Gen.Trojan.Heur.RP.8qZamwgOhcb_6ae990d796

Dynamic Analysis

Payload

Behaviour	Description
EmailWorm	Worm can send e-mails.

Process activity

The Trojan creates the following process(es):

heng1.exe:1392
%original file name%.exe:464
2s.exe:1988
Srer:956

The Trojan injects its code into the following process(es):

badboy.exe:140
2.exe:1992
IEXPLORE.EXE:380

Mutexes

The following mutexes were created/opened:No objects were found.

File activity

The process heng1.exe:1392 makes changes in the file system.

The Trojan creates and/or writes to the following file(s):

%WinDir%\Srer (1281 bytes)
%WinDir%\Delete.bat (104 bytes)

The process %original file name%.exe:464 makes changes in the file system.

The Trojan creates and/or writes to the following file(s):

%System%\2s.exe (3778 bytes)
%System%\heng1.exe (258 bytes)

The process badboy.exe:140 makes changes in the file system.

The Trojan creates and/or writes to the following file(s):

%System%\ztdll.dll (35 bytes)
%Program Files%\svhost32.exe (24 bytes)

The process 2s.exe:1988 makes changes in the file system.

The Trojan creates and/or writes to the following file(s):

%System%\2.exe (3732 bytes)
%System%\badboy.exe (24 bytes)

The process 2.exe:1992 makes changes in the file system.

The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\cgi_client_entry[1].htm (879 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\h[1].js (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\E_4\krnln.fnr (5442 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\stat[1].js (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\E_4\HtmlView.fne (229 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\bg_corner[1].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\navigation[1].js (863 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\bg_page[1].png (392 bytes)
%Documents and Settings%\%current user%\UserData\2Z89WTQV\neeao[1].xml (266 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\upfile_2568273_1436523556[1].jpg (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\upfile_1415940_1436968214[1].jpg (7784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\upfile_3165952_1436968159[1].jpg (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\txt_title.ie6[1].png (6 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@qq[1].txt (139 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\html5[1].js (73 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\css[1].css (186 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@neeao[1].txt (175 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\desktop.ini (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\logo_baobeihuijia[1].png (3 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@hm.baidu[1].txt (164 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\data[1].js (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\u-WUoqrET9fUeobQW7jkRfY6323mHUZFJMgTvxaG2iE[1].eot (1386 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\logo_tencentvolunteers[1].png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\h[2].js (20 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\search_children[1].js (295 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\upfile_6284563_1436686486[1].jpg (3656 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\404style[1].css (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\upfile_4270811_1436692558[1].jpg (10747 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (2892 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\page[1].js (12 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\upfile_2835045_1438133394[1].jpg (10286 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\h[1].js (0 bytes)
%Documents and Settings%\%current user%\UserData\2Z89WTQV\www.aaa[1].xml (0 bytes)

Registry activity

The process heng1.exe:1392 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C8 A6 60 47 16 72 BD E1 15 5E 28 AC 65 9F 6E A7"

The process badboy.exe:140 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = "C:\PROGRA~1\svhost32.exe"

The process Srer:956 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "79 22 31 E9 72 9A E1 2A B2 B0 AD 26 AB 25 66 A8"

The process 2.exe:1992 makes changes in the system registry.

The Trojan creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"@xpsp3res.dll,-20001" = "Diagnose Connection Problems..."

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012015082720150828]
"CachePath" = "%USERPROFILE%\Local Settings\History\History.IE5\MSHist012015082720150828\"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1B 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012015082720150828]
"CachePrefix" = ":2015082720150828:"
"CacheLimit" = "8192"
"CacheOptions" = "11"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "5D 24 34 F6 1D 25 8E E2 4E 60 52 81 B0 5A FE 7F"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012015082720150828]
"CacheRepair" = "0"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following registry key(s):

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014031720140318]

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

Dropped PE files

MD5	File path
5119e853bf543fa2ef978d758cfb0819	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\E_4\HtmlView.fne
97c8fe752e354b2945e4c593a87e4a8b	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\E_4\krnln.fnr
20544c1e7168d1121f5a9ebc9276616d	c:\Program Files\svhost32.exe
15c0eeb18c965e25d8446632116d40ac	c:\WINDOWS\system32\2.exe
ff96cc48742e27ab6c140032e841a791	c:\WINDOWS\system32\2s.exe
20544c1e7168d1121f5a9ebc9276616d	c:\WINDOWS\system32\badboy.exe
5027f34108fca1a876ad66c6f8461e11	c:\WINDOWS\system32\ztdll.dll

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

Removals

Remove it with Ad-Aware

1. Click (here) to download and install Ad-Aware Free Antivirus.
2. Update the definition files.
3. Run a full scan of your computer.

Manual removal*

1. Terminate malicious process(es) (How to End a Process With the Task Manager):

   heng1.exe:1392
   %original file name%.exe:464
   2s.exe:1988
   Srer:956
   

2. Delete the original Trojan file.
   
3. Delete or disinfect the following files created/modified by the Trojan:

   %WinDir%\Srer (1281 bytes)
   %WinDir%\Delete.bat (104 bytes)
   %System%\2s.exe (3778 bytes)
   %System%\heng1.exe (258 bytes)
   %System%\ztdll.dll (35 bytes)
   %Program Files%\svhost32.exe (24 bytes)
   %System%\2.exe (3732 bytes)
   %System%\badboy.exe (24 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\cgi_client_entry[1].htm (879 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\h[1].js (7 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\E_4\krnln.fnr (5442 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\stat[1].js (10 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temp\E_4\HtmlView.fne (229 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\desktop.ini (67 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\bg_corner[1].png (2 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\navigation[1].js (863 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\bg_page[1].png (392 bytes)
   %Documents and Settings%\%current user%\UserData\2Z89WTQV\neeao[1].xml (266 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\upfile_2568273_1436523556[1].jpg (392 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\upfile_1415940_1436968214[1].jpg (7784 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\upfile_3165952_1436968159[1].jpg (1928 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\desktop.ini (67 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\txt_title.ie6[1].png (6 bytes)
   %Documents and Settings%\%current user%\Cookies\Current_User@qq[1].txt (139 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\html5[1].js (73 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\css[1].css (186 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
   %Documents and Settings%\%current user%\Cookies\Current_User@neeao[1].txt (175 bytes)
   %Documents and Settings%\%current user%\Local Settings\History\History.IE5\desktop.ini (159 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\logo_baobeihuijia[1].png (3 bytes)
   %Documents and Settings%\%current user%\Cookies\Current_User@hm.baidu[1].txt (164 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\data[1].js (9 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\u-WUoqrET9fUeobQW7jkRfY6323mHUZFJMgTvxaG2iE[1].eot (1386 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\logo_tencentvolunteers[1].png (3 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\h[2].js (20 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\search_children[1].js (295 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\upfile_6284563_1436686486[1].jpg (3656 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\404style[1].css (11 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\upfile_4270811_1436692558[1].jpg (10747 bytes)
   %Documents and Settings%\%current user%\Cookies\index.dat (2892 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\desktop.ini (67 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\page[1].js (12 bytes)
   %Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\upfile_2835045_1438133394[1].jpg (10286 bytes)

4. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
   
5. Reboot the computer.
   

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

Static Analysis

VersionInfo

No information is available.

No information is available.

PE Sections

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Section MD5
.text	4096	1926	4096	2.36282	364c77e015f4bb4a14327b18bd86398d
.rdata	8192	1320	4096	1.44848	ed6eeea8c74e74b1f5d74036b1d8ff73
.data	12288	180	4096	0.122094	61529ec798ffa7758db07e5d23e43936
.rsrc	16384	3424	4096	1.40325	bdcb84c2a2593ff86b5d8c0b85c02180

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

Network Activity

URLs

URL	IP
hxxp://neeao.com/	106.186.116.73
hxxp://a1574.b.akamai.net/cgi-bin/cgi_client_entry.cgi?uin=5454443
hxxp://neeao.com/wp-content/themes/twentytwelve/js/html5.js	106.186.116.73
hxxp://a1574.b.akamai.net/404/search_children.js
hxxp://neeao.com/wp-content/themes/twentytwelve/style.css?ver=4.1.7	106.186.116.73
hxxp://neeao.com/wp-content/themes/twentytwelve/css/ie.css?ver=20121010	106.186.116.73
hxxp://googleadapis.l.google.com/css?family=Open Sans:400italic,700italic,400,700&subset=latin,latin-ext
hxxp://gstaticadssl.l.google.com/s/opensans/v13/u-WUoqrET9fUeobQW7jkRfY6323mHUZFJMgTvxaG2iE.eot
hxxp://a1165.b.akamai.net/gy/404/data.js
hxxp://a1165.b.akamai.net/gy/404/page.js
hxxp://a1165.b.akamai.net/gy/404/style/404style.css
hxxp://a1165.b.akamai.net/ac/qzfl/stat.js
hxxp://hm.e.shifen.com/h.js?19c9dab3ab926f7f84b51ac9a3d72f37
hxxp://boss.qzone.qq.com/fcg-bin/fcg_zone_info	112.90.83.43
hxxp://hm.e.shifen.com/hm.gif?cc=1&ck=1&cl=32-bit&ds=1276x846&et=0&fl=11.6&ja=1&ln=en-us&lo=0&nv=1&rnd=954852177&si=19c9dab3ab926f7f84b51ac9a3d72f37&st=1&v=1.1.2&lv=1&tt=Neeao | 信息安全、程序开发、脚本技术
hxxp://a1165.b.akamai.net/gy/404/style/image/bg_page.png
hxxp://a1165.b.akamai.net/gy/upload/upfile_2835045_1438133394.jpg
hxxp://a1165.b.akamai.net/gy/404/style/image/logo_tencentvolunteers.png
hxxp://neeao.com/wp-content/themes/twentytwelve/js/navigation.js?ver=1.0	106.186.116.73
hxxp://a1165.b.akamai.net/gy/404/style/image/logo_baobeihuijia.png
hxxp://a1165.b.akamai.net/gy/upload/upfile_2568273_1436523556.jpg
hxxp://a1165.b.akamai.net/gy/upload/upfile_6284563_1436686486.jpg
hxxp://a1165.b.akamai.net/gy/upload/upfile_4270811_1436692558.jpg
hxxp://a1165.b.akamai.net/gy/upload/upfile_3165952_1436968159.jpg
hxxp://a1165.b.akamai.net/gy/upload/upfile_1415940_1436968214.jpg
hxxp://a1165.b.akamai.net/gy/404/style/image/txt_title.ie6.png
hxxp://a1165.b.akamai.net/gy/404/style/image/bg_corner.png
hxxp://qzone.qq.com/gy/404/style/404style.css	1.105.192.18
hxxp://qzonestyle.gtimg.cn/ac/qzfl/stat.js	188.43.72.42
hxxp://qzone.qq.com/gy/404/data.js	1.105.192.18
hxxp://fonts.googleapis.com/css?family=Open Sans:400italic,700italic,400,700&subset=latin,latin-ext	74.125.143.95
hxxp://qzone.qq.com/gy/upload/upfile_2568273_1436523556.jpg	1.105.192.18
hxxp://qzone.qq.com/gy/404/style/image/txt_title.ie6.png	1.105.192.18
hxxp://qzone.qq.com/gy/upload/upfile_3165952_1436968159.jpg	1.105.192.18
hxxp://qzone.qq.com/gy/404/style/image/logo_baobeihuijia.png	1.105.192.18
hxxp://hm.baidu.com/hm.gif?cc=1&ck=1&cl=32-bit&ds=1276x846&et=0&fl=11.6&ja=1&ln=en-us&lo=0&nv=1&rnd=954852177&si=19c9dab3ab926f7f84b51ac9a3d72f37&st=1&v=1.1.2&lv=1&tt=Neeao | 信息安全、程序开发、脚本技术	220.181.7.190
hxxp://qzone.qq.com/gy/upload/upfile_4270811_1436692558.jpg	1.105.192.18
hxxp://qzone.qq.com/gy/404/style/image/bg_page.png	1.105.192.18
hxxp://qzone.qq.com/gy/upload/upfile_1415940_1436968214.jpg	1.105.192.18
hxxp://qzone.qq.com/gy/upload/upfile_6284563_1436686486.jpg	1.105.192.18
hxxp://qzone.qq.com/gy/404/style/image/logo_tencentvolunteers.png	1.105.192.18
hxxp://hm.baidu.com/h.js?19c9dab3ab926f7f84b51ac9a3d72f37	220.181.7.190
hxxp://qzone.qq.com/gy/404/page.js	1.105.192.18
hxxp://qzone.qq.com/gy/404/style/image/bg_corner.png	1.105.192.18
hxxp://fonts.gstatic.com/s/opensans/v13/u-WUoqrET9fUeobQW7jkRfY6323mHUZFJMgTvxaG2iE.eot	173.194.113.223
hxxp://qzone.qq.com/gy/upload/upfile_2835045_1438133394.jpg	1.105.192.18
hxxp://www.qq.com/404/search_children.js	188.43.72.51
hxxp://u15.qzone.qq.com/cgi-bin/cgi_client_entry.cgi?uin=5454443	188.43.72.51
pingfore.qq.com	163.177.72.141
30434.q-zone.qq.com	1.1.1.1

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

Traffic

GET /h.js?19c9dab3ab926f7f84b51ac9a3d72f37 HTTP/1.1

Accept: */*

Referer: hXXp://neeao.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: hm.baidu.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Cache-Control: max-age=0, must-revalidate

Content-Encoding: gzip

Content-Length: 7924

Content-Type: application/javascript

Date: Thu, 27 Aug 2015 00:57:16 GMT

Etag: 00288249d01a7342cdf33311b0c0d3a0

P3p: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

Server: apache

Set-Cookie: HMACCOUNT=81DD77E195A915E4; Path=/; Domain=hm.baidu.com; Expires=Sun, 18 Jan 2038 00:00:00 GMT

...............(function(){var h={},mt={},c={id:"19c9dab3ab926f7f84b51ac9a3d72f37",dm:["neeao.com"],js:"tongji.baidu.com/hm-web/js/",etrk:[],icon:'',ctrk:false,align:-1,nv:-1,vdur:1800000,age:31536000000,rec:0,rp:[],trust:0,vcard:0,qiao:0,lxb:0,conv:0,comm:0,apps:''};.[{w.6.....F..a..d;.V4.M....I:M...Y..IHb..BR..K.}....$&..n....yq_...f-2k.....OVQ.2~<p..................{.....N!..N.:.."..U..'3..T...t..g.."....N...Q..aG.....D2[..4zUU.MS.e..P.kKS~..2nkY.. D....... .qr?.2qn...o6}.%....8..l^`k..(.~..b.w;6....j. ...7'...........c...A\. ..:...%o..D!Y.......gV.h..Q.....A2.".K8.z][:A..0....%..*..P.....;.S5cA7.X/o.a&sh..".....E.&3.V..*.[..U&.Vn..#....}&.U.%...=.]..~..(."....;9...y@.u......Q:......Z.S......e....T<.$...{.@.r.Ob...~.f..=...................i i.3.P.@...R.4...)....%..-..nY.r.l.bb....EK..Lr,..z.?|.")....3..'.......t.n..cob......).....tU(w..o.,.".DrZ..|Q.s;...j.......To..-R y..>..Y.j".....k....l43.Uw.d...NO......4).............Y.(.?W#..vf'~./#YH.97........-.f....I..N9v....$,M.,L. ec...D.J.d.Z.j..(...."...[.xr.La.[9..A7..2.p..w.,../......Z.E]..x.*=.\.4../...O.Z%.~.MU.t.N.C5.v.vV-.O.......\.s..nAX....X"...Pe.?.....H.o..$3.../.D..l.P.0..9.... ...5..L=..S..v=..k..W......"Z......FC.D.4..t.xX<.j........t.....>..jMj......./8% .7&.........`:.i\ ..*...e$|i.w.1s............\....... }R.:.s..}.}.G.3.R....%..\.>.........j...!.*.kz..h......K..(..=......_F..U,...b...*N...bF..1|x}M.B......@.....h..............@N...~Xn..qu.d.{2...0..&a.`.....p.#..Fh..#.t([.4..H..z..(..8Dg...S).rb....|F....d.....|L.d....b...H.bS.

<<< skipped >>>

GET /hm.gif?cc=1&ck=1&cl=32-bit&ds=1276x846&et=0&fl=11.6&ja=1&ln=en-us&lo=0&nv=1&rnd=954852177&si=19c9dab3ab926f7f84b51ac9a3d72f37&st=1&v=1.1.2&lv=1&tt=Neeao | 信息安全、程序开发、脚本技术 HTTP/1.1

Accept: */*

Referer: hXXp://neeao.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: hm.baidu.com

Connection: Keep-Alive

Cookie: HMACCOUNT=81DD77E195A915E4

HTTP/1.1 200 OK

Cache-Control: private, max-age=0, no-cache

Content-Length: 43

Content-Type: image/gif

Date: Thu, 27 Aug 2015 00:57:17 GMT

Pragma: no-cache

Server: apache

X-Content-Type-Options: nosniff

GIF89a.............!.......,...........L..;HTTP/1.1 200 OK..Cache-Control: private, max-age=0, no-cache..Content-Length: 43..Content-Type: image/gif..Date: Thu, 27 Aug 2015 00:57:17 GMT..Pragma: no-cache..Server: apache..X-Content-Type-Options: nosniff..GIF89a.............!.......,...........L..;..

GET /gy/404/page.js HTTP/1.1

Accept: */*

Referer: hXXp://u15.qzone.qq.com/cgi-bin/cgi_client_entry.cgi?uin=5454443

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: qzone.qq.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: org-imgcache

Last-Modified: Thu, 11 Jun 2015 09:41:30 GMT

Content-Type: application/x-javascript

ETag: "557957ca-2f05"

Content-Encoding: gzip

Content-Length: 4536

Cache-Control: max-age=600

Date: Thu, 27 Aug 2015 00:57:15 GMT

Connection: keep-alive

Vary: Accept-Encoding

...........:ks.8... .$%......E......V.>f'sWu.W....."e.........S.=.^mM...F..................(...C.<??..`.."J.^.a .k.n4A...O.0h...!....A ..*,....w....;. ~....^......].kks..N...K..n.CZ.......r\.;....X......G......us8 .....s.u..........P....4.2.....?.*. ..S-.Xc.k.sM."q.|...u.......V.~?...h#.].L.?y....{j.{.f....Q.....H...<......`.....?Fy!..]...PM.@.G........P.h$M$M9..C....\w....`..H...(.....3..}..FcJ.....['.`>....p[<nE..X.......<W5.X$.".ARi......~.9|0P3.J..~k...(.N.XF..........J...F....OS$j.....?f.8...,...t.......o.......LJ...83W..D. .N."...H..6K........~.......V.....G.....B.........z....~5W3.......A..L..{j..q.r..F.K-<?{..0..\.s5.~.....0..._.4...(vY.cF.\ ........./....j].94F......m...C........=[.....b..6........e.......g.....d4b0jv..A`..n6c..^.s...m.....q-..Mp.ol!1C_.....S..m..b....s `.q@....../..F....ua..[b2.2de.#..s.........0.&8j:.v'.@a...XX8..9.G..T_.......&.....NP5..3....N*.Gb......[.....bW.6.........p...vP..)..@!.m..l}.S...Vh.f..)...}[....j..G.....R....E .....?........jf&P.c..G....WY...Hw....s.Q.[ik...`..Ld..W.....?3.sYD.f....:...A..Q.%_Z.D.N...5..x.]V.F.Z.Y.G.U...x.......S.C.ox............n!@.@.F.......k.$.........Eyd..|..V..)h.{.~c..)...[...&.....<>.:v..............n....#........`.....L$......D...P.Y....0...CD.K..?.......^.@..<.[.(,....\.9l...{u..\.)N9C.2.L..cw...0....n............./...^...t.m....=..:.`l.I....$......b;7.6...K...C....W8eX......8.V....x.J...8.3..Pp*.e.>.i......~.#Po..QA.9....3...Xi........3M.5.`.....4.{y....8..[{RD..*$.Q.8D.M {........Z%./.s.#.....(.....(.R"...e

<<< skipped >>>

GET /gy/404/style/image/bg_page.png HTTP/1.1

Accept: */*

Referer: hXXp://u15.qzone.qq.com/cgi-bin/cgi_client_entry.cgi?uin=5454443

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: qzone.qq.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: org-imgcache

Last-Modified: Wed, 31 Dec 2014 12:21:54 GMT

Content-Type: image/png

Content-Length: 14998

ETag: "54a3ea62-3a96"

Cache-Control: max-age=259200

Date: Thu, 27 Aug 2015 00:57:17 GMT

Connection: keep-alive

.PNG........IHDR...@..........K\4....tEXtSoftware.Adobe ImageReadyq.e<...$iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)" xmpMM:InstanceID="xmp.iid:6994F5C37BDB11E4AF49CE8655D24E0A" xmpMM:DocumentID="xmp.did:6994F5C47BDB11E4AF49CE8655D24E0A"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:6994F5C17BDB11E4AF49CE8655D24E0A" stRef:documentID="xmp.did:6994F5C27BDB11E4AF49CE8655D24E0A"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>...L....PLTE........................sss............................................................................................................................................................yyy.................................vvv......}}}...|||~~~...wwwttt...uuuxxxzzz..............$...5.IDATx....{.H.n..0.D"..E.,.ng{:..3..w........*d. EJ.$..<..I....Po}.*.................................................w..A.c$..`....(..._/:.l.........c.hm.R...2..=.'BQ.$....1R.f.......U.#.gt..ep..`.....kOSlE.M.s.t}......WZ.._Q.f.........GG13..N&.k.4.........fSy.AP...`...b-....v.A...GS.........~..2>.

<<< skipped >>>

GET /gy/404/style/image/logo_tencentvolunteers.png HTTP/1.1

Accept: */*

Referer: hXXp://u15.qzone.qq.com/cgi-bin/cgi_client_entry.cgi?uin=5454443

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: qzone.qq.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: org-imgcache

Last-Modified: Wed, 31 Dec 2014 12:21:54 GMT

Content-Type: image/png

Content-Length: 3588

ETag: "54a3ea62-e04"

Cache-Control: max-age=259200

Date: Thu, 27 Aug 2015 00:57:17 GMT

Connection: keep-alive

.PNG........IHDR...2...2.....).x.....tEXtSoftware.Adobe ImageReadyq.e<...$iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)" xmpMM:InstanceID="xmp.iid:998480E67BD511E4AF49CE8655D24E0A" xmpMM:DocumentID="xmp.did:998480E77BD511E4AF49CE8655D24E0A"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:998480E47BD511E4AF49CE8655D24E0A" stRef:documentID="xmp.did:998480E57BD511E4AF49CE8655D24E0A"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>...Z....PLTE.....r.....I........A........I........=.v...N....................N..h.......x...............`..D.....9..^.t...P..d..5..Z..R.....2..E.|...i..........z.....................l..............V.....X.................7.....|.......~......n..'........ .|......b..\..,..0....r...:..D...........v..............p..z.z..{...T..*........"........K..b.....V..z.........................................0...........$..........................:..8...........X..&..T..$........x..e.."..............3..-.............y......u.._..&..... ...........!.....!.......................... ..m........~........L...

<<< skipped >>>

GET /gy/404/style/image/logo_baobeihuijia.png HTTP/1.1

Accept: */*

Referer: hXXp://u15.qzone.qq.com/cgi-bin/cgi_client_entry.cgi?uin=5454443

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: qzone.qq.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: org-imgcache

Last-Modified: Wed, 31 Dec 2014 12:21:54 GMT

Content-Type: image/png

Content-Length: 3725

ETag: "54a3ea62-e8d"

Cache-Control: max-age=259200

Date: Thu, 27 Aug 2015 00:57:17 GMT

Connection: keep-alive

.PNG........IHDR...x...2......y......tEXtSoftware.Adobe ImageReadyq.e<...$iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)" xmpMM:InstanceID="xmp.iid:6994F5BB7BDB11E4AF49CE8655D24E0A" xmpMM:DocumentID="xmp.did:6994F5BC7BDB11E4AF49CE8655D24E0A"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:998480E87BD511E4AF49CE8655D24E0A" stRef:documentID="xmp.did:6994F5BA7BDB11E4AF49CE8655D24E0A"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>F.......PLTE....VF..............k.............=<....B6.......... .....$......D.......... *....[[.......2E.#6.*=..........zz.......3)..2.Td....CB....bq.z8.......x6.LK.fe.$$..$.....U.................[.......M^....Zj....SQ.w4..s....si.......54...................~>.............m{.............sr.tt.u.............................................A.q}................mn..z....@R....|<.......21....FV..".^l.~~.IE.....*.=N....}.....IZ..........&:.......y.....:4................%..............9L..,....i[....9J.....(..}.41.{:.`o.hg.........................`^........N....iW.cR..........ft.).....\j

<<< skipped >>>

GET /gy/upload/upfile_2568273_1436523556.jpg HTTP/1.1

Accept: */*

Referer: hXXp://u15.qzone.qq.com/cgi-bin/cgi_client_entry.cgi?uin=5454443

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: qzone.qq.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: org-imgcache

Last-Modified: Fri, 10 Jul 2015 10:19:16 GMT

Content-Type: image/jpeg

Content-Length: 12912

ETag: "559f9c24-3270"

Cache-Control: max-age=259200

Date: Thu, 27 Aug 2015 00:57:17 GMT

Connection: keep-alive

......JFIF.....`.`.....0Exif..MM.*.......1..............VVV.meitu.com....C....................................................................C.........................................................................................................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..6.........b..;#...y.wg..i.p....<..i.:p.....&..F.'.GZ...>.).F.C...o.F..Ch.1...@...BG.T../..O........G...W<..v....%...~ ../Y.Q..51...WA..'......Q.vA......R.d.et..*]..U..s...=......3E.P]...W.!f..c..g....4Y}..[]./...W...<......m..d...,{ea!.....w...,.2.x... ......../...q.%.9.q...&...X..R(..A...^..T....rN:a@.....4......8.U3tHd..\..H.A".V..M.%........gr.21!s.1`z.......RH.*..I<......L.G.l....G.........q.AN3...[....`.|S>.K......'.{N'...wG.~.....g3.;/.....5.....<;..O.o...z.....M..Q.\;..Fz.j....;........../.....O..h.....`.9^.JFn.t.X..zw.Cw3q}..#*|...Pk..\..&`..l...u.m....Xd.".H.....rF{.V5..r0w.J.t.I..F9.z..1.N...'..wCZ.o3u...7. ..\.q.*..Re....8..........K.9...S..........S.=.......x.U...Y~..}5r..[#...=...GS...i ...H....DH^...q..p..O.n..;3..>.?.x.?`..R....# V.m...6..3.....e...9.ADE.....NsR..){.R...%..Tc.&.I...Z...9.G.Vzt.....A..a.|.#4....s

<<< skipped >>>

GET /gy/upload/upfile_6284563_1436686486.jpg HTTP/1.1

Accept: */*

Referer: hXXp://u15.qzone.qq.com/cgi-bin/cgi_client_entry.cgi?uin=5454443

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: qzone.qq.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: org-imgcache

Last-Modified: Sun, 12 Jul 2015 07:34:46 GMT

Content-Type: image/jpeg

Content-Length: 47609

ETag: "55a21896-b9f9"

Cache-Control: max-age=259200

Date: Thu, 27 Aug 2015 00:57:17 GMT

Connection: keep-alive

......JFIF.............<CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 100....C....................................................................C.........................................................................^.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..i.....?...j.U.............K.Uz<..o....\.,Q..~..z...~..z(...........O...^..|e..~.~e.*.W.........>.......t._..G,.8...\..d.......u..4'.....O..c..Y....._..=s..`y?.>'iZ?. ..7.;........|..O....u.........zu. .XWe..v..3.^#....}?... twj.....{.s....M..x...\.8....x?.>0_^....:..v............>y......?...........k..a...._.....U....l......'.d........u/.j..........{...Zi.......n..V........G....~..x..5...........o..v.4<..........[..U..u.o..f.....U........."......Z..E.W..g....Z......1Y......?.......O...........Pua.?.o_....Ag......\.... B.J...1....?.._....o....?4.e..........~=..6.........w]........xW.v..Ko...........| ...b..n;{..@....xo'....{......4..j........>.....y.........'.lV.6..1...-..K....~.Cy.........~.`..........~'Ay.x/.?.?.?.9.W.i.*.....O..3^w...........2|.........m.._...v........._...?.._...?...bp......./.Vd.i[Ue......b....

<<< skipped >>>

GET /gy/upload/upfile_3165952_1436968159.jpg HTTP/1.1

Accept: */*

Referer: hXXp://u15.qzone.qq.com/cgi-bin/cgi_client_entry.cgi?uin=5454443

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: qzone.qq.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: org-imgcache

Last-Modified: Wed, 15 Jul 2015 13:49:19 GMT

Content-Type: image/jpeg

Content-Length: 27181

ETag: "55a664df-6a2d"

Cache-Control: max-age=259200

Date: Thu, 27 Aug 2015 00:57:17 GMT

Connection: keep-alive

......JFIF.............0Exif..MM.*.......1..............VVV.meitu.com....C....................................................................C.......................................................................@.................................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..$........!..kQ...[.Y.I......@Q.VF...kf..o/...h.Q.4...d.}..L......5..2....o's.u...2<A..uH~.n.f_........|.."..".v.F.........p4,.?wYJ$.j..w.t.)D...cq....2.#.uO2.....=e....G....y..sr.#l.Q..........2;..O.....U.Uk.../....7}............*..q.y.......vZS......j....4!...5.....m]..P...E...jT....s...M....6t......s..I\.|;.....#M......@......|.".,4y.IEy....=LD.)E...:....^.s......Mp......~...'...>.......Dv.._.<...<..g.......Q....._|..F.i5......1...$(.8.ZC8.U.. E..e<..N.R...."m1D..{....8....[.h&o.uh:.^O.b..#o*.$.7....`G.....v.K.z5]... .f....@S..tp......AVO.o..J.`f....Y....n...m....h..i..Y..x4....Kg.U.4J7.u....w....:.jmQ...'.\..........ti_w.7.yk...a.....u...a_.......6.l{bWX...C.....V_.}../.Y.S.u...|./..@...|..h...uj.`.r.=m..v.OR..z7......n...3Fe.#s|..`;j....bD...7....E......FJ.5.I...(.&..'....-.t?..K.J="...[k.q.#~y<g.S....... .=.JP.Qn.u..}....&..k..

<<< skipped >>>

GET /gy/upload/upfile_1415940_1436968214.jpg HTTP/1.1

Accept: */*

Referer: hXXp://u15.qzone.qq.com/cgi-bin/cgi_client_entry.cgi?uin=5454443

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: qzone.qq.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: org-imgcache

Last-Modified: Wed, 15 Jul 2015 13:50:14 GMT

Content-Type: image/jpeg

Content-Length: 113765

ETag: "55a66516-1bc65"

Cache-Control: max-age=259200

Date: Thu, 27 Aug 2015 00:57:17 GMT

Connection: keep-alive

......JFIF.............<CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 100....C....................................................................C.......................................................................U...."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..~.,....>.,....>=h....g..?...Z.........K;_...8.....v.s. v.].....i.......t....:.............>..*......O...z..g...=.... ......^.....Z...y..[.g.Y.......NkF.......}....h.......;.]>..3.......6.....^.....g...Z.~......@...../.o..hY..c.w..=.s...Y....V....w.......=7]....>....Ns.s...^{.k.*.......^..%.......K...~......2......?.....[...jZ....1.4.7....~?....U^k...I. ...v...&_.o..~...?....g.._...k...........rC..v...x..J....)....b_..?...........Y.sU.:7..o........}]gk..O^...........~#._.,...u..........Z.G)..k.........>Q...y.j.z....t.S..?..s... ?...A.V....i.....9... >...F.T.b..Y.>..'.o.?.W.........Y..x....O{....#......>.../.>......i)l.~'..._L.;5f.&.....g..?..Eg..?..;g..?..Eg..?..."..G.....}......j......}z.V......QE....}....u..........`.....Wa.o..h_..?......K.m..../..>........z.._.5xo..f................_H|d..........9....

<<< skipped >>>

GET /gy/404/style/image/txt_title.ie6.png HTTP/1.1

Accept: */*

Referer: hXXp://u15.qzone.qq.com/cgi-bin/cgi_client_entry.cgi?uin=5454443

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: qzone.qq.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: org-imgcache

Last-Modified: Wed, 31 Dec 2014 12:21:54 GMT

Content-Type: image/png

Content-Length: 6502

ETag: "54a3ea62-1966"

Cache-Control: max-age=259200

Date: Thu, 27 Aug 2015 00:57:18 GMT

Connection: keep-alive

.PNG........IHDR.......F........'....tEXtSoftware.Adobe ImageReadyq.e<...$iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)" xmpMM:InstanceID="xmp.iid:72A4BF7D7BC911E4AF49CE8655D24E0A" xmpMM:DocumentID="xmp.did:72A4BF7E7BC911E4AF49CE8655D24E0A"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:72A4BF7B7BC911E4AF49CE8655D24E0A" stRef:documentID="xmp.did:72A4BF7C7BC911E4AF49CE8655D24E0A"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>R1>....0PLTE^^^............iii............sss~~~..............=.....tRNS.................#].....IDATx..].b...5;x....k6.E`............!..i...m..<.....%G.......5..$.....}..i.....;......1.Y,.....i.........'..M _76..Y..._=..-..i.b.%.. ..rq.....8..G..Q..=.i...rv6..iz..E....."..=.L...]...q..%_...}....E.r..8.........Co..$. ^.s.....?....v....x.-.la..>.y.1p....K<.FU....a....Z....z......'..\..DLt.8%h.y..%.7s..r..Z.EmH..u.....h...u..y8..c.HK.............<.K-......6fWN}$uF..zL....V.MK....h/....@.E".d.....n!.0"....x...%|.M......}.....Xf...Td/w..........a..>.....G.@n....E?......R,......

<<< skipped >>>

GET /s/opensans/v13/u-WUoqrET9fUeobQW7jkRfY6323mHUZFJMgTvxaG2iE.eot HTTP/1.1

Accept: */*

Referer: hXXp://neeao.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: fonts.gstatic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Type: font/eot

Last-Modified: Mon, 27 Apr 2015 23:47:02 GMT

Date: Wed, 26 Aug 2015 20:20:36 GMT

Expires: Thu, 25 Aug 2016 20:20:36 GMT

Access-Control-Allow-Origin: *

Timing-Allow-Origin: *

X-Content-Type-Options: nosniff

Server: sffe

Content-Length: 28499

X-XSS-Protection: 1; mode=block

Age: 16598

Cache-Control: public, max-age=31536000

......n...t.UP.N..;..;......>hpw.. ......K...............}.......Z..........H..........!".#..@...... ...~...&T.)&..[Ep...i.!....W..M......_....?..........|...y^.9D......N..................*j...........~\..Z..Y....=..p.h.X:n...g.........k@.U..y)v.n..F!.a&....Q5=...O.|.)....vz.7...J......k......!....B"%.9..z.j.k..}..u.~...o.I....UT.JJ..?.t...r ...!..`*bX<~....:.Gc..zj......eWAZ.....sf....c..H{w..... ..`..P...f.....0.8.]-Z..,..e!J0...t.c..J9".e&R.q.8.k......... .....K~.....c.9. Q4.{..r.I|...I:......p5.v..g...v.<PZ]b.~v...6...;..1(....=.]..[....S......W`.....QMu...8.G.......[.....Xt.........*sR..B......<^..M.p. AKQ.Pn].....K..D#D......"/........r.\....:b.Pu.A.W.\..g.l.~..........%.'4.....(..X...z.F....E%...2....mB.G..].,C...I.y.UI1.s..\v$..i...np.^..R..SA:....E`...8.L.8=..T!.6....?r...W5%..........(..M.........i28Sn.................0|?......g....&..m...m?...Dw.:.DXU(013..{...L L.p92....z..iirti..../.i]?.o.......vx....4......}.....tD}S .....l,.....7......Vi....<.|..&..;.....9s=#.......y...E.. <..T.YC..O.N.;...O.&g<...,...'<.p....41.h.:..B....@-..... .?U.O{6.X.p...9.xc{...b..3Y..... D.....r...2t.G..Z.f]..d`WE.{F1d.H....|.hS..sae..9FA,.#..D...5.....-......]..8G...09.......4..E<FZ..o.....k.....7.....dWS..B7?.....l{!^....3\..O0g........S0_QwR.4.l..f..t...Y.:y...b.L.N..5..4. .........'..(..G^U......i?.X......5..i...n...4....;...9..{..k1..T.SU8.z...(0T...!........Z..J.%..3]...I.k...:.!.C.../]_}6...BE...H..<.m.0.<w.(.z..........".....4.....DL.W9...m....W...l.....eAK$c......9..p.d4....p..

<<< skipped >>>

GET / HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: neeao.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: nginx

Date: Thu, 27 Aug 2015 00:57:13 GMT

Content-Type: text/html; charset=UTF-8

Transfer-Encoding: chunked

Connection: keep-alive

Vary: Accept-Encoding

X-Powered-By: PHP/5.3.28

Set-Cookie: PHPSESSID=kmmrh2tflq6od56ce2p5qsr1i1; path=/

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0

Pragma: no-cache

X-Pingback: hXXp://neeao.com/xmlrpc.php

61f6..<!DOCTYPE html>.<!--[if IE 7]>.<html class="ie ie7" lang="zh-CN">.<![endif]-->.<!--[if IE 8]>.<html class="ie ie8" lang="zh-CN">.<![endif]-->.<!--[if !(IE 7) | !(IE 8) ]><!-->.<html lang="zh-CN">.<!--<![endif]-->.<head>.<meta charset="UTF-8" />.<meta name="viewport" content="width=device-width" />.<meta name="baidu-site-verification" content="ZxfsFzkW7N" /><title>Neeao | ..........................................</title>.<link rel="profile" href="hXXp://gmpg.org/xfn/11" />.<link rel="pingback" href="http://neeao.com/xmlrpc.php" />.<!--[if lt IE 9]>.<script src="hXXp://neeao.com/wp-content/themes/twentytwelve/js/html5.js" type="text/javascript"></script>.<![endif]-->.<link rel="alternate" type="application/rss xml" title="Neeao » Feed" href="http://neeao.com/feed" />.<link rel="alternate" type="application/rss xml" title="Neeao » ......Feed" href="hXXp://neeao.com/comments/feed" />.<link rel='stylesheet' id='twentytwelve-fonts-css' href='hXXp://fonts.googleapis.com/css?family=Open Sans:400italic,700italic,400,700&subset=latin,latin-ext' type='text/css' media='all' />.<link rel='stylesheet' id='twentytwelve-style-css' href='http://neeao.com/wp-content/themes/twentytwelve/style.css?ver=4.1.7' type='text/css' media='all' />.<!--[if lt IE 9]>.<link rel='stylesheet' id='twentytwelve-ie-css' href='hXXp://neeao.com/wp-con

<<< skipped >>>

GET /wp-content/themes/twentytwelve/style.css?ver=4.1.7 HTTP/1.1

Accept: */*

Referer: hXXp://neeao.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: neeao.com

Connection: Keep-Alive

Cookie: PHPSESSID=kmmrh2tflq6od56ce2p5qsr1i1

HTTP/1.1 200 OK

Server: nginx

Date: Thu, 27 Aug 2015 00:57:14 GMT

Content-Type: text/css

Content-Length: 35917

Last-Modified: Fri, 06 Dec 2013 02:23:10 GMT

Connection: keep-alive

Vary: Accept-Encoding

ETag: "52a1350e-8c4d"

Expires: Thu, 27 Aug 2015 12:57:14 GMT

Cache-Control: max-age=43200

Accept-Ranges: bytes

/*.Theme Name: Twenty Twelve.Theme URI: hXXp://wordpress.org/themes/twentytwelve.Author: the WordPress team.Author URI: hXXp://wordpress.org/.Description: The 2012 theme for WordPress is a fully responsive theme that looks great on any device. Features include a front page template with its own widgets, an optional display font, styling for post formats on both index and single views, and an optional no-sidebar page template. Make it yours with a custom menu, header image, and background..Version: 1.3.License: GNU General Public License v2 or later.License URI: hXXp://VVV.gnu.org/licenses/gpl-2.0.html.Tags: light, gray, white, one-column, two-columns, right-sidebar, fluid-layout, responsive-layout, custom-background, custom-header, custom-menu, editor-style, featured-images, flexible-header, full-width-template, microformats, post-formats, rtl-language-support, sticky-post, theme-options, translation-ready.Text Domain: twentytwelve..This theme, like WordPress, is licensed under the GPL..Use it to make something cool, have fun, and share what you've learned with others..*/../* =Notes.--------------------------------------------------------------.This stylesheet uses rem values with a pixel fallback. The rem.values (and line heights) are calculated using two variables:..$rembase: 14;.$line-height: 24;..---------- Examples..* Use a pixel value with a rem fallback for font-size, padding, margins, etc...padding: 5px 0;..padding: 0.357142857rem 0; (5 / $rembase)..* Set a font-size and then set a line-height based

<<< skipped >>>

GET /fcg-bin/fcg_zone_info HTTP/1.1

Accept: */*

Referer: hXXp://u15.qzone.qq.com/cgi-bin/cgi_client_entry.cgi?uin=5454443

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: boss.qzone.qq.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Connection: close

Server: QZHTTP-2.37.1

Date: Thu, 27 Aug 2015 00:57:16 GMT

Content-Encoding: gzip

Cache-Control: no-cache

Content-Type: application/x-javascript; charset=utf-8

Content-Length: 140

...........wN..IJL.....TJ.OIU.2..2.K..x......@........X.S..LI,IT...VJ.,......V.WR..04..Q*(./..KNE(*,M.*)J...T...._.Tlbb`fln`lV[..i...x`.......

GET /gy/404/data.js HTTP/1.1

Accept: */*

Referer: hXXp://u15.qzone.qq.com/cgi-bin/cgi_client_entry.cgi?uin=5454443

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: qzone.qq.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: org-imgcache

Last-Modified: Wed, 26 Aug 2015 06:42:47 GMT

Content-Type: application/x-javascript

ETag: "55dd5fe7-266d"

Content-Encoding: gzip

Content-Length: 2863

Cache-Control: max-age=600

Date: Thu, 27 Aug 2015 00:57:15 GMT

Connection: keep-alive

Vary: Accept-Encoding

...........Z[O.I.. ._.....K.h.m.}..}[."C.......d.Y..1.6....!.CB..c........~......%Y.I.6...U..n....wN..g..lv..S............z..>u?r..#..?.w.q?p..<..i....&:.......@...C.....Vy..k......G.3..'>.y......x.Yaq..N.....W9...*.[.c....O..c.<..M?z.....^...|926...........<......O8QR8.....$r.(J#...l_hz.3F......!.9=...&...G...........^&. ..h.Stz.............gjt.;.....1..713.y:.J..I..0;2.{>.y...=.W3...%#.I..j..V......k(.F.....U.0....c..~.......yD. .........q&.......dgQk.Ib....I.Av..8../...VH...~.V....},..5....=....&.g.~..0.'..i...:..<.2.Vy.0.r.../K..K..Oz..Ks..p_g.<8...P..}i"..D...i"q. J.M$E...4..8.'.&.B..w.&z(..Sh.f.R.v.<B.Er.B....sB....qv4...d.....#{.(.... .5'w...<....|A.l.D..I.Oj.0..9R....~........jI....K:....S:..8.7....$....I.wI..j.]...:$.....g.....$.8.QX.".....WK......".._.\....@kn.l.)1d.....50.p....t.q.J.....=!(.#(u.$...J......m..l.d....A.U.3.T%...~.j....8}id.4.4vhZ.\k.u...P....;@..m.*<0:...Y....%..t.n.6.;..c?A..t^.[... .F.=...x/..nT"..T.8...Zz....v.57I..5..A.........@ I.<a...Q....R.E[Jp.2......f...}.....^S.....9*..K.70.eW.a....!..9.........l.........G...'...(..D.............qnPDE..UV....$..x.J.....%.t...<...z....?l..:.S.d.6.....1kgj.P.n.....).........1..8..c.3.A~.a.a.27vL.7k.",02..."..<.../..K......../...m..n.X8E....C...qDC8.....{4..sZm.E..<...........bk.).L..._D...|D2A|..............y.&%(...>,q.Q..%.e.S].-%..2...j...N.....P..{N(.rB.U.....^bGF.O...r.E...8.....7.i......Q.V..nM..I.\/... .......V._.@...B.Y;B...$e..................;..7........eP28@..o..;J?....^d....j...z....s:.

<<< skipped >>>

GET /gy/404/style/404style.css HTTP/1.1

Accept: */*

Referer: hXXp://u15.qzone.qq.com/cgi-bin/cgi_client_entry.cgi?uin=5454443

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: qzone.qq.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: org-imgcache

Last-Modified: Thu, 11 Jun 2015 09:41:30 GMT

Content-Type: text/css

ETag: "557957ca-2d70"

Content-Encoding: gzip

Content-Length: 3441

Cache-Control: max-age=3600

Date: Thu, 27 Aug 2015 00:57:16 GMT

Connection: keep-alive

Vary: Accept-Encoding

...........Z.s.........tbiH..D..'3.C..L...NF..G.b...P.V4#7.%9.G.4.....;V.ZNSG.eK.g..|.........D9.eP...vo?~............?|..v.Lf.Y..9...].......5.0..~.m..L.Jn6..gs91...N...w.?....t...?.......I.........m...........}...}.......}..{.e../.{....ro]...-..k.............I@.>..9.E.C.i.de|.AY...INQ~sn|.j..U&........z.n.mC...h.....dv.V.3'..%'k..4.j..m.=.3.m.i......s.Z5.\,S]g-..|m....F-f...l9..k...*Lg.2...u.^..>..w....~.......po~......F...{wG..t.{....S..Z.p...........r.h:\.\Z.....Kg......k..Y..p.3.e.....|.L......Ma......f......ZT....P..V.Tt.z.B.t..i.........42D..V...j3..QGe..l.U......mq.`. nPU...n..I.v......"....Zuf....n...u._.B...z.G.....O..=X.>;..?~H..k.....;...t...*l......8g>...'P..G.5f.tu.,t...m..`..XP...p4#3..3.f%..d...]4.&x..}......... .....?..x....w..~.m..n.u.....C....w..........oq..P:$.....tn.D..R..&.U.&.J....i.5.,.....5.....Y.B..eM.K.}.s..6.....d:..A...6R.A.`.!.$...8......}.:...u..t..p7..........m].l.....].^\.n...0.W........i.h.21L4......[G..'.s.D......].n1..azR-.Y ....L..W.d.hN!.7.`u.F.G[...=....5......o.....JY..6f..5!z......S...A....9.8.....5.KE.. Ld...R.d.......<......2.P.*A........."v.E..A\.L.{.....VeN.b.)...]I.".Y.).h......$.%@..=.....{.?........FF.N"o?.T.%.G.B}..q.'4...O....v......h..Z.....?.6.p.....G._....@.}.....&s>F7o[6..e2`e.\j..5s..O.{_~.f.........{.].]..*..njf.mg.a. -D.......$......k....iAH....1?.(.....Uf...x{.....e6)&...v..#......yh...R?P<U...y}k.....F....x.Eu.... .......U.0u.}.(.8....f.....u...A.C.........f..>..;.,fQ.q. ....~u.]..m...v....oB.A>R :%......Q.@......|........ ...

<<< skipped >>>

GET /gy/upload/upfile_2835045_1438133394.jpg HTTP/1.1

Accept: */*

Referer: hXXp://u15.qzone.qq.com/cgi-bin/cgi_client_entry.cgi?uin=5454443

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: qzone.qq.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: org-imgcache

Last-Modified: Wed, 29 Jul 2015 01:29:54 GMT

Content-Type: image/jpeg

Content-Length: 124656

ETag: "55b82c92-1e6f0"

Cache-Control: max-age=259200

Date: Thu, 27 Aug 2015 00:57:17 GMT

Connection: keep-alive

......JFIF.............<CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 100....C....................................................................C............................................................................"............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..........Z....T..G......n...cX...}b.G....S\.].........._.z..> hV....n....6.....:=..k.....@...n.O.5....2K]R...G...k..........?.j.wo..N.sK.J...Mm.z....%..].og...7......,.n.......?....\..}E}.q..sovd.0.M.."....1...........z..4...~..K.c....E.'._.....}o......y../@.u.\.._.O.....cO.?je.4q.j.......%..@..8v.....c.;j.\...._u.?._..,.A...q.}.M....S;.N...?..%.kF......L....... |D..u..<...I.u..}\h:....w..0..}CX..>.>.......G........~.xO........Sx_.....;._.W~ ........M5O..k..8......9..;Q......}..M...KV..4....t.SK...h....J.'..A...5..k.Q....S.H..H...__..=?........o...${_E.....m{X...O..G.~g.....<UO'.....W*....:U.n..B-5..n.....<...K.5..k.'..o..Y.~.B........5M..c...$...2.Z. ........xK.._.?..6~.....n.q......./X........C.5... ...,~.>4.....;........f.A.y....?....>.#.NpG5.|D..<Q.......*.S2...O.4.........E......gnF0rA.|G..g..............

<<< skipped >>>

GET /gy/upload/upfile_4270811_1436692558.jpg HTTP/1.1

Accept: */*

Referer: hXXp://u15.qzone.qq.com/cgi-bin/cgi_client_entry.cgi?uin=5454443

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: qzone.qq.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: org-imgcache

Last-Modified: Sun, 12 Jul 2015 09:15:58 GMT

Content-Type: image/jpeg

Content-Length: 146648

ETag: "55a2304e-23cd8"

Cache-Control: max-age=259200

Date: Thu, 27 Aug 2015 00:57:17 GMT

Connection: keep-alive

......JFIF.............<CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 100....C....................................................................C.......................................................................@.I.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?........}.....Uy...f.'....O..r..L2y........S\]..'....3.g.......5..L_.......Z_n.i?}...L....\.........C...z..OZ.9...[..O..a..8......Z...z.[......~.....r.e....o...X...T"..V......V.'.O......{..a.k.w^w...t........>...I-f..0.....\...Z...[.-..o..^3..._...?._..J........e...S[}....z.$3Mq4Sc.G<.y.............=:u.. ..............:.x..^..q......lw0......A....q.5...u.......#..J.s..'ug.\y.......^....~....C.........W.1.4bh~.....3.li.$...q.................~..^M...._.r..j......O.;q...>..&.6.........g...N..qja....X..#4..;x........o.....K.?.c...>....c........._....u.&......O..~4.r.P......._..~=~..yS}....<z...Z............Og.............v.............?..u? ....F3..n.....#...]...H...w=!...3{........B.J].]S..............}....}7.....7.y....y..l...66...c.}.>..\.?wo7..........I..........2G7........#........{.....>\..N=.....|.A....M...?......

<<< skipped >>>

GET /gy/404/style/image/bg_corner.png HTTP/1.1

Accept: */*

Referer: hXXp://u15.qzone.qq.com/cgi-bin/cgi_client_entry.cgi?uin=5454443

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: qzone.qq.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: org-imgcache

Last-Modified: Wed, 31 Dec 2014 12:21:54 GMT

Content-Type: image/png

Content-Length: 2371

ETag: "54a3ea62-943"

Cache-Control: max-age=259200

Date: Thu, 27 Aug 2015 00:57:18 GMT

Connection: keep-alive

.PNG........IHDR...x...<.......~.....tEXtSoftware.Adobe ImageReadyq.e<...$iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)" xmpMM:InstanceID="xmp.iid:58F2A7167BE611E4AF49CE8655D24E0A" xmpMM:DocumentID="xmp.did:58F2A7177BE611E4AF49CE8655D24E0A"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:58F2A7147BE611E4AF49CE8655D24E0A" stRef:documentID="xmp.did:58F2A7157BE611E4AF49CE8655D24E0A"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..#.....IDATx...mh[U..O....i7l}.........M..2....e.0.a.....~......)~PA..A.........uS6E..8-A....j.M.&....{........{N..?B.{.....s.s.s.P.P`.Z.....x.X......`#ha...Y........Y....&...9.-A.J......l.ZUd...`....Nk!p.].....{.m.}....0Q...B`.....}`m...;....N......1......-u".$x....{..~.,.v.<.SQa.....'F.Z..vl'x..)"..x....... .Lf.N..HH*l.w.].../&h.;v.x..'..I.4.....u.....<..%.....A.7..,...c........[A.8..f|<~.<....f.....6.,.J.M..YiP>..F|k...).E{.O=">^.1....RL.....]v...>...9..JV.........%..,..H2Wv.....c.......]`.....^...w..l..Bm...YC..<.?#c..R|..|V#...#.6..IV.]...W...C.W.FQI`.{.!z_.

<<< skipped >>>

GET /ac/qzfl/stat.js HTTP/1.1

Accept: */*

Referer: hXXp://u15.qzone.qq.com/cgi-bin/cgi_client_entry.cgi?uin=5454443

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: qzonestyle.gtimg.cn

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: application/x-javascript

Content-Length: 3521

Last-Modified: Thu, 13 Nov 2014 10:18:36 GMT

Content-Encoding: gzip

ETag: "5464857c-2862"

Server: org-imgcache

Cache-Control: max-age=31104000

Date: Thu, 27 Aug 2015 00:57:16 GMT

Connection: keep-alive

Vary: Accept-Encoding

....|.dT....is.6.........L....4....f'.f.....z@..XS.JR.SQ.}..x.r...Nc.x..}....K>.....;......`.....qp-bO....n.&...C].....c=(*.o..Tw...P..,..n..m..70~...|6.>S..I.-.........p......I.%.c8.i..r.......Bd..|...z.!{.9EQR%.D..>........`.%..k.).1.H...t......?(p.....d...JWOp..R....t... F.....s .......pC..Xsb..i........r<..:..Q.4..!L.-.M....g.9..-.m...\...vb.=.......|N.{.........k..1...l.Q.od....:.~u..'V.C.a..R..~|Oj ...5.J.... ....7......S..S...RYGR....z"......n....P...=?...p.T../.^..<.S ..'rhl..V;............n.....l..iH.\..S.l|......k...........]..........5Ma......."9.i`..il.@.....?.4CC.....u... ./A...@}C..........2.%.x.sw..].B...Z.;.OR...4....k..UAx..~.f...h...... ..l...w.@.iE.....cn.. .8....#=P...w.i.`.......8..`.I...A.`5.U.3...k`0...4..Y......8....__|.........U..Q7G(..7M.N...`..h..:.P..1.q...,...@..V;|T.:./....."s.V...6D.m..."U.^I.&.....u.^..QJm9F[..6......%.......Y.=).... 0.m.c...2.=`.4.[..[..2.e......H..Y........0.5K.^...O.{q..m.[...`.3..y..0.8..........].[..e.a.$....$.k....m........;.-\..M..~...83.....m}.........a.?....]....)8....V...)...3.~.:..............t1w.z...Z~O.t...Y.....4W...d.n.....O/.]<.|..#A....>~x.}.Ea&. ^......9....J;..|...-\....\......@n................<.<._<..........@n...}}...)......0...e@`.js.B.R..?..N...:.LQD. .0c.dy.7....f......p..sV0.T."..d..(j..R.9.L.......l..y..`U..$R`<......L;..na..J..2>.LY...R.1..o.R,......~..k..o.....o.v...f..h....h.z.........E....1n....._..:........[a.._....__.f......S..!.V#...b.Q.di.<.Z...}0>.J.......l.'Rw.#n*..02].<?R:)......^.

<<< skipped >>>

GET /cgi-bin/cgi_client_entry.cgi?uin=5454443 HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: u15.qzone.qq.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: QZHTTP-2.38.18

Content-Encoding: gzip

X-Frame-Options: SAMEORIGIN

X-UA-Compatible: IE=Edge

Last-Modified: Thu, 27 Aug 2015 00:57:13 GMT

Cache-Control: max-age=0, no-transform, proxy-revalidate

Content-Type: text/html; charset=utf-8

Date: Thu, 27 Aug 2015 00:57:14 GMT

Content-Length: 607

Connection: keep-alive

Vary: Accept-Encoding

Set-Cookie: qzone_check=; EXPIRES=Fri, 02-Jan-1970 00:00:00 GMT; PATH=/; DOMAIN=qq.com

Set-Cookie: _qz_referrer=; expires=Mon, 26 Jul 1997 05:00:00 GMT; PATH=/; DOMAIN=qq.com

.............s.@...0....s....q.=....z.....:.Z.X.)(P.bJ..CA....RhG*iB..b.m......U{j.y;...~.y.....z.........gO.........a$.I}.....dU.$./.....y8.@..TS.7kP.......e-..*Rp...&.9$.......>.. ....JQ% ...../k..*.9.j....|.m....".{...>...rw>....2.{..y.U.,[.v..6......]t.....5..Uw;..R!.tvrs3scd...N....jc.......@..R}WO......( ..Rk.M.....a..r.K..M.c.D....3....w@M..y.J.R..K....F....sl...!.KR.{.....F......c..{.e7....z.......7.........n4..Z...lE]..p..S.cp[{...< ...5g?O..PL.....s..%...f.............J.k..b.?..V.k.e..~./1'N~.....0...mm.O@S^k...J.Y.$.r@.i..=Q\]].^Y..cQ.5.."...s9.....:.....".8"...?>.....gx.|.?...........o...HTTP/1.1 200 OK..Server: QZHTTP-2.38.18..Content-Encoding: gzip..X-Frame-Options: SAMEORIGIN..X-UA-Compatible: IE=Edge..Last-Modified: Thu, 27 Aug 2015 00:57:13 GMT..Cache-Control: max-age=0, no-transform, proxy-revalidate..Content-Type: text/html; charset=utf-8..Date: Thu, 27 Aug 2015 00:57:14 GMT..Content-Length: 607..Connection: keep-alive..Vary: Accept-Encoding..Set-Cookie: qzone_check=; EXPIRES=Fri, 02-Jan-1970 00:00:00 GMT; PATH=/; DOMAIN=qq.com..Set-Cookie: _qz_referrer=; expires=Mon, 26 Jul 1997 05:00:00 GMT; PATH=/; DOMAIN=qq.com...............s.@...0....s....q.=....z.....:.Z.X.)(P.bJ..CA....RhG*iB..b.m......U{j.y;...~.y.....z.........gO.........a$.I}.....dU.$./.....y8.@..TS.7kP.......e-..*Rp...&.9$.......>.. ....JQ% ...../k..*.9.j....|.m....".{...>...rw>....2.{..y.U.,[.v..6......]t.....5..Uw;..R!.tvrs3scd...N....jc.......@..R}WO......( ..Rk.M.....a..r.K..M.c.D....3....w@M..y.J.R..K.

<<< skipped >>>

GET /404/search_children.js HTTP/1.1

Accept: */*

Referer: hXXp://u15.qzone.qq.com/cgi-bin/cgi_client_entry.cgi?uin=5454443

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.qq.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Server: squid/3.4.1

Content-Type: application/javascript; charset=GB2312

Vary: Accept-Encoding

Vary: Accept-Encoding

Content-Encoding: gzip

Vary: Accept-Encoding

Cache-Control: max-age=120

Expires: Thu, 27 Aug 2015 00:59:15 GMT

Date: Thu, 27 Aug 2015 00:57:15 GMT

Content-Length: 193

Connection: keep-alive

...............@...^...mV#fV........L4.&....>...v....|....&.. .....}..J.6u...w.J.....v....^C.4.yt.j...P!.n.'...* .W.......7l.S...&D.Bt\N.b..;..........d0.x.v.ROk.^.f.R{em.W...V.<. M..._J.Ub'...HTTP/1.1 200 OK..Server: squid/3.4.1..Content-Type: application/javascript; charset=GB2312..Vary: Accept-Encoding..Vary: Accept-Encoding..Content-Encoding: gzip..Vary: Accept-Encoding..Cache-Control: max-age=120..Expires: Thu, 27 Aug 2015 00:59:15 GMT..Date: Thu, 27 Aug 2015 00:57:15 GMT..Content-Length: 193..Connection: keep-alive.................@...^...mV#fV........L4.&....>...v....|....&.. .....}..J.6u...w.J.....v....^C.4.yt.j...P!.n.'...* .W.......7l.S...&D.Bt\N.b..;..........d0.x.v.ROk.^.f.R{em.W...V.<. M..._J.Ub'.....

GET /wp-content/themes/twentytwelve/js/html5.js HTTP/1.1

Accept: */*

Referer: hXXp://neeao.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: neeao.com

Connection: Keep-Alive

Cookie: PHPSESSID=kmmrh2tflq6od56ce2p5qsr1i1

HTTP/1.1 200 OK

Server: nginx

Date: Thu, 27 Aug 2015 00:57:13 GMT

Content-Type: application/javascript

Content-Length: 2487

Last-Modified: Fri, 26 Oct 2012 23:25:44 GMT

Connection: keep-alive

ETag: "508b1bf8-9b7"

Expires: Thu, 27 Aug 2015 12:57:13 GMT

Cache-Control: max-age=43200

Accept-Ranges: bytes

/*! HTML5 Shiv v3.6 | @afarkas @jdalton @jon_neal @rem | MIT/GPL2 Licensed */./* Source: hXXps://github.com/aFarkas/html5shiv */.(function(l,f){function m(){var a=e.elements;return"string"==typeof a?a.split(" "):a}function i(a){var b=n[a[o]];b||(b={},h ,a[o]=h,n[h]=b);return b}function p(a,b,c){b||(b=f);if(g)return b.createElement(a);c||(c=i(b));b=c.cache[a]?c.cache[a].cloneNode():r.test(a)?(c.cache[a]=c.createElem(a)).cloneNode():c.createElem(a);return b.canHaveChildren&&!s.test(a)?c.frag.appendChild(b):b}function t(a,b){if(!b.cache)b.cache={},b.createElem=a.createElement,b.createFrag=a.createDocumentFragment,b.frag=b.createFrag();.a.createElement=function(c){return!e.shivMethods?b.createElem(c):p(c,a,b)};a.createDocumentFragment=Function("h,f","return function(){var n=f.cloneNode(),c=n.createElement;h.shivMethods&&(" m().join().replace(/\w /g,function(a){b.createElem(a);b.frag.createElement(a);return'c("' a '")'}) ");return n}")(e,b.frag)}function q(a){a||(a=f);var b=i(a);if(e.shivCSS&&!j&&!b.hasCSS){var c,d=a;c=d.createElement("p");d=d.getElementsByTagName("head")[0]||d.documentElement;c.innerHTML="x<style>article,aside,figcaption,figure,footer,header,hgroup,nav,section{display:block}mark{background:#FF0;color:#000}</style>";.c=d.insertBefore(c.lastChild,d.firstChild);b.hasCSS=!!c}g||t(a,b);return a}var k=l.html5||{},s=/^<|^(?:button|map|select|textarea|object|iframe|option|optgroup)$/i,r=/^<|^(?:a|b|button|code|div|fieldset|form|h1|h2|h3|h4|h5|h6|i|iframe|img|input|label|li|link|ol|option

<<< skipped >>>

GET /wp-content/themes/twentytwelve/css/ie.css?ver=20121010 HTTP/1.1

Accept: */*

Referer: hXXp://neeao.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: neeao.com

Connection: Keep-Alive

Cookie: PHPSESSID=kmmrh2tflq6od56ce2p5qsr1i1

HTTP/1.1 200 OK

Server: nginx

Date: Thu, 27 Aug 2015 00:57:14 GMT

Content-Type: text/css

Content-Length: 4781

Last-Modified: Mon, 07 Oct 2013 16:42:08 GMT

Connection: keep-alive

Vary: Accept-Encoding

ETag: "5252e460-12ad"

Expires: Thu, 27 Aug 2015 12:57:14 GMT

Cache-Control: max-age=43200

Accept-Ranges: bytes

/*.Styles for older IE versions (previous to IE9)..*/..body {..background-color: #e6e6e6;.}.body.custom-background-empty {..background-color: #fff;.}.body.custom-background-empty .site,.body.custom-background-white .site {..box-shadow: none;..margin-bottom: 0;..margin-top: 0;..padding: 0;.}..assistive-text,..site .screen-reader-text {..clip: rect(1px 1px 1px 1px); /* IE7 */.}..full-width .site-content {..float: none;..width: 100%;.}.img.size-full,.img.size-large,.img.header-image,.img.wp-post-image,.img[class*="align"],.img[class*="wp-image-"],.img[class*="attachment-"] {..width: auto; /* Prevent stretching of full-size and large-size images with height and width attributes in IE8 */.}..author-avatar {..float: left;..margin-top: 8px;..margin-top: 0.571428571rem;.}..author-description {..float: right;..width: 80%;.}..site {..box-shadow: 0 2px 6px rgba(100, 100, 100, 0.3);..margin: 48px auto;..max-width: 960px;..overflow: hidden;..padding: 0 40px;.}..site-content {..float: left;..width: 65.104166667%;.}.body.template-front-page .site-content,.body.attachment .site-content,.body.full-width .site-content {..width: 100%;.}..widget-area {..float: right;..width: 26.041666667%;.}..site-header h1,..site-header h2 {..text-align: left;.}..site-header h1 {..font-size: 26px;..line-height: 1.846153846;.}..main-navigation ul.nav-menu,..main-navigation div.nav-menu > ul {..border-bottom: 1px solid #ededed;..border-top: 1px solid #ededed;..display: inline-block !important;..text-align: left;..width: 100%;.}..main-navigation

<<< skipped >>>

GET /wp-content/themes/twentytwelve/js/navigation.js?ver=1.0 HTTP/1.1

Accept: */*

Referer: hXXp://neeao.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: neeao.com

Connection: Keep-Alive

Cookie: PHPSESSID=kmmrh2tflq6od56ce2p5qsr1i1; Hm_lvt_19c9dab3ab926f7f84b51ac9a3d72f37=1440637032; Hm_lpvt_19c9dab3ab926f7f84b51ac9a3d72f37=1440637032

HTTP/1.1 200 OK

Server: nginx

Date: Thu, 27 Aug 2015 00:57:17 GMT

Content-Type: application/javascript

Content-Length: 863

Last-Modified: Wed, 14 Nov 2012 20:21:00 GMT

Connection: keep-alive

ETag: "50a3fd2c-35f"

Expires: Thu, 27 Aug 2015 12:57:17 GMT

Cache-Control: max-age=43200

Accept-Ranges: bytes

/**. * navigation.js. *. * Handles toggling the navigation menu for small screens.. */.( function() {..var nav = document.getElementById( 'site-navigation' ), button, menu;..if ( ! nav )...return;..button = nav.getElementsByTagName( 'h3' )[0];..menu = nav.getElementsByTagName( 'ul' )[0];..if ( ! button )...return;...// Hide button if menu is missing or empty...if ( ! menu || ! menu.childNodes.length ) {...button.style.display = 'none';...return;..}...button.onclick = function() {...if ( -1 == menu.className.indexOf( 'nav-menu' ) )....menu.className = 'nav-menu';....if ( -1 != button.className.indexOf( 'toggled-on' ) ) {....button.className = button.className.replace( ' toggled-on', '' );....menu.className = menu.className.replace( ' toggled-on', '' );...} else {....button.className = ' toggled-on';....menu.className = ' toggled-on';...}..};.} )();HTTP/1.1 200 OK..Server: nginx..Date: Thu, 27 Aug 2015 00:57:17 GMT..Content-Type: application/javascript..Content-Length: 863..Last-Modified: Wed, 14 Nov 2012 20:21:00 GMT..Connection: keep-alive..ETag: "50a3fd2c-35f"..Expires: Thu, 27 Aug 2015 12:57:17 GMT..Cache-Control: max-age=43200..Accept-Ranges: bytes../**. * navigation.js. *. * Handles toggling the navigation menu for small screens.. */.( function() {..var nav = document.getElementById( 'site-navigation' ), button, menu;..if ( ! nav )...return;..button = nav.getElementsByTagName( 'h3' )[0];..menu = nav.getElementsByTagName( 'ul' )[0];..if ( ! button )...return;...// Hide button if menu is missing or empt

<<< skipped >>>

GET /css?family=Open Sans:400italic,700italic,400,700&subset=latin,latin-ext HTTP/1.1

Accept: */*

Referer: hXXp://neeao.com/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: fonts.googleapis.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: text/css

Access-Control-Allow-Origin: *

Timing-Allow-Origin: *

Expires: Thu, 27 Aug 2015 00:57:14 GMT

Date: Thu, 27 Aug 2015 00:57:14 GMT

Cache-Control: private, max-age=86400

Content-Length: 186

X-Content-Type-Options: nosniff

X-Frame-Options: SAMEORIGIN

X-XSS-Protection: 1; mode=block

Server: GSE

@font-face {. font-family: 'Open Sans';. font-style: normal;. font-weight: 400;. src: url(hXXp://fonts.gstatic.com/s/opensans/v13/u-WUoqrET9fUeobQW7jkRfY6323mHUZFJMgTvxaG2iE.eot);.}.HTTP/1.1 200 OK..Content-Type: text/css..Access-Control-Allow-Origin: *..Timing-Allow-Origin: *..Expires: Thu, 27 Aug 2015 00:57:14 GMT..Date: Thu, 27 Aug 2015 00:57:14 GMT..Cache-Control: private, max-age=86400..Content-Length: 186..X-Content-Type-Options: nosniff..X-Frame-Options: SAMEORIGIN..X-XSS-Protection: 1; mode=block..Server: GSE..@font-face {. font-family: 'Open Sans';. font-style: normal;. font-weight: 400;. src: url(hXXp://fonts.gstatic.com/s/opensans/v13/u-WUoqrET9fUeobQW7jkRfY6323mHUZFJMgTvxaG2iE.eot);.}...

Map

The Trojan connects to the servers at the folowing location(s):

Strings from Dumps

badboy.exe_140:

KERNEL32.DLL

KERNEL32.DLL

kernel32.dll

kernel32.dll

Kernel32.dll

Kernel32.dll

ntdll.dll

ntdll.dll

EGHOST.EXE

EGHOST.EXE

MAILMON.EXE

MAILMON.EXE

KAVPFW.EXE

KAVPFW.EXE

Ravmon.EXE

Ravmon.EXE

Ravmond.EXE

Ravmond.EXE

........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ite

........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ite

.idata

.idata

.edata

.edata

P.reloc

P.reloc

P.rsrc

P.rsrc

127.0.0.1

127.0.0.1

Message-Id:

Message-Id:

auth LOGIN

auth LOGIN

HTTP://

HTTP://

HTTP/1.0

HTTP/1.0

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-powerpoint, application/vnd.ms-excel, application/msword, */*

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-powerpoint, application/vnd.ms-excel, application/msword, */*

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)

software\microsoft\windows

software\microsoft\windows

zhengtu.dat

zhengtu.dat

user32.dll

user32.dll

GetKeyboardType

GetKeyboardType

advapi32.dll

advapi32.dll

RegOpenKeyExA

RegOpenKeyExA

RegCloseKey

RegCloseKey

RegCreateKeyExA

RegCreateKeyExA

UnhookWindowsHookEx

UnhookWindowsHookEx

SetWindowsHookExA

SetWindowsHookExA

wsock32.dll

wsock32.dll

ztDLL.dll

ztDLL.dll

KWindows

KWindows

USER32.DLL

USER32.DLL

ADVAPI32.DLL

ADVAPI32.DLL

GetWindowsDirectoryA

GetWindowsDirectoryA

.tB4:

.tB4:

H%D\Kx~

H%D\Kx~

badboy.exe_140_rwx_00401000_0001A000:

kernel32.dll

kernel32.dll

Kernel32.dll

Kernel32.dll

ntdll.dll

ntdll.dll

EGHOST.EXE

EGHOST.EXE

MAILMON.EXE

MAILMON.EXE

KAVPFW.EXE

KAVPFW.EXE

Ravmon.EXE

Ravmon.EXE

Ravmond.EXE

Ravmond.EXE

........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ite

........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ite

.idata

.idata

.edata

.edata

P.reloc

P.reloc

P.rsrc

P.rsrc

127.0.0.1

127.0.0.1

Message-Id:

Message-Id:

auth LOGIN

auth LOGIN

HTTP://

HTTP://

HTTP/1.0

HTTP/1.0

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-powerpoint, application/vnd.ms-excel, application/msword, */*

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-powerpoint, application/vnd.ms-excel, application/msword, */*

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)

software\microsoft\windows

software\microsoft\windows

zhengtu.dat

zhengtu.dat

user32.dll

user32.dll

GetKeyboardType

GetKeyboardType

advapi32.dll

advapi32.dll

RegOpenKeyExA

RegOpenKeyExA

RegCloseKey

RegCloseKey

RegCreateKeyExA

RegCreateKeyExA

UnhookWindowsHookEx

UnhookWindowsHookEx

SetWindowsHookExA

SetWindowsHookExA

wsock32.dll

wsock32.dll

ztDLL.dll

ztDLL.dll

KWindows

KWindows

KERNEL32.DLL

KERNEL32.DLL

USER32.DLL

USER32.DLL

ADVAPI32.DLL

ADVAPI32.DLL

GetWindowsDirectoryA

GetWindowsDirectoryA

2.exe_1992:

.text

.text

`.rdata

`.rdata

@.data

@.data

.ecode

.ecode

.rsrc

.rsrc

user32.dll

user32.dll

KERNEL32.dll

KERNEL32.dll

USER32.dll

USER32.dll

GetCPInfo

GetCPInfo

krnln.fne

krnln.fne

krnln.fnr

krnln.fnr

1.1.3

1.1.3

%System%\2.exe

%System%\2.exe

hXXp://30434.q-zone.qq.com

hXXp://30434.q-zone.qq.com

hXXp://neeao.com

hXXp://neeao.com

hXXp://u15.qzone.qq.com/cgi-bin/cgi_client_entry.cgi?uin=5454443

hXXp://u15.qzone.qq.com/cgi-bin/cgi_client_entry.cgi?uin=5454443

hXXp://VVV.kuaigan8.com

hXXp://VVV.kuaigan8.com

hXXp://VVV.pptu8.com

hXXp://VVV.pptu8.com

VVV.530mo.com

VVV.530mo.com

hXXp://17bs.com/ip.htm8

hXXp://17bs.com/ip.htm8

2.exe_1992_rwx_0040A000_00001000:

hXXp://30434.q-zone.qq.com

hXXp://30434.q-zone.qq.com

hXXp://neeao.com

hXXp://neeao.com

hXXp://u15.qzone.qq.com/cgi-bin/cgi_client_entry.cgi?uin=5454443

hXXp://u15.qzone.qq.com/cgi-bin/cgi_client_entry.cgi?uin=5454443

hXXp://VVV.kuaigan8.com

hXXp://VVV.kuaigan8.com

hXXp://VVV.pptu8.com

hXXp://VVV.pptu8.com

VVV.530mo.com

VVV.530mo.com

hXXp://17bs.com/ip.htm8

hXXp://17bs.com/ip.htm8

IEXPLORE.EXE_380:

`.reloc

`.reloc

kernel32.dll

kernel32.dll

Windows

Windows

MSWHEEL_ROLLMSG

MSWHEEL_ROLLMSG

MSH_WHEELSUPPORT_MSG

MSH_WHEELSUPPORT_MSG

MSH_SCROLL_LINES_MSG

MSH_SCROLL_LINES_MSG

$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)

$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)

oleaut32.dll

oleaut32.dll

EVariantBadIndexError

EVariantBadIndexError

ssShift

ssShift

htKeyword

htKeyword

EInvalidOperation

EInvalidOperation

u%CNu

u%CNu

Uh.RA

Uh.RA

Uh.WA

Uh.WA

%s_%d

%s_%d

EInvalidGraphicOperation

EInvalidGraphicOperation

UhwEB

UhwEB

USER32.DLL

USER32.DLL

comctl32.dll

comctl32.dll

uxtheme.dll

uxtheme.dll

%s%s%s%s%s%s%s%s%s%s

%s%s%s%s%s%s%s%s%s%s

Proportional

Proportional

MAPI32.DLL

MAPI32.DLL

OnKeyDown4 C

OnKeyDown4 C

OnKeyPress

OnKeyPress

OnKeyUp

OnKeyUp

IE(AL("%s",4),"AL(\"%0:s\",3)","JK(\"%1:s\",\"%0:s\")")

IE(AL("%s",4),"AL(\"%0:s\",3)","JK(\"%1:s\",\"%0:s\")")

JumpID("","%s")

JumpID("","%s")

TKeyEvent

TKeyEvent

TKeyPressEvent

TKeyPressEvent

HelpKeyword

HelpKeyword

crSQLWait

crSQLWait

%s (%s)

%s (%s)

imm32.dll

imm32.dll

AutoHotkeys

AutoHotkeys

ssHotTrack

ssHotTrack

TWindowState

TWindowState

poProportional

poProportional

TWMKey

TWMKey

KeyPreview|RD

KeyPreview|RD

WindowState

WindowState

OnMouseUp8%C

OnMouseUp8%C

System\CurrentControlSet\Control\Keyboard Layouts\%.8x

System\CurrentControlSet\Control\Keyboard Layouts\%.8x

vcltest3.dll

vcltest3.dll

User32.dll

User32.dll

ntdll.dll

ntdll.dll

advapi32.dll

advapi32.dll

Port

Port

UDPSockError

UDPSockError

TMYNMUDP

TMYNMUDP

MYNMUDP

MYNMUDP

RemotePort

RemotePort

LocalPort

LocalPort

ReportLevel

ReportLevel

0.0.0.0

0.0.0.0

%d.%d.%d.%d

%d.%d.%d.%d

Video.avi

Video.avi

Image.bmp

Image.bmp

thread_func()[id=%.8x] - exception "%s"

thread_func()[id=%.8x] - exception "%s"

unaMsAcmDriver

unaMsAcmDriver

unaMsAcmDeviceHeader

unaMsAcmDeviceHeader

function isn't supported

function isn't supported

invalid flag passed

invalid flag passed

invalid parameter passed

invalid parameter passed

registry key not found

registry key not found

unavclPipeDataEvent

unavclPipeDataEvent

unavclInOutPipe

unavclInOutPipe

unavclInOutWavePipe

unavclInOutWavePipe

iphlpapi.dll

iphlpapi.dll

20050101

20050101

getservbyport

getservbyport

WSAAsyncGetServByPort

WSAAsyncGetServByPort

WSAJoinLeaf

WSAJoinLeaf

WS2_32.DLL

WS2_32.DLL

TIdSocketListWindows

TIdSocketListWindows

TIdStackWindowsU

TIdStackWindowsU

IdStackWindows

IdStackWindows

1.0.4

1.0.4

HttpSocket

HttpSocket

HttpSocketRead

HttpSocketRead

HttpSocketError

HttpSocketError

HttpSocketDisconnect

HttpSocketDisconnect

HttpSocketConnect

HttpSocketConnect

SOFTWARE\Microsoft\Windows\CurrentVersion\Setup

SOFTWARE\Microsoft\Windows\CurrentVersion\Setup

SoftWare\Microsoft\Windows\CurrentVersion\Run

SoftWare\Microsoft\Windows\CurrentVersion\Run

%d-%.2d-%.2d %.2d:%2.d:%.2d

%d-%.2d-%.2d %.2d:%2.d:%.2d

hXXp://

hXXp://

1.1.1.1

1.1.1.1

2.2.2.2

2.2.2.2

1.1.1.3

1.1.1.3

*.dat

*.dat

!#%$^&!#%!&*!

!#%$^&!#%!&*!

HKEY_CLASSES_ROOT

HKEY_CLASSES_ROOT

HKEY_CURRENT_USER

HKEY_CURRENT_USER

HKEY_LOCAL_MACHINE

HKEY_LOCAL_MACHINE

HKEY_USERS

HKEY_USERS

HKEY_CURRENT_CONFIG

HKEY_CURRENT_CONFIG

HKEY_DYN_DATA

HKEY_DYN_DATA

Telnet [ip] [port]

Telnet [ip] [port]

:\Program Files\Internet Explorer\IEXPLORE.EXE

:\Program Files\Internet Explorer\IEXPLORE.EXE

DNSAPI.DLL

DNSAPI.DLL

NETAPI32.DLL

NETAPI32.DLL

SVRAPI.DLL

SVRAPI.DLL

Uh.JH

Uh.JH

\SOFTWARE\Microsoft\Windows\CurrentVersion

\SOFTWARE\Microsoft\Windows\CurrentVersion

\SOFTWARE\Microsoft\Windows NT\CurrentVersion

\SOFTWARE\Microsoft\Windows NT\CurrentVersion

productkey

productkey

%s %d.%d (%d.%s)

%s %d.%d (%d.%s)

%f MHz

%f MHz

: IExplore.exe

: IExplore.exe

: Explorer.exe

: Explorer.exe

%d---- -:-:-

%d---- -:-:-

PSAPI.DLL

PSAPI.DLL

(The key is too long to be read.)

(The key is too long to be read.)

Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp

Software\Microsoft\Windows\CurrentVersion\Policies\WinOldApp

Delete.bat

Delete.bat

THttpProxy

THttpProxy

HttpProxy

HttpProxy

GET HTTP://

GET HTTP://

HTTP/1.0 200 Connected OK

HTTP/1.0 200 Connected OK

IEXPLORE.EXE

IEXPLORE.EXE

3; #>6.&

3; #>6.&

', 2/ 07&!4-)1#

', 2/ 07&!4-)1#

deflate 1.0.4 Copyright 1995-1996 Jean-loup Gailly

deflate 1.0.4 Copyright 1995-1996 Jean-loup Gailly

)%%%$$&&$%&)

)%%%$$&&$%&)

)%%%$$&&$''&&

)%%%$$&&$''&&

38000=344

38000=344

>>^%FVl

>>^%FVl

KWindows

KWindows

.ScktComp

.ScktComp

UrlMon

UrlMon

IdTCPConnection

IdTCPConnection

IdTCPStream

IdTCPStream

IdTCPClient

IdTCPClient

IMYNMUDP

IMYNMUDP

\RUNExeMemUnit

\RUNExeMemUnit

Font.Charset

Font.Charset

Font.Color

Font.Color

Font.Height

Font.Height

Font.Name

Font.Name

Font.Style

Font.Style

Icon.Data

Icon.Data

DeleteCriticalSectionLeaveCriticalSectionEnterCriticalSectionInitializeCriticalSectionVirtualFreeVirtualAllocLocalFreeLocalAllocGetTickCountQueryPerformanceCounterGetVersionGetCurrentThreadIdInterlockedDecrementInterlockedIncrementVirtualQueryWideCharToMultiByteSetCurrentDirectoryAMultiByteToWideCharlstrlenAlstrcpynALoadLibraryExAGetThreadLocaleGetStartupInfoAGetProcAddressGetModuleHandleAGetModuleFileNameAGetLocaleInfoAGetLastErrorGetCurrentDirectoryAGetCommandLineAFreeLibraryFindFirstFileAFindCloseExitProcessExitThreadCreateThreadWriteFileUnhandledExceptionFilterSetFilePointerSetEndOfFileRtlUnwindReadFileRaiseExceptionGetStdHandleGetFileSizeGetFileTypeCreateFileACloseHandleGetKeyboardTypeLoadStringAMessageBoxACharNextARegQueryValueExARegOpenKeyExARegCloseKeySysFreeStringSysReAllocStringLenSysAllocStringLenTlsSetValueTlsGetValueLocalAllocGetModuleHandleARegSetValueExARegQueryValueExARegQueryInfoKeyARegOpenKeyExARegFlushKeyRegEnumValueARegEnumKeyExARegDeleteValueARegDeleteKeyARegCreateKeyExARegCloseKeyOpenProcessTokenLookupPrivilegeValueAAdjustTokenPrivilegeslstrcpyWlstrcpyAlstrcmpiAWriteProcessMemoryWriteFileWinExecWideCharToMultiByteWaitForSingleObjectVirtualQueryExVirtualQueryVirtualProtectExVirtualAllocExVirtualAllocUnmapViewOfFileTerminateProcessSuspendThreadSleepSizeofResourceSetThreadPrioritySetThreadLocaleSetThreadContextSetPriorityClassSetNamedPipeHandleStateSetFilePointerSetFileAttributesASetEventSetErrorModeSetEndOfFileResumeThreadResetEventRemoveDirectoryAReadProcessMemoryReadFileQueryPerformanceFrequencyQueryPerformanceCounterPeekNamedPipeOutputDebugStringAOpenProcessMulDivMoveFileAMapViewOfFileLockResourceLocalFreeLoadResourceLoadLibraryALeaveCriticalSectionInitializeCriticalSectionGlobalUnlockGlobalReAllocGlobalMemoryStatusGlobalHandleGlobalLockGlobalFreeGlobalFindAtomAGlobalDeleteAtomGlobalAllocGlobalAddAtomAGetWindowsDirectoryAGetVersionExWGetVersionExAGetVersionGetTimeFormatAGetTickCountGetThreadPriorityGetThreadLocaleGetThreadContextGetTempPathAGetSystemTimeGetSystemInfoGetStringTypeExAGetStdHandleGetStartupInfoAGetProcAddressGetPriorityClassGetOverlappedResultGetModuleHandleAGetModuleFileNameAGetLocaleInfoAGetLocalTimeGetLastErrorGetFullPathNameAGetFileSizeGetFileAttributesExAGetFileAttributesAGetExitCodeThreadGetExitCodeProcessGetDriveTypeAGetDiskFreeSpaceAGetDateFormatAGetCurrentThreadIdGetCurrentThreadGetCurrentProcessIdGetCurrentProcessGetComputerNameAGetCommandLineAGetCPInfoGetACPFreeResourceInterlockedIncrementInterlockedExchangeInterlockedDecrementFreeLibraryFormatMessageAFindResourceAFindNextFileAFindFirstFileAFindCloseFileTimeToSystemTimeFileTimeToLocalFileTimeFileTimeToDosDateTimeExpandEnvironmentStringsAExitProcessEnumCalendarInfoAEnterCriticalSectionDeleteFileADeleteCriticalSectionCreateThreadCreateProcessACreatePipeCreateMutexACreateFileACreateEventACreateDirectoryACopyFileACompareStringACloseHandleWNetOpenEnumAWNetGetUserAWNetEnumResourceAWNetCloseEnumVerQueryValueAGetFileVersionInfoSizeAGetFileVersionInfoAUnrealizeObjectStretchBltSetWindowOrgExSetWinMetaFileBitsSetViewportOrgExSetTextColorSetStretchBltModeSetROP2SetPixelSetEnhMetaFileBitsSetDIBColorTableSetBrushOrgExSetBkModeSetBkColorSelectPaletteSelectObjectSaveDCRestoreDCRectangleRectVisibleRealizePalettePolylinePlayEnhMetaFilePatBltMoveToExMaskBltLineToIntersectClipRectGetWindowOrgExGetWinMetaFileBitsGetTextMetricsAGetTextExtentPointAGetTextExtentPoint32AGetSystemPaletteEntriesGetStockObjectGetPixelGetPaletteEntriesGetObjectAGetEnhMetaFilePaletteEntriesGetEnhMetaFileHeaderGetEnhMetaFileBitsGetDeviceCapsGetDIBitsGetDIBColorTableGetDCOrgExGetCurrentPositionExGetClipBoxGetBrushOrgExGetBitmapBitsExcludeClipRectDeleteObjectDeleteEnhMetaFileDeleteDCCreateSolidBrushCreatePenIndirectCreatePaletteCreateHalftonePaletteCreateFontIndirectACreateDIBitmapCreateDIBSectionCreateCompatibleDCCreateCompatibleBitmapCreateBrushIndirectCreateBitmapCopyEnhMetaFileABitBltCreateWindowExAmouse_eventkeybd_eventWindowFromPointWinHelpAWaitMessageVkKeyScanAUpdateWindowUnregisterClassAUnhookWindowsHookExTranslateMessageTranslateMDISysAccelTrackPopupMenuSystemParametersInfoAShowWindowShowScrollBarShowOwnedPopupsShowCursorSetWindowsHookExASetWindowPosSetWindowPlacementSetWindowLongASetTimerSetThreadDesktopSetScrollRangeSetScrollPosSetScrollInfoSetRectSetPropASetParentSetMenuItemInfoASetMenuSetForegroundWindowSetFocusSetCursorPosSetCursorSetClipboardDataSetClassLongASetCaptureSetActiveWindowSendMessageAScrollWindowScreenToClientRemovePropARemoveMenuReleaseDCReleaseCaptureRegisterWindowMessageARegisterClipboardFormatARegisterClassARedrawWindowPtInRectPostQuitMessagePostMessageAPeekMessageAOpenInputDesktopOpenDesktopAOpenClipboardOffsetRectOemToCharAMsgWaitForMultipleObjectsMessageBoxAMessageBeepMapWindowPointsMapVirtualKeyALoadStringALoadKeyboardLayoutALoadIconALoadCursorALoadBitmapAKillTimerIsZoomedIsWindowVisibleIsWindowEnabledIsWindowIsRectEmptyIsIconicIsDialogMessageAIsClipboardFormatAvailableIsChildInvalidateRectIntersectRectInsertMenuItemAInsertMenuAInflateRectGetWindowThreadProcessIdGetWindowTextAGetWindowRectGetWindowPlacementGetWindowLongAGetWindowDCGetUserObjectInformationAGetTopWindowGetSystemMetricsGetSystemMenuGetSysColorBrushGetSysColorGetSubMenuGetScrollRangeGetScrollPosGetScrollInfoGetPropAGetParentGetWindowGetMenuStringAGetMenuStateGetMenuItemInfoAGetMenuItemIDGetMenuItemCountGetMenuGetLastActivePopupGetKeyboardStateGetKeyboardLayoutListGetKeyboardLayoutGetKeyStateGetKeyNameTextAGetIconInfoGetForegroundWindowGetFocusGetDesktopWindowGetDCExGetDCGetCursorPosGetCursorGetClipboardDataGetClientRectGetClassNameAGetClassInfoAGetCaptureGetActiveWindowFrameRectFindWindowAFillRectExitWindowsExEqualRectEnumWindowsEnumThreadWindowsEnumClipboardFormatsEndPaintEnableWindowEnableScrollBarEnableMenuItemEmptyClipboardDrawTextADrawMenuBarDrawIconExDrawIconDrawFrameControlDrawEdgeDispatchMessageADestroyWindowDestroyMenuDestroyIconDestroyCursorDeleteMenuDefWindowProcADefMDIChildProcADefFrameProcACreatePopupMenuCreateMenuCreateIconCloseDesktopCloseClipboardClientToScreenCheckMenuItemCallWindowProcACallNextHookExBeginPaintCharNextACharLowerBuffACharLowerACharUpperBuffACharToOemAAdjustWindowRectExActivateKeyboardLayoutSleepSafeArrayPtrOfIndexSafeArrayGetUBoundSafeArrayGetLBoundSafeArrayCreateVariantChangeTypeVariantCopyVariantClearVariantInitImageList_SetIconSizeImageList_GetIconSizeImageList_WriteImageList_ReadImageList_GetDragImageImageList_DragShowNolockImageList_SetDragCursorImageImageList_DragMoveImageList_DragLeaveImageList_DragEnterImageList_EndDragImageList_BeginDragImageList_RemoveImageList_DrawExImageList_DrawImageList_GetBkColorImageList_SetBkColorImageList_ReplaceIconImageList_AddImageList_GetImageCountImageList_DestroyImageList_CreateShell_NotifyIconAShellExecuteAInternetReadFileInternetOpenUrlAInternetOpenAInternetCloseHandleHttpQueryInfoAStartServiceAStartServiceCtrlDispatcherASetServiceStatusRegisterServiceCtrlHandlerAQueryServiceStatusQueryServiceConfigAOpenServiceAOpenSCManagerAGetServiceKeyNameAEnumServicesStatusADeleteServiceCreateServiceAControlServiceCloseServiceHandleChangeServiceConfigAWSACleanupWSAStartupWSAGetLastErrorWSACancelAsyncRequestWSAAsyncGetServByNameWSAAsyncGetHostByNameWSAAsyncSelectgethostnamegetservbynamegethostbynamesocketsetsockoptsendtosendselectrecvfromrecvntohslistenioctlsocketinet_ntoainet_addrhtonsgetsockoptgetsocknamegetpeernameconnectclosesocketbindacceptCheckSumMappedFilewaveOutWritewaveOutUnprepareHeaderwaveOutResetwaveOutPrepareHeaderwaveOutOpenwaveOutGetPositionwaveOutGetErrorTextAwaveOutGetDevCapsWwaveOutGetDevCapsAwaveOutClosewaveInUnprepareHeaderwaveInStopwaveInStartwaveInResetwaveInPrepareHeaderwaveInOpenwaveInGetPositionwaveInGetErrorTextAwaveInGetDevCapsWwaveInGetDevCapsAwaveInClosewaveInAddBufferSendDriverMessageOpenDriverCloseDrivercapCreateCaptureWindowAcapGetDriverDescriptionAacmFormatChooseAacmFormatEnumAacmFormatTagEnumAacmDriverDetailsWacmDriverDetailsAacmDriverMessageacmDriverCloseacmDriverOpenacmDriverEnumacmMetricsacmGetVersionWSAIoctlgethostnamegethostbynameinet_ntoaSetSecurityInfoGetSecurityInfoSetEntriesInAclAcapGetDriverDescriptionA

DeleteCriticalSectionLeaveCriticalSectionEnterCriticalSectionInitializeCriticalSectionVirtualFreeVirtualAllocLocalFreeLocalAllocGetTickCountQueryPerformanceCounterGetVersionGetCurrentThreadIdInterlockedDecrementInterlockedIncrementVirtualQueryWideCharToMultiByteSetCurrentDirectoryAMultiByteToWideCharlstrlenAlstrcpynALoadLibraryExAGetThreadLocaleGetStartupInfoAGetProcAddressGetModuleHandleAGetModuleFileNameAGetLocaleInfoAGetLastErrorGetCurrentDirectoryAGetCommandLineAFreeLibraryFindFirstFileAFindCloseExitProcessExitThreadCreateThreadWriteFileUnhandledExceptionFilterSetFilePointerSetEndOfFileRtlUnwindReadFileRaiseExceptionGetStdHandleGetFileSizeGetFileTypeCreateFileACloseHandleGetKeyboardTypeLoadStringAMessageBoxACharNextARegQueryValueExARegOpenKeyExARegCloseKeySysFreeStringSysReAllocStringLenSysAllocStringLenTlsSetValueTlsGetValueLocalAllocGetModuleHandleARegSetValueExARegQueryValueExARegQueryInfoKeyARegOpenKeyExARegFlushKeyRegEnumValueARegEnumKeyExARegDeleteValueARegDeleteKeyARegCreateKeyExARegCloseKeyOpenProcessTokenLookupPrivilegeValueAAdjustTokenPrivilegeslstrcpyWlstrcpyAlstrcmpiAWriteProcessMemoryWriteFileWinExecWideCharToMultiByteWaitForSingleObjectVirtualQueryExVirtualQueryVirtualProtectExVirtualAllocExVirtualAllocUnmapViewOfFileTerminateProcessSuspendThreadSleepSizeofResourceSetThreadPrioritySetThreadLocaleSetThreadContextSetPriorityClassSetNamedPipeHandleStateSetFilePointerSetFileAttributesASetEventSetErrorModeSetEndOfFileResumeThreadResetEventRemoveDirectoryAReadProcessMemoryReadFileQueryPerformanceFrequencyQueryPerformanceCounterPeekNamedPipeOutputDebugStringAOpenProcessMulDivMoveFileAMapViewOfFileLockResourceLocalFreeLoadResourceLoadLibraryALeaveCriticalSectionInitializeCriticalSectionGlobalUnlockGlobalReAllocGlobalMemoryStatusGlobalHandleGlobalLockGlobalFreeGlobalFindAtomAGlobalDeleteAtomGlobalAllocGlobalAddAtomAGetWindowsDirectoryAGetVersionExWGetVersionExAGetVersionGetTimeFormatAGetTickCountGetThreadPriorityGetThreadLocaleGetThreadContextGetTempPathAGetSystemTimeGetSystemInfoGetStringTypeExAGetStdHandleGetStartupInfoAGetProcAddressGetPriorityClassGetOverlappedResultGetModuleHandleAGetModuleFileNameAGetLocaleInfoAGetLocalTimeGetLastErrorGetFullPathNameAGetFileSizeGetFileAttributesExAGetFileAttributesAGetExitCodeThreadGetExitCodeProcessGetDriveTypeAGetDiskFreeSpaceAGetDateFormatAGetCurrentThreadIdGetCurrentThreadGetCurrentProcessIdGetCurrentProcessGetComputerNameAGetCommandLineAGetCPInfoGetACPFreeResourceInterlockedIncrementInterlockedExchangeInterlockedDecrementFreeLibraryFormatMessageAFindResourceAFindNextFileAFindFirstFileAFindCloseFileTimeToSystemTimeFileTimeToLocalFileTimeFileTimeToDosDateTimeExpandEnvironmentStringsAExitProcessEnumCalendarInfoAEnterCriticalSectionDeleteFileADeleteCriticalSectionCreateThreadCreateProcessACreatePipeCreateMutexACreateFileACreateEventACreateDirectoryACopyFileACompareStringACloseHandleWNetOpenEnumAWNetGetUserAWNetEnumResourceAWNetCloseEnumVerQueryValueAGetFileVersionInfoSizeAGetFileVersionInfoAUnrealizeObjectStretchBltSetWindowOrgExSetWinMetaFileBitsSetViewportOrgExSetTextColorSetStretchBltModeSetROP2SetPixelSetEnhMetaFileBitsSetDIBColorTableSetBrushOrgExSetBkModeSetBkColorSelectPaletteSelectObjectSaveDCRestoreDCRectangleRectVisibleRealizePalettePolylinePlayEnhMetaFilePatBltMoveToExMaskBltLineToIntersectClipRectGetWindowOrgExGetWinMetaFileBitsGetTextMetricsAGetTextExtentPointAGetTextExtentPoint32AGetSystemPaletteEntriesGetStockObjectGetPixelGetPaletteEntriesGetObjectAGetEnhMetaFilePaletteEntriesGetEnhMetaFileHeaderGetEnhMetaFileBitsGetDeviceCapsGetDIBitsGetDIBColorTableGetDCOrgExGetCurrentPositionExGetClipBoxGetBrushOrgExGetBitmapBitsExcludeClipRectDeleteObjectDeleteEnhMetaFileDeleteDCCreateSolidBrushCreatePenIndirectCreatePaletteCreateHalftonePaletteCreateFontIndirectACreateDIBitmapCreateDIBSectionCreateCompatibleDCCreateCompatibleBitmapCreateBrushIndirectCreateBitmapCopyEnhMetaFileABitBltCreateWindowExAmouse_eventkeybd_eventWindowFromPointWinHelpAWaitMessageVkKeyScanAUpdateWindowUnregisterClassAUnhookWindowsHookExTranslateMessageTranslateMDISysAccelTrackPopupMenuSystemParametersInfoAShowWindowShowScrollBarShowOwnedPopupsShowCursorSetWindowsHookExASetWindowPosSetWindowPlacementSetWindowLongASetTimerSetThreadDesktopSetScrollRangeSetScrollPosSetScrollInfoSetRectSetPropASetParentSetMenuItemInfoASetMenuSetForegroundWindowSetFocusSetCursorPosSetCursorSetClipboardDataSetClassLongASetCaptureSetActiveWindowSendMessageAScrollWindowScreenToClientRemovePropARemoveMenuReleaseDCReleaseCaptureRegisterWindowMessageARegisterClipboardFormatARegisterClassARedrawWindowPtInRectPostQuitMessagePostMessageAPeekMessageAOpenInputDesktopOpenDesktopAOpenClipboardOffsetRectOemToCharAMsgWaitForMultipleObjectsMessageBoxAMessageBeepMapWindowPointsMapVirtualKeyALoadStringALoadKeyboardLayoutALoadIconALoadCursorALoadBitmapAKillTimerIsZoomedIsWindowVisibleIsWindowEnabledIsWindowIsRectEmptyIsIconicIsDialogMessageAIsClipboardFormatAvailableIsChildInvalidateRectIntersectRectInsertMenuItemAInsertMenuAInflateRectGetWindowThreadProcessIdGetWindowTextAGetWindowRectGetWindowPlacementGetWindowLongAGetWindowDCGetUserObjectInformationAGetTopWindowGetSystemMetricsGetSystemMenuGetSysColorBrushGetSysColorGetSubMenuGetScrollRangeGetScrollPosGetScrollInfoGetPropAGetParentGetWindowGetMenuStringAGetMenuStateGetMenuItemInfoAGetMenuItemIDGetMenuItemCountGetMenuGetLastActivePopupGetKeyboardStateGetKeyboardLayoutListGetKeyboardLayoutGetKeyStateGetKeyNameTextAGetIconInfoGetForegroundWindowGetFocusGetDesktopWindowGetDCExGetDCGetCursorPosGetCursorGetClipboardDataGetClientRectGetClassNameAGetClassInfoAGetCaptureGetActiveWindowFrameRectFindWindowAFillRectExitWindowsExEqualRectEnumWindowsEnumThreadWindowsEnumClipboardFormatsEndPaintEnableWindowEnableScrollBarEnableMenuItemEmptyClipboardDrawTextADrawMenuBarDrawIconExDrawIconDrawFrameControlDrawEdgeDispatchMessageADestroyWindowDestroyMenuDestroyIconDestroyCursorDeleteMenuDefWindowProcADefMDIChildProcADefFrameProcACreatePopupMenuCreateMenuCreateIconCloseDesktopCloseClipboardClientToScreenCheckMenuItemCallWindowProcACallNextHookExBeginPaintCharNextACharLowerBuffACharLowerACharUpperBuffACharToOemAAdjustWindowRectExActivateKeyboardLayoutSleepSafeArrayPtrOfIndexSafeArrayGetUBoundSafeArrayGetLBoundSafeArrayCreateVariantChangeTypeVariantCopyVariantClearVariantInitImageList_SetIconSizeImageList_GetIconSizeImageList_WriteImageList_ReadImageList_GetDragImageImageList_DragShowNolockImageList_SetDragCursorImageImageList_DragMoveImageList_DragLeaveImageList_DragEnterImageList_EndDragImageList_BeginDragImageList_RemoveImageList_DrawExImageList_DrawImageList_GetBkColorImageList_SetBkColorImageList_ReplaceIconImageList_AddImageList_GetImageCountImageList_DestroyImageList_CreateShell_NotifyIconAShellExecuteAInternetReadFileInternetOpenUrlAInternetOpenAInternetCloseHandleHttpQueryInfoAStartServiceAStartServiceCtrlDispatcherASetServiceStatusRegisterServiceCtrlHandlerAQueryServiceStatusQueryServiceConfigAOpenServiceAOpenSCManagerAGetServiceKeyNameAEnumServicesStatusADeleteServiceCreateServiceAControlServiceCloseServiceHandleChangeServiceConfigAWSACleanupWSAStartupWSAGetLastErrorWSACancelAsyncRequestWSAAsyncGetServByNameWSAAsyncGetHostByNameWSAAsyncSelectgethostnamegetservbynamegethostbynamesocketsetsockoptsendtosendselectrecvfromrecvntohslistenioctlsocketinet_ntoainet_addrhtonsgetsockoptgetsocknamegetpeernameconnectclosesocketbindacceptCheckSumMappedFilewaveOutWritewaveOutUnprepareHeaderwaveOutResetwaveOutPrepareHeaderwaveOutOpenwaveOutGetPositionwaveOutGetErrorTextAwaveOutGetDevCapsWwaveOutGetDevCapsAwaveOutClosewaveInUnprepareHeaderwaveInStopwaveInStartwaveInResetwaveInPrepareHeaderwaveInOpenwaveInGetPositionwaveInGetErrorTextAwaveInGetDevCapsWwaveInGetDevCapsAwaveInClosewaveInAddBufferSendDriverMessageOpenDriverCloseDrivercapCreateCaptureWindowAcapGetDriverDescriptionAacmFormatChooseAacmFormatEnumAacmFormatTagEnumAacmDriverDetailsWacmDriverDetailsAacmDriverMessageacmDriverCloseacmDriverOpenacmDriverEnumacmMetricsacmGetVersionWSAIoctlgethostnamegethostbynameinet_ntoaSetSecurityInfoGetSecurityInfoSetEntriesInAclAcapGetDriverDescriptionA

KERNEL32.DLL

KERNEL32.DLL

ADVAPI32.DLL

ADVAPI32.DLL

OLEAUT32.DLL

OLEAUT32.DLL

MPR.DLL

MPR.DLL

VERSION.DLL

VERSION.DLL

GDI32.DLL

GDI32.DLL

COMCTL32.DLL

COMCTL32.DLL

SHELL32.DLL

SHELL32.DLL

WININET.DLL

WININET.DLL

WSOCK32.DLL

WSOCK32.DLL

IMAGEHLP.DLL

IMAGEHLP.DLL

WINMM.DLL

WINMM.DLL

AVICAP32.DLL

AVICAP32.DLL

MSACM32.DLL

MSACM32.DLL

\O%s?

\O%s?

H?.Sr

H?.Sr

_>.WM

_>.WM

g%uX>

g%uX>

.WZ9?

.WZ9?

6U.nWp

6U.nWp

f%s1|

f%s1|

v'.wN

v'.wN

U%8XU

U%8XU

%XGmX

%XGmX

.Bh[#

.Bh[#

4%s@J

4%s@J

ñdI

ñdI

V.nKPR

V.nKPR

W.tKTn

W.tKTn

.LN@iP

.LN@iP

.uQo4RK

.uQo4RK

port

port

remotePort

remotePort

Socket is not connected..Cannot send or receive after socket is closed.#Too many references, cannot splice.

Socket is not connected..Cannot send or receive after socket is closed.#Too many references, cannot splice.

Invalid stream operation

Invalid stream operation

Protocol not supported.

Protocol not supported.

Socket type not supported."Operation not supported on socket.

Socket type not supported."Operation not supported on socket.

Protocol family not supported.0Address family not supported by protocol family.

Protocol family not supported.0Address family not supported by protocol family.

%s is not a valid service.

%s is not a valid service.

Socket Error # %d

Socket Error # %d

Operation would block.

Operation would block.

Operation now in progress.

Operation now in progress.

Operation already in progress.

Operation already in progress.

Socket operation on non-socket.

Socket operation on non-socket.

No help keyword specified. Module doesn't support streaming

No help keyword specified. Module doesn't support streaming

Invalid Windows Image#Index exceeds data dictionary count/Unsupported non-integer language ID in resource

Invalid Windows Image#Index exceeds data dictionary count/Unsupported non-integer language ID in resource

Set Size Exceeded.*Error on call Winsock2 library function %s&Error on loading Winsock2 library (%s)

Set Size Exceeded.*Error on call Winsock2 library function %s&Error on loading Winsock2 library (%s)

Resolving hostname %s.

Resolving hostname %s.

Connecting to %s.

Connecting to %s.

No help found for %s#No context-sensitive help installed$No topic-based help system installed

No help found for %s#No context-sensitive help installed$No topic-based help system installed

Invalid clipboard format Clipboard does not support Icons

Invalid clipboard format Clipboard does not support Icons

Cannot open clipboard/Menu '%s' is already being used by another form

Cannot open clipboard/Menu '%s' is already being used by another form

Unsupported clipboard format

Unsupported clipboard format

Error creating window class Cannot focus a disabled or invisible window!Control '%s' has no parent window

Error creating window class Cannot focus a disabled or invisible window!Control '%s' has no parent window

Thread creation error: %s

Thread creation error: %s

Thread Error: %s (%d)*Windows socket error: %s (%d), on API '%s'

Thread Error: %s (%d)*Windows socket error: %s (%d), on API '%s'

Asynchronous socket error %d

Asynchronous socket error %d

%s error %d, %s

%s error %d, %s

List capacity out of bounds (%d)

List capacity out of bounds (%d)

List count out of bounds (%d)

List count out of bounds (%d)

List index out of bounds (%d) Out of memory while expanding memory stream

List index out of bounds (%d) Out of memory while expanding memory stream

Error reading %s%s%s: %s

Error reading %s%s%s: %s

Failed to create key %s

Failed to create key %s

Failed to get data for '%s'

Failed to get data for '%s'

Failed to set data for '%s'

Failed to set data for '%s'

Resource %s not found

Resource %s not found

%s.Seek not implemented$Operation not allowed on sorted list$%s not in a class registration group

%s.Seek not implemented$Operation not allowed on sorted list$%s not in a class registration group

Property %s does not exist

Property %s does not exist

Cannot assign a %s to a %s

Cannot assign a %s to a %s

Bits index out of range*Can't write to a read-only resource streamECheckSynchronize called from thread $%x, which is NOT the main thread

Bits index out of range*Can't write to a read-only resource streamECheckSynchronize called from thread $%x, which is NOT the main thread

Class %s not found

Class %s not found

A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates

A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates

Cannot create file "%s". %s

Cannot create file "%s". %s

Cannot open file "%s". %s

Cannot open file "%s". %s

Invalid stream format$''%s'' is not a valid component name

Invalid stream format$''%s'' is not a valid component name

Invalid data type for '%s'

Invalid data type for '%s'

Ancestor for '%s' not found

Ancestor for '%s' not found

Interface not supported

Interface not supported

%s (%s, line %d)

%s (%s, line %d)

Abstract Error?Access violation at address %p in module '%s'. %s of address %p

Abstract Error?Access violation at address %p in module '%s'. %s of address %p

System Error. Code: %d.

System Error. Code: %d.

Invalid variant operation%Invalid variant operation (%s%.8x)

Invalid variant operation%Invalid variant operation (%s%.8x)

%s5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)

%s5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)

Operation not supported

Operation not supported

External exception %x

External exception %x

Invalid pointer operation

Invalid pointer operation

Invalid class typecast0Access violation at address %p. %s of address %p

Invalid class typecast0Access violation at address %p. %s of address %p

Operation aborted(Exception %s in module %s at %p.

Operation aborted(Exception %s in module %s at %p.

Application Error1Format '%s' invalid or incompatible with argument

Application Error1Format '%s' invalid or incompatible with argument

No argument for format '%s'"Variant method calls not supported

No argument for format '%s'"Variant method calls not supported

!'%s' is not a valid integer value

!'%s' is not a valid integer value

I/O error %d

I/O error %d

Integer overflow Invalid floating point operation

Integer overflow Invalid floating point operation

IEXPLORE.EXE_380_rwx_00400000_00001000:

`.reloc

`.reloc

IEXPLORE.EXE_380_rwx_0048C000_00061000:

3; #>6.&

3; #>6.&

', 2/ 07&!4-)1#

', 2/ 07&!4-)1#

deflate 1.0.4 Copyright 1995-1996 Jean-loup Gailly

deflate 1.0.4 Copyright 1995-1996 Jean-loup Gailly

1.0.4

1.0.4

)%%%$$&&$%&)

)%%%$$&&$%&)

)%%%$$&&$''&&

)%%%$$&&$''&&

38000=344

38000=344

>>^%FVl

>>^%FVl

KWindows

KWindows

.ScktComp

.ScktComp

UrlMon

UrlMon

IdStackWindows

IdStackWindows

IdTCPConnection

IdTCPConnection

IdTCPStream

IdTCPStream

IdTCPClient

IdTCPClient

IMYNMUDP

IMYNMUDP

HttpProxy

HttpProxy

\RUNExeMemUnit

\RUNExeMemUnit

Font.Charset

Font.Charset

Font.Color

Font.Color

Font.Height

Font.Height

Font.Name

Font.Name

Font.Style

Font.Style

Icon.Data

Icon.Data

HttpSocket

HttpSocket

Port

Port

HttpSocketConnect

HttpSocketConnect

HttpSocketDisconnect

HttpSocketDisconnect

HttpSocketRead

HttpSocketRead

HttpSocketError

HttpSocketError

DeleteCriticalSectionLeaveCriticalSectionEnterCriticalSectionInitializeCriticalSectionVirtualFreeVirtualAllocLocalFreeLocalAllocGetTickCountQueryPerformanceCounterGetVersionGetCurrentThreadIdInterlockedDecrementInterlockedIncrementVirtualQueryWideCharToMultiByteSetCurrentDirectoryAMultiByteToWideCharlstrlenAlstrcpynALoadLibraryExAGetThreadLocaleGetStartupInfoAGetProcAddressGetModuleHandleAGetModuleFileNameAGetLocaleInfoAGetLastErrorGetCurrentDirectoryAGetCommandLineAFreeLibraryFindFirstFileAFindCloseExitProcessExitThreadCreateThreadWriteFileUnhandledExceptionFilterSetFilePointerSetEndOfFileRtlUnwindReadFileRaiseExceptionGetStdHandleGetFileSizeGetFileTypeCreateFileACloseHandleGetKeyboardTypeLoadStringAMessageBoxACharNextARegQueryValueExARegOpenKeyExARegCloseKeySysFreeStringSysReAllocStringLenSysAllocStringLenTlsSetValueTlsGetValueLocalAllocGetModuleHandleARegSetValueExARegQueryValueExARegQueryInfoKeyARegOpenKeyExARegFlushKeyRegEnumValueARegEnumKeyExARegDeleteValueARegDeleteKeyARegCreateKeyExARegCloseKeyOpenProcessTokenLookupPrivilegeValueAAdjustTokenPrivilegeslstrcpyWlstrcpyAlstrcmpiAWriteProcessMemoryWriteFileWinExecWideCharToMultiByteWaitForSingleObjectVirtualQueryExVirtualQueryVirtualProtectExVirtualAllocExVirtualAllocUnmapViewOfFileTerminateProcessSuspendThreadSleepSizeofResourceSetThreadPrioritySetThreadLocaleSetThreadContextSetPriorityClassSetNamedPipeHandleStateSetFilePointerSetFileAttributesASetEventSetErrorModeSetEndOfFileResumeThreadResetEventRemoveDirectoryAReadProcessMemoryReadFileQueryPerformanceFrequencyQueryPerformanceCounterPeekNamedPipeOutputDebugStringAOpenProcessMulDivMoveFileAMapViewOfFileLockResourceLocalFreeLoadResourceLoadLibraryALeaveCriticalSectionInitializeCriticalSectionGlobalUnlockGlobalReAllocGlobalMemoryStatusGlobalHandleGlobalLockGlobalFreeGlobalFindAtomAGlobalDeleteAtomGlobalAllocGlobalAddAtomAGetWindowsDirectoryAGetVersionExWGetVersionExAGetVersionGetTimeFormatAGetTickCountGetThreadPriorityGetThreadLocaleGetThreadContextGetTempPathAGetSystemTimeGetSystemInfoGetStringTypeExAGetStdHandleGetStartupInfoAGetProcAddressGetPriorityClassGetOverlappedResultGetModuleHandleAGetModuleFileNameAGetLocaleInfoAGetLocalTimeGetLastErrorGetFullPathNameAGetFileSizeGetFileAttributesExAGetFileAttributesAGetExitCodeThreadGetExitCodeProcessGetDriveTypeAGetDiskFreeSpaceAGetDateFormatAGetCurrentThreadIdGetCurrentThreadGetCurrentProcessIdGetCurrentProcessGetComputerNameAGetCommandLineAGetCPInfoGetACPFreeResourceInterlockedIncrementInterlockedExchangeInterlockedDecrementFreeLibraryFormatMessageAFindResourceAFindNextFileAFindFirstFileAFindCloseFileTimeToSystemTimeFileTimeToLocalFileTimeFileTimeToDosDateTimeExpandEnvironmentStringsAExitProcessEnumCalendarInfoAEnterCriticalSectionDeleteFileADeleteCriticalSectionCreateThreadCreateProcessACreatePipeCreateMutexACreateFileACreateEventACreateDirectoryACopyFileACompareStringACloseHandleWNetOpenEnumAWNetGetUserAWNetEnumResourceAWNetCloseEnumVerQueryValueAGetFileVersionInfoSizeAGetFileVersionInfoAUnrealizeObjectStretchBltSetWindowOrgExSetWinMetaFileBitsSetViewportOrgExSetTextColorSetStretchBltModeSetROP2SetPixelSetEnhMetaFileBitsSetDIBColorTableSetBrushOrgExSetBkModeSetBkColorSelectPaletteSelectObjectSaveDCRestoreDCRectangleRectVisibleRealizePalettePolylinePlayEnhMetaFilePatBltMoveToExMaskBltLineToIntersectClipRectGetWindowOrgExGetWinMetaFileBitsGetTextMetricsAGetTextExtentPointAGetTextExtentPoint32AGetSystemPaletteEntriesGetStockObjectGetPixelGetPaletteEntriesGetObjectAGetEnhMetaFilePaletteEntriesGetEnhMetaFileHeaderGetEnhMetaFileBitsGetDeviceCapsGetDIBitsGetDIBColorTableGetDCOrgExGetCurrentPositionExGetClipBoxGetBrushOrgExGetBitmapBitsExcludeClipRectDeleteObjectDeleteEnhMetaFileDeleteDCCreateSolidBrushCreatePenIndirectCreatePaletteCreateHalftonePaletteCreateFontIndirectACreateDIBitmapCreateDIBSectionCreateCompatibleDCCreateCompatibleBitmapCreateBrushIndirectCreateBitmapCopyEnhMetaFileABitBltCreateWindowExAmouse_eventkeybd_eventWindowFromPointWinHelpAWaitMessageVkKeyScanAUpdateWindowUnregisterClassAUnhookWindowsHookExTranslateMessageTranslateMDISysAccelTrackPopupMenuSystemParametersInfoAShowWindowShowScrollBarShowOwnedPopupsShowCursorSetWindowsHookExASetWindowPosSetWindowPlacementSetWindowLongASetTimerSetThreadDesktopSetScrollRangeSetScrollPosSetScrollInfoSetRectSetPropASetParentSetMenuItemInfoASetMenuSetForegroundWindowSetFocusSetCursorPosSetCursorSetClipboardDataSetClassLongASetCaptureSetActiveWindowSendMessageAScrollWindowScreenToClientRemovePropARemoveMenuReleaseDCReleaseCaptureRegisterWindowMessageARegisterClipboardFormatARegisterClassARedrawWindowPtInRectPostQuitMessagePostMessageAPeekMessageAOpenInputDesktopOpenDesktopAOpenClipboardOffsetRectOemToCharAMsgWaitForMultipleObjectsMessageBoxAMessageBeepMapWindowPointsMapVirtualKeyALoadStringALoadKeyboardLayoutALoadIconALoadCursorALoadBitmapAKillTimerIsZoomedIsWindowVisibleIsWindowEnabledIsWindowIsRectEmptyIsIconicIsDialogMessageAIsClipboardFormatAvailableIsChildInvalidateRectIntersectRectInsertMenuItemAInsertMenuAInflateRectGetWindowThreadProcessIdGetWindowTextAGetWindowRectGetWindowPlacementGetWindowLongAGetWindowDCGetUserObjectInformationAGetTopWindowGetSystemMetricsGetSystemMenuGetSysColorBrushGetSysColorGetSubMenuGetScrollRangeGetScrollPosGetScrollInfoGetPropAGetParentGetWindowGetMenuStringAGetMenuStateGetMenuItemInfoAGetMenuItemIDGetMenuItemCountGetMenuGetLastActivePopupGetKeyboardStateGetKeyboardLayoutListGetKeyboardLayoutGetKeyStateGetKeyNameTextAGetIconInfoGetForegroundWindowGetFocusGetDesktopWindowGetDCExGetDCGetCursorPosGetCursorGetClipboardDataGetClientRectGetClassNameAGetClassInfoAGetCaptureGetActiveWindowFrameRectFindWindowAFillRectExitWindowsExEqualRectEnumWindowsEnumThreadWindowsEnumClipboardFormatsEndPaintEnableWindowEnableScrollBarEnableMenuItemEmptyClipboardDrawTextADrawMenuBarDrawIconExDrawIconDrawFrameControlDrawEdgeDispatchMessageADestroyWindowDestroyMenuDestroyIconDestroyCursorDeleteMenuDefWindowProcADefMDIChildProcADefFrameProcACreatePopupMenuCreateMenuCreateIconCloseDesktopCloseClipboardClientToScreenCheckMenuItemCallWindowProcACallNextHookExBeginPaintCharNextACharLowerBuffACharLowerACharUpperBuffACharToOemAAdjustWindowRectExActivateKeyboardLayoutSleepSafeArrayPtrOfIndexSafeArrayGetUBoundSafeArrayGetLBoundSafeArrayCreateVariantChangeTypeVariantCopyVariantClearVariantInitImageList_SetIconSizeImageList_GetIconSizeImageList_WriteImageList_ReadImageList_GetDragImageImageList_DragShowNolockImageList_SetDragCursorImageImageList_DragMoveImageList_DragLeaveImageList_DragEnterImageList_EndDragImageList_BeginDragImageList_RemoveImageList_DrawExImageList_DrawImageList_GetBkColorImageList_SetBkColorImageList_ReplaceIconImageList_AddImageList_GetImageCountImageList_DestroyImageList_CreateShell_NotifyIconAShellExecuteAInternetReadFileInternetOpenUrlAInternetOpenAInternetCloseHandleHttpQueryInfoAStartServiceAStartServiceCtrlDispatcherASetServiceStatusRegisterServiceCtrlHandlerAQueryServiceStatusQueryServiceConfigAOpenServiceAOpenSCManagerAGetServiceKeyNameAEnumServicesStatusADeleteServiceCreateServiceAControlServiceCloseServiceHandleChangeServiceConfigAWSACleanupWSAStartupWSAGetLastErrorWSACancelAsyncRequestWSAAsyncGetServByNameWSAAsyncGetHostByNameWSAAsyncSelectgethostnamegetservbynamegethostbynamesocketsetsockoptsendtosendselectrecvfromrecvntohslistenioctlsocketinet_ntoainet_addrhtonsgetsockoptgetsocknamegetpeernameconnectclosesocketbindacceptCheckSumMappedFilewaveOutWritewaveOutUnprepareHeaderwaveOutResetwaveOutPrepareHeaderwaveOutOpenwaveOutGetPositionwaveOutGetErrorTextAwaveOutGetDevCapsWwaveOutGetDevCapsAwaveOutClosewaveInUnprepareHeaderwaveInStopwaveInStartwaveInResetwaveInPrepareHeaderwaveInOpenwaveInGetPositionwaveInGetErrorTextAwaveInGetDevCapsWwaveInGetDevCapsAwaveInClosewaveInAddBufferSendDriverMessageOpenDriverCloseDrivercapCreateCaptureWindowAcapGetDriverDescriptionAacmFormatChooseAacmFormatEnumAacmFormatTagEnumAacmDriverDetailsWacmDriverDetailsAacmDriverMessageacmDriverCloseacmDriverOpenacmDriverEnumacmMetricsacmGetVersionWSAIoctlgethostnamegethostbynameinet_ntoaSetSecurityInfoGetSecurityInfoSetEntriesInAclAcapGetDriverDescriptionA

DeleteCriticalSectionLeaveCriticalSectionEnterCriticalSectionInitializeCriticalSectionVirtualFreeVirtualAllocLocalFreeLocalAllocGetTickCountQueryPerformanceCounterGetVersionGetCurrentThreadIdInterlockedDecrementInterlockedIncrementVirtualQueryWideCharToMultiByteSetCurrentDirectoryAMultiByteToWideCharlstrlenAlstrcpynALoadLibraryExAGetThreadLocaleGetStartupInfoAGetProcAddressGetModuleHandleAGetModuleFileNameAGetLocaleInfoAGetLastErrorGetCurrentDirectoryAGetCommandLineAFreeLibraryFindFirstFileAFindCloseExitProcessExitThreadCreateThreadWriteFileUnhandledExceptionFilterSetFilePointerSetEndOfFileRtlUnwindReadFileRaiseExceptionGetStdHandleGetFileSizeGetFileTypeCreateFileACloseHandleGetKeyboardTypeLoadStringAMessageBoxACharNextARegQueryValueExARegOpenKeyExARegCloseKeySysFreeStringSysReAllocStringLenSysAllocStringLenTlsSetValueTlsGetValueLocalAllocGetModuleHandleARegSetValueExARegQueryValueExARegQueryInfoKeyARegOpenKeyExARegFlushKeyRegEnumValueARegEnumKeyExARegDeleteValueARegDeleteKeyARegCreateKeyExARegCloseKeyOpenProcessTokenLookupPrivilegeValueAAdjustTokenPrivilegeslstrcpyWlstrcpyAlstrcmpiAWriteProcessMemoryWriteFileWinExecWideCharToMultiByteWaitForSingleObjectVirtualQueryExVirtualQueryVirtualProtectExVirtualAllocExVirtualAllocUnmapViewOfFileTerminateProcessSuspendThreadSleepSizeofResourceSetThreadPrioritySetThreadLocaleSetThreadContextSetPriorityClassSetNamedPipeHandleStateSetFilePointerSetFileAttributesASetEventSetErrorModeSetEndOfFileResumeThreadResetEventRemoveDirectoryAReadProcessMemoryReadFileQueryPerformanceFrequencyQueryPerformanceCounterPeekNamedPipeOutputDebugStringAOpenProcessMulDivMoveFileAMapViewOfFileLockResourceLocalFreeLoadResourceLoadLibraryALeaveCriticalSectionInitializeCriticalSectionGlobalUnlockGlobalReAllocGlobalMemoryStatusGlobalHandleGlobalLockGlobalFreeGlobalFindAtomAGlobalDeleteAtomGlobalAllocGlobalAddAtomAGetWindowsDirectoryAGetVersionExWGetVersionExAGetVersionGetTimeFormatAGetTickCountGetThreadPriorityGetThreadLocaleGetThreadContextGetTempPathAGetSystemTimeGetSystemInfoGetStringTypeExAGetStdHandleGetStartupInfoAGetProcAddressGetPriorityClassGetOverlappedResultGetModuleHandleAGetModuleFileNameAGetLocaleInfoAGetLocalTimeGetLastErrorGetFullPathNameAGetFileSizeGetFileAttributesExAGetFileAttributesAGetExitCodeThreadGetExitCodeProcessGetDriveTypeAGetDiskFreeSpaceAGetDateFormatAGetCurrentThreadIdGetCurrentThreadGetCurrentProcessIdGetCurrentProcessGetComputerNameAGetCommandLineAGetCPInfoGetACPFreeResourceInterlockedIncrementInterlockedExchangeInterlockedDecrementFreeLibraryFormatMessageAFindResourceAFindNextFileAFindFirstFileAFindCloseFileTimeToSystemTimeFileTimeToLocalFileTimeFileTimeToDosDateTimeExpandEnvironmentStringsAExitProcessEnumCalendarInfoAEnterCriticalSectionDeleteFileADeleteCriticalSectionCreateThreadCreateProcessACreatePipeCreateMutexACreateFileACreateEventACreateDirectoryACopyFileACompareStringACloseHandleWNetOpenEnumAWNetGetUserAWNetEnumResourceAWNetCloseEnumVerQueryValueAGetFileVersionInfoSizeAGetFileVersionInfoAUnrealizeObjectStretchBltSetWindowOrgExSetWinMetaFileBitsSetViewportOrgExSetTextColorSetStretchBltModeSetROP2SetPixelSetEnhMetaFileBitsSetDIBColorTableSetBrushOrgExSetBkModeSetBkColorSelectPaletteSelectObjectSaveDCRestoreDCRectangleRectVisibleRealizePalettePolylinePlayEnhMetaFilePatBltMoveToExMaskBltLineToIntersectClipRectGetWindowOrgExGetWinMetaFileBitsGetTextMetricsAGetTextExtentPointAGetTextExtentPoint32AGetSystemPaletteEntriesGetStockObjectGetPixelGetPaletteEntriesGetObjectAGetEnhMetaFilePaletteEntriesGetEnhMetaFileHeaderGetEnhMetaFileBitsGetDeviceCapsGetDIBitsGetDIBColorTableGetDCOrgExGetCurrentPositionExGetClipBoxGetBrushOrgExGetBitmapBitsExcludeClipRectDeleteObjectDeleteEnhMetaFileDeleteDCCreateSolidBrushCreatePenIndirectCreatePaletteCreateHalftonePaletteCreateFontIndirectACreateDIBitmapCreateDIBSectionCreateCompatibleDCCreateCompatibleBitmapCreateBrushIndirectCreateBitmapCopyEnhMetaFileABitBltCreateWindowExAmouse_eventkeybd_eventWindowFromPointWinHelpAWaitMessageVkKeyScanAUpdateWindowUnregisterClassAUnhookWindowsHookExTranslateMessageTranslateMDISysAccelTrackPopupMenuSystemParametersInfoAShowWindowShowScrollBarShowOwnedPopupsShowCursorSetWindowsHookExASetWindowPosSetWindowPlacementSetWindowLongASetTimerSetThreadDesktopSetScrollRangeSetScrollPosSetScrollInfoSetRectSetPropASetParentSetMenuItemInfoASetMenuSetForegroundWindowSetFocusSetCursorPosSetCursorSetClipboardDataSetClassLongASetCaptureSetActiveWindowSendMessageAScrollWindowScreenToClientRemovePropARemoveMenuReleaseDCReleaseCaptureRegisterWindowMessageARegisterClipboardFormatARegisterClassARedrawWindowPtInRectPostQuitMessagePostMessageAPeekMessageAOpenInputDesktopOpenDesktopAOpenClipboardOffsetRectOemToCharAMsgWaitForMultipleObjectsMessageBoxAMessageBeepMapWindowPointsMapVirtualKeyALoadStringALoadKeyboardLayoutALoadIconALoadCursorALoadBitmapAKillTimerIsZoomedIsWindowVisibleIsWindowEnabledIsWindowIsRectEmptyIsIconicIsDialogMessageAIsClipboardFormatAvailableIsChildInvalidateRectIntersectRectInsertMenuItemAInsertMenuAInflateRectGetWindowThreadProcessIdGetWindowTextAGetWindowRectGetWindowPlacementGetWindowLongAGetWindowDCGetUserObjectInformationAGetTopWindowGetSystemMetricsGetSystemMenuGetSysColorBrushGetSysColorGetSubMenuGetScrollRangeGetScrollPosGetScrollInfoGetPropAGetParentGetWindowGetMenuStringAGetMenuStateGetMenuItemInfoAGetMenuItemIDGetMenuItemCountGetMenuGetLastActivePopupGetKeyboardStateGetKeyboardLayoutListGetKeyboardLayoutGetKeyStateGetKeyNameTextAGetIconInfoGetForegroundWindowGetFocusGetDesktopWindowGetDCExGetDCGetCursorPosGetCursorGetClipboardDataGetClientRectGetClassNameAGetClassInfoAGetCaptureGetActiveWindowFrameRectFindWindowAFillRectExitWindowsExEqualRectEnumWindowsEnumThreadWindowsEnumClipboardFormatsEndPaintEnableWindowEnableScrollBarEnableMenuItemEmptyClipboardDrawTextADrawMenuBarDrawIconExDrawIconDrawFrameControlDrawEdgeDispatchMessageADestroyWindowDestroyMenuDestroyIconDestroyCursorDeleteMenuDefWindowProcADefMDIChildProcADefFrameProcACreatePopupMenuCreateMenuCreateIconCloseDesktopCloseClipboardClientToScreenCheckMenuItemCallWindowProcACallNextHookExBeginPaintCharNextACharLowerBuffACharLowerACharUpperBuffACharToOemAAdjustWindowRectExActivateKeyboardLayoutSleepSafeArrayPtrOfIndexSafeArrayGetUBoundSafeArrayGetLBoundSafeArrayCreateVariantChangeTypeVariantCopyVariantClearVariantInitImageList_SetIconSizeImageList_GetIconSizeImageList_WriteImageList_ReadImageList_GetDragImageImageList_DragShowNolockImageList_SetDragCursorImageImageList_DragMoveImageList_DragLeaveImageList_DragEnterImageList_EndDragImageList_BeginDragImageList_RemoveImageList_DrawExImageList_DrawImageList_GetBkColorImageList_SetBkColorImageList_ReplaceIconImageList_AddImageList_GetImageCountImageList_DestroyImageList_CreateShell_NotifyIconAShellExecuteAInternetReadFileInternetOpenUrlAInternetOpenAInternetCloseHandleHttpQueryInfoAStartServiceAStartServiceCtrlDispatcherASetServiceStatusRegisterServiceCtrlHandlerAQueryServiceStatusQueryServiceConfigAOpenServiceAOpenSCManagerAGetServiceKeyNameAEnumServicesStatusADeleteServiceCreateServiceAControlServiceCloseServiceHandleChangeServiceConfigAWSACleanupWSAStartupWSAGetLastErrorWSACancelAsyncRequestWSAAsyncGetServByNameWSAAsyncGetHostByNameWSAAsyncSelectgethostnamegetservbynamegethostbynamesocketsetsockoptsendtosendselectrecvfromrecvntohslistenioctlsocketinet_ntoainet_addrhtonsgetsockoptgetsocknamegetpeernameconnectclosesocketbindacceptCheckSumMappedFilewaveOutWritewaveOutUnprepareHeaderwaveOutResetwaveOutPrepareHeaderwaveOutOpenwaveOutGetPositionwaveOutGetErrorTextAwaveOutGetDevCapsWwaveOutGetDevCapsAwaveOutClosewaveInUnprepareHeaderwaveInStopwaveInStartwaveInResetwaveInPrepareHeaderwaveInOpenwaveInGetPositionwaveInGetErrorTextAwaveInGetDevCapsWwaveInGetDevCapsAwaveInClosewaveInAddBufferSendDriverMessageOpenDriverCloseDrivercapCreateCaptureWindowAcapGetDriverDescriptionAacmFormatChooseAacmFormatEnumAacmFormatTagEnumAacmDriverDetailsWacmDriverDetailsAacmDriverMessageacmDriverCloseacmDriverOpenacmDriverEnumacmMetricsacmGetVersionWSAIoctlgethostnamegethostbynameinet_ntoaSetSecurityInfoGetSecurityInfoSetEntriesInAclAcapGetDriverDescriptionA

KERNEL32.DLL

KERNEL32.DLL

USER32.DLL

USER32.DLL

ADVAPI32.DLL

ADVAPI32.DLL

OLEAUT32.DLL

OLEAUT32.DLL

MPR.DLL

MPR.DLL

VERSION.DLL

VERSION.DLL

GDI32.DLL

GDI32.DLL

COMCTL32.DLL

COMCTL32.DLL

SHELL32.DLL

SHELL32.DLL

WININET.DLL

WININET.DLL

WSOCK32.DLL

WSOCK32.DLL

IMAGEHLP.DLL

IMAGEHLP.DLL

WINMM.DLL

WINMM.DLL

AVICAP32.DLL

AVICAP32.DLL

MSACM32.DLL

MSACM32.DLL

WS2_32.DLL

WS2_32.DLL

\O%s?

\O%s?

H?.Sr

H?.Sr

_>.WM

_>.WM

g%uX>

g%uX>

.WZ9?

.WZ9?

6U.nWp

6U.nWp

f%s1|

f%s1|

v'.wN

v'.wN

U%8XU

U%8XU

%XGmX

%XGmX

.Bh[#

.Bh[#

4%s@J

4%s@J

ñdI

ñdI

V.nKPR

V.nKPR

W.tKTn

W.tKTn

.LN@iP

.LN@iP

.uQo4RK

.uQo4RK

Socket is not connected..Cannot send or receive after socket is closed.#Too many references, cannot splice.

Socket is not connected..Cannot send or receive after socket is closed.#Too many references, cannot splice.

Invalid stream operation

Invalid stream operation

Protocol not supported.

Protocol not supported.

Socket type not supported."Operation not supported on socket.

Socket type not supported."Operation not supported on socket.

Protocol family not supported.0Address family not supported by protocol family.

Protocol family not supported.0Address family not supported by protocol family.

%s is not a valid service.

%s is not a valid service.

Socket Error # %d

Socket Error # %d

Operation would block.

Operation would block.

Operation now in progress.

Operation now in progress.

Operation already in progress.

Operation already in progress.

Socket operation on non-socket.

Socket operation on non-socket.

No help keyword specified. Module doesn't support streaming

No help keyword specified. Module doesn't support streaming

Invalid Windows Image#Index exceeds data dictionary count/Unsupported non-integer language ID in resource

Invalid Windows Image#Index exceeds data dictionary count/Unsupported non-integer language ID in resource

Set Size Exceeded.*Error on call Winsock2 library function %s&Error on loading Winsock2 library (%s)

Set Size Exceeded.*Error on call Winsock2 library function %s&Error on loading Winsock2 library (%s)

Resolving hostname %s.

Resolving hostname %s.

Connecting to %s.

Connecting to %s.

No help found for %s#No context-sensitive help installed$No topic-based help system installed

No help found for %s#No context-sensitive help installed$No topic-based help system installed

Invalid clipboard format Clipboard does not support Icons

Invalid clipboard format Clipboard does not support Icons

Cannot open clipboard/Menu '%s' is already being used by another form

Cannot open clipboard/Menu '%s' is already being used by another form

Unsupported clipboard format

Unsupported clipboard format

Error creating window class Cannot focus a disabled or invisible window!Control '%s' has no parent window

Error creating window class Cannot focus a disabled or invisible window!Control '%s' has no parent window

Thread creation error: %s

Thread creation error: %s

Thread Error: %s (%d)*Windows socket error: %s (%d), on API '%s'

Thread Error: %s (%d)*Windows socket error: %s (%d), on API '%s'

Asynchronous socket error %d

Asynchronous socket error %d

%s error %d, %s

%s error %d, %s

List capacity out of bounds (%d)

List capacity out of bounds (%d)

List count out of bounds (%d)

List count out of bounds (%d)

List index out of bounds (%d) Out of memory while expanding memory stream

List index out of bounds (%d) Out of memory while expanding memory stream

Error reading %s%s%s: %s

Error reading %s%s%s: %s

Failed to create key %s

Failed to create key %s

Failed to get data for '%s'

Failed to get data for '%s'

Failed to set data for '%s'

Failed to set data for '%s'

Resource %s not found

Resource %s not found

%s.Seek not implemented$Operation not allowed on sorted list$%s not in a class registration group

%s.Seek not implemented$Operation not allowed on sorted list$%s not in a class registration group

Property %s does not exist

Property %s does not exist

Cannot assign a %s to a %s

Cannot assign a %s to a %s

Bits index out of range*Can't write to a read-only resource streamECheckSynchronize called from thread $%x, which is NOT the main thread

Bits index out of range*Can't write to a read-only resource streamECheckSynchronize called from thread $%x, which is NOT the main thread

Class %s not found

Class %s not found

A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates

A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates

Cannot create file "%s". %s

Cannot create file "%s". %s

Cannot open file "%s". %s

Cannot open file "%s". %s

Invalid stream format$''%s'' is not a valid component name

Invalid stream format$''%s'' is not a valid component name

Invalid data type for '%s'

Invalid data type for '%s'

Ancestor for '%s' not found

Ancestor for '%s' not found

Interface not supported

Interface not supported

%s (%s, line %d)

%s (%s, line %d)

Abstract Error?Access violation at address %p in module '%s'. %s of address %p

Abstract Error?Access violation at address %p in module '%s'. %s of address %p

System Error. Code: %d.

System Error. Code: %d.

Invalid variant operation%Invalid variant operation (%s%.8x)

Invalid variant operation%Invalid variant operation (%s%.8x)

%s5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)

%s5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)

Operation not supported

Operation not supported

External exception %x

External exception %x

Invalid pointer operation

Invalid pointer operation

Invalid class typecast0Access violation at address %p. %s of address %p

Invalid class typecast0Access violation at address %p. %s of address %p

Operation aborted(Exception %s in module %s at %p.

Operation aborted(Exception %s in module %s at %p.

Application Error1Format '%s' invalid or incompatible with argument

Application Error1Format '%s' invalid or incompatible with argument

No argument for format '%s'"Variant method calls not supported

No argument for format '%s'"Variant method calls not supported

!'%s' is not a valid integer value

!'%s' is not a valid integer value

I/O error %d

I/O error %d

Integer overflow Invalid floating point operation

Integer overflow Invalid floating point operation