124.102.171
hxxp://www.mdtxw.org/miniindex/inc/jquery-1.7.2.min.js 112.124.102.171
hxxp://p3.123.sogoucdn.com/imgn/v51/new-erweima2.png 58.215.147.36
hxxp://www.mdtxw.org/miniindex/inc/stylemini.css 112.124.102.171
hxxp://www.mdtxw.org/miniindex/meinv.htm?time=undefined 112.124.102.171
hxxp://p0.123.sogoucdn.com/imgn/v32/titlebg.png 222.211.87.171
hxxp://p5.123.sogoucdn.com/imgu/2014/05/20140526163043_207.jpg 222.211.87.163
hxxp://www.jlbnh.com/ 112.124.102.171
hxxp://pic2.xcarimg.com/img/news_photo/2014/05/28/i8g7XZO1lz1162.jpg 8.37.231.20
hxxp://p1.123.sogoucdn.com/imgn/v32/skin2_0.gif 222.211.87.185
hxxp://www.mdtxw.org/miniindex/images/aaa2.jpg 112.124.102.171
hxxp://cnzz.mmstat.com/9.gif?abc=1&rnd=664781698 42.120.219.171
hxxp://www.mdtxw.org/miniindex/images/aaa4.jpg 112.124.102.171
hxxp://d.123.sogou.com/jsn/v33_sugg_ajaj_v40_3.js 58.215.147.42
hxxp://p0.123.sogoucdn.com/imgu/2014/05/20140526163242_997.jpg 222.211.87.171
hxxp://hzs10.cnzz.com/stat.htm?id=5645354&r=http://www.mdtxw.org/miniindex/&lg=en-us&ntime=1401571240&repeatip=0&rtime=0&cnzz_eid=2021759436-1401571240-&showp=1024x768&st=-17587&sin=none&t=undefinedundefinedundefined&rnd=26498894 42.156.140.25
hxxp://drmcmm.baidu.com/media/id=nHRLPjm3nWRY&gp=401&time=nHnLPjmzrHckPs.jpg 202.108.23.74
hxxp://p0.123.sogoucdn.com/imgn/sehome/tjv1/subnav_v41.png 222.211.87.171
hxxp://www.mdtxw.org/miniindex/images/b13.jpg 112.124.102.171
hxxp://hzs10.cnzz.com/stat.htm?id=5645354&r=http://www.mdtxw.org/miniindex/&lg=en-us&ntime=1401571241&repeatip=0&rtime=0&cnzz_eid=2021759436-1401571240-&showp=1024x768&st=-17582&sin=none&t=undefinedundefinedundefined&rnd=60436568 42.156.140.25
hxxp://cnzz.mmstat.com/9.gif?abc=1&rnd=1457006025 42.120.219.171
hxxp://d.123.sogou.com/jsn/citydata.js 58.215.147.42
hxxp://p8.123.sogoucdn.com/imgn/v32/selogo_111207.png 114.80.179.210
hxxp://123.sogou.com//v53/get_123_v53.php?block=wt&ver=v53&gfg=1&city=unknown&pid=Af22014&c=1401553631536&method=ajaf&cbf=fn 180.149.156.71
hxxp://www.mdtxw.org/miniindex/ 112.124.102.171
hxxp://pb.sogou.com/pv.gif?uigs_productid=daohang&rdk=1401553631552&img=pv.gif&pars=?rand=1401553631552&suid=null&sduv=1401553631490_2278_00001&ckid=9290_00001_00000_5782_00000_00000&m=null&apid=null&sgtp=null&refer=&page=&pageUrl=http%3A%2F%2F123.sogou.com%2F%3F22014&loc=null&hp=-1&pid=Af22014&ptype=index&pcode=index&yyid=null&skin=null&ver=v53_ie6_dr__4&sys=100&ser=null&sev=null&time=3609 220.181.124.108
hxxp://hzs10.cnzz.com/stat.htm?id=5645354&r=&lg=en-us&ntime=none&repeatip=0&rtime=0&cnzz_eid=2021759436-1401571240-&showp=1024x768&st=0&sin=&t=undefinedundefinedundefinedundefinedundefined&rnd=1818635953 42.156.140.25
hxxp://pcookie.cnzz.com/app.gif?&cna=qjURDAV7x0wCAbhrJiZWvYLP 42.120.219.171
hxxp://www.mdtxw.org/miniindex/images/aaa5.jpg 112.124.102.171
hxxp://d.123.sogoucdn.com/v53/imgn/v53_2icos.gif 114.80.179.222
hxxp://www.mdtxw.org/miniindex/images/aaa7.jpg 112.124.102.171
hxxp://www.mdtxw.org/miniindex/images/aaa6.jpg 112.124.102.171
hxxp://123.sogou.com/images/weather/cloudy.gif 180.149.156.71
hxxp://123.sogou.com/?22014 180.149.156.71
hxxp://cache.adm.cnzz.net/noname.gif 195.27.31.250
hxxp://www.mdtxw.org/miniindex/images/aaa9.jpg 112.124.102.171
hxxp://d.123.sogoucdn.com/v53/imgn/v53_arrow_h.gif 114.80.179.222
hxxp://p0.123.sogoucdn.com/u/js/ufo2.js 222.211.87.171
hxxp://hzs10.cnzz.com/stat.htm?id=5645354&r=http://www.mdtxw.org/miniindex/&lg=en-us&ntime=1401571241&repeatip=0&rtime=0&cnzz_eid=2021759436-1401571240-&showp=1024x768&st=-17584&sin=none&t=undefinedundefinedundefined&rnd=807827226 42.156.140.25
hxxp://www.mdtxw.org/miniindex/images/Untitled-1.gif 112.124.102.171
hxxp://s9.cnzz.com/stat.php?id=5645354 1.99.192.15
hxxp://www.mdtxw.org/miniindex/images/b17.jpg 112.124.102.171
hxxp://123.sogou.com/v53/jsn/v53_123n.js?V=11 180.149.156.71
hxxp://p3.123.sogoucdn.com/imgn/v32/setskinbg.gif 58.215.147.36
hxxp://www.mdtxw.org/miniindex/images/b18.JPG 112.124.102.171
hxxp://hzs10.cnzz.com/stat.htm?id=5645354&r=http://www.mdtxw.org/miniindex/&lg=en-us&ntime=1401571241&repeatip=0&rtime=0&cnzz_eid=2021759436-1401571240-&showp=1024x768&st=-17587&sin=none&t=undefinedundefinedundefined&rnd=264778236 42.156.140.25
hxxp://www.mdtxw.org/miniindex/images/aaa10.jpg 112.124.102.171
hxxp://www.mdtxw.org/miniindex/images/aaa3.jpg 112.124.102.171
hxxp://p6.123.sogoucdn.com/imgu/2013/08/20130820165531_481.gif 114.80.179.222
hxxp://d.123.sogoucdn.com/ads_hz/_ads_2.js?t=778640 114.80.179.222
down.icudi.org 222.186.60.2


IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

ET POLICY HTTP Request on Unusual Port Possibly Hostile

Traffic

GET /stat/?ac=stat&name=%original file name%.exe&mac=00-0C-29-7C-CD-1F&md5=cc87e224f8d7fa1f264f3aa969a8538f HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: stat.fjmjm.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Sat, 31 May 2014 21:20:12 GMT
Server: Microsoft-IIS/6.0
Who: ShanIE
Content-Length: 0
Content-Type: text/html
Set-Cookie: ASPSESSIONIDCASRABDR=OKJHDCNADAJNHOJEGPICPLDO; path=/
Cache-control: private



GET /imgn/v32/skin2_0.gif HTTP/1.1
Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: p1.123.sogoucdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Sat, 31 May 2014 21:20:18 GMT
Content-Type: image/gif
Content-Length: 592
Last-Modified: Wed, 20 Jun 2012 04:23:24 GMT
Connection: keep-alive
Expires: Mon, 30 Jun 2014 21:20:18 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
GIF89a..........Ly.Ky.Aq.Et.Iw.S..W..Z..[..a..d..c..e..g..w...........
........................s.............................................
......................................................................
......................................................................
......................................................................
...............................................!.....s.,............s.
s...s ..................)q(....&X*....#qnmol!!p<Pad%..$igbf`ch\OYIQ
"...rlj_^]PMK/U:..s...pe[ZJG7'......kNLH6CF*....W.EB35-..s............
.B$...=~.HX...*8...... ..B...`..@.;....


GET /imgu/2014/05/20140526163446_912.jpg HTTP/1.1


Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: p1.123.sogoucdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Sat, 31 May 2014 21:20:24 GMT
Content-Type: image/jpeg
Content-Length: 5654
Last-Modified: Mon, 26 May 2014 08:34:46 GMT
Connection: keep-alive
Expires: Mon, 30 Jun 2014 21:20:24 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
......JFIF.............0Exif..II*.......1...............VVV.meitu.com.
...C..................................................................
..C...................................................................
....=._...............................................................
}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUV
WXYZcdefghijstuvwxyz..................................................
......................................................................
......w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFG
HIJSTUVWXYZcdefghijstuvwxyz...........................................
.........................................?..........|f...Yl..;av...zW.
...KC.....}..W.?.........'.....GN.".....VF..Xdn.\.L......|......=.7~/~
.../...Z..w...m....,..]...\|....?..Z.......z..T...<....Q_.s.o......
N.<7u..nSEW......o>....`14....WU-m...T o........_....M.mm.>.|
.S~.....bl<g?.Q].]Y........kH..J...M0.../7f.....k.x..k..o.........5
.g.l.K.e~|....q.*.Silz.xmr.....>7...&.&7.q..Y.....<.q....r...I.W
......N...;.a.W.........T...X...5..C..mc#/>..X...Mr....7........^..
.|......:...'.}.M.h.....:Ao.....aq...-f....!Qsy3.yF>.?i*o.u..~=..._
...M........Vo.0.h...P.*..P..v4..Pv.O..$...P....v......~L*[email protected]
.ot...C.:....2n...dsz..t...:.n.^x.i.6.70HQ.....G .V..*.i..]:..U..(..M9
qo.n<D.`{.Z7s..........-...-..!.P.g$....k....p4...;[email protected]
..>.....mkK. 2..tRF......_.[.....$....<<).*.H..h..''.........
. ..v..-n.ll<s...d.V..mB......I...Y.S..../....?.__4y..SW..>h
<<< skipped >>>


GET /stat.htm?id=5645354&r=&lg=en-us&ntime=none&repeatip=0&rtime=0&cnzz_eid=2021759436-1401571240-&showp=1024x768&st=0&sin=&t=undefinedundefinedundefinedundefinedundefined&rnd=1818635953 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: hzs10.cnzz.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine/1.4.1
Date: Sat, 31 May 2014 21:20:41 GMT
Content-Type: image/gif
Content-Length: 43
Last-Modified: Tue, 28 May 2013 02:57:17 GMT
Connection: close
Accept-Ranges: bytes
GIF89a.............!.......,...........D..;..



GET /stat.php?id=5645354 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/xinwen.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: s9.cnzz.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine
Date: Sat, 31 May 2014 21:20:41 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sat, 31 May 2014 21:20:41 GMT
Expires: Sat, 31 May 2014 22:50:41 GMT
1f7a..(function(){function l(){this.c="5645354";this.R="z";this.N="";t
his.K="";this.M="";this.o="1401571241";this.P="hzs10.cnzz.com";this.L=
"";this.s="CNZZDATA" this.c;this.r="_CNZZDbridge_" this.c;this.G="_cnz
z_CV" this.c;this.u="0";this.B={};this.a={};this.la()}function g(a,b){
try{var c=[];c.push("siteid=5645354");.c.push("name=" d(a.name));c.pus
h("msg=" d(a.message));c.push("r=" d(h.referrer));c.push("page=" d(f.l
ocation.href));c.push("agent=" d(f.navigator.userAgent));c.push("ex=" 
d(b));c.push("rnd=" Math.floor(2147483648*Math.random()));(new Image).
src="hXXp://jserr.cnzz.com/log.php?" c.join("&")}catch(e){}}var h=docu
ment,f=window,d=encodeURIComponent,k=decodeURIComponent,p=unescape,r=e
scape,m="https:"===f.location.protocol?"https:":"http:",s=m "//c.cnzz.
com/core.php";l.prototype={la:function(){try{this.U(),.this.J(),this.i
a(),this.H(),this.m(),this.ga(),this.fa(),this.ja(),this.j(),this.ea()
,this.ha(),this.ka(),this.ca(),this.aa(),this.da(),this.qa(),f[this.r]
=f[this.r]||{},this.ba("_cnzz_CV")}catch(a){g(a,"i failed")}},oa:funct
ion(){try{var a=this;f._czc={push:function(){return a.C.apply(a,argume
nts)}}}catch(b){g(b,"oP failed")}},aa:function(){try{var a=f._czc;if("
[object Array]"==={}.toString.call(a))for(var b=0;b<a.length;b  ){v
ar c=a[b];switch(c[0]){case "_setAccount":f._cz_account="[object Strin
g]"===.{}.toString.call(c[1])?c[1]:String(c[1]);break;case "_setAutoPa
geview":"boolean"===typeof c[1]&&(f._cz_autoPageview=c[1])}}}catch(e){
g(e,"cS failed")}},qa:function(){try{if("undefined"===typeof f._cz
<<< skipped >>>


GET /miniindex/ HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 10093
Content-Type: text/html
Content-Location: hXXp://VVV.mdtxw.org/miniindex/index.html
Last-Modified: Thu, 22 May 2014 11:22:12 GMT
Accept-Ranges: bytes
ETag: "684ac813b075cf1:420"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 21:20:34 GMT
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "htt
p://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xm
lns="hXXp://VVV.w3.org/1999/xhtml">...<head>....<meta http
-equiv="Content-Type" content="text/html; charset=gb2312">....<m
eta http-equiv="Cache-Control" content="no-cache">....<meta name
="robots" content="noindex, nofollow,nosnippet,noarchive,noodp">...
.<title>..........</title>....<link href="inc/stylemini
.css" rel="stylesheet" type="text/css">....<script src="inc/jque
ry-1.7.2.min.js" type="text/javascript"></script>....<base
 target="_blank">..<script type="text/javascript"> ..<!-- 
..//..........//document.oncontextmenu=function(e){return false;}..//.
...........var cusi=0;..var tiaozuan=1;..var timer;..//..............v
ar bq_array = new Array();..//........,....id,........url,............
(1....,..............class) ......url ......bq_array.push(["....","0",
"","0","","0"]);..bq_array.push(["....","105","hXXp://VVV.jgtj.com.cn/
ll","0","xinwen.htm","0"]);..bq_array.push(["....","101","hXXp://VVV.j
gtj.com.cn/ll","0","nvxing_509_366.htm","0"]);..bq_array.push(["....",
"102","hXXp://VVV.jgtj.com.cn/ll","0","lieqi_509_366.htm","0"]);..bq_a
rray.push(["....","100","hXXp://VVV.jgtj.com.cn/ll","0","shehui_509_36
6.htm","0"]);..bq_array.push(["....","120","hXXp://VVV.jgtj.com.cn/ll"
,"0","jiankang_509_366.htm","0"]);..bq_array.push(["....","130","http:
//VVV.jgtj.com.cn/ll","0","meinv.htm","0"]);..bq_array.push(["....
<<< skipped >>>

GET /miniindex/inc/jquery-1.7.2.min.js HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 91342
Content-Type: application/x-javascript
Last-Modified: Thu, 10 Apr 2014 16:44:10 GMT
Accept-Ranges: bytes
ETag: "069a418dc54cf1:420"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 21:20:35 GMT
/*!. * jQuery JavaScript Library v1.6.1. * hXXp://jquery.com/. *. * Co
pyright 2011, John Resig. * Dual licensed under the MIT or GPL Version
 2 licenses.. * hXXp://jquery.org/license. *. * Includes Sizzle.js. * 
hXXp://sizzlejs.com/. * Copyright 2011, The Dojo Foundation. * Release
d under the MIT, BSD, and GPL Licenses.. *. * Date: Thu May 12 15:04:3
6 2011 -0400. */.(function(a,b){function cy(a){return f.isWindow(a)?a:
a.nodeType===9?a.defaultView||a.parentWindow:!1}function cv(a){if(!cj[
a]){var b=f("<" a ">").appendTo("body"),d=b.css("display");b.rem
ove();if(d==="none"||d===""){ck||(ck=c.createElement("iframe"),ck.fram
eBorder=ck.width=ck.height=0),c.body.appendChild(ck);if(!cl||!ck.creat
eElement)cl=(ck.contentWindow||ck.contentDocument).document,cl.write("
<!doctype><html><body></body></html>");b
=cl.createElement(a),cl.body.appendChild(b),d=f.css(b,"display"),c.bod
y.removeChild(ck)}cj[a]=d}return cj[a]}function cu(a,b){var c={};f.eac
h(cp.concat.apply([],cp.slice(0,b)),function(){c[this]=a});return c}fu
nction ct(){cq=b}function cs(){setTimeout(ct,0);return cq=f.now()}func
tion ci(){try{return new a.ActiveXObject("Microsoft.XMLHTTP")}catch(b)
{}}function ch(){try{return new a.XMLHttpRequest}catch(b){}}function c
b(a,c){a.dataFilter&&(c=a.dataFilter(c,a.dataType));var d=a.dataTypes,
e={},g,h,i=d.length,j,k=d[0],l,m,n,o,p;for(g=1;g<i;g  ){if(g===1)fo
r(h in a.converters)typeof h=="string"&&(e[h.toLowerCase()]=a.converte
rs[h]);l=k,k=d[g];if(k==="*")k=l;else if(l!=="*"&&l!==k){m=l " " k
<<< skipped >>>

GET /miniindex/nvxing_509_366.htm?time=undefined HTTP/1.1


Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://VVV.mdtxw.org/miniindex/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 12745
Content-Type: text/html
Last-Modified: Mon, 14 Apr 2014 11:01:01 GMT
Accept-Ranges: bytes
ETag: "80544bd2d057cf1:420"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 21:20:36 GMT
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "htt
p://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xm
lns="hXXp://VVV.w3.org/1999/xhtml"><head><meta http-equiv=
"Content-Type" content="text/html; charset=GBK">..<title>mini
_509_366</title>..<base href="." target="_blank" />..    .
.<style type="text/css">../*....*/..html,..body{ overflow:hidden
; }..body,div,dl,dt,dd,ul,ol,li,h1,h2,h3,h4,h5,h6,form,input,textarea,
p,th,td,button { padding:0; margin:0;}..input,label,select,option,text
area,button { font:12px/18px Simsun, Helvetica, Arial, sans-serif; }..
table { border-collapse:collapse; border-spacing:0; }..ul { list-style
:none; }..img { border:none; }..button { cursor:pointer; }..input,text
area { font-size:12px; }..body { font:12px/18px Simsun, Helvetica, Ari
al, sans-serif; text-align:center;}..a { text-decoration:none; color:#
333333; }..a:hover { text-decoration:underline; color:#BD0A01; }..::se
lection {background-color:#669800;color:#FFFFFF;}..::-moz-selection {b
ackground-color:#669800;color:#FFFFFF;}...list_pic li.noMargin{margin:
0}../*global*/...more,...home,...at_me { display:inline-block; }...wb_
ico { background-position:right 3px; padding-right:10px; }...more_box{
 margin-left:4px; position:relative;}...more { width:6px; height:5px; 
position:absolute; left:0;_left:4px; top:3px; background-position:-14p
x -40px; }...vico { background-position:0 -114px; padding-left:23px; }
...vico_right{ padding-right:20px; background-position:right -496p
<<< skipped >>>

GET /miniindex/lieqi_509_366.htm?time=undefined HTTP/1.1


Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://VVV.mdtxw.org/miniindex/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 13149
Content-Type: text/html
Last-Modified: Mon, 14 Apr 2014 11:01:34 GMT
Accept-Ranges: bytes
ETag: "0bbf6e5d057cf1:420"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 21:20:36 GMT
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "htt
p://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xm
lns="hXXp://VVV.w3.org/1999/xhtml"><head><meta http-equiv=
"Content-Type" content="text/html; charset=GBK">..<title>mini
_509_366</title>..<base href="." target="_blank" />..    .
.<style type="text/css">../*....*/..html,..body{ overflow:hidden
; }..body,div,dl,dt,dd,ul,ol,li,h1,h2,h3,h4,h5,h6,form,input,textarea,
p,th,td,button { padding:0; margin:0;}..input,label,select,option,text
area,button { font:12px/18px Simsun, Helvetica, Arial, sans-serif; }..
table { border-collapse:collapse; border-spacing:0; }..ul { list-style
:none; }..img { border:none; }..button { cursor:pointer; }..input,text
area { font-size:12px; }..body { font:12px/18px Simsun, Helvetica, Ari
al, sans-serif; text-align:center;}..a { text-decoration:none; color:#
333333; }..a:hover { text-decoration:underline; color:#BD0A01; }..::se
lection {background-color:#669800;color:#FFFFFF;}..::-moz-selection {b
ackground-color:#669800;color:#FFFFFF;}...list_pic li.noMargin{margin:
0}../*global*/...more,...home,...at_me { display:inline-block; }...wb_
ico { background-position:right 3px; padding-right:10px; }...more_box{
 margin-left:4px; position:relative;}...more { width:6px; height:5px; 
position:absolute; left:0;_left:4px; top:3px; background-position:-14p
x -40px; }...vico { background-position:0 -114px; padding-left:23px; }
...vico_right{ padding-right:20px; background-position:right -496p
<<< skipped >>>

GET /miniindex/jiankang_509_366.htm?time=undefined HTTP/1.1


Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://VVV.mdtxw.org/miniindex/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 13037
Content-Type: text/html
Last-Modified: Mon, 14 Apr 2014 11:01:30 GMT
Accept-Ranges: bytes
ETag: "06194e3d057cf1:420"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 21:20:36 GMT
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "htt
p://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xm
lns="hXXp://VVV.w3.org/1999/xhtml"><head><meta http-equiv=
"Content-Type" content="text/html; charset=GBK">..<title>mini
_509_366</title>..<base href="." target="_blank" />..    .
.<style type="text/css">../*....*/..html,..body{ overflow:hidden
; }..body,div,dl,dt,dd,ul,ol,li,h1,h2,h3,h4,h5,h6,form,input,textarea,
p,th,td,button { padding:0; margin:0;}..input,label,select,option,text
area,button { font:12px/18px Simsun, Helvetica, Arial, sans-serif; }..
table { border-collapse:collapse; border-spacing:0; }..ul { list-style
:none; }..img { border:none; }..button { cursor:pointer; }..input,text
area { font-size:12px; }..body { font:12px/18px Simsun, Helvetica, Ari
al, sans-serif; text-align:center;}..a { text-decoration:none; color:#
333333; }..a:hover { text-decoration:underline; color:#BD0A01; }..::se
lection {background-color:#669800;color:#FFFFFF;}..::-moz-selection {b
ackground-color:#669800;color:#FFFFFF;}...list_pic li.noMargin{margin:
0}../*global*/...more,...home,...at_me { display:inline-block; }...wb_
ico { background-position:right 3px; padding-right:10px; }...more_box{
 margin-left:4px; position:relative;}...more { width:6px; height:5px; 
position:absolute; left:0;_left:4px; top:3px; background-position:-14p
x -40px; }...vico { background-position:0 -114px; padding-left:23px; }
...vico_right{ padding-right:20px; background-position:right -496p
<<< skipped >>>

GET /miniindex/xinwen.htm?time=undefined HTTP/1.1


Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://VVV.mdtxw.org/miniindex/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 7368
Content-Type: text/html
Last-Modified: Wed, 16 Apr 2014 14:44:27 GMT
Accept-Ranges: bytes
ETag: "5947395e8259cf1:420"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 21:20:37 GMT
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "htt
p://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<HTML xm
lns="hXXp://VVV.w3.org/1999/xhtml"><HEAD><META content="IE
=10.000" http-equiv="X-UA-Compatible">. ..<meta http-equiv="Cont
ent-Type" content="text/html; charset=gb2312">.. ..<meta name="r
obots" content="noindex, nofollow,nosnippet,noarchive,noodp">..<
title>......</title>..<link href="inc/style.css" rel="styl
esheet" type="text/css">.. ..<style type="text/css">..       
     * { padding:0px;..                margin:0px;..            }..   
         .roll-news {..                width:220px;..                h
eight:150px;..                border:solid 1px #c1c1c1;..             
   overflow:hidden;..            }..            .roll-news-index-hover
 {..                background-color:white !important;..            }.
.            .roll-news-image a img {..                width:220px;.. 
               height:150px;..            }..            .roll-news-in
dex {..                position:relative;..                top:-22px;.
.                float:right;..                width: 60px;..         
   }..            .roll-news-index li {..                list-style:no
ne;..                float:left;..                font-size:12px;..   
             font-weight:600;..                width:8px;..           
     height:16px;..                line-height:16px;..                
cursor:pointer;..                margin:0 3px 0 0;..              
<<< skipped >>>

GET /miniindex/lieqi_509_366.htm?time=undefined HTTP/1.1


Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://VVV.mdtxw.org/miniindex/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 13149
Content-Type: text/html
Last-Modified: Mon, 14 Apr 2014 11:01:34 GMT
Accept-Ranges: bytes
ETag: "0bbf6e5d057cf1:420"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 21:20:37 GMT
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "htt
p://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xm
lns="hXXp://VVV.w3.org/1999/xhtml"><head><meta http-equiv=
"Content-Type" content="text/html; charset=GBK">..<title>mini
_509_366</title>..<base href="." target="_blank" />..    .
.<style type="text/css">../*....*/..html,..body{ overflow:hidden
; }..body,div,dl,dt,dd,ul,ol,li,h1,h2,h3,h4,h5,h6,form,input,textarea,
p,th,td,button { padding:0; margin:0;}..input,label,select,option,text
area,button { font:12px/18px Simsun, Helvetica, Arial, sans-serif; }..
table { border-collapse:collapse; border-spacing:0; }..ul { list-style
:none; }..img { border:none; }..button { cursor:pointer; }..input,text
area { font-size:12px; }..body { font:12px/18px Simsun, Helvetica, Ari
al, sans-serif; text-align:center;}..a { text-decoration:none; color:#
333333; }..a:hover { text-decoration:underline; color:#BD0A01; }..::se
lection {background-color:#669800;color:#FFFFFF;}..::-moz-selection {b
ackground-color:#669800;color:#FFFFFF;}...list_pic li.noMargin{margin:
0}../*global*/...more,...home,...at_me { display:inline-block; }...wb_
ico { background-position:right 3px; padding-right:10px; }...more_box{
 margin-left:4px; position:relative;}...more { width:6px; height:5px; 
position:absolute; left:0;_left:4px; top:3px; background-position:-14p
x -40px; }...vico { background-position:0 -114px; padding-left:23px; }
...vico_right{ padding-right:20px; background-position:right -496p
<<< skipped >>>

GET /miniindex/jiankang_509_366.htm?time=undefined HTTP/1.1


Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://VVV.mdtxw.org/miniindex/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 13037
Content-Type: text/html
Last-Modified: Mon, 14 Apr 2014 11:01:30 GMT
Accept-Ranges: bytes
ETag: "06194e3d057cf1:420"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 21:20:37 GMT
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "htt
p://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xm
lns="hXXp://VVV.w3.org/1999/xhtml"><head><meta http-equiv=
"Content-Type" content="text/html; charset=GBK">..<title>mini
_509_366</title>..<base href="." target="_blank" />..    .
.<style type="text/css">../*....*/..html,..body{ overflow:hidden
; }..body,div,dl,dt,dd,ul,ol,li,h1,h2,h3,h4,h5,h6,form,input,textarea,
p,th,td,button { padding:0; margin:0;}..input,label,select,option,text
area,button { font:12px/18px Simsun, Helvetica, Arial, sans-serif; }..
table { border-collapse:collapse; border-spacing:0; }..ul { list-style
:none; }..img { border:none; }..button { cursor:pointer; }..input,text
area { font-size:12px; }..body { font:12px/18px Simsun, Helvetica, Ari
al, sans-serif; text-align:center;}..a { text-decoration:none; color:#
333333; }..a:hover { text-decoration:underline; color:#BD0A01; }..::se
lection {background-color:#669800;color:#FFFFFF;}..::-moz-selection {b
ackground-color:#669800;color:#FFFFFF;}...list_pic li.noMargin{margin:
0}../*global*/...more,...home,...at_me { display:inline-block; }...wb_
ico { background-position:right 3px; padding-right:10px; }...more_box{
 margin-left:4px; position:relative;}...more { width:6px; height:5px; 
position:absolute; left:0;_left:4px; top:3px; background-position:-14p
x -40px; }...vico { background-position:0 -114px; padding-left:23px; }
...vico_right{ padding-right:20px; background-position:right -496p
<<< skipped >>>

GET /miniindex/images/Untitled-1.gif HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 19666
Content-Type: image/gif
Last-Modified: Sun, 13 Apr 2014 01:54:58 GMT
Accept-Ranges: bytes
ETag: "0859c5fbb56cf1:420"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 21:20:38 GMT
GIF89a..s...........gE..u......e:".........vvwY7$............fefsF)...
....=Fc4.iB).\F.SP.eTyR7..x.cHWVW...GEEtK1...Z1.V ....saW.uS.uVxWD....
...........J&....E..7......wc'#$......jG2..........ru...755.......b?..
.......7!..jS.......S3...F .U@9.....................".........Z:.\<
....{z......y{..th......hio......d[U...TGC..........nK.........l.....Z
[`...............,..V$....rkf..........)).{r.......Z;#......j].R......
.nrv.........lRH.T;.T3VQO.....hbI@d_`......|^O........._ah......5'$...
6......I(.........I:9...q> OSW........................uqp.tZ...1...
.....nmq...zO-..].[3.L2.Y1KJL...SLP.U9..........T[40/.......oa...oO8uP
@......BAA<:>...#.........13......0-0N.....knj.cd..z.qr....67>
;>9!  .08PPJ..!.DF...*) .........--(_`^$...........................
........._A..........64......!..NETSCAPE2.0.....!.......,......s......
......z... (o..y...34o.=...a../.<z..y.I2...X..3......?...ea......7.
.&{.j..G...w.FY|Y0%..J.EM...</.4...5.!,.^...........Dp../..\......f
.. `...3fV.q..O`[email protected]... &i.\c.... ...i....sE.4..k..X..#!T.
Z..%..J..>3..GF|..../ .P.C.|.P.P.l..H..c_.=R...Q4..P.<...PD.0...
wIl.V.....6..h.c...O<.. {....w  [email protected](..&...d.......bJ.HXA
...4...,..H#...#(4............J0G`.E7.d.....P..I.`..0..C.S....1.2..\v.
e._....Z.........1L..<[email protected]..`.a..j....b...`[email protected]...
..vZ.E....H."@........Qj......V......... ..0.....L....M.}...27.... X`.
..4;..#8....*.e.u`.m..r;..1L.....#.........s..Zh...P$.........4..%.Xb.
1.4....E....UH....`....0C..h.. .q0j.................d....PrD.GPr..
<<< skipped >>>

GET /miniindex/images/Untitled-2.gif HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 18896
Content-Type: image/gif
Last-Modified: Sun, 13 Apr 2014 02:21:34 GMT
Accept-Ranges: bytes
ETag: "0cbe616bf56cf1:420"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 21:20:38 GMT
GIF89a..s....SE3...mWG....vU.eF........ivcO....tGW6$TOH..V.ZD.f8.W8.ye
I ...\H3$....gE.......fD..Y..j.fH)...T9.......Z8.....z........de;)..f.
..dG6..swI5.tK....zS.....a....qF%"..wV.{fxT;5%...v..m....vI.......L4..
.fddfB).iV.hS&&!82%......wC .b>........d. ............r..Y4* ......
..i....pY.....j..c....(!wvu.|[..b.H ..t..u...E) .kR.kG.]@eR;..r.......
.o.......|O......H:0...U;..zR........d.....l..k..b..q%4#643.....j.|\..
..L1;A/.V-..{.....c.....z.....J.....|..l....rP...zsd.....O..p.......lM
..a....~S.oL{_;g4.sj`.R0.s[@...pPzT-S.!..~.L,..}........k;....[s>..
.>....._.....}.....i..]fO-.........b\]..n..X.t\........."......{aH@
@.._BDA...4..&7-4-,`gb.........qprllm.................................
.............J .oN...w{|........._^Z..p........{......... ,(..........
..34>..pmui.........!..NETSCAPE2.0.....!.......,......s......L.!...
...........Y...C......B..A..\N.$.J.IQkD.H....(... .'[email protected]
f.v..]......N....-[....d.&. ..`....5...^......B1X..u.%"..g,.......]N.(
D.....R.L..e..3...e.....2k......<A.,..A.k*....-.<...m.F..9......
.......:q.KC.rO........Xt...:.7....S.d.Q..4...SO.<2w.z........Y....
.b.qm-..1.^.........e.4.$b0B.q!a!!.]p!.sk...Fl`........4t`b..]BJ...a.y
........^..4..'.hs.X....<.pe................\.qa%HXp.\.ehqJ.....u.i
Y..4..&.D$pI...H.f4.I#[email protected]&..Y.t.d.'0(...I.!..u...;H
G]ue.F.w$iq...4PC...........hv..YQQ..S;#..[.W)@...*..5L.....H(Fq.b...W
2W.....iF.p.*G..!.,Z.*@.Q.G.O..%..s...h...E$.. ....q....k,X.....'H...r
Q...qU.......F.^...rQ..,.hq.1..d'f2v&T....2Q=E.....ZC=........U..`
<<< skipped >>>

GET /miniindex/images/Untitled-3.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 31591
Content-Type: image/jpeg
Last-Modified: Sun, 13 Apr 2014 02:27:26 GMT
Accept-Ranges: bytes
ETag: "0bbb5e8bf56cf1:420"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 21:20:38 GMT
......JFIF.....H.H.....ZExif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................H.......H
....Adobe Photoshop CS Windows.2014:04:13 10:27:24....................
.....................s...........................................&.(..
...............................$.......H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................p...."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'[email protected]@..... [b..*.X$d.9......U.f.
@.o...%.*e9.QX.U.....K.....B>..-... .|T....|.b.h.........Bh.#.....-
..rp.RZ..eZ..i..5>.....M...5Y.O#..h.b.............R...).G-.W.P6.Ic^
..cG%.....*..g..v3X.ki9...].....H.a=......Os.l3'e.i.m...........(.....
}.;?...O........]^.......`q5.l.5m6..w.?5v~..[.........{...>........
....X....Sus.`..o..E.....El.F......#>...4..t .....:@..._^[email protected].
v....B...)..,.5a%n.s.......B.....:.{.........[...O>yR.....p.J..f...
....?h...uF..../...j....W:?jPO..'.eG.x..{.N.....].h.....U....gw...*...
.C.B...)....z.......`.l..t....C..fu..0.OM..X.... g.K...R.;>.....U&.
;]c.....,.s......qjy........O.....P3.....i..u.....{...............
<<< skipped >>>

GET /miniindex/inc/ico_new2.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 55317
Content-Type: image/png
Last-Modified: Thu, 10 Apr 2014 17:05:46 GMT
Accept-Ranges: bytes
ETag: "0511e1ddf54cf1:420"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 21:20:38 GMT
.PNG........IHDR...(... .....QE .....sBIT....|.d.....pHYs...........~.
....tEXtSoftware.Adobe Fireworks CS5q..6....prVWx....Q.A...vAX.]....@M
F....X..!..s!..1._Q..5...{.>LU...|....*..)b....}e=...%...,.fQ.."2.=
..y.w/..............M...u.4l!._....!.W.?.....'m>..........O.v....r-
...5M......f.x... ..l....^<.=....j.........S...1..6_..............e
{u......2....b...HmkBF................................................
........................).3...D.mkTSx..}K.$.Y.ywggzfv.k. qi../........
........z.g........g..CS6X.....6.........w..B !q....}.......Y.UY...qN.
vV>"3..}.......a.......8.}..>8.G.......98v4[w./..o.....>.|..I
.-m..9L.=M......k.....8.^.[..o...::n.......qk......V............6..e8.
..................}.._.o.a.....x........z....L.Q....ooC.R.P...5.h..s..
....`.C......ui.?...m.....vp.;8..Q{...Cv...=d...m6WB(....F.]..........
...A.6........z.f...vBd..B..Gf.u...Y.!.{.J&bc1l...h..DQ..m..D...4f...b
.......1x<..7..>......o{..........w9...g........;.W.`...M...fP..
..MB..i..j.A.8%..zmvf..*..8.mb..V........)..r...^..x*..b....2....h....
......8~H...g..U....f.F;.ln.asB.9e..x.n........f....[..w.......;......
[email protected]....<....y.8...I.....~.(.*E.....].].......B...h..A...
.RzFz.g..L6.)`0...r.|..%..30n/..i...G...Mc.h...A.1h4.....&.f.....{...D
..1.........-.A2K;...DI.9NF8)...o....E2.T...bPY.*.E~...C?l..-p`.0.q0..
9v..F...c.m.5......:.B....-..*`...S..t..B.....>.ZOsH.1...x..?%...i.
.F.....b...=....*..e3..0.aY.$..0.&.Z..A.TQ........(R7....S.....g._...=
.... [email protected]...`O_.......uL...
<<< skipped >>>

GET /miniindex/inc/close.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 2526
Content-Type: image/png
Last-Modified: Thu, 10 Apr 2014 17:05:46 GMT
Accept-Ranges: bytes
ETag: "0511e1ddf54cf1:420"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 21:20:40 GMT
.PNG........IHDR.....................tEXtSoftware.Adobe ImageReadyq.e&
lt;....IDATx..Z{..U......dw.v....H*...H.....L..i.."j...5.bL..b..Y.5.(.
.FC.DH..X(...#.XK....[[email protected]..}.<....f.....|...3....|.........
[email protected]._'.K?...(..J.3.6..Mw.......S.i.EC!|.q..Q,.N.....U.(....
.....a.w......o^2..w..t]....d......t....(.m.F...fwN.W.........N..#.a..
.|.i 5..4..H.'.C..BJ.......)(.8.......,RJ....T.].X.......V,GRz........
.0D./..).....e.P,.._A.'][email protected]......$.W.b.1M....g.....
t....T.*.#.'%Y?....P.b..y..,..z..4...r..-}..%D..M.h../Z..S.......5\.,.
wq..3.....U....D.2..-....' .e[mm..,U.(.2.8..r., .P.).......C@ ..qBtob=
..|oU......5._..6.J&.hD..R........_.6...-.Z..$....s..)..v..Yh.........
....p..[..c.>...Tp.w.9...?p...}.......}..`..!..=.b...m...3$.}......
.`M....I(e......,[email protected]\........-_.~$Z..?....~8Q6..MW.....f*.0D
@ ......p.U..Zh..Dd{e..a(...._...j?....D&.....I-:.M.k......r%.....D..m
..7Os.........H........*.AH....1.k..8n..m.....I.........wg......S.Jk.r
.........Z...A.m......q...F...wq.H..u......}.}4.F..#.P.e..@..!....h.Q.
.}r.&V].}h.r8.....~...G$ b..P......z{..'.......{..Z. 62.W.6.w...r-...,
.t.j3..#`....X.'..L.....33..`...q..p....\K>....1..,*......!|.7.Q-`.
T.........|..#..U.p.>.D.C..ZFmQ...\.fTJ.N....q.../.AS.......}..y.R.
.......y...`c..#....Y.$...A....y..L....].x.;..X4.x$I.IX..._...q.w..0O.
.N...MB.y/.!Z.,......U._...e.........TO..._.w{../...= Q%......v.._....
TO...W..S.O.Hv..G..Z..x.~t...Be.....K....'.........N.......l..;.T..O..
.....w.n...a....j>....%......u..L.......M...}.#..._.G....b8....
<<< skipped >>>

GET /miniindex/images/b13.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/xinwen.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 42296
Content-Type: image/jpeg
Last-Modified: Mon, 14 Apr 2014 07:47:34 GMT
Accept-Ranges: bytes
ETag: "0affbcbb557cf1:420"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 21:20:40 GMT
......JFIF.....H.H.....[Exif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................H.......H
....Adobe Photoshop CS Windows.2014:04:14 15:47:34....................
.................................................................&.(..
...............................%.......H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................f...."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?..8........~.........A...^ ..6.i...
.....gf.m#X......:.`........5..........*.[cg71.\]..'.sO.....:m.H....{.
r....Ob.H....e...,x.@.%.......[..-=.<=...2A...2}...=...Z.....kI.?.P
{.s..eOi<..IL)..Z...?...mi..i.((..E.....{QI..4.~W...9......l..\#...
e....m.y;t". ecn.....u..W...cfD.l..p%X....Yfb,..v5..<9..:Dr%B...{.i
[email protected]#S.......`...G?I....P...P).#!d0...F.:W...m.6......I.V.
...40...Z.. ...O.o...........%.......TI.*.v.....Y...%...5..}?Y....h,.o
;.....)n.5...t2u.5....-..k@-....$.F.v..J....'Yk.O..]*.-.X]..4.......a*
....E... .....S~g...,.D4=WF$..uL,.[n.......i"=.\._N.O.p....H.O.......u
..T-...*....$......*hv%./..;.^....A.??.. ._.#h.......>......U.}
<<< skipped >>>

GET /miniindex/images/b15.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/xinwen.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 38304
Content-Type: image/jpeg
Last-Modified: Mon, 14 Apr 2014 07:58:46 GMT
Accept-Ranges: bytes
ETag: "0bf865cb757cf1:420"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 21:20:40 GMT
......JFIF.....H.H.....>Exif..MM.*.............................b...
........j.(...........1.........r.2...........i.................H.....
..H....Adobe Photoshop CS Windows.2014:04:14 15:58:46.................
....................................................................&.
(.........................................H.......H..........JFIF.....
H.H......Adobe_CM......Adobe.d........................................
......................................................................
...................................f...."................?............
..............................................................3......!
.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'..
.............Vfv........7GWgw........................5.....!1..AQaq"..
2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F............
...Vfv........'7GWgw.................?....Ny)*..Jb..RS..T..IH.....%...
......=l..i<.......{..?z......w..2...{}...........'.S..-..e_b6XH!..
....WzV{..jt...............?Q.6N.rn........W..?X...t....)m7. .Iq.....7
.s.....h..S,"fk.]].#E...$...X.).r....1R*%%1L.S$.....d.UY.....6..A.i..m
{....z.:..Y....l,.`k.C...3.Qg.........oV...g...........MZ..{.a........
.Z....... y..fQc3k.%......67_.....clg. A.~...A.(b2<W.d..."=.bTJ)...
?r....?qR.<...K.........4.k...]7.:.v.......nf.=..]F{.02K.`T.dx4.n..
....".w..GVD...h.D...2..3..>;/...."@.........)~=N...{@.{...=..w.!.7
..Y.....vz.eU....V...s_.s....N{)....S0.W;.>..;~....v.&V...fc./g.k`.
f..q.z..'.*x.~.j1.YHt.....ng `....D.K^/SQ1R*%\s.*%H..T..).b....$..
<<< skipped >>>

GET /miniindex/images/b17.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/xinwen.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 40997
Content-Type: image/jpeg
Last-Modified: Mon, 14 Apr 2014 08:05:38 GMT
Accept-Ranges: bytes
ETag: "0f51852b857cf1:420"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 21:20:40 GMT
......JFIF.....H.H......Exif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................H.......H
....Adobe Photoshop CS Windows.2014:04:14 16:05:37....................
.................................................................&.(..
...............................{.......H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................f...."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?..uM...[O |T.......=;h.<..O...F.
....x..R.x}...8.>.xG...'i...2;.1.R.3.>...ILt.I.?"....V.......a..
.. .US~..].kr)$../k\..J1.$.t...:mG%...K..z. z...e....=.....u*..,[.T...
.w[E..Z.....p_VG........X...m.... .....v..q..q....Tv...73w.u..@f...,xG
.yk......S1.k....7G.v............R.h5....;......C....)....&....}...j..
....k}`U0m..~.....o."..H_v.......<.L%.`.I;.Q...lo...Q.!...C.......q
.....g.F.)aE.r.../...t|.g.!1.D..?uF\u!.....h.....t......#.).O...G.Q2u.
........P$p....O..#.RB..@.....>T......xG."Q.}.2...l..u...8.....s...
.3z.h...q......\...o...UM.u.....O..3.}[ki...U./........?....H...xB...[
.........K....w.....(.C.|...c..8....-..U........v..Wn.g....s=oQ{.v
<<< skipped >>>

GET /miniindex/images/b19.JPG HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/xinwen.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive



          .                                                           
                                         .                            
                                                                      
  .                                                                   
                                 .                                    
                                                                .     
                                                                      
                         .                                            
                                                        .             
                                                                      
                 .                                                    
                                                .                     
                                                                      
         .                                                            
                                        .                             
                                                                      
 .                                                                    
                                .                                     
                                                               .      
                                                                      
                        .                                             
                                                       .          
<<< skipped >>>

GET /miniindex/images/aaa4.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/meinv.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 20701
Content-Type: image/jpeg
Last-Modified: Mon, 14 Apr 2014 08:17:59 GMT
Accept-Ranges: bytes
ETag: "8095c4bba57cf1:420"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 21:20:41 GMT
......JFIF.....H.H......Exif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................H.......H
....Adobe Photoshop CS Windows.2014:04:14 16:17:58....................
.........l...........A...........................................&.(..
...............................\.......H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................A.l.."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?....mS...0..........z../i....F..Z.-
.....u.!.`......Hy...G...Cu.a.i.^........k..w.y/S..?).Y$.......f..E...
...z.P{..1.-..Ak.....e.o......2[......8..~...'S.-P.n...~....U. .o...5.
......]}.w..?n{.(#I..6.w..?K..gO.....qc-i.........;..........g. .4i.A.
......V.R.nf#..N..:;...r...L.....V..o...p.V.......} ...<:.K\.V.5.-.
]k...c[i..j......E.._P..F..f.v..HTTP/1.1 200 OK..Content-Length: 61094
..Content-Type: image/jpeg..Last-Modified: Mon, 14 Apr 2014 09:29:12 G
MT..Accept-Ranges: bytes..ETag: "0a4acfec357cf1:420"..Server: Microsof
t-IIS/6.0..Who: ShanIE..Date: Sat, 31 May 2014 21:20:41 GMT........JFI
F.....`.`......Exif..MM.*.............................b...........
<<< skipped >>>

GET /miniindex/images/aaa5.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/meinv.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 71321
Content-Type: image/jpeg
Last-Modified: Mon, 14 Apr 2014 09:29:12 GMT
Accept-Ranges: bytes
ETag: "0a4acfec357cf1:420"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 21:20:42 GMT
......JFIF.....`.`......Exif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................`.......`
....Adobe Photoshop CS Windows.2014:04:14 17:10:25....................
.................................................................&.(..
.......................................H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................x...."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'[email protected][email protected]..../..d.
v.;...q.h.#!.m.....;......Y..... Z~..7z?O....wu7.....S..Y.m.d{.=../...
m..........o..{......m.f....-yu.|.$..s......?.P...~.}_...znP}.....k..I
>..........k.....Ll..o.#..UuD:.Xv......~.}l.... ."..q......O.Y,h.,.
k............u.6..{@..#...l?..~.e..-~K=#.M...[.......H....^...?.......
f.[_H%. <....l....p..r..6m/{a.N. .5.8......9.u...@....'.;..Wg..]lT.
............9...o.uW.Q..a.... ........YV3.<..n.ZD~...Z.....)..iu.s.
..O...}..&...O%..:.6.q..WI.o...Uf...:X..'rfB"......Y..I..v.......k7.5.
.....:L..&>j.X.SN=T.U]O%..F.d.....MN....j......?9.*...y.1..b<..g
:.dd.............T`<.,.ku....r...Z0.,8....,{.u.2.\...OQq..[....
<<< skipped >>>

GET /miniindex/images/aaa6.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/meinv.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 40601
Content-Type: image/jpeg
Last-Modified: Mon, 14 Apr 2014 09:29:12 GMT
Accept-Ranges: bytes
ETag: "0a4acfec357cf1:420"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 21:20:43 GMT
......JFIF.....`.`.....cExif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................`.......`
....Adobe Photoshop CS Windows.2014:04:14 17:17:06....................
.................................................................&.(..
...............................-.......H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................x...."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?....`..r.Z..l.t...q-..deLOaN;..._.=
t.1.K.7...... ..m.1.;..gs....rf.....a.c.44....mZ.u.4...c..v9...utx?\l.
......@l$7i?E.5...?........d.........E"...k*......c..........s.^.]W..u
,'.\.>.#..E.:..N.f.../M{...2|.k.h.@>..-f..g}..[.u...a..9..4.....
.......-q.)%..'$..>.......... :.E......S...K.....qr,....`x'e. .?5..
.#....hz^..`.cN.. .|.#.....2>z%ji.J.s}..4.c.....a...C..u...\.mS....
.`....A3......l(4C..Uo.x.n.... .U@...{{......vRw........i..M{...8.u..:
.......!q...@t[.KG.{....1>........-k...*C....$.R;...Z...,< u;}6.
5'.......6.....x...)...l-s}..H.)......bh.h.k/....o5.u,WWy.y....w5.~...
^..wz~.}.W....o....t%@Z.'@....S=@.#..n...Sa.H.{J...V..Wcn{F&.....^
<<< skipped >>>

GET /miniindex/images/aaa2.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/meinv.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 40325
Content-Type: image/jpeg
Last-Modified: Mon, 14 Apr 2014 09:29:12 GMT
Accept-Ranges: bytes
ETag: "0a4acfec357cf1:420"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 21:20:43 GMT
......JFIF.....`.`......Exif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................`.......`
....Adobe Photoshop CS Windows.2014:04:14 16:57:14....................
.....................k...........................................&.(..
.......................................H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................J...."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?...`..?..............0h....t....X..
[email protected]'[email protected]=.{..>.K.<.w........F
.}...S..$F..........#&.!_.{r.q.....;...&.~......T.3/9..M..H<WX..v..
.....J...}..v.. ..0.a...z..S_.....%.s.X88.?.8........R..o.V.RR].....m.
..K|..-.K?Us...............P......t..3............N.8......2~h.X55....
.....}.....]K..Z.....9.....w.E......SN........r.}...t ......Q .w......
......o`...#?..........}C...7zn.8...g...r........7.w...c...''b./6,.P.`
.... I...........;[.;........0.S..Q.Z...b....O<)..I.).(....@5.$.Z.I
..s...z.s.m..l.......&.......5`..l.........>..J...!..b.{.{..Z.Y.R..
7d...G..._R(...=Q...'.o.l....U.z.Q."..m88..X...qi;....S..E.. )...(
<<< skipped >>>

GET /miniindex/images/aaa8.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/meinv.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 22801
Content-Type: image/jpeg
Last-Modified: Mon, 14 Apr 2014 09:29:12 GMT
Accept-Ranges: bytes
ETag: "0a4acfec357cf1:420"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 21:20:44 GMT
......JFIF.....`.`......Exif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................`.......`
....Adobe Photoshop CS Windows.2014:04:14 17:23:40....................
.........}...........~...........................................&.(..
.......................................H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................~.}.."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?....8.|.d[..[....."S...`..2H0EgQ...
]V.w.E.........,.!!.....K.W...]..._..m.#L...%..Sr...X^Y.io?.... .c....
.h.P...hx:....{>.=.3k...;.......6.m{=.{H.......l.J#QOU.....k..M_...
....V...t..`e...n....... .6...i.. ...V....'9'9........Cs.9.e.)w9Cv..r.
......&@......*..*.,.d..U.-qo..Lgb.sKO..}..x......r..W%. ..m....)..k~M
-...=....az=....d....c..K....3.$.7.A.?..;.f~....a.hm..n...^h.Ttnr.$.s.
.=......f...J....?..F."......q...p..8..q..{~..r?X.C.....~....(i._...w.
h...V.C.'h...?.w..c9...z......^sz.NNSi.t......).....B.n......>../..
Uuy.5....KgY....p. .5..?...s.[6"..I........C~.<....:..s.e:...#.c.%.
W..c.#.).P.|Rs.%=....M..'B.y....fz.eZm....S..r.J...~....O.l.~..S..
<<< skipped >>>

GET /miniindex/images/aaa10.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/meinv.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 23965
Content-Type: image/jpeg
Last-Modified: Mon, 14 Apr 2014 09:29:12 GMT
Accept-Ranges: bytes
ETag: "0a4acfec357cf1:420"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 21:20:44 GMT
......JFIF.....`.`......Exif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................`.......`
....Adobe Photoshop CS Windows.2014:04:14 17:28:23....................
.........}...........~...........................................&.(..
...............................Z.......H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................~.}.."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?..Y. Cn..gE.Y.K.\i..6.[[..........4
.E/?.x.-|[email protected]..(...{....;}....}N.9....`. R5...-...eD{~%Qn#...zGU.&g
t;...l..5h.p...8.".. F......j.>...]`..vCvC..H........T.:1S3xp......
88...(...]..E).a .9B.......%:r.f.............;][email protected]
he..;g.T=J6.=_.z...`.=..N.,l..R.S..L.<O.n...../...p.F..QH.  r.1..]W
[email protected]>......
Vw....{.....9...;ts7.Ut....O.`S.qD~ .8I.Z.D.......?*.~.tS.]v63........
gf...ee.:..&7Y.W._.[]l...!.p..X.W..r#....W...f.... .....z^e..me...H...
b...,.7p.4.)..q..!.q%.9WEpF..c...M{m..........{.[p.5!.. [email protected]
..>....B7...P....1....q...<d.....|..i........89.....U..5ul.7
<<< skipped >>>

GET /miniindex/images/b13.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/xinwen.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 42296
Content-Type: image/jpeg
Last-Modified: Mon, 14 Apr 2014 07:47:34 GMT
Accept-Ranges: bytes
ETag: "0affbcbb557cf1:420"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 21:20:44 GMT
......JFIF.....H.H.....[Exif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................H.......H
....Adobe Photoshop CS Windows.2014:04:14 15:47:34....................
.................................................................&.(..
...............................%.......H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................f...."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?..8........~.........A...^ ..6.i...
.....gf.m#X......:.`........5..........*.[cg71.\]..'.sO.....:m.H....{.
r....Ob.H....e...,x.@.%.......[..-=.<=...2A...2}...=...Z.....kI.?.P
{.s..eOi<..IL)..Z...?...mi..i.((..E.....{QI..4.~W...9......l..\#...
e....m.y;t". ecn.....u..W...cfD.l..p%X....Yfb,..v5..<9..:Dr%B...{.i
[email protected]#S.......`...G?I....P...P).#!d0...F.:W...m.6......I.V.
...40...Z.. ...O.o...........%.......TI.*.v.....Y...%...5..}?Y....h,.o
;.....)n.5...t2u.5....-..k@-....$.F.v..J....'Yk.O..]*.-.X]..4.......a*
....E... .....S~g...,.D4=WF$..uL,.[n.......i"=.\._N.O.p....H.O.......u
..T-...*....$......*hv%./..;.^....A.??.. ._.#h.......>......U.}
<<< skipped >>>

GET /miniindex/images/b16.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/xinwen.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 43598
Content-Type: image/jpeg
Last-Modified: Mon, 14 Apr 2014 08:01:35 GMT
Accept-Ranges: bytes
ETag: "801942c1b757cf1:420"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 21:20:45 GMT
......JFIF.....H.H......Exif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................H.......H
....Adobe Photoshop CS Windows.2014:04:14 16:01:34....................
.................................................................&.(..
.......................................H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................f...."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?..{..h....iku..C.v..8D.. 1...5'r.5.
.}....)T.....sv...'E'....'D.T....?w..j.....8l....]...c...G........C.Ce
.DhH.0....L.N.......;..H........F..s..v...A...._...ICu.v.vC.F0>.;..
.......;.c6.....t~.^NCr^.|:X.k.....&.R..k=/O....'. .~...|..l..9..-.#A.
.O...5ut............c.` ...c.^..&(e=H.."46G...]g.=.8Y./...V..z.6~.. ..
1.G._N.z....U..U.`...O.f.o{e..[K..............]n}..u..^..m..-l.5..t?..
.k.. w....."..-.....:.....^........t...........Sv......5._c.!.....s. .
Kk.m..kO..v.{N.b...}......A.......I..1.h..!...&O.W..._........C..T....
.....gJ..X.."!:........{........?.]..;.V.'B..T9.X.{....".[..."..3}.]. 
Y.....g.*9..G<}....P.uE.7*.....q.....?h.......O'.[t<.....V..
<<< skipped >>>

GET /miniindex/images/b19.JPG HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/xinwen.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 20701
Content-Type: image/jpeg
Last-Modified: Mon, 14 Apr 2014 08:17:59 GMT
Accept-Ranges: bytes
ETag: "8095c4bba57cf1:420"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 21:20:45 GMT
......JFIF.....H.H......Exif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................H.......H
....Adobe Photoshop CS Windows.2014:04:14 16:17:58....................
.........l...........A...........................................&.(..
...............................\.......H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................A.l.."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?....mS...0..........z../i....F..Z.-
.....u.!.`......Hy...G...Cu.a.i.^........k..w.y/S..?).Y$.......f..E...
...z.P{..1.-..Ak.....e.o......2[......8..~...'S.-P.n...~....U. .o...5.
......]}.w..?n{.(#I..6.w..?K..gO.....qc-i.........;..........g. .4i.A.
......V.R.nf#..N..:;...r...L.....V..o...p.V.......} ...<:.K\.V.5.-.
]k...c[i..j......E.._P..F..f.v..P...ysH..;...g........d..E.l.a,s{.....
.......8..-..7E....8..?......I.-..S..#.2...{.er..5...n........._...c?k
...o.>........n\....V.`4.Y.y.{O^.....a.k.....;........^...#.b6..?i.
;....;.....BG.2e...=^w.e;[email protected]=.h[.z...(.L....{..z....o..4,...
.9,...e....N.........Ocoq>......T<VI..........df6..N8....q..
<<< skipped >>>

GET /miniindex/images/aaa4.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/meinv.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 61094
Content-Type: image/jpeg
Last-Modified: Mon, 14 Apr 2014 09:29:12 GMT
Accept-Ranges: bytes
ETag: "0a4acfec357cf1:420"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 21:20:45 GMT
......JFIF.....`.`......Exif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................`.......`
....Adobe Photoshop CS Windows.2014:04:14 17:05:17....................
.................................................................&.(..
...............................R.......H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................x...."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?.....[....i.r.H.e.4.T...-.96l6i[.%.
#..j.../Q.-~;Hc......O.}....o....u<lL.G.)m........s.9.......8tV.9..
..8..V........N.Y...L.V...&.M.y.Yz..C*....c.. ...j?..j.Y...M.{6-n..;..
.LF.b....*.C.kl}}..]>.U.h.-..............j...cq..0....e..Cmo..-w..[
N..Vi...pX.....-k....=-.]mk>...I2D..i......._......z....5.6....\v..
 \.?7.s...de.mU..p..'..\._X..1............ZX.......M.....$.cZ.........
.FW....k....S.1..f^.c......q......I...^.zN...b... ~~Q#Su..qT........=.
..".G.....h1.......;)4..[lk.....A.....ad.\..e.`'..-..9z^mmu..4'.......
.p.{...?M..5..h..'.j.[80.....FwF.K..8.p~I}....R.SI.S0]&...V.)}...=....
..$..C..x)......&...PTA" .W......K..B/...V,.........3*...kC...i#..
<<< skipped >>>

GET /miniindex/images/aaa5.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/meinv.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 71321
Content-Type: image/jpeg
Last-Modified: Mon, 14 Apr 2014 09:29:12 GMT
Accept-Ranges: bytes
ETag: "0a4acfec357cf1:420"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 21:20:47 GMT
......JFIF.....`.`......Exif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................`.......`
....Adobe Photoshop CS Windows.2014:04:14 17:10:25....................
.................................................................&.(..
.......................................H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................x...."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'[email protected][email protected]..../..d.
v.;...q.h.#!.m.....;......Y..... Z~..7z?O....wu7.....S..Y.m.d{.=../...
m..........o..{......m.f....-yu.|.$..s......?.P...~.}_...znP}.....k..I
>..........k.....Ll..o.#..UuD:.Xv......~.}l.... ."..q......O.Y,h.,.
k............u.6..{@..#...l?..~.e..-~K=#.M...[.......H....^...?.......
f.[_H%. <....l....p..r..6m/{a.N. .5.8......9.u...@....'.;..Wg..]lT.
............9...o.uW.Q..a.... ........YV3.<..n.ZD~...Z.....)..iu.s.
..O...}..&...O%..:.6.q..WI.o...Uf...:X..'rfB"......Y..I..v.......k7.5.
.....:L..&>j.X.SN=T.U]O%..F.d.....MN....j......?9.*...y.1..b<..g
:.dd.............T`<.,.ku....r...Z0.,8....,{.u.2.\...OQq..[....
<<< skipped >>>

GET /miniindex/images/aaa6.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/meinv.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 40601
Content-Type: image/jpeg
Last-Modified: Mon, 14 Apr 2014 09:29:12 GMT
Accept-Ranges: bytes
ETag: "0a4acfec357cf1:420"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 21:20:48 GMT
......JFIF.....`.`.....cExif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................`.......`
....Adobe Photoshop CS Windows.2014:04:14 17:17:06....................
.................................................................&.(..
...............................-.......H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................x...."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?....`..r.Z..l.t...q-..deLOaN;..._.=
t.1.K.7...... ..m.1.;..gs....rf.....a.c.44....mZ.u.4...c..v9...utx?\l.
......@l$7i?E.5...?........d.........E"...k*......c..........s.^.]W..u
,'.\.>.#..E.:..N.f.../M{...2|.k.h.@>..-f..g}..[.u...a..9..4.....
.......-q.)%..'$..>.......... :.E......S...K.....qr,....`x'e. .?5..
.#....hz^..`.cN.. .|.#.....2>z%ji.J.s}..4.c.....a...C..u...\.mS....
.`....A3......l(4C..Uo.x.n.... .U@...{{......vRw........i..M{...8.u..:
.......!q...@t[.KG.{....1>........-k...*C....$.R;...Z...,< u;}6.
5'.......6.....x...)...l-s}..H.)......bh.h.k/....o5.u,WWy.y....w5.~...
^..wz~.}.W....o....t%@Z.'@....S=@.#..n...Sa.H.{J...V..Wcn{F&.....^
<<< skipped >>>

GET /miniindex/images/aaa2.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/meinv.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 40325
Content-Type: image/jpeg
Last-Modified: Mon, 14 Apr 2014 09:29:12 GMT
Accept-Ranges: bytes
ETag: "0a4acfec357cf1:420"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 21:20:48 GMT
......JFIF.....`.`......Exif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................`.......`
....Adobe Photoshop CS Windows.2014:04:14 16:57:14....................
.....................k...........................................&.(..
.......................................H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................J...."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?...`..?..............0h....t....X..
[email protected]'[email protected]=.{..>.K.<.w........F
.}...S..$F..........#&.!_.{r.q.....;...&.~......T.3/9..M..H<WX..v..
.....J...}..v.. ..0.a...z..S_.....%.s.X88.?.8........R..o.V.RR].....m.
..K|..-.K?Us...............P......t..3............N.8......2~h.X55....
.....}.....]K..Z.....9.....w.E......SN........r.}...t ......Q .w......
......o`...#?..........}C...7zn.8...g...r........7.w...c...''b./6,.P.`
.... I...........;[.;........0.S..Q.Z...b....O<)..I.).(....@5.$.Z.I
..s...z.s.m..l.......&.......5`..l.........>..J...!..b.{.{..Z.Y.R..
7d...G..._R(...=Q...'.o.l....U.z.Q."..m88..X...qi;....S..E.. )...(
<<< skipped >>>

GET /miniindex/images/aaa8.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/meinv.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 22801
Content-Type: image/jpeg
Last-Modified: Mon, 14 Apr 2014 09:29:12 GMT
Accept-Ranges: bytes
ETag: "0a4acfec357cf1:420"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 21:20:49 GMT
......JFIF.....`.`......Exif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................`.......`
....Adobe Photoshop CS Windows.2014:04:14 17:23:40....................
.........}...........~...........................................&.(..
.......................................H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................~.}.."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?....8.|.d[..[....."S...`..2H0EgQ...
]V.w.E.........,.!!.....K.W...]..._..m.#L...%..Sr...X^Y.io?.... .c....
.h.P...hx:....{>.=.3k...;.......6.m{=.{H.......l.J#QOU.....k..M_...
....V...t..`e...n....... .6...i.. ...V....'9'9........Cs.9.e.)w9Cv..r.
......&@......*..*.,.d..U.-qo..Lgb.sKO..}..x......r..W%. ..m....)..k~M
-...=....az=....d....c..K....3.$.7.A.?..;.f~....a.hm..n...^h.Ttnr.$.s.
.=......f...J....?..F."......q...p..8..q..{~..r?X.C.....~....(i._...w.
h...V.C.'h...?.w..c9...z......^sz.NNSi.t......).....B.n......>../..
Uuy.5....KgY....p. .5..?...s.[6"..I........C~.<....:..s.e:...#.c.%.
W..c.#.).P.|Rs.%=....M..'B.y....fz.eZm....S..r.J...~....O.l.~..S..
<<< skipped >>>

GET /miniindex/images/aaa10.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/meinv.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 23965
Content-Type: image/jpeg
Last-Modified: Mon, 14 Apr 2014 09:29:12 GMT
Accept-Ranges: bytes
ETag: "0a4acfec357cf1:420"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 21:20:49 GMT
......JFIF.....`.`......Exif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................`.......`
....Adobe Photoshop CS Windows.2014:04:14 17:28:23....................
.........}...........~...........................................&.(..
...............................Z.......H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................~.}.."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?..Y. Cn..gE.Y.K.\i..6.[[..........4
.E/?.x.-|[email protected]..(...{....;}....}N.9....`. R5...-...eD{~%Qn#...zGU.&g
t;...l..5h.p...8.".. F......j.>...]`..vCvC..H........T.:1S3xp......
88...(...]..E).a .9B.......%:r.f.............;][email protected]
he..;g.T=J6.=_.z...`.=..N.,l..R.S..L.<O.n...../...p.F..QH.  r.1..]W
[email protected]>......
Vw....{.....9...;ts7.Ut....O.`S.qD~ .8I.Z.D.......?*.~.tS.]v63........
gf...ee.:..&7Y.W._.[]l...!.p..X.W..r#....W...f.... .....z^e..me...H...
b...,.7p.4.)..q..!.q%.9WEpF..c...M{m..........{.[p.5!.. [email protected]
..>....B7...P....1....q...<d.....|..i........89.....U..5ul.7
<<< skipped >>>


GET /imgn/v32/skin3.gif HTTP/1.1
Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: p0.123.sogoucdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Sat, 31 May 2014 21:20:18 GMT
Content-Type: image/gif
Content-Length: 4159
Last-Modified: Wed, 20 Jun 2012 04:23:24 GMT
Connection: keep-alive
Expires: Mon, 30 Jun 2014 21:20:18 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
GIF89a..h..........R..J..Bs.S................r.....qq}a...............
........n..~..|..m..l..l..x..k..v..t..i..s.xa..n..l..k.ua..i..h..i.~f.
r`....wd.xd....rb....pa.nb.rf.vm.xp.xp}OJ..........l`.mb.pe.od.oe.wl.x
n.qg.~t.sj.sj.tk..|..}....SM.vn............wMIuLH.|v.}wmJG.......~yeHE
..|..................................................................H
??....................................................................
......................................................................
......................................................................
.................|||{{{zzzyyyxxxtttsssrrrpppmmmlllkkkjjj<<<..
......................................................................
......................................................................
....................!.......,......h........H......*\.......H.H.....3j
.....I.BJ......(S.\.....0].IdI.$K...T...O.....JTh.dH.*EZ..O....%j....J
.@1.....{[email protected].=;..].VA.8p..ms....x.5m../..;8.......u.........#[...N!
F.......g....&L.`2....T.....;vd.L8L./..g.......)..s.....]..=P......F}W
.@..)....v\4=bs..}w...J|._.>.r...?..].t.......B..)T.].n....g....B.&
....'!d....2.=W.2.Q..2.Y`...x....\(..I.....1.....`...L...s|...@R......
.|p...].2.Bl L...#8...l<.[.e..C.o.W..6.&..2.....E....U....).ZS!....
".p....%F.;[email protected]...^..........H..D....C.....B
u.bj ......b..d.......l.k...0F......8|Z...R.k.........A.sf...u6...wN[m
.;9..TS.u.VJ5..O..k.i.......$...............p..G,....j...g....w... ..q
...l..(..r.$_.qM .4.'1..J.6..r.pb<J*..<.-.............I.<
<<< skipped >>>

GET /imgu/2014/05/20140526163242_997.jpg HTTP/1.1


Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: p0.123.sogoucdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Sat, 31 May 2014 21:20:24 GMT
Content-Type: image/jpeg
Content-Length: 6150
Last-Modified: Mon, 26 May 2014 08:32:42 GMT
Connection: keep-alive
Expires: Mon, 30 Jun 2014 21:20:24 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
......JFIF.............0Exif..II*.......1...............VVV.meitu.com.
...C..................................................................
..C...................................................................
....=._...............................................................
}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUV
WXYZcdefghijstuvwxyz..................................................
......................................................................
......w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFG
HIJSTUVWXYZcdefghijstuvwxyz...........................................
.........................................?........WX.g.......]=.%.._..
........jTc.7a6.d..>..`..kK...o~.....!kI............a.e.......x,}:|
....1..2....j .W_12..........x#....2. :....%uJV.g.u....z.......[`.#Z..
...1.?.uC.BiJ2_y.(TI.E.... ......./......o.k.&...^.../.... ...$....%.H
Q.s...'k.z...\...J.y..o....=gM...k.h.BkK.t..P.........y..N....RWG...W.
..........Y....................G...~.fet.{.^....o.x..M...,.<.".....
....J..89[bcR.J/............?...>/.K...Vp.....N.....|.m<........
l.=....W.....>.1...\...Z.{.......!....X_..7W.o.....z;......\.'`#..}
..)...c. .q.....?....].Z.wh...B..m.G..W.........g..........~} .s..k(..
.....K..Q....g..)....:F.m..Q@...)..O...........N....|.1.8...>.. ...
..z..........O"B..:ds...s_I..X.U...'...L..:ma......n.....g.'.>(|,.D
.....5=*..K=...B..%.$....Vj..k.....y.J.1t.)9[.S...'.u......._..g.M.muM
>8....M........oj.3&..^..;..f4~......_......[L......h.....c...I
<<< skipped >>>


GET /app.gif?&cna=qjURDJbGu14CAbhrJiZSgwUL HTTP/1.1
Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/xinwen.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Connection: Keep-Alive
Host: pcookie.cnzz.com


HTTP/1.1 200 OK
Server: Tengine
Date: Sat, 31 May 2014 21:20:42 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
P3P: CP="NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV"
Set-Cookie: cna=qjURDJbGu14CAbhrJiZSgwUL; expires=Tue, 28-May-24 21:20:42 GMT; path=/; domain=.cnzz.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Pragma: no-cache
GIF89a.............!.......,...........L..;....


GET /app.gif?&cna=qjURDAV7x0wCAbhrJiZWvYLP HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/meinv.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: pcookie.cnzz.com
Connection: Keep-Alive
Cookie: cna=qjURDAV7x0wCAbhrJiZWvYLP


HTTP/1.1 200 OK
Server: Tengine
Date: Sat, 31 May 2014 21:20:47 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
P3P: CP="NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV"
Set-Cookie: cna=qjURDAV7x0wCAbhrJiZWvYLP; expires=Tue, 28-May-24 21:20:47 GMT; path=/; domain=.cnzz.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Pragma: no-cache
GIF89a.............!.......,...........L..;..



GET /imgn/v32/selogo_111207.png HTTP/1.1
Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: p1.123.sogoucdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Sat, 31 May 2014 21:20:18 GMT
Content-Type: image/png
Content-Length: 12155
Last-Modified: Wed, 20 Jun 2012 04:23:24 GMT
Connection: keep-alive
Expires: Mon, 30 Jun 2014 21:20:18 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
.PNG........IHDR...a...?.....V.......pHYs................OiCCPPhotosho
p ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE.........
..Q,......!.........{.k........>...........H3Q5...B..........@..$p.
...d!s.#...~<< ".....x.....M..0.....B.\[email protected]..@F....
&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH..
...........0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I.
 [email protected]..._-...."[email protected]~..,/...;.
.m..%..h^[email protected].~<<E.........J.B[a.W}.g._.W.l.~<..
....$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..&
gt;.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..?..
..D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/[email protected]..=p..
a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2...
.G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,..c.
."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.X
H,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,  .......3...!.[.
[email protected].(R.jJ....4..e.2AU..R...T.5.ZB...R.Q...4u.9...IK......h.h.i..t.
....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....J.&
..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.._.
.. .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....).).
.4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....Dw.
n.....^..Lo..y....}/.T.m...G.X...$.....<.5qo<./...QC][email protected]....
..<..F.F..i.\.$.m.m..&.&!&KM.M..RM..).;L;L........5.=1.2.......
<<< skipped >>>


GET /favicon.ico HTTP/1.1
Accept: */*
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Pragma: no-cache
Cache-Control: no-cache
Connection: Close
Host: 123.sogou.com


HTTP/1.1 200 OK
Server: nginx
Date: Sat, 31 May 2014 21:20:22 GMT
Content-Type: image/x-icon
Content-Length: 1150
Connection: close
Last-Modified: Wed, 21 Sep 2011 09:58:33 GMT
ETag: "4e79b549-47e"
Expires: Sun, 15 Jun 2014 06:27:34 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
............ .h.......(....... ..... .....@...........................
........ddd.aaa.___.]]].[[[.XXX.VVV.UUU.............................ii
if............................VVV.UUUl....................}}}.........
............................fff.UUU................o..........v..t...q
..........................bbb.UUUQ....xxx...........F..o..............
.y............A.........VVV.UUU....v.........b...{...........}....!...
............ .....~~~.VVVT.........r#..o...w...v...h....E.............
.....w..........XXX..........W...q...h...y(...........................
....U.....[[[..........X...g....E..........................y......../.
....]]]..........g...[........................v..p............G.....__
_...........P..l...................b...o...~.......y..........aaa.....
.........^...............X...s...x...|...|...n..........ddd-..........
...................T...l...o...m...b..........~~~.....................
.................{6..o ...Z.............kkk...........................
..............................qqq............................&........
................... ..................................................
..............................HTTP/1.1 200 OK..Server: nginx..Date: Sa
t, 31 May 2014 21:20:22 GMT..Content-Type: image/x-icon..Content-Lengt
h: 1150..Connection: close..Last-Modified: Wed, 21 Sep 2011 09:58:33 G
MT..ETag: "4e79b549-47e"..Expires: Sun, 15 Jun 2014 06:27:34 GMT..Cach
e-Control: max-age=2592000..Accept-Ranges: bytes.............. .h.....
..(....... ..... [email protected].
<<< skipped >>>


GET /pv.gif?uigs_productid=daohang&rdk=1401553631552&img=pv.gif&pars=?rand=1401553631552&suid=null&sduv=1401553631490_2278_00001&ckid=9290_00001_00000_5782_00000_00000&m=null&apid=null&sgtp=null&refer=&page=&pageUrl=http%3A%2F%2F123.sogou.com%2F%3F22014&loc=null&hp=-1&pid=Af22014&ptype=index&pcode=index&yyid=null&skin=null&ver=v53_ie6_dr__4&sys=100&ser=null&sev=null&time=3609 HTTP/1.1
Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: pb.sogou.com
Connection: Keep-Alive
Cookie: GOTO=Af22014

GET /pv.gif?uigs_productid=daohang&rdk=1401553631552&img=pv.gif&pars=?rand=1401553631552&suid=null&sduv=1401553631490_2278_00001&ckid=9290_00001_00000_5782_00000_00000&m=null&apid=null&sgtp=null&refer=&page=&pageUrl=http%3A%2F%2F123.sogou.com%2F%3F22014&loc=null&hp=-1&pid=Af22014&ptype=index&pcode=index&yyid=null&skin=null&ver=v53_ie6_dr__4&sys=100&ser=null&sev=null&time=3609 HTTP/1.1
Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 31 May 2014 21:20:23 GMT
Content-Type: text/xml
Content-Length: 0
Connection: keep-alive
Set-Cookie: SUV=005F1196B86B2626538A4797BA902691; expires=Tue, 28-May-24 21:20:23 GMT; domain=.sogou.com; path=/
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"



GET /imgn/v32/titlebg.png HTTP/1.1
Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: p0.123.sogoucdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Sat, 31 May 2014 21:20:18 GMT
Content-Type: image/png
Content-Length: 2842
Last-Modified: Wed, 20 Jun 2012 04:23:24 GMT
Connection: keep-alive
Expires: Mon, 30 Jun 2014 21:20:18 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
.PNG........IHDR.............b.......pHYs................OiCCPPhotosho
p ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE.........
..Q,......!.........{.k........>...........H3Q5...B..........@..$p.
...d!s.#...~<< ".....x.....M..0.....B.\[email protected]..@F....
&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH..
...........0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I.
 [email protected]..._-...."[email protected]~..,/...;.
.m..%..h^[email protected].~<<E.........J.B[a.W}.g._.W.l.~<..
....$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..&
gt;.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..?..
..D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/[email protected]..=p..
a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2...
.G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,..c.
."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.X
H,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,  .......3...!.[.
[email protected].(R.jJ....4..e.2AU..R...T.5.ZB...R.Q...4u.9...IK......h.h.i..t.
....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....J.&
..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.._.
.. .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....).).
.4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....Dw.
n.....^..Lo..y....}/.T.m...G.X...$.....<.5qo<./...QC][email protected]....
..<..F.F..i.\.$.m.m..&.&!&KM.M..RM..).;L;L........5.=1.2.......
<<< skipped >>>

GET /imgu/2014/05/20140526170756_638.jpg HTTP/1.1


Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: p0.123.sogoucdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Sat, 31 May 2014 21:20:24 GMT
Content-Type: image/jpeg
Content-Length: 5409
Last-Modified: Mon, 26 May 2014 09:07:56 GMT
Connection: keep-alive
Expires: Mon, 30 Jun 2014 21:20:24 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
......JFIF.............0Exif..II*.......1...............VVV.meitu.com.
...C..................................................................
..C...................................................................
....=._...............................................................
}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUV
WXYZcdefghijstuvwxyz..................................................
......................................................................
......w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFG
HIJSTUVWXYZcdefghijstuvwxyz...........................................
.........................................?....x@..........'_.H. .#S...
/....;6......O...1...c...;q3..k..j~g*2N{..z.....).|..f.Tpi...I..^ho..-
.....5..eo.i:.6v...^I,e.cnw6.[.p..5...<5.'.f...u.]TI7..v.......k.L^
"....u... .d..|.......G8$.^..<......QQ..G.G._..C.......<.~..K..K
......JD.W3I.......g'......Th..CyN.......8!...).........x.V..H...l...(
9.k.....8\.-.....2j..J....19.>.I..2qw9(>[email protected].=74U.tK....v
...hs...o|s.KgC}.7..'..R.$......I6R>..{[email protected]...
.</...[...$.1.$\0?.Z..H.].t.^....ec.r............! ...O.|%.>0D..
..."l..z`T...(a.);..VwG..x/........,...4.c,...H......X.n*/.EI]..I....7
k.;._J.m>..h>....mR.<qjl...............Z.....\.x..>.p.G/.J
./..}O;.</..S...]...Z._.........N.lQ.#..D....M{.qY. ..e....e/.Z.Nin
..G.......4...>p....t.Y.4..o..<6.8...O...._.ay.I:.7.....|.Y..q..
.2.kg.H.G...).. ..#.N...~...& .J..PF\D..FQ....'c........M<..i..
<<< skipped >>>


GET /imgn/sehome/tjv1/subnav_v41.png HTTP/1.1
Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: p0.123.sogoucdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Sat, 31 May 2014 21:20:18 GMT
Content-Type: image/png
Content-Length: 3655
Last-Modified: Mon, 28 Jan 2013 13:46:09 GMT
Connection: keep-alive
Expires: Mon, 30 Jun 2014 21:20:18 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
.PNG........IHDR...............x.....sBIT.....O.....PLTE"5R..L4s...$.?
....fff............iV*.ji......t.........hC...)Bd.....k...........f...
...9..............Q`w..Y[ZZ.......YRGGG;`......k.4/..B..E...J..f......
....`.....}...-D.....zq...f......rP..T........N....eW...i|...r..`..LGt
...dR....<..................O....T..........MI.../Kr.J-...........t
..e.....}}.....333..I......wvw`..I}........iC......4U.....( ..........
.......3.....W.....:.."w....S........n..x.....B.....\..sAj...r..b.....
...d...........}b...........IYq...9X......Jr......m9.....Q.........]..
.....a..:.yR..G......Lz.k..........~..f........IEq...Qp........... Fj.
...............................m..Ko....^9].........z........jW.......
.T....S7Qs.....[..W..C..J....................................b..Cm.R}.
...........J..')Jk{.......:..cl..=d......k..;..H.....jLt.B..f....tRNS.
......................................................................
......................................................................
......................................................................
.............................................s.......pHYs...........~.
....tEXtSoftware.Adobe FireworksO..N....tEXtXML:com.adobe.xmp.<?xpa
cket begin="   " id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmln
s:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/
02/12-17:32:00        "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1
999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:x
mp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com
<<< skipped >>>

GET /u/js/ufo2.js HTTP/1.1


Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: p0.123.sogoucdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Sat, 31 May 2014 21:20:19 GMT
Content-Type: application/x-javascript
Last-Modified: Tue, 06 Nov 2012 08:12:45 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Sat, 07 Jun 2014 21:20:19 GMT
Cache-Control: max-age=604800
Content-Encoding: gzip
600a...............v.G....<.....X.D.={...m.....MK.v7I{.R.A.......&l
t;.y..d.......!.g.Y..ZDU.=#.......]..M.|.....o.O..^..=\\.m..b9y4......
{...j.o...t1o..A.6>..G...}._....O.g....e..Y....e.x...W.....j...M.[.
...Yw..]..../{...b......n.;x..../F..w.%.G.Y.m....a.`.^.....l~S4.?:j...
...7..Y.U6[..n.=).......f]6..1..io1...../.I.u.^...u.mc..).....{..g =..
..f6k..o.`t.hPa.;.u.n....9j..............3.......u{w....4.J.....]X.Q..
.NK{<^,....|..f...Q.4.<.nOW_]]...0.(..f.dp.j.....t~S....f..h.e.h
.(..&.....y... {..g.....f.........f.?.6.([email protected]..[...
.*[email protected][email protected]>N.............l.wE?u%....l....Y...>u.W.
~.9.T0..G..........g.;(..js.Og..8a......V.W..`;.......?_.........a.q..
...*[email protected]..~5 ..u..<h...d}....4....u..J
p:.v...0...xhx..........9h.<>.........P5.!-...e..v..WM.K.Eg(....
0.n..W_.QN.v...}.e1f.....*&.aP.[.yw.._.. ..3...r].Mhr>...$|.6.....S
N.G..E.=.y..;.=).G...[0.Zm.G#.`X..........y...?.O.v..4o..M.... ..MGc..
>B...fV......<....~o_..IY/.........]....C.0....2..aN........w...
.w..n.n....u.|}5....b^..L....?x.>...h#.lY...&..V.c#...o. ..k?....vK
#.....l....^.`..0..t./..u.vS.H}.e....&v....m....02\.b?v.".......... .W
.0......=z..p9...0..k..~....Z...\.W...N.i....."?5.3..p.....m....t^....
e....V'5c...|..|6.nb..W?9....,[;.\....K......F..8`...~.p...cq"....N..=
.C.<j....x.S<.....C."^..g.C;w.}D,......Q..`....V|h..._.w..N....0
.%..?.S....|.R}..........1......t<~29...A.N.g.....Z......H.....Ec1.
....^s_..<....[.7{...!.....u2.... ...b8.A1.B8-...]._7.Z5.0.....
<<< skipped >>>


GET /imgn/v32/logo_1112293.gif HTTP/1.1
Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: p5.123.sogoucdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Sat, 31 May 2014 21:20:18 GMT
Content-Type: image/gif
Content-Length: 4512
Last-Modified: Wed, 20 Jun 2012 04:23:24 GMT
Connection: keep-alive
Expires: Mon, 30 Jun 2014 21:20:18 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
GIF89a..B...................................J}.v....._.,..;..-a.5m.J..
Z..R..x..`....................................`..]..]..[..Y..V..R..N..
M~.Iy.Eq.Bm.[..f.._..O..a..V..\..Kw.Is.d..T..Rx'g.V..i..Mz.k..w.......
....................w..s..q..o..l..l..i..f..b..]..Ly.Hs.~..u..s..d.._.
.P|.Z..y..u..i..^.....|..r..u..o..k..e..\..a..Ox.h.....X.....{..j.(..#
\~4y.K..:w.4j.E..S..W..p..|.....w.....................................
..............z..h..e.....o.....y...........y.&..(..(..!p.&y.5..=..=..
<..;..<..D..G..;..C..B..J..A..;..O..N..L..O..S..S..L..Y..Y..R..D
..<q.^..a..h..f..e..{..^...........................................
......................................................................
......................................................................
....................!.......,......B........H......*\......#J.H.....3j
...... C..I....(S.\.....".i.G..Mr..M...g.k.....n.......'/.7.P.>....
.o..q..u .s....&.......;[email protected]..}[7
.\[email protected]]9r...}..[..6X.^A...n...........|x....../.F.N..rG..
[.721.-d...B...1t..1....vOU&p........x...r.... ........Cv,....8....3..
......:.|....-....I..}%...9.X.C8Yq..8=....).0....p..'.!D8..C.6.%.C..e.
!|...Cf.T0.. .$.9.P..1[m......Bl H...g.p..hF...y...;{9t..C...r.%..{L..
.@Kf.!..T@d...#.9....7.h#.....B.b.p..g`!..i\q..W.Q..o...4.}(...L.0.p..
I..u.D...h....JpA.G.z(..Y3O:[email protected]..........@...>...c8!n.d....b=.a
..2...C...? .......A....lE..c.01(`A..b3-6..CGv .0..%`...N0.....1..w...
9......*.Y. `.Y.C.....}..{..g.p.R.....t...}.$A T`.D..S..:(....\c56
<<< skipped >>>

GET /imgu/2014/05/20140526163043_207.jpg HTTP/1.1


Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: p5.123.sogoucdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Sat, 31 May 2014 21:20:24 GMT
Content-Type: image/jpeg
Content-Length: 5353
Last-Modified: Mon, 26 May 2014 08:30:43 GMT
Connection: keep-alive
Expires: Mon, 30 Jun 2014 21:20:24 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
......JFIF.............0Exif..II*.......1...............VVV.meitu.com.
...C..................................................................
..C...................................................................
....=._...............................................................
}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUV
WXYZcdefghijstuvwxyz..................................................
......................................................................
......w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFG
HIJSTUVWXYZcdefghijstuvwxyz...........................................
.........................................?...:f..&.......L..P[f x..=.`
UF6Z..&~b..b...Z/.e....a..a..|gc.......i2......<..f.....p..{\R....l
...m~.....^/...=..S.U.e`C...6..'.O...ge....O{.M.......gt,|[...nm.BnJ..
.,.4.F~..9.r .U...RV..7...`[email protected]...
.m4........q..J..~......;x..\..R..|ZM.c.^i.2G.F.#.".w*.B.......#vJJR..
.<..?......U.k...C...^Y....A..Ub..V(..>..p;C....I.M...(D.s..%...
es...._..m...{....uuu;.v.....e......s)J..5..|].....Z..|..;..B.!w.Etm.L
..|)..~Tp$&C.r..N.......`...M~....@...:.:..c...q.x|..}...W.Keb.C..|...
.r.....=.?J....<5/.....z..C.h.i.p...........u..u.?...1}......(.. .~
}...L....Q.......5.|k..G.g...ou=n.k...)y$.Y...O/#3.I.$..../{.j.....x..
..m..{.... ....N:...j..D....M...X..s..D..]...F.Ny<..S~.y...:].D...?
....._.....Eol.][$P..x.b.!...3..^d.Jt...{O*.R..Q..l.. .o.$...j.G..gL..
..t..m..w..WS....P].U.R...&.,^aG..B.D.2x8.<...&.'.....q.H...\?.
<<< skipped >>>

GET /imgu/2013/08/20130830161205_609.gif HTTP/1.1


Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: p5.123.sogoucdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Sat, 31 May 2014 21:20:24 GMT
Content-Type: image/gif
Content-Length: 13241
Last-Modified: Fri, 30 Aug 2013 08:12:05 GMT
Connection: keep-alive
Expires: Mon, 30 Jun 2014 21:20:24 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
GIF89a........;\.%...1..... ........ .................................
.......................................!..XMP DataXMP<?xpacket begi
n="..." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adob
e:ns:meta/" x:xmptk="Adobe XMP Core 4.1-c034 46.272976, Sat Jan 27 200
7 22:37:37        ">.   <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/19
99/02/22-rdf-syntax-ns#">.      <rdf:Description rdf:about="".  
          xmlns:xap="hXXp://ns.adobe.com/xap/1.0/">.         <xa
p:CreatorTool>Adobe Fireworks CS3</xap:CreatorTool>.         
<xap:CreateDate>2007-01-04T22:10:31Z</xap:CreateDate>.    
     <xap:ModifyDate>2013-08-30T08:11:54Z</xap:ModifyDate>
.      </rdf:Description>.      <rdf:Description rdf:about=""
.            xmlns:dc="hXXp://purl.org/dc/elements/1.1/">.         
<dc:format>image/gif</dc:format>.      </rdf:Descriptio
n>.   </rdf:RDF>.</x:xmpmeta>.                         
                                                                      
     .                                                                
                                    .                                 
                                                                   .  
                                                                      
                            .                                         
                                                           .          
                                                                  
<<< skipped >>>


GET /imgn/123ie/search_arrow.gif HTTP/1.1
Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: p7.123.sogoucdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Sat, 31 May 2014 21:20:18 GMT
Content-Type: image/gif
Content-Length: 447
Last-Modified: Wed, 25 Jul 2012 09:14:49 GMT
Connection: keep-alive
Expires: Mon, 30 Jun 2014 21:20:18 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
GIF89a................$..................O...........FC...............
QRR...{......{z.......m..li......fff......B...... %.<3.......l2.o.e
l......8.nWz{{58=.J....#r.T.....'....r|......Z.x4....&&'S.z...........
...3......YQ.............El..d,...4?......e...W...e.R}.....v....-.....
.... *.f...vQ...9.h..............b....s..r.....M.{dY.x.....F.IJw..j...
.l...)p]_..6.R...Xeqy2AvcY."y....i.....f..........!.....~.,...........
.~..............x.....x......;..



GET /imgu/2013/05/20130531144119_126.png HTTP/1.1
Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: p2.123.sogoucdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Sat, 31 May 2014 21:20:18 GMT
Content-Type: image/png
Content-Length: 13613
Last-Modified: Fri, 31 May 2013 06:41:19 GMT
Connection: keep-alive
Expires: Mon, 30 Jun 2014 21:20:18 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
.PNG........IHDR.......2.............pHYs................MiCCPPhotosho
p ICC profile..x..SwX...>..e.VB....l.."#[email protected]..
..H....(.gA..Z.U\8.....}z............y.....&...j.9R.<:...OH......H.
. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....
ly|B"......I>..................(G$.@..`U.R,......@"......Y.2G.....v
.X..@`...B,.. 8..C.... L..0...._p..H.......K.3.....w....!..l.Ba.).f.."
...#.H..L.........8?......f.l.....k.o">!.........N..._....p...u.k.[
..V.h..][email protected].<......%b..0..>[email protected].@...
...qanv.R....B1n..#......)..4.\,...X..P"M.y.R.D!......2......w....O.N.
...l.~.....X.v.@~.-......g42y.......@ ...........\...L....D..*.A......
........a.D@.$.<.B........A.T.:.............18....\..p..`........A.
..a!:..b.."......"aH4... ...Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u
@.......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v..
..a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._
.H$....N.!%.2I.IkH.H-.S.>..i.L&..m....... ......O.......:...L..$R..
.J5e?....2B...Q.......:.ZIm.vP/S...4u.%...C..-....igi.h/.t.....E....k.
......w......Hb(.k.{...../.L......T0.2..g...oUX*.*|.....:.V.~...TUsU?.
y..T.U..^V}.FU.P.........U..6..RwR.P.Q_.._...c....F..H.Tc....!..2e.XB.
rV..,k.Mb[...Lv...v/{LSCs.f.f.f..q.......9..J.!...{-.-?-..j.f.~.7.z...
b.r......up.@.,..:m:.u..6.Q....u..>.c.y.........G.m..........704.6.
.l18c...c.k.i........h...h..I.'.&..g.5x.>f.o.b.4.e.k<abi2.......
)..k.f....t...,.......9..k.a........E..J.6.....|...M....V>VyV.V
<<< skipped >>>


GET /material/d7/4/a9ac5ed3b828895d94097c8c6faba.jpg HTTP/1.1
Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/shehui_509_366.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cache.adm.cnzz.net
Connection: Keep-Alive


HTTP/1.1 302 Found
Server: ATS/3.2.0
Date: Sat, 31 May 2014 21:20:39 GMT
Content-Type: text/html
Content-Length: 266
Location: hXXp://cache.adm.cnzz.net/noname.gif
Age: 0
Via: http/1.1 l2hk1 (ATS [cMsSf ]), http/1.1 de1 (ATS [cMsSf ])
Connection: keep-alive
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">..<html>
..<head><title>302 Found</title></head>..<b
ody bgcolor="white">..<h1>302 Found</h1>..<p>The 
requested resource resides temporarily under a different URI.</p>
;..<hr/>Powered by Tengine/1.4.2..</body>..</html>..
...



GET /stat.htm?id=5645354&r=http://VVV.mdtxw.org/miniindex/&lg=en-us&ntime=1401571241&repeatip=0&rtime=0&cnzz_eid=2021759436-1401571240-&showp=1024x768&st=-17587&sin=none&t=undefinedundefinedundefined&rnd=264778236 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/meinv.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: hzs10.cnzz.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine/1.4.1
Date: Sat, 31 May 2014 21:20:42 GMT
Content-Type: image/gif
Content-Length: 43
Last-Modified: Tue, 28 May 2013 02:57:17 GMT
Connection: close
Accept-Ranges: bytes
GIF89a.............!.......,...........D..;..



GET /miniindex/inc/stylemini.css HTTP/1.1
Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 11323
Content-Type: text/css
Last-Modified: Thu, 10 Apr 2014 18:35:54 GMT
Accept-Ranges: bytes
ETag: "0a189b4eb54cf1:420"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 21:20:35 GMT
img{border:0}..#mini_wrap .bor_n {...border: 0px currentColor;..}..#mi
ni_wrap .none {...display: none;..}..#mini_wrap {.....}..#closehBtn {.
..background: url("close.png") no-repeat 0px 0px; padding: 0px; top: 0
px; width: 40px; height: 19px; color: rgb(11, 59, 140); font-size: 14p
x; vertical-align: 0px; position: relative;..}..#closehBtn:hover {...b
ackground: url("close.png") no-repeat -40px 0px;..}..#minBtn {...backg
round: url("min.png") no-repeat 0px 0px; padding: 0px; top: 0px; width
: 27px; height: 19px; color: rgb(11, 59, 140); font-size: 14px; vertic
al-align: 0px; position: relative;..}..#minBtn:hover {...background: u
rl("min.png") no-repeat -27px 0px;..}...wrapper {...margin: 0px auto; 
width: 698px; height: 399px; text-align: left;..}...normal_bg {...back
ground: url("normal_bg.png") no-repeat 0px 0px rgb(255, 255, 255);..}.
..body_bg {...position: relative;..}...header {...width: 698px; height
: 33px;..}...nav_box .refresh_box a {...background-image: url("ico_new
2.png"); background-repeat: no-repeat;..}...nav_box .on_bg {...backgro
und-image: url("ico_new2.png"); background-repeat: no-repeat;..}...nav
_box {...padding: 4px 0px 0px 10px; width: 688px;..}...nav_box span {.
..color: rgb(188, 202, 224); float: left;..}...nav_box a {...width: 45
px; height: 26px; text-align: center; color: rgb(11, 59, 140); padding
-top: 3px; font-size: 14px; text-decoration: none; display: inline-blo
ck; position: relative; _vertical-align: middle;..}...nav_box .on_bg {
...background-position: 0px -460px; left: 18px; width: 9px; height
<<< skipped >>>

GET /miniindex/xinwen.htm?time=undefined HTTP/1.1


Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://VVV.mdtxw.org/miniindex/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 7368
Content-Type: text/html
Last-Modified: Wed, 16 Apr 2014 14:44:27 GMT
Accept-Ranges: bytes
ETag: "5947395e8259cf1:420"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 21:20:36 GMT
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "htt
p://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<HTML xm
lns="hXXp://VVV.w3.org/1999/xhtml"><HEAD><META content="IE
=10.000" http-equiv="X-UA-Compatible">. ..<meta http-equiv="Cont
ent-Type" content="text/html; charset=gb2312">.. ..<meta name="r
obots" content="noindex, nofollow,nosnippet,noarchive,noodp">..<
title>......</title>..<link href="inc/style.css" rel="styl
esheet" type="text/css">.. ..<style type="text/css">..       
     * { padding:0px;..                margin:0px;..            }..   
         .roll-news {..                width:220px;..                h
eight:150px;..                border:solid 1px #c1c1c1;..             
   overflow:hidden;..            }..            .roll-news-index-hover
 {..                background-color:white !important;..            }.
.            .roll-news-image a img {..                width:220px;.. 
               height:150px;..            }..            .roll-news-in
dex {..                position:relative;..                top:-22px;.
.                float:right;..                width: 60px;..         
   }..            .roll-news-index li {..                list-style:no
ne;..                float:left;..                font-size:12px;..   
             font-weight:600;..                width:8px;..           
     height:16px;..                line-height:16px;..                
cursor:pointer;..                margin:0 3px 0 0;..              
<<< skipped >>>

GET /miniindex/shehui_509_366.htm?time=undefined HTTP/1.1


Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://VVV.mdtxw.org/miniindex/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 12927
Content-Type: text/html
Last-Modified: Mon, 14 Apr 2014 11:01:16 GMT
Accept-Ranges: bytes
ETag: "0263cdbd057cf1:420"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 21:20:36 GMT
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "htt
p://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xm
lns="hXXp://VVV.w3.org/1999/xhtml"><head><meta http-equiv=
"Content-Type" content="text/html; charset=GBK">..<title>mini
_509_366</title>..<base href="." target="_blank" />..    .
.<style type="text/css">../*....*/..html,..body{ overflow:hidden
; }..body,div,dl,dt,dd,ul,ol,li,h1,h2,h3,h4,h5,h6,form,input,textarea,
p,th,td,button { padding:0; margin:0;}..input,label,select,option,text
area,button { font:12px/18px Simsun, Helvetica, Arial, sans-serif; }..
table { border-collapse:collapse; border-spacing:0; }..ul { list-style
:none; }..img { border:none; }..button { cursor:pointer; }..input,text
area { font-size:12px; }..body { font:12px/18px Simsun, Helvetica, Ari
al, sans-serif; text-align:center;}..a { text-decoration:none; color:#
333333; }..a:hover { text-decoration:underline; color:#BD0A01; }..::se
lection {background-color:#669800;color:#FFFFFF;}..::-moz-selection {b
ackground-color:#669800;color:#FFFFFF;}...list_pic li.noMargin{margin:
0}../*global*/...more,...home,...at_me { display:inline-block; }...wb_
ico { background-position:right 3px; padding-right:10px; }...more_box{
 margin-left:4px; position:relative;}...more { width:6px; height:5px; 
position:absolute; left:0;_left:4px; top:3px; background-position:-14p
x -40px; }...vico { background-position:0 -114px; padding-left:23px; }
...vico_right{ padding-right:20px; background-position:right -496p
<<< skipped >>>

GET /miniindex/meinv.htm?time=undefined HTTP/1.1


Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://VVV.mdtxw.org/miniindex/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 6471
Content-Type: text/html
Last-Modified: Mon, 14 Apr 2014 11:01:42 GMT
Accept-Ranges: bytes
ETag: "06fbbead057cf1:420"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 21:20:37 GMT
<!DOCTYPE html PUBliC "-//W3C//DTD Xhtml 1.0 Transitional//EN" "htt
p://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xm
lns="hXXp://VVV.w3.org/1999/xhtml">..<head>..<meta content
="IE=10.000" http-equiv="X-Ua-Compatible"> ..<meta http-equiv="C
ontent-Type" content="text/html; charset=gb2312">.. ..<meta name
="robots" content="noindex, nofollow,nosnippet,noarchive,noodp">..&
lt;title>......</title>..<base target=_blank>..<link
 href="inc/style.css" rel="stylesheet" type="text/css">..<style 
type="text/css">...bj {background-color: #FFFFFF;float: left;height
: 336px;width: 509px;}...bj .top {float: left;height: 207px;margin-bot
tom: 3px;width: 509px;}...bj .top .top_left {float: left;height: 206px
;margin-right: 4px;width: 274px;}...txt1{ background: #000;line-height
: 30px;height: 30px;overflow: hidden;text-align: center;display: block
;color: #fff;margin: -29px 0 0 0;width: 231px;position: relative;opaci
ty: 0.7;filter: alpha(opacity=60);cursor: pointer;float: left;font-siz
e: 14px;}...bj .top .top_right {float: right;height: 207px;width: 231p
x;}...bj .top .top_right .right_01 {height: 95px;margin-bottom: 4px;}.
..txt2{ background: #000;line-height: 22px;height: 22px;overflow: hidd
en;text-align: center;display: block;color: #fff;margin: -21px 0 0 0;w
idth: 231px;position: relative;opacity: 0.7;filter: alpha(opacity=60);
cursor: pointer;float: left;font-size: 12px;}...bj .up {float: left;he
ight: 126px;width: 509px;}..ul {margin: 0;padding: 0;}...bj .up li
<<< skipped >>>

GET /miniindex/nvxing_509_366.htm?time=undefined HTTP/1.1


Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://VVV.mdtxw.org/miniindex/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 12745
Content-Type: text/html
Last-Modified: Mon, 14 Apr 2014 11:01:01 GMT
Accept-Ranges: bytes
ETag: "80544bd2d057cf1:420"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 21:20:37 GMT
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "htt
p://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xm
lns="hXXp://VVV.w3.org/1999/xhtml"><head><meta http-equiv=
"Content-Type" content="text/html; charset=GBK">..<title>mini
_509_366</title>..<base href="." target="_blank" />..    .
.<style type="text/css">../*....*/..html,..body{ overflow:hidden
; }..body,div,dl,dt,dd,ul,ol,li,h1,h2,h3,h4,h5,h6,form,input,textarea,
p,th,td,button { padding:0; margin:0;}..input,label,select,option,text
area,button { font:12px/18px Simsun, Helvetica, Arial, sans-serif; }..
table { border-collapse:collapse; border-spacing:0; }..ul { list-style
:none; }..img { border:none; }..button { cursor:pointer; }..input,text
area { font-size:12px; }..body { font:12px/18px Simsun, Helvetica, Ari
al, sans-serif; text-align:center;}..a { text-decoration:none; color:#
333333; }..a:hover { text-decoration:underline; color:#BD0A01; }..::se
lection {background-color:#669800;color:#FFFFFF;}..::-moz-selection {b
ackground-color:#669800;color:#FFFFFF;}...list_pic li.noMargin{margin:
0}../*global*/...more,...home,...at_me { display:inline-block; }...wb_
ico { background-position:right 3px; padding-right:10px; }...more_box{
 margin-left:4px; position:relative;}...more { width:6px; height:5px; 
position:absolute; left:0;_left:4px; top:3px; background-position:-14p
x -40px; }...vico { background-position:0 -114px; padding-left:23px; }
...vico_right{ padding-right:20px; background-position:right -496p
<<< skipped >>>

GET /miniindex/shehui_509_366.htm?time=undefined HTTP/1.1


Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://VVV.mdtxw.org/miniindex/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 12927
Content-Type: text/html
Last-Modified: Mon, 14 Apr 2014 11:01:16 GMT
Accept-Ranges: bytes
ETag: "0263cdbd057cf1:420"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 21:20:37 GMT
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "htt
p://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xm
lns="hXXp://VVV.w3.org/1999/xhtml"><head><meta http-equiv=
"Content-Type" content="text/html; charset=GBK">..<title>mini
_509_366</title>..<base href="." target="_blank" />..    .
.<style type="text/css">../*....*/..html,..body{ overflow:hidden
; }..body,div,dl,dt,dd,ul,ol,li,h1,h2,h3,h4,h5,h6,form,input,textarea,
p,th,td,button { padding:0; margin:0;}..input,label,select,option,text
area,button { font:12px/18px Simsun, Helvetica, Arial, sans-serif; }..
table { border-collapse:collapse; border-spacing:0; }..ul { list-style
:none; }..img { border:none; }..button { cursor:pointer; }..input,text
area { font-size:12px; }..body { font:12px/18px Simsun, Helvetica, Ari
al, sans-serif; text-align:center;}..a { text-decoration:none; color:#
333333; }..a:hover { text-decoration:underline; color:#BD0A01; }..::se
lection {background-color:#669800;color:#FFFFFF;}..::-moz-selection {b
ackground-color:#669800;color:#FFFFFF;}...list_pic li.noMargin{margin:
0}../*global*/...more,...home,...at_me { display:inline-block; }...wb_
ico { background-position:right 3px; padding-right:10px; }...more_box{
 margin-left:4px; position:relative;}...more { width:6px; height:5px; 
position:absolute; left:0;_left:4px; top:3px; background-position:-14p
x -40px; }...vico { background-position:0 -114px; padding-left:23px; }
...vico_right{ padding-right:20px; background-position:right -496p
<<< skipped >>>

GET /miniindex/meinv.htm?time=undefined HTTP/1.1


Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://VVV.mdtxw.org/miniindex/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 6471
Content-Type: text/html
Last-Modified: Mon, 14 Apr 2014 11:01:42 GMT
Accept-Ranges: bytes
ETag: "06fbbead057cf1:420"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 21:20:37 GMT
<!DOCTYPE html PUBliC "-//W3C//DTD Xhtml 1.0 Transitional//EN" "htt
p://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xm
lns="hXXp://VVV.w3.org/1999/xhtml">..<head>..<meta content
="IE=10.000" http-equiv="X-Ua-Compatible"> ..<meta http-equiv="C
ontent-Type" content="text/html; charset=gb2312">.. ..<meta name
="robots" content="noindex, nofollow,nosnippet,noarchive,noodp">..&
lt;title>......</title>..<base target=_blank>..<link
 href="inc/style.css" rel="stylesheet" type="text/css">..<style 
type="text/css">...bj {background-color: #FFFFFF;float: left;height
: 336px;width: 509px;}...bj .top {float: left;height: 207px;margin-bot
tom: 3px;width: 509px;}...bj .top .top_left {float: left;height: 206px
;margin-right: 4px;width: 274px;}...txt1{ background: #000;line-height
: 30px;height: 30px;overflow: hidden;text-align: center;display: block
;color: #fff;margin: -29px 0 0 0;width: 231px;position: relative;opaci
ty: 0.7;filter: alpha(opacity=60);cursor: pointer;float: left;font-siz
e: 14px;}...bj .top .top_right {float: right;height: 207px;width: 231p
x;}...bj .top .top_right .right_01 {height: 95px;margin-bottom: 4px;}.
..txt2{ background: #000;line-height: 22px;height: 22px;overflow: hidd
en;text-align: center;display: block;color: #fff;margin: -21px 0 0 0;w
idth: 231px;position: relative;opacity: 0.7;filter: alpha(opacity=60);
cursor: pointer;float: left;font-size: 12px;}...bj .up {float: left;he
ight: 126px;width: 509px;}..ul {margin: 0;padding: 0;}...bj .up li
<<< skipped >>>

GET /miniindex/inc/normal_bg.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 41703
Content-Type: image/png
Last-Modified: Thu, 10 Apr 2014 17:05:46 GMT
Accept-Ranges: bytes
ETag: "0511e1ddf54cf1:420"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 21:20:38 GMT
.PNG........IHDR.......!.......c.....sBIT....|.d.....pHYs...........~.
....tEXtSoftware.Adobe Fireworks CS5q..6....tEXtCreation Time.07/11/13
........prVWx......0...."k..a#...8.v..0...b!xkb8......I...I_..;\.uH.4.
.......1.]........,S..v.._.r...us...."MU.v.....j..j...Z..S...r..}.....
.|K...........w{\..p..........&b.....HmkBF............................
............................................).3...:.mkTSx..}Kl.Wvv.lY"
EQ..8..a......z. ....l.v.lu7%J1.TWwI.Q.L..(...#.......3..e.U&....>@
. H..Yg.eV3...s....u.Iv.I.h.............O........r.t......6|M.....2...
...{..3V.G.y..t..Z....;c.p.k=g\..now.....C8.......z.|4V....Me......X.k
e_....-.|.,.I.o..G.PYQ.d.Ke.v.;.8..6.{....U.zss.l..-...i.R..5....k..6.
W.M.O.il.....w.........f...u...[...}z.~..d...6....m...6w4.NsG..4w.lZd.
N..6.4n.l....*...Y6TF....iW.....Q.......1....6...B...a":Y.......Y%.~D0
......3..M....8t..>x.&...'jO......1. B.3.1.".S.L..I.2.^.1.j.G....`.
^F.....`x.a.'c..D.N...Qh.2E..R.1(....J.J...S.S.......E :.a.'.......S..
...i.9..(.ieH1.0Hm).z...t[>v...k.s.].*C.L..R4..<.dQ..mH..A..Y.}.
.2.y.S.g@~.;u... |.i....pL..2.....Z.D......D.J.4.8c..sZ.g.....F...7.E.
.H.<..)x.J..1.J..zj....sJ...S....2..A...AqD.."..I5.rn.....9..j.Y.. 
@.4...w.@[email protected]...}.,..6.
...c.;r..Fuj.......Y;@.^..G.v...".-/a.'..>l.@.,1V....0.T...g..f$...
..'.B.'....LQ.<....m..C...z..!.....A..1f .c..^....-.\...Z.8z..k..I.
...3d....>h...h...q....S....-..H....$7l...$.az$....j.>...P...XR.
....P..]4.z......,~....'........<}.M....R.8<f...........0..2
<<< skipped >>>

GET /miniindex/tj.js HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 279
Content-Type: application/x-javascript
Last-Modified: Thu, 10 Apr 2014 18:44:12 GMT
Accept-Ranges: bytes
ETag: "0665eddec54cf1:420"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 21:20:38 GMT
var cnzz_protocol = (("https:" == document.location.protocol) ? " http
s://" : " hXXp://");document.write(unescape(""));<
/font>....


GET /miniindex/inc/min.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 1080
Content-Type: image/png
Last-Modified: Thu, 10 Apr 2014 17:05:46 GMT
Accept-Ranges: bytes
ETag: "0511e1ddf54cf1:420"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 21:20:40 GMT
.PNG........IHDR...l.........u.......tEXtSoftware.Adobe ImageReadyq.e&
lt;....IDATx....k.Q...kfwf...F.B........ ..6.Z(.[..../..F.,l,E.". "./P
.....M.....}x...........i...9.|.~w.../..C.>FBIdq.....O?L.;...P.*..p
...WS.6._..^d..}.._..............D.. .*H.>.r)V.*k...k.kc.S........_
D.-..BJ.$...G...Y.\......lX.1D.......Z0H.\..*L..59B...... ...:CV0$a>
;...e....V3Q.g.`].$5.P........(.`....I...JlX:..7.U.#.X.....>K'..!..
Rj.!.&.k. ../#p.VY....-.tHLT..3#Q..D.GD...IL2;.q%-W$uK...D.> ....G.
...q....nY..QNK^j...Y.......b.f..0*.|.n.<.t|zP.c.g.0.K.. .R........
.=>... .../....8.t...H.).4.I. L.$.90s.3....S_:... ..<Hak5$yqz0.5
K.M....q4.g..........).d7..w......q.. h.M...*N...f...b..Gn=..<.}...
..&..~...B..~...y.D8.U2]/8.`%.E.F..l....~. .G..(l...L.JU.5.,=N.%..".2.
<[email protected].....=....C.h..~.z..qfU..*....#......o..8..a..<.....
*.b.0'Ga.........G..].jB.3}p1_i...6..J..)a......9Zf.k.b.|..6.J...a....
..^.G......j.u>........Q.5.u.....6....0%....Y..V..Q..K.RGj....a..&g
t;.../.....m.<..E..b.....d.{...s.L. -...$..6`?......<.[pKN.Rj..X
X4.... ;.N.'7..a.$6X3{..(.`z............[.?g.ab..z..U.....'d...B.;....
IEND.B`.....


GET /miniindex/inc/style.css HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/xinwen.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 3717
Content-Type: text/css
Last-Modified: Thu, 10 Apr 2014 16:40:38 GMT
Accept-Ranges: bytes
ETag: "0c7479adb54cf1:420"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 21:20:40 GMT
*{margin:0px;padding:0px;}..html,body {overflow: hidden;}..body {font:
 12px/18px Simsun, Helvetica, Arial, sans-serif; text-align: center; f
ont-size-adjust: none; font-stretch: normal;}..ul ,li{list-style: none
;}..a {color: rgb(51, 51, 51); text-decoration: none;}..a:hover {color
: rgb(189, 10, 1); text-decoration: underline;}..a,img{border:0px;}...
focus_filter {left: 0px; width: 100%; text-align: center; bottom: 0px;
 display: block; position: absolute; z-index: 3; cursor: pointer;}...f
ocus_filter {background: rgb(0, 0, 0); height: 21px; z-index: 1; opaci
ty: 0.6; -moz-opacity: 0.6;}...main {background: rgb(255, 255, 255); p
adding: 14px 0px 0px 14px; width: 509px; height: 352px; text-align: le
ft; float: left; position: relative; -ms-zoom: 1;}...main_left {backgr
ound: rgb(255, 255, 255); width: 222px; overflow: hidden; padding-righ
t: 20px; float: left;}...product_yl .list_news_yl1 {padding: 4px 0px; 
margin-bottom: 3px; border-bottom-color: rgb(139, 140, 140); border-bo
ttom-width: 1px; border-bottom-style: dotted;}...mod_left {margin-top:
 10px;}...list_pic {width: 222px; overflow: hidden; -ms-zoom: 1;}...li
st_pic ul {width: 232px;}...list_pic li {margin-right: 10px; float: le
ft;}...list_pic li a {padding: 2px; border: 1px solid rgb(221, 223, 22
2); width: 100px; float: left;}...list_pic li a img {width: 100px; hei
ght: 65px;}...list_pic li a span {height: 19px; text-align: center; pa
dding-top: 6px; display: block; cursor: pointer;}...list_pic li a:hove
r {text-decoration: none;}...list_pic li a:hover img {text-decorat
<<< skipped >>>

GET /miniindex/images/b14.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/xinwen.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 40898
Content-Type: image/jpeg
Last-Modified: Mon, 14 Apr 2014 07:49:40 GMT
Accept-Ranges: bytes
ETag: "0c21517b657cf1:420"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 21:20:40 GMT
......JFIF.....H.H..... Exif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................H.......H
....Adobe Photoshop CS Windows.2014:04:14 15:49:39....................
.................................................................&.(..
.......................................H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................f...."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?.....N%.....Dj...V}../t.}..../...*.
KH.\7W.7t..9..>...............u............v..e. 8.......u~.....?..
... .Y[...m5...5..^.c..7{.......q>...[...'.....7.Y.....L.........L.
..K..8...).K.....:.........&..'....\.j.E.....G.-g2.t-...h....SE8....g.
.N.0..t...tQe.)....tm...k. .......ur>.....Lhm..[.#MWB.2K W>>.
?r.......v.=..D...`....S...}^..V..b.u.c.V..2.j&......=..\}.....Vh..G.k
mc...H./N..T.....m~...l;..i..r,kE..\.......3].....?..?1.c.8......e....
.j.DJ.....=......B.....z.G...62.X...4.......*wu....mk...~j..'.. .q.w.&
gt;. .4..9.>....W.F.o..'.i.y&.../c.P.K..gN..~T..2...D.LsOhU.gtB....
@.x.UNY*&.P..US...pn..W4...u[...b.<[email protected]
<<< skipped >>>

GET /miniindex/images/b16.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/xinwen.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 43598
Content-Type: image/jpeg
Last-Modified: Mon, 14 Apr 2014 08:01:35 GMT
Accept-Ranges: bytes
ETag: "801942c1b757cf1:420"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 21:20:40 GMT
......JFIF.....H.H......Exif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................H.......H
....Adobe Photoshop CS Windows.2014:04:14 16:01:34....................
.................................................................&.(..
.......................................H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................f...."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?..{..h....iku..C.v..8D.. 1...5'r.5.
.}....)T.....sv...'E'....'D.T....?w..j.....8l....]...c...G........C.Ce
.DhH.0....L.N.......;..H........F..s..v...A...._...ICu.v.vC.F0>.;..
.......;.c6.....t~.^NCr^.|:X.k.....&.R..k=/O....'. .~...|..l..9..-.#A.
.O...5ut............c.` ...c.^..&(e=H.."46G...]g.=.8Y./...V..z.6~.. ..
1.G._N.z....U..U.`...O.f.o{e..[K..............]n}..u..^..m..-l.5..t?..
.k.. w....."..-.....:.....^........t...........Sv......5._c.!.....s. .
Kk.m..kO..v.{N.b...}......A.......I..1.h..!...&O.W..._........C..T....
.....gJ..X.."!:........{........?.]..;.V.'B..T9.X.{....".[..."..3}.]. 
Y.....g.*9..G<}....P.uE.7*.....q.....?h.......O'.[t<.....V..
<<< skipped >>>

GET /miniindex/images/b18.JPG HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/xinwen.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 23977
Content-Type: image/jpeg
Last-Modified: Mon, 14 Apr 2014 08:14:46 GMT
Accept-Ranges: bytes
ETag: "01fbb98b957cf1:420"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 21:20:41 GMT
......JFIF.....H.H......Exif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................H.......H
....Adobe Photoshop CS Windows.2014:04:14 16:14:46....................
.........l...........A...........................................&.(..
.......................................H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................A.l.."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?..w=.Ku vX...~U..p.iM.....ec...'r..
...g.:...N.e.].^...v=O?E.7}t..%..i.8.C...D.t.a...%...........?$.-.k...
.F...K{~sTs....4........].d/L3...N..R<...T.2F2......;..nt..Y..4....
W.....C|..;.}z......H.. o.a...K}.z.I........X...CuN..w}N..5..o..`...k.
......7...?GN....-.;[email protected].'.|.8...#,....8&v.a.Ay......
?=....W.W......KA.}.WG..W[.:.u.....^K....4h...........5..->.\d.....
.R..L..w.... G....q.....)......W.,..2..l........52..g}..L..?[..O..Sg.?
......}......G.X....C..f.N...b6}/..#..xA..`....u.>O...,..4...y..v5.
Y]...RK...t..R....].y..M...>.. .c?7.2...n{..Y.CI..O....f.g..l..."h.
.....5/[email protected]..^...u.;...1..........kk.[.j.......3
<<< skipped >>>

GET /miniindex/inc/style.css HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/meinv.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 3717
Content-Type: text/css
Last-Modified: Thu, 10 Apr 2014 16:40:38 GMT
Accept-Ranges: bytes
ETag: "0c7479adb54cf1:420"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 21:20:41 GMT
*{margin:0px;padding:0px;}..html,body {overflow: hidden;}..body {font:
 12px/18px Simsun, Helvetica, Arial, sans-serif; text-align: center; f
ont-size-adjust: none; font-stretch: normal;}..ul ,li{list-style: none
;}..a {color: rgb(51, 51, 51); text-decoration: none;}..a:hover {color
: rgb(189, 10, 1); text-decoration: underline;}..a,img{border:0px;}...
focus_filter {left: 0px; width: 100%; text-align: center; bottom: 0px;
 display: block; position: absolute; z-index: 3; cursor: pointer;}...f
ocus_filter {background: rgb(0, 0, 0); height: 21px; z-index: 1; opaci
ty: 0.6; -moz-opacity: 0.6;}...main {background: rgb(255, 255, 255); p
adding: 14px 0px 0px 14px; width: 509px; height: 352px; text-align: le
ft; float: left; position: relative; -ms-zoom: 1;}...main_left {backgr
ound: rgb(255, 255, 255); width: 222px; overflow: hidden; padding-righ
t: 20px; float: left;}...product_yl .list_news_yl1 {padding: 4px 0px; 
margin-bottom: 3px; border-bottom-color: rgb(139, 140, 140); border-bo
ttom-width: 1px; border-bottom-style: dotted;}...mod_left {margin-top:
 10px;}...list_pic {width: 222px; overflow: hidden; -ms-zoom: 1;}...li
st_pic ul {width: 232px;}...list_pic li {margin-right: 10px; float: le
ft;}...list_pic li a {padding: 2px; border: 1px solid rgb(221, 223, 22
2); width: 100px; float: left;}...list_pic li a img {width: 100px; hei
ght: 65px;}...list_pic li a span {height: 19px; text-align: center; pa
dding-top: 6px; display: block; cursor: pointer;}...list_pic li a:hove
r {text-decoration: none;}...list_pic li a:hover img {text-decorat
<<< skipped >>>


GET /miniindex/images/aaa3.jpg HTTP/1.1
Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/meinv.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 67971
Content-Type: image/jpeg
Last-Modified: Mon, 14 Apr 2014 09:29:12 GMT
Accept-Ranges: bytes
ETag: "0a4acfec357cf1:420"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 21:20:41 GMT
......JFIF.....`.`.....fExif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................`.......`
....Adobe Photoshop CS Windows.2014:04:14 17:01:17....................
.................................................................&.(..
...............................0.......H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................x...."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?..EU....G.S.........H)..3.....?{..$
..k..7}.?..t ...N&`|..~......d.&.............. y...q.........?...K..l.
....R......?...v..I.g.Dy6...w.n......m..R...?.j.....lI i...G.o.>...
}......E.nuB.5$3.......}...e.c.E8-6.[.v...k_f......k)o......]......6..
.1..s......_.. .....].....7..g....z...w.k...j.~..........]..[.P#k.}nic
.?....\....Z...9.]=.O.f......Pyy..L......u....v.z...G..........u.....n
....n......"[email protected]\OG*...s..*...e..kl;^.....W...W...Y..o.....7....s}.
Xw4.i......c..5...g....N'VcH...A.g....%..Dw.....fQw...9pV...w8.6....{.
....]...q=7)...e........z.#.^.e.;..~;...JYW...U...Z.:*W......U?s_.....
.....B...H*L.A... .N.(...3..Q.._.U..A..:....?.........~.._.>z.Y
<<< skipped >>>

GET /miniindex/images/aaa1.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/meinv.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 45855
Content-Type: image/jpeg
Last-Modified: Mon, 14 Apr 2014 09:29:12 GMT
Accept-Ranges: bytes
ETag: "0a4acfec357cf1:420"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 21:20:43 GMT
......JFIF.....`.`......Exif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................`.......`
....Adobe Photoshop CS Windows.2014:04:14 16:43:10....................
.....................^...........................................&.(..
...............................w.......H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................A...."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?..~..e........l%.....Y{.m.9..V.[..^
...3..4N..X.........m.. .U.?....u.Q.y....!.9....NN.S\....*......Z?...d
`uW.9.....1{..Xo..G....V.~{.W....S. .09*P.~..}_V.......qlr......K.zKP.
}g.y....nE..5.8TN!{....K\.O.w...UuZ....[U....t.....6<u.....[..[_S..
..I...g........^.h.^?..*Et.["..\CZ.K.x...s.........y..QwM.>..w.....
.Z..EWdc.Z.,.........k}e...Z..3G7....I....y]?Xp......N8~]..m.4}..#!...
.W................w.K\..B4#.....{(cf.g...k.}o.....<....o...>.#1.
^.D....y__...u..7]g...[..>.]......Y.w..WW.Z..-q.B4\?B.......2.FV].s
l..z..W4[.{.s....A....I.\.j...UR].1..8.;..nw... .bH.<Z]o..tN.......
UU.7.c.eU....Z......tN...]E.....H....-...u.......*.72..MM..Y.r..v.
<<< skipped >>>

GET /miniindex/images/aaa7.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/meinv.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 24446
Content-Type: image/jpeg
Last-Modified: Mon, 14 Apr 2014 09:29:12 GMT
Accept-Ranges: bytes
ETag: "0a4acfec357cf1:420"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 21:20:43 GMT
......JFIF.....`.`......Exif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................`.......`
....Adobe Photoshop CS Windows.2014:04:14 17:21:08....................
.........}...........~...........................................&.(..
.......................................H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................~.}.."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?.......\.......'..r~....N.....F...:
.......e..P4.....z6.tuf...c,n.j.N....Q.=..;<.'...X.....:.'A....:W@.
.0]s..V....G.......P.O.`|...2.ve..Ya;...a#-5)[email protected].. .......O.h.n
....i;M..s... c].....gfSsG.]#.5..|.K.a.X..!.c.:.O.....&.....~v....}i..
..r.}.u.>f..7m../.......\.r..II$..RS9 .*.'.M.g.J..S...J.Gu.32.I)...
.u<..k-;[.]...]o...9C9.Yok1\.q&...Z.....&...d ...r~..A.V.....K...%y
g....}1.... .}......~.......V...\KY..<.T9"j...ZOceX..h...@#.<..O
..j.syQ.F&.$.......&.K] ....W=.>.tN./..b.#[i..|l.......h....:L...W.
f}Y..X..2$:?;.aK....9. w..........O........]..1^....u.{3.l..z.....{...
v..kY;~.......4Y.cZ..:...X...........x"..i>.,p..6.`.O.c........
<<< skipped >>>

GET /miniindex/images/aaa9.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/meinv.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 23028
Content-Type: image/jpeg
Last-Modified: Mon, 14 Apr 2014 09:29:12 GMT
Accept-Ranges: bytes
ETag: "0a4acfec357cf1:420"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 21:20:44 GMT
......JFIF.....`.`.....DExif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................`.......`
....Adobe Photoshop CS Windows.2014:04:14 17:26:02....................
.........}...........~...........................................&.(..
.......................................H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................~.}.."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?...m/.'....s.........5n....?.T<x
...S [email protected].]..~.UC [email protected].\.)k..$..?....uln...
.}........N...v..(.. .%Oc.Ki............1.KA\.B.wQ..9.m.m .!....#s.|..
...G..3..o.........8}..c}m. v?P......A.H......PDvY.S.......t...M$v.LA.
.O3..0...c..6K.......u.P....v...>......[....X...lct..5....U.4..!..z
....z.....o.p..u<....u`4i. y=q...c.TX.....qY...}.,p,..p..J~(HkWi...
u....y..N....)p....^..._Q.fM\Z. vt/%.....H8...l.......Wv>G.lt2..N..
....'e..5kO....O..6..2[..d\....o...k..G...... ..A~...^..X.)s.Hm.p-=.n.
............{L.q..........t..r5...........b......i.y*A..(.%..xR.ap....
[email protected](L..p;........a..........gHu}...>>.....ZX.$...
<<< skipped >>>

GET /miniindex/inc/style.css HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/xinwen.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 3717
Content-Type: text/css
Last-Modified: Thu, 10 Apr 2014 16:40:38 GMT
Accept-Ranges: bytes
ETag: "0c7479adb54cf1:420"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 21:20:44 GMT
*{margin:0px;padding:0px;}..html,body {overflow: hidden;}..body {font:
 12px/18px Simsun, Helvetica, Arial, sans-serif; text-align: center; f
ont-size-adjust: none; font-stretch: normal;}..ul ,li{list-style: none
;}..a {color: rgb(51, 51, 51); text-decoration: none;}..a:hover {color
: rgb(189, 10, 1); text-decoration: underline;}..a,img{border:0px;}...
focus_filter {left: 0px; width: 100%; text-align: center; bottom: 0px;
 display: block; position: absolute; z-index: 3; cursor: pointer;}...f
ocus_filter {background: rgb(0, 0, 0); height: 21px; z-index: 1; opaci
ty: 0.6; -moz-opacity: 0.6;}...main {background: rgb(255, 255, 255); p
adding: 14px 0px 0px 14px; width: 509px; height: 352px; text-align: le
ft; float: left; position: relative; -ms-zoom: 1;}...main_left {backgr
ound: rgb(255, 255, 255); width: 222px; overflow: hidden; padding-righ
t: 20px; float: left;}...product_yl .list_news_yl1 {padding: 4px 0px; 
margin-bottom: 3px; border-bottom-color: rgb(139, 140, 140); border-bo
ttom-width: 1px; border-bottom-style: dotted;}...mod_left {margin-top:
 10px;}...list_pic {width: 222px; overflow: hidden; -ms-zoom: 1;}...li
st_pic ul {width: 232px;}...list_pic li {margin-right: 10px; float: le
ft;}...list_pic li a {padding: 2px; border: 1px solid rgb(221, 223, 22
2); width: 100px; float: left;}...list_pic li a img {width: 100px; hei
ght: 65px;}...list_pic li a span {height: 19px; text-align: center; pa
dding-top: 6px; display: block; cursor: pointer;}...list_pic li a:hove
r {text-decoration: none;}...list_pic li a:hover img {text-decorat
<<< skipped >>>

GET /miniindex/images/b14.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/xinwen.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 40898
Content-Type: image/jpeg
Last-Modified: Mon, 14 Apr 2014 07:49:40 GMT
Accept-Ranges: bytes
ETag: "0c21517b657cf1:420"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 21:20:44 GMT
......JFIF.....H.H..... Exif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................H.......H
....Adobe Photoshop CS Windows.2014:04:14 15:49:39....................
.................................................................&.(..
.......................................H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................f...."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?.....N%.....Dj...V}../t.}..../...*.
KH.\7W.7t..9..>...............u............v..e. 8.......u~.....?..
... .Y[...m5...5..^.c..7{.......q>...[...'.....7.Y.....L.........L.
..K..8...).K.....:.........&..'....\.j.E.....G.-g2.t-...h....SE8....g.
.N.0..t...tQe.)....tm...k. .......ur>.....Lhm..[.#MWB.2K W>>.
?r.......v.=..D...`....S...}^..V..b.u.c.V..2.j&......=..\}.....Vh..G.k
mc...H./N..T.....m~...l;..i..r,kE..\.......3].....?..?1.c.8......e....
.j.DJ.....=......B.....z.G...62.X...4.......*wu....mk...~j..'.. .q.w.&
gt;. .4..9.>....W.F.o..'.i.y&.../c.P.K..gN..~T..2...D.LsOhU.gtB....
@.x.UNY*&.P..US...pn..W4...u[...b.<[email protected]
<<< skipped >>>

GET /miniindex/images/b15.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/xinwen.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 38304
Content-Type: image/jpeg
Last-Modified: Mon, 14 Apr 2014 07:58:46 GMT
Accept-Ranges: bytes
ETag: "0bf865cb757cf1:420"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 21:20:44 GMT
......JFIF.....H.H.....>Exif..MM.*.............................b...
........j.(...........1.........r.2...........i.................H.....
..H....Adobe Photoshop CS Windows.2014:04:14 15:58:46.................
....................................................................&.
(.........................................H.......H..........JFIF.....
H.H......Adobe_CM......Adobe.d........................................
......................................................................
...................................f...."................?............
..............................................................3......!
.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'..
.............Vfv........7GWgw........................5.....!1..AQaq"..
2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F............
...Vfv........'7GWgw.................?....Ny)*..Jb..RS..T..IH.....%...
......=l..i<.......{..?z......w..2...{}...........'.S..-..e_b6XH!..
....WzV{..jt...............?Q.6N.rn........W..?X...t....)m7. .Iq.....7
.s.....h..S,"fk.]].#E...$...X.).r....1R*%%1L.S$.....d.UY.....6..A.i..m
{....z.:..Y....l,.`k.C...3.Qg.........oV...g...........MZ..{.a........
.Z....... y..fQc3k.%......67_.....clg. A.~...A.(b2<W.d..."=.bTJ)...
?r....?qR.<...K.........4.k...]7.:.v.......nf.=..]F{.02K.`T.dx4.n..
....".w..GVD...h.D...2..3..>;/...."@.........)~=N...{@.{...=..w.!.7
..Y.....vz.eU....V...s_.s....N{)....S0.W;.>..;~....v.&V...fc./g.k`.
f..q.z..'.*x.~.j1.YHt.....ng `....D.K^/SQ1R*%\s.*%H..T..).b....$..
<<< skipped >>>

GET /miniindex/images/b17.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/xinwen.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 40997
Content-Type: image/jpeg
Last-Modified: Mon, 14 Apr 2014 08:05:38 GMT
Accept-Ranges: bytes
ETag: "0f51852b857cf1:420"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 21:20:45 GMT
......JFIF.....H.H......Exif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................H.......H
....Adobe Photoshop CS Windows.2014:04:14 16:05:37....................
.................................................................&.(..
...............................{.......H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................f...."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?..uM...[O |T.......=;h.<..O...F.
....x..R.x}...8.>.xG...'i...2;.1.R.3.>...ILt.I.?"....V.......a..
.. .US~..].kr)$../k\..J1.$.t...:mG%...K..z. z...e....=.....u*..,[.T...
.w[E..Z.....p_VG........X...m.... .....v..q..q....Tv...73w.u..@f...,xG
.yk......S1.k....7G.v............R.h5....;......C....)....&....}...j..
....k}`U0m..~.....o."..H_v.......<.L%.`.I;.Q...lo...Q.!...C.......q
.....g.F.)aE.r.../...t|.g.!1.D..?uF\u!.....h.....t......#.).O...G.Q2u.
........P$p....O..#.RB..@.....>T......xG."Q.}.2...l..u...8.....s...
.3z.h...q......\...o...UM.u.....O..3.}[ki...U./........?....H...xB...[
.........K....w.....(.C.|...c..8....-..U........v..Wn.g....s=oQ{.v
<<< skipped >>>

GET /miniindex/images/b18.JPG HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/xinwen.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 23977
Content-Type: image/jpeg
Last-Modified: Mon, 14 Apr 2014 08:14:46 GMT
Accept-Ranges: bytes
ETag: "01fbb98b957cf1:420"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 21:20:45 GMT
......JFIF.....H.H......Exif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................H.......H
....Adobe Photoshop CS Windows.2014:04:14 16:14:46....................
.........l...........A...........................................&.(..
.......................................H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................A.l.."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?..w=.Ku vX...~U..p.iM.....ec...'r..
...g.:...N.e.].^...v=O?E.7}t..%..i.8.C...D.t.a...%...........?$.-.k...
.F...K{~sTs....4........].d/L3...N..R<...T.2F2......;..nt..Y..4....
W.....C|..;.}z......H.. o.a...K}.z.I........X...CuN..w}N..5..o..`...k.
......7...?GN....-.;[email protected].'.|.8...#,....8&v.a.Ay......
?=....W.W......KA.}.WG..W[.:.u.....^K....4h...........5..->.\d.....
.R..L..w.... G....q.....)......W.,..2..l........52..g}..L..?[..O..Sg.?
......}......G.X....C..f.N...b6}/..#..xA..`....u.>O...,..4...y..v5.
Y]...RK...t..R....].y..M...>.. .c?7.2...n{..Y.CI..O....f.g..l..."h.
.....5/[email protected]..^...u.;...1..........kk.[.j.......3
<<< skipped >>>

GET /miniindex/inc/style.css HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/meinv.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 3717
Content-Type: text/css
Last-Modified: Thu, 10 Apr 2014 16:40:38 GMT
Accept-Ranges: bytes
ETag: "0c7479adb54cf1:420"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 21:20:45 GMT
*{margin:0px;padding:0px;}..html,body {overflow: hidden;}..body {font:
 12px/18px Simsun, Helvetica, Arial, sans-serif; text-align: center; f
ont-size-adjust: none; font-stretch: normal;}..ul ,li{list-style: none
;}..a {color: rgb(51, 51, 51); text-decoration: none;}..a:hover {color
: rgb(189, 10, 1); text-decoration: underline;}..a,img{border:0px;}...
focus_filter {left: 0px; width: 100%; text-align: center; bottom: 0px;
 display: block; position: absolute; z-index: 3; cursor: pointer;}...f
ocus_filter {background: rgb(0, 0, 0); height: 21px; z-index: 1; opaci
ty: 0.6; -moz-opacity: 0.6;}...main {background: rgb(255, 255, 255); p
adding: 14px 0px 0px 14px; width: 509px; height: 352px; text-align: le
ft; float: left; position: relative; -ms-zoom: 1;}...main_left {backgr
ound: rgb(255, 255, 255); width: 222px; overflow: hidden; padding-righ
t: 20px; float: left;}...product_yl .list_news_yl1 {padding: 4px 0px; 
margin-bottom: 3px; border-bottom-color: rgb(139, 140, 140); border-bo
ttom-width: 1px; border-bottom-style: dotted;}...mod_left {margin-top:
 10px;}...list_pic {width: 222px; overflow: hidden; -ms-zoom: 1;}...li
st_pic ul {width: 232px;}...list_pic li {margin-right: 10px; float: le
ft;}...list_pic li a {padding: 2px; border: 1px solid rgb(221, 223, 22
2); width: 100px; float: left;}...list_pic li a img {width: 100px; hei
ght: 65px;}...list_pic li a span {height: 19px; text-align: center; pa
dding-top: 6px; display: block; cursor: pointer;}...list_pic li a:hove
r {text-decoration: none;}...list_pic li a:hover img {text-decorat
<<< skipped >>>


GET /pv.gif?uigs_productid=ufo&ufoid=wan&ptype=jztf2&pcode=index&rdk=1401553630661&img=pv.gif&sourcelist=0011000100006_0011000100007_0011000100008_0011000100009_0011000100010_0011000100011&titlelist=热血沙城_风云无双_仙侠道_大闹天宫OL_万世_Sogou傲剑2 HTTP/1.1
Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: pb.sogou.com
Connection: Keep-Alive

GET /pv.gif?uigs_productid=ufo&ufoid=wan&ptype=jztf2&pcode=index&rdk=1401553630661&img=pv.gif&sourcelist=0011000100006_0011000100007_0011000100008_0011000100009_0011000100010_0011000100011&titlelist=热血沙城_风云无双_仙侠道_大闹天宫OL_万世_Sogou傲剑2 HTTP/1.1
Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: pb.sogou.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Sat, 31 May 2014 21:20:22 GMT
Content-Type: text/xml
Content-Length: 0
Connection: keep-alive
Set-Cookie: SUV=00004997B86B2626538A479685C35875; expires=Tue, 28-May-24 21:20:22 GMT; domain=.sogou.com; path=/
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
....


GET /pv.gif?uigs_productid=ufo&ufoid=daohang&ptype=indexv53&pcode=index&rdk=1401553634380&refer=&page=搜狗网址导航--网址大全,实用网址,尽在123.sogou.com&pageUrl=http://123.sogou.com/?22014&img=pv.gif&vcode=v53 HTTP/1.1


Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: pb.sogou.com
Connection: Keep-Alive
Cookie: GOTO=Af22014; SUV=00004997B86B2626538A479685C35875


HTTP/1.1 200 OK
Server: nginx
Date: Sat, 31 May 2014 21:20:23 GMT
Content-Type: text/xml
Content-Length: 0
Connection: keep-alive



GET /favicon.ico HTTP/1.1
Accept: */*
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Pragma: no-cache
Cache-Control: no-cache
Connection: Close
Host: VVV.fjmjm.com


HTTP/1.1 404 Not Found
Content-Length: 83
Content-Type: text/html
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 21:20:17 GMT
Connection: close
<html><head><title>Error</title></head>&
lt;body>........................</body></html>..



GET /stat.php?id=5645354 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: s9.cnzz.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine
Date: Sat, 31 May 2014 21:20:40 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sat, 31 May 2014 21:20:40 GMT
Expires: Sat, 31 May 2014 22:50:40 GMT
2595..(function(){function l(){this.c="5645354";this.R="z";this.N="";t
his.K="";this.M="";this.o="1401571240";this.P="hzs10.cnzz.com";this.L=
"";this.s="CNZZDATA" this.c;this.r="_CNZZDbridge_" this.c;this.G="_cnz
z_CV" this.c;this.u="0";this.B={};this.a={};this.la()}function g(a,b){
try{var c=[];c.push("siteid=5645354");.c.push("name=" d(a.name));c.pus
h("msg=" d(a.message));c.push("r=" d(h.referrer));c.push("page=" d(f.l
ocation.href));c.push("agent=" d(f.navigator.userAgent));c.push("ex=" 
d(b));c.push("rnd=" Math.floor(2147483648*Math.random()));(new Image).
src="hXXp://jserr.cnzz.com/log.php?" c.join("&")}catch(e){}}var h=docu
ment,f=window,d=encodeURIComponent,k=decodeURIComponent,p=unescape,r=e
scape,m="https:"===f.location.protocol?"https:":"http:",s=m "//c.cnzz.
com/core.php";l.prototype={la:function(){try{this.U(),.this.J(),this.i
a(),this.H(),this.m(),this.ga(),this.fa(),this.ja(),this.j(),this.ea()
,this.ha(),this.ka(),this.ca(),this.aa(),this.da(),this.qa(),f[this.r]
=f[this.r]||{},this.ba("_cnzz_CV")}catch(a){g(a,"i failed")}},oa:funct
ion(){try{var a=this;f._czc={push:function(){return a.C.apply(a,argume
nts)}}}catch(b){g(b,"oP failed")}},aa:function(){try{var a=f._czc;if("
[object Array]"==={}.toString.call(a))for(var b=0;b<a.length;b  ){v
ar c=a[b];switch(c[0]){case "_setAccount":f._cz_account="[object Strin
g]"===.{}.toString.call(c[1])?c[1]:String(c[1]);break;case "_setAutoPa
geview":"boolean"===typeof c[1]&&(f._cz_autoPageview=c[1])}}}catch(e){
g(e,"cS failed")}},qa:function(){try{if("undefined"===typeof f._cz
<<< skipped >>>


GET /web/PopWinParam.asp?d=2014419&mainver=1.0.0&popver=1.0.0&xmlver=20131020010000 HTTP/1.1
User-Agent: hello crazyk
Host: stat.fjmjm.com


HTTP/1.1 200 OK
Date: Sat, 31 May 2014 21:20:22 GMT
Server: Microsoft-IIS/6.0
Who: ShanIE
Content-Length: 4659
Content-Type: text/html
Set-Cookie: ASPSESSIONIDCASRABDR=CLJHDCNAIDNCHBDLNDHDIFCJ; path=/
Cache-control: private
..<?xml version="1.0" encoding="gb2312"?>..<SoftwareConfig>
;..  <Version>20140601052022</Version>..  <Popwin>..
.    <Item id="1">..      <Subject>........</Subject>
;..      <WinWidth>708</WinWidth>..      <WinHeight>
404</WinHeight>..      <StartUpPosition>0</StartUpPosit
ion>..      <URL>hXXp://VVV.mdtxw.org/miniindex/</URL> 
..      <StartUpTime>10</StartUpTime>..      <ShowIntev
al>7200</ShowInteval>..      <AutoClose>600</AutoClo
se>..      <isShow>1</isShow>..    </Item>..    &
lt;Item id="2">..      <Subject>........</Subject>..   
  <WinWidth>300</WinWidth>..      <WinHeight>265<
/WinHeight>..      <StartUpPosition>1</StartUpPosition>
..      <URL>hXXp://stat.fjmjm.com/a/cpv1.html?t=20140601052022&
lt;/URL> ..      <StartUpTime>50</StartUpTime>..      &
lt;ShowInteval>0</ShowInteval>..      <AutoClose>50<
/AutoClose>..      <isShow>1</isShow>..    </Item>
;..    <Item id="3">..      <Subject>....LB</Subject>
;..      <WinWidth>300</WinWidth>..      <WinHeight>
265</WinHeight>..      <StartUpPosition>1</StartUpPosit
ion>..      <URL>hXXp://stat.fjmjm.com/a/cpv1.html?t=20140601
052022</URL>..      <StartUpTime>200</StartUpTime>..
      <ShowInteval>7200</ShowInteval>..      <AutoC
<<< skipped >>>


GET /jsn/v33_sugg_ajaj_v40_3.js HTTP/1.1
Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: d.123.sogou.com
Connection: Keep-Alive
Cookie: ipt=0; SDUV=1401553631490_2278_00001; CKOR=9290_00001_00000; CKOD=5782_00000_00000; GOTO=Af22014


HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Sat, 31 May 2014 21:20:20 GMT
Content-Type: application/x-javascript
Last-Modified: Fri, 02 Aug 2013 03:01:34 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
12ba.............Z{w.........5{<."..;..Y.q...W<..;.\6.A.d.......
...VK.;...............5J.a..~-..Az...*..W.HM....j.....XJ0xt..R_. k.es.
..c.l..Y.Dz.;.......m...HUn..gJ}..k...,...z.:.3...J&n.-,6^.s..5...vS..
.`...Oc..Bw..z...T.Rz..4qm.~.N.T4...8.?`...........N.I......6....}...F
.......9....v....;q....h...A4c....V...F.....k&j..a...91#.n....x...s...
..N..`.h$M......}....?...?...=Yl..8K...................k.ZhA.o...ol.}.
..p....~n9I.. ..$.......L...w.......g....H...|f...4ADSy.(.......=^..v.
...v.'......u...gC..'*..*....#....Z......o..*.#'I#.v.....s.\>..6...
...5[c.|Vb.....l.l..k7N...._..D.....4.$l8.d...J..........m.....%.Z.F..
-...>.3...k....a.D....U... 3U...]...w........c2...(..a...VO.$I.....
....s}...M9N.q.=.....9.0..._...,.|.He....r...........>g^....u.%....
7.....DU..*..J....R'i.h%Q@.<.........%.7..%pVbO....V1'!!^..}...caj.
b\......Qv....(.i.S.."..|...a..1..........X.....l.,9n....x0..6Tg......
..S.8.36&K..hhA....U.T.J....-.'.J..i..)...l.5.v.ih..w..l...fS.y..5...7
o....i...P ..V......x.M..Z4.:[email protected]...<..|.{
X.o`!_..K.P.....a....>./...*/.|......m.X.W.!.....$...r(..4.....0|..
|.* LzF.3->..k..:.X...\.].........Q..{._....'........Q9M.........q.
..........K.....GH..I..c.U....e>.../.'=N...-......W..^Y.p.!..>].
.:.NU..GM..^o.9N.%.(GAD.v.&I...!.s.q2..F..q...."h....%...o.".M......H)
..,...(..,[email protected]|...{..*....`x.....:...A..S......r.?}....!.`.0..&..!..#
.#";.#....e3.0gG.J.=#..a.......Oz.|.q`..D.L... .z.....#..=6t.RTla)...[
Gz'B3..:...b.SZ.}#W9.W...Vi....U>.)W.g....dZ(.. ....S.j>...#
<<< skipped >>>


GET /v53/imgn/foot_slider.jpg HTTP/1.1
Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: d.123.sogoucdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Sat, 31 May 2014 21:20:19 GMT
Content-Type: image/jpeg
Content-Length: 322
Last-Modified: Thu, 14 Nov 2013 11:00:56 GMT
Connection: keep-alive
Accept-Ranges: bytes
......JFIF.....H.H.....C..............................................
.........          ...C................                               
                  ....................................................
....................S.................................................
........?......>....('@......... . [email protected]/1.1 200 OK..Server: 
nginx/1.4.1..Date: Sat, 31 May 2014 21:20:19 GMT..Content-Type: image/
jpeg..Content-Length: 322..Last-Modified: Thu, 14 Nov 2013 11:00:56 GM
T..Connection: keep-alive..Accept-Ranges: bytes........JFIF.....H.H...
..C.......................................................          ..
.C................                                                 ...
.....................................................................S
.........................................................?......>..
..('@......... . ..@........


GET /v53/imgn/guide_tip.png HTTP/1.1


Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: d.123.sogoucdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Sat, 31 May 2014 21:20:23 GMT
Content-Type: image/png
Content-Length: 10442
Last-Modified: Thu, 14 Nov 2013 11:00:56 GMT
Connection: keep-alive
Accept-Ranges: bytes
.PNG........IHDR.......J.......D.....tEXtSoftware.Adobe ImageReadyq.e&
lt;...$iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.0-c061 64.140949, 2010/12/07-10:57:01        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CS5.1 Macintosh" xmpMM:InstanceID="xmp.iid:CEC0416D02FB11E388CB8B
2E3040A42A" xmpMM:DocumentID="xmp.did:CEC0416E02FB11E388CB8B2E3040A42A
"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:CEC0416B02FB11E3
88CB8B2E3040A42A" stRef:documentID="xmp.did:CEC0416C02FB11E388CB8B2E30
40A42A"/> </rdf:Description> </rdf:RDF> </x:xmpmeta&
gt; <?xpacket end="r"?>.Z....%<IDATx..].....&.(..."...ky.....
.f...7..........W@%.`..@A.*(...P..;K......E|..;g.....?[....>.<..
...........i......h-....@_~.. _&.2%...<..........k......w.d./.....U
 8..r./=|..9.{.P .IT.r.J.b].|...3|....../7....]1..=?..M]Y.f.....n...7l
.:w......Vk?.gkk 8.z..........ps...^p........P-....Z..._.6l.....KWWW.j
jj...........Q..P.~.|..Y..O......... .}...GI...3k..#......KS.....n..r.
rm..../.....'JUUU..aIT....V......4...]P.......M.....Y..xju6...2...|.o3
......?...>X\..V[[......}(//........o.CEM...f.N..Z.....O. ..7hU.qC=
p&/........@.|'gA.1.>.$....{@t..P...um..A..8..].v.;..D.b.]..ss.
<<< skipped >>>


GET /img/news_photo/2014/05/29/mE8bXnNioe2802.jpg HTTP/1.1
Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: pic4.xcarimg.com
Connection: Keep-Alive



.q.%!..RR.Y*...(=;#)..K..;!...F...m..v....;..T.c...JE.fr.......{.)....
.{...s....%)kl.m...5..m..U....z.v[y.%..f.S..i.a...:G.jeG....0.,.1.22.'
T..nsj.u.c.&..64.....8].*....L..,.CR.!iB...d.A..A.....e....W./.....m..
-....}*)..v.z28......"[email protected]....;.....D..%..E(J..h%...HY.......
..RR"F......!...<..$! . ().[...s..".......p...JN....B.m...ze.....{.
..S.""^E.h...@7 ..>"..Op7S........%..z............>$.h1....yL.%.
!...z..O.O.x......[..d..^o...."Ci'.S.-#..Z.O.....L}...q..H.....wg..bC.
z..>/p.9.4.l..o.rJQ.. ...T.S;}.....>-..h!&m..AJ.....A.'...I._..j
....0;........B.4.6.......g{..%.!>..Z..Aq.4...).Z....K....d.y.4.^..
; ..L`..._.A...c......$r..PeP(..... .H?h..T(j..l..I......q...Z.....S..
...i?....(;[email protected]([email protected](?..HTTP/1.1 200 OK..Expires: Sun, 3
1 May 2015 16:34:13 GMT..Date: Sat, 31 May 2014 16:34:13 GMT..Server: 
Apache..Last-Modified: Thu, 29 May 2014 03:31:22 GMT..Cache-Control: m
ax-age=31536000..Content-Type: image/jpeg..Content-Length: 3226..Accep
t-Ranges: bytes..Xcar-Cache-Server: imgcache1-HIT..Age: 1..X-Via: 1.1 
zjjhdx36:8080 (Cdn Cache Server V2.0), 1.1 dls21:0 (Cdn Cache Server V
2.0)..Connection: keep-alive..........Exif..II*.................Ducky.
......<.....)hXXp://ns.adobe.com/xap/1.0/.<?xpacket begin="..." 
id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:met
a/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00   
     "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syn
tax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns
<<< skipped >>>


GET /imgu/2014/05/20140528121904_599.jpg HTTP/1.1
Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: p5.123.sogoucdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Sat, 31 May 2014 21:20:24 GMT
Content-Type: image/jpeg
Content-Length: 9642
Last-Modified: Wed, 28 May 2014 04:19:04 GMT
Connection: keep-alive
Expires: Mon, 30 Jun 2014 21:20:24 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
......JFIF.....d.d.....0Exif..MM.*.......1..............VVV.meitu.com.
...C..................................................................
..C...................................................................
....k._...............................................................
}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUV
WXYZcdefghijstuvwxyz..................................................
......................................................................
......w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFG
HIJSTUVWXYZcdefghijstuvwxyz...........................................
.........................................?............................
9G..`....=..g.?.S....(....{.f...A.|H...w..>......_.}......jq.Oo....
.......W.'..2.[..O...];;._.....^ ......=....s.Mu.x?.......1[.....iv.s^
............<....{,/......?..{^...d9.[.....L:.....1.........../...K
..f.hI!....Pm...ss$..o....i....q..ZW.fX........2...;......v}......0..Z
.1.m..K.......}b.A.n.6TvV..Hw....<.;...w.......w.?.......t..?..~...
......mo..=.. ..\...=.a...i.H|I.\.k...<...l6w....wg..>w..Q..U...
....................I.Q....p...?.....?.3...?}.........<c...7^.K..g.
.s.....:......{.^.k.'*.a.\%.~...........m...FC....~...g][email protected].. 
.$..........^ .......\a.v.......</...F .b1...<...#{ /..Wo.......
:.q.....>...)......{./.....l.....=......T........>./...O.?f..7..
.G....T......>w..?..x.....E.o...W.....O .._.........`..j....>..e
.{*_............'...A....~......}..'.7.?...../?...{s.S..s]>....
<<< skipped >>>


GET /web/PopWinParam.asp?d=2014419&mainver=1.0.0&popver=1.0.0&xmlver=20131020010000 HTTP/1.1
User-Agent: Crazyk
Host: stat.fjmjm.com
Cookie: ASPSESSIONIDCASRABDR=CLJHDCNAIDNCHBDLNDHDIFCJ


HTTP/1.1 200 OK
Date: Sat, 31 May 2014 21:20:22 GMT
Server: Microsoft-IIS/6.0
Who: ShanIE
Content-Length: 4659
Content-Type: text/html
Cache-control: private
..<?xml version="1.0" encoding="gb2312"?>..<SoftwareConfig>
;..  <Version>20140601052022</Version>..  <Popwin>..
.    <Item id="1">..      <Subject>........</Subject>
;..      <WinWidth>708</WinWidth>..      <WinHeight>
404</WinHeight>..      <StartUpPosition>0</StartUpPosit
ion>..      <URL>hXXp://VVV.mdtxw.org/miniindex/</URL> 
..      <StartUpTime>10</StartUpTime>..      <ShowIntev
al>7200</ShowInteval>..      <AutoClose>600</AutoClo
se>..      <isShow>1</isShow>..    </Item>..    &
lt;Item id="2">..      <Subject>........</Subject>..   
  <WinWidth>300</WinWidth>..      <WinHeight>265<
/WinHeight>..      <StartUpPosition>1</StartUpPosition>
..      <URL>hXXp://stat.fjmjm.com/a/cpv1.html?t=20140601052022&
lt;/URL> ..      <StartUpTime>50</StartUpTime>..      &
lt;ShowInteval>0</ShowInteval>..      <AutoClose>50<
/AutoClose>..      <isShow>1</isShow>..    </Item>
;..    <Item id="3">..      <Subject>....LB</Subject>
;..      <WinWidth>300</WinWidth>..      <WinHeight>
265</WinHeight>..      <StartUpPosition>1</StartUpPosit
ion>..      <URL>hXXp://stat.fjmjm.com/a/cpv1.html?t=20140601
052022</URL>..      <StartUpTime>200</StartUpTime>..
      <ShowInteval>7200</ShowInteval>..      <AutoC
<<< skipped >>>


GET /web/welcome_cn.htm?ver=2.4.1.9&guid=ad4d7c051d43bc0597ddecc622c039c164f2c5c0f88e4007bf51a1829685440b1401553625&lastver= HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: VVV.fjmjm.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 1469
Content-Type: text/html
Last-Modified: Thu, 17 Apr 2014 15:55:27 GMT
Accept-Ranges: bytes
ETag: "80414a73555acf1:420"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 21:20:14 GMT
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">.
.<html>..<head>..<meta http-equiv="Content-Type" conten
t="text/html; charset=gb2312">..<title>................</t
itle>..<link href="newioage.css" rel="stylesheet" type="text/css
">..</head>..<body>..<p> </p>..<tab
le width="712" height="49" border="0" align="center" cellpadding="0" c
ellspacing="0">..  <tr>..    <td background="images/guide_
top.jpg"><table width="550" align="center">..        <tr&g
t;..          <td class="t14"><font color="#C8E2FF"><st
rong>................</strong></font></td>..     
   </tr>..      </table></td>..  </tr>..</t
able>..<table width="712" height="350" align="center" background
="images/texture.gif" bgcolor="#FFFFFF">..  <tr>..    <td 
valign="top">..<table width="500" align="center">..        &l
t;tr>..          <td><p class="t14"> </p>.. 
           <p class="t14"><font color="#D38C45" size="4">&
lt;strong>..............................</strong></font>
;</p>..            <p class="t14">........................
..................................................................<
/p>..            <p class="t14"> </p>..           
 </td>..        </tr>..      </table>..      <tab
le width="500" align="center">..        <tr> ..          
<<< skipped >>>

GET /web/newioage.css HTTP/1.1


Accept: */*
Referer: hXXp://VVV.fjmjm.com/web/welcome_cn.htm?ver=2.4.1.9&guid=ad4d7c051d43bc0597ddecc622c039c164f2c5c0f88e4007bf51a1829685440b1401553625&lastver=
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: VVV.fjmjm.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 715
Content-Type: text/css
Last-Modified: Thu, 17 Apr 2014 15:40:05 GMT
Accept-Ranges: bytes
ETag: "8038bc4d535acf1:420"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 21:20:15 GMT
body {background-color: #dddddd;margin-left: 0px;margin-top: 0px;margi
n-right: 0px;margin-bottom: 0px;}.td {font-size: 14px;line-height: 150
%;color: #666666;}..t12 {font-size: 12px;line-height: 150%;color: #666
666;}..A:link {font-size:12px;text-decoration:none;color: #1F72D0}.A:v
isited {font-size:12px;text-decoration:none;color: #1F72D0}.A:active {
font-size:12px;text-decoration: none;color: #033B7D}.A:hover {font-siz
e:12px;text-decoration:none;color: #FF5A00}..A.white:link {font-size:1
2px;text-decoration:none;color: #cfebff}.A.white:visited {font-size:12
px;text-decoration:none;color: #cfebff}.A.white:active {font-size:12px
;text-decoration: none;color: #ffffff}.A.white:hover {font-size:12px;c
olor: #feffcf}.....


GET /web/images/start_button.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.fjmjm.com/web/welcome_cn.htm?ver=2.4.1.9&guid=ad4d7c051d43bc0597ddecc622c039c164f2c5c0f88e4007bf51a1829685440b1401553625&lastver=
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: VVV.fjmjm.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 2304
Content-Type: image/jpeg
Last-Modified: Thu, 17 Apr 2014 15:36:33 GMT
Accept-Ranges: bytes
ETag: "80965fcf525acf1:420"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 21:20:15 GMT
......JFIF.....d.d......Ducky.......P......Adobe.d....................
......................................................................
.......................................................#.m............
......................................................................
............!.#S...Te..a."1A2.Dd..Q...Bb$.%5.6.......................!
.1AQa....."B..2b#............?...4.N.U...DWU...T.....g9....&(...Y{p...
c.......7K.}...<....X.....m........;l.n.<...0y.`.t...........>
;....v...,y..`.....c.......N.Hv.nW2......B.&....S.. [email protected]....
......HQ.X.....m..1....\?(......Q.....<J..(.P:.4.%...".E.....Z:`t..
..\?..od.V..g.O....{[. .=......!{(..Wtz...~NY.......S...~*.E...OM.n6..
=..J|c.t..........sV....kF.uQJ...q...Z.C:#d.6...6.&.......S(mZX.Va.b&.
..Zk.][email protected].&&2vfE..x......Q.....M.g.#... ...Q.5-.J.Z2.....
.Tai..Qj.9....*4...JY4.U..S(....Z*.:.......|oj.R..$.Xg....*v..u\...E..
z..4.......C.s.."."...b,....W..L.qu\AG......(G......DQ..B..,K...F*(.$.
...d.AP......D.w.s{.{.K.........O.m....M.....?...^..k42..h..... ]*1.s0
.4...Q..,.n.,.nf..P.X.P.Q...p.!..4..L..n....%%^..mT..m....M....7.....T
.JnAw..c..#....3Lu.K9....T..= 1J %.p..ZY2.2%....F.5..Aj.KE..*....[..4}
?rsJ\.#.Q.......&.*....a..H..........".'.R.......J........?..Ylcf....}
...l....."....|..ah..s...w:.].<.z.....t.x...(I......Vc/...8j....k .
*...j..S.. `.....9._L..z.z..0..ih.z.....T.:[email protected] ... .c..Em..
.Y....`..........D.k=.....M....-.3....I.....Y..3......dTN.........n...
5.!.=B\.....I..V.U'....}#N-.*..O... .E.4d....I.n..n..T.....o..5..}
<<< skipped >>>

GET /web/images/guide_top.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.fjmjm.com/web/welcome_cn.htm?ver=2.4.1.9&guid=ad4d7c051d43bc0597ddecc622c039c164f2c5c0f88e4007bf51a1829685440b1401553625&lastver=
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: VVV.fjmjm.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 5936
Content-Type: image/jpeg
Last-Modified: Thu, 17 Apr 2014 15:48:06 GMT
Accept-Ranges: bytes
ETag: "0ff6e6c545acf1:420"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 21:20:15 GMT
......JFIF.....d.d......Ducky.......P......Adobe.d....................
......................................................................
.......................................................1..............
......................................................................
.......!1A.Qa.q.......2..."Rb3.B#C.rS....cD.........................!1
AQ..aq......."2.b..............?..k._..W..Sn.G..........s..."..Q3&....
...~.W...u.c...}...~.m...u.{.c.....!$}{..E=A......v.^C....].y....J\.d{
.>o............u..lg....O..?[...I..6o........~..I....m....G#.....{%
c.._......`i..~..:t.....}'.....\...M~.f....g.....z...:..)...{...v...m.
.<.$x..>7.....q5..v.;......Mv.\y...L[......m5..o...#.W.x.\qK'...
...].n.o.v>X`....w.V...._;G&.~...~.......G.Q.zQ.....,.JA.<\IY...
.og..<.5.h.[.W5.LN......s'....$..XP. &....S...........q........`.A.
..aC...H5...6A.%.......'...VL...&8...6Li..R.G.Z.O...T..(....w.l..a....
.-...P...2.O.....e...C.\{..l.xc....L.~..m.3...Y.....X.7L{.........l...
...#.Y ....p.#Sv..O.G0..n.../f...&....o.....k...!{u....N7.........."..
|B..kn.t.......~M..o...v...6,q..\..G.../ge.hk.b....>..7.G.......z.R
....n....|......\..\@.....SVg.sW.5fu....j..M.....Y];...9...v8. .......
.Y.;.......>l.#>*......b.;.v8... ] ..R.....X..HJ. .!......<.[
%.....(.!=...^N.......%...K./".-../$.jZX.};........t.NG5.......2rB.R(^
P.....n..|a....4..".$...x..v\ ..<..s.?Pz..........6..I..h.y..kI.sF.
..A ...........vL.....N.mn .......p..C0..5..&..5..@:..:.....&..a..-b.,
...L.}..6.'....I.........]V..v.........N..........^../.......CwF;}
<<< skipped >>>


GET / HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: VVV.jlbnh.com
Connection: Keep-Alive


HTTP/1.1 302 Redirect
Content-Length: 150
Content-Type: text/html
Location: hXXp://123.sogou.com/?22014
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 21:20:14 GMT
<head><title>Document Moved</title></head>.<
;body><h1>Object Moved</h1>This document may be found &
lt;a HREF="hXXp://123.sogou.com/?22014">here</a></body>
..



GET /imgn/v32/selogo_111207.png HTTP/1.1
Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: p8.123.sogoucdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Sat, 31 May 2014 21:20:18 GMT
Content-Type: image/png
Content-Length: 12155
Last-Modified: Wed, 20 Jun 2012 04:23:24 GMT
Connection: keep-alive
Expires: Mon, 30 Jun 2014 21:20:18 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
.PNG........IHDR...a...?.....V.......pHYs................OiCCPPhotosho
p ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE.........
..Q,......!.........{.k........>...........H3Q5...B..........@..$p.
...d!s.#...~<< ".....x.....M..0.....B.\[email protected]..@F....
&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH..
...........0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I.
 [email protected]..._-...."[email protected]~..,/...;.
.m..%..h^[email protected].~<<E.........J.B[a.W}.g._.W.l.~<..
....$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..&
gt;.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..?..
..D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/[email protected]..=p..
a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2...
.G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,..c.
."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.X
H,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,  .......3...!.[.
[email protected].(R.jJ....4..e.2AU..R...T.5.ZB...R.Q...4u.9...IK......h.h.i..t.
....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....J.&
..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.._.
.. .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....).).
.4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....Dw.
n.....^..Lo..y....}/.T.m...G.X...$.....<.5qo<./...QC][email protected]....
..<..F.F..i.\.$.m.m..&.&!&KM.M..RM..).;L;L........5.=1.2.......
<<< skipped >>>

GET /imgn/tips/skin_tips_n1.gif HTTP/1.1


Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: p8.123.sogoucdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Sat, 31 May 2014 21:20:21 GMT
Content-Type: image/gif
Content-Length: 1779
Last-Modified: Wed, 20 Jun 2012 04:23:22 GMT
Connection: keep-alive
Expires: Mon, 30 Jun 2014 21:20:21 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
GIF89af.!../......Z..R.....K...........P.....Y.....}..................
.......................^...........S...........l.....W..L........m....
.......f.........................................................!..XM
P DataXMP<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> &
lt;x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060
 61.134777, 2010/02/12-17:32:00        "> <rdf:RDF xmlns:rdf="ht
tp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf
:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="h
ttp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.ad
obe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:018011740720681191
09DDF35EE18454" xmpMM:DocumentID="xmp.did:B01789E6890511E18530B51A3723
DDED" xmpMM:InstanceID="xmp.iid:B01789E5890511E18530B51A3723DDED" xmp:
CreatorTool="Adobe Photoshop CS5 Macintosh"> <xmpMM:DerivedFrom 
stRef:instanceID="xmp.iid:02801174072068119109DDF35EE18454" stRef:docu
mentID="xmp.did:01801174072068119109DDF35EE18454"/> </rdf:Descri
ption> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>
;.....................................................................
.............................................................~}|{zyxwv
utsrqponmlkjihgfedcba`_^]\[ZYXWVUTSRQPONMLKJIHGFEDCBA@?>=<;:9876
543210/.-, *)('&%$#"! .................................!...../.,....f.
!......pH,...$q.l:...4i.....vK<<...xL.1>..y.... ........k/2..
.(..........{.........B.$)..........{!......./....................
<<< skipped >>>


GET /dh/dhrc/rec.do?block=gamev2&jsonp=__yx2q&t=1&_stamp=1401553630130 HTTP/1.1
Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: wan.sogou.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Sat, 31 May 2014 21:20:19 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 374
Connection: keep-alive
Set-Cookie: SSUID=26266BB820EA50B9BD05F8E39CD80561; expires=Fri, 26-May-34 21:20:19 GMT; path=/
Set-Cookie: IPLOC=CA; path=/
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
__yx2q([{"gid":"123","title":"............","source":"0011000100006"},
{"gid":"212","title":"............","source":"0011000100007"},{"gid":"
181","title":".........","source":"0011000100008"},{"gid":"86","title"
:"............OL","source":"0011000100009"},{"gid":"178","title":"....
..","source":"0011000100010"},{"gid":"215","title":"Sogou......2","sou
rce":"0011000100011"}]).HTTP/1.1 200 OK..Server: nginx..Date: Sat, 31 
May 2014 21:20:19 GMT..Content-Type: text/plain; charset=utf-8..Conten
t-Length: 374..Connection: keep-alive..Set-Cookie: SSUID=26266BB820EA5
0B9BD05F8E39CD80561; expires=Fri, 26-May-34 21:20:19 GMT; path=/..Set-
Cookie: IPLOC=CA; path=/..P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UN
I PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"..__yx2q([{"gid":"123","
title":"............","source":"0011000100006"},{"gid":"212","title":"
............","source":"0011000100007"},{"gid":"181","title":"........
.","source":"0011000100008"},{"gid":"86","title":"............OL","sou
rce":"0011000100009"},{"gid":"178","title":"......","source":"00110001
00010"},{"gid":"215","title":"Sogou......2","source":"0011000100011"}]
)...



GET /core.php?web_id=5645354&t=z HTTP/1.1
Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/xinwen.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: c.cnzz.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine
Date: Sat, 31 May 2014 21:20:41 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sat, 31 May 2014 21:20:41 GMT
Expires: Sat, 31 May 2014 21:35:41 GMT
31e..!function(){var a,b,c,d=encodeURIComponent,e="5645354",f="",g="",
h="online_v3.php",i="z12.cnzz.com",j="1",k="text",l="z",m="站
8271;统计",n=window["_CNZZDbridge_" e].bobject,o="https:"=
=document.location.protocol?"https:":"http:",p="0",q=o "//online.cnzz.
com/online/" h,r=[];r.push("id=" e),r.push("h=" i),r.push("on=" d(g)),
r.push("s=" d(f)),q ="?" r.join("&"),"0"===p&&n.callRequest([o "//cnzz
.mmstat.com/9.gif?abc=1"]),j&&(""!==g?n.createScriptIcon(q,"utf-8"):(b
="z"==l?"hXXp://VVV.cnzz.com/stat/website.php?web_id=" e:"hXXp://quanj
ing.cnzz.com","pic"===k?(c=o "//icon.cnzz.com/img/" f ".gif",a="<a 
href='" b "' target=_blank title='" m "'><img border=0 hspace=0 
vspace=0 src='" c "'></a>"):a="<a href='" b "' target=_bla
nk title='" m "'>" m "</a>",n.createIcon([a])))}();...0..



GET /v53/imgn/guide_tip.png HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: d.123.sogoucdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Sat, 31 May 2014 21:20:24 GMT
Content-Type: image/png
Content-Length: 10442
Last-Modified: Thu, 14 Nov 2013 11:00:56 GMT
Connection: keep-alive
Accept-Ranges: bytes
.PNG........IHDR.......J.......D.....tEXtSoftware.Adobe ImageReadyq.e&
lt;...$iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.0-c061 64.140949, 2010/12/07-10:57:01        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CS5.1 Macintosh" xmpMM:InstanceID="xmp.iid:CEC0416D02FB11E388CB8B
2E3040A42A" xmpMM:DocumentID="xmp.did:CEC0416E02FB11E388CB8B2E3040A42A
"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:CEC0416B02FB11E3
88CB8B2E3040A42A" stRef:documentID="xmp.did:CEC0416C02FB11E388CB8B2E30
40A42A"/> </rdf:Description> </rdf:RDF> </x:xmpmeta&
gt; <?xpacket end="r"?>.Z....%<IDATx..].....&.(..."...ky.....
.f...7..........W@%.`..@A.*(...P..;K......E|..;g.....?[....>.<..
...........i......h-....@_~.. _&.2%...<..........k......w.d./.....U
 8..r./=|..9.{.P .IT.r.J.b].|...3|....../7....]1..=?..M]Y.f.....n...7l
.:w......Vk?.gkk 8.z..........ps...^p........P-....Z..._.6l.....KWWW.j
jj...........Q..P.~.|..Y..O......... .}...GI...3k..#......KS.....n..r.
rm..../.....'JUUU..aIT....V......4...]P.......M.....Y..xju6...2...|.o3
......?...>X\..V[[......}(//........o.CEM...f.N..Z.....O. ..7hU.qC=
p&/........@.|'gA.1.>.$....{@t..P...um..A..8..].v.;..D.b.]..ss.
<<< skipped >>>


GET /imgn/123ie/setting_icon.gif HTTP/1.1
Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: p6.123.sogoucdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Sat, 31 May 2014 21:20:19 GMT
Content-Type: image/gif
Content-Length: 76
Last-Modified: Wed, 25 Jul 2012 09:14:49 GMT
Connection: keep-alive
Expires: Mon, 30 Jun 2014 21:20:19 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
GIF89a.............#.....!.......,.............".8....=h%v..n!.....y.h
.....;HTTP/1.1 200 OK..Server: nginx/1.4.1..Date: Sat, 31 May 2014 21:
20:19 GMT..Content-Type: image/gif..Content-Length: 76..Last-Modified:
 Wed, 25 Jul 2012 09:14:49 GMT..Connection: keep-alive..Expires: Mon, 
30 Jun 2014 21:20:19 GMT..Cache-Control: max-age=2592000..Accept-Range
s: bytes..GIF89a.............#.....!.......,.............".8....=h%v..
n!.....y.h.....;..



GET /miniindex/images/aaa3.jpg HTTP/1.1
Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/meinv.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 67971
Content-Type: image/jpeg
Last-Modified: Mon, 14 Apr 2014 09:29:12 GMT
Accept-Ranges: bytes
ETag: "0a4acfec357cf1:420"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 21:20:47 GMT
......JFIF.....`.`.....fExif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................`.......`
....Adobe Photoshop CS Windows.2014:04:14 17:01:17....................
.................................................................&.(..
...............................0.......H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................x...."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?..EU....G.S.........H)..3.....?{..$
..k..7}.?..t ...N&`|..~......d.&.............. y...q.........?...K..l.
....R......?...v..I.g.Dy6...w.n......m..R...?.j.....lI i...G.o.>...
}......E.nuB.5$3.......}...e.c.E8-6.[.v...k_f......k)o......]......6..
.1..s......_.. .....].....7..g....z...w.k...j.~..........]..[.P#k.}nic
.?....\....Z...9.]=.O.f......Pyy..L......u....v.z...G..........u.....n
....n......"[email protected]\OG*...s..*...e..kl;^.....W...W...Y..o.....7....s}.
Xw4.i......c..5...g....N'VcH...A.g....%..Dw.....fQw...9pV...w8.6....{.
....]...q=7)...e........z.#.^.e.;..~;...JYW...U...Z.:*W......U?s_.....
.....B...H*L.A... .N.(...3..Q.._.U..A..:....?.........~.._.>z.Y
<<< skipped >>>

GET /miniindex/images/aaa1.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/meinv.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 45855
Content-Type: image/jpeg
Last-Modified: Mon, 14 Apr 2014 09:29:12 GMT
Accept-Ranges: bytes
ETag: "0a4acfec357cf1:420"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 21:20:48 GMT
......JFIF.....`.`......Exif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................`.......`
....Adobe Photoshop CS Windows.2014:04:14 16:43:10....................
.....................^...........................................&.(..
...............................w.......H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................A...."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?..~..e........l%.....Y{.m.9..V.[..^
...3..4N..X.........m.. .U.?....u.Q.y....!.9....NN.S\....*......Z?...d
`uW.9.....1{..Xo..G....V.~{.W....S. .09*P.~..}_V.......qlr......K.zKP.
}g.y....nE..5.8TN!{....K\.O.w...UuZ....[U....t.....6<u.....[..[_S..
..I...g........^.h.^?..*Et.["..\CZ.K.x...s.........y..QwM.>..w.....
.Z..EWdc.Z.,.........k}e...Z..3G7....I....y]?Xp......N8~]..m.4}..#!...
.W................w.K\..B4#.....{(cf.g...k.}o.....<....o...>.#1.
^.D....y__...u..7]g...[..>.]......Y.w..WW.Z..-q.B4\?B.......2.FV].s
l..z..W4[.{.s....A....I.\.j...UR].1..8.;..nw... .bH.<Z]o..tN.......
UU.7.c.eU....Z......tN...]E.....H....-...u.......*.72..MM..Y.r..v.
<<< skipped >>>

GET /miniindex/images/aaa7.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/meinv.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 24446
Content-Type: image/jpeg
Last-Modified: Mon, 14 Apr 2014 09:29:12 GMT
Accept-Ranges: bytes
ETag: "0a4acfec357cf1:420"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 21:20:49 GMT
......JFIF.....`.`......Exif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................`.......`
....Adobe Photoshop CS Windows.2014:04:14 17:21:08....................
.........}...........~...........................................&.(..
.......................................H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................~.}.."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?.......\.......'..r~....N.....F...:
.......e..P4.....z6.tuf...c,n.j.N....Q.=..;<.'...X.....:.'A....:W@.
.0]s..V....G.......P.O.`|...2.ve..Ya;...a#-5)[email protected].. .......O.h.n
....i;M..s... c].....gfSsG.]#.5..|.K.a.X..!.c.:.O.....&.....~v....}i..
..r.}.u.>f..7m../.......\.r..II$..RS9 .*.'.M.g.J..S...J.Gu.32.I)...
.u<..k-;[.]...]o...9C9.Yok1\.q&...Z.....&...d ...r~..A.V.....K...%y
g....}1.... .}......~.......V...\KY..<.T9"j...ZOceX..h...@#.<..O
..j.syQ.F&.$.......&.K] ....W=.>.tN./..b.#[i..|l.......h....:L...W.
f}Y..X..2$:?;.aK....9. w..........O........]..1^....u.{3.l..z.....{...
v..kY;~.......4Y.cZ..:...X...........x"..i>.,p..6.`.O.c........
<<< skipped >>>

GET /miniindex/images/aaa9.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/meinv.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 23028
Content-Type: image/jpeg
Last-Modified: Mon, 14 Apr 2014 09:29:12 GMT
Accept-Ranges: bytes
ETag: "0a4acfec357cf1:420"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 21:20:49 GMT
......JFIF.....`.`.....DExif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................`.......`
....Adobe Photoshop CS Windows.2014:04:14 17:26:02....................
.........}...........~...........................................&.(..
.......................................H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................~.}.."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?...m/.'....s.........5n....?.T<x
...S [email protected].]..~.UC [email protected].\.)k..$..?....uln...
.}........N...v..(.. .%Oc.Ki............1.KA\.B.wQ..9.m.m .!....#s.|..
...G..3..o.........8}..c}m. v?P......A.H......PDvY.S.......t...M$v.LA.
.O3..0...c..6K.......u.P....v...>......[....X...lct..5....U.4..!..z
....z.....o.p..u<....u`4i. y=q...c.TX.....qY...}.,p,..p..J~(HkWi...
u....y..N....)p....^..._Q.fM\Z. vt/%.....H8...l.......Wv>G.lt2..N..
....'e..5kO....O..6..2[..d\....o...k..G...... ..A~...^..X.)s.Hm.p-=.n.
............{L.q..........t..r5...........b......i.y*A..(.%..xR.ap....
[email protected](L..p;........a..........gHu}...>>.....ZX.$...
<<< skipped >>>


GET /imgu/2014/05/20140508103513_537.gif HTTP/1.1
Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: p4.123.sogoucdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Sat, 31 May 2014 21:20:18 GMT
Content-Type: image/gif
Content-Length: 21959
Last-Modified: Thu, 08 May 2014 02:35:13 GMT
Connection: keep-alive
Expires: Mon, 30 Jun 2014 21:20:18 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
GIF89ai......SSS.ww........\.......c;/.W...i......C.hhh.R.............
.........................vE.....................-.......Z...bbb~~~.=..
...]8....t...."*........dd.......A....S............%..............D..=
....DDD.K.....kH.....h...................BB...)1.TZ........$$.SSJJJ.::
...qqqdj..........\c..........4<......4vvv.,,.22.ZZ.......j .......
............nn......ty.>>>....z\lll..........]#....KK........
.....qR.L$....f ............:B...x......................R,......yyyCJ.
...........{.....b%-............mh...n7.....r...JQ.....a'.K..~O.6.....
...}`.....c......lq....}............G.....R$.....p.E...b.....m~...V..^
 .G...z..s.......vW.}Z.G.....P......~.Z0.............9..............D.
@[email protected]'/..>>.K..F.. ....\s..............
XL.....w....,&..f.....h......!..XMP DataXMP<?xpacket begin="..." id
="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/
" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27     
   "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-synta
x-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.ado
be.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/Res
ourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocu
mentID="xmp.did:491CD10DA3D5E311A958EE854ABCD7D0" xmpMM:DocumentID="xm
p.did:4C40E5B5D5E411E3B4278899C73C6A8E" xmpMM:InstanceID="xmp.iid:4C40
E5B4D5E411E3B4278899C73C6A8E" xmp:CreatorTool="Adobe Photoshop CS6 (Wi
ndows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:9908CF
<<< skipped >>>


GET /media/id=nHRLPjm3nWRY&gp=401&time=nHnLPjmzrHckPs.jpg HTTP/1.1
Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/shehui_509_366.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: drmcmm.baidu.com
Connection: Keep-Alive


HTTP/1.1 404 Not Found
Content-Type: text/html
Date: Sat, 31 May 2014 21:20:38 GMT
Server: apache
Content-Length: 345
<?xml version="1.0" encoding="iso-8859-1"?>.<!DOCTYPE html PU
BLIC "-//W3C//DTD XHTML 1.0 Transitional//EN".         "hXXp://VVV.w3.
org/TR/xhtml1/DTD/xhtml1-transitional.dtd">.<html xmlns="hXXp://
VVV.w3.org/1999/xhtml" xml:lang="en" lang="en">. <head>.  <
;title>404 - Not Found</title>. </head>. <body>. 
 <h1>404 - Not Found</h1>. </body>.</html>.ont>....


GET /media/id=nHRLPjm3nWRY&gp=401&time=nHnLPjmzrHckPs.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/shehui_509_366.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: drmcmm.baidu.com
Connection: Keep-Alive


HTTP/1.1 404 Not Found
Content-Type: text/html
Date: Sat, 31 May 2014 21:20:38 GMT
Server: apache
Content-Length: 345
<?xml version="1.0" encoding="iso-8859-1"?>.<!DOCTYPE html PU
BLIC "-//W3C//DTD XHTML 1.0 Transitional//EN".         "hXXp://VVV.w3.
org/TR/xhtml1/DTD/xhtml1-transitional.dtd">.<html xmlns="hXXp://
VVV.w3.org/1999/xhtml" xml:lang="en" lang="en">. <head>.  <
;title>404 - Not Found</title>. </head>. <body>. 
 <h1>404 - Not Found</h1>. </body>.</html>...



GET /miniindex/ HTTP/1.1
User-Agent: hello crazyk
Host: VVV.mdtxw.org


HTTP/1.1 200 OK
Content-Length: 10093
Content-Type: text/html
Content-Location: hXXp://VVV.mdtxw.org/miniindex/index.html
Last-Modified: Thu, 22 May 2014 11:22:12 GMT
Accept-Ranges: bytes
ETag: "684ac813b075cf1:420"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 21:20:34 GMT
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "htt
p://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xm
lns="hXXp://VVV.w3.org/1999/xhtml">...<head>....<meta http
-equiv="Content-Type" content="text/html; charset=gb2312">....<m
eta http-equiv="Cache-Control" content="no-cache">....<meta name
="robots" content="noindex, nofollow,nosnippet,noarchive,noodp">...
.<title>..........</title>....<link href="inc/stylemini
.css" rel="stylesheet" type="text/css">....<script src="inc/jque
ry-1.7.2.min.js" type="text/javascript"></script>....<base
 target="_blank">..<script type="text/javascript"> ..<!-- 
..//..........//document.oncontextmenu=function(e){return false;}..//.
...........var cusi=0;..var tiaozuan=1;..var timer;..//..............v
ar bq_array = new Array();..//........,....id,........url,............
(1....,..............class) ......url ......bq_array.push(["....","0",
"","0","","0"]);..bq_array.push(["....","105","hXXp://VVV.jgtj.com.cn/
ll","0","xinwen.htm","0"]);..bq_array.push(["....","101","hXXp://VVV.j
gtj.com.cn/ll","0","nvxing_509_366.htm","0"]);..bq_array.push(["....",
"102","hXXp://VVV.jgtj.com.cn/ll","0","lieqi_509_366.htm","0"]);..bq_a
rray.push(["....","100","hXXp://VVV.jgtj.com.cn/ll","0","shehui_509_36
6.htm","0"]);..bq_array.push(["....","120","hXXp://VVV.jgtj.com.cn/ll"
,"0","jiankang_509_366.htm","0"]);..bq_array.push(["....","130","http:
//VVV.jgtj.com.cn/ll","0","meinv.htm","0"]);..bq_array.push(["....
<<< skipped >>>


GET /imgn/v32/fbg_about.png HTTP/1.1
Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: p4.123.sogoucdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Sat, 31 May 2014 21:20:19 GMT
Content-Type: image/png
Content-Length: 3580
Last-Modified: Wed, 20 Jun 2012 04:23:24 GMT
Connection: keep-alive
Expires: Mon, 30 Jun 2014 21:20:19 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
.PNG........IHDR.............&u2.....pHYs................OiCCPPhotosho
p ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE.........
..Q,......!.........{.k........>...........H3Q5...B..........@..$p.
...d!s.#...~<< ".....x.....M..0.....B.\[email protected]..@F....
&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH..
...........0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I.
 [email protected]..._-...."[email protected]~..,/...;.
.m..%..h^[email protected].~<<E.........J.B[a.W}.g._.W.l.~<..
....$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..&
gt;.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..?..
..D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/[email protected]..=p..
a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2...
.G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,..c.
."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.X
H,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,  .......3...!.[.
[email protected].(R.jJ....4..e.2AU..R...T.5.ZB...R.Q...4u.9...IK......h.h.i..t.
....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....J.&
..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.._.
.. .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....).).
.4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....Dw.
n.....^..Lo..y....}/.T.m...G.X...$.....<.5qo<./...QC][email protected]....
..<..F.F..i.\.$.m.m..&.&!&KM.M..RM..).;L;L........5.=1.2.......
<<< skipped >>>


GET /9.gif?abc=1&rnd=1457006025 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cnzz.mmstat.com
Connection: Keep-Alive


HTTP/1.1 302 Found
Server: Tengine
Date: Sat, 31 May 2014 21:20:41 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
P3P: CP="NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV"
Set-Cookie: cna=qTURDBgFISYCAbhrJiaIb/9f; expires=Tue, 28-May-24 21:20:41 GMT; path=/; domain=.mmstat.com
Set-Cookie: sca=0672c932; path=/; domain=.cnzz.mmstat.com
Set-Cookie: atpsida=4fb1915db048e5404a73dcad_1401571241; expires=Tue, 28-May-24 21:20:41 GMT; path=/; domain=.cnzz.mmstat.com
Location: hXXp://pcookie.cnzz.com/app.gif?&cna=qTURDBgFISYCAbhrJiaIb/9f
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Pragma: no-cache
GIF89a.............!.......,...........L..;....


GET /9.gif?abc=1&rnd=955913968 HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/xinwen.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cnzz.mmstat.com
Connection: Keep-Alive


HTTP/1.1 302 Found
Server: Tengine
Date: Sat, 31 May 2014 21:20:42 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
P3P: CP="NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV"
Set-Cookie: cna=qjURDJbGu14CAbhrJiZSgwUL; expires=Tue, 28-May-24 21:20:42 GMT; path=/; domain=.mmstat.com
Set-Cookie: sca=683ec1d0; path=/; domain=.cnzz.mmstat.com
Set-Cookie: atpsida=40cecb75eff10bc9d928d070_1401571242; expires=Tue, 28-May-24 21:20:42 GMT; path=/; domain=.cnzz.mmstat.com
Location: hXXp://pcookie.cnzz.com/app.gif?&cna=qjURDJbGu14CAbhrJiZSgwUL
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Pragma: no-cache
GIF89a.............!.......,...........L..;....


GET /9.gif?abc=1&rnd=664781698 HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/xinwen.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cnzz.mmstat.com
Connection: Keep-Alive
Cookie: cna=qjURDAV7x0wCAbhrJiZWvYLP; sca=f83bd75d; atpsida=4fa714804b0636c127c02504_1401571242


HTTP/1.1 302 Found
Server: Tengine
Date: Sat, 31 May 2014 21:20:45 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
P3P: CP="NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV"
Set-Cookie: atpsida=4fa714804b0636c127c02504_1401571245; expires=Tue, 28-May-24 21:20:45 GMT; path=/; domain=.cnzz.mmstat.com
Location: hXXp://pcookie.cnzz.com/app.gif?&cna=qjURDAV7x0wCAbhrJiZWvYLP
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Pragma: no-cache
GIF89a.............!.......,...........L..;..



GET /stat.htm?id=5645354&r=http://VVV.mdtxw.org/miniindex/&lg=en-us&ntime=1401571240&repeatip=0&rtime=0&cnzz_eid=2021759436-1401571240-&showp=1024x768&st=-17587&sin=none&t=undefinedundefinedundefined&rnd=26498894 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/xinwen.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: hzs10.cnzz.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine/1.4.1
Date: Sat, 31 May 2014 21:20:41 GMT
Content-Type: image/gif
Content-Length: 43
Last-Modified: Tue, 28 May 2013 02:57:17 GMT
Connection: close
Accept-Ranges: bytes
GIF89a.............!.......,...........D..;..



GET /stat.htm?id=5645354&r=http://VVV.mdtxw.org/miniindex/&lg=en-us&ntime=1401571241&repeatip=0&rtime=0&cnzz_eid=2021759436-1401571240-&showp=1024x768&st=-17584&sin=none&t=undefinedundefinedundefined&rnd=807827226 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/xinwen.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: hzs10.cnzz.com
Connection: Keep-Alive
Cookie: cna=qjURDJbGu14CAbhrJiZSgwUL


HTTP/1.1 200 OK
Server: Tengine/1.4.1
Date: Sat, 31 May 2014 21:20:46 GMT
Content-Type: image/gif
Content-Length: 43
Last-Modified: Tue, 28 May 2013 02:57:17 GMT
Connection: close
Accept-Ranges: bytes
GIF89a.............!.......,...........D..;..



GET /material/d7/4/a9ac5ed3b828895d94097c8c6faba.jpg HTTP/1.1
Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/shehui_509_366.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cache.adm.cnzz.net
Connection: Keep-Alive


HTTP/1.1 302 Found
Server: ATS/3.2.0
Date: Sat, 31 May 2014 21:20:38 GMT
Content-Type: text/html
Content-Length: 266
Location: hXXp://cache.adm.cnzz.net/noname.gif
Age: 0
Via: http/1.1 l2hk1 (ATS [cMsSf ]), http/1.1 de1 (ATS [cMsSf ])
Connection: keep-alive
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">..<html>
..<head><title>302 Found</title></head>..<b
ody bgcolor="white">..<h1>302 Found</h1>..<p>The 
requested resource resides temporarily under a different URI.</p>
;..<hr/>Powered by Tengine/1.4.2..</body>..</html>..
....


GET /noname.gif HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/shehui_509_366.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cache.adm.cnzz.net
Connection: Keep-Alive



.HTTP/1.1 200 OK..Server: ATS/3.2.0..Date: Sat, 31 May 2014 15:03:03 G
MT..Content-Type: image/gif..Content-Length: 0..Last-Modified: Fri, 21
 Oct 2011 09:36:11 GMT..Expires: Sat, 31 May 2014 20:29:04 GMT..Cache-
Control: max-age=86400..Content-Disposition: : attachment;..Accept-Ran
ges: bytes..Age: 26124..Via: http/1.1 l2hk1 (ATS [cHs f ]), http/1.1 d
e1 (ATS [cRs f ])..Connection: keep-alive.....



GET /9.gif?abc=1&rnd=1664314230 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/meinv.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cnzz.mmstat.com
Connection: Keep-Alive


HTTP/1.1 302 Found
Server: Tengine
Date: Sat, 31 May 2014 21:20:42 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
P3P: CP="NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV"
Set-Cookie: cna=qjURDAV7x0wCAbhrJiZWvYLP; expires=Tue, 28-May-24 21:20:42 GMT; path=/; domain=.mmstat.com
Set-Cookie: sca=f83bd75d; path=/; domain=.cnzz.mmstat.com
Set-Cookie: atpsida=4fa714804b0636c127c02504_1401571242; expires=Tue, 28-May-24 21:20:42 GMT; path=/; domain=.cnzz.mmstat.com
Location: hXXp://pcookie.cnzz.com/app.gif?&cna=qjURDAV7x0wCAbhrJiZWvYLP
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Pragma: no-cache
GIF89a.............!.......,...........L..;....


GET /9.gif?abc=1&rnd=1242621765 HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/meinv.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cnzz.mmstat.com
Connection: Keep-Alive
Cookie: cna=qjURDAV7x0wCAbhrJiZWvYLP; sca=f83bd75d; atpsida=4fa714804b0636c127c02504_1401571245


HTTP/1.1 302 Found
Server: Tengine
Date: Sat, 31 May 2014 21:20:47 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
P3P: CP="NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV"
Set-Cookie: atpsida=4fa714804b0636c127c02504_1401571247; expires=Tue, 28-May-24 21:20:47 GMT; path=/; domain=.cnzz.mmstat.com
Location: hXXp://pcookie.cnzz.com/app.gif?&cna=qjURDAV7x0wCAbhrJiZWvYLP
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Pragma: no-cache
GIF89a.............!.......,...........L..;..



GET /imgn/v32/setskinbg.gif HTTP/1.1
Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: p3.123.sogoucdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Sat, 31 May 2014 21:20:18 GMT
Content-Type: image/gif
Content-Length: 397
Last-Modified: Wed, 20 Jun 2012 04:23:24 GMT
Connection: keep-alive
Expires: Mon, 30 Jun 2014 21:20:18 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
GIF89a................................................................
.......................................!.......,............%.di.Y..l.
bp,.tl.x..x.....G)....q.l:...dJ.Z...v..z...xL.....z.n....|N.....~.....
.......................\..............................................
.............................................................H......:X
......#Jd......3j...".. C..I....(G.FX.....,C..;....


GET /imgn/v51/new-erweima2.png HTTP/1.1


Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: p3.123.sogoucdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Sat, 31 May 2014 21:20:19 GMT
Content-Type: image/png
Content-Length: 18683
Last-Modified: Mon, 08 Jul 2013 10:16:12 GMT
Connection: keep-alive
Expires: Mon, 30 Jun 2014 21:20:19 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
.PNG........IHDR...,...,........"..H.IDATx....x.U..'.R.D.Q....*...]A.;
".".... 5$.%....I.=....^............?.I\2w.,......'..\....;..s....D...
...H.!.D..H$..D".I$.AH"..$.. $..B.... ...tuu..lcc..=.....}.6v.....S.wb
aa..Dv..[$.|..!.=..9.....d....;......[?w..M..'.l....[.....d.....U.. $.
.B.. $..B.. $..B.. $..B.. $......AH..!|....t.....:.?......c........gi.
....:::.s.p........{^.j.....~X..B1!...g..|.r.9..;W........J......yx>
;>>.sdB.....T..I.bgm.......~.Mu......V.....j....P4.d.........4n.
MEK..1...5.tjjj............O^.h.....F.<..:...!AH....!AH....!AH....!
A.~......yE.H.....!Ax..v..d..............j....U....*.%x..{d:.:.B.._vv.
........."l..$.......OSS...g....y..'......l......rrr..z.@(..3..T<.]
.B......!CT.Ph.d.U. ...2....,.p.....@$::Z.........x.T<A<..!AH...
[email protected].........(.....,l.k.
...7z..N.P^....O.....2R.!.qGA(..$.;.Y.........w[...C........l.qI....,!
AH....!AH.>x..t.@(..!Te%aGA...".....!..QY..Z....5..d....%$..B.. $..
B....N..[o.....^b6.>|.(.._..K?..#[email protected]...={V..
......VVV2/..o.).AOO.y....#?.}l.;Y.V. ...=L._...bqL'..Q*.W..3......J%.
..(AH....!AH....!AH....!AH....!A.i.".....i....G.yDx.......f.....m.....
[email protected].......]]]...N.y...P.ekx.T|P........B.....LK...
......X.....~...b......!AH....!AH....!AH....!AH....!AH....6.C....s...*
....k......2...7O....Lu.?....,..9Sx..b.tv...P.C.F...c....7..y......6l.
6...e6f..|....c(...N~P.F'A.E..A.X..:.(....'T*[email protected]..]G.!AH....!AH.
...!AH....!AH........n..<W.c...c.....&..w1.....{V....;.= .)hjjz
<<< skipped >>>

GET /imgu/2014/05/20140527160745_754.jpg HTTP/1.1


Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: p3.123.sogoucdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Sat, 31 May 2014 21:20:24 GMT
Content-Type: image/jpeg
Content-Length: 7281
Last-Modified: Tue, 27 May 2014 08:07:45 GMT
Connection: keep-alive
Expires: Mon, 30 Jun 2014 21:20:24 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
......Exif..II*.................Ducky.......W.....rhXXp://ns.adobe.com
/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> 
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c06
0 61.134777, 2010/02/12-17:32:00        "> <rdf:RDF xmlns:rdf="h
ttp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rd
f:about="" xmlns:xmpRights="hXXp://ns.adobe.com/xap/1.0/rights/" xmlns
:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.
com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0
/" xmpRights:Marked="False" xmpMM:DocumentID="xmp.did:AF6CF914E48311E3
BD25D4EF302F3A49" xmpMM:InstanceID="xmp.iid:AF6CF913E48311E3BD25D4EF30
2F3A49" xmp:CreatorTool="Adobe Photoshop CS2 Windows"> <xmpMM:De
rivedFrom stRef:instanceID="uuid:5CC35DF47A56E31182D2D115CBBA3EF6" stR
ef:documentID="uuid:5BC35DF47A56E31182D2D115CBBA3EF6"/> </rdf:De
scription> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"
?>...&Adobe.d............................o.........................
......................................................................
.............................................k._......................
.................................................................... .
1.!.2.".A0#3$5.6........................!1.AQa". .2..q..Br#.Rb...3Cc..
.....s4D...................@`..!.P1....................!1AQa. .q......
...................].'./.e&p........\H.....)|2....;....s....N..Y..s.]V
.d.|...Q`.i$.3....O.........\.T1.nH..c..vA.V.|.C...7f.!...4.......
<<< skipped >>>

GET /imgn/sehome/tjv1/img-news.gif HTTP/1.1


Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: p3.123.sogoucdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Sat, 31 May 2014 21:20:24 GMT
Content-Type: image/gif
Content-Length: 225
Last-Modified: Fri, 11 Jan 2013 08:57:48 GMT
Connection: keep-alive
Expires: Mon, 30 Jun 2014 21:20:24 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
GIF89a................................................................
.......................................!.......,..........^...dY"I"(..
.pl...$.0.|..6... .P..c..1....psF..TbZM......M${[email protected]
%.fD...)..#.!.;....


GET /imgn/v51/i-ico-2b.png HTTP/1.1


Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: p3.123.sogoucdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Sat, 31 May 2014 21:20:24 GMT
Content-Type: image/png
Content-Length: 2337
Last-Modified: Thu, 30 May 2013 07:28:54 GMT
Connection: keep-alive
Expires: Mon, 30 Jun 2014 21:20:24 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
.PNG........IHDR..._...X......I M....sBIT....|.d.....pHYs.........B.4.
....tEXtSoftware.Adobe FireworksO..N....tEXtCreation Time.12/28/12...5
...}IDATx...{l[...?..y4MH.'$kIXJIE.H.^K.2...d06p.44.m.4..tb....m...ib.
.aM.....Tk......#{....P......m.&n..}}...ul...~..J.G..{..]..=?...>..
.HlA.......F..6"...K....^lG.#.#_6@..)...(.9.|...#g..E9...,Gr._._\,././
>.rm.6.$.F..6"...)..H.m..........,G2.5[...w...0.. .UX..pi.....O...;
%.sI.V..?~.}.e.#3.Q}..B..W.L..I}..}....4.4..{..k73....5"_.A.h(..PH..&l
t;J..O(.vv.a*.c.n..5.H.5.. ..U.m5.e8.....r....._.....A.5.._.s...eJHc.c
.%uv..@|..^!....0.XC.|:\Y2G."..............F..&.-._......T.qel.4...~r.
..o......$..gI. ..=.K*S/...v.\./......o...~..jv...n)|.d=.R......:.....
(.3=...C)|..g.lD.j..........y......-..p...,.C_....Y......P.....;...:p.
..@{.~..u...[3Up..M........&...V.Y:..N..`66.......,.....J.....'R......
6.........)....c..K.../..........)..s[.r.h...)N.U .......F9=.d..*>.
..l.q.}....A....0....../V......3.wy|..........q:.....s.w.'.r. .C..wh|.
..K...g...e...3.H...].<......].Iu.....x...f..{......7"......;......
.....k...`=..D.:.7.fu.....T......`r:...Yy.... .1....a^...o......A.cJL.
.....}.4c...oIT.9...!........k.....U....a&....H..][email protected]..
.$.....R'.}.#._N)....8.|..L..<pON9....F.....j*....`|j.....y].......
..h..p'..y...O.....$.X........~......S....:.yF~"o.7.$x"......2..Ss~.t.
...B.......l.&.[....s$..4.#....W.....ho^..........T.c.K ....&./"..)../
.}...h..!^ "u.r..j....G....E./Mg...$..LF; .>_.......9.~DZ1..<.&l
t;gb.......6...e..3..TA....-.F.>..==.....o.p......J.<..nG.%.
<<< skipped >>>


GET /css/skin_.css?V=dr HTTP/1.1
Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: 123.sogou.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Sat, 31 May 2014 21:20:17 GMT
Content-Type: text/css
Content-Length: 21
Connection: keep-alive
Last-Modified: Tue, 20 Sep 2011 09:23:38 GMT
ETag: "4e785b9a-15"
Expires: Tue, 03 Jun 2014 08:58:14 GMT
Cache-Control: max-age=259200
Accept-Ranges: bytes
/* skin default */...HTTP/1.1 200 OK..Server: nginx..Date: Sat, 31 May
 2014 21:20:17 GMT..Content-Type: text/css..Content-Length: 21..Connec
tion: keep-alive..Last-Modified: Tue, 20 Sep 2011 09:23:38 GMT..ETag: 
"4e785b9a-15"..Expires: Tue, 03 Jun 2014 08:58:14 GMT..Cache-Control: 
max-age=259200..Accept-Ranges: bytes../* skin default */.......


GET /v53/jsn/v53_123n.js?V=11 HTTP/1.1


Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: 123.sogou.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Sat, 31 May 2014 21:20:18 GMT
Content-Type: application/x-javascript; charset=gbk
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 29 May 2014 10:53:58 GMT
Expires: Tue, 03 Jun 2014 01:22:00 GMT
Cache-Control: max-age=259200
Content-Encoding: gzip
5240..............y.[.u/.U.....O.1.D.MQR.w%K...V^...p..6p...t.......x.
...vd'.D.....DR.)...%..%rr....N......vU..@.....{Kb.N...vU...k.]......7
....^:..U...]m..........k.=Z.;.......|..T.;.u....^s.....zo.T.......Q..
.|v.....<~...]..wO<ne..f...Og.FN0.ys.z.w............_=s.._......
.#...k...........]..v.f.t".............uAV....puqq.t.H.6....]......e..
Ck....t3L.v..M..`.....fg....5....=.........n9#.....6].......;Nu!...vz.
 K]...P..5...a......N..A......;4M...#.....[.Lv...oo..L0.U.....*...-...
...o#.Q.f.v.D[V.Xlv..}q..Q.;.G.....2X.g.9.../...m.k.......e....:ZW...?
.Y..zx.............w.:...j..Y.-.5....|..#.......%..k....,Vr.;..;..\.c.
.....k..F.1l..`T...1..._.:..Y3.4....H....]....9..mqdA...AOL,......].n.
.......K2.L.l.[........=.,.R.Aw<.T.R...`.d...A..Y....R..bf....[..Y.
Q;g..f4.?U.`....E...H.; =.l..Cw.=k.4......HC...$.>...,.8...M......x
.|.e[='X..t.a....m.N.F30...K..rneE..wL|9.\.......R!..\w...|..j/5..J!I=
w...`rR..8-7.6..Y.!..9..ngQ.......4............*.8.Fzl.......j.o...}..
...zN..f.d.(.IZ4kg...i.l ...F|...>.F7..4.o;....).......p4.b.2]..,9.
:[email protected].$&..\ 3....5.^....p6~6..8E...nvA.G..$......)C...!...
B=.b..O......K5EF0jm..d....G.....Acs.....-.....d.".ApJ...Bn....Y...K..
.o-...f.....K..r....h%...z....2 ..Y.V.5..:s.....l^....#.../.oH.^{....(
......Xu|b..Wf. !.H.....O5 ...3j.F._...h...a.T.7'p..N}F.....6.J....F..
.........z..[..(^u9O.y..........Z.e9g..Z9_c..*.g...w..7A7.(...p/...dU.
.c..>~.%;'.... ..3..e..q.w...\ak?.2L...&....k'..5.s..z[.B#....B...6
..T..2...).9s..%..$..`...~.P...8..........hT..N...`N...N...f['..x.
<<< skipped >>>

GET /jsn/hotdata.js?V=1401553631583 HTTP/1.1


Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: 123.sogou.com
Connection: Keep-Alive
Cookie: ipt=0; SDUV=1401553631490_2278_00001; CKOR=9290_00001_00000; CKOD=5782_00000_00000; GOTO=Af22014


HTTP/1.1 200 OK
Server: nginx
Date: Sat, 31 May 2014 21:20:20 GMT
Content-Type: application/x-javascript; charset=gbk
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sat, 31 May 2014 14:19:18 GMT
Set-Cookie: IPLOC=CA; path=/
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Expires: Tue, 03 Jun 2014 21:20:20 GMT
Cache-Control: max-age=259200
Content-Encoding: gzip
c3f.............YkO.I../D.v.....jX...y0$...H4.............=.V...`.....
....>..[.t.H'........3.....o;..l.K.2.k.....Y3..L.Z..2;...#.P...x=..
../......y.|.8.......E.k..]............O?.....:N..../?.....5"u.U......
./x8..k^..F'_E...b....7]...C........zo.....~.....U..4.go.\..........D.
V..5...?..&9~{s=..f.w.s{....7'.G.....Yz..zg..V....WJ.)..e.......^.....
i.M....x.......Go ....f....*.xO.Y!5^ck..W...t./8.~.....^s..l.bm.le..W.
.....*C. ...i.X,.......=...`..|..FZ..6.NT^.~....@......;OU-.........O.
..zg.)&.)..2.;........u...3y8..|T.F>..\T;....'.No...Qt.G....... .FX
e0...L......1;......Qq....d...jP.F..Vx.kQ...............Et.DNF..JI...H
..(B.).,e.........c%..%I9][.....Y....~...$.R(...E.p.h/b~V..$J.cJ..-U.x
.|.L*......A..^o6..'k.9..M....U.; Cq..c]..p>...:OS....h.|.|...@@g-.
..2HN....P`......xU.mY.....q.U...........O.......t.....U...W`GA.Y...LW
.....!....#..ET?.j.....L.&.ea...H.SaO..........}..vF..QHz....J...xN{.&
..B.h. ,W....7.......iOD.r......K...Y..u..9'...NZ..gSN.r......I.7....R
h...$.._.W.._k...B.r.2Ka.......$Jf.Z.......3)*....R..d....^.E,.*.3....
.M<.R.?....N.]Q.V.Z.5jQ.F..4m...........K.b.>..O.f...$...ITkD...
!&.Dj.l.M(l.j.7h\..F.u.A...:.<.o=.C.....U.....fe^..1...........4D.p
.....B5..K1.Ax.?.._.GDB.pp...36.../I.;[email protected]@...;.\H.z<...\.
tCP.k.&8f7.$...!6....r..sAU..%..N...IxY..-reT.D.`.*..GN..D. b(.\...( .
..;.m.1.N.d....9<Qn.6 [email protected].. ...5...#./[email protected]...].z.3
)...si.,%.f....f...d?..Q.D....8...'.Z)$..E\.O.....m.`......P.h.8.Z....
.#..v...........|.H$.W9......q.!*...X..h........n....f.L N.hfk.. .
<<< skipped >>>

GET /images/weather/cloudy.gif HTTP/1.1


Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: 123.sogou.com
Connection: Keep-Alive
Cookie: ipt=0; SDUV=1401553631490_2278_00001; CKOR=9290_00001_00000; CKOD=5782_00000_00000; IPLOC=CA; _seCityCode2=CN110100; GOTO=Af22014


HTTP/1.1 200 OK
Server: nginx
Date: Sat, 31 May 2014 21:20:21 GMT
Content-Type: image/gif
Content-Length: 1663
Connection: keep-alive
Last-Modified: Sun, 09 Oct 2011 10:21:06 GMT
ETag: "4e917592-67f"
Expires: Sun, 15 Jun 2014 06:27:38 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
GIF89a(.(.............................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
..............................y.......................................
......................................................................
......................................................................
......................................................................
...........!.......,....(.(........H......*\......#J.H1..t..bCa..(Q..e
L(..7........H..x]..H..ff\[email protected]..
...ajT.Q..H.#F......Xa.....04. eS...z.*E....E.......?Ql...'.&*.k402...
6l.D...L#(v<.2....g..)Q....W#0..!.G//q.....N.0.....Q........... 2x.
..........y....Z...Yx...#Sh..$....~..8.a..KY...*[email protected]......
..q..r.".X.B.^..I.1...;.es...$....x"..q$QA.)\....X`..P.......J8.....aq
p...L..!..`.1..r.......".....h.N7.}..$...C.Q......P.(<....?....t...
..!.N45.B.*[email protected]...<!$.20P`..Pd.. Y....)..B..
......H............"..#..........D.Z,...E.RD 3... \,..;.T..2V`.H.. .D"
L......A.!R.!B.....C]$..0[...4R.2..D..A!j...0?DAG..84.&.T1..R....6H!..
eD.B..t.......-s81.......?.R./..1F...D..v....O..H#..-uB..3.=Xc....
<<< skipped >>>


GET /?22014 HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: 123.sogou.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Sat, 31 May 2014 21:20:16 GMT
Content-Type: text/html; charset=gbk
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="NON DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa CONa HISa TELa OTPa OUR UNRa IND UNI COM NAV INT DEM CNT PRELOC"
Content-Encoding: gzip
90e7................\.u7...gb!..=.....5....."...v..E..z...d...'..6...B
B...!!.......8vB.8....'~..9....u.$......uOU.:......_...}O........L<
........HNO.#.ozz.....|....KdR...=..o.......>..Db.>.t......Rk.T.
W.~.k.G.V.^......TeP.X~.....SY~x..4..k7O.....S'....s?z.G..._]....../..
.s.>.I&.K.;..0U......>.r...0.&.#.....7...I......Qj...r.=p....G.,
.h....}...Dbz9..>.6..z.|s...L....u..w.K..........4....uz.....<..
=.&8....?.../w^<{.?.|y..n^......pg../...g/.p..O..t.._^......<...
........GSg..:1u.W.N^....S....K......7G1.../..]ZG{..^.(..p....|..['.&l
t;..w'.V.>....z..4.c..z...c..q...{...O... .......><......;...
............s?|...........?{.go...o. ...~...=................k..$....[
'.=..h6. ...\.h`9'...[]..n......:..s...H..n1... .(....$C[~X.%.....>
..:....W.^.?.,mN.2..mw-..4.sW....n..ikq...t.R...Rz..i...._H&.5..G.$f..
.f...D.. /)...4.. m"....=.......~.z..b.%Z.<......tj.I......n...7.sr
.^.-8.j....*..Tm....A.[,........Z.6K....ni..y.....8.Zm.j.F.S..a{...!.]
iT.$.....MW,../.5.\.T....as.......].=U.L..S..Tw.}NU;..T......n.-..:..S
xe0UiNU*Snk...j..B.{t..T*.v.>o9...,A....v..n9..N..[..U.o..=Yq......
.....r.uz.....5l&...f.?H.D..b..q..M.:..gS,.2...f..G..k...-'.s SN..oM.E
....Y...m<.....U.'../hQj.]..}.r.V........i.-B.f.)..z...0Y.....a....
..g!....=f........I..{tav.....76..L.X.Ab.k..F...%.Rms.Q...2....%..<
.[..W..(.)...:..L.h..i6*..R....j4N....s4.N.....W^..<P..Ni.Is...$...
..A........]".......-. j..<&mv-...A.l.G?..M....Z.:..:m.o.j.........
...|....Ws...J..K..C...N..v]g.G.......4.....Pjv. [email protected]..
<<< skipped >>>

GET //v53/get_123_v53.php?block=wt&ver=v53&gfg=1&city=unknown&pid=Af22014&c=1401553631536&method=ajaf&cbf=fn HTTP/1.1


Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: 123.sogou.com
Connection: Keep-Alive
Cookie: ipt=0; SDUV=1401553631490_2278_00001; CKOR=9290_00001_00000; CKOD=5782_00000_00000; GOTO=Af22014


HTTP/1.1 200 OK
Server: nginx
Date: Sat, 31 May 2014 21:20:20 GMT
Content-Type: text/javascript; charset=gbk
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: IPLOC=CA; path=/
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
X-Powered-By: PHP/5.1.6
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: max-age=0
e02..sg_wt_cb({"cn":["110100","北京"],"wt7":[["2014-06-01"
,0,"阴有分散性阵雨","cloudy.
gif",19,29,"微风"],["2014-06-02",1,"多云","clo
udy.gif",17,26,"微风"],["2014-06-03",2,"晴转&#
22810;云","fine_cloudy.gif",20,30,"微风"],["2014-06-
04",3,"多云转晴","fine_cloudy.gif",20,31,"
494;风"],["2014-06-05",4,"晴转多云","fin
e_cloudy.gif",22,33,"微风"],["2014-06-06",5,"阴ů
16;多云","cloudy.gif",20,32,"微风"],["2014-06-
07",6,"多云","cloudy.gif",18,28,"微风"]],"city
":"CN110100","ip":""%local server IP%"","md":"06-01","week":"0","nongli":"&#
20116;月初四","tuanmv":"","pm":71});tjv2_cb({"tj_uta
g":"00_01_08","data":{"news":[{"tab":"\u5934\u6761","taburl":"http:\/\
/123.sogou.com\/xinwen\/","list":[{"title":"\u4e60\u8fd1\u5e73\uff1a\u
7cbe\u5fe0\u62a5\u56fd\u662f\u4e00\u751f\u76ee\u6807","picurl":1,"url"
:"http:\/\/news.sohu.com\/20140531\/n400276114.shtml?pvid=7d0a16e31613
c9e0","color":false},{"title":"\u5728\u5927\u9a6c\u906d\u7ed1\u67b6\u4
e0a\u6d77\u5973\u6e38\u5ba2\u83b7\u91ca ","picurl":0,"url":"http:\/\/n
ews.sohu.com\/20140531\/n400276480.shtml?pvid=7d0a16e31613c9e0","color
":false},{"title":"\u5c71\u4e1c\u56f4\u6bb4\u68486\u5acc\u7591\u4eba\u
7cfb\u90aa\u6559\u6210\u5458","picurl":2,"url":"http:\/\/news.qq.com\/
a\/20140531\/008151.htm","color":"red"},{"title":"\u4eba\u5927\u53
<<< skipped >>>

GET /images/weather/cloudy.gif HTTP/1.1


Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: 123.sogou.com
Connection: Keep-Alive
Cookie: ipt=0; SDUV=1401553631490_2278_00001; CKOR=9290_00001_00000; CKOD=5782_00000_00000; IPLOC=CA; _seCityCode2=CN110100; GOTO=Af22014


HTTP/1.1 200 OK
Server: nginx
Date: Sat, 31 May 2014 21:20:21 GMT
Content-Type: image/gif
Content-Length: 1663
Connection: keep-alive
Last-Modified: Sun, 09 Oct 2011 10:21:06 GMT
ETag: "4e917592-67f"
Expires: Sun, 15 Jun 2014 06:27:38 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
GIF89a(.(.............................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
..............................y.......................................
......................................................................
......................................................................
......................................................................
...........!.......,....(.(........H......*\......#J.H1..t..bCa..(Q..e
L(..7........H..x]..H..ff\[email protected]..
...ajT.Q..H.#F......Xa.....04. eS...z.*E....E.......?Ql...'.&*.k402...
6l.D...L#(v<.2....g..)Q....W#0..!.G//q.....N.0.....Q........... 2x.
..........y....Z...Yx...#Sh..$....~..8.a..KY...*[email protected]......
..q..r.".X.B.^..I.1...;.es...$....x"..q$QA.)\....X`..P.......J8.....aq
p...L..!..`.1..r.......".....h.N7.}..$...C.Q......P.(<....?....t...
..!.N45.B.*[email protected]...<!$.20P`..Pd.. Y....)..B..
......H............"..#..........D.Z,...E.RD 3... \,..;.T..2V`.H.. .D"
L......A.!R.!B.....C]$..0[...4R.2..D..A!j...0?DAG..84.&.T1..R....6H!..
eD.B..t.......-s81.......?.R./..1F...D..v....O..H#..-uB..3.=Xc....
<<< skipped >>>

GET /v53/get_tj.php?hz=4671845&ids=qiche HTTP/1.1


Accept: */*
Accept-Language: en-us
Referer: hXXp://123.sogou.com/?22014
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: 123.sogou.com
Connection: Keep-Alive
Cookie: ipt=0; SDUV=1401553631490_2278_00001; CKOR=9290_00001_00000; CKOD=5782_00000_00000; IPLOC=CA; _seCityCode2=CN110100; tjv2_cont=00_01_08_09; GOTO=Af22014; SUV=00004997B86B2626538A479685C35875


HTTP/1.1 200 OK
Server: nginx
Date: Sat, 31 May 2014 21:20:23 GMT
Content-Type: text/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.1.6
10cb..{"qiche":[{"tab":"\u6c7d\u8f66","taburl":"http:\/\/123.sogou.com
\/shwz\/qiche.html","list":[{"picurl":"http:\/\/pic2.xcarimg.com\/img\
/news_photo\/2014\/05\/28\/i8g7XZO1lz1162.jpg","url":"http:\/\/topic.x
car.com.cn\/201404\/ford562\/?zoneclick=101487","title":"\u798f\u7279\
u7ffc\u864e","price":""},{"picurl":"http:\/\/pic4.xcarimg.com\/img\/ne
ws_photo\/2014\/05\/29\/mE8bXnNioe2802.jpg","url":"http:\/\/price.xcar
.com.cn\/serise1168\/city9999-1-1.htm?zoneclick=100517","title":"\u54c
8\u5f17H6\u21938\u5343","price":""},{"url":"http:\/\/price.xcar.com.cn
\/serise630\/city9999-1-1.htm?zoneclick=100517","title":"\u79d1\u9c81\
u5179\u4e09\u53a2 \u73b0\u91d1\u4f18\u60e03\u4e07\u5143","color":false
},{"url":"http:\/\/price.xcar.com.cn\/serise1933\/city9999-1-1.htm?zon
eclick=100517","title":"\u79d1\u9c81\u5179\u6380\u80cc \u73b0\u4f18\u6
0e01.3\u4e07\u5143","color":false},{"url":"http:\/\/price.xcar.com.cn\
/serise109\/city9999-1-1.htm?zoneclick=100517","title":"\u5609\u5e74\u
534e\u4e24\u53a2 \u73b0\u91d1\u4f18\u60e02\u4e07\u5143","color":false}
,{"url":"http:\/\/price.xcar.com.cn\/serise937\/city9999-1-1.htm?zonec
lick=100517","title":"\u96ea\u94c1\u9f99C5 \u73b0\u91d1\u4f18\u60e04.5
\u4e07\u5143","color":false}]},{"tab":"\u65b0\u8f66","taburl":"http:\/
\/123.sogou.com\/shwz\/qiche.html","list":[{"picurl":"http:\/\/pic1.xc
arimg.com\/img\/news_photo\/2014\/05\/29\/KCHDs5Hhfp1883.jpg","url":"h
ttp:\/\/price.xcar.com.cn\/serise561\/city9999-1-1.htm?zoneclick=10051
8","title":"\u950b\u8303","price":"\u964d2.6\u4e07"},{"picurl":"ht
<<< skipped >>>


GET /app.gif?&cna=qTURDBgFISYCAbhrJiaIb/9f HTTP/1.1
Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Connection: Keep-Alive
Host: pcookie.cnzz.com


HTTP/1.1 200 OK
Server: Tengine
Date: Sat, 31 May 2014 21:20:42 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
P3P: CP="NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV"
Set-Cookie: cna=qTURDBgFISYCAbhrJiaIb/9f; expires=Tue, 28-May-24 21:20:42 GMT; path=/; domain=.cnzz.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Pragma: no-cache
GIF89a.............!.......,...........L..;....


GET /app.gif?&cna=qjURDAV7x0wCAbhrJiZWvYLP HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/meinv.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Connection: Keep-Alive
Host: pcookie.cnzz.com


HTTP/1.1 200 OK
Server: Tengine
Date: Sat, 31 May 2014 21:20:42 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
P3P: CP="NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV"
Set-Cookie: cna=qjURDAV7x0wCAbhrJiZWvYLP; expires=Tue, 28-May-24 21:20:42 GMT; path=/; domain=.cnzz.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Pragma: no-cache
GIF89a.............!.......,...........L..;....


GET /app.gif?&cna=qjURDAV7x0wCAbhrJiZWvYLP HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/xinwen.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: pcookie.cnzz.com
Connection: Keep-Alive
Cookie: cna=qjURDJbGu14CAbhrJiZSgwUL


HTTP/1.1 200 OK
Server: Tengine
Date: Sat, 31 May 2014 21:20:46 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
P3P: CP="NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV"
Set-Cookie: cna=qjURDAV7x0wCAbhrJiZWvYLP; expires=Tue, 28-May-24 21:20:46 GMT; path=/; domain=.cnzz.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Pragma: no-cache
GIF89a.............!.......,...........L..;..



GET /v53/imgn/v53_arrow_h.gif HTTP/1.1
Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: d.123.sogoucdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Sat, 31 May 2014 21:20:19 GMT
Content-Type: image/gif
Content-Length: 1036
Last-Modified: Thu, 14 Nov 2013 11:00:56 GMT
Connection: keep-alive
Accept-Ranges: bytes
GIF89aQ.}..........1..b.......................C.....t.................
............G...........j........}..T.................................
.................................................................!....
.).,....Q.}........(....r.l:...0E.Z...v..z...xL.o...z}-..p.;N.W.......
&. .z.waZ........z|W.........#.v.W.X!...u.)..Z$.$.q....\...{.U....[...
j.....Z..........[....d...\....f...[. .i.).!X..e.....).......]Q0......
...%..@$"(.8....t.b..q#.......e...C..\..%..B..|.sK..NPz..E.......8s...
.T..R.q.SYO9:..u...U?^......k.j.J...Bb..%....H`...jv......i...Z...~.\O
.R..*x.B..R...(V..L..]4..<./.5."...q.d.....@ sT........k1..W.R[N...
ws....p9.../n....Y.3'C....b*D..8M.........w......PM...N..-.}......b.~.
...w.}..h....WE}...`...W`9`=.!.U1x.n....\.]h.TU.". ."2.Z..aXF.m<U.s
.)7..Z.H..Z...R..H..d...........6b]D...i....^U.x.`P.yW.m.uT..eya.t..#G
f...aj..Q......V..d.^....brE..|..e.y....".D.N>....C...N9E..M..1.I..
*....j...r.. ...E"[email protected].... -.l.....#........0..4.j
P.5.\.-...#N.....:..#)@<..k.=.......K.A.....V8..D..,....l... ...;HT
TP/1.1 200 OK..Server: nginx/1.4.1..Date: Sat, 31 May 2014 21:20:19 GM
T..Content-Type: image/gif..Content-Length: 1036..Last-Modified: Thu, 
14 Nov 2013 11:00:56 GMT..Connection: keep-alive..Accept-Ranges: bytes
..GIF89aQ.}..........1..b.......................C.....t...............
..............G...........j........}..T...............................
...................................................................!..
...).,....Q.}........(....r.l:...0E.Z...v..z...xL.o...z}-..p.;N.W.
<<< skipped >>>

GET /v53/jsn/main.js?V=107ff6db9da3d62875c7cafb326229a51 HTTP/1.1


Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: d.123.sogoucdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Sat, 31 May 2014 21:20:21 GMT
Content-Type: application/x-javascript
Last-Modified: Thu, 22 May 2014 03:42:23 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
5507..............{[.G...w.... Y-!q.....0...${..I^`xuiI.BR....:.......
H.;.......?......U.V.V}hN........:.?..Q..~..&.4.....v.a........A.-....
....d....=e..s?..........l.....Xzp..i.....Q...:............E|..^L.....
|.7'q8.Lz...!.L...o....a.._ ..2.e..,......$.|....>]...-/...s.$.4u.@
l....b.....}.\\..`..X.I.....p....:.qR...}....`..>...i.r..sT..|>.
..dX.....65......z7l...L&.O.....?... ......pr0,.K...z\./...~..,..s.&l.
..@....>L->8...^......v...W...J~D.s..,...n|6.._.8.b.9..G...dkN.B
.......n.........l.....l.|_.w.^.|.j...rv~^{C.W;.....5.r/..d..uv..'E...
.$l..h.[..A-..'...7.:.go.).. ..n..i}.../...X......T..U...........c....
E._.....;5` Py0]....vM.;gg....).|U......$.-y.I.f....(..=S..V..v.......
......}.....[.^9......6hb....vX..a...R..c.ze....&=..6g......7('.....dt
_......Q)... l.......Xz........86/.........s_&.C.v9\..:._.....w/.)_. .
^.x.n....K.i.....>........K....uK/.J.Y.......Y.CY.q0)..%?.4}3.a.P..
..qM..!dkui_...d ^"[.. ..[ie5.K<..*..wMCB..j..j.k..........4%B...U!
......n./.......?........>D..5.[.2... ....v.:...L...CG..0.......78.
..{.9..>.....oNz3ax...!3.x..e1....Yd)....J..... ..z...ej.]43l.....N
.F.#.-..L.O.._5I..a3L.....A..:......b.. .j=....6.....Z'.,....\.\D.....
ah%.w....8e.n.....qhh..x.....!4.....(.c......8<5..1..CH......qq.N..
......e...r~Y.,]V/./.u..Lr...LA.f.....!0.z..X..... ..fd....u&B>...!
.....g.8E\.Lx..Hs.....v%^...]......p..........<.s.V.....R...D.I....
.$..b..>........m^n(9.....K.....QjH..h.z..T...).6.....T..k8MH.q...5
2..>.........co}..x.o...<...'..t..L..r.a.&.. !.i..........4.
<<< skipped >>>

GET /v53/imgn/guide_tip.png HTTP/1.1


Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: d.123.sogoucdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Sat, 31 May 2014 21:20:23 GMT
Content-Type: image/png
Content-Length: 10442
Last-Modified: Thu, 14 Nov 2013 11:00:56 GMT
Connection: keep-alive
Accept-Ranges: bytes
.PNG........IHDR.......J.......D.....tEXtSoftware.Adobe ImageReadyq.e&
lt;...$iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.0-c061 64.140949, 2010/12/07-10:57:01        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CS5.1 Macintosh" xmpMM:InstanceID="xmp.iid:CEC0416D02FB11E388CB8B
2E3040A42A" xmpMM:DocumentID="xmp.did:CEC0416E02FB11E388CB8B2E3040A42A
"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:CEC0416B02FB11E3
88CB8B2E3040A42A" stRef:documentID="xmp.did:CEC0416C02FB11E388CB8B2E30
40A42A"/> </rdf:Description> </rdf:RDF> </x:xmpmeta&
gt; <?xpacket end="r"?>.Z....%<IDATx..].....&.(..."...ky.....
.f...7..........W@%.`..@A.*(...P..;K......E|..;g.....?[....>.<..
...........i......h-....@_~.. _&.2%...<..........k......w.d./.....U
 8..r./=|..9.{.P .IT.r.J.b].|...3|....../7....]1..=?..M]Y.f.....n...7l
.:w......Vk?.gkk 8.z..........ps...^p........P-....Z..._.6l.....KWWW.j
jj...........Q..P.~.|..Y..O......... .}...GI...3k..#......KS.....n..r.
rm..../.....'JUUU..aIT....V......4...]P.......M.....Y..xju6...2...|.o3
......?...>X\..V[[......}(//........o.CEM...f.N..Z.....O. ..7hU.qC=
p&/........@.|'gA.1.>.$....{@t..P...um..A..8..].v.;..D.b.]..ss.
<<< skipped >>>


GET /img/news_photo/2014/05/28/i8g7XZO1lz1162.jpg HTTP/1.1
Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: pic2.xcarimg.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Expires: Sun, 31 May 2015 16:33:04 GMT
Date: Sat, 31 May 2014 16:33:04 GMT
Server: Apache
Last-Modified: Wed, 28 May 2014 09:00:18 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Content-Length: 4997
Accept-Ranges: bytes
Xcar-Cache-Server: imgcache2-HIT
Age: 1
X-Via: 1.1 zjjhdx41:8104 (Cdn Cache Server V2.0), 1.1 dls21:7 (Cdn Cache Server V2.0)
Connection: keep-alive
......Exif..II*.................Ducky.......<.....)hXXp://ns.adobe.
com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?&g
t; <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-
c060 61.134777, 2010/02/12-17:32:00        "> <rdf:RDF xmlns:rdf
="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description
 rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="ht
tp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.
0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5 Windows" xm
pMM:InstanceID="xmp.iid:633AAA3AE18C11E39608B049DDD009CF" xmpMM:Docume
ntID="xmp.did:633AAA3BE18C11E39608B049DDD009CF"> <xmpMM:DerivedF
rom stRef:instanceID="xmp.iid:633AAA38E18C11E39608B049DDD009CF" stRef:
documentID="xmp.did:633AAA39E18C11E39608B049DDD009CF"/> </rdf:De
scription> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"
?>....Adobe.d......................................................
......................................................................
.....................U._..............................................
..........................................!1..A".Qaq2....#..BRbr...3$%
..CS4T.......................!1.A..Qaq."2........B............?...ffm.
[email protected]~<..z.v...X.U....?.........#.*...i`.C.x......G.
..ra....5.....5.0@BEb).C.sh.f..........9............Q...x......K1(.xh.
P..b.m.:P..d,.....P.~b.t.cT.....*>^...........W....0.;FU..C.PA..5.w
...:..Q..h.!......b...O....T.......Kx...c.. io..Sf.....Mj..*...i .
<<< skipped >>>


GET /imgu/2013/08/20130820165531_481.gif HTTP/1.1
Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: p6.123.sogoucdn.com
Connection: Keep-Alive



...B.Pc....x .0p.`.0...^....C|l.........V..........!.".*3.BT........oX
 B&.q...s.$`[email protected]]..m^@......!..A..k.6.b.yD..d.....o.Gc
.$L.y..Bj^...S..O.S...............R?.E.Fz... [email protected]%.
..m]............ ..@...........&$...`*..n.C....?....0..0 b.b..Dh..0...
.L.aH.*R..(.........>F.M.p(.S...g<.....5.!Bi,...t.9.....c..p..de
..Y....b.t.A<VL.".......X.......:flz.B.[!..}..kb.......$........V..
..LT,[email protected]...*.5$0(.|M..`.0-.....<[email protected]
...5...SM......|Y....T!Z..Ty.z..p<.....;...U..... ......Xa<../}.
.c.8. [email protected]<...=s.(.4....J..9..HT....9..kCD....U.q......O{.
4/(@....... [email protected].~. ...m....Z...8`..p..*H.AZ..Ix.t....1&...
...)W".`.....\......Np .....|&..U......e......7...L5..1.aO..,4.....g?x
I....\.mg.t......}.j...".,................* ....u..'.. ....S0.Wd.h.S,O
L...y6).q..iST..4....VO\...tr.N%..-.T...........dp.._....;HTTP/1.1 200
 OK..Server: nginx/1.4.1..Date: Sat, 31 May 2014 21:20:18 GMT..Content
-Type: image/gif..Content-Length: 2049..Last-Modified: Tue, 20 Aug 201
3 08:55:31 GMT..Connection: keep-alive..Expires: Mon, 30 Jun 2014 21:2
0:18 GMT..Cache-Control: max-age=2592000..Accept-Ranges: bytes....GIF8
9a..y....1.....A.....c........t..S........9........I........Y..j......
.....<..L.....y.................X...........T..s.....J..J..a..c....
................................................................!.....
*.,[email protected],....r.l:...tJ.*.X.*......6.]...3Z.^.........^..m...
.....M\fDyH.[G.t.D.t.D........D..Y.X..D..........C..............c_
<<< skipped >>>


GET /imgn/v32/selogo_111207.png HTTP/1.1
Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: p4.123.sogoucdn.com
Connection: Keep-Alive

GET /imgn/v32/selogo_111207.png HTTP/1.1
Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: p4.123.sogoucdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Sat, 31 May 2014 21:20:21 GMT
Content-Type: image/png
Content-Length: 12155
Last-Modified: Wed, 20 Jun 2012 04:23:24 GMT
Connection: keep-alive
Expires: Mon, 30 Jun 2014 21:20:21 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
.PNG........IHDR...a...?.....V.......pHYs................OiCCPPhotosho
p ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE.........
..Q,......!.........{.k........>...........H3Q5...B..........@..$p.
...d!s.#...~<< ".....x.....M..0.....B.\[email protected]..@F....
&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH..
...........0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I.
 [email protected]..._-...."[email protected]~..,/...;.
.m..%..h^[email protected].~<<E.........J.B[a.W}.g._.W.l.~<..
....$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..&
gt;.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..?..
..D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/[email protected]..=p..
a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2...
.G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,..c.
."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.X
H,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,  .......3...!.[.
[email protected].(R.jJ....4..e.2AU..R...T.5.ZB...R.Q...4u.9...IK......h.h.i..t.
....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....J.&
..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.._.
.. .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....).).
.4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....Dw.
n.....^..Lo..y....}/.T.m...G.X...$.....<.5qo<./...QC][email protected]....
..<..F.F..i.\.$.m.m..&.&!&KM.M..RM..).;L;L........5.=1.2.......
<<< skipped >>>


GET /kan/static/css/DD_belatedPNG_0.0.8a-min.js?t= HTTP/1.1
Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: d.123.sogoucdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Sat, 31 May 2014 21:20:17 GMT
Content-Type: application/x-javascript
Last-Modified: Tue, 27 Aug 2013 08:33:31 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
b9b.............Y.o....=...}mH....yx....vZ.p..q...P,....*I...........#
@Lrvvvv.ofW...g......Hx-...... ........UQ.emk kq.CQiA^j'..k..n.2_e....
x.kg.o......:....W.:.K[;-..v.'.(A}..8.5.D.....D..<..oW....uaO...-./
.8..e*..Q.....H.)&...*.3[.Y3._.....Y%|...R.#..9.n..JJ..f...%..Y...O.Dh
....A.id.....*..O7|n,..T.e."......d%...9.fg.e..Z...m..m..L..4O_'..>
;<.>...X...*...33N....a.7...?....a....A....J...=M..T./.'.`.y5...
.8....{.20T.P......M....UKc.g....7.&[..]y.Hyu..^.WyP....].0c...z_?&.}$
D=T.v..|.:.Zj'..tV.<f,\......cwU.....93Y.~......4"....O.8....U....!
t.l9..e..~.....F..c.:.o...\...Zh....>..kWD..F...D...._%.w...06rs.&V
./.&.y..#m.Vy../FS...b..)..g.H.%....n.,..Bs..t[}.........h.....s....B.
......~....EFZ.E..z.;...G..'.Y.qV.?....;..%:o...........n.A.....^...y.
...[R.*.`.......I.3.. .U.x2W.....J..W....B..g..*....5.s.!.^4.. `{^z...
.....h.....e.(Fc=B(..E..p.]c....R.eD...k.A:y...nd..c.Ã..z..Mr..-..:.
.L....&...W....z:7..d....d.)Gw.x..~5;..qR#..U.7.....H......{...v..)...
I..v../....G6....yV....[..Ql....>.|}...a.dnn..f..|fL...'h......*J.'
.W.d..(M. W[[email protected]_....Z.........s....#!...(c..d...&l
t;.........$.....Y...:Z..... ..y..]....K)*.O.q.C=*.$..q.Gf.....*WY....
...Z<..c.3.._`LDj....`.jDj..\0....<...xy.xN}..LK.G..5..3....5...
|.3CS...,|.6...*.d...X).....Q6.BlQ.A...}....:.W..q......ad8bc.p.......
n..;e.<L0 d....w...OG..<D....'..m....3.Q.....K=6.kK..5.....M.3..
w.Z......[....#...N\.G$F.!.KS../y.:s......[.).c..h'uc....V`...(...@...
.../..j...."..C....pB.!.....f.Px.r..[p...R.......b..]u.I%.6|.NAXs.
<<< skipped >>>

GET /imgn/v32/icon4.gif HTTP/1.1


Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: d.123.sogoucdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Sat, 31 May 2014 21:20:17 GMT
Content-Type: image/gif
Content-Length: 1506
Last-Modified: Wed, 20 Jun 2012 04:23:24 GMT
Connection: keep-alive
Accept-Ranges: bytes
GIF89a".....................v.....Cs.`}...............................
...I{.b...........................................................U..m
..r..........................M..Z.....................................
......................................................................
......................................................................
.............................mmm^^^QQQ777......!.....~.,....".......~.
...................................................................dKG
8HINi.];K.D.kUMJ[.LG`....DIa.O9c.o|z.bKL.i8p.zy{x..G..OL....'@.>w.Y
.....ox..).n..:..(.....oz...........XB.......9.3@.'...........5..H...5
....m..HNk...4.... uYR...7.....Rj./J.H..d...p....d....5.(ybi..%<..f
....Lk.4Y..M....<I..G..T2.eB%.. I.X..dI..T.R...m.6J.H...M.<?....
CR..w~...T...<F?r....v...<.Rk....D.}<..1..<9........y..9t;
z..S...B.....mU..1Ga.T.L...B...];..p.t....$r(..Oz...Ou8..$[...[d...%[ 
1@M~.0.%T ..`N.....`....5aE}..)...,P..H&YD.%E...[,[email protected]....%.`C...`...
....%..B.!x....,9..%. '.jv.A.a......y....)..}.`'..P...t.z(..4..76t.C.Y
.P..If....h...=dP...0`*........*[email protected]......)...$.Lq...&.....`@..
.p.."..A.!..B.S....)D;.....m.1L1A....n$.L...$@...>L....x..$).a(..L.
........>B........H.....(..$...A..lp.....B..4...Pp..."D ..&k.r#....
.<C...SL1...F....P.4.L7....F-.....@. 4.B&#X...#p....dp...p`..S@1E.?
..@%g..A.2....P.....4.@.'.PC.1....P.p.......z.^..!.....H2A....w.&.@.. 
L.B......&......`...BrC.f@..."....&<.)$u....g.....,[email protected][email protected];..@ 
..3Lr.?.=.`...h....,`v.).....: ...B^...,0...0..R...\b..PA.R`..xbkT
<<< skipped >>>

GET /v53/imgn/v53_bicos.gif HTTP/1.1


Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: d.123.sogoucdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Sat, 31 May 2014 21:20:18 GMT
Content-Type: image/gif
Content-Length: 826
Last-Modified: Thu, 14 Nov 2013 11:00:56 GMT
Connection: keep-alive
Accept-Ranges: bytes
GIF89aD.......Bo...v..1..;o..........f...W.......;........e...W.d.....
.........@......`..P~%[email protected]{......Z...
...W.%h.t...d................@..&z..Hv......L...\.Q~..R....6..........
..h..Ky...y..Y..Cp..a...........R.....Z.....Cr.c..........:......o....
...$m..f....&}........................................................
...............................................!....._.,....D......._.
.............@'K3@?...0 0...''@...'....0......KK.3$.;=3........'*K??G.
.CCH8........?'/[email protected]&&LLN.T@@.. .. .mXR.....7(a. 
...4>.[[email protected].)...?.n..e...4P...H...R.H......P........4..dY...'.
[email protected]......?F)..!....BX...A......1.^.... u@..,!_9..{[email protected]
....tHr..]A.~..7`....N......!J...pb..AF.L....._O..;....!]..#2...AF.H..
 .4#.~D.b%.....,.... .h..p.DP.W.......o..><0.K..{.O.@Q .;t>....


GET /v53/imgn/v53_2icos.gif HTTP/1.1


Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: d.123.sogoucdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Sat, 31 May 2014 21:20:18 GMT
Content-Type: image/gif
Content-Length: 2051
Last-Modified: Thu, 14 Nov 2013 11:00:56 GMT
Connection: keep-alive
Accept-Ranges: bytes
GIF89a)....................8Y....................1..v...........=.....
.........z....................e........J........}.................8..j
..............u.................r.....Q..............C................
.k...........L........................................................
......................................................................
...............................................!.....N.,....).......NN
5....................N.?N...........I.>[email protected]......
-.......................<*........A..G.%:......#%% .C.......].....I
!JP.....I..a.8....A$.3..B.H.$N\.a %#.#......I4L)..k...&O........{.(7.f
N.:(P.pO.C.!..,.j.....D.'..6.G'A........u-z",..H....q...W.LI]d...J7..8
. .O.x.*..l....Tl...... ..m<a.$.J...d..a...J...s$.$H..e..$^..9...D.
........[k.`.Jbs.qk..nj..Yt........n...c.......uE'.c..n.Q_b.....)..x..
..d.....6e..V.)._c..'....W`...._{.}E.$.` ........,.....@..,.....)..W.M
 ..-....B.8#&..)...y..#..gb.#.|.. K6..*IJ.....R.3U:.%#..Rer_....P.8.9c
.X...8..#_..&.jN.'B>..g.$....G...P1..&0.........MTIb. ....M8!.h....
....*.y`yZ.|.xG.Q6.)k.6.:J_..y.X}....-\..o.05k..L..)...........v.)..HK
.H.....J.....4[.c.*Bn..9.^...[.xw.;...bGo......h.{o...[.%..Xo#...^..d 
S......~..r...*\[email protected]..&F...m...9.h..0..".*.(...:.....s..,.
.2.....!..l.#N.....4y..S32% cr..-bV.,...S.....6.....wn.9&.;LP7..a.wMlV
y...W:....0..<. ../.2x{...(%V.[B.PM..TGu.yV.....$z^9v.J".....@.:0EB
....:. ...]".PW....`.......PP..p..D.%..|...e..>)al....=.._.%...z..O
...n..J.B.........>.....B....62....C.h.k....<@.....B.A...5..
<<< skipped >>>

GET /ads_hz/_ads_2.js?t=778640 HTTP/1.1


Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: d.123.sogoucdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Sat, 31 May 2014 21:20:19 GMT
Content-Type: application/x-javascript
Last-Modified: Sat, 31 May 2014 21:00:02 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
d48.............Y.o.F.. ....J.H.aI4.8...h..&..p...W.c.dI..l...7.|.u...
.%>fwg...fv....<..H....T...}'...>B....e.....:../.7N.7...sU.7z
..O...../...V..x.^.(..q|.pg.f.k.l.&\]imf'n.tz6k....'..c.V..&A.3.n.<
~....<."_....[-.q....Wn.A,....D_.Y>eL..cO.J.M.y..*DY....rK...._.
r.1..:..Jml.2...7. ..b....,...L{zb.sG...~uQ..t.*n.....~..\>.W...K.T
.J......*!.../..../O...>.T...7?h.......Ri(.z....k.F.F.0...U..7.....
.<..9W{...Y....k=.SB.p.2..i....,..5@\..{.....paJ.A.i...[h6...._3...
.-..#|.j...<..Ga.z.].4.Sq...4wJ.a.......#.....#$.R...u.f.....&i....
..^.-...J..|.py5.=y.zw..m..V...y.......X../.#p9....1...... .^5..n.<
Z.=a.....T...D.w..i.,..\..k....^..J.n....T.#?_...no.m9z......~..?/T6e.
.,...x,G.Z[).r.P..l=..T5:[8..a.......m....~_...V~.n:.S*. A.T......{.v.
n.M...u...Sn Q.e...._....n......w!..'....}...J.u.y.=..N8...j.Vp4l..Y..
.......V..7Dp.s.-..~....s....."....R.r7.s0....=.k;..f.*.U..6_....0~..@
M.M...v..7..OMR.Ze.........o.y.......jW7OO...1^.S...F.u..'...0...C....
.V..'6.|.i..........Q.L.V P.i.:..E..R.|R...\x...L....AtG.{.....z..!'. 
...q..s7.i.......0..:.2'.f."..}[email protected]
n.{.....6C.c......Sy......h.3.]............7...:[email protected]..._|...H;.4.#
.o....!...I..a.....\......g..([email protected]>K.,.l..fH
........r....U...>.#..7<s.w~..#..NC..@.....,..^.,......6&.......
vl...5f.....x..4fB.\..d...r_}..|....w.."[email protected]:P.U.
.B(Nx......#g....j....9.o....i..6{"... .V...l...^z.u.....[.Q.F0...}..X
.6....../W....OO.{..n...:...O....z./.K...B.%#...?}..9:.g_.<Wd..
<<< skipped >>>

GET /v53/imgn/guide_tip.png HTTP/1.1


Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: d.123.sogoucdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Sat, 31 May 2014 21:20:23 GMT
Content-Type: image/png
Content-Length: 10442
Last-Modified: Thu, 14 Nov 2013 11:00:56 GMT
Connection: keep-alive
Accept-Ranges: bytes
.PNG........IHDR.......J.......D.....tEXtSoftware.Adobe ImageReadyq.e&
lt;...$iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.0-c061 64.140949, 2010/12/07-10:57:01        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CS5.1 Macintosh" xmpMM:InstanceID="xmp.iid:CEC0416D02FB11E388CB8B
2E3040A42A" xmpMM:DocumentID="xmp.did:CEC0416E02FB11E388CB8B2E3040A42A
"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:CEC0416B02FB11E3
88CB8B2E3040A42A" stRef:documentID="xmp.did:CEC0416C02FB11E388CB8B2E30
40A42A"/> </rdf:Description> </rdf:RDF> </x:xmpmeta&
gt; <?xpacket end="r"?>.Z....%<IDATx..].....&.(..."...ky.....
.f...7..........W@%.`..@A.*(...P..;K......E|..;g.....?[....>.<..
...........i......h-....@_~.. _&.2%...<..........k......w.d./.....U
 8..r./=|..9.{.P .IT.r.J.b].|...3|....../7....]1..=?..M]Y.f.....n...7l
.:w......Vk?.gkk 8.z..........ps...^p........P-....Z..._.6l.....KWWW.j
jj...........Q..P.~.|..Y..O......... .}...GI...3k..#......KS.....n..r.
rm..../.....'JUUU..aIT....V......4...]P.......M.....Y..xju6...2...|.o3
......?...>X\..V[[......}(//........o.CEM...f.N..Z.....O. ..7hU.qC=
p&/........@.|'gA.1.>.$....{@t..P...um..A..8..].v.;..D.b.]..ss.
<<< skipped >>>


GET /jsn/citydata.js HTTP/1.1
Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: d.123.sogou.com
Connection: Keep-Alive
Cookie: ipt=0; SDUV=1401553631490_2278_00001; CKOR=9290_00001_00000; CKOD=5782_00000_00000; GOTO=Af22014


HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Sat, 31 May 2014 21:20:20 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 19 Sep 2012 10:54:17 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
5c2b............m.Yo[I...W.t..o{......'7............-.[.Z6EJ.G..(R.G..
..gK...(w..~-.g..._:....U.j..U.V.........._....o....?.........?.s.....
......s.......wZ......4Y^..K....>..e.n.nv.[@..v..<.o.].S....>
.....]d...4..LU]...7S..9...d.z.2........*..U..T..x~.y.&.!.3...x......y
....y....%.Y.W........S.s.yv. ,.2.,.M..7..k9=..|....WT..........>g.
......7..M>'..F..~_......~_...Q.>.3.Lssk.....M.....b......q5....
..Bx.6.c0......{........z...T./...-...........2.,<..(..pExy>..U.
...x..)..In..0.Q8;.P...*.........q.Y.........X..=...Y_9..bl.w?m.16....
....~....xw.l\....~..L7.{...l.6C..v.`M....n..%..F......O.~......Y....f
l...R....O....f..P.........'........ly%...\.L...9..\..a..=.V.....u3...
........W.......f.Fm..B:....?.?T..q........m.].LFj....~..Lwq..C......M
.Y..6.K......T.....FT..l..P....m....n...}..fl.r.b....5...XQtGT..).h.bG
..\[email protected].#..xffA]...v......I)/\...v'....:..........
q....Z..)...Z.rK..8.zV.F.....n.....r&;..n.q.......6...H..i=.-.&.5.Msu.
.,.........b...r..KY9.......J...Q.8.....bl..P...s.<.|...n......5..G
.j.....9.k,..R.e.%k...0..L.%....5.E...g.].1.y..G........H........a/..-
U.,6k.< .b......U.#.k.....#...<...........z.*.w.........-.z.V...
..........v.m....%z...m..,......h..6..7...../.h..6....k..:JV.z.R.....0
[email protected]....#=hH6p..,..........CLo~r.Fl~F_..TT.....P...G..&.~...i
.z......M:a....;..r..~3b..... .......}.g.\c...AL..L.l..w..]...9...].=j
=........X.2|alV....W........[b..zyc.Z... .......K2...\..X-..........0
.D0~50^..*]........l..Y...f{..<$`K8.8Q..........l.....[.(O.}5..
<<< skipped >>>


GET /core.php?web_id=5645354&t=z HTTP/1.1
Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: c.cnzz.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine
Date: Sat, 31 May 2014 21:20:41 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sat, 31 May 2014 21:20:41 GMT
Expires: Sat, 31 May 2014 21:35:41 GMT
31e..!function(){var a,b,c,d=encodeURIComponent,e="5645354",f="",g="",
h="online_v3.php",i="z12.cnzz.com",j="1",k="text",l="z",m="站
8271;统计",n=window["_CNZZDbridge_" e].bobject,o="https:"=
=document.location.protocol?"https:":"http:",p="0",q=o "//online.cnzz.
com/online/" h,r=[];r.push("id=" e),r.push("h=" i),r.push("on=" d(g)),
r.push("s=" d(f)),q ="?" r.join("&"),"0"===p&&n.callRequest([o "//cnzz
.mmstat.com/9.gif?abc=1"]),j&&(""!==g?n.createScriptIcon(q,"utf-8"):(b
="z"==l?"hXXp://VVV.cnzz.com/stat/website.php?web_id=" e:"hXXp://quanj
ing.cnzz.com","pic"===k?(c=o "//icon.cnzz.com/img/" f ".gif",a="<a 
href='" b "' target=_blank title='" m "'><img border=0 hspace=0 
vspace=0 src='" c "'></a>"):a="<a href='" b "' target=_bla
nk title='" m "'>" m "</a>",n.createIcon([a])))}();...0..



GET /imgn/sehome/tjv1/new-ico.png HTTP/1.1
Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: p3.123.sogoucdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Sat, 31 May 2014 21:20:24 GMT
Content-Type: image/png
Content-Length: 211
Last-Modified: Mon, 28 Jan 2013 11:52:04 GMT
Connection: keep-alive
Expires: Mon, 30 Jun 2014 21:20:24 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
.PNG........IHDR.............&P......sBIT.....O.....PLTE...???.Mv.....
tRNS..[.".....pHYs.........B.4.....tEXtCreation Time.12/28/12...5....t
EXtSoftware.Adobe FireworksO..N....IDAT..c` .H..!...2.1_.......IEND.B`
.....


GET /imgn/sehome/tjv1/img-video-2.gif HTTP/1.1


Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: p3.123.sogoucdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Sat, 31 May 2014 21:20:24 GMT
Content-Type: image/gif
Content-Length: 225
Last-Modified: Wed, 15 May 2013 13:45:48 GMT
Connection: keep-alive
Expires: Mon, 30 Jun 2014 21:20:24 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
GIF89a................................................................
.......................................!.......,..........^...di....J.
.. .k..O.......cT..t.F.A(...@ ...TN.Tz| .*......R....>..e.<R..A6
.....D'..@..')'.#.!.;..



GET /stat.htm?id=5645354&r=http://VVV.mdtxw.org/miniindex/&lg=en-us&ntime=1401571241&repeatip=0&rtime=0&cnzz_eid=2021759436-1401571240-&showp=1024x768&st=-17582&sin=none&t=undefinedundefinedundefined&rnd=60436568 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/meinv.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: hzs10.cnzz.com
Connection: Keep-Alive
Cookie: cna=qjURDAV7x0wCAbhrJiZWvYLP


HTTP/1.1 200 OK
Server: Tengine/1.4.1
Date: Sat, 31 May 2014 21:20:47 GMT
Content-Type: image/gif
Content-Length: 43
Last-Modified: Tue, 28 May 2013 02:57:17 GMT
Connection: close
Accept-Ranges: bytes
GIF89a.............!.......,...........D..;..



GET /web/images/texture.gif HTTP/1.1
Accept: */*
Referer: hXXp://VVV.fjmjm.com/web/welcome_cn.htm?ver=2.4.1.9&guid=ad4d7c051d43bc0597ddecc622c039c164f2c5c0f88e4007bf51a1829685440b1401553625&lastver=
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: VVV.fjmjm.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 11841
Content-Type: image/gif
Last-Modified: Thu, 17 Apr 2014 15:36:33 GMT
Accept-Ranges: bytes
ETag: "80965fcf525acf1:420"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 21:20:15 GMT
GIF89a..^.............................................................
......................................................................
.................................................................!....
...,......^......pH,....r.l:...tJ.Z...v..z...xL.....z.n....|N.....~...
......................................................................
...............................................................H......
*\......#J.H.....3j...... C..I....(S.\[email protected]...
.H.*].....P.J.J....X.j......`...K....h..].....p...K....x............L.
..... ^......#K.L.....3k.......C..M.....S.^......c..M.....s...........
N...... _.......K..`.\..p@......!....}{..E..h......q.(..=..! h........
G.}5...~.$.C}X`7.........H.J....v.*X..........7!y>...y.^.R..v(...a.
.{. ..~...@.>....-.h...q.d.4....B6......$.V^9...e....e.#..]..xE2.d.
Y.....p..._v..|...$.V.G^.V....nf).BH*...E.Gc..Nq#yqn.^...0A...z(A."hg.
#"....Jq..`....@...@H..$.L..d.K.H^.c.H....jO...)&.I.......B.!......h..
.M..x.>.evi.`......m;.....TD ..K....^....8L0............g..D.8R....
l*.;.......'.{[email protected]<........Z._.K.{/.-.h.....n...l..V...{...o...`
[email protected]./|. ....581.Iv....D.A.,.._.P
..A......M.... .x>....vj-...|.t..6K(....1.k.....tN.1z.........Y....
..n.:..T...z.>L..~....".....O....A..Z.}..=T_........3.... /...\. |.
.?.../......p......-.P.....}2..S....F}.}........d`=.K..%x.".M~.._.&...
....[..|A&.T.|.L.......O.([email protected]"...<..
.F=....H.*....3...h=....!.A...5'[email protected]....
<<< skipped >>>






The Trojan-Dropper connects to the servers at the folowing location(s):







%original file name%.exe_816:




.text
`.rdata
@.data
.ndata
.rsrc
uDSSh
.DEFAULT\Control Panel\International
Software\Microsoft\Windows\CurrentVersion
GetWindowsDirectoryA
KERNEL32.dll
ExitWindowsEx
USER32.dll
GDI32.dll
SHFileOperationA
ShellExecuteA
SHELL32.dll
RegEnumKeyA
RegCreateKeyExA
RegCloseKey
RegDeleteKeyA
RegOpenKeyExA
ADVAPI32.dll
COMCTL32.dll
ole32.dll
VERSION.dll
verifying installer: %d%%
http://nsis.sf.net/NSIS_Error
... %d%%
~nsu.tmp
%u.%u%s%s
RegDeleteKeyExA
%s=%s
*?|<>/":
DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsy2.tmp\bind.dll
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsy2.tmp\bind.dll
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsy2.tmp
;.ET&
.gcb`
de$%s[
   
nsy2.tmp
0, 0, 0)
S~1\Temp\nsy2.tmp
%original file name%.exe
c:\%original file name%.exe
%Program Files%\shandian"
%Program Files%\shandian
CUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nse1.tmp
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\
Nullsoft Install System v2.45
%Documents and Settings%\%current user%\Start Menu\Programs\

%original file name%.exe_816_rwx_10004000_00001000:




callback%d

cmd.exe_1716:




.text
`.data
.rsrc
KERNEL32.dll
NTDLL.DLL
msvcrt.dll
USER32.dll
SetConsoleInputExeNameW
APerformUnaryOperation: '%c'
APerformArithmeticOperation: '%c'
ADVAPI32.dll
SHELL32.dll
MPR.dll
RegEnumKeyW
RegDeleteKeyW
RegCloseKey
RegOpenKeyW
RegCreateKeyExW
RegOpenKeyExW
ShellExecuteExW
CmdBatNotification
GetWindowsDirectoryW
GetProcessHeap
GetCPInfo
GetConsoleOutputCP
_pipe
GetProcessWindowStation
cmd.pdb
pauseelims=- tokens=1-2" %%e in ("%reglist1%") do (reg add %%a /v "%%e" /d %%f /f)
pause/f "delims=- tokens=1-2" %%e in ("%reglist1%") do (reg add %%a /v "%%e" /d %%f /f)
pausee" /d %%f /f)
pausefor /f "delims=- tokens=1-2" %%e in ("%reglist1%") do (reg add %%a /v "%%e" /d %%f /f)
pause (reg add %%a /v "%%e" /d %%f /f)
pauses=- tokens=1-3" %%b in ("%reglist2%") do (reg add %%a /v %%b /t %%c /d %%d /f)
for /f "delims=- tokens=1-2" %%e in ("%reglist1%") do (reg add %%a /v "%%e" /d %%f /f)
CMD Internal Error %s
)(&&())))(&))
)&((&)&))&())
)&((&)&)&()))
)(&&()))&))))
CMD.EXE
()|&=,;"
COPYCMD
\XCOPY.EXE
CMDCMDLINE
WKERNEL32.DLL
Software\Policies\Microsoft\Windows\System
0123456789
cmd.exe
DIRCMD
%d.%d.d
Ungetting: '%s'
DisableCMD
GeToken: (%x) '%s'
%s\Shell\Open\Command
%x %c
*** Unknown type: %x
Args: `%s'
Cmd: %s Type: %x
%s (%s) %s
r /f "delims=- tokens=1-2" %e in ("Start Page-"http://www.jlbnh.com" ") do (reg add %a /v "%e" /d %f /f)
/www.jlbnh.com"") do (reg add %a /v %b /t %c /d %d /f)
a /v "%e" /d %f /f
lbnh.com" "
A-08002B30309D}\shell\OpenHomePage\Command"
//www.jlbnh.com"
%Program Files%\shandian>
.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
%WinDir%;%WinDir%\System32\Wbem;c:\Program Files\Wireshark
or /f "delims=- tokens=1-2" %%e in ("%reglist1%") do (reg add %%a /v "%%e" /d %%f /f)
CMDEXTVERSION
KEYS
%Program Files%\shandian
Press any key to continue . . .
ernet Explorer\Main" /v "Start Page" /d "http://www.jlbnh.com" /f
orer\iexplore.exe http://www.jlbnh.com" /f
%s %s
(%s) %s
%s %s%s
&()[]{}^=;!%' ,`~
d%sd%s
-%sd%sd%sd
d%sd%sd
%s=%s
X-X
.COM;.EXE;.BAT;.CMD;.VBS;.JS;.WS
<> -*/%()|^&=,
\CMD.EXE
Windows Command Processor
5.1.2600.5512 (xpsp.080413-2111)
Cmd.Exe
Windows
Operating System
5.1.2600.5512
Press any key to continue . . . %0
operable program or batch file.
The system cannot execute the specified program.
and press any key when ready. %0
Microsoft Windows XP [Version %1]%0
a pipe operation.
KEYS is on.
KEYS is off.
The process tried to write to a nonexistent pipe.
The switch /Y may be preset in the COPYCMD environment variable.
to prompt on overwrites unless COPY command is being executed from
Switches may be preset in the DIRCMD environment variable. Override
Quits the CMD.EXE program (command interpreter) or the current batch
CMD.EXE. If executed from outside a batch script, it
will quit CMD.EXE
ERRORLEVEL that number. If quitting CMD.EXE, sets the process
Displays or sets a search path for executable files.
Type PATH ; to clear all search-path settings and direct cmd.exe to search
Changes the cmd.exe command prompt.
$B | (pipe)
$V Windows XP version number
Displays, sets, or removes cmd.exe environment variables.
Displays the Windows XP version.
Tells cmd.exe whether to verify that your files are written correctly to a
Records comments (remarks) in a batch file or CONFIG.SYS.
Press any key to continue . . . %0
Directs cmd.exe to a labeled line in a batch program.
NOT Specifies that Windows XP should carry out
will execute the command after the ELSE keyword if the
I The new environment will be the original environment passed
to the cmd.exe and not the current environment.
SEPARATE Start 16-bit Windows program in separate memory space
SHARED Start 16-bit Windows program in shared memory space
If it is an internal cmd command or a batch file then
the command processor is run with the /K switch to cmd.exe.
If it is not an internal cmd command or batch file then
parameters These are the parameters passed to the command/program
under Windows XP.
Starts a new instance of the Windows XP command interpreter
CMD [/A | /U] [/Q] [/D] [/E:ON | /E:OFF] [/F:ON | /F:OFF] [/V:ON | /V:OFF]
/D Disable execution of AutoRun commands from registry (see below)
/A Causes the output of internal commands to a pipe or file to be ANSI
/U Causes the output of internal commands to a pipe or file to be
variable var at execution time. The %var% syntax expands variables
of an executable file.
If /D was NOT specified on the command line, then when CMD.EXE starts, it
either or both are present, they are executed first.
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\AutoRun
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun
can enable or disable extensions for all invocations of CMD.EXE on a
following REG_DWORD values in the registry using REGEDT32.EXE:
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\EnableExtensions
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\EnableExtensions
particular invocation of CMD.EXE with the /V:ON or /V:OFF switch. You
can enable or disable completion for all invocations of CMD.EXE on a
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\DelayedExpansion
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DelayedExpansion
at execution time.
CMD.EXE with the /F:ON or /F:OFF switch. You can enable or disable
completion for all invocations of CMD.EXE on a machine and/or user logon
the registry using REGEDT32.EXE:
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\CompletionChar
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\PathCompletionChar
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\CompletionChar
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\PathCompletionChar
Shift key with the control character will move through the list
&()[]{}^=;!%' ,`~
Command Processor Extensions enabled by default. Use CMD /? for details.
ASSOC [.ext[=[fileType]]]
.ext Specifies the file extension to associate the file type with
ASSOC .pl=PerlScript
FTYPE PerlScript=perl.exe %%1 %%*
script.pl 1 2 3
set PATHEXT=.pl;%%PATHEXT%%
The restartable option to the COPY command is not supported by
this version of the operating system.
The following usage of the path operator in batch-parameter
The unicode output option to CMD.EXE is not supported by this
version of the operating system.
If Command Extensions are enabled the DATE command supports
If Command Extensions are enabled the TIME command supports
If Command Extensions are enabled the PROMPT command supports
is pretty simple and supports the following operations, in decreasing
! ~ - - unary operators
* / %% - arithmetic operators
  - - arithmetic operators
&= ^= |= <<= >>=
If you use any of the logical or modulus operators, you will need to
values. If SET /A is executed from the command line outside of a
assignment operator requires an environment variable name to the left of
the assignment operator. Numeric values are decimal numbers, unless
occurrence of the remaining portion of str1.
Finally, support for delayed environment variable expansion has been
added. This support is always disabled by default, but may be
enabled/disabled via the /V command line switch to CMD.EXE. See CMD /?
of text is read, not when it is executed. The following example
So the actual FOR loop we are executing is:
%Í%% - expands to the current directory string.
%ÚTE%% - expands to current date using same format as DATE command.
%%CMDEXTVERSION%% - expands to the current Command Processor Extensions
%%CMDCMDLINE%% - expands to the original command line that invoked the
If Command Extensions are enabled the SHIFT command supports
control is passed to the statement after the label specified. You must
%%4 %%5 ...)
CMD /? for details.
This works because on old versions of CMD.EXE, SETLOCAL does NOT
command execution.
non-executable files may be invoked through their file association just
by typing the name of the file as a command. (e.g. WORD.DOC would
launch the application associated with the .DOC file extension).
When executing an application that is a 32-bit GUI application, CMD.EXE
the command prompt. This new behavior does NOT occur if executing
When executing a command line whose first token is the string "CMD "
without an extension or path qualifier, then "CMD" is replaced with
the value of the COMSPEC variable. This prevents picking up CMD.EXE
When executing a command line whose first token does NOT contain an
extension, then CMD.EXE uses the value of the PATHEXT
.COM;.EXE;.BAT;.CMD
When searching for an executable, if there is no match on any extension,
If Command Extensions are enabled, and running on the Windows XP
forms of the FOR command are supported:
Walks the directory tree rooted at [drive:]path, executing the FOR
passes the first blank separated token from each line of each file.
is a quoted string which contains one or more keywords to specify
different parsing options. The keywords are:
be passed to the for body for each iteration.
where a back quoted string is executed as a
FOR /F "eol=; tokens=2,3* delims=, " %%i in (myfile.txt) do @echo %%i %%j %%k
would parse each line in myfile.txt, ignoring lines that begin with
a semicolon, passing the 2nd and 3rd token from each line to the for
line, which is passed to a child CMD.EXE and the output is captured
IF CMDEXTVERSION number command
The CMDEXTVERSION conditional works just like ERRORLEVEL, except it is
CMDEXTVERSION conditional is never true when Command Extensions are
%%CMDCMDLINE%% will expand into the original command line passed to
CMD.EXE prior to any processing by CMD.EXE, provided that there is not
already an environment variable with the name CMDCMDLINE, in which case
%%CMDEXTVERSION%% will expand into a string representation of the
current value of CMDEXTVERSION, provided that there is not already
an environment variable with the name CMDEXTVERSION, in which case you
under Windows XP, as command line editing is always enabled.
CMD.EXE was started with the above path as the current directory.
UNC paths are not supported. Defaulting to Windows directory.
CMD does not support UNC paths as current directories.
UNC paths not supported for current directory. Using
to create temporary drive letter to support UNC current
Missing operand.
Missing operator.
The COMSPEC environment variable does not point to CMD.EXE.
The FAT File System only support Last Write Times
of a batch script is reached, an implied ENDLOCAL is executed for any
application execution.
The switch /Y may be present in the COPYCMD environment variable.
to prompt on overwrites unless MOVE command is being executed from
when CMD.EXE started. This value either comes from the current console
The COLOR command sets ERRORLEVEL to 1 if an attempt is made to execute

shandian.exe_192:




.text
`.rdata
@.data
.rsrc
SSSSh
RSSSSh
QSSSSh
SRjdPSSSSh
QSSSShD
PSSSSh
QSSSShC
SSShT
;;~%U
F\t SSh
FHSSh
VHSSh
F<%u?
t.SVP
unzip 1.01 Copyright 1998-2004 Gilles Vollant - http://www.winimage.com/zLibDll
<4,$?7/'
(3-!0,1'8"5.*2$
inflate 1.2.3 Copyright 1995-2005 Mark Adler
WINMM.dll
WS2_32.dll
IMM32.dll
VERSION.dll
GetWindowsDirectoryW
GetProcessHeap
KERNEL32.dll
GetKeyState
GetAsyncKeyState
EnumThreadWindows
EnumWindows
keybd_event
MapVirtualKeyW
EnumChildWindows
UnhookWindowsHookEx
SetWindowsHookExW
GetKeyboardLayoutNameW
LoadKeyboardLayoutW
GetKeyNameTextW
RegisterHotKey
UnregisterHotKey
USER32.dll
GDI32.dll
comdlg32.dll
RegCloseKey
RegOpenKeyW
RegCreateKeyW
RegDeleteKeyW
RegOpenKeyExW
RegGetKeySecurity
RegEnumKeyW
RegQueryInfoKeyW
RegSetKeySecurity
RegCreateKeyExW
ADVAPI32.dll
ShellExecuteExW
ShellExecuteW
SHFileOperationW
SHELL32.dll
ole32.dll
OLEAUT32.dll
CreateUrlCacheEntryW
CommitUrlCacheEntryW
GetUrlCacheEntryInfoW
InternetCrackUrlW
DeleteUrlCacheEntryW
HttpOpenRequestA
CommitUrlCacheEntryA
HttpAddRequestHeadersA
DeleteUrlCacheEntryA
FindCloseUrlCache
FindNextUrlCacheEntryA
UnlockUrlCacheEntryFileA
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryW
UnlockUrlCacheEntryFileW
FindFirstUrlCacheEntryW
InternetCanonicalizeUrlW
FtpCommandW
FtpOpenFileW
HttpEndRequestW
HttpSendRequestExW
HttpOpenRequestW
FtpGetFileSize
HttpQueryInfoW
WININET.dll
DSOUND.dll
UrlCombineW
UrlIsOpaqueW
PathIsURLW
UrlGetPartW
SHDeleteKeyW
UrlCanonicalizeW
SHEnumKeyExW
UrlIsW
SHQueryInfoKeyW
SHLWAPI.dll
MSVCRT.dll
_acmdln
CoInternetCombineUrl
CoGetClassObjectFromURL
urlmon.dll
NETAPI32.dll
gdiplus.dll
WINTRUST.dll
COMCTL32.dll
URL=%s
_twpass
Content-Disposition: form-data; name="%s"
Content-Disposition: form-data; name="%s"; filename="%s"
cmdline
@%s#%s
%s%s; %s)
Referer: %s
msjava.dll
\msjava.dll
/uploaderapi2.swf
1.2.3
http://%s%s
HTTP/1.0
Mozilla/4.0
www1.baidu.com
www.baidu.com
baidu.com
.jpeg
\\.\PhysicalDrive%d
\\.\Scsi%d:
XXXXXX
ADD_DATE="%s"
LOVEFAV="%d"
LAST_MODIFIED="%s"
LAST_VISIT="%s"
%s=%s
%s=%s HTTPS=%s
0d
error %d with zipfile in unzCloseCurrentFile
error %d with zipfile in unzReadCurrentFile
extracting: %s
error opening %s
%s%s/
The file %s exists. Overwrite ? [y]es, [n]o, [A]ll:
error %d with zipfile in unzOpenCurrentFilePassword
creating directory: %s
error %d with zipfile in unzGetCurrentFileInfo
error %d with zipfile in unzGoToNextFile
error %d with zipfile in unzGetGlobalInfo
.html
.htm0
http:
NUL=%s
DIRNUL=%s
wininit.ini
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
00000000000000000001
00000000000000000010
http= HTTPS=
var twFloatTimer%%s;
var twFloatEle%%s;
var twFloatEf%%s = "%ï";
function TWFloatFilterHide%%s( )
if( twFloatEf%%s == "0" )
twFloatEle%%s.removeNode( true );
if( twFloatEle%%s.filters.alpha.opacity > 30 )
twFloatEle%%s.filters.alpha.opacity-=30;
twFloatTimer%%s=window.setTimeout( "TWFloatFilterHide%%s()",100);
window.clearTimeout(twFloatTimer%%s);
twFloatEle%%s.filter="";
twFloatEle%%s.posWidth
twFloatEle%%s.posHeight
twFloatEle%%s.posLeft
twFloatEle%%s.posTop
twFloatEle%%s = document.getElementById( "%%id" );
if( twFloatEf%%s == "1" )
twFloatEle%%s.style.filter="Alpha(Opacity=100, FinishOpacity=0, Style=3)";
K0=http://*.google.c*/search?*q=*
S0=try{col=document.getElementsByName('q');external.SetSearchKey( %max_security_id,col[0].value );}catch (e) {}
K1=http://*.baidu.com/*?*=*
S1=try{col=document.getElementsByName('wd');var str;if( col.length )str= col[0].value;else{col=document.getElementsByName('word');if( col.length ){str
= col[0].value;}}if( str.length != 0 ){external.SetSearchKey( %max_security_id,col[0].value );}}
K2=http://search.live.com/*?q=*
S2=try{col=document.getElementsByName('q');external.SetSearchKey( %max_security_id,col[0].value );}catch (e) {}
SearchLeftPad=7
AdressLeftPad=8
****7@0**.32****
****23-**0@7****
<**19=?4****
****4?=91**<
(4**/8=?7 ***
*** 7?=8/**4(
****,**** ****
**** ****,****
44222222222
-.--.-..*)
$@/ 8"/ 
VS.iw1A<:7
this.isSel = false;
this.bg = this.create('div', '', {}, {'display': 'none', 'zoom': '1', 'filter': 'alpha(opacity=20)', 'backgroundColor': '#000000', 'position': 'absolute', 'zIndex': '998', 'textAlign': 'center', 'width': '100%', 'height': window.screen.availHeight   'px', 'left': '0px', 'top': parseInt(this.$dom.body.parentNode.scrollTop || 0, 10)   'px', 'margin': '0'});
this.pane = this.create('div', '', {'id': 'TW_Plugin_Vest_Pane'}, {'display': 'none', 'backgroundColor': '#FFFFFF', 'padding': '0', 'position': 'absolute', 'zIndex': '999', 'textAlign': 'left'});
this.$dom.body.appendChild(this.bg), this.$dom.body.appendChild(this.pane);
__$Effect.prototype = {
this.pane.innerHTML = '', this.pane.appendChild(b);
var el = this.$dom.createElement(tag);
for (var a in sty || {}) el.style[a] = sty[a];
txt && (el.innerHTML = txt), c && (el.onclick = c);
this.bg.style.display = 'none', this.pane.style.display = 'none', this.$dom.body.style.overflow = this.$dom.body.parentNode.style.overflow = '';
this.$dom.body.onselectstart = this.selEv || null;
setTimeout(function () {for(var i = 0; i < _tag('select').length; i   ) _tag('select')[i].style.visibility = 'visible';}, 1);
document.body.onkeypress = function () {
if(event.keyCode == 13)
URL_Openall();
document.body.scrollTop = 0;
return event.keyCode != 13;
fx && (this.fade(0, this.bg), this.fade(0), this.opacity = 0);
this.bg.style.display = '' , this.pane.style.display = '';
This.selEv = This.$dom.body.onselectstart, This.$dom.body.onselectstart = function() {return This.isSel;};
This.$dom.body.style.overflow = This.$dom.body.parentNode.style.overflow = 'hidden';
for(var i = 0; i < _tag('select').length; i   ) _tag('select')[i].style.visibility = 'hidden';
fx && (This.timer = window.setInterval(function () {
This.fade((This.opacity  = 10) / 100, This.bg);
if(This.opacity >= 20) {
clearInterval(This.timer);
This.fade(0.2, This.bg);
This.fade(0.99);
}, 100));
e = e || this.pane;
e.style.zoom = '1', e.style.filter = 'alpha(opacity='   parseInt(v >= 1 ? '99' : v * 100)   ')';
l && (this.pane.style.left = l   'px'), t && (this.pane.style.top = t   'px'), l == 0 && (this.pane.style.left = '0px'), t == 0 && (this.pane.style.top = '0px');
return (e || document).getElementsByTagName(t);
.white:link {font-size:12px;text-decoration:none;color: #eff8fb}
.white:visited {font-size:12px;text-decoration:none;color: #eff8fb}
.white:active {font-size:12px;text-decoration: none;color: #033B7D}
.white:hover {font-size:12px;text-decoration:none;color: #FF5A00}GIF89a6
A.cb:link {
A.cb:visited {
A.cb:active {
A.cb:hover {
.tlb {
.bb {
.bl {
background:url(callapse.gif) 90% 50% no-repeat;
background:url(callapse_hover.gif) 90% 50% no-repeat;
background:url(expand.gif) 90% 50% no-repeat;
background:url(expand_hover.gif) 90% 50% no-repeat;
var securityId = external.twGetSecurityID(window);
surl = "http://www.google.cn/search?client=aff-worldbrowser&channel=errorpage&forid=1&ie=utf-8&oe=UTF-8&hl=zh-CN&q="   encodeURI( searchtext.value );
window.open( surl );
surl = "http://www.baidu.com/baidu?word=" searchtext.value "&tn=ichuner_4_pg";
surl = "http://www.sogou.com/sogou?query=" searchtext.value "&pid=sogou-addr-6311b2f8bde6a1c3";
Function RequestQueryString( url, ArgName )
= trim(url)
If url = "" Or IsNull(url) Then
If IsObject(parent.location) Then
url = parent.location.href
url = location.href
url = location
nPos = InStr( LCase(url), LCase(ArgName) )
tmpArgVal = right( url, len(url)-nPos 1 )
If InStr( url, "?" ) > 0 Then
ArrTmp = split( url, "?" )
if err.number <> 0 then
err.clear
strUrl = RequestQueryString( url, "url" )
strDomain = RequestQueryString( url, "domain" )
strErrName = RequestQueryString( url, "code" )
document.getElementById("googleSE").value = _neSearchEngine.google;
document.getElementById("baiduSE").value = _neSearchEngine.baidu;
var news = document.getElementById('news');
var frame = document.getElementById("newsFrame");
frame.src = "http://www.fjmjm.com/web/frame_naverror.html";
news.style.display='block';
el.className='a_e';
external.SetOptionValue(securityId,"option","ep_related","1");
news.style.display='none';
el.className='a_c';
external.SetOptionValue(securityId,"option","ep_related","0");
if(document.getElementById("news").currentStyle.display == "block")
this.setDisplay(false,el);
this.setDisplay(true,el);
var defValue = external.GetOptionValue(securityId,"option","ep_related");
this.setDisplay(true,document.getElementById("displayCtrl"));
window.attachEvent("onload",function(){
DisplayMgr.init();
.in1{width: 220px;}
return window.external.twGetFormByIndex( window, "", nIndex );
formName = window.external.twGetFormDataInfo( window, "", formID, dataName );
window.external.twSetFormDataInfo( window, "", formID, "tw_formName", formName );
window.external.twUnInitFormData( window, "", 0 );
pObj = window.event.srcElement;
pObj.style.color=_tabhottextcolor;
pObj.style.color=_tabtextcolor;
oTr = pObj.parentElement.parentElement.parentElement;
oTb = oTr.parentElement.parentElement;
formID = oTr.getAttribute( "tw_formID" );
window.external.twDeleteFormData( window, "", formID );
TalComForm.deleteRow(oTr.rowIndex);
window.location.reload();
oTr = pObj.parentElement.parentElement;
TalUserForm.deleteRow(oTr.rowIndex);
if( moreInfo.style.display == "none" ){
moreInfo.style.display = "";
moreImg.src="more2.gif";
moreInfo.style.display = "none";
moreImg.src="more1.gif";
colInput = formdatatable.getElementsByTagName("input");
nCount = colInput.length;
if( colInput[i].type != "button" )
colInput[i].value = "";
oTr = _oLastSel.parentElement;
if(formID.indexOf("twcommon_")!=-1){
window.external.twFormSave( window, "", formID );
formName = tw_formName.value;
formName = userformName.innerText;
oTr.cells[1].innerText = formName;
oTr = pObj.parentElement;
comDiv.style.display = "";
userDiv.style.display = "none";
tw_formName.value = formName;
window.external.twFormLoad( window, "", formID );
comDiv.style.display = "none";
userDiv.style.display = "";
var oTr = oTb.insertRow( -1 );
var oTd = oTr.insertCell( 0 );
var oTd1 = oTr.insertCell( 1 );
oTr.height = "32px";
oTd.width = "24";
oTd.style.cursor="pointer";
oTd.onclick=OnDeleteItem;
oTd.innerHTML = "
";
oTd1.style.cursor="pointer";
oTd1.onmouseleave=OnLeaveItem;
oTd1.onmouseenter=OnEnterItem;
oTd1.onclick=OnSelectCommonItem;
oTd1.style.color=_tabtextcolor;
oTd1.noWrap = true;
oTd1.innerText=formName;
oTr.setAttribute( "tw_formID", formID );
window.external.twAddComFormData( window, "" );
var nCount = _vCommonData.length;
SelectCommonItem( TalComForm.rows[nCount-1].cells[1] );
if( _oLastSel.parentElement != null )
_oLastSel.parentElement.bgColor = _tabItemDefColor;
_oLastSel.style.fontWeight = "normal";
_oLastSel.style.color = _tabtextcolor;
pObj.parentElement.bgColor = _tabItemSelColor;
pObj.style.fontWeight = "bold";
pObj.style.color = _tabSeltextcolor;
nCount = oTab.rows.length;
oTab.deleteRow(0);
formName = tw_getFormDataInfo( _vCommonData[i].id, "tw_formName" );
OnAddForm(TalComForm, formName, _vCommonData[i].id );
var nCount = _vUserData.length;
var oTr = TalUserForm.insertRow( -1 );
oTd.onclick=OnDeleteUserFormItem;
oTd.innerHTML = "";
oTd1.innerHTML="";
formName = tw_getFormDataInfo( _vUserData[i].id, "tw_formName" );
oTd1.childNodes[0].innerText = formName;
formUrl = tw_getFormDataInfo( _vUserData[i].id, "tw_form_url" );
oTd1.childNodes[0].href = formUrl;
oTr.setAttribute( "tw_formID", _vUserData[i].id );
oTr.bgColor = "#F5F5F5";
_vCommonData.splice( 0, _vCommonData.length );
_vUserData.splice( 0, _vUserData.length );
formObj.id = tw_getFormDataByIndex( nIndex );
if(formObj.id.indexOf("twcommon_")!=-1)
_vCommonData[_vCommonData.length] = formObj;
_vUserData[_vUserData.length] = formObj;
addForm.style.color = _tabtextcolor;
if( _vCommonData.length == 0 ){
if( _vCommonData.length > 0 )
pObj = TalComForm.rows[0].cells[1];
      
 
  
document.write( "" );
var _strLoginInfo="
var _strPassQues="
var _strPass="
var _strPassAnswer="
var _strWeb="
var _strWebSite = "
var _strWebSiteLink = "http://www.fjmjm.com";
var _strPhoenixLink = "http://www.fjmjm.com";
var _strThanksLink = "http://www.fjmjm.com";
Dim g_urlArray( 1024 ):Dim g_nCountVB:g_nCountVB = 0:Function SetArray( nIndex, strItem ):if nIdex < 1024 then:
g_urlArray( nIndex ) = strItem:
end if:End Function:Function OpenAllByVB( ):call window.external.twmutinavigate( window, "", g_urlArray(0), g_nCountVB ):End Function
g_strSecurityId = external.twGetSecurityID( window )
ret = external.twoption( g_strSecurityId, nID, bWrite, g_lValue, g_bstrValue1, g_bstrValue2, g_strArray(0), g_arraySize )
var oNewNode = document.createElement("LI");
header_btn.appendChild(oNewNode);
    • inFrame.document.write( "" );
    inFrame.document.write( "
    " );
    inFrame.document.write( "
    " );
    inFrame.document.write( "
    " );
    inFrame.document.body.leftMargin = 0;
    inFrame.document.body.topMargin = 0;
    inFrame.document.body.rightMargin = 0;
    inFrame.document.body.bottomMargin = 0;
    inFrame.document.body.marginwidth = 0;
    inFrame.document.body.marginheight = 0;
    function InsertInfoItemByHTML( nLine, nChar, nErrCode, strErrMsg, strErrUrl )
    oHint.style.display="none";
    infoTable = inFrame.window.oTa;
    var oTr = infoTable.insertRow( -1 );
    oColl = infoTable.rows;
    if( oColl.length%2 )
    oTr.bgColor = "#FFFFFF";
    oTr.bgColor = "#F4FBFF";
    strLine = strTemp.replace( "$ERR_TEMP", nLine );
    strChar = strTemp.replace( "$ERR_TEMP", nChar );
    strMSG = strTemp.replace( "$ERR_TEMP", strErrMsg );
    strCode = strTemp.replace( "$ERR_TEMP", nErrCode );
    strHTML = _strHTMLString.replace( "$ERR_LINE", strLine );
    strHTML = strHTML.replace( "$ERR_CHAR", strChar );
    strHTML = strHTML.replace( "$ERR_MSG", strMSG );
    strHTML = strHTML.replace( "$ERR_CODE", strCode );
    strHTML = strHTML.replace( "$ERR_URL", strErrUrl );
    oTd.innerHTML = strHTML;
    oTr.scrollIntoView(true);
    document.write( "
    \
    "   _strExit   "
    document.write( "
     "   _strBtnOK   "\
      "   _strBtnCancel   "" );
    optionsTab.tabid = tabid;
    optionsTab.tabname = tabname;
    optionsTab.tabbgcolor = "#FFFFFF";
    optionsTab.tabhotbgcolor = "#CDE3F5";
    optionsTab.tabtextcolor = "#000000";
    optionsTab.tabhottextcolor = "#FF5A00";
    optionsTab.vSubTitleArray = new Array();
    _vOptionTabsArray[_vOptionTabsArray.length] = optionsTab;
    return optionsTab.vSubTitleArray;
    tabSubTitle.titlename = titlename;
    tabSubTitle.titleHelpLink = "";
    tabSubTitle.vIA = new Array();
    if ( arguments.length >= 3 )
    tabSubTitle.titleHelpLink = titleHelpLink;
    vSubTitleArray[vSubTitleArray.length] = tabSubTitle;
    return tabSubTitle.vIA;
    contextItem.itemID = itemID;
    contextItem.itemIndex = -1;
    contextItem.itemType = itemType;
    contextItem.itemText = itemText;
    contextItem.bItemChange = false;
    contextItem.vAA = new Array();
    contextItem.itemCode = "";
    contextItem.itemAfterCode = "";
    contextItem.itemPreCode = "";
    contextItem.itemHelpLink = "";
    if ( arguments.length >= 5 )
    contextItem.itemPreCode = itemPreCode;
    if ( arguments.length >= 6 )
    contextItem.itemAfterCode = itemAfterCode;
    if ( arguments.length >= 7 )
    contextItem.itemCode = itemCode;
    vIA[vIA.length] = contextItem;
    contextItem.itemIndex = _vOIA.length;
    _vOIA[_vOIA.length] = contextItem;
    if ( "ckbedit" == itemType && "" != contextItem.itemCode )
    contextItem.itemCode = contextItem.itemCode.replace( /#IDDEFINE/g, "id=item_edit_"   contextItem.itemIndex );
    return contextItem.itemIndex;
    radioBtn.btnText = btnText;
    radioBtn.btnPreCode = "";
    radioBtn.btnAfterCode = "";
    radioBtn.vAA = new Array();
    radioBtn.btnPreCode = btnPreCode;
    if ( arguments.length >= 4 )
    radioBtn.btnAfterCode = btnAfterCode;
    var nIndex = vRadioArray.length;
    tableList.tableRgnSize = tableRgnSize;
    tableList.tableHeight = tableHeight;
    tableList.vTopBtn = new Array();
    tableList.vBottomBtn = new Array();
    tableList.vHeader = new Array();
    tableList.bHaveCheckBox = bChecked;
    var vHeader = tableList.vHeader;
    oHeader.headerText = headerText;
    oHeader.headerWidth = headerWidth;
    oHeader.bHidden = bHidden;
    oHeader.headerText = "";
    vHeader[ vHeader.length ] = oHeader;
    var vBtn = tableList.vTopBtn;
    vBtn = tableList.vBottomBtn;
    oBtn.btnOpt = btnOpt;
    oBtn.btnText = btnText;
    vBtn[ vBtn.length ] = oBtn;
    for ( var ix = 0; ix < _vOptionTabsArray.length; ix    )
    document.write( "" );
    document.write( "
    " );
    document.write( ""   _vOptionTabsArray[ix].tabname   "" );
    for ( ix = 0; ix < _vOptionTabsArray.length; ix    )
    if ( _SelectTabIndex == _vOptionTabsArray[ix].tabid )
    if ( ix >= _vOptionTabsArray.length )
    _SelectTabIndex = _vOptionTabsArray[0].tabid;
    eval( "tabs_tr_"   _SelectTabIndex ).bgColor = _vOptionTabsArray[_SelectTabIndex].tabbgcolor;
    eval( "tabs_table_"   _SelectTabIndex ).style.display = "none";
    eval( "tabs_tr_"   _SelectTabIndex ).bgColor = _vOptionTabsArray[_SelectTabIndex].tabhotbgcolor;
    eval( "tabs_table_"   _SelectTabIndex ).style.display = "";
    divform_context.scrollTop = 0;
    _vOIA[ nIndex ].bItemChange = true;
    for ( var ix = 0; ix < vAA.length; ix    )
    var itemType = _vOIA[ vAA[ix] ].itemType;
    eval( "item_ckb_"   vAA[ix] ).disabled = bDisabled;
    eval( "item_edit_"   vAA[ix] ).disabled = bDisabled;
    oCheckBox.disabled = bDisabled;
    eval( "item_edit_"   vAA[ix] ).disabled = ( oCheckBox.disabled || !oCheckBox.checked );
    eval( "item_edit1_"   vAA[ix] ).disabled = bDisabled;
    eval( "item_edit2_"   vAA[ix] ).disabled = bDisabled;
    eval( "item_btn_"   vAA[ix] ).disabled = bDisabled;
    var vRadioArray = _vOIA[ vAA[ix] ].itemCode;
    for ( var radioIndex = 0; radioIndex < vRadioArray.length; radioIndex    )
    eval( "item_radio_"   vAA[ix]   "["   radioIndex   "]" ).disabled = bDisabled;
    eval( "item_list_"   vAA[ix] ).disabled = bDisabled;
    eval( "item_textarea_"   vAA[ix] ).disabled = bDisabled;
    if ( "ckb" == _vOIA[ nIndex ].itemType )
    if ( !eval( "item_ckb_"   nIndex ).disabled )
    bCheck = eval( "item_ckb_"   nIndex ).checked;
    RealDoAssociate( _vOIA[ nIndex ].vAA, !bCheck, bRecursive );
    else if ( "ckbedit" == _vOIA[ nIndex ].itemType )
    eval( "item_edit_"   nIndex ).disabled = !bCheck;
    else if ( "radio" == _vOIA[ nIndex ].itemType )
    var vRadioArray = _vOIA[ nIndex ].itemCode;
    var vAA = vRadioArray[ radioIndex ].vAA;
    if ( !eval( "item_radioid_"   nIndex   radioIndex ).disabled )
    bCheck = eval( "item_radioid_"   nIndex   radioIndex ).checked;
    document.write( "
     "  _vOptionTabsArray[ix].tabname   " " );
    for ( var x = 0; x < _vOptionTabsArray[ix].vSubTitleArray.length; x    )
    if ( "" != _vOptionTabsArray[ix].vSubTitleArray[x].titleHelpLink )
    titleHelp = " ";
    document.write( "
    " );
    vIA = _vOptionTabsArray[ix].vSubTitleArray[x].vIA;
    for ( var y = 0; y < vIA.length; y    )
    var itemEnd = vIA[y].itemAfterCode   "";
    if ( "" != vIA[y].itemHelpLink )
    itemEnd = " "   vIA[y].itemAfterCode   "";
    if ( "ckb" == vIA[y].itemType )
    nRet = DoOption( vIA[y].itemID, false );
    document.write( itemBegin   "
    " );
    document.write( "
    "   _vOptionTabsArray[ix].vSubTitleArray[x].titlename   ""   titleHelp   "
    "   vIA[y].itemPreCode   ""   itemEnd );
    eval( "item_ckb_"   vIA[y].itemIndex ).checked = Boolean( g_lValue );
    eval( "item_ckb_"   vIA[y].itemIndex ).disabled = true;
    else if ( "text" == vIA[y].itemType )
    document.write( itemBegin   "
    		"   vIA[y].itemPreCode   vIA[y].itemText   itemEnd );
    else if ( "edit" == vIA[y].itemType )
    document.write( itemBegin   "
    		"   vIA[y].itemPreCode   ""   itemEnd );
    eval( "item_edit_"   vIA[y].itemIndex ).value = g_bstrValue1;
    eval( "item_edit_"   vIA[y].itemIndex ).disabled = true;
    else if ( "ckbedit" == vIA[y].itemType )
    document.write( itemBegin   "
    		"   vIA[y].itemPreCode   "" );
    if ( vIA[y].itemCode == "" )
    document.write( "" );
    document.write( vIA[y].itemCode );
    document.write( itemEnd );
    else if ( "quickaddr" == vIA[y].itemType )
    document.write( itemBegin   "
    		"   vIA[y].itemPreCode   "
    "   vIA[y].itemText   ""   vIA[y].itemCode   "
    "   itemEnd );
    eval( "item_edit1_"   vIA[y].itemIndex ).value = g_bstrValue1;
    eval( "item_edit2_"   vIA[y].itemIndex ).value = g_bstrValue2;
    eval( "item_edit1_"   vIA[y].itemIndex ).disabled = true;
    eval( "item_edit2_"   vIA[y].itemIndex ).disabled = true;
    else if ( "fileselect" == vIA[y].itemType )
    document.write( itemBegin   "
    		"   vIA[y].itemPreCode   vIA[y].itemText   " "   itemEnd );
    eval( "item_btn_"   vIA[y].itemIndex ).disabled = true;
    else if ( "radio" == vIA[y].itemType )
    var vRadioArray = vIA[y].itemCode;
    document.write( itemBegin   "
    		"   vIA[y].itemPreCode );
    document.write( vRadioArray[ radioIndex ].btnPreCode   ""   vRadioArray[ radioIndex ].btnAfterCode );
    eval( "item_radio_"   vIA[y].itemIndex   "["   g_lValue   "]" ).checked = true;
    for ( radioIndex = 0; radioIndex < vRadioArray.length; radioIndex    )
    eval( "item_radio_"   vIA[y].itemIndex   "["   radioIndex   "]" ).disabled = true;
    else if ( "list" == vIA[y].itemType )
    document.write( itemBegin   "
    		"   vIA[y].itemPreCode   vIA[y].itemText   ""   itemEnd );
    eval( "item_list_"   vIA[y].itemIndex ).selectedIndex = g_lValue;
    eval( "item_list_"   vIA[y].itemIndex ).disabled = true;
    else if ( "btn" == vIA[y].itemType )
    document.write( itemBegin   "
    		"   vIA[y].itemPreCode   ""   itemEnd );
    else if ( "textarea" == vIA[y].itemType )
    document.write( itemBegin   "
    		"   vIA[y].itemPreCode   ""   itemEnd );
    eval( "item_textarea_"   vIA[y].itemIndex ).value = g_bstrValue1;
    eval( "item_textarea_"   vIA[y].itemIndex ).disabled = true;
    else if ( "gesture" == vIA[y].itemType )
    document.write( itemBegin   "
    		"   vIA[y].itemPreCode   "
    " );
    document.write( ""   vIA[y].itemCode   "
    " );
    document.write( "
    " );
    document.write( "
    " );
    gesture_listsel.style.posWidth = 250;
    var arrayID = g_strArray.toArray();
    var arrayImg = g_strArray.toArray();
    var arrayText = g_strArray.toArray();
    document.write( "
    " );
    document.write( "
    " );
    eval( "gesture_seltext_"   arrayIndex ).innerHTML = " "   gesture_listsel.options[wHigh].value;
    document.write( "
    " );
    document.write( "  "   arrayText[arrayIndex]   "
    "   itemEnd );
    else if ( "tablelist" == vIA[y].itemType )
    var tableList = vIA[y].itemCode;
    document.write( itemBegin   "
    		"   vIA[y].itemPreCode   "" );
    document.write( "
    " );
    document.write( "" );
    document.write( "" );
    for ( var headerIndex = vHeader.length - 1; headerIndex >= 0; headerIndex -- )
    if ( !vHeader[ headerIndex ].bHidden )
    vHeader[ nLastNoHiddenHeader ].headerWidth  = 17;
    for ( headerIndex = 0; headerIndex < vHeader.length; headerIndex    )
    document.write( "
    " );
    vHeader[ nLastNoHiddenHeader ].headerWidth -= 17;
    document.write( "
    "   vHeader[ headerIndex ].headerText   "
    " );
    document.write( "
    " );
    if( vIA[y].itemID == 2200 )
    InsertSearchTableListRow( vIA[y].itemIndex, arrayIndex, g_strArray.getItem( arrayIndex ) );
    InsertTableListRow( vIA[y].itemIndex, arrayIndex, g_strArray.getItem( arrayIndex ) );
    document.write( "
    " );
    var vTopBtn = tableList.vTopBtn;
    for ( var btnIndex = 0; btnIndex < vTopBtn.length; btnIndex    )
    document.write( "
    " );
    document.write( "" );
    eval( "tablelist_"   vTopBtn[btnIndex].btnOpt   "_index"   vIA[y].itemIndex ).style.posWidth = 90;
    eval( "tablelist_"   vTopBtn[btnIndex].btnOpt   "_index"   vIA[y].itemIndex ).disabled = true;
    document.write( "
    " );
    var vBottomBtn = tableList.vBottomBtn;
    for ( btnIndex = 0; btnIndex < vBottomBtn.length; btnIndex    )
    document.write( "" );
    eval( "tablelist_"   vBottomBtn[btnIndex].btnOpt   "_index"   vIA[y].itemIndex ).style.posWidth = 90;
    eval( "tablelist_"   vBottomBtn[btnIndex].btnOpt   "_index"   vIA[y].itemIndex ).disabled = true;
    document.write( "
    "   itemEnd );
    document.write( "
    " );
    for ( var ix = 0; ix < _vOIA.length; ix    )
    var x1 = strItem.search( /:\^:/ );
    strCol = strItem.substr( 0 );
    strCol = strItem.substring( 0, x1 );
    strItem = strItem.substr( x1   3 );
    var searchUrl = varArray[2];
    var searchKey = varArray[3];
    var strTemp = strChecked   ":^:"   searchName   ":^:"   searchKey   ":^:"   searchUrl   ":^:"   searchHome;
    var tableList = _vOIA[ nIndex ].itemCode;
    var oTr = oTable.insertRow( nPos );
    oTr.style.cursor = "default";
    oTr.id = "tablelist_"   nIndex   "_item"   nPos;
    oTr.onclick = OnTableListTrClick;
    for ( var ix = 0; ix < vHeader.length; ix    )
    var oTd = oTr.insertCell();
    if( ix == 0 && tableList.bHaveCheckBox )
    if ( vHeader[ix].bHidden )
    oTd.innerHTML = "";;
    oTd.innerHTML = strCol;
    oTd.width = vHeader[ix].headerWidth;
    oTd.style.wordWrap = "break-word";
    nID = this.id;
    var x1 = nID.search( /_.*_/ )   1;
    var x2 = nID.search( /_item*/ );
    var nIndex = nID.substring( x1, x2 );
    var nItemIndex = nID.substr( x2   5 );
    var nSelect = eval( "tablelist_select_"   nIndex ).value;
    eval( "tablelist_"   nIndex   "_item"   nSelect ).bgColor = "#FFFFFF";
    eval( nID ).bgColor = "#DFF4F8";
    eval( "tablelist_select_"   nIndex ).value = nItemIndex;
    var x1 = nID.search( /_*_/ )   1;
    var x2 = nID.search( /_index*/ );
    var btnOpt = nID.substring( x1, x2 );
    var nIndex = nID.substr( x2   6 );
    if ( -1 != oSelect.value )
    oTable.deleteRow( oSelect.value );
    for ( var ix = 0; ix < oTable.rows.length; ix    )
    oTable.rows( ix ).id = "tablelist_"   nIndex   "_item"   ix;
    if ( 0 == oTable.rows.length )
    oSelect.value = -1;
    else if ( oSelect.value >= oTable.rows.length )
    oSelect.value --;
    eval( "tablelist_"   nIndex   "_item"   oSelect.value ).bgColor = "#DFF4F8";
    if ( -1 != ( Number( oSelect.value ) - 1 ) )
    oTable.moveRow( oSelect.value, Number( oSelect.value ) - 1 );
    oSelect.value = Number( oSelect.value ) - 1;
    if ( Number( oSelect.value )   1 < ( oTable.rows.length ) )
    oTable.moveRow( oSelect.value, Number( oSelect.value )   1 );
    oSelect.value = Number( oSelect.value )   1;
    DoAction( _vOIA[ nIndex ].itemID, 0 );
    if( 2200 == _vOIA[ nIndex ].itemID )//
    InsertSearchTableListRow( nIndex, oTable.rows.length, g_strActionParam );
    InsertTableListRow( nIndex, oTable.rows.length, g_strActionParam );
    var oTr = oTable.rows[ oSelect.value ];
    g_strActionParam = oTr.cells[1].innerText   ":^:";
    var col = oTr.cells[0].getElementsByTagName("input");
    if(col[0].value == "on" )
    g_strActionParam  = oTr.cells[3].innerText;
    g_strActionParam  = oTr.cells[2].innerText;
    for ( var ix = 4; ix < oTr.cells.length; ix    )
    g_strActionParam  = oTr.cells[ix].innerText;
    if ( Number( ix   1 ) != oTr.cells.length )
    for ( var ix = 0; ix < oTr.cells.length; ix    )
    if ( "" == oTr.cells[ix].innerText )
    var col = oTr.cells[ix].getElementsByTagName( "input" );
    g_strActionParam  = col[0].value;
    DoAction( _vOIA[ nIndex ].itemID, 1 );
    InsertSearchTableListRow( nIndex, oSelect.value, g_strActionParam );
    InsertTableListRow( nIndex, oSelect.value, g_strActionParam );
    for ( ix = 0; ix < _vOIA.length; ix    )
    if ( "btn" == _vOIA[ix].itemType )
    if ( _vOIA[ix].bItemChange )
    if ( "ckb" == _vOIA[ix].itemType )
    g_lValue = eval( "item_ckb_"   ix ).checked;
    else if ( "edit" == _vOIA[ix].itemType )
    g_bstrValue1 = eval( "item_edit_"   ix ).value;
    else if ( "ckbedit" == _vOIA[ix].itemType )
    else if ( "quickaddr" == _vOIA[ix].itemType )
    g_bstrValue1 = eval( "item_edit1_"   ix ).value;
    g_bstrValue2 = eval( "item_edit2_"   ix ).value;
    else if ( "fileselect" == _vOIA[ix].itemType )
    else if ( "radio" == _vOIA[ix].itemType )
    var vRadioArray = _vOIA[ix].itemCode;
    if ( eval( "item_radio_"   ix   "["   radioIndex   "]" ).checked )
    else if ( "textarea" == _vOIA[ix].itemType )
    g_bstrValue1 = eval( "item_textarea_"   ix ).value;
    else if ( "list" == _vOIA[ix].itemType )
    g_lValue = eval( "item_list_"   ix ).selectedIndex;
    g_bstrValue1 = eval( "item_list_"   ix ).value;
    else if ( "tablelist" == _vOIA[ix].itemType )
    g_arraySize = oTable.rows.length;
    var oTr = oTable.rows[x];
    if( 2200 == _vOIA[ ix ].itemID )//
    strItem = oTr.cells[1].innerText   ":^:";
    if(col[0].checked == true )
    strItem  = oTr.cells[3].innerText   ":^:";
    strItem  = oTr.cells[2].innerText   ":^:";
    for ( var y = 4; y < oTr.cells.length; y    )
    strItem  = oTr.cells[y].innerText;
    if ( Number( y   1 ) != oTr.cells.length )
    for ( var y = 0; y < oTr.cells.length; y    )
    if ( "" == oTr.cells[y].innerText )
    var col = oTr.cells[y].getElementsByTagName( "input" );
    strItem  = col[0].value;
    var oTr = oTable.rows[0];
    col[0].checked = true;
    else if ( "gesture" == _vOIA[ix].itemType )
    g_arraySize = gesture_table.rows.length;
    var strItem = ( eval( "gesture_id_"   arrayIndex ).value & 0xffff ) | ( ( eval( "gesture_sel_"   arrayIndex ).value & 0xffff ) << 16 )
    DoOption( _vOIA[ix].itemID, true );
    _vOIA[ix].bItemChange = false;
    external.twclosetab( window, "" );
    Call external.twaction( window, nID, nCode, g_strActionParam )
    var _strHelpLink = "http://www.fjmjm.com";
    var _strHelpLinkRoot = "http://www.fjmjm.com/hl/cn/";
    ", "h1.1.htm" );
    ", "h1.2.htm" );
    :8-256)" );
    _vOIA[nIndex].vAA[0] = AddCI( vIA, 2402, "ckb", "
    _vOIA[nIndex].vAA[0] = AddCI( vIA, 2102, "quickaddr", "Ctrl Enter       ", "
    ", "
    ", "  
    _vOIA[nIndex].vAA[1] = AddCI( vIA, 2103, "quickaddr", "Shift Enter      ", "
    ", "
    ", "  
    _vOIA[nIndex].vAA[2] = AddCI( vIA, 2104, "quickaddr", "Ctrl Shift Enter ", "
    ", "
    ", "  
    _vOIA[nIndex].vAA[3] = AddCI( vIA, 2105, "quickaddr", "Ctrl Alt Enter", "
    ", "
    ", "  
    AddCI( vIA, -1, "text", "
    ", "h2.htm#1" );
    ", "h3.1.htm" );
    _vOIA[nIndex].vAA[0] = AddCI( vIA, 3302, "ckb", "
    Windows2000
    HTTPS
    _vOIA[_vOIA[nIndex].vAA[0]].vAA[0] = AddCI( vIA, 3303, "radio", "", "
    ", "
    ", vRadioArray );
    _vOIA[nIndex].vAA[1] = AddCI( vIA, 3304, "ckb", "
    nIndex=_vOIA[nIndex].vAA[1];
    _vOIA[nIndex].vAA[0] = AddCI( vIA, 3305, "ckb", "
    ", "h3.2.htm" );
    vRadioArray[2].vAA[0] = AddCI( vIA, 3203, "list", "
    .torrent;.ram)
    _vOIA[nIndex].vAA[0] = AddCI( vIA, 4003, "ckb", "
    ", "h4.htm#1" );
    _vOIA[nIndex].vAA[0] = AddCI( vIA, 4102, "ckb", "
    _vOIA[nIndex].vAA[1] = AddCI( vIA, 4103, "ckb", "
    _vOIA[nIndex].vAA[2] = AddCI( vIA, 4104, "ckb", "
    ", "h4.htm#2" );
    ", "h4.1.htm" );
    _vOIA[nIndex].vAA[0]=AddCI( vIA, 4403, "edit", "45", "
    _vOIA[nIndex].vAA[1] = AddCI( vIA, 4402, "textarea", "", "
    ", "
    ", "cols=\"70\" rows=\"12\"" );
    www.fjmjm.com
    _vOIA[nIndex].itemHelpLink = "h5.htm#1";
    _vOIA[nIndex].vAA[0] = AddCI( vIA, 5007, "radio", "", "
    ", "
    ", vRadioArray );
    _vOIA[nIndex].itemHelpLink = "h5.htm#2";
    _vOIA[nIndex].vAA[0] = AddCI( vIA, 5003, "ckb", "
    _vOIA[nIndex].vAA[1] = AddCI( vIA, 5004, "ckb", "
    _vOIA[nIndex].vAA[2] = AddCI( vIA, 5005, "ckb", "
    _vOIA[nIndex].vAA[3] = AddCI( vIA, 5008, "ckb", "
    ", "h5.1.htm" );
    _vOIA[nIndex].vAA[0] = AddCI( vIA, 5203, "fileselect", "
    _vOIA[nIndex].vAA[1] = AddCI( vIA, 5204, "ckb", "
    _vOIA[nIndex].vAA[2] = AddCI( vIA, 5205, "ckb", "
    _vOIA[nIndex].vAA[3] = AddCI( vIA, 5206, "radio", "", "
    ", "
    ", vRadioArray );
       
    _vOIA[nIndex].vAA[0] = AddCI( vIA, 7002, "ckb", "Internet
    _vOIA[nIndex].vAA[1] = AddCI( vIA, 7003, "ckb", "
    _vOIA[nIndex].vAA[2] = AddCI( vIA, 7004, "ckb", "Cookies
    _vOIA[nIndex].vAA[3] = AddCI( vIA, 7005, "ckb", "
    _vOIA[nIndex].vAA[4] = AddCI( vIA, 7006, "ckb", "
    _vOIA[nIndex].vAA[5] = AddCI( vIA, 7007, "ckb", "
    _vOIA[nIndex].vAA[0] = AddCI( vIA, 7100, "ckb", "
    _vOIA[nIndex].vAA[1] = AddCI( vIA, 7102, "btn", "
    ", "h8.htm#1" );
    ", "h8.htm#2" );
    _vOIA[nIndex].itemHelpLink = "h8.htm#3";
    ", "" );
    127.0.0.1:80@HTTP#
    Vista/Windows7
    Windows
    XMLHttpRequest
    _vOIA[nIndex].vAA[0] = AddCI( vIA, 9109, "ckb", "
    a.overflowHide {overflow:hidden;text-overflow:ellipsis;white-space:nowrap; width: 95%;}
    .white:hover {font-size:12px;text-decoration:none;color: #FF5A00}
    .wrap {width:700px;padding-left:40;font-size:12px;}
    .headwrap {width:100%;height:48;overflow:hidden;background-image:url(sztop2.gif);line-height: 40px;background-repeat:repeat-x;}
    .header_l {text-indent:30px;width:309px;font-size:15px;color:#FFFFFF;font-weight:bold;float:left;background-image:url(sztop.gif);background-repeat:no-repeat;}
    .header_r {height:48;float:right;}
    .header_r ul {padding-right:20px;*padding-top:10px;}
    .header_r ul li {float:left;}
    .title_frame {width:100%;overflow:hidden;font-size:12px;font-weight:bold;color:#3399cc;margin-top:16px;}
    .title_l {float:left;}
    .title_r {float:right;font-weight:normal;}
    .title_r A:link {font-size:12px;text-decoration:none;color: #3399cc}
    .title_r A:visited {font-size:12px;text-decoration:none;color: #3399cc}
    .title_r ul li {float:left;padding-left:20px;}
    .separator {width:100%;height:1px;border-top:1px solid #b7d8ed;padding:0;margin:5 0 0 0;}
    #qp_item ul li div a.overflowHide{margin-left:8px;height:16px;overflow:hidden;text-overflow:ellipsis;width:85%;}
    #qp_item .addAddress {margin: 0 0 0 40;}
    #url_item {width:100%;}
    #url_item ul {float:left;width:100%;}
    #url_item ul li {float:left;width:100%;height:32px;}
    #url_item ul li a {;height:16px; margin-left: 8px;}
    #url_item ul li img {height:16px;}
    4-.NW
    //twinfo.htm
    :$ERR_MSG
    :$ERR_CODE
    URL:    $ERR_URL";
    //twpage.htm tp*
    var _tpLastUrl = "
    var _tpAddURL = '
    var _message_noneURL = '
    //navierr.htm
    function twRS (str) {document.write(str);}
    var tip_show, g_s_id = external.twGetSecurityID(window), isTpShow, _userPages;
    var tTp = external.twGetDailyTips(g_s_id);
    if(tTp && tTp.length)
    isTpShow = true, tipText.innerHTML = tTp;
    isTpShow = false, _id('topImg_3').style.filter = 'alpha(opacity=50)', endLine.style.display = 'inline', dailytips.style.display = 'none';
    _id('topImg_3').style.filter = 'alpha(opacity='   (tip_show == '0' ? 50 : 99)   ')';
    endLine.style.display = tip_show == '0' ? 'inline' : 'none', dailytips.style.display = tip_show == '0' ? 'none' : 'inline';
    btn.innerHTML = "";
    tip_show = external.getOptionValue(g_s_id, "twhome", "showtip"), Tipshow();
    var url_loaded = 0, url_show = '', lastUrlName = [], lastUrl = [], ctLt = 0,
    oldUrlName = [], oldUrl = [], ctOld = 0, twurldivTemp = document.createElement( "div" );
    function tw_getUrlData(i, t){
    return external.twgetlasturl(window, '', i, t ? 1 : 0);
    external.twdeletelasturl(window, '', str_url = (t ? lastUrl : oldUrl)[num = Number(i)], t ? 0 : 1), (t ? lastUrl : oldUrl)[num] = "";
    for(var i = 0; str_data = tw_getUrlData(i, 0); i   , ctLt   )
    arr_temp = str_data.split(str_data.indexOf("**") != -1 ? "**" : "::"), lastUrl[i] = arr_temp[0], lastUrlName[i] = arr_temp[1];
    for(var i = 0; str_data = tw_getUrlData(i, 1); i   , ctOld   )
    arr_temp = str_data.split(str_data.indexOf("**") != -1 ? "**" : "::"), oldUrl[i] = arr_temp[0], oldUrlName[i] = arr_temp[1];
    function URL_Openall(){
    var lists = document.getElementById("url_item").getElementsByTagName("a");
    for(var i=0;i
    SetArray(g_nCountVB  ,lists[i].href);
    _userPages || (external.twclosetab(window,''));
    function OnBodyKeydown () {
    13 == event.keyCode && URL_Openall();
    function Url_LoadItem() {
    if(document.getElementById("lasturl").currentStyle.display=="none")
    url_loaded = 1, strHTML = document.createElement('ul');
    if (lastUrl.length oldUrl.length == 0)
    return (url_show = '0', lasturl.style.display = 'none', _id('topImg_2').style.filter = 'alpha(opacity=50)');
    if(i>lastUrl.length-1)
    candidate.push("
  • " filter(lastUrlName[i]) "
    • ");
    while(availSize>=0 && j<=oldUrl.length-1){
    candidate2.push("
  • " filter(oldUrlName[j]) "
    • ");
    strHTML.innerHTML = candidate2.join("") candidate.join("");
    url_item.appendChild(strHTML);
    for(var i = 0, tA = _tag('a', strHTML); i < tA.length;i  ){
    tA[i].className = tA[i].offsetWidth > 618 ? 'overflowHide' : '';
    function Urlshow(){
    _id('topImg_2').style.filter = 'alpha(opacity='   (url_show == '0' ? 50 : 99)   ')';
    lasturl.style.display = url_show == "0" ? "none" : "inline";
    url_loaded || Url_LoadItem();
    function Url_showSwitch() {
    tw_setOptVal("twhome", "showurl", url_show = url_show == "0" ? "1" : "0"), Urlshow();
    function InitUrlList() {
    btn.innerHTML = "";
    url_show = external.getOptionValue(g_s_id, "twhome", "showurl"), url_show = url_show || '1', Urlshow();
    function clearFullUrl () {
    for(var i = 0, tU = lastUrl,tOU = oldUrl; i < tU.length   tOU.length; i   )
    external.twdeletelasturl(window, '', i < tU.length ? tU[i] : tOU[i - tU.length], i < tU.length ? 0 : 1);
    lastUrlName = [], lastUrl = [], oldUrlName = [], oldUrl = [];
    url_item.innerHTML = '', url_show = '0', Urlshow();
    function getDomainByUrl( strUrl ) {return strUrl.replace(/^(http:\/\/[^\/] )\/.*/g, "$1");}
    var tryPath = external.twGetAppPath(g_s_id), strUrl = "user2.gif", tId = encodeURIComponent(strDomain)   parseInt(Math.random() * 1000, 10);
    if (strDomain && strDomain.length)
    strDomain  = (strDomain.length - 1 != strDomain.lastIndexOf("/") ? '/' : ''), strUrl = strDomain.length > 1 ? strDomain   "favicon.ico" : strUrl;
    tImg.onload = function () {_id(tId).src = this.src;}
    tImg.src = tryPath   '/ImgCache/'   strUrl.replace(/\w*:\/\//, '').replace(/\//g, '_');
    return "";
    while(line = external.getOptionValue(g_s_id, "twhome", "qp" i)){
    dataList.push(line);
    return (dataList.length==0)? null:dataList;
    this.clearData();
    if(!dataList.length)
    for(var i=0,len=dataList.length;i
    external.setOptionValue(g_s_id, "twhome", "qp" i, dataList[i]);
    external.setOptionValue(g_s_id, "twhome", "qp" i, '');
    function QP_assign(url){
    external.twnewnavigate(window, g_s_id, url, 0, 0, 0, 0);
    function QP_adjustUrl(url){
    if(pattern.test(url))
    return url;
    return "http://" url;
    var list = QPLocalDataMgr.readData();
    var strBuf = external.GetQuickPathValue(g_s_id);
    if(strBuf.length){
    list = strBuf.split(":&:");
    list.pop();
    if(list && list.length>0) {
    for(var i = 0; i < _strQPItem.length; i    )
    temp = _strQPItem[i].split( ":^:" ), strDomain = getDomainByUrl( temp[0] ), strHTML  = "
  • "   QP_InsertFavIcon( strDomain )   ""   filter(temp[1])   "
    • ";
    qp_item.innerHTML = strHTML   "";
    for (var i = 0, tA = _tag('a', qp_item);i < tA.length; i   )
    tA[i].className = tA[i].offsetWidth > 122 ? 'overflowHide' : '';
    _userPages = false, qp_tip.style.display='inline', qp_item.style.display='none';
    _id('topImg_1').style.filter = 'alpha(opacity='   (qp_show == '0' ? 50 : 99)   ')';
    quickpath.style.display = (qp_show == '0' ? 'none' : 'inline'), qp_show == '0' || QP_LoadItem();
    btn.innerHTML = "";
    qp_show = external.getOptionValue(g_s_id, "twhome", "showqp"), QPshow();
    for(var i = 0; i < _strQPItem.length; i    )
    temp = _strQPItem[i].split(":^:"), SetArray(g_nCountVB   , temp[0]);
    for(var i = 0, strName, col = _tag('li', ul_item), colInput, colInputURL; i < col.length; i    ) {
    colInput[0].style.backgroundColor = '', colInput[1].style.backgroundColor = '';
    if (colInput[1].value.trim()) {
    colInputURL = colInput[1].value.trim();
    if(!validateInput(colInputURL)) {
    colInput[1].style.backgroundColor = '#f00', colInput[1].focus();
    strName = colInput[0].value.trim();
    colInput[0].style.backgroundColor = '#f00', colInput[0].focus();
    strBufSave  = colInputURL   ':^:', strBufSave  = (strName ? strName : colInputURL)   ':&:';
    list.push(colInputURL   ':^:'  (strName ? strName : colInputURL));
    else if (colInput[0].value.trim()) {
    colInputURL = colInput[0].value.trim();
    if(colInputURL == '&' || colInputURL.indexOf(':&') != -1 || colInputURL.indexOf('&:') != -1 || colInputURL.indexOf(':^') != -1 || colInputURL.indexOf('^:') != -1) {
    strBufSave  = colInputURL   ':^:'   colInputURL   ':&:';
    list.push(colInputURL   ':^:'   colInputURL);
    external.SetQuickPathValue(g_s_id, strBufSave);
    QPLocalDataMgr.saveData(list);
    if(input == '&' || input.indexOf(':&') != -1 || input.indexOf('&:') != -1 || input.indexOf(':^') != -1 || input.indexOf('^:') != -1) {
    oNewNode.style.padding = '0', oNewNode.style.margin = '0 0 -5 0';
    oNewNode.innerHTML = "
    "  
    ""  
    ""  
    "
    ";
    ul_item.appendChild(oNewNode);
    if(lis.length > 12) {
    for(var i = 12; i < lis.length;)
    tItems.push(ul_item.removeChild(lis[i]));
    ul_item.style.height = ul_item.offsetHeight   'px';
    ul_item.style.overflowX = 'hidden';
    ul_item.style.overflowY = 'auto';
    ul_item.style.marginTop = '0px';
    tWarp.style.width = '530px';
    tTitUl.style.marginRight = '45px';
    tSep.style.marginRight = '40px';
    for(var i = 0; i < tItems.length; i   )
    ul_item.appendChild(tItems[i]);
    else if (lis.length == 12) {
    tWarp.style.width = '505px';
    tTitUl.style.marginRight = '20px';
    tSep.style.marginRight = '15px';
    ul_item.style.height = '', ul_item.style.overflowY = 'hidden';
    _ef.move(_ef.pane.offsetLeft, _ef.pane.offsetTop);
    _tag('textarea', lis[idx ? idx - 1 : lis.length - 1])[0].focus();
    parent = obj.parentElement.parentElement,
    if (col.length <= 6)
    _tag('img', parent)[0].src = 'user2.gif', tArea[0].innerHTML = '', tArea[1].innerHTML = '';
    parent.removeNode(true), col.length == 12 && valiItemNumber();
    function doOperations () {
    var warp = _ef.create('div', '', {'id': 'warp'}, {'border': '1 solid #3499CB','overflow' : 'hidden' , 'width': '505px', 'padding': '0'}), quick = _ef.create('div', '', {}, {'textAlign': 'left', 'padding': '0'}),
    tFrame = _ef.create('div', '', {'className': 'title_frame'}, {'margin': '0', 'padding': '10 0 2 0', 'cursor': 'move'}), ulItem = _ef.create('ul', '', {'id': 'ul_item'}, {'width': '97%', 'margin': '-5 3 5 3'}),
    qp_item = _ef.create('div', '', {'id': 'qp_item'}, {'margin': '-1 5 0 0', 'textAlign': 'left'}), opTool = _ef.create('div', '', {}, {'textAlign': 'left', 'margin': '0 0 0 7'}),
    celBn = _ef.create('button', _tpCancel, {}, {'width': '72px', 'height': '30px', 'margin': '15 0 15 18'}, function () {_ef.close();})
    tFrame.appendChild(_ef.create('div', _tpQuickPath, {'className': 'title_l'}, {'margin': '0 0 0 8'})), tFrame.appendChild(_ef.create('div', '
    ', {'className': 'title_r'}));
    tFrame.onmousedown = function () {
    x = event.clientX, y = event.clientY, isDrag = true, _ef.fade(0.62);
    bEvent.push(_ef.$dom.body.onmousemove, _ef.$dom.body.onmouseout, _ef.$dom.body.onmouseup);
    _ef.$dom.body.onmousemove = function () {
    if (isDrag && window.event.button) {
    var curPX = (_ef.pane.offsetLeft   event.clientX - x), curPY = (_ef.pane.offsetTop   event.clientY - y),
    tWidth = document.body.clientWidth - _ef.pane.offsetWidth, tHeight = document.body.clientHeight - _ef.pane.offsetHeight;
    _ef.move(curPX < 0 ? 0 : curPX > tWidth ? tWidth : curPX,
    curPY < 0 ? 0 : curPY > tHeight ? tHeight : curPY), x = event.clientX, y = event.clientY;
    else if(isDrag && !window.event.button)
    _ef.$dom.body.onmouseup = doMouseUp;
    for (var i = 0, temp, str, nCount = _strQPItem.length; i < (nCount > 6 ? nCount : 6); i    ) {
    temp = _strQPItem[i].split(":^:"), str = getDomainByUrl(temp[0]);
    var tLi = _ef.create('li', '', {}, {'padding': '0', 'margin': '0 0 -5 0'}), tDiv = _ef.create('div', '', {}, {'paddingLeft': '0px'});
    tDiv.innerHTML  = QP_InsertFavIcon(i < nCount - 1 ? temp[0] : null);
    tDiv.innerHTML  = "";
    tDiv.innerHTML  = "";
    tDiv.innerHTML  = "";
    tLi.appendChild(tDiv), ulItem.appendChild(tLi);
    _ef.open(), qp_item.appendChild(ulItem), qp_item.innerHTML  = ''   _tpAddURL   '';
    opTool.appendChild(_ef.create('button', _tpOK, {}, {'width': '72px', 'height': '30px', 'margin': '15 30 15 10'}, function () {QP_Save() && (location.reload())})),
    opTool.appendChild(celBn),
    qp_item.appendChild(opTool), quick.appendChild(tFrame), quick.appendChild(_ef.create('div', '', {'id': '_tw_quick_separator', 'className': 'separator'}, {'margin': '0 15 -10 15'}));
    quick.appendChild(_ef.create('div', ''   _tpName   '', {'id': '_tpName'}, {'styleFloat': 'left', 'width': '200px', 'textAlign': 'left', 'paddingLeft': '39px', 'fontSize': '12px', 'margin': '0'})),
    quick.appendChild(_ef.create('div', ''   _tpAddress   '', {'id': '_tpAddress'}, {'styleFloat': 'left', 'width': '280px', 'textAlign': 'left', 'paddingLeft': '37px', 'fontSize': '12px', 'margin': '0'})),
    quick.appendChild(qp_item), warp.appendChild(quick), _ef.setBody(warp);
    _ef.move((_ef.$dom.body.offsetWidth - 515) / 2, (_ef.$dom.body.clientHeight - 480) / 4), valiItemNumber(1);
    isDrag = false, _ef.fade(0.99),
    _ef.$dom.body.onmousemove = bEvent[0] || null,
    _ef.$dom.body.onmouseout = bEvent[1] || null,
    _ef.$dom.body.onmouseup = bEvent[2] || null,
    document.body.onkeypress = function doKeyPress() {
    if (event.keyCode == 13)
    return QP_Save() ? location.reload() : false;
    celBn.onblur = function () {
    clImg.offsetWidth && clImg.focus();
    external.SetOptionValue(g_s_id, n, k, v);
    String.prototype.trim = function () {return this.replace(/(^\s*)|(\s*$)/g, '');}
    str = str.replace(/&/g, '&');
    str = str.replace(/
    str = str.replace(/>/g, '>');
    str = str.replace(/'/g, '´');
    str = str.replace(/"/g, '"');
    str = str.replace(/\|/g, '¦');
    function _id (id) {return document.getElementById(id);}
    P#VQm.ZJN4
    version="2.0.0.1"
    name="TheWorld.exe"/>
    name="Microsoft.Windows.Common-Controls"
    version="6.0.0.0"
    publicKeyToken="6595b64144ccf1df"
    7>Url
    %XZ9A
    }).bf~
    whCQ D.hs
    z"%U?
    .IDATx
    weBR&E
    \/:*?"<>|
    %s\%s
    %s\%s.url
    %s(%d)%s
    %d,0,0,0,700,0,0,0,%d,0,0,0,0,%s
    %d,0,0,0,0,0,0,0,%d,0,0,0,0,%s
    %sskin\%s
    by %s ver: %s
    %s: %s
    by %s, ver: %s
    %sskin\%s\preview.png
    %sskin\%s\skin.ini
    res://%s/IMG_PREVIEW
    plugin.ini
    theworld.ac
    ADDRESS_URL
    http://www.fjmjm.com/web/navierr
    Software\Microsoft\Internet Explorer\TypedUrls
    %s\%s\
    %s\*.*
    Psc.js
    bypassdomain%d
    url%d
    exdm%d
    redm%d
    boundm%d
    exd%d
    red%d
    exh%d
    reh%d
    bypass%d
    qzone.qq.com
    http://
    %*.*f
    %s%u.dat
    %sca%u.dat
    tw_form_url
    password
    form.ini
    login
    nick
    loginuser
    %s%saction=f&ver=%s&guid=%s
    %s%saction=a&ver=%s&guid=%s
    %s%saction=m&ver=%s&guid=%s
    http://stat.fjmjm.com/web/theworld2up.ini
    2.4.1.9
    SUBVER_%s
    %sTheWorld_%s_%s.zip
    TheWorld.exe
    %s%s%s
    TheWorld.ini
    %s %s
    Update.ini
    WWW_OpenURLNewWindow
    WWW_OpenURL
    %d_info
    %d_url
    dltool.ini
    TheWorld.xml
    %c:\%s\
    %s.%s
    index.htm
    %s#MetalinkFile%d
    DefaultPassword
    DefaultLogin
    StateWindowSize
    %H:%M:%S
    %Y-%m-%d %H:%M:%S
    Path%d
    1.0.0.0
    2.0.0.0
    %s%s(%d)%s
    %s KB
    %s %s, %s
    %s,%s
    MIME\Database\Content Type\%s
    .aspx
    %d:%s
    %d.%d.%d %s
    0xx
    Name:%s
    Version:%s
    FileVersion:%s
    CmdLine:%s
    Module:%s
    Module Version:%s
    Code:%s
    Offset:%s
    OS Version:%s
    IE Version:%s
    multipart/form-data; boundary=%s
    http://feedback.theworld.cn/collection/
    dbghelp.dll
    |.url|.lnk|.htm|.html|.txt|
    http://www.theworld.cn/client/sync
    favsorder.db
    %s*.*
    .ShellClassInfo
    %s\Desktop.ini
    FAV_URL
    %s (%d)
    ,tww=d
    %s_url
    .shtml
    %s://%s/favicon.ico
    %s%s_favicon.ico
    %s\url.dll
    http://about:blank
    "%s" "%%1"
    %s\%s\command
    https
    %s\%s\UserChoice
    .mhtml
    .shtm
    Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
    Software\Microsoft\Windows\Shell\Associations\UrlAssociations\https\UserChoice
    Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice
    Software\Microsoft\Windows\Shell\Associations\UrlAssociations\ftp\UserChoice
    TheWorld.AssocFile.MHT\Shell
    TheWorld.AssocFile.HTM\Shell
    TheWorld.HTTP\Shell
    TheWorld.AssocFile.MHT\DefaultIcon
    IE.AssocFile.MHT\DefaultIcon
    TheWorld.HTTP\DefaultIcon
    TheWorld.AssocFile.HTM\DefaultIcon
    IE.AssocFile.HTM\DefaultIcon
    IE.HTTP
    IE.AssocFile.MHT
    IE.AssocFile.HTM
    TheWorld.HTTP
    TheWorld.AssocFile.MHT
    TheWorld.AssocFile.HTM
    SOFTWARE\Classes\.mhtml
    SOFTWARE\Classes\.mht
    SOFTWARE\Classes\.shtml
    SOFTWARE\Classes\.shtm
    SOFTWARE\Classes\.html
    SOFTWARE\Classes\.htm
    ftp\shell
    https\DefaultIcon
    http\DefaultIcon
    %SystemRoot%\system32\url.dll,0
    https\shell
    http\shell
    CLSID\{0002DF01-0000-0000-C000-000000000046}\LocalServer32
    SOFTWARE\Clients\StartMenuInternet\%s\shell\open\command
    IEXPLORE.EXE
    SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
    SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE
    SOFTWARE\Clients\StartMenuInternet\%s\
    -1,-1,-1,-1
    CLSID\%s\TreatAs
    CLSID\%s\LocalServer32
    CLSID\%s\InprocServer32
    %s\CLSID
    Software\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE
    %s\Internet Explorer\iexplore.exe
    ftp://
    https://
    .net.cn
    .com.cn
    *www.*.*
    %s%s\
    skin.ini
    %sUpdate\%s\
    Version%d
    File%d
    Name%d
    dailytips.ini
    %slanguages\dailytips_%s
    %s?ver=%s&c=%d&guid=%s
    Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION
    Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE
    ?url=
    Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_WEBOC_OMNAVIGATOR_IMPLEMENTATION
    HisSearchLeftPad
    system32\verclsid.exe
    CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\TreatAs
    wininet.dll
    kernel32.dll
    shell32.dll
    D27CDB6E-AE6D-11cf-96B8-444553540000
    6BF52A52-394A-11d3-B153-00C04F79FAA6
    22d6f312-b0f6-11d0-94ab-0080c74c7e95
    02BF25D5-8C17-4B23-BC80-D3488ABDDC6B
    CFCDAA03-8BE4-11cf-B84B-0020AFBBCCFA
    %s\vbscript.dll
    [^"' >]*
    [^"' >]{1}
    $ -^|:'./"()[]{}
    [^"' >]*?
    ntdll.dll
    %s%s.url
    |.url|
    TWINFO.HTM
    InsertInfoItemByHTML( %d, %d, %d, "%s", "%s" );
    SearchLeftPad
    AdressLeftPad
    %s:%s
    Software\Microsoft\Windows\CurrentVersion\Internet Settings
    http://www.fjmjm.com/cn/help-appendix-04.htm
    http://www.theworld.cn/
    http://www.fjmjm.com/cn/help.htm
    TWFORM.HTM
    StatusPluginKey
    http://www.fjmjm.com/cn/guide/guide_start.htm
    http://www.fjmjm.com/wz
    http://bbs.fjmjm.com
    %s&guid=%s&lastver=%s
    2.1.2.2
    2.1.2.4
    2.1.0.2
    2.0.5.1
    2.0.3.4
    2.3.0.7
    2.3.0.8
    2.2.1.0
    2.2.1.2
    2.2.1.4
    NAVIERR.HTM
    TheWorld.ico
    http://www.google.com.hk/search?client=aff-cs-worldbrowser&forid=1&ie=utf-8&oe=UTF-8&hl=zh-CN&q=%s
    http://www.google.com.hk/search?q=
    baidu.com/baidu?
    baidu.com/s
    https:
    TheWorld2_AppHotKey
    (%d-%d, %d-%d)
    %%SaveObjUrl
    MediaSaver.js
    %sMouseGesture_%d.bmp
    %s%s\MouseGesture_%d.bmp
    RecentUrl
    OldUrl
    LastUrl
    TempUrl
    LockUrl
    TWHOME.HTM
    [TempUrl]
    http://%s
    twcache.ini
    %s(%u)
    %d*%d
    external.menuArguments
    General_%d
    %s%s\%s\plugin.ini
    %s%s\%s
    TWSTATUSMSG
    {1FBA04EE-3024-11D2-8F1F-0000F87ABD16}
    CLSID\%s
    SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
    TWOPTIONS.HTM
    %s\%s\%s
    %sUpdate.ini
    SetSearchKey
    twgetlasturl
    twdeletelasturl
    ImportExportFav
    GetXmlHttpObj
    \theme.ini
    %sStartPage\Components\%s
    %sStartPage\Themes\%s
    %s,%s,%s
    twcommon_%d
    http://www.theworld.cn/client/down
    http://www.theworld.cn/client/up
    http://theworld.cn/
    http://fjmjm.com/
    http://www.fjmjm.com/
    %sTheWorld\Update\
    %s.zip
    Load VBScript.dll failed
    %s|%s
    %s - %s
    http://www.
    XMLRequestMsg
    SaveClosedUrl
    AddressHistory
    AAutoKey
    SAutoKey
    BossKey
    UseBossKey
    HTTPFilter
    ShowLUrlList
    SafeExecAll
    SafeExec
    TreatFBKeyAsTabKey
    %s%s%s%s
    google.com.hk
    google.com
    zhidao.baidu.com
    http://www.google.cn/search?client=aff-cs-worldbrowser
    google.cn
    http://www.google.cn/webhp?client=
    *@*.txt
    :\e161255a-37c3-11d2-bcaa-00c04fd929db
    Software\Microsoft\Internet Explorer\TypedURLs
    %s?ver=%s&guid=%s&c=%d
    http://www.fjmjm.com/web/inst.htm
    http://www.fjmjm.com/web/uninst.htm
    Site.ini
    MFC42U.dll
    %s?url=%s&domain=%s&code=%u
    http://www.fjmjm.com/web/
    AB.GIF
    LOGO.JPG
    LOGO.GIF
    LOGO.PNG
    shdoclc.dll/
    ieframe.dll/
    =http://auto.search.msn.com
    color:#000000; background:#%s
    %page.url
    errorUrl
    ieframe.dll
    SHDOCLC.DLL
    https://www
    http://www
    0%d:^:%d:^:%d:^:%d:^:%s:^:%s
    LeftPad
    mailto:?subject=From Browser&body=%s
    https://spreadsheets.google.com/
    http://spreadsheets.google.com/
    https://docs.google.com/
    http://docs.google.com/
    00000409
    00000404
    REST %d
    200 PORT
    HTTP/1.1
    Content-Type: %s
    Content-Length: %d
    Cookie: %s
    User-Agent: %s
    Range: bytes=%s-
    546865576F726C64-86C36F73-2C25-4a7d-91EA-F5581018A42D
    http://127.0.0.1/%s
    :/\*?"<>|.
    %d.%d.%d.%d
    \StringFileInfo\xx\%s
    %s%d.%s
    mapi32.dll
    iexplore.exe
    http://www.google.cn/search?client=aff-cs-worldbrowser&forid=1&ie=utf-8&oe=UTF-8&hl=zh-CN&q=
    %s???.dll
    %u - ???
    %s.tmp
    %s.ini
    advapi32.dll
    %d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%s
    res://%s/%s
    rSHDOCVW.DLL
    %s   %s
    i\internet explorer\iexplore.exe
    Msxml2.XMLHTTP.2.0
    Msxml2.XMLHTTP.3.0
    Msxml2.XMLHTTP.4.0
    Msxml2.XMLHTTP.5.0
    dwmapi.dll
    uxtheme.dll
    RebarC%d
    RebarB%d
    RebarA%d
    Local\%d%s
    res://%s/
    %sskin.ini
    skin\%s
    XTabDrag:%s
    USER32.DLL
    Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
    %Documents and Settings%\%current user%\Local Settings\Temp\
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\
    %WinDir%\
    c:\program files\shandian\bin\shandian.exe
    C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\TheWorld\Update\
    C:\PROGRA~1\shandian\bin\Site.ini
    C:\PROGRA~1\shandian\bin\theworld.ac
    em remaining) Downloading picture http://p5.123.sogoucdn.com/imgu/2013/08/20130830161205_609.gif...
    w.fjmjm.com/web/welcome_cn.htm?ver=2.4.1.9&guid=ad4d7c051d43bc0597ddecc622c039c164f2c5c0f88e4007bf51a1829685440b140155
    123.sogou.com
    C:\PROGRA~1\shandian\bin\twcache.ini
    %Documents and Settings%\%current user%\Favorites
    %Documents and Settings%\%current user%\Local Settings\History
    C:\PROGRA~1\shandian\bin\TheWorld.xml
    http://www.fjmjm.com/web/navierr.htm
    http://123.sogou.com/?22014
    come_cn.htm?ver=2.4.1.9&guid=ad4d7c051d43bc0597ddecc622c039c164f2c5c0f88e4007bf51a1829685440b1401553625&lastver=
    http://www.jlbnh.com
    %Program Files%\shandian\bin\shandian.ini
    res://%Program Files%\shandian\bin\shandian.exe/IL_GESTURE
    res://%Program Files%\shandian\bin\shandian.exe/
    ARROW.GIF
    CALLAPSE.GIF
    CALLAPSE_HOVER.GIF
    CANCEL.GIF
    CLOSE.GIF
    DELETE.GIF
    EFFECT.JS
    EXPAND.GIF
    EXPAND_HOVER.GIF
    FORMTITLE.GIF
    HELP.GIF
    INCREASE.GIF
    INFO.GIF
    INFO_1.GIF
    IOAGE.CSS
    LINE.GIF
    MORE1.GIF
    MORE2.GIF
    OK.GIF
    SZTOP.GIF
    SZTOP2.GIF
    TOP1.GIF
    TOP2.GIF
    TOP3.GIF
    TWFORMDEFINE.JS
    TWOPTIONS.JS
    TWOPTIONS.VBS
    TWOPTIONSDEFINE.JS
    TWPAGE.CSS
    TWPAGE_DELETE.GIF
    TWPAGE_OLD.GIF
    TWPAGE_TOP.GIF
    TWWEBDEFINE.JS
    TWWEBUTIL.JS
    USER.GIF
    USER2.GIF
    ProgID=JetCar.Netscape
    Script=On Error Resume Next:set JetCarCatch=CreateObject("JetCar.Netscape"):if err<>0 then:MsgBox("FlashGet not properly installed!"  vbCrLf "Please install FlashGet again"):else:call JetCarCatch.AddUrl("%d_url","%d_info","%page.url"):end if
    ProgID=FG2CatchUrl.Netscape
    Script=On Error Resume Next:set JetCarCatch=CreateObject("FG2CatchUrl.Netscape"):if err<>0 then:MsgBox("FlashGet 2 not properly installed!"  vbCrLf "Please install FlashGet 2 again"):else:call JetCarCatch.AddUrl("%d_url","%d_info","%page.url"):end if
    ProgID=BHO.IFlashGetNetscape
    Script=On Error Resume Next:set JetCarCatch=CreateObject("BHO.IFlashGetNetscape"):if err<>0 then:MsgBox("FlashGet mini not properly installed!"  vbCrLf "Please install FlashGet mini again"):else:call JetCarCatch.AddUrl("%d_url","%d_info","%page.url"):end if
    ProgID=NetAnts.API
    script=On Error Resume Next:set NetAntsApi=CreateObject("NetAnts.API"):if err<>0 then:MsgBox("NetAnts not properly installed on this PC!"):else:if NetAntsApi.IsUrlExist("%d_url") then : MsgBox("%d_url" vbCrLf "already in queue"):else:call NetAntsApi.AddUrl("%d_url", "%d_info", "%page.url"):end if
    ProgID=LeechGetIE.AddURL
    script=On Error Resume Next:set LeechGet=CreateObject("LeechGetIE.AddURL"):if err<>0 then:MsgBox("LeechIE.dll is not registered. Please run `regsvr32.exe LeechIE.dll'"):else:call LeechGet.AddUrl("%d_url"):end if
    ProgID=LeechGetIE.LeechIE
    script=On Error Resume Next:set LeechGet=CreateObject("LeechGetIE.LeechIE"):if err<>0 then:MsgBox("download express is not installed yet"):else:call LeechGet.AddUrl("%d_url"):end if
    ProgID=dapie.catcher
    script=On Error Resume Next:set DAPExt=CreateObject("dapie.catcher"):if err<>0 then:MsgBox("DAPIE.DLL is not registered or corrupted. Please re-install Download Accelerator Plus"):else:call DAPExt.MenuUrl("%d_url", "%page.url", ""):end if
    ProgID=NTIEHelper.NTIEAddUrl
    Script=On Error Resume Next:set Obj=CreateObject("NTIEHelper.NTIEAddUrl"):if err<>0 then:MsgBox("NetTransport2 not properly installed!"  vbCrLf "Please install NetTransport2 again"):else:call Obj.AddLink("%d_url","%d_url","%d_info"):end if
    ProgID=ThunderAgent.Agent
    script=On Error Resume Next:set ThunderAgent = CreateObject("ThunderAgEnt.Agent.1"):if err<>0 then:
    MsgBox("Thunder is not installed properly!Please Install IDM again"):
    call ThunderAgent.AddTask4("%d_url", "", "", "%d_info", "%page.url", -1, 0, -1, document.cookie, "", ""):call ThunderAgent.CommitTasks2(1):set ThunderAgent = nothing:end if
    ProgID=xunleibho.CatchRightClick.1
    script=On Error Resume Next:set ThunderApi = CreateObject("xunleibho.CatchRightClick.1"):if err<>0 then:
    Info="#*01#*"   "%d_url"   "#*02#*"   document.Url   "#*03#*"   "%d_info"   "#*04#*thunder_mini#*05#*"\nr=ThunderApi.sendUrl(Info)
    Info="#*01#*"   "%d_url"   "#*02#*"   document.Url   "#*03#*"   "%d_info"   "#*04#*
    4#*05#*"\nr=ThunderApi.sendUrl(Info)
    ProgID=ThunderServer.WebThunder.1
    Script=On Error Resume Next:Set obj=CreateObject("ThunderServer.WebThunder"):If Err<>0 Then:MsgBox("Web
    not properly installed!"):Else:Call obj.CallAddTask2("%d_url", "%d_info", "%page.url", 1, "", "", ""):End If
    ProgID=NxApi.myComponent
    script=On Error Resume Next\nset WGApi=CreateObject("NxApi.myComponent")\nif err<>0 then\nelse\ncall WGApi.AddUrl("%d_url","%d_info","%page.url")\n\nend if
    ProgID=DuInvoke.Du_Invoke
    script=On Error Resume Next\nset duObject=CreateObject("DuInvoke.Du_Invoke")\nif err<>0 then \n
    MsgBox("DownUp2U not properly installed!"  vbCrLf "Please install DownUp2U again")\n
    else\n call duObject.DownloadOneLink( "%d_url", "%page.url", "%d_info" )\n end if
    ProgID=PNP.InterfaceCore.1
    if left("%d_url", 5) = "is://" then \n window.navigate("%d_url") \n
    ISLink = "is://|link_down|"   "%d_info"   "|"   "%d_url"   "|"   document.Url   "/" \n window.navigate(ISLink)\n end if
    ProgID=TuoTuHelper.RDown
    set xDownCatch=CreateObject("TuoTuHelper.RDown") :if err<>0 then:
    MsgBox("Tuotu
    else: call xDownCatch.AddText( "%d_url", "%d_info", document.Url): end if
    ProgID=QQIEHelper.QQRightClick.2
    Script=On Error Resume Next:set QQRightClick=CreateObject("QQIEHelper.QQRightClick.2"):if err<>0 then:MsgBox("QQDownload not properly installed on this PC!"):else:call QQRightClick.sendUrl2("%d_url",document.Url,"%d_info",document.cookie,0,0):end if
    ProgID=Orbitmxt.Orbit
    Script=On Error Resume Next:Set obj=CreateObject("Orbitmxt.Orbit"):If Err<>0 Then:MsgBox("Orbit not properly installed!"):Else:Call obj.download("%d_url", "%d_info", "%page.url", ""):End If
    ProgID=NXIEHelper.NXIEAddURL
    Script=On Error Resume Next:Set obj=CreateObject("NXIEHelper.NXIEAddURL"):If Err<>0 Then:MsgBox("
    not properly installed!"):Else:Call obj.AddLink("%page.url","%d_url", "%d_info" ):End If
    ProgID=DownlWithIDM.LinkProcessor
    script=On Error Resume Next:set IDMLinkProcessor=CreateObject("DownlWithIDM.LinkProcessor"):IDMLinkProcessor.Execute( external.menuArguments )
    msctls_hotkey32
    HotKey1
    %s-ansi
    %us-unicode
    :http://www.google.com.hk/search?q=%s
    :http://www.google.com
    GWeb
    (*.htm;*.html;*.mht;*.url)|*.htm;*.html;*.mht;*.url|
    (*.*)|*.*|
    !18,0,0,0,0,0,0,0,134,0,0,5,0,
    #18,0,0,0,700,0,0,0,134,0,0,5,0,
    :%d/%d/%d
    .http://www.fjmjm.com/web/welcome_cn.htm?ver=%s
    :^:1:^:http://www.baidu.com/baidu?word=%us&tn=ichuner_4_pg&ie=utf-8:^:b:^:http://www.baidu.com/s?tn=ichuner_4_pg
    1:^:Google:^:1:^:http://www.google.com.hk/search?client=aff-cs-worldbrowser&forid=1&ie=utf-8&oe=UTF-8&hl=zh-CN&q=%us:^:g:^:http://www.google.com.hk/webhp?client=aff-worldbrowser&ie=utf-8&oe=UTF-8&hl=zh-CN
    (*.png)|*.png|JPEG
    (*.jpg;*.jpeg)|*.jpg;*.jpeg;|
    (*.bmp)|*.bmp|
    http://www.fjmjm.com/cn/skin.htm
    #http://www.fjmjm.com/cn/plugins.htm
    (*.txt;*.text;)|*.txt;*.text;|
    (*.*)|*.*|0
    !http://www.fjmjm.com/cn/index.htm
    (http://www.fjmjm.com/hl/cn/dailytips.ini$http://www.fjmjm.com/web/navierr.htm
    (*.flv*;*.mp*;*.mov*;*.rm*;*.wm?*;*.asf*;*.avi*;*.wav*;*.mid*)
    (*.swf*)
    (*.js*;*.vbs*;*.css*)
    )http://www.fjmjm.com/hl/cn/browsemode.htm
    )http://www.fjmjm.com/hl/cn/rendermode.htm
    %s ...
    : %d%%
    ...*http://www.fjmjm.com/web/web_search_cn.htm
    (*.htm;*.html;)|*.htm;*.html|
    .http://www.baidu.com/index.php?tn=ichuner_2_pg
    2, 4, 1, 9
    Lightning.exe
    
sdad.exe_1620:
    

    

    .text
    `.rdata
    @.data
    .rsrc
    @.reloc
    vSSSh
    FTPjK
    FtPj;
    C.PjRV
    tGHt.Ht&
    Software\Microsoft\Windows\CurrentVersion\Run
    PopWinParam.xml
    setup.ini
    1.0.0
    20131020010000
    /web/PopWinParam.asp?d=2014419&mainver=%s&popver=%s&xmlver=%s
    %d.%d.%d
    %d:%d
    HKEY_CLASSES_ROOT
    HKEY_CURRENT_USER
    HKEY_LOCAL_MACHINE
    HKEY_USERS
    HKEY_PERFORMANCE_DATA
    HKEY_DYN_DATA
    HKEY_CURRENT_CONFIG
    &#xX;
    %s="%s"
    %s='%s'
    version="%s"
    encoding="%s"
    standalone="%s"
    isShow
    kernel32.dll
    Please contact the application's support team for more information.
    - Attempt to initialize the CRT more than once.
    - CRT not initialized
    - floating point support not loaded
    portuguese-brazilian
    operator
    GetProcessWindowStation
    USER32.DLL
    KERNEL32.dll
    USER32.dll
    GDI32.dll
    RegCloseKey
    RegCreateKeyA
    RegDeleteKeyA
    RegCreateKeyExA
    RegOpenKeyExA
    RegEnumKeyExA
    RegQueryInfoKeyA
    ADVAPI32.dll
    ole32.dll
    OLEAUT32.dll
    SHLWAPI.dll
    COMCTL32.dll
    HttpQueryInfoA
    InternetOpenUrlA
    WININET.dll
    imagehlp.dll
    VERSION.dll
    GetProcessHeap
    GetCPInfo
    GetConsoleOutputCP
    .?AUDWebBrowserEvents2@@
    http://stat.fjmjm.com
    http://www.fjmjm.com
    zcÁ
    %Program Files%\shandian\bin\sdad.exe
    >>>222:::
    :::222@@@
    @@@222:::
    :::222>>>
    4-6}6
    8$8(8,808
    <*=0=4=8=<=
    >!>%>@>}>
    0#0'0 0/0
    1$2(2,2\2`2
    0,080\0|0
    1$1,181\1|1
    nshell.Explorer.2
    ekernel32.dll
    KERNEL32.DLL
    mscoree.dll
    Replace%Select the entire document
    Arrange Icons/Arrange windows so they overlap
    Cascade Windows5Arrange windows as non-overlapping tiles
    Tile Windows5Arrange windows as non-overlapping tiles
    Tile Windows(Split the active window into panes
    1, 0, 0, 1
    mini.exe
    
iexplore.exe_1664:
    

    

    %?9-*09,*19}*09
    .text
    `.data
    .rsrc
    msvcrt.dll
    KERNEL32.dll
    NTDLL.DLL
    USER32.dll
    SHLWAPI.dll
    SHDOCVW.dll
    Software\Microsoft\Windows\CurrentVersion\Explorer\BrowseNewProcess
    IE-X-X
    rsabase.dll
    System\CurrentControlSet\Control\Windows
    dw15 -x -s %u
    watson.microsoft.com
    IEWatsonURL
    %s -h %u
    iedw.exe
    Iexplore.XPExceptionFilter
    jscript.DLL
    mshtml.dll
    mlang.dll
    urlmon.dll
    wininet.dll
    shdocvw.DLL
    browseui.DLL
    comctl32.DLL
    IEXPLORE.EXE
    iexplore.pdb
    ADVAPI32.dll
    MsgWaitForMultipleObjects
    IExplorer.EXE
    IIIIIB(II<.Fg
    7?_____ZZSSH%
    )z.UUUUUUUU
    ,....Qym
    ````2```
    {.QLQIIIKGKGKGKGKGKG
    ;33;33;0
    8888880
    8887080
    browseui.dll
    shdocvw.dll
    6.00.2900.5512 (xpsp.080413-2105)
    Windows
    Operating System
    6.00.2900.5512
    
iexplore.exe_1664_rwx_026C0000_00001000:
    

    

    %Program Files%\Baidu\BaiduSd\1.8.0.1255\BDKVDownloadProtect.dll
    
emaaif_70690.exe_2700:
    

    

    .text
    `.rdata
    @.data
    .ndata
    .rsrc
    @.reloc
    RegDeleteKeyExW
    Kernel32.DLL
    PSAPI.DLL
    %s=%s
    GetWindowsDirectoryW
    KERNEL32.dll
    ExitWindowsEx
    GetAsyncKeyState
    USER32.dll
    GDI32.dll
    SHFileOperationW
    ShellExecuteW
    SHELL32.dll
    RegDeleteKeyW
    RegCloseKey
    RegEnumKeyW
    RegOpenKeyExW
    RegCreateKeyExW
    ADVAPI32.dll
    COMCTL32.dll
    ole32.dll
    VERSION.dll
    $.psP
    6`%U'B
    :[email protected]
    8%8X8]8d8
    9$:*:7:?:
    7%7x7
    :);|;(<7<
    ? ?(?0?8?
    7 7$7(7,7074787<7
    8$9(9<9@9
    Thawte Certification1
    http://ocsp.thawte.com0
    .http://crl.thawte.com/ThawteTimestampingCA.crl0
    http://ts-ocsp.ws.symantec.com07
     http://ts-aia.ws.symantec.com/tss-ca-g2.cer0<
     http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
    .Class 3 Public Primary Certification Authority0
    http://crl.verisign.com/pca3.crl0
    https://www.verisign.com/cps0
    #http://logo.verisign.com/vslogo.gif04
    http://ocsp.verisign.com0>
    Dhttp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0
    n.aAHu
    2Terms of use at https://www.verisign.com/rpa (c)101.0,
    2Beijing baidu Netcom science and technology co.ltd1>0<
    2Beijing baidu Netcom science and technology co.ltd0
    /http://csc3-2010-crl.verisign.com/CSC3-2010.crl0D
    https://www.verisign.com/rpa0
    http://ocsp.verisign.com0;
    /http://csc3-2010-aia.verisign.com/CSC3-2010.cer0
    https://www.verisign.com/cps0*
    #http://crl.verisign.com/pca3-g5.crl04
    http://ocsp.verisign.com0
    BBB.DDD
    Nullsoft Install System v2.46.5-Unicode
    logging set to %d
    settings logging to %d
    created uninstaller: %d, "%s"
    WriteReg: error creating key "%s\%s"
    WriteReg: error writing into "%s\%s" "%s"
    WriteRegBin: "%s\%s" "%s"="%s"
    WriteRegDWORD: "%s\%s" "%s"="0xx"
    WriteRegExpandStr: "%s\%s" "%s"="%s"
    WriteRegStr: "%s\%s" "%s"="%s"
    DeleteRegKey: "%s\%s"
    DeleteRegValue: "%s\%s" "%s"
    WriteINIStr: wrote [%s] %s=%s in %s
    CopyFiles "%s"->"%s"
    CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d
    Error registering DLL: Could not load %s
    Error registering DLL: %s not found in %s
    GetTTFFontName(%s) returned %s
    GetTTFVersionString(%s) returned %s
    Exec: failed createprocess ("%s")
    Exec: success ("%s")
    Exec: command="%s"
    ExecShell: success ("%s": file:"%s" params:"%s")
    ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d
    Exch: stack < %d elements
    RMDir: "%s"
    MessageBox: %d,"%s"
    Delete: "%s"
    File: wrote %d to "%s"
    File: skipped: "%s" (overwriteflag=%d)
    File: error creating "%s"
    File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"
    Rename failed: %s
    Rename on reboot: %s
    Rename: %s
    IfFileExists: file "%s" does not exist, jumping %d
    IfFileExists: file "%s" exists, jumping %d
    CreateDirectory: "%s" created
    CreateDirectory: can't create "%s" - a file already exists
    CreateDirectory: can't create "%s" (err=%d)
    CreateDirectory: "%s" (%d)
    SetFileAttributes: "%s":X
    Sleep(%d)
    detailprint: %s
    Call: %d
    Aborting: "%s"
    Jump: %d
    verifying installer: %d%%
    unpacking data: %d%%
    ... %d%%
    http://nsis.sf.net/NSIS_Error
    ~nsu.tmp
    install.log
    %u.%u%s%s
    Skipping section: "%s"
    Section: "%s"
    New install of "%s" to "%s"
    .DEFAULT\Control Panel\International
    Software\Microsoft\Windows\CurrentVersion
    *?|<>/":
    invalid registry key
    HKEY_DYN_DATA
    HKEY_CURRENT_CONFIG
    HKEY_PERFORMANCE_DATA
    HKEY_USERS
    HKEY_LOCAL_MACHINE
    HKEY_CURRENT_USER
    HKEY_CLASSES_ROOT
    x%c
    RMDir: RemoveDirectory failed("%s")
    RMDir: RemoveDirectory on Reboot("%s")
    RMDir: RemoveDirectory("%s")
    RMDir: RemoveDirectory invalid input("%s")
    Delete: DeleteFile failed("%s")
    Delete: DeleteFile on Reboot("%s")
    Delete: DeleteFile("%s")
    %s: failed opening file "%s"
    LOCALS~1\Temp\nspC.tmp\tmppm4bkx.dll
    \emaaif_70690.exe"
    C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nspC.tmp\tmppm4bkx.dll
    C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nspC.tmp
    \config.ini\..\emaaif_70690.exe"
    Nullsoft Install System v2.46.5-Unicode
    %Program Files%\Baidu\
    spC.tmp
    File: skipped: "C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nspC.tmp\tmppm4bkx.dll" (overwriteflag=1)
    p\tmppm4bkx.dll"
    :\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsy2.tmp\config.ini\..\emaaif_70690.exe"
    "C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsy2.tmp\config.ini\..\emaaif_70690.exe"
    %Program Files%\Baidu\BaiduAn
    C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsy2.tmp
    emaaif_70690.exe
    CUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsuA.tmp
    C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\
    C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsy2.tmp\emaaif_70690.exe
    168429450
    1.0.284.627
    
BaiduSdSvc.exe_2156:
    

    

    .text
    `.rdata
    @.data
    .rsrc
    @.reloc
    c:\clientci\workspace\bdkv_v1.8_patch_compile\basic\KVOutput\binrelease\BaiduSdSvc.pdb
    ?GetBDMReportMgr@BDLogicUtils@@YAPAVIBDMReportMgr@1@XZ
    BDLogicUtils.dll
    BDMBase.dll
    BDMFrameWork.dll
    ?GetWindowsDirectory_DLL@BDMStringUtils@@YA_NPA_WH@Z
    BDMStringUtils.dll
    ?BDMMsgGetModule@@YGJPAPAX@Z
    BDMMsg.dll
    BDMSkin.dll
    KERNEL32.dll
    RegCloseKey
    RegCreateKeyExW
    RegOpenKeyExW
    ADVAPI32.dll
    MSVCP80.dll
    SHLWAPI.dll
    MSVCR80.dll
    _amsg_exit
    _crt_debugger_hook
    USERENV.dll
    WTSAPI32.dll
    SensApi.dll
    ?BDMGetWindowsVersion@BDMMisc@@YAHAAKPA_WH@Z
    .?AV?$CSingleton@VCRtpPluginContainer@@@BDMBase@@
    .?AVCRtpPluginContainer@@
    .?AV?$CSingleton@VCRTPServer@@@utils@@
    .?AVCRTPServer@@
    .?AVCBDMOptionsReportRecord@@
    .?AVCBDMLauchReportRecord@@
    ?"?*?0?6?
    6 6$6(6,60646
    5 5$5(5,5
    @explorer.exe
    \BDConfig.dll
    winlogon.exe
    SOFTWARE\Microsoft\Windows\CurrentVersion
    ntdll.dll
    explorer.exe
    BaiduSdTray.exe
    "{0}\{1}" {2}
    SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
    EXPLORER.EXE
    BaiduSdSvc.exe
    Global\BDKVMutex{B2F10594-7119-4649-9326-AF1890C5CE56}
    Global\BDKVEvent{8C345A9A-F601-405d-AB4A-B459CD5E369E}
    Global\TAV_SERVICE_{4A9CAFF9-6834-419c-AFB1-139AC49FF55E}
    \\.\pipe\{5EA6312A-0014-4160-AF85-E26361D6281E}
    BaiduSd.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Baidu\BaiduSd
    \bdkvrtpplugins\RtpContainerConfig.xml
    C:\test.exe
    d-d-d d:d:d d
    d:d:d
    %s(%d)
    Last Error : %u(%s)
    \BDMAVE.dll
    Global\BDKVMutex{32EB1BC7-A5CD-4356-A6B1-54D7BF690CA7}
    JoinBaiduCloundPlan
    1.8.0.1250
    BaidusdSvc.exe
    
BaiduSdTray.exe_2348:
    

    

    .text
    `.rdata
    @.data
    .rsrc
    @.reloc
    FtPhl
    D$XPSSh
    PSSSSSSh
    c:\clientci\workspace\bdkv_v1.8_patch_compile\basic\KVOutput\binrelease\BaiduSdTray.pdb
    BDMSkin.dll
    ?GetBDMReportMgr@BDLogicUtils@@YAPAVIBDMReportMgr@1@XZ
    BDLogicUtils.dll
    ?BDMGetWindowsVersion@BDMMisc@@YAHAAKPA_WH@Z
    BDMBase.dll
    BDMFrameWork.dll
    ?GetWindowsDirectory_DLL@BDMStringUtils@@YA_NPA_WH@Z
    BDMStringUtils.dll
    ?BDMMsgGetModule@@YGJPAPAX@Z
    BDMMsg.dll
    GetProcessHeap
    SetProcessShutdownParameters
    KERNEL32.dll
    USER32.dll
    GDI32.dll
    RegCloseKey
    RegOpenKeyExW
    ADVAPI32.dll
    ShellExecuteW
    SHELL32.dll
    ole32.dll
    SHLWAPI.dll
    MSVCP80.dll
    MSVCR80.dll
    _amsg_exit
    _wcmdln
    _crt_debugger_hook
    PSAPI.DLL
    .?AVCBDMLauchReportRecord@@
    2 2$2(2,20242
    :(;-;3;_;
    \BDConfig.dll
    hh_debug:%s
    BaiduSdUpdate.exe
    Wtsapi32.dll
    BDMgr.exe -stmd=6
    BDMgr.exe -stmd=7
    BDMgr.exe -stmd=7 -selplugin={914438D6-1EC4-434A-B6EC-20F84894C395}
    http://shadu.baidu.com/feedback.html
    {E059A29F-D2ED-4f28-849A-851AA9D5A05C}
    TrayPluginContainerConfig.xml
    BaiduSdTray.exe
    BDMNet.dll
    ic_danger.png
    errorcode: %d
    BaiduSdBugRpt.exe
    BaiduSd.exe
    BaiduSdSvc.exe
    Client.exe
    \GameNoDisturb.ini
    file='skin_1.png' xtiled='true' ytiled='true'
    \BaiduSdSvc.exe -m "
    \cmd.exe
    Shell32.dll
    \BaiduSd.exe
    -selplugin=rdp_scan -vll=%s
    BaiduSd{D8A4131D-3A7A-48a1-B080-28E1DC04F7C2}
    100012_1
    CheckIco_Select_hor.png
    CheckIco.png
    ic_menu_logo_hor.png
    CheckIco_hor.png
    CheckIco_Select.png
    MainIco_hor.png
    ic_menu_logo.png
    MainIco.png
    menu.xml
    HKEY_LOCAL_MACHINE\SOFTWARE\Baidu\BaiduSd
    1.8.0.1250
    http://shadu.baidu.com
    http://shadu.baidu.com/privacy.html
    about.xml
    @advapi32.dll
    %u.%u.%u.%u
    ABDKVMainframe.dll
    BDCooly.dll
    JoinBaiduCloundPlan
    \\.\pipe\{5EA6312A-0014-4160-AF85-E26361D6281E}
    BaidusdTray.exe
    
icclz.exe_432:
    

    

    .text
    `.rdata
    @.data
    .ndata
    .rsrc
    @.reloc
    RegDeleteKeyExW
    Kernel32.DLL
    PSAPI.DLL
    %s=%s
    GetWindowsDirectoryW
    KERNEL32.dll
    ExitWindowsEx
    GetAsyncKeyState
    USER32.dll
    GDI32.dll
    SHFileOperationW
    ShellExecuteW
    SHELL32.dll
    RegDeleteKeyW
    RegCloseKey
    RegEnumKeyW
    RegOpenKeyExW
    RegCreateKeyExW
    ADVAPI32.dll
    COMCTL32.dll
    ole32.dll
    VERSION.dll
    .UhhE
    Kic`ca%u
    msiexec /i vcredist.msi
    3http://crl.microsoft.com/pki/crl/products/CSPCA.crl0H
    ,http://www.microsoft.com/pki/certs/CSPCA.crt0
    3http://crl.microsoft.com/pki/crl/products/tspca.crl0H
    ,http://www.microsoft.com/pki/certs/tspca.crt0
    http://microsoft.com0
    SHLWAPI.dll
    WS2_32.dll
    BDLogicUtils.dll
    NTDLL.DLL
    MSVCP80.dll
    MSVCR80.dll
    WINMM.dll
    imagehlp.dll
    RegOpenKeyExA
    RegCreateKeyExA
    RegQueryInfoKeyA
    GetWindowsDirectoryA
    MsgWaitForMultipleObjects
    rundll32.exe %s,InstallHinfSection %s 128 %s
    SHELL32.DLL
    Software\Microsoft\Windows\CurrentVersion\RunOnce
    PendingFileRenameOperations
    System\CurrentControlSet\Control\Session Manager\FileRenameOperations
    wextract_cleanup%d
    %s /D:%s
    rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"
    Command.com /c %s
    %%%FGGG
    CCC.CCCFCCC]CCCrCCC
    BBB.DDD
    Nullsoft Install System v2.46.5-Unicode
    logging set to %d
    settings logging to %d
    created uninstaller: %d, "%s"
    WriteReg: error creating key "%s\%s"
    WriteReg: error writing into "%s\%s" "%s"
    WriteRegBin: "%s\%s" "%s"="%s"
    WriteRegDWORD: "%s\%s" "%s"="0xx"
    WriteRegExpandStr: "%s\%s" "%s"="%s"
    WriteRegStr: "%s\%s" "%s"="%s"
    DeleteRegKey: "%s\%s"
    DeleteRegValue: "%s\%s" "%s"
    WriteINIStr: wrote [%s] %s=%s in %s
    CopyFiles "%s"->"%s"
    CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d
    Error registering DLL: Could not load %s
    Error registering DLL: %s not found in %s
    GetTTFFontName(%s) returned %s
    GetTTFVersionString(%s) returned %s
    Exec: failed createprocess ("%s")
    Exec: success ("%s")
    Exec: command="%s"
    ExecShell: success ("%s": file:"%s" params:"%s")
    ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d
    Exch: stack < %d elements
    RMDir: "%s"
    MessageBox: %d,"%s"
    Delete: "%s"
    File: wrote %d to "%s"
    File: skipped: "%s" (overwriteflag=%d)
    File: error creating "%s"
    File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"
    Rename failed: %s
    Rename on reboot: %s
    Rename: %s
    IfFileExists: file "%s" does not exist, jumping %d
    IfFileExists: file "%s" exists, jumping %d
    CreateDirectory: "%s" created
    CreateDirectory: can't create "%s" - a file already exists
    CreateDirectory: can't create "%s" (err=%d)
    CreateDirectory: "%s" (%d)
    SetFileAttributes: "%s":X
    Sleep(%d)
    detailprint: %s
    Call: %d
    Aborting: "%s"
    Jump: %d
    verifying installer: %d%%
    unpacking data: %d%%
    ... %d%%
    http://nsis.sf.net/NSIS_Error
    ~nsu.tmp
    install.log
    %u.%u%s%s
    Skipping section: "%s"
    Section: "%s"
    New install of "%s" to "%s"
    .DEFAULT\Control Panel\International
    Software\Microsoft\Windows\CurrentVersion
    *?|<>/":
    invalid registry key
    HKEY_DYN_DATA
    HKEY_CURRENT_CONFIG
    HKEY_PERFORMANCE_DATA
    HKEY_USERS
    HKEY_LOCAL_MACHINE
    HKEY_CURRENT_USER
    HKEY_CLASSES_ROOT
    x%c
    RMDir: RemoveDirectory failed("%s")
    RMDir: RemoveDirectory on Reboot("%s")
    RMDir: RemoveDirectory("%s")
    RMDir: RemoveDirectory invalid input("%s")
    Delete: DeleteFile failed("%s")
    Delete: DeleteFile on Reboot("%s")
    Delete: DeleteFile("%s")
    %s: failed opening file "%s"
    "%Program Files%\Baidu\BaiduAn\2.1.0.1214\vcredist_x86.exe" /q:a /c:"msiexec /i vcredist.msi /qn /l*v crt.log"
    C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsz13.tmp\InstallHelper.dll
    OFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
    adm\LOCALS~1\Temp\nsz13.tmp\InstallHelper.dll
    em v2.46.5-Unicode
    2.0.50727.4053
    setup.exe
    vcredx86.ex
    ADMQCMD
    FINISHMSG
    USRQCMD
    : "%Program Files%\Baidu\BaiduAn\2.1.0.1214\vcredist_x86.exe" /q:a /c:"msiexec /i vcredist.msi /qn /l*v crt.log"
    %Program Files%\Baidu\BaiduAn\
    nsz13.tmp
    C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsz13.tmp\file\*.*
    Exec: success (""%Program Files%\Baidu\BaiduAn\2.1.0.1214\vcredist_x86.exe" /q:a /c:"msiexec /i vcredist.msi /qn /l*v crt.log"")
    rogram Files\Baidu\BaiduAn\2.1.0.1214\vcredist_x86.exe" /q:a /c:"msiexec /i vcredist.msi /qn /l*v crt.log"
    %Program Files%\Baidu\BaiduAn\install.log
    1\"%CurrentUserName%"\LOCALS~1\Temp\nspC.tmp\icclz.exe"
    0.0.0
    "C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nspC.tmp\icclz.exe"
    %Program Files%\Baidu\BaiduAn\2.1.0.1214
    C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nspC.tmp
    icclz.exe
    CUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsz11.tmp
    C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\
    C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsz13.tmp
    C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nspC.tmp\icclz.exe
    688522828
    %Documents and Settings%\All Users\Desktop
    %Documents and Settings%\All Users\Start Menu\Programs
    %Program Files%\Baidu\BaiduAn
    %Documents and Settings%\All Users
    %Documents and Settings%\All Users\Application Data
    1.0.0.524
    
kuping_b_54282.exe_736:
    

    

    .text
    `.rdata
    @.data
    .rsrc
    F=8%D
    F%D,3
    MFC42.DLL
    MSVCRT.dll
    _acmdln
    WinExec
    KERNEL32.dll
    USER32.dll
    RegCloseKey
    RegCreateKeyExA
    RegEnumKeyExA
    RegOpenKeyExA
    RegCreateKeyA
    ADVAPI32.dll
    SHELL32.dll
    ole32.dll
    OLEAUT32.dll
    MSVCP60.dll
    GdipSetImageAttributesColorKeys
    gdiplus.dll
    NETAPI32.dll
    IMAGEHLP.dll
    WS2_32.dll
    VERSION.dll
    MSIMG32.dll
    GDI32.dll
    COMCTL32.dll
    LZMA.dll
    _Key_End_
    _Key_Data_
    _Key_Begin_
    Location: %s
    User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.57 Safari/537.17 SE 2.X MetaSr 1.0
    HTTP/1.1
    http://
    kernel32.dll
    %s\%s
    Software\Microsoft\Windows\CurrentVersion\Run
    SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall
    SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
    .PAVCInternetException@@
    Range: bytes=%d-%d
    Range: bytes=%d-
    User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows NT; DigExt; DTS Agent;)
    Referer: %s
    http://www.wallba.com/
    Host: %s
    GET %s HTTP/1.1
    %s %d
    %d,%d,%d,%d,%d,%d
    \SystemConfig\setting.ini
    MsgBox_1.ini
    %s?id=%s&class=silence
    \softset.ini
    VersionConfig.xml
    version.ini
    softset.ini
    http://www.wallba.com/
    URLInfoAbout
    uninstall.exe
    Kpclick.ini
    http://img.wallba.com/Public/caijiansuoluetu/2013nian/8yue/0808fj.jpg
    http://img.wallba.com/Public/caijiansuoluetu/2013nian/8yue/0809kt.jpg
    http://img.wallba.com/Public/caijiansuoluetu/2013nian/8yue/0808kt.jpg
    http://config.wallba.com/Public/Configs/KpInstall/AnImg.xml
    http://tj.153624.com/report/
    skinConfig\TongJICNZZ.dll
    http://config.153624.com/Public/conf/c-lock/1/%s_%s/%s.xml
    http://img.wallba.com/Public/Configs/uninstall_end.html
    http://img.wallba.com/Public/Configs/uninstall_begin.html
    http://img.kuping.cc/Public/Configs/v5_install_close.html
    http://img.wallba.com/Public/Configs/index.html
    http://img.wallba.com/Public/Configs/index2.html
    http://img.wallba.com/Public/Configs/install_end.html
    http://img.wallba.com/Public/Configs/install_begin.html
    /index.php
    XML_URL_TP
    v5.tongji.wallba.com
    downURL
    http://down.shuyeer.net/kptoolbar/kptoolbar_b_50.exe
    KPToolBarSilence.exe
    UniversalMini.exe
    KP4Mini.exe
    Kp_BootClr.exe
    soft.exe
    installedSoftInfo.ini
    .kptheme
    .kpscr
    .kplgui
    .kpicon
    .kpcur
    .kprar
    %s\%s,%d
    %s\KpInstallTheme.exe
    %s %%1
    %s\Shell\Open\Command
    %s\Shell
    %s\DefaultIcon
    http://int.dpool.sina.com.cn/iplookup/iplookup.php
    QueryInterface failed! ctrl: %d
    Can't find the ctrl: %d
    skinconfig.ini
    0900936iso-ir-581028598iso_8859-81201255iso_8859-8-i1200932cswindows31j
    0628597greek81201258windows-1258
    1201257windows-12570738598logical
    1201256windows-12560651932euc-jp
    1201255windows-1255
    2701143x-ebcdic-finlandsweden-euro1201254windows-1254
    0801251x-cp12511201253windows-12531400949ks_c_5601_19871528599iso_8859-9:1989
    0801250x-cp12501201252windows-1252
    1201251windows-12511528598iso_8859-8:1988
    1201250windows-12502301149x-ebcdic-icelandic-euro
    1150220iso-2022-jp1100874windows-874
    1901145x-ebcdic-spain-euro1620127iso_646.irv:1991
    0551932x-euc1250221_iso-2022-jp1000932csshiftjis
    http-equiv
    <>=\/?!"';
    (%d nulls removed)
    length %d
    to length %d
    to %d bytes
    CWebBrowser2
    colorkey
    isshow
    layer_%d
    dddddd
    walla.com,
    @.reloc
    GetProcessWindowStation
    GetCPInfo
    <*=0=4=8=<=
    <(<(=-=?=
    mscoree.dll
    - Attempt to initialize the CRT more than once.
    - CRT not initialized
    - floating point support not loaded
    KERNEL32.DLL
    WUSER32.DLL
    {8856F961-340A-11D0-A96B-00C04FD705A2}
    (*.*)
    1.1.1,1
    InStaller.EXE
    
pczh_98_2.exe_2216:
    

    

    .text
    `.rdata
    @.data
    .ndata
    .rsrc
    uDSSh
    .DEFAULT\Control Panel\International
    Software\Microsoft\Windows\CurrentVersion
    GetWindowsDirectoryA
    KERNEL32.dll
    ExitWindowsEx
    USER32.dll
    GDI32.dll
    SHFileOperationA
    ShellExecuteA
    SHELL32.dll
    RegEnumKeyA
    RegCreateKeyExA
    RegCloseKey
    RegDeleteKeyA
    RegOpenKeyExA
    ADVAPI32.dll
    COMCTL32.dll
    ole32.dll
    VERSION.dll
    verifying installer: %d%%
    unpacking data: %d%%
    ... %d%%
    http://nsis.sf.net/NSIS_Error
    ~nsu.tmp
    callback%d
    %u.%u%s%s
    RegDeleteKeyExA
    %s=%s
    *?|<>/":
    %Program Files%\ainqngz3.9\Ainqngz3.9.exe
    xec.dll
    0=http://cdn1.down.17173ie.com/ie/downloader/_xhzm06_s.exe
    0=_xhzm06_s.exe
    %Program Files%\ainqngz3.9
    .3.9.lnk
    :\Program Files\ainqngz3.9\Ainqngz3.9.exe
    0145192937630\YYM_955WD30.gif
    \DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsv18.tmp\nsExec.dll
    .reloc
    SShL0
    PeekNamedPipe
    CreatePipe
    nsExec.dll
    99|9
    : :0:5:>:
    9 9%9/9=9}9
    operator
    GetProcessWindowStation
    USER32.DLL
    %4u~3\
    webL
    4>b_%f
    %c?ux
    h%x/4
    C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsv18.tmp
    nsv18.tmp
    nqngz3.9\Hzsvr.exe" start= auto
    OCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsv18.tmp
    1434904
    2.exe
    "C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsy2.tmp\config.ini\..\pczh_98_2.exe"
    C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsy2.tmp
    pczh_98_2.exe
    CUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsp16.tmp
    C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\
    C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsy2.tmp\pczh_98_2.exe
    3120145
    3120145192937630
    http://update.aiqingzhihui.com/0403/help1.html
    YYM_955WD30.gif
    http://www.hao123.com/?tn=97431923_hao_pg
    %Documents and Settings%\%current user%\Templates\3120145192937630\YYM_955WD30.gif
    98_2.exe
    Nullsoft Install System v2.46
    %Documents and Settings%\%current user%\Desktop\
    KERNEL32.DLL
    
pczh_98_2.exe_2216_rwx_10004000_00001000:
    

    

    callback%d
    
vcredist_x86.exe_2784:
    

    

    .text
    `.data
    .rsrc
    ADVAPI32.dll
    KERNEL32.dll
    NTDLL.DLL
    GDI32.dll
    USER32.dll
    COMCTL32.dll
    VERSION.dll
    advapi32.dll
    advpack.dll
    wininit.ini
    Software\Microsoft\Windows\CurrentVersion\App Paths
    setupapi.dll
    setupx.dll
    IXPd.TMP
    TMP4351$.TMP
    FINISHMSG
    USRQCMD
    ADMQCMD
    msdownld.tmp
    wextract.pdb
    PSSSSSSh
    RegCloseKey
    RegOpenKeyExA
    RegCreateKeyExA
    RegQueryInfoKeyA
    GetWindowsDirectoryA
    ExitWindowsEx
    MsgWaitForMultipleObjects
    rundll32.exe %s,InstallHinfSection %s 128 %s
    SHELL32.DLL
    Software\Microsoft\Windows\CurrentVersion\RunOnce
    PendingFileRenameOperations
    System\CurrentControlSet\Control\Session Manager\FileRenameOperations
    wextract_cleanup%d
    %s /D:%s
    rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"
    Command.com /c %s
    C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\IXP000.TMP\
    msiexec /i vcredist.msi /qn /l*v crt.log
    33333330
    3333333
    33333333
    vcredist.msi
    vcredis1.cab
    V-[C.Yx
    %u/8f
    63738393:3
    /Vx.bV
    YudP "#v
    ~O.WG#(
    I?%uIH
    (>.oK
    .TZ]V/tf
    L2|).bp
    %s@0z
    .UPjk
    ^".Gef
    .Oek$
    ,*%D^
    -Y}\T
    .QM%#
    *.Ffs
    .dI>!O~
    |%uTo
    .Ja#Lkx]
    .nip,}_
    EF%fq
    1kq.Lh
    [email protected]
    _6]Q.xO
    .vE"G.
    .Ts2b
     .XQ>
    Pv}%dI
    r.Jq2
    y?.Uz
    2IC~H%d
    2X.zS
    JtCP
    !oPS.MV
    Bp%dM
    .JB:Y
    .ZdTn
    oGJ%d
    .Qzg_
    un[.AGm9
    M.Pl_F,
     rF.lj
    xF.oG
    ~VQEI%x
    **k%sS
    %uziu
    //.Byv
    .nd1O
    4%x6F
    F[.lv ?
    %SNmL
    G%s?*x
    4N.bx
    dxV%U
    M.xjt
    K1%C 
    0F%c;v
    d.Chj
    .SA.Q&
    s1v%D
    .drO
    .NYQo
    3-.uP
    8.ct%
    mØ!*]
    $5N.Mk
    i%fh)'
    %d^ ,w
    %s\$kxZ
    .BIkm
    .bzgF
    /F%Xd;
    .Iq7P
    hh.gv
    7l.nR
    a.qaPl
    3.wBG
    ij.WF
    .kQ6rm
    .Ew\[
    .Eanq
    R[.yv8
    .pbg'<
    #m.Bu
    iw.on}
    .jDgSUp
    =.dw#Q
    ^.sEw
    R %x_
    YjGYQ.cg
    .BIB}
    #]%7s
    t]%uEA%
    .tlre
    8;.jz
    kX.drc#z
    %U{x-o
    !.lq{
    =lQQ%F
    5}{.LB
    .lCA!
    .xS)@
    .WmSO
    .IJ:1Nu
    ZvfAPT%F
    b%Xt[
    is9%d
    EBl%C
    jExE
    xP.JR>^\
    R'ÌX-
    .zHY|
    h.lt@
    %s3iu
    s-.Lc
    m#.Nn
    .Iinx
    z*h%f
    gE.jE?
    cMDV
    %$.MZ
    EF.kJ
    hk¬mD
    .SohRP
    H%XJx
    B&%U:
    cXP%d
    .eQyGi
    ..Di/
    N#z.Mi
    5W -H}
    .La(K
    Z66n%X
    %D=>p
    I.ByeK
    &x.yQ
    ,7.wC
    N,.gl
    a'.AjXH
    msgN"[
    i%clu
    9.rj*D
    H3.ma
    3.Dbwe
    /p2%c
    -py7C}4
    b\j.Amjz
    .wiu6
    .TIQ%E
    f%Csn
    .Bf09
    2.US\
    .taT*mt
    %xs*r
     .mKx:
    <-&%f
    .oWF=
    @(.Op
    F.gdJ
    dB%cI
    O^.FG
    Z/5.HD
    %x sO
    .jZwn
    XM%sN,
    c3.eP
    .kC=5
    D.AT_
    @5.tz
    5>.vE]J<
    eQssh
    |.%s]
    .FlI(
    S~[%u
    /W.gb
    .MB,:H
    .mx^$
    o,.iI
    1.cA^?52
    a%XuA
    x%fZf!
    Oc.va
    =(=.=7<;<
    f:$h}%C
    j*Ub.aF
    eTCP
    65%UZ
    x.EDi
    .LD [
    ]%a%e%i%m%q%u%*#
    .!.%.).-.1/5
    <[.JR^
    sEn%D
    .hL*d
    s{%UW
    .Ipztl
    Ud%uP
    z.AeO8
    WB%uKg
    F.lC(
    BH|%F
    >/.UI1M
    .MOtz
    .DP:=1
    V_ÿ
    &x.fJ
    &&.rr
    #].tpe
    v.my~
    V:.ZT
    vm.vpR,
    H.XBR~
    C~{Ih#.zK_e
    XÎ7
    ?\S%Ck
    G` %C
    .bTu5
    {=.VI
    >a.kW
    P.Vwd
    .HtGM
    ;GXc.AV
    .ab,h
    <.gu-
    R.EmgNr
    .UhhE
    Kic`ca%u
    msiexec /i vcredist.msi
    Please read the following license agreement. Press the PAGE DOWN key to see the rest of the agreement.
    CFailed to get disk space information from: %s.
    System Message: %s.&A required resource cannot be located. Are you sure you want to cancel?
    8Unable to retrieve operating system version information.!Memory allocation request failed.
    Filetable full.Ên not change to destination folder.
    Setup could not find a drive with %s KB free disk space to install the program. Please free up some space first and press RETRY or press CANCEL to exit setup.KThat folder is invalid. Please make sure the folder exists and is writable.IYou must specify a folder with fully qualified pathname or choose Cancel.!Could not update folder edit box.5Could not load functions required for browser dialog.7Could not load Shell32.dll required for browser dialog.
    (Error creating process <%s>. Reason: %s1The cluster size in this system is not supported.,A required resource appears to be corrupted.QWindows 95 or Windows NT 4.0 Beta 2 or greater is required for this installation.
    Error loading %shGetProcAddress() failed on function '%s'. Possible reason: incorrect version of advpack.dll being used./Windows 95 or Windows NT is required to install
    Could not create folder '%s'
    To install this program, you need %s KB disk space on drive %s. It is recommended that you free up the required disk space before you continue.
    Error retrieving Windows folder
    $NT Shutdown: OpenProcessToken error.)NT Shutdown: AdjustTokenPrivileges error.!NT Shutdown: ExitWindowsEx error.}Extracting file failed. It is most likely caused by low memory (low disk space for swapping file) or corrupted Cabinet file.aThe setup program could not retrieve the volume information for drive (%s) .
    System message: %s.xSetup could not find a drive with %s KB free disk space to install the program. Please free up some space and try again.eThe installation program appears to be damaged or corrupted. Contact the vendor of this application.
    /C: -- Override Install Command defined by author.
    eAnother copy of the '%s' package is already running on your system. Do you want to run another copy?
    Could not find the file: %s.
    :The folder '%s' does not exist. Do you want to create it?hAnother copy of the '%s' package is already running on your system. You can only run one copy at a time.OThe '%s' package is not compatible with the version of Windows you are running.SThe '%s' package is not compatible with the version of the file: %s on your system.
    2.0.50727.4053
    setup.exe
    
services.exe_760_rwx_00040000_00001000:
    

    

    %Program Files%\Baidu\BaiduSd\1.8.0.1255\bd0001.dll
    
svchost.exe_1080_rwx_03100000_00001000:
    

    

    %Program Files%\Baidu\BaiduSd\1.8.0.1255\bd0001.dll
    

    


    
Remove it with Ad-Aware
    

    

      

    1. Click (here) to download and install Ad-Aware Free Antivirus.
      2. 

    2. Update the definition files.
      3. 

    3. Run a full scan of your computer.
      4. 

    


    
Manual removal*
    

    

      

    1. Scan a system with an anti-rootkit tool.
      2. 

    2. Terminate malicious process(es) (How to End a Process With the Task Manager):
      

      BaiduSd.exe:3108
      shandian.exe:1324
      shandian.exe:192
      F30241_s_0523.exe:1356
      BaiduSdTray.exe:2348
      bddownloader.exe:2856
      regsvr32.exe:2944
      regsvr32.exe:3020
      BaiduSdSvc.exe:2156
      BaiduSdSvc.exe:240
      netsh.exe:2972
      BDKVWsc.exe:2772
      BDKVWsc.exe:3472
      RegSvr32.exe:2804
      RegSvr32.exe:2892
      BDDownloader.exe:2732
      BDDownloader.exe:2660
      

      3. 

    3. Delete the original Trojan-Dropper file.
      4. 

    4. Delete or disinfect the following files created/modified by the Trojan-Dropper:
      

      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\v53_arrow_h[1].gif (1 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\texture[1].gif (3628 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\v33_sugg_ajaj_v40_3[1].js (1352 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\skin2_0[1].gif (592 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\123.sogou[1].htm (4676 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\ufo2[2].js (12854 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\_ads_2[1].js (3 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\v53_123n[2].js (4599 bytes)
      %Program Files%\shandian\bin\twcache.ini (696 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\logo_1112293[1].gif (1266 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\rec[1].do (374 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\start_button[1].jpg (2 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\setting_icon[1].gif (76 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\img-news[1].gif (225 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\fbg_about[1].png (634 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\v53_bicos[1].gif (826 bytes)
      %Program Files%\shandian\bin\ImgCache\123.sogou.com_favicon.ico (1 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\subnav_v41[1].png (634 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\20140528121904_599[1].jpg (1467 bytes)
      %Documents and Settings%\%current user%\Cookies\Current_User@sogou[2].txt (316 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\selogo_111207[1].png (1858 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\v53_2icos[1].gif (2 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\img-video-2[1].gif (225 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\skin_[1].css (21 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\foot_slider[1].jpg (322 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\new-ico[1].png (211 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\favicon[1].ico (681 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\skin_tips_n1[1].gif (1 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\titlebg[1].png (634 bytes)
      %Documents and Settings%\%current user%\Cookies\[email protected][1].txt (1354 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\20140526163242_997[1].jpg (186 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\DD_belatedPNG_0.0.8a-min[2].js (7 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\20140526163043_207[1].jpg (186 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\guide_tip[1].png (1094 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\citydata[2].js (5088 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\desktop.ini (67 bytes)
      %Documents and Settings%\%current user%\Cookies\Current_User@sogou[1].txt (448 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\v33_sugg_ajaj_v40_3[2].js (1187 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\hotdata[1].js (3 bytes)
      %Program Files%\shandian\bin\theworld.ac (2 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\VGX3.tmp (10 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\welcome_cn[1].htm (1469 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\20140526170756_638[1].jpg (186 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\get_123_v53[1].php (17417 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\ufo2[1].js (7232 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\i-ico-2b[1].png (2 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\selogo_111207[1].png (1858 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\get_tj[1].php (1199 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\selogo_111207[2].png (1467 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\v53_123n[1].js (5972 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\20130820165531_481[1].gif (2 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\icon4[1].gif (1 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\DD_belatedPNG_0.0.8a-min[1].js (2 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\newioage[1].css (715 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\20130531144119_126[1].png (2789 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\20130830161205_609[1].gif (940 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\mE8bXnNioe2802[1].jpg (3 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\20140527160745_754[1].jpg (197 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\skin3[1].gif (1266 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\guide_top[1].jpg (5 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\20140508103513_537[1].gif (3628 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\20140526163446_912[1].jpg (1264 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\_ads_2[2].js (7 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\search_arrow[1].gif (447 bytes)
      %Documents and Settings%\%current user%\Cookies\[email protected][2].txt (1826 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\main[2].js (3923 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\setskinbg[1].gif (397 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\cloudy[1].gif (1 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\i8g7XZO1lz1162[1].jpg (4 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\citydata[1].js (4562 bytes)
      %Program Files%\shandian\bin\shandian.ini.tmp (244 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\guide_tip[2].png (1153 bytes)
      %Documents and Settings%\%current user%\Cookies\index.dat (9640 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\cloudy[1].gif (1 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\new-erweima2[1].png (3488 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\hotdata[2].js (8 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\main[1].js (4592 bytes)
      %Documents and Settings%\%current user%\Cookies\[email protected][1].txt (191 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nspC.tmp\BDMNetGetInfo.dll (9608 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nspC.tmp\BDMDownload.dll (5520 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nspC.tmp\BDMSkin.dll (36698 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsjB.tmp (128685 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nspC.tmp\icclz.exe.bdl (657521 bytes)
      %Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddl.bca.bak (579 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nspC.tmp\BDMNet.dll.bdl (37242 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nspC.tmp\res\onlineWnd.zip (14184 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nspC.tmp\tmppm4bkx.dll (24832 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nspC.tmp\BDLogicUtils.dll (31856 bytes)
      %Documents and Settings%\All Users\Application Data\Baidu\Common\Global.db (100 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nspC.tmp\BDMReport.dll.bdl (35297 bytes)
      %Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddlp.bca.bak (16 bytes)
      %Documents and Settings%\All Users\Application Data\Baidu\Desktop\Global.db (16 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nspC.tmp\System.dll (784 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nspC.tmp\hu.dll (3312 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nspC.tmp\dl.dll (65930 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\jquery-1.7.2.min[1].js (41312 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\style[2].css (145 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\b18[1].jpg (3892 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\shehui_509_366[1].htm (2049 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\b17[1].jpg (7663 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\d[1].gif (43 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\b19[1].jpg (1878 bytes)
      %Documents and Settings%\%current user%\Cookies\Current_User@mmstat[2].txt (168 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\aaa8[1].jpg (776 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\Close[1].gif (348 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\aaa5[1].jpg (12687 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\meinv[1].htm (882 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\b16[1].jpg (7132 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\stat[2].gif (43 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\aaa1[1].jpg (7430 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\nvxing_509_366[2].htm (2047 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\cpc_img[1].htm (884 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\stat[1].php (1177 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\b16[1].jpg (9810 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\b17[1].jpg (6746 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\aaa9[1].jpg (2077 bytes)
      %Program Files%\shandian\bin\update\PopWinParam.xml (196 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\normal_bg[1].png (6236 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\aaa1[1].jpg (6709 bytes)
      %Documents and Settings%\%current user%\Cookies\Current_User@cnzz[1].txt (491 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\aaa7[1].jpg (2555 bytes)
      %Documents and Settings%\%current user%\Cookies\Current_User@70e[1].txt (514 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\aaa4[1].jpg (13211 bytes)
      %Documents and Settings%\%current user%\Cookies\Current_User@mmstat[1].txt (336 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\stat[3].gif (43 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\stylemini[1].css (4968 bytes)
      %Documents and Settings%\%current user%\Cookies\Current_User@70e[2].txt (664 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\b18[2].jpg (3233 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\miniindex[1].htm (4145 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\stat[2].gif (43 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\aaa8[1].jpg (2118 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\lieqi_509_366[1].htm (2049 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\aaa5[1].jpg (12890 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\aaa4[1].jpg (8974 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\aaa3[1].jpg (15840 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\aaa10[1].jpg (776 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\cpc_ztyw[1].css (2 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\min[1].png (1 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\style[1].css (145 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\shehui_509_366[1].htm (2049 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\2012_swf[1].js (1 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\b13[1].jpg (7589 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\b19[1].jpg (2773 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\aaa9[1].jpg (2077 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\close[1].png (2 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\cpc_swf[1].asp (2103 bytes)
      %Documents and Settings%\%current user%\Cookies\[email protected][2].txt (408 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\ico_new2[1].png (8604 bytes)
      %Documents and Settings%\%current user%\Cookies\Current_User@565882[1].txt (139 bytes)
      %Documents and Settings%\%current user%\Cookies\[email protected][1].txt (611 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\jiankang_509_366[1].htm (2049 bytes)
      %Documents and Settings%\%current user%\Cookies\[email protected][2].txt (694 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\stat[1].gif (43 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\jiankang_509_366[2].htm (1593 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\b14[2].jpg (6883 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\aaa2[1].jpg (6091 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\core[1].php (798 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\b14[1].jpg (6703 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\aaa10[1].jpg (776 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\Untitled-2[1].gif (776 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\xinwen[1].htm (881 bytes)
      %Documents and Settings%\%current user%\Cookies\Current_User@cnzz[2].txt (328 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\aaa2[1].jpg (7013 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\stat[1].gif (43 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\aaa3[1].jpg (20995 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\stat[1].php (1163 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\lieqi_509_366[1].htm (1593 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\core[2].php (798 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\aaa7[1].jpg (776 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\b15[1].jpg (4891 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\cpc_img[1].js (1 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\b15[1].jpg (4053 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\tj[1].js (279 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\cpv1[1].htm (1117 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\Untitled-3[1].jpg (4129 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\xinwen[1].htm (881 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\jquery-1.7.2.min[1].js (5103 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\meinv[1].htm (882 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\aaa6[1].jpg (6202 bytes)
      %Documents and Settings%\%current user%\Cookies\Current_User@zhouliboguju[1].txt (150 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\0[1].swf (7902 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\b13[1].jpg (6566 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\nvxing_509_366[1].htm (2047 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\Untitled-1[1].gif (2240 bytes)
      %Documents and Settings%\%current user%\Cookies\[email protected][1].txt (1013 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\aaa6[1].jpg (5267 bytes)
      %Program Files%\shandian\ico\360.ico (32 bytes)
      %Documents and Settings%\%current user%\Desktop\Internet Explorer.lnk (1 bytes)
      %Program Files%\shandian\uninst.exe (2761 bytes)
      %Program Files%\shandian\home.bat (691 bytes)
      %Program Files%\shandian\bin\shandian.exe (28332 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsy2.tmp\config.ini (3 bytes)
      %Program Files%\shandian\ico\ie.ico (700 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\desktop.ini (67 bytes)
      %Documents and Settings%\%current user%\Desktop\ÉÁµçä¯ÀÀÆ÷.lnk (505 bytes)
      %Program Files%\shandian\config.ini (194 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsy2.tmp\kuping_b_54282.exe (16163 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsy2.tmp\emaaif_70690.exe (12288 bytes)
      %Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\ÉÁµçä¯ÀÀÆ÷.lnk (700 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsy2.tmp\config0.ini (3 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsy2.tmp\System.dll (11 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsy2.tmp\F30241_s_0523.exe (91814 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\emaaif_70690[1].rar (12288 bytes)
      %Program Files%\shandian\ico\anquan.ico (3 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsy2.tmp\Md5dll.dll (8 bytes)
      %Documents and Settings%\%current user%\Start Menu\Programs\ÉÁµçä¯ÀÀÆ÷\ÉÁµçä¯ÀÀÆ÷.lnk (694 bytes)
      %Program Files%\shandian\ico\taobao.ico (15 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\stat[1].htm (3 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsy2.tmp\xID.dll (10 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\F30241_s_0523[1].rar (91814 bytes)
      %Program Files%\shandian\bin\sdad.exe (12955 bytes)
      %Program Files%\shandian\shandian.exe (3121 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsy2.tmp\bind.dll (1207 bytes)
      %Documents and Settings%\%current user%\Start Menu\Programs\ÉÁµçä¯ÀÀÆ÷\жÔØÉÁµçä¯ÀÀÆ÷.lnk (682 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\kuping_b_54282[1].rar (37274 bytes)
      %Documents and Settings%\%current user%\Desktop\360°²È«ä¯ÀÀÆ÷.lnk (1 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\desktop.ini (67 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\Microsoft.VC80.ATL\Microsoft.VC80.ATL.manifest (466 bytes)
      %WinDir%\pchealth\helpctr\System\panels (4 bytes)
      %System%\Macromed\Flash (4 bytes)
      %WinDir%\pchealth\helpctr\System\images (4 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDMMsg.dll (1552 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\Skins\Default\BDKVQuarantine.rdb (10 bytes)
      %WinDir%\pchealth\helpctr\System\Remote Assistance (4 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDMRepBase.dll (27704 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkv\Microsoft.VC80.ATL\Microsoft.VC80.ATL.manifest (466 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\BDMAVEng.dll (4185 bytes)
      %WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance (4 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\BaiduSdTray.exe (10815 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\ToastImage.png (5 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDMRepMgr.dll (10136 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\GameNoDisturb.ini (215 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDMBase.dll (32128 bytes)
      %Program Files%\Adobe\Reader 9.0\Reader\plug_ins3d (4 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDMSDWrench.dll (3312 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\BDMSkin.dll (37025 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\wverify.dat (66168 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDKVLogs.dll (6584 bytes)
      %Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\811.dat (8 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMLog.dll (32 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMUpdate.dll (673 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDMUpdate.dll (5520 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDMStringUtils.dll (1856 bytes)
      %System%\config (96 bytes)
      %Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\806.dat (3 bytes)
      %Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\901.dat (8 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\virus_type.dat (485 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\KVMainframe_PluginConfig.xml (1 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\fm.dat (597 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvtrayplugins\BDDownLoadProtectPlugin.dll (2105 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\BDMAVCached.dll (1425 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDArKit.sys (3312 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\bd0003.sys (1856 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\Cooly_PluginConfig.xml (720 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMReport.dll (2105 bytes)
      %Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012014053120140601\index.dat (388 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\TrayPluginContainerConfig.xml (945 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDMSRCore.dll (10136 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\hips.xml (784 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDMSREng.dll (9608 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\ad.dll (2321 bytes)
      %WinDir%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Security\Roles (4 bytes)
      %Program Files%\Reference Assemblies\Microsoft\Framework\v3.0 (4 bytes)
      %Program Files%\Reference Assemblies\Microsoft\Framework\v3.5 (4 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\KVMainframePluginContainerConfig.xml (384 bytes)
      %System%\config\systemprofile\Application Data\Microsoft (4 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMNet.dll (5873 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\Skins\Default\BDKV.rdb (3312 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\cache_config.dat (469 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDMDownload.dll (11344 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDMPatchAgent.dll (784 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\TrustAndIso.dll (1281 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvrtpplugins\Microsoft.VC80.CRT\msvcm80.dll (16424 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDMAVE.dll (6584 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\Cooly_PluginConfig.xml (720 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BaiduSdRepair.exe (13584 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\Skins\Default\BDKVConfig.rdb (4992 bytes)
      %WinDir%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Security\Permissions (4 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\Microsoft.VC80.ATL\atl80.dll (3312 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\Microsoft.VC80.CRT\msvcr80.dll (21216 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDKitUtils.dll (1856 bytes)
      %Program Files%\Adobe\Reader 9.0\Resource\Font (4 bytes)
      %WinDir%\Microsoft.NET\Framework\v4.0.30319\WPF (4 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDDownLoadProtectPlugin.dll (12536 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmsysrepair\Microsoft.VC80.CRT\msvcm80.dll (16424 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\KavUpdate.dll (1281 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\BDDownloader.exe (9605 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\BAV\bdmp.dat (25 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMPatchAgent.dll (26 bytes)
      %WinDir%\Microsoft.NET\Framework\v3.0\WPF (4 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\repairplugins\RepairPluginContainerConfig.xml (228 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDMSkin.dll (37368 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\updlog.dll (15 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\CoolyContainerConfig.xml (329 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\FileMon.dll (18424 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\CompatibilityChecker.dll (3312 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\kav_verify.dat (677 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\explugin\npBaiduSDDetectPlug.dll (601 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\BaiduSdUProxy64.exe (4545 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\Skins\Default\BDKVTray.rdb (19152 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDKVDownloadProtect_x64.dll (6584 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\System.dll (784 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\KVInstallHelper.dll (12536 bytes)
      %System%\drivers\BDArKit.sys (601 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\BDKVDeskBand64.dll (601 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDLogicUtils.dll (9320 bytes)
      %WinDir%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation (4 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvtrayplugins\BDKVTrayTipsPlugin.dll (673 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\BDKVMainFrame.dll (7345 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\app.ico (2105 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BSRLib.dat (5064 bytes)
      %WinDir%\Fonts (1248 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkv\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (1 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvrtpplugins\Microsoft.VC80.CRT\msvcp80.dll (19096 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\Repair_PluginConfig.xml (411 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\iexplore.exe.xml (528 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDPerflog.dll (5064 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\UserDetectionPlugin.dll (5520 bytes)
      %WinDir%\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation (4 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmsysrepair\Microsoft.VC80.CRT\msvcp80.dll (19096 bytes)
      %WinDir%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\AppConfig (4 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (1 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\GameNoDisturb.ini (215 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDUDiskGuard.dll (8560 bytes)
      %Documents and Settings%\All Users\Desktop\百度杀毒.lnk (959 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\directui license.txt (593 bytes)
      %System%\drivers\bd0003.sys (55 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvrtpplugins\RtpContainerConfig.xml (818 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\systemfile.dat (3 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\bdvs.dat (5 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\licenses\duilib license.txt (1 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvtrayplugins\Microsoft.VC80.CRT\msvcr80.dll (21216 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmsysrepair\Microsoft.VC80.ATL\Microsoft.VC80.ATL.manifest (466 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDMAVEng.dll (22192 bytes)
      %WinDir%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Security\Users (4 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\uninst.exe (28288 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\baidusdRepair.dll (4992 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\updlog.dll (15 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDConfig.dll (19152 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkv\BDKVVirusPlugins.dll (2105 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\drivers\bd0002.sys (1281 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\TrustAndIso.dll (8184 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvtrayplugins\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (1 bytes)
      %System%\spool\XPSEP\amd64 (4 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\tuopan.png (3 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\ToastImage.png (5 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\Skins\Default\BDKVTips.rdb (2392 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMEvents.dll (15 bytes)
      %Documents and Settings%\%current user%\Application Data\Sun\Java\Deployment\SystemCache\6.0 (8 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\tips.xml (1 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\dnw.xml (149 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\Microsoft.VC80.ATL\Microsoft.VC80.ATL.manifest (466 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\KVRtp_PluginConfig.xml (2 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDAVCScan.dll (4992 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\BaiduSdUpdate.exe (3361 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDMEvents.dll (15 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDMAVCached.dll (11048 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\BDUDiskGuard.dll (1281 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\BDMPerfMon.dll (673 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\systemfile.dat (3 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\RtpContainerConfig.xml (818 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\monitor_config.dat (559 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\Microsoft.VC80.CRT\msvcr80.dll (21216 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvrtpplugins\Microsoft.VC80.ATL\atl80.dll (3312 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvtrayplugins\BDKVRmvDevPlugin.dll (1281 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BaiduSd.exe (13368 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\bduf.dll (11048 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\cache_config.dat (469 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvrtpplugins\FileMon.dll (3361 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmsysrepair\BDMSREng.dll (1425 bytes)
      %Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\900.dat (8 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvrtpplugins\HIPS.dll (7345 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvtrayplugins\Microsoft.VC80.ATL\Microsoft.VC80.ATL.manifest (466 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\Microsoft.VC80.CRT\msvcm80.dll (16424 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDKVDeskBand64.dll (4992 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\BDMRepBase.dll (5873 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\KVRtp_PluginConfig.xml (2 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMSDWrench.dll (601 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\PluginInstallHelper.dll (3616 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\bd0001.dll (673 bytes)
      %Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\809.dat (3 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\ToastLogo.ico (12024 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\NetService.ini (615 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\Skins\Default\BDKVUpdate.rdb (13584 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\app.ico (12024 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\Skins\Default\TrayDldProtect.rdb (6360 bytes)
      %WinDir%\pchealth\helpctr\System\sysinfo\graphics (4 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\BDCooly.dll (44 bytes)
      %WinDir%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Providers (4 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\Skins\Default\SearchProtection.rdb (5064 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\drivers\bd0001.sys (601 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\ieBaiduSDDetectPlug.dll (4992 bytes)
      %WinDir%\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client (8 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvtrayplugins\Microsoft.VC80.CRT\msvcm80.dll (16424 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmsysrepair\BSRLib.dat (673 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\KavUpdate.dll (9320 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMTinyXml.dll (673 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmsysrepair\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (1 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\900.dat (8 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (1 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\blacksign.dat (852 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\RepairPluginContainerConfig.xml (228 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\kav_verify.dat (677 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\res\InstallWnd.zip (12536 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\BDShellExt.dll (2321 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BaiduSdUpdate.exe (19152 bytes)
      %System%\drivers\bd0002.sys (1281 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\Skins\Default\BDKVTray\TrayPlugin.rdb (18424 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMSkin.dll (8281 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\index.dat (2436 bytes)
      %System%\drivers\bd0001.sys (601 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\NewPih.dll (4992 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\bdmp.dat (784 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkv\Microsoft.VC80.CRT\msvcr80.dll (21216 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvtrayplugins\UserDetectionPlugin.dll (673 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDDownloader.exe (42222 bytes)
      %Documents and Settings%\All Users\Start Menu\Programs\百度杀毒\卸载百度杀毒.lnk (944 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\scan_mgr_config.dat (5 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\BDKVDeskBand.dll (673 bytes)
      %WinDir%\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 (384 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\BDKVLogs.dll (673 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\BDKVDownloadProtect.dll (673 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\virus_type.dat (485 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\CompatibilityChecker.dll (601 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\licenses\directui license.txt (593 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvtrayplugins\Microsoft.VC80.CRT\msvcp80.dll (19096 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\GetSupplyId.dll (3616 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\BDKVWsc.exe (2105 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\DesktopToast.exe (3616 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\BaiduSdRepair.exe (2321 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\repairplugins\baidusdRepair.dll (601 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMDownload.dll (1425 bytes)
      %System%\spool\XPSEP\i386 (4 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\tuopan.png (3 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\BDKVDownloadProtect_x64.dll (673 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\bd0001.sys (2392 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\BaiduSd.exe (2105 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMFrameWork.dll (1425 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDMWrench.sys (3616 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvtrayplugins\Microsoft.VC80.ATL\atl80.dll (3312 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\duilib license.txt (1 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvtrayplugins\TrayPluginContainerConfig.xml (945 bytes)
      %Documents and Settings%\%current user%\Local Settings\History\History.IE5\index.dat (484 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\Microsoft.VC80.CRT\msvcp80.dll (19096 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\BaiduSdSvc.exe (2321 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\BDShellExt64.dll (2321 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\Skins\Default\TrayPlugin.rdb (20624 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDMPerfMon.dll (5064 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\drivers\bd0003.sys (55 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\bd0001.dll (5064 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvrtpplugins\Microsoft.VC80.CRT\msvcr80.dll (21216 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\coolyplugins\CoolyContainerConfig.xml (329 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMBase.dll (7345 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\explugin\ieBaiduSDDetectPlug.dll (601 bytes)
      %System%\config\systemprofile\Start Menu\Programs\Accessories (4 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDMTinyXml.dll (6584 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvrtpplugins\PrivacyProtect.dll (673 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\DriverManager.dll (601 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\HIPS.dll (30968 bytes)
      %Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\804.dat (3 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\811.dat (8 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\Microsoft.VC80.CRT\msvcm80.dll (16424 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\BaiduSdBugRpt.exe (3361 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDMNet.dll (28288 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\BAV\bdvs.dat (5 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDShellExt.dll (15168 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\tips.xml (1 bytes)
      %Documents and Settings%\All Users\Start Menu\Programs\百度杀毒\百度杀毒.lnk (971 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\bduf.dll (1425 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\iexplore.exe.xml (528 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMAVE.dll (673 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmsysrepair\Microsoft.VC80.ATL\atl80.dll (3312 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\901.dat (8 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvrtpplugins\fm.dat (597 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\BDLogicUtils.dll (1281 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDCooly.dll (1552 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\806.dat (3 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\Microsoft.VC80.CRT\msvcp80.dll (19096 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\KVTray_PluginConfig.xml (1 bytes)
      %Documents and Settings%\%current user%\Application Data\Adobe\Acrobat\9.0 (4 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\npBaiduSDDetectPlug.dll (3616 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDKVWsc.exe (13368 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\Repair_PluginConfig.xml (411 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\drivers\BDMWrench.sys (601 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\PrivacyProtect.dll (6360 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\bd0002.sys (7192 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDKVMainFrame.dll (32128 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\Skins\Default\KVCommonRes.rdb (132004 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDKVVirusPlugins.dll (12024 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDMLog.dll (784 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\809.dat (3 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\ad.dll (15168 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\BDMRepMgr.dll (1425 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\KVMainframe_PluginConfig.xml (1 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BaiduSdBugRpt.exe (19152 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\KVTray_PluginConfig.xml (1 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDKVRmvDevPlugin.dll (8560 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\DriverManager.dll (4992 bytes)
      %System%\config\systemprofile\Local Settings (4 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDKVDownloadProtect.dll (5520 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\810.dat (3 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkv\Microsoft.VC80.CRT\msvcm80.dll (16424 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BaiduSdUProxy64.exe (23936 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmsysrepair\Microsoft.VC80.CRT\msvcr80.dll (21216 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkv\KVMainframePluginContainerConfig.xml (384 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDKVTrayTipsPlugin.dll (6584 bytes)
      %Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\810.dat (3 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BaiduSdTray.exe (46916 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\NetService.ini (615 bytes)
      %Documents and Settings%\%current user%\Application Data\Sun\Java\Deployment\cache\6.0 (8 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDMFrameWork.dll (10136 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMStringUtils.dll (49 bytes)
      %WinDir%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Security\Wizard (4 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\uninst.exe (5873 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDMReport.dll (12024 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\DesktopToast.exe (601 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\BAV\BDAVCScan.dll (601 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkv\Microsoft.VC80.ATL\atl80.dll (3312 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\monitor_config.dat (559 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\dnw.xml (149 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\wverify.dat (15019 bytes)
      %System%\oobe\html\mouse (4 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\BDKitUtils.dll (54 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDShellExt64.dll (14184 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BDKVDeskBand.dll (5064 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\804.dat (3 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\scan_mgr_config.dat (5 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\hips.xml (17 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\Microsoft.VC80.ATL\atl80.dll (3312 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\BDPerflog.dll (673 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\ToastLogo.ico (2105 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\blacksign.dat (852 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsc6.tmp\file\BaiduSdSvc.exe (15536 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvrtpplugins\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (1 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\BDConfig.dll (3361 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvrtpplugins\Microsoft.VC80.ATL\Microsoft.VC80.ATL.manifest (466 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\drivers\BDArKit.sys (601 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsn5.tmp (910471 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmsysrepair\BDMSRCore.dll (1425 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkv\Microsoft.VC80.CRT\msvcp80.dll (19096 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMMsg.dll (33 bytes)
      %WinDir%\Temp\Perflib_Perfdata_7a0.dat (4 bytes)
      %System%\wbem\Logs (4 bytes)
      %Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\CachedDB_1\LOG (4 bytes)
      %Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\IsolationDB.db-journal (532 bytes)
      %Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\FileSignDB\LOG (4 bytes)
      C:\$Directory (384 bytes)
      %Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\CachedDB_1\CURRENT (4 bytes)
      %Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\812.dat (100 bytes)
      %WinDir%\Prefetch (4 bytes)
      %Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\4402.dat (4 bytes)
      %WinDir%\Temp\Perflib_Perfdata_f00.dat (100 bytes)
      %WinDir%\Temp\Tar10.tmp (2712 bytes)
      %Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\FileSignDB\MANIFEST-000002 (4 bytes)
      %System%\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015 (108 bytes)
      %System%\config\SYSTEM.LOG (5001 bytes)
      %System%\config\software (23177 bytes)
      %System%\config\SOFTWARE.LOG (27430 bytes)
      %WinDir%\Temp\CabF.tmp (54 bytes)
      %System%\drivers\BDMWrench.sys (601 bytes)
      %Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\privacy.db-journal (532 bytes)
      %System%\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004 (816 bytes)
      %System%\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 (816 bytes)
      %WinDir%\Temp\CabD.tmp (54 bytes)
      %System%\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004 (36 bytes)
      %Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\white_list.db (145 bytes)
      %Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\CachedDB_1\MANIFEST-000002 (4 bytes)
      %WinDir%\Temp\TarE.tmp (2712 bytes)
      %Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\white_list.db-journal (512 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsz13.tmp\res\InstallWnd.zip (54196 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsz13.tmp\PluginInstallHelper.dll (784 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsu12.tmp (97881 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsz13.tmp\System.dll (784 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsz13.tmp\InstallHelper.dll (34186 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsz13.tmp\BDMSkin.dll (37025 bytes)
      %Program Files%\Common Files\Baidu\BDDownload\106\bddownloader.exe (9605 bytes)
      %Program Files%\Common Files\Baidu\BDDownload\106\bdcomproxy.dll (601 bytes)
      %Program Files%\Common Files\Baidu\BDDownload\106\7z.dll (2105 bytes)
      %Program Files%\Common Files\Baidu\BDDownload\106\dl.dll (14988 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\BDDownloader_Installer\1.0.106.1[2014-5-31-19-28-31]\bddownloader.exe (41699 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\BDDownloader_Installer\1.0.106.1[2014-5-31-19-28-31]\bdcomproxy.dll (2392 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\BDDownloader_Installer\1.0.106.1[2014-5-31-19-28-31]\dl.dll (65930 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\dl.dll (65930 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\BDDownloader_Installer\1.0.106.1[2014-5-31-19-28-31]\7z.dll (12536 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsn9.tmp\System.dll (784 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsx8.tmp (90616 bytes)
      

      5. 

    5. Delete the following value(s) in the autorun key (How to Work with System Registry):
      

      [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
      "shandian" = "%Program Files%\shandian\shandian.exe"

      [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "baidusdTray" = "%Program Files%\Baidu\BaiduSd\1.8.0.1255\BaiduSdTray.exe  -stmd=3"

      

      6. 

    6. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
      7. 

    7. Reboot the computer.
      8. 

    

    *Manual removal may cause unexpected system behaviour and should be performed at your own risk.
    

    

    

    

    


    
 
 




 
    No votes yet
    

    

    




    

    
				

    
							
    

			

				
					  
							

		
    
		
    

					
							

	
    
	
	        
    

	

        
      
     

      
      

      
    
     

    
   

		

    
		
    
		
			
    
			
    
				
    
					Lavasoft is the maker of Ad-Aware,
					the world's most popular anti-malware 
					software with over 450 million 
					downloads.
				
    
				
    
					© 2026 Lavasoft. All rights reserved.
    
					Terms Of Use |   Privacy Policy
					

    
								
    
			
    

		
    
		

    
	
    
	
	
    
	
    
		x
		
    Our best antivirus yet!
    
		
    Fresh new look. Faster scanning. Better protection.
    
		
    
			
    Enjoy unique new features, lightning fast scans and a simple yet beautiful new look in our best antivirus yet!
    
			
    For a quicker, lighter and more secure experience, download the all new adaware antivirus 12 now!
    
			
			Download adaware antivirus 12
		
    
		No thanks, continue to lavasoft.com
	
    
	
    
		
    
			close x
			
    Discover the new adaware antivirus 12
    
			
    Our best antivirus yet
    
			Download Now