Analysis Date2014-10-11 23:36:27
MD5e3373d4016a9cb079987a20c78b8a1b7
SHA1995eef8ff51babc17ea8dfaa3e621899d1b0dd43

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
SectionUPX0 md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
SectionUPX1 md5: 6bcb4f9156b387eeec30610c14895e06 sha1: 7bd53546da4bb13aefbb01e220010469f952b7a3 size: 16896
Section.rsrc md5: 0b649b480cc8de372f8f31f227f35aec sha1: 358cc976728f74ca2857dc99ac3661ecbaef2f74 size: 12288
Timestamp2014-09-19 19:49:07
VersionLegalCopyright:
InternalName:
FileVersion: 1, 0, 0, 0
CompanyName:
PrivateBuild:
LegalTrademarks:
Comments:
ProductName: 非凡影音
SpecialBuild:
ProductVersion: 1, 0, 0, 0
FileDescription: 非凡影音
OriginalFilename: ReBoInstall.exe
PackerUPX -> www.upx.sourceforge.net
PEhash8fb51307097bd839e0ab388b23006c7b48ea48eb
IMPhash6b72fc8ac265af04ecad859c1dce8cef
AV360 SafeGen:Trojan.Heur.JP.bmKfaGTEzXdb
AVAd-AwareGen:Trojan.Heur.JP.bmKfaGTEzXdb
AVAlwil (avast)Malware-gen:Win32:Malware-gen
AVArcabit (arcavir)no_virus
AVAuthentiumno_virus
AVAvira (antivir)TR/Spy.30208.286
AVBullGuardGen:Trojan.Heur.JP.bmKfaGTEzXdb
AVCA (E-Trust Ino)no_virus
AVCAT (quickheal)no_virus
AVClamAVno_virus
AVDr. Webno_virus
AVEmsisoftGen:Trojan.Heur.JP.bmKfaGTEzXdb
AVEset (nod32)Win32/RiskWare.Chindo.D
AVFortinetW32/Genome.D!tr.dldr
AVFrisk (f-prot)no_virus
AVF-SecureGen:Trojan.Heur.JP.bmKfaGTEzXdb
AVGrisoft (avg)no_virus
AVIkarusPUA.RiskWare.Chindo
AVK7Riskware ( 0040eff71 )
AVKasperskyTrojan-Downloader.Win32.Genome.ilrv
AVMalwareBytesno_virus
AVMcafeeno_virus
AVMicrosoft Security Essentialsno_virus
AVMicroWorld (escan)Gen:Trojan.Heur.JP.bmKfaGTEzXdb
AVNormanwinpe/Troj_Generic.WCFMQ
AVRisingno_virus
AVSophosno_virus
AVSymantecno_virus
AVTrend Microno_virus
AVVirusBlokAda (vba32)TrojanDownloader.Genome
AVYara APTno_virus
AVZillya!no_virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\QQBrowser_Setup_Hk_78656.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\jgimeside_yllm_105.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\fgcn_102099.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\QQPCDownload45016.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\desk_noteu_2014.8.6._106sx.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\livedt_brqds_3.5.0_500dx.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\qiqibox_1016.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\see_3202.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\44381.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\UUSEE_kb1003_Setup_169339.exe
Creates FileC:\Program Files\open.ini
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\apples_9_32387.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\cz_461.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\srigtp_70577.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\114lm-32387.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\setupsbdm-hh-3531.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\install1585095.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\Application Data\F0814_s_30827.exe
Deletes FileC:\Program Files\\open.ini
Winsock URLhttp://dl.baduqq.com/download/qiqibox_1016.exe
Winsock URLhttp://bei3.8910ad.com/iclk/?zoneid=155238&uid=32387
Winsock URLhttp://down.wangshi116.com/bind/desk_noteu_2014.8.6._106sx.exe
Winsock URLhttp://cnmd.qiniudn.com/fgcn_102099.exe
Winsock URLhttp://dn-sars.qbox.me/srigtp_70577.exe
Winsock URLhttp://w.x.baidu.com/go/full/2/30827
Winsock URLhttp://download.uusee.com/pop/down_new.php?u=kb1003&c=169339&d=0
Winsock URLhttp://bei3.8910ad.com/iclk/?zoneid=155189&uid=32387
Winsock URLhttp://woshiwo.qiniudn.com/install1585095%20.exe
Winsock URLhttp://dldir1.qq.com/invc/tt/QQBrowser_Setup_Hk_78656.exe
Winsock URLhttp://amsi.qiniudn.com/see_3196.exe
Winsock URLhttp://dlied6.qq.com/invc/xfspeed/qqpcmgr/download/QQPCDownload45016.exe
Winsock URLhttp://down.waisong8.com/input/jgimeside_yllm_105.exe
Winsock URLhttp://bcs.duapp.com/baiduan/44381.exe
Winsock URLhttp://down.071dt.com/bind/livedt_brqds_3.5.0_500dx.exe
Winsock URLhttp://d.jdtq365.com/setupsbdm-hh-3531.exe
Winsock URLhttp://img2.chizao.com/cz_461.exe

Network Details:

DNS08911.xdwscache.glb0.lxdns.com
Type: A
8.37.235.6
DNS08911.xdwscache.glb0.lxdns.com
Type: A
8.37.234.3
DNS08911.xdwscache.glb0.lxdns.com
Type: A
8.37.234.4
DNS08911.xdwscache.glb0.lxdns.com
Type: A
8.37.234.5
DNS08911.xdwscache.glb0.lxdns.com
Type: A
8.37.234.6
DNS08911.xdwscache.glb0.lxdns.com
Type: A
8.37.235.2
DNS08911.xdwscache.glb0.lxdns.com
Type: A
8.37.235.3
DNS08911.xdwscache.glb0.lxdns.com
Type: A
8.37.235.5
DNSdl.baduqq.com
Type: A
222.186.130.208
DNSbcs.n.shifen.com
Type: A
123.125.114.82
DNS08911.xdwscache.glb0.lxdns.com
Type: A
8.37.235.5
DNS08911.xdwscache.glb0.lxdns.com
Type: A
8.37.235.6
DNS08911.xdwscache.glb0.lxdns.com
Type: A
8.37.235.2
DNS08911.xdwscache.glb0.lxdns.com
Type: A
8.37.235.3
DNSaries.m.alikunlun.com
Type: A
27.221.34.110
DNSaries.m.alikunlun.com
Type: A
27.221.34.120
DNSbei3.8910ad.com
Type: A
122.226.95.75
DNSd.jdtq365.com
Type: A
61.147.108.121
DNS08911.xdwscache.glb0.lxdns.com
Type: A
8.37.235.3
DNS08911.xdwscache.glb0.lxdns.com
Type: A
8.37.235.5
DNS08911.xdwscache.glb0.lxdns.com
Type: A
8.37.235.6
DNS08911.xdwscache.glb0.lxdns.com
Type: A
8.37.235.2
DNSdown.waisong8.com
Type: A
218.75.110.13
DNSdldir1.qq.com.cdngc.net
Type: A
174.35.56.247
DNSdldir1.qq.com.cdngc.net
Type: A
174.35.56.144
DNSnb-gate-io.qiniu.com
Type: A
183.136.139.12
DNSnb-gate-io.qiniu.com
Type: A
183.136.139.17
DNSnb-gate-io.qiniu.com
Type: A
183.136.139.18
DNSnb-gate-io.qiniu.com
Type: A
183.136.139.11
DNSdown.071dt.com
Type: A
115.239.225.128
DNSswwx.n.shifen.com
Type: A
123.125.65.175
DNSdown.wangshi116.com
Type: A
115.239.225.128
DNSgnop001.tlgslb.com
Type: A
124.228.254.28
DNSgnop001.tlgslb.com
Type: A
124.228.175.2
DNSgnop001.tlgslb.com
Type: A
124.228.175.3
DNSgnop001.tlgslb.com
Type: A
124.228.254.5
DNSdown.qq.com
Type: A
183.61.46.140
DNSdown.qq.com
Type: A
183.61.224.110
DNSdown.qq.com
Type: A
183.61.32.183
DNSamsi.qiniudn.com
Type: A
DNSbcs.duapp.com
Type: A
DNScnmd.qiniudn.com
Type: A
DNSimg2.chizao.com
Type: A
DNSwoshiwo.qiniudn.com
Type: A
DNSdldir1.qq.com
Type: A
DNSdn-sars.qbox.me
Type: A
DNSw.x.baidu.com
Type: A
DNSdownload.uusee.com
Type: A
DNSdlied6.qq.com
Type: A
HTTP GEThttp://amsi.qiniudn.com/see_3196.exe
User-Agent: single
HTTP GEThttp://amsi.qiniudn.com/see_3196.exe
User-Agent: DownLoad
HTTP GEThttp://dl.baduqq.com/download/qiqibox_1016.exe
User-Agent: single
HTTP GEThttp://dl.baduqq.com/download/qiqibox_1016.exe
User-Agent: DownLoad
HTTP GEThttp://bcs.duapp.com/baiduan/44381.exe
User-Agent: single
HTTP GEThttp://bcs.duapp.com/baiduan/44381.exe
User-Agent: DownLoad
HTTP GEThttp://cnmd.qiniudn.com/fgcn_102099.exe
User-Agent: single
HTTP GEThttp://cnmd.qiniudn.com/fgcn_102099.exe
User-Agent: DownLoad
HTTP GEThttp://img2.chizao.com/cz_461.exe
User-Agent: single
HTTP GEThttp://img2.chizao.com/cz_461.exe
User-Agent: DownLoad
HTTP GEThttp://bei3.8910ad.com/iclk/?zoneid=155238&uid=32387
User-Agent: single
HTTP GEThttp://bei3.8910ad.com/iclk/?zoneid=155238&uid=32387
User-Agent: DownLoad
HTTP GEThttp://d.jdtq365.com/setupsbdm-hh-3531.exe
User-Agent: single
HTTP GEThttp://d.jdtq365.com/setupsbdm-hh-3531.exe
User-Agent: DownLoad
HTTP GEThttp://woshiwo.qiniudn.com/install1585095%20.exe
User-Agent: single
HTTP GEThttp://woshiwo.qiniudn.com/install1585095%20.exe
User-Agent: DownLoad
HTTP GEThttp://down.waisong8.com/input/jgimeside_yllm_105.exe
User-Agent: single
HTTP GEThttp://down.waisong8.com/input/jgimeside_yllm_105.exe
User-Agent: DownLoad
HTTP GEThttp://dldir1.qq.com/invc/tt/QQBrowser_Setup_Hk_78656.exe
User-Agent: single
HTTP GEThttp://dldir1.qq.com/invc/tt/QQBrowser_Setup_Hk_78656.exe
User-Agent: DownLoad
HTTP GEThttp://dn-sars.qbox.me/srigtp_70577.exe
User-Agent: single
HTTP GEThttp://dn-sars.qbox.me/srigtp_70577.exe
User-Agent: DownLoad
HTTP GEThttp://down.071dt.com/bind/livedt_brqds_3.5.0_500dx.exe
User-Agent: single
HTTP GEThttp://down.071dt.com/bind/livedt_brqds_3.5.0_500dx.exe
User-Agent: DownLoad
HTTP GEThttp://w.x.baidu.com/go/full/2/30827
User-Agent: single
HTTP GEThttp://w.x.baidu.com/go/full/2/30827
User-Agent: DownLoad
HTTP GEThttp://down.wangshi116.com/bind/desk_noteu_2014.8.6._106sx.exe
User-Agent: single
HTTP GEThttp://down.wangshi116.com/bind/desk_noteu_2014.8.6._106sx.exe
User-Agent: DownLoad
HTTP GEThttp://download.uusee.com/pop/down_new.php?u=kb1003&c=169339&d=0
User-Agent: single
HTTP GEThttp://download.uusee.com/pop/down_new.php?u=kb1003&c=169339&d=0
User-Agent: DownLoad
HTTP GEThttp://dlied6.qq.com/invc/xfspeed/qqpcmgr/download/QQPCDownload45016.exe
User-Agent: single
HTTP GEThttp://dlied6.qq.com/invc/xfspeed/qqpcmgr/download/QQPCDownload45016.exe
User-Agent: DownLoad
Flows TCP192.168.1.1:1031 ➝ 8.37.235.6:80
Flows TCP192.168.1.1:1032 ➝ 8.37.235.6:80
Flows TCP192.168.1.1:1033 ➝ 222.186.130.208:80
Flows TCP192.168.1.1:1034 ➝ 222.186.130.208:80
Flows TCP192.168.1.1:1035 ➝ 123.125.114.82:80
Flows TCP192.168.1.1:1036 ➝ 123.125.114.82:80
Flows TCP192.168.1.1:1037 ➝ 8.37.235.5:80
Flows TCP192.168.1.1:1038 ➝ 8.37.235.5:80
Flows TCP192.168.1.1:1039 ➝ 27.221.34.110:80
Flows TCP192.168.1.1:1040 ➝ 27.221.34.110:80
Flows TCP192.168.1.1:1041 ➝ 122.226.95.75:80
Flows TCP192.168.1.1:1042 ➝ 122.226.95.75:80
Flows TCP192.168.1.1:1043 ➝ 61.147.108.121:80
Flows TCP192.168.1.1:1044 ➝ 61.147.108.121:80
Flows TCP192.168.1.1:1045 ➝ 8.37.235.3:80
Flows TCP192.168.1.1:1046 ➝ 8.37.235.3:80
Flows TCP192.168.1.1:1047 ➝ 218.75.110.13:80
Flows TCP192.168.1.1:1048 ➝ 218.75.110.13:80
Flows TCP192.168.1.1:1049 ➝ 174.35.56.247:80
Flows TCP192.168.1.1:1050 ➝ 174.35.56.247:80
Flows TCP192.168.1.1:1051 ➝ 183.136.139.12:80
Flows TCP192.168.1.1:1052 ➝ 183.136.139.12:80
Flows TCP192.168.1.1:1053 ➝ 115.239.225.128:80
Flows TCP192.168.1.1:1054 ➝ 115.239.225.128:80
Flows TCP192.168.1.1:1055 ➝ 123.125.65.175:80
Flows TCP192.168.1.1:1056 ➝ 123.125.65.175:80
Flows TCP192.168.1.1:1057 ➝ 115.239.225.128:80
Flows TCP192.168.1.1:1058 ➝ 115.239.225.128:80
Flows TCP192.168.1.1:1059 ➝ 124.228.254.28:80
Flows TCP192.168.1.1:1060 ➝ 124.228.254.28:80
Flows TCP192.168.1.1:1061 ➝ 183.61.46.140:80
Flows TCP192.168.1.1:1062 ➝ 183.61.46.140:80

Raw Pcap
0x00000000 (00000)   47455420 2f736565 5f333139 362e6578   GET /see_3196.ex
0x00000010 (00016)   65204854 54502f31 2e310d0a 55736572   e HTTP/1.1..User
0x00000020 (00032)   2d416765 6e743a20 446f776e 4c6f6164   -Agent: DownLoad
0x00000030 (00048)   0d0a486f 73743a20 616d7369 2e71696e   ..Host: amsi.qin
0x00000040 (00064)   6975646e 2e636f6d 0d0a4361 6368652d   iudn.com..Cache-
0x00000050 (00080)   436f6e74 726f6c3a 206e6f2d 63616368   Control: no-cach
0x00000060 (00096)   650d0a0d 0a                           e....

0x00000000 (00000)   47455420 2f736565 5f333139 362e6578   GET /see_3196.ex
0x00000010 (00016)   65204854 54502f31 2e310d0a 55736572   e HTTP/1.1..User
0x00000020 (00032)   2d416765 6e743a20 73696e67 6c650d0a   -Agent: single..
0x00000030 (00048)   486f7374 3a20616d 73692e71 696e6975   Host: amsi.qiniu
0x00000040 (00064)   646e2e63 6f6d0d0a 43616368 652d436f   dn.com..Cache-Co
0x00000050 (00080)   6e74726f 6c3a206e 6f2d6361 6368650d   ntrol: no-cache.
0x00000060 (00096)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f646f77 6e6c6f61 642f7169   GET /download/qi
0x00000010 (00016)   7169626f 785f3130 31362e65 78652048   qibox_1016.exe H
0x00000020 (00032)   5454502f 312e310d 0a557365 722d4167   TTP/1.1..User-Ag
0x00000030 (00048)   656e743a 20446f77 6e4c6f61 640d0a48   ent: DownLoad..H
0x00000040 (00064)   6f73743a 20646c2e 62616475 71712e63   ost: dl.baduqq.c
0x00000050 (00080)   6f6d0d0a 43616368 652d436f 6e74726f   om..Cache-Contro
0x00000060 (00096)   6c3a206e 6f2d6361 6368650d 0a0d0a     l: no-cache....

0x00000000 (00000)   47455420 2f646f77 6e6c6f61 642f7169   GET /download/qi
0x00000010 (00016)   7169626f 785f3130 31362e65 78652048   qibox_1016.exe H
0x00000020 (00032)   5454502f 312e310d 0a557365 722d4167   TTP/1.1..User-Ag
0x00000030 (00048)   656e743a 2073696e 676c650d 0a486f73   ent: single..Hos
0x00000040 (00064)   743a2064 6c2e6261 64757171 2e636f6d   t: dl.baduqq.com
0x00000050 (00080)   0d0a4361 6368652d 436f6e74 726f6c3a   ..Cache-Control:
0x00000060 (00096)   206e6f2d 63616368 650d0a0d 0a          no-cache....

0x00000000 (00000)   47455420 2f626169 6475616e 2f343433   GET /baiduan/443
0x00000010 (00016)   38312e65 78652048 5454502f 312e310d   81.exe HTTP/1.1.
0x00000020 (00032)   0a557365 722d4167 656e743a 20446f77   .User-Agent: Dow
0x00000030 (00048)   6e4c6f61 640d0a48 6f73743a 20626373   nLoad..Host: bcs
0x00000040 (00064)   2e647561 70702e63 6f6d0d0a 43616368   .duapp.com..Cach
0x00000050 (00080)   652d436f 6e74726f 6c3a206e 6f2d6361   e-Control: no-ca
0x00000060 (00096)   6368650d 0a0d0a                       che....

0x00000000 (00000)   47455420 2f626169 6475616e 2f343433   GET /baiduan/443
0x00000010 (00016)   38312e65 78652048 5454502f 312e310d   81.exe HTTP/1.1.
0x00000020 (00032)   0a557365 722d4167 656e743a 2073696e   .User-Agent: sin
0x00000030 (00048)   676c650d 0a486f73 743a2062 63732e64   gle..Host: bcs.d
0x00000040 (00064)   75617070 2e636f6d 0d0a4361 6368652d   uapp.com..Cache-
0x00000050 (00080)   436f6e74 726f6c3a 206e6f2d 63616368   Control: no-cach
0x00000060 (00096)   650d0a0d 0a616368 650d0a0d 0a         e....ache....

0x00000000 (00000)   47455420 2f666763 6e5f3130 32303939   GET /fgcn_102099
0x00000010 (00016)   2e657865 20485454 502f312e 310d0a55   .exe HTTP/1.1..U
0x00000020 (00032)   7365722d 4167656e 743a2044 6f776e4c   ser-Agent: DownL
0x00000030 (00048)   6f61640d 0a486f73 743a2063 6e6d642e   oad..Host: cnmd.
0x00000040 (00064)   71696e69 75646e2e 636f6d0d 0a436163   qiniudn.com..Cac
0x00000050 (00080)   68652d43 6f6e7472 6f6c3a20 6e6f2d63   he-Control: no-c
0x00000060 (00096)   61636865 0d0a0d0a 80457801            ache.....Ex.

0x00000000 (00000)   47455420 2f666763 6e5f3130 32303939   GET /fgcn_102099
0x00000010 (00016)   2e657865 20485454 502f312e 310d0a55   .exe HTTP/1.1..U
0x00000020 (00032)   7365722d 4167656e 743a2073 696e676c   ser-Agent: singl
0x00000030 (00048)   650d0a48 6f73743a 20636e6d 642e7169   e..Host: cnmd.qi
0x00000040 (00064)   6e697564 6e2e636f 6d0d0a43 61636865   niudn.com..Cache
0x00000050 (00080)   2d436f6e 74726f6c 3a206e6f 2d636163   -Control: no-cac
0x00000060 (00096)   68650d0a 0d0a6368 650d0a0d 0a         he....che....

0x00000000 (00000)   47455420 2f637a5f 3436312e 65786520   GET /cz_461.exe 
0x00000010 (00016)   48545450 2f312e31 0d0a5573 65722d41   HTTP/1.1..User-A
0x00000020 (00032)   67656e74 3a20446f 776e4c6f 61640d0a   gent: DownLoad..
0x00000030 (00048)   486f7374 3a20696d 67322e63 68697a61   Host: img2.chiza
0x00000040 (00064)   6f2e636f 6d0d0a43 61636865 2d436f6e   o.com..Cache-Con
0x00000050 (00080)   74726f6c 3a206e6f 2d636163 68650d0a   trol: no-cache..
0x00000060 (00096)   0d0a7701                              ..w.

0x00000000 (00000)   47455420 2f637a5f 3436312e 65786520   GET /cz_461.exe 
0x00000010 (00016)   48545450 2f312e31 0d0a5573 65722d41   HTTP/1.1..User-A
0x00000020 (00032)   67656e74 3a207369 6e676c65 0d0a486f   gent: single..Ho
0x00000030 (00048)   73743a20 696d6732 2e636869 7a616f2e   st: img2.chizao.
0x00000040 (00064)   636f6d0d 0a436163 68652d43 6f6e7472   com..Cache-Contr
0x00000050 (00080)   6f6c3a20 6e6f2d63 61636865 0d0a0d0a   ol: no-cache....
0x00000060 (00096)   68650d0a 0d0a6368 650d0a0d 0a         he....che....

0x00000000 (00000)   47455420 2f69636c 6b2f3f7a 6f6e6569   GET /iclk/?zonei
0x00000010 (00016)   643d3135 35323338 26756964 3d333233   d=155238&uid=323
0x00000020 (00032)   38372048 5454502f 312e310d 0a557365   87 HTTP/1.1..Use
0x00000030 (00048)   722d4167 656e743a 20446f77 6e4c6f61   r-Agent: DownLoa
0x00000040 (00064)   640d0a48 6f73743a 20626569 332e3839   d..Host: bei3.89
0x00000050 (00080)   31306164 2e636f6d 0d0a4361 6368652d   10ad.com..Cache-
0x00000060 (00096)   436f6e74 726f6c3a 206e6f2d 63616368   Control: no-cach
0x00000070 (00112)   650d0a0d 0a                           e....

0x00000000 (00000)   47455420 2f69636c 6b2f3f7a 6f6e6569   GET /iclk/?zonei
0x00000010 (00016)   643d3135 35323338 26756964 3d333233   d=155238&uid=323
0x00000020 (00032)   38372048 5454502f 312e310d 0a557365   87 HTTP/1.1..Use
0x00000030 (00048)   722d4167 656e743a 2073696e 676c650d   r-Agent: single.
0x00000040 (00064)   0a486f73 743a2062 6569332e 38393130   .Host: bei3.8910
0x00000050 (00080)   61642e63 6f6d0d0a 43616368 652d436f   ad.com..Cache-Co
0x00000060 (00096)   6e74726f 6c3a206e 6f2d6361 6368650d   ntrol: no-cache.
0x00000070 (00112)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f736574 75707362 646d2d68   GET /setupsbdm-h
0x00000010 (00016)   682d3335 33312e65 78652048 5454502f   h-3531.exe HTTP/
0x00000020 (00032)   312e310d 0a557365 722d4167 656e743a   1.1..User-Agent:
0x00000030 (00048)   20446f77 6e4c6f61 640d0a48 6f73743a    DownLoad..Host:
0x00000040 (00064)   20642e6a 64747133 36352e63 6f6d0d0a    d.jdtq365.com..
0x00000050 (00080)   43616368 652d436f 6e74726f 6c3a206e   Cache-Control: n
0x00000060 (00096)   6f2d6361 6368650d 0a0d0a              o-cache....

0x00000000 (00000)   47455420 2f736574 75707362 646d2d68   GET /setupsbdm-h
0x00000010 (00016)   682d3335 33312e65 78652048 5454502f   h-3531.exe HTTP/
0x00000020 (00032)   312e310d 0a557365 722d4167 656e743a   1.1..User-Agent:
0x00000030 (00048)   2073696e 676c650d 0a486f73 743a2064    single..Host: d
0x00000040 (00064)   2e6a6474 71333635 2e636f6d 0d0a4361   .jdtq365.com..Ca
0x00000050 (00080)   6368652d 436f6e74 726f6c3a 206e6f2d   che-Control: no-
0x00000060 (00096)   63616368 650d0a0d 0a2d6361 6368650d   cache....-cache.
0x00000070 (00112)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f696e73 74616c6c 31353835   GET /install1585
0x00000010 (00016)   30393525 32302e65 78652048 5454502f   095%20.exe HTTP/
0x00000020 (00032)   312e310d 0a557365 722d4167 656e743a   1.1..User-Agent:
0x00000030 (00048)   20446f77 6e4c6f61 640d0a48 6f73743a    DownLoad..Host:
0x00000040 (00064)   20776f73 6869776f 2e71696e 6975646e    woshiwo.qiniudn
0x00000050 (00080)   2e636f6d 0d0a4361 6368652d 436f6e74   .com..Cache-Cont
0x00000060 (00096)   726f6c3a 206e6f2d 63616368 650d0a0d   rol: no-cache...
0x00000070 (00112)   0aee6685 957f                         ..f...

0x00000000 (00000)   47455420 2f696e73 74616c6c 31353835   GET /install1585
0x00000010 (00016)   30393525 32302e65 78652048 5454502f   095%20.exe HTTP/
0x00000020 (00032)   312e310d 0a557365 722d4167 656e743a   1.1..User-Agent:
0x00000030 (00048)   2073696e 676c650d 0a486f73 743a2077    single..Host: w
0x00000040 (00064)   6f736869 776f2e71 696e6975 646e2e63   oshiwo.qiniudn.c
0x00000050 (00080)   6f6d0d0a 43616368 652d436f 6e74726f   om..Cache-Contro
0x00000060 (00096)   6c3a206e 6f2d6361 6368650d 0a0d0a0d   l: no-cache.....
0x00000070 (00112)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f696e70 75742f6a 67696d65   GET /input/jgime
0x00000010 (00016)   73696465 5f796c6c 6d5f3130 352e6578   side_yllm_105.ex
0x00000020 (00032)   65204854 54502f31 2e310d0a 55736572   e HTTP/1.1..User
0x00000030 (00048)   2d416765 6e743a20 446f776e 4c6f6164   -Agent: DownLoad
0x00000040 (00064)   0d0a486f 73743a20 646f776e 2e776169   ..Host: down.wai
0x00000050 (00080)   736f6e67 382e636f 6d0d0a43 61636865   song8.com..Cache
0x00000060 (00096)   2d436f6e 74726f6c 3a206e6f 2d636163   -Control: no-cac
0x00000070 (00112)   68650d0a 0d0a                         he....

0x00000000 (00000)   47455420 2f696e70 75742f6a 67696d65   GET /input/jgime
0x00000010 (00016)   73696465 5f796c6c 6d5f3130 352e6578   side_yllm_105.ex
0x00000020 (00032)   65204854 54502f31 2e310d0a 55736572   e HTTP/1.1..User
0x00000030 (00048)   2d416765 6e743a20 73696e67 6c650d0a   -Agent: single..
0x00000040 (00064)   486f7374 3a20646f 776e2e77 6169736f   Host: down.waiso
0x00000050 (00080)   6e67382e 636f6d0d 0a436163 68652d43   ng8.com..Cache-C
0x00000060 (00096)   6f6e7472 6f6c3a20 6e6f2d63 61636865   ontrol: no-cache
0x00000070 (00112)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f696e76 632f7474 2f515142   GET /invc/tt/QQB
0x00000010 (00016)   726f7773 65725f53 65747570 5f486b5f   rowser_Setup_Hk_
0x00000020 (00032)   37383635 362e6578 65204854 54502f31   78656.exe HTTP/1
0x00000030 (00048)   2e310d0a 55736572 2d416765 6e743a20   .1..User-Agent: 
0x00000040 (00064)   446f776e 4c6f6164 0d0a486f 73743a20   DownLoad..Host: 
0x00000050 (00080)   646c6469 72312e71 712e636f 6d0d0a43   dldir1.qq.com..C
0x00000060 (00096)   61636865 2d436f6e 74726f6c 3a206e6f   ache-Control: no
0x00000070 (00112)   2d636163 68650d0a 0d0aa001            -cache......

0x00000000 (00000)   47455420 2f696e76 632f7474 2f515142   GET /invc/tt/QQB
0x00000010 (00016)   726f7773 65725f53 65747570 5f486b5f   rowser_Setup_Hk_
0x00000020 (00032)   37383635 362e6578 65204854 54502f31   78656.exe HTTP/1
0x00000030 (00048)   2e310d0a 55736572 2d416765 6e743a20   .1..User-Agent: 
0x00000040 (00064)   73696e67 6c650d0a 486f7374 3a20646c   single..Host: dl
0x00000050 (00080)   64697231 2e71712e 636f6d0d 0a436163   dir1.qq.com..Cac
0x00000060 (00096)   68652d43 6f6e7472 6f6c3a20 6e6f2d63   he-Control: no-c
0x00000070 (00112)   61636865 0d0a0d0a                     ache....

0x00000000 (00000)   47455420 2f737269 6774705f 37303537   GET /srigtp_7057
0x00000010 (00016)   372e6578 65204854 54502f31 2e310d0a   7.exe HTTP/1.1..
0x00000020 (00032)   55736572 2d416765 6e743a20 446f776e   User-Agent: Down
0x00000030 (00048)   4c6f6164 0d0a486f 73743a20 646e2d73   Load..Host: dn-s
0x00000040 (00064)   6172732e 71626f78 2e6d650d 0a436163   ars.qbox.me..Cac
0x00000050 (00080)   68652d43 6f6e7472 6f6c3a20 6e6f2d63   he-Control: no-c
0x00000060 (00096)   61636865 0d0a0d0a d8ee6685 957f       ache......f...

0x00000000 (00000)   47455420 2f737269 6774705f 37303537   GET /srigtp_7057
0x00000010 (00016)   372e6578 65204854 54502f31 2e310d0a   7.exe HTTP/1.1..
0x00000020 (00032)   55736572 2d416765 6e743a20 73696e67   User-Agent: sing
0x00000030 (00048)   6c650d0a 486f7374 3a20646e 2d736172   le..Host: dn-sar
0x00000040 (00064)   732e7162 6f782e6d 650d0a43 61636865   s.qbox.me..Cache
0x00000050 (00080)   2d436f6e 74726f6c 3a206e6f 2d636163   -Control: no-cac
0x00000060 (00096)   68650d0a 0d0a3132 332e3132 352e3131   he....123.125.11
0x00000070 (00112)   342e3832 3a38302c 382e3337 2e323335   4.82:80,8.37.235
0x00000080 (00128)   2e353a38 302c3237 2e323231 2e33342e   .5:80,27.221.34.
0x00000090 (00144)   3131303a 38302c31 32322e32 32362e39   110:80,122.226.9
0x000000a0 (00160)   352e3735 3a38302c 36312e31 34372e31   5.75:80,61.147.1
0x000000b0 (00176)   30382e31 32313a38 302c382e 33372e32   08.121:80,8.37.2
0x000000c0 (00192)   33352e33 3a38302c 3231382e 37352e31   35.3:80,218.75.1
0x000000d0 (00208)   31302e31 333a3830 2c313734 2e33352e   10.13:80,174.35.
0x000000e0 (00224)   35362e32 34373a38 302c3138 332e3133   56.247:80,183.13
0x000000f0 (00240)   362e3133 392e3132 3a38302c 7363616e   6.139.12:80,scan
0x00000100 (00256)   20747970 653a2053 594e                 type: SYN

0x00000000 (00000)   47455420 2f62696e 642f6c69 76656474   GET /bind/livedt
0x00000010 (00016)   5f627271 64735f33 2e352e30 5f353030   _brqds_3.5.0_500
0x00000020 (00032)   64782e65 78652048 5454502f 312e310d   dx.exe HTTP/1.1.
0x00000030 (00048)   0a557365 722d4167 656e743a 20446f77   .User-Agent: Dow
0x00000040 (00064)   6e4c6f61 640d0a48 6f73743a 20646f77   nLoad..Host: dow
0x00000050 (00080)   6e2e3037 3164742e 636f6d0d 0a436163   n.071dt.com..Cac
0x00000060 (00096)   68652d43 6f6e7472 6f6c3a20 6e6f2d63   he-Control: no-c
0x00000070 (00112)   61636865 0d0a0d0a 3a34303a 33352047   ache....:40:35 G
0x00000080 (00128)   4d540d0a 0d0a3c68 746d6c3e 0a20203c   MT....<html>.  <
0x00000090 (00144)   68656164 3e0a2020 20203c74 69746c65   head>.    <title
0x000000a0 (00160)   3e343034 204e6f74 20466f75 6e643c2f   >404 Not Found</
0x000000b0 (00176)   7469746c 653e0a20 203c2f68 6561643e   title>.  </head>
0x000000c0 (00192)   0a20203c 626f6479 3e0a2020 20203c68   .  <body>.    <h
0x000000d0 (00208)   313e4e6f 7420466f 756e643c 2f68313e   1>Not Found</h1>
0x000000e0 (00224)   0a202020 203c703e 596f7572 2062726f   .    <p>Your bro
0x000000f0 (00240)   77736572 2073656e 74206120 72657175   wser sent a requ
0x00000100 (00256)   65737420 74686174 20746869 73207365   est that this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   47455420 2f62696e 642f6c69 76656474   GET /bind/livedt
0x00000010 (00016)   5f627271 64735f33 2e352e30 5f353030   _brqds_3.5.0_500
0x00000020 (00032)   64782e65 78652048 5454502f 312e310d   dx.exe HTTP/1.1.
0x00000030 (00048)   0a557365 722d4167 656e743a 2073696e   .User-Agent: sin
0x00000040 (00064)   676c650d 0a486f73 743a2064 6f776e2e   gle..Host: down.
0x00000050 (00080)   30373164 742e636f 6d0d0a43 61636865   071dt.com..Cache
0x00000060 (00096)   2d436f6e 74726f6c 3a206e6f 2d636163   -Control: no-cac
0x00000070 (00112)   68650d0a 0d0a302c 382e3337 2e323335   he....0,8.37.235
0x00000080 (00128)   2e353a38 302c3237 2e323231 2e33342e   .5:80,27.221.34.
0x00000090 (00144)   3131303a 38302c31 32322e32 32362e39   110:80,122.226.9
0x000000a0 (00160)   352e3735 3a38302c 36312e31 34372e31   5.75:80,61.147.1
0x000000b0 (00176)   30382e31 32313a38 302c382e 33372e32   08.121:80,8.37.2
0x000000c0 (00192)   33352e33 3a38302c 3231382e 37352e31   35.3:80,218.75.1
0x000000d0 (00208)   31302e31 333a3830 2c313734 2e33352e   10.13:80,174.35.
0x000000e0 (00224)   35362e32 34373a38 302c3138 332e3133   56.247:80,183.13
0x000000f0 (00240)   362e3133 392e3132 3a38302c 7363616e   6.139.12:80,scan
0x00000100 (00256)   20747970 653a2053 594e                 type: SYN

0x00000000 (00000)   47455420 2f676f2f 66756c6c 2f322f33   GET /go/full/2/3
0x00000010 (00016)   30383237 20485454 502f312e 310d0a55   0827 HTTP/1.1..U
0x00000020 (00032)   7365722d 4167656e 743a2044 6f776e4c   ser-Agent: DownL
0x00000030 (00048)   6f61640d 0a486f73 743a2077 2e782e62   oad..Host: w.x.b
0x00000040 (00064)   61696475 2e636f6d 0d0a4361 6368652d   aidu.com..Cache-
0x00000050 (00080)   436f6e74 726f6c3a 206e6f2d 63616368   Control: no-cach
0x00000060 (00096)   650d0a0d 0a                           e....

0x00000000 (00000)   47455420 2f676f2f 66756c6c 2f322f33   GET /go/full/2/3
0x00000010 (00016)   30383237 20485454 502f312e 310d0a55   0827 HTTP/1.1..U
0x00000020 (00032)   7365722d 4167656e 743a2073 696e676c   ser-Agent: singl
0x00000030 (00048)   650d0a48 6f73743a 20772e78 2e626169   e..Host: w.x.bai
0x00000040 (00064)   64752e63 6f6d0d0a 43616368 652d436f   du.com..Cache-Co
0x00000050 (00080)   6e74726f 6c3a206e 6f2d6361 6368650d   ntrol: no-cache.
0x00000060 (00096)   0a0d0a3a 20536174 2c203131 204f6374   ...: Sat, 11 Oct
0x00000070 (00112)   20323031 34203232 3a34303a 33392047    2014 22:40:39 G
0x00000080 (00128)   4d540d0a 0d0a3c68 746d6c3e 0a20203c   MT....<html>.  <
0x00000090 (00144)   68656164 3e0a2020 20203c74 69746c65   head>.    <title
0x000000a0 (00160)   3e343034 204e6f74 20466f75 6e643c2f   >404 Not Found</
0x000000b0 (00176)   7469746c 653e0a20 203c2f68 6561643e   title>.  </head>
0x000000c0 (00192)   0a20203c 626f6479 3e0a2020 20203c68   .  <body>.    <h
0x000000d0 (00208)   313e4e6f 7420466f 756e643c 2f68313e   1>Not Found</h1>
0x000000e0 (00224)   0a202020 203c703e 596f7572 2062726f   .    <p>Your bro
0x000000f0 (00240)   77736572 2073656e 74206120 72657175   wser sent a requ
0x00000100 (00256)   65737420 74686174 20746869 73207365   est that this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   47455420 2f62696e 642f6465 736b5f6e   GET /bind/desk_n
0x00000010 (00016)   6f746575 5f323031 342e382e 362e5f31   oteu_2014.8.6._1
0x00000020 (00032)   30367378 2e657865 20485454 502f312e   06sx.exe HTTP/1.
0x00000030 (00048)   310d0a55 7365722d 4167656e 743a2044   1..User-Agent: D
0x00000040 (00064)   6f776e4c 6f61640d 0a486f73 743a2064   ownLoad..Host: d
0x00000050 (00080)   6f776e2e 77616e67 73686931 31362e63   own.wangshi116.c
0x00000060 (00096)   6f6d0d0a 43616368 652d436f 6e74726f   om..Cache-Contro
0x00000070 (00112)   6c3a206e 6f2d6361 6368650d 0a0d0a47   l: no-cache....G
0x00000080 (00128)   4d540d0a 0d0a3c68 746d6c3e 0a20203c   MT....<html>.  <
0x00000090 (00144)   68656164 3e0a2020 20203c74 69746c65   head>.    <title
0x000000a0 (00160)   3e343034 204e6f74 20466f75 6e643c2f   >404 Not Found</
0x000000b0 (00176)   7469746c 653e0a20 203c2f68 6561643e   title>.  </head>
0x000000c0 (00192)   0a20203c 626f6479 3e0a2020 20203c68   .  <body>.    <h
0x000000d0 (00208)   313e4e6f 7420466f 756e643c 2f68313e   1>Not Found</h1>
0x000000e0 (00224)   0a202020 203c703e 596f7572 2062726f   .    <p>Your bro
0x000000f0 (00240)   77736572 2073656e 74206120 72657175   wser sent a requ
0x00000100 (00256)   65737420 74686174 20746869 73207365   est that this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   47455420 2f62696e 642f6465 736b5f6e   GET /bind/desk_n
0x00000010 (00016)   6f746575 5f323031 342e382e 362e5f31   oteu_2014.8.6._1
0x00000020 (00032)   30367378 2e657865 20485454 502f312e   06sx.exe HTTP/1.
0x00000030 (00048)   310d0a55 7365722d 4167656e 743a2073   1..User-Agent: s
0x00000040 (00064)   696e676c 650d0a48 6f73743a 20646f77   ingle..Host: dow
0x00000050 (00080)   6e2e7761 6e677368 69313136 2e636f6d   n.wangshi116.com
0x00000060 (00096)   0d0a4361 6368652d 436f6e74 726f6c3a   ..Cache-Control:
0x00000070 (00112)   206e6f2d 63616368 650d0a0d 0a392047    no-cache....9 G
0x00000080 (00128)   4d540d0a 0d0a3c68 746d6c3e 0a20203c   MT....<html>.  <
0x00000090 (00144)   68656164 3e0a2020 20203c74 69746c65   head>.    <title
0x000000a0 (00160)   3e343034 204e6f74 20466f75 6e643c2f   >404 Not Found</
0x000000b0 (00176)   7469746c 653e0a20 203c2f68 6561643e   title>.  </head>
0x000000c0 (00192)   0a20203c 626f6479 3e0a2020 20203c68   .  <body>.    <h
0x000000d0 (00208)   313e4e6f 7420466f 756e643c 2f68313e   1>Not Found</h1>
0x000000e0 (00224)   0a202020 203c703e 596f7572 2062726f   .    <p>Your bro
0x000000f0 (00240)   77736572 2073656e 74206120 72657175   wser sent a requ
0x00000100 (00256)   65737420 74686174 20746869 73207365   est that this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   a001                                  ..

0x00000000 (00000)   47455420 2f706f70 2f646f77 6e5f6e65   GET /pop/down_ne
0x00000010 (00016)   772e7068 703f753d 6b623130 30332663   w.php?u=kb1003&c
0x00000020 (00032)   3d313639 33333926 643d3020 48545450   =169339&d=0 HTTP
0x00000030 (00048)   2f312e31 0d0a5573 65722d41 67656e74   /1.1..User-Agent
0x00000040 (00064)   3a20446f 776e4c6f 61640d0a 486f7374   : DownLoad..Host
0x00000050 (00080)   3a20646f 776e6c6f 61642e75 75736565   : download.uusee
0x00000060 (00096)   2e636f6d 0d0a4361 6368652d 436f6e74   .com..Cache-Cont
0x00000070 (00112)   726f6c3a 206e6f2d 63616368 650d0a0d   rol: no-cache...
0x00000080 (00128)   0a540d0a 0d0a3c68 746d6c3e 0a20203c   .T....<html>.  <
0x00000090 (00144)   68656164 3e0a2020 20203c74 69746c65   head>.    <title
0x000000a0 (00160)   3e343034 204e6f74 20466f75 6e643c2f   >404 Not Found</
0x000000b0 (00176)   7469746c 653e0a20 203c2f68 6561643e   title>.  </head>
0x000000c0 (00192)   0a20203c 626f6479 3e0a2020 20203c68   .  <body>.    <h
0x000000d0 (00208)   313e4e6f 7420466f 756e643c 2f68313e   1>Not Found</h1>
0x000000e0 (00224)   0a202020 203c703e 596f7572 2062726f   .    <p>Your bro
0x000000f0 (00240)   77736572 2073656e 74206120 72657175   wser sent a requ
0x00000100 (00256)   65737420 74686174 20746869 73207365   est that this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   c021                                  .!

0x00000000 (00000)   47455420 2f706f70 2f646f77 6e5f6e65   GET /pop/down_ne
0x00000010 (00016)   772e7068 703f753d 6b623130 30332663   w.php?u=kb1003&c
0x00000020 (00032)   3d313639 33333926 643d3020 48545450   =169339&d=0 HTTP
0x00000030 (00048)   2f312e31 0d0a5573 65722d41 67656e74   /1.1..User-Agent
0x00000040 (00064)   3a207369 6e676c65 0d0a486f 73743a20   : single..Host: 
0x00000050 (00080)   646f776e 6c6f6164 2e757573 65652e63   download.uusee.c
0x00000060 (00096)   6f6d0d0a 43616368 652d436f 6e74726f   om..Cache-Contro
0x00000070 (00112)   6c3a206e 6f2d6361 6368650d 0a0d0a47   l: no-cache....G
0x00000080 (00128)   4d540d0a 0d0a3c68 746d6c3e 0a20203c   MT....<html>.  <
0x00000090 (00144)   68656164 3e0a2020 20203c74 69746c65   head>.    <title
0x000000a0 (00160)   3e343034 204e6f74 20466f75 6e643c2f   >404 Not Found</
0x000000b0 (00176)   7469746c 653e0a20 203c2f68 6561643e   title>.  </head>
0x000000c0 (00192)   0a20203c 626f6479 3e0a2020 20203c68   .  <body>.    <h
0x000000d0 (00208)   313e4e6f 7420466f 756e643c 2f68313e   1>Not Found</h1>
0x000000e0 (00224)   0a202020 203c703e 596f7572 2062726f   .    <p>Your bro
0x000000f0 (00240)   77736572 2073656e 74206120 72657175   wser sent a requ
0x00000100 (00256)   65737420 74686174 20746869 73207365   est that this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   47455420 2f696e76 632f7866 73706565   GET /invc/xfspee
0x00000010 (00016)   642f7171 70636d67 722f646f 776e6c6f   d/qqpcmgr/downlo
0x00000020 (00032)   61642f51 51504344 6f776e6c 6f616434   ad/QQPCDownload4
0x00000030 (00048)   35303136 2e657865 20485454 502f312e   5016.exe HTTP/1.
0x00000040 (00064)   310d0a55 7365722d 4167656e 743a2044   1..User-Agent: D
0x00000050 (00080)   6f776e4c 6f61640d 0a486f73 743a2064   ownLoad..Host: d
0x00000060 (00096)   6c696564 362e7171 2e636f6d 0d0a4361   lied6.qq.com..Ca
0x00000070 (00112)   6368652d 436f6e74 726f6c3a 206e6f2d   che-Control: no-
0x00000080 (00128)   63616368 650d0a0d 0a306134 38366620   cache....0a486f 
0x00000090 (00144)   37333734 33613230 2020203a 2073696e   73743a20   : sin
0x000000a0 (00160)   676c652e 2e486f73 743a200a            gle..Host: .

0x00000000 (00000)   47455420 2f696e76 632f7866 73706565   GET /invc/xfspee
0x00000010 (00016)   642f7171 70636d67 722f646f 776e6c6f   d/qqpcmgr/downlo
0x00000020 (00032)   61642f51 51504344 6f776e6c 6f616434   ad/QQPCDownload4
0x00000030 (00048)   35303136 2e657865 20485454 502f312e   5016.exe HTTP/1.
0x00000040 (00064)   310d0a55 7365722d 4167656e 743a2073   1..User-Agent: s
0x00000050 (00080)   696e676c 650d0a48 6f73743a 20646c69   ingle..Host: dli
0x00000060 (00096)   6564362e 71712e63 6f6d0d0a 43616368   ed6.qq.com..Cach
0x00000070 (00112)   652d436f 6e74726f 6c3a206e 6f2d6361   e-Control: no-ca
0x00000080 (00128)   6368650d 0a0d0a68 746d6c3e 0a20203c   che....html>.  <
0x00000090 (00144)   68656164 3e0a2020 20203c74 69746c65   head>.    <title
0x000000a0 (00160)   3e343034 204e6f74 20466f75 6e643c2f   >404 Not Found</
0x000000b0 (00176)   7469746c 653e0a20 203c2f68 6561643e   title>.  </head>
0x000000c0 (00192)   0a20203c 626f6479 3e0a2020 20203c68   .  <body>.    <h
0x000000d0 (00208)   313e4e6f 7420466f 756e643c 2f68313e   1>Not Found</h1>
0x000000e0 (00224)   0a202020 203c703e 596f7572 2062726f   .    <p>Your bro
0x000000f0 (00240)   77736572 2073656e 74206120 72657175   wser sent a requ
0x00000100 (00256)   65737420 74686174 20746869 73207365   est that this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.


Strings
.
.

080404b0
1, 0, 0, 0
Comments
CompanyName
FileDescription
FileVersion
InternalName
,/KPip
LegalCopyright
LegalTrademarks
OriginalFilename
/ P6pL
/-P?pR
PrivateBuild
ProductName
ProductVersion
ReBoInstall.exe
SpecialBuild
StringFileInfo
Translation
VarFileInfo
VS_VERSION_INFO
`2TK:6
)8%$m|&
9l$\w_
"+A@/$
aZUOOUZ`
COMCTL32.dll
dFWvFGx
DgO k2
.)D$H)
D$t+D$\
D$t#D$h
ebk&KJ
eee-uroY
EndPaint
ERv=-c
ExitProcess
ffggvgfwwwx
gb^^bg
GetAdaptersInfo
GetProcAddress
Ggxxwwp
g\IQVY^g
gT>CEDNW^g
Gwwd@DFd
hCBZ]u
InitCommonControlsEx
InternetOpenW
iphlpapi.dll
JJO'cv
JK&lmg
K=C;3:JPS_
KERNEL32.DLL
LoadLibraryA
Lu%M+O
m6Xv!j
MSVCP60.dll
MSVCRT.dll
nkia___3bbb
PathFileExistsW
q&3cP['Mmv
	"(Q+*797YS)Q(M98;adrs
qDA<;a
QR#gxZ~
Rich0\
RLEuOLLPNNN*
RRR(QNNKTMHpIB:
SCwvjD
$)~s[)gp
SHELL32.dll
ShellExecuteW
SHLWAPI.dll
s`)L$4
!This program cannot be run in DOS mode.
t$t#t$l
)TVcc4
USER32.dll
VirtualAlloc
VirtualFree
VirtualProtect
WININET.dll
 \wvvw[
wvxwwg
XPTPSW
?_Xran@std@@YAXXZ
yQx:{W
yriPygP
YuLTz-