TrojanDropper.Win32.Vtimrun_137b4f9f10 – Adaware

Trojan-Downloader.Win32.Genome.haix (Kaspersky), Trojan.NSIS.StartPage.FD, Trojan.Win32.IEDummy.FD, Trojan.Win32.Swrort.3.FD, mzpefinder_pcap_file.YR, TrojanDropperVtimrun.YR (Lavasoft MAS)Behaviour: Trojan-Dropper, Trojan-Downloader, Trojan

The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Summary

MD5: 137b4f9f1066ae3b491d7018efdf8dc4

SHA1: 7838930321df9301e7f31a2bd43b9b9e46f15aa5

SHA256: 399d49f2153ab171c42632ca87845a3d5c5060303207afc06fe9767432668573

SSDeep: 24576:aWRGmay4PA5NLqDYXyvDB2NeJfGaJYk1UsRNhwc8c1:hGfQNuN7seJ 2Yk/twN6

Size: 1095855 bytes

File type: EXE

Platform: WIN32

Entropy: Packed

PEID: UPolyXv05_v6

Company: A.P.P.

Created at: 2009-06-07 00:41:59

Analyzed on: WindowsXP SP3 32-bit

Summary: Trojan-Dropper. Trojan program, intended for stealth installation of other malware into user's system.

Dynamic Analysis

Payload

No specific payload has been found.

Process activity

The Trojan-Dropper creates the following process(es):

BaiduSd.exe:3108
shandian.exe:1324
shandian.exe:192
F30241_s_0523.exe:1356
BaiduSdTray.exe:2348
bddownloader.exe:2856
regsvr32.exe:2944
regsvr32.exe:3020
BaiduSdSvc.exe:2156
BaiduSdSvc.exe:240
netsh.exe:2972
BDKVWsc.exe:2772
BDKVWsc.exe:3472
RegSvr32.exe:2804
RegSvr32.exe:2892
BDDownloader.exe:2732
BDDownloader.exe:2660

The Trojan-Dropper injects its code into the following process(es):

emaaif_70690.exe:2700
sdad.exe:1620
%original file name%.exe:816
icclz.exe:432
iexplore.exe:1664
pczh_98_2.exe:2216
services.exe:760
svchost.exe:1080

File activity

The process shandian.exe:1324 makes changes in the file system.

The Trojan-Dropper deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\~DF42E6.tmp (0 bytes)

The process shandian.exe:192 makes changes in the file system.

The Trojan-Dropper creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\v53_arrow_h[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\texture[1].gif (3628 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\v33_sugg_ajaj_v40_3[1].js (1352 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\skin2_0[1].gif (592 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\123.sogou[1].htm (4676 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\ufo2[2].js (12854 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\_ads_2[1].js (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\v53_123n[2].js (4599 bytes)
%Program Files%\shandian\bin\twcache.ini (696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\logo_1112293[1].gif (1266 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\rec[1].do (374 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\start_button[1].jpg (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\setting_icon[1].gif (76 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\img-news[1].gif (225 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\fbg_about[1].png (634 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\v53_bicos[1].gif (826 bytes)
%Program Files%\shandian\bin\ImgCache\123.sogou.com_favicon.ico (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\subnav_v41[1].png (634 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\20140528121904_599[1].jpg (1467 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@sogou[2].txt (316 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\selogo_111207[1].png (1858 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\123.sogou[1] (7217 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\v53_2icos[1].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\img-video-2[1].gif (225 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\skin_[1].css (21 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\foot_slider[1].jpg (322 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\new-ico[1].png (211 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\favicon[1].ico (681 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\skin_tips_n1[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\titlebg[1].png (634 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@123.sogou[1].txt (1354 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\20140526163242_997[1].jpg (186 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\DD_belatedPNG_0.0.8a-min[2].js (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\20140526163043_207[1].jpg (186 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\guide_tip[1].png (1094 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\citydata[2].js (5088 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@sogou[1].txt (448 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\v33_sugg_ajaj_v40_3[2].js (1187 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\hotdata[1].js (3 bytes)
%Program Files%\shandian\bin\theworld.ac (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\VGX3.tmp (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\welcome_cn[1].htm (1469 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\20140526170756_638[1].jpg (186 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\get_123_v53[1].php (17417 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\ufo2[1].js (7232 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\i-ico-2b[1].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\selogo_111207[1].png (1858 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\get_tj[1].php (1199 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\selogo_111207[2].png (1467 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\v53_123n[1].js (5972 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\20130820165531_481[1].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\icon4[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\DD_belatedPNG_0.0.8a-min[1].js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\newioage[1].css (715 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\20130531144119_126[1].png (2789 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\20130830161205_609[1].gif (940 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\mE8bXnNioe2802[1].jpg (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\20140527160745_754[1].jpg (197 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\skin3[1].gif (1266 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\guide_top[1].jpg (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\20140508103513_537[1].gif (3628 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\20140526163446_912[1].jpg (1264 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\_ads_2[2].js (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\search_arrow[1].gif (447 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@123.sogou[2].txt (1826 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\main[2].js (3923 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\setskinbg[1].gif (397 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\cloudy[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\i8g7XZO1lz1162[1].jpg (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\citydata[1].js (4562 bytes)
%Program Files%\shandian\bin\shandian.ini.tmp (244 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\guide_tip[2].png (1153 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (9640 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\cloudy[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\new-erweima2[1].png (3488 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\hotdata[2].js (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\main[1].js (4592 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@wan.sogou[1].txt (191 bytes)

The Trojan-Dropper deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\_ads_2[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\v33_sugg_ajaj_v40_3[1].js (0 bytes)
%Program Files%\shandian\bin\shandian.ini (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\ufo2[1].js (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@123.sogou[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\guide_tip[1].png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012013041720130418\index.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\v53_123n[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012013041720130418 (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@sogou[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\cloudy[1].gif (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\DD_belatedPNG_0.0.8a-min[1].js (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@sogou[2].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\main[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\citydata[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\hotdata[1].js (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@123.sogou[2].txt (0 bytes)

The process emaaif_70690.exe:2700 makes changes in the file system.

The Trojan-Dropper creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nspC.tmp\BDMNetGetInfo.dll (9608 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nspC.tmp\BDMDownload.dll (5520 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nspC.tmp\BDMSkin.dll (36698 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsjB.tmp (128685 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nspC.tmp\icclz.exe.bdl (657521 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddl.bca.bak (579 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nspC.tmp\BDMNet.dll.bdl (37242 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nspC.tmp\res\onlineWnd.zip (14184 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nspC.tmp\tmppm4bkx.dll (24832 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nspC.tmp\BDLogicUtils.dll (31856 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddl.bca (2277 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\Common\Global.db (100 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nspC.tmp\BDMReport.dll.bdl (35297 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddlp.bca.bak (16 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\Desktop\Global.db (16 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nspC.tmp\System.dll (784 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nspC.tmp\hu.dll (3312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nspC.tmp\dl.dll (65930 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddlp.bca (24 bytes)

The Trojan-Dropper deletes the following file(s):

%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddlp.bca.bak (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddl.bca.bak (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nspC.tmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddl.bca (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsuA.tmp (0 bytes)
%Documents and Settings%\All Users\Application Data\Baidu\BDDownload\bddlp.bca (0 bytes)

The process sdad.exe:1620 makes changes in the file system.

The Trojan-Dropper creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\jquery-1.7.2.min[1].js (41312 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\style[2].css (145 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\b18[1].jpg (3892 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\shehui_509_366[1].htm (2049 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\b17[1].jpg (7663 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\d[1].gif (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\b19[1].jpg (1878 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@mmstat[2].txt (168 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\aaa8[1].jpg (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\Close[1].gif (348 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\aaa5[1].jpg (12687 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\meinv[1].htm (882 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\b16[1].jpg (7132 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\stat[2].gif (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\aaa1[1].jpg (7430 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\nvxing_509_366[2].htm (2047 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\cpc_img[1].htm (884 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\stat[1].php (1177 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (24768 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\b16[1].jpg (9810 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\b17[1].jpg (6746 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\aaa9[1].jpg (2077 bytes)
%Program Files%\shandian\bin\update\PopWinParam.xml (196 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\normal_bg[1].png (6236 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\aaa1[1].jpg (6709 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@cnzz[1].txt (491 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\aaa7[1].jpg (2555 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@70e[1].txt (514 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\aaa4[1].jpg (13211 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@mmstat[1].txt (336 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\stat[3].gif (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\stylemini[1].css (4968 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@70e[2].txt (664 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\b18[2].jpg (3233 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\miniindex[1].htm (4145 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\stat[2].gif (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\aaa8[1].jpg (2118 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\lieqi_509_366[1].htm (2049 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\aaa5[1].jpg (12890 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\aaa4[1].jpg (8974 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\aaa3[1].jpg (15840 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\aaa10[1].jpg (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\cpc_ztyw[1].css (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\min[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\style[1].css (145 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\shehui_509_366[1].htm (2049 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\2012_swf[1].js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\b13[1].jpg (7589 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\b19[1].jpg (2773 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\aaa9[1].jpg (2077 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\close[1].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\cpc_swf[1].asp (2103 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@cnzz.mmstat[2].txt (408 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\ico_new2[1].png (8604 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@565882[1].txt (139 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@cnzz.mmstat[1].txt (611 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\jiankang_509_366[1].htm (2049 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@www.mdtxw[2].txt (694 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\stat[1].gif (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\jiankang_509_366[2].htm (1593 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\b14[2].jpg (6883 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\aaa2[1].jpg (6091 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\core[1].php (798 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\b14[1].jpg (6703 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\aaa10[1].jpg (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\Untitled-2[1].gif (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\xinwen[1].htm (881 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@cnzz[2].txt (328 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\aaa2[1].jpg (7013 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\stat[1].gif (43 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\aaa3[1].jpg (20995 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\stat[1].php (1163 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\lieqi_509_366[1].htm (1593 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\core[2].php (798 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\aaa7[1].jpg (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\b15[1].jpg (4891 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\cpc_img[1].js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\b15[1].jpg (4053 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\tj[1].js (279 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\cpv1[1].htm (1117 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\Untitled-3[1].jpg (4129 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\xinwen[1].htm (881 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\jquery-1.7.2.min[1].js (5103 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\meinv[1].htm (882 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\aaa6[1].jpg (6202 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@zhouliboguju[1].txt (150 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\0[1].swf (7902 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\b13[1].jpg (6566 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\nvxing_509_366[1].htm (2047 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\Untitled-1[1].gif (2240 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@www.mdtxw[1].txt (1013 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\aaa6[1].jpg (5267 bytes)

The Trojan-Dropper deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\style[1].css (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\nvxing_509_366[1].htm (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@cnzz[2].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\style[2].css (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\b18[1].jpg (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\shehui_509_366[1].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\style[1].css (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\aaa1[1].jpg (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@cnzz[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\aaa3[1].jpg (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@70e[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\b19[1].jpg (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\aaa4[1].jpg (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\aaa9[1].jpg (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@mmstat[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\b15[1].jpg (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@70e[2].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@mmstat[2].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\cpc_swf[1].asp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\aaa8[1].jpg (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@cnzz.mmstat[2].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@cnzz.mmstat[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\b16[1].jpg (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\jiankang_509_366[1].htm (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@www.mdtxw[2].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\xinwen[1].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\aaa7[1].jpg (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\aaa5[1].jpg (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\aaa2[1].jpg (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\meinv[1].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\lieqi_509_366[1].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\core[1].php (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\b14[1].jpg (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\cpc_img[1].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\b17[1].jpg (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\b13[1].jpg (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\stat[1].php (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\aaa10[1].jpg (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@www.mdtxw[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\aaa6[1].jpg (0 bytes)

The process %original file name%.exe:816 makes changes in the file system.

The Trojan-Dropper creates and/or writes to the following file(s):

%Program Files%\shandian\ico\360.ico (32 bytes)
%Documents and Settings%\%current user%\Desktop\Internet Explorer.lnk (1 bytes)
%Program Files%\shandian\uninst.exe (2761 bytes)
%Program Files%\shandian\home.bat (691 bytes)
%Program Files%\shandian\bin\shandian.exe (28332 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsy2.tmp\config.ini (3 bytes)
%Program Files%\shandian\ico\ie.ico (700 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\desktop.ini (67 bytes)


&name&mac&md5
&guid&lastver



























&jsonp&t&_stamp




&ufoid&ptype&pcode&rdk&img&sourcelist&titlelist
&ver&gfg&city&pid&c&method&cbf

&rdk&img&pars&suid&sduv&ckid&m&apid&sgtp&refer&page&pageUrl&loc&hp&pid&ptype&pcode&yyid&skin&ver&sys&ser&sev&time





&mainver&popver&xmlver

&ufoid&ptype&pcode&rdk&refer&page&pageUrl&img&vcode
&ids
























&gp&time
















&r&lg&ntime&repeatip&rtime&cnzz_eid&showp&st&sin&t&rnd
&t



&r&lg&ntime&repeatip&rtime&cnzz_eid&showp&st&sin&t&rnd
&rnd
&rnd

&r&lg&ntime&repeatip&rtime&cnzz_eid&showp&st&sin&t&rnd
&rnd
&cna
&cna

&cna







&rnd
&r&lg&ntime&repeatip&rtime&cnzz_eid&showp&st&sin&t&rnd
&rnd
&r&lg&ntime&repeatip&rtime&cnzz_eid&showp&st&sin&t&rnd



&mainver&popver&xmlver



&t













&cna


&rnd

&ids




&jsonp&t&_stamp





&ufoid&ptype&pcode&rdk&img&sourcelist&titlelist



&ufoid&ptype&pcode&rdk&refer&page&pageUrl&img&vcode


&name&mac&md5

&rnd


&cna







&rnd













&rnd



&r&lg&ntime&repeatip&rtime&cnzz_eid&showp&st&sin&t&rnd
&gp&time


&r&lg&ntime&repeatip&rtime&cnzz_eid&showp&st&sin&t&rnd
&rnd


&ver&gfg&city&pid&c&method&cbf

&rdk&img&pars&suid&sduv&ckid&m&apid&sgtp&refer&page&pageUrl&loc&hp&pid&ptype&pcode&yyid&skin&ver&sys&ser&sev&time
&r&lg&ntime&repeatip&rtime&cnzz_eid&showp&st&sin&t&rnd
&cna










&r&lg&ntime&repeatip&rtime&cnzz_eid&showp&st&sin&t&rnd






&r&lg&ntime&repeatip&rtime&cnzz_eid&showp&st&sin&t&rnd

&name&mac&md5

&X<

&&<<>><>&&<>><><<<>

<<<>>>

&r&lg&ntime&repeatip&rtime&cnzz_eid&showp&st&sin&t&rnd

&<&&

<<<>>>

<><><><><><><><><><><><><><

<<<>>>

<><><><><><>&&<&&&&l

<<<>>>

<><><><><><><><>

<<<>>>

<><><><><><><><>

<<<>>>

<><><><><><><><>

<<<>>>

<><><><><><><><><><>

<<<>>>

<><><><><><><><>

<<<>>>

<><><><><><><><>

<<<>>>

&<><>>><&<&i.><<&&<

<<<>>>

&&>>>&>&<<<<&&&T....2Q

<<<>>>

&&D.TdE..t6..U.e.....u..F&>>>>>>&

<<<>>>

>><>>>&bc1l...h..DQ..m..D...4f...b.......1x<><&>&

<<<>>>

<<&>&&V>>>

<<<>>>

&&D.TdE..t6..U.e.....u..F&<<<>

<<<>>>

>&&D.TdE..t6..U.e.....u..F&<<<>>&V...fc.

<<<>>>

&&D.TdE..t6..U.e.....u..F&<>>&<>

<<<>>>

&&D.TdE..t6..U.e.....u..F&<

<<<>>>

&&D.TdE..t6..U.e.....u..F&><<&&><<

<<<>>>

&&D.TdE..t6..U.e.....u..F&>>>>><&

<<<>>>

&&D.TdE..t6..U.e.....u..F&><&&<<&>

<<<>>>

&&D.TdE..t6..U.e.....u..F&>&><

<<<>>>

&&D.TdE..t6..U.e.....u..F&>><>&><

<<<>>>

&&D.TdE..t6..U.e.....u..F&<<<>

<<<>>>

&&D.TdE..t6..U.e.....u..F&>&&&O.W..._........C..T.........gJ..X..<<

<<<>>>

&&D.TdE..t6..U.e.....u..F&<>><

<<<>>>

&&D.TdE..t6..U.e.....u..F&<&>>&&

<<<>>>

&&D.TdE..t6..U.e.....u..F&><<&&><<

<<<>>>

&&D.TdE..t6..U.e.....u..F&>>>>><&

<<<>>>

&&D.TdE..t6..U.e.....u..F&><&&<<&>

<<<>>>

&&D.TdE..t6..U.e.....u..F&>&><

<<<>>>

&&D.TdE..t6..U.e.....u..F&>><>&><

<<<>>>

<<<&L.>&<&<<<

<<<>>>

&&>&<><>>>>&

<<<>>>

&cna

&><<&S....<<<<<>>>&&&<<<&&&KM.M..RM..

<<<>>>

&rdk&img&pars&suid&sduv&ckid&m&apid&sgtp&refer&page&pageUrl&loc&hp&pid&ptype&pcode&yyid&skin&ver&sys&ser&sev&time

&><<&S....<<<<<>>>&&&<<<&&&KM.M..RM..

<<<>>>

&&<<<>>><>>><><><&<

<<<>>>

<<><><><

<<<>>>

<<><<&>><<>&>><>&&v....m....02<<<<

<<<>>>

&&y.5..<<<>&&p........x...r....>

<<<>>>

&&&&<<>&C.r..N.......<<&<&

<<<>>>

<><><><><><><><><><><><><><><><><>

<<<>>>

<&&

>&<&W.>><><&&>&>&><>

<<<>>>

<><><><><><><><><><><><><><>

&r&lg&ntime&repeatip&rtime&cnzz_eid&showp&st&sin&t&rnd

<<<>>>

<><><><><><><><><><>

<<<>>>

<><><><><><><><>

<<<>>>

<><><><><><><><><><><>

<<<>>>

<><><><><><><><>

<<<>>>

<><><><><><><><>

<<<>>>

<><><><><><><><><><><>

<<<>>>

&b.....HmkBF........................................................................&>>&><<&><>><<

<<<>>>

<>>>>&><><<&<<>><<

<<<>>>

&&D.TdE..t6..U.e.....u..F&>>&>>>&>>&&<

<<<>>>

&&D.TdE..t6..U.e.....u..F&>&&&O.W..._........C..T.........gJ..X..<<

<<<>>>

&&D.TdE..t6..U.e.....u..F&<&v.a.Ay......>>>

<<<>>>

&&D.TdE..t6..U.e.....u..F&&&>>

<<<>>>

&&D.TdE..t6..U.e.....u..F&<><>><

<<<>>>

&&D.TdE..t6..U.e.....u..F&<&><&&<<&&>>

<<<>>>

&&D.TdE..t6..U.e.....u..F&<><>>>

<<<>>>

&&D.TdE..t6..U.e.....u..F&>>&>>>&>>&&<

<<<>>>

>&&D.TdE..t6..U.e.....u..F&<<<>>&V...fc.

<<<>>>

&&D.TdE..t6..U.e.....u..F&<>>&<>

<<<>>>

&&D.TdE..t6..U.e.....u..F&<&v.a.Ay......>>>

<<<>>>

&ufoid&ptype&pcode&rdk&img&sourcelist&titlelist

&ufoid&ptype&pcode&rdk&refer&page&pageUrl&img&vcode

<><><><><><><><>

&<&&

<<<>>>

&mainver&popver&xmlver

<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><

<<<>>>

<<&n.-&j..a...91>>><&K..hhA....U.T.J....-.<>>>>&I...&>>

<<<>>>

<<><><><><><><><><><&><&<>&>

<<<>>>

&&><<<><<<>>>>>

<<<>>>

&mainver&popver&xmlver

<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><

<<<>>>

&guid&lastver

<><><><><><><><><><> <><><><><><><><><><><><><><><><><><><><><><><><> <><><><><><><><><><> <><><><><><>

<<<>>>

&guid&lastver

&<<>&<&&&&&<

<<<>>>

&guid&lastver

&><>>&<<&&&>>><<&&

<<<>>>

<><><><><><><><><><>

&><<&S....<<<<<>>>&&&<<<&&&KM.M..RM..

<<<>>>

<><><><><><><><><>><&<<>

<<<>>>

&jsonp&t&_stamp

站长统计&&&n.callRequest&&<><><><><>

<<><><><><><><><><><&><&<>&>

<<<>>>

&&D.TdE..t6..U.e.....u..F&&&>>

<<<>>>

&&D.TdE..t6..U.e.....u..F&<><>><

<<<>>>

&&D.TdE..t6..U.e.....u..F&<&><&&<<&&>>

<<<>>>

&&D.TdE..t6..U.e.....u..F&<><>>>

<<<>>>

<>>>>>&<><><><><

<<<>>>

&gp&time

<><><><><><><><><><><><>

&gp&time

<><><><><><><><><><><><>

<><><><><><><><><><><><><><

<<<>>>

&u2.....pHYs................OiCCPPhotoshop&><<&S....<<<<<>>>&&&<<<&&&KM.M..RM..

<<<>>>

&rnd

&cna

&rnd

&cna

&rnd

&cna

&r&lg&ntime&repeatip&rtime&cnzz_eid&showp&st&sin&t&rnd

<><><><><><><><><><><><><><>

&rnd

&cna

&rnd

&cna

>>><<<<&L...>><&

<<<>>>

<><><><><><><><><>&Adobe.d............................o............................................................................................................................................k._..........................................................................................&p........

<<<>>>

&n..>><&&><&<&&><<><

<<<>>>

<<<>>&>&

<<<>>>

>&&>>&&<>&<<&<

<<<>>>

&<<<&

<<<>>>

<>>>&>&><&<<<>><>&<>&<<<<&mv-...A.l.G

<<<>>>

&ver&gfg&city&pid&c&method&cbf

北京阴有分散性阵雨微风多云微风晴转多云微风多云转晴微风晴转多云微风阴转多云微风多云微风五月初四

<<<>>>

&<<<&

<<<>>>

&ids

<<<>>>

&cna

&<<>&<

<<<>>>

&>>>&&l...>>&&><>><&B><>><&

<<<>>>

<<><><><><><><><><><&><&<>&>

<<<>>>

<<><><><><><><><><><>

<<<>>>

&><<&S....<<<<<>>>&&&<<<&&&KM.M..RM..

<<<>>>

<&><>&&<>&V.&&><<<<<

<<<>>>

><<<<<<<&YD.&>>&k.r<&&&<

<<<>>>

&z..Hv......L...&&&&LLN.T>><

><&O........<&&>&&F...m...9.h..0..&<>><

<<<>>>

&><>&&A.3.n.<<>>><<&i......<>><&<

<<<>>>

<<><><><><><><><><><&><&<>&>

<<<>>>

><>&>>><>&&<<<&<

<<<>>>

站长统计&&&n.callRequest&&<><><><><>

&P......sBIT.....O.....PLTE...

&r&lg&ntime&repeatip&rtime&cnzz_eid&showp&st&sin&t&rnd

&guid&lastver

>>&><>>&&<

<<<>>>

<>"

<""""><>

<""""""><""""><""""""""><><><><><""""""""""""><><><""><><><""""><><><><""><><""><""><><><>

"""""

""""""

"""

""""""

&&&

&&&&

&&&

""""""""

""""""

"""""

<>&

&<<>>

""""

<"""">

"ï"

<<><><><><><><><><><><><><><>"<><><<><><><><><><><><><><><><><><><><><>&&&&<><><><><><><<><><><><><><><><><><><>&&<><><><><><><><><<><>&&<><><><>><><><><><><><><><><><><>><><>&&&&&&&&<><><><><><><><><><><><><""""><><><""""><><><><><><><><><><><><><><><><><><><><><><><><><><><>"&&&&&&"<><><><>"""&"<><>"""&"<><><><><><>""<><><><><><><><><><><><><><>""><><>""<><><><><><><>""<><>""<><>""<><><""""""><""><""""""><><><><><""><""<><><>""<><>""<><><><>""<><>""<><><><><><>""""""<><><><><><>""""""<><>""""<><><><><><>""""<><>""<><>""<><><><><""""""""""""><""><><><><><""""""><><><><""""><><><><"">"<>""<>"<><><><><><""""""><><>""<><>""<><>""""<><>""<><><><><><><><><><><><>""<><>""<><><><><><><><><><>""<><>""<><>""<><>""<><>""<><>""<><><><>""<><>""<><><><>""<><>""<><><><><><><><><><>""<><>""<><><><>""<><>""<><>""<><><><><><><><>""<><>""<><>""<><><><>"<""><""><>"<><>""<><><><><><><><><><><><><><>""<><>""<><><><><><><><><><>""<><><><><><>""<><><><><><><><>""<><><><><><><><><><>"<"">"<><>"<""""><>"<><>""<><><><>""<><><><>""<><>""<><><><><><><><>""<><><><><><><><><><>><><><><><""""> <""><><""><><><><><><><""><><><><""> <><><><""""> <""""""""><><><><""><><><><""><""""""""><><><><""><><><><""><""""><><><><""><><><><""><><><><""><><><><""><><><><""><><><><""><><><><""""""""><><><""><><><><""><><><><""><><><><""><><><><""><><><><""><><><><""><><><><""><><><><""><><><><""><><><><""><><><><""><><><><""><><><><""><><><><""""><""""""""""""><><><><""><><><><""><><><><""><><><><""><><><><""><><><><""><><><><""><><><><""><><><><"">"<"""""""">"<><><><"">"<"""""""">"<><><>"<""><"">""<><"">""<><"">""<><>"<><>"<><>"<><>"<><>"<><>"<><>"<><>""<><>""<><>""<><><""""""><><><<><><><>""<><><><><><>""<><><><><""><><><><""""""><><><><""><><><><><""""><><><><><><><><""""><><><><><><><""><""""""><><><><""><><><><""><><><><><><><""><><><><><><><><""><><><><><><><""><><><><><><><><""><><><>"<"">"<><>""<><>""<><>""<><>""<><>""<><>"<>"<><>"<"">"<><><>"<""""""><>"<><>"<>