恶意软件分析 & URL链接扫描免费在线病毒分析平台

分析任务

分析类型	虚拟机标签	开始时间	结束时间	持续时间
文件 (Windows)	win7-sp1-x64-app02-3	2017-02-18 20:07:23	2017-02-18 20:10:24	181 秒

魔盾分数

10.0

危险的

文件详细信息

文件名	运行安装.exe
文件大小	1589248 字节
文件类型	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	a7935e987a3d420767fbc1f336660ef9
SHA1	c6cd1312a41298e9117622da68477615d103693e
SHA256	f39230476a250ada1332662327d1a20d4858ce45116461f77df664b29a440896
SHA512	6de4ae2e536f92b1a1ee44001ce0b00dc8e2453461fbad1eccb299af145fadfca5a06c2b12a44823c49cfd85426b54b7f6905185dde5a49025021066ff5b10cb
CRC32	BFE1CC36
Ssdeep	24576:6j9nly8uH1txITz383+4HcdCDtJdcVGb1MNLF2mNsd37:6i8IIPTuKVGBMOS
Yara	登录查看Yara规则
	样本下载提交误报

登录查看威胁特征

运行截图

访问主机纪录 (可点击查询WPING实时安全评级)

直接	IP	安全评级
否	58.215.145.188	中国
否	45.124.125.44	中国
否	42.120.219.93	中国
否	222.73.144.174	中国
否	222.73.134.43	中国
否	218.92.226.45	中国
否	14.29.32.170	中国
是	125.88.187.127	中国
否	125.132.149.154	韩国
否	123.207.116.58	中国
否	114.80.130.88	中国
否	104.18.54.118	美国

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
down.ku122.com	A 14.29.32.170
www.baiasp.com	A 222.73.144.174
m.hascosafety.com	A 123.207.116.58
dddddd.diaobanstudio.com
s22.cnzz.com	A 222.73.134.43 CNAME all.cnzz.com.danuoyi.tbcache.com A 58.215.145.188 A 222.73.134.44 CNAME c.cnzz.com
www.mnting101.com	A 104.18.54.118 CNAME xxzx.lgtxc888.com A 104.18.55.118
hzs1.cnzz.com	CNAME z.cnzz.com CNAME z1.cnzz.com CNAME z.gds.cnzz.com A 42.120.219.93
c.cnzz.com
abc.maikexunsh.com	CNAME 1stcncloudc.cloud.ourwebpic.com CNAME 8vienysjqaw4nh.wscloudcdn.com A 218.92.226.46 CNAME 5ec10409.cdn.ucloud.com.cn A 218.92.226.45
pv.sohu.com	A 114.80.130.88 CNAME f7sh.a.sohu.com A 114.80.130.89 CNAME gd.a.sohu.com A 114.80.130.91 A 114.80.130.90 A 114.80.130.93 A 114.80.130.92
cdns.xiuchang888.com	A 125.132.149.154
xyzabcrtmp.yjyc-ask.com	CNAME im5t4fufi82ige.wscloudcdn.com A 183.134.14.23 CNAME pulll0111.fmscachepull.ourdvs.com A 45.124.125.44 CNAME 1b19649b.rtmp.ucloud.com.cn A 45.124.125.33

摘要

登录查看详细行为信息

PE 信息

初始地址	0x00400000
入口地址	0x0046cd45
声明校验值	0x00000000
实际校验值	0x0018912e
最低操作系统版本要求	4.0
编译时间	2017-01-13 12:34:18
载入哈希	ec53593d2e4e3168994e49beb6185605
图标
图标精确哈希值	f67722e9f459b4da2d49f594b990887d
图标相似性哈希值	ba4a788107f8c9287ee8c71f4f78efaa

版本信息

LegalCopyright
FileVersion
CompanyName
Comments
ProductName
ProductVersion
FileDescription
Translation

PE 数据组成

名称	虚拟地址	虚拟大小	原始数据大小	特征	熵(Entropy)
.text	0x00001000	0x0008feb7	0x00090000	IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ	6.57
.rdata	0x00091000	0x000d8152	0x000d9000	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	5.85
.data	0x0016a000	0x00045408	0x00012000	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	5.46
.rsrc	0x001b0000	0x00007424	0x00008000	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	5.17

资源

名称	偏移量	大小	语言	子语言	熵(Entropy)	文件类型
TEXTINCLUDE	0x001b0bd0	0x00000151	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	5.25	C source, ASCII text, with CRLF line terminators
TEXTINCLUDE	0x001b0bd0	0x00000151	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	5.25	C source, ASCII text, with CRLF line terminators
TEXTINCLUDE	0x001b0bd0	0x00000151	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	5.25	C source, ASCII text, with CRLF line terminators
RT_CURSOR	0x001b10c0	0x000000b4	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.74	data
RT_CURSOR	0x001b10c0	0x000000b4	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.74	data
RT_CURSOR	0x001b10c0	0x000000b4	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.74	data
RT_CURSOR	0x001b10c0	0x000000b4	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.74	data
RT_BITMAP	0x001b2934	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_BITMAP	0x001b2934	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_BITMAP	0x001b2934	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_BITMAP	0x001b2934	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_BITMAP	0x001b2934	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_BITMAP	0x001b2934	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_BITMAP	0x001b2934	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_BITMAP	0x001b2934	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_BITMAP	0x001b2934	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_BITMAP	0x001b2934	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_BITMAP	0x001b2934	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_BITMAP	0x001b2934	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_BITMAP	0x001b2934	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_BITMAP	0x001b2934	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_BITMAP	0x001b2934	0x00000144	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.88	data
RT_ICON	0x001b2e88	0x000025a8	LANG_NEUTRAL	SUBLANG_NEUTRAL	6.44	data
RT_ICON	0x001b2e88	0x000025a8	LANG_NEUTRAL	SUBLANG_NEUTRAL	6.44	data
RT_ICON	0x001b2e88	0x000025a8	LANG_NEUTRAL	SUBLANG_NEUTRAL	6.44	data
RT_MENU	0x001b543c	0x00000284	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	4.28	data
RT_MENU	0x001b543c	0x00000284	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	4.28	data
RT_DIALOG	0x001b6684	0x0000018c	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.74	data
RT_DIALOG	0x001b6684	0x0000018c	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.74	data
RT_DIALOG	0x001b6684	0x0000018c	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.74	data
RT_DIALOG	0x001b6684	0x0000018c	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.74	data
RT_DIALOG	0x001b6684	0x0000018c	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.74	data
RT_DIALOG	0x001b6684	0x0000018c	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.74	data
RT_DIALOG	0x001b6684	0x0000018c	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.74	data
RT_DIALOG	0x001b6684	0x0000018c	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.74	data
RT_DIALOG	0x001b6684	0x0000018c	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.74	data
RT_DIALOG	0x001b6684	0x0000018c	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	3.74	data
RT_STRING	0x001b70cc	0x00000024	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0.90	data
RT_STRING	0x001b70cc	0x00000024	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0.90	data
RT_STRING	0x001b70cc	0x00000024	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0.90	data
RT_STRING	0x001b70cc	0x00000024	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0.90	data
RT_STRING	0x001b70cc	0x00000024	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0.90	data
RT_STRING	0x001b70cc	0x00000024	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0.90	data
RT_STRING	0x001b70cc	0x00000024	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0.90	data
RT_STRING	0x001b70cc	0x00000024	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0.90	data
RT_STRING	0x001b70cc	0x00000024	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0.90	data
RT_STRING	0x001b70cc	0x00000024	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0.90	data
RT_STRING	0x001b70cc	0x00000024	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	0.90	data
RT_GROUP_CURSOR	0x001b7118	0x00000022	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.25	MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR	0x001b7118	0x00000022	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.25	MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_CURSOR	0x001b7118	0x00000022	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.25	MS Windows cursor resource - 2 icons, 32x256, hotspot @1x1
RT_GROUP_ICON	0x001b7164	0x00000014	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.02	MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_GROUP_ICON	0x001b7164	0x00000014	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.02	MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_GROUP_ICON	0x001b7164	0x00000014	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	2.02	MS Windows icon resource - 1 icon, 16x16, 16 colors
RT_VERSION	0x001b7178	0x000002ac	LANG_CHINESE	SUBLANG_CHINESE_SIMPLIFIED	4.15	data

导入

库: RASAPI32.dll:

• 0x491404 RasHangUpA

• 0x491408 RasGetConnectStatusA

库: KERNEL32.dll:

• 0x491180 SetEndOfFile

• 0x491184 UnlockFile

• 0x491188 LockFile

• 0x49118c FlushFileBuffers

• 0x491190 SetFilePointer

• 0x491194 DuplicateHandle

• 0x491198 lstrcpynA

• 0x49119c FormatMessageA

• 0x4911a0 UnmapViewOfFile

• 0x4911a4 LocalFree

• 0x4911a8 CreateFileMappingA

• 0x4911ac MapViewOfFile

• 0x4911b0 SetLastError

• 0x4911b4 GetTimeZoneInformation

• 0x4911b8 FileTimeToSystemTime

• 0x4911bc TerminateThread

• 0x4911c0 WideCharToMultiByte

• 0x4911c4 MultiByteToWideChar

• 0x4911c8 GetCurrentProcess

• 0x4911cc GetWindowsDirectoryA

• 0x4911d0 GetSystemDirectoryA

• 0x4911d4 CreateSemaphoreA

• 0x4911d8 ResumeThread

• 0x4911dc ReleaseSemaphore

• 0x4911e0 EnterCriticalSection

• 0x4911e4 LeaveCriticalSection

• 0x4911e8 GetProfileStringA

• 0x4911ec IsBadCodePtr

• 0x4911f0 IsBadReadPtr

• 0x4911f4 InterlockedIncrement

• 0x4911f8 CompareStringA

• 0x4911fc SetUnhandledExceptionFilter

• 0x491200 GetStringTypeW

• 0x491204 GetStringTypeA

• 0x491208 IsBadWritePtr

• 0x49120c VirtualAlloc

• 0x491210 LCMapStringW

• 0x491214 LCMapStringA

• 0x491218 SetEnvironmentVariableA

• 0x49121c VirtualFree

• 0x491220 HeapCreate

• 0x491224 HeapDestroy

• 0x491228 GetEnvironmentVariableA

• 0x49122c GetStdHandle

• 0x491230 SetHandleCount

• 0x491234 GetEnvironmentStringsW

• 0x491238 GetEnvironmentStrings

• 0x49123c FreeEnvironmentStringsW

• 0x491240 FreeEnvironmentStringsA

• 0x491244 UnhandledExceptionFilter

• 0x491248 GetFileType

• 0x49124c SetStdHandle

• 0x491250 GetACP

• 0x491254 HeapSize

• 0x491258 RaiseException

• 0x49125c GetLocalTime

• 0x491260 WriteFile

• 0x491264 ReadFile

• 0x491268 GetLastError

• 0x49126c WaitForMultipleObjects

• 0x491270 CreateFileA

• 0x491274 SetEvent

• 0x491278 FindResourceA

• 0x49127c LoadResource

• 0x491280 LockResource

• 0x491284 GetModuleFileNameA

• 0x491288 GetCurrentThreadId

• 0x49128c ExitProcess

• 0x491290 GlobalSize

• 0x491294 GlobalFree

• 0x491298 DeleteCriticalSection

• 0x49129c InitializeCriticalSection

• 0x4912a0 lstrcatA

• 0x4912a4 WinExec

• 0x4912a8 lstrcpyA

• 0x4912ac FindNextFileA

• 0x4912b0 GlobalReAlloc

• 0x4912b4 HeapFree

• 0x4912b8 HeapReAlloc

• 0x4912bc GetProcessHeap

• 0x4912c0 HeapAlloc

• 0x4912c4 GetFullPathNameA

• 0x4912c8 FreeLibrary

• 0x4912cc LoadLibraryA

• 0x4912d0 lstrlenA

• 0x4912d4 GetVersionExA

• 0x4912d8 WritePrivateProfileStringA

• 0x4912dc CreateThread

• 0x4912e0 CreateEventA

• 0x4912e4 Sleep

• 0x4912e8 GlobalAlloc

• 0x4912ec GlobalLock

• 0x4912f0 GlobalUnlock

• 0x4912f4 GetTempPathA

• 0x4912f8 FindFirstFileA

• 0x4912fc FindClose

• 0x491300 GetFileAttributesA

• 0x491304 CreateDirectoryA

• 0x491308 SetCurrentDirectoryA

• 0x49130c GetVolumeInformationA

• 0x491310 GetModuleHandleA

• 0x491314 GetSystemTime

• 0x491318 TerminateProcess

• 0x49131c ExitThread

• 0x491320 RtlUnwind

• 0x491324 GetStartupInfoA

• 0x491328 GetOEMCP

• 0x49132c GetCPInfo

• 0x491330 GetProcessVersion

• 0x491334 SetErrorMode

• 0x491338 GlobalFlags

• 0x49133c GetCurrentThread

• 0x491340 GetFileTime

• 0x491344 GetFileSize

• 0x491348 TlsGetValue

• 0x49134c LocalReAlloc

• 0x491350 TlsSetValue

• 0x491354 TlsFree

• 0x491358 GlobalHandle

• 0x49135c TlsAlloc

• 0x491360 LocalAlloc

• 0x491364 lstrcmpA

• 0x491368 GetProcAddress

• 0x49136c MulDiv

• 0x491370 GetCommandLineA

• 0x491374 GetTickCount

• 0x491378 CreateProcessA

• 0x49137c WaitForSingleObject

• 0x491380 CloseHandle

• 0x491384 FileTimeToLocalFileTime

• 0x491388 InterlockedDecrement

• 0x49138c CompareStringW

• 0x491390 GetVersion

• 0x491394 GlobalGetAtomNameA

• 0x491398 GlobalAddAtomA

• 0x49139c GlobalFindAtomA

• 0x4913a0 GlobalDeleteAtom

• 0x4913a4 lstrcmpiA

• 0x4913a8 GetThreadLocale

库: USER32.dll:

• 0x491420 MessageBoxA

• 0x491424 MessageBeep

• 0x491428 SetWindowPos

• 0x49142c SendMessageA

• 0x491430 DestroyCursor

• 0x491434 SetParent

• 0x491438 IsWindow

• 0x49143c PostMessageA

• 0x491440 GetTopWindow

• 0x491444 GetParent

• 0x491448 GetFocus

• 0x49144c GetClientRect

• 0x491450 InvalidateRect

• 0x491454 ValidateRect

• 0x491458 UpdateWindow

• 0x49145c GetCursorPos

• 0x491460 GetSystemMetrics

• 0x491464 EqualRect

• 0x491468 GetWindowRect

• 0x49146c SetForegroundWindow

• 0x491470 DestroyMenu

• 0x491474 IsChild

• 0x491478 ReleaseDC

• 0x49147c IsRectEmpty

• 0x491480 FillRect

• 0x491484 GetDC

• 0x491488 SetCursor

• 0x49148c LoadCursorA

• 0x491490 SetCursorPos

• 0x491494 GetSysColor

• 0x491498 SetWindowLongA

• 0x49149c GetWindowLongA

• 0x4914a0 RedrawWindow

• 0x4914a4 EnableWindow

• 0x4914a8 IsWindowVisible

• 0x4914ac OffsetRect

• 0x4914b0 PtInRect

• 0x4914b4 DestroyIcon

• 0x4914b8 IntersectRect

• 0x4914bc SetRect

• 0x4914c0 InflateRect

• 0x4914c4 SetScrollPos

• 0x4914c8 SetScrollRange

• 0x4914cc GetScrollRange

• 0x4914d0 SetCapture

• 0x4914d4 GetCapture

• 0x4914d8 ReleaseCapture

• 0x4914dc SetTimer

• 0x4914e0 KillTimer

• 0x4914e4 WinHelpA

• 0x4914e8 LoadBitmapA

• 0x4914ec CopyRect

• 0x4914f0 ChildWindowFromPointEx

• 0x4914f4 ScreenToClient

• 0x4914f8 GetMessagePos

• 0x4914fc SetWindowRgn

• 0x491500 DestroyAcceleratorTable

• 0x491504 GetWindow

• 0x491508 GetActiveWindow

• 0x49150c SetFocus

• 0x491510 IsIconic

• 0x491514 PeekMessageA

• 0x491518 SetMenu

• 0x49151c GetMenu

• 0x491520 EmptyClipboard

• 0x491524 SetClipboardData

• 0x491528 OpenClipboard

• 0x49152c GetClipboardData

• 0x491530 CloseClipboard

• 0x491534 wsprintfA

• 0x491538 WaitForInputIdle

• 0x49153c SetActiveWindow

• 0x491540 GetLastActivePopup

• 0x491544 DefWindowProcA

• 0x491548 GetClassInfoA

• 0x49154c DeleteMenu

• 0x491550 GetSystemMenu

• 0x491554 PostThreadMessageA

• 0x491558 GetNextDlgGroupItem

• 0x49155c GetSysColorBrush

• 0x491560 LoadStringA

• 0x491564 MapDialogRect

• 0x491568 SetWindowContextHelpId

• 0x49156c CharNextA

• 0x491570 GetDesktopWindow

• 0x491574 GetClassNameA

• 0x491578 GetMenuCheckMarkDimensions

• 0x49157c GetMenuState

• 0x491580 SetMenuItemBitmaps

• 0x491584 CheckMenuItem

• 0x491588 MoveWindow

• 0x49158c IsDialogMessageA

• 0x491590 ScrollWindowEx

• 0x491594 SetWindowTextA

• 0x491598 GetForegroundWindow

• 0x49159c SystemParametersInfoA

• 0x4915a0 TranslateMessage

• 0x4915a4 LoadIconA

• 0x4915a8 DrawFrameControl

• 0x4915ac DrawEdge

• 0x4915b0 DrawFocusRect

• 0x4915b4 WindowFromPoint

• 0x4915b8 GetMessageA

• 0x4915bc DispatchMessageA

• 0x4915c0 SetRectEmpty

• 0x4915c4 RegisterClipboardFormatA

• 0x4915c8 CreateIconFromResourceEx

• 0x4915cc CreateIconFromResource

• 0x4915d0 DrawIconEx

• 0x4915d4 CreatePopupMenu

• 0x4915d8 AppendMenuA

• 0x4915dc ModifyMenuA

• 0x4915e0 CreateMenu

• 0x4915e4 CreateAcceleratorTableA

• 0x4915e8 GetDlgCtrlID

• 0x4915ec GetSubMenu

• 0x4915f0 EnableMenuItem

• 0x4915f4 ClientToScreen

• 0x4915f8 EnumDisplaySettingsA

• 0x4915fc LoadImageA

• 0x491600 ShowWindow

• 0x491604 IsWindowEnabled

• 0x491608 TranslateAcceleratorA

• 0x49160c GetKeyState

• 0x491610 CopyAcceleratorTableA

• 0x491614 PostQuitMessage

• 0x491618 IsZoomed

• 0x49161c GetWindowTextA

• 0x491620 GetWindowTextLengthA

• 0x491624 CharUpperA

• 0x491628 GetWindowDC

• 0x49162c BeginPaint

• 0x491630 EndPaint

• 0x491634 TabbedTextOutA

• 0x491638 DrawTextA

• 0x49163c GrayStringA

• 0x491640 GetDlgItem

• 0x491644 DestroyWindow

• 0x491648 CreateDialogIndirectParamA

• 0x49164c EndDialog

• 0x491650 GetNextDlgTabItem

• 0x491654 GetWindowPlacement

• 0x491658 RegisterWindowMessageA

• 0x49165c UnregisterClassA

• 0x491660 GetMessageTime

• 0x491664 RemovePropA

• 0x491668 CallWindowProcA

• 0x49166c GetPropA

• 0x491670 UnhookWindowsHookEx

• 0x491674 SetPropA

• 0x491678 GetClassLongA

• 0x49167c CallNextHookEx

• 0x491680 SetWindowsHookExA

• 0x491684 CreateWindowExA

• 0x491688 GetMenuItemID

• 0x49168c GetMenuItemCount

• 0x491690 RegisterClassA

• 0x491694 GetScrollPos

• 0x491698 AdjustWindowRectEx

• 0x49169c MapWindowPoints

• 0x4916a0 SendDlgItemMessageA

库: GDI32.dll:

• 0x491030 GetDIBits

• 0x491034 GetWindowExtEx

• 0x491038 GetViewportOrgEx

• 0x49103c GetWindowOrgEx

• 0x491040 BeginPath

• 0x491044 EndPath

• 0x491048 PathToRegion

• 0x49104c CreateEllipticRgn

• 0x491050 CreateRoundRectRgn

• 0x491054 GetTextColor

• 0x491058 GetBkMode

• 0x49105c GetBkColor

• 0x491060 GetROP2

• 0x491064 GetStretchBltMode

• 0x491068 GetPolyFillMode

• 0x49106c CreateCompatibleBitmap

• 0x491070 CreateDCA

• 0x491074 CreateBitmap

• 0x491078 SelectObject

• 0x49107c GetObjectA

• 0x491080 CreatePen

• 0x491084 PatBlt

• 0x491088 FillRgn

• 0x49108c CreateRectRgn

• 0x491090 CombineRgn

• 0x491094 CreateSolidBrush

• 0x491098 GetStockObject

• 0x49109c CreateFontIndirectA

• 0x4910a0 EndPage

• 0x4910a4 EndDoc

• 0x4910a8 DeleteDC

• 0x4910ac StartDocA

• 0x4910b0 StartPage

• 0x4910b4 BitBlt

• 0x4910b8 RealizePalette

• 0x4910bc Ellipse

• 0x4910c0 Rectangle

• 0x4910c4 LPtoDP

• 0x4910c8 DPtoLP

• 0x4910cc GetCurrentObject

• 0x4910d0 SelectPalette

• 0x4910d4 GetTextExtentPoint32A

• 0x4910d8 GetDeviceCaps

• 0x4910dc SaveDC

• 0x4910e0 RestoreDC

• 0x4910e4 SetBkMode

• 0x4910e8 SetPolyFillMode

• 0x4910ec SetROP2

• 0x4910f0 SetTextColor

• 0x4910f4 SetMapMode

• 0x4910f8 SetViewportOrgEx

• 0x4910fc OffsetViewportOrgEx

• 0x491100 SetViewportExtEx

• 0x491104 ScaleViewportExtEx

• 0x491108 SetWindowOrgEx

• 0x49110c SetWindowExtEx

• 0x491110 ScaleWindowExtEx

• 0x491114 GetClipBox

• 0x491118 ExcludeClipRect

• 0x49111c MoveToEx

• 0x491120 LineTo

• 0x491124 StretchBlt

• 0x491128 CreatePalette

• 0x49112c GetSystemPaletteEntries

• 0x491130 CreateDIBitmap

• 0x491134 DeleteObject

• 0x491138 SelectClipRgn

• 0x49113c CreatePolygonRgn

• 0x491140 GetClipRgn

• 0x491144 SetStretchBltMode

• 0x491148 CreateRectRgnIndirect

• 0x49114c ExtSelectClipRgn

• 0x491150 GetViewportExtEx

• 0x491154 SetBkColor

• 0x491158 RoundRect

• 0x49115c CreateCompatibleDC

• 0x491160 GetMapMode

• 0x491164 GetTextMetricsA

• 0x491168 Escape

• 0x49116c ExtTextOutA

• 0x491170 TextOutA

• 0x491174 RectVisible

• 0x491178 PtVisible

库: WINMM.dll:

• 0x4916d4 waveOutUnprepareHeader

• 0x4916d8 waveOutPrepareHeader

• 0x4916dc waveOutWrite

• 0x4916e0 waveOutPause

• 0x4916e4 waveOutReset

• 0x4916e8 waveOutClose

• 0x4916ec waveOutGetNumDevs

• 0x4916f0 waveOutOpen

• 0x4916f4 midiOutUnprepareHeader

• 0x4916f8 midiStreamOpen

• 0x4916fc midiStreamProperty

• 0x491700 midiOutPrepareHeader

• 0x491704 midiStreamOut

• 0x491708 midiStreamStop

• 0x49170c midiOutReset

• 0x491710 midiStreamClose

• 0x491714 midiStreamRestart

库: WINSPOOL.DRV:

• 0x49171c DocumentPropertiesA

• 0x491720 OpenPrinterA

• 0x491724 ClosePrinter

库: ADVAPI32.dll:

• 0x491000 RegCreateKeyExA

• 0x491004 RegQueryValueA

• 0x491008 RegSetValueExA

• 0x49100c RegOpenKeyExA

• 0x491010 RegCloseKey

库: SHELL32.dll:

• 0x491410 ShellExecuteA

• 0x491414 SHGetSpecialFolderPathA

• 0x491418 Shell_NotifyIconA

库: ole32.dll:

• 0x4917a4 CreateILockBytesOnHGlobal

• 0x4917a8 CoFreeUnusedLibraries

• 0x4917ac CoRegisterMessageFilter

• 0x4917b0 CoRevokeClassObject

• 0x4917b4 OleFlushClipboard

• 0x4917b8 StgCreateDocfileOnILockBytes

• 0x4917bc CoTaskMemFree

• 0x4917c0 CoTaskMemAlloc

• 0x4917c4 CLSIDFromProgID

• 0x4917c8 StgOpenStorageOnILockBytes

• 0x4917cc CoGetClassObject

• 0x4917d0 OleIsCurrentClipboard

• 0x4917d4 CLSIDFromString

• 0x4917d8 OleUninitialize

• 0x4917dc CoCreateInstance

• 0x4917e0 OleInitialize

库: OLEAUT32.dll:

• 0x4913b0 SafeArrayGetElemsize

• 0x4913b4 SysAllocStringByteLen

• 0x4913b8 VariantCopy

• 0x4913bc VariantClear

• 0x4913c0 VariantChangeType

• 0x4913c4 SafeArrayGetUBound

• 0x4913c8 SafeArrayGetLBound

• 0x4913cc SafeArrayGetDim

• 0x4913d0 SafeArrayUnaccessData

• 0x4913d4 SafeArrayAccessData

• 0x4913d8 SysAllocString

• 0x4913dc SafeArrayCreate

• 0x4913e0 UnRegisterTypeLib

• 0x4913e4 RegisterTypeLib

• 0x4913e8 LoadTypeLib

• 0x4913ec OleCreateFontIndirect

• 0x4913f0 SysFreeString

• 0x4913f4 SysAllocStringLen

• 0x4913f8 SysStringLen

• 0x4913fc VariantTimeToSystemTime

库: COMCTL32.dll:

• 0x491018 ImageList_GetIcon

• 0x49101c None

• 0x491020 ImageList_Destroy

• 0x491024 ImageList_Read

• 0x491028 ImageList_Duplicate

库: oledlg.dll:

• 0x4917e8 None

库: WS2_32.dll:

• 0x49172c WSAAsyncSelect

• 0x491730 closesocket

• 0x491734 send

• 0x491738 select

• 0x49173c WSACleanup

• 0x491740 WSAStartup

• 0x491744 gethostbyname

• 0x491748 htons

• 0x49174c bind

• 0x491750 socket

• 0x491754 recvfrom

• 0x491758 ioctlsocket

• 0x49175c connect

• 0x491760 inet_ntoa

• 0x491764 inet_addr

• 0x491768 gethostname

• 0x49176c getsockname

• 0x491770 ntohs

• 0x491774 recv

• 0x491778 listen

• 0x49177c getpeername

• 0x491780 accept

• 0x491784 WSAGetLastError

• 0x491788 __WSAFDIsSet

库: WININET.dll:

• 0x4916a8 InternetOpenA

• 0x4916ac InternetCloseHandle

• 0x4916b0 InternetSetOptionA

• 0x4916b4 InternetConnectA

• 0x4916b8 InternetReadFile

• 0x4916bc HttpQueryInfoA

• 0x4916c0 HttpSendRequestA

• 0x4916c4 HttpOpenRequestA

• 0x4916c8 InternetCrackUrlA

• 0x4916cc InternetCanonicalizeUrlA

库: comdlg32.dll:

• 0x491790 GetFileTitleA

• 0x491794 GetSaveFileNameA

• 0x491798 GetOpenFileNameA

• 0x49179c ChooseColorA

.text
`.rdata
@.data
.rsrc
8`}<j
T$hVj
D$|h 
|$`Vj
F<LiU
T$8h!
D$HUSj
D$8Rj
l$<VWj
T$ Rj
L$4S+L$0Qj
9-L~X
}'h  
D$dhL+W
9^xu5j
T$,Qj
T$0Pj
D$8RPj
T$Dhp1W
D$0h 
T$,Qj
NpRQj
t$<Vj
T$<h 
D$(hF
T$(h 
L$Th!
Vh@eB
QSh@2W
Qhh2W
Rhh2W
VhP2W
t{hH2W
L$POj
L$PMj
T$Hh 
L$|h 
T$ Wj
L$@RQj
D$@RPQj
D$ Pj
D$4Wj
D$8Wj
A=@5W
T$Dh 
D$0Rj
T$\h 
NTRPQj
IQhX=W
IQhP=W
Wh0PA
Qhx=W
Rhh2W
Rhh2W
ShP2W
D$ RPUhD
ujhh?W
T$0hD?W
(h8?W
[h8?W
WjdjdPQh
F$@!D
F(0"D
\$\}-j
VpPRj
@Ph4BW
8`}<j
D$(Uj
T$8hlDW
L$@hTDW
)h\CW
CPh|OW
PWhpPW
RWh\PW
RWhHPW
RVhpPW
QVh\PW
QVh(QW
RVhpPW
QVh\PW
uChTQW
PShpPW
RSh\PW
Wh|OW
@h|OW
RVhpPW
QVh\PW
PVhHPW
QSUVh
u|Vh|SW
u|Vh|SW
D$8t!j
T$DSRWQh
Vh|SW
D$HQh
IQh0\W
T$,Qj
ty=3'
L$$Pj
VRQUj
Ihp`W
Ihh`W
IhH`W
Ihh`W
UVWhh`W
u&h\bW
u&h\bW
mh\bW
u#h\bW
D$(h\bW
D$8h\bW
D$$h\bW
D$ h\bW
tKhPaW
RhlbW
RUVh0AE
D$0PUVhPNE
8 }9j
RVhlgW
D$DPj
Qh0hW
Ph(hW
T$ h@hW
L$ h4hW
QRhTiW
D$ hDiW
u8h8kW
WhhjW
Qh8jW
QRPh4mW
Wh(mW
PhDmW
QRPh4mW
QRPh4mW
WhLmW
T$4h`oW
SUVWh
Ph|qW
Vh|pW
QRh@pW
L$|PQh$pW
PhxoW
UWSPh
PQh<tW
RQh(tW
PQhtsW
U\Rh`sW
PQhHsW
QRh<tW
PQhltW
QRhTtW
QRh@tW
\$4VWh
|$TVj
DQRPj
8`}<j
QQSVWj
SVWUj
YYF;5
YYF;5
YYF;5
~\j$j
tBShykH
Wj(_Wj
~<j j
tBShykH
tBShykH
tBShykH
tBShykH
~`j,j
kernel32
kernel32
kernel32
GlobalSize
CreateSemaphoreA
WaitForSingleObject
d09f2340818511d396f6aaf844c7e325
52F260023059454187AF826A3C07AF2A
5F99C1642A2F4e03850721B4F5D7C3F8
707ca37322474f6ca841f0e224f4b620
A512548E76954B6E92C21055517615B0
5014D8FA6DCA40b68FA626D8183666EB
80CF4A6B3E09425bA57935A3A0E4C473
27bb20fdd3e145e4bee3db39ddd6e64c
window
EditBox
Button
ProcessBar
Timer
HtmlViewer
Download
TaskParam
StatusBar
TransLabel
USERPROFILE
\Local Settings\Application Data\hao123
\Local Settings\Application Data\hao123\config.ini
http://www.ku122.com
hao123
\Local Settings\Application Data\hao123\hao123.exe
.text
`.rdata
@.data
.rsrc
@.reloc
PhxFC
Qhb&@
*hx6@
whhx6@
/hrM@
VWh$MC
PhHMC
F0LTC
Ph$VC
F0LTC
Vhx6@
j hfs@
Vhx6@
uMhx6@
<hxVC
4hx6@
Vhx6@
Rh4VC
udh\GC
Fx\dC
F|<dC
Rh@eC
Rh|eC
QhleC
Rh@eC
r5f=Z
w/f=9
r^f=Z
wXf=9
F8`lC
F@poC
95$jD
Yh<FC
35h7D
u&hX}C
F\88D
F\=88D
;58=D
FFf=-
95\uD
f95HuD
95duD
95duD
GWh|~C
FVh|~C
;5 ED
v$;5<ED
SVWUj
95pED
95LjD
PSh|~C
CWinApp
DeactivateActCtx
ActivateActCtx
ReleaseActCtx
CreateActCtxW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
Exception thrown in destructor
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\appcore.cpp
CWinThread
CDialog
CCmdTarget
GetMonitorInfoA
GetMonitorInfoW
EnumDisplayDevicesW
EnumDisplayMonitors
MonitorFromPoint
MonitorFromRect
MonitorFromWindow
GetSystemMetrics
DISPLAY
InitCommonControls
InitCommonControlsEx
HtmlHelpW
hhctrl.ocx
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin2.inl
CFont
CGdiObject
CPaintDC
CWindowDC
CClientDC
CUserException
CResourceException
f:\dd\vctools\vc7libs\ship\atlmfc\include\afxwin1.inl
CInvalidArgException
CNotSupportedException
CMemoryException
CException
COleException
CMenu
CObject
CFile
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\filecore.cpp
f:\dd\vctools\vc7libs\ship\atlmfc\src\mfc\auxdata.cpp
CArchiveException
$@CMemFile
CMapPtrToPtr
MFCM80ReleaseManagedReferences
CPtrList
NotifyWinEvent
CFileException
COleDispatchException
CByteArray
CObArray
CPtrArray
COleBusyDialog
COleDialog
Unknown exception
CorExitProcess
mscoree.dll
SetThreadStackGuarantee
kernel32.dll
runtime error 
Microsoft Visual C++ Runtime Library
<program name unknown>
Program: 
.mixcrt
EncodePointer
KERNEL32.DLL
DecodePointer
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
(null)
`h````
UTF-8
UTF-16LE
UNICODE
bad exception
InitializeCriticalSectionAndSpinCount
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
e+000
GAIsProcessorFeaturePresent
KERNEL32
GetProcessWindowStation
GetUserObjectInformationA
GetLastActivePopup
GetActiveWindow
MessageBoxA
USER32.DLL
 Complete Object Locator'
 Class Hierarchy Descriptor'
 Base Class Array'
 Base Class Descriptor at (
 Type Descriptor'
`local static thread guard'
`managed vector copy constructor iterator'
`vector vbase copy constructor iterator'
`vector copy constructor iterator'
`dynamic atexit destructor for '
`dynamic initializer for '
`eh vector vbase copy constructor iterator'
`eh vector copy constructor iterator'
`managed vector destructor iterator'
`managed vector constructor iterator'
`placement delete[] closure'
`placement delete closure'
`omni callsig'
 delete[]
 new[]
`local vftable constructor closure'
`local vftable'
`RTTI
`udt returning'
`copy constructor closure'
`eh vector vbase constructor iterator'
`eh vector destructor iterator'
`eh vector constructor iterator'
`virtual displacement map'
`vector vbase constructor iterator'
`vector destructor iterator'
`vector constructor iterator'
`scalar deleting destructor'
`default constructor closure'
`vector deleting destructor'
`vbase destructor'
`string'
`local static guard'
`typeof'
`vcall'
`vbtable'
`vftable'
operator
 delete
__unaligned
__restrict
__ptr64
__clrcall
__fastcall
__thiscall
__stdcall
__pascal
__cdecl
__based(
HH:mm:ss
dddd, MMMM dd, yyyy
MM/dd/yy
December
November
October
September
August
April
March
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
CONOUT$
1#QNAN
1#INF
1#IND
1#SNAN
OLEACC.dll
bad allocation
d:\code\zebra_proj\dt_proj\basic\Output\BinRelease\Hao123Proj.pdb
CreateStdAccessibleObject
LresultFromObject
RemoveDirectoryW
ExitProcess
lstrlenW
FindResourceW
LoadResource
WideCharToMultiByte
SizeofResource
GetModuleFileNameW
CloseHandle
LockResource
FreeResource
CreateProcessW
GetTempPathW
MoveFileExW
GetModuleHandleW
Sleep
DeleteFileW
TerminateProcess
GetCurrentProcess
GetFileAttributesW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetProcAddress
FreeLibrary
GlobalAlloc
lstrcmpW
GlobalLock
InterlockedExchange
MultiByteToWideChar
CompareStringA
LoadLibraryW
GetLocaleInfoW
lstrcmpA
EnumResourceLanguagesW
GetVersion
ConvertDefaultLocale
GetCurrentThreadId
GetCurrentThread
GlobalDeleteAtom
GlobalAddAtomW
SetLastError
GetLastError
GetCurrentProcessId
GlobalFree
GlobalUnlock
GetVersionExA
LoadLibraryA
CompareStringW
GlobalFindAtomW
GetModuleHandleA
MulDiv
InterlockedDecrement
LocalFree
FormatMessageW
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileW
GlobalFlags
LocalAlloc
LeaveCriticalSection
TlsGetValue
EnterCriticalSection
GlobalReAlloc
GlobalHandle
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
InterlockedIncrement
GetThreadLocale
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
GetVolumeInformationW
GetFullPathNameW
CreateFileW
lstrlenA
SetErrorMode
GetFileTime
GetTickCount
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
RaiseException
HeapReAlloc
HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA
SetEnvironmentVariableA
KERNEL32.dll
SetTimer
KillTimer
IsIconic
SendMessageW
GetSystemMetrics
LoadIconW
GetClientRect
DrawIcon
GetSystemMenu
EnableWindow
AppendMenuW
PostQuitMessage
PostMessageW
ValidateRect
GetCursorPos
PeekMessageW
GetKeyState
IsWindowVisible
GetActiveWindow
DispatchMessageW
TranslateMessage
GetMessageW
CallNextHookEx
SetWindowsHookExW
SetCursor
MessageBoxW
IsWindowEnabled
GetLastActivePopup
GetWindowLongW
GetParent
GetWindowThreadProcessId
SetWindowPos
MapDialogRect
SetWindowContextHelpId
GetWindow
EndDialog
GetNextDlgTabItem
GetDlgItem
IsWindow
DestroyWindow
CreateDialogIndirectParamW
SetActiveWindow
GetDesktopWindow
CheckMenuItem
EnableMenuItem
GetMenuState
ModifyMenuW
GetFocus
LoadBitmapW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
GetWindowRect
GetWindowPlacement
SystemParametersInfoA
IntersectRect
OffsetRect
SetWindowLongW
CallWindowProcW
DefWindowProcW
GetDlgCtrlID
PtInRect
CopyRect
EqualRect
AdjustWindowRectEx
GetSysColor
RegisterClassW
GetClassInfoW
GetClassInfoExW
CreateWindowExW
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenu
UpdateWindow
SetForegroundWindow
MapWindowPoints
GetMessagePos
GetMessageTime
UnhookWindowsHookEx
GetTopWindow
GetForegroundWindow
GetWindowTextW
SetFocus
RemovePropW
GetPropW
SetPropW
GetClassNameW
GetClassLongW
GetCapture
IsChild
WinHelpW
SendDlgItemMessageA
SendDlgItemMessageW
RegisterWindowMessageW
IsDialogMessageW
SetWindowTextW
MoveWindow
ShowWindow
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
ClientToScreen
GetDC
ReleaseDC
GetWindowDC
BeginPaint
EndPaint
DestroyMenu
CharUpperW
GetSysColorBrush
LoadCursorW
SetCapture
ReleaseCapture
CharNextW
CopyAcceleratorTableW
IsRectEmpty
SetRect
InvalidateRect
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
UnregisterClassW
RegisterClipboardFormatW
PostThreadMessageW
USER32.dll
CreateBitmap
GetClipBox
SetTextColor
SetBkColor
GetObjectW
SaveDC
RestoreDC
SetMapMode
DeleteObject
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
GetStockObject
GetDeviceCaps
GetBkColor
GetTextColor
CreateRectRgnIndirect
GetRgnBox
GetMapMode
GDI32.dll
GetFileTitleW
comdlg32.dll
ClosePrinter
DocumentPropertiesW
OpenPrinterW
WINSPOOL.DRV
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegDeleteKeyW
RegCloseKey
RegEnumKeyW
RegOpenKeyW
RegQueryValueW
RegCreateKeyExW
ADVAPI32.dll
SHGetSpecialFolderPathW
ShellExecuteW
SHELL32.dll
InitCommonControlsEx
COMCTL32.dll
PathFileExistsW
PathFindFileNameW
PathRemoveFileSpecW
PathFindExtensionW
PathStripToRootW
PathIsUNCW
SHLWAPI.dll
OleUIBusyW
oledlg.dll
CLSIDFromProgID
CLSIDFromString
CoTaskMemFree
CoTaskMemAlloc
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
ole32.dll
OLEAUT32.dll
UnregisterClassA
.PAVCException@@
.PAVCMemoryException@@
.?AVIControlSiteFactory@@
.?AV?$CList@PAVIControlSiteFactory@@PAV1@@@
.?AVCOleControlSiteFactory@@
.?AVCControlSiteFactoryMgr@@
.?AVCNoTrackObject@@
.?AVCOccManager@@
.?AVCCmdUI@@
.?AVXAccessible@CWnd@@
.?AVXAccessibleServer@CWnd@@
.?AVCTestCmdUI@@
.?AV_AFX_HTMLHELP_STATE@@
.PAVCUserException@@
.?AV?$IAccessibleProxyImpl@VCAccessibleProxy@ATL@@@ATL@@
.?AUIAccessible@@
.?AUIDispatch@@
.?AUIUnknown@@
.?AUIAccessibleProxy@@
.?AV?$CMFCComObject@VCAccessibleProxy@ATL@@@@
.?AVCAccessibleProxy@ATL@@
.?AV?$CComObjectRootEx@VCComSingleThreadModel@ATL@@@ATL@@
.?AVCComObjectRootBase@ATL@@
.?AUIOleWindow@@
.?AVCAfxStringMgr@@
.?AUIAtlStringMgr@ATL@@
.PAVCResourceException@@
.PAVCSimpleException@@
.PAVCObject@@
.?AVCResourceException@@
.?AVCSimpleException@@
.?AVCException@@
.?AVCUserException@@
.?AVCGdiObject@@
.?AVCDC@@
.?AVCClientDC@@
.?AVCWindowDC@@
.?AVCPaintDC@@
.?AV_AFX_THREAD_STATE@@
.?AVAFX_MODULE_THREAD_STATE@@
.?AVAFX_MODULE_STATE@@
.?AVCDllIsolationWrapperBase@@
.?AVCComCtlWrapper@@
.?AVCCommDlgWrapper@@
.?AV_AFX_BASE_MODULE_STATE@@
.PAVCNotSupportedException@@
.PAVCInvalidArgException@@
.?AVCMemoryException@@
.?AVCNotSupportedException@@
.?AVCInvalidArgException@@
.?AVCOleException@@
.PAVCOleException@@
.?AVCMenu@@
.?AVCFont@@
.?AUCThreadData@@
.?AVCHandleMap@@
.?AVCFile@@
.?AVCFileException@@
.?AVCArchiveException@@
.PAVCArchiveException@@
.?AVCEnumUnknown@@
.?AVCEnumArray@@
.?AV?$_CTypedPtrList@VCPtrList@@PAUCOleControlSiteOrWnd@@@@
.?AVCPtrList@@
.?AV?$CTypedPtrList@VCPtrList@@PAUCOleControlSiteOrWnd@@@@
.?AVCOleControlContainer@@
.?AVXOleContainer@COleControlContainer@@
.?AUIOleContainer@@
.?AUIParseDisplayName@@
.?AVXOleIPFrame@COleControlContainer@@
.?AUIOleInPlaceFrame@@
.?AUIOleInPlaceUIWindow@@
.?AVCDataSourceControl@@
.?AUINotifyDBEvents@@
.?AVXOleClientSite@COleControlSite@@
.?AUIOleClientSite@@
.?AVXOleControlSite@COleControlSite@@
.?AUIOleControlSite@@
.?AVXAmbientProps@COleControlSite@@
.?AVXPropertyNotifySink@COleControlSite@@
.?AUIPropertyNotifySink@@
.?AVXEventSink@COleControlSite@@
.?AVXBoundObjectSite@COleControlSite@@
.?AUIBoundObjectSite@@
.?AVXNotifyDBEvents@COleControlSite@@
.?AVXRowsetNotify@COleControlSite@@
.?AUIRowsetNotify@@
.?AVXOleIPSite@COleControlSite@@
.?AUIOleInPlaceSiteWindowless@@
.?AUIOleInPlaceSiteEx@@
.?AUIOleInPlaceSite@@
.?AVCRgn@@
.?AVCOleControlSite@@
.?AVCMemFile@@
.?AVCMapPtrToPtr@@
.?AVCFixedStringMgr@ATL@@
.?AV?$CFixedStringT@V?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@$0BAA@@ATL@@
.?AV?$CStringT@_WV?$StrTraitMFC@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@
.?AV?$CSimpleStringT@_W$0A@@ATL@@
.PAVCFileException@@
.?AVCCommonDialog@@
.?AVCObArray@@
.?AV?$CArray@VCVariantBoolPair@@ABV1@@@
.?AVCOleDispatchException@@
.PAVCOleDispatchException@@
.?AVXEnumVOID@CEnumArray@@
.?AUIEnumVOID@@
.?AVCArchiveStream@@
.?AUIStream@@
.?AUISequentialStream@@
.?AVCByteArray@@
.?AVCOleMessageFilter@@
.?AVXMessageFilter@COleMessageFilter@@
.?AUIMessageFilter@@
.?AV?$CArray@W4LoadArrayObjType@CArchive@@ABW412@@@
.?AVCPtrArray@@
.?AV_AFX_OLE_STATE@@
.?AVCOleBusyDialog@@
.?AVCOleDialog@@
.?AVtype_info@@
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
                          
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
.?AVbad_exception@std@@
.?AVCObject@@
.?AVCCmdTarget@@
.?AVCWinThread@@
.?AVCWinApp@@
.?AVCHao123ProjApp@@
.?AVCAboutDlg@@
.?AVCWnd@@
.?AVCDialog@@
.?AVCHao123ProjDlg@@
.?AVCIniFile@@
.?AVexception@std@@
  </compatibility></assembly>
=M>l>^?f?
=q>=?A?E?I?M?Q?U?Y?]?a?e?i?
?,?A?
=<>3?
?(?L?
:O=f=
=X?\?`?d?
? ?$?(?0?
ProgramFiles
\2345Soft\2345Explorer\2345Explorer.exe
\2345Soft\2345Explorer
http://www.2345.com/?k5209809
\Tencent\QQBrowser\QQBrowser.exe
\Tencent\QQBrowser
\liebao\liebao.exe
\liebao
360se6\Application\360se.exe
360se6\Application\
http://hao.360.cn/?src=lm&ls=n29ef8d0697
\Local Settings\Application Data\360Chrome\Chrome\Application\360chrome.exe
\Local Settings\Application Data\360Chrome\Chrome\Application\
Popup.txt
http://www.baiasp.com/tlrwp.html?crack
http://www.baiasp.com/tlrwp2.html?crack
20160729updowntemp
%/100%
anonymous
anonymous@123.com
.exe|.rar|.zip|.gif|.jpg|.mp3|.rm
kernel32
GlobalSize
CreateSemaphoreA
WaitForSingleObject
 Se@eW
 Se$eW
_\D+LdW
_\D+<dW
MbP?RTSP/1.0
%*.*f
CNotSupportedException
CMemoryException
CException
CFile
CMemFile
CTempGdiObject
CTempDC
CPalette
CBitmap
CFont
CBrush
CGdiObject
CPaintDC
CWindowDC
CClientDC
CUserException
CResourceException
CDialog
MS Sans Serif
MS Shell Dlg
CTempWnd
AfxOldWndProc423
AfxWnd42s
AfxControlBar42s
AfxMDIFrame42s
AfxFrameOrView42s
AfxOleControl42s
GetMonitorInfoA
EnumDisplayMonitors
MonitorFromPoint
MonitorFromRect
MonitorFromWindow
GetSystemMetrics
USER32
commctrl_DragListMsg
Afx:%x:%x:%x:%x:%x
Afx:%x:%x
InitCommonControlsEx
COMCTL32.DLL
CPtrArray
CEdit
CComboBox
CButton
CStatic
CFileDialog
CStringArray
CWinApp
PreviewPages
Settings
CTempImageList
CImageList
CStatusBarCtrl
CProgressCtrl
CSpinButtonCtrl
msctls_statusbar32
CArchiveException
CSharedFile
CCmdTarget
CWinThread
CTempMenu
CMenu
combobox
CDWordArray
CWordArray
CFileException
CMapPtrToPtr
CToolTipCtrl
tooltips_class32
CColorDialog
UNLINK
DELETE
CObject
COleDispatchException
CByteArray
COleException
System
commdlg_SetRGBColor
commdlg_help
commdlg_ColorOK
commdlg_FileNameOK
commdlg_ShareViolation
commdlg_LBSelChangedNotify
CPtrList
software
CSyncObject
CCriticalSection
CMapStringToPtr
RichEdit Text and Objects
Rich Text Format
FileNameW
FileName
Link Source Descriptor
Object Descriptor
Link Source
Embed Source
Embedded Object
ObjectLink
OwnerLink
Native
COleBusyDialog
COleDialog
%2\CLSID
%2\Insertable
%2\protocol\StdFileEditing\verb\0
&Edit
%2\protocol\StdFileEditing\server
CLSID\%1
CLSID\%1\ProgID
CLSID\%1\InprocHandler32
ole32.dll
CLSID\%1\LocalServer32
CLSID\%1\Verb\0
&Edit,0,2
CLSID\%1\Verb\1
&Open,0,2
CLSID\%1\Insertable
CLSID\%1\AuxUserType\2
CLSID\%1\AuxUserType\3
CLSID\%1\DefaultIcon
%3,%7
CLSID\%1\MiscStatus
CLSID\%1\InProcServer32
CLSID\%1\DocObject
%2\DocObject
CLSID\%1\Printable
CLSID\%1\DefaultExtension
%9, %8
H:mm:ss
dddd, MMMM dd, yyyy
M/d/yy
December
November
October
September
August
April
March
February
January
Saturday
Friday
Thursday
Wednesday
Tuesday
Monday
Sunday
am/pm
__GLOBAL_HEAP_SELECTED
__MSVCRT_HEAP_SELECT
runtime error 
Microsoft Visual C++ Runtime Library
Program: 
<program name unknown>
GAIsProcessorFeaturePresent
KERNEL32
e+000
frexp
_hypot
_cabs
ldexp
floor
atan2
log10
`h````
(null)
SunMonTueWedThuFriSat
JanFebMarAprMayJunJulAugSepOctNovDec
GetLastActivePopup
GetActiveWindow
MessageBoxA
user32.dll
1#QNAN
1#INF
1#IND
1#SNAN
RasGetConnectStatusA
RasHangUpA
RASAPI32.dll
CloseHandle
WaitForSingleObject
CreateProcessA
GetTickCount
GetCommandLineA
MulDiv
GetProcAddress
GetModuleHandleA
GetVolumeInformationA
SetCurrentDirectoryA
CreateDirectoryA
GetFileAttributesA
FindClose
FindFirstFileA
GetTempPathA
GlobalUnlock
GlobalLock
GlobalAlloc
Sleep
CreateEventA
CreateThread
WritePrivateProfileStringA
GetVersionExA
lstrlenA
LoadLibraryA
FreeLibrary
GetFullPathNameA
HeapAlloc
GetProcessHeap
HeapReAlloc
HeapFree
GlobalReAlloc
FindNextFileA
lstrcpyA
WinExec
lstrcatA
InitializeCriticalSection
DeleteCriticalSection
GlobalFree
GlobalSize
ExitProcess
GetCurrentThreadId
GetModuleFileNameA
LockResource
LoadResource
FindResourceA
SetEvent
CreateFileA
WaitForMultipleObjects
GetLastError
ReadFile
WriteFile
GetProfileStringA
LeaveCriticalSection
EnterCriticalSection
ReleaseSemaphore
ResumeThread
CreateSemaphoreA
GetSystemDirectoryA
GetWindowsDirectoryA
GetCurrentProcess
MultiByteToWideChar
WideCharToMultiByte
TerminateThread
FileTimeToSystemTime
GetTimeZoneInformation
SetLastError
MapViewOfFile
CreateFileMappingA
LocalFree
UnmapViewOfFile
FormatMessageA
KERNEL32.dll
WaitForInputIdle
wsprintfA
CloseClipboard
GetClipboardData
OpenClipboard
SetClipboardData
EmptyClipboard
GetSystemMetrics
GetCursorPos
MessageBoxA
MessageBeep
SetWindowPos
SendMessageA
DestroyCursor
SetParent
IsWindow
PostMessageA
GetTopWindow
GetParent
GetFocus
GetClientRect
InvalidateRect
ValidateRect
UpdateWindow
EqualRect
GetWindowRect
SetForegroundWindow
DestroyMenu
IsChild
ReleaseDC
IsRectEmpty
FillRect
GetDC
SetCursor
LoadCursorA
SetCursorPos
SetActiveWindow
GetSysColor
SetWindowLongA
GetWindowLongA
RedrawWindow
EnableWindow
IsWindowVisible
OffsetRect
PtInRect
DestroyIcon
IntersectRect
SetRect
InflateRect
SetScrollPos
SetScrollRange
GetScrollRange
SetCapture
GetCapture
ReleaseCapture
SetTimer
KillTimer
WinHelpA
LoadBitmapA
CopyRect
ChildWindowFromPointEx
ScreenToClient
GetMessagePos
SetWindowRgn
DestroyAcceleratorTable
GetWindow
GetActiveWindow
SetFocus
IsIconic
PeekMessageA
SetMenu
GetMenu
DefWindowProcA
GetClassInfoA
DeleteMenu
GetSystemMenu
IsZoomed
PostQuitMessage
CopyAcceleratorTableA
GetKeyState
TranslateAcceleratorA
IsWindowEnabled
ShowWindow
LoadImageA
EnumDisplaySettingsA
ClientToScreen
EnableMenuItem
GetSubMenu
GetDlgCtrlID
CreateAcceleratorTableA
CreateMenu
ModifyMenuA
AppendMenuA
CreatePopupMenu
DrawIconEx
CreateIconFromResource
CreateIconFromResourceEx
RegisterClipboardFormatA
SetRectEmpty
DispatchMessageA
GetMessageA
WindowFromPoint
DrawFocusRect
DrawEdge
DrawFrameControl
LoadIconA
TranslateMessage
SystemParametersInfoA
GetForegroundWindow
SetWindowTextA
USER32.dll
GetDeviceCaps
GetTextExtentPoint32A
RoundRect
GetCurrentObject
DPtoLP
LPtoDP
Rectangle
Ellipse
CreateCompatibleDC
BitBlt
StartPage
StartDocA
DeleteDC
EndDoc
EndPage
CreateFontIndirectA
GetStockObject
CreateSolidBrush
CombineRgn
CreateRectRgn
FillRgn
PatBlt
CreatePen
GetObjectA
SelectObject
CreateBitmap
CreateDCA
CreateCompatibleBitmap
GetPolyFillMode
GetStretchBltMode
GetROP2
GetBkColor
GetBkMode
GetTextColor
CreateRoundRectRgn
CreateEllipticRgn
PathToRegion
EndPath
BeginPath
GetWindowOrgEx
GetViewportOrgEx
GetWindowExtEx
GetDIBits
RealizePalette
SelectPalette
StretchBlt
CreatePalette
GetSystemPaletteEntries
CreateDIBitmap
DeleteObject
SelectClipRgn
CreatePolygonRgn
GetClipRgn
SetStretchBltMode
CreateRectRgnIndirect
SetBkColor
GDI32.dll
midiStreamRestart
midiStreamClose
midiOutReset
midiStreamStop
midiStreamOut
midiOutPrepareHeader
midiStreamProperty
midiStreamOpen
midiOutUnprepareHeader
waveOutOpen
waveOutGetNumDevs
waveOutClose
waveOutReset
waveOutPause
waveOutWrite
waveOutPrepareHeader
waveOutUnprepareHeader
WINMM.dll
ClosePrinter
DocumentPropertiesA
OpenPrinterA
WINSPOOL.DRV
RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegQueryValueA
ADVAPI32.dll
ShellExecuteA
Shell_NotifyIconA
SHGetSpecialFolderPathA
SHELL32.dll
CLSIDFromString
OleUninitialize
CoCreateInstance
OleInitialize
ole32.dll
OLEAUT32.dll
ImageList_GetIcon
ImageList_Destroy
ImageList_Read
ImageList_Duplicate
COMCTL32.dll
oledlg.dll
WS2_32.dll
InternetOpenA
InternetCloseHandle
InternetSetOptionA
InternetConnectA
InternetReadFile
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetCrackUrlA
InternetCanonicalizeUrlA
WININET.dll
InterlockedIncrement
InterlockedDecrement
FileTimeToLocalFileTime
lstrcpynA
DuplicateHandle
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetThreadLocale
lstrcmpiA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetVersion
lstrcmpA
LocalAlloc
TlsAlloc
GlobalHandle
TlsFree
TlsSetValue
LocalReAlloc
TlsGetValue
GetFileSize
GetFileTime
GetCurrentThread
GlobalFlags
SetErrorMode
GetProcessVersion
GetCPInfo
GetOEMCP
GetStartupInfoA
RtlUnwind
ExitThread
TerminateProcess
GetSystemTime
GetLocalTime
RaiseException
HeapSize
GetACP
SetStdHandle
GetFileType
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
SetEnvironmentVariableA
LCMapStringA
LCMapStringW
VirtualAlloc
IsBadWritePtr
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
CompareStringA
CompareStringW
IsBadReadPtr
IsBadCodePtr
GetWindowTextA
GetWindowTextLengthA
CharUpperA
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
GetDlgItem
DestroyWindow
CreateDialogIndirectParamA
EndDialog
GetNextDlgTabItem
GetWindowPlacement
RegisterWindowMessageA
GetLastActivePopup
GetMessageTime
RemovePropA
CallWindowProcA
GetPropA
UnhookWindowsHookEx
SetPropA
GetClassLongA
CallNextHookEx
SetWindowsHookExA
CreateWindowExA
GetMenuItemID
GetMenuItemCount
RegisterClassA
GetScrollPos
AdjustWindowRectEx
MapWindowPoints
SendDlgItemMessageA
ScrollWindowEx
IsDialogMessageA
MoveWindow
CheckMenuItem
SetMenuItemBitmaps
GetMenuState
GetMenuCheckMarkDimensions
GetClassNameA
GetDesktopWindow
CharNextA
SetWindowContextHelpId
MapDialogRect
LoadStringA
GetSysColorBrush
GetNextDlgGroupItem
PostThreadMessageA
SaveDC
RestoreDC
SetBkMode
SetPolyFillMode
SetROP2
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
ExcludeClipRect
MoveToEx
LineTo
ExtSelectClipRgn
GetViewportExtEx
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetTextMetricsA
GetMapMode
GetFileTitleA
GetSaveFileNameA
GetOpenFileNameA
ChooseColorA
comdlg32.dll
RegCreateKeyExA
CLSIDFromProgID
CoTaskMemAlloc
CoTaskMemFree
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoFreeUnusedLibraries
CoRegisterMessageFilter
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
UnregisterClassA
.PAVCException@@
.PAVCNotSupportedException@@
.PAVCFileException@@
 (*.*)|*.*||
Shell32.dll
Mpr.dll
Advapi32.dll
User32.dll
Gdi32.dll
Kernel32.dll
msctls_updown32
BUTTON
msctls_progress32
\shell\open\command
mailto:
DISPLAY
OpenDatabase
CloseDatabase
GetConnectString
GetTabList
DllUnregisterServer
DllRegisterServer
DEFAULT_ICON
RemovePlayer
CWinFormUnit
WTWindow
%.13g
bcdfghijklmnpqrstuvwxyz
abcddefghijklmnoopqrrsstuvvwwxyyz;
(&07-034/)7 '
 !"#!
zheng
?? / %d]
%d / %d]
: %d]
 (*.*)|*.*||
 (*.MID)|*.MID|
 (*.*)|*.*||
Ctrl+Shift+F12
Ctrl+Shift+F11
Ctrl+Shift+F10
Ctrl+Shift+F9
Ctrl+Shift+F8
Ctrl+Shift+F7
Ctrl+Shift+F6
Ctrl+Shift+F5
Ctrl+Shift+F4
Ctrl+Shift+F3
Ctrl+Shift+F2
Ctrl+Shift+F1
Shift+F12
Shift+F11
Shift+F10
Shift+F9
Shift+F8
Shift+F7
Shift+F6
Shift+F5
Shift+F4
Shift+F3
Shift+F2
Shift+F1
Ctrl+F12
Ctrl+F11
Ctrl+F10
Ctrl+F9
Ctrl+F8
Ctrl+F7
Ctrl+F6
Ctrl+F5
Ctrl+F4
Ctrl+F3
Ctrl+F2
Ctrl+F1
Ctrl+Z
Ctrl+Y
Ctrl+X
Ctrl+W
Ctrl+V
Ctrl+U
Ctrl+T
Ctrl+S
Ctrl+R
Ctrl+Q
Ctrl+P
Ctrl+O
Ctrl+N
Ctrl+M
Ctrl+L
Ctrl+K
Ctrl+J
Ctrl+I
Ctrl+H
Ctrl+G
Ctrl+F
Ctrl+E
Ctrl+D
Ctrl+C
Ctrl+B
Ctrl+A
 (*.*)|*.*||
%s:%d
devices
windows
device
MGridCells
CColourPicker
out.prn
%d.%d
%d / %d
Bogus message code %d
(%d-%d):
%ld%c
JPEGMEM
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
.PAVCException@@
HTTP/1.0
gb2312
us-ascii
=?gb2312?B?
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
%s <%s>
Content-type: text/plain; charset="
%a, %d %b %Y %H:%M:%S 
%+.2d%.2d
Caption
StatusText
 (*.htm;*.html)|*.htm;*.html
Silent
Offline
FontSize
MousePointer
disable
visible
height
width
LLLLLK
.PAVCException@@
anonymous@123.com
anonymous
 [%s]
 [%s:%d]
 [%s:%d]
 [%s]
 [%s]
REST 0
REST 100
PASS %s
PASS ******
USER %s
E:\dev\e\static_link\static_libs\source\downlib\mystrlib.cpp
0123456789abcdef
RETR 
TYPE A
TYPE I
REST 
STOR 
restart
Restart
REST 100
REST 0
SIZE %s
TYPE I
TYPE A
PORT 
RETR 
STOR 
Connection: close
Mozilla/4.0 (compatible; MSIE 5.00; Windows 98)
HTTP/1.0
HTTP/1.1
Content-disposition: 
Content-Disposition: 
Server: 
Last-Modified: 
Set-cookie: 
Set-Cookie: 
Content-type: 
Content-Type: 
Connection: 
Accept-Ranges: 
Location: 
Via: 
Content-range: 
Content-Range: 
Content-length: 
Content-Length: 
http://
Cookie: %s
filename=
0123456789ABCDEF
asf 2.0 header
codec comment1 header
audio conceal none
reserved marker
reserved script command
reserved_1
mutex unknown
mutex bitrate
audio spread
no error correction
command media
video media
audio media
padding
error correction
extended content description
codec list
bitrate mutual exclusion
header extension
marker
script command
extended content encryption
content description
stream bitrate properties
stream header
file properties
simple index
header
error
\\192.168.0.129\TCP\1037
NSPlayer/9.0.0.2980; {%s}; Host: %s
 [%s:%d]
 [%s]
!<<>>!
0.000
Location
Helix
unknown
RealChallenge1
Server
rmff_fix_header: no fileheader, creating one
SET_PARAMETER
%s %s %s
Session: %s
Cseq: %u
Session:
%*s %s
Server:
%*s %u
CSeq:
Cseq:
CSeq: %u
RTSP/1.0 200 OK
OPTIONS
rtsp://%s:%i
DESCRIBE
rtsp://%s:%i/%s
SETUP
RTSP/1.0 451 Parameter Not Understood
ClientID: Linux_2.4_6.0.9.1235_play32_RN01_EN_586
RegionData: 0
GUID: 00000000-0000-0000-0000-000000000000
CompanyID: KnKV4M4I/B2FjJ1TToLycw==
PlayerStarttime: [28/03/2003:22:50:23 00:00]
ClientChallenge: 9e26d33f2984236010ef6253fb1887f7
CSeq: 1
 [%s:%d]
 [%s]
User-Agent: RealMedia Player Version 6.0.9.1235 (linux-2.0-libc6-i386-gcc2.95)
rtsp://
Alert
Range: npt=%s-
%s/streamid=1
%s/streamid=0
Transport: x-pn-tng/tcp;mode=play,rtp/avp/tcp;unicast;mode=play
If-Match: %s
RealChallenge2: %s, sd=%s
Subscribe: 
Content-length
Require: com.real.retain-entity-for-setup
Language: en-US
SupportsMaximumASMBandwidth: 1
Bandwidth: %u
Accept: application/sdp
RealChallenge1
01d0a8e3
stream=%u;rule=%u,
OldPNMPlayer
Bandwidth
a=ASMRuleBook:string;
a=OpaqueData:buffer;
a=mimetype:string;
a=StreamName:string;
a=length:npt=
a=Preroll:integer;
a=StartTime:integer;
a=MaxPacketSize:integer;
a=MaxBitRate:integer;
a=control:streamid=
a=Flags:integer;
a=StreamCount:integer;
a=Abstract:buffer;
a=Copyright:buffer;
a=Author:buffer;
a=Title:buffer;
.PAVCException@@
.PAVCOleException@@
.PAVCObject@@
.PAVCSimpleException@@
.PAVCMemoryException@@
.?AVCObject@@
.?AVCException@@
.?AVCSimpleException@@
.?AVCMemoryException@@
.?AVCNotSupportedException@@
.?AVCFile@@
.?AVCFileException@@
.?AVCMemFile@@
.?AVCDC@@
.?AVCClientDC@@
.?AVCWindowDC@@
.?AVCPaintDC@@
.?AVCGdiObject@@
.?AVCPen@@
.?AVCBrush@@
.?AVCTempDC@@
.?AVCTempGdiObject@@
.PAVCResourceException@@
.PAVCUserException@@
.?AVCResourceException@@
.?AVCUserException@@
.?AVCCmdTarget@@
.?AVCWnd@@
.?AVCDialog@@
.?AVCCmdUI@@
.?AVCTestCmdUI@@
.?AVCTempWnd@@
.?AVCNoTrackObject@@
.?AV_AFX_CTL3D_STATE@@
.?AVCPtrArray@@
.?AVCStatic@@
.?AVCButton@@
.?AVCComboBox@@
.?AVCEdit@@
.?AV_AFX_CHECKLIST_STATE@@
.?AVCBitmap@@
.?AVCRgn@@
.?AVCCommonDialog@@
.?AVCFileDialog@@
.?AV_AFX_THREAD_STATE@@
.?AVAFX_MODULE_STATE@@
.?AVAFX_MODULE_THREAD_STATE@@
.?AV_AFX_BASE_MODULE_STATE@@
.?AVCStringArray@@
.?AUCThreadData@@
.?AV_AFX_WIN_STATE@@
.?AVCWinThread@@
.?AVCWinApp@@
.?AVCStatusBarCtrl@@
.?AVCSpinButtonCtrl@@
.?AVCProgressCtrl@@
.?AVCImageList@@
.?AVCTempImageList@@
.PAVCArchiveException@@
.?AVCArchiveException@@
.?AVCSharedFile@@
.?AV_AFX_CTL3D_THREAD@@
.?AVCMenu@@
.?AVCTempMenu@@
.?AVCDWordArray@@
.?AVCWordArray@@
.?AVCSyncObject@@
.PAVCOleDispatchException@@
.?AVCMapPtrToPtr@@
.?AVCToolTipCtrl@@
.?AV_AFX_COLOR_STATE@@
.?AVCColorDialog@@
.?AV_AFX_SOCK_STATE@@
.?AVCCriticalSection@@
.?AVCSessionMapPtrToPtr@@
.?AUIOleWindow@@
.?AUIOleInPlaceUIWindow@@
.?AUIOleInPlaceFrame@@
.?AVXOleIPFrame@COleControlContainer@@
.?AVCOleControlContainer@@
.?AUIUnknown@@
.?AUIParseDisplayName@@
.?AUIOleContainer@@
.?AVXOleContainer@COleControlContainer@@
.?AVCFont@@
.?AVCEnumArray@@
.?AVCEnumUnknown@@
.?AVCOccManager@@
.?AUIDispatch@@
.?AVCOleDispatchException@@
.?AVCByteArray@@
.?AVCOleException@@
.?AUISequentialStream@@
.?AUIStream@@
.?AVCArchiveStream@@
.?AVCHandleMap@@
.?AVCPtrList@@
.?AVCMapStringToPtr@@
.?AUIRowsetNotify@@
.?AVXRowsetNotify@COleControlSite@@
.?AUIOleInPlaceSite@@
.?AVXOleIPSite@COleControlSite@@
.?AUINotifyDBEvents@@
.?AVXNotifyDBEvents@COleControlSite@@
.?AUIOleClientSite@@
.?AVXOleClientSite@COleControlSite@@
.?AUIBoundObjectSite@@
.?AVXBoundObjectSite@COleControlSite@@
.?AVXEventSink@COleControlSite@@
.?AVCOleControlSite@@
.?AUIPropertyNotifySink@@
.?AVXPropertyNotifySink@COleControlSite@@
.?AVXAmbientProps@COleControlSite@@
.?AUIOleControlSite@@
.?AVXOleControlSite@COleControlSite@@
.?AVCDataSourceControl@@
.?AUIEnumVOID@@
.?AVXEnumVOID@CEnumArray@@
.?AVCOleMessageFilter@@
.?AUIMessageFilter@@
.?AVXMessageFilter@COleMessageFilter@@
.?AVCOleDialog@@
.?AVCOleBusyDialog@@
.?AV_AFX_OLE_STATE@@
.?AVtype_info@@
resource.h
SbpS:g:
USMO:
-NbkSbpS(
-NbkSbpS
OX[0R 
N*N(W%
N*N(W%
N*N(W0
g~b0R 
jjjjh
pSettings
PreviewPages
KERNEL32
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoRun
NoDrives
RestrictRun
NoNetConnectDisconnect
NoRecentDocsHistory
NoClose
Software\Microsoft\Windows\CurrentVersion\Policies\Network
NoEntireNetwork
Software\Microsoft\Windows\CurrentVersion\Policies\Comdlg32
NoPlacesBar
NoBackButton
NoFileMru
ntdll.dll
Control Panel\Desktop\ResourceLocale
kernel32.dll
%s%s.dll
@%s (%s:%d)
@Software\
Asoftware
BEdit
MS Shell Dlg
AfxWnd80su
AfxControlBar80su
AfxMDIFrame80su
AfxFrameOrView80su
AfxOleControl80su
AfxOldWndProc423
USER32
YaccParent
accChildCount
accChild
accName
accValue
accDescription
accRole
accState
accHelp
accHelpTopic
accKeyboardShortcut
accFocus
accSelection
accDefaultAction
accSelect
accLocation
accNavigate
accHitTest
accDoDefaultAction
#32768
commctrl_DragListMsg
@comctl32.dll
@comdlg32.dll
ASystem
mfcm80u.dll
user32.dll
MSWHEEL_ROLLMSG
ARichEdit Text and Objects
Rich Text Format
FileNameW
FileName
Link Source Descriptor
Object Descriptor
Link Source
Embed Source
Embedded Object
ObjectLink
OwnerLink
Native
%2\CLSID
%2\Insertable
%2\protocol\StdFileEditing\verb\0
&Edit
%2\protocol\StdFileEditing\server
CLSID\%1
CLSID\%1\ProgID
CLSID\%1\InprocHandler32
ole32.dll
CLSID\%1\LocalServer32
CLSID\%1\Verb\0
&Edit,0,2
CLSID\%1\Verb\1
&Open,0,2
CLSID\%1\Insertable
CLSID\%1\AuxUserType\2
CLSID\%1\AuxUserType\3
CLSID\%1\DefaultIcon
%3,%7
CLSID\%1\MiscStatus
CLSID\%1\InProcServer32
CLSID\%1\DocObject
%2\DocObject
CLSID\%1\Printable
CLSID\%1\DefaultExtension
%9, %8
UTF-8
UTF-16LE
UNICODE
(null)
Local AppWizard-Generated Applications
Delete
NoRemove
ForceRemove
Chttp\shell\open\command
SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE
\Internet Explorer\iexplore.exe
uninstall
config.ini
hao123
\hao123.lnk
\config.ini
\hao123.exe
\uninstall.exe
Software\Microsoft\Windows\CurrentVersion\Uninstall
@Apartment
About Hao123Proj
MS Shell Dlg
Hao123Proj Version 1.0
Copyright (C) 2014
MS Shell Dlg
MS Shell Dlg
&New 
Cancel
&Help
MS Shell Dlg
&About Hao123Proj...
Untitled
an unnamed file
&Hide
An unknown error has occurred.$An invalid argument was encountered.
Command failed.)Insufficient memory to perform operation.PSystem registry entries have been removed and the INI file (if any) was deleted.BNot all of the system registry entries (or INI file) were removed.FThis program requires the file %s, which was not found on this system.tThis program is linked to the missing export %s in the file %s. This machine may have an incompatible version of %s.
Please enter a date.
Destination disk drive is full.5Unable to read from %1, it is opened by someone else.AUnable to write to %1, it is read-only or opened by someone else..An unexpected error occurred while reading %1..An unexpected error occurred while writing %1.
Dispatch exception: %1
#Unable to read write-only property.#Unable to write read-only property.
Mail system DLL is invalid.!Send Mail failed to send message.
Disk full while accessing %1..An attempt was made to access %1 past its end.
%1 has a bad format."%1 contained an unexpected object. %1 contains an incorrect schema.
pixels
Mixed
VS_VERSION_INFO
StringFileInfo
040904E4
CompanyName
FileDescription
FileVersion
1.0.0.0
InternalName
Hao123.exe
LegalCopyright
 www.xxm4com. All rights reserved.
OriginalFilename
Hao123.exe
ProductName
ProductVersion
1.6.4.10
VarFileInfo
Translation
(null)
;T^h<U_i=V`j>Wak?Xbl@YcmAZdnB[eoC\fpD]gq
Ctrl+PageUp
Ctrl+PageDown
PageUp
PageDown
Ctrl+G
Ctrl+Home
Ctrl+End
Shift+Tab
Tab/Enter
Ctrl+N
Ctrl+D
msctls_updown32
Spin1
msctls_updown32
Spin1
msctls_updown32
Spin1
msctls_updown32
Spin1
msctls_updown32
Spin1
msctls_updown32
Spin1
msctls_updown32
Spin1
msctls_updown32
Spin1
msctls_updown32
Spin1
msctls_updown32
Spin1
msctls_progress32
Progress1
MS Shell Dlg
 ......
VS_VERSION_INFO
StringFileInfo
080404B0
FileVersion
1.0.0.0
FileDescription
ProductName
ProductVersion
1.0.0.0
CompanyName
LegalCopyright
 2012 - 2017
Comments
VarFileInfo
Translation

防病毒引擎/厂商	病毒名/规则匹配	病毒库日期
Bkav	未发现病毒	20170216
MicroWorld-eScan	未发现病毒	20170216
nProtect	未发现病毒	20170216
CMC	未发现病毒	20170216
CAT-QuickHeal	未发现病毒	20170216
McAfee	未发现病毒	20170216
Malwarebytes	未发现病毒	20170216
Zillya	未发现病毒	20170216
AegisLab	Troj.W32.Gen.lwSm	20170216
TheHacker	未发现病毒	20170215
K7GW	未发现病毒	20170216
K7AntiVirus	未发现病毒	20170216
Arcabit	未发现病毒	20170216
Invincea	trojan.win32.voinjet.a	20170203
Baidu	未发现病毒	20170216
F-Prot	W32/Agent.EW.gen!Eldorado	20170216
Symantec	Trojan.Gen.8	20170216
ESET-NOD32	未发现病毒	20170216
TrendMicro-HouseCall	未发现病毒	20170216
Avast	Win32:Evo-gen [Susp]	20170216
ClamAV	Win.Trojan.Parite-1385	20170216
GData	未发现病毒	20170216
Kaspersky	未发现病毒	20170216
BitDefender	未发现病毒	20170216
NANO-Antivirus	未发现病毒	20170216
ViRobot	未发现病毒	20170216
Tencent	未发现病毒	20170216
Ad-Aware	未发现病毒	20170216
Emsisoft	未发现病毒	20170216
Comodo	Worm.Win32.Dropper.RA	20170216
F-Secure	Trojan:W32/DelfInject.R	20170216
DrWeb	未发现病毒	20170216
VIPRE	未发现病毒	20170216
TrendMicro	未发现病毒	20170216
McAfee-GW-Edition	BehavesLike.Win32.Generic.th	20170216
Sophos	未发现病毒	20170216
Cyren	W32/Agent.EW.gen!Eldorado	20170216
Jiangmin	未发现病毒	20170216
Webroot	未发现病毒	20170216
Avira	未发现病毒	20170216
Antiy-AVL	未发现病毒	20170216
Kingsoft	未发现病毒	20170216
Endgame	malicious (high confidence)	20170216
SUPERAntiSpyware	未发现病毒	20170216
Microsoft	未发现病毒	20170216
AhnLab-V3	未发现病毒	20170216
ALYac	未发现病毒	20170216
AVware	未发现病毒	20170216
VBA32	未发现病毒	20170216
Zoner	未发现病毒	20170216
Rising	未发现病毒	20170216
Yandex	未发现病毒	20170215
Ikarus	Trojan.Rootkit.Gen2	20170216
Fortinet	未发现病毒	20170216
AVG	未发现病毒	20170216
Panda	未发现病毒	20170216
CrowdStrike	malicious_confidence_100% (W)	20170130
Qihoo-360	未发现病毒	20170216

进程树

____________.exe id: 2880

搜索
____________.exe (2880)

____________.exe, PID: 2880, 上一级进程 PID: 2680

缺省注册表文件系统网络进程线程服务设备同步加密浏览器全部

下载PCAP包

访问主机纪录 (可点击查询WPING实时安全评级)

直接	IP	安全评级
否	58.215.145.188	中国
否	45.124.125.44	中国
否	42.120.219.93	中国
否	222.73.144.174	中国
否	222.73.134.43	中国
否	218.92.226.45	中国
否	14.29.32.170	中国
是	125.88.187.127	中国
否	125.132.149.154	韩国
否	123.207.116.58	中国
否	114.80.130.88	中国
否	104.18.54.118	美国

TCP

源地址	源端口	目标地址	目标端口
192.168.122.203	49168	104.18.54.118 www.mnting101.com	80
192.168.122.203	49174	114.80.130.88 pv.sohu.com	80
192.168.122.203	49164	123.207.116.58 m.hascosafety.com	88
192.168.122.203	49166	123.207.116.58 m.hascosafety.com	88
192.168.122.203	49183	125.132.149.154 cdns.xiuchang888.com	80
192.168.122.203	49192	125.132.149.154 cdns.xiuchang888.com	80
192.168.122.203	49193	125.132.149.154 cdns.xiuchang888.com	80
192.168.122.203	49194	125.132.149.154 cdns.xiuchang888.com	80
192.168.122.203	49195	125.132.149.154 cdns.xiuchang888.com	80
192.168.122.203	49196	125.132.149.154 cdns.xiuchang888.com	80
192.168.122.203	49185	125.88.187.127	843
192.168.122.203	49190	125.88.187.127	1056
192.168.122.203	49191	125.88.187.127	1056
192.168.122.203	49162	14.29.32.170 down.ku122.com	80
192.168.122.203	49175	218.92.226.45 abc.maikexunsh.com	80
192.168.122.203	49176	218.92.226.45 abc.maikexunsh.com	80
192.168.122.203	49177	218.92.226.45 abc.maikexunsh.com	80
192.168.122.203	49178	218.92.226.45 abc.maikexunsh.com	80
192.168.122.203	49179	218.92.226.45 abc.maikexunsh.com	80
192.168.122.203	49180	218.92.226.45 abc.maikexunsh.com	80
192.168.122.203	49243	218.92.226.45 abc.maikexunsh.com	80
192.168.122.203	49244	218.92.226.45 abc.maikexunsh.com	80
192.168.122.203	49245	218.92.226.45 abc.maikexunsh.com	80
192.168.122.203	49167	222.73.134.43 s22.cnzz.com	80
192.168.122.203	49163	222.73.144.174 www.baiasp.com	80
192.168.122.203	49169	42.120.219.93 hzs1.cnzz.com	80
192.168.122.203	49197	45.124.125.44 xyzabcrtmp.yjyc-ask.com	1935
192.168.122.203	49170	58.215.145.188 s22.cnzz.com	80

UDP

源地址	源端口	目标地址	目标端口
192.168.122.203	49479	192.168.122.1	53
192.168.122.203	51301	192.168.122.1	53
192.168.122.203	52175	192.168.122.1	53
192.168.122.203	52531	192.168.122.1	53
192.168.122.203	56620	192.168.122.1	53
192.168.122.203	57489	192.168.122.1	53
192.168.122.203	57528	192.168.122.1	53
192.168.122.203	57595	192.168.122.1	53
192.168.122.203	61025	192.168.122.1	53
192.168.122.203	61372	192.168.122.1	53
192.168.122.203	63184	192.168.122.1	53
192.168.122.203	64896	192.168.122.1	53

域名解析 (可点击查询WPING实时安全评级)

域名	安全评级	响应
down.ku122.com	A 14.29.32.170
www.baiasp.com	A 222.73.144.174
m.hascosafety.com	A 123.207.116.58
dddddd.diaobanstudio.com
s22.cnzz.com	A 222.73.134.43 CNAME all.cnzz.com.danuoyi.tbcache.com A 58.215.145.188 A 222.73.134.44 CNAME c.cnzz.com
www.mnting101.com	A 104.18.54.118 CNAME xxzx.lgtxc888.com A 104.18.55.118
hzs1.cnzz.com	CNAME z.cnzz.com CNAME z1.cnzz.com CNAME z.gds.cnzz.com A 42.120.219.93
c.cnzz.com
abc.maikexunsh.com	CNAME 1stcncloudc.cloud.ourwebpic.com CNAME 8vienysjqaw4nh.wscloudcdn.com A 218.92.226.46 CNAME 5ec10409.cdn.ucloud.com.cn A 218.92.226.45
pv.sohu.com	A 114.80.130.88 CNAME f7sh.a.sohu.com A 114.80.130.89 CNAME gd.a.sohu.com A 114.80.130.91 A 114.80.130.90 A 114.80.130.93 A 114.80.130.92
cdns.xiuchang888.com	A 125.132.149.154
xyzabcrtmp.yjyc-ask.com	CNAME im5t4fufi82ige.wscloudcdn.com A 183.134.14.23 CNAME pulll0111.fmscachepull.ourdvs.com A 45.124.125.44 CNAME 1b19649b.rtmp.ucloud.com.cn A 45.124.125.33

TCP

源地址	源端口	目标地址	目标端口
192.168.122.203	49168	104.18.54.118 www.mnting101.com	80
192.168.122.203	49174	114.80.130.88 pv.sohu.com	80
192.168.122.203	49164	123.207.116.58 m.hascosafety.com	88
192.168.122.203	49166	123.207.116.58 m.hascosafety.com	88
192.168.122.203	49183	125.132.149.154 cdns.xiuchang888.com	80
192.168.122.203	49192	125.132.149.154 cdns.xiuchang888.com	80
192.168.122.203	49193	125.132.149.154 cdns.xiuchang888.com	80
192.168.122.203	49194	125.132.149.154 cdns.xiuchang888.com	80
192.168.122.203	49195	125.132.149.154 cdns.xiuchang888.com	80
192.168.122.203	49196	125.132.149.154 cdns.xiuchang888.com	80
192.168.122.203	49185	125.88.187.127	843
192.168.122.203	49190	125.88.187.127	1056
192.168.122.203	49191	125.88.187.127	1056
192.168.122.203	49162	14.29.32.170 down.ku122.com	80
192.168.122.203	49175	218.92.226.45 abc.maikexunsh.com	80
192.168.122.203	49176	218.92.226.45 abc.maikexunsh.com	80
192.168.122.203	49177	218.92.226.45 abc.maikexunsh.com	80
192.168.122.203	49178	218.92.226.45 abc.maikexunsh.com	80
192.168.122.203	49179	218.92.226.45 abc.maikexunsh.com	80
192.168.122.203	49180	218.92.226.45 abc.maikexunsh.com	80
192.168.122.203	49243	218.92.226.45 abc.maikexunsh.com	80
192.168.122.203	49244	218.92.226.45 abc.maikexunsh.com	80
192.168.122.203	49245	218.92.226.45 abc.maikexunsh.com	80
192.168.122.203	49167	222.73.134.43 s22.cnzz.com	80
192.168.122.203	49163	222.73.144.174 www.baiasp.com	80
192.168.122.203	49169	42.120.219.93 hzs1.cnzz.com	80
192.168.122.203	49197	45.124.125.44 xyzabcrtmp.yjyc-ask.com	1935
192.168.122.203	49170	58.215.145.188 s22.cnzz.com	80

UDP

源地址	源端口	目标地址	目标端口
192.168.122.203	49479	192.168.122.1	53
192.168.122.203	51301	192.168.122.1	53
192.168.122.203	52175	192.168.122.1	53
192.168.122.203	52531	192.168.122.1	53
192.168.122.203	56620	192.168.122.1	53
192.168.122.203	57489	192.168.122.1	53
192.168.122.203	57528	192.168.122.1	53
192.168.122.203	57595	192.168.122.1	53
192.168.122.203	61025	192.168.122.1	53
192.168.122.203	61372	192.168.122.1	53
192.168.122.203	63184	192.168.122.1	53
192.168.122.203	64896	192.168.122.1	53

HTTP 请求

URI	HTTP数据
URL专业沙箱检测 -> http://down.ku122.com/\xba\xd8\xc4\xea\xd7\xd4\xb6\xaf\xb8\xfc\xd0\xc2.txt	GET /\xba\xd8\xc4\xea\xd7\xd4\xb6\xaf\xb8\xfc\xd0\xc2.txt HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Accept: / Host: down.ku122.com Cache-Control: no-cache
URL专业沙箱检测 -> http://www.baiasp.com/tlrwp2.html?crack	GET /tlrwp2.html?crack HTTP/1.1 Accept: / Accept-Language: zh-cn Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) Host: www.baiasp.com Connection: Keep-Alive
URL专业沙箱检测 -> http://m.hascosafety.com:88/s.php?id=159	GET /s.php?id=159 HTTP/1.1 Accept: / Referer: http://www.baiasp.com/tlrwp2.html?crack Accept-Language: zh-CN Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) Host: m.hascosafety.com:88 Connection: Keep-Alive
URL专业沙箱检测 -> http://dddddd.diaobanstudio.com:88/c.php?s=JnpvbmVpZD0xNTkmc2l0ZWlkPTE1JnVpZD0xMjkzJmFkc2lkPTMwNiZwbGFuaWQ9MTA4JnBsYW50eXBlPWNwbSZ1cmw9aHR0cCUzQSUyRiUyRnd3dy5tbnRpbmcxMDEuY29tJTJGdGltZXYlMkZhZF9tb2RlLmh0bWwmdnRpbWU9MjAxNy0wMi0xOCAyMDowODoyNCZpcD0xMTYuMjMwLjIxOC4yMTk=;4cd58fb0f14410ea3513f35a04dd1d75;&p=aj0xJm09MCZmPTI0LjAuMC4xOTQmcj0mdT1odHRwJTNBJTJGJTJGd3d3LmJhaWFzcC5jb20lMkZ0bHJ3cDIuaHRtbCUzRmNyYWNrJnJlcz04MDB4NjAwJnQ9Jmw9emgtY24mYz0xJmg9OTYmc2U9MA==	GET /c.php?s=JnpvbmVpZD0xNTkmc2l0ZWlkPTE1JnVpZD0xMjkzJmFkc2lkPTMwNiZwbGFuaWQ9MTA4JnBsYW50eXBlPWNwbSZ1cmw9aHR0cCUzQSUyRiUyRnd3dy5tbnRpbmcxMDEuY29tJTJGdGltZXYlMkZhZF9tb2RlLmh0bWwmdnRpbWU9MjAxNy0wMi0xOCAyMDowODoyNCZpcD0xMTYuMjMwLjIxOC4yMTk=;4cd58fb0f14410ea3513f35a04dd1d75;&p=aj0xJm09MCZmPTI0LjAuMC4xOTQmcj0mdT1odHRwJTNBJTJGJTJGd3d3LmJhaWFzcC5jb20lMkZ0bHJ3cDIuaHRtbCUzRmNyYWNrJnJlcz04MDB4NjAwJnQ9Jmw9emgtY24mYz0xJmg9OTYmc2U9MA== HTTP/1.1 Accept: / Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: dddddd.diaobanstudio.com:88 Connection: Keep-Alive
URL专业沙箱检测 -> http://s22.cnzz.com/stat.php?id=4616976	GET /stat.php?id=4616976 HTTP/1.1 Accept: / Referer: http://www.baiasp.com/tlrwp2.html?crack Accept-Language: zh-CN Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) Host: s22.cnzz.com Connection: Keep-Alive
URL专业沙箱检测 -> http://hzs1.cnzz.com/stat.htm?id=4616976&r=&lg=zh-cn&ntime=none&cnzz_eid=968729039-1487419151-&showp=800x600&t=&h=1&rnd=738687017	GET /stat.htm?id=4616976&r=&lg=zh-cn&ntime=none&cnzz_eid=968729039-1487419151-&showp=800x600&t=&h=1&rnd=738687017 HTTP/1.1 Accept: / Referer: http://www.baiasp.com/tlrwp2.html?crack Accept-Language: zh-CN Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) Host: hzs1.cnzz.com Connection: Keep-Alive
URL专业沙箱检测 -> http://c.cnzz.com/core.php?web_id=4616976&t=z	GET /core.php?web_id=4616976&t=z HTTP/1.1 Accept: / Referer: http://www.baiasp.com/tlrwp2.html?crack Accept-Language: zh-CN Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) Host: c.cnzz.com Connection: Keep-Alive
URL专业沙箱检测 -> http://www.mnting101.com/timev/ad_mode.html	GET /timev/ad_mode.html HTTP/1.1 Accept: / Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.mnting101.com Connection: Keep-Alive
URL专业沙箱检测 -> http://www.mnting101.com/100054	GET /100054 HTTP/1.1 Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, / Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: www.mnting101.com Connection: Keep-Alive Cookie: __cfduid=da1162f415dc8f88b41d559064bc339511487419714
URL专业沙箱检测 -> http://pv.sohu.com/cityjson?ie=utf-8	GET /cityjson?ie=utf-8 HTTP/1.1 Accept: / Referer: http://www.mnting101.com/100054 Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: pv.sohu.com Connection: Keep-Alive
URL专业沙箱检测 -> http://abc.maikexunsh.com/static/js/filterRegion.js?v=1.0.0	GET /static/js/filterRegion.js?v=1.0.0 HTTP/1.1 Accept: / Referer: http://www.mnting101.com/100054 Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: abc.maikexunsh.com Connection: Keep-Alive
URL专业沙箱检测 -> http://abc.maikexunsh.com/static/page/js/bootstrap.min.js?v=1.2.17	GET /static/page/js/bootstrap.min.js?v=1.2.17 HTTP/1.1 Accept: / Referer: http://www.mnting101.com/100054 Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: abc.maikexunsh.com Connection: Keep-Alive
URL专业沙箱检测 -> http://abc.maikexunsh.com/static/page/js/config.js?v=1.2.17	GET /static/page/js/config.js?v=1.2.17 HTTP/1.1 Accept: / Referer: http://www.mnting101.com/100054 Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: abc.maikexunsh.com Connection: Keep-Alive
URL专业沙箱检测 -> http://abc.maikexunsh.com/static/page/js/jquery.cookie.js?v=1.2.17	GET /static/page/js/jquery.cookie.js?v=1.2.17 HTTP/1.1 Accept: / Referer: http://www.mnting101.com/100054 Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: abc.maikexunsh.com Connection: Keep-Alive
URL专业沙箱检测 -> http://abc.maikexunsh.com/static/page/js/jquery-1.10.2.min.js?v=1.2.17	GET /static/page/js/jquery-1.10.2.min.js?v=1.2.17 HTTP/1.1 Accept: / Referer: http://www.mnting101.com/100054 Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: abc.maikexunsh.com Connection: Keep-Alive
URL专业沙箱检测 -> http://abc.maikexunsh.com/static/room/flashobject.js?v=1.2.17	GET /static/room/flashobject.js?v=1.2.17 HTTP/1.1 Accept: / Referer: http://www.mnting101.com/100054 Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: abc.maikexunsh.com Connection: Keep-Alive
URL专业沙箱检测 -> http://abc.maikexunsh.com/static/page/layer/layer.js?v=1.2.17	GET /static/page/layer/layer.js?v=1.2.17 HTTP/1.1 Accept: / Referer: http://www.mnting101.com/100054 Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: abc.maikexunsh.com Connection: Keep-Alive
URL专业沙箱检测 -> http://abc.maikexunsh.com/static/room/swfobject_modified.js?v=1.2.17	GET /static/room/swfobject_modified.js?v=1.2.17 HTTP/1.1 Accept: / Referer: http://www.mnting101.com/100054 Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: abc.maikexunsh.com Connection: Keep-Alive
URL专业沙箱检测 -> http://abc.maikexunsh.com/static/page/layer/skin/layer.css	GET /static/page/layer/skin/layer.css HTTP/1.1 Accept: / Referer: http://www.mnting101.com/100054 Accept-Language: zh-CN User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: abc.maikexunsh.com Connection: Keep-Alive
URL专业沙箱检测 -> http://www.mnting101.com/favicon.ico	GET /favicon.ico HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) Host: www.mnting101.com Connection: Keep-Alive Cookie: __cfduid=da1162f415dc8f88b41d559064bc339511487419714; JSESSIONID=2C9375861802D3755D295E7F142C01F1
URL专业沙箱检测 -> http://abc.maikexunsh.com/static/room/load_preloader.swf?1.2.17	GET /static/room/load_preloader.swf?1.2.17 HTTP/1.1 Accept: / Accept-Language: zh-CN Referer: http://www.mnting101.com/100054 x-flash-version: 24,0,0,194 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) Host: abc.maikexunsh.com Connection: Keep-Alive
URL专业沙箱检测 -> http://abc.maikexunsh.com/static/room/xmls/config.xml?1.2.17	GET /static/room/xmls/config.xml?1.2.17 HTTP/1.1 Accept: / Accept-Language: zh-CN Referer: http://abc.maikexunsh.com/static/room/load_preloader.swf?1.2.17 x-flash-version: 24,0,0,194 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) Host: abc.maikexunsh.com Connection: Keep-Alive
URL专业沙箱检测 -> http://abc.maikexunsh.com/static/room/apps/videoView.swf?1.2.17	GET /static/room/apps/videoView.swf?1.2.17 HTTP/1.1 Accept: / Accept-Language: zh-CN Referer: http://abc.maikexunsh.com/static/room/load_preloader.swf?1.2.17 x-flash-version: 24,0,0,194 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) Host: abc.maikexunsh.com Connection: Keep-Alive
URL专业沙箱检测 -> http://abc.maikexunsh.com/static/room/apps/skin.swf?1.2.17	GET /static/room/apps/skin.swf?1.2.17 HTTP/1.1 Accept: / Accept-Language: zh-CN Referer: http://abc.maikexunsh.com/static/room/load_preloader.swf?1.2.17 x-flash-version: 24,0,0,194 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) Host: abc.maikexunsh.com Connection: Keep-Alive
URL专业沙箱检测 -> http://abc.maikexunsh.com/static/room/apps/videoModule.swf?1.2.17	GET /static/room/apps/videoModule.swf?1.2.17 HTTP/1.1 Accept: / Accept-Language: zh-CN Referer: http://abc.maikexunsh.com/static/room/load_preloader.swf?1.2.17 x-flash-version: 24,0,0,194 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) Host: abc.maikexunsh.com Connection: Keep-Alive
URL专业沙箱检测 -> http://abc.maikexunsh.com/static/room/apps/MenuBar.swf?1.2.17	GET /static/room/apps/MenuBar.swf?1.2.17 HTTP/1.1 Accept: / Accept-Language: zh-CN Referer: http://abc.maikexunsh.com/static/room/load_preloader.swf?1.2.17 x-flash-version: 24,0,0,194 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) Host: abc.maikexunsh.com Connection: Keep-Alive
URL专业沙箱检测 -> http://abc.maikexunsh.com/static/room/apps/roomModule.swf?1.2.17	GET /static/room/apps/roomModule.swf?1.2.17 HTTP/1.1 Accept: / Accept-Language: zh-CN Referer: http://abc.maikexunsh.com/static/room/load_preloader.swf?1.2.17 x-flash-version: 24,0,0,194 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) Host: abc.maikexunsh.com Connection: Keep-Alive
URL专业沙箱检测 -> http://abc.maikexunsh.com/static/room/apps/listModule.swf?1.2.17	GET /static/room/apps/listModule.swf?1.2.17 HTTP/1.1 Accept: / Accept-Language: zh-CN Referer: http://abc.maikexunsh.com/static/room/load_preloader.swf?1.2.17 x-flash-version: 24,0,0,194 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) Host: abc.maikexunsh.com Connection: Keep-Alive
URL专业沙箱检测 -> http://abc.maikexunsh.com/static/room/apps/giftModule.swf?1.2.17	GET /static/room/apps/giftModule.swf?1.2.17 HTTP/1.1 Accept: / Accept-Language: zh-CN Referer: http://abc.maikexunsh.com/static/room/load_preloader.swf?1.2.17 x-flash-version: 24,0,0,194 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) Host: abc.maikexunsh.com Connection: Keep-Alive
URL专业沙箱检测 -> http://abc.maikexunsh.com/static/room/apps/exp.swf?1.2.17	GET /static/room/apps/exp.swf?1.2.17 HTTP/1.1 Accept: / Accept-Language: zh-CN Referer: http://abc.maikexunsh.com/static/room/load_preloader.swf?1.2.17 x-flash-version: 24,0,0,194 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) Host: abc.maikexunsh.com Connection: Keep-Alive
URL专业沙箱检测 -> http://abc.maikexunsh.com/static/room/apps/giftIcons.swf?1.2.17	GET /static/room/apps/giftIcons.swf?1.2.17 HTTP/1.1 Accept: / Accept-Language: zh-CN Referer: http://abc.maikexunsh.com/static/room/load_preloader.swf?1.2.17 x-flash-version: 24,0,0,194 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) Host: abc.maikexunsh.com Connection: Keep-Alive
URL专业沙箱检测 -> http://abc.maikexunsh.com/static/room/apps/iconGroup.swf?1.2.17	GET /static/room/apps/iconGroup.swf?1.2.17 HTTP/1.1 Accept: / Accept-Language: zh-CN Referer: http://abc.maikexunsh.com/static/room/load_preloader.swf?1.2.17 x-flash-version: 24,0,0,194 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) Host: abc.maikexunsh.com Connection: Keep-Alive
URL专业沙箱检测 -> http://cdns.xiuchang888.com/crossdomain.xml	GET /crossdomain.xml HTTP/1.1 Accept: / Accept-Language: zh-CN x-flash-version: 24,0,0,194 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) Host: cdns.xiuchang888.com Connection: Keep-Alive
URL专业沙箱检测 -> http://abc.maikexunsh.com/static/room/apps/rightMenu.swf?1.2.17	GET /static/room/apps/rightMenu.swf?1.2.17 HTTP/1.1 Accept: / Accept-Language: zh-CN Referer: http://abc.maikexunsh.com/static/room/load_preloader.swf?1.2.17 x-flash-version: 24,0,0,194 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) Host: abc.maikexunsh.com Connection: Keep-Alive
URL专业沙箱检测 -> http://cdns.xiuchang888.com/video_rest/room_load/login?login_key=&1.2.17	GET /video_rest/room_load/login?login_key=&1.2.17 HTTP/1.1 Accept: / Accept-Language: zh-CN Referer: http://abc.maikexunsh.com/static/room/load_preloader.swf?1.2.17 x-flash-version: 24,0,0,194 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) Host: cdns.xiuchang888.com Connection: Keep-Alive
URL专业沙箱检测 -> http://abc.maikexunsh.com/static/room/apps/chatModule.swf?1.2.17	GET /static/room/apps/chatModule.swf?1.2.17 HTTP/1.1 Accept: / Accept-Language: zh-CN Referer: http://abc.maikexunsh.com/static/room/load_preloader.swf?1.2.17 x-flash-version: 24,0,0,194 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) Host: abc.maikexunsh.com Connection: Keep-Alive
URL专业沙箱检测 -> http://abc.maikexunsh.com/static/room/xmls/gift.xml?login_key=&1.2.17	GET /static/room/xmls/gift.xml?login_key=&1.2.17 HTTP/1.1 Accept: / Accept-Language: zh-CN Referer: http://abc.maikexunsh.com/static/room/load_preloader.swf?1.2.17 x-flash-version: 24,0,0,194 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) Host: abc.maikexunsh.com Connection: Keep-Alive
URL专业沙箱检测 -> http://abc.maikexunsh.com/static/room/xmls/iconGroup.xml	GET /static/room/xmls/iconGroup.xml HTTP/1.1 Accept: / Accept-Language: zh-CN Referer: http://abc.maikexunsh.com/static/room/apps/iconGroup.swf?1.2.17 x-flash-version: 24,0,0,194 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) Host: abc.maikexunsh.com Connection: Keep-Alive
URL专业沙箱检测 -> http://abc.maikexunsh.com/static/room/gift/gift_icon/100001.png	GET /static/room/gift/gift_icon/100001.png HTTP/1.1 Accept: / Accept-Language: zh-CN Referer: http://abc.maikexunsh.com/static/room/apps/giftModule.swf?1.2.17 x-flash-version: 24,0,0,194 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) Host: abc.maikexunsh.com Connection: Keep-Alive
URL专业沙箱检测 -> http://abc.maikexunsh.com/static/room/gift/gift_icon/100002.png	GET /static/room/gift/gift_icon/100002.png HTTP/1.1 Accept: / Accept-Language: zh-CN Referer: http://abc.maikexunsh.com/static/room/apps/giftModule.swf?1.2.17 x-flash-version: 24,0,0,194 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) Host: abc.maikexunsh.com Connection: Keep-Alive
URL专业沙箱检测 -> http://abc.maikexunsh.com/static/room/gift/gift_icon/100003.png	GET /static/room/gift/gift_icon/100003.png HTTP/1.1 Accept: / Accept-Language: zh-CN Referer: http://abc.maikexunsh.com/static/room/apps/giftModule.swf?1.2.17 x-flash-version: 24,0,0,194 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) Host: abc.maikexunsh.com Connection: Keep-Alive
URL专业沙箱检测 -> http://abc.maikexunsh.com/static/room/gift/gift_icon/100004.png	GET /static/room/gift/gift_icon/100004.png HTTP/1.1 Accept: / Accept-Language: zh-CN Referer: http://abc.maikexunsh.com/static/room/apps/giftModule.swf?1.2.17 x-flash-version: 24,0,0,194 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) Host: abc.maikexunsh.com Connection: Keep-Alive
URL专业沙箱检测 -> http://abc.maikexunsh.com/static/room/gift/gift_icon/100005.png	GET /static/room/gift/gift_icon/100005.png HTTP/1.1 Accept: / Accept-Language: zh-CN Referer: http://abc.maikexunsh.com/static/room/apps/giftModule.swf?1.2.17 x-flash-version: 24,0,0,194 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) Host: abc.maikexunsh.com Connection: Keep-Alive
URL专业沙箱检测 -> http://abc.maikexunsh.com/static/room/gift/gift_icon/100006.png	GET /static/room/gift/gift_icon/100006.png HTTP/1.1 Accept: / Accept-Language: zh-CN Referer: http://abc.maikexunsh.com/static/room/apps/giftModule.swf?1.2.17 x-flash-version: 24,0,0,194 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) Host: abc.maikexunsh.com Connection: Keep-Alive
URL专业沙箱检测 -> http://abc.maikexunsh.com/static/room/gift/gift_icon/100008.png	GET /static/room/gift/gift_icon/100008.png HTTP/1.1 Accept: / Accept-Language: zh-CN Referer: http://abc.maikexunsh.com/static/room/apps/giftModule.swf?1.2.17 x-flash-version: 24,0,0,194 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) Host: abc.maikexunsh.com Connection: Keep-Alive
URL专业沙箱检测 -> http://abc.maikexunsh.com/static/room/gift/gift_icon/100007.png	GET /static/room/gift/gift_icon/100007.png HTTP/1.1 Accept: / Accept-Language: zh-CN Referer: http://abc.maikexunsh.com/static/room/apps/giftModule.swf?1.2.17 x-flash-version: 24,0,0,194 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) Host: abc.maikexunsh.com Connection: Keep-Alive
URL专业沙箱检测 -> http://abc.maikexunsh.com/static/room/gift/gift_icon/100009.png	GET /static/room/gift/gift_icon/100009.png HTTP/1.1 Accept: / Accept-Language: zh-CN Referer: http://abc.maikexunsh.com/static/room/apps/giftModule.swf?1.2.17 x-flash-version: 24,0,0,194 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) Host: abc.maikexunsh.com Connection: Keep-Alive
URL专业沙箱检测 -> http://abc.maikexunsh.com/static/room/gift/gift_icon/100010.png	GET /static/room/gift/gift_icon/100010.png HTTP/1.1 Accept: / Accept-Language: zh-CN Referer: http://abc.maikexunsh.com/static/room/apps/giftModule.swf?1.2.17 x-flash-version: 24,0,0,194 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) Host: abc.maikexunsh.com Connection: Keep-Alive
URL专业沙箱检测 -> http://abc.maikexunsh.com/static/room/gift/gift_icon/100011.png	GET /static/room/gift/gift_icon/100011.png HTTP/1.1 Accept: / Accept-Language: zh-CN Referer: http://abc.maikexunsh.com/static/room/apps/giftModule.swf?1.2.17 x-flash-version: 24,0,0,194 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) Host: abc.maikexunsh.com Connection: Keep-Alive
URL专业沙箱检测 -> http://abc.maikexunsh.com/static/room/gift/gift_icon/100012.png	GET /static/room/gift/gift_icon/100012.png HTTP/1.1 Accept: / Accept-Language: zh-CN Referer: http://abc.maikexunsh.com/static/room/apps/giftModule.swf?1.2.17 x-flash-version: 24,0,0,194 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) Host: abc.maikexunsh.com Connection: Keep-Alive
URL专业沙箱检测 -> http://abc.maikexunsh.com/static/room/gift/gift_icon/100013.png	GET /static/room/gift/gift_icon/100013.png HTTP/1.1 Accept: / Accept-Language: zh-CN Referer: http://abc.maikexunsh.com/static/room/apps/giftModule.swf?1.2.17 x-flash-version: 24,0,0,194 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) Host: abc.maikexunsh.com Connection: Keep-Alive
URL专业沙箱检测 -> http://abc.maikexunsh.com/static/room/gift/gift_icon/100014.png	GET /static/room/gift/gift_icon/100014.png HTTP/1.1 Accept: / Accept-Language: zh-CN Referer: http://abc.maikexunsh.com/static/room/apps/giftModule.swf?1.2.17 x-flash-version: 24,0,0,194 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) Host: abc.maikexunsh.com Connection: Keep-Alive
URL专业沙箱检测 -> http://abc.maikexunsh.com/static/room/gift/gift_icon/100015.png	GET /static/room/gift/gift_icon/100015.png HTTP/1.1 Accept: / Accept-Language: zh-CN Referer: http://abc.maikexunsh.com/static/room/apps/giftModule.swf?1.2.17 x-flash-version: 24,0,0,194 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) Host: abc.maikexunsh.com Connection: Keep-Alive
URL专业沙箱检测 -> http://abc.maikexunsh.com/static/room/gift/gift_icon/100016.png	GET /static/room/gift/gift_icon/100016.png HTTP/1.1 Accept: / Accept-Language: zh-CN Referer: http://abc.maikexunsh.com/static/room/apps/giftModule.swf?1.2.17 x-flash-version: 24,0,0,194 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) Host: abc.maikexunsh.com Connection: Keep-Alive
URL专业沙箱检测 -> http://abc.maikexunsh.com/static/room/gift/gift_icon/100017.png	GET /static/room/gift/gift_icon/100017.png HTTP/1.1 Accept: / Accept-Language: zh-CN Referer: http://abc.maikexunsh.com/static/room/apps/giftModule.swf?1.2.17 x-flash-version: 24,0,0,194 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) Host: abc.maikexunsh.com Connection: Keep-Alive
URL专业沙箱检测 -> http://abc.maikexunsh.com/static/room/gift/gift_icon/100018.png	GET /static/room/gift/gift_icon/100018.png HTTP/1.1 Accept: / Accept-Language: zh-CN Referer: http://abc.maikexunsh.com/static/room/apps/giftModule.swf?1.2.17 x-flash-version: 24,0,0,194 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) Host: abc.maikexunsh.com Connection: Keep-Alive
URL专业沙箱检测 -> http://abc.maikexunsh.com/static/room/gift/gift_icon/100020.png	GET /static/room/gift/gift_icon/100020.png HTTP/1.1 Accept: / Accept-Language: zh-CN Referer: http://abc.maikexunsh.com/static/room/apps/giftModule.swf?1.2.17 x-flash-version: 24,0,0,194 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) Host: abc.maikexunsh.com Connection: Keep-Alive
URL专业沙箱检测 -> http://abc.maikexunsh.com/static/room/gift/gift_icon/100019.png	GET /static/room/gift/gift_icon/100019.png HTTP/1.1 Accept: / Accept-Language: zh-CN Referer: http://abc.maikexunsh.com/static/room/apps/giftModule.swf?1.2.17 x-flash-version: 24,0,0,194 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) Host: abc.maikexunsh.com Connection: Keep-Alive
URL专业沙箱检测 -> http://abc.maikexunsh.com/static/room/images/icons/ico_home.png	GET /static/room/images/icons/ico_home.png HTTP/1.1 Accept: / Accept-Language: zh-CN Referer: http://abc.maikexunsh.com/static/room/apps/giftModule.swf?1.2.17 x-flash-version: 24,0,0,194 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) Host: abc.maikexunsh.com Connection: Keep-Alive
URL专业沙箱检测 -> http://abc.maikexunsh.com/static/room/images/icons/ico_qq.png	GET /static/room/images/icons/ico_qq.png HTTP/1.1 Accept: / Accept-Language: zh-CN Referer: http://abc.maikexunsh.com/static/room/apps/giftModule.swf?1.2.17 x-flash-version: 24,0,0,194 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) Host: abc.maikexunsh.com Connection: Keep-Alive
URL专业沙箱检测 -> http://abc.maikexunsh.com/static/room/images/icons/ico_hall.png	GET /static/room/images/icons/ico_hall.png HTTP/1.1 Accept: / Accept-Language: zh-CN Referer: http://abc.maikexunsh.com/static/room/apps/giftModule.swf?1.2.17 x-flash-version: 24,0,0,194 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) Host: abc.maikexunsh.com Connection: Keep-Alive
URL专业沙箱检测 -> http://abc.maikexunsh.com/static/room/images/icons/ico_rank.png	GET /static/room/images/icons/ico_rank.png HTTP/1.1 Accept: / Accept-Language: zh-CN Referer: http://abc.maikexunsh.com/static/room/apps/giftModule.swf?1.2.17 x-flash-version: 24,0,0,194 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) Host: abc.maikexunsh.com Connection: Keep-Alive
URL专业沙箱检测 -> http://abc.maikexunsh.com/static/room/images/icons/ico_game.png	GET /static/room/images/icons/ico_game.png HTTP/1.1 Accept: / Accept-Language: zh-CN Referer: http://abc.maikexunsh.com/static/room/apps/giftModule.swf?1.2.17 x-flash-version: 24,0,0,194 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) Host: abc.maikexunsh.com Connection: Keep-Alive
URL专业沙箱检测 -> http://abc.maikexunsh.com/static/room/images/icons/ico_app.png	GET /static/room/images/icons/ico_app.png HTTP/1.1 Accept: / Accept-Language: zh-CN Referer: http://abc.maikexunsh.com/static/room/apps/giftModule.swf?1.2.17 x-flash-version: 24,0,0,194 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) Host: abc.maikexunsh.com Connection: Keep-Alive
URL专业沙箱检测 -> http://abc.maikexunsh.com/static/room/images/bj.jpg	GET /static/room/images/bj.jpg HTTP/1.1 Accept: / Accept-Language: zh-CN Referer: http://abc.maikexunsh.com/static/room/apps/videoView.swf?1.2.17 x-flash-version: 24,0,0,194 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) Host: abc.maikexunsh.com Connection: Keep-Alive
URL专业沙箱检测 -> http://abc.maikexunsh.com/static/room/apps/videoNotice.swf?1.2.17	GET /static/room/apps/videoNotice.swf?1.2.17 HTTP/1.1 Accept: / Accept-Language: zh-CN Referer: http://abc.maikexunsh.com/static/room/load_preloader.swf?1.2.17 x-flash-version: 24,0,0,194 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) Host: abc.maikexunsh.com Connection: Keep-Alive
URL专业沙箱检测 -> http://abc.maikexunsh.com/static/room/apps/carListModule.swf?1.2.17	GET /static/room/apps/carListModule.swf?1.2.17 HTTP/1.1 Accept: / Accept-Language: zh-CN Referer: http://abc.maikexunsh.com/static/room/load_preloader.swf?1.2.17 x-flash-version: 24,0,0,194 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) Host: abc.maikexunsh.com Connection: Keep-Alive
URL专业沙箱检测 -> http://abc.maikexunsh.com/static/room/apps/nobleList.swf?1.2.17	GET /static/room/apps/nobleList.swf?1.2.17 HTTP/1.1 Accept: / Accept-Language: zh-CN Referer: http://abc.maikexunsh.com/static/room/load_preloader.swf?1.2.17 x-flash-version: 24,0,0,194 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) Host: abc.maikexunsh.com Connection: Keep-Alive
URL专业沙箱检测 -> http://abc.maikexunsh.com/static/room/apps/activityModule.swf?1.2.17	GET /static/room/apps/activityModule.swf?1.2.17 HTTP/1.1 Accept: / Accept-Language: zh-CN Referer: http://abc.maikexunsh.com/static/room/load_preloader.swf?1.2.17 x-flash-version: 24,0,0,194 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) Host: abc.maikexunsh.com Connection: Keep-Alive
URL专业沙箱检测 -> http://abc.maikexunsh.com/static/room/apps/otherModule.swf?1.2.17	GET /static/room/apps/otherModule.swf?1.2.17 HTTP/1.1 Accept: / Accept-Language: zh-CN Referer: http://abc.maikexunsh.com/static/room/load_preloader.swf?1.2.17 x-flash-version: 24,0,0,194 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) Host: abc.maikexunsh.com Connection: Keep-Alive
URL专业沙箱检测 -> http://abc.maikexunsh.com/static/room/apps/heartGame.swf?1.2.17	GET /static/room/apps/heartGame.swf?1.2.17 HTTP/1.1 Accept: / Accept-Language: zh-CN Referer: http://abc.maikexunsh.com/static/room/load_preloader.swf?1.2.17 x-flash-version: 24,0,0,194 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) Host: abc.maikexunsh.com Connection: Keep-Alive
URL专业沙箱检测 -> http://cdns.xiuchang888.com/video_rest/video/img/get_cover?uid=44542&login_key=	GET /video_rest/video/img/get_cover?uid=44542&login_key= HTTP/1.1 Accept: / Accept-Language: zh-CN Referer: http://abc.maikexunsh.com/static/room/apps/giftModule.swf?1.2.17 x-flash-version: 24,0,0,194 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) Host: cdns.xiuchang888.com Connection: Keep-Alive
URL专业沙箱检测 -> http://abc.maikexunsh.com/static/room/car/icon/10007.png?login_key=	GET /static/room/car/icon/10007.png?login_key= HTTP/1.1 Accept: / Accept-Language: zh-CN Referer: http://abc.maikexunsh.com/static/room/apps/giftModule.swf?1.2.17 x-flash-version: 24,0,0,194 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) Host: abc.maikexunsh.com Connection: Keep-Alive
URL专业沙箱检测 -> http://cdns.xiuchang888.com/video_rest/video/img/get_cover?uid=1058893&login_key=	GET /video_rest/video/img/get_cover?uid=1058893&login_key= HTTP/1.1 Accept: / Accept-Language: zh-CN Referer: http://abc.maikexunsh.com/static/room/apps/giftModule.swf?1.2.17 x-flash-version: 24,0,0,194 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) Host: cdns.xiuchang888.com Connection: Keep-Alive
URL专业沙箱检测 -> http://www.mnting101.com/video_rest/follow/status?uid=100054&login_key=	GET /video_rest/follow/status?uid=100054&login_key= HTTP/1.1 x-requested-with: XMLHttpRequest Accept-Language: zh-cn Referer: http://www.mnting101.com/100054 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) Host: www.mnting101.com Connection: Keep-Alive Cookie: __cfduid=da1162f415dc8f88b41d559064bc339511487419714; JSESSIONID=2C9375861802D3755D295E7F142C01F1
URL专业沙箱检测 -> http://cdns.xiuchang888.com/video_rest/video/img/get_cover?uid=110365&login_key=	GET /video_rest/video/img/get_cover?uid=110365&login_key= HTTP/1.1 Accept: / Accept-Language: zh-CN Referer: http://abc.maikexunsh.com/static/room/apps/giftModule.swf?1.2.17 x-flash-version: 24,0,0,194 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) Host: cdns.xiuchang888.com Connection: Keep-Alive
URL专业沙箱检测 -> http://cdns.xiuchang888.com/video_rest/video/img/get_cover?uid=1242525&login_key=	GET /video_rest/video/img/get_cover?uid=1242525&login_key= HTTP/1.1 Accept: / Accept-Language: zh-CN Referer: http://abc.maikexunsh.com/static/room/apps/giftModule.swf?1.2.17 x-flash-version: 24,0,0,194 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) Host: cdns.xiuchang888.com Connection: Keep-Alive
URL专业沙箱检测 -> http://cdns.xiuchang888.com/video_rest/video/img/get_cover?uid=1050776&login_key=	GET /video_rest/video/img/get_cover?uid=1050776&login_key= HTTP/1.1 Accept: / Accept-Language: zh-CN Referer: http://abc.maikexunsh.com/static/room/apps/giftModule.swf?1.2.17 x-flash-version: 24,0,0,194 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) Host: cdns.xiuchang888.com Connection: Keep-Alive
URL专业沙箱检测 -> http://cdns.xiuchang888.com/video_rest/video/img/get_cover?uid=100021&login_key=	GET /video_rest/video/img/get_cover?uid=100021&login_key= HTTP/1.1 Accept: / Accept-Language: zh-CN Referer: http://abc.maikexunsh.com/static/room/apps/giftModule.swf?1.2.17 x-flash-version: 24,0,0,194 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) Host: cdns.xiuchang888.com Connection: Keep-Alive
URL专业沙箱检测 -> http://cdns.xiuchang888.com/video_rest/video/img/get_cover?uid=100054&login_key=	GET /video_rest/video/img/get_cover?uid=100054&login_key= HTTP/1.1 Accept: / Accept-Language: zh-CN Referer: http://abc.maikexunsh.com/static/room/apps/giftModule.swf?1.2.17 x-flash-version: 24,0,0,194 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) Host: cdns.xiuchang888.com Connection: Keep-Alive
URL专业沙箱检测 -> http://cdns.xiuchang888.com/video_rest/video/img/get_cover?uid=1175158&login_key=	GET /video_rest/video/img/get_cover?uid=1175158&login_key= HTTP/1.1 Accept: / Accept-Language: zh-CN Referer: http://abc.maikexunsh.com/static/room/apps/giftModule.swf?1.2.17 x-flash-version: 24,0,0,194 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) Host: cdns.xiuchang888.com Connection: Keep-Alive
URL专业沙箱检测 -> http://abc.maikexunsh.com/static/room/car/icon/10007.png?login_key=	GET /static/room/car/icon/10007.png?login_key= HTTP/1.1 Accept: / Accept-Language: zh-CN Referer: http://abc.maikexunsh.com/static/room/apps/giftModule.swf?1.2.17 x-flash-version: 24,0,0,194 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) If-Modified-Since: Mon, 30 Jan 2017 12:37:19 GMT If-None-Match: "588f337f-136a" Host: abc.maikexunsh.com Connection: Keep-Alive
URL专业沙箱检测 -> http://abc.maikexunsh.com/static/room/car/icon/10007.png?login_key=	GET /static/room/car/icon/10007.png?login_key= HTTP/1.1 Accept: / Accept-Language: zh-CN Referer: http://abc.maikexunsh.com/static/room/apps/chatModule.swf?1.2.17 x-flash-version: 24,0,0,194 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) If-Modified-Since: Mon, 30 Jan 2017 12:37:19 GMT If-None-Match: "588f337f-136a" Host: abc.maikexunsh.com Connection: Keep-Alive
URL专业沙箱检测 -> http://abc.maikexunsh.com/static/room/car/car.xml	GET /static/room/car/car.xml HTTP/1.1 Accept: / Accept-Language: zh-CN Referer: http://abc.maikexunsh.com/static/room/load_preloader.swf?1.2.17 x-flash-version: 24,0,0,194 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) Host: abc.maikexunsh.com Connection: Keep-Alive
URL专业沙箱检测 -> http://abc.maikexunsh.com/static/room/car/swf/carModule.swf?src=http://abc.maikexunsh.com/static/room/car/png/10007.png&scaleX=.3&scaleY=.3	GET /static/room/car/swf/carModule.swf?src=http://abc.maikexunsh.com/static/room/car/png/10007.png&scaleX=.3&scaleY=.3 HTTP/1.1 Accept: / Accept-Language: zh-CN Referer: http://abc.maikexunsh.com/static/room/load_preloader.swf?1.2.17 x-flash-version: 24,0,0,194 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) Host: abc.maikexunsh.com Connection: Keep-Alive
URL专业沙箱检测 -> http://abc.maikexunsh.com/static/room/car/png/10007.png	GET /static/room/car/png/10007.png HTTP/1.1 Accept: / Accept-Language: zh-CN Referer: http://abc.maikexunsh.com/static/room/car/swf/carModule.swf?src=http://abc.maikexunsh.com/static/room/car/png/10007.png&scaleX=.3&scaleY=.3 x-flash-version: 24,0,0,194 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) Host: abc.maikexunsh.com Connection: Keep-Alive

SMTP 流量

无SMTP流量.

IRC 流量

无IRC请求.

ICMP 流量

源地址	目标地址	ICMP类型
125.88.187.127	192.168.122.203	3
125.88.187.127	192.168.122.203	3
125.88.187.127	192.168.122.203	3
125.88.187.127	192.168.122.203	3
192.168.121.1	192.168.122.203	3

CIF 报告

无 CIF 结果

网络警报

无警报

TLS

No TLS

Suricata HTTP

No Suricata HTTP

未发现网络提取文件

文件名	MSIMGSIZ.DAT
相关文件	C:\Users\test\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT
文件大小	16384 字节
文件类型	data
MD5	b749921d6d714cf8de00573cd5b49b6a
SHA1	f84119954a0f3ce5eb1017ad136b9e25b4a52bef
SHA256	85605bb90427cb17b4ab2b5f180a7072ee477f4bc04772b16ad240f7dd0e45ff
CRC32	409E82D5
Ssdeep	24:jYlIoF7mi7s+BCVKwNazuCIp3NasW9+9K8trW0DXakBcHaFLRR+DkMfiu+wJiUd2:j8NV7s+BCVKqaIaz+9K8VTFBc6pwd2
	下载提交魔盾安全分析

文件名	Popup.txt
相关文件	C:\Users\test\AppData\Local\Temp\Popup.txt
文件大小	5 字节
文件类型	ISO-8859 text, with no line terminators
MD5	c7eb61eed48f6ec13560390ce191b69e
SHA1	8e2fa5462a8e0af911db6c37e258c3be498a7423
SHA256	458379f820487deb007be9c115c644ff1943d3b539acc6110d45fa0bbb5efcc1
CRC32	E548D0DE
Ssdeep	3:j:j
	下载提交魔盾安全分析

文件名	hao123.exe
相关文件	C:\Users\test\Local Settings\Application Data\hao123\hao123.exe
文件大小	779080 字节
文件类型	PE32 executable (GUI) Intel 80386, for MS Windows
MD5	a4df5aa48eaa0eaca060773f8ce1949e
SHA1	bbb106eca82d30403873087278e7b85869fee8d1
SHA256	11472eb20a08bd913b19b676deaecb840a2f5b8c415a2b349043e800eb79b95f
CRC32	E2D32C49
Ssdeep	12288:ndj+R2VGbCcc/cFMNL1/MI0oQuH5TUkkxJippA4gqbpLTN:4cVGb1MNLF2mN
Yara
	下载提交魔盾安全分析

文件名	test@baiasp[1].txt
相关文件	C:\Users\test\AppData\Roaming\Microsoft\Windows\Cookies\test@baiasp[1].txt
文件大小	109 字节
文件类型	ASCII text
MD5	7d9489d14c4a7c44d5af87194cff6e57
SHA1	1d9430ed163225dfc3f16346b9bc5ecc67fed02f
SHA256	a7586c42087b082a10e458fafcfab752cf31284c325aa540627cd3e53983b5b8
CRC32	B44A96FD
Ssdeep	3:ZRA2m/XEThHSUKdE4aVXJRRXVeVhVdWS/:ZmdPEtyLsVXfiVxD/
	下载提交魔盾安全分析显示文本
safedog-flow-item 0580C8433A7E024353686D4D7116F3C0 baiasp.com/ 1024 468201216 30575104 1338417216 30550979 *

文件名	test@www.baiasp[1].txt
相关文件	C:\Users\test\AppData\Roaming\Microsoft\Windows\Cookies\test@www.baiasp[1].txt
文件大小	133 字节
文件类型	ASCII text
MD5	42eaccff6d777823348cedd5564c06d5
SHA1	aff622038aeba92bfa5c10aa675c1ac95cf57eaa
SHA256	ce78ae252fb62b371321d30ebf32c9aad829ba8265b0e9296cf3111295257435
CRC32	BA9A0E63
Ssdeep	3:QhkiGPMSXxIQsB9XTLRJUUlBKhaVdtRVJSKIfRW3OC/:QHGUSXtS1xy8KEVdfVcKAW3OC/
	下载提交魔盾安全分析显示文本
CNZZDATA4616976 cnzz_eid%3D968729039-1487419151-%26ntime%3D1487419151 www.baiasp.com/ 1088 3740006272 30587543 1432957216 30550979 *

文件名	s[1].htm
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HEL4YQ7U\s[1].htm
文件大小	18585 字节
文件类型	UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
MD5	d0d32b9ae5f6c7fbb15113d2e84de36b
SHA1	b8ec2837a70c9d31ec2472df5bb9553422fcd2fa
SHA256	4867d617f0235e63daf6374c65cdd8fd513f87312231a9c708660b5880de1910
CRC32	FB5E4F39
Ssdeep	192:+sMRNMMJrjxctkDUKtDje6u0GjVZS3ikdp38/8VGmLNeer5rSj/wgDI+Kd43s76T:rM4CrD1u0yVedpI8VGiNe49mNnKEuep
	下载提交魔盾安全分析

文件名	hao123\xe5\xaf\xbc\xe8\x88\xaa.lnk
相关文件	C:\Users\test\Desktop\hao123\xe5\xaf\xbc\xe8\x88\xaa.lnk
文件大小	1139 字节
文件类型	MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Has Working directory, Archive, ctime=Fri Oct 21 04:07:29 2016, mtime=Fri Oct 21 04:07:29 2016, atime=Fri Oct 21 04:07:29 2016, length=779080, window=hideshowminimized
MD5	6a940248753740251dd84a952b2062b0
SHA1	2232986fff7bf03543ec39634d120445f7b0b7b3
SHA256	4d26c3dec123d5e5219b52e5e94fe4e81bea3af25c211c53dc4317ae11052f42
CRC32	B74DBCAB
Ssdeep	12:8OQP4uKY1kCtXuxiC/JIB3kjvbChz/jAS1U/vAxiAIBMm9xiAIB4wua4t2YZqI0R:8dwX9Wux5XvbC9LAS17xH0xR6qhVo
	下载提交魔盾安全分析

文件名	config.ini
相关文件	C:\Users\test\Local Settings\Application Data\hao123\config.ini
文件大小	36 字节
文件类型	ASCII text, with CRLF line terminators
MD5	0f94ad3d07899803680ef005453c0e54
SHA1	c8bee98179d822c35d1d98e5ce573a978c63b3d0
SHA256	2f790bfe6729fdf0c35f3c2e2d0cbedd71b369d2a0d9a75e4947e56b99528a2a
CRC32	169F92B7
Ssdeep	3:aUlYNV8S4pTov:aqYNJ4ev
	下载提交魔盾安全分析显示文本
[hao123] url=http://www.ku122.com

文件名	core[1].php
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\core[1].php
文件大小	762 字节
文件类型	HTML document, ASCII text, with very long lines, with no line terminators
MD5	29efd4c5af38e20bd3a7fa510ce409f9
SHA1	2745ca9e25ad24f147c69d0aff14e5b32856c625
SHA256	ec2367db95eeb2ab91bfe38d8db015279614735ac3f086b7e04dda0a929c8668
CRC32	5E4F5A99
Ssdeep	12:cR2RPYAaTjj2hgWcnQOJRG7+La5+yIx7Gu2LB2o1wNJ/lgzVjuXiVcELnPXerTWJ:cR2aAYjj/WOqjlCp2LBZ18pyBVNjPcTW
	下载提交魔盾安全分析显示文本
!function(){var p,q,r,a=encodeURIComponent,b="4616976",c="",d="",e="online_v3.php",f="hzs1.cnzz.com",g="1",h="text",i="z",j="站长统计",k=window["_CNZZDbridge_"+b]["bobject"],l="http:",m="1",n=l+"//online.cnzz.com/online/"+e,o=[];o.push("id="+b),o.push("h="+f),o.push("on="+a(d)),o.push("s="+a(c)),n+="?"+o.join("&"),"0"===m&&k["callRequest"]([l+"//cnzz.mmstat.com/9.gif?abc=1"]),g&&(""!==d?k["createScriptIcon"](n,"utf-8"):(q="z"==i?"http://www.cnzz.com/stat/website.php?web_id="+b:"http://quanjing.cnzz.com","pic"===h?(r=l+"//icon.cnzz.com/img/"+c+".gif",p="<a href='"+q+"' target=_blank title='"+j+"'><img border=0 hspace=0 vspace=0 src='"+r+"'></a>"):p="<a href='"+q+"' target=_blank title='"+j+"'>"+j+"</a>",k["createIcon"]([p])))}();

文件名	stat[1].php
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CB4GP22D\stat[1].php
文件大小	9937 字节
文件类型	ASCII text, with very long lines
MD5	2dccc1173c2e269aef7b67da1f2a0d96
SHA1	e3c2d96bd3dab8cf7e124afa385769d53965ae76
SHA256	c4cef6eb885b5c7cd39ff0b233ba192ac2ec40283dc5b33368c8a462460c96fe
CRC32	B10D61DF
Ssdeep	192:hFxhtPCO5emuSsxf5m1mbi4s5pHx8ooBDeaJXg8lEkWwB9rP1VkCAt:hFxhtPCO1uphs1kxOahA8CUn7kCAt
	下载提交魔盾安全分析显示文本
(function(){function k(){this.c="4616976";this.R="z";this.N="";this.K="";this.M="";this.r="1487419151";this.P="hzs1.cnzz.com";this.L="";this.u="CNZZDATA"+this.c;this.t="_CNZZDbridge_"+this.c;this.F="_cnzz_CV"+this.c;this.G="CZ_UUID"+this.c;this.v="0";this.A={};this.a={};this.la()}function g(a,b){try{var c= [];c.push("siteid=4616976");c.push("name="+f(a.name));c.push("msg="+f(a.message));c.push("r="+f(h.referrer));c.push("page="+f(e.location.href));c.push("agent="+f(e.navigator.userAgent));c.push("ex="+f(b));c.push("rnd="+Math.floor(2147483648Math.random()));(new Image).src="http://jserr.cnzz.com/log.php?"+c.join("&")}catch(d){}}var h=document,e=window,f=encodeURIComponent,l=decodeURIComponent,n=unescape;k.prototype={la:function(){try{this.U(),this.J(),this.ia(),this.H(),this.o(),this.ga(), this.fa(),this.ja(),this.j(),this.ea(),this.ha(),this.ka(),this.ca(),this.aa(),this.da(),this.pa(),e[this.t]=e[this.t]\|\|{},this.ba("_cnzz_CV")}catch(a){g(a,"i failed")}},na:function(){try{var a=this;e._czc={push:function(){return a.B.apply(a,arguments)}}}catch(b){g(b,"oP failed")}},aa:function(){try{var a=e._czc;if("[object Array]"==={}.toString.call(a))for(var b=0;b<a.length;b++){var c=a[b];switch(c[0]){case "_setAccount":e._cz_account="[object String]"==={}.toString.call(c[1])?c[1]:String(c[1]); break;case "_setAutoPageview":"boolean"===typeof c[1]&&(e._cz_autoPageview=c[1])}}}catch(d){g(d,"cS failed")}},pa:function(){try{if("undefined"===typeof e._cz_account\|\|e._cz_account===this.c){e._cz_account=this.c;if("[object Array]"==={}.toString.call(e._czc))for(var a=e._czc,b=0,c=a.length;b<c;b++)this.B(a[b]);this.na()}}catch(d){g(d,"pP failed")}},B:function(a){try{if("[object Array]"==={}.toString.call(a))switch(a[0]){case "_trackPageview":if(a[1]){this.a.d="http://"+e.location.host; "/"!==a[1].charAt(0)&&(this.a.d+="/");this.a.d+=a[1];if(""===a[2])this.a.e="";else if(a[2]){var b=a[2];"http"!==b.substr(0,4)&&(b="http://"+e.location.host,"/"!==a[2].charAt(0)&&(b+="/"),b+=a[2]);this.a.e=b}this.k();"undefined"!==typeof this.a.e&&delete this.a.e;"undefined"!==typeof this.a.d&&delete this.a.d}break;case "_trackEvent":var c=[];a[1]&&a[2]&&(c.push(f(a[1])),c.push(f(a[2])),c.push(a[3]?f(a[3]):""),a[4]=parseFloat(a[4]),c.push(isNaN(a[4])?0:a[4]),c.push(a[5]?f(a[5]):""), this.m=c.join("\|"),this.k(),delete this.m);break;case "_setCustomVar":if(3<=a.length){if(!a[1]\|\|!a[2])return!1;var d=a[1],q=a[2],h=a[3]\|\|0;a=0;for(var l in this.a.b)a++;if(5<=a)return!1;var k;k=0==h?"p":-1==h\|\|-2==h?h:(new Date).getTime()+1E3h;this.a.b[d]={};this.a.b[d].S=q;this.a.b[d].f=k;this.w()}break;case "_deleteCustomVar":2<=a.length&&(d=a[1],this.a.b[d]&&(delete this.a.b[d],this.w()));break;case "_trackPageContent":a[1]&&(this.s=a[1],this.k(),delete this.s);case "_trackPageAction":c=[];a[1]&& a[2]&&(c.push(f(a[1])),c.push(f(a[2])),this.l=c.join("\|"),this.k(),delete this.l);break;case "_setUUid":var m=a[1];if(128<m.length)return!1;var n=new Date;n.setTime(n.getTime()+157248E5);this.sa(this.G,m,n)}}catch(p){g(p,"aC failed")}},da:function(){try{var a=this.n(this.F),b,c;this.a.b={};if(a)for(var d=a.split("&"),a=0;a<d.length;a++)c=l(d[a]),b=c.split("\|"),this.a.b[l(b[0])]={},this.a.b[l(b[0])].S=l(b[1]),this.a.b[l(b[0])].f=l(b[2])}catch(f){g(f,"gCV failed")}},V:function(){try{var a=(new Date).getTime(), b;for(b in this.a.b)"p"===this.a.b[b].f?this.a.b[b].f=0:"-1"!==this.a.b[b].f&&a>this.a.b[b].f&&delete this.a.b[b];this.w()}catch(c){g(c,"cCV failed")}},w:function(){try{var a=[],b,c,d;for(d in this.a.b){var e=[];e.push(d);e.push(this.a.b[d].S);e.push(this.a.b[d].f);b=e.join("\|");a.push(b)}if(0===a.length)return!0;var k=new Date;k.setTime(k.getTime()+157248E5);c=this.F+"=";this.b=f(a.join("&"));c+=this.b;c+="; expires="+k.toUTCString();h.cookie=c+"; path=/"}catch(l){g(l,"sCV failed")}},ca:function(){try{if(""!== e.location.hash)return this.D=e.location.href}catch(a){g(a,"gCP failed")}},j:function(){try{return this.a.qa=h.referrer\|\|""}catch(a){g(a,"gR failed")}},ea:function(){try{return this.a.p=e.navigator.systemLanguage\|\|e.navigator.language,this.a.p=this.a.p.toLowerCase(),this.a.p}catch(a){g(a,"gL failed")}},ha:function(){try{return this.a.Q=e.screen.width&&e.screen.height?e.screen.width+"x"+e.screen.height:"0x0",this.a.Q}catch(a){g(a,"gS failed")}},o:function(){try{return this.a.ma=this.g("ntime")\|\|"none"}catch(a){g(a, "gLVST failed")}},I:function(){try{return this.a.T=this.g("ltime")\|\|(new Date).getTime()}catch(a){g(a,"gFVBT failed")}},ga:function(){try{var a=this.g("cnzz_a");if(null===a)a=0;else{var b=1E3this.o(),c=new Date;c.setTime(b);(new Date).getDate()===c.getDate()?a++:a=0}return this.a.va=a}catch(d){g(d,"gRT failed")}},fa:function(){try{return this.a.q=this.g("rtime"),null===this.a.q&&(this.a.q=0),0<this.I()&&432E5<(new Date).getTime()-this.I()&&(this.a.q++,this.a.T=(new Date).getTime()),this.a.q}catch(a){g(a, "gRVT failed")}},ja:function(){try{return"none"===this.o()?this.a.ua=0:this.a.ua=parseInt(((new Date).getTime()-1E3this.o())/1E3)}catch(a){g(a,"gST failed")}},ia:function(){try{var a=this.g("sin")\|\|"none";if(!h.domain)return this.a.ta="none";this.j().split("/")[2]!==h.domain&&(a=this.j());return this.a.ta=a}catch(b){g(b,"gS failed")}},H:function(){try{return this.a.i=this.g("cnzz_eid")\|\|"none"}catch(a){g(a,"gC failed")}},ra:function(){try{var a="http://c.cnzz.com/core.php?",b=[];b.push("web_id="+ f(this.c));this.N&&b.push("show="+f(this.N));this.M&&b.push("online="+f(this.M));this.K&&b.push("l="+f(this.K));this.R&&b.push("t="+this.R);a+=b.join("&");this.Y(a,"utf-8")}catch(c){g(c,"rN failed")}},U:function(){try{return!1===e.navigator.cookieEnabled?this.a.X=!1:this.a.X=!0}catch(a){g(a,"cCE failed")}},sa:function(a,b,c,d,e,g){a=f(a)+"="+f(b);c instanceof Date&&(a+="; expires="+c.toGMTString());d&&(a+="; path="+d);e&&(a+="; domain="+e);g&&(a+="; secure");h.cookie=a},n:function(a){try{a+="=";var b= h.cookie,c=b.indexOf(a),d="";if(-1<c){var e=b.indexOf(";",c);-1===e&&(e=b.length);d=l(b.substring(c+a.length,e))}return d?d:""}catch(f){g(f,"gAC failed")}},ba:function(a){try{h.cookie=a+"=; expires="+(new Date(0)).toUTCString()+"; path=/"}catch(b){g(b,"dAC failed")}},ka:function(){try{var a=h.title;40<a.length&&(a=a.substr(0,40),a+="...");this.a.oa=a}catch(b){g(b,"gT failed")}},C:function(a){try{return"http"!==a.substr(0,4)?"":/http:\/\/.?\//i.exec(a)}catch(b){g(b,"cH failed")}},J:function(){try{var a= this.u,b={},c=this.n(this.u);if(0<c.length)if(1E8<this.c){var d=c.split("\|");b.cnzz_eid=l(d[0]);b.ntime=l(d[1])}else for(var d=c.split("&"),e=0,f=d.length;e<f;e++){var h=d[e].split("=");b[l(h[0])]=l(h[1])}this.A=b}catch(k){g(k,"iC failed:"+a+":"+c)}},O:function(){try{var a=this.u+"=",b=[],c=new Date;c.setTime(c.getTime()+157248E5);if(1E8<this.c){if("none"!==this.a.i)b.push(f(this.a.i));else{var d=Math.floor(2147483648Math.random())+"-"+this.r+"-"+this.C(this.j());b.push(f(d))}b.push(this.r);0<b.length? (a+=f(b.join("\|")),a+="; expires="+c.toUTCString(),a+="; path=/"):a+="; expires="+(new Date(0)).toUTCString()}else"none"!==this.a.i?b.push("cnzz_eid="+f(this.a.i)):(d=Math.floor(2147483648*Math.random())+"-"+this.r+"-"+this.C(this.j()),b.push("cnzz_eid="+f(d))),b.push("ntime="+this.r),0<b.length?(a+=f(b.join("&")),a+="; expires="+c.toUTCString(),a+="; path=/"):a+="; expires="+(new Date(0)).toUTCString();h.cookie=a}catch(e){g(e,"sS failed")}},g:function(a){try{return"undefined"!==typeof this.A[a]? this.A[a]:null}catch(b){g(b,"gCPa failed")}},Y:function(a,b){try{if(b=b\|\|"utf-8","1"===this.v){var c=h.createElement("script");c.type="text/javascript";c.async=!0;c.charset=b;c.src=a;var d=h.getElementsByTagName("script")[0];d.parentNode&&d.parentNode.insertBefore(c,d)}else h.write(n("%3Cscript src='"+a+"' charset='"+b+"' type='text/javascript'%3E%3C/script%3E"))}catch(e){g(e,"cAS failed")}},$:function(a,b){try{var c=h.getElementById("cnzz_stat_icon_"+this.c);if(c){var d=h.createElement("script"); d.type="text/javascript";d.async=!0;d.charset=b;d.src=a;c.appendChild(d)}else"0"===this.v&&h.write(n("%3Cscript src='"+a+"' charset='"+b+"' type='text/javascript'%3E%3C/script%3E"))}catch(e){g(e,"cSI failed")}},Z:function(a){try{for(var b=a.length,c="",d=0;d<b;d++)a[d]&&(c+=n(a[d]));var e=h.getElementById( <truncated>

文件名	index.dat
相关文件	C:\Users\test\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
文件大小	262144 字节
文件类型	Internet Explorer cache file version Ver 5.2
MD5	fbe6ba880d1f6cadfd771536120f2c73
SHA1	34b1a30160c6c7675a5c69b62d98661ab7a494bb
SHA256	a2cdabb3fc43f2e94ca47fac764eea7819768bdf094690a6369be41fc4a5fd01
CRC32	E94B92FD
Ssdeep	768:pFFwZHojCtOlWNw3nsiMsieuugxdKOri:rFwZIjCtkWm3siMbeuugxdKoi
	下载提交魔盾安全分析

文件名	stat[1].gif
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EHDRIWWS\stat[1].gif
文件大小	43 字节
文件类型	GIF image data, version 89a, 1 x 1
MD5	325472601571f31e1bf00674c368d335
SHA1	2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
SHA256	b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
CRC32	9ACCEAB1
Ssdeep	3:CUkwltxlHh/:P/
	下载提交魔盾安全分析

文件名	index.dat
相关文件	C:\Users\test\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012016102220161023\index.dat
文件大小	32768 字节
文件类型	Internet Explorer cache file version Ver 5.2
MD5	9347579c1662e3dbc6d03ed8ca272772
SHA1	a1e691e709ac4304ba64af15bd44597c97a218e5
SHA256	58e7da42c2db3f077812a7768a64a566d80ca19e23f67a49bf1ed8b08a45c7b0
CRC32	3634B065
Ssdeep	6:qjyxXKgf31VFJErAij4ksrUGXvKAGO3PJFJErAi9s7:qjRk31v+LbQKJO3D+L9
	下载提交魔盾安全分析

没有发现相似的分析.

HTML 总结报告 (需15-60分钟同步)	下载

Processing ( 394.163 seconds )

377.112 NetworkAnalysis
9.073 BehaviorAnalysis
3.097 Dropped
2.001 Static
1.679 VirusTotal
0.384 peid
0.345 TargetInfo
0.232 Debug
0.194 Strings
0.039 AnalysisInfo
0.004 config_decoder
0.003 Memory

Signatures ( 4.374 seconds )

1.074 md_bad_drop
0.789 antiav_detectreg
0.357 stealth_timeout
0.238 infostealer_ftp
0.172 antianalysis_detectreg
0.137 mimics_filetime
0.133 infostealer_im
0.125 stealth_file
0.117 antivm_generic_disk
0.102 virus
0.102 infostealer_mail
0.099 bootkit
0.097 antivm_generic_scsi
0.094 reads_self
0.045 darkcomet_regkeys
0.044 kibex_behavior
0.038 antiemu_wine_func
0.037 antivm_generic_services
0.034 geodo_banking_trojan
0.032 md_domain_bl
0.03 antiav_detectfile
0.028 recon_fingerprint
0.026 betabot_behavior
0.023 antivm_generic_diskreg
0.021 infostealer_bitcoin
0.019 antisandbox_productid
0.018 bypass_firewall
0.016 persistence_autorun
0.014 antivm_vbox_libs
0.013 dridex_behavior
0.013 shifu_behavior
0.013 packer_armadillo_regkey
0.012 antivm_vbox_files
0.012 antivm_vbox_keys
0.012 antivm_vmware_keys
0.011 antivm_vbox_acpi
0.011 antivm_vpc_keys
0.01 injection_createremotethread
0.01 antivm_generic_system
0.01 recon_programs
0.009 antivm_generic_bios
0.009 antivm_generic_cpu
0.008 antidbg_windows
0.008 ransomware_files
0.007 infostealer_browser
0.007 injection_runpe
0.006 network_tor
0.006 heapspray_js
0.006 vawtrak_behavior
0.006 network_http
0.005 antiav_avast_libs
0.005 antidbg_devices
0.005 modify_proxy
0.005 disables_browser_warn
0.005 network_torgateway
0.004 tinba_behavior
0.004 virtualcheck_js
0.004 antisandbox_sunbelt_libs
0.004 exec_crash
0.004 browser_security
0.003 hawkeye_behavior
0.003 kazybot_behavior
0.003 antisandbox_sboxie_libs
0.003 antiav_bitdefender_libs
0.003 md_url_bl
0.003 rat_pcclient
0.002 network_anomaly
0.002 antivm_vmware_libs
0.002 injection_explorer
0.002 sets_autoconfig_url
0.002 stealth_network
0.002 silverlight_js
0.002 antianalysis_detectfile
0.002 antivm_vmware_files
0.002 bot_drive
0.002 modify_uac_prompt
0.002 network_cnc_http
0.001 browser_scanbox
0.001 clickfraud_cookies
0.001 antisandbox_sleep
0.001 antivm_vbox_window
0.001 dyre_behavior
0.001 java_js
0.001 js_phish
0.001 pony_behavior
0.001 process_needed
0.001 js_suspicious_redirect
0.001 antiemu_wine_reg
0.001 antisandbox_sunbelt_files
0.001 antivm_vpc_files
0.001 banker_cridex
0.001 banker_zeus_mutex
0.001 banker_zeus_url
0.001 bot_drive2
0.001 browser_addon
0.001 disables_system_restore
0.001 maldun_blacklist
0.001 modify_security_center_warnings
0.001 network_tor_service
0.001 office_security
0.001 rat_spynet
0.001 recon_checkip
0.001 sniffer_winpcap
0.001 stealth_hiddenreg
0.001 stealth_hide_notifications
0.001 targeted_flame

Reporting ( 134.098 seconds )

131.095 ReportPDF
2.935 ReportHTMLSummary
0.068 Malheur


Task ID	83387
Mongo ID	58a83c030d982676a20f7425
Cuckoo release	1.4-Maldun