Trojan.NSIS.StartPage_1950573131 – Adaware

Trojan-Downloader.Win32.Genome.gzzj (Kaspersky), Trojan.NSIS.StartPage.FD, Trojan.Win32.Delphi.FD, Trojan.Win32.Iconomon.FD, Trojan.Win32.IEDummy.FD, Trojan.Win32.Sasfis.FD, Trojan.Win32.Swrort.3.FD, VirTool.Win32.DelfInject.FD, mzpefinder_pcap_file.YR, GenericPhysicalDrive0.YR (Lavasoft MAS)Behaviour: Trojan-Downloader, Trojan, VirTool

The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Summary

MD5: 19505731311ac35036f063eaca0b988a

SHA1: ab7769559dda2fde69413d8a21402c122eae0feb

SHA256: 906122bcd2546c572436c32f5f8580a72867c45bdb69b50260009c08eaa05024

SSDeep: 24576:zcRGmay4PA5NLqDYXyvDB2NeJfGaJYk1UsRNhwcOc8:oGfQNuN7seJ 2Yk/twXL

Size: 1123653 bytes

File type: EXE

Platform: WIN32

Entropy: Packed

PEID: UPolyXv05_v6

Company: Live Soft Action S.R.L.

Created at: 2009-06-07 00:41:59

Analyzed on: WindowsXP SP3 32-bit

Summary: Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Dynamic Analysis

Payload

No specific payload has been found.

Process activity

The Trojan creates the following process(es):

BaiduSd.exe:3992
shandian.exe:496
shandian.exe:212
pczh_98_2.exe:3288
F30241_s_0523.exe:1704
BaiduSdTray.exe:3184
mscorsvw.exe:1912
bddownloader.exe:3708
kuping_b_54282.exe:2428
regsvr32.exe:3576
regsvr32.exe:3880
BaiduSdSvc.exe:3048
BaiduSdSvc.exe:2944
netsh.exe:3852
BDKVWsc.exe:3576
RegSvr32.exe:3592
RegSvr32.exe:3744
BDDownloader.exe:3348
BDDownloader.exe:3524

The Trojan injects its code into the following process(es):

%original file name%.exe:1988
emaaif_70690.exe:1320
sdad.exe:1928
iexplore.exe:1676
Ainqngz3.9.exe:2152
jistlo.exe:2448
services.exe:760
svchost.exe:1096

File activity

The process shandian.exe:496 makes changes in the file system.

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\~DFBC1B.tmp (0 bytes)

The process shandian.exe:212 makes changes in the file system.

The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\foot_slider[1].jpg (322 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\texture[1].gif (1565 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\fbg_about[1].png (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\welcome_cn[1].htm (1469 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\123.sogou[1].htm (5637 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\ufo2[1].js (11796 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\v53_arrow_h[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\guide_tip[1].png (990 bytes)
%Program Files%\shandian\bin\twcache.ini (696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\rec[1].do (374 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\icon4[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\main[1].js (5034 bytes)
%Program Files%\shandian\bin\ImgCache\123.sogou.com_favicon.ico (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\DD_belatedPNG_0.0.8a-min[2].js (254 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\guide_tip[1].png (1012 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\subnav_v41[1].png (634 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\VGX3.tmp (10 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@sogou[2].txt (316 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\20140508103513_537[1].gif (6023 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\20140528121906_70[1].jpg (186 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\123.sogou[1] (7253 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@123.sogou[2].txt (1879 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\20130830161205_609[1].gif (1858 bytes)
%Program Files%\shandian\bin\shandian.ini.tmp (244 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\img-news[1].gif (225 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\i8g7XZO1lz1162[1].jpg (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\20140526163446_912[1].jpg (737 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@123.sogou[1].txt (1398 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\20140526163242_997[1].jpg (186 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\newioage[1].css (715 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\skin2_0[1].gif (592 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\citydata[2].js (5378 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\new-ico[1].png (211 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@sogou[1].txt (134 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\_ads_2[2].js (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\skin_[1].css (21 bytes)
%Program Files%\shandian\bin\theworld.ac (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\guide_top[1].jpg (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\v53_123n[1].js (2326 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\main[2].js (4631 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\20140526170756_638[1].jpg (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\20140527162400_1[1].jpg (3534 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\get_123_v53[1].php (14900 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\citydata[1].js (4272 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\cloudy[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\20130820165531_481[1].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\20130531144119_126[1].png (3182 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\titlebg[1].png (634 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\v53_bicos[1].gif (826 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\selogo_111207[1].png (1400 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\setting_icon[1].gif (76 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\v53_2icos[1].gif (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\selogo_111207[2].png (780 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\v33_sugg_ajaj_v40_3[2].js (1187 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\logo_1112293[1].gif (1266 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@wan.sogou[1].txt (193 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\skin3[1].gif (1266 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\mE8bXnNioe2802[1].jpg (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\ufo2[2].js (12237 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\favicon[1].ico (681 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\get_tj[1].php (1199 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\cloudy[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\i-ico-2b[1].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\search_arrow[1].gif (447 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\20140526163043_207[1].jpg (1264 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\new-erweima2[1].png (3330 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\hotdata[1].js (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\start_button[1].jpg (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\skin_tips_n1[1].gif (1 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (8676 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\v53_123n[2].js (3166 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\_ads_2[1].js (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\setskinbg[1].gif (397 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\hotdata[2].js (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\selogo_111207[1].png (1858 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\DD_belatedPNG_0.0.8a-min[1].js (678 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\v33_sugg_ajaj_v40_3[1].js (1352 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\citydata[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\cloudy[1].gif (0 bytes)
%Program Files%\shandian\bin\shandian.ini (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\ufo2[1].js (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@123.sogou[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012013041720130418\index.dat (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\main[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\MSHist012013041720130418 (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@sogou[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\_ads_2[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\guide_tip[1].png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\v33_sugg_ajaj_v40_3[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\v53_123n[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\DD_belatedPNG_0.0.8a-min[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\hotdata[1].js (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@123.sogou[2].txt (0 bytes)

The process %original file name%.exe:1988 makes changes in the file system.

The Trojan creates and/or writes to the following file(s):

%Program Files%\shandian\ico\360.ico (32 bytes)
%Documents and Settings%\%current user%\Desktop\Internet Explorer.lnk (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsa2.tmp\emaaif_70690.exe (12288 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsa2.tmp\System.dll (11 bytes)
%Program Files%\shandian\bin\shandian.ini (74 bytes)
%Program Files%\shandian\home.bat (691 bytes)
%Program Files%\shandian\bin\shandian.exe (28332 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsa2.tmp\F30241_s_0523.exe (91814 bytes)
%Program Files%\shandian\ico\ie.ico (700 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\F30241_s_0523[1].rar (91814 bytes)


&ac&name&mac&md5
&name&mac&md5

&guid&lastver




























&ver&gfg&city&pid&c&method&cbf

&rdk&img&pars&suid&sduv&ckid&m&apid&sgtp&refer&page&pageUrl&loc&hp&pid&ptype&pcode&yyid&skin&ver&sys&ser&sev&time




&mainver&popver&xmlver
&jsonp&t&_stamp
&ufoid&ptype&pcode&rdk&img&sourcelist&titlelist


&ufoid&ptype&pcode&rdk&refer&page&pageUrl&img&vcode

&ids

























&gp&time















&r&lg&ntime&repeatip&rtime&cnzz_eid&showp&st&sin&t&rnd
&r&lg&ntime&repeatip&rtime&cnzz_eid&showp&st&sin&t&rnd
&t



&rnd
&rnd


&r&lg&ntime&repeatip&rtime&cnzz_eid&showp&st&sin&t&rnd
&rnd

&cna

&cna

&cna




&rnd
&r&lg&ntime&repeatip&rtime&cnzz_eid&showp&st&sin&t&rnd
&rnd
&r&lg&ntime&repeatip&rtime&cnzz_eid&showp&st&sin&t&rnd



&cna



&rnd

&t







&r&lg&ntime&repeatip&rtime&cnzz_eid&showp&st&sin&t&rnd





&ids
&guid&lastver











&r&lg&ntime&repeatip&rtime&cnzz_eid&showp&st&sin&t&rnd
&rnd






&r&lg&ntime&repeatip&rtime&cnzz_eid&showp&st&sin&t&rnd
&ver&gfg&city&pid&c&method&cbf
&r&lg&ntime&repeatip&rtime&cnzz_eid&showp&st&sin&t&rnd

&rnd








&ufoid&ptype&pcode&rdk&refer&page&pageUrl&img&vcode



&r&lg&ntime&repeatip&rtime&cnzz_eid&showp&st&sin&t&rnd

&rnd










&jsonp&t&_stamp


&ufoid&ptype&pcode&rdk&img&sourcelist&titlelist


&cna

&gp&time


&cna


&rnd







&rdk&img&pars&suid&sduv&ckid&m&apid&sgtp&refer&page&pageUrl&loc&hp&pid&ptype&pcode&yyid&skin&ver&sys&ser&sev&time

<<><><><><><><><><><&><&<>&>

<<<>>>

<<><><><

<<<>>>

&r&lg&ntime&repeatip&rtime&cnzz_eid&showp&st&sin&t&rnd

&&D.TdE..t6..U.e.....u..F&>>&>>>&>>&&<

<<<>>>

&&D.TdE..t6..U.e.....u..F&&&>>

<<<>>>

&&D.TdE..t6..U.e.....u..F&><<&&><<

<<<>>>

&&D.TdE..t6..U.e.....u..F&>>>>><&

<<<>>>

&&D.TdE..t6..U.e.....u..F&<><>><

<<<>>>

&&D.TdE..t6..U.e.....u..F&<&><&&<<&&>>

<<<>>>

&&D.TdE..t6..U.e.....u..F&>&><

<<<>>>

&&D.TdE..t6..U.e.....u..F&>><>&><

<<<>>>

&gp&time

<><><><><><><><><><><><>

<><><><><><><><><><><><><><><><><>

<<<>>>

&&D.TdE..t6..U.e.....u..F&&&>>

<<<>>>

&&D.TdE..t6..U.e.....u..F&<><>>>

<<<>>>

&mainver&popver&xmlver

<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><

<<<>>>

&r&lg&ntime&repeatip&rtime&cnzz_eid&showp&st&sin&t&rnd

<<&n.-&j..a...91>>><&K..hhA....U.T.J....-.<>>>>&I...&>>

<<<>>>

&r&lg&ntime&repeatip&rtime&cnzz_eid&showp&st&sin&t&rnd

<&><>&&<>&V.&&><<<<<

<<<>>>

><<<<<<<&YD.&>>&k.r<&&&<

<<<>>>

&z..Hv......L...&&&&LLN.T>><

&><>&&A.3.n.<<>>><<&i......<>><&<

<<<>>>

<<><><><><><><><><><&><&<>&>

<<<>>>

<><><><><><><><><><><><><><

<<<>>>

站长统计&&&n.callRequest&&<><><><><>

<><><><><><><><><><><><><><>

&&<<>><>&&<>><><<<>

<<<>>>

<<<&L.>&<&<<<

<<<>>>

<>><&>&>>

<><><><><><><><>

>>><<<<&L...>><&

<<<>>>

&P......sBIT.....O.....PLTE...

&n..>><&&><&<&&><<><

<<<>>>

<><><><><><><><><><>

>&<&W.>><><&&>&>&><>

<<<>>>

<>>>&>&><&<<<>><>&<>&<<<<&mv-...A.l.G

<<<>>>

<<<>>&>&

<<<>>>

>&&&&<>>><

<<<>>>

&<<<&

<<<>>>

&ids

<<<>>>

&ver&gfg&city&pid&c&method&cbf

北京多云转阴微风阴有分散性阵雨微风阴转晴微风晴转多云微风多云微风多云微风阴微风五月初三

<<<>>>

&<<<&

<<<>>>

&><<&S....<<<<<>>>&&&<<<&&&KM.M..RM..

<<<>>>

<>&<&>&&&><

<<<>>>

&><<&S....<<<<<>>>&&&<<<&&&KM.M..RM..

<<<>>>

<><><><><><><><><><><><><><>

<<><><><><><><><><><>

<<<>>>

&ac&name&mac&md5

<<<>>>

&gp&time

<><><><><><><><><><><><><><><><><><><><><><><><>

&name&mac&md5

&X<&X<

<<<>>>

&<<>&<

<<><><><><><><><><><&><&<>&>

<<<>>>

<><><><><><><><><><>

<<<>>>

<><><><><><><><>

<<<>>>

<><><><><><><><>

<<<>>>

<><><><><><><><><><>

<<<>>>

<><><><><><><><>

<<<>>>

<><><><><><><><>

<<<>>>

&&>>>&>&<<<<&&&T....2Q

<<<>>>

&&D.TdE..t6..U.e.....u..F&>>>>>>&

<<<>>>

<>>>>&><><<&<<>><<

&&D.TdE..t6..U.e.....u..F&<<<>

<<<>>>

>&&D.TdE..t6..U.e.....u..F&<<<>>&V...fc.

<<<>>>

&&D.TdE..t6..U.e.....u..F&>&&&O.W..._........C..T.........gJ..X..<<

<<<>>>

&&D.TdE..t6..U.e.....u..F&<&v.a.Ay......>>>

<<<>>>

&rdk&img&pars&suid&sduv&ckid&m&apid&sgtp&refer&page&pageUrl&loc&hp&pid&ptype&pcode&yyid&skin&ver&sys&ser&sev&time

&ufoid&ptype&pcode&rdk&img&sourcelist&titlelist

&ufoid&ptype&pcode&rdk&refer&page&pageUrl&img&vcode

&guid&lastver

<><><><><><><><><><> <><><><><><><><><><><><><><><><><><><><><><><><> <><><><><><><><><><> <><><><><><>

<<<>>>

&guid&lastver

>>&><>>&&<

<<<>>>

&guid&lastver

&><>>&<<&&&>>><<&&

<<<>>>

&mainver&popver&xmlver

<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><

<<<>>>

&cna

><>&>>><>&&<<<&<

<<<>>>

<&&

&&&&<<>&C.r..N.......<<&<&

<<<>>>

&rnd

&cna

&rnd

&cna

&><<&S....<<<<<>>>&&&<<<&&&KM.M..RM..

<<<>>>

&u2.....pHYs................OiCCPPhotoshop&><<&S....<<<<<>>>&&&<<<&&&KM.M..RM..

<<<>>>

站长统计&&&n.callRequest&&<><><><><>

&ac&name&mac&md5

<<<>>>

>>><<<<&L...>><&

<<<>>>

&<&&

<<<>>>

<>>>>>&<><><><><

<<<>>>

&cna

&jsonp&t&_stamp

<><><><><><><><><><><><><><

<<<>>>

<><><><><><>&&<&&&&l

<<<>>>

<><><><><><><><>

<<<>>>

<><><><><><><><>

<<<>>>

<><><><><><><><><><><>

<<<>>>

<><><><><><><><>

<<<>>>

<><><><><><><><>

<<<>>>

<><><><><><><><><><><>

<<<>>>

&<><>>><&<&i.><<&&<

<<<>>>

&b.....HmkBF........................................................................&>>&><<&><>><<

<<<>>>

>><>>>&bc1l...h..DQ..m..D...4f...b.......1x<><&>&

<<<>>>

<<&>&&V>>>

<<<>>>

&&D.TdE..t6..U.e.....u..F&>>&>>>&>>&&<

<<<>>>

&&D.TdE..t6..U.e.....u..F&<>>&<>

<<<>>>

&&D.TdE..t6..U.e.....u..F&<>><

<<<>>>

&&D.TdE..t6..U.e.....u..F&<&>>&&

<<<>>>

&&D.TdE..t6..U.e.....u..F&><<&&><<

<<<>>>

&&D.TdE..t6..U.e.....u..F&>>>>><&

<<<>>>

&&D.TdE..t6..U.e.....u..F&<><>><

<<<>>>

&&D.TdE..t6..U.e.....u..F&><&&<<&>

<<<>>>

&&D.TdE..t6..U.e.....u..F&<&><&&<<&&>>

<<<>>>

&&D.TdE..t6..U.e.....u..F&>&><

<<<>>>

&&D.TdE..t6..U.e.....u..F&>><>&><

<<<>>>

&&D.TdE..t6..U.e.....u..F&<<<>

<<<>>>

>&&D.TdE..t6..U.e.....u..F&<<<>>&V...fc.

<<<>>>

&&D.TdE..t6..U.e.....u..F&>&&&O.W..._........C..T.........gJ..X..<<

<<<>>>

&&D.TdE..t6..U.e.....u..F&<>>&<>

<<<>>>

&&D.TdE..t6..U.e.....u..F&<&v.a.Ay......>>>

<<<>>>

&&D.TdE..t6..U.e.....u..F&<>><

<<<>>>

&guid&lastver

&<<>&<&&&&&<

<<<>>>

&rnd

&cna

&rnd

&cna

&rnd

&cna

&&D.TdE..t6..U.e.....u..F&<&>>&&

<<<>>>

&&D.TdE..t6..U.e.....u..F&><&&<<&>

<<<>>>

&&D.TdE..t6..U.e.....u..F&<><>>>

<<<>>>

<><><><><><><><><>><&<<>

<<<>>>

<><><><><><><><><>&>>

<<<>>>

<<>>><&>

<<<>>>

&r&lg&ntime&repeatip&rtime&cnzz_eid&showp&st&sin&t&rnd

><&O........<&&>&&F...m...9.h..0..&<>><

<<<>>>

&>>>&&l...>>&&><>><&B><>><&

<<<>>>

<<><><><><><><><><><&><&<>&>

<<<>>>

&&y.5..<<<>&&p........x...r....>

<<<>>>

<>"

"""""

""""

<""""><>

<""""""><""""><""""""""><><><><><""""""""""""><><><""><><><""""><><><><""><><""><""><><><>

"""""

""""""

"""

""""""

&&&

&&&&

&&&

""""""""

""""""

"""""

<>&

&<<>>

""""

<"""">

"ï"

<<><><><><><><><><><><><><><>"<><><<><><><><><><><><><><><><><><><><><>&&&&<><><><><><><<><><><><><><><><><><><>&&<><><><><><><><><<><>&&<><><><>><><><><><><><><><><><><>><><>&&&&&&&&<><><><><><><><><><><><><""""><><><""""><><><><><><><><><><><><><><><><><><><><><><><><><><><>"&&&&&&"<><><><>"""&"<><>"""&"<><><><><><>""<><><><><><><><><><><><><><>""><><>""<><><><><><><>""<><>""<><>""<><><""""""><""><""""""><><><><><""><""<><><>""<><>""<><><><>""<><>""<><><><><><>""""""<><><><><><>""""""<><>""""<><><><><><>""""<><>""<><>""<><><><><""""""""""""><""><><><><><""""""><><><><""""><><><><"">"<>""<>"<><><><><><""""""><><>""<><>""<><>""""<><>""<><><><><><><><><><><><>""<><>""<><><><><><><><><><>""<><>""<><>""<><>""<><>""<><>""<><><><>""<><>""<><><><>""<><>""<><><><><><><><><><>""<><>""<><><><>""<><>""<><>""<><><><><><><><>""<><>""<><>""<><><><>"<""><""><>"<><>""<><><><><><><><><><><><><><>""<><>""<><><><><><><><><><>""<><><><><><>""<><><><><><><><>""<><><><><><><><><><>"<"">"<><>"<""""><>"<><>""<><><><>""<><><><>""<><>""<><><><><><><><>""<><><><><><><><><><>><><><><><""""> <""><><""><><><><><><><""><><><><""> <><><><""""> <""""""""><><><><""><><><><""><""""""""><><><><""><><><><""><""""><><><><""><><><><""><><><><""><><><><""><><><><""><><><><""><><><><""""""""><><><""><><><><""><><><><""><><><><""><><><><""><><><><""><><><><""><><><><""><><><><""><><><><""><><><><""><><><><""><><><><""><><><><""><><><><""""><""""""""""""><><><><""><><><><""><><><><""><><><><""><><><><""><><><><""><><><><""><><><><""><><><><"">"<"""""""">"<><><><"">"<"""""""">"<><><>"<""><"">""<><"">""<><"">""<><>"<><>"<><>"<><>"<><>"<><>"<><>"<><>""<><>""<><>""<><><""""""><><><<><><><>""<><><><><><>""<><><><><""><><><><""""""><><><><""><><><><><""""><><><><><><><><""""><><><><><><><""><""""""><><><><""><><><><""><><><><><><><""><><><><><><><><""><><><><><><><""><><><><><><><><""><><><>"<"">"<><>""<><>""<><>""<><>""<><>""<><>"<>"<><>"<"">"<><><>"<""""""><>"<><>"<>

Summary

Dynamic Analysis

Related articles