Trojan-Dropper.Win32.Agent.anh (Kaspersky), Gen:Trojan.Heur.RP.8qZ@amwgOhcb (B) (Emsisoft), Gen:Trojan.Heur.RP.8qZ@amwgOhcb (AdAware), Trojan.Win32.Sasfis.FD, GenericEmailWorm.YR (Lavasoft MAS)Behaviour: Trojan-Dropper, Trojan, Worm, EmailWorm
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: 6ae990d796ff70aade726dd7a1f317a5
SHA1: 9978efc130cc9eea050aa2f907d33ca89d201bcc
SHA256: cfd9f4d718556412b8763dd282ab47eb29da0f16147bcc328074cca18961e47d
SSDeep: 24576:wvZkEp3W8AD/Dhd y4lqJ8QdCYDoDN4H1GAEwmPhlGT:wvZsvD/DX y4onCYDoDa4wQli
Size: 984955 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: VMProtectV1X, PolyEnE001byLennartHedlund, MicrosoftVisualC, MicrosoftVisualCv50v60MFC, MicrosoftVisualC50, Armadillov171, UPolyXv05_v6
Company: StdLib
Created at: 2003-06-16 07:11:22
Analyzed on: WindowsXP SP3 32-bit
Summary: Trojan-Dropper. Trojan program, intended for stealth installation of other malware into user's system.
Dynamic Analysis
Payload
Behaviour | Description |
---|---|
EmailWorm | Worm can send e-mails. |
Process activity
The Trojan creates the following process(es):
heng1.exe:1392
%original file name%.exe:464
2s.exe:1988
Srer:956
The Trojan injects its code into the following process(es):
badboy.exe:140
2.exe:1992
IEXPLORE.EXE:380
Mutexes
The following mutexes were created/opened:No objects were found.
File activity
The process heng1.exe:1392 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%WinDir%\Srer (1281 bytes)
%WinDir%\Delete.bat (104 bytes)
The process %original file name%.exe:464 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%System%\2s.exe (3778 bytes)
%System%\heng1.exe (258 bytes)
The process badboy.exe:140 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%System%\ztdll.dll (35 bytes)
%Program Files%\svhost32.exe (24 bytes)
The process 2s.exe:1988 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%System%\2.exe (3732 bytes)
%System%\badboy.exe (24 bytes)
The process 2.exe:1992 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\cgi_client_entry[1].htm (879 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\h[1].js (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\E_4\krnln.fnr (5442 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\stat[1].js (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\E_4\HtmlView.fne (229 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\bg_corner[1].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\navigation[1].js (863 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\bg_page[1].png (392 bytes)
%Documents and Settings%\%current user%\UserData\2Z89WTQV\neeao[1].xml (266 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\upfile_2568273_1436523556[1].jpg (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\upfile_1415940_1436968214[1].jpg (7784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\upfile_3165952_1436968159[1].jpg (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\txt_title.ie6[1].png (6 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@qq[1].txt (139 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\html5[1].js (73 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\css[1].css (186 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@neeao[1].txt (175 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\desktop.ini (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\logo_baobeihuijia[1].png (3 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@hm.baidu[1].txt (164 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\data[1].js (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\u-WUoqrET9fUeobQW7jkRfY6323mHUZFJMgTvxaG2iE[1].eot (1386 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\logo_tencentvolunteers[1].png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\h[2].js (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\search_children[1].js (295 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\upfile_6284563_1436686486[1].jpg (3656 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\404style[1].css (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\upfile_4270811_1436692558[1].jpg (10747 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (2892 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\page[1].js (12 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\upfile_2835045_1438133394[1].jpg (10286 bytes)
The Trojan deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\h[1].js (0 bytes)
%Documents and Settings%\%current user%\UserData\2Z89WTQV\www.aaa[1].xml (0 bytes)
Registry activity
The process heng1.exe:1392 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C8 A6 60 47 16 72 BD E1 15 5E 28 AC 65 9F 6E A7"
The process badboy.exe:140 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = "C:\PROGRA~1\svhost32.exe"
The process Srer:956 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "79 22 31 E9 72 9A E1 2A B2 B0 AD 26 AB 25 66 A8"
The process 2.exe:1992 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"@xpsp3res.dll,-20001" = "Diagnose Connection Problems..."
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012015082720150828]
"CachePath" = "%USERPROFILE%\Local Settings\History\History.IE5\MSHist012015082720150828\"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1B 00 00 00 01 00 00 00 00 00 00 00"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012015082720150828]
"CachePrefix" = ":2015082720150828:"
"CacheLimit" = "8192"
"CacheOptions" = "11"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "5D 24 34 F6 1D 25 8E E2 4E 60 52 81 B0 5A FE 7F"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012015082720150828]
"CacheRepair" = "0"
The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Trojan deletes the following registry key(s):
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014031720140318]
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
Dropped PE files
MD5 | File path |
---|---|
5119e853bf543fa2ef978d758cfb0819 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\E_4\HtmlView.fne |
97c8fe752e354b2945e4c593a87e4a8b | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\E_4\krnln.fnr |
20544c1e7168d1121f5a9ebc9276616d | c:\Program Files\svhost32.exe |
15c0eeb18c965e25d8446632116d40ac | c:\WINDOWS\system32\2.exe |
ff96cc48742e27ab6c140032e841a791 | c:\WINDOWS\system32\2s.exe |
20544c1e7168d1121f5a9ebc9276616d | c:\WINDOWS\system32\badboy.exe |
5027f34108fca1a876ad66c6f8461e11 | c:\WINDOWS\system32\ztdll.dll |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):
heng1.exe:1392
%original file name%.exe:464
2s.exe:1988
Srer:956 - Delete the original Trojan file.
- Delete or disinfect the following files created/modified by the Trojan:
%WinDir%\Srer (1281 bytes)
%WinDir%\Delete.bat (104 bytes)
%System%\2s.exe (3778 bytes)
%System%\heng1.exe (258 bytes)
%System%\ztdll.dll (35 bytes)
%Program Files%\svhost32.exe (24 bytes)
%System%\2.exe (3732 bytes)
%System%\badboy.exe (24 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\cgi_client_entry[1].htm (879 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\h[1].js (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\E_4\krnln.fnr (5442 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\stat[1].js (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\E_4\HtmlView.fne (229 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\bg_corner[1].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\navigation[1].js (863 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\bg_page[1].png (392 bytes)
%Documents and Settings%\%current user%\UserData\2Z89WTQV\neeao[1].xml (266 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\upfile_2568273_1436523556[1].jpg (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\upfile_1415940_1436968214[1].jpg (7784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\upfile_3165952_1436968159[1].jpg (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\txt_title.ie6[1].png (6 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@qq[1].txt (139 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\html5[1].js (73 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\css[1].css (186 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@neeao[1].txt (175 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\desktop.ini (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\logo_baobeihuijia[1].png (3 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@hm.baidu[1].txt (164 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\data[1].js (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\u-WUoqrET9fUeobQW7jkRfY6323mHUZFJMgTvxaG2iE[1].eot (1386 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\logo_tencentvolunteers[1].png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\h[2].js (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\search_children[1].js (295 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\upfile_6284563_1436686486[1].jpg (3656 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\404style[1].css (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\upfile_4270811_1436692558[1].jpg (10747 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (2892 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\page[1].js (12 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\upfile_2835045_1438133394[1].jpg (10286 bytes) - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Reboot the computer.
Static Analysis
VersionInfo
No information is available.
No information is available.
PE Sections
Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
---|---|---|---|---|---|
.text | 4096 | 1926 | 4096 | 2.36282 | 364c77e015f4bb4a14327b18bd86398d |
.rdata | 8192 | 1320 | 4096 | 1.44848 | ed6eeea8c74e74b1f5d74036b1d8ff73 |
.data | 12288 | 180 | 4096 | 0.122094 | 61529ec798ffa7758db07e5d23e43936 |
.rsrc | 16384 | 3424 | 4096 | 1.40325 | bdcb84c2a2593ff86b5d8c0b85c02180 |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Network Activity
URLs
URL | IP |
---|---|
hxxp://neeao.com/ | 106.186.116.73 |
hxxp://a1574.b.akamai.net/cgi-bin/cgi_client_entry.cgi?uin=5454443 | |
hxxp://neeao.com/wp-content/themes/twentytwelve/js/html5.js | 106.186.116.73 |
hxxp://a1574.b.akamai.net/404/search_children.js | |
hxxp://neeao.com/wp-content/themes/twentytwelve/style.css?ver=4.1.7 | 106.186.116.73 |
hxxp://neeao.com/wp-content/themes/twentytwelve/css/ie.css?ver=20121010 | 106.186.116.73 |
hxxp://googleadapis.l.google.com/css?family=Open Sans:400italic,700italic,400,700&subset=latin,latin-ext | |
hxxp://gstaticadssl.l.google.com/s/opensans/v13/u-WUoqrET9fUeobQW7jkRfY6323mHUZFJMgTvxaG2iE.eot | |
hxxp://a1165.b.akamai.net/gy/404/data.js | |
hxxp://a1165.b.akamai.net/gy/404/page.js | |
hxxp://a1165.b.akamai.net/gy/404/style/404style.css | |
hxxp://a1165.b.akamai.net/ac/qzfl/stat.js | |
hxxp://hm.e.shifen.com/h.js?19c9dab3ab926f7f84b51ac9a3d72f37 | |
hxxp://boss.qzone.qq.com/fcg-bin/fcg_zone_info | 112.90.83.43 |
hxxp://hm.e.shifen.com/hm.gif?cc=1&ck=1&cl=32-bit&ds=1276x846&et=0&fl=11.6&ja=1&ln=en-us&lo=0&nv=1&rnd=954852177&si=19c9dab3ab926f7f84b51ac9a3d72f37&st=1&v=1.1.2&lv=1&tt=Neeao | ä¿¡æÂ¯å®‰å…¨ã€Â程åºÂå¼€å‘ã€Â脚本技术 | |
hxxp://a1165.b.akamai.net/gy/404/style/image/bg_page.png | |
hxxp://a1165.b.akamai.net/gy/upload/upfile_2835045_1438133394.jpg | |
hxxp://a1165.b.akamai.net/gy/404/style/image/logo_tencentvolunteers.png | |
hxxp://neeao.com/wp-content/themes/twentytwelve/js/navigation.js?ver=1.0 | 106.186.116.73 |
hxxp://a1165.b.akamai.net/gy/404/style/image/logo_baobeihuijia.png | |
hxxp://a1165.b.akamai.net/gy/upload/upfile_2568273_1436523556.jpg | |
hxxp://a1165.b.akamai.net/gy/upload/upfile_6284563_1436686486.jpg | |
hxxp://a1165.b.akamai.net/gy/upload/upfile_4270811_1436692558.jpg | |
hxxp://a1165.b.akamai.net/gy/upload/upfile_3165952_1436968159.jpg | |
hxxp://a1165.b.akamai.net/gy/upload/upfile_1415940_1436968214.jpg | |
hxxp://a1165.b.akamai.net/gy/404/style/image/txt_title.ie6.png | |
hxxp://a1165.b.akamai.net/gy/404/style/image/bg_corner.png | |
hxxp://qzone.qq.com/gy/404/style/404style.css | 1.105.192.18 |
hxxp://qzonestyle.gtimg.cn/ac/qzfl/stat.js | 188.43.72.42 |
hxxp://qzone.qq.com/gy/404/data.js | 1.105.192.18 |
hxxp://fonts.googleapis.com/css?family=Open Sans:400italic,700italic,400,700&subset=latin,latin-ext | 74.125.143.95 |
hxxp://qzone.qq.com/gy/upload/upfile_2568273_1436523556.jpg | 1.105.192.18 |
hxxp://qzone.qq.com/gy/404/style/image/txt_title.ie6.png | 1.105.192.18 |
hxxp://qzone.qq.com/gy/upload/upfile_3165952_1436968159.jpg | 1.105.192.18 |
hxxp://qzone.qq.com/gy/404/style/image/logo_baobeihuijia.png | 1.105.192.18 |
hxxp://hm.baidu.com/hm.gif?cc=1&ck=1&cl=32-bit&ds=1276x846&et=0&fl=11.6&ja=1&ln=en-us&lo=0&nv=1&rnd=954852177&si=19c9dab3ab926f7f84b51ac9a3d72f37&st=1&v=1.1.2&lv=1&tt=Neeao | ä¿¡æÂ¯å®‰å…¨ã€Â程åºÂå¼€å‘ã€Â脚本技术 | 220.181.7.190 |
hxxp://qzone.qq.com/gy/upload/upfile_4270811_1436692558.jpg | 1.105.192.18 |
hxxp://qzone.qq.com/gy/404/style/image/bg_page.png | 1.105.192.18 |
hxxp://qzone.qq.com/gy/upload/upfile_1415940_1436968214.jpg | 1.105.192.18 |
hxxp://qzone.qq.com/gy/upload/upfile_6284563_1436686486.jpg | 1.105.192.18 |
hxxp://qzone.qq.com/gy/404/style/image/logo_tencentvolunteers.png | 1.105.192.18 |
hxxp://hm.baidu.com/h.js?19c9dab3ab926f7f84b51ac9a3d72f37 | 220.181.7.190 |
hxxp://qzone.qq.com/gy/404/page.js | 1.105.192.18 |
hxxp://qzone.qq.com/gy/404/style/image/bg_corner.png | 1.105.192.18 |
hxxp://fonts.gstatic.com/s/opensans/v13/u-WUoqrET9fUeobQW7jkRfY6323mHUZFJMgTvxaG2iE.eot | 173.194.113.223 |
hxxp://qzone.qq.com/gy/upload/upfile_2835045_1438133394.jpg | 1.105.192.18 |
hxxp://www.qq.com/404/search_children.js | 188.43.72.51 |
hxxp://u15.qzone.qq.com/cgi-bin/cgi_client_entry.cgi?uin=5454443 | 188.43.72.51 |
pingfore.qq.com | 163.177.72.141 |
30434.q-zone.qq.com | 1.1.1.1 |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
GET /h.js?19c9dab3ab926f7f84b51ac9a3d72f37 HTTP/1.1
Accept: */*
Referer: hXXp://neeao.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: hm.baidu.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Cache-Control: max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 7924
Content-Type: application/javascript
Date: Thu, 27 Aug 2015 00:57:16 GMT
Etag: 00288249d01a7342cdf33311b0c0d3a0
P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Server: apache
Set-Cookie: HMACCOUNT=81DD77E195A915E4; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT
...............(function(){var h={},mt={},c={id:"19c9dab3ab926f7f84b51ac9a3d72f37",dm:["neeao.com"],js:"tongji.baidu.com/hm-web/js/",etrk:[],icon:'',ctrk:false,align:-1,nv:-1,vdur:1800000,age:31536000000,rec:0,rp:[],trust:0,vcard:0,qiao:0,lxb:0,conv:0,comm:0,apps:''};.[{w.6.....F..a..d;.V4.M....I:M...Y..IHb..BR..K.}....$&..n....yq_...f-2k.....OVQ.2~<p..................{.....N!..N.:.."..U..'3..T...t..g.."....N...Q..aG.....D2[..4zUU.MS.e..P.kKS~..2nkY.. D....... .qr?.2qn...o6}.%....8..l^`k..(.~..b.w;6....j. ...7'...........c...A\. ..:...%o..D!Y.......gV.h..Q.....A2.".K8.z][:A..0....%..*..P.....;.S5cA7.X/o.a&sh..".....E.&3.V..*.[..U&.Vn..#....}&.U.%...=.]..~..(."....;9...y@.u......Q:......Z.S......e....T<.$...{.@.r.Ob...~.f..=...................i i.3.P.@...R.4...)....%..-..nY.r.l.bb....EK..Lr,..z.?|.")....3..'.......t.n..cob......).....tU(w..o.,.".DrZ..|Q.s;...j.......To..-R y..>..Y.j".....k....l43.Uw.d...NO......4).............Y.(.?W#..vf'~./#YH.97........-.f....I..N9v....$,M.,L. ec...D.J.d.Z.j..(...."...[.xr.La.[9..A7..2.p..w.,../......Z.E]..x.*=.\.4../...O.Z%.~.MU.t.N.C5.v.vV-.O.......\.s..nAX....X"...Pe.?.....H.o..$3.../.D..l.P.0..9.... ...5..L=..S..v=..k..W......"Z......FC.D.4..t.xX<.j........t.....>..jMj......./8% .7&.........`:.i\ ..*...e$|i.w.1s............\....... }R.:.s..}.}.G.3.R....%..\.>.........j...!.*.kz..h......K..(..=......_F..U,...b...*N...bF..1|x}M.B......@.....h..............@N...~Xn..qu.d.{2...0..&a.`.....p.#..Fh..#.t([.4..H..z..(..8Dg...S).rb....|F....d.....|L.d....b...H.bS.
<<< skipped >>>
GET /hm.gif?cc=1&ck=1&cl=32-bit&ds=1276x846&et=0&fl=11.6&ja=1&ln=en-us&lo=0&nv=1&rnd=954852177&si=19c9dab3ab926f7f84b51ac9a3d72f37&st=1&v=1.1.2&lv=1&tt=Neeao | ä¿¡æÂ¯å®‰å…¨ã€Â程åºÂå¼€å‘ã€Â脚本技术 HTTP/1.1
Accept: */*
Referer: hXXp://neeao.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: hm.baidu.com
Connection: Keep-Alive
Cookie: HMACCOUNT=81DD77E195A915E4
HTTP/1.1 200 OK
Cache-Control: private, max-age=0, no-cache
Content-Length: 43
Content-Type: image/gif
Date: Thu, 27 Aug 2015 00:57:17 GMT
Pragma: no-cache
Server: apache
X-Content-Type-Options: nosniff
GIF89a.............!.......,...........L..;HTTP/1.1 200 OK..Cache-Control: private, max-age=0, no-cache..Content-Length: 43..Content-Type: image/gif..Date: Thu, 27 Aug 2015 00:57:17 GMT..Pragma: no-cache..Server: apache..X-Content-Type-Options: nosniff..GIF89a.............!.......,...........L..;..
GET /gy/404/page.js HTTP/1.1
Accept: */*
Referer: hXXp://u15.qzone.qq.com/cgi-bin/cgi_client_entry.cgi?uin=5454443
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: qzone.qq.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: org-imgcache
Last-Modified: Thu, 11 Jun 2015 09:41:30 GMT
Content-Type: application/x-javascript
ETag: "557957ca-2f05"
Content-Encoding: gzip
Content-Length: 4536
Cache-Control: max-age=600
Date: Thu, 27 Aug 2015 00:57:15 GMT
Connection: keep-alive
Vary: Accept-Encoding
...........:ks.8... .$%......E......V.>f'sWu.W....."e.........S.=.^mM...F..................(...C.<??..`.."J.^.a .k.n4A...O.0h...!....A ..*,....w....;. ~....^......].kks..N...K..n.CZ.......r\.;....X......G......us8 .....s.u..........P....4.2.....?.*. ..S-.Xc.k.sM."q.|...u.......V.~?...h#.].L.?y....{j.{.f....Q.....H...<......`.....?Fy!..]...PM.@.G........P.h$M$M9..C....\w....`..H...(.....3..}..FcJ.....['.`>....p[<nE..X.......<W5.X$.".ARi......~.9|0P3.J..~k...(.N.XF..........J...F....OS$j.....?f.8...,...t.......o.......LJ...83W..D. .N."...H..6K........~.......V.....G.....B.........z....~5W3.......A..L..{j..q.r..F.K-<?{..0..\.s5.~.....0..._.4...(vY.cF.\ ........./....j].94F......m...C........=[.....b..6........e.......g.....d4b0jv..A`..n6c..^.s...m.....q-..Mp.ol!1C_.....S..m..b....s `.q@....../..F....ua..[b2.2de.#..s.........0.&8j:.v'.@a...XX8..9.G..T_.......&.....NP5..3....N*.Gb......[.....bW.6.........p...vP..)..@!.m..l}.S...Vh.f..)...}[....j..G.....R....E .....?........jf&P.c..G....WY...Hw....s.Q.[ik...`..Ld..W.....?3.sYD.f....:...A..Q.%_Z.D.N...5..x.]V.F.Z.Y.G.U...x.......S.C.ox............n!@.@.F.......k.$.........Eyd..|..V..)h.{.~c..)...[...&.....<>.:v..............n....#........`.....L$......D...P.Y....0...CD.K..?.......^.@..<.[.(,....\.9l...{u..\.)N9C.2.L..cw...0....n............./...^...t.m....=..:.`l.I....$......b;7.6...K...C....W8eX......8.V....x.J...8.3..Pp*.e.>.i......~.#Po..QA.9....3...Xi........3M.5.`.....4.{y....8..[{RD..*$.Q.8D.M {........Z%./.s.#.....(.....(.R"...e
<<< skipped >>>
GET /gy/404/style/image/bg_page.png HTTP/1.1
Accept: */*
Referer: hXXp://u15.qzone.qq.com/cgi-bin/cgi_client_entry.cgi?uin=5454443
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: qzone.qq.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: org-imgcache
Last-Modified: Wed, 31 Dec 2014 12:21:54 GMT
Content-Type: image/png
Content-Length: 14998
ETag: "54a3ea62-3a96"
Cache-Control: max-age=259200
Date: Thu, 27 Aug 2015 00:57:17 GMT
Connection: keep-alive
.PNG........IHDR...@..........K\4....tEXtSoftware.Adobe ImageReadyq.e<...$iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)" xmpMM:InstanceID="xmp.iid:6994F5C37BDB11E4AF49CE8655D24E0A" xmpMM:DocumentID="xmp.did:6994F5C47BDB11E4AF49CE8655D24E0A"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:6994F5C17BDB11E4AF49CE8655D24E0A" stRef:documentID="xmp.did:6994F5C27BDB11E4AF49CE8655D24E0A"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>...L....PLTE........................sss............................................................................................................................................................yyy.................................vvv......}}}...|||~~~...wwwttt...uuuxxxzzz..............$...5.IDATx....{.H.n..0.D"..E.,.ng{:..3..w........*d. EJ.$..<..I....Po}.*.................................................w..A.c$..`....(..._/:.l.........c.hm.R...2..=.'BQ.$....1R.f.......U.#.gt..ep..`.....kOSlE.M.s.t}......WZ.._Q.f.........GG13..N&.k.4.........fSy.AP...`...b-....v.A...GS.........~..2>.
<<< skipped >>>
GET /gy/404/style/image/logo_tencentvolunteers.png HTTP/1.1
Accept: */*
Referer: hXXp://u15.qzone.qq.com/cgi-bin/cgi_client_entry.cgi?uin=5454443
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: qzone.qq.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: org-imgcache
Last-Modified: Wed, 31 Dec 2014 12:21:54 GMT
Content-Type: image/png
Content-Length: 3588
ETag: "54a3ea62-e04"
Cache-Control: max-age=259200
Date: Thu, 27 Aug 2015 00:57:17 GMT
Connection: keep-alive
.PNG........IHDR...2...2.....).x.....tEXtSoftware.Adobe ImageReadyq.e<...$iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)" xmpMM:InstanceID="xmp.iid:998480E67BD511E4AF49CE8655D24E0A" xmpMM:DocumentID="xmp.did:998480E77BD511E4AF49CE8655D24E0A"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:998480E47BD511E4AF49CE8655D24E0A" stRef:documentID="xmp.did:998480E57BD511E4AF49CE8655D24E0A"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>...Z....PLTE.....r.....I........A........I........=.v...N....................N..h.......x...............`..D.....9..^.t...P..d..5..Z..R.....2..E.|...i..........z.....................l..............V.....X.................7.....|.......~......n..'........ .|......b..\..,..0....r...:..D...........v..............p..z.z..{...T..*........"........K..b.....V..z.........................................0...........$..........................:..8...........X..&..T..$........x..e.."..............3..-.............y......u.._..&..... ...........!.....!.......................... ..m........~........L...
<<< skipped >>>
GET /gy/404/style/image/logo_baobeihuijia.png HTTP/1.1
Accept: */*
Referer: hXXp://u15.qzone.qq.com/cgi-bin/cgi_client_entry.cgi?uin=5454443
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: qzone.qq.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: org-imgcache
Last-Modified: Wed, 31 Dec 2014 12:21:54 GMT
Content-Type: image/png
Content-Length: 3725
ETag: "54a3ea62-e8d"
Cache-Control: max-age=259200
Date: Thu, 27 Aug 2015 00:57:17 GMT
Connection: keep-alive
.PNG........IHDR...x...2......y......tEXtSoftware.Adobe ImageReadyq.e<...$iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)" xmpMM:InstanceID="xmp.iid:6994F5BB7BDB11E4AF49CE8655D24E0A" xmpMM:DocumentID="xmp.did:6994F5BC7BDB11E4AF49CE8655D24E0A"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:998480E87BD511E4AF49CE8655D24E0A" stRef:documentID="xmp.did:6994F5BA7BDB11E4AF49CE8655D24E0A"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>F.......PLTE....VF..............k.............=<....B6.......... .....$......D.......... *....[[.......2E.#6.*=..........zz.......3)..2.Td....CB....bq.z8.......x6.LK.fe.$$..$.....U.................[.......M^....Zj....SQ.w4..s....si.......54...................~>.............m{.............sr.tt.u.............................................A.q}................mn..z....@R....|<.......21....FV..".^l.~~.IE.....*.=N....}.....IZ..........&:.......y.....:4................%..............9L..,....i[....9J.....(..}.41.{:.`o.hg.........................`^........N....iW.cR..........ft.).....\j
<<< skipped >>>
GET /gy/upload/upfile_2568273_1436523556.jpg HTTP/1.1
Accept: */*
Referer: hXXp://u15.qzone.qq.com/cgi-bin/cgi_client_entry.cgi?uin=5454443
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: qzone.qq.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: org-imgcache
Last-Modified: Fri, 10 Jul 2015 10:19:16 GMT
Content-Type: image/jpeg
Content-Length: 12912
ETag: "559f9c24-3270"
Cache-Control: max-age=259200
Date: Thu, 27 Aug 2015 00:57:17 GMT
Connection: keep-alive
......JFIF.....`.`.....0Exif..MM.*.......1..............VVV.meitu.com....C....................................................................C.........................................................................................................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..6.........b..;#...y.wg..i.p....<..i.:p.....&..F.'.GZ...>.).F.C...o.F..Ch.1...@...BG.T../..O........G...W<..v....%...~ ../Y.Q..51...WA..'......Q.vA......R.d.et..*]..U..s...=......3E.P]...W.!f..c..g....4Y}..[]./...W...<......m..d...,{ea!.....w...,.2.x... ......../...q.%.9.q...&...X..R(..A...^..T....rN:a@.....4......8.U3tHd..\..H.A".V..M.%........gr.21!s.1`z.......RH.*..I<......L.G.l....G.........q.AN3...[....`.|S>.K......'.{N'...wG.~.....g3.;/.....5.....<;..O.o...z.....M..Q.\;..Fz.j....;........../.....O..h.....`.9^.JFn.t.X..zw.Cw3q}..#*|...Pk..\..&`..l...u.m....Xd.".H.....rF{.V5..r0w.J.t.I..F9.z..1.N...'..wCZ.o3u...7. ..\.q.*..Re....8..........K.9...S..........S.=.......x.U...Y~..}5r..[#...=...GS...i ...H....DH^...q..p..O.n..;3..>.?.x.?`..R....# V.m...6..3.....e...9.ADE.....NsR..){.R...%..Tc.&.I...Z...9.G.Vzt.....A..a.|.#4....s
<<< skipped >>>
GET /gy/upload/upfile_6284563_1436686486.jpg HTTP/1.1
Accept: */*
Referer: hXXp://u15.qzone.qq.com/cgi-bin/cgi_client_entry.cgi?uin=5454443
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: qzone.qq.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: org-imgcache
Last-Modified: Sun, 12 Jul 2015 07:34:46 GMT
Content-Type: image/jpeg
Content-Length: 47609
ETag: "55a21896-b9f9"
Cache-Control: max-age=259200
Date: Thu, 27 Aug 2015 00:57:17 GMT
Connection: keep-alive
......JFIF.............<CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 100....C....................................................................C.........................................................................^.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..i.....?...j.U.............K.Uz<..o....\.,Q..~..z...~..z(...........O...^..|e..~.~e.*.W.........>.......t._..G,.8...\..d.......u..4'.....O..c..Y....._..=s..`y?.>'iZ?. ..7.;........|..O....u.........zu. .XWe..v..3.^#....}?... twj.....{.s....M..x...\.8....x?.>0_^....:..v............>y......?...........k..a...._.....U....l......'.d........u/.j..........{...Zi.......n..V........G....~..x..5...........o..v.4<..........[..U..u.o..f.....U........."......Z..E.W..g....Z......1Y......?.......O...........Pua.?.o_....Ag......\.... B.J...1....?.._....o....?4.e..........~=..6.........w]........xW.v..Ko...........| ...b..n;{..@....xo'....{......4..j........>.....y.........'.lV.6..1...-..K....~.Cy.........~.`..........~'Ay.x/.?.?.?.9.W.i.*.....O..3^w...........2|.........m.._...v........._...?.._...?...bp......./.Vd.i[Ue......b....
<<< skipped >>>
GET /gy/upload/upfile_3165952_1436968159.jpg HTTP/1.1
Accept: */*
Referer: hXXp://u15.qzone.qq.com/cgi-bin/cgi_client_entry.cgi?uin=5454443
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: qzone.qq.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: org-imgcache
Last-Modified: Wed, 15 Jul 2015 13:49:19 GMT
Content-Type: image/jpeg
Content-Length: 27181
ETag: "55a664df-6a2d"
Cache-Control: max-age=259200
Date: Thu, 27 Aug 2015 00:57:17 GMT
Connection: keep-alive
......JFIF.............0Exif..MM.*.......1..............VVV.meitu.com....C....................................................................C.......................................................................@.................................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..$........!..kQ...[.Y.I......@Q.VF...kf..o/...h.Q.4...d.}..L......5..2....o's.u...2<A..uH~.n.f_........|.."..".v.F.........p4,.?wYJ$.j..w.t.)D...cq....2.#.uO2.....=e....G....y..sr.#l.Q..........2;..O.....U.Uk.../....7}............*..q.y.......vZS......j....4!...5.....m]..P...E...jT....s...M....6t......s..I\.|;.....#M......@......|.".,4y.IEy....=LD.)E...:....^.s......Mp......~...'...>.......Dv.._.<...<..g.......Q....._|..F.i5......1...$(.8.ZC8.U.. E..e<..N.R...."m1D..{....8....[.h&o.uh:.^O.b..#o*.$.7....`G.....v.K.z5]... .f....@S..tp......AVO.o..J.`f....Y....n...m....h..i..Y..x4....Kg.U.4J7.u....w....:.jmQ...'.\..........ti_w.7.yk...a.....u...a_.......6.l{bWX...C.....V_.}../.Y.S.u...|./..@...|..h...uj.`.r.=m..v.OR..z7......n...3Fe.#s|..`;j....bD...7....E......FJ.5.I...(.&..'....-.t?..K.J="...[k.q.#~y<g.S....... .=.JP.Qn.u..}....&..k..
<<< skipped >>>
GET /gy/upload/upfile_1415940_1436968214.jpg HTTP/1.1
Accept: */*
Referer: hXXp://u15.qzone.qq.com/cgi-bin/cgi_client_entry.cgi?uin=5454443
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: qzone.qq.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: org-imgcache
Last-Modified: Wed, 15 Jul 2015 13:50:14 GMT
Content-Type: image/jpeg
Content-Length: 113765
ETag: "55a66516-1bc65"
Cache-Control: max-age=259200
Date: Thu, 27 Aug 2015 00:57:17 GMT
Connection: keep-alive
......JFIF.............<CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 100....C....................................................................C.......................................................................U...."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..~.,....>.,....>=h....g..?...Z.........K;_...8.....v.s. v.].....i.......t....:.............>..*......O...z..g...=.... ......^.....Z...y..[.g.Y.......NkF.......}....h.......;.]>..3.......6.....^.....g...Z.~......@...../.o..hY..c.w..=.s...Y....V....w.......=7]....>....Ns.s...^{.k.*.......^..%.......K...~......2......?.....[...jZ....1.4.7....~?....U^k...I. ...v...&_.o..~...?....g.._...k...........rC..v...x..J....)....b_..?...........Y.sU.:7..o........}]gk..O^...........~#._.,...u..........Z.G)..k.........>Q...y.j.z....t.S..?..s... ?...A.V....i.....9... >...F.T.b..Y.>..'.o.?.W.........Y..x....O{....#......>.../.>......i)l.~'..._L.;5f.&.....g..?..Eg..?..;g..?..Eg..?..."..G.....}......j......}z.V......QE....}....u..........`.....Wa.o..h_..?......K.m..../..>........z.._.5xo..f................_H|d..........9....
<<< skipped >>>
GET /gy/404/style/image/txt_title.ie6.png HTTP/1.1
Accept: */*
Referer: hXXp://u15.qzone.qq.com/cgi-bin/cgi_client_entry.cgi?uin=5454443
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: qzone.qq.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: org-imgcache
Last-Modified: Wed, 31 Dec 2014 12:21:54 GMT
Content-Type: image/png
Content-Length: 6502
ETag: "54a3ea62-1966"
Cache-Control: max-age=259200
Date: Thu, 27 Aug 2015 00:57:18 GMT
Connection: keep-alive
.PNG........IHDR.......F........'....tEXtSoftware.Adobe ImageReadyq.e<...$iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)" xmpMM:InstanceID="xmp.iid:72A4BF7D7BC911E4AF49CE8655D24E0A" xmpMM:DocumentID="xmp.did:72A4BF7E7BC911E4AF49CE8655D24E0A"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:72A4BF7B7BC911E4AF49CE8655D24E0A" stRef:documentID="xmp.did:72A4BF7C7BC911E4AF49CE8655D24E0A"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>R1>....0PLTE^^^............iii............sss~~~..............=.....tRNS.................#].....IDATx..].b...5;x....k6.E`............!..i...m..<.....%G.......5..$.....}..i.....;......1.Y,.....i.........'..M _76..Y..._=..-..i.b.%.. ..rq.....8..G..Q..=.i...rv6..iz..E....."..=.L...]...q..%_...}....E.r..8.........Co..$. ^.s.....?....v....x.-.la..>.y.1p....K<.FU....a....Z....z......'..\..DLt.8%h.y..%.7s..r..Z.EmH..u.....h...u..y8..c.HK.............<.K-......6fWN}$uF..zL....V.MK....h/....@.E".d.....n!.0"....x...%|.M......}.....Xf...Td/w..........a..>.....G.@n....E?......R,......
<<< skipped >>>
GET /s/opensans/v13/u-WUoqrET9fUeobQW7jkRfY6323mHUZFJMgTvxaG2iE.eot HTTP/1.1
Accept: */*
Referer: hXXp://neeao.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: fonts.gstatic.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: font/eot
Last-Modified: Mon, 27 Apr 2015 23:47:02 GMT
Date: Wed, 26 Aug 2015 20:20:36 GMT
Expires: Thu, 25 Aug 2016 20:20:36 GMT
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 28499
X-XSS-Protection: 1; mode=block
Age: 16598
Cache-Control: public, max-age=31536000
......n...t.UP.N..;..;......>hpw.. ......K...............}.......Z..........H..........!".#..@...... ...~...&T.)&..[Ep...i.!....W..M......_....?..........|...y^.9D......N..................*j...........~\..Z..Y....=..p.h.X:n...g.........k@.U..y)v.n..F!.a&....Q5=...O.|.)....vz.7...J......k......!....B"%.9..z.j.k..}..u.~...o.I....UT.JJ..?.t...r ...!..`*bX<~....:.Gc..zj......eWAZ.....sf....c..H{w..... ..`..P...f.....0.8.]-Z..,..e!J0...t.c..J9".e&R.q.8.k......... .....K~.....c.9. Q4.{..r.I|...I:......p5.v..g...v.<PZ]b.~v...6...;..1(....=.]..[....S......W`.....QMu...8.G.......[.....Xt.........*sR..B......<^..M.p. AKQ.Pn].....K..D#D......"/........r.\....:b.Pu.A.W.\..g.l.~..........%.'4.....(..X...z.F....E%...2....mB.G..].,C...I.y.UI1.s..\v$..i...np.^..R..SA:....E`...8.L.8=..T!.6....?r...W5%..........(..M.........i28Sn.................0|?......g....&..m...m?...Dw.:.DXU(013..{...L L.p92....z..iirti..../.i]?.o.......vx....4......}.....tD}S .....l,.....7......Vi....<.|..&..;.....9s=#.......y...E.. <..T.YC..O.N.;...O.&g<...,...'<.p....41.h.:..B....@-..... .?U.O{6.X.p...9.xc{...b..3Y..... D.....r...2t.G..Z.f]..d`WE.{F1d.H....|.hS..sae..9FA,.#..D...5.....-......]..8G...09.......4..E<FZ..o.....k.....7.....dWS..B7?.....l{!^....3\..O0g........S0_QwR.4.l..f..t...Y.:y...b.L.N..5..4. .........'..(..G^U......i?.X......5..i...n...4....;...9..{..k1..T.SU8.z...(0T...!........Z..J.%..3]...I.k...:.!.C.../]_}6...BE...H..<.m.0.<w.(.z..........".....4.....DL.W9...m....W...l.....eAK$c......9..p.d4....p..
<<< skipped >>>
GET / HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: neeao.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 27 Aug 2015 00:57:13 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.3.28
Set-Cookie: PHPSESSID=kmmrh2tflq6od56ce2p5qsr1i1; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
X-Pingback: hXXp://neeao.com/xmlrpc.php
61f6..<!DOCTYPE html>.<!--[if IE 7]>.<html class="ie ie7" lang="zh-CN">.<![endif]-->.<!--[if IE 8]>.<html class="ie ie8" lang="zh-CN">.<![endif]-->.<!--[if !(IE 7) | !(IE 8) ]><!-->.<html lang="zh-CN">.<!--<![endif]-->.<head>.<meta charset="UTF-8" />.<meta name="viewport" content="width=device-width" />.<meta name="baidu-site-verification" content="ZxfsFzkW7N" /><title>Neeao | ..........................................</title>.<link rel="profile" href="hXXp://gmpg.org/xfn/11" />.<link rel="pingback" href="http://neeao.com/xmlrpc.php" />.<!--[if lt IE 9]>.<script src="hXXp://neeao.com/wp-content/themes/twentytwelve/js/html5.js" type="text/javascript"></script>.<![endif]-->.<link rel="alternate" type="application/rss xml" title="Neeao » Feed" href="http://neeao.com/feed" />.<link rel="alternate" type="application/rss xml" title="Neeao » ......Feed" href="hXXp://neeao.com/comments/feed" />.<link rel='stylesheet' id='twentytwelve-fonts-css' href='hXXp://fonts.googleapis.com/css?family=Open Sans:400italic,700italic,400,700&subset=latin,latin-ext' type='text/css' media='all' />.<link rel='stylesheet' id='twentytwelve-style-css' href='http://neeao.com/wp-content/themes/twentytwelve/style.css?ver=4.1.7' type='text/css' media='all' />.<!--[if lt IE 9]>.<link rel='stylesheet' id='twentytwelve-ie-css' href='hXXp://neeao.com/wp-con
<<< skipped >>>
GET /wp-content/themes/twentytwelve/style.css?ver=4.1.7 HTTP/1.1
Accept: */*
Referer: hXXp://neeao.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: neeao.com
Connection: Keep-Alive
Cookie: PHPSESSID=kmmrh2tflq6od56ce2p5qsr1i1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 27 Aug 2015 00:57:14 GMT
Content-Type: text/css
Content-Length: 35917
Last-Modified: Fri, 06 Dec 2013 02:23:10 GMT
Connection: keep-alive
Vary: Accept-Encoding
ETag: "52a1350e-8c4d"
Expires: Thu, 27 Aug 2015 12:57:14 GMT
Cache-Control: max-age=43200
Accept-Ranges: bytes
/*.Theme Name: Twenty Twelve.Theme URI: hXXp://wordpress.org/themes/twentytwelve.Author: the WordPress team.Author URI: hXXp://wordpress.org/.Description: The 2012 theme for WordPress is a fully responsive theme that looks great on any device. Features include a front page template with its own widgets, an optional display font, styling for post formats on both index and single views, and an optional no-sidebar page template. Make it yours with a custom menu, header image, and background..Version: 1.3.License: GNU General Public License v2 or later.License URI: hXXp://VVV.gnu.org/licenses/gpl-2.0.html.Tags: light, gray, white, one-column, two-columns, right-sidebar, fluid-layout, responsive-layout, custom-background, custom-header, custom-menu, editor-style, featured-images, flexible-header, full-width-template, microformats, post-formats, rtl-language-support, sticky-post, theme-options, translation-ready.Text Domain: twentytwelve..This theme, like WordPress, is licensed under the GPL..Use it to make something cool, have fun, and share what you've learned with others..*/../* =Notes.--------------------------------------------------------------.This stylesheet uses rem values with a pixel fallback. The rem.values (and line heights) are calculated using two variables:..$rembase: 14;.$line-height: 24;..---------- Examples..* Use a pixel value with a rem fallback for font-size, padding, margins, etc...padding: 5px 0;..padding: 0.357142857rem 0; (5 / $rembase)..* Set a font-size and then set a line-height based
<<< skipped >>>
GET /fcg-bin/fcg_zone_info HTTP/1.1
Accept: */*
Referer: hXXp://u15.qzone.qq.com/cgi-bin/cgi_client_entry.cgi?uin=5454443
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: boss.qzone.qq.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Connection: close
Server: QZHTTP-2.37.1
Date: Thu, 27 Aug 2015 00:57:16 GMT
Content-Encoding: gzip
Cache-Control: no-cache
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 140
...........wN..IJL.....TJ.OIU.2..2.K..x......@........X.S..LI,IT...VJ.,......V.WR..04..Q*(./..KNE(*,M.*)J...T...._.Tlbb`fln`lV[..i...x`.......
GET /gy/404/data.js HTTP/1.1
Accept: */*
Referer: hXXp://u15.qzone.qq.com/cgi-bin/cgi_client_entry.cgi?uin=5454443
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: qzone.qq.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: org-imgcache
Last-Modified: Wed, 26 Aug 2015 06:42:47 GMT
Content-Type: application/x-javascript
ETag: "55dd5fe7-266d"
Content-Encoding: gzip
Content-Length: 2863
Cache-Control: max-age=600
Date: Thu, 27 Aug 2015 00:57:15 GMT
Connection: keep-alive
Vary: Accept-Encoding
...........Z[O.I.. ._.....K.h.m.}..}[."C.......d.Y..1.6....!.CB..c........~......%Y.I.6...U..n....wN..g..lv..S............z..>u?r..#..?.w.q?p..<..i....&:.......@...C.....Vy..k......G.3..'>.y......x.Yaq..N.....W9...*.[.c....O..c.<..M?z.....^...|926...........<......O8QR8.....$r.(J#...l_hz.3F......!.9=...&...G...........^&. ..h.Stz.............gjt.;.....1..713.y:.J..I..0;2.{>.y...=.W3...%#.I..j..V......k(.F.....U.0....c..~.......yD. .........q&.......dgQk.Ib....I.Av..8../...VH...~.V....},..5....=....&.g.~..0.'..i...:..<.2.Vy.0.r.../K..K..Oz..Ks..p_g.<8...P..}i"..D...i"q. J.M$E...4..8.'.&.B..w.&z(..Sh.f.R.v.<B.Er.B....sB....qv4...d.....#{.(.... .5'w...<....|A.l.D..I.Oj.0..9R....~........jI....K:....S:..8.7....$....I.wI..j.]...:$.....g.....$.8.QX.".....WK......".._.\....@kn.l.)1d.....50.p....t.q.J.....=!(.#(u.$...J......m..l.d....A.U.3.T%...~.j....8}id.4.4vhZ.\k.u...P....;@..m.*<0:...Y....%..t.n.6.;..c?A..t^.[... .F.=...x/..nT"..T.8...Zz....v.57I..5..A.........@ I.<a...Q....R.E[Jp.2......f...}.....^S.....9*..K.70.eW.a....!..9.........l.........G...'...(..D.............qnPDE..UV....$..x.J.....%.t...<...z....?l..:.S.d.6.....1kgj.P.n.....).........1..8..c.3.A~.a.a.27vL.7k.",02..."..<.../..K......../...m..n.X8E....C...qDC8.....{4..sZm.E..<...........bk.).L..._D...|D2A|..............y.&%(...>,q.Q..%.e.S].-%..2...j...N.....P..{N(.rB.U.....^bGF.O...r.E...8.....7.i......Q.V..nM..I.\/... .......V._.@...B.Y;B...$e..................;..7........eP28@..o..;J?....^d....j...z....s:.
<<< skipped >>>
GET /gy/404/style/404style.css HTTP/1.1
Accept: */*
Referer: hXXp://u15.qzone.qq.com/cgi-bin/cgi_client_entry.cgi?uin=5454443
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: qzone.qq.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: org-imgcache
Last-Modified: Thu, 11 Jun 2015 09:41:30 GMT
Content-Type: text/css
ETag: "557957ca-2d70"
Content-Encoding: gzip
Content-Length: 3441
Cache-Control: max-age=3600
Date: Thu, 27 Aug 2015 00:57:16 GMT
Connection: keep-alive
Vary: Accept-Encoding
...........Z.s.........tbiH..D..'3.C..L...NF..G.b...P.V4#7.%9.G.4.....;V.ZNSG.eK.g..|.........D9.eP...vo?~............?|..v.Lf.Y..9...].......5.0..~.m..L.Jn6..gs91...N...w.?....t...?.......I.........m...........}...}.......}..{.e../.{....ro]...-..k.............I@.>..9.E.C.i.de|.AY...INQ~sn|.j..U&........z.n.mC...h.....dv.V.3'..%'k..4.j..m.=.3.m.i......s.Z5.\,S]g-..|m....F-f...l9..k...*Lg.2...u.^..>..w....~.......po~......F...{wG..t.{....S..Z.p...........r.h:\.\Z.....Kg......k..Y..p.3.e.....|.L......Ma......f......ZT....P..V.Tt.z.B.t..i.........42D..V...j3..QGe..l.U......mq.`. nPU...n..I.v......"....Zuf....n...u._.B...z.G.....O..=X.>;..?~H..k.....;...t...*l......8g>...'P..G.5f.tu.,t...m..`..XP...p4#3..3.f%..d...]4.&x..}......... .....?..x....w..~.m..n.u.....C....w..........oq..P:$.....tn.D..R..&.U.&.J....i.5.,.....5.....Y.B..eM.K.}.s..6.....d:..A...6R.A.`.!.$...8......}.:...u..t..p7..........m].l.....].^\.n...0.W........i.h.21L4......[G..'.s.D......].n1..azR-.Y ....L..W.d.hN!.7.`u.F.G[...=....5......o.....JY..6f..5!z......S...A....9.8.....5.KE.. Ld...R.d.......<......2.P.*A........."v.E..A\.L.{.....VeN.b.)...]I.".Y.).h......$.%@..=.....{.?........FF.N"o?.T.%.G.B}..q.'4...O....v......h..Z.....?.6.p.....G._....@.}.....&s>F7o[6..e2`e.\j..5s..O.{_~.f.........{.].]..*..njf.mg.a. -D.......$......k....iAH....1?.(.....Uf...x{.....e6)&...v..#......yh...R?P<U...y}k.....F....x.Eu.... .......U.0u.}.(.8....f.....u...A.C.........f..>..;.,fQ.q. ....~u.]..m...v....oB.A>R :%......Q.@......|........ ...
<<< skipped >>>
GET /gy/upload/upfile_2835045_1438133394.jpg HTTP/1.1
Accept: */*
Referer: hXXp://u15.qzone.qq.com/cgi-bin/cgi_client_entry.cgi?uin=5454443
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: qzone.qq.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: org-imgcache
Last-Modified: Wed, 29 Jul 2015 01:29:54 GMT
Content-Type: image/jpeg
Content-Length: 124656
ETag: "55b82c92-1e6f0"
Cache-Control: max-age=259200
Date: Thu, 27 Aug 2015 00:57:17 GMT
Connection: keep-alive
......JFIF.............<CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 100....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..........Z....T..G......n...cX...}b.G....S\.].........._.z..> hV....n....6.....:=..k.....@...n.O.5....2K]R...G...k..........?.j.wo..N.sK.J...Mm.z....%..].og...7......,.n.......?....\..}E}.q..sovd.0.M.."....1...........z..4...~..K.c....E.'._.....}o......y../@.u.\.._.O.....cO.?je.4q.j.......%..@..8v.....c.;j.\...._u.?._..,.A...q.}.M....S;.N...?..%.kF......L....... |D..u..<...I.u..}\h:....w..0..}CX..>.>.......G........~.xO........Sx_.....;._.W~ ........M5O..k..8......9..;Q......}..M...KV..4....t.SK...h....J.'..A...5..k.Q....S.H..H...__..=?........o...${_E.....m{X...O..G.~g.....<UO'.....W*....:U.n..B-5..n.....<...K.5..k.'..o..Y.~.B........5M..c...$...2.Z. ........xK.._.?..6~.....n.q......./X........C.5... ...,~.>4.....;........f.A.y....?....>.#.NpG5.|D..<Q.......*.S2...O.4.........E......gnF0rA.|G..g..............
<<< skipped >>>
GET /gy/upload/upfile_4270811_1436692558.jpg HTTP/1.1
Accept: */*
Referer: hXXp://u15.qzone.qq.com/cgi-bin/cgi_client_entry.cgi?uin=5454443
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: qzone.qq.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: org-imgcache
Last-Modified: Sun, 12 Jul 2015 09:15:58 GMT
Content-Type: image/jpeg
Content-Length: 146648
ETag: "55a2304e-23cd8"
Cache-Control: max-age=259200
Date: Thu, 27 Aug 2015 00:57:17 GMT
Connection: keep-alive
......JFIF.............<CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 100....C....................................................................C.......................................................................@.I.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?........}.....Uy...f.'....O..r..L2y........S\]..'....3.g.......5..L_.......Z_n.i?}...L....\.........C...z..OZ.9...[..O..a..8......Z...z.[......~.....r.e....o...X...T"..V......V.'.O......{..a.k.w^w...t........>...I-f..0.....\...Z...[.-..o..^3..._...?._..J........e...S[}....z.$3Mq4Sc.G<.y.............=:u.. ..............:.x..^..q......lw0......A....q.5...u.......#..J.s..'ug.\y.......^....~....C.........W.1.4bh~.....3.li.$...q.................~..^M...._.r..j......O.;q...>..&.6.........g...N..qja....X..#4..;x........o.....K.?.c...>....c........._....u.&......O..~4.r.P......._..~=~..yS}....<z...Z............Og.............v.............?..u? ....F3..n.....#...]...H...w=!...3{........B.J].]S..............}....}7.....7.y....y..l...66...c.}.>..\.?wo7..........I..........2G7........#........{.....>\..N=.....|.A....M...?......
<<< skipped >>>
GET /gy/404/style/image/bg_corner.png HTTP/1.1
Accept: */*
Referer: hXXp://u15.qzone.qq.com/cgi-bin/cgi_client_entry.cgi?uin=5454443
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: qzone.qq.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: org-imgcache
Last-Modified: Wed, 31 Dec 2014 12:21:54 GMT
Content-Type: image/png
Content-Length: 2371
ETag: "54a3ea62-943"
Cache-Control: max-age=259200
Date: Thu, 27 Aug 2015 00:57:18 GMT
Connection: keep-alive
.PNG........IHDR...x...<.......~.....tEXtSoftware.Adobe ImageReadyq.e<...$iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)" xmpMM:InstanceID="xmp.iid:58F2A7167BE611E4AF49CE8655D24E0A" xmpMM:DocumentID="xmp.did:58F2A7177BE611E4AF49CE8655D24E0A"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:58F2A7147BE611E4AF49CE8655D24E0A" stRef:documentID="xmp.did:58F2A7157BE611E4AF49CE8655D24E0A"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..#.....IDATx...mh[U..O....i7l}.........M..2....e.0.a.....~......)~PA..A.........uS6E..8-A....j.M.&....{........{N..?B.{.....s.s.s.P.P`.Z.....x.X......`#ha...Y........Y....&...9.-A.J......l.ZUd...`....Nk!p.].....{.m.}....0Q...B`.....}`m...;....N......1......-u".$x....{..~.,.v.<.SQa.....'F.Z..vl'x..)"..x....... .Lf.N..HH*l.w.].../&h.;v.x..'..I.4.....u.....<..%.....A.7..,...c........[A.8..f|<~.<....f.....6.,.J.M..YiP>..F|k...).E{.O=">^.1....RL.....]v...>...9..JV.........%..,..H2Wv.....c.......]`.....^...w..l..Bm...YC..<.?#c..R|..|V#...#.6..IV.]...W...C.W.FQI`.{.!z_.
<<< skipped >>>
GET /ac/qzfl/stat.js HTTP/1.1
Accept: */*
Referer: hXXp://u15.qzone.qq.com/cgi-bin/cgi_client_entry.cgi?uin=5454443
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: qzonestyle.gtimg.cn
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: application/x-javascript
Content-Length: 3521
Last-Modified: Thu, 13 Nov 2014 10:18:36 GMT
Content-Encoding: gzip
ETag: "5464857c-2862"
Server: org-imgcache
Cache-Control: max-age=31104000
Date: Thu, 27 Aug 2015 00:57:16 GMT
Connection: keep-alive
Vary: Accept-Encoding
....|.dT....is.6.........L....4....f'.f.....z@..XS.JR.SQ.}..x.r...Nc.x..}....K>.....;......`.....qp-bO....n.&...C].....c=(*.o..Tw...P..,..n..m..70~...|6.>S..I.-.........p......I.%.c8.i..r.......Bd..|...z.!{.9EQR%.D..>........`.%..k.).1.H...t......?(p.....d...JWOp..R....t... F.....s .......pC..Xsb..i........r<..:..Q.4..!L.-.M....g.9..-.m...\...vb.=.......|N.{.........k..1...l.Q.od....:.~u..'V.C.a..R..~|Oj ...5.J.... ....7......S..S...RYGR....z"......n....P...=?...p.T../.^..<.S ..'rhl..V;............n.....l..iH.\..S.l|......k...........]..........5Ma......."9.i`..il.@.....?.4CC.....u... ./A...@}C..........2.%.x.sw..].B...Z.;.OR...4....k..UAx..~.f...h...... ..l...w.@.iE.....cn.. .8....#=P...w.i.`.......8..`.I...A.`5.U.3...k`0...4..Y......8....__|.........U..Q7G(..7M.N...`..h..:.P..1.q...,...@..V;|T.:./....."s.V...6D.m..."U.^I.&.....u.^..QJm9F[..6......%.......Y.=).... 0.m.c...2.=`.4.[..[..2.e......H..Y........0.5K.^...O.{q..m.[...`.3..y..0.8..........].[..e.a.$....$.k....m........;.-\..M..~...83.....m}.........a.?....]....)8....V...)...3.~.:..............t1w.z...Z~O.t...Y.....4W...d.n.....O/.]<.|..#A....>~x.}.Ea&. ^......9....J;..|...-\....\......@n................<.<._<..........@n...}}...)......0...e@`.js.B.R..?..N...:.LQD. .0c.dy.7....f......p..sV0.T."..d..(j..R.9.L.......l..y..`U..$R`<......L;..na..J..2>.LY...R.1..o.R,......~..k..o.....o.v...f..h....h.z.........E....1n....._..:........[a.._....__.f......S..!.V#...b.Q.di.<.Z...}0>.J.......l.'Rw.#n*..02].<?R:)......^.
<<< skipped >>>
GET /cgi-bin/cgi_client_entry.cgi?uin=5454443 HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: u15.qzone.qq.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: QZHTTP-2.38.18
Content-Encoding: gzip
X-Frame-Options: SAMEORIGIN
X-UA-Compatible: IE=Edge
Last-Modified: Thu, 27 Aug 2015 00:57:13 GMT
Cache-Control: max-age=0, no-transform, proxy-revalidate
Content-Type: text/html; charset=utf-8
Date: Thu, 27 Aug 2015 00:57:14 GMT
Content-Length: 607
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: qzone_check=; EXPIRES=Fri, 02-Jan-1970 00:00:00 GMT; PATH=/; DOMAIN=qq.com
Set-Cookie: _qz_referrer=; expires=Mon, 26 Jul 1997 05:00:00 GMT; PATH=/; DOMAIN=qq.com
.............s.@...0....s....q.=....z.....:.Z.X.)(P.bJ..CA....RhG*iB..b.m......U{j.y;...~.y.....z.........gO.........a$.I}.....dU.$./.....y8.@..TS.7kP.......e-..*Rp...&.9$.......>.. ....JQ% ...../k..*.9.j....|.m....".{...>...rw>....2.{..y.U.,[.v..6......]t.....5..Uw;..R!.tvrs3scd...N....jc.......@..R}WO......( ..Rk.M.....a..r.K..M.c.D....3....w@M..y.J.R..K....F....sl...!.KR.{.....F......c..{.e7....z.......7.........n4..Z...lE]..p..S.cp[{...< ...5g?O..PL.....s..%...f.............J.k..b.?..V.k.e..~./1'N~.....0...mm.O@S^k...J.Y.$.r@.i..=Q\]].^Y..cQ.5.."...s9.....:.....".8"...?>.....gx.|.?...........o...HTTP/1.1 200 OK..Server: QZHTTP-2.38.18..Content-Encoding: gzip..X-Frame-Options: SAMEORIGIN..X-UA-Compatible: IE=Edge..Last-Modified: Thu, 27 Aug 2015 00:57:13 GMT..Cache-Control: max-age=0, no-transform, proxy-revalidate..Content-Type: text/html; charset=utf-8..Date: Thu, 27 Aug 2015 00:57:14 GMT..Content-Length: 607..Connection: keep-alive..Vary: Accept-Encoding..Set-Cookie: qzone_check=; EXPIRES=Fri, 02-Jan-1970 00:00:00 GMT; PATH=/; DOMAIN=qq.com..Set-Cookie: _qz_referrer=; expires=Mon, 26 Jul 1997 05:00:00 GMT; PATH=/; DOMAIN=qq.com...............s.@...0....s....q.=....z.....:.Z.X.)(P.bJ..CA....RhG*iB..b.m......U{j.y;...~.y.....z.........gO.........a$.I}.....dU.$./.....y8.@..TS.7kP.......e-..*Rp...&.9$.......>.. ....JQ% ...../k..*.9.j....|.m....".{...>...rw>....2.{..y.U.,[.v..6......]t.....5..Uw;..R!.tvrs3scd...N....jc.......@..R}WO......( ..Rk.M.....a..r.K..M.c.D....3....w@M..y.J.R..K.
<<< skipped >>>
GET /404/search_children.js HTTP/1.1
Accept: */*
Referer: hXXp://u15.qzone.qq.com/cgi-bin/cgi_client_entry.cgi?uin=5454443
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.qq.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: squid/3.4.1
Content-Type: application/javascript; charset=GB2312
Vary: Accept-Encoding
Vary: Accept-Encoding
Content-Encoding: gzip
Vary: Accept-Encoding
Cache-Control: max-age=120
Expires: Thu, 27 Aug 2015 00:59:15 GMT
Date: Thu, 27 Aug 2015 00:57:15 GMT
Content-Length: 193
Connection: keep-alive
...............@...^...mV#fV........L4.&....>...v....|....&.. .....}..J.6u...w.J.....v....^C.4.yt.j...P!.n.'...* .W.......7l.S...&D.Bt\N.b..;..........d0.x.v.ROk.^.f.R{em.W...V.<. M..._J.Ub'...HTTP/1.1 200 OK..Server: squid/3.4.1..Content-Type: application/javascript; charset=GB2312..Vary: Accept-Encoding..Vary: Accept-Encoding..Content-Encoding: gzip..Vary: Accept-Encoding..Cache-Control: max-age=120..Expires: Thu, 27 Aug 2015 00:59:15 GMT..Date: Thu, 27 Aug 2015 00:57:15 GMT..Content-Length: 193..Connection: keep-alive.................@...^...mV#fV........L4.&....>...v....|....&.. .....}..J.6u...w.J.....v....^C.4.yt.j...P!.n.'...* .W.......7l.S...&D.Bt\N.b..;..........d0.x.v.ROk.^.f.R{em.W...V.<. M..._J.Ub'.....
GET /wp-content/themes/twentytwelve/js/html5.js HTTP/1.1
Accept: */*
Referer: hXXp://neeao.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: neeao.com
Connection: Keep-Alive
Cookie: PHPSESSID=kmmrh2tflq6od56ce2p5qsr1i1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 27 Aug 2015 00:57:13 GMT
Content-Type: application/javascript
Content-Length: 2487
Last-Modified: Fri, 26 Oct 2012 23:25:44 GMT
Connection: keep-alive
ETag: "508b1bf8-9b7"
Expires: Thu, 27 Aug 2015 12:57:13 GMT
Cache-Control: max-age=43200
Accept-Ranges: bytes
/*! HTML5 Shiv v3.6 | @afarkas @jdalton @jon_neal @rem | MIT/GPL2 Licensed */./* Source: hXXps://github.com/aFarkas/html5shiv */.(function(l,f){function m(){var a=e.elements;return"string"==typeof a?a.split(" "):a}function i(a){var b=n[a[o]];b||(b={},h ,a[o]=h,n[h]=b);return b}function p(a,b,c){b||(b=f);if(g)return b.createElement(a);c||(c=i(b));b=c.cache[a]?c.cache[a].cloneNode():r.test(a)?(c.cache[a]=c.createElem(a)).cloneNode():c.createElem(a);return b.canHaveChildren&&!s.test(a)?c.frag.appendChild(b):b}function t(a,b){if(!b.cache)b.cache={},b.createElem=a.createElement,b.createFrag=a.createDocumentFragment,b.frag=b.createFrag();.a.createElement=function(c){return!e.shivMethods?b.createElem(c):p(c,a,b)};a.createDocumentFragment=Function("h,f","return function(){var n=f.cloneNode(),c=n.createElement;h.shivMethods&&(" m().join().replace(/\w /g,function(a){b.createElem(a);b.frag.createElement(a);return'c("' a '")'}) ");return n}")(e,b.frag)}function q(a){a||(a=f);var b=i(a);if(e.shivCSS&&!j&&!b.hasCSS){var c,d=a;c=d.createElement("p");d=d.getElementsByTagName("head")[0]||d.documentElement;c.innerHTML="x<style>article,aside,figcaption,figure,footer,header,hgroup,nav,section{display:block}mark{background:#FF0;color:#000}</style>";.c=d.insertBefore(c.lastChild,d.firstChild);b.hasCSS=!!c}g||t(a,b);return a}var k=l.html5||{},s=/^<|^(?:button|map|select|textarea|object|iframe|option|optgroup)$/i,r=/^<|^(?:a|b|button|code|div|fieldset|form|h1|h2|h3|h4|h5|h6|i|iframe|img|input|label|li|link|ol|option
<<< skipped >>>
GET /wp-content/themes/twentytwelve/css/ie.css?ver=20121010 HTTP/1.1
Accept: */*
Referer: hXXp://neeao.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: neeao.com
Connection: Keep-Alive
Cookie: PHPSESSID=kmmrh2tflq6od56ce2p5qsr1i1
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 27 Aug 2015 00:57:14 GMT
Content-Type: text/css
Content-Length: 4781
Last-Modified: Mon, 07 Oct 2013 16:42:08 GMT
Connection: keep-alive
Vary: Accept-Encoding
ETag: "5252e460-12ad"
Expires: Thu, 27 Aug 2015 12:57:14 GMT
Cache-Control: max-age=43200
Accept-Ranges: bytes
/*.Styles for older IE versions (previous to IE9)..*/..body {..background-color: #e6e6e6;.}.body.custom-background-empty {..background-color: #fff;.}.body.custom-background-empty .site,.body.custom-background-white .site {..box-shadow: none;..margin-bottom: 0;..margin-top: 0;..padding: 0;.}..assistive-text,..site .screen-reader-text {..clip: rect(1px 1px 1px 1px); /* IE7 */.}..full-width .site-content {..float: none;..width: 100%;.}.img.size-full,.img.size-large,.img.header-image,.img.wp-post-image,.img[class*="align"],.img[class*="wp-image-"],.img[class*="attachment-"] {..width: auto; /* Prevent stretching of full-size and large-size images with height and width attributes in IE8 */.}..author-avatar {..float: left;..margin-top: 8px;..margin-top: 0.571428571rem;.}..author-description {..float: right;..width: 80%;.}..site {..box-shadow: 0 2px 6px rgba(100, 100, 100, 0.3);..margin: 48px auto;..max-width: 960px;..overflow: hidden;..padding: 0 40px;.}..site-content {..float: left;..width: 65.104166667%;.}.body.template-front-page .site-content,.body.attachment .site-content,.body.full-width .site-content {..width: 100%;.}..widget-area {..float: right;..width: 26.041666667%;.}..site-header h1,..site-header h2 {..text-align: left;.}..site-header h1 {..font-size: 26px;..line-height: 1.846153846;.}..main-navigation ul.nav-menu,..main-navigation div.nav-menu > ul {..border-bottom: 1px solid #ededed;..border-top: 1px solid #ededed;..display: inline-block !important;..text-align: left;..width: 100%;.}..main-navigation
<<< skipped >>>
GET /wp-content/themes/twentytwelve/js/navigation.js?ver=1.0 HTTP/1.1
Accept: */*
Referer: hXXp://neeao.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: neeao.com
Connection: Keep-Alive
Cookie: PHPSESSID=kmmrh2tflq6od56ce2p5qsr1i1; Hm_lvt_19c9dab3ab926f7f84b51ac9a3d72f37=1440637032; Hm_lpvt_19c9dab3ab926f7f84b51ac9a3d72f37=1440637032
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 27 Aug 2015 00:57:17 GMT
Content-Type: application/javascript
Content-Length: 863
Last-Modified: Wed, 14 Nov 2012 20:21:00 GMT
Connection: keep-alive
ETag: "50a3fd2c-35f"
Expires: Thu, 27 Aug 2015 12:57:17 GMT
Cache-Control: max-age=43200
Accept-Ranges: bytes
/**. * navigation.js. *. * Handles toggling the navigation menu for small screens.. */.( function() {..var nav = document.getElementById( 'site-navigation' ), button, menu;..if ( ! nav )...return;..button = nav.getElementsByTagName( 'h3' )[0];..menu = nav.getElementsByTagName( 'ul' )[0];..if ( ! button )...return;...// Hide button if menu is missing or empty...if ( ! menu || ! menu.childNodes.length ) {...button.style.display = 'none';...return;..}...button.onclick = function() {...if ( -1 == menu.className.indexOf( 'nav-menu' ) )....menu.className = 'nav-menu';....if ( -1 != button.className.indexOf( 'toggled-on' ) ) {....button.className = button.className.replace( ' toggled-on', '' );....menu.className = menu.className.replace( ' toggled-on', '' );...} else {....button.className = ' toggled-on';....menu.className = ' toggled-on';...}..};.} )();HTTP/1.1 200 OK..Server: nginx..Date: Thu, 27 Aug 2015 00:57:17 GMT..Content-Type: application/javascript..Content-Length: 863..Last-Modified: Wed, 14 Nov 2012 20:21:00 GMT..Connection: keep-alive..ETag: "50a3fd2c-35f"..Expires: Thu, 27 Aug 2015 12:57:17 GMT..Cache-Control: max-age=43200..Accept-Ranges: bytes../**. * navigation.js. *. * Handles toggling the navigation menu for small screens.. */.( function() {..var nav = document.getElementById( 'site-navigation' ), button, menu;..if ( ! nav )...return;..button = nav.getElementsByTagName( 'h3' )[0];..menu = nav.getElementsByTagName( 'ul' )[0];..if ( ! button )...return;...// Hide button if menu is missing or empt
<<< skipped >>>
GET /css?family=Open Sans:400italic,700italic,400,700&subset=latin,latin-ext HTTP/1.1
Accept: */*
Referer: hXXp://neeao.com/
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: fonts.googleapis.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: text/css
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Expires: Thu, 27 Aug 2015 00:57:14 GMT
Date: Thu, 27 Aug 2015 00:57:14 GMT
Cache-Control: private, max-age=86400
Content-Length: 186
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
@font-face {. font-family: 'Open Sans';. font-style: normal;. font-weight: 400;. src: url(hXXp://fonts.gstatic.com/s/opensans/v13/u-WUoqrET9fUeobQW7jkRfY6323mHUZFJMgTvxaG2iE.eot);.}.HTTP/1.1 200 OK..Content-Type: text/css..Access-Control-Allow-Origin: *..Timing-Allow-Origin: *..Expires: Thu, 27 Aug 2015 00:57:14 GMT..Date: Thu, 27 Aug 2015 00:57:14 GMT..Cache-Control: private, max-age=86400..Content-Length: 186..X-Content-Type-Options: nosniff..X-Frame-Options: SAMEORIGIN..X-XSS-Protection: 1; mode=block..Server: GSE..@font-face {. font-family: 'Open Sans';. font-style: normal;. font-weight: 400;. src: url(hXXp://fonts.gstatic.com/s/opensans/v13/u-WUoqrET9fUeobQW7jkRfY6323mHUZFJMgTvxaG2iE.eot);.}...
Map
The Trojan connects to the servers at the folowing location(s):
Strings from Dumps
badboy.exe_140:
KERNEL32.DLL
KERNEL32.DLL
kernel32.dll
kernel32.dll
Kernel32.dll
Kernel32.dll
ntdll.dll
ntdll.dll
EGHOST.EXE
EGHOST.EXE
MAILMON.EXE
MAILMON.EXE
KAVPFW.EXE
KAVPFW.EXE
Ravmon.EXE
Ravmon.EXE
Ravmond.EXE
Ravmond.EXE
........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ite
........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ite
.idata
.idata
.edata
.edata
P.reloc
P.reloc
P.rsrc
P.rsrc
127.0.0.1
127.0.0.1
Message-Id:
Message-Id:
auth LOGIN
auth LOGIN
HTTP://
HTTP://
HTTP/1.0
HTTP/1.0
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-powerpoint, application/vnd.ms-excel, application/msword, */*
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-powerpoint, application/vnd.ms-excel, application/msword, */*
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
software\microsoft\windows
software\microsoft\windows
zhengtu.dat
zhengtu.dat
user32.dll
user32.dll
GetKeyboardType
GetKeyboardType
advapi32.dll
advapi32.dll
RegOpenKeyExA
RegOpenKeyExA
RegCloseKey
RegCloseKey
RegCreateKeyExA
RegCreateKeyExA
UnhookWindowsHookEx
UnhookWindowsHookEx
SetWindowsHookExA
SetWindowsHookExA
wsock32.dll
wsock32.dll
ztDLL.dll
ztDLL.dll
KWindows
KWindows
USER32.DLL
USER32.DLL
ADVAPI32.DLL
ADVAPI32.DLL
GetWindowsDirectoryA
GetWindowsDirectoryA
.tB4:
.tB4:
H%D\Kx~
H%D\Kx~
badboy.exe_140_rwx_00401000_0001A000:
kernel32.dll
kernel32.dll
Kernel32.dll
Kernel32.dll
ntdll.dll
ntdll.dll
EGHOST.EXE
EGHOST.EXE
MAILMON.EXE
MAILMON.EXE
KAVPFW.EXE
KAVPFW.EXE
Ravmon.EXE
Ravmon.EXE
Ravmond.EXE
Ravmond.EXE
........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ite
........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ite
.idata
.idata
.edata
.edata
P.reloc
P.reloc
P.rsrc
P.rsrc
127.0.0.1
127.0.0.1
Message-Id:
Message-Id:
auth LOGIN
auth LOGIN
HTTP://
HTTP://
HTTP/1.0
HTTP/1.0
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-powerpoint, application/vnd.ms-excel, application/msword, */*
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-powerpoint, application/vnd.ms-excel, application/msword, */*
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
software\microsoft\windows
software\microsoft\windows
zhengtu.dat
zhengtu.dat
user32.dll
user32.dll
GetKeyboardType
GetKeyboardType
advapi32.dll
advapi32.dll
RegOpenKeyExA
RegOpenKeyExA
RegCloseKey
RegCloseKey
RegCreateKeyExA
RegCreateKeyExA
UnhookWindowsHookEx
UnhookWindowsHookEx
SetWindowsHookExA
SetWindowsHookExA
wsock32.dll
wsock32.dll
ztDLL.dll
ztDLL.dll
KWindows
KWindows
KERNEL32.DLL
KERNEL32.DLL
USER32.DLL
USER32.DLL
ADVAPI32.DLL
ADVAPI32.DLL
GetWindowsDirectoryA
GetWindowsDirectoryA
2.exe_1992:
.text
.text
`.rdata
`.rdata
@.data
@.data
.ecode
.ecode
.rsrc
.rsrc
user32.dll
user32.dll
KERNEL32.dll
KERNEL32.dll
USER32.dll
USER32.dll
GetCPInfo
GetCPInfo
krnln.fne
krnln.fne
krnln.fnr
krnln.fnr
1.1.3
1.1.3
%System%\2.exe
%System%\2.exe
hXXp://30434.q-zone.qq.com
hXXp://30434.q-zone.qq.com
hXXp://neeao.com
hXXp://neeao.com
hXXp://u15.qzone.qq.com/cgi-bin/cgi_client_entry.cgi?uin=5454443
hXXp://u15.qzone.qq.com/cgi-bin/cgi_client_entry.cgi?uin=5454443
hXXp://VVV.kuaigan8.com
hXXp://VVV.kuaigan8.com
hXXp://VVV.pptu8.com
hXXp://VVV.pptu8.com
VVV.530mo.com
VVV.530mo.com
hXXp://17bs.com/ip.htm8
hXXp://17bs.com/ip.htm8
2.exe_1992_rwx_0040A000_00001000:
hXXp://30434.q-zone.qq.com
hXXp://30434.q-zone.qq.com
hXXp://neeao.com
hXXp://neeao.com
hXXp://u15.qzone.qq.com/cgi-bin/cgi_client_entry.cgi?uin=5454443
hXXp://u15.qzone.qq.com/cgi-bin/cgi_client_entry.cgi?uin=5454443
hXXp://VVV.kuaigan8.com
hXXp://VVV.kuaigan8.com
hXXp://VVV.pptu8.com
hXXp://VVV.pptu8.com
VVV.530mo.com
VVV.530mo.com
hXXp://17bs.com/ip.htm8
hXXp://17bs.com/ip.htm8
IEXPLORE.EXE_380:
`.reloc
`.reloc
kernel32.dll
kernel32.dll
Windows
Windows
MSWHEEL_ROLLMSG
MSWHEEL_ROLLMSG
MSH_WHEELSUPPORT_MSG
MSH_WHEELSUPPORT_MSG
MSH_SCROLL_LINES_MSG
MSH_SCROLL_LINES_MSG
$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)
$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)
oleaut32.dll
oleaut32.dll
EVariantBadIndexError
EVariantBadIndexError
ssShift
ssShift
htKeyword
htKeyword
EInvalidOperation
EInvalidOperation
u%CNu
u%CNu
Uh.RA
Uh.RA
Uh.WA
Uh.WA
%s_%d
%s_%d
EInvalidGraphicOperation
EInvalidGraphicOperation
UhwEB
UhwEB
USER32.DLL
USER32.DLL
comctl32.dll
comctl32.dll
uxtheme.dll
uxtheme.dll
%s%s%s%s%s%s%s%s%s%s
%s%s%s%s%s%s%s%s%s%s
Proportional
Proportional
MAPI32.DLL
MAPI32.DLL
OnKeyDown4 C
OnKeyDown4 C
OnKeyPress
OnKeyPress
OnKeyUp
OnKeyUp
IE(AL("%s",4),"AL(\"%0:s\",3)","JK(\"%1:s\",\"%0:s\")")
IE(AL("%s",4),"AL(\"%0:s\",3)","JK(\"%1:s\",\"%0:s\")")
JumpID("","%s")
JumpID("","%s")
TKeyEvent
TKeyEvent
TKeyPressEvent
TKeyPressEvent
HelpKeyword
HelpKeyword
crSQLWait
crSQLWait
%s (%s)
%s (%s)
imm32.dll
imm32.dll
AutoHotkeys
AutoHotkeys
ssHotTrack
ssHotTrack
TWindowState
TWindowState
poProportional
poProportional
TWMKey
TWMKey
KeyPreview|RD
KeyPreview|RD
WindowState
WindowState
OnMouseUp8%C
OnMouseUp8%C
System\CurrentControlSet\Control\Keyboard Layouts\%.8x
System\CurrentControlSet\Control\Keyboard Layouts\%.8x
vcltest3.dll
vcltest3.dll
User32.dll
User32.dll
ntdll.dll
ntdll.dll
advapi32.dll
advapi32.dll
Port
Port
UDPSockError
UDPSockError
TMYNMUDP
TMYNMUDP
MYNMUDP
MYNMUDP
RemotePort
RemotePort
LocalPort
LocalPort
ReportLevel
ReportLevel
0.0.0.0
0.0.0.0
%d.%d.%d.%d
%d.%d.%d.%d
Video.avi
Video.avi
Image.bmp
Image.bmp
thread_func()[id=%.8x] - exception "%s"
thread_func()[id=%.8x] - exception "%s"
unaMsAcmDriver
unaMsAcmDriver
unaMsAcmDeviceHeader
unaMsAcmDeviceHeader
function isn't supported
function isn't supported
invalid flag passed
invalid flag passed
invalid parameter passed
invalid parameter passed
registry key not found
registry key not found
unavclPipeDataEvent
unavclPipeDataEvent
unavclInOutPipe
unavclInOutPipe
unavclInOutWavePipe
unavclInOutWavePipe
iphlpapi.dll
iphlpapi.dll
20050101
20050101
getservbyport
getservbyport
WSAAsyncGetServByPort
WSAAsyncGetServByPort
WSAJoinLeaf
WSAJoinLeaf
WS2_32.DLL
WS2_32.DLL
TIdSocketListWindows
TIdSocketListWindows
TIdStackWindowsU
TIdStackWindowsU
IdStackWindows
IdStackWindows
1.0.4
1.0.4
HttpSocket
HttpSocket
HttpSocketRead
HttpSocketRead
HttpSocketError
HttpSocketError
HttpSocketDisconnect
HttpSocketDisconnect
HttpSocketConnect
HttpSocketConnect
SOFTWARE\Microsoft\Windows\CurrentVersion\Setup
SOFTWARE\Microsoft\Windows\CurrentVersion\Setup
SoftWare\Microsoft\Windows\CurrentVersion\Run
SoftWare\Microsoft\Windows\CurrentVersion\Run
%d-%.2d-%.2d %.2d:%2.d:%.2d
%d-%.2d-%.2d %.2d:%2.d:%.2d
hXXp://
hXXp://
1.1.1.1
1.1.1.1
2.2.2.2
2.2.2.2
1.1.1.3
1.1.1.3
*.dat
*.dat
!#%$^&!#%!&*!
!#%$^&!#%!&*!
HKEY_CLASSES_ROOT
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_USERS
HKEY_CURRENT_CONFIG
HKEY_CURRENT_CONFIG
HKEY_DYN_DATA
HKEY_DYN_DATA
Telnet [ip] [port]
Telnet [ip] [port]
:\Program Files\Internet Explorer\IEXPLORE.EXE
:\Program Files\Internet Explorer\IEXPLORE.EXE
DNSAPI.DLL
DNSAPI.DLL
NETAPI32.DLL
NETAPI32.DLL
SVRAPI.DLL
SVRAPI.DLL
Uh.JH
Uh.JH
\SOFTWARE\Microsoft\Windows\CurrentVersion
\SOFTWARE\Microsoft\Windows\CurrentVersion
\SOFTWARE\Microsoft\Windows NT\CurrentVersion
\SOFTWARE\Microsoft\Windows NT\CurrentVersion
productkey
productkey
%s %d.%d (%d.%s)
%s %d.%d (%d.%s)
%f MHz
%f MHz
: IExplore.exe
: IExplore.exe
: Explorer.exe
: Explorer.exe
%d---- -:-:-
%d---- -:-:-
PSAPI.DLL
PSAPI.DLL
(The key is too long to be read.)
(The key is too long to be read.)
Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp
Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp
Delete.bat
Delete.bat
THttpProxy
THttpProxy
HttpProxy
HttpProxy
GET HTTP://
GET HTTP://
HTTP/1.0 200 Connected OK
HTTP/1.0 200 Connected OK
IEXPLORE.EXE
IEXPLORE.EXE
3; #>6.&
3; #>6.&
', 2/ 07&!4-)1#
', 2/ 07&!4-)1#
deflate 1.0.4 Copyright 1995-1996 Jean-loup Gailly
deflate 1.0.4 Copyright 1995-1996 Jean-loup Gailly
)%%%$$&&$%&)
)%%%$$&&$%&)
)%%%$$&&$''&&
)%%%$$&&$''&&
38000=344
38000=344
>>^%FVl
>>^%FVl
KWindows
KWindows
.ScktComp
.ScktComp
UrlMon
UrlMon
IdTCPConnection
IdTCPConnection
IdTCPStream
IdTCPStream
IdTCPClient
IdTCPClient
IMYNMUDP
IMYNMUDP
\RUNExeMemUnit
\RUNExeMemUnit
Font.Charset
Font.Charset
Font.Color
Font.Color
Font.Height
Font.Height
Font.Name
Font.Name
Font.Style
Font.Style
Icon.Data
Icon.Data
DeleteCriticalSectionLeaveCriticalSectionEnterCriticalSectionInitializeCriticalSectionVirtualFreeVirtualAllocLocalFreeLocalAllocGetTickCountQueryPerformanceCounterGetVersionGetCurrentThreadIdInterlockedDecrementInterlockedIncrementVirtualQueryWideCharToMultiByteSetCurrentDirectoryAMultiByteToWideCharlstrlenAlstrcpynALoadLibraryExAGetThreadLocaleGetStartupInfoAGetProcAddressGetModuleHandleAGetModuleFileNameAGetLocaleInfoAGetLastErrorGetCurrentDirectoryAGetCommandLineAFreeLibraryFindFirstFileAFindCloseExitProcessExitThreadCreateThreadWriteFileUnhandledExceptionFilterSetFilePointerSetEndOfFileRtlUnwindReadFileRaiseExceptionGetStdHandleGetFileSizeGetFileTypeCreateFileACloseHandleGetKeyboardTypeLoadStringAMessageBoxACharNextARegQueryValueExARegOpenKeyExARegCloseKeySysFreeStringSysReAllocStringLenSysAllocStringLenTlsSetValueTlsGetValueLocalAllocGetModuleHandleARegSetValueExARegQueryValueExARegQueryInfoKeyARegOpenKeyExARegFlushKeyRegEnumValueARegEnumKeyExARegDeleteValueARegDeleteKeyARegCreateKeyExARegCloseKeyOpenProcessTokenLookupPrivilegeValueAAdjustTokenPrivilegeslstrcpyWlstrcpyAlstrcmpiAWriteProcessMemoryWriteFileWinExecWideCharToMultiByteWaitForSingleObjectVirtualQueryExVirtualQueryVirtualProtectExVirtualAllocExVirtualAllocUnmapViewOfFileTerminateProcessSuspendThreadSleepSizeofResourceSetThreadPrioritySetThreadLocaleSetThreadContextSetPriorityClassSetNamedPipeHandleStateSetFilePointerSetFileAttributesASetEventSetErrorModeSetEndOfFileResumeThreadResetEventRemoveDirectoryAReadProcessMemoryReadFileQueryPerformanceFrequencyQueryPerformanceCounterPeekNamedPipeOutputDebugStringAOpenProcessMulDivMoveFileAMapViewOfFileLockResourceLocalFreeLoadResourceLoadLibraryALeaveCriticalSectionInitializeCriticalSectionGlobalUnlockGlobalReAllocGlobalMemoryStatusGlobalHandleGlobalLockGlobalFreeGlobalFindAtomAGlobalDeleteAtomGlobalAllocGlobalAddAtomAGetWindowsDirectoryAGetVersionExWGetVersionExAGetVersionGetTimeFormatAGetTickCountGetThreadPriorityGetThreadLocaleGetThreadContextGetTempPathAGetSystemTimeGetSystemInfoGetStringTypeExAGetStdHandleGetStartupInfoAGetProcAddressGetPriorityClassGetOverlappedResultGetModuleHandleAGetModuleFileNameAGetLocaleInfoAGetLocalTimeGetLastErrorGetFullPathNameAGetFileSizeGetFileAttributesExAGetFileAttributesAGetExitCodeThreadGetExitCodeProcessGetDriveTypeAGetDiskFreeSpaceAGetDateFormatAGetCurrentThreadIdGetCurrentThreadGetCurrentProcessIdGetCurrentProcessGetComputerNameAGetCommandLineAGetCPInfoGetACPFreeResourceInterlockedIncrementInterlockedExchangeInterlockedDecrementFreeLibraryFormatMessageAFindResourceAFindNextFileAFindFirstFileAFindCloseFileTimeToSystemTimeFileTimeToLocalFileTimeFileTimeToDosDateTimeExpandEnvironmentStringsAExitProcessEnumCalendarInfoAEnterCriticalSectionDeleteFileADeleteCriticalSectionCreateThreadCreateProcessACreatePipeCreateMutexACreateFileACreateEventACreateDirectoryACopyFileACompareStringACloseHandleWNetOpenEnumAWNetGetUserAWNetEnumResourceAWNetCloseEnumVerQueryValueAGetFileVersionInfoSizeAGetFileVersionInfoAUnrealizeObjectStretchBltSetWindowOrgExSetWinMetaFileBitsSetViewportOrgExSetTextColorSetStretchBltModeSetROP2SetPixelSetEnhMetaFileBitsSetDIBColorTableSetBrushOrgExSetBkModeSetBkColorSelectPaletteSelectObjectSaveDCRestoreDCRectangleRectVisibleRealizePalettePolylinePlayEnhMetaFilePatBltMoveToExMaskBltLineToIntersectClipRectGetWindowOrgExGetWinMetaFileBitsGetTextMetricsAGetTextExtentPointAGetTextExtentPoint32AGetSystemPaletteEntriesGetStockObjectGetPixelGetPaletteEntriesGetObjectAGetEnhMetaFilePaletteEntriesGetEnhMetaFileHeaderGetEnhMetaFileBitsGetDeviceCapsGetDIBitsGetDIBColorTableGetDCOrgExGetCurrentPositionExGetClipBoxGetBrushOrgExGetBitmapBitsExcludeClipRectDeleteObjectDeleteEnhMetaFileDeleteDCCreateSolidBrushCreatePenIndirectCreatePaletteCreateHalftonePaletteCreateFontIndirectACreateDIBitmapCreateDIBSectionCreateCompatibleDCCreateCompatibleBitmapCreateBrushIndirectCreateBitmapCopyEnhMetaFileABitBltCreateWindowExAmouse_eventkeybd_eventWindowFromPointWinHelpAWaitMessageVkKeyScanAUpdateWindowUnregisterClassAUnhookWindowsHookExTranslateMessageTranslateMDISysAccelTrackPopupMenuSystemParametersInfoAShowWindowShowScrollBarShowOwnedPopupsShowCursorSetWindowsHookExASetWindowPosSetWindowPlacementSetWindowLongASetTimerSetThreadDesktopSetScrollRangeSetScrollPosSetScrollInfoSetRectSetPropASetParentSetMenuItemInfoASetMenuSetForegroundWindowSetFocusSetCursorPosSetCursorSetClipboardDataSetClassLongASetCaptureSetActiveWindowSendMessageAScrollWindowScreenToClientRemovePropARemoveMenuReleaseDCReleaseCaptureRegisterWindowMessageARegisterClipboardFormatARegisterClassARedrawWindowPtInRectPostQuitMessagePostMessageAPeekMessageAOpenInputDesktopOpenDesktopAOpenClipboardOffsetRectOemToCharAMsgWaitForMultipleObjectsMessageBoxAMessageBeepMapWindowPointsMapVirtualKeyALoadStringALoadKeyboardLayoutALoadIconALoadCursorALoadBitmapAKillTimerIsZoomedIsWindowVisibleIsWindowEnabledIsWindowIsRectEmptyIsIconicIsDialogMessageAIsClipboardFormatAvailableIsChildInvalidateRectIntersectRectInsertMenuItemAInsertMenuAInflateRectGetWindowThreadProcessIdGetWindowTextAGetWindowRectGetWindowPlacementGetWindowLongAGetWindowDCGetUserObjectInformationAGetTopWindowGetSystemMetricsGetSystemMenuGetSysColorBrushGetSysColorGetSubMenuGetScrollRangeGetScrollPosGetScrollInfoGetPropAGetParentGetWindowGetMenuStringAGetMenuStateGetMenuItemInfoAGetMenuItemIDGetMenuItemCountGetMenuGetLastActivePopupGetKeyboardStateGetKeyboardLayoutListGetKeyboardLayoutGetKeyStateGetKeyNameTextAGetIconInfoGetForegroundWindowGetFocusGetDesktopWindowGetDCExGetDCGetCursorPosGetCursorGetClipboardDataGetClientRectGetClassNameAGetClassInfoAGetCaptureGetActiveWindowFrameRectFindWindowAFillRectExitWindowsExEqualRectEnumWindowsEnumThreadWindowsEnumClipboardFormatsEndPaintEnableWindowEnableScrollBarEnableMenuItemEmptyClipboardDrawTextADrawMenuBarDrawIconExDrawIconDrawFrameControlDrawEdgeDispatchMessageADestroyWindowDestroyMenuDestroyIconDestroyCursorDeleteMenuDefWindowProcADefMDIChildProcADefFrameProcACreatePopupMenuCreateMenuCreateIconCloseDesktopCloseClipboardClientToScreenCheckMenuItemCallWindowProcACallNextHookExBeginPaintCharNextACharLowerBuffACharLowerACharUpperBuffACharToOemAAdjustWindowRectExActivateKeyboardLayoutSleepSafeArrayPtrOfIndexSafeArrayGetUBoundSafeArrayGetLBoundSafeArrayCreateVariantChangeTypeVariantCopyVariantClearVariantInitImageList_SetIconSizeImageList_GetIconSizeImageList_WriteImageList_ReadImageList_GetDragImageImageList_DragShowNolockImageList_SetDragCursorImageImageList_DragMoveImageList_DragLeaveImageList_DragEnterImageList_EndDragImageList_BeginDragImageList_RemoveImageList_DrawExImageList_DrawImageList_GetBkColorImageList_SetBkColorImageList_ReplaceIconImageList_AddImageList_GetImageCountImageList_DestroyImageList_CreateShell_NotifyIconAShellExecuteAInternetReadFileInternetOpenUrlAInternetOpenAInternetCloseHandleHttpQueryInfoAStartServiceAStartServiceCtrlDispatcherASetServiceStatusRegisterServiceCtrlHandlerAQueryServiceStatusQueryServiceConfigAOpenServiceAOpenSCManagerAGetServiceKeyNameAEnumServicesStatusADeleteServiceCreateServiceAControlServiceCloseServiceHandleChangeServiceConfigAWSACleanupWSAStartupWSAGetLastErrorWSACancelAsyncRequestWSAAsyncGetServByNameWSAAsyncGetHostByNameWSAAsyncSelectgethostnamegetservbynamegethostbynamesocketsetsockoptsendtosendselectrecvfromrecvntohslistenioctlsocketinet_ntoainet_addrhtonsgetsockoptgetsocknamegetpeernameconnectclosesocketbindacceptCheckSumMappedFilewaveOutWritewaveOutUnprepareHeaderwaveOutResetwaveOutPrepareHeaderwaveOutOpenwaveOutGetPositionwaveOutGetErrorTextAwaveOutGetDevCapsWwaveOutGetDevCapsAwaveOutClosewaveInUnprepareHeaderwaveInStopwaveInStartwaveInResetwaveInPrepareHeaderwaveInOpenwaveInGetPositionwaveInGetErrorTextAwaveInGetDevCapsWwaveInGetDevCapsAwaveInClosewaveInAddBufferSendDriverMessageOpenDriverCloseDrivercapCreateCaptureWindowAcapGetDriverDescriptionAacmFormatChooseAacmFormatEnumAacmFormatTagEnumAacmDriverDetailsWacmDriverDetailsAacmDriverMessageacmDriverCloseacmDriverOpenacmDriverEnumacmMetricsacmGetVersionWSAIoctlgethostnamegethostbynameinet_ntoaSetSecurityInfoGetSecurityInfoSetEntriesInAclAcapGetDriverDescriptionA
DeleteCriticalSectionLeaveCriticalSectionEnterCriticalSectionInitializeCriticalSectionVirtualFreeVirtualAllocLocalFreeLocalAllocGetTickCountQueryPerformanceCounterGetVersionGetCurrentThreadIdInterlockedDecrementInterlockedIncrementVirtualQueryWideCharToMultiByteSetCurrentDirectoryAMultiByteToWideCharlstrlenAlstrcpynALoadLibraryExAGetThreadLocaleGetStartupInfoAGetProcAddressGetModuleHandleAGetModuleFileNameAGetLocaleInfoAGetLastErrorGetCurrentDirectoryAGetCommandLineAFreeLibraryFindFirstFileAFindCloseExitProcessExitThreadCreateThreadWriteFileUnhandledExceptionFilterSetFilePointerSetEndOfFileRtlUnwindReadFileRaiseExceptionGetStdHandleGetFileSizeGetFileTypeCreateFileACloseHandleGetKeyboardTypeLoadStringAMessageBoxACharNextARegQueryValueExARegOpenKeyExARegCloseKeySysFreeStringSysReAllocStringLenSysAllocStringLenTlsSetValueTlsGetValueLocalAllocGetModuleHandleARegSetValueExARegQueryValueExARegQueryInfoKeyARegOpenKeyExARegFlushKeyRegEnumValueARegEnumKeyExARegDeleteValueARegDeleteKeyARegCreateKeyExARegCloseKeyOpenProcessTokenLookupPrivilegeValueAAdjustTokenPrivilegeslstrcpyWlstrcpyAlstrcmpiAWriteProcessMemoryWriteFileWinExecWideCharToMultiByteWaitForSingleObjectVirtualQueryExVirtualQueryVirtualProtectExVirtualAllocExVirtualAllocUnmapViewOfFileTerminateProcessSuspendThreadSleepSizeofResourceSetThreadPrioritySetThreadLocaleSetThreadContextSetPriorityClassSetNamedPipeHandleStateSetFilePointerSetFileAttributesASetEventSetErrorModeSetEndOfFileResumeThreadResetEventRemoveDirectoryAReadProcessMemoryReadFileQueryPerformanceFrequencyQueryPerformanceCounterPeekNamedPipeOutputDebugStringAOpenProcessMulDivMoveFileAMapViewOfFileLockResourceLocalFreeLoadResourceLoadLibraryALeaveCriticalSectionInitializeCriticalSectionGlobalUnlockGlobalReAllocGlobalMemoryStatusGlobalHandleGlobalLockGlobalFreeGlobalFindAtomAGlobalDeleteAtomGlobalAllocGlobalAddAtomAGetWindowsDirectoryAGetVersionExWGetVersionExAGetVersionGetTimeFormatAGetTickCountGetThreadPriorityGetThreadLocaleGetThreadContextGetTempPathAGetSystemTimeGetSystemInfoGetStringTypeExAGetStdHandleGetStartupInfoAGetProcAddressGetPriorityClassGetOverlappedResultGetModuleHandleAGetModuleFileNameAGetLocaleInfoAGetLocalTimeGetLastErrorGetFullPathNameAGetFileSizeGetFileAttributesExAGetFileAttributesAGetExitCodeThreadGetExitCodeProcessGetDriveTypeAGetDiskFreeSpaceAGetDateFormatAGetCurrentThreadIdGetCurrentThreadGetCurrentProcessIdGetCurrentProcessGetComputerNameAGetCommandLineAGetCPInfoGetACPFreeResourceInterlockedIncrementInterlockedExchangeInterlockedDecrementFreeLibraryFormatMessageAFindResourceAFindNextFileAFindFirstFileAFindCloseFileTimeToSystemTimeFileTimeToLocalFileTimeFileTimeToDosDateTimeExpandEnvironmentStringsAExitProcessEnumCalendarInfoAEnterCriticalSectionDeleteFileADeleteCriticalSectionCreateThreadCreateProcessACreatePipeCreateMutexACreateFileACreateEventACreateDirectoryACopyFileACompareStringACloseHandleWNetOpenEnumAWNetGetUserAWNetEnumResourceAWNetCloseEnumVerQueryValueAGetFileVersionInfoSizeAGetFileVersionInfoAUnrealizeObjectStretchBltSetWindowOrgExSetWinMetaFileBitsSetViewportOrgExSetTextColorSetStretchBltModeSetROP2SetPixelSetEnhMetaFileBitsSetDIBColorTableSetBrushOrgExSetBkModeSetBkColorSelectPaletteSelectObjectSaveDCRestoreDCRectangleRectVisibleRealizePalettePolylinePlayEnhMetaFilePatBltMoveToExMaskBltLineToIntersectClipRectGetWindowOrgExGetWinMetaFileBitsGetTextMetricsAGetTextExtentPointAGetTextExtentPoint32AGetSystemPaletteEntriesGetStockObjectGetPixelGetPaletteEntriesGetObjectAGetEnhMetaFilePaletteEntriesGetEnhMetaFileHeaderGetEnhMetaFileBitsGetDeviceCapsGetDIBitsGetDIBColorTableGetDCOrgExGetCurrentPositionExGetClipBoxGetBrushOrgExGetBitmapBitsExcludeClipRectDeleteObjectDeleteEnhMetaFileDeleteDCCreateSolidBrushCreatePenIndirectCreatePaletteCreateHalftonePaletteCreateFontIndirectACreateDIBitmapCreateDIBSectionCreateCompatibleDCCreateCompatibleBitmapCreateBrushIndirectCreateBitmapCopyEnhMetaFileABitBltCreateWindowExAmouse_eventkeybd_eventWindowFromPointWinHelpAWaitMessageVkKeyScanAUpdateWindowUnregisterClassAUnhookWindowsHookExTranslateMessageTranslateMDISysAccelTrackPopupMenuSystemParametersInfoAShowWindowShowScrollBarShowOwnedPopupsShowCursorSetWindowsHookExASetWindowPosSetWindowPlacementSetWindowLongASetTimerSetThreadDesktopSetScrollRangeSetScrollPosSetScrollInfoSetRectSetPropASetParentSetMenuItemInfoASetMenuSetForegroundWindowSetFocusSetCursorPosSetCursorSetClipboardDataSetClassLongASetCaptureSetActiveWindowSendMessageAScrollWindowScreenToClientRemovePropARemoveMenuReleaseDCReleaseCaptureRegisterWindowMessageARegisterClipboardFormatARegisterClassARedrawWindowPtInRectPostQuitMessagePostMessageAPeekMessageAOpenInputDesktopOpenDesktopAOpenClipboardOffsetRectOemToCharAMsgWaitForMultipleObjectsMessageBoxAMessageBeepMapWindowPointsMapVirtualKeyALoadStringALoadKeyboardLayoutALoadIconALoadCursorALoadBitmapAKillTimerIsZoomedIsWindowVisibleIsWindowEnabledIsWindowIsRectEmptyIsIconicIsDialogMessageAIsClipboardFormatAvailableIsChildInvalidateRectIntersectRectInsertMenuItemAInsertMenuAInflateRectGetWindowThreadProcessIdGetWindowTextAGetWindowRectGetWindowPlacementGetWindowLongAGetWindowDCGetUserObjectInformationAGetTopWindowGetSystemMetricsGetSystemMenuGetSysColorBrushGetSysColorGetSubMenuGetScrollRangeGetScrollPosGetScrollInfoGetPropAGetParentGetWindowGetMenuStringAGetMenuStateGetMenuItemInfoAGetMenuItemIDGetMenuItemCountGetMenuGetLastActivePopupGetKeyboardStateGetKeyboardLayoutListGetKeyboardLayoutGetKeyStateGetKeyNameTextAGetIconInfoGetForegroundWindowGetFocusGetDesktopWindowGetDCExGetDCGetCursorPosGetCursorGetClipboardDataGetClientRectGetClassNameAGetClassInfoAGetCaptureGetActiveWindowFrameRectFindWindowAFillRectExitWindowsExEqualRectEnumWindowsEnumThreadWindowsEnumClipboardFormatsEndPaintEnableWindowEnableScrollBarEnableMenuItemEmptyClipboardDrawTextADrawMenuBarDrawIconExDrawIconDrawFrameControlDrawEdgeDispatchMessageADestroyWindowDestroyMenuDestroyIconDestroyCursorDeleteMenuDefWindowProcADefMDIChildProcADefFrameProcACreatePopupMenuCreateMenuCreateIconCloseDesktopCloseClipboardClientToScreenCheckMenuItemCallWindowProcACallNextHookExBeginPaintCharNextACharLowerBuffACharLowerACharUpperBuffACharToOemAAdjustWindowRectExActivateKeyboardLayoutSleepSafeArrayPtrOfIndexSafeArrayGetUBoundSafeArrayGetLBoundSafeArrayCreateVariantChangeTypeVariantCopyVariantClearVariantInitImageList_SetIconSizeImageList_GetIconSizeImageList_WriteImageList_ReadImageList_GetDragImageImageList_DragShowNolockImageList_SetDragCursorImageImageList_DragMoveImageList_DragLeaveImageList_DragEnterImageList_EndDragImageList_BeginDragImageList_RemoveImageList_DrawExImageList_DrawImageList_GetBkColorImageList_SetBkColorImageList_ReplaceIconImageList_AddImageList_GetImageCountImageList_DestroyImageList_CreateShell_NotifyIconAShellExecuteAInternetReadFileInternetOpenUrlAInternetOpenAInternetCloseHandleHttpQueryInfoAStartServiceAStartServiceCtrlDispatcherASetServiceStatusRegisterServiceCtrlHandlerAQueryServiceStatusQueryServiceConfigAOpenServiceAOpenSCManagerAGetServiceKeyNameAEnumServicesStatusADeleteServiceCreateServiceAControlServiceCloseServiceHandleChangeServiceConfigAWSACleanupWSAStartupWSAGetLastErrorWSACancelAsyncRequestWSAAsyncGetServByNameWSAAsyncGetHostByNameWSAAsyncSelectgethostnamegetservbynamegethostbynamesocketsetsockoptsendtosendselectrecvfromrecvntohslistenioctlsocketinet_ntoainet_addrhtonsgetsockoptgetsocknamegetpeernameconnectclosesocketbindacceptCheckSumMappedFilewaveOutWritewaveOutUnprepareHeaderwaveOutResetwaveOutPrepareHeaderwaveOutOpenwaveOutGetPositionwaveOutGetErrorTextAwaveOutGetDevCapsWwaveOutGetDevCapsAwaveOutClosewaveInUnprepareHeaderwaveInStopwaveInStartwaveInResetwaveInPrepareHeaderwaveInOpenwaveInGetPositionwaveInGetErrorTextAwaveInGetDevCapsWwaveInGetDevCapsAwaveInClosewaveInAddBufferSendDriverMessageOpenDriverCloseDrivercapCreateCaptureWindowAcapGetDriverDescriptionAacmFormatChooseAacmFormatEnumAacmFormatTagEnumAacmDriverDetailsWacmDriverDetailsAacmDriverMessageacmDriverCloseacmDriverOpenacmDriverEnumacmMetricsacmGetVersionWSAIoctlgethostnamegethostbynameinet_ntoaSetSecurityInfoGetSecurityInfoSetEntriesInAclAcapGetDriverDescriptionA
KERNEL32.DLL
KERNEL32.DLL
ADVAPI32.DLL
ADVAPI32.DLL
OLEAUT32.DLL
OLEAUT32.DLL
MPR.DLL
MPR.DLL
VERSION.DLL
VERSION.DLL
GDI32.DLL
GDI32.DLL
COMCTL32.DLL
COMCTL32.DLL
SHELL32.DLL
SHELL32.DLL
WININET.DLL
WININET.DLL
WSOCK32.DLL
WSOCK32.DLL
IMAGEHLP.DLL
IMAGEHLP.DLL
WINMM.DLL
WINMM.DLL
AVICAP32.DLL
AVICAP32.DLL
MSACM32.DLL
MSACM32.DLL
\O%s?
\O%s?
H?.Sr
H?.Sr
_>.WM
_>.WM
g%uX>
g%uX>
.WZ9?
.WZ9?
6U.nWp
6U.nWp
f%s1|
f%s1|
v'.wN
v'.wN
U%8XU
U%8XU
%XGmX
%XGmX
.Bh[#
.Bh[#
4%s@J
4%s@J
ñdI
ñdI
V.nKPR
V.nKPR
W.tKTn
W.tKTn
.LN@iP
.LN@iP
.uQo4RK
.uQo4RK
port
port
remotePort
remotePort
Socket is not connected..Cannot send or receive after socket is closed.#Too many references, cannot splice.
Socket is not connected..Cannot send or receive after socket is closed.#Too many references, cannot splice.
Invalid stream operation
Invalid stream operation
Protocol not supported.
Protocol not supported.
Socket type not supported."Operation not supported on socket.
Socket type not supported."Operation not supported on socket.
Protocol family not supported.0Address family not supported by protocol family.
Protocol family not supported.0Address family not supported by protocol family.
%s is not a valid service.
%s is not a valid service.
Socket Error # %d
Socket Error # %d
Operation would block.
Operation would block.
Operation now in progress.
Operation now in progress.
Operation already in progress.
Operation already in progress.
Socket operation on non-socket.
Socket operation on non-socket.
No help keyword specified. Module doesn't support streaming
No help keyword specified. Module doesn't support streaming
Invalid Windows Image#Index exceeds data dictionary count/Unsupported non-integer language ID in resource
Invalid Windows Image#Index exceeds data dictionary count/Unsupported non-integer language ID in resource
Set Size Exceeded.*Error on call Winsock2 library function %s&Error on loading Winsock2 library (%s)
Set Size Exceeded.*Error on call Winsock2 library function %s&Error on loading Winsock2 library (%s)
Resolving hostname %s.
Resolving hostname %s.
Connecting to %s.
Connecting to %s.
No help found for %s#No context-sensitive help installed$No topic-based help system installed
No help found for %s#No context-sensitive help installed$No topic-based help system installed
Invalid clipboard format Clipboard does not support Icons
Invalid clipboard format Clipboard does not support Icons
Cannot open clipboard/Menu '%s' is already being used by another form
Cannot open clipboard/Menu '%s' is already being used by another form
Unsupported clipboard format
Unsupported clipboard format
Error creating window class Cannot focus a disabled or invisible window!Control '%s' has no parent window
Error creating window class Cannot focus a disabled or invisible window!Control '%s' has no parent window
Thread creation error: %s
Thread creation error: %s
Thread Error: %s (%d)*Windows socket error: %s (%d), on API '%s'
Thread Error: %s (%d)*Windows socket error: %s (%d), on API '%s'
Asynchronous socket error %d
Asynchronous socket error %d
%s error %d, %s
%s error %d, %s
List capacity out of bounds (%d)
List capacity out of bounds (%d)
List count out of bounds (%d)
List count out of bounds (%d)
List index out of bounds (%d) Out of memory while expanding memory stream
List index out of bounds (%d) Out of memory while expanding memory stream
Error reading %s%s%s: %s
Error reading %s%s%s: %s
Failed to create key %s
Failed to create key %s
Failed to get data for '%s'
Failed to get data for '%s'
Failed to set data for '%s'
Failed to set data for '%s'
Resource %s not found
Resource %s not found
%s.Seek not implemented$Operation not allowed on sorted list$%s not in a class registration group
%s.Seek not implemented$Operation not allowed on sorted list$%s not in a class registration group
Property %s does not exist
Property %s does not exist
Cannot assign a %s to a %s
Cannot assign a %s to a %s
Bits index out of range*Can't write to a read-only resource streamECheckSynchronize called from thread $%x, which is NOT the main thread
Bits index out of range*Can't write to a read-only resource streamECheckSynchronize called from thread $%x, which is NOT the main thread
Class %s not found
Class %s not found
A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates
A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates
Cannot create file "%s". %s
Cannot create file "%s". %s
Cannot open file "%s". %s
Cannot open file "%s". %s
Invalid stream format$''%s'' is not a valid component name
Invalid stream format$''%s'' is not a valid component name
Invalid data type for '%s'
Invalid data type for '%s'
Ancestor for '%s' not found
Ancestor for '%s' not found
Interface not supported
Interface not supported
%s (%s, line %d)
%s (%s, line %d)
Abstract Error?Access violation at address %p in module '%s'. %s of address %p
Abstract Error?Access violation at address %p in module '%s'. %s of address %p
System Error. Code: %d.
System Error. Code: %d.
Invalid variant operation%Invalid variant operation (%s%.8x)
Invalid variant operation%Invalid variant operation (%s%.8x)
%s5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)
%s5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)
Operation not supported
Operation not supported
External exception %x
External exception %x
Invalid pointer operation
Invalid pointer operation
Invalid class typecast0Access violation at address %p. %s of address %p
Invalid class typecast0Access violation at address %p. %s of address %p
Operation aborted(Exception %s in module %s at %p.
Operation aborted(Exception %s in module %s at %p.
Application Error1Format '%s' invalid or incompatible with argument
Application Error1Format '%s' invalid or incompatible with argument
No argument for format '%s'"Variant method calls not supported
No argument for format '%s'"Variant method calls not supported
!'%s' is not a valid integer value
!'%s' is not a valid integer value
I/O error %d
I/O error %d
Integer overflow Invalid floating point operation
Integer overflow Invalid floating point operation
IEXPLORE.EXE_380_rwx_00400000_00001000:
`.reloc
`.reloc
IEXPLORE.EXE_380_rwx_0048C000_00061000:
3; #>6.&
3; #>6.&
', 2/ 07&!4-)1#
', 2/ 07&!4-)1#
deflate 1.0.4 Copyright 1995-1996 Jean-loup Gailly
deflate 1.0.4 Copyright 1995-1996 Jean-loup Gailly
1.0.4
1.0.4
)%%%$$&&$%&)
)%%%$$&&$%&)
)%%%$$&&$''&&
)%%%$$&&$''&&
38000=344
38000=344
>>^%FVl
>>^%FVl
KWindows
KWindows
.ScktComp
.ScktComp
UrlMon
UrlMon
IdStackWindows
IdStackWindows
IdTCPConnection
IdTCPConnection
IdTCPStream
IdTCPStream
IdTCPClient
IdTCPClient
IMYNMUDP
IMYNMUDP
HttpProxy
HttpProxy
\RUNExeMemUnit
\RUNExeMemUnit
Font.Charset
Font.Charset
Font.Color
Font.Color
Font.Height
Font.Height
Font.Name
Font.Name
Font.Style
Font.Style
Icon.Data
Icon.Data
HttpSocket
HttpSocket
Port
Port
HttpSocketConnect
HttpSocketConnect
HttpSocketDisconnect
HttpSocketDisconnect
HttpSocketRead
HttpSocketRead
HttpSocketError
HttpSocketError
DeleteCriticalSectionLeaveCriticalSectionEnterCriticalSectionInitializeCriticalSectionVirtualFreeVirtualAllocLocalFreeLocalAllocGetTickCountQueryPerformanceCounterGetVersionGetCurrentThreadIdInterlockedDecrementInterlockedIncrementVirtualQueryWideCharToMultiByteSetCurrentDirectoryAMultiByteToWideCharlstrlenAlstrcpynALoadLibraryExAGetThreadLocaleGetStartupInfoAGetProcAddressGetModuleHandleAGetModuleFileNameAGetLocaleInfoAGetLastErrorGetCurrentDirectoryAGetCommandLineAFreeLibraryFindFirstFileAFindCloseExitProcessExitThreadCreateThreadWriteFileUnhandledExceptionFilterSetFilePointerSetEndOfFileRtlUnwindReadFileRaiseExceptionGetStdHandleGetFileSizeGetFileTypeCreateFileACloseHandleGetKeyboardTypeLoadStringAMessageBoxACharNextARegQueryValueExARegOpenKeyExARegCloseKeySysFreeStringSysReAllocStringLenSysAllocStringLenTlsSetValueTlsGetValueLocalAllocGetModuleHandleARegSetValueExARegQueryValueExARegQueryInfoKeyARegOpenKeyExARegFlushKeyRegEnumValueARegEnumKeyExARegDeleteValueARegDeleteKeyARegCreateKeyExARegCloseKeyOpenProcessTokenLookupPrivilegeValueAAdjustTokenPrivilegeslstrcpyWlstrcpyAlstrcmpiAWriteProcessMemoryWriteFileWinExecWideCharToMultiByteWaitForSingleObjectVirtualQueryExVirtualQueryVirtualProtectExVirtualAllocExVirtualAllocUnmapViewOfFileTerminateProcessSuspendThreadSleepSizeofResourceSetThreadPrioritySetThreadLocaleSetThreadContextSetPriorityClassSetNamedPipeHandleStateSetFilePointerSetFileAttributesASetEventSetErrorModeSetEndOfFileResumeThreadResetEventRemoveDirectoryAReadProcessMemoryReadFileQueryPerformanceFrequencyQueryPerformanceCounterPeekNamedPipeOutputDebugStringAOpenProcessMulDivMoveFileAMapViewOfFileLockResourceLocalFreeLoadResourceLoadLibraryALeaveCriticalSectionInitializeCriticalSectionGlobalUnlockGlobalReAllocGlobalMemoryStatusGlobalHandleGlobalLockGlobalFreeGlobalFindAtomAGlobalDeleteAtomGlobalAllocGlobalAddAtomAGetWindowsDirectoryAGetVersionExWGetVersionExAGetVersionGetTimeFormatAGetTickCountGetThreadPriorityGetThreadLocaleGetThreadContextGetTempPathAGetSystemTimeGetSystemInfoGetStringTypeExAGetStdHandleGetStartupInfoAGetProcAddressGetPriorityClassGetOverlappedResultGetModuleHandleAGetModuleFileNameAGetLocaleInfoAGetLocalTimeGetLastErrorGetFullPathNameAGetFileSizeGetFileAttributesExAGetFileAttributesAGetExitCodeThreadGetExitCodeProcessGetDriveTypeAGetDiskFreeSpaceAGetDateFormatAGetCurrentThreadIdGetCurrentThreadGetCurrentProcessIdGetCurrentProcessGetComputerNameAGetCommandLineAGetCPInfoGetACPFreeResourceInterlockedIncrementInterlockedExchangeInterlockedDecrementFreeLibraryFormatMessageAFindResourceAFindNextFileAFindFirstFileAFindCloseFileTimeToSystemTimeFileTimeToLocalFileTimeFileTimeToDosDateTimeExpandEnvironmentStringsAExitProcessEnumCalendarInfoAEnterCriticalSectionDeleteFileADeleteCriticalSectionCreateThreadCreateProcessACreatePipeCreateMutexACreateFileACreateEventACreateDirectoryACopyFileACompareStringACloseHandleWNetOpenEnumAWNetGetUserAWNetEnumResourceAWNetCloseEnumVerQueryValueAGetFileVersionInfoSizeAGetFileVersionInfoAUnrealizeObjectStretchBltSetWindowOrgExSetWinMetaFileBitsSetViewportOrgExSetTextColorSetStretchBltModeSetROP2SetPixelSetEnhMetaFileBitsSetDIBColorTableSetBrushOrgExSetBkModeSetBkColorSelectPaletteSelectObjectSaveDCRestoreDCRectangleRectVisibleRealizePalettePolylinePlayEnhMetaFilePatBltMoveToExMaskBltLineToIntersectClipRectGetWindowOrgExGetWinMetaFileBitsGetTextMetricsAGetTextExtentPointAGetTextExtentPoint32AGetSystemPaletteEntriesGetStockObjectGetPixelGetPaletteEntriesGetObjectAGetEnhMetaFilePaletteEntriesGetEnhMetaFileHeaderGetEnhMetaFileBitsGetDeviceCapsGetDIBitsGetDIBColorTableGetDCOrgExGetCurrentPositionExGetClipBoxGetBrushOrgExGetBitmapBitsExcludeClipRectDeleteObjectDeleteEnhMetaFileDeleteDCCreateSolidBrushCreatePenIndirectCreatePaletteCreateHalftonePaletteCreateFontIndirectACreateDIBitmapCreateDIBSectionCreateCompatibleDCCreateCompatibleBitmapCreateBrushIndirectCreateBitmapCopyEnhMetaFileABitBltCreateWindowExAmouse_eventkeybd_eventWindowFromPointWinHelpAWaitMessageVkKeyScanAUpdateWindowUnregisterClassAUnhookWindowsHookExTranslateMessageTranslateMDISysAccelTrackPopupMenuSystemParametersInfoAShowWindowShowScrollBarShowOwnedPopupsShowCursorSetWindowsHookExASetWindowPosSetWindowPlacementSetWindowLongASetTimerSetThreadDesktopSetScrollRangeSetScrollPosSetScrollInfoSetRectSetPropASetParentSetMenuItemInfoASetMenuSetForegroundWindowSetFocusSetCursorPosSetCursorSetClipboardDataSetClassLongASetCaptureSetActiveWindowSendMessageAScrollWindowScreenToClientRemovePropARemoveMenuReleaseDCReleaseCaptureRegisterWindowMessageARegisterClipboardFormatARegisterClassARedrawWindowPtInRectPostQuitMessagePostMessageAPeekMessageAOpenInputDesktopOpenDesktopAOpenClipboardOffsetRectOemToCharAMsgWaitForMultipleObjectsMessageBoxAMessageBeepMapWindowPointsMapVirtualKeyALoadStringALoadKeyboardLayoutALoadIconALoadCursorALoadBitmapAKillTimerIsZoomedIsWindowVisibleIsWindowEnabledIsWindowIsRectEmptyIsIconicIsDialogMessageAIsClipboardFormatAvailableIsChildInvalidateRectIntersectRectInsertMenuItemAInsertMenuAInflateRectGetWindowThreadProcessIdGetWindowTextAGetWindowRectGetWindowPlacementGetWindowLongAGetWindowDCGetUserObjectInformationAGetTopWindowGetSystemMetricsGetSystemMenuGetSysColorBrushGetSysColorGetSubMenuGetScrollRangeGetScrollPosGetScrollInfoGetPropAGetParentGetWindowGetMenuStringAGetMenuStateGetMenuItemInfoAGetMenuItemIDGetMenuItemCountGetMenuGetLastActivePopupGetKeyboardStateGetKeyboardLayoutListGetKeyboardLayoutGetKeyStateGetKeyNameTextAGetIconInfoGetForegroundWindowGetFocusGetDesktopWindowGetDCExGetDCGetCursorPosGetCursorGetClipboardDataGetClientRectGetClassNameAGetClassInfoAGetCaptureGetActiveWindowFrameRectFindWindowAFillRectExitWindowsExEqualRectEnumWindowsEnumThreadWindowsEnumClipboardFormatsEndPaintEnableWindowEnableScrollBarEnableMenuItemEmptyClipboardDrawTextADrawMenuBarDrawIconExDrawIconDrawFrameControlDrawEdgeDispatchMessageADestroyWindowDestroyMenuDestroyIconDestroyCursorDeleteMenuDefWindowProcADefMDIChildProcADefFrameProcACreatePopupMenuCreateMenuCreateIconCloseDesktopCloseClipboardClientToScreenCheckMenuItemCallWindowProcACallNextHookExBeginPaintCharNextACharLowerBuffACharLowerACharUpperBuffACharToOemAAdjustWindowRectExActivateKeyboardLayoutSleepSafeArrayPtrOfIndexSafeArrayGetUBoundSafeArrayGetLBoundSafeArrayCreateVariantChangeTypeVariantCopyVariantClearVariantInitImageList_SetIconSizeImageList_GetIconSizeImageList_WriteImageList_ReadImageList_GetDragImageImageList_DragShowNolockImageList_SetDragCursorImageImageList_DragMoveImageList_DragLeaveImageList_DragEnterImageList_EndDragImageList_BeginDragImageList_RemoveImageList_DrawExImageList_DrawImageList_GetBkColorImageList_SetBkColorImageList_ReplaceIconImageList_AddImageList_GetImageCountImageList_DestroyImageList_CreateShell_NotifyIconAShellExecuteAInternetReadFileInternetOpenUrlAInternetOpenAInternetCloseHandleHttpQueryInfoAStartServiceAStartServiceCtrlDispatcherASetServiceStatusRegisterServiceCtrlHandlerAQueryServiceStatusQueryServiceConfigAOpenServiceAOpenSCManagerAGetServiceKeyNameAEnumServicesStatusADeleteServiceCreateServiceAControlServiceCloseServiceHandleChangeServiceConfigAWSACleanupWSAStartupWSAGetLastErrorWSACancelAsyncRequestWSAAsyncGetServByNameWSAAsyncGetHostByNameWSAAsyncSelectgethostnamegetservbynamegethostbynamesocketsetsockoptsendtosendselectrecvfromrecvntohslistenioctlsocketinet_ntoainet_addrhtonsgetsockoptgetsocknamegetpeernameconnectclosesocketbindacceptCheckSumMappedFilewaveOutWritewaveOutUnprepareHeaderwaveOutResetwaveOutPrepareHeaderwaveOutOpenwaveOutGetPositionwaveOutGetErrorTextAwaveOutGetDevCapsWwaveOutGetDevCapsAwaveOutClosewaveInUnprepareHeaderwaveInStopwaveInStartwaveInResetwaveInPrepareHeaderwaveInOpenwaveInGetPositionwaveInGetErrorTextAwaveInGetDevCapsWwaveInGetDevCapsAwaveInClosewaveInAddBufferSendDriverMessageOpenDriverCloseDrivercapCreateCaptureWindowAcapGetDriverDescriptionAacmFormatChooseAacmFormatEnumAacmFormatTagEnumAacmDriverDetailsWacmDriverDetailsAacmDriverMessageacmDriverCloseacmDriverOpenacmDriverEnumacmMetricsacmGetVersionWSAIoctlgethostnamegethostbynameinet_ntoaSetSecurityInfoGetSecurityInfoSetEntriesInAclAcapGetDriverDescriptionA
DeleteCriticalSectionLeaveCriticalSectionEnterCriticalSectionInitializeCriticalSectionVirtualFreeVirtualAllocLocalFreeLocalAllocGetTickCountQueryPerformanceCounterGetVersionGetCurrentThreadIdInterlockedDecrementInterlockedIncrementVirtualQueryWideCharToMultiByteSetCurrentDirectoryAMultiByteToWideCharlstrlenAlstrcpynALoadLibraryExAGetThreadLocaleGetStartupInfoAGetProcAddressGetModuleHandleAGetModuleFileNameAGetLocaleInfoAGetLastErrorGetCurrentDirectoryAGetCommandLineAFreeLibraryFindFirstFileAFindCloseExitProcessExitThreadCreateThreadWriteFileUnhandledExceptionFilterSetFilePointerSetEndOfFileRtlUnwindReadFileRaiseExceptionGetStdHandleGetFileSizeGetFileTypeCreateFileACloseHandleGetKeyboardTypeLoadStringAMessageBoxACharNextARegQueryValueExARegOpenKeyExARegCloseKeySysFreeStringSysReAllocStringLenSysAllocStringLenTlsSetValueTlsGetValueLocalAllocGetModuleHandleARegSetValueExARegQueryValueExARegQueryInfoKeyARegOpenKeyExARegFlushKeyRegEnumValueARegEnumKeyExARegDeleteValueARegDeleteKeyARegCreateKeyExARegCloseKeyOpenProcessTokenLookupPrivilegeValueAAdjustTokenPrivilegeslstrcpyWlstrcpyAlstrcmpiAWriteProcessMemoryWriteFileWinExecWideCharToMultiByteWaitForSingleObjectVirtualQueryExVirtualQueryVirtualProtectExVirtualAllocExVirtualAllocUnmapViewOfFileTerminateProcessSuspendThreadSleepSizeofResourceSetThreadPrioritySetThreadLocaleSetThreadContextSetPriorityClassSetNamedPipeHandleStateSetFilePointerSetFileAttributesASetEventSetErrorModeSetEndOfFileResumeThreadResetEventRemoveDirectoryAReadProcessMemoryReadFileQueryPerformanceFrequencyQueryPerformanceCounterPeekNamedPipeOutputDebugStringAOpenProcessMulDivMoveFileAMapViewOfFileLockResourceLocalFreeLoadResourceLoadLibraryALeaveCriticalSectionInitializeCriticalSectionGlobalUnlockGlobalReAllocGlobalMemoryStatusGlobalHandleGlobalLockGlobalFreeGlobalFindAtomAGlobalDeleteAtomGlobalAllocGlobalAddAtomAGetWindowsDirectoryAGetVersionExWGetVersionExAGetVersionGetTimeFormatAGetTickCountGetThreadPriorityGetThreadLocaleGetThreadContextGetTempPathAGetSystemTimeGetSystemInfoGetStringTypeExAGetStdHandleGetStartupInfoAGetProcAddressGetPriorityClassGetOverlappedResultGetModuleHandleAGetModuleFileNameAGetLocaleInfoAGetLocalTimeGetLastErrorGetFullPathNameAGetFileSizeGetFileAttributesExAGetFileAttributesAGetExitCodeThreadGetExitCodeProcessGetDriveTypeAGetDiskFreeSpaceAGetDateFormatAGetCurrentThreadIdGetCurrentThreadGetCurrentProcessIdGetCurrentProcessGetComputerNameAGetCommandLineAGetCPInfoGetACPFreeResourceInterlockedIncrementInterlockedExchangeInterlockedDecrementFreeLibraryFormatMessageAFindResourceAFindNextFileAFindFirstFileAFindCloseFileTimeToSystemTimeFileTimeToLocalFileTimeFileTimeToDosDateTimeExpandEnvironmentStringsAExitProcessEnumCalendarInfoAEnterCriticalSectionDeleteFileADeleteCriticalSectionCreateThreadCreateProcessACreatePipeCreateMutexACreateFileACreateEventACreateDirectoryACopyFileACompareStringACloseHandleWNetOpenEnumAWNetGetUserAWNetEnumResourceAWNetCloseEnumVerQueryValueAGetFileVersionInfoSizeAGetFileVersionInfoAUnrealizeObjectStretchBltSetWindowOrgExSetWinMetaFileBitsSetViewportOrgExSetTextColorSetStretchBltModeSetROP2SetPixelSetEnhMetaFileBitsSetDIBColorTableSetBrushOrgExSetBkModeSetBkColorSelectPaletteSelectObjectSaveDCRestoreDCRectangleRectVisibleRealizePalettePolylinePlayEnhMetaFilePatBltMoveToExMaskBltLineToIntersectClipRectGetWindowOrgExGetWinMetaFileBitsGetTextMetricsAGetTextExtentPointAGetTextExtentPoint32AGetSystemPaletteEntriesGetStockObjectGetPixelGetPaletteEntriesGetObjectAGetEnhMetaFilePaletteEntriesGetEnhMetaFileHeaderGetEnhMetaFileBitsGetDeviceCapsGetDIBitsGetDIBColorTableGetDCOrgExGetCurrentPositionExGetClipBoxGetBrushOrgExGetBitmapBitsExcludeClipRectDeleteObjectDeleteEnhMetaFileDeleteDCCreateSolidBrushCreatePenIndirectCreatePaletteCreateHalftonePaletteCreateFontIndirectACreateDIBitmapCreateDIBSectionCreateCompatibleDCCreateCompatibleBitmapCreateBrushIndirectCreateBitmapCopyEnhMetaFileABitBltCreateWindowExAmouse_eventkeybd_eventWindowFromPointWinHelpAWaitMessageVkKeyScanAUpdateWindowUnregisterClassAUnhookWindowsHookExTranslateMessageTranslateMDISysAccelTrackPopupMenuSystemParametersInfoAShowWindowShowScrollBarShowOwnedPopupsShowCursorSetWindowsHookExASetWindowPosSetWindowPlacementSetWindowLongASetTimerSetThreadDesktopSetScrollRangeSetScrollPosSetScrollInfoSetRectSetPropASetParentSetMenuItemInfoASetMenuSetForegroundWindowSetFocusSetCursorPosSetCursorSetClipboardDataSetClassLongASetCaptureSetActiveWindowSendMessageAScrollWindowScreenToClientRemovePropARemoveMenuReleaseDCReleaseCaptureRegisterWindowMessageARegisterClipboardFormatARegisterClassARedrawWindowPtInRectPostQuitMessagePostMessageAPeekMessageAOpenInputDesktopOpenDesktopAOpenClipboardOffsetRectOemToCharAMsgWaitForMultipleObjectsMessageBoxAMessageBeepMapWindowPointsMapVirtualKeyALoadStringALoadKeyboardLayoutALoadIconALoadCursorALoadBitmapAKillTimerIsZoomedIsWindowVisibleIsWindowEnabledIsWindowIsRectEmptyIsIconicIsDialogMessageAIsClipboardFormatAvailableIsChildInvalidateRectIntersectRectInsertMenuItemAInsertMenuAInflateRectGetWindowThreadProcessIdGetWindowTextAGetWindowRectGetWindowPlacementGetWindowLongAGetWindowDCGetUserObjectInformationAGetTopWindowGetSystemMetricsGetSystemMenuGetSysColorBrushGetSysColorGetSubMenuGetScrollRangeGetScrollPosGetScrollInfoGetPropAGetParentGetWindowGetMenuStringAGetMenuStateGetMenuItemInfoAGetMenuItemIDGetMenuItemCountGetMenuGetLastActivePopupGetKeyboardStateGetKeyboardLayoutListGetKeyboardLayoutGetKeyStateGetKeyNameTextAGetIconInfoGetForegroundWindowGetFocusGetDesktopWindowGetDCExGetDCGetCursorPosGetCursorGetClipboardDataGetClientRectGetClassNameAGetClassInfoAGetCaptureGetActiveWindowFrameRectFindWindowAFillRectExitWindowsExEqualRectEnumWindowsEnumThreadWindowsEnumClipboardFormatsEndPaintEnableWindowEnableScrollBarEnableMenuItemEmptyClipboardDrawTextADrawMenuBarDrawIconExDrawIconDrawFrameControlDrawEdgeDispatchMessageADestroyWindowDestroyMenuDestroyIconDestroyCursorDeleteMenuDefWindowProcADefMDIChildProcADefFrameProcACreatePopupMenuCreateMenuCreateIconCloseDesktopCloseClipboardClientToScreenCheckMenuItemCallWindowProcACallNextHookExBeginPaintCharNextACharLowerBuffACharLowerACharUpperBuffACharToOemAAdjustWindowRectExActivateKeyboardLayoutSleepSafeArrayPtrOfIndexSafeArrayGetUBoundSafeArrayGetLBoundSafeArrayCreateVariantChangeTypeVariantCopyVariantClearVariantInitImageList_SetIconSizeImageList_GetIconSizeImageList_WriteImageList_ReadImageList_GetDragImageImageList_DragShowNolockImageList_SetDragCursorImageImageList_DragMoveImageList_DragLeaveImageList_DragEnterImageList_EndDragImageList_BeginDragImageList_RemoveImageList_DrawExImageList_DrawImageList_GetBkColorImageList_SetBkColorImageList_ReplaceIconImageList_AddImageList_GetImageCountImageList_DestroyImageList_CreateShell_NotifyIconAShellExecuteAInternetReadFileInternetOpenUrlAInternetOpenAInternetCloseHandleHttpQueryInfoAStartServiceAStartServiceCtrlDispatcherASetServiceStatusRegisterServiceCtrlHandlerAQueryServiceStatusQueryServiceConfigAOpenServiceAOpenSCManagerAGetServiceKeyNameAEnumServicesStatusADeleteServiceCreateServiceAControlServiceCloseServiceHandleChangeServiceConfigAWSACleanupWSAStartupWSAGetLastErrorWSACancelAsyncRequestWSAAsyncGetServByNameWSAAsyncGetHostByNameWSAAsyncSelectgethostnamegetservbynamegethostbynamesocketsetsockoptsendtosendselectrecvfromrecvntohslistenioctlsocketinet_ntoainet_addrhtonsgetsockoptgetsocknamegetpeernameconnectclosesocketbindacceptCheckSumMappedFilewaveOutWritewaveOutUnprepareHeaderwaveOutResetwaveOutPrepareHeaderwaveOutOpenwaveOutGetPositionwaveOutGetErrorTextAwaveOutGetDevCapsWwaveOutGetDevCapsAwaveOutClosewaveInUnprepareHeaderwaveInStopwaveInStartwaveInResetwaveInPrepareHeaderwaveInOpenwaveInGetPositionwaveInGetErrorTextAwaveInGetDevCapsWwaveInGetDevCapsAwaveInClosewaveInAddBufferSendDriverMessageOpenDriverCloseDrivercapCreateCaptureWindowAcapGetDriverDescriptionAacmFormatChooseAacmFormatEnumAacmFormatTagEnumAacmDriverDetailsWacmDriverDetailsAacmDriverMessageacmDriverCloseacmDriverOpenacmDriverEnumacmMetricsacmGetVersionWSAIoctlgethostnamegethostbynameinet_ntoaSetSecurityInfoGetSecurityInfoSetEntriesInAclAcapGetDriverDescriptionA
KERNEL32.DLL
KERNEL32.DLL
USER32.DLL
USER32.DLL
ADVAPI32.DLL
ADVAPI32.DLL
OLEAUT32.DLL
OLEAUT32.DLL
MPR.DLL
MPR.DLL
VERSION.DLL
VERSION.DLL
GDI32.DLL
GDI32.DLL
COMCTL32.DLL
COMCTL32.DLL
SHELL32.DLL
SHELL32.DLL
WININET.DLL
WININET.DLL
WSOCK32.DLL
WSOCK32.DLL
IMAGEHLP.DLL
IMAGEHLP.DLL
WINMM.DLL
WINMM.DLL
AVICAP32.DLL
AVICAP32.DLL
MSACM32.DLL
MSACM32.DLL
WS2_32.DLL
WS2_32.DLL
\O%s?
\O%s?
H?.Sr
H?.Sr
_>.WM
_>.WM
g%uX>
g%uX>
.WZ9?
.WZ9?
6U.nWp
6U.nWp
f%s1|
f%s1|
v'.wN
v'.wN
U%8XU
U%8XU
%XGmX
%XGmX
.Bh[#
.Bh[#
4%s@J
4%s@J
ñdI
ñdI
V.nKPR
V.nKPR
W.tKTn
W.tKTn
.LN@iP
.LN@iP
.uQo4RK
.uQo4RK
Socket is not connected..Cannot send or receive after socket is closed.#Too many references, cannot splice.
Socket is not connected..Cannot send or receive after socket is closed.#Too many references, cannot splice.
Invalid stream operation
Invalid stream operation
Protocol not supported.
Protocol not supported.
Socket type not supported."Operation not supported on socket.
Socket type not supported."Operation not supported on socket.
Protocol family not supported.0Address family not supported by protocol family.
Protocol family not supported.0Address family not supported by protocol family.
%s is not a valid service.
%s is not a valid service.
Socket Error # %d
Socket Error # %d
Operation would block.
Operation would block.
Operation now in progress.
Operation now in progress.
Operation already in progress.
Operation already in progress.
Socket operation on non-socket.
Socket operation on non-socket.
No help keyword specified. Module doesn't support streaming
No help keyword specified. Module doesn't support streaming
Invalid Windows Image#Index exceeds data dictionary count/Unsupported non-integer language ID in resource
Invalid Windows Image#Index exceeds data dictionary count/Unsupported non-integer language ID in resource
Set Size Exceeded.*Error on call Winsock2 library function %s&Error on loading Winsock2 library (%s)
Set Size Exceeded.*Error on call Winsock2 library function %s&Error on loading Winsock2 library (%s)
Resolving hostname %s.
Resolving hostname %s.
Connecting to %s.
Connecting to %s.
No help found for %s#No context-sensitive help installed$No topic-based help system installed
No help found for %s#No context-sensitive help installed$No topic-based help system installed
Invalid clipboard format Clipboard does not support Icons
Invalid clipboard format Clipboard does not support Icons
Cannot open clipboard/Menu '%s' is already being used by another form
Cannot open clipboard/Menu '%s' is already being used by another form
Unsupported clipboard format
Unsupported clipboard format
Error creating window class Cannot focus a disabled or invisible window!Control '%s' has no parent window
Error creating window class Cannot focus a disabled or invisible window!Control '%s' has no parent window
Thread creation error: %s
Thread creation error: %s
Thread Error: %s (%d)*Windows socket error: %s (%d), on API '%s'
Thread Error: %s (%d)*Windows socket error: %s (%d), on API '%s'
Asynchronous socket error %d
Asynchronous socket error %d
%s error %d, %s
%s error %d, %s
List capacity out of bounds (%d)
List capacity out of bounds (%d)
List count out of bounds (%d)
List count out of bounds (%d)
List index out of bounds (%d) Out of memory while expanding memory stream
List index out of bounds (%d) Out of memory while expanding memory stream
Error reading %s%s%s: %s
Error reading %s%s%s: %s
Failed to create key %s
Failed to create key %s
Failed to get data for '%s'
Failed to get data for '%s'
Failed to set data for '%s'
Failed to set data for '%s'
Resource %s not found
Resource %s not found
%s.Seek not implemented$Operation not allowed on sorted list$%s not in a class registration group
%s.Seek not implemented$Operation not allowed on sorted list$%s not in a class registration group
Property %s does not exist
Property %s does not exist
Cannot assign a %s to a %s
Cannot assign a %s to a %s
Bits index out of range*Can't write to a read-only resource streamECheckSynchronize called from thread $%x, which is NOT the main thread
Bits index out of range*Can't write to a read-only resource streamECheckSynchronize called from thread $%x, which is NOT the main thread
Class %s not found
Class %s not found
A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates
A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates
Cannot create file "%s". %s
Cannot create file "%s". %s
Cannot open file "%s". %s
Cannot open file "%s". %s
Invalid stream format$''%s'' is not a valid component name
Invalid stream format$''%s'' is not a valid component name
Invalid data type for '%s'
Invalid data type for '%s'
Ancestor for '%s' not found
Ancestor for '%s' not found
Interface not supported
Interface not supported
%s (%s, line %d)
%s (%s, line %d)
Abstract Error?Access violation at address %p in module '%s'. %s of address %p
Abstract Error?Access violation at address %p in module '%s'. %s of address %p
System Error. Code: %d.
System Error. Code: %d.
Invalid variant operation%Invalid variant operation (%s%.8x)
Invalid variant operation%Invalid variant operation (%s%.8x)
%s5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)
%s5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)
Operation not supported
Operation not supported
External exception %x
External exception %x
Invalid pointer operation
Invalid pointer operation
Invalid class typecast0Access violation at address %p. %s of address %p
Invalid class typecast0Access violation at address %p. %s of address %p
Operation aborted(Exception %s in module %s at %p.
Operation aborted(Exception %s in module %s at %p.
Application Error1Format '%s' invalid or incompatible with argument
Application Error1Format '%s' invalid or incompatible with argument
No argument for format '%s'"Variant method calls not supported
No argument for format '%s'"Variant method calls not supported
!'%s' is not a valid integer value
!'%s' is not a valid integer value
I/O error %d
I/O error %d
Integer overflow Invalid floating point operation
Integer overflow Invalid floating point operation