Trojan.Win32.FlyStudio_8610d33899
Trojan-PSW.Win32.MSNPassword.FD, Trojan.Win32.FlyStudio.FD, GenericEmailWorm.YR, TrojanFlyStudio.YR (Lavasoft MAS) Behaviour: Trojan-PSW, Trojan, Worm, EmailWorm
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: 8610d3389910f888de0d0ebe1a3ce061
SHA1: c00bb493133dff19eb9abfd3578772635475c7c8
SHA256: a96ecede8c9e45e5ee537ef6bfe369cca50f73b089750755a12e9dc72a4b2bd7
SSDeep: 24576:hnaFZnMf5AJt57zCOrG/RN6RG 7ZzHD20WYyb60asfs uBYTO:henMaXra5N6Rv1cW/svjTO
Size: 1888256 bytes
File type: EXE
Platform: WIN32
Entropy: Not Packed
PEID: UPolyXv05_v6, MicrosoftVisualC, MicrosoftVisualCv50v60MFC, MicrosoftVisualC50, Armadillov171
Company: no certificate found
Created at: 2016-05-22 09:11:00
Analyzed on: Windows7 SP1 32-bit
Summary: Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).
Dynamic Analysis
Payload
| Behaviour | Description |
|---|---|
| EmailWorm | Worm can send e-mails. |
Process activity
The Trojan creates the following process(es): No processes have been created. The Trojan injects its code into the following process(es):
%original file name%.exe:2928
Mutexes
The following mutexes were created/opened: No objects were found.
File activity
The process %original file name%.exe:2928 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\taskMgr[1].js (193 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\comm_util[1].js (73 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\S99OLKTL.txt (91 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Internet Explorer\DOMStore\WMZUWJRG\xf.faxuan[1].xml (199 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\views[1].js (69642 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\login_1_s[1].js (742 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\jquery.min[2].js (54106 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\QB2Y37I3.txt (83 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\comm_serv[1].js (25 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\public[1].css (3973 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\switch[1].png (363 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\orhon-U2M[1].js (865 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\comm_validatebox_customtooltip[1].js (196 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\bg_pwd[1].png (737 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\up[1].png (347 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\jsrender[1].js (6568 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\topnav_bg[1].jpg (5206 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\bg_user[1].png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\comm_cookies[1].js (25 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\form-validate[1].js (14936 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\login[1].css (1132 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\map[1].png (31018 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\orhonmclib.min[1].js (8142 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\gc[1].jpg (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\id[1].gif (35 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\comm_popwin[1].js (441 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\xf_faxuan_net[1].htm (628 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\E2YBQL3V.txt (119 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\comm_validatebox_rules[1].js (606 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\QVU3JNLU.txt (229 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\popwin_style[1].css (25 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\easyui[1].css (24032 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\bg_login[1].jpg (19558 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\json2.min[1].js (616 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\icon_qq[1].png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\contains[1].js (4806 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\i[1].js (20032 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\login_1_v[1].js (3405 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\jquery.cookie[1].js (25 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\popwin[1].css (25 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\icon_phone[1].png (625 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\r[1].htm (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\id[1].htm (434 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\TCH2R76M.txt (229 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\comm_customFuncTip[1].js (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\icon[1].css (73 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\base[1].js (2093 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\7RZVBA01.txt (399 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\userpoint_1_s[1].js (25 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\orhonmatrixfont[1].css (25 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\tooltipster_style[1].css (486 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\logo[1].png (5173 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\comm_resources[1].js (73 bytes)
The Trojan deletes the following file(s):
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\QVU3JNLU.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\id[1].gif (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\TCH2R76M.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\QB2Y37I3.txt (0 bytes)
Registry activity
The process %original file name%.exe:2928 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:
[HKCU\Software\Microsoft\Internet Explorer\DOMStorage\Total]
"(Default)" = "91293"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "1463897460"
"Name" = "%original file name%.exe"
[HKLM\SOFTWARE\Microsoft\Tracing\8610d3389910f888de0d0ebe1a3ce061_RASMANCS]
"ConsoleTracingMask" = "4294901760"
"EnableConsoleTracing" = "0"
[HKLM\SOFTWARE\Microsoft\Tracing\8610d3389910f888de0d0ebe1a3ce061_RASAPI32]
"EnableConsoleTracing" = "0"
"ConsoleTracingMask" = "4294901760"
"FileDirectory" = "%windir%\tracing"
[HKCU\Software\Microsoft\Internet Explorer\DOMStorage\faxuan.net]
"(Default)" = "20"
[HKLM\SOFTWARE\Microsoft\Tracing\8610d3389910f888de0d0ebe1a3ce061_RASAPI32]
"EnableFileTracing" = "0"
"FileTracingMask" = "4294901760"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 3C 00 00 00 09 00 00 00 00 00 00 00"
[HKLM\SOFTWARE\Microsoft\Tracing\8610d3389910f888de0d0ebe1a3ce061_RASMANCS]
"FileDirectory" = "%windir%\tracing"
[HKLM\SOFTWARE\Microsoft\Tracing\8610d3389910f888de0d0ebe1a3ce061_RASAPI32]
"MaxFileSize" = "1048576"
[HKLM\SOFTWARE\Microsoft\Tracing\8610d3389910f888de0d0ebe1a3ce061_RASMANCS]
"MaxFileSize" = "1048576"
"FileTracingMask" = "4294901760"
[HKCU\Software\Microsoft\Multimedia\DrawDib]
"vga.drv 1276x846x32(BGR 0)" = "31,31,31,31"
[HKLM\SOFTWARE\Microsoft\Tracing\8610d3389910f888de0d0ebe1a3ce061_RASMANCS]
"EnableFileTracing" = "0"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Trojan deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"ProxyOverride"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
"ProxyBypass"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
Dropped PE files
There are no dropped PE files.
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):No processes have been created.
- Delete the original Trojan file.
- Delete or disinfect the following files created/modified by the Trojan:
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\taskMgr[1].js (193 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\comm_util[1].js (73 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\S99OLKTL.txt (91 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Internet Explorer\DOMStore\WMZUWJRG\xf.faxuan[1].xml (199 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\views[1].js (69642 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\login_1_s[1].js (742 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\jquery.min[2].js (54106 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\QB2Y37I3.txt (83 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\comm_serv[1].js (25 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\public[1].css (3973 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\switch[1].png (363 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\orhon-U2M[1].js (865 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\comm_validatebox_customtooltip[1].js (196 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\bg_pwd[1].png (737 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\up[1].png (347 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\jsrender[1].js (6568 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\topnav_bg[1].jpg (5206 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\bg_user[1].png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\comm_cookies[1].js (25 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\form-validate[1].js (14936 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\login[1].css (1132 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\map[1].png (31018 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\orhonmclib.min[1].js (8142 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\gc[1].jpg (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\id[1].gif (35 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\comm_popwin[1].js (441 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\xf_faxuan_net[1].htm (628 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\E2YBQL3V.txt (119 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\comm_validatebox_rules[1].js (606 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\QVU3JNLU.txt (229 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\popwin_style[1].css (25 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\easyui[1].css (24032 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\bg_login[1].jpg (19558 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\json2.min[1].js (616 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\icon_qq[1].png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\contains[1].js (4806 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\i[1].js (20032 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\login_1_v[1].js (3405 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\jquery.cookie[1].js (25 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\popwin[1].css (25 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\icon_phone[1].png (625 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\r[1].htm (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\id[1].htm (434 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\TCH2R76M.txt (229 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\comm_customFuncTip[1].js (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\icon[1].css (73 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\base[1].js (2093 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\7RZVBA01.txt (399 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\userpoint_1_s[1].js (25 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\orhonmatrixfont[1].css (25 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\tooltipster_style[1].css (486 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\logo[1].png (5173 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\comm_resources[1].js (73 bytes) - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Reboot the computer.
Static Analysis
VersionInfo
No information is available.
No information is available.
PE Sections
| Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
|---|---|---|---|---|---|
| .text | 4096 | 866263 | 868352 | 4.47758 | 16c6a569d59ac444f71f7ffd2453ab39 |
| CODE | 872448 | 338768 | 339968 | 4.57896 | 2acdb705e40e5832b663b1ab65dbe92c |
| .rdata | 1212416 | 373196 | 376832 | 4.4531 | badc389810e59620b12f03e6900a883d |
| .data | 1589248 | 475147 | 69632 | 3.66069 | 924848d6abe71110bd3dcdf413b4a045 |
| DATA | 2068480 | 69260 | 69632 | 5.14555 | fb3673f94b0b6aa3d257c6a5fb6cabba |
| BSS | 2138112 | 25785 | 28672 | 0 | cf845a781c107ec1346e849c9dd1b7e8 |
| .rsrc | 2166784 | 127432 | 131072 | 2.28929 | 0871a8f30e7e4e72f9412b5986185fd1 |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Network Activity
URLs
| URL | IP |
|---|---|
| hxxp://xf.faxuan.net/ |  27.221.53.18 |
| hxxp://xf.faxuan.net/baseui/vendor/easyui14/themes/easyui.css | 27.221.53.18 |
| hxxp://xf.faxuan.net/baseui/vendor/json2.min.js | 27.221.53.18 |
| hxxp://xf.faxuan.net/baseui/vendor/jquery/jquery.min.js | 27.221.53.18 |
| hxxp://xf.faxuan.net/baseui/vendor/jquery/jquery.cookie.js | 27.221.53.18 |
| hxxp://xf.faxuan.net/baseui/vendor/easyui14/themes/icon.css | 27.221.53.18 |
| hxxp://xf.faxuan.net/baseui/js/comm_util.js | 27.221.53.18 |
| hxxp://xf.faxuan.net/baseui/js/comm_cookies.js | 27.221.53.18 |
| hxxp://xf.faxuan.net/baseui/js/comm_serv.js | 27.221.53.18 |
| hxxp://xf.faxuan.net/baseui/style/common/tooltipster_style.css | 27.221.53.18 |
| hxxp://xf.faxuan.net/baseui/style/common/popwin_style.css | 27.221.53.18 |
| hxxp://xf.faxuan.net/bps/common/comm_resources.js | 27.221.53.18 |
| hxxp://xf.faxuan.net/bps/userpoint/s/userpoint_1_s.js | 27.221.53.18 |
| hxxp://xf.faxuan.net/bps/login/s/login_1_s.js | 27.221.53.18 |
| hxxp://xf.faxuan.net/bps/login/v/login_1_v.js | 27.221.53.18 |
| hxxp://wpa.b.qq.com/cgi/wpa.php | 14.17.43.53 |
| hxxp://xf.faxuan.net/baseui/js/index/orhonmclib.min.js | 27.221.53.18 |
| hxxp://xf.faxuan.net/baseui/js/index/orhon-U2M.js | 27.221.53.18 |
| hxxp://xf.faxuan.net/baseui/style/newcss/public.css?v=20160911 | 27.221.53.18 |
| hxxp://xf.faxuan.net/baseui/vendor/jsrender.js | 27.221.53.18 |
| hxxp://xf.faxuan.net/baseui/style/newcss/login.css?v=20160911 | 27.221.53.18 |
| hxxp://xf.faxuan.net/baseui/style/popwin.css | 27.221.53.18 |
| hxxp://xf.faxuan.net/baseui/style/orhonmatrixfont.css | 27.221.53.18 |
| hxxp://xf.faxuan.net/baseui/images/up.png | 27.221.53.18 |
| hxxp://xf.faxuan.net/baseui/vendor/easyui14/lib/base.js | 27.221.53.18 |
| hxxp://xf.faxuan.net/baseui/vendor/easyui14/lib/form-validate.js | 27.221.53.18 |
| hxxp://xf.faxuan.net/baseui/js/widget/comm_validatebox_customtooltip.js?_=1489883499423 | 27.221.53.18 |
| hxxp://xf.faxuan.net/baseui/js/widget/comm_validatebox_rules.js?_=1489883499424 | 27.221.53.18 |
| hxxp://xf.faxuan.net/baseui/js/widget/comm_customFuncTip.js?_=1489883499425 | 27.221.53.18 |
| hxxp://xf.faxuan.net/baseui/js/widget/comm_popwin.js?_=1489883499426 | 27.221.53.18 |
| hxxp://xf.faxuan.net/baseui/images/topnav_bg.jpg | 27.221.53.18 |
| hxxp://xf.faxuan.net/baseui/images/login/bg_login.jpg | 27.221.53.18 |
| hxxp://xf.faxuan.net/baseui/images/login/logo.png | 27.221.53.18 |
| hxxp://xf.faxuan.net/baseui/images/login/map.png | 27.221.53.18 |
| hxxp://p21.tcdn.qq.com/c/=/crm/wpa/release/3.3.7/wpa/ta.js,/crm/wpa/release/3.3.7/wpa/kfuin.js,/crm/wpa/release/3.3.7/wpa/sid.js,/crm/wpa/release/3.3.7/util/titleFlash.js,/crm/wpa/release/3.3.7/util/className.js,/crm/wpa/release/3.3.7/util/Style.js,/crm/wpa/release/3.3.7/util/taskMgr.js?v=3.3.7.20160126 | |
| hxxp://p21.tcdn.qq.com/c/=/crm/wpa/release/3.3.7/wpa/APIs/addCustom.js,/crm/wpa/release/3.3.7/lang/extend.js,/crm/wpa/release/3.3.7/util/domain.js,/crm/wpa/release/3.3.7/wpa/WPA.js,/crm/wpa/release/3.3.7/wpa/wpaMgr.js,/crm/wpa/release/3.3.7/lang/browser.js,/crm/wpa/release/3.3.7/util/proxy.js,/crm/wpa/release/3.3.7/util/pad.js,/crm/wpa/release/3.3.7/util/Bits.js,/crm/wpa/release/3.3.7/util/getJSONP.js,/crm/wpa/release/3.3.7/util/cookie.js,/crm/wpa/release/3.3.7/util/events.js,/crm/wpa/release/3.3.7/util/onLoad.js,/crm/wpa/release/3.3.7/util/offset.js,/crm/wpa/release/3.3.7/util/Panel.js,/crm/wpa/release/3.3.7/util/onIframeLoaded.js,/crm/wpa/release/3.3.7/util/GUID.js,/crm/wpa/release/3.3.7/wpa/getQQVersion.js,/crm/wpa/release/3.3.7/wpa/ViewHelper.js,/crm/wpa/release/3.3.7/wpa/views.js?v=3.3.7.20160126 | |
| hxxp://p21.tcdn.qq.com/c/=/crm/wpa/release/3.3.7/util/localStorage.js,/crm/wpa/release/3.3.7/wpa/SelectPanel.js,/crm/wpa/release/3.3.7/util/css.js,/crm/wpa/release/3.3.7/util/contains.js?v=3.3.7.20160126 | |
| hxxp://xf.faxuan.net/baseui/images/login/switch.png | 27.221.53.18 |
| hxxp://prom.b.qq.com/se/r.gif?na=4006570518&ref=&1489883516357 | 183.232.88.153 |
| hxxp://xf.faxuan.net/baseui/images/login/bg_user.png | 27.221.53.18 |
| hxxp://report.b.qq.com/crmReport/accesslog?FUID=&FKFUin=&FNa=4006570518&FRurl=&1489883516356 | 183.232.119.175 |
| hxxp://wpl.b.qq.com/cgi/conv.php?num=4006570518&cb=JSONP_CALLBACK_1_77 | 120.198.199.200 |
| hxxp://wpl.b.qq.com/cgi/ta.php?na=4006570518&dm=faxuan.net&cb=JSONP_CALLBACK_2_28 | 120.198.199.200 |
| hxxp://isdspeed.qq.com/cgi-bin/r.cgi?flag1=7818&flag2=21&flag3=1&3=2067&&1489883516356 | 125.39.133.14 |
| hxxp://xf.faxuan.net/baseui/images/login/bg_pwd.png | 27.221.53.18 |
| hxxp://prom.b.qq.com/wpadisplay/r.gif?version=3.3.7.20160126&wty=3&type=&nameAccount=4006570518&kfuin=&ws=xf.faxuan.net&aty=0&a=0&title=&wording=&wording2=&tencentSig=5898714112&1489883517376 | 183.232.88.153 |
| hxxp://xf.faxuan.net/baseui/images/login/icon_phone.png | 27.221.53.18 |
| hxxp://p21.tcdn.qq.com/da/i.js | |
| hxxp://xf.faxuan.net/baseui/images/login/icon_qq.png | 27.221.53.18 |
| hxxp://da.qidian.qq.com/ping/pv?v=0.6.6&tid=4006570518&aid=&pid=i9b1v3.3fir2g.j0fy6ges&qid=sjoq3o.t0e4l5.j0fy6ges&src=12&cid=1940917248&sid=1.1.sdyr8n.j0fy6get&r=&pt=国家工作人员å¦æ³•ç”¨æ³•åŠè€ƒè¯•å¹³å°_登录&sw=1276&sh=846&dpr=1&saw=1276&sah=802&scd=32&so=&bw=390&bh=310&tz=-2&hasf=23.0.0&hasadb=1&hasc=1&hastc=0&hasls=1&hasss=1&hasid=0&t=j0fy6gfy&z=bsg424 | 121.51.132.119 |
| hxxp://da.qidian.qq.com/jsonp/mta?v=0.6.6&tid=4006570518&aid=&pid=i9b1v3.3fir2g.j0fy6ges&qid=sjoq3o.t0e4l5.j0fy6ges&src=12&cid=1940917248&sid=1.1.sdyr8n.j0fy6get&t=j0fy6gev&callback=S3JSONPPREFIXyi7ym0 | 121.51.132.119 |
| hxxp://xf.faxuan.net/service/gc.html?timestamp=1489883514000 | 27.221.53.18 |
| hxxp://p21.tcdn.qq.com/da/id.html?q=sjoq3o.t0e4l5.j0fy6ges&p=i9b1v3.3fir2g.j0fy6ges&t=4006570518&a=&c=1940917248&s=1.1.sdyr8n.j0fy6get&src=12&pgv_pvi=&v=0.6.6&ts=http://da.qidian.qq.com/ping/id | |
| hxxp://da.qidian.qq.com/ping/id?v=0.6.6&tid=4006570518&aid=&sid=1.1.sdyr8n.j0fy6get&qid=sjoq3o.t0e4l5.j0fy6ges&pid=i9b1v3.3fir2g.j0fy6ges&qqm=3&t=j0fy6ia5&cid=1940917248&src=12&z=ngke5u | 121.51.132.119 |
| hxxp://bqq.gtimg.com/da/i.js | 203.205.158.37 |
| hxxp://combo.b.qq.com/da/id.html?q=sjoq3o.t0e4l5.j0fy6ges&p=i9b1v3.3fir2g.j0fy6ges&t=4006570518&a=&c=1940917248&s=1.1.sdyr8n.j0fy6get&src=12&pgv_pvi=&v=0.6.6&ts=http://da.qidian.qq.com/ping/id | 203.205.158.38 |
| hxxp://combo.b.qq.com/c/=/crm/wpa/release/3.3.7/wpa/ta.js,/crm/wpa/release/3.3.7/wpa/kfuin.js,/crm/wpa/release/3.3.7/wpa/sid.js,/crm/wpa/release/3.3.7/util/titleFlash.js,/crm/wpa/release/3.3.7/util/className.js,/crm/wpa/release/3.3.7/util/Style.js,/crm/wpa/release/3.3.7/util/taskMgr.js?v=3.3.7.20160126 | 203.205.158.38 |
| hxxp://combo.b.qq.com/c/=/crm/wpa/release/3.3.7/wpa/APIs/addCustom.js,/crm/wpa/release/3.3.7/lang/extend.js,/crm/wpa/release/3.3.7/util/domain.js,/crm/wpa/release/3.3.7/wpa/WPA.js,/crm/wpa/release/3.3.7/wpa/wpaMgr.js,/crm/wpa/release/3.3.7/lang/browser.js,/crm/wpa/release/3.3.7/util/proxy.js,/crm/wpa/release/3.3.7/util/pad.js,/crm/wpa/release/3.3.7/util/Bits.js,/crm/wpa/release/3.3.7/util/getJSONP.js,/crm/wpa/release/3.3.7/util/cookie.js,/crm/wpa/release/3.3.7/util/events.js,/crm/wpa/release/3.3.7/util/onLoad.js,/crm/wpa/release/3.3.7/util/offset.js,/crm/wpa/release/3.3.7/util/Panel.js,/crm/wpa/release/3.3.7/util/onIframeLoaded.js,/crm/wpa/release/3.3.7/util/GUID.js,/crm/wpa/release/3.3.7/wpa/getQQVersion.js,/crm/wpa/release/3.3.7/wpa/ViewHelper.js,/crm/wpa/release/3.3.7/wpa/views.js?v=3.3.7.20160126 | 203.205.158.38 |
| hxxp://combo.b.qq.com/c/=/crm/wpa/release/3.3.7/util/localStorage.js,/crm/wpa/release/3.3.7/wpa/SelectPanel.js,/crm/wpa/release/3.3.7/util/css.js,/crm/wpa/release/3.3.7/util/contains.js?v=3.3.7.20160126 | 203.205.158.38 |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
GET /da/i.js HTTP/1.1
Accept: */*
Referer: hXXp://xf.faxuan.net/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: bqq.gtimg.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: X2S_Platform
Connection: keep-alive
Date: Sun, 19 Mar 2017 00:31:57 GMT
Cache-Control: max-age=600
Expires: Sun, 19 Mar 2017 00:41:57 GMT
Last-Modified: Tue, 17 Jan 2017 07:54:50 GMT
Content-Type: application/x-javascript
Content-Length: 13195
Content-Encoding: gzip
X-NWS-LOG-UUID: b02c8cbd-b014-4a17-9697-ca12e767fa91
Keep-Alive: timeout=60
X-Cache-Lookup: Hit From Disktank Gz
...........}.W...._..\G..cC.I,..IH.L..$...p..`%Fr.6.`...UU/j.6....w.Y@.n.R]{W5.g.4.I....~\..`........4....0_K.s.{~..,O...)4b.....Y.r.F.Hg..z.;{y.^...$....w.N6.....]l....aN...0...9y}.X..[-W....g.a....x ..Y8........d..<......U..s.'.....;.Y|....,..'.......\.wvw6.~.n{.c4...M....Wz,-.x8...I..4H5..l>_..!...^R.(.jq.f...5....,.(.....:O....?.b..^......j..j.[.A.c..r.....u...#.;.E..A.~..7%...8....N..DYz..)...Y......q........i..|...,./.4...4.Y._..eYa...^....H.v&Y.N.........9..._.G.y....X..."0{.e...w.B..]..{~..}.:...y.......m'p;....b....x.7.....8.P.=Y2Y/.O..s.5.....|>).B..[..3.........N.:..s...).B?.g........N...J..y..N..:....v.....b....n2.:.$.....u.dIJ.F.S....&V..5.. @.6o;.4..`.W$..........&9/. ..{e...1.AA,.W^..m..n..b.....X..........=...y4....B.n............16.......M.0`x|.1j.w.6."J.....7p.7............q.gwt........P~.../(......7.L.[.#.$..Nq.5....G8.....3]....#.(6.Ss..w..;......9.....d.".. ...r<..]V.zk.p...v...n...l..:.;.....[.IPG..l&..~wY......=.O..Q...E....C...@..S....P.........}W.......m'.fi.n...r.......seq.{~..,;.<.^...Y(..{...z.].>A."8n..>..1.L..XA?g...q.,...<....x..4..f).......4.u......5..f.a.z.y&./. ......9.;.:..#.a.D........9..l..h..0]..n?Z.v......G>..(qY.b..Ec<..).3V.CU=. .]......cX>`'......|.p._...'..OQNb....f..k.E..x.s..._j...6M.M.q....|.N.[v*...3`_g......\.BUx^.>..V.}....UN..B...&.k...er....E.Q.9..7WI.t..7...X.S.M....R9....Z.d.i... |.5 "......q...M.A.u&az>....OgV...z.:"{.]..i....?..&..%.Qr........<r.......%...)K..U...Z-...Y.0oPr<B..W.....\\.....0...~x..a...{....9.E..
<<< skipped >>>
GET /wpadisplay/r.gif?version=3.3.7.20160126&wty=3&type=&nameAccount=4006570518&kfuin=&ws=xf.faxuan.net&aty=0&a=0&title=&wording=&wording2=&tencentSig=5898714112&1489883517376 HTTP/1.1
Accept: */*
Referer: hXXp://xf.faxuan.net/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: prom.b.qq.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 19 Mar 2017 00:31:57 GMT
Content-Type: image/gif
Content-Length: 0
Last-Modified: Mon, 25 Jul 2016 09:54:54 GMT
Connection: close
ETag: "5795e1ee-0"
Accept-Ranges: bytes
GET /cgi/ta.php?na=4006570518&dm=faxuan.net&cb=JSONP_CALLBACK_2_28 HTTP/1.1
Accept: */*
Referer: hXXp://xf.faxuan.net/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: wpl.b.qq.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 19 Mar 2017 00:31:57 GMT
Content-Type: text/javascript
Content-Length: 53
Connection: close
X-Powered-By: PHP/5.3.13
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
JSONP_CALLBACK_2_28({"r":0,"data":{"sid":"2385419"}})..
GET /c/=/crm/wpa/release/3.3.7/wpa/ta.js,/crm/wpa/release/3.3.7/wpa/kfuin.js,/crm/wpa/release/3.3.7/wpa/sid.js,/crm/wpa/release/3.3.7/util/titleFlash.js,/crm/wpa/release/3.3.7/util/className.js,/crm/wpa/release/3.3.7/util/Style.js,/crm/wpa/release/3.3.7/util/taskMgr.js?v=3.3.7.20160126 HTTP/1.1
Accept: */*
Referer: hXXp://xf.faxuan.net/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: combo.b.qq.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: X2S_Platform
Connection: keep-alive
Date: Sun, 19 Mar 2017 00:31:54 GMT
Cache-Control: max-age=300
Expires: Sun, 19 Mar 2017 00:36:54 GMT
Last-Modified: Fri, 22 Jul 2016 19:07:42 GMT
Content-Type: application/x-javascript
Content-Length: 1695
Content-Encoding: gzip
X-NWS-LOG-UUID: fdd522da-a684-47ce-9e8a-845c391e5952
Keep-Alive: timeout=60
Access-Control-Allow-Origin: *
X-Cache-Lookup: Hit From Disktank Gz
...........X[S.6.. ..2.Dk...!^u......$L.Xl%qql.$s....G..v..v.3.,.\........./.]..1.'...CA.I.F.L.`.. .I!.^....&..YFy~.0..e..$.<....g..........R...mI....o.1......i................!A..~T.'(T..sb.z.m!..`.c...&.....k.iNc..1M......EFgl/..2.8.g4.pD...Fw&.D.y2.0.L$cO..Lb.^...a[Z..U .i.0..B..d.....Y...p.S......sYzV.#......>.(4u..6a._.....s&K.U&^bpR......K.b..\09Lf,/.G....L.@.2......~...-...&,.L....hz7.....?..g./..>.p.h.J...G.?].....}(...1w.lGyv....t.P..F;....Dj.T?..a.h..R o.4......w............r..V...{....n!(.........o...r.... .!..Si..v.....&......2....%n.$^f..Y.../,...9.......k.. 8.@..8.....1nl.n.......j....<.9.......N....gA...At.....A.l....J`..i8_.C.7...}J...|.T..N.K....O.G.N..........;vBi..~....8..<.n.X;UK.. Qb...=...k.C.o.C.Dd .[!...e..l".~.m..].o)b.un.:..Y..LL.y...=.....C.j.K....x.o....Z..$h..>..!.0.......}.h..T.-..1..*...Z/..v...6.......k...%%9MD0.B;n.........z.......Z.[[z...`..M....}.zk.....H&...U_.t*..,.g?...s..W.......F...0B.R.......'...z...\...H...vH/.l ....R7.nw.S.....s.-..bag.\0${.z3....~...P..=."..d.)S..J...z...2....Y.......#H............2&....J..T...K$.......qQ..6D..4..U00.h........0....l.C..n.=.'\...$...Q.M=.......n.Ia@.0..K.. ....V.}.@\]..No..6...=t..`..>......N`1!....k)Z.,..5....<....Z.{w..k.d=.........qo.ytyuF......b.j..=..`..../..y._3O../F.c.......A3I.?3G...Mf....GP...P/.\....w...{.zZ_wt.%.</|..._..S...u..v.6..gxB.z...lF...[....SO6..&c.....s..b..3U...k=(...U..V......i....5.X..Hd/.XH.%..T.....zE. ...k.....D..e....-..N.y_.......e.%...9!..."..L..."..J.b%...H.h.*.]?.?..U*v....
<<< skipped >>>
GET /c/=/crm/wpa/release/3.3.7/util/localStorage.js,/crm/wpa/release/3.3.7/wpa/SelectPanel.js,/crm/wpa/release/3.3.7/util/css.js,/crm/wpa/release/3.3.7/util/contains.js?v=3.3.7.20160126 HTTP/1.1
Accept: */*
Referer: hXXp://xf.faxuan.net/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: combo.b.qq.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: X2S_Platform
Connection: keep-alive
Date: Sun, 19 Mar 2017 00:31:55 GMT
Cache-Control: max-age=300
Expires: Sun, 19 Mar 2017 00:36:55 GMT
Last-Modified: Fri, 22 Jul 2016 19:07:15 GMT
Content-Type: application/x-javascript
Content-Length: 3583
Content-Encoding: gzip
X-NWS-LOG-UUID: 504e67e3-a4d4-46f6-9e81-f502c822746f
Keep-Alive: timeout=60
Access-Control-Allow-Origin: *
X-Cache-Lookup: Hit From Disktank Gz
.............r...W`.e...HI....G..XSY..M.r..H...@...%..g...!.L..>..}.K..I;..~.S....s...")Ki&....={n{n{..m.......r..hD,s...... l.1...t$.....8a...).C....NJ..b...2bO..f..<_..".i;H....lO....t.~r.....O|s...0.B........^...I..X7...w4$Q.t..0...4%,.#rn<'..Eb......-.;..... f.S.x..Z.zwa.vN.Xs...0{.H:b..z .2u.E.....`...tN.1....QJ8...P.IHS..@$. NH.~:.s...84%C....a.v......bfy.......=.u.....L.H.............@..........tJBN.I...Ri...T.U,N=5;.Q7>.......[S..lm pA-.<P...W.nK..//.Q.N.>IwAbm.......cA`.S./.t..p.....<..pP.c....d...0>#..Q..$.....I.r${.7......bR...6..[....}j{.W..<.....Nz.D$.....f.9'..Y.H.!..N.p......A.r9.{=..B.....b,...HI.]V>...B.).I&/_.@.,..kr..R.|A.aAm,_Q.....`. .~..S. .R. .&......I..a...W.V.o....%.....x....$`X.hWU.$A1.. ....4.e.QT...Z.iz..a.!..>\mA.b......b..vA./eYPt..e...w......s0.9.....@P.>..w.h...G.`O.zF..(.!j.\*G.Os...z.t. .R....@.y..k.eR0...h4.B!ymF........-..[.;m$.o*|..7....6|.P...jX.A.zH..|{......Sqw,...LL. %..............n.6..t....{.....1........]...w.......o.....a4Ik.....y.p5....U.....M.m..KU..H..l..p~..........Wo>....}....y..........?.|.......j....I...o...;O...5....p.2y.D.Y..-`pt.<..H|..{[...GGo.......2j.}d^.........r~.........w.|..... ......A.y.L.O.0.Z.<i..t.m5H....J..W.._.^c...Fsk....go..... ......1.,S.-M8$j-.<.....].......7..on...#.B.....\x.... ..}...!..F..g$A.K.>..1.BQ.&...C.5..n..X.....Q.u;1....z..&pY..#^.........tb..Q1....L.....1..5...U.i.....'...g.q.F!..j.......i<T..o9V...ap.....C.i..........l..8"8.Z..p.....'#.H ....x.8L$A...qT...yp.....`..A......!
<<< skipped >>>
GET /cgi-bin/r.cgi?flag1=7818&flag2=21&flag3=1&3=2067&&1489883516356 HTTP/1.1
Accept: */*
Referer: hXXp://xf.faxuan.net/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: isdspeed.qq.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Sun, 19 Mar 2017 00:31:57 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Server: Apache
Cache-Control: max-age=0
Expires: Sun, 19 Mar 2017 00:31:57 GMT
1.....0..
GET /jsonp/mta?v=0.6.6&tid=4006570518&aid=&pid=i9b1v3.3fir2g.j0fy6ges&qid=sjoq3o.t0e4l5.j0fy6ges&src=12&cid=1940917248&sid=1.1.sdyr8n.j0fy6get&t=j0fy6gev&callback=S3JSONPPREFIXyi7ym0 HTTP/1.1
Accept: */*
Referer: hXXp://xf.faxuan.net/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: da.qidian.qq.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 19 Mar 2017 00:31:59 GMT
Content-Type: application/javascript; charset=utf-8
Content-Length: 22
Connection: close
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
P3P: IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT
S3JSONPPREFIXyi7ym0();..
GET /ping/id?v=0.6.6&tid=4006570518&aid=&sid=1.1.sdyr8n.j0fy6get&qid=sjoq3o.t0e4l5.j0fy6ges&pid=i9b1v3.3fir2g.j0fy6ges&qqm=3&t=j0fy6ia5&cid=1940917248&src=12&z=ngke5u HTTP/1.1
Accept: */*
Referer: hXXp://combo.b.qq.com/da/id.html?q=sjoq3o.t0e4l5.j0fy6ges&p=i9b1v3.3fir2g.j0fy6ges&t=4006570518&a=&c=1940917248&s=1.1.sdyr8n.j0fy6get&src=12&pgv_pvi=&v=0.6.6&ts=http://da.qidian.qq.com/ping/id
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: da.qidian.qq.com
Connection: Keep-Alive
Cookie: __qidianid=87af85c63adaa7058ecd29406314a27e0b85c26a
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 19 Mar 2017 00:32:01 GMT
Content-Type: image/gif
Content-Length: 35
Connection: close
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
P3P: IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT
GIF87a.............,...........D..;..
GET / HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: xf.faxuan.net
Connection: Keep-Alive
HTTP/1.1 302 Moved Temporarily
Server: openresty/1.7.10.1
Date: Sun, 19 Mar 2017 00:31:34 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
Set-Cookie: rid=32a0cb241a97f8ecaba3339c887081d6;expires=31 GMT;path=/;domain=faxuan.net
Location: hXXp://xf.faxuan.net/
Access-Control-Allow-Origin: *
a7..<html>..<head><title>302 Found</title></head>..<body bgcolor="white">..<center><h1>302 Found</h1></center>..<hr><center>openresty/1.7.10.1</center>..</body>..</html>..0......
GET / HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: xf.faxuan.net
Connection: Keep-Alive
Cookie: rid=32a0cb241a97f8ecaba3339c887081d6
HTTP/1.1 200 OK
Server: openresty/1.7.10.1
Date: Sun, 19 Mar 2017 00:31:34 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
Content-Encoding: gzip
13e6.............;ks.G..M....."9H.....-..C*d.....[...I#i.hf23....!!......b.H...`.......R.1........=..=l... .t.>.>}......../......z....]$o.d....Ov............? ..h._?!.H......LIU...w}...o.Z.....#.........C. ...f....d....yS7.8T..#..O....Mg......h......Ei ....)*fx..&r$....)..<.."......,..p.G..h..>.#...4..R....]I1..)..d.b....5....UZ..-.Z./[.f........u.te....E..C......%k.b7..n....%.../Z'o...o....=}.Z.6d..]Zz.....z....).k..DD...J$m..U.,).D..$g...h.E.....s......b6..)....? *.U....6.....p.#8..c.@.*^.B .d).B.&...34.1......f.Y'.... ..(..p.~p.../.....X.NY....ml...%.$..n..Mv~".I.....y6..f.\.f...e?:[.=f].S..../..)-L.............3T....o.O%......J... .$~.=:r........D..MJ..k.....c.q....]4.............%......G.....'8^3.....).zw...B..P4..guUf.....i.PP.>#........h./.j.#.... .......E..}w.&..aK[..*...[..yB...h....S...V..._O.........W~.......<g..)...V//.k...|yrm.re.fia.V..=_.....L...G..s..6v...Z................LX....~e}.C......`.M.E.. .>...8...ua.VH...m.[...U!..A%.E%..8.L.Q.B.#...h...$....sf...H. .O&..,..... ."..%..A.,%.]R7L...n.(qf........C.F.my;"....#.>.P.N...x...t..P..J....L...(.n4-....9.....'...".Pg...US/...e..R...G5..h2I.....t.....l...f[o........Y.p.......a.._|\Z..} K.kW.v....0H.e.4..|...I"..]..Mc..~!..P.........C8u.E.n`./ ."`eTAed ......5..*...."...):......T[....@T.a...*.....@......0..B.Qc#X.'...T.t5..4.<so^.3A...(.......Kb.......X..b...j.>s..[6x0P..jb.C.~3.j.t.5..._YJ.!.:.B.F9.C....~.f....W.}..-d....w..=.h.=........fN.?L..S...0..............*}ES._i..a....F.MX7.; ........T.....\5u..(4..^.^.....a.
<<< skipped >>>
GET /baseui/vendor/easyui14/themes/easyui.css HTTP/1.1
Accept: */*
Referer: hXXp://xf.faxuan.net/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: xf.faxuan.net
Connection: Keep-Alive
Cookie: rid=32a0cb241a97f8ecaba3339c887081d6
HTTP/1.1 200 OK
Server: openresty/1.7.10.1
Date: Sun, 19 Mar 2017 00:31:35 GMT
Content-Type: text/css
Last-Modified: Thu, 22 Sep 2016 02:16:41 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
Vary: Accept-Encoding
ETag: W/"57e33f09-9f0d"
Access-Control-Allow-Origin: *
Content-Encoding: gzip
1bc6.............=]o.H..E..0.....{&Q0/;...aq..>.[@K.ED.u..'c..o.G7...I..&/7A&..U]]]....C..w.........m.^...]...W..v......]u.m..............sN...j.....C}........s.v........../....Yw....s.=u_v........<T.u..]^.....tM._..].5....k.].xS.>.....zy....ssW......U............X...3...-..i\...@.....#q....8..=D...j..:.Qe .....'5zh...Y....9.....@..#....=&.V7...].6P..^.........m..n.._.g ?..#.......4 .....-.e...z\7.....l..f_.ov...D..9T....<.....uA^..a[.....u..$.3.s.....fU.X..0...-..1"..q_,..^...v...?...r....U.....C....H...`...\......n!.......rC..l...I.8C..,_$.Pb.LE.g......j%Q..S.3_..SQ....hw:?.o..9..P_.v....k...>?..R.q..S.._0F.g..]ux&.^]...?./....4.........~..i/z...-.....P.e.30'.q~..T.._...........g.3....K.^.&?..}.d..T........%.3.......6.....?a..q...M{.;.{.L...t...SW..?.....;wyV....v~...../...`.....f.....?.....v..O.....Ls.0t..%~} St........].W~.=.|...Z..<...Y.i.H......:a.......;..>0..!.."......6S....F..YI-?T.c....2.=.a.2.......\(.....Ofg..a...{.=....zW..Z.*.R_.....9Sz!....C._...P.Py...........q..A.{.../2. ....5?.!..l4bvG.YG..`..Q. ...).)...X...Z......../NPo.C.......r#.........T..D.0.X..."H.M..\-DGW.I.......;?m...C.............~....H._.V....~........$".m..Mv......94.....P~.<.{...........3.._<5..Kp.....[.JM...........k...p...P.h....`MY..:....:m....'.F.7T. ._..M.ko.,..g..2Iz.....K; ..D.A....T!'z.(...T.v.....h.g.Y....Fk..A$..,tJv.;......-:QQ(CT...<......F*.....>$.._.....0.S.8}...k9....)Z...$..y..C.R.......Xc.T.L...w.O8..W5.6....v....6..@:Ob.wBsKM`b..S^Q.@.[L...x.'.H..d...m....T..V.[...n.E.,Y.=...A..=
<<< skipped >>>
GET /baseui/vendor/jquery/jquery.cookie.js HTTP/1.1
Accept: */*
Referer: hXXp://xf.faxuan.net/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: xf.faxuan.net
Connection: Keep-Alive
Cookie: rid=32a0cb241a97f8ecaba3339c887081d6
HTTP/1.1 200 OK
Server: openresty/1.7.10.1
Date: Sun, 19 Mar 2017 00:31:38 GMT
Content-Type: application/javascript
Last-Modified: Thu, 22 Sep 2016 02:16:41 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
Vary: Accept-Encoding
ETag: W/"57e33f09-5e1"
Access-Control-Allow-Origin: *
Content-Encoding: gzip
333............}TM..6...Whyp...Z.......E..h.&....-.$..).......R.l'...<.yo4.......A._...< ...|..\.`?.Ot......GQ.l.nh..(....VQ......:..?...E^.....w.{.... .../O...P.7...LA....../A%...'.......JbNN".......2!.1..8.L.'.uJN...h...CN:...$..Fik|..)!...8..k..<2....0!.u......\..E.i...?H. '...2.P...1.....~~...FI.....%..%....7..ohi.\|..._j..2...!._...n....Y.*.._?f.-zK.,....j...,|......;E......o}..s".#..G..Y....Q..._:...pm..,.....%9u........e...y.@c.......A..o.|.y..et.'..n.6.....y[.2..@...}6..}..!.....Z.)>u..:.....%....;L....J...4.........$..?..L..../..<m....wO..G..C.../t.e.....Ca.J./9.(.......M....|...#...........!..........s..HZ..0X....TBb./....v....}L....N.~.d.............8S.{.b.a..=...:V..0_..R.G&C..U.r,.)Df1.\[&.Ez.[.n2..u9....m..x..o;..sA..nB.......r...y7.....`...i.V{.>.W..*v.GE:.....r....]Q.....Ex:.u.0..W..&q....k.........0......
GET /baseui/js/index/orhonmclib.min.js HTTP/1.1
Accept: */*
Referer: hXXp://xf.faxuan.net/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: xf.faxuan.net
Connection: Keep-Alive
Cookie: rid=32a0cb241a97f8ecaba3339c887081d6
HTTP/1.1 200 OK
Server: openresty/1.7.10.1
Date: Sun, 19 Mar 2017 00:31:38 GMT
Content-Type: application/javascript
Last-Modified: Thu, 22 Sep 2016 02:16:41 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
Vary: Accept-Encoding
ETag: W/"57e33f09-3d44"
Access-Control-Allow-Origin: *
Content-Encoding: gzip
146a.............[.s.... ....G.......%S..[rd)Jj..@P$H...A.l'.xy......:..K.d..u9.~...v...;....i&.W..........@.|0aU.....T...K..].kv=s..k<.\n..sMY.^.I..k.t....5f...R&............F..6..Z..959:.4G.*......`.?;E....dZC....N.7.....Z......3...c......-s.~.f.g...3.g.........T.Lp.uv..]u......tkh..-Sr.....c..6.......]..-.VJ...>...Z:c#K..J.Z...S.`..T0.O...>......z,.E.......X.{3#=.`.hM....Rv.U...\...t......|7..n!..1...!.e...#C.9.}.....0l.sF..Q....Q.1...X. sMQ.Q_...o.{.H.I...."M.....R.3..%....|>........nS..l(46..$...l. .M..7.0..7.....d.j../.T'.:.3Z.(s.{G.1..8.w.N...{.${..=..=..}V .a.:K.....p..q..D.....Roo......\..e.....MBu ...........?...C.|..s.|....................%.? `.......#..o2..U..R."..J....#....o..Z..2pM.O.XS.O.....3.G..b.?....?).........Y......WW..V.....R..a...h.z..3...K...T.-...-....D..$.f$.0#...I..H"..|..zz.h.Xrc.....eG.k......k.....\........B[..f.......1..6.UM....n#.@...."..F.s..p....4....5d..U.@..@..;....Z[.j.73\...B....f..0.......p!.....hA...g...a..U.=.B/Xa....y.G...j.OY.8..(...`.{....e=k.x..RlD...x..9...u.Q@..m.#y^t.YK..#.&F.5G..#..G.V.Z.......C1.%...i.K.Il..bS..).a......NS.^X.l...Q........./....b...q.......M...u@.<c..1...s....dVR.].O...p.Vw.....;]....Sw@..i..m.}.S..y..zY.. ....'......`.Sy@...8..x.@..O.-..a...q........V.q.2.U...............=$..s...{.y......v.2......!....g..Cp....>.t..).4.c...T...U...\..|.Un.9....~.Un....Fq?."... .^.\q?.*.1.V.<Z...v.dh...?]...e.u..gM.<....J...;.x...O[.....:........?7.&$.........x.|...:...)&..X.T.......P..QC...C.....;.).W[..y..=T.^o.........*7....... w.SCyC
<<< skipped >>>
GET /baseui/js/index/orhon-U2M.js HTTP/1.1
Accept: */*
Referer: hXXp://xf.faxuan.net/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: xf.faxuan.net
Connection: Keep-Alive
Cookie: rid=32a0cb241a97f8ecaba3339c887081d6
HTTP/1.1 200 OK
Server: openresty/1.7.10.1
Date: Sun, 19 Mar 2017 00:31:39 GMT
Content-Type: application/javascript
Last-Modified: Thu, 22 Sep 2016 02:16:41 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
Vary: Accept-Encoding
ETag: W/"57e33f09-361"
Access-Control-Allow-Origin: *
Content-Encoding: gzip
1c0............}Q.k.0..WR=...Q.=..e..>..!.:......S.L>'....$;..J.'.ww..;]$....,2.B.W(.8'..m.J...S0..N.i...V(u..Xr.V.CJ....Ec%jg.7.i7v-.,".SI[]...X..k.............h..D!...8K.....'S..........Q.?Qo/.B.W...F./. x.z.......Nmc..T.)r~..*m.......S.*&...s...(.O.ex.~K^.C.>b.,.d2P.X.77..@y..z..d6...]8.;..._.40......*Q.>3G.%/Y.}.=<x.P....\ ..mK>.W\..;1..%F..4.........6.. 0 ..O.$D.]........m..au.?k..<.....A...AxYm.....h....c.......K.....}.../'.....J.Z.X....G.a.....0......
GET /baseui/vendor/jsrender.js HTTP/1.1
x-requested-with: XMLHttpRequest
Accept-Language: en-us
Referer: hXXp://xf.faxuan.net/
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: xf.faxuan.net
Connection: Keep-Alive
Cookie: rid=32a0cb241a97f8ecaba3339c887081d6
HTTP/1.1 200 OK
Server: openresty/1.7.10.1
Date: Sun, 19 Mar 2017 00:31:42 GMT
Content-Type: application/javascript
Last-Modified: Thu, 22 Sep 2016 02:16:41 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
Vary: Accept-Encoding
ETag: W/"57e33f09-4506"
Access-Control-Allow-Origin: *
Content-Encoding: gzip
20fe.............\i{.H..>.....R.1N.MD...`.....O.d...A.......=UZ........%.z..9.Y...W...(...i.q.T..W.0V^.&.'.... .y.J....... ......m4.].........S$M........^...iX8......b<.Fq8........e_=.z.`<.kn.6..........f>.....l......QM......r..U.w...\..U7.5C..<.}ka.G.W...w..._.n/..:v..=...x.....0...~../u_..v...nq.)..6...7..$u..!.Z.....K..........k....fwl4.;. ....n....o....w.........1.N....)v...Ug..|yy.........O..O...?o..._..jg.;.}....sP=s.T..~...N.#d...r.@...Ut..m........cw0..Ts.*{u......_k.:q....vFs.o../.Z.c.W..4...V.N... 0..>.?..;.x.N......7....E ....|.n....~....:.....}.;OE....u.\..9........e....t...G.........{o<z.......9....._=..~.}....Y..g-..I.r.O|..|...ky........y}... ...o...R..].Z..2~...!...5.n.^l.g..W.Z.R.......34...8...Co.U.........u..[.7.p..C..*.X.w....w.Fa..F...*..9.......F..t...w....@a..Q.'.........a4O=....;uIlc.=.......5.B....c(....~.b...{.xt..lH..pt...{..D....W...^.F.E...SxBT<..*........3...D..(.F.U/M..I$8s_..(.U.qf..V.....c.X.....@#PA.....T.4.2V..VQ_..j......U0....D.....x..(,.v..-....@ ...a[..r.Kx...~..M....<....AT.......4.....V...0Z...S..uj.U...a..kR9..Cdc.......Z.|U5.S...V5...E..F...gS.s...0...JHTTP/1.1 200 OK..Server: openresty/1.7.10.1..Date: Sun, 19 Mar 2017 00:31:42 GMT..Content-Type: application/javascript..Last-Modified: Thu, 22 Sep 2016 02:16:41 GMT..Transfer-Encoding: chunked..Connection: keep-alive..Keep-Alive: timeout=60..Vary: Accept-Encoding..ETag: W/"57e33f09-4506"..Access-Control-Allow-Origin: *..Content-Encoding: gzip..20fe.............\i{.H..>.....R.1N.MD...`.....O.
<<< skipped >>>
GET /baseui/js/widget/comm_validatebox_rules.js?_=1489883499424 HTTP/1.1
x-requested-with: XMLHttpRequest
Accept-Language: en-us
Referer: hXXp://xf.faxuan.net/
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: xf.faxuan.net
Connection: Keep-Alive
Cookie: rid=32a0cb241a97f8ecaba3339c887081d6
HTTP/1.1 200 OK
Server: openresty/1.7.10.1
Date: Sun, 19 Mar 2017 00:31:49 GMT
Content-Type: application/javascript
Last-Modified: Thu, 22 Sep 2016 02:16:41 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
Vary: Accept-Encoding
ETag: W/"57e33f09-1136"
Access-Control-Allow-Origin: *
Content-Encoding: gzip
6a1.............WmS.F.. ..*.0.y3.A.......$.tj.T/.. d*.I.....$.h.{.@(...%@2.6.L./`....B.t~...n&.r..;.>.........H..z....$..,.H.]q.hL..F..GT.f..'....`P...D.'Cz.XD..%.Q........Q...w_..>U.@..M--......:?...Gc.=.\r. q-.|..X.O..KN.>..[.%gr...........A.Nn..A..Ab6.\.O<.O,.v...S#.......0.g&P8,.P.3.5oNOe7....3.W33..7n...2/....8cgQ..S.Me....'H..A.M..MF,Xu...:.......0...Wv..(.O.....}0....}....6......*..\M...L..[.R......sn.\XKm%R[...=K?x.F..&..p.n....Jb..H.#....;......(:$.!H ..0...W7b..?..us-......#.e..#...qd......!6...n.....)L....*O.... D/$D....0.U..]...A$.W......c)@p../S[...7..\...k2Oo..2...s..Y.....^.....DDB.......n...,.......}[#0..Z@U.......G..".".k.y..|*..O.DEEU.B"]. ...Q...6Kw...1.k./:..OqA7...'N..z..)....56...Xv.7......l. k....k.e.....M/n...f~.*a....."......T4..i'z...1..~..b<....Mg....\....Z.H. ......r.J...9f..g......Uer0$...c.q...uT.c.yxm#.|H.......:k&...M0..M.t-.yP...PU....P.... .R.\...r.k.....T)........Z=..b..Q".kp&. ....T...5w:..BAZ..p\..'s|....K.ML.::.......C.X.g..,..Z...Mq{.ZH.._.......g!.c..P..P...GP....?p....s...|...hH...T..VV.,?n....O..{zO.q#D.{}....K/-....}?..j>.......|1.Bg....NU4I.......Wu..z.._G.~..A..?..F..z..Iw;..l^....$'.....I.......W.#3..2*.....lA&.. ..!z...........>H.......)g.._.j.9i..I...w.b%.N.......e. .B.T.<67.P........&.[o.8.-..^t$R.E^C.....|Ku1...2...ig...t2mL............Q.Y.7h............P...:..Fk.)]..|c!.R@....Js3...SF.q.~ ...B[:....:c1<.sv;.B..vU*,\B....6<4.0...JC.... 2X.GD...:......q.y .<oi=.4.EP.......<.nQ.8.....R...Q...... .....u$.{....[&q..#.......q...''.
<<< skipped >>>
GET /baseui/images/login/bg_login.jpg HTTP/1.1
Accept: */*
Referer: hXXp://xf.faxuan.net/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: xf.faxuan.net
Connection: Keep-Alive
Cookie: rid=32a0cb241a97f8ecaba3339c887081d6
HTTP/1.1 200 OK
Server: openresty/1.7.10.1
Date: Sun, 19 Mar 2017 00:31:54 GMT
Content-Type: image/jpeg
Content-Length: 126290
Last-Modified: Thu, 22 Sep 2016 02:16:41 GMT
Connection: keep-alive
Keep-Alive: timeout=60
ETag: "57e33f09-1ed52"
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
......JFIF.....H.H.....C....................................................... ...C................ ...................................................G........................!1A..Qa."q..2BR....#3b..CS...$r....4D.Tc5Us.................................1..........................!Q..1Aa"Rq#B..2...br.............?....q.r......2.....X....pC....p..XC..........`;..........`;.v...,.,.p..X.....,..,...p....n...X......`.......,....; ,..v.`.....X.......`"...(...6...`..7..........,.Y.e..Y.....Ad.......X..XQa..V.X..V.`. ..l.V......0.....,(.`.......X...X..,.V.`......*.....X....X.....,)X..X..X.....,!...X..X..X..X..,..V.`..a.......X..X..V.`................X..X....7.n...`.@XR.....7...-.Q..q.`-...7.n.........p............`;.v.YC.... ...v.`;..A`..`..`..L..C...X.....Y.X..X..YPXQd..X....,..,..AaE.. ....e.......v.d.......a@C....,..7.U........`....`...E...V.`..`;........v.`....`;.X..6....YC...VP.(...,......`....a...............,..`......V....` ..V.....X.. ,.....e......P..... ...Y...*....,..@..........,.`.....X..X...X..,..,....,..V.`..`..X....V.`..d......YA`.@X..X..X..X..Y..m.`....a..........v..PX.pA`;..............=.U.X..X..X..X..X..,.`..`..........;........ j@U.;.......`;.....,.`;....,.........v.a..........,..,..........Y...P.L!XQ`;*.(...............X..YAd............. ............,.@.X...........` ........X...(......V....,...,..V.`....p..XC....X..VP.....,..,..V.` .X..Y...`.....X..Y.e..X...(,.`..d..X....n..(.........,)Y...p.....(....p..Y.`..`..`..,..Vm.a.....,.......YC...v..
<<< skipped >>>
GET /ping/pv?v=0.6.6&tid=4006570518&aid=&pid=i9b1v3.3fir2g.j0fy6ges&qid=sjoq3o.t0e4l5.j0fy6ges&src=12&cid=1940917248&sid=1.1.sdyr8n.j0fy6get&r=&pt=国家工作人员å¦æ³•ç”¨æ³•åŠè€ƒè¯•å¹³å°_登录&sw=1276&sh=846&dpr=1&saw=1276&sah=802&scd=32&so=&bw=390&bh=310&tz=-2&hasf=23.0.0&hasadb=1&hasc=1&hastc=0&hasls=1&hasss=1&hasid=0&t=j0fy6gfy&z=bsg424 HTTP/1.1
Accept: */*
Referer: hXXp://xf.faxuan.net/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: da.qidian.qq.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 19 Mar 2017 00:31:59 GMT
Content-Type: image/gif
Content-Length: 35
Connection: close
Cache-Control: no-cache,no-store,must-revalidate
Pragma: no-cache
P3P: IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT
Set-Cookie: __qidianid=87af85c63adaa7058ecd29406314a27e0b85c26a; expires=Mon, 19-Mar-2018 00:31:59 GMT; path=/; domain=.qidian.qq.com
GIF87a.............,...........D..;..
GET /cgi/conv.php?num=4006570518&cb=JSONP_CALLBACK_1_77 HTTP/1.1
Accept: */*
Referer: hXXp://xf.faxuan.net/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: wpl.b.qq.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 19 Mar 2017 00:31:57 GMT
Content-Type: text/javascript
Content-Length: 93
Connection: close
X-Powered-By: PHP/5.3.13
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
JSONP_CALLBACK_1_77({"r":0,"data":{"kfuin":938032293,"nameAccount":"4006570518","envId":11}})..
GET /baseui/vendor/easyui14/themes/icon.css HTTP/1.1
Accept: */*
Referer: hXXp://xf.faxuan.net/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: xf.faxuan.net
Connection: Keep-Alive
Cookie: rid=32a0cb241a97f8ecaba3339c887081d6
HTTP/1.1 200 OK
Server: openresty/1.7.10.1
Date: Sun, 19 Mar 2017 00:31:35 GMT
Content-Type: text/css
Last-Modified: Thu, 22 Sep 2016 02:16:41 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
Vary: Accept-Encoding
ETag: W/"57e33f09-8a6"
Access-Control-Allow-Origin: *
Content-Encoding: gzip
155..............Kr.0....d.v..o..Q...F...M.w..t).....7`.........^..(a..s..v/)}...n...8<.".zC..d....*.}. ....s.y<w...Ebt...'......-.....X..i.Tkp.J.A.ik.....3.......l..#y.i..........J...I.Z.AQ.kO.6.3...R...'jO.$."."%..r....mH.....F.N[.\lD.\....h..`E..F...kI6dq......{x..6...~......qVq....d.Gt.n.m.u...\a.....~c.. l. R:T..%t.Wqv..CW`...:qF..m.).......0......
GET /baseui/js/comm_cookies.js HTTP/1.1
Accept: */*
Referer: hXXp://xf.faxuan.net/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: xf.faxuan.net
Connection: Keep-Alive
Cookie: rid=32a0cb241a97f8ecaba3339c887081d6
HTTP/1.1 200 OK
Server: openresty/1.7.10.1
Date: Sun, 19 Mar 2017 00:31:36 GMT
Content-Type: application/javascript
Last-Modified: Thu, 22 Sep 2016 02:16:41 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
Vary: Accept-Encoding
ETag: W/"57e33f09-7d4"
Access-Control-Allow-Origin: *
Content-Encoding: gzip
256.............TM..0.. T...E(w.K{...#.v<6$,D|D.....`l.G..Co...7..c.o!.....k.L... .......<^....X...4..M......A.....":G.U\.y2.h.......p...14.:....>..... ^%.:.cU_.....P..g..0(2P.di...9...E.@....o.#.<..)C.{...%W.L.u#.6"_5b!.o....o.t..K......S.....Q.....,..."....../.../....iX|...P(.....".U.ev..A$M%.Q@Y....B..J.V. q>&-....g1@Di5.."..."j.Q.....4..u*....}.s..iD..G."r .?|.....J. .<......[.Q.;....u......\.P.....x..F.jgC........Q.7..].!..._...y.47..6.1~8.o,'Nd..&f/....D.C.#.]......q,..#.X&".....6/3:Oc....a.4]]..(l....3vI.L}....6..........,...C..;...[\..Q.-..I.-...8......i......5.n|/... ...7..T^.._F.........0..nt>....
GET /baseui/style/common/tooltipster_style.css HTTP/1.1
Accept: */*
Referer: hXXp://xf.faxuan.net/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: xf.faxuan.net
Connection: Keep-Alive
Cookie: rid=32a0cb241a97f8ecaba3339c887081d6
HTTP/1.1 200 OK
Server: openresty/1.7.10.1
Date: Sun, 19 Mar 2017 00:31:36 GMT
Content-Type: text/css
Last-Modified: Thu, 22 Sep 2016 02:16:41 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
Vary: Accept-Encoding
ETag: W/"57e33f09-1e6"
Access-Control-Allow-Origin: *
Content-Encoding: gzip
104..............Mn. .F.b..b.qZ........{T`,............b.x.f.yU".... 0.FN6...:?..8E.8..'...\D.....kq....4y...Z.Pd)...#../..oP.O..l...th/|.P..(}d...q.......(.=.....o.2....{....:.:B0.N|@....`.:.)..s.;.'C..Y0./....05.D...........Z..t].v.].s{ ....F6k#....v......U.?......0......
GET /baseui/style/common/popwin_style.css HTTP/1.1
Accept: */*
Referer: hXXp://xf.faxuan.net/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: xf.faxuan.net
Connection: Keep-Alive
Cookie: rid=32a0cb241a97f8ecaba3339c887081d6
HTTP/1.1 200 OK
Server: openresty/1.7.10.1
Date: Sun, 19 Mar 2017 00:31:37 GMT
Content-Type: text/css
Last-Modified: Thu, 22 Sep 2016 02:16:41 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
Vary: Accept-Encoding
ETag: W/"57e33f09-555"
Access-Control-Allow-Origin: *
Content-Encoding: gzip
209.............T... ...HV.V.#.8......7".......&.V......VT..13....5..U`..Z.#.}..'.F.9I...Z.....G..fgz......Q....K...KD..........IFUN.<j.J.....Gk.9...%...-.G.1Z......b4.....X....y..I..8../rK..z.......h..y..2.g......s.3....Q.....:.q.@.rv..c .!O.D..8g.%yw18k6.<..D9z1.a.....\.c..\.|..]../.E..........e..;.d..=...9.."Tg.,UU..-...:.m]..C.....1.-W}.<....r.vT31.j...r.v..:...hj ".t~...R,T.|qY...L.o......Q..*..i......y.u.n..V..5......3r.|....l..{..2.|.`.p....mlq....7#.@..x..D..|...N....L...[...o.....i.H].P..]....c...w.(&.._....U.....0......
GET /bps/common/comm_resources.js HTTP/1.1
Accept: */*
Referer: hXXp://xf.faxuan.net/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: xf.faxuan.net
Connection: Keep-Alive
Cookie: rid=32a0cb241a97f8ecaba3339c887081d6
HTTP/1.1 200 OK
Server: openresty/1.7.10.1
Date: Sun, 19 Mar 2017 00:31:37 GMT
Content-Type: application/javascript
Last-Modified: Wed, 08 Mar 2017 04:56:52 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
Vary: Accept-Encoding
ETag: W/"58bf8f14-906"
Access-Control-Allow-Origin: *
Content-Encoding: gzip
2de.............V.N.0.=._Q.......B-Y.J.U.,.....KbG..RA.}glGq.4."AR..y3.3.;R..........~./QUf...s..C.&....f..LT....q.q..C..>Ne.K.S.I.....".. .J.b...).!......:B?...T..0.... <g........(.....M.......j.#..._Q...#*.\U@..E."..`..nY.~.w..eY..i...4...u.....6.1..'...g.....M.4..@.*.{.}...F.m...;.q\~....}X.t8....-...v..L........EM.^..JP#|.u.YR.s"zCCOy...=...z.]K_.I.,.(N=....g...8m.\...f..|.HW.......b....)5%.N...$..*....b..y..9-.......$....&de........=.m7....?V.t....N3....s..T...l....,.SV...F......D1.....g:......5..}2.P.}E1...........6.`{U........_.r.9...!.$...;'.V.^a.."2.,.=.,...d.a.?..%.6.U{.^...&M.KrA.H.G.I"..B.l.-..K...-...{..6k.....%.........f4?. ..f..f...d.O.m8.T.w....hOF..mun...F.>...o..[..*2..Y..4w.....<...%j..^L...|TDD........H..M......0......
GET /bps/login/s/login_1_s.js HTTP/1.1
Accept: */*
Referer: hXXp://xf.faxuan.net/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: xf.faxuan.net
Connection: Keep-Alive
Cookie: rid=32a0cb241a97f8ecaba3339c887081d6
HTTP/1.1 200 OK
Server: openresty/1.7.10.1
Date: Sun, 19 Mar 2017 00:31:37 GMT
Content-Type: application/javascript
Last-Modified: Mon, 27 Feb 2017 02:03:59 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
Vary: Accept-Encoding
ETag: W/"58b3890f-2e6"
Access-Control-Allow-Origin: *
Content-Encoding: gzip
1c7............}R.n.0.......V.H. .9@%..QmU...&.dc.cG.. ........#.n...V./.&lwU..8.y.....m..[h{.~.%.Uge....K.\.^W...'.....aY..JV`......|.s.y.(........j).....O.....WR..FQ....BX;....)...Vb...x..R.L JR.0.......rMR.....m...L....t..._....#. *.:)1.s0.........k.S.u._....y..W)"pk....8*.....{O..FY('..m....Bkt.$....E.q.i.....].:...c5.....J.T.....yQ$~...v.Y..ZL.g.....Q.-..............7...|......._.n.?tx...Z.Z.8=.5.E......\i]...}.....{.......Fx...*........=M.....z.c......0......
GET /bps/login/v/login_1_v.js HTTP/1.1
Accept: */*
Referer: hXXp://xf.faxuan.net/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: xf.faxuan.net
Connection: Keep-Alive
Cookie: rid=32a0cb241a97f8ecaba3339c887081d6
HTTP/1.1 200 OK
Server: openresty/1.7.10.1
Date: Sun, 19 Mar 2017 00:31:40 GMT
Content-Type: application/javascript
Last-Modified: Mon, 27 Feb 2017 02:03:59 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
Vary: Accept-Encoding
ETag: W/"58b3890f-1f13"
Access-Control-Allow-Origin: *
Content-Encoding: gzip
a18..............i......YC"#.%..H.-....;6l.h.U.!9$.K..I......Z.i..E..(P.......G..@.L..|._.{3.S..@Z....7o.}...S#.<....=...v..P...M..R...j....6.%..1.......&...a.w. .C.t.....^.87....@..2'.C].R....R,.V &IJ...J..^...&p.HJ..8..h.QU...k...}}....(]Ew.1a.@q....FH3e..P...4<..4........P.p...L....\.K..M...Fa...cc*...WHF......5\......z....w.........jU94.j.4.#..=...ix-Jn...t.z..................gG..<.........../~=..../...?.4......|.k%[...5.....||..O..>.../_>.2..../.&.......G...........CE.X...r.._.|.........,...K..I.X......v..&G.M...,...BSw.].T.F*.....e.41.'c..a.UaI....."..C...H.S.."{.Z@.*.$.4O.zMY...M.R..._R....e.N......M7...X...._B0. .<4&1..hU.h.....].V....._-.K.,H6.6...!.H.f:F...*...:a..<.....LSA..6.M.q3.e$).T~.l..J....q@.I....*E...,.....r...We..{...1.`uF.0.`uv.....s#..].....c../..<.auq.....w.s.C.7..........1.S..bT#.A..,F....0n.&.%.C..dA.R.nv.E.* .....&Z@..2$oG,...d..T..S..a.(......!....\.Y..........6=.......\..>......\.$...p.l1...r.zW.c......i.7;........W.K?...C......X..^a.m?...-.9.......hJ.oliB...jG.Q..j..E...n......I....'.....w5G...Wx.........0"............CP...SS..\]7.b..._....w.....T:.pe..%..$....c....a....H.._.6...^4.......J.8'........Vx...~.$..7f...7.....f.j;X.Y..P.Z.&..].~.._..ca..6RL1.V.0...R.3...l..t....4....t.x.lA......x'..^.'-....Q.j...F:.....Z...P.7..V{.[......b...s...M}aS..?hX...V.k10O.d..o...)q.:..]..(.....4..x..A.4..a..TugIT\(.^\..G..8.Jx.....gDQ.n....EsEN.m..l...]..j.xU.NENEC.....Hy..a.@m.D.dL.....P.|....*I..a.....By.......*4&........zZ...[\=.m..h.e.z.d.$...g.o..b...z..$e...~6.Xi.
<<< skipped >>>
GET /baseui/style/orhonmatrixfont.css HTTP/1.1
Accept: */*
Referer: hXXp://xf.faxuan.net/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: xf.faxuan.net
Connection: Keep-Alive
Cookie: rid=32a0cb241a97f8ecaba3339c887081d6
HTTP/1.1 200 OK
Server: openresty/1.7.10.1
Date: Sun, 19 Mar 2017 00:31:41 GMT
Content-Type: text/css
Last-Modified: Thu, 22 Sep 2016 02:16:41 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
Vary: Accept-Encoding
ETag: W/"57e33f09-554"
Access-Control-Allow-Origin: *
Content-Encoding: gzip
da..............A..0.....vQhz.CB.<.A....t....I..S...i...{......3.....{....WQqv.p.YJ...y.......j....\....}z;.E...@}.........p..R..d:....M...!.d........zK/..!c.;..r.Ulf..m.......H...S)1Tjw.F.H..Ui.Ou....<V.C.V5bG....i.b.T.....0..HTTP/1.1 200 OK..Server: openresty/1.7.10.1..Date: Sun, 19 Mar 2017 00:31:41 GMT..Content-Type: text/css..Last-Modified: Thu, 22 Sep 2016 02:16:41 GMT..Transfer-Encoding: chunked..Connection: keep-alive..Keep-Alive: timeout=60..Vary: Accept-Encoding..ETag: W/"57e33f09-554"..Access-Control-Allow-Origin: *..Content-Encoding: gzip..da..............A..0.....vQhz.CB.<.A....t....I..S...i...{......3.....{....WQqv.p.YJ...y.......j....\....}z;.E...@}.........p..R..d:....M...!.d........zK/..!c.;..r.Ulf..m.......H...S)1Tjw.F.H..Ui.Ou....<V.C.V5bG....i.b.T.....0......
GET /baseui/vendor/easyui14/lib/form-validate.js HTTP/1.1
x-requested-with: XMLHttpRequest
Accept-Language: en-us
Referer: hXXp://xf.faxuan.net/
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: xf.faxuan.net
Connection: Keep-Alive
Cookie: rid=32a0cb241a97f8ecaba3339c887081d6
HTTP/1.1 200 OK
Server: openresty/1.7.10.1
Date: Sun, 19 Mar 2017 00:31:46 GMT
Content-Type: application/javascript
Last-Modified: Thu, 22 Sep 2016 02:16:41 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
Vary: Accept-Encoding
ETag: W/"57e33f09-11921"
Access-Control-Allow-Origin: *
Content-Encoding: gzip
4f10.............}y..F..W.0...A....&.q})q.;...;.I..........Lq?...O.)K.d...f~..>........6.d..s?...w-... .{......6.b......zy..Z.t>Z...zyM..h.J..:..W~p.>o-.xx..:^..q..m..<_..4....(.......t.2^.~P.....|......;.v.K.u2..`....n.p.|..Qk3........*....sj.....7(..^...ik..M}.....z....[.....[...r.C.k..p....:..{.a.0ZE........*%D&..b.B..(]...h"..~ *...j.$.j.......H..#..Y..h.cr..E....:.a..b9..V....^...S.[.W77..So.....,Z..ty.S..g ..A. *Z....`..[I<...E.Ct.yi.....eP#..k...c..pE..q.. ..#y.S.Z>.`L.^m._....!g....b.../...>...z.{.e........s.....?...d......*Y..u7.a......v..4.O.F.t...U....U1..S/\..n.(...i...;.A...E<...$@'..^..,...D*...BJf...d&0...X..J..u.D... ............|^[0.g...(./6...z.....a:..|.x.x..?........z~..y4o...?.v0.{.q".hd...]at....}....2./..G......5c"....6&w...1wf...............r$...uK......L...y..[.4.7...HZ..U.#.........!$my.....1.&.Aq...@}.2....l.h........x0M..G. K......"'.|N_X......Z.........I6 ..v... ...u_2 .(..i ......h....0.|.F}Od...".t.t^J.vj."%..C...Z/....22v...}.=.W.4..h....a..Q...q1\...)....[*...l...r...2....@.\..B.../..z.29.'......b<..r..J...: r2L6..Y.W.d..^..`Z.m.....BFRW.k....R....E.R.h..8.TD.^0e.z..9.......=.o.Q...Mt}..<.B.s..L.. t...... ....vx..z....^..7.A... ._...."j...K..W4..X.].......|OR..k.....0..az. ........0...X{.....F$..;@}....AP3D).?.0..$.7....iP.Zh.NA..-....s.yI1..@...X/...........N.|1u9.k..S..^.CH. .N)_.b-ha.>8$0........i.......y.n....i....}3...].^...g...@L..i..'.H..P..UegP..H7..q7....`....b3.".u=.......<,..1.j.U.}=%....9pJmo.d.&..&..o.e.`.H.`.....q..0.X......Q.3.A
<<< skipped >>>
GET /baseui/js/widget/comm_popwin.js?_=1489883499426 HTTP/1.1
x-requested-with: XMLHttpRequest
Accept-Language: en-us
Referer: hXXp://xf.faxuan.net/
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: xf.faxuan.net
Connection: Keep-Alive
Cookie: rid=32a0cb241a97f8ecaba3339c887081d6
HTTP/1.1 200 OK
Server: openresty/1.7.10.1
Date: Sun, 19 Mar 2017 00:31:54 GMT
Content-Type: application/javascript
Last-Modified: Thu, 22 Sep 2016 02:16:41 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
Vary: Accept-Encoding
ETag: W/"57e33f09-1715"
Access-Control-Allow-Origin: *
Content-Encoding: gzip
606.............X.o.D.?._.&.m.q.T..]o%B...Z.".S5...n........... N....\.UBp......r..../{.....'zI..~......7D.v.R....v.. ....$...H...4......2{.^.?..........4.3.9=m^=....<O g8..h.U.. _v.{.CTn..1....(CU........R..i..*hs..'....v.....o..U...?'9...|cK..e..#...MD[..l.2'.(.Z..>O...g{.f..n.c.1 q....!..2-..H...l...GY.=..P/.~F*l...j.V..?.w.d..f.;.X.A.u....m....IF.|TSr~.M.".q...WS...X.tHsV..y.........G....\_.U...9.....O~d.......g.n..r^....o....W........i.!.O..E..........4........*......]...ChB..[n8.zR`.s".e!......r_J....j.w......1....E .=...k|^....f...."..c.Ep....e................umc.jE%F.........Q'.............&.5....5.'.{.CR.AS..U..*.d......:..........)..S........"\U~. ....E..6.....&o?...o.^.....8.,I..h.LX..y.xy...._<...._~~..kx...o^.}...#.i...e..C....2i[....J4...UX,.u...o.....b..s.n...f....'.`...hC...<<G.W.$....19.E$...!.G.I..... .`.Y.....@.fu)Vi....PA......M.f....<u.8.AHP.oA.G%..../.......I..A..$:Q.9...X.........?...3b..$....MK...}k....#A.u.hi...9.N..l......J.zf...........gvCX...i.....C-W...af..9....r....eI=k..Rz..B... ...(..6.?E.'...<...Y.....~.=.fW...e.v.}..p.#..G..4?`t.....-.!.0B.;W.J.l_b........n......O.Y...Q...t.IM-c.2..i.%...m8..78}.......fuX..|..j`.r..8....RkN..[.......P..K...l....\$..<..m.X|...v...Ma..q..\4..O........0_..P.t.E..B;{..........d..8.KX...{......=,..N..p..]RH..q.n.U...... H...... .....mRII..N.A.Q.F{$n......Txt1......2. .zET.Lf)`.mk`.$... B.~.............}A..^....\.t....N....^..r{.^..K.nb*a.(J .P.q...j`.d.......[.`...A8.nx~..&....(..,bO.t...n.......4..6\..c.....j.AA.&....h...H(.
<<< skipped >>>
GET /baseui/images/login/map.png HTTP/1.1
Accept: */*
Referer: hXXp://xf.faxuan.net/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: xf.faxuan.net
Connection: Keep-Alive
Cookie: rid=32a0cb241a97f8ecaba3339c887081d6
HTTP/1.1 200 OK
Server: openresty/1.7.10.1
Date: Sun, 19 Mar 2017 00:31:54 GMT
Content-Type: image/png
Content-Length: 123144
Last-Modified: Thu, 22 Sep 2016 02:16:41 GMT
Connection: keep-alive
Keep-Alive: timeout=60
ETag: "57e33f09-1e108"
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
.PNG........IHDR..............;......sBIT....|.d.....pHYs...........~.....tEXtCreation Time.05/04/163.......tEXtSoftware.Adobe Fireworks CS6...... .IDATx...{T...........|..C.1.;Mb(icw-.o...o..k..|7.....{....9..I...n...wN.K.....q..v..n....6.ly...Ev.5..CH....@B.......xtE...?.st...3.H.y....P.(.@H..(.@ ..................f....c6......./.m...B.!E[Y.7.k".}..5..5.......\g....r.'.."..!.*Qp..7. ......l...>I7.t.......{.6.....%..9M.q. .F?...?.@......Kw>i......\.}&!......L}.....q..y..C..}.s...._3.L.&f.K."..)Q....X...b..b............._.....088.......d:.z`....r.b.(m..f*q..n...4F9......tD.......Dsss.}.q.......Mq~i...>...A.;v....p8.3.Kn....MMMI..\......|...VLuuu..p....}U....G..ESS......UWW.\.]]]hjjR..0. .3..q.......P...l?w...>.|.2.L9.I..G[............Z........'O.._.....c...ikk..bQ..'.w....Mgg'.(..<...qV*..N.tvv...)n....../.(.....!..$. ....1t..!455...2`.....ZF,..v.....j`.....C..e.....OT.L..^..n.......3u..H........S..u.X.Emmm.F........_GG.........B]].r-.....v........H....S...V.k....^x....hnnF__...:..J[.@.c)..........>tuuA...Y....z..s......N.....=.....j......#..|.W.2...BZb...i0onnFKKK.0..g..|.I..K...n7..9....S..Ah...[.c../..B...n...566.......Cmm.2h8.N.....g.../.(.JI.%...f.:t(i ;...l..f.Y..).AGG.2p&..MMMp:..............v..I...y@.$....O....---......s....Vm.........b...*i0GL........UUU.....l...R[...... B....hll....].p....._%...$....n..f.9..L.......8..<..?.Qp........eee.Zp..)D..2........=....&.p8....ws...D[[..........p:.hkkCkk v...7...............Hy...T......;..;w...-..rN..Y.~:........~..cccIm....s..^...K..\P..~..
<<< skipped >>>
GET /crmReport/accesslog?FUID=&FKFUin=&FNa=4006570518&FRurl=&1489883516356 HTTP/1.1
Accept: */*
Referer: hXXp://xf.faxuan.net/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: report.b.qq.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 19 Mar 2017 00:31:56 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Content-Encoding: gzip
14........................0..HTTP/1.1 200 OK..Server: nginx..Date: Sun, 19 Mar 2017 00:31:56 GMT..Content-Type: text/html..Transfer-Encoding: chunked..Connection: keep-alive..Vary: Accept-Encoding..Content-Encoding: gzip..14........................0..
GET /se/r.gif?na=4006570518&ref=&1489883516357 HTTP/1.1
Accept: */*
Referer: hXXp://xf.faxuan.net/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: prom.b.qq.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 19 Mar 2017 00:31:57 GMT
Content-Type: image/gif
Content-Length: 0
Last-Modified: Mon, 25 Jul 2016 09:54:55 GMT
Connection: close
ETag: "5795e1ef-0"
Accept-Ranges: bytes
GET /baseui/vendor/json2.min.js HTTP/1.1
Accept: */*
Referer: hXXp://xf.faxuan.net/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: xf.faxuan.net
Connection: Keep-Alive
Cookie: rid=32a0cb241a97f8ecaba3339c887081d6
HTTP/1.1 200 OK
Server: openresty/1.7.10.1
Date: Sun, 19 Mar 2017 00:31:35 GMT
Content-Type: application/javascript
Last-Modified: Thu, 22 Sep 2016 02:16:41 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
Vary: Accept-Encoding
ETag: W/"57e33f09-d39"
Access-Control-Allow-Origin: *
Content-Encoding: gzip
539.............Vmo.6.. .1$b$;v.%.\......5..}.$..e*V.P.E96d.....l'.....A.......Y.....i....Oo....G.(Bk$.u.8i%.....u..........'....2$..E.u..d....P....h-.J..Q..3....JV.d"S.Q....X^....t.........*...L:.%}..F..~-...ct..n.*.|~....d.9.Ku...?...I!f..'..x........`?UOS._..(..3..q4;.Ii....d...Q5...l......?.....Q5..^...Qu1.&}.I.}.....?W..>.....i.$........-.4.h4.H.FS.Q...SX.M..'........=q...DS(O.o.DJ/...^.\.z..R..$.)9.O!.S F.....|9.Z..............T?...`8...1.2..3. .Y.@s...t.^WfFk]..#.Y.*.m...RF..$.jE\.`...........W...........2..d..6...w..o.E.4..7/......[x /..A..'.y.._2.2.{.....ak<....''.o#..8...........M.7t .G..}..<w.O...9.).3..[..X'..mV}.pSp#0..B.n'..(#3..6.>.9@...in.[5.h..l2.6C>....g....2....c[. .)..;.f..Cl..7..f,4Fz..d...fJk.m~.i!..`......F..6.,..*...vk.[.V...{p`.1..sX@...C .Xd.!.%....b.%.....$....p.bm....P..Z....g.Ap.{....8w=G..*..x.._..5.....U9w....ut.~..........y.k.`..D..cU....Y.&.%.jc............U7.\.......h..c..kdl..Iq.n^\.........R..K..q...26m.W.--.%..Lu...4.E.....Gl....`a-iF. .Z..t....&..zr....m......z.H....\..=..{.....a..ml..4.x5!..cC_...X.c...].._ (.*[......|f.bo..>.&......R_.......B.../....#$\...T}.s....d...C..?.5....x\.|_....6P.%A..|.._..!Y....I...},..}..._7Q..}s...Y<."g..x.:..B.x[...[.O..o....p."....B.{......V..oS.......O...:.A4;....?....c............z.w.gQH].....1..`.8.E.]B.}qK..9..Lt.....j...Y.6B..~.h....p......*.9.....0......
<<< skipped >>>
GET /baseui/js/comm_util.js HTTP/1.1
Accept: */*
Referer: hXXp://xf.faxuan.net/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: xf.faxuan.net
Connection: Keep-Alive
Cookie: rid=32a0cb241a97f8ecaba3339c887081d6
HTTP/1.1 200 OK
Server: openresty/1.7.10.1
Date: Sun, 19 Mar 2017 00:31:36 GMT
Content-Type: application/javascript
Last-Modified: Thu, 22 Sep 2016 02:16:41 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
Vary: Accept-Encoding
ETag: W/"57e33f09-95f"
Access-Control-Allow-Origin: *
Content-Encoding: gzip
3e7.............V...6.~./k4$...IOV...O.......p|...Z.L9$....C{*..(.k..F...ts. tH...I.....p..o.o.N@..B.oT...l..J.u)S..........L...(/R..H.P.&....t.jn..qN..V..H..6*..t.B..ya6.V..J...s.J.>%.V.n..<-v.. ...).h......2....$B...lM-%...I...fO..)...J=..n..y..V..*..<3.|L.B./...x](.......=.8..{r."].`..b...r.a1]...u....P.)..ND......_iEN.23.L.c=-..P.LC...-.e!..l_.%....0>.......g"-..._....&Z...I.3.c'.X.l..........z....Mm..FMJ.rH..Z\<..E.i.!?)..[.#...As............Q&G).0.......J.$ .).p.}l....M....(%.........<.V...VTR.......8G!.. .....\=.....:\.6.!.a.Va.....m.hW...c.....}...v..s..`.D..F.K]...m.v.(.....w............1...x...a..}4.Y......O...l.z.C..H< wBRw>.10......apR3...x.9.f?..:.. .~...?8...t....{A.T...v.!.......$...I7..O.{..;3$.U...D..........P.i*..u.MCA..Gb.H.!.y..w....9... ....\..h....Dx......j/.Ic.V.>....<n.......$.....8.-B(.*..........q..T...Vr.......J.,qn.,....r.......{......r.......Z.....XGpk...... .Z .....t.X...l'..(...bF.........._n~...7..p..a!.....*E.....O.7o~.y.. .m......NNZ.hc.9..9..\.....$.._.....0......
GET /baseui/js/comm_serv.js HTTP/1.1
Accept: */*
Referer: hXXp://xf.faxuan.net/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: xf.faxuan.net
Connection: Keep-Alive
Cookie: rid=32a0cb241a97f8ecaba3339c887081d6
HTTP/1.1 200 OK
Server: openresty/1.7.10.1
Date: Sun, 19 Mar 2017 00:31:37 GMT
Content-Type: application/javascript
Last-Modified: Thu, 22 Sep 2016 02:16:41 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
Vary: Accept-Encoding
ETag: W/"57e33f09-726"
Access-Control-Allow-Origin: *
Content-Encoding: gzip
354.............U]K.@.. 2....u-..]..}.PiA}.>.&...q&L&....R.P.O......IK[...5...._.L>.......7..{..'.:.p.Q.P<OV.<..k.....F....Gf..E!k.[..y,...IE....Z.0.!=*.R.a......"O....j.).........M..G .;......@...X..M. ..q..4Z HU(.d....h<..{.@z.!V......(Z..Lzl.V*.=.A..".K.#.`.....3.."......._@d...P.Y..`~.5zdy.q...k`....W1oM..,ZO.}.......*....5...">d.$..b..e.5.1....s`...l.i.yi......ZY................................w._...::?<.|=:....j.%m.<:{.%...<..._......G...,.:.`$i'1..h.....c.r..v,h.C...e.....B(x.K..J.r.....W......i$.K..HO5..`W..4.r.....^..(?.........a\S..!B..% ...6J%..\...:YD>.......q.H.JK.C.u...=.L.H..a...|..8.J2`4j.j@.n.`^.`Y.b=..m.......Od..h.....1........(..u...D<..B..-...M...o...{.s.v...}......I....*.....-...="....)n]...&..T.5....:U...LIPE...R.....e4.-uEU..e*P3.O.l...L.X.?....dN....e......to.{Dh....vs....w....h.\..#y..>...]b...p..%.<X.....4.........&.....0......
GET /bps/userpoint/s/userpoint_1_s.js HTTP/1.1
Accept: */*
Referer: hXXp://xf.faxuan.net/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: xf.faxuan.net
Connection: Keep-Alive
Cookie: rid=32a0cb241a97f8ecaba3339c887081d6
HTTP/1.1 200 OK
Server: openresty/1.7.10.1
Date: Sun, 19 Mar 2017 00:31:40 GMT
Content-Type: application/javascript
Last-Modified: Mon, 27 Feb 2017 02:03:59 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
Vary: Accept-Encoding
ETag: W/"58b3890f-40f"
Access-Control-Allow-Origin: *
Content-Encoding: gzip
25b............}SMo.0.. ..h.F.R.Kv..*G*AiO.U.3.z...?..to...#....U...&..[h.m<~~3o..hm.-.wZ(.....@ ...Z.I..LT.~..q..ry.,d5.}.O..D.Z.c..$P.q.)ty...=d.........d9.x.}..d-3.b...p..d......{...(...pH1.O.C...P;.?"..h.:....XZ2.."..s.6..U..q..(s...o..#.p.{...1._.~..*..*/..%....*D.du&I....a/...?.9B.I...gM.....52....Kf-%N8.d............_.h:.....=.Ex?.N......EU.&..@E...1..h].....0.C/q.$.D..J......FfS...5... ...hX.v,.V'..ZU.h<...l;Y...P....[.....d]N.V@..r..1.l>.?9.2..hUc.u@.-:..Km......FE....Jjm........Y.......y.~.._>y.cS..3..gX....K..b............;6rD^...61....... 4x.3.ZL...|.7..{..{.;.[&)...y...V..x!......QG.C......0..t>....
GET /baseui/style/newcss/login.css?v=20160911 HTTP/1.1
Accept: */*
Referer: hXXp://xf.faxuan.net/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: xf.faxuan.net
Connection: Keep-Alive
Cookie: rid=32a0cb241a97f8ecaba3339c887081d6
HTTP/1.1 200 OK
Server: openresty/1.7.10.1
Date: Sun, 19 Mar 2017 00:31:40 GMT
Content-Type: text/css
Last-Modified: Thu, 22 Sep 2016 02:16:41 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
Vary: Accept-Encoding
ETag: W/"57e33f09-11ea"
Access-Control-Allow-Origin: *
Content-Encoding: gzip
514.............W[..6.. hGUf.@.$..4.......Rw..62`.;...L.h.{mc.Cn..PEJ.>>..;....5.%d...%..S`a....A..RR.._Q|?.A. 4A.Ha9.2.0}............[....`. .2@...........b[F......\./(..._..C..FA^&.f..E..$a..0... .y.. .}r. ........Q.. [..i.*F..-@.....'.k5.."...a....a........[|..s..W....O$..!.Th..wgd.m.g.....QC..z.Q.f..x.h..Y.............6..A1[..m...m.6..AAJ...}.1`..v=1.. .......J.LOh..q5....OG......,......"....<......7$8..n.A,Z..X...q..f...3?...&o.....x3o...$.h.o..`...&.......R...5HA.......).8.(.f..Hj......r..b..v.....;m.UFs.7...ByQ1@!....s!:$....c.rIy>..8G...F.7L.7S.m._>.M..p.;.)@....f.jF..kp..?.x...1..I..}.Q.....x.....X'...Ki.lo...<...-$.........e.X.Z.......<$...Y..sO.Ul.....m..0........:0.7.. .....@.B.C.e....../.J..|.......W.T....!5).QU...DM...[.....3..."~l.o...F.?....P..~smU....F.0...wD.".M.Q....c...7......@.....q..d.v.!.T.fp...F..YX.O....)..3.'=1..>R....*u.=.....FF.q.......8..{b.L'?..).....th....u.K.....%.q.p..o.....!M.......Ri....qz....O..@.ljH..:-..'.h!..8.....v.i..LB...h.E.......|.....;U....n#......R.a..g.yT.........1.ug..&=..~gg...........0.\....x..=.....l.?..t.5.N5.&.p..F.........}....3..!......?-k. ;P...M}.;..W.R......CT.A..2..L.9u.lSFz......aZ....<...RT.'$=......w..m`.G....z....%.d.....B.D*. a...K..;....=.......f!.c....1..8z._..!I..m./.3.K3Z.[..... O.. .......TS..x..!....{l..a.....Sk......0......
<<< skipped >>>
GET /baseui/images/up.png HTTP/1.1
Accept: */*
Referer: hXXp://xf.faxuan.net/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: xf.faxuan.net
Connection: Keep-Alive
Cookie: rid=32a0cb241a97f8ecaba3339c887081d6
HTTP/1.1 200 OK
Server: openresty/1.7.10.1
Date: Sun, 19 Mar 2017 00:31:42 GMT
Content-Type: image/png
Content-Length: 347
Last-Modified: Thu, 22 Sep 2016 02:16:41 GMT
Connection: keep-alive
Keep-Alive: timeout=60
ETag: "57e33f09-15b"
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
.PNG........IHDR..............K......sBIT....|.d.....pHYs...........~.....tEXtSoftware.Adobe Fireworks CS6........tEXtCreation Time.03/30/16...Y....IDAT(...M.. ...7Y..3...O...\@.......i.C........w3......{..Hk......t%2....*....e.........cDD..RJ../e'.].c$.p8sw...9...H..U=E.D..#...l.=.........R.A6....!...7..u..5RJ_E....o.s....<n............IEND.B`.HTTP/1.1 200 OK..Server: openresty/1.7.10.1..Date: Sun, 19 Mar 2017 00:31:42 GMT..Content-Type: image/png..Content-Length: 347..Last-Modified: Thu, 22 Sep 2016 02:16:41 GMT..Connection: keep-alive..Keep-Alive: timeout=60..ETag: "57e33f09-15b"..Access-Control-Allow-Origin: *..Accept-Ranges: bytes...PNG........IHDR..............K......sBIT....|.d.....pHYs...........~.....tEXtSoftware.Adobe Fireworks CS6........tEXtCreation Time.03/30/16...Y....IDAT(...M.. ...7Y..3...O...\@.......i.C........w3......{..Hk......t%2....*....e.........cDD..RJ../e'.].c$.p8sw...9...H..U=E.D..#...l.=.........R.A6....!...7..u..5RJ_E....o.s....<n............IEND.B`.....
GET /baseui/js/widget/comm_validatebox_customtooltip.js?_=1489883499423 HTTP/1.1
x-requested-with: XMLHttpRequest
Accept-Language: en-us
Referer: hXXp://xf.faxuan.net/
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: xf.faxuan.net
Connection: Keep-Alive
Cookie: rid=32a0cb241a97f8ecaba3339c887081d6
HTTP/1.1 200 OK
Server: openresty/1.7.10.1
Date: Sun, 19 Mar 2017 00:31:47 GMT
Content-Type: application/javascript
Last-Modified: Thu, 22 Sep 2016 02:16:41 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
Vary: Accept-Encoding
ETag: W/"57e33f09-12ee"
Access-Control-Allow-Origin: *
Content-Encoding: gzip
23a.............W.j.0.~..9H....[3ri..e.:.]..D...$wm..{..v.......mZ.....Uf[..K{.....}.~.>P..r6U.3.V=.(.r5 X^.....4..L..@.k.W.f.3c&. .>-....Dg....J4X`9N...X....W.m..{..F..*.-.y... ..-.W~...M0.|.)....T...p..1.).C.?^........9K.?.x.{...P.LK.hl....=........4...\..E..P.Z.8.....QT....$.........XC !R.~.PQ.9;......]J. % .....9......3"s.c...*..h..9~w..._=..6....F..y d54<.^.i.I.../qt.I......U@.gX....gE.Ts..........o.]...........S..W#.!......?.)..xz.t.8.2......w..\.z........1.u...e........).;!..S..r.(..L7e..... ^.W.w.z......N...;..@..i..s53!.....E........{]tO....F.I4.' e....uw.......0..HTTP/1.1 200 OK..Server: openresty/1.7.10.1..Date: Sun, 19 Mar 2017 00:31:47 GMT..Content-Type: application/javascript..Last-Modified: Thu, 22 Sep 2016 02:16:41 GMT..Transfer-Encoding: chunked..Connection: keep-alive..Keep-Alive: timeout=60..Vary: Accept-Encoding..ETag: W/"57e33f09-12ee"..Access-Control-Allow-Origin: *..Content-Encoding: gzip..23a.............W.j.0.~..9H....[3ri..e.:.]..D...$wm..{..v.......mZ.....Uf[..K{.....}.~.>P..r6U.3.V=.(.r5 X^.....4..L..@.k.W.f.3c&. .>-....Dg....J4X`9N...X....W.m..{..F..*.-.y... ..-.W~...M0.|.)....T...p..1.).C.?^........9K.?.x.{...P.LK.hl....=........4...\..E..P.Z.8.....QT....$.........XC !R.~.PQ.9;......]J. % .....9......3"s.c...*..h..9~w..._=..6....F..y d54<.^.i.I.../qt.I......U@.gX....gE.Ts..........o.]...........S..W#.!......?.)..xz.t.8.2......w..\.z........1.u...e........).;!..S..r.(..L7e..... ^.W.w.z......N...;..@..i..s53!.....E........{]tO....F.I4.' e....uw.......0......
<<< skipped >>>
GET /baseui/images/topnav_bg.jpg HTTP/1.1
Accept: */*
Referer: hXXp://xf.faxuan.net/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: xf.faxuan.net
Connection: Keep-Alive
Cookie: rid=32a0cb241a97f8ecaba3339c887081d6
HTTP/1.1 200 OK
Server: openresty/1.7.10.1
Date: Sun, 19 Mar 2017 00:31:54 GMT
Content-Type: image/jpeg
Content-Length: 21507
Last-Modified: Thu, 22 Sep 2016 02:16:41 GMT
Connection: keep-alive
Keep-Alive: timeout=60
ETag: "57e33f09-5403"
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
......JFIF.....H.H.....C....................................................................C.......................................................................T..............................................A...................Q....a.....A..........1q.!$4.Db.T..%Ut.5ERde................................1......................Qa.......!Rq..1Ab..".2...............?...`...................(.x..................6.>.d......u...<.=A?.<.S.........s.8....Q>....._...1....../.nl..}5....H...z.....x.Xm.............8.Xm......w....`.-a.3.-.4..9.v...F.}..L.>......|...s.....yR.z...:g........F.wN..K.N..y....:.......)......TN.:...O...............7.^s&].f0....G.....`|....:g9...t<.Ts.....................Q9W=~...../..._...?.`.k.b.L..$...?i...|...K.0N...."c......|?....1...,.X8.Xm....O.2.......C.....P.....;...|G...CE......{>W...5z.4....K.s...@.M......>>..~F>....s...-.......>.;..As.S......Z....3...3.*j.{..-......I..G>........B.x..........<5....|.K.z...>.s$_.{Z.._...#....j~.....T..B..5?...:.y.......^....*=.....$.o..t<}....D......0.....B.D.9.)....hr.>......(s....L...~.K.9....}.. .... _1..............('...t.z.z.._1..(_1....P.y...........O.............. ...[.....yz.s...AC..OPP......@.....A<OP....O.............O..M....?..{....|)..E.?.......&wt./.......@..<..%/..h.|.H..Q)|.;E<O.j'*...........'........................x.............'...................(.<5......>.aAA<O..>........g}c...6.....B.D.9. .....'.s.R.\...........&.A..O*QOh......>...?....yC.........'.1..|={.\...l.
<<< skipped >>>
GET /cgi/wpa.php HTTP/1.1
Accept: */*
Referer: hXXp://xf.faxuan.net/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: wpa.b.qq.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 19 Mar 2017 00:31:38 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding
X-Powered-By: PHP/5.3.13
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Content-Encoding: gzip
1139.............Z.n.H......\...../.L7.f.[v..I'..{..V......"..........c.i_a.SU$K.g....X.....w.......q..U.g^....d........6..I6...M.../..|.=o..X.......U.<z...C.v.`........w....<.%..3..\H..a.........__~..)._.\u.T..sv6.g.y....!......v..P...E|.'g...q.yf.J.p..O..>~f...~(.B...."........3"....<S.z.W.g....I..N.....w.4...2.i>|.W..'.ZLrI|VO.....{#.y..p..H..!no.........f.X>.<.....W...M...:..Y.....CY.........JT.....VKT[.......k... ..K.......o..y%x..}U.W.|.Z\~.........;.....P........3....=..S...4i....1....x,.e.e5.'f.,8.}q..9.xZ-.~,..'{...w....b.]...7.X.............n..R..y...&]..to^.3.1...F..l....kNv.......5fikP.0.'s2...T...."...;....8....99...b.r..p.ju......3.U..Z....<.#...M-U..&.9..0.Hd..S.|..^...|./.....].1.utq`@..{......bt..|NK...7..;..(d.idn....Fz....0....).h...H/cV..H.#..Z].K...9._.W..=.....#..H...z.2...B,.Vs..4.... l.R..e...%.t..5.P.>.....i2C.......C9...T.`"..^.r..........].T.i..N.".$cf..(.!..L........S....o<s.'.l.5..u.......S..q?....W..5...L. .:G..H..7...oO..*7.x~...x.."`..n=_#..aB..@.N.....2.nx6Q....(.......p5..j..c...z@..Ew.......[...\x.V...~....H........h...........NO........n..e.......p.......S.@a..}d...Z..I.M.H6..M..<.Z......2j........X...>.[.-#w.."M..Z..j.KR[..e.....l....C....K..[..y... KM...r.....bD......jO.'..re..J.5}.3..b1)g.p..s. .. .E..*Xj-c.%....r.-..o...g...%..........I....-(...i.....(..Y..~.....u....0c.l.$...c.$..c.......e... .m6.T.JvV.i...w]...R...pz..Dhj%..9.D5.m..F..fc.)..Pj..l.0.G.W.@#.m..Q.....k........2.,r.=...D..I..!.....0.-..<g..........*^~..}...X.....jh%;.]
<<< skipped >>>
GET /c/=/crm/wpa/release/3.3.7/wpa/APIs/addCustom.js,/crm/wpa/release/3.3.7/lang/extend.js,/crm/wpa/release/3.3.7/util/domain.js,/crm/wpa/release/3.3.7/wpa/WPA.js,/crm/wpa/release/3.3.7/wpa/wpaMgr.js,/crm/wpa/release/3.3.7/lang/browser.js,/crm/wpa/release/3.3.7/util/proxy.js,/crm/wpa/release/3.3.7/util/pad.js,/crm/wpa/release/3.3.7/util/Bits.js,/crm/wpa/release/3.3.7/util/getJSONP.js,/crm/wpa/release/3.3.7/util/cookie.js,/crm/wpa/release/3.3.7/util/events.js,/crm/wpa/release/3.3.7/util/onLoad.js,/crm/wpa/release/3.3.7/util/offset.js,/crm/wpa/release/3.3.7/util/Panel.js,/crm/wpa/release/3.3.7/util/onIframeLoaded.js,/crm/wpa/release/3.3.7/util/GUID.js,/crm/wpa/release/3.3.7/wpa/getQQVersion.js,/crm/wpa/release/3.3.7/wpa/ViewHelper.js,/crm/wpa/release/3.3.7/wpa/views.js?v=3.3.7.20160126 HTTP/1.1
Accept: */*
Referer: hXXp://xf.faxuan.net/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: combo.b.qq.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: X2S_Platform
Connection: keep-alive
Date: Sun, 19 Mar 2017 00:31:54 GMT
Cache-Control: max-age=300
Expires: Sun, 19 Mar 2017 00:36:54 GMT
Last-Modified: Fri, 12 Aug 2016 09:00:23 GMT
Content-Type: application/x-javascript
Content-Length: 48165
Content-Encoding: gzip
X-NWS-LOG-UUID: ac008d89-bb76-4556-9406-2036b987d4c8
Keep-Alive: timeout=60
Access-Control-Allow-Origin: *
X-Cache-Lookup: Hit From Disktank Gz
...........|.r.....xi.vC##.........;.l...!...I....qf..m.e..e..m...c...........;.>q:za.* 3 K7......aQ......:....f........ES.E..JW.,Y.........S.dmu..NyU....%."..d%<...n.."o...e.F........R.,YS......).......9..pB.....^5z.B.E^.....4.Z.w. $z...*..^.=.`...,|.=.J/..n.Y...EwK.n..x..:./G.):.j5...........JK.V...`.0%.R.L.mmm.'=..*{.......h>{..^.Y2&{6.9...1...5gH..Pm.O28w.4.2.o....9,.y.......f...s.M....?.&.._..l.U~!..A[..~...c.2....3%E.,........\.%.}....\x..9..Q...5a..T.ItI.....*z..'4......:"6aUZ........4...).....!..9]..................d!l..k.OqX74KCm..".C.^Q.P.yf...$....).#..8.4lN......J2..M.oJ.3.`>aXER'...}.r.G.4M.x...u....Y..q.w.q...Q...c.]..........!"p.&.oXX....L..7..$?s:.U.....hh...F....T....r...>.Q....a. ...l.}.b=...F3.[.7.....d...$$.z..3....D. ..S....\.....Ug.U.........T.....ec...K\p.^!.9.....yi(...<j.........A?.E..7K....I..4a9.G8p...%q..h...-..1.......T(..Vw..344.r..Ol..........3..k..!.=a..dZ.q....e.F. ...:,..aSWd @.. ....O0<.d........:3H...e.~0.o....~<........._.#W.....P..\&.,D .TI.xLu...\..'.y...Yq.M.K....Z.lR....y...ojdhkS2..$h.\..3.......H..-...d^.w. h...~.m/.F.K..c]..u....?K ......4..6......t...B'69.$.*.5h.]l.[.*).......pJ6...j.C.A.v_....?./K.........W.?Y<.3./m....sf.)..Kh...L."-...`_.]..!..d...ebN..CPaa..0tPX..*M...7...}..7..8..~.EN..{.xs.U.@.l....N&.C....B.......I.H.]......(.qh...dI{W.2d..v.[.a.^^RNs..l.,../......t...%x............g.Hc.|......b.^.A{..."b. ../..l.W.)..WE....X..z..s..g.p..5.6.. Z<.ww...b4T..-.YS>...C.Y`^.y..wm{un.T.j.....J.N}(.;&.-M........c..k.8}@h.h.z....
<<< skipped >>>
GET /da/id.html?q=sjoq3o.t0e4l5.j0fy6ges&p=i9b1v3.3fir2g.j0fy6ges&t=4006570518&a=&c=1940917248&s=1.1.sdyr8n.j0fy6get&src=12&pgv_pvi=&v=0.6.6&ts=http://da.qidian.qq.com/ping/id HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*
Referer: hXXp://xf.faxuan.net/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: combo.b.qq.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Server: X2S_Platform
Connection: keep-alive
Date: Sun, 19 Mar 2017 00:31:58 GMT
Cache-Control: max-age=600
Expires: Sun, 19 Mar 2017 00:41:58 GMT
Last-Modified: Tue, 17 Jan 2017 07:54:50 GMT
Content-Type: text/html
Content-Length: 5261
Content-Encoding: gzip
X-NWS-LOG-UUID: ee30b696-64af-4905-89b8-95cf831a9839
Keep-Alive: timeout=60
Access-Control-Allow-Origin: *
X-Cache-Lookup: Hit From Disktank Gz
...........Zk[....~~.hw.v#......1y(..3-e..t&.<&Q....l....o?.....t....K....k......N.<>...Y..M.7.XN"&$C]........p.g....t.f...t.S.s........}.F.;..0K.zgs\..N......!=....#}.........lCD...0......'0.O.........F."M7#..fY|..R......D..BzL....#1.21O..`~p..<..*k4<=M.`.fq".....i...H..D\....y....0[..V.Ep.%Zx..Ss..%S.."6R.b......`X.p.i...f."..*....>...=....%cOD.../..7.4bT.."*F.FC{.uVJoq........../....#../...B.....z........k.!.u.g.G..#y....a..3.....&......v.W....4..:z&..X.?V.G.t.hf.y...d."i[......A*.DOC.l.......c..:6."3.\_X......U...?...C.]..[G.:....$O...z..S.....?..u......C"ji.:.....}....../..........?..~....?../....4..=.I5..r]\].....<...??......Y@...........e.M%P..7..YidB.p........j0T2W..Y!..D.....ojL...y,Z..v!.....yz......../K.D.c..0?L.I..95....k:..E ..K....d.?y....Hy.mS.....,..v.c...........*Z..*..e.j...V.4..q.M...FE.../Y1xu!.....7...S....w.=.^f....1O.....%r....L..........~.....mv......?;.....5.aeqE...=.0.)........T..N..3.kq..j.X2....u%."..a...W..,.q.~2._.}"F.LQi...Db#dh5.^.l$.........y.............\....y~....*O.\7..l.Z...HO..p*..T.pa.@...|.....uv..@...H...q]^.. ..n.Z...?.h.}..B.W.2z.y...W/~z.3T.=(...NI.eT.!.Q......!.S.w.G ..i...Z......o........N........|<a..,...J.3.l....U.V.......^.S.....vX.4S.w.Zd{19C..x4:..M.Kr-..z..<.3......:.NMo..R......v'I$....._....8..V.0..ppi....8"|..... ..x.c^.e.y......y....**... \.fD.hs.h.~.j.......1.1~.cgXz...:..i.he...XaR.j...>/.|n.e.;..!..Q.H..KU.Xi.R..^.H:y[x...K..B.....!....d..&.k...$.|1...3.q....4..i.`.....i..7.....^.X..p1.R..6..f.V.)[.px.,}(..2.l4.cd.g...G..?.
<<< skipped >>>
GET /baseui/vendor/jquery/jquery.min.js HTTP/1.1
Accept: */*
Referer: hXXp://xf.faxuan.net/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: xf.faxuan.net
Connection: Keep-Alive
Cookie: rid=32a0cb241a97f8ecaba3339c887081d6
HTTP/1.1 200 OK
Server: openresty/1.7.10.1
Date: Sun, 19 Mar 2017 00:31:35 GMT
Content-Type: application/javascript
Last-Modified: Thu, 22 Sep 2016 02:16:41 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
Vary: Accept-Encoding
ETag: W/"57e33f09-178cf"
Access-Control-Allow-Origin: *
Content-Encoding: gzip
871d..............{w.F./....".....%:..7d....I2y...d.b.."..$(......~.W..h...9..s..Y..4.........'......'.......dw.......O...|b..Q.-.x[.Ku..2.S..[|......H..&?yz..t&w....L...W&.y...h..........y.{.C?..*......e..L...r;L...y..........f....uy....O^......0...]..7'..}..(.}....)...u..[/OR.w.Rc...h...X...1...C....b.l.bE}z..O.h4VY..7."..SZ..x.&..............5.....f.m.f...SuM/.x.....u.....u.L......"....../..%U^l..^-.._FW.../^.............l.J.v.....Utv.......qp6-.m{c.......e...`....E....%&,z.p...&`.]...r...&....yj./..Yx.....:~...6...x>.1.4.i.........N.../.!r...~.R...k...zeX.7.8..U.ULh$.|=.9 V....T.\.IX..w.3\G....n...j^T.Wy...v..\...[R.j.x.6J..v.... )V..lA.=..R.*..^...9nT....j..{...>...I..8.P. ...).<.`.....o[..Y1.F...c9....w...et..&..p......h......T.....-.H.E8Q..C!md.Q..O....-.!.-......N...-&.}.r5.Mo'rt>..hG...m}.l.~.u......,.y..0......i............v.~....k..v...I@.GQA.M.pg...Eq9.@E.......T.<.g.I.<...8...1-V..i'.R.......a..K.n.2.66V...N.A0....FL.1.v..q0....Mw...4j4.....i....]Yd'..7..R.{.......Dnb.....^...........?...|5...?.zE....Ul....C.9W9.M....(...KgG...vQZv.g.h%ixXL.FON...T.v-...rP.'!].....v.(..B.P.;Z.u......E.OW.z..1/c.Oo@..5.^....l.{..<.49...Bu..g.[*....v..;..w...,..-..>...'............\......{...-P.=.Q...........B....4j.._./.!.)..1!.'....w3O.....n.fV.B..a.i..q.......t....g.BW......w...2.......Q"s../17.z.......7..Xm.......:.....4^.s..mC...,.G..W.........Q.Na.....;A.}&......6..zJ.5...D.......:.F@......T..br._...f....x..>.....)......PW>..\..k..JI..4*S.....a.......:.0..m.g.....,Vk....#t.7.C..&p.
<<< skipped >>>
GET /baseui/style/newcss/public.css?v=20160911 HTTP/1.1
Accept: */*
Referer: hXXp://xf.faxuan.net/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: xf.faxuan.net
Connection: Keep-Alive
Cookie: rid=32a0cb241a97f8ecaba3339c887081d6
HTTP/1.1 200 OK
Server: openresty/1.7.10.1
Date: Sun, 19 Mar 2017 00:31:40 GMT
Content-Type: text/css
Last-Modified: Thu, 22 Sep 2016 02:16:41 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
Vary: Accept-Encoding
ETag: W/"57e33f09-14f1"
Access-Control-Allow-Origin: *
Content-Encoding: gzip
638.............XMn.6....`.I!9..{2..t."....:...J.$&4.R....e..u....hoS.s....C[.3....p$.......e^#.b..t.......w~..u..S.>..._.../._.~G}N.F`..b...t..x)...../.....r.@.",.....a.. 9.A....%o.A.?..._.............{.Xk.V.Q.0......kJ..U..{...A.s..$..u.......f.=........%.7..D..V*.9..iq...}..Z....G.,...&..\...t.S..z..".......u..1...QZ......(.oR#.qY.....U..-&U-7...U..:C.M%x......I.Z....@.nOT.......uS.{.7..`..*.,<....e.I0X&5)..T.5F.F..8...ezK.Y'Q..P.L.dO.'*. .Q:.Hy.1.....8..QK.h..<]`...v)a8p.L...PH.r\$.y..d.(.%..v.'...;..SCmxK4.P.r.I...)./R..nL....:(........M.....H..W.... .:..N..>m... Q.S....g0......Z;F.V...08a.3.`[.*.J.P.Z.%7 ...7.{H.A9.BX...X/8....~.(...a....u....O`.2y.......U.].Sg.#j`EU{..]<{.....w$..C2.9W..S...ug.......]...R.:..a..n.FcZ.k..>.Rt.1.$.\....d......Wpo.......F/R..A9.w..,-.Uh$.65zi....c.]..=..9.....L...v..7....M.gg.!....ft...w....o..B........X.,.....".s4N.B..U...=..A.O..1.l.....%...<.q..?....."...G.i........f.]gT.$...9..F.b.H....h..N.%..F..2..V.w.?.36..j*3x.....RD.....4......_.....J.]W..rz..3R.)\....A.......Ri8....>.....Al.= ..V.Z s.b.....3;R.............w..h......sWxR.o.#8.................cD........J.iCz..?N([...~......y.U.)S.M.}..;.#.....9 .7.>....}&.0..Z..._.a.oB..:...k5......L.}...a9.K..Iv..".C(..?....F}I<}W ..V.b..z.s:v.D.A....b^{......$R}.:..a..eh.....V'..,.F.......5......X.9LT.~KU?.9NA....8.?wa8.....D....P...pZz.m.C.#0<.Pw5...tn@.....:....e....e.t&..r......UW ......~..^uqq1...}.........d.)N...9...wb.....C/v...........[...~.......K$U.1.n#xE......x...Z.G.........K..._^F.y._F.
<<< skipped >>>
GET /baseui/style/popwin.css HTTP/1.1
Accept: */*
Referer: hXXp://xf.faxuan.net/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: xf.faxuan.net
Connection: Keep-Alive
Cookie: rid=32a0cb241a97f8ecaba3339c887081d6
HTTP/1.1 200 OK
Server: openresty/1.7.10.1
Date: Sun, 19 Mar 2017 00:31:41 GMT
Content-Type: text/css
Last-Modified: Thu, 22 Sep 2016 02:16:41 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
Vary: Accept-Encoding
ETag: W/"57e33f09-41f"
Access-Control-Allow-Origin: *
Content-Encoding: gzip
1df............mS...0.....R[.#'...V..!...Vgl.^..t.^.p)\.}a.zgv..(L...K.. .e9.n....E.;$....a4.=Z^Z/.g;7d.j..F.T...BB..!^,E..x...6u].......Z..;J..R..xQ.Qd.b.]ZD.=.^2.....v.........;!%..$.w.|.5H.\....VV[.6.J.....;.W=a..m.O...'..].~..K.:F..."y..o.9.#.....OY..g:X...qn*..%..W&'a..h...iT...Z.R...J4#......V)......e...cP$......D..V..q...y.....=..:...2.sR...*....:.<U.p] .......e.F..q..j......x..Py....O...@...2..G.o1..H...k...0R.,_......Gn.../l{.5.h..............W.h..D.g0...h.j......b!.......0..HTTP/1.1 200 OK..Server: openresty/1.7.10.1..Date: Sun, 19 Mar 2017 00:31:41 GMT..Content-Type: text/css..Last-Modified: Thu, 22 Sep 2016 02:16:41 GMT..Transfer-Encoding: chunked..Connection: keep-alive..Keep-Alive: timeout=60..Vary: Accept-Encoding..ETag: W/"57e33f09-41f"..Access-Control-Allow-Origin: *..Content-Encoding: gzip..1df............mS...0.....R[.#'...V..!...Vgl.^..t.^.p)\.}a.zgv..(L...K.. .e9.n....E.;$....a4.=Z^Z/.g;7d.j..F.T...BB..!^,E..x...6u].......Z..;J..R..xQ.Qd.b.]ZD.=.^2.....v.........;!%..$.w.|.5H.\....VV[.6.J.....;.W=a..m.O...'..].~..K.:F..."y..o.9.#.....OY..g:X...qn*..%..W&'a..h...iT...Z.R...J4#......V)......e...cP$......D..V..q...y.....=..:...2.sR...*....:.<U.p] .......e.F..q..j......x..Py....O...@...2..G.o1..H...k...0R.,_......Gn.../l{.5.h..............W.h..D.g0...h.j......b!.......0......
<<< skipped >>>
GET /baseui/vendor/easyui14/lib/base.js HTTP/1.1
x-requested-with: XMLHttpRequest
Accept-Language: en-us
Referer: hXXp://xf.faxuan.net/
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: xf.faxuan.net
Connection: Keep-Alive
Cookie: rid=32a0cb241a97f8ecaba3339c887081d6
HTTP/1.1 200 OK
Server: openresty/1.7.10.1
Date: Sun, 19 Mar 2017 00:31:44 GMT
Content-Type: application/javascript
Last-Modified: Thu, 22 Sep 2016 02:16:41 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
Vary: Accept-Encoding
ETag: W/"57e33f09-4978"
Access-Control-Allow-Origin: *
Content-Encoding: gzip
16c5.............<ks.6..Ef.z..f....'.G....^.$....].....E..)...s......A..(.......4.F......U..u.F.!.wQ..&<D..^^.E]....Rvri...Q........6.z.....M..Q..m....E....YW.eW.feQ=...........nwe.......N.G..k..u.....YV....z.....$@j..".U.m,..}..".:....Irj......._]....s..$*e.F<.Kh.Z....2.T.;8z%K....8.N6.'.@<....,J..I.F..*.?.."*..,.....Q\g.x.........>.:qxw/d8..[.C_.....]........p.r'.E.F....../n...(....LM...q...=._.;.........=T.V.7b......x..X....S..e.........y.Y.2..^4..|\..2S}.q7..FM...J...\*.K.......Z..9~/.>0.t......x...9..Q.....XH....p..2.b.{..[.o.o.v................k..n.b...8.....\.2.=...8...3..?..e.>j...@r..C.:.....o.]..~V.@,W...z.k.....|.-...,.yg.xK.............M5...~......;.... `;O<.`=.....up"......H........p......E........9:..[...?......x.. E.6.)2..X.Rf....l[T.E...Y5.....]....9W..J.Iv~.}*.]zOl....v..I...9.~..11d....0..C.kz.."..@...6Z...*.as.p.3...HR.i'.lV{..]}.*..J.........G}W..N..ZF.J.j.=zn.....K.0=K.{....9.....m..|I...(n..]y...ZD>.v.....zG....1.\K....}.6-.fD....m..K0.u..d.|]....w..q}..6.^}..4.r-..{v.....|.........v...'....0....,C.x.j..]6$ ...~#...(\pub.....@oj}.............y.....t.IZuy........o..//i....v>".'e.mZtIp6.`....p.R....gc....(i.1../k!...X.26Zm..e.....*>.*f,z`..ue...DE.v{6d.._........>.....(..#.........I7.9:.e(..@*..9.<.`o.z_u..@... ...]'...W7C..4|.p.........2j[..h....(`..?...O.........@......O...`u.....6b..Js..g..x...U3x.,<.......0Z.u.......{..]-.......b..JO..c.I..8.... .yc.....H.8x........S.{.~.:..=kXj.,..S.G.z...zt.%`.y...Y]..W..h...w..'.Ji......Q.....L...Cr...r#zv....
<<< skipped >>>
GET /baseui/js/widget/comm_customFuncTip.js?_=1489883499425 HTTP/1.1
x-requested-with: XMLHttpRequest
Accept-Language: en-us
Referer: hXXp://xf.faxuan.net/
Accept: text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: xf.faxuan.net
Connection: Keep-Alive
Cookie: rid=32a0cb241a97f8ecaba3339c887081d6
HTTP/1.1 200 OK
Server: openresty/1.7.10.1
Date: Sun, 19 Mar 2017 00:31:49 GMT
Content-Type: application/javascript
Last-Modified: Thu, 22 Sep 2016 02:16:41 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=60
Vary: Accept-Encoding
ETag: W/"57e33f09-5ee"
Access-Control-Allow-Origin: *
Content-Encoding: gzip
248...............n.0.._.a:H.,....R.......$A. ...,".h..cC...C..];....M.l}...lX..z.&Q<.....q.Q.E....b:6. >. 0..9.....<v^8.....'X.S....8..k b1.Y.B.[H........t.............I.........0.z.3...N...._9...6]..].3GXN.)dZ...u....._.}........??>.r.e.E..).......r..o$..W.......k....g......b...[....".|f-W{.Zi.PAi)...\..\.`.........=......[..i...8...........A...X..NB...)d..............XW.3t7....\.1...><.C.n..Nl.*...EJ.v1@..{1N..e........N..M.......LdmY.S>..WI=#...-......AA.d .".2@.o_....F...n"E.....zP..o{. ..d.........s.b<:.d.$f......X...l...rP.<.. o&....$.$...............<{...Ow]......,...E'.......0..HTTP/1.1 200 OK..Server: openresty/1.7.10.1..Date: Sun, 19 Mar 2017 00:31:49 GMT..Content-Type: application/javascript..Last-Modified: Thu, 22 Sep 2016 02:16:41 GMT..Transfer-Encoding: chunked..Connection: keep-alive..Keep-Alive: timeout=60..Vary: Accept-Encoding..ETag: W/"57e33f09-5ee"..Access-Control-Allow-Origin: *..Content-Encoding: gzip..248...............n.0.._.a:H.,....R.......$A. ...,".h..cC...C..];....M.l}...lX..z.&Q<.....q.Q.E....b:6. >. 0..9.....<v^8.....'X.S....8..k b1.Y.B.[H........t.............I.........0.z.3...N...._9...6]..].3GXN.)dZ...u....._.}........??>.r.e.E..).......r..o$..W.......k....g......b...[....".|f-W{.Zi.PAi)...\..\.`.........=......[..i...8...........A...X..NB...)d..............XW.3t7....\.1...><.C.n..Nl.*...EJ.v1@..{1N..e........N..M.......LdmY.S>..WI=#...-......AA.d .".2@.o_....F...n"E.....zP..o{. ..d.........s.b<:.d.$f......X...l...rP.<..
<<< skipped >>>
GET /baseui/images/login/logo.png HTTP/1.1
Accept: */*
Referer: hXXp://xf.faxuan.net/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: xf.faxuan.net
Connection: Keep-Alive
Cookie: rid=32a0cb241a97f8ecaba3339c887081d6
HTTP/1.1 200 OK
Server: openresty/1.7.10.1
Date: Sun, 19 Mar 2017 00:31:54 GMT
Content-Type: image/png
Content-Length: 29795
Last-Modified: Thu, 22 Sep 2016 02:16:41 GMT
Connection: keep-alive
Keep-Alive: timeout=60
ETag: "57e33f09-7463"
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
.PNG........IHDR...4...L........F....sBIT....|.d.....pHYs...........~.....tEXtSoftware.Adobe Fireworks CS6........tEXtCreation Time.05/04/163..... .IDATx...}.]W].....L...)d.)..... >t.z.y.i...?.....6.zQA.N..(W.)(.x..(?.{....^;9.\!.'<.(...`.LN..&..Lh.4.9...c...:{.y......t..g...{....~..a...!C..........(C7.......`v..K.3.t'.l!.. T..V.z..Y..my...{0.{9.......Z1.X...../C.(...(`.cl%.I.6R.....F...s...._.!...".R.R.....Gn....d..!....R_.n.ni...a..,-..FiKb.(...P"F..B..c.H..c..Wh.{...C...Z.?.0.]ae.$.g...v........-7^6.K.X.So.Y.Na....JeC..6................e.....m..{0cdAY{. .s;.C,....B.......?..8*.s.%}....A#..Q....M.<.11fIu...........!..2\.h{.S.a... .P-.....^..>.a......C.l.qh..f.4.....2dX..b^.G..&....2.o.......bZ.eo.....L.-Y.`.x..w.J.%..b.h.O....C.....B3l.puV0}.....\.^q..)...@...,f.0h..../cX%.^.=....A.].....;... ..b........(...AC.K..S...U...\.X.AK|1..`..a.G0..fl...$.s......8a.{...0..p.^>G.F.....\.}.c...L.....u....%..1.]H.Q.........g.(q...}4@.B....E.|...#..3\...M...2,.v.w.x...y1W.0.du..b..o.@.@9t......0..V.#./v.,.0b....9w.....fe.N>.J0.(...S....t.}:Bl..M..q...S...&]..z... ......5Vh}.Fh.%.l......Xk....K..0F.u...Q.K~}.....,..(&W...i....o.....2....!..0h...yF....9....X.....}..)`.....xCI.Lb|c.r.z.#.......0.`..."..&...Bi..O....{S....&7..s..:...~.'.M.....4w.")..f.d.12...........AFh2d..a../.1.....<.g...).%..aZ...U..v.x..........VI./...K..7f....g..t...!.....9..m..5&..:ce.%E.).?.6.."q........oJ..Rn.K6.RUN.......tc.i.{.\-..-.k.~.8.H.M!@.`............G..Y......-...1.P...J.{.....[YG0cv..[..|.....r.4...b..a...3:.......j.m..
<<< skipped >>>
GET /baseui/images/login/switch.png HTTP/1.1
Accept: */*
Referer: hXXp://xf.faxuan.net/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: xf.faxuan.net
Connection: Keep-Alive
Cookie: rid=32a0cb241a97f8ecaba3339c887081d6
HTTP/1.1 200 OK
Server: openresty/1.7.10.1
Date: Sun, 19 Mar 2017 00:31:56 GMT
Content-Type: image/png
Content-Length: 363
Last-Modified: Thu, 22 Sep 2016 02:16:41 GMT
Connection: keep-alive
Keep-Alive: timeout=60
ETag: "57e33f09-16b"
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
.PNG........IHDR...............7.....sBIT....|.d.....pHYs...........~.....tEXtCreation Time.08/25/16.T.!....tEXtSoftware.Adobe Fireworks CS6........IDAT(......0.D......#.p..,.:....;..,A..y..D.Z.. q.E...$........o.X7*......6M........I^...*.....3]..j...t..K.|..j...I.....h....a.y.z..=z...ne.......h.*.. .{.@4tX.u..s!..z.d..g...f..3./.h\2....X../.5w(.@......IEND.B`.....
GET /baseui/images/login/bg_user.png HTTP/1.1
Accept: */*
Referer: hXXp://xf.faxuan.net/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: xf.faxuan.net
Connection: Keep-Alive
Cookie: rid=32a0cb241a97f8ecaba3339c887081d6
HTTP/1.1 200 OK
Server: openresty/1.7.10.1
Date: Sun, 19 Mar 2017 00:31:57 GMT
Content-Type: image/png
Content-Length: 1006
Last-Modified: Thu, 22 Sep 2016 02:16:41 GMT
Connection: keep-alive
Keep-Alive: timeout=60
ETag: "57e33f09-3ee"
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
.PNG........IHDR...2...(......r.L....sBIT....|.d.....pHYs...........~.....tEXtSoftware.Adobe Fireworks CS6........tEXtCreation Time.04/06/16?......FIDATX..Y[..0.=.........L......l.K.R..n.;..f._...-....*...".H..L......."..{......n......7._.|..b.../...l.(..|.....D.\..)0....9.S.s]..RPJ..>..9Y.ZC).)%....z2.....wc.....r.J..9)%.<.Rj...o$.c.a8...=!..,.e.`"..`.Z...Q..@.. ..1... ..!....Z.,K.e.i..yX.V.../..H.....9GQ.'..A.(.....s.L...6Y.....DUU`..q.$Ir0..K.....<.q.[......[.[k....!........6...cx||lt.0.Q..U6....r..n\)I..=f...lu..7.S.. ....5`.....R.VY...X...D....,.X,:.-...e9.N.I....}......;..B:]... !d......)TQ.A).!D.......&.i0y.kj...a....ZC...yg-..I..8..,..9?....1Mf...Zm....s..>n>s.....j......g..X..PJ5.T.M..CJ....N.}..F...C"I..........RX...t..7...j^yq.#..NYA. .c(.Z..O*7.MDk..v.B.U....v.mt.7!R..E.R.C..E...Z7...NXe.Kn`..v.p|.R,.f6 "...|>G.EVJ..E.....)....X..,.@.9Tf.w.9..WU5h.2. 2.PU....0..!.D.<i.$cH..8...I......!..4.L...i...EQ.....g..fs.!..m|]..BL.n......Z..3.?.m..0.!.....1{zz...3...a7...I.Z9.2.....IEND.B`.....
GET /baseui/images/login/bg_pwd.png HTTP/1.1
Accept: */*
Referer: hXXp://xf.faxuan.net/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: xf.faxuan.net
Connection: Keep-Alive
Cookie: rid=32a0cb241a97f8ecaba3339c887081d6
HTTP/1.1 200 OK
Server: openresty/1.7.10.1
Date: Sun, 19 Mar 2017 00:31:57 GMT
Content-Type: image/png
Content-Length: 737
Last-Modified: Thu, 22 Sep 2016 02:16:41 GMT
Connection: keep-alive
Keep-Alive: timeout=60
ETag: "57e33f09-2e1"
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
.PNG........IHDR...2...(......r.L....sBIT....|.d.....pHYs...........~.....tEXtSoftware.Adobe Fireworks CS6........tEXtCreation Time.04/06/16?......9IDATX...Q..@.........@ ....B..t.]J..-tG].B_..,...H......^K..k...z.'3L..?s..Q.v......|.....C..M..>.X..-..wn..F>.Z..Z.iM.....S<....E..(..t:...(....,..4jD)E..(.......jE.e.b.3....}...J).R..k.....F...}<.;<WUE...iJUU..!p]..u.B...>B......m#a..L.y.l6;Y.i.".d8...v..<..,Y..Z:......Ny..E..b...(....0..3:h.QJ..,..C*....Zm.!^m...e.q..s..t<.x..<M&....o....q.\.5...7..f....F\.e0.4.t)A...1i.6z.q.......si|.#Vn....H......^O..{.k;.....@.$.ql .=#..G...c......1SX3..A.B..>A...g.k.....m.0.......R"..}......R2..l.8.~Sk.......qj..k.....7S.EQ..\.U5rM ....y..._..a....."L.........5....'.;w.f......vB......IEND.B`.....
GET /baseui/images/login/icon_phone.png HTTP/1.1
Accept: */*
Referer: hXXp://xf.faxuan.net/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: xf.faxuan.net
Connection: Keep-Alive
Cookie: rid=32a0cb241a97f8ecaba3339c887081d6
HTTP/1.1 200 OK
Server: openresty/1.7.10.1
Date: Sun, 19 Mar 2017 00:31:58 GMT
Content-Type: image/png
Content-Length: 625
Last-Modified: Thu, 22 Sep 2016 02:16:41 GMT
Connection: keep-alive
Keep-Alive: timeout=60
ETag: "57e33f09-271"
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
.PNG........IHDR................c....sBIT....|.d.....pHYs...........~.....tEXtSoftware.Adobe Fireworks CS6........tEXtCreation Time.04/06/16?.......IDATH....M.@...Fy'.. .;..B...\.W....U.S....U......\RAx.q.6c>...i.d=3.....~..qvr.`............x.U.@...vn..z.>.f.k..J/.}CR;w......]......$.s%p.......c.6zf..'=../.'.i...{.....\........=6n.T...p..>E.k5...W...}.z]..s.v.e..e.w/@.wP...P..A...Wt.j...c.1&."U.E...cM~..H.........X.....M...../b...;..a6..XZ....%0%d#..#/.l......... ."Ys..]....w1f.]...D..5Ty.\jY..[.M4 m.Bm,..Km.. %..o....w.......=c.....I.$.........TM........51.....5..v^........ ......)..}. .2_....|....)..'o4.....IEND.B`.....
GET /baseui/images/login/icon_qq.png HTTP/1.1
Accept: */*
Referer: hXXp://xf.faxuan.net/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: xf.faxuan.net
Connection: Keep-Alive
Cookie: rid=32a0cb241a97f8ecaba3339c887081d6
HTTP/1.1 200 OK
Server: openresty/1.7.10.1
Date: Sun, 19 Mar 2017 00:31:59 GMT
Content-Type: image/png
Content-Length: 1786
Last-Modified: Thu, 22 Sep 2016 02:16:41 GMT
Connection: keep-alive
Keep-Alive: timeout=60
ETag: "57e33f09-6fa"
Access-Control-Allow-Origin: *
Accept-Ranges: bytes
.PNG........IHDR................c....sBIT....|.d.....pHYs...........~.....tEXtSoftware.Adobe Fireworks CS6........tEXtCreation Time.04/06/16?......RIDATH...{p........_~......B.....I.&J.d.@. ...I]:)P.1.h..P.Z.g.)f|u.Zf.k.H-.Z.B.).I.$.h".....a7......8..q.4D{f......3.~.=.2"......w{ ..M.........}.._..E..Z.(.......BEo..V.........&.....dDa..........5.l6{..."..[ZZ6.|...Z..q<Y,6...d.;.b..c:.Z.TSSs...s.......K..V?.@UR.D2.....FN.Md.;..q.Of..22.T]..x8<.....v..u..j'Q.$..E......Z.E.9..z......v.(.(3.D6......9..~....c.JJ.....1...v.$I..~..-.PU.&..B.H$i....1F............ .L.......a.......N......y...aAn..~?.i.^..D...B......f6.gB,.H4?.JA.E....'N..........{.s.2|>..6 N.:..q....D..H..@.L.?cl.L%M............8..<....Wg......]..8y...h..1.....v.p.....2TM?...3.w....".K..`I....:.J2B...qs.u.....]....0...6g&.g.KjS.7.........a}..H...f0@.......@&...4l.WQ.8......mK.OY......}..^..\...'T>%..R..u<r8..W..F.8.\.2...2....O&P.I(........S.< .h......~o$..]V..*....5.8r....9.#..0...|1.[H....5.B>..H .s.z........_.}.v..C.?...g.....x.YSq<=.p.G..)...d...!. .K[.8.d.W....p..!.Lc_B.-...&......BD...wn.x.$..."...N......=]]a..;.F.2....r.Oc....."y....4.h5=V......h.o....X.......twO..l2.....U....&M!.V0..B*_..x@.=H..!^........../....R@...h........'.i..y.<69.)........{.t.Z,....a.P.%......`.u.D.]*..H...U.?........i".:.b1..ndgg.\W.(... (A@............AQ...$I...wc....\7!...1.M....................|z..._^..6?....< ..Pey.;.c.CCChmm..].vp..755.p.o..4...ymm.......o.[X.|..;DD..2.e....4.$..E!"..;v........{b.X..cMOD...9....z.....t..N.M.%..k....._}
<<< skipped >>>
GET /service/gc.html?timestamp=1489883514000 HTTP/1.1
Accept: */*
Referer: hXXp://xf.faxuan.net/
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: xf.faxuan.net
Connection: Keep-Alive
Cookie: rid=32a0cb241a97f8ecaba3339c887081d6
HTTP/1.1 200 OK
Server: openresty/1.7.10.1
Date: Sun, 19 Mar 2017 00:31:59 GMT
Content-Type: image/jpeg
Content-Length: 1240
Connection: keep-alive
Keep-Alive: timeout=60
Last-Modified: Wed, 02 Dec 2015 10:19:41 GMT
ETag: "565ec5bd-4d8"
Accept-Ranges: bytes
Age: 26507
X-Cache: HIT from 192.168.1.51
X-Cache-Lookup: HIT from 192.168.1.51:80
Via: 1.0 192.168.1.51 (squid/3.1.10)
Access-Control-Allow-Origin: *
Access-Control-Allow-Origin: *
......JFIF.............C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222........<.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..9n.H]..Ba....q...8.q...ZW.,5k.b..V.m.F.....X(lpr1.SksC.....2...!^.e.r......<../m..^..q..[.....yF.._%.P.!W..$s.F:\..8...o.Agj.-...Y#}..pTg..y.....|..j.._.M....!.......q...|G=.z..ssl...1..]......r.8...xsu....[@d.....m.2...z....'.p..........<e.x.{.E.-..@I!...3.0y..j.......W...(...B....<.a.J.|'5..X.&........._..mn..8..>...\..e.fF'dJz`."`t..?... ...R.......T..MF?...eb.`(...c?{<...HTTP/1.1 200 OK..Server: openresty/1.7.10.1..Date: Sun, 19 Mar 2017 00:31:59 GMT..Content-Type: image/jpeg..Content-Length: 1240..Connection: keep-alive..Keep-Alive: timeout=60..Last-Modified: Wed, 02 Dec 2015 10:19:41 GMT..ETag: "565ec5bd-4d8"..Accept-Ranges: bytes..Age: 26507..X-Cache: HIT from 192.168.1.51..X-Cache-Lookup: HIT from 192.168.1.51:80..Via: 1.0 192.168.1.51 (squid/3.1.10)..Access-Control-Allow-Origin: *..Access-Control-Allow-Origin: *........JFIF.............C.................................
<<< skipped >>>
Map
The Trojan connects to the servers at the folowing location(s):
Strings from Dumps
%original file name%.exe_2928:
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
t$(SSh
t$(SSh
|$D.tm
|$D.tm
~%UVW
~%UVW
u$SShe
u$SShe
kernel32.dll
kernel32.dll
$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)
$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)
oleaut32.dll
oleaut32.dll
EVariantBadIndexError
EVariantBadIndexError
u%CNu
u%CNu
Uh.bN
Uh.bN
MaxKeySize
MaxKeySize
Invalid key size
Invalid key size
%UUUU1E
%UUUU1E
%UUUU3
%UUUU3
5 passes)
5 passes)
1.2.3
1.2.3
DB00735E-CFFB-47E6-B060-BB0D74008B7A
DB00735E-CFFB-47E6-B060-BB0D74008B7A
94-401@163.com
94-401@163.com
Bv.SCv=kAv
Bv.SCv=kAv
odbccp32.dll
odbccp32.dll
wininet.dll
wininet.dll
yzmsb.dll
yzmsb.dll
ole32.dll
ole32.dll
user32.dll
user32.dll
OLEACC.DLL
OLEACC.DLL
Kernel32.dll
Kernel32.dll
SQLConfigDataSource
SQLConfigDataSource
HttpOpenRequestA
HttpOpenRequestA
HttpSendRequestA
HttpSendRequestA
HttpQueryInfoA
HttpQueryInfoA
MsgWaitForMultipleObjects
MsgWaitForMultipleObjects
{B6F7542F-B8FE-46a8-9605-98856A687097}
{B6F7542F-B8FE-46a8-9605-98856A687097}
42305932-06E6-47a5-AC79-8BDCDC58DF61
42305932-06E6-47a5-AC79-8BDCDC58DF61
WebBrowser
WebBrowser
%S4WD
%S4WD
hg%fpM
hg%fpM
S.Ac9SR
S.Ac9SR
0.I%3s
0.I%3s
,wAe.kI
,wAe.kI
aiUy'4xu
aiUy'4xu
%c*@j
%c*@j
.eH'y
.eH'y
{&%U)
{&%U)
lj%4U
lj%4U
xe%CNs
xe%CNs
9F.cLe
9F.cLe
hJK.ZH
hJK.ZH
O.qt0
O.qt0
KERNEL32.DLL
KERNEL32.DLL
COMCTL32.dll
COMCTL32.dll
GDI32.dll
GDI32.dll
MSIMG32.dll
MSIMG32.dll
MSVCRT.dll
MSVCRT.dll
MSVFW32.dll
MSVFW32.dll
USER32.dll
USER32.dll
SkinH_EL.dll
SkinH_EL.dll
\zjspfz.tqs
\zjspfz.tqs
?Microsoft Access Driver (*.mdb)
?Microsoft Access Driver (*.mdb)
xf.faxuan.net
xf.faxuan.net
hXXp://
hXXp://
hXXps://
hXXps://
id=userpassword
id=userpassword
hXXp://xf.faxuan.net/service/gc.html?timestamp=
hXXp://xf.faxuan.net/service/gc.html?timestamp=
function time(){return new Date().getTime()}
function time(){return new Date().getTime()}
Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)
Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)
http=
http=
https
https
HTTP/1.1
HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Type: application/x-www-form-urlencoded
HTTP/1.1
HTTP/1.1
hXXp://xf.faxuan.net
hXXp://xf.faxuan.net
000000000
000000000
122149519
122149519
VVV.t7soft.com
VVV.t7soft.com
P@&key=13
P@&key=13
hXXp://xf.faxuan.net/pss/service/getpoint?type=mypoint&userAccount=
hXXp://xf.faxuan.net/pss/service/getpoint?type=mypoint&userAccount=
hXXp://xf.faxuan.net/sss/service/getcourse?dateType=1&targetDomainCode=
hXXp://xf.faxuan.net/sss/service/getcourse?dateType=1&targetDomainCode=
hXXp://xf.faxuan.net/sps/courseware/t/courseware_1_t.html?courseId=
hXXp://xf.faxuan.net/sps/courseware/t/courseware_1_t.html?courseId=
hXXp://xf.faxuan.net/sps/exercises/t/exercies_1_t.html?courseId=
hXXp://xf.faxuan.net/sps/exercises/t/exercies_1_t.html?courseId=
&key=
&key=
hXXp://xf.faxuan.net/sps/service/getcoursestudy?courseId=
hXXp://xf.faxuan.net/sps/service/getcoursestudy?courseId=
(.*?)_(.*?)_(.*?)
(.*?)_(.*?)_(.*?)
hXXp://xf.faxuan.net/sps/exercises/t/exercies_3_t.html?id=
hXXp://xf.faxuan.net/sps/exercises/t/exercies_3_t.html?id=
hXXp://xf.faxuan.net/pss/service/postPoint?operateType=epoint&userAccount=
hXXp://xf.faxuan.net/pss/service/postPoint?operateType=epoint&userAccount=
hXXp://xf.faxuan.net/sss/service/getcourseware?courseId=
hXXp://xf.faxuan.net/sss/service/getcourseware?courseId=
hXXp://xf.faxuan.net/sps/courseware/t/courseware_4_t.html?id=
hXXp://xf.faxuan.net/sps/courseware/t/courseware_4_t.html?id=
hXXp://xf.faxuan.net/pss/service/postPoint?operateType=spoint&userAccount=
hXXp://xf.faxuan.net/pss/service/postPoint?operateType=spoint&userAccount=
hXXp://VVV.t7soft.com
hXXp://VVV.t7soft.com
YPG>5md[RI@7.hR/O,LkHhEe=]
YPG>5md[RI@7.hR/O,LkHhEe=]
>yÛ
>yÛ
1979717
1979717
shell32.dll
shell32.dll
sql.a6.dns-dns.net
sql.a6.dns-dns.net
hXXp://VVV.t7soft.com/zy4.asp
hXXp://VVV.t7soft.com/zy4.asp
hXXp://news.qq.com
hXXp://news.qq.com
{626FC520-A41E-11CF-A731-00A0C9082637}
{626FC520-A41E-11CF-A731-00A0C9082637}
{0002DF05-0000-0000-C000-000000000046}
{0002DF05-0000-0000-C000-000000000046}
{D30C1661-CDAF-11D0-8A3E-00C04FC9E26E}
{D30C1661-CDAF-11D0-8A3E-00C04FC9E26E}
{6D5140C1-7436-11CE-8034-00AA006009FA}
{6D5140C1-7436-11CE-8034-00AA006009FA}
{D30C1661-CDAF-11d0-8A3E-00C04FC9E26E}
{D30C1661-CDAF-11d0-8A3E-00C04FC9E26E}
document.all.resultjs.innerText=
document.all.resultjs.innerText=
var jie = document.createStyleSheet();jie.addRule('html','overflow:hidden;');
var jie = document.createStyleSheet();jie.addRule('html','overflow:hidden;');
VBScript.RegExp
VBScript.RegExp
@odbccp32.dll
@odbccp32.dll
'8%&(#&=1
'8%&(#&=1
Lx.mya
Lx.mya
Adobe Photoshop CS5 Windows
Adobe Photoshop CS5 Windows
2015:11:23 23:56:09
2015:11:23 23:56:09
urlTEXT
urlTEXT
MsgeTEXT
MsgeTEXT
#hXXp://ns.adobe.com/xap/1.0/
#hXXp://ns.adobe.com/xap/1.0/
" id="W5M0MpCehiHzreSzNTczkc9d"?>
" id="W5M0MpCehiHzreSzNTczkc9d"?>
IEC hXXp://VVV.iec.ch
IEC hXXp://VVV.iec.ch
.IEC 61966-2.1 Default RGB colour space - sRGB
.IEC 61966-2.1 Default RGB colour space - sRGB
CRT curv
CRT curv
wxg717@21cn.com
wxg717@21cn.com
1683596352
1683596352
1683596352
1683596352
F%*.*f
F%*.*f
CNotSupportedException
CNotSupportedException
commctrl_DragListMsg
commctrl_DragListMsg
Afx:%x:%x:%x:%x:%x
Afx:%x:%x:%x:%x:%x
Afx:%x:%x
Afx:%x:%x
COMCTL32.DLL
COMCTL32.DLL
CCmdTarget
CCmdTarget
MSH_SCROLL_LINES_MSG
MSH_SCROLL_LINES_MSG
MSWHEEL_ROLLMSG
MSWHEEL_ROLLMSG
__MSVCRT_HEAP_SELECT
__MSVCRT_HEAP_SELECT
RASAPI32.dll
RASAPI32.dll
iphlpapi.dll
iphlpapi.dll
SHLWAPI.dll
SHLWAPI.dll
MPR.dll
MPR.dll
WINMM.dll
WINMM.dll
WS2_32.dll
WS2_32.dll
VERSION.dll
VERSION.dll
GetProcessHeap
GetProcessHeap
WinExec
WinExec
GetCPInfo
GetCPInfo
GetWindowsDirectoryA
GetWindowsDirectoryA
KERNEL32.dll
KERNEL32.dll
GetKeyState
GetKeyState
SetWindowsHookExA
SetWindowsHookExA
UnhookWindowsHookEx
UnhookWindowsHookEx
EnumChildWindows
EnumChildWindows
GetKeyboardType
GetKeyboardType
RegisterHotKey
RegisterHotKey
UnregisterHotKey
UnregisterHotKey
GetViewportOrgEx
GetViewportOrgEx
WINSPOOL.DRV
WINSPOOL.DRV
RegCloseKey
RegCloseKey
RegOpenKeyExA
RegOpenKeyExA
RegCreateKeyExA
RegCreateKeyExA
ADVAPI32.dll
ADVAPI32.dll
ShellExecuteA
ShellExecuteA
SHELL32.dll
SHELL32.dll
OLEAUT32.dll
OLEAUT32.dll
oledlg.dll
oledlg.dll
WSOCK32.dll
WSOCK32.dll
InternetCrackUrlA
InternetCrackUrlA
InternetCanonicalizeUrlA
InternetCanonicalizeUrlA
WININET.dll
WININET.dll
CreateDialogIndirectParamA
CreateDialogIndirectParamA
SetViewportOrgEx
SetViewportOrgEx
OffsetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
SetViewportExtEx
ScaleViewportExtEx
ScaleViewportExtEx
GetViewportExtEx
GetViewportExtEx
comdlg32.dll
comdlg32.dll
.PAVCException@@
.PAVCException@@
.PAVCNotSupportedException@@
.PAVCNotSupportedException@@
.PAVCFileException@@
.PAVCFileException@@
(*.prn)|*.prn|
(*.prn)|*.prn|
(*.*)|*.*||
(*.*)|*.*||
Shell32.dll
Shell32.dll
Mpr.dll
Mpr.dll
Advapi32.dll
Advapi32.dll
User32.dll
User32.dll
Gdi32.dll
Gdi32.dll
(&07-034/)7 '
(&07-034/)7 '
?? / %d]
?? / %d]
%d / %d]
%d / %d]
: %d]
: %d]
(*.WAV;*.MID)|*.WAV;*.MID|WAV
(*.WAV;*.MID)|*.WAV;*.MID|WAV
(*.WAV)|*.WAV|MIDI
(*.WAV)|*.WAV|MIDI
(*.MID)|*.MID|
(*.MID)|*.MID|
(*.txt)|*.txt|
(*.txt)|*.txt|
(*.JPG;*.BMP;*.GIF;*.ICO;*.CUR)|*.JPG;*.BMP;*.GIF;*.ICO;*.CUR|JPG
(*.JPG;*.BMP;*.GIF;*.ICO;*.CUR)|*.JPG;*.BMP;*.GIF;*.ICO;*.CUR|JPG
(*.JPG)|*.JPG|BMP
(*.JPG)|*.JPG|BMP
(*.BMP)|*.BMP|GIF
(*.BMP)|*.BMP|GIF
(*.GIF)|*.GIF|
(*.GIF)|*.GIF|
(*.ICO)|*.ICO|
(*.ICO)|*.ICO|
(*.CUR)|*.CUR|
(*.CUR)|*.CUR|
%s:%d
%s:%d
windows
windows
out.prn
out.prn
%d.%d
%d.%d
%d / %d
%d / %d
%d/%d
%d/%d
Bogus message code %d
Bogus message code %d
(%d-%d):
(%d-%d):
%ld%c
%ld%c
%Y-%m-%d %H:%M:%S
%Y-%m-%d %H:%M:%S
FADODB.Connection
FADODB.Connection
DRIVER=SQL Server;SERVER=
DRIVER=SQL Server;SERVER=
;Jet OLEDB:Database Password=
;Jet OLEDB:Database Password=
Provider=Microsoft.Jet.OLEDB.4.0; Data Source=
Provider=Microsoft.Jet.OLEDB.4.0; Data Source=
Description: %s
Description: %s
State: %s, Native: %d, Source: %s
State: %s, Native: %d, Source: %s
FADODB.Recordset
FADODB.Recordset
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
HTTP/1.0
HTTP/1.0
%s
%s
Reply-To: %s
Reply-To: %s
From: %s
From: %s
To: %s
To: %s
Subject: %s
Subject: %s
Date: %s
Date: %s
Cc: %s
Cc: %s
%a, %d %b %Y %H:%M:%S
%a, %d %b %Y %H:%M:%S
SMTP
SMTP
%d%d%d
%d%d%d
rundll32.exe shell32.dll,
rundll32.exe shell32.dll,
.PAVCOleException@@
.PAVCOleException@@
.PAVCObject@@
.PAVCObject@@
.PAVCSimpleException@@
.PAVCSimpleException@@
.PAVCMemoryException@@
.PAVCMemoryException@@
.?AVCNotSupportedException@@
.?AVCNotSupportedException@@
.PAVCResourceException@@
.PAVCResourceException@@
.PAVCUserException@@
.PAVCUserException@@
.?AVCCmdTarget@@
.?AVCCmdTarget@@
.?AVCCmdUI@@
.?AVCCmdUI@@
.?AVCTestCmdUI@@
.?AVCTestCmdUI@@
.PAVCOleDispatchException@@
.PAVCOleDispatchException@@
.PAVCArchiveException@@
.PAVCArchiveException@@
zcÁ
zcÁ
right-curly-bracket
right-curly-bracket
left-curly-bracket
left-curly-bracket
c:\%original file name%.exe
c:\%original file name%.exe
*.yUW
*.yUW
deflate 1.2.3 Copyright 1995-2005 Jean-loup Gailly
deflate 1.2.3 Copyright 1995-2005 Jean-loup Gailly
inflate 1.2.3 Copyright 1995-2005 Mark Adler
inflate 1.2.3 Copyright 1995-2005 Mark Adler
#include "l.chs\afxres.rc" // Standard components
#include "l.chs\afxres.rc" // Standard components
Skin.dll
Skin.dll
1, 0, 6, 6
1, 0, 6, 6
2015-11-23-2347144232
2015-11-23-2347144232
(*.*)
(*.*)
%original file name%.exe_2928_rwx_10000000_0003E000:
`.rsrc
`.rsrc
L$(h%f
L$(h%f
SSh0j
SSh0j
msctls_hotkey32
msctls_hotkey32
TVCLHotKey
TVCLHotKey
THotKey
THotKey
\skinh.she
\skinh.she
}uo,x6l5k%x-l h
}uo,x6l5k%x-l h
9p%s m)t4`#b
9p%s m)t4`#b
e"m?c&y1`Ð
e"m?c&y1`Ð
SetViewportOrgEx
SetViewportOrgEx
SetViewportExtEx
SetViewportExtEx
SetWindowsHookExA
SetWindowsHookExA
UnhookWindowsHookEx
UnhookWindowsHookEx
EnumThreadWindows
EnumThreadWindows
EnumChildWindows
EnumChildWindows
`c%US.4/
`c%US.4/
!#$
!#$
.text
.text
`.rdata
`.rdata
@.data
@.data
.rsrc
.rsrc
@.UPX0
@.UPX0
`.UPX1
`.UPX1
`.reloc
`.reloc
hJK.ZH
hJK.ZH
O.qt0
O.qt0
KERNEL32.DLL
KERNEL32.DLL
COMCTL32.dll
COMCTL32.dll
GDI32.dll
GDI32.dll
MSIMG32.dll
MSIMG32.dll
MSVCRT.dll
MSVCRT.dll
MSVFW32.dll
MSVFW32.dll
USER32.dll
USER32.dll
SkinH_EL.dll
SkinH_EL.dll
Skin.dll
Skin.dll
1, 0, 6, 6
1, 0, 6, 6