Trojan.NSIS.StartPage_1950573131

by malwarelabrobot on June 1st, 2014 in Malware Descriptions.

Trojan-Downloader.Win32.Genome.gzzj (Kaspersky), Trojan.NSIS.StartPage.FD, Trojan.Win32.Delphi.FD, Trojan.Win32.Iconomon.FD, Trojan.Win32.IEDummy.FD, Trojan.Win32.Sasfis.FD, Trojan.Win32.Swrort.3.FD, VirTool.Win32.DelfInject.FD, mzpefinder_pcap_file.YR, GenericPhysicalDrive0.YR (Lavasoft MAS)
Behaviour: Trojan-Downloader, Trojan, VirTool


The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Requires JavaScript enabled!

Summary
Dynamic Analysis
Static Analysis
Network Activity
Map
Strings from Dumps
Removals

MD5: 19505731311ac35036f063eaca0b988a
SHA1: ab7769559dda2fde69413d8a21402c122eae0feb
SHA256: 906122bcd2546c572436c32f5f8580a72867c45bdb69b50260009c08eaa05024
SSDeep: 24576:zcRGmay4PA5NLqDYXyvDB2NeJfGaJYk1UsRNhwcOc8:oGfQNuN7seJ 2Yk/twXL
Size: 1123653 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: Live Soft Action S.R.L.
Created at: 2009-06-07 00:41:59
Analyzed on: WindowsXP SP3 32-bit


Summary:

Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Payload

No specific payload has been found.

Process activity

The Trojan creates the following process(es):

BaiduSd.exe:3992
shandian.exe:496
shandian.exe:212
pczh_98_2.exe:3288
F30241_s_0523.exe:1704
BaiduSdTray.exe:3184
mscorsvw.exe:1912
bddownloader.exe:3708
kuping_b_54282.exe:2428
regsvr32.exe:3576
regsvr32.exe:3880
BaiduSdSvc.exe:3048
BaiduSdSvc.exe:2944
netsh.exe:3852
BDKVWsc.exe:3576
RegSvr32.exe:3592
RegSvr32.exe:3744
BDDownloader.exe:3348
BDDownloader.exe:3524

The Trojan injects its code into the following process(es):

%original file name%.exe:1988
emaaif_70690.exe:1320
sdad.exe:1928
iexplore.exe:1676
Ainqngz3.9.exe:2152
jistlo.exe:2448
services.exe:760
svchost.exe:1096

File activity

The process shandian.exe:496 makes changes in the file system.
The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\~DFBC1B.tmp (0 bytes)

The process shandian.exe:212 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\foot_slider[1].jpg (322 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\texture[1].gif (1565 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\fbg_about[1].png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\welcome_cn[1].htm (1469 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\123.sogou[1].htm (5637 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\ufo2[1].js (11796 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\v53_arrow_h[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\guide_tip[1].png (990 bytes)
%Program Files%\shandian\bin\twcache.ini (696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\rec[1].do (374 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\icon4[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\main[1].js (5034 bytes)
%Program Files%\shandian\bin\ImgCache\123.sogou.com_favicon.ico (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\DD_belatedPNG_0.0.8a-min[2].js (254 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\guide_tip[1].png (1012 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\subnav_v41[1].png (634 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\VGX3.tmp (10 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@sogou[2].txt (316 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\20140508103513_537[1].gif (6023 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\20140528121906_70[1].jpg (186 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\123.sogou[1] (7253 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][2].txt (1879 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\20130830161205_609[1].gif (1858 bytes)
%Program Files%\shandian\bin\shandian.ini.tmp (244 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\img-news[1].gif (225 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\i8g7XZO1lz1162[1].jpg (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\20140526163446_912[1].jpg (737 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (1398 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\20140526163242_997[1].jpg (186 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\newioage[1].css (715 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\skin2_0[1].gif (592 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\citydata[2].js (5378 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\new-ico[1].png (211 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@sogou[1].txt (134 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\_ads_2[2].js (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\skin_[1].css (21 bytes)
%Program Files%\shandian\bin\theworld.ac (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\guide_top[1].jpg (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\v53_123n[1].js (2326 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\main[2].js (4631 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\20140526170756_638[1].jpg (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\20140527162400_1[1].jpg (3534 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\get_123_v53[1].php (14900 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\citydata[1].js (4272 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\cloudy[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\20130820165531_481[1].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\20130531144119_126[1].png (3182 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\titlebg[1].png (634 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\v53_bicos[1].gif (826 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\selogo_111207[1].png (1400 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\setting_icon[1].gif (76 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\v53_2icos[1].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\selogo_111207[2].png (780 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\v33_sugg_ajaj_v40_3[2].js (1187 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\logo_1112293[1].gif (1266 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (193 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\skin3[1].gif (1266 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\mE8bXnNioe2802[1].jpg (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\ufo2[2].js (12237 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\favicon[1].ico (681 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\get_tj[1].php (1199 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\cloudy[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\i-ico-2b[1].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\search_arrow[1].gif (447 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\20140526163043_207[1].jpg (1264 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\new-erweima2[1].png (3330 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\hotdata[1].js (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\start_button[1].jpg (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\skin_tips_n1[1].gif (1 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (8676 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\v53_123n[2].js (3166 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\_ads_2[1].js (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\setskinbg[1].gif (397 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\hotdata[2].js (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\selogo_111207[1].png (1858 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\DD_belatedPNG_0.0.8a-min[1].js (678 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\v33_sugg_ajaj_v40_3[1].js (1352 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\citydata[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\cloudy[1].gif (0 bytes)
%Program Files%\shandian\bin\shandian.ini (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\ufo2[1].js (0 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012013041720130418\index.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\main[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012013041720130418 (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@sogou[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\_ads_2[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\guide_tip[1].png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\v33_sugg_ajaj_v40_3[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\v53_123n[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\DD_belatedPNG_0.0.8a-min[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\hotdata[1].js (0 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][2].txt (0 bytes)

The process %original file name%.exe:1988 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Program Files%\shandian\ico\360.ico (32 bytes)
%Documents and Settings%\%current user%\Desktop\Internet Explorer.lnk (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsa2.tmp\emaaif_70690.exe (12288 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsa2.tmp\System.dll (11 bytes)
%Program Files%\shandian\bin\shandian.ini (74 bytes)
%Program Files%\shandian\home.bat (691 bytes)
%Program Files%\shandian\bin\shandian.exe (28332 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsa2.tmp\F30241_s_0523.exe (91814 bytes)
%Program Files%\shandian\ico\ie.ico (700 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\F30241_s_0523[1].rar (91814 bytes)
%Documents and Settings%\%current user%\Desktop\ÉÁµçä¯ÀÀÆ÷.lnk (505 bytes)
%Program Files%\shandian\config.ini (194 bytes)
%Program Files%\shandian\uninst.exe (2612 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\ÉÁµçä¯ÀÀÆ÷.lnk (700 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsa2.tmp\config.ini (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsa2.tmp\xID.dll (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsa2.tmp\pczh_98_2.exe (1717 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\kuping_b_54282[1].rar (37274 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsa2.tmp\Md5dll.dll (8 bytes)
%Program Files%\shandian\ico\anquan.ico (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsa2.tmp\bind.dll (1207 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\pczh_98_2[1].rar (1717 bytes)
%Program Files%\shandian\ico\taobao.ico (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsa2.tmp\config0.ini (3 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\ÉÁµçä¯ÀÀÆ÷\ÉÁµçä¯ÀÀÆ÷.lnk (694 bytes)
%Program Files%\shandian\bin\sdad.exe (12955 bytes)
%Program Files%\shandian\shandian.exe (3121 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\ÉÁµçä¯ÀÀÆ÷\жÔØÉÁµçä¯ÀÀÆ÷.lnk (682 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\emaaif_70690[1].rar (12288 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsa2.tmp\kuping_b_54282.exe (37274 bytes)
%Documents and Settings%\%current user%\Desktop\360°²È«ä¯ÀÀÆ÷.lnk (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\stat[1].htm (3 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\F30241_s_0523[1].rar (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\emaaif_70690[1].rar (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsa2.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\kuping_b_54282[1].rar (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\F30241_s_0523[1].rar (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsv1.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\emaaif_70690[1].rar (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\pczh_98_2[1].rar (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\stat[1].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\pczh_98_2[1].rar (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\kuping_b_54282[1].rar (0 bytes)

The process emaaif_70690.exe:1320 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsl9.tmp\hu.dll (3312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsl9.tmp\BDMReport.dll.bdl (32601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsl9.tmp\BDLogicUtils.dll (31856 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddl.bca (1121 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsl9.tmp\System.dll (784 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddl.bca.bak (200 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsg8.tmp (132115 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsl9.tmp\tmpqhm8vg.dll (24832 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddlp.bca.bak (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsl9.tmp\aj.exe.bdl (30208 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsl9.tmp\BDMSkin.dll (36698 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsl9.tmp\BDMNetGetInfo.dll (9608 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsl9.tmp\BDMDownload.dll (5520 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\Desktop\Global.db (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsl9.tmp\BDMNet.dll.bdl (37863 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\Common\Global.db (100 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsl9.tmp\dl.dll (65930 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddlp.bca (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsl9.tmp\res\onlineWnd.zip (14184 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddlp.bca.bak (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb7.tmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddl.bca.bak (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddl.bca (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsl9.tmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddlp.bca (0 bytes)

The process sdad.exe:1928 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\miniindex[1].htm (5063 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\jquery-1.7.2.min[1].js (33461 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\aaa9[1].jpg (1055 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\stat[1].gif (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\b18[1].jpg (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\b17[1].jpg (7942 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\d[1].gif (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\b19[1].jpg (1135 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@mmstat[2].txt (168 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\aaa8[1].jpg (2477 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\0[1].swf (8391 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\b18[1].jpg (4494 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\tj[1].js (279 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\b16[1].jpg (8970 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\b15[1].jpg (9503 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\aaa5[1].jpg (13964 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\aaa1[1].jpg (5548 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (23708 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\Untitled-2[1].gif (2240 bytes)
%Program Files%\shandian\bin\update\PopWinParam.xml (196 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\b13[2].jpg (5012 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@cnzz[1].txt (489 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\aaa7[1].jpg (1732 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\aaa8[2].jpg (1334 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\core[1].php (798 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\lieqi_509_366[1].htm (2049 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@mmstat[1].txt (336 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\stylemini[1].css (4968 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\b16[1].jpg (10251 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@70e[2].txt (272 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\stat[2].gif (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\b13[1].jpg (7583 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\style[1].css (145 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\lieqi_509_366[1].htm (2049 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\aaa4[1].jpg (13509 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\aaa4[1].jpg (16629 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\Untitled-3[1].jpg (3683 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\aaa10[1].jpg (975 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\cpv1[1].htm (1117 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\aaa7[2].jpg (975 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\aaa2[1].jpg (6824 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\Close[1].gif (348 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\stat[2].gif (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\cpc_img[1].js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\cpc_img[1].htm (442 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\jiankang_509_366[1].htm (2049 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\b14[1].jpg (4573 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\cpc_swf[1].asp (2091 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\aaa2[1].jpg (7561 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\b19[1].jpg (1878 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\aaa9[1].jpg (2237 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\close[1].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\ico_new2[1].png (11324 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\stat[1].gif (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\core[1].php (798 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][2].txt (406 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\meinv[1].htm (882 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@565882[1].txt (139 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (609 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\aaa10[1].jpg (2596 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\jiankang_509_366[1].htm (2049 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][2].txt (690 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\aaa5[2].jpg (15880 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\shehui_509_366[1].htm (2049 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\b14[1].jpg (9642 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\b17[1].jpg (6529 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\stat[1].php (1163 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\aaa3[1].jpg (14283 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\min[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\xinwen[1].htm (881 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\shehui_509_366[1].htm (2049 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@cnzz[2].txt (326 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\aaa1[1].jpg (7701 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\normal_bg[1].png (4096 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\stat[1].gif (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\aaa3[1].jpg (13203 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\jquery-1.7.2.min[1].js (6055 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\cpc_ztyw[1].css (73 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\b15[1].jpg (6803 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\xinwen[1].htm (881 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\meinv[1].htm (882 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\aaa6[1].jpg (5848 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@zhouliboguju[1].txt (150 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\2012_swf[1].js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\nvxing_509_366[1].htm (2047 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@70e[1].txt (514 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\Untitled-1[1].gif (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\nvxing_509_366[1].htm (2047 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (1010 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\aaa6[1].jpg (4172 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\style[1].css (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@cnzz[2].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\b18[1].jpg (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\style[1].css (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\jiankang_509_366[1].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\b14[1].jpg (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\cpc_swf[1].asp (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@cnzz[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\aaa7[1].jpg (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@70e[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\core[1].php (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\b19[1].jpg (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\lieqi_509_366[1].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\aaa9[1].jpg (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@mmstat[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\b15[1].jpg (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\aaa10[1].jpg (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@70e[2].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@mmstat[2].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\aaa8[1].jpg (0 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][2].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\meinv[1].htm (0 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\b13[1].jpg (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\b16[1].jpg (0 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][2].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\xinwen[1].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\style[1].css (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\shehui_509_366[1].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\aaa5[1].jpg (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\aaa1[1].jpg (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\aaa4[1].jpg (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\b17[1].jpg (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\aaa2[1].jpg (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\aaa3[1].jpg (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\nvxing_509_366[1].htm (0 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\aaa6[1].jpg (0 bytes)

The process pczh_98_2.exe:3288 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsd10.tmp\Base64.dll (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nshF.tmp (20286 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsd10.tmp\System.dll (11 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsd10.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsgE.tmp (0 bytes)

The process F30241_s_0523.exe:1704 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\Microsoft.VC80.ATL\Microsoft.VC80.ATL.manifest (466 bytes)
%WinDir%\pchealth\helpctr\System\panels (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDMTinyXml.dll (6584 bytes)
%WinDir%\pchealth\helpctr\System\images (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDShellExt64.dll (14184 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmsysrepair\Microsoft.VC80.ATL\Microsoft.VC80.ATL.manifest (466 bytes)
%WinDir%\SoftwareDistribution\Download\7dc26e8888d68d9e04bc52940c0f24b5 (4 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\Skins\Default\BDKVQuarantine.rdb (10 bytes)
%WinDir%\SoftwareDistribution\Download\36a2296f631a54daefcc3b56e3d990e2 (4 bytes)
%WinDir%\pchealth\helpctr\System\Remote Assistance (4 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkv\Microsoft.VC80.ATL\Microsoft.VC80.ATL.manifest (466 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\BDMAVEng.dll (4185 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\bdmp.dat (784 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance (4 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BaiduSdTray.exe (10815 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\Skins\Default\BDKVTray.rdb (19152 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\tips.xml (1 bytes)
%WinDir%\SoftwareDistribution\Download\2e6b16219034e135b4f869efb7a10fee (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\NewPih.dll (4992 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDKVDownloadProtect_x64.dll (6584 bytes)
%Program Files%\Adobe\Reader 9.0\Reader\plug_ins3d (4 bytes)
%WinDir%\SoftwareDistribution\Download\6a410a1bd174bc123056d235ac4829af (4 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMBase.dll (7345 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\811.dat (8 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMLog.dll (32 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMUpdate.dll (673 bytes)
%WinDir%\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\System.dll (784 bytes)
%WinDir%\pchealth\helpctr\System (4 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\virus_type.dat (485 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDKVDownloadProtect_x64.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\KVTray_PluginConfig.xml (1 bytes)
%System%\config (96 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BaiduSdRepair.exe (2321 bytes)
%WinDir%\assembly\NativeImages_v2.0.50727_32\PresentationFramewo# (4 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BaiduSd.exe (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\tuopan.png (3 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\BDMAVCached.dll (1425 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\Accessories (4 bytes)
%WinDir%\SoftwareDistribution\Download\01229cf5dcf0df67992cac35a2ba0b3f (4 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMReport.dll (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012014053120140601\index.dat (388 bytes)
%WinDir%\SoftwareDistribution\Download\1c47f41cc76cde4c629564d7564f2795 (4 bytes)
%System%\CatRoot (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BaiduSd.exe (13368 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\app.ico (2105 bytes)
%WinDir%\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59 (4 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDShellExt64.dll (2321 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\KVMainframe_PluginConfig.xml (1 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\ad.dll (2321 bytes)
%WinDir%\SoftwareDistribution\Download\da2a33b6770f970d7fe7262040f98a4f (4 bytes)
%Program Files%\Reference Assemblies\Microsoft\Framework\v3.0 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BaiduSdBugRpt.exe (19152 bytes)
%System%\config\systemprofile\Application Data\Microsoft (4 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\Skins\Default\BDKV.rdb (3312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDMMsg.dll (1552 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\Skins\Default\TrayPlugin.rdb (20624 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\TrustAndIso.dll (1281 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvrtpplugins\Microsoft.VC80.CRT\msvcm80.dll (16424 bytes)
%WinDir%\SoftwareDistribution\Download\0c1e5e0ffeb238b1ee5c9ea3a4878374 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\RepairPluginContainerConfig.xml (228 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\Cooly_PluginConfig.xml (720 bytes)
%WinDir%\SoftwareDistribution\Download\b5f880834ad67f3d383ffff5f2fa46bd (4 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\Skins\Default\BDKVConfig.rdb (4992 bytes)
%Program Files%\Common Files\VMware\Drivers (4 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Security\Permissions (4 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\Microsoft.VC80.ATL\atl80.dll (3312 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\Microsoft.VC80.CRT\msvcr80.dll (21216 bytes)
%Program Files%\Adobe\Reader 9.0\Resource\Font (4 bytes)
%Program Files%\Common Files\Microsoft Shared\OFFICE14 (4 bytes)
%WinDir%\Microsoft.NET\Framework\v4.0.30319\WPF (4 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmsysrepair\Microsoft.VC80.CRT\msvcm80.dll (16424 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvtrayplugins\Microsoft.VC80.CRT\msvcm80.dll (16424 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\kav_verify.dat (677 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\VGX3.tmp (12 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDDownloader.exe (9605 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDMBase.dll (32128 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BAV\bdmp.dat (25 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMPatchAgent.dll (26 bytes)
%WinDir%\Microsoft.NET\Framework\v3.0\WPF (4 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkv\Microsoft.VC80.CRT\msvcm80.dll (16424 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\repairplugins\RepairPluginContainerConfig.xml (228 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\ieBaiduSDDetectPlug.dll (4992 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BaiduSdSvc.exe (2321 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\FileMon.dll (18424 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDKVTrayTipsPlugin.dll (6584 bytes)
%Documents and Settings%\NetworkService\Local Settings (4 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\explugin\npBaiduSDDetectPlug.dll (601 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BaiduSdUProxy64.exe (4545 bytes)
%WinDir%\WinSxS\Policies (8 bytes)
%WinDir%\SoftwareDistribution\Download (45 bytes)
%System%\oobe\html (4 bytes)
%WinDir%\SoftwareDistribution\Download\f0fea42f69058000617da24986c3b109 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\cache_config.dat (469 bytes)
%System%\drivers\BDArKit.sys (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\scan_mgr_config.dat (5 bytes)
%WinDir%\assembly\NativeImages_v4.0.30319_32\PresentationFramewo# (4 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDMNet.dll (28288 bytes)
%WinDir%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDKVVirusPlugins.dll (12024 bytes)
%WinDir%\SoftwareDistribution\Download\621a08ac003b616bcaa86aa4d4292d50 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp (4 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvtrayplugins\BDKVTrayTipsPlugin.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BaiduSdUpdate.exe (19152 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\uninst.exe (28288 bytes)
%WinDir%\Fonts (1248 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkv\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (1 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvrtpplugins\Microsoft.VC80.CRT\msvcp80.dll (19096 bytes)
%WinDir%\Microsoft.NET\assembly\GAC_32 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDPerflog.dll (5064 bytes)
%WinDir%\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation (4 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmsysrepair\Microsoft.VC80.CRT\msvcp80.dll (19096 bytes)
%WinDir%\SoftwareDistribution\Download\c0c52c03306062533f7dcb087bfcfa6b (4 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\explugin\ieBaiduSDDetectPlug.dll (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\809.dat (3 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMSDWrench.dll (601 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (1 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\GameNoDisturb.ini (215 bytes)
%Documents and Settings%\All Users\Desktop\百度杀毒.lnk (959 bytes)
%System%\drivers\bd0003.sys (55 bytes)
%WinDir%\WinSxS (12 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\kav_verify.dat (677 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BSRLib.dat (5064 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\systemfile.dat (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDCooly.dll (1552 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvtrayplugins\Microsoft.VC80.CRT\msvcr80.dll (21216 bytes)
%WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US (4 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\ToastImage.png (5 bytes)
%WinDir%\pchealth\helpctr\OfflineCache (4 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Security\Users (4 bytes)
%WinDir%\SoftwareDistribution\Download\e79028ac4f02e201b61b2c632cb0fc5e (4 bytes)
%Documents and Settings%\All Users\Start Menu\Programs (4 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\updlog.dll (15 bytes)
%WinDir%\Help\Tours\WindowsMediaPlayer\Img (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\RtpContainerConfig.xml (818 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsa2.tmp (4 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkv\BDKVVirusPlugins.dll (2105 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\drivers\bd0002.sys (1281 bytes)
%WinDir%\SoftwareDistribution\Download\bc81666f3868f34642e3f5adbc2719f9 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDMSREng.dll (9608 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\dns_tmp.txt (4 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmsysrepair\Microsoft.VC80.CRT\msvcr80.dll (21216 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvtrayplugins\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (1 bytes)
%Documents and Settings%\Default User\Local Settings (4 bytes)
%System%\spool\XPSEP\amd64 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDMRepBase.dll (27704 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\806.dat (3 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Security\Roles (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\bduf.dll (11048 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\Skins\Default\BDKVTips.rdb (2392 bytes)
%WinDir%\ime\imjp8_1 (4 bytes)
%WinDir%\SoftwareDistribution\Download\e8252bbfa91fcf5afb38775b18691074 (4 bytes)
%Program Files%\Adobe\Reader 9.0\Resource (4 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMEvents.dll (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDMPerfMon.dll (5064 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDMStringUtils.dll (1856 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\NetService.ini (615 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\DriverManager.dll (601 bytes)
%Documents and Settings%\%current user%\Application Data\Sun\Java\Deployment\SystemCache\6.0 (8 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\tips.xml (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDUDiskGuard.dll (8560 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\dnw.xml (149 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\Microsoft.VC80.ATL\Microsoft.VC80.ATL.manifest (466 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\KVRtp_PluginConfig.xml (2 bytes)
%Documents and Settings%\LocalService\Application Data\Microsoft (4 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BaiduSdUpdate.exe (3361 bytes)
%WinDir%\Help\Tours\WindowsMediaPlayer (4 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\BDUDiskGuard.dll (1281 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\BDMPerfMon.dll (673 bytes)
%WinDir%\SoftwareDistribution\Download\c656e6c592787a464f852186d6e0b466 (4 bytes)
%WinDir%\SoftwareDistribution\Download\8bb5f1c638778df6b77d80bc61ffc63c (4 bytes)
%WinDir%\SoftwareDistribution\Download\b91377d1d56820d9d699c0c2dc7c8e80 (4 bytes)
%WinDir%\SoftwareDistribution\Download\30438597a812a5d1d7979088d451747f (4 bytes)
%System%\oobe (8 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\Microsoft.VC80.CRT\msvcr80.dll (21216 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDKVDeskBand64.dll (601 bytes)
%Program Files%\Microsoft Office\Office14 (4 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvrtpplugins\Microsoft.VC80.ATL\atl80.dll (3312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\BDMSkin.dll (37025 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvtrayplugins\BDKVRmvDevPlugin.dll (1281 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\systemfile.dat (3 bytes)
%WinDir%\Temp (4 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\cache_config.dat (469 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\810.dat (3 bytes)
%WinDir%\Microsoft.NET\assembly\GAC_MSIL (28 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmsysrepair\BDMSREng.dll (1425 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvtrayplugins\Microsoft.VC80.CRT\msvcp80.dll (19096 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvrtpplugins\HIPS.dll (7345 bytes)
%WinDir%\SoftwareDistribution\Download\ee4e3d4bf0d346e1b8fdee8197195e59 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN (4 bytes)
%WinDir%\SoftwareDistribution\Download\211409fc1d99b95b32fb0344cad140df (4 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvtrayplugins\Microsoft.VC80.ATL\Microsoft.VC80.ATL.manifest (466 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\811.dat (8 bytes)
%WinDir%\SoftwareDistribution\Download\dffcab319e36b852e5b2d51802010a7a (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\901.dat (8 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\Microsoft.VC80.CRT\msvcm80.dll (16424 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\BDMRepBase.dll (5873 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDMEvents.dll (15 bytes)
%WinDir%\SoftwareDistribution\Download\299840a657dd26ca3bbf3cee3ec999ba (4 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmsysrepair\Microsoft.VC80.ATL\atl80.dll (3312 bytes)
%WinDir%\SoftwareDistribution\Download\e5c5fc9bd7a4957f0a45c6db2957c5c9 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\wverify.dat (66168 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\DesktopToast.exe (601 bytes)
%WinDir%\SoftwareDistribution\Download\196fa81559690e2494e56094df51cdd8 (4 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\809.dat (3 bytes)
%Documents and Settings%\%current user%\Application Data\Sun\Java\Deployment\cache\6.0 (8 bytes)
%WinDir%\SoftwareDistribution\Download\906245b7f0992255b054322b77475594 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\KVInstallHelper.dll (12536 bytes)
%Documents and Settings%\Default User\Start Menu\Programs\Accessories (4 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\Skins\Default\TrayDldProtect.rdb (6360 bytes)
%WinDir%\ime\imkr6_1 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\KVRtp_PluginConfig.xml (2 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo\graphics (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDKVDownloadProtect.dll (5520 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDCooly.dll (44 bytes)
%WinDir%\SoftwareDistribution\Download\248802b74506342031e926839639c729 (4 bytes)
%WinDir%\SoftwareDistribution\Download\cb88a2f03b29735db957d61a63df6504 (4 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Providers (4 bytes)
%WinDir%\SoftwareDistribution\Download\21156e54b0f0f47f81dab4a39e109501 (4 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\Skins\Default\SearchProtection.rdb (5064 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDKVLogs.dll (6584 bytes)
%WinDir%\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client (8 bytes)
%WinDir%\SoftwareDistribution\Download\c263092dccc247f68a43cfee93ecc72d (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\HIPS.dll (30968 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\KavUpdate.dll (1281 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\百度杀毒\卸载百度杀毒.lnk (944 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDMLog.dll (784 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmsysrepair\BSRLib.dat (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\804.dat (3 bytes)
%Documents and Settings%\%current user%\Application Data\Sun\Java\Deployment (4 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMTinyXml.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDKVDeskBand64.dll (4992 bytes)
%WinDir%\Web (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\GetSupplyId.dll (3616 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\blacksign.dat (852 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\Accessories (4 bytes)
%Program Files%\Common Files\System (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDDownloader.exe (42222 bytes)
%WinDir%\SoftwareDistribution\Download\e0c0da396303f1dd2c82cd2ccc07020d (4 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDShellExt.dll (2321 bytes)
%System%\drivers\bd0002.sys (1281 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\Skins\Default\BDKVTray\TrayPlugin.rdb (18424 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMSkin.dll (8281 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\app.ico (12024 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDMSDWrench.dll (3312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\index.dat (2420 bytes)
%WinDir%\SoftwareDistribution\Download\aadd6ccc4585cbf4ee04287eb0e679df (4 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\CompatibilityChecker.dll (601 bytes)
%System%\drivers\bd0001.sys (601 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkv\Microsoft.VC80.CRT\msvcr80.dll (21216 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\CONFIG (4 bytes)
%WinDir%\SoftwareDistribution\Download\6b7f938fb3db15dab273f3f1702c318c (4 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvtrayplugins\UserDetectionPlugin.dll (673 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\Skins\Default\BDKVUpdate.rdb (13584 bytes)
%Documents and Settings%\%current user%\Application Data (4 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmsysrepair\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (1 bytes)
%WinDir%\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 (384 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDKVMainFrame.dll (7345 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDKVLogs.dll (673 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDKVDownloadProtect.dll (673 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles (8 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\licenses\directui license.txt (593 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BAV\BDAVCScan.dll (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\baidusdRepair.dll (4992 bytes)
%Program Files%\Movie Maker\Shared (4 bytes)
%WinDir%\SoftwareDistribution\Download\bc8ea6c22fd142de8dd67336d23310cf (4 bytes)
%System%\wbem (676 bytes)
%WinDir%\SoftwareDistribution\Download\57b4b90cc3eead9f6c29b58581d03ae4 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDMDownload.dll (11344 bytes)
%WinDir%\SoftwareDistribution\Download\21cbd3f70584651805685eba1753505f (4 bytes)
%WinDir%\SoftwareDistribution\Download\b6f4642d2b8dc03c5ce1b1a4f77b1bda (4 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDKVWsc.exe (2105 bytes)
%Program Files%\Adobe\Reader 9.0\Reader (96 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\Cooly_PluginConfig.xml (720 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\bd0001.sys (2392 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkv\Microsoft.VC80.ATL\atl80.dll (3312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\900.dat (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDKVRmvDevPlugin.dll (8560 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\TrayPluginContainerConfig.xml (945 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMMsg.dll (33 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\repairplugins\baidusdRepair.dll (601 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMDownload.dll (1425 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\901.dat (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDMPatchAgent.dll (784 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDMReport.dll (12024 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\KavUpdate.dll (9320 bytes)
%System%\mui (4 bytes)
%System%\spool\XPSEP\i386 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDKVDeskBand.dll (5064 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMFrameWork.dll (1425 bytes)
%WinDir%\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\Repair_PluginConfig.xml (411 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\810.dat (3 bytes)
%WinDir%\SoftwareDistribution\Download\2c95b28351986132d7f36dd28eece9b0 (4 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvtrayplugins\Microsoft.VC80.ATL\atl80.dll (3312 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvtrayplugins\TrayPluginContainerConfig.xml (945 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\index.dat (484 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\Microsoft.VC80.CRT\msvcp80.dll (19096 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\KVMainframePluginContainerConfig.xml (384 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BaiduSdSvc.exe (15536 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDMAVCached.dll (11048 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDKitUtils.dll (1856 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvtrayplugins\BDDownLoadProtectPlugin.dll (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BaiduSdTray.exe (46916 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\drivers\bd0003.sys (55 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvrtpplugins\Microsoft.VC80.CRT\msvcr80.dll (21216 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\ToastImage.png (5 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\coolyplugins\CoolyContainerConfig.xml (329 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\monitor_config.dat (559 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvrtpplugins\FileMon.dll (3361 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\GameNoDisturb.ini (215 bytes)
%WinDir%\SoftwareDistribution\Download\9cf59263a134ab3fbbee78365a2fa5fc (4 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\AppConfig (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDShellExt.dll (15168 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\drivers\bd0001.sys (601 bytes)
%System%\config\systemprofile\Start Menu\Programs\Accessories (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDMUpdate.dll (5520 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\900.dat (8 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvrtpplugins\PrivacyProtect.dll (673 bytes)
%WinDir%\assembly\NativeImages_v2.0.50727_32 (4 bytes)
%WinDir%\SoftwareDistribution\Download\9460002f6d8231358fc1eb590f9b1dce (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDArKit.sys (3312 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\804.dat (3 bytes)
%WinDir%\SoftwareDistribution\Download\bc529fa49cb2cb097fdf1e22d25872da (4 bytes)
%WinDir%\SoftwareDistribution\Download\e104dcd29adf1c6c473a5efad2d509be (4 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\Microsoft.VC80.CRT\msvcm80.dll (16424 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM (4 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BaiduSdBugRpt.exe (3361 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\ToastLogo.ico (12024 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\hips.xml (17 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDConfig.dll (19152 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BAV\bdvs.dat (5 bytes)
%Documents and Settings%\All Users\Start Menu\Programs\百度杀毒\百度杀毒.lnk (971 bytes)
%WinDir%\pchealth\helpctr\Config (4 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\bduf.dll (1425 bytes)
%Program Files%\Adobe\Reader 9.0 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDMAVEng.dll (22192 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsa2.tmp\emaaif_70690.exe (1735 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\iexplore.exe.xml (528 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMAVE.dll (673 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDDownLoadProtectPlugin.dll (12536 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDMSkin.dll (37368 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDLogicUtils.dll (1281 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\UserDetectionPlugin.dll (5520 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDMRepMgr.dll (10136 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\duilib license.txt (1 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\Microsoft.VC80.CRT\msvcp80.dll (19096 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\hips.xml (784 bytes)
%Documents and Settings%\%current user%\Application Data\Adobe\Acrobat\9.0 (4 bytes)
%System%\drivers (672 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvrtpplugins\fm.dat (597 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727 (1848 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\Repair_PluginConfig.xml (411 bytes)
%Program Files%\Common Files\Microsoft Shared\DW (4 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\drivers\BDMWrench.sys (601 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\bdvs.dat (5 bytes)
%WinDir%\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2 (4 bytes)
%WinDir%\SoftwareDistribution\Download\8cac00e8efc87d728c0261686f85c975 (4 bytes)
%WinDir%\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\bd0001.dll (5064 bytes)
%WinDir%\SoftwareDistribution\Download\cedca0128a48437390192d906f83a717 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\res\InstallWnd.zip (12536 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\CompatibilityChecker.dll (3312 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\Skins\Default\KVCommonRes.rdb (132004 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\fm.dat (597 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\iexplore.exe.xml (528 bytes)
%WinDir%\SoftwareDistribution\Download\a4c07d9275eb613d842cb1e140d8a426 (4 bytes)
%WinDir%\pchealth\helpctr\System\sysinfo (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsl5.tmp (906814 bytes)
%System%\config\systemprofile (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\blacksign.dat (852 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDLogicUtils.dll (9320 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\TrustAndIso.dll (8184 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\dnw.xml (149 bytes)
%WinDir%\SoftwareDistribution\Download\17e46901add634f15d293735648771e6 (4 bytes)
%WinDir%\SoftwareDistribution\Download\50e2c72fd814d3841e776dd2c4918260 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\CoolyContainerConfig.xml (329 bytes)
%WinDir%\SoftwareDistribution\Download\c0e4033a7ec549e982572f0d830cf5d0 (4 bytes)
%WinDir%\SoftwareDistribution\Download\0000894bab70b145c3629920ba907f7a (4 bytes)
%WinDir%\SoftwareDistribution\Download\cd75fc2c9aa3d47009fe2d95c9f43154 (4 bytes)
%WinDir%\Installer\$PatchCache$\Managed (4 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\BDMRepMgr.dll (1425 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data (4 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\KVMainframe_PluginConfig.xml (1 bytes)
%Documents and Settings%\All Users\Application Data\Microsoft (4 bytes)
%WinDir%\Web\printers (4 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\KVTray_PluginConfig.xml (1 bytes)
%System%\config\systemprofile\Local Settings (4 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Security (4 bytes)
%WinDir%\SoftwareDistribution\Download\78cf8552430e25a8f24bc1e4dfb1970e (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\DriverManager.dll (4992 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvrtpplugins\RtpContainerConfig.xml (818 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\PluginInstallHelper.dll (3616 bytes)
%WinDir%\SoftwareDistribution\Download\8b9a83d2cde55eb19dc502cc2dd04e0d (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\npBaiduSDDetectPlug.dll (3616 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkv\KVMainframePluginContainerConfig.xml (384 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDMFrameWork.dll (10136 bytes)
%WinDir%\SoftwareDistribution\Download\f2adb0f8440e5dbd459aa6bfcaed1ba5 (4 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\806.dat (3 bytes)
%Program Files%\Reference Assemblies\Microsoft\Framework\v3.5 (4 bytes)
%WinDir%\Microsoft.NET\Framework\v3.5 (12 bytes)
%Documents and Settings%\LocalService\Local Settings (4 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\NetService.ini (615 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BaiduSdUProxy64.exe (23936 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\updlog.dll (15 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\virus_type.dat (485 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDMSRCore.dll (10136 bytes)
%WinDir%\SoftwareDistribution\Download\23e79e5fb28793d8cb1c2055b0d8dcb9 (4 bytes)
%Documents and Settings%\All Users\Documents\My Music\Sample Playlists (4 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDKVDeskBand.dll (673 bytes)
%Documents and Settings%\Default User\Start Menu\Programs (4 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDConfig.dll (3361 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMStringUtils.dll (49 bytes)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Security\Wizard (4 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\tuopan.png (3 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\uninst.exe (5873 bytes)
%Documents and Settings%\NetworkService\Application Data\Microsoft (4 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bd0001.dll (673 bytes)
%Documents and Settings%\LocalService\Local Settings\Temporary Internet Files\Content.IE5 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BaiduSdRepair.exe (13584 bytes)
%Program Files%\Adobe\Reader 9.0\Reader\plug_ins (4 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\monitor_config.dat (559 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\wverify.dat (15019 bytes)
%System%\oobe\html\mouse (4 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\BDKitUtils.dll (54 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\bd0003.sys (1856 bytes)
%System%\config\systemprofile\Start Menu\Programs (4 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMNet.dll (5873 bytes)
%WinDir%\SoftwareDistribution\Download\abaf10b7d55d3716fbb63e0b568cb4b6 (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\DesktopToast.exe (3616 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\scan_mgr_config.dat (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\PrivacyProtect.dll (6360 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDAVCScan.dll (4992 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\ad.dll (15168 bytes)
%Documents and Settings%\Default User\Application Data\Microsoft (4 bytes)
%WinDir%\SoftwareDistribution\Download\163d01893aa68b49abc63d8d6c9a7bb2 (4 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\Microsoft.VC80.ATL\atl80.dll (3312 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDPerflog.dll (673 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\ToastLogo.ico (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDMWrench.sys (3616 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDMAVE.dll (6584 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDKVMainFrame.dll (32128 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\bd0002.sys (7192 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDKVWsc.exe (13368 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\directui license.txt (593 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvrtpplugins\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (1 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\licenses\duilib license.txt (1 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvrtpplugins\Microsoft.VC80.ATL\Microsoft.VC80.ATL.manifest (466 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\drivers\BDArKit.sys (601 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmsysrepair\BDMSRCore.dll (1425 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkv\Microsoft.VC80.CRT\msvcp80.dll (19096 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDConfig.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\KVRtp_PluginConfig.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDMTinyXml.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BaiduSdUpdate.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDMAVEng.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDShellExt64.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDKVRmvDevPlugin.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\uninst.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDDownLoadProtectPlugin.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDMSkin.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\license.txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\bdmp.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\UserDetectionPlugin.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDMRepMgr.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDMLog.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\duilib license.txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDKVDeskBand64.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\hips.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\806.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDPerflog.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDDownloader.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\bdvs.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\809.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\bd0001.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDMMsg.dll (0 bytes)
C:\s1l8 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDMSDWrench.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BSRLib.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDMAVE.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDCooly.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\CompatibilityChecker.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\fm.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\804.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\iexplore.exe.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\blacksign.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDLogicUtils.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\Repair_PluginConfig.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\baidusdRepair.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\dnw.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\CoolyContainerConfig.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDMDownload.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\RepairPluginContainerConfig.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\KVMainframe_PluginConfig.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDMSREng.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\ieBaiduSDDetectPlug.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsg4.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\Cooly_PluginConfig.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\TrustAndIso.dll (0 bytes)
%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDDownloader.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\ToastLogo.ico (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\900.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDMPerfMon.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\KVTray_PluginConfig.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDMRepBase.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BaiduSd.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\DriverManager.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\TrayPluginContainerConfig.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\bduf.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDMPatchAgent.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\RtpContainerConfig.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDMReport.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\KavUpdate.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDMStringUtils.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BaiduSdBugRpt.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\npBaiduSDDetectPlug.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDUDiskGuard.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\NetService.ini (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDMFrameWork.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDKVDeskBand.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\tips.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BaiduSdUProxy64.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\updlog.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDKVWsc.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDMSRCore.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\810.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\tuopan.png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDKVLogs.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDKVDownloadProtect.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDKVDownloadProtect_x64.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\app.ico (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BaiduSdRepair.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\KVMainframePluginContainerConfig.xml (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDMAVCached.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\bd0003.sys (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\systemfile.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDKitUtils.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BaiduSdTray.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\HIPS.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BaiduSdSvc.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\DesktopToast.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\PrivacyProtect.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDAVCScan.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\ad.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\kav_verify.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDMBase.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\ToastImage.png (0 bytes)
%Program Files%\s1l8 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\monitor_config.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\GameNoDisturb.ini (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\811.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\901.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDMWrench.sys (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDShellExt.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDKVMainFrame.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDKVTrayTipsPlugin.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDMUpdate.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\bd0002.sys (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\virus_type.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\directui license.txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDArKit.sys (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\cache_config.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\bd0001.sys (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDMEvents.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\wverify.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\scan_mgr_config.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDMNet.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\FileMon.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDKVVirusPlugins.dll (0 bytes)

The process kuping_b_54282.exe:2428 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\kuping4\Appsoftconfig\APPversion.ini (59 bytes)
C:\kuping4\Appsoftconfig\image\Iebuttonlogo.png (196 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KP_D\skinconfig\TongJICNZZ.dll (65 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KP_D\skinconfig\ĬÈÏ\MsgBox_1.ini (729 bytes)
C:\kuping4\Appsoftconfig\softtempfile\soft.xml (196 bytes)
C:\kuping4\Appsoftconfig\image\coculation.png (196 bytes)
C:\kuping4\Appsoftconfig\image\buttonsou.png (196 bytes)
C:\kuping4\DeskTopPop.exe (1529 bytes)
C:\kuping4\Appsoftconfig\image\sou.png (196 bytes)
C:\kuping4\Appsoftconfig\image\buttonclear.png (196 bytes)
C:\kuping4\Appsoftconfig\image\clear.png (3 bytes)
C:\kuping4\Appsoftconfig\image\buttonplay.png (196 bytes)
C:\kuping4\Appsoftconfig\image\cmd.png (196 bytes)
C:\kuping4\Appsoftconfig\image\ielogo.png (196 bytes)
C:\kuping4\Appsoftconfig\image\buttoncmd.png (196 bytes)
C:\kuping4\BootStart.dll (157 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KP_D\skinconfig\installedSoftInfo.ini (1952 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KP_D\skinconfig\ĬÈÏ\ui\msgbox\cancel.png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KP_D\skinconfig\ĬÈÏ\ui\msgbox\close.png (3 bytes)
C:\kuping4\dgmon.dll (471 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KP_D\skinconfig\ĬÈÏ\ui\msgbox\bg_small.png (196 bytes)
C:\kuping4\Appsoftconfig\image\play.png (196 bytes)
C:\kuping4\Appsoftconfig\button.xml (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KP_D\skinconfig\ĬÈÏ\ui\msgbox\btn_known.png (3 bytes)
C:\kuping4\Appsoftconfig\image\buttoncoculation.png (196 bytes)
C:\kuping4\Appsoftconfig\image\soft.xml (196 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KP_D\LZMA.dll (68 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\KP_D.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\KP_D\skinconfig\installedSoftInfo.ini (0 bytes)

The process BaiduSdSvc.exe:3048 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\FileSignDB\MANIFEST-000002 (4 bytes)
%System%\config\SYSTEM.LOG (11649 bytes)
%System%\config\software (26543 bytes)
%System%\config\SOFTWARE.LOG (33318 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\privacy.db-journal (532 bytes)
%System%\config (288 bytes)
%System%\config\system (8297 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\CachedDB_1\MANIFEST-000002 (4 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\privacy.db (149 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\CachedDB_1\MANIFEST-000001 (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\FileSignDB\MANIFEST-000001 (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\FileSignDB\CURRENT (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\privacy.db-journal (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\CachedDB_1\CURRENT (0 bytes)

The process BDDownloader.exe:3348 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Program Files%\Baidu\BaiduSd\1.8.0.1255\dl.dll (65930 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nseB.tmp (90616 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsuC.tmp\System.dll (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\BDDownloader_Installer\1.0.106.1[2014-5-31-3-45-3]\7z.dll (12536 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\BDDownloader_Installer\1.0.106.1[2014-5-31-3-45-3]\dl.dll (65930 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\BDDownloader_Installer\1.0.106.1[2014-5-31-3-45-3]\bdcomproxy.dll (2392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\BDDownloader_Installer\1.0.106.1[2014-5-31-3-45-3]\bddownloader.exe (41699 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsuC.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nseA.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsuC.tmp\System.dll (0 bytes)

The process BDDownloader.exe:3524 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Program Files%\Common Files\Baidu\BDDownload\106\bddownloader.exe (9605 bytes)
%Program Files%\Common Files\Baidu\BDDownload\106\bdcomproxy.dll (601 bytes)
%Program Files%\Common Files\Baidu\BDDownload\106\7z.dll (2105 bytes)
%Program Files%\Common Files\Baidu\BDDownload\106\dl.dll (14988 bytes)

Registry activity

The process BaiduSd.exe:3992 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F5 FA DC 06 39 47 CC 2D CB E6 F7 41 53 3B 43 43"

The process shandian.exe:496 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 18 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B8 2D 3E 8D 27 6B 35 8D E1 21 00 19 17 88 E2 BC"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process shandian.exe:212 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014053120140601]
"CacheRepair" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 19 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT]
"shandian.exe" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014053120140601]
"CachePrefix" = ":2014053120140601:"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name" = "shandian.exe"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE]
"shandian.exe" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014053120140601]
"CachePath" = "%USERPROFILE%\Local Settings\History\History.IE5\MSHist012014053120140601\"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "1301653454"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014053120140601]
"CacheOptions" = "11"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "62 F8 D7 6B 87 AA 7D 9A A5 48 37 1B C5 DB 06 21"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014053120140601]
"CacheLimit" = "8192"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Favorites" = "%Documents and Settings%\%current user%\Favorites"
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following registry key(s):

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012013041720130418]

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process %original file name%.exe:1988 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ÉÁµçä¯ÀÀÆ÷]
"DisplayName" = "ÉÁµçä¯ÀÀÆ÷"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 17 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsa2.tmp\config.ini\..]
"emaaif_70690.exe" = "emaaif_70690"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ÉÁµçä¯ÀÀÆ÷]
"Publisher" = "ÉÁµç"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ÉÁµçä¯ÀÀÆ÷]
"URLInfoAbout" = "http://www.sd.com"
"DisplayIcon" = "%Program Files%\shandian\shandian.exe"

"UninstallString" = "%Program Files%\shandian\uninst.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsa2.tmp\config.ini\..]
"F30241_s_0523.exe" = "百度杀毒安装程序"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ÉÁµçä¯ÀÀÆ÷]
"DisplayVersion" = "1.0.0.0"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsa2.tmp\config.ini\..]
"pczh_98_2.exe" = "pczh_98_2"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "FC A0 AB 39 53 E4 0D 10 CA 73 F0 D9 D6 DC 36 37"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsa2.tmp\config.ini\..]
"kuping_b_54282.exe" = "安装包程序"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%Program Files%\shandian]
"home.bat" = "home"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"shandian" = "%Program Files%\shandian\shandian.exe"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process emaaif_70690.exe:1320 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "04 ED EE BD 22 7F 00 6B 79 C6 27 39 E6 90 2D C9"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCR\metnsd\clsid]
"SequenceID" = "4B 60 4A C7 BA 32 AD 45 9F 5B 90 39 FE 14 FC 7C"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Documents and Settings%\%current user%\Local Settings\Temp\nsa2.tmp]
"emaaif_70690.exe" = "%Documents and Settings%\%current user%\Local Settings\Temp\nsa2.tmp\emaaif_70690.exe:*:Enabled:百度卫士在线安装程序"

The Trojan adds process executable file it works in to the list of trusted Windows Firewall applications:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Documents and Settings%\%current user%\Local Settings\Temp\nsa2.tmp]
"emaaif_70690.exe" = "%Documents and Settings%\%current user%\Local Settings\Temp\nsa2.tmp\emaaif_70690.exe:*:Enabled:百度卫士在线安装程序"

The process sdad.exe:1928 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name" = "sdad.exe"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1A 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "1384939658"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F6 1A 6A A5 73 0A F4 6E E8 7C 6E AD 73 3E F0 1C"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process pczh_98_2.exe:3288 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "BC 55 71 79 ED 39 86 4F B2 AE AB A4 E1 5E C8 FE"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\tyoh]
"ED" = "98"
"EN" = "pczh_98_2.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Templates" = "%Documents and Settings%\%current user%\Templates"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\tyoh]
"et" = "3120145"

The process F30241_s_0523.exe:1704 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Baidu\BaiduSd]
"InstallDate" = "2014-5-31"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度杀毒]
"UninstallString" = "%Program Files%\Baidu\BaiduSd\1.8.0.1255\uninst.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKCR\CLSID\{36E6A19A-6C8C-4250-B42A-24B8D3514ABA}\VersionIndependentProgID]
"(Default)" = "ieCommonPlugin.Implement"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度杀毒]
"DisplayVersion" = "1.8.0.1255"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{36E6A19A-6C8C-4250-B42A-24B8D3514ABA}\iexplore\AllowedDomains\*]
"(Default)" = ""

[HKLM\SOFTWARE\MozillaPlugins\@baidu.com/BaidusdDetectNPPlugin]
"vendor" = "Beijing baidu Netcom science and technology co.ltd"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\System\CurrentControlSet\Services\bd0003]
"Description" = "百度杀毒功能组件"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度杀毒]
"Publisher" = "百度在线网络技术(北京)有限公司"

[HKLM\System\CurrentControlSet\Services\bd0001]
"Type" = "1"

[HKLM\System\CurrentControlSet\Services\bd0002]
"Tag" = "2"

[HKLM\System\CurrentControlSet\Services\bd0003\Instances\bd0003 Instance]
"Altitude" = "326912"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"

[HKLM\System\CurrentControlSet\Services\BDArKit]
"Tag" = "4"

[HKLM\System\CurrentControlSet\Control\CrashControl]
"CrashDumpEnabled" = "2"

[HKCR\TypeLib\{9A93865B-4314-47AE-8C4A-850748CCC6BF}\1.0\0\win32]
"(Default)" = "%Program Files%\Baidu\BaiduSd\1.8.0.1255\explugin\ieBaiduSDDetectPlug.dll"

[HKLM\System\CurrentControlSet\Services\bd0002]
"InstallDir_sd" = "%Program Files%\Baidu\BaiduSd\1.8.0.1255"

[HKCR\CLSID\{36E6A19A-6C8C-4250-B42A-24B8D3514ABA}\TypeLib]
"(Default)" = "{9A93865B-4314-47AE-8C4A-850748CCC6BF}"

[HKCR\TypeLib\{9A93865B-4314-47AE-8C4A-850748CCC6BF}\1.0]
"(Default)" = "ieCommonPlugin 1.0 Type Library"

[HKLM\System\CurrentControlSet\Services\bd0003]
"Group" = "FSFilter Anti-Virus"

[HKLM\System\CurrentControlSet\Services\BDArKit]
"Description" = "BDArKit"

[HKLM\SOFTWARE\Baidu\BaiduSd]
"Version" = "1.8.0.1255"

[HKLM\System\CurrentControlSet\Services\bd0002]
"Type" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCR\TypeLib\{9A93865B-4314-47AE-8C4A-850748CCC6BF}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\CLSID\{36E6A19A-6C8C-4250-B42A-24B8D3514ABA}\ProgID]
"(Default)" = "ieCommonPlugin.Implement.1"

[HKLM\SOFTWARE\MozillaPlugins\@baidu.com/BaidusdDetectNPPlugin\MimeTypes\application/np-BaiduSDDetect]
"Description" = "BaidusdDetectNPPlugin"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKLM\System\CurrentControlSet\Services\bd0003\Instances]
"DefaultInstance" = "bd0003 Instance"

[HKCR\ieCommonPlugin.Implement\CurVer]
"(Default)" = "ieCommonPlugin.Implement.1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"

[HKCR\ieCommonPlugin.Implement\CLSID]
"(Default)" = "{36E6A19A-6C8C-4250-B42A-24B8D3514ABA}"

[HKLM\SOFTWARE\Baidu\BaiduSd]
"InstallDir" = "%Program Files%\Baidu\BaiduSd"

[HKCR\AppID\{6B4447CA-C33E-4E65-914D-C7B346D73F80}]
"(Default)" = "ieCommonPlugin"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A7 F5 11 26 30 E3 2D A6 2C F4 CB 52 52 EF 2A 37"

[HKLM\System\CurrentControlSet\Services\bd0001]
"DisplayName" = "bd0001"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\System\CurrentControlSet\Services\bd0003]
"DependOnService" = "FltMgr"

[HKLM\System\CurrentControlSet\Services\BDArKit]
"ErrorControl" = "0"

[HKCR\CLSID\{36E6A19A-6C8C-4250-B42A-24B8D3514ABA}\InprocServer32]
"(Default)" = "%Program Files%\Baidu\BaiduSd\1.8.0.1255\explugin\ieBaiduSDDetectPlug.dll"

[HKCR\Interface\{C7777CD6-0F43-49E4-B988-F62E3BA5130A}\TypeLib]
"Version" = "1.0"

[HKLM\System\CurrentControlSet\Services\BDArKit]
"Group" = "bddriver"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\System\CurrentControlSet\Services\BDArKit]
"ImagePath" = "system32\DRIVERS\BDArKit.sys"
"DisplayName" = "BDArKit"

[HKLM\System\CurrentControlSet\Services\bd0003]
"ImagePath" = "system32\DRIVERS\bd0003.sys"

[HKLM\System\CurrentControlSet\Services\bd0001]
"Tag" = "1"

[HKCR\Interface\{C7777CD6-0F43-49E4-B988-F62E3BA5130A}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\TypeLib\{9A93865B-4314-47AE-8C4A-850748CCC6BF}\1.0\HELPDIR]
"(Default)" = ""

[HKLM\System\CurrentControlSet\Services\bd0002]
"DisplayName" = "bd0002"

[HKLM\System\CurrentControlSet\Services\bd0003]
"Type" = "2"

[HKLM\System\CurrentControlSet\Services\bd0002]
"ErrorControl" = "0"

[HKLM\SOFTWARE\Baidu\BaiduSd]
"RtpFlag" = "273"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"

[HKLM\System\CurrentControlSet\Services\bd0002]
"Group" = "bddriver"

[HKLM\System\CurrentControlSet\Services\bd0001]
"ImagePath" = "system32\DRIVERS\bd0001.sys"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度杀毒]
"DisplayIcon" = "%Program Files%\Baidu\BaiduSd\1.8.0.1255\app.ico"

[HKLM\System\CurrentControlSet\Services\bd0003]
"Tag" = "3"

[HKLM\SOFTWARE\MozillaPlugins\@baidu.com/BaidusdDetectNPPlugin]
"Path" = "%Program Files%\Baidu\BaiduSd\1.8.0.1255\explugin\npBaiduSDDetectPlug.dll"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\百度杀毒]
"DisplayName" = "百度杀毒1.8"

[HKLM\SOFTWARE\Baidu\BaiduSd]
"VirusTime" = "2013.11.28 0110"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\System\CurrentControlSet\Services\bd0001]
"ErrorControl" = "0"

[HKCR\ieCommonPlugin.Implement.1]
"(Default)" = "Implement Class"

[HKLM\System\CurrentControlSet\Services\bd0002]
"Description" = "bd0002"

[HKCR\AppID\ieCommonPlugin.DLL]
"AppID" = "{6B4447CA-C33E-4E65-914D-C7B346D73F80}"

[HKCR\Interface\{C7777CD6-0F43-49E4-B988-F62E3BA5130A}\TypeLib]
"(Default)" = "{9A93865B-4314-47AE-8C4A-850748CCC6BF}"

[HKLM\System\CurrentControlSet\Services\BDArKit]
"Type" = "1"

[HKLM\System\CurrentControlSet\Services\bd0003]
"ErrorControl" = "1"

[HKLM\System\CurrentControlSet\Services\bd0002]
"ImagePath" = "system32\DRIVERS\bd0002.sys"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCR\ieCommonPlugin.Implement]
"(Default)" = "Implement Class"

[HKLM\SOFTWARE\Baidu\BaiduSd]
"INSTLANG" = "2052"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"

[HKLM\System\CurrentControlSet\Control\GroupOrderList]
"bddriver" = "02 00 00 00 01 00 00 00 02 00 00 00"

[HKLM\SOFTWARE\MozillaPlugins\@baidu.com/BaidusdDetectNPPlugin]
"ProductName" = "BaiduSd"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCR\CLSID\{36E6A19A-6C8C-4250-B42A-24B8D3514ABA}]
"(Default)" = "Implement Class"

[HKCR\Interface\{C7777CD6-0F43-49E4-B988-F62E3BA5130A}]
"(Default)" = "IImplement"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

[HKLM\SOFTWARE\MozillaPlugins\@baidu.com/BaidusdDetectNPPlugin]
"Description" = "Baidusd detect NPAPI plugin"

[HKLM\System\CurrentControlSet\Control\ServiceGroupOrder]
"List" = "System Reserved, Boot Bus Extender, System Bus Extender, SCSI miniport, Port, Primary Disk, SCSI Class, SCSI CDROM Class, FSFilter Infrastructure, FSFilter System, FSFilter Bottom, FSFilter Copy Protection, FSFilter Security Enhancer, FSFilter Open File, FSFilter Physical Quota Management, FSFilter Encryption, FSFilter Compression, FSFilter HSM, FSFilter Cluster File System, FSFilter System Recovery, FSFilter Quota Management, FSFilter Content Screener, FSFilter Continuous Backup, FSFilter Replication, bddriver, FSFilter Anti-Virus, FSFilter Undelete, FSFilter Activity Monitor, FSFilter Top, Filter, Boot File System, Base, Pointer Port, Keyboard Port, Pointer Class, Keyboard Class, Video Init, Video, Video Save, File System, Event Log, Streams Drivers, NDIS Wrapper, COM Infrastructure, UIGroup, LocalValidation, PlugPlay, PNP_TDI, NDIS, TDI, NetBIOSGroup, ShellSvcGroup, SchedulerGroup, SpoolerGroup, AudioGroup, SmartCardGroup, NetworkProvider, RemoteValidation, NetDDEGroup, Parallel arbitrator, Extended Base, PCI Configuration, MS Transactions"

[HKLM\SOFTWARE\MozillaPlugins\@baidu.com/BaidusdDetectNPPlugin]
"Version" = "1.0.0.1"

[HKLM\System\CurrentControlSet\Services\bd0001]
"Group" = "bddriver"

[HKCR\ieCommonPlugin.Implement.1\CLSID]
"(Default)" = "{36E6A19A-6C8C-4250-B42A-24B8D3514ABA}"

[HKCR\Interface\{C7777CD6-0F43-49E4-B988-F62E3BA5130A}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKLM\System\CurrentControlSet\Services\bd0003\Instances\bd0003 Instance]
"Flags" = "0"

[HKLM\System\CurrentControlSet\Services\bd0001]
"Description" = "bd0001"

[HKLM\System\CurrentControlSet\Services\bd0003]
"DisplayName" = "bd0003"

[HKLM\SOFTWARE\Baidu\BaiduSd]
"SupplyID" = "30241"

[HKCR\CLSID\{36E6A19A-6C8C-4250-B42A-24B8D3514ABA}\InprocServer32]
"ThreadingModel" = "Apartment"

The Trojan adds process executable file it works in to the list of trusted Windows Firewall applications:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Program Files%\Baidu\BaiduSd\1.8.0.1255]
"BaiduSdSvc.exe" = "%Program Files%\Baidu\BaiduSd\1.8.0.1255\BaiduSdSvc.exe:*:Enabled:百度杀毒服务程序"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Program Files%\Baidu\BaiduSd\1.8.0.1255]
"BaiduSdBugRpt.exe" = "%Program Files%\Baidu\BaiduSd\1.8.0.1255\BaiduSdBugRpt.exe:*:Enabled:百度杀毒BUG上报程序"

The following driver will be automatically launched by the NT Native code (IoInitSystem method):

[HKLM\System\CurrentControlSet\Services\bd0003]
"Start" = "1"

The Trojan adds process executable file it works in to the list of trusted Windows Firewall applications:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Program Files%\Baidu\BaiduSd\1.8.0.1255]
"BaiduSdTray.exe" = "%Program Files%\Baidu\BaiduSd\1.8.0.1255\BaiduSdTray.exe:*:Enabled:百度杀毒托盘程序"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Program Files%\Baidu\BaiduSd\1.8.0.1255]
"BaiduSdSvc.exe" = "%Program Files%\Baidu\BaiduSd\1.8.0.1255\BaiduSdSvc.exe:*:Enabled:百度杀毒服务程序"

The Trojan adds process executable file it works in to the list of trusted Windows Firewall applications:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Program Files%\Baidu\BaiduSd\1.8.0.1255]
"BaiduSdUpdate.exe" = "%Program Files%\Baidu\BaiduSd\1.8.0.1255\BaiduSdUpdate.exe:*:Enabled:百度杀毒更新程序"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Program Files%\Baidu\BaiduSd\1.8.0.1255]
"BaiduSdTray.exe" = "%Program Files%\Baidu\BaiduSd\1.8.0.1255\BaiduSdTray.exe:*:Enabled:百度杀毒托盘程序"

The Trojan adds process executable file it works in to the list of trusted Windows Firewall applications:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Program Files%\Baidu\BaiduSd\1.8.0.1255]
"BaiduSd.exe" = "%Program Files%\Baidu\BaiduSd\1.8.0.1255\BaiduSd.exe:*:Enabled:百度杀毒主程序"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Documents and Settings%\%current user%\Local Settings\Temp\nsa2.tmp]
"F30241_s_0523.exe" = "%Documents and Settings%\%current user%\Local Settings\Temp\nsa2.tmp\F30241_s_0523.exe:*:Enabled:百度杀毒安装程序"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Program Files%\Baidu\BaiduSd\1.8.0.1255]
"BaiduSdBugRpt.exe" = "%Program Files%\Baidu\BaiduSd\1.8.0.1255\BaiduSdBugRpt.exe:*:Enabled:百度杀毒BUG上报程序"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Program Files%\Baidu\BaiduSd\1.8.0.1255]
"BaiduSdUpdate.exe" = "%Program Files%\Baidu\BaiduSd\1.8.0.1255\BaiduSdUpdate.exe:*:Enabled:百度杀毒更新程序"

The following service will be launched automatically at system boot up:

[HKLM\System\CurrentControlSet\Services\BDArKit]
"Start" = "2"

The following driver will be automatically launched by the NT Native code (IoInitSystem method):

[HKLM\System\CurrentControlSet\Services\bd0002]
"Start" = "1"

[HKLM\System\CurrentControlSet\Services\bd0001]
"Start" = "1"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Program Files%\Baidu\BaiduSd\1.8.0.1255]
"BaiduSd.exe" = "%Program Files%\Baidu\BaiduSd\1.8.0.1255\BaiduSd.exe:*:Enabled:百度杀毒主程序"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Documents and Settings%\%current user%\Local Settings\Temp\nsa2.tmp]
"F30241_s_0523.exe" = "%Documents and Settings%\%current user%\Local Settings\Temp\nsa2.tmp\F30241_s_0523.exe:*:Enabled:百度杀毒安装程序"

The Trojan deletes the following value(s) in system registry:

[HKLM\System\CurrentControlSet\Services\bd0003]
"DeleteFlag"

[HKLM\System\CurrentControlSet\Services\bd0002]
"DeleteFlag"

[HKLM\System\CurrentControlSet\Services\bd0001]
"DeleteFlag"

[HKLM\System\CurrentControlSet\Services\BDArKit]
"DeleteFlag"

[HKLM\SOFTWARE\Baidu\BaiduSd]
"RtpFlag"

The process BaiduSdTray.exe:3184 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A2 2A A6 90 86 3B 3C 97 D5 9F 43 29 0C D8 D8 0A"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

The process mscorsvw.exe:1912 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\.NETFramework\v2.0.50727\NGenService\State]
"AccumulatedWaitIdleTime" = "1260000"

The process bddownloader.exe:3708 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%System%]
"regsvr32.exe" = "Microsoft(C) Register Server"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCR\TypeLib\{DA624F8F-98BF-4B03-AD11-A12D07119E81}\1.0\0\win32]
"(Default)" = "c:\program files\common files\baidu\bddownload\106\bddownloader.exe"

[HKCR\BDDownloadProxy.Downloader\CLSID]
"(Default)" = "{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}"

[HKCR\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCR\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}\ProxyStubClsid32]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKCR\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\TypeLib]
"(Default)" = "{DA624F8F-98BF-4B03-AD11-A12D07119E81}"

[HKCR\CLSID\{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}\LocalServer32]
"(Default)" = "c:\program files\common files\baidu\bddownload\106\bddownloader.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCR\BDDownloadProxy.Downloader.1]
"(Default)" = "Downloader Class"

[HKCR\BDDownloadProxy.Downloader.1\CLSID]
"(Default)" = "{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}"

[HKCR\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}\ProxyStubClsid]
"(Default)" = "{00020420-0000-0000-C000-000000000046}"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCR\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\BDDownloadProxy.Downloader]
"(Default)" = "Downloader Class"

[HKCR\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}]
"(Default)" = "DownloadProxy"

[HKCR\CLSID\{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}]
"(Default)" = "Downloader Class"

[HKCR\CLSID\{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}\ProgID]
"(Default)" = "BDDownloadProxy.Downloader.1"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%System%]
"netsh.exe" = "Network Command Shell"

[HKCR\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\TypeLib]
"Version" = "1.0"

[HKCR\CLSID\{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}\TypeLib]
"(Default)" = "{DA624F8F-98BF-4B03-AD11-A12D07119E81}"

[HKCR\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}\TypeLib]
"Version" = "1.0"

[HKCR\AppID\DownloadProxy.EXE]
"AppID" = "{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}"

[HKCR\TypeLib\{DA624F8F-98BF-4B03-AD11-A12D07119E81}\1.0\HELPDIR]
"(Default)" = ""

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "03 94 61 A3 09 53 77 95 35 7A 70 27 61 B1 49 59"

[HKCR\BDDownloadProxy.Downloader\CurVer]
"(Default)" = "BDDownloadProxy.Downloader.1"

[HKCR\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}\TypeLib]
"(Default)" = "{DA624F8F-98BF-4B03-AD11-A12D07119E81}"

[HKCR\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}]
"(Default)" = "_IDownloaderEvents"

[HKCR\CLSID\{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}]
"AppID" = "{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}"

[HKCR\TypeLib\{DA624F8F-98BF-4B03-AD11-A12D07119E81}\1.0]
"(Default)" = "DownloadProxy 1.0 Type Library"

[HKCR\TypeLib\{DA624F8F-98BF-4B03-AD11-A12D07119E81}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\CLSID\{91B5E4DE-4C97-41CD-9F94-84BFAABB7371}\VersionIndependentProgID]
"(Default)" = "BDDownloadProxy.Downloader"

[HKCR\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}]
"(Default)" = "IDownloader"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

"IntranetName" = "1"

The process kuping_b_54282.exe:2428 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "1E 20 B1 F6 D5 AC 23 88 A2 19 18 39 5D 30 7F 67"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

The process regsvr32.exe:3576 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "94 3D BC EA 27 ED 5E E9 AA 18 AC C9 89 3E 8D 91"

The process regsvr32.exe:3880 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B5 9A 58 F8 30 29 BD 10 6A 2A 12 DA 9D 3C 15 BF"

[HKCR\Interface\{6B3732AA-F6D4-4F16-9E22-49EDC52C9514}]
"(Default)" = "IDownloader_2"

[HKCR\CLSID\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\InProcServer32]
"ThreadingModel" = "Both"

[HKCR\CLSID\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}]
"(Default)" = "PSFactoryBuffer"

[HKCR\Interface\{6B3732AA-F6D4-4F16-9E22-49EDC52C9514}\ProxyStubClsid32]
"(Default)" = "{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}"

[HKCR\CLSID\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\InProcServer32]
"(Default)" = "c:\program files\common files\baidu\bddownload\106\bdcomproxy.dll"

[HKCR\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}]
"(Default)" = "IDownloader"

[HKCR\Interface\{6B3732AA-F6D4-4F16-9E22-49EDC52C9514}\NumMethods]
"(Default)" = "6"

[HKCR\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\NumMethods]
"(Default)" = "15"

[HKCR\Interface\{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}\ProxyStubClsid32]
"(Default)" = "{7044CE4B-FE34-4DD1-A0FA-157E1E179ECA}"

The process BaiduSdSvc.exe:3048 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\System\CurrentControlSet\Services\bd0002]
"Description" = "bd0002"

[HKLM\System\CurrentControlSet\Services\bd0003]
"Group" = "FSFilter Anti-Virus"

[HKLM\System\CurrentControlSet\Services\BDArKit]
"Description" = "BDArKit"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKLM\System\CurrentControlSet\Services\BDArKit]
"Group" = "bddriver"
"ImagePath" = "system32\DRIVERS\BDArKit.sys"

[HKLM\System\CurrentControlSet\Services\bd0002]
"Type" = "1"
[HKLM\System\CurrentControlSet\Services\bd0003]
"ErrorControl" = "1"

[HKLM\System\CurrentControlSet\Services\bd0002]
"ImagePath" = "system32\DRIVERS\bd0002.sys"

[HKLM\System\CurrentControlSet\Services\bd0003]
"ImagePath" = "system32\DRIVERS\bd0003.sys"

[HKLM\System\CurrentControlSet\Services\bd0001]
"Tag" = "1"

[HKLM\System\CurrentControlSet\Services\bd0003]
"Description" = "百度杀毒功能组件"

[HKLM\System\CurrentControlSet\Services\bd0003\Instances]
"DefaultInstance" = "bd0003 Instance"

[HKLM\System\CurrentControlSet\Services\bd0002]
"DisplayName" = "bd0002"

[HKLM\System\CurrentControlSet\Services\bd0001]
"Type" = "1"

[HKLM\System\CurrentControlSet\Services\bd0003]
"Type" = "2"

[HKLM\System\CurrentControlSet\Services\bd0002]
"ErrorControl" = "0"
"Group" = "bddriver"
"Tag" = "2"

[HKLM\System\CurrentControlSet\Services\bd0003]
"Tag" = "3"

[HKLM\System\CurrentControlSet\Services\bd0003\Instances\bd0003 Instance]
"Altitude" = "326912"

[HKLM\System\CurrentControlSet\Services\BDArKit]
"DisplayName" = "BDArKit"
"Type" = "1"
"Tag" = "4"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "0C 00 A0 22 B2 8A EC 58 B4 5E 73 DB 1F 36 63 95"

[HKLM\System\CurrentControlSet\Services\bd0001]
"Group" = "bddriver"
"ImagePath" = "system32\DRIVERS\bd0001.sys"
"DisplayName" = "bd0001"

[HKLM\System\CurrentControlSet\Services\bd0003]
"DependOnService" = "FltMgr"

[HKLM\System\CurrentControlSet\Services\bd0001]
"ErrorControl" = "0"

[HKLM\System\CurrentControlSet\Services\bd0003\Instances\bd0003 Instance]
"Flags" = "0"

[HKLM\System\CurrentControlSet\Services\bd0001]
"Description" = "bd0001"

[HKLM\System\CurrentControlSet\Services\bd0003]
"DisplayName" = "bd0003"

[HKLM\System\CurrentControlSet\Services\BDArKit]
"ErrorControl" = "0"

The following service will be launched automatically at system boot up:

[HKLM\System\CurrentControlSet\Services\BDArKit]
"Start" = "2"

The following driver will be automatically launched by the NT Native code (IoInitSystem method):

[HKLM\System\CurrentControlSet\Services\bd0002]
"Start" = "1"

To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"baidusdTray" = "%Program Files%\Baidu\BaiduSd\1.8.0.1255\BaiduSdTray.exe -stmd=3"

The following driver will be automatically launched by the NT Native code (IoInitSystem method):

[HKLM\System\CurrentControlSet\Services\bd0001]
"Start" = "1"

[HKLM\System\CurrentControlSet\Services\bd0003]
"Start" = "1"

The Trojan deletes the following value(s) in system registry:

[HKLM\System\CurrentControlSet\Services\bd0003]
"DeleteFlag"

[HKLM\System\CurrentControlSet\Services\bd0002]
"DeleteFlag"

[HKLM\System\CurrentControlSet\Services\bd0001]
"DeleteFlag"

[HKLM\System\CurrentControlSet\Services\BDArKit]
"DeleteFlag"

The process BaiduSdSvc.exe:2944 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "AE 89 AF 8B A8 9C C1 EA 98 2A D6 0E EE A4 6F CA"

The process netsh.exe:3852 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"Guid" = "8aefce96-4618-42ff-a057-3536aa78233e"

[HKLM\SOFTWARE\Microsoft\Tracing\FWCFG]
"MaxFileSize" = "1048576"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh]
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent]
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Tracing\FWCFG]
"ConsoleTracingMask" = "4294901760"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh\Napmontr]
"BitNames" = " NAP_TRACE_BASE NAP_TRACE_NETSH"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\Tracing\FWCFG]
"EnableFileTracing" = "0"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg]
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh\Napmontr]
"Guid" = "710adbf0-ce88-40b4-a50d-231ada6593f0"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"Active" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy]
"LogSessionName" = "stdout"
"ControlFlags" = "1"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent\traceIdentifier]
"Guid" = "b0278a28-76f1-4e15-b1df-14b209a12613"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier]
"Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa"

[HKLM\SOFTWARE\Microsoft\Tracing\FWCFG]
"EnableConsoleTracing" = "0"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F9 12 C3 AB 24 D7 3E F6 43 9B 4D 3F 4D 52 61 85"

[HKLM\SOFTWARE\Microsoft\Tracing\FWCFG]
"FileDirectory" = "%windir%\tracing"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent]
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Tracing\FWCFG]
"FileTracingMask" = "4294901760"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh]
"LogSessionName" = "stdout"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent\traceIdentifier]
"BitNames" = " Error Unusual Info Debug"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil]
"ControlFlags" = "1"

The Trojan adds process executable file it works in to the list of trusted Windows Firewall applications:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\%Program Files%\Common Files\Baidu\BDDownload\106]
"bddownloader.exe" = "%Program Files%\Common Files\Baidu\BDDownload\106\bddownloader.exe:*:Enabled:百度高速下载器"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\%Program Files%\Common Files\Baidu\BDDownload\106]
"bddownloader.exe" = "%Program Files%\Common Files\Baidu\BDDownload\106\bddownloader.exe:*:Enabled:百度高速下载器"

The process BDKVWsc.exe:3576 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "FD D1 99 64 4D 2F 20 3D E3 20 42 52 27 C0 EC D8"

The process RegSvr32.exe:3592 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKCR\TypeLib\{45D1EEF3-7713-48FA-B7A5-B77229C7D330}\1.0]
"(Default)" = "BDShellExt 1.0 Type Library"

[HKCR\BDShellExt.BDShellExtMenu\CurVer]
"(Default)" = "BDShellExt.BDShellExtMenu.1"

[HKCR\Interface\{0C5C9741-79A4-4A5F-A9B3-9E686CFF879B}\NumMethods]
"(Default)" = "3"

[HKCR\Interface\{0C5C9741-79A4-4A5F-A9B3-9E686CFF879B}]
"(Default)" = "IBDShellExtMenu"

[HKCR\Interface\{0C5C9741-79A4-4A5F-A9B3-9E686CFF879B}\ProxyStubClsid]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\TypeLib\{45D1EEF3-7713-48FA-B7A5-B77229C7D330}\1.0\FLAGS]
"(Default)" = "0"

[HKCR\CLSID\{0C5C9741-79A4-4A5F-A9B3-9E686CFF879B}\InProcServer32]
"(Default)" = "%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDShellExt.dll"

[HKCR\BDShellExt.BDShellExtMenu.1]
"(Default)" = "BDShellExtMenu Class"

[HKCR\BDShellExt.BDShellExtMenu]
"(Default)" = "BDShellExtMenu Class"

[HKCR\CLSID\{00890530-6A9F-4be2-B1BB-73F01E2BB986}\InprocServer32]
"(Default)" = "%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDShellExt.dll"

[HKCR\BDShellExt.BDShellExtMenu.1\CLSID]
"(Default)" = "{00890530-6A9F-4be2-B1BB-73F01E2BB986}"

[HKCR\lnkfile\shellex\ContextMenuHandlers\BDShellExt]
"(Default)" = "{00890530-6A9F-4be2-B1BB-73F01E2BB986}"

[HKCR\AppID\BDShellExt.DLL]
"AppID" = "{FBE0E29B-01DB-4876-B147-46F5AABA6823}"

[HKCR\Interface\{0C5C9741-79A4-4A5F-A9B3-9E686CFF879B}\TypeLib]
"Version" = "1.0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00890530-6A9F-4be2-B1BB-73F01E2BB986}" = "BDShellExtMenu Class"

[HKCR\BDShellExt.BDShellExtMenu\CLSID]
"(Default)" = "{00890530-6A9F-4be2-B1BB-73F01E2BB986}"

[HKCR\CLSID\{00890530-6A9F-4be2-B1BB-73F01E2BB986}\TypeLib]
"(Default)" = "{45D1EEF3-7713-48fa-B7A5-B77229C7D330}"

[HKCR\Interface\{0C5C9741-79A4-4A5F-A9B3-9E686CFF879B}\TypeLib]
"(Default)" = "{45D1EEF3-7713-48FA-B7A5-B77229C7D330}"

[HKCR\CLSID\{00890530-6A9F-4be2-B1BB-73F01E2BB986}\VersionIndependentProgID]
"(Default)" = "BDShellExt.BDShellExtMenu"

[HKCR\CLSID\{00890530-6A9F-4be2-B1BB-73F01E2BB986}\ProgID]
"(Default)" = "BDShellExt.BDShellExtMenu.1"

[HKCR\AllFilesystemObjects\shellex\ContextMenuHandlers\BDShellExt]
"(Default)" = "{00890530-6A9F-4be2-B1BB-73F01E2BB986}"

[HKCR\CLSID\{0C5C9741-79A4-4A5F-A9B3-9E686CFF879B}]
"(Default)" = "PSFactoryBuffer"

[HKCR\AppID\{FBE0E29B-01DB-4876-B147-46F5AABA6823}]
"(Default)" = "BDShellExt"

[HKCR\TypeLib\{45D1EEF3-7713-48FA-B7A5-B77229C7D330}\1.0\0\win32]
"(Default)" = "%Program Files%\Baidu\BaiduSd\1.8.0.1255\BDShellExt.dll"

[HKCR\CLSID\{00890530-6A9F-4be2-B1BB-73F01E2BB986}]
"AppID" = "{FBE0E29B-01DB-4876-B147-46F5AABA6823}"

[HKCR\CLSID\{0C5C9741-79A4-4A5F-A9B3-9E686CFF879B}\InProcServer32]
"ThreadingModel" = "Both"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D9 8F 69 25 9E B6 C2 89 25 C3 94 32 2F 9A 03 1B"

[HKCR\Folder\shellex\ContextMenuHandlers\BDShellExt]
"(Default)" = "{00890530-6A9F-4be2-B1BB-73F01E2BB986}"

[HKCR\CLSID\{00890530-6A9F-4be2-B1BB-73F01E2BB986}]
"(Default)" = "BDShellExtMenu Class"

[HKCR\TypeLib\{45D1EEF3-7713-48FA-B7A5-B77229C7D330}\1.0\HELPDIR]
"(Default)" = ""

[HKCR\Interface\{0C5C9741-79A4-4A5F-A9B3-9E686CFF879B}\ProxyStubClsid32]
"(Default)" = "{00020424-0000-0000-C000-000000000046}"

[HKCR\CLSID\{00890530-6A9F-4be2-B1BB-73F01E2BB986}\InprocServer32]
"ThreadingModel" = "Apartment"

The process RegSvr32.exe:3744 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "55 87 7D 25 DB 3C EE B7 19 37 3E 65 AB 13 9F FE"

The process BDDownloader.exe:3348 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D5 50 2F 3B 4C 72 C7 41 52 AF B1 7D 74 88 AE 29"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

The process BDDownloader.exe:3524 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "EB 04 A8 05 F0 58 B2 B2 FD 22 35 82 F3 4E 3C C6"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\c:\program files\common files\baidu\bddownload\106]
"bddownloader.exe" = "百度高速下载引擎"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Dropped PE files

MD5 File path
c04ec525567c3864916c0d06ff9d1b6c c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsa2.tmp\F30241_s_0523.exe
a7d710e78711d5ab90e4792763241754 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsa2.tmp\Md5dll.dll
00a0194c20ee912257df53bfe258ee4a c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsa2.tmp\System.dll
b2181e501ce4b03aa5b01d63dbec0b6e c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsa2.tmp\bind.dll
3a5ed71aa9c6846d95d57235c4c443d7 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsa2.tmp\xID.dll
2f13d0b09d35456a28dcb5fcdc9db637 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsb6.tmp\PluginInstallHelper.dll
1c951bbcbc780046d6be1079a04870a4 c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsb6.tmp\System.dll
8f87437f10cd1ae1d2e8a16c74edb3bd c:\Program Files\shandian\bin\sdad.exe
5d58564e0c3a20c424c6e2485217773b c:\Program Files\shandian\bin\shandian.exe
15e8902b36a8efb0c4bb7d9fdc47deb0 c:\Program Files\shandian\shandian.exe
69416c6b6c1285c962a14661b26ed0a4 c:\Program Files\shandian\uninst.exe

HOSTS file anomalies

No changes have been detected.

Rootkit activity

Using the driver "%System%\DRIVERS\bd0001.sys" the Trojan controls creation and closing of processes by installing the process notifier.
Using the driver "%System%\DRIVERS\bd0001.sys" the Trojan controls creation and closing of threads by installing the thread notifier.
Using the driver "%System%\DRIVERS\bd0001.sys" the Trojan controls loading executable images into a memory by installing the Load image notifier.
The Trojan installs the following kernel-mode hooks:

ZwUnloadKey

Propagation

VersionInfo

No information is available.

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Section MD5
.text 4096 23628 24064 4.46394 856b32eb77dfd6fb67f21d6543272da5
.rdata 28672 4764 5120 3.4982 dc77f8a1e6985a4361c55642680ddb4f
.data 36864 154712 1024 3.3278 7922d4ce117d7d5b3ac2cffe4b0b5e4f
.ndata 192512 49152 0 0 d41d8cd98f00b204e9800998ecf8427e
.rsrc 241664 29640 29696 4.6896 30939685b70bc8578de3631cb89a31e1

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

Total found: 3
69416c6b6c1285c962a14661b26ed0a4
3423704b75b1beb4eea41650c79cd98e
8c338fe5ca6b0613baf28bc33adabd47

URLs

URL IP
hxxp://stat.fjmjm.com/stat/?v=1&ac=setup&name=%original file name%.exe&mac=00-0C-29-D6-C5-9B&md5=ace8fd4527cbb1f50d0250340f929a7e 112.124.102.171
hxxp://stat.fjmjm.com/stat/?ac=stat&name=%original file name%.exe&mac=00-0C-29-D6-C5-9B&md5=ace8fd4527cbb1f50d0250340f929a7e 112.124.102.171
hxxp://stat.fjmjm.com/ 112.124.102.171
hxxp://stat.fjmjm.com/web/welcome_cn.htm?ver=2.4.1.9&guid=a44872011f4bb20691dfedc12bc633c760f9c1caf181410db755a78f948f4d0a1401497006&lastver= 112.124.102.171
hxxp://stat.fjmjm.com/web/images/texture.gif 112.124.102.171
hxxp://proxy.sogou.com/?22014
hxxp://stat.fjmjm.com/web/newioage.css 112.124.102.171
hxxp://stat.fjmjm.com/web/images/start_button.jpg 112.124.102.171
hxxp://stat.fjmjm.com/web/images/guide_top.jpg 112.124.102.171
hxxp://njsh.cdn.sogou.com/kan/static/css/DD_belatedPNG_0.0.8a-min.js?t=
hxxp://stat.fjmjm.com/favicon.ico 112.124.102.171
hxxp://proxy.sogou.com/css/skin_.css?V=dr
hxxp://njsh.cdn.sogou.com/imgn/v32/icon4.gif
hxxp://njsh.cdn.sogou.com/v53/imgn/v53_bicos.gif
hxxp://proxy.sogou.com/v53/jsn/v53_123n.js?V=11
hxxp://njsh.cdn.sogou.com/imgn/v32/selogo_111207.png
hxxp://njsh.cdn.sogou.com/imgn/v32/logo_1112293.gif
hxxp://njsh.cdn.sogou.com/imgn/v32/skin2_0.gif
hxxp://njsh.cdn.sogou.com/imgn/v32/setskinbg.gif
hxxp://njsh.cdn.sogou.com/imgn/v32/skin3.gif
hxxp://njsh.cdn.sogou.com/imgu/2014/05/20140508103513_537.gif
hxxp://njsh.cdn.sogou.com/v53/imgn/foot_slider.jpg
hxxp://njsh.cdn.sogou.com/imgu/2013/05/20130531144119_126.png
hxxp://njsh.cdn.sogou.com/v53/imgn/v53_arrow_h.gif
hxxp://njsh.cdn.sogou.com/v53/imgn/v53_2icos.gif
hxxp://njsh.cdn.sogou.com/ads_hz/_ads_2.js?t=778609
hxxp://njsh.cdn.sogou.com/imgn/123ie/search_arrow.gif
hxxp://njsh.cdn.sogou.com/imgn/123ie/setting_icon.gif
hxxp://njsh.cdn.sogou.com/imgu/2013/08/20130820165531_481.gif
hxxp://njsh.cdn.sogou.com/imgn/v51/new-erweima2.png
hxxp://njsh.cdn.sogou.com/imgn/v32/titlebg.png
hxxp://njsh.cdn.sogou.com/imgn/v32/fbg_about.png
hxxp://proxy.sogou.com//v53/get_123_v53.php?block=wt&ver=v53&gfg=1&city=unknown&pid=Af22014&c=1401497012457&method=ajaf&cbf=fn
hxxp://proxy.sogou.com/jsn/hotdata.js?V=1401497012473
hxxp://ctc.ping.sogou.com/pv.gif?uigs_productid=daohang&rdk=1401497012457&img=pv.gif&pars=?rand=1401497012457&suid=null&sduv=1401497012410_8083_00001&ckid=1809_00001_00000_9903_00000_00000&m=null&apid=null&sgtp=null&refer=&page=&pageUrl=http%3A%2F%2F123.sogou.com%2F%3F22014&loc=null&hp=-1&pid=Af22014&ptype=index&pcode=index&yyid=null&skin=null&ver=v53_ie6_dr__4&sys=100&ser=null&sev=null&time=3422
hxxp://njsh.cdn.sogou.com/jsn/citydata.js
hxxp://njsh.cdn.sogou.com/jsn/v33_sugg_ajaj_v40_3.js
hxxp://njsh.cdn.sogou.com/imgn/tips/skin_tips_n1.gif
hxxp://proxy.sogou.com/images/weather/cloudy.gif
hxxp://stat.fjmjm.com/web/PopWinParam.asp?d=2014419&mainver=1.0.0&popver=1.0.0&xmlver=20131020010000 112.124.102.171
hxxp://proxy.sogou.com/dh/dhrc/rec.do?block=gamev2&jsonp=__yx2q&t=1&_stamp=1401497011098
hxxp://ctc.ping.sogou.com/pv.gif?uigs_productid=ufo&ufoid=wan&ptype=jztf2&pcode=index&rdk=1401497014832&img=pv.gif&sourcelist=0011000100006_0011000100007_0011000100008_0011000100009_0011000100010_0011000100011&titlelist=热血沙城_风云无双_仙侠道_大闹天宫OL_万世_Sogou傲剑2
hxxp://njsh.cdn.sogou.com/u/js/ufo2.js
hxxp://njsh.cdn.sogou.com/v53/jsn/main.js?V=107ff6db9da3d62875c7cafb326229a51
hxxp://ctc.ping.sogou.com/pv.gif?uigs_productid=ufo&ufoid=daohang&ptype=indexv53&pcode=index&rdk=1401497020457&refer=&page=搜狗网址导航--网址大全,实用网址,尽在123.sogou.com&pageUrl=http://123.sogou.com/?22014&img=pv.gif&vcode=v53
hxxp://njsh.cdn.sogou.com/v53/imgn/guide_tip.png
hxxp://proxy.sogou.com/v53/get_tj.php?hz=4671656&ids=qiche
hxxp://njsh.cdn.sogou.com/imgu/2014/05/20140526163446_912.jpg
hxxp://njsh.cdn.sogou.com/imgu/2014/05/20140526163242_997.jpg
hxxp://njsh.cdn.sogou.com/imgu/2014/05/20140526163043_207.jpg
hxxp://njsh.cdn.sogou.com/imgu/2014/05/20140527162400_1.jpg
hxxp://njsh.cdn.sogou.com/imgu/2014/05/20140528121906_70.jpg
hxxp://njsh.cdn.sogou.com/imgn/sehome/tjv1/new-ico.png
hxxp://njsh.cdn.sogou.com/imgn/v51/i-ico-2b.png
hxxp://njsh.cdn.sogou.com/imgu/2013/08/20130830161205_609.gif
hxxp://njsh.cdn.sogou.com/imgn/sehome/tjv1/img-news.gif
hxxp://njsh.cdn.sogou.com/imgu/2014/05/20140526170756_638.jpg
hxxp://save2.xdwscache.glb0.lxdns.com/img/news_photo/2014/05/29/mE8bXnNioe2802.jpg
hxxp://save2.xdwscache.glb0.lxdns.com/img/news_photo/2014/05/28/i8g7XZO1lz1162.jpg
hxxp://njsh.cdn.sogou.com/imgn/sehome/tjv1/subnav_v41.png
hxxp://proxy.sogou.com/favicon.ico
hxxp://stat.fjmjm.com/miniindex/ 112.124.102.171
hxxp://stat.fjmjm.com/miniindex/inc/stylemini.css 112.124.102.171
hxxp://stat.fjmjm.com/miniindex/inc/jquery-1.7.2.min.js 112.124.102.171
hxxp://stat.fjmjm.com/miniindex/xinwen.htm?time=undefined 112.124.102.171
hxxp://stat.fjmjm.com/miniindex/nvxing_509_366.htm?time=undefined 112.124.102.171
hxxp://stat.fjmjm.com/miniindex/lieqi_509_366.htm?time=undefined 112.124.102.171
hxxp://stat.fjmjm.com/miniindex/shehui_509_366.htm?time=undefined 112.124.102.171
hxxp://stat.fjmjm.com/miniindex/jiankang_509_366.htm?time=undefined 112.124.102.171
hxxp://stat.fjmjm.com/miniindex/meinv.htm?time=undefined 112.124.102.171
hxxp://taurus.danuoyi.tbcache.com/material/d7/4/a9ac5ed3b828895d94097c8c6faba.jpg
hxxp://taurus.danuoyi.tbcache.com/noname.gif
hxxp://drmcmm.e.shifen.com/media/id=nHRLPjm3nWRY&gp=401&time=nHnLPjmzrHckPs.jpg
hxxp://stat.fjmjm.com/miniindex/images/Untitled-2.gif 112.124.102.171
hxxp://stat.fjmjm.com/miniindex/images/Untitled-1.gif 112.124.102.171
hxxp://stat.fjmjm.com/miniindex/images/Untitled-3.jpg 112.124.102.171
hxxp://stat.fjmjm.com/miniindex/inc/normal_bg.png 112.124.102.171
hxxp://stat.fjmjm.com/miniindex/tj.js 112.124.102.171
hxxp://stat.fjmjm.com/miniindex/inc/ico_new2.png 112.124.102.171
hxxp://stat.fjmjm.com/miniindex/inc/min.png 112.124.102.171
hxxp://stat.fjmjm.com/miniindex/inc/close.png 112.124.102.171
hxxp://stat.fjmjm.com/miniindex/images/b13.jpg 112.124.102.171
hxxp://c.split.cnzz.com/stat.php?id=5645354
hxxp://stat.fjmjm.com/miniindex/inc/style.css 112.124.102.171
hxxp://stat.fjmjm.com/miniindex/images/b15.jpg 112.124.102.171
hxxp://stat.fjmjm.com/miniindex/images/b14.jpg 112.124.102.171
hxxp://stat.fjmjm.com/miniindex/images/b16.jpg 112.124.102.171
hxxp://stat.fjmjm.com/miniindex/images/b17.jpg 112.124.102.171
hxxp://z12.cnzz.com/stat.htm?id=5645354&r=&lg=en-us&ntime=none&repeatip=0&rtime=0&cnzz_eid=334505883-1401514626-&showp=1024x768&st=0&sin=&t=undefinedundefinedundefinedundefinedundefined&rnd=1867437721
hxxp://z12.cnzz.com/stat.htm?id=5645354&r=http://www.mdtxw.org/miniindex/&lg=en-us&ntime=1401514626&repeatip=1&rtime=0&cnzz_eid=334505883-1401514626-&showp=1024x768&st=-17585&sin=none&t=undefinedundefinedundefined&rnd=1049749154
hxxp://c.split.cnzz.com/core.php?web_id=5645354&t=z
hxxp://stat.fjmjm.com/miniindex/images/b18.JPG 112.124.102.171
hxxp://stat.fjmjm.com/miniindex/images/b19.JPG 112.124.102.171
hxxp://stat.fjmjm.com/miniindex/images/aaa4.jpg 112.124.102.171
hxxp://pcookie.split.cnzz.com/9.gif?abc=1&rnd=638924096
hxxp://pcookie.split.cnzz.com/9.gif?abc=1&rnd=1442167295
hxxp://stat.fjmjm.com/miniindex/images/aaa5.jpg 112.124.102.171
hxxp://stat.fjmjm.com/miniindex/images/aaa3.jpg 112.124.102.171
hxxp://z12.cnzz.com/stat.htm?id=5645354&r=http://www.mdtxw.org/miniindex/&lg=en-us&ntime=1401514626&repeatip=2&rtime=0&cnzz_eid=334505883-1401514626-&showp=1024x768&st=-17584&sin=none&t=undefinedundefinedundefined&rnd=2009423305
hxxp://pcookie.split.cnzz.com/9.gif?abc=1&rnd=1777387820
hxxp://stat.fjmjm.com/miniindex/images/aaa6.jpg 112.124.102.171
hxxp://pcookie.split.cnzz.com/app.gif?&cna=g1gQDN5LYhcCAbhrJiZlSzjH
hxxp://stat.fjmjm.com/miniindex/images/aaa1.jpg 112.124.102.171
hxxp://pcookie.split.cnzz.com/app.gif?&cna=g1gQDHTLIRQCAbhrJiaCNLty
hxxp://stat.fjmjm.com/miniindex/images/aaa2.jpg 112.124.102.171
hxxp://pcookie.split.cnzz.com/app.gif?&cna=hFgQDJQD1yMCAbhrJiZnLvFl
hxxp://stat.fjmjm.com/miniindex/images/aaa7.jpg 112.124.102.171
hxxp://stat.fjmjm.com/miniindex/images/aaa8.jpg 112.124.102.171
hxxp://stat.fjmjm.com/miniindex/images/aaa9.jpg 112.124.102.171
hxxp://stat.fjmjm.com/miniindex/images/aaa10.jpg 112.124.102.171
hxxp://pcookie.split.cnzz.com/9.gif?abc=1&rnd=1606805613
hxxp://z12.cnzz.com/stat.htm?id=5645354&r=http://www.mdtxw.org/miniindex/&lg=en-us&ntime=1401514626&repeatip=3&rtime=0&cnzz_eid=334505883-1401514626-&showp=1024x768&st=-17581&sin=none&t=undefinedundefinedundefined&rnd=1410951949
hxxp://pcookie.split.cnzz.com/9.gif?abc=1&rnd=1193153850
hxxp://z12.cnzz.com/stat.htm?id=5645354&r=http://www.mdtxw.org/miniindex/&lg=en-us&ntime=1401514626&repeatip=4&rtime=0&cnzz_eid=334505883-1401514626-&showp=1024x768&st=-17579&sin=none&t=undefinedundefinedundefined&rnd=839400459
hxxp://www.mdtxw.org/miniindex/inc/ico_new2.png 112.124.102.171
hxxp://www.mdtxw.org/miniindex/images/Untitled-2.gif 112.124.102.171
hxxp://p0.123.sogoucdn.com/imgu/2014/05/20140526163242_997.jpg 58.215.147.38
hxxp://pcookie.cnzz.com/app.gif?&cna=g1gQDHTLIRQCAbhrJiaCNLty 42.120.219.171
hxxp://www.mdtxw.org/miniindex/images/aaa1.jpg 112.124.102.171
hxxp://www.mdtxw.org/miniindex/nvxing_509_366.htm?time=undefined 112.124.102.171
hxxp://p3.123.sogoucdn.com/imgn/v51/i-ico-2b.png 114.80.179.224
hxxp://cnzz.mmstat.com/9.gif?abc=1&rnd=1606805613 42.120.219.171
hxxp://p6.123.sogoucdn.com/imgn/123ie/setting_icon.gif 114.80.179.222
hxxp://c.cnzz.com/core.php?web_id=5645354&t=z 42.120.219.6
hxxp://d.123.sogoucdn.com/v53/imgn/v53_arrow_h.gif 58.215.147.40
hxxp://123.sogou.com/css/skin_.css?V=dr 220.181.124.6
hxxp://p4.123.sogoucdn.com/imgn/v32/fbg_about.png 114.80.179.224
hxxp://www.mdtxw.org/miniindex/xinwen.htm?time=undefined 112.124.102.171
hxxp://p4.123.sogoucdn.com/imgu/2014/05/20140508103513_537.gif 114.80.179.224
hxxp://d.123.sogoucdn.com/imgn/v32/icon4.gif 58.215.147.40
hxxp://www.mdtxw.org/miniindex/lieqi_509_366.htm?time=undefined 112.124.102.171
hxxp://hzs10.cnzz.com/stat.htm?id=5645354&r=http://www.mdtxw.org/miniindex/&lg=en-us&ntime=1401514626&repeatip=2&rtime=0&cnzz_eid=334505883-1401514626-&showp=1024x768&st=-17584&sin=none&t=undefinedundefinedundefined&rnd=2009423305 42.156.140.25
hxxp://pic4.xcarimg.com/img/news_photo/2014/05/29/mE8bXnNioe2802.jpg 222.84.167.30
hxxp://p8.123.sogoucdn.com/imgn/tips/skin_tips_n1.gif 222.211.87.167
hxxp://www.mdtxw.org/miniindex/tj.js 112.124.102.171
hxxp://www.mdtxw.org/miniindex/images/b16.jpg 112.124.102.171
hxxp://www.fjmjm.com/web/newioage.css 112.124.102.171
hxxp://123.sogou.com/v53/get_tj.php?hz=4671656&ids=qiche 220.181.124.6
hxxp://www.fjmjm.com/web/welcome_cn.htm?ver=2.4.1.9&guid=a44872011f4bb20691dfedc12bc633c760f9c1caf181410db755a78f948f4d0a1401497006&lastver= 112.124.102.171
hxxp://www.mdtxw.org/miniindex/images/b13.jpg 112.124.102.171
hxxp://www.mdtxw.org/miniindex/inc/close.png 112.124.102.171
hxxp://www.mdtxw.org/miniindex/inc/normal_bg.png 112.124.102.171
hxxp://p1.123.sogoucdn.com/imgn/v32/selogo_111207.png 114.80.179.224
hxxp://d.123.sogoucdn.com/v53/jsn/main.js?V=107ff6db9da3d62875c7cafb326229a51 58.215.147.40
hxxp://p2.123.sogoucdn.com/imgu/2013/05/20130531144119_126.png 114.80.179.224
hxxp://www.mdtxw.org/miniindex/inc/stylemini.css 112.124.102.171
hxxp://p3.123.sogoucdn.com/imgn/sehome/tjv1/new-ico.png 114.80.179.224
hxxp://www.mdtxw.org/miniindex/images/b14.jpg 112.124.102.171
hxxp://d.123.sogoucdn.com/v53/imgn/v53_bicos.gif 58.215.147.40
hxxp://p5.123.sogoucdn.com/imgn/v32/logo_1112293.gif 58.215.147.36
hxxp://hzs10.cnzz.com/stat.htm?id=5645354&r=&lg=en-us&ntime=none&repeatip=0&rtime=0&cnzz_eid=334505883-1401514626-&showp=1024x768&st=0&sin=&t=undefinedundefinedundefinedundefinedundefined&rnd=1867437721 42.156.140.25
hxxp://cnzz.mmstat.com/9.gif?abc=1&rnd=638924096 42.120.219.171
hxxp://p0.123.sogoucdn.com/imgn/v32/skin3.gif 58.215.147.38
hxxp://www.mdtxw.org/miniindex/images/aaa7.jpg 112.124.102.171
hxxp://123.sogou.com/favicon.ico 220.181.124.6
hxxp://www.mdtxw.org/miniindex/images/Untitled-1.gif 112.124.102.171
hxxp://p1.123.sogoucdn.com/imgu/2014/05/20140526163446_912.jpg 114.80.179.224
hxxp://d.123.sogoucdn.com/v53/imgn/guide_tip.png 58.215.147.40
hxxp://hzs10.cnzz.com/stat.htm?id=5645354&r=http://www.mdtxw.org/miniindex/&lg=en-us&ntime=1401514626&repeatip=1&rtime=0&cnzz_eid=334505883-1401514626-&showp=1024x768&st=-17585&sin=none&t=undefinedundefinedundefined&rnd=1049749154 42.156.140.25
hxxp://123.sogou.com//v53/get_123_v53.php?block=wt&ver=v53&gfg=1&city=unknown&pid=Af22014&c=1401497012457&method=ajaf&cbf=fn 220.181.124.6
hxxp://hzs10.cnzz.com/stat.htm?id=5645354&r=http://www.mdtxw.org/miniindex/&lg=en-us&ntime=1401514626&repeatip=4&rtime=0&cnzz_eid=334505883-1401514626-&showp=1024x768&st=-17579&sin=none&t=undefinedundefinedundefined&rnd=839400459 42.156.140.25
hxxp://www.mdtxw.org/miniindex/inc/style.css 112.124.102.171
hxxp://cnzz.mmstat.com/9.gif?abc=1&rnd=1193153850 42.120.219.171
hxxp://p5.123.sogoucdn.com/imgu/2013/08/20130830161205_609.gif 58.215.147.36
hxxp://www.mdtxw.org/miniindex/inc/min.png 112.124.102.171
hxxp://p0.123.sogoucdn.com/imgu/2014/05/20140526170756_638.jpg 58.215.147.38
hxxp://p4.123.sogoucdn.com/imgn/v32/selogo_111207.png 114.80.179.224
hxxp://cache.adm.cnzz.net/material/d7/4/a9ac5ed3b828895d94097c8c6faba.jpg 114.80.174.40
hxxp://p8.123.sogoucdn.com/imgn/v32/selogo_111207.png 222.211.87.167
hxxp://www.mdtxw.org/miniindex/images/aaa8.jpg 112.124.102.171
hxxp://p7.123.sogoucdn.com/imgn/123ie/search_arrow.gif 222.211.87.163
hxxp://pb.sogou.com/pv.gif?uigs_productid=ufo&ufoid=daohang&ptype=indexv53&pcode=index&rdk=1401497020457&refer=&page=搜狗网址导航--网址大全,实用网址,尽在123.sogou.com&pageUrl=http://123.sogou.com/?22014&img=pv.gif&vcode=v53 220.181.124.14
hxxp://d.123.sogoucdn.com/v53/imgn/foot_slider.jpg 58.215.147.40
hxxp://d.123.sogoucdn.com/kan/static/css/DD_belatedPNG_0.0.8a-min.js?t= 58.215.147.40
hxxp://p3.123.sogoucdn.com/imgn/sehome/tjv1/img-news.gif 114.80.179.224
hxxp://hzs10.cnzz.com/stat.htm?id=5645354&r=http://www.mdtxw.org/miniindex/&lg=en-us&ntime=1401514626&repeatip=3&rtime=0&cnzz_eid=334505883-1401514626-&showp=1024x768&st=-17581&sin=none&t=undefinedundefinedundefined&rnd=1410951949 42.156.140.25
hxxp://www.mdtxw.org/miniindex/shehui_509_366.htm?time=undefined 112.124.102.171
hxxp://cnzz.mmstat.com/9.gif?abc=1&rnd=1777387820 42.120.219.171
hxxp://www.mdtxw.org/miniindex/inc/jquery-1.7.2.min.js 112.124.102.171
hxxp://p3.123.sogoucdn.com/imgn/v51/new-erweima2.png 114.80.179.224
hxxp://www.mdtxw.org/miniindex/images/b19.JPG 112.124.102.171
hxxp://www.mdtxw.org/miniindex/meinv.htm?time=undefined 112.124.102.171
hxxp://p5.123.sogoucdn.com/imgu/2014/05/20140526163043_207.jpg 58.215.147.36
hxxp://www.jlbnh.com/ 112.124.102.171
hxxp://pic2.xcarimg.com/img/news_photo/2014/05/28/i8g7XZO1lz1162.jpg 222.84.167.30
hxxp://p1.123.sogoucdn.com/imgn/v32/skin2_0.gif 114.80.179.224
hxxp://www.mdtxw.org/miniindex/images/aaa2.jpg 112.124.102.171
hxxp://www.fjmjm.com/web/images/start_button.jpg 112.124.102.171
hxxp://wan.sogou.com/dh/dhrc/rec.do?block=gamev2&jsonp=__yx2q&t=1&_stamp=1401497011098 180.149.156.72
hxxp://www.fjmjm.com/web/images/texture.gif 112.124.102.171
hxxp://p1.123.sogoucdn.com/imgu/2014/05/20140528121906_70.jpg 114.80.179.224
hxxp://pb.sogou.com/pv.gif?uigs_productid=ufo&ufoid=wan&ptype=jztf2&pcode=index&rdk=1401497014832&img=pv.gif&sourcelist=0011000100006_0011000100007_0011000100008_0011000100009_0011000100010_0011000100011&titlelist=热血沙城_风云无双_仙侠道_大闹天宫OL_万世_Sogou傲剑2 220.181.124.14
hxxp://www.mdtxw.org/miniindex/images/aaa4.jpg 112.124.102.171
hxxp://d.123.sogou.com/jsn/v33_sugg_ajaj_v40_3.js 222.211.87.171
hxxp://pcookie.cnzz.com/app.gif?&cna=hFgQDJQD1yMCAbhrJiZnLvFl 42.120.219.171
hxxp://p0.123.sogoucdn.com/imgn/v32/titlebg.png 58.215.147.38
hxxp://drmcmm.baidu.com/media/id=nHRLPjm3nWRY&gp=401&time=nHnLPjmzrHckPs.jpg 202.108.23.74
hxxp://p0.123.sogoucdn.com/imgn/sehome/tjv1/subnav_v41.png 58.215.147.38
hxxp://d.123.sogoucdn.com/ads_hz/_ads_2.js?t=778609 58.215.147.40
hxxp://pcookie.cnzz.com/app.gif?&cna=g1gQDN5LYhcCAbhrJiZlSzjH 42.120.219.171
hxxp://d.123.sogou.com/jsn/citydata.js 222.211.87.171
hxxp://www.mdtxw.org/miniindex/jiankang_509_366.htm?time=undefined 112.124.102.171
hxxp://cnzz.mmstat.com/9.gif?abc=1&rnd=1442167295 42.120.219.171
hxxp://www.mdtxw.org/miniindex/ 112.124.102.171
hxxp://p8.123.sogoucdn.com/imgu/2014/05/20140527162400_1.jpg 222.211.87.167
hxxp://www.fjmjm.com/web/images/guide_top.jpg 112.124.102.171
hxxp://www.mdtxw.org/miniindex/images/aaa5.jpg 112.124.102.171
hxxp://d.123.sogoucdn.com/v53/imgn/v53_2icos.gif 58.215.147.40
hxxp://www.mdtxw.org/miniindex/images/Untitled-3.jpg 112.124.102.171
hxxp://www.mdtxw.org/miniindex/images/aaa6.jpg 112.124.102.171
hxxp://pb.sogou.com/pv.gif?uigs_productid=daohang&rdk=1401497012457&img=pv.gif&pars=?rand=1401497012457&suid=null&sduv=1401497012410_8083_00001&ckid=1809_00001_00000_9903_00000_00000&m=null&apid=null&sgtp=null&refer=&page=&pageUrl=http%3A%2F%2F123.sogou.com%2F%3F22014&loc=null&hp=-1&pid=Af22014&ptype=index&pcode=index&yyid=null&skin=null&ver=v53_ie6_dr__4&sys=100&ser=null&sev=null&time=3422 220.181.124.14
hxxp://123.sogou.com/images/weather/cloudy.gif 220.181.124.6
hxxp://123.sogou.com/?22014 220.181.124.6
hxxp://cache.adm.cnzz.net/noname.gif 114.80.174.40
hxxp://www.mdtxw.org/miniindex/images/aaa9.jpg 112.124.102.171
hxxp://123.sogou.com/jsn/hotdata.js?V=1401497012473 220.181.124.6
hxxp://p6.123.sogoucdn.com/imgu/2013/08/20130820165531_481.gif 114.80.179.222
hxxp://www.mdtxw.org/miniindex/images/b15.jpg 112.124.102.171
hxxp://www.mdtxw.org/miniindex/images/b17.jpg 112.124.102.171
hxxp://123.sogou.com/v53/jsn/v53_123n.js?V=11 220.181.124.6
hxxp://p0.123.sogoucdn.com/u/js/ufo2.js 58.215.147.38
hxxp://p3.123.sogoucdn.com/imgn/v32/setskinbg.gif 114.80.179.224
hxxp://www.mdtxw.org/miniindex/images/b18.JPG 112.124.102.171
hxxp://www.mdtxw.org/miniindex/images/aaa10.jpg 112.124.102.171
hxxp://www.mdtxw.org/miniindex/images/aaa3.jpg 112.124.102.171
hxxp://s9.cnzz.com/stat.php?id=5645354 1.99.192.15
hxxp://www.fjmjm.com/favicon.ico 112.124.102.171
down.icudi.org 222.186.60.12


IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

ET POLICY HTTP Request on Unusual Port Possibly Hostile

Traffic

GET /v53/imgn/guide_tip.png HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: d.123.sogoucdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Sat, 31 May 2014 05:36:46 GMT
Content-Type: image/png
Content-Length: 10442
Last-Modified: Thu, 14 Nov 2013 11:00:56 GMT
Connection: keep-alive
Accept-Ranges: bytes
.PNG........IHDR.......J.......D.....tEXtSoftware.Adobe ImageReadyq.e&
lt;...$iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.0-c061 64.140949, 2010/12/07-10:57:01        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CS5.1 Macintosh" xmpMM:InstanceID="xmp.iid:CEC0416D02FB11E388CB8B
2E3040A42A" xmpMM:DocumentID="xmp.did:CEC0416E02FB11E388CB8B2E3040A42A
"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:CEC0416B02FB11E3
88CB8B2E3040A42A" stRef:documentID="xmp.did:CEC0416C02FB11E388CB8B2E30
40A42A"/> </rdf:Description> </rdf:RDF> </x:xmpmeta&
gt; <?xpacket end="r"?>.Z....%<IDATx..].....&.(..."...ky.....
.f...7..........W@%.`..@A.*(...P..;K......E|..;g.....?[....>.<..
...........i......h-....@_~.. _&.2%...<..........k......w.d./.....U
 8..r./=|..9.{.P .IT.r.J.b].|...3|....../7....]1..=?..M]Y.f.....n...7l
.:w......Vk?.gkk 8.z..........ps...^p........P-....Z..._.6l.....KWWW.j
jj...........Q..P.~.|..Y..O......... .}...GI...3k..#......KS.....n..r.
rm..../.....'JUUU..aIT....V......4...]P.......M.....Y..xju6...2...|.o3
......?...>X\..V[[......}(//........o.CEM...f.N..Z.....O. ..7hU.qC=
p&/........@.|'gA.1.>.$....{@t..P...um..A..8..].v.;..D.b.]..ss.
<<< skipped >>>


GET /imgn/sehome/tjv1/subnav_v41.png HTTP/1.1
Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: p0.123.sogoucdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Sat, 31 May 2014 05:36:57 GMT
Content-Type: image/png
Content-Length: 3655
Last-Modified: Mon, 28 Jan 2013 13:46:09 GMT
Connection: keep-alive
Expires: Mon, 30 Jun 2014 05:36:57 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
.PNG........IHDR...............x.....sBIT.....O.....PLTE"5R..L4s...$.?
....fff............iV*.ji......t.........hC...)Bd.....k...........f...
...9..............Q`w..Y[ZZ.......YRGGG;`......k.4/..B..E...J..f......
....`.....}...-D.....zq...f......rP..T........N....eW...i|...r..`..LGt
...dR....<..................O....T..........MI.../Kr.J-...........t
..e.....}}.....333..I......wvw`..I}........iC......4U.....( ..........
.......3.....W.....:.."w....S........n..x.....B.....\..sAj...r..b.....
...d...........}b...........IYq...9X......Jr......m9.....Q.........]..
.....a..:.yR..G......Lz.k..........~..f........IEq...Qp........... Fj.
...............................m..Ko....^9].........z........jW.......
.T....S7Qs.....[..W..C..J....................................b..Cm.R}.
...........J..')Jk{.......:..cl..=d......k..;..H.....jLt.B..f....tRNS.
......................................................................
......................................................................
......................................................................
.............................................s.......pHYs...........~.
....tEXtSoftware.Adobe FireworksO..N....tEXtXML:com.adobe.xmp.<?xpa
cket begin="   " id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmln
s:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/
02/12-17:32:00        "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1
999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:x
mp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com
<<< skipped >>>


GET /imgn/sehome/tjv1/img-news.gif HTTP/1.1
Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: p3.123.sogoucdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Sat, 31 May 2014 05:36:47 GMT
Content-Type: image/gif
Content-Length: 225
Last-Modified: Fri, 11 Jan 2013 08:57:48 GMT
Connection: keep-alive
Expires: Mon, 30 Jun 2014 05:36:47 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
GIF89a................................................................
.......................................!.......,..........^...dY"I"(..
.pl...$.0.|..6... .P..c..1....psF..TbZM......M${[email protected]
%.fD...)..#.!.;HTTP/1.1 200 OK..Server: nginx/1.4.1..Date: Sat, 31 May
 2014 05:36:47 GMT..Content-Type: image/gif..Content-Length: 225..Last
-Modified: Fri, 11 Jan 2013 08:57:48 GMT..Connection: keep-alive..Expi
res: Mon, 30 Jun 2014 05:36:47 GMT..Cache-Control: max-age=2592000..Ac
cept-Ranges: bytes..GIF89a............................................
...........................................................!.......,..
........^...dY"I"(...pl...$.0.|..6... .P..c..1....psF..TbZM......M${.S
[email protected]%.fD...)..#.!.;..



GET /stat.htm?id=5645354&r=http://VVV.mdtxw.org/miniindex/&lg=en-us&ntime=1401514626&repeatip=4&rtime=0&cnzz_eid=334505883-1401514626-&showp=1024x768&st=-17579&sin=none&t=undefinedundefinedundefined&rnd=839400459 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/meinv.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: hzs10.cnzz.com
Connection: Keep-Alive
Cookie: cna=hFgQDJQD1yMCAbhrJiZnLvFl


HTTP/1.1 200 OK
Server: Tengine/1.4.1
Date: Sat, 31 May 2014 05:37:12 GMT
Content-Type: image/gif
Content-Length: 43
Last-Modified: Tue, 28 May 2013 02:57:17 GMT
Connection: close
Accept-Ranges: bytes
GIF89a.............!.......,...........D..;..



GET /miniindex/images/b14.jpg HTTP/1.1
Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/xinwen.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 40898
Content-Type: image/jpeg
Last-Modified: Mon, 14 Apr 2014 07:49:40 GMT
Accept-Ranges: bytes
ETag: "0c21517b657cf1:416"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 05:37:10 GMT
......JFIF.....H.H..... Exif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................H.......H
....Adobe Photoshop CS Windows.2014:04:14 15:49:39....................
.................................................................&.(..
.......................................H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................f...."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?.....N%.....Dj...V}../t.}..../...*.
KH.\7W.7t..9..>...............u............v..e. 8.......u~.....?..
... .Y[...m5...5..^.c..7{.......q>...[...'.....7.Y.....L.........L.
..K..8...).K.....:.........&..'....\.j.E.....G.-g2.t-...h....SE8....g.
.N.0..t...tQe.)....tm...k. .......ur>.....Lhm..[.#MWB.2K W>>.
?r.......v.=..D...`....S...}^..V..b.u.c.V..2.j&......=..\}.....Vh..G.k
mc...H./N..T.....m~...l;..i..r,kE..\.......3].....?..?1.c.8......e....
.j.DJ.....=......B.....z.G...62.X...4.......*wu....mk...~j..'.. .q.w.&
gt;. .4..9.>....W.F.o..'.i.y&.../c.P.K..gN..~T..2...D.LsOhU.gtB....
@.x.UNY*&.P..US...pn..W4...u[...b.<[email protected]
<<< skipped >>>

GET /miniindex/images/aaa3.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/meinv.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 67971
Content-Type: image/jpeg
Last-Modified: Mon, 14 Apr 2014 09:29:12 GMT
Accept-Ranges: bytes
ETag: "0a4acfec357cf1:416"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 05:37:11 GMT
......JFIF.....`.`.....fExif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................`.......`
....Adobe Photoshop CS Windows.2014:04:14 17:01:17....................
.................................................................&.(..
...............................0.......H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................x...."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?..EU....G.S.........H)..3.....?{..$
..k..7}.?..t ...N&`|..~......d.&.............. y...q.........?...K..l.
....R......?...v..I.g.Dy6...w.n......m..R...?.j.....lI i...G.o.>...
}......E.nuB.5$3.......}...e.c.E8-6.[.v...k_f......k)o......]......6..
.1..s......_.. .....].....7..g....z...w.k...j.~..........]..[.P#k.}nic
.?....\....Z...9.]=.O.f......Pyy..L......u....v.z...G..........u.....n
....n......"[email protected]\OG*...s..*...e..kl;^.....W...W...Y..o.....7....s}.
Xw4.i......c..5...g....N'VcH...A.g....%..Dw.....fQw...9pV...w8.6....{.
....]...q=7)...e........z.#.^.e.;..~;...JYW...U...Z.:*W......U?s_.....
.....B...H*L.A... .N.(...3..Q.._.U..A..:....?.........~.._.>z.Y
<<< skipped >>>

GET /miniindex/images/aaa5.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/meinv.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 71321
Content-Type: image/jpeg
Last-Modified: Mon, 14 Apr 2014 09:29:12 GMT
Accept-Ranges: bytes
ETag: "0a4acfec357cf1:416"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 05:37:12 GMT
......JFIF.....`.`......Exif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................`.......`
....Adobe Photoshop CS Windows.2014:04:14 17:10:25....................
.................................................................&.(..
.......................................H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................x...."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'[email protected][email protected]..../..d.
v.;...q.h.#!.m.....;......Y..... Z~..7z?O....wu7.....S..Y.m.d{.=../...
m..........o..{......m.f....-yu.|.$..s......?.P...~.}_...znP}.....k..I
>..........k.....Ll..o.#..UuD:.Xv......~.}l.... ."..q......O.Y,h.,.
k............u.6..{@..#...l?..~.e..-~K=#.M...[.......H....^...?.......
f.[_H%. <....l....p..r..6m/{a.N. .5.8......9.u...@....'.;..Wg..]lT.
............9...o.uW.Q..a.... ........YV3.<..n.ZD~...Z.....)..iu.s.
..O...}..&...O%..:.6.q..WI.o...Uf...:X..'rfB"......Y..I..v.......k7.5.
.....:L..&>j.X.SN=T.U]O%..F.d.....MN....j......?9.*...y.1..b<..g
:.dd.............T`<.,.ku....r...Z0.,8....,{.u.2.\...OQq..[....
<<< skipped >>>

GET /miniindex/images/aaa6.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/meinv.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 40601
Content-Type: image/jpeg
Last-Modified: Mon, 14 Apr 2014 09:29:12 GMT
Accept-Ranges: bytes
ETag: "0a4acfec357cf1:416"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 05:37:12 GMT
......JFIF.....`.`.....cExif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................`.......`
....Adobe Photoshop CS Windows.2014:04:14 17:17:06....................
.................................................................&.(..
...............................-.......H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................x...."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?....`..r.Z..l.t...q-..deLOaN;..._.=
t.1.K.7...... ..m.1.;..gs....rf.....a.c.44....mZ.u.4...c..v9...utx?\l.
......@l$7i?E.5...?........d.........E"...k*......c..........s.^.]W..u
,'.\.>.#..E.:..N.f.../M{...2|.k.h.@>..-f..g}..[.u...a..9..4.....
.......-q.)%..'$..>.......... :.E......S...K.....qr,....`x'e. .?5..
.#....hz^..`.cN.. .|.#.....2>z%ji.J.s}..4.c.....a...C..u...\.mS....
.`....A3......l(4C..Uo.x.n.... .U@...{{......vRw........i..M{...8.u..:
.......!q...@t[.KG.{....1>........-k...*C....$.R;...Z...,< u;}6.
5'.......6.....x...)...l-s}..H.)......bh.h.k/....o5.u,WWy.y....w5.~...
^..wz~.}.W....o....t%@Z.'@....S=@.#..n...Sa.H.{J...V..Wcn{F&.....^
<<< skipped >>>

GET /miniindex/images/aaa1.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/meinv.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 45855
Content-Type: image/jpeg
Last-Modified: Mon, 14 Apr 2014 09:29:12 GMT
Accept-Ranges: bytes
ETag: "0a4acfec357cf1:416"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 05:37:13 GMT
......JFIF.....`.`......Exif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................`.......`
....Adobe Photoshop CS Windows.2014:04:14 16:43:10....................
.....................^...........................................&.(..
...............................w.......H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................A...."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?..~..e........l%.....Y{.m.9..V.[..^
...3..4N..X.........m.. .U.?....u.Q.y....!.9....NN.S\....*......Z?...d
`uW.9.....1{..Xo..G....V.~{.W....S. .09*P.~..}_V.......qlr......K.zKP.
}g.y....nE..5.8TN!{....K\.O.w...UuZ....[U....t.....6<u.....[..[_S..
..I...g........^.h.^?..*Et.["..\CZ.K.x...s.........y..QwM.>..w.....
.Z..EWdc.Z.,.........k}e...Z..3G7....I....y]?Xp......N8~]..m.4}..#!...
.W................w.K\..B4#.....{(cf.g...k.}o.....<....o...>.#1.
^.D....y__...u..7]g...[..>.]......Y.w..WW.Z..-q.B4\?B.......2.FV].s
l..z..W4[.{.s....A....I.\.j...UR].1..8.;..nw... .bH.<Z]o..tN.......
UU.7.c.eU....Z......tN...]E.....H....-...u.......*.72..MM..Y.r..v.
<<< skipped >>>

GET /miniindex/images/aaa7.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/meinv.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 24446
Content-Type: image/jpeg
Last-Modified: Mon, 14 Apr 2014 09:29:12 GMT
Accept-Ranges: bytes
ETag: "0a4acfec357cf1:416"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 05:37:13 GMT
......JFIF.....`.`......Exif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................`.......`
....Adobe Photoshop CS Windows.2014:04:14 17:21:08....................
.........}...........~...........................................&.(..
.......................................H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................~.}.."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?.......\.......'..r~....N.....F...:
.......e..P4.....z6.tuf...c,n.j.N....Q.=..;<.'...X.....:.'A....:W@.
.0]s..V....G.......P.O.`|...2.ve..Ya;...a#-5)[email protected].. .......O.h.n
....i;M..s... c].....gfSsG.]#.5..|.K.a.X..!.c.:.O.....&.....~v....}i..
..r.}.u.>f..7m../.......\.r..II$..RS9 .*.'.M.g.J..S...J.Gu.32.I)...
.u<..k-;[.]...]o...9C9.Yok1\.q&...Z.....&...d ...r~..A.V.....K...%y
g....}1.... .}......~.......V...\KY..<.T9"j...ZOceX..h...@#.<..O
..j.syQ.F&.$.......&.K] ....W=.>.tN./..b.#[i..|l.......h....:L...W.
f}Y..X..2$:?;.aK....9. w..........O........]..1^....u.{3.l..z.....{...
v..kY;~.......4Y.cZ..:...X...........x"..i>.,p..6.`.O.c........
<<< skipped >>>

GET /miniindex/images/aaa8.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/meinv.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 22801
Content-Type: image/jpeg
Last-Modified: Mon, 14 Apr 2014 09:29:12 GMT
Accept-Ranges: bytes
ETag: "0a4acfec357cf1:416"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 05:37:13 GMT
......JFIF.....`.`......Exif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................`.......`
....Adobe Photoshop CS Windows.2014:04:14 17:23:40....................
.........}...........~...........................................&.(..
.......................................H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................~.}.."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?....8.|.d[..[....."S...`..2H0EgQ...
]V.w.E.........,.!!.....K.W...]..._..m.#L...%..Sr...X^Y.io?.... .c....
.h.P...hx:....{>.=.3k...;.......6.m{=.{H.......l.J#QOU.....k..M_...
....V...t..`e...n....... .6...i.. ...V....'9'9........Cs.9.e.)w9Cv..r.
......&@......*..*.,.d..U.-qo..Lgb.sKO..}..x......r..W%. ..m....)..k~M
-...=....az=....d....c..K....3.$.7.A.?..;.f~....a.hm..n...^h.Ttnr.$.s.
.=......f...J....?..F."......q...p..8..q..{~..r?X.C.....~....(i._...w.
h...V.C.'h...?.w..c9...z......^sz.NNSi.t......).....B.n......>../..
Uuy.5....KgY....p. .5..?...s.[6"..I........C~.<....:..s.e:...#.c.%.
W..c.#.).P.|Rs.%=....M..'B.y....fz.eZm....S..r.J...~....O.l.~..S..
<<< skipped >>>

GET /miniindex/images/aaa10.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/meinv.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 23965
Content-Type: image/jpeg
Last-Modified: Mon, 14 Apr 2014 09:29:12 GMT
Accept-Ranges: bytes
ETag: "0a4acfec357cf1:416"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 05:37:13 GMT
......JFIF.....`.`......Exif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................`.......`
....Adobe Photoshop CS Windows.2014:04:14 17:28:23....................
.........}...........~...........................................&.(..
...............................Z.......H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................~.}.."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?..Y. Cn..gE.Y.K.\i..6.[[..........4
.E/?.x.-|[email protected]..(...{....;}....}N.9....`. R5...-...eD{~%Qn#...zGU.&g
t;...l..5h.p...8.".. F......j.>...]`..vCvC..H........T.:1S3xp......
88...(...]..E).a .9B.......%:r.f.............;][email protected]
he..;g.T=J6.=_.z...`.=..N.,l..R.S..L.<O.n...../...p.F..QH.  r.1..]W
[email protected]>......
Vw....{.....9...;ts7.Ut....O.`S.qD~ .8I.Z.D.......?*.~.tS.]v63........
gf...ee.:..&7Y.W._.[]l...!.p..X.W..r#....W...f.... .....z^e..me...H...
b...,.7p.4.)..q..!.q%.9WEpF..c...M{m..........{.[p.5!.. [email protected]
..>....B7...P....1....q...<d.....|..i........89.....U..5ul.7
<<< skipped >>>


GET /media/id=nHRLPjm3nWRY&gp=401&time=nHnLPjmzrHckPs.jpg HTTP/1.1
Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/shehui_509_366.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: drmcmm.baidu.com
Connection: Keep-Alive


HTTP/1.1 404 Not Found
Content-Type: text/html
Date: Sat, 31 May 2014 05:37:05 GMT
Server: apache
Content-Length: 345
<?xml version="1.0" encoding="iso-8859-1"?>.<!DOCTYPE html PU
BLIC "-//W3C//DTD XHTML 1.0 Transitional//EN".         "hXXp://VVV.w3.
org/TR/xhtml1/DTD/xhtml1-transitional.dtd">.<html xmlns="hXXp://
VVV.w3.org/1999/xhtml" xml:lang="en" lang="en">. <head>.  <
;title>404 - Not Found</title>. </head>. <body>. 
 <h1>404 - Not Found</h1>. </body>.</html>...



GET /imgu/2013/08/20130830161205_609.gif HTTP/1.1
Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: p5.123.sogoucdn.com
Connection: Keep-Alive

GET /imgu/2013/08/20130830161205_609.gif HTTP/1.1
Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: p5.123.sogoucdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Sat, 31 May 2014 05:36:50 GMT
Content-Type: image/gif
Content-Length: 13241
Last-Modified: Fri, 30 Aug 2013 08:12:05 GMT
Connection: keep-alive
Expires: Mon, 30 Jun 2014 05:36:50 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
GIF89a........;\.%...1..... ........ .................................
.......................................!..XMP DataXMP<?xpacket begi
n="..." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adob
e:ns:meta/" x:xmptk="Adobe XMP Core 4.1-c034 46.272976, Sat Jan 27 200
7 22:37:37        ">.   <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/19
99/02/22-rdf-syntax-ns#">.      <rdf:Description rdf:about="".  
          xmlns:xap="hXXp://ns.adobe.com/xap/1.0/">.         <xa
p:CreatorTool>Adobe Fireworks CS3</xap:CreatorTool>.         
<xap:CreateDate>2007-01-04T22:10:31Z</xap:CreateDate>.    
     <xap:ModifyDate>2013-08-30T08:11:54Z</xap:ModifyDate>
.      </rdf:Description>.      <rdf:Description rdf:about=""
.            xmlns:dc="hXXp://purl.org/dc/elements/1.1/">.         
<dc:format>image/gif</dc:format>.      </rdf:Descriptio
n>.   </rdf:RDF>.</x:xmpmeta>.                         
                                                                      
     .                                                                
                                    .                                 
                                                                   .  
                                                                      
                            .                                         
                                                           .          
                                                                  
<<< skipped >>>


GET /miniindex/images/aaa3.jpg HTTP/1.1
Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/meinv.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 67971
Content-Type: image/jpeg
Last-Modified: Mon, 14 Apr 2014 09:29:12 GMT
Accept-Ranges: bytes
ETag: "0a4acfec357cf1:416"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 05:37:07 GMT
......JFIF.....`.`.....fExif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................`.......`
....Adobe Photoshop CS Windows.2014:04:14 17:01:17....................
.................................................................&.(..
...............................0.......H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................x...."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?..EU....G.S.........H)..3.....?{..$
..k..7}.?..t ...N&`|..~......d.&.............. y...q.........?...K..l.
....R......?...v..I.g.Dy6...w.n......m..R...?.j.....lI i...G.o.>...
}......E.nuB.5$3.......}...e.c.E8-6.[.v...k_f......k)o......]......6..
.1..s......_.. .....].....7..g....z...w.k...j.~..........]..[.P#k.}nic
.?....\....Z...9.]=.O.f......Pyy..L......u....v.z...G..........u.....n
....n......"[email protected]\OG*...s..*...e..kl;^.....W...W...Y..o.....7....s}.
Xw4.i......c..5...g....N'VcH...A.g....%..Dw.....fQw...9pV...w8.6....{.
....]...q=7)...e........z.#.^.e.;..~;...JYW...U...Z.:*W......U?s_.....
.....B...H*L.A... .N.(...3..Q.._.U..A..:....?.........~.._.>z.Y
<<< skipped >>>

GET /miniindex/images/aaa9.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/meinv.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 23028
Content-Type: image/jpeg
Last-Modified: Mon, 14 Apr 2014 09:29:12 GMT
Accept-Ranges: bytes
ETag: "0a4acfec357cf1:416"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 05:37:09 GMT
......JFIF.....`.`.....DExif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................`.......`
....Adobe Photoshop CS Windows.2014:04:14 17:26:02....................
.........}...........~...........................................&.(..
.......................................H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................~.}.."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?...m/.'....s.........5n....?.T<x
...S [email protected].]..~.UC [email protected].\.)k..$..?....uln...
.}........N...v..(.. .%Oc.Ki............1.KA\.B.wQ..9.m.m .!....#s.|..
...G..3..o.........8}..c}m. v?P......A.H......PDvY.S.......t...M$v.LA.
.O3..0...c..6K.......u.P....v...>......[....X...lct..5....U.4..!..z
....z.....o.p..u<....u`4i. y=q...c.TX.....qY...}.,p,..p..J~(HkWi...
u....y..N....)p....^..._Q.fM\Z. vt/%.....H8...l.......Wv>G.lt2..N..
....'e..5kO....O..6..2[..d\....o...k..G...... ..A~...^..X.)s.Hm.p-=.n.
............{L.q..........t..r5...........b......i.y*A..(.%..xR.ap....
[email protected](L..p;........a..........gHu}...>>.....ZX.$...
<<< skipped >>>

GET /miniindex/inc/style.css HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/xinwen.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 3717
Content-Type: text/css
Last-Modified: Thu, 10 Apr 2014 16:40:38 GMT
Accept-Ranges: bytes
ETag: "0c7479adb54cf1:416"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 05:37:09 GMT
*{margin:0px;padding:0px;}..html,body {overflow: hidden;}..body {font:
 12px/18px Simsun, Helvetica, Arial, sans-serif; text-align: center; f
ont-size-adjust: none; font-stretch: normal;}..ul ,li{list-style: none
;}..a {color: rgb(51, 51, 51); text-decoration: none;}..a:hover {color
: rgb(189, 10, 1); text-decoration: underline;}..a,img{border:0px;}...
focus_filter {left: 0px; width: 100%; text-align: center; bottom: 0px;
 display: block; position: absolute; z-index: 3; cursor: pointer;}...f
ocus_filter {background: rgb(0, 0, 0); height: 21px; z-index: 1; opaci
ty: 0.6; -moz-opacity: 0.6;}...main {background: rgb(255, 255, 255); p
adding: 14px 0px 0px 14px; width: 509px; height: 352px; text-align: le
ft; float: left; position: relative; -ms-zoom: 1;}...main_left {backgr
ound: rgb(255, 255, 255); width: 222px; overflow: hidden; padding-righ
t: 20px; float: left;}...product_yl .list_news_yl1 {padding: 4px 0px; 
margin-bottom: 3px; border-bottom-color: rgb(139, 140, 140); border-bo
ttom-width: 1px; border-bottom-style: dotted;}...mod_left {margin-top:
 10px;}...list_pic {width: 222px; overflow: hidden; -ms-zoom: 1;}...li
st_pic ul {width: 232px;}...list_pic li {margin-right: 10px; float: le
ft;}...list_pic li a {padding: 2px; border: 1px solid rgb(221, 223, 22
2); width: 100px; float: left;}...list_pic li a img {width: 100px; hei
ght: 65px;}...list_pic li a span {height: 19px; text-align: center; pa
dding-top: 6px; display: block; cursor: pointer;}...list_pic li a:hove
r {text-decoration: none;}...list_pic li a:hover img {text-decorat
<<< skipped >>>


GET /web/PopWinParam.asp?d=2014419&mainver=1.0.0&popver=1.0.0&xmlver=20131020010000 HTTP/1.1
User-Agent: Crazyk
Host: stat.fjmjm.com
Cookie: ASPSESSIONIDACSSDCBR=NKKOEGAAPENKOOBMGHIOMHBJ


HTTP/1.1 200 OK
Date: Sat, 31 May 2014 05:36:40 GMT
Server: Microsoft-IIS/6.0
Who: ShanIE
Content-Length: 4659
Content-Type: text/html
Cache-control: private
..<?xml version="1.0" encoding="gb2312"?>..<SoftwareConfig>
;..  <Version>20140531133640</Version>..  <Popwin>..
.    <Item id="1">..      <Subject>........</Subject>
;..      <WinWidth>708</WinWidth>..      <WinHeight>
404</WinHeight>..      <StartUpPosition>0</StartUpPosit
ion>..      <URL>hXXp://VVV.mdtxw.org/miniindex/</URL> 
..      <StartUpTime>10</StartUpTime>..      <ShowIntev
al>7200</ShowInteval>..      <AutoClose>600</AutoClo
se>..      <isShow>1</isShow>..    </Item>..    &
lt;Item id="2">..      <Subject>........</Subject>..   
  <WinWidth>300</WinWidth>..      <WinHeight>265<
/WinHeight>..      <StartUpPosition>1</StartUpPosition>
..      <URL>hXXp://stat.fjmjm.com/a/cpv1.html?t=20140531133640&
lt;/URL> ..      <StartUpTime>50</StartUpTime>..      &
lt;ShowInteval>0</ShowInteval>..      <AutoClose>50<
/AutoClose>..      <isShow>1</isShow>..    </Item>
;..    <Item id="3">..      <Subject>....LB</Subject>
;..      <WinWidth>300</WinWidth>..      <WinHeight>
265</WinHeight>..      <StartUpPosition>1</StartUpPosit
ion>..      <URL>hXXp://stat.fjmjm.com/a/cpv1.html?t=20140531
133640</URL>..      <StartUpTime>200</StartUpTime>..
      <ShowInteval>7200</ShowInteval>..      <AutoC
<<< skipped >>>


GET /stat.htm?id=5645354&r=http://VVV.mdtxw.org/miniindex/&lg=en-us&ntime=1401514626&repeatip=3&rtime=0&cnzz_eid=334505883-1401514626-&showp=1024x768&st=-17581&sin=none&t=undefinedundefinedundefined&rnd=1410951949 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/xinwen.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: hzs10.cnzz.com
Connection: Keep-Alive
Cookie: cna=hFgQDJQD1yMCAbhrJiZnLvFl


HTTP/1.1 200 OK
Server: Tengine/1.4.1
Date: Sat, 31 May 2014 05:37:10 GMT
Content-Type: image/gif
Content-Length: 43
Last-Modified: Tue, 28 May 2013 02:57:17 GMT
Connection: close
Accept-Ranges: bytes
GIF89a.............!.......,...........D..;..



GET /jsn/v33_sugg_ajaj_v40_3.js HTTP/1.1
Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: d.123.sogou.com
Connection: Keep-Alive
Cookie: ipt=0; SDUV=1401497012410_8083_00001; CKOR=1809_00001_00000; CKOD=9903_00000_00000; GOTO=Af22014


HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Sat, 31 May 2014 05:36:39 GMT
Content-Type: application/x-javascript
Last-Modified: Fri, 02 Aug 2013 03:01:34 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
12ba.............Z{w.........5{<."..;..Y.q...W<..;.\6.A.d.......
...VK.;...............5J.a..~-..Az...*..W.HM....j.....XJ0xt..R_. k.es.
..c.l..Y.Dz.;.......m...HUn..gJ}..k...,...z.:.3...J&n.-,6^.s..5...vS..
.`...Oc..Bw..z...T.Rz..4qm.~.N.T4...8.?`...........N.I......6....}...F
.......9....v....;q....h...A4c....V...F.....k&j..a...91#.n....x...s...
..N..`.h$M......}....?...?...=Yl..8K...................k.ZhA.o...ol.}.
..p....~n9I.. ..$.......L...w.......g....H...|f...4ADSy.(.......=^..v.
...v.'......u...gC..'*..*....#....Z......o..*.#'I#.v.....s.\>..6...
...5[c.|Vb.....l.l..k7N...._..D.....4.$l8.d...J..........m.....%.Z.F..
-...>.3...k....a.D....U... 3U...]...w........c2...(..a...VO.$I.....
....s}...M9N.q.=.....9.0..._...,.|.He....r...........>g^....u.%....
7.....DU..*..J....R'i.h%Q@.<.........%.7..%pVbO....V1'!!^..}...caj.
b\......Qv....(.i.S.."..|...a..1..........X.....l.,9n....x0..6Tg......
..S.8.36&K..hhA....U.T.J....-.'.J..i..)...l.5.v.ih..w..l...fS.y..5...7
o....i...P ..V......x.M..Z4.:[email protected]...<..|.{
X.o`!_..K.P.....a....>./...*/.|......m.X.W.!.....$...r(..4.....0|..
|.* LzF.3->..k..:.X...\.].........Q..{._....'........Q9M.........q.
..........K.....GH..I..c.U....e>.../.'=N...-......W..^Y.p.!..>].
.:.NU..GM..^o.9N.%.(GAD.v.&I...!.s.q2..F..q...."h....%...o.".M......H)
..,...(..,[email protected]|...{..*....`x.....:...A..S......r.?}....!.`.0..&..!..#
.#";.#....e3.0gG.J.=#..a.......Oz.|.q`..D.L... .z.....#..=6t.RTla)...[
Gz'B3..:...b.SZ.}#W9.W...Vi....U>.)W.g....dZ(.. ....S.j>...#
<<< skipped >>>


GET /stat.htm?id=5645354&r=http://VVV.mdtxw.org/miniindex/&lg=en-us&ntime=1401514626&repeatip=1&rtime=0&cnzz_eid=334505883-1401514626-&showp=1024x768&st=-17585&sin=none&t=undefinedundefinedundefined&rnd=1049749154 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/xinwen.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: hzs10.cnzz.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine/1.4.1
Date: Sat, 31 May 2014 05:37:07 GMT
Content-Type: image/gif
Content-Length: 43
Last-Modified: Tue, 28 May 2013 02:57:17 GMT
Connection: close
Accept-Ranges: bytes
GIF89a.............!.......,...........D..;..



GET /stat.htm?id=5645354&r=&lg=en-us&ntime=none&repeatip=0&rtime=0&cnzz_eid=334505883-1401514626-&showp=1024x768&st=0&sin=&t=undefinedundefinedundefinedundefinedundefined&rnd=1867437721 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: hzs10.cnzz.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine/1.4.1
Date: Sat, 31 May 2014 05:37:07 GMT
Content-Type: image/gif
Content-Length: 43
Last-Modified: Tue, 28 May 2013 02:57:17 GMT
Connection: close
Accept-Ranges: bytes
GIF89a.............!.......,...........D..;..



GET /kan/static/css/DD_belatedPNG_0.0.8a-min.js?t= HTTP/1.1
Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: d.123.sogoucdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Sat, 31 May 2014 05:36:35 GMT
Content-Type: application/x-javascript
Last-Modified: Tue, 27 Aug 2013 08:33:31 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
b9b.............Y.o....=...}mH....yx....vZ.p..q...P,....*I...........#
@Lrvvvv.ofW...g......Hx-...... ........UQ.emk kq.CQiA^j'..k..n.2_e....
x.kg.o......:....W.:.K[;-..v.'.(A}..8.5.D.....D..<..oW....uaO...-./
.8..e*..Q.....H.)&...*.3[.Y3._.....Y%|...R.#..9.n..JJ..f...%..Y...O.Dh
....A.id.....*..O7|n,..T.e."......d%...9.fg.e..Z...m..m..L..4O_'..>
;<.>...X...*...33N....a.7...?....a....A....J...=M..T./.'.`.y5...
.8....{.20T.P......M....UKc.g....7.&[..]y.Hyu..^.WyP....].0c...z_?&.}$
D=T.v..|.:.Zj'..tV.<f,\......cwU.....93Y.~......4"....O.8....U....!
t.l9..e..~.....F..c.:.o...\...Zh....>..kWD..F...D...._%.w...06rs.&V
./.&.y..#m.Vy../FS...b..)..g.H.%....n.,..Bs..t[}.........h.....s....B.
......~....EFZ.E..z.;...G..'.Y.qV.?....;..%:o...........n.A.....^...y.
...[R.*.`.......I.3.. .U.x2W.....J..W....B..g..*....5.s.!.^4.. `{^z...
.....h.....e.(Fc=B(..E..p.]c....R.eD...k.A:y...nd..c.Ã..z..Mr..-..:.
.L....&...W....z:7..d....d.)Gw.x..~5;..qR#..U.7.....H......{...v..)...
I..v../....G6....yV....[..Ql....>.|}...a.dnn..f..|fL...'h......*J.'
.W.d..(M. W[[email protected]_....Z.........s....#!...(c..d...&l
t;.........$.....Y...:Z..... ..y..]....K)*.O.q.C=*.$..q.Gf.....*WY....
...Z<..c.3.._`LDj....`.jDj..\0....<...xy.xN}..LK.G..5..3....5...
|.3CS...,|.6...*.d...X).....Q6.BlQ.A...}....:.W..q......ad8bc.p.......
n..;e.<L0 d....w...OG..<D....'..m....3.Q.....K=6.kK..5.....M.3..
w.Z......[....#...N\.G$F.!.KS../y.:s......[.).c..h'uc....V`...(...@...
.../..j...."..C....pB.!.....f.Px.r..[p...R.......b..]u.I%.6|.NAXs.
<<< skipped >>>

GET /imgn/v32/icon4.gif HTTP/1.1


Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: d.123.sogoucdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Sat, 31 May 2014 05:36:36 GMT
Content-Type: image/gif
Content-Length: 1506
Last-Modified: Wed, 20 Jun 2012 04:23:24 GMT
Connection: keep-alive
Accept-Ranges: bytes
GIF89a".....................v.....Cs.`}...............................
...I{.b...........................................................U..m
..r..........................M..Z.....................................
......................................................................
......................................................................
.............................mmm^^^QQQ777......!.....~.,....".......~.
...................................................................dKG
8HINi.];K.D.kUMJ[.LG`....DIa.O9c.o|z.bKL.i8p.zy{x..G..OL....'@.>w.Y
.....ox..).n..:..(.....oz...........XB.......9.3@.'...........5..H...5
....m..HNk...4.... uYR...7.....Rj./J.H..d...p....d....5.(ybi..%<..f
....Lk.4Y..M....<I..G..T2.eB%.. I.X..dI..T.R...m.6J.H...M.<?....
CR..w~...T...<F?r....v...<.Rk....D.}<..1..<9........y..9t;
z..S...B.....mU..1Ga.T.L...B...];..p.t....$r(..Oz...Ou8..$[...[d...%[ 
1@M~.0.%T ..`N.....`....5aE}..)...,P..H&YD.%E...[,[email protected]....%.`C...`...
....%..B.!x....,9..%. '.jv.A.a......y....)..}.`'..P...t.z(..4..76t.C.Y
.P..If....h...=dP...0`*........*[email protected]......)...$.Lq...&.....`@..
.p.."..A.!..B.S....)D;.....m.1L1A....n$.L...$@...>L....x..$).a(..L.
........>B........H.....(..$...A..lp.....B..4...Pp..."D ..&k.r#....
.<C...SL1...F....P.4.L7....F-.....@. 4.B&#X...#p....dp...p`..S@1E.?
..@%g..A.2....P.....4.@.'.PC.1....P.p.......z.^..!.....H2A....w.&.@.. 
L.B......&......`...BrC.f@..."....&<.)$u....g.....,[email protected][email protected];..@ 
..3Lr.?.=.`...h....,`v.).....: ...B^...,0...0..R...\b..PA.R`..xbkT
<<< skipped >>>

GET /v53/imgn/v53_bicos.gif HTTP/1.1


Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: d.123.sogoucdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Sat, 31 May 2014 05:36:36 GMT
Content-Type: image/gif
Content-Length: 826
Last-Modified: Thu, 14 Nov 2013 11:00:56 GMT
Connection: keep-alive
Accept-Ranges: bytes
GIF89aD.......Bo...v..1..;o..........f...W.......;........e...W.d.....
.........@......`..P~%[email protected]{......Z...
...W.%h.t...d................@..&z..Hv......L...\.Q~..R....6..........
..h..Ky...y..Y..Cp..a...........R.....Z.....Cr.c..........:......o....
...$m..f....&}........................................................
...............................................!....._.,....D......._.
.............@'K3@?...0 0...''@...'....0......KK.3$.;=3........'*K??G.
.CCH8........?'/[email protected]&&LLN.T@@.. .. .mXR.....7(a. 
...4>.[[email protected].)...?.n..e...4P...H...R.H......P........4..dY...'.
[email protected]......?F)..!....BX...A......1.^.... u@..,!_9..{[email protected]
....tHr..]A.~..7`....N......!J...pb..AF.L....._O..;....!]..#2...AF.H..
 .4#.~D.b%.....,.... .h..p.DP.W.......o..><0.K..{.O.@Q .;t>....


GET /v53/imgn/foot_slider.jpg HTTP/1.1


Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: d.123.sogoucdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Sat, 31 May 2014 05:36:37 GMT
Content-Type: image/jpeg
Content-Length: 322
Last-Modified: Thu, 14 Nov 2013 11:00:56 GMT
Connection: keep-alive
Accept-Ranges: bytes
......JFIF.....H.H.....C..............................................
.........          ...C................                               
                  ....................................................
....................S.................................................
........?......>....('@......... . ..@........


GET /ads_hz/_ads_2.js?t=778609 HTTP/1.1


Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: d.123.sogoucdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Sat, 31 May 2014 05:36:37 GMT
Content-Type: application/x-javascript
Last-Modified: Sat, 31 May 2014 05:00:03 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
d48.............Y.o.F.. ....J.H.aI4.8...h..&..p...W.c.dI..l...7.|.u...
.%>fwg...fv....<..H....T...}'...>B....e.....:../.7N.7...sU.7z
..O...../...V..x.^.(..q|.pg.f.k.l.&\]imf'n.tz6k....'..c.V..&A.3.n.<
~....<."_....[-.q....Wn.A,....D_.Y>eL..cO.J.M.y..*DY....rK...._.
r.1..:..Jml.2...7. ..b....,...L{zb.sG...~uQ..t.*n.....~..\>.W...K.T
.J......*!.../..../O...>.T...7?h.......Ri(.z....k.F.F.0...U..7.....
.<..9W{...Y....k=.SB.p.2..i....,..5@\..{.....paJ.A.i...[h6...._3...
.-..#|.j...<..Ga.z.].4.Sq...4wJ.a.......#.....#$.R...u.f.....&i....
..^.-...J..|.py5.=y.zw..m..V...y.......X../.#p9....1...... .^5..n.<
Z.=a.....T...D.w..i.,..\..k....^..J.n....T.#?_...no.m9z......~..?/T6e.
.,...x,G.Z[).r.P..l=..T5:[8..a.......m....~_...V~.n:.S*. A.T......{.v.
n.M...u...Sn Q.e...._....n......w!..'....}...J.u.y.=..N8...j.Vp4l..Y..
.......V..7Dp.s.-..~....s....."....R.r7.s0....=.k;..f.*.U..6_....0~..@
M.M...v..7..OMR.Ze.........o.y.......jW7OO...1^.S...F.u..'...0...C....
.V..'6.|.i..........Q.L.V P.i.:..E..R.|R...\x...L....AtG.{.....z..!'. 
...q..s7.i.......0..:.2'.f."..}[email protected]
n.{.....6C.c......Sy......h.3.]............7...:[email protected]..._|...H;.4.#
.o....!...I..a.....\......g..([email protected]>K.,.l..fH
........r....U...>.#..7<s.w~..#..NC..@.....,..^.,......6&.......
vl...5f.....x..4fB.\..d...r_}..|....w.."[email protected]:P.U.
.B(Nx......#g....j....9.o....i..6{"... .V...l...^z.u.....[.Q.F0...}..X
.6....../W....OO.{..n...:...O....z./.K...B.%#...?}..9:.g_.<Wd..
<<< skipped >>>

GET /v53/imgn/guide_tip.png HTTP/1.1


Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: d.123.sogoucdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Sat, 31 May 2014 05:36:46 GMT
Content-Type: image/png
Content-Length: 10442
Last-Modified: Thu, 14 Nov 2013 11:00:56 GMT
Connection: keep-alive
Accept-Ranges: bytes
.PNG........IHDR.......J.......D.....tEXtSoftware.Adobe ImageReadyq.e&
lt;...$iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.0-c061 64.140949, 2010/12/07-10:57:01        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CS5.1 Macintosh" xmpMM:InstanceID="xmp.iid:CEC0416D02FB11E388CB8B
2E3040A42A" xmpMM:DocumentID="xmp.did:CEC0416E02FB11E388CB8B2E3040A42A
"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:CEC0416B02FB11E3
88CB8B2E3040A42A" stRef:documentID="xmp.did:CEC0416C02FB11E388CB8B2E30
40A42A"/> </rdf:Description> </rdf:RDF> </x:xmpmeta&
gt; <?xpacket end="r"?>.Z....%<IDATx..].....&.(..."...ky.....
.f...7..........W@%.`..@A.*(...P..;K......E|..;g.....?[....>.<..
...........i......h-....@_~.. _&.2%...<..........k......w.d./.....U
 8..r./=|..9.{.P .IT.r.J.b].|...3|....../7....]1..=?..M]Y.f.....n...7l
.:w......Vk?.gkk 8.z..........ps...^p........P-....Z..._.6l.....KWWW.j
jj...........Q..P.~.|..Y..O......... .}...GI...3k..#......KS.....n..r.
rm..../.....'JUUU..aIT....V......4...]P.......M.....Y..xju6...2...|.o3
......?...>X\..V[[......}(//........o.CEM...f.N..Z.....O. ..7hU.qC=
p&/........@.|'gA.1.>.$....{@t..P...um..A..8..].v.;..D.b.]..ss.
<<< skipped >>>


GET /miniindex/ HTTP/1.1
User-Agent: hello crazyk
Host: VVV.mdtxw.org


HTTP/1.1 200 OK
Content-Length: 10093
Content-Type: text/html
Content-Location: hXXp://VVV.mdtxw.org/miniindex/index.html
Last-Modified: Thu, 22 May 2014 11:22:12 GMT
Accept-Ranges: bytes
ETag: "684ac813b075cf1:416"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 05:36:59 GMT
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "htt
p://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xm
lns="hXXp://VVV.w3.org/1999/xhtml">...<head>....<meta http
-equiv="Content-Type" content="text/html; charset=gb2312">....<m
eta http-equiv="Cache-Control" content="no-cache">....<meta name
="robots" content="noindex, nofollow,nosnippet,noarchive,noodp">...
.<title>..........</title>....<link href="inc/stylemini
.css" rel="stylesheet" type="text/css">....<script src="inc/jque
ry-1.7.2.min.js" type="text/javascript"></script>....<base
 target="_blank">..<script type="text/javascript"> ..<!-- 
..//..........//document.oncontextmenu=function(e){return false;}..//.
...........var cusi=0;..var tiaozuan=1;..var timer;..//..............v
ar bq_array = new Array();..//........,....id,........url,............
(1....,..............class) ......url ......bq_array.push(["....","0",
"","0","","0"]);..bq_array.push(["....","105","hXXp://VVV.jgtj.com.cn/
ll","0","xinwen.htm","0"]);..bq_array.push(["....","101","hXXp://VVV.j
gtj.com.cn/ll","0","nvxing_509_366.htm","0"]);..bq_array.push(["....",
"102","hXXp://VVV.jgtj.com.cn/ll","0","lieqi_509_366.htm","0"]);..bq_a
rray.push(["....","100","hXXp://VVV.jgtj.com.cn/ll","0","shehui_509_36
6.htm","0"]);..bq_array.push(["....","120","hXXp://VVV.jgtj.com.cn/ll"
,"0","jiankang_509_366.htm","0"]);..bq_array.push(["....","130","http:
//VVV.jgtj.com.cn/ll","0","meinv.htm","0"]);..bq_array.push(["....
<<< skipped >>>


GET /core.php?web_id=5645354&t=z HTTP/1.1
Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/xinwen.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: c.cnzz.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine
Date: Sat, 31 May 2014 05:37:07 GMT
Content-Type: application/javascript
Content-Length: 798
Connection: keep-alive
Last-Modified: Sat, 31 May 2014 05:37:07 GMT
Expires: Sat, 31 May 2014 05:52:07 GMT
!function(){var a,b,c,d=encodeURIComponent,e="5645354",f="",g="",h="on
line_v3.php",i="z12.cnzz.com",j="1",k="text",l="z",m="站长
统计",n=window["_CNZZDbridge_" e].bobject,o="https:"==docu
ment.location.protocol?"https:":"http:",p="0",q=o "//online.cnzz.com/o
nline/" h,r=[];r.push("id=" e),r.push("h=" i),r.push("on=" d(g)),r.pus
h("s=" d(f)),q ="?" r.join("&"),"0"===p&&n.callRequest([o "//cnzz.mmst
at.com/9.gif?abc=1"]),j&&(""!==g?n.createScriptIcon(q,"utf-8"):(b="z"=
=l?"hXXp://VVV.cnzz.com/stat/website.php?web_id=" e:"hXXp://quanjing.c
nzz.com","pic"===k?(c=o "//icon.cnzz.com/img/" f ".gif",a="<a href=
'" b "' target=_blank title='" m "'><img border=0 hspace=0 vspac
e=0 src='" c "'></a>"):a="<a href='" b "' target=_blank ti
tle='" m "'>" m "</a>",n.createIcon([a])))}();.....



GET /material/d7/4/a9ac5ed3b828895d94097c8c6faba.jpg HTTP/1.1
Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/shehui_509_366.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cache.adm.cnzz.net
Connection: Keep-Alive


HTTP/1.1 302 Moved Temporarily
Server: Tengine
Date: Sat, 31 May 2014 05:37:05 GMT
Content-Type: text/html
Content-Length: 266
Connection: keep-alive
Location: hXXp://cache.adm.cnzz.net/noname.gif
X-Cache: MISS TCP_REFRESH_MISS dirn:-2:-2
Via: e736461d.cn12
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">..<html>
..<head><title>302 Found</title></head>..<b
ody bgcolor="white">..<h1>302 Found</h1>..<p>The 
requested resource resides temporarily under a different URI.</p>
;..<hr/>Powered by Tengine/1.4.2..</body>..</html>..
...



GET /imgu/2014/05/20140526163446_912.jpg HTTP/1.1
Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: p1.123.sogoucdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Sat, 31 May 2014 05:36:47 GMT
Content-Type: image/jpeg
Content-Length: 5654
Last-Modified: Mon, 26 May 2014 08:34:46 GMT
Connection: keep-alive
Expires: Mon, 30 Jun 2014 05:36:47 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
......JFIF.............0Exif..II*.......1...............VVV.meitu.com.
...C..................................................................
..C...................................................................
....=._...............................................................
}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUV
WXYZcdefghijstuvwxyz..................................................
......................................................................
......w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFG
HIJSTUVWXYZcdefghijstuvwxyz...........................................
.........................................?..........|f...Yl..;av...zW.
...KC.....}..W.?.........'.....GN.".....VF..Xdn.\.L......|......=.7~/~
.../...Z..w...m....,..]...\|....?..Z.......z..T...<....Q_.s.o......
N.<7u..nSEW......o>....`14....WU-m...T o........_....M.mm.>.|
.S~.....bl<g?.Q].]Y........kH..J...M0.../7f.....k.x..k..o.........5
.g.l.K.e~|....q.*.Silz.xmr.....>7...&.&7.q..Y.....<.q....r...I.W
......N...;.a.W.........T...X...5..C..mc#/>..X...Mr....7........^..
.|......:...'.}.M.h.....:Ao.....aq...-f....!Qsy3.yF>.?i*o.u..~=..._
...M........Vo.0.h...P.*..P..v4..Pv.O..$...P....v......~L*[email protected]
.ot...C.:....2n...dsz..t...:.n.^x.i.6.70HQ.....G .V..*.i..]:..U..(..M9
qo.n<D.`{.Z7s..........-...-..!.P.g$....k....p4...;[email protected]
..>.....mkK. 2..tRF......_.[.....$....<<).*.H..h..''.........
. ..v..-n.ll<s...d.V..mB......I...Y.S..../....?.__4y..SW..>h
<<< skipped >>>


GET /imgn/v32/skin3.gif HTTP/1.1
Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: p0.123.sogoucdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Sat, 31 May 2014 05:36:37 GMT
Content-Type: image/gif
Content-Length: 4159
Last-Modified: Wed, 20 Jun 2012 04:23:24 GMT
Connection: keep-alive
Expires: Mon, 30 Jun 2014 05:36:37 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
GIF89a..h..........R..J..Bs.S................r.....qq}a...............
........n..~..|..m..l..l..x..k..v..t..i..s.xa..n..l..k.ua..i..h..i.~f.
r`....wd.xd....rb....pa.nb.rf.vm.xp.xp}OJ..........l`.mb.pe.od.oe.wl.x
n.qg.~t.sj.sj.tk..|..}....SM.vn............wMIuLH.|v.}wmJG.......~yeHE
..|..................................................................H
??....................................................................
......................................................................
......................................................................
.................|||{{{zzzyyyxxxtttsssrrrpppmmmlllkkkjjj<<<..
......................................................................
......................................................................
....................!.......,......h........H......*\.......H.H.....3j
.....I.BJ......(S.\.....0].IdI.$K...T...O.....JTh.dH.*EZ..O....%j....J
.@1.....{[email protected].=;..].VA.8p..ms....x.5m../..;8.......u.........#[...N!
F.......g....&L.`2....T.....;vd.L8L./..g.......)..s.....]..=P......F}W
.@..)....v\4=bs..}w...J|._.>.r...?..].t.......B..)T.].n....g....B.&
....'!d....2.=W.2.Q..2.Y`...x....\(..I.....1.....`...L...s|...@R......
.|p...].2.Bl L...#8...l<.[.e..C.o.W..6.&..2.....E....U....).ZS!....
".p....%F.;[email protected]...^..........H..D....C.....B
u.bj ......b..d.......l.k...0F......8|Z...R.k.........A.sf...u6...wN[m
.;9..TS.u.VJ5..O..k.i.......$...............p..G,....j...g....w... ..q
...l..(..r.$_.qM .4.'1..J.6..r.pb<J*..<.-.............I.<
<<< skipped >>>

GET /imgn/v32/titlebg.png HTTP/1.1


Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: p0.123.sogoucdn.com
Connection: Keep-Alive



L.-...=.t....?.A...sn..[N{.........4....54.G=j.CZ.<...g.\UgW...m...
.9.V...5.C].E{..;vtuM1lbO..Gv...M.H...... ..k.:..R.w..M.r.........ls..
..F...|.k.[.H.w...k`w........n .........oT.Z......-..n;........o.y..%.
[email protected]..].. ...V..a...b\.....7..Lo..8....q.5.;.........K...N9.mm
.....v.z.w..`/]..f......V..8o..%mo.....W...1..k..[.z.1L...}...v..^....
.eN7........f.....n^.....{..nku3>.....=..6G......MAwB.......gO{Bl..
H.}.o.{....../.tO{..........f.........O...b..7....}.?....>..._...^.
................O...b..6......g...'............~..~.x........8.....x..
x..0[............$X....(..*..,.....0..28.4X.6x.8..:..<..*[email protected]
.F.W...J..L..N...E..0.TX.Vx.X..Z..Zx.....e.b.Z_..cx..U[.1....n..p..r8.
[email protected]..|..~.......^....x..........u......qx..e..x......Z........_
.(..X..x_.....`..........h..H.......t.........(a}0..X.u8.66a....Xc/...
...H.....h............."..t........[.....}...8aJF.uh.z...h...d...B....
..x.p.h...~.........).V&.s...x.p.q.x...e...>&.....8.}V......h.X..i.
......r(.nH.1I...l................=V.......D..?.j0Y...g....y.@..*.....
.(.U).;..(y.C.c*..>[email protected]..{..f
y..Xnk..m.q....H.uy..Y.|i..(.~.. .........9.}.....l......9.v.r$w._y...
....#G.....h..i....8..R9.OV......vi..%I.B.....D..I..aY.c...I.g7..(....
.......:......).....9..Y.......s7....2...Y...z.w.X......(....x..Cy....
...~.....R).s..V).....)..j..............G..i..8...z....8..g..h....0j.8
Z.:..A:......|>....~.g.........~J..X... .BJ.VJ~]J...~...YJ.....(...
........g.g..


GET /imgn/v32/titlebg.png HTTP/1.1


Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: p0.123.sogoucdn.com
Connection: Keep-Alive



L.-...=.t....?.A...sn..[N{.........4....54.G=j.CZ.<...g.\UgW...m...
.9.V...5.C].E{..;vtuM1lbO..Gv...M.H...... ..k.:..R.w..M.r.........ls..
..F...|.k.[.H.w...k`w........n .........oT.Z......-..n;........o.y..%.
[email protected]..].. ...V..a...b\.....7..Lo..8....q.5.;.........K...N9.mm
.....v.z.w..`/]..f......V..8o..%mo.....W...1..k..[.z.1L...}...v..^....
.eN7........f.....n^.....{..nku3>.....=..6G......MAwB.......gO{Bl..
H.}.o.{....../.tO{..........f.........O...b..7....}.?....>..._...^.
................O...b..6......g...'............~..~.x........8.....x..
x..0[............$X....(..*..,.....0..28.4X.6x.8..:..<..*[email protected]
.F.W...J..L..N...E..0.TX.Vx.X..Z..Zx.....e.b.Z_..cx..U[.1....n..p..r8.
[email protected]..|..~.......^....x..........u......qx..e..x......Z........_
.(..X..x_.....`..........h..H.......t.........(a}0..X.u8.66a....Xc/...
...H.....h............."..t........[.....}...8aJF.uh.z...h...d...B....
..x.p.h...~.........).V&.s...x.p.q.x...e...>&.....8.}V......h.X..i.
......r(.nH.1I...l................=V.......D..?.j0Y...g....y.@..*.....
.(.U).;..(y.C.c*..>[email protected]..{..f
y..Xnk..m.q....H.uy..Y.|i..(.~.. .........9.}.....l......9.v.r$w._y...
....#G.....h..i....8..R9.OV......vi..%I.B.....D..I..aY.c...I.g7..(....
.......:......).....9..Y.......s7....2...Y...z.w.X......(....x..Cy....
...~.....R).s..V).....)..j..............G..i..8...z....8..g..h....0j.8
Z.:..A:......|>....~.g.........~J..X... .BJ.VJ~]J...~...YJ.....(...
........g.gHTTP/1.1 200 OK..Server: nginx/1.4.1..Date: Sat, 31 May
<<< skipped >>>

GET /u/js/ufo2.js HTTP/1.1


Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: p0.123.sogoucdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Sat, 31 May 2014 05:36:41 GMT
Content-Type: application/x-javascript
Last-Modified: Tue, 06 Nov 2012 08:12:45 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Sat, 07 Jun 2014 05:36:41 GMT
Cache-Control: max-age=604800
Content-Encoding: gzip
600a...............v.G....<.....X.D.={...m.....MK.v7I{.R.A.......&l
t;.y..d.......!.g.Y..ZDU.=#.......]..M.|.....o.O..^..=\\.m..b9y4......
{...j.o...t1o..A.6>..G...}._....O.g....e..Y....e.x...W.....j...M.[.
...Yw..]..../{...b......n.;x..../F..w.%.G.Y.m....a.`.^.....l~S4.?:j...
...7..Y.U6[..n.=).......f]6..1..io1...../.I.u.^...u.mc..).....{..g =..
..f6k..o.`t.hPa.;.u.n....9j..............3.......u{w....4.J.....]X.Q..
.NK{<^,....|..f...Q.4.<.nOW_]]...0.(..f.dp.j.....t~S....f..h.e.h
.(..&.....y... {..g.....f.........f.?.6.([email protected]..[...
.*[email protected][email protected]>N.............l.wE?u%....l....Y...>u.W.
~.9.T0..G..........g.;(..js.Og..8a......V.W..`;.......?_.........a.q..
...*[email protected]..~5 ..u..<h...d}....4....u..J
p:.v...0...xhx..........9h.<>.........P5.!-...e..v..WM.K.Eg(....
0.n..W_.QN.v...}.e1f.....*&.aP.[.yw.._.. ..3...r].Mhr>...$|.6.....S
N.G..E.=.y..;.=).G...[0.Zm.G#.`X..........y...?.O.v..4o..M.... ..MGc..
>B...fV......<....~o_..IY/.........]....C.0....2..aN........w...
.w..n.n....u.|}5....b^..L....?x.>...h#.lY...&..V.c#...o. ..k?....vK
#.....l....^.`..0..t./..u.vS.H}.e....&v....m....02\.b?v.".......... .W
.0......=z..p9...0..k..~....Z...\.W...N.i....."?5.3..p.....m....t^....
e....V'5c...|..|6.nb..W?9....,[;.\....K......F..8`...~.p...cq"....N..=
.C.<j....x.S<.....C."^..g.C;w.}D,......Q..`....V|h..._.w..N....0
.%..?.S....|.R}..........1......t<~29...A.N.g.....Z......H.....Ec1.
....^s_..<....[.7{...!.....u2.... ...b8.A1.B8-...]._7.Z5.0.....
<<< skipped >>>

GET /imgu/2014/05/20140526163242_997.jpg HTTP/1.1


Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: p0.123.sogoucdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Sat, 31 May 2014 05:36:47 GMT
Content-Type: image/jpeg
Content-Length: 6150
Last-Modified: Mon, 26 May 2014 08:32:42 GMT
Connection: keep-alive
Expires: Mon, 30 Jun 2014 05:36:47 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
......JFIF.............0Exif..II*.......1...............VVV.meitu.com.
...C..................................................................
..C...................................................................
....=._...............................................................
}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUV
WXYZcdefghijstuvwxyz..................................................
......................................................................
......w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFG
HIJSTUVWXYZcdefghijstuvwxyz...........................................
.........................................?........WX.g.......]=.%.._..
........jTc.7a6.d..>..`..kK...o~.....!kI............a.e.......x,}:|
....1..2....j .W_12..........x#....2. :....%uJV.g.u....z.......[`.#Z..
...1.?.uC.BiJ2_y.(TI.E.... ......./......o.k.&...^.../.... ...$....%.H
Q.s...'k.z...\...J.y..o....=gM...k.h.BkK.t..P.........y..N....RWG...W.
..........Y....................G...~.fet.{.^....o.x..M...,.<.".....
....J..89[bcR.J/............?...>/.K...Vp.....N.....|.m<........
l.=....W.....>.1...\...Z.{.......!....X_..7W.o.....z;......\.'`#..}
..)...c. .q.....?....].Z.wh...B..m.G..W.........g..........~} .s..k(..
.....K..Q....g..)....:F.m..Q@...)..O...........N....|.1.8...>.. ...
..z..........O"B..:ds...s_I..X.U...'...L..:ma......n.....g.'.>(|,.D
.....5=*..K=...B..%.$....Vj..k.....y.J.1t.)9[.S...'.u......._..g.M.muM
>8....M........oj.3&..^..;..f4~......_......[L......h.....c...I
<<< skipped >>>

GET /imgu/2014/05/20140526170756_638.jpg HTTP/1.1


Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: p0.123.sogoucdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Sat, 31 May 2014 05:36:47 GMT
Content-Type: image/jpeg
Content-Length: 5409
Last-Modified: Mon, 26 May 2014 09:07:56 GMT
Connection: keep-alive
Expires: Mon, 30 Jun 2014 05:36:47 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
......JFIF.............0Exif..II*.......1...............VVV.meitu.com.
...C..................................................................
..C...................................................................
....=._...............................................................
}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUV
WXYZcdefghijstuvwxyz..................................................
......................................................................
......w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFG
HIJSTUVWXYZcdefghijstuvwxyz...........................................
.........................................?....x@..........'_.H. .#S...
/....;6......O...1...c...;q3..k..j~g*2N{..z.....).|..f.Tpi...I..^ho..-
.....5..eo.i:.6v...^I,e.cnw6.[.p..5...<5.'.f...u.]TI7..v.......k.L^
"....u... .d..|.......G8$.^..<......QQ..G.G._..C.......<.~..K..K
......JD.W3I.......g'......Th..CyN.......8!...).........x.V..H...l...(
9.k.....8\.-.....2j..J....19.>.I..2qw9(>[email protected].=74U.tK....v
...hs...o|s.KgC}.7..'..R.$......I6R>..{[email protected]...
.</...[...$.1.$\0?.Z..H.].t.^....ec.r............! ...O.|%.>0D..
..."l..z`T...(a.);..VwG..x/........,...4.c,...H......X.n*/.EI]..I....7
k.;._J.m>..h>....mR.<qjl...............Z.....\.x..>.p.G/.J
./..}O;.</..S...]...Z._.........N.lQ.#..D....M{.qY. ..e....e/.Z.Nin
..G.......4...>p....t.Y.4..o..<6.8...O...._.ay.I:.7.....|.Y..q..
.2.kg.H.G...).. ..#.N...~...& .J..PF\D..FQ....'c........M<..i..
<<< skipped >>>


GET /favicon.ico HTTP/1.1
Accept: */*
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Pragma: no-cache
Cache-Control: no-cache
Connection: Close
Host: VVV.fjmjm.com


HTTP/1.1 404 Not Found
Content-Length: 83
Content-Type: text/html
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 05:36:35 GMT
Connection: close
<html><head><title>Error</title></head>&
lt;body>........................</body></html>..



GET /imgn/v51/new-erweima2.png HTTP/1.1
Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: p3.123.sogoucdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Sat, 31 May 2014 05:36:38 GMT
Content-Type: image/png
Content-Length: 18683
Last-Modified: Mon, 08 Jul 2013 10:16:12 GMT
Connection: keep-alive
Expires: Mon, 30 Jun 2014 05:36:38 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
.PNG........IHDR...,...,........"..H.IDATx....x.U..'.R.D.Q....*...]A.;
".".... 5$.%....I.=....^............?.I\2w.,......'..\....;..s....D...
...H.!.D..H$..D".I$.AH"..$.. $..B.... ...tuu..lcc..=.....}.6v.....S.wb
aa..Dv..[$.|..!.=..9.....d....;......[?w..M..'.l....[.....d.....U.. $.
.B.. $..B.. $..B.. $..B.. $......AH..!|....t.....:.?......c........gi.
....:::.s.p........{^.j.....~X..B1!...g..|.r.9..;W........J......yx>
;>>.sdB.....T..I.bgm.......~.Mu......V.....j....P4.d.........4n.
MEK..1...5.tjjj............O^.h.....F.<..:...!AH....!AH....!AH....!
A.~......yE.H.....!Ax..v..d..............j....U....*.%x..{d:.:.B.._vv.
........."l..$.......OSS...g....y..'......l......rrr..z.@(..3..T<.]
.B......!CT.Ph.d.U. ...2....,.p.....@$::Z.........x.T<A<..!AH...
[email protected].........(.....,l.k.
...7z..N.P^....O.....2R.!.qGA(..$.;.Y.........w[...C........l.qI....,!
AH....!AH.>x..t.@(..!Te%aGA...".....!..QY..Z....5..d....%$..B.. $..
B....N..[o.....^b6.>|.(.._..K?..#[email protected]...={V..
......VVV2/..o.).AOO.y....#?.}l.;Y.V. ...=L._...bqL'..Q*.W..3......J%.
..(AH....!AH....!AH....!AH....!A.i.".....i....G.yDx.......f.....m.....
[email protected].......]]]...N.y...P.ekx.T|P........B.....LK...
......X.....~...b......!AH....!AH....!AH....!AH....!AH....6.C....s...*
....k......2...7O....Lu.?....,..9Sx..b.tv...P.C.F...c....7..y......6l.
6...e6f..|....c(...N~P.F'A.E..A.X..:.(....'T*[email protected]..]G.!AH....!AH.
...!AH....!AH........n..<W.c...c.....&..w1.....{V....;.= .)hjjz
<<< skipped >>>

GET /imgn/sehome/tjv1/new-ico.png HTTP/1.1


Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: p3.123.sogoucdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Sat, 31 May 2014 05:36:47 GMT
Content-Type: image/png
Content-Length: 211
Last-Modified: Mon, 28 Jan 2013 11:52:04 GMT
Connection: keep-alive
Expires: Mon, 30 Jun 2014 05:36:47 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
.PNG........IHDR.............&P......sBIT.....O.....PLTE...???.Mv.....
tRNS..[.".....pHYs.........B.4.....tEXtCreation Time.12/28/12...5....t
EXtSoftware.Adobe FireworksO..N....IDAT..c` .H..!...2.1_.......IEND.B`
.....


GET /imgn/v51/i-ico-2b.png HTTP/1.1


Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: p3.123.sogoucdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Sat, 31 May 2014 05:36:47 GMT
Content-Type: image/png
Content-Length: 2337
Last-Modified: Thu, 30 May 2013 07:28:54 GMT
Connection: keep-alive
Expires: Mon, 30 Jun 2014 05:36:47 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
.PNG........IHDR..._...X......I M....sBIT....|.d.....pHYs.........B.4.
....tEXtSoftware.Adobe FireworksO..N....tEXtCreation Time.12/28/12...5
...}IDATx...{l[...?..y4MH.'$kIXJIE.H.^K.2...d06p.44.m.4..tb....m...ib.
.aM.....Tk......#{....P......m.&n..}}...ul...~..J.G..{..]..=?...>..
.HlA.......F..6"...K....^lG.#.#_6@..)...(.9.|...#g..E9...,Gr._._\,././
>.rm.6.$.F..6"...)..H.m..........,G2.5[...w...0.. .UX..pi.....O...;
%.sI.V..?~.}.e.#3.Q}..B..W.L..I}..}....4.4..{..k73....5"_.A.h(..PH..&l
t;J..O(.vv.a*.c.n..5.H.5.. ..U.m5.e8.....r....._.....A.5.._.s...eJHc.c
.%uv..@|..^!....0.XC.|:\Y2G."..............F..&.-._......T.qel.4...~r.
..o......$..gI. ..=.K*S/...v.\./......o...~..jv...n)|.d=.R......:.....
(.3=...C)|..g.lD.j..........y......-..p...,.C_....Y......P.....;...:p.
..@{.~..u...[3Up..M........&...V.Y:..N..`66.......,.....J.....'R......
6.........)....c..K.../..........)..s[.r.h...)N.U .......F9=.d..*>.
..l.q.}....A....0....../V......3.wy|..........q:.....s.w.'.r. .C..wh|.
..K...g...e...3.H...].<......].Iu.....x...f..{......7"......;......
.....k...`=..D.:.7.fu.....T......`r:...Yy.... .1....a^...o......A.cJL.
.....}.4c...oIT.9...!........k.....U....a&....H..][email protected]..
.$.....R'.}.#._N)....8.|..L..<pON9....F.....j*....`|j.....y].......
..h..p'..y...O.....$.X........~......S....:.yF~"o.7.$x"......2..Ss~.t.
...B.......l.&.[....s$..4.#....W.....ho^..........T.c.K ....&./"..)../
.}...h..!^ "u.r..j....G....E./Mg...$..LF; .>_.......9.~DZ1..<.&l
t;gb.......6...e..3..TA....-.F.>..==.....o.p......J.<..nG.%.
<<< skipped >>>


GET / HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: VVV.jlbnh.com
Connection: Keep-Alive


HTTP/1.1 302 Redirect
Content-Length: 150
Content-Type: text/html
Location: hXXp://123.sogou.com/?22014
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 05:36:32 GMT
<head><title>Document Moved</title></head>.<
;body><h1>Object Moved</h1>This document may be found &
lt;a HREF="hXXp://123.sogou.com/?22014">here</a></body>
..



GET /imgn/123ie/setting_icon.gif HTTP/1.1
Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: p6.123.sogoucdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Sat, 31 May 2014 05:36:37 GMT
Content-Type: image/gif
Content-Length: 76
Last-Modified: Wed, 25 Jul 2012 09:14:49 GMT
Connection: keep-alive
Expires: Mon, 30 Jun 2014 05:36:37 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
GIF89a.............#.....!.......,.............".8....=h%v..n!.....y.h
.....;HTTP/1.1 200 OK..Server: nginx/1.4.1..Date: Sat, 31 May 2014 05:
36:37 GMT..Content-Type: image/gif..Content-Length: 76..Last-Modified:
 Wed, 25 Jul 2012 09:14:49 GMT..Connection: keep-alive..Expires: Mon, 
30 Jun 2014 05:36:37 GMT..Cache-Control: max-age=2592000..Accept-Range
s: bytes..GIF89a.............#.....!.......,.............".8....=h%v..
n!.....y.h.....;..



GET /imgu/2013/05/20130531144119_126.png HTTP/1.1
Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: p2.123.sogoucdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Sat, 31 May 2014 05:36:37 GMT
Content-Type: image/png
Content-Length: 13613
Last-Modified: Fri, 31 May 2013 06:41:19 GMT
Connection: keep-alive
Expires: Mon, 30 Jun 2014 05:36:37 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
.PNG........IHDR.......2.............pHYs................MiCCPPhotosho
p ICC profile..x..SwX...>..e.VB....l.."#[email protected]..
..H....(.gA..Z.U\8.....}z............y.....&...j.9R.<:...OH......H.
. ....g......yx~t.?...o...p..$......P&W. ...".....R...T.......S.d.....
ly|B"......I>..................(G$.@..`U.R,......@"......Y.2G.....v
.X..@`...B,.. 8..C.... L..0...._p..H.......K.3.....w....!..l.Ba.).f.."
...#.H..L.........8?......f.l.....k.o">!.........N..._....p...u.k.[
..V.h..][email protected].<......%b..0..>[email protected].@...
...qanv.R....B1n..#......)..4.\,...X..P"M.y.R.D!......2......w....O.N.
...l.~.....X.v.@~.-......g42y.......@ ...........\...L....D..*.A......
........a.D@.$.<.B........A.T.:.............18....\..p..`........A.
..a!:..b.."......"aH4... ...Q"..r...Bj.]H#.-r.9.\@.... 2....G1...Q...u
@.......s.t4.]...k....=.....K.ut.}..c..1.f..a\..E`.X.&..c.X5V.5c.X7v..
..a..$......^...l...GXLXC.%.#....W...1.'"..O.%z...xb:..XF.&.!.!.%^'.._
.H$....N.!%.2I.IkH.H-.S.>..i.L&..m....... ......O.......:...L..$R..
.J5e?....2B...Q.......:.ZIm.vP/S...4u.%...C..-....igi.h/.t.....E....k.
......w......Hb(.k.{...../.L......T0.2..g...oUX*.*|.....:.V.~...TUsU?.
y..T.U..^V}.FU.P.........U..6..RwR.P.Q_.._...c....F..H.Tc....!..2e.XB.
rV..,k.Mb[...Lv...v/{LSCs.f.f.f..q.......9..J.!...{-.-?-..j.f.~.7.z...
b.r......up.@.,..:m:.u..6.Q....u..>.c.y.........G.m..........704.6.
.l18c...c.k.i........h...h..I.'.&..g.5x.>f.o.b.4.e.k<abi2.......
)..k.f....t...,.......9..k.a........E..J.6.....|...M....V>VyV.V
<<< skipped >>>


GET /?22014 HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: 123.sogou.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Sat, 31 May 2014 05:36:34 GMT
Content-Type: text/html; charset=gbk
Transfer-Encoding: chunked
Connection: keep-alive
P3P: CP="NON DSP COR CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa CONa HISa TELa OTPa OUR UNRa IND UNI COM NAV INT DEM CNT PRELOC"
Content-Encoding: gzip
90e7................\.u7...gb!..=.....5....."...v..E..z...d...'..6...B
B...!!.......8vB.8....'~..9....u.$......uOU.:......_...}O........L<
........HNO.#.ozz.....|....KdR...=..o.......>..Db.>.t......Rk.T.
W.~.k.G.V.^......TeP.X~.....SY~x..4..k7O.....S'....s?z.G..._]....../..
.s.>.I&.K.;..0U......>.r...0.&.#.....7...I......Qj...r.=p....G.,
.h....}...Dbz9..>.6..z.|s...L....u..w.K..........4....uz.....<..
=.&8....?.../w^<{.?.|y..n^......pg../...g/.p..O..t.._^......<...
........GSg..:1u.W.N^....S....K......7G1.../..]ZG{..^.(..p....|..['.&l
t;..w'.V.>....z..4.c..z...c..q...{...O... .......><......;...
............s?|...........?{.go...o. ...~...=................k..$....[
'.=..h6. ...\.h`9'...[]..n......:..s...H..n1... .(....$C[~X.%.....>
..:....W.^.?.,mN.2..mw-..4.sW....n..ikq...t.R...Rz..i...._H&.5..G.$f..
.f...D.. /)...4.. m"....=.......~.z..b.%Z.<......tj.I......n...7.sr
.^.-8.j....*..Tm....A.[,........Z.6K....ni..y.....8.Zm.j.F.S..a{...!.]
iT.$.....MW,../.5.\.T....as.......].=U.L..S..Tw.}NU;..T......n.-..:..S
xe0UiNU*Snk...j..B.{t..T*.v.>o9...,A....v..n9..N..[..U.o..=Yq......
.....r.uz.....5l&...f.?H.D..b..q..M.:..gS,.2...f..G..k...-'.s SN..oM.E
....Y...m<.....U.'../hQj.]..}.r.V........i.-B.f.)..z...0Y.....a....
..g!....=f........I..{tav.....76..L.X.Ab.k..F...%.Rms.Q...2....%..<
.[..W..(.)...:..L.h..i6*..R....j4N....s4.N.....W^..<P..Ni.Is...$...
..A........]".......-. j..<&mv-...A.l.G?..M....Z.:..:m.o.j.........
...|....Ws...J..K..C...N..v]g.G.......4.....Pjv. [email protected]..
<<< skipped >>>

GET /v53/jsn/v53_123n.js?V=11 HTTP/1.1


Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: 123.sogou.com
Connection: Keep-Alive
Cookie: ipt=0


HTTP/1.1 200 OK
Server: nginx
Date: Sat, 31 May 2014 05:36:37 GMT
Content-Type: application/x-javascript; charset=gbk
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 29 May 2014 10:53:58 GMT
Expires: Tue, 03 Jun 2014 01:20:50 GMT
Cache-Control: max-age=259200
Content-Encoding: gzip
5240..............y.[.u/.U.....O.1.D.MQR.w%K...V^...p..6p...t.......x.
...vd'.D.....DR.)...%..%rr....N......vU..@.....{Kb.N...vU...k.]......7
....^:..U...]m..........k.=Z.;.......|..T.;.u....^s.....zo.T.......Q..
.|v.....<~...]..wO<ne..f...Og.FN0.ys.z.w............_=s.._......
.#...k...........]..v.f.t".............uAV....puqq.t.H.6....]......e..
Ck....t3L.v..M..`.....fg....5....=.........n9#.....6].......;Nu!...vz.
 K]...P..5...a......N..A......;4M...#.....[.Lv...oo..L0.U.....*...-...
...o#.Q.f.v.D[V.Xlv..}q..Q.;.G.....2X.g.9.../...m.k.......e....:ZW...?
.Y..zx.............w.:...j..Y.-.5....|..#.......%..k....,Vr.;..;..\.c.
.....k..F.1l..`T...1..._.:..Y3.4....H....]....9..mqdA...AOL,......].n.
.......K2.L.l.[........=.,.R.Aw<.T.R...`.d...A..Y....R..bf....[..Y.
Q;g..f4.?U.`....E...H.; =.l..Cw.=k.4......HC...$.>...,.8...M......x
.|.e[='X..t.a....m.N.F30...K..rneE..wL|9.\.......R!..\w...|..j/5..J!I=
w...`rR..8-7.6..Y.!..9..ngQ.......4............*.8.Fzl.......j.o...}..
...zN..f.d.(.IZ4kg...i.l ...F|...>.F7..4.o;....).......p4.b.2]..,9.
:[email protected].$&..\ 3....5.^....p6~6..8E...nvA.G..$......)C...!...
B=.b..O......K5EF0jm..d....G.....Acs.....-.....d.".ApJ...Bn....Y...K..
.o-...f.....K..r....h%...z....2 ..Y.V.5..:s.....l^....#.../.oH.^{....(
......Xu|b..Wf. !.H.....O5 ...3j.F._...h...a.T.7'p..N}F.....6.J....F..
.........z..[..(^u9O.y..........Z.e9g..Z9_c..*.g...w..7A7.(...p/...dU.
.c..>~.%;'.... ..3..e..q.w...\ak?.2L...&....k'..5.s..z[.B#....B...6
..T..2...).9s..%..$..`...~.P...8..........hT..N...`N...N...f['..x.
<<< skipped >>>

GET /jsn/hotdata.js?V=1401497012473 HTTP/1.1


Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: 123.sogou.com
Connection: Keep-Alive
Cookie: ipt=0; SDUV=1401497012410_8083_00001; CKOR=1809_00001_00000; CKOD=9903_00000_00000; GOTO=Af22014


HTTP/1.1 200 OK
Server: nginx
Date: Sat, 31 May 2014 05:36:38 GMT
Content-Type: application/x-javascript; charset=gbk
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 30 May 2014 10:57:42 GMT
Set-Cookie: IPLOC=CA; path=/
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Expires: Tue, 03 Jun 2014 05:36:38 GMT
Cache-Control: max-age=259200
Content-Encoding: gzip
c3d.............YkO.K../D.v...kz./."? ...ro.$...............T..=C..~.(
.=...:Uu...t.H'........3.....o;..l.[.2.k.....Y3..L.Z..2;...#.P..S.....
./......y.|.8.......E.k..]............O?.....:N..../?.....kD.X.V......
_.p....._.N......tq..o.J.?...i........SQk}.......*>i.....8..a.....?
.T.zSk\.....Mr...zZm.F....Y.r.........?.....;...r...}.....ZZ..w.|.De6o
...i7.3"?.......c..V..'..6...*.xO..Bj..8.~_y.q.i....y...N{...........E
.. ./.}..i......b...6G.~s..g...&...02..j....k..B...h;....~.....p..:!.]
...?_.L;..#EW(...q.}P=O._w..;.....D.j.Ut."'#o..$.5"/..8..QM.'...dw|...
.V..#...96U..XA3....6.b.]%..F..H..q....j..#m..c.LT.......?.....*(i....
.._.....'..r.`.....M.*..5.....*....k.. .1.V..........g....$1.t.m)....C
gRy.U.......z.. ..V..H.......J).P...X..?.O......I5.,.7.%.|.8..Y.!.\...
w...rl.=P...WY..5.z.,..[....`h...mO.4h...Hsk.#...a.XWB.v...5.x.t..:...
QTmD.......1....p).....0..W$...'(.C...3....t..Q{e....(...Z..o.g....E#.
.r.?.].9..G..$H{"b.}e......R.Y..u9...w.v'-F..!'.H......$......I...&...
..J$.ZkN-....@f!l|9...jM.dvj,...4¹.......B....V.J..G..E,.*..r.Q^D...
P......SiWT.W.Z.5jQ.F..0m.....d......&......K.o.bIB.4......b.O.V..mBb.
....._..n.F5B.R....[....E..g.P.q...2.........j ].]..n...".Q...j...{"..
.M.p..E5...`.=.8.../I..i.1...,...3.".wZ..z...=....G..._..T.P..\.Q..W..
.7..X.#PC.....k4Z..B..*6....JHA..7....QU0...C..mB.....(g$7|Np;..u.j(/.
aiL......9........|.&.*<....u......Zbm...WIDW..../....e..>.G..@.
[email protected]{.>.Wh.Y......>....h.)...}..e.A...z.v......U.,:.
.(.U.X..0l......e...;~.1....c2.(V...u,.<.Ds..:f..Z.... .k......
<<< skipped >>>

GET /images/weather/cloudy.gif HTTP/1.1


Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: 123.sogou.com
Connection: Keep-Alive
Cookie: ipt=0; SDUV=1401497012410_8083_00001; CKOR=1809_00001_00000; CKOD=9903_00000_00000; IPLOC=CA; GOTO=Af22014; SUV=00CB499AB86B262653896A663C256764


HTTP/1.1 200 OK
Server: nginx
Date: Sat, 31 May 2014 05:36:40 GMT
Content-Type: image/gif
Content-Length: 1663
Connection: keep-alive
Last-Modified: Sun, 09 Oct 2011 10:21:06 GMT
ETag: "4e917592-67f"
Expires: Fri, 27 Jun 2014 07:03:51 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
GIF89a(.(.............................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
..............................y.......................................
......................................................................
......................................................................
......................................................................
...........!.......,....(.(........H......*\......#J.H1..t..bCa..(Q..e
L(..7........H..x]..H..ff\[email protected]..
...ajT.Q..H.#F......Xa.....04. eS...z.*E....E.......?Ql...'.&*.k402...
6l.D...L#(v<.2....g..)Q....W#0..!.G//q.....N.0.....Q........... 2x.
..........y....Z...Yx...#Sh..$....~..8.a..KY...*[email protected]......
..q..r.".X.B.^..I.1...;.es...$....x"..q$QA.)\....X`..P.......J8.....aq
p...L..!..`.1..r.......".....h.N7.}..$...C.Q......P.(<....?....t...
..!.N45.B.*[email protected]...<!$.20P`..Pd.. Y....)..B..
......H............"..#..........D.Z,...E.RD 3... \,..;.T..2V`.H.. .D"
L......A.!R.!B.....C]$..0[...4R.2..D..A!j...0?DAG..84.&.T1..R....6H!..
eD.B..t.......-s81.......?.R./..1F...D..v....O..H#..-uB..3.=Xc....
<<< skipped >>>

GET /v53/get_tj.php?hz=4671656&ids=qiche HTTP/1.1


Accept: */*
Accept-Language: en-us
Referer: hXXp://123.sogou.com/?22014
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: 123.sogou.com
Connection: Keep-Alive
Cookie: ipt=0; SDUV=1401497012410_8083_00001; CKOR=1809_00001_00000; CKOD=9903_00000_00000; IPLOC=CA; _seCityCode2=CN110100; tjv2_cont=00_01_08_09; GOTO=Af22014; SUV=00CB499AB86B262653896A663C256764


HTTP/1.1 200 OK
Server: nginx
Date: Sat, 31 May 2014 05:36:46 GMT
Content-Type: text/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.1.6
10cb..{"qiche":[{"tab":"\u6c7d\u8f66","taburl":"http:\/\/123.sogou.com
\/shwz\/qiche.html","list":[{"picurl":"http:\/\/pic2.xcarimg.com\/img\
/news_photo\/2014\/05\/28\/i8g7XZO1lz1162.jpg","url":"http:\/\/topic.x
car.com.cn\/201404\/ford562\/?zoneclick=101487","title":"\u798f\u7279\
u7ffc\u864e","price":""},{"picurl":"http:\/\/pic4.xcarimg.com\/img\/ne
ws_photo\/2014\/05\/29\/mE8bXnNioe2802.jpg","url":"http:\/\/price.xcar
.com.cn\/serise1168\/city9999-1-1.htm?zoneclick=100517","title":"\u54c
8\u5f17H6\u21938\u5343","price":""},{"url":"http:\/\/price.xcar.com.cn
\/serise630\/city9999-1-1.htm?zoneclick=100517","title":"\u79d1\u9c81\
u5179\u4e09\u53a2 \u73b0\u91d1\u4f18\u60e03\u4e07\u5143","color":false
},{"url":"http:\/\/price.xcar.com.cn\/serise1933\/city9999-1-1.htm?zon
eclick=100517","title":"\u79d1\u9c81\u5179\u6380\u80cc \u73b0\u4f18\u6
0e01.3\u4e07\u5143","color":false},{"url":"http:\/\/price.xcar.com.cn\
/serise109\/city9999-1-1.htm?zoneclick=100517","title":"\u5609\u5e74\u
534e\u4e24\u53a2 \u73b0\u91d1\u4f18\u60e02\u4e07\u5143","color":false}
,{"url":"http:\/\/price.xcar.com.cn\/serise937\/city9999-1-1.htm?zonec
lick=100517","title":"\u96ea\u94c1\u9f99C5 \u73b0\u91d1\u4f18\u60e04.5
\u4e07\u5143","color":false}]},{"tab":"\u65b0\u8f66","taburl":"http:\/
\/123.sogou.com\/shwz\/qiche.html","list":[{"picurl":"http:\/\/pic1.xc
arimg.com\/img\/news_photo\/2014\/05\/29\/KCHDs5Hhfp1883.jpg","url":"h
ttp:\/\/price.xcar.com.cn\/serise561\/city9999-1-1.htm?zoneclick=10051
8","title":"\u950b\u8303","price":"\u964d2.6\u4e07"},{"picurl":"ht
<<< skipped >>>


GET /css/skin_.css?V=dr HTTP/1.1
Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: 123.sogou.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Sat, 31 May 2014 05:36:36 GMT
Content-Type: text/css
Content-Length: 21
Connection: keep-alive
Last-Modified: Tue, 20 Sep 2011 09:23:31 GMT
ETag: "4e785b93-15"
Expires: Sat, 31 May 2014 08:58:14 GMT
Cache-Control: max-age=259200
Accept-Ranges: bytes
/* skin default */.......


GET //v53/get_123_v53.php?block=wt&ver=v53&gfg=1&city=unknown&pid=Af22014&c=1401497012457&method=ajaf&cbf=fn HTTP/1.1


Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: 123.sogou.com
Connection: Keep-Alive
Cookie: ipt=0; SDUV=1401497012410_8083_00001; CKOR=1809_00001_00000; CKOD=9903_00000_00000; GOTO=Af22014


HTTP/1.1 200 OK
Server: nginx
Date: Sat, 31 May 2014 05:36:38 GMT
Content-Type: text/javascript; charset=gbk
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: IPLOC=CA; path=/
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
X-Powered-By: PHP/5.1.6
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: max-age=0
e02..sg_wt_cb({"cn":["110100","北京"],"wt7":[["2014-05-31"
,6,"多云转阴","cloudy.gif",24,34,"微'
118;"],["2014-06-01",0,"阴有分散性༅
3;雨","cloudy.gif",19,29,"微风"],["2014-06-02",1,"&#
38452;转晴","cloudy.gif",17,26,"微风"],["2014-
06-03",2,"晴转多云","fine_cloudy.gif",20,30,"&
#24494;风"],["2014-06-04",3,"多云","cloudy.gif",20,3
1,"微风"],["2014-06-05",4,"多云","cloudy.gif",
22,33,"微风"],["2014-06-06",5,"阴","cloudy.gif",23,3
2,"微风"]],"city":"CN110100","ip":""%local server IP%"","md":"05
-31","week":"6","nongli":"五月初三","tuanmv":"
","pm":163});tjv2_cb({"tj_utag":"00_01_08","data":{"news":[{"tab":"\u5
934\u6761","taburl":"http:\/\/123.sogou.com\/xinwen\/","list":[{"title
":"\u4e60\u8fd1\u5e73\uff1a\u7cbe\u5fe0\u62a5\u56fd\u662f\u4e00\u751f\
u76ee\u6807","picurl":1,"url":"http:\/\/news.sohu.com\/20140531\/n4002
76114.shtml?pvid=7d0a16e31613c9e0","color":false},{"title":"\u5728\u59
27\u9a6c\u906d\u7ed1\u67b6\u4e0a\u6d77\u5973\u6e38\u5ba2\u83b7\u91ca "
,"picurl":0,"url":"http:\/\/news.sohu.com\/20140531\/n400276480.shtml?
pvid=7d0a16e31613c9e0","color":false},{"title":"\u4eba\u5927\u539f\u59
04\u957f\u53d7\u8d3f\uff1a50\u4e07\u964d200\u5206","picurl":0,"url":"h
ttp:\/\/news.163.com\/14\/0531\/02\/9THQAFRI00014AED.html","color":fal
se},{"title":"\u5c11\u5e74\u81ea\u8ba4\u7b2c\u4e00\u7f8e\u7537 \u8
<<< skipped >>>

GET /images/weather/cloudy.gif HTTP/1.1


Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: 123.sogou.com
Connection: Keep-Alive
Cookie: ipt=0; SDUV=1401497012410_8083_00001; CKOR=1809_00001_00000; CKOD=9903_00000_00000; IPLOC=CA; GOTO=Af22014; SUV=00CB499AB86B262653896A663C256764


HTTP/1.1 200 OK
Server: nginx
Date: Sat, 31 May 2014 05:36:40 GMT
Content-Type: image/gif
Content-Length: 1663
Connection: keep-alive
Last-Modified: Sun, 09 Oct 2011 10:21:06 GMT
ETag: "4e917592-67f"
Expires: Fri, 27 Jun 2014 07:03:51 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
GIF89a(.(.............................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
..............................y.......................................
......................................................................
......................................................................
......................................................................
...........!.......,....(.(........H......*\......#J.H1..t..bCa..(Q..e
L(..7........H..x]..H..ff\[email protected]..
...ajT.Q..H.#F......Xa.....04. eS...z.*E....E.......?Ql...'.&*.k402...
6l.D...L#(v<.2....g..)Q....W#0..!.G//q.....N.0.....Q........... 2x.
..........y....Z...Yx...#Sh..$....~..8.a..KY...*[email protected]......
..q..r.".X.B.^..I.1...;.es...$....x"..q$QA.)\....X`..P.......J8.....aq
p...L..!..`.1..r.......".....h.N7.}..$...C.Q......P.(<....?....t...
..!.N45.B.*[email protected]...<!$.20P`..Pd.. Y....)..B..
......H............"..#..........D.Z,...E.RD 3... \,..;.T..2V`.H.. .D"
L......A.!R.!B.....C]$..0[...4R.2..D..A!j...0?DAG..84.&.T1..R....6H!..
eD.B..t.......-s81.......?.R./..1F...D..v....O..H#..-uB..3.=Xc....
<<< skipped >>>


GET /imgn/v32/selogo_111207.png HTTP/1.1
Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: p1.123.sogoucdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Sat, 31 May 2014 05:36:37 GMT
Content-Type: image/png
Content-Length: 12155
Last-Modified: Wed, 20 Jun 2012 04:23:24 GMT
Connection: keep-alive
Expires: Mon, 30 Jun 2014 05:36:37 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
.PNG........IHDR...a...?.....V.......pHYs................OiCCPPhotosho
p ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE.........
..Q,......!.........{.k........>...........H3Q5...B..........@..$p.
...d!s.#...~<< ".....x.....M..0.....B.\[email protected]..@F....
&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH..
...........0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I.
 [email protected]..._-...."[email protected]~..,/...;.
.m..%..h^[email protected].~<<E.........J.B[a.W}.g._.W.l.~<..
....$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..&
gt;.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..?..
..D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/[email protected]..=p..
a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2...
.G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,..c.
."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.X
H,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,  .......3...!.[.
[email protected].(R.jJ....4..e.2AU..R...T.5.ZB...R.Q...4u.9...IK......h.h.i..t.
....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....J.&
..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.._.
.. .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....).).
.4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....Dw.
n.....^..Lo..y....}/.T.m...G.X...$.....<.5qo<./...QC][email protected]....
..<..F.F..i.\.$.m.m..&.&!&KM.M..RM..).;L;L........5.=1.2.......
<<< skipped >>>


GET /imgu/2013/08/20130820165531_481.gif HTTP/1.1
Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: p6.123.sogoucdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Sat, 31 May 2014 05:36:37 GMT
Content-Type: image/gif
Content-Length: 2049
Last-Modified: Tue, 20 Aug 2013 08:55:31 GMT
Connection: keep-alive
Expires: Mon, 30 Jun 2014 05:36:37 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
GIF89a..y....1.....A.....c........t..S........9........I........Y..j..
.........<..L.....y.................X...........T..s.....J..J..a..c
....................................................................!.
....*.,[email protected],....r.l:...tJ.*.X.*......6.]...3Z.^.........^..
m........M\fDyH.[G.t.D.t.D........D..Y.X..D..........C..............c_
x.......K..J. C.J....*..H......I.Y...I....J....".....G..X..H.....@....
...".`O..e.28A....%..a..B... C...a...I.....$..EF\[email protected].. 2........h0
d...H."e9AH....X.....1.....5...U.....lY,[email protected]....$......
.'.....@ 8".Wc.]..U. ...."\[email protected]..;....8..A.;.....
..........@..%[email protected]..>.p..C,..H@..@......"
.]...u.B...0.....S...A.].."A......X(.............z\80Ak...@[email protected]..
..g..#)..v.p... [email protected].,[email protected]...\D..X.Q......9Ch..\B..@.
ExW...`..5.`..[CH..5Hx."...@X..,..nF .H0W0....F...*[email protected]...
&%.....0.wX.p....!......{XL"`..0P.v.bq....`A..0.......}h9....(@..]9...
...M\.T.... ...........W......:P.p.d?.DG.B..OA.<. .....U&..U.x.y...
[email protected]....(...@.....,...(
4...Ll....`.4.....5.p...D.pY.>.,F...q.......K..A.X.)....-.......B.P
c....x .0p.`.0...^....C|l.........V..........!.".*3.BT........oX B&.q.
..s.$`[email protected]]..m^@......!..A..k.6.b.yD..d.....o.Gc.$L.y.
.Bj^...S..O.S...............R?.E.Fz... [email protected]%...m]..
.......... ..@...........&$...`*..n.C....?....0..0 b.b..Dh..0....L.aH.
*R..(.........>F.M.p(.S...g<.....5.!Bi,...t.9.....c..p..de..
<<< skipped >>>


GET /favicon.ico HTTP/1.1
Accept: */*
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Pragma: no-cache
Cache-Control: no-cache
Connection: Close
Host: 123.sogou.com


HTTP/1.1 200 OK
Server: nginx
Date: Sat, 31 May 2014 05:36:58 GMT
Content-Type: image/x-icon
Content-Length: 1150
Connection: close
Last-Modified: Wed, 21 Sep 2011 09:58:33 GMT
ETag: "4e79b549-47e"
Expires: Fri, 27 Jun 2014 07:03:46 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
............ .h.......(....... ..... .....@...........................
........ddd.aaa.___.]]].[[[.XXX.VVV.UUU.............................ii
if............................VVV.UUUl....................}}}.........
............................fff.UUU................o..........v..t...q
..........................bbb.UUUQ....xxx...........F..o..............
.y............A.........VVV.UUU....v.........b...{...........}....!...
............ .....~~~.VVVT.........r#..o...w...v...h....E.............
.....w..........XXX..........W...q...h...y(...........................
....U.....[[[..........X...g....E..........................y......../.
....]]]..........g...[........................v..p............G.....__
_...........P..l...................b...o...~.......y..........aaa.....
.........^...............X...s...x...|...|...n..........ddd-..........
...................T...l...o...m...b..........~~~.....................
.................{6..o ...Z.............kkk...........................
..............................qqq............................&........
................... ..................................................
................................



GET /imgn/v32/selogo_111207.png HTTP/1.1
Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: p8.123.sogoucdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Sat, 31 May 2014 05:36:40 GMT
Content-Type: image/png
Content-Length: 12155
Last-Modified: Wed, 20 Jun 2012 04:23:24 GMT
Connection: keep-alive
Expires: Mon, 30 Jun 2014 05:36:40 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
.PNG........IHDR...a...?.....V.......pHYs................OiCCPPhotosho
p ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE.........
..Q,......!.........{.k........>...........H3Q5...B..........@..$p.
...d!s.#...~<< ".....x.....M..0.....B.\[email protected]..@F....
&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH..
...........0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I.
 [email protected]..._-...."[email protected]~..,/...;.
.m..%..h^[email protected].~<<E.........J.B[a.W}.g._.W.l.~<..
....$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..&
gt;.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..?..
..D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/[email protected]..=p..
a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2...
.G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,..c.
."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.X
H,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,  .......3...!.[.
[email protected].(R.jJ....4..e.2AU..R...T.5.ZB...R.Q...4u.9...IK......h.h.i..t.
....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....J.&
..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.._.
.. .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....).).
.4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....Dw.
n.....^..Lo..y....}/.T.m...G.X...$.....<.5qo<./...QC][email protected]....
..<..F.F..i.\.$.m.m..&.&!&KM.M..RM..).;L;L........5.=1.2.......
<<< skipped >>>


GET /material/d7/4/a9ac5ed3b828895d94097c8c6faba.jpg HTTP/1.1
Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/shehui_509_366.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cache.adm.cnzz.net
Connection: Keep-Alive


HTTP/1.1 302 Moved Temporarily
Server: Tengine
Date: Sat, 31 May 2014 05:37:04 GMT
Content-Type: text/html
Content-Length: 266
Connection: keep-alive
Location: hXXp://cache.adm.cnzz.net/noname.gif
X-Cache: MISS TCP_REFRESH_MISS dirn:-2:-2
Via: e736461d.cn12
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">..<html>
..<head><title>302 Found</title></head>..<b
ody bgcolor="white">..<h1>302 Found</h1>..<p>The 
requested resource resides temporarily under a different URI.</p>
;..<hr/>Powered by Tengine/1.4.2..</body>..</html>..
....


GET /noname.gif HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/shehui_509_366.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cache.adm.cnzz.net
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine
Date: Sat, 31 May 2014 05:37:04 GMT
Content-Type: image/gif
Content-Length: 0
Connection: keep-alive
Last-Modified: Fri, 21 Oct 2011 09:36:11 GMT
Expires: Sat, 31 May 2014 15:09:14 GMT
Cache-Control: max-age=86400
Content-Disposition: : attachment;
Accept-Ranges: bytes
Age: 52070
X-Cache: HIT TCP_MEM_HIT dirn:1:911992378
Via: 669f74c5.cn12



GET /img/news_photo/2014/05/28/i8g7XZO1lz1162.jpg HTTP/1.1
Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: pic2.xcarimg.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Expires: Fri, 29 May 2015 00:00:23 GMT
Date: Thu, 29 May 2014 00:00:23 GMT
Server: Apache
Last-Modified: Wed, 28 May 2014 09:00:18 GMT
Cache-Control: max-age=31536000
Content-Type: image/jpeg
Content-Length: 4997
Accept-Ranges: bytes
Xcar-Cache-Server: imgcache2-HIT
Age: 1
X-Via: 1.1 zjjx155:8106 (Cdn Cache Server V2.0), 1.1 gl24:5 (Cdn Cache Server V2.0)
Connection: keep-alive
......Exif..II*.................Ducky.......<.....)hXXp://ns.adobe.
com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?&g
t; <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-
c060 61.134777, 2010/02/12-17:32:00        "> <rdf:RDF xmlns:rdf
="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description
 rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="ht
tp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.
0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5 Windows" xm
pMM:InstanceID="xmp.iid:633AAA3AE18C11E39608B049DDD009CF" xmpMM:Docume
ntID="xmp.did:633AAA3BE18C11E39608B049DDD009CF"> <xmpMM:DerivedF
rom stRef:instanceID="xmp.iid:633AAA38E18C11E39608B049DDD009CF" stRef:
documentID="xmp.did:633AAA39E18C11E39608B049DDD009CF"/> </rdf:De
scription> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"
?>....Adobe.d......................................................
......................................................................
.....................U._..............................................
..........................................!1..A".Qaq2....#..BRbr...3$%
..CS4T.......................!1.A..Qaq."2........B............?...ffm.
[email protected]~<..z.v...X.U....?.........#.*...i`.C.x......G.
..ra....5.....5.0@BEb).C.sh.f..........9............Q...x......K1(.xh.
P..b.m.:P..d,.....P.~b.t.cT.....*>^...........W....0.;FU..C.PA..5.w
...:..Q..h.!......b...O....T.......Kx...c.. io..Sf.....Mj..*...i .
<<< skipped >>>


GET /stat/?v=1&ac=setup&name=%original file name%.exe&mac=00-0C-29-D6-C5-9B&md5=ace8fd4527cbb1f50d0250340f929a7e HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
Host: stat.fjmjm.com
Cache-Control: no-cache


HTTP/1.1 200 OK
Date: Sat, 31 May 2014 05:36:24 GMT
Server: Microsoft-IIS/6.0
Who: ShanIE
Content-Length: 3204
Content-Type: text/html
Set-Cookie: ASPSESSIONIDACSSDCBR=FKKOEGAACCANBJNHEIGDABHM; path=/
Cache-control: private
..[ShortCut_1]..Desc=360............Hint=360............Name=360......
......URL=hXXp://VVV.jlbnh.com..Icon=ico\360.ico..[ShortCut_2]..Desc=I
nternet Explorer..Hint=Internet Explorer..Name=Internet Explorer..URL=
hXXp://VVV.jlbnh.com..Icon=ico\ie.ico..[SoftWare_1]..Desc=..........Hi
nt=..........Name=F30241_s_0523..URL=hXXp://down.icudi.org:99/F30241_s
_0523.rar..reg=HKLM\SOFTWARE\Baidu\BaiduSd\InstallDir..[SoftWare_2]..D
esc=..........Hint=..........Name=emaaif_70690..URL=hXXp://down.icudi.
org:99/emaaif_70690.rar..reg=HKLM\SOFTWARE\Baidu\BaiduAn\InstallDir..[
SoftWare_3]..Desc=......Hint=......Name=kuping_b_54282..URL=hXXp://dow
n.icudi.org:99/kuping_b_54282.rar..reg=HKCU\Software\Kuping\InstallPat
h..[SoftWare_4]..Desc=..........Hint=..........Name=pczh_98_2..URL=htt
p://down.icudi.org:99/pczh_98_2.rar..reg=HKLM\SOFTWARE\Microsoft\Windo
ws\CurrentVersion\App Paths\Ainqngz3.9.exe\..[SoftWare_5]..Desc=......
..Hint=........Name=-8853_1_mvy..URL=hXXp://down.icudi.org:99/-8853_1_
mvy.rar..reg=HKLM\SOFTWARE\Mnying\Mnyingfiledir..[SoftWare_6]..Desc=..
.... ..Hint=........Name=yxku_s[106]..URL=hXXp://down.icudi.org:99/yxk
u_s[106].rar..reg=HKCU\Software\yxkuBox\InstallPath..[SoftWare_7]..Des
c=......Hint=......Name=xkss_50041..URL=hXXp://down.icudi.org:99/xkss_
50041.rar..reg=HKCU\Software\xuankusoso\InstallMode..[SoftWare_9]..Des
c=....FM..Hint=....FM..Name=setup_3128..URL=hXXp://down.icudi.org:99/s
etup_3128.rar..reg=HKLM\SOFTWARE\YYMusic3\rd..[SoftWare_11]..Desc=....
......Hint=..........Name=BaiduPlayerNetSetup_284..URL=hXXp://down
<<< skipped >>>


GET /media/id=nHRLPjm3nWRY&gp=401&time=nHnLPjmzrHckPs.jpg HTTP/1.1
Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/shehui_509_366.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: drmcmm.baidu.com
Connection: Keep-Alive


HTTP/1.1 404 Not Found
Content-Type: text/html
Date: Sat, 31 May 2014 05:37:04 GMT
Server: apache
Content-Length: 345
<?xml version="1.0" encoding="iso-8859-1"?>.<!DOCTYPE html PU
BLIC "-//W3C//DTD XHTML 1.0 Transitional//EN".         "hXXp://VVV.w3.
org/TR/xhtml1/DTD/xhtml1-transitional.dtd">.<html xmlns="hXXp://
VVV.w3.org/1999/xhtml" xml:lang="en" lang="en">. <head>.  <
;title>404 - Not Found</title>. </head>. <body>. 
 <h1>404 - Not Found</h1>. </body>.</html>.HTT
P/1.1 404 Not Found..Content-Type: text/html..Date: Sat, 31 May 2014 0
5:37:04 GMT..Server: apache..Content-Length: 345..<?xml version="1.
0" encoding="iso-8859-1"?>.<!DOCTYPE html PUBLIC "-//W3C//DTD XH
TML 1.0 Transitional//EN".         "hXXp://VVV.w3.org/TR/xhtml1/DTD/xh
tml1-transitional.dtd">.<html xmlns="hXXp://VVV.w3.org/1999/xhtm
l" xml:lang="en" lang="en">. <head>.  <title>404 - Not 
Found</title>. </head>. <body>.  <h1>404 - Not
 Found</h1>. </body>.</html>...



GET /stat/?ac=stat&name=%original file name%.exe&mac=00-0C-29-D6-C5-9B&md5=ace8fd4527cbb1f50d0250340f929a7e HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: stat.fjmjm.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Sat, 31 May 2014 05:36:30 GMT
Server: Microsoft-IIS/6.0
Who: ShanIE
Content-Length: 0
Content-Type: text/html
Set-Cookie: ASPSESSIONIDACSSDCBR=HKKOEGAAKEPNDCJBNCKCPOFN; path=/
Cache-control: private



GET /imgn/v32/skin2_0.gif HTTP/1.1
Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: p1.123.sogoucdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Sat, 31 May 2014 05:36:37 GMT
Content-Type: image/gif
Content-Length: 592
Last-Modified: Wed, 20 Jun 2012 04:23:24 GMT
Connection: keep-alive
Expires: Mon, 30 Jun 2014 05:36:37 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
GIF89a..........Ly.Ky.Aq.Et.Iw.S..W..Z..[..a..d..c..e..g..w...........
........................s.............................................
......................................................................
......................................................................
......................................................................
...............................................!.....s.,............s.
s...s ..................)q(....&X*....#qnmol!!p<Pad%..$igbf`ch\OYIQ
"...rlj_^]PMK/U:..s...pe[ZJG7'......kNLH6CF*....W.EB35-..s............
.B$...=~.HX...*8...... ..B...`..@.;HTTP/1.1 200 OK..Server: nginx/1.4.
1..Date: Sat, 31 May 2014 05:36:37 GMT..Content-Type: image/gif..Conte
nt-Length: 592..Last-Modified: Wed, 20 Jun 2012 04:23:24 GMT..Connecti
on: keep-alive..Expires: Mon, 30 Jun 2014 05:36:37 GMT..Cache-Control:
 max-age=2592000..Accept-Ranges: bytes..GIF89a..........Ly.Ky.Aq.Et.Iw
.S..W..Z..[..a..d..c..e..g..w...................................s.....
......................................................................
......................................................................
......................................................................
......................................................................
.................!.....s.,............s.s...s ..................)q(...
.&X*....#qnmol!!p<Pad%..$igbf`ch\OYIQ"...rlj_^]PMK/U:..s...pe[ZJG7'
......kNLH6CF*....W.EB35-..s.............B$...=~.HX...*8...... ..B...`
..@.;....
<<< skipped >>>


GET /v53/imgn/v53_arrow_h.gif HTTP/1.1
Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: d.123.sogoucdn.com
Connection: Keep-Alive

GET /v53/imgn/v53_arrow_h.gif HTTP/1.1
Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: d.123.sogoucdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Sat, 31 May 2014 05:36:40 GMT
Content-Type: image/gif
Content-Length: 1036
Last-Modified: Thu, 14 Nov 2013 11:00:56 GMT
Connection: keep-alive
Accept-Ranges: bytes
GIF89aQ.}..........1..b.......................C.....t.................
............G...........j........}..T.................................
.................................................................!....
.).,....Q.}........(....r.l:...0E.Z...v..z...xL.o...z}-..p.;N.W.......
&. .z.waZ........z|W.........#.v.W.X!...u.)..Z$.$.q....\...{.U....[...
j.....Z..........[....d...\....f...[. .i.).!X..e.....).......]Q0......
...%..@$"(.8....t.b..q#.......e...C..\..%..B..|.sK..NPz..E.......8s...
.T..R.q.SYO9:..u...U?^......k.j.J...Bb..%....H`...jv......i...Z...~.\O
.R..*x.B..R...(V..L..]4..<./.5."...q.d.....@ sT........k1..W.R[N...
ws....p9.../n....Y.3'C....b*D..8M.........w......PM...N..-.}......b.~.
...w.}..h....WE}...`...W`9`=.!.U1x.n....\.]h.TU.". ."2.Z..aXF.m<U.s
.)7..Z.H..Z...R..H..d...........6b]D...i....^U.x.`P.yW.m.uT..eya.t..#G
f...aj..Q......V..d.^....brE..|..e.y....".D.N>....C...N9E..M..1.I..
*....j...r.. ...E"[email protected].... -.l.....#........0..4.j
P.5.\.-...#N.....:..#)@<..k.=.......K.A.....V8..D..,....l... ...;font>....


GET /v53/imgn/guide_tip.png HTTP/1.1


Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: d.123.sogoucdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Sat, 31 May 2014 05:36:46 GMT
Content-Type: image/png
Content-Length: 10442
Last-Modified: Thu, 14 Nov 2013 11:00:56 GMT
Connection: keep-alive
Accept-Ranges: bytes
.PNG........IHDR.......J.......D.....tEXtSoftware.Adobe ImageReadyq.e&
lt;...$iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.0-c061 64.140949, 2010/12/07-10:57:01        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CS5.1 Macintosh" xmpMM:InstanceID="xmp.iid:CEC0416D02FB11E388CB8B
2E3040A42A" xmpMM:DocumentID="xmp.did:CEC0416E02FB11E388CB8B2E3040A42A
"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:CEC0416B02FB11E3
88CB8B2E3040A42A" stRef:documentID="xmp.did:CEC0416C02FB11E388CB8B2E30
40A42A"/> </rdf:Description> </rdf:RDF> </x:xmpmeta&
gt; <?xpacket end="r"?>.Z....%<IDATx..].....&.(..."...ky.....
.f...7..........W@%.`..@A.*(...P..;K......E|..;g.....?[....>.<..
...........i......h-....@_~.. _&.2%...<..........k......w.d./.....U
 8..r./=|..9.{.P .IT.r.J.b].|...3|....../7....]1..=?..M]Y.f.....n...7l
.:w......Vk?.gkk 8.z..........ps...^p........P-....Z..._.6l.....KWWW.j
jj...........Q..P.~.|..Y..O......... .}...GI...3k..#......KS.....n..r.
rm..../.....'JUUU..aIT....V......4...]P.......M.....Y..xju6...2...|.o3
......?...>X\..V[[......}(//........o.CEM...f.N..Z.....O. ..7hU.qC=
p&/........@.|'gA.1.>.$....{@t..P...um..A..8..].v.;..D.b.]..ss.
<<< skipped >>>


GET /miniindex/inc/stylemini.css HTTP/1.1
Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 11323
Content-Type: text/css
Last-Modified: Thu, 10 Apr 2014 18:35:54 GMT
Accept-Ranges: bytes
ETag: "0a189b4eb54cf1:416"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 05:37:00 GMT
img{border:0}..#mini_wrap .bor_n {...border: 0px currentColor;..}..#mi
ni_wrap .none {...display: none;..}..#mini_wrap {.....}..#closehBtn {.
..background: url("close.png") no-repeat 0px 0px; padding: 0px; top: 0
px; width: 40px; height: 19px; color: rgb(11, 59, 140); font-size: 14p
x; vertical-align: 0px; position: relative;..}..#closehBtn:hover {...b
ackground: url("close.png") no-repeat -40px 0px;..}..#minBtn {...backg
round: url("min.png") no-repeat 0px 0px; padding: 0px; top: 0px; width
: 27px; height: 19px; color: rgb(11, 59, 140); font-size: 14px; vertic
al-align: 0px; position: relative;..}..#minBtn:hover {...background: u
rl("min.png") no-repeat -27px 0px;..}...wrapper {...margin: 0px auto; 
width: 698px; height: 399px; text-align: left;..}...normal_bg {...back
ground: url("normal_bg.png") no-repeat 0px 0px rgb(255, 255, 255);..}.
..body_bg {...position: relative;..}...header {...width: 698px; height
: 33px;..}...nav_box .refresh_box a {...background-image: url("ico_new
2.png"); background-repeat: no-repeat;..}...nav_box .on_bg {...backgro
und-image: url("ico_new2.png"); background-repeat: no-repeat;..}...nav
_box {...padding: 4px 0px 0px 10px; width: 688px;..}...nav_box span {.
..color: rgb(188, 202, 224); float: left;..}...nav_box a {...width: 45
px; height: 26px; text-align: center; color: rgb(11, 59, 140); padding
-top: 3px; font-size: 14px; text-decoration: none; display: inline-blo
ck; position: relative; _vertical-align: middle;..}...nav_box .on_bg {
...background-position: 0px -460px; left: 18px; width: 9px; height
<<< skipped >>>

GET /miniindex/xinwen.htm?time=undefined HTTP/1.1


Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://VVV.mdtxw.org/miniindex/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 7368
Content-Type: text/html
Last-Modified: Wed, 16 Apr 2014 14:44:27 GMT
Accept-Ranges: bytes
ETag: "5947395e8259cf1:416"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 05:37:02 GMT
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "htt
p://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<HTML xm
lns="hXXp://VVV.w3.org/1999/xhtml"><HEAD><META content="IE
=10.000" http-equiv="X-UA-Compatible">. ..<meta http-equiv="Cont
ent-Type" content="text/html; charset=gb2312">.. ..<meta name="r
obots" content="noindex, nofollow,nosnippet,noarchive,noodp">..<
title>......</title>..<link href="inc/style.css" rel="styl
esheet" type="text/css">.. ..<style type="text/css">..       
     * { padding:0px;..                margin:0px;..            }..   
         .roll-news {..                width:220px;..                h
eight:150px;..                border:solid 1px #c1c1c1;..             
   overflow:hidden;..            }..            .roll-news-index-hover
 {..                background-color:white !important;..            }.
.            .roll-news-image a img {..                width:220px;.. 
               height:150px;..            }..            .roll-news-in
dex {..                position:relative;..                top:-22px;.
.                float:right;..                width: 60px;..         
   }..            .roll-news-index li {..                list-style:no
ne;..                float:left;..                font-size:12px;..   
             font-weight:600;..                width:8px;..           
     height:16px;..                line-height:16px;..                
cursor:pointer;..                margin:0 3px 0 0;..              
<<< skipped >>>

GET /miniindex/lieqi_509_366.htm?time=undefined HTTP/1.1


Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://VVV.mdtxw.org/miniindex/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 13149
Content-Type: text/html
Last-Modified: Mon, 14 Apr 2014 11:01:34 GMT
Accept-Ranges: bytes
ETag: "0bbf6e5d057cf1:416"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 05:37:02 GMT
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "htt
p://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xm
lns="hXXp://VVV.w3.org/1999/xhtml"><head><meta http-equiv=
"Content-Type" content="text/html; charset=GBK">..<title>mini
_509_366</title>..<base href="." target="_blank" />..    .
.<style type="text/css">../*....*/..html,..body{ overflow:hidden
; }..body,div,dl,dt,dd,ul,ol,li,h1,h2,h3,h4,h5,h6,form,input,textarea,
p,th,td,button { padding:0; margin:0;}..input,label,select,option,text
area,button { font:12px/18px Simsun, Helvetica, Arial, sans-serif; }..
table { border-collapse:collapse; border-spacing:0; }..ul { list-style
:none; }..img { border:none; }..button { cursor:pointer; }..input,text
area { font-size:12px; }..body { font:12px/18px Simsun, Helvetica, Ari
al, sans-serif; text-align:center;}..a { text-decoration:none; color:#
333333; }..a:hover { text-decoration:underline; color:#BD0A01; }..::se
lection {background-color:#669800;color:#FFFFFF;}..::-moz-selection {b
ackground-color:#669800;color:#FFFFFF;}...list_pic li.noMargin{margin:
0}../*global*/...more,...home,...at_me { display:inline-block; }...wb_
ico { background-position:right 3px; padding-right:10px; }...more_box{
 margin-left:4px; position:relative;}...more { width:6px; height:5px; 
position:absolute; left:0;_left:4px; top:3px; background-position:-14p
x -40px; }...vico { background-position:0 -114px; padding-left:23px; }
...vico_right{ padding-right:20px; background-position:right -496p
<<< skipped >>>

GET /miniindex/jiankang_509_366.htm?time=undefined HTTP/1.1


Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://VVV.mdtxw.org/miniindex/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 13037
Content-Type: text/html
Last-Modified: Mon, 14 Apr 2014 11:01:30 GMT
Accept-Ranges: bytes
ETag: "06194e3d057cf1:416"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 05:37:02 GMT
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "htt
p://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xm
lns="hXXp://VVV.w3.org/1999/xhtml"><head><meta http-equiv=
"Content-Type" content="text/html; charset=GBK">..<title>mini
_509_366</title>..<base href="." target="_blank" />..    .
.<style type="text/css">../*....*/..html,..body{ overflow:hidden
; }..body,div,dl,dt,dd,ul,ol,li,h1,h2,h3,h4,h5,h6,form,input,textarea,
p,th,td,button { padding:0; margin:0;}..input,label,select,option,text
area,button { font:12px/18px Simsun, Helvetica, Arial, sans-serif; }..
table { border-collapse:collapse; border-spacing:0; }..ul { list-style
:none; }..img { border:none; }..button { cursor:pointer; }..input,text
area { font-size:12px; }..body { font:12px/18px Simsun, Helvetica, Ari
al, sans-serif; text-align:center;}..a { text-decoration:none; color:#
333333; }..a:hover { text-decoration:underline; color:#BD0A01; }..::se
lection {background-color:#669800;color:#FFFFFF;}..::-moz-selection {b
ackground-color:#669800;color:#FFFFFF;}...list_pic li.noMargin{margin:
0}../*global*/...more,...home,...at_me { display:inline-block; }...wb_
ico { background-position:right 3px; padding-right:10px; }...more_box{
 margin-left:4px; position:relative;}...more { width:6px; height:5px; 
position:absolute; left:0;_left:4px; top:3px; background-position:-14p
x -40px; }...vico { background-position:0 -114px; padding-left:23px; }
...vico_right{ padding-right:20px; background-position:right -496p
<<< skipped >>>

GET /miniindex/xinwen.htm?time=undefined HTTP/1.1


Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://VVV.mdtxw.org/miniindex/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 7368
Content-Type: text/html
Last-Modified: Wed, 16 Apr 2014 14:44:27 GMT
Accept-Ranges: bytes
ETag: "5947395e8259cf1:416"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 05:37:03 GMT
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "htt
p://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<HTML xm
lns="hXXp://VVV.w3.org/1999/xhtml"><HEAD><META content="IE
=10.000" http-equiv="X-UA-Compatible">. ..<meta http-equiv="Cont
ent-Type" content="text/html; charset=gb2312">.. ..<meta name="r
obots" content="noindex, nofollow,nosnippet,noarchive,noodp">..<
title>......</title>..<link href="inc/style.css" rel="styl
esheet" type="text/css">.. ..<style type="text/css">..       
     * { padding:0px;..                margin:0px;..            }..   
         .roll-news {..                width:220px;..                h
eight:150px;..                border:solid 1px #c1c1c1;..             
   overflow:hidden;..            }..            .roll-news-index-hover
 {..                background-color:white !important;..            }.
.            .roll-news-image a img {..                width:220px;.. 
               height:150px;..            }..            .roll-news-in
dex {..                position:relative;..                top:-22px;.
.                float:right;..                width: 60px;..         
   }..            .roll-news-index li {..                list-style:no
ne;..                float:left;..                font-size:12px;..   
             font-weight:600;..                width:8px;..           
     height:16px;..                line-height:16px;..                
cursor:pointer;..                margin:0 3px 0 0;..              
<<< skipped >>>

GET /miniindex/lieqi_509_366.htm?time=undefined HTTP/1.1


Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://VVV.mdtxw.org/miniindex/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 13149
Content-Type: text/html
Last-Modified: Mon, 14 Apr 2014 11:01:34 GMT
Accept-Ranges: bytes
ETag: "0bbf6e5d057cf1:416"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 05:37:03 GMT
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "htt
p://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xm
lns="hXXp://VVV.w3.org/1999/xhtml"><head><meta http-equiv=
"Content-Type" content="text/html; charset=GBK">..<title>mini
_509_366</title>..<base href="." target="_blank" />..    .
.<style type="text/css">../*....*/..html,..body{ overflow:hidden
; }..body,div,dl,dt,dd,ul,ol,li,h1,h2,h3,h4,h5,h6,form,input,textarea,
p,th,td,button { padding:0; margin:0;}..input,label,select,option,text
area,button { font:12px/18px Simsun, Helvetica, Arial, sans-serif; }..
table { border-collapse:collapse; border-spacing:0; }..ul { list-style
:none; }..img { border:none; }..button { cursor:pointer; }..input,text
area { font-size:12px; }..body { font:12px/18px Simsun, Helvetica, Ari
al, sans-serif; text-align:center;}..a { text-decoration:none; color:#
333333; }..a:hover { text-decoration:underline; color:#BD0A01; }..::se
lection {background-color:#669800;color:#FFFFFF;}..::-moz-selection {b
ackground-color:#669800;color:#FFFFFF;}...list_pic li.noMargin{margin:
0}../*global*/...more,...home,...at_me { display:inline-block; }...wb_
ico { background-position:right 3px; padding-right:10px; }...more_box{
 margin-left:4px; position:relative;}...more { width:6px; height:5px; 
position:absolute; left:0;_left:4px; top:3px; background-position:-14p
x -40px; }...vico { background-position:0 -114px; padding-left:23px; }
...vico_right{ padding-right:20px; background-position:right -496p
<<< skipped >>>

GET /miniindex/jiankang_509_366.htm?time=undefined HTTP/1.1


Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://VVV.mdtxw.org/miniindex/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 13037
Content-Type: text/html
Last-Modified: Mon, 14 Apr 2014 11:01:30 GMT
Accept-Ranges: bytes
ETag: "06194e3d057cf1:416"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 05:37:03 GMT
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "htt
p://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xm
lns="hXXp://VVV.w3.org/1999/xhtml"><head><meta http-equiv=
"Content-Type" content="text/html; charset=GBK">..<title>mini
_509_366</title>..<base href="." target="_blank" />..    .
.<style type="text/css">../*....*/..html,..body{ overflow:hidden
; }..body,div,dl,dt,dd,ul,ol,li,h1,h2,h3,h4,h5,h6,form,input,textarea,
p,th,td,button { padding:0; margin:0;}..input,label,select,option,text
area,button { font:12px/18px Simsun, Helvetica, Arial, sans-serif; }..
table { border-collapse:collapse; border-spacing:0; }..ul { list-style
:none; }..img { border:none; }..button { cursor:pointer; }..input,text
area { font-size:12px; }..body { font:12px/18px Simsun, Helvetica, Ari
al, sans-serif; text-align:center;}..a { text-decoration:none; color:#
333333; }..a:hover { text-decoration:underline; color:#BD0A01; }..::se
lection {background-color:#669800;color:#FFFFFF;}..::-moz-selection {b
ackground-color:#669800;color:#FFFFFF;}...list_pic li.noMargin{margin:
0}../*global*/...more,...home,...at_me { display:inline-block; }...wb_
ico { background-position:right 3px; padding-right:10px; }...more_box{
 margin-left:4px; position:relative;}...more { width:6px; height:5px; 
position:absolute; left:0;_left:4px; top:3px; background-position:-14p
x -40px; }...vico { background-position:0 -114px; padding-left:23px; }
...vico_right{ padding-right:20px; background-position:right -496p
<<< skipped >>>

GET /miniindex/images/Untitled-2.gif HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 18896
Content-Type: image/gif
Last-Modified: Sun, 13 Apr 2014 02:21:34 GMT
Accept-Ranges: bytes
ETag: "0cbe616bf56cf1:416"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 05:37:05 GMT
GIF89a..s....SE3...mWG....vU.eF........ivcO....tGW6$TOH..V.ZD.f8.W8.ye
I ...\H3$....gE.......fD..Y..j.fH)...T9.......Z8.....z........de;)..f.
..dG6..swI5.tK....zS.....a....qF%"..wV.{fxT;5%...v..m....vI.......L4..
.fddfB).iV.hS&&!82%......wC .b>........d. ............r..Y4* ......
..i....pY.....j..c....(!wvu.|[..b.H ..t..u...E) .kR.kG.]@eR;..r.......
.o.......|O......H:0...U;..zR........d.....l..k..b..q%4#643.....j.|\..
..L1;A/.V-..{.....c.....z.....J.....|..l....rP...zsd.....O..p.......lM
..a....~S.oL{_;g4.sj`.R0.s[@...pPzT-S.!..~.L,..}........k;....[s>..
.>....._.....}.....i..]fO-.........b\]..n..X.t\........."......{aH@
@.._BDA...4..&7-4-,`gb.........qprllm.................................
.............J .oN...w{|........._^Z..p........{......... ,(..........
..34>..pmui.........!..NETSCAPE2.0.....!.......,......s......L.!...
...........Y...C......B..A..\N.$.J.IQkD.H....(... .'[email protected]
f.v..]......N....-[....d.&. ..`....5...^......B1X..u.%"..g,.......]N.(
D.....R.L..e..3...e.....2k......<A.,..A.k*....-.<...m.F..9......
.......:q.KC.rO........Xt...:.7....S.d.Q..4...SO.<2w.z........Y....
.b.qm-..1.^.........e.4.$b0B.q!a!!.]p!.sk...Fl`........4t`b..]BJ...a.y
........^..4..'.hs.X....<.pe................\.qa%HXp.\.ehqJ.....u.i
Y..4..&.D$pI...H.f4.I#[email protected]&..Y.t.d.'0(...I.!..u...;H
G]ue.F.w$iq...4PC...........hv..YQQ..S;#..[.W)@...*..5L.....H(Fq.b...W
2W.....iF.p.*G..!.,Z.*@.Q.G.O..%..s...h...E$.. ....q....k,X.....'H...r
Q...qU.......F.^...rQ..,.hq.1..d'f2v&T....2Q=E.....ZC=........U..`
<<< skipped >>>

GET /miniindex/images/Untitled-3.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 31591
Content-Type: image/jpeg
Last-Modified: Sun, 13 Apr 2014 02:27:26 GMT
Accept-Ranges: bytes
ETag: "0bbb5e8bf56cf1:416"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 05:37:05 GMT
......JFIF.....H.H.....ZExif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................H.......H
....Adobe Photoshop CS Windows.2014:04:13 10:27:24....................
.....................s...........................................&.(..
...............................$.......H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................p...."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'[email protected]@..... [b..*.X$d.9......U.f.
@.o...%.*e9.QX.U.....K.....B>..-... .|T....|.b.h.........Bh.#.....-
..rp.RZ..eZ..i..5>.....M...5Y.O#..h.b.............R...).G-.W.P6.Ic^
..cG%.....*..g..v3X.ki9...].....H.a=......Os.l3'e.i.m...........(.....
}.;?...O........]^.......`q5.l.5m6..w.?5v~..[.........{...>........
....X....Sus.`..o..E.....El.F......#>...4..t .....:@..._^[email protected].
v....B...)..,.5a%n.s.......B.....:.{.........[...O>yR.....p.J..f...
....?h...uF..../...j....W:?jPO..'.eG.x..{.N.....].h.....U....gw...*...
.C.B...)....z.......`.l..t....C..fu..0.OM..X.... g.K...R.;>.....U&.
;]c.....,.s......qjy........O.....P3.....i..u.....{...............
<<< skipped >>>

GET /miniindex/tj.js HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 279
Content-Type: application/x-javascript
Last-Modified: Thu, 10 Apr 2014 18:44:12 GMT
Accept-Ranges: bytes
ETag: "0665eddec54cf1:416"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 05:37:05 GMT
var cnzz_protocol = (("https:" == document.location.protocol) ? " http
s://" : " hXXp://");document.write(unescape(""));<
/font>....


GET /miniindex/inc/min.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 1080
Content-Type: image/png
Last-Modified: Thu, 10 Apr 2014 17:05:46 GMT
Accept-Ranges: bytes
ETag: "0511e1ddf54cf1:416"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 05:37:05 GMT
.PNG........IHDR...l.........u.......tEXtSoftware.Adobe ImageReadyq.e&
lt;....IDATx....k.Q...kfwf...F.B........ ..6.Z(.[..../..F.,l,E.". "./P
.....M.....}x...........i...9.|.~w.../..C.>FBIdq.....O?L.;...P.*..p
...WS.6._..^d..}.._..............D.. .*H.>.r)V.*k...k.kc.S........_
D.-..BJ.$...G...Y.\......lX.1D.......Z0H.\..*L..59B...... ...:CV0$a>
;...e....V3Q.g.`].$5.P........(.`....I...JlX:..7.U.#.X.....>K'..!..
Rj.!.&.k. ../#p.VY....-.tHLT..3#Q..D.GD...IL2;.q%-W$uK...D.> ....G.
...q....nY..QNK^j...Y.......b.f..0*.|.n.<.t|zP.c.g.0.K.. .R........
.=>... .../....8.t...H.).4.I. L.$.90s.3....S_:... ..<Hak5$yqz0.5
K.M....q4.g..........).d7..w......q.. h.M...*N...f...b..Gn=..<.}...
..&..~...B..~...y.D8.U2]/8.`%.E.F..l....~. .G..(l...L.JU.5.,=N.%..".2.
<[email protected].....=....C.h..~.z..qfU..*....#......o..8..a..<.....
*.b.0'Ga.........G..].jB.3}p1_i...6..J..)a......9Zf.k.b.|..6.J...a....
..^.G......j.u>........Q.5.u.....6....0%....Y..V..Q..K.RGj....a..&g
t;.../.....m.<..E..b.....d.{...s.L. -...$..6`?......<.[pKN.Rj..X
X4.... ;.N.'7..a.$6X3{..(.`z............[.?g.ab..z..U.....'d...B.;....
IEND.B`.....


GET /miniindex/images/b13.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/xinwen.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 42296
Content-Type: image/jpeg
Last-Modified: Mon, 14 Apr 2014 07:47:34 GMT
Accept-Ranges: bytes
ETag: "0affbcbb557cf1:416"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 05:37:06 GMT
......JFIF.....H.H.....[Exif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................H.......H
....Adobe Photoshop CS Windows.2014:04:14 15:47:34....................
.................................................................&.(..
...............................%.......H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................f...."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?..8........~.........A...^ ..6.i...
.....gf.m#X......:.`........5..........*.[cg71.\]..'.sO.....:m.H....{.
r....Ob.H....e...,x.@.%.......[..-=.<=...2A...2}...=...Z.....kI.?.P
{.s..eOi<..IL)..Z...?...mi..i.((..E.....{QI..4.~W...9......l..\#...
e....m.y;t". ecn.....u..W...cfD.l..p%X....Yfb,..v5..<9..:Dr%B...{.i
[email protected]#S.......`...G?I....P...P).#!d0...F.:W...m.6......I.V.
...40...Z.. ...O.o...........%.......TI.*.v.....Y...%...5..}?Y....h,.o
;.....)n.5...t2u.5....-..k@-....$.F.v..J....'Yk.O..]*.-.X]..4.......a*
....E... .....S~g...,.D4=WF$..uL,.[n.......i"=.\._N.O.p....H.O.......u
..T-...*....$......*hv%./..;.^....A.??.. ._.#h.......>......U.}
<<< skipped >>>

GET /miniindex/images/b15.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/xinwen.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 38304
Content-Type: image/jpeg
Last-Modified: Mon, 14 Apr 2014 07:58:46 GMT
Accept-Ranges: bytes
ETag: "0bf865cb757cf1:416"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 05:37:06 GMT
......JFIF.....H.H.....>Exif..MM.*.............................b...
........j.(...........1.........r.2...........i.................H.....
..H....Adobe Photoshop CS Windows.2014:04:14 15:58:46.................
....................................................................&.
(.........................................H.......H..........JFIF.....
H.H......Adobe_CM......Adobe.d........................................
......................................................................
...................................f...."................?............
..............................................................3......!
.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'..
.............Vfv........7GWgw........................5.....!1..AQaq"..
2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F............
...Vfv........'7GWgw.................?....Ny)*..Jb..RS..T..IH.....%...
......=l..i<.......{..?z......w..2...{}...........'.S..-..e_b6XH!..
....WzV{..jt...............?Q.6N.rn........W..?X...t....)m7. .Iq.....7
.s.....h..S,"fk.]].#E...$...X.).r....1R*%%1L.S$.....d.UY.....6..A.i..m
{....z.:..Y....l,.`k.C...3.Qg.........oV...g...........MZ..{.a........
.Z....... y..fQc3k.%......67_.....clg. A.~...A.(b2<W.d..."=.bTJ)...
?r....?qR.<...K.........4.k...]7.:.v.......nf.=..]F{.02K.`T.dx4.n..
....".w..GVD...h.D...2..3..>;/...."@.........)~=N...{@.{...=..w.!.7
..Y.....vz.eU....V...s_.s....N{)....S0.W;.>..;~....v.&V...fc./g.k`.
f..q.z..'.*x.~.j1.YHt.....ng `....D.K^/SQ1R*%\s.*%H..T..).b....$..
<<< skipped >>>

GET /miniindex/images/b16.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/xinwen.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 43598
Content-Type: image/jpeg
Last-Modified: Mon, 14 Apr 2014 08:01:35 GMT
Accept-Ranges: bytes
ETag: "801942c1b757cf1:416"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 05:37:06 GMT
......JFIF.....H.H......Exif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................H.......H
....Adobe Photoshop CS Windows.2014:04:14 16:01:34....................
.................................................................&.(..
.......................................H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................f...."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?..{..h....iku..C.v..8D.. 1...5'r.5.
.}....)T.....sv...'E'....'D.T....?w..j.....8l....]...c...G........C.Ce
.DhH.0....L.N.......;..H........F..s..v...A...._...ICu.v.vC.F0>.;..
.......;.c6.....t~.^NCr^.|:X.k.....&.R..k=/O....'. .~...|..l..9..-.#A.
.O...5ut............c.` ...c.^..&(e=H.."46G...]g.=.8Y./...V..z.6~.. ..
1.G._N.z....U..U.`...O.f.o{e..[K..............]n}..u..^..m..-l.5..t?..
.k.. w....."..-.....:.....^........t...........Sv......5._c.!.....s. .
Kk.m..kO..v.{N.b...}......A.......I..1.h..!...&O.W..._........C..T....
.....gJ..X.."!:........{........?.]..;.V.'B..T9.X.{....".[..."..3}.]. 
Y.....g.*9..G<}....P.uE.7*.....q.....?h.......O'.[t<.....V..
<<< skipped >>>

GET /miniindex/images/b18.JPG HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/xinwen.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 23977
Content-Type: image/jpeg
Last-Modified: Mon, 14 Apr 2014 08:14:46 GMT
Accept-Ranges: bytes
ETag: "01fbb98b957cf1:416"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 05:37:06 GMT
......JFIF.....H.H......Exif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................H.......H
....Adobe Photoshop CS Windows.2014:04:14 16:14:46....................
.........l...........A...........................................&.(..
.......................................H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................A.l.."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?..w=.Ku vX...~U..p.iM.....ec...'r..
...g.:...N.e.].^...v=O?E.7}t..%..i.8.C...D.t.a...%...........?$.-.k...
.F...K{~sTs....4........].d/L3...N..R<...T.2F2......;..nt..Y..4....
W.....C|..;.}z......H.. o.a...K}.z.I........X...CuN..w}N..5..o..`...k.
......7...?GN....-.;[email protected].'.|.8...#,....8&v.a.Ay......
?=....W.W......KA.}.WG..W[.:.u.....^K....4h...........5..->.\d.....
.R..L..w.... G....q.....)......W.,..2..l........52..g}..L..?[..O..Sg.?
......}......G.X....C..f.N...b6}/..#..xA..`....u.>O...,..4...y..v5.
Y]...RK...t..R....].y..M...>.. .c?7.2...n{..Y.CI..O....f.g..l..."h.
.....5/[email protected]..^...u.;...1..........kk.[.j.......3
<<< skipped >>>

GET /miniindex/inc/style.css HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/meinv.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 3717
Content-Type: text/css
Last-Modified: Thu, 10 Apr 2014 16:40:38 GMT
Accept-Ranges: bytes
ETag: "0c7479adb54cf1:416"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 05:37:07 GMT
*{margin:0px;padding:0px;}..html,body {overflow: hidden;}..body {font:
 12px/18px Simsun, Helvetica, Arial, sans-serif; text-align: center; f
ont-size-adjust: none; font-stretch: normal;}..ul ,li{list-style: none
;}..a {color: rgb(51, 51, 51); text-decoration: none;}..a:hover {color
: rgb(189, 10, 1); text-decoration: underline;}..a,img{border:0px;}...
focus_filter {left: 0px; width: 100%; text-align: center; bottom: 0px;
 display: block; position: absolute; z-index: 3; cursor: pointer;}...f
ocus_filter {background: rgb(0, 0, 0); height: 21px; z-index: 1; opaci
ty: 0.6; -moz-opacity: 0.6;}...main {background: rgb(255, 255, 255); p
adding: 14px 0px 0px 14px; width: 509px; height: 352px; text-align: le
ft; float: left; position: relative; -ms-zoom: 1;}...main_left {backgr
ound: rgb(255, 255, 255); width: 222px; overflow: hidden; padding-righ
t: 20px; float: left;}...product_yl .list_news_yl1 {padding: 4px 0px; 
margin-bottom: 3px; border-bottom-color: rgb(139, 140, 140); border-bo
ttom-width: 1px; border-bottom-style: dotted;}...mod_left {margin-top:
 10px;}...list_pic {width: 222px; overflow: hidden; -ms-zoom: 1;}...li
st_pic ul {width: 232px;}...list_pic li {margin-right: 10px; float: le
ft;}...list_pic li a {padding: 2px; border: 1px solid rgb(221, 223, 22
2); width: 100px; float: left;}...list_pic li a img {width: 100px; hei
ght: 65px;}...list_pic li a span {height: 19px; text-align: center; pa
dding-top: 6px; display: block; cursor: pointer;}...list_pic li a:hove
r {text-decoration: none;}...list_pic li a:hover img {text-decorat
<<< skipped >>>


GET /pv.gif?uigs_productid=daohang&rdk=1401497012457&img=pv.gif&pars=?rand=1401497012457&suid=null&sduv=1401497012410_8083_00001&ckid=1809_00001_00000_9903_00000_00000&m=null&apid=null&sgtp=null&refer=&page=&pageUrl=http%3A%2F%2F123.sogou.com%2F%3F22014&loc=null&hp=-1&pid=Af22014&ptype=index&pcode=index&yyid=null&skin=null&ver=v53_ie6_dr__4&sys=100&ser=null&sev=null&time=3422 HTTP/1.1
Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: pb.sogou.com
Connection: Keep-Alive
Cookie: GOTO=Af22014


HTTP/1.1 200 OK
Server: nginx
Date: Sat, 31 May 2014 05:36:38 GMT
Content-Type: text/xml
Content-Length: 0
Connection: keep-alive
Set-Cookie: SUV=00CB499AB86B262653896A663C256764; expires=Tue, 28-May-24 05:36:38 GMT; domain=.sogou.com; path=/
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
....


GET /pv.gif?uigs_productid=ufo&ufoid=wan&ptype=jztf2&pcode=index&rdk=1401497014832&img=pv.gif&sourcelist=0011000100006_0011000100007_0011000100008_0011000100009_0011000100010_0011000100011&titlelist=热血沙城_风云无双_仙侠道_大闹天宫OL_万世_Sogou傲剑2 HTTP/1.1


Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: pb.sogou.com
Connection: Keep-Alive
Cookie: GOTO=Af22014; SUV=00CB499AB86B262653896A663C256764


HTTP/1.1 200 OK
Server: nginx
Date: Sat, 31 May 2014 05:36:40 GMT
Content-Type: text/xml
Content-Length: 0
Connection: keep-alive
....


GET /pv.gif?uigs_productid=ufo&ufoid=daohang&ptype=indexv53&pcode=index&rdk=1401497020457&refer=&page=搜狗网址导航--网址大全,实用网址,尽在123.sogou.com&pageUrl=http://123.sogou.com/?22014&img=pv.gif&vcode=v53 HTTP/1.1


Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: pb.sogou.com
Connection: Keep-Alive
Cookie: GOTO=Af22014; SUV=00CB499AB86B262653896A663C256764


HTTP/1.1 200 OK
Server: nginx
Date: Sat, 31 May 2014 05:36:46 GMT
Content-Type: text/xml
Content-Length: 0
Connection: keep-alive



GET /web/welcome_cn.htm?ver=2.4.1.9&guid=a44872011f4bb20691dfedc12bc633c760f9c1caf181410db755a78f948f4d0a1401497006&lastver= HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: VVV.fjmjm.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 1469
Content-Type: text/html
Last-Modified: Thu, 17 Apr 2014 15:55:27 GMT
Accept-Ranges: bytes
ETag: "80414a73555acf1:416"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 05:36:32 GMT
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">.
.<html>..<head>..<meta http-equiv="Content-Type" conten
t="text/html; charset=gb2312">..<title>................</t
itle>..<link href="newioage.css" rel="stylesheet" type="text/css
">..</head>..<body>..<p> </p>..<tab
le width="712" height="49" border="0" align="center" cellpadding="0" c
ellspacing="0">..  <tr>..    <td background="images/guide_
top.jpg"><table width="550" align="center">..        <tr&g
t;..          <td class="t14"><font color="#C8E2FF"><st
rong>................</strong></font></td>..     
   </tr>..      </table></td>..  </tr>..</t
able>..<table width="712" height="350" align="center" background
="images/texture.gif" bgcolor="#FFFFFF">..  <tr>..    <td 
valign="top">..<table width="500" align="center">..        &l
t;tr>..          <td><p class="t14"> </p>.. 
           <p class="t14"><font color="#D38C45" size="4">&
lt;strong>..............................</strong></font>
;</p>..            <p class="t14">........................
..................................................................<
/p>..            <p class="t14"> </p>..           
 </td>..        </tr>..      </table>..      <tab
le width="500" align="center">..        <tr> ..          
<<< skipped >>>

GET /web/images/texture.gif HTTP/1.1


Accept: */*
Referer: hXXp://VVV.fjmjm.com/web/welcome_cn.htm?ver=2.4.1.9&guid=a44872011f4bb20691dfedc12bc633c760f9c1caf181410db755a78f948f4d0a1401497006&lastver=
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: VVV.fjmjm.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 11841
Content-Type: image/gif
Last-Modified: Thu, 17 Apr 2014 15:36:33 GMT
Accept-Ranges: bytes
ETag: "80965fcf525acf1:416"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 05:36:33 GMT
GIF89a..^.............................................................
......................................................................
.................................................................!....
...,......^......pH,....r.l:...tJ.Z...v..z...xL.....z.n....|N.....~...
......................................................................
...............................................................H......
*\......#J.H.....3j...... C..I....(S.\[email protected]...
.H.*].....P.J.J....X.j......`...K....h..].....p...K....x............L.
..... ^......#K.L.....3k.......C..M.....S.^......c..M.....s...........
N...... _.......K..`.\..p@......!....}{..E..h......q.(..=..! h........
G.}5...~.$.C}X`7.........H.J....v.*X..........7!y>...y.^.R..v(...a.
.{. ..~...@.>....-.h...q.d.4....B6......$.V^9...e....e.#..]..xE2.d.
Y.....p..._v..|...$.V.G^.V....nf).BH*...E.Gc..Nq#yqn.^...0A...z(A."hg.
#"....Jq..`....@...@H..$.L..d.K.H^.c.H....jO...)&.I.......B.!......h..
.M..x.>.evi.`......m;.....TD ..K....^....8L0............g..D.8R....
l*.;.......'.{[email protected]<........Z._.K.{/.-.h.....n...l..V...{...o...`
[email protected]./|. ....581.Iv....D.A.,.._.P
..A......M.... .x>....vj-...|.t..6K(....1.k.....tN.1z.........Y....
..n.:..T...z.>L..~....".....O....A..Z.}..=T_........3.... /...\. |.
.?.../......p......-.P.....}2..S....F}.}........d`=.K..%x.".M~.._.&...
....[..|A&.T.|.L.......O.([email protected]"...<..
.F=....H.*....3...h=....!.A...5'[email protected]....
<<< skipped >>>

GET /web/images/guide_top.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.fjmjm.com/web/welcome_cn.htm?ver=2.4.1.9&guid=a44872011f4bb20691dfedc12bc633c760f9c1caf181410db755a78f948f4d0a1401497006&lastver=
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: VVV.fjmjm.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 5936
Content-Type: image/jpeg
Last-Modified: Thu, 17 Apr 2014 15:48:06 GMT
Accept-Ranges: bytes
ETag: "0ff6e6c545acf1:416"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 05:36:33 GMT
......JFIF.....d.d......Ducky.......P......Adobe.d....................
......................................................................
.......................................................1..............
......................................................................
.......!1A.Qa.q.......2..."Rb3.B#C.rS....cD.........................!1
AQ..aq......."2.b..............?..k._..W..Sn.G..........s..."..Q3&....
...~.W...u.c...}...~.m...u.{.c.....!$}{..E=A......v.^C....].y....J\.d{
.>o............u..lg....O..?[...I..6o........~..I....m....G#.....{%
c.._......`i..~..:t.....}'.....\...M~.f....g.....z...:..)...{...v...m.
.<.$x..>7.....q5..v.;......Mv.\y...L[......m5..o...#.W.x.\qK'...
...].n.o.v>X`....w.V...._;G&.~...~.......G.Q.zQ.....,.JA.<\IY...
.og..<.5.h.[.W5.LN......s'....$..XP. &....S...........q........`.A.
..aC...H5...6A.%.......'...VL...&8...6Li..R.G.Z.O...T..(....w.l..a....
.-...P...2.O.....e...C.\{..l.xc....L.~..m.3...Y.....X.7L{.........l...
...#.Y ....p.#Sv..O.G0..n.../f...&....o.....k...!{u....N7.........."..
|B..kn.t.......~M..o...v...6,q..\..G.../ge.hk.b....>..7.G.......z.R
....n....|......\..\@.....SVg.sW.5fu....j..M.....Y];...9...v8. .......
.Y.;.......>l.#>*......b.;.v8... ] ..R.....X..HJ. .!......<.[
%.....(.!=...^N.......%...K./".-../$.jZX.};........t.NG5.......2rB.R(^
P.....n..|a....4..".$...x..v\ ..<..s.?Pz..........6..I..h.y..kI.sF.
..A ...........vL.....N.mn .......p..C0..5..&..5..@:..:.....&..a..-b.,
...L.}..6.'....I.........]V..v.........N..........^../.......CwF;}
<<< skipped >>>


GET /web/PopWinParam.asp?d=2014419&mainver=1.0.0&popver=1.0.0&xmlver=20131020010000 HTTP/1.1
User-Agent: hello crazyk
Host: stat.fjmjm.com


HTTP/1.1 200 OK
Date: Sat, 31 May 2014 05:36:40 GMT
Server: Microsoft-IIS/6.0
Who: ShanIE
Content-Length: 4659
Content-Type: text/html
Set-Cookie: ASPSESSIONIDACSSDCBR=NKKOEGAAPENKOOBMGHIOMHBJ; path=/
Cache-control: private
..<?xml version="1.0" encoding="gb2312"?>..<SoftwareConfig>
;..  <Version>20140531133640</Version>..  <Popwin>..
.    <Item id="1">..      <Subject>........</Subject>
;..      <WinWidth>708</WinWidth>..      <WinHeight>
404</WinHeight>..      <StartUpPosition>0</StartUpPosit
ion>..      <URL>hXXp://VVV.mdtxw.org/miniindex/</URL> 
..      <StartUpTime>10</StartUpTime>..      <ShowIntev
al>7200</ShowInteval>..      <AutoClose>600</AutoClo
se>..      <isShow>1</isShow>..    </Item>..    &
lt;Item id="2">..      <Subject>........</Subject>..   
  <WinWidth>300</WinWidth>..      <WinHeight>265<
/WinHeight>..      <StartUpPosition>1</StartUpPosition>
..      <URL>hXXp://stat.fjmjm.com/a/cpv1.html?t=20140531133640&
lt;/URL> ..      <StartUpTime>50</StartUpTime>..      &
lt;ShowInteval>0</ShowInteval>..      <AutoClose>50<
/AutoClose>..      <isShow>1</isShow>..    </Item>
;..    <Item id="3">..      <Subject>....LB</Subject>
;..      <WinWidth>300</WinWidth>..      <WinHeight>
265</WinHeight>..      <StartUpPosition>1</StartUpPosit
ion>..      <URL>hXXp://stat.fjmjm.com/a/cpv1.html?t=20140531
133640</URL>..      <StartUpTime>200</StartUpTime>..
      <ShowInteval>7200</ShowInteval>..      <AutoC
<<< skipped >>>


GET /app.gif?&cna=g1gQDHTLIRQCAbhrJiaCNLty HTTP/1.1
Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Connection: Keep-Alive
Host: pcookie.cnzz.com


HTTP/1.1 200 OK
Server: Tengine
Date: Sat, 31 May 2014 05:37:08 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
P3P: CP="NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV"
Set-Cookie: cna=g1gQDHTLIRQCAbhrJiaCNLty; expires=Tue, 28-May-24 05:37:08 GMT; path=/; domain=.cnzz.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Pragma: no-cache
GIF89a.............!.......,...........L..;....


GET /app.gif?&cna=hFgQDJQD1yMCAbhrJiZnLvFl HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/xinwen.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: pcookie.cnzz.com
Connection: Keep-Alive
Cookie: cna=hFgQDJQD1yMCAbhrJiZnLvFl


HTTP/1.1 200 OK
Server: Tengine
Date: Sat, 31 May 2014 05:37:10 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
P3P: CP="NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV"
Set-Cookie: cna=hFgQDJQD1yMCAbhrJiZnLvFl; expires=Tue, 28-May-24 05:37:10 GMT; path=/; domain=.cnzz.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Pragma: no-cache
GIF89a.............!.......,...........L..;..



GET /jsn/citydata.js HTTP/1.1
Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: d.123.sogou.com
Connection: Keep-Alive
Cookie: ipt=0; SDUV=1401497012410_8083_00001; CKOR=1809_00001_00000; CKOD=9903_00000_00000; GOTO=Af22014


HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Sat, 31 May 2014 05:36:39 GMT
Content-Type: application/x-javascript
Last-Modified: Wed, 19 Sep 2012 10:54:17 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
5c2b............m.Yo[I...W.t..o{......'7............-.[.Z6EJ.G..(R.G..
..gK...(w..~-.g..._:....U.j..U.V.........._....o....?.........?.s.....
......s.......wZ......4Y^..K....>..e.n.nv.[@..v..<.o.].S....>
.....]d...4..LU]...7S..9...d.z.2........*..U..T..x~.y.&.!.3...x......y
....y....%.Y.W........S.s.yv. ,.2.,.M..7..k9=..|....WT..........>g.
......7..M>'..F..~_......~_...Q.>.3.Lssk.....M.....b......q5....
..Bx.6.c0......{........z...T./...-...........2.,<..(..pExy>..U.
...x..)..In..0.Q8;.P...*.........q.Y.........X..=...Y_9..bl.w?m.16....
....~....xw.l\....~..L7.{...l.6C..v.`M....n..%..F......O.~......Y....f
l...R....O....f..P.........'........ly%...\.L...9..\..a..=.V.....u3...
........W.......f.Fm..B:....?.?T..q........m.].LFj....~..Lwq..C......M
.Y..6.K......T.....FT..l..P....m....n...}..fl.r.b....5...XQtGT..).h.bG
..\[email protected].#..xffA]...v......I)/\...v'....:..........
q....Z..)...Z.rK..8.zV.F.....n.....r&;..n.q.......6...H..i=.-.&.5.Msu.
.,.........b...r..KY9.......J...Q.8.....bl..P...s.<.|...n......5..G
.j.....9.k,..R.e.%k...0..L.%....5.E...g.].1.y..G........H........a/..-
U.,6k.< .b......U.#.k.....#...<...........z.*.w.........-.z.V...
..........v.m....%z...m..,......h..6..7...../.h..6....k..:JV.z.R.....0
[email protected]....#=hH6p..,..........CLo~r.Fl~F_..TT.....P...G..&.~...i
.z......M:a....;..r..~3b..... .......}.g.\c...AL..L.l..w..]...9...].=j
=........X.2|alV....W........[b..zyc.Z... .......K2...\..X-..........0
.D0~50^..*]........l..Y...f{..<$`K8.8Q..........l.....[.(O.}5..
<<< skipped >>>


GET /imgn/123ie/search_arrow.gif HTTP/1.1
Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: p7.123.sogoucdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Sat, 31 May 2014 05:36:37 GMT
Content-Type: image/gif
Content-Length: 447
Last-Modified: Wed, 25 Jul 2012 09:14:49 GMT
Connection: keep-alive
Expires: Mon, 30 Jun 2014 05:36:37 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
GIF89a................$..................O...........FC...............
QRR...{......{z.......m..li......fff......B...... %.<3.......l2.o.e
l......8.nWz{{58=.J....#r.T.....'....r|......Z.x4....&&'S.z...........
...3......YQ.............El..d,...4?......e...W...e.R}.....v....-.....
.... *.f...vQ...9.h..............b....s..r.....M.{dY.x.....F.IJw..j...
.l...)p]_..6.R...Xeqy2AvcY."y....i.....f..........!.....~.,...........
.~..............x.....x......;..



GET /imgu/2014/05/20140526163043_207.jpg HTTP/1.1
Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: p5.123.sogoucdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Sat, 31 May 2014 05:36:50 GMT
Content-Type: image/jpeg
Content-Length: 5353
Last-Modified: Mon, 26 May 2014 08:30:43 GMT
Connection: keep-alive
Expires: Mon, 30 Jun 2014 05:36:50 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
......JFIF.............0Exif..II*.......1...............VVV.meitu.com.
...C..................................................................
..C...................................................................
....=._...............................................................
}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUV
WXYZcdefghijstuvwxyz..................................................
......................................................................
......w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFG
HIJSTUVWXYZcdefghijstuvwxyz...........................................
.........................................?...:f..&.......L..P[f x..=.`
UF6Z..&~b..b...Z/.e....a..a..|gc.......i2......<..f.....p..{\R....l
...m~.....^/...=..S.U.e`C...6..'.O...ge....O{.M.......gt,|[...nm.BnJ..
.,.4.F~..9.r .U...RV..7...`[email protected]...
.m4........q..J..~......;x..\..R..|ZM.c.^i.2G.F.#.".w*.B.......#vJJR..
.<..?......U.k...C...^Y....A..Ub..V(..>..p;C....I.M...(D.s..%...
es...._..m...{....uuu;.v.....e......s)J..5..|].....Z..|..;..B.!w.Etm.L
..|)..~Tp$&C.r..N.......`...M~....@...:.:..c...q.x|..}...W.Keb.C..|...
.r.....=.?J....<5/.....z..C.h.i.p...........u..u.?...1}......(.. .~
}...L....Q.......5.|k..G.g...ou=n.k...)y$.Y...O/#3.I.$..../{.j.....x..
..m..{.... ....N:...j..D....M...X..s..D..]...F.Ny<..S~.y...:].D...?
....._.....Eol.][$P..x.b.!...3..^d.Jt...{O*.R..Q..l.. .o.$...j.G..gL..
..t..m..w..WS....P].U.R...&.,^aG..B.D.2x8.<...&.'.....q.H...\?.
<<< skipped >>>


GET /img/news_photo/2014/05/29/mE8bXnNioe2802.jpg HTTP/1.1
Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: pic4.xcarimg.com
Connection: Keep-Alive



.%!..RR.Y*...(=;#)..K..;!...F...m..v....;..T.c...JE.fr.......{.).....{
...s....%)kl.m...5..m..U....z.v[y.%..f.S..i.a...:G.jeG....0.,.1.22.'T.
.nsj.u.c.&..64.....8].*....L..,.CR.!iB...d.A..A.....e....W./.....m..-.
...}*)..v.z28......"[email protected]....;.....D..%..E(J..h%...HY.........
RR"F......!...<..$! . ().[...s..".......p...JN....B.m...ze.....{...
S.""^E.h...@7 ..>"..Op7S........%..z............>$.h1....yL.%.!.
..z..O.O.x......[..d..^o...."Ci'.S.-#..Z.O.....L}...q..H.....wg..bC.z.
.>/p.9.4.l..o.rJQ.. ...T.S;}.....>-..h!&m..AJ.....A.'...I._..j..
..0;........B.4.6.......g{..%.!>..Z..Aq.4...).Z....K....d.y.4.^..; 
..L`..._.A...c......$r..PeP(..... .H?h..T(j..l..I......q...Z.....S....
.i?....(;[email protected]([email protected](?..HTTP/1.1 200 OK..Expires: Sat, 30 
May 2015 06:27:43 GMT..Date: Fri, 30 May 2014 06:27:43 GMT..Server: Ap
ache..Last-Modified: Thu, 29 May 2014 03:31:22 GMT..Cache-Control: max
-age=31536000..Content-Type: image/jpeg..Content-Length: 3226..Accept-
Ranges: bytes..Xcar-Cache-Server: imgcache1-HIT..Age: 1..X-Via: 1.1 zj
jx165:8104 (Cdn Cache Server V2.0), 1.1 gl28:5 (Cdn Cache Server V2.0)
..Connection: keep-alive..........Exif..II*.................Ducky.....
..<.....)hXXp://ns.adobe.com/xap/1.0/.<?xpacket begin="..." id="
W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" 
x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00       
 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-
ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.ado
<<< skipped >>>


GET /9.gif?abc=1&rnd=1442167295 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/xinwen.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cnzz.mmstat.com
Connection: Keep-Alive


HTTP/1.1 302 Found
Server: Tengine
Date: Sat, 31 May 2014 05:37:07 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
P3P: CP="NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV"
Set-Cookie: cna=g1gQDN5LYhcCAbhrJiZlSzjH; expires=Tue, 28-May-24 05:37:07 GMT; path=/; domain=.mmstat.com
Set-Cookie: sca=c4d0be8f; path=/; domain=.cnzz.mmstat.com
Set-Cookie: atpsida=30a28126a4ccf6e2e301dc4c_1401514627; expires=Tue, 28-May-24 05:37:07 GMT; path=/; domain=.cnzz.mmstat.com
Location: hXXp://pcookie.cnzz.com/app.gif?&cna=g1gQDN5LYhcCAbhrJiZlSzjH
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Pragma: no-cache
GIF89a.............!.......,...........L..;....


GET /9.gif?abc=1&rnd=1606805613 HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/xinwen.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cnzz.mmstat.com
Connection: Keep-Alive
Cookie: cna=hFgQDJQD1yMCAbhrJiZnLvFl; sca=bb5aa283; atpsida=e72f9d0039c6f3880ba207b8_1401514628


HTTP/1.1 302 Found
Server: Tengine
Date: Sat, 31 May 2014 05:37:10 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
P3P: CP="NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV"
Set-Cookie: atpsida=e72f9d0039c6f3880ba207b8_1401514630; expires=Tue, 28-May-24 05:37:10 GMT; path=/; domain=.cnzz.mmstat.com
Location: hXXp://pcookie.cnzz.com/app.gif?&cna=hFgQDJQD1yMCAbhrJiZnLvFl
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Pragma: no-cache
GIF89a.............!.......,...........L..;..



GET /imgn/v32/selogo_111207.png HTTP/1.1
Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: p4.123.sogoucdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Sat, 31 May 2014 05:36:37 GMT
Content-Type: image/png
Content-Length: 12155
Last-Modified: Wed, 20 Jun 2012 04:23:24 GMT
Connection: keep-alive
Expires: Mon, 30 Jun 2014 05:36:37 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
.PNG........IHDR...a...?.....V.......pHYs................OiCCPPhotosho
p ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE.........
..Q,......!.........{.k........>...........H3Q5...B..........@..$p.
...d!s.#...~<< ".....x.....M..0.....B.\[email protected]..@F....
&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH..
...........0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I.
 [email protected]..._-...."[email protected]~..,/...;.
.m..%..h^[email protected].~<<E.........J.B[a.W}.g._.W.l.~<..
....$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..&
gt;.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..?..
..D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/[email protected]..=p..
a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2...
.G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,..c.
."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.X
H,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,  .......3...!.[.
[email protected].(R.jJ....4..e.2AU..R...T.5.ZB...R.Q...4u.9...IK......h.h.i..t.
....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....J.&
..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.._.
.. .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....).).
.4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....Dw.
n.....^..Lo..y....}/.T.m...G.X...$.....<.5qo<./...QC][email protected]....
..<..F.F..i.\.$.m.m..&.&!&KM.M..RM..).;L;L........5.=1.2.......
<<< skipped >>>

GET /imgn/v32/fbg_about.png HTTP/1.1


Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: p4.123.sogoucdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Sat, 31 May 2014 05:36:38 GMT
Content-Type: image/png
Content-Length: 3580
Last-Modified: Wed, 20 Jun 2012 04:23:24 GMT
Connection: keep-alive
Expires: Mon, 30 Jun 2014 05:36:38 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
.PNG........IHDR.............&u2.....pHYs................OiCCPPhotosho
p ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE.........
..Q,......!.........{.k........>...........H3Q5...B..........@..$p.
...d!s.#...~<< ".....x.....M..0.....B.\[email protected]..@F....
&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH..
...........0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I.
 [email protected]..._-...."[email protected]~..,/...;.
.m..%..h^[email protected].~<<E.........J.B[a.W}.g._.W.l.~<..
....$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..&
gt;.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..?..
..D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/[email protected]..=p..
a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2...
.G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,..c.
."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.X
H,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,  .......3...!.[.
[email protected].(R.jJ....4..e.2AU..R...T.5.ZB...R.Q...4u.9...IK......h.h.i..t.
....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....J.&
..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.._.
.. .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....).).
.4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....Dw.
n.....^..Lo..y....}/.T.m...G.X...$.....<.5qo<./...QC][email protected]....
..<..F.F..i.\.$.m.m..&.&!&KM.M..RM..).;L;L........5.=1.2.......
<<< skipped >>>


GET /core.php?web_id=5645354&t=z HTTP/1.1
Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: c.cnzz.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine
Date: Sat, 31 May 2014 05:37:07 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sat, 31 May 2014 05:37:07 GMT
Expires: Sat, 31 May 2014 05:52:07 GMT
31e..!function(){var a,b,c,d=encodeURIComponent,e="5645354",f="",g="",
h="online_v3.php",i="z12.cnzz.com",j="1",k="text",l="z",m="站
8271;统计",n=window["_CNZZDbridge_" e].bobject,o="https:"=
=document.location.protocol?"https:":"http:",p="0",q=o "//online.cnzz.
com/online/" h,r=[];r.push("id=" e),r.push("h=" i),r.push("on=" d(g)),
r.push("s=" d(f)),q ="?" r.join("&"),"0"===p&&n.callRequest([o "//cnzz
.mmstat.com/9.gif?abc=1"]),j&&(""!==g?n.createScriptIcon(q,"utf-8"):(b
="z"==l?"hXXp://VVV.cnzz.com/stat/website.php?web_id=" e:"hXXp://quanj
ing.cnzz.com","pic"===k?(c=o "//icon.cnzz.com/img/" f ".gif",a="<a 
href='" b "' target=_blank title='" m "'><img border=0 hspace=0 
vspace=0 src='" c "'></a>"):a="<a href='" b "' target=_bla
nk title='" m "'>" m "</a>",n.createIcon([a])))}();...0..



GET /stat/?v=1&ac=setup&name=%original file name%.exe&mac=00-0C-29-D6-C5-9B&md5=ace8fd4527cbb1f50d0250340f929a7e HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
Host: stat.fjmjm.com
Cache-Control: no-cache
Cookie: ASPSESSIONIDACSSDCBR=FKKOEGAACCANBJNHEIGDABHM


HTTP/1.1 200 OK
Date: Sat, 31 May 2014 05:36:24 GMT
Server: Microsoft-IIS/6.0
Who: ShanIE
Content-Length: 3204
Content-Type: text/html
Cache-control: private
..[ShortCut_1]..Desc=360............Hint=360............Name=360......
......URL=hXXp://VVV.jlbnh.com..Icon=ico\360.ico..[ShortCut_2]..Desc=I
nternet Explorer..Hint=Internet Explorer..Name=Internet Explorer..URL=
hXXp://VVV.jlbnh.com..Icon=ico\ie.ico..[SoftWare_1]..Desc=..........Hi
nt=..........Name=F30241_s_0523..URL=hXXp://down.icudi.org:99/F30241_s
_0523.rar..reg=HKLM\SOFTWARE\Baidu\BaiduSd\InstallDir..[SoftWare_2]..D
esc=..........Hint=..........Name=emaaif_70690..URL=hXXp://down.icudi.
org:99/emaaif_70690.rar..reg=HKLM\SOFTWARE\Baidu\BaiduAn\InstallDir..[
SoftWare_3]..Desc=......Hint=......Name=kuping_b_54282..URL=hXXp://dow
n.icudi.org:99/kuping_b_54282.rar..reg=HKCU\Software\Kuping\InstallPat
h..[SoftWare_4]..Desc=..........Hint=..........Name=pczh_98_2..URL=htt
p://down.icudi.org:99/pczh_98_2.rar..reg=HKLM\SOFTWARE\Microsoft\Windo
ws\CurrentVersion\App Paths\Ainqngz3.9.exe\..[SoftWare_5]..Desc=......
..Hint=........Name=-8853_1_mvy..URL=hXXp://down.icudi.org:99/-8853_1_
mvy.rar..reg=HKLM\SOFTWARE\Mnying\Mnyingfiledir..[SoftWare_6]..Desc=..
.... ..Hint=........Name=yxku_s[106]..URL=hXXp://down.icudi.org:99/yxk
u_s[106].rar..reg=HKCU\Software\yxkuBox\InstallPath..[SoftWare_7]..Des
c=......Hint=......Name=xkss_50041..URL=hXXp://down.icudi.org:99/xkss_
50041.rar..reg=HKCU\Software\xuankusoso\InstallMode..[SoftWare_9]..Des
c=....FM..Hint=....FM..Name=setup_3128..URL=hXXp://down.icudi.org:99/s
etup_3128.rar..reg=HKLM\SOFTWARE\YYMusic3\rd..[SoftWare_11]..Desc=....
......Hint=..........Name=BaiduPlayerNetSetup_284..URL=hXXp://down
<<< skipped >>>


GET /imgn/v32/setskinbg.gif HTTP/1.1
Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: p3.123.sogoucdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Sat, 31 May 2014 05:36:37 GMT
Content-Type: image/gif
Content-Length: 397
Last-Modified: Wed, 20 Jun 2012 04:23:24 GMT
Connection: keep-alive
Expires: Mon, 30 Jun 2014 05:36:37 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
GIF89a................................................................
.......................................!.......,............%.di.Y..l.
bp,.tl.x..x.....G)....q.l:...dJ.Z...v..z...xL.....z.n....|N.....~.....
.......................\..............................................
.............................................................H......:X
......#Jd......3j...".. C..I....(G.FX.....,C..;HTTP/1.1 200 OK..Server
: nginx/1.4.1..Date: Sat, 31 May 2014 05:36:37 GMT..Content-Type: imag
e/gif..Content-Length: 397..Last-Modified: Wed, 20 Jun 2012 04:23:24 G
MT..Connection: keep-alive..Expires: Mon, 30 Jun 2014 05:36:37 GMT..Ca
che-Control: max-age=2592000..Accept-Ranges: bytes..GIF89a............
......................................................................
.....................!.......,............%.di.Y..l.bp,.tl.x..x.....G)
....q.l:...dJ.Z...v..z...xL.....z.n....|N.....~.......................
.....\................................................................
...........................................H......:X......#Jd......3j.
..".. C..I....(G.FX.....,C..;....


GET /imgn/v51/new-erweima2.png HTTP/1.1


Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: p3.123.sogoucdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Sat, 31 May 2014 05:36:37 GMT
Content-Type: image/png
Content-Length: 18683
Last-Modified: Mon, 08 Jul 2013 10:16:12 GMT
Connection: keep-alive
Expires: Mon, 30 Jun 2014 05:36:37 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
.PNG........IHDR...,...,........"..H.IDATx....x.U..'.R.D.Q....*...]A.;
".".... 5$.%....I.=....^............?.I\2w.,......'..\....;..s....D...
...H.!.D..H$..D".I$.AH"..$.. $..B.... ...tuu..lcc..=.....}.6v.....S.wb
aa..Dv..[$.|..!.=..9.....d....;......[?w..M..'.l....[.....d.....U.. $.
.B.. $..B.. $..B.. $..B.. $......AH..!|....t.....:.?......c........gi.
....:::.s.p........{^.j.....~X..B1!...g..|.r.9..;W........J......yx>
;>>.sdB.....T..I.bgm.......~.Mu......V.....j....P4.d.........4n.
MEK..1...5.tjjj............O^.h.....F.<..:...!AH....!AH....!AH....!
A.~......yE.H.....!Ax..v..d..............j....U....*.%x..{d:.:.B.._vv.
........."l..$.......OSS...g....y..'......l......rrr..z.@(..3..T<.]
.B......!CT.Ph.d.U. ...2....,.p.....@$::Z.........x.T<A<..!AH...
[email protected].........(.....,l.k.
...7z..N.P^....O.....2R.!.qGA(..$.;.Y.........w[...C........l.qI....,!
AH....!AH.>x..t.@(..!Te%aGA...".....!..QY..Z....5..d....%$..B.. $..
B....N..[o.....^b6.>|.(.._..K?..#[email protected]...={V..
......VVV2/..o.).AOO.y....#?.}l.;Y.V. ...=L._...bqL'..Q*.W..3......J%.
..(AH....!AH....!AH....!AH....!A.i.".....i....G.yDx.......f.....m.....
[email protected].......]]]...N.y...P.ekx.T|P........B.....LK...
......X.....~...b......!AH....!AH....!AH....!AH....!AH....6.C....s...*
....k......2...7O....Lu.?....,..9Sx..b.tv...P.C.F...c....7..y......6l.
6...e6f..|....c(...N~P.F'A.E..A.X..:.(....'T*[email protected]..]G.!AH....!AH.
...!AH....!AH........n..<W.c...c.....&..w1.....{V....;.= .)hjjz
<<< skipped >>>


GET /stat.php?id=5645354 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: s9.cnzz.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine
Date: Sat, 31 May 2014 05:37:06 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sat, 31 May 2014 05:37:06 GMT
Expires: Sat, 31 May 2014 07:07:06 GMT
1f7a..(function(){function l(){this.c="5645354";this.R="z";this.N="";t
his.K="";this.M="";this.o="1401514626";this.P="hzs10.cnzz.com";this.L=
"";this.s="CNZZDATA" this.c;this.r="_CNZZDbridge_" this.c;this.G="_cnz
z_CV" this.c;this.u="0";this.B={};this.a={};this.la()}function g(a,b){
try{var c=[];c.push("siteid=5645354");.c.push("name=" d(a.name));c.pus
h("msg=" d(a.message));c.push("r=" d(h.referrer));c.push("page=" d(f.l
ocation.href));c.push("agent=" d(f.navigator.userAgent));c.push("ex=" 
d(b));c.push("rnd=" Math.floor(2147483648*Math.random()));(new Image).
src="hXXp://jserr.cnzz.com/log.php?" c.join("&")}catch(e){}}var h=docu
ment,f=window,d=encodeURIComponent,k=decodeURIComponent,p=unescape,r=e
scape,m="https:"===f.location.protocol?"https:":"http:",s=m "//c.cnzz.
com/core.php";l.prototype={la:function(){try{this.U(),.this.J(),this.i
a(),this.H(),this.m(),this.ga(),this.fa(),this.ja(),this.j(),this.ea()
,this.ha(),this.ka(),this.ca(),this.aa(),this.da(),this.qa(),f[this.r]
=f[this.r]||{},this.ba("_cnzz_CV")}catch(a){g(a,"i failed")}},oa:funct
ion(){try{var a=this;f._czc={push:function(){return a.C.apply(a,argume
nts)}}}catch(b){g(b,"oP failed")}},aa:function(){try{var a=f._czc;if("
[object Array]"==={}.toString.call(a))for(var b=0;b<a.length;b  ){v
ar c=a[b];switch(c[0]){case "_setAccount":f._cz_account="[object Strin
g]"===.{}.toString.call(c[1])?c[1]:String(c[1]);break;case "_setAutoPa
geview":"boolean"===typeof c[1]&&(f._cz_autoPageview=c[1])}}}catch(e){
g(e,"cS failed")}},qa:function(){try{if("undefined"===typeof f._cz
<<< skipped >>>


GET /imgu/2014/05/20140508103513_537.gif HTTP/1.1
Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: p4.123.sogoucdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Sat, 31 May 2014 05:36:37 GMT
Content-Type: image/gif
Content-Length: 21959
Last-Modified: Thu, 08 May 2014 02:35:13 GMT
Connection: keep-alive
Expires: Mon, 30 Jun 2014 05:36:37 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
GIF89ai......SSS.ww........\.......c;/.W...i......C.hhh.R.............
.........................vE.....................-.......Z...bbb~~~.=..
...]8....t...."*........dd.......A....S............%..............D..=
....DDD.K.....kH.....h...................BB...)1.TZ........$$.SSJJJ.::
...qqqdj..........\c..........4<......4vvv.,,.22.ZZ.......j .......
............nn......ty.>>>....z\lll..........]#....KK........
.....qR.L$....f ............:B...x......................R,......yyyCJ.
...........{.....b%-............mh...n7.....r...JQ.....a'.K..~O.6.....
...}`.....c......lq....}............G.....R$.....p.E...b.....m~...V..^
 .G...z..s.......vW.}Z.G.....P......~.Z0.............9..............D.
@[email protected]'/..>>.K..F.. ....\s..............
XL.....w....,&..f.....h......!..XMP DataXMP<?xpacket begin="..." id
="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/
" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27     
   "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-synta
x-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.ado
be.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/Res
ourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocu
mentID="xmp.did:491CD10DA3D5E311A958EE854ABCD7D0" xmpMM:DocumentID="xm
p.did:4C40E5B5D5E411E3B4278899C73C6A8E" xmpMM:InstanceID="xmp.iid:4C40
E5B4D5E411E3B4278899C73C6A8E" xmp:CreatorTool="Adobe Photoshop CS6 (Wi
ndows)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:9908CF
<<< skipped >>>


GET /app.gif?&cna=g1gQDN5LYhcCAbhrJiZlSzjH HTTP/1.1
Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/xinwen.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Connection: Keep-Alive
Host: pcookie.cnzz.com


HTTP/1.1 200 OK
Server: Tengine
Date: Sat, 31 May 2014 05:37:08 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
P3P: CP="NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV"
Set-Cookie: cna=g1gQDN5LYhcCAbhrJiZlSzjH; expires=Tue, 28-May-24 05:37:08 GMT; path=/; domain=.cnzz.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Pragma: no-cache
GIF89a.............!.......,...........L..;....


GET /app.gif?&cna=hFgQDJQD1yMCAbhrJiZnLvFl HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/meinv.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Connection: Keep-Alive
Host: pcookie.cnzz.com


HTTP/1.1 200 OK
Server: Tengine
Date: Sat, 31 May 2014 05:37:09 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
P3P: CP="NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV"
Set-Cookie: cna=hFgQDJQD1yMCAbhrJiZnLvFl; expires=Tue, 28-May-24 05:37:09 GMT; path=/; domain=.cnzz.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Pragma: no-cache
GIF89a.............!.......,...........L..;....


GET /app.gif?&cna=hFgQDJQD1yMCAbhrJiZnLvFl HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/meinv.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: pcookie.cnzz.com
Connection: Keep-Alive
Cookie: cna=hFgQDJQD1yMCAbhrJiZnLvFl


HTTP/1.1 200 OK
Server: Tengine
Date: Sat, 31 May 2014 05:37:12 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
P3P: CP="NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV"
Set-Cookie: cna=hFgQDJQD1yMCAbhrJiZnLvFl; expires=Tue, 28-May-24 05:37:12 GMT; path=/; domain=.cnzz.com
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Pragma: no-cache
GIF89a.............!.......,...........L..;..



GET /dh/dhrc/rec.do?block=gamev2&jsonp=__yx2q&t=1&_stamp=1401497011098 HTTP/1.1
Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: wan.sogou.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Sat, 31 May 2014 05:36:40 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 374
Connection: keep-alive
Set-Cookie: SSUID=26266BB8652C6C217A2B48777310A427; expires=Fri, 26-May-34 05:36:40 GMT; path=/
Set-Cookie: IPLOC=CA; path=/
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
__yx2q([{"gid":"123","title":"............","source":"0011000100006"},
{"gid":"212","title":"............","source":"0011000100007"},{"gid":"
181","title":".........","source":"0011000100008"},{"gid":"86","title"
:"............OL","source":"0011000100009"},{"gid":"178","title":"....
..","source":"0011000100010"},{"gid":"215","title":"Sogou......2","sou
rce":"0011000100011"}]).HTTP/1.1 200 OK..Server: nginx..Date: Sat, 31 
May 2014 05:36:40 GMT..Content-Type: text/plain; charset=utf-8..Conten
t-Length: 374..Connection: keep-alive..Set-Cookie: SSUID=26266BB8652C6
C217A2B48777310A427; expires=Fri, 26-May-34 05:36:40 GMT; path=/..Set-
Cookie: IPLOC=CA; path=/..P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UN
I PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"..__yx2q([{"gid":"123","
title":"............","source":"0011000100006"},{"gid":"212","title":"
............","source":"0011000100007"},{"gid":"181","title":"........
.","source":"0011000100008"},{"gid":"86","title":"............OL","sou
rce":"0011000100009"},{"gid":"178","title":"......","source":"00110001
00010"},{"gid":"215","title":"Sogou......2","source":"0011000100011"}]
)...



GET /miniindex/ HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 10093
Content-Type: text/html
Content-Location: hXXp://VVV.mdtxw.org/miniindex/index.html
Last-Modified: Thu, 22 May 2014 11:22:12 GMT
Accept-Ranges: bytes
ETag: "684ac813b075cf1:416"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 05:36:59 GMT
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "htt
p://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xm
lns="hXXp://VVV.w3.org/1999/xhtml">...<head>....<meta http
-equiv="Content-Type" content="text/html; charset=gb2312">....<m
eta http-equiv="Cache-Control" content="no-cache">....<meta name
="robots" content="noindex, nofollow,nosnippet,noarchive,noodp">...
.<title>..........</title>....<link href="inc/stylemini
.css" rel="stylesheet" type="text/css">....<script src="inc/jque
ry-1.7.2.min.js" type="text/javascript"></script>....<base
 target="_blank">..<script type="text/javascript"> ..<!-- 
..//..........//document.oncontextmenu=function(e){return false;}..//.
...........var cusi=0;..var tiaozuan=1;..var timer;..//..............v
ar bq_array = new Array();..//........,....id,........url,............
(1....,..............class) ......url ......bq_array.push(["....","0",
"","0","","0"]);..bq_array.push(["....","105","hXXp://VVV.jgtj.com.cn/
ll","0","xinwen.htm","0"]);..bq_array.push(["....","101","hXXp://VVV.j
gtj.com.cn/ll","0","nvxing_509_366.htm","0"]);..bq_array.push(["....",
"102","hXXp://VVV.jgtj.com.cn/ll","0","lieqi_509_366.htm","0"]);..bq_a
rray.push(["....","100","hXXp://VVV.jgtj.com.cn/ll","0","shehui_509_36
6.htm","0"]);..bq_array.push(["....","120","hXXp://VVV.jgtj.com.cn/ll"
,"0","jiankang_509_366.htm","0"]);..bq_array.push(["....","130","http:
//VVV.jgtj.com.cn/ll","0","meinv.htm","0"]);..bq_array.push(["....
<<< skipped >>>

GET /miniindex/inc/jquery-1.7.2.min.js HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 91342
Content-Type: application/x-javascript
Last-Modified: Thu, 10 Apr 2014 16:44:10 GMT
Accept-Ranges: bytes
ETag: "069a418dc54cf1:416"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 05:37:00 GMT
/*!. * jQuery JavaScript Library v1.6.1. * hXXp://jquery.com/. *. * Co
pyright 2011, John Resig. * Dual licensed under the MIT or GPL Version
 2 licenses.. * hXXp://jquery.org/license. *. * Includes Sizzle.js. * 
hXXp://sizzlejs.com/. * Copyright 2011, The Dojo Foundation. * Release
d under the MIT, BSD, and GPL Licenses.. *. * Date: Thu May 12 15:04:3
6 2011 -0400. */.(function(a,b){function cy(a){return f.isWindow(a)?a:
a.nodeType===9?a.defaultView||a.parentWindow:!1}function cv(a){if(!cj[
a]){var b=f("<" a ">").appendTo("body"),d=b.css("display");b.rem
ove();if(d==="none"||d===""){ck||(ck=c.createElement("iframe"),ck.fram
eBorder=ck.width=ck.height=0),c.body.appendChild(ck);if(!cl||!ck.creat
eElement)cl=(ck.contentWindow||ck.contentDocument).document,cl.write("
<!doctype><html><body></body></html>");b
=cl.createElement(a),cl.body.appendChild(b),d=f.css(b,"display"),c.bod
y.removeChild(ck)}cj[a]=d}return cj[a]}function cu(a,b){var c={};f.eac
h(cp.concat.apply([],cp.slice(0,b)),function(){c[this]=a});return c}fu
nction ct(){cq=b}function cs(){setTimeout(ct,0);return cq=f.now()}func
tion ci(){try{return new a.ActiveXObject("Microsoft.XMLHTTP")}catch(b)
{}}function ch(){try{return new a.XMLHttpRequest}catch(b){}}function c
b(a,c){a.dataFilter&&(c=a.dataFilter(c,a.dataType));var d=a.dataTypes,
e={},g,h,i=d.length,j,k=d[0],l,m,n,o,p;for(g=1;g<i;g  ){if(g===1)fo
r(h in a.converters)typeof h=="string"&&(e[h.toLowerCase()]=a.converte
rs[h]);l=k,k=d[g];if(k==="*")k=l;else if(l!=="*"&&l!==k){m=l " " k
<<< skipped >>>

GET /miniindex/nvxing_509_366.htm?time=undefined HTTP/1.1


Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://VVV.mdtxw.org/miniindex/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 12745
Content-Type: text/html
Last-Modified: Mon, 14 Apr 2014 11:01:01 GMT
Accept-Ranges: bytes
ETag: "80544bd2d057cf1:416"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 05:37:02 GMT
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "htt
p://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xm
lns="hXXp://VVV.w3.org/1999/xhtml"><head><meta http-equiv=
"Content-Type" content="text/html; charset=GBK">..<title>mini
_509_366</title>..<base href="." target="_blank" />..    .
.<style type="text/css">../*....*/..html,..body{ overflow:hidden
; }..body,div,dl,dt,dd,ul,ol,li,h1,h2,h3,h4,h5,h6,form,input,textarea,
p,th,td,button { padding:0; margin:0;}..input,label,select,option,text
area,button { font:12px/18px Simsun, Helvetica, Arial, sans-serif; }..
table { border-collapse:collapse; border-spacing:0; }..ul { list-style
:none; }..img { border:none; }..button { cursor:pointer; }..input,text
area { font-size:12px; }..body { font:12px/18px Simsun, Helvetica, Ari
al, sans-serif; text-align:center;}..a { text-decoration:none; color:#
333333; }..a:hover { text-decoration:underline; color:#BD0A01; }..::se
lection {background-color:#669800;color:#FFFFFF;}..::-moz-selection {b
ackground-color:#669800;color:#FFFFFF;}...list_pic li.noMargin{margin:
0}../*global*/...more,...home,...at_me { display:inline-block; }...wb_
ico { background-position:right 3px; padding-right:10px; }...more_box{
 margin-left:4px; position:relative;}...more { width:6px; height:5px; 
position:absolute; left:0;_left:4px; top:3px; background-position:-14p
x -40px; }...vico { background-position:0 -114px; padding-left:23px; }
...vico_right{ padding-right:20px; background-position:right -496p
<<< skipped >>>

GET /miniindex/shehui_509_366.htm?time=undefined HTTP/1.1


Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://VVV.mdtxw.org/miniindex/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 12927
Content-Type: text/html
Last-Modified: Mon, 14 Apr 2014 11:01:16 GMT
Accept-Ranges: bytes
ETag: "0263cdbd057cf1:416"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 05:37:02 GMT
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "htt
p://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xm
lns="hXXp://VVV.w3.org/1999/xhtml"><head><meta http-equiv=
"Content-Type" content="text/html; charset=GBK">..<title>mini
_509_366</title>..<base href="." target="_blank" />..    .
.<style type="text/css">../*....*/..html,..body{ overflow:hidden
; }..body,div,dl,dt,dd,ul,ol,li,h1,h2,h3,h4,h5,h6,form,input,textarea,
p,th,td,button { padding:0; margin:0;}..input,label,select,option,text
area,button { font:12px/18px Simsun, Helvetica, Arial, sans-serif; }..
table { border-collapse:collapse; border-spacing:0; }..ul { list-style
:none; }..img { border:none; }..button { cursor:pointer; }..input,text
area { font-size:12px; }..body { font:12px/18px Simsun, Helvetica, Ari
al, sans-serif; text-align:center;}..a { text-decoration:none; color:#
333333; }..a:hover { text-decoration:underline; color:#BD0A01; }..::se
lection {background-color:#669800;color:#FFFFFF;}..::-moz-selection {b
ackground-color:#669800;color:#FFFFFF;}...list_pic li.noMargin{margin:
0}../*global*/...more,...home,...at_me { display:inline-block; }...wb_
ico { background-position:right 3px; padding-right:10px; }...more_box{
 margin-left:4px; position:relative;}...more { width:6px; height:5px; 
position:absolute; left:0;_left:4px; top:3px; background-position:-14p
x -40px; }...vico { background-position:0 -114px; padding-left:23px; }
...vico_right{ padding-right:20px; background-position:right -496p
<<< skipped >>>

GET /miniindex/meinv.htm?time=undefined HTTP/1.1


Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://VVV.mdtxw.org/miniindex/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 6471
Content-Type: text/html
Last-Modified: Mon, 14 Apr 2014 11:01:42 GMT
Accept-Ranges: bytes
ETag: "06fbbead057cf1:416"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 05:37:02 GMT
<!DOCTYPE html PUBliC "-//W3C//DTD Xhtml 1.0 Transitional//EN" "htt
p://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xm
lns="hXXp://VVV.w3.org/1999/xhtml">..<head>..<meta content
="IE=10.000" http-equiv="X-Ua-Compatible"> ..<meta http-equiv="C
ontent-Type" content="text/html; charset=gb2312">.. ..<meta name
="robots" content="noindex, nofollow,nosnippet,noarchive,noodp">..&
lt;title>......</title>..<base target=_blank>..<link
 href="inc/style.css" rel="stylesheet" type="text/css">..<style 
type="text/css">...bj {background-color: #FFFFFF;float: left;height
: 336px;width: 509px;}...bj .top {float: left;height: 207px;margin-bot
tom: 3px;width: 509px;}...bj .top .top_left {float: left;height: 206px
;margin-right: 4px;width: 274px;}...txt1{ background: #000;line-height
: 30px;height: 30px;overflow: hidden;text-align: center;display: block
;color: #fff;margin: -29px 0 0 0;width: 231px;position: relative;opaci
ty: 0.7;filter: alpha(opacity=60);cursor: pointer;float: left;font-siz
e: 14px;}...bj .top .top_right {float: right;height: 207px;width: 231p
x;}...bj .top .top_right .right_01 {height: 95px;margin-bottom: 4px;}.
..txt2{ background: #000;line-height: 22px;height: 22px;overflow: hidd
en;text-align: center;display: block;color: #fff;margin: -21px 0 0 0;w
idth: 231px;position: relative;opacity: 0.7;filter: alpha(opacity=60);
cursor: pointer;float: left;font-size: 12px;}...bj .up {float: left;he
ight: 126px;width: 509px;}..ul {margin: 0;padding: 0;}...bj .up li
<<< skipped >>>

GET /miniindex/nvxing_509_366.htm?time=undefined HTTP/1.1


Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://VVV.mdtxw.org/miniindex/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 12745
Content-Type: text/html
Last-Modified: Mon, 14 Apr 2014 11:01:01 GMT
Accept-Ranges: bytes
ETag: "80544bd2d057cf1:416"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 05:37:03 GMT
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "htt
p://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xm
lns="hXXp://VVV.w3.org/1999/xhtml"><head><meta http-equiv=
"Content-Type" content="text/html; charset=GBK">..<title>mini
_509_366</title>..<base href="." target="_blank" />..    .
.<style type="text/css">../*....*/..html,..body{ overflow:hidden
; }..body,div,dl,dt,dd,ul,ol,li,h1,h2,h3,h4,h5,h6,form,input,textarea,
p,th,td,button { padding:0; margin:0;}..input,label,select,option,text
area,button { font:12px/18px Simsun, Helvetica, Arial, sans-serif; }..
table { border-collapse:collapse; border-spacing:0; }..ul { list-style
:none; }..img { border:none; }..button { cursor:pointer; }..input,text
area { font-size:12px; }..body { font:12px/18px Simsun, Helvetica, Ari
al, sans-serif; text-align:center;}..a { text-decoration:none; color:#
333333; }..a:hover { text-decoration:underline; color:#BD0A01; }..::se
lection {background-color:#669800;color:#FFFFFF;}..::-moz-selection {b
ackground-color:#669800;color:#FFFFFF;}...list_pic li.noMargin{margin:
0}../*global*/...more,...home,...at_me { display:inline-block; }...wb_
ico { background-position:right 3px; padding-right:10px; }...more_box{
 margin-left:4px; position:relative;}...more { width:6px; height:5px; 
position:absolute; left:0;_left:4px; top:3px; background-position:-14p
x -40px; }...vico { background-position:0 -114px; padding-left:23px; }
...vico_right{ padding-right:20px; background-position:right -496p
<<< skipped >>>

GET /miniindex/shehui_509_366.htm?time=undefined HTTP/1.1


Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://VVV.mdtxw.org/miniindex/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 12927
Content-Type: text/html
Last-Modified: Mon, 14 Apr 2014 11:01:16 GMT
Accept-Ranges: bytes
ETag: "0263cdbd057cf1:416"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 05:37:03 GMT
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "htt
p://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xm
lns="hXXp://VVV.w3.org/1999/xhtml"><head><meta http-equiv=
"Content-Type" content="text/html; charset=GBK">..<title>mini
_509_366</title>..<base href="." target="_blank" />..    .
.<style type="text/css">../*....*/..html,..body{ overflow:hidden
; }..body,div,dl,dt,dd,ul,ol,li,h1,h2,h3,h4,h5,h6,form,input,textarea,
p,th,td,button { padding:0; margin:0;}..input,label,select,option,text
area,button { font:12px/18px Simsun, Helvetica, Arial, sans-serif; }..
table { border-collapse:collapse; border-spacing:0; }..ul { list-style
:none; }..img { border:none; }..button { cursor:pointer; }..input,text
area { font-size:12px; }..body { font:12px/18px Simsun, Helvetica, Ari
al, sans-serif; text-align:center;}..a { text-decoration:none; color:#
333333; }..a:hover { text-decoration:underline; color:#BD0A01; }..::se
lection {background-color:#669800;color:#FFFFFF;}..::-moz-selection {b
ackground-color:#669800;color:#FFFFFF;}...list_pic li.noMargin{margin:
0}../*global*/...more,...home,...at_me { display:inline-block; }...wb_
ico { background-position:right 3px; padding-right:10px; }...more_box{
 margin-left:4px; position:relative;}...more { width:6px; height:5px; 
position:absolute; left:0;_left:4px; top:3px; background-position:-14p
x -40px; }...vico { background-position:0 -114px; padding-left:23px; }
...vico_right{ padding-right:20px; background-position:right -496p
<<< skipped >>>

GET /miniindex/meinv.htm?time=undefined HTTP/1.1


Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://VVV.mdtxw.org/miniindex/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 6471
Content-Type: text/html
Last-Modified: Mon, 14 Apr 2014 11:01:42 GMT
Accept-Ranges: bytes
ETag: "06fbbead057cf1:416"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 05:37:03 GMT
<!DOCTYPE html PUBliC "-//W3C//DTD Xhtml 1.0 Transitional//EN" "htt
p://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xm
lns="hXXp://VVV.w3.org/1999/xhtml">..<head>..<meta content
="IE=10.000" http-equiv="X-Ua-Compatible"> ..<meta http-equiv="C
ontent-Type" content="text/html; charset=gb2312">.. ..<meta name
="robots" content="noindex, nofollow,nosnippet,noarchive,noodp">..&
lt;title>......</title>..<base target=_blank>..<link
 href="inc/style.css" rel="stylesheet" type="text/css">..<style 
type="text/css">...bj {background-color: #FFFFFF;float: left;height
: 336px;width: 509px;}...bj .top {float: left;height: 207px;margin-bot
tom: 3px;width: 509px;}...bj .top .top_left {float: left;height: 206px
;margin-right: 4px;width: 274px;}...txt1{ background: #000;line-height
: 30px;height: 30px;overflow: hidden;text-align: center;display: block
;color: #fff;margin: -29px 0 0 0;width: 231px;position: relative;opaci
ty: 0.7;filter: alpha(opacity=60);cursor: pointer;float: left;font-siz
e: 14px;}...bj .top .top_right {float: right;height: 207px;width: 231p
x;}...bj .top .top_right .right_01 {height: 95px;margin-bottom: 4px;}.
..txt2{ background: #000;line-height: 22px;height: 22px;overflow: hidd
en;text-align: center;display: block;color: #fff;margin: -21px 0 0 0;w
idth: 231px;position: relative;opacity: 0.7;filter: alpha(opacity=60);
cursor: pointer;float: left;font-size: 12px;}...bj .up {float: left;he
ight: 126px;width: 509px;}..ul {margin: 0;padding: 0;}...bj .up li
<<< skipped >>>

GET /miniindex/images/Untitled-1.gif HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 19666
Content-Type: image/gif
Last-Modified: Sun, 13 Apr 2014 01:54:58 GMT
Accept-Ranges: bytes
ETag: "0859c5fbb56cf1:416"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 05:37:05 GMT
GIF89a..s...........gE..u......e:".........vvwY7$............fefsF)...
....=Fc4.iB).\F.SP.eTyR7..x.cHWVW...GEEtK1...Z1.V ....saW.uS.uVxWD....
...........J&....E..7......wc'#$......jG2..........ru...755.......b?..
.......7!..jS.......S3...F .U@9.....................".........Z:.\<
....{z......y{..th......hio......d[U...TGC..........nK.........l.....Z
[`...............,..V$....rkf..........)).{r.......Z;#......j].R......
.nrv.........lRH.T;.T3VQO.....hbI@d_`......|^O........._ah......5'$...
6......I(.........I:9...q> OSW........................uqp.tZ...1...
.....nmq...zO-..].[3.L2.Y1KJL...SLP.U9..........T[40/.......oa...oO8uP
@......BAA<:>...#.........13......0-0N.....knj.cd..z.qr....67>
;>9!  .08PPJ..!.DF...*) .........--(_`^$...........................
........._A..........64......!..NETSCAPE2.0.....!.......,......s......
......z... (o..y...34o.=...a../.<z..y.I2...X..3......?...ea......7.
.&{.j..G...w.FY|Y0%..J.EM...</.4...5.!,.^...........Dp../..\......f
.. `...3fV.q..O`[email protected]... &i.\c.... ...i....sE.4..k..X..#!T.
Z..%..J..>3..GF|..../ .P.C.|.P.P.l..H..c_.=R...Q4..P.<...PD.0...
wIl.V.....6..h.c...O<.. {....w  [email protected](..&...d.......bJ.HXA
...4...,..H#...#(4............J0G`.E7.d.....P..I.`..0..C.S....1.2..\v.
e._....Z.........1L..<[email protected]..`.a..j....b...`[email protected]...
..vZ.E....H."@........Qj......V......... ..0.....L....M.}...27.... X`.
..4;..#8....*.e.u`.m..r;..1L.....#.........s..Zh...P$.........4..%.Xb.
1.4....E....UH....`....0C..h.. .q0j.................d....PrD.GPr..
<<< skipped >>>

GET /miniindex/inc/normal_bg.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 41703
Content-Type: image/png
Last-Modified: Thu, 10 Apr 2014 17:05:46 GMT
Accept-Ranges: bytes
ETag: "0511e1ddf54cf1:416"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 05:37:05 GMT
.PNG........IHDR.......!.......c.....sBIT....|.d.....pHYs...........~.
....tEXtSoftware.Adobe Fireworks CS5q..6....tEXtCreation Time.07/11/13
........prVWx......0...."k..a#...8.v..0...b!xkb8......I...I_..;\.uH.4.
.......1.]........,S..v.._.r...us...."MU.v.....j..j...Z..S...r..}.....
.|K...........w{\..p..........&b.....HmkBF............................
............................................).3...:.mkTSx..}Kl.Wvv.lY"
EQ..8..a......z. ....l.v.lu7%J1.TWwI.Q.L..(...#.......3..e.U&....>@
. H..Yg.eV3...s....u.Iv.I.h.............O........r.t......6|M.....2...
...{..3V.G.y..t..Z....;c.p.k=g\..now.....C8.......z.|4V....Me......X.k
e_....-.|.,.I.o..G.PYQ.d.Ke.v.;.8..6.{....U.zss.l..-...i.R..5....k..6.
W.M.O.il.....w.........f...u...[...}z.~..d...6....m...6w4.NsG..4w.lZd.
N..6.4n.l....*...Y6TF....iW.....Q.......1....6...B...a":Y.......Y%.~D0
......3..M....8t..>x.&...'jO......1. B.3.1.".S.L..I.2.^.1.j.G....`.
^F.....`x.a.'c..D.N...Qh.2E..R.1(....J.J...S.S.......E :.a.'.......S..
...i.9..(.ieH1.0Hm).z...t[>v...k.s.].*C.L..R4..<.dQ..mH..A..Y.}.
.2.y.S.g@~.;u... |.i....pL..2.....Z.D......D.J.4.8c..sZ.g.....F...7.E.
.H.<..)x.J..1.J..zj....sJ...S....2..A...AqD.."..I5.rn.....9..j.Y.. 
@.4...w.@[email protected]...}.,..6.
...c.;r..Fuj.......Y;@.^..G.v...".-/a.'..>l.@.,1V....0.T...g..f$...
..'.B.'....LQ.<....m..C...z..!.....A..1f .c..^....-.\...Z.8z..k..I.
...3d....>h...h...q....S....-..H....$7l...$.az$....j.>...P...XR.
....P..]4.z......,~....'........<}.M....R.8<f...........0..2
<<< skipped >>>

GET /miniindex/inc/ico_new2.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 55317
Content-Type: image/png
Last-Modified: Thu, 10 Apr 2014 17:05:46 GMT
Accept-Ranges: bytes
ETag: "0511e1ddf54cf1:416"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 05:37:05 GMT
.PNG........IHDR...(... .....QE .....sBIT....|.d.....pHYs...........~.
....tEXtSoftware.Adobe Fireworks CS5q..6....prVWx....Q.A...vAX.]....@M
F....X..!..s!..1._Q..5...{.>LU...|....*..)b....}e=...%...,.fQ.."2.=
..y.w/..............M...u.4l!._....!.W.?.....'m>..........O.v....r-
...5M......f.x... ..l....^<.=....j.........S...1..6_..............e
{u......2....b...HmkBF................................................
........................).3...D.mkTSx..}K.$.Y.ywggzfv.k. qi../........
........z.g........g..CS6X.....6.........w..B !q....}.......Y.UY...qN.
vV>"3..}.......a.......8.}..>8.G.......98v4[w./..o.....>.|..I
.-m..9L.=M......k.....8.^.[..o...::n.......qk......V............6..e8.
..................}.._.o.a.....x........z....L.Q....ooC.R.P...5.h..s..
....`.C......ui.?...m.....vp.;8..Q{...Cv...=d...m6WB(....F.]..........
...A.6........z.f...vBd..B..Gf.u...Y.!.{.J&bc1l...h..DQ..m..D...4f...b
.......1x<..7..>......o{..........w9...g........;.W.`...M...fP..
..MB..i..j.A.8%..zmvf..*..8.mb..V........)..r...^..x*..b....2....h....
......8~H...g..U....f.F;.ln.asB.9e..x.n........f....[..w.......;......
[email protected]....<....y.8...I.....~.(.*E.....].].......B...h..A...
.RzFz.g..L6.)`0...r.|..%..30n/..i...G...Mc.h...A.1h4.....&.f.....{...D
..1.........-.A2K;...DI.9NF8)...o....E2.T...bPY.*.E~...C?l..-p`.0.q0..
9v..F...c.m.5......:.B....-..*`...S..t..B.....>.ZOsH.1...x..?%...i.
.F.....b...=....*..e3..0.aY.$..0.&.Z..A.TQ........(R7....S.....g._...=
.... [email protected]...`O_.......uL...
<<< skipped >>>

GET /miniindex/inc/close.png HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 2526
Content-Type: image/png
Last-Modified: Thu, 10 Apr 2014 17:05:46 GMT
Accept-Ranges: bytes
ETag: "0511e1ddf54cf1:416"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 05:37:06 GMT
.PNG........IHDR.....................tEXtSoftware.Adobe ImageReadyq.e&
lt;....IDATx..Z{..U......dw.v....H*...H.....L..i.."j...5.bL..b..Y.5.(.
.FC.DH..X(...#.XK....[[email protected]..}.<....f.....|...3....|.........
[email protected]._'.K?...(..J.3.6..Mw.......S.i.EC!|.q..Q,.N.....U.(....
.....a.w......o^2..w..t]....d......t....(.m.F...fwN.W.........N..#.a..
.|.i 5..4..H.'.C..BJ.......)(.8.......,RJ....T.].X.......V,GRz........
.0D./..).....e.P,.._A.'][email protected]......$.W.b.1M....g.....
t....T.*.#.'%Y?....P.b..y..,..z..4...r..-}..%D..M.h../Z..S.......5\.,.
wq..3.....U....D.2..-....' .e[mm..,U.(.2.8..r., .P.).......C@ ..qBtob=
..|oU......5._..6.J&.hD..R........_.6...-.Z..$....s..)..v..Yh.........
....p..[..c.>...Tp.w.9...?p...}.......}..`..!..=.b...m...3$.}......
.`M....I(e......,[email protected]\........-_.~$Z..?....~8Q6..MW.....f*.0D
@ ......p.U..Zh..Dd{e..a(...._...j?....D&.....I-:.M.k......r%.....D..m
..7Os.........H........*.AH....1.k..8n..m.....I.........wg......S.Jk.r
.........Z...A.m......q...F...wq.H..u......}.}4.F..#.P.e..@..!....h.Q.
.}r.&V].}h.r8.....~...G$ b..P......z{..'.......{..Z. 62.W.6.w...r-...,
.t.j3..#`....X.'..L.....33..`...q..p....\K>....1..,*......!|.7.Q-`.
T.........|..#..U.p.>.D.C..ZFmQ...\.fTJ.N....q.../.AS.......}..y.R.
.......y...`c..#....Y.$...A....y..L....].x.;..X4.x$I.IX..._...q.w..0O.
.N...MB.y/.!Z.,......U._...e.........TO..._.w{../...= Q%......v.._....
TO...W..S.O.Hv..G..Z..x.~t...Be.....K....'.........N.......l..;.T..O..
.....w.n...a....j>....%......u..L.......M...}.#..._.G....b8....
<<< skipped >>>

GET /miniindex/inc/style.css HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/xinwen.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 3717
Content-Type: text/css
Last-Modified: Thu, 10 Apr 2014 16:40:38 GMT
Accept-Ranges: bytes
ETag: "0c7479adb54cf1:416"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 05:37:06 GMT
*{margin:0px;padding:0px;}..html,body {overflow: hidden;}..body {font:
 12px/18px Simsun, Helvetica, Arial, sans-serif; text-align: center; f
ont-size-adjust: none; font-stretch: normal;}..ul ,li{list-style: none
;}..a {color: rgb(51, 51, 51); text-decoration: none;}..a:hover {color
: rgb(189, 10, 1); text-decoration: underline;}..a,img{border:0px;}...
focus_filter {left: 0px; width: 100%; text-align: center; bottom: 0px;
 display: block; position: absolute; z-index: 3; cursor: pointer;}...f
ocus_filter {background: rgb(0, 0, 0); height: 21px; z-index: 1; opaci
ty: 0.6; -moz-opacity: 0.6;}...main {background: rgb(255, 255, 255); p
adding: 14px 0px 0px 14px; width: 509px; height: 352px; text-align: le
ft; float: left; position: relative; -ms-zoom: 1;}...main_left {backgr
ound: rgb(255, 255, 255); width: 222px; overflow: hidden; padding-righ
t: 20px; float: left;}...product_yl .list_news_yl1 {padding: 4px 0px; 
margin-bottom: 3px; border-bottom-color: rgb(139, 140, 140); border-bo
ttom-width: 1px; border-bottom-style: dotted;}...mod_left {margin-top:
 10px;}...list_pic {width: 222px; overflow: hidden; -ms-zoom: 1;}...li
st_pic ul {width: 232px;}...list_pic li {margin-right: 10px; float: le
ft;}...list_pic li a {padding: 2px; border: 1px solid rgb(221, 223, 22
2); width: 100px; float: left;}...list_pic li a img {width: 100px; hei
ght: 65px;}...list_pic li a span {height: 19px; text-align: center; pa
dding-top: 6px; display: block; cursor: pointer;}...list_pic li a:hove
r {text-decoration: none;}...list_pic li a:hover img {text-decorat
<<< skipped >>>

GET /miniindex/images/b14.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/xinwen.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 40898
Content-Type: image/jpeg
Last-Modified: Mon, 14 Apr 2014 07:49:40 GMT
Accept-Ranges: bytes
ETag: "0c21517b657cf1:416"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 05:37:06 GMT
......JFIF.....H.H..... Exif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................H.......H
....Adobe Photoshop CS Windows.2014:04:14 15:49:39....................
.................................................................&.(..
.......................................H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................f...."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?.....N%.....Dj...V}../t.}..../...*.
KH.\7W.7t..9..>...............u............v..e. 8.......u~.....?..
... .Y[...m5...5..^.c..7{.......q>...[...'.....7.Y.....L.........L.
..K..8...).K.....:.........&..'....\.j.E.....G.-g2.t-...h....SE8....g.
.N.0..t...tQe.)....tm...k. .......ur>.....Lhm..[.#MWB.2K W>>.
?r.......v.=..D...`....S...}^..V..b.u.c.V..2.j&......=..\}.....Vh..G.k
mc...H./N..T.....m~...l;..i..r,kE..\.......3].....?..?1.c.8......e....
.j.DJ.....=......B.....z.G...62.X...4.......*wu....mk...~j..'.. .q.w.&
gt;. .4..9.>....W.F.o..'.i.y&.../c.P.K..gN..~T..2...D.LsOhU.gtB....
@.x.UNY*&.P..US...pn..W4...u[...b.<[email protected]
<<< skipped >>>

GET /miniindex/images/b17.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/xinwen.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 40997
Content-Type: image/jpeg
Last-Modified: Mon, 14 Apr 2014 08:05:38 GMT
Accept-Ranges: bytes
ETag: "0f51852b857cf1:416"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 05:37:06 GMT
......JFIF.....H.H......Exif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................H.......H
....Adobe Photoshop CS Windows.2014:04:14 16:05:37....................
.................................................................&.(..
...............................{.......H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................f...."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?..uM...[O |T.......=;h.<..O...F.
....x..R.x}...8.>.xG...'i...2;.1.R.3.>...ILt.I.?"....V.......a..
.. .US~..].kr)$../k\..J1.$.t...:mG%...K..z. z...e....=.....u*..,[.T...
.w[E..Z.....p_VG........X...m.... .....v..q..q....Tv...73w.u..@f...,xG
.yk......S1.k....7G.v............R.h5....;......C....)....&....}...j..
....k}`U0m..~.....o."..H_v.......<.L%.`.I;.Q...lo...Q.!...C.......q
.....g.F.)aE.r.../...t|.g.!1.D..?uF\u!.....h.....t......#.).O...G.Q2u.
........P$p....O..#.RB..@.....>T......xG."Q.}.2...l..u...8.....s...
.3z.h...q......\...o...UM.u.....O..3.}[ki...U./........?....H...xB...[
.........K....w.....(.C.|...c..8....-..U........v..Wn.g....s=oQ{.v
<<< skipped >>>

GET /miniindex/images/b19.JPG HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/xinwen.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 20701
Content-Type: image/jpeg
Last-Modified: Mon, 14 Apr 2014 08:17:59 GMT
Accept-Ranges: bytes
ETag: "8095c4bba57cf1:416"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 05:37:07 GMT
......JFIF.....H.H......Exif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................H.......H
....Adobe Photoshop CS Windows.2014:04:14 16:17:58....................
.........l...........A...........................................&.(..
...............................\.......H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................A.l.."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?....mS...0..........z../i....F..Z.-
.....u.!.`......Hy...G...Cu.a.i.^........k..w.y/S..?).Y$.......f..E...
...z.P{..1.-..Ak.....e.o......2[......8..~...'S.-P.n...~....U. .o...5.
......]}.w..?n{.(#I..6.w..?K..gO.....qc-i.........;..........g. .4i.A.
......V.R.nf#..N..:;...r...L.....V..o...p.V.......} ...<:.K\.V.5.-.
]k...c[i..j......E.._P..F..f.v..P...ysH..;...g........d..E.l.a,s{.....
.......8..-..7E....8..?......I.-..S..#.2...{.er..5...n........._...c?k
...o.>........n\....V.`4.Y.y.{O^.....a.k.....;........^...#.b6..?i.
;....;.....BG.2e...=^w.e;[email protected]=.h[.z...(.L....{..z....o..4,...
.9,...e....N.........Ocoq>......T<VI..........df6..N8....q..
<<< skipped >>>

GET /miniindex/images/aaa4.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/meinv.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 61094
Content-Type: image/jpeg
Last-Modified: Mon, 14 Apr 2014 09:29:12 GMT
Accept-Ranges: bytes
ETag: "0a4acfec357cf1:416"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 05:37:07 GMT
......JFIF.....`.`......Exif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................`.......`
....Adobe Photoshop CS Windows.2014:04:14 17:05:17....................
.................................................................&.(..
...............................R.......H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................x...."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?.....[....i.r.H.e.4.T...-.96l6i[.%.
#..j.../Q.-~;Hc......O.}....o....u<lL.G.)m........s.9.......8tV.9..
..8..V........N.Y...L.V...&.M.y.Yz..C*....c.. ...j?..j.Y...M.{6-n..;..
.LF.b....*.C.kl}}..]>.U.h.-..............j...cq..0....e..Cmo..-w..[
N..Vi...pX.....-k....=-.]mk>...I2D..i......._......z....5.6....\v..
 \.?7.s...de.mU..p..'..\._X..1............ZX.......M.....$.cZ.........
.FW....k....S.1..f^.c......q......I...^.zN...b... ~~Q#Su..qT........=.
..".G.....h1.......;)4..[lk.....A.....ad.\..e.`'..-..9z^mmu..4'.......
.p.{...?M..5..h..'.j.[80.....FwF.K..8.p~I}....R.SI.S0]&...V.)}...=....
..$..C..x)......&...PTA" .W......K..B/...V,.........3*...kC...i#..
<<< skipped >>>

GET /miniindex/images/aaa5.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/meinv.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 71321
Content-Type: image/jpeg
Last-Modified: Mon, 14 Apr 2014 09:29:12 GMT
Accept-Ranges: bytes
ETag: "0a4acfec357cf1:416"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 05:37:07 GMT
......JFIF.....`.`......Exif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................`.......`
....Adobe Photoshop CS Windows.2014:04:14 17:10:25....................
.................................................................&.(..
.......................................H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................x...."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'[email protected][email protected]..../..d.
v.;...q.h.#!.m.....;......Y..... Z~..7z?O....wu7.....S..Y.m.d{.=../...
m..........o..{......m.f....-yu.|.$..s......?.P...~.}_...znP}.....k..I
>..........k.....Ll..o.#..UuD:.Xv......~.}l.... ."..q......O.Y,h.,.
k............u.6..{@..#...l?..~.e..-~K=#.M...[.......H....^...?.......
f.[_H%. <....l....p..r..6m/{a.N. .5.8......9.u...@....'.;..Wg..]lT.
............9...o.uW.Q..a.... ........YV3.<..n.ZD~...Z.....)..iu.s.
..O...}..&...O%..:.6.q..WI.o...Uf...:X..'rfB"......Y..I..v.......k7.5.
.....:L..&>j.X.SN=T.U]O%..F.d.....MN....j......?9.*...y.1..b<..g
:.dd.............T`<.,.ku....r...Z0.,8....,{.u.2.\...OQq..[....
<<< skipped >>>

GET /miniindex/images/aaa6.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/meinv.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 40601
Content-Type: image/jpeg
Last-Modified: Mon, 14 Apr 2014 09:29:12 GMT
Accept-Ranges: bytes
ETag: "0a4acfec357cf1:416"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 05:37:08 GMT
......JFIF.....`.`.....cExif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................`.......`
....Adobe Photoshop CS Windows.2014:04:14 17:17:06....................
.................................................................&.(..
...............................-.......H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................x...."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?....`..r.Z..l.t...q-..deLOaN;..._.=
t.1.K.7...... ..m.1.;..gs....rf.....a.c.44....mZ.u.4...c..v9...utx?\l.
......@l$7i?E.5...?........d.........E"...k*......c..........s.^.]W..u
,'.\.>.#..E.:..N.f.../M{...2|.k.h.@>..-f..g}..[.u...a..9..4.....
.......-q.)%..'$..>.......... :.E......S...K.....qr,....`x'e. .?5..
.#....hz^..`.cN.. .|.#.....2>z%ji.J.s}..4.c.....a...C..u...\.mS....
.`....A3......l(4C..Uo.x.n.... .U@...{{......vRw........i..M{...8.u..:
.......!q...@t[.KG.{....1>........-k...*C....$.R;...Z...,< u;}6.
5'.......6.....x...)...l-s}..H.)......bh.h.k/....o5.u,WWy.y....w5.~...
^..wz~.}.W....o....t%@Z.'@....S=@.#..n...Sa.H.{J...V..Wcn{F&.....^
<<< skipped >>>

GET /miniindex/images/aaa1.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/meinv.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 45855
Content-Type: image/jpeg
Last-Modified: Mon, 14 Apr 2014 09:29:12 GMT
Accept-Ranges: bytes
ETag: "0a4acfec357cf1:416"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 05:37:08 GMT
......JFIF.....`.`......Exif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................`.......`
....Adobe Photoshop CS Windows.2014:04:14 16:43:10....................
.....................^...........................................&.(..
...............................w.......H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................A...."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?..~..e........l%.....Y{.m.9..V.[..^
...3..4N..X.........m.. .U.?....u.Q.y....!.9....NN.S\....*......Z?...d
`uW.9.....1{..Xo..G....V.~{.W....S. .09*P.~..}_V.......qlr......K.zKP.
}g.y....nE..5.8TN!{....K\.O.w...UuZ....[U....t.....6<u.....[..[_S..
..I...g........^.h.^?..*Et.["..\CZ.K.x...s.........y..QwM.>..w.....
.Z..EWdc.Z.,.........k}e...Z..3G7....I....y]?Xp......N8~]..m.4}..#!...
.W................w.K\..B4#.....{(cf.g...k.}o.....<....o...>.#1.
^.D....y__...u..7]g...[..>.]......Y.w..WW.Z..-q.B4\?B.......2.FV].s
l..z..W4[.{.s....A....I.\.j...UR].1..8.;..nw... .bH.<Z]o..tN.......
UU.7.c.eU....Z......tN...]E.....H....-...u.......*.72..MM..Y.r..v.
<<< skipped >>>

GET /miniindex/images/aaa2.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/meinv.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 40325
Content-Type: image/jpeg
Last-Modified: Mon, 14 Apr 2014 09:29:12 GMT
Accept-Ranges: bytes
ETag: "0a4acfec357cf1:416"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 05:37:08 GMT
......JFIF.....`.`......Exif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................`.......`
....Adobe Photoshop CS Windows.2014:04:14 16:57:14....................
.....................k...........................................&.(..
.......................................H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................J...."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?...`..?..............0h....t....X..
[email protected]'[email protected]=.{..>.K.<.w........F
.}...S..$F..........#&.!_.{r.q.....;...&.~......T.3/9..M..H<WX..v..
.....J...}..v.. ..0.a...z..S_.....%.s.X88.?.8........R..o.V.RR].....m.
..K|..-.K?Us...............P......t..3............N.8......2~h.X55....
.....}.....]K..Z.....9.....w.E......SN........r.}...t ......Q .w......
......o`...#?..........}C...7zn.8...g...r........7.w...c...''b./6,.P.`
.... I...........;[.;........0.S..Q.Z...b....O<)..I.).(....@5.$.Z.I
..s...z.s.m..l.......&.......5`..l.........>..J...!..b.{.{..Z.Y.R..
7d...G..._R(...=Q...'.o.l....U.z.Q."..m88..X...qi;....S..E.. )...(
<<< skipped >>>

GET /miniindex/images/aaa7.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/meinv.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 24446
Content-Type: image/jpeg
Last-Modified: Mon, 14 Apr 2014 09:29:12 GMT
Accept-Ranges: bytes
ETag: "0a4acfec357cf1:416"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 05:37:08 GMT
......JFIF.....`.`......Exif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................`.......`
....Adobe Photoshop CS Windows.2014:04:14 17:21:08....................
.........}...........~...........................................&.(..
.......................................H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................~.}.."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?.......\.......'..r~....N.....F...:
.......e..P4.....z6.tuf...c,n.j.N....Q.=..;<.'...X.....:.'A....:W@.
.0]s..V....G.......P.O.`|...2.ve..Ya;...a#-5)[email protected].. .......O.h.n
....i;M..s... c].....gfSsG.]#.5..|.K.a.X..!.c.:.O.....&.....~v....}i..
..r.}.u.>f..7m../.......\.r..II$..RS9 .*.'.M.g.J..S...J.Gu.32.I)...
.u<..k-;[.]...]o...9C9.Yok1\.q&...Z.....&...d ...r~..A.V.....K...%y
g....}1.... .}......~.......V...\KY..<.T9"j...ZOceX..h...@#.<..O
..j.syQ.F&.$.......&.K] ....W=.>.tN./..b.#[i..|l.......h....:L...W.
f}Y..X..2$:?;.aK....9. w..........O........]..1^....u.{3.l..z.....{...
v..kY;~.......4Y.cZ..:...X...........x"..i>.,p..6.`.O.c........
<<< skipped >>>

GET /miniindex/images/aaa8.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/meinv.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 22801
Content-Type: image/jpeg
Last-Modified: Mon, 14 Apr 2014 09:29:12 GMT
Accept-Ranges: bytes
ETag: "0a4acfec357cf1:416"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 05:37:09 GMT
......JFIF.....`.`......Exif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................`.......`
....Adobe Photoshop CS Windows.2014:04:14 17:23:40....................
.........}...........~...........................................&.(..
.......................................H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................~.}.."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?....8.|.d[..[....."S...`..2H0EgQ...
]V.w.E.........,.!!.....K.W...]..._..m.#L...%..Sr...X^Y.io?.... .c....
.h.P...hx:....{>.=.3k...;.......6.m{=.{H.......l.J#QOU.....k..M_...
....V...t..`e...n....... .6...i.. ...V....'9'9........Cs.9.e.)w9Cv..r.
......&@......*..*.,.d..U.-qo..Lgb.sKO..}..x......r..W%. ..m....)..k~M
-...=....az=....d....c..K....3.$.7.A.?..;.f~....a.hm..n...^h.Ttnr.$.s.
.=......f...J....?..F."......q...p..8..q..{~..r?X.C.....~....(i._...w.
h...V.C.'h...?.w..c9...z......^sz.NNSi.t......).....B.n......>../..
Uuy.5....KgY....p. .5..?...s.[6"..I........C~.<....:..s.e:...#.c.%.
W..c.#.).P.|Rs.%=....M..'B.y....fz.eZm....S..r.J...~....O.l.~..S..
<<< skipped >>>

GET /miniindex/images/aaa10.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/meinv.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 23965
Content-Type: image/jpeg
Last-Modified: Mon, 14 Apr 2014 09:29:12 GMT
Accept-Ranges: bytes
ETag: "0a4acfec357cf1:416"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 05:37:09 GMT
......JFIF.....`.`......Exif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................`.......`
....Adobe Photoshop CS Windows.2014:04:14 17:28:23....................
.........}...........~...........................................&.(..
...............................Z.......H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................~.}.."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?..Y. Cn..gE.Y.K.\i..6.[[..........4
.E/?.x.-|[email protected]..(...{....;}....}N.9....`. R5...-...eD{~%Qn#...zGU.&g
t;...l..5h.p...8.".. F......j.>...]`..vCvC..H........T.:1S3xp......
88...(...]..E).a .9B.......%:r.f.............;][email protected]
he..;g.T=J6.=_.z...`.=..N.,l..R.S..L.<O.n...../...p.F..QH.  r.1..]W
[email protected]>......
Vw....{.....9...;ts7.Ut....O.`S.qD~ .8I.Z.D.......?*.~.tS.]v63........
gf...ee.:..&7Y.W._.[]l...!.p..X.W..r#....W...f.... .....z^e..me...H...
b...,.7p.4.)..q..!.q%.9WEpF..c...M{m..........{.[p.5!.. [email protected]
..>....B7...P....1....q...<d.....|..i........89.....U..5ul.7
<<< skipped >>>

GET /miniindex/images/b13.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/xinwen.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 42296
Content-Type: image/jpeg
Last-Modified: Mon, 14 Apr 2014 07:47:34 GMT
Accept-Ranges: bytes
ETag: "0affbcbb557cf1:416"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 05:37:09 GMT
......JFIF.....H.H.....[Exif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................H.......H
....Adobe Photoshop CS Windows.2014:04:14 15:47:34....................
.................................................................&.(..
...............................%.......H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................f...."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?..8........~.........A...^ ..6.i...
.....gf.m#X......:.`........5..........*.[cg71.\]..'.sO.....:m.H....{.
r....Ob.H....e...,x.@.%.......[..-=.<=...2A...2}...=...Z.....kI.?.P
{.s..eOi<..IL)..Z...?...mi..i.((..E.....{QI..4.~W...9......l..\#...
e....m.y;t". ecn.....u..W...cfD.l..p%X....Yfb,..v5..<9..:Dr%B...{.i
[email protected]#S.......`...G?I....P...P).#!d0...F.:W...m.6......I.V.
...40...Z.. ...O.o...........%.......TI.*.v.....Y...%...5..}?Y....h,.o
;.....)n.5...t2u.5....-..k@-....$.F.v..J....'Yk.O..]*.-.X]..4.......a*
....E... .....S~g...,.D4=WF$..uL,.[n.......i"=.\._N.O.p....H.O.......u
..T-...*....$......*hv%./..;.^....A.??.. ._.#h.......>......U.}
<<< skipped >>>

GET /miniindex/images/b15.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/xinwen.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 38304
Content-Type: image/jpeg
Last-Modified: Mon, 14 Apr 2014 07:58:46 GMT
Accept-Ranges: bytes
ETag: "0bf865cb757cf1:416"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 05:37:09 GMT
......JFIF.....H.H.....>Exif..MM.*.............................b...
........j.(...........1.........r.2...........i.................H.....
..H....Adobe Photoshop CS Windows.2014:04:14 15:58:46.................
....................................................................&.
(.........................................H.......H..........JFIF.....
H.H......Adobe_CM......Adobe.d........................................
......................................................................
...................................f...."................?............
..............................................................3......!
.1.AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'..
.............Vfv........7GWgw........................5.....!1..AQaq"..
2.....B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F............
...Vfv........'7GWgw.................?....Ny)*..Jb..RS..T..IH.....%...
......=l..i<.......{..?z......w..2...{}...........'.S..-..e_b6XH!..
....WzV{..jt...............?Q.6N.rn........W..?X...t....)m7. .Iq.....7
.s.....h..S,"fk.]].#E...$...X.).r....1R*%%1L.S$.....d.UY.....6..A.i..m
{....z.:..Y....l,.`k.C...3.Qg.........oV...g...........MZ..{.a........
.Z....... y..fQc3k.%......67_.....clg. A.~...A.(b2<W.d..."=.bTJ)...
?r....?qR.<...K.........4.k...]7.:.v.......nf.=..]F{.02K.`T.dx4.n..
....".w..GVD...h.D...2..3..>;/...."@.........)~=N...{@.{...=..w.!.7
..Y.....vz.eU....V...s_.s....N{)....S0.W;.>..;~....v.&V...fc./g.k`.
f..q.z..'.*x.~.j1.YHt.....ng `....D.K^/SQ1R*%\s.*%H..T..).b....$..
<<< skipped >>>

GET /miniindex/images/b16.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/xinwen.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 43598
Content-Type: image/jpeg
Last-Modified: Mon, 14 Apr 2014 08:01:35 GMT
Accept-Ranges: bytes
ETag: "801942c1b757cf1:416"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 05:37:10 GMT
......JFIF.....H.H......Exif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................H.......H
....Adobe Photoshop CS Windows.2014:04:14 16:01:34....................
.................................................................&.(..
.......................................H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................f...."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?..{..h....iku..C.v..8D.. 1...5'r.5.
.}....)T.....sv...'E'....'D.T....?w..j.....8l....]...c...G........C.Ce
.DhH.0....L.N.......;..H........F..s..v...A...._...ICu.v.vC.F0>.;..
.......;.c6.....t~.^NCr^.|:X.k.....&.R..k=/O....'. .~...|..l..9..-.#A.
.O...5ut............c.` ...c.^..&(e=H.."46G...]g.=.8Y./...V..z.6~.. ..
1.G._N.z....U..U.`...O.f.o{e..[K..............]n}..u..^..m..-l.5..t?..
.k.. w....."..-.....:.....^........t...........Sv......5._c.!.....s. .
Kk.m..kO..v.{N.b...}......A.......I..1.h..!...&O.W..._........C..T....
.....gJ..X.."!:........{........?.]..;.V.'B..T9.X.{....".[..."..3}.]. 
Y.....g.*9..G<}....P.uE.7*.....q.....?h.......O'.[t<.....V..
<<< skipped >>>

GET /miniindex/images/b17.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/xinwen.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 40997
Content-Type: image/jpeg
Last-Modified: Mon, 14 Apr 2014 08:05:38 GMT
Accept-Ranges: bytes
ETag: "0f51852b857cf1:416"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 05:37:10 GMT
......JFIF.....H.H......Exif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................H.......H
....Adobe Photoshop CS Windows.2014:04:14 16:05:37....................
.................................................................&.(..
...............................{.......H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................f...."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?..uM...[O |T.......=;h.<..O...F.
....x..R.x}...8.>.xG...'i...2;.1.R.3.>...ILt.I.?"....V.......a..
.. .US~..].kr)$../k\..J1.$.t...:mG%...K..z. z...e....=.....u*..,[.T...
.w[E..Z.....p_VG........X...m.... .....v..q..q....Tv...73w.u..@f...,xG
.yk......S1.k....7G.v............R.h5....;......C....)....&....}...j..
....k}`U0m..~.....o."..H_v.......<.L%.`.I;.Q...lo...Q.!...C.......q
.....g.F.)aE.r.../...t|.g.!1.D..?uF\u!.....h.....t......#.).O...G.Q2u.
........P$p....O..#.RB..@.....>T......xG."Q.}.2...l..u...8.....s...
.3z.h...q......\...o...UM.u.....O..3.}[ki...U./........?....H...xB...[
.........K....w.....(.C.|...c..8....-..U........v..Wn.g....s=oQ{.v
<<< skipped >>>

GET /miniindex/images/b18.JPG HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/xinwen.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 23977
Content-Type: image/jpeg
Last-Modified: Mon, 14 Apr 2014 08:14:46 GMT
Accept-Ranges: bytes
ETag: "01fbb98b957cf1:416"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 05:37:10 GMT
......JFIF.....H.H......Exif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................H.......H
....Adobe Photoshop CS Windows.2014:04:14 16:14:46....................
.........l...........A...........................................&.(..
.......................................H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................A.l.."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?..w=.Ku vX...~U..p.iM.....ec...'r..
...g.:...N.e.].^...v=O?E.7}t..%..i.8.C...D.t.a...%...........?$.-.k...
.F...K{~sTs....4........].d/L3...N..R<...T.2F2......;..nt..Y..4....
W.....C|..;.}z......H.. o.a...K}.z.I........X...CuN..w}N..5..o..`...k.
......7...?GN....-.;[email protected].'.|.8...#,....8&v.a.Ay......
?=....W.W......KA.}.WG..W[.:.u.....^K....4h...........5..->.\d.....
.R..L..w.... G....q.....)......W.,..2..l........52..g}..L..?[..O..Sg.?
......}......G.X....C..f.N...b6}/..#..xA..`....u.>O...,..4...y..v5.
Y]...RK...t..R....].y..M...>.. .c?7.2...n{..Y.CI..O....f.g..l..."h.
.....5/[email protected]..^...u.;...1..........kk.[.j.......3
<<< skipped >>>

GET /miniindex/images/b19.JPG HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/xinwen.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 20701
Content-Type: image/jpeg
Last-Modified: Mon, 14 Apr 2014 08:17:59 GMT
Accept-Ranges: bytes
ETag: "8095c4bba57cf1:416"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 05:37:10 GMT
......JFIF.....H.H......Exif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................H.......H
....Adobe Photoshop CS Windows.2014:04:14 16:17:58....................
.........l...........A...........................................&.(..
...............................\.......H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................A.l.."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?....mS...0..........z../i....F..Z.-
.....u.!.`......Hy...G...Cu.a.i.^........k..w.y/S..?).Y$.......f..E...
...z.P{..1.-..Ak.....e.o......2[......8..~...'S.-P.n...~....U. .o...5.
......]}.w..?n{.(#I..6.w..?K..gO.....qc-i.........;..........g. .4i.A.
......V.R.nf#..N..:;...r...L.....V..o...p.V.......} ...<:.K\.V.5.-.
]k...c[i..j......E.._P..F..f.v..P...ysH..;...g........d..E.l.a,s{.....
.......8..-..7E....8..?......I.-..S..#.2...{.er..5...n........._...c?k
...o.>........n\....V.`4.Y.y.{O^.....a.k.....;........^...#.b6..?i.
;....;.....BG.2e...=^w.e;[email protected]=.h[.z...(.L....{..z....o..4,...
.9,...e....N.........Ocoq>......T<VI..........df6..N8....q..
<<< skipped >>>

GET /miniindex/inc/style.css HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/meinv.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 3717
Content-Type: text/css
Last-Modified: Thu, 10 Apr 2014 16:40:38 GMT
Accept-Ranges: bytes
ETag: "0c7479adb54cf1:416"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 05:37:11 GMT
*{margin:0px;padding:0px;}..html,body {overflow: hidden;}..body {font:
 12px/18px Simsun, Helvetica, Arial, sans-serif; text-align: center; f
ont-size-adjust: none; font-stretch: normal;}..ul ,li{list-style: none
;}..a {color: rgb(51, 51, 51); text-decoration: none;}..a:hover {color
: rgb(189, 10, 1); text-decoration: underline;}..a,img{border:0px;}...
focus_filter {left: 0px; width: 100%; text-align: center; bottom: 0px;
 display: block; position: absolute; z-index: 3; cursor: pointer;}...f
ocus_filter {background: rgb(0, 0, 0); height: 21px; z-index: 1; opaci
ty: 0.6; -moz-opacity: 0.6;}...main {background: rgb(255, 255, 255); p
adding: 14px 0px 0px 14px; width: 509px; height: 352px; text-align: le
ft; float: left; position: relative; -ms-zoom: 1;}...main_left {backgr
ound: rgb(255, 255, 255); width: 222px; overflow: hidden; padding-righ
t: 20px; float: left;}...product_yl .list_news_yl1 {padding: 4px 0px; 
margin-bottom: 3px; border-bottom-color: rgb(139, 140, 140); border-bo
ttom-width: 1px; border-bottom-style: dotted;}...mod_left {margin-top:
 10px;}...list_pic {width: 222px; overflow: hidden; -ms-zoom: 1;}...li
st_pic ul {width: 232px;}...list_pic li {margin-right: 10px; float: le
ft;}...list_pic li a {padding: 2px; border: 1px solid rgb(221, 223, 22
2); width: 100px; float: left;}...list_pic li a img {width: 100px; hei
ght: 65px;}...list_pic li a span {height: 19px; text-align: center; pa
dding-top: 6px; display: block; cursor: pointer;}...list_pic li a:hove
r {text-decoration: none;}...list_pic li a:hover img {text-decorat
<<< skipped >>>


GET /web/newioage.css HTTP/1.1
Accept: */*
Referer: hXXp://VVV.fjmjm.com/web/welcome_cn.htm?ver=2.4.1.9&guid=a44872011f4bb20691dfedc12bc633c760f9c1caf181410db755a78f948f4d0a1401497006&lastver=
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: VVV.fjmjm.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 715
Content-Type: text/css
Last-Modified: Thu, 17 Apr 2014 15:40:05 GMT
Accept-Ranges: bytes
ETag: "8038bc4d535acf1:416"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 05:36:33 GMT
body {background-color: #dddddd;margin-left: 0px;margin-top: 0px;margi
n-right: 0px;margin-bottom: 0px;}.td {font-size: 14px;line-height: 150
%;color: #666666;}..t12 {font-size: 12px;line-height: 150%;color: #666
666;}..A:link {font-size:12px;text-decoration:none;color: #1F72D0}.A:v
isited {font-size:12px;text-decoration:none;color: #1F72D0}.A:active {
font-size:12px;text-decoration: none;color: #033B7D}.A:hover {font-siz
e:12px;text-decoration:none;color: #FF5A00}..A.white:link {font-size:1
2px;text-decoration:none;color: #cfebff}.A.white:visited {font-size:12
px;text-decoration:none;color: #cfebff}.A.white:active {font-size:12px
;text-decoration: none;color: #ffffff}.A.white:hover {font-size:12px;c
olor: #feffcf}.....


GET /web/images/start_button.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.fjmjm.com/web/welcome_cn.htm?ver=2.4.1.9&guid=a44872011f4bb20691dfedc12bc633c760f9c1caf181410db755a78f948f4d0a1401497006&lastver=
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: VVV.fjmjm.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 2304
Content-Type: image/jpeg
Last-Modified: Thu, 17 Apr 2014 15:36:33 GMT
Accept-Ranges: bytes
ETag: "80965fcf525acf1:416"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 05:36:33 GMT
......JFIF.....d.d......Ducky.......P......Adobe.d....................
......................................................................
.......................................................#.m............
......................................................................
............!.#S...Te..a."1A2.Dd..Q...Bb$.%5.6.......................!
.1AQa....."B..2b#............?...4.N.U...DWU...T.....g9....&(...Y{p...
c.......7K.}...<....X.....m........;l.n.<...0y.`.t...........>
;....v...,y..`.....c.......N.Hv.nW2......B.&....S.. [email protected]....
......HQ.X.....m..1....\?(......Q.....<J..(.P:.4.%...".E.....Z:`t..
..\?..od.V..g.O....{[. .=......!{(..Wtz...~NY.......S...~*.E...OM.n6..
=..J|c.t..........sV....kF.uQJ...q...Z.C:#d.6...6.&.......S(mZX.Va.b&.
..Zk.][email protected].&&2vfE..x......Q.....M.g.#... ...Q.5-.J.Z2.....
.Tai..Qj.9....*4...JY4.U..S(....Z*.:.......|oj.R..$.Xg....*v..u\...E..
z..4.......C.s.."."...b,....W..L.qu\AG......(G......DQ..B..,K...F*(.$.
...d.AP......D.w.s{.{.K.........O.m....M.....?...^..k42..h..... ]*1.s0
.4...Q..,.n.,.nf..P.X.P.Q...p.!..4..L..n....%%^..mT..m....M....7.....T
.JnAw..c..#....3Lu.K9....T..= 1J %.p..ZY2.2%....F.5..Aj.KE..*....[..4}
?rsJ\.#.Q.......&.*....a..H..........".'.R.......J........?..Ylcf....}
...l....."....|..ah..s...w:.].<.z.....t.x...(I......Vc/...8j....k .
*...j..S.. `.....9._L..z.z..0..ih.z.....T.:[email protected] ... .c..Em..
.Y....`..........D.k=.....M....-.3....I.....Y..3......dTN.........n...
5.!.=B\.....I..V.U'....}#N-.*..O... .E.4d....I.n..n..T.....o..5..}
<<< skipped >>>


GET /9.gif?abc=1&rnd=638924096 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cnzz.mmstat.com
Connection: Keep-Alive


HTTP/1.1 302 Found
Server: Tengine
Date: Sat, 31 May 2014 05:37:07 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
P3P: CP="NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV"
Set-Cookie: cna=g1gQDHTLIRQCAbhrJiaCNLty; expires=Tue, 28-May-24 05:37:07 GMT; path=/; domain=.mmstat.com
Set-Cookie: sca=98f9be5e; path=/; domain=.cnzz.mmstat.com
Set-Cookie: atpsida=82c8653baffcd4586360af5c_1401514627; expires=Tue, 28-May-24 05:37:07 GMT; path=/; domain=.cnzz.mmstat.com
Location: hXXp://pcookie.cnzz.com/app.gif?&cna=g1gQDHTLIRQCAbhrJiaCNLty
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Pragma: no-cache
GIF89a.............!.......,...........L..;....


GET /9.gif?abc=1&rnd=1777387820 HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/meinv.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cnzz.mmstat.com
Connection: Keep-Alive


HTTP/1.1 302 Found
Server: Tengine
Date: Sat, 31 May 2014 05:37:08 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
P3P: CP="NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV"
Set-Cookie: cna=hFgQDJQD1yMCAbhrJiZnLvFl; expires=Tue, 28-May-24 05:37:08 GMT; path=/; domain=.mmstat.com
Set-Cookie: sca=bb5aa283; path=/; domain=.cnzz.mmstat.com
Set-Cookie: atpsida=e72f9d0039c6f3880ba207b8_1401514628; expires=Tue, 28-May-24 05:37:08 GMT; path=/; domain=.cnzz.mmstat.com
Location: hXXp://pcookie.cnzz.com/app.gif?&cna=hFgQDJQD1yMCAbhrJiZnLvFl
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Pragma: no-cache
GIF89a.............!.......,...........L..;....


GET /9.gif?abc=1&rnd=1193153850 HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/meinv.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cnzz.mmstat.com
Connection: Keep-Alive
Cookie: cna=hFgQDJQD1yMCAbhrJiZnLvFl; sca=bb5aa283; atpsida=e72f9d0039c6f3880ba207b8_1401514630


HTTP/1.1 302 Found
Server: Tengine
Date: Sat, 31 May 2014 05:37:12 GMT
Content-Type: image/gif
Content-Length: 43
Connection: keep-alive
P3P: CP="NOI DSP COR CURa ADMa DEVa PSAa PSDa OUR IND UNI PUR NAV"
Set-Cookie: atpsida=e72f9d0039c6f3880ba207b8_1401514632; expires=Tue, 28-May-24 05:37:12 GMT; path=/; domain=.cnzz.mmstat.com
Location: hXXp://pcookie.cnzz.com/app.gif?&cna=hFgQDJQD1yMCAbhrJiZnLvFl
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Pragma: no-cache
GIF89a.............!.......,...........L..;..



GET /miniindex/images/aaa4.jpg HTTP/1.1
Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/meinv.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 61094
Content-Type: image/jpeg
Last-Modified: Mon, 14 Apr 2014 09:29:12 GMT
Accept-Ranges: bytes
ETag: "0a4acfec357cf1:416"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 05:37:11 GMT
......JFIF.....`.`......Exif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................`.......`
....Adobe Photoshop CS Windows.2014:04:14 17:05:17....................
.................................................................&.(..
...............................R.......H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................x...."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?.....[....i.r.H.e.4.T...-.96l6i[.%.
#..j.../Q.-~;Hc......O.}....o....u<lL.G.)m........s.9.......8tV.9..
..8..V........N.Y...L.V...&.M.y.Yz..C*....c.. ...j?..j.Y...M.{6-n..;..
.LF.b....*.C.kl}}..]>.U.h.-..............j...cq..0....e..Cmo..-w..[
N..Vi...pX.....-k....=-.]mk>...I2D..i......._......z....5.6....\v..
 \.?7.s...de.mU..p..'..\._X..1............ZX.......M.....$.cZ.........
.FW....k....S.1..f^.c......q......I...^.zN...b... ~~Q#Su..qT........=.
..".G.....h1.......;)4..[lk.....A.....ad.\..e.`'..-..9z^mmu..4'.......
.p.{...?M..5..h..'.j.[80.....FwF.K..8.p~I}....R.SI.S0]&...V.)}...=....
..$..C..x)......&...PTA" .W......K..B/...V,.........3*...kC...i#..
<<< skipped >>>

GET /miniindex/images/aaa2.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/meinv.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 40325
Content-Type: image/jpeg
Last-Modified: Mon, 14 Apr 2014 09:29:12 GMT
Accept-Ranges: bytes
ETag: "0a4acfec357cf1:416"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 05:37:13 GMT
......JFIF.....`.`......Exif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................`.......`
....Adobe Photoshop CS Windows.2014:04:14 16:57:14....................
.....................k...........................................&.(..
.......................................H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................J...."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?...`..?..............0h....t....X..
[email protected]'[email protected]=.{..>.K.<.w........F
.}...S..$F..........#&.!_.{r.q.....;...&.~......T.3/9..M..H<WX..v..
.....J...}..v.. ..0.a...z..S_.....%.s.X88.?.8........R..o.V.RR].....m.
..K|..-.K?Us...............P......t..3............N.8......2~h.X55....
.....}.....]K..Z.....9.....w.E......SN........r.}...t ......Q .w......
......o`...#?..........}C...7zn.8...g...r........7.w...c...''b./6,.P.`
.... I...........;[.;........0.S..Q.Z...b....O<)..I.).(....@5.$.Z.I
..s...z.s.m..l.......&.......5`..l.........>..J...!..b.{.{..Z.Y.R..
7d...G..._R(...=Q...'.o.l....U.z.Q."..m88..X...qi;....S..E.. )...(
<<< skipped >>>

GET /miniindex/images/aaa9.jpg HTTP/1.1


Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/meinv.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.mdtxw.org
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Length: 23028
Content-Type: image/jpeg
Last-Modified: Mon, 14 Apr 2014 09:29:12 GMT
Accept-Ranges: bytes
ETag: "0a4acfec357cf1:416"
Server: Microsoft-IIS/6.0
Who: ShanIE
Date: Sat, 31 May 2014 05:37:13 GMT
......JFIF.....`.`.....DExif..MM.*.............................b......
.....j.(...........1.........r.2...........i.................`.......`
....Adobe Photoshop CS Windows.2014:04:14 17:26:02....................
.........}...........~...........................................&.(..
.......................................H.......H..........JFIF.....H.H
......Adobe_CM......Adobe.d...........................................
......................................................................
................................~.}.."................?...............
...........................................................3......!.1.
AQa."q.2.....B#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'.....
..........Vfv........7GWgw........................5.....!1..AQaq"..2..
...B#.R..3$b.r..CS.cs4.%......&5..D.T..dEU6te......u..F...............
Vfv........'7GWgw.................?...m/.'....s.........5n....?.T<x
...S [email protected].]..~.UC [email protected].\.)k..$..?....uln...
.}........N...v..(.. .%Oc.Ki............1.KA\.B.wQ..9.m.m .!....#s.|..
...G..3..o.........8}..c}m. v?P......A.H......PDvY.S.......t...M$v.LA.
.O3..0...c..6K.......u.P....v...>......[....X...lct..5....U.4..!..z
....z.....o.p..u<....u`4i. y=q...c.TX.....qY...}.,p,..p..J~(HkWi...
u....y..N....)p....^..._Q.fM\Z. vt/%.....H8...l.......Wv>G.lt2..N..
....'e..5kO....O..6..2[..d\....o...k..G...... ..A~...^..X.)s.Hm.p-=.n.
............{L.q..........t..r5...........b......i.y*A..(.%..xR.ap....
[email protected](L..p;........a..........gHu}...>>.....ZX.$...
<<< skipped >>>


GET /imgn/tips/skin_tips_n1.gif HTTP/1.1
Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: p8.123.sogoucdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Sat, 31 May 2014 05:36:39 GMT
Content-Type: image/gif
Content-Length: 1779
Last-Modified: Wed, 20 Jun 2012 04:23:22 GMT
Connection: keep-alive
Expires: Mon, 30 Jun 2014 05:36:39 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
GIF89af.!../......Z..R.....K...........P.....Y.....}..................
.......................^...........S...........l.....W..L........m....
.......f.........................................................!..XM
P DataXMP<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> &
lt;x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060
 61.134777, 2010/02/12-17:32:00        "> <rdf:RDF xmlns:rdf="ht
tp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf
:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="h
ttp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.ad
obe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:018011740720681191
09DDF35EE18454" xmpMM:DocumentID="xmp.did:B01789E6890511E18530B51A3723
DDED" xmpMM:InstanceID="xmp.iid:B01789E5890511E18530B51A3723DDED" xmp:
CreatorTool="Adobe Photoshop CS5 Macintosh"> <xmpMM:DerivedFrom 
stRef:instanceID="xmp.iid:02801174072068119109DDF35EE18454" stRef:docu
mentID="xmp.did:01801174072068119109DDF35EE18454"/> </rdf:Descri
ption> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>
;.....................................................................
.............................................................~}|{zyxwv
utsrqponmlkjihgfedcba`_^]\[ZYXWVUTSRQPONMLKJIHGFEDCBA@?>=<;:9876
543210/.-, *)('&%$#"! .................................!...../.,....f.
!......pH,...$q.l:...4i.....vK<<...xL.1>..y.... ........k/2..
.(..........{.........B.$)..........{!......./....................
<<< skipped >>>

GET /imgu/2014/05/20140527162400_1.jpg HTTP/1.1


Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: p8.123.sogoucdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Sat, 31 May 2014 05:36:47 GMT
Content-Type: image/jpeg
Content-Length: 19887
Last-Modified: Tue, 27 May 2014 08:24:00 GMT
Connection: keep-alive
Expires: Mon, 30 Jun 2014 05:36:47 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
......Exif..II*.................Ducky.......d.....mhXXp://ns.adobe.com
/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> 
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c06
0 61.134777, 2010/02/12-17:32:00        "> <rdf:RDF xmlns:rdf="h
ttp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rd
f:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="
hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.a
dobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:1D83D2A5C09EE3119
F67BC560D35722B" xmpMM:DocumentID="xmp.did:A8AF0041DBD811E3A61CC384CD9
E8EB1" xmpMM:InstanceID="xmp.iid:A8AF0040DBD811E3A61CC384CD9E8EB1" xmp
:CreatorTool="Adobe Photoshop CS5 Windows"> <xmpMM:DerivedFrom s
tRef:instanceID="xmp.iid:F2F57BB5D4DBE311BAAEE66E88C49CBF" stRef:docum
entID="xmp.did:3DE124DFDBD411E3B246C65B19532C2A"/> </rdf:Descrip
tion> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>
....Adobe.d...........................................................
......................................................................
................k._...................................................
.................................................!.."#..12$AQ.B3%.a47q
CS5&........................!..1..AQ".a2.qB#.......3.Rb..rCSc$45e.....
6.............?...kl...!k@.}o>.(.0.I^r.....9V3..J._....~..bm.......
.I}5...T.O.h8.i..#u........?........KW..Ja....3.1..3....y.....9....v..
...G3wg.8.......$.V.w..V..........m......).6>.*.l@WC.!v........
<<< skipped >>>


GET /imgu/2014/05/20140528121906_70.jpg HTTP/1.1
Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: p1.123.sogoucdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Sat, 31 May 2014 05:36:47 GMT
Content-Type: image/jpeg
Content-Length: 5368
Last-Modified: Wed, 28 May 2014 04:19:06 GMT
Connection: keep-alive
Expires: Mon, 30 Jun 2014 05:36:47 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
......JFIF.....d.d......Ducky.......T......Adobe.d....................
......................................................................
.......................................................k._............
......................................................................
..........!...1A..Qa"q.2#..BR....3$4...b.SCD7........................!
1.A.Qaq."2.....B...b#3............?..t.|.............'.Q....N:..G.'@..
..w.....I.{..R......c.*.wCjAq ..d":T....^....[$.n..W.d...G.,/m.......z
.q.J..jo.Jj9.%..]q......*<)QZ...LeY.X..^...l....u.6....B.\^.N.p..X[
m..M.YJI..MeJ...zjyS....5.f..Aw.0..<Ry._. .............].e..w!..U.S
..........j...R.9#."..`.....j.....S.m..n~.^Y.F....j)q....kB...*.A...l5
...)...'[email protected].~...X.].A.z.|.......,...n.....a-...P.JM.
..B.,.!.S....$)@D..._s'.bD.^Wnrk.....>u.P.\..u.%..BBJ.qi.*........1
.......,....#`.;~..>-.Ce0.6....V.q..A...KO._O7.o?...5X..0...U./....
.6>f..y......../0.kc.e.!...jue}0......I..*5...._cG..f.I..%....q4*XP
....aE........T..".q...*S...T.^..%F.xS.N..Mh,.O`<.u.y.:...\.bG..JU.
...Z%..!..hJ.~..F...~..,......PB\.j .t.......?.?......s.@.....}.j....v
.bnIz..f..LD....6..&\.8h.CD...G..1....7.v.....{..Wj]..l..,..;*b$.v....
.n.......*........x.......O.u.........{X..es.\y.7uNt!......Z.....O...|
[email protected]}.K...yla..T..2.)...x.R...........{....n.....Z.m.y.G.f...u...r
...*L..q........ xV.|..b.z..Y...2......!!`..N.D'.....rm....1K\...0.."g
Ukx.....$............o{6...._q.s9..E.;..-..oP2....,.......MD...6\..R4.
[email protected]..>?...}......k....}.q..
<<< skipped >>>


GET /stat.htm?id=5645354&r=http://VVV.mdtxw.org/miniindex/&lg=en-us&ntime=1401514626&repeatip=2&rtime=0&cnzz_eid=334505883-1401514626-&showp=1024x768&st=-17584&sin=none&t=undefinedundefinedundefined&rnd=2009423305 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.mdtxw.org/miniindex/meinv.htm?time=undefined
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: hzs10.cnzz.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine/1.4.1
Date: Sat, 31 May 2014 05:37:08 GMT
Content-Type: image/gif
Content-Length: 43
Last-Modified: Tue, 28 May 2013 02:57:17 GMT
Connection: close
Accept-Ranges: bytes
GIF89a.............!.......,...........D..;..



GET /v53/imgn/v53_2icos.gif HTTP/1.1
Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: d.123.sogoucdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Sat, 31 May 2014 05:36:37 GMT
Content-Type: image/gif
Content-Length: 2051
Last-Modified: Thu, 14 Nov 2013 11:00:56 GMT
Connection: keep-alive
Accept-Ranges: bytes
GIF89a)....................8Y....................1..v...........=.....
.........z....................e........J........}.................8..j
..............u.................r.....Q..............C................
.k...........L........................................................
......................................................................
...............................................!.....N.,....).......NN
5....................N.?N...........I.>[email protected]......
-.......................<*........A..G.%:......#%% .C.......].....I
!JP.....I..a.8....A$.3..B.H.$N\.a %#.#......I4L)..k...&O........{.(7.f
N.:(P.pO.C.!..,.j.....D.'..6.G'A........u-z",..H....q...W.LI]d...J7..8
. .O.x.*..l....Tl...... ..m<a.$.J...d..a...J...s$.$H..e..$^..9...D.
........[k.`.Jbs.qk..nj..Yt........n...c.......uE'.c..n.Q_b.....)..x..
..d.....6e..V.)._c..'....W`...._{.}E.$.` ........,.....@..,.....)..W.M
 ..-....B.8#&..)...y..#..gb.#.|.. K6..*IJ.....R.3U:.%#..Rer_....P.8.9c
.X...8..#_..&.jN.'B>..g.$....G...P1..&0.........MTIb. ....M8!.h....
....*.y`yZ.|.xG.Q6.)k.6.:J_..y.X}....-\..o.05k..L..)...........v.)..HK
.H.....J.....4[.c.*Bn..9.^...[.xw.;...bGo......h.{o...[.%..Xo#...^..d 
S......~..r...*\[email protected]..&F...m...9.h..0..".*.(...:.....s..,.
.2.....!..l.#N.....4y..S32% cr..-bV.,...S.....6.....wn.9&.;LP7..a.wMlV
y...W:....0..<. ../.2x{...(%V.[B.PM..TGu.yV.....$z^9v.J".....@.:0EB
....:. ...]".PW....`.......PP..p..D.%..|...e..>)al....=.._.%...z..O
...n..J.B.........>.....B....62....C.h.k....<@.....B.A...5..
<<< skipped >>>

GET /v53/jsn/main.js?V=107ff6db9da3d62875c7cafb326229a51 HTTP/1.1


Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: d.123.sogoucdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Sat, 31 May 2014 05:36:44 GMT
Content-Type: application/x-javascript
Last-Modified: Thu, 22 May 2014 03:42:23 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
5507..............{[.G...w.... Y-!q.....0...${..I^`xuiI.BR....:.......
H.;.......?......U.V.V}hN........:.?..Q..~..&.4.....v.a........A.-....
....d....=e..s?..........l.....Xzp..i.....Q...:............E|..^L.....
|.7'q8.Lz...!.L...o....a.._ ..2.e..,......$.|....>]...-/...s.$.4u.@
l....b.....}.\\..`..X.I.....p....:.qR...}....`..>...i.r..sT..|>.
..dX.....65......z7l...L&.O.....?... ......pr0,.K...z\./...~..,..s.&l.
..@....>L->8...^......v...W...J~D.s..,...n|6.._.8.b.9..G...dkN.B
.......n.........l.....l.|_.w.^.|.j...rv~^{C.W;.....5.r/..d..uv..'E...
.$l..h.[..A-..'...7.:.go.).. ..n..i}.../...X......T..U...........c....
E._.....;5` Py0]....vM.;gg....).|U......$.-y.I.f....(..=S..V..v.......
......}.....[.^9......6hb....vX..a...R..c.ze....&=..6g......7('.....dt
_......Q)... l.......Xz........86/.........s_&.C.v9\..:._.....w/.)_. .
^.x.n....K.i.....>........K....uK/.J.Y.......Y.CY.q0)..%?.4}3.a.P..
..qM..!dkui_...d ^"[.. ..[ie5.K<..*..wMCB..j..j.k..........4%B...U!
......n./.......?........>D..5.[.2... ....v.:...L...CG..0.......78.
..{.9..>.....oNz3ax...!3.x..e1....Yd)....J..... ..z...ej.]43l.....N
.F.#.-..L.O.._5I..a3L.....A..:......b.. .j=....6.....Z'.,....\.\D.....
ah%.w....8e.n.....qhh..x.....!4.....(.c......8<5..1..CH......qq.N..
......e...r~Y.,]V/./.u..Lr...LA.f.....!0.z..X..... ..fd....u&B>...!
.....g.8E\.Lx..Hs.....v%^...]......p..........<.s.V.....R...D.I....
.$..b..>........m^n(9.....K.....QjH..h.z..T...).6.....T..k8MH.q...5
2..>.........co}..x.o...<...'..t..L..r.a.&.. !.i..........4.
<<< skipped >>>

GET /v53/imgn/guide_tip.png HTTP/1.1


Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: d.123.sogoucdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Sat, 31 May 2014 05:36:46 GMT
Content-Type: image/png
Content-Length: 10442
Last-Modified: Thu, 14 Nov 2013 11:00:56 GMT
Connection: keep-alive
Accept-Ranges: bytes
.PNG........IHDR.......J.......D.....tEXtSoftware.Adobe ImageReadyq.e&
lt;...$iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.0-c061 64.140949, 2010/12/07-10:57:01        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1
.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http:/
/ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photo
shop CS5.1 Macintosh" xmpMM:InstanceID="xmp.iid:CEC0416D02FB11E388CB8B
2E3040A42A" xmpMM:DocumentID="xmp.did:CEC0416E02FB11E388CB8B2E3040A42A
"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:CEC0416B02FB11E3
88CB8B2E3040A42A" stRef:documentID="xmp.did:CEC0416C02FB11E388CB8B2E30
40A42A"/> </rdf:Description> </rdf:RDF> </x:xmpmeta&
gt; <?xpacket end="r"?>.Z....%<IDATx..].....&.(..."...ky.....
.f...7..........W@%.`..@A.*(...P..;K......E|..;g.....?[....>.<..
...........i......h-....@_~.. _&.2%...<..........k......w.d./.....U
 8..r./=|..9.{.P .IT.r.J.b].|...3|....../7....]1..=?..M]Y.f.....n...7l
.:w......Vk?.gkk 8.z..........ps...^p........P-....Z..._.6l.....KWWW.j
jj...........Q..P.~.|..Y..O......... .}...GI...3k..#......KS.....n..r.
rm..../.....'JUUU..aIT....V......4...]P.......M.....Y..xju6...2...|.o3
......?...>X\..V[[......}(//........o.CEM...f.N..Z.....O. ..7hU.qC=
p&/........@.|'gA.1.>.$....{@t..P...um..A..8..].v.;..D.b.]..ss.
<<< skipped >>>


GET /imgn/v32/logo_1112293.gif HTTP/1.1
Accept: */*
Referer: hXXp://123.sogou.com/?22014
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
Host: p5.123.sogoucdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.4.1
Date: Sat, 31 May 2014 05:36:37 GMT
Content-Type: image/gif
Content-Length: 4512
Last-Modified: Wed, 20 Jun 2012 04:23:24 GMT
Connection: keep-alive
Expires: Mon, 30 Jun 2014 05:36:37 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
GIF89a..B...................................J}.v....._.,..;..-a.5m.J..
Z..R..x..`....................................`..]..]..[..Y..V..R..N..
M~.Iy.Eq.Bm.[..f.._..O..a..V..\..Kw.Is.d..T..Rx'g.V..i..Mz.k..w.......
....................w..s..q..o..l..l..i..f..b..]..Ly.Hs.~..u..s..d.._.
.P|.Z..y..u..i..^.....|..r..u..o..k..e..\..a..Ox.h.....X.....{..j.(..#
\~4y.K..:w.4j.E..S..W..p..|.....w.....................................
..............z..h..e.....o.....y...........y.&..(..(..!p.&y.5..=..=..
<..;..<..D..G..;..C..B..J..A..;..O..N..L..O..S..S..L..Y..Y..R..D
..<q.^..a..h..f..e..{..^...........................................
......................................................................
......................................................................
....................!.......,......B........H......*\......#J.H.....3j
...... C..I....(S.\.....".i.G..Mr..M...g.k.....n.......'/.7.P.>....
.o..q..u .s....&.......;[email protected]..}[7
.\[email protected]]9r...}..[..6X.^A...n...........|x....../.F.N..rG..
[.721.-d...B...1t..1....vOU&p........x...r.... ........Cv,....8....3..
......:.|....-....I..}%...9.X.C8Yq..8=....).0....p..'.!D8..C.6.%.C..e.
!|...Cf.T0.. .$.9.P..1[m......Bl H...g.p..hF...y...;{9t..C...r.%..{L..
.@Kf.!..T@d...#.9....7.h#.....B.b.p..g`!..i\q..W.Q..o...4.}(...L.0.p..
I..u.D...h....JpA.G.z(..Y3O:[email protected]..........@...>...c8!n.d....b=.a
..2...C...? .......A....lE..c.01(`A..b3-6..CGv .0..%`...N0.....1..w...
9......*.Y. `.Y.C.....}..{..g.p.R.....t...}.$A T`.D..S..:(....\c56
<<< skipped >>>






The Trojan connects to the servers at the folowing location(s):







%original file name%.exe_1988:




.text
`.rdata
@.data
.ndata
.rsrc
uDSSh
.DEFAULT\Control Panel\International
Software\Microsoft\Windows\CurrentVersion
GetWindowsDirectoryA
KERNEL32.dll
ExitWindowsEx
USER32.dll
GDI32.dll
SHFileOperationA
ShellExecuteA
SHELL32.dll
RegEnumKeyA
RegCreateKeyExA
RegCloseKey
RegDeleteKeyA
RegOpenKeyExA
ADVAPI32.dll
COMCTL32.dll
ole32.dll
VERSION.dll
verifying installer: %d%%
http://nsis.sf.net/NSIS_Error
... %d%%
~nsu.tmp
%u.%u%s%s
RegDeleteKeyExA
%s=%s
*?|<>/":
DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsa2.tmp\bind.dll
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsa2.tmp\bind.dll
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsa2.tmp
333333333333333333
32#3333#3=
3"""#""2
2""#""32
33333332
2#"-2333
de$%s[
   
nsa2.tmp
0, 0, 0)
S~1\Temp\nsa2.tmp
%original file name%.exe
c:\%original file name%.exe
%Program Files%\shandian"
%Program Files%\shandian
CUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsv1.tmp
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\
Nullsoft Install System v2.45
%Documents and Settings%\%current user%\Start Menu\Programs\

%original file name%.exe_1988_rwx_10004000_00001000:




callback%d

cmd.exe_1500:




.text
`.data
.rsrc
KERNEL32.dll
NTDLL.DLL
msvcrt.dll
USER32.dll
SetConsoleInputExeNameW
APerformUnaryOperation: '%c'
APerformArithmeticOperation: '%c'
ADVAPI32.dll
SHELL32.dll
MPR.dll
RegEnumKeyW
RegDeleteKeyW
RegCloseKey
RegOpenKeyW
RegCreateKeyExW
RegOpenKeyExW
ShellExecuteExW
CmdBatNotification
GetWindowsDirectoryW
GetProcessHeap
GetCPInfo
GetConsoleOutputCP
_pipe
GetProcessWindowStation
cmd.pdb
pauseelims=- tokens=1-2" %%e in ("%reglist1%") do (reg add %%a /v "%%e" /d %%f /f)
pause/f "delims=- tokens=1-2" %%e in ("%reglist1%") do (reg add %%a /v "%%e" /d %%f /f)
pausee" /d %%f /f)
pausefor /f "delims=- tokens=1-2" %%e in ("%reglist1%") do (reg add %%a /v "%%e" /d %%f /f)
pause (reg add %%a /v "%%e" /d %%f /f)
pauses=- tokens=1-3" %%b in ("%reglist2%") do (reg add %%a /v %%b /t %%c /d %%d /f)
for /f "delims=- tokens=1-2" %%e in ("%reglist1%") do (reg add %%a /v "%%e" /d %%f /f)
CMD Internal Error %s
)(&&())))(&))
)&((&)&))&())
)&((&)&)&()))
)(&&()))&))))
CMD.EXE
()|&=,;"
COPYCMD
\XCOPY.EXE
CMDCMDLINE
WKERNEL32.DLL
Software\Policies\Microsoft\Windows\System
0123456789
cmd.exe
DIRCMD
%d.%d.d
Ungetting: '%s'
DisableCMD
GeToken: (%x) '%s'
%s\Shell\Open\Command
%x %c
*** Unknown type: %x
Args: `%s'
Cmd: %s Type: %x
%s (%s) %s
r /f "delims=- tokens=1-2" %e in ("Start Page-"http://www.jlbnh.com" ") do (reg add %a /v "%e" /d %f /f)
/www.jlbnh.com"") do (reg add %a /v %b /t %c /d %d /f)
a /v "%e" /d %f /f
lbnh.com" "
A-08002B30309D}\shell\OpenHomePage\Command"
//www.jlbnh.com"
%Program Files%\shandian>
.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
%WinDir%;%WinDir%\System32\Wbem;c:\Program Files\Wireshark
or /f "delims=- tokens=1-2" %%e in ("%reglist1%") do (reg add %%a /v "%%e" /d %%f /f)
CMDEXTVERSION
KEYS
%Program Files%\shandian
Press any key to continue . . .
ernet Explorer\Main" /v "Start Page" /d "http://www.jlbnh.com" /f
orer\iexplore.exe http://www.jlbnh.com" /f
%s %s
(%s) %s
%s %s%s
&()[]{}^=;!%' ,`~
d%sd%s
-%sd%sd%sd
d%sd%sd
%s=%s
X-X
.COM;.EXE;.BAT;.CMD;.VBS;.JS;.WS
<> -*/%()|^&=,
\CMD.EXE
Windows Command Processor
5.1.2600.5512 (xpsp.080413-2111)
Cmd.Exe
Windows
Operating System
5.1.2600.5512
Press any key to continue . . . %0
operable program or batch file.
The system cannot execute the specified program.
and press any key when ready. %0
Microsoft Windows XP [Version %1]%0
a pipe operation.
KEYS is on.
KEYS is off.
The process tried to write to a nonexistent pipe.
The switch /Y may be preset in the COPYCMD environment variable.
to prompt on overwrites unless COPY command is being executed from
Switches may be preset in the DIRCMD environment variable. Override
Quits the CMD.EXE program (command interpreter) or the current batch
CMD.EXE. If executed from outside a batch script, it
will quit CMD.EXE
ERRORLEVEL that number. If quitting CMD.EXE, sets the process
Displays or sets a search path for executable files.
Type PATH ; to clear all search-path settings and direct cmd.exe to search
Changes the cmd.exe command prompt.
$B | (pipe)
$V Windows XP version number
Displays, sets, or removes cmd.exe environment variables.
Displays the Windows XP version.
Tells cmd.exe whether to verify that your files are written correctly to a
Records comments (remarks) in a batch file or CONFIG.SYS.
Press any key to continue . . . %0
Directs cmd.exe to a labeled line in a batch program.
NOT Specifies that Windows XP should carry out
will execute the command after the ELSE keyword if the
I The new environment will be the original environment passed
to the cmd.exe and not the current environment.
SEPARATE Start 16-bit Windows program in separate memory space
SHARED Start 16-bit Windows program in shared memory space
If it is an internal cmd command or a batch file then
the command processor is run with the /K switch to cmd.exe.
If it is not an internal cmd command or batch file then
parameters These are the parameters passed to the command/program
under Windows XP.
Starts a new instance of the Windows XP command interpreter
CMD [/A | /U] [/Q] [/D] [/E:ON | /E:OFF] [/F:ON | /F:OFF] [/V:ON | /V:OFF]
/D Disable execution of AutoRun commands from registry (see below)
/A Causes the output of internal commands to a pipe or file to be ANSI
/U Causes the output of internal commands to a pipe or file to be
variable var at execution time. The %var% syntax expands variables
of an executable file.
If /D was NOT specified on the command line, then when CMD.EXE starts, it
either or both are present, they are executed first.
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\AutoRun
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\AutoRun
can enable or disable extensions for all invocations of CMD.EXE on a
following REG_DWORD values in the registry using REGEDT32.EXE:
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\EnableExtensions
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\EnableExtensions
particular invocation of CMD.EXE with the /V:ON or /V:OFF switch. You
can enable or disable completion for all invocations of CMD.EXE on a
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\DelayedExpansion
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\DelayedExpansion
at execution time.
CMD.EXE with the /F:ON or /F:OFF switch. You can enable or disable
completion for all invocations of CMD.EXE on a machine and/or user logon
the registry using REGEDT32.EXE:
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\CompletionChar
HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\PathCompletionChar
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\CompletionChar
HKEY_CURRENT_USER\Software\Microsoft\Command Processor\PathCompletionChar
Shift key with the control character will move through the list
&()[]{}^=;!%' ,`~
Command Processor Extensions enabled by default. Use CMD /? for details.
ASSOC [.ext[=[fileType]]]
.ext Specifies the file extension to associate the file type with
ASSOC .pl=PerlScript
FTYPE PerlScript=perl.exe %%1 %%*
script.pl 1 2 3
set PATHEXT=.pl;%%PATHEXT%%
The restartable option to the COPY command is not supported by
this version of the operating system.
The following usage of the path operator in batch-parameter
The unicode output option to CMD.EXE is not supported by this
version of the operating system.
If Command Extensions are enabled the DATE command supports
If Command Extensions are enabled the TIME command supports
If Command Extensions are enabled the PROMPT command supports
is pretty simple and supports the following operations, in decreasing
! ~ - - unary operators
* / %% - arithmetic operators
  - - arithmetic operators
&= ^= |= <<= >>=
If you use any of the logical or modulus operators, you will need to
values. If SET /A is executed from the command line outside of a
assignment operator requires an environment variable name to the left of
the assignment operator. Numeric values are decimal numbers, unless
occurrence of the remaining portion of str1.
Finally, support for delayed environment variable expansion has been
added. This support is always disabled by default, but may be
enabled/disabled via the /V command line switch to CMD.EXE. See CMD /?
of text is read, not when it is executed. The following example
So the actual FOR loop we are executing is:
%Í%% - expands to the current directory string.
%ÚTE%% - expands to current date using same format as DATE command.
%%CMDEXTVERSION%% - expands to the current Command Processor Extensions
%%CMDCMDLINE%% - expands to the original command line that invoked the
If Command Extensions are enabled the SHIFT command supports
control is passed to the statement after the label specified. You must
%%4 %%5 ...)
CMD /? for details.
This works because on old versions of CMD.EXE, SETLOCAL does NOT
command execution.
non-executable files may be invoked through their file association just
by typing the name of the file as a command. (e.g. WORD.DOC would
launch the application associated with the .DOC file extension).
When executing an application that is a 32-bit GUI application, CMD.EXE
the command prompt. This new behavior does NOT occur if executing
When executing a command line whose first token is the string "CMD "
without an extension or path qualifier, then "CMD" is replaced with
the value of the COMSPEC variable. This prevents picking up CMD.EXE
When executing a command line whose first token does NOT contain an
extension, then CMD.EXE uses the value of the PATHEXT
.COM;.EXE;.BAT;.CMD
When searching for an executable, if there is no match on any extension,
If Command Extensions are enabled, and running on the Windows XP
forms of the FOR command are supported:
Walks the directory tree rooted at [drive:]path, executing the FOR
passes the first blank separated token from each line of each file.
is a quoted string which contains one or more keywords to specify
different parsing options. The keywords are:
be passed to the for body for each iteration.
where a back quoted string is executed as a
FOR /F "eol=; tokens=2,3* delims=, " %%i in (myfile.txt) do @echo %%i %%j %%k
would parse each line in myfile.txt, ignoring lines that begin with
a semicolon, passing the 2nd and 3rd token from each line to the for
line, which is passed to a child CMD.EXE and the output is captured
IF CMDEXTVERSION number command
The CMDEXTVERSION conditional works just like ERRORLEVEL, except it is
CMDEXTVERSION conditional is never true when Command Extensions are
%%CMDCMDLINE%% will expand into the original command line passed to
CMD.EXE prior to any processing by CMD.EXE, provided that there is not
already an environment variable with the name CMDCMDLINE, in which case
%%CMDEXTVERSION%% will expand into a string representation of the
current value of CMDEXTVERSION, provided that there is not already
an environment variable with the name CMDEXTVERSION, in which case you
under Windows XP, as command line editing is always enabled.
CMD.EXE was started with the above path as the current directory.
UNC paths are not supported. Defaulting to Windows directory.
CMD does not support UNC paths as current directories.
UNC paths not supported for current directory. Using
to create temporary drive letter to support UNC current
Missing operand.
Missing operator.
The COMSPEC environment variable does not point to CMD.EXE.
The FAT File System only support Last Write Times
of a batch script is reached, an implied ENDLOCAL is executed for any
application execution.
The switch /Y may be present in the COPYCMD environment variable.
to prompt on overwrites unless MOVE command is being executed from
when CMD.EXE started. This value either comes from the current console
The COLOR command sets ERRORLEVEL to 1 if an attempt is made to execute

shandian.exe_212:




.text
`.rdata
@.data
.rsrc
SSSSh
RSSSSh
QSSSSh
SRjdPSSSSh
QSSSShD
PSSSSh
QSSSShC
SSShT
;;~%U
F\t SSh
FHSSh
VHSSh
F<%u?
t.SVP
unzip 1.01 Copyright 1998-2004 Gilles Vollant - http://www.winimage.com/zLibDll
<4,$?7/'
(3-!0,1'8"5.*2$
inflate 1.2.3 Copyright 1995-2005 Mark Adler
WINMM.dll
WS2_32.dll
IMM32.dll
VERSION.dll
GetWindowsDirectoryW
GetProcessHeap
KERNEL32.dll
GetKeyState
GetAsyncKeyState
EnumThreadWindows
EnumWindows
keybd_event
MapVirtualKeyW
EnumChildWindows
UnhookWindowsHookEx
SetWindowsHookExW
GetKeyboardLayoutNameW
LoadKeyboardLayoutW
GetKeyNameTextW
RegisterHotKey
UnregisterHotKey
USER32.dll
GDI32.dll
comdlg32.dll
RegCloseKey
RegOpenKeyW
RegCreateKeyW
RegDeleteKeyW
RegOpenKeyExW
RegGetKeySecurity
RegEnumKeyW
RegQueryInfoKeyW
RegSetKeySecurity
RegCreateKeyExW
ADVAPI32.dll
ShellExecuteExW
ShellExecuteW
SHFileOperationW
SHELL32.dll
ole32.dll
OLEAUT32.dll
CreateUrlCacheEntryW
CommitUrlCacheEntryW
GetUrlCacheEntryInfoW
InternetCrackUrlW
DeleteUrlCacheEntryW
HttpOpenRequestA
CommitUrlCacheEntryA
HttpAddRequestHeadersA
DeleteUrlCacheEntryA
FindCloseUrlCache
FindNextUrlCacheEntryA
UnlockUrlCacheEntryFileA
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryW
UnlockUrlCacheEntryFileW
FindFirstUrlCacheEntryW
InternetCanonicalizeUrlW
FtpCommandW
FtpOpenFileW
HttpEndRequestW
HttpSendRequestExW
HttpOpenRequestW
FtpGetFileSize
HttpQueryInfoW
WININET.dll
DSOUND.dll
UrlCombineW
UrlIsOpaqueW
PathIsURLW
UrlGetPartW
SHDeleteKeyW
UrlCanonicalizeW
SHEnumKeyExW
UrlIsW
SHQueryInfoKeyW
SHLWAPI.dll
MSVCRT.dll
_acmdln
CoInternetCombineUrl
CoGetClassObjectFromURL
urlmon.dll
NETAPI32.dll
gdiplus.dll
WINTRUST.dll
COMCTL32.dll
URL=%s
_twpass
Content-Disposition: form-data; name="%s"
Content-Disposition: form-data; name="%s"; filename="%s"
cmdline
@%s#%s
%s%s; %s)
Referer: %s
msjava.dll
\msjava.dll
/uploaderapi2.swf
1.2.3
http://%s%s
HTTP/1.0
Mozilla/4.0
www1.baidu.com
www.baidu.com
baidu.com
.jpeg
\\.\PhysicalDrive%d
\\.\Scsi%d:
XXXXXX
ADD_DATE="%s"
LOVEFAV="%d"
LAST_MODIFIED="%s"
LAST_VISIT="%s"
%s=%s
%s=%s HTTPS=%s
0d
error %d with zipfile in unzCloseCurrentFile
error %d with zipfile in unzReadCurrentFile
extracting: %s
error opening %s
%s%s/
The file %s exists. Overwrite ? [y]es, [n]o, [A]ll:
error %d with zipfile in unzOpenCurrentFilePassword
creating directory: %s
error %d with zipfile in unzGetCurrentFileInfo
error %d with zipfile in unzGoToNextFile
error %d with zipfile in unzGetGlobalInfo
.html
.htm0
http:
NUL=%s
DIRNUL=%s
wininit.ini
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; TheWorld)
00000000000000000001
00000000000000000010
http= HTTPS=
var twFloatTimer%%s;
var twFloatEle%%s;
var twFloatEf%%s = "%ï";
function TWFloatFilterHide%%s( )
if( twFloatEf%%s == "0" )
twFloatEle%%s.removeNode( true );
if( twFloatEle%%s.filters.alpha.opacity > 30 )
twFloatEle%%s.filters.alpha.opacity-=30;
twFloatTimer%%s=window.setTimeout( "TWFloatFilterHide%%s()",100);
window.clearTimeout(twFloatTimer%%s);
twFloatEle%%s.filter="";
twFloatEle%%s.posWidth
twFloatEle%%s.posHeight
twFloatEle%%s.posLeft
twFloatEle%%s.posTop
twFloatEle%%s = document.getElementById( "%%id" );
if( twFloatEf%%s == "1" )
twFloatEle%%s.style.filter="Alpha(Opacity=100, FinishOpacity=0, Style=3)";
K0=http://*.google.c*/search?*q=*
S0=try{col=document.getElementsByName('q');external.SetSearchKey( %max_security_id,col[0].value );}catch (e) {}
K1=http://*.baidu.com/*?*=*
S1=try{col=document.getElementsByName('wd');var str;if( col.length )str= col[0].value;else{col=document.getElementsByName('word');if( col.length ){str
= col[0].value;}}if( str.length != 0 ){external.SetSearchKey( %max_security_id,col[0].value );}}
K2=http://search.live.com/*?q=*
S2=try{col=document.getElementsByName('q');external.SetSearchKey( %max_security_id,col[0].value );}catch (e) {}
SearchLeftPad=7
AdressLeftPad=8
****7@0**.32****
****23-**0@7****
<**19=?4****
****4?=91**<
(4**/8=?7 ***
*** 7?=8/**4(
****,**** ****
**** ****,****
44222222222
-.--.-..*)
$@/ 8"/ 
VS.iw1A<:7
this.isSel = false;
this.bg = this.create('div', '', {}, {'display': 'none', 'zoom': '1', 'filter': 'alpha(opacity=20)', 'backgroundColor': '#000000', 'position': 'absolute', 'zIndex': '998', 'textAlign': 'center', 'width': '100%', 'height': window.screen.availHeight   'px', 'left': '0px', 'top': parseInt(this.$dom.body.parentNode.scrollTop || 0, 10)   'px', 'margin': '0'});
this.pane = this.create('div', '', {'id': 'TW_Plugin_Vest_Pane'}, {'display': 'none', 'backgroundColor': '#FFFFFF', 'padding': '0', 'position': 'absolute', 'zIndex': '999', 'textAlign': 'left'});
this.$dom.body.appendChild(this.bg), this.$dom.body.appendChild(this.pane);
__$Effect.prototype = {
this.pane.innerHTML = '', this.pane.appendChild(b);
var el = this.$dom.createElement(tag);
for (var a in sty || {}) el.style[a] = sty[a];
txt && (el.innerHTML = txt), c && (el.onclick = c);
this.bg.style.display = 'none', this.pane.style.display = 'none', this.$dom.body.style.overflow = this.$dom.body.parentNode.style.overflow = '';
this.$dom.body.onselectstart = this.selEv || null;
setTimeout(function () {for(var i = 0; i < _tag('select').length; i   ) _tag('select')[i].style.visibility = 'visible';}, 1);
document.body.onkeypress = function () {
if(event.keyCode == 13)
URL_Openall();
document.body.scrollTop = 0;
return event.keyCode != 13;
fx && (this.fade(0, this.bg), this.fade(0), this.opacity = 0);
this.bg.style.display = '' , this.pane.style.display = '';
This.selEv = This.$dom.body.onselectstart, This.$dom.body.onselectstart = function() {return This.isSel;};
This.$dom.body.style.overflow = This.$dom.body.parentNode.style.overflow = 'hidden';
for(var i = 0; i < _tag('select').length; i   ) _tag('select')[i].style.visibility = 'hidden';
fx && (This.timer = window.setInterval(function () {
This.fade((This.opacity  = 10) / 100, This.bg);
if(This.opacity >= 20) {
clearInterval(This.timer);
This.fade(0.2, This.bg);
This.fade(0.99);
}, 100));
e = e || this.pane;
e.style.zoom = '1', e.style.filter = 'alpha(opacity='   parseInt(v >= 1 ? '99' : v * 100)   ')';
l && (this.pane.style.left = l   'px'), t && (this.pane.style.top = t   'px'), l == 0 && (this.pane.style.left = '0px'), t == 0 && (this.pane.style.top = '0px');
return (e || document).getElementsByTagName(t);
.white:link {font-size:12px;text-decoration:none;color: #eff8fb}
.white:visited {font-size:12px;text-decoration:none;color: #eff8fb}
.white:active {font-size:12px;text-decoration: none;color: #033B7D}
.white:hover {font-size:12px;text-decoration:none;color: #FF5A00}GIF89a6
A.cb:link {
A.cb:visited {
A.cb:active {
A.cb:hover {
.tlb {
.bb {
.bl {
background:url(callapse.gif) 90% 50% no-repeat;
background:url(callapse_hover.gif) 90% 50% no-repeat;
background:url(expand.gif) 90% 50% no-repeat;
background:url(expand_hover.gif) 90% 50% no-repeat;
var securityId = external.twGetSecurityID(window);
surl = "http://www.google.cn/search?client=aff-worldbrowser&channel=errorpage&forid=1&ie=utf-8&oe=UTF-8&hl=zh-CN&q="   encodeURI( searchtext.value );
window.open( surl );
surl = "http://www.baidu.com/baidu?word=" searchtext.value "&tn=ichuner_4_pg";
surl = "http://www.sogou.com/sogou?query=" searchtext.value "&pid=sogou-addr-6311b2f8bde6a1c3";
Function RequestQueryString( url, ArgName )
= trim(url)
If url = "" Or IsNull(url) Then
If IsObject(parent.location) Then
url = parent.location.href
url = location.href
url = location
nPos = InStr( LCase(url), LCase(ArgName) )
tmpArgVal = right( url, len(url)-nPos 1 )
If InStr( url, "?" ) > 0 Then
ArrTmp = split( url, "?" )
if err.number <> 0 then
err.clear
strUrl = RequestQueryString( url, "url" )
strDomain = RequestQueryString( url, "domain" )
strErrName = RequestQueryString( url, "code" )
document.getElementById("googleSE").value = _neSearchEngine.google;
document.getElementById("baiduSE").value = _neSearchEngine.baidu;
var news = document.getElementById('news');
var frame = document.getElementById("newsFrame");
frame.src = "http://www.fjmjm.com/web/frame_naverror.html";
news.style.display='block';
el.className='a_e';
external.SetOptionValue(securityId,"option","ep_related","1");
news.style.display='none';
el.className='a_c';
external.SetOptionValue(securityId,"option","ep_related","0");
if(document.getElementById("news").currentStyle.display == "block")
this.setDisplay(false,el);
this.setDisplay(true,el);
var defValue = external.GetOptionValue(securityId,"option","ep_related");
this.setDisplay(true,document.getElementById("displayCtrl"));
window.attachEvent("onload",function(){
DisplayMgr.init();
.in1{width: 220px;}
return window.external.twGetFormByIndex( window, "", nIndex );
formName = window.external.twGetFormDataInfo( window, "", formID, dataName );
window.external.twSetFormDataInfo( window, "", formID, "tw_formName", formName );
window.external.twUnInitFormData( window, "", 0 );
pObj = window.event.srcElement;
pObj.style.color=_tabhottextcolor;
pObj.style.color=_tabtextcolor;
oTr = pObj.parentElement.parentElement.parentElement;
oTb = oTr.parentElement.parentElement;
formID = oTr.getAttribute( "tw_formID" );
window.external.twDeleteFormData( window, "", formID );
TalComForm.deleteRow(oTr.rowIndex);
window.location.reload();
oTr = pObj.parentElement.parentElement;
TalUserForm.deleteRow(oTr.rowIndex);
if( moreInfo.style.display == "none" ){
moreInfo.style.display = "";
moreImg.src="more2.gif";
moreInfo.style.display = "none";
moreImg.src="more1.gif";
colInput = formdatatable.getElementsByTagName("input");
nCount = colInput.length;
if( colInput[i].type != "button" )
colInput[i].value = "";
oTr = _oLastSel.parentElement;
if(formID.indexOf("twcommon_")!=-1){
window.external.twFormSave( window, "", formID );
formName = tw_formName.value;
formName = userformName.innerText;
oTr.cells[1].innerText = formName;
oTr = pObj.parentElement;
comDiv.style.display = "";
userDiv.style.display = "none";
tw_formName.value = formName;
window.external.twFormLoad( window, "", formID );
comDiv.style.display = "none";
userDiv.style.display = "";
var oTr = oTb.insertRow( -1 );
var oTd = oTr.insertCell( 0 );
var oTd1 = oTr.insertCell( 1 );
oTr.height = "32px";
oTd.width = "24";
oTd.style.cursor="pointer";
oTd.onclick=OnDeleteItem;
oTd.innerHTML = "
";
oTd1.style.cursor="pointer";
oTd1.onmouseleave=OnLeaveItem;
oTd1.onmouseenter=OnEnterItem;
oTd1.onclick=OnSelectCommonItem;
oTd1.style.color=_tabtextcolor;
oTd1.noWrap = true;
oTd1.innerText=formName;
oTr.setAttribute( "tw_formID", formID );
window.external.twAddComFormData( window, "" );
var nCount = _vCommonData.length;
SelectCommonItem( TalComForm.rows[nCount-1].cells[1] );
if( _oLastSel.parentElement != null )
_oLastSel.parentElement.bgColor = _tabItemDefColor;
_oLastSel.style.fontWeight = "normal";
_oLastSel.style.color = _tabtextcolor;
pObj.parentElement.bgColor = _tabItemSelColor;
pObj.style.fontWeight = "bold";
pObj.style.color = _tabSeltextcolor;
nCount = oTab.rows.length;
oTab.deleteRow(0);
formName = tw_getFormDataInfo( _vCommonData[i].id, "tw_formName" );
OnAddForm(TalComForm, formName, _vCommonData[i].id );
var nCount = _vUserData.length;
var oTr = TalUserForm.insertRow( -1 );
oTd.onclick=OnDeleteUserFormItem;
oTd.innerHTML = "";
oTd1.innerHTML="";
formName = tw_getFormDataInfo( _vUserData[i].id, "tw_formName" );
oTd1.childNodes[0].innerText = formName;
formUrl = tw_getFormDataInfo( _vUserData[i].id, "tw_form_url" );
oTd1.childNodes[0].href = formUrl;
oTr.setAttribute( "tw_formID", _vUserData[i].id );
oTr.bgColor = "#F5F5F5";
_vCommonData.splice( 0, _vCommonData.length );
_vUserData.splice( 0, _vUserData.length );
formObj.id = tw_getFormDataByIndex( nIndex );
if(formObj.id.indexOf("twcommon_")!=-1)
_vCommonData[_vCommonData.length] = formObj;
_vUserData[_vUserData.length] = formObj;
addForm.style.color = _tabtextcolor;
if( _vCommonData.length == 0 ){
if( _vCommonData.length > 0 )
pObj = TalComForm.rows[0].cells[1];
      
 
  
document.write( "" );
var _strLoginInfo="
var _strPassQues="
var _strPass="
var _strPassAnswer="
var _strWeb="
var _strWebSite = "
var _strWebSiteLink = "http://www.fjmjm.com";
var _strPhoenixLink = "http://www.fjmjm.com";
var _strThanksLink = "http://www.fjmjm.com";
Dim g_urlArray( 1024 ):Dim g_nCountVB:g_nCountVB = 0:Function SetArray( nIndex, strItem ):if nIdex < 1024 then:
g_urlArray( nIndex ) = strItem:
end if:End Function:Function OpenAllByVB( ):call window.external.twmutinavigate( window, "", g_urlArray(0), g_nCountVB ):End Function
g_strSecurityId = external.twGetSecurityID( window )
ret = external.twoption( g_strSecurityId, nID, bWrite, g_lValue, g_bstrValue1, g_bstrValue2, g_strArray(0), g_arraySize )
var oNewNode = document.createElement("LI");
header_btn.appendChild(oNewNode);
    • inFrame.document.write( "" );
    inFrame.document.write( "
    " );
    inFrame.document.write( "
    " );
    inFrame.document.write( "
    " );
    inFrame.document.body.leftMargin = 0;
    inFrame.document.body.topMargin = 0;
    inFrame.document.body.rightMargin = 0;
    inFrame.document.body.bottomMargin = 0;
    inFrame.document.body.marginwidth = 0;
    inFrame.document.body.marginheight = 0;
    function InsertInfoItemByHTML( nLine, nChar, nErrCode, strErrMsg, strErrUrl )
    oHint.style.display="none";
    infoTable = inFrame.window.oTa;
    var oTr = infoTable.insertRow( -1 );
    oColl = infoTable.rows;
    if( oColl.length%2 )
    oTr.bgColor = "#FFFFFF";
    oTr.bgColor = "#F4FBFF";
    strLine = strTemp.replace( "$ERR_TEMP", nLine );
    strChar = strTemp.replace( "$ERR_TEMP", nChar );
    strMSG = strTemp.replace( "$ERR_TEMP", strErrMsg );
    strCode = strTemp.replace( "$ERR_TEMP", nErrCode );
    strHTML = _strHTMLString.replace( "$ERR_LINE", strLine );
    strHTML = strHTML.replace( "$ERR_CHAR", strChar );
    strHTML = strHTML.replace( "$ERR_MSG", strMSG );
    strHTML = strHTML.replace( "$ERR_CODE", strCode );
    strHTML = strHTML.replace( "$ERR_URL", strErrUrl );
    oTd.innerHTML = strHTML;
    oTr.scrollIntoView(true);
    document.write( "
    \
    "   _strExit   "
    document.write( "
     "   _strBtnOK   "\
      "   _strBtnCancel   "" );
    optionsTab.tabid = tabid;
    optionsTab.tabname = tabname;
    optionsTab.tabbgcolor = "#FFFFFF";
    optionsTab.tabhotbgcolor = "#CDE3F5";
    optionsTab.tabtextcolor = "#000000";
    optionsTab.tabhottextcolor = "#FF5A00";
    optionsTab.vSubTitleArray = new Array();
    _vOptionTabsArray[_vOptionTabsArray.length] = optionsTab;
    return optionsTab.vSubTitleArray;
    tabSubTitle.titlename = titlename;
    tabSubTitle.titleHelpLink = "";
    tabSubTitle.vIA = new Array();
    if ( arguments.length >= 3 )
    tabSubTitle.titleHelpLink = titleHelpLink;
    vSubTitleArray[vSubTitleArray.length] = tabSubTitle;
    return tabSubTitle.vIA;
    contextItem.itemID = itemID;
    contextItem.itemIndex = -1;
    contextItem.itemType = itemType;
    contextItem.itemText = itemText;
    contextItem.bItemChange = false;
    contextItem.vAA = new Array();
    contextItem.itemCode = "";
    contextItem.itemAfterCode = "";
    contextItem.itemPreCode = "";
    contextItem.itemHelpLink = "";
    if ( arguments.length >= 5 )
    contextItem.itemPreCode = itemPreCode;
    if ( arguments.length >= 6 )
    contextItem.itemAfterCode = itemAfterCode;
    if ( arguments.length >= 7 )
    contextItem.itemCode = itemCode;
    vIA[vIA.length] = contextItem;
    contextItem.itemIndex = _vOIA.length;
    _vOIA[_vOIA.length] = contextItem;
    if ( "ckbedit" == itemType && "" != contextItem.itemCode )
    contextItem.itemCode = contextItem.itemCode.replace( /#IDDEFINE/g, "id=item_edit_"   contextItem.itemIndex );
    return contextItem.itemIndex;
    radioBtn.btnText = btnText;
    radioBtn.btnPreCode = "";
    radioBtn.btnAfterCode = "";
    radioBtn.vAA = new Array();
    radioBtn.btnPreCode = btnPreCode;
    if ( arguments.length >= 4 )
    radioBtn.btnAfterCode = btnAfterCode;
    var nIndex = vRadioArray.length;
    tableList.tableRgnSize = tableRgnSize;
    tableList.tableHeight = tableHeight;
    tableList.vTopBtn = new Array();
    tableList.vBottomBtn = new Array();
    tableList.vHeader = new Array();
    tableList.bHaveCheckBox = bChecked;
    var vHeader = tableList.vHeader;
    oHeader.headerText = headerText;
    oHeader.headerWidth = headerWidth;
    oHeader.bHidden = bHidden;
    oHeader.headerText = "";
    vHeader[ vHeader.length ] = oHeader;
    var vBtn = tableList.vTopBtn;
    vBtn = tableList.vBottomBtn;
    oBtn.btnOpt = btnOpt;
    oBtn.btnText = btnText;
    vBtn[ vBtn.length ] = oBtn;
    for ( var ix = 0; ix < _vOptionTabsArray.length; ix    )
    document.write( "" );
    document.write( "
    " );
    document.write( ""   _vOptionTabsArray[ix].tabname   "" );
    for ( ix = 0; ix < _vOptionTabsArray.length; ix    )
    if ( _SelectTabIndex == _vOptionTabsArray[ix].tabid )
    if ( ix >= _vOptionTabsArray.length )
    _SelectTabIndex = _vOptionTabsArray[0].tabid;
    eval( "tabs_tr_"   _SelectTabIndex ).bgColor = _vOptionTabsArray[_SelectTabIndex].tabbgcolor;
    eval( "tabs_table_"   _SelectTabIndex ).style.display = "none";
    eval( "tabs_tr_"   _SelectTabIndex ).bgColor = _vOptionTabsArray[_SelectTabIndex].tabhotbgcolor;
    eval( "tabs_table_"   _SelectTabIndex ).style.display = "";
    divform_context.scrollTop = 0;
    _vOIA[ nIndex ].bItemChange = true;
    for ( var ix = 0; ix < vAA.length; ix    )
    var itemType = _vOIA[ vAA[ix] ].itemType;
    eval( "item_ckb_"   vAA[ix] ).disabled = bDisabled;
    eval( "item_edit_"   vAA[ix] ).disabled = bDisabled;
    oCheckBox.disabled = bDisabled;
    eval( "item_edit_"   vAA[ix] ).disabled = ( oCheckBox.disabled || !oCheckBox.checked );
    eval( "item_edit1_"   vAA[ix] ).disabled = bDisabled;
    eval( "item_edit2_"   vAA[ix] ).disabled = bDisabled;
    eval( "item_btn_"   vAA[ix] ).disabled = bDisabled;
    var vRadioArray = _vOIA[ vAA[ix] ].itemCode;
    for ( var radioIndex = 0; radioIndex < vRadioArray.length; radioIndex    )
    eval( "item_radio_"   vAA[ix]   "["   radioIndex   "]" ).disabled = bDisabled;
    eval( "item_list_"   vAA[ix] ).disabled = bDisabled;
    eval( "item_textarea_"   vAA[ix] ).disabled = bDisabled;
    if ( "ckb" == _vOIA[ nIndex ].itemType )
    if ( !eval( "item_ckb_"   nIndex ).disabled )
    bCheck = eval( "item_ckb_"   nIndex ).checked;
    RealDoAssociate( _vOIA[ nIndex ].vAA, !bCheck, bRecursive );
    else if ( "ckbedit" == _vOIA[ nIndex ].itemType )
    eval( "item_edit_"   nIndex ).disabled = !bCheck;
    else if ( "radio" == _vOIA[ nIndex ].itemType )
    var vRadioArray = _vOIA[ nIndex ].itemCode;
    var vAA = vRadioArray[ radioIndex ].vAA;
    if ( !eval( "item_radioid_"   nIndex   radioIndex ).disabled )
    bCheck = eval( "item_radioid_"   nIndex   radioIndex ).checked;
    document.write( "
     "  _vOptionTabsArray[ix].tabname   " " );
    for ( var x = 0; x < _vOptionTabsArray[ix].vSubTitleArray.length; x    )
    if ( "" != _vOptionTabsArray[ix].vSubTitleArray[x].titleHelpLink )
    titleHelp = " ";
    document.write( "
    " );
    vIA = _vOptionTabsArray[ix].vSubTitleArray[x].vIA;
    for ( var y = 0; y < vIA.length; y    )
    var itemEnd = vIA[y].itemAfterCode   "";
    if ( "" != vIA[y].itemHelpLink )
    itemEnd = " "   vIA[y].itemAfterCode   "";
    if ( "ckb" == vIA[y].itemType )
    nRet = DoOption( vIA[y].itemID, false );
    document.write( itemBegin   "
    " );
    document.write( "
    "   _vOptionTabsArray[ix].vSubTitleArray[x].titlename   ""   titleHelp   "
    "   vIA[y].itemPreCode   ""   itemEnd );
    eval( "item_ckb_"   vIA[y].itemIndex ).checked = Boolean( g_lValue );
    eval( "item_ckb_"   vIA[y].itemIndex ).disabled = true;
    else if ( "text" == vIA[y].itemType )
    document.write( itemBegin   "
    		"   vIA[y].itemPreCode   vIA[y].itemText   itemEnd );
    else if ( "edit" == vIA[y].itemType )
    document.write( itemBegin   "
    		"   vIA[y].itemPreCode   ""   itemEnd );
    eval( "item_edit_"   vIA[y].itemIndex ).value = g_bstrValue1;
    eval( "item_edit_"   vIA[y].itemIndex ).disabled = true;
    else if ( "ckbedit" == vIA[y].itemType )
    document.write( itemBegin   "
    		"   vIA[y].itemPreCode   "" );
    if ( vIA[y].itemCode == "" )
    document.write( "" );
    document.write( vIA[y].itemCode );
    document.write( itemEnd );
    else if ( "quickaddr" == vIA[y].itemType )
    document.write( itemBegin   "
    		"   vIA[y].itemPreCode   "
    "   vIA[y].itemText   ""   vIA[y].itemCode   "
    "   itemEnd );
    eval( "item_edit1_"   vIA[y].itemIndex ).value = g_bstrValue1;
    eval( "item_edit2_"   vIA[y].itemIndex ).value = g_bstrValue2;
    eval( "item_edit1_"   vIA[y].itemIndex ).disabled = true;
    eval( "item_edit2_"   vIA[y].itemIndex ).disabled = true;
    else if ( "fileselect" == vIA[y].itemType )
    document.write( itemBegin   "
    		"   vIA[y].itemPreCode   vIA[y].itemText   " "   itemEnd );
    eval( "item_btn_"   vIA[y].itemIndex ).disabled = true;
    else if ( "radio" == vIA[y].itemType )
    var vRadioArray = vIA[y].itemCode;
    document.write( itemBegin   "
    		"   vIA[y].itemPreCode );
    document.write( vRadioArray[ radioIndex ].btnPreCode   ""   vRadioArray[ radioIndex ].btnAfterCode );
    eval( "item_radio_"   vIA[y].itemIndex   "["   g_lValue   "]" ).checked = true;
    for ( radioIndex = 0; radioIndex < vRadioArray.length; radioIndex    )
    eval( "item_radio_"   vIA[y].itemIndex   "["   radioIndex   "]" ).disabled = true;
    else if ( "list" == vIA[y].itemType )
    document.write( itemBegin   "
    		"   vIA[y].itemPreCode   vIA[y].itemText   ""   itemEnd );
    eval( "item_list_"   vIA[y].itemIndex ).selectedIndex = g_lValue;
    eval( "item_list_"   vIA[y].itemIndex ).disabled = true;
    else if ( "btn" == vIA[y].itemType )
    document.write( itemBegin   "
    		"   vIA[y].itemPreCode   ""   itemEnd );
    else if ( "textarea" == vIA[y].itemType )
    document.write( itemBegin   "
    		"   vIA[y].itemPreCode   ""   itemEnd );
    eval( "item_textarea_"   vIA[y].itemIndex ).value = g_bstrValue1;
    eval( "item_textarea_"   vIA[y].itemIndex ).disabled = true;
    else if ( "gesture" == vIA[y].itemType )
    document.write( itemBegin   "
    		"   vIA[y].itemPreCode   "
    " );
    document.write( ""   vIA[y].itemCode   "
    " );
    document.write( "
    " );
    document.write( "
    " );
    gesture_listsel.style.posWidth = 250;
    var arrayID = g_strArray.toArray();
    var arrayImg = g_strArray.toArray();
    var arrayText = g_strArray.toArray();
    document.write( "
    " );
    document.write( "
    " );
    eval( "gesture_seltext_"   arrayIndex ).innerHTML = " "   gesture_listsel.options[wHigh].value;
    document.write( "
    " );
    document.write( "  "   arrayText[arrayIndex]   "
    "   itemEnd );
    else if ( "tablelist" == vIA[y].itemType )
    var tableList = vIA[y].itemCode;
    document.write( itemBegin   "
    		"   vIA[y].itemPreCode   "" );
    document.write( "
    " );
    document.write( "" );
    document.write( "" );
    for ( var headerIndex = vHeader.length - 1; headerIndex >= 0; headerIndex -- )
    if ( !vHeader[ headerIndex ].bHidden )
    vHeader[ nLastNoHiddenHeader ].headerWidth  = 17;
    for ( headerIndex = 0; headerIndex < vHeader.length; headerIndex    )
    document.write( "
    " );
    vHeader[ nLastNoHiddenHeader ].headerWidth -= 17;
    document.write( "
    "   vHeader[ headerIndex ].headerText   "
    " );
    document.write( "
    " );
    if( vIA[y].itemID == 2200 )
    InsertSearchTableListRow( vIA[y].itemIndex, arrayIndex, g_strArray.getItem( arrayIndex ) );
    InsertTableListRow( vIA[y].itemIndex, arrayIndex, g_strArray.getItem( arrayIndex ) );
    document.write( "
    " );
    var vTopBtn = tableList.vTopBtn;
    for ( var btnIndex = 0; btnIndex < vTopBtn.length; btnIndex    )
    document.write( "
    " );
    document.write( "" );
    eval( "tablelist_"   vTopBtn[btnIndex].btnOpt   "_index"   vIA[y].itemIndex ).style.posWidth = 90;
    eval( "tablelist_"   vTopBtn[btnIndex].btnOpt   "_index"   vIA[y].itemIndex ).disabled = true;
    document.write( "
    " );
    var vBottomBtn = tableList.vBottomBtn;
    for ( btnIndex = 0; btnIndex < vBottomBtn.length; btnIndex    )
    document.write( "" );
    eval( "tablelist_"   vBottomBtn[btnIndex].btnOpt   "_index"   vIA[y].itemIndex ).style.posWidth = 90;
    eval( "tablelist_"   vBottomBtn[btnIndex].btnOpt   "_index"   vIA[y].itemIndex ).disabled = true;
    document.write( "
    "   itemEnd );
    document.write( "
    " );
    for ( var ix = 0; ix < _vOIA.length; ix    )
    var x1 = strItem.search( /:\^:/ );
    strCol = strItem.substr( 0 );
    strCol = strItem.substring( 0, x1 );
    strItem = strItem.substr( x1   3 );
    var searchUrl = varArray[2];
    var searchKey = varArray[3];
    var strTemp = strChecked   ":^:"   searchName   ":^:"   searchKey   ":^:"   searchUrl   ":^:"   searchHome;
    var tableList = _vOIA[ nIndex ].itemCode;
    var oTr = oTable.insertRow( nPos );
    oTr.style.cursor = "default";
    oTr.id = "tablelist_"   nIndex   "_item"   nPos;
    oTr.onclick = OnTableListTrClick;
    for ( var ix = 0; ix < vHeader.length; ix    )
    var oTd = oTr.insertCell();
    if( ix == 0 && tableList.bHaveCheckBox )
    if ( vHeader[ix].bHidden )
    oTd.innerHTML = "";;
    oTd.innerHTML = strCol;
    oTd.width = vHeader[ix].headerWidth;
    oTd.style.wordWrap = "break-word";
    nID = this.id;
    var x1 = nID.search( /_.*_/ )   1;
    var x2 = nID.search( /_item*/ );
    var nIndex = nID.substring( x1, x2 );
    var nItemIndex = nID.substr( x2   5 );
    var nSelect = eval( "tablelist_select_"   nIndex ).value;
    eval( "tablelist_"   nIndex   "_item"   nSelect ).bgColor = "#FFFFFF";
    eval( nID ).bgColor = "#DFF4F8";
    eval( "tablelist_select_"   nIndex ).value = nItemIndex;
    var x1 = nID.search( /_*_/ )   1;
    var x2 = nID.search( /_index*/ );
    var btnOpt = nID.substring( x1, x2 );
    var nIndex = nID.substr( x2   6 );
    if ( -1 != oSelect.value )
    oTable.deleteRow( oSelect.value );
    for ( var ix = 0; ix < oTable.rows.length; ix    )
    oTable.rows( ix ).id = "tablelist_"   nIndex   "_item"   ix;
    if ( 0 == oTable.rows.length )
    oSelect.value = -1;
    else if ( oSelect.value >= oTable.rows.length )
    oSelect.value --;
    eval( "tablelist_"   nIndex   "_item"   oSelect.value ).bgColor = "#DFF4F8";
    if ( -1 != ( Number( oSelect.value ) - 1 ) )
    oTable.moveRow( oSelect.value, Number( oSelect.value ) - 1 );
    oSelect.value = Number( oSelect.value ) - 1;
    if ( Number( oSelect.value )   1 < ( oTable.rows.length ) )
    oTable.moveRow( oSelect.value, Number( oSelect.value )   1 );
    oSelect.value = Number( oSelect.value )   1;
    DoAction( _vOIA[ nIndex ].itemID, 0 );
    if( 2200 == _vOIA[ nIndex ].itemID )//
    InsertSearchTableListRow( nIndex, oTable.rows.length, g_strActionParam );
    InsertTableListRow( nIndex, oTable.rows.length, g_strActionParam );
    var oTr = oTable.rows[ oSelect.value ];
    g_strActionParam = oTr.cells[1].innerText   ":^:";
    var col = oTr.cells[0].getElementsByTagName("input");
    if(col[0].value == "on" )
    g_strActionParam  = oTr.cells[3].innerText;
    g_strActionParam  = oTr.cells[2].innerText;
    for ( var ix = 4; ix < oTr.cells.length; ix    )
    g_strActionParam  = oTr.cells[ix].innerText;
    if ( Number( ix   1 ) != oTr.cells.length )
    for ( var ix = 0; ix < oTr.cells.length; ix    )
    if ( "" == oTr.cells[ix].innerText )
    var col = oTr.cells[ix].getElementsByTagName( "input" );
    g_strActionParam  = col[0].value;
    DoAction( _vOIA[ nIndex ].itemID, 1 );
    InsertSearchTableListRow( nIndex, oSelect.value, g_strActionParam );
    InsertTableListRow( nIndex, oSelect.value, g_strActionParam );
    for ( ix = 0; ix < _vOIA.length; ix    )
    if ( "btn" == _vOIA[ix].itemType )
    if ( _vOIA[ix].bItemChange )
    if ( "ckb" == _vOIA[ix].itemType )
    g_lValue = eval( "item_ckb_"   ix ).checked;
    else if ( "edit" == _vOIA[ix].itemType )
    g_bstrValue1 = eval( "item_edit_"   ix ).value;
    else if ( "ckbedit" == _vOIA[ix].itemType )
    else if ( "quickaddr" == _vOIA[ix].itemType )
    g_bstrValue1 = eval( "item_edit1_"   ix ).value;
    g_bstrValue2 = eval( "item_edit2_"   ix ).value;
    else if ( "fileselect" == _vOIA[ix].itemType )
    else if ( "radio" == _vOIA[ix].itemType )
    var vRadioArray = _vOIA[ix].itemCode;
    if ( eval( "item_radio_"   ix   "["   radioIndex   "]" ).checked )
    else if ( "textarea" == _vOIA[ix].itemType )
    g_bstrValue1 = eval( "item_textarea_"   ix ).value;
    else if ( "list" == _vOIA[ix].itemType )
    g_lValue = eval( "item_list_"   ix ).selectedIndex;
    g_bstrValue1 = eval( "item_list_"   ix ).value;
    else if ( "tablelist" == _vOIA[ix].itemType )
    g_arraySize = oTable.rows.length;
    var oTr = oTable.rows[x];
    if( 2200 == _vOIA[ ix ].itemID )//
    strItem = oTr.cells[1].innerText   ":^:";
    if(col[0].checked == true )
    strItem  = oTr.cells[3].innerText   ":^:";
    strItem  = oTr.cells[2].innerText   ":^:";
    for ( var y = 4; y < oTr.cells.length; y    )
    strItem  = oTr.cells[y].innerText;
    if ( Number( y   1 ) != oTr.cells.length )
    for ( var y = 0; y < oTr.cells.length; y    )
    if ( "" == oTr.cells[y].innerText )
    var col = oTr.cells[y].getElementsByTagName( "input" );
    strItem  = col[0].value;
    var oTr = oTable.rows[0];
    col[0].checked = true;
    else if ( "gesture" == _vOIA[ix].itemType )
    g_arraySize = gesture_table.rows.length;
    var strItem = ( eval( "gesture_id_"   arrayIndex ).value & 0xffff ) | ( ( eval( "gesture_sel_"   arrayIndex ).value & 0xffff ) << 16 )
    DoOption( _vOIA[ix].itemID, true );
    _vOIA[ix].bItemChange = false;
    external.twclosetab( window, "" );
    Call external.twaction( window, nID, nCode, g_strActionParam )
    var _strHelpLink = "http://www.fjmjm.com";
    var _strHelpLinkRoot = "http://www.fjmjm.com/hl/cn/";
    ", "h1.1.htm" );
    ", "h1.2.htm" );
    :8-256)" );
    _vOIA[nIndex].vAA[0] = AddCI( vIA, 2402, "ckb", "
    _vOIA[nIndex].vAA[0] = AddCI( vIA, 2102, "quickaddr", "Ctrl Enter       ", "
    ", "
    ", "  
    _vOIA[nIndex].vAA[1] = AddCI( vIA, 2103, "quickaddr", "Shift Enter      ", "
    ", "
    ", "  
    _vOIA[nIndex].vAA[2] = AddCI( vIA, 2104, "quickaddr", "Ctrl Shift Enter ", "
    ", "
    ", "  
    _vOIA[nIndex].vAA[3] = AddCI( vIA, 2105, "quickaddr", "Ctrl Alt Enter", "
    ", "
    ", "  
    AddCI( vIA, -1, "text", "
    ", "h2.htm#1" );
    ", "h3.1.htm" );
    _vOIA[nIndex].vAA[0] = AddCI( vIA, 3302, "ckb", "
    Windows2000
    HTTPS
    _vOIA[_vOIA[nIndex].vAA[0]].vAA[0] = AddCI( vIA, 3303, "radio", "", "
    ", "
    ", vRadioArray );
    _vOIA[nIndex].vAA[1] = AddCI( vIA, 3304, "ckb", "
    nIndex=_vOIA[nIndex].vAA[1];
    _vOIA[nIndex].vAA[0] = AddCI( vIA, 3305, "ckb", "
    ", "h3.2.htm" );
    vRadioArray[2].vAA[0] = AddCI( vIA, 3203, "list", "
    .torrent;.ram)
    _vOIA[nIndex].vAA[0] = AddCI( vIA, 4003, "ckb", "
    ", "h4.htm#1" );
    _vOIA[nIndex].vAA[0] = AddCI( vIA, 4102, "ckb", "
    _vOIA[nIndex].vAA[1] = AddCI( vIA, 4103, "ckb", "
    _vOIA[nIndex].vAA[2] = AddCI( vIA, 4104, "ckb", "
    ", "h4.htm#2" );
    ", "h4.1.htm" );
    _vOIA[nIndex].vAA[0]=AddCI( vIA, 4403, "edit", "45", "
    _vOIA[nIndex].vAA[1] = AddCI( vIA, 4402, "textarea", "", "
    ", "
    ", "cols=\"70\" rows=\"12\"" );
    www.fjmjm.com
    _vOIA[nIndex].itemHelpLink = "h5.htm#1";
    _vOIA[nIndex].vAA[0] = AddCI( vIA, 5007, "radio", "", "
    ", "
    ", vRadioArray );
    _vOIA[nIndex].itemHelpLink = "h5.htm#2";
    _vOIA[nIndex].vAA[0] = AddCI( vIA, 5003, "ckb", "
    _vOIA[nIndex].vAA[1] = AddCI( vIA, 5004, "ckb", "
    _vOIA[nIndex].vAA[2] = AddCI( vIA, 5005, "ckb", "
    _vOIA[nIndex].vAA[3] = AddCI( vIA, 5008, "ckb", "
    ", "h5.1.htm" );
    _vOIA[nIndex].vAA[0] = AddCI( vIA, 5203, "fileselect", "
    _vOIA[nIndex].vAA[1] = AddCI( vIA, 5204, "ckb", "
    _vOIA[nIndex].vAA[2] = AddCI( vIA, 5205, "ckb", "
    _vOIA[nIndex].vAA[3] = AddCI( vIA, 5206, "radio", "", "
    ", "
    ", vRadioArray );
       
    _vOIA[nIndex].vAA[0] = AddCI( vIA, 7002, "ckb", "Internet
    _vOIA[nIndex].vAA[1] = AddCI( vIA, 7003, "ckb", "
    _vOIA[nIndex].vAA[2] = AddCI( vIA, 7004, "ckb", "Cookies
    _vOIA[nIndex].vAA[3] = AddCI( vIA, 7005, "ckb", "
    _vOIA[nIndex].vAA[4] = AddCI( vIA, 7006, "ckb", "
    _vOIA[nIndex].vAA[5] = AddCI( vIA, 7007, "ckb", "
    _vOIA[nIndex].vAA[0] = AddCI( vIA, 7100, "ckb", "
    _vOIA[nIndex].vAA[1] = AddCI( vIA, 7102, "btn", "
    ", "h8.htm#1" );
    ", "h8.htm#2" );
    _vOIA[nIndex].itemHelpLink = "h8.htm#3";
    ", "" );
    127.0.0.1:80@HTTP#
    Vista/Windows7
    Windows
    XMLHttpRequest
    _vOIA[nIndex].vAA[0] = AddCI( vIA, 9109, "ckb", "
    a.overflowHide {overflow:hidden;text-overflow:ellipsis;white-space:nowrap; width: 95%;}
    .white:hover {font-size:12px;text-decoration:none;color: #FF5A00}
    .wrap {width:700px;padding-left:40;font-size:12px;}
    .headwrap {width:100%;height:48;overflow:hidden;background-image:url(sztop2.gif);line-height: 40px;background-repeat:repeat-x;}
    .header_l {text-indent:30px;width:309px;font-size:15px;color:#FFFFFF;font-weight:bold;float:left;background-image:url(sztop.gif);background-repeat:no-repeat;}
    .header_r {height:48;float:right;}
    .header_r ul {padding-right:20px;*padding-top:10px;}
    .header_r ul li {float:left;}
    .title_frame {width:100%;overflow:hidden;font-size:12px;font-weight:bold;color:#3399cc;margin-top:16px;}
    .title_l {float:left;}
    .title_r {float:right;font-weight:normal;}
    .title_r A:link {font-size:12px;text-decoration:none;color: #3399cc}
    .title_r A:visited {font-size:12px;text-decoration:none;color: #3399cc}
    .title_r ul li {float:left;padding-left:20px;}
    .separator {width:100%;height:1px;border-top:1px solid #b7d8ed;padding:0;margin:5 0 0 0;}
    #qp_item ul li div a.overflowHide{margin-left:8px;height:16px;overflow:hidden;text-overflow:ellipsis;width:85%;}
    #qp_item .addAddress {margin: 0 0 0 40;}
    #url_item {width:100%;}
    #url_item ul {float:left;width:100%;}
    #url_item ul li {float:left;width:100%;height:32px;}
    #url_item ul li a {;height:16px; margin-left: 8px;}
    #url_item ul li img {height:16px;}
    4-.NW
    //twinfo.htm
    :$ERR_MSG
    :$ERR_CODE
    URL:    $ERR_URL";
    //twpage.htm tp*
    var _tpLastUrl = "
    var _tpAddURL = '
    var _message_noneURL = '
    //navierr.htm
    function twRS (str) {document.write(str);}
    var tip_show, g_s_id = external.twGetSecurityID(window), isTpShow, _userPages;
    var tTp = external.twGetDailyTips(g_s_id);
    if(tTp && tTp.length)
    isTpShow = true, tipText.innerHTML = tTp;
    isTpShow = false, _id('topImg_3').style.filter = 'alpha(opacity=50)', endLine.style.display = 'inline', dailytips.style.display = 'none';
    _id('topImg_3').style.filter = 'alpha(opacity='   (tip_show == '0' ? 50 : 99)   ')';
    endLine.style.display = tip_show == '0' ? 'inline' : 'none', dailytips.style.display = tip_show == '0' ? 'none' : 'inline';
    btn.innerHTML = "";
    tip_show = external.getOptionValue(g_s_id, "twhome", "showtip"), Tipshow();
    var url_loaded = 0, url_show = '', lastUrlName = [], lastUrl = [], ctLt = 0,
    oldUrlName = [], oldUrl = [], ctOld = 0, twurldivTemp = document.createElement( "div" );
    function tw_getUrlData(i, t){
    return external.twgetlasturl(window, '', i, t ? 1 : 0);
    external.twdeletelasturl(window, '', str_url = (t ? lastUrl : oldUrl)[num = Number(i)], t ? 0 : 1), (t ? lastUrl : oldUrl)[num] = "";
    for(var i = 0; str_data = tw_getUrlData(i, 0); i   , ctLt   )
    arr_temp = str_data.split(str_data.indexOf("**") != -1 ? "**" : "::"), lastUrl[i] = arr_temp[0], lastUrlName[i] = arr_temp[1];
    for(var i = 0; str_data = tw_getUrlData(i, 1); i   , ctOld   )
    arr_temp = str_data.split(str_data.indexOf("**") != -1 ? "**" : "::"), oldUrl[i] = arr_temp[0], oldUrlName[i] = arr_temp[1];
    function URL_Openall(){
    var lists = document.getElementById("url_item").getElementsByTagName("a");
    for(var i=0;i
    SetArray(g_nCountVB  ,lists[i].href);
    _userPages || (external.twclosetab(window,''));
    function OnBodyKeydown () {
    13 == event.keyCode && URL_Openall();
    function Url_LoadItem() {
    if(document.getElementById("lasturl").currentStyle.display=="none")
    url_loaded = 1, strHTML = document.createElement('ul');
    if (lastUrl.length oldUrl.length == 0)
    return (url_show = '0', lasturl.style.display = 'none', _id('topImg_2').style.filter = 'alpha(opacity=50)');
    if(i>lastUrl.length-1)
    candidate.push("
  • " filter(lastUrlName[i]) "
    • ");
    while(availSize>=0 && j<=oldUrl.length-1){
    candidate2.push("
  • " filter(oldUrlName[j]) "
    • ");
    strHTML.innerHTML = candidate2.join("") candidate.join("");
    url_item.appendChild(strHTML);
    for(var i = 0, tA = _tag('a', strHTML); i < tA.length;i  ){
    tA[i].className = tA[i].offsetWidth > 618 ? 'overflowHide' : '';
    function Urlshow(){
    _id('topImg_2').style.filter = 'alpha(opacity='   (url_show == '0' ? 50 : 99)   ')';
    lasturl.style.display = url_show == "0" ? "none" : "inline";
    url_loaded || Url_LoadItem();
    function Url_showSwitch() {
    tw_setOptVal("twhome", "showurl", url_show = url_show == "0" ? "1" : "0"), Urlshow();
    function InitUrlList() {
    btn.innerHTML = "";
    url_show = external.getOptionValue(g_s_id, "twhome", "showurl"), url_show = url_show || '1', Urlshow();
    function clearFullUrl () {
    for(var i = 0, tU = lastUrl,tOU = oldUrl; i < tU.length   tOU.length; i   )
    external.twdeletelasturl(window, '', i < tU.length ? tU[i] : tOU[i - tU.length], i < tU.length ? 0 : 1);
    lastUrlName = [], lastUrl = [], oldUrlName = [], oldUrl = [];
    url_item.innerHTML = '', url_show = '0', Urlshow();
    function getDomainByUrl( strUrl ) {return strUrl.replace(/^(http:\/\/[^\/] )\/.*/g, "$1");}
    var tryPath = external.twGetAppPath(g_s_id), strUrl = "user2.gif", tId = encodeURIComponent(strDomain)   parseInt(Math.random() * 1000, 10);
    if (strDomain && strDomain.length)
    strDomain  = (strDomain.length - 1 != strDomain.lastIndexOf("/") ? '/' : ''), strUrl = strDomain.length > 1 ? strDomain   "favicon.ico" : strUrl;
    tImg.onload = function () {_id(tId).src = this.src;}
    tImg.src = tryPath   '/ImgCache/'   strUrl.replace(/\w*:\/\//, '').replace(/\//g, '_');
    return "";
    while(line = external.getOptionValue(g_s_id, "twhome", "qp" i)){
    dataList.push(line);
    return (dataList.length==0)? null:dataList;
    this.clearData();
    if(!dataList.length)
    for(var i=0,len=dataList.length;i
    external.setOptionValue(g_s_id, "twhome", "qp" i, dataList[i]);
    external.setOptionValue(g_s_id, "twhome", "qp" i, '');
    function QP_assign(url){
    external.twnewnavigate(window, g_s_id, url, 0, 0, 0, 0);
    function QP_adjustUrl(url){
    if(pattern.test(url))
    return url;
    return "http://" url;
    var list = QPLocalDataMgr.readData();
    var strBuf = external.GetQuickPathValue(g_s_id);
    if(strBuf.length){
    list = strBuf.split(":&:");
    list.pop();
    if(list && list.length>0) {
    for(var i = 0; i < _strQPItem.length; i    )
    temp = _strQPItem[i].split( ":^:" ), strDomain = getDomainByUrl( temp[0] ), strHTML  = "
  • "   QP_InsertFavIcon( strDomain )   ""   filter(temp[1])   "
    • ";
    qp_item.innerHTML = strHTML   "";
    for (var i = 0, tA = _tag('a', qp_item);i < tA.length; i   )
    tA[i].className = tA[i].offsetWidth > 122 ? 'overflowHide' : '';
    _userPages = false, qp_tip.style.display='inline', qp_item.style.display='none';
    _id('topImg_1').style.filter = 'alpha(opacity='   (qp_show == '0' ? 50 : 99)   ')';
    quickpath.style.display = (qp_show == '0' ? 'none' : 'inline'), qp_show == '0' || QP_LoadItem();
    btn.innerHTML = "";
    qp_show = external.getOptionValue(g_s_id, "twhome", "showqp"), QPshow();
    for(var i = 0; i < _strQPItem.length; i    )
    temp = _strQPItem[i].split(":^:"), SetArray(g_nCountVB   , temp[0]);
    for(var i = 0, strName, col = _tag('li', ul_item), colInput, colInputURL; i < col.length; i    ) {
    colInput[0].style.backgroundColor = '', colInput[1].style.backgroundColor = '';
    if (colInput[1].value.trim()) {
    colInputURL = colInput[1].value.trim();
    if(!validateInput(colInputURL)) {
    colInput[1].style.backgroundColor = '#f00', colInput[1].focus();
    strName = colInput[0].value.trim();
    colInput[0].style.backgroundColor = '#f00', colInput[0].focus();
    strBufSave  = colInputURL   ':^:', strBufSave  = (strName ? strName : colInputURL)   ':&:';
    list.push(colInputURL   ':^:'  (strName ? strName : colInputURL));
    else if (colInput[0].value.trim()) {
    colInputURL = colInput[0].value.trim();
    if(colInputURL == '&' || colInputURL.indexOf(':&') != -1 || colInputURL.indexOf('&:') != -1 || colInputURL.indexOf(':^') != -1 || colInputURL.indexOf('^:') != -1) {
    strBufSave  = colInputURL   ':^:'   colInputURL   ':&:';
    list.push(colInputURL   ':^:'   colInputURL);
    external.SetQuickPathValue(g_s_id, strBufSave);
    QPLocalDataMgr.saveData(list);
    if(input == '&' || input.indexOf(':&') != -1 || input.indexOf('&:') != -1 || input.indexOf(':^') != -1 || input.indexOf('^:') != -1) {
    oNewNode.style.padding = '0', oNewNode.style.margin = '0 0 -5 0';
    oNewNode.innerHTML = "
    "  
    ""  
    ""  
    "
    ";
    ul_item.appendChild(oNewNode);
    if(lis.length > 12) {
    for(var i = 12; i < lis.length;)
    tItems.push(ul_item.removeChild(lis[i]));
    ul_item.style.height = ul_item.offsetHeight   'px';
    ul_item.style.overflowX = 'hidden';
    ul_item.style.overflowY = 'auto';
    ul_item.style.marginTop = '0px';
    tWarp.style.width = '530px';
    tTitUl.style.marginRight = '45px';
    tSep.style.marginRight = '40px';
    for(var i = 0; i < tItems.length; i   )
    ul_item.appendChild(tItems[i]);
    else if (lis.length == 12) {
    tWarp.style.width = '505px';
    tTitUl.style.marginRight = '20px';
    tSep.style.marginRight = '15px';
    ul_item.style.height = '', ul_item.style.overflowY = 'hidden';
    _ef.move(_ef.pane.offsetLeft, _ef.pane.offsetTop);
    _tag('textarea', lis[idx ? idx - 1 : lis.length - 1])[0].focus();
    parent = obj.parentElement.parentElement,
    if (col.length <= 6)
    _tag('img', parent)[0].src = 'user2.gif', tArea[0].innerHTML = '', tArea[1].innerHTML = '';
    parent.removeNode(true), col.length == 12 && valiItemNumber();
    function doOperations () {
    var warp = _ef.create('div', '', {'id': 'warp'}, {'border': '1 solid #3499CB','overflow' : 'hidden' , 'width': '505px', 'padding': '0'}), quick = _ef.create('div', '', {}, {'textAlign': 'left', 'padding': '0'}),
    tFrame = _ef.create('div', '', {'className': 'title_frame'}, {'margin': '0', 'padding': '10 0 2 0', 'cursor': 'move'}), ulItem = _ef.create('ul', '', {'id': 'ul_item'}, {'width': '97%', 'margin': '-5 3 5 3'}),
    qp_item = _ef.create('div', '', {'id': 'qp_item'}, {'margin': '-1 5 0 0', 'textAlign': 'left'}), opTool = _ef.create('div', '', {}, {'textAlign': 'left', 'margin': '0 0 0 7'}),
    celBn = _ef.create('button', _tpCancel, {}, {'width': '72px', 'height': '30px', 'margin': '15 0 15 18'}, function () {_ef.close();})
    tFrame.appendChild(_ef.create('div', _tpQuickPath, {'className': 'title_l'}, {'margin': '0 0 0 8'})), tFrame.appendChild(_ef.create('div', '
    ', {'className': 'title_r'}));
    tFrame.onmousedown = function () {
    x = event.clientX, y = event.clientY, isDrag = true, _ef.fade(0.62);
    bEvent.push(_ef.$dom.body.onmousemove, _ef.$dom.body.onmouseout, _ef.$dom.body.onmouseup);
    _ef.$dom.body.onmousemove = function () {
    if (isDrag && window.event.button) {
    var curPX = (_ef.pane.offsetLeft   event.clientX - x), curPY = (_ef.pane.offsetTop   event.clientY - y),
    tWidth = document.body.clientWidth - _ef.pane.offsetWidth, tHeight = document.body.clientHeight - _ef.pane.offsetHeight;
    _ef.move(curPX < 0 ? 0 : curPX > tWidth ? tWidth : curPX,
    curPY < 0 ? 0 : curPY > tHeight ? tHeight : curPY), x = event.clientX, y = event.clientY;
    else if(isDrag && !window.event.button)
    _ef.$dom.body.onmouseup = doMouseUp;
    for (var i = 0, temp, str, nCount = _strQPItem.length; i < (nCount > 6 ? nCount : 6); i    ) {
    temp = _strQPItem[i].split(":^:"), str = getDomainByUrl(temp[0]);
    var tLi = _ef.create('li', '', {}, {'padding': '0', 'margin': '0 0 -5 0'}), tDiv = _ef.create('div', '', {}, {'paddingLeft': '0px'});
    tDiv.innerHTML  = QP_InsertFavIcon(i < nCount - 1 ? temp[0] : null);
    tDiv.innerHTML  = "";
    tDiv.innerHTML  = "";
    tDiv.innerHTML  = "";
    tLi.appendChild(tDiv), ulItem.appendChild(tLi);
    _ef.open(), qp_item.appendChild(ulItem), qp_item.innerHTML  = ''   _tpAddURL   '';
    opTool.appendChild(_ef.create('button', _tpOK, {}, {'width': '72px', 'height': '30px', 'margin': '15 30 15 10'}, function () {QP_Save() && (location.reload())})),
    opTool.appendChild(celBn),
    qp_item.appendChild(opTool), quick.appendChild(tFrame), quick.appendChild(_ef.create('div', '', {'id': '_tw_quick_separator', 'className': 'separator'}, {'margin': '0 15 -10 15'}));
    quick.appendChild(_ef.create('div', ''   _tpName   '', {'id': '_tpName'}, {'styleFloat': 'left', 'width': '200px', 'textAlign': 'left', 'paddingLeft': '39px', 'fontSize': '12px', 'margin': '0'})),
    quick.appendChild(_ef.create('div', ''   _tpAddress   '', {'id': '_tpAddress'}, {'styleFloat': 'left', 'width': '280px', 'textAlign': 'left', 'paddingLeft': '37px', 'fontSize': '12px', 'margin': '0'})),
    quick.appendChild(qp_item), warp.appendChild(quick), _ef.setBody(warp);
    _ef.move((_ef.$dom.body.offsetWidth - 515) / 2, (_ef.$dom.body.clientHeight - 480) / 4), valiItemNumber(1);
    isDrag = false, _ef.fade(0.99),
    _ef.$dom.body.onmousemove = bEvent[0] || null,
    _ef.$dom.body.onmouseout = bEvent[1] || null,
    _ef.$dom.body.onmouseup = bEvent[2] || null,
    document.body.onkeypress = function doKeyPress() {
    if (event.keyCode == 13)
    return QP_Save() ? location.reload() : false;
    celBn.onblur = function () {
    clImg.offsetWidth && clImg.focus();
    external.SetOptionValue(g_s_id, n, k, v);
    String.prototype.trim = function () {return this.replace(/(^\s*)|(\s*$)/g, '');}
    str = str.replace(/&/g, '&');
    str = str.replace(/
    str = str.replace(/>/g, '>');
    str = str.replace(/'/g, '´');
    str = str.replace(/"/g, '"');
    str = str.replace(/\|/g, '¦');
    function _id (id) {return document.getElementById(id);}
    P#VQm.ZJN4
    version="2.0.0.1"
    name="TheWorld.exe"/>
    name="Microsoft.Windows.Common-Controls"
    version="6.0.0.0"
    publicKeyToken="6595b64144ccf1df"
    7>Url
    %XZ9A
    }).bf~
    whCQ D.hs
    z"%U?
    .IDATx
    weBR&E
    \/:*?"<>|
    %s\%s
    %s\%s.url
    %s(%d)%s
    %d,0,0,0,700,0,0,0,%d,0,0,0,0,%s
    %d,0,0,0,0,0,0,0,%d,0,0,0,0,%s
    %sskin\%s
    by %s ver: %s
    %s: %s
    by %s, ver: %s
    %sskin\%s\preview.png
    %sskin\%s\skin.ini
    res://%s/IMG_PREVIEW
    plugin.ini
    theworld.ac
    ADDRESS_URL
    http://www.fjmjm.com/web/navierr
    Software\Microsoft\Internet Explorer\TypedUrls
    %s\%s\
    %s\*.*
    Psc.js
    bypassdomain%d
    url%d
    exdm%d
    redm%d
    boundm%d
    exd%d
    red%d
    exh%d
    reh%d
    bypass%d
    qzone.qq.com
    http://
    %*.*f
    %s%u.dat
    %sca%u.dat
    tw_form_url
    password
    form.ini
    login
    nick
    loginuser
    %s%saction=f&ver=%s&guid=%s
    %s%saction=a&ver=%s&guid=%s
    %s%saction=m&ver=%s&guid=%s
    http://stat.fjmjm.com/web/theworld2up.ini
    2.4.1.9
    SUBVER_%s
    %sTheWorld_%s_%s.zip
    TheWorld.exe
    %s%s%s
    TheWorld.ini
    %s %s
    Update.ini
    WWW_OpenURLNewWindow
    WWW_OpenURL
    %d_info
    %d_url
    dltool.ini
    TheWorld.xml
    %c:\%s\
    %s.%s
    index.htm
    %s#MetalinkFile%d
    DefaultPassword
    DefaultLogin
    StateWindowSize
    %H:%M:%S
    %Y-%m-%d %H:%M:%S
    Path%d
    1.0.0.0
    2.0.0.0
    %s%s(%d)%s
    %s KB
    %s %s, %s
    %s,%s
    MIME\Database\Content Type\%s
    .aspx
    %d:%s
    %d.%d.%d %s
    0xx
    Name:%s
    Version:%s
    FileVersion:%s
    CmdLine:%s
    Module:%s
    Module Version:%s
    Code:%s
    Offset:%s
    OS Version:%s
    IE Version:%s
    multipart/form-data; boundary=%s
    http://feedback.theworld.cn/collection/
    dbghelp.dll
    |.url|.lnk|.htm|.html|.txt|
    http://www.theworld.cn/client/sync
    favsorder.db
    %s*.*
    .ShellClassInfo
    %s\Desktop.ini
    FAV_URL
    %s (%d)
    ,tww=d
    %s_url
    .shtml
    %s://%s/favicon.ico
    %s%s_favicon.ico
    %s\url.dll
    http://about:blank
    "%s" "%%1"
    %s\%s\command
    https
    %s\%s\UserChoice
    .mhtml
    .shtm
    Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
    Software\Microsoft\Windows\Shell\Associations\UrlAssociations\https\UserChoice
    Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice
    Software\Microsoft\Windows\Shell\Associations\UrlAssociations\ftp\UserChoice
    TheWorld.AssocFile.MHT\Shell
    TheWorld.AssocFile.HTM\Shell
    TheWorld.HTTP\Shell
    TheWorld.AssocFile.MHT\DefaultIcon
    IE.AssocFile.MHT\DefaultIcon
    TheWorld.HTTP\DefaultIcon
    TheWorld.AssocFile.HTM\DefaultIcon
    IE.AssocFile.HTM\DefaultIcon
    IE.HTTP
    IE.AssocFile.MHT
    IE.AssocFile.HTM
    TheWorld.HTTP
    TheWorld.AssocFile.MHT
    TheWorld.AssocFile.HTM
    SOFTWARE\Classes\.mhtml
    SOFTWARE\Classes\.mht
    SOFTWARE\Classes\.shtml
    SOFTWARE\Classes\.shtm
    SOFTWARE\Classes\.html
    SOFTWARE\Classes\.htm
    ftp\shell
    https\DefaultIcon
    http\DefaultIcon
    %SystemRoot%\system32\url.dll,0
    https\shell
    http\shell
    CLSID\{0002DF01-0000-0000-C000-000000000046}\LocalServer32
    SOFTWARE\Clients\StartMenuInternet\%s\shell\open\command
    IEXPLORE.EXE
    SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
    SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE
    SOFTWARE\Clients\StartMenuInternet\%s\
    -1,-1,-1,-1
    CLSID\%s\TreatAs
    CLSID\%s\LocalServer32
    CLSID\%s\InprocServer32
    %s\CLSID
    Software\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE
    %s\Internet Explorer\iexplore.exe
    ftp://
    https://
    .net.cn
    .com.cn
    *www.*.*
    %s%s\
    skin.ini
    %sUpdate\%s\
    Version%d
    File%d
    Name%d
    dailytips.ini
    %slanguages\dailytips_%s
    %s?ver=%s&c=%d&guid=%s
    Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION
    Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE
    ?url=
    Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_WEBOC_OMNAVIGATOR_IMPLEMENTATION
    HisSearchLeftPad
    system32\verclsid.exe
    CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\TreatAs
    wininet.dll
    kernel32.dll
    shell32.dll
    D27CDB6E-AE6D-11cf-96B8-444553540000
    6BF52A52-394A-11d3-B153-00C04F79FAA6
    22d6f312-b0f6-11d0-94ab-0080c74c7e95
    02BF25D5-8C17-4B23-BC80-D3488ABDDC6B
    CFCDAA03-8BE4-11cf-B84B-0020AFBBCCFA
    %s\vbscript.dll
    [^"' >]*
    [^"' >]{1}
    $ -^|:'./"()[]{}
    [^"' >]*?
    ntdll.dll
    %s%s.url
    |.url|
    TWINFO.HTM
    InsertInfoItemByHTML( %d, %d, %d, "%s", "%s" );
    SearchLeftPad
    AdressLeftPad
    %s:%s
    Software\Microsoft\Windows\CurrentVersion\Internet Settings
    http://www.fjmjm.com/cn/help-appendix-04.htm
    http://www.theworld.cn/
    http://www.fjmjm.com/cn/help.htm
    TWFORM.HTM
    StatusPluginKey
    http://www.fjmjm.com/cn/guide/guide_start.htm
    http://www.fjmjm.com/wz
    http://bbs.fjmjm.com
    %s&guid=%s&lastver=%s
    2.1.2.2
    2.1.2.4
    2.1.0.2
    2.0.5.1
    2.0.3.4
    2.3.0.7
    2.3.0.8
    2.2.1.0
    2.2.1.2
    2.2.1.4
    NAVIERR.HTM
    TheWorld.ico
    http://www.google.com.hk/search?client=aff-cs-worldbrowser&forid=1&ie=utf-8&oe=UTF-8&hl=zh-CN&q=%s
    http://www.google.com.hk/search?q=
    baidu.com/baidu?
    baidu.com/s
    https:
    TheWorld2_AppHotKey
    (%d-%d, %d-%d)
    %%SaveObjUrl
    MediaSaver.js
    %sMouseGesture_%d.bmp
    %s%s\MouseGesture_%d.bmp
    RecentUrl
    OldUrl
    LastUrl
    TempUrl
    LockUrl
    TWHOME.HTM
    [TempUrl]
    http://%s
    twcache.ini
    %s(%u)
    %d*%d
    external.menuArguments
    General_%d
    %s%s\%s\plugin.ini
    %s%s\%s
    TWSTATUSMSG
    {1FBA04EE-3024-11D2-8F1F-0000F87ABD16}
    CLSID\%s
    SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
    TWOPTIONS.HTM
    %s\%s\%s
    %sUpdate.ini
    SetSearchKey
    twgetlasturl
    twdeletelasturl
    ImportExportFav
    GetXmlHttpObj
    \theme.ini
    %sStartPage\Components\%s
    %sStartPage\Themes\%s
    %s,%s,%s
    twcommon_%d
    http://www.theworld.cn/client/down
    http://www.theworld.cn/client/up
    http://theworld.cn/
    http://fjmjm.com/
    http://www.fjmjm.com/
    %sTheWorld\Update\
    %s.zip
    Load VBScript.dll failed
    %s|%s
    %s - %s
    http://www.
    XMLRequestMsg
    SaveClosedUrl
    AddressHistory
    AAutoKey
    SAutoKey
    BossKey
    UseBossKey
    HTTPFilter
    ShowLUrlList
    SafeExecAll
    SafeExec
    TreatFBKeyAsTabKey
    %s%s%s%s
    google.com.hk
    google.com
    zhidao.baidu.com
    http://www.google.cn/search?client=aff-cs-worldbrowser
    google.cn
    http://www.google.cn/webhp?client=
    *@*.txt
    :\e161255a-37c3-11d2-bcaa-00c04fd929db
    Software\Microsoft\Internet Explorer\TypedURLs
    %s?ver=%s&guid=%s&c=%d
    http://www.fjmjm.com/web/inst.htm
    http://www.fjmjm.com/web/uninst.htm
    Site.ini
    MFC42U.dll
    %s?url=%s&domain=%s&code=%u
    http://www.fjmjm.com/web/
    AB.GIF
    LOGO.JPG
    LOGO.GIF
    LOGO.PNG
    shdoclc.dll/
    ieframe.dll/
    =http://auto.search.msn.com
    color:#000000; background:#%s
    %page.url
    errorUrl
    ieframe.dll
    SHDOCLC.DLL
    https://www
    http://www
    0%d:^:%d:^:%d:^:%d:^:%s:^:%s
    LeftPad
    mailto:?subject=From Browser&body=%s
    https://spreadsheets.google.com/
    http://spreadsheets.google.com/
    https://docs.google.com/
    http://docs.google.com/
    00000409
    00000404
    REST %d
    200 PORT
    HTTP/1.1
    Content-Type: %s
    Content-Length: %d
    Cookie: %s
    User-Agent: %s
    Range: bytes=%s-
    546865576F726C64-86C36F73-2C25-4a7d-91EA-F5581018A42D
    http://127.0.0.1/%s
    :/\*?"<>|.
    %d.%d.%d.%d
    \StringFileInfo\xx\%s
    %s%d.%s
    mapi32.dll
    iexplore.exe
    http://www.google.cn/search?client=aff-cs-worldbrowser&forid=1&ie=utf-8&oe=UTF-8&hl=zh-CN&q=
    %s???.dll
    %u - ???
    %s.tmp
    %s.ini
    advapi32.dll
    %d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%s
    res://%s/%s
    rSHDOCVW.DLL
    %s   %s
    i\internet explorer\iexplore.exe
    Msxml2.XMLHTTP.2.0
    Msxml2.XMLHTTP.3.0
    Msxml2.XMLHTTP.4.0
    Msxml2.XMLHTTP.5.0
    dwmapi.dll
    uxtheme.dll
    RebarC%d
    RebarB%d
    RebarA%d
    Local\%d%s
    res://%s/
    %sskin.ini
    skin\%s
    XTabDrag:%s
    USER32.DLL
    Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
    %Documents and Settings%\%current user%\Local Settings\Temp\
    %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\
    %WinDir%\
    c:\program files\shandian\bin\shandian.exe
    C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\TheWorld\Update\
    C:\PROGRA~1\shandian\bin\Site.ini
    C:\PROGRA~1\shandian\bin\theworld.ac
    em remaining) Downloading picture http://p0.123.sogoucdn.com/imgn/sehome/tjv1/subnav_v41.png...
    w.fjmjm.com/web/welcome_cn.htm?ver=2.4.1.9&guid=a44872011f4bb20691dfedc12bc633c760f9c1caf181410db755a78f948f4d0a140149
    123.sogou.com
    C:\PROGRA~1\shandian\bin\twcache.ini
    %Documents and Settings%\%current user%\Favorites
    %Documents and Settings%\%current user%\Local Settings\History
    C:\PROGRA~1\shandian\bin\TheWorld.xml
    http://www.fjmjm.com/web/navierr.htm
    http://123.sogou.com/?22014
    come_cn.htm?ver=2.4.1.9&guid=a44872011f4bb20691dfedc12bc633c760f9c1caf181410db755a78f948f4d0a1401497006&lastver=
    http://www.jlbnh.com
    %Program Files%\shandian\bin\shandian.ini
    res://%Program Files%\shandian\bin\shandian.exe/IL_GESTURE
    res://%Program Files%\shandian\bin\shandian.exe/
    ARROW.GIF
    CALLAPSE.GIF
    CALLAPSE_HOVER.GIF
    CANCEL.GIF
    CLOSE.GIF
    DELETE.GIF
    EFFECT.JS
    EXPAND.GIF
    EXPAND_HOVER.GIF
    FORMTITLE.GIF
    HELP.GIF
    INCREASE.GIF
    INFO.GIF
    INFO_1.GIF
    IOAGE.CSS
    LINE.GIF
    MORE1.GIF
    MORE2.GIF
    OK.GIF
    SZTOP.GIF
    SZTOP2.GIF
    TOP1.GIF
    TOP2.GIF
    TOP3.GIF
    TWFORMDEFINE.JS
    TWOPTIONS.JS
    TWOPTIONS.VBS
    TWOPTIONSDEFINE.JS
    TWPAGE.CSS
    TWPAGE_DELETE.GIF
    TWPAGE_OLD.GIF
    TWPAGE_TOP.GIF
    TWWEBDEFINE.JS
    TWWEBUTIL.JS
    USER.GIF
    USER2.GIF
    ProgID=JetCar.Netscape
    Script=On Error Resume Next:set JetCarCatch=CreateObject("JetCar.Netscape"):if err<>0 then:MsgBox("FlashGet not properly installed!"  vbCrLf "Please install FlashGet again"):else:call JetCarCatch.AddUrl("%d_url","%d_info","%page.url"):end if
    ProgID=FG2CatchUrl.Netscape
    Script=On Error Resume Next:set JetCarCatch=CreateObject("FG2CatchUrl.Netscape"):if err<>0 then:MsgBox("FlashGet 2 not properly installed!"  vbCrLf "Please install FlashGet 2 again"):else:call JetCarCatch.AddUrl("%d_url","%d_info","%page.url"):end if
    ProgID=BHO.IFlashGetNetscape
    Script=On Error Resume Next:set JetCarCatch=CreateObject("BHO.IFlashGetNetscape"):if err<>0 then:MsgBox("FlashGet mini not properly installed!"  vbCrLf "Please install FlashGet mini again"):else:call JetCarCatch.AddUrl("%d_url","%d_info","%page.url"):end if
    ProgID=NetAnts.API
    script=On Error Resume Next:set NetAntsApi=CreateObject("NetAnts.API"):if err<>0 then:MsgBox("NetAnts not properly installed on this PC!"):else:if NetAntsApi.IsUrlExist("%d_url") then : MsgBox("%d_url" vbCrLf "already in queue"):else:call NetAntsApi.AddUrl("%d_url", "%d_info", "%page.url"):end if
    ProgID=LeechGetIE.AddURL
    script=On Error Resume Next:set LeechGet=CreateObject("LeechGetIE.AddURL"):if err<>0 then:MsgBox("LeechIE.dll is not registered. Please run `regsvr32.exe LeechIE.dll'"):else:call LeechGet.AddUrl("%d_url"):end if
    ProgID=LeechGetIE.LeechIE
    script=On Error Resume Next:set LeechGet=CreateObject("LeechGetIE.LeechIE"):if err<>0 then:MsgBox("download express is not installed yet"):else:call LeechGet.AddUrl("%d_url"):end if
    ProgID=dapie.catcher
    script=On Error Resume Next:set DAPExt=CreateObject("dapie.catcher"):if err<>0 then:MsgBox("DAPIE.DLL is not registered or corrupted. Please re-install Download Accelerator Plus"):else:call DAPExt.MenuUrl("%d_url", "%page.url", ""):end if
    ProgID=NTIEHelper.NTIEAddUrl
    Script=On Error Resume Next:set Obj=CreateObject("NTIEHelper.NTIEAddUrl"):if err<>0 then:MsgBox("NetTransport2 not properly installed!"  vbCrLf "Please install NetTransport2 again"):else:call Obj.AddLink("%d_url","%d_url","%d_info"):end if
    ProgID=ThunderAgent.Agent
    script=On Error Resume Next:set ThunderAgent = CreateObject("ThunderAgEnt.Agent.1"):if err<>0 then:
    MsgBox("Thunder is not installed properly!Please Install IDM again"):
    call ThunderAgent.AddTask4("%d_url", "", "", "%d_info", "%page.url", -1, 0, -1, document.cookie, "", ""):call ThunderAgent.CommitTasks2(1):set ThunderAgent = nothing:end if
    ProgID=xunleibho.CatchRightClick.1
    script=On Error Resume Next:set ThunderApi = CreateObject("xunleibho.CatchRightClick.1"):if err<>0 then:
    Info="#*01#*"   "%d_url"   "#*02#*"   document.Url   "#*03#*"   "%d_info"   "#*04#*thunder_mini#*05#*"\nr=ThunderApi.sendUrl(Info)
    Info="#*01#*"   "%d_url"   "#*02#*"   document.Url   "#*03#*"   "%d_info"   "#*04#*
    4#*05#*"\nr=ThunderApi.sendUrl(Info)
    ProgID=ThunderServer.WebThunder.1
    Script=On Error Resume Next:Set obj=CreateObject("ThunderServer.WebThunder"):If Err<>0 Then:MsgBox("Web
    not properly installed!"):Else:Call obj.CallAddTask2("%d_url", "%d_info", "%page.url", 1, "", "", ""):End If
    ProgID=NxApi.myComponent
    script=On Error Resume Next\nset WGApi=CreateObject("NxApi.myComponent")\nif err<>0 then\nelse\ncall WGApi.AddUrl("%d_url","%d_info","%page.url")\n\nend if
    ProgID=DuInvoke.Du_Invoke
    script=On Error Resume Next\nset duObject=CreateObject("DuInvoke.Du_Invoke")\nif err<>0 then \n
    MsgBox("DownUp2U not properly installed!"  vbCrLf "Please install DownUp2U again")\n
    else\n call duObject.DownloadOneLink( "%d_url", "%page.url", "%d_info" )\n end if
    ProgID=PNP.InterfaceCore.1
    if left("%d_url", 5) = "is://" then \n window.navigate("%d_url") \n
    ISLink = "is://|link_down|"   "%d_info"   "|"   "%d_url"   "|"   document.Url   "/" \n window.navigate(ISLink)\n end if
    ProgID=TuoTuHelper.RDown
    set xDownCatch=CreateObject("TuoTuHelper.RDown") :if err<>0 then:
    MsgBox("Tuotu
    else: call xDownCatch.AddText( "%d_url", "%d_info", document.Url): end if
    ProgID=QQIEHelper.QQRightClick.2
    Script=On Error Resume Next:set QQRightClick=CreateObject("QQIEHelper.QQRightClick.2"):if err<>0 then:MsgBox("QQDownload not properly installed on this PC!"):else:call QQRightClick.sendUrl2("%d_url",document.Url,"%d_info",document.cookie,0,0):end if
    ProgID=Orbitmxt.Orbit
    Script=On Error Resume Next:Set obj=CreateObject("Orbitmxt.Orbit"):If Err<>0 Then:MsgBox("Orbit not properly installed!"):Else:Call obj.download("%d_url", "%d_info", "%page.url", ""):End If
    ProgID=NXIEHelper.NXIEAddURL
    Script=On Error Resume Next:Set obj=CreateObject("NXIEHelper.NXIEAddURL"):If Err<>0 Then:MsgBox("
    not properly installed!"):Else:Call obj.AddLink("%page.url","%d_url", "%d_info" ):End If
    ProgID=DownlWithIDM.LinkProcessor
    script=On Error Resume Next:set IDMLinkProcessor=CreateObject("DownlWithIDM.LinkProcessor"):IDMLinkProcessor.Execute( external.menuArguments )
    msctls_hotkey32
    HotKey1
    %s-ansi
    %us-unicode
    :http://www.google.com.hk/search?q=%s
    :http://www.google.com
    GWeb
    (*.htm;*.html;*.mht;*.url)|*.htm;*.html;*.mht;*.url|
    (*.*)|*.*|
    !18,0,0,0,0,0,0,0,134,0,0,5,0,
    #18,0,0,0,700,0,0,0,134,0,0,5,0,
    :%d/%d/%d
    .http://www.fjmjm.com/web/welcome_cn.htm?ver=%s
    :^:1:^:http://www.baidu.com/baidu?word=%us&tn=ichuner_4_pg&ie=utf-8:^:b:^:http://www.baidu.com/s?tn=ichuner_4_pg
    1:^:Google:^:1:^:http://www.google.com.hk/search?client=aff-cs-worldbrowser&forid=1&ie=utf-8&oe=UTF-8&hl=zh-CN&q=%us:^:g:^:http://www.google.com.hk/webhp?client=aff-worldbrowser&ie=utf-8&oe=UTF-8&hl=zh-CN
    (*.png)|*.png|JPEG
    (*.jpg;*.jpeg)|*.jpg;*.jpeg;|
    (*.bmp)|*.bmp|
    http://www.fjmjm.com/cn/skin.htm
    #http://www.fjmjm.com/cn/plugins.htm
    (*.txt;*.text;)|*.txt;*.text;|
    (*.*)|*.*|0
    !http://www.fjmjm.com/cn/index.htm
    (http://www.fjmjm.com/hl/cn/dailytips.ini$http://www.fjmjm.com/web/navierr.htm
    (*.flv*;*.mp*;*.mov*;*.rm*;*.wm?*;*.asf*;*.avi*;*.wav*;*.mid*)
    (*.swf*)
    (*.js*;*.vbs*;*.css*)
    )http://www.fjmjm.com/hl/cn/browsemode.htm
    )http://www.fjmjm.com/hl/cn/rendermode.htm
    %s ...
    : %d%%
    ...*http://www.fjmjm.com/web/web_search_cn.htm
    (*.htm;*.html;)|*.htm;*.html|
    .http://www.baidu.com/index.php?tn=ichuner_2_pg
    2, 4, 1, 9
    Lightning.exe
    
sdad.exe_1928:
    

    

    .text
    `.rdata
    @.data
    .rsrc
    @.reloc
    vSSSh
    FTPjK
    FtPj;
    C.PjRV
    tGHt.Ht&
    Software\Microsoft\Windows\CurrentVersion\Run
    PopWinParam.xml
    setup.ini
    1.0.0
    20131020010000
    /web/PopWinParam.asp?d=2014419&mainver=%s&popver=%s&xmlver=%s
    %d.%d.%d
    %d:%d
    HKEY_CLASSES_ROOT
    HKEY_CURRENT_USER
    HKEY_LOCAL_MACHINE
    HKEY_USERS
    HKEY_PERFORMANCE_DATA
    HKEY_DYN_DATA
    HKEY_CURRENT_CONFIG
    &#xX;
    %s="%s"
    %s='%s'
    version="%s"
    encoding="%s"
    standalone="%s"
    isShow
    kernel32.dll
    Please contact the application's support team for more information.
    - Attempt to initialize the CRT more than once.
    - CRT not initialized
    - floating point support not loaded
    portuguese-brazilian
    operator
    GetProcessWindowStation
    USER32.DLL
    KERNEL32.dll
    USER32.dll
    GDI32.dll
    RegCloseKey
    RegCreateKeyA
    RegDeleteKeyA
    RegCreateKeyExA
    RegOpenKeyExA
    RegEnumKeyExA
    RegQueryInfoKeyA
    ADVAPI32.dll
    ole32.dll
    OLEAUT32.dll
    SHLWAPI.dll
    COMCTL32.dll
    HttpQueryInfoA
    InternetOpenUrlA
    WININET.dll
    imagehlp.dll
    VERSION.dll
    GetProcessHeap
    GetCPInfo
    GetConsoleOutputCP
    .?AUDWebBrowserEvents2@@
    http://stat.fjmjm.com
    http://www.fjmjm.com
    zcÁ
    %Program Files%\shandian\bin\sdad.exe
    >>>222:::
    :::222@@@
    @@@222:::
    :::222>>>
    4-6}6
    8$8(8,808
    <*=0=4=8=<=
    >!>%>@>}>
    0#0'0 0/0
    1$2(2,2\2`2
    0,080\0|0
    1$1,181\1|1
    nshell.Explorer.2
    ekernel32.dll
    KERNEL32.DLL
    mscoree.dll
    Replace%Select the entire document
    Arrange Icons/Arrange windows so they overlap
    Cascade Windows5Arrange windows as non-overlapping tiles
    Tile Windows5Arrange windows as non-overlapping tiles
    Tile Windows(Split the active window into panes
    1, 0, 0, 1
    mini.exe
    
emaaif_70690.exe_1320:
    

    

    .text
    `.rdata
    @.data
    .ndata
    .rsrc
    @.reloc
    RegDeleteKeyExW
    Kernel32.DLL
    PSAPI.DLL
    %s=%s
    GetWindowsDirectoryW
    KERNEL32.dll
    ExitWindowsEx
    GetAsyncKeyState
    USER32.dll
    GDI32.dll
    SHFileOperationW
    ShellExecuteW
    SHELL32.dll
    RegDeleteKeyW
    RegCloseKey
    RegEnumKeyW
    RegOpenKeyExW
    RegCreateKeyExW
    ADVAPI32.dll
    COMCTL32.dll
    ole32.dll
    VERSION.dll
    %x6uo
    %c'7[
    mSge
    02171=1)4
    7 7$7(7,70747
    2$2,242@2|2
    Thawte Certification1
    http://ocsp.thawte.com0
    .http://crl.thawte.com/ThawteTimestampingCA.crl0
    http://ts-ocsp.ws.symantec.com07
     http://ts-aia.ws.symantec.com/tss-ca-g2.cer0<
     http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
    .Class 3 Public Primary Certification Authority0
    http://crl.verisign.com/pca3.crl0
    https://www.verisign.com/cps0
    #http://logo.verisign.com/vslogo.gif04
    http://ocsp.verisign.com0>
    Dhttp://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0
    n.aAHu
    2Terms of use at https://www.verisign.com/rpa (c)101.0,
    2Beijing baidu Netcom science and technology co.ltd1>0<
    2Beijing baidu Netcom science and technology co.ltd0
    /http://csc3-2010-crl.verisign.com/CSC3-2010.crl0D
    https://www.verisign.com/rpa0
    http://ocsp.verisign.com0;
    /http://csc3-2010-aia.verisign.com/CSC3-2010.cer0
    https://www.verisign.com/cps0*
    #http://crl.verisign.com/pca3-g5.crl04
    http://ocsp.verisign.com0
    7-7F7}7
    3"3*393@3
     00060|0
    5$6)6/6>6
    91:6:<:);
    2%4*404?4
    BBB.DDD
    Nullsoft Install System v2.46.5-Unicode
    logging set to %d
    settings logging to %d
    created uninstaller: %d, "%s"
    WriteReg: error creating key "%s\%s"
    WriteReg: error writing into "%s\%s" "%s"
    WriteRegBin: "%s\%s" "%s"="%s"
    WriteRegDWORD: "%s\%s" "%s"="0xx"
    WriteRegExpandStr: "%s\%s" "%s"="%s"
    WriteRegStr: "%s\%s" "%s"="%s"
    DeleteRegKey: "%s\%s"
    DeleteRegValue: "%s\%s" "%s"
    WriteINIStr: wrote [%s] %s=%s in %s
    CopyFiles "%s"->"%s"
    CreateShortCut: out: "%s", in: "%s %s", icon: %s,%d, sw=%d, hk=%d
    Error registering DLL: Could not load %s
    Error registering DLL: %s not found in %s
    GetTTFFontName(%s) returned %s
    GetTTFVersionString(%s) returned %s
    Exec: failed createprocess ("%s")
    Exec: success ("%s")
    Exec: command="%s"
    ExecShell: success ("%s": file:"%s" params:"%s")
    ExecShell: warning: error ("%s": file:"%s" params:"%s")=%d
    Exch: stack < %d elements
    RMDir: "%s"
    MessageBox: %d,"%s"
    Delete: "%s"
    File: wrote %d to "%s"
    File: skipped: "%s" (overwriteflag=%d)
    File: error creating "%s"
    File: overwriteflag=%d, allowskipfilesflag=%d, name="%s"
    Rename failed: %s
    Rename on reboot: %s
    Rename: %s
    IfFileExists: file "%s" does not exist, jumping %d
    IfFileExists: file "%s" exists, jumping %d
    CreateDirectory: "%s" created
    CreateDirectory: can't create "%s" - a file already exists
    CreateDirectory: can't create "%s" (err=%d)
    CreateDirectory: "%s" (%d)
    SetFileAttributes: "%s":X
    Sleep(%d)
    detailprint: %s
    Call: %d
    Aborting: "%s"
    Jump: %d
    verifying installer: %d%%
    unpacking data: %d%%
    ... %d%%
    http://nsis.sf.net/NSIS_Error
    ~nsu.tmp
    install.log
    %u.%u%s%s
    Skipping section: "%s"
    Section: "%s"
    New install of "%s" to "%s"
    .DEFAULT\Control Panel\International
    Software\Microsoft\Windows\CurrentVersion
    *?|<>/":
    invalid registry key
    HKEY_DYN_DATA
    HKEY_CURRENT_CONFIG
    HKEY_PERFORMANCE_DATA
    HKEY_USERS
    HKEY_LOCAL_MACHINE
    HKEY_CURRENT_USER
    HKEY_CLASSES_ROOT
    x%c
    RMDir: RemoveDirectory failed("%s")
    RMDir: RemoveDirectory on Reboot("%s")
    RMDir: RemoveDirectory("%s")
    RMDir: RemoveDirectory invalid input("%s")
    Delete: DeleteFile failed("%s")
    Delete: DeleteFile on Reboot("%s")
    Delete: DeleteFile("%s")
    %s: failed opening file "%s"
    LOCALS~1\Temp\nsl9.tmp\tmpqhm8vg.dll
    \emaaif_70690.exe"
    C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsl9.tmp\tmpqhm8vg.dll
    C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsl9.tmp
    \config.ini\..\emaaif_70690.exe"
    Nullsoft Install System v2.46.5-Unicode
    %Program Files%\Baidu\
    sl9.tmp
    File: skipped: "C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsl9.tmp\tmpqhm8vg.dll" (overwriteflag=1)
    p\tmpqhm8vg.dll"
    :\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsa2.tmp\config.ini\..\emaaif_70690.exe"
    "C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsa2.tmp\config.ini\..\emaaif_70690.exe"
    %Program Files%\Baidu\BaiduAn
    C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsa2.tmp
    emaaif_70690.exe
    CUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsb7.tmp
    C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\
    C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsa2.tmp\emaaif_70690.exe
    -1509293163
    1.0.379.329
    
iexplore.exe_1676:
    

    

    %?9-*09,*19}*09
    .text
    `.data
    .rsrc
    msvcrt.dll
    KERNEL32.dll
    NTDLL.DLL
    USER32.dll
    SHLWAPI.dll
    SHDOCVW.dll
    Software\Microsoft\Windows\CurrentVersion\Explorer\BrowseNewProcess
    IE-X-X
    rsabase.dll
    System\CurrentControlSet\Control\Windows
    dw15 -x -s %u
    watson.microsoft.com
    IEWatsonURL
    %s -h %u
    iedw.exe
    Iexplore.XPExceptionFilter
    jscript.DLL
    mshtml.dll
    mlang.dll
    urlmon.dll
    wininet.dll
    shdocvw.DLL
    browseui.DLL
    comctl32.DLL
    IEXPLORE.EXE
    iexplore.pdb
    ADVAPI32.dll
    MsgWaitForMultipleObjects
    IExplorer.EXE
    IIIIIB(II<.Fg
    7?_____ZZSSH%
    )z.UUUUUUUU
    ,....Qym
    ````2```
    {.QLQIIIKGKGKGKGKGKG
    ;33;33;0
    8888880
    8887080
    browseui.dll
    shdocvw.dll
    6.00.2900.5512 (xpsp.080413-2105)
    Windows
    Operating System
    6.00.2900.5512
    
iexplore.exe_1676_rwx_052D0000_00001000:
    

    

    %Program Files%\Baidu\BaiduSd\1.8.0.1255\BDKVDownloadProtect.dll
    
kuping_b_54282.exe_2428:
    

    

    .text
    `.rdata
    @.data
    .rsrc
    F=8%D
    F%D,3
    MFC42.DLL
    MSVCRT.dll
    _acmdln
    WinExec
    KERNEL32.dll
    USER32.dll
    RegCloseKey
    RegCreateKeyExA
    RegEnumKeyExA
    RegOpenKeyExA
    RegCreateKeyA
    ADVAPI32.dll
    SHELL32.dll
    ole32.dll
    OLEAUT32.dll
    MSVCP60.dll
    GdipSetImageAttributesColorKeys
    gdiplus.dll
    NETAPI32.dll
    IMAGEHLP.dll
    WS2_32.dll
    VERSION.dll
    MSIMG32.dll
    GDI32.dll
    COMCTL32.dll
    LZMA.dll
    _Key_End_
    _Key_Data_
    _Key_Begin_
    Location: %s
    User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.57 Safari/537.17 SE 2.X MetaSr 1.0
    HTTP/1.1
    http://
    kernel32.dll
    %s\%s
    Software\Microsoft\Windows\CurrentVersion\Run
    SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall
    SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
    .PAVCInternetException@@
    Range: bytes=%d-%d
    Range: bytes=%d-
    User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows NT; DigExt; DTS Agent;)
    Referer: %s
    http://www.wallba.com/
    Host: %s
    GET %s HTTP/1.1
    %s %d
    %d,%d,%d,%d,%d,%d
    \SystemConfig\setting.ini
    MsgBox_1.ini
    %s?id=%s&class=silence
    \softset.ini
    VersionConfig.xml
    version.ini
    softset.ini
    http://www.wallba.com/
    URLInfoAbout
    uninstall.exe
    Kpclick.ini
    http://img.wallba.com/Public/caijiansuoluetu/2013nian/8yue/0808fj.jpg
    http://img.wallba.com/Public/caijiansuoluetu/2013nian/8yue/0809kt.jpg
    http://img.wallba.com/Public/caijiansuoluetu/2013nian/8yue/0808kt.jpg
    http://config.wallba.com/Public/Configs/KpInstall/AnImg.xml
    http://tj.153624.com/report/
    skinConfig\TongJICNZZ.dll
    http://config.153624.com/Public/conf/c-lock/1/%s_%s/%s.xml
    http://img.wallba.com/Public/Configs/uninstall_end.html
    http://img.wallba.com/Public/Configs/uninstall_begin.html
    http://img.kuping.cc/Public/Configs/v5_install_close.html
    http://img.wallba.com/Public/Configs/index.html
    http://img.wallba.com/Public/Configs/index2.html
    http://img.wallba.com/Public/Configs/install_end.html
    http://img.wallba.com/Public/Configs/install_begin.html
    /index.php
    XML_URL_TP
    v5.tongji.wallba.com
    downURL
    http://down.shuyeer.net/kptoolbar/kptoolbar_b_50.exe
    KPToolBarSilence.exe
    UniversalMini.exe
    KP4Mini.exe
    Kp_BootClr.exe
    soft.exe
    installedSoftInfo.ini
    .kptheme
    .kpscr
    .kplgui
    .kpicon
    .kpcur
    .kprar
    %s\%s,%d
    %s\KpInstallTheme.exe
    %s %%1
    %s\Shell\Open\Command
    %s\Shell
    %s\DefaultIcon
    http://int.dpool.sina.com.cn/iplookup/iplookup.php
    QueryInterface failed! ctrl: %d
    Can't find the ctrl: %d
    skinconfig.ini
    0900936iso-ir-581028598iso_8859-81201255iso_8859-8-i1200932cswindows31j
    0628597greek81201258windows-1258
    1201257windows-12570738598logical
    1201256windows-12560651932euc-jp
    1201255windows-1255
    2701143x-ebcdic-finlandsweden-euro1201254windows-1254
    0801251x-cp12511201253windows-12531400949ks_c_5601_19871528599iso_8859-9:1989
    0801250x-cp12501201252windows-1252
    1201251windows-12511528598iso_8859-8:1988
    1201250windows-12502301149x-ebcdic-icelandic-euro
    1150220iso-2022-jp1100874windows-874
    1901145x-ebcdic-spain-euro1620127iso_646.irv:1991
    0551932x-euc1250221_iso-2022-jp1000932csshiftjis
    http-equiv
    <>=\/?!"';
    (%d nulls removed)
    length %d
    to length %d
    to %d bytes
    CWebBrowser2
    colorkey
    isshow
    layer_%d
    dddddd
    walla.com,
    @.reloc
    GetProcessWindowStation
    GetCPInfo
    <*=0=4=8=<=
    <(<(=-=?=
    mscoree.dll
    - Attempt to initialize the CRT more than once.
    - CRT not initialized
    - floating point support not loaded
    KERNEL32.DLL
    WUSER32.DLL
    {8856F961-340A-11D0-A96B-00C04FD705A2}
    (*.*)
    1.1.1,1
    InStaller.EXE
    
BaiduSdSvc.exe_3048:
    

    

    .text
    `.rdata
    @.data
    .rsrc
    @.reloc
    c:\clientci\workspace\bdkv_v1.8_patch_compile\basic\KVOutput\binrelease\BaiduSdSvc.pdb
    ?GetBDMReportMgr@BDLogicUtils@@YAPAVIBDMReportMgr@1@XZ
    BDLogicUtils.dll
    BDMBase.dll
    BDMFrameWork.dll
    ?GetWindowsDirectory_DLL@BDMStringUtils@@YA_NPA_WH@Z
    BDMStringUtils.dll
    ?BDMMsgGetModule@@YGJPAPAX@Z
    BDMMsg.dll
    BDMSkin.dll
    KERNEL32.dll
    RegCloseKey
    RegCreateKeyExW
    RegOpenKeyExW
    ADVAPI32.dll
    MSVCP80.dll
    SHLWAPI.dll
    MSVCR80.dll
    _amsg_exit
    _crt_debugger_hook
    USERENV.dll
    WTSAPI32.dll
    SensApi.dll
    ?BDMGetWindowsVersion@BDMMisc@@YAHAAKPA_WH@Z
    .?AV?$CSingleton@VCRtpPluginContainer@@@BDMBase@@
    .?AVCRtpPluginContainer@@
    .?AV?$CSingleton@VCRTPServer@@@utils@@
    .?AVCRTPServer@@
    .?AVCBDMOptionsReportRecord@@
    .?AVCBDMLauchReportRecord@@
    ?"?*?0?6?
    6 6$6(6,60646
    5 5$5(5,5
    @explorer.exe
    \BDConfig.dll
    winlogon.exe
    SOFTWARE\Microsoft\Windows\CurrentVersion
    ntdll.dll
    explorer.exe
    BaiduSdTray.exe
    "{0}\{1}" {2}
    SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN
    EXPLORER.EXE
    BaiduSdSvc.exe
    Global\BDKVMutex{B2F10594-7119-4649-9326-AF1890C5CE56}
    Global\BDKVEvent{8C345A9A-F601-405d-AB4A-B459CD5E369E}
    Global\TAV_SERVICE_{4A9CAFF9-6834-419c-AFB1-139AC49FF55E}
    \\.\pipe\{5EA6312A-0014-4160-AF85-E26361D6281E}
    BaiduSd.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Baidu\BaiduSd
    \bdkvrtpplugins\RtpContainerConfig.xml
    C:\test.exe
    d-d-d d:d:d d
    d:d:d
    %s(%d)
    Last Error : %u(%s)
    \BDMAVE.dll
    Global\BDKVMutex{32EB1BC7-A5CD-4356-A6B1-54D7BF690CA7}
    JoinBaiduCloundPlan
    1.8.0.1250
    BaidusdSvc.exe
    
BaiduSdTray.exe_3184:
    

    

    .text
    `.rdata
    @.data
    .rsrc
    @.reloc
    FtPhl
    D$XPSSh
    PSSSSSSh
    c:\clientci\workspace\bdkv_v1.8_patch_compile\basic\KVOutput\binrelease\BaiduSdTray.pdb
    BDMSkin.dll
    ?GetBDMReportMgr@BDLogicUtils@@YAPAVIBDMReportMgr@1@XZ
    BDLogicUtils.dll
    ?BDMGetWindowsVersion@BDMMisc@@YAHAAKPA_WH@Z
    BDMBase.dll
    BDMFrameWork.dll
    ?GetWindowsDirectory_DLL@BDMStringUtils@@YA_NPA_WH@Z
    BDMStringUtils.dll
    ?BDMMsgGetModule@@YGJPAPAX@Z
    BDMMsg.dll
    GetProcessHeap
    SetProcessShutdownParameters
    KERNEL32.dll
    USER32.dll
    GDI32.dll
    RegCloseKey
    RegOpenKeyExW
    ADVAPI32.dll
    ShellExecuteW
    SHELL32.dll
    ole32.dll
    SHLWAPI.dll
    MSVCP80.dll
    MSVCR80.dll
    _amsg_exit
    _wcmdln
    _crt_debugger_hook
    PSAPI.DLL
    .?AVCBDMLauchReportRecord@@
    2 2$2(2,20242
    :(;-;3;_;
    \BDConfig.dll
    hh_debug:%s
    BaiduSdUpdate.exe
    Wtsapi32.dll
    BDMgr.exe -stmd=6
    BDMgr.exe -stmd=7
    BDMgr.exe -stmd=7 -selplugin={914438D6-1EC4-434A-B6EC-20F84894C395}
    http://shadu.baidu.com/feedback.html
    {E059A29F-D2ED-4f28-849A-851AA9D5A05C}
    TrayPluginContainerConfig.xml
    BaiduSdTray.exe
    BDMNet.dll
    ic_danger.png
    errorcode: %d
    BaiduSdBugRpt.exe
    BaiduSd.exe
    BaiduSdSvc.exe
    Client.exe
    \GameNoDisturb.ini
    file='skin_1.png' xtiled='true' ytiled='true'
    \BaiduSdSvc.exe -m "
    \cmd.exe
    Shell32.dll
    \BaiduSd.exe
    -selplugin=rdp_scan -vll=%s
    BaiduSd{D8A4131D-3A7A-48a1-B080-28E1DC04F7C2}
    100012_1
    CheckIco_Select_hor.png
    CheckIco.png
    ic_menu_logo_hor.png
    CheckIco_hor.png
    CheckIco_Select.png
    MainIco_hor.png
    ic_menu_logo.png
    MainIco.png
    menu.xml
    HKEY_LOCAL_MACHINE\SOFTWARE\Baidu\BaiduSd
    1.8.0.1250
    http://shadu.baidu.com
    http://shadu.baidu.com/privacy.html
    about.xml
    @advapi32.dll
    %u.%u.%u.%u
    ABDKVMainframe.dll
    BDCooly.dll
    JoinBaiduCloundPlan
    \\.\pipe\{5EA6312A-0014-4160-AF85-E26361D6281E}
    BaidusdTray.exe
    
Ainqngz3.9.exe_2152:
    

    

    .text
    .data
    .rsrc
    MSVBVM60.DLL
    "44)*612
    urlww
    .FlGc
    %smzCz
    SHDocVwCtl.WebBrowser
    VB5!6&vb6chs.dll
    ieframe.dll
    WebBrowser
    %Program Files%\Microsoft Visual Studio\VB98\VB6.OLB
    %System%\mshtml.tlb
    %System%\ieframe.oca
    winmm.dll
    advapi32.dll
    RegCloseKey
    RegCreateKeyA
    RegOpenKeyA
    wininet.dll
    InternetOpenUrlA
    GetUrlSource
    VBA6.DLL
    sUrl
    v.baofeng.com
    99999999999
    http://order.5bo.com/
    http://wpa.qq.com
    http://www.baidu.com/
    http://hzf.v.baofeng.com/#
    http://hzf.v.baofeng.com/
    "url":"
    "swfurl":"
    http://
    http://tv.aiqingzhihui.com/zhibo2.html?id=
    \setings.ini
    jistlo.exe
    cmd.exe /c taskkill /im
    ku6.com
    http://tv.aiqingzhihui.com/zhibo2.html
    http://y.qq.com/player
    qq.com
    pptv.com
    sohu.com
    56.com
    ifeng.com
    youku.com
    tudou.com
    iqiyi.com
    wasu.cn
    pps.tv
    letv.com
    imgo.tv
    kankan.com
    sina.com.cn
    cntv.cn
    m1905.com
    hz.letv.com
    tv.sohu.com
    baofeng.com
    
Ainqngz3.9.exe_2152_rwx_00401000_00019000:
    

    

    "44)*612
    urlww
    .FlGc
    %smzCz
    SHDocVwCtl.WebBrowser
    VB5!6&vb6chs.dll
    ieframe.dll
    WebBrowser
    %Program Files%\Microsoft Visual Studio\VB98\VB6.OLB
    %System%\mshtml.tlb
    %System%\ieframe.oca
    winmm.dll
    advapi32.dll
    RegCloseKey
    RegCreateKeyA
    RegOpenKeyA
    wininet.dll
    InternetOpenUrlA
    GetUrlSource
    VBA6.DLL
    sUrl
    MSVBVM60.DLL
    v.baofeng.com
    99999999999
    http://order.5bo.com/
    http://wpa.qq.com
    http://www.baidu.com/
    http://hzf.v.baofeng.com/#
    http://hzf.v.baofeng.com/
    "url":"
    "swfurl":"
    http://
    http://tv.aiqingzhihui.com/zhibo2.html?id=
    \setings.ini
    jistlo.exe
    cmd.exe /c taskkill /im
    ku6.com
    http://tv.aiqingzhihui.com/zhibo2.html
    http://y.qq.com/player
    qq.com
    pptv.com
    sohu.com
    56.com
    ifeng.com
    youku.com
    tudou.com
    iqiyi.com
    wasu.cn
    pps.tv
    letv.com
    imgo.tv
    kankan.com
    sina.com.cn
    cntv.cn
    m1905.com
    hz.letv.com
    tv.sohu.com
    baofeng.com
    
Mnyig.exe_2300:
    

    

    .text
    `.itext
    `.data
    .idata
    .rdata
    @.reloc
    B.rsrc
    kernel32.dll
    Windows
    MSWHEEL_ROLLMSG
    MSH_WHEELSUPPORT_MSG
    MSH_SCROLL_LINES_MSG
    $*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)
    oleaut32.dll
    EVariantBadIndexError
    ssShift
    htKeyword
    EInvalidOperation
    %s[%d]
    %s_%d
    Uh.FB
    USER32.DLL
    comctl32.dll
    EInvalidGraphicOperation
    SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
    uxtheme.dll
    DWMAPI.DLL
    UrlMon
    shell32.dll
    PasswordChar
    OnKeyDown
    OnKeyPress8
    OnKeyUp
    clWebSnow
    clWebFloralWhite
    clWebLavenderBlush
    clWebOldLace
    clWebIvory
    clWebCornSilk
    clWebBeige
    clWebAntiqueWhite
    clWebWheat
    clWebAliceBlue
    clWebGhostWhite
    clWebLavender
    clWebSeashell
    clWebLightYellow
    clWebPapayaWhip
    clWebNavajoWhite
    clWebMoccasin
    clWebBurlywood
    clWebAzure
    clWebMintcream
    clWebHoneydew
    clWebLinen
    clWebLemonChiffon
    clWebBlanchedAlmond
    clWebBisque
    clWebPeachPuff
    clWebTan
    clWebYellow
    clWebDarkOrange
    clWebRed
    clWebDarkRed
    clWebMaroon
    clWebIndianRed
    clWebSalmon
    clWebCoral
    clWebGold
    clWebTomato
    clWebCrimson
    clWebBrown
    clWebChocolate
    clWebSandyBrown
    clWebLightSalmon
    clWebLightCoral
    clWebOrange
    clWebOrangeRed
    clWebFirebrick
    clWebSaddleBrown
    clWebSienna
    clWebPeru
    clWebDarkSalmon
    clWebRosyBrown
    clWebPaleGoldenrod
    clWebLightGoldenrodYellow
    clWebOlive
    clWebForestGreen
    clWebGreenYellow
    clWebChartreuse
    clWebLightGreen
    clWebAquamarine
    clWebSeaGreen
    clWebGoldenRod
    clWebKhaki
    clWebOliveDrab
    clWebGreen
    clWebYellowGreen
    clWebLawnGreen
    clWebPaleGreen
    clWebMediumAquamarine
    clWebMediumSeaGreen
    clWebDarkGoldenRod
    clWebDarkKhaki
    clWebDarkOliveGreen
    clWebDarkgreen
    clWebLimeGreen
    clWebLime
    clWebSpringGreen
    clWebMediumSpringGreen
    clWebDarkSeaGreen
    clWebLightSeaGreen
    clWebPaleTurquoise
    clWebLightCyan
    clWebLightBlue
    clWebLightSkyBlue
    clWebCornFlowerBlue
    clWebDarkBlue
    clWebIndigo
    clWebMediumTurquoise
    clWebTurquoise
    clWebCyan
    clWebPowderBlue
    clWebSkyBlue
    clWebRoyalBlue
    clWebMediumBlue
    clWebMidnightBlue
    clWebDarkTurquoise
    clWebCadetBlue
    clWebDarkCyan
    clWebTeal
    clWebDeepskyBlue
    clWebDodgerBlue
    clWebBlue
    clWebNavy
    clWebDarkViolet
    clWebDarkOrchid
    clWebMagenta
    clWebDarkMagenta
    clWebMediumVioletRed
    clWebPaleVioletRed
    clWebBlueViolet
    clWebMediumOrchid
    clWebMediumPurple
    clWebPurple
    clWebDeepPink
    clWebLightPink
    clWebViolet
    clWebOrchid
    clWebPlum
    clWebThistle
    clWebHotPink
    clWebPink
    clWebLightSteelBlue
    clWebMediumSlateBlue
    clWebLightSlateGray
    clWebWhite
    clWebLightgrey
    clWebGray
    clWebSteelBlue
    clWebSlateBlue
    clWebSlateGray
    clWebWhiteSmoke
    clWebSilver
    clWebDimGray
    clWebMistyRose
    clWebDarkSlateBlue
    clWebDarkSlategray
    clWebGainsboro
    clWebDarkGray
    clWebBlack
    Proportional
    OnExecute
    {43826d1e-e718-42ee-bc55-a1e261c37bfe}
    AutoHotkeys
    \SYSTEM\CurrentControlSet\Control\Keyboard Layouts\
    TKeyEvent
    TKeyPressEvent
    HelpKeyword|
    crSQLWait
    %s (%s)
    imm32.dll
    TActiond%F
    HelpKeyword
    ssHotTrack
    TWindowState
    poProportional
    TWMKey
    KeyPreview
    WindowState
    tagMSG
    GlassFrame.Bottom
    GlassFrame.Enabled
    GlassFrame.Left
    GlassFrame.Right
    GlassFrame.SheetOfGlass
    GlassFrame.Top
    System\CurrentControlSet\Control\Keyboard Layouts\%.8x
    User32.dll
    %s, ClassID: %s
    %s, ProgID: "%s"
    ole32.dll
    CoXMLHTTPRequest
    olepro32.dll
    %d.%d.%d.%d
    ftp://
    login error
    http://
    Mozilla/5.0 (Windows; U; Windows NT 6.1; zh-CN; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3
    HTTP/1.1
    grfKeyState
    TComTargetExecEvent
    CmdGroup
    nCmdID
    nCmdexecopt
    hhctrl.ocx
    URLMON.DLL
    SHDOCLC.DLL
    IWebBrowser
    IWebBrowserApp
    IWebBrowser2
    TEWBWindowSetResizable
    TEWBWindowSetLeft
    TEWBWindowSetTop
    TEWBWindowSetWidth
    TEWBWindowSetHeight
    bstrUrlContext
    bstrUrl
    OnWindowSetResizable<
    OnWindowSetLeft
    OnWindowSetTop
    OnWindowSetWidth
    OnWindowSetHeightL
    EWebBrokerExceptionU
    PSAPI.dll
    TAsyncExecuteThreadU
    SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Down\ETagFile.dat
    HNetCfg.FwMgr
    HNetCfg.FwAuthorizedApplication
    %d.%d
    Shell.Application
    Shell32.dll
    SysShadow
    Content-Type: application/x-www-form-urlencoded
    var x = document.createElement("link");x.rel = "stylesheet";x.type = "text/css";x.media = "screen";x.href = "
    document.getElementsByTagName("head")[0].appendChild(x);
    scrollbar.css
    TSimpleUdpClient
    D:\project\Component\superobjectv1.2.4\superobject.pas
    Unsuported variant data type: %d
    STcpThread
    tjj.mny8.cn
    tjjwt.mny8.cn
    tjjdx.mny8.cn
    tjjt.mny8.cn
    125.43.78.107
    tjj.mnyb.net
    222.88.93.109
    IWebBrowserApp,"I
    IWebBrowser2`"I
    TWebBrowserStatusTextChange
    TWebBrowserProgressChange
    TWebBrowserCommandStateChange
    TWebBrowserTitleChange
    TWebBrowserPropertyChange
    TWebBrowserBeforeNavigate2
    TWebBrowserNewWindow2
    TWebBrowserNavigateComplete2
    TWebBrowserDocumentComplete
    TWebBrowserOnVisible
    TWebBrowserOnToolBar
    TWebBrowserOnMenuBar
    TWebBrowserOnStatusBar
    TWebBrowserOnFullScreen
    TWebBrowserOnTheaterMode
    TWebBrowserWindowSetResizable
    TWebBrowserWindowSetLeft
    TWebBrowserWindowSetTop
    TWebBrowserWindowSetWidth
    TWebBrowserWindowSetHeight
    TWebBrowserWindowClosing
    TWebBrowserClientToHostWindow
    TWebBrowserSetSecureLockIcon
    TWebBrowserFileDownload
    TWebBrowserNavigateError
    %TWebBrowserPrintTemplateInstantiation
    TWebBrowserPrintTemplateTeardown
    TWebBrowserUpdatePageStatus
    %TWebBrowserPrivacyImpactedStateChange
    TWebBrowser
    OnWindowSetResizable
    OnWindowSetTop<)I
    OnWindowSetHeight
    HKEY_LOCAL_MACHINE
    HKEY_CURRENT_USER
    ou.mny8.com.cn
    ou.mnyb.net
    222.88.93.108
    125.43.78.118
    xh.dat
    -1001_1_srr.exe
    MAPI32.DLL
    supports
    importNode
    %s="%s"
    %s%s%s: %d%s%s
    gdiplus.dll
    GdiplusShutdown
    user32.dll
    OnActionExecute
    rcmDefault
    rcmDebug
    DontExecuteScripts
    DontExecuteJava
    DontExecuteActiveX
    DisableUrlIfEncodingUTF8
    EnableUrlIfEncodingUTF8
    CheckFontSupportsCodePage
    DisableSubmitUrlInUTF8
    EnableSubmitUrlInUTF8
    lpMsg
    PMsg
    pguidCmdGroup
    TTranslateUrlEvent
    pchURLIn
    ppchURLOut
    CmdID
    pszUrl
    pszUrlContext
    szPassWord
    ErrorUrl
    OptionKeyPath
    OverrideOptionKeyPath,mL
    OnTranslateUrlXtL
    OnCommandExecl
    '%s' is not supported.
    WebocPopupManagement
    ValidateNavigateUrl
    HttpUsernamePasswordDisable
    GetUrlDomFilePathUnencoded
    XmlHttp
    https://
    AppEvents\Schemes\Apps\Explorer\Navigating\.Current
    .Current
    \ieframe.dll
    \shdocvw.dll
    \StringFileInfo\%0.4x%0.4x\%s
    TMsgEvent
    TKeyEventEx
    Port
    Password
    poPortrait
    0.750000
    3333333
    \Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
    \Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
    User-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
    User-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)(
    EmbeddedWB http://bsalsa.com/
    TOnPaintWebICOEvent
    ScrollLeftPic
    OnPaintWebICOT
    LinkUrlT
    Fav%d.dat
    Setup.ini
    TFormLoginTips
    LoginUrl
    /WebShell
    CMD:Login
    CMD:Reg
    CMD:Logout:
    CMD:Close
    UnsupportedGdiplusVersion
    PropertyNotSupported
    aclBurlyWood
    rpcrt4.dll
    KERNEL32.DLL
    GetDeskTopIcoPositionX64.exe
    mvyy.exe
    dtk.vsnis.com
    lbldi.dat
    Heatbeat.ini
    {6BF52A52-394A-11D3-B153-00C04F79FAA6}
    {22D6F312-B0F6-11D0-94AB-0080C74C7E95}
    {CFCDAA03-8BE4-11cf-B84B-0020AFBBCCFA}
    {05589FA1-C356-11CE-BF01-00AA0055595A}
    {CD3AFA76-B84F-48F0-9393-7EDC34128127}
    {CD3AFA74-B84F-48F0-9393-7EDC34128127}
    {CD3AFA89-B84F-48F0-9393-7EDC34128127}
    {CD3AFA84-B84F-48F0-9393-7EDC34128127}
    {CD3AFA8F-B84F-48F0-9393-7EDC34128127}
    {CD3AFA94-B84F-48F0-9393-7EDC34128127}
    {889D2FEB-5411-4565-8998-1DD2C5261283}
    {A9322148-C691-4B9D-91FC-B9C461DBE9DD}
    {95B3F550-91C4-4627-BCC4-521288C52977}
    {162AF25B-5A2A-448E-A842-194653EF3E05}
    {E05BC2A3-9A46-4A32-80C9-023A473F5B23}
    {EF0D1A14-1033-41A2-A589-240C01EDC078}
    {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}
    {5D09DD40-CDC4-4C56-B615-0D1E3B357C2B}
    {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
    TXMLKeyWorksType
    TXMLKeyWorkType
    KeyWordID
    ViewPassWord
    KeyWorks
    KeyIndex
    CancelWebRange
    CancelWebRule
    UseSysWeb
    Uh.zO
    NewWebBrowser
    MsgClick
    WebWidth
    WebHeight
    MsgType
    \Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\
    \System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\
    WebUtils
    .com.net.org.gov.edu.mil.biz.name.info.mobi.pro.travel.museum.int.aero.post.rec.asia.ac.ad.ae.af.ag.ai.al.am.an.ao.aq.ar.as.at.au.aw.az.ba.bb.bd.be.bf.bg.bh.bi.bj.bm.bn.bo.br.bs.bt.bv.bw.by.bz.ca.cc.cf.cd.ch.ci.ck.cl.cm.cn.co.cq.cr.cu.cv.cx.cy.cz.de.dj.dk.dm.do.dz.ec.ee.eg.eh.er.es.et.ev.fi.fj.fk.fm.fo.fr.ga.gd.ge.gf.gg.gh.gi.gl.gm.gn.gp.gr.gs.gt.gu.gw.gy.hk.hm.hn.hr.ht.hu.id.ie.il.im.in.io.iq.ir.is.it.jm.jo.jp.je.ke.kg.kh.ki.km.kn.kp.kr.kw.ky.kz.la.lb.lc.li.lk.lr.ls.lt.lu.lv.ly.ma.mc.md.me.mg.mh.mk.ml.mm.mn.mo.mp.mq.mr.ms.mt.mu.mv.mw.mx.my.mz.na.nc.ne.nf.ng.ni.nl.no.np.nr.nt.nu.nz.om.qa.pa.pe.pf.pg.ph.pk.pl.pm.pn.pr.pt.pw.py.re.rs.ro.ru.rw.sa.sb.sc.sd.se.sg.sh.si.sj.sk.sl.sm.sn.so.sr.st.sv.su.sy.sz.tc.td.tf.tg.th.tj.tk.tl.tm.tn.to.tr.tt.tv.tw.tz.ua.ug.uk.um.us.uy.uz.va.vc.ve.vg.vi.vn.vu.wf.ws.ye.yt.za.zm.zw.arts.com.edu.firm.gov.info.net.nom.org.rec.store.web.
    TMyWeb
    FrameWeb
    IfmWeb
    TFmWeb
    TMulWebBrower
    .exe.zip.rar.7z.mp3.avi.asf.iso.mpeg.mpg.mpga.ra.rm.rmvb.tar.wma.wmp.wmv.pdf.doc.xls.xlsx.docx.dat.apk.ipa.mp4.xap.
    TFmWebShuter
    ApplicationEvents1ActionExecute
    {A3CD2C5E-4A7E-478E-9A43-B8A193847281}
    EIdCanNotBindPortInRange
    EIdInvalidPortRange
    D:\Program Files\CodeGear\RAD Studio\5.0\source\Indy\Indy10\System\IdStreamVCL.pas
    D:\Program Files\CodeGear\RAD Studio\5.0\source\Indy\Indy10\System\IdGlobal.pas
    getservbyport
    WSAAsyncGetServByPort
    WSAJoinLeaf
    WS2_32.DLL
    Wship6.dll
    EIdIPVersionUnsupportedU
    TIdSocketListWindows
    TIdStackWindowsU
    IdStackWindows
    127.0.0.1
    D:\Program Files\CodeGear\RAD Studio\5.0\source\Indy\Indy10\System\IdStack.pas
    ftpTransfer
    ftpReady
    ftpAborted
    ClientPortMinT
    ClientPortMax
    PortSVW
    EIdPortRequiredt2Q
    EIdTCPConnectionError
    EIdObjectTypeNotSupported
    PortT
    D:\Program Files\CodeGear\RAD Studio\5.0\source\Indy\Indy10\Core\IdIOHandler.pas
    "EIdTransparentProxyUDPNotSupported
    %EIdSocksUDPNotSupportedBySOCKSVersion
    saUsernamePassword
    PasswordT
    Port
    0.0.0.1
    0.0.0.0
    BoundPortT
    DefaultPort
    TIdTCPConnection
    TIdTCPConnection,
    IdTCPConnection
    TIdTCPClientCustom
    IdTCPClient
    TIdTCPClient
    TIdTCPClienth
    :OffSet %d ; Len %d ; Size %d
    TUDPReadEvent
    TUDPErrorEvent
    EUDPError
    TUDPListenerThread
    TUDP
    TUDPT
    UDPClass
    AutoIncPort
    DefaultPort
    OnUDPRead
    OnUDPErrorU
    WSACreateEvent error,Code:%d
    WSAEventSelect error,code:%d
    OnUDPRead "%s" Excpetion: %s
    TCmdStream
    TStaticMemoryManager.Create: Unable to alloc memory
    TStaticMemoryManager.Create: Initialize FreeQueue error
    TUDPClientReadEvent
    TUDPClientFTPDataEvent
    APeerPort
    TUDPWorkThread
    UDPClientClass
    TUDPClient
    DefaultPortT
    OnUDPClientError
    OnUDPClientRead
    OnUDPClientFTPData
    TUDPClient.CloseUDPClient
    "%s" raised exception class [%s] with message "%s"
    DoUDPClientRead
    UDPRead: InsertNode faild!
    TUDPWorkThread.Execute
    {56048A91-0F0B-4726-B8E1-F55BF6DD939A}
    {56048A91-0F0B-4726-B8E1-F55BF6DD939A}FILE NOT FOUND
    '%D.%D' IS NOT A VALID TIMESTAMP
    '%S' IS NOT A VALID GUID VALUE
    '%S' IS NOT A VALID BOOLEAN VALUE
    INVALID POINTER OPERATION
    '%S' IS NOT A VALID INTEGER VALUE
    '%S' IS NOT A VALID FLOATING POINT VALUE
    '%S' IS NOT A VALID CURRENCY VALUE
    INVALID FLOATING POINT OPERATION
    QUIT KEY HIT
    OPERATION ABORTED
    EXCEPTION %S IN MODULE %S AT %P.
    ACCESS VIOLATION AT ADDRESS %P. %S OF ADDRESS %P
    '%S' IS NOT A VALID DATE
    '%S' IS NOT A VALID TIME
    '%S' IS NOT A VALID DATE AND TIME
    INVALID VARIANT OPERATION (%S%.8X)
    I/O ERROR %D
    CUSTOM VARIANT TYPE (%S%.4X) ALREADY USED BY %S
    1.0.4
    00-00-00-00-00-00
    NETAPI32.DLL
    NetWkstaTransportEnum
    TCPIP
    \\.\PhysicalDrive0
    \\.\SMARTVSD
    conAT.dat
    tongji.nbhscl.com
    tongji.N152.com
    123.157.215.216
    acdat.dat
    Software\Microsoft\Windows\CurrentVersion\App Paths\Mnyig
    Software\Microsoft\Windows\CurrentVersion\Uninstall\
    usst.exe
    URLInfoAbout
    %ProgramFiles%\Internet Explorer\iexplore.exe
    edi.dat
    http://udd.mny8.com.cn:4518/tj?qid=
    http://udd.mnyb.net:4518/tj?qid=
    http://125.43.78.117:4518/tj?qid=
    http://222.88.93.101:4518/tj?qid=
    runa.ini
    FormKeyPress
    lblUrl
    http://web.mny8.com/Handler/Handler.ashx?action=like&id=
    http://web.mny8.com/fav.aspx?id=
    favicon.ico
    TMonochromeLookup
    uWebBrowser
    lblURL
    lblURLClick
    lblURLMouseEnter
    lblURLMouseLeave
    http://soft.mny8.com
    TFormWebShow
    frmWebShow
    ShowWebForm:
    TFormWebShow WebNavParms.URL:
    TFormWebShow.wb1 not HandleAllocated
    Act_Loginx
    Act_MaxExecute
    Act_MinExecute
    Act_HomePageExecute
    Act_ShowTrayExecute
    Act_CloseExecute
    Act_AboutExecute
    Act_CloseOrTrayExecute
    Act_CheckUpdateExecute
    Act_AutoRunExecute
    Act_ShowUserPnlExecute
    Act_LoginExecute
    Act_RegExecute
    Act_RechargeExecute
    Act_RefExecute
    edtSearchKeyPress
    http://www.mny8.com
    http://web.mny8.com/Recharge.aspx
    http://www.baidu.com
    http://web.mny8.com/index.html?action=search&keyword=
    /WebShell
    /WebShell2
    btns.js
    http://web.mny8.com/json/btns1/btns.js
    http://web.mny8.com/renwu.html?uid=
    WMOpenWebUrl
    http://web.mny8.com/json/task/task.js
    TFormWebShowOnly
    TFormWebShowOnly4yT
    frmWebShowOnly
    pTipsType:%d
    ShellExecute
    Debug.txt
    username=%s&taskid=%s&action=taskok
    )4."1-2(
    *5/#2.3)
    ",71@5  &
    3'627-"(
    1 '-7#&0
    1&,#84 .'*
    - 8!3(.%
    7&-3!),6%
    #5*0' 8$2 .
    8'.4"*-7& 0#
    ("2%!&8-3*#
    /5,%!)703
    (03!,&6)%* 17.'# 
    $/6 *25#.(8 ',"3
    &18",47%0*
    '2, / 0&7!4-)1#8
    (3-!0,1'8"5.*2$
    inflate 1.0.4 Copyright 1995-1996 Mark Adler
    MnyigU.exe
    advapi32.dll
    RegOpenKeyExA
    RegCloseKey
    GetKeyboardType
    UnhookWindowsHookEx
    SetWindowsHookExA
    MsgWaitForMultipleObjects
    MapVirtualKeyA
    LoadKeyboardLayoutA
    GetKeyboardState
    GetKeyboardLayoutNameA
    GetKeyboardLayoutList
    GetKeyboardLayout
    GetKeyState
    GetKeyNameTextA
    EnumWindows
    EnumThreadWindows
    EnumChildWindows
    ActivateKeyboardLayout
    gdi32.dll
    SetViewportOrgEx
    version.dll
    WinExec
    GetCPInfo
    CreatePipe
    RegQueryInfoKeyA
    RegFlushKey
    RegEnumKeyExA
    RegDeleteKeyA
    RegCreateKeyExA
    wininet.dll
    InternetOpenUrlA
    HttpSendRequestA
    HttpQueryInfoA
    HttpOpenRequestA
    HttpAddRequestHeadersA
    FindNextUrlCacheEntryA
    FindFirstUrlCacheEntryA
    FindCloseUrlCache
    DeleteUrlCacheEntry
    ShellExecuteExA
    ShellExecuteW
    ShellExecuteA
    comdlg32.dll
    wsock32.dll
    ws2_32.dll
    iphlpapi.dll
    msvcrt.dll
    GdipGetStringFormatHotkeyPrefix
    GdipSetStringFormatHotkeyPrefix
    GdipSetImageAttributesColorKeys
    winmm.dll
    dsound.dll
    2 2$2(2,2
    = =$=(=,=0=4=8=<=@=
    < <$<(<,<0<4<
    2,2x2
    9 9$9(9,9094989
    3#373?3]3
    00141<1@1
    8 8$8(8,8084888<8
    8-85898Q8Y8u8}8
    3,4044484
    ; ;$;(;,;0;4;8;<;
    >!>%>->1>8>
    ;";&;*;.;4;};
    243D3g3
    99X9
    5#6'6 606
    82969<9~9
    9/:3:7:<:
    <(=.=3=8===
    :":&:*:.:
    9&9-949;9
    8 8$8(8,8084888
    4 4$4(4,4044484<4
    89M9
    < =&=9=}=~>
    ; ;$;(;,;0;4;8;
    >'?,?;?@?
    ;$;*;3;:;
    3 3$3(3,3034383<3\3|3
    9 9$9(9,9094989<9\9|9
    4"4&4*4.42464:4
    :":(:2:7:3;
    ;#;'; ;/;3;7;
    8&909:9?9
    stdole2.tlbWWW
    :WebShell
    mUrlsWWW
    ShowWebFormW
    TaUrl
    urlW
    licourlWW
    -ShowUrlW
    OpenUrlW
    KeyW
    333333333333333333
    33333833
    3333339
    3333333333333338
    :*"*"$3338
    33333333
    33333333333
    3333333333338
    33338?383
    333333333333
    :*3:"$3338
    333333333333333
    .KBx=
    .QaQU@q
    K1j=%d
    %fq'A
    hf%ub
    8%FqS
    .JmgL
    n.UZt
    eK0%D
    jt%xR
    b%xhE
    KWindows
    %ClientCmdUnit
    &UDPClientClass
    9CmdConstUnit
    CmdStreamClass
    uWebPosModel
    USimpleTcp
    7USimpleUdpClient
    ?HTTPApp
    >WebConst
    lfrmLoginTips
    uMsgFilter
    frmUserLogin
    UPipeTransConst
    UPipeTransClient
    TfmWeb
    fmWeb
    Font.Charset
    Font.Color
    Font.Height
    Font.Name
    Font.Style
    PNGImage.Data
    iTXtXML:com.adobe.xmp
    " id="W5M0MpCehiHzreSzNTczkc9d"?>        
    OnKeyPress
    Picture.Data
    6z%ug
    %uI"Q?
    FormLoginTips
    diTXtXML:com.adobe.xmp
    " id="W5M0MpCehiHzreSzNTczkc9d"?>        nWqU
    Z.xeX`
    %uB9oj
    " id="W5M0MpCehiHzreSzNTczkc9d"?>        $
    " id="W5M0MpCehiHzreSzNTczkc9d"?>        
    " id="W5M0MpCehiHzreSzNTczkc9d"?>        
    DialogBoxes.DisableAll
    PrintOptions.Margins.Left
    PrintOptions.Margins.Right
    PrintOptions.Margins.Top
    PrintOptions.Margins.Bottom
    PrintOptions.HTMLHeader.Strings
    PrintOptions.Orientation
    " id="W5M0MpCehiHzreSzNTczkc9d"?>        
    %.fE 
    Constraints.MinHeight
    Constraints.MinWidth
    " id="W5M0MpCehiHzreSzNTczkc9d"?>        &V
    " id="W5M0MpCehiHzreSzNTczkc9d"?>        T
    " id="W5M0MpCehiHzreSzNTczkc9d"?>        
    TFormUserLogin
    FormUserLogin
    30]%S
    EÞ,
    Z.czN
    Ce%x'x
    .xCn>
    .cx!Y
    T.yj1
    xZ<.ad
    imgLoginBottom
    " id="W5M0MpCehiHzreSzNTczkc9d"?>        
    ?
    btnLogin
    " id="W5M0MpCehiHzreSzNTczkc9d"?>        
    btnLoginClick
    " id="W5M0MpCehiHzreSzNTczkc9d"?>        
    lblQQLogin
    lblQQLoginClick
    lblQQLoginMouseEnter
    lblQQLoginMouseLeave
    edtRePass
    edtPassKeyPress
    edtUserKeyPress
    edtPass
    FormWebShow
    DisableErrors.fpExceptions
    HTMLCode.Strings
    BtnImage.Data
    BgPic.Data
    " id="W5M0MpCehiHzreSzNTczkc9d"?>        
    FormWebShowOnly
    " id="W5M0MpCehiHzreSzNTczkc9d"?>        
    PicBtnLeft.Data
    PicBtnRight.Data
    TabPic.Data
    ScrollLeftPic.Data
    ScrollRightPic.Data
    CloseBtnPic.Data
    MenuBtnPic.Data
    NewBtnPic.Data
    Act_Login
    version="11.0.2902.10471"
    name="Microsoft.Windows.Common-Controls"
    version="6.0.0.0"
    publicKeyToken="6595b64144ccf1df"
    http://www.w3.org/2001/XMLSchema
    http://www.w3.org/2000/xmlns/
    http://www.w3.org/2001/XMLSchema-instance
    errorUrl
    {surl}
    KeyWork
    loginurl
    keyword
    {"key":"
    TFMWEB
    TFORMLOGINTIPS
    TFORMUSERLOGIN
    TFORMWEBSHOW
    TFORMWEBSHOWONLY
    AInternal error: Extension Instance does not match Extension Label,Unsupported Application Extension block size
    Unknown GIF block type'Object type not supported for operation
    Unsupported PixelFormat
    Invalid stream operation
    Invalid extension introducerúiled to allocate memory for GIF DIB
    File "%s" not found
    Object type not supported.
    Transparent proxy cannot bind. UDP Not supported by this proxy.$Buffer terminator must be specified.!Buffer start position is invalid.
    Reply Code is not valid: %s
    Request rejected or failed.5Request rejected because SOCKS server cannot connect.QRequest rejected because the client program and identd report different user-ids.
    Command not supported.
    Address type not supported."%d: Circular links are not allowed
    Stack already created.1Only one TIdAntiFreeze can exist per application.&Cannot change IPVersion when connected$Can not bind in port range (%d - %d)
    Connection Closed Gracefully.;Could not bind socket. Address and port are already in use.
    Invalid Port Range (%d - %d)
    %s is not a valid service.
    %s is not a valid IPv6 address:The requested IPVersion / Address family is not supported.
    Set Size Exceeded.)UDP is not support in this SOCKS version.
    Socket is not connected..Cannot send or receive after socket is closed.#Too many references, cannot splice.
    Operation now in progress.
    Operation already in progress.
    Socket operation on non-socket.
    Protocol not supported.
    Socket type not supported."Operation not supported on socket.
    Protocol family not supported.0Address family not supported by protocol family.
    &Error on loading Winsock2 library (%s)
    Resolving hostname %s.
    Connecting to %s.
    Socket Error # %d
    Operation would block.
    Node "%s" not found
    IDOMNode required.Attributes are not supported on this node type
    Invalid node type Mismatched paramaters to RegisterChildNodes Element does not contain a single text node4DOM Implementation does not support IDOMParseOptions#ItemTag property is not initialized
    Node is readonlyCRefresh is only supported if the FileName or XML properties are set
    Line*Error on call Winsock2 library function %s1Invalid URL encoded character (%s) at position %d
    Failed to clear tab control Failed to delete tab at index %d"Failed to retrieve tab at index %d Failed to get object at index %d"Failed to set tab "%s" at index %d Failed to set object at index %d
    JPEG error #%d
    JPEG Image File)"%s" DOMImplementation already registered
    No matching DOM Vendor: "%s"
    UTF-7Ênnot remove shell notification iconÊnnot create shell notification icon"PageControl must first be assigned"%s requires Windows Vista or later
    OLE error %.8x.Method '%s' not supported by automation object/Variant does not reference an automation object7Dispatch methods do not support more than 64 parameters
    OLE control activation failed*Could not obtain OLE control window handle%License information for %s is invalidPLicense information for %s not found. You cannot use this control in design modeNUnable to retrieve a pointer to a running object registered with OLE for %s/%s=Error decoding URL style (%%XX) encoded string at position %d
    Invalid clipboard format Clipboard does not support Icons
    Cannot open clipboard/Menu '%s' is already being used by another form
    - Dock zone has no controlLError loading dock zone from the stream. Expecting version %d, but found %d.
    Error creating window class Cannot focus a disabled or invisible window!Control '%s' has no parent window$Parent given is not a parent of '%s'
    %s property out of range
    Scan line index out of range!Cannot change the size of an icon Invalid operation on TOleGraphic$Unknown picture file extension (.%s)
    Unsupported clipboard format
    Failed to set data for '%s'
    Resource %s not found
    %s.Seek not implemented$Operation not allowed on sorted list$%s not in a class registration group
    Property %s does not exist
    Thread creation error: %s
    Thread Error: %s (%d)*Windows socket error: %s (%d), on API '%s'"Unable to find a Table of Contents
    No help found for %s#No context-sensitive help installed
    Unable to write to %s
    Invalid stream format$''%s'' is not a valid component name
    Invalid data type for '%s' List capacity out of bounds (%d)
    List count out of bounds (%d)
    List index out of bounds (%d) Out of memory while expanding memory stream
    Error reading %s%s%s: %s
    Failed to create key %s
    Failed to get data for '%s'
    Ancestor for '%s' not found
    Cannot assign a %s to a %s
    Bits index out of range*Can't write to a read-only resource streamECheckSynchronize called from thread $%x, which is NOT the main thread
    Class %s not found
    A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates
    Cannot create file "%s". %s
    Cannot open file "%s". %s
    Operation not supported
    External exception %x
    Interface not supported
    %s (%s, line %d)
    Abstract Error?Access violation at address %p in module '%s'. %s of address %p
    System Error. Code: %d.
    Application Error1Format '%s' invalid or incompatible with argument
    No argument for format '%s'"Variant method calls not supported
    Invalid variant operation
    Invalid NULL variant operation%Invalid variant operation (%s%.8x)
    %s5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)
    Integer overflow Invalid floating point operation
    Invalid pointer operation
    Invalid class typecast0Access violation at address %p. %s of address %p
    Privileged instruction(Exception %s in module %s at %p.
    !'%s' is not a valid integer value('%s' is not a valid floating point value
    '%s' is not a valid date
    '%s' is not a valid time!'%s' is not a valid date and time
    '%s' is not a valid GUID value
    I/O error %d
    1.0.1011.1935
    1.0.0.0
    
jistlo.exe_2448:
    

    

    .text
    .data
    .rsrc
    MSVBVM60.DLL
    [11<1<0@
    [:<>><<<
    y%D:To
    SHDocVwCtl.WebBrowser
    VB5!6&vb6chs.dll
    ieframe.dll
    WebBrowser
    %System%\mshtml.tlb
    %Program Files%\Microsoft Visual Studio\VB98\VB6.OLB
    %System%\ieframe.oca
    winmm.dll
    GetUrlSource
    RegCloseKey
    advapi32.dll
    RegCreateKeyA
    RegOpenKeyA
    wininet.dll
    InternetOpenUrlA
    VBA6.DLL
    %System%\MSVBVM60.DLL\3
    NotifyMsgBox
    user32.dll
    oleaut32.dll
    kernel32.dll
    WebBrowser1
    .Picture4
    WebBrowser2
    0123210
    )o4.tr
    sUrl
    \min.ini
    \Set.ini
    \set.ini
    \Ainqngz3.9.exe
    \setings.ini
    http://aimini.aiqingzhihui.com/ta2/?flag=
    http://aimini.aiqingzhihui.com/ta3/?flag=
    http://aitime.aiqingzhihui.com/newh1/?
    http://aitime.aiqingzhihui.com/newh2/?2
    http://aitime.aiqingzhihui.com/newh3/?3
    http://aimini.aiqingzhihui.com/new/?
    http://aimini.aiqingzhihui.com/new/?2
    http://tj.aiqingzhihui.com/xin/?ver=137
    http://aimini.aiqingzhihui.com/ta1/?flag=
    Ainqngz3.9.exe
    C:\\Program Files\\Internet Explorer\\IEXPLORE.exe
    cmd.exe /c taskkill /im
    http://aimini.aiqingzhihui.com/new/?flag=
    http://aitime.aiqingzhihui.com/dnewh1/?flag=
    http://aitime.aiqingzhihui.com/dnewh2/?flag=
    http://aitime.aiqingzhihui.com/dnewh3/?flag=
    http://aitime.aiqingzhihui.com/newh1/?flag=
    http://aitime.aiqingzhihui.com/newh2/?flag=
    http://aitime.aiqingzhihui.com/newh3/?flag=
    
jistlo.exe_2448_rwx_00401000_0001F000:
    

    

    [11<1<0@
    [:<>><<<
    y%D:To
    SHDocVwCtl.WebBrowser
    VB5!6&vb6chs.dll
    ieframe.dll
    WebBrowser
    %System%\mshtml.tlb
    %Program Files%\Microsoft Visual Studio\VB98\VB6.OLB
    %System%\ieframe.oca
    winmm.dll
    GetUrlSource
    RegCloseKey
    advapi32.dll
    RegCreateKeyA
    RegOpenKeyA
    wininet.dll
    InternetOpenUrlA
    VBA6.DLL
    %System%\MSVBVM60.DLL\3
    NotifyMsgBox
    user32.dll
    oleaut32.dll
    kernel32.dll
    WebBrowser1
    .Picture4
    WebBrowser2
    0123210
    )o4.tr
    sUrl
    MSVBVM60.DLL
    \min.ini
    \Set.ini
    \set.ini
    \Ainqngz3.9.exe
    \setings.ini
    http://aimini.aiqingzhihui.com/ta2/?flag=
    http://aimini.aiqingzhihui.com/ta3/?flag=
    http://aitime.aiqingzhihui.com/newh1/?
    http://aitime.aiqingzhihui.com/newh2/?2
    http://aitime.aiqingzhihui.com/newh3/?3
    http://aimini.aiqingzhihui.com/new/?
    http://aimini.aiqingzhihui.com/new/?2
    http://tj.aiqingzhihui.com/xin/?ver=137
    http://aimini.aiqingzhihui.com/ta1/?flag=
    Ainqngz3.9.exe
    C:\\Program Files\\Internet Explorer\\IEXPLORE.exe
    cmd.exe /c taskkill /im
    http://aimini.aiqingzhihui.com/new/?flag=
    http://aitime.aiqingzhihui.com/dnewh1/?flag=
    http://aitime.aiqingzhihui.com/dnewh2/?flag=
    http://aitime.aiqingzhihui.com/dnewh3/?flag=
    http://aitime.aiqingzhihui.com/newh1/?flag=
    http://aitime.aiqingzhihui.com/newh2/?flag=
    http://aitime.aiqingzhihui.com/newh3/?flag=
    
kuping_v4.exe_2960:
    

    

    .text
    `.rdata
    @.data
    .rsrc
    F SShz
    N SShx
    tS9.tF
    MFC42.DLL
    MSVCRT.dll
    _acmdln
    WinExec
    GetWindowsDirectoryA
    KERNEL32.dll
    ExitWindowsEx
    GetKeyState
    GetAsyncKeyState
    USER32.dll
    GDI32.dll
    RegCloseKey
    RegCreateKeyExA
    RegOpenKeyA
    RegOpenKeyExA
    RegCreateKeyA
    RegQueryInfoKeyA
    RegFlushKey
    ADVAPI32.dll
    ShellExecuteA
    ShellExecuteExA
    SHELL32.dll
    ole32.dll
    OLEAUT32.dll
    GdipSetImageAttributesColorKeys
    gdiplus.dll
    MSVCP60.dll
    IMAGEHLP.dll
    WS2_32.dll
    ?PreTranslateMessage@CSkinCenterDlg@@UAEHPAUtagMSG@@@Z
    ?GetMessageMap@CSkinCenterDlg@@MBEPBUAFX_MSGMAP@@XZ
    SkinCenter.dll
    unrar.dll
    NETAPI32.dll
    PSAPI.DLL
    VERSION.dll
    MSIMG32.dll
    SetWindowsHookExA
    UnhookWindowsHookEx
    COMCTL32.dll
    kuping_v4.exe
    4.3.1.1
    version.ini
    QueryInterface failed! ctrl: %d
    Can't find the ctrl: %d
    \AboutDlgConfig\MainDlg.ini
    skinconfig.ini
    http://www.wallba.com
    \AppDlgConfig\MainDlgSkin.ini
    Appsoftconfig\button.xml
    Appsoftconfig\image\soft.xml
    http://config.wallba.com/Public/Configs/AppSoftconf.xml
    HKEY_LOCAL_MACHINE
    HKEY_CURRENT_USER
    HKEY_CLASSES_ROOT
    WallPlayer.exe
    Appsoftconfig\softtempfile\soft.xml
    %System32%
    wallplay\config\List_imge_theme_config\image.xml
    wallplay\config\WallPlayerConfig\WallPlayImage.xml
    Location: %s
    User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.57 Safari/537.17 SE 2.X MetaSr 1.0
    HTTP/1.1
    http://
    kernel32.dll
    Software\Microsoft\Windows\CurrentVersion\Run
    X-X-X-X-X-X
    %s\*.*
    Microsoft Windows 95
    Microsoft Windows NT 4.0
    Microsoft Windows 98
    Microsoft Windows Me
    Microsoft Windows 2000
    Microsoft Windows XP
    Microsoft Windows Server 2003 R2
    Microsoft Windows Server 2003
    Microsoft Windows XP Professional x64 Edition
    Microsoft Windows Server 2008
    Microsoft Windows Vista
    Microsoft Windows Server 2008 R2
    Microsoft Windows 7
    ImportExitOrderToUBS
    ImportUserBehaviorToUBS
    ImportSoftInformationToUBS
    UserBehaviorStatistics.dll
    temp.jpg
    \DownloadWebImageDlg\MainSkin.ini
    %d%d%d%d%d
    241870897
    TempDownLoad\FeedBack\qqNum.xml
    \FeedbackDlgConfig\MainFeedbackDlg.ini
    set.png
    focus.png
    http://config.wallba.com/Public/Configs/user_info.xml
    .kpscr
    .kplgui
    .kpicon
    .kpcur
    .kprar
    .kptheme
    %s %%1
    %s\Shell\Open\Command
    %s\Shell
    %s\DefaultIcon
    %s\kuping_v4.exe,%d
    %s\KpInstallTheme.exe
    softset.ini
    http://int.dpool.sina.com.cn/iplookup/iplookup.php
    TempDownLoad\UserLive\UserLive.ini
    TempDownLoad\TagInfo\TagVersion.ini
    skinConfig\skinversion.ini
    TempDownLoad\SearchBuff.ini
    Appsoftconfig\APPversion.ini
    TempDownLoad\Home\Homeversion.ini
    http://config.wallba.com/Public/Configs/Functon_version.xml
    TempDownLoad\UserLive\version.ini
    userlive.xml
    %s%s.xml
    http://config.wallba.com/Public/Configs/KpLiveControl/
    TempDownLoad\Home\tempfile\home.xml
    http://config.wallba.com/Public/Configs/KpIndexConf.xml
    Appsoftconfig\tempfile\soft.xml
    skinConfig\tempfile\SkinSetting.xml
    http://config.wallba.com/Public/Configs/SkinSetting.xml
    TempDownLoad\TagInfo\list_win7.xml
    http://img.wallba.com/Public/Configs/Album/list_win7.xml
    TempDownLoad\TagInfo\list_xp.xml
    http://img.wallba.com/Public/Configs/Album/list_xp.xml
    TempDownLoad\Home\home.xml
    %s\system32\themeui.dll
    %s\system32\uxtheme.dll
    crackthemepackwinxp.rar
    %s\system32
    .backup
    %s\system32\dllcache\themeui.dll
    %s\system32\dllcache\uxtheme.dll
    %s\system32\themeservice.dll
    crackthemepackwin7.rar
    %s /grant administrators:F
    /f %s
    crackthemepackwin7x64.rar
    Kernel32.dll
    urlEx
    weburl
    \WebContro.ini
    login
    IsShowWindow
    IndividualCenter.dll
    loginInfo\head.jpg
    http://kuping.wallba.com/web/help.html#win7sj
    \KPUpdater.dll
    set_1.png
    SepLine.png
    tui-chu.png
    menu_move.png
    about.png
    feedback_icon.png
    help_icon.png
    show.png
    \MenuSetConfig.ini
    update.png
    set_icon.png
    KpInstallTheme.exe
    http://www.wallba.com/Help.shtml
    IsLogin
    getnew.exe
    http://tj.153624.com/behavior/
    http://tj.153624.com/report/
    TongJICNZZ.dll
    update/soft.ini
    updateupgrade.exe_0
    updateupgrade.exe
    SystemConfig\setting.ini
    http://config.wallba.com/Public/Configs/Liveindex.html?id=
    http://img.wallba.com/Public/Configs/index.html?id=
    Kpclick.ini
    %d,%d,%d,%d,%d,%d
    \UpdateUi\UpdateSkin.ini
    \MainSkin.ini
    GetLoginHashValue
    GetLoginUid
    InitLogin
    login.dll
    LocBootScreen.xml
    LocIconsfolder.xml
    LocScreensaver.xml
    LocMouseponit.xml
    LocThemeXml.xml
    LocWallpaleXml.xml
    StowBootScreen.xml
    StowIconsfolder.xml
    StowScreensaver.xml
    StowMouseponit.xml
    stowThemeXml.xml
    StowWallpaleXml.xml
    wallpaper.bmp
    EXPLORER.EXE
    UniversalMini.exe
    %skuping_v4.exe start
    kuping_v4.exe start
    \softset.ini
    %sKp_BootClr.exe
    contact=%s:%s&content=%s
    /index.php?s=/Index/comment_save/
    kuping.wallba.com
    loginInfo\head_new.jpg
    head.jpg
    loginInfo\
    nick
    msg_num
    /kp_api.php?s=User/getuser&uid=
    member.wallba.com
    StartUp.xml
    http://config.wallba.com/Public/Configs/KpStartupControl/%s.xml
    %system32%
    TempDownLoad\StartUp\tempfile\StartUp.xml
    kptest.tmp
    http://img.wallba.com/Public/caijiansuoluetu/2013nian/8yue/0808fj.jpg
    http://img.wallba.com/Public/caijiansuoluetu/2013nian/8yue/0809kt.jpg
    http://img.wallba.com/Public/caijiansuoluetu/2013nian/8yue/0808kt.jpg
    http://config.wallba.com/Public/Configs/KpInstall/AnImg.xml
    http://config.153624.com/Public/conf/open/1/%s_%s/10.jpg
    img.wallba.com
    %d/xp/%d/%d/%d
    %d/win7/%d/%d/%d
    %d/%d/%d/%d/%d
    %d/0/%d/%d/%d
    %s/%d.xml
    %d%d%d%d%d%d%d.xml
    thumbnail.xml
    TempWallFile\TempThemWall.jpg
    kpTailor.exe
    %dK/s
    /Public/Configs/Album/%d
    /%d.xml
    KpInstallTheme.exe type=
    \Web\Wallpaper\Windows\img0.jpg
    Web\Wallpaper\bliss.jpg
    \NoticeDlgSkin.ini
    skinConfig\skinconfig.ini
    .jpeg
    KpInstallTheme.exe
    \SettingMenuDlgConfig\MainMenuDlgSkin.ini
    -iexplore.exe
    windows 3.1
    windows 95,
    windows 98,
    windows NT
    windows 2000
    windows xp
    windows 2003
    windows 2008
    windows 7
    windows 8
    http://config.wallba.com/Public/Configs/themecrack/crackthemepackwin7x64.rar
    http://config.wallba.com/Public/Configs/themecrack/crackthemepackwin7.rar
    http://config.wallba.com/Public/Configs/themecrack/crackthemepackwinxp.rar
    \themeui.dll
    \UpdateUi\SkinCenter.ini
    SkinSetting.xml
    \UpdateNoticeDlg.ini
    &key=
    /stat.php?c=download&a=add
    stat.wallba.com
    /stat/statUserAction.php
    action.wallba.com
    Windows 7
    Windows Vista
    tongji.zhenlaji.com
    %s %d
    HTTP/1.0
    Content-Type: application/x-www-form-urlencoded
    .PAVCInternetException@@
    Range: bytes=%d-%d
    Range: bytes=%d-
    User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows NT; DigExt; DTS Agent;)
    Referer: %s
    http://www.wallba.com/
    Host: %s
    GET %s HTTP/1.1
    %s_%d
    /kp_api.php?s=favorite/addFavorite
    down_url
    type_%d
    IEOpenURL
    SystemExeName
    KeyFilePath
    KeyPath
    0900936iso-ir-581028598iso_8859-81201255iso_8859-8-i1200932cswindows31j
    0628597greek81201258windows-1258
    1201257windows-12570738598logical
    1201256windows-12560651932euc-jp
    1201255windows-1255
    2701143x-ebcdic-finlandsweden-euro1201254windows-1254
    0801251x-cp12511201253windows-12531400949ks_c_5601_19871528599iso_8859-9:1989
    0801250x-cp12501201252windows-1252
    1201251windows-12511528598iso_8859-8:1988
    1201250windows-12502301149x-ebcdic-icelandic-euro
    1150220iso-2022-jp1100874windows-874
    1901145x-ebcdic-spain-euro1620127iso_646.irv:1991
    0551932x-euc1250221_iso-2022-jp1000932csshiftjis
    http-equiv
    <>=\/?!"';
    (%d nulls removed)
    length %d
    to length %d
    to %d bytes
    from length %d
    from byte length %d
    %s("%s","%s","%s")
    CWebBrowser2
    WebBrowser Create Failed!
    www.baidu.com
    %d %d
    btn%d_count
    btn%d_image
    btn%d_chage
    %d %d %d %d
    %d %d %
    progressShadow
    colorkey
    isshow
    layer_%d
    x=%d,y=%d
    ui/empty.png
    _DeleteElem(): item=%d, elem=%d, type=%d, nType=%d
    CGuiTree::DeleteItem(): id=%d
    \themeservice.dll
    \uxtheme.dll
    Windows 7 Home
    Microsoft Windows Millennium Edition
    Microsoft Windows 98
    Microsoft Windows 95
    %s (Build %d)
    Service Pack 6a (Build %d)
    SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q246009
    %d.%d
    Web Edition
    Microsoft Windows NT
    Microsoft Windows 2000
    Microsoft Windows XP
    Microsoft Windows Server 2003,
    Microsoft Windows XP Professional x64 Edition
    Windows Server "Longhorn"
    1, 0, 0, 1
    kuping_v4.EXE
    
services.exe_760_rwx_00070000_00001000:
    

    

    %Program Files%\Baidu\BaiduSd\1.8.0.1255\bd0001.dll
    
svchost.exe_1096_rwx_02EA0000_00001000:
    

    

    %Program Files%\Baidu\BaiduSd\1.8.0.1255\bd0001.dll
    

    


    
Remove it with Ad-Aware
    

    

      

    1. Click (here) to download and install Ad-Aware Free Antivirus.
      2. 

    2. Update the definition files.
      3. 

    3. Run a full scan of your computer.
      4. 

    


    
Manual removal*
    

    

      

    1. Scan a system with an anti-rootkit tool.
      2. 

    2. Terminate malicious process(es) (How to End a Process With the Task Manager):
      

      BaiduSd.exe:3992
      shandian.exe:496
      shandian.exe:212
      pczh_98_2.exe:3288
      F30241_s_0523.exe:1704
      BaiduSdTray.exe:3184
      mscorsvw.exe:1912
      bddownloader.exe:3708
      kuping_b_54282.exe:2428
      regsvr32.exe:3576
      regsvr32.exe:3880
      BaiduSdSvc.exe:3048
      BaiduSdSvc.exe:2944
      netsh.exe:3852
      BDKVWsc.exe:3576
      RegSvr32.exe:3592
      RegSvr32.exe:3744
      BDDownloader.exe:3348
      BDDownloader.exe:3524
      

      3. 

    3. Delete the original Trojan file.
      4. 

    4. Delete or disinfect the following files created/modified by the Trojan:
      

      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\foot_slider[1].jpg (322 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\texture[1].gif (1565 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\fbg_about[1].png (3 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\welcome_cn[1].htm (1469 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\123.sogou[1].htm (5637 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\ufo2[1].js (11796 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\v53_arrow_h[1].gif (1 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\guide_tip[1].png (990 bytes)
      %Program Files%\shandian\bin\twcache.ini (696 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\rec[1].do (374 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\icon4[1].gif (1 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\main[1].js (5034 bytes)
      %Program Files%\shandian\bin\ImgCache\123.sogou.com_favicon.ico (1 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\DD_belatedPNG_0.0.8a-min[2].js (254 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\guide_tip[1].png (1012 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\subnav_v41[1].png (634 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\desktop.ini (67 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\VGX3.tmp (10 bytes)
      %Documents and Settings%\%current user%\Cookies\Current_User@sogou[2].txt (316 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\20140508103513_537[1].gif (6023 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\20140528121906_70[1].jpg (186 bytes)
      %Documents and Settings%\%current user%\Cookies\[email protected][2].txt (1879 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\20130830161205_609[1].gif (1858 bytes)
      %Program Files%\shandian\bin\shandian.ini.tmp (244 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\img-news[1].gif (225 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\i8g7XZO1lz1162[1].jpg (4 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\20140526163446_912[1].jpg (737 bytes)
      %Documents and Settings%\%current user%\Cookies\[email protected][1].txt (1398 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\20140526163242_997[1].jpg (186 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\newioage[1].css (715 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\skin2_0[1].gif (592 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\citydata[2].js (5378 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\new-ico[1].png (211 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\desktop.ini (67 bytes)
      %Documents and Settings%\%current user%\Cookies\Current_User@sogou[1].txt (134 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\_ads_2[2].js (7 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\skin_[1].css (21 bytes)
      %Program Files%\shandian\bin\theworld.ac (3 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\guide_top[1].jpg (5 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\v53_123n[1].js (2326 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\main[2].js (4631 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\20140526170756_638[1].jpg (5 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\20140527162400_1[1].jpg (3534 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\get_123_v53[1].php (14900 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\citydata[1].js (4272 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\cloudy[1].gif (1 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\20130820165531_481[1].gif (2 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\20130531144119_126[1].png (3182 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\titlebg[1].png (634 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\v53_bicos[1].gif (826 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\selogo_111207[1].png (1400 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\setting_icon[1].gif (76 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\v53_2icos[1].gif (2 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\selogo_111207[2].png (780 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\v33_sugg_ajaj_v40_3[2].js (1187 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\logo_1112293[1].gif (1266 bytes)
      %Documents and Settings%\%current user%\Cookies\[email protected][1].txt (193 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\skin3[1].gif (1266 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\mE8bXnNioe2802[1].jpg (3 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\ufo2[2].js (12237 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\favicon[1].ico (681 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\get_tj[1].php (1199 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\cloudy[1].gif (1 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\i-ico-2b[1].png (2 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\search_arrow[1].gif (447 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\20140526163043_207[1].jpg (1264 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\new-erweima2[1].png (3330 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\hotdata[1].js (3 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\start_button[1].jpg (2 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\skin_tips_n1[1].gif (1 bytes)
      %Documents and Settings%\%current user%\Cookies\index.dat (8676 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\v53_123n[2].js (3166 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\_ads_2[1].js (3 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\setskinbg[1].gif (397 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\hotdata[2].js (8 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\selogo_111207[1].png (1858 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\DD_belatedPNG_0.0.8a-min[1].js (678 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\v33_sugg_ajaj_v40_3[1].js (1352 bytes)
      %Program Files%\shandian\ico\360.ico (32 bytes)
      %Documents and Settings%\%current user%\Desktop\Internet Explorer.lnk (1 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsa2.tmp\emaaif_70690.exe (12288 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsa2.tmp\System.dll (11 bytes)
      %Program Files%\shandian\home.bat (691 bytes)
      %Program Files%\shandian\bin\shandian.exe (28332 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsa2.tmp\F30241_s_0523.exe (91814 bytes)
      %Program Files%\shandian\ico\ie.ico (700 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\F30241_s_0523[1].rar (91814 bytes)
      %Documents and Settings%\%current user%\Desktop\ÉÁµçä¯ÀÀÆ÷.lnk (505 bytes)
      %Program Files%\shandian\config.ini (194 bytes)
      %Program Files%\shandian\uninst.exe (2612 bytes)
      %Documents and Settings%\%current user%\Application Data\Microsoft\Internet Explorer\Quick Launch\ÉÁµçä¯ÀÀÆ÷.lnk (700 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsa2.tmp\config.ini (3 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsa2.tmp\xID.dll (10 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsa2.tmp\pczh_98_2.exe (1717 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\desktop.ini (67 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\kuping_b_54282[1].rar (37274 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsa2.tmp\Md5dll.dll (8 bytes)
      %Program Files%\shandian\ico\anquan.ico (3 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsa2.tmp\bind.dll (1207 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\pczh_98_2[1].rar (1717 bytes)
      %Program Files%\shandian\ico\taobao.ico (15 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsa2.tmp\config0.ini (3 bytes)
      %Documents and Settings%\%current user%\Start Menu\Programs\ÉÁµçä¯ÀÀÆ÷\ÉÁµçä¯ÀÀÆ÷.lnk (694 bytes)
      %Program Files%\shandian\bin\sdad.exe (12955 bytes)
      %Program Files%\shandian\shandian.exe (3121 bytes)
      %Documents and Settings%\%current user%\Start Menu\Programs\ÉÁµçä¯ÀÀÆ÷\жÔØÉÁµçä¯ÀÀÆ÷.lnk (682 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\emaaif_70690[1].rar (12288 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsa2.tmp\kuping_b_54282.exe (37274 bytes)
      %Documents and Settings%\%current user%\Desktop\360°²È«ä¯ÀÀÆ÷.lnk (1 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\stat[1].htm (3 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsl9.tmp\hu.dll (3312 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsl9.tmp\BDMReport.dll.bdl (32601 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsl9.tmp\BDLogicUtils.dll (31856 bytes)
      %Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddl.bca (1121 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsl9.tmp\System.dll (784 bytes)
      %Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddl.bca.bak (200 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsg8.tmp (132115 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsl9.tmp\tmpqhm8vg.dll (24832 bytes)
      %Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddlp.bca.bak (8 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsl9.tmp\aj.exe.bdl (30208 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsl9.tmp\BDMSkin.dll (36698 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsl9.tmp\BDMNetGetInfo.dll (9608 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsl9.tmp\BDMDownload.dll (5520 bytes)
      %Documents and Settings%\All Users\Application Data\Baidu\Desktop\Global.db (16 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsl9.tmp\BDMNet.dll.bdl (37863 bytes)
      %Documents and Settings%\All Users\Application Data\Baidu\Common\Global.db (100 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsl9.tmp\dl.dll (65930 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsl9.tmp\res\onlineWnd.zip (14184 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\miniindex[1].htm (5063 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\jquery-1.7.2.min[1].js (33461 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\aaa9[1].jpg (1055 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\stat[1].gif (43 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\b18[1].jpg (776 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\b17[1].jpg (7942 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\d[1].gif (43 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\b19[1].jpg (1135 bytes)
      %Documents and Settings%\%current user%\Cookies\Current_User@mmstat[2].txt (168 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\aaa8[1].jpg (2477 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\0[1].swf (8391 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\b18[1].jpg (4494 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\tj[1].js (279 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\b16[1].jpg (8970 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\b15[1].jpg (9503 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\aaa5[1].jpg (13964 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\aaa1[1].jpg (5548 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\Untitled-2[1].gif (2240 bytes)
      %Program Files%\shandian\bin\update\PopWinParam.xml (196 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\b13[2].jpg (5012 bytes)
      %Documents and Settings%\%current user%\Cookies\Current_User@cnzz[1].txt (489 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\aaa7[1].jpg (1732 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\aaa8[2].jpg (1334 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\core[1].php (798 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\lieqi_509_366[1].htm (2049 bytes)
      %Documents and Settings%\%current user%\Cookies\Current_User@mmstat[1].txt (336 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\stylemini[1].css (4968 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\b16[1].jpg (10251 bytes)
      %Documents and Settings%\%current user%\Cookies\Current_User@70e[2].txt (272 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\stat[2].gif (43 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\b13[1].jpg (7583 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\style[1].css (145 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\lieqi_509_366[1].htm (2049 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\aaa4[1].jpg (13509 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\aaa4[1].jpg (16629 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\Untitled-3[1].jpg (3683 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\aaa10[1].jpg (975 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\cpv1[1].htm (1117 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\aaa7[2].jpg (975 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\aaa2[1].jpg (6824 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\Close[1].gif (348 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\stat[2].gif (43 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\cpc_img[1].js (1 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\cpc_img[1].htm (442 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\jiankang_509_366[1].htm (2049 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\b14[1].jpg (4573 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\cpc_swf[1].asp (2091 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\aaa2[1].jpg (7561 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\b19[1].jpg (1878 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\aaa9[1].jpg (2237 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\close[1].png (2 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\ico_new2[1].png (11324 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\stat[1].gif (43 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\core[1].php (798 bytes)
      %Documents and Settings%\%current user%\Cookies\[email protected][2].txt (406 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\meinv[1].htm (882 bytes)
      %Documents and Settings%\%current user%\Cookies\Current_User@565882[1].txt (139 bytes)
      %Documents and Settings%\%current user%\Cookies\[email protected][1].txt (609 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\aaa10[1].jpg (2596 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\jiankang_509_366[1].htm (2049 bytes)
      %Documents and Settings%\%current user%\Cookies\[email protected][2].txt (690 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\aaa5[2].jpg (15880 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\shehui_509_366[1].htm (2049 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\b14[1].jpg (9642 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\b17[1].jpg (6529 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\stat[1].php (1163 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\aaa3[1].jpg (14283 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\min[1].png (1 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\xinwen[1].htm (881 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\shehui_509_366[1].htm (2049 bytes)
      %Documents and Settings%\%current user%\Cookies\Current_User@cnzz[2].txt (326 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\aaa1[1].jpg (7701 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\normal_bg[1].png (4096 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\stat[1].gif (43 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\aaa3[1].jpg (13203 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\jquery-1.7.2.min[1].js (6055 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\cpc_ztyw[1].css (73 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\b15[1].jpg (6803 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\xinwen[1].htm (881 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\meinv[1].htm (882 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\aaa6[1].jpg (5848 bytes)
      %Documents and Settings%\%current user%\Cookies\Current_User@zhouliboguju[1].txt (150 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\2012_swf[1].js (1 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\nvxing_509_366[1].htm (2047 bytes)
      %Documents and Settings%\%current user%\Cookies\Current_User@70e[1].txt (514 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\Untitled-1[1].gif (776 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\nvxing_509_366[1].htm (2047 bytes)
      %Documents and Settings%\%current user%\Cookies\[email protected][1].txt (1010 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\aaa6[1].jpg (4172 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsd10.tmp\Base64.dll (4 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nshF.tmp (20286 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsd10.tmp\System.dll (11 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\Microsoft.VC80.ATL\Microsoft.VC80.ATL.manifest (466 bytes)
      %WinDir%\pchealth\helpctr\System\panels (4 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDMTinyXml.dll (6584 bytes)
      %WinDir%\pchealth\helpctr\System\images (4 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDShellExt64.dll (14184 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmsysrepair\Microsoft.VC80.ATL\Microsoft.VC80.ATL.manifest (466 bytes)
      %WinDir%\SoftwareDistribution\Download\7dc26e8888d68d9e04bc52940c0f24b5 (4 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\Skins\Default\BDKVQuarantine.rdb (10 bytes)
      %WinDir%\SoftwareDistribution\Download\36a2296f631a54daefcc3b56e3d990e2 (4 bytes)
      %WinDir%\pchealth\helpctr\System\Remote Assistance (4 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkv\Microsoft.VC80.ATL\Microsoft.VC80.ATL.manifest (466 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\BDMAVEng.dll (4185 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\bdmp.dat (784 bytes)
      %WinDir%\pchealth\helpctr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance (4 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\BaiduSdTray.exe (10815 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\Skins\Default\BDKVTray.rdb (19152 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\tips.xml (1 bytes)
      %WinDir%\SoftwareDistribution\Download\2e6b16219034e135b4f869efb7a10fee (4 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\NewPih.dll (4992 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDKVDownloadProtect_x64.dll (6584 bytes)
      %Program Files%\Adobe\Reader 9.0\Reader\plug_ins3d (4 bytes)
      %WinDir%\SoftwareDistribution\Download\6a410a1bd174bc123056d235ac4829af (4 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMBase.dll (7345 bytes)
      %Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\811.dat (8 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMLog.dll (32 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMUpdate.dll (673 bytes)
      %WinDir%\SoftwareDistribution\Download\022593ca08eb4cd8e9681a7116f902d9 (4 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\System.dll (784 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\virus_type.dat (485 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\BDKVDownloadProtect_x64.dll (673 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\KVTray_PluginConfig.xml (1 bytes)
      %System%\config (96 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\BaiduSdRepair.exe (2321 bytes)
      %WinDir%\assembly\NativeImages_v2.0.50727_32\PresentationFramewo# (4 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\BaiduSd.exe (2105 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\tuopan.png (3 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\BDMAVCached.dll (1425 bytes)
      %Documents and Settings%\%current user%\Start Menu\Programs\Accessories (4 bytes)
      %WinDir%\SoftwareDistribution\Download\01229cf5dcf0df67992cac35a2ba0b3f (4 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMReport.dll (2105 bytes)
      %Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012014053120140601\index.dat (388 bytes)
      %WinDir%\SoftwareDistribution\Download\1c47f41cc76cde4c629564d7564f2795 (4 bytes)
      %System%\CatRoot (4 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BaiduSd.exe (13368 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\app.ico (2105 bytes)
      %WinDir%\SoftwareDistribution\Download\85947e1a809663c7f480717673587a59 (4 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\BDShellExt64.dll (2321 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\KVMainframe_PluginConfig.xml (1 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\ad.dll (2321 bytes)
      %WinDir%\SoftwareDistribution\Download\da2a33b6770f970d7fe7262040f98a4f (4 bytes)
      %Program Files%\Reference Assemblies\Microsoft\Framework\v3.0 (4 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BaiduSdBugRpt.exe (19152 bytes)
      %System%\config\systemprofile\Application Data\Microsoft (4 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\Skins\Default\BDKV.rdb (3312 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDMMsg.dll (1552 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\Skins\Default\TrayPlugin.rdb (20624 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\TrustAndIso.dll (1281 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvrtpplugins\Microsoft.VC80.CRT\msvcm80.dll (16424 bytes)
      %WinDir%\SoftwareDistribution\Download\0c1e5e0ffeb238b1ee5c9ea3a4878374 (4 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\RepairPluginContainerConfig.xml (228 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\Cooly_PluginConfig.xml (720 bytes)
      %WinDir%\SoftwareDistribution\Download\b5f880834ad67f3d383ffff5f2fa46bd (4 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\Skins\Default\BDKVConfig.rdb (4992 bytes)
      %Program Files%\Common Files\VMware\Drivers (4 bytes)
      %WinDir%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Security\Permissions (4 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\Microsoft.VC80.ATL\atl80.dll (3312 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\Microsoft.VC80.CRT\msvcr80.dll (21216 bytes)
      %Program Files%\Adobe\Reader 9.0\Resource\Font (4 bytes)
      %Program Files%\Common Files\Microsoft Shared\OFFICE14 (4 bytes)
      %WinDir%\Microsoft.NET\Framework\v4.0.30319\WPF (4 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmsysrepair\Microsoft.VC80.CRT\msvcm80.dll (16424 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvtrayplugins\Microsoft.VC80.CRT\msvcm80.dll (16424 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\kav_verify.dat (677 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\BDDownloader.exe (9605 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDMBase.dll (32128 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\BAV\bdmp.dat (25 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMPatchAgent.dll (26 bytes)
      %WinDir%\Microsoft.NET\Framework\v3.0\WPF (4 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkv\Microsoft.VC80.CRT\msvcm80.dll (16424 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\repairplugins\RepairPluginContainerConfig.xml (228 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\ieBaiduSDDetectPlug.dll (4992 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\BaiduSdSvc.exe (2321 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\FileMon.dll (18424 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDKVTrayTipsPlugin.dll (6584 bytes)
      %Documents and Settings%\NetworkService\Local Settings (4 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\explugin\npBaiduSDDetectPlug.dll (601 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\BaiduSdUProxy64.exe (4545 bytes)
      %WinDir%\WinSxS\Policies (8 bytes)
      %System%\oobe\html (4 bytes)
      %WinDir%\SoftwareDistribution\Download\f0fea42f69058000617da24986c3b109 (4 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\cache_config.dat (469 bytes)
      %System%\drivers\BDArKit.sys (601 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\scan_mgr_config.dat (5 bytes)
      %WinDir%\assembly\NativeImages_v4.0.30319_32\PresentationFramewo# (4 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (1 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDMNet.dll (28288 bytes)
      %WinDir%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation (4 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDKVVirusPlugins.dll (12024 bytes)
      %WinDir%\SoftwareDistribution\Download\621a08ac003b616bcaa86aa4d4292d50 (4 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvtrayplugins\BDKVTrayTipsPlugin.dll (673 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BaiduSdUpdate.exe (19152 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\uninst.exe (28288 bytes)
      %WinDir%\Fonts (1248 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkv\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (1 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvrtpplugins\Microsoft.VC80.CRT\msvcp80.dll (19096 bytes)
      %WinDir%\Microsoft.NET\assembly\GAC_32 (4 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDPerflog.dll (5064 bytes)
      %WinDir%\Microsoft.NET\Framework\v3.0\Windows Workflow Foundation (4 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmsysrepair\Microsoft.VC80.CRT\msvcp80.dll (19096 bytes)
      %WinDir%\SoftwareDistribution\Download\c0c52c03306062533f7dcb087bfcfa6b (4 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\explugin\ieBaiduSDDetectPlug.dll (601 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\809.dat (3 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMSDWrench.dll (601 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (1 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\GameNoDisturb.ini (215 bytes)
      %Documents and Settings%\All Users\Desktop\百度杀毒.lnk (959 bytes)
      %System%\drivers\bd0003.sys (55 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\kav_verify.dat (677 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BSRLib.dat (5064 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\systemfile.dat (3 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDCooly.dll (1552 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvtrayplugins\Microsoft.VC80.CRT\msvcr80.dll (21216 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\ToastImage.png (5 bytes)
      %WinDir%\pchealth\helpctr\OfflineCache (4 bytes)
      %WinDir%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Security\Users (4 bytes)
      %WinDir%\SoftwareDistribution\Download\e79028ac4f02e201b61b2c632cb0fc5e (4 bytes)
      %Documents and Settings%\All Users\Start Menu\Programs (4 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\updlog.dll (15 bytes)
      %WinDir%\Help\Tours\WindowsMediaPlayer\Img (4 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\RtpContainerConfig.xml (818 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkv\BDKVVirusPlugins.dll (2105 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\drivers\bd0002.sys (1281 bytes)
      %WinDir%\SoftwareDistribution\Download\bc81666f3868f34642e3f5adbc2719f9 (4 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDMSREng.dll (9608 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\dns_tmp.txt (4 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmsysrepair\Microsoft.VC80.CRT\msvcr80.dll (21216 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvtrayplugins\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (1 bytes)
      %Documents and Settings%\Default User\Local Settings (4 bytes)
      %System%\spool\XPSEP\amd64 (4 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDMRepBase.dll (27704 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\806.dat (3 bytes)
      %WinDir%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Security\Roles (4 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\bduf.dll (11048 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\Skins\Default\BDKVTips.rdb (2392 bytes)
      %WinDir%\ime\imjp8_1 (4 bytes)
      %WinDir%\SoftwareDistribution\Download\e8252bbfa91fcf5afb38775b18691074 (4 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMEvents.dll (15 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDMPerfMon.dll (5064 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDMStringUtils.dll (1856 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\NetService.ini (615 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\DriverManager.dll (601 bytes)
      %Documents and Settings%\%current user%\Application Data\Sun\Java\Deployment\SystemCache\6.0 (8 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\tips.xml (1 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDUDiskGuard.dll (8560 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\dnw.xml (149 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\Microsoft.VC80.ATL\Microsoft.VC80.ATL.manifest (466 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\KVRtp_PluginConfig.xml (2 bytes)
      %Documents and Settings%\LocalService\Application Data\Microsoft (4 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\BaiduSdUpdate.exe (3361 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\BDUDiskGuard.dll (1281 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\BDMPerfMon.dll (673 bytes)
      %WinDir%\SoftwareDistribution\Download\c656e6c592787a464f852186d6e0b466 (4 bytes)
      %WinDir%\SoftwareDistribution\Download\8bb5f1c638778df6b77d80bc61ffc63c (4 bytes)
      %WinDir%\SoftwareDistribution\Download\b91377d1d56820d9d699c0c2dc7c8e80 (4 bytes)
      %WinDir%\SoftwareDistribution\Download\30438597a812a5d1d7979088d451747f (4 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\Microsoft.VC80.CRT\msvcr80.dll (21216 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\BDKVDeskBand64.dll (601 bytes)
      %Program Files%\Microsoft Office\Office14 (4 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvrtpplugins\Microsoft.VC80.ATL\atl80.dll (3312 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\BDMSkin.dll (37025 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvtrayplugins\BDKVRmvDevPlugin.dll (1281 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\systemfile.dat (3 bytes)
      %WinDir%\Temp (4 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\cache_config.dat (469 bytes)
      %Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\810.dat (3 bytes)
      %WinDir%\Microsoft.NET\assembly\GAC_MSIL (28 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmsysrepair\BDMSREng.dll (1425 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvtrayplugins\Microsoft.VC80.CRT\msvcp80.dll (19096 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvrtpplugins\HIPS.dll (7345 bytes)
      %WinDir%\SoftwareDistribution\Download\ee4e3d4bf0d346e1b8fdee8197195e59 (4 bytes)
      %WinDir%\SoftwareDistribution\Download\211409fc1d99b95b32fb0344cad140df (4 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvtrayplugins\Microsoft.VC80.ATL\Microsoft.VC80.ATL.manifest (466 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\811.dat (8 bytes)
      %WinDir%\SoftwareDistribution\Download\dffcab319e36b852e5b2d51802010a7a (4 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\901.dat (8 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\Microsoft.VC80.CRT\msvcm80.dll (16424 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\BDMRepBase.dll (5873 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDMEvents.dll (15 bytes)
      %WinDir%\SoftwareDistribution\Download\299840a657dd26ca3bbf3cee3ec999ba (4 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmsysrepair\Microsoft.VC80.ATL\atl80.dll (3312 bytes)
      %WinDir%\SoftwareDistribution\Download\e5c5fc9bd7a4957f0a45c6db2957c5c9 (4 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\wverify.dat (66168 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\DesktopToast.exe (601 bytes)
      %WinDir%\SoftwareDistribution\Download\196fa81559690e2494e56094df51cdd8 (4 bytes)
      %Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\809.dat (3 bytes)
      %Documents and Settings%\%current user%\Application Data\Sun\Java\Deployment\cache\6.0 (8 bytes)
      %WinDir%\SoftwareDistribution\Download\906245b7f0992255b054322b77475594 (4 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\KVInstallHelper.dll (12536 bytes)
      %Documents and Settings%\Default User\Start Menu\Programs\Accessories (4 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\Skins\Default\TrayDldProtect.rdb (6360 bytes)
      %WinDir%\ime\imkr6_1 (4 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\KVRtp_PluginConfig.xml (2 bytes)
      %WinDir%\pchealth\helpctr\System\sysinfo\graphics (4 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDKVDownloadProtect.dll (5520 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\BDCooly.dll (44 bytes)
      %WinDir%\SoftwareDistribution\Download\248802b74506342031e926839639c729 (4 bytes)
      %WinDir%\SoftwareDistribution\Download\cb88a2f03b29735db957d61a63df6504 (4 bytes)
      %WinDir%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Providers (4 bytes)
      %WinDir%\SoftwareDistribution\Download\21156e54b0f0f47f81dab4a39e109501 (4 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\Skins\Default\SearchProtection.rdb (5064 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDKVLogs.dll (6584 bytes)
      %WinDir%\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client (8 bytes)
      %WinDir%\SoftwareDistribution\Download\c263092dccc247f68a43cfee93ecc72d (4 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\HIPS.dll (30968 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\KavUpdate.dll (1281 bytes)
      %Documents and Settings%\All Users\Start Menu\Programs\百度杀毒\卸载百度杀毒.lnk (944 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDMLog.dll (784 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmsysrepair\BSRLib.dat (673 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\804.dat (3 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMTinyXml.dll (673 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDKVDeskBand64.dll (4992 bytes)
      %WinDir%\Web (4 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\GetSupplyId.dll (3616 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\blacksign.dat (852 bytes)
      %Documents and Settings%\All Users\Start Menu\Programs\Accessories (4 bytes)
      %Program Files%\Common Files\System (4 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDDownloader.exe (42222 bytes)
      %WinDir%\SoftwareDistribution\Download\e0c0da396303f1dd2c82cd2ccc07020d (4 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\BDShellExt.dll (2321 bytes)
      %System%\drivers\bd0002.sys (1281 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\Skins\Default\BDKVTray\TrayPlugin.rdb (18424 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMSkin.dll (8281 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\app.ico (12024 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDMSDWrench.dll (3312 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\index.dat (2420 bytes)
      %WinDir%\SoftwareDistribution\Download\aadd6ccc4585cbf4ee04287eb0e679df (4 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\CompatibilityChecker.dll (601 bytes)
      %System%\drivers\bd0001.sys (601 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkv\Microsoft.VC80.CRT\msvcr80.dll (21216 bytes)
      %WinDir%\Microsoft.NET\Framework\v2.0.50727\CONFIG (4 bytes)
      %WinDir%\SoftwareDistribution\Download\6b7f938fb3db15dab273f3f1702c318c (4 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvtrayplugins\UserDetectionPlugin.dll (673 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\Skins\Default\BDKVUpdate.rdb (13584 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmsysrepair\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (1 bytes)
      %WinDir%\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 (384 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\BDKVMainFrame.dll (7345 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\BDKVLogs.dll (673 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\BDKVDownloadProtect.dll (673 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\licenses\directui license.txt (593 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\BAV\BDAVCScan.dll (601 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\baidusdRepair.dll (4992 bytes)
      %Program Files%\Movie Maker\Shared (4 bytes)
      %WinDir%\SoftwareDistribution\Download\bc8ea6c22fd142de8dd67336d23310cf (4 bytes)
      %System%\wbem (676 bytes)
      %WinDir%\SoftwareDistribution\Download\57b4b90cc3eead9f6c29b58581d03ae4 (4 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDMDownload.dll (11344 bytes)
      %WinDir%\SoftwareDistribution\Download\21cbd3f70584651805685eba1753505f (4 bytes)
      %WinDir%\SoftwareDistribution\Download\b6f4642d2b8dc03c5ce1b1a4f77b1bda (4 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\BDKVWsc.exe (2105 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\Cooly_PluginConfig.xml (720 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\bd0001.sys (2392 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkv\Microsoft.VC80.ATL\atl80.dll (3312 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\900.dat (8 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDKVRmvDevPlugin.dll (8560 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\TrayPluginContainerConfig.xml (945 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMMsg.dll (33 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\repairplugins\baidusdRepair.dll (601 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMDownload.dll (1425 bytes)
      %Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\901.dat (8 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDMPatchAgent.dll (784 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDMReport.dll (12024 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\KavUpdate.dll (9320 bytes)
      %System%\mui (4 bytes)
      %System%\spool\XPSEP\i386 (4 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDKVDeskBand.dll (5064 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMFrameWork.dll (1425 bytes)
      %WinDir%\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944 (4 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\Repair_PluginConfig.xml (411 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\810.dat (3 bytes)
      %WinDir%\SoftwareDistribution\Download\2c95b28351986132d7f36dd28eece9b0 (4 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvtrayplugins\Microsoft.VC80.ATL\atl80.dll (3312 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvtrayplugins\TrayPluginContainerConfig.xml (945 bytes)
      %Documents and Settings%\%current user%\Local Settings\History\History.IE5\index.dat (484 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\Microsoft.VC80.CRT\msvcp80.dll (19096 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\KVMainframePluginContainerConfig.xml (384 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BaiduSdSvc.exe (15536 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDMAVCached.dll (11048 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDKitUtils.dll (1856 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvtrayplugins\BDDownLoadProtectPlugin.dll (2105 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BaiduSdTray.exe (46916 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\drivers\bd0003.sys (55 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvrtpplugins\Microsoft.VC80.CRT\msvcr80.dll (21216 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\ToastImage.png (5 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\coolyplugins\CoolyContainerConfig.xml (329 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\monitor_config.dat (559 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvrtpplugins\FileMon.dll (3361 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\GameNoDisturb.ini (215 bytes)
      %WinDir%\SoftwareDistribution\Download\9cf59263a134ab3fbbee78365a2fa5fc (4 bytes)
      %WinDir%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\AppConfig (4 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDShellExt.dll (15168 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\drivers\bd0001.sys (601 bytes)
      %System%\config\systemprofile\Start Menu\Programs\Accessories (4 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDMUpdate.dll (5520 bytes)
      %Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\900.dat (8 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvrtpplugins\PrivacyProtect.dll (673 bytes)
      %WinDir%\SoftwareDistribution\Download\9460002f6d8231358fc1eb590f9b1dce (4 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDArKit.sys (3312 bytes)
      %Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\804.dat (3 bytes)
      %WinDir%\SoftwareDistribution\Download\bc529fa49cb2cb097fdf1e22d25872da (4 bytes)
      %WinDir%\SoftwareDistribution\Download\e104dcd29adf1c6c473a5efad2d509be (4 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\Microsoft.VC80.CRT\msvcm80.dll (16424 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\BaiduSdBugRpt.exe (3361 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\ToastLogo.ico (12024 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\hips.xml (17 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDConfig.dll (19152 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\BAV\bdvs.dat (5 bytes)
      %Documents and Settings%\All Users\Start Menu\Programs\百度杀毒\百度杀毒.lnk (971 bytes)
      %WinDir%\pchealth\helpctr\Config (4 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\bduf.dll (1425 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDMAVEng.dll (22192 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\iexplore.exe.xml (528 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMAVE.dll (673 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDDownLoadProtectPlugin.dll (12536 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDMSkin.dll (37368 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\BDLogicUtils.dll (1281 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\UserDetectionPlugin.dll (5520 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDMRepMgr.dll (10136 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\duilib license.txt (1 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\Microsoft.VC80.CRT\msvcp80.dll (19096 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\hips.xml (784 bytes)
      %Documents and Settings%\%current user%\Application Data\Adobe\Acrobat\9.0 (4 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvrtpplugins\fm.dat (597 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\Repair_PluginConfig.xml (411 bytes)
      %Program Files%\Common Files\Microsoft Shared\DW (4 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\drivers\BDMWrench.sys (601 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\bdvs.dat (5 bytes)
      %WinDir%\SoftwareDistribution\Download\07a96de176867bc25b7dc839d22b07e2 (4 bytes)
      %WinDir%\SoftwareDistribution\Download\8cac00e8efc87d728c0261686f85c975 (4 bytes)
      %WinDir%\SoftwareDistribution\Download\d48a3b967ba5709df048e8f2a49cf8a6 (4 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\bd0001.dll (5064 bytes)
      %WinDir%\SoftwareDistribution\Download\cedca0128a48437390192d906f83a717 (4 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\res\InstallWnd.zip (12536 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\CompatibilityChecker.dll (3312 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\Skins\Default\KVCommonRes.rdb (132004 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\fm.dat (597 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\iexplore.exe.xml (528 bytes)
      %WinDir%\SoftwareDistribution\Download\a4c07d9275eb613d842cb1e140d8a426 (4 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsl5.tmp (906814 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\blacksign.dat (852 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDLogicUtils.dll (9320 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\TrustAndIso.dll (8184 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\dnw.xml (149 bytes)
      %WinDir%\SoftwareDistribution\Download\17e46901add634f15d293735648771e6 (4 bytes)
      %WinDir%\SoftwareDistribution\Download\50e2c72fd814d3841e776dd2c4918260 (4 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\CoolyContainerConfig.xml (329 bytes)
      %WinDir%\SoftwareDistribution\Download\c0e4033a7ec549e982572f0d830cf5d0 (4 bytes)
      %WinDir%\SoftwareDistribution\Download\0000894bab70b145c3629920ba907f7a (4 bytes)
      %WinDir%\SoftwareDistribution\Download\cd75fc2c9aa3d47009fe2d95c9f43154 (4 bytes)
      %WinDir%\Installer\$PatchCache$\Managed (4 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\BDMRepMgr.dll (1425 bytes)
      %Documents and Settings%\%current user%\Local Settings\Application Data (4 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\KVMainframe_PluginConfig.xml (1 bytes)
      %Documents and Settings%\All Users\Application Data\Microsoft (4 bytes)
      %WinDir%\Web\printers (4 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\KVTray_PluginConfig.xml (1 bytes)
      %System%\config\systemprofile\Local Settings (4 bytes)
      %WinDir%\SoftwareDistribution\Download\78cf8552430e25a8f24bc1e4dfb1970e (4 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\DriverManager.dll (4992 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvrtpplugins\RtpContainerConfig.xml (818 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\PluginInstallHelper.dll (3616 bytes)
      %WinDir%\SoftwareDistribution\Download\8b9a83d2cde55eb19dc502cc2dd04e0d (4 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\npBaiduSDDetectPlug.dll (3616 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkv\KVMainframePluginContainerConfig.xml (384 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDMFrameWork.dll (10136 bytes)
      %WinDir%\SoftwareDistribution\Download\f2adb0f8440e5dbd459aa6bfcaed1ba5 (4 bytes)
      %Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\Config\806.dat (3 bytes)
      %Program Files%\Reference Assemblies\Microsoft\Framework\v3.5 (4 bytes)
      %Documents and Settings%\LocalService\Local Settings (4 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\NetService.ini (615 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BaiduSdUProxy64.exe (23936 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\updlog.dll (15 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\virus_type.dat (485 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDMSRCore.dll (10136 bytes)
      %WinDir%\SoftwareDistribution\Download\23e79e5fb28793d8cb1c2055b0d8dcb9 (4 bytes)
      %Documents and Settings%\All Users\Documents\My Music\Sample Playlists (4 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\BDKVDeskBand.dll (673 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\BDConfig.dll (3361 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMStringUtils.dll (49 bytes)
      %WinDir%\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Security\Wizard (4 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\tuopan.png (3 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\uninst.exe (5873 bytes)
      %Documents and Settings%\NetworkService\Application Data\Microsoft (4 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\bd0001.dll (673 bytes)
      %Documents and Settings%\LocalService\Local Settings\Temporary Internet Files\Content.IE5 (4 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BaiduSdRepair.exe (13584 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\monitor_config.dat (559 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\wverify.dat (15019 bytes)
      %System%\oobe\html\mouse (4 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\BDKitUtils.dll (54 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\bd0003.sys (1856 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\BDMNet.dll (5873 bytes)
      %WinDir%\SoftwareDistribution\Download\abaf10b7d55d3716fbb63e0b568cb4b6 (4 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\DesktopToast.exe (3616 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmantivirus\scan_mgr_config.dat (5 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\PrivacyProtect.dll (6360 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDAVCScan.dll (4992 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\ad.dll (15168 bytes)
      %Documents and Settings%\Default User\Application Data\Microsoft (4 bytes)
      %WinDir%\SoftwareDistribution\Download\163d01893aa68b49abc63d8d6c9a7bb2 (4 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\Microsoft.VC80.ATL\atl80.dll (3312 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\BDPerflog.dll (673 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\ToastLogo.ico (2105 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDMWrench.sys (3616 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDMAVE.dll (6584 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDKVMainFrame.dll (32128 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\bd0002.sys (7192 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\BDKVWsc.exe (13368 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsb6.tmp\file\directui license.txt (593 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvrtpplugins\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest (1 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\licenses\duilib license.txt (1 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkvrtpplugins\Microsoft.VC80.ATL\Microsoft.VC80.ATL.manifest (466 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\drivers\BDArKit.sys (601 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\bdmsysrepair\BDMSRCore.dll (1425 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\plugins\bdkv\Microsoft.VC80.CRT\msvcp80.dll (19096 bytes)
      C:\kuping4\Appsoftconfig\APPversion.ini (59 bytes)
      C:\kuping4\Appsoftconfig\image\Iebuttonlogo.png (196 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\KP_D\skinconfig\TongJICNZZ.dll (65 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\KP_D\skinconfig\ĬÈÏ\MsgBox_1.ini (729 bytes)
      C:\kuping4\Appsoftconfig\softtempfile\soft.xml (196 bytes)
      C:\kuping4\Appsoftconfig\image\coculation.png (196 bytes)
      C:\kuping4\Appsoftconfig\image\buttonsou.png (196 bytes)
      C:\kuping4\DeskTopPop.exe (1529 bytes)
      C:\kuping4\Appsoftconfig\image\sou.png (196 bytes)
      C:\kuping4\Appsoftconfig\image\buttonclear.png (196 bytes)
      C:\kuping4\Appsoftconfig\image\clear.png (3 bytes)
      C:\kuping4\Appsoftconfig\image\buttonplay.png (196 bytes)
      C:\kuping4\Appsoftconfig\image\cmd.png (196 bytes)
      C:\kuping4\Appsoftconfig\image\ielogo.png (196 bytes)
      C:\kuping4\Appsoftconfig\image\buttoncmd.png (196 bytes)
      C:\kuping4\BootStart.dll (157 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\KP_D\skinconfig\installedSoftInfo.ini (1952 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\KP_D\skinconfig\ĬÈÏ\ui\msgbox\cancel.png (3 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\KP_D\skinconfig\ĬÈÏ\ui\msgbox\close.png (3 bytes)
      C:\kuping4\dgmon.dll (471 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\KP_D\skinconfig\ĬÈÏ\ui\msgbox\bg_small.png (196 bytes)
      C:\kuping4\Appsoftconfig\image\play.png (196 bytes)
      C:\kuping4\Appsoftconfig\button.xml (2 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\KP_D\skinconfig\ĬÈÏ\ui\msgbox\btn_known.png (3 bytes)
      C:\kuping4\Appsoftconfig\image\buttoncoculation.png (196 bytes)
      C:\kuping4\Appsoftconfig\image\soft.xml (196 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\KP_D\LZMA.dll (68 bytes)
      %Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\FileSignDB\MANIFEST-000002 (4 bytes)
      %System%\config\SYSTEM.LOG (11649 bytes)
      %System%\config\software (26543 bytes)
      %System%\config\SOFTWARE.LOG (33318 bytes)
      %Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\privacy.db-journal (532 bytes)
      %Documents and Settings%\All Users\Application Data\Baidu\BaiduSd\CachedDB_1\MANIFEST-000002 (4 bytes)
      %Program Files%\Baidu\BaiduSd\1.8.0.1255\dl.dll (65930 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nseB.tmp (90616 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\nsuC.tmp\System.dll (784 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\BDDownloader_Installer\1.0.106.1[2014-5-31-3-45-3]\7z.dll (12536 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\BDDownloader_Installer\1.0.106.1[2014-5-31-3-45-3]\dl.dll (65930 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\BDDownloader_Installer\1.0.106.1[2014-5-31-3-45-3]\bdcomproxy.dll (2392 bytes)
      %Documents and Settings%\%current user%\Local Settings\Temp\BDDownloader_Installer\1.0.106.1[2014-5-31-3-45-3]\bddownloader.exe (41699 bytes)
      %Program Files%\Common Files\Baidu\BDDownload\106\bddownloader.exe (9605 bytes)
      %Program Files%\Common Files\Baidu\BDDownload\106\bdcomproxy.dll (601 bytes)
      %Program Files%\Common Files\Baidu\BDDownload\106\7z.dll (2105 bytes)
      %Program Files%\Common Files\Baidu\BDDownload\106\dl.dll (14988 bytes)
      

      5. 

    5. Delete the following value(s) in the autorun key (How to Work with System Registry):
      

      [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
      "shandian" = "%Program Files%\shandian\shandian.exe"

      [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "baidusdTray" = "%Program Files%\Baidu\BaiduSd\1.8.0.1255\BaiduSdTray.exe  -stmd=3"
      

      6. 

    6. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
      7. 

    7. Reboot the computer.
      8. 

    

    *Manual removal may cause unexpected system behaviour and should be performed at your own risk.
    

    

    

    

    


    
 
 




 
    No votes yet
    

    

    




    

    
				

    
							
    

			

				
					  
							

		
    
		
    

					
							

	
    
	
	        
    

	

        
      
     

      
      

      
    
     

    
   

		

    
		
    
		
			
    
			
    
				
    
					Lavasoft is the maker of Ad-Aware,
					the world's most popular anti-malware 
					software with over 450 million 
					downloads.
				
    
				
    
					© 2026 Lavasoft. All rights reserved.
    
					Terms Of Use |   Privacy Policy
					

    
								
    
			
    

		
    
		

    
	
    
	
	
    
	
    
		x
		
    Our best antivirus yet!
    
		
    Fresh new look. Faster scanning. Better protection.
    
		
    
			
    Enjoy unique new features, lightning fast scans and a simple yet beautiful new look in our best antivirus yet!
    
			
    For a quicker, lighter and more secure experience, download the all new adaware antivirus 12 now!
    
			
			Download adaware antivirus 12
		
    
		No thanks, continue to lavasoft.com
	
    
	
    
		
    
			close x
			
    Discover the new adaware antivirus 12
    
			
    Our best antivirus yet
    
			Download Now