Trojan.GenericKD.1776795_6ced652ec7

by malwarelabrobot on August 12th, 2014 in Malware Descriptions.

Trojan.Win32.Agent.ahbcq (Kaspersky), Trojan.GenericKD.1776795 (B) (Emsisoft), Trojan.GenericKD.1776795 (AdAware), Trojan.NSIS.StartPage.FD, Trojan.Win32.BHO.FD, Trojan.Win32.Delphi.FD, Trojan.Win32.Sasfis.FD, Trojan.Win32.Swrort.3.FD, VirTool.Win32.DelfInject.FD, mzpefinder_pcap_file.YR (Lavasoft MAS)
Behaviour: Trojan, VirTool

The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Summary

Dynamic Analysis

Static Analysis

Network Activity

Map

Strings from Dumps

Removals

MD5: 6ced652ec7bb0bc11a0870b22efc3c90
SHA1: 3ba914f2c45098317c860c33353e57d3b2236e78
SHA256: 73eea81d609db2fdfb17eaf58b94d1f74a024feb71bd99d495f9627d9827e326
SSDeep: 24576:yp6ozdwaBFFcbiPwIGXGA7Se 02W9wKEG49MBRg8NnJr5FfjE86q1T7hCvmUpN1:ypBdwaj1vA9wndMfg2rn56oZCFpf
Size: 1892284 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2009-06-19 00:33:27
Analyzed on: WindowsXP SP3 32-bit

Summary:

Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Payload

No specific payload has been found.

Process activity

The Trojan creates the following process(es):

candid.exe:600
pczh_107_306.exe:1628
sc.exe:1416
sc.exe:1888
wwwww_3340.exe:3976
oovmdw_70745.exe:588
yymusic05.exe:3356
guagua_77150006814.exe:496

The Trojan injects its code into the following process(es):

%original file name%.exe:928
YFMSever.exe:3420
Ainqngz5.2.exe:504

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process pczh_107_306.exe:1628 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Start Menu\Programs\Ã‚Â°Ã‚Â®Ãƒâ€¡ÃƒÂ©.Ãƒâ€“Ãƒâ€¡Ã‚Â»Ãƒâ€º.5.2\ÃƒÂÃ‚Â¶Ãƒâ€ÃƒËœ.lnk (715 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh9.tmp\Base64.dll (4 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\Ã‚Â°Ã‚Â®Ãƒâ€¡ÃƒÂ©.Ãƒâ€“Ãƒâ€¡Ã‚Â»Ãƒâ€º.5.2\Ã‚Â°Ã‚Â®Ãƒâ€¡ÃƒÂ©.Ãƒâ€“Ãƒâ€¡Ã‚Â»Ãƒâ€º.5.2.lnk (720 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh9.tmp\nsExec.dll (6 bytes)
%Program Files%\ainqngz5.2\uninstall.exe (5064 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh9.tmp\nsA.tmp (6 bytes)
%Program Files%\ainqngz5.2\candid.exe (5520 bytes)
%Program Files%\ainqngz5.2\Ainqngz5.2.exe (4992 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh9.tmp\NSISdl.dll (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh9.tmp\nsB.tmp (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh8.tmp (19409 bytes)
%Program Files%\ainqngz5.2\schedule.exe (1552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh9.tmp\System.dll (11 bytes)
%Documents and Settings%\%current user%\Templates\1120148215041584\YYM_955WD30.gif (1134 bytes)
%Documents and Settings%\%current user%\Desktop\Ã‚Â°Ã‚Â®Ãƒâ€¡ÃƒÂ©.Ãƒâ€“Ãƒâ€¡Ã‚Â»Ãƒâ€º.5.2.lnk (708 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsh9.tmp\Base64.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh7.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh9.tmp\nsA.tmp (0 bytes)
%Documents and Settings%\%current user%\Templates\1120148215041584 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh9.tmp\nsB.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh9.tmp\nsExec.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh9.tmp\NSISdl.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh9.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh9.tmp\System.dll (0 bytes)
%Documents and Settings%\%current user%\Templates\1120148215041584\YYM_955WD30.gif (0 bytes)

The process wwwww_3340.exe:3976 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Program Files%\yyfm0529\2014081121\Data\dh.ini (56 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\yyfm0529\yyfm0529.lnk (840 bytes)
%Program Files%\yyfm0529\2014081121\swresample-0.dll (3312 bytes)
%Program Files%\yyfm0529\2014081121\libav.dll (6360 bytes)
%Program Files%\yyfm0529\2014081121\YFMSever.exe (23936 bytes)
%Program Files%\yyfm0529\2014081121\SysConfig.ini (256 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\yyfm0529\Ã‚Â¹Ãƒâ„¢Ã‚Â·Ã‚Â½Ãƒâ€“ÃƒÂ·Ãƒâ€™Ã‚Â³.lnk (334 bytes)
%Program Files%\yyfm0529\2014081121\Data\client.ini (36 bytes)
%Program Files%\yyfm0529\2014081121\source.dll (6584 bytes)
%Program Files%\yyfm0529\2014081121\channels.xml (784 bytes)
%Program Files%\yyfm0529\2014081121\avcodec-54.dll (23936 bytes)
%Program Files%\yyfm0529\2014081121\favorfm.xml (440 bytes)
%Program Files%\yyfm0529\2014081121\Unins.exe (9608 bytes)
%Program Files%\yyfm0529\2014081121\Data\setup.ini (110 bytes)
%Program Files%\yyfm0529\2014081121\audio.dll (3616 bytes)
%Program Files%\yyfm0529\2014081121\Data\version.ini (32 bytes)
%Program Files%\yyfm0529\2014081121\DuiLib.dll (16288 bytes)
%Program Files%\yyfm0529\2014081121\avformat-54.dll (12536 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\yyfm0529\Ãƒâ€¦ÃƒÂ¤Ãƒâ€“ÃƒÆ’Ã‚Â¹Ã‚Â¤Ã‚Â¾ÃƒÅ¸\ÃƒÂÃ‚Â¶Ãƒâ€ÃƒËœyyfm0529.lnk (830 bytes)
%Program Files%\yyfm0529\2014081121\pthreadGC2.dll (3616 bytes)
%Program Files%\yyfm0529\2014081121\avcore.dll (2392 bytes)
%Program Files%\yyfm0529\2014081121\yymusic05.exe (63950 bytes)
%Program Files%\yyfm0529\2014081121\avutil-52.dll (5520 bytes)
%Program Files%\yyfm0529\2014081121\Data\user2.ini (40 bytes)

The process %original file name%.exe:928 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsz3.tmp\spkjrjp_30279.exe (38675 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz3.tmp\wwwww_3340.exe (433142 bytes)
%Program Files%\updatr\tj.txt (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz3.tmp\pczh_107_306.exe (46502 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz3.tmp\System.dll (11 bytes)
%Program Files%\updatr\oovmdw_70745.exe (51840 bytes)
%Program Files%\updatr\uboskin\config.ini (290 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz3.tmp\guagua_77150006814.exe (111890 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsj2.tmp (65883 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz3.tmp\NSISdl.dll (14 bytes)
%Program Files%\updatr\yunbo0717.exe (6360 bytes)
%Program Files%\updatr\union.exe (6360 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz3.tmp\mi (1 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsz3.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsu1.tmp (0 bytes)

The process oovmdw_70745.exe:588 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddl.bca.bak (674 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh6.tmp\dl.dll (65930 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh6.tmp\BDMReport.dll.bdl (33840 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddlp.bca (24 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh6.tmp\BDMDownload.dll (5520 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\Desktop\Global.db (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh6.tmp\System.dll (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh6.tmp\BDMNet.dll.bdl (30837 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bdt\33f59beac1c942dd19f41a7fd30f3f9b.bdt (647 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddlp.bca.bak (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh6.tmp\hu.dll (3312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh6.tmp\dl(1).dll.bdl (366657 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bdt\68905108990c088c31aead3b6d1651be.bdt (519 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh6.tmp\tmpjnmhqw.dll (27504 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh6.tmp\res\onlineWnd.zip (14184 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh6.tmp\BDLogicUtils.dll.bdl (47101 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bdt\a644398e96b2e49d735a01f51e447930.bdt (3 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\Common\Global.db (100 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddl.bca (2505 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh6.tmp\BDMNetGetInfo.dll (11344 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nss5.tmp (111370 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh6.tmp\BDMNet.dll (894 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh6.tmp\BDMSkin.dll (36698 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bdt\f2d00606824cd42a1c03eb9caa15e29f.bdt (631 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddlp.bca.bak (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh6.tmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddl.bca.bak (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nss4.tmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddl.bca (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddlp.bca (0 bytes)

The process YFMSever.exe:3420 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Application Data\ffee2f88\DMSet.Xml (215 bytes)

The process yymusic05.exe:3356 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Program Files%\yyfm0529\2014081121\Data\server.ini (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\a[1].htm (3 bytes)
%Program Files%\yyfm0529\2014081121\Data\client.ini (42 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\ver[1].txt (36 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\tj[1].ashx (3 bytes)
%Program Files%\yyfm0529\2014081121\SysConfig.ini (440 bytes)
%Program Files%\yyfm0529\2014081121\Data\user2.ini (402 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\stj[1].ashx (3 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\tj[1].ashx (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\stj[1].ashx (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\a[1].htm (0 bytes)

The process guagua_77150006814.exe:496 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\desktop.ini (159 bytes)

The process Ainqngz5.2.exe:504 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\fengyunzhibo[1] (1644 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\hm[2].js (15 bytes)
%Documents and Settings%\%current user%\UserData\YJM90VAL\www.fengyunzhibo[1].xml (478 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\home-v3[1].js (6872 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\DD_belatedPNG_0.0.8a-min[1].js (3009 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\snapshot[2].jpg (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\csbh200150[1].jpg (5193 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\header-v3[2].js (2196 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\zhibo2[1].htm (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\load_small[1].gif (556 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\CAQRGDKX.gif (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\header-v3[2].css (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\header-v3-media[1].css (454 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\weixinscan[1].jpg (19100 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\snapshot[6].jpg (1995 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\stat[1].php (2912 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\snapshot[8].jpg (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\to-new[1].png (72 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\snapshot[9].jpg (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\home-v3[1].css (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\snapshot[2].jpg (148 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\home-v3[1].css (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\snapshot[1].jpg (156 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\snapshot[5].jpg (2566 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\stat[1].gif (43 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@fengyunzhibo[1].txt (767 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\core[1].php (751 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\jquery-1.8.3.min[1].js (56651 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\default_avatar_s[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (883 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\snapshot[1].jpg (2454 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@mmstat[1].txt (170 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\CAZMOJ7D.gif (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\snapshot[3].jpg (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\snapshot[1].jpg (569 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\CAEJ6JMD.gif (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\snapshot[2].jpg (1997 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\atrk[2].js (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\snapshot[4].jpg (3367 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\c[1].php (4285 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\snapshot[4].jpg (4 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (164 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\header-v3[1].js (1321 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\VGXC.tmp (56 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][2].txt (351 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (205 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\snapshot[3].jpg (2451 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\header-v3[1].css (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\fystat.min[2].js (1 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@fengyunzhibo[2].txt (1189 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\snapshot[3].jpg (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\box-v3[1].js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\snapshot[1].jpg (4 bytes)
%Documents and Settings%\%current user%\UserData\2Z89WTQV\www.fengyunzhibo[1].xml (266 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\home-v3[1].png (13875 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\nav-bk[1].png (126 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\hm[1].js (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\core[2].php (750 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\banner-hyperx-20140728[1].jpg (16784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\hm[2].js (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\1pc[1].png (95 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\img_loading_v3[1].gif (773 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\new_message[1].js (1657 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\cover_bk[1].png (68 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\fyminiloader-min[2].js (660 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (257 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@cnzz[1].txt (165 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\json2[1].js (223 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\fystat.min[1].js (564 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\fyminiloader-min[1].js (363 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (12240 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\new_message[1].css (73 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\show_card[1].js (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\snapshot[2].jpg (464 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\fengyunzhibo[1].htm (526 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\snapshot[7].jpg (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\hm[1].js (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\loading[1].gif (4285 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\box-v3[2].js (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\atrk[1].js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\snapshot[4].jpg (4 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\home-v3[1].css (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\box-v3[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\header-v3[1].js (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@fengyunzhibo[1].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@fengyunzhibo[2].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\fyminiloader-min[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\CAEJ6JMD.gif (0 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\fystat.min[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\header-v3[1].css (0 bytes)
%Documents and Settings%\%current user%\UserData\2Z89WTQV\www.aaa[1].xml (0 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][2].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\hm[1].js (0 bytes)
%Documents and Settings%\%current user%\UserData\2Z89WTQV\www.fengyunzhibo[1].xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\CAZMOJ7D.gif (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\atrk[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\hm[1].js (0 bytes)

Registry activity

The process candid.exe:600 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "DA 8E A6 5C 16 03 B9 B9 73 91 58 8C B4 96 8B 54"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1D 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process pczh_107_306.exe:1628 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ã‚Â°Ã‚Â®Ãƒâ€¡ÃƒÂ©.Ãƒâ€“Ãƒâ€¡Ã‚Â»Ãƒâ€º.5.2]
"DisplayIcon" = "%Program Files%\ainqngz5.2\uninstall.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ã‚Â°Ã‚Â®Ãƒâ€¡ÃƒÂ©.Ãƒâ€“Ãƒâ€¡Ã‚Â»Ãƒâ€º.5.2]
"DisplayVersion" = ""

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ã‚Â°Ã‚Â®Ãƒâ€¡ÃƒÂ©.Ãƒâ€“Ãƒâ€¡Ã‚Â»Ãƒâ€º.5.2]
"DisplayName" = "Ã‚Â°Ã‚Â®Ãƒâ€¡ÃƒÂ©.Ãƒâ€“Ãƒâ€¡Ã‚Â»Ãƒâ€º5.2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Templates" = "%Documents and Settings%\%current user%\Templates"

[HKLM\SOFTWARE\dsrs]
"et" = "2014-8-11"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Ainqngz5.2.exe]
"(Default)" = "%Program Files%\ainqngz5.2\Ainqngz5.2.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKLM\SOFTWARE\dsrs]
"EX" = "1"
"ED" = "107"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ã‚Â°Ã‚Â®Ãƒâ€¡ÃƒÂ©.Ãƒâ€“Ãƒâ€¡Ã‚Â»Ãƒâ€º.5.2]
"UninstallString" = "%Program Files%\ainqngz5.2\uninstall.exe"

[HKLM\SOFTWARE\dsrs]
"EN" = "pczh_107_306.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "41 91 1C 32 01 4C C8 70 8F 54 0C 76 40 A3 B3 B3"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

The process sc.exe:1416 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D9 0A FE 9B EA F6 9D DA 8E 04 15 F6 07 5A 25 CD"

The process sc.exe:1888 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "70 77 67 0F 36 8D 24 78 A5 18 00 C5 33 C2 F4 01"

The process wwwww_3340.exe:3976 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "DA 65 6B 18 D0 C1 34 0B 62 87 64 3D 8F 68 74 10"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

The process %original file name%.exe:928 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "5C 11 E8 A1 37 D5 FC 3F 5D EC DB 94 77 13 52 4E"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

The process oovmdw_70745.exe:588 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "13 17 65 FA BA B1 E3 98 41 3D A0 F7 28 E8 68 43"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCR\metnsd\clsid]
"SequenceID" = "77 55 30 3A 19 57 33 4B 8E C3 BE A6 1C BF 51 7F"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Program Files%\updatr]
"oovmdw_70745.exe" = "%Program Files%\updatr\oovmdw_70745.exe:*:Enabled:Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¥ÂÂ«Ã¥Â£Â«Ã¥Å“Â¨Ã§ÂºÂ¿Ã¥Â®â€°Ã¨Â£â€¦Ã§Â¨â€¹Ã¥ÂºÂ"

The Trojan adds process executable file it works in to the list of trusted Windows Firewall applications:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Program Files%\updatr]
"oovmdw_70745.exe" = "%Program Files%\updatr\oovmdw_70745.exe:*:Enabled:Ã§â„¢Â¾Ã¥ÂºÂ¦Ã¥ÂÂ«Ã¥Â£Â«Ã¥Å“Â¨Ã§ÂºÂ¿Ã¥Â®â€°Ã¨Â£â€¦Ã§Â¨â€¹Ã¥ÂºÂ"

The process YFMSever.exe:3420 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1E 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "DE B8 11 58 45 5C 3E AB 60 AF 6E 1A EB 9B 03 88"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process yymusic05.exe:3356 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1F 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "22 D3 DB 84 FB 32 9A 41 D5 84 F0 B2 3E 84 41 0C"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKLM\SOFTWARE\yyfm0529]
"RD" = "_2014081121"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"yyfm0529_2014081121" = "%Program Files%\yyfm0529\2014081121\yymusic05.exe -mini"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"yyfm0529_News_2014081121" = "%Program Files%\yyfm0529\2014081121\YFMSever.exe -mini"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"

"ProxyServer"

"AutoConfigURL"

The Trojan disables automatic startup of the application by deleting the following autorun value:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BoxNews"

"yyfm0529_News"

"YyfmPlay"

"yyfm0529"

The process guagua_77150006814.exe:496 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process Ainqngz5.2.exe:504 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1C 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"@xpsp3res.dll,-20001" = "Diagnose Connection Problems..."

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name" = "Ainqngz5.2.exe"

[HKLM\SOFTWARE\Microsoft\Direct3D\MostRecentApplication]
"Name" = "Ainqngz5.2.exe"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "1404720818"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "63 95 55 92 11 66 A2 60 B2 24 81 37 E1 19 C5 55"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

Dropped PE files

MD5	File path
44edff85d12e091f0b129f05a3f2a042	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsh6.tmp\BDLogicUtils.dll
d184763cb4e62d531193978de7b82db2	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsh6.tmp\BDMDownload.dll
c8b0dca29d7b9aff1b801af86212c586	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsh6.tmp\BDMNet.dll
12f98be1d919784370eb0f87e78b60d8	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsh6.tmp\BDMNetGetInfo.dll
30cbc602ada7cdfb0346038c05996d84	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsh6.tmp\BDMReport.dll
b540a866191f7fd20f5e6355bc2b094e	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsh6.tmp\BDMSkin.dll
f52eb281e29da8065e18805617ac2cbc	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsh6.tmp\System.dll
763b532d651f0ad5e135d9b57bf4fba4	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsh6.tmp\dl.dll
ebfe7c9594e300bb0c16e7bb99a7e66d	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsh6.tmp\hu.dll
731e4fd7cbbff12adebb2a4ff8fbe9eb	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsh6.tmp\tmpjnmhqw.dll
254f13dfd61c5b7d2119eb2550491e1d	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsz3.tmp\NSISdl.dll
00a0194c20ee912257df53bfe258ee4a	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsz3.tmp\System.dll
f951a17f9892add6be51b7f84638defe	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsz3.tmp\guagua_77150006814.exe
2e02c1bdb46273ef13cb5203576e079f	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsz3.tmp\pczh_107_306.exe
8d6d78fcc0a17b47f17ce77217ef53a1	c:\Program Files\ainqngz5.2\Ainqngz5.2.exe
151ff53109c38e720e9083e3a4e194f8	c:\Program Files\ainqngz5.2\candid.exe
61dd64b3a469bdcd80a69e8fc084d240	c:\Program Files\ainqngz5.2\schedule.exe
b975774b4cabf39685edf11b68b81dbe	c:\Program Files\ainqngz5.2\uninstall.exe
f06fb28d3a6db3fbd7e462bb6322af56	c:\Program Files\updatr\oovmdw_70745.exe
927b4252817c5d2b7c57c0c84e72fcfc	c:\Program Files\updatr\union.exe
927b4252817c5d2b7c57c0c84e72fcfc	c:\Program Files\updatr\yunbo0717.exe

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

Company Name: yunbo.cn
Product Name: ${PRODUCT_NAME}
Product Version: 2014.07.25.112739
Legal Copyright:
Legal Trademarks:
Original Filename:
Internal Name:
File Version:
File Description:
Comments:
Language: Chinese (Simplified, PRC)

PE Sections

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Section MD5
.text	4096	23488	23552	4.48909	7ebfade271f75cb4c180603ab653af42
.rdata	28672	4496	4608	3.59139	9d6e96915262c9d1129a16fa0b02a19a
.data	36864	110456	1024	3.27356	dbf10679c897d0edeee280fffdad552f
.ndata	147456	40960	0	0	d41d8cd98f00b204e9800998ecf8427e
.rsrc	188416	71888	72192	4.94901	c9dfd0da2d130aad197f15eefd45660c

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

URL	IP
hxxp://yunbo.njdyx.cn/app.txt	61.160.251.6
hxxp://yunbo.njdyx.cn/guagua_77150006814.zip	61.160.251.6
hxxp://pxsw.n.shifen.com/
hxxp://baidubrs.dlmix.glb0.lxdns.com/client/dllw5/BDLogicUtils.dll
hxxp://swdownload.jomodns.com/sw-search-sp/client2/common/patch/19562458020/BDLogicUtils.dll
hxxp://baidubrs.dlmix.glb0.lxdns.com/client/dllv5/BDMReport.dll
hxxp://baidubrs.dlmix.glb0.lxdns.com/client/BDMReport.dll
hxxp://baidubrs.dlmix.glb0.lxdns.com/client/dllv3/BDMReport.dll
hxxp://swdownload.jomodns.com/sw-search-sp/client2/common/patch/19035267599/BDMReport.dll
hxxp://swdownload.jomodns.com/sw-search-shadu/client/dllv3/BDMReport.dll
hxxp://baidubrs.dlmix.glb0.lxdns.com/client/dllws/BDMNet.dll
hxxp://sxsw.n.shifen.com/
hxxp://swdownload.jomodns.com/sw-search-sp/client2/ditch/25288850097/BDMZipNewForWs.dll
hxxp://yunbo.njdyx.cn/pczh_107_306.zip	61.160.251.6
hxxp://admin.downloader.re63.cn/downcontainer/downLoadList.do	122.226.104.80
hxxp://admin.downloader.re63.cn/downcontainer/downLoadForGuaGua.do?recid=77150006814	122.226.104.80
hxxp://admin.downloader.re63.cn/downloader/start?dlver=G1.0.0&pname=guagua&pver=514&cmdtype=0&cmdid=77150006814&ad=0&oemid=0&fromurl=&webid=	122.226.104.80
hxxp://img001.com/tg_pic/1.png	36.250.9.8
hxxp://img001.com/tg_pic/2.png	36.250.9.8
hxxp://yunbo.njdyx.cn/wwwww_3340.zip	61.160.251.6
hxxp://img001.com/tg_pic/3.png	36.250.9.8
hxxp://c01.i06.arnic.hadns.net/0403/help1.html
hxxp://img001.com/tg_pic/4.png	36.250.9.8
hxxp://img001.com/tg_pic/5.png	36.250.9.8
hxxp://c01.i06.arnic.hadns.net/zhibo2.html?id=pczh_107_306.exe&en=2014-8-11&go=
hxxp://img001.com/tg_pic/mobo14-1-9.png	36.250.9.8
hxxp://sxcdn.kukuplay.com/support/mini/fyminiloader-min.js
hxxp://c.split.cnzz.com/stat.php?id=2701879&web_id=2701879
hxxp://dft.nc.fengyunzhibo.com/mini/fymini.htm?f=aiqingzhihui&code=null
hxxp://dlsw.baidu.com/sw-search-sp/client2/ditch/25288850097/BDMZipNewForWs.dll	180.76.22.47
hxxp://s.x.baidu.com/	180.76.2.46
hxxp://p.x.baidu.com/	123.125.65.152
hxxp://yunbo.luopf.cn/wwwww_3340.zip	61.160.251.6
hxxp://dlsw.baidu.com/sw-search-sp/client2/common/patch/19562458020/BDLogicUtils.dll	180.76.22.47
hxxp://dl1sw.baidu.com/client/dllw5/BDLogicUtils.dll	8.37.235.11
hxxp://dl1sw.baidu.com/client/dllws/BDMNet.dll	8.37.235.11
hxxp://update.aiqingzhihui.com/0403/help1.html	218.76.217.140
hxxp://dl1sw.baidu.com/client/dllv3/BDMReport.dll	8.37.235.11
hxxp://dlsw.baidu.com/sw-search-shadu/client/dllv3/BDMReport.dll	180.76.22.47
hxxp://yunbo.luopf.cn/guagua_77150006814.zip	61.160.251.6
hxxp://dl1sw.baidu.com/client/dllv5/BDMReport.dll	8.37.235.11
hxxp://static.m0dlcdn.kukuplay.com/support/mini/fyminiloader-min.js	211.142.30.27
hxxp://dl1sw.baidu.com/client/BDMReport.dll	8.37.235.11
hxxp://tv.aiqingzhihui.com/zhibo2.html?id=pczh_107_306.exe&en=2014-8-11&go=	222.186.20.122
hxxp://dlsw.baidu.com/sw-search-sp/client2/common/patch/19035267599/BDMReport.dll	180.76.22.47
hxxp://s6.cnzz.com/stat.php?id=2701879&web_id=2701879	1.99.192.15
hxxp://yunbo.luopf.cn/pczh_107_306.zip	61.160.251.6
hxxp://cj.guagua.cn/downloader/start?dlver=G1.0.0&pname=guagua&pver=514&cmdtype=0&cmdid=77150006814&ad=0&oemid=0&fromurl=&webid=	122.226.104.80
dtrp.download.iyuntian.com	123.125.65.150
cfg.download.iyuntian.com	123.125.65.132
jp.download.iyuntian.com	123.125.65.154
c.cnzz.com	42.120.219.6
res.download.iyuntian.com	123.125.65.129
tk.download.iyuntian.com	123.125.69.209
rc.download.iyuntian.com	123.125.65.153
mini.fengyunzhibo.com	1.99.192.17
hzs17.cnzz.com	42.156.140.23
utk.download.iyuntian.com	123.125.65.147

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected
ET TROJAN VMProtect Packed Binary Inbound via HTTP - Likely Hostile
ET POLICY Unsupported/Fake Internet Explorer Version MSIE 5.

Traffic

<font color="red">GET /client/BDMReport.dll HTTP/1.1<br>

Accept: */*<br>

Accept-Language: zh-CN,zh,en-US<br>

Connection: Keep-Alive<br>

Host: dl1sw.baidu.com<br>

Range: bytes=1048576-<br>

Referer: hXXp://xf.baidu.com<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

<br>

</font><br><font color="blue">HTTP/1.0 206 Partial Content<br>

Expires: Tue, 09 Sep 2014 16:02:42 GMT<br>

Date: Sun, 10 Aug 2014 16:02:42 GMT<br>

Server: nginx<br>

Content-Type: application/octet-stream<br>

Last-Modified: Wed, 15 May 2013 01:54:31 GMT<br>

Cache-Control: max-age=2592000<br>

Accept-Ranges: bytes<br>

Content-Range: bytes 1048576-1207519/1207520<br>

Content-Length: 158944<br>

Age: 96470<br>

Via: 1.0 fjqz153:8080 (Cdn Cache Server V2.0), 1.0 sdbz73:8104 (Cdn Cache Server V2.0), 1.0 jg9:8888 (Cdn Cache Server V2.0)<br>

Connection: close<br>

Content-Disposition: attachment;filename="BDMReport.dll"<br>

Access-Control-Allow-Origin: *<br>

Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD<br><pre>........4.............................................................<br>......................................................................<br>................................................ .....................<br>......................................................................<br>................................................................s.c.p.<br>h.....f.u.n.c.w.n.d...s.t.m.d.....e.l.e.v.a.t.e...s.e.l.p.l.u.g.i.n...<br>m.o.d...B.D.M.P.r.o.c.e.s.s.T.y.p.e._.R.u.n.O.t.h.e.r...B.D.M.P.r.o.c.<br>e.s.s.T.y.p.e._.G.a.m.e.A.c.c.....B.D.M.P.r.o.c.e.s.s.T.y.p.e._.U.p.d.<br>a.t.e...B.D.M.P.r.o.c.e.s.s.T.y.p.e._.R.t.p.S.v.c...B.D.M.P.r.o.c.e.s.<br>s.T.y.p.e._.T.r.a.y...B.D.M.P.r.o.c.e.s.s.T.y.p.e._.M.a.i.n.F.r.a.m.e.<br>....B.D.M.P.r.o.c.e.s.s.T.y.p.e._.U.n.k.o.n.w...I.n.v.a.l.i.d. .D.a.t.<br>e.T.i.m.e.S.p.a.n.....I.n.v.a.l.i.d. .D.a.t.e.T.i.m.e.....T.y.p.e.L.i.<br>b...S.o.f.t.w.a.r.e.....S.Y.S.T.E.M.....S.E.C.U.R.I.T.Y.....S.A.M...M.<br>i.m.e.....H.a.r.d.w.a.r.e.....I.n.t.e.r.f.a.c.e...F.i.l.e.T.y.p.e.....<br>C.o.m.p.o.n.e.n.t. .C.a.t.e.g.o.r.i.e.s.....D.e.l.e.t.e.....N.o.R.e.m.<br>o.v.e.....F.o.r.c.e.R.e.m.o.v.e...V.a.l...B...D...M...S...0u..........<br>@.....................................................................<br>...................................................@.......@..........<br>.....@...............@...............@...............@...............@<br>...............@...............@...............@...............@......<br>.........@...................@...............@...............@........<br>[email protected].@..........:..D.@..........;[email protected] ..</pre><<< skipped >>></font><br><br

<font color="red">GET /guagua_77150006814.zip HTTP/1.0<br>

Host: yunbo.luopf.cn<br>

User-Agent: NSISDL/1.2 (Mozilla)<br>

Accept: */*<br>

<br>

</font><br><font color="blue">HTTP/1.1 200 OK<br>

Content-Length: 921448<br>

Content-Type: application/x-zip-compressed<br>

Last-Modified: Thu, 24 Jul 2014 04:31:48 GMT<br>

Accept-Ranges: bytes<br>

ETag: "76aed22ef8a6cf1:32d"<br>

Server: Microsoft-IIS/6.0<br>

Date: Mon, 11 Aug 2014 18:50:50 GMT<br>

Connection: close<br><pre>MZ......................@.............................................<br>..!..L.!This program cannot be run in DOS mode....$........J... ... ..<br>. ...#... ..j#... ....... ...#... ..j#... ... ...)...'... ...'..J ...'<br>..r ... ... ...'... ..Rich. ..................PE..L....}.S............<br>[email protected].............@..........................@............<br>[email protected].......<br>........................................H.......................@.....<br>...............text...s........................... ..`.rdata...D......<br>.P..................@[email protected][email protected].<br>..xb.......p..................@..@....................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>..................................................................</pre><<< skipped >>></font><br><br

<font color="red">GET /sw-search-sp/client2/ditch/25288850097/BDMZipNewForWs.dll HTTP/1.1<br>

Accept: */*<br>

Accept-Language: zh-CN,zh,en-US<br>

Connection: Keep-Alive<br>

Host: dlsw.baidu.com<br>

Range: bytes=6815744-<br>

Referer: hXXp://dlsw.baidu.com/<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

<br>

</font><br><font color="blue">HTTP/1.1 206 Partial Content<br>

Server: JSP3/2.0.0-b<br>

Date: Mon, 11 Aug 2014 18:50:46 GMT<br>

Content-Type: application/x-msdownload<br>

Content-Length: 19188560<br>

Connection: close<br>

ETag: c7062e404128917808756500d58121ee<br>

Last-Modified: Fri, 11 Jul 2014 14:29:11 GMT<br>

Expires: Tue, 12 Aug 2014 15:00:39 GMT<br>

Age: 186607<br>

Content-Range: bytes 6815744-26004303/26004304<br>

Access-Control-Allow-Origin: *<br>

Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE<br>

Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id<br>

Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length<br>

Accept-Ranges: bytes<br>

x-bs-version: DD1C492BA7010AF29AF13DA0A61E68AF<br>

x-bs-request-id: MTAuNDYuMjMxLjQwOjgwODA6MjcwNDI3OTU1MDoyOC9KdWwvMjAxNCAyMzowMDozOCA=<br>

x-bs-meta-crc32: 2839405489<br>

Content-MD5: c7062e404128917808756500d58121ee<br>

x-bs-client-ip: MTgwLjc2LjIyLjc5<br><pre>..v$a..Y...g.[....h.lRy>.\...G.s.[M ..X_YP.)...H....l.0.*....|a.b.Y<br>2p&........7..3*(..;...X...(..f.3.._.].A.#.S....J.....l...'@.<..2..<br>E....&P...D..}.i4...)..V...bV-...da.|.................yt.F...l.s};!..U<br>...C."m....4.z..o.......=...0...X.r.ZvY3....7U'..y..D,(.kf.l...*..1...<br>DN............M........y.$...q .......|H..a..j..K}.... #c\q..>.T...<br>.....8d..B.zE4....6#....f.0..q..!.......P...k..6...!.....X2...........<br>X..,...c....3.Z..(...*...p.Wve.b..C...pq...1....q.X.`.'....6s.-....`..<br>.......m'...i .......~......g.....B...P.Xm4$U.....!.oZ.|X. .}zK$K..i..<br>W.=1:)F.J../..(|1/.........G]z6<r.;.N..._s,#>.U...r.3.3..n.-....<br>..........&F....B...J.].X-..xIT....Z.>...u..|.G.......y/..$...f.'r&<br>..q.|.5>[email protected].<q.A. ..W........W..Z.2>.....<br>...o^....\~..s)2.i.......N.\....G..(,.>J..L..9$...b)....V*8.....X..<br>X.....h/.yY.}.[E.>E[........\.o.....nD.BG..o.......\..y..Q6.t.....F<br>.............a"&...z..oK.......$S..$KPWW...LB...%......V..{.mz.m....!.<br>.7.::g..R..>[..Z.........&XA..RX.....-.....U.2......L.]...f,...S.%.<br>.N..B......NT.. *..Bz.BT....I.X...[.~L..~|[email protected]......:"T<br>.~,.~d...(.....["EL..Jam......Z...Nb..\............xq.........k...c...<br>.c.Y!..j).X``..(04...k...V...).A.6.;...B5]..u.-.@.).]g..X..T?.~].....j<br>R..HE..../....e8.*.......\.N.Or.yj.@.....=...../,....k..cKX>B....E.<br>:.."...V..q.<XI|..x.....ft_..).?.5[...i...a.|.Z~......c..KYhIrB..h.<br>.5...v.O.A...t(.&. `b.G4.......v.9..]>...*)'..w..@C.=T.F.V!.A."....<br>q.....2![....w..f..z....p..Mz.........;...>.l .Ac..]'..*|e....b</pre><<< skipped >>></font><br><br

<font color="red">GET /pczh_107_306.zip HTTP/1.0<br>

Host: yunbo.luopf.cn<br>

User-Agent: NSISDL/1.2 (Mozilla)<br>

Accept: */*<br>

<br>

</font><br><font color="blue">HTTP/1.1 200 OK<br>

Content-Length: 415552<br>

Content-Type: application/x-zip-compressed<br>

Last-Modified: Sun, 13 Jul 2014 03:35:27 GMT<br>

Accept-Ranges: bytes<br>

ETag: "f81e17d4b9ecf1:32d"<br>

Server: Microsoft-IIS/6.0<br>

Date: Mon, 11 Aug 2014 18:51:09 GMT<br>

Connection: close<br><pre>MZ......................@.............................................<br>..!..L.!This program cannot be run in DOS mode....$.......B.e|.../.../<br>.../.../.../..T/.../..V/.../.../.../R.;/.../e.!/.../.../.../..Q/.../Ri<br>ch.../........................PE..L......N.................t..........<br>.>............@..........................@.........................<br>.................................pp...................................<br>......................................................................<br>..text....s.......t.................. ..`.rdata..Z............x.......<br>.......@[email protected][email protected]...`...`.....<br>......................rsrc...pp.......r..................@..@.........<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>...............................................U....\.}..t .}.F.E.u..H<br>....._B..H.P.u..u..u...\[email protected]._B..E.WP.u...`[email protected]...<br>d.@..}[email protected]... M.......M....3.....FQ.....NU..M..<br>........VT..U.....FP..E...............E.P.M...H.@..E...E.P.E.P.u...h.@<br>..u....E..9}[email protected].}[email protected]<br>[email protected][email protected] [email protected].@._<br>^3.[.....L$..(_B...Si.....VW.T.....tO.q.3.;5,_B.sB..i......D.......t.G<br>.....t...O..t .....u...3....3...F.....;5,_B.r._^[...U..QQ.U.SV..i.</pre><<< skipped >>></font><br><br

<font color="red">GET /app.txt HTTP/1.0<br>

Host: yunbo.njdyx.cn<br>

User-Agent: NSISDL/1.2 (Mozilla)<br>

Accept: */*<br>

<br>

</font><br><font color="blue">HTTP/1.1 200 OK<br>

Content-Length: 1321<br>

Content-Type: text/plain<br>

Last-Modified: Fri, 25 Jul 2014 03:40:40 GMT<br>

Accept-Ranges: bytes<br>

ETag: "1e984b34baa7cf1:32d"<br>

Server: Microsoft-IIS/6.0<br>

Date: Mon, 11 Aug 2014 18:50:48 GMT<br>

Connection: close<br><pre>[xxx1]..aa=souhu..bb=guagua_77150006814.exe..cc=hXXp://yunbo.luopf.cn/<br>guagua_77150006814.zip..dd=..[xxx2]..aa=..........bb=pczh_107_306.exe.<br>.cc=hXXp://yunbo.luopf.cn/pczh_107_306.zip..dd=..[xxx3]..aa=....fm..bb<br>=wwwww_3340.exe..cc=hXXp://yunbo.luopf.cn/wwwww_3340.zip..dd=..[xxx4].<br>.aa=sd..bb=spkjrjp_30279.exe..cc=hXXp://yunbo.luopf.cn/spkjrjp_30279.z<br>ip..dd=..[xxx5]..aa=tianqi..bb=tqrlsimp27_dubo_001.exe..cc=hXXp://yunb<br>o.luopf.cn/tqrlsimp27_dubo_001.zip..dd=..[xxx6]..aa=......bb=adwoca_00<br>005.exe..cc=hXXp://yunbo.luopf.cn/adwoca_00005.zip..dd=..[xxx7]..aa=bd<br>yy..bb=BaiduPlayerNetSetup_429.exe..cc=hXXp://yunbo.luopf.cn/BaiduPlay<br>erNetSetup_429.zip..dd=..[xxx8]..aa=jinritianqi..bb=Dailytq_s[134].exe<br>..cc=hXXp://yunbo.luopf.cn/Dailytq_s[134].zip..dd=..[xxx9]..aa=QQ..bb=<br>QQPCDownload70259.exe..cc=hXXp://yunbo.luopf.cn/QQPCDownload70259.zip.<br>.dd=..[xxx10]..aa=gouwu..bb=bestoffers_1[1].3.6.8_cn.exe..cc=hXXp://yu<br>nbo.luopf.cn/bestoffers_1[1].3.6.8_cn.zip..dd=..[xxx11]..aa=zhezi..bb=<br>zhezi_setup_Z6F9.exe..cc=hXXp://yunbo.luopf.cn/zhezi_setup_Z6F9.zip..d<br>d=..[xxx12]..aa=......bb=ADMon.29068.exe..cc=hXXp://yunbo.luopf.cn/ADM<br>on.29068.zip..dd=..[xxx13]..aa=......bb=dmmenu.29071.exe..cc=hXXp://yu<br>nbo.luopf.cn/dmmenu.29071.zip..dd=..[xxx14]..aa=..........bb=setup_462<br>9_p3c0.exe..cc=hXXp://yunbo.luopf.cn/setup_4629_p3c0.zip..dd=..</pre><<< skipped >>></font><br><br

<font color="red">GET /sw-search-sp/client2/ditch/25288850097/BDMZipNewForWs.dll HTTP/1.1<br>

Accept: */*<br>

Accept-Language: zh-CN,zh,en-US<br>

Connection: Keep-Alive<br>

Host: dlsw.baidu.com<br>

Range: bytes=13893632-<br>

Referer: hXXp://dlsw.baidu.com/<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

<br>

</font><br><font color="blue">HTTP/1.1 206 Partial Content<br>

Server: JSP3/2.0.0-b<br>

Date: Mon, 11 Aug 2014 18:50:56 GMT<br>

Content-Type: application/x-msdownload<br>

Content-Length: 12110672<br>

Connection: close<br>

ETag: c7062e404128917808756500d58121ee<br>

Last-Modified: Fri, 11 Jul 2014 14:29:11 GMT<br>

Expires: Tue, 12 Aug 2014 15:00:39 GMT<br>

Age: 186617<br>

Content-Range: bytes 13893632-26004303/26004304<br>

Access-Control-Allow-Origin: *<br>

Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE<br>

Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id<br>

Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length<br>

Accept-Ranges: bytes<br>

x-bs-version: DD1C492BA7010AF29AF13DA0A61E68AF<br>

x-bs-request-id: MTAuNDYuMjMxLjQwOjgwODA6MjcwNDI3OTU1MDoyOC9KdWwvMjAxNCAyMzowMDozOCA=<br>

x-bs-meta-crc32: 2839405489<br>

Content-MD5: c7062e404128917808756500d58121ee<br>

x-bs-client-ip: MTgwLjc2LjIyLjc5<br><pre>M>xQc...V..N..y=.^..._z#g.2.........u..ii\mp..=2.A.$.k1G...;..v..!.<br>.Bg.J...G_.. .4-.......{[email protected]./....[dW.].<br>gF;7}..]...lr..B%.Xa.d....i...@.:cBl]V......p'...o....]....X..C."...*K<br>7epC&v..~..V.....~.]s...i.cYP...B..|...s7..@E...]_......o.9*..98..E...<br>.-.!..S...f... .....*R.Mh.ou{..N.z....YQV_B.._.B....6...F.qs......\.r.<br>.y^sE..S.D}..U...2..-.....A.|&.3:.7.%.lHs..2...}.... fF..m.i....f.*...<br>K....H._v;....l.mAw.v...Z........o...wo.8.........u.GW,ak..l....qD....<br>...}[email protected]/....$WD'..)%.<e.94......R..5!;.k.?.^........h<a.*.V<br>E.:.Z.J.....z.dF=m....JV..}'..1a.:....![.8M.g ... G............5..?T.|<br>>...Td..v.2..}.I:tp"..u):;.<..\...U......F^.#/5.5..z..b..R.>t<br>=*I.*.%.\l.6=.....]x..S...M....$...\.cV\......92........*6rVm..Z......<br>F.!..(..............R...0.h...z/........X.a.....D2....7....Cc ..E.._H;<br>......-v..............#..{o...dJ|$?4%8ha...O......u......T^.....3..8.V<br>....WIZ%#..C)..... \b...U.Pv*.*........}!jECo..*~.._.!|.....WH..n.LN6.<br>..V.......$/>.w.p.h.l.Q...E..4....{.E$..:.$oK....._#....,..y..B.T..<br>b..o$..W&A....m8..X......D;....-h.k..)P.....k-'.g.6.6....O...mG.....6J<br>-%.6..t..X..~...>X.C.7...{....pm9z-..=...V..NH.....|.g....4U.U..@.;<br>.....F.,.......7...-$.l.zD.......P.#.45..P..Q]..3'........O..se!.o...J<br>.3.-F(y..e.f .....,.z.A...Z......{.b.K.y.&..H...Z]a.........\X...F7 ..<br>...IBR.sl..=.Af8..w'.F.....6^....j...`....w....).O..D'GlT.M.(.6...s.T;<br>...[.l7...J*..Z(..L.!/t..B\<..>...4kc.../.D........../..X..I..,.<br>......m.d....Vl.hO5..r..W.KR.0..rj9.iQG.7.....ty..,&../......Z!..%</pre><<< skipped >>></font><br><br

<font color="red">GET /client/dllws/BDMNet.dll HTTP/1.1<br>

Accept: */*<br>

Accept-Language: zh-CN,zh,en-US<br>

Connection: Keep-Alive<br>

Host: dl1sw.baidu.com<br>

Range: bytes=425984-<br>

Referer: hXXp://dl1sw.baidu.com/<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

<br>

</font><br><font color="blue">HTTP/1.0 206 Partial Content<br>

Expires: Wed, 27 Aug 2014 23:18:00 GMT<br>

Date: Mon, 28 Jul 2014 23:18:00 GMT<br>

Server: nginx<br>

Content-Type: application/octet-stream<br>

Last-Modified: Thu, 10 Apr 2014 08:10:19 GMT<br>

Cache-Control: max-age=2592000<br>

Accept-Ranges: bytes<br>

Content-Range: bytes 425984-1178447/1178448<br>

Content-Length: 752464<br>

Age: 1193554<br>

Via: 1.0 wzpy201:80 (Cdn Cache Server V2.0), 1.0 shiben9:8888 (Cdn Cache Server V2.0)<br>

Connection: close<br>

Content-Disposition: attachment;filename="BDMNet.dll"<br>

Access-Control-Allow-Origin: *<br>

Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD<br><pre>.L$.SV.0;1Ws....x....Y..X..1.y..2;0s....z....X..Z..0.x...;.s..9.p..8.y<br>..x....q._^[..............SV.t$..D6.;.W..}$.<.;|..s.....<..<.<br>.|...|.....D..;.|.u..D......D...D...r..|$..F.. ...;.}(..$....9<.s..<br>......T...T........ ...;.|..D$..<._.D..^[........SUVr..G....G.WP.L$<br>..!....t$,...\$$.l$ u.3....D$(...t...t.;.t...... ...u.3......t...t.;l$<br>.t...... \$....L$.j.j.QVP.......^][..............QS.\$.UV.t$...9u.W.|$<br>$r.9{.s.......M..T$... .;.s....T$..C. ..|$(;.s...... . .;.w..'....E..T<br>$..... . ... .;..L$..\$.s>...v.......T$..E.;.s..M.QS...Z....T$.....<br>u.....].r..E....E....;l$ .].t}.E....r....T$(...\$(...r........T$.R.T$,<br>...T$  .R ...P..Q......D$0....x..r....Q.........E....r.......W.|$(..R <br>.P..Q......N...;.w|.E....r..........r....T$ ...\$ .T$$W.. .QP.D$,..P..<br>....E.......r....L$$...\$$...r........T$.R.T$(...T$  .R ...P..Q.K.....<br>....D$$;.wr.E....r....L$ ...\$ ...r........T$.R.T$$...T$  .R ...P..Q..<br>....E.......r..........r.......W.|$(..R .P..Q......T......;..E.w....r.<br>...T$ ...\$ ...r........T$.R.T$$...T$  .R ...P..Q.HK...E.......r......<br>....r. L$....L$$W.. .Q....... L$....L$$W.. .Q..........r..........r...<br>.T$ ...\$ .T$.R.T$(.. .QP.D$,..P..J...E.......r....L$ ...\$ ...r......<br>..T$.R.T$$...T$  .R ...P..Q..J...E.......r....L$ ...\$ ...r....T$....\<br>$..T$$.. L$. .Q.L$$...T$...Q.L$$.. ...PR.9J...D$ ....}...E.r..._....^.<br>.][Y.............D$.;D$.S.\$.U.l$.tNVW............u.......M..M.;.r....<br>...E.;.w. ..U..D$............;D$.....D$.u._^.D$..h.].X.......[........<br>....SU.l$0VW.........D$ ;D$,.......|$.............u.. ....D$ .O..O</pre><<< skipped >>></font><br><br

<font color="red">GET /client/dllv5/BDMReport.dll HTTP/1.1<br>

Accept: */*<br>

Accept-Language: zh-CN,zh,en-US<br>

Connection: Keep-Alive<br>

Host: dl1sw.baidu.com<br>

Referer: hXXp://dl1sw.baidu.com/<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

<br>

</font><br><font color="blue">HTTP/1.0 200 OK<br>

Expires: Tue, 09 Sep 2014 15:52:41 GMT<br>

Date: Sun, 10 Aug 2014 15:52:41 GMT<br>

Server: nginx<br>

Content-Type: application/octet-stream<br>

Content-Length: 1207520<br>

Last-Modified: Wed, 30 Apr 2014 05:24:32 GMT<br>

Cache-Control: max-age=2592000<br>

Accept-Ranges: bytes<br>

Age: 97069<br>

Via: 1.0 sdytwt85:88 (Cdn Cache Server V2.0), 1.0 tswt79:80 (Cdn Cache Server V2.0), 1.0 shiben14:10001 (Cdn Cache Server V2.0)<br>

Connection: close<br>

Content-Disposition: attachment;filename="BDMReport.dll"<br>

Access-Control-Allow-Origin: *<br>

Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD<br><pre>MZ......................@.............................................<br>..!..L.!This program cannot be run in DOS mode....$.......M......S...S<br>...S.Y.S...S.[.S...S.[.S...S...S...S.[.S!..S...S...S...S...S.[.Sd..S.[<br>.S...S.[.S...S...S...S.[.S...SRich...S........................PE..L...<br>.!.Q...........!.....P... ......u........`............................<br>...........................................j.......V..................<br>[email protected]..@............`<br>..t............................text....O.......P.................. ..`<br>.rdata..1....`.......`..............@[email protected][email protected]........<br>[email protected]...............................@[email protected]..............<br>[email protected]..................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>..................................................................</pre><<< skipped >>></font><br><br

<font color="red">GET /client/dllw5/BDLogicUtils.dll HTTP/1.1<br>

Accept: */*<br>

Accept-Language: zh-CN,zh,en-US<br>

Connection: Keep-Alive<br>

Host: dl1sw.baidu.com<br>

Referer: hXXp://dl1sw.baidu.com/<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

<br>

</font><br><font color="blue">HTTP/1.0 200 OK<br>

Expires: Tue, 09 Sep 2014 15:52:20 GMT<br>

Date: Sun, 10 Aug 2014 15:52:20 GMT<br>

Server: nginx<br>

Content-Type: application/octet-stream<br>

Content-Length: 924496<br>

Last-Modified: Tue, 06 May 2014 06:31:30 GMT<br>

Cache-Control: max-age=2592000<br>

Accept-Ranges: bytes<br>

Age: 97087<br>

Via: 1.0 hzh64:8104 (Cdn Cache Server V2.0), 1.0 sdbz23:8080 (Cdn Cache Server V2.0), 1.0 jg9:51020 (Cdn Cache Server V2.0)<br>

Connection: close<br>

Content-Disposition: attachment;filename="BDLogicUtils.dll"<br>

Access-Control-Allow-Origin: *<br>

Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD<br><pre>MZ......................@.............................................<br>..!..L.!This program cannot be run in DOS mode....$.......V.h.........<br>......x.....5.{.....5.k.......Y.......[.............5.h.f...5.t.C...5.<br>|.....5.z.............5.~.....Rich............................PE..L...<br>\.hS...........!.........0.......;....................................<br>... ......................................`.......|........P..........<br>........P....`[email protected]...@.............<br>...............................text............................... ..`<br>.rdata..Z...........................@[email protected]............<br>[email protected].........@....... [email protected]......<br>.0..............@[email protected].......`.......@[email protected]..........<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>..................................................................</pre><<< skipped >>></font><br><br

<font color="red">GET /client/dllws/BDMNet.dll HTTP/1.1<br>

Accept: */*<br>

Accept-Language: zh-CN,zh,en-US<br>

Connection: Keep-Alive<br>

Host: dl1sw.baidu.com<br>

Range: bytes=983040-<br>

Referer: hXXp://dl1sw.baidu.com/<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

<br>

</font><br><font color="blue">HTTP/1.0 206 Partial Content<br>

Expires: Wed, 27 Aug 2014 23:18:00 GMT<br>

Date: Mon, 28 Jul 2014 23:18:00 GMT<br>

Server: nginx<br>

Content-Type: application/octet-stream<br>

Last-Modified: Thu, 10 Apr 2014 08:10:19 GMT<br>

Cache-Control: max-age=2592000<br>

Accept-Ranges: bytes<br>

Content-Range: bytes 983040-1178447/1178448<br>

Content-Length: 195408<br>

Age: 1193554<br>

Via: 1.0 wzpy201:80 (Cdn Cache Server V2.0), 1.0 shiben9:8888 (Cdn Cache Server V2.0)<br>

Connection: close<br>

Content-Disposition: attachment;filename="BDMNet.dll"<br>

Access-Control-Allow-Origin: *<br>

Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD<br><pre>".......................................`...".......$.................<br>..................................".......P...........................<br>.... .......*...".......................................`.......j...".<br>.................................................."...................<br>................................................".......(.............<br>..................................$...".......l.......................<br>........x.......P.......Z.......d.......n...........................".<br>.........................................................."...........<br>................................".......H.............................<br>..0...".......t...............................j.......`..."...........<br>....................................................6.................<br>......"...........................................".......,...........<br>................................".......X.............................<br>.. ...".......................................`.......j..."...........<br>....................................................O]................<br>......"...................................................".......D...<br>........................................".......x.....................<br>..........0.......:...".......................................`.......<br>j..."...........................................".....................<br>..............................".......@...............................<br>............"[email protected]...".....<br>..................................p.......x..."...................</pre><<< skipped >>></font><br><br

<font color="red">GET /client/dllws/BDMNet.dll HTTP/1.1<br>

Accept: */*<br>

Accept-Language: zh-CN,zh,en-US<br>

Connection: Keep-Alive<br>

Host: dl1sw.baidu.com<br>

Range: bytes=786432-<br>

Referer: hXXp://dl1sw.baidu.com/<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

<br>

</font><br><font color="blue">HTTP/1.0 206 Partial Content<br>

Expires: Tue, 09 Sep 2014 15:52:24 GMT<br>

Date: Sun, 10 Aug 2014 15:52:24 GMT<br>

Server: nginx<br>

Content-Type: application/octet-stream<br>

Last-Modified: Thu, 10 Apr 2014 08:10:19 GMT<br>

Cache-Control: max-age=2592000<br>

Accept-Ranges: bytes<br>

Content-Range: bytes 786432-1178447/1178448<br>

Content-Length: 392016<br>

Age: 97090<br>

Via: 1.0 sdytwt89:8104 (Cdn Cache Server V2.0), 1.0 tswt88:8080 (Cdn Cache Server V2.0), 1.0 jg11:51020 (Cdn Cache Server V2.0)<br>

Connection: close<br>

Content-Disposition: attachment;filename="BDMNet.dll"<br>

Access-Control-Allow-Origin: *<br>

Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD<br><pre>.M...8...}.........E...(.E.......E......M..Q....T$..B..J.3.......,0...<br>...........M..H....T$..B..J.3..q....X0...k.................E.P.7.....E<br>.P.-.....E.P..W....T$..B..J.3.. .....0...%...........E....P.tW....T$..<br>B..J.3........0................E...........e...M...D.......M..l....T$.<br>.B..J.3........0.........E...........e...M...D.......M..|....T$..B..J.<br>3..u....(1...o.....M..h....T$..B..J.3..Q....T1...K.................E..<br>.........e...M...D.%.....M.......T$..B..J.3........1.........E.P..V...<br>.E.P..U....u..t....T$..B..J.3...~....1.................E.......E.P....<br>...E.P..V....E...........e...M.Q..U....E.P.1V....E.P.wV....E.P..V....E<br>.P..O....E.P..V....E.P..L....E.P.%.....T$..B..J.3..-~...@2...'........<br>.....M...^...E....P.......E....P..C....T$..B..J.3...}...|2...........M<br>...^...T$..B..J.3...}....2.....................E....P..y....M.....8E..<br>.T$..B..J.3...}....2...{.................M..(^...E....P..Q....E......g<br>...T$..B..J.3..9}....3...3.........M...]...E....P.,y....M......D...T$.<br>.B..J.3...|...T3..............r...T$....J.3...|....3.........kB...E...<br>.P..B....E......P..B....M...$....q;...E..,...P.C.....M...L....D]...or.<br>..T$..B..J.3..h|....3...b........M...]...E...........e...M...]....M...<br>\...T$..B..J.3.. |......J.3...|....4.......................M...6...M..<br>.....T$..B..J.3...{...L4.............M...\...M.......T$..B..J.3...{...<br>.4.............E..._...T$..B..J.3...{....4...{.................E...^..<br>.T$..B..J.3..Q{....4...K.................M...[...T$..B..J.3..!{...@5..<br>...................E...........e...M...[....T$..B..J.3...z...l5...</pre><<< skipped >>></font><br><br

<font color="red">GET /client/dllw5/BDLogicUtils.dll HTTP/1.1<br>

Accept: */*<br>

Accept-Language: zh-CN,zh,en-US<br>

Connection: Keep-Alive<br>

Host: dl1sw.baidu.com<br>

Referer: hXXp://dl1sw.baidu.com/<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

<br>

</font><br><font color="blue">HTTP/1.0 200 OK<br>

Expires: Mon, 08 Sep 2014 06:25:46 GMT<br>

Date: Sat, 09 Aug 2014 06:25:46 GMT<br>

Server: nginx<br>

Content-Type: application/octet-stream<br>

Content-Length: 924496<br>

Last-Modified: Tue, 06 May 2014 06:31:30 GMT<br>

Cache-Control: max-age=2592000<br>

Accept-Ranges: bytes<br>

Age: 217481<br>

Via: 1.0 wzpy220:8080 (Cdn Cache Server V2.0), 1.0 shiben10:10001 (Cdn Cache Server V2.0)<br>

Connection: close<br>

Content-Disposition: attachment;filename="BDLogicUtils.dll"<br>

Access-Control-Allow-Origin: *<br>

Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD<br><pre>MZ......................@.............................................<br>..!..L.!This program cannot be run in DOS mode....$.......V.h.........<br>......x.....5.{.....5.k.......Y.......[.............5.h.f...5.t.C...5.<br>|.....5.z.............5.~.....Rich............................PE..L...<br>\.hS...........!.........0.......;....................................<br>... ......................................`.......|........P..........<br>........P....`[email protected]...@.............<br>...............................text............................... ..`<br>.rdata..Z...........................@[email protected]............<br>[email protected].........@....... [email protected]......<br>.0..............@[email protected].......`.......@[email protected]..........<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>..................................................................</pre><<< skipped >>></font><br><br

<font color="red">GET /sw-search-shadu/client/dllv3/BDMReport.dll HTTP/1.1<br>

Accept: */*<br>

Accept-Language: zh-CN,zh,en-US<br>

Connection: Keep-Alive<br>

Host: dlsw.baidu.com<br>

Range: bytes=1114112-<br>

Referer: hXXp://xf.baidu.com<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

<br>

</font><br><font color="blue">HTTP/1.1 206 Partial Content<br>

Server: JSP3/2.0.0-b<br>

Date: Mon, 11 Aug 2014 18:50:32 GMT<br>

Content-Type: application/x-msdownload<br>

Content-Length: 93408<br>

Connection: close<br>

ETag: 30cbc602ada7cdfb0346038c05996d84<br>

Last-Modified: Thu, 20 Jun 2013 06:27:51 GMT<br>

Expires: Tue, 12 Aug 2014 14:59:13 GMT<br>

Age: 186679<br>

Content-Range: bytes 1114112-1207519/1207520<br>

Access-Control-Allow-Origin: *<br>

Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE<br>

Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id<br>

Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length<br>

Accept-Ranges: bytes<br>

x-bs-version: 21BEDF37C0B754EE14FE2C8B0543B5C0<br>

x-bs-request-id: MTAuNTguMzQuMTk6ODA4MDoxMzEyMjA1MTYxOjI4L0p1bC8yMDE0IDIyOjU5OjA1IA==<br>

x-bs-meta-crc32: 2965621797<br>

Content-MD5: 30cbc602ada7cdfb0346038c05996d84<br>

x-bs-client-ip: MTgwLjc2LjIyLjExNQ==<br><pre>[email protected][email protected].........<br>..........................".......@...................................<br>........0................... [email protected].........................<br>.............."...................................".......(...........<br>......................................................................<br>..................................@...................................<br>................"...................................................".<br>......................................0.......8..."...................<br>....................`.......p.......h...".......@.....................<br>[email protected]...................................|..."...........<br>................................".....................................<br>..............".......................................0...".......4...<br>............................`...".......`.............................<br>..............".......................................................<br>....".......................................0...".....................<br>..................p...".......(.......................................<br>....................".......T...................................".....<br>..................................0.......8.......@..."...............<br>........................p.......x...........".........................<br>..........".......`...................................................<br>................"...$.................................................<br>..................................................................</pre><<< skipped >>></font><br><br

<font color="red">GET /sw-search-sp/client2/ditch/25288850097/BDMZipNewForWs.dll HTTP/1.1<br>

Accept: */*<br>

Accept-Language: zh-CN,zh,en-US<br>

Connection: Keep-Alive<br>

Host: dlsw.baidu.com<br>

Referer: hXXp://dlsw.baidu.com/<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

<br>

</font><br><font color="blue">HTTP/1.1 200 OK<br>

Server: JSP3/2.0.0-b<br>

Date: Mon, 11 Aug 2014 18:50:39 GMT<br>

Content-Type: application/x-msdownload<br>

Content-Length: 26004304<br>

Connection: close<br>

ETag: c7062e404128917808756500d58121ee<br>

Last-Modified: Fri, 11 Jul 2014 14:29:11 GMT<br>

Expires: Tue, 12 Aug 2014 15:00:39 GMT<br>

Age: 186600<br>

Access-Control-Allow-Origin: *<br>

Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE<br>

Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id<br>

Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length<br>

Accept-Ranges: bytes<br>

x-bs-version: DD1C492BA7010AF29AF13DA0A61E68AF<br>

x-bs-request-id: MTAuNDYuMjMxLjQwOjgwODA6MjcwNDI3OTU1MDoyOC9KdWwvMjAxNCAyMzowMDozOCA=<br>

x-bs-meta-crc32: 2839405489<br>

Content-MD5: c7062e404128917808756500d58121ee<br>

x-bs-client-ip: MTgwLjc2LjIyLjc5<br><pre>MZ......................@.............................................<br>..!..L.!This program cannot be run in DOS mode....$........h.M]...]...<br>].......Y...z...C...z...7...z...........^.......H...].......z.......z.<br>..\...z...\...]...\...z...\...Rich]...........PE..L......S...........!<br>......... ......................................................X.....<br>..............................M............ ...X..............P.......<br> _..................................X...@.............................<br>...............text............................... ..`.rdata..].......<br>....................@[email protected][email protected].<br>...X... ...`..................@[email protected]..............<br>@..B..................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>..................................................................</pre><<< skipped >>></font><br><br

<font color="red">GET /sw-search-sp/client2/ditch/25288850097/BDMZipNewForWs.dll HTTP/1.1<br>

Accept: */*<br>

Accept-Language: zh-CN,zh,en-US<br>

Connection: Keep-Alive<br>

Host: dlsw.baidu.com<br>

Range: bytes=13631488-<br>

Referer: hXXp://dlsw.baidu.com/<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

<br>

</font><br><font color="blue">HTTP/1.1 206 Partial Content<br>

Server: JSP3/2.0.0-b<br>

Date: Mon, 11 Aug 2014 18:50:52 GMT<br>

Content-Type: application/x-msdownload<br>

Content-Length: 12372816<br>

Connection: close<br>

ETag: c7062e404128917808756500d58121ee<br>

Last-Modified: Fri, 11 Jul 2014 14:29:11 GMT<br>

Expires: Tue, 12 Aug 2014 15:00:39 GMT<br>

Age: 186613<br>

Content-Range: bytes 13631488-26004303/26004304<br>

Access-Control-Allow-Origin: *<br>

Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE<br>

Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id<br>

Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length<br>

Accept-Ranges: bytes<br>

x-bs-version: DD1C492BA7010AF29AF13DA0A61E68AF<br>

x-bs-request-id: MTAuNDYuMjMxLjQwOjgwODA6MjcwNDI3OTU1MDoyOC9KdWwvMjAxNCAyMzowMDozOCA=<br>

x-bs-meta-crc32: 2839405489<br>

Content-MD5: c7062e404128917808756500d58121ee<br>

x-bs-client-ip: MTgwLjc2LjIyLjc5<br><pre>'...7~.. ..'X...W.#..S...].._...C..X.wb...s|.Lj^S.&WX...S.q.J,.;....0.<br>...d.o... H..yaE.N.%..%.=/.y.or......wF.]0...q\...P.7.3..x:.C.9.B(=r.B<br>......=..........y4..*}..p.zg.%[email protected]..[Nh=6..owx9...?..;.r.@......<br>].q.].-.. G..C..n._>.K......}...k.".k..D.)..]K.r...2..\....[ ...P..<br>.O8Rx...D.!W}S..."[NL. ......L.......xE.......0....`...l,P_.>.C9...<br>ww.8....:.....w....%...,..k-.Hp.....l....%.J.:.c.^....\1mw.r....t.....<br>....[..5.\...E.P.......u.Û.....C/..?G..?......bd..?e..J.....E1E.....<br>&..V..0.K!...[..!.....G. A7.......( DM.D..-.......^&J.......(......[1.<br>..,_.|.K.>y.....W...F2.8......O. .=.ud.p.".......'..W .?....qO...\9<br>:...O!.d...k.tj.. .9&...!HP.Ebn.....d.|..R.......b^..>~:..tu..9..."<br>my.x.....V.rU2..--.SS.>^&..v.oG.....P...._i...u...u?....q...&.jz...<br>wh..Bj...........I9.J$.._t....s.......8.......D..m...B....;.DY.A,.m..e<br>.D...w7..9..y..X;.$D...H.........Mp.D.......P>[email protected]<br>=......K.G.W~.[[...*..t..r<O!.x..h._.S...#..... }CPY#....a....@:...<br>"4uQ/K....[....Q:[email protected]*R...-..d...oK...G..T...... .<2..UK.<br>[email protected].(Q.!.........I.......9R......b.k.^"....<br>..b;..c........:..P..Z5w..w.m 7...JH.L8..'.v"[.......y;".8:-(0f.... .Z<br>........)~$.D .w..>sm(....S.Fxg ...>...6B#M...Q.....:..m.'V.,:..<br>.x[..z.lL...S.K........FE.n........b.._,]..vU......'[email protected])CFM(V..<br>._..Z ![..!...g'....w... ..Q.QR.*.<]e.,lG...2}.s......z....._..X...<br>..........:..m.`........f...B0..6Q.............I...2u.V...B"..5.,.G"&.<br> #..`.. .!Q...M.m..H....0.....&.."X..R......f...6.*}.H...b....g.T.</pre><<< skipped >>></font><br><br

<font color="red">POST / HTTP/1.1<br>

Connection: Keep-Alive<br>

Content-Length: 228<br>

Content-Type: application/octet-stream<br>

Host: s.x.baidu.com<br>

Keep-Alive: timeout=600,max=1000<br>

<br>

...p........" 8445a55eb3350c912a726b3795bf47c6(.28{.}L..fwD.......
..u..8..(8_.9........v.>.E.{[email protected].` ...h.%h...C}.K{T\QZa.L.`. .P!..~...L.<.:%.M.j..T\/$|.a.,.EDv....4.[7}E....x..>H..I....3G4.}...iI.F.`/wLZ....5.</font><br><font color="blue">HTTP/1.1 200 OK<br>

Server: iYuntianSvr<br>

Content-Type: application/octet-stream<br>

Keep-Alive: timeout=30<br>

Connection: Keep-Alive<br>

Content-Length: 140<br><pre>...p........" 8445a55eb3350c912a726b3795bf47c6(.28{.}L..fwD...........<br>u..8..(8_.9.........v.>.E.{[email protected].` .....%.Q..7...l.=.%<br>..'HTTP/1.1 200 OK..Server: iYuntianSvr..Content-Type: application/oct<br>et-stream..Keep-Alive: timeout=30..Connection: Keep-Alive..Content-Len<br>gth: 140.....p........" 8445a55eb3350c912a726b3795bf47c6(.28{.}L..fwD.<br>..........u..8..(8_.9.........v.>.E.{[email protected].` .....%.Q.<br>.7...l.=.%..'..</pre></font><br><br

<font color="red">GET /client/dllws/BDMNet.dll HTTP/1.1<br>

Accept: */*<br>

Accept-Language: zh-CN,zh,en-US<br>

Connection: Keep-Alive<br>

Host: dl1sw.baidu.com<br>

Range: bytes=884736-<br>

Referer: hXXp://dl1sw.baidu.com/<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

<br>

</font><br><font color="blue">HTTP/1.0 206 Partial Content<br>

Expires: Tue, 09 Sep 2014 15:52:24 GMT<br>

Date: Sun, 10 Aug 2014 15:52:24 GMT<br>

Server: nginx<br>

Content-Type: application/octet-stream<br>

Last-Modified: Thu, 10 Apr 2014 08:10:19 GMT<br>

Cache-Control: max-age=2592000<br>

Accept-Ranges: bytes<br>

Content-Range: bytes 884736-1178447/1178448<br>

Content-Length: 293712<br>

Age: 97091<br>

Via: 1.0 sdytwt89:8104 (Cdn Cache Server V2.0), 1.0 tswt88:8080 (Cdn Cache Server V2.0), 1.0 jg11:51020 (Cdn Cache Server V2.0)<br>

Connection: close<br>

Content-Disposition: attachment;filename="BDMNet.dll"<br>

Access-Control-Allow-Origin: *<br>

Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD<br><pre>............0...t.......................H...0...Unknown error...Succes<br>s.No match....Invalid regular expression..Invalid collation character.<br>....Invalid character class name, collating name, or character range..<br>..Invalid or unterminated escape sequence.....Invalid back reference: <br>specified capturing group does not exist....Unmatched [ or [^ in chara<br>cter class declaration....Unmatched marking parenthesis ( or \(...Unma<br>tched quantified repeat operator { or \{....Invalid content of repeat <br>range.....Invalid range end in character class....Out of memory.......<br>Invalid preceding regular expression prior to repetition operator...Pr<br>emature end of regular expression.Regular expression is too large.....<br>Unmatched ) or \)...Empty regular expression........The complexity of <br>matching the regular expression exceeded predefined bounds.  Try refac<br>toring the regular expression to make each choice made by the state ma<br>chine unambiguous.  This exception is thrown to prevent "eternal" matc<br>hes that take an indefinite period time to locate...Ran out of stack s<br>pace trying to match the regular expression...Invalid or unterminated <br>Perl (?...) sequence....Visual C   CRT: Not enough memory to complete <br>call to strerror..............Illegal byte sequence...Directory not em<br>pty.Function not implemented....No locks available..Filename too long.<br>..Resource deadlock avoided...Result too large....Domain error....Brok<br>en pipe.Too many links..Read-only file system...Invalid seek....No spa<br>ce left on device.File too large..Inappropriate I/O control operat</pre><<< skipped >>></font><br><br

<font color="red">GET /client/dllw5/BDLogicUtils.dll HTTP/1.1<br>

Accept: */*<br>

Accept-Language: zh-CN,zh,en-US<br>

Connection: Keep-Alive<br>

Host: dl1sw.baidu.com<br>

Range: bytes=753664-<br>

Referer: hXXp://dl1sw.baidu.com/<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

<br>

</font><br><font color="blue">HTTP/1.0 206 Partial Content<br>

Expires: Mon, 08 Sep 2014 06:25:46 GMT<br>

Date: Sat, 09 Aug 2014 06:25:46 GMT<br>

Server: nginx<br>

Content-Type: application/octet-stream<br>

Last-Modified: Tue, 06 May 2014 06:31:30 GMT<br>

Cache-Control: max-age=2592000<br>

Accept-Ranges: bytes<br>

Content-Range: bytes 753664-924495/924496<br>

Content-Length: 170832<br>

Age: 217482<br>

Via: 1.0 wzpy220:8080 (Cdn Cache Server V2.0), 1.0 shiben10:10001 (Cdn Cache Server V2.0)<br>

Connection: close<br>

Content-Disposition: attachment;filename="BDLogicUtils.dll"<br>

Access-Control-Allow-Origin: *<br>

Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD<br><pre>d(): ...Index out-of-bounds (field is empty).............^..`Y...Q..$.<br>..........CHECK failed: prototype != NULL: .....\src\google\protobuf\e<br>xtension_set_heavy.cc...CHECK failed: output->message_prototype != <br>NULL: ...Extension factory's GetPrototype() returned NULL for extensio<br>n: ....'.."..>....<....&..........................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>.................................Error when TiXmlDocument added to doc<br>ument, because TiXmlDocument can only be at the root...Error parsing C<br>DATA.....Error null (0) or unexpected EOF found in input stream..E</pre><<< skipped >>></font><br><br

<font color="red">GET /client/dllws/BDMNet.dll HTTP/1.1<br>

Accept: */*<br>

Accept-Language: zh-CN,zh,en-US<br>

Connection: Keep-Alive<br>

Host: dl1sw.baidu.com<br>

Range: bytes=589824-<br>

Referer: hXXp://dl1sw.baidu.com/<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

<br>

</font><br><font color="blue">HTTP/1.0 206 Partial Content<br>

Expires: Wed, 27 Aug 2014 23:18:00 GMT<br>

Date: Mon, 28 Jul 2014 23:18:00 GMT<br>

Server: nginx<br>

Content-Type: application/octet-stream<br>

Last-Modified: Thu, 10 Apr 2014 08:10:19 GMT<br>

Cache-Control: max-age=2592000<br>

Accept-Ranges: bytes<br>

Content-Range: bytes 589824-1178447/1178448<br>

Content-Length: 588624<br>

Age: 1193554<br>

Via: 1.0 wzpy201:80 (Cdn Cache Server V2.0), 1.0 shiben9:8888 (Cdn Cache Server V2.0)<br>

Connection: close<br>

Content-Disposition: attachment;filename="BDMNet.dll"<br>

Access-Control-Allow-Origin: *<br>

Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD<br><pre>P.M.............P...=....E.^..U.... SVW.?...3.9.\}...E..]..]..].......<br>hxa....8.....;...y....5....hla..W..;...c...P.......$\a..W.\}....P.q...<br>..$Ha..W.`}....P.\....d}...E.P.$.....YYt.SSSSS.&~......}..u,h,a..W..P.<br>'...;.Y.l}..t.h.a..W..P.....Y.h}...h}...M.;.ty9.l}..tqP.f....5l}.....Y<br>...;.YY..tV;.tR..;.t..M.Qj..M.Qj.P....t..E..u3.E.P.......Yt.SSSSS..}..<br>....}..r..M... ..D.M......;.`}..;E.t1P.....;.Yt&..;..E.t..d}..;E.t.P..<br>...;.Yt..u....E..5\}.......;.Yt..u..u..u..u.....3._^[...L$.V3.;.|....~<br>....u...s..^...s.....s..^.. ...VVVVV........}........^.U..QQ.....3..E.<br>.p}..SV.5<...W3.;.u/WW3.CSW....t...p}............xu.j.X.p}.....p}..<br>...u..u..u..u..u...........t.;.u)9}..}[email protected]..= ....u.....<br>..u.3......~Dj.3.X.....r8.C.=....w...s......t............P.......Yt...<br>...........3...t.SV.u..u.....t"3.9E.u.PP...u..u.j.Vj..u........E.V.S..<br>..E.Y.e._^[.M.3...}....U......u..M.......u..E..u..u..u..u.P.........}.<br>.t..M..ap...U..QQ.....3..E..t}..S..<...VW3.3.G;.u,VVWV....t..=t}...<br>/........xu.j.X.t}.....t}...........;.......;.u#[email protected]..<br>u.....;..M.u.3......~Ej.3.X.....r9.D..=....w..jr....;.t............P. <br>...;.Yt..............3.;.t..u.W.u..u.....t 9u.VVu.VV...u..u.j.WV.u....<br>.....W.....Y.....u..u..u..u... ....e._^[.M.3...|....U......u..M..c....<br>u..E..u..u..u..u.P.........}..t..M..ap...U..QQ.E.V.u..E..E.WV.E.......<br>..;.Yu.................J.u..M.Q.u.P......;..E.u.........t.P.....Y.....<br>.....`..........D0.. ..E..U._^..j.h.q...........u..u..E....u....... ..<br>m..................3.;.|.;.\...r!.^....8.D.........WWWWW..y.......</pre><<< skipped >>></font><br><br

<font color="red">GET /client/dllv5/BDMReport.dll HTTP/1.1<br>

Accept: */*<br>

Accept-Language: zh-CN,zh,en-US<br>

Connection: Keep-Alive<br>

Host: dl1sw.baidu.com<br>

Range: bytes=917504-<br>

Referer: hXXp://dl1sw.baidu.com/<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

<br>

</font><br><font color="blue">HTTP/1.0 206 Partial Content<br>

Expires: Tue, 09 Sep 2014 15:52:41 GMT<br>

Date: Sun, 10 Aug 2014 15:52:41 GMT<br>

Server: nginx<br>

Content-Type: application/octet-stream<br>

Last-Modified: Wed, 30 Apr 2014 05:24:32 GMT<br>

Cache-Control: max-age=2592000<br>

Accept-Ranges: bytes<br>

Content-Range: bytes 917504-1207519/1207520<br>

Content-Length: 290016<br>

Age: 97070<br>

Via: 1.0 sdytwt85:88 (Cdn Cache Server V2.0), 1.0 tswt79:80 (Cdn Cache Server V2.0), 1.0 shiben14:10001 (Cdn Cache Server V2.0)<br>

Connection: close<br>

Content-Disposition: attachment;filename="BDMReport.dll"<br>

Access-Control-Allow-Origin: *<br>

Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD<br><pre>$,.....$..........L$ .`......T$..U...;.u...G....>..F......f=l.u..D$<br>dPQj.......`...5f=f.u3.T$TRQ......`...D$\P.L$XQ...`...T$dR.D$`P...`...<br>L$d........0.........P....$.<......h......$....Rf..f....#.RQ3.f....<br>.Qh.......`..........h......$....Rf..f....#.f..RQ........Ph.......`...<br>P...h......$....Rf..f....#.f..RQ........P..f..f..h......$....P..#.RQj.<br>h.......`....u.f..$......$.....D$.3.9t$ t-.t$ ...P....I........u.j.j. <br>.PVj.j....`..... .D$...t....N..d$.f.....f..u. .....$.....tE.D$..3. .;.<br>}.....;.$....| ..$.........x...?P..$....P......p.....$.....L$.;...$...<br>.~m..t(;...}c....j.h.G..........9......;|$.|..A..$....3.9.$....... ...<br> .;.~...;.}..d$...$......f..j ....;.|..l$..........D$...tU..t...VP....<br>.................$.....u...$.... .;.........6RP..$........iR.)........<br>....|$ .........t[.D6.P........|$ .T$,.N.Q.L$(..$....................V<br>W................$........tLW.........A..$.....u...$.... .;...r.....$.<br>......V.R.T$,..i.L$$._.........l$..|$.........|$.....$.....t2;........<br>.$........j.h.G.................;.|..b.....$....3.9.$....... ... .;.~.<br>..;...;.....$......f..j ....;.|......f=}.u...C....f=}...$..........f=.<br>.......f=..w|..t"....j.S.................$...........u....;.~0..f..i..<br>......B.;.~..........$......RV............f..f..i..f.K.......f..h.e..t<br>.....j.S.................$.....S..u....;.~...f..j.7....B.;.~..........<br>$......RV......H.....f..f..i........$.....l$...$.......f..........$...<br>..........$....;...$......................$.......L?.QR...............<br>.i..$.....t$.....$.....\$...r .Q...........q..t.W............_..$.</pre><<< skipped >>></font><br><br

<font color="red">GET /stat.php?id=2701879&web_id=2701879 HTTP/1.1<br>

Accept: */*<br>

Referer: hXXp://tv.aiqingzhihui.com/zhibo2.html?id=pczh_107_306.exe&en=2014-8-11&go=<br>

Accept-Language: en-us<br>

Accept-Encoding: gzip, deflate<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

Host: s6.cnzz.com<br>

Connection: Keep-Alive<br>

<br>

</font><br><font color="blue">HTTP/1.1 200 OK<br>

Server: Tengine<br>

Date: Mon, 11 Aug 2014 18:51:24 GMT<br>

Content-Type: application/javascript<br>

Transfer-Encoding: chunked<br>

Connection: keep-alive<br>

Last-Modified: Mon, 11 Aug 2014 18:51:24 GMT<br>

Expires: Mon, 11 Aug 2014 20:21:24 GMT<br><pre>1f7a..(function(){function l(){this.c="2701879";this.O="z";this.K="";t<br>his.H="";this.J="";this.o="1407783084";this.M="hzs17.cnzz.com";this.I=<br>"";this.q="CNZZDATA" this.c;this.p="_CNZZDbridge_" this.c;this.C="_cnz<br>z_CV" this.c;this.s="0";this.v={};this.a={};this.ia()}function g(a,c){<br>try{var b=[];b.push("siteid=2701879");.b.push("name=" f(a.name));b.pus<br>h("msg=" f(a.message));b.push("r=" f(h.referrer));b.push("page=" f(d.l<br>ocation.href));b.push("agent=" f(d.navigator.userAgent));b.push("ex=" <br>f(c));b.push("rnd=" Math.floor(2147483648*Math.random()));(new Image).<br>src="hXXp://jserr.cnzz.com/log.php?" b.join("&")}catch(e){}}var h=docu<br>ment,d=window,f=encodeURIComponent,k=decodeURIComponent,p=unescape,q=e<br>scape;l.prototype={ia:function(){try{this.R(),this.G(),this.fa(),this.<br>D(),this.l(),this.da(),this.ca(),this.ga(),this.i(),.this.ba(),this.ea<br>(),this.ha(),this.$(),this.Y(),this.aa(),this.na(),d[this.p]=d[this.p]<br>||{},this.Z("_cnzz_CV")}catch(a){g(a,"i failed")}},la:function(){try{v<br>ar a=this;d._czc={push:function(){return a.w.apply(a,arguments)}}}catc<br>h(c){g(c,"oP failed")}},Y:function(){try{var a=d._czc;if("[object Arra<br>y]"==={}.toString.call(a))for(var c=0;c<a.length;c  ){var b=a[c];sw<br>itch(b[0]){case "_setAccount":d._cz_account="[object String]"==={}.toS<br>tring.call(b[1])?b[1]:String(b[1]);break;case "_setAutoPageview":"bool<br>ean"===.typeof b[1]&&(d._cz_autoPageview=b[1])}}}catch(e){g(e,"cS fail<br>ed")}},na:function(){try{if("undefined"===typeof d._cz_account||d._cz_<br>account===this.c){d._cz_account=this.c;if("[object Array]"==={}.to</pre><<< skipped >>></font><br><br

<font color="red">GET /sw-search-sp/client2/ditch/25288850097/BDMZipNewForWs.dll HTTP/1.1<br>

Accept: */*<br>

Accept-Language: zh-CN,zh,en-US<br>

Connection: Keep-Alive<br>

Host: dlsw.baidu.com<br>

Range: bytes=14155776-<br>

Referer: hXXp://dlsw.baidu.com/<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

<br>

</font><br><font color="blue">HTTP/1.1 206 Partial Content<br>

Server: JSP3/2.0.0-b<br>

Date: Mon, 11 Aug 2014 18:51:02 GMT<br>

Content-Type: application/x-msdownload<br>

Content-Length: 11848528<br>

Connection: close<br>

ETag: c7062e404128917808756500d58121ee<br>

Last-Modified: Fri, 11 Jul 2014 14:29:11 GMT<br>

Expires: Tue, 12 Aug 2014 15:00:39 GMT<br>

Age: 186623<br>

Content-Range: bytes 14155776-26004303/26004304<br>

Access-Control-Allow-Origin: *<br>

Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE<br>

Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id<br>

Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length<br>

Accept-Ranges: bytes<br>

x-bs-version: DD1C492BA7010AF29AF13DA0A61E68AF<br>

x-bs-request-id: MTAuNDYuMjMxLjQwOjgwODA6MjcwNDI3OTU1MDoyOC9KdWwvMjAxNCAyMzowMDozOCA=<br>

x-bs-meta-crc32: 2839405489<br>

Content-MD5: c7062e404128917808756500d58121ee<br>

x-bs-client-ip: MTgwLjc2LjIyLjc5<br><pre>^....g.`..u.K......\n.qh...../,..Zs4%..W...K..s,...?..z../....G.6vK. .<br>k..M=7.E...'...Y....So....Li(.;}.aT.>(..<.>..c...........T6m.<br>....]........L.|.2G.4)6.|..U...*b...j.9....N>D.Q../"...........$. .<br>??.._v.....y...K...N.>C...e......o.HgP}.....uD..&....Y....v...p....<br>Q.MUq..7-..k.,../[email protected],......|......8.......PF.X.<.....N<br>.`[..Wo!.!6.A....t..p....G...I&....b...ET,..>.eA...[.....F.d..Y....<br>ZP....,....UL.~.l.V..5..:o._..x.2..cnA.o.w.YQk..1...._.8. #...Qd!...u}<br>.UW.Z!..|Rr.O;-;<S.Ulz0..J................B.>T.6......V...C...Q.<br>..1.r,..u..7 P...6.2..O.$M....L.|\.*..m....Q1..e.!..M...>.S.O.I.j..<br>.;...D.O.n...o.....xC{..h..;..67.pz..\c..x...`.b..s.......f..).Q..g...<br>'X.'s"...r..b..P..`..|...dbW.....a...o... .>.jr.3.......}....|.p..R<br>..."[email protected]:.dh .~.......Xhk.T!Z.LF<br>j.P.L. .N..c..<.......v............D.....i{.1.1 2ZY...6.....r.....v<br>...".]aC....?.....<...q.#...,...y.B.f.......%......f-GlS......RI.P?<br>;...H..)[email protected] ..VI.I..^54.. ...@e.....<br>?..." .)W.?....D..e s.77E..E.S....!t.4...)....$..mle..7Y..K...%[."...9<br>.........|.....s...1[.b..`.....M.u.2Q,A...#5X......1...o.d.%...Z.....S<br>.S.}u..... [....>.t...h.q.......>..h ..F..r.w~T......6..........<br>....!..w...U..x.dM...C.\....5...@tUfK...`<.}....I.H..r..7.k.i.;. ..<br>....o.f.IP.. .dpj..j.Qw`...U....I<....O.......%$.X.V...9Q.s..t.N.3y<br>..n.......#..`.?.y...w)M........b.*...*o.j.......M...K.s..#..~....3..k<br>..{..@*...h...=.....<Q....%..A.....y._.\.. .K......M..h...WA...</pre><<< skipped >>></font><br><br

<font color="red">GET /sw-search-sp/client2/ditch/25288850097/BDMZipNewForWs.dll HTTP/1.1<br>

Accept: */*<br>

Accept-Language: zh-CN,zh,en-US<br>

Connection: Keep-Alive<br>

Host: dlsw.baidu.com<br>

Range: bytes=13107200-<br>

Referer: hXXp://dlsw.baidu.com/<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

<br>

</font><br><font color="blue">HTTP/1.1 206 Partial Content<br>

Server: JSP3/2.0.0-b<br>

Date: Mon, 11 Aug 2014 18:50:40 GMT<br>

Content-Type: application/x-msdownload<br>

Content-Length: 12897104<br>

Connection: close<br>

ETag: c7062e404128917808756500d58121ee<br>

Last-Modified: Fri, 11 Jul 2014 14:29:11 GMT<br>

Expires: Tue, 12 Aug 2014 15:00:39 GMT<br>

Age: 186601<br>

Content-Range: bytes 13107200-26004303/26004304<br>

Access-Control-Allow-Origin: *<br>

Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE<br>

Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id<br>

Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length<br>

Accept-Ranges: bytes<br>

x-bs-version: DD1C492BA7010AF29AF13DA0A61E68AF<br>

x-bs-request-id: MTAuNDYuMjMxLjQwOjgwODA6MjcwNDI3OTU1MDoyOC9KdWwvMjAxNCAyMzowMDozOCA=<br>

x-bs-meta-crc32: 2839405489<br>

Content-MD5: c7062e404128917808756500d58121ee<br>

x-bs-client-ip: MTgwLjc2LjIyLjc5<br><pre>O.....E..&N..a.!....)...8.e.p..|...'.......]><|.(.I...2.v$..><br>.=T`c.^.....[..\R~l7..a..E(.jwP...b0)..,.b...|...2....G]HbF.II..'7\...<br>Lf..3O.\. [email protected].......*.}A....!.Pb `.P!.7..z......]..f....:%.Qe...|...<br>[email protected].....,.....>?q...n..^..yn......QP./.H..{!....[|G..i.CX..<br>R0.... p.32...zU...\..9s.@..|2..*UZ.I*..).WmG..b..sSA. ...|a.K.H....}l<br>....$&|7SHz_..d.X....>".......;e..gG.....\... .?y...4X...l.-..e...,<br>..H.....<T.-IE_.$.....n#O.dq8..N..X.....*@,.......I)(....FW....'D._<br>/.;...A)...............\..Uq!L....4<.G.w....-...Ey..h$]\c..R..P.u..<br>...5.9*..Nq].}......u....j.1P.9{.T./.......<.....:..%C...C.....b.Z.<br>....oT @..f.3*..]B..n...t.Y..d1.~..7E..R>.....UW...H..]..q....&H.d.<br>.7%ws.<:..6.Y)..Ay...L....c.F.z...8\C..._.,...y....iZ..N...7...E'.@<br>.....<...l.Wb.x....m\W.- .......^cJ(..[H.t.4%...2.....1a.=5.y.2...e<br>7.......q.....U,.1Bv.p.'.;..\e...1./..4.0..Mw..U..J.k..M..........r...<br>.....1.Vg.8\.......[vd;... N.Re,.E....[.$.$.N../.Y.Q.......Q$...A2R...<br>[email protected]"...!'F.~.P........3l...G.7.u .3...j........a.....>S.<br>......b...y2...NHv&r.N.b..x3.x........$.8G[..>..k....)B~....)....,.<br>..N.=..!.0...3.Z.Z.9.^.8 ..'....,....R\.Z$.... ..^..RI\O=..k8...P6....<br>...@...|.]2..,.X...CyLM.w.....t...x._|k..ce....S.}s.s..i..w..'...;|...<br>.#[.S..T8.:......h.*.......n....pm..3.q...DU..G..$......$`.9....T.F...<br>.E..K("]Z..}..`...E..04BF..K...RI.......{7>...c.......=M..~....._..<br>)<k.xG......<.`Sh..^...&ss5..y8HZ.....6.%...MX.K.n.1.jo.F..B....<br>.k).N...q.3 -.......d.}.....p.......-..p,m.\&.O...X..k.M.......C..</pre><<< skipped >>></font><br><br

<font color="red">GET /zhibo2.html?id=pczh_107_306.exe&en=2014-8-11&go= HTTP/1.1<br>

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*<br>

Accept-Language: en-us<br>

Accept-Encoding: gzip, deflate<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

Host: tv.aiqingzhihui.com<br>

Connection: Keep-Alive<br>

<br>

</font><br><font color="blue">HTTP/1.1 200 OK<br>

Date: Mon, 11 Aug 2014 18:50:59 GMT<br>

Content-Length: 1350<br>

Content-Type: text/html<br>

Last-Modified: Tue, 17 Jun 2014 13:01:31 GMT<br>

Connection: Keep-Alive<br>

ETag: "66d7a7422c8acf1:619"<br>

Accept-Ranges: bytes<br>

Server: Microsoft-IIS/6.0<br>

X-Powered-By: ASP.NET<br>

Fw-Via: MISS from CTL_JS_020_025.fcd<br><pre><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "htt<br>p://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xm<br>lns="hXXp://VVV.w3.org/1999/xhtml">..<head>..<meta http-eq<br>uiv="Content-Type" content="text/html; charset=gb2312" />..<titl<br>e></title>..<style>..body{background:#000000; overflow-<br>x:hidden; overflow-y:hidden; margin:0; padding:0; border:1px;TEXT-ALIG<br>N: center;}..html { overflow-x: hidden; overflow-y: hidden; }..</st<br>yle>..</head>..<body scroll="no">..<div style="width<br>:1024px;height:550px;margin:0 auto;overflow-x:hidden; overflow-y:hidde<br>n;">..<div style="position:absolute; top:0;margin:0 auto;display<br>:none" id="gg70"><iframe name='ip' id='ip' src="" frameborder="0<br>" width=1012 height=550></iframe></div>..<div id="fe<br>ng-yun-mini-wrap" style="width:1010px;MARGIN-RIGHT: auto; MARGIN-LEFT:<br> auto;">..<a id="loading-info" href="hXXp://VVV.fengyunzhibo.com<br>" target="_blank">...........................</a>            <br>        ..</div>..<script type="text/javascript">window.fe<br>ngyunminicongf={tuiguangid:"aiqingzhihui",width:1010,height:550}</s<br>cript>..<script type="text/javascript" src="hXXp://static.m0dlcd<br>n.kukuplay.com/support/mini/fyminiloader-min.js"></script>..&<br>lt;/div>..<div style="display:none"><script src="hXXp://s6<br>.cnzz.com/stat.php?id=2701879&web_id=2701879" language="JavaScript"><br>;</script></div>..</body>..</html>....</pre><<< skipped >>></font><br><br

<font color="red">GET /downloader/start?dlver=G1.0.0&pname=guagua&pver=514&cmdtype=0&cmdid=77150006814&ad=0&oemid=0&fromurl=&webid= HTTP/1.1<br>

Accept: */*<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows NT)<br>

Host: cj.guagua.cn<br>

Cache-Control: no-cache<br>

<br>

</font><br><font color="blue">HTTP/1.1 200 OK<br>

Server: nginx<br>

Date: Mon, 11 Aug 2014 18:51:03 GMT<br>

Content-Length: 0<br>

Connection: keep-alive<br>

P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"<br><pre>HTTP/1.1 200 OK..Server: nginx..Date: Mon, 11 Aug 2014 18:51:03 GMT..C<br>ontent-Length: 0..Connection: keep-alive..P3P: CP="CURa ADMa DEVa PSAo<br> PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"..</pre></font><br><br

<font color="red">GET /tg_pic/1.png HTTP/1.1<br>

Accept: */*<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows NT)<br>

Host: img001.com<br>

Cache-Control: no-cache<br>

<br>

</font><br><font color="blue">HTTP/1.1 200 OK<br>

Server: nginx<br>

Date: Mon, 11 Aug 2014 18:55:34 GMT<br>

Content-Type: image/png<br>

Content-Length: 135179<br>

Last-Modified: Mon, 23 Dec 2013 03:08:13 GMT<br>

Connection: keep-alive<br>

Accept-Ranges: bytes<br><pre>.PNG........IHDR...X..........[l.....tEXtSoftware.Adobe ImageReadyq.e&<br>lt;....IDATx...i.e.u......[U.....=....ER.E..d..,...'..hp. ?.?...A.$?.$<br>...F.......#...pbG.c....J4R.Eq.I...o..y..{..{e.i.}..U]....M.X.W]u.....<br>.....o.?w?.......B.C.].}.o..... ......&.;..}...w..>.........k......<br>#......].....:.....S.1.0....n..ML..._.......n.. .E.....\........@.....<br>.......O..".....:?...~$.....O......0...s]~u...o.s.yz....5x}..m.;.O5.gB<br>...Sy.|sz.....{..n.......i}A.....@N..|~&>.(..... ^..|.s.%.?,o.{....<br>U.......&/....8.i.8..?S..V&~.q.......B.W...._....w.C......._...~..)...<br>.l...1..<.c..@(......r.WU...G...?R.G.'-..c0....&g..A. _..n<..s\.<br>.p....:A.o.H..!....H'..(...<b^.......N.@....|[email protected]..<br>z.......B.....\.WIG..yH...[.W..;.6.W.N.....N7...O"..b.-....vw..[>..<br>s~o...vv.b...6F~.u..a....'k...d...;=P.8./|.....o|...t}...OY..p.SS.....<br>.QV/.7..KYs......yx.m.?.m....@`s...r..../...~.?.F...gx# ...(.........P<br>.L..`..Oy.U.....[....Q.L.(..../!........(/..q..."z...)....-........T..<br>..g.J...'=........][email protected].<:. ...T"........F.e...`J..}...<br>......w....I.?..(...._...:S......Q........o.i.@.=I8.G..<.. 4..sx a:<br>..K......K.Q.(....N......Y...|......I.rF.$..Bl;$.d.......!:(.....v#...<br>.r|9...I.>.!F.Bt.....vD..?..<..%....G.[..o.rb...&....^(9#..M(...<br>...!,....?k.^r..]........<?/:.!....]..-.!....'......,....._.....Xa.<br>5.HQ3...M.e.......Y.eH.,x.'.:...8...NX......p.....<........5.l..d..<br>.....o....\E..U.....{6(...d....2....._9........b..,5.?.\qv..P.g..N.S..<br>.......rAk|Z.$.....|r$Og`........m.6......w...<*....g.64.C.fFZ.</pre><<< skipped >>></font><br><br><font color="red">GET /tg_pic/2.png HTTP/1.1<br>

Accept: */*<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows NT)<br>

Host: img001.com<br>

Cache-Control: no-cache<br>

<br>

</font><br><font color="blue">HTTP/1.1 200 OK<br>

Server: nginx<br>

Date: Mon, 11 Aug 2014 18:55:36 GMT<br>

Content-Type: image/png<br>

Content-Length: 160224<br>

Last-Modified: Mon, 23 Dec 2013 03:08:12 GMT<br>

Connection: keep-alive<br>

Accept-Ranges: bytes<br><pre>.PNG........IHDR...X..........[l.....tEXtSoftware.Adobe ImageReadyq.e&<br>lt;..q.IDATx...i...Y...o.{.s...^.[j.DK-. !a.R`H.F...lH.q...$..?\vf;U..<br>bR....$..R.\[email protected]..{..Z .......U....{.........}.<br>........w.....4ZJ/..B.)v.<.g../g..../E....[*._pC(...ny....Z....0R..<br>..&<Q.......[.?...G.....8..>..n..G...._.|..'i...6....J.....7..-Z<br>z...V.7>..W..B...o..!....p...?....\.n1a..v..D.......Q.]h.e.,.d.v.;.<br>?..=Z.c...{>p.<..?~h...7;~|._M....I<.tC...6 .,:pBk...3 .a.j..<br>aka..W....i..l..g....__..t......>D.p#D..&.Q.......i.&;......0..0n..<br>.........5.o.........qt.4........C............/....>....W...... .p.<br>.KQ)..1.. SUMm..Y.M.l....j...]:Z........],...nZ...B.....>.....#.S..<br>7......;g...w.....=.}..l.....!..m..Z...U..wY.,WG...2.I.lL..&..Q.=T..iC<br>r<....h..j.{3.......xuC.Y..#s..W....eX...XKQL...3....~v.Q."...;.'..<br>..9.c....l...k..<.re.4....p.L....?.......`.kUU...%.E...GZ......^...<br>..C......>>[email protected].<br>.##\.(H.q.....Wz.o....^[email protected]...<br>.5L..n.=....c........n.......<.......P. p....w.4....$...~.....' ..)<br>....  .{8ay%[email protected].<:>:=_]Z.....G..c...m.....<br>..J..&.....q.^.n[.\..Q...yS.{...1...|....}. X....c.uo....>...I.^3..<br>.r...(....... =.^.0WQ~.......GV!/.X..T.3E...j...@ .(r%....D ....$...F(<br>.?.GH.!."..V.E...\..J.s......h.Q...."x..t.O.=..._SF.D.<.`.-T.M.|..I<br>J..w.o*.=.i...........V#/[email protected]..)..S..a.....(.4"|.O`.pD<br>vQP3.._.PP3.Jb.3.|...... `....`f.........q.H`?N.../`@@.q....=|.=..</pre><<< skipped >>></font><br><br><font color="red">GET /tg_pic/3.png HTTP/1.1<br>

Accept: */*<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows NT)<br>

Host: img001.com<br>

Cache-Control: no-cache<br>

<br>

</font><br><font color="blue">HTTP/1.1 200 OK<br>

Server: nginx<br>

Date: Mon, 11 Aug 2014 18:55:38 GMT<br>

Content-Type: image/png<br>

Content-Length: 149164<br>

Last-Modified: Mon, 23 Dec 2013 03:08:12 GMT<br>

Connection: keep-alive<br>

Accept-Ranges: bytes<br><pre>.PNG........IHDR...X..........[l.....tEXtSoftware.Adobe ImageReadyq.e&<br>lt;..FNIDATx.....mWY&:..vs...777.MB:.i [email protected].. ...(.|.W...U".W<br>2D...U.R)[email protected]..>.47.9..{.5.....s.n......67w...}v........<br>...../|......>.......p.9...z..[~..'......._BIz......C......h...M9.m<br>._x.......c.o...f.>[....&E...x....8.........&.J.~.....  ..a..Oz....<br>..)5..Rx......cR...{:.$.@'C.... .S.He.......a7.....1........*........C<br>U_....M.WJv\....k......r....[M...........-.!.q...c'c....I?..u.p.#.....<br>.>...8t..r....az.....h.f.@u".........?..........|....e81..TG....^..<br>E.q....E.:........;....W..^[email protected]..?.g.{.NH......... ..pr.].&g<br>t;..n..M...o...PJY#...........x..@.......&.3.=...zKv.m...]...5yO.C..0.<br>....8.P.8G...S..g.P.e.....B.,._. ]4......Q7..W.\.......4.q..Y6.F4.K6.K<br>F.#t.. .4J86.vB-.c...M.V..J'`.wF:....Fa............ ....C`[email protected]<br>...N.DF.....4.f........ G...;...0..I.....J......*....(.......3....s...<br>..W..}.'.....!.!g.'...U;j..9..]c%.....v]..p...2.g.h{...m(...Z..r..i.J1<br>.. F-......f.B'.!P...h..........\*.p.>...Q..C.4:P?..@..?...J...\..C<br>...T9.....#. ......OQ....L..w.b....Iu..O..m...}./.....(x&...........D#<br>.3u( k>.6PD..!P7.......t.e..... ..S.|..z.{Ft.,.O@Fgj.!..........%..<br>.S....M./..e,d7)~._dl.........}p.j.9..R$...a.H.S..(SA%eI....f.D/.{.%{}<br>.o...y/.. J.i.ur..fAp.3[...,M........d`...|........O.s....9..G..m.Q.|.<br>l,m. .pGF.._.HE..SKY..B..n.?R......<....!O...1..l...2V......pe.%B..<br>%......X....!^..[!.(>.}...#C...0......O.E.~Q.B...)9G.}&.]pCG2X.R*R8<br>s.A...B...q:...y.........=.o.......tp;..3.........z86j.d..0.RT*...</pre><<< skipped >>></font><br><br><font color="red">GET /tg_pic/4.png HTTP/1.1<br>

Accept: */*<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows NT)<br>

Host: img001.com<br>

Cache-Control: no-cache<br>

<br>

</font><br><font color="blue">HTTP/1.1 200 OK<br>

Server: nginx<br>

Date: Mon, 11 Aug 2014 18:55:40 GMT<br>

Content-Type: image/png<br>

Content-Length: 156314<br>

Last-Modified: Mon, 23 Dec 2013 03:08:12 GMT<br>

Connection: keep-alive<br>

Accept-Ranges: bytes<br><pre>.PNG........IHDR...X..........[l.....tEXtSoftware.Adobe ImageReadyq.e&<br>lt;..b<IDATx......Yv.v.....^.....M.L.G3.M..1H..%....a#.da#,.-#/..cp<br>[email protected]. 41........6..~..-.g...{}.s......z.u.(.....&  .?..~<br>.;.;...J}.7....J)....?.9.i.-.3.#....x.<...O.z.T.v.Fo...>....^yb|<br>3z.. <E.'....F..-x.7..Y!,=..J....o.............N..<.~.#^.O....*.<br>..V._....9A..=........fB..>....C.....t....M...w...j.8_7....8|...n.W<br>V.^...y0=m3....t...Xe.6.1F.?M...O.:4........%.shC...7.ih.\...M.-..U.].<br>..UE....i.P..)B]..bW)_ .....z.(k,m...,..^/....(....Z......kgr.3\.G..?.<br>.#..M.3Yf2zm./...Oe.|.....Y.9-..x../.a..>..t@....;z....{...W.E..8..<br>|....)@.s.......nj~.......x....;..([.z...;_...Y.#[email protected].<br>>.....u].t....k.}l.m.m.m......-...$.....7..,.....Y:..`...e.f.#.....<br>......./;....r...Jgl.^......Y.im....I.N....:.z.~...r....!......z......<br>..o.......9.T....s....[8f....}X._0..n..7;.^)s...k.*...n.......Z..[....<br>F..........Z:.. h.@}.....ZP7.......&......w../B.-..`z........A=...&u.k<br>..fuG.U.?.wxc.C......t...Kh.k.VJ. .g[.h..m.K...Z.C.......M...-.....@z.<br>.B\[email protected]..?...y.S.....B.`.@. -7...*c.-^!..(....2G..6.6>.%.R`!..<br>.X.W..tzE ..pV..l.......{.......E...7........I_&..1....ZA.t#.b,k.=0...<br>Zd.8T...o0............#(..m.xh....}..A...b..Q!N#...-...,...5X.........<br>..|#C.....0F!..N...8..<...0..=.e.h#....b.g.b.8{.....,.4....We.!.z..<br>y......@Fv~.}.......x..\..6;.[.C9/a...m.!"[email protected].=f.<br>58.....I.x*......9.9.....E\ej~.....6qpu#..p..p.......4...U,..'u....k.7<br>...B.tk...{...v..*...6./#.OY....r:Gk.....%O/`aha..'~)....!m....q..</pre><<< skipped >>></font><br><br><font color="red">GET /tg_pic/5.png HTTP/1.1<br>

Accept: */*<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows NT)<br>

Host: img001.com<br>

Cache-Control: no-cache<br>

<br>

</font><br><font color="blue">HTTP/1.1 200 OK<br>

Server: nginx<br>

Date: Mon, 11 Aug 2014 18:55:42 GMT<br>

Content-Type: image/png<br>

Content-Length: 164337<br>

Last-Modified: Mon, 23 Dec 2013 03:08:12 GMT<br>

Connection: keep-alive<br>

Accept-Ranges: bytes<br><pre>.PNG........IHDR...X..........[l.....tEXtSoftware.Adobe ImageReadyq.e&<br>lt;....IDATx...i.e.U...>....sVfe..(...$1.,,......M..........#pC.0..<br>...`..6.f....AC..X.JCU.........7...{..kOg.s.}.eVf)...^....{.=g.}......<br>.|.|...?......... ...Ah ....s..Y.H^.. b......7.o..<;...l...I..W.[&g<br>t;..........<Oy....H.y6...g)c..x..P..A..A...'.@./_.4...H.m..S......<br>.@ _.-.....?r.T.:[email protected]..`..Gb2..M>..t[dC.r...#..4nA."Q......b~..<br>@LhHh$.*.I~..G .........{w...N......._.8..Q0&.dz..P.9.AQ3...j...3s....<br>......)p....?......../.I.x.\..,...K.......72x.....QQ3L..p.g...3.....&.<br>.....E....?......zP...}b.'.J.KX....U.{....si..=....C.ra...8 8.7..m.T..<br>........n.....2.K3...j..Loy..r..;....w ~...........s=..f1.....D..P<<br>....V...{7.5S.E!p.T.....Xq\E... .:S9&....6.z.h..PNC....D.....}'..;.f.|<br>..../4WQ..../....7....:.g.....l.T'.G...........L.7..P.?n.M..BP... ..J.<br>. .?.0....U..Y.yi^u..ZE...%...8-'\.......g.....!......B-].....<x}.\<br>..*.o.k6.z..F:{qu7.p.....#.I.B.O.g:..B.....zGx?p.).....!.. z(.V.Z(TC..<br>x....)....J...../...>.].K..x.....L..{.v.G..D. p3..d7..... .p$....Z:<br>}.l.K.Z.(.R.N....ja.....n.aW...Q].._.3..ZT..=..`@mA..ki/......p.h..e.X<br>.p.BK ..............;]!."..A1.......%[email protected]\"..... ..4.p...?tk..R..!<br>!..k...\\&.r.O....$(W..U...x....b'..mR.T-B....XhT..{..-.3........P.v\.<br>H.>...7..;.........3".J..34....."...I0...#. .......La.S....V(\'...c<br>...{.X..}..Y.....=.`.....= ..a.|y..a..`r/....]$.....5....ah..m&0.il.ij<br>._..........W.l.Lf....@..`...v.,,..]......_..&M o.7....O.....S.b...w..<br>_P&.U...m...#..*..DA5(..x.o.<...Z..F........d{....f......UtP""2</pre><<< skipped >>></font><br><br><font color="red">GET /tg_pic/mobo14-1-9.png HTTP/1.1<br>

Accept: */*<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows NT)<br>

Host: img001.com<br>

Cache-Control: no-cache<br>

<br>

</font><br><font color="blue">HTTP/1.1 200 OK<br>

Server: nginx<br>

Date: Mon, 11 Aug 2014 18:55:47 GMT<br>

Content-Type: image/png<br>

Content-Length: 132296<br>

Last-Modified: Mon, 06 Jan 2014 08:23:44 GMT<br>

Connection: keep-alive<br>

Accept-Ranges: bytes<br><pre>.PNG........IHDR...X..........[l.....tEXtSoftware.Adobe ImageReadyq.e&<br>lt;...jIDATx.....$.v..;2.t....{)^.2%K6d..l.4..........C...2..2e...;3=.<br>..........Y.{.3.s.UY.............o..R."......(_...._..X...5.......Kz.b<br>...J?B.jG..E..?F..........b..R..t.?..?.~o.....O?.>.._/...~..\..k]..<br>e.........b. ......./.. ]u....J~Yp....."g.O...^ZZ.Q..Q....?......G.I~"<br>.sH.Z..........!..Q...}<....y..,.....%.~k..H.W.....5.R..-.<. .Pz<br>i_'..}..{....S.....v..?}.....~.....r)O.....^`.../.....h.........S._..k<br>G.,^.......{.W.];...vs.o...7....f....[ie..W.)U_..P.>./..m..r.Z..S.k<br>..ok...*n{.". .B'.k...v.,>...... .....;.t.g.....F.U....z)e.g.7..o..<br>]......{.4.G.{....../OeyW..~....C.....z...w>b)..U....._M..]`?}j.t.C<br>.[.?..E..M.'.....Q...>........ .}4.M....o7......u._.]TxI...Z.-.6...<br>Y.^Z... ......K....J...P..Sn.]-...kX>8.\zX./......N..|.G.P.X7<..<br>..... ^I.."..d0yW.>n..X.n.F.u..0.}b.Z...._.|...J2j.../=}=........G.<br>......(.....|..u.h_.g~1.....5jlry...TZ....y .Ptgl.,nr.....q..m..m.n...<br>r... ]#_C..~ -J.....m....M6...B..OkB...yv7...&geo.7..m@~...z...=mS.U.b<br>t.....x...e.(zo_a.~..Y...o2....V0]M.7.~...y..i............?l6,t.(..O.&<br>lt;.x.|z).(....G7?.....V..$..~..o......-..4y.E_.......5^....&.....v1Sv<br>V......C........n.x._Z.9.=Vd.I.E.5. .7H..6{@..|... ... .....B..v..Z.7r<br>.8.......-0.._.......0EB.}...%j.|.t}.z.....Mc..>.69.........Z..b...<br>K.?M...a...j...]..c..v..Z.w6.C.Mhb@Q]/.5.{![..#@z..[$l..|.....]."...S.<br>. ...{...x.n.....U.}Fh..(9........T...*..._<.x.G.J..c.....gp.....~.<br>n.0YU.n...IB.D......p..9..%i...7......j.).......f]..*eG..I...~..Y.</pre><<< skipped >>></font><br><br

<font color="red">GET /client/dllws/BDMNet.dll HTTP/1.1<br>

Accept: */*<br>

Accept-Language: zh-CN,zh,en-US<br>

Connection: Keep-Alive<br>

Host: dl1sw.baidu.com<br>

Range: bytes=819200-<br>

Referer: hXXp://dl1sw.baidu.com/<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

<br>

</font><br><font color="blue">HTTP/1.0 206 Partial Content<br>

Expires: Wed, 27 Aug 2014 23:18:00 GMT<br>

Date: Mon, 28 Jul 2014 23:18:00 GMT<br>

Server: nginx<br>

Content-Type: application/octet-stream<br>

Last-Modified: Thu, 10 Apr 2014 08:10:19 GMT<br>

Cache-Control: max-age=2592000<br>

Accept-Ranges: bytes<br>

Content-Range: bytes 819200-1178447/1178448<br>

Content-Length: 359248<br>

Age: 1193555<br>

Via: 1.0 wzpy201:80 (Cdn Cache Server V2.0), 1.0 shiben9:8888 (Cdn Cache Server V2.0)<br>

Connection: close<br>

Content-Disposition: attachment;filename="BDMNet.dll"<br>

Access-Control-Allow-Origin: *<br>

Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD<br><pre>.E.P.g.....E.P.._....E.P.......E.P..]....E......P.._....M............P<br>..\....T$..B..J.3..}.........wC.................P.._.........P.'>..<br>..E.P.......E.P.#_....E.P..\....E.P.__....E.P..=....M.......E.P.......<br>E.P..^....E.P._.....M..f.........P.:\....T$..B..J.3.............B.....<br>.................P..^.........P.w=....E.P.-.....E.P.s^....E.P..[....E.<br>P..^....E.P.E=....M.......E.P.......E.P.9^....E.P._.....M............P<br>..[....T$..B..J.3.."....0.....B.................E.P.......M..n....E...<br>.P.......T$..B..J.3.......l.....A.........E.P.......E......P..<....<br>T$..B..J.3.............A...............E.P.W.....E......P..]....T$..B.<br>.J.3..`.........ZA...............E.P.......T$..B..J.3../.........)A...<br>...........E.P.......T$....J.3.......,[email protected]<br>....P.......T$..B..J.3.......`[email protected]$..B.<br>[email protected]$..B..J.3..a.........[@.......<br>.........M.......M.......M.......M.......M.......M...................$<br>..........\[email protected]$....<br>.........3..........J.3.......P.....?......................T$..B..J.3.<br>.{....|....u?..........M.......T$..B..J.3..Q.........K?...............<br>.E.P.......E.......T$..B..J.3.............?......E...........e...M...X<br>.5.....M......?...M.......M......`...T$..B..J.3.......\.....>......<br>........M......?...M..........T$..B..J.3............}>.............<br>.....E...........e...M...T.......M......A...M..........T$..B..J.3..'..<br>.......!>......M........,....=K...M...E....h..........h........</pre><<< skipped >>></font><br><br

<font color="red">GET /sw-search-sp/client2/ditch/25288850097/BDMZipNewForWs.dll HTTP/1.1<br>

Accept: */*<br>

Accept-Language: zh-CN,zh,en-US<br>

Connection: Keep-Alive<br>

Host: dlsw.baidu.com<br>

Range: bytes=14811136-<br>

Referer: hXXp://dlsw.baidu.com/<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

<br>

</font><br><font color="blue">HTTP/1.1 206 Partial Content<br>

Server: JSP3/2.0.0-b<br>

Date: Mon, 11 Aug 2014 18:51:18 GMT<br>

Content-Type: application/x-msdownload<br>

Content-Length: 11193168<br>

Connection: close<br>

ETag: c7062e404128917808756500d58121ee<br>

Last-Modified: Fri, 11 Jul 2014 14:29:11 GMT<br>

Expires: Tue, 12 Aug 2014 15:00:39 GMT<br>

Age: 186639<br>

Content-Range: bytes 14811136-26004303/26004304<br>

Access-Control-Allow-Origin: *<br>

Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE<br>

Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id<br>

Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length<br>

Accept-Ranges: bytes<br>

x-bs-version: DD1C492BA7010AF29AF13DA0A61E68AF<br>

x-bs-request-id: MTAuNDYuMjMxLjQwOjgwODA6MjcwNDI3OTU1MDoyOC9KdWwvMjAxNCAyMzowMDozOCA=<br>

x-bs-meta-crc32: 2839405489<br>

Content-MD5: c7062e404128917808756500d58121ee<br>

x-bs-client-ip: MTgwLjc2LjIyLjc5<br><pre>.$... .._>[.uQ4..p.@/...Ta....i......p..O...'.o.%...r.......w..n-:.<br>..j..5..v....s.3.*F..........Q...z.....C.E^J.>...h.."(...8.........<br>..g.0........x...B..VQN..)...-0Ycj..e.||E...>.r{T.f... .@.....>t<br>.....>.......[....?w..R00.j.}...._....]N,.....s.....7...]..L..v8.!.<br>&..{.|[email protected].)~! .x9..a...>GZ\..g.... .U....1f8D..u...<br>....?x.A..z.nPZy.6.V.i..I. '.W...h/....*./8\...r#.&..W......~.k,o..&-.<br>.`..s.@.<t .2..L1..>]...NA.......L..8o.oe<Po.=..I...f.8......<br>.........:...8...}..d.....R.G.....t........C.".?.h..6..Wv..R..d...v.6L<br>..Y...T.j.U......h..rX...9.".....B....|T.......P.i-z[...6Yl%Mr...w...c<br>P..._...p.....{...{....u J['.... A.8$0' ...'B.l...l...W....1.E^.My....<br>........*v\m:..>).R.0D....<..C.c...5.H...:..o..//......(95.....G<br>i.Ma...g.T.wa.(..P....=.^..V$P._......-_.z.*^z...e......:.p..3?....._G<br>....Sk..S....X..........g......_vB.7...yi"t.i...v6.cA .;e.b.. .."./VY.<br>.....gY.........]....s...2...y.i....?..%...k......".P......v{R^.......<br>....6Op...a.g\|...8...<.-.^.1...ULPh|b1R...........Tr....&K....i%.z<br>..Y..4..tP6*cj?.... ...\y..l.............S..f_..eN...[...Z...m3.n.]...<br>...{*"X....Q%#3.w.*...k....H.>...A....._.....$....~f....K..j._.4.).<br>QT...Zt..Ta.G$..-,.j.O..g.!T.$r.RKe......5.J..7..n...<.Pu..\x..9J..<br>.......p..x-...a?....g*"...Y..o..A!`.....I. .r...../u..[..F..m.ag.0.{.<br>9[........2..%...U`.eV.I..[.r.........'...G*[email protected]...........$8..s:^<br>Y|-^.q..*....z-.3W|....*....b....|~3Y.t.Qf.=...B.....Et=......9Q.e....<br>*..Pm......._.Q.w..fI`\.......qi.x}...Bt.(......._.....N..8gP..p..</pre><<< skipped >>></font><br><br

<font color="red">GET /sw-search-sp/client2/common/patch/19562458020/BDLogicUtils.dll HTTP/1.1<br>

Accept: */*<br>

Accept-Language: zh-CN,zh,en-US<br>

Connection: Keep-Alive<br>

Host: dlsw.baidu.com<br>

Range: bytes=491520-<br>

Referer: hXXp://xf.baidu.com<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

<br>

</font><br><font color="blue">HTTP/1.1 206 Partial Content<br>

Server: JSP3/2.0.0-b<br>

Date: Mon, 11 Aug 2014 18:50:28 GMT<br>

Content-Type: application/x-msdownload<br>

Content-Length: 432976<br>

Connection: close<br>

ETag: 44edff85d12e091f0b129f05a3f2a042<br>

Last-Modified: Tue, 06 May 2014 07:48:08 GMT<br>

Expires: Tue, 12 Aug 2014 14:59:34 GMT<br>

Age: 186654<br>

Content-Range: bytes 491520-924495/924496<br>

Access-Control-Allow-Origin: *<br>

Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE<br>

Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id<br>

Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length<br>

Accept-Ranges: bytes<br>

x-bs-version: 45FD47DB9BA063A62A2F1AF299C66DD6<br>

x-bs-request-id: MTAuNDYuMTU3LjIzOjgwODA6MTU1MDU3MDk3NDoyOC9KdWwvMjAxNCAyMjo1ODo0MyA=<br>

x-bs-meta-crc32: 3569711378<br>

Content-MD5: 44edff85d12e091f0b129f05a3f2a042<br>

x-bs-client-ip: MTgwLjc2LjIyLjc1<br><pre>.F..N.;.}..........F....'.F.;.u....P...u-...F...<....N.......F..PW.<br>...........{....G.;G...B....8.u.....G...;G...,....8...#.......G.......<br>...........MT..}(....u"j..Q......;[email protected](.E(PW.4O.....<br>.........G.;G........8 ..........G............G.;G..M0s...<.s......<br>..Q..G....Q....D..:........MT..G.;G...d....8(..[.......G.......X....U8<br>RW.q..........c....MT..G.;G...&....81..........G..................U@RW<br>.................MT..G.;G........8:..........G..................MT .}H<br>....u"j.........;[email protected].:N..............G.;G...s<br>....8B..j.......G...........ue.MT@.}L....u"j.........;[email protected].<br>..3..EL.ELPW..M.......tE.G.;G.......9_ ......._..G.._^]..[...........t<br>..U.RPW................_^]2.[.................M...........>........<br>.......j.h....d.....PQSUVW.....3.P.D$.d......L$..|$(3..]..G.;G.s......<br>s........G..O.........D...G.;............ ......................t$....<br>.F..N.;.}..........F....I.F.;.u....P....)...^.jP.>.......D$(;..l$ t<br>..........3..V.......^..D$ ....PW..........tn.G.;G.s..8.u.....G..x....<br>.;W.......9o .......o.._....L$.d......Y_^][..............t..T$....RPW.<br>(..............2............V.t$..F.;F.sH.....sA.......L$..F..F,..F,;F<br>0.8.D$.WP....9...L$.V...J.....t..~..u._2.^..T$.R....B....u.2.^.W....9.<br>..F,..~.....F,_..^...............D$..L$..........=....s....A..#[email protected].<br>.........A....A...QP..5.....V.t$..N(......s......P.......^.PQ..5.....P<br>.......^.............D$..L$..........=....s....A..#[email protected]..<br>..A...QP.q5.....V.t$..N.......s......P...A...^.PQ.H5.....P...-...^</pre><<< skipped >>></font><br><br

<font color="red">GET /downcontainer/downLoadList.do HTTP/1.1<br>

Accept: */*<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows NT)<br>

Host: admin.downloader.re63.cn<br>

Cache-Control: no-cache<br>

<br>

</font><br><font color="blue">HTTP/1.1 200 OK<br>

Server: nginx<br>

Date: Mon, 11 Aug 2014 18:51:01 GMT<br>

Content-Type: text/html; charset=UTF-8<br>

Transfer-Encoding: chunked<br>

Connection: keep-alive<br>

Vary: Accept-Encoding<br><pre>2ef..<?xml version='1.0' encoding='UTF-8'?><setup><prod<br>uct id='0' oemId='0' name='guagua' companyName='......' productFullNam<br>e='......' version='5.1.4' /><product id='0' oemId='1' name='gua<br>gua' companyName='......' productFullName='......2' version='5.1.4' /&<br>gt;<product id='0' oemId='2' name='guagua' companyName='......' pro<br>ductFullName='......-............' version='5.1.4' /><product id<br>='0' oemId='3' name='guagua' companyName='......' productFullName='...<br>...-......-............' version='5.1.4' /><product id='0' oemId<br>='4' name='guagua' companyName='......' productFullName='......-......<br>-............' version='5.1.4' /><product id='0' oemId='5' name=<br>'guagua' companyName='......' productFullName='......-......-.........<br>...' version='5.1.4' /></setup>..0..</font>....</pre></font><br><br><font color="red">GET /downcontainer/downLoadForGuaGua.do?recid=77150006814 HTTP/1.1<br>

Accept: */*<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows NT)<br>

Host: admin.downloader.re63.cn<br>

Cache-Control: no-cache<br>

<br>

</font><br><font color="blue">HTTP/1.1 200 OK<br>

Server: nginx<br>

Date: Mon, 11 Aug 2014 18:51:02 GMT<br>

Transfer-Encoding: chunked<br>

Connection: keep-alive<br><pre>3c8..<?xml version='1.0' encoding='UTF-8'?><setup productId='<br>0' oemId='0' productName='guagua' companyName='......' productFullName<br>='......' displayName='..................' version='5.1.4' licenseUrl=<br>'hXXp://VVV.guagua.cn/service/2109.html?id=1' installUrl='hXXp://img00<br>1.com/business/guagua.exe' installUrl2='null' execute='GuaGua\ChatHall<br>.exe'><homePage displayName='name' url='url' status='0'/><<br>lastimage url='hXXp://img001.com/tg_pic/mobo14-1-9.png'/><image <br>url='hXXp://img001.com/tg_pic/1.png'/><image url='hXXp://img001.<br>com/tg_pic/2.png'/><image url='hXXp://img001.com/tg_pic/3.png'/&<br>gt;<image url='hXXp://img001.com/tg_pic/4.png'/><image url='h<br>ttp://img001.com/tg_pic/5.png'/><rept url='hXXp://cj.guagua.cn/d<br>ownloader/' productName='guagua' version='514'/><recommendsetup <br>name='name'  url='url' status='0'/><recommendsetup name='name'  <br>url='url' status='0'/><recommendsetup name='name'  url='url' sta<br>tus='0'/><recommendsetup name='name'  url='url' status='0'/>&<br>lt;/setup>..0..HTTP/1.1 200 OK..Server: nginx..Date: Mon, 11 Aug 20<br>14 18:51:02 GMT..Transfer-Encoding: chunked..Connection: keep-alive..3<br>c8..<?xml version='1.0' encoding='UTF-8'?><setup productId='0<br>' oemId='0' productName='guagua' companyName='......' productFullName=<br>'......' displayName='..................' version='5.1.4' licenseUrl='<br>hXXp://VVV.guagua.cn/service/2109.html?id=1' installUrl='hXXp://img001<br>.com/business/guagua.exe' installUrl2='null' execute='GuaGua\ChatH</pre><<< skipped >>></font><br><br

<font color="red">POST / HTTP/1.1<br>

Connection: Keep-Alive<br>

Content-Length: 77<br>

Content-Type: application/octet-stream<br>

Host: p.x.baidu.com<br>

Keep-Alive: timeout=600,max=1000<br>

<br>

...A........." 8445a55eb3350c912a726b3795bf47c6([email protected].` ......</font><br><font color="blue">HTTP/1.1 200 OK<br>

Server: iYuntianSvr<br>

Content-Type: application/octet-stream<br>

Keep-Alive: timeout=30<br>

Connection: Keep-Alive<br>

Content-Length: 133<br><pre>...y........." 8445a55eb3350c912a726b3795bf47c6(.........28.....$..j..<br>>.(.Cgb...D{.h.6Li......ZA...[[email protected].` ......</fo<br>nt>....</pre></font><br><br><font color="red">POST / HTTP/1.1<br>

Connection: Keep-Alive<br>

Content-Length: 157<br>

Content-Type: application/octet-stream<br>

Host: p.x.baidu.com<br>

Keep-Alive: timeout=600,max=1000<br>

<br>

...y........." 8445a55eb3350c912a726b3795bf47c6(.........28.....$..j..>.(.Cgb...D{.h
6Li......ZA...[[email protected].` ......t&......E.P...`.`k}.....</font><br><font color="blue">HTTP/1.1 200 OK<br>

Server: iYuntianSvr<br>

Content-Type: application/octet-stream<br>

Keep-Alive: timeout=30<br>

Connection: Keep-Alive<br>

Content-Length: 941<br><pre>...y........." 8445a55eb3350c912a726b3795bf47c6(.........28.....$..j..<br>>.(.Cgb...D{.h.6Li......ZA...[[email protected].` ...(...w.=<br>......1H..xg.00B...Oe.......^X....h....eu.t..V.k.3 ......f.*b..B.x..;.<br>M.'...........j.."..U..:.$?.......x..pT..ku....R....1..../.4:.Sm..:.6.<br>..t@6.,..I..71UmsjD..c..]..G*cQ1.n..5..Z.n|....i.D'....._.M.......2c..<br><rjY.h...f......)....................v.\.m......$....I.u.G}...F.r..<br>....>f74,......BxhTz5*....B\.S...IHZ....8..[....u.%..c....K.....8..<br>..t.....E.../..4..Dk....o....].wSwf..7m>.iD..x....Q5.&...>[email protected]%9<br>..m...T &).d\...(.......$..$.%EV............5..F?I mT.. ..t..hT.S3{...<br>.6N...w.......L.....!r.f..i...4..........f...#......_N:.<[9..(..G.&<br>gt;x...)t..4.\...q..K.}...-.s......#.h.. @...."[email protected].. &<br>...:..hc|....i..`.W...D.*...Q..6..c.Q...E.A)...r>./.:4.Us...Q.....b<br>..)........R...<.u...A..F.....c....d..g..{$....T.........Ng.?...oo.<br>..A..[.$t......w.e&.....G?P.....inq......DU...".....1....w..</pre></font><br><br

<font color="red">GET /sw-search-shadu/client/dllv3/BDMReport.dll HTTP/1.1<br>

Accept: */*<br>

Accept-Language: zh-CN,zh,en-US<br>

Connection: Keep-Alive<br>

Host: dlsw.baidu.com<br>

Range: bytes=425984-<br>

Referer: hXXp://xf.baidu.com<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

<br>

</font><br><font color="blue">HTTP/1.1 206 Partial Content<br>

Server: JSP3/2.0.0-b<br>

Date: Mon, 11 Aug 2014 18:50:31 GMT<br>

Content-Type: application/x-msdownload<br>

Content-Length: 781536<br>

Connection: close<br>

ETag: 30cbc602ada7cdfb0346038c05996d84<br>

Last-Modified: Thu, 20 Jun 2013 06:27:51 GMT<br>

Expires: Tue, 12 Aug 2014 14:59:13 GMT<br>

Age: 186678<br>

Content-Range: bytes 425984-1207519/1207520<br>

Access-Control-Allow-Origin: *<br>

Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE<br>

Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id<br>

Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length<br>

Accept-Ranges: bytes<br>

x-bs-version: 21BEDF37C0B754EE14FE2C8B0543B5C0<br>

x-bs-request-id: MTAuNTguMzQuMTk6ODA4MDoxMzEyMjA1MTYxOjI4L0p1bC8yMDE0IDIyOjU5OjA1IA==<br>

x-bs-meta-crc32: 2965621797<br>

Content-MD5: 30cbc602ada7cdfb0346038c05996d84<br>

x-bs-client-ip: MTgwLjc2LjIyLjExNQ==<br><pre>..^..............A..T$.3.;B......................A..T$.3.;B...........<br>...........A..T$.3.;B......................A..T$.3.;B.................<br>........?............D$.j.P.............................?............D<br>$.j.P.............................?............D$.j.P.................<br>............?............D$.j.P.$........................D$.V....h....<br>Q.l_.....P.S]..i..A..i........ .y........N ..#.9F$^w...... .......V...<br>N...W.|$.t..F. ....;.r..,l...F...._^.........D$.V....h....Q..^.....P..<br>\..i..A..i........ .y........N ..#.9F$^w...... .......V...N...W.|$.t..<br>F. ....;.r...k...F...._^.........D$..............T$...V.t$...;.w.r..B.<br>;F.|.3.^........^..........................D$.j.P.T...................<br>........?............D$.j.P.........................................V.<br>..>.u...j.....N.;H.u...j...V....F...^.........V.......N.W.|$....O.u<br>...j.....F.;B.u...j...N....._.V.^..........V...>.u..oj.....N.;H.u..<br>`j...V....F...^.........V.......N.W.|$....O.u..1j.....F.;B.u.."j...N..<br>..._.V.^..........V......W.|$.t.;.t...i...F. G._...^..............S.\$<br>.VW.|$...........t.9_.w.;_.v...i...>_.^...^[................S.\$.VW<br>.|$...........t.9_.w.;_.v..vi...>_.^...^[................V......W.|<br>$.t.;.t..Ei...F. G._...^..............S.\$.VW.|$...........t.9_.w.;_.v<br>...i...>_.^...^[[email protected]...>.u...h.....<br>N.;H.u...h...F....^[email protected]...>.u...h.....N.;<br>H.u...h...F....^.................?............T$..B.V.0.r..0.~..u..V..<br>r..p..I.;Q.^u..A....B.....J.;.u......B.....A....B.......T$...V.p..</pre><<< skipped >>></font><br><br

<font color="red">POST / HTTP/1.1<br>

Connection: Keep-Alive<br>

Content-Length: 68<br>

Content-Type: application/octet-stream<br>

Host: s.x.baidu.com<br>

Keep-Alive: timeout=600,max=1000<br>

<br>

...8........" 8445a55eb3350c912a726b3795bf47c6([email protected].` ......</font><br><font color="blue">HTTP/1.1 200 OK<br>

Server: iYuntianSvr<br>

Content-Type: application/octet-stream<br>

Keep-Alive: timeout=30<br>

Connection: Keep-Alive<br>

Content-Length: 124<br><pre>...p........" 8445a55eb3350c912a726b3795bf47c6(.28{.}L..fwD...........<br>u..8..(8_.9.........v.>.E.{[email protected].` ........</pre></font><br><br

<font color="red">GET /sw-search-sp/client2/common/patch/19562458020/BDLogicUtils.dll HTTP/1.1<br>

Accept: */*<br>

Accept-Language: zh-CN,zh,en-US<br>

Connection: Keep-Alive<br>

Host: dlsw.baidu.com<br>

Range: bytes=524288-<br>

Referer: hXXp://xf.baidu.com<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

<br>

</font><br><font color="blue">HTTP/1.1 206 Partial Content<br>

Server: JSP3/2.0.0-b<br>

Date: Mon, 11 Aug 2014 18:50:30 GMT<br>

Content-Type: application/x-msdownload<br>

Content-Length: 400208<br>

Connection: close<br>

ETag: 44edff85d12e091f0b129f05a3f2a042<br>

Last-Modified: Tue, 06 May 2014 07:48:08 GMT<br>

Expires: Tue, 12 Aug 2014 14:59:34 GMT<br>

Age: 186656<br>

Content-Range: bytes 524288-924495/924496<br>

Access-Control-Allow-Origin: *<br>

Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE<br>

Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id<br>

Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length<br>

Accept-Ranges: bytes<br>

x-bs-version: 45FD47DB9BA063A62A2F1AF299C66DD6<br>

x-bs-request-id: MTAuNDYuMTU3LjIzOjgwODA6MTU1MDU3MDk3NDoyOC9KdWwvMjAxNCAyMjo1ODo0MyA=<br>

x-bs-meta-crc32: 3569711378<br>

Content-MD5: 44edff85d12e091f0b129f05a3f2a042<br>

x-bs-client-ip: MTgwLjc2LjIyLjc1<br><pre>d.......3..\$..|$L;.u<h....h.T..j..L$ .\$X.a....\$D.....h.......\$.<br>.....P.L$P.........D$D....t..L$..X...j.h....h....j.W.L7.......u.VW.&..<br>.....L$<d......Y_^[..8...P...f....L$<d......Y_^[..8....j.h....d.<br>....P..,SVW.....3.P.D$<d.......3..\$..|$L;.u<hp...h.T..j..L$ .\$<br>X......\$D.....h.......\$......P.L$P.N.......D$D....t..L$..x...j.hH...<br>h....j.W.l6.......u.VW.F.......L$<d......Y_^[..8...P........L$<d<br>......Y_^[..8....QS.\$.VW..3..|$..F..C.P.....9{.~WU.o..F..N.;.}.......<br>...F....%.F.;.u....P........n...7...V.......n......Q......</pre></font><br><br

<font color="red">GET /client/dllv3/BDMReport.dll HTTP/1.1<br>

Accept: */*<br>

Accept-Language: zh-CN,zh,en-US<br>

Connection: Keep-Alive<br>

Host: dl1sw.baidu.com<br>

Range: bytes=1146880-<br>

Referer: hXXp://xf.baidu.com<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

<br>

</font><br><font color="blue">HTTP/1.0 206 Partial Content<br>

Expires: Tue, 09 Sep 2014 16:02:42 GMT<br>

Date: Sun, 10 Aug 2014 16:02:42 GMT<br>

Server: nginx<br>

Content-Type: application/octet-stream<br>

Last-Modified: Mon, 17 Jun 2013 13:07:38 GMT<br>

Cache-Control: max-age=2592000<br>

Accept-Ranges: bytes<br>

Content-Range: bytes 1146880-1207519/1207520<br>

Content-Length: 60640<br>

Age: 96470<br>

Via: 1.0 sdytwt88:88 (Cdn Cache Server V2.0), 1.0 tswt76:8104 (Cdn Cache Server V2.0), 1.0 shiben11:10003 (Cdn Cache Server V2.0)<br>

Connection: close<br>

Content-Disposition: attachment;filename="BDMReport.dll"<br>

Access-Control-Allow-Origin: *<br>

Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD<br><pre>......................................................................<br>......................................................................<br>..........................................abcdefghijklmnopqrstuvwxyz..<br>....ABCDEFGHIJKLMNOPQRSTUVWXYZ........................................<br>......................................................................<br>......................................................................<br>......................................................                <br>          ............................................................<br>......................................................................<br>......................................................................<br>.....abcdefghijklmnopqrstuvwxyz......ABCDEFGHIJKLMNOPQRSTUVWXYZ.......<br>......................................................................<br>........................................................X...........`.<br>y.!...............................@~.............. ...................<br>............@............... ...............................A.........<br>............[.........................@~......Q...Q.^. ._.j.2.........<br>................1~......H........p..............PST...................<br>..........................................PDT.........................<br>......................................................................<br>......;...Z...x.......................0...N...m...........:...Y...w...<br>..................../...M...l............i.......?AVDNameNode@@..i....<br>...?AVcharNode@@...i.......?AVpDNameNode@@.....i.......?AVDNameSta</pre><<< skipped >>></font><br><br

<font color="red">GET /client/dllv5/BDMReport.dll HTTP/1.1<br>

Accept: */*<br>

Accept-Language: zh-CN,zh,en-US<br>

Connection: Keep-Alive<br>

Host: dl1sw.baidu.com<br>

Range: bytes=720896-<br>

Referer: hXXp://dl1sw.baidu.com/<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

<br>

</font><br><font color="blue">HTTP/1.0 206 Partial Content<br>

Expires: Tue, 09 Sep 2014 15:52:41 GMT<br>

Date: Sun, 10 Aug 2014 15:52:41 GMT<br>

Server: nginx<br>

Content-Type: application/octet-stream<br>

Last-Modified: Wed, 30 Apr 2014 05:24:32 GMT<br>

Cache-Control: max-age=2592000<br>

Accept-Ranges: bytes<br>

Content-Range: bytes 720896-1207519/1207520<br>

Content-Length: 486624<br>

Age: 97070<br>

Via: 1.0 sdytwt85:88 (Cdn Cache Server V2.0), 1.0 tswt79:80 (Cdn Cache Server V2.0), 1.0 shiben14:10001 (Cdn Cache Server V2.0)<br>

Connection: close<br>

Content-Disposition: attachment;filename="BDMReport.dll"<br>

Access-Control-Allow-Origin: *<br>

Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD<br><pre>.u....P...R...._.......W......._.PV............]....F..V. ....|..8.u..<br>x.>u.....F...;F........~ ........F......^._^]..[Y...QV.............<br>.......j.hK!..d.....P...SUVW..v..3.P.D$.d........|$,......G.;G.s......<br>s........G..O.........6...G.............. .t] .tS......u..............<br>[email protected]........`...QWP.M...#......v...2........t]....<br>u..G.;G.s......s........L$,.G....T$,R...95....t..|$,.....]<.E4.G.;G<br>........8...........G..G.;G.s......s........L$..G....T$.R....4......f.<br>...|$......M<..E5.G..O. ...........8........x.>..........G..u..F<br>..N.;.}..........F....M.F.;.u....P........^.jX.........D$....D$$....t.<br>...O.....3..N.......^..D$$....PW.q...............G..O. ....|..8.u..x.&<br>gt;u.....G..e.....;W......... ........G......_....L$.d......Y_^][.....<br>.PW.5.......A................V........D$..t.V..........^.....SV...N...<br>....FD3.:.t ......^..^..^.t..N...`...t...]...N .3y...^D9^..N.^[t......<br>.j.h{!..d.....P...SUVW..v..3.P.D$.d........D$......|$,......G.;G.s....<br>..s........G..O.........3...G...................\......... .tI .u.....<br>[email protected]... ......u...2..l.....u..<br>O.;O.s...<.s........D$,.O....T$,R...G2....t..D$,..|.......]D.E....R<br>PS.M.......G.;G........8...........G..E.PW.M..........w....MD..G.;G...<br>.....8...........G............G.;G.s......s........L$..G....T$.R....1.<br>..........|$......MD..E..G.;G...v....8J..m.......G..2...t.............<br>..................................MD..}.`...u'j...........t..@......@.<br>[email protected]. ...........8........x.&</pre><<< skipped >>></font><br><br

<font color="red">GET /sw-search-sp/client2/ditch/25288850097/BDMZipNewForWs.dll HTTP/1.1<br>

Accept: */*<br>

Accept-Language: zh-CN,zh,en-US<br>

Connection: Keep-Alive<br>

Host: dlsw.baidu.com<br>

Range: bytes=14417920-<br>

Referer: hXXp://dlsw.baidu.com/<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

<br>

</font><br><font color="blue">HTTP/1.1 206 Partial Content<br>

Server: JSP3/2.0.0-b<br>

Date: Mon, 11 Aug 2014 18:51:07 GMT<br>

Content-Type: application/x-msdownload<br>

Content-Length: 11586384<br>

Connection: close<br>

ETag: c7062e404128917808756500d58121ee<br>

Last-Modified: Fri, 11 Jul 2014 14:29:11 GMT<br>

Expires: Tue, 12 Aug 2014 15:00:39 GMT<br>

Age: 186628<br>

Content-Range: bytes 14417920-26004303/26004304<br>

Access-Control-Allow-Origin: *<br>

Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE<br>

Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id<br>

Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length<br>

Accept-Ranges: bytes<br>

x-bs-version: DD1C492BA7010AF29AF13DA0A61E68AF<br>

x-bs-request-id: MTAuNDYuMjMxLjQwOjgwODA6MjcwNDI3OTU1MDoyOC9KdWwvMjAxNCAyMzowMDozOCA=<br>

x-bs-meta-crc32: 2839405489<br>

Content-MD5: c7062e404128917808756500d58121ee<br>

x-bs-client-ip: MTgwLjc2LjIyLjc5<br><pre>}S\.-.$.......".p.e.......%e..:..7.....B`.ba8......w.05 L..2we..X.j...<br>ZS$.5.Q.3.:.....i.w./:kW..#".#6Fp.....$..F-9.E..`....... o..<..U...<br>.a.........J1 .^3.|...)[email protected]..}.!Q>............6i...[.{..AW=....<br>...iE......(.v....F9.........@ .....y]9.....J6......}.z.T....s]Q......<br>......^gil.Lje.Bl...Vr2..}..yMv..._.?q...T6.X.@.~w]p...Di......y..J...<br>r5Yq..... ..C..<9.F.....qM...........:...~.*..;.z....S.E.a...|#..a.<br><'w.,.P.p.....?.e....=<`"..v.i..{"....hg..A^.al.y...!..........8<br>.....n..q>E..lNW.{...t..F<.|C..7{l..._.....k...="...0......~.=..<br>.2...v.-.|.`......6..T.Ia...y..C. ..f.6.=.s..B...FEN"Q.x{^....OD.VY..g<br>J.`.l~.=9l3J.2.*........~.......;w\..l..7G....N..O*.x5..../#...-...F..<br>..B....z.Uj...i..7...Mdx.?..Ma....%}p.c[[email protected].;#|..?..o.J...q<.|.<br>.#^..{q.S..x...Et.....Y.......4......d#....7...5......Z...Fi...SS....8<br>.D.)h...P..?..Q**...AR.....kR.8....5................Hl.....A.,.....!W.<br>k>d!KG.t..9.i..._Nb.<..2.'2..U.)VBFa.U~..........~.......K.?G...<br>.%..a.n.=qDV.0...KY.xhP.d,N....."..f.).....G.;..m.k;.B...0K>6..I.FG<br>[email protected]!H~{..h...A..%Q.......sGn.....{4.|.^...X.LE.d.<br>..I.M.....C.......t....L.....'[email protected]!.F8h..$....<br>.>Qm...I. x...`\....f..........`.C`..B37b....\...PCF..... w..3...:r<br>FmDz.. . GQ.......P|X]...P......Y..Er...c-....Y...5...U.. ........0.3.<br>....?...!...wlV....v@.......'.O.u*.x... ...A.....CXYg....qR"\..ws..x.u<br>..j./Rj.;y~hb.>.w.hJ.... .h......~V...B\.UB......s}.....[......4...<br>...o..]Fj..m...U.. .pw.....5...8.....fq...). .>/f..c..50.j"L.Qb</pre><<< skipped >>></font><br><br

<font color="red">GET /support/mini/fyminiloader-min.js HTTP/1.1<br>

Accept: */*<br>

Referer: hXXp://tv.aiqingzhihui.com/zhibo2.html?id=pczh_107_306.exe&en=2014-8-11&go=<br>

Accept-Language: en-us<br>

Accept-Encoding: gzip, deflate<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

Host: static.m0dlcdn.kukuplay.com<br>

Connection: Keep-Alive<br>

<br>

</font><br><font color="blue">HTTP/1.1 200 OK<br>

Content-Type: application/x-javascript<br>

Last-Modified: Fri, 11 Jan 2013 07:55:33 GMT<br>

Expires: Thu, 31 Dec 2037 23:55:55 GMT<br>

Cache-Control: max-age=315360000<br>

Content-Encoding: gzip<br>

X-Via-Cache: sx<br>

Content-Length: 363<br>

Accept-Ranges: bytes<br>

Date: Mon, 11 Aug 2014 14:06:11 GMT<br>

Age: 2959800<br>

Connection: keep-alive<br>

X-cdn: ydcdn<br>

X-hit-at: sx<br><pre>..........}Q]O.0.. .&.f..l..:...MtO..........$.wK...}:...s...U.J.B4t..<br>9f..5W6..>W|.O.W... ...j]K%..!g..I.....!x.&>..s......>.0H~..s<br>.no...>....L.....@&.....>.*:....J.h....97K.....h.....B.&..o$x.5*<br>..........tQc[)Z..d......l....g.h.X].A,.g.8N7(08.............xZ....1".<br>k.....,m... ...T3..X. .G..K..q.q...` .._-..q.a....]UR..........~<\.<br>L......A.GR)n^>..p1..e.B.......HTTP/1.1 200 OK..Content-Type: appli<br>cation/x-javascript..Last-Modified: Fri, 11 Jan 2013 07:55:33 GMT..Exp<br>ires: Thu, 31 Dec 2037 23:55:55 GMT..Cache-Control: max-age=315360000.<br>.Content-Encoding: gzip..X-Via-Cache: sx..Content-Length: 363..Accept-<br>Ranges: bytes..Date: Mon, 11 Aug 2014 14:06:11 GMT..Age: 2959800..Conn<br>ection: keep-alive..X-cdn: ydcdn..X-hit-at: sx............}Q]O.0.. .&.<br>f..l..:...MtO..........$.wK...}:...s...U.J.B4t..9f..5W6..>W|.O.W...<br> ...j]K%..!g..I.....!x.&>..s......>.0H~..s.no...>....L.....@&<br>.....>.*:....J.h....97K.....h.....B.&..o$x.5*..........tQc[)Z..d...<br>...l....g.h.X].A,.g.8N7(08.............xZ....1".k.....,m... ...T3..X. <br>.G..K..q.q...` .._-..q.a....]UR..........~<\.L......A.GR)n^>..p1<br>..e.B.........</pre></font><br><br

<font color="red">GET /client/dllv3/BDMReport.dll HTTP/1.1<br>

Accept: */*<br>

Accept-Language: zh-CN,zh,en-US<br>

Connection: Keep-Alive<br>

Host: dl1sw.baidu.com<br>

Range: bytes=819200-<br>

Referer: hXXp://xf.baidu.com<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

<br>

</font><br><font color="blue">HTTP/1.0 206 Partial Content<br>

Expires: Tue, 09 Sep 2014 16:02:42 GMT<br>

Date: Sun, 10 Aug 2014 16:02:42 GMT<br>

Server: nginx<br>

Content-Type: application/octet-stream<br>

Last-Modified: Mon, 17 Jun 2013 13:07:38 GMT<br>

Cache-Control: max-age=2592000<br>

Accept-Ranges: bytes<br>

Content-Range: bytes 819200-1207519/1207520<br>

Content-Length: 388320<br>

Age: 96469<br>

Via: 1.0 sdytwt88:88 (Cdn Cache Server V2.0), 1.0 tswt76:8104 (Cdn Cache Server V2.0), 1.0 shiben11:10003 (Cdn Cache Server V2.0)<br>

Connection: close<br>

Content-Disposition: attachment;filename="BDMReport.dll"<br>

Access-Control-Allow-Origin: *<br>

Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD<br><pre>HTTP/1.0 206 Partial Content..Expires: Tue, 09 Sep 2014 16:02:42 GMT..<br>Date: Sun, 10 Aug 2014 16:02:42 GMT..Server: nginx..Content-Type: appl<br>ication/octet-stream..Last-Modified: Mon, 17 Jun 2013 13:07:38 GMT..Ca<br>che-Control: max-age=2592000..Accept-Ranges: bytes..Content-Range: byt<br>es 819200-1207519/1207520..Content-Length: 388320..Age: 96469..Via: 1.<br>0 sdytwt88:88 (Cdn Cache Server V2.0), 1.0 tswt76:8104 (Cdn Cache Serv<br>er V2.0), 1.0 shiben11:10003 (Cdn Cache Server V2.0)..Connection: clos<br>e..Content-Disposition: attachment;filename="BDMReport.dll"..Access-Co<br>ntrol-Allow-Origin: *..Access-Control-Allow-Methods: GET,PUT,POST,DELE<br>TE,OPTIONS,HEAD..$.................u.2.Y....L$.P.|.....Y..........D$.P<br>..........u.2.....L$.P.P.......................T$...$PR...Q.D$......D$<br>[email protected]$...-................3..H..H..H.....<br>.3..H..H..H....S.\$..C.VW..3.;.u.3....s. ....;..O..O..O.tb.....?v..h..<br>.QV......G..G.....G..s....9s.v...l..U.k.;k.v...l...O. ............4.t.<br>PUPQ..]......w.].._^[..............QSU.l$.V..W.~...t..F... ....u.3...;<br>.v..Ql....t.;.t..Dl...\$  .....T$$.D$ Rj.PU........~.;~.v...l...|$ .&l<br>t;.;~.w.;~.s...l...D$..x._.0^][Y..........QSU.l$.V..W.~...t..F... ....<br>u.3...;.v...k....t.;.t...k...\$  .....T$$.D$ Rj.PU... ....~.;~.v...k..<br>.|$ .<.;~.w.;~.s..tk...D$..x._.0^][Y.............V...F...PVQV.D$.P.<br>.......N.Q..`.....3..F..F.^................j.h.E..d.....P..HSUVW..v..3<br>.P.D$\d........\$..D$t.x-.tLj.3.h.M...L$ .D$8.....t$4.D$$.......D$.P.L<br>$8.t$h.....h.?...L$8Q.D$<.f...U`...L$p...R....E..x-.t..}....U..</pre><<< skipped >>></font><br><br

<font color="red">GET /sw-search-sp/client2/common/patch/19035267599/BDMReport.dll HTTP/1.1<br>

Accept: */*<br>

Accept-Language: zh-CN,zh,en-US<br>

Connection: Keep-Alive<br>

Host: dlsw.baidu.com<br>

Range: bytes=1015808-<br>

Referer: hXXp://xf.baidu.com<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

<br>

</font><br><font color="blue">HTTP/1.1 206 Partial Content<br>

Server: JSP3/2.0.0-b<br>

Date: Mon, 11 Aug 2014 18:50:31 GMT<br>

Content-Type: application/x-msdownload<br>

Content-Length: 191712<br>

Connection: close<br>

ETag: 30cbc602ada7cdfb0346038c05996d84<br>

Last-Modified: Wed, 30 Apr 2014 05:22:28 GMT<br>

Expires: Tue, 12 Aug 2014 14:59:15 GMT<br>

Age: 186677<br>

Content-Range: bytes 1015808-1207519/1207520<br>

Access-Control-Allow-Origin: *<br>

Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE<br>

Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id<br>

Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length<br>

Accept-Ranges: bytes<br>

x-bs-version: DC8389F18378C004A7004B30F60323AD<br>

x-bs-request-id: MTAuNTcuMTIyLjM1OjgwODA6MjM1OTEyNDY2MzoyOC9KdWwvMjAxNCAyMjo1OTowNiA=<br>

x-bs-meta-crc32: 2965621797<br>

Content-MD5: 30cbc602ada7cdfb0346038c05996d84<br>

x-bs-client-ip: MTgwLjc2LjIyLjE3Mg==<br><pre>...................................... ...............................<br>......................................................................<br>......................................................................<br>......................................................................<br>.................. . . . . . . . . .h.(.(.(.(. . . . . . . . . . . . .<br> . . . . . .H.........................................................<br>......................................................................<br>.............................................................. . . . .<br> . . . . . . . . . . . . . . . . . . . . . . . . . . . . .H...........<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>.................................................................. !"#<br>$%&'()* ,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abc<br>defghijklmnopqrstuvwxyz{|}~...........................................<br>......................................................................<br>......................................................................<br>......................................................................<br>.................................... !"#$%&'()* ,-./0123456789:;<=&<br>gt;?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~...<br>..................................................................</pre><<< skipped >>></font><br><br

<font color="red">GET /sw-search-sp/client2/ditch/25288850097/BDMZipNewForWs.dll HTTP/1.1<br>

Accept: */*<br>

Accept-Language: zh-CN,zh,en-US<br>

Connection: Keep-Alive<br>

Host: dlsw.baidu.com<br>

Range: bytes=19529728-<br>

Referer: hXXp://dlsw.baidu.com/<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

<br>

</font><br><font color="blue">HTTP/1.1 206 Partial Content<br>

Server: JSP3/2.0.0-b<br>

Date: Mon, 11 Aug 2014 18:50:40 GMT<br>

Content-Type: application/x-msdownload<br>

Content-Length: 6474576<br>

Connection: close<br>

ETag: c7062e404128917808756500d58121ee<br>

Last-Modified: Fri, 11 Jul 2014 14:29:11 GMT<br>

Expires: Tue, 12 Aug 2014 15:00:39 GMT<br>

Age: 186601<br>

Content-Range: bytes 19529728-26004303/26004304<br>

Access-Control-Allow-Origin: *<br>

Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE<br>

Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id<br>

Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length<br>

Accept-Ranges: bytes<br>

x-bs-version: DD1C492BA7010AF29AF13DA0A61E68AF<br>

x-bs-request-id: MTAuNDYuMjMxLjQwOjgwODA6MjcwNDI3OTU1MDoyOC9KdWwvMjAxNCAyMzowMDozOCA=<br>

x-bs-meta-crc32: 2839405489<br>

Content-MD5: c7062e404128917808756500d58121ee<br>

x-bs-client-ip: MTgwLjc2LjIyLjc5<br><pre>p.....',..HF.d.q.L9.]...kz.....I.Wt:t(...X..*..2U[..%|.Nh.l..l"E.x...2<br>q.?*)(0.i..b@'N...Uey...UQ.S..4....8e.1.r.\XZ...$..6....rM......0o...)<br>.q...%....3...5...K.q0Fb.JTi.",Q...=.._..Z.....Z.F......RP7.....6...]9<br>...C.|..@......\{2'[email protected]..<....q..5\R..c..,.]L......<br>.f....Qh3`.d..#.V.j.5.0ei..;........ ...,.., <.Z....h....;...6N..,.<br>.ES..9....DTW...g/,.7M..O.Z/q".2s.y...w$.9.2w.....o.Z}..`....0.....Fb.<br>E...d.......:q.a._?..j....A.o....3.{G.....NY.....,X3W..hl... .$}.q....<br>.....J....'- ...O/.........8...P..q....H=l.Z......J....,...Y....`.r...<br>.hzjn....gkA.g............yX....h0.L..:q...,NS...Xp.h...2..h..zMo.'I..<br>....K.WI..hA...j-0..A.{E][email protected]..(......Y.$. ..<br>...... y.C;.N./p.Q.=R.....l...N9s.....U.B....Y.q.".i.F.n.....e..Pu%X..<br>.?..*]..~..udl..P.G.{..2.<Q...e...M.......z.^7..J........]..../....<br>..<.g.Y.;o.7.N...!.."L0..9.B...7.yF6.}.j...;....nw...R..?.D.OL.....<br>.......D....|..U.I<E_.K......L.z...KswDsC'.~..m..lwj.w.....G....Z`.<br>.(6.p.......yb.KC.6j........`..Z....*Z.8.Gn,/H.v|...L N..B...-..m:x}.u<br>.=.e. .m..`&g4......42..w.,.....6.h../.;:..9}...O..{6G.......Z..f.c...<br>e.3C....:....l.#-t..5z_......,.m3N,H..Am...rdO.....J.....cFk..M..p..s.<br>]....../..n.%....m...U...Z......-....5...-....s....]{.....pE3.AFd`...@<br>....l3$.....6$..L......]....`It......=...Z...$.6......ZFi.,....$^....k<br>...a.Bry.:,~....G.9k.V.D...yD.[._]d. ...5...x.j..../3..q..'..`.KO4F...<br>....h...P..~...s.z!.\R..%...o. .m5.*...|&....t..Gs.............p......<br>%=}kp..P.5.. K..I......8*.. ........`..H..D..*..B.HJ...6.....{5.3.</pre><<< skipped >>></font><br><br

<font color="red">GET /sw-search-sp/client2/ditch/25288850097/BDMZipNewForWs.dll HTTP/1.1<br>

Accept: */*<br>

Accept-Language: zh-CN,zh,en-US<br>

Connection: Keep-Alive<br>

Host: dlsw.baidu.com<br>

Range: bytes=131072-<br>

Referer: hXXp://dlsw.baidu.com/<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

<br>

</font><br><font color="blue">HTTP/1.1 206 Partial Content<br>

Server: JSP3/2.0.0-b<br>

Date: Mon, 11 Aug 2014 18:50:40 GMT<br>

Content-Type: application/x-msdownload<br>

Content-Length: 25873232<br>

Connection: close<br>

ETag: c7062e404128917808756500d58121ee<br>

Last-Modified: Fri, 11 Jul 2014 14:29:11 GMT<br>

Expires: Tue, 12 Aug 2014 15:00:39 GMT<br>

Age: 186601<br>

Content-Range: bytes 131072-26004303/26004304<br>

Access-Control-Allow-Origin: *<br>

Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE<br>

Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id<br>

Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length<br>

Accept-Ranges: bytes<br>

x-bs-version: DD1C492BA7010AF29AF13DA0A61E68AF<br>

x-bs-request-id: MTAuNDYuMjMxLjQwOjgwODA6MjcwNDI3OTU1MDoyOC9KdWwvMjAxNCAyMzowMDozOCA=<br>

x-bs-meta-crc32: 2839405489<br>

Content-MD5: c7062e404128917808756500d58121ee<br>

x-bs-client-ip: MTgwLjc2LjIyLjc5<br><pre>..3._^[..V.t$...t~.F.;.\...t.P..d..Y.F.;.`...t.P..c..Y.F.;.d...t.P..c.<br>.Y.F.;.h...t.P..c..Y.F.;.l...t.P..c..Y.F ;.p...t.P..c..Y.v$;5t...t.V..<br>c..Y^.U.....SV.u.W3.9~..}..u..}.u.9~.u..}..}..P....6...j0j........;.YY<br>[email protected]......;.Y.E.u.S.=c..Y...89~.......j..}...;.Y.E.u.S..c...u..<br>.c..Y...8..v8.C.Pj.V.E.j.P.15.....C.Pj.V.E.j.P..5.....C.Pj.V.E.j.P..5.<br>....C.Pj.V.E.j.P..4....P...C.Pj.V.E.j.P..4.....C PjPV.E.j.P..4.....C$P<br>jQV.E.j.P..4.....C(Pj.V.E.j.P..4....P...C)Pj.Vj..E.P..4.....C*PjTV.E.j<br>.P.w4.....C PjUV.E.j.P.c4.....C,PjVV.E.j.P.O4....P...C-PjWV.E.j.P.84..<br>...C.PjRV.E.j.P.$4.....C/PjSV.E.j.P..4....<..t$S.....S..a...u...a..<br>.u...a......Q....C.......0|[email protected]..#..;u....~........>.u.<br>[email protected][email protected]}...t..M......<br>...;.t.P..d.........;.t#P..d.....u.........a..........`..YY.E........E<br>.............3._^[..3..-....t"...t....t.Ht.3..........................<br>SUVW.......U3..^.WS..S...~..~..~.3..~............ ......CMu...........<br>......ANu._^][.U..$d..........<...3.......SW.E.P.v.................<br>...3........@;.r..E......... t .].......;.w. [email protected] R..S.....C..C<br>..u.j..v..E..v.PW......Pj.j...&..3.S.v.......WPW......PW.v.S.......DS.<br>v.......WPW......Ph.....v.S.y.....$3...LE....t..L...............t..L..<br> ........................@;.r..M.......E.....3.)E..U...........Z ...w.<br>.L....... .....w..L.. .... .......A;.r......._3.[..`..........j.h.....<br>.................Gpt...l.t..wh..u.j .....Y........j......Y.e...wh.u.;5<br>....t6..t.V..d.....u.......t.V.V^..Y......Gh.5.....u.V..\....E....</pre><<< skipped >>></font><br><br

<font color="red">GET /sw-search-sp/client2/ditch/25288850097/BDMZipNewForWs.dll HTTP/1.1<br>

Accept: */*<br>

Accept-Language: zh-CN,zh,en-US<br>

Connection: Keep-Alive<br>

Host: dlsw.baidu.com<br>

Range: bytes=524288-<br>

Referer: hXXp://dlsw.baidu.com/<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

<br>

</font><br><font color="blue">HTTP/1.1 206 Partial Content<br>

Server: JSP3/2.0.0-b<br>

Date: Mon, 11 Aug 2014 18:50:50 GMT<br>

Content-Type: application/x-msdownload<br>

Content-Length: 25480016<br>

Connection: close<br>

ETag: c7062e404128917808756500d58121ee<br>

Last-Modified: Fri, 11 Jul 2014 14:29:11 GMT<br>

Expires: Tue, 12 Aug 2014 15:00:39 GMT<br>

Age: 186611<br>

Content-Range: bytes 524288-26004303/26004304<br>

Access-Control-Allow-Origin: *<br>

Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE<br>

Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id<br>

Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length<br>

Accept-Ranges: bytes<br>

x-bs-version: DD1C492BA7010AF29AF13DA0A61E68AF<br>

x-bs-request-id: MTAuNDYuMjMxLjQwOjgwODA6MjcwNDI3OTU1MDoyOC9KdWwvMjAxNCAyMzowMDozOCA=<br>

x-bs-meta-crc32: 2839405489<br>

Content-MD5: c7062e404128917808756500d58121ee<br>

x-bs-client-ip: MTgwLjc2LjIyLjc5<br><pre>.....E.............%...E..x..t..M....Q.U..B..M..I........M.d........].<br>..........U......E......E......E......E......E......E.P.M....E.P.JP...<br>E..}..}..5.3.U.R..d....E..}..u..E..........E.P.M....E.P.J$...E..U.R..`<br>....E.P..`....}..t..M....E.P.J....}..t..U....M.Q.P....E...]...U......E<br>......E......E......E......E........M.Q.U....M.Q.PP...E..}..}..x.v.E.P<br>..d....E..}..u..E......Z.X.M.Q.U.R.E....U.R.A(...E..}..|2.M.Q.U....M.Q<br>.PD...E..}..}.......E...t..M..........E......U.R..`....}..t..E....U.R.<br>A....}..t..M....E.P.J....E...]........U...}..t..E....U.R.A...]........<br>U......E......E......E......E........M.Qh....j.j.h...........E..}..}..<br>:.8.U.R.E....U.R.A....E..}..}......M.Q.U.R.E....U.R.A ...E..}..t..M...<br>.E.P.J....}..t..U....M.Q.P....E...].U.... .}..t..}..u.......E......E..<br>@...E.....j.j........E..}.....t..E..E..}..}..d.b.E........M.....M..}..<br>}J.U.R.E.P.........E..}..}..!....|...E..M.Q.U.R.E.P.........E..M.Q....<br>.......}..|.........].............U......E......E......E......E......E<br>......E.P.M.Q.U.R.&.......E..}..}............}.........E.P.M....E.P.JP<br>...E..}..}............U.Rh....j.j.h...........E..}..}............E.P..<br>d....E..}..u..E......{.y.M.Q.U....M.Q.P(...E..}..}..\.Z.E.P..d....E..M<br>.Q..h.....u..E......6.4.U.R.E....U.R.A ...E..}..}......M.Q.U....M.Q.P <br>...E..E.P..`....M.Q..`....}..t..U....M.Q.P....}..t..E....U.R.A....E...<br>].............U.... .}..t..}[email protected]<br>..}.....t..E..E..}..}..d.b.E........M.....M..}..}J.U.R.E.P.y.......E..<br>}..}..!....z...E..M.Q.U.R.E.P.........E..M.Q.!.........}..|.......</pre><<< skipped >>></font><br><br

<font color="red">GET /client/dllw5/BDLogicUtils.dll HTTP/1.1<br>

Accept: */*<br>

Accept-Language: zh-CN,zh,en-US<br>

Connection: Keep-Alive<br>

Host: dl1sw.baidu.com<br>

Range: bytes=589824-<br>

Referer: hXXp://dl1sw.baidu.com/<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

<br>

</font><br><font color="blue">HTTP/1.0 206 Partial Content<br>

Expires: Mon, 08 Sep 2014 06:25:46 GMT<br>

Date: Sat, 09 Aug 2014 06:25:46 GMT<br>

Server: nginx<br>

Content-Type: application/octet-stream<br>

Last-Modified: Tue, 06 May 2014 06:31:30 GMT<br>

Cache-Control: max-age=2592000<br>

Accept-Ranges: bytes<br>

Content-Range: bytes 589824-924495/924496<br>

Content-Length: 334672<br>

Age: 217482<br>

Via: 1.0 wzpy220:8080 (Cdn Cache Server V2.0), 1.0 shiben10:10001 (Cdn Cache Server V2.0)<br>

Connection: close<br>

Content-Disposition: attachment;filename="BDLogicUtils.dll"<br>

Access-Control-Allow-Origin: *<br>

Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD<br><pre>.D$..L$.......=....s....A..#[email protected]$.P.<br>D$...............3...3.QR........^.........D$..L$..........=....s..T$.<br>[email protected]!......A.......T$..A..L$....H.....QP.c....T$..<br>L$....H........................D$..L$..........=....s..D$....A.......=<br>[email protected]$.......A.....A.........QP......D$...............L$.V.t$......<br>......=....s....A..#[email protected]$...P.B(.....<br>........^[email protected].[...............D$..L$...<br>.......=....VWs....q..%[email protected]...........|$....B,.<br>...=....s......F.P.B(...._^.VP..........P.B(...._^................H...<br>..........V....H.........D$..t.V..........^...............j.h....d....<br>.P..0SV.....3.P.D$<d.....3..\$..t$L.F..T$.RVP........L$........F..A<br>..T$..L$P.Z..D$..X..v,...B.V....;.u?h....ht...j..L$ .\$X.T...hP......D<br>$H.....D$..........P.L$P......D$...D$D....t..L$..F......B......L$....T<br>$..Z..D$....L$<d......Y^[..<....Y..T$....L$<d......Y^[..<.<br>............D$..L$.P.r.....................j.hI...d.....P..,SUVW.....3<br>[email protected]..\$..D$P.M.PQ.M........;.u.2.......F..|$T...F........W<br>[email protected],.M...P.B...;..G.uSh....ht...j..L$$.<br>\$\......v.V.\$Lh.........h.......\$ ./......(..........P.L$T.........<br>[email protected]_^][..8........j.h<br>....d.....P.. SVW.....3.P.D$0d........D$L.D$.4....D$..t$D.~4..L$H.D$8.<br>[email protected]$.R.D$.PVQ...D$H..Z....D$......L$..P...RH.D$.P.<br>....N8.V4.D$ H....T$$.L$(.D$,[email protected]$.P.L$$QVR...D$H.......D$ H....</pre><<< skipped >>></font><br><br

<font color="red">GET /client/dllv5/BDMReport.dll HTTP/1.1<br>

Accept: */*<br>

Accept-Language: zh-CN,zh,en-US<br>

Connection: Keep-Alive<br>

Host: dl1sw.baidu.com<br>

Range: bytes=524288-<br>

Referer: hXXp://dl1sw.baidu.com/<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

<br>

</font><br><font color="blue">HTTP/1.0 206 Partial Content<br>

Expires: Tue, 09 Sep 2014 15:52:41 GMT<br>

Date: Sun, 10 Aug 2014 15:52:41 GMT<br>

Server: nginx<br>

Content-Type: application/octet-stream<br>

Last-Modified: Wed, 30 Apr 2014 05:24:32 GMT<br>

Cache-Control: max-age=2592000<br>

Accept-Ranges: bytes<br>

Content-Range: bytes 524288-1207519/1207520<br>

Content-Length: 683232<br>

Age: 97070<br>

Via: 1.0 sdytwt85:88 (Cdn Cache Server V2.0), 1.0 tswt79:80 (Cdn Cache Server V2.0), 1.0 shiben14:10001 (Cdn Cache Server V2.0)<br>

Connection: close<br>

Content-Disposition: attachment;filename="BDMReport.dll"<br>

Access-Control-Allow-Origin: *<br>

Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD<br><pre>...|$..|$........K...t..C. ....;.r.......|$..S.9t..tX..u.......|$..v.;<br>w.u.......|$.;w.u.......D$H..;N.r.;w.u..z....V..D$H;.......;w.u..a....<br>6.L$H.V.Q.L$.RV...t$0......L$.j.....X...|$...~..G..8u..%....F.;C..D$$u<br>.......|$..d$..O...t..G. ....;.r.......O.9t..uC..t..G. ....;.r........<br>.G..T$$....T..t.......D$D.8.p..@.._^][..0....D$D.L$$_^]...H..@..[..0..<br>[email protected][email protected][email protected].......^......QV...F...t..L$..V.QV<br>RP..|...F.P.........F......F......F.....^Y..j.h....d.....P...VW..v..3.<br>P.D$.d........t$..~.........G.3..G..D$ .G..D$..D$.Pj..N..|$..5........<br>.F .F$...L$.d......Y_^..........V.t$.;.Wt..|$(W.\V..)~..D$..P..L$$...q<br>..T$....r....r..y..z..P..Q._.p.^.$........j.h ...d.....P...VW..v..3.P.<br>D$.d........t$..D$(.....~.........G.3..G..T$..D$ .G.Rj..N..D$..|$.....<br>.......F .F$...L$.d......Y_^..................j.h[...d.....P...VW..v..<br>3.P.D$.d........t$..D$(.....~....C....G.3..G..T$..D$ .G.Rj..N..D$..|$.<br>...........F .F$...L$.d......Y_^..................j.h....d.....P...VW.<br>.v..3.P.D$.d........t$..~.........G.3..G..D$ .G..D$..D$.Pj..N..|$..U..<br>.......F .F$...L$.d......Y_^..........j.h....d.....P...VW..v..3.P.D$.d<br>........t$..~.........G.3..G..D$ .G..D$..D$.Pj..N..|$............F .F$<br>...L$.d......Y_^..........j.h....d.....P...VW..v..3.P.D$.d........t$..<br>~.........G.3..G..D$ .G..D$..D$.Pj..N..|$............F .F$...L$.d.....<br>.Y_^..........j.h....d.....P...VW..v..3.P.D$.d........t$..~.........G.<br>3..G..D$ .G..D$..D$.Pj..N..|$............F .F$...L$.d......Y_^........<br>..SU.l$...V..t.;l$.t.......\$..D$ ;.t%.N.WSQP.0....T$ R...F.VPW.^x</pre><<< skipped >>></font><br><br

<font color="red">GET /sw-search-sp/client2/ditch/25288850097/BDMZipNewForWs.dll HTTP/1.1<br>

Accept: */*<br>

Accept-Language: zh-CN,zh,en-US<br>

Connection: Keep-Alive<br>

Host: dlsw.baidu.com<br>

Range: bytes=15335424-<br>

Referer: hXXp://dlsw.baidu.com/<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

<br>

</font><br><font color="blue">HTTP/1.1 206 Partial Content<br>

Server: JSP3/2.0.0-b<br>

Date: Mon, 11 Aug 2014 18:51:24 GMT<br>

Content-Type: application/x-msdownload<br>

Content-Length: 10668880<br>

Connection: close<br>

ETag: c7062e404128917808756500d58121ee<br>

Last-Modified: Fri, 11 Jul 2014 14:29:11 GMT<br>

Expires: Tue, 12 Aug 2014 15:00:39 GMT<br>

Age: 186645<br>

Content-Range: bytes 15335424-26004303/26004304<br>

Access-Control-Allow-Origin: *<br>

Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE<br>

Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id<br>

Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length<br>

Accept-Ranges: bytes<br>

x-bs-version: DD1C492BA7010AF29AF13DA0A61E68AF<br>

x-bs-request-id: MTAuNDYuMjMxLjQwOjgwODA6MjcwNDI3OTU1MDoyOC9KdWwvMjAxNCAyMzowMDozOCA=<br>

x-bs-meta-crc32: 2839405489<br>

Content-MD5: c7062e404128917808756500d58121ee<br>

x-bs-client-ip: MTgwLjc2LjIyLjc5<br><pre>&.C.TNV.(...a]...o......B.c C.]_X4.....B..t..z..s.....Z.o..{'x....<<br>.y].0..t...Ob...h[/......D...( ..yP}3u`p..*.k%. ...-..r......SH......*<br>.G....ip$..9......R......39.mUO.m.U...|....!...P..)k..`y!H.4..J..-4..S<br>Z.7....>....W]<.6.(0.i....r......D!}...yA..aC.....i.jnZcb....i..<br>S.9......k..GpY.d.MO.$~#.i.8).~...`#.X%.G.M.e..J=...l.?Vz..!.'..?a._.D<br>...BeHmgGyU...a.....a.[. grT..B..H...&.c..4OrSw.-.kL....X.....S......a<br>t.X..)x).?..... 'f.5d..W8.C(.K..s5.PGJeL....ObQ....o(f]...OH..{.D.6...<br>^........o......$E..Cs~..:......Rj....a}.v..b..Y..r`7.wH..(-...`.....^<br>.lT.xF.Y.A.!..1.....*........L.2.....W.6.Sx.z*#w.LH..#uM.|..U=.LH...@0<br>.......R.F...-f..:.X..z........m..s.dW...... . .Z$..#....a...~.....U..<br>.6..9..h.M.]...F..G^..? .N2.......K..aWV..\.~..1B.....MH.Jm.t..*.pD...<br>.T.D...]...B ..."....%:......d..s..S9v(F.b-6......^S.......CK.....).i.<br>...N.A.T......].. ..s.$.h..IV...\zx....-.....C..-B..`...9..U..2]....,}<br>!...pH..... ......l.=.<SZ..d.<M*.A.......'...:h)...x.f.!2vc.....<br>.~x...S....@. ...@|EG. ..k...;......z ..(......l.R......s4........Q.U(<br>G.....M.....N....fR..Z..=q..F. ...)A%..?}P......gm.J..}.`.....c...3yo\<br>[email protected]..<.<.........>.XyO....&...l...V%...S_...U...8....<br>7.(...L...*.$.R1...D.....*.#e...q6a..{......R.2 ...G.U... ..[.....Pt..<br>[email protected]):.....r`iq.....X.M.W...q.....-.iY...%./..0"...K.4r...mja..C.6kO<br>.</.atR#.5....K.......ZI....sd ..g....O.....?.....]/......S..Drt.`e<br>mNq.................D.t{....b'.D..2.x.Mm.F8UY...)2.. ..-..8.z...aV)}.W<br>........0.6.~..mx|......2Z............,&zC..?.......4......._)2W..</pre><<< skipped >>></font><br><br

<font color="red">GET /client/BDMReport.dll HTTP/1.1<br>

Accept: */*<br>

Accept-Language: zh-CN,zh,en-US<br>

Connection: Keep-Alive<br>

Host: dl1sw.baidu.com<br>

Range: bytes=622592-<br>

Referer: hXXp://xf.baidu.com<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

<br>

</font><br><font color="blue">HTTP/1.0 206 Partial Content<br>

Expires: Tue, 09 Sep 2014 16:02:45 GMT<br>

Date: Sun, 10 Aug 2014 16:02:45 GMT<br>

Server: nginx<br>

Content-Type: application/octet-stream<br>

Last-Modified: Wed, 15 May 2013 01:54:31 GMT<br>

Cache-Control: max-age=2592000<br>

Accept-Ranges: bytes<br>

Content-Range: bytes 622592-1207519/1207520<br>

Content-Length: 584928<br>

Age: 96466<br>

Via: 1.0 fjqz153:8080 (Cdn Cache Server V2.0), 1.0 sdbz73:8104 (Cdn Cache Server V2.0), 1.0 shiben10:51020 (Cdn Cache Server V2.0)<br>

Connection: close<br>

Content-Disposition: attachment;filename="BDMReport.dll"<br>

Access-Control-Allow-Origin: *<br>

Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD<br><pre>V.1.0.q..p.......;.u.^...........T$..L$.;..D$.t.V.q.......;..0.q..p.u.<br>^............L$...4....H...................................D$..V......<br>..t.V.1b.......^.....D$..V........t.V..b.......^....V.t$..F.=....s....<br>....^.P........F......^.......j.h....d.....P..0..v..3.P.D$4d.....3..T$<br>...A....h.........wF.$........A..L$4d......Y..<....B..L$4d......Y..<br><[email protected]$4d......Y..<.h....h<...j..L$..T$...7..h.......D$@..<br>....<..P.L$...F...L$..D$<......7..3..L$4d......Y..<.3...H...]<br>...3...]...H...3...H...]...3...............V.....N.;.t.P.sj......D$..t<br>.V..`.......^........V.....N.;.t.P.Cj......D$..t.V.u`.......^........V<br>.....N.;.t.P..j......D$..t.V.E`.......^........V.....N.;.t.P..i......D<br>$..t.V..`.......^........V.....N.;.t.P..i......D$..t.V.._.......^.....<br>...V.....N.;.t.P..i......D$..t.V.._.......^........V.....N.;.t.P.Si...<br>...D$..t.V.._.......^.........A....D$..P......................D$..Q..P<br>[email protected]$..............D$..............A.............<br>..D$.VW.|$............F.u...j...>_..^............V...>.u...i....<br>.N.;H.u...i...F....^.............V...>.u...i...F..x1.t.^..i...H..y1<br>.u....x1.u..I......x1.t..N.^[email protected].;H.u..F....B..x1.t..F.^......<br>.........................T$..B.V.0.r..0.~1.u..V..r..p..I.;Q.^u..A....B<br>.....J.;.u......B.....A....B.......T$...V.p..2.p..~1.u..V..r..p..I.;Q.<br>^u..A..P..B.....J.;Q.u..A..P..B.......P..B............................<br>......V...8.....^......D$.j.P.........................................<br>.................................................D$...t..L$.......</pre><<< skipped >>></font><br><br

<font color="red">GET /client/dllw5/BDLogicUtils.dll HTTP/1.1<br>

Accept: */*<br>

Accept-Language: zh-CN,zh,en-US<br>

Connection: Keep-Alive<br>

Host: dl1sw.baidu.com<br>

Range: bytes=229376-<br>

Referer: hXXp://dl1sw.baidu.com/<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

<br>

</font><br><font color="blue">HTTP/1.0 206 Partial Content<br>

Expires: Mon, 08 Sep 2014 06:25:46 GMT<br>

Date: Sat, 09 Aug 2014 06:25:46 GMT<br>

Server: nginx<br>

Content-Type: application/octet-stream<br>

Last-Modified: Tue, 06 May 2014 06:31:30 GMT<br>

Cache-Control: max-age=2592000<br>

Accept-Ranges: bytes<br>

Content-Range: bytes 229376-924495/924496<br>

Content-Length: 695120<br>

Age: 217482<br>

Via: 1.0 wzpy220:8080 (Cdn Cache Server V2.0), 1.0 shiben10:10001 (Cdn Cache Server V2.0)<br>

Connection: close<br>

Content-Disposition: attachment;filename="BDLogicUtils.dll"<br>

Access-Control-Allow-Origin: *<br>

Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD<br><pre>.SW.|$.3.;.~/V.t$.....6.t$..t$...........t.SSSSS........Ou.^_[.U..SVW.<br>}.h....3.SW......u........u.3......<.u4.F.8.t-j.P......j.P.........<br>[email protected].]......;.......}...<0..u...@........<br>[email protected]..=.}..u...@sy.._ttP.E.Vj@..@. .}..ub...s]..t...,uTP.E.Vj<br>......P.X........t.3.PPPPP..........,..%[email protected].......<br>YY..V......_^[][email protected]..<br>.j..u..u..U............8.^[t.PhD...j..u..u..3......]....S3.ChU....\$..<br>v.....Y.D$...J...UW.x.......n..\$..]H.3hP....5....j.hQ...W.........D$.<br>....hL...hQ...W.r........t.3.PPPPP.........uX.3.......YYt..d$...D$..D$<br>..D$......,0.D$..]H.3hP....0j.hQ...W.h.......|$.....|.3.9l$.uB.FP;...P<br>...t.P....u..vP.....Y.FT;.t.P....u..vT.....Y.D$..FP.~H...G.t$.......FP<br>;..=P...Yt.P....u..vP.....Y.FT;.t.P....u..vT.....Y.Fh.nP.nH_.nL.nT][..<br>..U.l$............3..E\.ElSV.uhW.}t.E..Ex.}..E............H(.M..H,.X .<br>.......M..E...j....}....`....}p...V....>CuL.~..uFh.....up.u........<br>.3...t.VVVVV.C......;.t.f.7f.w.f.w..E.;.t..0.E......V.K........;.Y.E.s<br>"V.u..%.....YY......V.u........YYt..e...E.VP.......YY.......E.PSP.L...<br>.............C..M....E.PW.u..........>.t..E.;[email protected].....<br>......t.3.VVVVV.q........3.9u.t.j.S.u.........9u.t.j..u..u..........u.<br>.up.u..u........t.VVVVV.#.......E...3..M\_^3.[.......`..U.l$..........<br>..3..EpSW...P....u|........P......Ph.....E.PS................u.3......<br>.E|.....0.sH.E.P.......YY..o....E.P........P.............YY......t..CH<br>.M|.......D.....k..................1j.P............P......F..M.Q..</pre><<< skipped >>></font><br><br

<font color="red">GET /client/dllw5/BDLogicUtils.dll HTTP/1.1<br>

Accept: */*<br>

Accept-Language: zh-CN,zh,en-US<br>

Connection: Keep-Alive<br>

Host: dl1sw.baidu.com<br>

Range: bytes=393216-<br>

Referer: hXXp://dl1sw.baidu.com/<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

<br>

</font><br><font color="blue">HTTP/1.0 206 Partial Content<br>

Expires: Tue, 09 Sep 2014 15:52:20 GMT<br>

Date: Sun, 10 Aug 2014 15:52:20 GMT<br>

Server: nginx<br>

Content-Type: application/octet-stream<br>

Last-Modified: Tue, 06 May 2014 06:31:30 GMT<br>

Cache-Control: max-age=2592000<br>

Accept-Ranges: bytes<br>

Content-Range: bytes 393216-924495/924496<br>

Content-Length: 531280<br>

Age: 97088<br>

Via: 1.0 hzh64:8104 (Cdn Cache Server V2.0), 1.0 sdbz23:8080 (Cdn Cache Server V2.0), 1.0 jg9:51020 (Cdn Cache Server V2.0)<br>

Connection: close<br>

Content-Disposition: attachment;filename="BDLogicUtils.dll"<br>

Access-Control-Allow-Origin: *<br>

Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD<br><pre>|.3.9^8~93....I..V<.|......u..@,.L$.Q.T$4R.L$(.D$$..M.......H;n8|..<br>F ...;..\$.......3..l$........T$$.N$.B...8X..T$,u.;H.s..D$,[email protected]<br>[email protected]$ 3..D$0.T$4;.t..L$ ;.t.......T$4;T$,t..<br>L$0....&....D$0..;..l$...5....F$..(.....9H.r..P....P.9.$......$.....@.<br>..$....r...$.....L$d....$.....T$d..$.....L$<Q.D$l..$....R..$\...P..<br>[email protected]..$....Q..$....R.T$8..$....P..$....Qh.>..R.\$<br>l.|$p..$4.....$8.....$......$......$......$......$......$......$\.....<br>$`.....$......$......$......$......j...D$H..$,.....0PQ.N$........D$...<br>...@;F .D$..l$...$...3.9^(~3.\$.....$.....T$..N,..$.....L$.RP......D$.<br> ...;n(|.3.9^.~*.\$..L$...$....Q.N..L$.R......D$.H...;n.|.3.9^0..[....<br>F4.D...L$l...QP.Y.......D$d.P......:.u. ..V4..$.....D$h...QP.,........<br>$.....P......:.u. ...$.......$....r...$.....T$<....$.....D$<..$.<br>.....$|...R.L$D..$....P..$4...Q..$....R..$....P..$h...Q..$....R..$....<br>P.D$8..$....Q.T$`Rh.>..P..$......$......$......$......$\.....$`....<br>.$......$......$......$......$......$......$4.....$8.....h.......0;n0.<br>......F8;..\$..\$.........$........L$,3..V<.D$.9D*$.......9...9\$..<br>.....9.$....r...$.....L$<....$.....T$<..$......$|...Q.D$D..$....<br>R..$4...P..$....Q..$....R..$h...P..$....Q..$....R.T$8..$....P.L$`Qh.&g<br>t;..R..$......$......$......$......$\.....$`.....$......$......$......<br>$......$......$......$4.....$8.....$......$......$......$......f....0.<br>.....F<.D([email protected].$.....T$<[email protected]$@r...$.....L$d..<br>..$.....T$d..$......$|...Q.D$l..$....R..$4...P..$....Q..$....R..$h</pre><<< skipped >>></font><br><br

<font color="red">GET /0403/help1.html HTTP/1.0<br>

Host: update.aiqingzhihui.com<br>

User-Agent: NSISDL/1.2 (Mozilla)<br>

Accept: */*<br>

<br>

</font><br><font color="blue">HTTP/1.1 200 OK<br>

Date: Mon, 11 Aug 2014 18:50:51 GMT<br>

Content-Length: 654<br>

Content-Type: text/html<br>

Last-Modified: Fri, 11 Jul 2014 09:40:27 GMT<br>

Connection: Close<br>

ETag: "9884ea25ec9ccf1:4ee"<br>

Accept-Ranges: bytes<br>

Server: Microsoft-IIS/6.0<br>

X-Powered-By: ASP.NET<br>

Fw-Via: DISK HIT from ctl-hn-217-175.fcd<br><pre>TRW2VjdF0KOTc9MQo5OD0xCjk5PTEKMTAwPTEKMTAxPTEKMTAyPTEKMTAzPTEKMTA0PTEK<br>MTA1PTEKMTA2PTEKMTA3PTEKMTA4PTEKMTA5PTEKMTEwPTEKMTExPTEKMTEyPTEKMTEzPT<br>EKMTE0PTEKMTE1PTEKMTE2PTEKMTE3PTEKMTE4PTEKMTE5PTEKMTIwPTEKMTIxPTEKMTIy<br>PTEKMTIzPTEKMTI0PTEKMTI1PTEKMTI2PTEKMTI3PTEKMTI4PTEKMTI5PTEKMTMwPTEKMT<br>MxPTEKMTMyPTEKMTMzPTEKMTM0PTEKMTM1PTEKMTM2PTEKMTM3PTEKMTM4PTEKMTQxPTEK<br>MTQyPTEKW3JlY10KMD1odHRwOi8vZG93bi5sYW9jaGVoZS5jb20vMDYxOS9wanl5Xzg5Xz<br>MuZ2lmCltkaXJdCjA9cGp5eV84OV8zLmV4ZQpbZ10KMD0xCltwYV0KMD0xCltpMV0KMD0x<br>CltpMl0KMD3nvo7omJHlm6LotK0KW2kzXQowPWh0dHA6Ly93d3cubWVpbW90dWFuLmNvbS<br>9pY28uaWNvCltpNF0KMD1tbXQuaWNvCltpNV0KMD1odHRwOi8vd3d3Lm1laW1vdHVhbi5j<br>b20vP2FxMQpbZWRdCkUwPTE=..</pre></font><br><br

<font color="red">GET /sw-search-sp/client2/ditch/25288850097/BDMZipNewForWs.dll HTTP/1.1<br>

Accept: */*<br>

Accept-Language: zh-CN,zh,en-US<br>

Connection: Keep-Alive<br>

Host: dlsw.baidu.com<br>

Range: bytes=6553600-<br>

Referer: hXXp://dlsw.baidu.com/<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

<br>

</font><br><font color="blue">HTTP/1.1 206 Partial Content<br>

Server: JSP3/2.0.0-b<br>

Date: Mon, 11 Aug 2014 18:50:40 GMT<br>

Content-Type: application/x-msdownload<br>

Content-Length: 19450704<br>

Connection: close<br>

ETag: c7062e404128917808756500d58121ee<br>

Last-Modified: Fri, 11 Jul 2014 14:29:11 GMT<br>

Expires: Tue, 12 Aug 2014 15:00:39 GMT<br>

Age: 186601<br>

Content-Range: bytes 6553600-26004303/26004304<br>

Access-Control-Allow-Origin: *<br>

Access-Control-Allow-Methods: HEAD, GET, OPTIONS, PUT, POST, DELETE<br>

Access-Control-Expose-Headers: Content-Length, ETag, x-bs-request-id, x-pcs-request-id<br>

Access-Control-Allow-Headers: Range, Origin, Content-Type, Accept, Content-Length<br>

Accept-Ranges: bytes<br>

x-bs-version: DD1C492BA7010AF29AF13DA0A61E68AF<br>

x-bs-request-id: MTAuNDYuMjMxLjQwOjgwODA6MjcwNDI3OTU1MDoyOC9KdWwvMjAxNCAyMzowMDozOCA=<br>

x-bs-meta-crc32: 2839405489<br>

Content-MD5: c7062e404128917808756500d58121ee<br>

x-bs-client-ip: MTgwLjc2LjIyLjc5<br><pre>/.../*.....zz|{.G.4.......|..L.H.!x;.q..}..B.....j3? .........(.... .Q<br>.......${[email protected].&9 .....G...4p....\..m.!.jn.tV.........G...u.<br>4.-...5...Ed...H.J.UM.\>....4d./Ek./.|.Rb.F.|.5-"..;.C..(........?.<br>.8..vb5.H..`..M..9..j#./.:h..w..B..6>}.:u.N. ...S..m..3.PC.... ....<br>t.n-z...2x.H7....p...*.....T......._..7h.......)..{.(..m.I.......Hk...<br>2.]~V..x`.[.>).EAU.....hL..zme..oa...8...M.Be-o..t0...}.D.p...v..](<br>.....w..F...?...~C\......9..g.t.k6@~.).=...Y....mtz.......=...e.......<br>.x......2....8*...."....4..-.F..".i.#......!a...H..."k..X.5.,.~>U].<br>Q#.BgM..H...|.k..Z..2r$.k.1....@[email protected].;..Q.d'|.}[...!..x.&.<br>H...l...fH!r....d-.'@Y!He.a..;.....F........=/).....'Fv..f./..U..=.M..<br>#.%..pf.=...G3.g._W..YL.S.$..H....4......B.J..(K..p<HfJvz.7.z...IA.<br>..c....X.#{ ..! ]z.R.z?.....A.Ws...u.........'Z..QQp.}.H.V..W.%.w..{p3<br>Co.gg*...i.../.....9"..../.rM.D@...."S.......&6N....>..%cW.......&g<br>t;.......>./..t.Dy_.zWB..-8.....}!.g.pt5.YzF.\..E.......d.ZU.}0...-<br>X2.r..>....^).fO......u.dxY.nTT... -...]#5.{.7!..Y..d.GJ.....3.....<br>......!..z.,D...C..G.2..".k#...9.>j..4a|.h.tf.MH$.].5.k.k..L.@...).<br>...H..U..cK/.. ..lx(/.*P.43e..EXk.2..n<3.l}W. .....Yu.C...VOBi..8-.<br>....'.*.w..$.:$......l^[email protected]^F..#,nnNg.<br>[email protected]:...4/.p7..VS.k.j.Rmb8.. sM.8....U...6H*......2..<br>.........\..m.....#....6.l{..FE.*.ld......Lm..s...L .Q.V.;...Q...B2^.e<br>...E..>{...<R...x..x`.....w4...~])p.......R.<..F...g.....T..`<br>.[n.-.:v..iQ[!....MG...N..z....,...w/./c.x..K.........}....2...').</pre><<< skipped >>></font><br><br

<font color="red">GET /client/dllv5/BDMReport.dll HTTP/1.1<br>

Accept: */*<br>

Accept-Language: zh-CN,zh,en-US<br>

Connection: Keep-Alive<br>

Host: dl1sw.baidu.com<br>

Range: bytes=557056-<br>

Referer: hXXp://dl1sw.baidu.com/<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

<br>

</font><br><font color="blue">HTTP/1.0 206 Partial Content<br>

Expires: Tue, 02 Sep 2014 13:53:19 GMT<br>

Date: Sun, 03 Aug 2014 13:53:19 GMT<br>

Server: nginx<br>

Content-Type: application/octet-stream<br>

Last-Modified: Wed, 30 Apr 2014 05:24:32 GMT<br>

Cache-Control: max-age=2592000<br>

Accept-Ranges: bytes<br>

Content-Range: bytes 557056-1207519/1207520<br>

Content-Length: 650464<br>

Age: 709032<br>

Via: 1.0 wzpy185:88 (Cdn Cache Server V2.0), 1.0 jg9:10001 (Cdn Cache Server V2.0)<br>

Connection: close<br>

Content-Disposition: attachment;filename="BDMReport.dll"<br>

Access-Control-Allow-Origin: *<br>

Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD<br><pre>HTTP/1.0 206 Partial Content..Expires: Tue, 02 Sep 2014 13:53:19 GMT..<br>Date: Sun, 03 Aug 2014 13:53:19 GMT..Server: nginx..Content-Type: appl<br>ication/octet-stream..Last-Modified: Wed, 30 Apr 2014 05:24:32 GMT..Ca<br>che-Control: max-age=2592000..Accept-Ranges: bytes..Content-Range: byt<br>es 557056-1207519/1207520..Content-Length: 650464..Age: 709032..Via: 1<br>.0 wzpy185:88 (Cdn Cache Server V2.0), 1.0 jg9:10001 (Cdn Cache Server<br> V2.0)..Connection: close..Content-Disposition: attachment;filename="B<br>DMReport.dll"..Access-Control-Allow-Origin: *..Access-Control-Allow-Me<br>thods: GET,PUT,POST,DELETE,OPTIONS,HEAD..d......Y_^][..<.j.h3...d..<br>...P........v..3...$....SUVW..v..3.P..$....d.......$......$......$....<br>...j 3.R..$.....D$4..$..........$......$...........$.....\$ .\$$.\$(.D<br>$.PV..$......y..........i...3..\$.......I..t$ ;...W....L$$ ...$I......<br>L$...........;............9D..r..L...L$0...T...T$09.$.....L...L$4r...$<br>.....T$X....$.....D$X..$......$....R.L$`..$....P..$P...Q..$....R..$...<br>.P..$4...Q..$....R..$....P.D$L.L$PQ.T$|Rh....P..$......$......$(.....$<br>,.....$x.....$|.....$......$......$......$......$P.....$T.....$......$<br>......$......$..........D$H...0.........t$ ;.u.3....L$$ ...$I.........<br>......;...D$.;.t".L$,.D$$Q.T$ RPV..!...L$0Q.M`.......$......\$ .\$$.\$<br>(r...$....R.'`......D$...$....d......Y_^][..$....3...e..........j.h...<br>.d.....P........v..3...$....SUVW..v..3.P..$....d.......$......$.......<br>..j 3.Q..$......$..........$......$.....H....G..T$DRP..$.............D<br>$<.P......:.u. [email protected][email protected]$hr...$</pre><<< skipped >>></font><br><br

<font color="red">GET /client/dllws/BDMNet.dll HTTP/1.1<br>

Accept: */*<br>

Accept-Language: zh-CN,zh,en-US<br>

Connection: Keep-Alive<br>

Host: dl1sw.baidu.com<br>

Referer: hXXp://dl1sw.baidu.com/<br>

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)<br>

<br>

</font><br><font color="blue">HTTP/1.0 200 OK<br>

Expires: Wed, 27 Aug 2014 23:18:00 GMT<br>

Date: Mon, 28 Jul 2014 23:18:00 GMT<br>

Server: nginx<br>

Content-Type: application/octet-stream<br>

Content-Length: 1178448<br>

Last-Modified: Thu, 10 Apr 2014 08:10:19 GMT<br>

Cache-Control: max-age=2592000<br>

Accept-Ranges: bytes<br>

Age: 1193553<br>

Via: 1.0 wzpy201:80 (Cdn Cache Server V2.0), 1.0 shiben9:8888 (Cdn Cache Server V2.0)<br>

Connection: close<br>

Content-Disposition: attachment;filename="BDMNet.dll"<br>

Access-Control-Allow-Origin: *<br>

Access-Control-Allow-Methods: GET,PUT,POST,DELETE,OPTIONS,HEAD<br><pre>MZ......................@.............................................<br>..!..L.!This program cannot be run in DOS mode....$........>.^._...<br>_..._..._..._...P..._..T...._......._......._......y_......._......._.<br>......_......._..Rich._..........PE..L....>ES...........!..........<br>......W................................................{..............<br>....................-...............................P...........@9....<br>..............................@.......................................<br>.....text...;........................... ..`.rdata..-.................<br>..........@[email protected][email protected]............<br>[email protected]...............................@[email protected]<br>...3.......@[email protected]....................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>..................................................................</pre><<< skipped >>></font><br><br

<font color="red">GET /wwwww_3340.zip HTTP/1.0<br>

Host: yunbo.luopf.cn<br>

User-Agent: NSISDL/1.2 (Mozilla)<br>

Accept: */*<br>

<br>

</font><br><font color="blue">HTTP/1.1 200 OK<br>

Content-Length: 3591824<br>

Content-Type: application/x-zip-compressed<br>

Last-Modified: Thu, 12 Jun 2014 11:07:17 GMT<br>

Accept-Ranges: bytes<br>

ETag: "eae152792e86cf1:32d"<br>

Server: Microsoft-IIS/6.0<br>

Date: Mon, 11 Aug 2014 18:51:15 GMT<br>

Connection: close<br><pre>MZ......................@.............................................<br>..!..L.!This program cannot be run in DOS mode....$.......k.F./.(./.(.<br>/.(.......(.4...7.(.4...].(.4.....(.&...,.(.&...8.(./.)...(.4...$.(.4.<br>....(.4.....(.Rich/.(.........PE..L...S>.S.................6...z5..<br>[email protected]...@............<br>...................................4...........6.......6......R.......<br>.......................@[email protected]..........................<br>..text...H4.......6.................. ..`.rdata...V...P...X...:.......<br>.......@[email protected][email protected]<br>.................@[email protected]...>[email protected][email protected]......<br>......................................................................<br>......................................................................<br>......................................................................<br>......................................................................<br>..................................................U..j.h.BA.d.....P..h<br>.$.A.3..E.SVP.E.d......}..=`.A.3..]..G<...rA..G..rA..G..rA..G..rA..<br>G..sA..G,....f._0._2._4.G8...E..h.....G|..................q......E..E.<br>.;.t.P.h.....3..u..G4.Y....w8......E..M.;.t.P..v.....S.U.R.G.P.E......<br>]..]..]...TRA....M.d......Y^[.M.3..To....]...U.........$.A.3..E.h.....<br>.....j.P........3............Qj&j..............QA...u!............RP..<br>[email protected]. .W....?|..W.Rj.........x....<br>.....W......QP..u.......h.sA........S...h.rA....G....M.3..._.hn...</pre><<< skipped >>></font><br><br

The Trojan connects to the servers at the folowing location(s):

%original file name%.exe_928:

.text

`.rdata

@.data

.ndata

.rsrc

uDSSh

.DEFAULT\Control Panel\International

Software\Microsoft\Windows\CurrentVersion

GetWindowsDirectoryA

KERNEL32.dll

ExitWindowsEx

USER32.dll

GDI32.dll

SHFileOperationA

ShellExecuteA

SHELL32.dll

RegEnumKeyA

RegCreateKeyExA

RegCloseKey

RegDeleteKeyA

RegOpenKeyExA

ADVAPI32.dll

COMCTL32.dll

ole32.dll

VERSION.dll

verifying installer: %d%%

unpacking data: %d%%

... %d%%

hXXp://nsis.sf.net/NSIS_Error

~nsu.tmp

%u.%u%s%s

RegDeleteKeyExA

%s=%s

*?|<>/":

\LOCALS~1\Temp\nsz3.tmp\NSISdl.dll

.exe"

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsz3.tmp\NSISdl.dll

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsz3.tmp

WS2_32.dll

NSISdl.dll

invalid URL

Host: %s

GET %s HTTP/1.0

User-Agent: NSISDL/1.2 (Mozilla)

http=

Software\Microsoft\Windows\CurrentVersion\Internet Settings

Unable to open %s

%skB (%d%%) of %skB at %u.ukB/s

(%u hours remaining)

(%u minutes remaining)

(%u seconds remaining)

Downloading %s

.reloc

System.dll

callback%d

kP.zg

.AGkp

nsz3.tmp

79.exe

\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsz3.tmp

%original file name%.exe

c:\%original file name%.exe

%Program Files%\qwe1

~1\Temp\nsz3.tmp\dfg9

CUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsu1.tmp

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\

%Program Files%\updatr

spkjrjp_30279.exe

hXXp://yunbo.luopf.cn/spkjrjp_30279.zip

 k5%D

zU.CC

<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="Nullsoft.NSIS.exehead" type="win32"/><description>Nullsoft Install System v2.45</description><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="X86" publicKeyToken="6595b64144ccf1df" language="*" /></dependentAssembly></dependency></assembly>

yunbo.cn

2014.07.25.112739

%original file name%.exe_928_rwx_10004000_00001000:

callback%d

guagua_77150006814.exe_496:

.text

`.rdata

@.data

.rsrc

t.Ht4

.\ConfigDlg.cpp

GuaGua\ServiceClient.exe

Player\DefCamSetup.dll

CamerDll:%s

dbghelp.dll

%sddd_ddd.dmp

CGuaGuaMsgBoxDlg

SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\%s.exe

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\%s

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

.\ImageMgr.cpp

Resource%d

FirstImage %s

LastImage %s

Image%d

%c:\Program Files\

.\ProductInfoMgr.cpp

GetAllProductInfo %d

hXXp://admin.downloader.re63.cn/downcontainer/downLoadList.do

log\1.xml

hXXp://admin.downloader.re63.cn/downcontainer/downLoadForGuaGua.do

%s?id=%s&recid=%I64d

%s?recid=%I64d

log\2.xml

installUrl

installUrl2

licenseUrl

LoadConfig %d

App GetProductInfo(%s) Error %d

hXXp://img001.com/business/kele.exe

hXXp://img001.com/business/qixi.exe

hXXp://img001.com/business/qiji.exe

hXXp://img001.com/business/juxing.exe

hXXp://img001.com/business/pingguo.exe

hXXp://img001.com/business/caihong.exe

hXXp://d.re71.cn/business/kele.exe

hXXp://d.re71.cn/business/qixi.exe

hXXp://d.re71.cn/business/qiji.exe

hXXp://d.re71.cn/business/juxing.exe

hXXp://d.re71.cn/business/pingguo.exe

hXXp://d.re71.cn/business/caihong.exe

hXXp://VVV.%s.com

hXXp://cj.%s.com/downloader/

hXXp://img001.com/business/guagua_setup.exe

hXXp://img001.com/business/guagua_dance_setup.exe

GuaGua\GuaGua.exe

Dance\ChatHall.exe

hXXp://cj.guagua.cn/downloader/

ChatHall.exe

UpdateConfig Success%d

hXXp://download.re63.cn

LoadCookie %d

LoadCookie: RecommendStr=%s

%d:%I64d:%d

UpdateConfig RecType:%d, RecId:%I64d, Ad:%d

HMAFROMURL

UpdateConfig: SourceUrl=%s

UpdateConfig: WebID=%s

G1.0.0

%s%s?dlver=%s&pname=%s&pver=%s&cmdtype=%d&cmdid=%I64d&ad=%d&oemid=%d&fromurl=%s&webid=%s&dltime=%d

%s%s?dlver=%s&pname=%s&pver=%s&cmdtype=%d&cmdid=%I64d&ad=%d&oemid=%d&fromurl=%s&webid=%s

%s%s?dlver=%s&pname=%s&pver=%s&cmdtype=%d&cmdid=%I64d&ad=%d&oemid=%d&fromurl=%s&webid=%s&dltime=%d&insttime=%d&homepage=%d&recinst=%d

%s%s?dlver=%s&pname=%s&pver=%s&cmdtype=%d&cmdid=%I64d&ad=%d&oemid=%d&fromurl=%s&webid=%s&err=%d

rec_type:%d,

rec_ad:%d,

src_url:%s,

web_id:%s,

.\ReptThread.cpp

Rept %s Result [%d, %d]

%slog\ddd ddd.log

.\SetupTool.cpp

CSetupToolApp %d

CImageMgr::Instance().LoadFromServer()

CImageMgr::Instance().LoadFromServer() Success

/S /AUTOSTART=%s /COMMENDER_ID=%s /D=%s

.\SetupToolDlg.cpp

Launch InstallProgram: %s %s

State=%d

nCount=%d,currentImage=%d

GuaGua\ServiceClient.dll

Call LaunchGuaGua(%s)

Exec %s [%d]

-%%

\New_Login\GuaGua\trunk\Client\OnlineSetupV2_GuaGua\Common\Path.cpp

ExecApp %s %s [%d]

[%d, %d]: %s

\New_Login\GuaGua\trunk\Client\OnlineSetupV2_GuaGua\Common\ColorCheckButton.cpp

Checked %d

\New_Login\GuaGua\trunk\Client\OnlineSetupV2_GuaGua\Common\BitmapFile.cpp

CBitmapFile::Open(%s)

\New_Login\GuaGua\trunk\Client\OnlineSetupV2_GuaGua\Common\DownloadManager.cpp

InternalDownloadFile() break=%d

SupportBreakDownload

Begin SupportBreakDownload

End SupportBreakDownload bThreadFinish=%d

\New_Login\GuaGua\trunk\Client\OnlineSetupV2_GuaGua\Common\DownloadThread.cpp

Begin OnExecute GetUnfinishBytes nId=%d

End OnExecute GetUnfinishBytes nId=%d

End OnExecute Receive nId=%d

Mozilla/4.0 (compatible; MSIE 5.0; Windows NT)

\New_Login\GuaGua\trunk\Client\OnlineSetupV2_GuaGua\Common\HttpClass.cpp

CHttpClass SetOption

CHttpClass SetOption Finish

GetHttpFile(%s, %s) error: [%d,%d]%s

SendHttpMsg %d

SendHttpMsg %d %s

SendHttpMsg(%s) error: [%d,%d]%s

User-Agent: %s

Content-Type: application/x-www-form-urlencoded

PostHttpMsg(%s) error: [%d,%d]%s

GetHttpFileInfo(%s) error: [%d,%d]%s

HttpRangeRequest(%s, %I64d, %I64d) error: [%d,%d]%s

HttpRequest(%s) error: [%d,%d]%s

ReceiveBytes(%d) error: [%d,%d]%s

\New_Login\GuaGua\trunk\Client\OnlineSetupV2_GuaGua\Common\OutputFile.cpp

%s, %d

%s, length = %I64d err = %d

COutputFile::WriteData(%I64d, %d)

d:d:d:d

File: %s

Line:%d

Cond: ASSERT( %s );

Condition: ASSERT( %s );

SourceFile: %s

LineNum: %d

COMCTL32.DLL

hhctrl.ocx

commctrl_DragListMsg

CCmdTarget

CNotSupportedException

ntdll.dll

kernel32.dll

Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32

Software\Microsoft\Windows\CurrentVersion\Policies\Network

Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

%s.dll

CHttpConnection

CHttpFile

hXXp://

WININET.DLL

HTTP/1.0

MSWHEEL_ROLLMSG

user32.dll

ole32.dll

mscoree.dll

internal state. The program cannot safely continue execution and must

continue execution and must now be terminated.

- This application cannot run using the active version of the Microsoft .NET Runtime

Please contact the application's support team for more information.

GetProcessWindowStation

OLEACC.dll

f:\New_Login\GuaGua\trunk\Client\OnlineSetupV2_GuaGua\GuaGuaShow\GuaGuaRelease\SetupTool.pdb

GetCPInfo

KERNEL32.dll

CreateDialogIndirectParamA

GetKeyState

UnhookWindowsHookEx

SetWindowsHookExA

USER32.dll

GetViewportExtEx

SetViewportOrgEx

OffsetViewportOrgEx

SetViewportExtEx

ScaleViewportExtEx

GDI32.dll

comdlg32.dll

WINSPOOL.DRV

RegCloseKey

RegOpenKeyExA

RegEnumKeyExA

RegOpenKeyA

RegDeleteKeyA

RegEnumKeyA

RegCreateKeyExA

ADVAPI32.dll

ShellExecuteA

ShellExecuteExA

SHELL32.dll

COMCTL32.dll

UrlUnescapeA

SHLWAPI.dll

oledlg.dll

OLEAUT32.dll

InternetCrackUrlA

InternetCanonicalizeUrlA

HttpAddRequestHeadersA

HttpQueryInfoA

HttpSendRequestA

HttpOpenRequestA

WININET.dll

GdipSetImageAttributesColorKeys

GdiplusShutdown

gdiplus.dll

WS2_32.dll

.PAVCObject@@

.PAVCException@@

.PAVCINETException@@

.PAVCInternetException@@

.?AVCCmdTarget@@

.?AVCCmdUI@@

.?AVCTestCmdUI@@

.PAVCUserException@@

.PAVCSimpleException@@

.PAVCResourceException@@

.PAVCOleException@@

.PAVCMemoryException@@

.PAVCNotSupportedException@@

.PAVCInvalidArgException@@

.?AVCNotSupportedException@@

.?AVCHttpConnection@@

.?AVCHttpFile@@

.PAVCArchiveException@@

.PAVCFileException@@

.PAVCOleDispatchException@@

zcÁ

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsz3.tmp\log\20140811 215035.log

21:50:55:131

LastImage hXXp://img001.com/tg_pic/mobo14-1-9.png

ame=guagua&pver=514&cmdtype=0&cmdid=77150006814&ad=0&oemid=0&fromurl=&webid= Result [1, 200]

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsz3.tmp\guagua_77150006814.exe

(*?@@?*&

%.CC5!

a%f#hA

?%C;%

4.Rh5|

\^.ao

V%Fhb>

bPPn-k%%D*

Aj.HM

<y#&%Dut

o.LM%

|%<.VyNS

C%UQf*u

.CAQA

HM%FWP,

am.HM

H<8")u%Un

K5H.umE5

4]mn.znpdd

MD.pl

U]%s^

Jt.MS

KAr%s

l.QfV

8HÅc

lx\/`ckc#u.sQsxE

.XB=8

%x$4/

.WF5l

.Oae(

7i%u0

version="1.0.0.0"

<requestedExecutionLevel

<!--The ID below indicates application support for Windows Vista -->

<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>

<!--The ID below indicates application support for Windows 7 -->

<!--supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/-->

accKeyboardShortcut

1.1.0.0

GirlShow.exe

All Files (*.*)

No error message is available.'An unsupported operation was attempted.$A required resource was unavailable.

Command failed.)Insufficient memory to perform operation.PSystem registry entries have been removed and the INI file (if any) was deleted.BNot all of the system registry entries (or INI file) were removed.FThis program requires the file %s, which was not found on this system.tThis program is linked to the missing export %s in the file %s. This machine may have an incompatible version of %s.

Destination disk drive is full.5Unable to read from %1, it is opened by someone else.AUnable to write to %1, it is read-only or opened by someone else..An unexpected error occurred while reading %1..An unexpected error occurred while writing %1.

Access to %1 was denied..An invalid file handle was associated with %1.<%1 could not be removed because it is the current directory.6%1 could not be created because the directory is full.

Seek failed on A hardware I/O error was reported while accessing %1.0A sharing violation occurred while accessing %1.0A locking violation occurred while accessing %1.

Disk full while accessing %1..An attempt was made to access %1 past its end.

No error occurred.-An unknown error occurred while accessing %1./An attempt was made to write to the reading %1..An attempt was made to access %1 past its end.0An attempt was made to read from the writing %1.

#Unable to load mail system support.

Ainqngz5.2.exe_504:

.text

`.data

.rsrc

MSVBVM60.DLL

"44)*612

urlww

.FlGc

%smzCz

SHDocVwCtl.WebBrowser

#vb6chs.dll

ieframe.dll

WebBrowser

%Program Files%\VB

\VB6.OLB

C:\Windows\System32\mshtml.tlb

winmm.dll

C:\Windows\System32\ieframe.oca

advapi32.dll

RegCloseKey

RegCreateKeyA

RegOpenKeyA

wininet.dll

InternetOpenUrlA

GetUrlSource

VBA6.DLL

sUrl

v.baofeng.com

99999999999

hXXp://order.5bo.com/

hXXp://wpa.qq.com

hXXp://VVV.baidu.com/

hXXp://hzf.v.baofeng.com/#

hXXp://hzf.v.baofeng.com/

"url":"

"swfurl":"

hXXp://

hXXp://tv.aiqingzhihui.com/zhibo2.html?id=

\setings.ini

candid.exe

cmd.exe /c taskkill /im

qq.com

hXXp://tv.aiqingzhihui.com/zhibo2.html

hXXp://y.qq.com/player

pptv.com

sohu.com

56.com

ifeng.com

youku.com

ku6.com

tudou.com

cntv.cn

iqiyi.com

wasu.cn

pps.tv

letv.com

imgo.tv

kankan.com

sina.com.cn

m1905.com

hz.letv.com

tv.sohu.com

baofeng.com

Ainqngz4.7.exe

candid.exe_600:

.text

`.data

.rsrc

MSVBVM60.DLL

[11<1<0@

[:<>><<<

y%D:To

SHDocVwCtl.WebBrowser

#vb6chs.dll

ieframe.dll

WebBrowser

%Program Files%\VB

\VB6.OLB

]! 2C:\Windows\System32\ieframe.oca

C:\Windows\System32\mshtml.tlb

winmm.dll

VBA6.DLL

RegCreateKeyA

advapi32.dll

RegCloseKey

RegOpenKeyA

wininet.dll

InternetOpenUrlA

GetUrlSource

C:\Windows\system32\msvbvm60.dll\3

NotifyMsgBox

user32.dll

oleaut32.dll

kernel32.dll

WebBrowser2

WebBrowser1

)o4.tr

sUrl

\Ainqngz5.2.exe

\setings.ini

\Ainqngz4.0.exe

hXXp://aimini.aiqingzhihui.com/ta2/?flag=

hXXp://aimini.aiqingzhihui.com/ta3/?flag=

hXXp://aitime.aiqingzhihui.com/newh1/?

hXXp://aitime.aiqingzhihui.com/newh2/?2

hXXp://aitime.aiqingzhihui.com/newh3/?3

hXXp://aimini.aiqingzhihui.com/new/?

hXXp://aimini.aiqingzhihui.com/new/?2

hXXp://aimini.aiqingzhihui.com/ta1/?flag=

Ainqngz5.2.exe

C:\\Program Files\\Internet Explorer\\IEXPLORE.exe

cmd.exe /c taskkill /im

hXXp://aimini.aiqingzhihui.com/new/?flag=

hXXp://aitime.aiqingzhihui.com/dnewh1/?flag=

hXXp://aitime.aiqingzhihui.com/dnewh2/?flag=

hXXp://aitime.aiqingzhihui.com/dnewh3/?flag=

hXXp://aitime.aiqingzhihui.com/newh1/?flag=

hXXp://aitime.aiqingzhihui.com/newh2/?flag=

hXXp://aitime.aiqingzhihui.com/newh3/?flag=

hXXp:///

kinetic.exe

yymusic05.exe_3356:

.text

`.rdata

@.data

.rsrc

@.reloc

u.jAh

t.HuZ

xSSSh

FTPjKS

FtPj;S

C.PjRV

Visual C   CRT: Not enough memory to complete call to strerror.

GetProcessWindowStation

portuguese-brazilian

Broken pipe

Inappropriate I/O control operation

Operation not permitted

operator

windows936

windows932

windows874

windows1257

windows1256

windows1255

windows1254

windows1253

windows1252

windows1251

windows1250

Invalid or unsupported charset:

%sData\user2.ini

Software\Microsoft\Windows\CurrentVersion\Uninstall

Software\Microsoft\Windows\CurrentVersion\Uninstall\{06F57725-D702-43A9-A8D4-40BB36C9B07F}

Unins.exe

SOFTWARE\Microsoft\Windows\CurrentVersion\Run

hXXp://update.bianya.cc/stj.ashx

AutoRunTipFrame.xml

FrmColor.xml

\SysConfig.ini

FrmConfig.xml

Data\dh.ini

ShowHideWindowKey

ExitWindowKey

tab_hotkey

Software\Microsoft\Windows\CurrentVersion\Run

BoxNews.exe

"%s%s" -mini

"%s" -mini

%s\%s

favorfm.xml

channels.xml

E:\zhuyicheng\boost_1_53_0\boost/property_tree/detail/ptree_implementation.hpp

E:\zhuyicheng\boost_1_53_0\boost/property_tree/xml_parser.hpp

E:\zhuyicheng\boost_1_53_0\boost/property_tree/detail/xml_parser_read_rapidxml.hpp

E:\zhuyicheng\boost_1_53_0\boost/property_tree/detail/xml_parser_write.hpp

E:\zhuyicheng\boost_1_53_0\boost/property_tree/string_path.hpp

FrmFeedBack.xml

hXXp://tongji.yinyue.fm/feedback/b.html

Data/setup.ini

FrmHotKeyTip.xml

HotKeyTipFrame

hotkey

d:d:d

FrmLrcChild.xml

FrmLrc.xml

Source Files\LrcFrame.cpp

BtnLogin

yymusic05.exe

hXXp://VVV.hao123.com/?tn=98868055_hao_pg

hXXp://update.yinyue.fm/goUrl.html?

Skin.rs

Skin\mainframeshadow.png

hXXp://update.yinyue.fm/tj.ashx

Skin\progresstooltip.png

__HotKeyTipWindow

__HotKeyTipClass

Skin\hotkeytipbk.png

adb.exe

aapt.exe

apnews.exe

FrmPlayer.xml

60,8,100,118

60,24,100,134

Source Files\MainFrame.cpp

file='suspensiontopa.png'

file='suspensiontop.png'

file='suspensiontopahover.png'

file='btn-play.png' source='0,0,64,64'

file='btn-play.png' source='0,64,64,128'

file='btn-play.png' source='0,128,64,192'

file='lyrictoplay.png'

pl_play.png

file='btn-pause.png' source='0,0,64,64'

file='btn-pause.png' source='0,64,64,128'

file='btn-pause.png' source='0,128,64,192'

file='play0520.png' source='0,0,35,20'

file='play0520.png' source='0,20,35,40'

file='play0520.png' source='0,40,35,59'

pl_pause.png

file='loading0%d.png'

-d:d:d

-d:d

file='play0520.png' source='0,0,35,20'

file='play0520.png' source='0,20,35,40'

file='play0520.png' source='0,40,35,59'

file='bk.png'

lyriclikea2.png

lyriclike.png

lyriclikea.png

MessageBox.xml

Source Files\MusicPlayer.cpp

hXXp://update.yinyue.fm/

<4,$?7/'

(3-!0,1'8"5.*2$

Data\server.ini

Data\Version.ini

appupdate/ver.txt

PlayerUpdate.exe

FrmPlayList.xml

FrmPopWnd.xml

WebBrowserEx

hXXp://update.yinyue.fm/url.txt

FrmProgressToolTip.xml

%d:d

hXXp://tongji.yinyue.fm/

a.ashx

00:00:00:00:00:00

%d-%d-%d %d:%d:%d

icon/ccjs.ico

icon/ie.ico

Internet Explorer YyfmPlay.lnk

icon\gouwu.ico

hXXp://update.yinyue.fm//dh.txt

icon\ccjs.ico

icon\ie.ico

X:X:X:X:X:X

//./%s

Data/version.ini

2000-01-01

2000-01-01 00:00:00

Data/client.ini

Data/dh.ini

Software\Microsoft\Windows NT\CurrentVersion

Data/user2.ini

SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\TheWorld.exe

\TheWorld.ini

\Baidu\browser\config.ini

\SogouExplorer\config.xml

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Maxthon2

SharedAccount\Config\Config.ini

SetTipFrame.xml

FrmSetWindowLrcFrame.xml

Source Files\SetWindowLrcFrame.cpp

FrmSystemMenuFrame.xml

event_edit_keydown_eshowhide

event_edit_keydown_eexit

file='list_play.png' dest='6,6,24,24'

file='list_pause.png' dest='6,6,24,24'

<i arrow_2.png>

<i arrow_1.png>

2-0-0|1-0-0

1-0-0|1-0-0

3-0-0|1-0-0

4-0-0|1-0-0

5-0-0|1-0-0

6-0-0|1-0-0

list_item.xml

operation

frmWindowLrc.xml

frmWindowLrcParent.xml

hXXp://VVV.9ku.com/lrc2/

hXXp://VVV.9ku.com/fm/

hXXp://img.9ku.com

hXXp://mp3.9ku.com

E:\zhuyicheng\boost_1_53_0\boost/property_tree/detail/json_parser_read.hpp

hXXp://player.kuwo.cn/webmusic/st/getMuiseDate?flag=3&r=&pd=

hXXp://fm.baidu.com/dev/api/?tn=playlist&id=

hXXp://music.baidu.com/data/music/fmlink?type=mp3&rate=320&songIds=

hXXp://fm.baidu.com

hXXp://pan.baidu.com

hXXp://live.hkuradio.com/radio2?download=1

hXXp://imgs.diantai.ifeng.com/images/channelimg/update_uradio_new_yy.png

hXXp://live.hkuradio.com/radio1?download=1

hXXp://imgs.diantai.ifeng.com/images/channelimg/update_uradio_new_zh.png

hXXp://live.3gv.ifeng.com/live/zhongwen?fmt=mp3_32k_mp3

hXXp://imgs.diantai.ifeng.com/images/channelimg/ifeng_zwt_new.png

hXXp://live.3gv.ifeng.com/live/zixun?fmt=mp3_32k_mp3

hXXp://imgs.diantai.ifeng.com/images/channelimg/ifeng_zxt_new.png

hXXp://live.3gv.ifeng.com/live/hongkong?fmt=mp3_32k_mp3

hXXp://imgs.diantai.ifeng.com/images/channelimg/ifeng_xgt_new.png

hXXp://moblive.rbc.cn/fm876.mp3

hXXp://imgs.diantai.ifeng.com/images/channelimg/bg_wy_new.png

hXXp://moblive.rbc.cn/fm1039.mp3

hXXp://imgs.diantai.ifeng.com/images/channelimg/bg_bgjt_new.png

hXXp://moblive.rbc.cn/fm1006.mp3

hXXp://imgs.diantai.ifeng.com/images/channelimg/bg_xw_new.png

hXXp://moblive.rbc.cn/am603.mp3

hXXp://imgs.diantai.ifeng.com/images/channelimg/bg_bggs_new.png

hXXp://moblive.rbc.cn/fm1025.mp3

hXXp://imgs.diantai.ifeng.com/images/channelimg/bg_bgty_new.png

hXXp://moblive.rbc.cn/am774.mp3

hXXp://imgs.diantai.ifeng.com/images/channelimg/bg_bgwy_new.png

hXXp://moblive.rbc.cn/am927.mp3

hXXp://imgs.diantai.ifeng.com/images/channelimg/bg_bgaj_new.png

hXXp://moblive.rbc.cn/fm1073.mp3

hXXp://imgs.diantai.ifeng.com/images/channelimg/bg_bgcsfw_new.png

hXXp://VVV.xiami.com/radio/play/type/6/oid/0

libfm::fm_douban_impl::login

hXXp://VVV.douban.com/j/app/login

&password=

hXXp://VVV.douban.com/j/app/radio/people?app_name=radio_desktop_win&version=100&user_id=

hXXp://VVV.douban.com/j/app/radio/people?app_name=radio_desktop_win&version=100&type=

hXXp://shopcgi.qqmusic.qq.com/fcgi-bin/shopsearch.fcg?out=json&value=

"msg":

_0.jpg

hXXp://imgcache.qq.com/music/photo/album/

hXXp://music.qq.com/miniportal/static/lyric/

libfm::fm_impl::get_song_url

libfm::fm_impl::login

WinExec

KERNEL32.dll

GetAsyncKeyState

RegisterHotKey

UnregisterHotKey

USER32.dll

GDI32.dll

RegDeleteKeyA

RegCreateKeyExA

RegOpenKeyExA

RegOpenKeyA

RegCloseKey

ADVAPI32.dll

ShellExecuteA

SHELL32.dll

ole32.dll

OLEAUT32.dll

avcore.dll

HttpQueryInfoA

InternetOpenUrlA

WININET.dll

SHLWAPI.dll

gdiplus.dll

?OnKeyDown@WindowImplBase@DuiLib@@UAEJIIJAAH@Z

?GetMessageMap@WindowImplBase@DuiLib@@MBEPBUDUI_MSGMAP@2@XZ

?SetAutoNavigation@CWebBrowserUI@DuiLib@@QAEX_N@Z

?SetHomePage@CWebBrowserUI@DuiLib@@QAEXPBD@Z

?Download@CWebBrowserUI@DuiLib@@UAGJPAUIMoniker@@PAUIBindCtx@@KJPAU_tagBINDINFO@@PB_W3I@Z

?Exec@CWebBrowserUI@DuiLib@@UAGJPBU_GUID@@KKPAUtagVARIANT@@1@Z

?QueryStatus@CWebBrowserUI@DuiLib@@UAGJPBU_GUID@@KQAU_tagOLECMD@@PAU_tagOLECMDTEXT@@@Z

?QueryService@CWebBrowserUI@DuiLib@@UAGJABU_GUID@@0PAPAX@Z

?FilterDataObject@CWebBrowserUI@DuiLib@@UAGJPAUIDataObject@@PAPAU3@@Z

?TranslateUrl@CWebBrowserUI@DuiLib@@UAGJKPA_WPAPA_W@Z

?GetDropTarget@CWebBrowserUI@DuiLib@@UAGJPAUIDropTarget@@PAPAU3@@Z

?GetOptionKeyPath@CWebBrowserUI@DuiLib@@UAGJPAPA_WK@Z

?TranslateAcceleratorA@CWebBrowserUI@DuiLib@@UAGJPAUtagMSG@@PBU_GUID@@K@Z

?TranslateAcceleratorA@CWebBrowserUI@DuiLib@@UAEJPAUtagMSG@@@Z

?ResizeBorder@CWebBrowserUI@DuiLib@@UAGJPBUtagRECT@@PAUIOleInPlaceUIWindow@@H@Z

?OnFrameWindowActivate@CWebBrowserUI@DuiLib@@UAGJH@Z

?OnDocWindowActivate@CWebBrowserUI@DuiLib@@UAGJH@Z

?EnableModeless@CWebBrowserUI@DuiLib@@UAGJH@Z

?UpdateUI@CWebBrowserUI@DuiLib@@UAGJXZ

?HideUI@CWebBrowserUI@DuiLib@@UAGJXZ

?ShowUI@CWebBrowserUI@DuiLib@@UAGJKPAUIOleInPlaceActiveObject@@PAUIOleCommandTarget@@PAUIOleInPlaceFrame@@PAUIOleInPlaceUIWindow@@@Z

?GetHostInfo@CWebBrowserUI@DuiLib@@UAGJPAU_DOCHOSTUIINFO@@@Z

?ShowContextMenu@CWebBrowserUI@DuiLib@@UAGJKPAUtagPOINT@@PAUIUnknown@@PAUIDispatch@@@Z

?Invoke@CWebBrowserUI@DuiLib@@UAGJJABU_GUID@@KGPAUtagDISPPARAMS@@PAUtagVARIANT@@PAUtagEXCEPINFO@@PAI@Z

?GetIDsOfNames@CWebBrowserUI@DuiLib@@UAGJABU_GUID@@PAPA_WIKPAJ@Z

?GetTypeInfo@CWebBrowserUI@DuiLib@@UAGJIKPAPAUITypeInfo@@@Z

?GetTypeInfoCount@CWebBrowserUI@DuiLib@@UAGJPAI@Z

?QueryInterface@CWebBrowserUI@DuiLib@@UAGJABU_GUID@@PAPAX@Z

?Release@CWebBrowserUI@DuiLib@@UAGKXZ

?AddRef@CWebBrowserUI@DuiLib@@UAGKXZ

?GetInterface@CWebBrowserUI@DuiLib@@UAEPAXPBD@Z

?GetClass@CWebBrowserUI@DuiLib@@UBEPBDXZ

??1CWebBrowserUI@DuiLib@@UAE@XZ

??0CWebBrowserUI@DuiLib@@QAE@XZ

?SetKeyboardEnabled@CControlUI@DuiLib@@UAEX_N@Z

?IsKeyboardEnabled@CControlUI@DuiLib@@UBE_NXZ

?Navigate2@CWebBrowserUI@DuiLib@@QAEXPBD@Z

DuiLib.dll

PSAPI.DLL

IPHLPAPI.DLL

NETAPI32.dll

GetCPInfo

GetProcessHeap

zcÁ

.?AVCWebBrowserUI@DuiLib@@

.?AVCHotKeyTipFrameWnd@@

.?AVCWebBrowserUIEx@@

.?AVWebBrowserEventSinker@@

.?AU?$grammar_helper@U?$grammar@U?$json_grammar@V?$basic_ptree@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@property_tree@boost@@@json_parser@property_tree@boost@@U?$parser_context@Unil_t@classic@spirit@boost@@@classic@spirit@4@@classic@spirit@boost@@U?$json_grammar@V?$basic_ptree@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@property_tree@boost@@@json_parser@property_tree@4@V?$scanner@V?$_Vector_iterator@V?$_Vector_val@DV?$allocator@D@std@@@std@@@std@@U?$scanner_policies@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@234@@impl@classic@spirit@boost@@

.?AU?$concrete_parser@U?$alternative@V?$action@V?$chset@D@classic@spirit@boost@@Ua_escape@?$context@V?$basic_ptree@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@property_tree@boost@@@json_parser@property_tree@4@@classic@spirit@boost@@U?$sequence@U?$chlit@D@classic@spirit@boost@@V?$action@U?$uint_parser@K$0BA@$03$03@classic@spirit@boost@@Ua_unicode@?$context@V?$basic_ptree@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@property_tree@boost@@@json_parser@property_tree@4@@234@@234@@classic@spirit@boost@@V?$scanner@V?$_Vector_iterator@V?$_Vector_val@DV?$allocator@D@std@@@std@@@std@@U?$scanner_policies@U?$no_skipper_iteration_policy@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@234@Unil_t@234@@impl@classic@spirit@boost@@

.?AU?$abstract_parser@V?$scanner@V?$_Vector_iterator@V?$_Vector_val@DV?$allocator@D@std@@@std@@@std@@U?$scanner_policies@U?$no_skipper_iteration_policy@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@classic@spirit@boost@@Unil_t@234@@impl@classic@spirit@boost@@

.?AU?$concrete_parser@U?$alternative@V?$action@U?$difference@U?$difference@Uanychar_parser@classic@spirit@boost@@V?$strlit@PBD@234@@classic@spirit@boost@@V?$strlit@PBD@234@@classic@spirit@boost@@Ua_char@?$context@V?$basic_ptree@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@property_tree@boost@@@json_parser@property_tree@4@@classic@spirit@boost@@U?$sequence@U?$chlit@D@classic@spirit@boost@@U?$assertive_parser@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$rule@V?$scanner@V?$_Vector_iterator@V?$_Vector_val@DV?$allocator@D@std@@@std@@@std@@U?$scanner_policies@U?$no_skipper_iteration_policy@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@classic@spirit@boost@@Unil_t@234@U5234@@classic@spirit@boost@@@234@@234@@classic@spirit@boost@@V?$scanner@V?$_Vector_iterator@V?$_Vector_val@DV?$allocator@D@std@@@std@@@std@@U?$scanner_policies@U?$no_skipper_iteration_policy@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@234@Unil_t@234@@impl@classic@spirit@boost@@

.?AU?$concrete_parser@U?$positive@U?$contiguous@U?$confix_parser@U?$chlit@D@classic@spirit@boost@@U?$kleene_star@V?$rule@V?$scanner@V?$_Vector_iterator@V?$_Vector_val@DV?$allocator@D@std@@@std@@@std@@U?$scanner_policies@U?$no_skipper_iteration_policy@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@classic@spirit@boost@@Unil_t@234@U5234@@classic@spirit@boost@@@234@U1234@Uunary_parser_category@234@Unon_nested@234@Unon_lexeme@234@@classic@spirit@boost@@@classic@spirit@boost@@@classic@spirit@boost@@V?$scanner@V?$_Vector_iterator@V?$_Vector_val@DV?$allocator@D@std@@@std@@@std@@U?$scanner_policies@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@234@Unil_t@234@@impl@classic@spirit@boost@@

.?AU?$concrete_parser@U?$sequence@U?$sequence@U?$sequence@U?$optional@U?$chlit@D@classic@spirit@boost@@@classic@spirit@boost@@U?$alternative@U?$chlit@D@classic@spirit@boost@@U?$sequence@U?$range@D@classic@spirit@boost@@U?$kleene_star@Udigit_parser@classic@spirit@boost@@@234@@234@@234@@classic@spirit@boost@@U?$optional@U?$sequence@U?$chlit@D@classic@spirit@boost@@U?$positive@Udigit_parser@classic@spirit@boost@@@234@@classic@spirit@boost@@@234@@classic@spirit@boost@@U?$optional@U?$sequence@U?$sequence@V?$chset@D@classic@spirit@boost@@U?$optional@V?$chset@D@classic@spirit@boost@@@234@@classic@spirit@boost@@U?$positive@Udigit_parser@classic@spirit@boost@@@234@@classic@spirit@boost@@@234@@classic@spirit@boost@@V?$scanner@V?$_Vector_iterator@V?$_Vector_val@DV?$allocator@D@std@@@std@@@std@@U?$scanner_policies@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@234@Unil_t@234@@impl@classic@spirit@boost@@

.?AU?$concrete_parser@U?$assertive_parser@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$rule@V?$scanner@V?$_Vector_iterator@V?$_Vector_val@DV?$allocator@D@std@@@std@@@std@@U?$scanner_policies@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@classic@spirit@boost@@Unil_t@234@U5234@@classic@spirit@boost@@@classic@spirit@boost@@V?$scanner@V?$_Vector_iterator@V?$_Vector_val@DV?$allocator@D@std@@@std@@@std@@U?$scanner_policies@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@234@Unil_t@234@@impl@classic@spirit@boost@@

.?AU?$concrete_parser@U?$sequence@U?$sequence@U?$assertive_parser@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$action@V?$rule@V?$scanner@V?$_Vector_iterator@V?$_Vector_val@DV?$allocator@D@std@@@std@@@std@@U?$scanner_policies@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@classic@spirit@boost@@Unil_t@234@U5234@@classic@spirit@boost@@Ua_name@?$context@V?$basic_ptree@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@property_tree@boost@@@json_parser@property_tree@4@@classic@spirit@boost@@@classic@spirit@boost@@U?$assertive_parser@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$chlit@D@classic@spirit@boost@@@234@@classic@spirit@boost@@U?$assertive_parser@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$rule@V?$scanner@V?$_Vector_iterator@V?$_Vector_val@DV?$allocator@D@std@@@std@@@std@@U?$scanner_policies@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@classic@spirit@boost@@Unil_t@234@U5234@@classic@spirit@boost@@@234@@classic@spirit@boost@@V?$scanner@V?$_Vector_iterator@V?$_Vector_val@DV?$allocator@D@std@@@std@@@std@@U?$scanner_policies@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@234@Unil_t@234@@impl@classic@spirit@boost@@

.?AU?$concrete_parser@U?$sequence@V?$action@U?$chlit@D@classic@spirit@boost@@Ua_object_s@?$context@V?$basic_ptree@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@property_tree@boost@@@json_parser@property_tree@4@@classic@spirit@boost@@U?$alternative@V?$action@U?$chlit@D@classic@spirit@boost@@Ua_object_e@?$context@V?$basic_ptree@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@property_tree@boost@@@json_parser@property_tree@4@@classic@spirit@boost@@U?$sequence@U?$list_parser@V?$rule@V?$scanner@V?$_Vector_iterator@V?$_Vector_val@DV?$allocator@D@std@@@std@@@std@@U?$scanner_policies@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@classic@spirit@boost@@Unil_t@234@U5234@@classic@spirit@boost@@U?$chlit@D@234@Uno_list_endtoken@234@Uplain_parser_category@234@@classic@spirit@boost@@U?$assertive_parser@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$action@U?$chlit@D@classic@spirit@boost@@Ua_object_e@?$context@V?$basic_ptree@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@property_tree@boost@@@json_parser@property_tree@4@@classic@spirit@boost@@@234@@234@@234@@classic@spirit@boost@@V?$scanner@V?$_Vector_iterator@V?$_Vector_val@DV?$allocator@D@std@@@std@@@std@@U?$scanner_policies@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@234@Unil_t@234@@impl@classic@spirit@boost@@

.?AU?$abstract_parser@V?$scanner@V?$_Vector_iterator@V?$_Vector_val@DV?$allocator@D@std@@@std@@@std@@U?$scanner_policies@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@classic@spirit@boost@@Unil_t@234@@impl@classic@spirit@boost@@

.?AU?$concrete_parser@U?$sequence@U?$assertive_parser@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$alternative@V?$rule@V?$scanner@V?$_Vector_iterator@V?$_Vector_val@DV?$allocator@D@std@@@std@@@std@@U?$scanner_policies@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@classic@spirit@boost@@Unil_t@234@U5234@@classic@spirit@boost@@V1234@@classic@spirit@boost@@@classic@spirit@boost@@U?$assertive_parser@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@Uend_parser@classic@spirit@boost@@@234@@classic@spirit@boost@@V?$scanner@V?$_Vector_iterator@V?$_Vector_val@DV?$allocator@D@std@@@std@@@std@@U?$scanner_policies@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@234@Unil_t@234@@impl@classic@spirit@boost@@

.?AV?$sp_counted_impl_p@U?$grammar_helper@U?$grammar@U?$json_grammar@V?$basic_ptree@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@property_tree@boost@@@json_parser@property_tree@boost@@U?$parser_context@Unil_t@classic@spirit@boost@@@classic@spirit@4@@classic@spirit@boost@@U?$json_grammar@V?$basic_ptree@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V12@U?$less@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@property_tree@boost@@@json_parser@property_tree@4@V?$scanner@V?$_Vector_iterator@V?$_Vector_val@DV?$allocator@D@std@@@std@@@std@@U?$scanner_policies@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@234@@impl@classic@spirit@boost@@@detail@boost@@

.?AU?$grammar_helper@U?$grammar@U?$json_grammar@V?$basic_ptree@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@U?$less@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@property_tree@boost@@@json_parser@property_tree@boost@@U?$parser_context@Unil_t@classic@spirit@boost@@@classic@spirit@4@@classic@spirit@boost@@U?$json_grammar@V?$basic_ptree@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@U?$less@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@property_tree@boost@@@json_parser@property_tree@4@V?$scanner@V?$_Vector_iterator@V?$_Vector_val@_WV?$allocator@_W@std@@@std@@@std@@U?$scanner_policies@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@234@@impl@classic@spirit@boost@@

.?AU?$concrete_parser@U?$alternative@V?$action@V?$chset@_W@classic@spirit@boost@@Ua_escape@?$context@V?$basic_ptree@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@U?$less@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@property_tree@boost@@@json_parser@property_tree@4@@classic@spirit@boost@@U?$sequence@U?$chlit@D@classic@spirit@boost@@V?$action@U?$uint_parser@K$0BA@$03$03@classic@spirit@boost@@Ua_unicode@?$context@V?$basic_ptree@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@U?$less@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@property_tree@boost@@@json_parser@property_tree@4@@234@@234@@classic@spirit@boost@@V?$scanner@V?$_Vector_iterator@V?$_Vector_val@_WV?$allocator@_W@std@@@std@@@std@@U?$scanner_policies@U?$no_skipper_iteration_policy@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@234@Unil_t@234@@impl@classic@spirit@boost@@

.?AU?$abstract_parser@V?$scanner@V?$_Vector_iterator@V?$_Vector_val@_WV?$allocator@_W@std@@@std@@@std@@U?$scanner_policies@U?$no_skipper_iteration_policy@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@classic@spirit@boost@@Unil_t@234@@impl@classic@spirit@boost@@

.?AU?$concrete_parser@U?$alternative@V?$action@U?$difference@U?$difference@Uanychar_parser@classic@spirit@boost@@V?$strlit@PBD@234@@classic@spirit@boost@@V?$strlit@PBD@234@@classic@spirit@boost@@Ua_char@?$context@V?$basic_ptree@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@U?$less@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@property_tree@boost@@@json_parser@property_tree@4@@classic@spirit@boost@@U?$sequence@U?$chlit@D@classic@spirit@boost@@U?$assertive_parser@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$rule@V?$scanner@V?$_Vector_iterator@V?$_Vector_val@_WV?$allocator@_W@std@@@std@@@std@@U?$scanner_policies@U?$no_skipper_iteration_policy@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@classic@spirit@boost@@Unil_t@234@U5234@@classic@spirit@boost@@@234@@234@@classic@spirit@boost@@V?$scanner@V?$_Vector_iterator@V?$_Vector_val@_WV?$allocator@_W@std@@@std@@@std@@U?$scanner_policies@U?$no_skipper_iteration_policy@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@234@Unil_t@234@@impl@classic@spirit@boost@@

.?AU?$concrete_parser@U?$positive@U?$contiguous@U?$confix_parser@U?$chlit@D@classic@spirit@boost@@U?$kleene_star@V?$rule@V?$scanner@V?$_Vector_iterator@V?$_Vector_val@_WV?$allocator@_W@std@@@std@@@std@@U?$scanner_policies@U?$no_skipper_iteration_policy@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@classic@spirit@boost@@Unil_t@234@U5234@@classic@spirit@boost@@@234@U1234@Uunary_parser_category@234@Unon_nested@234@Unon_lexeme@234@@classic@spirit@boost@@@classic@spirit@boost@@@classic@spirit@boost@@V?$scanner@V?$_Vector_iterator@V?$_Vector_val@_WV?$allocator@_W@std@@@std@@@std@@U?$scanner_policies@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@234@Unil_t@234@@impl@classic@spirit@boost@@

.?AU?$concrete_parser@U?$sequence@U?$sequence@U?$sequence@U?$optional@U?$chlit@D@classic@spirit@boost@@@classic@spirit@boost@@U?$alternative@U?$chlit@D@classic@spirit@boost@@U?$sequence@U?$range@_W@classic@spirit@boost@@U?$kleene_star@Udigit_parser@classic@spirit@boost@@@234@@234@@234@@classic@spirit@boost@@U?$optional@U?$sequence@U?$chlit@D@classic@spirit@boost@@U?$positive@Udigit_parser@classic@spirit@boost@@@234@@classic@spirit@boost@@@234@@classic@spirit@boost@@U?$optional@U?$sequence@U?$sequence@V?$chset@_W@classic@spirit@boost@@U?$optional@V?$chset@_W@classic@spirit@boost@@@234@@classic@spirit@boost@@U?$positive@Udigit_parser@classic@spirit@boost@@@234@@classic@spirit@boost@@@234@@classic@spirit@boost@@V?$scanner@V?$_Vector_iterator@V?$_Vector_val@_WV?$allocator@_W@std@@@std@@@std@@U?$scanner_policies@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@234@Unil_t@234@@impl@classic@spirit@boost@@

.?AU?$concrete_parser@U?$assertive_parser@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$rule@V?$scanner@V?$_Vector_iterator@V?$_Vector_val@_WV?$allocator@_W@std@@@std@@@std@@U?$scanner_policies@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@classic@spirit@boost@@Unil_t@234@U5234@@classic@spirit@boost@@@classic@spirit@boost@@V?$scanner@V?$_Vector_iterator@V?$_Vector_val@_WV?$allocator@_W@std@@@std@@@std@@U?$scanner_policies@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@234@Unil_t@234@@impl@classic@spirit@boost@@

.?AU?$concrete_parser@U?$sequence@U?$sequence@U?$assertive_parser@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$action@V?$rule@V?$scanner@V?$_Vector_iterator@V?$_Vector_val@_WV?$allocator@_W@std@@@std@@@std@@U?$scanner_policies@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@classic@spirit@boost@@Unil_t@234@U5234@@classic@spirit@boost@@Ua_name@?$context@V?$basic_ptree@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@U?$less@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@property_tree@boost@@@json_parser@property_tree@4@@classic@spirit@boost@@@classic@spirit@boost@@U?$assertive_parser@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$chlit@D@classic@spirit@boost@@@234@@classic@spirit@boost@@U?$assertive_parser@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$rule@V?$scanner@V?$_Vector_iterator@V?$_Vector_val@_WV?$allocator@_W@std@@@std@@@std@@U?$scanner_policies@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@classic@spirit@boost@@Unil_t@234@U5234@@classic@spirit@boost@@@234@@classic@spirit@boost@@V?$scanner@V?$_Vector_iterator@V?$_Vector_val@_WV?$allocator@_W@std@@@std@@@std@@U?$scanner_policies@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@234@Unil_t@234@@impl@classic@spirit@boost@@

.?AU?$concrete_parser@U?$sequence@V?$action@U?$chlit@D@classic@spirit@boost@@Ua_object_s@?$context@V?$basic_ptree@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@U?$less@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@property_tree@boost@@@json_parser@property_tree@4@@classic@spirit@boost@@U?$alternative@V?$action@U?$chlit@D@classic@spirit@boost@@Ua_object_e@?$context@V?$basic_ptree@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@U?$less@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@property_tree@boost@@@json_parser@property_tree@4@@classic@spirit@boost@@U?$sequence@U?$list_parser@V?$rule@V?$scanner@V?$_Vector_iterator@V?$_Vector_val@_WV?$allocator@_W@std@@@std@@@std@@U?$scanner_policies@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@classic@spirit@boost@@Unil_t@234@U5234@@classic@spirit@boost@@U?$chlit@D@234@Uno_list_endtoken@234@Uplain_parser_category@234@@classic@spirit@boost@@U?$assertive_parser@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$action@U?$chlit@D@classic@spirit@boost@@Ua_object_e@?$context@V?$basic_ptree@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@U?$less@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@property_tree@boost@@@json_parser@property_tree@4@@classic@spirit@boost@@@234@@234@@234@@classic@spirit@boost@@V?$scanner@V?$_Vector_iterator@V?$_Vector_val@_WV?$allocator@_W@std@@@std@@@std@@U?$scanner_policies@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@234@Unil_t@234@@impl@classic@spirit@boost@@

.?AU?$abstract_parser@V?$scanner@V?$_Vector_iterator@V?$_Vector_val@_WV?$allocator@_W@std@@@std@@@std@@U?$scanner_policies@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@classic@spirit@boost@@Unil_t@234@@impl@classic@spirit@boost@@

.?AU?$concrete_parser@U?$sequence@U?$assertive_parser@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@U?$alternative@V?$rule@V?$scanner@V?$_Vector_iterator@V?$_Vector_val@_WV?$allocator@_W@std@@@std@@@std@@U?$scanner_policies@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@classic@spirit@boost@@Unil_t@234@U5234@@classic@spirit@boost@@V1234@@classic@spirit@boost@@@classic@spirit@boost@@U?$assertive_parser@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@Uend_parser@classic@spirit@boost@@@234@@classic@spirit@boost@@V?$scanner@V?$_Vector_iterator@V?$_Vector_val@_WV?$allocator@_W@std@@@std@@@std@@U?$scanner_policies@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@234@Unil_t@234@@impl@classic@spirit@boost@@

.?AV?$sp_counted_impl_p@U?$grammar_helper@U?$grammar@U?$json_grammar@V?$basic_ptree@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@U?$less@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@property_tree@boost@@@json_parser@property_tree@boost@@U?$parser_context@Unil_t@classic@spirit@boost@@@classic@spirit@4@@classic@spirit@boost@@U?$json_grammar@V?$basic_ptree@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V12@U?$less@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@property_tree@boost@@@json_parser@property_tree@4@V?$scanner@V?$_Vector_iterator@V?$_Vector_val@_WV?$allocator@_W@std@@@std@@@std@@U?$scanner_policies@V?$skip_parser_iteration_policy@U?$alternative@U?$alternative@Uspace_parser@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@U?$alternative@Ueol_parser@classic@spirit@boost@@Uend_parser@234@@234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@U?$confix_parser@V?$strlit@PBD@classic@spirit@boost@@U?$kleene_star@Uanychar_parser@classic@spirit@boost@@@234@V1234@Uunary_parser_category@234@Unon_nested@234@Uis_lexeme@234@@234@@classic@spirit@boost@@Uiteration_policy@234@@classic@spirit@boost@@Umatch_policy@234@Uaction_policy@234@@classic@spirit@boost@@@234@@impl@classic@spirit@boost@@@detail@boost@@

%Program Files%\yyfm0529\2014081121\yymusic05.exe

fiTXtXML:com.adobe.xmp

" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:AF7207EBFCA7E211A4BAB609526B9429" xmpMM:DocumentID="xmp.did:0CCE7CECA7FD11E292E997ACCC5A275E" xmpMM:InstanceID="xmp.iid:0CCE7CEBA7FD11E292E997ACCC5A275E" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:AF7207EBFCA7E211A4BAB609526B9429" stRef:documentID="xmp.did:AF7207EBFCA7E211A4BAB609526B9429"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>

#%DSZ

k/.ea"#>Nn

W%u3>C

f9Ky.RW`

125x125.jpg

L.Xkj

320x225.png

astop.png}W

back.png

bg2.png}SOh

bg3.png

bg_2.png}S]H

bk.png|

I[CsS%SC

.qO9M

t%7UfEa

zC%f

]#%Sj

J%XDU@}T

8i.aV;

%fiHZZ9

3Nv%F

R%cV}V

mD%SK'l9

QC

bkcolor_1.png

bkcolor_2.png

bkcolor_3.png

bkcolor_4.png

bkcolor_5.png

bkcolor_6.png

bkcolor_7.png

border.png

L9q

btn-anonymity.png}

[).XF

'q.CAqK

btn-delete.png

btn-fav.png}Wy8

btn-login.png}

btn-login2.png

[%*,\4>66

%S;&DN

btn-next.png

btn-pause.png}X

btn-play.png

BtnHidePlayList.png

BtnRightTop.png

btn_9k.png}Wy8

btn_bd.png}Xy8

btn_close.png}Vy8

btn_comm.png

btn_db.png}W

btn_fh.png}XwT

btn_kw.png}

btn_ok.png}W

l[O{#. %x

btn_ok_blue.png

btn_ok_red.png}

btn_sc.png

=%uIS

btn_xm.png}X

button.png

channel.png

close.png

collection.png

ðxEuJxg

color_list_bk.png

\dl

dash.png}SM

DefaultUserImage.jpg

%S]wF

downd.png

downda.png

downdahover.png

DownLoadProgressForeImage.png

exit.png}U

fbcaptionbk.png

feedback.png}V

>/.Yhi

font_bkcolor.png

font_forecolor.png

forecolor_1.png

forecolor_2.png

forecolor_3.png

forecolor_4.png

.IDATx

forecolor_5.png

forecolor_6.png

forecolor_7.png

forgettt.jpg

frmdownmenu.xml

FrmDropDownMenuFrame.xml

FrmFeedBack.xmle

FrmHotKeyTip.xmlu

frmlogin.xml

FrmLrcChild.xmlU

FrmMenuFrame.xml

frmplayer.xml

frmplaylist.xml

frmProgressToolTip.xmlUPKN

frmWebBrowser.xml=

frmWindowLrc.xml%M1

frmWindowLrcParent.xml%

headimg.png}

d%U(.6

tG%C*

history.png

home.png}VgTS

hotkeytipbk.png

icon.png

input-password.png}U

input-user.png

like.png

!\Un%x

list.png

lista.png

D-wjÓ

listahover.png

list_item_bg.png}S

list_pause.png

list_play.png

list_scroll_bar.png}SmH

list_scroll_bar2.png}S_H

{òC

list_title_bg.png}S

loading01.png

loading02.png

loading03.png

loading04.png

LoginBk.png

%S%hu.Y

g).IQ

LrcBk.png

u-3H}.

lrclist.png}Xy8

@.xn?

lyricdelete.png

lyricdeletea.png

lyricdeletea2.png

LyricFrameVoice.png

lyricmute.png

lyrictoplay.png

mainframeshadow.png

3.jUj

max.png

menu.png

min.png}SOh

mine.png

minea.png

mineahover.png

mini.png

mE)iVA.nP

more.png}SOH

musiclibrary.png

next.png}ViTSg

next0520.png

normalVolume.png}U

%DZRlj

play0520.png

play2.png

playerbg01.png

playerbg02.png

playerlist.png}X

playersidebg.jpg

playinging.jpg

playinginga.jpg

".Wlm

playingnext.png

playingplaying.jpg

playingprev.jpg

playingpreva.jpg

playingrandom.jpg

playingrandoma.jpg

playingvoice.png}V

PlayProgressForeImage.png

pl_back.png}S_h

pl_bg.png

pl_big.png

pl_btn_down.png}Tih

pl_btn_on.png

pl_close.png}S[H

pl_color.png

pl_desktop.png

pl_feedback.png}SKL

pl_forward.png}S_H

pl_icon.png}Wy8

pl_itself.png

pl_mutevol.png

pl_next.png}S_h

pl_pause.png}SKh

pl_prev.png

pl_res.png

pl_set.png

pl_small.png}Tmh

pl_split.png}S_h

pl_vol.png

pop_bkimage.png}U

power.png}XgTS

,&.,&#/!./*

prev.png}ViTS

prev0520.png

prevention.png

progresstooltip.png

progresstooltipbk.png

.ZfDrhe

T%s61K

m;.rA

progress_fore.png

pushedVolume.png

random.jpg

random01.jpg

random01a.jpg

random01hover.jpg

random02.jpg

random02a.jpg

random02hover.jpg

random03.jpg

random03a.jpg

random03hover.jpg

random0520.png

reflash.png

remembertt.jpg

scrollbar.png

search.png

E.Eg/&

SelectColor_SliderBar_Thumb.png

5).uZ

slider_bg.png

sound (2).jpg

sound.jpg

sound100.jpg

steup.png}

suspensionbig.png

suspensionbiga.png

suspensionbigahover.png

suspensionclose.png

suspensionclosea.png

suspensioncloseahover.png

suspensionfeedback.png

suspensionfeedbacka.png

suspensionfeedbackahover.png

suspensionlogin.png

suspensionmin.png

suspensionmina.png

suspensionminahover.png

suspensionset.png

suspensionseta.png

suspensionsetahover.png

suspensiontop.png

suspensiontopa.png

suspensiontopahover.png

system_menu_btnexit.png

system_menu_btnfeedback.png}V

system_menu_btnmin.png

;7%2uf

system_menu_btnmini.png

system_menu_btnsteup.png}

system_menu_btntop.png}W

sys_check_btn.png

sys_check_btn_blue.png

sys_check_btn_red.png

sys_check_btn_whiter.png

tab_comm.png

tooltipbk.png

update.xml

voice00528.png

voice0520.png

voice0a0528.png

voice1000528.png

voiceall0528.png

astop.png

bg2.png

bg_2.png

bk.png

btn-anonymity.png

btn-fav.png

btn-login.png

btn-pause.png

btn_9k.png

btn_bd.png

btn_close.png

btn_db.png

btn_fh.png

btn_kw.png

btn_ok.png

btn_ok_red.png

btn_xm.png

dash.png

exit.png

feedback.png

frmProgressToolTip.xml

frmWebBrowser.xml

headimg.png

home.png

input-password.png

list_item_bg.png

list_scroll_bar.png

list_scroll_bar2.png

list_title_bg.png

lrclist.png

min.png

more.png

next.png

normalVolume.png

playerlist.png

playingvoice.png

pl_back.png

pl_btn_down.png

pl_close.png

pl_feedback.png

pl_forward.png

pl_icon.png

pl_next.png

pl_small.png

pl_split.png

pop_bkimage.png

power.png

prev.png

steup.png

system_menu_btnfeedback.png

system_menu_btnsteup.png

system_menu_btntop.png

.Zuxf

tCPS

$;y)#%s

.QsvC

.VvC v

lH)Qk%c

4n.Ei

,GA.GS

<requestedExecutionLevel level="requireAdministrator" uiAccess="false"></requestedExecutionLevel>

6 6$6(6,6

7(7.787?7

> >'>.>5><>]>

0%0U0

5$5(5,5054585

3M4

? ?$?(?,?0?4?8?<?

7-7R7}7

> >$>(>,>0>4>8><>

4 4$4(4,4044484<4

6 6$6(6,60646

8 8$8(8,80848

3 3$3(3,3034383<3@3

? ?$?(?,?0?4?8?<?@?

3 3$3(3,3034383<3

: :@:`:|:

=$=,=4=<=\=

4 5$5(545

mscoree.dll

LKERNEL32.DLL

- Attempt to initialize the CRT more than once.

- CRT not initialized

- floating point support not loaded

WUSER32.DLL

Skin\bkcolor_1.png

Skin\forecolor_1.png

Skin\bkcolor_2.png

Skin\forecolor_2.png

Skin\bkcolor_3.png

Skin\forecolor_3.png

Skin\bkcolor_4.png

Skin\forecolor_4.png

Skin\bkcolor_5.png

Skin\forecolor_5.png

Skin\bkcolor_6.png

Skin\forecolor_6.png

Skin\bkcolor_7.png

Skin\forecolor_7.png

E:\zhuyicheng\boost_1_53_0\boost/property_tree/detail/rapidxml.hpp

E:\zhuyicheng\boost_1_53_0\boost/optional/optional.hpp

!p.empty() && "Empty path not allowed for put_child."

errorUrl

E:\zhuyicheng\svn\trunk\MusicPlayerSrc\win32\MusicPlayer\Header Files\rapidxml/rapidxml.hpp

E:\zhuyicheng\svn\trunk\MusicPlayerSrc\win32\MusicPlayer\Header Files\rapidxml/rapidxml_print.hpp

E:\zhuyicheng\boost_1_53_0\boost/smart_ptr/shared_ptr.hpp

E:\zhuyicheng\boost_1_53_0\boost/smart_ptr/scoped_ptr.hpp

E:\zhuyicheng\boost_1_53_0\boost/spirit/home/classic/core/impl/match.ipp

val.is_initialized()

E:\zhuyicheng\boost_1_53_0\boost/spirit/home/classic/core/match.hpp

c.stack.size() >= 1

Song.music_id

Song.artid

Song.name

Song.artist

Song.special

Song.artist_pic240

Song.mp3path

Song.mp3dl

hXXp://

=data.xcode

data.songList

E:\zhuyicheng\boost_1_53_0\boost/spirit/home/classic/utility/impl/chset/range_run.ipp

r.is_valid()

tplayList.trackList

Assertion failed: %s, file %s, line %d

1.14.529.1

MusicPla.exe

YFMSever.exe_3420:

.idata

.rdata

`.rsrc

kernel32.dll

Windows

MSWHEEL_ROLLMSG

MSH_WHEELSUPPORT_MSG

MSH_SCROLL_LINES_MSG

$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)

oleaut32.dll

EVariantBadIndexError

ssShift

htKeyword

EInvalidOperation

u%CNu

%s[%d]

%s_%d

EInvalidGraphicOperation

Uh.FB

USER32.DLL

comctl32.dll

uxtheme.dll

OnKeyDown

OnKeyPress

OnKeyUp

UrlMon

Proportional

%s%s%s%s%s%s%s%s%s%s

IE(AL("%s",4),"AL(\"%0:s\",3)","JK(\"%1:s\",\"%0:s\")")

JumpID("","%s")

TKeyEvent

TKeyPressEvent

HelpKeywordteA

crSQLWait

%s (%s)

imm32.dll

AutoHotkeys

AutoHotkeys8~D

ssHotTrack

TWindowState

poProportional

TWMKey

KeyPreview

WindowState

tagMSG

System\CurrentControlSet\Control\Keyboard Layouts\%.8x

vcltest3.dll

User32.dll

%s, ClassID: %s

ole32.dll

olepro32.dll

getservbyport

WSAAsyncGetServByPort

WSAJoinLeaf

WS2_32.DLL

127.0.0.1

Uh.AF

TIdSocketListWindows

TIdStackWindowsU

IdStackWindows

%s, %.2d %s %.4d %s %s

%s, %d %s %d %s %s

ftpTransfer

ftpReady

ftpAborted

ClientPortMin<

ClientPortMax

Port

EIdCanNotBindPortInRange

EIdInvalidPortRangeSVW

saUsernamePassword

Password<

0.0.0.1

TIdTCPConnection

TIdTCPConnection0

IdTCPConnection

EIdTCPConnectionError

TIdTCPClient

IdTCPClient

BoundPort

PortU

password

Password

IdHTTPHeaderInfo

ProxyPassword<

ProxyPort

Mozilla/3.0 (compatible; Indy Library)

libeay32.dll

ssleay32.dll

SSL_CTX_use_PrivateKey_file

SSL_CTX_use_certificate_file

SSL_get_peer_certificate

SSL_CTX_set_default_passwd_cb

SSL_CTX_set_default_passwd_cb_userdata

SSL_CTX_check_private_key

X509_STORE_CTX_get_current_cert

des_set_key

sslvrfFailIfNoPeerCert

TPasswordEvent

Certificate

RootCertFile,}@

CertFile,}@

KeyFile

OnGetPasswordTGG

EIdOSSLLoadingRootCertError

EIdOSSLLoadingCertError

EIdOSSLLoadingKeyError

CommentURL

TIdHTTPMethod

IdHTTP

TIdHTTPOption

TIdHTTPOptions

TIdHTTPProtocolVersion

IdHTTPx

TIdHTTPOnHeadersAvailable

TIdHTTPOnRedirectEvent

TIdHTTPResponse

TIdHTTPRequest

TIdHTTPRequestd

TIdHTTPProtocolx

TIdCustomHTTP

TIdCustomHTTPx

TIdHTTP`

TIdHTTP

HTTPOptionst

EIdHTTPProtocolException

HTTPS

https

This request method is supported in HTTP 1.1

HTTP/1.0 200 OK

HTTP/

grfKeyState

TComTargetExecEvent

CmdGroup

nCmdID

nCmdexecopt

hhctrl.ocx

URLMON.DLL

SHDOCLC.DLL

IWebBrowser

IWebBrowserApph

IWebBrowser2

TEWBWindowSetResizable

TEWBWindowSetLeft

TEWBWindowSetTop

TEWBWindowSetWidth

TEWBWindowSetHeight

bstrUrlContext

bstrUrl

OnWindowSetResizable

OnWindowSetLeft

OnWindowSetTopT

OnWindowSetWidth

OnWindowSetHeight

rcmDefault

rcmDebug

DontExecuteScripts

DontExecuteJava

DontExecuteActiveX

DisableUrlIfEncodingUTF8

EnableUrlIfEncodingUTF8

CheckFontSupportsCodePage

DisableSubmitUrlInUTF8

EnableSubmitUrlInUTF8

lpMsg

PMsg

pguidCmdGroup

TTranslateUrlEvent

pchURLIn

ppchURLOut

CmdID

pszUrl

pszUrlContext

szPassWord

ErrorUrl

OptionKeyPath

OverrideOptionKeyPath`

OnTranslateUrl

OnCommandExec

'%s' is not supported.

WebocPopupManagement

ValidateNavigateUrl

HttpUsernamePasswordDisable

GetUrlDomFilePathUnencoded

XmlHttp

MAPI32.DLL

PTF://

hXXp://

hXXps://

AppEvents\Schemes\Apps\Explorer\Navigating\.Current

.Current

\ieframe.dll

\shdocvw.dll

\StringFileInfo\%0.4x%0.4x\%s

TMsgEvent

TKeyEventEx

Bypass

poPortrait

OnKeyDown<

0.750000

\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform

User-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

User-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)(

EmbeddedWB hXXp://bsalsa.com/

TFileOperation

FileOperation

OnActionExecute

SysConfig.ini

WJHTTP

%d.%d

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

0123456789

DSound.dll

Winmm.dll

Data\User2.ini

88888888

Update.zip

00000000

YYMusic05.exe

DMSet.Xml

/DM11/DMSet.Xml

hXXp://VVV.baidu.com

hXXp://update.yinyue.fm

8888-88-88

PlayerUpdate.exe

0000-00-00

SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\

[(*&^%$#@!)]

?456789:;<=

!"#$%&'()* ,-./0123

Nv.QbD

{Z|.qktg

)sVk.eU

?:4.al\u

ac.Rp

U%U,f

ù%"

6QZ.kkE!^\

.Cee,Wm

AKLRUXZZjjjjjjjjmjjZZXURLK"

%S_dikkggggk

%Uagkk`F9?nA>H^

333333333333333333

33333833

3333333333333338

:*"*"$3338

33333333

33333333333

3333333333338

33338?383

333333333333

:*3:"$3338

333333333333333

@4(@4(@4(@4(@4(@4(@4(@4(@4(@4(@4(@4(

@4(@4(@4(@4(@4(@4(@4(@4(@4(@4(@4(

=4'=4'=4'=4'=4'=4'=4'=4'=4'=4'=4'

=4'=4'=4'=4'=4'=4'=4'=4'=4'=4'

<3&<3&<3&<3&<3&<3&<3&<3&<3&<3&

<3&<3&<3&<3&

<3&<3&<3&<3&<3&<3&<3&<3&<3&

@4(@4(@4(@4(@4(@4(=4'=4'=4'=4'=4'

=4'=4'=4'=4'=4'<3&<3&<3&<3&

[email protected]

N?/N?/N?/N?/N?/N?/N?/N?/N?/O?.N?/M>.PA1

NA1PA.OA/

OA.SB-O@0OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/RB2RB2RB2RB2RB2RB2RB2RB2RB2RB2RB2RB2RB2RB2RB2SC3RB2RB2RB2RB2RB2RB2RB2RB2RB2RB2QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1RB2RB2RB2RB2RB2RB2RB2RB2RB2RB2RB2RB2RB2RB2RB1RB1SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2RB1SC2RB1RB1QA0RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2TD3TD3TD3TD3TD3TD3TD3TD3TD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3UC2UC2UC2UC2UC2TB1UC2UC2UC2UC2UC2UC2UC2UC2UC2UC2VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3WF3WF3WF3WF3WF3VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2WF3VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3XG4XF5XF5XF5XF5XF5XF5XF5XF5XF5XF5XF5XF5VG4VG4VG4VG4VG4VG4VG4VG4VG4VG4VG4VG4VG4VG4VG4VG4WH5WH5WH5WH5WH5WH5WH5WH5WH5WH5WH5WH5WH5XI6XI6VG4VG4VG4VG4VG4VG4VG4VG4VG4VG4VG4VG4VG4VG4VG4VG4VG4YH5YH5XG4XG2XG2XG2XG2XG2XG2XG2XG2XG2XG2XG2XG2XG2XG2XG2XG2XG2XG2XG2XG2XG2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2\J3\J3\J3\J3\J3\J3\J3\J3\J3\J3\J3\J3\J3\J3\J3\J3\J3\J3\J3\J3\J3\J3\J3]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]J5]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4^L5]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4^I3^J1^J1^J1^J1^J1^J1^J1^J1^J1^J1^J1_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2^J1^J1^J1^J1^J1^J1^J1^J1_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2^J1`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3_K2`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3aM4aM4aM4aM4aM4aM4aM4aM4cM4cM4cM4cM4cM4

zoaI>0K=1M=0M>.kbX

RH>J=/J=/J=/J=/K>0J=/J=/J=/J=/J=/J=/J=/J=/J=/J=/J=/J=/J=/J=/J=/J=/J=/J=/J=/J=/J=/J=/J=/J=/J=/J=/J=/L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L=-L=-L=-L=-L>,L>,L=-L=-L=-L=-L=-M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@[email protected]@[email protected]@[email protected]@[email protected]@[email protected]@[email protected]@[email protected]@.OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/[email protected]@[email protected]@[email protected]@[email protected]/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/QA0QA0QA0QA0P@/QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0P@/P@/P@/P@/P@/P@/P@/P@/QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0SA0SA0SA0SA0SA0SA0SA0SA0SA0SA0SA0SA0SA0SA0SA0SA0SA0SA0SA0SA0SA0TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1UC2UC2UC2UC2UC2UC2UC2UC2UC2UC2UD1UD1UD1UD1UD1UD1UD1UD1VE2VE2VE2UD1UD1UD1UD1UD1UD1UD1UD1UD1UD1UD1UD1UD1UD1UD1UD1UD1UD1UD1UD1UD1UD1UD1UD1UD1UD1UD1UD1UD1UD1VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2TE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2WF3WF3VE2VE2VE2VE2VE2VE2WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3XG4XG4WF3WF3YE3XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1[F1]F0]F0

g]SF9 E8*E8*E8*E8*F9 E8*E8*E8*E8*E8*E8*E8*E8*E8*E8*E8*F9 F9 F9 F9 F9 G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,E:,E:,G:,G:,G:,F9 F9 F9 F9 F9 F9 F9 F9 G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:*H; H; H; H; H; H; H; H; H; H; H; H; H; H; H; H; H; H; H; H; H; H; H; H; H; H; H; H; H; H; H; H; H; H; I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,J; J; J; J; J; J; J; J; J; J; J; J; J; J; J; K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,J; J; J; J; J; J; J; J; J; J; J; J; J; J; J; K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-K<,K<,K<,K<,K<,K<,K<,K<,L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-M=-M=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/O?.O?.O?.O?.O?.O?.O?.O?.O?.O?.O?.O?.O?.O?.N>-N>-O?.O?.O?.O?.O?.O?.O?.O?.O?.O?.O?.O?.O?.N>-N>-N>-O?.O?.O?.O?.O?.O?.O?.O?.O?.O?.P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/RA.RA.R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/SA0SA0SA0SA0SA0TB1TB1TB1TB1TB1TB1TB1TB1SA0SA0SA0SA0SA0SA0SA0SA0R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/P@/P@/QB/QB/QB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/QB/QB/QB/QB/QB/QB/QB/QB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/RA.RA.RA.RA.RA.RA.RA.RA.RA.RA.RA.RA.RA.RA.RA.RA.RA.RA.RA.RA.RA.RA.RA.RA.PA.RA.RA.RA.RA.RA.RA.RA.RA.RA.PA.PA.PA.

?6)?6)?6)?6)?6)?6)?6)?6)<6)?6(?6)

@6,>6)?6)

?7*=5(>6)@7*@4(?5 ?5

>5(>5(>5(>5(>5(>5(>5(>5(>5(>5'=5(>5'>6)@5'

;2(;2(;2(;2(;2(;2(;2(;2(;2(;2(;2(92)

<3)?4&=4'=4'=4&

:1':1':1':1':1':1':1':1';1'<2(;2(7/(

93(;2%;3&;2(

mf]<3%>3%SLCng^

|sP@/O@0M@2O@0N?/peWO@0O@0O@0O@0O@0OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/PA.MA/zqc

ZM?OA.OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/RB2RB2RB2RB2RB2RB2RB2RB2RB2RB2RB2RB2RB2RB2RB2SC3RB2RB2RB2RB2RB2RB2RB2RB2RB2RB2QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1QA1RB2RB2RB2RB2RB2RB2RB2RB2RB2RB2RB2RB2RB2RB2RB1RB1SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2RB1SC2RB1RB1QA0RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1RB1SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2SC2TD3TD3TD3TD3TD3TD3TD3TD3TD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3UC2UC2UC2UC2UC2TB1UC2UC2UC2UC2UC2UC2UC2UC2UC2UC2VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3VD3WF3WF3WF3WF3WF3VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2WF3VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3XG4XF5XF5XF5XF5XF5XF5XF5XF5XF5XF5XF5XF5VG4VG4VG4VG4VG4VG4VG4VG4VG4VG4VG4VG4VG4VG4VG4VG4WH5WH5WH5WH5WH5WH5WH5WH5WH5WH5WH5WH5WH5XI6XI6VG4VG4VG4VG4VG4VG4VG4VG4VG4VG4VG4VG4VG4VG4VG4VG4VG4YH5YH5XG4XG2XG2XG2XG2XG2XG2XG2XG2XG2XG2XG2XG2XG2XG2XG2XG2XG2XG2XG2XG2XG2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2[I2\J3\J3\J3\J3\J3\J3\J3\J3\J3\J3\J3\J3\J3\J3\J3\J3\J3\J3\J3\J3\J3\J3\J3]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]J5]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4^L5]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4]K4^I3^J1^J1^J1^J1^J1^J1^J1^J1^J1^J1^J1_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2^J1^J1^J1^J1^J1^J1^J1^J1_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2_K2^J1`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3_K2`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3`L3aM4aM4aM4aM4aM4aM4aM4aM4cM4cM4cM4cM4cM4

[email protected]@[email protected]?/[email protected]>.M>.YJ:

~J=/J=/J=/J=/J=/K>0J=/J=/J=/J=/J=/J=/J=/J=/J=/J=/J=/J=/J=/J=/J=/J=/J=/J=/J=/J=/J=/J=/J=/J=/J=/J=/J=/L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L</L=-L=-L=-L=-L>,L>,L=-L=-L=-L=-L=-M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@0O@[email protected]@[email protected]@[email protected]@[email protected]@[email protected]@[email protected]@[email protected]@.OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/[email protected]@[email protected]@[email protected]@[email protected]/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/OA/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/QA0QA0QA0QA0P@/QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0P@/P@/P@/P@/P@/P@/P@/P@/QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0QA0SA0SA0SA0SA0SA0SA0SA0SA0SA0SA0SA0SA0SA0SA0SA0SA0SA0SA0SA0SA0SA0TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1TB1UC2UC2UC2UC2UC2UC2UC2UC2UC2UC2UD1UD1UD1UD1UD1UD1UD1UD1VE2VE2VE2UD1UD1UD1UD1UD1UD1UD1UD1UD1UD1UD1UD1UD1UD1UD1UD1UD1UD1UD1UD1UD1UD1UD1UD1UD1UD1UD1UD1UD1UD1VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2TE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2VE2WF3WF3VE2VE2VE2VE2VE2VE2WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3WF3XG4XG4WF3WF3YE3XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0XE0YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1YF1[F1]F0]F0

zui_E8*E8*E8*E8*E8*F9 E8*E8*E8*E8*E8*E8*E8*E8*E8*E8*E8*F9 F9 F9 F9 F9 G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 F9 G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,E:,E:,G:,G:,G:,F9 F9 F9 F9 F9 F9 F9 F9 G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:,G:*H; H; H; H; H; H; H; H; H; H; H; H; H; H; H; H; H; H; H; H; H; H; H; H; H; H; H; H; H; H; H; H; H; H; I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,I<,J; J; J; J; J; J; J; J; J; J; J; J; J; J; J; K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,J; J; J; J; J; J; J; J; J; J; J; J; J; J; J; K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,K<,L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-K<,K<,K<,K<,K<,K<,K<,K<,L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-M=-M=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-L=-M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.M>.N?/N?/N?/N?/N?/N?/N?/N?/N?/N?/O?.O?.O?.O?.O?.O?.O?.O?.O?.O?.O?.O?.O?.O?.N>-N>-O?.O?.O?.O?.O?.O?.O?.O?.O?.O?.O?.O?.O?.N>-N>-N>-O?.O?.O?.O?.O?.O?.O?.O?.O?.O?.P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/P@/RA.RA.R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/SA0SA0SA0SA0SA0TB1TB1TB1TB1TB1TB1TB1TB1SA0SA0SA0SA0SA0SA0SA0SA0R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/R@/P@/P@/QB/QB/QB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/QB/QB/QB/QB/QB/QB/QB/QB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/SB/RA.RA.RA.RA.RA.RA.RA.RA.RA.RA.RA.RA.RA.RA.RA.RA.RA.RA.RA.RA.RA.RA.RA.RA.PA.RA.RA.RA.RA.RA.RA.RA.RA.RA.PA.PA.PA.

=5(;4%=5(=4'<4':4)=4&

;2(:1':1'<2(:1';2(:0&<2(:1'

KWindows

eEWB.IEConst

0IdHTTPHeaderInfo

 IdTCPServer

IdTCPStream

Font.Charset

Font.Color

Font.Height

Font.Name

Font.Style

PrintOptions.HTMLHeader.Strings

PrintOptions.Orientation

ProxyParams.BasicAuthentication

ProxyParams.ProxyPort

Request.ContentLength

Request.ContentRangeEnd

Request.ContentRangeStart

Request.ContentType

Request.Accept

Request.BasicAuthentication

Request.UserAgent

7Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

HTTPOptions

GetCPInfo

XTP8h%C

3F%u`r

The procedure entry point %s could not be located in the dynamic link library %s

GetKeyNameTextA

GetKeyState

SHFileOperationA

UnhookWindowsHookEx

G({.NJ:

shell32.dll

Dadvapi32.dll

CreateIoCompletionPort

EnumWindows

RegCreateKeyExA

wininet.dll

gdi32.dll

RegEnumKeyExA

@8\3@(&@

m.KS!?IZ

.IjS0Z

4.Yz8

N.Px<

%F<W}

}H.wN

?.MLW

ShellExecuteA

SetViewportOrgEx

GetKeyboardState

LoadKeyboardLayoutA

GetWindowsDirectoryA

version.dll

RegDeleteKeyA

SetWindowsHookExA

RegCloseKey

|N.Uip

GetKeyboardType

.HX2'4

J['%Y%c%]"

 .Jz\

RP.Ji|

.VGZZQ?XD 9

bk.Zi7

6O.PJF>B&

.NV'Pg

E.PO*J

b?.RjB

).RJ$7

\.dfXX

HCtl.Lj

.VN&5

SRF98.XORO

<.cD:

~z%D&

jWyfTP

)N.QuHG`

vXp.aGB

.goU[

dS.IZf\6V

j.QU@'

C.XV$

tCP z

=H.Dt[

B3uDpZ

.Pv<^Y

.XD%O86

*?9[_'^-.

U^.bfD

Vj.eJd

&6%X"

%f z'W

T.cBe

@Z.CB

j.YW MYd

9.Dy7

5J{"WD%S#^

.ja*3

$.GE(X

"7b%D

\ @%X

..Ld?/o|S[

X.TJH

ôpQ

)%x5a

~M%x8u*

L.HJ7?

.ALh&

.DPs_

_.PPw

z'.ANC

nX.oF

L.JOS

..JG^

B.XG6

".LGR

G.Xfg

..VG8

.LG>S

D..GD

F.DOP

.ZO"R

.BO2R

^z.PG

5.TO RoZR

F.PdYXn

%fT@sd

.PdYX/

%fV@sd

=%X,7

<#.DGSTk^

FÝE

[.FGD

X.VO/

.JXZp

Q0.EL

.DO@U

3<6V.TO

.LF;F

.JGHU

.ZO4XxS

.uVX?

 >.GB

.GPF?J

<.MG=

InternetOpenUrlA

*o.eIv

EnumThreadWindows

user32.dll

RegQueryInfoKeyA

ActivateKeyboardLayout

MsgWaitForMultipleObjects

RegFlushKey

GetKeyboardLayoutList

The ordinal %u could not be located in the dynamic link library %s

DeleteUrlCacheEntry

iphlpapi.dll

GetKeyboardLayout

RegOpenKeyExA

MapVirtualKeyA

errorUrl

20.20.20.20

JPEG error #%d

Error creating SSL context. Could not load root certificate.

Could not load certificate.#Could not load key, check password.

SSL status: "%s"

Request rejected or failed.5Request rejected because SOCKS server cannot connect.QRequest rejected because the client program and identd report different user-ids.

Command not supported.

Address type not supported.$Error accepting connection with SSL.

Socket is not connected..Cannot send or receive after socket is closed.#Too many references, cannot splice.

Operation now in progress.

Operation already in progress.

Socket operation on non-socket.

Protocol not supported.

Socket type not supported."Operation not supported on socket.

Protocol family not supported.0Address family not supported by protocol family.

Chunk StartedDThis authentication method is already registered with class name %s.

%s is not a valid service.

Socket Error # %d

%s is not a valid IP address.

Operation would block.

File "%s" not found1Only one TIdAntiFreeze can exist per application."%d: Circular links are not allowed

No data to read.$Can not bind in port range (%d - %d)

Invalid Port Range (%d - %d)

Max line length exceeded.*Error on call Winsock2 library function %s&Error on loading Winsock2 library (%s)

Resolving hostname %s.

Connecting to %s.

.Method '%s' not supported by automation object/Variant does not reference an automation object7Dispatch methods do not support more than 64 parameters

OLE control activation failed*Could not obtain OLE control window handle%License information for %s is invalidPLicense information for %s not found. You cannot use this control in design modeNUnable to retrieve a pointer to a running object registered with OLE for %s/%s

Connection Closed Gracefully.;Could not bind socket. Address and port are already in use.4Failed attempting to retrieve time zone information.

No help keyword specified.

Alt  Clipboard does not support Icons

Cannot open clipboard/Menu '%s' is already being used by another form

No help found for %s#No context-sensitive help installed$No topic-based help system installed

Error creating window class Cannot focus a disabled or invisible window!Control '%s' has no parent window

%s.Seek not implemented$Operation not allowed on sorted list$%s not in a class registration group

Property %s does not exist

Thread creation error: %s

Thread Error: %s (%d)

Scan line index out of range!Cannot change the size of an icon Invalid operation on TOleGraphic

Unsupported clipboard format

$''%s'' is not a valid component name

Invalid data type for '%s' List capacity out of bounds (%d)

List count out of bounds (%d)

List index out of bounds (%d) Out of memory while expanding memory stream

Error reading %s%s%s: %s

Failed to create key %s

Failed to get data for '%s'

Failed to set data for '%s'

Resource %s not found

Ancestor for '%s' not found

Cannot assign a %s to a %s

Bits index out of range*Can't write to a read-only resource streamECheckSynchronize called from thread $%x, which is NOT the main thread

Class %s not found

A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates

Cannot create file "%s". %s

Cannot open file "%s". %s

Unable to write to %s

Operation not supported

External exception %x

Interface not supported

%s (%s, line %d)

Abstract Error?Access violation at address %p in module '%s'. %s of address %p

System Error. Code: %d.

1Format '%s' invalid or incompatible with argument

No argument for format '%s'"Variant method calls not supported

Invalid variant operation%Invalid variant operation (%s%.8x)

%s5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)

Integer overflow Invalid floating point operation

Invalid pointer operation

Invalid class typecast0Access violation at address %p. %s of address %p

Privileged instruction(Exception %s in module %s at %p.

!'%s' is not a valid integer value('%s' is not a valid floating point value

'%s' is not a valid date

'%s' is not a valid time!'%s' is not a valid date and time

I/O error %d

YFMSever.exe_3420_rwx_00565000_00001000:

GetCPInfo

YFMSever.exe_3420_rwx_00578000_00002000:

kernel32.dll

GetKeyState

SHFileOperationA

UnhookWindowsHookEx

YFMSever.exe_3420_rwx_0057B000_00001000:

Dadvapi32.dll

CreateIoCompletionPort

EnumWindows

RegCreateKeyExA

wininet.dll

Remove it with Ad-Aware

Click (here) to download and install Ad-Aware Free Antivirus.
Update the definition files.
Run a full scan of your computer.

Manual removal*

Terminate malicious process(es) (How to End a Process With the Task Manager):

candid.exe:600
pczh_107_306.exe:1628
sc.exe:1416
sc.exe:1888
wwwww_3340.exe:3976
oovmdw_70745.exe:588
yymusic05.exe:3356
guagua_77150006814.exe:496
Delete the original Trojan file.
Delete or disinfect the following files created/modified by the Trojan:

%Documents and Settings%\%current user%\Start Menu\Programs\Ã‚Â°Ã‚Â®Ãƒâ€¡ÃƒÂ©.Ãƒâ€“Ãƒâ€¡Ã‚Â»Ãƒâ€º.5.2\ÃƒÂÃ‚Â¶Ãƒâ€ÃƒËœ.lnk (715 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh9.tmp\Base64.dll (4 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\Ã‚Â°Ã‚Â®Ãƒâ€¡ÃƒÂ©.Ãƒâ€“Ãƒâ€¡Ã‚Â»Ãƒâ€º.5.2\Ã‚Â°Ã‚Â®Ãƒâ€¡ÃƒÂ©.Ãƒâ€“Ãƒâ€¡Ã‚Â»Ãƒâ€º.5.2.lnk (720 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh9.tmp\nsExec.dll (6 bytes)
%Program Files%\ainqngz5.2\uninstall.exe (5064 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh9.tmp\nsA.tmp (6 bytes)
%Program Files%\ainqngz5.2\candid.exe (5520 bytes)
%Program Files%\ainqngz5.2\Ainqngz5.2.exe (4992 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh9.tmp\NSISdl.dll (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh9.tmp\nsB.tmp (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh8.tmp (19409 bytes)
%Program Files%\ainqngz5.2\schedule.exe (1552 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh9.tmp\System.dll (11 bytes)
%Documents and Settings%\%current user%\Templates\1120148215041584\YYM_955WD30.gif (1134 bytes)
%Documents and Settings%\%current user%\Desktop\Ã‚Â°Ã‚Â®Ãƒâ€¡ÃƒÂ©.Ãƒâ€“Ãƒâ€¡Ã‚Â»Ãƒâ€º.5.2.lnk (708 bytes)
%Program Files%\yyfm0529\2014081121\Data\dh.ini (56 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\yyfm0529\yyfm0529.lnk (840 bytes)
%Program Files%\yyfm0529\2014081121\swresample-0.dll (3312 bytes)
%Program Files%\yyfm0529\2014081121\libav.dll (6360 bytes)
%Program Files%\yyfm0529\2014081121\YFMSever.exe (23936 bytes)
%Program Files%\yyfm0529\2014081121\SysConfig.ini (256 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\yyfm0529\Ã‚Â¹Ãƒâ„¢Ã‚Â·Ã‚Â½Ãƒâ€“ÃƒÂ·Ãƒâ€™Ã‚Â³.lnk (334 bytes)
%Program Files%\yyfm0529\2014081121\Data\client.ini (36 bytes)
%Program Files%\yyfm0529\2014081121\source.dll (6584 bytes)
%Program Files%\yyfm0529\2014081121\channels.xml (784 bytes)
%Program Files%\yyfm0529\2014081121\avcodec-54.dll (23936 bytes)
%Program Files%\yyfm0529\2014081121\favorfm.xml (440 bytes)
%Program Files%\yyfm0529\2014081121\Unins.exe (9608 bytes)
%Program Files%\yyfm0529\2014081121\Data\setup.ini (110 bytes)
%Program Files%\yyfm0529\2014081121\audio.dll (3616 bytes)
%Program Files%\yyfm0529\2014081121\Data\version.ini (32 bytes)
%Program Files%\yyfm0529\2014081121\DuiLib.dll (16288 bytes)
%Program Files%\yyfm0529\2014081121\avformat-54.dll (12536 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\yyfm0529\Ãƒâ€¦ÃƒÂ¤Ãƒâ€“ÃƒÆ’Ã‚Â¹Ã‚Â¤Ã‚Â¾ÃƒÅ¸\ÃƒÂÃ‚Â¶Ãƒâ€ÃƒËœyyfm0529.lnk (830 bytes)
%Program Files%\yyfm0529\2014081121\pthreadGC2.dll (3616 bytes)
%Program Files%\yyfm0529\2014081121\avcore.dll (2392 bytes)
%Program Files%\yyfm0529\2014081121\yymusic05.exe (63950 bytes)
%Program Files%\yyfm0529\2014081121\avutil-52.dll (5520 bytes)
%Program Files%\yyfm0529\2014081121\Data\user2.ini (40 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz3.tmp\spkjrjp_30279.exe (38675 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz3.tmp\wwwww_3340.exe (433142 bytes)
%Program Files%\updatr\tj.txt (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz3.tmp\pczh_107_306.exe (46502 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz3.tmp\System.dll (11 bytes)
%Program Files%\updatr\oovmdw_70745.exe (51840 bytes)
%Program Files%\updatr\uboskin\config.ini (290 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz3.tmp\guagua_77150006814.exe (111890 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsj2.tmp (65883 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz3.tmp\NSISdl.dll (14 bytes)
%Program Files%\updatr\yunbo0717.exe (6360 bytes)
%Program Files%\updatr\union.exe (6360 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz3.tmp\mi (1 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddl.bca.bak (674 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh6.tmp\dl.dll (65930 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh6.tmp\BDMReport.dll.bdl (33840 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddlp.bca (24 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh6.tmp\BDMDownload.dll (5520 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\Desktop\Global.db (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh6.tmp\System.dll (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh6.tmp\BDMNet.dll.bdl (30837 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bdt\33f59beac1c942dd19f41a7fd30f3f9b.bdt (647 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddlp.bca.bak (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh6.tmp\hu.dll (3312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh6.tmp\dl(1).dll.bdl (366657 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bdt\68905108990c088c31aead3b6d1651be.bdt (519 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh6.tmp\tmpjnmhqw.dll (27504 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh6.tmp\res\onlineWnd.zip (14184 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh6.tmp\BDLogicUtils.dll.bdl (47101 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bdt\a644398e96b2e49d735a01f51e447930.bdt (3 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\Common\Global.db (100 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh6.tmp\BDMNetGetInfo.dll (11344 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nss5.tmp (111370 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh6.tmp\BDMSkin.dll (36698 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\bdt\f2d00606824cd42a1c03eb9caa15e29f.bdt (631 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\ffee2f88\DMSet.Xml (215 bytes)
%Program Files%\yyfm0529\2014081121\Data\server.ini (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\a[1].htm (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\ver[1].txt (36 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\tj[1].ashx (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\stj[1].ashx (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\desktop.ini (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\fengyunzhibo[1] (1644 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\hm[2].js (15 bytes)
%Documents and Settings%\%current user%\UserData\YJM90VAL\www.fengyunzhibo[1].xml (478 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\home-v3[1].js (6872 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\DD_belatedPNG_0.0.8a-min[1].js (3009 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\snapshot[2].jpg (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\csbh200150[1].jpg (5193 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\header-v3[2].js (2196 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\zhibo2[1].htm (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\load_small[1].gif (556 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\CAQRGDKX.gif (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\header-v3[2].css (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\header-v3-media[1].css (454 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\weixinscan[1].jpg (19100 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\snapshot[6].jpg (1995 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\stat[1].php (2912 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\snapshot[8].jpg (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\to-new[1].png (72 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\snapshot[9].jpg (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\home-v3[1].css (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\snapshot[2].jpg (148 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\home-v3[1].css (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\snapshot[1].jpg (156 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\snapshot[5].jpg (2566 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\stat[1].gif (43 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@fengyunzhibo[1].txt (767 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\core[1].php (751 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\jquery-1.8.3.min[1].js (56651 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\default_avatar_s[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (883 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\snapshot[1].jpg (2454 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@mmstat[1].txt (170 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\CAZMOJ7D.gif (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\snapshot[3].jpg (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\snapshot[1].jpg (569 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\CAEJ6JMD.gif (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\snapshot[2].jpg (1997 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\atrk[2].js (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\snapshot[4].jpg (3367 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\c[1].php (4285 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\snapshot[4].jpg (4 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (164 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\header-v3[1].js (1321 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\VGXC.tmp (56 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][2].txt (351 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (205 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\snapshot[3].jpg (2451 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\header-v3[1].css (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\fystat.min[2].js (1 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@fengyunzhibo[2].txt (1189 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\snapshot[3].jpg (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\box-v3[1].js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\snapshot[1].jpg (4 bytes)
%Documents and Settings%\%current user%\UserData\2Z89WTQV\www.fengyunzhibo[1].xml (266 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\home-v3[1].png (13875 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\nav-bk[1].png (126 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\hm[1].js (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\core[2].php (750 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\banner-hyperx-20140728[1].jpg (16784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\hm[2].js (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\1pc[1].png (95 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\img_loading_v3[1].gif (773 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\new_message[1].js (1657 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\cover_bk[1].png (68 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\fyminiloader-min[2].js (660 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (257 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@cnzz[1].txt (165 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\json2[1].js (223 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\fystat.min[1].js (564 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\fyminiloader-min[1].js (363 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (12240 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\new_message[1].css (73 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\show_card[1].js (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\snapshot[2].jpg (464 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\fengyunzhibo[1].htm (526 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\snapshot[7].jpg (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\hm[1].js (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\loading[1].gif (4285 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\box-v3[2].js (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\atrk[1].js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\snapshot[4].jpg (4 bytes)
Delete the following value(s) in the autorun key (How to Work with System Registry):

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"yyfm0529_2014081121" = "%Program Files%\yyfm0529\2014081121\yymusic05.exe -mini"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"yyfm0529_News_2014081121" = "%Program Files%\yyfm0529\2014081121\YFMSever.exe -mini"
Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
Reboot the computer.

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

Permalink

Back to the blog

e-mail

Google+

Twitter

Facebook

Trojan.GenericKD.1776795_6ced652ec7

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Discover the new adaware antivirus 12

Our best antivirus yet

Trojan.GenericKD.1776795_6ced652ec7

E-mail

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Discover the new adaware antivirus 12

Our best antivirus yet